CCDA Notes: Enterprise LAN Design (LAN Hardware)

LAN Hardware

LAN devices are categorized based on the layer of the OSI model in which they operate

• Repeaters
• Hubs
• Bridges
• Routers
• Layer 2 switches
• Layer 3 switches

Repeaters

Repeaters are layer 1 devices with no awareness of what traverses them. Their main use is to receive traffic, amplify it and send it out of all ports. Basic rule of Ethernet repeaters is 5-4-3 rule. Maximum path between any two hosts should be no more than five segments, with no more than four repeaters between them, and with no more than three of the segments populated with other hosts. Repeating generates latency when propagating traffic. When designing Ethernet networks, repeaters must be taken into account when determining 512-bit time for collision detection.

Hubs

Hubs are basically repeaters with more ports, which were introduced to be installed in wiring closets for aggregation. Follow other rules for repeaters as above.

Bridges

Bridges connect two segments of a network, and are different from repeaters because they are intelligent and operate at layer 2. Bridges control collision domains and learn MAC addresses of hosts on segment and on which interface their traffic comes into the bridge. In this way they lower total traffic on segments, because they learn on which segments hosts reside and will transmit only out of that interface to that segment. If a bridge has not learned a MAC it will flood the incoming frame out of all ports except that on which it was received, and when the answer comes in the bridge will learn the MAC/interface. They will also not forward frames to other segments that are destined for hosts on the same segment.

Bridges are store-and-forward devices, which store an entire frame, perform a CRC check to verify its integrity and then forward it on if it passes. Bridges are designed to flood all unknown and broadcast traffic.

Because of this bridges use Spanning Tree topology (STP) to implement a loop-free network so that broadcast traffic will not flood around the network eating resources and saturating links. STP elects a root bridge from all bridges participating in spanning tree, and then uses that root bridge's location in the topology of the network to determine which redundant links should be shut down. Root bridge election is based on priority, with the lowest priority being elected as root; If all bridges have equal priority, the lowest MAC address value is used to elect the root bridge. After the root bridge is elected, each other bridge will determine their best path0. to reach the root and shut down any other links. These links are available should the primary path fail, they are just shut down. If the link to root is detected to have failed, the bridge will go through a convergence period where it will try to reach the root on other paths, learn MAC addresses if possible and then activate the new best path, shutting down any other links if any remain. Physical changes to the network force spanning tree to reconverge.

Layer 2 Switches

Switches use special application-specific integrated circuits (ASICs) to reduce latency that regular bridges have, and are evolution of bridges. Some switches run in cut-through mode, meaning it only reads the destination MAC address and then forwards it without checking CRC. This speeds switching time but increases likelihood of forwarding bad frames. Most modern switches use store-and-forward method. Each port on a switch is a separate collision domain, meaning it has no need for CSMA/CD on the line and so it can operate at full duplex. Each switch is one broadcast domain, meaning any ports in a vlan will receive broadcasts sent from that vlan. Switches also learn MAC addresses and use STP to avoid loops in the network.

Routers

Routers are layer 3 devices that make forwarding decisions based on network addresses (IP adress). When an Ethernet frame enters a router interface, the layer 2 header is removed and the router inspects the layer 3 address, then adds the layer 2 address of its outgoing interface and forwards the packet. Routers do not forward layer 2 broadcasts over other interfaces. A router defines layer 3 broadcast domains based on the IP address and subnet of its interfaces. Routers are aware of the network protocol and so can forward routed protocols such as IP and IPX. Each interface of a router is its own collision/broadcast domain.

Routers can share network route information using a routing protocol in order to expand its list of known networks and the best routes to reach them. The following are some well-known protocols:

• EIGRP
• OSPF
• BGP
• RIP
• IS-IS

Since routers can translate layer 2 protocols, they can be used to connect networks of different media types together such as Ethernet and Token Ring or Ethernet and Serial. Since they are protocol-aware, routers can also be configured to filter based on ports, IP addresses, hierarchical addressing and multicast routing.

Layer 3 Switches

LAN switches that can run layer 3 network protocols are Layer 3 switches. They are also called multilayer switches as they do routing and switching. Layer 3 switches have LAN interfaces that can switch network layer packets which greatly increases the speed of traffic flow. Use of ASICs to cache route information allows hardware switching of packets without needing to inspect data link addressing and consult the routing table. With routing processor power saved, the switch can perform advanced packet features when needed such as security filtering and intrusion detection. As with routers each port is its own collision domain, and ports can be grouped into network broadcast domains by subnet. Routing protocols can be implemented on layer 3 switches to exchange routing information.

CCDA Notes: Enterprise LAN Design (LAN Media)

Enterprise LAN Design

LAN Media

Ethernet Design Rules

Scalability Constraints for 802.3:

Specification
10BASE5 (Thicknet)

• Bus Topology
• 500 meter maximum segment length
• 100 maximum attachments per segment
• 2500 meters of five segments and four repeaters, of which only three segments can be populated as maximum collision domain

10BASE2 (Thinnet)

• Bus Topology
• 185 meter maximum segment length
• 30 maximum attachments per segment
• 2500 meters of five segments and four repeaters, of which only three segments can be populated as maximum collision domain

10BASET (Ethernet)

• Star Topology
• 100 meters from hub to station
• 2 maximum attachments per segment (hub and station or hub - hub)
• 2500 meters of five segments and four repeaters, of which only three segments can be populated as maximum collision domain

100BASET (Fast Ethernet)

• Star Topology
• 100 meters from hub to station
• 2 maximum attachments per segment (hub and station or hub - hub)
• Maximum collision domain is dependent on repeater technology but in general can only have two repeaters. Most networks use switches instead of repeaters

Main design rule for Ethernet is that the round-trip propagation delay in a single collision domain must not exceed 512-bit times in order for collision detection to work correctly. Maximum round-trip delay for 10MBPS Ethernet is 51.2 microseconds and 100MBPS Ethernet network is only 5.12 because its delay is .001 instead of .01

100-MBPS Fast Ethernet Design Rules

Uses CSMA/CD (Carrier Sense Multiple Access / Collision Detection) and UTP/fiber cabling. Speed/distance constraints are greater with Fast Ethernet because delays must be shorter to meet 512 bit rule (5.12 microseconds). Cabling specifications follow:

• 100BASE-TX
• 100BASE-T4
• 100BASE-FX

100BASE-TX Fast Ethernet

100BASE-TX requires no special cabling to support over 10-Mbps Ethernet. Uses Cat5 UTP wiring, RJ-45 connectors. Utilizes only two pairs of the four-pair UTP wiring. Punchdown blocks in wiring closet must be Cat5 certified if used. Uses 4B5B coding.

100BASE-T4 Fast Ethernet

100BASE-T4 not widely deployed, supports Cat3, Cat4 and Cat5 UTP. To support older wiring, three of four wiring pairs are utilized with the fourth being reserved for collision detection Since there is no separate transmit/receive pairs this cabling cannot run at full-duplex. Uses 8B6T coding.

100BASE-FX Fast Ethernet

100BASE-FX is a fiber cabling standard. Operates over two strands of multimode or single-mode fiber with media interface connectors (MIC), Stab and Twist (ST), or Stab and Click (SC) fiber connectors. Fiber can transmit over greater distances than copper. Uses 4B5B coding.

100BASE-T Repeaters

Fast Ethernet limited to two repeaters. General rule is that Fast Ethernet has maximum diameter of 205 meters with UTP cabling. Since switches are used instead of repeaters in modern networks, effective length of cabling is 100 meters between host and switch.

Gigabit Ethernet Design Rules

802.3z-1998 specifies Gigabit Ethernet over fiber and coax and introduces GMII (Gigabit Media-Independent Interface). 802.3ab-1999 specified operation of Gigabit Ethernet over Cat5 UTP. Both are rolled into latest revision 802.3-2002. GigEthernet still uses same framing methods, CSMA/CD and full-duplex communication. All GigEthernet uses 8B10B coding.

Scalability Constraints/Specifications for Gigabit Ethernet

1000BASE-T

• 100 meter maximum segment length
• Cat5, four-pair UTP media

1000Base-LX Long-Wavelength

• 62.5 micrometer wiring: 440 meter maximum segment length
• 50 micrometer wiring: 550 meter maximum segment length
• 9 micrometer (single-mode fiber): 5 kilometer maximum segment length
• Single/multi-mode fiber

1000BASE-SX Short Wavelength

• 62.5 micrometer wiring: 220 meter maximum segment length
• 50 micrometer wiring: 500 meter maximum segment length
• Multimode fiber media

1000BASE-CX Gigabit Over Coaxial

• 25 meters meter maximum segment length
• Used mainly for server connections
• Shielded balanced copper media

1000BASE-T Gigabit Over UTP

• Cat5, 4-pair UTP
• Maximum length 100 meters
• Five-level coding scheme
• 1 byte is sent over 4 pairs at 1250 MHZ

10Gigabit Ethernet Design Rules

802.ae supplement to 802.3 standard defines 10 Gigabit Ethernet. Defined for full-duplex operation over fiber, UTP and copper. Disallows usage of hubs/repeaters as they operate in half-duplex mode. Distances covered are consistent with MAN (Metropolitan Area Network) and WAN designs. Also includes data centers/server farms, corporate backbones.

10GE Media

10GBASE-SR

• Short-wavelength multimode fiber media using 66B encoding
• 300 meter maximum distance

10GBASE-SW

• Short-wavelength multimode fiber media using Wan Interface Sublayer (WIS)
• 300 meter maximum distance

10GBASE-LR

• Long-wavelength single-mode fiber using 66B encoding
• 10 kilometers maximum distance

10GBASE-LW

• Long-wavelength single-mode fiber using WIS
• 10 kilometers maximum distance

10GBASE-ER

• Extra-long wavelength single-mode fiber using 66B encoding
• 40 kilometers maximum distance

10GBASE-EW

• Extra-long wavelength single-mode fiber using WIS
• 40 kilometers maximum distance

10GBASE-LX4

• Division multiplexing to leverage SMF and MMF using 8B/10B encoding
• 10 kilometer maximum distance

10GBASE-CX4

• Four pairs of twinax copper
• 15 meters maximum distance

10GBASE-T

• Cat6a UTP
• 100 meter maximum distance

EtherChannel

Cisco Etherchannel allows method of increasing bandwidth/link redundancy by bundling like speeds, ie, FastEthernet, Gigabit and 10GE into single logical port load balancing across all physical links. Can be formed with up to eight compatibly configured ports, must have same speed, duplex and vlan

Comparing Campus Media

Copper/UTP

• Up to 10GBPS
• Up to 100 meters
• Inexpensive

Multimode Fiber

• Up to 10GBPS
• Up to 2 kilometers (FastEthernet)
• Up to 550 meters (GigabitEthernet)
• Up to 300 meters (10GigabitEthernet)
• Moderate cost

Single-mode Fiber

• Up to 10GBPS
• Up to 100 kilometers (FE)
• Up to 5 kilometers (GE)
• Up to 40 kilometers (10GE)
• Moderate to expensive cost

Wireless LAN

• Up to 300MBPS
• Up to 500 meters at 1MBPS
• Moderate cost

 

CCDA Notes: Network Structure Models

Network Structure Models

Hierarchical Network Models

Hierarchical models use layers to simplify tasks for internetworking, with each layer focusing on specific functionality. This allows choosing correct features for each layers. This model applies to LAN and WAN designs.

Benefits

1. Cost Savings: Not trying to do it all on one routing/switching platform. Reduces need for advance bandwidth provisioning
2. Ease of Understanding: Layered model easier to understand, different reporting/management can be distributed to different layers to help control management costs
3. Modular Network Growth: Modularity allows replication as network grows and only small subsets require upgrade/replacement at a time
4. Improved Fault Isolation: Transition points in network are easier to troubleshoot because network is segmented

Modern routing protocols were designed with hierarchical model in mind. Route summarization is facilitated by this model and more difficult if there are not clear boundaries

Hierarchical Network Design

• Core: Fast transport between distribution devices within enterprise campus network
• Distribution: Provides policy-based / Layer 3 connectivity
• Access: Provides workgroup/users access to network

Core Layer

Fast-switching, backbone for network. Requires:

• Fast transport
• Redundancy
• Reliability
• Manageability
• No CPU-intensive processes
• QoS (if implemented)
• Limited number of hops from edge to edge (workstation to server, etc)

Distribution Layer

Isolation point between access layer and core, implements many features:

• Policy-based connections (ACLs, traffic policy)
• Redundancy/load balancing
• Aggregate access layer devices
• Aggregate WAN connections (if connected here)
• QoS
• Security filters
• Route summarization
• Layer 3 interface/Inter-Vlan routing
• Media translation (if needed between ethernet/token ring, etc)
• Routing protocol redistribution
• Demarcation between static/route protocols

Using Cisco IOS software features further policies can be applied:

• Route filtering, static routing, QoS mechanisms like queueing

Access Layer

User access to local segments of network via switches. Other features of this layer:

• High availability
• Port security
• Broadcast suppression (via vlan segmentation)
• QoS Marking/Trust boundary classification
• Rate limiting/policing
• ARP inspection
• VACLs (Vlan ACLs)
• Spanning tree
• PoE and auxiliary vlans for VOIP
• Other auxiliary vlans

Hierarchical Model Examples

Traditional Model

Routed Hierarchical Design


As above, but the layer 3 switching is pushed to the access layer instead of the distribution layer. Route summarization is configured on interfaces pointed toward the core, while route filtering is configured toward access layer. Since links to distribution layer are routed, load balancing can occur versus spanning tree where one link is disabled.


If Cisco 6500 switches with VSS (Virtual Switching System) Supervisor 720-10G are available, two redundant distribution switches can be configured as one logical switch. The two distribution switches are connected by a 10Gig link called Virtual Switch Link. Benefits are as follows:

• Layer 3 switching can be used toward access layer
• Scales bandwidth to 1.44TBPS
• Simplifies management of single configuration on VSS
• Increased bandwidth between access/distribution layer gives better return on investment
• No new chassis required (assuming you have 2 6500 chassis with these supervisor modules)

Cisco Enterprise Architecture Model

Modular approach to design, divides network into functional areas/modules. These areas/modules are:

•  Enterprise Campus Module
•  Enterprise Data Center module
•  Enterprise Branch module
•  Enterprise Teleworker module

Enterprise Architecture model maintains concepts of access/distribution components connecting users utilizing high-speed core

 

 

Enterprise Campus Module



• Campus Core
• Server Farm/Data Center
• Building Distribution
• Building Access

Campus core provides high-speed backbone between buildings, server farm towards enterprise edge, has redundant/fast-converging connectivity

Building distribution aggregates access and performs QoS, access control, route redundancy and load balancing

Building access provides user access, vlan control, auxiliary vlans and PoE for VOIP, spanning tree

Server Farm/Data Center provides high speed access and high availability of services


Enterprise Edge Area

• E-commerce networks/servers
• Internet/DMZ
• VPN/Remote access
• Enterprise WAN

E-commerce module describes highly available networks for business services, uses high availability design of server farm with Internet connectivity module. Devices within this submodule include:

• Web/App servers - Primary user interface for e-commerce
• Database servers - Application/transaction information
• Firewall/Firewall routers - Governs communications between users
• IPS - Monitor key network segments for attacks
• Multilayer switch utilizing IPS module - Traffic transport/integrated security monitoring

Internet/DMZ Module provides public servers, email, DNS. Connectivity to ISP included in this module. Other components include:

• Firewall/Firewall routers - Protect resources, stateful filtering, VPN termination for remote sites/users
• Internet edge routers - Provide WAN connectivity, basic filtering
• FTP/HTTP servers - Provides web applications that interface enterprise with Internet
• SMTP relay servers - Relays mail to/from Internet to/from local email servers
• DNS servers - Authoritative external DNS server for enterprise, relay internal requests to Internet

Multihoming provides for Internet connectivity redundancy

1. Single router/dual links to one ISP
2. Single router/dual links to two ISPs
3. Dual routers/dual links to one ISP
4. Dual routers/dual links to two ISPs

VPN/Remote access provides RA termination services, including authentication for remote users/sites. Components include:

• Firewalls - Stateful filtering of traffic, authenticate remote users, provide tunnel connectivity
• Dial-in access concentrators - Terminate legacy dialup and authenticate those users
• Cisco ASA - Terminate IPSec tunnels and authenticate individual users, also firewall/IPS services
• Network IPS - Proactively monitor network for attacks

Enterprise WAN is the edge module that connects to ISPs/WAN. AN technologies include:

• MPLS (Multiprotocol Label Switching)
• Metro Ethernet
• Leased Lines
• SONET and SDH
• PPP/Frame Relay
• ATM
• Cable/DSL
• Wireless

Guidelines for designing Enterprise edge:

• Determine connection needed to connect Enterprise to Internet, this is assigned to Internet module
• Create e-commerce module for customers and partners that require Internet access to business/database applications
• Design Remote Access/VPN module for VPN access to internal network. Implement security and authentication, authorization parameters
• Assign edge sections with permanent connections to remote branch offices to WAN/VPN module

Service Provider Edge Module consists of SP edge services such as:

• Internet service
• PSTN (Telephone)
• WAN services

Remote Module consists of:

•  Enterprise branch
•  Enterprise Data Center
•  Enterprise Teleworker

Enterprise Branch module consists of remote offices that rely on the WAN to connect back to main office for services. Commonly uses MPLS/WAN or IPSEC VPN tunneling to connect

Enterprise Data Center module uses network to leverage services, storage, applications. Components of data center include:

• Network infrastructure - Gigabit/10GE, Infiniband, optical transport, storage switching
• Interactive services - Computer infrastructure, storage services, application optimization
• DC management - Cisco Fabric manager, Cisco VFrame for server/service management

Enterprise Teleworker module involves small office or mobile user who needs access to main campus, often utilizing VPN client. Cisco Virtual Office offers solution that is centrally managed using small integrated service routers (ISR). VOIP capability included in Virtual Office for teleworkers


Borderless Network Services

Cisco next-generation network architecture solution which enables connectivity to anyone/anything from anywhere at any time. Connectivity needs to be secure, reliable, seamless.

• Mobility: Cisco Motion delivers anywhere/anytime access to information for mobile users from any device. Also provides detection, location, classification mitigation of sources of wireless interference
• Security: Cisco TrustSec provides foundation for identity-directed and policy-based access. Uses Cisco ASA, Cisco Virtualization Security, and Cisco AnyConnect for endpoints/users. Cisco SAFE blueprint provides design/implementation guidelines for building secure/reliable architecture
• Application Performance: Application Velocity optimizes speed/performance of any application by using Wide Area Application Services (WAAS)
• Voice/Video (IP Communication): Medianet for Enterprise optimizes multimedia through automatic endpoints and optimized network configuration. Reduces video deployment time and provides multicast video

High Availability Network Services

Design redundancy for critical systems/services wherever possible. Consider following types of redundancy:

• Workstation to router redundancy in building access layer
• Server redundancy in server farm module
• Route redundancy within/between network components
• Link media redundancy in access layer

Workstation to Router Redundancy and LAN High Availability Protocols

• ARP: Proxy ARP allows routers to respond to ARP requests it knows how to reach with its own MAC
• Explicit Configuration: Configure workstation with IP of default gateway
• ICMP Router Discovery Protocol (RDP): RFC 1256 specifies extension to ICMP to allow a workstation to learn a router's address
• RIP: IP workstation can run RIP to learn about routers, should be set to passive if used at all
• HSRP: Workstation can be configured with default gateway IP, two routers can share that virtual IP which provides default gateway that is fault tolerant
• VRRP: Router redundancy protocol dynamically assigns responsibility for router to a VRRP router participating. Master router assigns forwarding router, but any VRRP-participating router can forward if failover is needed
• GLBP: Provides first-hop redundancy and also load balancing between redundant routers, uses single virtual IP and multiple MAC addresses, as requests come in the MAC address of a GLBP router is given for that request. GLBP has several benefits:

1. Load Sharing
2. Multiple virtual routers
3. Preemption
4. Authentication

Server Redundancy

Servers may be mirrored for redundancy and replicate data between them. Can also deploy Cisco Unified Communications Manager servers for redundancy. These servers should be on different networks and utilize redundant power supplies. Options for server implementation in the server farm include:

• Single attachment - Not recommended as it requires alternate mechanisms (HSRP, VRRP, GLBP) to find alternate router
• Dual attachment - Solution increases availability by utilizing redundant NICs
• Fast Etherchannel and Gigabit Etherchannel  port bundles

Route Redundancy

Redundant routes have two purposes: Load balancing and increasing availability

Load Balancing

Most routing protocols will load balance across parallel links with equal cost, can do unequal with configuration, or use more links to balance. To support load balancing keep bandwidth consistent within layer of hierarchical model.

Hop-based routing protocol will load balance across unequal bandwidth links so long as hop count is equal. After slower link is saturated, packet loss prevents traffic and router will not automatically utilize only high-speed link. This is called pinhole congestion, can be avoided by provisioning equal-bandwidth links or using a protocol that takes bandwidth into account

IP load balancing on a Cisco router depends on whether it is process switching or fast/netflow based switching. Process switching inspects each packet, whereas hardware/fast/netflow switching uses destination basis because it is cached

Increasing Availability

Bandwidth should be kept consistent to ease load balancing, but redundant routes also increase availability because more paths to a destination exist. Routing protocols converge faster on equal-cost links. Mesh network designs are fault-tolerant because multiple links connect network devices. If a single link fails connectivity is minimally (or not at all) impacted.

Number of links in a full mesh is n(n-1)/2 where n is the number of devices

Full mesh is very expensive to implement in WANs because of the cost of circuit links. Also with more mesh links, the CPU/bandwidth overhead for routing protocols and broadcast traffic increases. Since broadcast traffic should consume no more than 20 percent of a link, number of routers exchanging routing information should be limited. 80 percent of link bandwidth should be reserved for data, voice, video traffic. Planning redundancy should take into account hierarchical design for partial mesh, meshing access to distribution and distribution to core


Link Media Redundancy

In mission-critical applications it may be necessary to provide redundant media. Switches can be connected to each other, but need spanning tree to bound broadcast traffic. WAN links can be made redundant with redundant links to WAN providers or to backup WAN providers. May provision backup route as a floating static route (static route with very high administrative distance that will only be installed into routing table if primary link fails).

Cisco also supports Multilink Point-to-Point Protocol (MPPP) which aggregates multiple WAN links into single logical channel. This increases bandwidth and provides link redundancy.

CCNA Notes: Cabling Types

Cabling Types

UTP (Unshielded Twisted pair)

Cat 1 - Telco, telephone line
Cat 2 - Token Ring, up to 4 MBPS speed
Cat 3 - 10BaseT Ethernet - 10 MBPS
Cat 4 - Token Ring, 16 MBPS
Cat 5 - Fast Ethernet, 100 MBPS
Cat5e- Fast Ethernet, 1000 MBPS (1 Gig)
Cat6 - Fast Ethernet, 1000 MBPS (1Gig), 24-gauge

UTP Ethernet cables typically use an RJ-45 adapter for connections.

Article explaining more about the UTP Ethernet cabling


Fiber Cabling

 Multi-mode Fiber - Used over shorter distances, uses LEDs to create light and bounces light signal on cladding. Cheaper than single-mode fiber. Greater speeds are attainable the shorter the distance traversed, from 100 MBPS at 2km to 10 GBPS at 550m.

Single-mode Fiber - Used over greater distances, uses laser to generate light, which is carried on a single line without bouncing. More expensive than multi-mode. Covers far greater distances based on speed and other factors, up to 60km in some cases

Fiber cables typically utilize an SFP/GBIC connector.

Comparison of Cabling Types

Cable Type             Maximum Length              Maximum Speed                 Notes

UTP                                  100m                        10 MBPS - 1 GBPS          Susceptible to interference

Coaxial                             500m                        10 - 100 MBPS                 Difficult to troubleshoot

Fiber                                 60+km                        10 MBPS - 10GBPS         Expensive


Speeds

Ethernet - 10 MBPS
Fast Ethernet - 100 MBPS
Gigabit Ethernet - 1000 MBPS

Article covering many different flavors of Gigabit Ethernet

WAN Cabling Types

 T-carrier

The following was taken from this Wikipedia article and covers a vanishing, but still present, WAN technology. Connections are typically made to routers by way of a serial cable or RJ-48 connector, and clocking for the line speed is set by the WAN provider. The standard naming convention is T-1 (or DS-1).

T-carrier and E-carrier systems	North American	Japanese	European (CEPT)
Level zero (channel data rate)	64 kbit/s (DS0)	64 kbit/s	64 kbit/s
First level	1.544 Mbit/s (DS1) (24 user channels) (T1)	1.544 Mbit/s (24 user channels)	2.048 Mbit/s (32 user channels) (E1)
(Intermediate level, T-carrier hierarchy only)	3.152 Mbit/s (DS1C) (48 Ch.)	–	–
Second level	6.312 Mbit/s (DS2) (96 Ch.) (T2)	6.312 Mbit/s (96 Ch.), or 7.786 Mbit/s (120 Ch.)	8.448 Mbit/s (128 Ch.) (E2)
Third level	44.736 Mbit/s (DS3) (672 Ch.) (T3)	32.064 Mbit/s (480 Ch.)	34.368 Mbit/s (512 Ch.) (E3)
Fourth level	274.176 Mbit/s (DS4) (4032 Ch.)	97.728 Mbit/s (1440 Ch.)	139.264 Mbit/s (2048 Ch.) (E4)
Fifth level	400.352 Mbit/s (DS5) (5760 Ch.)	565.148 Mbit/s (8192 Ch.)	565.148 Mbit/s (8192 Ch.) (E5)

Optical Carrier over SONET (Synchronous Optical Networking)

Don't be terrified by the intense wording - This is fiber. Fiber strands are bundled to reach different amounts of bandwidth, with each increment being multiplicative on the first, as follows:

OC-1 - 51.84 MBPS
OC-3 - 155.52 MBPS
OC-12 - 622.08 MPBS
OC-48 - 2488.32 MBPS
OC-192 - 9953.28 MBPS
OC-768 - 38,486.016 MBPS

Of course, multiple customers can reside on an OC, so it is common to have, for example, an OC-192 split among many different customer circuits as needed. Commonly, the largest fiber cables are bundled in the 'backbone' networks, and then multiplexers are used to divide the light signal off into smaller cables as they get nearer to customers, in some cases delivering it right to their door, where GBICS/SFPs are connected to the premise equipment. More commonly the WAN provider or local carrier will have a smartjack or some similar demarcation point, and then the customer equipment will connect to that.

Learn more about how optical carrier data is joined/split here.

CCNA Notes: The OSI Model

The OSI Model of Networking

There are easily hundreds of ways to try and explain the OSI Model of Networking to an audience. A quick Google search will net some of the best, but in general, what's important to understand about the Open Standard Interconnect model is that it breaks down host to host transmission into seven layers, listed above. The highest layer is the Application layer, where information is presented to the user. The lowest layer is the Physical layer, where the electrical/radio/light signals are transmitted along whatever medium exists between the hosts. The actual units of data are referred to by different terms beyond the Session layer, as you can see.


Note: The analogy presented below was not taken from a book, it is my own attempt to explain.

Application Layer

This layer deals with the protocols/services used by the actual applications used, which they will employ to transmit network information.

Pretend for a moment that we are in the Wild West. Sally Packett has just written a thrilling, loin-warming romance novel, and wants to send the manuscript to her publisher. At this layer of the OSI model, Sally Packett simply makes the decision to use Western Union Courier Services to get her important package to the publisher, who is anxiously awaiting the finished copy.

Presentation Layer

This layer defines how the information is to be presented to the user, file formats work at this layer, such as JPG, BMP, TXT, AVI, and so on.

Sally Packett needs to be sure that her manuscript will be readable, so she makes sure that she wrote the whole novel in English (she had a few glasses of wine for inspiration some nights). After that, she makes sure her grammar is correct and picks up her telephone.

Session Layer

This layer initiates the setup and teardown of connections, and differentiates between multiple network connections. This layer deals with hello packets, notifications, timeouts, the logistics of how data will be delivered.

Sally has a long talk with a very helpful gentleman from Western Union on the telephone, who assures her that they do deliver to the publisher's address. Sally schedules the pickup of her manuscript as soon as possible. The Western Union clerk has Sally verify how many pages there are in her book and other details about the package, as well as determining how soon it needs to get there and, depending on how much Sally wants to pay, may or may not offer a tracking number/receipt.

Transport Layer

This layer deals with the mechanics of setting up, maintaining, and tearing down connections. Transmission Control Protocol (TCP, of the famous TCP/IP suite) operates at this layer. User Datagram Protocol (UDP) also operates at this layer. The largest difference between TCP and UDP is that TCP is connection-oriented, meaning it keeps track of the data delivery attempt and will attempt to recover if it is having trouble (missed packets, corrupt data, packets arriving out of sequence). UDP is not connection-oriented. If TCP were a delivery driver, it would be the one that won't leave a package without a signature. If UDP were a delivery driver, the truck might slow down as the package was thrown at your house.

In our Wild West example, Sally Packett has elected to go with a more expensive option (after all, this romance novel will make her rich when it sells!). She receives a tracking receipt and soon afterward her manuscript is picked up by the Western Union courier. The courier goes back to the central office and informs the management that he's starting his trip to the publisher's address. The central office issues the courier the correct horse, a rifle and rations for the trip. The courier is ready to go, he has all the details of the delivery, except he doesn't know how to get there yet.

Network Layer

This layer provides the logical topology of the network, makes routing decisions to determine the best path to logical destinations, and allows logical addressing instead of otherwise obtuse physical addressing. IP addresses operate at the Network layer, saving us all from having to memorize hardware MAC addresses of source/destinations (At least for now - I'm looking at you, IPv6).

The Western Union courier (Let's call him Jim. It's easier that way) consults the map of the western territories to figure out his route. Unfortunately, the central office where he works only has a route to the next way station in line, not the entire map. He knows that the name of the way station is Tuscaloosa Valley Station, and how to get there. Jim knows what to expect, and he has all the proper tools for the journey. He leaves the office and takes the western road. Come hell or high latency, he's going to see that package delivered.

Data Link Layer

This layer uses physical hardware addressing, and defines how devices should communicate within a given physical media type. It also defines how a device accesses the network, the media's framing method and the transmission method on that media. This is the layer that uses MAC addressing to determine source/destination. This one is tough to understand, just remember that at this layer, there are no fancy IPs that are easy to read, just ugly MAC addresses.

Jim has just started his journey. Up ahead, he sees signs on the road, telling him that slower horses should stay to the right, and that stagecoaches have right of way. Jim isn't looking to run afoul of the Marshals, so he aims to pay attention to the rules of the road. He looks for a sign pointing him in the direction of the Tuscaloosa Valley Station, but he just sees signs for Alabama. Luckily, he knows from the office map that Tuscaloosa is in Alabama, and he is headed the right way.

Physical Layer

This layer deals with the physical properties of the network media. This includes connectors, multiplexers, adapters, lines, radio, light, and electrical signals. At this layer, it's raw signal, binary ones and zeroes moving across the medium. The Data link layer will determine who those signals are for and how they should be interpreted, the Physical layer's only concern is how to convey that signal.

It's been a long, hard road. Jim is parched, hungry, and has dodged his share of bullets from unfriendly natives and bandits alike. Only his wits and the speed of his horse saved him, as well as the fine condition of the road.

Now What?

Jim has arrived in Alabama alive and with Sally Packett's manuscript intact. Once in town, he gets directions from a friendly local to the Tuscaloosa Valley Station. At the station, two possibilities exist for Sally's package.

• If Tuscaloosa is indeed the final destination, Jim will turn over the package to the publisher, who will open it and verify everything arrived in order, then format it and prepare it for sale, moving up from the Network layer to the Application layer in sequence.
• If there are further legs of the journey, his trip will begin again, picking up from the Network layer back down to the Physical in a process called encapsulation/de-encapsulation until the final destination is reached.

 

Book Citations for Study Notes

CCDA Study Notes

Official Cert Guide: CCDA 640-864

Authors: Anthony Bruno and Steve Jordan

ISBN-13: 978-1-58714-257-4

Buy it on Amazon!

 

CCNA Study Notes

Cisco Certified Network Associate Study Guide

Author: Richard Deal

ISBN-13: 978-0-07-149730-5

Buy it on Amazon!

CCNA Voice Study Notes

Official Certification Guide: CCNA Voice 640-461

Authors: Jeremy Cioara and Michael Valentine

ISBN-13: 978-1-58720-417-3

Buy it on Amazon!

CCDA Notes: Network Design Methodology

Network Design Basics

Business forces that affect decisions for enterprise network include:

• Return on Investment - Cost savings or increased productivity
• Regulation - Meet industry regulations (HIPAA, DOD, etc)
• Competitiveness - Technology needs to make business more competitive

Technology forces which affect decisions for network include:

• Removal of borders - Network resources must be accessible from more places than before, like branch offices, teleworkers, mobile devices and business partners
• Virtualization - Reduction in hardware/power/software needs as well as space considerations by virtualizing many services
• Growth of Applications - As applications become larger and more demanding of resources, network resources are required to adapt

IT optimization areas can be split into three groups:

1. Data Centers
2. Networks
3. Applications

Three architectures provide for optimization within each group and inter-group as well:

• Borderless Networks Architecture
• Collaboration Architecture
• Data Center/Virtualization Architecture

Borderless Networks Architecture

1. Policy/Control: Policies applied across all users/devices
2. Network Services: Resiliency and control
3. User Services: Services include performance, mobility, security
4. Connection Management: Delivers secure access anytime/anywhere

Collaboration Architecture

1. Communication/Collaboration Apps: conferencing, messaging, mobile apps, IP comms, social software
2. Collaboration Services: Services that supports the collaboration apps: policy/security management, contact management, session management, location, presence, client framework
3. Infrastructure: Allows collaboration anytime/anywhere on any device. This layer includes virtual machines, the network and storage.

Data Center/Virtualization

Data center/virtualization architecture is built on Cisco Data Center 3.0, which has a set of virtualization technologies/services that bring network/storage/computing/virtual platforms together

PPDIOO: The Cisco Lifecycle

• Lowers cost of ownership by validating tech requirements, planning for infrastructure changes/resource requirements
• Increases network availability through good network design
• Improves business by establishing technology strategies/business requirements
• Speeds access to applications through improved availability, reliability, scalability, security and performance

Lowering Cost Of Ownership:

• Identify/validate tech requirements
• Plan for infrastructure changes/resource requirements
• Develop network design to mesh with business/technology needs
• Improve network efficiency
• Reduce operating expense by streamlining processes/tools

Increasing Network Availability

• Assess the network and its ability to support design
• Choose correct hardware/software and keep current
• Create good network design and verify operation
• Staging/testing before implementation
• Improving engineer skills
• Proactively monitor network for issues
• Proactively identify security issues and remediation plan

Improve Business

• Establish business/technology requirements
• Ready sites to support design
• Integrate technical needs and business needs into design
• Expertly install system components
• Continue to enhance performance after implementation

Speed Application Access

• Improve operational readiness for current/planned network technology/service
• Increase availability, capacity and performance of network
• Manage/resolve issues affecting system, keep software current

 PPDIOO Phases:

Prepare Phase

Establish requirements, develop network strategy, propose high-level network architecture

 

Plan Phase

Identify requirements by assessing current network and perform gap analysis between current/proposed

 

Design Phase

Provide high availability, scalability, reliability, security and performance in design

 

Implement Phase

Install/configure new equipment

Operate Phase

Analyze daily network operations and operational health

 

Optimize Phase

Proactive network management, propose modifications to design as needed

 

Design Methodology

1. Identify Customer Requirements

Identify network apps/services

• Planned Applications
• Concrete applications
• Importance to business
• Other Info/Comments

Define goals of organization, such as:

• Increase competitiveness in field
• Reduce costs
• Improve customer relations (Better support, new services)

Identify possible constraints

• Budget
• Timeframe
• Limited personnel
• Policy limitation

Define technical goals

• Improve network speed
• Decrease failures
• Simply management of network
• Improve security
• Improve scalability
• Improve reliability
• Tech refresh

Identify possible technical constraints

• Legacy applications
• Bandwidth allocation may not meet application needs
• Existing infrastructure
• Legacy equipment

 

2. Assess Current Network

• Identify/Gather existing documentation about organization/network
• Audit network to determine details of network
• Analyze traffic for applications/protocols used

Identify/Gather Documentation

Include site designs, contacts, hours of operation/access and addresses, where network equipment is located and what infrastructure exists. Also gather info about LAN/WAN wiring and contact info for WAN providers. Especially look for IP/Vlan schema and IP allocation information, as well as network applications and servers in use

Network Audit

Use existing documentation, existing network management tools, and new tools to covers gaps in analysis. Audit should provide following:

•  List/naming convention for network devices
• Hardware info for network devices
• Software versions for network info as well as supported applications
• Network configs
• LAN/WAN speeds of vital links
• Auditing tool output
• WAN technology/provider info

Manual Analysis: review device configs, manually use show commands and collect output

• show tech-support
• show version
• show log
• show running-config
• show process cpu
• show process memory
• show interface

Network Analysis Tools: Inspects packets for data flow/traffic analysis

• Netform DesignXpert Enterprise: Desktop tool to discover/design/quote/propose solutions
• CNS NetFlow Collector: Cisco hardware that collects network info
• Cisco Embeded Resource Manager: Monitors IOS processes/utilization
• Third-party tools: SolarWinds, NeTMRI, etc

After audit, check to make sure the following is true before moving on with design:

• Network segments should be switched, not using hubs
• WAN links are not saturated (70% or higher)
• Response time acceptable (Generally 2ms on LAN, less than 100ms on WAN)
• No segemts have more than 20% multi/broadcast traffic
• No segment has more than 1 CRC per MB of data
• Less than .1% of packets collide on ethernet segments
• Network devices shouldn't have 75% CPU utilization for 5 min or over
• Interface output drops shouldn't exceed 100 per hour
• Interface input queue drops shouldn't exceed 50 per hour
• Interface buffer misses shouldn't exceed 25 per hour
• Interface ignored packets shouldn't exceed 10 per hour
• QoS should be enabled for prioritization

3. Designing Network and Solutions

Top-Down

Start from top layer of OSI model and work downward, adapt infrastructure for application requirements. Analyze application requirements for top layers (Application, Preentation, Session) and develop infrastructure to support it for bottom layers (Transport, Network, Data Link, Physical)

Benefit:

• Design meets current/future needs and organization requirement

Drawback:

• Far more time-consuming

Bottom-Up

Start from bottom of OSI model and build upward. Utilize best practice and previous implementation experience to design network without taking specific application requirements into account

Benefit:

• Allows for quick solution, based on best practice/previous experience

Drawback:

• May be inappropriate design, may not meet specific requirements

Develop Design Document

• Introduction: Describe project's purpose and reasoning
• Design Requirement: List requirements, constraints and goals
• Existing Network Infrastructure: Include logical topology diagram, audit results, summary list of appications, etc
• Design: Specific design info, logical/physical topology, IP/Vlan Schema, routing protocols, security, etc
• Proof of Concept: Results from prototype/pilot testing
• Implementation Plan: Detailed steps for network staff to implement design
• Appendixes: List of network devices, configs, additional info

Implementation Plan should include several phases with each phase containing:

• Description of phase
• Reference to design
• Detailed implementation guidelines
• Detailed rollback guidelines if implementation fails
• Estimated time to implement

CCNA Notes: Network Considerations and Topology/Media

Network Considerations

When designing a network, there are many factors at play. Some factors to consider:

1. Cost - What is an acceptable budget?
2. Speed - What is an acceptable speed?
3. Security - How much security is needed?
4. Topology - Where are the users? The services? What infrastructure separates them?
5. Scalability - Is this network capable of growing larger easily?
6. Reliability - Are the network solutions we are using reliable?
7. Availability - Do we have redundancy for connectivity/services?

There are different types of network locations that will help drive these questions/answers:

Small Office / Home Office (SOHO) - Small site that may or may not connect to a larger network

Central Office - Where most users/services are homed

Branch Office - An office which is geographically separated from central office but uses its services

Mobile Office - Users that connect via VPN or RAS to services, not physically connected to the network

When dealing with expectations of network speed/latency, determine whether you are talking about a LAN (Local Area Network) or WAN (Wide Area Network). LANs connect geographically close users together over high-speed links. WANs connect users over large geographical areas, as in the Central/Branch office setup, typically using much slower links.

LAN Topologies and Media

10Base5 and 10Base2 - Thicknet and thinnet coax.  This is obsolete technology and you are not likely to see it in use today. Connectivity was achieved via a vampire tap that literally tapped into the line to get signal, or the connection was terminated via BNC connector. This media was very prone to electrical interference as the cables had to have ground terminators, and was made largely obsolete by the advent of ethernet Cat5 cabling. Thicknet and thinnet were very prone to network collisions, which is what happens when two or more devices try to send signals across the wire at the same time, ruining the transmission. Later implementations of thinnet used a token ring to resolve this issue.  Token ring is a topology where collisions are avoided by having one networked device at a time utilize a logical 'token', and only the device with the token is allowed to transmit. This token was passed to other devices in turn, but this resulted in much slower speeds and ultimately token ring could not compete with ethernet collision detection/avoidance techniques.

More info on Thicknet (including pictures)
More info on Thinnet (including pictures)


10BaseT Ethernet - Category 5 (and later 6, 6e) cabling defines this standard. This is the most popular medium in use for LANs today. Most ethernet networks utilize a star, or hub and spoke topology where devices connect to network devices that aggregate connections. Network collisions are handled by CSMA/CD (carrier sense multiple access / collision detection), where when two devices detect a collision, both send a jam signal to the wire and then wait a random backoff interval before trying again.

More info on Cat5 Ethernet (including pictures)


Wireless (802.11a/b/g/n) - Radio waves comprise the physical 'media' in a wireless network. There are many different wireless standards, the differences mainly involving what channels on which the standards communicate and the speeds attainable. The topology in a wireless network is a star/hub and spoke with the wireless access point being the aggregating network device. Collision avoidance is accomplished by CSMA/CA (carrier sense multiple access / collision avoidance). Because users can communicate with the access point but not see each other's transmissions, the AP uses a system of RTS/CTS (Request to Send/Clear to Send) messages to grant exclusive transmitting capability to one device at a time, similar to a token ring.

More info on wireless standards


Fiber - Fiberoptic cables define this media type. There are enough types of fiber cabling to warrant its own entry, but in general, the signal is either carried in a single line, or there will be two lines, one dedicated to transmit signals and the other to receive them.



 FDDI - A dual fiber loop which utilized a proprietary token bus standard instead of the more prevalent token ring standard. The second fiber ring provided redundancy, but as faster ethernet standards were developed this technology was outclassed both in ease of use and price.


More info on FDDI

For the purposes of the CCNA, be aware of most different topologies and media, but focus on Ethernet and star/hub and spoke topologies.

CCNA\CCDA Notes

While studying to get my CCNA, and start my new career in Networking, I took a notebook's worth of notes. I have never once, after getting the cert, reviewed them. Two years down the road, I've decided it's time to review them for accuracy/understanding, and then transcribe them here. This will help me index them faster, and it may help some other people who are just getting into networking to study too. Who knows. I'll tag those entries appropriately, so that they can be searched/indexed easily.

First Music, Now TV

I don't pay for cable. It's too much money for too much content masking too little content in which I am interested.

I have been saying for a long time that what could make me buy cable again would be an a la carte offering, of channels and/or shows. Every time it's suggested, the cable providers have vociferously defended the current model, painting a dark future in which each person would pay a hoard of gold and gems for each channel/show because breaking the 'package' would cause costs to skyrocket.

To be honest, it smacks of the RIAA telling us about how important the model of CD sales was to the music industry. If the RIAA taught us all anything, it's that no business entity whose sole purpose for existing is to protect it's preferred business model can be trusted to deliver the facts.

Which leads me here:

Intel Jumps Into the Content Pool

Not sure why Intel is throwing its hat in the ring, but I am excited about the possibility of subscribing to particular content. Netflix and Hulu offer plenty of content at a low price, but their business model isn't the same as what Intel is aiming to accomplish. The real danger to this new emerging business model is that content providers have to be on board, and not spread their stuff around like this were the McDonalds Monopoly game or something. I don't want to have a separate subscription to Netflix, Hulu, Apple TV, Amazon Prime, HBO Go, etc. Give me my content from as few providers as possible, but give me exactly what I want. Until then, I'll make do with DVDs and streaming media.

Welcome!

Welcome to the blog. I will be your host, Juan Golbez.

A little bit about me:

I am 30+ years old.

I am married and have a six year old daughter and a one year old daughter.

I have been a network engineer for about 4 years now, first on the Navy Marine Corps Intranet (NMCI for short), the largest private network in the world, and now for a company called Melaleuca.

I am a senior network engineer, which means I work on hot-button issues and try to mentor the junior engineers.

I have a CCNA, CCNP, JNCIA and Sec+ (8570 cert required for DoD)

I am an avid gamer, be it console, PC, board or tabletop RPG. I don't get as much time as I'd like these days, but I try to keep current.

The Blog

I made this blog to keep notes on the certs I have done and new certs I am working on. Mostly these are notes for me, but if they will assist you, by all means use them. I will label the notes with the certification, ie, CCNA Notes, so if you are looking for a particular cert you can search by that and filter by labels.

From time to time I may post stuff that's important to me or that I have opinions about. Feel free to ignore that part as you like.

On the right side is a sidebar that will expand. I've linked some other networking blogs/sites that have helped me, as well as links to other websites I frequent. Enjoy.