Scalability Flexibility and Modularity in Network Design

Scalability

Ability to perform changes without changing the entire architecture / design.

There are 2 scalability approaches for the network designs.

1. Scale Up
2. Scale Out

Scale Up

Increase the existing system resources without adding a new system.

Scale Out

Having one physical router which can add multiple line cards later on is an example for Scale Up type of scalable solution while having 2 physical routers is considered as the Scale Out solution.

image ref: medium.com

Flexibility

Ability to adapt to business changes.

Modularity

Ability to divide by functions or policy boundaries.
There are 3 modularity approaches which provides flexility to a design.

1. Choosing the physical topology

Some topologies such as hierarchical or leaf and spine are easier to work with adding modules than fully meshed etc.

2. Splitting Functions or Geographies

Separating campus, branches, data center, internet edge etc or security policy boundaries make the design easier to upgrade, manage etc.

3. Break into smaller pieces

Creating smaller fault domains so that a failure on a part of the network doesn’t impact whole system. Not extending the spanning tree domain between data centers is an example.

Modular design allows different modules to be managed by different teams. Network Team, Firewall team, Data center team etc in Enterprise Networks or Core network and Access network in Service Provider networks are examples.

Also modular designs can reduce the configuration overhead, template based configuration in SD WAN is an example.

Packet Delivery Parameters and Reliability in Network Design

There are 3 packet delivery parameters.

1. Delay / Latency

Time which a legitimate packet takes to travel from source to destination. 

2. Jitter

Consistency of delay / latency

3. Packet Loss / Drop Ratio

Fraction of packets sent by the source but not received by the destination.

General accepted best practices for the Delay, Jitter and Packet Loss ratio has been defined per type of applications. For example, one way Delay for VoIP (mouth to ear delay) should be less than 150ms, Jitter should be less than 30ms and PLR should be below 1%.

Reliability

Delivering the legitimate packets from source to destination within a reasonable delay / latency which is defined based on the application type and architecture.

Reliability is often mentioned in choosing links. As an example, if you have to utilize a mix of reliable and unreliable links, best practice is to carry VoIP traffic over the reliable links which don’t have packet loss and latency, and use the cheaper unreliable links such as internet to transport packet loss tolerant application traffic.

But reliability should be considered for everything in the path, including links, devices such as switches, routers, firewalls, application delivery controllers, servers, storage systems etc. Even the hardware onboards should be reliable too. That’s why vendors bother with ASICs, Quantum Flow processors etc in their marketing propagandas.

L2 Security Recommendations from Cisco SAFE Blueprint

According to Cisco SAFE blueprint following points should be considered to maintain a secure L2 infrastructure.

01. Disable dynamic protocols like CDP, DTP on user / access ports.
02. Enable BPDU Guard & Root Guard to prevent STP attacks.
03. Use Dynamic ARP Inspection or Private VLANs to prevent frame sniffing.
04. Enable port security to at least limit the number of allowed MAC addresses.
05. Use DHCP Snooping & IP Source Guard to prevent DHCP DoS and MITM attacks.
06. Disable VTP or if using, configure VTP authentication globally on each switch.
07. Disable unused switch ports and place them in an unused VLAN.
08. Avoid using VLAN 1.
09. Do not use the native VLAN on trunks.
10. Configure Storm Control commands.

Reference: Cisco SAFE Blueprint

Maintaining a Healthy Network Infrastructure

Here are some key points to consider when maintaining/designing/upgrading a network infrastructure..

01. All Ethernet segments should be switched (no Hubs)
02. All Ethernet segments utilization should be below 40%
03. Collisions should be less than 0.1% over 5 minute intervals for Ethernet segments
04. Multicast or Broadcast traffic should be less than 20% for any segment
05. Number of output queue drops should not exceed 100 in an hour
06. Number of input queue drops should not exceed 50 in an hour
07. Number of buffer misses should not exceed 25 in an hour
08. Number of ignored packets should not exceed 10 in an hour
09. Cyclic Redundancy Check (CRC) should be less than 1 per million bytes of data for any segment
10. WAN link utilization should be below 70%
11. WAN response time should be less than 100 ms
12. CPU utilization for any device should be below 75%
13. One-way Delay for voice traffic should be less than 150 ms
14. One-way Delay for video traffic should be within 200 ms - 400 ms
15. Jitter for voice traffic should be less than 30 ms
16. Jitter for video traffic should be within 30 ms - 50 ms
17. Loss for both voice and video traffic should be less than 1%