As promised, here is the Part 2 blog by Cisco Press CCDE Study Guide author, Marwan Al-shawi. Enjoy. -Brett
Part 1 of this blog discussed briefly the similarities between “Art” and “Network Design”. It also highlighted how the CCDE Study Guide will help you to become a better network designer in general and prepare you for the CCDE Practical Exam in particular, along with my suggested approach to reading this book. This blog (Part 2), on the other hand, will focus on a very critical and important topic – “How to think like a network designer.” For simplicity, I will use a mini design scenario that focuses on two primary design principles to demonstrate “how” a network designer or architect’s thoughts about and approach to any design project can influence the design choices and the overall outcomes. In other words, even if the selected technology or design option is technically valid, it may not be the optimal one. What does this mean, exactly?
In several consulting and design engagements, I’ve seen many networks designed in a way that is either very difficult to manage, or the IT team is suffering from scalability limitations in responding to their organization’s business needs (such as opening new remote sites or adding a new Data Center). In fact, any successful network design in the long-term is largely determined by the choices network designers/architects make. Therefore, the issues highlighted above are almost always due to the fact that the different places in the network (PINs) are either designed in isolation or the network is designed to cater to today’s requirements only (sometimes a combination of both).In any case, this will most likely lead to suboptimal design choices. The following scenario will explain this in more detail.
XYZ is a retailer that is expanding their presence rapidly across North America region, and their IT team hired a network consultant to help them with the redesign project of their international network. The following summarizes XYZ’s current network and some of the new requirements (see Figure 1):
- 2x data centers (DCs) with a future plan to add a 3rd DC
- MPLS L3VPN enabled across the Global WAN
- The remote sites are connected to the global WAN (hub routers) over a separate service provider network (MPLS L3VPN)
- Internal staff traffic needs to be separated from contracting staff traffic (from all remote sites and across the WAN and DCs)
- The network consultant/architect/designer must perform a proof of concept (POC) of the proposed solution using Region 3 remote sites with end-to-end connectivity to the primary DC
In this scenario, the network consultant focused primarily on how to meet these requirements and perform a successful POC using Region 3 as a pilot for this project. As shown in Figure 1, Region 3 has 18 remote sites (relatively small number of remote sites). Based on that, the network consultant decided to use a simple solution which is based on provisioning a “GRE tunnel + VRF” per user group to achieve end-to-end path separation requirements as illustrated in Figure 2.
Technically, when considering this solution, the network will require at least the following numbers of GRE tunnels to be created and managed:
- Region 1 Hub : 200 remote sites’ GRE Tunnels + 8 GRE Tunnels from the hub to the 2x DCs
- Region 2 Hub : 160 remote sites’ GRE Tunnels + 8 GRE Tunnels from the hub to the 2x DCs
- Region 2 Hub : 36 remote sites’ GRE Tunnels + 8 GRE Tunnels from the hub to the 2x DCs
Total GRE tunnels ~420 GRE Tunnels! (See Figure 3)
Although this solution is technically valid and the outcome of the POC will probably succeed, when this retailer starts rolling out this solution across their different regions as well as integrate it with their secondary data center, they will start to face many issues, including:
- Limited scalability and flexibility (adding new remote sites or considering a new virtual network/VRF for the remote sites will require many changes with increased complexity)
- Difficult to manage (increased operational complexity, such as too complex to troubleshoot)
- Lack of resiliency (increased routing complexity to control traffic flows across the existing and future data centers for applications hosted in different DCs)
As a result, this solution will introduce limitations to the business in achieving their business goals and future plans, not to mention that the increased operational complexity and network troubleshooting will possibly increase the risk of having logger services downtime when there is a network issue.
As highlighted earlier in this blog, the issue here is mainly because the network consultant designed this network “in isolation” by focusing mainly on Region 3 and the POC result using one DC to prove the solution’s accuracy. This approach does not take into consideration the business key drivers and the bigger picture to see what the network will look like when the other regions join the overlay (GRE Tunnels). Also, he did not consider any future plans, for example, how complex and resilient this design will be when this retailer adds a third DC to their network (see Figure 3)
In order to provide a successful design to serve as a business enabler, you should think like a designer/architect by looking beyond the limited vision of just the technical aspect of the solution.. In other words, to provide a better design for this retailer, XYZ, in the example above, you should first look at the big picture and use a “holistic approach” rather than “designing in isolation”. With the holistic approach, simply ask the question, “How will this solution integrate with other parts of the network like the primary DC, secondary DC, other regions, the MPLS enabled WAN core, etc.?” The other principle that should’ve been used by this network consultant is to “build today with tomorrow in mind”. With this principle, you will not only consider what the network has to deal with today, but you will start looking forward and thinking about what this business is planning to do in the future and how this can impact the proposed design, such as adding new virtual networks, adding new DCs, adding new applications, merging with another company, etc.
Taking these two simple yet very important principles into consideration, you will be able to make better design decisions to support the business goals and future plans that is driven by more than just the technical aspect.
Taking the above into account, one possible optimized solution for XYZ is using MPLSoDMVPN (2547oDMVPN). This solution will offer the following: (see figure-4)
- Simplicity with higher degree of scalability and flexibility (single tunnel from each remote site, adding new remote sites or new virtual networks will not impact or change the overlaid or core network design)
- Resiliency (controlling routing will be simpler “ L3VPN style”)
Operational simplicity here is a bit arguable because, on the one hand, this solution offers more simplified and flexible routing design, but on the other hand, it does need people with advanced networking knowledge /experience in MPLS, MP-BGP, IGP, etc.
That being said, the given information is still not enough to decide whether using MPLSoDMVPN is the best fit for this organization or not. For example, the used applications within this network and its characteristics were not specified, which can influence design choices to a large extent. Nevertheless, this example was not intended to describe “what” to choose, but instead to help you learn “how” to think like a designer and make better design decisions.
To sum up, the way you think as a network designer/architect when you approach a design project will drive your design choices and will significantly determine how successful your design is. Therefore, the mindset and approach must be different from when you approach an implementation project as a technical implementation engineer (CCDE vs. CCIE mindset). Thinking like a designer will always open new dimensions for you to consider in your design that will eventually help you to make wiser design decisions.