Copyright
Authorized Self-Study Guide: Designing Cisco Network Service Architectures (ARCH),
Second Edition
Keith Hutton
Mark Schofield
Diane Teare
Copyright © 2009 Cisco Systems, Inc.
Published by:
Cisco Press
800 East 96th Street
Indianapolis, IN 46240 USA
All rights reserved. No part of this book may be reproduced or transmitted in any form or
by any means, electronic or mechanical, including photocopying, recording, or by any
information storage and retrieval system, without written permission from the publisher,
except for the inclusion of brief quotations in a review.
Printed in the United States of America
First Printing December 2009
Library of Congress Cataloging-in-Publication Data:
Hutton, Keith.
Authorized selfstudy guide : designing Cisco network service architectures (ARCH) / Keith Hutton, Mar
k Schofield, Diane Teare. -- 2nd ed.
p. cm.
ISBN 978-1-58705-574-4 (hardcover)
1. Computer network architectures--Examinations-Study guides. 2. Computer networks--Design--Examinations-Study guides. 3. Internetworking (Telecommunication)--Examinations-Study guides. I. Schofield,, Mark. II. Teare, Diane. III. Title. IV. Title: Designing Cisco n
etwork service architectures (ARCH).
TK5105.52.H98 2008
004.6'5--dc22
2008049128
ISBN-13: 978-1-58705-574-4

Warning and Disclaimer


This book is designed to provide information about designing Cisco network service
architectures. Every effort has been made to make this book as complete and as accurate
as possible, but no warranty or fitness is implied.
The information is provided on an "as is" basis. The authors, Cisco Press, and Cisco
Systems, Inc. shall have neither liability nor responsibility to any person or entity with
respect to any loss or damages arising from the information contained in this book or
from the use of the discs or programs that may accompany it.
The opinions expressed in this book belong to the author and are not necessarily those of
Cisco Systems, Inc.
The Cisco Press self-study book series is as described, intended
for self-study. It has not been designed for use in a classroom
environment. Only Cisco Learning Partners displaying the
following logos are authorized providers of Cisco curriculum. If
you are using this book within the classroom of a training
company that does not carry one of these logos, then you are not
preparing with a Cisco trained and authorized provider. For
information
on
Cisco
Learning
Partners
please
visit:www.cisco.com/go/authorizedtraining. To provide Cisco
with any information about what you may believe is
unauthorized use of Cisco trademarks or copyrighted training
material,
please

visit:
/>
Trademark Acknowledgments
All terms mentioned in this book that are known to be trademarks or service marks have
been appropriately capitalized. Cisco Press or Cisco Systems, Inc., cannot attest to the
accuracy of this information. Use of a term in this book should not be regarded as
affecting the validity of any trademark or service mark.

Corporate and Government Sales
The publisher offers excellent discounts on this book when ordered in quantity for bulk
purchases or special sales, which may include electronic versions and/or custom covers
and content particular to your business, training goals, marketing focus, and branding
interests. For more information, please contact:
U.S. Corporate and Government Sales
1-800-382-3419



For sales outside the United States please contact:

International Sales


Feedback Information
At Cisco Press, our goal is to create in-depth technical books of the highest quality and
value. Each book is crafted with care and precision, undergoing rigorous development
that involves the unique expertise of members from the professional technical
community.
Readers' feedback is a natural continuation of this process. If you have any comments
regarding how we could improve the quality of this book, or otherwise alter it to better

suit your needs, you can contact us through email at Please
make sure to include the book title and ISBN in your message.
We greatly appreciate your assistance.
Publisher: Paul Boger
Associate Publisher: Dave Dusthimer
Executive Editor: Brett Bartow
Managing Editor: Patrick Kanouse
Project Editor: Seth Kerney
Editorial Assistant: Vanessa Evans
Book Designer: Louisa Adair
Cisco Press Program Manager: Jeff Brady
Technical Editors: Nathaly Landry, Richard Piquard
Development Editor: Ginny Bess Munroe
Copy Editor: Keith Cline
Proofreader: Paula Lowell
Indexer: Tim Wright


Composition: Mark Shirar

Americas Headquarters
Cisco Systems, Inc.
170 West Tasman Drive
San Jose, CA 95134-1706
USA
www.cisco.com
Tel:
408 526-4000
800 553-NETS (6387)
Fax: 408 527-0883

Asia Pacific Headquarters
Cisco Systems, Inc.
168 Robinson Road
#28-01 Capital Tower
Singapore 068912
www.cisco.com
Tel:
+65 6317 7777
Fax: +65 6317 7799
Europe Headquarters
Cisco Systems International BV
Haarlerbergpark
Haarlerbergweg 13-19
1101 CH Amsterdam
The Netherlands
www-europe.cisco.com
Tel: +31 0 800 020 0791
Fax: +31 0 20 357 1100
Cisco has more than 200 offices worldwide. Addresses, phone numbers, and fax numbers
are listed on the Cisco Website at www.cisco.com/go/offices.
©2007 Cisco Systems, Inc. All rights reserved. CCVP, the Cisco logo, and the Cisco
Square Bridge logo are trademarks of Cisco Systems, Inc.; Changing the Way We Work,
Live, Play, and Learn is a service mark of Cisco Systems, Inc.; and Access Registrar,
Aironet, BPX, Catalyst, CCDA, CCDP, CCIE, CCIP, CCNA, CCNP, CCSP, Cisco, the
Cisco Certified Internetwork Expert logo, Cisco IOS, Cisco Press, Cisco Systems, Cisco
Systems Capital, the Cisco Systems logo, Cisco Unity, Enterprise/Solver, EtherChannel,


EtherFast, EtherSwitch, Fast Step, Follow Me Browsing, FormShare, GigaDrive,
GigaStack, HomeLink, Internet Quotient, IOS, IP/TV, iQ Expertise, the iQ logo, iQ Net

Readiness Scorecard, iQuick Study, LightStream, Linksys, MeetingPlace, MGX,
Networking Academy, Network Registrar, Packet, PIX, ProConnect, RateMUX,
ScriptShare, SlideCast, SMARTnet, StackWise, The Fastest Way to Increase Your
Internet Quotient, and TransPath are registered trademarks of Cisco Systems, Inc. and/or
its affiliates in the United States and certain other countries.
All other trademarks mentioned in this document or Website are the property of their
respective owners. The use of the word partner does not imply a partnership relationship
between Cisco and any other company. (0609R)

Dedications
From Keith:
This book is dedicated to my parents, for teaching me how to dream.
From Mark:
This book is dedicated to Roslyn. Thank you for all your love and support in this and all
my endeavors.
From Diane:
This book is dedicated to my remarkable husband, Allan Mertin, who continues to inspire
me; to our charming son, Nicholas, and his amazing desire to learn everything about the
world; to my parents, Syd and Beryl, for their continuous love and support; and to my
friends, whose wisdom keeps me going.

About the Authors
Keith Hutton is an information technology professional with close to 20 years of
experience in the industry. Over the course of his career, Keith has worked as a
professional services engineer, presales engineer, third-line operational support engineer,
engineering team lead, instructor, and author. Keith currently works as a professional
services engineer for Bell Canada, responsible for the design and configuration of
network security infrastructures. Keith has a B.A. honors degree from Queen's
University, and is a certified Cisco instructor, Cisco Certified Network Professional
(CCNP), Cisco Certified Design Professional (CCDP), and Cisco Certified

Internetworking Professional (CCIP).
Mark Schofield has been a network architect at Bell Canada for the past six years.
Working for the largest service provider in Canada, he has designed Multiprotocol Layer
Switching (MPLS) virtual private networks (VPNs) with IP quality of service (QoS) for
large enterprise customers. During the past five years at Bell, he has been involved in the


design, implementation, and planning of large national networks for Bell Canada's federal
government customers. As part of a cross-company team, he developed Bell Canada's
premier MPLS VPN product. Mark has a MLIS from the University of Western Ontario
and a B.A. and M.A. degrees from the University of Guelph. Industry certifications
include the Cisco Certified Systems Instructor (CCIP), Cisco Certified Network
Professional (CCNP), Citrix Certified Enterprise Administrator (CCEA), and Microsoft
Certified Systems Engineer (MCSE).
Diane Teare is a professional in the networking, training, project management, and elearning fields. She has more than 20 years of experience in designing, implementing,
and troubleshooting network hardware and software, and has been involved in teaching,
course design, and project management. She has extensive knowledge of network design
and routing technologies, and is an instructor with one of the largest authorized Cisco
Learning Partners. She was recently the director of e-learning for the same company,
where she was responsible for planning and supporting all the company's e-learning
offerings in Canada, including Cisco courses. Diane has a bachelor's degree in applied
science in electrical engineering and a master's degree in applied science in management
science. She is a certified Cisco instructor and currently holds her Cisco Certified
Network Professional (CCNP), Cisco Certified Design Professional (CCDP), and Project
Management Professional (PMP) certifications. She coauthored the Cisco Press titles
Campus Network Design Fundamentals, the three editions of Authorized Self-Study
Guide Building Scalable Cisco Internetworks (BSCI), and Building Scalable Cisco
Networks; and edited the two editions of the Authorized Self-Study Guide Designing for
Cisco Internetwork Solutions (DESGN) and Designing Cisco Networks.


About the Technical Reviewers
Nathaly Landry attended the Royal Military College in Kingston, Ontario, Canada, where
she graduated in 1989 with a bachelor's degree in electrical engineering. She then worked
for two years in the satellite communication section before going to Ottawa University
for a master's degree in electrical engineering. Upon graduation, she went back to the
Department of National Defense and worked as a project manager for the implementation
of the Defense Wide-Area Network, and then became the in-service support manager for
the network. From 1996 to 2000, she worked as a networking consultant and instructor
for Learning Tree. In May 2000, she joined Cisco, where she supported a number of
federal accounts, and more recently has focused on Bell Canada as a channel systems
engineer.
Richard Piquard is a senior network architect for Global Knowledge Network, Inc., one
of the world's largest Cisco Learning Partners. Richard has more than eight years'
experience as a certified Cisco instructor, teaching introductory and advanced routing,
switching, design, and voice-related courses throughout North America and Europe.
Richard has amassed a highly diverse skill set in design and implementation, of both
Cisco and multivendor environments, throughout his nearly 15 years in the
internetworking industry. His experience ranges from his military background as the
network chief of the Marine Corps Systems Command, Quantico, Virginia, to a field


engineer for the Xylan Corporation (Alcatel), Calabasas, California, to a member of a
four-person, worldwide network planning and implementation team for the Household
Finance Corporation in Chicago, Illinois. In addition, he has served as a technical
reviewer for the Cisco Press title Authorized Self-Study Guide Designing for Cisco
Internetwork Solutions (DESGN), Second Edition.

Acknowledgments
We would like to thank many people for helping us put this book together:
The Cisco Press team: Brett Bartow, the executive editor, for coordinating the whole

team and driving this book through the process, and for his unwavering support over the
years. Vanessa Evans, for being instrumental in organizing the logistics and
administration.
Ginny Bess Munroe, the development editor, has been invaluable in producing a highquality manuscript. We would also like to thank Seth Kerney, the project editor, and
Keith Cline, the copy editor, for their excellent work in steering this book through the
editorial process.
The Cisco ARCH course development team: Many thanks to the members of the team
who developed the latest version of the ARCH course. The team included Glenn Tapley,
Dennis Masters, and Dwayne Fields from Cisco Systems; along with Dr. Peter Welcher
and Carole Warner-Reece of Chesapeake Netcraftsmen.
The technical reviewers: We want to thank the technical reviewers of this book—Nathaly
Landry and Richard Piquard—for their thorough, detailed review and valuable input.
Our families: Of course, this book would not have been possible without the constant
understanding and patience of our families. They have always been there to motivate and
inspire us. We thank you all.

Command Syntax Conventions
The conventions used to present command syntax in this book are the same conventions
used in the IOS Command Reference. The Command Reference describes these
conventions as follows:
•

•
•
•

Boldface indicates commands and keywords that are entered literally as shown. In
actual configuration examples and output (not general command syntax), boldface
indicates commands that are manually input by the user (such as a show
command).

Italic indicates arguments for which you supply actual values.
Vertical bars (|) separate alternative, mutually exclusive elements.
Square brackets ([ ]) indicate an optional element.


•
•

Braces ({ }) indicate a required choice.
Braces within brackets ([{ }]) indicate a required choice within an optional
element.

Foreword
Cisco Certification Self-Study Guides are excellent self-study resources for networking
professionals to maintain and increase internetworking skills and to prepare for Cisco
Career Certification exams. Cisco Career Certifications are recognized worldwide and
provide valuable, measurable rewards to networking professionals and their employers.
Cisco Press exam certification guides and preparation materials offer exceptional—and
flexible—access to the knowledge and information required to stay current in one's field
of expertise or to gain new skills. Whether used to increase internetworking skills or as a
supplement to a formal certification preparation course, these materials offer networking
professionals the information and knowledge required to perform on-the-job tasks
proficiently.
Developed in conjunction with the Cisco certifications and training team, Cisco Press
books are the only self-study books authorized by Cisco, and they offer students a series
of exam practice tools and resource materials to help ensure that learners fully grasp the
concepts and information presented.
Additional authorized Cisco instructor-led courses, e-learning, labs, and simulations are
available exclusively from Cisco Learning Solutions Partners worldwide. To learn more,
visit />I hope you will find this guide to be an essential part of your exam preparation and

professional development, as well as a valuable addition to your personal library.
Drew Rosen
Manager, Learning & Development
Learning@Cisco
September 2008

Introduction
Designing Cisco Network Service Architectures (ARCH), Second Edition, covers how to
perform the conceptual, intermediate, and detailed design of a network infrastructure.
This design supports network solutions over intelligent network services to achieve
effective performance, scalability, and availability of the network. This book enables
readers, applying solid Cisco network solution models and best design practices, to
provide viable and stable enterprise internetworking solutions. In addition, the book has
been written to help candidates prepare for the Designing Cisco Network Service
Architectures Exam (642-873 ARCH). This exam is one of the requirements for the


CCDP certification. This exam tests a candidate's knowledge of the latest development in
network design and technologies, including network infrastructure, intelligent network
services, and converged network solutions.
Since the first edition was published in 2004, the ARCH course has changed to reflect the
new exam requirements. This led to the immediate need for an update to this examination
preparation text. Readers of the previous edition of Designing Cisco Network
Architectures (ARCH) can use this text to update their knowledge and skill sets.

Goals of This Book
Upon completing this book, you will be able to meet these objectives:
•

•

•

•

•
•

Introduce the Cisco Service-Oriented Network Architecture (SONA) framework,
and explain how it addresses enterprise network needs for performance,
scalability, and availability
Describe how the Cisco Enterprise Architectures are used in the SONA
framework for designing enterprise networks
Create intermediate and detailed enterprise campus network, enterprise edge, and
remote infrastructure designs that offer effective functionality, performance,
scalability, and availability
Create conceptual, intermediate, and detailed intelligent network service designs
for network management, high availability, security, quality of service (QoS), and
IP multicast
Create conceptual, intermediate, and detailed virtual private network (VPN)
designs
Create conceptual, intermediate, and detailed voice over wireless network designs

Prerequisite Knowledge
Although enthusiastic readers will tackle less-familiar topics with some energy, a sound
grounding in networking is advised. To gain the most from this book, you should be
familiar with internetworking technologies, Cisco products, and Cisco IOS Software
features. You will find knowledge about the following topics helpful for your successful
understanding of the material presented in this book:
•


•

•
•

How to design the necessary services to extend IP addresses using variable-length
subnet masking (VLSM), Network Address Translation (NAT), and route
summarization
How to implement appropriate networking routing protocols, such as Open
Shortest Path First (OSPF), Enhanced Interior Gateway Routing Protocol
(EIGRP), and Border Gateway Protocol (BGP) on an existing internetwork
How to redistribute routes between different routing protocols
The required Cisco products and services that enable connectivity and traffic
transport for a multilayer campus network


•
•
•

•
•
•
•
•
•

The necessary services at each layer of the network to enable all users to obtain
membership in multicast groups in a working enterprise network
How to control network traffic by implementing the necessary admission policy at

each layer of the network topology
How to identify the appropriate hardware and software solutions for a given set of
WAN technology requirements, including access between a central campus,
branch offices, and telecommuters
The Cisco equipment to establish appropriate WAN connections
How to use protocols and technologies that enable traffic flow between multiple
sites while minimizing the amount of overhead traffic on each connection
QoS capabilities to ensure that mission-critical applications receive the required
bandwidth within a given WAN topology
How to implement Cisco voice solutions
How to implement Cisco wireless solutions
How to implement basic security steps and mitigation techniques

How This Book Is Organized
Of course, you can read the chapters in this book sequentially, but the organization also
allows you to focus your reading on specific topics of interest. For example, if you want
to focus on advanced routing design, you can skim Chapters 1 and 2 (which cover SONA
and the elements of the enterprise campus network design), and then focus on the
advanced IP addressing and routing topics in Chapter 3. Each chapter examines topics
around a specific set of design issues. Specifically, the chapters in this book cover the
following topics:
•

•

•

•

•


Chapter 1, "Cisco SONA and the Cisco Enterprise Architecture," introduces the
hierarchical model. It reviews Cisco SONA framework. This chapter also
introduces the Cisco Enterprise Campus Architecture and reviews the Cisco
PPDIOO network lifecycle approach.
Chapter 2, "Enterprise Campus Network Design," reviews high-availability
designs and how to implement optimal redundancy. An in-depth look at
recommended practices for Layer 2 and Layer 3 design elements follows. A
discussion of the Layer 2 to Layer 3 boundary designs and issues concludes with a
number of considerations for supporting infrastructure services.
Chapter 3, "Developing an Optimum Design for Layer 3," begins by reviewing
the importance of IP address planning, and then covers advanced routing
elements. Discussions focus on scalable EIGRP, OSPF, and BGP designs.
Chapter 4, "Advanced WAN Services Design Considerations," covers advanced
WAN service layers. This overview goes into more detail about the common
WAN optical technologies of SONET, SDH, DWDM, and Resilient Packet Ring.
A discussion about Metro Ethernet, VPLS, and MPLS VPN technologies follows
(and includes an examination of a number of design considerations). The
discussion then turns to implementing advanced WAN services.
Chapter 5, "Enterprise Data Center Design," focuses on the enterprise data center,
and covers the data center architecture model and design consideration in the data


•

•

•

•


•

•

•

center core, aggregation, and access layers. The discussion then turns to scaling,
with a look at how to scale a three-layer data center architecture.
Chapter 6, "SAN Design Considerations," covers storage-area networks, from
components and topologies to SAN technologies. SAN design factors center on
port density and topology, with some discussion about extending the SAN with
various protocols.
Chapter 7, "E-Commerce Module Design," begins with an e-commerce overview
and a look at the components of high availability in this module. The chapter
covers common e-commerce design components, designing an integrated ecommerce architecture, and how to fine-tune e-commerce designs.
Chapter 8, "Security Services Design," delves into designing firewall services in
various scenarios. The chapter also covers network admission control services,
with a review of Cisco NAC appliance fundamentals and NAS deployment
options and designs. The discussion then turns to intrusion detection and
prevention design.
Chapter 9, "IPsec and SSL VPN Design," examines remote-access VPN design.
Site-to-site VPN designs are covered, too. This chapter also covers IPsec VPN
technologies, including Cisco Easy VPN, GRE over IPsec, and DMVPN.
Recommendations for managing VPNs and considerations for scaling VPNs
conclude the chapter.
Chapter 10, "IP Multicast Design," covers IP multicast and multicast routing.
Topics covered in this chapter include Protocol Independent Multicast (PIM),
rendezvous points, and securing IP multicast.
Chapter 11, "VoWLAN Design," introduces the Cisco Unified Wireless Network

and examines requirements for voice over WLAN in the enterprise network. This
chapter also discusses VoWLAN coverage considerations and the site survey
process.
Chapter 12, "Network Management Capabilities with Cisco IOS Software,"
examines Cisco network management capabilities embedded in Cisco IOS
Software. This chapter also covers the syslog process, NetFlow, and NBAR, with
a focus on the Cisco technologies themselves and how they enable other
discovery tools, including Cisco AutoQoS. The chapter concludes with an
overview of IP SLAs measurements.

This book also contains an appendix and an acronym list:
•
•

Appendix A, "Answers to Review Questions," provides the answers to all the
chapter-ending review questions.
"Acronyms and Abbreviations," identifies abbreviations, acronyms, and
initialisms used in this book.

Note
The website references in this book were accurate at the time of this writing. However,
some might have changed since then. If a URL is unavailable, you can always search
using the title as keywords in your favorite search engine.


Chapter 1. Cisco SONA and the Cisco Enterprise
Architecture
After completing this chapter, you will be able to:
•


Explain the Cisco Service-Oriented Network Architecture (SONA) framework

•

Describe how the Cisco Enterprise Architecture is used to design enterprise
networks

•

Explain the Cisco six-phase network life cycle methodology: prepare, plan,
design, implement, operate, and optimize (PPDIOO)

Cisco Service-Oriented Network Architecture (SONA) is a framework that enables
businesses to build an intelligent enterprisewide network infrastructure. SONA
accomplishes this by separating the network architecture into three modules: network
infrastructure, infrastructure services, and business applications. This chapter introduces
SONA and the Cisco Enterprise Architecture. It also reviews network design
methodology under Cisco's six-phase network lifecycle: prepare, plan, design,
implement, operate, and optimize (PPDIOO).

Reviewing Cisco SONA and the Cisco Enterprise Architecture
The rich variety of application-level business solutions available today and the need to
integrate these applications has driven the establishment of a new network framework:
the Cisco Service-Orientated Network Architecture (SONA). This section begins with a
review of the Hierarchical Network Model and discusses how Cisco SONA enables
customers to build a more intelligent network infrastructure. It reviews how the Cisco
Enterprise Architectures are modules representing focused views of SONA that target
each place in the network. The chapter also reviews the role of infrastructure services in
an enterprise network design.


The Hierarchical Model
The foundation of the Cisco network architecture is the Hierarchical Network Model.
Historically used in the design of enterprise LAN and WAN data networks, a hierarchical
model also applies to the infrastructure modules of SONA and the Cisco Enterprise
Architecture. Figure 1-1 shows the layers in the hierarchical model.

Figure 1-1. Layers in the Hierarchical Model


The Hierarchical Network Model provides a modular view of a network, making it easier
to design and build a deterministic scalable infrastructure. The hierarchical network
structure is composed of the access, distribution, and core layers. Each layer has its own
functions, which are used to develop a hierarchical design.
The model provides a modular framework that enables flexibility in design and facilitates
ease of implementation and troubleshooting. The Hierarchical Network Model divides
networks into the access, distribution, and core layers, with these features:
•

•

•

Access layer: Used to grant user access to network devices. In a network campus,
the access layer generally incorporates switched LAN devices with ports that
provide connectivity to workstations, IP phones, servers, and wireless access
points. In the WAN environment, the access layer for teleworkers or remote sites
may provide entry to the corporate network across WAN technology.
Distribution layer: Aggregates the wiring closets, using switches to segment
workgroups and isolate network problems in a campus environment. Similarly,
the distribution layer aggregates WAN connections at the edge of the campus and

provides policy-based connectivity.
Core layer (also referred to as the backbone): A high-speed backbone, designed to
switch packets as fast as possible. Because the core is critical for connectivity, it
must provide a high level of availability and quickly adapt to changes. It also
provides scalability and fast convergence.

Example Hierarchical Network
Figure 1-2 shows a network mapped to the hierarchical model:
•

Access layer: Access layer devices control traffic by localizing service requests to
the access media. Access layer devices must also provide connectivity without
compromising network integrity. For example, the devices at the access layer
must detect whether a user workstation is legitimate, with minimal authentication
steps.


•

•

Distribution layer: Distribution layer devices control access to resources that are
available at the core layer and must, therefore, make efficient use of bandwidth. In
addition, a distribution layer device must address the quality of service (QoS)
needs for different protocols by implementing policy-based traffic control to
isolate backbone and local environments. Policy-based traffic control enables you
to prioritize traffic to ensure the best performance for the most time-critical and
time-dependent applications.
Core layer: Core layer devices provide services that optimize communication
transport within the network. In addition, core layer devices are expected to

provide maximum availability and reliability with minimum packet processing.
Core layer devices should be able to maintain connectivity when the circuits that
connect them fail. A fault-tolerant network design ensures that failures do not
have a major impact on network connectivity.

Figure 1-2. Example Hierarchical Network

Review of Cisco SONA
The intelligent networking framework defined by Cisco for the enterprise is SONA (see
Figure 1-3). Cisco SONA uses the extensive product line, services, proven architectures,
and experience of Cisco and its partners to help enterprises achieve their business goals.

Figure 1-3. Overview of Cisco SONA


The SONA framework illustrates the concept that the network is the common element
that connects and enables all components of the IT infrastructure. SONA outlines the
following three layers of intelligence in the enterprise network:
•

•

•

The network infrastructure layer: This layer is where all the IT resources are
interconnected across a converged network foundation. The IT resources include
servers, storage, and clients. The network infrastructure layer represents how
these resources exist in different places in the network, including the campus,
branch, data center, WAN, metropolitan-area network (MAN), and teleworker.
The objective for customers in this layer is to have anywhere and anytime

connectivity.
The interactive services layer: This layer enables efficient allocation of resources
to applications and business processes delivered through the networked
infrastructure.
The application layer: This includes business applications and collaboration
applications. The objective for customers in this layer is to meet business
requirements and achieve efficiencies by leveraging the interactive services layer.

The common thread that links the layers is that SONA embeds application-level
intelligence into the network infrastructure elements so that the network itself can
recognize and better support applications and services.
Benefits of Cisco SONA
SONA promotes more effective use of networked resources, and provides these benefits:


•
•

•
•
•
•

Functionality: Supports the organizational requirements.
Scalability: Supports growth and expansion of organizational tasks by separating
functions and products into layers. This separation makes it easier to grow the
network.
Availability: Provides necessary services reliably anywhere, anytime.
Performance: Provides desired responsiveness, throughput, and utilization on a
per-application basis through the network infrastructure and services.

Manageability: Provides control, performance monitoring, and fault detection.
Efficiency: Through step-by-step network services growth, SONA provides
network services and infrastructure with reasonable operational costs and
appropriate capital investment on a migration path to a more intelligent network.

Review of the Cisco Enterprise Architecture
This section provides a review of the Cisco Enterprise Architecture modules.
The Cisco Enterprise Architecture (see Figure 1-4) consists of the following modules,
representing focused views of SONA that target each place in the network:
•

•

•

Cisco Enterprise Campus Architecture: Combines a core infrastructure of
intelligent switching and routing with tightly integrated productivity-enhancing
technologies; these include Cisco Unified Communications, mobility, and
advanced security. The hierarchical architecture of the Cisco Enterprise Campus
provides for high availability through a resilient multilayer design, redundant
hardware and software features, and automatic procedures for reconfiguring
network paths when failures occur. The architecture extends authentication
support using standards such as 802.1x and Extensible Authentication Protocol
(EAP). It also provides the flexibility to add IP Security (IPsec) and Multiprotocol
Label Switching virtual private networks (MPLS VPN), identity and access
management, and VLANs to compartmentalize access. Multicast provides
optimized bandwidth consumption. QoS prevents oversubscription to ensure that
real-time traffic, such as voice and video, or critical data is not dropped or
delayed. Integrated security protects against and mitigates the impact of worms,
viruses, and other attacks on the network (even at the switch port level). These

additions help improve performance and security, while also decreasing costs.
Cisco Enterprise Edge Architecture: Offers connectivity to voice, video, and data
services outside the enterprise. This module enables the enterprise to use Internet
and partner resources, and provides resources for its customers. QoS, service
levels, and security are the main issues in the enterprise edge module.
Cisco Enterprise WAN and MAN Architecture: These are part of the Cisco
Enterprise Edge Architecture. This module offers the convergence of voice,
video, and data services over a single Cisco Unified Communications network. It
enables the enterprise to cost-effectively span large geographic areas. QoS,
granular service levels, and comprehensive encryption options help ensure the
secure delivery of high-quality voice, video, and data services. This enables
corporate staff to work efficiently wherever they are located. Security is provided


•

•

•

with multiservice VPNs (IPsec and MPLS) over Layer 2 and Layer 3 WANs, huband-spoke, or full-mesh topologies.
Cisco Enterprise Data Center Architecture: A cohesive, adaptive network
architecture that supports the requirements for consolidation, business
continuance, and security; while enabling service-oriented architectures,
virtualization, and on-demand computing. It provides departmental staff,
suppliers, or customers with secure access to applications and resources. The
architecture simplifies and streamlines management and significantly reduces
overhead. Redundant data centers provide backup services through synchronous
and asynchronous data and application replication. The network and devices offer
server and application load balancing to maximize performance. This solution

enables the enterprise to scale without major changes to the infrastructure. This
module can be located either at the campus as a server farm or at a remote facility.
Cisco Enterprise Branch Architecture: Allows enterprises to extend head-office
applications and services to remote locations and users. An optimized branch
network leverages the WAN and LAN to reduce traffic and to save bandwidth and
operational expenses. The infrastructure provides secure access to voice, missioncritical data, and video applications anywhere; with features such as advanced
network routing, VPNs, redundant WAN links, application content caching, and
local IP telephony call processing. Cisco captures these features in the Integrated
Services Router (ISR). The ISR enables enterprises to deploy new services when
they are ready, without purchasing new equipment. The enterprise supports the
remote configuration, monitoring, and the management of devices located at
remote sites. Cisco IOS supports tools that proactively resolve congestion and
bandwidth issues before they affect network performance, such as Cisco AutoQoS
and the Security Device Manager (SDM).
Cisco Enterprise Teleworker Architecture: Enables enterprises to securely deliver
voice and data services to small office/home office (SOHO) environments over a
standard broadband access service. This provides a business-resiliency solution
for the enterprise and a flexible work environment for employees. Centralized
management minimizes the IT support costs, and robust integrated security
mitigates the security challenges of this environment. Integrated security and
Identity Based Networking Services (IBNS) enable the enterprise to extend
campus security policies to the teleworker. Staff can securely log on to the
network over an "always-on" VPN, and gain access to authorized applications and
services from a single cost-effective platform. Their productivity can further be
enhanced by adding a Cisco IP phone, providing cost-effective access to a
centralized IP communications system with voice and unified messaging services.


Figure 1-4. Cisco Enterprise Architecture


Review of Cisco SONA Infrastructure Services
Infrastructure services add intelligence to the network by supporting application
awareness. Important applications such as IP telephony require support from network
services that meet enterprisewide requirements. The network must provide a common set
of capabilities to ensure functionality for the most persistent application requirements,
such as the following:
•
•
•
•
•

•

Security services: Increase the integrity of the network by protecting network
resources and users from internal and external threats.
Identity services: Map resources and policies to the user and device.
Storage services: Provide distributed and virtual storage across the infrastructure.
Compute services: Connect and virtualize compute resources based on the
application.
Mobility services: Allow users to access network resources regardless of their
physical location. Wireless services support mobile clients and integrate with the
wired network.
Voice services: Deliver the foundation by which voice can be carried across the
network, such as security and high availability.


An infrastructure service may use multiple network services. For example, if the
enterprise plans to implement voice services, network needs features such as QoS and
security.

Network services embedded in the infrastructure services include the following:
•

•

•

•

Network management: Includes LAN management for advanced management of
multilayer switches; routed WAN management for monitoring, traffic
management, and access control to administer the routed infrastructure of
multiservice networks; service management for managing and monitoring service
level agreements (SLA); and VPN and security management for optimizing VPN
performance and security administration.
High availability: Ensures end-to-end availability for services, clients, and
sessions. Implementation includes reliable, fault-tolerant network devices (to
automatically identify and overcome failures) and resilient-network technologies.
QoS: Manages the delay, delay variation (jitter), bandwidth availability, and
packet-loss parameters on a network to meet the diverse needs of voice, video,
and data applications. QoS features provide value-added functionality such as
Network-Based Application Recognition (NBAR) for classifying traffic by
application type, a Cisco IOS IP Service Level Agreements (SLAs) for end-to-end
QoS measurements, Resource Reservation Protocol (RSVP) signaling for
admission control and reservation of resources, and a variety of configurable
queue insertion and servicing disciplines.
IP multicasting: Multicasting enables distribution of videoconferencing, corporate
communications, distance learning, distribution of software, and other
applications. Multicast packets are replicated only as necessary in the network by
Cisco routers enabled with Protocol Independent Multicast (PIM) and other

supporting multicast protocols, resulting in the most efficient delivery of data to
multiple receivers.

Review of the Cisco SONA Application Layer
This layer includes collaborative applications that support the enterprise. Cisco has
solutions to support several applications:
•

•

Unified messaging: Unified communications applications provide structure and
intelligence that can help organizations integrate their communications with
business processes. It also ensures that information reaches recipients quickly
through the most appropriate medium.
Cisco Unified Contact Center: The Cisco Unified Contact Center provides
intelligent contact routing, call treatment, network-to-desktop computer telephony
integration (CTI), and multichannel contact management over an IP
infrastructure. This application enables organizations to smoothly integrate
inbound and outbound voice applications with Internet applications such as realtime chat, web collaboration, and email.


•

•

•

Cisco IP phone: IP telephony transmits voice communications over a network
using open-standards-based IP. Cisco IP phone products are a key component of
the Cisco Unified Communications system, which delivers the business benefits

of a converged network to organizations of all sizes.
Cisco Unified MeetingPlace: This multimedia conferencing solution fully
integrates voice, video, and web conferencing capabilities to give remote
meetings a natural and effective, face-to-face quality for medium-size to large
organizations.
Video delivery and conferencing: The Cisco Unified Communications
infrastructure supports video delivery. Cisco Unified videoconferencing solutions
provide a reliable, versatile, and easy-to-manage network infrastructure for
videoconferencing.

Reviewing the Cisco PPDIOO Approach
To design a network that meets customer needs, the organizational goals, organizational
constraints, technical goals, and technical constraints must be identified. Cisco has
formalized the lifecycle of a network into six phases: prepare, plan, design, implement,
operate, and optimize (PPDIOO).
The section begins with a review of PPDIOO, and then discusses the design methodology
under PPDIOO.
Upon completing this section, you will be able to discuss PPDIOO and its design
methodology. This ability includes being able to meet these objectives:
•
•

Describe the benefits of using the PPDIOO network lifecycle approach
Describe the three basic steps of the design methodology under PPDIOO

PPDIOO Network Lifecycle Approach
This section reviews the PPDIOO approach for the network lifecycle (see Figure 1-5).


Figure 1-5. PPDIOO Network Lifecycle Approach


The PPDIOO network lifecycle approach reflects the lifecycle phases of a standard
network. The PPDIOO phases are as follows:
•

•

•

Prepare: The preparation phase involves establishing the organizational
requirements, developing a network strategy, proposing a high-level conceptual
architecture, and identifying technologies that can best support the architecture.
The preparation phase can establish financial justification for network strategy by
assessing the business case for the proposed architecture.
Plan: The planning phase involves identifying initial network requirements based
on goals, facilities, user needs, and so on. The planning phase involves
characterizing sites, assessing any existing networks, and performing a gap
analysis to determine whether the existing system infrastructure, sites, and
operational environment can support the proposed system. A project plan
facilitates management of the tasks, responsibilities, critical milestones, and
resources required to implement changes to the network. The project plan should
align with the scope, cost, and resource parameters established in the original
business requirements.
Design: The initial requirements that were derived in the planning phase drive the
activities of the network design specialists. The network design specification is a
comprehensive detailed design that meets current business and technical
requirements and incorporates specifications to support availability, reliability,
security, scalability, and performance. The design specification is the basis for the
implementation activities.



•

•

•

Implement: After the design has been approved, implementation (and verification)
begins. The network or additional components are built according to the design
specifications, with the goal of integrating devices without disrupting the existing
network or creating points of vulnerability.
Operate: Operation is the final test of the appropriateness of the design. The
operate phase involves maintaining network health through day-to-day operations,
including maintaining high availability and reducing expenses. The fault
detection, correction, and performance monitoring that occur in daily operations
provide initial data for the optimize phase.
Optimize: The optimize phase involves proactive management of the network.
The goal of proactive management is to identify and resolve issues before they
affect the organization. Reactive fault detection and correction (troubleshooting)
is needed when proactive management cannot predict and mitigate failures. In the
PPDIOO process, the optimize phase may prompt a network redesign if too many
network problems and errors arise, if performance does not meet expectations, or
if new applications are identified to support organizational and technical
requirements.

Note
Although design is listed as one of the six PPDIOO phases, some design elements may be
present in all the other phases.

Benefits of the Lifecycle Approach

This section summarizes the benefits of the network lifecycle approach.
The network lifecycle approach provides four main benefits:
•
•
•
•

Lowers the total cost of network ownership
Increases network availability
Improves business agility
Speeds access to applications and services

The total cost of network ownership is lowered via these strategies:
•
•
•
•
•
•

Identifying and validating technology requirements
Planning for infrastructure changes and resource requirements
Developing a sound network design aligned with technical requirements and
business goals
Accelerating successful implementation
Improving the efficiency of your network and of the staff supporting it
Reducing operating expenses by improving the efficiency of operation processes
and tools

Network availability is increased via these strategies:



•
•
•
•
•
•
•

Assessing the network's security state and its capability to support the proposed
design
Specifying the correct set of hardware and software releases and keeping them
operational and current
Producing a sound operations design and validating network operation
Staging and testing the proposed system before deployment
Improving staff skills
Proactively monitoring the system and assessing availability trends and alerts
Proactively identifying security breaches and defining remediation plans

Business agility is improved via these strategies:
•
•
•
•
•

Establishing business requirements and technology strategies
Readying sites to support the system you want to implement
Integrating technical requirements and business goals into a detailed design and

demonstrating that the network is functioning as specified
Expertly installing, configuring, and integrating system components
Continually enhancing performance

Access to applications and services is accelerated through these strategies:
•
•
•
•

Assessing and improving operational preparedness to support current and planned
network technologies and services
Improving service-delivery efficiency and effectiveness by increasing availability,
resource capacity, and performance
Improving the availability, reliability, and stability of the network and the
applications running on it
Managing and resolving problems affecting your system and keeping software
applications current

Note
The remainder of this book focuses on the prepare, plan, and design phases of PPDIOO.

Using the Design Methodology Under PPDIOO
The design methodology under PPDIOO consists of three basic steps:
Step 1.

Identify customer requirements. In this step, key decision makers identify the
initial requirements. Based on these requirements, a high-level conceptual
architecture is proposed. This step is typically done during the PPDIOO
prepare phase.


Step 2.

Characterize the existing network and sites. The plan phase involves
characterizing sites, assessing any existing networks, and performing a gap


analysis to determine whether the existing system infrastructure, sites, and
operational environment can support the proposed system. Characterization of
the existing network and sites includes a site and network audit and network
analysis. During the network audit, the existing network is thoroughly
checked for integrity and quality. During the network analysis, network
behavior (traffic, congestion, and so on) is analyzed. This is typically done
within the PPDIOO plan phase.
Step 3.

Design the network topology and solutions. In this step, you develop the
detailed design. Decisions about network infrastructure, intelligent network
services, and network solutions (VoIP, content networking, and so on) are
made. You may also build a pilot or prototype network to verify the design.
You also write a detailed design document.

Identifying Customer Requirements
This section reviews the process for gathering customer requirements for the enterprise
network design discussed in the Designing for Cisco Internetwork Solutions (DESGN)
course (see Figure 1-6).

Figure 1-6. Identifying Customer Requirements