ADVANCE COMPUTER NETWORK

Study The Basics

• Introduction to networks
• Protocols and The OSI model
• LANs and WANs
• Network Devices
• Introduction to the TCP/IP suite
• Routing
• Addressing
 Parts
• Designing Networks
Network Design
• Technologies
– Switching Design
– IPV4 routing Design
– Network Security Design
– Wireless LAN Design
– QOS Design
– Voice Transport Design
– Content Networking Design
– Network Management Design
– Other Enabling Technologies
 Contd.
• Designing Your Network
• Case Study Venti Systems
 UNIT I: Network Design
• Design Principles
• Determining Requirements
• Analyzing the Existing Network
• Preparing the Preliminary Design
• Completing the Final Design Development
• Deploying the Network
• Monitoring and Redesigning
• Maintaining
• Design Documentation
• Modular Network Design
• Hierarchical Network Design
• The Cisco Enterprise Composite Network Model.
 Network Design
• Design is planning to create something,
• When designing, architect needs to have
knowledge of existing structure and the
requirements for the addition, along with
skills and creativity
 Design
Cisco has developed the Plan-Design-Implement-Operate-Optimize
(PDIOO) network life cycle to describe the multiple phases through which
a network passes.
• Plan phase The detailed network requirements are identified, and the
existing network is reviewed.
• Design phase The network is designed according to the initial
requirements and additional data gathered during analysis of the existing
network. The design is refined with the client.
• Implement phase The network is built according to the approved design.
• Operate phase The network is operational and is being monitored. This
phase is the ultimate test of the design.
• Optimize phase During this phase, issues are detected and corrected,
either before problems arise or, if no problems are found, after a failure
has occurred. Redesign might be required if too many problems exist.
• Retirement phase Although not part of the PDIOO acronym, this phase is
necessary when part of the network is outdated or is no longer required.
 Task in network design
• Applications that are to run on the network
• Internet connections required
• Addressing restrictions, for example, the use of private Internet Protocol (IP)
version 4 (IPv4) addresses
• Support for IP version 6 (IPv6) addresses
• Other protocols that are to run on the network (for example, routing protocols)
• Cabling requirements
• Redundancy requirements
• Use of proprietary equipment and protocols
• Existing equipment that must be supported
• Network services required, including quality of service (QoS) and wireless
• How security is to be integrated into the network
• Network solutions required (for example, voice traffic, content networking, and
storage networking)
• Support for existing applications
 Determine Requirement
Budget Capital (for new equipment) and operating (for ongoing expenses).

• Schedule This could include the phasing out of older applications, hiring of new
personnel, and so forth.

• People Considerations include who will install and operate the network, what skills they
have, whether they require training, whether any of these tasks will be outsourced, and so
forth.

• Legal Issues include any restrictions on the use and storage of data collected, whether the
organization has contractual obligations or opportunities related to the network (for
example, long-term maintenance or lease contracts), and so forth.

• History Factors include examining the existing network's structure and determining whether
any person or group will block changes or additions.

• Policies Consider whether current organizational policies might restrict the network design.
 Preparing the Preliminary Design
• Consider network requirements and constraints
• Network owner is consulted, and together optimal
solution is chosen
• Two models can be used for network design:
-A top-down approach requirements are considered
first, with the applications and network solutions that
will run on the network.
- A bottom up approach : first devices, features, cabling
and so on are selected and then try to fit applications
to this network.
(Redesign and increased costs)
 Completing the final design
Development
producing detailed drawings, configuration specifications, costing,
addressing plans, and any other information required for
implementation.
• Physical
– Network diagram
– Network redundancy
– Physical connectivity to existing network
– Post-design hardware inventory documenting device location, type,
number of ports and type of ports

• Logical
– Addressing scheme(s)
– Supported Protocol(s)
– Routing protocol(s)
– Bridging group(s)
– Virtual Local Area Network (VLAN) architecture
 Deploying the network
• Include details of what has to be done and how it has
to be done
- Scheduling- when things will be done, who will do
them, what impact of deployment will have on existing
network.
- Contingency plans- plans for what happens if a
problem occur during implementation.
- Testing
- Training
- Contracts – outsourcing, internet connectivity,
maintenance, and so forth.
 Monitoring and Redesign
• After the network is operating, baseline
operational statistics should be gathered so
that the values for a working network are
known.
• If problem, anomalies occur or if a redesign is
done entire design process is repeated.
Maintaining design documentation
• Design Guide
- Security requirement
- Redundancy requirements and design
- Logical connectivity with in a LAN
environment
- Implementation of any required equipment
software advanced features
- Connectivity to the gateway
- Configuration to each device
 Modular Network design
• Modular Network design separates the network
into various functional network modules, each
targeting a specific place or purpose in network.
• A module is a component of a composite
structure.
• Modular network design involves creating
modules that can then be put together to meet
the requirements of the entire network.
• The module represent areas which have different
physical or logical connectivity.
 Benefits of modular network design

• It is easier to understand and design smaller, simpler modules

rather than an entire network.
• It is easier to troubleshoot smaller elements compared to the entire
network.
• The reuse of blocks saves design time and effort, as well as
implementation time and effort.
• The reuse of blocks allows the network to grow more easily,
providing network scalability.
• It is easier to change modules rather than the entire network,
providing flexibility of design.
• Failure that occur with in a module can be islolated from the
remainder of the network.
 Modular Design
• Two models that can be used for network design:
o The hierarchical model
o Cisco Enterprise Composite Network Model

• Hierarchical design can be a part of the modules

of the Cisco Enterprise Composite Network
model.
Modules in the Enterprise Architecture
Three tier Architecture
Hierarchical Network Design
The three functions that comprise the
hierarchical network design model are

Access layer: Provides user and

workgroup access to the resources of the
network.

Distribution layer: Implements the

organization's policies, and provides
connections between workgroups and
between the workgroups and the core.

Core layer: Provides high-speed

transport between distribution-layer
devices and to core resources.
 The Hierarchical Network Design Model as
Mapped to a Simple Network

Firewall Router

Workgroup Switch
 Hierarchical Network Design
Enterprise WAN
Core Layer
Backbone
Campus A Campus B

Campus C

Distribution Layer
Campus C Backbone

Access Layer

Building C-1 Building C-2

 Access Layer
• The access layer is where users access the
network. Users can be local or remote.

• Local users typically access the network through

connections to a hub or a switch.

• Remote users might access the network through

the Internet, using VPN connections.

• The access layer must also ensure that only

users who are authorized to access the
network are admitted
 Distribution Layer
• The distribution layer functions and characteristics include the following:

• Implementing policies by filtering, prioritizing and queuing traffic.

• Routing between the access and core layers. If different routing protocols
are implemented at these other two layers, the distribution layer is
responsible for redistributing (sharing) among the routing protocols, and
filtering if necessary.
• Performing route summarization: When routes are summarized, routers
have only summary routes in their routing tables, instead of unnecessary
detailed routes. This results in smaller routing tables, which reduces the
router memory required. Routing updates are also smaller and therefore
use less bandwidth on the network.
• Route summarization is only possible if the IP addressing scheme is
designed properly.
• Providing redundant connections, both to access devices and to core
devices.
• Aggregating multiple lower-speed access connections into higher-speed
core connections and converting between different media types (for
example, between Ethernet and Frame Relay connections), if necessary
 Core Layer
The core layer provides a high-speed backbone. Functions and attributes of
the core layer include the following:

• Providing high-speed, low-latency links and devices for quick transport of

data across the backbone.
• Providing a highly reliable and available backbone. This is accomplished by
implementing redundancy in both devices and links so that no single points
of failure exist.
• Adapting to network changes quickly by implementing a quick-converging
routing protocol.
• The routing protocol can also be configured to load balance over redundant
links so that the extra capacity can be used when no failures exist.
• Filtering is not performed at this layer, because it would slow processing.
Filtering is done at the distribution layer.
Limitations of the Hierarchical Model
• The hierarchical model is useful for smaller
networks, but it does not scale well to larger,
more complex networks.

• With only three layers, the model does not

allow the modularity required to efficiently
design networks with many devices and
features.
Cisco Enterprise Architecture
 The Cisco Enterprise Composite
Network Model
• Cisco has developed a SAFE blueprint, the principle
goal of which is to provide best practices information
on designing and implementing secure networks. The
SAFE architecture uses a modular approach.

• The Cisco Enterprise Composite Network Model is the

name given to the architecture used by the SAFE
blueprint. This model supports larger networks than
those designed with only the hierarchical model and
clarifies the functional boundaries within the network.
Functional Areas
 Functional Areas of the Enterprise
Composite Network Model
• Enterprise Campus : This area contains all the functions required for
independent operation within one campus location; it does not
provide remote connections. You can have multiple campuses.

• Enterprise Edge: This area contains all the functions required for
communication between the Enterprise Campus and remote
locations, including the Internet, remote employees, other
campuses, partners, and so forth.

• Service Provider Edge : This functional area is not implemented by

the organization; rather, it is included to represent WANs and
Internet connections provided by service providers.
Router with AP
Server With
Workgroup IPS
Switch PIX firewall

Multilayer
Switch
 Enterprise campus consist of
1. Management

2. Campus Infrastructure
i) Building Access
ii) Building Distribution
iii) Core

3. Server Farm

4. Edge Distribution
 Campus Infrastructure Module
• Building Access — Contains access switches and end-user devices
(including PCs and IP phones, Layer2 switches ). This group is responsible
for ensuring that only users who are authorized to access the network are
admitted.
• Building Distribution— Includes distribution multilayer switches(Layer3
switches and router) to provide access between workgroups and to the
Core. Routing is implemented in this sub-module.
• Filtering of routes: Router filtering is the process by which certain routes
are not considered for inclusion in the local route database.

• Summarizing of routes
• Building Distribution and Building access make a building module

• Core— Typically uses layer 3 switching. Also called the backbone, provides
a high-speed connection between buildings themselves, the Server Farm
and Edge Distribution modules. Redundancy is implemented.
 Contd.
• Edge Distribution— The interface between the Enterprise Campus
and the Enterprise Edge functional areas. This module concentrates
connectivity to and from all branches and teleworkers (delivers
secure voice and data services) accessing the campus via a WAN or
the Internet. Typically uses layer 3 switching.

• Server Farm— Represents the campus’s data center. It contains

Internal Email server, web server, corporate server etc.

• Management— Represents the network management functionality,

including monitoring, logging, security, and other management
features within an enterprise.
Authentication, Authorization and accounting features can be
implemented in this module.
IDS and IPS can be implemented.
 Enterprise Edge
1. E –commerce

2. Corporate Internet

3. VPN/ Remote Access

4. WAN
 Asynchronous Transfer Mode (ATM )
• ATM is a network switching technology that uses a cell based methodology to
quantize data. ATM data communication consists of fixed size cells of 53 bytes. An
ATM cell contains a 5 byte header and 48 bytes of ATM payload. This smaller size,
fixed-length cells are good for transmitting voice, image and video data as the delay
is minimized.
• ATM is a connection oriented protocol and therefore a virtual circuit should be
established between sending and receiving points. It establishes a fixed route
between two points when the data transfer starts.
• Another important aspect of ATM is its asynchronous operation in time division
multiplexing. Therefore cells are transmitted only when data is available to be sent
unlike in conventional time division multiplexing where synchronization bytes are
transferred if there data is not available to be sent.
• ATM is designed to be convenient for hardware implementation and therefore
processing and switching have become faster. Bit rates on ATM networks can go up
to 10 Gbps. ATM is a core protocol used over the SONET/SDH backbone of the ISDN.
• ATM provides a good quality of service in networks where different types of
information such as data, voice, and are supported. With ATM, each of these
information types can pass through a single network connection.
 Frame Relay
• Frame relay is a packet switching technology for connecting network
points in Wide Area Networks (WAN).
• It is a connection oriented data service and establishes a virtual circuit
between two end points.
• Data transfer is done in packets of data known as frames. These frames
are variable in packet size and more efficient due to flexible transfers.
• In frame relay, connections are called as ‘Ports’. All the points which
need to connect to the frame relay network needs to have a port. Every
port has a unique Address.
• A frame is made of two parts which can be called as ‘actual data’ and
the ‘frame relay header’..
• Frame relay can create multiple redundant connections among various
routers, without having multiple physical links. Since frame relay is not
specific for media, and provides means to buffer speed variations, it has
the possibility to create a good interconnect medium between different
types of network points with different speeds.
• Difference between ATM and Frame Relay
• Data link layer of OSI model defines the ways of encapsulating data for transmission between two
endpoints and the techniques of transferring the frames. Both Asynchronous Transfer Mode (ATM)
and Frame relay are data link layer technologies and they have connection oriented protocols. Each
technique has its own application dependent advantages and disadvantages.

• 1. Although both techniques are based on end to end delivery of quantized data, there are many
differences in terms of sizes of the data quanta, application network types, controlling techniques
etc.
• 2. Although ATM uses fixed size packets (53 bytes) for data communication, frame relay uses
variable packet sizes depending on the type of information to be sent. Both information blocks have
a header in addition to data block and transfer is connection oriented.
• 3. Frame Relay is used to connect Local Area Networks (LAN) and it is not implemented within a
single area network contrast to ATM where data transfers are within a single LAN.
• 4. ATM is designed to be convenient for hardware implementation and therefore, cost is higher
compared to frame relay, which is software controlled. Therefore frame relay is less expensive and
upgrading is easier.
• 5. Frame relay has a variable packet size. Therefore it gives low overhead within the packet which
results it an efficient method for transmitting data. Although fixed packet size in ATM, can be useful
for handling video and image traffic at high speeds, it leaves a lot of overhead within the packet,
particularly in short transactions.
 Enterprise Edge
• The E-commerce module includes the devices and services necessary for
an organization to support e-commerce applications, such as online
ordering. The devices in this module usually include web servers,
application servers, and security devices such as firewalls and IDS
appliances.
• The Corporate Internet module provides Internet access for the users and
passes VPN traffic from remote users to the VPN/Remote Access module.
Typical servers in this module include e-mail, File Transfer Protocol (FTP),
and Domain Name System (DNS) servers.
• The VPN/Remote Access module terminates VPN traffic and dial-in
connections from external users. Typical devices in this module include
dial-in access and VPN concentrators to terminate the remote user
connections, and firewalls and IDS appliances to provide security.
• The WAN module provides connectivity between remote sites and the
main site over various WAN technologies. This module does not include
the WAN connections; rather, it provides the interfaces to the WANs.
 Service Providers Edge
The three modules within the Service Provider Edge
functional area are as follows:
• Internet Service Provider (ISP) module represents
connection to internet. Redundant connections to
multiple ISP can be made to ensure service capability.
• Public Switched Telephone Network (PSTN) module
represents all dial up connectivity, analog phone,
cellular phone and ISDN connections.
• Frame Relay/ATM module all permanent connections
to the remote locations, including frame relay, ATM,
leased lines and cable, DSL, and wireless connections.
 ECM advantage
ECM divides functional areas of the LAN into
modules. This allows for easier implementation
of other network functions, such as security on a
module-by-module basis, rather then attempting
to do so all at once on the entire network.
ECM provide several advantages:
1. Dividing functional areas into modules and
connecting them together over a high speed
backbone.
2. The ECM allows network scalability.
3. Adding one or more functions more easily.
 UNIT II
• Technologies –
Switching Design: Switching Types - Layer 2 and 3 Switching
Spanning Tree Protocol
Redundancy in Layer 2 Switched Networks
STP Terminology and Operation
Virtual LANs – Trunks –
Inter-VLAN Routing
Multilayer Switching
Cisco Express Forwarding –
Switching Security - Switching Design Considerations
• IPv4 Routing Design:
IPv4 Address Design - Private and Public Addresses –
NAT - Subnet Masks - Hierarchical IP Address Design –
IPv4 Routing Protocols – Classification - Metrics - Routing Protocol
Comparison - IPv4 Routing Protocol Selection.
 Switching Design
• Switches Concept
• Ethernet switches are extremely fast bridges
with many port.
Switch basics
 Hub Switch
layer Physical layer Data link Layer
Data Transmission Electrical Signals or bits Frame Layer2 and Packets Layer3
form
Ports 4/12 ports Multiport Bridge(24/48 Port)
Transmission Type Frame flooding: may be First Broadcast: then unicast and
multicast, unicast or multicast as needed
broadcast
Device Type Without Software With Software and Networking
Device
Table No Table Content Accessible Memory which is
accessed by Application Specific
Integrated chips
Speed 10 Mbps 10/100 Mbps, 1Gbps

collisions Collision occur No Collision occurs in a full duplex

switch
Spanning Tree No Many Spanning Trees
Manufacturers Sun System, Oracle and Cisco and Juniper
Cisco
Bridge
 Router Switch

Layer Network Layer (Layer 3 devices) Data Link Layer. Network switches operate at Layer 2 of the
OSI model.

Frame (L2 Switch) Frame & Packet (L3 switch

Data Transmission form Packet

Used in (LAN, MAN, LAN, WAN LAN

WAN)

Device Type Networking device Active Device (With Software) & Networking device

Table Store IP address in Routing table Switches use content accessible memory CAM table which is
and maintain address at its own typically accessed by ASIC (Application Specific integrated
chips).
Transmission mode Full duplex Half/Full duplex

Broadcast Domain In Router, every port has its own Switch has one broadcast domain [unless VLAN implemented]
Broadcast domain.
Used for Connecting two or more Connecting two or more nodes in the same network or
networks different network

Address used for data Uses IP address Uses MAC address

transmission
Faster In a different network In a LAN environment, an L3 switch is faster than a router
environment (MAN/ WAN), a (built in switching hardware)
router is faster than an L3
switch
NAT Routers can perform NAT Switches cannot perform NAT
 Switching Fundamentals
• Switches can enhance the performance, flexibility and
functionality of the network.
• Collision Domain:
A segment on the network where Ethernet frame can
collide one another
• Broadcast Domain:
A segment of the network where broadcast can reach
all nodes.
Generally the same layer 3 network.
A switch maintains one large broadcast domain but
splits the collision domain (One collision per port)
 Multicast and Broadcast traffic
Broadcast traffic includes:
IP, ARP, and routing protocol traffic such as RIP
v1.
Multicast traffic includes:
packet from advance routing protocol such as
OSPF and applications such as e-learning and
videoconferencing.
 Switching Types
• Switches process data faster then the routers,
because switching functionality is implemented in
Hardware (ASIC), Application Specific Integrated
circuit rather than in software.
• The heart of layer 2 switch is its MAC address
table, also known as content addressable
memory. This table contains a list of MAC
addresses that are reachable through each switch
port.
Switches
Switches are also known as learning
bridges or learning switches.

A switch has a source address table in

cache (RAM) where it stores source MAC
addresses after it learns about them.

A switch receives an Ethernet frame and

searches the source address table for the
Destination MAC address.

If it finds a match, it filters the frame by

only sending it out that port.

If there is not a match if floods it out all

ports.
 Switch Forwarding modes
• Cut Through
• Store and Forward
• Fragment free
Store and Forward switching mode
• Store-and-Forward switching
will wait until the entire
frame has arrived prior to
forwarding it. This method
stores the entire frame in
memory. Once the frame is in
memory, the switch checks
the destination address,
source address, and the CRC.
If no errors are present, the
frame is forwarded to the
appropriate port. This
process ensures that the
destination network is not
affected by corrupted or
truncated frames.
 Cut-through switching mode
• Cut through switching mode is enabled by
default.
• Switches operating in cut-through switching mode
start forwarding the frame as soon as the switch
has read the destination details in the packet
header.
• A switch in cut-through mode forwards the data
before it has completed receiving the entire frame.
The switching speed in cut-through mode is faster
than the switching speed in store-and-forward
switching mode.
 Cut-through Fast Forward
• Cut-through – The frame is forwarded through the switch
before the entire frame is received.
– This mode decreases the latency of the transmission, but also reduces
error detection.
Cut-through
• Fast-forward – Offers the lowest level of latency.
– Fast-forward switching immediately forwards a packet after reading
the destination address.
– There may be times when packets are relayed with errors.
– Although this occurs infrequently and the destination network adapter
will discard the faulty packet upon receipt.
 Fragment Free
Cut-through
• Fragment-free – Fragment-free switching filters out collision fragments
before forwarding begins.
– In a properly functioning network, collision fragments must be smaller
than 64 bytes.
– Anything greater than 64 bytes is a valid packet and is usually received
without error.
– Fragment-free switching waits until the packet is determined not to be
a collision fragment before forwarding
Switching Mode Explained
 Switching Loop

• When there is more than

Switch A Switch B one path between two
switches

• What are the potential

problems?
Switch C
 Switching Loop
• If there is more than one path between two
switches:
– Forwarding tables become unstable
• Source MAC addresses are repeatedly seen coming
from different ports
– Switches will broadcast each other’s broadcasts
• All available bandwidth is utilized
• Switch processors cannot handle the load
 Switching Loop

Switch A Switch B

• Node1 sends a broadcast

frame (e.g. an ARP request)
Switch C

Node 1
 Switching Loop

• Switches A, B and C
Switch A Switch B broadcast node 1’s frame
out every port

Switch C

Node 1
 Switching Loop

• But they receive

each other’s
Switch A Switch B broadcasts, which
they need to forward
again out every port!

•The broadcasts are

Switch C amplified, creating a
broadcast storm

Node 1
 Good Switching Loops
• But you can take advantage of loops!
– Redundant paths improve resilience when:
• A switch fails
• Wiring breaks
• How to achieve redundancy without creating
dangerous traffic loops?
 What is a Spanning Tree
• “Given a connected,
undirected graph, a
spanning tree of that graph
is a subgraph which is a tree
and connects all the
vertices together”.
• A single graph can have
many different spanning
trees.
 Bridge protocol data unit (BPDU)
• Bridge protocol data unit (BPDU) is a data
message transmitted across a local area network
to detect loops in network topologies.
• A BPDU contains information regarding ports,
switches, port priority and addresses
BPDUs contain the information necessary to
configure and maintain spanning tree topology.
The information is used by switches to calculate
their own BPDUs for information passing.
 Bridge Protocol Data Units
• When devices are initially attached to switch ports, they do not
start data transmission immediately. Instead, they moves through
different states while BPDU processing determines the network
topology.

• A topology change notification (TCN) BPDU informs other switches

of port changes. They are injected into the network by a non-root
switch and propagated to the root. When a TCN is received, the
root switch will set a topology change flag in its normal BPDU. This
flag is propagated to all other switches to instruct them to rapidly
age out their forwarding table entry switches.

• When a root receives the TCN BPDU, it transmits a configuration

BPDU message on all the ports with topology change flag set to 1.
Switches that receive this BPDU on the root port filter the database
and generate their own configuration BPDUs on designated ports.
This propagates down the tree to the end of the path.
 Spanning Tree Protocol
• The purpose of the protocol is to have bridges
dynamically discover a subset of the topology
that is loop-free (a tree) and yet has just enough
connectivity so that where physically possible,
there is a path between every switch
 Spanning Tree Protocol
• Several flavors:
– Traditional Spanning Tree (802.1d)
– Rapid Spanning Tree or RSTP (802.1w)
– Multiple Spanning Tree or MSTP (802.1s)
 Traditional Spanning Tree (802.1d)
• Switches exchange messages that allow them
to compute the Spanning Tree
– These messages are called BPDUs (Bridge Protocol
Data Units)
– Two types of BPDUs:
• Configuration
• Topology Change Notification (TCN)
 Traditional Spanning Tree (802.1d)
• First Step:
– Decide on a point of reference: the Root Bridge
– The election process is based on the Bridge ID,
which is composed of:
• The Bridge Priority: A two-byte value that is
configurable
• The MAC address: A unique, hardcoded address that
cannot be changed. 6 octet
 Root Bridge Selection (802.1d)
• Each switch starts by sending out BPDUs with a Root
Bridge ID equal to its own Bridge ID
– I am the root!
• Received BPDUs are analyzed to see if a lower Root
Bridge ID is being announced
– If so, each switch replaces the value of the advertised Root
Bridge ID with this new lower ID
• Eventually, they all agree on who the Root Bridge is
• A BPDU contains information regarding ports,
switches, port priority and addresses.
 Root Bridge Selection (802.1d)
32678.0000000000AA

Switch A

Switch B Switch C

32678.0000000000BB 32678.0000000000CC

• All switches have the same priority.

• Who is the elected root bridge?

 Root Port Selection (802.1d)
• Now each switch needs to figure out where it
is in relation to the Root Bridge
– Each switch needs to determine its Root Port
– The key is to find the port with the lowest Root
Path Cost
• The cumulative cost of all the links leading to the Root
Bridge
 Root Port Selection (802.1d)
• Each link on a switch has a Path Cost
– Inversely proportional to the link speed
• e.g. The faster the link, the lower the cost

Link Speed STP Cost

10 Mbps 100
100 Mbps 19
1 Gbps 4
10 Gbps 2
 Root Port Selection (802.1d)
• Root Path Cost is the accumulation of a link’s
Path Cost and the Path Costs learned from
neighboring Switches.
– It answers the question: How much does it cost to
reach the Root Bridge through this port?
 Root Port Selection (802.1d)
1. Root Bridge sends out BPDUs with a Root
Path Cost value of 0
2. Neighbor receives BPDU and adds port’s Path
Cost to Root Path Cost received
3. Neighbor sends out BPDUs with new
cumulative value as Root Path Cost
4. Other neighbor’s down the line keep adding
in the same fashion
 Root Port Selection (802.1d)
• On each switch, the port where the lowest
Root Path Cost was received becomes the
Root Port
– This is the port with the best path to the Root
Bridge
 Root Port Selection (802.1d)
32678.0000000000AA

1 Switch A 2

Cost=19 Cost=19

1 1

Switch B Switch C
2 2
32678.0000000000BB Cost=19 32678.0000000000CC

• What is the Path Cost on each Port?

• What is the Root Port on each switch?

 Root Port Selection (802.1d)
32678.0000000000AA

1 Swtich A 2

Cost=19 Cost=19

Root Port 1 Root Port

1
Switch B Switch C
2 2
32678.0000000000BB Cost=19 32678.0000000000CC
 Electing Designated Ports (802.1d)
• OK, we now have selected root ports but we haven’t
solved the loop problem yet, have we
– The links are still active!
• Each network segment needs to have only one
switch forwarding traffic to and from that
segment
• Switches then need to identify one Designated Port
per link
– The one with the lowest cumulative Root Path Cost to the
Root Bridge
 Electing Designated Ports(802.1d)
32678.0000000000AA

1 Switch A 2

Cost=19 Cost=19

1 1

Switch B Switch C
2 2
32678.0000000000BB Cost=19 32678.0000000000CC

• Which port should be the Designated Port on

each segment?
 Electing Designated Ports (802.1d)
• Two or more ports in a segment having identical Root
Path Costs is possible, which results in a tie condition
• All STP decisions are based on the following
sequence of conditions:
– Lowest Root Bridge ID
– Lowest Root Path Cost to Root Bridge
– Lowest Sender Bridge ID
– Lowest Sender Port ID
Electing Designated Ports(802.1d)
Designated 32678.0000000000AA Designated
Port 1 Switch A 2 Port

Cost=19 Cost=19

1 1

Switch B Switch C
2 2
32678.0000000000BB Cost=19 32678.0000000000CC

Designated
Port
In the B-C link, Switch B has the lowest Bridge
ID, so port 2 in Switch B is the Designated Port
 Blocking a port
• Any port that is not elected as either a Root
Port, nor a Designated Port is put into the
Blocking State.
• This step effectively breaks the loop and
completes the Spanning Tree.
 Designated Ports on each segment (802.1d)
32678.0000000000AA

1 Switch A 2
Cost=19 Cost=19

1 1

Switch B
2 2
 Switch C

32678.0000000000BB Cost=19 32678.0000000000CC

• Port 2 in Switch C is then put into the Blocking State because it is neither
a Root Port nor a Designated Port
 Spanning Tree Protocol States
• Disabled
– Port is shut down
• Blocking
– Not forwarding frames
– Receiving BPDUs
• Listening
– Not forwarding frames
– Sending and receiving BPDUs
 Spanning Tree Protocol States
• Learning
– Not forwarding frames
– Sending and receiving BPDUs
– Learning new MAC addresses
• Forwarding
– Forwarding frames
– Sending and receiving BPDUs
– Learning new MAC addresses
 STP Topology Changes
• Switches will recalculate if:
– A new switch is introduced
• It could be the new Root Bridge!
– A switch fails
– A link fails
 Root Bridge Placement
• Using default STP parameters might result in
an undesired situation
– Traffic will flow in non-optimal ways
– An unstable or slow switch might become the root
• You need to plan your assignment of bridge
priorities carefully
 Bad Root Bridge Placement
Out to router

32678.0000000000DD Switch D Switch B 32678.0000000000BB

Root
Bridge

32678.0000000000CC Switch C Switch A 32678.0000000000AA

 Good Root Bridge Placement
Alernative Out to standby Out to active
Root Bridge
Root Bridge router router

1.0000000000DD Switch D Switch B 0.0000000000BB

32678.0000000000CC Switch C Switch A 32678.0000000000AA

 STP Design Guidelines
• Enable spanning tree even if you don’t have
redundant paths
• Always plan and set bridge priorities
– Make the root choice deterministic
– Include an alternative root bridge
• If possible, do not accept BPDUs on end user
ports
– Apply BPDU Guard or similar where available
 8021.d Convergence Speeds
• Moving from the Blocking state to the Forwarding State takes
at least 2 x Forward Delay time units (~ 30 secs.)
– This can be annoying when connecting end user stations
• Some vendors have added enhancements such as PortFast,
which will reduce this time to a minimum for edge ports
– Never use PortFast or similar in switch-to-switch links
• Topology changes tipically take 30 seconds too
– This can be unacceptable in a production network
 Rapid Spanning Tree (802.1w)
• Convergence is much faster
– Communication between switches is more
interactive
• Edge ports don’t participate
– Edge ports transition to forwarding state
immediately
– If BPDUs are received on an edge port, it becomes
a non-edge port to prevent loops
 Rapid Spanning Tree (802.1w)
• Defines these port roles:
– Root Port (same as with 802.1d)
– Alternate Port
• A port with an alternate path to the root
– Designated Port (same as with 802.1d)
– Backup Port
• A backup/redundant path to a segment where another
bridge port already connects.
 Rapid Spanning Tree (802.1w)
• Synchronization process uses a handshake
method
– After a root is elected, the topology is built in
cascade, where each switch proposes to be the
designated bridge for each point-to-point link
– While this happens, all the downstream switch
links are blocking
Rapid Spanning Tree (802.1w)

DP Root
Proposal

RP
Agreement
Switch Switch

Switch Switch
Rapid Spanning Tree (802.1w)

DP Root DP Proposal

RP Agreement
RP
Switch Switch

Switch Switch
 Rapid Spanning Tree (802.1w)

DP Root DP

RP RP
Switch Switch
DP
Proposal Agreement

RP
Switch Switch
Rapid Spanning Tree (802.1w)

DP Root DP

RP RP
Switch Switch
DP DP
Proposal Agreement

RP RP
Switch Switch
 Rapid Spanning Tree (802.1w)
• Prefer RSTP over STP if you want faster
convergence
• Always define which ports are edge ports
 Multiple Spanning Tree (802.1s)
• Allows separate spanning trees per VLAN
group
– Different topologies allow for load balancing
between links
– Each group of VLANs are assigned to an “instance”
of MST
• Compatible with STP and RSTP
 Multiple Spanning Tree (802.1s)

Root VLAN A Root VLAN B




Vlan A Vlan B
 Multiple Spanning Tree (802.1s)
• MST Region
– Switches are members of a region if they have the
same set of attributes:
• MST configuration name
• MST configuration revision
• Instance-to-VLAN mapping
– A digest of these attributes is sent inside the
BPDUs for fast comparison by the switches
– One region is usually sufficient
 Multiple Spanning Tree (802.1s)
• CST = Common Spanning Tree
– In order to interoperate with other versions of
Spanning Tree, MST needs a common tree that
contains all the other islands, including other MST
regions
 Multiple Spanning Tree (802.1s)
• IST = Internal Spanning Tree
– Internal to the Region, that is
– Presents the entire region as a single virtual bridge
to the CST outside
 Multiple Spanning Tree (802.1s)
• MST Instances
– Groups of VLANs are mapped to particular
Spanning Tree instances
– These instances will represent the alternative
topologies, or forwarding paths
– You specify a root and alternate root for each
instance
Multiple Spanning Tree (802.1s)

MST Region CST

MST Region

IST

IST

802.1D switch
 Multiple Spanning Tree (802.1s)
• Design Guidelines
– Determine relevant forwarding paths, and
distribute your VLANs equally into instances
matching these topologies
– Assign different root and alternate root switches
to each instance
– Make sure all switches match region attributes
– Do not assign VLANs to instance 0, as this is used
by the IST
 Virtual LAN
• Trunks
• Inter-VLAN Routing
• Multilayer Switching
• Cisco Express Forwarding
• Switching Security
• Switching Design Considerations
 What Is a VLAN?
• A virtual local area network (VLAN) is a logical grouping
of ports which is independent of location. A single
VLAN (and the nodes connected in a single VLAN) will
behave in the same way as if it was a separate Layer 3
network.
• VLAN membership need not be limited to sequential
ports or even ports on the same switch. a very
common deployment in which nodes are connected to
a switch and the switch is connected to a router.
Looking at the left side, the automatic assumption
would be that all of the nodes are on the same IP
network since they all connect to the same router
interface.
 Unit II- IPv4 Routing Design
IPv4 Address Design - Private and Public
Addresses – NAT - Subnet Masks -
Hierarchical IP Address Design –

IPv4 Routing Protocols – Classification -

Metrics - Routing Protocol Comparison - IPv4
Routing Protocol Selection
 UNIT III
• Network Security Design:
 Hacking – Vulnerabilities –
 Design Issues
 Human Issues
 Implementation Issues
• Threats
 Reconnaissance Attacks
 Access Attacks
 Information Disclosure Attacks
 Denial of Service Attacks
• Threat Defense
 Secure Communication
 Network Security Best Practices
• SAFE Campus Design.
 UNIT IV
• Wireless LAN Design:
• Wireless Technology Overview - Wireless
Standards – Wireless Components - Wireless
Security - Wireless Security Issues - Wireless
Threat Mitigation – Wireless Management -
Wireless Design Considerations - Site Survey -
WLAN Roaming - Wireless IP Phone
• Quality of Service Design - QoS Models – IntServ -
DiffServ154 - QoS Tools – Policing and Shaping -
Congestion Avoidance - Congestion Management
- Link- Specific Tools1 – QoS Design Guidelines.
 UNIT V
• Network Management Design:
• ISO Network Management Standard -
Protocols and Tools – SNMP – MIB – RMON -
Cisco NetFlow – Syslog – CiscoWorks -
Network Management Strategy - SLCs and
SLAs - IP Service-Level Agreements
• Content Networking Design
• Case Study – Venti Systems.
• Diane Tiare and Catherine Paquet, “Campus
Network Design Fundamentals”, Pearson
Education, 2006.
• REFERENCE Craig Zacker, “The Complete
Reference: Upgrading and Troubleshooting
Networks”, Tata McGraw-Hill, 2000.