Professional Documents
Culture Documents
1 Isp Network Design
1 Isp Network Design
Point of Presence
Topologies
PoP Topologies
Core
PoP Design
Modular
Design
Aggregation Services separated according
to
connection speed
customer service
contention ratio
security considerations
Web Cache
Backbone link
to another PoP
Backbone link
to another PoP
Network
Core
Consumer cable,
xDSL and
wireless Access
Consumer
DIal Access
MetroE customer
aggregation layer
Network
Operations
Centre
Channelised circuits
for leased line circuit delivery
IGP implementation
Modular
iBGP implementation
IGP implementation
Modular
iBGP implementation
PoP Modules
Low
PSTN/ISDN dialup
Low bandwidth needs
Low revenue, large numbers
Leased
10
PoP Modules
Broad
MetroE
11
PoP Modules
PoP
Core
Border
Network
12
PoP Modules
ISP
Services
Hosted
Services/DataCentres
13
PoP Modules
Network
Operations Centre
Out
14
PSTN lines to
modem bank
Access Network
Gateway Routers
2811
To Core Routers
2800/3800
PSTN lines to
built-in modems
TACACS+/Radius
proxy, DNS resolver,
Content
15
3800/7206/7600
Channelised T1/E1
To Core Routers
Mixture of channelised
T1/E1, 56/64K and
nx64K circuits
16
7200/7600/ASR1000/ASR9000
Metro Ethernet
Channelised T3/E3
To Core Routers
Channelised OC3/OC12
17
61xx
6400
IP, ATM
uBR7246
Access Network
Gateway Routers
To Core Routers
18
Service Network
Gateway Routers
WWW
cache
DNS
POP3
secondary
Mail
Relay
NEWS
DNS
cache
19
Hosted Network
Gateway Routers
Customer 1
Customer 3
Customer 5
Customer 7
Customer 2
Customer 4
Customer 6
20
Border Module
ISP1
ISP2
Network
Border Routers
To core routers
21
NOC Module
Critical Services
Module
To core routers
Corporate LAN
Out of Band
Hosted Network
Gateway Routers
Management Network
Firewall
2811/32async
Primary DNS
Network Operations Centre Staff
Billing, Database
and Accounting
Systems
22
2811/32async
To the NOC
NetFlow
enabled
routers
NetFlow
Collector
Out of Band Ethernet
23
Backbone Network
Design
24
Backbone Design
Routed
Backbone
Switched Backbone
Virtually obsolete
Point-to-point
circuits
ATM/Frame
25
design standardised
ISP
26
ISP Services
Backup
Operations Centre
POP Two
Customer
connections
Customer
connections
ISP Services
POP One
POP Three
ISP Services
External
connections
Operations Centre
External
connections
27
Backbone Links
ATM/Frame
Relay
Leased
Line/Circuit
28
to cost more
Plan for the future (at least two years
ahead) but stay in budget
Allow
29
POP One
POP Three
Alternative/Backup Path
30
to be cheaper
Circuit concentration
Choose from multiple suppliers
Think
big
More redundancy
Less impact of upgrades
Less impact of failures
31
Metropolitan Links
POP One
POP Three
Metropolitan Links
32
ISP Services
DNS, Mail, News
Design and Placement
33
ISP Services
ISP Services:
DNS
Domain
Name System
Primary nameserver
Secondary nameserver
Caching nameserver resolver
35
ISP Services:
DNS
Primary
nameserver
36
ISP Services:
DNS
Secondary
nameserver
At different PoPs
On a different continent e.g. via services offered by
ISC, PCH and others
At another ISP
37
ISP Services:
Secondary DNS Example
$ dig apnic.net ns
;; ANSWER SECTION:
apnic.net.
apnic.net.
apnic.net.
apnic.net.
apnic.net.
apnic.net.
apnic.net.
apnic.net.
;; ADDITIONAL SECTION:
ns1.apnic.net.
ns3.apnic.net.
ns4.apnic.net.
ns5.apnic.com.
cumin.apnic.net.
tinnie.apnic.net.
ns-sec.ripe.net.
tinnie.arin.net.
10800
10800
10800
10800
10800
10800
10800
10800
3600
3600
3600
10800
3600
3600
113685
10800
NS
NS
NS
NS
NS
NS
NS
NS
A
A
A
A
A
A
A
A
ns1.apnic.net.
ns3.apnic.net.
ns4.apnic.net.
ns5.apnic.com.
cumin.apnic.net.
ns-sec.ripe.net.
tinnie.arin.net.
tinnie.apnic.net.
202.12.29.25
202.12.28.131
202.12.31.140
203.119.43.200
202.12.29.59
202.12.29.60
193.0.0.196
199.212.0.53
Brisbane
Tokyo
Hong Kong
Washington
Brisbane
38
Amsterdam
Washington
ISP Services:
Secondary DNS Example
apnic.net zone
Zone secondaried by
Brisbane
Hong Kong
Tokyo
Washington
RIPE NCC in Amsterdam
ARIN in Washington
ISP Services:
DNS
Caching
nameserver
40
ISP Services:
Caching Nameserver
Web Cache
DIAL network
To Core Routers
Switch redundancy
Router redundancy
DNS Cache redundancy
DNS Cache
Radius proxy
DNS Cache
41
ISP Services:
Anycasting the Caching Nameserver
One
Geek
Alert
42
ISP Services:
DNS
Efficient
43
ISP Services:
DNS
Software
44
ISP Services:
DNS
Implementation
45
ISP Services:
Mail
ISP Services:
Mail Configuration
Incoming mail
from Internet
Mail out to
the Internet
SpamAssassin
ClamAV
mail.isp.net
ISP Mail Gateway
smtp.isp.net
Customer mail relay
SpamAssassin
ClamAV
Incoming mail
from customer
pop3.isp.net
Customer POP3/IMAP server
Mail pulled by
customer client
47
ISP Services:
Mail Example
$ dig cisco.com mx
;; ANSWER SECTION:
cisco.com.
cisco.com.
cisco.com.
cisco.com.
cisco.com.
cisco.com.
cisco.com.
cisco.com.
cisco.com.
86400
86400
86400
86400
86400
86400
86400
86400
86400
MX
MX
MX
MX
MX
MX
MX
MX
MX
10
10
10
10
10
10
15
20
25
sj-inbound-a.cisco.com.
sj-inbound-b.cisco.com.
sj-inbound-c.cisco.com.
sj-inbound-d.cisco.com.
sj-inbound-e.cisco.com.
sj-inbound-f.cisco.com.
rtp-mx-01.cisco.com.
ams-inbound-a.cisco.com.
syd-inbound-a.cisco.com.48
ISP Services:
Mail
Software
ISP Services:
News
News
50
ISP Services:
News System Placement
Customer
connections
News Feeder
POP Two
Customer
connections
Customer
connections
POP Three
News Feeder
POP One
External
connections
News Collector
News Distributor
News Feeder
External
connections
51
ISP Services:
News System Placement
Customer
connections
News Feeder
POP Two
Customer
connections
Customer
connections
POP Three
News Feeder
POP One
External
connections
News Collector
News Distributor
News Feeder
External
connections
52
ISP Services:
News
Software
Addressing
54
ARIN http://www.arin.net
APNIC http://www.apnic.net
North America
AfriNIC http://www.afrinic.net
LACNIC http://www.lacnic.net
56
http://www.cymru.com/Documents/bogonlist.html
58
59
61
62
One
223.10.0.0/21
223.10.0.1
223.10.6.255
/24
Infrastructure Loopbacks
Customer assignments
Phase Two
223.10.0.0/20
223.10.0.1
223.10.5.255
/24
Original assignments
/24
223.10.15.255
New Assignments
63
Addressing Plans
Planning
Registries
64
infrastructure allocation
Document
customer allocation
Contained in iBGP
Eases operation, debugging and management
Submit network object to RIR Database
65
Routing Protocols
66
Routing Protocols
IGP
EGP
No
67
backbone scaling
Hierarchy
Modular infrastructure construction
Limiting scope of failure
Healing of infrastructure faults using dynamic
routing with fast convergence
68
to large network
Hierarchy
Limit scope of failure
Policy
69
Interior
Automatic neighbour
discovery
Generally trust your IGP
routers
Prefixes go to all IGP
routers
Binds routers in one AS
together
Exterior
Specifically configured
peers
Connecting with outside
networks
Set administrative
boundaries
Binds ASs together
70
Interior
Carries ISP
infrastructure addresses
only
ISPs aim to keep the
IGP small for efficiency
and scalability
Exterior
Carries customer
prefixes
Carries Internet
prefixes
EGPs are independent
of ISP network topology
71
BGP4
and OSPF/ISIS
BGP4
IXP
Static/BGP4
Customers
72
Routing Protocols:
Choosing an IGP
Review
ISP
73
Routing Protocols:
IGP Recommendations
If you can count the routers and the point to point links
in the backbone, that total is the number of IGP entries
you should see
IGP details:
74
Routing Protocols:
More IGP recommendations
To
Using ip unnumbered on customer point-topoint links saves carrying that /30 in IGP
75
Routing Protocols:
iBGP Recommendations
iBGP
76
Routing Protocols:
More iBGP Recommendations
Scalable
iBGP features:
77
Security
78
Security
Protect themselves
Help protect their customers from the Internet
Protect the Internet from their customers
79
security
80
server security
Hosted
services security
81
To core routers
Service Network
Gateway Routers
DNS
POP3
secondary
Mail
Relay
NEWS
DNS
cache
Web
server
82
To core routers
Service Network
Gateway Routers
Outbound
ICMP
Allow DNS udp/53 and
tcp/53
Block all access to ISP
address range
Premises security
Staff responsibility
RFC2196
RFC3871
of Service Attacks
eg: smurfing
see http://www.denialinfo.com
Effective
filtering
85
How
86
88
optional!
Allows access to network equipment in
times of failure
Ensures quality of service to customers
Minimises downtime
Minimises repair time
Eases diagnostics and debugging
89
Full
90
Equipment Rack
Router, switch
and ISP server
consoles
Ethernet
91
to the NOC
Full
92
Test Laboratory
93
Test Laboratory
Designed
Used
94
Test Laboratory
Some
95
Test Laboratory
Cant
Every
96
Operational
Considerations
97
Operational Considerations
Operational Considerations
Maintenance
Never
Never
Never
do maintenance on a Friday
do maintenance on a Monday
Operational Considerations
Support
Differentiate
Network
100
Operational Considerations
NOC Communications
NOC
101
102
103
104