Chapter 7 - Networks

CPTE 433

John Beckett

OSI Model

7 Application – SNMP, HTTP, FTP, etc.6 Presentation – Data formats, encoding, encryption5 Session – Start .. Communicate .. Finish4 Transport – Connecting between networks3 Network – Logical addr (IP etc.), routing2 Data Link – MAC, Low-level errors1 Physical – copper, fiber

A message from each layer goes through all lower levels, then to the other side, then back up to its layer.

Why a Clean Architecture?

The more complex your architecture, the more…

• Likely that something will go wrong• Likely that someone will find a way through

your security system• Likely you’ll have performance problems

you simply can’t diagnose• Difficult to debug if something goes wrong• Defense: Good diagnostic hw/sw and CSA

Skills

Three Topologies

• Star (original)• Bus• Ring• Reality: Most networks use a

combination, such as:– Star to connect regions to main office– Ring to connect offices in a region– Bus to connect workstations within an

office• Switch localizes traffic (somewhat)

Star Issues

• Easiest to trouble-shoot– ..if you don’t have and understand good

tools• Lowest performance/$ of the options• Central node is critical• If you wish to create backup for

central node, you’re doubling the cost

Ring Issues

• Gives much of the redundancy of star with less cost

• Puts more responsibility for routing on individual nodes

• A broken ring can create performance problems, so you must monitor all links for that critical 50% saturation point.

Bus Issues

• Traffic, especially on “chatty” protocols, can be a major overhead issue

• Hubs allow people to see each others’ traffic– Switches provide some protection from

this• Some protocols such as Ethernet

perform miserably when near saturation level– Does not scale well

Centralize or Decentralize?

• Follow the money! Is it “better” to:

• Trouble-shoot separate networks Or

• Have everything come to the home office

• The answer depends on your goals and need for control.

• Trend: Use higher available bandwidth to centralize, reducing support cost

Network C/D Business Drivers

Centralize• Need for central

control

• Low inter-site bandwidth costs

• Complex App inter-relationships

Decentralize• Need Local Support

• High inter-site bandwidth costs

• Simple app inter-relationships

MDF & IDF

MDF• Main Distribution

Frame• Server room• Connections to

IDFs

IDF• Intermediate

Distribution Frame• Also known as

“wiring closet”• Switches, hubs,

perhaps routers• Connections to

workstations & MDF

Distribution Frames• Wires coming into the room should go to the

“frame”.• Wires should go from the frame to each

device in the room.• Thus: All connections from the outside to

devices can be readjusted at the frame rather than re-routing wires above or below.

• Question: Punch-down versus network jacks.– Network jacks are winning.– Leave slack for re-termination if necessary.– Jacks accommodate both fiber and copper.– Wire all eight conductors of copper for powered

links.

Other Frame Issues

• Security: Only people in the networking group should be able to get into an IDF.

• Documentation: – It is critical that all jacks be clearly documented. – It is important that inter-connections be clearly

documented.• Expensive to wire everything to jacks?

– Not as expensive as coping with failure to do it right the first time!

• Link Testing: All cables should be certified at installation time. Once it’s done, it’s done!

• Don’t forget cooling for IDFs

Installing Process

Demarcation Points

Point at which a line passes from one control entity to another

• Networking department• Telephone company or carrier

• Ability to disconnect and test• Clear identification of lines• Need relationships between people

across demarc

Documentation• Physical versus logical• Show distance between frames (intra- and

inter-building)• Standardize naming scheme

– The better your standardization, the less documentation needed

• Ideally, documentation is connected to your management system because duplicate books are never correct

• May be used for billing – another reason for integrating

Hardware vs Software

• Hardware routing can go faster than software for a given CPU speed and I/O device architecture.

• Software routing can run on machines which catch the Moore’s law curve and go faster as your needs increase.

• Mihaescu’s take: Use hardware because it’s engineered for the purpose.– Also tends to be more robust– Supports newer features

• Beckett’s take: Consider software because it’s going to be software-driven anyhow.

• In either case, standardize on a given architecture.

Objections to Software Routing

• Other services can clog up the machine.– So, don’t run them!

• UNIX and Windows are not optimized for it.– Get a faster CPU. Get better NICs.

• Being simpler, hardware devices are less prone to attack.– The issue is not simplicity, but vulnerability.

UNIX and Windows get more attention from their creators to close vulnerability holes.

Bottom Line on Routing

• Reliability: It’s just like my old 386sx33 host doing UNIX: It isn’t what’s there, it’s how you take care of it. Take care of UNIX, Windows, and proprietary routers and they’ll take care of you.

Standards

• Which standard (IETF RFC or IEEE document) is used?

• Which other brands do they state on paper that they inter-operate with?

• Beware of “you can do that” statements

Monitoring

• Real-time• Automatically-generated trouble

tickets?– Perhaps for selected events

• Collect and display data– Collect as text– Display as graphs

Network Management Domain

• Should reflect the administrative structure of the firm.

• Interfaces used to adapt to significant data flows.

• An architecture that bridges administrative structures should be run as a separate task, managed by a joint task-force.

Multiple Administrative Domains

• Establish clear demarc points for routing and bandwidth.– Demarcs within the company? YES!

• Design for independent operation – one section unaffected by another’s failure.– Software Technology Center example

• Keep communicating. – Note what the other guys are doing.– Be more interested in what is happening than in

saying how you think they’re doing it wrong.– Never fall into the “those idiots” trap.

• Essential to agree on protocols to be used!

VLANs

• Use router software to set up the way your subnets work

• Wire each host once• Save walks to closets• System is self-documenting!

How Many Vendors?

• Only one:– May not have everything you need, or

sized wrong• Separate vendor for each device

– Nightmare debugging the mess• Compromise:

– Choose a vendor for each type of device– Related types might have the same

vendor