System

About This Presentation

Title:

System

Description:

IDF closets should have special cooling beyond what the building air-conditioning can supply. ... Extra wiring to the closet is very expensive and disruptive to ... – PowerPoint PPT presentation

Number of Views:82

Avg rating:3.0/5.0

Slides: 78

Provided by: liuta

Category:

more less

Transcript and Presenter's Notes

Title: System

1
System Network Administration

Chapter 18 Networks
By Chang-Sheng Chen (20080304)

2
Contents of Chapter 18

18.1 The Basics
18.1.1 The OSI Model
18.1.2 Clean Architecture
18.1.3 Network Topologies
18.1.4 Intermediate Distribution Frame
18.1.5 Main Distribution Frame
18.1.6 Demarcation Point
18.1.7 Documentation
18.1.8 Simple Host Routing
18.1.9 Use Network Devices
18.1.10 Overlay Network

18.1.11 Number of Vendors
18.1.12 Standard-based Protocols
18.1.13 Monitoring
18.1.14 Single Administrative Domain
18.2 The Icing
18.2.1 Leading-Edge vs. Reliability
18.2.2 Multiple Administrative Domains
18.3 Conclusion

3
The Closed Network (????)

PSTN Public Switched Telephone Network

4
The Network Today
5
Internet ?Intranet Extranet

Intranets differ from "Extranets" in that the
former are generally restricted to employees of
the organization while extranets can generally be
accessed by customers, suppliers, or other
approved parties.
The Internet is a worldwide, publicly accessible
series of interconnected computer networks that
transmit data by packet switching using the
standard Internet Protocol (IP). It is a "network
of networks" that consists of millions of smaller
domestic, academic, business, and government
networks, which together carry various
information and services, such as electronic
mail, online chat, file transfer, etc.

6
Local-area Networks (LANs)
7
802.3 LAN Development Todays LANs
8
Wide-area Networks (WANs)
9
Metropolitan-Area Network (MANs)

POP Point of Presence

10
Storage-Area Networks (SANS)
11
18.1.1 OSI Model
12
Network Protocols
13
Peer-to-Peer Communication
14
Devices Function at Layers
15
18.1.2 Clean Architecture

A network architecture should be as simple and
clean to understand as it can be.
It should be possible to briefly describe the
approach used in designing the network and to
draw a few simple pictures to illustrate that
design.
A clean architecture makes debugging network
problem much easier.
You can tell what path traffic should take from
point A to point B. You can tell which links
affect which networks.
Having a clear understanding of traffic flow on
your network puts you in control of it.

16
Clean Architecture (cont.)

A clean architecture encompasses both physical
and logical network topologies and the network
protocols that are used on both host and network
equipments.
It also has a clearly defined growth strategy,
both for adding LAN segments and for connecting
new remote offices.

17
Developing a LAN Topology
18
18.1.3 Network Topology

Network topologies change as technologies and
cost structures change.
They also change as companies grow, set up large
remote offices, or buy other companies.
Typical Network Topologies
Star topology
Pro it is easy to understand, simple and often
cost-effective to implement.
Con it has an obvious single-point-of-failure
problem.
Extended star topology (multi-star)
A common variant of the start topology,
consisting of multiple stars, the centers of
which are connected to each other with redundant
high-speed links.

19
?????????????
20
Network Topology
21
Typical Network Topologies (cont.)

Ring topology (i.e., redundant links)
Most often used for particular low-level
topologies such as SONET rings. They are often
found in local area and campus networks and are
sometimes useful for WANs.
Any one link or network entity can fail without
affecting connectivity between functioning
members of the ring.
Adding new members to the ring, particularly in a
WAN, can involve reconfiguring connectivity at
multiple sites, however.
There are many other possible network topologies,
as shown in the figures of the previous page.

22
Network Topology (cont.)- Logical Network
Topology

The star, multistar, ring topologies described
previously can appear in either physical or
logical topology.
In the following, we will describe some other
common logical topologies.
Flat topology (bus topology)
In a flat topology, there are no layer 3 devices
except at the egress point (????).
E.g., all machines reside in the same address
block with the same network number and network
mask.
Location-based topology
Layer 2 networks are assigned based on physical
location.
Functional group-based topology (e.g., VLAN)
Each member of a group that works as a functional
unit is connected to the same (flat) network
regardless of location (within reason).

23
VLANs and Physical Boundaries
24
18.1.4 Intermediate Distribution Frame (IDF)

An Intermediate Distribution Frame (IDF) is a
fancy name for a wiring closet (???/?).
The distribution system is the set of network
closets and wiring that brings network
connectivity out to the desktops.
The need for IDFs, and how to design them and lay
them out, is not something that has changed
dramatically over time.
The technologies and wiring specifics are what
change with time.

25
Extended Star Topology in a Multi-Building Campus
26
Intermediate Distribution Frame (cont.)

New innovations in network hardware require
high-quality copper or fiber wiring to operate at
increase speeds.
If you use the newest, highest-specification
wiring available when you build your cable plant,
it is reasonable to expect it to last for five
years before network technologies outpaces it.
However, if you try to save money by using older,
cheaper, lower-specification wiring, you will
need to go through the expense and disruption of
an upgrade sooner than if you had selected better
cabling.
E.g., Category 3 (10M), Category 5 (fast
ethernet), etc.

27
Cabling Standards (1/2) -- Unshielded and
shielded twisted pair cabling standards

The listed information is from Wikipedia
Cat 1 Previously used for POTS telephone
communications, ISDN and doorbell wiring
(Currently unrecognized by TIA/EIA).
Cat 2 Previously was frequently used on 4
Mbit/s token ring networks (Currently
unrecognized by TIA/EIA).
Cat 3 Currently defined in TIA/EIA-568-B, used
for data networks using frequencies up to 16 MHz.
Historically popular for 10 Mbit/s Ethernet
networks.
Cat 4 Provided performance of up to 20 MHz, and
was frequently used on 16 Mbit/s token ring
networks (Currently unrecognized by TIA/EIA).

28
Unshielded and shielded twisted pair cabling
standards (2/2)

Cat 5 Provided performance of up to 100 MHz, and
was frequently used on 100 Mbit/s ethernet
networks. May be unsuitable for 1000BASE-T
gigabit ethernet (Currently unrecognized by
TIA/EIA).
Cat 5e Currently defined in TIA/EIA-568-B.
Provides performance of up to 100 MHz, and is
frequently used for both 100 Mbit/s and gigabit
ethernet networks.
Cat 6 Currently defined in TIA/EIA-568-B. It
provides performance of up to 250 MHz, more than
double category 5 and 5e.
Cat 6a Future specification for 10 Gbit/s
applications.
Cat 7 An informal name applied to ISO/IEC 11801
Class F cabling. This standard specifies four
individually-shielded pairs (STP) inside an
overall shield. Designed for transmission at
frequencies up to 600 MHz.

29
Intermediate Distribution Frame (cont.)

There are two ways to make a connection between
two IDFs.
One is to run bundles of cables between IDFs
within a building.
However, if there are large number of IDFs, the
number of links can make this very expensive and
complicated to maintain.
The other is to have a central location (i.e.,
MDF, Main Distribution Frame) and only run
bundles from IDFs to this central location.
Then, to connect any two IDFs, one simply creates
a cross-connect in the MDF.

30
Intermediate Distribution Frame (cont.)

You generally only get a chance to lay out and
allocate space for your IDFs before moving into a
building.
It is difficult and expensive to change at a
later date if you decide that you did the wrong
thing.
You should have one IDF per floor, more if the
floor is large.
You should align those IDFs vertically within the
building (in other words, located in the same
place on each floor, so that they stack on each
other through the building).
Vertical alignment means that cabling between the
IDFs and the MDF is simpler and cheaper to
install and it is easier to add extra cabling
between the IDFs at a later date.
The IDFs should be numbered with the building
number, floor number, and closet number.

31
Intermediate Distribution Frame (cont.)

IDF should be locked and subject to restricted
access.
Wiring closet should also be on protected power.
IDF closets should have special cooling beyond
what the building air-conditioning can supply.
Network equipment is compact, so you will have
hot-generating devices packed into a small area.
A small IDF closet can get very hot without extra
cooling.
You should also provide remote console access to
all the devices located in the IDFs that support
the functionality.

32
Intermediate Distribution Frame (cont.)- Wiring
to the Desktop (1/2)

It is less expensive to install jacks at
construction time rather than add them one at a
time afterward as needed.
It is reasonable to install one or two more jacks
at every desktop than you think any of your
customer will add later.
Extra wiring to the closet is very expensive and
disruptive to add later.
The same is true when running fiber to the
desktop.
Fiber cable is cheap compared with the cost of
terminating the fiber itself.
Some sites run fiber to the desktop but only
terminate what they actually planning on using
(plus 5 to 10 percent in case of failure).

33
Intermediate Distribution Frame (cont.)- Wiring
to the Desktop (2/2)

Another thing to consider about installing
network jacks is their orientation (??/??).
Jacks are installed in some kind of termination
box or face-plate, which determines which way the
jacks face (e.g., Up, Down, Right, Left).
If the jacks are on the side of the box they can
face up, down, right, or left.
Face right or left (good), Face Up or down (not
good)

34
18.1.5 Main Distribution Frame (MDF)

The Main Distribution Frame (MDF) is what connect
the IDFs together and to the data center.
There should always be plenty of cabling between
the MDF and the IDFs.
It is common for part of the data center to be
the MDF.
In a data center, the MDF is often referred to as
the network row or network racks.
Patch panels in these racks connect to a patch
panel (???) at the top of each rack in the data
center.

35
Main Distribution Frame (cont.)

The MDF must have protected power because it
connects all the server networks that are on
protected power to each other. It also needs
adequate cooling.
It often connects the Internet, WANS, and remote
access customers to the data center.
It connects the IDFs to each other and everything
else.
Typically, there is a single MDF per campus.
A large campus, or one that is particularly
concerned about redundancy, may have more than
one.
An MDF should have the same level of restrict
access as the data center.
Only the network administrator team should need
access to it.

36
18.1.6 Demarcation Point

A demarcation point(???????) is the boundary
between your organization and a utility company,
such as telephone company or network provider.
It can be a fiber cabinet, a set of punch down
blocks, a board in a rack, a piece of network
hardware or a small plastic box on the wall with
a jack or socket for plugging in a cable.
The telephone company is only responsible for the
wiring up to its demarcation points (demarc).
If you have a fault with a line, you need to be
able to show the service engineer where the
correct demarc is, so that he does not end up
trying to test and fix another operational line.
The main thing to know about your demarcation
points is where they are.
Make sure they are properly labeled.

37
Example HiNet ADSL????????????
38
18.1.7 Documentation

Network documentation takes on many forms, the
most fundamental of which is labeling.
Maps of the physical and logical networks should
be part of the network documentation.
The physical network map should show where the
wires go and the end points or ranges of wireless
networks.
If redundancy was part of the physical network
design, it should clearly indicate and document
the physical diverse paths.
The amount and type of connectivity available for
each link should be indicated.

39
Documentation (cont.)

The logical map should show the logical network
topology, with network numbers, names, and
speeds.
It should also show routing protocols and
administrative domains if those vary across the
network.
Both the physical and logical network maps should
reach to the perimeter of the organizations
network and identify its outer boundaries.

40
Documentation Logical Diagram
41
Documentation (cont.)

Labeling is the single most important component
of the network documentation.
Clear, consistent labeling on patch panels and
long distance connections is particularly
important.
A patch panel (???)
should clearly indicate the physical location of
the corresponding patch panel or jacks, and each
of the connections on the patch panel should be
clearly and consistently labeled at both ends.

42
Documentation (cont.)

Long distance connections
should clearly indicate where the circuit goes,
who to report problems to, and what information
will be required when reporting a problem, such
as the circuit ID and where it terminates.
Network cables are often hard to label.
One of the most effective is to use a cable tie
with a protruding flat tab, to which standard
sticky labels can be affixed.

43
Documentation (cont.)

less-permanent connections, such as the network
connection for each host connection, should also
be labeled.
You should only attempt to do this level of
labeling if you can maintain it. Or, incorrect
labels are worse than none at all.
The other key location for documentation is
online, as part of the configuration of the
network devices themselves.
Wherever possible, comment fields and device
names should be used to provide documentation for
the network administrators.
Routers (and switches) usually permit a text
comment to be recorded with each interface.

44
Server Placement
45
18.1.8 Simple Host Routing

The routing within a site should be simple,
deterministic, predictable, and easy to
understand and diagnose.
Using simple routing techniques on hosts.
Making routing on hosts simple makes it possible
to have the same configuration on all host
devices and know that they will behave in the
same deterministic way.
Redundancy for such hosts should be taken care of
by the network devices and should be transparent
to the hosts.

46
Simple Host Routing (cont.)

If a host is simple-homed, it should have a
single default route.
it should not listen to any dynamic routing
information.
If a host is multi-homed, it should not route
packets from other sites.
It should only accept packets that are addressed
to it.
It should have a static routing table and not
listen to any dynamic routing information.
Simple host routing makes debugging network
problems easier and more predictable.
There is also a performance problem with
requiring hosts to perform routing.

47
18.1.9 Use Network Devices

The building blocks of any modern networks should
be dedicated network devices, such as routers and
switches, rather than general-purpose hosts that
have been configured to do routing.
They should be designed to perform only tasks
directly related to pushing packets, managing the
traffic and the device itself.
They should not be all-purpose devices that are
configured to handle just network traffic, and
they should most definitely not be devices that
are also trying to perform other tasks or to
perform additional services.

48
Networking Devices
49
18.1.10 Overlay Networks

An overlay network is a logical topology that
rides on top of a physical topology.
Examples include VLAN (virtual LAN), Frame Relay,
ATM, etc.
This lets us design simple physical architectures
that can support whatever complexity we require
in the logical overlay, yet maintain simplicity
on the physical layer.

50
Overlay Networks (cont.)

One the WAN level, this could mean that all sites
have a single connection to the ATM or
Frame-Relay cloud.
The Frame-Relay or ATM switches are then
configured to provide virtual connections
(circuits) between them.
Another WAN example is the use of encrypted
tunnels (virtual private network, VPNs) across
the Internet.
On the LAN level, an overlay network usually
means
creating a simple, flat physical topology and
using IEEE 802.1q VLAN protocols to overlay
subnetworks that are needed by the customers.

51
Virtual Private Networks (VPNs)
52
VPN Scenario Multiple Internet Access Methods
Headquarter
53
Benefits of VPNs
54
VLANs
VLANs logically segment switched networks based
on an organization's functions, project teams, or
applications as opposed to a physical or
geographical basis.
55
18.1.11 Number of vendors

Using equipment from many vendors can add
unnecessary complexity.
The more vendors whose equipment is on the
network, the more interoperability problems you
are likely to experience.
In addition, there is extra overhead for the
network administrative staff in learning the
configurations and quirks of the diverse
equipment and in tracking software upgrades and
bugs.
Minimize the number of the vendors makes the
network more reliable and easier to maintain.

56
Number of vendors (cont.)

However, exclusive use of a single vendor has its
own problems.
A single vendor cannot possibly make the best
product in every area.
Exclusive use of a vendor also leaves your
protocol interoperability untested, which can
lead to a surprise the first time a new vendor is
introduced.
Somewhere between the extremes is a reasonable
balance.
Some sites find choosing a single vendor for each
protocol layer (e.g., layer1/2/3/7, etc) or each
tier of the network works well.

57
18.1.12 Standards-based Protocols

An organizations network should be built using
standards-based protocols.
Vendor-proprietary protocols lock you into a
single vendor by making it difficult to integrate
equipment from competing vendors.
Being locked into a particular vendor makes it
difficult to negotiate for better prices and
prevent you from adopting another companys
products to take advantage of their improvements.
It also leaves you vulnerable to that vendors
business problems.

58
18.1.13 Monitoring

You dont know how your network is performing or
how reliable it is until you monitor it.
There are two primary types of network
monitoring.
One is real-time availability monitoring (e.g.,
MRTG of routers/switches) and alerting.
The other is gathering data to do trend analysis
to predict future demand or for usage-based
billing purpose.

59
18.1.14 Single Administrative Domain

A single administrative domain
having a single, closely tied network
administrative team with a single management
structure.
A network should be a single organism that moves
traffic around in a coherent, coordinated
fashion.
It should be governed by a single set of policies
and practices that are implemented consistently
across the entire network.
Properly designing networks, maintaining them,
and debugging problems across multiple
organizations are always difficult.

60
Single Administrative Domain (cont.)

There are security issues associated with not
having a single administrative domain.
When different groups have control over different
parts of the network, they probably will also
have different policies with respect to
connecting other networks to their piece of
network and the security that should surround
those connections.
This results in an unknown level of security for
the network because it is a single entity and
only as secure as the weakest link.

61
Single Administrative Domain (cont.)

Having a single administrative domain does not
exclude the possibility of having regional or
divisional network teams that
all report to the same management structure
and all are governed by the same set of policies
and practices.
The network will still act as a single organism
if multiple teams work closely together in a
coordinated fashion.

62
18.2.1 Leading-Edge vs. Reliability

Typically, the most important quality people seek
in their networks is reliability.
Older products that have gone through many
firmware and hardware revisions tend to be more
reliable.
The bugs have been shaken out.
On the other hand, new features and faster
connectivity are often only available in new
products, which may not be field tested.

63
Leading-Edge vs. Reliability (cont.)

There are different ways to manage this risk.
You might perform your own certification of new
products in a lab before they are put into
product situations and then only slowly deploy
them to establish confidence before beginning a
major installation.
You might have separate customer groups that
differ in the amount of risk they are willing to
accept.

64
Leading-Edge vs. Reliability (cont.)

Some may be willing to accept slightly lower
reliability in exchange for having access to
newer features.
Even then, such equipment should be tested in the
lab first. People who want cutting edge
performance still want reliability.
Sometimes, the customer groups that are willing
to take the risks are in a different SA teams
domain of control.
They may have customer groups with business
requirements that mean they must use some of the
new technologies when they become available.
Let them suffer through the teething problems, if
you can, and take advantage of your chance to let
others work out the bugs for you.

65
Leading-Edge vs. Reliability (cont.)

If you use leading-edge gear, make sure that each
person who is going to be affected by its early
problems knows that he is likely to suffer
outages because the technology is so new.
If you do not do that in advance, your customer
will be unhappy and the reputation of your
network as a whole will be adversely affected.
If a high-level manager approves the risk, make
sure the end-users and their direct managers are
aware of this decision,
so that outages are not blamed on you.

66
18.2.2 Multiple Administrative Domains

For political, practical, or security reasons, it
is sometimes impossible to have a single
administrative domain.
If different organizations manage different parts
of the network and are not governed by the same
set of policies or managed by the same management
chain, the network needs a different model.
The various pieces of the network should have
explicit borders between them, making use of
border routing protocols (e.g., BGP) and security
mechanism (e.g., firewalls) to provide routing
stability and known levels of security in each of
the administrative domains, independent of the
others.

67
Multiple Administrative Domains (cont.)

If you have multiple administrative domains, you
should do it the right way.
The choices and actions of one network
administrative team should be completely
independent of what the other teams are doing and
unable to affect the operations or reliability of
other networks.

68
Discussion

Cutting edge
Windows Vista ???
KMS authentication
Routers vs. firewall
All-in-one servers (e.g., DNS, mail, web, etc.)
Wireless LAN
802.11n vs. 802.11 abg
Thin client
Features Mesh ID, controller
Backbone (wired, wireless)

69
?????????BetaSite??????

(??,????????????)

70
?????????
??10G??
?????
?????
?????
71
????????

????????????,??????? router
? 1G ?? TANet ??????
? 2G ?? TWAREN ?? POP
? 10G ?? HCIX ? 12 ? 1G ? ISP ??
? 1.6G/2.5G ?? TWgate ???
? 10G ????3G/10G,??1.25G/10G,??1.5G/10G,??1.25G/10
G,??1.25G/10G,??1.25G/10G,??????1G/1G,TWIX625M/1G,
TPIX625M/1G ,????620M/1G,????500M/1G,????300M/1G,?
???200M/1G,????120M/1G ???????

72
????????

?????????????? 96 ??? (single-mode)???????(???????
?)?
???????????????????????????????,???????? router?

73
??????????

??????? 68 Gbits/sec
lt 128 Bytes/packet ? 91
??????, 90 ?? TCP?UDP unknown (e.g., P2P ??),10
?? well known (e.g., Mail, DNS, HTTP, etc.)?
70 ??? ISP ??,20 ?????????,10 ??? ISP ???
Top 200 ??? 40?
Top 200 ????????,?????????
NO.1 ????? 1,NO.200 ??? 0.1 ?????

74
????????????