authentication support using standards such as
802.1x and Extensible Authentication Protocol (EAP).
Cisco Enterprise Campus Architecture provides the
flexibility to add IPsec and Multiprotocol Label Switching
virtual private networks (MPLS VPNs), identity and access
management, and VLANs to compartmentalize access. These
features help improve performance and security and decrease
cost. Cisco Enterprise Data
Center Architecture: Cisco Enterprise Data
Center Architecture is a cohesive and adaptive network
architecture. The Cisco Enterprise Data Center supports
business and IT requirements for consolidation, business
continuity, and security. At the same time, this architecture
enables emerging service-oriented architectures,
virtualization, and on-demand computing. IT staff can easily
provide departmental staff, suppliers, or customers with secure
access to applications and resources. This structure simplifies
and streamlines management, significantly reducing overhead.
Redundant data centers provide backup using synchronous and
asynchronous data and application replication. The network and
devices offer server and application load balancing to maximize
performance. This solution allows the enterprise to scale
without major changes to the infrastructure. Cisco
Enterprise Branch Architecture: Cisco Enterprise
Branch Architecture allows enterprises to extend
head-office applications and services, such as security, Cisco
IP Communications, and advanced application performance, to
thousands of remote locations and users or to a small group of
branches. Cisco integrates security, switching, network
analysis, caching, and converged voice and video services into
a series of integrated services routers in the branch. With
this integration, enterprises can deploy new services when they
are ready to do so without having to buy new equipment. This
solution provides secure access to voice, mission-critical
data, and video applications anywhere and anytime. Advanced
network routing, VPNs, redundant WAN links, application content
caching, and local IP telephony call processing provide a
robust architecture with high levels of resilience for all the
branch offices. An optimized network leverages the WAN and LAN
to reduce traffic and save bandwidth and operational expenses.
Enterprises can easily support branch offices with the ability
to centrally configure, monitor, and manage devices that are
located at remote sites, including tools, such as AutoQoS or
the Security Device Manager (SDM) QoS wizard, that proactively
resolve congestion and bandwidth issues before they affect
network performance. Cisco Enterprise
Teleworker Architecture: Cisco Enterprise
Teleworker Architecture allows enterprises to deliver
secure voice and data services to remote small or home offices
(small office/home office [SOHO]) over a standard broadband
access service, providing a business resiliency solution for
the enterprise and a flexible work environment for employees.
Centralized management minimizes the IT support costs and
robust integrated security mitigates the unique security
challenges of this environment. Integrated security- and
identity-based networking services enable the enterprise to
help extend campus security policies to the teleworker. Staff
can securely log on to the network over an always-on VPN and
gain access to authorized applications and services from a
single cost-effective platform. Adding an IP phone to provide
cost-effective access to a centralized IP Communications system
with voice and unified messaging services enhances
productivity. Cisco Enterprise WAN
Architecture: Cisco Enterprise WAN Architecture
provides converged voice, video, and data services over a
single IP Communications network. This convergence enables the
enterprise to span large geographic areas cost effectively.
QoS, granular service levels, and comprehensive encryption
options help to ensure the secure delivery of high-quality
corporate voice, video, and data resources to all corporate
sites. Delivering these services enables people to work
productively and efficiently regardless of their location.
Security is provided with multiservice VPNs (IPsec and MPLS)
over Layer 2 or Layer 3 WANs, hub-and-spoke, or full-mesh
topologies. Example: Enterprise Network
Figure shows a network structured on the Cisco hierarchical
model design and using the Cisco Enterprise Architectures
described above. Various architectures and submodules form an
integrated converged network that supports business processes.
In this example, the enterprise campus network comprises five
submodules: - Building access with access switches and
end devices (PCs and IP phones)
- Building distribution
with distribution multilayer switches
- Backbone
- Edge distribution that concentrates all branches and
teleworkers accessing the campus via WAN or the Internet
- Server farm that represents the data center
Additional submodules represent remote access and VPN,
Internet, and traditional WAN (Frame Relay, ATM, and leased
lines with Point-to-Point Protocol [PPP]).
Content
1.2 Describing Converged Network Requirements
1.2.3 Traffic Conditions in a Converged
Network Converged networks with integrated voice, video,
and data contain a mix of traffic patterns and
requirements: - Voice and video traffic (for example, IP
telephony and video broadcast and conferencing)
-
Video traffic, frequently carried as IP multicast traffic
- Voice applications traffic, generated by voice-related
applications (such as contact centers)
-
Mission-critical traffic, generated, for example, by stock
exchange applications
- Transactional traffic,
generated by e-commerce applications
- Routing update
traffic from routing protocols such as Routing Information
Protocol (RIP), Open Shortest Path First (OSPF), Enhanced
Interior Gateway Routing Protocol (EIGRP), Intermediate
System-to-Intermediate System (IS-IS), and Border Gateway
Protocol (BGP)
- Network management traffic
-
Bulk transfer (such as file transfer or HTTP), considered
best-effort traffic
- Scavenger (such as casual
entertainment or rogue traffic), considered
less-than-best-effort traffic
The diversity of the
traffic mix imposes stringent performance and security
requirements on the network. The requirements differ
significantly, depending on the traffic type. For example,
voice and video require constant bandwidth with low delay and
jitter, while transactional traffic requires high reliability
and security with relatively low bandwidth. In addition, voice
applications, such as IP telephony, require high reliability
and availability, because users expect the dial tone in the IP
network to be the same as in a traditional telephone network.
To meet the traffic requirements in the network, voice and
video traffic must be treated differently from other traffic,
such as web-based (HTTP) traffic. Quality of Service mechanisms
are mandatory in converged networks. Security is a key issue in
fixed networks but is even more important in wireless mobility,
where access to the network is possible from virtually
anywhere. Several security strategies, such as device hardening
with strict access control and authentication, intrusion
protection, intrusion detection, and traffic protection with
encryption, can mitigate network security threats. Note
Converged networks span the entire range of access options,
from fixed networks to WLANs and mobile wireless networks.
Example: Integrated Services in a Converged Network
Figure shows a sample converged network with integrated secured
services. The network deploys advanced technologies including
IP communications (IP telephony and unified messaging),
wireless mobility, and security. The clouds in the figure
represent the Cisco Enterprise WAN Architecture. The links in
this area can easily become blocked and affect the performance