HAPPY BOOKSGIVING
Use code BOOKSGIVING during checkout to save 40%-55% on books and eBooks. Shop now.
Register your product to gain access to bonus material or receive a coupon.
This eBook includes the following formats, accessible from your Account page after purchase:
EPUB The open industry format known for its reflowable content and usability on supported mobile devices.
PDF The popular standard, used most often with the free Acrobat® Reader® software.
This eBook requires no passwords or activation to read. We customize your eBook by discreetly watermarking it with your name, making it uniquely yours.
Designing Cisco Network Service Architectures (ARCH) Foundation Learning Guide, Third Edition, is a Cisco®-authorized, self-paced learning tool for CCDP® foundation learning. This book provides you with the knowledge needed to perform the conceptual, intermediate, and detailed design of a network infrastructure that supports desired network solutions over intelligent network services, in order to achieve effective performance, scalability, and availability. By reading this book, you will gain a thorough understanding of how to apply solid Cisco network solution models and recommended design practices to provide viable, stable enterprise internetworking solutions. The book presents concepts and examples that are necessary to design converged enterprise networks. Advanced network infrastructure technologies, such as virtual private networks (VPNs) and other security solutions are also covered.
Designing Cisco Network Service Architectures (ARCH) Foundation Learning Guide, Third Edition teaches you the latest development in network design and technologies, including network infrastructure, intelligent network services, and converged network solutions. Specific topics include campus, routing, addressing, WAN services, data center, e-commerce, SAN, security, VPN, and IP multicast design, as well as network management. Chapter-ending review questions illustrate and help solidify the concepts presented in the book.
Whether you are preparing for CCDP certification or simply want to gain a better understanding of designing scalable and reliable network architectures, you will benefit from the foundation information presented in this book.
Designing Cisco Network Service Architectures (ARCH) Foundation Learning Guide, Third Edition, is part of a recommended learning path from Cisco that includes simulation and hands-on training from authorized Cisco Learning Partners and self-study products from Cisco Press. To find out more about instructor-led training, e-learning, and hands-on instruction offered by authorized Cisco Learning Partners worldwide, please visit www.cisco.com/go/authorizedtraining.
John Tiso, CCIE No. 5162, CCDP is a Product Manager for Cisco Systems. He holds a B.S. Degree in Computer Science and Mathematics from Adelphi University and a Graduate Citation in Strategic Management from Harvard University. John is a published author, has served as a technical editor for Cisco Press, and has participated as a SME for the CCIE program. Prior to Cisco, he was a senior consultant and architect in the Cisco partner channel.
· Learn about the Cisco Enterprise Architecture
· Create highly available campus and data center network designs
· Develop optimum Layer 3 designs
· Examine advanced WAN services design considerations
· Evaluate SAN design considerations
· Deploy effective e-commerce module designs
· Create effective security services and IPsec and SSL VPN designs
· Design IP multicast networks
· Understand the network management capabilities within Cisco IOS Software
This book is in the Foundation Learning Guide Series. These guides are developed together with Cisco® as the only authorized, self-paced learning tools that help networking professionals build their understanding of networking concepts and prepare for Cisco certification exams.
Category: Cisco Certification
Covers: CCDP ARCH 642-874
Foreword xxx
Introduction xxxi
Chapter 1 The Cisco Enterprise Architecture 1
Reviewing Cisco Enterprise Architecture 1
The Hierarchical Model 2
Example Hierarchical Network 3
Enterprise Network Design for Cisco Architectures 4
Service and Application Integration 7
Network Services 7
Network Applications 9
Modularity in Cisco Network Architectures for the Enterprise 9
Reviewing the Cisco PPDIOO Approach 12
PPDIOO Network Lifecycle Approach 13
Benefits of the Lifecycle Approach 14
Using the Design Methodology Under PPDIOO 16
Identifying Customer Requirements 16
Characterizing the Existing Network and Sites 17
Designing the Topology and Network Solutions 18
Dividing the Network into Areas 18
Summary 20
References 21
Review Questions 21
Chapter 2 Enterprise Campus Network Design 23
Designing High Availability in the Enterprise Campus 24
Enterprise Campus Infrastructure Review 24
Access Layer 24
Distribution Layer 26
Core Layer 27
Collapsed-Core Model 29
High-Availability Considerations 30
Implement Optimal Redundancy 30
Provide Alternate Paths 32
Avoid Single Points of Failure 33
Cisco NSF with SSO 33
Routing Protocol Requirements for Cisco NSF 34
Cisco IOS Software Modularity Architecture 35
Example: Software Modularity Benefits 37
Designing an Optimum Design for Layer 2 38
Recommended Practices for Spanning-Tree Configuration 38
Cisco STP Toolkit 40
STP Standards and Features 40
Recommended Practices for STP Hardening 41
Recommended Practices for Trunk Configuration and Vlan Trunking Protocol 43
Dynamic Trunking Protocol 45
Recommended Practices for UDLD Configuration 46
Recommended Practices for EtherChannel 47
Port Aggregation Protocol 49
Link Aggregation Control Protocol 49
Supporting Virtual Switching Systems Designs 50
Common Access-Distribution Block Designs 51
Multichassis EtherChannels and VSS 52
VSS Design Considerations 53
Dual Active Detection and Recovery 54
VSS Design Best Practices 55
Developing an Optimum Design for Layer 3 55
Managing Oversubscription and Bandwidth 56
Bandwidth Management with EtherChannel 56
Bandwidth Management with 10 Gigabit Interfaces 57
Link Load Balancing 57
Link Load Balancing with EtherChannel 58
EtherChannel Design Versus Equal-Cost Multipathing 59
Routing Protocol Design 60
Build Redundant Triangles 60
Peer Only on Transit Links 60
Summarize at the Distribution Layer 62
First-Hop Redundancy 64
Preempt Delay Tuning 65
Elimination of FHRP in VSS Designs 66
Overview of Gateway Load Balancing Protocol 67
Optimizing FHRP Convergence 69
Supporting a Layer 2 to Layer 3 Boundary Design 71
Layer 2 to Layer 3 Boundary Design Models 71
Layer 2 Distribution Switch Interconnection 71
Layer 3 Distribution Switch Interconnection (with HSRP) 72
Layer 3 Distribution Switch Interconnection (with GLBP) 72
Layer 3 Distribution Switch with VSS Interconnection 73
Layer 3 Access to Distribution Interconnection 74
EIGRP Access Design Recommendations 75
OSPF Access Design Recommendations 76
Potential Design Issues 77
Daisy Chaining Access Layer Switches 77
Cisco StackWise Technology in the Access Layer 78
Too Much Redundancy 79
Too Little Redundancy 80
Example: Impact of an Uplink Failure 80
Example: Impact on Return-Path Traffic 82
Asymmetric Routing (Unicast Flooding) 82
Unicast Flooding Prevention 83
Supporting Infrastructure Services 84
IP Telephony Considerations 84
IP Telephony Extends the Network Edge 84
PoE Requirements 85
Power Budget and Management 87
Multi-VLAN Access Port 89
Soft Phones and Voice VLANs 90
QoS Considerations 90
Recommended Practices for QoS 91
Transmit Queue Congestion 91
QoS Role in the Campus 92
Campus QoS Design Considerations 92
Cisco Catalyst Integrated Security Features 93
Port Security Prevents MAC-Based Attacks 93
DHCP Snooping Protects Against Rogue and Malicious DHCP Servers 94
Dynamic ARP Inspection Protects Against ARP Poisoning 94
IP Source Guard Protects Against Spoofed IP Addresses 95
Example Catalyst Integrated Security Feature Configuration 95
Summary 95
References 96
Review Questions 97
Chapter 3 Developing an Optimum Design for Layer 3 101
Designing Advanced IP Addressing 101
IP Address Planning as a Foundation 102
Summary Address Blocks 102
Summarization for IPv6 103
Changing IP Addressing Needs 104
Planning Addresses 104
Applications of Summary Address Blocks 105
Implementing Role-Based Addressing 105
Bit Splitting for Route Summarization 106
Example: Bit Splitting for Area 1 107
IPv6 Address Planning 107
Bit Splitting for IPv6 108
Addressing for VPN Clients 109
NAT in the Enterprise 109
NAT with External Partners 110
Design Considerations for IPv6 in Campus Networks 111
IPv6 Campus Design Considerations 111
Dual-Stack Model 112
Hybrid Model 112
Service Block Model 114
Designing Advanced Routing 115
Route Summarization and Default Routing 115
Originating Default Routes 116
Stub Areas and Default Route 117
Route Filtering in the Network Design 118
Inappropriate Transit Traffic 118
Defensive Filtering 120
Designing Redistribution 121
Filtered Redistribution 122
Migrating Between Routing Protocols 123
Designing Scalable EIGRP Designs 123
Scaling EIGRP Designs 124
EIGRP Fast Convergence 124
EIGRP Fast-Convergence Metrics 125
Scaling EIGRP with Multiple Autonomous Systems 126
Example: External Route Redistribution Issue 126
Filtering EIGRP Redistribution with Route Tags 127
Filtering EIGRP Routing Updates with Inbound Route Tags 128
Example: Queries with Multiple EIGRP Autonomous Systems 130
Reasons for Multiple EIGRP Autonomous Systems 130
Designing Scalable OSPF Design 131
Factors Influencing OSPF Scalability 131
Number of Adjacent Neighbors and DRs 132
Routing Information in the Area and Domain 132
Designing OSPF Areas 133
Area Size: How Many Routers in an Area? 134
OSPF Hierarchy 134
Area and Domain Summarization 136
Number of Areas in an OSPF Hub-and-Spoke Design 137
OSPF Hub-and-Spoke Design 137
Issues with Hub-and-Spoke Design 138
OSPF Hub-and-Spoke Network Types 140
OSPF Area Border Connection Behavior 141
Fast Convergence in OSPF 142
OSPF Exponential Backoff 143
Tuning OSPF Parameters 143
OSPF LSA Pacing 145
OSPF Event Processing 145
Bidirectional Forwarding Detection 145
Designing Scalable BGP Designs 146
Scaling BGP Designs 146
Full-Mesh IBGP Scalability 147
Scaling IBGP with Route Reflectors 148
BGP Route Reflector Definitions 148
Route Reflector Basics 150
Scaling IBGP with Confederations 151
BGP Confederation Definitions 151
Confederation Basics 151
Confederations Reduce Meshing 152
Deploying Confederations 154
Summary 155
References 157
Review Questions 158
Chapter 4 Advanced WAN Services Design Considerations 161
Advanced WAN Service Layers 161
Enterprise Optical Interconnections 162
Overview of SONET and SDH 163
Enterprise View of SONET 164
WDM Overview 165
CWDM Technical Overview 165
DWDM Technical Overview 166
DWDM Systems 167
RPR Overview 168
RPR in the Enterprise 168
Metro Ethernet Overview 170
Metro Ethernet Service Model 170
Metro Ethernet Architecture 170
Metro Ethernet LAN Services 172
Ethernet Private Line Service 173
Ethernet Relay Service 174
Ethernet Wire Service 175
Ethernet Multipoint Service 175
Ethernet Relay Multipoint Service 176
Any Transport over MPLS 176
Ethernet over MPLS 177
End-to-End QoS 179
Shaping and Policing on Subrate Ethernet WAN 180
Choosing the Right Service 181
VPLS Overview 181
VPLS Architecture Model 182
VPLS in the Enterprise 183
Hierarchical VPLS Overview 184
Scaling VPLS 184
QoS Issues with EMS or VPLS 186
EMS or VPLS and Routing Implications 186
VPLS and IP Multicast 187
VPLS Availability 187
MPLS VPN Overview 187
Customer Considerations with MPLS VPNs 188
Routing Considerations: Backdoor Routes 189
Routing Considerations: Managed Router Combined with Internal Routing 189
Routing Considerations: Managed Router from Two Service Providers 190
Implementing Advanced WAN Services 191
Advanced WAN Service Selection 192
Business Risk Assessment 192
WAN Features and Requirements 194
SLA Overview 195
SLA Monitoring 196
Application Performance Across the WAN 197
WAN CPE Selection Considerations 198
Cisco PfR Overview 200
Cisco PfR Operations 200
Cisco PfR Design and Deployment Considerations 203
Summary 204
References 205
Review Questions 206
Chapter 5 Enterprise Data Center Design 211
Designing the Core and Aggregation Layers 212
Data Center Architecture Overview 213
Benefits of the Three-Layer Model 213
The Services Layer 214
Using Dedicated Service Appliances 215
Data Center Core Layer Design 217
Layer 3 Characteristics for the Data Center Core 218
OSPF Routing Protocol Design Recommendations 220
EIGRP Routing Protocol Design Recommendations 221
Aggregation Layer Design 221
Scaling the Aggregation Layer 223
STP Design 224
Understanding Bridge Assurance 226
Integrated Service Modules 227
Service Module Placement Consideration 227
Service Modules and the Services Layer 228
Active STP, HSRP, and Service Context Alignment 230
Active/Standby Service Module Design 232
Active/Active Service Module Design 232
Establishing Inbound Path Preference 233
Using VRFs in the Data Center 235
Using the Cisco Nexus 7000 Series in the Core and Aggregation Layer 236
VDCs 238
Designs Enabled by VDCs 239
vPCs 241
vPC Best Practices 242
Designs Enabled by vPC 243
Layer 2 Multipathing 244
Designing the Access Layer 245
Overview of the Data Center Access Layer 245
Layer 2 Looped Designs 246
Layer 2 Looped Topologies 247
Layer 2 Looped Design Issues 249
Layer 2 Loop-Free Designs 250
Loop-Free Topologies 251
Example: Loop-Free U Design and Layer 2 Service Modules 253
Example: Loop-Free U Design and Cisco ACE Service Module 254
Layer 2 FlexLink Designs 255
FlexLink Issues and Considerations 256
Comparison of Layer 2 Access Designs 259
Layer 3 Access Layer Designs 260
Multicast Source Support 261
Benefits of Layer 3 Access 262
Drawbacks of Layer 3 Access 262
Blade Server Overview 262
Blade Server Connectivity Options 264
Blade Server Trunk Failover Feature 265
Virtual Blade Switching 266
Cisco Nexus Switch Family in the Access Layer 267
TOR and EOR Designs 267
Static and Dynamic Pinning 267
Cisco Nexus 2000 FEX Dynamic Pinning 268
Virtual Port Channel in the Data Center Access Layer 269
Straight-Through FEX Design 270
Active/Active FEX Design 270
Cisco Nexus 1000V in the Data Center Access Layer 272
Virtual Port Channel Host Mode 273
Design Considerations for the Cisco Nexus 1000V 274
Cisco Nexus 1010 275
Layer 2 or Layer 3 Access Design? 276
Scaling the Data Center Architecture 277
TOR Versus EOR Designs 277
Cabinet Design with TOR Switching 279
Example: Network Topology with TOR Switching Model 280
Cabinet Design with Modular Access Switches 281
Example: Network Topology with Modular Access Switches 281
Cabinet Design with Fabric Extenders 282
Server NIC Density 284
Hybrid Example with a Separate OOB Switch 284
Oversubscription and Uplinks 285
Scaling Bandwidth and Uplink Density 286
Optimizing EtherChannel Utilization with Load Balancing 286
Optimizing EtherChannel Utilization with Min-Links 287
Scaling with Service Layer Switches 288
Scaling Service on Cisco ACE Modules 289
Scaling Spanning Tree and High Availability 290
Scalability 290
STPs in the Data Center 290
STP Scaling 291
STP Logical Interfaces 292
STP Scaling with 120 Systemwide VLANs 293
STP in 1RU Designs 295
STP Scaling Design Guidelines 295
Scaling the Data Center Using Zones 296
High Availability in the Data Center 296
Common NIC Teaming Configurations 296
Server Attachment Methods 298
High Availability and Failover Times 299
High Availability and Cisco NSF with SSO 300
Describing Network Virtualization in More Detail 302
Definition of Virtualization 302
Virtualization Categories 303
Network Virtualization 304
Virtual Routing and Forwarding 305
Layer 3 VPNs and Network Virtualization 306
Summary 308
References 308
Review Questions 309
Chapter 6 SAN Design Considerations 313
Identifying SAN Components and Technologies 314
SAN Components 315
RAID Overview 317
Storage Topologies 318
DAS 318
NAS 319
SAN Technologies 320
SCSI Overview 320
Fibre Channel Overview 321
Fibre Channel Communications Model 322
VSAN 323
IVR 324
FSPF 325
Zoning 325
FICON 326
SANTap 327
Designing SAN and SAN Extension 328
Port Density and Topology Requirements 329
Device Oversubscription 330
Traffic Management 331
Fault Isolation 331
Convergence and Stability 331
SAN Designs with the Cisco MDS 9000 Family 331
SAN Consolidation with VSANs 332
Comprehensive SAN Security 332
Simplified SAN Management 332
Single-Switch Collapsed-Core Design 333
Small-Scale, Dual-Fabric Collapsed-Core Design 334
Medium-Scale, Dual-Fabric Collapsed-Core Design 335
Large-Scale, Dual-Fabric Core-Edge Design 336
SAN Extension 337
SAN Extension Protocols 339
Fibre Channel over IP 339
iSCSI 340
SAN Extension Developments 342
High-Availability SAN Extension 343
Integrated Fabric Designs Using Cisco Nexus Technology Overview 343
Unified Fabric Technologies 344
I/O Consideration in the Data Center 345
Challenges When Building a Unified Fabric Based on 10 Gigabit Ethernet 346
SAN Protocol Stack Extensions 348
FCoE Components: Converged Network Adapter 349
FCoE Components: Fibre Channel Forwarder 350
Data Center Bridging Standards 351
Unified Fabric Design Considerations 352
Deploying Nexus in the Access Layer 353
Nexus 5000/2000 Deployment Options in the Data Center 355
FCoE VLAN to VSAN Mapping, VLAN Trunking, and the CNA 355
Switch Mode Versus NPV Mode 357
Unified Fabric Best Practices 358
Summary 359
References 359
Review Questions 360
Chapter 7 E-Commerce Module Design 363
Designing High Availability for E-Commerce 363
E-Commerce High-Availability Requirements 364
Components of High Availability 364
Redundancy 365
Technology 365
People 366
Processes 366
Tools 367
Common E-Commerce Module Designs 368
Common E-Commerce Firewall Designs 368
Typical E-Commerce Module Topology 368
Using a Server as an Application Gateway 370
Virtualization with Firewall Contexts 371
Virtual Firewall Layers 372
Firewall Modes 373
Common E-Commerce Server Load Balancer Designs 375
Functions of a Server Load Balancer 375
SLB Design Models 376
SLB Router Mode 377
Application Control Engine 378
SLB Inline Bridge Mode 378
SLB One-Armed Mode 379
Common E-Commerce Design Topologies for Connecting to Multiple ISPs 382
One Firewall per ISP 382
Stateful Failover with Common External Prefix 384
Distributed Data Centers 384
Design Option: Distributed Data Centers 385
Additional Data Center Services 386
Integrated E-Commerce Designs 388
Base E-Commerce Module Design 388
Base Design Routing Logic 390
Base Design Server Traffic Flows 391
Two Firewall Layers in the E-Commerce Module Design 393
Traffic Flows in a Two-Firewall Layer Design 394
One-Armed SLB Two-Firewall E-Commerce Module Design 395
Traffic Flows in a One-Armed SLB Two-Firewall Layer Design 396
Direct Server Traffic Flows in a One-Armed SLB Two-Firewall Layer Design 398
One-Armed SLB E-Commerce Module Design with Firewall Contexts 398
Traffic Flows in a One-Armed SLB Design with Firewall Contexts 400
One-Armed SLB E-Commerce Module Design with ACE 401
Testing E-Commerce Module Designs 403
Summary 404
References 405
Review Questions 405
Chapter 8 Security Services Design 407
Designing Firewalls 407
Firewall Modes 408
Zone-Based Policy Firewall 410
Virtual Firewall Overview 411
Firewall Context Design Considerations 413
MSFC Placement 414
Active/Active Firewall Topology 415
Active/Active Topology Features 416
Asymmetric Routing with Firewalls 416
Asymmetric Routing with ASR Group on a Single FWSM 417
Asymmetric Routing with Active/Active Topology 418
Performance Scaling with Multiple FWSMs 419
Example: Load Balancing FWSMs Using PBR 419
Load Balancing FWSMs Using ECMP Routing 420
PVLAN Security 420
FWSM in a PVLAN Environment: Isolated Ports 422
FWSM in a PVLAN Environment: Community VLANs 423
Designing NAC Services 423
Network Security with Access Control 424
NAC Comparison 425
Cisco NAC Appliance Fundamentals 426
Cisco NAC Appliance Components 426
Cisco NAC Appliance Policy Updates 427
Process Flow with the Cisco NAC Appliance 428
Cisco NAS Scaling 429
Cisco NAS Deployment Options 429
Cisco NAS Gateway Modes 430
Cisco NAS Client Access Modes 431
Cisco NAS Operating Modes 431
Physical Deployment Models 432
Cisco NAC Appliance Designs 432
Layer 2 In-Band Designs 434
Example: Layer 2 In-Band Virtual Gateway 434
Example: Layer 2 In-Band Real IP Gateway 435
Layer 2 Out-of-Band Designs 435
Example: Layer 2 Out-of-Band Virtual Gateway 436
Layer 3 In-Band Designs 437
Example: Layer 3 In-Band Virtual Gateway 437
Example: Layer 3 In-Band with Multiple Remotes 438
Layer 3 Out-of-Band Designs 439
Example: Layer 3 OOB with Addressing 440
NAC Framework Overview 441
Router Platform Support for the NAC Framework 442
Switch Platform Support for the NAC Framework 443
IPS and IDS Overview 444
Threat Detection and Mitigation 444
IDSs 444
Intrusion-Prevention Systems 445
IDS and IPS Overview 446
Host Intrusion-Prevention Systems 447
IDS and IPS Design Considerations 447
IDS or IPS Deployment Considerations 448
IPS Appliance Deployment Options 448
Feature: Inline VLAN Pairing 450
IPS Deployment Challenges 450
IDS or IPS Management Interface Deployment Options 450
In-Band Management Through Tunnels 451
IDS and IPS Monitoring and Management 451
Scaling Cisco Security MARS with Global Controller Deployment 453
Summary 453
References 454
Review Questions 455
Chapter 9 IPsec and SSL VPN Design 459
Designing Remote-Access VPNs 459
Remote-Access VPN Overview 460
Example: Cisco Easy VPN Client IPsec Implementation 461
SSL VPN Overview 461
Clientless Access 462
Thin Client 463
Thick Client 464
Remote-Access VPN Design Considerations 464
VPN Termination Device and Firewall Placement 465
Address Assignment Considerations 465
Routing Design Considerations 465
Other Design Considerations 466
Designing Site-to-Site VPNs 467
Site-to-Site VPN Applications 468
WAN Replacement Using Site-to-Site IPsec VPNs 468
WAN Backup Using Site-to-Site IPsec VPNs 469
Regulatory Encryption Using Site-to-Site IPsec VPNs 470
Site-to-Site VPN Design Considerations 470
IP Addressing and Routing 470
Scaling, Sizing, and Performance 471
Cisco Router Performance with IPsec VPNs 471
Typical VPN Device Deployments 475
Design Topologies 476
VPN Device Placement Designs 476
VPN Device Parallel to Firewall 476
VPN Device on a Firewall DMZ 477
Integrated VPN and Firewall 478
Using IPsec VPN Technologies 478
IPsec VPN Overview 478
Extensions to Basic IPsec VPNs 480
Cisco Easy VPN 480
Overview of Cisco Easy VPN Server Wizard on Cisco SDM 480
Overview of Easy VPN Remote Wizard on Cisco SDM 482
GRE over IPsec Design Recommendations 483
GRE over IPsec Design Recommendations 483
DMVPN 485
DMVPN Overview 485
DMVPN Design Recommendations 487
Virtual Tunnel Interfaces Overview 487
Group Encrypted Transport VPN 489
GET VPN Topology 489
Managing and Scaling VPNs 491
Recommendations for Managing VPNs 491
Considerations for Scaling VPNs 491
Determining PPS 493
Routing Protocol Considerations for IPsec VPNs 497
EIGRP Metric Component Consideration 498
Summary 498
References 499
Review Questions 500
Chapter 10 IP Multicast Design 505
IP Multicast Technologies 506
Introduction to Multicast 506
Multicast Versus Unicast 506
IP Multicast Group Membership 507
Multicast Applications and Multicast Adoption Trends 508
Learning About Multicast Sessions 509
Advantages of Multicast 510
Disadvantages of Multicast 510
Multicast IP Addresses 511
Layer 2 Multicast Addresses 512
Multicast Address Assignment 514
Cisco Multicast Architecture 515
IGMP and CGMP 516
IGMP Version 1 516
IGMP Version 2 517
IGMP Version 3 518
Multicast with Layer 2 Switches 518
IGMP Snooping 519
CGMP 520
PIM Routing Protocol 520
PIM Terminology 521
Multicast Distribution Tree Creation 522
Reverse Path Forwarding 522
Source Distribution Trees 524
Shared Distribution Trees 525
Multicast Distribution Tree Notation 527
Deploying PIM and RPs 527
PIM Deployment Models 527
ASM or PIM-SM 528
PIM-SM Shared Tree Join 528
PIM-SM Sender Registration 529
PIM-SM SPT Switchover 530
Bidirectional PIM 532
Source-Specific Multicast 533
SSM Join Process 534
SSM Source Tree Creation 535
PIM Dense Mode 535
RP Considerations 536
Static RP Addressing 537
Anycast RP 537
Auto-RP 538
DM Fallback and DM Flooding 540
Boot Strap Router 541
Securing IP Multicast 543
Security Considerations for IP Multicast 543
Security Goals for Multicast Environments 543
Unicast and Multicast State Requirements 544
Unicast and Multicast Replication Requirements 546
Attack Traffic from Rogue Sources to Receivers 547
Attack Traffic from Sources to Networks Without Receivers 547
Attack Traffic from Rogue Receivers 548
Scoped Addresses 548
Multicast Access Control 549
Packet Filter-Based Access Control 549
Host Receiver-Side Access Control 551
PIM-SM Source Control 552
Disabling Multicast Groups for IPv6 553
Multicast over IPsec VPNs 553
Traditional Direct Encapsulation IPsec VPNs 554
Multicast over IPsec GRE 555
Multicast over DMVPN 555
Multicast Using GET VPN 557
Summary 558
References 560
Review Questions 561
Chapter 11 Network Management Capabilities Within Cisco IOS Software 565
Cisco IOS Embedded Management Tools 565
Embedded Management Rationale 566
Network Management Functional Areas 566
Designing Network Management Solutions 567
Cisco IOS Software Support of Network Management 567
Application Optimization and Cisco IOS Technologies 568
Syslog Considerations 571
Cisco IOS Syslog Message Standard 571
Issues with Syslog 572
NetFlow 573
NetFlow Overview 573
Principal NetFlow Uses 574
Definition of a Flow 574
Traditional IP Flows 575
Flow Record Creation 576
NetFlow Cache Management 578
NetFlow Export Versions 579
NetFlow Version 9 Export Packet 580
Flexible NetFlow Advantages 581
NetFlow Deployment 582
Where to Apply NetFlow Monitoring 582
NBAR 583
NBAR Overview 583
NBAR Packet Inspection 584
NBAR Protocol Discovery 586
NetFlow and NBAR Differentiation 586
Reporting NBAR Protocol Discovery Statistics from the Command Line 587
NBAR and Cisco AutoQoS 588
Cisco AutoQoS for the Enterprise 589
Example: Cisco AutoQoS Discovery Progress 590
Cisco AutoQoS Suggested Policy 591
IP SLA Considerations 592
IP SLA Overview 592
SLAs 592
Cisco IOS IP SLA Measurements 593
IP SLA SNMP Features 594
Deploying IP SLA Measurements 595
Impact of QoS Deployment on IP SLA Statistics 596
Scaling IP SLA Deployments 597
Hierarchical Monitoring with IP SLA Measurements 598
Network Management Applications Using IP SLA Measurements 599
CiscoWorks IPM Application Example 599
IP SLA Network Management Application Consideration 600
Summary 600
References 602
Review Questions 603
Appendix A Answers to Review Questions 605
Appendix B Acronyms and Abbreviations 611
Appendix C VoWLAN Design 625
TOC, 9781587142888, 9/29/2011