© 2007 Cisco Systems, Inc. All rights reserved.DESGN v Designing Remote Connectivity Designing the Enterprise WAN

© 2007 Cisco Systems, Inc. All rights reserved.DESGN v Traditional WAN Technologies Description Leased lines A service provider establishes a dedicated connection. Circuit-switched PSTN (phone service, analog modems, ISDN) A dedicated circuit path is established for the duration of a call. ISDN combines voice, data, and backup. Packet- and cell-switched (Frame Relay, SMDS, ATM, MPLS) A service provider creates PVCs or SVCs. ATM uses cells and provides support for multiple QoS classes.

© 2007 Cisco Systems, Inc. All rights reserved.DESGN v WAN Topologies

© 2007 Cisco Systems, Inc. All rights reserved.DESGN v Designing the Remote-Access Network Objective: Provide a unified solution for remote access Grant the connection seamlessly, as if in company headquarters Application requirements include: –Low to medium-volume data file transfer and interactive traffic for teleworkers and traveling workers –Voice services for teleworkers Connectivity option: IP access through an on-demand or always-on connection Technologies include dial-up, DSL, cable, and wireless

© 2007 Cisco Systems, Inc. All rights reserved.DESGN v Overview of Virtual Private Networks

© 2007 Cisco Systems, Inc. All rights reserved.DESGN v Connectivity Option: Overlay VPN VPNs may replace dedicated point-to-point links with emulated point-to-point links sharing common infrastructure.

© 2007 Cisco Systems, Inc. All rights reserved.DESGN v Connectivity Option: Virtual Private Dial- Up Network

© 2007 Cisco Systems, Inc. All rights reserved.DESGN v Provider participates in the enterprise routing: Uses MPLS VPN technology Enables organization to use any IP address space No overlapping IP address space problems Connectivity Option: Peer-to-Peer VPN

© 2007 Cisco Systems, Inc. All rights reserved.DESGN v Benefits of VPNs

© 2007 Cisco Systems, Inc. All rights reserved.DESGN v WAN Backup Technologies Backup options: Dial backupanalog or ISDN Permanent secondary WAN link Shadow PVC IPsec tunnel across Internet

© 2007 Cisco Systems, Inc. All rights reserved.DESGN v Example: Permanent Secondary WAN Link

© 2007 Cisco Systems, Inc. All rights reserved.DESGN v Example: Shadow PVC

© 2007 Cisco Systems, Inc. All rights reserved.DESGN v WAN Backup over the Internet

© 2007 Cisco Systems, Inc. All rights reserved.DESGN v Layer 3 Tunneling GRE can encapsulate a variety of protocol types inside IP tunnels. –It is simple and flexible for basic IP VPNs. –Packet payload is not encrypted. –Provisioning of tunnels is not very scalable. IPsec encapsulates IP inside of IPsec tunnels. –Packet payload can be encrypted. –IPsec receiver can authenticate source of packets. –It uses IKE and PKI.

© 2007 Cisco Systems, Inc. All rights reserved.DESGN v Enterprise WAN Architecture Considerations Support for network growth Appropriate availability Operational expense Operational complexity Voice and video support Effort and cost to implement Support of network segmentation

© 2007 Cisco Systems, Inc. All rights reserved.DESGN v Cisco Enterprise MAN and WAN Architecture Private WAN (optionally encrypted) ISP service through site-to-site and remote-access IPsec VPN Service provider-managed IP or MPLS VPN Self-deployed MPLS

© 2007 Cisco Systems, Inc. All rights reserved.DESGN v Cisco Enterprise WAN and MAN Architecture Comparison Private WAN ISP Service SP MPLS and IP VPN Self-Deployed MPLS Secure transport IPsec (optional) IPsec (mandatory) IPsec (mandatory) IPsec (mandatory) High availabilityExcellentGoodExcellent MulticastGood Excellent Voice and video supportExcellentLowExcellent Scalable network growthModerateGoodExcellent Easily shared WAN linksModerate Excellent Operational costsHighLow Moderate, depends on transport Moderate to high Network controlHighModerate High Effort to migrate from private to WAN LowModerate High

© 2007 Cisco Systems, Inc. All rights reserved.DESGN v Example: Cisco WAN Architectures in the Healthcare Environment

© 2007 Cisco Systems, Inc. All rights reserved.DESGN v Selecting Enterprise Edge Hardware Components and Software Features Hardware selection incorporates the selection of data link layer functions and features of a particular device Considerations: Port density, packet throughput, future expandability, redundancy Software selection focuses on network layer performance Considerations: Forwarding decisions, bandwidth optimization, security

© 2007 Cisco Systems, Inc. All rights reserved.DESGN v Large-scale networks High availability In-service software upgrade High-end enterprise core Service provider edge Virtual Private Networks (MPLS, Layer 2 and Layer 3) Video and content multicast Broadband access Mobility and wireless Data center Security IP communications Cisco IOS Software XR Scale and Availability Cisco IOS Software S IP Services and Infrastructure Cisco IOS Software T IP Services and Ease of Deployment Cisco IOS Software in the Network

© 2007 Cisco Systems, Inc. All rights reserved.DESGN v Cisco IOS Packaging

© 2007 Cisco Systems, Inc. All rights reserved.DESGN v Cisco IOS Packaging Technology Segmentation Data Connectivity VoIP and VoFR ATM, VoATM, MPLS AppleTalk, IPX, IBM Protocols Firewall, IDS, VPN IP BaseX IP VoiceXX Advanced SecurityXX Enterprise BaseXX SP ServicesXXX Advanced IP Services XXXX Enterprise ServicesXXXX Advanced Enterprise Services XXXXX

© 2007 Cisco Systems, Inc. All rights reserved.DESGN v Comparing Router Platforms and Software Functions HardwareSoftwareFunction 800, 1800, 2800, 3800, 7200 Cisco IOS T Releases 12.3, 12.4, 12.3T, 12.4T Supports access routing platforms providing fast, scalable delivery of mission-critical enterprise applications 7200, 7301, 7304, 7500, 10K Cisco IOS S Release 12.2SB Delivers midrange broadband and leased-line aggregation for enterprise and service provider edge networks 7600Cisco IOS S Release 12.2SR Delivers high-end Ethernet LAN switching for enterprise access, distribution, core, and data center deployments, and high-end Metro Ethernet for service provider edge 12000, CRS-1Cisco IOS XRProvides massive scale, continuous system availability, and service flexibility for service provider core and edge. (Takes advantage of the massively distributed processing capabilities of the Cisco CRS-1 routing system and the Cisco 12000)

© 2007 Cisco Systems, Inc. All rights reserved.DESGN v Comparing Multilayer Switch Platforms and Software Functions Use the Cisco Feature Navigator to find the right Cisco IOS and Catalyst operating system software release and features. HardwareSoftwareFunction 800, 1800, 2800, 3800, 7200 Cisco IOS S Release 12.2SE Provides low-end to midrange Ethernet LAN switching for enterprise access and distribution deployments 4500, 4900Cisco IOS S Release 12.2SG Provides midrange Ethernet LAN switching for enterprise access and distribution deployments in the campus, and supports Metro Ethernet 6500Cisco IOS S Release 12.2SX Delivers high-end Ethernet LAN switching for enterprise access, distribution, core, and data center deployments, and high-end Metro Ethernet for service provider edge

© 2007 Cisco Systems, Inc. All rights reserved.DESGN v Summary Traditional WAN technologies include leased lines, circuit-switched PSTN, and packet-switched networks. Remote-access networks connect teleworkers and traveling employees. A VPN provides connectivity over a shared infrastructure with the same policies and performance as a private network. WAN backup strategies are needed to provide high availability between remote sites. The Cisco Enterprise WAN and MAN Architecture provides integrated QoS, network security, reliability, and manageability. Enterprise WAN design includes selecting the appropriate components, including hardware and software.

© 2007 Cisco Systems, Inc. All rights reserved.DESGN v