Index
Numerics
10-Gbps Ethernet, 295-296
80/20 rule, 26
100-Mbps Ethernet, 292-293
A
ABRs (Area Border Routers), 223
access layer (hierarchical model), 128
routing protocols, 226-227
access points, positioning in WLANs, 145-146
accounting, 240
accounting management, 266
accuracy, analyzing, 38-39
adaptability as technical goal, 50-51
administrative distance, 228-229
affordability as technical goal, 51-52
aggregation, 181-183
analyzing business goals, 3
application layer, throughput, 37-38
application response-time testing, 358
application-usage patterns, documenting, 99
ASBRs (Autonomous System Boundary Routers), 223
assigning
IP addresses, hierarchical model, 178-189
names
in IP environment, 193-195
NetBIOS, 192-193
network layer addresses, 168-178
by central authority, 169-170
dynamic addressing, 170-175
NAT, 177-178
private IP addresses, 175-178
ATM (Asynchronous Transfer Mode), 106-109, 337-338
authentication, 239
in wireless networks, 254-256
authority, distributing for naming, 190
authorization, 239
availability
calculating, 32
disaster recovery, analyzing, 28-29
downtime, cost of, 31
five-nines, 30-31
MTBF, 31-32
MTTR, 31-32
specifying requirements, 29-32
average frame size, determining, 79
B
BackboneFast, 205
backdoors, 130
backup paths, 131-132
bandwidth
protocol utilization, analyzing, 75-76
WANs, provisioning, 329-330
baselines, developing, 72-73
BGP (Border Gateway Protocol), 225
bottom-up methodology, 4
bridge port states (RSTP), 137
broadcast/multicast behavior, characterizing, 101-102
budgetary and staffing constraints, analyzing, 20-21
building-cabling topologies, 284-285
business constraints
analyzing, 19-22
budgetary and staffing constraints, analyzing, 20-21
policies and politics, analyzing, 19-20
project scheduling, analyzing, 21-22
business goals
analyzing, 3
clients, working with, 8-10
customer applications, identifying, 16-18
enterprise networks, changes in, 10-13
checklist, 22-23
of network design, 13-14
C
cable modem remote access, 323-325
cables
coax, 287
fiber-optic, 288-289
UTP, 287-288
cabling topologies
building-cabling topologies, 284-285
campus-cabling topologies, 285
calculating
availability, 25
queue depth, 42
theoretical traffic load, 97-98
campus network topologies, designing, 135-153
example project, 302-316
redundancy, 147-153
GLBP, 153
HSRP, 152-153
server redundancy, 148-150
workstation-to-router redundancy, 150-151
STP, 135-141
cost values, 136-137
root bridge, selecting, 139-140
RSTP, 137-139
scaling, 140-141
VLANs, 141-144
WLANs, 144-147
campus-cabling topologies, 285
CAR (Committed Access Rate), 389
CBWFQ (Class-Based Weighted Fair Queuing), 386-387
CDP (Cisco Discovery Protocol), 274-275
CEF (Cisco Express Forwarding), 382-383
centralized versus decentralized monitoring, 270-271
chains, 130
CHAP (Challenge Handshake Authentication Protocol), 322-323
characterizing
network infrastructure
addressing and naming, 64-65
architectural and environmental constraints, 68-69
architectural and environmental constraints, wireless installations, 69-70
large internetworks, 60-62
logical architecture, 62-63
wiring and media, 65-68
network traffic, traffic flow, 87-96
traffic behavior
broadcast/multicast behavior, 101-102
network efficiency, 102-105
CIDR (Classless Interdomain Routing), 179-180
CIR (committed information rate), 335
Cisco EtherChannel, 297-298
Cisco IOS, network optimization features
CAR, 389
CEF, 382-383
NetFlow switching, 382
queuing services, 383-388
RED, 388-389
traffic shaping, 389
Cisco NetFlow, 276
Cisco SAFE Security reference architecture, 133-135
CiscoWorks Internetwork Performance Monitor, 364
classful routing
versus classless routing, 180-181
discontiguous subnets, 183-184
classifying LAN traffic, 379-380
classless routing
versus classful routing, 180-181
discontiguous subnets, 183-184
mobile host support, 184-185
VLSM, 185-186
clients, working with, 8-10
client/server traffic flow, characterizing, 91-92
coax cable, 287
Compressed RTP, 374
conducting site surveys, 70-71
configuration management, 266
constraints on scalability, 27
controlled-load service, 110
convergence, 217
RSTP, 138-139
COPS (Common Open Policy Service Protocol), 379
core layer (hierarchical model), 127
routing protocols, 226
CRC errors, checking, 76-78
CSMA (carrier sense multiple access), 39
custom queuing, 384-385
customer network applications, identifying, 16-18
D
data encryption, 240-243
decentralized versus centralized monitoring, 270-271
delay
causes of, 41-43
delay variation, 43-44
dense-mode PIM, 371-372
Design Requirements section (network design document), 397-399
developing
modular block diagram, 64
performance baselines, 72-73
security plan, 235-236
security policies, 236-237
security requirements, 48-49
test plans, objectives, 357-358
device status, checking, 82-83
DHCP, 172-173
DHCP relay agents, 173-174
Differentiated Services working group, 111-113
disaster recovery, analyzing, 28-29
distance-vector routing protocols, 210-212
distributed computing traffic flow, characterizing, 94
distributing authority for naming, 190
distribution layer (hierarchical model), 127-128
routing protocols, 226
DMZ, 163
DNS (Domain Naming System), 193-194
dynamic DNS names, 194-195
documenting
application-usage patterns, 99
network equipment for test plans, 359-360
QoS requirements, 113
test plan project timeline, 361
traffic flow, 95-96
DoS attacks, 48
downtime, cost of, 31
DSL remote access, 325-326
DTP (Dynamic Trunk Protocol), 208
DUAL (diffusing update algorithm), 221
dynamic addressing, 170-175
DHCP, 172-173
DHCP relay agents, 173-174
for IPv6, 174-175
hierarchy in, 186-189
Zeroconf, 175
dynamic DNS names, 194-195
dynamic routes, 215-216
E
E-commerce servers, securing, 247-248
efficiency, analyzing, 39-40
EIGRP (Enhanced Interior Gateway Routing Protocol), 219-221
Einstein, Albert, 3
enterprise edge topology, 153-162
Internet connection, multihoming, 154-157
redundant WAN circuits, 153-154
service provider edge, 160-162
VPNs, 157-160
remote-access, 159-160
site-to-site, 158-159
enterprise networks
mobile user support, 12
remote-access devices, selecting, 327-328
security, importance of, 12-13
services, offering, 11-12
error recovery mechanisms, 104-105
errors on switched Ethernet networks, analyzing, 77-79
estimating
network management traffic, 276-277
traffic load caused by applications, 99-100
traffic load caused by routing protocols, 101
Ethernet, 290-298
10-Gbps Ethernet, 295-296
100-Mbps, 292-293
Cisco EtherChannel, 297-298
full-duplex, 292
Gigabit Ethernet, 293-295
half-duplex, 292
IEEE 802.3, 290
LRE, 297
Metro Ethernet, 297
example campus network design project, 302-316
example WAN design project, 341-348
Executive Summary, 396
expansion, planning for, 26
F
fault management, 265-266
fiber-optic cable, 288-289
FIFO queuing, 383-384
firewalls
secure topologies, 162-163
status, checking, 82-83
five-nines availabiilty, 30-31
flat network topology versus hierarchical topology, 122-124
flow control, 103-104
Frame Relay, 332-337
congestion avoidance mechanisms, 335
hub-and-spoke topology, 333-334
traffic control, 335-336
frames, determining average size, 79
full-duplex operation, 292
full-mesh topology, 124
G
Gigabit Ethernet, 293-295
GLBP (Gateway Load Balancing Protocol), 153
global unicast addresses, 188-189
guaranteed service (QoS), 110-111
H
half-duplex operation, 292
hierachical addressing, 178-189
hierarchical network design, 120-130
versus flat topology, 122-124
guidelines, 128-130
versus mesh topology, 124-126
three-layer model, 125-128
hierarchical routing, 179
CIDR, 179-180
route summarization, 181-183
hold-down timers, 210-212
HSRP (Hot Standby Router Protocol), 152-153
hub-and-spoke topology, 333-334
I
IANA (Internet Assigned Numbers Authority), 169
ICANN (Internet Corporation for Assigned Names and Numbers), 169
identifying
customer network applications, 16-18
network assets, 234
network design project scope, 14-16
IDSs, 244
IEEE 802.1Q, 207-208
IEEE 802.1X, 256-258
IEEE 802.3, 290
IGMP (Internet Group Management Protocol), 370
implementing test plans, 361-362
in-band versus out-of-band monitoring, 270
independent testing labs, 354-355
industry testing, independent labs, 354-355
Integrated Services working group
controlled-load service, 110
guaranteed service, 110-111
interior routing protocols, 214
Internet connections
E-commerce servers, securing, 247-248
multihoming, 154-157
public servers, securing, 246-247
internetworking devices
optimization features, 302-303
selection criteria, 300-302
throughput, 36
IP address assignment, hierarchical model, 178-189
IP Differentiated Services field, 376-377
IP multicast technologies, 368-372
IGMP, 370
IP multicast addressing, 369
PIM, 371-372
IP Precedence, 375-376
IPSs, 244
IPv6 dynamic addressing, 174-175
hierachy in, 186-189
name resolution, 195
IRB (Integrated Routing and Bridging), 229
IS-IS (Intermediate System-to-Intemediate System), 224-225
Ixia tools, 365
J-K-L
LANs
Ethernet, 290-298
10-Gbps Ethernet, 295-296
100-Mbps, 292-293
Cisco EtherChannel, 297-298
full-duplex, 292
Gigabit Ethernet, 293-295
half-duplex, 292
IEEE 802.3, 290
LRE, 297
Metro Ethernet, 297
flat topologies, 123-124
traffic, classifying, 379-380
large internetworks, characterizing, 60-62
Layer 3 packet switching, 381-382
leased lines, 330-331
LFI (Link-Layer Fragmentation and Interleaving), 373
link-local addresses, 187-188
link-state routing protocols, 212-213
LLQ (Low-Latency Queuing), 387-388
load sharing, 132
logical architecture, characterizing, 62-63
LoopGuard, 206
LRE (Long-Reach Ethernet), 297
M
manageability as technical goal, 49-50
measuring RTT, 81
media, characterizing, 65-68
mesh topology versus hierarchical topology, 124-126
metrics, 214
EIGRP, 219
incompatibilty, resolving, 228
MIBs (management information bases), 272-273
mobile users
classless routing support for, 184-185
supporting in enterprise networks, 12
modular block diagram, developing, 64
modular network design, 133-135
modules for Cisco SAFE Security reference architecture, 133-135
MPPP (Multilink PPP), 321-322
MTBF (mean time between failure), 31-32
MTTR (mean time to repair), 31-32, 73
multihoming Internet connections, 154-157
multimode fiber, 289
N
naming models
developing, 189-195
authority, distributing, 190
DNS, 193-194
guidelines, 191
for IPv6, 195
NAT (Network Address Translation), 177-178
NetBIOS, 192-193
NetFlow switching, 382
NetIQ Voice and Video Management Solution, 365
NetPredictor, 365-366
network accuracy, analyzing, 76-78
network addressing and naming, characterizing, 64-65
network assets
identifying, 234
network assets, identifying, 45-46
network design
business goals, 13-14
making tradeoffs, 52-53
project scope, identifying, 14-16
network design documents
appendix, 404
Currrent State of the Network section, 399-400
Design Requirements section, 397-399
Executive Summary, 396
Implementation Plan, 401-402
Logical Design section, 400
Physical Design section, 400-401
Project Budget section, 403
Project Goal section, 396
Project Scope section, 396-397
Results of Network Design Testing section, 401
network efficiency, analyzing, 79-80
network health checklist, 83-84
network layer addresses, assigning, 168-178
by central authority, 169-170
dynamic addressing, 170-175
NAT, 177-178
private IP addresses, 175-178
network management
accounting management, 266
centralized versus decentralized monitoring, 270-271
configuration management, 266
fault management, 265-266
in-band versus out-of-band monitoring, 270
performance management, 266-268
proactive, 264
securing, 250-251
security management, 268
tools, selecting
CDP, 274-275
Cisco NetFlow, 276
SNMP, 271-270
traffic caused by, estimating, 276-277
network map, developing, 60-64
network performance
accuracy, analyzing, 38-39
baseline, developing, 72-73
delay, analyzing, 40-43
efficiency, analyzing, 39-40
optimum utilization, analyzing, 34-35
response time, analyzing, 44
throughput, analyzing, 35-38
nonhierarchical routing protocols, 214
O
objectives for test plans, developing, 357-358
ODR (On-Demand Routing), 216
OPNET Technologies, 364
optimizing your network design
IP multicast technologies, 368-372
DVMRP, 371
IGMP, 370
IP multicast addressing, 369
PIM, 371-372
Layer 3 packet switching, 381-382
optimum utilization, analyzing, 34-35
OSI reference model, 15
OSPF (Open Shortest Path First), 221-223
P
packet filters, 244
PAP (Password Authentication Protocol), 322-323
partial-mesh topology, 124
PDIOO network life cycle, 7-8
peer-to-peer traffic flow, characterizing, 91-92
performance management, 266-268
performing site surveys, 70-71
physical security, 238
planning for, 162
PIM (Protocol-Independent Multicast), 371-372
planning for physical security, 162
poison-reverse messages, 212
policies and politics, analyzing, 19-20
positioning access points, 145-146
PPP (Point-to-Point Protocol), 321-323
authentication, 322-323
MPPP, 321-322
priority queuing, 384-385
privacy in wireless networks, 258-259
private IP addressing, 175-178
proactive network management, 264
production networks, testing prototype network systems, 356-357
Project Goal, 396
project scheduling, analyzing, 21-22
protocols, analyzing bandwidth utilization, 75-76
prototype network systems, testing, 355-357
provisioning WAN bandwidth, 329-330
public servers, securing, 246-247
public/private key encryption, 241-243
Q
QoS
ATM requirements, 106-109
Differentiated Services working group, 111-113
Integrated Services working group
controlled-load service, 110
guaranteed service, 110-111
requirements, documenting, 113
queing services, 383-388
queue depth, calculating, 42
R
reconnaissance attacks, 47-48
reconvergence, RSTP, 138-139
RED (random early detection), 388-389
redistribution, 227-228
reducing serialization delay, 372-374
redundancy, 28
in campus networks, 147-153
GLBP, 153
HSRP, 152-153
server redundancy, 148-150
workstation-to-router redundancy, 150-151
redundant network topologies, 130-132
backup paths, 131-132
load sharing, 132
regression testing, 359
remote access, securing, 248-250
remote-access technologies
cable modem, 323-325
DSL, 325-326
PPP, 321-323
authentication, 322-323
MPPP, 321-322
remote-access VPNs, 159-160
requirements for availability, specifying, 29-32
responding to RFPs, 394-395
response time
RFP (Request for Proposal), responding to, 394-395
RIP (Routing Information Protocol), 218-219
risks to security, analyzing, 46-48, 234
RMON (Remote Monitoring), 273-274
root bridge, selecting, 139-140
route summarization, 181-183
routers
selecting for WAN design, 339-340
status, checking, 82-83
routing, IS-IS, 224-225
routing protocols
BGP, 225
convergence, 217
for core layer, 226
distance-vector, 210-212
for distribution layer, 226
dynamic routes, 215-216
EIGRP, 219-221
interior versus exterior, 214
link-state, selecting, 212-213
metrics, 214
nonhierarchical, 214
ODR, 216
OSPF, 221-223
RIP, 218-219
selecting, 209-229
BGP, 225
scalability constraints, 216-217
static routes, 215-216
traffic load, estimating, 101
using multiple in internetworks, 225-229
administrative distance, 228-229
incompatible metrics, resolving, 228
redistribution, 227-228
RSTP (Rapid Spanning Tree Protocol), 137-139
RSVP (Resource Reservation Protocol), 109-110, 377-379
RTT (round-trip time), measuring, 81
S
scalability
analyzing, 25-27
constraints on, 27
routing protocol constraints, 216-217
scaling STP, 140-141
secure network topologies, designing, 162-164
firewall topologies, 162-163
security, 234
accounting, 240
analyzing, 44-49
authentication, 239
in wireless networks, 254-256
authorization, 239
data encryption, 240-243
importance of in enterprise networks, 12-13
Internet connections
E-commerce servers, 247-248
public servers, 246-247
network assets, identifying, 45-46
packet filters, 244
physical security, 238
procedures, developing, 237
requirements, developing, 48-49
risks, analyzing, 46-48
server farms, 251-252
user services, 252-253
VPNs, 248-250
wireless networks, 253-260
Wi-Fi Protected Access, 259
security management, 268
security plan, developing, 235-236
security policy, developing, 236-237
selecting
internetworking devices, criteria, 300-302
network management tools
CDP, 274-275
Cisco NetFlow, 276
SNMP, 271-270
remote access devices for enterprise networks, 327-328
routing protocols, 209-229
distance-vector, 210-212
EIGRP, 219-221
IS-IS, 224-225
link-state, 212-213
OSPF, 221-223
RIP, 218-219
scalability constraints, 216-217
switching protocols, 201-209
STP enhancements, 204-206
transparent bridging, 202-203
types of test for test plans, 358-359
serialization delay, reducing, 372-374
server farms, securing, 251-252
server redundancy in campus networks, 148-150
server/server traffic flow, characterizing, 94
service provider edge, 160-162
service providers, selecting, 340-341
show commands, checking device status, 82-83
single-mode fiber, 289
site surveys, performing, 70-71
site-to-site VPNs, 158-159
SNMP (Simple Network Management Protocol)
MIBs, 272-273
RMON, 273-274
SONET, 331-332
sparse-mode PIM, 372
specifying availability requirements, 29-32
split horizon, 210-212
static routes, 215-216
status of major devices, checking, 82-83
STP (Spanning Tree Protocol), 135-141
cost values, 136-137
enhancements, selecting, 204-206
root bridge, selecting, 139-140
scaling, 140-141
structured model for addressing, 168-169
structured systems analysis, characteristics of, 5
switched Ethernet networks, analyzing errors, 77-79
switches, checking status of, 82-83
switching protocols
selecting, 201-209
STP enhancements, PortFast, 204
transparent bridging, 202-203
systems development life cycles, 6-7
T
technical goals
adaptability, analyzing, 50-51
affordability, analyzing, 51-52
availability, analyzing, 27-32
checklist, 54-55
manageability, analyzing, 49-50
network performance, analyzing, 32-44
scalability, analyzing, 25-27
security, analyzing, 44-49
usability, analyzing, 50
terminal/host traffic flow, characterizing, 91
test plans
implementing, 361-362
network equipment, documenting, 359-360
objectives, developing, 357-358
project timeline, documenting, 361
test scripts, writing, 360-361
types of tests, selecting, 358-359
test scripts, writing, 360-361
testing your network design
industry tests, 354-355
independent testing labs, 354-355
on production network, 356-357
prototype network systems, 355-357
test plans, developing, 357-362
tools, 362-363
theoretical traffic load, calculating, 97-98
three-layer hierarchical design, 125-128
three-part firewall topologies, 163
throughput
analyzing, 35-38
application layer, 37-38
of internetworking devices, 36
timeslots, 324
topology, designing
campus topologies, 135-153
redundancy, 147-153
STP, 135-141
VLANs, 141-144
WLANs, 144-147
enterprise edge, 153-162
Internet connection, multihoming, 154-157
redundant WAN circuits, 153-154
service provider edge, 160-162
VPNs, 157-160
hierarchical design, 120-130
versus flat topology, 122-124
versus mesh topoology, 124-126
three-layer hierarchical model, 125-128
redundant topologies, 130-132
backup paths, 131-132
load sharing, 132
secure topologies, 162-164
tradeoffs, analyzing, 52-53
traffic flow
characterizing, 87-96
client/server, characterizing, 91-92
distributed computing traffic flow, characterizing, 94
documenting, 95-96
peer-to-peer, characterizing, 91-92
server/server, characterizing, 94
terminal/host traffic flow, characterizing, 91
in VoIP networks, characterizing, 94
traffic load
estimating, 99-101
theoretical, calculating, 97-98
traffic shaping, 389
transparent bridging, 202-203
Type of Service field, 375-376
U
UDLD (Unidirectional Link Detection), 205-206
UplinkFast, 204-205
usability as technical goal, 50
user services, securing, 252-253
utilization
bandwidth utilization, analyzing, 75-76
UTP (unshielded twisted pair) cable, 287-288
V
VLANs, 141-144
DTP, 208
IEEE 802.1Q, 207-208
VTP, 208-209
VLSM (variable-length subnet masking), 185-186
VPNs, 157-160
remote-access, 159-160
securing, 248-250
site-to-site, 158-159
VTP (VLAN Trunking Protocol), 208-209
W
WANDL Network Planning and Analysis Tools, 364
WANs
ATM, 337-338
bandwidth, provisioning, 329-330
example design project, 341-348
flat topologies, 122-123
Frame Relay, 332-337
leased lines, 330-331
Metro Ethernet, 338-339
routers, selecting, 339-340
service providers, selecting, 340-341
SONET, 331-332
WFQ (Weighted Fair Queuing), 385-386
Wi-Fi Protected Access, 259
windowing, 103-104
wireless installations, checking for, 69-70
wireless networks
authentication, 254-256
privacy, 258-259
securing, 253-260
VPN software, 259-260
wiring, characterizing, 65-68
workstation-to-router redundancy, 150-151
WRED (Weighted Random Early Detection), 388-389
writing test scripts, 360-361
X-Y-Z
Zeroconf, 175