NDT Routing

Design Workshop
IP Routing Service 1
Existing Solutions
• LAN Design #1
• Internet Edge Design #1
• Firewall Design #1
• WAN Design #1
• VPN Design #1
Network Design Diagram
Design Notes for LAN
General Design Notes: Services/Solutions
• Data Center Facilities • General Best Practices

• Reliability: Hardware, Power, Connections • Security Best Practices
• Network Management: NMS, Diagrams, • Routing
Docs • Virtual LAN (VLAN)
• Naming Std: <cmp>-<dev-id>-<rm>-<loc>-<st/co> • Trunking (802.1Q)
• VLAN Std: Data, Voice, Server, Mgmt, Other • Spanning Tree Protocol (STP)
• IP Address Std: 10.X.Y.H • Reliability: UDLD, LG, NSF, SSO
• Subnets: Users (4), Guests (4), Mgmt • Security: BPDU, DAI, SG, Trunk Sec, DHCP Snooping
• NM: SNMP, Log, NTP, VTY ACL, HW
• Multicast
• IPv6
• Power over Ethernet (PoE)
Design Notes for Internet Edge

• Network Management: NMS, Diagrams, • Routing, BGP
Docs • FHRP, Multicast, IPv6
• Naming Std: <cmp>-<dev-id>-<rm>-<loc>-<st/co> • Solutions: Firewall
• VLAN Std: Data, Voice, Server, Mgmt, Other • NM: SNMP, Log, NTP, VTY ACL, Netflow
• IP Address Std: 10.X.Y.H
• Subnets: Users (4), Guests (4), Mgmt,
Public, Transit (IE_LAN)
Design Notes for Firewall
General Design Notes: Services/Solutions/Features

• Network Management: NMS, Diagrams, • IP Routing
Docs • NAT
• Naming Std: <cmp>-<dev-id>-<rm>-<loc>-<st/co> • Feature: SSL/TLS Decryption
• VLAN Std: Data, Voice, Server, Mgmt, Other • Feature: NGFW Security Features
• IP Address Std: 10.X.Y.H • Solution: VPN & Remote Access, DMZ
• Subnets: Users (4), Guests (4), Mgmt • NM: SNMP, NTP, Netflow, Syslog
• Policies: Access, RFC1918/2827, SMTP, Whitelist/Blacklist
• FW Traffic Considerations: H.323, SIP
Design Notes for WAN

• Network Management: NMS, Diagrams, • IP Routing
Docs • NM: SNMP, Log, NTP, VTY ACL, Netflow
• Naming Std: <cmp>-<dev-id>-<rm>-<loc>-<st/co> • Solution: VPN & Remote Access
• VLAN Std: Data, Voice, Server, Mgmt, Other • Multicast, IPv6, QoS, ACL
Public, Transit (IE_LAN, WAN_LAN), WAN
Design Notes for Routing
Routing Notes Services/Configuration
• -- • --
Routing, IP
4 – Services
IP Routing Service
Step 1: Gather all subnets that will be used
• LAN/Campus
• WAN
• Data Center
• Internet Edge
• Voice (Unified Communications)
• Wireless
• DMZ & Extranet
• User Subnets (x4)
• Guest Subnets (x4)
• Management Subnet
• Public Subnet(s)
• Transit Subnet (Internet Edge_LAN)
• Transit Subnet (WAN_LAN)
• WAN Subnet(s)
• Server Subnet
Step 2: Where will each subnet be routed?
• Router
• Layer 3 Switch
• Firewall
• None
• Public subnet(s) (routed on Edge routers) • --

• Public subnet(s) (routed on ERs, FWs) • --


• WAN subnets (routed on WAN routers)

• User subnets (routed on L3 Core switch)
• Guest subnets (routed on L3 Core switch)
• Server subnets (routed on L3 Core switch)
• Transit subnets (routed on L3 Core switch)
• MGMT subnet (routed on L3 Core switch)
Step 3: Routing Protocols
• Public subnet(s) (routed on ERs, FWs) • OSPF

• Routing Protocol (Internal): OSPF
Internet Edge Design
Design Notes for Internet Edge

• Network Management: NMS, Diagrams, • Routing, BGP
Docs • FHRP, Multicast, IPv6
• Naming Std: <cmp>-<dev-id>-<rm>-<loc>-<st/co> • Solutions: Firewall
• VLAN Std: Data, Voice, Server, Mgmt, Other • NM: SNMP, Log, NTP, VTY ACL, Netflow
Public, Transit (IE_LAN)

• WAN subnets (routed on WAN routers) • BGP
• Routing Protocol (External): BGP
Step 4: Default Gateway
• Routing Types:
• Static routes
• IGP routing (OSPF, EIGRP)
• EGP routing (BGP)
• Default Gateway Root:

• Core switch
• Edge router
• Firewall appliance

• Default Gateway via IGP (OSPF)
• Default Gateway Root via Edge router
Step 5: Route Filtering
• Using Access Control Lists
• Using a Firewall
• Virtualization (VLAN, VRF)
• None
• Isolated
• Using a Firewall
• Using Virtualization (VLAN, VRF)
• Using ACLs
• User Subnets
• Guest Subnets
• Server Subnet
• None
• Management Subnet
• WAN Subnet
• Transit Subnet (Internet Edge_LAN)
• Transit Subnet (WAN_LAN)
• Using Firewall
• Public Subnet(s)

• ACL: User, Guest, Server subnets
• FW: Public subnets
Step 6: Additional routing related services
• Cisco Express Forwarding (CEF) ; recommended
• Policy Based Routing (PBR)


• User subnets (routed on L3 Core switch) • IP CEF
Step 7: Security Services for IP Routing
• NULL (Black Hole) Routing
• Subnets Routed: • OSPF

• Public subnet(s) (routed on ERs, FWs)
• BGP
• User subnets (routed on L3 Core switch) • IP CEF
• Protocols:
• Default Gateway:
• Route/Subnet Security:
• Considerations:
• NULL (Black Hole) Routing, PBR
Routing Service 1
Completed

NDT Routing

Загружено:

Сведения о документе

Авторское право

Доступные форматы

Поделиться этим документом

Поделиться или встроить документ

Параметры публикации

Этот документ был вам полезен?

Это неприемлемый материал?

Авторское право:

Доступные форматы

NDT Routing

Загружено:

Авторское право:

Доступные форматы

Design Workshop

• Data Center Facilities • General Best Practices

• Data Center Facilities • General Best Practices

• Data Center Facilities • General Best Practices

• Data Center Facilities • General Best Practices

• Public subnet(s) (routed on Edge routers) • --

• Public subnet(s) (routed on ERs, FWs) • --

• Public subnet(s) (routed on ERs, FWs) • --

• Public subnet(s) (routed on ERs, FWs) • --

• Public subnet(s) (routed on ERs, FWs) • OSPF

• Data Center Facilities • General Best Practices

• Public subnet(s) (routed on ERs, FWs) • OSPF

• Default Gateway Root:

• Public subnet(s) (routed on ERs, FWs) • OSPF

• Public subnet(s) (routed on ERs, FWs) • OSPF

• Policy Based Routing (PBR)

• Public subnet(s) (routed on ERs, FWs) • OSPF

• Subnets Routed: • OSPF

Вам также может понравиться