When designing a network, it is important to have an idea of how the different areas of the network should be connected together. In order to streamline this part of the design process and ensure that well-structured designs are produced, Cisco developed the Network Architectures for the Enterprise. Part of the development includes a number of functional areas and modules that are used to split up the network, as shown in Figure 1.
Cisco Network Architectures for the EnterpriseFunctional Areas and Modules
The first level of division that was developed is high level and includes the following functional areas:
- Enterprise Campus Function Area
- Enterprise Edge Functional Area
- Service Provider Functional Area
- Remote Functional Area
Enterprise Campus Functional Area
The enterprise campus functional area is intended to be the center of the network design, located at a single location where several different core elements are located and are accessed from all other parts of the network. There are several different technologies and components located at this part of the network, including routing, switching, firewalls, intrusion detection and prevention systems, voice, video, access control, among others.
The second level of division within the enterprise campus functional area includes a couple of different modules:
- Enterprise Campus Infrastructure The enterprise campus module is separated out into a number of different layers that include the different parts of the network:
- Campus CoreThe campus core connects together other modules within the enterprise campus as well as the Enterprise Edge functional area. The core focuses on the fast transport of network traffic; as this is the main function of the core, it must have high levels of redundancy and must be able to adapt to network changes quickly.
- Building DistributionThe building distribution aggregates the traffic from the access layer and provides routing and packet manipulation. This is also the location within the network where policies for QoS, security and traffic loading are implemented.
- Building AccessThe building access is responsible for the connectivity of end devices on the network.
- Enterprise Data CenterThe enterprise data center module is responsible for the support of management services, including monitoring, logging, troubleshooting, and other management features.
Enterprise Edge Functional Area
The enterprise edge functional area is responsible for the aggregation of several different off-campus elements as well as the routing of this traffic into the campus core module within the Enterprise Campus Functional area.
The second level of division within the enterprise edge functional area includes different modules that are used to connect different types of connection; these modules include:
- E-CommerceThe E-commerce module is responsible for the processing of all electronic transactions. All of the network elements that are involved with forwarding and processing these transactions are included within this module, such as web, application and database servers, firewalls, and network intrusion detection and prevention systems.
- Internet ConnectivityThe Internet connectivity module is responsible for all other public connectivity that is not covered within the e-commerce module. The different network elements in this module include web (not e-commerce), DNS, and FTP servers, firewalls, network intrusion detection and prevention systems and edge routers.
- Remote Access and VPNThe Remote Access and VPN module is responsible for initiating and terminating remote access connections including VPN traffic coming from offsite users connecting through the Internet connectivity module. The different network elements in the module include Cisco ASA security appliances (VPN termination), firewalls, network intrusion detection and prevention systems and dial-in concentrators (when still used).
- WAN and MAN and Site-to-Site VPNThe WAN and MAN and Site-to-Site VPN module is responsible for the routing of traffic from remote sites back into the central campus location. This includes the use of technologies such as leased lines, frame relay, ATM, SONET and MPLS, as well as site-to-site VPN technologies.
Service Provider Functional Area
The service provider functional area is responsible for connectivity into Service Provider networks. This includes a number of different connectivity options, from Internet access through Public Switched Telephone Network (PSTN) access.
The second level of division within the service provider functional area includes different modes that are used to connect these different service options:
- ISPThe ISP module is responsible for connecting the networking to the Internet; this includes access for Enterprise remote locations.
- Public Switched Telephone Network (PSTN) The PSTN module is responsible for connecting network elements using analog, ISDN, and wireless technologies (cellular). Often this connectivity is used for Out-of-Band (OOB) management and backup purposes.
- Frame Relay and ATM ModuleThe Frame Relay and ATM module is used to connect remote locations via a number of different permanent technologies, including Frame Relay and ATM. This module also includes connectivity using a number of different technologies that are more modern, including Digital Subscriber Lines (DSL), Cable, Wireless (bridging), and Multiprotocol Label Switching (MPLS).
Remote Functional Area
The remote functional area is responsible for connectivity of a number of different remote functional elements, including enterprise branches (connecting through a service provider), enterprise data centers, and enterprise teleworkers.
The second level of division within the remote functional area includes different models that represent the different remote connectivity options:
- Enterprise BranchThe enterprise branch module includes remote branches that allow employees to work at non-campus locations. These locations are typically responsible for providing security, telephony, and mobility options to these employees, as well as general connectivity into the campus and the different components located inside the enterprise campus.
- Enterprise Data CenterThe enterprise data center module includes a data center that includes all of the same functionality options as the campus data center, but existing at a remote location. This provides an added layer of security when done correctly, as this remote location can provide backup options should something happen to the campus data center location.
- Enterprise TeleworkerThe enterprise teleworker module is responsible for the connectivity of providing connectivity for workers who operate out of different geographically dispersed locations, including home offices, hotels or customer/client sites. Cisco Virtual Office is used to support these workers; Virtual Office provides an ability to provide productivity, security and business resiliency. This solution requires a remote and central equipment presence that is used to provide connectivity back into the central campus location.
Summary
To design a good network and to have it implemented requires many different parts of a process to work and be completed successfully. Cisco’s Network Architecture for the Enterprise provides the different tools that can be used to make the completion of these successful the first time when followed and interpreted correctly. This article provides an overview of the different functional areas and modules that are defined within this architecture and has hopefully provided a base of understanding that can be used when designing a network.