Cisco Enterprise Architecture Model CCNP Course Training in Gurgaon

Network Bulls
www.networkbulls.com
Best Institute for CCNA CCNP CCSP CCIP CCIE Training in India
M-44, Old Dlf, Sector-14 Gurgaon, Haryana, India
Call: +91-9654672192

The Cisco Enterprise Architecture model facilitates the design of larger, more scalable networks. It represents the focused views of the Cisco Service-Oriented Network Architecture (SONA), which concentrates on each area of the network. SONA is covered in Chapter 1, "Network Design Methodology."

As networks become more sophisticated, it is necessary to use a more modular approach to design than just WAN and LAN core, distribution, and access layers. The architecture divides the network into functional network modules. The six modules of the Cisco Enterprise Architecture are

• Enterprise Campus module
• Enterprise Edge module
• Enterprise WAN module
• Enterprise Data Center module
• Enterprise Branch module
• Enterprise Teleworker module

The Cisco Enterprise Architecture maintains the concept of distribution and access components connecting users, WAN services, and server farms through a high-speed campus backbone. The modular approach in design should be a guide to the network architect. In smaller networks, the layers can collapse into a single layer, even a single device, but the functions remain.

Figure 2-4 shows the Cisco Enterprise Architecture model. The Enterprise Campus module contains a campus infrastructure that consists of core, building distribution, and building access layers, with a server farm/data center and edge distribution. Edge distribution provides distribution functions from the campus infrastructure to the Enterprise Edge. The Enterprise Edge module consists of the Internet, e-commerce, VPN, and WAN functions that connect the enterprise to the service provider's facilities. The SP Edge provides Internet, PSTN, and WAN services.

Figure 2-4. Cisco Enterprise Architecture Model

[View full size image]

The network-management servers reside in the campus infrastructure but have tie-ins to all the components in the enterprise network for monitoring and management.

The Enterprise Edge connects to the edge-distribution module of the enterprise campus. In small and medium sites, the edge distribution can collapse into the campus-backbone component. It provides connectivity to outbound services that are further described in later sections.

Enterprise Campus Module

The Enterprise Campus consists of the following submodules:

• Campus core
• Building distribution
• Building access
• Edge distribution
• Server farm/data center

Figure 2-5 shows the Enterprise Campus model. The campus infrastructure consists of the campus core, building-distribution, and building-access layers. The campus core provides a high-speed switched backbone between buildings, to the server farm and to the enterprise distribution. This segment consists of redundant and fast convergence connectivity. The building-distribution layer aggregates all the closet access switches and performs access control, QoS, route redundancy, and load balancing. The building-access switches provide VLAN access, PoE for IP phones and wireless access points, broadcast suppression, and spanning tree.

Figure 2-5. Enterprise Campus Model

The server farm or data center provides high-speed access and high availability (redundancy) to the servers. Enterprise servers such as file and print servers, application servers, e-mail servers, and Domain Name System (DNS) servers, are placed in the server farm. Cisco Unified CallManager servers are placed in the server farm for IP telephony networks. Network management servers are located in the server farm, but these servers link to each module in the campus to provide network monitoring, logging, trending, and configuration management.

An enterprise campus infrastructure can apply to small, medium, and large locations. In most instances, large campus locations have a three-tier design with a wiring-closet component (building-access layer), a building-distribution layer, and a campus core layer. Small campus locations likely have a two-tier design with a wiring-closet component (Ethernet access layer) and a backbone core (collapsed core and distribution layers). It is also possible to configure distribution functions in a multilayer building-access device to maintain the focus of the campus backbone on fast transport. Medium-sized campus network designs sometimes use a three-tier implementation or a two-tier implementation, depending on the number of ports, service requirements, manageability, performance, and availability required.

Enterprise Edge Module

As shown in Figure 2-6, the Enterprise Edge consists of the following submodules:

• E-commerce networks and servers
• Internet connectivity and DMZ
• VPN and remote access
• Enterprise WAN

Figure 2-6. Enterprise Edge Module

E-Commerce

The e-commerce submodule provides highly available networks for business services. It uses the high-availability designs of the server farm module with the Internet connectivity of the Internet module. Design techniques are the same as those described for these modules. Devices located in the e-commerce submodule include

• Web and application servers
• Database servers
• Firewalls
• Network and server intrusion detection systems (IDS)

Internet Edge

The Internet submodule provides services such as public servers, e-mail, and DNS. Connectivity to one or several Internet service providers (ISP) is also provided. Components of this submodule include

• Firewalls
• Internet routers
• FTP and HTTP servers
• SMTP mail servers
• DNS servers

Several models connect the enterprise to the Internet. The simplest form is to have a single circuit between the enterprise and the SP, as shown in Figure 2-7. The drawback is that you have no redundancy or failover if the circuit fails.

Figure 2-7. Simple Internet Connection

You can use multihoming solutions to provide redundancy or failover for Internet service. Figure 2-8 shows four Internet multihoming options:

• Option 1— Single router, dual links to one ISP
• Option 2— Single router, dual links to two ISPs
• Option 3— Dual routers, dual links to one ISP
• Option 4— Dual routers, dual links to two ISPs

Figure 2-8. Internet Multihoming Options

Option 1 provides link redundancy but does not provide ISP and local router redundancy. Option 2 provides link and ISP redundancy but does not provide redundancy for a local router failure. Option 3 provides link and local router redundancy but does not provide for an ISP failure. Option 4 provides for full redundancy of the local router, links, and ISPs.

VPN/Remote Access

The VPN/remote access submodule provides remote-access termination services, including authentication for remote users and sites. Components of this submodule include

• Firewalls
• VPN concentrators
• Dial-in access concentrators
• Adaptive Security Appliances (ASA)
• Network intrusion detection system (IDS) appliances

If you use a remote-access terminal server, this module connects to the PSTN. Today's networks often prefer VPNs over remote-access terminal servers and dedicated WAN links. VPNs reduce communication expenses by leveraging the infrastructure of SPs. For critical applications, the cost savings might be offset by a reduction in enterprise control and the loss of deterministic service. Remote offices, mobile users, and home offices access the Internet using the local SP with secured IP Security (IPsec) tunnels to the VPN/remote access submodule via the Internet submodule.

Figure 2-9 shows a VPN design. Branch offices obtain local Internet access from an ISP. Teleworkers also obtain local Internet access. VPN software creates secured VPN tunnels to the VPN server that is located in the VPN submodule of the Enterprise Edge.

Figure 2-9. VPN Architecture

[View full size image]

Enterprise WAN

The Enterprise Edge includes access to WANs. WAN technologies include the following:

• MPLS
• Metro Ethernet
• Leased lines
• Synchronous Optical Network (SONET) and Synchronous Digital Hierarchy (SDH)
• PPP
• Frame Relay
• ATM
• Cable
• Digital subscriber line (DSL)
• Wireless

Chapters 5 and 6 cover these WAN technologies. Routers in the Enterprise WAN provide WAN access, QoS, routing, redundancy, and access control to the WAN. For MPLS networks, the WAN routers prioritize IP packets based on configured DSCP values to use one of several MPLS QoS levels. Figure 2-10 shows the WAN module connecting to the Frame Relay SP Edge. The Enterprise Edge routers in the WAN module connect to the SP's Frame Relay switches.

Figure 2-10. WAN Module

Service Provider (SP) Edge Module

The SP Edge module, shown in Figure 2-11, consists of SP edge services such as the following:

• Internet services
• PSTN services
• WAN services

Figure 2-11. WAN/Internet SP Edge Module

Enterprises use SPs to acquire network services. ISPs offer enterprises access to the Internet. ISPs can route the enterprise's networks to their network and to upstream and peer Internet providers. Some ISPs can provide Internet services with DSL access. Connectivity with multiple ISPs was described in the "Internet Edge" section.

For voice services, PSTN providers offer access to the global public voice network. For the enterprise network, the PSTN lets dialup users access the enterprise via analog or cellular wireless technologies. It is also used for WAN backup using ISDN services.

WAN SPs offer MPLS, Frame Relay, ATM, and other WAN services for Enterprise site-to-site connectivity with permanent connections. These and other WAN technologies are described in Chapter 5, "WAN Technologies."

Remote Modules

The remote modules of the Cisco Enterprise Architecture model are the Enterprise Branch, Enterprise Data Center, and Enterprise Teleworker modules.

Enterprise Branch Module

The Enterprise Branch normally consists of remote offices or sales offices. These branch offices rely on the WAN to use the services and applications provided in the main campus. Infrastructure at the remote site usually consists of a WAN router and a small LAN switch, as shown in Figure 2-12. Instead of MPLS or Frame Relay, it is common to use site-to-site VPN technologies to connect to the main campus.

Figure 2-12. Enterprise Branch Module

Enterprise Data Center Module

The Enterprise Data Center uses the network to enhance the server, storage, and application servers. The offsite data center provides disaster recovery and business continuance services for the enterprise. Highly available WAN services are used to connect the enterprise campus to the remote Enterprise Data Center. The data center components include

• Network devices— Routers and high-speed switches
• High-speed LAN technologies— Gigabit and 10 Gigabit Ethernet, InfiniBand, optical switching
• Interactive services— Computer infrastructure services, storage services, security, application optimization
• DC management— Fault and trend management and Cisco VFrame for server and service management

Enterprise Teleworker Module

The Enterprise Teleworker module consists of a small office or a mobile user who needs to access services of the enterprise campus. As shown in Figure 2-13, mobile users connect from their homes, hotels, or other locations using dialup or Internet access lines. VPN clients are used to allow mobile users to securely access enterprise applications. The Cisco Teleworker solution provides a solution for teleworkers that is centrally managed using small integrated service routers (ISR) in the VPN solution. IP phone capabilities are also provided in the Cisco Teleworker solution, providing corporate voice services for mobile users.

Figure 2-13. Enterprise Teleworker Solution