Third Design Resolution with Virgilio Spaziani

In the Design Challenge Part 1, I described a scenario with four slightly different sets of requirements and eight design solutions. Now in part two, I will analyze the requirements and compare the solutions to determine the “best” solution for each requirement set. Observe that I’m not talking about best practices, but rather to customize a solution.

 

 

 

 

A reminder of all the design solutions

Blog36-All solutions.png

The analysis

 

Requirement Set 1 Analysis

  • A single routing algorithm on the private WAN: It doesn’t need to be the same routing protocol. OSPFv2 and OSPFv3, and RIPv2 and RIPNG for example share the same algorithm. However, RIPNG is not compliant because it doesn’t support dual stack and only manages IPv4 Address Families with VRFs.
  • Preference for distance vector routing protocol for IPv4 and IPv6: Distance vector protocols are RIPv2, RIPNG, EIGRP for IPv4 and EIGRP for IPv6.
  • European branches to reach the SWR service securely: The server should be reachable via HTTP SSL-based in a secure manner. This can be achieved with either NAT-PT (not a usual choice as it is deprecated) or NAT64 static translation on GW-1 and NAT64 dynamic pool at the branches or any of the proposed tunneling mechanisms (DMVPN, 6to4, or 6RD).
  • Avoid tunneling:  This excludes the DMVPN, 6to4, and 6RD solutions.
  • European branches to access the IPv4 Internet directly: NAT64 and DNS64 are needed at the branches to have direct IPv4 Internet access from a pure IPv6 network.

 


Single routing algorithm, dual stack Distance vector RP for IPv4 and IPv6Reach SWR service securely
Avoid tunnelingDirect IPv4 Internet access
Design solution 1NoYesYesYesYes
Design solution 2YesNoYesNoYes
Design solution 3YesYesYesNoYes
Design solution 4YesYesYesYesYes
Design solution 5YesNoYesNoNo
Design solution 6NoYesYesNoYes
Design solution 7YesNoYesNoNo
Design solution 8YesNoYesNoNo

 

Design Solution 4 is the “best” solution for Rising Sun given the requirement set 1.

 

Requirement Set 2 Analysis

  • A single routing protocol for both IPv4 and IPv6 on the private WAN: Observe that RIPv2 and RIPNG, or EIGRP for IPv4 and IPv6 are different routing protocols. There’s a need to compromise here, although the customer prefers (not mandates) distance vector protocols, the only solution which meets the single RP requirement is OSPFv3.
  • Scale from 8 to 50 European branches: The devices’ CPU and bandwidth should support the increased number of branches, as well as scalability from an operational perspective. NAT64 to be bidirectional requires static translations, not the best choice for 50 spokes, which is hard to maintain.
  • Internet IPv6 access via GW-2: This requires tunnels to reach the GW-2.
  • IPv6-only Internet access by the European branches: A tunneling mechanism to integrate the European branches is sufficient. NAT64 doesn’t imply IPv4 Internet access. Solutions 1 and 4 could make the European branches reach the private WAN without allowing for a complete IPv4 Internet reachability, depending on the translation rules. Solutions 2, 3 and 6 use DMVPN along with NAT64 what implies network integration for IPv4 Internet access.

 


Single RP for both IPv4 and IPv6Scale to 50 European branchesInternet IPv6 access via GW-2IPv6-only Internet access
Design solution 1NoNoNoYes
Design solution 2NoYesYesNo
Design solution 3NoYesYesNo
Design solution 4NoNoNoYes
Design solution 5NoYesYesYes
Design solution 6NoYesYesNo
Design solution 7NoYesYesYes
Design solution 8YesYesYesYes

 

Design Solution 8 is the “best” solution for Rising Sun given the requirement set 2. There is not a solution that meets the distance vector preference but Design Solution 8 meets all strict requirements.

 

Requirement Set 3 Analysis

  • A single routing algorithm on the private WAN: It doesn’t need to be the same routing protocol. OSPFv2 and OSPFv3, and RIPv2 and RIPNG for example share the same algorithm. However, RIPNG is not compliant, because it doesn’t support dual stack and only manages IPv4 Address Families with VRFs.
  • Preference for distance vector routing protocols for both IPv4 and IPv6, but not RIPNG: This leaves us with EIGRP for IPv4 and IPv6.
  • Dynamic branch IP addressing: It requires a routing protocol between GW-1 and the branches.
  • Scale from 8 to 50 European branches: The devices’ CPU and bandwidth should support the increased number of branches, as well as scalability from an operational perspective. NAT64 to be bidirectional requires static translations, not the best choice for 50 spokes, which is hard to maintain.
  • European branches to access the IPv4 Internet directly: NAT64 and DNS64 are needed at the branches to have direct IPv4 Internet access from a pure IPv6 network.

 

Single routing algorithm, dual stackDistance vector RP for IPv4 and IPv6 (no RIPNG)Dynamic branch IP addressingScale to 50 European branchesDirect IPv4 Internet access
Design solution 1NoNoNoNoYes
Design solution 2YesNoYesYesYes
Design solution 3YesYesYesYesYes
Design solution 4YesNoNoNoYes
Design solution 5YesNoNoYesNo
Design solution 6NoNoYesYesYes
Design solution 7YesNoYesYesNo
Design solution 8YesNoNoYesNo

 

Design Solution 3 is the “best” solution for Rising Sun given the requirement set 3.

 

Requirement Set 4 Analysis

  • Preference for distance vector routing protocol for IPv4 and IPv6: Distance vector protocols are RIPv2, RIPNG, EIGRP for IPv4 and EIGRP for IPv6.
  • Scale from 8 to 200 European branches without adjacencies or neighbor relationship mechanisms on the private WAN: The devices’ CPU and bandwidth should support the increased number of branches, as well as scalability from an operational perspective. NAT64 requires static translations to be bidirectional which is hard to maintain, not the best choice for 200 spokes. RIPNG meets the requirement whereas static routes don’t scale well. Automatic tunnel 6to4 and 6RD can scale as well depending on the addressing plan. The no-adjacencies, no-neighbor relationships requirement excludes OSPF and EIGRP.
  • European branches to access the IPv4 Internet directly: NAT64 and DNS64 are needed at the branches to have direct IPv4 Internet access from a pure IPv6 network.
  • Internet IPv6 access via GW-2: A tunnel to reach GW-2 is needed.

 

Preference for distance vectorScale to 200 European branches (no adjacencies or neighbor relationships)Direct IPv4 Internet accessIPv6 Internet access via GW-2
Design solution 1YesNoYesNo
Design solution 2NoNoYesYes
Design solution 3YesNoYesYes
Design solution 4YesNoYesNo
Design solution 5NoYesNoYes
Design solution 6YesYesYesYes
Design solution 7NoNoNoYes
Design solution 8NoYesNoYes

 

Design Solution 6 is the “best” solution for Rising Sun given the requirement set 4.

 

Conclusion

Which solution is “best”? No wonder why the favorite response network designers give is “it depends”! As you’ve observed, as the requirements change on a scenario so does the “best” solution. Both on the CCDE practical exam and in real life network design situations make sure to capture all requirements and constraints and analyze them against the diverse design solutions to more easily be able to justify your design choice. There may be a situation where no solution meets all requirements within constraints, and in such case seek to compromise with your customer.

 

About the Author

pic Virgilio.png

 

 

Virgilio Spaziani is CCDE #20140003 and triple CCIE #35471 (R&S, SP, and Security). He’s a network designer and a Cisco official instructor based in Switzerland. He loves to solve complex network requirements using easy network designs, to teach complex technologies using easy examples.

 

 

 

 

Here are a few additional ways for us to engage and keep the conversation going: