CCNP 2 Version 5
Module 1 - Remote Network Connectivity Requirements
Overview
Despite current information technology (IT) investments, many organizations find that
vital networked resources, applications, and information assets remain largely unlinked.
In fact, it is common for organizations to have hundreds of applications and databases
that cannot communicate with each other. This is due in part to increasing and often
unexpected demands from internal and external customers. Many enterprises have to
deploy new technologies and applications quickly. This often leads to the deployment of
disparate systems.
The result of these new deployments is an inability to share information efficiently across
the organization. For example, sales, customer service, or purchasing departments
cannot access customer records easily without creating different overlay networks that
join applications and information. Many organizations have found that unplanned
expansion has left them with multiple systems and distributed resources that are
uncoordinated and under utilized. The disparate systems are also difficult and costly to
manage.
The Cisco Intelligent Information Network (IIN) vision helps IT organizations correct
these problems and meet new challenges including service-oriented architectures, web
services, and virtualization using network architectures. An intelligent network builds on
an existing infrastructure foundation and turns the traditional IT “cost center” into a
strategic tool that helps enable sophisticated IT functionality, such as virtualization,
telepresence, application integration, and optimization, that streamlines IT processes.
Regardless of the size and type of business, Cisco provides architecture roadmaps to
help build a more resilient, adaptive, and intelligent network.
This introductory lesson explains conceptual network models that affect remote access
networks and the services that run on those networks. The topics in this lesson explain
the vision Cisco has of the IIN and the Cisco Service-Oriented Network Architecture
(SONA). The lesson also presents the remote connectivity infrastructure and services
within the Cisco Enterprise Architecture to explain the diversity of access options for
branch offices and teleworkers with a focus on security.
1.1.1 Hierarchical Network Model
Traditional network design uses a three-layer hierarchical model. The model provides a
modular framework that allows flexibility and makes implementation and troubleshooting easy.
Figure shows how the hierarchical model divides networks or their modular blocks into the
access, distribution, and core layers.
Each layer has specific features:



Access layer: The access layer grants local or remote users access to network
devices. In a networked campus, the access layer most often uses switched LAN
devices with ports that provide connectivity to workstations and servers. In the WAN
environment, the access layer at remote sites provides access to the corporate
network across WAN technology.
Distribution layer: The distribution layer aggregates the wiring closets using switches
to segment workgroups and isolate network problems in a campus environment.
Similarly, the distribution layer aggregates WAN connections at the edge of the
campus and provides policy-based connectivity.
Core layer: The core layer or backbone design switches packets as fast as possible.
Because the core layer is critical for connectivity, this layer must provide a high level
of availability and adapt to changes very quickly.
Network designers can apply the hierarchical model to any network type including LANs,
WANs, wireless LANs (WLANs), metropolitan-area networks (MANs), and virtual private
networks (VPNs) and to any modular block of the Cisco networking model.
1
CCNP 2 Version 5
Module 1 - Remote Network Connectivity Requirements
Figure represents an enterprise network using the traditional hierarchical model design.
1.1.2 Cisco Enterprise Architecture
The hierarchical layered approach to network design divides networks into access,
distribution, and core layers. This approach treats the campus and the WAN as separate
entities. However, over the years, enterprise networks have become more critical to business
operations and their structures are more complex. The Cisco Enterprise Architecture, shown
in Figure , integrates the entire network—campus, data center, branches, teleworkers, and
WAN. This integration provides secure access to all tools, processes, and services across all
sectors of the company.
Cisco Enterprise Architecture helps companies protect, optimize, and grow their infrastructure
to support business processes. From an information technology (IT) staff point of view, the
model facilitates planning, designing, implementing, operating, and troubleshooting (PDIOT)
networks by focusing on network elements and on relations between those elements.
Cisco Enterprise Architecture consists of five elements:

Cisco Enterprise Campus Architecture: Cisco Enterprise Campus Architecture
combines a core infrastructure of intelligent switching and routing with tightly
integrated productivity-enhancing technologies including Cisco IP Communications,
mobility, and advanced security. The campus architecture provides many features:
o High availability with a resilient multilayer design and redundant hardware and
software features.
o Automatic procedures for reconfiguring network paths when failures occur.
o Multicast to provide optimized bandwidth consumption.
o Quality of Service (QoS) to prevent oversubscription and reduce the likelihood
of dropping or delaying real-time traffic, such as voice and video, or critical
data.
o Integrated security to protect against and mitigate the impact of worms,
viruses, and other attacks on the network, even at the switch port level. Cisco
enterprise-wide architecture extends authentication support using standards
such as 802.1x and Extensible Authentication Protocol (EAP).
o Cisco Enterprise Campus provides the flexibility to add IP security (IPsec) and
Multiprotocol Label Switching virtual private networks (MPLS VPNs), identity
and access management, and VLANs to compartmentalize access. These
2
CCNP 2 Version 5




Module 1 - Remote Network Connectivity Requirements
features help improve performance and security while also decreasing costs.
Cisco Enterprise Data Center Architecture: Cisco Enterprise Data Center
Architecture is a cohesive, adaptive network architecture that supports the
requirements for consolidation, business continuance, and security. At the same time,
the Data Center enables emerging service-oriented architectures, virtualization, and
on-demand computing. IT staff can easily provide departmental staff, suppliers, or
customers with secure access to applications and resources. This capability simplifies
and streamlines management, which reduces overhead. Redundant data centers
provide backup services using synchronous and asynchronous data and application
replication. The network and devices offer server and application load balancing to
maximize performance. This solution allows the enterprise to scale without major
changes to the infrastructure.
Cisco Enterprise Branch Architecture: Cisco Enterprise Branch Architecture allows
enterprises to extend head-office applications and services, such as security, Cisco IP
Communications, and advanced application performance, to thousands of remote
locations and users or to a small group of branches. Cisco integrates security,
switching, network analysis, caching, and converged voice and video services into a
series of integrated services routers in the branch. With this integration, enterprises
can deploy new services when they are ready to do so without having to purchase
new equipment. This solution provides secure access to voice, mission-critical data,
and video applications anywhere and anytime. Advanced network routing, VPNs,
redundant WAN links, application content caching, and local IP telephony call
processing provide a robust architecture with high levels of resilience for all the
branch offices. An optimized network leverages the WAN and LAN to reduce traffic
and save bandwidth and operational expenses. Enterprises can easily support branch
offices with the ability to centrally configure, monitor, and manage devices that are
located at remote sites, including tools, such as AutoQoS or the Cisco Security Device
Manager (SDM) QoS wizard, that proactively resolve congestion and bandwidth
issues before they affect network performance.
Cisco Enterprise Teleworker Architecture: Also called the Enterprise Branch-ofOne, the Cisco Enterprise Teleworker Architecture allows enterprises to deliver
secure voice and data services to remote small or home offices (small office/home
office [SOHO]) over a standard broadband access service, providing a business
resiliency solution for the enterprise and a flexible work environment for employees.
Centralized management minimizes the IT support costs, and robust integrated
security mitigates the unique security challenges of this environment. Integrated
security and identity-based networking services enable the enterprise to help extend
campus security policies to the teleworker. Staff can securely log on to the network
over an always-on VPN and gain access to authorized applications and services from
a single cost-effective platform. Adding an IP phone to provide cost-effective access
to a centralized IP Communications system with voice and unified messaging services
enhances productivity.
Cisco Enterprise WAN Architecture: Cisco Enterprise WAN Architecture provides
converged voice, video, and data services over a single IP Communications network.
This convergence enables the enterprise to span large geographic areas cost
effectively. Granular service levels, QoS, and comprehensive encryption options help
ensure the secure delivery of high-quality corporate voice, video, and data resources
to all corporate sites to enable people to work productively and efficiently regardless
of their location. Security is provided with multiservice VPNs (IPsec and MPLS) over
Layer 2 or Layer 3 WANs, hub-and-spoke, or full-mesh topologies.
3
CCNP 2 Version 5
Module 1 - Remote Network Connectivity Requirements
1.1.3 Remote Connection Requirements in a Converged Network
A company with multiple sites that vary in size needs a remote network to connect the
various locations to each other. In such a network, a large central site is often the
corporate headquarters or a major office. Regional offices, small offices/home offices
(SOHOs), and mobile workers may need to connect to the central site for data and
information.
Because users may access the central site via multiple WAN technologies, it is important
that the central site accommodate many types of WAN connections from remote locations.
The central site is often referred to as headquarters, the enterprise, or the corporate site.
Figure describes requirements that the central site must provide to support the various
sites in a remote network.
Remote locations include these sites:



Branch office: The branch office generally accommodates employees who have a
reason to be located away from the central site. A regional sales office is an
example. Branch office users must be able to connect to the central site to access
company information. Remote site and remote office are other names for a branch
office. Branch offices can benefit from high-speed Internet access, virtual private
network (VPN) connectivity to corporate intranets, telecommuting capabilities for
work-at-home employees, video conferencing, and economical public switched
telephone network (PSTN)-quality voice and fax calls over the managed IP
networks.
SOHO and teleworker sites: The SOHO has a small office with one to several
employees or is the home office of a telecommuter. Telecommuters may also be
mobile users; that is, users who need access while traveling or who do not work at
a fixed company site. Depending on the amount of use and the WAN services
available, telecommuters working from home tend to use a dial-up connection and
broadband services.
Mobile worker sites: Mobile users tend to access the company network using an
asynchronous dial-up connection through the telephone company or access the
4
CCNP 2 Version 5
Module 1 - Remote Network Connectivity Requirements
corporate intranet using broadband Internet service and the VPN client software
on their laptops. Teleworkers working from home can also use a VPN tunnel
gateway router for encrypted data and voice traffic to and from the company
intranet. These solutions provide simple and safe access for branch offices or
SOHOs to the corporate network site according to the needs of the users at the
sites.
1.1.4 Remote Connection Considerations
These are the typical considerations for setting up a remote-site WAN connection as shown in
Figure :







Multiple access options: Remote users connect to the branch site using various
media. Branch site WANs must allow for multiple media options and simultaneous
access by multiple users. The branch office must also have connectivity to the central
or small home/small office (SOHO) site. Although a remote site may have a variety of
equipment, the site does not require the same level of complexity as the central site
requires. Examples of WAN technologies that are used to connect a remote site to the
central site include:
o Leased line
o Broadband services (cable or DSL)
o Frame Relay
o ISDN (still in use but becoming a legacy technology)
Cost: Depending on the traffic types and connectivity requirements, designers
typically consider various connectivity options including permanent or on-demand,
public and private networks, and other options as required.
Access control: To prevent unauthorized traffic, routers and firewalls use a set of
rules that permit or deny certain traffic. IT staff apply access control to router
interfaces and configure them to control which data sessions pass and which sessions
fail.
Secure connectivity: Remote sites and mobile workers can gain secure access to
corporate intranets by using VPN solutions, such as IPsec VPN or MPLS VPN.
Authentication: The remote site must be able to authenticate itself to the central site.
Redundancy: In internetworking, duplicate devices, services, or connections can
perform the work of original devices, services, or connections in the event of a failure.
Branch offices typically require more redundancy than SOHOs or mobile teleworkers.
Infrastructure availability: Service providers may not offer certain WAN services in
some regions. This consideration generally becomes more critical as sites are set up
in more remote locations.
Example: Integrated Services for Secure Remote Access
Figure shows an example of a converged network with integrated services. Many companies
have upgraded their remote connections using modems and dial up access and now use
digital subscriber line (DSL) and cable as advanced physical layer technologies. They also
use MPLS VPNs and IPsec VPNs as two of the advanced secured connectivity technologies.
Broadband technology uses existing telephone and cable television infrastructures to provide
high-speed access to the Internet. Generally, a speed of 128 kbps is adequate for most users.
However, while there is no universal definition of broadband, Cisco uses the U.S. Federal
Communications Commission (FCC) definition of advanced telecom or high speed to be 200
kbps or greater. Broadband allows remote office staff and SOHO users to connect to the
central site at higher data rates than are available with traditional on-demand technologies.
High-speed broadband access to the Internet through a broadband point of presence (PoP)
and then to corporate networks using secure VPNs is a reality for many users in the
networked world today. This broadband access has the potential to improve employee
productivity and to provide a foundation for new voice and video business services over the
Internet.
5
CCNP 2 Version 5
Module 1 - Remote Network Connectivity Requirements
Many corporations and educational institutions have instituted broadband solutions for access
by suppliers, customers, and staff. The use of the Internet for secure site-to-site connectivity
using VPNs is increasing, especially for less critical traffic.
1.1.5 Intelligent Information Network
The Cisco Intelligent Information Network (IIN) vision is a strategy that meets the evolving role
of the network within businesses and directly meets the need to align information technology
(IT) resources with business priorities.
The Cisco IIN vision has three key features:



Integration of networked resources and information assets: Modern networks
with integrated voice, video, and data allow IT departments to link the IT infrastructure
more closely with the information network.
Intelligence across multiple products and infrastructure layers: The intelligence
built into each network component extends network wide and applies end-to-end.
Active participation of the network in the delivery of services and applications:
With added intelligence within network devices, the IIN makes it possible for the
network to actively manage, monitor, and optimize service and application delivery
across the entire enterprise environment.
6
CCNP 2 Version 5
Module 1 - Remote Network Connectivity Requirements
With these features, the IIN offers much more than basic connectivity, bandwidth for users,
and access to applications. The IIN offers end-to-end functionality and a centralized, unified
control that promotes true business transparency and agility.
The IIN vision offers an evolutionary approach. Functionality can be added to existing network
infrastructure as required in three phases:



Integrate transport: IIN consolidates data, voice, and video into an IP network for
secure network convergence. By integrating data, voice, and video transport into a
single, standards-based, modular network, organizations can simplify network
management, generate enterprise wide efficiencies and reduce infrastructure costs.
Network convergence also lays the foundation for a new class of IP-enabled
applications delivered through Cisco IP Communications solutions.
Integrate services: When convergence is complete, the network will pool and share,
or virtualize, resources to meet the changing needs of the organization more flexibly.
Integrated services unify common elements including storage and data center server
capacity. By extending virtualization capabilities to encompass server, storage, and
network elements, an organization can use all of its resources more efficiently. In
addition, shared resources across the IIN provide services in the event of a local
systems failure, which enhances business continuity.
Integrate applications: The third phase is Application-Oriented Networking (AON).
AON focuses on making the network “application aware” so that the network can
optimize application performance and deliver networked applications to users more
efficiently. In addition to capabilities such as content caching, load balancing, and
application-level security, Cisco AON makes it possible for the network to simplify the
application infrastructure by integrating intelligent application message handling,
optimization, and security into the existing network.
1.1.6 Cisco SONA Framework
IIN helps organizations meet new IT challenges including deploying service-oriented
architectures, web services, and virtualization. Cisco Service-Oriented Network Architecture
(SONA) is an architectural framework that details the set of common services that are
deployed in the network to close gaps between the resources and applications. Cisco SONA
describes how to build an IIN. The Cisco SONA framework provides these advantages to
enterprises as shown in Figure :



Outlines the path toward the IIN
Illustrates how to build integrated systems across a fully converged IIN
Improves flexibility and increases efficiency resulting in optimized applications,
processes, and resources
Cisco SONA uses the extensive product line, services, proven architectures, and experience
of Cisco and its partners to help the enterprises achieve their business goals.
The Cisco SONA framework shows how integrated systems allow a dynamic, flexible
7
CCNP 2 Version 5
Module 1 - Remote Network Connectivity Requirements
architecture and provide for operational efficiency through standardization and virtualization.
Cisco SONA framework is based on the premise that the network is the common element that
connects and enables all components of the IT infrastructure. Figure shows these three layers
of the IIN:



The networked infrastructure layer: The infrastructure layer interconnects all IT
resources across a converged network foundation. IT resources include servers,
storage, and clients. The networked infrastructure layer is a representation of how
these resources exist in different places in the network, including campus, branch,
data center, WAN, metropolitan-area network (MAN), and teleworker locations. The
infrastructure layer provides customers with connectivity anywhere and anytime.
The interactive services layer: The interactive services layer delivers efficient
allocation of resources to applications and business processes through the networked
infrastructure. This layer includes these services:
o Voice and collaboration services
o Mobility services
o Security and identity services
o Storage services
o Computer services
o Application networking services
o Network infrastructure virtualization
o Services management
o Adaptive management services
The application layer: The application layer includes business applications and
collaboration applications. The objective for customers in this layer is to meet
business requirements and achieve efficiencies by leveraging the interactive services
layer.
8
CCNP 2 Version 5
Module 1 - Remote Network Connectivity Requirements
9