HAPPY BOOKSGIVING
Use code BOOKSGIVING during checkout to save 40%-55% on books and eBooks. Shop now.
Register your product to gain access to bonus material or receive a coupon.
This eBook includes the following formats, accessible from your Account page after purchase:
EPUB The open industry format known for its reflowable content and usability on supported mobile devices.
PDF The popular standard, used most often with the free Acrobat® Reader® software.
This eBook requires no passwords or activation to read. We customize your eBook by discreetly watermarking it with your name, making it uniquely yours.
The practical guide to building resilient and highly available IP networks
More companies are building networks with the intention of using them to conduct business. Because the network has become such a strategic business tool, its availability is of utmost importance to companies and their service providers. The challenges for the professionals responsible for these networks include ensuring that the network remains up all the time, keeping abreast of the latest technologies that help maintain uptime, and reacting to ever-increasing denial-of-service (DoS) attacks.
Building Resilient IP Networks helps you meet those challenges. This practical guide to building highly available IP networks captures the essence of technologies that contribute to the uptime of networks. You gain a clear understanding of how to achieve network availability through the use of tools, design strategy, and Cisco IOS® Software.
With Building Resilient IP Networks, you examine misconceptions about five-nines availability and learn to focus your attention on the real issues: appreciating the limitations of the protocols, understanding what has been done to improve them, and keeping abreast of those changes. Building Resilient IP Networks highlights the importance of having a modular approach to building an IP network and, most important, illustrates how a modular design contributes to a resilient network. You learn how an IP network can be broken down to various modules and how these modules interconnect with one another. Then you explore new network resiliency features that have been developed recently, categorized with respect to the design modules.
Building Resilient IP Networks is relevant to both enterprise and service provider customers of all sizes. Regardless of whether the network connects to the Internet, fortifying IP networks for maximum uptime and prevention of attacks is mandatory for anyone’s business.
This book is part of the Networking Technology Series from Cisco Press®, which offers networking professionals valuable information for constructing efficient networks, understanding new technologies, and building successful careers.
Introduction
Chapter 1 Rise of the IP Transport System
The Internet Explosion
Next-Generation IP Applications
Voice over IP
IP Storage
MPLS: New Kid on the Block
Next-Generation IP Transport System
Continuous Improvements of Protocols
Chapter 2 Establishing a High-Availability Network
Understanding the Five-Nines Availability Debate
Differentiating Between Reliability and Availability
The Five-Nines Approach
Idiosyncrasies of the Telcordia GR-512-Core Document
The Truth About 50-ms Resiliency
A Practical Approach to Achieving High Availability
Measuring Availability
Defining a Metric
Understanding the Issue of Network Availability
Setting a Strategy to Achieve High Availability
Designing a Network for High Availability
Establishing Continuous Fault Detection and Measurement of Network Availability
Making Full Use of Scheduled Downtime
Instituting a Disciplined Approach to Network Operation and Processes
Summary
Chapter 3 Fundamentals of IP Resilient Networks
Revisiting IP, TCP, and UDP
Internet Protocol
Transmission Control Protocol
TCP Three-Way Handshake
TCP Sliding Window
User Datagram Protocol
Device-Level Resiliency
Online Insertion and Removal (OIR)
Single Line Card Reload
High System Availability
Route Processor Redundancy
Route Processor Redundancy Plus
Stateful Switchover
Nonstop Forwarding
Impact of Different Switching Paths
Process Switching
Cisco Express Forwarding Switching
Central CEF
Distributed CEF
Protecting the Control Plane and Data Plane
Establishing a Resiliency Strategy
Redundancy Strategy
Logical Resiliency
Physical Resiliency
Scaling Strategy
Key Principles for Designing Resilient Networks
Simplicity
Modularity
Security
Summary
Chapter 4 Quality of Service
Protecting the Control Plane with QoS
Traffic Types That Affect the Control Plane
Tagging Routing Protocol and Layer 2 Control Packets
IP Precedence
The pak_priority Flag
Selective Packet Discard
Receive ACL
Control-Plane Policing
Protecting Applications with QoS
Understanding the Need for Application QoS
Latency
Jitter
Loss
Determining When to Deploy QoS
Scenario 1: Undercongested Link
Scenario 2: Occasionally Congested Link
Scenario 3: Badly Congested Link
Building Blocks of QoS
Classification and Marking
Congestion Avoidance
Congestion Management
Traffic Conditioning
Application QoS and Control-Plane Traffic
QoS Deployment Strategy
Classifying Applications
Defining Policies
Testing Policies
Implementing QoS Features
Monitoring
Summary
Chapter 5 Core Module
Network Convergence in the Core
OSPF Enhancements
Shortest Path First (SPF) Throttling
OSPF LSA Throttling
OSPF LSA Flooding Reduction
OSPF Fast Hello
OSPF Update Packet-Pacing Timer
OSPF Incremental SPF
OSPF Graceful Restart
RFC 3623
Cisco Implementation
IS-IS Enhancements
IS-IS SPF Throttling
IS-IS LSP Generation
IS-IS LSA Flooding Reduction
IS-IS Fast Hellos
IS-IS Update Packet-Pacing Timer
IS-IS Incremental SPF
IS-IS Graceful Restart
Cisco Implementation
IETF Implementation
EIGRP Enhancements
EIGRP Graceful Shutdown
EIGRP Graceful Restart
EIGRP Stub Router Functionality
Bidirectional Forwarding Detection (BFD)
IP Event Dampening
Multipath Routing
Load Balancing
Equal-Cost Multipath (ECMP)
Per Packet
Per Destination
MPLS Traffic Engineering
Fast Reroute Link Protection
Fast Reroute Node Protection
Multicast Subsecond Convergence
Summary
Chapter 6 Access Module
Multilayer Campus Design
Access Layer
Distribution Layer
Core Layer
Access Module Building Blocks
Layer 2 Domain
The Spanning Tree Protocol: IEEE 802.1d
PortFast
UplinkFast
BackboneFast
Unidirectional Link Detection (UDLD)
RootGuard
LoopGuard
BPDUGuard
VLANs and Trunking
Common Spanning Tree (CST)
Per-VLAN Spanning Tree (PVST)
Per-VLAN Spanning Tree Plus (PVST+)
IEEE 802.1w
IEEE 802.1s
Channeling Technology
Layer 2 Best Practices
Simple Is Better
Limit the Span of VLANs
Build Triangles, Not Squares
Protect the Network from Users
Selecting Root Bridges
Use Value-Added Features
EtherChannel Deployment
EtherChannel Load Balancing
Consistent EtherChannel Port Settings
Layer 2 Setting for EtherChannel
Turning Off Autonegotiation
Layer 3 Domain
Hot Standby Routing Protocol (HSRP)
Virtual Router Redundancy Protocol (VRRP)
Global Load Balancing Protocol (GLBP)
Layer 3 Best Practices
Adopt Topology-Based Switching
Using Equal-Cost Multipath
Conserve Peering Resources
Adopt a Hierarchical Addressing Scheme
Summary
Chapter 7 Internet Module
Understanding Addressing and Routing in the Internet Module
Address-Assignment Scheme
Routing
Routing for Internal Users
Routing for External Users
Establishing Internet Module Redundancy
Link-Level Redundancy
Device-Level Redundancy
ISP-Level Redundancy
Site-Level Redundancy
Implementing Security Measures
Security Policy
Filtering at the Internet Module
Resilient Border Gateway Protocol (BGP) Design
BGP Soft Reconfiguration
BGP Convergence Optimization
BGP Next-Hop Address Tracking
BGP Support for Fast Peering Session Deactivation
BGP Route Dampening
Nonstop Forwarding with Stateful Switchover (NSF/SSO) for BGP
Using Network Address Translation (NAT)
Enhanced NAT Resiliency
NAT with Route Map
Static Mapping with Hot Standby Routing Protocol (HSRP) Support
Stateful NAT
Limiting NAT Entries
Multihoming with NAT
Effects of NAT on Network and Applications
Implications on TCP and ICMP Traffic
Application-Specific Gateways
Effects on Voice over IP (VoIP) Traffic
Effects on Router Performance
Effects on Network Security
Summary
Chapter 8 WAN Module
Leased Line
Domestic Leased Circuit Versus International Private Leased Circuit
Leased Circuit Encapsulation
Equal-Cost Load Balancing
Multilink Point-to-Point Protocol (MPPP)
SONET/SDH
SONET/SDH Framing
PPP over SONET/SDH
SONET/SDH Protection Switching
Resilient Packet Ring
DPT Architecture
DPT/SRP Classes of Service
SRP Queuing
SRP Fairness Algorithm
RPR Standards
Differences Between 802.17 and DPT/SRP
Dial Backup
Virtual Private Network (VPN)
IP Tunnel
L2TPv3
L2TPv3 Deployment
MPLS-VPN
Summary
Chapter 9 Data Center Module
Data Center Environmental Considerations
Cabling
Tagging
Documentation
Discipline
Rack Space
Server Size
Power
Next-Generation Server Architecture
Data Center Network Considerations
Security
Server Performance
Fault-Tolerant Server Features
Multifaceted Server
Data Center Network Architecture
Access Layer Design
NIC Teaming
Clustering
Aggregation Layer Design
Trunk Ports on an Aggregation Switch
Routed Ports on an Aggregation Switch
Architecture Scaling Consideration
Data Center Network Security
Layer 2 Security
Private VLANs (PVLANs)
VLAN Access Control List (VACL)
Port Security
Dynamic ARP Inspection
Layer 3 Security
Switch Forwarding Architecture
Control Plane Policing
DHCP Server Protection
Service Optimization
Server Load Balancing
Global Site Selector
Understanding DNS Resolution
Using GSS
Web Cache Communication Protocol (WCCP)
Integrated Service Modules
Summary
Chapter 10 Beyond Implemention: Network Managment
Components of Network Management
Fault Management
Configuration Management
Configuration File Management
Inventory Management
Software Management
Accounting Management
Performance Management
Security Management
ACLs
User IDs and Passwords
TACACS
Establishing a Baseline
Step 1: Take a Snapshot of Inventory
Step 2: Collect Relevant Data
MIB Entries and Object Identifiers
Multi-Router Traffic Grapher
Step 3: Analyze Data
Step 4: Prioritize Problem Areas
Step 5: Determine a Course of Action
Managing Cisco IOS Deployment
Overview of IOS Releases
Understanding IOS Naming Convention
IOS Software Life Cycle Management
Planning
Design
Testing
Implementation
Operation
Moving Toward Proactive Management
IP Service Level Agreement
ICMP-Based IP SLA Operation
Responder-Based IP SLA Operation
Nonresponder-Based IP SLA Operation
Examples of IP SLA Operations
Component Outage Online (COOL) Measurement
Embedded Event Manager (EEM)
Next-Generation IOS Architecture
Summary
End Notes
Appendix A Calculating Network Availability
Appendix BRFCs Relevant to Building a Resilient IP Network
Appendix CThe Cisco Powered Network Checklist
Index
1587052156TOC112205