Cisco®CCDA Exam Cram Notes : Designing A Basic Enterprise Network

3. Enterprise Network Design

3.2 Design a basic enterprise network

3.2.a Layer 3 protocols and redistribution

When two or more sites are using dissimilar protocols, such as OSPF, EIGRP, etc, you can combine the networks using route redistribution. Redistribution can be accomplished by two methods:

Two-way redistribution: In this type of redistribution routing information is exchanged between both routing protocols. Route filters are used to prevent routing loops. Routing loops can be caused by one route protocol redistributing routes that were learned from a second route protocol back to that second routing protocol. Note that static routes are not used in this exchange.

One-way redistribution: This type of redistribution only allows redistribution from one routing protocol to another. Normally, it is used in conjunction with a default or static route at the edge of a network. For example, a campus network is connected to the WAN network using a default route, it makes sense to distribute the routing information from the WAN routes is into the campus, but campus routes are not redistributed out to the WAN.

The best practices when designing a Distribution layer are given below:

1. Build Layer 3 triangles, not squares

2. Summarize routes from the distribution to the core of the network to reduce routing overhead.

3. Use Virtual Switching System (VSS) as an option

4. Only peer on links that you intend to use as transit.

The following are the best practices in Core layer design:

1. Reduce the switch peering by using redundant triangle connections between switches.

2. Use routing that provides a topology with no spanning-tree loops.

3. Use Layer 3 switches on the core that provide intelligent services that Layer 2 switches do not support.

4. Use two equal-cost paths to every destination network.

Core layer and server farm switches have requirement for best performance, and availability compared to access layer and distribution layer switches. Hence the cost per port for Core and Server farm switches would be high compared to Access and Distribution layer switches.

The primary requirements of a DC core layer

1. Administrative convenience for DC aggregation layer separation from that of Campus Distribution layer

2. Provides port density for server farms

Data center Access layer is characterized by the following:

1. High port density with high performance switched (Layer-2) and router (Layer-3) ports.

2. Low latency for fast switching, and ability to cater to over subscription

3. Use of VLAN trunks upstream, allowing data center aggregation services to be shared among the same VLAN and across multiple switches.

4. Support for server clustering that requires network connections to be Layer 2 adjacent or on the same VLAN with one another.

The following are the Cisco recommended security measures for controlling access to a campus network:

1. Access Layer: This is the layer at which users log into the network and access network resources. The recommended security measures at Access Layer point are:

  • Controlling physical access to network devices (This applies to all layers),
  • Port security, also known as 'MAC address lockdown' is Cisco feature that enables the switch to prevent input from a port when the MAC address of a station trying to access the port is different from the configured MAC address for that port.
  • Passwords: A properly managed network should have login and password for each network device. There are several ways of accessing Cisco devices such as Console, vty, TFTP servers etc. Each of these should have properly defined passwords to control access to the network.

2. Distribution Layer: The security at distribution layer is implemented by using Access Policies. These in turn make use of Access Control Lists. There are two types of IP access lists:

  • Standard
  • Extended

In addition to security, Distribution layer is responsible for sending only the data that need to reach the Core Layer. This not only achieves security, but also makes sure that Core Layer is not burdened with unnecessary traffic. This is achieved by applying Access Control Lists.

Core Layer Security: Core layer is responsible for transmitting data efficiently. For this reason, Cisco recommends that there is little or no policy at Core layer.

Previous   Contents   Next

CCDA Cram Notes Contents ad