IT Baseline Protection Manual - The Information Warfare Site

Safeguard Catalogue - Communications Remarks
____________________________________________________________________ .........................................
(via a central tool) on the port level, where the cables are actually routed (port
or configuration switching).
Routers operating on layer 3 incorporate the characteristics of both repeaters
and bridges as regards availability, and also allow an evaluation of protocols
on layer 3. This results in a load separation on a higher level, thus permitting
almost full control of network traffic. In particular, no broadcasts are
forwarded between segments (subnets) separated by means of a router.
Consequently, a broadcast storm occurring in one segment does not affect the
other.
Based on the results of a traffic-flow analysis (refer to S 2.139 Survey of the
existing network environment), it might be necessary to perform physical
segmentation in order to increase the bandwidth and performance to the
required extent.
Example: Central server systems for file and printing services as well as
applications are present or planned in a network. To achieve a high level of
performance and availability, it might be advisable to connect these servers in
a dedicated manner to a switch, from where the server systems are linked with
the individual workstations (shared or switched mode). If possible, the
connection between the server systems and the switch should at least comprise
a Fast Ethernet link.
In general, a switched network provides higher performance than a shared
network, as all subscribers connected to a shared network need to share the
available bandwidth. In contrast, a switched network offers every subscriber
the full bandwidth at least as far as the next active network component.
However, it must be noted that such a network requires structured cabling
(star configuration), and that a fully switched network generates relatively
high costs.
Alternative solutions involve the coupling of individual segments in the
backbone area or areas experiencing high network loads (e.g. workgroups) via
a switch; these segments are configured as shared-media LANs (see Figure 2).
Additionally, it is always possible to connect individual workstation systems
with high performance requirements directly to a switch. Whereas a shared
network or shared segment can be laid out in a bus or a star configuration,
reasons of availability and investment safeguarding make it advisable to
implement structured cabling (star configuration) in this case as well. (refer to
S 5.2 Selection of an appropriate network topography).
Ethernet
switch 1
____________________________________________________________________ multi-port
multi-port .........................................
repeater 2
repeater 1
IT-Baseline Protection Manual: Oktober 2000
Fast Ethernet
Fast Ethernet
Server 1 Server 2
Ethernet
Switched Segment