Designing for Cisco Network Service Architectures (ARCH) Foundation Learning Guide: CCDP ARCH 300-320 / Edition 4

Designing for Cisco Network Service Architectures (ARCH) Foundation Learning Guide: CCDP ARCH 300-320 / Edition 4

ISBN-10:
158714462X
ISBN-13:
9781587144622
Pub. Date:
01/13/2017
Publisher:
Cisco Press
ISBN-10:
158714462X
ISBN-13:
9781587144622
Pub. Date:
01/13/2017
Publisher:
Cisco Press
Designing for Cisco Network Service Architectures (ARCH) Foundation Learning Guide: CCDP ARCH 300-320 / Edition 4

Designing for Cisco Network Service Architectures (ARCH) Foundation Learning Guide: CCDP ARCH 300-320 / Edition 4

Hardcover

$66.98
Current price is , Original price is $79.99. You
$66.98  $79.99 Save 16% Current price is $66.98, Original price is $79.99. You Save 16%.
  • SHIP THIS ITEM
    Temporarily Out of Stock Online
  • PICK UP IN STORE

    Your local store may have stock of this item.

  • SHIP THIS ITEM

    Temporarily Out of Stock Online

    Please check back later for updated availability.


Overview

Designing for Cisco Network Service Architectures (ARCH) Foundation Learning Guide, Fourth Edition

· Learn about the Cisco modular enterprise architecture

· Create highly available enterprise network designs

· Develop optimum Layer 3 designs

· Examine advanced WAN services design considerations

· Evaluate data center design considerations

· Design effective modern WAN and data center designs

· Develop effective migration approaches to IPv6

· Design resilient IP multicast networks

· Create effective network security designs


Designing for Cisco Network Service Architectures (ARCH) Foundation Learning Guide , Fourth Edition, is a Cisco-authorized, self-paced learning tool for CCDP foundation learning. This book provides you with the knowledge needed to perform the conceptual, intermediate, and detailed design of a network infrastructure that supports desired network solutions over intelligent network services to achieve effective performance, scalability, and availability. This book presents concepts and examples necessary to design converged enterprise networks. You learn additional aspects of modular campus design, advanced routing designs, WAN service designs, enterprise data center design, IP multicast design, and security design. Advanced and modern network infrastructure solutions, such as virtual private networks (VPN), Cisco Intelligent WAN (IWAN), and Cisco Application-Centric Infrastructure (ACI), are also covered.

Chapter-ending review questions illustrate and help solidify the concepts presented in the book.

Whether you are preparing for CCDP certification or CCDE certification, or simply want to gain a better understanding of designing scalable and reliable network architectures, you will benefit from the foundation information presented in this book.


Designing for Cisco Network Service Architectures (ARCH) Foundation Learning Guide, Fourth Edition, is part of a recommended learning path from Cisco that includes simulation and hands-on training from authorized Cisco Learning Partners and self-study products from Cisco Press. To find out more about instructor-led training, e-learning, and hands-on instruction offered by authorized Cisco Learning Partners worldwide, please visit https://learningnetwork.cisco.com.


Category: Cisco Certification

Covers: CCDP ARCH 300-320


Product Details

ISBN-13: 9781587144622
Publisher: Cisco Press
Publication date: 01/13/2017
Series: Foundation Learning Guides Series
Edition description: New Edition
Pages: 944
Product dimensions: 7.50(w) x 9.20(h) x 2.10(d)

About the Author

Marwan Al-shawi, CCDE No. 20130066, is a Cisco Press author whose titles include the top Cisco certification design books CCDE Study Guide and Designing for Cisco Network Service Architectures (ARCH) Foundation Learning Guide, Fourth Edition. He also is an experienced technical architect. Marwan has been in the networking industry for more than 12 years and has been involved in architecting, designing, and implementing various large-scale networks, some of which are global service provider—grade networks. Marwan holds a Master of Science degree in internetworking from the University of Technology, Sydney. He enjoys helping and assessing network designs and architectures; therefore, he was selected as a Cisco Designated VIP by the Cisco Support Community (CSC) (official Cisco Systems forums) in 2012 and by the Solutions and Architectures subcommunity in 2014. In addition, Marwan was selected as a member of the Cisco Champions program in 2015 and 2016. In his spare time, Marwan provides CCDP- and CCDE-related training and blogs at netdesignarena.com.


André Laurent, 3xCCIE No. 21840, CCDE No. 20120024, is the worldwide director of engineering for enterprise networking sales at Cisco Systems and a Cisco Press author. Outside his own personal development, André has an equal passion for helping others develop their systems and assisting them with the certification process. André is recognized in the industry as a subject matter expert in the areas of routing, switching, security, and design. Although he wears a Cisco badge, André takes a neutral approach in helping clients establish a long-term business and technology vision covering necessary strategy, execution, and metrics for measuring impact.

Table of Contents

Introduction

Part I Designing Reliable and Resilient Enterprise Layer 2 and Layer 3 Networks

Chapter 1 Optimal Enterprise Campus Design

Enterprise Campus Design Principles

Hierarchy

Access Layer

Distribution Layer

Core Layer

Enterprise Campus Two-Tier Layer Model

Enterprise Campus Three-Tier Layer Model

Modularity

Modular Enterprise Campus Architecture and Modular Enterprise Campus with OSPF

Access-Distribution Block

Flexibility

Campus Network Virtualization

Campus Network Virtualization Technologies and Techniques

VLAN Assignment

Virtual Routing and Forwarding

Path Isolation Techniques

Resiliency

Enterprise Campus High-Availability Design Considerations

VLANs, Trunking, and Link Aggregation Design Recommendations

VLAN Design

Trunking

Link Aggregation

First-Hop Redundancy Protocol (FHRP)

IP Gateway Redundancy Optimization with VSS

Layer 2 to Layer 3 Boundary Design Options and Considerations

Distribution-to-Distribution Link Design Considerations

A Summary of Enterprise Campus HA Designs

Summary

Review Questions

References

Chapter 2 EIGRP Design

Scalable EIGRP Design Overview

EIGRP with Multiple Autonomous Systems

EIGRP Queries

Multiple EIGRP Autonomous System Drivers

EIGRP Multilayer Architectures

EIGRP Two-Layer Hierarchy Architecture

EIGRP Three-Layer Hierarchy Architecture

EIGRP Hub-and-Spoke Design

Summarization Challenges

Route Summarization Black Holes

Route Summarization and Suboptimal Routing

EIGRP Hub-and-Spoke Scalability Optimization

EIGRP Stub Leaking

EIGRP DMVPN Scaling

EIGRP Fast Convergence Design Considerations

Bidirectional Forwarding Detection

EIGRP Graceful Restart/NSF Considerations

Summary

Review Questions

Chapter 3 OSPF Design

OSPF Scalability Design Considerations

Adjacent Neighbors

Routing Information in the Area and the Routed Domain

Numbers of Routers in an Area

Number of Areas per ABR

OSPF Area Design Considerations

OSPF Hierarchy

Area and Domain Summarization

OSPF Full-Mesh Design

OSPF Hub-and-Spoke Design

OSPF ABR Placement in Hub-and-Spoke Design

Number of Areas in OSPF Hub-and-Spoke Design

OSPF Network Types in Hub-and-Spoke Design

OSPF Convergence Design Considerations and Optimization Techniques

Event Detection

OSPF Event Propagation

OSPF Event Processing

OSPF Flooding Reduction

OSPF Database Overload Protection

Summary

Review Questions

Chapter 4 IS-IS Design

Protocol Overview

IS-IS Characteristics

Integrated IS-IS Routing

IS-IS Hierarchical Architecture Overview

IS-IS Router and Link Types

IS-IS Adjacencies

IS-IS Versus OSPF

Similarities Between IS-IS and OSPF

OSPF and IS-IS Characteristics

Integrated IS-IS and OSPF Area Designs

OSPF Area Design

Integrated IS-IS Area Design

IS-IS Technical Deep Dive

IS-IS Addressing

IS-IS Packets

IS-IS Information Data Flow

IS-IS Network Types

IS-IS Protocol Operations

Level 1 and Level 2 LSPs and IIHs

IS-IS Link-State Packets Flooding

IS-IS LSDB Synchronization

IS-IS Design Considerations

IS-IS Routing Logic Overview

Advanced IS-IS Routing

Route Leaking

Asymmetric Versus Symmetric IS-IS Routing

IS-IS Routing over NBMA Hub-and-Spoke

IS-IS Routing over a Full-Mesh Network

Flat IS-IS Routing Design

Hierarchal IS-IS Design

IS-IS Routes Summarization

Integrated IS-IS for IPv6

IS-IS Single-Topology Restrictions

Multitopology IS-IS for IPv6

Final Thoughts on IS-IS Routing Design

Summary

Review Questions

Chapter 5 Border Gateway Protocol Design

BGP Overview

BGP Speaker Types

BGP Loop Prevention and Split-Horizon Rule

BGP Path Attributes and Path Selection (Review)

BGP Path Attributes

How BGP Selects Paths

Designing Scalable iBGP Networks

iBGP Scalability Limitations

IBGP Scalability Solutions

BGP Route Reflectors

BGP Confederations

BGP Confederations Versus BGP Route Reflectors

BGP Route Reflector Design

Route Reflector Split-Horizon Rule

BGP Route Reflectors Redundancy Design Options and Considerations

Route Reflector Clusters

Loop-Prevention Mechanisms

Congruence of Physical and Logical Networks

Hierarchical Route Reflector Design

Route Reflector Potential Network Design Issues

Enhancing the Design of BGP Policies with BGP Communities

BGP Community Attribute Overview

Well-Known BGP Communities

BGP Named Community List

Planning for the Use of BGP Communities

Case Study: Designing Enterprise wide BGP Policies Using BGP Communities

Enterprise BGP Policy Requirements

BGP Community Solution Design

Solution Detailed Design and Traffic Flow

BGP Load-Sharing Design

Single-Homing Versus Multihoming

Dual-Homing and Multihoming Design Considerations

Single-Homed, Multiple Links

Dual-Homed to One ISP Using a Single Local Edge Router

Dual-Homed to One ISP Using Multiple Edge Routers

Multihoming with Two ISPs Using a Single Local Edge Router

Multihoming with Two ISPs Using Multiple Local Edge Routers

Summary

Review Questions

Part II Enterprise IPv6 Design Considerations and Challenges

Chapter 6 IPv6 Design Considerations in the Enterprise

IPv6 Deployment and Design Considerations

Business and Network Discovery Phase

Assessment Phase

Planning and Design Phase

Implementation and Optimization Phases

Considerations for Migration to IPv6 Design

Acquiring IPv6 Prefixes

Provider Independent Versus Provider Assigned

Where to Start the Migration

Migration Models and Design Considerations

IPv6 Island

IPv6 WAN

IPv6 Transition Mechanisms

Dual Stack

NAT64 and DNS64

Manual Tunnels

Tunnel Brokers

6 Rapid Deployment

Dual-Stack Lite (DS-Lite)

Locator/ID Separation Protocol (LISP)

LISP Site Edge Devices

LISP Infrastructure Devices

Final Thoughts on IPv6 Transition Mechanisms

Summary

Review Questions

Chapter 7 Challenges of the Transition to IPv6

IPv6 Services

Name Services

Implementation Recommendations

Addressing Services

Implementation Recommendations

Security Services

Link Layer Security Considerations

Application Support

Application Adaptation

Application Workarounds

Control Plane Security

Dual-Stack Security Considerations

Tunneling Security Considerations

Multihoming

Summary

Review Questions

Part III Modern Enterprise Wide-Area Networks Design

Chapter 8 Service Provider—Managed VPNs

Choosing Your WAN Connection

Layer 3 MPLS VPNs

MPLS VPN Architecture

Enterprise Routing Considerations

Provider Edge (PE) Router Architecture

Route Distinguishers

Route Target (RT)

PE-CE Routing Protocol

Using EIGRP as the PE-CE Routing Protocol

Using OSPF as the PE-CE Routing Protocol

Using BGP as the PE-CE Routing Protocol

Case Study: MPLS VPN Routing Propagation

Forwarding in MPLS VPN

Layer 2 MPLS VPN Services

Virtual Private Wire Service (VPWS)

Virtual Private LAN Service (VPLS)

VPLS Scalability Considerations

VPLS Resiliency Considerations

VPLS Versus VPWS

Summary

Review Questions

Chapter 9 Enterprise-Managed WANs

Enterprise-Managed VPN Overview

GRE Overview

Multipoint GRE Overview

Point-to-Point and Multipoint GRE Comparison

IPsec Overview

IPsec and GRE

IPsec and Virtual Tunnel Interface

IPsec and Dynamic VTI

DMVPN Overview

DMVPN Phase 1

DMVPN Phase 2

DMVPN Phase 3

Case Study: EIGRP DMVPN

EIGRP over DMVPN Phase 1

EIGRP over DMVPN Phase 2

EIGRP over DMVPN Phase 3

DMVPN Phase 1—3 Summary

DMVPN and Redundancy

Case Study: MPLS/VPN over GRE/DMVPN

SSL VPN Overview

FlexVPN Overview

FlexVPN Architecture

FlexVPN Capabilities

FlexVPN Configuration Blocks

GETVPN

Summary

Review Questions

Chapter 10 Enterprise WAN Resiliency Design

WAN Remote-Site Overview

MPLS Layer 3 WAN Design Models

Common Layer 2 WAN Design Models

Common VPN WAN Design Models

3G/4G VPN Design Models

Remote Site Using Local Internet

Remote-Site LAN

Case Study: Redundancy and Connectivity

ATM WAN Design

Remote-Site (Branch Office) WAN Design

Regional Offices WAN Design

Basic Traffic Engineering Techniques

NGWAN, SDWAN, and IWAN Solution Overview

Transport-Independent Design

Intelligent Path Control

Application Optimization

Secure Connectivity

Management

IWAN Design Overview

IWAN Hybrid Design Model

Cisco PfR Overview

Cisco PfR Operations

Cisco IWAN and PfRv3

Cisco PfRv3 Design and Deployment Considerations

Enterprise WAN and Access Management

APIC-EM

Design of APIC-EM

Summary

Review Questions

Part IV Enterprise Data Center Designs

Chapter 11 Multitier Enterprise Data Center Designs

Case Study 1: Small Data Centers (Connecting Servers to an Enterprise LAN)

Case Study 2: Two-Tier Data Center Network Architecture

Case Study 3: Three-Tier Data Center Network Architecture

Data Center Inter-VLAN Routing

End of Row Versus Top of Rack Design

Fabric Extenders

Data Center High Availability

Network Interface Controller Teaming

Summary

Review Questions

Chapter 12 New Trends and Techniques to Design Modern Data Centers

The Need for a New Network Architecture

Limitations of Current Networking Technology

Modern Data Center Design Techniques and Architectures

Spine-Leaf Data Center Design

Network Overlays

Cisco Fabric Path

Virtual Extensible LAN (VXLAN)

VXLAN Tunnel Endpoint

Remote VTEP Discovery and Tenant Address Learning

VXLAN Control-Plane Optimization

Software-Defined Networking

How SDN Can Help

Selection Criteria of SDN Solutions

SDN Requirements

SDN Challenges

Direction of Nontraditional SDN

Multitenant Data Center

Secure Tenant Separation

Layer 3 Separation with VRF-Lite

Device-Level Virtualization and Separation

Case Study: Multitenant Data Center

Microsegmentation with Overlay Networks

Summary

Review Questions

References

Chapter 13 Cisco Application-Centric Infrastructure

ACI Characteristics

How the Cisco ACI Addresses Current Networking Limitations

Cisco ACI Architecture Components

Cisco Application Policy Infrastructure Controller (APIC)

APIC Approach Within the ACI Architecture

Cisco ACI Fabric

ACI Network Virtualization Overlays

Application Design Principles with the Cisco ACI Policy Model

What Is an Endpoint Group in Cisco ACI?

Design EPGs

ACI Fabric Access Polices

Building Blocks of a Tenant in the Cisco ACI

Crafting Applications Design with the Cisco ACI

ACI Interaction with External Layer 2 Connections and Networks

Connecting ACI to the Outside Layer 2 Domain

ACI Integration with STP-Based Layer LAN

ACI Routing

First-Hop Layer 3 Default Gateway in ACI

Border Leaves

Route Propagation inside the ACI Fabric

Connecting the ACI Fabric to External Layer 3 Domains

Integration and Migration to ACI Connectivity Options

Summary

Review Questions

References

Chapter 14 Data Center Connections

Data Center Traffic Flows

Traffic Flow Directions

Traffic Flow Types

The Need for DCI

IP Address Mobility

Case Study: Dark Fiber DCI

Pseudowire DCI

Virtual Private LAN Service DCI

Customer-Managed Layer 2 DCI Deployment Models

Any Transport over MPLS over GRE

Customer-Managed Layer 2 DCI Deployment

Layer 2 DCI Caveats

Overlay Transport Virtualization DCI

Overlay Networking DCI

Layer 3 DCI

Summary

Review Questions

Part V Design QoS for Optimized User Experience

Chapter 15 QoS Overview

QoS Overview

IntServ versus DiffServ

Classification and Marking

Classifications and Marking Tools

Layer 2 Marking: IEEE 802.1Q/p Class of Service

Layer 3 Marking: IP Type of Service

Layer 3 Marking: DSCP Per-Hop Behaviors

Layer 2.5 Marking: MPLS Experimental Bits

Mapping QoS Markings between OSI Layers

Layer 7 Classification: NBAR/NBAR2

Policers and Shapers

Token Bucket Algorithms

Policing Tools: Single-Rate Three-Color Marker

Policing Tools: Two-Rate Three-Color Marker

Queuing Tools

Tx-Ring

Fair Queuing

CBWFQ

Dropping Tools

DSCP-Based WRED

IP ECN

Summary

Review Questions

Chapter 16 QoS Design Principles and Best Practices

QoS Overview

Classification and Marking Design Principles

Policing and Remarking Design Principles

Queuing Design Principles

Dropping Design Principles

Per-Hop Behavior Queue Design Principles

RFC 4594 QoS Recommendation

QoS Strategy Models

4-Class QoS Strategy

8-Class QoS Strategy

12-Class QoS Strategy

Summary

Review Questions

Chapter 17 Campus, WAN, and Data Center QoS Design

Campus QoS Overview

VoIP and Video

Buffers and Bursts

Trust States and Boundaries

Trust States and Boundaries Example

Dynamic Trust State

Classification/Marking/Policing QoS Model

Queuing/Dropping Recommendations

Link Aggregation “EtherChannel” QoS Design

Practical Example of Campus QoS Design

WAN QoS Overview

Platform Performance Considerations

Latency and Jitter Considerations

Queuing Considerations

Shaping Considerations

Practical Example of WAN and Branch QoS

Data Center QoS Overview

High-Performance Trading Architecture

Big Data Architecture

Case Study: Virtualized Multiservice Architectures

Data Center Bridging Toolset

Case Study: DC QoS Application

Summary

Review Questions

Chapter 18 MPLS VPN QoS Design

The Need for QoS in MPLS VPN

Layer 2 Private WAN QoS Administration

Fully Meshed MPLS VPN QoS Administration

MPLS DiffServ Tunneling Modes

Uniform Tunneling Mode

Short-Pipe Tunneling Mode

Pipe Tunneling Mode

Sample MPLS VPN QoS Roles

Summary

Review Questions

Chapter 19 IPsec VPN QoS Design

The Need for QoS in IPsec VPN

VPN Use Cases and Their QoS Models

IPsec Refresher

IOS Encryption and Classification: Order of Operations

MTU Considerations

DMVPN QoS Considerations

GET VPN QoS Considerations

Summary

Review Questions

Part VI IP Multicast Design

Chapter 20 Enterprise IP Multicast Design

How Does IP Multicast Work?

Multicast Group

IP Multicast Service Model

Functions of a Multicast Network

Multicast Protocols

Multicast Forwarding and RPF Check

Case Study 1: RPF Check Fails and Succeeds

Multicast Protocol Basics

Multicast Distribution Trees Identification

PIM-SM Overview

Receiver Joins PIM-SM Shared Tree

Registered to RP

PIM-SM SPT Switchover

Multicast Routing Table

Basic SSM Concepts

SSM Scenario

Bidirectional PIM

PIM Modifications for Bidirectional Operation

DF Election

DF Election Messages

Case Study 2: DF Election

Summary

Review Questions

Chapter 21 Rendezvous Point Distribution Solutions

Rendezvous Point Discovery

Rendezvous Placement

Auto-RP

Auto-RP Candidate RPs

Auto-RP Mapping Agents

Auto-RP and Other Routers

Case Study: Auto-RP Operation

Auto-RP Scope Problem

PIMv2 BSR

PIMv2 BSR: Candidate RPs

PIMv2 BSR: Bootstrap Router

PIMv2 BSR: All PIMv2 Routers

BSR Flooding Problem

IPv6 Embedded Rendezvous Point

Anycast RP Features

Anycast RP Example

MSDP Protocol Overview

MSDP Neighbor Relationship

Case Study: MSDP Operation

Summary

Review Questions

Part VII Designing Optimum Enterprise Network Security

Chapter 22 Designing Security Services and Infrastructure Protection

Network Security Zoning

Cisco Modular Network Architecture

Cisco Next-Generation Security

Designing Infrastructure Protection

Infrastructure Device Access

Routing Infrastructure

Device Resiliency and Survivability

Network Policy Enforcement

Switching Infrastructure

SDN Security Considerations

Summary

Review Questions

Chapter 23 Designing Firewall and IPS Solutions

Firewall Architectures

Virtualized Firewalls

Case Study 1: Separation of Application Tiers

Securing East-West Traffic

Case Study 2: Implementing Firewalls in a Data Center

Case Study 3: Firewall High Availability

IPS Architectures

Case Study 4: Building a Secure Campus Edge Design (Internet and Extranet Connectivity)

Campus Edge

Connecting External Partners

Challenges of Connecting External Partners

Extranet Topology: Remote LAN Model

Extranet Topology: Interconnect Model

Extranet: Security and Multitenant Segmentation

Summary

Review Questions

Chapter 24 IP Multicast Security

Multicast Security Challenges

Problems in the Multicast Network

Multicast Network Security Considerations

Network Element Security

Security at the Network Edge

Securing Auto-RP and BSR

MSDP Security

PIM and Internal Multicast Security

Multicast Sender Control

Multicast Receiver Controls

Multicast Admission Controls

Summary

Review Questions

Chapter 25 Designing Network Access Control Solutions

IEEE 802.1X Overview

Extensible Authentication Protocol

802.1X Supplicants

IEEE 802.1X Phased Deployment

Cisco TrustSec

Profiling Service

Security Group Tag

Case Study: Authorization Options

Summary

Review Questions

Part VIII Design Scenarios

Chapter 26 Design Case Studies

Case Study 1: Design Enterprise Connectivity

Detailed Requirements and Expectations

Design Analysis and Task List

Selecting a Replacement Routing Protocol

Designing for the New Routing Protocol

OSPF Design Optimization

Planning and Designing the Migration from the Old to the New Routing

Scaling the Design

Case Study 2: Design Enterprise BGP Network with Internet Connectivity

Detailed Requirements and Expectations

Design Analysis and Task List

Choosing the Routing Protocol

Choosing the Autonomous System Numbers

BGP Connectivity

BGP Sessions

BGP Communities

Routing Policy

Routing Policy in North American Sites

Routing Policy in European and Asian Sites

Internet Routing

Public IP Space Selection

Main HQ Multihoming

Default Routing

Case Study 3: Design Enterprise IPv6 Network

Detailed Requirements and Expectations

Design Analysis and Task List

Choosing the IP Address Type for the HQ

Connecting the Branch Sites

Deployment Model

Addressing

Address Provisioning

Communication Between Branches

Application and Service Migration

Case Study 4: Design Enterprise Data Center Connectivity

Detailed Requirements and Expectations

Design Analysis and Task List

Selecting the Data Center Architecture and Connectivity Model

DCN Detailed Connectivity

Connecting Network Appliances

Data Center Interconnect

Data Center Network Virtualization Design

Case Study 5: Design Resilient Enterprise WAN

Detailed Requirements and Expectations

Design Analysis and Task List

Selecting WAN Links

WAN Overlay

Case Study 6: Design Secure Enterprise Network

Detailed Requirements and Expectations

Security Domains and Zone Design

Infrastructure and Network Access Security

Layer 2 Security Considerations

Main and Remote Location Firewalling

Case Study 7: Design QoS in the Enterprise Network

Detailed Requirements and Expectations

Traffic Discovery and Analysis

QoS Design Model

QoS Trust Boundary

Congestion Management

Scavenger Traffic Considerations

MPLS WAN DiffServ Tunneling

Appendix A Answers to Review Questions

Appendix B References

9781587144622 TOC 11/28/2016

From the B&N Reads Blog

Customer Reviews