Enterprise Edge WAN and MAN Architecture
Recall from Chapter 3, “Structuring and Modularizing the Network,” that the Cisco Service-Oriented Network Architecture (SONA) Enterprise Edge and the WAN and MAN modules are represented as the Enterprise Edge functional area of the Cisco Enterprise Architectures. This section describes the Enterprise Edge WAN and MAN architectures and technologies.
Enterprise Edge WAN and MAN Considerations
When selecting Enterprise Edge technologies, consider the following factors:
- Support for network growth: Enterprises that anticipate significant growth should choose a technology that allows the network to grow with their business. WAN technologies with high support for network growth make it possible to add new branches or remote offices with minimal configuration at existing sites, thus minimizing the costs and IT staff requirements for such changes. WAN technologies with lower support for network growth require significantly more time, effort, and cost to expand the network.
- Appropriate availability: Businesses heavily affected by even the smallest disruption in network communications should consider high availability an important characteristic when choosing a connectivity technology. Highly available technologies provide inherent redundancy where no single point of failure exists in the network. Lower-availability technologies can still dynamically recover from a network disruption in a short time period, but this minor disruption might be too costly for some businesses. Technologies that do not inherently provide high availability can be made more available through redundancy in design, by using products with redundant characteristics such as multiple WAN connections, and by using backup power supplies.
- Operational expenses: Some WAN technologies result in higher costs than others. A private-line technology such as Frame Relay or ATM, for example, typically results in higher carrier fees than a technology such as an IPsec-based IP VPN, which takes advantage of the public Internet to help reduce costs. It is important to note, however, that migrating to a particular technology for the sole purpose of reducing carrier fees, without considering network performance and QoS, can limit support for some advanced technologies such as voice and video.
- Operational complexity: Cisco MAN and WAN technologies have varying levels of inherent technical complexity, so the level of technical expertise required within the enterprise also varies. In most cases, businesses can upgrade their MAN or WAN and take advantage of the expertise of the existing IT staff, requiring minimal training. When an enterprise wants to maintain greater control over its network by taking on responsibilities usually borne by an SP, extensive IT training could be required to successfully deploy and manage a particular WAN technology.
- Voice and video support: Most Cisco MAN and WAN technologies support QoS, which helps enable advanced applications such as voice and video over the network. In cases where a WAN technology uses an SP with a Cisco QoS-certified multiservice IP VPN, an adequate level of QoS is assured to support voice and video traffic. In cases where the public Internet is used as the WAN connection, however, QoS cannot always be guaranteed, and a high-bandwidth broadband connection might be required for small offices, teleworkers, and remote contact center agents using voice and video communications.
- Effort and equipment cost to migrate from private connectivity: When an enterprise is migrating from private connectivity to another technology, it is important to evaluate the short- and long-term costs and benefits of this migration. In many cases, this is accomplished with minimal investment in equipment, time, and IT staffing. In some instances, however, this migration requires a significant short-term investment, not only in new equipment, but also in IT training. Such an investment might also provide long-term increased cost savings, lower operational expenditures, and increased productivity.
- Network segmentation support: Network segmentation means supporting a single network that is logically segmented. One advantage of network segmentation is that it reduces expenditures associated with equipment and maintenance, network administration, and network carrier charges as compared to separate physical networks. Another advantage is increased security; segmentation can help isolate departments or limit partners’ access to the corporate network.
Cisco Enterprise MAN and WAN Architecture Technologies
The Cisco Enterprise MAN and WAN architecture employs a number of MAN and WAN technologies engineered and optimized to interoperate as a contiguous system, providing the integrated QoS, network security, reliability, and manageability required to support a variety of advanced business applications and services. These technologies include a number of secure alternatives to traditional private WAN connectivity and help increase network scalability and reduce monthly carrier fees. The Cisco Enterprise MAN and WAN architecture includes the following technologies, as summarized in Table 5-4:
- Private WAN: Private connectivity takes advantage of existing Frame Relay, ATM, or other connections. To provide an additional level of security when connecting sites, strong encryption (using Digital Encryption Standard [DES], Triple DES [3DES], and Advanced Encryption Standard [AES]) can be added. A private WAN is ideally suited for an enterprise with moderate growth expectations, where relatively few new branches or remote offices will be deployed over the coming years. Businesses that require secure, dedicated, and reliable connectivity for compliance with information privacy standards, and that also require support for advanced applications such as voice and video, benefit from encrypted private connectivity. However, this technology can result in relatively high recurring monthly carrier fees and is not the preferred technology for extending connectivity to teleworkers and remote call agents. An enterprise might choose encrypted private connectivity to network its larger branch offices, but opt for other technologies, such as a VPN, to connect remote users and smaller sites.
- ISP service (site-to-site and remote-access IPsec VPN): These technologies take advantage of the ubiquity of public and private IP networks. The use of strong encryption standards (DES, 3DES, and AES) makes this WAN option more secure than traditional private connectivity and makes it compliant with the many new information security regulations imposed on government and industry groups (such as healthcare and finance). When implemented over the public Internet, IPsec VPNs are best suited for businesses that require basic data connectivity. However, if support for delay-sensitive, advanced applications such as voice and video is required, an IPsec VPN should be implemented over an SP’s private network where an adequate level of QoS is assured to support voice and video traffic. Relatively low monthly carrier fees make this technology appropriate for businesses seeking to connect a high number of teleworkers, remote contact center agents, or small remote offices over a geographically dispersed area.
- SP MPLS and IP VPN: A network-based IP VPN is similar in many ways to private connectivity, but with added flexibility, scalability, and reach. The any-to-any nature of an MPLS-enabled IP VPN (any branch can be networked to any branch), combined with its comprehensive QoS for voice and video traffic, suits the needs of many enterprises, especially those with high growth expectations, where many new branches and remote offices will be added over the next few years. The secure, reliable connectivity and relatively lower carrier fees that are inherent in this technology make a network-based IP VPN a good choice for businesses looking to use a managed service solution to connect branches, remote offices, teleworkers, and remote call agents.
- Self-deployed MPLS: Self-deployed MPLS is a network segmentation technique that allows enterprises to logically segment the network. Self-deployed MPLS is typically reserved for very large enterprises or an SP willing to make a significant investment in network equipment and training, and for those that have an IT staff that is comfortable with a high degree of technical complexity.
|
|
|
|
| |
|---|---|---|---|---|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
Open table as spreadsheetEnterprises can use a combination of these technologies to support their remote connectivity requirements. Figure 5-20 shows a sample implementation of a combination of three technologies in a healthcare environment.
Selecting Enterprise Edge Components
After identifying the remote connectivity requirements and architecture, you are ready to select the individual WAN components.
Hardware Selection
When selecting hardware, use the vendor documentation to evaluate the WAN hardware components. The selection process typically considers the function and features of the particular devices, including their port densities, packet throughput, expandability capabilities, and readiness to provide redundant connections.
Software Selection
The next step is to select the appropriate software features; when using Cisco equipment, the software is the Cisco IOS. As illustrated in Figure 5-21, the Cisco IOS Software has been optimized for different markets, network roles, and platforms. Cisco IOS Software meets the requirements of various markets (enterprise, service provider, and commercial) and places in the network (access, core and distribution, and edge).
Suited for access layer devices, Cisco IOS Software T releases support advanced technology business solutions.
Suited for the enterprise core and service provider edge, Cisco IOS Software S releases support voice transport, video, multicast, MPLS VPN, and advanced technologies, such as Layer 2 and Layer 3 VPN and integrated services architecture.
Suited for large-scale networks, Cisco IOS Software XR releases provide high availability with in-service software upgrades.
Cisco IOS software product lines share a common base of technologies. Most of the features available in the T releases for a given technology are also available in the S and XR releases.
Cisco IOS Software Packaging
Cisco is migrating to using Cisco IOS Packaging to simplify the image-selection process by consolidating the total number of packages and using consistent package names across all hardware products. Figure 5-22 illustrates the various packages available with Cisco IOS packaging.
Four packages have been designed to satisfy the requirements in base service categories; they are as follows:
- IP Base: Supports IP data
- IP Voice: Supports converged voice and data
- Advanced Security: Provides security and VPN
- Enterprise Base: Provides enterprise Layer 3 protocols and IBM support
| Note |
|
Three additional premium packages offer new Cisco IOS Software feature combinations that address more complex network requirements:
- SP Services: Adds SP features, including MPLS, ATM, Secure Shell (SSH) and NetFlow, to the IP Voice package
- Advanced IP Services: Adds advanced SP services to the Advanced Security package
- Enterprise Services: Adds advanced SP services to the Enterprise Base package
Advanced Enterprise Services, which integrates support for all routing protocols with voice, security, and VPN capabilities, includes all the features of the other packages.
| Note |
|
After a feature is introduced, it is also included in the more comprehensive packages. Cisco calls this the feature inheritance principle of Cisco IOS Packaging; it provides clear migration, clarifying the feature content of the various packages and how they relate to one another.
Cisco IOS Packaging Technology Segmentation
Table 5-5 illustrates some of the technologies supported in the various Cisco IOS packages.
|
|
|
|
|
| |
|---|---|---|---|---|---|
|
|
| ||||
|
|
|
| |||
|
|
|
| |||
|
|
|
| |||
|
|
|
|
| ||
|
|
|
|
|
| |
|
|
|
|
|
| |
|
|
|
|
|
|
|
Use the Cisco Feature Navigator at http://www.cisco.com/go/fn/ to quickly find the right Cisco IOS and Catalyst operating system software release for the features that you want to run on your network.
Comparing the Functions of Cisco Router Platforms and Software Families
Table 5-6 compares the functions of the Cisco router platforms and the software families that support them.
| Note |
|
|
|
| |
|---|---|---|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
Comparing the Functions of Multilayer Switch Platforms and Software Families
Table 5-7 compares the functions of the Cisco multilayer switch platforms and the software families that support them.
|
|
|
|
|---|---|---|
|
|
|
|
|
|
|
|
|
|
|
|
| Note |
|
0 comments
Post a Comment