© 2007 Cisco Systems, Inc. All rights reserved.DESGN v Structuring and Modularizing the Network Using Infrastructure Services

© 2007 Cisco Systems, Inc. All rights reserved.DESGN v Explaining the Role of Infrastructure Services

© 2007 Cisco Systems, Inc. All rights reserved.DESGN v Modularizing Internal Security

© 2007 Cisco Systems, Inc. All rights reserved.DESGN v Reasons for Internal Security The enterprise campus is protected by security functions in the enterprise edge: –If the enterprise edge security fails, the unprotected enterprise campus is vulnerable. –The potential attacker can gain physical access to the enterprise campus. –Some network solutions require indirect external access to the enterprise campus. All vital elements in the enterprise campus must be protected independently.

© 2007 Cisco Systems, Inc. All rights reserved.DESGN v External Threats

© 2007 Cisco Systems, Inc. All rights reserved.DESGN v Designing High Availability Analyze the business and technical goals. Identify critical applications, systems, internetworking devices, and links. Document the trade-offs between redundancy and cost and simplicity versus complexity. Duplicate any component whose failure could disable critical applications. Duplicate vital links and connect them to different devices.

© 2007 Cisco Systems, Inc. All rights reserved.DESGN v Designing Route Redundancy Design redundant routes: Minimize the effect of link failures. Minimize the effect of an internetworking device failure. Make the connection redundant: Parallel physical links between switches and routers Backup LAN and WAN links Make the network redundant: Full mesh to provide complete redundancy and good performance Partial mesh, which is cheaper and more scalable

© 2007 Cisco Systems, Inc. All rights reserved.DESGN v Example: Campus Infrastructure Redundancy The building access network is partially meshed with the building distribution switches. The building access switch has a chance to recover from a link or building distribution switch failure.

© 2007 Cisco Systems, Inc. All rights reserved.DESGN v Example: Enterprise Edge Redundancy The remote site establishes a backup connection via an IPsec tunnel across the Internet.

© 2007 Cisco Systems, Inc. All rights reserved.DESGN v High Availability in the Server Farm Module Single attachmentnot recommended: –Requires alternative mechanisms to dynamically find an alternative router Dual attachment to increase availability and prevent session loss: –Attachment through a redundant transceiver –Attachment through a redundant NIC Fast EtherChannel and Gigabit EtherChannel port bundles

© 2007 Cisco Systems, Inc. All rights reserved.DESGN v Example: Attachment Through a Redundant Transceiver Transceiver activates backup link on primary link failure. Transceiver cannot detect failures beyond physical link.

© 2007 Cisco Systems, Inc. All rights reserved.DESGN v Example: Attachment Through a Redundant NIC Device driver presents two NIC cards as a single logical interface. This setup uses one MAC address on both interfaces. Backup card is activated when the primary link is gone.

© 2007 Cisco Systems, Inc. All rights reserved.DESGN v Voice Transport Overview Two implementations: –Voice over IP: Uses analog phones. Transports voice packets over the IP network using voice-enabled routers. –IP telephony: Implements voice in the network using Cisco Unified CallManager and IP phones. Both implementations require properly designed networks. All modules of the enterprise network are involved in the voice network solution.

© 2007 Cisco Systems, Inc. All rights reserved.DESGN v IP Telephony Components

© 2007 Cisco Systems, Inc. All rights reserved.DESGN v Modular Approach in Voice Network Design

© 2007 Cisco Systems, Inc. All rights reserved.DESGN v Example: Voice Network Solution

© 2007 Cisco Systems, Inc. All rights reserved.DESGN v Evaluating the Existing Data Infrastructure for Voice Design Document and evaluate the existing data infrastructure in each enterprise network module in terms of: New voice performance requirements Availability requirements Feature requirements Potential network capacity or impact

© 2007 Cisco Systems, Inc. All rights reserved.DESGN v Wireless LAN Overview Supports connecting mobile clients to the enterprise network Transports packets over radio waves Has connectivity and privacy issues not found in wired networks Can have implications for all modules of the enterprise network

© 2007 Cisco Systems, Inc. All rights reserved.DESGN v Centralized WLAN Model Components

© 2007 Cisco Systems, Inc. All rights reserved.DESGN v Application Networking Services Introduction Traditional networks handled static web pages, , and routine client-server applications. Applications are evolving into complex and highly visible services. Application deployment issues are emerging. –Consolidation of data centers can result in lower productivity for remote users. –A web-based ordering system may suffer because of poor responsiveness. –Business partners may need immediate and secure electronic access to back-office applications. –A purchasing application may need to track large orders.

© 2007 Cisco Systems, Inc. All rights reserved.DESGN v ANS Can Resolve Application Issues Wide-area application services can compress, cache, and optimize content. Optimization of the web streams can reduce latency, suppress unnecessary reloading of web objects, and offload the web server. Security and remote connectivity services can validate requests, route them appropriately, and encrypt and prioritize responses. Application messaging services interpret purchase orders and log large orders according to business policy rules.

© 2007 Cisco Systems, Inc. All rights reserved.DESGN v Example: ANS Components

© 2007 Cisco Systems, Inc. All rights reserved.DESGN v Summary Network infrastructure services add intelligence to the network infrastructure, supporting application awareness within the network. Security is a network infrastructure service that increases the integrity of the network by protecting network resources and users from internal and external threats. High-availability services protect the integrity of mission-critical information with networking platforms and topologies that offer a sufficient level of resiliency.

© 2007 Cisco Systems, Inc. All rights reserved.DESGN v Summary (Cont.) Voice infrastructure services throughout the enterprise are needed to support IP telephony. Wireless services support mobile clients and integrate with the wired network. Cisco ANS optimizes website performance, content delivery, and the security and connectivity of applications.

© 2007 Cisco Systems, Inc. All rights reserved.DESGN v