Converged networks contain a variety of different types of traffic, including the following:
■ Voice and video traffic—Examples include IP telephony, video broadcast, andconferencing.
■ Voice applications traffic—Generated by voice-related applications, such as contact centers.
■ Mission-critical traffic—Generated by applications critical to an organization (for example, information generated by a stock exchange application at a finance company, patient records at a hospital, and so forth).
■ Transactional traffic—Generated by applications such as those for e-commerce.
■ Routing protocol traffic—Data from whichever routing protocols are running in the network, such as the RIP, OSPF, EIGRP, IS-IS, and BGP.
■ Network management traffic—Including information about the status of the network and its devices.
The requirements on the network differ significantly depending on the mix of traffic types, especially in terms of security and performance.
Several security strategies, such as device hardening with strict access control and authentication, intrusion protection, intrusion detection, and traffic protection with
encryption, can minimize or possibly eliminate network security threats. Security is a key issue in all networks and becomes even more important in wireless networks.
Cisco IIN
With the IIN, Cisco is helping organizations to address new IT challenges, such as the deployment of service-oriented architectures, web services, and virtualization.
The IIN technology vision consists of three phases:
■ Phase 1: Integrated transport—Everything (data, voice, and video) consolidates onto an IP network for secure network convergence. By integrating data, voice, and video transport into a single, standards-based, modular network, organizations can simplify network management and generate enterprisewide efficiencies. Network convergence also lays the foundation for a new class of IP-enabled applications, delivered through Cisco Unified Communications solutions (UCS is known before 2006 as Cisco IP Communications products. These include all call control, conferencing, voice-mail and messaging, customer contact, IP phone, video telephony, videoconferencing, rich media clients, and voice application products.).
■ Phase 2: Integrated services—When the network infrastructure is converged, IT resources can be pooled and shared, or virtualized, to flexibly address the changing needs of the organization. Integrated services help to unify common elements, such as storage and data center server capacity. By extending this virtualization concept to
encompass server, storage, and network elements, an organization can transparently use all of its resources more efficiently. Business continuity is also enhanced because in the event of a local systems failure, shared resources across the IIN can provide needed services.
■ Phase 3: Integrated applications—This phase focuses on making the network application-aware so that it can optimize application performance and more efficiently deliver networked applications to users. With Application-Oriented Networking (AON) technology, Cisco has entered this third IIN phase. In addition to capabilities such as content caching, load balancing, and application-level security, the Cisco AON makes it possible for the network to simplify the application infrastructure by integrating intelligent application message handling, optimization, and security into the existing network.
Cisco SONA Framework
The Cisco SONA architectural framework guides the evolution of enterprise networks toward an IIN. Using the SONA framework, enterprises can improve flexibility and increase efficiency by optimizing applications, business processes, and resources to enable IT to have a greater impact on business.
The SONA framework outlines the following three layers:
■ Networked infrastructure layer—Interconnects all the IT resources across a converged network foundation. The IT resources include servers, storage, and clients. The networked infrastructure layer represents how these resources exist in different places in the network, including the campus, branch, data center, wide-area network
(WAN), metropolitan-area network (MAN), and with the teleworker. The objective of this layer is to provide connectivity, anywhere and anytime.
■ Interactive services layer—Enables efficient allocation of resources to applications and business processes delivered through the networked infrastructure. This layer includes these services: Voice and collaboration services, Mobility services, Security and identity services, Storage services, Computer services, Application networking services, Network infrastructure virtualization, Services management, Adaptive management services.
■ Application layer—Includes business applications and collaboration applications. The objective of this layer is to meet business requirements and achieve efficiencies by leveraging the interactive services layer.
Cisco Network Models
Cisco Enterprise Architecture
Cisco provides an enterprisewide systems architecture that helps companies to protect, optimize, and grow the infrastructure that supports their business processes.
The Cisco Enterprise Campus Architecture combines a core infrastructure of intelligent switching and routing with tightly integrated productivity-enhancing technologies, including IP communications, mobility, and advanced security.
The Cisco Enterprise Data Center Architecture is a cohesive, adaptive network architecture that supports requirements for consolidation, business continuance, and security while enabling emerging service-oriented architectures, virtualization, and on-demand computing.
The Cisco Enterprise Branch Architecture allows enterprises to extend head-office applications and services (such as security, IP communications, and advanced application performance) to thousands of remote locations and users or to a small group of branches. Cisco integrates security, switching, network analysis, caching, and converged voice and video services into a series of integrated services routers (ISRs) in the branch so that the enterprises can deploy new services without buying new routers.
The Cisco Enterprise Teleworker Architecture allows enterprises to securely deliver voice and data services to remote small or home offices over a standard broadband access service, providing a business-resiliency solution for the enterprise and a flexible work environment for employees. Centralized management minimizes the IT support costs.
The Cisco Enterprise WAN Architecture offers the convergence of voice, video, and data services over a single Cisco Unified Communications network, which enables the enterprise to cost-effectively span large geographic areas.
Cisco Hierarchical Network Mode
Traditionally, the three-layer hierarchical model, has been used in network design, providing a modular framework that allows design flexibility and facilitates implementation and troubleshooting.
Hierarchical Model Applied to the Enterprise Campus |
- Distribution layer —This layer aggregates the wiring closet connections and uses switches to segment workgroups and isolate network problems in a campus environment. Similarly, the distribution layer aggregates WAN connections at the edge of the campus and provides policy-based connectivity (in other words, it implements the organization’s policies).
- Core layer (also referred to as the backbone)—The core layer is a high-speed backbone and is designed to switch packets as fast as possible. Because the core is critical for connectivity, it must provide a high level of availability and adapt to changes quickly.
Cisco Enterprise Composite Network Model
Cisco has developed a set of best practices for security, comprising a blueprint for network designers and administrators for the proper deployment of security solutions to support network applications and the existing network infrastructure. This blueprint is called “SAFE.” SAFE includes the Enterprise Composite Network Model, which network professionals can use to describe and analyze any modern enterprise network. This model supports larger networks than those designed with only the hierarchical model and clarifies the functional boundaries within the network.
Modules Within the Enterprise Composite Network Model |
Creating, Documenting, and Executing an Implementation Plan
An effective, documented, implementation plan is a result of good processes and procedures during network design, deployment, and performance testing.
There are two approaches to implementing changes to a network: using an ad hoc approach or using a structured approach.
- In an ad hoc approach, the network engineer identifies the need for a change, such as a routing protocol implementation, and implements the solution without planning any of the tasks. New equipment may be added, and new offices may be deployed. With such an approach, it is more likely that scalability issues, suboptimal routing, and security issues can occur. A good implementation plan is required to avoid such difficulties.
- In a structured approach, the network engineer identifies the need for a network upgrade (for example, a new routing protocol implementation) and starts with planning as the first step. Based on the existing topology, all potential changes are reviewed, and many considerations are taken into account. The design and implementation plan are completed, and may include a new topology, an IP addressing plan, a solution to scalability issues, a link utilization upgrade, remote network connectivity, and changes to other network parameters.
Many models and methodologies used in IT define a lifecycle approach using various processes to help provide high-quality IT services.
The following are some examples of these models (Project Planning Methodologies):
■ The Cisco Lifecycle Services (Cisco) approach defines the minimum set of activities needed to help customers successfully deploy and operate Cisco technologies and optimize their performance throughout the lifecycle of the network. The Cisco Lifecycle Services approach defines six phases in the network lifecycle and is referred to as the
■ Prepare, Plan, Design, Implement, Operate, and Optimize (PPDIOO) (Cisco) model. The implementation plan is part of the Design phase; implementation is of course part of the Implement phase.
■ IT Infrastructure Library (ITIL) (Great Britain) is a framework of best practices for IT service management, providing high-quality IT services that are aligned with business requirements and processes. The implementation plan and implementation are part of ITIL best practices.
■ The Fault, Configuration, Accounting, Performance, and Security (FCAPS) (ISO) model is defined by the International Organization for Standardization (ISO) and defines the minimum set of categories needed for successful network management. Five different categories are defined: Fault Management, Configuration Management, Accounting Management, Performance Management, and Security Management. The implementation plan and implementation are part of the Configuration Management category.
■ The Telecommunications Management Network (TMN) (ITU-T) modelis similar to the FCAPS model and defines a framework for the management of telecommunication networks. The Telecommunications Standardization Sector (ITU-T) took the main aspects of the FCAPS Model and refined it to create the TMN framework. The implementation plan and implementation are one of the building blocks within the framework
Each organization has unique requirements. The model and its elements chosen should fit the organization, and its business and technical requirements. Different models may be combined and adapted for an optimal fit. No Single Plan Style
After the model has been selected, the cost-effective tools that support the model are chosen to allow a successful deployment of Cisco technologies with optimized performance.
Creating an Implementation Plan
PPDIOO model includes three basic steps:
Step 1. Identify customer requirements: In this step, which is typically completed during the PPDIOO Prepare phase, key decision makers identify the initial business and technical requirements. Based on these requirements, a high-level conceptual architecture is proposed.
Step 2. Characterize the existing network and sites: The Plan phase involves characterizing sites and assessing any existing networks, and performing a gap analysis to determine whether the existing system infrastructure, sites, and operational environment can support the proposed system. Characterization of the existing network and sites includes site and network audit and network analysis. During the network audit, the existing network is thoroughly checked for integrity and quality. During the network analysis, network behavior (traffic, congestion, and so forth) is analyzed.
Step 3. Design the network topology and solutions: In this step, the detailed design of the network is created. Decisions are made about networked infrastructure, infrastructure services, and applications. The data for making these decisions is gathered during the first two steps.
The next step in the life of the project occurs when a network engineer takes the approved design document from the design team and begins planning the implementation of the project.
When the design is complete, the design implementation process is executed; this process includes the following steps:
Step 1. Plan the implementation: During this step, the implementation plan is prepared in advance to expedite and clarify the actual implementation. Cost assessment is also undertaken at this time. This step is performed during the PPDIOO Design phase.
Step 2. Implement and verify the design: The actual implementation and verification of the design take place during this step by building the network. This step
maps directly to the Implement phase of the PPDIOO methodology.
Step 3. Monitor and optionally redesign: The network is put into operation after it is built. During operation, the network is constantly monitored and checked for
errors. If troubleshooting problems become too frequent or even impossible to manage, a network redesign might be required; this can be avoided if all
previous steps have been completed properly. This step is a part of the Operate and Optimize phases of the PPDIOO methodology.
The following steps are completed during creation and execution of an implementation plan:
■ Planning the implementation
■ Selecting the tools and resources required
■ Coordinating work with specialists
■ Verifying the implementation
■ Interpreting performance results
■ Documenting the baseline, performance, and recommendations
Implementation Plan Documentation
The implementation plan documentation must be correct and up-to-date, because it is needed during both implementation and verification.
The documentation must also be accessible (for example, to troubleshooting engineers). The documentation should contain all the current information about the equipment and configuration, and should include known issues, the baseline status, and the details and results of the verification tasks.
The documentation creation process is not finished until the end of the project, when the verification information is added to it.
The implementation plan documentation should include the following:
■ Network information
■ Tools required
■ Resources required
■ Implementation plan tasks
■ Verification tasks
■ Performance measurement and results
■ Screen shots and photographs, as appropriate
Example Network Scenario
An organization has an existing network that it wants to upgrade.
- Requirements must be defined, and the existing network characterized. (A list of existing and required equipment, The current and required software versions on the equipment, The design documentation, The network topology (physical and logical), Current link utilization and metrics, IP addressing, QoS, security)
- Network Implementation Plan
A project contact list and statements of work, to define all the people involved and their commitments to the project
Site and equipment location information and details of how access to the premises is obtained
Tools and resources required
Assumptions made
Tasks to be performed, including detailed descriptions
Network staging plan
After successful implementation, the documentation must be updated to include all the details, verification steps, and results.
Summary of the Role of Network Engineer
With a company of medium size to large company(for example: 50,000 employees, with 1000 smallish remote sites, four large sites with at least 2000 employees on each large campus), the job roles includes:
- (Layer 1) HelpDesk (IT customer support, manned 24x7), perform diagnosis of network health, taking a general problem statement from a customer down to a specific issue, for example, that a user’s device is not pingable.
- (Layer 2) NOC - an operations team that covers most hours of the day, reacting to calls from the Help Desk and monitoring the network proactively. The operations staff also often implements changes on behalf of the engineering team during offshift hours.
- (Layer 3) network engineering - focuses on project work, including the detailed planning for new configurations to support new sites, new network features, and new sites in the network.
- (Layer 4) a design team - may actually log in to the network devices far less than the operations and engineering teams, instead focusing on gathering requirements from internal and external customers, translating those requirements into a network design and even doing proof-of-concept testing—but leaving the details of how to deploy the design for all required sites to the network engineering team.
The number of individuals in each role varies in different organizations.
The CCNP certification focuses on skills required to do the job of network engineer.
The expectations for CCNP network engineers:
DOESN'T:
- Does not create the design document (done by Layer 4)
- Does not deploy the configurations off-shift (done by Layer 2)
- Does not verify that the changes worked as planned when implemented off-shift (done by Layer 2)
DOES:
- Does participate in design peer reviews, finding oversights, asking further questions that impact the eventual implementation, and confirming the portions of the design that appear complete and valid
- Does participate in peer reviews of the implementation plans written by fellow network engineers, finding omissions, caveats, and problems
- Does perform peer reviews of other engineers’ verification plans
- Does plan and document the specific configurations for each device, documenting in the implementation plan
- Does create the verification plan that others use to verify that the changes worked as planned when implemented off-shift
Planning Tasks for the CCNP Candidate |
gathered before you can complete the configuration.
2) Read an extract from the design and implementation plans to determine what is wrong or missing.
3) Read a configuration and design goal as stated in an implementation plan, and create the verification steps that would confirm whether the feature was working.
4) Analyze a portion of a verification plan, along with the stated configuration and design goals, and determine any problems or missing elements in the verification plan.
When you attend a real implementation plan peer review, you and other engineers can see the plan and immediately think of different questions. Those questions may be questions about the technology—some fact you used to know but forgot, some confusion about how a command would work given the specific design, or some question about the design goal that led to the listed configuration.
The Implementation Plan Peer Review table predicts some of the questions that might come to mind when performing a peer review. Your job with this table is to then answer the questions
Some of the types of items you might see in a network implementation plan:
The existing network:
- Router and switch hardware
- IOS versions and feature sets
- RAM and flash in each device
- Existing configurations
- IP Subnet and Addressing Plan, Assignments, and Conventions
Management:
- Personnel and roles, contact information
- Assumptions and dependencies
- Required management sign-offs
- New tools, reporting, status update process
New project details:
- Design goals (reference to design doc possibly)
- Hardware upgrades
- Software upgrades
- Timelines to make changes
- Specific configurations for each device
- Migration issues (assuming a subset of sites are implemented in any one change window)
- Network diagrams, possibly for each interim step during a migration
Project completion:
- Final sign-off requirements
- Definitions of success
- Submission of revised site documentation, operational procedures, and any other permanent documentation