Product Cover Image

Designing for Cisco Internetwork Solutions (DESGN) Foundation Learning Guide: (CCDA DESGN 640-864)

By Sean Wilkins

Published by Cisco Press

Published Date: Jul 27, 2011

Description

Designing for Cisco Internetwork Solutions (DESGN)

Foundation Learning Guide

Third Edition

Sean Wilkins

Foundation learning for the CCDA DESGN 640-864 exam

Designing for Cisco Internetwork Solutions (DESGN) Foundation Learning Guide, Third Edition, is a Cisco®-authorized, self-paced learning tool for CCDA® foundation learning. This book provides you with the knowledge needed to design enterprise networks. By reading this book, you will gain a thorough understanding of designing routed and switched network infrastructures and services involving LAN, WAN, and broadband access for businesses and organizations.

 

Designing for Cisco Internetwork Solutions (DESGN) Foundation Learning Guide, Third Edition teaches you how to gather internetworking requirements, identify solutions, and design the network infrastructure and services to ensure basic functionality using the principles of hierarchical network design to structure and modularize a converged enterprise network design. Specific topics include understanding the design methodology; structuring and modularizing the network design; designing the Enterprise Campus, Enterprise Data Center, Enterprise Edge, and remote modules as needed; designing an addressing plan and selecting suitable routing protocols; designing basic voice transport across the network; designing a basic wireless solution; and evaluating security solutions. Chapter-ending review questions illustrate and help solidify the concepts presented in the book.

 

Whether you are preparing for CCDA certification or simply want to gain a better understanding of network design principles, you will benefit from the foundation information presented in this book.

 

Designing for Cisco Internetwork Solutions (DESGN) Foundation Learning Guide, Third Edition, is part of a recommended learning path from Cisco that includes simulation and hands-on training from authorized Cisco Learning Partners and self-study products from Cisco Press. To find out more about instructor-led training, e-learning, and hands-on instruction offered by authorized Cisco Learning Partners worldwide, please visit www.cisco.com/go/authorizedtraining.

 

·         Understand network design methodologies and the lifecycle of a network

·         Learn how to structure and modularize network designs within the Cisco Network Architectures for the Enterprise

·         Design basic campus and data center networks

·         Build designs for remote connectivity with WAN technologies

·         Examine IPv4 and IPv6 addressing schemes

·         Select the appropriate routing protocols for various modules in the enterprise architecture

·         Evaluate security solutions for the network

·         Identify voice and video networking considerations

·         Understand design technologies and considerations when implementing a controller-based wireless network

 

 

This book is in the Foundation Learning Guide Series. These guides are developed together with Cisco® as the only authorized, self-paced learning tools that help networking professionals build their understanding of networking concepts and prepare for Cisco certification exams.

 

 

 

Table of Contents

Introduction xxiii

Chapter 1 Network Fundamentals Review 1

Introduction to Networks 2

Protocols and the OSI Model 2

    OSI Model 3

    Protocols 3

    OSI Layers 4

        Physical Layer: Layer 1 4

        Data Link Layer: Layer 2 4

        Network Layer: Layer 3 5

        Transport Layer: Layer 4 5

        Upper Layers: Layers 5 Through 7 6

    Communication Among OSI Layers 6

LANs and WANs 8

Network Devices 10

    Terminology: Domains, Bandwidth, Unicast, Broadcast, and Multicast 10

    Hubs 11

        Physical Interfaces and Ports 11

    Switches 11

        Switches Versus Bridges 12

    Routers 12

Introduction to the TCP/IP Suite 13

    TCP/IP Transport Layer Protocols 15

        Port Numbers 17

        TCP Sequencing, Acknowledgment, and Windowing 18

    TCP/IP Internet Layer Protocols 22

        Protocols 22

        IPv4 Datagrams 22

        IPv6 Datagrams 24

Routing 25

    Routers Work at the Lower Three OSI Layers 26

    Routing Tables 27

    Routing Protocols 28

Addressing 29

    Physical Addresses 29

    Logical Addresses 30

    Routing and Network Layer Addresses 31

    IPv4 Addresses 31

        IPv4 Address Classes 31

        Private and Public IPv4 Addresses 32

        IPv4 Subnets 33

    IPv6 Addresses 34

        IPv6 Address Types 36

Switching Types 36

    Layer 2 Switching 37

    Layer 3 Switching 39

Spanning Tree Protocol 40

    Redundancy in Layer 2 Switched Networks 40

    STP Terminology and Operation 41

        STP Terminology 41

        STP States 43

        Rapid STP 44

Virtual LANs 45

    VLAN Membership 45

    Trunks 46

    STP and VLANs 46

    Inter-VLAN Routing 47

    Comprehensive Example 49

Summary 52

Review Questions 52

Chapter 2 Network Design Methodology 53

Understanding the Network Architectures for the Enterprise 53

    Business Drivers for a New Network Framework 54

        Business Forces 54

        Technology-Related Forces 54

        IT Challenges 55

    Cisco Network Architectures for the Enterprise 55

        Borderless Networks Architecture 56

        Borderless Networks Architecture Approach 57

        Collaboration Architecture Approach 58

        Data Center/Virtualization Architecture Approach 59

Identifying Design Requirements 61

    Using the PPDIOO Approach for Networks 61

    Benefits of the Lifecycle Approach 63

    Design Methodology 64

Identifying Customer Design Requirements 65

    Identifying Network Applications and Network Services 65

    Defining Organizational Goals 67

    Identifying Organizational Constraints 69

    Identifying Technical Goals 71

    Assessing Technical Constraints 73

Characterizing the Existing Network and Sites 74

    Identifying Major Features of the Network 74

        Sample Site Contact Information 75

        Sample High-Level Network Diagram 76

    Auditing the Existing Network 77

    Using Tools for Auditing the Network 79

    RSPAN with VACLs for Granular Traffic Analysis 81

    Analyzing Network Traffic and Applications 83

    Using Tools for Analyzing Network Traffic 84

        Reviewing Network Traffic Information 85

    Analyzing Network Health 85

    Creating a Draft Design Document 86

    Time Estimates for Performing Network Characterization 88

Using the Top-Down Approach to Network Design 89

    Top-Down Approach to Network Design 90

        Top-Down Design Example 91

    Decision Tables in Network Design 91

    Assessing the Scope of the Network Design Project 93

    Using Structured Design Principles 93

        Logical Structure 94

        Physical Structure 95

    Network Design Tools 95

    Testing the Design 96

    Planning an Implementation 97

    Documenting the Design 98

Summary 100

References 100

Review Questions 101

Chapter 3 Structuring and Modularizing the Network 103

Designing the Network Hierarchy 103

    Introducing the Hierarchical Network Model 104

    Describing Access Layer Functionality 106

        Campus Access Layer Connectivity 107

    Describing Distribution Layer Functionality 108

        Virtual Switches 110

    Describing Core Layer Functionality 111

Using a Modular Approach in Network Design 114

    Describing the Enterprise Campus Functional Area 117

        Enterprise Campus Infrastructure Module 117

        Data Center Module 117

    Describing the Enterprise Edge Area 119

        E-Commerce Module 121

        Internet Connectivity Module 121

        WAN and MAN and Site-to-Site VPN Module 122

        Remote Access and VPN Module 122

    Describing the Service Provider Area 122

        ISP Module 123

        Public Switched Telephone Network Module 123

        Frame Relay and ATM Module 123

    Describing the Remote Area 124

        Enterprise Branch Module 124

        Enterprise Data Center Module 125

        Enterprise Teleworker Module 125

Supporting Services on Borderless Networks 126

    Explaining the Role of Borderless Network Services 126

    Mobility Considerations 128

    Security Infrastructure Services 129

        Designing Security to Protect Against External Threats 132

    Application Performance Considerations 134

        Resolving Application Issues with Cisco Application Network Services 135

        Cisco ANS Components 135

    IP Communications 136

        Voice Transport 137

    High-Availability Network Services 141

        Full-Mesh Versus Partial-Mesh Redundancy 142

Identifying Network Management Protocols and Features 145

    Network Management Overview 145

    SNMP 146

    SNMP Message Types 147

        SNMP Version 2 148

        SNMP Version 3 149

    MIB Characteristics 150

        MIB Variable Retrieval 152

    Using RMON 153

    NetFlow Characteristics 155

        NetFlow Versus RMON Information Gathering 157

        Applications Using NetFlow 158

    Cisco Discovery Protocol Features 159

    Syslog Features 160

Summary 164

References 164

Review Questions 164

Chapter 4 Designing Basic Campus and Data Center Networks 167

Describing Campus Design Considerations 167

    Campus Design Factors 168

    Network Application Characteristics and Considerations 168

        Peer-Peer Applications 169

        Client—Local Server Applications 170

        Client—Data Center Applications 170

        Client—Enterprise Edge Applications 172

    Application Requirements 173

    Environmental Characteristics and Considerations 174

        Intrabuilding Structure 174

        Interbuilding Structure 175

        Distant Remote Building Structure 175

        Transmission Media Considerations 176

        Copper 176

        Optical Fiber 177

        Wireless 177

        Campus Transmission Media Comparison 178

        Transmission Media Cabling Example 179

    Infrastructure Device Characteristics and Considerations 179

        Quality of Service (QoS) 180

Designing the Campus Infrastructure Module 181

    Design Considerations for the Campus Network 181

    Design Considerations for the Building Access Layer 182

        Managing VLANs and STP 183

        Managing Trunks Between Switches 186

        Managing Default PAgP Settings 186

        Consider Implementing Routing in the Building Access Layer 186

    Design Considerations for the Building Distribution Layer 187

        Best Practices in the Distribution Layer 187

        Using First-Hop Redundancy Protocols 188

        Deploying Layer 3 Routing Protocols 189

        Using the Virtual Switching System at the Distribution Layer 191

    Campus Core Design Considerations 192

        Small and Medium Campus Design Options 195

        Edge Distribution at the Campus Core 196

Describing Enterprise Data Center Considerations 197

    Describing the Enterprise Data Center Architectures 197

    Cisco Enterprise Data Center Architecture Framework 198

        Server Challenges 200

        Data Center Facility Aspects 200

    Enterprise Data Center Infrastructure 205

        Data Center Access Layer 206

        Data Center Aggregation Layer 207

        Data Center Core Layer 207

Describing Enterprise Network Virtualization Tools 208

    Virtualization Challenges 208

    What Is Virtualization? 209

    Types of Virtualization 209

    Virtualization Technologies 210

    Network Virtualization Design Considerations 211

Summary 212

References 212

Review Questions 213

Chapter 5 Designing Remote Connectivity 215

Identifying WAN Technology Considerations 215

    Review of WAN Features 216

    Comparison of WAN Transport Technologies 217

        Time-Division Multiplexing 218

        ISDN Connectivity 218

        Frame Relay 219

        Multiprotocol Label Switching 219

        Metro Ethernet 219

        DSL Technology 220

        Cable Technology 221

        Wireless Technology 221

        SONET and SDH Technology 222

        DWDM Technology 223

        Dark Fiber 224

    WAN Link Categories 224

    WAN Transport Technology Pricing and Contract Considerations 225

    WAN Design Requirements 226

        Response Time 227

        Throughput 227

        Packet Loss 228

        Reliability 228

    QoS Considerations for Bandwidth Constraints 228

        Classification 229

        Congestion Management 230

        Traffic Shaping and Policing 231

        Link Efficiency 232

        Window Size 233

Designing the Enterprise WAN 233

    Traditional WAN Designs 234

        Star Topology 234

        Fully Meshed Topology 235

        Partially Meshed Topology 235

    Remote-Access Network Design 235

    VPN Design 236

    Enterprise Versus Service Provider—Managed VPNs 237

        Enterprise Managed VPN: IPsec 237

        Service Provider—Managed VPNs: MPLS 242

        Service Provider—Managed VPNs: Metro Ethernet 242

        Service Provider—Managed VPNs: VPLS 243

    WAN Backup Strategy Design 244

        Using the Internet as a WAN Backup 245

    Selecting the Enterprise WAN Architecture 246

        Cisco Enterprise MAN and WAN Architecture 247

    Selecting Enterprise WAN Components 249

        Hardware Selection 249

Designing the Enterprise Branch 251

    Enterprise Branch Architecture 251

    Enterprise Branch Design 252

    New Features on the ISR G2 Routers 253

    Small Branch Office Design 254

    Medium Branch Office Design 255

    Large Branch Office Design 256

    Enterprise Teleworker (Cisco Virtual Office Solution) Design 256

    New ISRs for Small Offices and Teleworkers 257

Summary 259

References 259

Review Questions 260

Chapter 6 Designing IP Addressing 261

Designing IPv4 Addressing 261

    IPv4 Addressing 261

        Private and Public Addressing Guidelines 262

        Recommended Practices for NAT 262

    Developing an Addressing Plan 263

    Planning the IP Addressing Hierarchy 266

        Design Consideration: Route Summarization Groups 266

        Address Blocks by Location 267

        Hierarchical IP Addressing Plan 268

    Recommended Practices for Name Resolution 270

        Locating DHCP and DNS Servers in the Network 272

    IP Address Space Planning Road Map 272

Designing IPv6 Addressing 272

    IPv6 Addressing 273

        Benefits of IPv6 Addressing 273

        IPv6 Address Types 274

    IPv6 Address Assignment Strategies 277

    Identifying IPv6 Name Resolution 277

    Making the Transition from IPv4 to IPv6 278

    Strategies for IPv6 Deployment 279

        Dual-Stack Model 280

        Hybrid Model 281

        Service Block Model 284

Summary 285

References 286

Review Questions 287

Chapter 7 Designing and Selecting Routing Protocols 289

Reviewing Enterprise Routing Protocols 289

    Reviewing Routing Protocol Fundamentals 289

        Differentiating Between Distance Vector and Link-State Routing Protocols 289

        Differentiating Between Interior and Exterior Routing Protocols 292

        Differentiating Between Hierarchical and Flat Routing Protocols 293

        Routing Protocol Convergence 294

    Routing Protocols for the Enterprise 295

        EIGRP 295

        Open Shortest Path First 296

        Border Gateway Protocol 298

        IPv6 Routing 300

    Selecting an Enterprise Routing Protocol 301

        When to Choose EIGRP 301

        When to Choose OSPF 301

Designing a Routing Protocol Deployment 301

    Applying Routing Protocols to a Hierarchical Network Structure 301

        Routing in the Campus Core 302

        Routing in the Building Distribution Layer 302

        Routing in the Enterprise Edge Functional Area 302

    Route Redistribution 303

        Route Redistribution Planning 304

        Remote-Access and VPN and Internet Connectivity Module Route Redistribution 305

    Route Filtering 306

        Route Filtering and Internet Connectivity 306

    Route Summarization 306

        Recommended Practice: Summarize at the Distribution Layer 307

        Recommended Practice: Passive Interfaces for IGP at the Access Layer 308

        IPv6 Route Summarization 308

Summary 309

Review Questions 310

Chapter 8 Evaluating Security Solutions for the Network 311

Defining Network Security 311

    Network Security Background 312

        Security Legislation 312

    Threats and Risks 313

        Reconnaissance Attacks 314

        Vulnerability Assessment 315

        Example Threat: Gaining Unauthorized Access to Systems 316

        Example Risk: Loss of Availability 318

        Everything Is a Potential Target 319

Understanding Network Security Policy and Processes 319

    Definition of a Security Policy 319

    Risk Assessment and Management 320

    Example: Security Policy 322

    Network Security Is a Continuous Process 323

    Integrating Security Design and Network Design 324

Understanding the Cisco SAFE Approach 325

    Cisco SAFE Architecture 325

    The Network as a Platform for Security 326

    Cisco Security Control Framework 327

    Trust and Identity Management 328

        Trust 329

        Identity 330

        Access Control 331

    Trust and Identity Management Technologies 331

        Example: Cisco IBNS 332

        Example: Firewall Filtering Using ACLs 332

        Example: Cisco NAC Appliance 333

    Identity and Access Control Deployment Locations 333

    Threat Defense 335

        Incorporating Physical Security 335

        Infrastructure Protection 336

    Threat Detection and Mitigation 338

        Threat Detection and Mitigation Solutions 339

        Example: Cisco IronPort ESA 341

        Example: Cisco IronPort WSA 341

    Secure Connectivity 342

    Encryption Fundamentals 343

    VPN Protocols 344

    Ensuring Privacy 345

        Example: Providing Confidentiality over the Internet 347

        Example: Protecting Communication over the Public Infrastructure 347

        Example: Network Authentication over a VPN 347

    Maintaining Data Integrity 347

        Example: VPN Tunneling for Data Integrity 348

        Example: Implementation of Digital Signatures 349

    Security Management 349

Selecting Network Security Solutions 352

    Security Integration in Network Devices 352

        Cisco IOS Security 352

        Security Appliances 354

        Intrusion Prevention System 355

        Cisco Catalyst Services Modules 356

        Endpoint Security Solutions 357

    Securing the Enterprise Network 358

        Example: Deploying Identity and Access Control in the Enterprise Campus 358

        Example: Deploying Threat Detection and Mitigation in the Enterprise Campus 359

        Example: Deploying Infrastructure Protection in the Enterprise Campus 359

        Example: Deploying Security in the Enterprise Campus 359

        Example: Deploying Identity and Access Control in the Enterprise Data Center 361

        Example: Deploying Threat Detection and Mitigation in the Enterprise Data Center 361

        Example: Deploying Infrastructure Protection in the Enterprise Data Center 361

        Example: Deploying Security in the Data Center 361

        Example: Deploying Identity and Access Control in the Enterprise Edge 364

        Example: Deploying Threat Detection and Mitigation in the Enterprise Edge 364

        Example: Deploying Infrastructure Protection in the Enterprise Edge 364

        Example: Deploying Security in the Enterprise Edge 366

Summary 367

References 368

Review Questions 369

Chapter 9 Identifying Voice and Video Networking Considerations 371

Integrating Voice and Video Architectures 371

    Differentiating Between Analog and Digital Signaling 372

    Introducing Voice and Video over IP 373

    Voice and Video Standards 376

        Terminals 376

        Gateways 377

        Gatekeepers 377

        Multipoint Control Units 378

        H.264 379

    Introducing VoIP 379

        IP Telephony Design Models 381

    Introducing Video Considerations 385

        Media Application Models 386

        Delivery of Media Application 386

        Architectural Framework for Media Services 387

    Call Control and Transport Protocols 388

        Call Control Functions with H.323 388

        Voice Conversation with RTP 389

        Call Control Functions with SSCP 389

        Call Control Functions with SIP 390

        Call Control Functions with MGCP 392

Identifying the Requirements of Voice and Video Technologies 393

    Minimizing Delay, Jitter, and Loss 394

        One-Way Network Delay Recommendations 394

        Propagation Delay 394

        Serialization Delay 395

        Processing Delay 395

        Queuing Delay 395

        Dejitter Buffers 396

        Packet Loss 397

    Preventing Echo 398

        Echo Canceller Example 399

        Echo Cancellation Guidelines 399

    Voice Coding and Compression 399

        Codec Complexity, DSPs, and Voice Calls 402

    Bandwidth Considerations 402

        Reducing Voice Traffic with cRTP 403

        Reducing Voice Traffic with VAD 403

        Voice Bandwidth Calculation 404

        Typical Video Resolution and Bandwidth 406

    Using QoS for Voice and Video 407

        QoS Considerations for Voice and Video in the WAN 413

        Call Rerouting Alternatives 414

        Call Admission Control Examples 414

        Implementing CAC with RSVP 415

    Voice Traffic Engineering Overview 416

Summary 418

References 419

Review Questions 420

Chapter 10 Identifying Design Considerations for Basic Wireless Networking 421

Cisco Unified Wireless Network Review 421

    Cisco Unified Wireless Network Architecture 421

        Cisco Unified Wireless Network Elements 422

        CAPWAP and LWAPP Fundamentals 423

        Split Media Access Control 425

        Local Media Access Control 426

        Access Point Modes 427

    Wireless Infrastructure 428

        Wireless Authentication 430

    Overview of WLAN Controllers 432

    Access Point Support and Scaling 435

        Access Point Scalability Considerations 437

        Multiple AP Manager Interface Example 437

        Link Aggregation (LAG) with a Single AP Manager Interface Example 439

Wireless Network Controller Technology 440

    Lightweight Access Point Connectivity to a WLC 440

        WLC Selection 440

        Lightweight Access Point Operations 442

    Mobility in the Cisco Unified Wireless Network 442

        Intracontroller Roaming 443

        Intercontroller Roaming–Layer 2 444

        Intercontroller Roaming–Layer 3 444

        Mobility Groups 446

        Mobility Group Requirement Example 447

        Recommended Practices for Supporting Roaming 448

    Controller Redundancy Design 449

        Deterministic Controller Redundancy 449

        Dynamic Controller Redundancy 451

        N + 1 Redundancy Design 452

        N + N Redundancy Design 453

        N + N + 1 Redundancy Design 454

    Radio Resource Management (RRM) and RF Groups 455

        RF Grouping 456

        Access Point Self-Healing 458

Designing Wireless Networks Using Controllers 458

    RF Site Survey 458

        RF Site Survey Process 459

    Design Considerations for Campus Wireless Networks 466

        CAPWAP Access Point Feature Summary 466

        Controller Placement Design 467

        Campus Cisco Wireless LAN Controller Options 469

    Design Considerations for Branch Wireless Networks 470

        Hybrid REAP 470

        Branch Office Cisco Wireless LAN Controller Options 472

    Design Considerations for Guest Services in Wireless Networks 474

    Design Considerations for Outdoor Wireless Networks 474

        Wireless Mesh Components 476

        Mesh Design Recommendations 477

Summary 478

References 478

Review Questions 479

Appendix A Answers to Review Questions 481

Appendix B Acronyms and Abbreviations 489

 

 

9781587204241   TOC   6/29/2011

 

Purchase Info

ISBN-10: 0-13-271126-5

ISBN-13: 978-0-13-271126-5

Format: eBook (Watermarked)?

This eBook includes the following formats, accessible from your Account page after purchase:

ePubEPUBThe open industry format known for its reflowable content and usability on supported mobile devices.

MOBIMOBIThe eBook format compatible with the Amazon Kindle and Amazon Kindle applications.

Adobe ReaderPDFThe popular standard, used most often with the free Adobe® Reader® software.

This eBook requires no passwords or activation to read. We customize your eBook by discretely watermarking it with your name, making it uniquely yours.

Includes EPUB, MOBI, and PDF

$55.99

Add to Cart