-
Notifications
You must be signed in to change notification settings - Fork 1
/
mod4-01.html
383 lines (348 loc) · 19.1 KB
/
mod4-01.html
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
<!doctype html>
<html lang="en">
<head>
<meta charset="utf-8">
<title>Advanced Networking - Module 4 Chapter 1 - Hierarchical Network Design</title>
<meta name="description" content="Abilitante alle certificazioni Cisco CCENT e CCNA">
<meta name="author" content="Hacklab Cosenza">
<meta name="apple-mobile-web-app-capable" content="yes">
<meta name="apple-mobile-web-app-status-bar-style" content="black-translucent">
<meta name="viewport" content="width=device-width, initial-scale=1.0, maximum-scale=1.0, user-scalable=no">
<link rel="stylesheet" href="css/reveal.css">
<link rel="stylesheet" href="css/theme/black.css" id="theme">
<!-- Code syntax highlighting -->
<link rel="stylesheet" href="lib/css/zenburn.css">
<!-- Printing and PDF exports -->
<script>
var link = document.createElement( 'link' );
var link = document.createElement( 'link' );
link.rel = 'stylesheet';
link.type = 'text/css';
link.href = window.location.search.match( /print-pdf/gi ) ? 'css/print/pdf.css' : 'css/print/paper.css';
document.getElementsByTagName( 'head' )[0].appendChild( link );
</script>
<!--[if lt IE 9]>
<script src="lib/js/html5shiv.js"></script>
<![endif]-->
</head>
<body>
<div class="reveal">
<!-- Any section element inside of this container is displayed as a slide -->
<div class="slides">
<section>
<h1>Advanced Networking</h1>
<h2>Routing & Switching:<h2>
<h2>Connecting Networks</h2>
<h3>Chapter 1:</h3>
<h3>Hierarchical Network Design</h3>
<p>
<small><a href="http://hlcs.it">Hacklab Cosenza</a> / Centro di Ricerca su Tecnologia e Innovazione</small>
</p>
</section>
<section>
<h2>Network Requirements</h2>
<p>Cisco categorized networks <strong>based on host number</strong> in:</p>
<ul>
<li><strong>Small</strong> network - up to 200 devices.</li>
<li><strong>Medium</strong> network - 200 to 1000 devices.</li>
<li><strong>Large</strong> network - More than 1000 devices.</li>
</ul>
<p>Different network sized means <strong>different requirements</strong>. It is the job of the <strong>network designer</strong> to handle their complexities.</p>
<p>Cisco has a certification dedicated to network design skills, which encompass a great deal of knowledge. It’s the <strong>CCDA, <em>Cisco Certified Design Associate</em></strong>.</p>
</section>
<section>
<h2>[R] Design Good Principles</h2>
<h3>Hierarchy</h3>
<p>Deploying complex systems in smaller and more manageable <em>tiers</em>, each with a clear role and structure.</p>
<h3>Modularity</h3>
<p>Separating <strong>functions in modules</strong> (such as Cisco’s campus, service block, data center, internet edge) to make design easier.</p>
<h3>Resiliency</h3>
<p>Network <strong>reacts well to changes</strong>, growth, faults, abnormalities.</p>
<h3>Flexibility</h3>
<p>Expansions, improvements, upgrades at any tier are made as easy as possible, <strong>without the need for major operations</strong>.</p>
</section>
<section>
<section>
<!-- [R] mod2-01.html -->
<h2>[R] Access, Distribution, Core</h2>
<img src="http://i.imgur.com/ugMjfRW.jpg">
<p>Tiers In a Cisco network architecture are <em><strong>Access, Distrubution and Core</strong></em>, usually deployed in a 3-tier or 2-tier (with <em>collapsed</em> Distribution/Core) framework.</p>
</section>
<section>
<h2>[R] Access, Distribution, Core</h2>
<p>Tiers In a hyerarchical network architectures are <strong><em>Access</em></strong>, <strong><em>Distribution</em></strong> and <strong><em>Core</em></strong>, usually deployed in a 3-tier or 2-tier (with collapsed Distribution/Core) framework.</p>
<p>Main advantages: <strong>local traffic stays local</strong>; better boundary separation (perfect for limiting broadcast or filter traffic).</p>
<p><strong>Traffic starts in the <em>access</em> layer</strong>, which is the layer enabling a local network. Traffic can be <strong>distributed to different local networks</strong> by going through the distribution layer.</p>
<p>If required, a third layer (core) is provided as the backbone, to <strong>connect distant networks at speeds similar to the local ones</strong>.</p>
</section>
</section>
<!-- [R] mod2-01.html -->
<section>
<h2>[R] Access Layer</h2>
<ul>
<li>It's the network edge, where <strong>traffic enters or exits it</strong>.</li>
<li>It's also where devices that <strong>extend the network out one more level</strong> are placed - like IP phones, wireless APs, WAN connectivity.</li>
<li>It's primary function is to provide <strong>access to the network for most users</strong> (and thus generic computing devices, end stations access here).</li>
<li>This is the layer where <strong>most traffic originates</strong> from.</li>
<li>It provides the <strong>demarcation</strong> between the network infrastructure and the computing devices that leverage it.</li>
<li>The traditional focus at the access layer is <strong>minimizing <em>cost-per-port</em></strong>.</li>
</ul>
</section>
<!-- [R] mod2-01.html -->
<section>
<h2>[R] Distribution Layer</h2>
<ul>
<li>It's the most "smart" layer, <strong>implementing network foundation technologies</strong> like routing, advanced switching, filtering, QoS.</li>
<li><strong>Interface</strong> between Access and Core Layers:</li>
<ul>
<li><strong>Aggregation point for access switches</strong> (wiring closet).</li>
<li><strong>Aggregating L2 broadcast domains and L3 routing and summarization boundaries</strong> for network control plane protocols (EIGRP, OSPF, Spanning Tree).</li>
<li><strong>Demarcation and isolation</strong> between the campus distribution building block and the rest of the network.</li>
</ul>
<li><strong>Very little traffic originates</strong> directly from here.</li>
<li><strong>High availability</strong> through redundant distribution layer switches and <strong>equal cost paths to the core</strong>.</li>
</ul>
</section>
<!-- [R] mod2-01.html -->
<section>
<h2>[R] Core Layer (Backbone)</h2>
<ul>
<li>Very limited set of services, provides <u>24/7 always-on</u> (<em>Fault Isolation</em>) connectivity <u>across the entire network</u> (<em>end-to-end</em> connectivity).</li>
<li>Basically <strong>no traffic originates</strong> from here.</li>
<li>It serves as the <strong>aggregator</strong> for the other campus blocks and ties the campus together with the rest of the network.</li>
<li>Very little decisions about traffic, just <u>collects as much as possible, moves it as fast and reliably as possible</u>.</li>
<li>So: <strong>high-speed, high-redundancy forwarding</strong> services between "regions" (campus) of the network.</li>
<li>That means the <strong>most powerful switches</strong> and routers, capable of the fastest connections (e.g. 10 GiB Ethernet)</li>
</ul>
</section>
<section>
<h2>2-Tier Collapsed Core Design</h2>
<p>Sometimes, in small enterprise networks, we can find another design. This design use only two layers with:</p>
<ul>
<li>Access Layer</li>
<li>Collapsed Core Layer: <strong>a layer with the function of distribution and core</strong>.</li>
</ul>
<p>This design is more cheap than the 3 layer model, saves more hardware (because distribution and core functions are provided in a single device), but mantains much of the benefit of it.</p>
</section>
<section>
<h2>Modular Network Design</h2>
<p>In a modular network design, <strong>networks are separated into blocks</strong> (or <em>modules</em>) <strong>depending on their function</strong>.</p>
<p>Modules will then have <strong>different physical and/or logical connectivity</strong> in the overall network design.</p>
<ul>
<li>In the event of a failure, <strong>the fault is easily isolated and detected</strong> in a single module.</li>
<li>Upgrades, changes, maintenance of the network can be <strong>staged progressively module by module</strong>.</li>
<li>Modules can be updated or <strong>completely replaced without the need to redesign the network</strong>, not even part of it.</li>
</ul>
<p>The modular network design reference recommended by Cisco is the <strong><em>Cisco Enterprise Architecture Model</em></strong>.</p>
</section>
<section>
<!-- [R] mod3-01.html -->
<section>
<h2>Enterprise Network Arch.</h2>
<p>It is defined on top of the hierarchical structure, and it's <strong>based on functional blocks</strong>.</p>
<img src="http://i.imgur.com/6Ajvmzo.png" style="width: 650px;">
<small>Includes the <strong>access, distribution and core layers</strong> in a <em>Campus Infrastructure Module</em>. The word <em>Campus</em> is common but loosely defined in Cisco’s literature.</small>
</section>
<!-- [R] mod3-01.html -->
<section>
<h2>[R] Enterprise Campus</h2>
<p>Includes the <strong>access, distribution and core layers</strong> in a <em>Campus Infrastructure Module</em>.</p>
<ul>
<li><strong>Access</strong> - L2/L3 switches with needed port density.</li>
<li><strong>Access</strong> - VLANs, trunks, redundant links to distribution.</li>
<li><strong>Distribution</strong> - L3 devices to aggregate campus access</li>
<li><strong>Distribution</strong> - Routing, QoS, security</li>
<li><strong>Core</strong> - High-speed backbone connectivity between</li>
<ul>
<li>Distribution Modules</li>
<li>Server and DataCenter Farms (Network Management)</li>
<li>Service Module (IP Telephony, wireless controllers, unified services)</li>
<li>Enterprise Edge</li>
</ul>
</ul>
</section>
<!-- [R] mod3-01.html (partial) -->
<section>
<h2>[R] Enterprise Edge</h2>
<p>All the modules that <strong>extends the enterprise network to the outer networks</strong>, like remote sites, partner’s Intranets, and of course the Internet.</p>
<p>Obviously, it also <strong>enables the campus to provide its services</strong> to outer networks. So its submodules are:</p>
<small>
<ul>
<li><strong>E-Commerce</strong></li>
<ul>
<li>Networks and servers to provide e-commerce through the Internet. It’s a critical enough activity to deserve its own modules.</li>
</ul>
<li><strong>Internet</strong> and <strong><em>Demilitarized Zone</em></strong> (DMZ)</li>
<ul>
<li>It provides <strong>internal users with Internet connectivity</strong>. It also enabled a DMZ, which is <strong>a part of a local network trusted with access from external parties</strong> (typically to provide Internet-facing services).</li>
</ul>
<li><strong>WAN</strong> modules</li>
<ul>
<li>Devices implementing the WAN technologies in use by the enteprise to connect the campus to remote sites.</li>
</ul>
<li><strong>VPN</strong> and <strong>Remote Access</strong></li>
<ul>
<li>Authentication and access to the local network for remote users.</li>
</ul>
</ul>
</small>
</section>
<!-- [R] mod3-01.html (partial) -->
<section>
<h2>[R] Service Provider Edge</h2>
<p>Provides the <strong>connectivity solutions that power the enterprise edge</strong>, such as</p>
<ul>
<li>Internet (perhaps <em>multi-homed</em>, meaning 2 or more ISPs)</li>
<li>PSTN (traditional telephony)</li>
<li>Wide Area Networking (Frame Relay, ATM, MetroEthernet)</li>
</ul>
<p>All data entering and exiting these connectivity solution <strong>passes through a corresponding edge device in the Enterprise Edge</strong>.</p>
<p>It is therefore the perfect place to insepect traffic with <em>intrusion detection</em> (IDS) and <em>intrusion prevention</em> (IPS) systems.</p>
</section>
<section>
<h2>Service Provider Edge Redundancy</h2>
<p>Redundancy/failover by <strong>multiple connections to ISPs</strong> can be:</p>
<ul>
<li><strong>Single-homed</strong> - Single connection to a single ISP</li>
<li><strong>Dual-homed</strong> - 2+ connections to a single ISP</li>
<li><strong>Multihomed</strong> - Connections to 2+ ISPs</li>
<li><strong>Dual-multihomed</strong> - Multiple connections to 2+ ISP</li>
</ul>
</section>
<section>
<h2>Remote Functional Area</h2>
<p>The type of areas that might need <strong>remote access to the campus local</strong> networks are categorized by their functions in:</p>
<ul>
<li><strong>Enterprise Branch</strong></li>
<ul>
<li>A remote site belonging to the enterprise that allows employees to work on <strong>campus resources from a non-campus location</strong>.</li>
<li>Enabling edge devices can be WAN interfaces, or Internet+VPN as a backup.</li>
</ul>
</ul>
</section>
<section>
<h2>Remote Functional Area</h2>
<ul>
<li><strong>Enterprise Teleworker</strong></li>
<ul>
<li>It enables to provide connectivity to employees that want or <strong>need to work from disperse locations</strong>, including non-enterprise ones such as homes, hotel, customer sites.</li>
<li>To enable edge devices: mostly local ISP connection + VPN.</li>
</ul>
<li><strong>Enterprise Data Center</strong></li>
<ul>
<li>Same functions as campus data center, but in a remote location.</li>
<li>Enabling edge devices are mostly fast WAN services like MetroEthernet, enabling <strong>(a)synchronous data+app replication</strong>.</li>
</ul>
</ul>
</section>
</section>
<section>
<section>
<h2>Cisco Enterprise Architecture</h2>
<p>New technologies as</p>
<ul>
<ul>
<li>Cloud</li>
<li>Internet of the things (IoT)</li>
<li>Online collaboration</li>
<li>Bring Your Own Device (BYOD)</li>
</ul>
<p>were a great challenge for network designer, because <strong>they make the border between networks’ components, areas, responsibilities and policies less clear</strong>.</p>
</section>
<section>
<h2>Cisco Enterprise Architecture</h2>
<p>Use scenarios change along with new technologies and the designer works to <strong>implement them without disrupting existing networks</strong>. To help designers Cisco has introduced 3 new network architectures</p>
<ul>
<li>Cisco Borderless Network Architecture</li>
<li>Collaboration Architecture</li>
<li>Data Center/Virtualization Architecture</li>
</ul>
</ul>
</section>
</section>
<section>
<h2>Borderless Network Arch.</h2>
<p>It’s a complete solution by Cisco to armonize <strong>the use of personal devices in the enterprise network</strong>.</p>
<p>It enables IT departments to configure personal devices in a seamless fashion, to <strong>bring them in compliance with the network policies</strong>, enabling employees to work with them.</p>
<p>A practical example: <em>how can personal devices such as laptop, tablets, phones, with many different operating system, can be easily configured to connect securely and easily to the enterprise network</em>?</p>
<p>The Cisco’s answer is using a multiplatform software developed for these end-devices, called <strong>Cisco AnyConnect</strong>.</p>
</section>
<section>
<section>
<h2>Collaboration Architecture</h2>
<p><strong><em>Groupware</em></strong> are software applications that are <strong>meant to be used by more than one user</strong> to achieve their purpose.</p>
<p>Applications that let people <strong>collaborate to produce something</strong> (think of <em>Google Doc</em>) are an example.</p>
<p>Cisco has a 3-layer architecture to <strong>enable the creation and implementation of collaboration application</strong>:</p>
</section>
<section>
<h2>Collaboration Architecture</h2>
<ul>
<li><strong>Ready to use applications and devices</strong></li>
<ul>
<li>Cisco WebEx Meetings/Social, Jabber and TelePresence (a popular teleconference hardware line). They include voice, video, messaging, enterprise social networks.</li>
</ul>
<li><strong>Collaboration Services</strong></li>
<ul>
<li>API and SDK allowing developer to build custom application based on Cisco collaboration tech providing services such as contact, location, policy and session management, tagging, etc.</li>
</ul>
<li><strong>Network and Computer Infrastructure</strong></li>
<ul>
<li>Hardware capable of powering always-on collaboration tools, such as virtual machines, storage systems, high-performance networks.</li>
</ul>
</ul>
</section>
</section>
<section>
<section>
<h2>DataCenter/Virtualization Arch.</h2>
<ul>
<li><strong>Cisco Unified Management Solutions</strong></li>
<ul>
<li>Automation for (physical & virtual) resource management</li>
<li>Provisioning and orchestration</li>
</ul>
<li><strong>Unified Fabric Solutions</strong></li>
<ul>
<li>Switches (Catalyst and Nexus) + OS (<strong>Cisco NX-OS</strong>, Linux-based), specific for data center operations.</li>
<li>It <strong>replaces many I/O systems on servers with a single high-bandwidth and low-latency network cable</strong>, simplifying data center architecture and improving resource usage and sharing.</li>
</ul>
</ul>
</section>
<section>
<h2>DataCenter/Virtualization Arch.</h2>
<ul>
<li><strong>Unified Computing Solutions</strong></li>
<ul>
<li>Cisco’s server solutions, designed to lower the TCO (<em>Total Cost of Ownership</em>) though virtualization technologies.</li>
</ul>
</ul>
</section>
</section>
<section>
<h1>End of Lesson</h1>
</section>
</div>
</div>
<script src="lib/js/head.min.js"></script>
<script src="js/reveal.js"></script>
<script>
// More info https://github.com/hakimel/reveal.js#configuration
Reveal.initialize({
controls: true,
progress: true,
history: true,
center: true,
transition: 'slide', // none/fade/slide/convex/concave/zoom
// More info https://github.com/hakimel/reveal.js#dependencies
dependencies: [
{ src: 'lib/js/classList.js', condition: function() { return !document.body.classList; } },
{ src: 'plugin/markdown/marked.js', condition: function() { return !!document.querySelector( '[data-markdown]' ); } },
{ src: 'plugin/markdown/markdown.js', condition: function() { return !!document.querySelector( '[data-markdown]' ); } },
{ src: 'plugin/highlight/highlight.js', async: true, callback: function() { hljs.initHighlightingOnLoad(); } },
{ src: 'plugin/zoom-js/zoom.js', async: true },
{ src: 'plugin/notes/notes.js', async: true }
]
});
</script>
</body>
</html>