Cisco Network Architectures for the Enterprise
a) Borderless networks architecture
- Enables connectivity to anyone and anything, anywhere, and at any time.
- Connectivity needs to be secure, reliable, and seamless.
The major blocks include:
- Policy and Control are applied to all users and devices in the architecture
- Borderless Network Services provide resiliency and control
- Borderless User services
- Borderless Connection management provides secure access, anytime, anywhere
b) Collaboration architecture
This architecture has 3 layers:
- Communication and collaboration Apps – Conference applications
- Collaboration services – Services that support the collaboration apps like presence and location
- Infrastructure – facilitates collaboration anytime eg. virtual machines
c) Data center/virtualization architecture
Comprehensive set of virtualization technologies and services that bring the network, computing, storage, and virtualization platforms together.
Benefits of Cisco Architectures:
- Support scalability
- Provides for service reliability
- Allows for continued functionality of the network
- Improves performance of applications
- Enables manageability of the network
- The network tends to be more effective
Cisco’s PPDIOO Network life-cycle
Prepare
- Establishes business requirements
- Develops a network strategy, and architecture to support the strategy.
Plan
- Identifies network requirements
- Assesses the network
- Project plan is developed
Design
Implement
- Installation and configuration
- Changes are tested
Operate
- Fault detection, correction, and performance monitoring
Optimize
- Identify and resolve network issues
- Modifications to the network
Benefits of PPDIOO
- Network plans are validated before hand hence lowers total cost of ownership
- A sound network design provides for Increased network availability
- Business requirements and strategies are established before hand hence Improves network agility (response to change)
- Performance, reliability and security are improved hence speeds access to applications and services
Design Methodology
Identify network requirements
- Know the applications – planned application types, the applications, the importance of the applications and any comments
- Know organizational goals – improve customer support, increase customer services, increase competitiveness or reduce costs
- Any organizational constraints – Budget, timeframe, limited personel, policies might limit the use of certain protocols.
- Define technical goals – improve network response time, simplify network management, improve security, improve application reliability, technology refresh, network scalability
- Possible technical constraints – Existing infrastructure might limit support of new tech, Bandwidth limitation, Legacy equipment and applications might need to be supported.
Characterizing existing network
Gather Information from the existing network
- Get all existing information and documentation. Identify the networks. major features
- Audit the network. Identify the tools for auditing and monitoring traffic. Necessary audit information: Device list, models, software version, configs, auditing tools audit info, interface speeds, cpu utilization and WAN technology used
- Analyze the traffic traversing the network. Identify Tools that can be used to analyze the existing network traffic
Network Audit tools:
- Manual Assessment – show commands and scripts
- NBAR (Classifies traffic), CiscoWorks (Topology, Hardware,Software,Config,Network Map), Netflow (Traffic flow on Interface), AirMagnet Survey PRO, BVS Yellowjacket Wifi Analyzer, Redcell Engineering, Netcordia NEtMRI, Netformix, NetQoS, and Pari Networks Assessment Tool
- For VoIP, Wireless and security: AirMagnet Analyzer Pro, Ekahau Site Survey LANguard Network Security scanner, NetIQ Vivinet Assessor, neteXpose DNA, Cisco Operations Manager, Stats Manager, Service Statistics Manager, ClarusIPC, Prognosis
Show commands:
# show tech-support # show processes cpu # show version # show processes memory # show log # show interface # show policy-map interface # show running-config # show ip cache flow - output of Netflow
Network Analysis Tools:
- Netformx DesignXpert Enterprise
- CNS NetFlow Collector Engine (Hardware)
- Cisco Embedded Resource Manager (ERM)
- Sniffer
- AirMagnet Wifi Analyzer
- BVS Yellowjacket 802.11
- NetIQ Vivinet Assessor
- Netcordia NetMRI
- SolarWinds Orion
A good network has the following characteristics:
- Switches instead of hubs
- < 70% WAN saturation
- Response time < 100ms (<2ms LAN)
- <20% Broadcasts and multicasts
- < 1/1000000 bytes CRC errors
- < 0.1 % collisions
- not > or = 75% CPU utilization in 5 mins
- < 100 output queue drops in an hour
- < 50 output queue drops in an hour
- < 25 buffer misses in an hour
- < 10 ignored packets on an interface in an hour
- QoS enabled
Designing the Network
The Top-Down approach is used. It ensures that network devices and technologies are not selected until the applications’ requirements are analyzed.
Top-Down approach:
- Analyze applications and business requirements
- Define requirements of the upper layers (5-7) and specify the infrastructure for the lower layers (1-4)
- Gather data on network
Testing the Network
Prototype network – Full design tested in an isolated environment
Pilot Site – A live test site that can be used to test the solution under real-world circumstances before applying it in all locations
Design Document:
Should have the following:
- Introduction – Purpose and goals of the network design
- Design requirements and constraints
- Existing Infrastructure
- New design, topology, IP addressing
*Proof of concept – test results
- Implementation Plan in details
- Description of the step
- Reference to design doc
- Detailed implementation guidelines
- Rollback steps
- Estimated time
- Appendixes – supporting information
CyberSecFaith 