Top 5 Network Design Principles with Daren Fulwell – ZNDP 067

What you will learn in this episode:

• The difference between design and architecture.
• What is network availability and how to structure solving it for a business?
• Understand why those packets need to go from one location to another
• Understand why we need to bridge the gap between Technology and Business
• Why is there a network in the first place
• Why you need to look at the network from the big picture view
• What are the unstated requirements?
• What are the failure domains?
• How to create a failure isolation
• Why you should design with modularity in mind
• Making design decisions to ensure scalability
• How pervasive security is interweaved throughout the network
• Why you need to keep your solutions simple, keep it simple (KISS)
• How to ensure the network is supportable

Here is Daren’s blog post that we reference on today’s topic of the top 5 network design principles. 

https://networkshokunin.blogspot.com/2018/03/design-principles.html

Top 5 Network Design Principles – Availability

Here we dive into network availability. Part of network availability includes resiliency and reliability of a network. We highlight the CIA triangle of confidentiality, integrity, and availability. Specifically, we talk about how each of these components interacts with one another.

In our conversation, we highlight a few real-world examples of how network availability can be achieved. Then, we discuss how to structure an approach to solve the network availability. Keep in mind, there are different levels of availability and not all customers need each level.

Finally, we highlight that “network” availability is really now application and service availability, and it is an unstated requirement today. 

Here is Daren’s write-up on this Network Design Principle Availability.

Top 5 Network Design Principles – Scalability

For scalability, we talk about the different ways to make a network flexible, so it can ramp up or ramp down as the business needs. This is bigger than just bandwidth and resources. This is the ability for a network to add more resources when required and remove them away when they are no longer needed.

We talk about a number of examples of Network Scalability that provide some real-world context.

Here is Daren’s write-up on this Network Design Principle Scalability.

Top 5 Network Design Principles – Security

These days everyone is concerned with ransomware. Because of this and other security vulnerabilities, we talk about my Turtle shell analogy and how it’s great from a perimeter security perspective but it doesn’t handle the east-west traffic issue. This is why ransomware has become such a widespread issue within organizations because their east-west traffic internally is not controlled and secured.

Daren and I talk about making sure security is pervasive throughout the network. We discuss how most SD-WAN solutions out there today include firewall like capabilities on each of the edge devices.  We talked about SDDC security capabilities and how we can lock down the applications and services our users are consuming, especially isolating the east-west attack surface.  Then we talk about authenticating and authorizing everything in your environment with some sort of Network Access Control (NAC) solution.  

Today, most customers don’t understand what they have and what it’s supposed to be doing.  This specifically weaves into availability which we talked about at the beginning. How we can ensure the availability of an application if we do not know what it’s supposed to be doing?

Here is Daren’s write-up on this Network Design Principle Security.

Top 5 Network Design Principles – Supportability 

Here we start to talk about getting visibility of what the network doing now and what it should be doing.  This is where we add automation and programmability capabilities, so we can make these environments supportable by our staff.

Now we can template the configuration.  We can strategically think about it once rather than 1000 times and create a template that can be used over and over again. We let the automation do the work.

In addition, we can get a troop multiplier by allowing our staff to focus on business related tasks rather than operations and maintenance tasks. We make the network more supportable with these capabilities, and in turn make the business more efficient.

Here is Daren’s write-up on this Network Design Principle Supportability.

Top 5 Network Design Principles – Simplicity

Let’s say we create a solution that requires a CCIE level technical person to support it. What if we only have one of those CCIE level technical staff members on our team? How can other people support it that solution if needed?

Duran and I also talk about the book titled Navigating Network Complexity by Russ White and Jeff Tantsura.

The book talks about the different surfaces of interaction between different processes, and the overall complexity.  For example, when we have a ton of redistribution within our routing protocols.

In addition, when we add an overlay technology, do we make the network simpler?  Not exactly.  We still may have a complex network under the hood.  We still have to understand what is going on and with an overlay solution, we are now relying on a software system to do the right thing, to work correctly.  If it doesn’t work, we now need to troubleshoot it.

We always need to ensure we Keep it simple (KISS)

For example, traffic engineering default outbound internet traffic. We inject a default route as we should. But now to make things simple, we can leverage the longest path match. we can split up outbound traffic with /1s or even /2s if needed. These slices of the entire internet table would both be installed in the local routing table along with the default route. Now we just let the routing protocol do what it does best with the longest path wins.  This is super simple and follows the KISS methodology.

Do not over complicate things.  If something is complicated, make sure it’s truly needed by the business.  As always bring all of the design decisions back to the business!

Here is Daren’s write-up on this Network Design Principle Simplicity.

How to reach out to Daren!

Daren Fulwell CCDE, CCIE

Daren is a 25-year plus veteran of the networking industry, having done every job from PC support through network engineer, consultant, and architect, to his current role as a Network Automation Evangelist for a networking software vendor. He is a CCIE in Enterprise Infrastructure and a CCDE and is a member of the CCIE Advisory Council, working with Cisco on defining and developing the next generation of Cisco certifications. He co-founded the #init6 initiative with a number of his fellow Council members to help mentor network engineers making the switch to the new world of network programmability and automation – or to help teach old dogs new tricks 😉

• Website
• LinkedIn
• Twitter

Resources

• Zigbits Monthly Giveaway
• Cisco Live On-Demand Videos
• Cisco Validated Designs
• Zigbits Network Design Pillar Page
• Cisco DevNet Sandbox
• Zigbits Demystifying The Roles Pillar Page
• Pluralsight
• Zigbits Network Design Course Weekly Status Emails

Come hangout with Zig and the rest of the Zigbits community in our Discord Server.