6 - network design

8/3/2019 6 - Network Design

1/27

Politecnico di Torino

Progetto di Reti Locali

Homework 6: Network Design

Fulvio Risso

March 9, 2011


2/27

Contents

I. Introduction 3

1. Methodology 4

II. Exercises 6

2. HSRP 72.1. Exercise n. 1 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 72.2. Exercise n. 2 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 82.3. Exercise n. 3 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 92.4. Exercise n. 4 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 102.5. Exercise n. 5 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11

3. Network Design 12

3.1. Exercise n. 6 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 123.2. Exercise n. 7 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 133.3. Exercise n. 8 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 14

3.4. Exercise n. 9 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 153.5. Exercise n. 10 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 163.6. Exercise n. 11 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 17

III. Solutions 18

4. HSRP 19

4.1. Solution for exercise n. 1 . . . . . . . . . . . . . . . . . . . . . . . . . . . . 194.2. Solution for exercise n. 4 . . . . . . . . . . . . . . . . . . . . . . . . . . . . 20

5. Network Design 21

5.1. Solution for exercise n. 6 . . . . . . . . . . . . . . . . . . . . . . . . . . . . 215.2. Solution for exercise n. 7 . . . . . . . . . . . . . . . . . . . . . . . . . . . . 245.3. Solution for exercise n. 11 . . . . . . . . . . . . . . . . . . . . . . . . . . . 25

2


3/27

Part I.

Introduction

3


4/27

1. Methodology

In this set of exercise we focus first on HSRP/VRRP analysis, and then on network designand analysis when L2/L3 switches are present. The first kind of exercises are definitelysimple and require only the application of the general rules of the associated protocolsspecifications. Therefore, in this methodology section we concentrate on the problemsthat may arise when facing with L2-L3 network design, which includes the application ofthe the most important technologies that can be found in a modern corporate network.

Most of the exercises related to the network design require to predict the path of a setof packets, given a specific network topology (in terms of switches and routers, physical

links, interfaces configured at L2 or L3, VLANs).The solution usually requires the following main steps:

1. If multilayers are present in the network, take each one of them, plot its L2 andL3 components as discrete objects, then mark each interface as part of the L2 orL3 domain.

2. Determine the outcome of the Spanning Tree (i.e., which L2 ports are active andare then able to forward frames), for each VLAN present in the topology. Bewarethat a network may have multiple instances of the Spanning Tree.

3. If HSRP/VRRP is configured in the network, determine which is the active router

(for each IP network present in the topology).

4. Analyze the packet flow generated by the application (e.g., PING), associatingeach packet with the proper source and destination addresses at both L2 and L3,and to the proper VLAN-ID.

5. Given that points (3) and (4) have been completed, we can now determine thepath of each frame on the network topology. For this, we can exploit the sourceand destination MAC addresses contained in the frame in order to determine thesource and destination stations on the network, and analyze the actual path ofthis frame according to the STP topology derived before. Please remember thatin an L2 network the path between two stations is unique (the STP does not allow

multiple paths between stations) and that we have to select the right STP instancerelated to that frame in case multiple instances are present.

4


5/27

5


6/27

Part II.

Exercises

6


7/27

2. HSRP

2.1. Exercise n. 1

Referring to the network topology depicted below, configure the proper HSRP param-eters on routers R1 and R2 in order to guarantee redundancy when connecting to theInternet, with R1 acting as primary router. Configure also the proper value for thedefault gateway on the hosts.

7


8/27

2.2. Exercise n. 2

Referring to the network topology depicted below, configure the proper HSRP parame-ters on routers R1 and R2 in order to guarantee redundancy and load balancing when

connecting to the Internet. Configure also the proper value for the default gateway onthe hosts.

8


9/27

2.3. Exercise n. 3

Referring to the network topology depicted below, determine the path of a packet sentby host H1 toward the Internet in case the routers have the configuration shown in the

figure and the link from R1 to the Internet has a fault.

9


10/27

2.4. Exercise n. 4

Referring to the network topology depicted below that includes hosts belonging to twoVLANs:

configure the proper HSRP parameters on routers R1 and R2 in order to guaranteeredundancy and load balancing in connecting to the Internet;

for all the interfaces of the switches and host/routers, list whether they are con-figured in access/trunk mode and associate the proper VLAN to them.

Let us suppose that R1 and R2 do not generate any routing traffic (e.g. OSPF) withinthe LAN.

Finally, do not include in the solution the interfaces connected to the Internet.

10


11/27

2.5. Exercise n. 5

Referring to the network topology depicted below, a server S is configured in a fault-tolerant mode using HSRP. Both interfaces are part of the same HSRP group in order

to achieve protection against a fault of the links between the server itself and one of thetwo switches.Vice versa, hosts into the network are equipped with a fault-tolerant NIC (without

HSRP) that features two different interfaces connected to the two available switches.The fault-tolerant NIC will select automatically one of the link as active, and the otherwill be put in stand-by.

Supposing that the link (S SW-1) is active, while the link (S SW-2) has afault, will the HSRP work properly in this configuration?

In general, is it correct to deploy HSRP in such a network?

11


12/27

3. Network Design

3.1. Exercise n. 6


Determine the STP topology (all switches have default parameters);

Configure the proper HSRP parameters on routers R1 and R2 in order to guaranteeredundancy and load balancing when connecting to the Internet;

For all the interfaces of the switches and host/routers, list whether they are con-figured in access/trunk mode and associate the proper VLAN to them;

Determine the links crossed by HSRP packets exchanged between R1 and R2.

Please note that R1 and R2 are expected to exchange routing traffic (e.g. OSPF) amongthem in order to calculate the routing topology.

Finally, do not include interfaces connected to the Internet in the solution.

12


13/27

3.2. Exercise n. 7

Referring to the network configuration depicted below, write a possible configuration(using a Cisco-like syntax) of the interfaces of the multilayer switch, focusing on the

L2-L3 interfaces configuration commands.

13


14/27

3.3. Exercise n. 8


Determine the path of an IP packet directed from host H1 to H2 and write themost important parameters (e.g. MAC source /destination, IP source/destination)of that packet;

Repeat the same for an IP packet directed from host H2 to host H1.

Assume that all the ports of the multilayer switch are configured in L2 mode.

14


15/27

3.4. Exercise n. 9


determine the STP topology;

configure the proper interfaces (e.g. IP addresses) and HSRP parameters on multi-layer switches ML-1 and ML-2 in order to guarantee redundancy and load balancingin connecting to the Internet;

associate all the interfaces of switches and hosts to the proper VLAN and indicateweather they are in access /trunk mode;

Determine the path of the HSRP packets exchanged by ML-1 and ML-2;

Determine how many HSRP packets do you expect on the link between ML-1 and

SW-1.

Please note that ML-1 and ML-2 are expected to generate routing traffic (e.g. OSPF)among them in order to exchange the routing topology.

Do not include in the solution the interfaces connected to the Internet.

Repeat the exercise in case the direct link between ML-1 and ML-2 fails.

Finally, discuss whether the direct link between ML-1 and ML-2 work better if con-figured in L2 more or in L3 mode.

15


16/27

3.5. Exercise n. 10

Given the network topology depicted below that includes hosts belonging to threeVLANs:

1. Determine the path of an IP packet from host H1 to host H3;

2. Determine the path of the same packet when a fault occurs on the direct linkbetween ML-1 and ML-2;

3. Suggest three possible modifications of the network (either at the physical or atthe configuration level) in order to optimize the L3 paths;

4. Indicate the number of VLANs that we expect to configure over that network;

5. List the possible IP addresses configured on the two multilayer switches ML-1 andML-2.

All the interfaces of the multilayer switches are configured in L2 mode, except the in-terface that connects to the WAN. Finally, let us suppose the use of the standard STPprotocol (not the per-VLAN STP).

16


17/27

3.6. Exercise n. 11

Given the network topology depicted below that includes hosts belonging to two VLANs,propose a configuration that:

enables optimized load balancing on the external links toward the Internet;

optimizes the paths for the exiting traffic, so that packets directed to the WANalways crosses only a single multilayer switch.

Let us suppose that all the interfaces of the multilayer switches are configured in L2mode, except the interface that connects to the WAN and that we use the Per-VLANSTP protocol.Finally, show also the final outcome of the Spanning Tree Protocol and the path of anIP packet from host H1 to host H2.

17


18/27

Part III.

Solutions

18


19/27

4. HSRP

4.1. Solution for exercise n. 1

Although HSRP can be configured to provide also load balancing in addition to redun-dancy, the exercise focuses only on the first objective. Therefore a single HSRP groupis required and the solution is shown in the network topology below.

Since the IP address of router R1 is smaller than the IP address of router R2, thepriority value has to be configured in order to force the election of that router as active.

The default gateway for each host is shown on the network topology below.

19


20/27


The network includes two VLANs, hence we can achieve load balancing by forwardingVLAN1 traffic through R1 and VLAN2 traffic through R2; hence load balancing does

not rely on HSRP.HSRP will provide only gateway redundancy and will have to be configured per-VLAN.Since routers must participate in all VLANs (i.e. they must be able to receive all the

VLAN packets on their interfaces), their NICs must be configured in trunk mode. VirtualVLAN interfaces must be created and associated to VLANs; these virtual interfaces willbe configured at the IP level.

All hosts have access ports; the switch has access ports toward clients and trunk portstoward the routers. The resulting configuration is depicted in the picture below.

20


21/27

5. Network Design


Question 1

The STP topology is extremely simple, since we do not have loops in the L2 network(in fact, the direct link between R1 and R2 is a pure L3 link and hence it belongs toa different broadcast domain of the switches). Therefore, the STP topology on the L2network overlaps with the physical topology.

Questions 2 and 3

The configuration of the VLAN ports and the HSRP on the routers can be the following:

Router R1

---------

Interface Fe0

Trunk port, VLAN 1-2

Virtual Interface VLAN 1

IP: 130.192.16.252/24

HSRP Group 1

Virtual IP: 130.192.16.254Priority 105


IP: 130.192.17.252/24

HSRP Group 2

Virtual IP: 130.192.17.254

Interface Fe1

Access port, no VLANs

IP: 130.192.18.1/24

OSPF: active

Router R2---------

Interface Fe0

Trunk port, VLAN 1-2


IP: 130.192.16.253/24

21


22/27

HSRP Group 1

Virtual IP: 130.192.16.254


IP: 130.192.17.253/24

HSRP Group 2Virtual IP: 130.192.17.254

Interface Fe1

Access port, no VLANs

IP: 130.192.18.2/24

OSPF: active

Routers have their Fe1 interface configured in pure L3 mode, hence the interface isnot associated to any VLAN (it operates in access mode) and it has an IP address activeon it.

Hosts are VLAN-unaware (no VLANs are configured on their ports); the configuration

of the VLANs on the switches is the following:

Switch SW-1

Interface Mode VLAN-ID

Fe0 Access 1

Fe1 Trunk 1,2

Fe2 Trunk 1,2

Switch SW-2

Interface Mode VLAN-ID

Fe0 Access 2

Fe1 Trunk 1,2

Fe2 Trunk 1,2

Question 4

With respect to the path followed by HSRP packets, we have to note that these packetsare generated on the VLAN interfaces of the routers, which are linked to the upperinterface (Fe0). Therefore HSRP packets will exit from interface Fe0 of router R1, will

go through switch SW-1, SW-2 and then will reach interface Fe0 of R2, where they willbe redirected to the proper VLAN interface. HSRP packets from R2 to R1 will followthe opposite path.

It is worthy noticing that the direct link between R1 and R2 will not transport anyHSRP packet. Instead, it can be used to transport routing traffic. In case of absence ofthis link, the routing traffic would have to be transported anyway and a possible config-

22


23/27

uration involves a new VLAN (e.g. VLAN 3) that will be dedicated to such this traffic.While such a new VLAN for routing traffic is not mandatory (routing messages can alsoexchanged through VLAN 1 or VLAN 2), it is a good practice to have it in order notto have routing traffic received from network hosts, therefore avoiding possible attacks

coming from the clients present in the edge network.

23


24/27


Interfaces Fe0 and Fe1 are L2 interfaces (switched interfaces) and belong to the sameswitching domain of switches SW-1 and SW-2. Interfaces are in trunk mode and should

support all the VLANs present in the network.

Additionally, some virtual VLAN interfaces must be configured in order to implementthe default gateway functionalities on the switched network. Interface Fe2 is configuredin L3 mode (routed interface) and connects the network to the Internet.

The configuration can be the following1:

!

interface fe0

switchport mode trunk

switchport trunk allowed vlan 1,2!

interface fe1

switchport mode trunk

switchport trunk allowed vlan 1,2

!

interface vlan 1

ip address 10.1.1.253 255.255.255.0

!

interface vlan 2

ip address 10.1.2.253 255.255.255.0

!interface fe2

no switchport

ip address 20.2.2.2 255.255.255.252

!

1Please note that different Cisco devices may use a slightly different syntax. Therefore the commands

used must be considered as an indication of a possible configuration and may not work on all the

devices.

24


25/27


Since the network requires both redundancy and load balancing of the Internet access,the HSRP configuration requires two groups, one per VLAN, in which ML-1 is the active

router for the first group and ML-2 is active for the second.A possible solution is shown in the figure below:

In order to optimize the exit paths toward the WAN, we can use the PVST (Per-VLANSpanning Tree) protocol in order to concentrate on the same multilayer switch both theHSRP active and the root bridge functionalities. In this case, the exit traffic will reachthe HSRP active router, and from there it will go directly to the Internet.

This can be achieved by setting the Bridge Priority of ML-1 equal to 24576 and 28672(respectively for VLANs 1 and 2), which corresponds to a better priority for VLAN 1,and invert those values for ML-2 (which corresponds to a better priority for VLAN 2). Inaddition, HSRP groups must be configured accordingly (i.e., a better HSRP priority forML-1 on network 10.1.1.0/24, and a better priority for ML-2 on network 10.1.2.0/24).

This configuration leads to the two topologies (respectively for VLAN 1 and VLAN2) shown in the figures below2.

2Please note that in the most recent STP specifications the Bridge Priority is allowed only in multiple

of 4096, and that only the most significant 4 bits are actually used and inserted in the BPDU, while

the remaining 12 bits correspond to the VLAN-ID. In other words, a priority of 28672 for VLAN 1

will lead to the value 28673 in the BPDU generated for that VLAN, while the priority of 24576 for

VLAN 2 will lead to the value 24578 in the BPDU generated for that VLAN.

25


26/27

It is worthy noting that this configuration optimizes the exit paths toward the Internet,but it corresponds to a worsening of the internal paths (e.g., from H1 to H2). In fact,a packet from H1 to H2 will be generated in VLAN 1 and it will traverse the network

26


27/27

(according to the topology allowed for VLAN 1) till it reaches its default gateway (i.e.,ML-1, which is the HSRP active router for VLAN 1). From there, the packet will belongto VLAN 2 and then it will traverse the network according to the topology allowed forthat VLAN, till it reaches the final destination H2.

It is evident (as shown in the figure below) that internal paths require the traversalof both multilayer switches and therefore are not as much optimized.

27

6 - network design

Documents