The Role of the Network Designer

Prior to taking a look at the various tasks involved in designing a network infrastructure, it’s important to be familiar with the role that a network designer or architect plays. Although the exact responsibilities that a network designer will take on for the duration of a specific project can vary based on the size or scope of the undertaking, common themes apply to almost all projects.

Certainly most network designers start their careers on some network engineering-related path; foundation knowledge and hands-on experience in these areas is critical. However, the main goal of a network design professional is to map an organization’s main business and technical goals to a functional network design that meets all stated needs. In some cases this can be a relatively simple undertaking, but in many cases, the process is much more complex. On a typical network design project, the designer handles roles that include needs analysis, data gathering, producing documentation, designing an appropriate solution, overseeing implementation, troubleshooting, verification, and more.

Quite simply, network designers wear many hats; they not only have to be able to effectively determine the true business and technical requirements driving a project, but also deal with a range of non-technical issues including personnel, politics, scheduling, and even “selling” their concept. At the end of the day, however, a good network designer will still be able to roll up their sleeves, get in there, and configure equipment if necessary. Their approach may seem very high-level in some ways, but a thorough understanding of how systems function, interrelate, and are configured is equally crucial.

Protocol Analyzers and Cable Testers

A protocol analyzer is a software utility that allows network traffic to be captured, and the contents of frames to be analyzed. A protocol analyzer often provides the best point of reference with respect to communication issues and errors that may be occurring on a network. The capabilities of protocol analyzers vary greatly, and range from enterprise products like Sniffer from Network Associates, to freeware tools like Ethereal.

A cable tester is a small handheld hardware device that can be used to troubleshoot a variety of physical connection and cabling issues. For example, a cable tester can be used to determine whether the pinouts of cables are correct, whether maximum distances have been exceeded, if a cable contains breaks, and so forth. Cable testers are available for a variety of different media (twisted pair, coax, fiber) and tend to be an invaluable resource in when troubleshooting physical layer issues.

Cisco FastStep

Cisco FastStep is another free Windows-based utility that helps users configure, troubleshoot, and monitor selected Cisco routers. Aimed at the small office and home market, this wizard-based tool walks inexperienced users through the configuration of connections to an ISP and/or a corporate network. The product also allows more advanced features (such as DHCP or NAT) to be configured through the wizard interface, depending on the IOS version included with the router. Once configured, another utility called FastStep Monitor provides the ability to monitor router interfaces, and generate email alerts when something goes wrong.

FastStep is only provided for certain router models, including those in the 700, 800, and 1600 series, and the 2509 and 2511 models. The tool is included on a CD with those models, or can be downloaded from the Cisco website.

Cisco ConfigMaker

Cisco ConfigMaker is a great free utility that allows Cisco routers, switches, and hubs to be configured from a graphical application that runs on Windows. The drag-and-drop interface allows you to create a “map” of your network (including links), and then access the properties of devices to complete their configuration. The tool doesn’t require any knowledge of the Cisco IOS command line interface. Once complete, the generated configuration files can be uploaded to devices via their console port, or over the network.

The ConfigMaker tool is aimed at small and medium businesses, as well as Cisco resellers. Routers that can be configured with the tool include those in the 800, 1000, 1600, 2500, 2600, 3600, and 4000 series.

Cisco Netsys Baseliner for Windows NT

Rather than generating network views using SNMP (as is the case with most network management applications), Cisco Netsys Baseliner for Windows NT generates a view of your network using the actual configuration files from existing Cisco network equipment. This provides you with a complete view of the network, including both the physical and logical relationships between devices.

After Netsys Baseliner has created a model of the existing network, it uses an offline version of this model to test for configuration errors. The application also allows you to make changes offline for testing purposes. This provides the opportunity to see what impact any changes may have, before they are committed to the live network. Cisco Netsys Baseliner is currently an End-of-Life product.

Cisco Netsys Performance Service Manager

The Cisco Netsys Performance Service Manager tool is also part of the Cisco Netsys Service-Level Management Suite. Capabilities found within the program include the ability to manage network performance service levels, define performance policies, and troubleshoot performance-related issues. Like the Connectivity Service Manager tool, this tool also builds a view of the current network topology using information stored in the configuration files of deployed equipment.

This tool gathers data in a number of ways, including using SNMP and RMON performance data from network switches and routers. This data provides the ability to visualize network performance in real-time, or to create a baseline measurement against which future changes can be compared, both through “what-if” analysis and actual implementations. Baseline data can also be used to develop service-level policies against which regularly collected data can be compared via a difference mechanism. Tools within the Cisco Netsys Service-Level Management Suite are mainly aimed at larger networks, where service-level agreements have been defined and need to be measured.

Cisco Netsys Connectivity Service Manager

The Cisco Netsys Connectivity Service Manager tool is part of the Cisco Netsys Service-Level Management Suite. The product is focused on providing information that allows you to troubleshoot a variety of network connectivity issues. The application builds a map of the existing network using the configuration files of existing Cisco devices, and subsequently allows you to use this information to troubleshoot issues relating to network availability, security, and reliability.

Capabilities found in the application include the ability to view different topologies, such as the physical or logical connections between equipment. Taken a step further, protocol views are also provided, for example the ability to view OSPF areas and interconnections. The application also helps in determining the source of network errors, including those related to access lists, mismatched frame types, incorrect subnet masks, and so forth. Positioned as a tool to help companies move towards a proactive management strategy, the Netsys Connectivity Service Manager also provides extended capabilities such as offline “what-if” analysis by way of the VISTA (view, isolate, solve, test, apply) troubleshooting methodology.

Note: All of the software in Cisco’s Netsys line has reached end-of-life (EOL) status.

CiscoWorks Service Management Solution (SMS)

The CiscoWorks Service Management Solution (SMS) is a suite of applications used to manage network-wide service level agreements (SLAs). The key application within this suite is the CiscoWorks Service Level Manager (SLM), which allows an administrator to define SLAs thresholds, and then monitor collected data to be sure that service levels are in fact being met.

In the remainder of this section I’ll explain the key components of an SLA, the network management capabilities that much be included in order to effectively monitor SLAs, and provide an overview of how CiscoWorks Service Level Manager implements the monitoring of SLAs.

As the name suggests, a service level agreement (SLA) is effectively a contract between two parties – in this case, a company (the client) and a service provider such as an ISP. In most cases, contracts for service will be valued at anywhere from a few thousand to many hundreds of thousands of dollars per year. As such, the exact expectations as to what the customer is getting for their money needs to be clearly defined. While a home user might be willing to accept occasional service disruptions or network performance issues, these same issues can have a profound financial impact on larger businesses.

As a contract, an SLA will almost always define very specific and quantifiable data about the service that a client should expect to receive. For example, an SLA might state that a WAN connection between two offices should provide a ping response time of less than 100 ms at least 99% of the time. If this requirement was agreed upon and not met, then typically the service provider would be assessed a financial penalty under the contract. In some cases providers use very standardized SLAs that apply to all clients. In many others, SLAs become sticking points that require very detailed negotiations between the parties. Regardless, it is important to remember that an SLA defines explicit performance metrics that the service provider is agreeing to provide to the client.

While an SLA defines the key metrics associated with an agreement between the client and service provider, a method is still needed for both to test and be certain that the metrics defined are actually being met. This is where applications like CiscoWorks Service Level Manager come into play. This application allows you to define what are known as service level contracts (SLCs) meant to be consistent with the language used and metrics defined in the actual contract. Each SLC is typically made up of many individual SLAs that define thresholds and the endpoints in the communication process. Each SLA covers one specific performance metric only. For example, one SLA might be defined to measure FTP performance between two devices, and another to measure HTTP performance between the same two devices. It’s easy to see how a single SLC could be made up of many different SLAs. Returning to the previous example, an SLA might state that the ICMP response time of a WAN connection between two distinct devices (known as the source device and target device) must be less than 100 ms 99% of the time. Notice that this time, the definition of where the 100 ms comes into play is clearly defined, and is not subject to interpretation.

It is very important to be clear about the main network management capabilities that must exist in order to effectively determine whether service level agreement performance metrics are being met. These include:

  • Ensuring conformance. The primary goal of a network management solution that monitors SLAs is to ensure that the actual performance of a network conforms to the specific requirements agreed upon by both parties.
  • Isolating and identifying problem areas. Outline of ensuring conformance, the network management system should be capable of isolating and identifying any specific problems areas that exist with respect to the defined SLAs. For example, a network management solution should be able to accurately identify devices or connections that are not meeting the criteria outlined in an SLA.
  • Reporting. The network management solution should also be capable of providing detailed reporting capabilities for analysis purposes.

CiscoWorks Service Level Manager (SLM) uses a distributed architecture made up of the components listed below.

  • SLM Server. The server-based component is ultimately responsible for defining, monitoring, and documenting service between a customer and a service provider.
  • Service Level Contract (SLC). The contract between the client and the service provider defined in the SLM server software. An SLC is made up of at least one SLA, but can contain an unlimited number of SLAs (1500 different SLA metrics are supported). There is no hard limit as to the number of SLCs the application can support.
  • Service Level Agreements (SLAs). A specific metric that defines a traffic type, threshold value, and endpoints between which services will be monitored for conformance. In SLM Server, each SLA measures performance for a specific metric between a pair of devices. When SLAs are created, sampling intervals can also be defined to reduce resource utilization associated with the data collection process.
  • Collection Managers (CMs). Software agents designed to collect and aggregate the data used by the SLM server. Many CMs can be installed on a network in a distributed manner, helping to reduce potential bottlenecks that might result from a single collection point.

CiscoWorks VPN/Security Management Solution (VMS)

The CiscoWorks VPN/Security Management Solution (VMS) is a suite of applications used to configure, monitor, and troubleshoot Cisco virtual private networks (VPNs), firewalls, and intrusion detection systems (IDS). This suite is considered to be a key component of Cisco’s SAFE architectural blueprint for network security. Beyond the applications listed below, this suite also includes CiscoWorks Resource Manager Essentials, which was outlined in the CiscoWorks LAN Management Solution section.

  • CiscoWorks VPN Monitor. This application is used to gather, store, and view data about remote access and site-to-site VPN connections to and between Cisco devices. VPN Monitor is capable of working with Cisco 3000 VPN concentrators as well as routers in the 1700, 2600, 3600, and 7200 families.
  • CiscoWorks IDS Host Sensor. This application is used to identify and protect servers from potential threats by analyzing connection attempts. For example, this tool could be used to prevent connections from an incoming host that appears to be attempting a denial-of-service attack.
  • CiscoWorks Auto Update Server Software. This application is used to remotely manage the configuration and updating of Cisco software using a pull model. For example, this software could be used to handle the configuration and management of Cisco PIX firewalls in place at remote locations.
  • CiscoWorks Management Center for IDS Sensors. This application is used to simplify and centralize the management of network and switch IDS sensors.
  • CiscoWorks Management Center for PIX Firewalls. This application provides a management facility for up to 1000 PIX firewalls, including the centralized configuration of access rules, network address translation (NAT) settings, and so forth.
  • CiscoWorks Management Center for VPN Routers. This application provides a centralized management facility for the configuration and deployment of VPN settings on different Cisco equipment.
  • CiscoWorks Monitoring Center for Security. This application is effectively a reporting tool that brings together information from IDS, PIX, and IOS devices for the purpose of viewing and analyzing security-related events.

CiscoWorks Small Network Management Solution (SNMS)

The CiscoWorks Small Network Management Solution (SNMS) is a suite of applications used to manage Cisco networks made up of 20 or fewer Cisco devices. Beyond simply managing and monitoring Cisco devices, this suite also provides the ability to monitor non-Cisco resources such as servers, applications, and network printers. The core component of SNMS is CiscoWorks Resource Manager Essentials, which was outlined in the CiscoWorks LAN Management Solution section.