This very brief network design primer is primarily aimed at a security-savvy reader who hasn't had much exposure to network design. This section certainly does not replace the need to read a good book on network design, but it is necessary to define the terms used.
Core, Distribution, Access/Edge
Most of the network design seen today follows a model of core, distribution, and access. Figure 12-1 shows a basic model of this design when applied to a campus network. The access layer is where most end hosts connect to the network. Typically, it is the wiring closets in a building or on a floor. The access layer has historically been Layer 2 (L2), meaning no routing occurs on the first device to which a PC connects. Over time, more Layer 3 (L3) and higher decisions can be made at the access layer. For example, a VLAN access control list (VACL) can make decisions on frames at L3 even though no routing is configured on the device.
Figure 12-1. Core, Distribution, and Access Campus Design
NOTE
When the term campus network or campus LAN is used in this book, it refers to the internal network for an organization contained within a single physical location. Although this certainly includes university networks, the term campus should not be interpreted to mean only networks at academic facilities.
If the network is fairly large, these access layer devices connect back to one or more distribution layers. These distribution layers are typically the first point of L3 access for user PCs. In modern network design, these devices are L3 switches; in the past, they were routers. A large network can have several sets of distribution layer switches. These devices might aggregate server farm traffic, user traffic, and edge traffic, such as WAN and Internet connections.
For these devices to communicate with one another, they transit the core layer, which consists of a very high speed L2 or, more commonly, L3 infrastructure.
Figure 12-1 simplifies a large enterprise campus design so you can see the representative elements. Notably absent is any form of high availability (HA). Typically, if you are deploying a network of this size, you want HA in key areas. Depending on what is deemed essential, this can include redundancy at any of the layers, though most common is distribution and core HA. Figure 12-2 shows a redundant design with just Site A's path to the core shown.
Figure 12-2. HA Campus Design (Site A Detail)
You can apply the ideas of core, distribution, and access to WANs or VPNs. Figure 12-3 shows a large-scale global WAN.
Figure 12-3. Global WAN
In this case, the core routers have some redundancy to each other and to their distribution layer peers. Redundancy could be added from the access layer devices to the distribution layer by adding more routers or even multiple access layer routers for device redundancy in each location.
From the WAN's perspective, each site is at the access layer. From each site's perspective, which might each have a design similar to Figure 12-1, the WAN is at the access layer.
Core, distribution, and access models really become beneficial when used in large networks. If you look at the previous few figures and think, "My network doesn't look anything like this," don't worry. Lots of networks collapse two or more layers because they have no need to keep them separate. What drives the core, distribution, and access model of network design is primarily scalability. This design scales up to the largest networks in the world. It also scales to the smallest by integrating the layers into a smaller number of devices. In addition, in some cases you can use the three-layer core, distribution, and access design for some parts of your network (for your users, for example), but components such as your server farms connect directly to the distribution layer as opposed to going through an access layer. In fact, this is the case in Figure 12-1. Because the number of server farms is small, there is no need to build a separate access layer.
In smaller networks, the most common integration point is the distribution and core layers. Figure 12-4 shows a midsize network design with a single L3 switch acting as the distribution and core layer for the campus design. These designs are called collapsed designs because you are collapsing the functionality of more than one layer.
Figure 12-4. Collapsed Campus Design
In Figure 12-4, you can see there is still a distinct access layer for user connections and edge connectivity, but in the case of the data center devices, the core switch is acting as an access layer for them as well. This design is very common in midsize networks.
In even smaller networks (Figure 12-5), all three layers can be collapsed into a single device (sometimes even an L2 switch rather than an L3). Here, only the edge connectivity is separated as an additional layer.
Figure 12-5. Small Campus Design
Management
In any of these designs, determining where the management traffic will come from is a key aspect of the design. The decisions made around management impact how tight your hardening can be on each device. For example, if your management devices are placed haphazardly throughout the network, you must allow your entire IP range to manage a device because you won't be sure where the management devices will come from. If instead you are able to define a dedicated management subnet at the distribution layer, the production devices can be better hardened to allow only management traffic from that subnet. Figure 12-6 shows the basic elements of this design overlaid on the design from Figure 12-1. Chapter 16, "Secure Network Management and Network Security Management," goes into detail on management design and considerations.
Figure 12-6. Dedicated Management Subnet
Part I. Network Security Foundations
Network Security Axioms
Security Policy and Operations Life Cycle
Secure Networking Threats
Network Security Technologies
Part II. Designing Secure Networks
Device Hardening
General Design Considerations
Network Security Platform Options and Best Deployment Practices
Common Application Design Considerations
Identity Design Considerations
IPsec VPN Design Considerations
Supporting-Technology Design Considerations
Designing Your Security System
Part III. Secure Network Designs
Edge Security Design
Campus Security Design
Teleworker Security Design
Part IV. Network Management, Case Studies, and Conclusions
Secure Network Management and Network Security Management
Case Studies
Conclusions
References
Appendix A. Glossary of Terms
Appendix B. Answers to Applied Knowledge Questions
Appendix C. Sample Security Policies
INFOSEC Acceptable Use Policy
Password Policy
Guidelines on Antivirus Process
Index