This module looks at the need for multilayer switches within Cisco’s overall network design. A review of Intelligent Information Networks (IIN) and Service-Oriented Network Architectures (SONA) sets the groundwork for the course. Additionally, a quick overview of the characteristics of Layer 2 and Layer 3 networks aids in identifying the reasons for using a multilayer switch.
This module begins by discussing operational problems found in non-hierarchical networks at Layers 2 and 3 of the Open Systems Interconnection (OSI) model. The Enterprise Composite Network Model (ECNM) is then introduced, and the features and benefits of ECNM are explained. Issues that exist in traditionally designed networks can be resolved by applying this state-of-the-art design to their networks.
1.1 Introducing Campus Networks
1.1.1 Intelligent Information Network and Service-Oriented Network Architecture
Intelligent Information Network (IIN) encompasses these features :
Integration of networked resources and information assets that have been largely unlinked: The current converged networks that integrate voice, video, and data require Information Technology (IT) departments to link the IT infrastructure more closely with the network.
Intelligence across multiple products and infrastructure layers: The intelligence built into each component of the network is extended network-wide and applies end-to-end.
Active participation of the network in the delivery of services and applications: With added intelligence, IIN makes it possible for the network to actively manage, monitor, and optimize service and application delivery across the entire IT environment.
IIN offers much more than basic connectivity, bandwidth for users, and access to applications. It offers end-to-end functionality and centralized, unified control that promotes true business transparency and agility.
The IIN technology vision offers an evolutionary approach that consists of three phases in which functionality can be added to the infrastructure as required.
Integrated transport: All traffic—data, voice, and video—consolidates onto an IP network for secure network convergence. By integrating data, voice, and video transport into a single, standards-based, modular network, organizations can simplify network management and generate enterprise-wide efficiencies. Network convergence also lays the foundation for a new class of IP-enabled applications delivered through Cisco IP Communications solutions.
Integrated services: After the network infrastructure has been converged, IT resources can be pooled and shared or “virtualized” to flexibly address the changing needs of the organization. Integrated services help unify common elements, such as storage and data center server capacity. By extending virtualization capabilities to encompass server, storage, and network elements, an organization can transparently use all its resources more efficiently. Business continuity is also enhanced because shared resources across the IIN provide services in the event of a local system failure.
Integrated applications: With Application-Oriented Networking (AON) technology, Cisco has entered the third phase of building the IIN. This phase focuses on making the network “application-aware” so that it can optimize application performance and deliver networked applications to users more efficiently. In addition to capabilities such as content caching, load balancing, and application-level security, Cisco AON makes it possible for the network to simplify the application infrastructure by integrating intelligent application message handling, optimization, and security into the existing network.
Using IIN, Cisco is helping organizations address new IT challenges, such as the deployment of service-oriented architectures (SOA), Web services, and virtualization. Cisco Service-Oriented Network Architecture (SONA) is a framework that guides the evolution of enterprise networks to an IIN. SONA provides the following advantages to enterprises:
Outlines the path toward the IIN
Illustrates how to build integrated systems across a fully converged IIN
Improves flexibility and increases efficiency, which results in optimized applications, processes, and resources
Cisco SONA uses the extensive product line services, proven architectures, and experience of Cisco and its partners to help enterprises achieve their business goals.
The Cisco SONA framework shows how integrated systems can allow a dynamic, flexible architecture, and provide for operational efficiency through standardization and virtualization. It brings forth the notion that the network is the common element that connects and enables all components of the IT infrastructure.
Cisco SONA outlines these three layers of the IIN:
Network infrastructure layer: Interconnects all IT resources across a converged network foundation. The IT resources include servers, storage, and clients. The network infrastructure layer represents how these resources exist in different places in the network, including the campus, branch, data center, WAN and Metropolitan Area Network (MAN), and teleworker. The objective for customers in this layer is to have anywhere and anytime connectivity.
Interactive services layer: Enables efficient allocation of resources to applications and business processes that are delivered through the networked infrastructure. This layer comprises these services:
Voice and collaboration
Mobility
Security and identity
Storage
Computer
Application networking
Network infrastructure virtualization
Services management
Adaptive management
Application layer: Includes business applications and collaboration applications. The objective for customers in this layer is to meet business requirements and achieve efficiencies by leveraging the interactive services layer.
1.1.2 Cisco Network Models
Cisco provides the enterprise-wide systems architecture that helps companies protect, optimize, and grow the infrastructure that supports their business processes. The architecture integrates the entire network—campus, data center, WAN, branches, and teleworkers—offering staff secure access to the tools, processes, and services.
Cisco provides the following network models with Cisco Enterprise Architecture:
Campus architecture: Combines a core infrastructure of intelligent switching and routing with tightly integrated productivity-enhancing technologies, including IP Communications, mobility, and advanced security. The architecture provides the enterprise with high availability through a resilient multilayer design, redundant hardware and software features, and automatic procedures for reconfiguring network paths when failures occur. Multicast provides optimized bandwidth consumption, and quality of service (QoS) prevents oversubscription to ensure that real-time traffic, such as voice and video or critical data, is not dropped or delayed. Integrated security protects against and mitigates the impact of worms, viruses, and other attacks on the network, even at the port level. Cisco enterprise-wide architecture extends support for standards, such as 802.1x and Extensible Authentication Protocol (EAP). It also provides the flexibility to add IP Security (IPSec) and Multiprotocol Label Switching (MPLS) Virtual Private Networks (VPNs), identity and access management, and VLANs to compartmentalize access. This helps improve performance and security and decreases costs. The enterprise campus architecture will be the focus of this course.
Data center architecture: Cohesive, adaptive network architecture that supports the requirements for consolidation, business continuance, and security while enabling emerging SOAs, virtualization, and on-demand computing. IT staff can easily provide departmental staff, suppliers, or customers with secure access to applications and resources. This approach simplifies and streamlines management, significantly reducing overhead. Redundant data centers provide backup using synchronous and asynchronous data and application replication. The network and devices offer server and application load balancing to maximize performance. This solution allows enterprises to scale without major changes to the infrastructure.
Branch architecture: Enables enterprises to extend head-office applications and services, such as security, IP Communications, and advanced application performance, to thousands of remote locations and users, or to a small group of branches. Cisco integrates security, switching, network analysis, caching, and converged voice and video services into a series of integrated services routers in the branch so that enterprises can deploy new services when they are ready without buying new equipment. This solution provides secure access to voice, mission-critical data, and video applications anywhere, anytime. Advanced network routing, VPNs, redundant WAN links, application content caching, and local IP telephony call processing provide a robust architecture with high levels of resilience for all the branch offices. An optimized network leverages the WAN and LAN to reduce traffic and save bandwidth and operational expenses. Enterprises can easily support branch offices with the ability to centrally configure, monitor, and manage devices located at remote sites, including tools, such as AutoQoS, that proactively resolve congestion and bandwidth issues before they affect network performance.
Teleworker architecture: Allows enterprises to securely deliver voice and data services to remote small or home offices over a standard broadband access service, providing a business resiliency solution for the enterprise and a flexible work environment for employees. Centralized management minimizes IT support costs, and robust integrated security mitigates the unique security challenges of this environment. Integrated security and identity-based networking services enable the enterprise to help extend campus security policies to the teleworker. Staff can securely log into the network over an “always-on” VPN and gain access to authorized applications and services from a single cost-effective platform. The productivity can further be enhanced by adding an IP phone, providing cost-effective access to a centralized IP communications system with voice and unified messaging services.
WAN architecture: Offers the convergence of voice, video, and data services over a single IP communications network. This approach enables enterprises to cost-effectively span large geographic areas. QoS, granular service levels, and comprehensive encryption options help ensure the secure delivery of high-quality corporate voice, video, and data resources to all corporate sites, enabling staff to work productively and efficiently from any location. Security is provided with multiservice VPNs (IPSec and MPLS) over Layer 2 and Layer 3 WANs, as well as hub-and-spoke and full mesh topologies.
1.1.3 Describing Non-Hierarchical Campus Network Issues
The simplest Ethernet network infrastructure is composed of a single collision and broadcast domain. This type of network is referred to as a “flat” network because any traffic that is transmitted within it is seen by all of the interconnected devices, even if they are not the intended destination of the transmission. The benefit of this type of network is that it is very simple to install and configure, so it is a good fit for home networking and small offices. The downside of a flat network infrastructure is that it does not scale well as demands on the network increase. Following are some of the issues with non-hierarchical networks:
Traffic collisions increase as devices are added, reducing network throughput.
Broadcast traffic increases as devices are added to the network, causing over-utilization of network resources.
Isolating problems on a large flat network can be difficult.
Figure shows the key network hardware devices in a non-hierarchical network and the function of each.
1.1.4 Describing Layer 2 Network Issues
Layer 2 switches can significantly improve performance in a carrier sense multiple access collision detect (CSMA/CD) network when used in place of hubs. This is because each switch port represents a single collision domain, and the device connected to that port does not have to compete with other devices to access the media. Ideally, every host on a given network segment is connected to its own switch port, thus eliminating all media contention as the switch manages network traffic at Layer 2. An additional benefit of Layer 2 switching is that large broadcast domains can be broken up into smaller segments by assigning switch ports to different VLAN segments.
For all their benefits, some drawbacks still exist in non-hierarchical switched networks:
If switches are not configured with VLANs, very large broadcast domains may be created.
If VLANs are created, traffic cannot move between VLANs using only Layer 2 devices.
As the Layer 2 network grows, the potential for bridge loops increases. Therefore, the use of a Spanning Tree Protocol (STP) becomes imperative.
1.1.5 Describing Routed Network Issues
A major limitation of Layer 2 switches is that they cannot switch traffic between Layer 3 network segments (IP subnets for example). Traditionally, this was done using a router. Unlike switches, a router acts as a broadcast boundary and does not forward broadcasts between its interfaces. Additionally, a router provides an optimal path determination function. The router examines each incoming packet to determine which route the packet should take through the network. Also, the router can act as a security device, manage QoS, and apply network policy. Although routers used in conjunction with Layer 2 switches resolve many issues, some concerns still remain:
When security or traffic management components, such as access control lists (ACLs), are configured on router interfaces, the network may experience delays as the router processes each packet in software.
When routers are introduced into a switched network, end-to-end VLANs are no longer supported because routers terminate the VLAN.
Routers are more expensive per interface than Layer 2 switches, so their placement in the network should be well planned. Non-hierarchical networks, by their very nature, require more interconnections and, hence, more routed interfaces.
In a non-hierarchical network, the number of router interconnections may result in peering problems between neighboring routers.
Because traffic flows are hard to determine, it becomes difficult to predict where hardware upgrades are needed to mitigate traffic bottlenecks.
1.1.6 Multilayer Switching
Multilayer switching is hardware-based switching and routing integrated into a single platform. In some cases, frame (Layer 2) and packet (Layer 3) forwarding operations are handled by the same specialized hardware ASIC and other specialized circuitry. A multilayer switch does everything to a frame and packet that a traditional switch and router do, including the following:
Provides multiple simultaneous switching paths
Segments broadcast and failure domains
Provides destination-specific frame forwarding based on Layer 2 information
Determines the forwarding path based on Layer 3 information
Validates the integrity of the Layer 2 frame and Layer 3 packet via checksums and other methods
Verifies packet expiration and updates accordingly
Processes and responds to any option information
Updates forwarding statistics in the MIB
Applies security and policy controls, if required
Provides optimal path determination
Can (if it is a sophisticated modular type) support a wide variety of media types and port densities
Has the ability to support QoS
Has the ability to support VoIP and inline power requirements
Because it is designed to handle high-performance LAN traffic, you can place a multilayer switch anywhere within the network, thereby replacing traditional switches and routers cost-effectively. In most cases, a lower cost access switch connects end users and multilayer switches are used in the distribution and core layers of the campus network model.
1.1.7 Issues with Multilayer Switches and VLANs in a Non-Hierarchical Network
Multilayer switches combine switching and routing on a single hardware platform and can enhance overall network performance when deployed properly. Multilayer switches provide very high-speed Layer 2 and Layer 3 functionality by caching much of the forwarding information between sources and destinations.
However, the following issues exist when a multilayer switch is deployed in an improperly designed network:
Because multilayer switches condense the functions of switching and routing in a single chassis, they can create single points of failure if redundancy for these devices is not carefully planned and implemented.
Switches in a flat network are interconnected, creating many paths between destinations. If active, these potential redundant paths create bridging loops. To control this, the network must run a STP. Networks that use the IEEE 802.1D protocol may experience periods of disconnection and frame flooding during a topology change.
Multilayer switch functionality may be underutilized if a multilayer switch is simply a replacement for the traditional role of a router in a non-hierarchical network.
1.1.8 The Enterprise Composite Network Model
The Enterprise Composite Network Model (ECNM) can be used to divide the enterprise network into physical, logical, and functional areas. These areas allow network designers and engineers to associate specific network functionality on equipment based upon its placement and function in the model.
The ECNM provides a modular framework for designing networks. This modularity allows flexibility in network design and facilitates ease of implementation and troubleshooting. The hierarchical model divides networks into the building access, building distribution, and building core layers, as follows:
Building access layer: Grants user access to network devices. In a network campus, the building access layer generally incorporates switched LAN devices with ports that provide connectivity to workstations and servers. In the WAN environment, the building access layer at remote sites may provide access to the corporate network across WAN technology.
Building distribution layer: Aggregates the wiring closets and uses switches to segment workgroups and isolate network problems.
Building core layer: Also known as the campus backbone submodule, this layer is a high-speed backbone and is designed to switch packets as fast as possible. Because the core is critical for connectivity, it must provide a high level of availability and adapt to changes very quickly.
An enterprise campus is defined as one or more buildings, with multiple virtual and physical networks, connected across a high-performance, multilayer-switched backbone. The ECNM contains these three major functional areas:
Enterprise campus: Contains the modules required to build a hierarchical, highly robust campus network that offers performance, scalability, and availability. This area contains the network elements required for independent operation within a single campus, such as access from all locations to central servers. The functional area does not offer remote connections or Internet access.
Enterprise edge: Aggregates connectivity from the various resources external to the enterprise network. As traffic comes into the campus, this area filters traffic from the external resources and routes it into the enterprise campus functional area. It contains all the network elements for efficient and secure communication between the enterprise campus and remote locations, remote users, and the Internet. The enterprise edge would replace the Demilitarized Zone (DMZ) of most networks.
Service provider edge: Represents connections to resources external to the campus. This area facilitates communication to WAN and Internet service provider (ISP) technologies.
1.1.9 Benefits of the Enterprise Composite Network Model
To scale the hierarchical model, Cisco introduced ECNM, which further divides the enterprise network into physical, logical, and functional areas. ECNM contains functional areas, each of which has its own building access, building distribution, and building core (or campus backbone) layers.
ECNM has these features:
It is a deterministic network with clearly defined boundaries between modules. The model also has clear demarcation points so that the designer knows exactly where traffic is located.
It increases network scalability and eases the design task by making each module discrete.
It provides scalability by allowing enterprises to add modules easily. As network complexity grows, designers can add new functional modules.
It offers more network integrity in network design, allowing the designer to add services and solutions without changing the underlying network design.
Figure shows the benefits that ECNM offers for each of the submodules where it is implemented.
1.1.10 Describing the Campus Infrastructure Module
The enterprise campus functional area includes the campus infrastructure, network management, server farm, and edge distribution modules. Each module has a specific function within the campus network:
Campus infrastructure module: Includes building access and building distribution submodules. It connects users within the campus to the server farm and edge distribution modules. The campus infrastructure module is composed of one or more floors or buildings connected to the campus backbone submodule.
Network management module: Performs system logging, authentication, network monitoring, and general configuration management functions.
Server farm module: Contains e-mail and corporate servers providing application, file, print, e-mail, and Domain Name System (DNS) services to internal users.
Edge distribution module: Aggregates the connectivity from the various elements at the enterprise edge functional area and routes the traffic into the campus backbone submodule.
The campus infrastructure module connects users within a campus to the server farm and edge distribution modules. The campus infrastructure module comprises building access and building distribution switches connected through the campus backbone to campus resources.
A campus infrastructure module includes these submodules:
Building access submodule (also known as building access layer): Contains end-user workstations, IP phones, and Layer 2 access switches that connect devices to the building distribution submodule. The building access submodule performs services such as support for multiple VLANs, private VLANs, and establishment of trunk links to the building distribution layer and IP phones. Each building access switch has connections to redundant switches in the building distribution submodule.
Building distribution submodule (also known as building distribution layer): Provides aggregation of building access devices, often using Layer 3 switching. The building distribution submodule performs routing, QoS, and access control. Traffic generally flows through the building distribution switches and onto the campus core or backbone. This submodule provides fast failure recovery because each building distribution switch maintains two equal-cost paths in the routing table for every Layer 3 network number. Each building distribution switch has connections to redundant switches in the core.
Campus backbone submodule (also known as building core layer): Provides redundant and fast-converging connectivity between buildings and the server farm and edge distribution modules. The purpose of the campus backbone submodule is to switch traffic as fast as possible between campus infrastructure submodules and destination resources. Forwarding decisions should be made at the ASIC level whenever possible. Routing, ACLs, and processor-based forwarding decisions should be avoided at the core and implemented at building distribution devices whenever possible. High-end Layer 2 or Layer 3 switches are used at the core for high throughput, with optimal routing, QoS, and security capabilities available when needed.
1.1.11 Reviewing Switch Configuration Interfaces
In the era of the early high-end Cisco Catalyst switches, the Cisco Catalyst operating system (CatOS) and the command-line interface (CLI) were significantly different from the Cisco IOS mode navigation interfaces available on all newer Cisco Catalyst platforms. The two interfaces have different features and a different prompt and CLI syntax.
Note:
Desktop Express-based switches use a Cisco Network Assist (GUI interface) not a CLI.
The original Cisco Catalyst interface is sometimes referred to as the “set-based” or, more recently, “Catalyst software” CLI.
In the Cisco Catalyst software, commands are executed at the switch prompt, which can be either non-privileged (where a limited subset of user-level commands is available) or at a password-protected privileged mode (where all commands are available). Configuration commands are prefaced with the keyword set.
In the example below, the Cisco Catalyst software commands execute the following:
Step 1 Show the status of a port.
Step 2 Move to enable mode, which requires a password.
Step 3 Enable the port.
Console> show port 3/5
.
.
Console> enable
Enter password:
Console(enable) set port enable 3/5
Cisco Catalyst switch platforms have had a number of different operating systems and user interfaces. Over the years, Cisco has made great strides in converting the interface on nearly every Cisco Catalyst platform to the Cisco IOS interface familiar to users of Cisco routing platforms. Unlike the Cisco Catalyst software, various modes are navigated to execute specific commands.
Here is an example of how switch port 3 might be enabled on an access layer switch using the Cisco IOS interface and how its status is verified after configuration. Compare how the Cisco IOS interface is navigated here to the previous example using Cisco Catalyst software.
Switch# config terminal
Switch(config)# interface fastethernet 0/3
Switch(config-if)# no shut
Switch(config-if)# end
Switch# show interface fastethernet 0/3
Some widely used Cisco Catalyst switch platforms that support the Cisco IOS interface are 2950, 2960, 3550, 3560, 3750, 4500*, 6500*, and 8500.
* These platforms have an option to use either Cisco IOS or Cisco Catalyst software for Layer 2 configuration.
The Catalyst software interface exists on several modular Cisco Catalyst platforms, including the Cisco Catalyst 4500, 5500, 6000, and 6500 Series.
For example, on the Cisco Catalyst 6500, you have the option of using the Cisco Catalyst software, Cisco Catalyst software plus Cisco IOS software, or Cisco IOS software functionality.
The Cisco IOS interface is used across a wide variety of Cisco Catalyst switch platforms, particularly the fixed and stackable switches, and is therefore the interface of reference throughout the remainder of the course. Labs may provide direction on the use of specific Cisco Catalyst software commands, depending on the equipment provided.
Summary
The SONA framework guides the evolution of the enterprise network toward IIN. The Cisco Enterprise Architecture, with a hierarchical network model, facilitates the deployment of converged networks. Non-hierarchical network designs do not scale and do not provide the required security necessary in a modern topology. Layer 2 networks do not provide adequate security or hierarchical networking. Router-based networks provide greater security and hierarchical networking; however, they can introduce latency issues.
Multilayer switches combine both Layer 2 and Layer 3 functionality to support the modern campus network topology. Multilayer switches can be used in non-hierarchical networks; however, they do not perform at the optimal level in this context.
The enterprise composite model identifies the key components and logical design for a modern topology. Implementation of an ECNM provides a secure, robust network with high availability. The Campus Infrastructure, as part of an ECNM, provides additional security and high availability at all levels of the campus.
No hay comentarios:
Publicar un comentario