Category: Design Principles

IS-IS Design Principles

IS-IS History

  • Created for the OSI Protocol Suite
  • Integrated IS-IS: the mutation.
  • IS-IS dictionary:
    • IS = Intermediate System  (Routers)
    • ES = End System
    • TLV = Type Length Value
    • NSAP = Network Service Access Point
      • (OSI protocols equivilent of the TCP/IP’s IP Address)
  • IS-IS features:
    • Link State Routing Protocol  (Same as OSPF)
    • NSAP address assigned per router
    • Dijkstra SPF powered (Same as OSPF)
      • PRC efficient
    • Hellos Establisch neighbors at Layer 2 ( source MAC, Multicast Mac )
    • Two routing levels ( Level 1 and Level 2 )
    • Area Based Design ( Routers know their area )
    • default link cost = 10

IS-IS High level Design

  • Two routing databases
    • Level1 and Level2
      • Level 1 routers find closest Level2 Exit.
    • Area defined by
    • 49.0001  ( Area 1 )
      • 49 private adressing , 0001 is area 1
  • Three router types

IS-IS Neighbors and Area Design


Wireless Design Principles




  • Wireless Signal Mesured in dBm ( Power referenced against one Milliwatt )
  • Range is roughly -30dBm to -90dBm
    • -30dBm = Max Achievable ( not desired ).
    • -67dBm = Mininum for real-time Apps.
    • -80dBm = Minimum for communication.
  • Noise is always a challenge
  • Signal to Noise Ratio ( SNR ) = ( SignalNoise ) = Value
    • Mininum SNR of 25 is needed for real-time apps.


Multicast and Multicast Routing

Unicast vs Multicast

  • Routed via PIM ( Protocol Independent Multicast ).
  • Always UDP-Based ( Video, Audiostreams, some kinds of data ).
  • Typical network challenges ( QoS, Security, Bandwidth consumption).
  • Began as a ‘speciality’ technology, becoming heavily adopted in modern times.

Multicast Addresses

  • Multicast group members receive all data center to a group.
  • Multicast IPv4 Range: [ ]
    • Filtering tip:
      • Last 23 bits of IP mapped to MAC
        • Can lead to overlapping addresses


VPN Design

Remote Access VPN design

  • For a VPN you need a termination device (vpn concentrator / Firewall), a client and the connecting technology for tunneling.
  • Cisco Easy VPN.
  • Client options
    • IPSEC VPN client
    • SSLVPN Clientless Access
    • SSLVPN Thin client
    • SSLVPN Thick client

Placement of the VPN Termination Device:


E-Commerce Implementation

Core layer

  • Cisco 6509.
  • Static routing used to ISP ( or basic BGP ).
  • FWSM or ACE module used as initial filter.
  • Static route down to VIP of aggregation layer FHRP.

Aggregation Layer

  • Cisco 6506 ( MSFC ).
  • Traffic received from core routed to CSM
  • CSM load balances to VLANs at the access layer
  • Simple Design allows inter-vlan routering ( web, app, db )
    • Inter-vlan routing without a FWSM can lead to access from the VLANs.

Access Layer

  • Cisco 6509
  • Servers typically devided into web, app, and database VLANS.
  • Server gateways set to CSM, FWSM, or VIP of the FHRP on L3.
  • Firewall restrictions between layers common.


A design that must stay up

  • Public face of an organization
  • The place where downtime is incredibily harmful
  • The place where budgets are approved\

Ultra Redundant, Ultra secure Firewall Design

  • Only Method through layers is via servers
  • Option of using different firewall vendors at different layers
  • Supports virtual firewall using FWSM (Firewall Services Module) or ACE (Application controle engine) module


Wan Services (Sonet, Metro, VPLS, MPLS)


Sonet ( Synchronous Optical Networking)

  • American National Standards Institute (ANSI)
  • Used in US / Canada
  • Synchronous transport signals (STS) used for speed

Synchronous Digital Hierarchy

  • International Telecommunications union (ITU)
  • Used everywhere expect US / Canada
  • Synchronoous transport Modules (STM) used for speed)


Routing Design Principles (EIGRP, OSPF, BGP)

EIGRP design principles

  • EIGRP works for arbitrary topologies for small to medium networks.
  • A flat EIGRP network doesn’t really scale beyond 400 routers and will lead to performance issuse
    • How to solve this?
      • Stub areas, summerization, route filtering limits the query scope
  • If EIGRP doesn’t have a feasible successor it will query all it’s neighbours.
    • “I don’t have a route anymore, don’t route through me, give me a viable route”.
  • BFD to optimize convergence (100ms wtih 1000 routes).
  • 2 second hello timer, 6 second hold timer ( recommended )

Multiple EIGRP design principles

  • Used to merge two networks ( Acquisitions )
  • Different administrative groups in a company
  • a way to devide large networks ( and control queries )
  • Routes are distributed between AS ( don’t loop! )