Design Framework & Basic Device Setup

When designing the the ultimate network it is important that we embrace an approach that follows validated best practices and that embodies a certain level of consistency necessary for current and future team collaboration. We are not the only ones that are going to be working on or reviewing our networks and therefore it is essential to ensure that it is easy for us to explain the logic that was leveraged for our design and that went into the deployment of the infrastructure.

Reference http://www.cisco.com/go/cvd as the foundation for developing your design framework.

We must address several areas of our design with purpose. Below is sample of some of the things that need to be considered when simply looking at things from a device configuration perspective: 
  • Naming conventions
  • IP address allocation
  • Port range utilization (router ports, switch access ports and switch trunk ports)
  • VLAN assignment
  • Loopback assignment
  • Base configuration
  • Management policy and framework
  • Overall device security
Let's focus our attention on defining a consistent base configuration that scales to provide simplified and secure management of the solutions within our infrastructure. There are features and services that are common across all devices or devices with a similar role in the infrastructure. The Cisco Validated Design (CVD) documentation does a good job of addressing the best practices associated with the majority of these features and services. Take for example the CVD WAN Module specific documentation which walks us through the following steps:

  1. Configure the device host name. This makes it easy to identify the device.
  2. Configure local login, password, enable passwords and password encryption services.
  3. Acknowledge that HTTPS leverages the enable password.
  4. Configure centralized user authentication. This is optional but highly recommended.
  5. Configure device management protocols such as HTTPS and SSH vs. HTTP and Telnet.
  6. Enable synchronous logging to avoid unnecessary disruptions.
  7. Enable Simple Network Management Protocol (SNMP) to allow the network infrastructure devices to be managed by a Network Management System (NMS).
  8. Add access-list controls to limit the networks that can access your device if operational support is centralized in your network.
  9. Configure a synchronized clock leveraging NTP.
  10. Configure an in-band management interface in the most resilient manner possible by using a Loopback.
  11. Bind the device processes for SNMP, Logging, SSH, PIM, TACACS+, RADIUS and NTP to the loopback interface address.

Let me provide a sample of basic router configuration setup leveraging some of what is covered within the CVD documentation:



As you navigate through the CVD documentation with the goal of defining your design framework, leverage as much of the content as possible to avoid recreating the wheel and navigating into uncharted territory. There will be times when you are required to depart from the CVD path, and in these cases take time to plan your approach carefully leveraging partner services for valuable insight and proven expertise. It's all about developing a design that provides the necessary scalability, flexibility, manageability, resiliency, performance and security to deliver applications to your users and services to your customers in a sustainable and deterministic manner. Stay tuned for upcoming CVD breakdown blogs by module. Until next time when we explore Core Enterprise Switching design and configuration.

Note: If you feel this blog is worthwhile, please share through your preferred social media channels.


No comments:

Post a Comment