Designing a resilient IP network depends on a multitude of variables such as resources, constraints, and funds. You might not be able to get a definite list of rules for network design, but a few principles are worth noting, including the following:
- Simplicity
- Modularity
- Security
These principles are tried and tested and have been proven to be effective in every successful network.
Simplicity
In IP network design, you might be able to achieve more by having less. One of the common mistakes many network managers make when it comes to network resiliency is an "overdesigned" network. By provisioning more redundant components than required, a network manager might actually complicate things and make matters worse. The network might become too complex to implement, monitor, and troubleshoot. The result: The network suffers from more outages.
Simplicity is perhaps the most important principle of all. It advocates implementing the minimal hardware and features to achieve the desired result, and, thus, it ultimately drives cost-savings. However, network managers must tread a fine line, because excessive cost-savings often leads to running too many logical functions within a single box. Remember, there has to be a limit to cost cutting.
Modularity
If you view the entire network as one entity, it is a huge and complex system. The network, however, is more manageable if you break it into various smaller components, as shown below -
This shows how a network can be broken into smaller modules, as follows:
- Core The module that links the rest of the modules (commonly known as the backbone)
- Access The module from which users interface with the network
- Internet The module that connects the entire network to the Internet
- WAN The module that connects remote branches
- Data center The module that connects all the servers
Each of these smaller modules has its distinct role within the network. Because each of these modules has a unique function to perform, each requires different features to be effective in its work. For example, the features that you look for in the core module (mainly IP routing) differ from those in the access module (mainly Ethernet switching). This enables one to identify the suitable hardware to be deployed within the different modules.
In addition, it is clear that certain features may be important in a module but may not be so in another. Often, network managers ask for every feature on a particular piece of hardware, only to pay too much for a piece of hardware that eventually does little. The excuse for doing this is always the "just in case" mentality. However, with proper logical design in place, and most important, a consistent strategy, you can avoid this.
Another advantage of having a modular network design is it enables you to isolate problems within a module. If you contain the problem, the rest of the network can then continue to function, which means fewer users are affected and more overall uptime of the network.
Security
With hacking tools readily available now, it no longer takes a professional to do damage to your network. A youth sitting in his study room with broadband access to the Internet is all it takes. Therefore, security is paramount and should not be compromised when designing the network.
The job of the network is to transport IP packets from source to destination. Therefore, the resources required to perform the job, the routing information and the devices, become important entities and natural targets of attacks.
Protecting these resources becomes a paramount task when designing the network. These resources can be exploited in many ways; the best source of information is a white paper under the Cisco SAFE Blueprint series:
http://www.cisco.com/en/US/docs/solutions/Enterprise/Security/SAFE_RG/SAFE_rg.html
You might also like these recent post -
Spanning Tree Protocol (STP) - The Necessary Evil - Read This
Five Most Commonly used Networking Technologies - Read This
Understanding Five Nines of Uptime - Read This
Distribured Virtual Datacenter for Enterprise cloud - Read This
Cisco ASR 9000 - Network Virtualization Technology - Read This
Found it useful, Consider sharing it with your friends -