NDSeries IE1

Design Workshop
Internet Edge Solution 1

Existing Solutions
• LAN Design
Design Notes for Internet Edge
General Design Notes: Services/Solutions
• Data Center Facilities • General Best Practices

• Reliability: Hardware, Power, Connections • Security Best Practices
• Network Management: NMS, Diagrams, Docs
• Naming Std: <cmp>-<dev-id>-<rm>-<loc>-<st/co>
• VLAN Std: Data, Voice, Server, Mgmt, Other

• IP Address Std: 10.X.Y.H
• Subnets: Users (4), Guests (4), Mgmt
Internet Edge
3 – Solutions
Internet Edge Solution
Internet Edge
3 – Solutions
Step 1 – Scalability
Step 1-1: Topology for Internet Edge
Design Diagram
Step 1-2: Layer 2 / Layer 3 Topology
Step 1-2: Layer 2 / Layer 3 Topology
Step 1-2: Layer 2 or Layer 3 Topology
Step 1-2: Layer 2 or Layer 3 Topology
• Layer 3 connection between LAN Core and Edge Router
Design Diagram
Design Notes

• Network Management: NMS, Diagrams, Docs • Routing
• Naming Std: <cmp>-<dev-id>-<rm>-<loc>-<st/co>

Internet Edge
3 – Solutions
Step 2 – Reliability
Step 2-1: Redundancy Model
• Redundancy Components:
• Edge Router
• ISP cloud
• Internet Connectivity:
• Inbound
• Outbound
• Outbound:
• Inbound:
• Two ISP using Single Edge Router (or Firewall) Redundancy:
• Through Primary ISP:
• Web Server: 192.168.10.10  6.6.6.6
• Through Secondary ISP

• Web Server: 192.168.10.10  60.60.60.60
• Redundancy critical:
• Not recommended to use this model.
• When using a high number of
connections to your public facing
servers (web, email).
• Require transparent/quick failover.
• Redundancy not critical:

• Update DNS records for public facing
servers when a failure occurs.
• Open support ticket with ISP to resolve
issue.
• No DNS dependency
• Considerations:
• Edge router still SPOF in the solution.
• DNS Dependency
• Client/Server (on Internet) connecting to internal server using:

• Domain Name (e.g. routehub.net)
• IP Address (e.g. 4.2.2.2)
• DNS Dependency: Yes, using
domain name
• Most common
• Relies on DNS
(www.routehub.net  4.2.2.2)
• Not recommended for Two ISP
using Single Edge Router
Redundancy
• DNS Dependency: No, using
IP address
• Not common
• Relies on IP address within the
application/program used by
the client/server.
• Recommended for Two ISP
using Single Edge Router
Redundancy
• Two ISP using Dual Edge Router Redundancy
When to use:
• Business Size: this option can be used for
Small, SMB, and some Medium-sized
networks.
• Public Addressing: uses different Public IP
subnets from each ISP. A single Public IP
subnet cannot be used between two different
ISPs.
• DNS dependencies not required
• Redundancy critical:
• Not recommended to use this model.
• When using a high number of
connections to your public facing
servers (web, email).
• Require transparent/quick failover.
• Redundancy not critical:

• Update DNS records for public facing
servers when a failure occurs.
• Open support ticket with ISP to resolve
issue.
• No DNS dependency
Services Required:
• Network Address Translation (NAT)
• IP Service Level Agreements (SLA)
• First Hop Redundancy Protocol (HSRP,
VRRP, GLBP)
• Full Redundancy with BGP Multi-Homing
When to use:
• Business Size: this option is common for medium,
large-sized networks, hosting, to service providers.
• Public Addressing: uses a single (or multiple)
customer owned Public IP subnets between all ISP
clouds. For the Public subnet(s), you need to obtain
them through the ARIN website.
• DNS Dependency: YES, users/server can use the
DNS domain name or a dedicated IP address for
accessing services within the internal network using
this redundancy option.
• Technical Requirements:
1. Two ISP using Single Edge Router (or Firewall) Redundancy
2. Two ISP using Dual Edge Router Redundancy
3. Full Redundancy with BGP Multi-Homing
X
X X
• Full Redundancy with BGP Multi-Homing
Services Required:
• BGP (IP Routing)
• IP Routing (OSPF, EIGRP) or First Hop
Redundancy Protocol (HSRP, VRRP)
Design Diagram
Design Notes

• Network Management: NMS, Diagrams, Docs • Routing, BGP
• Naming Std: <cmp>-<dev-id>-<rm>-<loc>-<st/co> • FHRP

Step 2-2: Other Reliability Service(s)
Step 2-3: Hardware Considerations
Design Notes


Internet Edge
3 – Solutions
Step 3 – Performance
Step 3: Bandwidth for WAN Interface
WAN facing interface

LAN facing interface
Step 3-1: Determine Internet Performance
• Performance for WAN interface on Edge router component
• 500 users (HQ)
• 100 users (all RS)
• Moderate Performing:
• 400 users (HQ)
• 100 users (RS)
• High Performing:
• 100 users (HQ)
• Services:
• Email, Web Browsing
• Basic File Downloads
• Bandwidth rate per user:

• 130kbps
• Services:
• Email, Web Browsing
• Large Downloads
• Cloud Services
• Bandwidth rate per user:

• 384kbps
• Moderate Performing Users:
• 400 Users (HQ) x 130kbps = ~52Mbps
• 100 Users (RS) x 130Mbps = ~13Mbps
• High Performing Users:

• 100 Users (HQ) x 384kbps = ~38Mbps
• 52Mbps + 13Mbps + 38Mbps = ~100Mbps

Design Diagram
Step 3-2: Determine Bandwidth Technology
• Based on Internet Performance Calculations:
Design Resources: RFI Checklist
• Service Provider
• Tier Provider
• Reliability (SLA – Availability)
• Performance (SLA – Latency and Packet Loss)
• Security
• Support (Customer Service)
• Installation and Repairs (Maintenance)
• Pricing
• Services
• Length of Contracts
• Case Studies
• Example: Internet Performance ~3Mbps
• Our Design: Internet Performance of ~100Mbps
Design Diagram
Step 3-3: Bandwidth with LAN/Data Center
• Our Design: Internet Performance of ~100Mbps
Step 3-3: Bandwidth with LAN/Data Center
Design Diagram
Internet Edge
3 – Solutions
Step 4 – Security
Step 4: Security for Internet Edge
Design Notes

• VLAN Std: Data, Voice, Server, Mgmt, Other • Solutions: Firewall

Internet Edge
3 – Solutions
Step 5 – Network Management
Step 5: Network Management for Internet Edge
Design Notes

• IP Address Std: 10.X.Y.H • NM : SNMP, Log, NTP, VTY ACL, Netflow

Internet Edge
3 – Solutions
Step 6 – Flexibility
Step 6: Flexibility for Internet Edge
Internet Edge
3 – Solutions
Step 7 – Design Aspects
Step 7-1: Other Services
Design Notes

• Naming Std: <cmp>-<dev-id>-<rm>-<loc>-<st/co> • FHRP, Multicast, IPv6

Step 7-2: IP Subnets
• IPv4:
• Small/SMB networks: /29 or a single Public IP address
• SMB/Medium networks: /28 or /29
• Medium/Large networks: /24 and higher
• IPv6 (Global):
• /48 IPv6 prefix
Step 7-2: IP Subnets
Design Notes

• Subnets: Users (4), Guests (4), Mgmt, Public,

Transit (IE_LAN)
Internet Edge
3 – Solutions
Step 8 – Hardware
Hardware for Edge Router
• Business Size: Medium
• Gigabit Ethernet for LAN and WAN interfaces
• Internet Performance: ~100Mbps
• BGP Routing with Dual ISP
• Services: Routing, BGP, FHRP, Network Management, Multicast,
IPv6
Hardware Consolidation Options
Hardware Consolidation Options
Hardware Options
GOOD BAD
• Medium network • Pricing
• GE support
• Performance support
• L3 services support
GOOD BAD
• Medium network • N/A
• GE support
GOOD BAD
• GE support • Small & SMB network
• Performance support • Not ideal for BGP
GOOD BAD
• GE support • Large-sized networks
• L3 services
Cisco ISR G2 3900 or 2900 Series

• Cisco 3945 Integrated Services Router
• Cisco 3945E Integrated Services Router
• Cisco 3925 Integrated Services Router
• Cisco 3925E Integrated Services Router
• NAT, ACL, QoS, VPN

• Typical Internet based traffic
• Packet Byte size (64Bytes, 1500Bytes)
• Bandwidth Supported?
• Cisco Services Performance Engine (SPE)
• Portable Product Sheets for Routing Performance
• Initial Performance: 100Mbps

• Future Performance: 250Mbps – 300Mbps
• Cisco ISR G2 3925
• Cisco Build and Price for Routers
• https://apps.cisco.com/ccw/cpc/guest/home.do
Design Diagram
Design Notes for Internet Edge

• Subnets: Users (4), Guests (4), Mgmt, Public,

Transit (IE_LAN)
Internet Edge Solution 1
Completed

NDSeries IE1

Hochgeladen von

Dokumentinformationen

Originaltitel

Copyright

Verfügbare Formate

Dieses Dokument teilen

Dokument teilen oder einbetten

Freigabeoptionen

Stufen Sie dieses Dokument als nützlich ein?

Sind diese Inhalte unangemessen?

Copyright:

Verfügbare Formate

NDSeries IE1

Hochgeladen von

Copyright:

Verfügbare Formate

Design Workshop

Internet Edge Solution 1

• Data Center Facilities • General Best Practices

• VLAN Std: Data, Voice, Server, Mgmt, Other

• Data Center Facilities • General Best Practices

• VLAN Std: Data, Voice, Server, Mgmt, Other

• Through Secondary ISP

• Redundancy not critical:

• Client/Server (on Internet) connecting to internal server using:

• Redundancy not critical:

• Data Center Facilities • General Best Practices

• VLAN Std: Data, Voice, Server, Mgmt, Other

• Data Center Facilities • General Best Practices

• VLAN Std: Data, Voice, Server, Mgmt, Other

WAN facing interface

• Bandwidth rate per user:

• Bandwidth rate per user:

• High Performing Users:

• 52Mbps + 13Mbps + 38Mbps = ~100Mbps

• Data Center Facilities • General Best Practices

• VLAN Std: Data, Voice, Server, Mgmt, Other • Solutions: Firewall

• IP Address Std: 10.X.Y.H

• Data Center Facilities • General Best Practices

• VLAN Std: Data, Voice, Server, Mgmt, Other • Solutions: Firewall

• IP Address Std: 10.X.Y.H • NM : SNMP, Log, NTP, VTY ACL, Netflow

• Subnets: Users (4), Guests (4), Mgmt

• Data Center Facilities • General Best Practices

• VLAN Std: Data, Voice, Server, Mgmt, Other • Solutions: Firewall

• IP Address Std: 10.X.Y.H • NM : SNMP, Log, NTP, VTY ACL, Netflow

• Subnets: Users (4), Guests (4), Mgmt

• Data Center Facilities • General Best Practices

• VLAN Std: Data, Voice, Server, Mgmt, Other • Solutions: Firewall

• IP Address Std: 10.X.Y.H • NM : SNMP, Log, NTP, VTY ACL, Netflow

• Subnets: Users (4), Guests (4), Mgmt, Public,

Cisco ISR G2 3900 or 2900 Series

• NAT, ACL, QoS, VPN

• Initial Performance: 100Mbps

• Data Center Facilities • General Best Practices

• VLAN Std: Data, Voice, Server, Mgmt, Other • Solutions: Firewall

• IP Address Std: 10.X.Y.H • NM : SNMP, Log, NTP, VTY ACL, Netflow

• Subnets: Users (4), Guests (4), Mgmt, Public,

Das könnte Ihnen auch gefallen