2. Lecture Notes - 1 2
What is a Network?
Network Characteristics
Generations of Networking
What is “Network Design”?
Network Development Life Cycle (NDLC)
Top-Down Network Design
PDIOO Network Life Cycle
AndThenWhat?
4. Lecture Notes - 1 4
A network is a UTILITY
▪ Computers and their users are customers of the network utility
▪ Utilities don’t bring money into the organization, it’s EXPENSES
The network must accommodate the needs of customers
▪ As computer usage increases so does the requirements of the
network utility
Resources will be used to manage the network
The Network Utility is NOT free!
5. Lecture Notes - 1 5
Try to show a direct correlation between the network design
project and the company’s business
▪ “Because you want a faster network” is not good enough, the
question that management sends back is WHY DO I NEED A
FASTER ONE?
What you should say to the manager?
As a network designer, you need to explain to management
how the network design, even with the high expense, can
save money or improve the company’s business
▪ If users cannot log on to your commerce site, they will try your
competitor, and you have lost sales
▪ If you cannot get the information your customers are asking
about due to a network that is down, they may go to your
competitor
6. Lecture Notes - 1 6
A “Network” really can be thought of
as three parts and they all need to be
considered when working on a
network design project:
▪ Connections
▪ Communications/Protocols
▪ Services
Connections
▪ Provided by Hardware that ties things together
▪ Wire/Fiber/Wireless Transport Mechanisms
▪ Routers
▪ Switches/Hubs
▪ Computers
Communications/Protocols
▪ Provided by Software
▪ A common language for 2 systems to
communicate with each other
▪ TCP/IP (Internet/Windows NT)
▪ IPX / SPX (Novell Netware 4)
▪ AppleTalk
▪ Other Network OS
Services
▪ The Heart of Networking
▪ Cooperation between 2 or more systems to
perform some function - Applications
▪ telnet
▪ FTP
▪ HTTP
▪ SMTP
7.
8. Lecture Notes - 1 8
Based on a set of general rules
▪ Is the network down or up?
▪ “Bridge when you can, route when you must”
▪ Can’t deal with scalability & complexity?
9. Lecture Notes - 1 9
Applications Message
Length
Message
arrival rate
Delay need Reliability
need
Interactive
terminals
Short Low Moderate Very high
File transfer Very long Very low Very low Very high
Hi-resolution
graphics
Very long Low to
moderate
High Low
Packetized
voice
Very short Very high High Low
10. Lecture Notes - 1 10
Word Processing
File Transfers
Real-Time Imaging
100s Kbps Few Mbps
Few Mbps 10s Mbps
10s Mbps 100s Mbps
Transaction Processing
100 Bytes Few Kbps
11. Lecture Notes - 1 11
Video standard Bandwidth per
user
WAN services
Digital video
interactive
1.2 Mbps DS1 lines ISDN
H11, Frame
Relay, ATM
Motion JPEG 10 to 240 Mbps ATM 155 or 622
Mbps
MPEG-1 1.5 Mbps DS1 lines ISDN
H11, Frame
Relay, ATM
MPEG-2 4~6 Mbps DS2, DS3, ATM
at DS3 rate
16. Lecture Notes - 1 16
Response Time Cost
Business Growth
Reliability
17. Lecture Notes - 1 17
WAN
Campus
Traffic
Patterns
Dial in Users
Security
WWW
Access
Users
Network
Management
Addressing
18. A complete process that matches
business needs to available technology to
deliver a system that will maximize an
organization’s success
▪ In the LAN area it is more than just buying a few
devices
▪ In theWAN area it is more than just calling the
phone company
19.
20.
21.
22. A focus is placed on understanding data flow, data types,
and processes that access or change the data.
A logical model is developed before the physical model.
▪ The logical model represents the basic building blocks, divided by
function, and the structure of the system.
▪ The physical model represents devices and specific technologies and
implementations.
26. Analyze business and technical goals
first
Explore divisional and group structures
to find out who the network serves and
where they reside
Determine what (& how) applications
will run on the network and how those
applications behave on a network
Focus on above layer to down
28. Phase 1 – Analyze Requirements
▪ Analyze business goals and constraints
▪ Analyze technical goals and tradeoffs
▪ Characterize the existing network
▪ Characterize the existing and future possible
network traffic
29. Phase 2 – Logical Network Design
▪ Design a network topology
▪ Design models for addressing and naming
▪ Select switching and routing protocols
▪ Develop network security strategies
▪ Develop network management strategies
30. The logical network Diagram will be used to represent how
your network connections are using the layer of the OSI,
and will help to understand your IP addressing.
31.
32.
33. Phase 3 – Physical Network Design
▪ Select technologies and devices for campus
networks
▪ Select technologies and devices for enterprise
networks
34. The physical network Diagram is created by the
administrator to represent the physical layout of the
network.Vital documentation needed to capture a wide
variety of information in your network.
35.
36.
37. Phase 4 –Testing, Optimizing, and
Documenting the Network Design
▪ Test the network design
▪ Optimize the network design
▪ Document the network design
38. Lecture Notes - 1 38
What is a Network?
Network Characteristics
Generations of Networking
What is “Network Design”?
Network Development Life Cycle (NDLC)
Top-Down Network Design
PDIOO Network Life Cycle
AndThenWhat?
39. Lecture Notes - 1 39
Plan:
▪ Network requirements are identified in this phase
▪ Analysis of areas where the network will be installed
▪ Identification of users who will require network services
Design:
▪ Accomplish the logical and physical design, according to
requirements gathered during the Plan phase
Implement:
▪ Network is built according to the Design specifications
▪ Implementation also serves to verify the design
40. Lecture Notes - 1 40
Operate:
▪ Operation is the final test of the effectiveness of the design
▪ The network is monitored during this phase for performance
problems and any faults, to provide input into the Optimize phase
Optimize:
▪ Based on proactive network management which identifies and
resolves problems before network disruptions arise
▪ The optimize phase may lead to a network redesign
▪ if too many problems arise due to design errors, or
▪ as network performance degrades over time as actual use and
capabilities diverge
▪ Redesign may also be required when requirements change
significantly
41. Lecture Notes - 1 41
Retire:
▪ When the network, or a part of the network, is out-of-date, it may
be taken out of production
▪ Although Retire is not incorporated into the name of the life cycle
(PDIOO), it is nonetheless an important phase
42.
43.
44. Understanding Goals
Understanding Priorities
UnderstandingConstraints
Information Gathering
MeetingCustomer
Define the Scope
Gather more Detail Information
StatingApplication to be developed
45.
46. Increase revenue
Reduce operating costs
Improve communications
Shorten product development cycle
Expand into worldwide markets
Build partnerships with other companies
Offer better customer support or new
customer services
47.
48. Mobility
Security
Resiliency (fault tolerance)
Business continuity after a disaster
Network projects must be prioritized
based on fiscal goals
Networks must offer the low delay
required for real-time applications such as
VoIP
49. UnderstandingGoals
Understanding Priorities
Understanding Constraints
Information Gathering
MeetingCustomer
Define the Scope
Gather more Detail Information
StatingApplication to be developed
52. Before meeting with the client, whether
internal or external, collect some basic
business-related information
Such as
▪ Products produced/Services supplied
▪ Financial viability
▪ Customers, suppliers, competitors
▪ Competitive advantage
53.
54. Try to get
▪ A concise statement of the goals of the
project
▪ What problem are they trying to solve?
▪ How will new technology help them be
more successful in their business?
▪ What must happen for the project to
succeed?
55. What will happen if the project is a failure?
▪ Is this a critical business function?
▪ Is this project visible to upper management?
▪ Who’s on your side?
56. Discover any biases
▪ For example
▪ Will they only use certain company’s
products?
▪ Do they avoid certain technologies?
▪ Do the data people look down on the
voice people or vice versa?
▪ Talk to the technical and
management staff
57. ▪ Get a copy of the organization chart
▪ This will show the general structure of the organization
▪ It will suggest users to account for
▪ It will suggest geographical locations to account for
58. ▪ Get a copy of the security policy
▪ How does the policy affect the new design?
▪ How does the new design affect the policy?
▪ Is the policy so strict that you (the network designer)
won’t be able to do your job?
▪ Start cataloging network assets that security
should protect
▪ Hardware, software, applications, and data
▪ Less obvious, but still important, intellectual
property, trade secrets, and a company's reputation
59.
60. Small in scope?
▪ Allow sales people to access network via aVPN
Large in scope?
▪ An entire redesign of an enterprise network
Use the OSI model to clarify the scope
▪ New financial reporting application versus new routing
protocol versus new data link (wireless, for example)
Does the scope fit the budget, capabilities of staff
and consultants, schedule?
61.
62. Applications
▪ Now and after the project is completed
▪ Include both productivity applications and system
management applications
User communities
Data stores
Protocols
Current logical and physical architecture
Current performance
67. Scalability refers to the ability to grow
Try to review on…
▪ Number of sites to be added
▪ What will be needed at each of these sites
▪ How many users will be added
▪ How many more servers will be added
68. Availability can be expressed as a percent
uptime per year, month, week, day, or
hour, compared to the total time in that
period
▪ For example:
▪ 24/7 operation
▪ Network is up for 165 hours in the 168-hour week
▪ Availability is 98.21%
Some enterprises may want 99.999% or
“Five Nines” availability
69. Common performance factors include
▪ Bandwidth
▪ Throughput
▪ Offered load
▪ Accuracy
▪ Efficiency
▪ Delay (latency) and delay variation
▪ Response time
77. Efficiency – (Overhead minimization)
▪ How much overhead is required to deliver an
amount of data?
▪ How large can packets be?
▪ Larger better for efficiency (and goodput)
▪ But too large means too much data is lost if a packet
is damaged
▪ How many packets can be sent in one bunch without
an acknowledgment?
79. ResponseTime
▪ Time user get
feedback from the
time user request
something
▪ Most users expect
to see something
on the screen in 100
to 200 milliseconds
80. Propagation delay → [inside the cable →]
▪ A signal travels in a cable at about 2/3 the
speed of light in a vacuum
Transmission delay (also known as
serialization delay) → [from pc to cable →]
▪ Time to put digital data onto a transmission
line
▪ For example, it takes about 5 ms to output a 1,024
byte packet on a 1.544 MbpsT1 line
Packet-switching delay
Queuing delay
81. Focus on requirements first
Detailed security planning later (Chapter 8)
Identify network assets
▪ All network assets must be secured
Analyze security risks
83. Problem of the network:
▪ Data can be intercepted, analyzed, altered, or
deleted
▪ User passwords can be compromised
▪ Device configurations can be changed
85. Usability: the ease of use with which network
users can access the network and services
Networks should make users’ jobs easier
Some design decisions will have a negative
affect on usability:
▪ Strict security, for example
86. Avoid incorporating any design elements
that would make it hard to implement
new technologies in the future
Make it easy to upgrade!
87. A network should carry the maximum
amount of traffic possible for a given
financial cost
88.
89.
90. Characterize the existing internetwork in
terms of:
▪ Its infrastructure
▪ Logical structure (application, modularity, hierarchy,
topology)
▪ Physical structure
▪ Addressing and naming
▪ Wiring and media
▪ Architectural and environmental constraints
▪ Health
91. 1. Get a network map
2. Characterize addressing and naming
3. Manage subnet
4. Characterize wiring and media
5. Finding the architectural constraint
6. Finding the wireless issues
7. Checking network health
92. Gigabit
Ethernet
Eugene
Ethernet
20 users
Web/FTP server
Grants Pass
HQ
16 Mbps
Token Ring
FEP
(Front End
Processor)
IBM
Mainframe
T1
Medford
Fast Ethernet
50 users
Roseburg
Fast Ethernet
30 users
Frame Relay
CIR = 56 Kbps
DLCI = 5
Frame Relay
CIR = 56 Kbps
DLCI = 4
Grants Pass
HQ
Fast Ethernet
75 users
Internet
T1
93. IP addressing for major devices, client
networks, server networks, and so on
Any strategies for addressing and naming?
▪ FLSM orVLSM
94. Area 1
Subnets 10.108.16.0 -
10.108.31.0
Area 0
Network
192.168.49.0
Area 2
Subnets 10.108.32.0 -
10.108.47.0
Router A Router B
98. Make sure the following are sufficient
▪ Air conditioning
▪ Heating
▪ Ventilation
▪ Power
▪ Protection from electromagnetic interference
▪ Doors that can lock
99. Make sure there’s space for:
▪ Cabling conduits
▪ Patch panels
▪ Equipment racks
▪ Work areas for technicians installing and
troubleshooting equipment
106. Enterprise
Segment 1
Segment 2
Segment n
MTBF MTTR
Date and Duration of
Last Major
Downtime
Cause of Last
Major
Downtime
MTBF: Mean Time Between Failures
MTTR: Mean Time To Repair
114. Traffic flow
▪ Where the data go while propagating
Location of traffic sources and data stores
▪ The sources of sender and reciever
Traffic load
▪ The capacity of data in the line
Traffic behavior
▪ How the data transferred
121. Data Store Location Application(s) Used by User
Community(or
Communities)
Types of Data
HR Data
Stock Data
Email Data
Website Data
122. Destination 1 Destination 2 Destination 3 Destination
MB/sec MB/sec MB/sec MB/sec
Source 1
Source 2
Source 3
Source n
Time taken for data flow
from point to point
123. Administration
Business and
Social Sciences
Math and
Sciences
50 PCs 25 Macs
50 PCs
50 PCs
30 PCs
30 Library Patrons (PCs)
30 Macs and 60 PCs in
Computing Center
Library and Computing Center
App 1 108 Kbps
App 2 60 Kbps
App 3 192 Kbps
App 4 48 Kbps
App 7 400 Kbps
Total 808 Kbps
App 1 48 Kbps
App 2 32 Kbps
App 3 96 Kbps
App 4 24 Kbps
App 5 300 Kbps
App 6 200 Kbps
App 8 1200 Kbps
Total 1900 Kbps
App 1 30 Kbps
App 2 20 Kbps
App 3 60 Kbps
App 4 16 Kbps
Total 126 Kbps
App 2 20 Kbps
App 3 96 Kbps
App 4 24 Kbps
App 9 80 Kbps
Total 220 Kbps
Arts and
Humanities
Server Farm
10-Mbps Metro
Ethernet to Internet
125. Name of
Application
Type of
Traffic
Flow
Protocol(s)
Used by
Application
User
Communities
That Use the
Application
Data Stores
(Servers, Hosts,
and so on)
Approximate
Bandwidth
Requirements
QoS
Requirements
App 1 Streaming RTSP End User, Client 3 250kb
App 2
App 3
App 4
129. Example:
Terminal screen: 4 Kbytes
Simple e-mail: 10 Kbytes
Simple web page: 50 Kbytes
High-quality image: 50,000 Kbytes
Database backup: 1,000,000 Kbytes or more
And many more types of objects
130. To calculate whether capacity is sufficient,
you should know:
▪ The number of stations
▪ The average time that a station is idle between
sending frames
▪ The time required to transmit a message once
medium access is gained
132. Broadcasts
▪ All ones data-link layer destination address
▪ FF: FF: FF: FF: FF: FF
▪ Doesn’t necessarily use huge amounts of bandwidth
▪ But does disturb every CPU in the broadcast domain
Multicasts
▪ First bit sent is a one
▪ 01:00:0C:CC:CC:CC (Cisco Discovery Protocol)
▪ Should just disturb NICs that have registered to receive
it
▪ Requires multicast routing protocol on internetworks
140. • A term used in the computer networking field to
describe the architectural structure of a network
Campus C
Building C-1 Building C-2
Campus C Backbone
150. Enterprise WAN
Backbone
Campus A Campus B
Campus C
Building C-1 Building C-2
Campus C Backbone
Core Layer
Distribution
Layer
Access Layer
151. A core layer of high-end routers and switches
that are optimized for availability and speed
A distribution layer of routers and switches
that implement policies and segment traffic
An access layer that connects users via hubs,
switches, and other devices
154. Hierarchy
Redundancy
Modularity - Modularity is the degree to which
a system's components may be separated and
recombined.
Well-defined
entries and exits
159. Reduces workload on network devices
▪ Avoids devices having to communicate with
too many other devices (reduces “CPU
adjacencies”)
Constrains broadcast domains
Enhances simplicity and understanding
Facilitates changes
Facilitates scaling to a larger size
160. Reduces workload on network devices
▪ Avoids devices having to communicate with
too many other devices (reduces “CPU
adjacencies”)
Constrains broadcast domains
Enhances simplicity and understanding
Facilitates changes
Facilitates scaling to a larger size
164. Use a hierarchical, modular approach
Minimize the size of bandwidth domains
Minimize the size of broadcast domains
Provide redundancy
▪ Mirrored servers
▪ Multiple ways for workstations to reach a router
for off-net communications
165. Server farm
Network management module
Edge distribution module for connectivity
to the rest of the world
Campus infrastructure module:
▪ Building access submodule
▪ Building distribution submodule
▪ Campus backbone
170. An emulation of a standard LAN that
allows data transfer to take place without
the traditional physical restraints placed
on a network
A set of devices that belong to an
administrative group
Designers useVLANs to constrain
broadcast traffic
171. Switch A
Station A1 Station A2 Station A3
Network A
Switch B
Station B1 Station B2 Station B3
Network B
Real LANs
172. Station A1 Station A2 Station A3
VLAN A
Station B1 Station B2 Station B3
VLAN B
Virtual LANs
173. Switch A
Station B1 Station B2 Station B3
Switch B
Station B4 Station B5 Station B6
Station A1 Station A2 Station A3 Station A4 Station A5 Station A6
VLAN B
VLAN A
VLAN B
VLAN A
174. A wireless LAN (WLAN) is often
implemented as aVLAN
Facilitates roaming
Users remain in the sameVLAN and IP
subnet as they roam, so there’s no need to
change addressing information
176. When you already know how to add a new
building, floor,WAN link, remote site, e-
commerce service, and so on
When new additions cause only local change,
to the directly-connected devices
When your network can double or triple in size
without major design changes
When troubleshooting is easy because there
are no complex protocol interactions to wrap
your brain around
180. Security defense in depth
▪ Network security should be multilayered with
many different techniques used to protect the
network
Belt-and-suspenders approach
▪ Don’t get caught with your pants down.
▪ Covers it!
185. Internet Connections
Remote-Access andVirtual Private Networks
Network Services
Server Farms
User Services
Wireless Networks
186. 1. Identify network assets
2. Analyze security risks
3. Analyze security requirements and
tradeoffs
4. Develop a security plan
5. Define a security policy
6. Develop procedures for applying security
policies
187. 7. Develop a technical implementation
strategy
8. Achieve buy-in from users, managers, and
technical staff
9. Train users, managers, and technical staff
10. Implement the technical strategy and
security procedures
11. Test the security and update it if any
problems are found
12. Maintain security
188. Physical security
Firewalls and packet filters
Audit logs, authentication, authorization
Well-defined exit and entry points
Routing protocols that support
authentication
190. Treat each network device (routers,
switches, and so on) as a high-value host
and harden it against possible intrusions
Require login IDs and passwords for
accessing devices
▪ Require extra authorization for risky
configuration commands
Use SSH rather thanTelnet
Change the welcome banner to be less
welcoming
191. Deploy network and host IDSs to monitor
server subnets and individual servers
Configure filters that limit connectivity
from the server in case the server is
compromised
Fix known security bugs in server operating
systems
Require authentication and authorization
for server access and management
Limit root password to a few people
Avoid guest accounts
192. Specify which applications are allowed to
run on networked PCs in the security
policy
Require personal firewalls and antivirus
software on networked PCs
▪ Implement written procedures that specify
how the software is installed and kept current
Encourage users to log out when leaving
their desks
Consider using 802.1X port-based security
on switches
193. Place wireless LANs (WLANs) in their own
subnet orVLAN
▪ Simplifies addressing and makes it easier to
configure packet filters
Require all wireless (and wired) laptops to run
personal firewall and antivirus software
Disable beacons that broadcast the SSID, and
require MAC address authentication
▪ Except in cases where theWLAN is used by
visitors
195. Hacked network devices
▪ Data can be intercepted, analyzed, altered, or
deleted
▪ User passwords can be compromised
▪ Device configurations can be changed
196. Tradeoffs must be made between security
goals and other goals:
▪ Affordability
▪ Usability
▪ Performance
▪ Availability
▪ Manageability
197. High-level document that
proposes what an
organization is going to do
to meet security
requirements
Specifies time, people, and
other resources that will be
required to develop a security
policy and achieve
implementation of the policy
198. How ?
Should be based on the customer’s goals and the
analysis of network assets and risk.
Should refer the network topology and include a list of
network services that will be provided.
One of the most important aspects of the security plan
is a specification of the people who must involved in
implementing network security :
▪ Will specialized security administrators be hired ?
▪ How will end users and their managers get involved ?
▪ How will end users, managers and technical staff be trained on
security policies and procedures ?
199. RFC 2196, “The Site Security Handbook,” a
security policy refers security policy as a:
▪ “Formal statement of the rules by which people
who are given access to an organization’s
technology and information assets must abide.”
The policy should address
▪ Access, accountability, authentication, privacy,
and computer technology purchasing guidelines
200. Security policy? informs users, managers and
technical staff of their obligations for protecting
technology and information assets.
Who is responsible in developing the security policy ?
Get input from managers, users, network engineers.
After a security policy has been developed, it should
be explained to all by top management. Eg : sign a
statement indicating that they have read, understood
and agreed to abide by a policy.
