Authorized Self-Study Guide
Designing for Cisco Internetwork
Solutions (DESGN)
Second Edition
Diane Teare
Cisco Press
800 East 96th Street
Indianapolis, IN 46240 USA
ii
Authorized Self-Study Guide
Designing for Cisco Internetwork Solutions (DESGN), Second Edition
Diane Teare
Copyright© 2008 Cisco Systems, Inc.
Published by:
Cisco Press
800 East 96th Street
Indianapolis, IN 46240 USA
All rights reserved. No part of this book may be reproduced or transmitted in any form or by any means, electronic or mechanical,
including photocopying, recording, or by any information storage and retrieval system, without written permission from the publisher, except for the inclusion of brief quotations in a review.
Printed in the United States of America
First Printing October 2007
Library of Congress Cataloging-in-Publication Data:
Teare, Diane.
Designing for Cisco internetwork solutions (DESGN) / Diane Teare. -- 2nd ed.
p. cm. -- (Authorized self-study guide)
Rev. ed. of: CCDA self-study : designing for Cisco internetwork solutions (DESGN) / Diane Teare. c2004.
"Exam 640-863."
ISBN-13: 978-1-58705-272-9 (hardcover)
ISBN-10: 1-58705-272-5 (hardcover)
1. Computer networks--Examinations--Study guides. 2. Telecommunications engineers--Certification. 3. Internetworking
(Telecommunication)--Examinations--Study guides. I. Title. II. Series.
TK5105.5.T418 2008
004.6--dc22
2007032855
ISBN-13: 978-1-58705-272-9
ISBN-10: 1-58705-272-5
Warning and Disclaimer
This book is designed to provide information about designing Cisco networks. Every effort has been made to make this book as complete and as accurate as possible, but no warranty or fitness is implied.
The information is provided on an “as is” basis. The author, Cisco Press, and Cisco Systems, Inc. shall have neither liability nor
responsibility to any person or entity with respect to any loss or damages arising from the information contained in this book or from
the use of the discs or programs that may accompany it.
The opinions expressed in this book belong to the author and are not necessarily those of Cisco Systems, Inc.
iii
Trademark Acknowledgments
All terms mentioned in this book that are known to be trademarks or service marks have been appropriately capitalized. Cisco Press
or Cisco Systems, Inc., cannot attest to the accuracy of this information. Use of a term in this book should not be regarded as affecting the validity of any trademark or service mark.
Corporate and Government Sales
The publisher offers excellent discounts on this book when ordered in quantity for bulk purchases or special sales, which may
include electronic versions and/or custom covers and content particular to your business, training goals, marketing focus, and branding interests. For more information, please contact:
U.S. Corporate and Government Sales
1-800-382-3419
For sales outside the United States please contact:
International Sales
Feedback Information
At Cisco Press, our goal is to create in-depth technical books of the highest quality and value. Each book is crafted with care and precision, undergoing rigorous development that involves the unique expertise of members from the professional technical community.
Readers’ feedback is a natural continuation of this process. If you have any comments regarding how we could improve the quality
of this book, or otherwise alter it to better suit your needs, you can contact us through email at Please
make sure to include the book title and ISBN in your message.
We greatly appreciate your assistance.
Publisher: Paul Boger
Cisco Representative: Anthony Wolfenden
Associate Publisher: Dave Dusthimer
Cisco Press Program Manager: Jeff Brady
Executive Editor: Brett Bartow
Development Editor: Eric Stewart
Managing Editor: Patrick Kanouse
Copy Editor: Mike Henry
Senior Project Editor: Tonya Simpson
Technical Editors: Shawn Boyd and Richard Piquard
Editorial Assistant: Vanessa Evans
Proofreader: Gayle Johnson
Designer: Louisa Adair
Composition: Mark Shirar
Indexer: Ken Johnson
iv
About the Author
Diane Teare is a professional in the networking, training, and e-learning fields. She has more than
20 years of experience in designing, implementing, and troubleshooting network hardware and
software and has also been involved in teaching, course design, and project management. She has
extensive knowledge of network design and routing technologies and is an instructor with one of
the largest authorized Cisco Learning Partners. She was recently the Director of e-Learning for
the same company, where she was responsible for planning and supporting all the company’s
e-learning offerings in Canada, including Cisco courses. Diane has a bachelor’s degree in applied
science in electrical engineering (BASc) and a master’s degree in applied science in management
science (MASc). She is a certified Cisco instructor and currently holds her CCNP and CCDP
certifications. She coauthored the Cisco Press titles Campus Network Design Fundamentals, the
three editions of Building Scalable Cisco Internetworks (BSCI), and Building Scalable Cisco
Networks. She also edited the first edition of this book and Designing Cisco Networks.
About the Technical Reviewers
Shawn Boyd is a senior network consultant for ARP Technologies, Inc. He has worldwide
experience in consulting on many different projects, such as security/VoIP for Cisco Systems
Israel, intrusion prevention for Top Layer Networks of Boston, and DSL infrastructure rollout for
Telus Canada. Shawn is also active in course development and is a certified Cisco instructor with
ARP Technologies, Inc., responsible for teaching most of the Cisco curriculum. He has coauthored
IT security–related books for Cisco Press and has been a technical editor on a few Cisco Press
Self-Study Guides. His background is in network security and design at a service provider level.
He has worked for Canada’s largest telco providers, performing network designs and
implementations, and was lead contact on many large government contracts.
Richard Piquard is a senior network architect for Global Knowledge Network, Inc. He has more
than seven years of experience as a certified Cisco instructor, teaching introductory and advanced
routing, switching, design, and voice-related courses throughout North America and Europe.
Richard has a highly diverse skill set in design and implementation of both Cisco and multivendor
environments. His experience in the industry ranges from his military background as the network
chief of the Marine Corps Systems Command, Quantico, Virginia, to a field engineer for the Xylan
Corporation (Alcatel), Calabasas, California, to a member of a four-person, worldwide network
planning and implementation team for the Household Finance Corporation, Chicago.
v
Dedications
This book is dedicated to my wonderful husband, Allan Mertin, whose optimism inspires
me; to our captivating son, Nicholas, and his enthusiastic curiosity and quest for
knowledge; to my parents, Syd and Beryl, for their continuous love and support; and to
my friends, including “the Girls,” for continuing to help me keep my sanity!
Acknowledgments
I would like to thank the many people who helped put this book together, including the following:
The Cisco Press team—Brett Bartow, the executive editor, for driving this book through the
process, and his continued support over the years. Vanessa Evans was instrumental in organizing
the logistics and administration. Eric Stewart, the development editor, has been invaluable in
producing a high-quality manuscript. I would also like to thank Tonya Simpson for her excellent
work in shepherding this book through the editorial process. Thanks also to Richard Froom, Balaji
Sivasubramanian, and Erum Frahim, the authors of Cisco Press’s Building Cisco Multilayer
Switched Networks (BCMSN), Fourth Edition.
The Cisco Systems team—Many thanks to the members of the team who developed the latest
version of the DESGN course. The team included two people from Chesapeake Netcraftsmen:
Carole Warner Reece and Peter Welcher. Members of the team from Cisco Systems included
Dennis Masters, Dwayne Fields, Pat Lao, Bill Chadwick, Bob Eckoff, Bob Ligett, Drew Blair, and
the project manager, Dan Stern.
The technical reviewers—I would like to thank the technical reviewers of this book, Shawn Boyd
and Richard Piquard, for their comprehensive, detailed review and beneficial input.
My family—Of course, this book would not have been possible without the constant
understanding and tolerance of my family, who have lived through the many weekends and nights
it took to complete it. Special thanks to Nicholas for always making sure I got lots of hugs!
vi
vii
Contents at a Glance
Foreword
xxvi
Introduction
xxvii
Chapter 1
Network Fundamentals Review 3
Chapter 2
Applying a Methodology to Network Design
Chapter 3
Structuring and Modularizing the Network
Chapter 4
Designing Basic Campus and Data Center Networks
Chapter 5
Designing Remote Connectivity
Chapter 6
Designing IP Addressing in the Network
Chapter 7
Selecting Routing Protocols for the Network
Chapter 8
Voice Network Design Considerations
Chapter 9
Wireless Network Design Considerations
Chapter 10
Evaluating Security Solutions for the Network
57
129
221
293
377
429
479
565
651
Appendix A
Answers to Review Questions and Case Studies
Appendix B
IPv4 Supplement
Appendix C
Open System Interconnection (OSI) Reference Model
Appendix D
Network Address Translation
Acronyms and Abbreviations
Index
888
725
807
871
859
845
viii
Contents
Foreword xxvi
Introduction xxvii
Chapter 1
Network Fundamentals Review 3
Introduction to Networks 3
Protocols and the OSI Model 4
The OSI Model 5
Protocols 6
The OSI Layers 6
Physical Layer—Layer 1 7
Data Link Layer—Layer 2 7
Network Layer—Layer 3 7
Transport Layer—Layer 4 8
Upper Layers—Layers 5 Through 7 9
Communication Among OSI Layers 9
LANs and WANs 11
Network Devices 13
Terminology: Domains, Bandwidth, Unicast, Broadcast, and Multicast
Hubs 14
Switches 14
Routers 16
Introduction to the TCP/IP Suite 17
TCP/IP Transport Layer Protocols 18
Port Numbers 20
TCP Sequencing, Acknowledgment, and Windowing 21
TCP/IP Internet Layer Protocols 24
Protocols 25
IP Datagrams 25
TCP/IP-Related Data Link Layer Protocol 27
Routing 27
Routers Work at the Lower Three OSI Layers 28
Routing Tables 29
Routing Protocols 31
Addressing 31
Physical Addresses 31
Logical Addresses 32
Routing and Network Layer Addresses 33
IP Addresses 34
IP Address Classes 34
Private and Public IP Addresses 35
Subnets 36
13
ix
Switching Types 38
Layer 2 Switching 38
Layer 3 Switching 41
Spanning Tree Protocol 42
Redundancy in Layer 2 Switched Networks
STP Terminology and Operation 43
STP Terminology 43
STP States 45
Rapid STP 47
Virtual LANs 47
VLAN Membership 48
Trunks 49
STP and VLANs 49
Inter-VLAN Routing 51
Comprehensive Example 52
Summary 55
Chapter 2
42
Applying a Methodology to Network Design
57
The Cisco Service Oriented Network Architecture 57
Business Drivers for a New Network Architecture 57
Intelligence in the Network 58
Cisco SONA Framework 60
Network Design Methodology 64
Design as an Integral Part of the PPDIOO Methodology 64
Benefits of the Lifecycle Approach to Network Design 66
Design Methodology 67
Identifying Customer Requirements 69
Assessing the Scope of a Network Design Project 69
Identifying Required Information 70
Extracting Initial Requirements 70
Gathering Network Requirements 71
Planned Applications and Network Services 73
Organizational Goals 75
Organizational Constraints 78
Technical Goals 80
Technical Constraints 81
Characterizing the Existing Network and Sites 83
Customer Input 83
Sample Site Contact Information 84
Sample High-Level Network Diagram 86
Auditing or Assessing the Existing Network 87
Tools for Assessing the Network 89
Manual Information Collection Examples 90
Automatic Information Collection Examples 94
x
Analyzing Network Traffic and Applications 95
Tools for Analyzing Traffic 96
NBAR 97
NetFlow 98
Other Network Analysis Tools Examples 101
Network Health Checklist 102
Summary Report 103
Creating a Draft Design Document 104
Time Estimates for Performing Network Characterization 105
Using the Top-Down Approach to Network Design 107
The Top-Down Approach to Network Design 107
Top-Down Approach Compared to Bottom-Up Approach 108
Top-Down Design Example 108
Decision Tables in Network Design 110
Structured Design 112
Network Design Tools 114
Building a Prototype or Pilot Network 115
Documenting the Design 116
The Design Implementation Process 117
Planning a Design Implementation 117
Implementing and Verifying the Design 119
Monitoring and Redesigning the Network 119
Summary 120
References 120
Case Study: ACMC Hospital Network Upgrade 121
Case Study Scenario 121
Organizational Facts 121
Current Situation 122
Plans and Requirements 124
Case Study Questions 124
Review Questions 125
Chapter 3
Structuring and Modularizing the Network
129
Network Hierarchy 129
Hierarchical Network Model 129
Hierarchical Network Design Layers 129
Access Layer Functionality 131
The Role of the Access Layer 131
Layer 2 and Multilayer Switching in the Access Layer
Access Layer Example 133
Distribution Layer Functionality 134
The Role of the Distribution Layer 134
Distribution Layer Example 136
132
xi
Core Layer Functionality 136
The Role of the Core Layer 137
Switching in the Core Layer 137
Hierarchical Routing in the WAN 139
Using a Modular Approach to Network Design 140
Evolution of Enterprise Networks 140
Cisco SONA Framework 141
Functional Areas of the Cisco Enterprise Architecture 141
Guidelines for Creating an Enterprise Network 145
Enterprise Campus Modules 146
Campus Infrastructure Module 148
Building Access Layer 148
Building Distribution Layer 148
Campus Core Layer 149
Server Farm Module 149
Enterprise Campus Guidelines 150
Enterprise Edge Modules 150
E-commerce Module 152
Internet Connectivity Module 152
Remote Access and VPN Module 153
WAN and MAN and Site-to-Site VPN Module 154
Enterprise Edge Guidelines 154
Service Provider Modules 155
Internet Service Provider Module 156
PSTN Module 156
Frame Relay/ATM Module 156
Remote Enterprise Modules 157
Enterprise Branch Module 157
Enterprise Data Center Module 158
Enterprise Teleworker Module 158
Services Within Modular Networks 159
Interactive Services 159
Security Services in a Modular Network Design 162
Internal Security 162
External Threats 166
High-Availability Services in a Modular Network Design 169
Designing High Availability into a Network 169
High Availability in the Server Farm 170
Designing Route Redundancy 173
Designing Link Redundancy 175
Voice Services in a Modular Network Design 177
Two Voice Implementations 177
IP Telephony Components 178
Modular Approach in Voice Network Design 179
Evaluating the Existing Data Infrastructure for Voice Design
181
xii
Wireless Services in a Modular Network 181
Centralized WLAN Components 182
Application Networking Services in a Modular Network Design
ANS Examples 184
ANS Components 184
Network Management Protocols and Features 186
Network Management Architecture 186
Protocols and Standards 187
SNMP 188
SNMPv1 189
SNMPv2 190
SNMPv3 191
MIB 192
MIB-II 194
Cisco MIB 195
MIB Polling Guidelines 195
MIB Example 196
RMON 197
RMON1 198
RMON1 Groups 198
RMON1 and RMON2 199
RMON2 Groups 200
Netflow 202
NetFlow Versus RMON Information Gathering 204
CDP 205
CDP Information 206
How CDP Works 206
Syslog Accounting 207
Syslog Distributed Architecture 210
Summary 211
References 212
Case Study: ACMC Hospital Modularity 212
Review Questions 215
Chapter 4
Designing Basic Campus and Data Center Networks
Campus Design Considerations 221
Designing an Enterprise Campus 221
Network Application Characteristics and Considerations 222
Peer-Peer Applications 222
Client–Local Server Applications 223
Client–Server Farm Applications 224
Client–Enterprise Edge Applications 226
Application Requirements 227
Environmental Characteristics and Considerations 228
Network Geography Considerations 228
Transmission Media Considerations 230
183
221
xiii
Infrastructure Device Characteristics and Considerations 235
Convergence Time 236
Multilayer Switching and Cisco Express Forwarding 237
IP Multicast 239
QoS Considerations in LAN Switches 241
Load Sharing in Layer 2 and Layer 3 Switches 244
Enterprise Campus Design 245
Enterprise Campus Requirements 246
Building Access Layer Design Considerations 246
Managing VLANs and STP 247
Managing Trunks Between Switches 251
Managing Default PAgP Settings 252
Implementing Routing in the Building Access Layer 252
Building Distribution Layer Design Considerations 253
Using First-Hop Redundancy Protocols 254
Deploying Layer 3 Routing Protocols Between Building Distribution and Campus Core
Switches 255
Supporting VLANs That Span Multiple Building Access Layer Switches 257
Campus Core Design Considerations 257
Large Campus Design 259
Small and Medium Campus Design Options 260
Edge Distribution at the Campus Core 261
Server Placement 263
Servers Directly Attached to Building Access or Building Distribution Layer Switches 264
Servers Directly Attached to the Campus Core 264
Servers in a Server Farm Module 264
Server Farm Design Guidelines 266
Server Connectivity Options 267
The Effect of Applications on Switch Performance 267
Enterprise Data Center Design Considerations 268
The Enterprise Data Center 268
The Cisco Enterprise Data Center Architecture Framework 269
Enterprise Data Center Infrastructure 272
Data Center Access Layer 274
Data Center Aggregation Layer 274
Data Center Core Layer 275
Density and Scalability of Servers 276
Summary 276
References 277
Case Study: ACMC Hospital Network Campus Design 277
Case Study Additional Information 278
Case Study Questions 279
Review Questions 289
xiv
Chapter 5
Designing Remote Connectivity
293
Enterprise Edge WAN Technologies 293
Introduction to WANs 293
WAN Interconnections 294
Traditional WAN Technologies 295
Packet-Switched Network Topologies 296
WAN Transport Technologies 298
TDM (Leased Lines) 299
ISDN 300
Frame Relay 300
Asynchronous Transfer Mode 301
MPLS 301
Metro Ethernet 304
DSL Technologies 304
Cable Technology 308
Wireless Technologies 309
Synchronous Optical Network and Synchronous Digital Hierarchy 311
Dense Wavelength Division Multiplexing 313
Dark Fiber 314
WAN Transport Technology Pricing and Contract Considerations 314
WAN Design 316
Application Requirements of WAN Design 317
Response Time 318
Throughput 318
Packet Loss 318
Reliability 318
Technical Requirements: Maximum Offered Traffic 319
Technical Requirements: Bandwidth 320
Evaluating the Cost-Effectiveness of WAN Ownership 321
Optimizing Bandwidth in a WAN 322
Data Compression 322
Bandwidth Combination 324
Window Size 324
Queuing to Improve Link Utilization 325
Congestion Avoidance 329
Traffic Shaping and Policing to Rate-Limit Traffic Classes 330
Using WAN Technologies 332
Remote Access Network Design 332
VPN Design 333
VPN Applications 333
VPN Connectivity Options 334
Benefits of VPNs 337
WAN Backup Strategies 338
Dial Backup Routing 338
Permanent Secondary WAN Link 338
Shadow PVC 340
xv
The Internet as a WAN Backup Technology 341
IP Routing Without Constraints 341
Layer 3 Tunneling with GRE and IPsec 341
Enterprise Edge WAN and MAN Architecture 343
Enterprise Edge WAN and MAN Considerations 344
Cisco Enterprise MAN and WAN Architecture Technologies 345
Selecting Enterprise Edge Components 348
Hardware Selection 348
Software Selection 348
Cisco IOS Software Packaging 348
Cisco IOS Packaging Technology Segmentation 351
Comparing the Functions of Cisco Router Platforms and Software Families 351
Comparing the Functions of Multilayer Switch Platforms and Software Families 352
Enterprise Branch and Teleworker Design 352
Enterprise Branch Architecture 353
Enterprise Branch Design 355
Small Branch Office Design 356
Medium Branch Office Design 359
Large Branch Office Design 360
Enterprise Teleworker (Branch of One) Design 362
Summary 364
References 365
Case Study: ACMC Hospital Network WAN Design 366
Case Study Additional Information 366
Business Factors 367
Technical Factors 367
Case Study Questions 368
Review Questions 372
Chapter 6
Designing IP Addressing in the Network
377
Designing an IP Addressing Plan 377
Private and Public IPv4 Addresses 377
Private Versus Public Address Selection Criteria 378
Interconnecting Private and Public Addresses 379
Guidelines for the Use of Private and Public Addresses in an Enterprise Network
Determining the Size of the Network 381
Determining the Network Topology 382
Size of Individual Locations 383
Planning the IP Addressing Hierarchy 384
Hierarchical Addressing 384
Route Summarization 384
IP Addressing Hierarchy Criteria 386
Benefits of Hierarchical Addressing 386
Summarization Groups 387
Impact of Poorly Designed IP Addressing 388
380
xvi
Benefits of Route Aggregation 389
Fixed- and Variable-Length Subnet Masks 390
Routing Protocol Considerations 391
Classful Routing Protocols 391
Classless Routing Protocols 393
Hierarchical IP Addressing and Summarization Plan Example 394
Methods of Assigning IP Addresses 395
Static Versus Dynamic IP Address Assignment Methods 396
When to Use Static or Dynamic Address Assignment 396
Guidelines for Assigning IP Addresses in the Enterprise Network 397
Using DHCP to Assign IP Addresses 398
Name Resolution 400
Static Versus Dynamic Name Resolution 400
When to Use Static or Dynamic Name Resolution 401
Using DNS for Name Resolution 401
DHCP and DNS Server Location in a Network 403
Introduction to IPv6 404
IPv6 Features 405
IPv6 Address Format 406
IPv6 Address Types 408
IPv6 Address Scope Types 408
Interface Identifiers in IPv6 Addresses 409
IPv6 Unicast Addresses 410
Global Aggregatable Unicast Addresses 411
Link-Local Unicast Addresses 411
IPv6 Address Assignment Strategies 412
Static IPv6 Address Assignment 412
Dynamic IPv6 Address Assignment 413
IPv6 Name Resolution 414
Static and Dynamic IPv6 Name Resolution 414
IPv4- and IPv6-Aware Applications and Name Resolution 414
IPv4-to-IPv6 Transition Strategies and Deployments 415
Differences Between IPv4 and IPv6 415
IPv4-to-IPv6 Transition 416
Dual-Stack Transition Mechanism 416
Tunneling Transition Mechanism 417
Translation Transition Mechanism 418
IPv6 Routing Protocols 419
RIPng 420
EIGRP for IPv6 420
OSPFv3 421
Integrated IS-IS Version 6 421
BGP4+ 422
xvii
Summary 422
References 423
Case Study: ACMC Hospital IP Addressing Design
Review Questions 426
Chapter 7
423
Selecting Routing Protocols for the Network
429
Routing Protocol Features 429
Static Versus Dynamic Routing 430
Static Routing 430
Dynamic Routing 431
Interior Versus Exterior Routing Protocols 432
IGP and EGP Example 432
Distance Vector Versus Link-State Versus Hybrid Protocols
Distance Vector Example 435
Link-State Example 436
Routing Protocol Metrics 438
What Is a Routing Metric? 438
Metrics Used by Routing Protocols 439
Routing Protocol Convergence 441
RIPv2 Convergence Example 442
Comparison of Routing Protocol Convergence 443
Flat Versus Hierarchical Routing Protocols 444
Flat Routing Protocols 444
Hierarchical Routing Protocols 445
Routing Protocols for the Enterprise 446
EIGRP 446
EIGRP Terminology 447
EIGRP Characteristics 449
OSPF 449
OSPF Hierarchical Design 450
OSPF Characteristics 451
Integrated IS-IS 453
Integrated IS-IS Terminology 453
Integrated IS-IS Characteristics 455
Summary of Interior Routing Protocol Features 455
Selecting an Appropriate Interior Routing Protocol 456
When to Choose EIGRP 457
When to Choose OSPF 457
Border Gateway Protocol 457
BGP Implementation Example 459
External and Internal BGP 460
Routing Protocol Deployment 461
Routing Protocols in the Enterprise Architecture 461
Routing in the Campus Core 461
Routing in the Building Distribution Layer 463
433
xviii
Routing in the Building Access Layer 463
Routing in the Enterprise Edge Modules 464
Route Redistribution 464
Using Route Redistribution 465
Administrative Distance 466
Selecting the Best Route 467
Route Redistribution Direction 467
Route Redistribution Planning 468
Route Redistribution in the Enterprise Architecture 468
Route Filtering 470
Redistributing and Filtering with BGP 470
Route Summarization 471
The Benefits of Route Summarization 471
Recommended Practice: Summarize at the Distribution Layer 471
Recommended Practice: Passive Interfaces for IGP at the Access Layer
Summary 474
References 474
Case Study: ACMC Hospital Routing Protocol Design 475
Review Questions 475
Chapter 8
Voice Network Design Considerations
479
Traditional Voice Architectures and Features 479
Analog and Digital Signaling 479
The Analog-to-Digital Process 480
Time-Division Multiplexing in PSTN 482
PBXs and the PSTN 483
Differences Between a PBX and a PSTN Switch 484
PBX Features 485
PSTN Switches 486
Local Loops, Trunks, and Interswitch Communications 487
Telephony Signaling 489
Telephony Signaling Types 490
Analog Telephony Signaling 491
Digital Telephony Signaling 491
PSTN Numbering Plans 495
International Numbering Plans 495
Call Routing 496
Numbering Plans 496
Integrating Voice Architectures 500
Introduction to Integrated Networks 500
Drivers for Integrating Voice and Data Networks 502
H.323 503
Introduction to H.323 503
H.323 Components 503
H.323 Example 507
473
xix
Introduction to IP Telephony 508
IP Telephony Design Goals 509
Single-Site IP Telephony Design 510
Multisite WAN with Centralized Call Processing Design 511
Multisite WAN with Distributed Call Processing Design 513
Call Control and Transport Protocols 514
Voice Conversation Protocols 515
Call Control Functions with H.323 516
Call Control Functions with the Skinny Client Control Protocol
Call Control Functions with SIP 518
Call Control Functions with MGCP 520
Voice Issues and Requirements 521
Voice Quality Issues 521
Packet Delays 521
Fixed Network Delays 522
Variable Network Delays 524
Jitter 526
Packet Loss 527
Echo 527
Voice Coding and Compression 529
Coding and Compression Algorithms 530
Voice Coding Standards (Codecs) 530
Sound Quality 531
Codec Complexity, DSPs, and Voice Calls 532
Bandwidth Considerations 533
Reducing the Amount of Voice Traffic 533
Voice Bandwidth Requirements 534
Codec Design Considerations 536
QoS for Voice 536
Bandwidth Provisioning 538
Signaling Techniques 538
Classification and Marking 538
Congestion Avoidance 539
Traffic Policing and Shaping 539
Congestion Management: Queuing and Scheduling 539
Link Efficiency 541
CAC 541
Building Access Layer QoS Mechanisms for Voice 544
AutoQoS 545
Introduction to Voice Traffic Engineering 545
Terminology 546
Blocking Probability and GoS 546
Erlang 547
CCS 547
Busy Hour and BHT 547
CDR 548
516
xx
Erlang Tables 548
Erlang B Table 549
Erlang Examples 549
Trunk Capacity Calculation Example 550
Off-Net Calls Cost Calculation Example 551
Calculating Trunk Capacity or Bandwidth 552
Cisco IP Communications Return on Investment Calculator
Summary 553
References 554
Case Study: ACMC Hospital Network Voice Design 555
Case Study Additional Information 556
Case Study Questions 556
Review Questions 557
Chapter 9
Wireless Network Design Considerations
565
Introduction to Wireless Technology 565
RF Theory 567
Phenomena Affecting RF 567
RF Math 568
Antennas 570
Agencies and Standards Groups 570
IEEE 802.11 Operational Standards 571
IEEE 802.11b/g Standards in the 2.4 GHz Band 572
802.11a Standard in the 5-GHz Band 575
802.11 WLANs Versus 802.3 Ethernet LANs 576
WLAN Topologies 577
WLAN Components 577
Cisco-Compatible WLAN Clients 577
Autonomous APs 578
Lightweight APs 578
AP Power 578
WLAN Operation 579
WLAN Security 580
The Cisco Unified Wireless Network 581
The Cisco UWN Architecture 581
Cisco UWN Elements 582
Cisco UWN Lightweight AP and WLC Operation 583
Cisco UWN Wireless Authentication and Encryption 585
LWAPP Fundamentals 588
Layer 2 LWAPP Architecture 588
Layer 3 LWAPP Architecture 589
WLAN Controllers 590
WLC Terminology 590
WLC Interfaces 590
WLC Platforms 592
Access Point Support Scalability 594
553
xxi
Lightweight APs 597
Lightweight AP Discovery and Join Process 598
Lightweight AP and WLC Control Messages 600
Access Point Modes 601
Mobility in a Cisco Unified Wireless Network 602
Intracontroller Roaming 603
Intercontroller Roaming at Layer 2 604
Intercontroller Roaming at Layer 3 606
Mobility Groups 607
Recommended Practices for Supporting Roaming 609
Radio Resource Management and RF Groups 610
Radio Resource Management 610
RF Grouping 612
AP Self-Healing 613
Cisco UWN Review 613
Designing Wireless Networks with Lightweight Access Points and Wireless LAN Controllers
RF Site Survey 615
RF Site Survey Process 616
Define the Customer Requirements 616
Identify Coverage Areas and User Density 617
Determine Preliminary AP Locations 618
Perform the Actual Survey 619
Document the Findings 621
Controller Redundancy Design 621
Dynamic Controller Redundancy 622
Deterministic Controller Redundancy 624
Deterministic Redundancy Options 625
Design Considerations for Guest Services in Wireless Networks 628
Design Considerations for Outdoor Wireless Networks 631
Wireless Mesh Components 632
MAP-to-RAP Connectivity 633
Mesh Design Recommendations 634
Design Considerations for Campus Wireless Networks 635
Common Wireless Design Questions 635
Controller Placement Design 636
Campus Controller Options 637
Design Considerations for Branch Office Wireless Networks 638
Branch Office Considerations 638
Local MAC 638
REAP 639
Hybrid REAP 640
Branch Office WLAN Controller Options 642
Summary 642
References 643
615
xxii
Case Study: ACMC Hospital UWN Considerations
Review Questions 646
Chapter 10
644
Evaluating Security Solutions for the Network
651
Network Security 651
The Need for Network Security 651
Network Security Requirements 652
Security Legislation Examples 652
Terminology Related to Security 653
Threats and Risks 654
Threat: Reconnaissance Attacks 655
Threat: Gaining Unauthorized Access to Systems 657
Threat: DoS 657
Risk: Integrity Violations and Confidentiality Breaches 659
Network Security Policy and Process 660
Security Policy 662
The Need for a Security Policy 662
Risk Assessment and Management 663
Documenting the Security Policy 666
Network Security Process 667
The Cisco Self-Defending Network 669
The Cisco Self-Defending Network Framework 669
Secure Network Platform 670
Cisco Self-Defending Network Phases 670
Trust and Identity Management 672
Trust 672
Identity 674
Access Control 677
Trust and Identity Management Technologies 677
Identity and Access Control Deployment 681
Threat Defense 682
Physical Security 683
Infrastructure Protection 686
Threat Detection and Mitigation 688
Secure Connectivity 691
Encryption Fundamentals 692
VPN Protocols 693
Transmission Confidentiality: Ensuring Privacy 693
Maintaining Data Integrity 695
Security Management 697
Cisco Security Management Technologies 698
Network Security Solutions 699
Integrated Security Within Network Devices 699
Cisco IOS Router Security 700
Security Appliances 702
xxiii
IPSs 702
Catalyst Services Modules 703
Endpoint Security Solutions 705
Securing the Enterprise Network 706
Deploying Security in the Enterprise Campus 706
Deploying Security in the Enterprise Data Center 707
Deploying Security in the Enterprise Edge 709
Summary 711
References 712
Case Study 10-1: ACMC Hospital Network Security Design 713
Case Study Questions 714
Case Study 10-2: ACMC Hospital Network—Connecting More Hospitals
Case Study Questions 715
Review Questions 719
Appendix A
Answers to Review Questions and Case Studies
Appendix B
IPv4 Supplement
Appendix C
Open System Interconnection (OSI) Reference Model
Appendix D
Network Address Translation
Acronyms and Abbreviations
Index
888
715
725
807
871
859
845
xxiv
Icons Used in This Book
Access Point
Cisco Unified
Communications
Manager
H.323
Device
PBX
Router
Catalyst
Switch
DSU/CSU
DSU/CSU
Cisco IP Phone
Bridge
Hub
Multilayer
Switch
ATM
Switch
ISDN/Frame
Relay
Switch
Content Switch
Gateway
Access
Server
Phone
Netflow
Router
V
Voice-Enabled
Router
Router with
Firewall
Communication
Server
LWAPP
VPN
Concentrator
Network
Management
Appliance
DSLAM
Wide Area
Application
Engine
WiSM
Optical
Services Router
Lightweight
Double Radio
Access Point
WLAN
Controller
PC with
Software
Terminal
File
Server
Web
Server
Cisco Works
Workstation
Modem
Printer
Laptop
Cisco Security
MARS
NAC
Appliance
PIX Security
Appliance
Network Cloud
PC
Token
Ring
NAS
Cisco MDS
9000 SSM
Optical
Transport
NAS
InfiniBand
WAFS
IDS
Token Ring
FDDI
Line: Ethernet
FDDI
Line: Serial
Line: Switched Serial
Wireless Connection