Suggested prerequisite reading
»Cisco Forum FAQ »Quick and Easy Subnetting on Routing, Switching and Network Design Relationship
In network design, there are several basic considerations such as scalability and reliability. Reliability is about stable and seamless communication between hosts. Scalability is about how a network growth is anticipated properly with minimal change.
To have scalable and reliable network design, all Layer 1 to Layer 3 good side aspects should be met. Following are certain factors that affect network scalability and reliability, from Layer 1 to Layer 3.
Layer 1
1. Cables
Cable Management
Don't
* Don't run cables on floor
* Don't wrap network cables and power cords into one bundle
* Don't use too-long or too-short cables
Do
* Cables should run over (the ceiling), under (the tile), or inside (the wall)
* Have cable slacks between devices for easy and proper cable work space
Network Cable Choice
Use fiber cable around your building for best performance, scalability, and reliability. When you have multiple devices that employ various cable types (i.e. coax, Category 3, Category 5); you might want to have some kind of multiplexer to multiplex all of those various cable types into a single fiber cable.
When you do have to use Category 5 cables to interconnect devices, then it is suggested to use Category 6 instead of using Category 5 or 5E cables. Category 6 cables are more reliable and flexible to any network environment.
2. Racks
When you have multiple network devices that need to be in the same room, it is then suggested to have dedicated racks for them. In addition, the rack itself should also be mountable to the floor and/or to the wall for steady standing position.
The assumption is that the network devices should also be rack mountable. If the network devices are not rack mountable, the devices then should be wall or desk mountable.
3. Power
Between AC and DC Power
Most common network devices are probably AC-powered. By nature, AC-powered devices consume more energy and produce more heat than DC-powered devices. One big no-no on any network devices are having too-high temperature environment, which will shut down (or even melt down) the devices.
Whenever possible, use DC-powered network devices to reduce power bill. This is true especially when you need cooling system to cool down your network devices.
UPS (Uninterruptable Power Supply), Electrical Wiring, and Power Drop
Network devices are quite sensitive to "dirty power" that might affect resources such as CPU and memory chips. With UPS, the network devices would receive cleaner power and constant power supply with its battery backup.
Keep in mind that having UPS itself might not be sufficient. You may also need to verify your building electrical wiring and power drop from your Utility company.
As illustration, verify that the ground prong on your three-prong outlet is wired properly to the Earth. This way, you are sure you have proper power supply end to end.
Layer 2
Broadcast Storm
To support a lot of users, some people like to span a large Layer-2 network. The network is usually looking like at least one of the following:
* Employ three or more switches in daisy-chain connection
* Employ more Layer-2 switches rather than Layer-3 switches or routers
* One VLAN is spread throughout at least almost the entire organization
* One VLAN covers large area
* Use subnet size larger than /24 on one VLAN
* Assign multiple subnets under the same Layer-3 interface
As illustration, the network setup could look like the following
»Cisco Forum FAQ »Resilient Network Tips for Small Businesses
When the Layer-2 network is a broadcast network, then there will be something called ARP broadcast. This ARP broadcast is used to establish Layer-2 communication among hosts within the same Layer-2 network. As any other traffic, ARP broadcast traffic consume bandwidth and network device resources such as CPU and memory.
The more hosts reside within the Layer-2 network, then there will be more ARP broadcast traffic take place. The larger ARP broadcast traffic take place, the less bandwidth and network device resource available for the actual communication between two hosts within the same Layer-2 network. As a note, a large ARP broadcast traffic is sometime referred as broadcast storm.
One way to reduce broadcast storm effect is to partition a Layer-2 network into smaller multiple Layer-3 networks. Usually it is the best approach to use Layer-3 switches to partition such Layer-2 network since you can keep the Layer-2 switching speed eventhough you are using Layer-3 routing to route traffic among the Layer-3 networks.
The Layer-2 network partition should also consider native VLAN partition (usually VLAN 1). When there are multiple Layer-2 switches, you don't really need to let native VLAN (or any VLAN) to spread across the entire network. You could just segment VLAN 1 into smaller multiple VLAN 1 networks and use Layer-3 switching to interconnect them. This way, any behavior change on native VLAN (due to maintenance or DOS attack) would not bog down the entire network.
Layer 3
Between Flat and Segmented Networks
In some small companies, a lot of time the network is setup to accommodate all hosts (i.e. PC, server, router, firewall, etc) within the same subnet. Some networks implement 172.16.0.0/16 subnet to accommodate all of those hosts. In this 172.16.0.0/16 subnet implementation; all PC, server, router, firewall, and all other hosts are having the same 172.16.xx.xx IP addresses; sharing the same default gateway. This network setup is called Flat Network.
Once the network is growing, there might be a need to migrate to Segmented Network. By having Segmented Network, the network is segmented into smaller networks or subnets where each subnet accommodate specific hosts based on functionality. As illustration, Segmented Network could have Management network (network management IP subnet within 172.16.0.0/24 subnet), Infrastructure network (where all routers, firewalls, and switches reside within 172.16.1.0/24 subnet), Server network (where all servers reside within 172.16.2.0/24 subnet), and User network (where all PC reside within 172.16.3.0/24). Each segmented network has its own default gateway and probably has its own physical switch or router.
When at least one of the following conditions meets, usually it is already time to migrate from Flat Network to Segmented Network.
* A lot of Broadcast Storm in place
* Some users are permitted to access servers and some other users don't
* Some users are only permitted Internet access without access to any internal servers or PC
* Public-accessible servers are not permitted to access internal not-for-public servers
* There is a need to setup firewall between users and servers for security purposes
You can check out the following FAQ for more info on Flat vs. Segmented Networks
»Cisco Forum FAQ »Running Out Of IP Addresses due to 'flat network' design
With Segmented Network, routing between networks and the Internet becomes significant. Keep in mind that a good Segmented Network design is in general is based on carefully-assigned subnet and good routing design.
Check out the following FAQ for sample configuration of Segmented Network
»Cisco Forum FAQ »Should I use Layer-3 switch or router?
Subnet Assignment and Contiguous Network
Let's review the following network design
Internet
|
|
Firewall
|
|
Router 4
|
|
Switch
| | |
+----------------+ | +-------------------+
| | |
Router 1 Router 2 Router 3
| | | | | |
1st | 3rd | 4th 5th network
2nd network Switch
| | |
+---+---+--------------------+-+-+-+-+--------------------+---+---+
| | | | | | | | |
Server | Server Server | Server Printer | Printer
Server Server Printer
The network design represents the network setup of an entire organization network. Router 1 is managing three networks. Similarly Router 2 is managing one network and Router 3 is managing two networks. All of these networks are broadcast networks.
There is also another broadcast network within the four routers themselves. Network between Router 4 and Firewall is point-to-point network. Network between the Internet (ISP) and Firewall could be any network type (point-to-point, broadcast, or non-broadcast).
To provide connectivity within the organization, a 192.168.0.0/24 subnet is used. Let's say for now that this subnet must be sufficient to support the entire network within the organization.
Let's say we have the following host number to support within each network
1st network: 30 hosts
2nd network: 20 hosts
3rd network: 10 hosts
4th network: 5 hosts
5th network: 3 hosts
Server farm: 12 hosts
Each network would be independent network. There will be IP routing to provide network interconnection and Internet access.
By subnet calculation, we have the following subnet size
1st network: /27 subnet to cover 30 hosts
2nd network: /27 subnet to cover 20 hosts
3rd network: /28 subnet to cover 10 hosts
4th network: /29 subnet to cover 5 hosts
5th network: /29 subnet to cover 3 hosts
Server Farm: /28 subnet to cover 12 hosts
Between Router 4 and Firewall
Host # : 2
Smallest Subnet: /30
Between Routers
Host # : 4
Smallest Subnet: /29
Let's look at Router 1. Since there are multiple networks behind the Router 1, it is a good idea to have supernet on the router to represent all the networks behind it. Similar concept applies to Router 3 that have multiple networks as well.
To supernet, the smaller networks should be in consecutive order such as 192.168.0.0/27 and 192.168.0.32/27 for 1st and 2nd networks respectively.
Let's review supernet consideration at Router 1. There are following networks behind the router
1st network: 192.168.0.0/27 (192.168.0.1 - 192.168.0.30)
2nd network: 192.168.0.32/27 (192.168.0.33 - 192.168.0.62)
3rd network: 192.168.0.64/28 (192.168.0.65 - 192.168.0.78)
As mentioned, you can supernet both /27 networks to be a single /26 network which is 192.168.0.0/26. With this supernet choice, Router 1 represents the following networks to the rest of the organization.
192.168.0.0/26 (192.168.0.1 - 192.168.0.62)
192.168.0.64/28 (192.168.0.65 - 192.168.0.78)
Let's say you want Router 1 to represent only a single network to the rest of organization. You could choose to supernet all networks behind Router 1 into a single /25 network, which would be 192.168.0.0/25 (192.168.0.1 - 192.168.0.126).
When you do this /25 network supernet, then you have to make sure that the following subnets are only behind the Router 1.
192.168.0.80/28 (192.168.0.81 - 192.168.0.94)
192.168.0.96/27 (192.168.0.97 - 192.168.0.126)
If one of these networks are not behind the Router 1 and there is 192.168.0.0/25 supernet on Router 1, the one network could become unreachable from the rest of the organization; which could lead to unreliable network.
From scalability perspective, you need to forecast if the above assigned subnets are sufficient to support all the three networks. If the 3rd network host number will grow to 30 within 2 years let's say, then it is probably a good idea to assign /27 network instead of /28 network to the 3rd network to anticipate the growth. This way, the 3rd network subnet assignment would be good until at least 2 years in the future.
Static and Dynamic Routing
Let's review the following network design
Internet
|
|
Router 4
.13 |
192.168.0.12/30 |
.14 |
Router 3 --- 192.168.3.0/24
.1 / \ .6
192.168.0.0/30 / \ 192.168.0.4/30
.2 / \ .5
Router 1 Router 2
| |
192.168.1.0/24 192.168.2.0/24
The 192.168.1.0/24, 192.168.2.0/24, and 192.168.3.0/24 are broadcast networks. 192.168.0.0/28 is point-to-point network.
192.168.1.0/24 is behind Router 1. 192.168.2.0/24 is behind Router 2. 192.168.3.0/24 is behind Router 3.
192.168.0.1 and 192.168.0.6 are Router 3. 192.168.0.2 is Router 1. 192.168.0.5 is Router 2.
To access the Internet from 192.168.1.0/24, 192.168.2.0/24, and 192.168.3.0/24 networks; the outbound traffic must pass Router 4. Only Router 3 has direct connection to Router 4. To access the Internet from 192.168.1.0/24 and 192.168.2.0/24 networks, the outbound traffic must pass Router 3.
Note that static routing should be sufficient to provide reliable connection within the entire network. Followings are the static routes.
Router 1
Use 192.168.0.1 (Router 3) to reach any network outside 192.168.1.0/24
Router 2
Use 192.168.0.6 (Router 3) to reach any network outside 192.168.2.0/24
Router 3
Use 192.168.0.2 (Router 1) to reach 192.168.1.0/24
Use 192.168.0.5 (Router 2) to reach 192.168.2.0/24
Use 192.168.0.13 (Router 4) to reach any network outside 192.168.0.0/22
Router 4
Use 192.168.0.14 (Router 3) to reach 192.168.0.0/22
Use the ISP device IP address to reach the Internet (any network outside 192.168.0.0/22)
Let's say that Router 1 and Router 2 now have direct connection as follows
Internet
|
|
Router 4
.13 |
192.168.0.12/30 |
.14 |
Router 3 --- 192.168.3.0/24
.1 / \ .6
192.168.0.0/30 / \ 192.168.0.4/30
.2 / \ .5
Router 1 ------------ Router 2
| .9 .10 |
| 192.168.0.8/30 |
| |
192.168.1.0/24 192.168.2.0/24
where 192.168.0.9 is Router 1 and 192.168.0.10 is Router 2.
Let's look at the Router 1. From Router 1, it is possible to reach Router 3 directly or indirectly via Router 2. Similarly from Router 3, it is possible to reach Router 2 directly or indirectly via Router 1.
With this new connection, static routes no longer reliable choice. It is suggested that dynamic routing is used on Router 1 to 3. Router 4 may just keep using static route to the ISP device and to the Router 3.
When all of Router 1 - Router 3, Router 1 - Router 2, Router 2 - Router 3 connections have equivalent bandwidth and have equivalent traffic load; you may consider to use RIP. In real network, it is unlikely to have equivalent traffic load across the three connections. Therefore it is then suggested that Router 1 to Router 3 are to run OSPF, IS-IS, or EIGRP.
In Cisco routers, following is the EIGRP sample configuration
Router 1
router eigrp 10
network 192.168.1.0 255.255.255.0
network 192.168.0.0 255.255.255.252
network 192.168.0.8 255.255.255.252
Router 2
router eigrp 10
network 192.168.2.0 255.255.255.0
network 192.168.0.4 255.255.255.252
network 192.168.0.8 255.255.255.252
Router 3
router eigrp 10
redistribute static
network 192.168.3.0 255.255.255.0
network 192.168.0.0 255.255.255.248
The static routes
Router 3
ip route 0.0.0.0 0.0.0.0 192.168.0.13
Router 4
ip route 192.168.0.0 255.255.252.0 192.168.0.14
ip route 0.0.0.0 0.0.0.0 [ISP DEVICE IP ADDRESS]
WAN Design
Check out the following FAQ for insights
»Cisco Forum FAQ »Redundant Link Graceful Internet Load Balance/Failover
 feedback form
 feedback form
by aryoba 
last modified: 2009-05-19 10:38:25 |
