ODD010001 Overview of IP Network Planning ISSUE1_1

HUAWEI TECHNOLOGIES CO., LTD. All rights reserved

www.huawei.com

Internal

ODD010001 Overview of IP Network Planning

ISSUE 1.1

PDF created with FinePrint pdfFactory Pro trial version www.pdffactory.com

http://www.huawei.com

http://www.pdffactory.com

HUAWEI TECHNOLOGIES CO., LTD. Page 1All rights reserved

How to plan and design a network that is of good reliability, expandability, security, manageability, and maintainability? This course gives a brief look at the network planning in the aspects of topology design, address and naming planning, route selection, security, and network management.




Here are the learning objectives of this course

[ Outline the basic principle of network planning

[ Master the principle of topology design and addressing

[ Understand how to select routing protocols for the network

[ Outline the basic idea of developing the security strategies

[ Know the development trends of network management system




Chapter 1 Principles of Chapter 1 Principles of

Network PlanningNetwork Planning




Chapter 1 Principles of Network PlanningChapter 1 Principles of Network Planning

1.1 Basic Principles of Network Planning 1.1 Basic Principles of Network Planning

1.2 Designing a Network Topology 1.2 Designing a Network Topology

1.3 Designing Models for Addressing and Naming 1.3 Designing Models for Addressing and Naming

1.4 Selecting Routing Protocols1.4 Selecting Routing Protocols

1.5 Developing Network Security1.5 Developing Network Security

1.6 Developing Network Management System1.6 Developing Network Management System




Basic Principles of Network Planning

l Reliability

[Equipment

[Network topology

l Expandability

[Equipment performance

[Scalability

[ IP address and routing protocol planning

Four PrinciplesFour Principles




Basic Principles of Network Planning

l Operability

[Whether the network can provide rich services

[Whether reliable security level can be ensured

[QoS of key services

l Manageability

[Centralized management platform enabling flexible management on various equipment

[NMS for maintenance of topology management, configuration and backup, software upgrade, and real-time traffic and exception monitor

Four PrinciplesFour Principles




Flow of Network Planning

Board planning

IP connection

QoS planning

Advanced routing protocol planning

NM planning

Operable, manageableand secure network

Service isolation andassurance of key services

IP connection

Physical connection

Equipment selection

Topology planning

Routing planning

MPLS/VPN planning

Policy routing

Network security deployment




Equipment Selection l Reliability[ Redundancy and reliability of key modules (power and control

board) l Forwarding performance [ Real time Traffic < Throughput / 2

l Service capability[ NAT, VPN, and policy routing in addition to ordinary IP routing

(CPU, ASIC and NP)l Port [ If the ports can meet the requirements

l Expandability[ Support of possible future performance and services by adding

boards or software upgrade (CPU, ASIC and NP) [ Price

− Select devices according to the above factors instead of devices with high price.




Designing a Network Topology

l Hierarchy and modularization[Network performance maximization[Condensed time for deployment and fault removal [Cost-effectiveness

l Redundant and backup[Counteraction of impact by single node failure[Load sharing and better network performance[ Increased network complexity and cost

l Security[Protection of core router, edge routers, switches, and

server[Firewall against external attack

Features of Network TopologyFeatures of Network Topology




l Plane structure Model

[No hierarchy and modularization, easy deployment and management

[Suitable for small networks, and inconvenient for expansion

l Plane hierarchy model

[Common structure for traditional large network, including core layer, convergence layer, access layer

l Plane and Space Hierarchy model

[Hierarchy and plane, different planes for different services

[Clear structure, good backup capability, and high security

Network topology Model Network topology Model





Hierarchy Model Hierarchy Model

Quidway NetEngine 40/20

Core layerCore layerConvergence Convergence layerlayer

Access layerAccess layerQuidway S8500/8000/6500

Quidway S5000Quidway S3500

Quidway S2000

Quidway NetEngine 5000E/80E/40E

Quidway AR4600/2800

10G/2.5G/RPRMPLS VPN

Quidway WA1000

Quidway NetEngine16E/08E/05

Quidway MA5200

iTELLINCAMSTM

Service platform

Quidway Eudemon100/200/1000

iManagerTM N2000/NMSNetwork management platform

MDNTM

Media distribution network

Quidway S3000

Quidway S3000Quidway S2000

Quidway RM9000Resource Manager





Plane and Space Hierarchy Model Plane and Space Hierarchy Model

Provincial IP network Metropolitan IP network

XA

CD

WH

SY

NJSHGZ

BJ

GZ IDC

GZ Egress

SH Egress

SH IDC

BJ IDCBJ Egress

BJGZ

SH

National backbone IP network





Backbone network 2(carrier-class services)

MANMAN

B：Carrier-class service plane

AA：：InternetInternetService planeService plane

1+1>2

Backbone network 2(network access and data

services)

Plane and Space Hierarchy Model Plane and Space Hierarchy Model






l Basic principles

[Backup cost ≤ loss caused by equipment failure

[N+1 backup, through which the network operation will not be affected in case of any fault in key equipment, links, and modules 。

[Backup of topology, equipment, and protocols

l Access layer backup

[Usually select the devices without redundancy function in key modules

[Usually not considering dual-host backup

[Only provide the dual-uplink for backup if necessary

Redundancy and Backup PrinciplesRedundancy and Backup Principles




l Convergence layer backup

[Usually select devices with redundancy function in key modules 。

[Usually considering dual-host backup, dual-uplink backup, and ring connection among convergence layer devices

l Core layer backup

[Usually select devices with carrier-class reliability

[Considering full mesh or partially mesh topology connection among core layer devices







l Symmetrical backup

[Equal bandwidth on active and standby links; standby devices or links participating in operation

l Asymmetrical backup

[Less or equal bandwidth on standby links; standby devices or links participating in operation only in case of active link failure





Tongliao Wu LeagueGSR12012GSR12012 GSR12012

To national backbone network

1Î2.5G

GSR12416

1Î2.5G

GSR12016 GSR12416

GSR12012NE80Baotou

GSR12012

Regional center

1Î2.5G

Erdos

Wuhai

Ba LeagueA League

Xingan LeagueHulunbeier

Chifeng

Xi League

Hohhot

GSR12012

GSR12012GSR12012

GSR12012

GSR12012NE80

NE80

NE80

NE80NE80

5Î155M

3Î155M

2Î155M3Î155M

1Î155M

2Î155M 2Î155M

5Î155M

2Î155M

5Î155M

1Î2.5G3Î155M2Î155M1Î155M1ÎGE

Symmetrical backup Symmetrical backup





RR

QuidwayRouter

QuidwayRouter

QuidwayRouter

Active link

Bank backbone network

DCC DCCbackup link

Service front end processor group

ATM front end processor

Service terminal

ATM

Municipal office

Business office PSTN/ISDN

Asymmetrical backupAsymmetrical backupDesigning a Network Topology




Designing Models for Addressing and Naming

l Unique

[The same IP address cannot be shared by two hosts in an IP network.

l Continuous

[Continuous addresses can facilitate path coverage, reduce the size of routing tables, and improve the efficiency of routing algorithms in the hierarchical network.

l Expandable

[Some address should be reserved during address assignment on each layer ensure the continuity of address coverage during network expansion.

l Meaningful

[Use the meaningful name




Designing Models for Addressingl Loopback address

[ Concept: logical interface, always UP

[ Address planning

− A 32-bit mask address is required.

− Odd number of the last digit for routers, and even number for switches

− The nearer the devices is to the core, the smaller the loopback address becomes

l Interconnection address

[ Concept: address for port connection of two network devices

[ Address planning

− A 30-bit mask address is required.

− Use smaller address for core devices

− Use continuous aggregatable address

l Service address

[ Concept: gateway address and address for connecting Ethernet servers and hosts

[ Address planning

[ Use the same last number for all gateway addresses, for example, ".254" for gateway




l Name the devices in the form of AA-B-YYYY-X to facilitate the management.

[ AA: device level and name, usually the name of the region

[ B: name of equipment supplier

[ YYYY: equipment model

[ X: identity numbered by 1, 2... if the previous three items are the same

l Examples:

[ Name of the first switch 3526E in Beihai:

BH-H3-S3526E-1

[ Name of the router AR4640 at Chongkou:

ChongKB-H3-AR4640

Designing Models for Naming




l The description for each port in use should indicate and the peer connection and bandwidth. Naming format: name of peer device bandwidth

l Example:

ð description to ZD-H3-NE16E-2 8MThis indicates the standby router NE16E with 8 Mbps bandwidth at the peer end.

Designing Models for Naming




Designing Models for Naming l Naming of logical interface

[For MP, Ethernet sub-interface, and VLAN interface, assign meaningful numbers for their names.

[For MP-group A/B/C, "A" indicates the slot number; "B" indicates card number, which is fixed; "C" is set to a digit that indicates the information of the peer device, for example, an identification digit of peer loopback interface address, or OSPF area number of peer device.

[Strictly keep Ethernet sub-interface number consistent with the VLAN information.

[Make a uniform plan for the use of numbers for global VLAN interfaces, for example, 100 and 200 for the VLAN of VPN, and 1000 for NM VLAN.




Comparison Among Routing Protocols

Medium Yes

Memory: High; CPU: High;

Bandwidth: Low

Fast (Use of update and keepalive

message and route withdrawal)

1,000 routers

Path attributes and other

configurable parameters

Classless ExteriorPath vectorBGP

Medium Yes


Bandwidth: Low

Fast (Use of LSA)

Several hundred

areas, each area

supporting several hundred routers

Configured path, delay, cost, and

errorClassless InteriorLink state IS-IS

Medium Yes


Bandwidth: Low

Maybe a long time (if no load

balance)

Several hundred

areas, each area

supporting several hundred routers

Reference bandwidth/physical link bandwidth

Classless InteriorLink state OSPF

EasyYes


Bandwidth: Low


balance)15 hopsHop count Classless InteriorDistance vectorRIPv2

EasyNoneMemory: High;

CPU: High; Bandwidth: Low


balance)15 hopsHop count ClassfulInteriorDistance vectorRIPv1

Easiness of setting,

configuration, and

troubleshooting

Security support

and routing

certification

Resource consumption

Convergence time

Expandability

Measurement method

Classful/classles

s

Interior routing/ext

erior routing

Distance vector or link

state




Principles for Selection of Routing Protocols

l Distance vector protocol

[Simple, flat network topology, no need of hierarchy design

[Simple hub-and-spoke topology

[Network manager is unfamiliar with link state protocols and unable to shoot troubles in link state database

[No need to consider convergence time in the worst case

l Link state protocol

[Hierarchical large network

[Network administrator has rich knowledge about link state protocol

[Fast convergence is of much importance

Selection of Distance Vector Protocol and Link State Protocol Selection of Distance Vector Protocol and Link State Protocol





l Measurement result affects scalability

l Traditional distance vector protocol uses only hop counts

l Routing protocol of new generation considers delay, bandwidth, and reliability

l With non-hierarchical routing protocol, all routers must perform the same tasks

l With hierarchical routing protocol, routers of different roles perform different tasks

Measurement method Measurement method

Hierarchical and nonHierarchical and non--hierarchical routing protocols hierarchical routing protocols





l Interior routing protocol runs within an enterprise network or autonomous system

l Exterior routing protocol runs between autonomous systems

l Classful protocol

ð Discontinuous subnets invisible to each other

ð Not support variable length subnet mask (VLSM)

l Classless protocol

ð Support discontinuous subnet and VLSM

ð Support reasonable subnet arrangement for aggregation

Interior and Exterior Routing Protocols Interior and Exterior Routing Protocols

ClassfulClassful and Classless Routing Protocols and Classless Routing Protocols





l Static routing protocol

[Manual configuration, suitable for stub network

[No protocol messages occupy bandwidth

[Easy fault removal

[User has higher control over path selection

[Difficult to manage in large networks

[Routing details are not known

l Default route

[Simple; suitable for the network with only one ingress and egress link

[Routing details are not known

Dynamic, Static, and Default Routing Protocols Dynamic, Static, and Default Routing Protocols





l Whether there is any limit on measurement

l Convergence speed upon network changes

l Frequency and triggering method of route update and Link State Advertisement

l Information transmission upon route update

l Bandwidth occupation by route update

l Advertisement range of route update

l CPU occupation by routing protocols

l Whether it supports default and static routes

l Whether it supports route aggregation

Routing Protocol Expandability Routing Protocol Expandability




Selection of Routing Protocol in Hierarchical Network

l Selection of routing protocol for core layer

[Support of redundancy links and load sharing

[Recommended: OSPF, IS-IS

[Not recommended: RIP

l Selection of routing protocol for convergence layer

[Recommended: OSPF, IS-IS, RIPv2

l Selection of routing protocol for access layer

[Recommended: OSPF, RIPv2, static routing protocol

[ IS-IS is not suitable for access layer




Redistribution Among Routing Protocols

l A router runs more than one routing protocol

l Routing protocols need share routing information

l Determine boundary of routing areas

l One-way distribution and two-way distribution

ð One-way distribution refers to distribution of routing information from one protocol to another protocol, and use of static or default route in the reverse direction.

ð Two-way distribution refers to distribution of routing information from one protocol to another protocol or vice versa.

ð Use route filter

l Avoid re-advertisement of routes learnt from a protocol back to it

l Measures of different protocols are different.

Necessity Necessity

Redistribution Principle Redistribution Principle




Developing Network Security

l Access policy

[Access rights hierarchy

l Responsibility policy

[Responsibility of users, operators, and administrators

l Authentication policy

[Password mechanism

l Privacy policy

[Reasonable privacy monitor, email monitor, and keystroke records

l Purchase of computer technologies

[Computer network configuration, audit, and security policies

Security PolicySecurity Policy





l Physical security

[Physical isolation of key network resources

[Certification and authorization

[Certificate and authenticate the validity of user identity

[Limit the range of network resources available for certified users by right control

l Data encryption

[Encrypt original data to prevent data from being read by third-parties

[Choose a balanced solution between security and performance

l No encryption for internal networks

[Encrypt VPN users and private networks connecting with Internet






l Data packet filter

[ Protect network resources from unauthorized use, theft, damage, and attack

l Firewall

[ Physical equipment

− Deploy devices to perform security policies at the border of two or more networks

− Configure ACL router, dedicated hardware, and software on PC and Unix systems

[ Firewall types

− Static packet filter

▪ Check packets one by one; fast forwarding; simple configuration

− Dynamic firewall

▪ Trace sessions and make intelligent admission and discard decisions






l Intrusion Detecting system (IDS)

[Usage

− Detect malicious attacks

− Take performance statistics and analyze exceptional cases

[Type

− Host IDS: running on a single host and detecting only this host

− Network IDS: detecting the stream of the whole network





Developing Management Network System

Traditional Network Management ModelTraditional Network Management Model

FCAPS in TMN model

Configurationmanagement

Faultmanagement

Security management

accountingmanagement

Performancemanagement





NM Development Trend NM Development Trend

l More powerful and flexible NM functions

l Distributed deployment and processing

l Intellectualized and automated gateway

l Integrated and customized management of large networks

l More applications of Web-based NM technologies

l In-depth analysis of network data

l Platform and modularization of NMS

l NMS redundant backup

l Evolution from IPv4 to IPv6




Developing Management Network SystemIPv4IPv4--IPv6 Dual Stack NM IPv6 Dual Stack NM

IPV6

IPV6IPV4

IPV6

IPV4

IPV4Dual stack host

IPv4-IPv4 route





IPv6 NM IPv6 NM

IPv6 network

SNMPv6





NMS Model NMS Model

External systemData operation

Integrated NM

NMSTerminal interface

Northbound interface

Southbound interface

Inband or outband NM

NE

Data management

Data collection, alarm, and control




InbandInband ManagementManagement

IP/ATM Core

N2000 NMS

Other NMS

Backup

Firewall

Aggregation Layer

Access Devices

N2000 Local Terminal

Technology Support (Local Console Configuration)

Aggregation Layer





OutbandOutband Management Management

IP/ATM Core

N2000 NMS

Other NMS

BackupDCN

Firewall

Aggregation Layer

Access Devices

N2000 Local Terminal

Technology Support (Local Console Configuration)

Aggregation Layer






Provincial terminal

Provincial OSS NMS

Municipal terminal

Municipal OSS NMS

Municipal NE

TwoTwo--level NMlevel NM





Provincial terminal

Intelligent NMS

Municipal terminal Regional IN NE

Centralized NMCentralized NM

SCP/SMP




Developing Management Network SystemIntegrated NM

Provincial traffic NMS

Municipal OSS

IN NMS Municipal NE

Municipal terminal

Provincial NMS A Provincial

NMS B

Municipal OMC

Municipal NE

Municipal terminal





External InterfaceExternal Interface

OSS Provincial NM terminal

DCN/Group/Internet





Municipal terminal

Municipal NMS

Municipal NE

Independent NM Independent NM

Provincial NMS

Provincial terminal

Provincial NE




Network infrastructure NMS Service NE

User

• PSTN terminal • Mobile terminal • Third party

access

User domain Network domain • Internal

systems • External

interfaces • DMZ

NM domain • Provincial NMS sub-domain • Simens NMS sub-domain • Ericsson NMS sub-domain • Municipal NMS sub-domain • ……

NM network service domain

• Public security service

• Public service for external system connection

Cross-sub-domain NM

network data arrangement

Service Model of NM Network Service Model of NM Network Developing Management Network System




Service module 7

Service module 1

Service module 2Service module 3

Service module 4

Service module 5

Service module 6Service module 8

Architecture of NM Network Architecture of NM Network

Barring backdoor connection






PUPV/IP base PUPV/IPbase risk area

Trusted channel

MPLS/IP

Security domain

Third party access area

Third party access area Third party access area

Dedicated terminal

Server Terminal

Internet

DCN

DMZ区Security area

Risk area

Municipal NM sub-domain by Huawei

Municipal NM sub-domain by Ericsson

Municipal traffic NM sub-domainProvincial traffic NM sub-domain

Provincial NM sub-domain by Ericsson Provincial NM sub-domain by Huawei

Public security service domain

Cross-sub-domain data exchange area

Network access authentication gateway

Public external interface area

External risk Internal

risk

Implementation of NM Network Implementation of NM Network

Dedicated terminal

Dedicated terminal





IDS

Provincial branch Municipal branch

Internet

DCNNetwork domain

Standby authentication gateway

Active authentication gateway

Service system 1 Service system 2 Service system 3 Service system 4

Active WPN dataexchange area

Standby WPN data exchange area

Municipalnode 1

Municipalnode N

Public external interface area

MA5200FMA5200F

MA5200FMA5200F



www.huawei.com

Thank You


http://www.huawei.com


ODD010001 Overview of IP Network Planning ISSUE1_1

Documents

Transcript of ODD010001 Overview of IP Network Planning ISSUE1_1