Log In
Or create an account ->
Imperial Library
Home
About
News
Upload
Forum
Help
Login/SignUp
Index
Foreword
Introduction
Reviewing Cisco Enterprise Architecture
The Hierarchical Model
Example Hierarchical Network
Enterprise Network Design for Cisco Architectures
Service and Application Integration
Network Services
Network Applications
Modularity in Cisco Network Architectures for the Enterprise
Reviewing the Cisco PPDIOO Approach
PPDIOO Network Lifecycle Approach
Benefits of the Lifecycle Approach
Using the Design Methodology Under PPDIOO
Identifying Customer Requirements
Characterizing the Existing Network and Sites
Designing the Topology and Network Solutions
Dividing the Network into Areas
Summary
References
Review Questions
Designing High Availability in the Enterprise Campus
Enterprise Campus Infrastructure Review
Access Layer
Distribution Layer
Core Layer
Collapsed-Core Model
High-Availability Considerations
Implement Optimal Redundancy
Provide Alternate Paths
Avoid Single Points of Failure
Cisco NSF with SSO
Routing Protocol Requirements for Cisco NSF
Cisco IOS Software Modularity Architecture
Example: Software Modularity Benefits
Designing an Optimum Design for Layer 2
Recommended Practices for Spanning-Tree Configuration
Cisco STP Toolkit
STP Standards and Features
Recommended Practices for STP Hardening
Recommended Practices for Trunk Configuration and Vlan Trunking Protocol
Dynamic Trunking Protocol
Recommended Practices for UDLD Configuration
Recommended Practices for EtherChannel
Port Aggregation Protocol
Link Aggregation Control Protocol
Supporting Virtual Switching Systems Designs
Common Access-Distribution Block Designs
Multichassis EtherChannels and VSS
VSS Design Considerations
Dual Active Detection and Recovery
VSS Design Best Practices
Developing an Optimum Design for Layer 3
Managing Oversubscription and Bandwidth
Bandwidth Management with EtherChannel
Bandwidth Management with 10 Gigabit Interfaces
Link Load Balancing
Link Load Balancing with EtherChannel
EtherChannel Design Versus Equal-Cost Multipathing
Routing Protocol Design
Build Redundant Triangles
Peer Only on Transit Links
Summarize at the Distribution Layer
First-Hop Redundancy
Preempt Delay Tuning
Elimination of FHRP in VSS Designs
Overview of Gateway Load Balancing Protocol
Optimizing FHRP Convergence
Supporting a Layer 2 to Layer 3 Boundary Design
Layer 2 to Layer 3 Boundary Design Models
Layer 2 Distribution Switch Interconnection
Layer 3 Distribution Switch Interconnection (with HSRP)
Layer 3 Distribution Switch Interconnection (with GLBP)
Layer 3 Distribution Switch with VSS Interconnection
Layer 3 Access to Distribution Interconnection
EIGRP Access Design Recommendations
OSPF Access Design Recommendations
Potential Design Issues
Daisy Chaining Access Layer Switches
Cisco StackWise Technology in the Access Layer
Too Much Redundancy
Too Little Redundancy
Example: Impact of an Uplink Failure
Example: Impact on Return-Path Traffic
Asymmetric Routing (Unicast Flooding)
Unicast Flooding Prevention
Supporting Infrastructure Services
IP Telephony Considerations
IP Telephony Extends the Network Edge
PoE Requirements
Power Budget and Management
Multi-VLAN Access Port
Soft Phones and Voice VLANs
QoS Considerations
Recommended Practices for QoS
Transmit Queue Congestion
QoS Role in the Campus
Campus QoS Design Considerations
Cisco Catalyst Integrated Security Features
Port Security Prevents MAC-Based Attacks
DHCP Snooping Protects Against Rogue and Malicious DHCP Servers
Dynamic ARP Inspection Protects Against ARP Poisoning
IP Source Guard Protects Against Spoofed IP Addresses
Example Catalyst Integrated Security Feature Configuration
Summary
References
Review Questions
Designing Advanced IP Addressing
IP Address Planning as a Foundation
Summary Address Blocks
Summarization for IPv6
Changing IP Addressing Needs
Planning Addresses
Applications of Summary Address Blocks
Implementing Role-Based Addressing
Bit Splitting for Route Summarization
Example: Bit Splitting for Area 1
IPv6 Address Planning
Bit Splitting for IPv6
Addressing for VPN Clients
NAT in the Enterprise
NAT with External Partners
Design Considerations for IPv6 in Campus Networks
IPv6 Campus Design Considerations
Dual-Stack Model
Hybrid Model
Service Block Model
Designing Advanced Routing
Route Summarization and Default Routing
Originating Default Routes
Stub Areas and Default Route
Route Filtering in the Network Design
Inappropriate Transit Traffic
Defensive Filtering
Designing Redistribution
Filtered Redistribution
Migrating Between Routing Protocols
Designing Scalable EIGRP Designs
Scaling EIGRP Designs
EIGRP Fast Convergence
EIGRP Fast-Convergence Metrics
Scaling EIGRP with Multiple Autonomous Systems
Example: External Route Redistribution Issue
Filtering EIGRP Redistribution with Route Tags
Filtering EIGRP Routing Updates with Inbound Route Tags
Example: Queries with Multiple EIGRP Autonomous Systems
Reasons for Multiple EIGRP Autonomous Systems
Designing Scalable OSPF Design
Factors Influencing OSPF Scalability
Number of Adjacent Neighbors and DRs
Routing Information in the Area and Domain
Designing OSPF Areas
Area Size: How Many Routers in an Area?
OSPF Hierarchy
Area and Domain Summarization
Number of Areas in an OSPF Hub-and-Spoke Design
OSPF Hub-and-Spoke Design
Issues with Hub-and-Spoke Design
OSPF Hub-and-Spoke Network Types
OSPF Area Border Connection Behavior
Fast Convergence in OSPF
OSPF Exponential Backoff
Tuning OSPF Parameters
OSPF LSA Pacing
OSPF Event Processing
Bidirectional Forwarding Detection
Designing Scalable BGP Designs
Scaling BGP Designs
Full-Mesh IBGP Scalability
Scaling IBGP with Route Reflectors
BGP Route Reflector Definitions
Route Reflector Basics
Scaling IBGP with Confederations
BGP Confederation Definitions
Confederation Basics
Confederations Reduce Meshing
Deploying Confederations
Summary
References
Review Questions
Advanced WAN Service Layers
Enterprise Optical Interconnections
Overview of SONET and SDH
Enterprise View of SONET
WDM Overview
CWDM Technical Overview
DWDM Technical Overview
DWDM Systems
RPR Overview
RPR in the Enterprise
Metro Ethernet Overview
Metro Ethernet Service Model
Metro Ethernet Architecture
Metro Ethernet LAN Services
Ethernet Private Line Service
Ethernet Relay Service
Ethernet Wire Service
Ethernet Multipoint Service
Ethernet Relay Multipoint Service
Any Transport over MPLS
Ethernet over MPLS
End-to-End QoS
Shaping and Policing on Subrate Ethernet WAN
Choosing the Right Service
VPLS Overview
VPLS Architecture Model
VPLS in the Enterprise
Hierarchical VPLS Overview
Scaling VPLS
QoS Issues with EMS or VPLS
EMS or VPLS and Routing Implications
VPLS and IP Multicast
VPLS Availability
MPLS VPN Overview
Customer Considerations with MPLS VPNs
Routing Considerations: Backdoor Routes
Routing Considerations: Managed Router Combined with Internal Routing
Routing Considerations: Managed Router from Two Service Providers
Implementing Advanced WAN Services
Advanced WAN Service Selection
Business Risk Assessment
WAN Features and Requirements
SLA Overview
SLA Monitoring
Application Performance Across the WAN
WAN CPE Selection Considerations
Cisco PfR Overview
Cisco PfR Operations
Cisco PfR Design and Deployment Considerations
Summary
References
Review Questions
Designing the Core and Aggregation Layers
Data Center Architecture Overview
Benefits of the Three-Layer Model
The Services Layer
Using Dedicated Service Appliances
Data Center Core Layer Design
Layer 3 Characteristics for the Data Center Core
OSPF Routing Protocol Design Recommendations
EIGRP Routing Protocol Design Recommendations
Aggregation Layer Design
Scaling the Aggregation Layer
STP Design
Understanding Bridge Assurance
Integrated Service Modules
Service Module Placement Consideration
Service Modules and the Services Layer
Active STP, HSRP, and Service Context Alignment
Active/Standby Service Module Design
Active/Active Service Module Design
Establishing Inbound Path Preference
Using VRFs in the Data Center
Using the Cisco Nexus 7000 Series in the Core and Aggregation Layer
VDCs
Designs Enabled by VDCs
vPCs
vPC Best Practices
Designs Enabled by vPC
Layer 2 Multipathing
Designing the Access Layer
Overview of the Data Center Access Layer
Layer 2 Looped Designs
Layer 2 Looped Topologies
Layer 2 Looped Design Issues
Layer 2 Loop-Free Designs
Loop-Free Topologies
Example: Loop-Free U Design and Layer 2 Service Modules
Example: Loop-Free U Design and Cisco ACE Service Module
Layer 2 FlexLink Designs
FlexLink Issues and Considerations
Comparison of Layer 2 Access Designs
Layer 3 Access Layer Designs
Multicast Source Support
Benefits of Layer 3 Access
Drawbacks of Layer 3 Access
Blade Server Overview
Blade Server Connectivity Options
Blade Server Trunk Failover Feature
Virtual Blade Switching
Cisco Nexus Switch Family in the Access Layer
TOR and EOR Designs
Static and Dynamic Pinning
Cisco Nexus 2000 FEX Dynamic Pinning
Virtual Port Channel in the Data Center Access Layer
Straight-Through FEX Design
Active/Active FEX Design
Cisco Nexus 1000V in the Data Center Access Layer
Virtual Port Channel Host Mode
Design Considerations for the Cisco Nexus 1000V
Cisco Nexus 1010
Layer 2 or Layer 3 Access Design?
Scaling the Data Center Architecture
TOR Versus EOR Designs
Cabinet Design with TOR Switching
Example: Network Topology with TOR Switching Model
Cabinet Design with Modular Access Switches
Example: Network Topology with Modular Access Switches
Cabinet Design with Fabric Extenders
Server NIC Density
Hybrid Example with a Separate OOB Switch
Oversubscription and Uplinks
Scaling Bandwidth and Uplink Density
Optimizing EtherChannel Utilization with Load Balancing
Optimizing EtherChannel Utilization with Min-Links
Scaling with Service Layer Switches
Scaling Service on Cisco ACE Modules
Scaling Spanning Tree and High Availability
Scalability
STPs in the Data Center
STP Scaling
STP Logical Interfaces
STP Scaling with 120 Systemwide VLANs
STP in 1RU Designs
STP Scaling Design Guidelines
Scaling the Data Center Using Zones
High Availability in the Data Center
Common NIC Teaming Configurations
Server Attachment Methods
High Availability and Failover Times
High Availability and Cisco NSF with SSO
Describing Network Virtualization in More Detail
Definition of Virtualization
Virtualization Categories
Network Virtualization
Virtual Routing and Forwarding
Layer 3 VPNs and Network Virtualization
Summary
References
Review Questions
Identifying SAN Components and Technologies
SAN Components
RAID Overview
Storage Topologies
DAS
NAS
SAN Technologies
SCSI Overview
Fibre Channel Overview
Fibre Channel Communications Model
VSAN
IVR
FSPF
Zoning
FICON
SANTap
Designing SAN and SAN Extension
Port Density and Topology Requirements
Device Oversubscription
Traffic Management
Fault Isolation
Convergence and Stability
SAN Designs with the Cisco MDS 9000 Family
SAN Consolidation with VSANs
Comprehensive SAN Security
Simplified SAN Management
Single-Switch Collapsed-Core Design
Small-Scale, Dual-Fabric Collapsed-Core Design
Medium-Scale, Dual-Fabric Collapsed-Core Design
Large-Scale, Dual-Fabric Core-Edge Design
SAN Extension
SAN Extension Protocols
Fibre Channel over IP
iSCSI
SAN Extension Developments
High-Availability SAN Extension
Integrated Fabric Designs Using Cisco Nexus Technology Overview
Unified Fabric Technologies
I/O Consideration in the Data Center
Challenges When Building a Unified Fabric Based on 10 Gigabit Ethernet
SAN Protocol Stack Extensions
FCoE Components: Converged Network Adapter
FCoE Components: Fibre Channel Forwarder
Data Center Bridging Standards
Unified Fabric Design Considerations
Deploying Nexus in the Access Layer
Nexus 5000/2000 Deployment Options in the Data Center
FCoE VLAN to VSAN Mapping, VLAN Trunking, and the CNA
Switch Mode Versus NPV Mode
Unified Fabric Best Practices
Summary
References
Review Questions
Designing High Availability for E-Commerce
E-Commerce High-Availability Requirements
Components of High Availability
Redundancy
Technology
People
Processes
Tools
Common E-Commerce Module Designs
Common E-Commerce Firewall Designs
Typical E-Commerce Module Topology
Using a Server as an Application Gateway
Virtualization with Firewall Contexts
Virtual Firewall Layers
Firewall Modes
Common E-Commerce Server Load Balancer Designs
Functions of a Server Load Balancer
SLB Design Models
SLB Router Mode
Application Control Engine
SLB Inline Bridge Mode
SLB One-Armed Mode
Common E-Commerce Design Topologies for Connecting to Multiple ISPs
One Firewall per ISP
Stateful Failover with Common External Prefix
Distributed Data Centers
Design Option: Distributed Data Centers
Additional Data Center Services
Integrated E-Commerce Designs
Base E-Commerce Module Design
Base Design Routing Logic
Base Design Server Traffic Flows
Two Firewall Layers in the E-Commerce Module Design
Traffic Flows in a Two-Firewall Layer Design
One-Armed SLB Two-Firewall E-Commerce Module Design
Traffic Flows in a One-Armed SLB Two-Firewall Layer Design
Direct Server Traffic Flows in a One-Armed SLB Two-Firewall Layer Design
One-Armed SLB E-Commerce Module Design with Firewall Contexts
Traffic Flows in a One-Armed SLB Design with Firewall Contexts
One-Armed SLB E-Commerce Module Design with ACE
Testing E-Commerce Module Designs
Summary
References
Review Questions
Designing Firewalls
Firewall Modes
Zone-Based Policy Firewall
Virtual Firewall Overview
Firewall Context Design Considerations
MSFC Placement
Active/Active Firewall Topology
Active/Active Topology Features
Asymmetric Routing with Firewalls
Asymmetric Routing with ASR Group on a Single FWSM
Asymmetric Routing with Active/Active Topology
Performance Scaling with Multiple FWSMs
Example: Load Balancing FWSMs Using PBR
Load Balancing FWSMs Using ECMP Routing
PVLAN Security
FWSM in a PVLAN Environment: Isolated Ports
FWSM in a PVLAN Environment: Community VLANs
Designing NAC Services
Network Security with Access Control
NAC Comparison
Cisco NAC Appliance Fundamentals
Cisco NAC Appliance Components
Cisco NAC Appliance Policy Updates
Process Flow with the Cisco NAC Appliance
Cisco NAS Scaling
Cisco NAS Deployment Options
Cisco NAS Gateway Modes
Cisco NAS Client Access Modes
Cisco NAS Operating Modes
Physical Deployment Models
Cisco NAC Appliance Designs
Layer 2 In-Band Designs
Example: Layer 2 In-Band Virtual Gateway
Example: Layer 2 In-Band Real IP Gateway
Layer 2 Out-of-Band Designs
Example: Layer 2 Out-of-Band Virtual Gateway
Layer 3 In-Band Designs
Example: Layer 3 In-Band Virtual Gateway
Example: Layer 3 In-Band with Multiple Remotes
Layer 3 Out-of-Band Designs
Example: Layer 3 OOB with Addressing
NAC Framework Overview
Router Platform Support for the NAC Framework
Switch Platform Support for the NAC Framework
IPS and IDS Overview
Threat Detection and Mitigation
IDSs
Intrusion-Prevention Systems
IDS and IPS Overview
Host Intrusion-Prevention Systems
IDS and IPS Design Considerations
IDS or IPS Deployment Considerations
IPS Appliance Deployment Options
Feature: Inline VLAN Pairing
IPS Deployment Challenges
IDS or IPS Management Interface Deployment Options
In-Band Management Through Tunnels
IDS and IPS Monitoring and Management
Scaling Cisco Security MARS with Global Controller Deployment
Summary
References
Review Questions
Designing Remote-Access VPNs
Remote-Access VPN Overview
Example: Cisco Easy VPN Client IPsec Implementation
SSL VPN Overview
Clientless Access
Thin Client
Thick Client
Remote-Access VPN Design Considerations
VPN Termination Device and Firewall Placement
Address Assignment Considerations
Routing Design Considerations
Other Design Considerations
Designing Site-to-Site VPNs
Site-to-Site VPN Applications
WAN Replacement Using Site-to-Site IPsec VPNs
WAN Backup Using Site-to-Site IPsec VPNs
Regulatory Encryption Using Site-to-Site IPsec VPNs
Site-to-Site VPN Design Considerations
IP Addressing and Routing
Scaling, Sizing, and Performance
Cisco Router Performance with IPsec VPNs
Typical VPN Device Deployments
Design Topologies
VPN Device Placement Designs
VPN Device Parallel to Firewall
VPN Device on a Firewall DMZ
Integrated VPN and Firewall
Using IPsec VPN Technologies
IPsec VPN Overview
Extensions to Basic IPsec VPNs
Cisco Easy VPN
Overview of Cisco Easy VPN Server Wizard on Cisco SDM
Overview of Easy VPN Remote Wizard on Cisco SDM
GRE over IPsec Design Recommendations
GRE over IPsec Design Recommendations
DMVPN
DMVPN Overview
DMVPN Design Recommendations
Virtual Tunnel Interfaces Overview
Group Encrypted Transport VPN
GET VPN Topology
Managing and Scaling VPNs
Recommendations for Managing VPNs
Considerations for Scaling VPNs
Determining PPS
Routing Protocol Considerations for IPsec VPNs
EIGRP Metric Component Consideration
Summary
References
Review Questions
IP Multicast Technologies
Introduction to Multicast
Multicast Versus Unicast
IP Multicast Group Membership
Multicast Applications and Multicast Adoption Trends
Learning About Multicast Sessions
Advantages of Multicast
Disadvantages of Multicast
Multicast IP Addresses
Layer 2 Multicast Addresses
Multicast Address Assignment
Cisco Multicast Architecture
IGMP and CGMP
IGMP Version 1
IGMP Version 2
IGMP Version 3
Multicast with Layer 2 Switches
IGMP Snooping
CGMP
PIM Routing Protocol
PIM Terminology
Multicast Distribution Tree Creation
Reverse Path Forwarding
Source Distribution Trees
Shared Distribution Trees
Multicast Distribution Tree Notation
Deploying PIM and RPs
PIM Deployment Models
ASM or PIM-SM
PIM-SM Shared Tree Join
PIM-SM Sender Registration
PIM-SM SPT Switchover
Bidirectional PIM
Source-Specific Multicast
SSM Join Process
SSM Source Tree Creation
PIM Dense Mode
RP Considerations
Static RP Addressing
Anycast RP
Auto-RP
DM Fallback and DM Flooding
Boot Strap Router
Securing IP Multicast
Security Considerations for IP Multicast
Security Goals for Multicast Environments
Unicast and Multicast State Requirements
Unicast and Multicast Replication Requirements
Attack Traffic from Rogue Sources to Receivers
Attack Traffic from Sources to Networks Without Receivers
Attack Traffic from Rogue Receivers
Scoped Addresses
Multicast Access Control
Packet Filter-Based Access Control
Host Receiver-Side Access Control
PIM-SM Source Control
Disabling Multicast Groups for IPv6
Multicast over IPsec VPNs
Traditional Direct Encapsulation IPsec VPNs
Multicast over IPsec GRE
Multicast over DMVPN
Multicast Using GET VPN
Summary
References
Review Questions
Cisco IOS Embedded Management Tools
Embedded Management Rationale
Network Management Functional Areas
Designing Network Management Solutions
Cisco IOS Software Support of Network Management
Application Optimization and Cisco IOS Technologies
Syslog Considerations
Cisco IOS Syslog Message Standard
Issues with Syslog
NetFlow
NetFlow Overview
Principal NetFlow Uses
Definition of a Flow
Traditional IP Flows
Flow Record Creation
NetFlow Cache Management
NetFlow Export Versions
NetFlow Version 9 Export Packet
Flexible NetFlow Advantages
NetFlow Deployment
Where to Apply NetFlow Monitoring
NBAR
NBAR Overview
NBAR Packet Inspection
NBAR Protocol Discovery
NetFlow and NBAR Differentiation
Reporting NBAR Protocol Discovery Statistics from the Command Line
NBAR and Cisco AutoQoS
Cisco AutoQoS for the Enterprise
Example: Cisco AutoQoS Discovery Progress
Cisco AutoQoS Suggested Policy
IP SLA Considerations
IP SLA Overview
SLAs
Cisco IOS IP SLA Measurements
IP SLA SNMP Features
Deploying IP SLA Measurements
Impact of QoS Deployment on IP SLA Statistics
Scaling IP SLA Deployments
Hierarchical Monitoring with IP SLA Measurements
Network Management Applications Using IP SLA Measurements
CiscoWorks IPM Application Example
IP SLA Network Management Application Consideration
Summary
References
Review Questions
Chapter 1 The Cisco Enterprise Architecture
Chapter 2 Enterprise Campus Network Design
Chapter 3 Developing an Optimum Design for Layer 3
Chapter 4 Advanced WAN Services Design Considerations
Chapter 5 Enterprise Data Center Design
Chapter 6 SAN Design Considerations
Chapter 7 E-Commerce Module Design
Chapter 8 Security Services Design
Chapter 9 IPsec and SSL VPN Design
Chapter 10 IP Multicast Design
Chapter 11 Network Management Capabilities Within Cisco IOS Software
Appendix A Answers to Review Questions
Appendix B Acronyms and Abbreviations
Appendix C VoWLAN Design
Index
← Prev
Back
Next →
← Prev
Back
Next →