Network Setup
The following is considered the most usual network setup when you deploy the following technology, even though it might not fit your situation. You can see the following info as a guide or reference, rather than a requirement.
Equipments to use
* Routers, firewalls, switches
* Category 5/5e patch cable for wired connection
* Servers, workstations
1. Router
* In most cases, you need to do IP routing between your ISP (the Internet) and your network
* With that in mind then you need a router that at least has two Layer-3 (routing) interfaces, one is facing the ISP and another facing your LAN
* Depends on the router model, one interface that is facing your LAN is Ethernet interface and another interface that is facing your ISP could be Ethernet or non-Ethernet interface
* Non-Ethernet interface could be T1/E1 (Serial), ISDN, and DSL
* When the router has Non-Ethernet interface, then the router might have integrated modem
* When you have T1/E1, DSL, or cable Internet; you could use dual-Ethernet interface router when there is supporting external modem with Ethernet port
* When the router has multiple Ethernet ports (i.e. dual-Ethernet router), verify if any of those ports are capable as Layer-3 (routing) interface
* When the router has integrated switch, then the all switch ports are considered one Layer-3 (routing) interface that will be facing your LAN
* The router might need to do NAT/PAT between your internal private subnet and the IP address provided by the ISP
* Typically routers don't do OSI Layer 5-7 inspection and/or filtering (i.e. SPAM email filter). You might need a firewall specifically for these.
2. Firewall
* In most cases, you need to do IP routing between your ISP (the Internet) and your network
* In addition, you also need to have firewall for some Internet security
* With that in mind then you need a firewall that at least has two Layer-3 (routing) interfaces, one is facing the ISP and another facing your LAN
* Usually the firewall interfaces are Ethernet only without integrated modem
* You need to have an external modem or external integrated modem/router to connect the firewall to your ISP assuming no integrated modem exists
* When the firewall has multiple Ethernet ports, verify if any of those ports are capable as Layer-3 (routing) interface
* When the firewall has integrated switch, then the all switch ports are considered one Layer-3 (routing) interface that will be facing your LAN
* The firewall might need to do NAT/PAT between your internal private subnet and the IP address provided by the ISP
3. Switch
* Most home or small business network use Layer-2 switch
* With Layer-2 switch, all ports are considered one Layer-3 (routing) interface
* Layer-2 switch does not do routing; only switching or bridging
* You still need to do routing between your ISP (the Internet) and your LAN; hence you still need either a router or a firewall
* You will connect the switch to the router or firewall LAN interface
* When the router or firewall has integrated switch, then you probably need a crossover Category 5/5e patch cable instead of the straight-through type when connecting the switch to the router/firewall
4. Servers and Workstations
* You will connect servers and workstations to the switch ports
* When the workstations need to receive IP address automatically, then you may need to set the router or firewall as DHCP server and the workstations as DHCP client
* Servers need to have static IP address; refer to the server operating system on how to set static IP address
Choosing ISP
Whenever possible, choose ISP that has reliable connection to backbone network. Note that the ISP does not need to be the Tier-1 class (such as AT&T or Verizon), especially when your area is only served by Tier-3 class ISP. As long as the ISP has such reliable connection, you should be in good shape for the most of time.
To find out how reliable your ISP connection to backbone network, you can ask following questions
* What kind of circuit does the ISP have to the backbone network? OC-X (OC-3, OC-12, or higher)? SONET ring? DWDM?
* How many transit provider does the ISP connect to? Three should be the "standard"
* Who are the transit providers? Are they Tier-1 class providers? Something like Level 3, Cogent, Sprint, or Internap should be sufficient.
Choosing Circuit Connection to ISP
The most common circuit connections for home or small businesses are the following
1. T1/E1, Point-To-Point (Dedicated Leased Line), or Frame Relay
2. ISDN
3. Broadband: DSL, Cable Internet
4. Wireless
The first two kind of circuits are considered "top of the line" for home or small businesses. The standard SLA (Service Level Agreement) should include 4-hour response time which may not present on broadband circuit kind. In most cases, these two circuit kinds are more reliable than the broadband; hence require "top dollar" fee compared to the broadband.
Choosing circuit connection to ISP depend on how critical your Internet applications are. If you or your organizations require constant, stable, and reliable Internet connection 24/7, then the first two circuit kind should be the choice. If you or your organization can tolerate some down time (no Internet connection for some time), then the last two choices should be sufficient.
Between T1/E1, DSL, and Cable Internet
Let's say you have following choices of ISP connection speed (bandwidth)
1. A 1.5MBps full T1 circuit
2. A 1.5MBps ADSL over POTS (phone line)
3. A 3 MBps Cable Internet
For home users or small businesses, the third choice looks most attractive since it usually offers more bandwidth with the lowest cost. Keep in mind that broadband connection (including Cable Internet) has minimal or no SLA compared to the T1 circuit.
In addition, a lot of time Cable Internet provider has some kind of bandwidth limit. The 3 MBps bandwidth or speed is most likely the burstable speed and may not reflect the actual speed. If you or your organization constantly use up the 3 MBps speed, the Cable Internet provider might give you or your organization penalties like charge extra fee or might reduce the speed without your consent or knowing.
Unlike Cable Internet, there is no such penalty on ADSL connection. In most cases, the speed connection is constant. When you have both T1 and ADSL from the same provider, you or your organization might be able to have some kind of Internet connection load balance or failover mechanism.
Side Note:
Check out following FAQ for more info on load balance or failover mechanism
»Cisco Forum FAQ »Redundant Link Graceful Internet Load Balance/Failover
However ADSL (and other xDSL technology) speed depends on the distance between your site and the ISP. The closer your site to the ISP, the more bandwidth or higher speed available to you. Specifically with xDSL connection that ride over POTS, there might be some electromagnetic interference factors you also need to consider.
Choosing Connection Speed/Bandwidth
How fast should your connection be? Is 1.5MBps connection fast enough? Should I choose the 6MBps speed instead of 1.5MBps speed?
Choosing connection speed should be based on your application performance. Locate your critical Internet applications that will take the ISP connection bandwidth the most. These applications vary between home users or small businesses. As illustration, the applications could be simple Internet browsing, email, online gaming, voice or video over the Internet, and web hosting.
Once you locate the applications, the next step is to find out what the most appropriate speed for such applications considering their workload. When you are unsure what the most appropriate speed is, the application customer support should be the first to contact.
If you are still unable to find out the most appropriate speed afterward, then the next consideration factor is your financial budget. When your budget is limited, then you should pick the least expensive connection (which also mean the slowest connection). Should you need faster connection in the future, you could always consider upgrading the speed.
Choosing Internet gateway device
The most common Internet gateway devices for home or small businesses are routers and firewall. Routers are usually preferable since they fit to most Internet connection environment compared to firewall. However firewall could be the choice when you or your organization only require default gateway route to your ISP and no plan of having T1/E1, Point-To-Point, Frame Relay, or ISDN circuit to your ISP.
Whichever device you choose, you should choose device that can provide at least decent security features or protections. In addition, business grade device is recommended since they are more reliable than the consumer grade.
In Cisco world, routers for home or small businesses are 800 series or higher. As to firewall choices, they should be ASA 5500 series or PIX Firewall.
Choosing Modem
As mentioned, you have a choice to use either external or internal (integrated) modem. When you have a broadband Internet such as ADSL and Cable Internet, typically you need to have an external modem. Should you prefer to use internal modem that is integrated into the Internet gateway device, make sure that the modem is compatible to your ISP connection.
In case that you use external modem, you need to verify if the modem is "just" a modem (dumb modem) or if the modem is an integrated modem/router. A simple dumb modem typically need no special configuration. You can just connect the modem into your Internet gateway device. If the modem is an integrated modem/router, then you need to confirm further issues like bridge/route mode, NAT/PAT active, and so on.
Connecting Router or Firewall To Your ISP
Followings are most common network scenarios for each ISP connection type
1. T1/E1, Point-To-Point, or Frame Relay
* use a router with either internal or external DSU
* receive static IP address with specific subnet mask from ISP
* the ISP static IP address may be a public IP address (Internet routable) or may be a private IP address (non-Internet routable)
* may or may not receive ISP DNS IP address
2. DSL
* use a router or firewall with either internal or external DSL modem
* When using a Cisco router with internal DSL modem, there might be a need to have interface BVI1 activated and to set VPI/VCI value for the ATM interface
* When there is no internal DSL modem, you should not need BVI interface
* receive either static or dynamic IP address with specific subnet mask from ISP
* the ISP IP address is a public IP address (Internet routable)
* ISP assign the IP address by either PPP (PPPoE or PPPoA), DHCP, or static
* may or may not receive ISP DNS IP address
2.1 When ISP uses PPP
* When you use Cisco router as the ISP gateway, there is a need to have interface Dialer1 activated
* You need to tie the WAN port interface with the interface Dialer1
* Under the interface Dialer1, there is a need to have either "ip address x.x.x.x y.y.y.y" (statically assigned) or "ip address negotiated" (dynamically assigned)
2.2. When ISP uses DHCP or static
* When using a Cisco router with internal DSL modem, there might be a need to have either "ip address x.x.x.x y.y.y.y" (statically assigned) or "ip address negotiated" (dynamically assigned) under the interface BVI1
* You might be required to set specific MAC address under the interface BVI1
* When you do use interface BVI1, you need to tie the WAN port interface with the interface BVI1
* When the router has no internal DSL modem, then the IP address assignment (either statically or dynamically) should be under the ISP-facing Ethernet interface
* Should you need to set specific MAC address and there is no internal DSL modem, the MAC address should be under the ISP-facing Ethernet interface
3. Cable Internet
* use a router or firewall with either internal or external cable modem
* receive either static or dynamic IP address with specific subnet mask from ISP
* the ISP IP address is a public IP address (Internet routable)
* You might be required to set specific MAC address under the WAN port interface (interface cable0 or Ethernet interface)
* may or may not receive ISP DNS IP address
4. ISDN
* use a router with either internal or external ISDN modem
* receive either static or dynamic IP address with specific subnet mask from ISP
* the ISP IP address is a public IP address (Internet routable)
* may or may not receive ISP DNS IP address
* since ISDN uses PPP, also check on part of "2.1 When ISP uses PPP"
Find out your suitable WAN connection type
Usually you already know that your LAN is Ethernet environment. But do you know what WAN environment you would have? Is it T1/E1, DSL, PPPoE, PPPoA, DHCP, or what?
The only people who know what your WAN environment would be is your ISP. Please consult with your ISP representative regarding the connection type. Usually when you are a new customer, your ISP would provide you necessary info of how to connect your LAN to the Internet; either by mail, email, or phone.
Keep in mind that the ISP provided info might not be as technical or unclear. Here is a suggestion. Document all info provided here in this FAQ. You then consult the WAN connection type with your ISP representative. Ask the representative to find out which WAN connection type provided here that would match.
Some key words you need to discuss with your ISP representative are followings:
* Physical (Layer 1) connection: T1/E1, ISDN, DSL, Cable Internet
* Modem existence: external or internal modem
* Layer 2 connection: PPPoA, PPPoE, DHCP, Static IP addresses
* IP Address Assignment: Which IP address must be the gateway; which should be host
* NAT/PAT: Is it possible to use gateway (router) IP address to go out to the Internet using PAT?
* DNS IP addresses: Which are they? How do you use them on your system?
If your representative is not technical enough, ask to speak with one of their technical person. This way, you would be sure you have necessary info on how to connect your LAN to the Internet.
As an insight, following is some technical aspect description of DSL and Cable Internet
»Cisco Forum FAQ »Technical Aspects in xDSL/Cable Internet connection
Preparing Yourself before discussing with ISP representative
Before contacting your ISP, you need to understand your system you plan to use. This system is including your Internet gateway (router or firewall), servers, workstations, and all other hosts. Familiarize yourself with the router or firewall innerworking and features, as well as the operating system of your workstations, servers, and all other hosts. The key technology to familiarize with is how to setup network using DHCP, PPP (PPPoA/PPPoE), and static IP addresses on your system.
As to the router and firewall, it is suggested that you to be comfortable around various WAN connection type and deployment. Review router and firewall sample configuration of all WAN connection type; from DHCP, PPP, to static IP address. Eventhough your ISP would be using DHCP and not PPP for example, it is a good idea to be familiar on both to understand similarities and differences between the two technologies.
Check out the following FAQ for further info regarding DHCP, PPP, dynamic, and static IP address
»Cisco Forum FAQ »Between DHCP, PPP, Dynamic, and Static IP Address
Following is the sample configuration list of specific WAN connection type for further review. The sample configuration covers most common WAN connection type such as T1/E1, cable Internet, DSL, external and internal modem, PPPoA, PPPoE, DHCP, and Static IP. It also cover multiple platforms; from routers of various model to PIX Firewall or ASA.
Various PPPoE/PPPoA/DHCP/Static Sample Configuration with Cisco
Most of all sample configurations are written in CLI (Command Line Interface) and not in a Web GUI. In case you are not familiar with CLI, following FAQ is showing CLI introduction.
»Cisco Forum FAQ »The most straight-forward way to configure Cisco router: Introduction to CLI
»Cisco Forum FAQ »Straight-forward way to configure Cisco PIX Firewall/ASA: Introduction to CLI
By reviewing all of your system innerworking in advance, you are better prepared; which would make the ISP WAN connection type and deployment discussion process with their representative go smoother.
Deployment Process
When you are ready to do the actual deployment, you can check out the following FAQ for insights
»Cisco Forum FAQ »Quick and Easy Subnetting on Routing, Switching and Network Design Relationship
»Cisco Forum FAQ »Choosing Gateway IP Address for a network
»Cisco Forum FAQ »NAT, PAT, Port Forward, Internet and Server Access: Introduction and Practices
»Cisco Forum FAQ »Network Design Tips
»Cisco Forum FAQ »Setting Up Private Site-To-Site Connections
 feedback form
 feedback form
by aryoba 
last modified: 2008-01-30 14:16:17 |
