computing. IT staff can easily provide
departmental staff, suppliers, or customers with secure access
to applications and resources. This approach simplifies and
streamlines management, significantly reducing overhead.
Redundant data centers provide backup using synchronous and
asynchronous data and application replication. The network and
devices offer server and application load balancing to maximize
performance. This solution allows enterprises to scale without
major changes to the infrastructure. Branch
architecture: Enables enterprises to extend head-office
applications and services, such as security, IP Communications,
and advanced application performance, to thousands of remote
locations and users, or to a small group of branches. Cisco
integrates security, switching, network analysis, caching, and
converged voice and video services into a series of integrated
services routers in the branch so that enterprises can deploy
new services when they are ready without buying new equipment.
This solution provides secure access to voice, mission-critical
data, and video applications anywhere, anytime. Advanced
network routing, VPNs, redundant WAN links, application content
caching, and local IP telephony call processing provide a
robust architecture with high levels of resilience for all the
branch offices. An optimized network leverages the WAN and LAN
to reduce traffic and save bandwidth and operational expenses.
Enterprises can easily support branch offices with the ability
to centrally configure, monitor, and manage devices located at
remote sites, including tools, such as AutoQoS, that
proactively resolve congestion and bandwidth issues before they
affect network performance. Teleworker
architecture: Allows enterprises to securely deliver voice
and data services to remote small or home offices over a
standard broadband access service, providing a business
resiliency solution for the enterprise and a flexible work
environment for employees. Centralized management minimizes IT
support costs, and robust integrated security mitigates the
unique security challenges of this environment. Integrated
security and identity-based networking services enable the
enterprise to help extend campus security policies to the
teleworker. Staff can securely log into the network over an
“always-on” VPN and gain access to authorized applications and
services from a single cost-effective platform. The
productivity can further be enhanced by adding an IP phone,
providing cost-effective access to a centralized IP
communications system with voice and unified messaging
services. WAN architecture: Offers the
convergence of voice, video, and data services over a single IP
communications network. This approach enables enterprises to
cost-effectively span large geographic areas. QoS, granular
service levels, and comprehensive encryption options help
ensure the secure delivery of high-quality corporate voice,
video, and data resources to all corporate sites, enabling
staff to work productively and efficiently from any location.
Security is provided with multiservice VPNs (IPSec and MPLS)
over Layer 2 and Layer 3 WANs, as well as hub-and-spoke and
full mesh topologies.
Content 1.1
Introducing Campus Networks 1.1.3 Describing
Non-Hierarchical Campus Network Issues The simplest
Ethernet network infrastructure is composed of a single
collision and broadcast domain. This type of network is
referred to as a “flat” network because any traffic that is
transmitted within it is seen by all of the interconnected
devices, even if they are not the intended destination of the
transmission. The benefit of this type of network is that it is
very simple to install and configure, so it is a good fit for
home networking and small offices. The downside of a flat
network infrastructure is that it does not scale well as
demands on the network increase. Following are some of the
issues with non-hierarchical networks: - Traffic
collisions increase as devices are added, reducing network
throughput.
- Broadcast traffic increases as devices
are added to the network, causing over-utilization of network
resources.
- Isolating problems on a large flat network
can be difficult.
Figure shows the key network
hardware devices in a non-hierarchical network and the function
of each.
Content 1.1 Introducing Campus
Networks 1.1.4 Describing Layer 2 Network
Issues Layer 2 switches can significantly improve
performance in a carrier sense multiple access collision detect
(CSMA/CD) network when used in place of hubs. This is because
each switch port represents a single collision domain, and the
device connected to that port does not have to compete with
other devices to access the media. Ideally, every host on a
given network segment is connected to its own switch port, thus
eliminating all media contention as the switch manages network
traffic at Layer 2. An additional benefit of Layer 2 switching
is that large broadcast domains can be broken up into smaller
segments by assigning switch ports to different VLAN segments.
For all their benefits, some drawbacks still exist in
non-hierarchical switched networks: - If switches are
not configured with VLANs, very large broadcast domains may be
created.
- If VLANs are created, traffic cannot move
between VLANs using only Layer 2 devices.
- As the
Layer 2 network grows, the potential for bridge loops
increases. Therefore, the use of a Spanning Tree Protocol (STP)
becomes imperative.
Content 1.1
Introducing Campus Networks 1.1.5 Describing
Routed Network Issues A major limitation of Layer 2
switches is that they cannot switch traffic between Layer 3
network segments (IP subnets for example). Traditionally, this
was done using a router. Unlike switches, a router acts as a
broadcast boundary and does not forward broadcasts between its
interfaces. Additionally, a router provides an optimal path
determination function. The router examines each incoming
packet to determine which route the packet should take through
the network. Also, the router can act as a security device,
manage QoS, and apply network policy. Although routers used in
conjunction with Layer 2 switches resolve many issues, some
concerns still remain: - When security or traffic
management components, such as access control lists (ACLs),
are configured on router interfaces, the network may experience
delays as the router processes each packet in software.
- When routers are introduced into a switched network,
end-to-end VLANs are no longer supported because routers
terminate the VLAN.
- Routers are more expensive per
interface than Layer 2 switches, so their placement in the
network should be well planned. Non-hierarchical networks, by
their very nature, require more interconnections and, hence,
more routed interfaces.
- In a non-hierarchical network,
the number of router interconnections may result in peering
problems between neighboring routers.
- Because traffic
flows are hard to determine, it becomes difficult to predict
where hardware upgrades are needed to mitigate traffic
bottlenecks.
Content 1.1 Introducing
Campus Networks 1.1.6 Multilayer Switching
Multilayer switching is hardware-based switching and routing
integrated into a single platform. In some cases, frame (Layer
2) and packet (Layer 3) forwarding operations are handled by
the same specialized hardware ASIC and other specialized
circuitry. A multilayer switch does everything to a frame and
packet that a traditional switch and router do, including the
following: - Provides multiple simultaneous switching
paths
- Segments broadcast and failure domains
- Provides destination-specific frame forwarding based on
Layer 2 information
- Determines the forwarding path
based on Layer 3 information
- Validates the integrity
of the Layer 2 frame and Layer 3 packet via checksums and other