Network design is becoming more complex due to the increasing development in technology and the different types of traffic added to the network backbone. As a result, it is necessary to have methodologies, processes, and architectures in place that support network design plans. Overall, this will support the company’s business goals.

You can learn more advanced network design concepts in our Cisco CCNP certification course.

Back to index.

The following issues have resulted in new network architectures:

The growth in different types of applications
The evolution of IT, from basic network connectivity to converged intelligent systems
Increased business expectations from networks

Network Design Principles

When building a network, choosing the network hardware and software components must be completed with careful design, planning, deployment, and support. These design principles will be covered in detail in the sections to follow.

Business Policies and Procedures

Today’s modern organizational models try to leverage internetworking power and the benefits of the global Internet. This modern approach is different in many ways from the traditional organizational model that was based on a vertical network design.

Traditional companies have a closed structure and a limited ability to integrate with other organizations and other companies from an IT standpoint, resulting in limited access to information. These companies are difficult to both partner and interact with because most of the processes and applications are done internally. Therefore, companies that adopt this model are unable to adapt and take advantage of new technologies. It is also quite difficult for them to create and maintain optimal relationships with their stakeholders (e.g., partners, customers, and investors).

These disadvantages created the need for a new modern networking organizational model based on a horizontal network design that allows partnership and collaboration with other entities. It also provides a more focused expertise over the products and services vital to a company’s business model. The key issue in network design is the ability to share information, both internally and externally. The Internet offers a way to accomplish this by giving companies access to unlimited resources that bring value. This makes stakeholder relationships as important as the actual products or services offered by a company, which is key to the company’s success.

The power of relationships is a key aspect of corporate information sharing and system integration. The process of building a system that integrates all of the stakeholders is referred to by Cisco as an ecosystem. The main objective of this CCDA manual is to learn how to design this ecosystem, whether this is done internally or with external partners, suppliers, vendors, or customers. The design of an ecosystem must include a scalable and flexible network infrastructure that will be able to leverage enterprise networking and the Internet. Creating an environment that is highly accessible and collaborative, and that can break geographical boundaries, will promote an efficient integration of all the stakeholders.

Figure 2.1 – Modern Organizational Model

The modern organizational model shown in Figure 2.1 above involves the following four entities:

Employees
Customers
Vendors and suppliers
Partners

The most important entity is the employees because they are the most important asset of any company. This consists of human resources information, data about benefits, job openings, stock reports, schedules, and expense reporting, all of which depend on the corporate Intranet. This Intranet provides instant access to the most recent information, services, and application updates used by all the employees.

The most important customer-related aspects of a company are online support, technical support, and providing different types of customer services. Depending on the situation, customers might need to access some of the company’s resources, for example, opening a support ticket.

The vendors and suppliers are involved in the process of ordering, billing, and delivery of the products the company uses. These processes can be very time and labor intensive, so organizations can leverage their existing internetworks to create links to their suppliers and vendors. This lowers costs per transaction and is part of an efficient organizational ecosystem.

The fourth component in the organizational model is strategic partners, with which the company creates strategic relationships in order to leverage their resources and services to complete in-house expertise and skills.

This modern organizational model applies to small, medium, and large companies and serves all their current and future business needs. For example, by externalizing certain services, a company can lower cost structures, allowing the possibility of increasing employees’ salaries. A company can also benefit from information sharing with its customers through modern means (e.g., websites, portals, etc.), or from better communication with its employees through the Intranet. Companies that use this model are also more flexible in the event of rapid market changes than companies based on the traditional vertical model are.

The modern horizontal organizational design is built around a modular architecture that uses technology consistent with the needs of the organization. This modular approach also allows companies to have a network infrastructure that is better suited for scalable applications.

Organizational Architecture of the Network

When discussing the architectural components of the network, the architecture that Cisco recommends is divided into multiple layers (Figure 2.2) that make the processes in the organization easier to expand, implement, and scale.

Figure 2.2 – Organizational Architecture of the Network

Each layer has its own specialized functions or tasks within the organizational process. Applications and services comprise the top layer and include organizational goals. Applications and services offer a concrete set of functions that can be accessed by the network, but only by authorized users (e.g., employees, strategic partners, customers, vendors, and suppliers). This layer also includes productivity tools (e.g., word processing, databases, browsers, e-mail services, file transfers, and custom tools).

Intelligence solutions, and structured data and business logic comprise the middle layer. These elements make the modern network much more intelligent and help support applications and services in an efficient manner. This level also includes functions such as messaging (e.g., chat, VoIP, video conferencing, etc.), database structures, and other content networking solutions.

The bottom layer is the foundation of the organizational architecture, the network infrastructure. This is composed of the network platform, the connections that work together to provide a highly available, secure, and scalable network.

All of these layers are combined and offer a foundation for all the organizational policies, goals, and procedures that are put in place by management and then handed to other departments in the company to support the overall goals and mission of the organization.

Some general considerations regarding the organizational model are that it should mirror the logical structure of the company, it should be consistent with the organizational processes, and it should get constant input from the stakeholders. In addition, control and access mechanisms should be implemented so that the model is manageable. The core application should be implemented first and the other features should be developed around it.

Organizational Policy

Before designing a network, an important aspect must be considered: all organizations have policies, at one level or another. Even if the procedures are not written, there is some kind of understanding at the management level about the goals of the organization.

Organizational policy and procedures are generally a collection of specific guidelines and rules in written form that are understood, implemented, and maintained at every level of the organization in order to reach well-defined goals. The organizational policy cycle contains the following three components, or steps:

Set the policy
Enforce the policy
Maintain and change the policy

Note: Company policies dictate what technologies to use. For example, the decision to use a specific hardware device or network protocol is derived from a specific business need.

Policies are set by the management (e.g., CEO, CIO, board of directors, etc.). The same entities monitor the implementation of the policies and measure their impact on the organization. Senior managers might designate to middle managers the ability to hire and fire individuals based on their willingness or ability to adhere to the organizational policies and procedures. Maintaining the policy means reevaluating it based on new technologies, business logic, and security needs. Security is a key area where policies are often changed because new threats arise constantly.

The policy makers include the following, from top to bottom:

Board of directors, executives (CEO, CIO, CFO, etc.), and senior management
Departmental management (unit managers, area managers, supervisors, etc.)
Employees (people with expertise in various fields who can be relied on to formulate the procedures)
External consultants
Strategic partners

After understanding the company’s policies, a network designer must also understand how information flows through the organization. This is a complex process, and it differs based on the size of the company and the number of departments involved in a specific task. For example, a sales order process initiated by a customer will go through the sales, financial, management, and distribution departments. This process also generates interaction with strategic partners and suppliers. Every step of this process might be backed up by specific applications that cover certain tasks. The network designer must understand how these applications affect the underlying network infrastructure.

Network Infrastructure Essentials

As mentioned before, a flexible network infrastructure helps the organization and its customers meet the needs, policies, and procedures to help facilitate information flows. Designing that network infrastructure involves considering the following essential features recommended by Cisco:

Availability: Critical business applications need to have complete access to network resources on a 24/7 basis. All the components of the network infrastructure should be redundant and resilient.
Efficiency: The best equipment and software that is tuned for optimal results should be provided. This should be accomplished with reasonable costs and investment (the most efficient network at the lowest cost) by implementing features such as Quality of Service (QoS); Authentication, Authorization, and Accounting (AAA); and filtering.
Functionality: The network infrastructure must support the business applications and services in terms of efficiency and availability.
Manageability: Management tools (CiscoWorks, etc.) should include technologies (configuration management, performance monitoring, and fault detection) that improve the control of the network, such as SNMP.
Performance: The important applications should get all the bandwidth they need. Scalable and modular hardware should be used, IOS should be properly configured, and special technologies should be used when needed (QoS, etc.).
Scalability: This includes the ability to grow and expand with the organizational goals of the policies and procedures. Scalability studies might be required, for example, in a situation where company acquisitions are planned.

Cisco Intelligent Information Network

Cisco Intelligent Information Network (IIN) represents a multi-phased architecture that injects intelligence into a network infrastructure. Its single integrated system provides intelligence across multiple layers and aligns the network infrastructure with the rest of the IT infrastructure, integrating the network with applications, software, servers, and services. In other words, the network becomes an active participant in the total delivery of applications and services. Cisco sees this as an evolving environment (i.e., ecosystem) that responds to constantly changing business requirements.

Cisco IIN features the following capabilities:

Integrated system: The network is integrated with applications and services.
Active delivery: The network fully participates in monitoring, management, optimization of service delivery, and applications.
Policy enforcement: The network enforces policies that allow it to reach business goals, link business processes, and establish rules and procedures.

As mentioned, Cisco IIN is an evolutionary approach comprised of the following three phases:

Integrated transport: This involves the convergence of data, voice, and video into a single transport network. An example of this is Cisco’s Unified Communications platform. As new applications are delivered, there is an infrastructure in place for integrated transport. Unified messaging is an example of applications where users integrate voice messaging, e-mail, text, or voice recording.
Integrated services: This represents the merger of common components, such as data center server capacity or storage, virtualization technologies that allow the integration of servers, and storage and network components. By virtualizing systems with redundant resources, the network infrastructure can offer services in case the local network fails, in addition to enhancing disaster recovery and business continuity.
Integrated applications: At this level, the network becomes fully application aware and can proactively optimize application performance by integrating application message handling, application security, and application optimization. Cisco calls this integrated application technology Application Oriented Networking (AON).

Service Oriented Network Architecture

Service Oriented Network Architecture (SONA) is an ongoing architectural framework that supports emerging technologies, IT strategies, and initiatives. SONA is a three-layer model, as shown below in Figure 2.3.

Figure 2.3 – SONA Three-layer Model

The bottom layer is comprised of the physical infrastructure, which is also referred to as the network infrastructure layer. This is where the servers, storage, and clients are located and includes different modular design areas (e.g., WAN, enterprise edge, branch, campus, data center, and teleworker).

The core common services comprise the middle layer. These are integrated into an interactive services layer along with the services management and include the following:

Real-time communications
Mobility services
Storage services
Application delivery
Management services
Virtualization technology
Transport services

The top layer comprises the applications platform, which includes the following:

Commercial applications
In-house developed applications
Software as a Service (SaaS)
Composite applications
- Product Lifecycle Management (PLM)
- Customer Relationship Management (CRM)
- Enterprise Resource Planning (ERP)
- Human Capital Management (HCM)
- Supply Chain Management (SCM)
- Procurement applications
- Collaboration applications (instant messaging, IP contact center, video delivery, etc.)

All of these components work together as an architectural framework. The advantages they offer include the following:

Functionality
Supports enterprise operational requirements
Scalability
Expansion and growth of the organizational tasks, as it separates the functions into layers and components
Facilitates mergers and acquisitions
Modularity
Hierarchical design that allows network resources to be added easily during times of growth
Availability of services from any location in the enterprise, at any time

The SONA network is built from the ground up with redundancy and resiliency to prevent network downtime. The goal of SONA is to provide high-performance, fast response times and throughput by assuring QoS on an application-by-application basis. The SONA network is configured in order to maximize the throughput of all critical applications, such as voice and video. SONA also provides built-in manageability, configuration management, performance monitoring, fault detection, and analysis tools. SONA provides an efficient design with the goal of reducing the total cost of ownership (TCO) and maximizing the company’s existing resources when application demands increase.

PPDIOO Lifecycle Model

In addition to knowing the essential features of a flexible network, a network designer should also follow a methodology that must guide the entire lifecycle of the design process. In this regard, Cisco developed the PPDIOO model, which is a six-phase model that every network implementation will go through during its operational lifetime, as follows:

Prepare
Plan
Design
Implement
Operate
Optimize

The PPDIOO lifecycle model (Figure 2.4) and SONA have one common benefit: they both lower the TCO. In the early phases of the process, technology requirements are evaluated and validated, which allows for proper planning in response to changes in the infrastructure and requirements for resources. It also improves network availability by using a solid network design, and along the way, network operations are validated. In addition, it makes the company more agile by establishing business requirements and technology strategies and adjusting them on a regular basis. Finally, it speeds access to applications and services by improving the following issues:

Availability
Scalability
Performance
Reliability
Security

Figure 2.4 – PPDIOO Lifecycle Model

The network’s lifecycle might not go through these six phases in this particular order without some type of iterative process. For example, after the implementation phase, you might need to go back to the planning or design phase and make some changes at that level. It can also be an iterative process where the flowchart can be modified based on changing technologies, budget, infrastructure, business needs, or business structure. Unplanned actions can happen, especially in the operation phase. Each phase is covered in detail below:

Prepare Phase: The first phase of PPDIOO is the prepare phase. This is where you establish the company’s requirements and goals. The IT and the network/security infrastructure must always be in line with the company’s goals and business requirements. At this stage, a network strategy and high-level architecture to support that strategy is developed. Possible technologies that can support that architecture must be identified. A business case must also be established in order to have a financial justification for the overall network strategy. Representations from the company’s board of directors (CIO, COO, etc.) might be involved in this phase.
Plan Phase: Planning is the most underutilized phase in the PPDIOO process. This includes identifying the decision- and policy-makers, and determining the fundamental network requirements (who needs what services and when). The plan phase is where the entire information gathering process is completed, and the network and security requirements are identified, as well as identifying the legislation to which the company or its customers must adhere (SOX, HIPAA, etc.).
- The network security system lifecycle must be analyzed carefully, including the company’s needs and risk analysis. The security policies, guidelines, and processes must be evaluated, along with the security system that is in place or with possible future security system acquisitions, such as the Cisco Adaptive Security Appliances (ASAs). Planning also includes the study of best practices and case studies, and then putting into place the security operations, responses, monitoring, and compliance.The network management processes also must be considered in this phase because they are closely related with the network infrastructure. This includes fault management to detect and correct specific problems; configuration management that helps in establishing a network baseline and in developing a configuration tracking process (for networking appliances and devices); accounting management that keeps track of circuits for billing of services; performance management to monitor the network’s effectiveness in delivering packets; and security management (AAA – RADIUS/TACACS+ protocols).
  In the plan phase, you will characterize the network and perform an analysis against best-practice architectures, and look at the operational environment overall. A project plan must be created in order to help manage the tasks, identify the responsible parties or individuals, set the milestones, and identify the resources needed for the design and implementation of the project. This generated project plan must be followed through the remaining phases of the PPDIOO lifecycle.
  
  Note: Remember, security is a top-priority consideration in any phase.
Design Phase: The next phase involves designing the network according to the company’s policies, procedures, business goals, and available budget and technologies. The design phase also might mean meeting with policy-makers, team leaders, and end-users in the process of gathering and analyzing data, and auditing all key activities. Results of the design phase are the basis for the approach taken in the next phase, which involves implementation. The focus of the CCDA blueprint is comprised of the first three PPDIOO phases – prepare, plan, and design – among which the design phase is the most complex. As such, the design phase will be covered in more detail later in this chapter and in the remaining chapters of the manual.
Implement Phase: The competitive nature of business, and the rush to market products and services, forces many organizations to skip the first three phases of the PPDIOO lifecycle model and start with the implement phase. Many times, those companies become stuck in this phase because of a lack of planning and design. The implement phase involves constructing the network infrastructure with the best affordable technologies based on all the design specifications.
- The implement phase includes configuration, installment, maintenance, and so on. This is where the new equipment is installed and configured using the command line interface (CLI) or graphical tools (SDM, ASDM, etc.). Old devices might be replaced with new devices, or some components might be upgraded (memory, operating systems, etc.). The project’s plan must be followed during the implement phase. Planned network changes should occur here, and they should be communicated through control channels in meetings and receive the appropriate approvals.Each step in the implement phase should have a description, detailed implementation guidelines, a time estimate, and instruction steps for falling back to a previous state in case something goes wrong. It will also combine additional reference information, from either RFCs, white papers, case studies, or other Cisco documentation. Any changes implemented here should be tested before moving on to step 5 – the operate phase.
Operate Phase: The operate phase is the final proof that the network design was implemented properly. Performance monitoring, fault detection, and operational parameters will be confirmed in this phase. This will also provide the data used for the final phase.
- This phase involves maintaining the day-to-day operational maintenance and health of the network infrastructure. This includes managing the network components, monitoring, conducting analysis and creating reports, routine maintenance, managing the upgrades of the systems (hardware, software, of firmware), managing performance, and identifying and correcting any network faults or security incidences. This final test of the design process involves analyzing the actual operations of the implemented network system. Network management stations (NMSs) should monitor network health parameters, through SNMP traps (and certain thresholds reached) or other real-time monitoring solutions.
Optimize Phase: Optimizing involves proactive and aggressive management and control over the network. Problems must be identified quickly so that troubleshooting can take place to assure fault detection. This phase is crucial because it is often followed by another planning or design session in order to redesign the implementation, which makes these phases all the more important. Much time and money might be invested into the optimize phase if some failures occur in the initial planning and design phases.
- Optimization refers to proactive network management, meaning identifying and resolving issues before they move throughout the entire network. The optimize phase might also generate a modified network design if too many problems appear in the implement and operate phases. Sometimes, you might need to go back to the design phase in order to solve those problems and implement new solutions.

The goal of this entire process is constant improvement, and the IT Infrastructure Library (ITIL) might be used as a basis for network design and administration.

The following section will focus on the primary goals of a network designer in detailing the design phase and analyzing some design methodologies used in PPDIOO.

Note: A seventh phase, referred to as the retirement phase, is activated when equipment needs to be taken out of production.

A proven method for network design is necessary because it provides consistency in the design process, it offers a framework from which to work, and it assures the network designer that no steps will be left out of the process.

Design Phase Methodology

As with the previous phases, the design phase is based on the requirements of the company as they align with their technical requirements. The goals of the design phase include the following parameters:

High availability
Assures redundancy
Failover and fallback mechanisms, both at the software and hardware level under network-enabled devices
High availability of dynamic routing protocols
Scalability (the ability to grow the project based on future growth models)
Security
Performance models and goals

In this particular phase, the team involved in the design process might request input from different areas of the company, from security professionals, or from various department leaders. The gathered information will be compiled, logical and physical diagrams will be created, and analysis and reports will be generated based on the conclusions. The initiated project plan will be modified and updated during the design phase. The project plan also should be finalized in this phase because the next phase is implantation and no more modifications should be made to the plan during this phase.

Design phase methodology involves the following three steps:

Identify network requirements: This is accomplished with the help of the decision-makers, the stakeholders, or the steering committee. Proposals for the conceptual architecture must be defined, followed by another prepare phase.
Characterize the existing network: The existing network must be assessed in order to determine necessary infrastructure to meet the requirements previously defined. This step will define what resources exist and what resources need to be procured to meet the goals. The network will be assessed based on functionality, performance, and quality.
Design network topology and solutions: The network topology is designed to meet all the business and technical requirements. A detailed design document will be generated in this phase, based on the project plan. This will include design solutions, such as network infrastructure, voice over IP (VoIP), content networking, and intelligent network services (Cisco NetFlow, etc.).

As mentioned earlier, in the design phase, the focus is on the first three phases of the PPDIOO process: prepare, plan, and design.

Identify Network Requirements

Step one of the design phase is to define the network requirements. This process can be made for the company or for their customers and consists of the prepare phase of the PPDIOO lifecycle model.

In this phase, you will identify current and future applications and their importance in the organization. For example, e-mail is considered a critical system, but different applications have different priorities in the organization. The applications and services must be analyzed, along with the data plane traffic (i.e., traffic that moves from client to client or from client to server, not traffic destined to network devices).

The next step is to examine how the identified network applications and services map to the organizational goals. The organizational goals must align with the IT infrastructure, and they must include improving customer support in the case of service providers or improving service desk support if internal users are served. The objectives that must be analyzed in this phase include decreasing the costs and increasing competitiveness in a specific field or industry.

Next, the network designer must define the possible constraints in meeting the organizational goals. These might include the following:

Budget constraints
Personnel constraints (the prepare, plan, and design phases might have less resources allocated to them than the implement and operate phases do)
Organizational policy constraints
Security policy constraints, for example, open source solutions may be preferred to proprietary solutions (EIGRP)
Need for external contractors and consultants
Scheduling constraints (timeframe)

Note: Design is one of the most commonly overlooked and unprovisioned areas in network construction, and this issue might lead to a waste of time and money in the end.

After defining the constraints, the technical goals must be defined. These should be aligned with the organizational goals, and they typically consist of the hardware and software that will help meet the organizational goals. The response and throughput of the network should be improved while decreasing network failures and downtime that affect corporate productivity. Network management should be simplified so results and analysis can be obtained quicker and more time can be allocated to incidents and troubleshooting. Network security, availability, and reliability of mission-critical applications (e.g., e-mail or database) also should be improved. Outdated technologies should be updated according to a well-defined plan that includes milestones. Network scalability also should be improved as system evolution and growth is planned.

The technical goals mentioned above might have some constraints, such as a lack of proper wiring capacity to support all the applications or a lack of bandwidth (i.e., FastEthernet links instead of GigabitEthernet links). Another constraint would be having legacy equipment that does not support newer features to meet the organizational and technical goals, or having legacy applications that cannot be replaced and need to be accommodated within the network infrastructure.

The following techniques must be mastered in this process:

Scope assessment: The network designer must decide whether to start with a new network implementation or build upon an existing network infrastructure. With a new implementation, step two of the design methodology (characterize the existing network) is skipped. Another important decision is whether to design the entire enterprise network or just a subset of it (e.g., specific departments). This concerns the modular network design concept. The technologies used also must be determined (LAN, WAN, VoIP, security, etc.). The scope assessment technique is closely related with analyzing the OSI reference model, because it must be determined whether the scope will cover just the Physical Layer and Layer 3 technologies (addressing, NAT, routing, etc.) or also the Application Layer.

Gathering the necessary data: The information for the design phase is generally extracted from certain documents called RFPs (request for proposal) or RFIs (request for information). An RFP is a more formal document sent to vendors, suppliers, or strategic partners to ask them for proposals to help meet a company’s organizational needs with their products or services. On the other hand, the RFI is a more informal document with the purpose of gathering ideas and information from vendors and partners about a specific project or a specific area of the implementation. These different proposals and requests are used for different reasons, including gathering information from existing and potential customers (initial requirements), and following up by creating draft documentation that will describe the initial design requirements. This information must be verified with customers, management, and vendors. This data-gathering process will be revised as necessary as things change within the organization. All the documents (RFPs, RFIs, customer queries, etc.) can be modified based on the feedback received from the stakeholders.

Identifying organizational goals: This technique must always precede the process of establishing the technical goals and means. A network designer must understand what the management considers a success and a failure. In addition, the customers’ expectations must be determined, along with the organizational short-term and long-term goals. Most companies want to use IT and networking tools to lower their expenses, increase their applications and services, and obtain a competitive advantage. From a business standpoint, the infrastructure must be as flexible and as reliable as possible.

Common organizational goals for most companies, despite their size, are as follows:

Utilizing available resources efficiently
Maximizing profits and revenue
Reducing development and production cycles
Increasing competitiveness
Improving availability of data
Enhancing interdepartmental communications
Boosting customer support and customer satisfaction
Broadening information infrastructure to stakeholders

Identifying organizational limits: This step usually covers the following categories:

Budget
People
Policies
Time

Unfortunately, network designers are often forced to find the most affordable solution instead of the optimal technical solution. This means certain things might need to be compromised, such as scalability, manageability, performance, or availability. The available budget should include all the purchases, equipment, licenses, and training. The budget should be the final decision, but in most cases, it is the primary consideration. Network designers must find areas in which they should make compromises in order to improve the overall goals of a specific project and obtain an effective solution.

Another limitation concerns available personnel involved in the project and their expertise. Additional training might be necessary if the available resources are not very technically skilled. In addition, you should analyze the number of contractors and the level of outsourcing in the project. For the implementation and the maintenance phase, adequately trained and technical staff must exist in order to fulfill the organizational goals.

The organizational limits will be dictated by the organizational policies and procedures. This includes what vendors are being used, what standards are in place (e.g., open standards), policies about protocols, and different applications.

The last aspect includes the timeframe, particularly the deadlines that must be met. These organizational limits can make the network designer’s job either easier or more complicated. This includes how long it will take to deploy applications and train users. This part is taken care of by the project manager, who must create milestones for the design and implementation processes.

Identifying applications and services: The next phase in determining the needs of the customer is finding out what applications and services will be used. After discussions with key decision-makers, a detailed analysis must be made that will take into consideration the following aspects:

Application category (e-mail, productivity, database, security, web browsers, management, etc.)
Application choices for each category (low, medium, high, or critical)
The level of importance of the application or service

All of this information can be identified based on a brainstorming session with the stakeholders or team leaders in order to determine the necessary applications and their level of importance.

Reaching technical goals: This technique involves isolating and reaching the technical goals. The network designer should be an expert in determining what these goals should be and how to achieve them under all the limitations of budget, personnel, time, procedures, and policies. A list of some common technical goals includes the following:

Maximize performance and productivity
Enhance security
Achieve reliability for critical core applications (99.9% for most organizations)
Reduce downtime
Update obsolete hardware and software (depending on the budget constraints)
Boost network scalability (modular solutions)
Simplify network management

Identifying technical restraints: A successful design engineer must recognize the technical obstacles and restraints in the organizational design. This usually falls into the following categories:

Limitations of existing equipment (updates might be required)
Availability of bandwidth (mostly related to WAN connections)
Compatibility of applications (the use of a single vendor might be required)
Adequacy of trained personnel (more training might be required)

Characterize the Existing Network

Step two in the design phase is to characterize or classify the network. This is where the network designer will identify the major features and characteristics of the network, as well as define the tools used to analyze, audit, and monitor network traffic.

Information gathering always occurs in an early phase in any multi-step process, such as in application development or designing the security model. The information gathering process consists of the following three steps:

Compile all existing information and documentation.
Conduct a network audit.
Perform traffic analysis.

Information gathering compiles all the existing information in any form, in any existing documentation. This must happen first to avoid duplicating work, especially work that has already been done by somebody else.

The second step is conducting a network audit with as much pre-information as possible. The network audit might need to be performed by a Certified Information System Auditor (CISA). Network auditing tools should be used, along with the necessary documentation and network management tools (e.g., CiscoWorks, Tivoli, and so on) that will give information about the network’s device inventory, configuration, and status.

The audit must give information about the version of the software used, IOS, management software (e.g., ASDM, SDM, etc.), the configuration on the devices, Layer 1 and Layer 2 information and topology, interface speeds, CPU and memory utilization, WAN types, and VPN types. Manual auditing of the network devices will involve using a wide variety of “show” commands on Cisco devices, such as “show tech-support” that will generate a huge report on individual systems, “show version”, or “show running-config”.

Other tools that might be used in the auditing phase include the following:

Packet sniffers (e.g., Wireshark)
SNMP tools
Network analysis tools, including the following:
- Network Based Application Recognition (NBAR) from Cisco, an IOS tool that helps identify well-know applications, protocols, and services
- NetFlow, a very popular solution that runs on Cisco and third-party devices that consists of reporting tools that record information about traffic patterns that cross devices

A network checklist is useful in the auditing phase. This should include available topology segments, IP addressing schemes, or WAN connections.

All the tools presented above can be used in the third step of the information gathering phase, which is performing traffic analysis. In this phase, the designer should discover the following:

Network response time
Available bandwidth
QoS mechanisms used, especially when using VoIP
Security features implemented, such as segmenting the network using VLANs

Performing traffic analysis might involve a large team that can find the necessary documentation to cover the mentioned analysis tests.

Network designers are often in a situation where the network infrastructure is already in place, and the new design will involve only restructuring or upgrading the existing network implementation. The network designer must review the existing documentation and diagrams that the customer has about the network, get input from different IT personnel, perform some kind of network auditing, define and describe the existing topology, and conduct some traffic analysis.

Five components that describe the network can be defined as follows:

Layer 3 topology
Layer 2 topology
Network services
Network applications
Network modules

The first step in the process is to obtain a Layer 3 topology of a network from the existing documentation or diagrams. The topology example below in Figure 2.5 shows that the core of the network (backbone) is comprised of high-end routers. Other network areas include the internal server zone, the network management area, the WAN connection, the PSTN connection, the Internet connection, and the DMZ (web servers).

Figure 2.5 – Network Components

Important information that can be gathered at Layer 3 includes routing protocols (e.g., EIGRP, OSPF, etc.) used in the network core or at the edge, the Internet connection capacity, applications that are accessed through the Internet, and WAN connection type and capacity (e.g., Frame Relay, ATM, etc.).

The Layer 2 topology map can be a separate map or it can be built by adding elements to the existing Layer 3 topology. The recommendation is to isolate and document the network areas based on shared bandwidth capacity (e.g., GigabitEthernet or FastEthernet) and the switches used at different layers (e.g., Access Layer, Distribution Layer, and Core Layer). Layer 2 technologies also include the WAN connections (e.g., Frame Relay, ATM, etc.) that might connect the company branch offices.

The next step is to isolate the network services and map them into a separate document as follows:

Domain name services: DNS
Network management services: SNMP, TFTP
Security services: TACACS, access lists on the routers, IPSec, NAT
Routed protocols: IP, IPX
Routing protocols: EIGRP, OSPF

The fourth aspect includes the applications that run on the network, such as the following:

File sharing applications (FTP)
Web applications
E-mail applications
Instant messaging
IP Telephony
Microsoft Exchange
Multicast applications

Once the Layer 2 and Layer 3 network topology, the network services, and the applications have been identified, the gathered information must be divided into logical modules in order to obtain a modular design. Based on the depicted topology in Figure 2.6 below, the following modules might be of interest:

Backbone module
Network management module
PSTN access module
Corporate Internet module
Public access module
WAN module
Internal server farm
LAN (Access Layer) module

Figure 2.6 – Modular Network Map

The next step is identifying the components and proprieties for each network device (e.g., router, switch, firewall, etc.). This includes the following:

Device model
CPU/memory
Utilization
IOS version
Device configuration
Routing tables
Interfaces
Modules/slots

This information can be obtained from the IT staff, or it can be gathered individually by accessing the network management station and connecting to each network device in the topology.

Note: The process of gathering configuration and performance information about a specific network device is also called device auditing. The Cisco solution for network auditing and monitoring is called CiscoWorks.

A network designer might also need to use network analysis tools in order to find information about traffic flows, QoS techniques, security information, traffic profiles, and the way certain applications and protocols use the available traffic. Some of the tools that can be used in this regard are the Cisco NetFlow analyzer tool or the Wireshark packet capturing tool (sniffer). The screenshot below (Figure 2.7) is an example of a Wireshark FTP capture session.

Figure 2.7 – FTP Session Packet Capture

The last step in describing the existing network is to combine the created Layer 2 and Layer 3 topology maps with the discovered services and applications, and create a summary report that can be presented to key decision-makers and policy-makers within the organization. This document can include the following:

Number and type of devices
IOS version used
Memory capacity and upgrade recommendations
Discovered points of congestion and recommendations
Suboptimal paths and recommendations
Routed and routing protocols and upgrade recommendations
Survey of applications and services
Impact assessment (cost, personnel, time, etc.)

Design Networking Topology and Solutions

The third step of the design phase is designing the networking topology and solutions. An effective approach for this is a structured design (Figure 2.8) that allows you to develop a complete system with an optimum design at the lowest cost, while meeting all of the following customer requirements:

Performance
Functionality
Flexibility
Capacity
Availability
Scalability

Figure 2.8 – Design Network and Topology Solutions

The network designer’s goal in this phase should be to develop a systematic approach that takes into consideration the business’s needs; the organizational goals, policies, and procedures; the technical goals and constraints; and the existing and future network infrastructure. This includes physical models, logical models, and functional models.

The best approach in this phase, and the one recommended by Cisco, is the top-down approach, which is suitable for a medium-sized network to a large enterprise campus design. Using this approach ensures that you have an overview of the design before focusing on the design details. This basically means beginning with Layer 7 of the OSI model and then moving down from the Application Layer to the Presentation, Session, Transport, Network, Data Link, and Physical Layers.

The network and physical infrastructure should be adapted to the needs of the network applications and services. In other words, you should not choose your network devices or your hardware and software technologies until the requirements for the applications are fully analyzed and met.

The concepts of SONA and IIN should also be incorporated into the design process and combined with the business’s needs and organizational requirements. This includes considering issues such as organizational and technical constraints.

The top-down approach is usually a very time-consuming process and a bit more costly, but it is preferred over bottom-up solutions, where the design is based on previous experience and you are just looking for a quick fix or solution. The problem with the bottom-up approach is finding an inappropriate design in the medium- to long-term in which the organizational requirements and constraints are not included. This could result in process rollbacks at later phases of the project.

Note: To learn more about the Cisco approach to top-down network design, refer to the book Top-Down Network Design, 3rd Edition, published by Cisco Press in 2010.

Figure 2.9 below presents an example of the top-down network approach methodology:

Figure 2.9 – Example of the Top-down Approach

The diagram above starts at the top with applications and services, which includes the Application, Presentation, and Session Layers. Based on the applications’ requirements and needs, and the way they map to the organizational goals, you will apply a network infrastructure and services design to meet the application requirements of the organization. This includes the data, the type of traffic and network services needed, and the type of design that will meet the needs of those applications.

Once the goals are met, the network should be modularized using a modular approach, including the core of the network, the data center, the server farm, the branch, the Distribution and Access Layers, and the Internet connectivity layer. After the network is modularized, you will then apply the decisions made for infrastructure and services to different modular areas of the network by dealing with certain segments of the network at a time.

The next step is to take this modular implementation and create logical subdivisions that will be addressed on a project-by-project basis. From a project management or steering committee standpoint, these will be logical subprojects. Different subprojects might exist for the following:

Choosing the technology, acquisition, and provisioning
Physical topology design (placing design at different layers)
Addressing design scheme, including NAT solutions
Routing selection and design
Quality of Service design (traffic management)
Security design
IP Multicast design (for video and audio streaming)
IPv6 provisioning design

Design Process: Final Steps

The final steps of the design process within PPDIOO include the following:

Plan the network implementation: This step involves a high degree of documentation and diagramming. A step-by-step procedure must be established for each aspect of the modular design. This must be well documented and detailed, must describe every step (with references to the different documents, diagrams, or reports created), and must include a detailed guideline for implementation. In case of a pitfall or a design failure, the network designer must have a rollback plan in place. In addition, project managers and other staff members must be consulted to give them an estimation of the time required for implementation. Tests must be made at every step in the process and complex procedures must be broken down into smaller pieces, such as when implementing complex technologies, for example, IP Telephony.

Pilot and prototype testing: The network designer must be sure to verify the design once it is completed. This can be accomplished with a prototype or a pilot network involving a sample implementation that helps test the solution. Depending on the solution, some organizations might implement both the pilot and the prototype testing, or just one of them.

A pilot site is a live location that serves as a test site before the solution is deployed. This is a real-world approach to discovering problems before you deploy the network design solution to the rest of the internetwork. A pilot network tests and verifies the design before the network is implemented or launched. It can also be a subset of the existing network infrastructure where the design is tested. The pilot test might take place within a particular module or a particular building or access area before extending the design to other areas.

A prototype is a subset of the full design tested in an isolated environment, unlike the pilot test, which is implemented in the production network. The benefit of using a prototype is that it allows the full testing of the network design before it is deployed, without having any negative effects on the production network. A prototype test is often used before applying a redesign to an existing network.

Note: Pilot networks are used when building a network from scratch and prototypes are used in redesign situations.

The results of the pilot or prototype tests will be documented in a proof of concept section in the final design document.

A prototype is most often preferable because, generally, some kind of infrastructure already exists and this makes the network designer’s job much easier. Like in other phases, the customer’s needs and requirements must always be at the top of the priority list. Prototype or pilot network implementation has two possible results: it is either successful or it fails the design goals. If the prototype does not meet all the objectives, it is a failure. A success means it has proved the concept of the actual network design, including the planning, preparation, and design phases, which will allow it to move into the implementation phase. Sometimes a success in this step concludes the network designer’s job, who must then hand over the project to the personnel or outside consultants handling the implementation of the hardware and software solutions.

A failure in this phase does not mean the entire project failed. It simply means some corrections must be made to the actual design, after which a prototype test must be repeated until it is considered a success. Any failures that occur during the testing phase allow you to go back to the iterative process and correct either the planning, preparation, or design aspects and repeat the pilot/prototype tests to correct any weakness that might have a negative effect in the implementation process.

Fully document the design: The design document is the final document that will be created, and it is a complementary document to the planning document. The design document should include the following components:

Introduction (description of project goals)
Design requirements, including organizational and technical constraints
Existing network infrastructure (logical Layer 3 topology diagram, physical topology diagram, audit and analysis results, routing protocols, applications and services summary, device list, configuration, and description of any identified issues)
Design section (specific design information, logical topology design, physical topology design, IPv4 and IPv6 design, routing protocols, and security configurations)
Proof of concept (the conclusion of the pilot/prototype testing phase)
Implementation plan (useful in the next phase of the PPDIOO process, presenting the steps that must be followed by the implementation team in order to implement the new system or the network upgrade successfully)
Appendix (white paper, case studies, additional information, and configuration)

An example of a design document structure is presented below:

Introduction
Requirements for the Design
Existing Infrastructure
- Layer 1 Topology
- Layer 2 Topology
- Layer 3 Topology
- Audit Results
- Recommendations
Intelligence Services
- Applications
- Services
- Analysis
- Recommendations
Solution Design
- Design Summary
- Design Details
- Implementation Details
- Recommendations
Prototype Network
- Prototype Details
- Prototype Results
- Recommendations
Implementation Plan

This document might be cross-referenced with other documents used during the design process in order to describe fully the proposed solution.

In summary, the design steps presented below can be structured as an eight-step methodology:

Recognize customer needs
Describe the existing network
Design networking and topology solutions
Plan the network implementation
Construct a prototype network
Fully document the design
Implement the design
Verify, monitor, and modify as needed

From a technical standpoint, in the eight-step design methodology (Figure 2.10), step six (fully document the design) and step seven (implement the design) represent the separation between the network designers and the network engineers that take care of the implementation. In the CCDA context, only the first six steps are of interest to network designers. Steps seven (implement the design) and eight (verify, monitor, and modify as needed) should be of interest to implementation engineers.

Figure 2.10 – Eight-Step Design Methodology

Designing Network Management

After the implementation phase, each network needs to be maintained at proper parameters by monitoring and management tools and processes. This section will cover the basic techniques used to deploy solid network management solutions.

Network Management Essentials

Simple Network Management Protocol

The network management system is usually based on the Simple Network Management Protocol (SNMP), which is a TCP/IP Application Layer protocol that uses IP within UDP. SNMP is used to share management information between network devices, usually between a management workstation and routers, switches, or other devices, as illustrated in Figure 2.11 below.

Figure 2.11 – Network Management Using SNMP

SNMP has evolved over the years and has now reached version 3 (SNMPv3). Network designers should demand that every environment uses SNMPv3, instead of the older unsecured SNMP versions 1 and 2, because of the advanced security features it provides. SNMP is used by network administrators and engineers to accomplish the following:

Control network performance
Troubleshoot
Plan scalable enterprise solutions and intelligent services

SNMP accesses detailed information in Management Information Bases (MIBs) and it uses SNMP agents. The MIB is an object-oriented hierarchical database system stored locally on the network device. An example of a MIB entry is 1.3.6.1.2.1.2.2.1.20.0, with 1 being the root of the MIB tree and 0 being the final leaf.

The SNMP agent is used to send and receive information from the device to the Network Management Station (NMS), and vice versa. In order to do that, different types of SNMP messages are used. The NMS will run some kind of network management software (e.g., CiscoWorks) that retrieves and displays the SNMP information in a Graphical User Interface (GUI) format. The displayed information is used for controlling, troubleshooting, and planning.

Another SNMP concept is represented by community strings, which is the access control method. A community is a password that controls what group of people has access to certain information on the device.

The managed device contains the SNMP agent and the MIB that stores all the information. Different types of messages are used in order to get information from the NMS to/from the managed device (i.e., the monitored device), as shown below in Figure 2.12.

Figure 2.12 – SNMP Messages

The first message is called the Get Request. This is sent to the managed device when the NMS wants to get a specific MIB variable from the SNMP agent that runs on that device. The Get Next Request information is used to return the next object in the list after the Get Request message returns a value. The Get Bulk message works only in SNMPv3 environments, and it can be used to retrieve a large chunk of data (e.g., an entire table), reducing the need to have to use many Get Request and Get Next Request messages. This in turn reduces the overhead on bandwidth utilization on the link.

The Set Request message is sent by the NMS and is used to set a MIB variable on the agent. The Get Response message is the response from the SNMP agent to the NMS Get Request, Get Next Request, or Get Bulk messages.

A Trap is used by the SNMP agent to transmit unsolicited alarms to the NMS when certain conditions occur (e.g., device failures, state changes, or parameter modifications). Different thresholds can be configured on the managed device for different parameters (e.g., disk space, CPU utilization, memory utilization, or bandwidth utilization), and Traps are sent when the defined thresholds are reached. SNMPv3 introduced another message called the Inform Request. This is similar to a Trap message and is what a managed device will send to the NMS as an acknowledgement to other messages.

Note: SNMPv3 is defined by the following RFCs: RFC 2571, RFC 2572, RFC 2573, RFC 2574, and RFC 2575.

SNMPv3 provides the following security levels:

NoAuthNoPriv: No authentication and no privacy mechanisms
AuthNoPriv: Authentication (MD5, SHA) but no privacy mechanisms
AuthPriv: The highest level of security; uses authentication (MD5, SHA) and privacy (DES)

Remote Network Monitoring

Remote Network Monitoring (RMON) is actually a management information base that allows you to monitor LAN traffic in the network environment proactively. It tracks individual data packets, and the number and size of those packets, as well as broadcast packets, network utilization, errors, and statistics.

RMON agents run on various network devices, such as routers, switches, or servers. If you do not want to run RMON on those specific devices because of the overhead, you can configure special RMON workstations as probes on specific network segments. RMON offers the possibility to diagnose faults within the LAN, which allows network tuning and planning for growth and utilization.

RMON is implemented in two versions, RMON 1 and RMON 2. RMON 2 is the most recent version and it offers more functionalities. RMON 1 operates only at the Physical and Data Link Layers, so it must be used only to probe, tune, plan, and search for faults on hubs (at the Physical Layer) and switches (at the Data Link Layer). RMON 2 provides much more functionality and can be used for Network Layer (Layer 3) applications, as well as for Layers 4 through 7. RMON 2 can also monitor database servers, exchange servers, e-mail, and web traffic.

Note: RMON is documented in RFC 1757.

NetFlow

A better solution to RMON in a Cisco environment is to use the proprietary solution called NetFlow. NetFlow is a monitoring and measurement technology that is superior to a simple SNMP/RMON solution, providing much more detail on the data that passes through a specific interface. NetFlow scales to a large number of interfaces and this makes it a great enterprise solution.

NetFlow is also a great solution for service providers because it supports customer service programs, and uses popular data warehousing and data mining solutions that are critical for competitive vendor offerings (e.g., flexible accounting and billing that can consider application usage, the time of day, the bandwidth utilization, or QoS elements). NetFlow is also a great tool for network scalability planning and overall analysis, as it can help lower the organization’s TCO.

The NetFlow management architecture (Figure 2.13) consists of the following components:

NetFlow data export service
NetFlow flow collector service
NetFlow data analysis

Figure 2.13 – NetFlow Management Architecture

Data export service is at the top of the three-tier NetFlow architecture. This is where the data warehousing and data mining solutions occur. It captures the accounting statistics for traffic on the networking devices and it uses UDP to export data. This is a three-part process, which includes the following:

Data switching
Data export
Data aggregation

The data is then exported to the second tier, the NetFlow flow collector service. At this level, using servers and workstations, you can complete actions such as data collection, data filtering, aggregation, data storage, and file system management using existing or third-party file systems.

Network data analysis is at the lowest tier, at the Access Layer. At this level, you can use network planning tools, overall network analysis tools, and accounting and billing tools, and you can export data to various database systems or Excel spreadsheets.

Cisco Discovery Protocol

Cisco Discovery Protocol (CDP) is a proprietary Cisco protocol that operates at Layer 2 (Data Link) between Cisco devices. Its main job is to summarize information it discovers about directly connected routers, switches, or other Cisco devices. The Cisco devices themselves do not forward any CDP frames to their other neighbors because their role is to share device information only between directly connected devices.

CDP is media and protocol independent, and it operates with TCP/IP, IPX, or AppleTalk. It can also run across different media types, such as LANs, ATM, and Frame Relay networks. Running CDP on external Internet connections is not recommended due to security issues (i.e., you should not expose information about your devices to outside users). In addition, it should not be configured on links going to non-Cisco devices because it is unnecessary.

Running the “show cdp neighbor” command on a device will give CDP-related information such as the following:

MAC address of the directly connected neighbor
Local interface connecting to that particular neighbor
Information about the device type (router, switch, or other)
Device platform/mode
Port numbers

FCAPS Network Management Model

This section discusses the International Organization for Standardization (ISO) network management model, called FCAPS, which represents the following:

Fault management
Configuration management
Accounting management
Performance management
Security management

Fault Management

The first functional area of the FCAPS model is fault management. This area deals with error conditions that can cause administrators and users to lose functionality, resulting in not being able to use certain network resources. This is a key area for network management.

Fault management activities include finding abnormal network operations, and isolating and correcting the faults that occur. This is accomplished in the following five steps:

Detect the problem.
Diagnose the fault.
Bypass and recover.
Resolve the situation.
Track and manage the problem.

The two main components of fault management (Figure 2.14) are as follows:

The event generators (devices that generate the events, such as routers, switches, access servers, hosts, etc.)
Event collectors (devices that receive SNMP/Syslog messages from the event generators); event collectors, also called event management systems (EMSs), can be third-party servers or CiscoWorks machines

Figure 2.14 – Fault Management

The events sent from the event generators to the event collectors can be one of the following:

State events, sent when a network device changes its state (a link goes down due to a configuration change, changes in the routing protocols, etc.)
Performance events (disk space usage, link errors thresholds, high CPU utilization, etc.).

Once the event generator produces events, they are collected and processed by the EMS (CiscoWorks). This follows a five-step process outlined below:

Event collection
Event normalization (normalizing Syslog events based on their timestamps)
Event filtering (ignoring low priority events)
Event correlation
Event reporting (in a text or GUI format)

Configuration Management

The configuration management area of FCAPS is the process of collecting different information on the network, driving consistency throughout all the network devices, tracking changes in the network, and ensuring network documentation is up to date (e.g., from Cisco.com or other standardization organizations), using the most recent versions.

The configuration management process also includes tracking and storing software versioning of all the network devices, and making sure the most recently updated IOS and the most recent software builds are used for all of the systems. It also allows the availability of improving all the devices, with the overall goal of configuration management to lower the time and cost overhead. For example, by building an efficient configuration management system within CiscoWorks, you can lower the TCO of the network infrastructure because fewer administrators will be required to work on those specific tasks.

Configuration management includes activities such as documentation, configuring control settings in the Cisco IOS, object mapping (ensuring objects are properly managed and associated), overall data collection for configuration information (configuration files on a server that can be downloaded via TFTP) and change configuration, and ensuring the TCO is lowered by being able to track all the network devices’ configuration changes. These activities are then stored in a database or presented in a GUI format within CiscoWorks.

CiscoWorks ensures that the organization complies with the newest standards by keeping up with the software versioning and updates, ensuring standard IP addressing and naming convention (DNS) schemes are used, and ensuring that an efficient DHCP process is in place. In addition, by using CiscoWorks, you can ensure that the organization uses standard configurations that are compatible with other companies and that configuration upgrades are in place. Moreover, a step-by-step procedure should exist for making configuration changes on the network devices. This can be accomplished using CiscoWorks templates to make the process easier.

Accounting Management

The accounting management area usually uses AAA services. There are a few different approaches regarding accounting management, for example, intra-organization management or inter-organization management.

If the AAA services are implemented within the company, you need to make sure people are who they claim to be when they try to access an object or do something on a device. Then you must authorize what they can do with those objects or devices. After that, you must account for what activities they engage in, sometimes for billing purposes.

Account management helps manage resources between the individuals in the company, security groups, different departments, and business entities to track expenditures, for example, or for security auditing. It can also be used for helping departments stick to their budgets and ensuring that everyone has enough resources for their types of networking activities (e.g., IP Telephony, multimedia applications, or video-conferencing). The overall goal of accounting is to measure and regulate network utilization. As mentioned, the accounting process will have a different purpose when used inside the company than when used between companies (e.g., an ISP scenario).

An ISP would use the accounting management aspect to offer flexible billing plans to their customers and to track the usage of network resources on a customer-by-customer basis. This allows network administrators to retrieve, display, and create bills for their customers.

IP accounting is based on the source or destination IP addresses, or on the IP precedence value in the IP header, when using QoS technologies in order to attain granularity. Other aspects of IP accounting include the data type, the number or size of the packets, MAC addresses, and violations to access control list settings using event logging.

The accounting management process is typically carried out with a RADIUS or TACACS+ server, especially for the authentication and authorization parts. The NetFlow solution mentioned earlier also provides powerful accounting services with its NetFlow collector, accounting, and billing applications.

An example of using the accounting management solution would be within a VPN remote access module on the enterprise edge to account for and to audit the company dial-up connections and the sessions on the WAN and ISDN links.

Performance Management

The performance management area is usually managed by a system administrator or by a network administrator/engineer. Nevertheless, the network designer should ensure that the organization has performance management techniques in place so that overall management guidelines are followed.

The goal of performance management is to keep the network uncongested 24/7, with all the devices accessible. Another goal is to reduce overhead and downtime (a recommended target to achieve is 99.9% network uptime). An important part of performance management is to provide service-level management (SLM) or service-level agreements (SLAs) established with the customers. This is a proven methodology to ensure that you can deliver the promised services to the organization, to individual departments, to business services, and to customers (in the case of ISPs).

Part of performance management is to identify trends in network operations, such as the usage of bandwidth, application usage, and other support services and intelligent services, as well as performing a “what-if” analysis. This means finding the optimal level of operations for the company. Another step in this process is creating baselines of activity within the organization with the help of system engineers, as a point of reference in order to analyze deviations from normal network behavior (e.g., peak activity for bandwidth and applications). This aspect is related to a concept called exception management, which creates a baseline of activity (thresholds of normal activity) and figures out when exceptions (violations of the thresholds) will occur and what those exceptions will be (e.g., peak CPU utilization or exhaustion of other resources).

Performance management also includes QoS management. This is important, especially for an ISP that offers solutions such as IP Telephony, multicasting, or video-conferencing. The implemented QoS techniques should be managed, including the way packets are prioritized as they travel through the network. This includes concepts such as Committed Access Rate (CAR) or Class Based Weighted Fair Queuing (CBWFQ), using queuing mechanisms to achieve QoS.

When a violation in performance is detected, the network staff must be able to fix that particular issue as quickly as possible and with little impact on the users in the organization.

Security Management

The last area of FCAPS is security management. The goal of security management is to ensure that you have access control to network resources, and you can prevent intentional or accidental changes to a particular object or device and unauthorized access to sensitive corporate information.

Some of the protocols and tools that can be used within security management on the routers, switches, and other devices include the following:

Telnet and SSH for connecting to the devices (SSH is preferred due to its encryption abilities)
SNMP for management and monitoring of the device parameters (SNMPv3 is preferred due to its authentication and privacy features)
HTTP and HTTPS for web access to the device
RADIUS and TACACS+ for authentication and authorization
AAA

More information about assessing the security within the network design will be presented in Chapter 8.

SLA Resources

Many companies, vendors, and service providers must provide service-level contracts (SLCs) to their partners or customers. A service-level agreement (SLA) is a component of the overall service level contract.

The SLC designates connectivity and the performance level that the service provider guarantees to its customesr and the organization guarantees to its end-users. The SLA defines specific parameters and performance measurements between devices (e.g., routers, servers, workstations, or other equipment).

The main resource regarding Cisco SLA concepts is the Cisco SLA portal www.cisco.com/go/saa, where the following white papers containing information about implementing SLCs can be found:

Service-Level Management: Best Practices
Deploying Service-Level Management in an Enterprise
Service-Level Management: Defining and Monitoring Service Levels in the Enterprise

Summary

Network design includes the following features:

Availability
Efficiency
Functionality
Manageability
Performance
Scalability

The Cisco Intelligent Information Network (IIN) is a complete architecture that consists of the following phases:

Integrated transport: Voice, data, and video converged into a single transport
Integrated services: Services such as VoIP or storage networking that rely on the underlying network transport mechanism
Integrated applications: Applications (e.g., Cisco IP Communicator) leverage services (e.g., VoIP) that rely on network transport

The Cisco architectural approach to designing an IIN is the SONA framework, which contains the following layers:

Network infrastructure layer
Infrastructure services layer
Application layer

SONA offers the following benefits to network design:

Functionality
Scalability
Availability
Performance
Manageability
Efficiency

Cisco categorizes the network lifecycle into six phases identified within the PPDIOO concept. The components of PPDIOO are as follows:

1. Prepare	This phase involves determining the network’s requirements, formulating a network strategy, and suggesting a conceptual architecture of the network.
2. Plan	This phase compares the existing network with the proposed network to help identify tasks, responsibilities, milestones, and resources required to implement the design.
3. Design	This phase clearly articulates the detailed design requirements.
4. Implement	This phase integrates equipment into the existing network (without disrupting the existing network) to meet design requirements.
5. Operate	This phase entails the day-to-day network operation, while responding to any issues that arise.
6. Optimize	This phase gathers feedback from the Operate phase, potentially to make adjustments in the existing network. Changes might be implemented to address ongoing network support issues.

PPDIOO’s lifecycle approach offers the following benefits:

Reduces total cost of ownership (TCO)
Improves network availability
Allows business networks to respond quickly to changing needs
Accelerates access to network applications and services

Designing a network in conjunction with the PPDIOO approach involves the following steps:

Identify customer requirements: To identify customer requirements, the following information must be obtained:

Network applications
Network services
Business goals
Constraints imposed by the customer
Technical goals
Constraints imposed by technical limitations

Characterize the existing network: To identify characteristics of the current network, the following tasks must be completed:

Collect existing network documentation (with the understanding that the documentation might be somewhat dated and unreliable) and interview organizational representatives to uncover information not available in the documentation.
Conduct a network audit to identify information such as network traffic types, congestion points, and suboptimal routes.
Supplement the information collected in the two previous tasks by performing a network traffic analysis with tools such as Cisco Discovery Protocol (CDP), Network Based Application Recognition (NBAR), NetFlow, Network General Sniffer, Wireshark, or Remote Monitoring (RMON) probes.

Design the network topology: Using information collected in steps one and two, network design can be completed. Although designing a network can be a daunting task, Cisco’s recommended top-down design approach assists the network designer by breaking down the design process into smaller and more manageable steps. The term top-down refers to beginning at the top of the OSI reference model (i.e., the Application Layer) and working your way down through the underlying layers.

Using a top-down design strategy, as opposed to a bottom-up design strategy (i.e., where the design begins at the Physical Layer of the OSI model and works its way up), provides the following benefits:

Does a better job of including specific customer requirements
Offers a more clearly articulated “big picture” of the desired network for both the customer and the network designer
Lays the foundation for a network that not only meets existing design requirements but also provides for scalability to meet future network enhancements

When using the OSI reference model in the top-down design approach, the network designer should determine what design decisions, if any, are required for each of the seven layers. For example, when considering the Application Layer, the network designer might determine that voice applications such as the Cisco IP Contact Center and the Cisco Unity converged messaging system are applications needed for the design.

Network Layer design decisions might include the selection of a routing protocol (e.g., Enhanced Interior Gateway Routing Protocol [EIGRP] or Open Shortest Path First Protocol [OSPF]). In addition, when analyzing the Network Layer, the network designer might need to determine an appropriate IP addressing scheme for the network (e.g., the use of private versus public IP addresses and subnet masks to be used) to provide for future network scalability.

Physical Layer and Data Link Layer design decisions might involve the selection of LAN/WAN technologies (e.g., GigabitEthernet, FastEthernet, Frame Relay, ATM, or PPP) to provide media transport.

With the multitude of design decisions required in larger networks, network designers often benefit from network design tools such as the following:

Network modeling tools: Generates suggested configurations based on input information, which can then be further customized (e.g., adding redundancy or support for additional sites)
Strategic analysis tools: Enables a network designer to experiment with various “what-if” scenarios and observe resulting network effects
Decision tables: Records design decisions based on network requirements
Simulation and verification tools/services: Verifies design decisions in a simulated environment to reduce the need to implement a pilot network

Even with the availability of simulation tools, some network designs still benefit from building a small prototype network to serve as a proof of concept. An alternative to prototype networks, which are usually implemented in an isolated environment, is building a pilot network, within a specific network module.

After the implementation phase, each network must be maintained at proper parameters by monitoring and management tools and processes. Basic techniques related to network management include:

SNMP
RMON
NetFlow
CDP

FCAPS is an ISO network management model that comprises the following elements:

Fault management
Configuration management
Accounting management
Performance management
Security management

Network Design Methodology