Enterprise Network Services Design (IPv6)

The network services module is a relatively new element to the campus design. As campus network planners begin to consider migration to dual-stack IPv4/IPv6 environments, and continue to integrate more sophisticated Unified Communications services, a number of challenges lie ahead. It will be essential to integrate these services into the campus smoothly—while providing the appropriate degree of operational change management and fault isolation. The campus network also needs to continue to maintain a flexible and scalable design. For example, IPv6 services can be deployed through an interim tunnel-based overlay that enables IPv6 devices to tunnel over portions of the campus not yet

IPv6-enabled. Such an interim approach enables a faster introduction of new services without requiring a networkwide, hot cutover. Examples of functions recommended to be located in a services module include

■ Centralized wireless controllers: These controllers provision and control access points across the entire campus.

■ Centralized IPv6 Intra-Site Automatic Tunnel Addressing Protocol (ISATAP) tunnel termination from the enterprise campus to the network services module: This creates a tightly controlled overlay tunnel network on top of the existing network. Like all tunneling technologies, running multiple ISATAP tunnels to different segments in the network increases network administration complexity along with making it extremely difficult to manage and troubleshoot.


■ Unified Communications services (Cisco Unified Communications Manager, gateways): To enable Unified Communications services, enterprises deploy call managers and other voice gateway devices in the services block for centralized management.

■ Policy gateways: The policy gateways provide user authentication and authorization along with network access control (NAC) functions. Typical policy gateways include authentication, authorization, and accounting (AAA) servers, access control servers (ACS), and NAC profilers.

Table 2-3 Service and Features Provided by Access Layer Switches

Service Requirements

Features

Collaboration services

Enabling voice/video applications: Power over Ethernet and QoS marking, policing, queuing Application visibility services: Flexible NetFlow

Mobility services: Unified wired/wireless location services

Virtualization services: VLAN, VRF-Lite

Automation services

Auto Smartports, Smart CallHome

Security services

Access control: 802.1x and port security Control Plane Policing (CoPP), DHCPv6 Relay, IPv6 Router Guard, IPv6 port access control list (PACL)

Resiliency

Stateful Switchover (SSO), Non-Stop Forwarding (NSF), In Service Software Upgrade (ISSU)

Intelligent network control services

PVST+, Rapid PVST+, EIGRP, OSPF, DTP, PAgP/LACP, UDLD, FlexLink, Portfast, UplinkFast, BackboneFast, LoopGuard, BPDUGuard, RootGuard

Next post:

Previous post: