IP Network Design Principles

The basic principles of good network design apply to all IGPs including IS-IS. The classic design methodology of layering the network into three main components ( core , distribution, and access) needs to be applied as much as possible. The following sections discuss these three components.

Core

The core is the network backbone and its primary function is to switch packets as fast as possible. As the core is the heart of the network, it must be redundant, reliable, and have full reachability to every destination in the network.

Because packet switching in the core must be fast, filtering and policy implementations in this part of the network must be limited and, if possible, avoided because, in general, these features slow down the rate of packet processing and adversely impact performance of the core routers. Backbone routers need full routing information so that they can optimally forward packets to any other device in the network without relying on a default-route.

Distribution

The distribution layer is normally the aggregation point of traffic upstream from the edge to the core or downstream traffic in the opposite direction. It can also control and isolate instabilities on the edge from the core.

The distribution routers are the points at which route summarization should take place. This reduces the size of the routing tables and also aids in preventing instabilities on the edge or access layer from disrupting the core. The smaller the number of routes that a backbone router has to deal with, the faster it can make switching decisions, which in turn helps reduce switching latency in the core.

Packet filtering and policy implementation can also be performed at the distribution layer or further out at the access layer as discussed in the next section. By using packet filtering, you can protect the core from uninteresting or unwanted traffic.

Policy routing can be used to forward traffic based on other criteria, such as packet type or source address, instead of the usual destination address.

Access

The access layer is normally the point at which customers connect to the service provider network. Access routers provide the interconnection between customer premise equipment (CPE) and the distribution layer (see Figure 7-1).

Because the access layer is the connection to the exterior of the service provider network, appropriate security measures must be enforced to prevent unauthorized access and any security holes that might be used to launch denial of service attacks of any form. Therefore, filtering and security policies must be applied to access devices to ensure that all devices within the network are protected from external attacks and also customer devices are protected from attacks originating from within the network or its other peripheries.

You can apply a number of basic common access filters to protect from spoofing, broadcast, and directed broadcast sources. RFC 2827, "Network Ingress Filtering: Defeating Denial of Service Attacks which employ IP Source Address Spoofing," provides guidance for implementing such security filters.

This section briefly discussed the importance of a layered methodology as the basic underlying principle for designing scalable networks. The three-layered approach is recommended as the basis for architecting networks that can grow to a significantly large number of nodes. For completeness, however, the following two design issues also need to be considered : A hierarchical routing topology and a well-laid-out IP addressing scheme.

Hierarchical Topology and Routing

Hierarchy is ultimately the key to successfully scale a network. If you design a network with hierarchy in mind from the start, the network can be extended in size with only trivial adjustments. If you leave hierarchy out, the network will likely encounter problems as it grows and ultimately will compromise performance and reliability.

Why must you always design with hierarchy in mind? The main reason is that, ultimately, a flat network does not scale. For example, in the case of IS-IS, as the network grows, increasing the number of nodes increases the number of LSPs flooded, which in turn increases the complexity and time taken for the SPF computation.

The more nodes within the network, the more links there are, the more LSPs that are flooded, the more information that SPF has to deal with, the more CPU cycles required for route computation, and so on. The most expensive part of the route computation (SPF) is over the intra-area topologytherefore, it makes sense to segment the network into smaller manageable sections or areas. If this is done, there will be fewer nodes and links in each area, and fewer LSPs will be flooded. Consequently, the SPF process will have less information to deal with during route computation, saving valuable CPU cycles for other critical functions of the router.

Another sound reason for using a hierarchical design with areas is to hide instabilities within a problematic region from the rest of the network. IS-IS currently supports two levels of hierarchy. By adopting a hierarchical design, you can use summarization to reduce the amount of information transferred between areas and also at redistribution points.

Layering the network into core, distribution, and access gives you more control and, therefore, makes the network more manageable. This approach is beneficial in IS-IS network design scenarios.

A small and simple IS-IS network can be initially deployed as a flat network. However, you need to determine up-front when it might be necessary to migrate to a hierarchical topology. It is difficult to say exactly how many nodes justify moving to a hierarchical model. Certainly, this depends on many factors and requires keeping the final goal in mind when making such a call. The following factors need to be considered when designing an IS-IS network to scale into the future:

• How many nodes are there currently?

• How many nodes are expected in the future?

• How is the network split in terms of geography?

• What media technology is used to interconnect the nodes? What are the link speeds and how stable are they?

Other factors that need to be considered are interdomain reachability and default route origination and propagation. Each of these factors influences the network design. Obviously, some have a stronger influence than others.

You might start with a simple network of 10 nodes, for example. With only 10 nodes, do you have an immediate need for hierarchy? Perhaps not. Suppose, however, that 1 or 2 of these nodes are in a region that experiences constant flapping, which is uncontrollable because of operating conditions; one approach to contain the problem is to introduce hierarchy into the network. Having the flapping links in one area constrains the instabilities to only the affected region.

As shown in Figure 7-2, when a link goes down, a new router LSP is generated and flooded. The LSP is then flooded further through the network so that all routers become aware of the event and make adjustments as necessary.

By moving to a hierarchical topology with multiple areas, you can contain the flooding of LSPs within the area. Where possible, you can also configure the routers for only a single level of routing (Level 1-only or Level 2-only instead of Level 1-2). This saves on memory and CPU processing because route calculations will be performed on only one Link-State database instead of two. By default, a Cisco router behaves as Level 1 and Level 2 (that is, Level 1-2). Additional configuration is required to reduce it to a single level capability.

The most logical place to start when designing an IS-IS network is the backbone. As previously discussed, IS-IS currently supports two levels of hierarchy: the backbone, where Level 2 routing is performed, and the areas where Level 1 routing occurs. (see Figure 7-3). Therefore, it makes sense to start with a contiguous Level 2 backbone. This way, as the network grows, you can add in the Level 1 areas and migrate to a full hierarchical model for scaling purposes, if necessary.

In the past, Internet service providers avoided building hierarchical IS-IS domains because the stubby areas specified in ISO 10589 and ported into RFC 1195 did not provide the necessary intelligence for Level 1-only routers to determine the best exit point from the area. In this framework, Level 1 routers follow a default route to the closest Level 1-2 router. Level 2 routers flag connectivity to the backbone to Level 1 routers by setting the attached bit in their Level 1 LSP, which is flooded throughout the area. Even though the selected default router might be the closest in the area, it might not be the best exit out of the area when the overall cost to the destination is considered. This possibility of suboptimal path selection was the main reason why most service providers built flat IS-IS topologies. Figure 7-4 shows that to send traffic from RTA to RTB, you need to traverse a number of linksthe closest exit point for RTA is through the link with a metric of 40. This leads to the nearest Level 1-2 in the direction of the final destination. However, the total path cost of 150 is worse when compared to the alternate path, which has a better total path cost of 120, even though the cost of 50 to the Level 1-2 router on that path is worse .

Because interarea routes are not available to Level 1-only routers, they are unaware of the end-to-end metric information associated with such routes. Therefore, this model does not facilitate BGP shortest path selection, making it generally unsuitable for use in ISP networks. Building a flat network provides a workaround. Additionally, you might also argue that building a flat network is much less complex than building a hierarchical one. After all, in ISP networks, the IGP is primarily used for determination of the BGP next-hop and local routes, so why make the topology more complex than it needs to be?

A recent enhancement in Cisco IOS Software, known as Interarea Route Leaking, removes the suboptimal routing limitation in IS-IS Level 1 routing. When enabled, this feature allows a Level 1-2 router to inject IP prefix information from the Level 2 database into the Level 1 database of its local area through its Level 1 LSP, thereby "leaking" interarea routes into Level 1.

When designing IS-IS networks, always remember that the backbone must be contiguous. In other words, a Level 1-only router should never be inserted between any two Level 2 routers (Level 2-only or Level 1-2).

In general, the design of the network topology needs to start from the core. As discussed previously, the core aligns with the IS-IS Level 2 backbone when considering a hierarchical topology. Proper layout of the core provides more flexibility for future growth. If the initial size of the network is not large, the backbone can be deployed as a flat topology without multiple areas. In this case, the backone is configured as Level 2-only. As the nextwork grows, it might get to a point where hierarchy must be introduced to scale further. This means deploying Level 1 areas in addition to the existing Level 2 backbone to accommodate growth. Depending on the design and growth objectives of the network, the Level 1 areas can be added in a manner that reflects the hierarchy of physical topology. A key design consideration at this juncture is the demarcation of the Leve1 1 areas from the backbone.

As noted previously, the core routers ideally should not perform any functions that place additional load on the CPU because the primary function of the core is to switch IP packets as fast as possible. Within an IS-IS network, however, you can summarize IP subnets from Level 1 areas into the Level 2 backbone, and also when leaking routes, from Level 2 into Level 1. One of the goals of good network design is to reduce the amount of routing information that is transferred to and from the core. Therefore, it might be beneficial to configure the core routers as Level 1-2 and then push the Level 1-only routing out to the distribution layer. However, this design also has some drawbacks. Many access routers might be attached to the distribution routers, which can result in too many routers in a single area. In such cases, network instabilities might be unmanageable, imposing limitations on scaling and future growth potential. A possible solution is to make the core routers pure Level 2; then configure the distribution routers as Level 1-2, and finally the access routers as Level 1-only. As the distribution routers take over the dual Level 1-2 function, suboptimal routing is eliminated by using Route Leaking. Finally, with the access routers being Level 1-only, any instabilities are not passed back up into the core.

As obvious from the preceding discussion, tradeoffs must be made in the design process. The perfect network is not always realizable. A successful IS-IS networks is one that is stable and scalable and converges reasonably fast when there are changes.

A definitive maximum number of routers that can be supported within a single IS-IS area is hard to determine. Currently (at the time of writing), there are some reasonably large- sized networks with close to a 1000 routers in a single area, operating successfully without any significant issues. However, 1000 nodes per area is not an absolute number. The number of nodes that can be crammed into a single area depends mainly on the design of the physical topology, stability of the links, the number of IP subnets, and the memory and CPU capacities of the routers. What works for one network might not necessarily work for another network; and therefore, each design must be evaluated individually on its own merits.

Figure 7-5 shows how you can combine hierarchy and area routing over the core, distribution, and access layers. Only Level 2 LSPs are flooded between the core and distribution layers . The access layer devices in the same area as the distribution routers receive and exchange only Level 1 LSPs with the distribution routers. Designing the network this way protects the core layer from instabilities within the access layer.

IP Addressing Layout

One of the main factors that determines how well an IGP scales is the addressing layout planned into the network architecture. This applies to any routing protocol regardless of whether it is link-state or distance vector, intradomain or interdomain. If an incorrect addressing scheme is used in the design and deployed in the earlier phases of the implementation, there might be challenges in the future to scale further. This section briefly examines and highlights some of the issues that should be considered when designing an IP addressing layout for use with IS-IS.

Perhaps Integrated IS-IS lends itself a little more toward a less-stringent IP addressing structure than other link-state IGPs, especially in single area deployments. This is because it can handle a large number of nodes in an area. This is particularly advantageous for existing IP networks that have poor, discontiguous addressing layouts, which are difficult or nearly impossible to summarize. However, this is not a good reason for not following good design practices and principles when laying out an IP addressing structure for use with IS-IS.

Improper addressing assignment can significantly impede successful operation of a network. Poor IP addressing makes a good level of summarization difficult to achieve. Networks that run without decent levels of summarization are prone to stability problems because they cannot take advantage of summarization to help contain instabilities and route flaps, as well as reduce the load on routers. Without summarization, the number of routes propagated throughout the network could be larger. This, in turn, requires more processing and places more demands on the CPU during network churns.

IP address assignment is often seen as a laborious task by most network operators, being a mundane administrative chore. It is, therefore, often implemented without due care and consideration of the pitfalls that poor planning brings . After IP addresses have been allocated and assigned, it is often difficult to change and reassign them. If reassignment is possible, downtime is involved; therefore, service is interrupted . Of course, the changes are implemented during a maintenance window.

When designing an IP addressing structure, also ensure that the chosen address range of any subnet is large enough to allow for additional growth. It would be a great waste of effort to meticulously plan the address assignment scheme, only to later run out of addresses on some segments. Always keep summarization in mind when designing the IP addressing scheme because it will help control the number of routes that populate the IP routing table.

You learned that summarization is important when designing an IP addressing schemebut you might be wondering what summarization actually does. In simple terms, summarization enables more detailed topology information to be hidden and sets a boundary limit for containing any network changes. This reduces the number of routers that are affected by any such changes.

By reducing the number of routers affected by a change, you effectively reduce the number of routers that are involved in convergence calculations that shield the network from a potential meltdown. Now that you have seen the huge benefits to be gained from using a well-planned IP addressing scheme (with good summary capability), it is time to consider which parts of the network to apply summarization to. The most logical places to configure summarization are on routers at the distribution layer between the core and access layers (when dealing with the classical three-layer hierarchical model). This ensures that you allow full topology information to be leaked only where required.

Summarize from the access layer toward the core, by having the distribution routers summarize each block of access layer prefixes into shorter prefixes that are advertised into the core. At the distribution router, you can summarize the four advertisements coming from the access routers into a single prefix (refer to Figure 7-6). The four access prefixes are hidden from the core router, protecting the core router from any instabilities that might arise on the access routers.

You can also summarize at the distribution layer from the core downstream toward the access layer. Typically, access devices that attach to a distribution layer (or directly to the core) require only a default route. In other scenarios, such as dual homing, it may be necessary to take appropriate measures to avoid any potential for suboptimal path selection. In Figure 7-7, you can see that practically all core prefixes are summarized into one advertisementthe default route. This is shown as a prefix of all 0s0.0.0.0/0.

The primary objective of IP route summarization is to limit the size of the routing table, which assists in scaling the network in a stable manner. Designing an IP addressing scheme to be used with Integrated IS-IS is no different from designing for any other IGP. In summary, to achieve the objective of a successful, scalable network, apply the design practices and principles elaborated here. and plan carefully for future growth.