E-Commerce

A design that must stay up

  • Public face of an organization
  • The place where downtime is incredibily harmful
  • The place where budgets are approved\

Ultra Redundant, Ultra secure Firewall Design

  • Only Method through layers is via servers
  • Option of using different firewall vendors at different layers
  • Supports virtual firewall using FWSM (Firewall Services Module) or ACE (Application controle engine) module

(more…)

IPv6 Review

  • Unicast:  One-to-one.
  • Multicast: One-to-many.
  • Anycast: One-to-closest.

 

  • Link-local scope address:  layer2 domain
  • Unique / Site-local scope address: Organization
  • Global scope address: Internet

(more…)

Datacenter Design III (STP, High availability, Failover timers)

STP in the datacenter

STP logical interfaces maximum

  • RSTP / MST reach topology maximus. Switch specs logical / virtual interfaces.  (6500/ 6748)
    • Logical interfaces == ((trunk ports * vlans ) + non-trunk interfaces)
    • Virtual interfaces ( Per line card ) = (( trunk ports * vlans ))
    • verify with ‘show spantree sum total

Example logical interfaces:

6500 Chassis:

  • 120 VLANS
  • 49 Access layer switches
  • 2 connections to each switch ( double uplink but with etherchannel counts as 1 logical interface )
  • 1 Cross Connect to secondary Agg Switch.
  • 30 other devices connected
    • (( 120 * 50 ) + 30 ) = 6030 Logical interface (out of 10,000 max)

Example Virtual interfaces:

Cisco 6748 Linecard

  • 120 VLANS
  • 12 Access layer switches, 4 Etherchannel-bundled connections.
    • 12 x 4 = 48 ports  ( Virtual interfaces counts every interface )
      • ( 120 * 48 ) = 5760 Virtual Interfaces (out of 1800 max)

High Availability

Nic teaming options

  • Adapter fault tolerance (AFT):  active / standby  – Two nics  One switch
  • Switch fault tolerance (SFT):  active / standby  – Two nics Two switches
  • Adaptive Load Balancing (ALB):  active / active – One IP Two Macs
  • Etherchannel – LAG

Expectations and Failover Timers

OperationFailover time
OSPF / EIGRPSubsecond
RTSP1-2 Seconds
Etherchannel1 Second
HSRP Timers3 Seconds
Service Modules1-5 Seconds
Windows TCP Stack Tolerance9 Seconds

Datacenter Design II (Blades, Scaling, Bandwidth)

Blade Server design

  • Overleg with the server team connectivity.
  • Many blade servers enter de “enterprise switch” market with an integrated switch.
  • Pass-through cabling or integrated switches.
  • Significant impact on power – cooling – weight.

Connecting the blade to the network

  • If you use the integrated blade switch, use a layer3 access layer.
  • Avoid a double Layer 2 design:
    •  [Layer 2 on the access layer] connected to a [layer 2 domain within the bladeswitch].
  • If you use passthrough, use a layer2 or layer3 access layer.

Scaling the Datacenter Architecture

(more…)

Datacenter Design I (Core, Aggregation, Access Designs)

Core

  • Not all datacenter designs needs a core layer
  • Access to aggregation, aggregation to core : 10 or 40GBps
  • CEF load balancing tuning (L3 + L4)
  • Core should run L3 only, Aggregation acts as L3/L2 boundry to access
  • Core runs OSPF / EIGRP with aggregation

Aggregration

(more…)

Wan Services (Sonet, Metro, VPLS, MPLS)

SONET / SDH

Sonet ( Synchronous Optical Networking)

  • American National Standards Institute (ANSI)
  • Used in US / Canada
  • Synchronous transport signals (STS) used for speed

Synchronous Digital Hierarchy

  • International Telecommunications union (ITU)
  • Used everywhere expect US / Canada
  • Synchronoous transport Modules (STM) used for speed)

(more…)

IP Subnetting Template

LocationSubnetVLANDescriptionPrefix
10.1.0.0/16
Location0110.1.10.Y
10
Data
10.1.20.Y20Voice
10.1.30.Y30WiFi
10.1.40.Y40Servers Printers
10.1.50.y50Exit VLAN
10.1.98.Y98Public WiFI
10.1.99.Y99Management
10.2.0.0/16
Location0210.2.10.Y10Data
10.2.20.Y20Voice
10.2.30.Y30WiFi
10.2.40.Y40Servers Printers
10.2.50.y50Exit VLAN
10.2.98.Y98Public WiFI
10.2.99.Y99Management

 

 

Routing Design Principles (EIGRP, OSPF, BGP)

EIGRP design principles

  • EIGRP works for arbitrary topologies for small to medium networks.
  • A flat EIGRP network doesn’t really scale beyond 400 routers and will lead to performance issuse
    • How to solve this?
      • Stub areas, summerization, route filtering limits the query scope
  • If EIGRP doesn’t have a feasible successor it will query all it’s neighbours.
    • “I don’t have a route anymore, don’t route through me, give me a viable route”.
  • BFD to optimize convergence (100ms wtih 1000 routes).
  • 2 second hello timer, 6 second hold timer ( recommended )

Multiple EIGRP design principles

  • Used to merge two networks ( Acquisitions )
  • Different administrative groups in a company
  • a way to devide large networks ( and control queries )
  • Routes are distributed between AS ( don’t loop! )

(more…)