of 51
All materials on our website are shared by users. If you have any questions about copyright issues, please report us to resolve them. We are always happy to assist you.

ISP and IXP Design INET 2000 NTW. IXP/IXP Workshops. 1999, Cisco Systems, Inc.



Publish on:

Views: 2 | Pages: 51

Extension: PDF | Download: 0

ISP and IXP Design INET 2000 NTW IXP/IXP Workshops 1999, Cisco Systems, Inc. 1 ISP Network Design PoP Topologies and Design Backbone Design Addressing Routing Protocols Security Out of Band Management
ISP and IXP Design INET 2000 NTW IXP/IXP Workshops 1999, Cisco Systems, Inc. 1 ISP Network Design PoP Topologies and Design Backbone Design Addressing Routing Protocols Security Out of Band Management 2 Point of Presence Topologies IXP/IXP 3 PoP Topologies Core routers - high speed trunk connections Distribution routers and Access routers - high port density Border routers - connections to other providers Service routers - hosting and servers Some functions might be handled by a single router 4 PoP Design Modular Design Aggregation Services separated according to connection speed customer service contention ratio security considerations 5 Modular PoP Design Other ISPs ISP Services (DNS, Mail, News, FTP, WWW) Web Cache Hosted Services Backbone link to another PoP Backbone link to another PoP Network Core Consumer DIAL Access Consumer Cable and xdsl Access Nx64 customer aggregation layer Channelised T1/E1 circuits Nx64 leased line circuit delivery Network Operations Centre NxT1/E1 customer aggregation layer Channelised T3/E3 circuits T1/E1 leased line circuit delivery 6 Modular Routing Protocol Design Modular IGP implementation IGP area per module aggregation/summarisation into the core Modular ibgp implementation BGP route reflector cluster per module core routers are route-reflectors clients peer with core only 7 Point of Presence Design IXP/IXP 8 PoP Modules Low Speed customer connections PSTN/ISDN dialup low bandwidth needs low revenue, large numbers Medium Speed customer connections 56/64K to sub-t1/e1 speeds low bandwidth needs medium revenue, medium numbers 9 PoP Modules High Speed customer connections E1++ speeds medium bandwidth needs high revenue, low numbers Broad Band customer connections xdsl and Cable high bandwidth needs low revenue, large numbers 10 PoP Modules PoP Core Two dedicated routers High Speed interconnect Backbone Links ONLY Do not touch them! Border Network dedicated border router to other ISPs the ISP s front door transparent web caching 11 PoP Modules ISP Services DNS (cache, secondary) News, Mail (POP3, Relay) WWW (server, proxy, cache) Hosted Services Virtual Web, WWW (server, proxy, cache) Information/Content Services Electronic Commerce 12 PoP Modules Network Operations Centre primary and backup locations network monitoring statistics and log gathering direct but secure access Out of Band Management Network The ISP Network Safety Belt 13 Low Speed Access Module Web Cache Primary Rate T1/E1 AS5300 Access Network Gateway Routers PSTN lines to modem bank PSTN lines to built-in modems AS /3600 To Core Routers TACACS+ or Radius proxy 14 Medium Speed Access Module Channelised T1/E1 3640/7206/ K and nx64k circuits To Core Routers Mixture of channelised T1/E1, 56/64K and nx64k circuits 15 High Speed Access Module Channelised T3/E3 7206/7507 T1 and E1 circuits To Core Routers Mixture of channelised T3/E3 and T1/E1 circuits 16 Broad Band Access Module Web Cache Telephone Network 61xx IP, ATM 6400 Access Network Gateway Routers ubr7246 To Core Routers The cable system SSG, DHCP, TACACS+ or Radius Servers/Proxies 17 ISP Services Module To core routers Service Network Gateway Routers WWW cache DNS secondary POP3 Mail Relay NEWS DNS cache 18 Hosted Services Module To core routers Hosted Network Gateway Routers Customer 1 Customer 3 Customer 5 Customer 7 Customer 2 Customer 4 Customer 6 19 Border Module To local IXP - NB - no default route + local AS routing table only ISP1 ISP2 Network Border Routers To core routers 20 NOC Module To core routers Critical Services Module Out of Band Management Network Hosted Network Gateway Routers Firewall Corporate LAN 2620/32async NetFlow Analyser TACACS+ server SYSLOG server Primary DNS Billing, Database and Accounting Systems Network Operations Centre Staff 21 Out of Band Network Out of Band Management Network Router consoles 2620/32async To the NOC NetFlow enabled NetFlow routers Collector Out of Band Ethernet 22 Backbone Network Design IXP/IXP 23 Backbone Design Routed Backbone Switched Backbone Leased point-to-point circuits nx64k, T1/E1, T3/E3, OC3, OC12,... ATM/Frame Relay service from telco T3, OC3, OC12, delivery easily upgradeable bandwidth (CIR) 24 Distributed Network Design PoP design standardised operational scalability and simplicity ISP essential services distributed around backbone NOC and backup NOC Redundant backbone links 25 Distributed Network Design ISP Services Customer connections Backup Operations Centre POP Two Customer connections Customer connections ISP Services POP Three POP One ISP Services External connections Operations Centre External connections 26 Backbone Links ATM/Frame Relay now less popular due to overhead, extra equipment, and shared with other customers of the telco Leased Line more popular with backbone providers IP over Optics and MPLS coming into the mainstream 27 Long Distance Backbone Links Tend to cost more Plan for the future (at least two years ahead) but stay in budget Unplanned emergency upgrades can be disruptive without redundancy Allow sufficient capacity on alternative paths for failure situations sufficient can be 20% to 50% 28 Long Distance Links POP Two Long distance link POP Three POP One Alternative/Backup Path 29 Metropolitan Area Backbone Links Tend to be cheaper Circuit concentration Choose from multiple suppliers Think big More redundancy Less impact of upgrades Less impact of failures 30 Metropolitan Area Backbone Links - Example POP Two Metropolitan Links POP Three POP One Metropolitan Links Traditional Point to Point Links 31 Routing Protocols IXP/IXP 32 Routing Protocols IGP - Interior Gateway Protocol carries infrastructure addresses, point-topoint links examples are OSPF, ISIS, EIGRP... EGP - Exterior Gateway Protocol carries customer prefixes and Internet routes current EGP is BGP version 4 No link between IGP and EGP 33 Why Do We Need an IGP? ISP backbone scaling Hierarchy Modular infrastructure construction Limiting scope of failure Healing of infrastructure faults using dynamic routing with fast convergence 34 Why Do We Need an EGP? Scaling to large network Hierarchy Limit scope of failure Policy Control reachability to prefixes Merge separate organizations Connect multiple IGPs 35 Interior versus Exterior Routing Protocols Interior automatic neighbour discovery generally trust your IGP routers prefixes go to all IGP routers binds routers in one AS together Exterior specifically configured peers connecting with outside networks set administrative boundaries binds AS s together 36 Interior versus Exterior Routing Protocols Interior Carries ISP infrastructure addresses only ISPs aim to keep the IGP small for efficiency and scalability Exterior Carries customer prefixes Carries Internet prefixes EGPs are independent of ISP network topology 37 Hierarchy of Routing Protocols Other ISPs BGP4 BGP4 and OSPF/ISIS FDDI BGP4 Local IXP Static/BGP4 Customers 38 Security IXP/IXP 39 Security ISP Infrastructure security ISP Network security Security is not optional! ISPs need to: protect themselves help protect their customers from the Internet protect the Internet from their customers 40 ISP Infrastructure Security router security usernames, passwords, vty filters, TACACS+ server security usernames, passwords, TCP wrappers, filters premises security locks, secure access, environment control staff responsibility RFC2196 (Site Security Handbook) 41 ISP Network Security Denial of Service Attacks eg: smurfing Effective filtering network borders customer connections network operation centre ISP internal network 42 Ingress & Egress Route Filtering Your customers should not be sending any IP packets out to the Internet with a source address other then the address you have allocated to them! 43 Out of Band Management and Test Laboratory IXP/IXP 44 Other Design Considerations Out of Band Management how to get to equipment when the network is down Test Laboratory how to test new services and features how to debug network problems 45 Out of Band Management Not optional! Allows access to network equipment in times of failure Ensures quality of service to customers minimises downtime minimises repair time eases diagnostics and debugging 46 Out of Band Management OoB Example - Access server: modem attached to allow NOC dial in console ports of all network equipment connected to serial ports LAN and/or WAN link connects to network core, or via separate management link to NOC Full remote control access under all circumstances 47 Out of Band Management OoB Example - Statistics gathering: Routers are NetFlow and syslog enabled Management data is congestion/failure sensitive Ensures management data integrity in case of failure Full remote information under all circumstances 48 Test Laboratory Looks like a typical PoP Used to trial new services or new software under realistic conditions Allows discovery of potential problems before they are introduced to the network Every major ISP in the US and Europe has a test lab 49 Test Laboratory Some ISPs dedicate equipment to the lab Other ISPs purchase ahead so that today s lab equipment becomes tomorrow s PoP equipment Other ISPs use lab equipment for hot spares in the event of hardware failure 50 ISP Design Summary KEEP IT SIMPLE! Simple is elegant is scalable Use Redundancy, Security, and Technology to make life easier for yourself Above all, ensure quality of service for your customers 51
Similar documents
View more...
Search Related
We Need Your Support
Thank you for visiting our website and your interest in our free products and services. We are nonprofit website to share and download documents. To the running of this website, we need your help to support us.

Thanks to everyone for your continued support.

No, Thanks