Sunteți pe pagina 1din 27

Politecnico di Torino

Progetto di Reti Locali

Homework 6: Network Design

Fulvio Risso

Politecnico di Torino Progetto di Reti Locali Homework 6: Network Design Fulvio Risso March 9, 2011

March 9, 2011

Contents

I.

Introduction

3

1.

Methodology

4

II.

Exercises

6

2. HSRP

 

7

 

2.1. Exercise n. 1

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

7

2.2. Exercise n. 2

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

8

2.3. Exercise n. 3

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

9

2.4. Exercise n. 4

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

10

2.5. Exercise n. 5

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

11

3. Network Design

 

12

 

3.1. Exercise n. 6

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

12

3.2. Exercise n. 7

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

13

3.3. Exercise n. 8

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

14

3.4. Exercise n. 9

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

15

3.5. Exercise n.

10 .

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

16

3.6. Exercise n.

11 .

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

17

III.

Solutions

18

4. HSRP

 

19

 

4.1. Solution for exercise n. 1

 

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

19

4.2. Solution for exercise n. 4

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

20

5. Network Design

 

21

 

5.1. Solution for exercise n. 6

 

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

21

5.2. Solution for exercise n. 7

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

24

5.3. Solution for exercise n. 11

 

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

25

 

2

Part I.

Introduction

3

1. Methodology

In this set of exercise we focus first on HSRP/VRRP analysis, and then on network design and analysis when L2/L3 switches are present. The first kind of exercises are definitely simple and require only the application of the general rules of the associated protocols specifications. Therefore, in this methodology section we concentrate on the problems that may arise when facing with L2-L3 network design, which includes the application of the the most important technologies that can be found in a modern corporate network. Most of the exercises related to the network design require to predict the path of a set of packets, given a specific network topology (in terms of switches and routers, physical links, interfaces configured at L2 or L3, VLANs). The solution usually requires the following main steps:

1. If multilayers are present in the network, take each one of them, plot its L2 and L3 components as discrete objects, then mark each interface as part of the L2 or L3 domain.

2. Determine the outcome of the Spanning Tree (i.e., which L2 ports are active and are then able to forward frames), for each VLAN present in the topology. Beware that a network may have multiple instances of the Spanning Tree.

3. If HSRP/VRRP is configured in the network, determine which is the active router (for each IP network present in the topology).

4. Analyze the packet flow generated by the application (e.g., PING), associating each packet with the proper source and destination addresses at both L2 and L3, and to the proper VLAN-ID.

5. Given that points (3) and (4) have been completed, we can now determine the path of each frame on the network topology. For this, we can exploit the source and destination MAC addresses contained in the frame in order to determine the source and destination stations on the network, and analyze the actual path of this frame according to the STP topology derived before. Please remember that in an L2 network the path between two stations is unique (the STP does not allow multiple paths between stations) and that we have to select the right STP instance related to that frame in case multiple instances are present.

4

multilayer Expand any into possible its L2 and each L3 components, interface as marking L2 or L3

its L2 and each L3 components, interface as marking L2 or L3 Determine Topology Spanning (per

Determine Topology Spanning (per VLAN) Tree

Determine the HSRP/VRRP

active network) router (per IP

Determine (i.e. ARP., the IP, packet etc.), flow with associating proper each IP and frame MAC addresses and VLAN IDs

proper each IP and frame MAC addresses and VLAN IDs each Determine the packet actual the
proper each IP and frame MAC addresses and VLAN IDs each Determine the packet actual the

each Determine the packet actual the according topology path of to

proper each IP and frame MAC addresses and VLAN IDs each Determine the packet actual the

5

Part II.

Exercises

2. HSRP

2.1. Exercise n. 1

Referring to the network topology depicted below, configure the proper HSRP param- eters on routers R1 and R2 in order to guarantee redundancy when connecting to the Internet, with R1 acting as primary router. Configure also the proper value for the default gateway on the hosts.

also the proper value for the default gateway on the hosts. H 1 IP: 130.192.16.1/24 H

H1 IP: 130.192.16.1/24

default gateway on the hosts. H 1 IP: 130.192.16.1/24 H 2 IP: 130.192.16.2/24 IP: 130.192.16.253 R1

H2 IP: 130.192.16.2/24

the hosts. H 1 IP: 130.192.16.1/24 H 2 IP: 130.192.16.2/24 IP: 130.192.16.253 R1 Internet IP: R2
the hosts. H 1 IP: 130.192.16.1/24 H 2 IP: 130.192.16.2/24 IP: 130.192.16.253 R1 Internet IP: R2

IP: 130.192.16.253 R1

the hosts. H 1 IP: 130.192.16.1/24 H 2 IP: 130.192.16.2/24 IP: 130.192.16.253 R1 Internet IP: R2
the hosts. H 1 IP: 130.192.16.1/24 H 2 IP: 130.192.16.2/24 IP: 130.192.16.253 R1 Internet IP: R2
Internet
Internet

IP: R2 130.192.16.254

7

2.2. Exercise n. 2

Referring to the network topology depicted below, configure the proper HSRP parame- ters on routers R1 and R2 in order to guarantee redundancy and load balancing when connecting to the Internet. Configure also the proper value for the default gateway on the hosts.

also the proper value for the default gateway on the hosts. H1 IP: DG: 130.192.16.1/2 -

H1 IP: DG: 130.192.16.1/2 -

default gateway on the hosts. H1 IP: DG: 130.192.16.1/2 - H2 IP: DG: 130.192.16.2/24 - IP:

H2 IP: DG: 130.192.16.2/24 -

the hosts. H1 IP: DG: 130.192.16.1/2 - H2 IP: DG: 130.192.16.2/24 - IP: 130.192.16.253 R1 Internet
the hosts. H1 IP: DG: 130.192.16.1/2 - H2 IP: DG: 130.192.16.2/24 - IP: 130.192.16.253 R1 Internet

IP: 130.192.16.253 R1

the hosts. H1 IP: DG: 130.192.16.1/2 - H2 IP: DG: 130.192.16.2/24 - IP: 130.192.16.253 R1 Internet
the hosts. H1 IP: DG: 130.192.16.1/2 - H2 IP: DG: 130.192.16.2/24 - IP: 130.192.16.253 R1 Internet
Internet
Internet

IP: R2 130.192.16.254

8

2.3. Exercise n. 3

Referring to the network topology depicted below, determine the path of a packet sent by host H1 toward the Internet in case the routers have the configuration shown in the figure and the link from R1 to the Internet has a fault.

figure and the link from R1 to the Internet has a fault. IP: DG: H1 130.192.16.1/24

IP: DG: H1 130.192.16.1/24 130.192.16.252

has a fault. IP: DG: H1 130.192.16.1/24 130.192.16.252 IP: DG: H2 130.192.16.2/24 130.192.16.252 FastEthernet0

IP: DG: H2 130.192.16.2/24 130.192.16.252

130.192.16.252 IP: DG: H2 130.192.16.2/24 130.192.16.252 FastEthernet0 Serial 0 Internet R1 Interface FastEthernet 0
130.192.16.252 IP: DG: H2 130.192.16.2/24 130.192.16.252 FastEthernet0 Serial 0 Internet R1 Interface FastEthernet 0

FastEthernet0

IP: DG: H2 130.192.16.2/24 130.192.16.252 FastEthernet0 Serial 0 Internet R1 Interface FastEthernet 0 HSRP IP:
IP: DG: H2 130.192.16.2/24 130.192.16.252 FastEthernet0 Serial 0 Internet R1 Interface FastEthernet 0 HSRP IP:
Serial 0 Internet
Serial 0
Internet

R1

Interface FastEthernet 0 HSRP IP: 130.192.16.254 Group 1 (active) Virtual Priority: Track interface IP: 110 130.192.16.252 Serial 0

IP: R2 130.192.16.253 HSRP Virtual Group IP: 130.192.16.252 1 (standby)

9

2.4. Exercise n. 4

Referring to the network topology depicted below that includes hosts belonging to two VLANs:

configure the proper HSRP parameters on routers R1 and R2 in order to guarantee redundancy and load balancing in connecting to the Internet;

for all the interfaces of the switches and host/routers, list whether they are con- figured in access/trunk mode and associate the proper VLAN to them.

Let us suppose that R1 and R2 do not generate any routing traffic (e.g. OSPF) within the LAN.

Finally, do not include in the solution the interfaces connected to the Internet.

R1

IP: H1, 130.192.16.1/24 VLAN1 DG: 130.192.16.254 Fe0 Fe1 SW1 Fe2 Fe3 Fe0 Fe0 Internet
IP: H1, 130.192.16.1/24 VLAN1
DG: 130.192.16.254
Fe0
Fe1
SW1
Fe2
Fe3
Fe0
Fe0
Internet

10

IP: H2, 130.192.17.1/24 VLAN2

DG: 130.192.17.254

R2

2.5. Exercise n. 5

Referring to the network topology depicted below, a server S is configured in a fault- tolerant mode using HSRP. Both interfaces are part of the same HSRP group in order to achieve protection against a fault of the links between the server itself and one of the two switches. Vice versa, hosts into the network are equipped with a fault-tolerant NIC (without HSRP) that features two different interfaces connected to the two available switches. The fault-tolerant NIC will select automatically one of the link as active, and the other will be put in stand-by.

Supposing that the link (S SW-1) is active, while the link (S SW-2) has a fault, will the HSRP work properly in this configuration?

In general, is it correct to deploy HSRP in such a network?

H1 H2 H3 SW-1 SW-2 If1 IP: 1.1.1.1 If0 HSRP Group: 1 IP: 1.1.1.2 V-IP:
H1
H2
H3
SW-1
SW-2
If1
IP: 1.1.1.1 If0
HSRP Group: 1
IP: 1.1.1.2
V-IP: 1.1.1.254
V-IP: HSRP 1.1.1.254 Group:1

S

11

3. Network Design

3.1. Exercise n. 6

Referring to the network topology depicted below that includes hosts belonging to two VLANs:

Determine the STP topology (all switches have default parameters);

Configure the proper HSRP parameters on routers R1 and R2 in order to guarantee redundancy and load balancing when connecting to the Internet;

For all the interfaces of the switches and host/routers, list whether they are con- figured in access/trunk mode and associate the proper VLAN to them;

Determine the links crossed by HSRP packets exchanged between R1 and R2.

Please note that R1 and R2 are expected to exchange routing traffic (e.g. OSPF) among them in order to calculate the routing topology.

Finally, do not include interfaces connected to the Internet in the solution.

 
  IP: H1, 130.192.16.1/24 VLAN1 IP: H2, 130.192.17.1/24 VLAN2 DG: 130.192.17.254

IP: H1, 130.192.16.1/24 VLAN1

IP: H2, 130.192.17.1/24 VLAN2

DG: 130.192.17.254

DG: 130.192.16.254

Fe0

Fe0
Fe0

MAC: 00:00:00:AA:AA:AA SW1

Fe1

Fe1

Fe1

Fe1

MAC: SW2 00:00:00:BB:BB:BB

Fe2

Fe2

Fe0

Fe0

R1

R1 Fe1 Fe1 R2

Fe1

Fe1

R2

R2

Internet
Internet
 

12

3.2. Exercise n. 7

Referring to the network configuration depicted below, write a possible configuration (using a Cisco-like syntax) of the interfaces of the multilayer switch, focusing on the L2-L3 interfaces configuration commands.

IP: H1, 10.1.1.1/24 VLAN 1 IP: H2, 10.1.2.2/24 VLAN 2 Fe0 Fe0 Fe1 Fe1 MAC:
IP: H1, 10.1.1.1/24 VLAN 1
IP: H2, 10.1.2.2/24 VLAN 2
Fe0
Fe0
Fe1
Fe1
MAC: 00:00:00:11:11:11 SW-1
MAC: SW-2 00:00:00:22:22:22
Fe2
Fe2
Fe0
Fe1
ML-1
BP: 24576
IP MAC: (VLAN1): 00:00:00:33:33:33 10.1.1.253/24
IP IP (VLAN2): (internet): 10.1.2.253/24 20.2.2.2/30
Fe2
Internet

13

3.3. Exercise n. 8

Referring to the network topology depicted below that includes hosts belonging to two VLANs:

Determine the path of an IP packet directed from host H1 to H2 and write the most important parameters (e.g. MAC source /destination, IP source/destination) of that packet;

Repeat the same for an IP packet directed from host H2 to host H1.

Assume that all the ports of the multilayer switch are configured in L2 mode.

MAC: IP: H1, 10.1.1.1/24 VLAN1 00:00:00:11:11:11 DG: 10.1.1.254 MAC: IP: H2, 10.1.2.1/24 VLAN2 00:00:00:22:22:22 DG:
MAC: IP: H1, 10.1.1.1/24 VLAN1 00:00:00:11:11:11
DG: 10.1.1.254
MAC: IP: H2, 10.1.2.1/24 VLAN2 00:00:00:22:22:22
DG: 10.1.2.254
Fe0
Fe0
SW-1
SW-2
Fe1
Fe1
ML-2
BP: 24576 ML-1
Fe0
Fe0
BP: 28672
Fe1
Fe1
IP IP MAC: (VLAN1): (VLAN2): 00:00:00:CC:CC:CC 10.1.1.253/24 10.1.2.253/24
HSRP V-IP: Group 10.1.1.254 1 (active)
V-MAC: HSRP 00:00:0C:07:AC:01 Group 2 (active)
V-MAC: 00:00:0C:07:AC:02 V-IP: 10.1.2.254
MAC: 00:00:00:DD:DD:DD
IP IP (VLAN2): (VLAN1): 10.1.2.252/24 10.1.1.252/24
HSRP Group 1 (standby)
VMAC: V-IP: 10.1.1.254 00:00:0C:07:AC:01
HSRP Group 2 (standby)
V-MAC: V-IP: 10.1.2.254 00:00:0C:07:AC:02

14

3.4. Exercise n. 9

Referring to the network topology depicted below that includes hosts belonging to two VLANs:

determine the STP topology;

configure the proper interfaces (e.g. IP addresses) and HSRP parameters on multi- layer switches ML-1 and ML-2 in order to guarantee redundancy and load balancing in connecting to the Internet;

associate all the interfaces of switches and hosts to the proper VLAN and indicate weather they are in access /trunk mode;

Determine the path of the HSRP packets exchanged by ML-1 and ML-2;

Determine how many HSRP packets do you expect on the link between ML-1 and

SW-1.

Please note that ML-1 and ML-2 are expected to generate routing traffic (e.g. OSPF) among them in order to exchange the routing topology.

Do not include in the solution the interfaces connected to the Internet.

Repeat the exercise in case the direct link between ML-1 and ML-2 fails.

Finally, discuss whether the direct link between ML-1 and ML-2 work better if con- figured in L2 more or in L3 mode.

IP: DG: H1, 130.192.16.1/24 VLAN1 130.192.16.254ML-2 work better if con- figured in L2 more or in L3 mode. Fe0 Fe1 Fe2

Fe0

mode. IP: DG: H1, 130.192.16.1/24 VLAN1 130.192.16.254 Fe0 Fe1 Fe2 Fe0 IP: DG: H2, 130.192.17.1/24 VLAN2

Fe1

Fe2

Fe0

DG: H1, 130.192.16.1/24 VLAN1 130.192.16.254 Fe0 Fe1 Fe2 Fe0 IP: DG: H2, 130.192.17.1/24 VLAN2 130.192.17.254 SW-2

IP: DG: H2, 130.192.17.1/24 VLAN2 130.192.17.254 DG: H1, 130.192.16.1/24 VLAN1 130.192.16.254 Fe0 Fe1 Fe2 Fe0 SW-2 Fe1 SW-1 Fe2 Fe0 Fe1 Fe1

SW-2

Fe1

SW-1

DG: H2, 130.192.17.1/24 VLAN2 130.192.17.254 SW-2 Fe1 SW-1 Fe2 Fe0 Fe1 Fe1 Fe2 Fe2 BP: ML-2

Fe2

Fe0

Fe1
Fe1
Fe1
Fe1

Fe2

Fe2

BP: ML-2 28672Fe2 Fe0 IP: DG: H2, 130.192.17.1/24 VLAN2 130.192.17.254 SW-2 Fe1 SW-1 Fe2 Fe0 Fe1 Fe1 Fe2

BP: 24576 ML-1

Internet
Internet

15

3.5. Exercise n. 10

Given the network topology depicted below that includes hosts belonging to three VLANs:

1. Determine the path of an IP packet from host H1 to host H3;

2. Determine the path of the same packet when a fault occurs on the direct link between ML-1 and ML-2;

3. Suggest three possible modifications of the network (either at the physical or at the configuration level) in order to optimize the L3 paths;

4. Indicate the number of VLANs that we expect to configure over that network;

5. List the possible IP addresses configured on the two multilayer switches ML-1 and

ML-2.

All the interfaces of the multilayer switches are configured in L2 mode, except the in- terface that connects to the WAN. Finally, let us suppose the use of the standard STP protocol (not the per-VLAN STP).

SW-1

Hosts 3 VLANs. distributed across MAC: 00:00:00:AA:AA:AA BP: 32768 H1 H2 10.1.1.11 10.1.2.22 SW-2 VLAN1:
Hosts 3 VLANs. distributed across
MAC: 00:00:00:AA:AA:AA BP: 32768
H1
H2
10.1.1.11
10.1.2.22
SW-2
VLAN1: VLAN2: VLAN3: 10.1.1.0/24 10.1.2.0/24 10.1.3.0/24
BP: 32768
MAC: 00:00:00:BB:BB:BB
H3
10.1.3.33
SW-3
MAC: 00:00:00:CC:CC:CC BP: 32768
ML-1
 HSRP 
 OSPF Routing 
ML-2
(for HSRP all active groups)
BP: 24576
BP: 28672
MAC: 00:00:00:DD:DD:DD
MAC: 00:00:00:EE:EE:EE
Wide Area
Network

16

3.6. Exercise n. 11

Given the network topology depicted below that includes hosts belonging to two VLANs, propose a configuration that:

enables optimized load balancing on the external links toward the Internet;

optimizes the paths for the exiting traffic, so that packets directed to the WAN always crosses only a single multilayer switch.

Let us suppose that all the interfaces of the multilayer switches are configured in L2 mode, except the interface that connects to the WAN and that we use the Per-VLAN STP protocol. Finally, show also the final outcome of the Spanning Tree Protocol and the path of an IP packet from host H1 to host H2.

SW-1

Hosts 2 VLANs. distributed across MAC: 00:00:00:AA:AA:AA BP: 32768 H1 10.1.1.11 SW-2 VLAN1: VLAN2: 10.1.1.0/24
Hosts 2 VLANs. distributed across
MAC: 00:00:00:AA:AA:AA BP: 32768
H1
10.1.1.11
SW-2
VLAN1: VLAN2: 10.1.1.0/24 10.1.2.0/24
BP: 32768
MAC: 00:00:00:BB:BB:BB
H2
10.1.2.22
ML-1
 HSRP 
 OSPF Routing 
ML-2
MAC: 00:00:00:DD:DD:DD
MAC: 00:00:00:EE:EE:EE
Wide Area
Network

17

Part III.

Solutions

4. HSRP

4.1. Solution for exercise n. 1

Although HSRP can be configured to provide also load balancing in addition to redun- dancy, the exercise focuses only on the first objective. Therefore a single HSRP group is required and the solution is shown in the network topology below. Since the IP address of router R1 is smaller than the IP address of router R2, the priority value has to be configured in order to force the election of that router as “active”. The default gateway for each host is shown on the network topology below.

H1 H2 IP: DG: 130.192.16.1/24 130.192.16.252 IP: DG: 130.192.16.2/24 130.192.16.252 R1 R2 HSRP IP: 130.192.16.253
H1
H2
IP: DG: 130.192.16.1/24 130.192.16.252
IP: DG: 130.192.16.2/24 130.192.16.252
R1
R2
HSRP IP: 130.192.16.253 Group 1 (active)
Virtual Priority: IP: 105 130.192.16.252
IP: 130.192.16.254
HSRP Virtual Group IP: 130.192.16.252 1 (standby)
Internet

19

4.2. Solution for exercise n. 4

The network includes two VLANs, hence we can achieve load balancing by forwarding VLAN1 traffic through R1 and VLAN2 traffic through R2; hence load balancing does not rely on HSRP. HSRP will provide only gateway redundancy and will have to be configured per-VLAN. Since routers must participate in all VLANs (i.e. they must be able to receive all the VLAN packets on their interfaces), their NICs must be configured in trunk mode. Virtual VLAN interfaces must be created and associated to VLANs; these virtual interfaces will be configured at the IP level. All hosts have access ports; the switch has access ports toward clients and trunk ports toward the routers. The resulting configuration is depicted in the picture below.

resulting configuration is depicted in the picture below. H1, VLAN1 IP: 130.192.16.1/24 No DG: VLAN 130.192.16.254

H1, VLAN1

IP: 130.192.16.1/24

No DG: VLAN 130.192.16.254 configuration

IP: 130.192.16.1/24 No DG: VLAN 130.192.16.254 configuration SW1 H2, VLAN2 IP: 130.192.17.1/24 No DG: VLAN 130.192.17.254

SW1

H2, VLAN2

IP: 130.192.17.1/24

No DG: VLAN 130.192.17.254 configuration

IP: 130.192.17.1/24 No DG: VLAN 130.192.17.254 configuration Access Fe0 port, VLAN1 Access Fe1 port, VLAN2 Trunk

Access Fe0 port, VLAN1

Access Fe1 port, VLAN2

configuration Access Fe0 port, VLAN1 Access Fe1 port, VLAN2 Trunk Fe2 port, VLAN 1-2 R1 R2

Trunk Fe2 port, VLAN 1-2

port, VLAN1 Access Fe1 port, VLAN2 Trunk Fe2 port, VLAN 1-2 R1 R2 Trunk Fe3 port,
port, VLAN1 Access Fe1 port, VLAN2 Trunk Fe2 port, VLAN 1-2 R1 R2 Trunk Fe3 port,

R1

VLAN1 Access Fe1 port, VLAN2 Trunk Fe2 port, VLAN 1-2 R1 R2 Trunk Fe3 port, VLAN

R2

Trunk Fe3 port, VLAN 1-2

Trunk Fe2 port, VLAN 1-2 R1 R2 Trunk Fe3 port, VLAN 1-2 Trunk Fe0 port, VLAN

Trunk Fe0 port, VLAN 1-2 Virtual interface VLAN1

IP: 130.192.16.252 HSRP Priority Virtual Group IP: 105 130.192.16.254 1 Virtual IP: 130.192.17.252 interface VLAN2 HSRP Virtual Group IP: 130.192.17.254 2

Trunk Fe0 port, VLAN 1-2 Virtual IP: 130.192.16.253 interface VLAN1 HSRP Virtual Group IP: 130.192.16.254 1 Virtual IP: 130.192.17.253 interface VLAN2 HSRP Virtual Group IP: 130.192.17.254 2

Group IP: 130.192.16.254 1 Virtual IP: 130.192.17.253 interface VLAN2 HSRP Virtual Group IP: 130.192.17.254 2 Internet
Internet
Internet

20

5. Network Design

5.1. Solution for exercise n. 6

Question 1

The STP topology is extremely simple, since we do not have loops in the L2 network (in fact, the direct link between R1 and R2 is a pure L3 link and hence it belongs to a different broadcast domain of the switches). Therefore, the STP topology on the L2 network overlaps with the physical topology.

Questions 2 and 3

The configuration of the VLAN ports and the HSRP on the routers can be the following:

Router

R1

---------

 

Interface

Fe0

Trunk

port,

VLAN

1-2

Virtual

Interface

VLAN

1

IP:

130.192.16.252/24

HSRP

Group

1

Virtual

IP:

130.192.16.254

Priority

105

Virtual

Interface

VLAN

2

IP:

130.192.17.252/24

HSRP

Group

2

Virtual

IP:

130.192.17.254

Interface

Fe1

Access

port,

no

VLANs

IP:

OSPF:

130.192.18.1/24

active

Router

R2

---------

 

Interface

Fe0

Trunk

Virtual

port,

VLAN

1-2

Interface

VLAN

1

IP:

130.192.16.253/24

21

HSRP

Group

1

Virtual

IP:

Virtual

Interface

130.192.16.254

VLAN

2

IP:

130.192.17.253/24

HSRP

Group

2

Virtual

IP:

130.192.17.254

Interface

Fe1

Access

port,

no

VLANs

IP:

OSPF:

130.192.18.2/24

active

Routers have their Fe1 interface configured in pure L3 mode, hence the interface is not associated to any VLAN (it operates in access mode) and it has an IP address active on it. Hosts are VLAN-unaware (no VLANs are configured on their ports); the configuration of the VLANs on the switches is the following:

Switch SW-1

 

Interface

Mode

VLAN-ID

Fe0

Access

1

Fe1

Trunk

1,2

Fe2

Trunk

1,2

Switch SW-2

 

Interface

Mode

VLAN-ID

Fe0

Access

2

Fe1

Trunk

1,2

Fe2

Trunk

1,2

Question 4

With respect to the path followed by HSRP packets, we have to note that these packets are generated on the VLAN interfaces of the routers, which are linked to the upper interface (Fe0 ). Therefore HSRP packets will exit from interface Fe0 of router R1, will go through switch SW-1, SW-2 and then will reach interface Fe0 of R2, where they will be redirected to the proper VLAN interface. HSRP packets from R2 to R1 will follow the opposite path.

It is worthy noticing that the direct link between R1 and R2 will not transport any HSRP packet. Instead, it can be used to transport routing traffic. In case of absence of this link, the routing traffic would have to be transported anyway and a possible config-

22

uration involves a new VLAN (e.g. VLAN 3) that will be dedicated to such this traffic. While such a new VLAN for routing traffic is not mandatory (routing messages can also exchanged through VLAN 1 or VLAN 2), it is a good practice to have it in order not to have routing traffic received from network hosts, therefore avoiding possible attacks coming from the clients present in the edge network.

23

5.2. Solution for exercise n. 7

Interfaces Fe0 and Fe1 are L2 interfaces (switched interfaces) and belong to the same switching domain of switches SW-1 and SW-2. Interfaces are in trunk mode and should support all the VLANs present in the network.

Additionally, some virtual VLAN interfaces must be configured in order to implement the default gateway functionalities on the switched network. Interface Fe2 is configured in L3 mode (routed interface) and connects the network to the Internet.

The configuration can be the following 1 :

!

interface

fe0

switchport

mode

trunk

switchport

trunk

allowed

vlan

1,2

!

interface

fe1

switchport

mode

trunk

switchport

trunk

allowed

vlan

1,2

!

interface

vlan

1

 

ip

address

10.1.1.253

255.255.255.0

!

interface

vlan

2

 

ip

address

10.1.2.253

255.255.255.0

!

interface

fe2

 

no

switchport

 

ip

address

20.2.2.2

255.255.255.252

!

1 Please note that different Cisco devices may use a slightly different syntax. Therefore the commands used must be considered as an indication of a possible configuration and may not work on all the devices.

24

5.3. Solution for exercise n. 11

Since the network requires both redundancy and load balancing of the Internet access, the HSRP configuration requires two groups, one per VLAN, in which ML-1 is the active router for the first group and ML-2 is active for the second. A possible solution is shown in the figure below:

Virtual Interface VLAN1

IP: 10.1.1.253/24

IP (HSRP Group 1): 10.1.1.254

Virtual IP: Interface 10.1.2.253/24 VLAN2

IP (HSRP Group 2): 10.1.2.254

Interface IP: FastEthernet0 20.2.2.1/30 No HSRP

10.1.2.254 Interface IP: FastEthernet0 20.2.2.1/30 No HSRP Trunk links Virtual Interface VLAN4 IP: No 10.1.4.1/30 HSRP
10.1.2.254 Interface IP: FastEthernet0 20.2.2.1/30 No HSRP Trunk links Virtual Interface VLAN4 IP: No 10.1.4.1/30 HSRP

Trunk links

Interface IP: FastEthernet0 20.2.2.1/30 No HSRP Trunk links Virtual Interface VLAN4 IP: No 10.1.4.1/30 HSRP Virtual
Interface IP: FastEthernet0 20.2.2.1/30 No HSRP Trunk links Virtual Interface VLAN4 IP: No 10.1.4.1/30 HSRP Virtual
Interface IP: FastEthernet0 20.2.2.1/30 No HSRP Trunk links Virtual Interface VLAN4 IP: No 10.1.4.1/30 HSRP Virtual
Interface IP: FastEthernet0 20.2.2.1/30 No HSRP Trunk links Virtual Interface VLAN4 IP: No 10.1.4.1/30 HSRP Virtual
Interface IP: FastEthernet0 20.2.2.1/30 No HSRP Trunk links Virtual Interface VLAN4 IP: No 10.1.4.1/30 HSRP Virtual
Interface IP: FastEthernet0 20.2.2.1/30 No HSRP Trunk links Virtual Interface VLAN4 IP: No 10.1.4.1/30 HSRP Virtual

Virtual Interface VLAN4

IP: No 10.1.4.1/30 HSRP

Virtual IP: Interface 10.1.4.2/30 VLAN4 No HSRP

WAN links

Virtual Interface VLAN1

IP: 10.1.1.253/24

IP (HSRP Group 1): 10.1.1.254

Virtual IP: 10.1.2.253/24 Interface VLAN2

IP (HSRP Group 2): 10.1.2.254

Interface IP: 30.3.3.1/30 FastEthernet0

No HSRP

In order to optimize the exit paths toward the WAN, we can use the PVST (Per-VLAN Spanning Tree) protocol in order to concentrate on the same multilayer switch both the “HSRP active” and the root bridge functionalities. In this case, the exit traffic will reach the HSRP active router, and from there it will go directly to the Internet. This can be achieved by setting the Bridge Priority of ML-1 equal to 24576 and 28672 (respectively for VLANs 1 and 2), which corresponds to a better priority for VLAN 1, and invert those values for ML-2 (which corresponds to a better priority for VLAN 2). In addition, HSRP groups must be configured accordingly (i.e., a better HSRP priority for ML-1 on network 10.1.1.0/24, and a better priority for ML-2 on network 10.1.2.0/24). This configuration leads to the two topologies (respectively for VLAN 1 and VLAN 2) shown in the figures below 2 .

2 Please note that in the most recent STP specifications the Bridge Priority is allowed only in multiple of 4096, and that only the most significant 4 bits are actually used and inserted in the BPDU, while the remaining 12 bits correspond to the VLAN-ID. In other words, a priority of 28672 for VLAN 1 will lead to the value 28673 in the BPDU generated for that VLAN, while the priority of 24576 for VLAN 2 will lead to the value 24578 in the BPDU generated for that VLAN.

25

SW-1

Topology VLAN 1 for 24576 VLAN 1 MAC: 00:00:00:AA:AA:AA BP: 32768 1101 0000 0000 0001
Topology VLAN 1 for
24576 VLAN 1
MAC: 00:00:00:AA:AA:AA BP: 32768
1101
0000
0000 0001
H1
10.1.1.11
Pri
VLAN-ID
SW-2
BP: 32768
28672
VLAN 1
MAC: 00:00:00:BB:BB:BB
H2
10.1.2.22
1110
0000
0000 0001
Pri
VLAN-ID
 HSRP 
 OSPF Routing 
(for HSRP group1) active
Root Bridge
(for HSRP group2) active
ML-1
ML-2
BP: 24576 (VLAN 1)
MAC: BP: 00:00:00:DD:DD:DD 28672 (VLAN 2)
Wide Area
BP: 28672 (VLAN 1)
MAC: BP: 00:00:00:EE:EE:EE 24576 (VLAN 2)
Network
SW-1
Topology VLAN 2 for
24576
VLAN 2
MAC: 00:00:00:AA:AA:AA BP: 32768
1101
0000
0000 0010
H1
10.1.1.11
Pri
VLAN-ID
SW-2
BP: 32768
28672
VLAN 2
MAC: 00:00:00:BB:BB:BB
H2
10.1.2.22
1110
0000
0000 0010
Pri
VLAN-ID
 HSRP 
 OSPF Routing 
(for HSRP group1) active
(for HSRP group2) active
Root Bridge
ML-1
ML-2
BP: 24576 (VLAN 1)
MAC: BP: 00:00:00:DD:DD:DD 28672 (VLAN 2)
Wide Area
BP: 28672 (VLAN 1)
MAC: BP: 00:00:00:EE:EE:EE 24576 (VLAN 2)
Network

It is worthy noting that this configuration optimizes the exit paths toward the Internet, but it corresponds to a worsening of the internal paths (e.g., from H1 to H2). In fact, a packet from H1 to H2 will be generated in VLAN 1 and it will traverse the network

26

(according to the topology allowed for VLAN 1) till it reaches its default gateway (i.e., ML-1, which is the HSRP active router for VLAN 1). From there, the packet will belong to VLAN 2 and then it will traverse the network according to the topology allowed for that VLAN, till it reaches the final destination H2. It is evident (as shown in the figure below) that internal paths require the traversal of both multilayer switches and therefore are not as much optimized.

SW-1 MAC: 00:00:00:AA:AA:AA BP: 32768 H1 10.1.1.11 SW-2 MAC: 00:00:00:BB:BB:BB BP: 32768 H2 10.1.2.22 Root
SW-1
MAC: 00:00:00:AA:AA:AA BP: 32768
H1
10.1.1.11
SW-2
MAC: 00:00:00:BB:BB:BB BP: 32768
H2
10.1.2.22
Root Bridge
(for HSRP group1) active
(for HSRP group2) active
ML-1
ML-2
BP: 24576 (VLAN 1)
MAC: BP: 00:00:00:DD:DD:DD 28672 (VLAN 2)
BP: 28672 (VLAN 1)
MAC: BP: 00:00:00:EE:EE:EE 24576 (VLAN 2)
Wide Area
Network

Path on VLAN 1

SW-1

MAC: 00:00:00:AA:AA:AA BP: 32768 H1 10.1.1.11 SW-2 MAC: 00:00:00:BB:BB:BB BP: 32768 H2 10.1.2.22 HSRP active
MAC: 00:00:00:AA:AA:AA BP: 32768
H1
10.1.1.11
SW-2
MAC: 00:00:00:BB:BB:BB BP: 32768
H2
10.1.2.22
HSRP active
Root HSRP Bridge active
(for group1)
(for group2)
ML-1
ML-2
BP: 24576 (VLAN 1)
MAC: BP: 00:00:00:DD:DD:DD 28672 (VLAN 2)
BP: 28672 (VLAN 1)
MAC: BP: 00:00:00:EE:EE:EE 24576 (VLAN 2)
Wide Area
Network

Path on VLAN 2

27