NetPro Certification Courseware for NetPro Certified Network Engineer – N.C.N.

Local Area Networks (LANs)

As technology progressed, engineers began to connect computers together so that they
could communicate. At the same time, computers were becoming smaller and less
expensive, giving rise to mini and microcomputers. The first computer networks used
individual links, such as telephone connections, to connect two systems together.
Soon alter the first IBM PCs hit the marketing the 1980’s and rapidly became
accepted as a business tool, the advantages of connecting these small computes
together became obvious. Rather than supplying every computer with its own printer,
a network of computers could share a ingle one. When one user needed to give a file
to another user, a network eliminated the need to swap floppy disks. The problem,
however, was that connecting a dozen computers in an office with individual point-to-
point links between all of them was not practical. The solution to this problem was the
local area network (LAN).

A LAN is a group of computers connected by a shared medium, usually a cable. By

sharing a single cable, each compute requires only one connection and can
conceivably communicate with any other computer on the network. A LAN is limited
to a local area by the electrical properties of the cables used to construct them and by
the relatively small number of computes that can share a single network medium.
LANs are generally restricted to operation within a single building or, at most, a
campus of adjacent buildings. Some technologies, such as fiber optics, have extended
the range of LANs to several kilometers, but it isn’t possible to use a LAN to connect
computes in distant cities. This gives rise to the wide area network (WAN).

In most cases, a LAN is a baseband, packet-switching network. An understanding of

the terms baseband and packet switching, is necessary to understand how data
networks operate, because these terms define how computers transmit data over the
network medium.

Baseband versus Broadband

A baseband network is one in which the cable or other network medium can carry
only a single signal at any one time. A broadband network, on the other hand, can
carry multiple signals simultaneously, using a discrete part of the cable’s band width
for each signal. As an example of a broadband network, consider the cable television
service that you probably have in your home. Although only one cable runs to your
TV, it supplies you with dozens of channels of programming at the same time. If you
have more than one television-connected t the cable service, the installer probably
used a splitter (a coaxial fitting with one connector for the incoming signals and two
connectors for outgoing signals) to run the single cable entering your house to two
different rooms. The fact that the TVs can be tuned to different programs at the same
time while connected to the same cable proves that the cable is providing a separate
signal for each channel at all times.
 NetPro Certification Courseware for NetPro Certified Network Engineer – N.C.N.E

A baseband network uses pulses applied directly to the network medium to create a
single signal that carries binary data in encoded form. Compared to broadband
technologies, baseband networks span relatively short distances, because they are
subject to degradation caused by electrical interference and other factors. The
maximum length of a baseband network cable segment diminishes as its transmission
rate increases. This is why local area networking protocols such as Ethernet have
strict guidelines for cable installations.

Packet Switching versus Circuit Switching

LANs are called packet switching networks because their computers divide their data
into small, discrete units called packets before transmitting it. There is also a similar
technique called cell switching, which differs from packet switching only in that cells
are always a consistent, uniform size, whereas the size of packets is variable. Most
LAN technologies, such as Ethernet, Token Ring, and Fiber Distributed Data
Interface (FDDI), use packet switching. Asynchronous Transfer Mode (ATM) is the
only cell-switching LAN protocol in common use.

Segmenting the data in this way is necessary because the computers on a LAN share a
single cable, and a computer transmitting a single unbroken stream of data would
monopolize the network for too long. When you examine the data being transmitted
over a packet-switching network, you can see that the data stream consists of packets
generated by many different systems, intermixed on the able. It is normal on this type
of network for packets that are part of the same message to take different routes to
their destination and even to arrive at the destination in a different order than they
were transmitted. The receiving system, therefore, must have a mechanism for
reassembling the packets into a correct order and recognizing the absence of packets
that may have been lost or damaged in transit.

The opposite of packet switching is circuit switching, in which one system

establishes a dedicated communication channel to another system before any data is
transmitted. In the data networking industry, circuit switching is used for certain types
of wide area networking technologies, such as Integrated Services Digital Network
(ISDN) and frame relay. The classic example of a circuit-switching network is the
public telephone system. When you place a call to another person, a physical circuit is
established between your telephone and theirs. This circuit remains active for the
entire duration of the call, and no one else can use it, even when it is not carrying any
data (that is, when no one is talking). In the early days of the telephone system, every
phone was connected to a central office with a dedicated cable, and operators using
switchboards manually connected a circuit between the two phones for every call.
Today, the process is automated and the telephone system transmits many signals
over a single cable, but the underlying principle is the same.
 NetPro Certification Courseware for NetPro Certified Network Engineer – N.C.N.E

COMPONENTS OF A LAN

A LAN is a combination of computers, LAN cables, network adapter cards, network

operating system software, and LAN application software. On a LAN, each personal
computer is called a workstation, except for one or more computers designated as file
servers. Each workstation and file server contains a network adapter card. LAN cables
connect all the workstations and file servers. In addition to its local operating system
(usually DOS), each workstation runs network software that enables the workstation
to communicate with the file servers. In turn, the file servers run network software
that communicates with the workstations and serves up files to those workstations.
LAN-aware application software runs at each workstation, communicating with the
file server when it needs to read and write files. Figure illustrates the components that
make up a LAN.

WORKSTATIONS

A LAN is made up of computers. You will find two kinds of computers on a LAN:
the workstations, usually manned by people; and the file servers, usually located in a
separate room or closet. The workstation works only for the person sitting in front of
it, whereas a file server enables many people to share its resources. Workstations
usually are intermediate-speed AT-class machines with an 80286 r 80386 CPU. They
may have 1M to 4M of RAM. Workstations often have good-quality color or gray-
scale VGA monitors, as well as high-quality keyboards, but these are characteristics
that make them easy to use and are not required to make the LAN work. A
workstation usually has an inexpensive, slow, small hard disk.
 NetPro Certification Courseware for NetPro Certified Network Engineer – N.C.N.E

Figure: The Components of a LAN

Some workstations, called diskless workstations, do not have a disk drive of their
own. Such workstations rely completely on the LAN for their file access.

When you use a workstation, it appears and behaves in almost all respects like a
stand-alone personal computer. If you inspect a workstation closely, you typically
observe four characteristics that set it apart from a stand-alone computer:

Extra messages appear on-screen while the computer starts up. These messages
inform you that network software is loading at the workstation.

You have to give the network software your user identification number (or account
ID) and a password before you can use the LAN. This is the login procedure.

After you log in to the LAN from a DOS-based workstation, you see additional drive
letters that you can access. (On a Macintosh, you see additional folders; on a UNIX
computer, you see additional file systems.)

When you print memos or reports, a printer in a remote location on the LAN can
produce your printouts.

FILE SERVERS

In contrast to the workstations, a file server is a computer that serves all the
workstations---primarily storing and retrieving data from files shared on its disks. File
servers are usually fast 386-, 486-, or Pentium -based computers, running at 25 MHz
or faster and with 8M or more RAM. File servers usually have only monochrome
monitors and inexpensive keyboards, because people do not interactively use file
servers. The file server normally operates unattended. A file server almost always has
one or more fast, expensive, large hard disks, however.

Servers must be high-quality, heavy-duty machines because, in serving the whole

network, they do many times the work of an ordinary workstation computer. In
particular, the file server's hard disk(s) need to be durable and reliable.

The file server may use a different operating system from that used by the
workstations. NetWare is an example of a network operating system that runs only on
file servers. (The portion of NetWare that does run on the workstation, which you'll
hear people refer to variously as the requester, shell, NETX, or VLM, is there to help
DOS, not to replace DOS.)
 NetPro Certification Courseware for NetPro Certified Network Engineer – N.C.N.E

Under a heavy load, if there are 20 workstations and one server, each workstation can
use only one twentieth of the server's resources. In practice, though, most
workstations are idle most of the time, at least from a disk-file-access point of view.
As long as no other workstation is using the server, your workstation can use 100
percent of the server's resources.

LAN CABLES

LAN cable comes in different varieties. You may use thin coaxial wire (referred to as
Thinnet or CheaperNet) or thick coaxial wire (ThickNet). Shielded twisted pair (STP),
which looks like the wire that carries electricity inside the walls of your house, or
unshielded twisted pair (UTP), which looks like telephone wire. You may even use
fiber optic cable. Fiber optic cable works over longer distances than other types of
cable, at faster speeds. But fiber optic cable installation and fiber-optic-based network
adapters can be expensive. The kind of wire you use depends mostly on the kind of
network adapter cards you choose.

Each workstation is connected with cable to the other workstations and to the file
server. Sometimes a single piece of cable wends from station to station, visiting all the
servers and workstations along the way. This cabling arrangement is called a bus or
daisy chain topology.

Figure : The linear bus topology, attaching all network devices to a common cable

Sometimes a separate cable runs from a central place, such as a file server, to each
workstation is called a star. Sometimes the cable branch out repeatedly from a root
location, forming the star-wired tree.

If you have to run cables through walls or ceilings, installing the cable can be the
most expensive part of setting up a LAN. At every branching point, special fittings
connect the intersecting wires. Sometimes you also need various black boxes such as
hubs, repeaters, or access units.
 NetPro Certification Courseware for NetPro Certified Network Engineer – N.C.N.E

Figure : The star topology, connecting the LAN’s computers and devices with cables
that radiate outward’ usually from a file server.

A few companies, such as Motorola, are pioneering a type of LAN that does not
require cables at all. Such a wireless LAN uses infrared or radio waves to carry
network signals from computer to computer.

Figure : The star-wired tree topology, linking the LAN’s computers and devices to
one or more central hubs, or access units.
 NetPro Certification Courseware for NetPro Certified Network Engineer – N.C.N.E

NETWORK ADAPTERS

A network adapter card, like a video display adapter card, fits in a slot in each
workstation and file server. Your workstation sends requests through the network
adapter to the file server. The workstation receives responses through the network
adapter when the file server delivers all or a portion of a file to that workstation. The
sending of these requests and response is the LAN's equivalent of reading and writing
files on your PC's local hard disk.

Only two network adapters may communicate with each other at the same time on a
LAN. This means that other workstations have to wait their turn if one person's
workstation is currently accessing the file server (processing the requests and
responses that deliver a file to the workstation.) The LAN gives the appearance of
many workstations accessing the file server simultaneously.

LANtastic adapters have two connectors on the back to attach the incoming and
outgoing cables. Ethernet connectors have a single T connector, a D-shaped 15-pin
connector, a connector that looks like a telephone jack, or sometimes a combination
of all three. Token Ring adapters have a 9-pin connector and sometimes a telephone
jack outlet.

Cards with two or more connectors enable you to choose from a wider variety of LAN
cables. A Token Ring card with two connectors, for example, enables you to use
shielded twisted pair (STP) or unshielded twisted pair (UTP, or telephone wire) cable.

The LAN adapter card listens to all the traffic going by on the cable, and filters out
just the messages destined for your workstation. The adapter hands them over to your
workstation
 NetPro Certification Courseware for NetPro Certified Network Engineer – N.C.N.E

Figure : The Thomas Conrad 16/4 Token Ring adapter (with a 9-pin connector and a
telephone wire connector).

When the workstation is ready to attend to the messages. When the workstation wants
to send a request to a server, the adapter card waits for a break in the cable traffic and
inserts your message into the stream. The workstation also automatically verifies that
the message arrived intact, and resends the message if it arrived garbled.

DATA TRANSFER SPEEDS ON A LAN

Electrical engineers and technical people measure the speed of a network in megabits
per second (mbps). Because a byte of information consists of 8 bits, you can divide
the megabits per second rating by 8 to find out how many millions of characters
(bytes) per second the network can theoretically handle.

LANtastic Adapters

Artisoft makes both Ethernet and its own proprietary network adapter cards. Artisoft's
proprietary model is called a LANtastic adapter, which is a little confusing because
Artisoft also makes a network operating system called LANtastic. The LANtastic
adapter operates at a rate of 2 megabits per second (2 mbps), and it uses four-
conductor cable strung out in a snaking path that connects to all the workstations.
Most people choose Ethernet or Token Ring network adapters when building a new
LAN.
 NetPro Certification Courseware for NetPro Certified Network Engineer – N.C.N.E

ARCnet Adapters

ARCnet is one of the oldest types of LAN hardware. It was originally a proprietary
scheme of the DataPoint Corporation, but today many companies make ARCnet-
compatible cards. ARCnet is known for solid reliability, and ARCnet cable and
adapter problems are easy to diagnose. ARCnet costs less than Ethernet. ARCnet
operates something like Token Ring, but at the slower rate of 2.5 megabits per
second.

ETHERNET ADAPTERS

Ethernet-based LANs enable you to interconnect a wide variety of equipment,

including UNIX computers, Apple computers, IBM PCs, and IBM clones. Ethernet
comes in three varieties (Thinnet, UTP, ThickNet) depending on the thickness of the
cabling you use. ThickNet cables can span a greater distance, but they are much more
expensive. Ethernet operates at a rate of 10 megabits per second (10 mbps).

Suppose that one of the workstations wants to request something from the file server,
just as the file server is sending a response to another workstation. A collision
happens. (Remember that only two computers may communicate through the cable at
a given moment.) Both computers--the file server and the workstation--back off and
try again. Ethernet network adapters use something called Carrier Sense, Multiple
Access/Collision Detection (CSMA/CD) to detect the collision, and they each back
off a random amount of time.

TOKEN RING ADAPTERS

Except for fiber optic cables/adapters, Token Ring is the most expensive type of
LAN. Token Ring uses shielded or unshielded twisted pair cable. Token Ring's cost is
justified when you have a great deal of traffic from many workstations. You will find
Token Ring in large corporations with large LANs, especially if the LANs are
attached to mainframe computers. Token Ring operates at a rate of 4 to 16 megabits
per second (4 mbps or 16mbps).

On a Token Ring network, even when there is no traffic, all the workstations
continuously play a game of "hot potato," passing an electronic token among
themselves. The token is just a short message indicating that the network is idle.

If a workstation has nothing to send, as soon as it receives the token, it passes the
token on to the next downstream workstation. Only when a workstation receives the
token it can send a message on the LAN is busy, and you want your workstation to
send a message to another workstation or server, you must wait patiently for the token
to come around. Only then your workstation can send its message.
 NetPro Certification Courseware for NetPro Certified Network Engineer – N.C.N.E

LAN SOFTWARE

In addition to LAN hardware, you must have a network operating system. PC DOS,
Macintosh System 7, and UNIX cannot by themselves create a network. (Novell's DR
DOS Version 7, however, does contain support for local area networks.) You use the
network operating system's installation procedure to add network software to DOS or
another operating system the workstation uses. On a server -based network, you
install the network operating system on a separate, unattended PC. The unattended PC
becomes the file server, and the network software you install on the workstation lets
the workstation access the file server.

The most popular network operating system software is NetWare, from Novell. In
addition to the network operating system, you'll probably want application software
that takes advantage of your LAN-aware. You won't have to upgrade all your software
immediately, however. The network operating system can make the file server's hard
disk and printer seem like a locally attached disk and printer.

Network Operating Systems

The Network operating system (NOS) components on each workstation and op the
file server communicate with each other through a computer language called a
Protocol. One common protocol is IBM's NetBIOS, short for Network. Basic Input
Output System. Several vendors besides IBM use NetBIOS. Another protocol is
Novell's IPX, which stands for Internet work Packet Exchange.

Here are of some network operating systems and their manufacturers:

Operating System Manufacturer

Apple Talk Apple

LANtastic Artisoft
NetWare Novell
Netware Lite Novell
Personal Netware Novell
Network File System (NFS) Sun Microsystems
OS/2 LAN Manager Microsoft
OS/2LAN Server IBM
Windows NT Advanced Server Microsoft
POWER Fusion Performance Technology
POWER LAN Performance Technology
Vines Banyan
Windows for Workgroups Microsoft
 NetPro Certification Courseware for NetPro Certified Network Engineer – N.C.N.E

Ensuring LAN Security

When you have a LAN, you put everyone's files in one big container. Unless you
make special provisions for security and privacy, anyone can look at and modify-any
file. Any user can easily rifle through the electronic desk and personal papers of any
other user, including the president of the company. You may want to set up a security
system on a LAN for four reasons:

Limiting damage. Perhaps you know one of those butterfingered types who
accidentally types DEL *. * instead of DIR *. * and then ends up destroying
hundreds of files.

Protecting confidentiality. If you know that anyone in the company, including the
office gossip, can read any of your computer files at any time, you cannot store
important files on the LAN.

Preventing fraud. If all employees know they have access to the accounting system's
accounts payable files, an unscrupulous person may be tempted to tell the computer to
issue a check in his or her name.

Preventing malicious damage. If a disgruntled employee has access to all the files on
the LAN, he or she may corrupt or modify these files. By the time someone detects
the damage, the company could find itself in dire financial straits. The capability to
share files is a two-edged sword. It also implies the opportunity to corrupt or destroy
files.

Using Passwords

The first key to security is the password. Each LAN user identifies himself or herself
with a password-a secret word known only to that user. If properly used, passwords
verify the identity of the person who logs on to the LAN. Proper password
administration guidelines include encouraging people to use Hard-to-guess
passwords. Asking people to change their passwords regularly, and asking people to
keep their passwords secret.
 NetPro Certification Courseware for NetPro Certified Network Engineer – N.C.N.E

Limiting Access

Another key to security is to limit access within the LAN on a directory-by-directory

or server-by-server basis. With NetWare, for example, you can give a person the right
to open and read files in a directory, but restrict him or her from modifying those files.
Or you may make an entire 'directory off-limits. And if you want to protect important
files even from your own typing errors, you can mark files as read only so that you
cannot delete or modify the files.

Protecting Your Data

File server, like other computers, sometimes fails. Whether the failure is the result of
a loss of electrical power or of a hard disk crash, you will want to minimize the effect
of a server failure. This means that you need to get serious about file backup, data
redundancy, and power protection.

File Backup

The method you use to make backup copies of your data will depend mostly on how
much data you have. Floppy disks may do the ob on a very small LAN, but in most
cases, you will likely use a tape drive to copy files to a magnetic tape cartridge. If
your data is critically important, you may forego the tape drive and use a WORM
(write-once-read-many) drive. (A WORM drive has a laser that bums patterns of pits
and holes into a glass or plastic disk; such recordings last a very long time.

If you are the person in your office who makes backup copies, you can choose one of
the following approaches, depending on how often your data changes, how important
It is, and how much work you would have to do if you had to reenter it:

Occasional. You may get by with occasionally copying individual files one or more
floppy disks. This approach is the least secure, but it is better than nothing. It you use
this method, make sure that you label your disks. Disorganization is your enemy
with this approach. And, if you have to restore a file you may find that your backup
copy is not as recent as you would like. If this happens, you will have to redo any
work you have done since the backup copy was made. You may even 'find that the
disk containing the backup copy is damaged, and you have to redo all the work of re-
creating the data.
 NetPro Certification Courseware for NetPro Certified Network Engineer – N.C.N.E

Serious. If you make backup copies regularly (perhaps more often than once a day),
if you use a backup utility such as BACKUP.EXE, and if you use two sets of disks (or
two tapes') to do your backups, you are in this category. You know exactly how much
time has elapsed since your last backup copy was made.

Professional. Data centers with multi-million-dollar mainframe computers use this

method. You can, too. Essentially, you always have three copies of your data on three
sets of disks (or magnetic tapes). To make your backup copies, you first identify each
set of disks as A, B, or C. (For safety's sake, you should actually have two A sets, two
B sets, and two C sets.) You rotate your use of the three sets of disks so that, if today's
backup is labeled C, you have yesterday's backup copies on B and the previous day's
on A. Then, tomorrow, you use the A set to make your backup copies. You may even
extend this approach to a fourth set of disks and make sure that the oldest copy is
taken off-site (to a different location) just in case something happens to the building in
which your computer located. (This backup method is sometimes known as the
grandfather / father / son scheme.

Data Redundancy

Backup also means redundancy. You are better off to have two medium-size file
servers than one giant server. If a file server breaks down, you can get by temporarily
with the other server. Of course, you should make the second server part of your
backup procedure.

Manufacturers of file server computers recognize the need for data redundancy and
offer models that contain disk arrays - multiple hard disks that mirror each other. If
one hard disk dies, another carries on without a moment's hesitation. People refer to
this multiple-disk duplication of data as redundant array of inexpensive disks, or
RAID.

Power Protection

Power failures happen unexpectedly. Sometimes they happen during a thunderstorm,

but power failures happen at other times, too.

Nearly all software will, to some extent, corrupt the file it is working on at the time of
a power failure. For a word processor, this means that you lose what you have keyed
in since the last time you saved the file. For an accounting program, it may mean that
you lose everything you keyed in since the last time you backed up the files to tape.
To protect yourself, place your servers on an uninterruptible power system (UPS).
 NetPro Certification Courseware for NetPro Certified Network Engineer – N.C.N.E

Metropolitan Area Networks

A metropolitan area network, or MAN (plural: MANs, not MEN) is basically a

bigger version of a LAN and normally uses similar technology. It might cover a group
of nearby corporate offices or a city and might be either private or public. A MAN
can support both data and voice, and might even be related to the local cable
television network. A MAN just has one or two cables and does not contain switching
elements, which shunt packets over one of several potential output lines. Not having
to switch simplifies the design.

The main reason for even distinguishing MANs as a special category is that a standard
has been adopted for them, and this standard is now being implemented. It is called
DQDB (Distributed Queue Dual Bus DQDB consists of two unidirectional buses
(cables) to which all the computers are connected, as shown in Fig. 1-4. Each bus has
a head-end, a device that initiates transmission activity. Traffic that is destined for a
computer to the right of the sender uses the upper bus. Traffic to the left uses the
lower one.

A key aspect of a MAN is that there is a broadcast medium to which all the computers
are attached. This greatly simplifies the design compared to other kinds of networks.

Wide Area Networks

The physical- and data link-layer protocols used to build local area networks (LANs)
are quite efficient over relatively short distances. Even for campus connections
between buildings, fiber-optic solutions enable you to use a LAN protocol such as
Ethernet or FDDI throughout your whole internetwork. However, when you want to
make a connection over a long distance, you move into an entirely different world of
data communications called wide area networking. A wide area network (WAN) is a
communications link that spans a long distance and connects two or more LANs
together.
 NetPro Certification Courseware for NetPro Certified Network Engineer – N.C.N.E

WAN connections make it possible to connect networks in different cities or

countries, enabling users to access resources at remote locations. Many companies use
WAN links between office locations to exchange e-mail, groupware, and database
information, or even just to access files and printers on remote servers. Banks and
airlines, for example, use WANs because they must be in continual communication
with all of their branch offices to keep their databases updated, but WAN connections
can also function on a much smaller scale, such as a system that periodically dials in
to a remote network to send and retrieve the latest e-mail messages.

WAN Connections

A WAN connection requires a router or a bridge at each end to provide the interface
to the individual LANs, as shown in figure. This reduces the amount of traffic that
passes across the link. Remote link bridges connect LANs running the same data link-
layer protocol at different locations using an analog or digital WAN link. The bridges
prevent unnecessary traffic from traversing the link by filtering packets according to
their data link-layer MAC addresses. However, bridges do pass broadcast traffic
across the WAN link. Depending on the speed of the link and applications for which it
is intended, this may be a huge waste of bandwidth.

Its possible to make a good case that using remote link bridges to connect networks at
two sites is technically not a WAN, because you are actually joining the two sites into
a single network, instead of creating an internetwork. However, whether the final
result is a network or an internetwork, the technologies used to join the two sites are
the same, and are commonly called WAN links.

If the WAN link is intended only for highly specific uses, such as e-mail access, data
link-layer bridges can be wasteful, because they provide less control over the traffic
that is permitted to pass over the link. Routers, on the other hand, keep the two LANs
completely separate. In fact, the WAN link is a network in itself that connects only
two systems, the routers at each end of the connection. Routers pass no broadcasts
over the WAN link (except in exceptional cases, such as when you use DHCP or
BOOTP relay agents), and administrators can exercise greater control over the traffic
passing between the LANs. Routers also enable you to use different data link-layer
protocols on each of the LANs, because they operate at the network layer of the OSI
model.
 NetPro Certification Courseware for NetPro Certified Network Engineer – N.C.N.E

While bridges are always separate units, the routers used to connect two networks
with a WAN link can take the form of either a computer or a dedicated hardware
device. When a remote user connects to a host PC with a dial-up modem connection
and accesses other systems on the network, the host PC is functioning as a router. For
technologies other than dial-up connections, however, most sites use dedicated
routers. The router or bridge located at each terminus of the WAN link is connected to
the local LAN and to whatever hardware is used to make the physical4ayer
connection to the WAN, such as a modem, CSU/DSU, or NT-i.

For more information on the types of routers and their functions, see Chapter 6.

Designing a Wide Area Network (WAN) Topology

The term topology can be defined in many ways. When we speak of the Wide Area
Network (WAN) topology; we are referring to the manner and architecture with which
the different sites on the network are connected. Some of the technologies employed
in the WAN, are Asynchronous Transfer Mode (ATM), Frame Relay, Integrated
Services Digital Network (ISDN), and so on.

There are two structures of WAN namely: Flat & Hierarchical.

 NetPro Certification Courseware for NetPro Certified Network Engineer – N.C.N.E

Flat Versus Hierarchical

On a large network, one of the most fundamental designs decision to be made in

relation to the WAN infrastructure is whether it should take the form of a flat or
hierarchical topology.

Figure : Flat hub and spoke topology

The basic topology for a flat network is one in which all of the remote or regional
sites connect into the same main site. An example of this is shown in Figure –
Variations maybe made on this in order to provide resilience. For example, two main
offices may exist so that all remote sites connect to each one. An example of this type
of flat structure is shown in the Figure. A flat structure can also be thought of as
having just two layers or tiers in the WAN topology-the main site(s) is often referred
to as Tier-1 and the remote sites are commonly referred to as Tier-2 sites.

Because most networks do have one or more main sites, we can refer to a topology
that has two layers as being flat.

A hierarchical WAN topology involves the introduction of a third layer between the
main site(s) and the remote sites. Figure 4 provides an example of a hierarchical
WAN structure. The remote sites are now termed Tier-3 sites and they connect to the
main site via Tier-2 sites. In this type of hierarchy, Tier-3 sites never attach directly to
the main site or Tier-1. One exception
 NetPro Certification Courseware for NetPro Certified Network Engineer – N.C.N.E

Figure : Dual-homed flat topology

to this is when an alternate technology such as ISDN is used to backup the primary
wide area links, which may, be leased lines or Frame Relay, for example. In this case,
the failure of a WAN link at a Tier-3 site would cause the Tier-3 router to dial directly
to the main site. It is also possible to design the network so that the Tier-3 router
would dial a particular Tier-2 site. A schematic representation of this type of ISDN
backup is shown in Figure.

Flat WAN Topology

On a smaller network, the choice between a flat or hierarchical topology tends to be

less of an issue, because a flat structure is usually sufficient to ensure good network
performance. WANs with less than 10 sites can be considered small, but that rule of
thumb can be stretched to 20 sites In general, such networks have one, or possibly
two, central sites, and all other sites termed remote or regional sites connect directly
to the central site(s).
 NetPro Certification Courseware for NetPro Certified Network Engineer – N.C.N.E

Figure : Flat leased line topology with isdn backup

The figures show typical sample topologies. In Figure, all remote sites connect into
one central main site. This can be the case when all or most of the network resources,
such as applications servers, reside at this central site. Modern networking
environments show a strong trend toward centralized resources due to the changing
nature of applications. Some examples are Internet-based services that use a central
Web server, e-mail, and video conferencing. This trend is only likely to accelerate, as
more companies centralize common shared resources, which are often termed
enterprise services, because they are shared by the entire corporate enterprise.

In Figure, the centralized resources are shared between two central sites for resilience,
which is achieved by dual-homing the remote site to each central site in this example.
Dual-homing simply means connecting each remote site to each of the central sites,
and a resilient connection from the remote sites can also be achieved through the use
of another technology; such as ISDN. For the network in Figure, the central site is
connected to ISDN if the link from a remote site fails. In this example, one central site
exists; however, the ISDN dials a different router at the main office. Thus, protection
is provided against a failure on the main WAN link from each remote site, and also
resilience protects against a failure on the main router at the central site. No fallback
is available, however, in an event such as a serious and prolonged power outage at the
central site.
 NetPro Certification Courseware for NetPro Certified Network Engineer – N.C.N.E

Some resources may also reside at remote sites. These resources will usually serve
clients at that particular site; hence, the traffic does not have to cross the WAN.
Particular instances may occur in which a server at one remote site has to be accessed
by clients at another remote site. For example, when referring to Figure, clients at Site
2 need to login to a server at Site 4. The connectivity for such a session is provided
via the central site because no direct WAN link exists between Site 2 and Site 4.
Although scenarios like this do happen in practice, it is more common on smaller net-
works not to have a requirement for direct communication between the remote sites.
Usually, the resources that clients need are available either locally or at the central
site. A network like this is said to have a flat wide area topology; meaning that all
sites connect back to one or more central sites. This can also be described as a hub
and spoke topology with the central site being the hub.

Figure : Three-tiered hierarchical topology

Another piece of jargon that is also used in this context is that the network is
collapsed back to the central site. On a reasonably small network, introducing another
tier between the remote sites and central site is usually unnecessary After all, getting
back to the fundamental design principles that were discussed in Chapter 1,
"Principles of Network Design," why introduce added complexity and cost without a
clear need and benefit?
 NetPro Certification Courseware for NetPro Certified Network Engineer – N.C.N.E

Advantages of a Flat WAN Structure

The main advantages and motivations for employing a flat WAN structure are:

Simplicity A flat structure is the simplest type of WAN topology. However, when
networks grow in size, the justification for the greater complexity of a hierarchical
design increases.

Less Router Hops Each router hop on a network introduces the latency associated
with a routing table lookup. Therefore, when designing a routed IP network, it is
important to ensure that the minimum number of router hops are incurred between
any source and any destination within the network

Less PVCs and Less Subnets A flat structure uses the minimum number of leased
lines or virtual circuit links used to connect the remote sites to the central site.

Limitations of a Flat Design

Let's examine some of the issues that may be created with a simple flat design.

Routing Protocol Limitations

As any network grows, the scalability of the routing protocol can become an issue.
The potential limiting factors surrounding the IP routing protocol are :

Non-scalable IP Routing Protocols Routers running distance vector routing

protocols, such as Routing Information Protocol (RIP) or Cisco's Interior Gateway
Routing Protocol (IGRP) broadcast their entire routing table periodically to each of
their directly attached neighbor routers. If a large number of neighbor routers attach
directly to the backbone routers, then two adverse effects can occur:

The backbone routers have to exchange more routing information with directly
attached neighbors. This introduces more router overhead that could impact the speed
at which the router can switch packets.

A potentially more serious issue is the bandwidth consumption associated with the
periodic updates. This is particularly relevant for large routing tables. In the case of
RIP, the routing table is broadcast to and from each remote router every 30 seconds.
Hence, this is equivalent to br6adcasting the entire routing table across each serial link
every 15 seconds in one direction only.
 NetPro Certification Courseware for NetPro Certified Network Engineer – N.C.N.E

Number of Router Neighbors In a network of this size, it is likely desirable that a

scalable routing protocol such as OSPF is being used. Scalable IP routing protocols
such as OSPF and Cisco's EIGRP rely on the formation of a neighbor relationship
with each directly connected router.

If the number of OSPF or EIGRP neighbors gets too large, the following issues can
arise:

The topological database can get excessively large, placing memory resource
restraints on the main office router. This is an even greater issue with EIGRP than
OSPF because in EIGRP the size of the database is directly proportional to the
number of EIGRP neighbors. In OSPF, the size of the database is proportional to the
number of IP subnets on the network.

The large number of neighbors can cause router convergence problems again,
particularly in the case of EIGRP When a router running EIGRP loses a route without
a backup route, it queries each of its neighbors for another route to that destination.
EIGRP does not converge until it receives a reply from each of those neighbors.
Therefore, if the number of neighbors is very large and the WAN links are slow.

The routing protocol itself, for example, OSPF or EIGRP. The speed of the WAN
links over which these neighbors are being formed and more significantly, the
bandwidth percentage utilization on these links excluding routing update traffic.

The amount of memory available on the backbone routers. The number of routes or
subnets in the overall enterprise network.

The stability of the network, in other words, how often Local Area Network (LAN) or
WAN segments go down or change state.

Route Summarization Difficulties A flat structure does not readily facilitate route
summarization, which results in larger routing tables as the network grows.
Minimizing the size of the IP routing table is desirable regardless of the routing
protocol being employed. This is true for a number of reasons:

A large routing table increases the delay or latency associated with routing table
lookup.

More WAN bandwidth is consumed as a result of larger routing tables, particularly in

the case of a routing protocol that uses periodic updates.
 NetPro Certification Courseware for NetPro Certified Network Engineer – N.C.N.E

Even for a link state protocol like OSPF that uses incremental updates, it is still
desirable to reduce the size of the routing database in order to impose less memory
and processing requirements on the routers.

By failing to implement route summarization on a large network, the convergence

time of the routing protocol can increase.

Route summarization, as well as improving the convergence time, can also make the
network more stable. You will revisit this entire area in the context of scalable IP
routing.

Figure : Route Summarization with a flat structure

Broadcasting Issues On a fiat WAN structure that uses point-to-point WAN

technology such as serial leased lines, the number of broadcast domains that directly
connect to the backbone routers is increased. For example, referring back to the
network in Figure the remote sites connect to the main site using serial links.

The increased number of broadcast domains can have several implications. In the case
of leased line serial links, broadcasts are sent and received on each serial interface that
connects to a leased line. These broadcasts may be routing updates or other types of
broadcasts that relate to the network applications. An excessive number of inbound
broadcasts in particular can potentially place a processing strain on the backbone
routers, which are the last devices on the network that should be slowed down due to
needless processing.
 NetPro Certification Courseware for NetPro Certified Network Engineer – N.C.N.E

Two basic topological implementations of Frame Relay and ATM are available:

Point-to-point

Point-to-multipoint

A point-to-point implementation has more broadcast domains, but multipoint

configuration has more hosts that must each receive their own copy of the broadcast.

The whole issue of broadcasts in the WAN is very significant and something that will
be revisited during the course of this book. In the preceding paragraphs, the issue has
been highlighted for a number of reasons:

It is important to be clear about how broadcasting really works on non-broadcast

media such as ATM and Frame Relay.

As a rule, it is desirable to reduce the amount of broadcasts that backbone routers

have to send and receive. Excessive broadcasts can slow the backbone routers down
because broadcasts are usually process switched rather than layer-3 switched.

It is true that a flat design increases the amount of WAN broadcast processing that the
backbone routers must do. It is equally true that minimizing the level of broadcasts in
the WAN is a definite design goal

Hierarchical

A hierarchical WAN design involves the deployment of an additional layer of sites

between the most remote sites and the central site(s). This is also referred to as
bringing an additional tier into the WAN hierarchy A typical WAN hierarchy consists
of the following:

A central main site as the Tier-1 site, which is also sometimes called the core or
backbone site.

Tier-2 sites connect directly to the Tier-i site using the designated WAN technology,
(such as leased line, Frame Relay, and so forth).

Tier-3 sites connect directly to Tier-2 sites but not to the Tier-1 site(s). Connectivity
to the core of the network is provided for Tier-3 sites by Tier-2 sites.
 NetPro Certification Courseware for NetPro Certified Network Engineer – N.C.N.E

Figure shows a diagram of a network deploying a classic hierarchical WAN topology.

Note that more than one Tier-1 site can exist. Often two or more Tier-1 sites are
connected via a campus or metropolitan area network (MAN) backbone.

Figure : Multiple tier-1 sites connecting to a campus MAN

PVC and Leased Line Aggregation

Leased Lines are PVCs form the Tier-3 sites are aggregated at the Tier-2 sites rather
than connecting all the way back to the central Tier-1 site. The rationale behind doing
this is as follows:
 NetPro Certification Courseware for NetPro Certified Network Engineer – N.C.N.E

Cost-effective Bandwidth Deployment

By aggregating leased lines or PVCs at the Tier-2 sites, the overall amount of WAN
bandwidth purchased can be reduced.

Consider a network where over 100 remote sites exist. A remote site in this context is
defined as any site other than the Tier-1 campus. Assume, for example, that 70 of
these sites only require a 56k leased line connection to the Tier-i site. Assume that the
average utilization on these 56k links is less than 50 percent. The remaining 30 sites
require 112k and run at a typical utilization of 60 percent. In a flat structure where
each of these sites connect directly into the core, a very significant waste of expensive
WAN bandwidth would occur.

Alternatively, by aggregating groups of 10 56k sites and two 112k sites to a Tier-2
site, a potential exists for cost saving. The total bandwidth purchased between the
remote sites and the Tier-i site for these 12 sites on a flat design is as follows:
(10 x 56k) + (2x 112k) 784k

The estimated utilized bandwidth is as follows:

(560k x 50%) + (112 x 60%) = 347.2k

This means that the overall average utilization on these links back to the head office is
as follows:

347k / 784k = 44.3%

This is not a very cost-effective utilization on serial links that are likely to be long in
distance on a geographically dispersed WAN.

These 12 sites could be aggregated into a single site Tier-2 site where their leased
lines would terminate. The Tier-2 site could be designated because of its geographic
proximity to this group of Tier-3 sites.

The Tier-2 site could, in this example, provide connectivity over a channelized T-1 to
the central Tier-1 site.

If an n X 56k link with n=8 was chosen for the channelized T-1, then the utilization
would be as follows:

347k/(8 x 56) 347k / 448k = 77.5%

 NetPro Certification Courseware for NetPro Certified Network Engineer – N.C.N.E

This is a higher level of utilization that still has some room for increased traffic levels.
The upshot of this solution is that effectively less bandwidth has been purchased
between these 12 sites and the main office site. The same amount of bandwidth is
purchased from the Tier-3 sites to the Tier-2 site. However, less bandwidth is required
between the Tier-2 and Tier-1 sites to support this level of utilization. The cost of
leased line bandwidth is usually proportional to the amount of bandwidth and the
length of the leased lines. Therefore, in this example, it is less expensive than
purchasing the 784k to run from Tier-3 sites to the central site.
A number of significant points occur here:

The degree of cost saving from leased line aggregation at Tier-2 sites to some extent
depends on bandwidth utilization levels, although in practice usually some under-
subscription occurs

The cost saving can be equally true of Frame Relay or ATM PVCs. However, in the
case of these technologies, usually a flexible bandwidth offering includes a number of
variables.

The choice of Tier-2 sites often relates to their WAN link aggregation function.
Therefore, parameters such as geographic proximity to Tier-3 sites and the Tier-1 site
could come into play.

The preceding example was quite simple and was intended to illustrate the principle
of using Tier-2 aggregation to reduce WAN costs.

Shorter Leased Line Distances

In considering the previous point about cost-effective bandwidth deployment, it is

generally possible that by aggregating the leased lines at a Tier-2 site, the total
average distance of the leased lines on the network is reduced.

Clearly, this requires an analysis of the geographic distances between the sites. PVC-
based technologies such as ATM or Frame Relay may or may not have a pricing
structure that relates to the physical distance between the sites connecting the PVC.

Reduced Core Router Ports or Interfaces

Another advantage of PVC or leased line aggregation is that the number of WAN
router serial ports or WAN interfaces is reduced. In the case of leased lines, fewer
serial ports are required on the Tier-1 routers. This potentially reduces routing
overhead on the Tier-i routers, as well as presenting a possible cost saving with
respect to router ports.
 NetPro Certification Courseware for NetPro Certified Network Engineer – N.C.N.E

If Frame Relay or ATM is being used, it is unlikely that much of a difference in terms
of the number of router interfaces will occur because these technologies can run
multiple PVCs on the same physical serial interface. However, PVC aggregation at
Tier-2 does mean that fewer PVCs terminate at the main office site. This has the
benefit of reducing router processing at the Tier-1 site. An example of this has already
been discussed in relation to broadcasting over Frame Relay and ATM.

Less Routing Protocol Neighbors

For larger networks, a scalable routing protocol such as OSPF or EIGRP should be
used. As shown when discussing flat topologies, these protocols can have a practical
limitation on the number of neighbors supported on each Tier-1 router.

These routing protocols rely on neighbor formation with directly connected routers,
and neighbor relationship is formed on each serial link or PVC. The potential problem
caused by the upper limit on IP routing neighbor relationships can be alleviated using
a hierarchical design rather than a flat one. This is achieved because fewer leased
lines or PVCs connect to the Tier-1 site with a hierarchical design.

Route Summarization

IP route summarization greatly increases a network's stability and scalability, as was

already discussed. A hierarchical design facilitates route summarization much more
easily than a flat WAN structure.

Broadcast Control in the WAN

A hierarchical design will not in itself reduce the level of broadcasts that are being
passed in the WAN. However, one difference it makes is that because fewer sites are
now connecting directly into the Tier-1 site, the Tier-1 routers have fewer broadcasts
to process both inbound and outbound. This serves to minimize any overhead incurred
by the backbone routers due to broadcast handling.

Disaster Recovery

The most fundamental goal of a disaster recovery plan is to ensure the backup
availability of the Tier-1 core resources. In other words, network connectivity to some
form of backup Tier-1 site must be achievable.
 NetPro Certification Courseware for NetPro Certified Network Engineer – N.C.N.E

In a flat design, this means that connectivity would be required from every remote site
to the disaster fail-over site. For example, in the case of a Frame Relay WAN
topology, this could be achieved by having a backup PVC from every site on the
network to the disaster recovery site.

It is easier to perform fail-over from just the Tier-2 sites rather than from every
remote site on the network. In a hierarchical design, this is all that is required. A
disaster recovery plan could be executed without interfering with any of the Tier-3
sites, which would likely make for a smoother transition as well as providing a
potentially more cost-effective solution.

Issues with a Hierarchical Design

WAN Costs

As a network scales or grows, a hierarchical design provides a more cost-effective

solution. However, nothing is ever cut and dry in network design. Every network is
different, and even more significantly, every telecommunications service provider has
its own pricing plans that need to be carefully understood. It is necessary to cost out
all solutions before concluding that a hierarchical design will reduce the WAN costs.

Additional Router Hops

Hierarchical design introduces an extra router hop between most of the remote sites
on the network, namely the Tier-3 sites and the central Tier-1 site. Additional router
hops always mean increased latency or delay on the network.
 NetPro Certification Courseware for NetPro Certified Network Engineer – N.C.N.E

Figure : Disaster recovery with a flat topology

In the case of a Tier-3 site accessing core resources at the central site, one additional
router hop exists as compared to a flat design. For Tier-3 sites communicating with
each other, at least two additional hops are available. With a hierarchical design, it is
wise to limit the number of router hops and maximum network diameter.

The network designer should strive to achieve the following goals in terms of
maximum number of router hops:

A maximum of three hops from a Tier-3 LAN to the Tier-1 LAN.

A maximum of six hops from any Tier-3 LAN to any other Tier-3 LAN. Six hops
should only be necessary for communication between two dispersed Tier-3 sites that
ultimately connect to the main office resources via different Tier-1 routers.
 NetPro Certification Courseware for NetPro Certified Network Engineer – N.C.N.E

Figure : Minimizing the network diameter

Try to minimize the number of router hops required to communicate across the
network.

Use layer-3 or multiplayer switching, where possible, to reduce the latency associated
with router hops.