俄勒冈大学网络设计.pptx

1、Campus Networking WorkshopCore Network DesignRouting ArchitecturesWhere do we route?At the point where we want to limit our layer-2 broadcast domainAt your IP subnet boundaryWe can create more complex topologies using routers and at the same time keep things saneRouting ArchitecturesIf we start with

2、 the right topology it will make our network more stableUse a hierarchical approach that makes good use of your traffic patterns and IP address allocationsBe aware that topology and logical design are not the sameRouting ArchitecturesWhat is the right topology?Continue to think of three layersAccess

3、DistributionCoreThinking of layers helps reduce convergence time because of the scope of information to processThese layers should not be confused with your L2 architectureRouting ArchitecturesRouting ArchitecturesAccess LayerMinimum routing informationFeeds traffic into the networkLink sizingProvid

4、es network access controlNo spoofingNo broadcast sourcesNo directed broadcastsProvides other edge servicesTagging for QoSTunnel terminationTraffic metering and accountingPolicy-based routingRouting ArchitecturesDistribution LayerGoalsIsolates topology changesControls the routing table sizeAggregates

5、 trafficStrategiesRoute summarizationMinimize the number of connections to the coreRouting ArchitecturesCore LayerGoalForwarding packets fastStrategiesClear of network policiesEvery device has full reachability to every destinationFacilitates core redundancyReduces suboptimal routingPrevents routing

6、 loopsRouting ArchitecturesDepending in how large your campus is you could use the typical hierarchical model or a subsetTwo collapse core models1.Single router acts as the network coreAll other routers in the distribution layer2.Single router acts as the network coreNo distribution layerAll access

7、layer routers connected to the coreRouting ArchitecturesRouting ArchitecturesWhat to do about your address spaceAssign it as you need it.WRONG!Poor summarization has an impact on your networks stabilityVery difficult to correct poor allocationsSpend some time thinking about how you will assign addre

8、ss spaceRouting stability is affected by the number of routes propagated through your networkRouting ArchitecturesRouting ArchitecturesWhat happens if the link to router D fails?How is the distribution layer affected?How is the core layer affected?What changes can I make to my address allocation and

9、 address summarization to minimize the impact of a link failure on convergence time and network stability?Routing ArchitecturesRouting ArchitecturesWhere should you summarize?Only provide full topology where it is neededCore routers dont need to know about every single networkAccess routers dont nee

10、d to know how to get to every other networkThey should only carry enough information to reach one(or a couple of)distribution router(s)Summarize at the hierarchy edgesDistribution layer to coreDistribution layer to accessRouting ArchitecturesStrategies for Successful AddressingFirst come,first serve

11、Start with a large pool and hand them out as neededPoliticallyDivide the space so each group with in the organization have a pool of addresses availableGeographicallyDivide the space so that every location has a pool of addresses availableTopologicallyAssign addresses based on the point of attachmen

12、t to the network(maybe same as geographically)Routing ArchitecturesAddressing&Summarization“Easy for you to say.I already have my network running and it looks nothing like what you show”You are not aloneThe principles still applyTake it slowly.Define a goal and start working towards it.It can take y

13、ears.Maybe we can do the right thing with IPv6High AvailabilityHow can we achieve high availability?Introduce hardware resiliency and backup paths into your networkDepending on the layer,you will use techniques differently The idea is to protect your network against a single device failure affecting

14、 all of your networkDirect relationship between reliability,complexity and costsThe trick is to balance all variables and come up aheadHigh AvailabilityYou need to evaluate your needsMinimal needNetwork just needs to be up for a portion of the dayDowntime is easily schedule after working hoursBusine

15、ss is not impacted if the network is downUsers productivity is not impacted by a network failureHigh AvailabilityMedium needNetwork needs to be available for most of the dayOnly centralized servers need to be up 24 hours/dayDowntime needs to be scheduled on weekendsIf critical parts of the network f

16、ail,the business operation is impactedA network failure affects user productivityHigh AvailabilityHigh needNetwork needs to be up 24x7Downtime needs to be scheduled well in advance and completed within scheduleA network failure causes major loss of businessUser productivity drastically impacted by a

17、 network failureHigh AvailabilityMethodsComponent RedundancyDuplicate or backup partsPower supplies,fans,processors,etc.Have spares handyServer RedundancyProtect your data with backupsUse of hot standby serversOr better yet use load balancers to distribute accessNetwork Link&Data Path RedundancyProv

18、ide physical redundant connections between devicesAllow for hot backup paths(STP)and parallelism(routing)High AvailabilityCore layerBuild a dual router core and provide dual paths to it from your distribution layerThese could be either L2 or L3 pathsMake sure that you have redundant power supplies i

19、n your devicesThis also assumes two different sources of powerThink of UPS protected circuitsMaybe even a power inverter solution for emergenciesThink about the possibility of dual routing/forwarding enginesWeigh this against the use of two devicesOr just throw that in there as yet another layer of

20、reliabilityHigh AvailabilityCore layerYou want to also balanceReduction of the hop countReduction of the available pathsIncrease of the number of failures to withstandEasy to do in a single location but complexity and costs directly proportional to the number and distance between the locations High

21、AvailabilityDistribution LayerProvide dual connections to the coreOr provide a redundant link to other distribution layer devicesDoubles the cores routing table sizePossible use of the redundant path for traffic transiting the corePreferring the redundant link to the core pathRouting information lea

22、ksAllow for dual-homing of Access layer devicesHigh AvailabilityDistribution Layer:Make sure that you have redundant power supplies in your devicesThis also assumes two different sources of powerThink of UPS protected circuitsMaybe even a power inverter solution for emergenciesThink about the possib

23、ility of dual routing/forwarding enginesWeigh this against the use of two devicesOr just throw that in there as yet another layer of reliabilityIncreases the cost of the distribution layerHigh AvailabilityAccess LayerSame challenges and solutions as the distribution layerDual home to the same distri

24、bution layer branchMake sure to restrict destinations advertised to prevent transit traffic through the access layer routerAlternate path to another access layer deviceDont use the redundant link for normal trafficMake sure to restrict destinations advertised to prevent transit traffic through the a

25、ccess layer routerHigh AvailabilityAccess LayerDual home to different distribution layer branchesDont use the redundant link for normal trafficMake sure to restrict destinations advertised to prevent transit traffic through the access layer routerHigh AvailabilityHigh AvailabilityHigh AvailabilityHi

26、gh AvailabilitySo I built all this redundancy and high availability in my network,how can my end users take advantage of it?You are already providing more that one router for a segmentYou want to provide your users with a way to move their traffic from one default gateway to anotherHigh Availability

27、If one of the routers fails the other one will continue to provide services to the segmentBe aware that redundancy is not the same as load balancingHigh AvailabilityHow can we accomplish that?Have the routers do proxy-ARP Yikes!Run a routing protocol between your workstations and the routers Yikes!S

28、plit your workstations into two groupsOne uses one router as its default gatewayThe other group uses the other routerUse ICMP Router Discovery Protocol(IRDP)There is got to bit a better and simpler way to do thisHigh AvailabilityCurrent solutions:Hot Standby Redundancy Protocol HSRP(Cisco Proprietar

29、y,RFC2281)Virtual Router Redundancy Protocol VRRP(RFC3768)Gateway Load Balancing Protocol GLBP(Cisco Proprietary)High AvailabilityThe concept is very similarWorkstations get configured with a single default gatewayThe routers in the segment will negotiate who will provide services to the workstation

30、s and keep track of the state of the other routersIn the event of a primary/active router failure,one of the standby routers will take over the task of forwarding traffic for the workstations and become the primary/activeTraffic to the workstations will go to the primary/active routerIncoming traffi

31、c into the segment will follow the routing decisions made by routers in the networkHigh AvailabilityHSRPHigh AvailabilityVRRPHigh AvailabilityGLBPHigh AvailabilityWhich one should I use?They all allow for a common default gateway and MAC addressVRRP is standardizedHSRP/GLBP are Cisco proprietaryGLBP

32、 provides load balancingHSRP/VRRP do not(without introducing complexity)GLBP/HSRP can track an uplink interfaceVRRP does notHigh AvailabilityVRRP can reuse the default gateway IPHSRP does notHSRP/GLBP support IPv6 VRRP does not yetVRRP uses protocol 112&224.0.0.18HSRP uses UDP/1985&224.0.0.2GLBP use

33、s UDP/3222&224.0.0.102Routing ProtocolsSo,now I know what my network is going to look like or is that true?We need to figure out how packets will be forwarded.That is a function of the router and the routing protocols that we will implementThere are many optionsRIPv2/EIGRP/OSPF/IS-IS/BGPRouting Prot

34、ocolsRouting protocols can be classified inInterior Gateway Protocols(IGP)RIP,EIGRP,OSPF,IS-ISWe will talk about OSPF later onExterior Gateway Protocols(EGP)BGPWe will talk about BGP later onRouting versus ForwardingRouting=building maps and giving directionsForwarding=moving packets between interfa

35、ces according to the“directions”IP Routing finding the pathPath derived from information received from a routing protocolSeveral alternative paths may existbest next hop stored in forwarding tableDecisions are updated periodically or as topology changes(event driven)Decisions are based on:topology,p

36、olicies and metrics(hop count,filtering,delay,bandwidth,etc.)IP route lookupBased on destination IP packet“longest match”routingmore specific prefix preferred over less specific prefixexample:packet with destination of 10.1.1.1/32 is sent to the router announcing 10.1/16 rather than the router annou

37、ncing 10/8.IP route lookupR2R3R1R4All 10/8 except10.1/1610.1/16 Based on destination IP packetPacket:DestinationIP address:10.1.1.110/8 R310.1/16 R420/8 R530/8 R6.R2s IP routing tableIP route lookup:Longest match routingR2R3R1R4All 10/8 except10.1/1610.1/16 Based on destination IP packetR2s IP routi

38、ng table10.1.1.1&FF.0.0.0 vs.10.0.0.0&FF.0.0.0Match!Packet:DestinationIP address:10.1.1.110/8 R310.1/16 R420/8 R530/8 R6.IP route lookup:Longest match routingR2R3R1R4All 10/8 except10.1/1610.1/16 Based on destination IP packet10.1.1.1&FF.FF.0.0 vs.10.1.0.0&FF.FF.0.0Match as well!Packet:DestinationIP

39、 address:10.1.1.110/8 R310.1/16 R420/8 R530/8 R6.R2s IP routing tableIP route lookup:Longest match routingR2R3R1R4All 10/8 except10.1/1610.1/16 Based on destination IP packet10.1.1.1&FF.0.0.0 vs.20.0.0.0&FF.0.0.0Does not match!Packet:DestinationIP address:10.1.1.110/8 R310.1/16 R420/8 R530/8 R6.R2s

40、IP routing tableIP route lookup:Longest match routingR2R3R1R4All 10/8 except10.1/1610.1/16 Based on destination IP packet10.1.1.1&FF.0.0.0 vs.30.0.0.0&FF.0.0.0Does not match!Packet:DestinationIP address:10.1.1.110/8 R310.1/16 R420/8 R530/8 R6.R2s IP routing tableIP route lookup:Longest match routing

41、R2R3R1R4All 10/8 except10.1/1610.1/16 Based on destination IP packet10/8 R310.1/16 R420/8 R530/8 R6.R2s IP routing tablePacket:DestinationIP address:10.1.1.1Longest match,16 bit netmaskIP ForwardingRouter makes decision on which interface a packet is sent toForwarding table populated by routing processForwarding decisions:destination addressclass of service(fair queuing,precedence,others)local requirements(packet filtering)Can be aided by special hardwareRouting Tables Feed the Forwarding TableBGP 4 Routing TableOSPF Link State DatabaseStatic RoutesForward Table