how-to block ads
»Cisco Forum FAQ »Quick and Easy Subnetting on Routing, Switching and Network Design Relationship
In network design, there are several basic considerations such as scalability and reliability. Reliability is about stable and seamless communication between hosts. Scalability is about how a network growth is anticipated properly with minimal change.
To have scalable and reliable network design, all Layer 1 to Layer 3 good side aspects should be met. Following are certain factors that affect network scalability and reliability, from Layer 1 to Layer 3.
* Don't run cables on floor
* Don't wrap network cables and power cords into one bundle
* Don't use too-long or too-short cables
* Cables should run over (the ceiling), under (the tile), or inside (the wall)
* Have cable slacks between devices for easy and proper cable work space
Network Cable Choice
Use fiber cable around your building for best performance, scalability, and reliability. When you have multiple devices that employ various cable types (i.e. coax, Category 3, Category 5); you might want to have some kind of multiplexer to multiplex all of those various cable types into a single fiber cable.
When you do have to use Category 5 cables to interconnect devices, then it is suggested to use Category 6 instead of using Category 5 or 5E cables. Category 6 cables are more reliable and are flexible to any network environment.
When you have multiple network devices that need to be in the same room, it is then suggested to have dedicated racks for them. In addition, the rack itself should also be mountable to the floor and/or to the wall for steady standing position.
The assumption is that the network devices should also be rack mountable. If the network devices are not rack mountable, the devices then should be wall or desk mountable.
Between AC and DC Power
Most common network devices are probably AC-powered. By nature, AC-powered devices consume more energy and produce more heat than DC-powered devices. One big no-no on any network devices are having too-high temperature environment, which will shut down (or even melt down) the devices.
Whenever possible, use DC-powered network devices to reduce power bill. This is true especially when you need cooling system to cool down your network devices.
UPS (Uninterruptable Power Supply), Electrical Wiring, and Power Drop
Network devices are quite sensitive to "dirty power" that might affect resources such as CPU and memory chips. With UPS, the network devices would receive cleaner power and constant power supply with its battery backup.
Keep in mind that having UPS itself might not be sufficient. You may also need to verify your building electrical wiring and power drop from your Utility company.
As illustration, verify that the ground prong on your three-prong outlet is wired properly to the Earth. This way, you are sure you have proper power supply end to end.
To support a lot of users, some people like to span a large Layer-2 network. The network is usually looking like at least one of the following:
* Employ three or more switches in daisy-chain connection
* Employ more Layer-2 switches rather than Layer-3 switches or routers
* One VLAN is spread throughout at least almost the entire organization
* One VLAN covers large area
* Use subnet size larger than /24 on one VLAN
* Assign multiple subnets under the same Layer-3 interface
As illustration, the network setup could look like the following
»Cisco Forum FAQ »Resilient Network Tips for Small Businesses
When the Layer-2 network is a broadcast network, then there will be something called ARP broadcast. This ARP broadcast is used to establish Layer-2 communication among hosts within the same Layer-2 network. As any other traffic, ARP broadcast traffic consume bandwidth and network device resources such as CPU and memory.
The more hosts reside within the Layer-2 network, then there will be more ARP broadcast traffic take place. The larger ARP broadcast traffic take place, the less bandwidth and network device resource available for the actual communication between two hosts within the same Layer-2 network. As a note, a large ARP broadcast traffic is sometime referred as broadcast storm.
One way to reduce broadcast storm effect is to partition a Layer-2 network into smaller multiple Layer-3 networks. Usually it is the best approach to use Layer-3 switches to partition such Layer-2 network since you can keep the Layer-2 switching speed even though you are using Layer-3 routing to route traffic among the Layer-3 networks.
The Layer-2 network partition should also consider native VLAN partition (usually VLAN 1). When there are multiple Layer-2 switches, you don't really need to let native VLAN (or any VLAN) to spread across the entire network. You could just segment VLAN 1 into smaller multiple VLAN 1 networks and use Layer-3 switching to interconnect them. This way, any behavior change on native VLAN (due to maintenance or DOS attack) would not bog down the entire network.
Between Flat and Segmented Networks
In some small companies, a lot of time the network is setup to accommodate all hosts (i.e. PC, server, router, firewall, etc) within the same subnet. Some networks implement 172.16.0.0/16 subnet to accommodate all of those hosts. In this 172.16.0.0/16 subnet implementation; all PC, server, router, firewall, and all other hosts are having the same 172.16.xx.xx IP addresses; sharing the same default gateway. This network setup is called Flat Network.
Once the network is growing, there might be a need to migrate to Segmented Network. By having Segmented Network, the network is segmented into smaller networks or subnets where each subnet accommodate specific hosts based on functionality. As illustration, Segmented Network could have Management network (network management IP subnet within 172.16.0.0/24 subnet), Infrastructure network (where all routers, firewalls, and switches reside within 172.16.1.0/24 subnet), Server network (where all servers reside within 172.16.2.0/24 subnet), and User network (where all PC reside within 172.16.3.0/24). Each segmented network has its own default gateway and probably has its own physical switch or router.
When at least one of the following conditions meets, usually it is already time to migrate from Flat Network to Segmented Network.
* A lot of Broadcast Storm in place
* Some users are permitted to access servers and some other users don't
* Some users are only permitted Internet access without access to any internal servers or PC
* Public-accessible servers are not permitted to access internal not-for-public servers
* There is a need to setup firewall between users and servers for security purposes
You can check out the following FAQ for more info on Flat vs. Segmented Networks
»Cisco Forum FAQ »Running Out Of IP Addresses due to 'flat network' design
With Segmented Network, routing between networks and the Internet becomes significant. Keep in mind that a good Segmented Network design is in general is based on carefully-assigned subnet and good routing design.
Check out the following FAQ for sample configuration of Segmented Network
»Cisco Forum FAQ »Should I use Layer-3 switch or router?
Subnet Assignment and Contiguous Network
Let's review the following network design
The network design represents the network setup of an entire organization network. Router 1 is managing three networks. Similarly Router 2 is managing one network and Router 3 is managing two networks. All of these networks are broadcast networks.
There is also another broadcast network within the four routers themselves. Network between Router 4 and Firewall is point-to-point network. Network between the Internet (ISP) and Firewall could be any network type (point-to-point, broadcast, or non-broadcast).
To provide connectivity within the organization, a 192.168.0.0/24 subnet is used. Let's say for now that this subnet must be sufficient to support the entire network within the organization.
Let's say we have the following host number to support within each network
1st network: 30 hosts
2nd network: 20 hosts
3rd network: 10 hosts
4th network: 5 hosts
5th network: 3 hosts
Server farm: 12 hosts
Each network would be independent network. There will be IP routing to provide network interconnection and Internet access.
By subnet calculation, we have the following subnet size
1st network: /27 subnet to cover 30 hosts
Between Router 4 and Firewall
Host # : 2
Host # : 4
Let's look at Router 1. Since there are multiple networks behind the Router 1, it is a good idea to have supernet on the router to represent all the networks behind it. Similar concept applies to Router 3 that have multiple networks as well.
To supernet, the smaller networks should be in consecutive order such as 192.168.0.0/27 and 192.168.0.32/27 for 1st and 2nd networks respectively.
Let's review supernet consideration at Router 1. There are following networks behind the router
1st network: 192.168.0.0/27 (192.168.0.1 - 192.168.0.30)
2nd network: 192.168.0.32/27 (192.168.0.33 - 192.168.0.62)
3rd network: 192.168.0.64/28 (192.168.0.65 - 192.168.0.78)
As mentioned, you can supernet both /27 networks to be a single /26 network which is 192.168.0.0/26. With this supernet choice, Router 1 represents the following networks to the rest of the organization.
192.168.0.0/26 (192.168.0.1 - 192.168.0.62)
192.168.0.64/28 (192.168.0.65 - 192.168.0.78)
Let's say you want Router 1 to represent only a single network to the rest of organization. You could choose to supernet all networks behind Router 1 into a single /25 network, which would be 192.168.0.0/25 (192.168.0.1 - 192.168.0.126).
When you do this /25 network supernet, then you have to make sure that the following subnets are only behind the Router 1.
192.168.0.80/28 (192.168.0.81 - 192.168.0.94)
192.168.0.96/27 (192.168.0.97 - 192.168.0.126)
If one of these networks are not behind the Router 1 and there is 192.168.0.0/25 supernet on Router 1, the one network could become unreachable from the rest of the organization; which could lead to unreliable network.
From scalability perspective, you need to forecast if the above assigned subnets are sufficient to support all the three networks. If the 3rd network host number will grow to 30 within 2 years let's say, then it is probably a good idea to assign /27 network instead of /28 network to the 3rd network to anticipate the growth. This way, the 3rd network subnet assignment would be good until at least 2 years in the future.
Static and Dynamic Routing
Let's review the following network design
The 192.168.1.0/24, 192.168.2.0/24, and 192.168.3.0/24 are broadcast networks. 192.168.0.0/28 is point-to-point network.
192.168.1.0/24 is behind Router 1. 192.168.2.0/24 is behind Router 2. 192.168.3.0/24 is behind Router 3.
192.168.0.1 and 192.168.0.6 are Router 3. 192.168.0.2 is Router 1. 192.168.0.5 is Router 2.
To access the Internet from 192.168.1.0/24, 192.168.2.0/24, and 192.168.3.0/24 networks; the outbound traffic must pass Router 4. Only Router 3 has direct connection to Router 4. To access the Internet from 192.168.1.0/24 and 192.168.2.0/24 networks, the outbound traffic must pass Router 3.
Note that static routing should be sufficient to provide reliable connection within the entire network. Followings are the static routes.
Use 192.168.0.1 (Router 3) to reach any network outside 192.168.1.0/24
Use 192.168.0.6 (Router 3) to reach any network outside 192.168.2.0/24
Use 192.168.0.2 (Router 1) to reach 192.168.1.0/24
Use 192.168.0.5 (Router 2) to reach 192.168.2.0/24
Use 192.168.0.13 (Router 4) to reach any network outside 192.168.0.0/22
Use 192.168.0.14 (Router 3) to reach 192.168.0.0/22
Use the ISP device IP address to reach the Internet (any network outside 192.168.0.0/22)
Let's say that Router 1 and Router 2 now have direct connection as follows
where 192.168.0.9 is Router 1 and 192.168.0.10 is Router 2.
Let's look at the Router 1. From Router 1, it is possible to reach Router 3 directly or indirectly via Router 2. Similarly from Router 3, it is possible to reach Router 2 directly or indirectly via Router 1.
With this new connection, static routes no longer reliable choice. It is suggested that dynamic routing is used on Router 1 to 3. Router 4 may just keep using static route to the ISP device and to the Router 3.
When all of Router 1 - Router 3, Router 1 - Router 2, Router 2 - Router 3 connections have equivalent bandwidth and have equivalent traffic load; you may consider to use RIP. In real network, it is unlikely to have equivalent traffic load across the three connections. Therefore it is then suggested that Router 1 to Router 3 are to run OSPF, IS-IS, or EIGRP.
In Cisco routers, following is the EIGRP sample configuration
router eigrp 10
network 192.168.1.0 255.255.255.0
network 192.168.0.0 255.255.255.252
network 192.168.0.8 255.255.255.252
router eigrp 10
network 192.168.2.0 255.255.255.0
network 192.168.0.4 255.255.255.252
network 192.168.0.8 255.255.255.252
router eigrp 10
network 192.168.3.0 255.255.255.0
network 192.168.0.0 255.255.255.248
The static routes
ip route 0.0.0.0 0.0.0.0 192.168.0.13
ip route 192.168.0.0 255.255.252.0 192.168.0.14
ip route 0.0.0.0 0.0.0.0 [ISP DEVICE IP ADDRESS]
»[Config] HSRP Config
Check out the following FAQ for insights
»Cisco Forum FAQ »Various Network Design using Routers, Layer-3 Switches, and more
When you start building the network, there may only be few PC and one server. Then there are times when more machines are added such as printers, more servers, and more servers. At first, all machines might connect to one same switch, while the switch connects to one Internet router.
More and more machines added, then having only one switch can no longer sufficient. One option is to add another switch which will then daisy chained or interconnected to the existing switch. Example of this situation are Cisco Catalyst 2560 or 3560 fixed switches.
Another option is place a new switch with more ports, perhaps in form of switch module. Example of this situation is Cisco Catalyst 4503 modular switch.
Advantage of having multiple fixed switches in place is that you could possibly let existing switch untouched and simply hook up a cable to the new switch from the existing switch. On the other hand, advantages of having one modular switch in place are that you only need one switch to manage, less cable running (comparing to daisy chaining multiple switches), and higher switch port density.
Larger growth anticipates multiple modular switches in place where one or two modular switches are on one side of building while another set of modular switches are on another side of building. Each set of modular switches connect directly to LAN machines such as servers, PC, and printers. Switches (either modular or fixed type) dedicated to only connect to LAN machines are called access switch.
To provide connectivity to routers and firewalls, all access switches usually connect to a set of switches, acting as traffic hubs to other building, Internet, and perhaps WAN. This hub switches (either modular or fixed type) dedicated to only connect to access switches, routers, and firewalls (or simply non-LAN machines) are called core switches.
As you may imagine, the access switches are simply providing Layer-2 connectivity to LAN machines while the core switches are providing Layer-2/3 connectivity to LAN machines and are providing Layer-3 connectivity to non-LAN machines. Depending on network requirements, access switches can also be designed to provide Layer-2/3 connectivity to LAN machines while the core switches provide only Layer-3 connectivity.
With these in mind, following considerations in LAN design are in order.
* Fixed and modular switches from perspective of port flexibility, cable management, port density, and switch management
* Dedicating switches as either access switches or core switches to simplify network management
»Server TO core