Overview
After completing this chapter, you will be able to:
- Explain the Cisco Service-Oriented Network Architecture (SONA) framework
- Describe how the Cisco Enterprise Architecture is used to design enterprise networks
- Explain the Cisco six-phase network life cycle methodology—prepare, plan, design, implement, operate, and optimize (PPDIOO)
Cisco Service-Oriented Network Architecture (SONA) is a framework that enables businesses to build an intelligent enterprisewide network infrastructure. SONA accomplishes this by separating the network architecture into three modules: network infrastructure, infrastructure services, and business applications. This chapter introduces SONA and the Cisco Enterprise Architecture. It also reviews network design methodology under Cisco’s six-phase network lifecycle: prepare, plan, design, implement, operate, and optimize (PPDIOO).
Reviewing Cisco SONA and the Cisco Enterprise Architecture
The rich variety of application-level business solutions available today and the need to integrate these applications has driven the establishment of a new network framework: the Cisco Service-Orientated Network Architecture (SONA). This section begins with a review of the Hierarchical Network Model and discusses how Cisco SONA enables customers to build a more intelligent network infrastructure. It reviews how the Cisco Enterprise Architectures are modules representing focused views of SONA that target each place in the network. The chapter also reviews the role of infrastructure services in an enterprise network design.
The Hierarchical Model
The foundation of the Cisco network architecture is the Hierarchical Network Model. Historically used in the design of enterprise LAN and WAN data networks, a hierarchical model also applies to the infrastructure modules of SONA and the Cisco Enterprise Architecture. Figure 1-1 shows the layers in the hierarchical model.
The Hierarchical Network Model provides a modular view of a network, making it easier to design and build a deterministic scalable infrastructure. The hierarchical network structure is composed of the access, distribution, and core layers. Each layer has its own functions, which are used to develop a hierarchical design.
The model provides a modular framework that enables flexibility in design and facilitates ease of implementation and troubleshooting. The Hierarchical Network Model divides networks into the access, distribution, and core layers, with these features:
- Access layer: Used to grant user access to network devices. In a network campus, the access layer generally incorporates switched LAN devices with ports that provide connectivity to workstations, IP phones, servers, and wireless access points. In the WAN environment, the access layer for teleworkers or remote sites may provide entry to the corporate network across WAN technology.
- Distribution layer: Aggregates the wiring closets, using switches to segment workgroups and isolate network problems in a campus environment. Similarly, the distribution layer aggregates WAN connections at the edge of the campus and provides policy-based connectivity.
- Core layer (also referred to as the backbone): A high-speed backbone, designed to switch packets as fast as possible. Because the core is critical for connectivity, it must provide a high level of availability and quickly adapt to changes. It also provides scalability and fast convergence.
Example Hierarchical Network
Figure 1-2 shows a network mapped to the hierarchical model:
- Access layer: Access layer devices control traffic by localizing service requests to the access media. Access layer devices must also provide connectivity without compromising network integrity. For example, the devices at the access layer must detect whether a user workstation is legitimate, with minimal authentication steps.
- Distribution layer: Distribution layer devices control access to resources that are available at the core layer and must, therefore, make efficient use of bandwidth. In addition, a distribution layer device must address the quality of service (QoS) needs for different protocols by implementing policy-based traffic control to isolate backbone and local environments. Policy-based traffic control enables you to prioritize traffic to ensure the best performance for the most time-critical and time-dependent applications.
- Core layer: Core layer devices provide services that optimize communication transport within the network. In addition, core layer devices are expected to provide maximum availability and reliability with minimum packet processing. Core layer devices should be able to maintain connectivity when the circuits that connect them fail. A fault-tolerant network design ensures that failures do not have a major impact on network connectivity.
Review of Cisco SONA
The intelligent networking framework defined by Cisco for the enterprise is SONA (see Figure 1-3). Cisco SONA uses the extensive product line, services, proven architectures, and experience of Cisco and its partners to help enterprises achieve their business goals.
The SONA framework illustrates the concept that the network is the common element that connects and enables all components of the IT infrastructure. SONA outlines the following three layers of intelligence in the enterprise network:
- The network infrastructure layer: This layer is where all the IT resources are interconnected across a converged network foundation. The IT resources include servers, storage, and clients. The network infrastructure layer represents how these resources exist in different places in the network, including the campus, branch, data center, WAN, metropolitan-area network (MAN), and teleworker. The objective for customers in this layer is to have anywhere and anytime connectivity.
- The interactive services layer: This layer enables efficient allocation of resources to applications and business processes delivered through the networked infrastructure.
- The application layer: This includes business applications and collaboration applications. The objective for customers in this layer is to meet business requirements and achieve efficiencies by leveraging the interactive services layer.
The common thread that links the layers is that SONA embeds application-level intelligence into the network infrastructure elements so that the network itself can recognize and better support applications and services.
Benefits of Cisco SONA
SONA promotes more effective use of networked resources, and provides these benefits:
- Functionality: Supports the organizational requirements.
- Scalability: Supports growth and expansion of organizational tasks by separating functions and products into layers. This separation makes it easier to grow the network.
- Availability: Provides necessary services reliably anywhere, anytime.
- Performance: Provides desired responsiveness, throughput, and utilization on a per-application basis through the network infrastructure and services.
- Manageability: Provides control, performance monitoring, and fault detection.
- Efficiency: Through step-by-step network services growth, SONA provides network services and infrastructure with reasonable operational costs and appropriate capital investment on a migration path to a more intelligent network.
Review of the Cisco Enterprise Architecture
This section provides a review of the Cisco Enterprise Architecture modules.
The Cisco Enterprise Architecture (see Figure 1-4) consists of the following modules, representing focused views of SONA that target each place in the network:
- Cisco Enterprise Campus Architecture: Combines a core infrastructure of intelligent switching and routing with tightly integrated productivity-enhancing technologies; these include Cisco Unified Communications, mobility, and advanced security. The hierarchical architecture of the Cisco Enterprise Campus provides for high availability through a resilient multilayer design, redundant hardware and software features, and automatic procedures for reconfiguring network paths when failures occur. The architecture extends authentication support using standards such as 802.1x and Extensible Authentication Protocol (EAP). It also provides the flexibility to add IP Security (IPsec) and Multiprotocol Label Switching virtual private networks (MPLS VPN), identity and access management, and VLANs to compartmentalize access. Multicast provides optimized bandwidth consumption. QoS prevents oversubscription to ensure that real-time traffic, such as voice and video, or critical data is not dropped or delayed. Integrated security protects against and mitigates the impact of worms, viruses, and other attacks on the network (even at the switch port level). These additions help improve performance and security, while also decreasing costs.
- Cisco Enterprise Edge Architecture: Offers connectivity to voice, video, and data services outside the enterprise. This module enables the enterprise to use Internet and partner resources, and provides resources for its customers. QoS, service levels, and security are the main issues in the enterprise edge module.
- Cisco Enterprise WAN and MAN Architecture: These are part of the Cisco Enterprise Edge Architecture. This module offers the convergence of voice, video, and data services over a single Cisco Unified Communications network. It enables the enterprise to cost-effectively span large geographic areas. QoS, granular service levels, and comprehensive encryption options help ensure the secure delivery of high-quality voice, video, and data services. This enables corporate staff to work efficiently wherever they are located. Security is provided with multiservice VPNs (IPsec and MPLS) over Layer 2 and Layer 3 WANs, hub-and-spoke, or full-mesh topologies.
- Cisco Enterprise Data Center Architecture: A cohesive, adaptive network architecture that supports the requirements for consolidation, business continuance, and security; while enabling service-oriented architectures, virtualization, and on-demand computing. It provides departmental staff, suppliers, or customers with secure access to applications and resources. The architecture simplifies and streamlines management and significantly reduces overhead. Redundant data centers provide backup services through synchronous and asynchronous data and application replication. The network and devices offer server and application load balancing to maximize performance. This solution enables the enterprise to scale without major changes to the infrastructure. This module can be located either at the campus as a server farm or at a remote facility.
- Cisco Enterprise Branch Architecture: Allows enterprises to extend head-office applications and services to remote locations and users. An optimized branch network leverages the WAN and LAN to reduce traffic and to save bandwidth and operational expenses. The infrastructure provides secure access to voice, mission-critical data, and video applications anywhere; with features such as advanced network routing, VPNs, redundant WAN links, application content caching, and local IP telephony call processing. Cisco captures these features in the Integrated Services Router (ISR). The ISR enables enterprises to deploy new services when they are ready, without purchasing new equipment. The enterprise supports the remote configuration, monitoring, and the management of devices located at remote sites. Cisco IOS supports tools that proactively resolve congestion and bandwidth issues before they affect network performance, such as Cisco AutoQoS and the Security Device Manager (SDM).
- Cisco Enterprise Teleworker Architecture: Enables enterprises to securely deliver voice and data services to small office/home office (SOHO) environments over a standard broadband access service. This provides a business-resiliency solution for the enterprise and a flexible work environment for employees. Centralized management minimizes the IT support costs, and robust integrated security mitigates the security challenges of this environment. Integrated security and Identity Based Networking Services (IBNS) enable the enterprise to extend campus security policies to the teleworker. Staff can securely log on to the network over an “always-on” VPN, and gain access to authorized applications and services from a single cost-effective platform. Their productivity can further be enhanced by adding a Cisco IP phone, providing cost-effective access to a centralized IP communications system with voice and unified messaging services.
0 comments
Post a Comment