Lecture2_Network Design and Security
-
Upload
haidineddbonn -
Category
Documents
-
view
219 -
download
0
Transcript of Lecture2_Network Design and Security
7/28/2019 Lecture2_Network Design and Security
http://slidepdf.com/reader/full/lecture2network-design-and-security 1/27
Network Design Principles
CP3397
Network Design and Security
Lecture 2
7/28/2019 Lecture2_Network Design and Security
http://slidepdf.com/reader/full/lecture2network-design-and-security 2/27
Contents
Design goals
Design choices
Design approaches
The design process
Capacity planning
7/28/2019 Lecture2_Network Design and Security
http://slidepdf.com/reader/full/lecture2network-design-and-security 3/27
Design goals
Good designs should:
Deliver services requested by users
Deliver acceptable throughput and response times Be within budget and maximise cost efficiencies
Be reliable
Be expandable without major redesign
Be manageable by maintenance and support staff Be well documented
7/28/2019 Lecture2_Network Design and Security
http://slidepdf.com/reader/full/lecture2network-design-and-security 4/27
Design Choices
Balance of distribution
Level of transparency
Security
Connectivity technology
7/28/2019 Lecture2_Network Design and Security
http://slidepdf.com/reader/full/lecture2network-design-and-security 5/27
Design approaches
Two typical methods
Traditional analytic design
Building block approach
Both use a similar iterative approach
7/28/2019 Lecture2_Network Design and Security
http://slidepdf.com/reader/full/lecture2network-design-and-security 6/27
The traditional design processAgree requirements
Information gathering
Design process
Deployment
Commissioning
Modify
Meets constraints?
No
7/28/2019 Lecture2_Network Design and Security
http://slidepdf.com/reader/full/lecture2network-design-and-security 7/27
Design Stages - Agreerequirements
Engage end users
Translate requirements
Business objectives –> technicalspecification
Phasing the requirements
Right level of detail at each design stage
Designing the requirements
7/28/2019 Lecture2_Network Design and Security
http://slidepdf.com/reader/full/lecture2network-design-and-security 8/27
Design Stages - Designing therequirements
Aim for completeness
Prioritise with a hierarchical system
such as [M] - Mandatory
[H] – Highly desirable
[D] - Desirable [N] - Note
7/28/2019 Lecture2_Network Design and Security
http://slidepdf.com/reader/full/lecture2network-design-and-security 9/27
Design Stages - Assessingrequirements
Consider all aspects E.g. support & maintenance, depreciation,
commissioning costs, project management fees,h/w & s/w upgrade costs, b/w/ costs, consultancycharges – over the lifetime of the network
Weighted matrix multipliers M=100, H=10, D=1, N=0 Produce scores and rank suppliers
7/28/2019 Lecture2_Network Design and Security
http://slidepdf.com/reader/full/lecture2network-design-and-security 10/27
Design Stages - Informationgathering
Need to find details of user behaviour, applicationuse and location information for example: User: location, numbers, services used, typical access
Sites: number, location, constraints on traffic (security, political or
cost) Servers and services: location, level of distribution
WAN/backbone predicted link traffic
Protocol support: bridged, routed or switched – Gateways needed?
Legacy support: equipment, protocols or services
Specific availability needs? 24-hour/backup links etc
Five-year plan – changes to population or business requirements
Budgetary constraints
Greenfield or existing site
Information is refined and leads to a requirements database andcapacity plan
7/28/2019 Lecture2_Network Design and Security
http://slidepdf.com/reader/full/lecture2network-design-and-security 11/27
Design Stages - Siteconstraints
Greenfield or Greenfield sites have no legacy constraints but…
It is difficult to determine the real network loads andstresses
Needs more detail of application use and underlyingprotocols
Could use simulation to predict performance
Existing site
Limited access Access to live network could be restricted but…
Bottlenecks more obvious
Can use traffic/network analysis tools
7/28/2019 Lecture2_Network Design and Security
http://slidepdf.com/reader/full/lecture2network-design-and-security 12/27
7/28/2019 Lecture2_Network Design and Security
http://slidepdf.com/reader/full/lecture2network-design-and-security 13/27
Design Stages - Designspecification
Detailed document of the design
Acts as a benchmark for design changes
Final design choices and changes need justification and documenting
Should include change history to aidmaintenance
Used for the implementation
7/28/2019 Lecture2_Network Design and Security
http://slidepdf.com/reader/full/lecture2network-design-and-security 14/27
Design Stages -Implementation
Needs a project plan to include Phased introduction of new technology
Educating the users (what to expect) Pilot installation (test for possible
problems)
Acceptance testing (to prove performance
meets requirements) Deployment (provide support on going live
and provide fallback position)
7/28/2019 Lecture2_Network Design and Security
http://slidepdf.com/reader/full/lecture2network-design-and-security 15/27
Connectivity options
Technology choices
LANs (Ethernet, Token ring, ATM)
MANs (FDDI, SMDS, ATM, SONET/SDH) WANS (Frame relay, ATM, ISDN, X.25,
PDCs, Satellite)
Wireless (802.11, Bluetooth, GPRS, GSM) Dial-up lines
Serial links
7/28/2019 Lecture2_Network Design and Security
http://slidepdf.com/reader/full/lecture2network-design-and-security 16/27
Connectivity optiondeterminants
Packet, cell or circuit switching
Wired or wireless
Distance
Performance
Bandwidth
Quality of Service
Availability
7/28/2019 Lecture2_Network Design and Security
http://slidepdf.com/reader/full/lecture2network-design-and-security 17/27
Media and bandwidth choices
7/28/2019 Lecture2_Network Design and Security
http://slidepdf.com/reader/full/lecture2network-design-and-security 18/27
Capacity Planning - Outline
Concerned with User response times
Application behaviour and performance
characteristics Network utilisation
Needed to Minimise downtime
Maximise service to customers Minimise costs of procurement and maintenance
Avoid unscheduled maintenance or re-design
Avoid costly upgrades and bad publicity
7/28/2019 Lecture2_Network Design and Security
http://slidepdf.com/reader/full/lecture2network-design-and-security 19/27
Capacity Planning - Stages
Form a discussion group (involve users etc.)
Quantify user behaviour
Quantify Application behaviourBaseline existing network Traffic profiles
Make traffic projections
Summarize input data for design process Assess other data (environmental, locationrestrictions, deployment constraints etc)
7/28/2019 Lecture2_Network Design and Security
http://slidepdf.com/reader/full/lecture2network-design-and-security 20/27
Capacity Planning – Step 1
Form a discussion group (involve users etc.) Needs wide representation
Users, network managers, application groups
To elicit What uses find acceptable and unacceptable
Map of services and users and details of user behaviour
Quantify items using User and service sizing data
Snapshots from data capture and network managementtools
Traces of key services using protocol analysers
Pilot network implementation
7/28/2019 Lecture2_Network Design and Security
http://slidepdf.com/reader/full/lecture2network-design-and-security 21/27
Capacity Planning – Step 2
Quantify user behaviour
Need to know population and and location
of users Summary of major user groups
Application use by user group
Site location data (country, grid ref., town,postcode, telephone exchange)
Planned changes
7/28/2019 Lecture2_Network Design and Security
http://slidepdf.com/reader/full/lecture2network-design-and-security 22/27
Capacity Planning – Step 3
Quantify Application behaviour Need to identify
Applications that could affect performance
Location and performance of servers and clients
Key constraints on performance (response times, buffer sizesetc
And define Application behaviour under fault conditions (lost data)
Addressing mechanisms( broad/multi/unicast)
Packet characteristics (frame sizes and direction) Routable and non-routable services (IP, NETBIOS)
Undefined applications allow choice of distributionbalance
7/28/2019 Lecture2_Network Design and Security
http://slidepdf.com/reader/full/lecture2network-design-and-security 23/27
Capacity Planning – Step 4
Baseline existing network Baselining – a behavioural profile of the network obtained
from
Packet traces, transaction rates, event logs and stats
Router ACLs, firewall rulebases
Inventory of H/W and S/W revisions
Traffic profiles -Capture data for a stable working network with details of B/w utilization by packet type and protocol
Packet/frame size distribution Background error rates
Collision rates
Various tools can be used Network and protocol analysers, SNMP data, RMON probes, OS
tools, traceroute, ping etc
7/28/2019 Lecture2_Network Design and Security
http://slidepdf.com/reader/full/lecture2network-design-and-security 24/27
Capacity Planning – Step 5
Make traffic projections using some, orall of:
Hand calculation Commercial analytical tools to project
network utilisation
Simulation tools (most detail)
7/28/2019 Lecture2_Network Design and Security
http://slidepdf.com/reader/full/lecture2network-design-and-security 25/27
Capacity Planning – Step 6
Summarize input data for design process Budget
Database of sites, user populations,
List of key applications and their behaviour Traffic matrix
Need to consider Static or dynamic bandwidth allocation
Max. Delay and Max. hops between sites
Resilience, Availability, degree of meshing
Design constraints and trade-off (e.g. delay v cost)
7/28/2019 Lecture2_Network Design and Security
http://slidepdf.com/reader/full/lecture2network-design-and-security 26/27
The building-block designprocess(an alternative)
NeedsAnalysis
Technologydesign
CostAssessment
7/28/2019 Lecture2_Network Design and Security
http://slidepdf.com/reader/full/lecture2network-design-and-security 27/27
Summary
Good design
Is an iterative process of continuous
refinement Is logical and consistent
Should deliver acceptable performance andcost metrics (trade-off)
Is more than choosing the technology!