www.networkbulls.com
Best Institute for CCNA CCNP CCSP CCIP CCIE Training in India
M-44, Old Dlf, Sector-14 Gurgaon, Haryana, India
Call: +91-9654672192
Enterprise Branch architectures encompass a wide range of services that customers want to deploy at the edge of the enterprise. These architectures allow for a variety of connection options, and distance typically is not an issue. The services in this architecture give customers new opportunities to increase security, converge their voice and data traffic, improve productivity, and reduce costs.
Cisco Enterprise Branch Architecture is based on Cisco's Service-Oriented Network Architecture (SONA), which includes plug-in modules that provide remote connectivity to network endpoints. The Enterprise Architecture is a flexible and secure framework for extending headend application functionality to the remote site. Common network components that use the SONA framework for the branch include
- Routers supporting the WAN edge connectivity
- Switches providing the Ethernet LAN infrastructure
- Security appliances securing the branch devices
- Wireless APs allowing for roaming mobility
- Call processing providing Unified Communications and video support
- IP phones and PCs for the end-user devices
Branch Design
It is important to characterize the existing network and gather requirements to develop a suitable design for the branch.
- What level of high availability and/or redundancy is required?
- Is specific server or network protocol support needed?
- Will the network management and/or support be centralized or distributed?
Enterprise Branch Profiles
The SONA framework has three profiles for the Enterprise Branch. They are based on the number of users located at the branch. The profiles are not intended to be the only architectures for branch offices but rather a common set of services that each branch should include. These profiles serve as a basis on which integrated services and application networking are built. The three profiles for the SONA framework enterprise branch are as follows:
- Single-tier design— Up to 50 users (small)
- Dual-tier design— Between 50 and 100 users (medium)
- Multi-tier design— Between 100 and 1000 users (large)
Figure 6-7 shows the three Enterprise branch profiles and the integrated services layers and application networking services that are provided by the branch infrastructure.
The framework's foundation is the branch profile network infrastructure layer, which includes all the common LAN and WAN components. The integrated services layer is built on top of the infrastructure layer and is composed of security, mobility, UC, and identity services. The application networking services are built above the integrated services layer, which organizes the applications services, such as IM, UCC, unified messaging, video delivery, and application delivery services.
Requirements such as high availability, scalability, and redundancy influence the branch profile selected for a branch office.
To integrate both the WAN edge and LAN infrastructure, an integrated services router (ISR) can be used to provide voice, security, and data services. The integrated services router supports triple-speed interfaces (10/100/1000), high-speed WAN interface cards (HWIC), network modules, and embedded security capabilities.
Single-Tier Design
The single-tier design is recommended for branch offices that do not require hardware redundancy and that have a small user base of up to 50 users. This profile consists of an access router providing WAN services and connections for the LAN services. The access router can connect the Layer 2 switch ports in one of three ways:
The Layer 3 WAN services are based on the WAN and Internet deployment model. A T1 is used for the primary link, and an ADSL secondary link is used for backup. Other network fundamentals are supported, such as EIGRP, floating static routes, and QoS for bandwidth protection.
The ISR can support the default gateway function and other Layer 3 services such as DHCP, NAT, and IOS Firewall.
The Layer 2 services can be provided by the ISR or access switches such as the 35x0 or 3750 series switches. It is recommended that you use Rapid PVST+ for all Layer 2 branch offices where loops are present. Rapid PVST+ ensures a loop-free topology when multiple Layer 2 connections are used for redundancy purposes.
Figure 6-8 illustrates the single-tier branch design connecting back to the corporate office.
Dual-Tier Design
The dual-tier design is recommended for branch offices of 50 to 100 users, with an additional access router in the WAN edge allowing for redundancy services. Typically two 2821 or 2851 routers are used to support the WAN, and separate access switches are used to provide LAN connectivity.
The infrastructure components are dual-access routers, external Layer 2/Layer 3 switches, laptops, desktops, printers, and IP phones. Dual Frame Relay links are used to connect to the corporate offices via both of the access routers.
Layer 3 services such as EIGRP are deployed. Because there are two routers, HSRP or GLBP can be used to provide redundancy gateway services. QoS can also be used to provide guaranteed bandwidth for VoIP, and policing can be used to restrict certain traffic classes from overwhelming the available bandwidth.
The dual-tier design supports using a higher-density external switch or using the EtherSwitch module with the ISR to create trunks to the external access switches. The Cisco Catalyst 3750 series switches have StackWise technology, allowing multiple switches to be connected and managed as one. This also increases the port density available for end-user connections. With Cisco StackWise technology, customers can connect up to nine 3750 series switches using a variety of fiber and copper ports, allowing greater flexibility with the connection options.
Multi-Tier Design
The multi-tier design is the largest of the branch profiles, supporting between 100 and 1000 users. This design profile is similar to the dual-tier design in that it also provides dual-access routers in the WAN edge. In addition, dual ASAs are used for firewall filtering, and dual distribution switches provide the multilayer switching component. The WAN services use an MPLS deployment model with dual WAN links into the WAN cloud.
Because there are dual routers, the typical redundancy services can also be provided such as EIGRP load balancing and HSRP/GLBP. The ASAs dual configuration allows for ASA failover. QoS services such as shaping and policing can be applied to all the routers and switches as required.
To meet the requirements of the larger user base, a distribution layer of multilayer switches is added to aggregate the connected access switches. A multilayer switch provides the additional LAN switching capabilities to meet the port density requirements and allowing flexibility to support additional network devices.
A couple of hardware options for this design are the Cisco Catalyst 3750 with StackWise technology or using a modular approach with a Cisco Catalyst 4500. The Cisco 3750 series of switches provide great port densities but do not provide the redundant power without the additional Cisco RPS (external power supply). However, the Cisco 4500 switch platform not only allows for flexibility by adding port densities and interface types but also provides redundant power internally for the entire chassis when using dual power supplies.
If Cisco Catalyst 3560 and 3750 switches are used, additional Layer 2 security features such as dynamic ARP inspection, DHCP snooping, and IP source guard can be used to provide additional security enhancements.
Figure 6-10 illustrates the multi-tier branch design using dual routers, ASAs, and distribution switches.
No comments:
Post a Comment