The Top-Down Approach
Network Architecture and Design:
The Top-Down Approach
Network architecture and design are many times two separate stages in a network implementation project. McCabe (2007) identifies network architecture as a higher level concept of a network. He says that it focuses on more general relationships between the major components of a network. For example, "addressing and routing, network management, performance, and security." (p. 211). The design stage of the project normally starts after the higher level architectural plan has been approved. This is where the real detailed work starts and the nuts and bolts start to come together.
In designing your network, consideration must be given first to the business needs. Cisco calls this a Top-Down approach. Oppenheimer (2010) states "Good network design must recognize that a customer’s requirements embody many business and technical goals, including requirements for availability, scalability, affordability, security, and manageability." (p. 4). With this goal in mind and identified, the network architect and the project manager can work together to design the network. The rest of this paper will focus on describing the network design components that must be addressed when creating a data communications network. These are the topologies, protocols, devices, connectivity and security components.
Applying the Top-Down approach to network design implies using the Open Systems Interconnection (OSI) model as a reference. Used globally as a model to design networks and network devices, the model has seven layers. Closest to the user of a networked device such as a computer is the top layer, Application. This is followed by the Presentation and the Session layers. Typically these three layers function at the user's device within the network aware software and operating system. Software and hardware such as used with a network interface card set up a session between communicating/networked devices while at the presentation layer, networking software works to present data in a usable format to the user. Presentation services include encryption/decryption and conversion to ASCII. At the highest layer, the model is the closest to the end user of the data network. This is where content that has traversed the network is delivered to applications such as a web browser. It is at these layers that much of the customer's business needs are addressed: types of end user network devices (e.g. PC, Mac, Smartphone), applications (web browser, database clients, email clients etc.) and servers (web, database, email, etc.).
The bottom four layers of the OSI reference model are really the foundation to a network architect and designer. It is through the Transport, Network, Data Link and Physical layers that the core of the network is designed and built. Once the Architecture planning has been done, the network design and build, although iterative, tends to start with the Physical layer.
Network Topology
The first step in network design is the layout and the topology. Planning for the layout of a data network used in an office or other enterprise starts with the Local Area Network (LAN). A LAN is the interconnection of networking devices local to the enterprise. Usually a LAN is specific to a building, or even to one department. Internetworking devices such as switches or routers can facilitate communication between multiple LANs. Primarily focused on the cabling and how the cables interconnect network devices, network topology of the LAN can follow one of four types. A bus topology uses a common cable primarily coaxial of the type 10Base2 or 10Base5. This topology has been largely superseded by other topologies. However, it may still be used in manufacturing environments where shielded cables are required. A ring topology has computers connected in a physical ring or a logical ring. A mesh topology has computers setup to be directly connected to all other computers. Finally and by far the most common topology is the star. Most LANs today are based on the use of a hub or more commonly, a switch using 1000Base-T (gigabit Ethernet) and/or wireless Ethernet, more commonly referred to as Wi-Fi.
The type of cabling used depends on the topology. In the most common, star topology unshielded twisted pair (UTP) cable is used. For gigabit Ethernet this is cabling is referred to as Cat5e, or Cat6 by American National Standards Institute (ANSI) who have set performance standards for network cabling. Cabling falls under the physical layer of the OSI reference model which addresses the physical medium (eg. UTP) and connectors (eg. RJ-45). The next layer is the Data Link Layer, which controls how data frames travel between networked devices. The most common data link protocol is Ethernet, which has been standardized by the Institute of Electrical and Electronics Engineers (IEEE) in IEEE 802.3. The wireless version of Ethernet used in Wi-Fi is standardized in the IEEE 802.11 standards.
In an Ethernet Star Topology, computers are not connected directly to each other. Rather they are connected to network connectivity devices called hubs and switches. Hubs operate at the physical layer and therefore do not offer much more than physical connection. Switches operate at the physical, data link and sometimes the network layer. As such they offer more features and services to a LAN. Indeed a switch can split up a LAN into multiple LANs call Virtual LANs, or vLANs. A major difference between a hub and a switch is that every port on a hub shares the total bandwidth available. On a 100Base-T network, that would be 100 mb. A switch provides the full bandwidth to each computer connected. For example 1 gb to each connected computer on a 1000Bast-T topology. Therefore, a switch is required whenever a network design calls for multiple LANs to be interconnected. As this is a common requirement for networks, switches play a fundamental role in providing separate departmental LANs in the same building.
Network and Transport Protocols
Although there are several protocols which are possible to use in a LAN, the most common protocol in use is (Transmission Control Protocol/Internet Protocol (TCP/IP). TCP is a transport protocol which provides reliable connection oriented data transport. At the Network layer, IP provides the addressing and routing between different networks. Although TCP/IP originated as a routed protocol, meaning it was designed to deliver data from one network to another, it is the default protocol used in all operating systems whether they be Unix, Microsoft, Novell or Apple flavors. Therefore, in most networks designed today the data will be transported and the packets will be networked using TCP/IP. Routers, layer 3 switches and Bridges all work on the Network layer of the OSI model. So, unless one is designing a small network with computers and printers connected through hubs and basic switches, a routable protocol is required. Essentially, the network layer by providing routing can send packets from a networked device on one LAN to one on another LAN. As mentioned previously, LANs can be separated but still be interconnected using layer 3 switches. This design approach has advantages in most networks, as it allows functional separation of LANs as well as physical. This allows network elements such as servers and printers to be shared across LANs, but it segments traffic to where it is used most. This helps reduce load on a LAN, but also provides some level of security. For example, an accounting department does not need to use the same servers and printers that the engineering department uses. Therefore having a separate vLAN for each department will isolate the network traffic. Additionally, a vLAN in this example would allow the accounting server to be available only to the accounting department and the expensive large format printer to only be available to the engineering department.
Network Connectivity
We have already discussed hubs and switches in a network design. These are critical to connecting devices in a LAN and between vLANs. The next step in network design is allowing for connectivity between distant LANs, to the Internet and from remotely located devices. Connecting networks that are physically separated (eg. different buildings or different cities) is dependent on routing. Routers are referred to as intelligent network devices. Like a computer or a server they run their own operating system and require complex configurations. Their primary purpose is to route traffic, hence their name. Every IP network in the world is configured with at least one unique IP address and every router in the world theoretically knows how to get data sent from one of these networks to another. This is only theoretical, as most routers are also used as security devices set to purposely block traffic flowing between networks. When an organization requires interconnection of physically separated networks, the connectivity between them is known as a Wide Area Network (WAN). WAN technologies include Frame Relay, SDSL, ADSL, local carriers etc. In almost all network design scenarios these WAN technologies will be provided by a third party, usually a telecoms company.
When routers are used to interconnect different networks on an enterprise's internetwork, they are typically under the control of that organization. Another connectivity commonly required in the design of a network is Internet connectivity. Most networks in the world today are connected to the Internet. For all but the largest enterprise networks the only Internet connectivity device owned by the institution is the customer premise equipment. For most that would be a broadband router. In most small businesses and even medium enterprises, that router will be provided with one or two routable IP addresses. These will most likely have been supplied by the Internet Service Provider (ISP) used by the institution.
A third connectivity issue that commonly needs to be addressed in a network design is that of remote communications. These days, it is unlikely that anyone would be using dialup modems anymore. Today, remote connectivity is achieved by using the Internet. Most commonly a person requiring remote access to a LAN would be connecting through a Virtual Private Network (VPN). This person would likely be a home worker with a broadband Internet connection. A secure VPN connection is a virtual circuit between a network device such as a computer and a corresponding network device in a LAN.
Security
A good network design must take into account Security at all levels. Perhaps the lowest technical level is physical security. Network devices must be secured in offices and within buildings. Servers, switches and routers should be locked in climate controlled server rooms or wiring closets. Not only does physical security protect the equipment from theft or damage, it protects your network from unauthorized access. One of the easiest ways to gain access is through plugging a network device into a switch or hub. Data security must focus primarily in the network design on encryption. One of the potentially most unsecure points of entry into a network is through Wi-Fi connectivity. Technologies exist such as Wi-Fi Protected Access (WPA), which will encrypt data on a wireless network.
Whether on a computer, Smartphone, server, switch, or router the operating system of the device offers the best security to protect data and access in a network design. All of these system offer password protection. Any network design should include the use and appropriate configuration and settings for password protection.
References
McCabe, James D. (2007). Network Analysis, Architecture, and Design. (3rd ed.). Burlington, MA: Morgan Kaufmann Publishers.
Oppenheimer, Priscilla. (2010). Top-Down Network Design. (3rd ed.). Indianapolis, IN: Cisco Press.
