Faculty of Engineering

Department of Electronics and Communications Engineering

Fall, 2024

COMPUTER NETWORKS

Lec. 10

Prof. Ahmed Salah EL-Din Mohamed Ali

 LAN Design

ITE 1 Chapter 6 © 2006 Cisco Systems, Inc. All rights reserved. Cisco Public 2
 Understanding LAN Design Principles

• Scalability

Modular Architecture: Breaking the LAN into modular

components, such as access, distribution, and core layers,
allows for incremental expansion and easy integration of new
devices and services.

Hierarchical Design: Adopting a hierarchical network

design, with distinct layers for access, distribution, and core
functions, facilitates scalability by providing clear boundaries
and minimizing network complexity.

ITE 1 Chapter 6 © 2006 Cisco Systems, Inc. All rights reserved. Cisco Public 3
 Hierarchical Network Design

ITE 1 Chapter 6 © 2006 Cisco Systems, Inc. All rights reserved. Cisco Public 4
 Hierarchical Network Design

Access Layer
The main purpose of the access layer is to provide a means of connecting devices
to the network and controlling which devices are allowed to communicate on the
network.

Distribution Layer
The distribution layer aggregates the data received from the access layer switches
before it is transmitted to the core layer for routing to its final destination. VLANs
allow you to segment the traffic on a switch into separate subnetworks.

Core Layer
The core layer of the hierarchical design is the high-speed backbone of the
internetwork. The core layer is critical for interconnectivity between distribution
layer devices, so it is important for the core to be highly available and redundant
and it must be capable of forwarding large amounts of data quickly.
ITE 1 Chapter 6 © 2006 Cisco Systems, Inc. All rights reserved. Cisco Public 5
 Benefits of a Hierarchical Network

ITE 1 Chapter 6 © 2006 Cisco Systems, Inc. All rights reserved. Cisco Public 6
 Understanding LAN Design Principles

Redundancy and Resilience: Implementing redundancy at

critical points in the network, such as redundant links,
devices, and power supplies, ensures high availability and
fault tolerance, even as the network grows.

ITE 1 Chapter 6 © 2006 Cisco Systems, Inc. All rights reserved. Cisco Public 7
 Network performance

Performance is a critical aspect of LAN design, ensuring that

network resources are efficiently utilized and user experience is
optimized. A well-designed LAN minimizes latency, maximizes
throughput, and provides consistent performance across different
applications and user groups.

ITE 1 Chapter 6 © 2006 Cisco Systems, Inc. All rights reserved. Cisco Public 8
 Performance Optimization
Strategies for optimizing LAN performance include:

Bandwidth Management: Implementing Quality of Service (QoS)

mechanisms to prioritize traffic and allocate bandwidth based on
application requirements, ensuring that mission-critical applications
receive the necessary resources.

Traffic Engineering: Optimizing routing paths, load balancing, and traffic

shaping techniques to distribute network traffic evenly and prevent
congestion, thereby improving overall network performance.

Resource Provisioning: Provisioning network resources, such as

switches, routers, and servers, based on anticipated demand and
workload requirements, ensures adequate capacity to support current and
future needs.

ITE 1 Chapter 6 © 2006 Cisco Systems, Inc. All rights reserved. Cisco Public 9
 Hierarchical Network Design

ITE 1 Chapter 6 © 2006 Cisco Systems, Inc. All rights reserved. Cisco Public 10
 Hierarchical Network Design

ITE 1 Chapter 6 © 2006 Cisco Systems, Inc. All rights reserved. Cisco Public 11
 Hierarchical Network Design

ITE 1 Chapter 6 © 2006 Cisco Systems, Inc. All rights reserved. Cisco Public 12
 Hierarchical Network Design

ITE 1 Chapter 6 © 2006 Cisco Systems, Inc. All rights reserved. Cisco Public 13
 Access layer switch features

ITE 1 Chapter 6 © 2006 Cisco Systems, Inc. All rights reserved. Cisco Public 14
 Distribution layer switch features

ITE 1 Chapter 6 © 2006 Cisco Systems, Inc. All rights reserved. Cisco Public 15
 Core layer switch features

ITE 1 Chapter 6 © 2006 Cisco Systems, Inc. All rights reserved. Cisco Public 16
 Security
Security is paramount in LAN design, protecting sensitive data, applications, and
resources from unauthorized access, data breaches, and cyber threats. A secure
LAN design incorporates robust security measures at multiple layers of the
network architecture to mitigate risks and ensure compliance with regulatory
requirements.

Security Best Practices: Best practices for securing

LANs include:

• Access Control

• Encryption

• Intrusion Detection and Prevention

ITE 1 Chapter 6 © 2006 Cisco Systems, Inc. All rights reserved. Cisco Public 17
 Reliability
Reliability is essential for ensuring uninterrupted access to network resources and
services, minimizing downtime, and maintaining business continuity. A reliable
LAN design incorporates redundancy, fault tolerance, and disaster recovery
measures to mitigate the impact of hardware failures, network outages, and
environmental disruptions.

Reliability Strategies: Strategies for improving LAN

reliability include:

• Redundant Infrastructure

• Fault Tolerance

• Disaster Recovery

ITE 1 Chapter 6 © 2006 Cisco Systems, Inc. All rights reserved. Cisco Public 18
 LAN Design Methodologies

Top-Down Design Approach

The top-down design approach begins with defining high-level requirements,

goals, and constraints for the LAN design, followed by the decomposition of
these requirements into smaller, more manageable components. This iterative
process involves defining the network hierarchy, identifying functional areas, and
selecting appropriate technologies and protocols to meet specific design
objectives.

Bottom-Up Design Approach

The bottom-up design approach begins with the analysis of existing network
infrastructure, identifying operational issues, performance bottlenecks, and
scalability limitations. This iterative process involves redesigning specific
network segments or components to address identified shortcomings while
preserving existing investments and meeting evolving business needs.

ITE 1 Chapter 6 © 2006 Cisco Systems, Inc. All rights reserved. Cisco Public 19
 LAN Design Methodologies
Top-Down Design Approach

Steps in Top-Down Design:

1. Requirements Gathering: Identify business requirements, user needs, and technical

constraints that will influence the LAN design.

2. Network Hierarchy: Define the network hierarchy, including access, distribution,

and core layers, to organize network resources and establish communication paths.

3. Functional Decomposition: Decompose high-level requirements into functional

components, such as VLANs, subnets, and security zones, to address specific design
objectives.

4. Technology Selection: Select appropriate technologies and protocols, such as

Ethernet, TCP/IP, and routing protocols, based on performance, scalability, and security
requirements.
ITE 1 Chapter 6 © 2006 Cisco Systems, Inc. All rights reserved. Cisco Public 20
 LAN Design Methodologies

Bottom-Up Design Approach

Steps in Bottom-Up Design:

1. Network Assessment: Assess the existing network infrastructure, including

hardware, software, and configurations, to identify areas for improvement and
optimization.
2. Performance Analysis: Analyze network performance metrics, such as bandwidth
utilization, latency, and packet loss, to identify performance bottlenecks and areas for
optimization.
3. Scalability Evaluation: Evaluate the scalability of the existing network design,
considering factors such as user growth, application demands, and future expansion
plans.
4. Redesign and Optimization: Redesign specific network segments or components to
address identified issues and improve performance, scalability, and security while
minimizing disruptions to ongoing operations.
ITE 1 Chapter 6 © 2006 Cisco Systems, Inc. All rights reserved. Cisco Public 21
 LAN Design Best Practices
1. Define Clear Design Goals.
2. Follow Industry Standards and Best Practices.
3. Modular and Hierarchical Design.
4. Redundancy and High Availability.
5. Security by Design.
6. Performance Optimization.
7. Scalability and Future-Proofing.
8. Documentation.
9. Network Convergence.
10. Virtualization and Cloud Integration.
11. Integration.
12. Software-Defined Networking (SDN).
13. Network Automation and Orchestration.
14. Zero Trust Network Architecture (ZTNA).
15. Redundancy and High Availability.
16. Quality of Service (QoS).
17. Remote Access and VPN Configuration.
18. Network Monitoring and Management Tools.
19. Disaster Recovery and Business Continuity Planning.
20. Wireless LAN Design Considerations.
21. Compliance and Regulatory Requirements.
ITE 1 Chapter 6 © 2006 Cisco Systems, Inc. All rights reserved. Cisco Public 22
 Example 1: Small Office LAN Design

Scenario:

You are tasked with designing a LAN for a small office with 30
employees. The office space consists of a single floor with
cubicles and meeting rooms. The LAN should support basic office
applications, file sharing, internet access, and VoIP
communication.

ITE 1 Chapter 6 © 2006 Cisco Systems, Inc. All rights reserved. Cisco Public 23
 Example 1: Small Office LAN Design
Design Considerations:
1. Topology: Choose a star topology for simplicity and ease of management. All devices
will be connected to a central Gigabit Ethernet switch located in a network closet.
2. Network Equipment: Select a Layer 2 managed Gigabit Ethernet switch with at least
48 ports to accommodate all devices. Choose a router with built-in firewall capabilities
for internet access and security.
3. Wireless Access Points: Install two dual-band wireless access points in strategic
locations to provide coverage throughout the office space. Configure separate SSIDs for
employee and guest networks.
4. IP Addressing: Use a private IP address range (e.g., 192.168.1.0/24) for internal
network devices. Configure DHCP to assign IP addresses dynamically.
5. Security: Implement basic security measures such as MAC address filtering, port
security, and VLANs to segregate traffic between different departments and ensure data
privacy.
6. VoIP Implementation: Deploy VoIP phones with Power over Ethernet (PoE) support.
Configure QoS to prioritize voice traffic over data traffic and minimize latency and
jitter.
7. Remote Access: Set up VPN access for remote employees to securely connect to the
office network from outside locations. Use IPsec VPN tunnels for secure
communication.
ITE 1 Chapter 6 © 2006 Cisco Systems, Inc. All rights reserved. Cisco Public 24
Gigabit Ethernet Configuration
Gigabit Ethernet – Physical
 10Gbps Ethernet
 growing interest in 10Gbps Ethernet
 for high-speed backbone use
 with future wider deployment
 alternative to ATM and other WAN technologies
 uniform technology for LAN, MAN, or WAN
 advantages of 10Gbps Ethernet
 no expensive, bandwidth-consuming conversion
between Ethernet packets and ATM cells
 IP and Ethernet together offers QoS and traffic
policing approach ATM
 have a variety of standard optical interfaces
10Gbps Ethernet
Configurations
10Gbps Ethernet Options
 Campus Architecture

SDN Applications
– Assured User Experience
IP Network
Manage- Policy Access • Consistent experience: wired and wireless
ment model mgmt
• Gigabit Wi-Fi and Smart Rate
Open Enhanced Platform
Core
Switching

– Optimized for Mobile Users and

Distribution
applications
SDN Switching • Automatic QoS
Controller
• End-to-end QoS across wired and wireless
through SDN
Access
Switching
Wireless – Unified Policy Enforcement
Controller
• Secure device mobility
Wireless • Single policy across wired and wireless
Access

– Enhanced security

30
 ISAC Center
Stack of
Access
switches

ToR
Switch
es

Dist 1 Dist 2
HPE FF 12900E

Distribution

Main Data
Building # 1
Center
Helwan HPE FF 12900E

Univ. LAN
Core
LAN Core 1 LAN Core 2
Stack of
Access
switches

Internet
Dist 1 Dist 2
Router

Distribution
Firewalls & Security
Appliances
Internet

Building # X
10G Uplinks

40G Links

31
 Hierarchical Network Model consideration

ITE 1 Chapter 6 © 2006 Cisco Systems, Inc. All rights reserved. Cisco Public 32
 Hierarchical Network Physical Layout

ITE 1 Chapter 6 © 2006 Cisco Systems, Inc. All rights reserved. Cisco Public 33
 Virtual LANs

Figure 11.12 shows a relatively common type of

hierarchical LAN configuration. In this example,
the devices on the LAN are organized into four
groups, each served by a LAN switch. The three
lower groups might correspond to different
departments, which are physically separated, and
the upper group could correspond to a centralized
server farm that is used by all the departments.
Inaho for takeout. Love to All Tricia

Internet

Z Server

Router
Ethernet
switch
Workstation

Printer

X
Y

Figure 11.12 A LAN Configuration

One simple approach to improving efficiency is to
physically partition the LAN into separate broadcast
domains, as shown in Figure 11.13. We now have four
separate LANs connected by a router. In this case, an IP
packet from X intended for Z is handled as follows. The IP
layer at X determines that the next hop to the destination is
via router V. This information is handed down to X’s MAC
layer, which prepares a MAC frame with a destination
MAC address of router V. When V receives the frame, it
strips off the MAC header, determines the destination, and
encapsulates the IP packet in a MAC frame with a
destination MAC address of Z.
This frame is then sent to the appropriate Ethernet switch
for delivery.
 Internet

Z Server

Router
Ethernet
switch
Workstation

Printer

X
Y

Figure 11.13 A Partitioned LAN

A more effective alternative is the creation of virtual
LANs (VLANs). In essence, a VLAN is a logical
subgroup within a LAN that is created by software rather
than by physically moving and separating devices. It
combines user stations and network devices into a single
broadcast domain regardless of the physical LAN
segment they are attached to and allows traffic to flow
more efficiently within populations of mutual interest.
The VLAN logic is implemented in LAN switches and
functions at the MAC layer. Because the objective is to
isolate traffic within the VLAN, in order to link from one
VLAN to another, a router is required. Routers can be
implemented as separate devices, so that traffic from one
VLAN to another is directed to a router, or the router
logic can be implemented as part of the LAN switch, as
shown in Figure 11.14.
 VLAN A
VLAN
Internet B
Server

VLAN Workstation
A
VLAN
D
Printer

Ethernet
W VLAN
VLAN switch with
VLAN and
A IP routing
E
capability

VLAN
A

VLAN
X B
Y
VLAN C

Figure 11.14 A VLAN Configuration

 Defining VLANs

A VLAN is a broadcast domain consisting of

a group of end stations not limited by
physical location and communicate as if they
were on a common LAN.
 VLAN Membership

 Some means is therefore needed for defining

VLAN membership. A number of different
approaches have been used for defining
membership, including the following:

 Port group

 MAC address

 Protocol information