Table of Contents
Introduction
Part I Designing Reliable and Resilient Enterprise Layer 2 and Layer 3 Networks
Chapter 1 Optimal Enterprise Campus Design
Enterprise Campus Design Principles
Hierarchy
Access Layer
Distribution Layer
Core Layer
Enterprise Campus Two-Tier Layer Model
Enterprise Campus Three-Tier Layer Model
Modularity
Modular Enterprise Campus Architecture and Modular Enterprise Campus with OSPF
Access-Distribution Block
Flexibility
Campus Network Virtualization
Campus Network Virtualization Technologies and Techniques
VLAN Assignment
Virtual Routing and Forwarding
Path Isolation Techniques
Resiliency
Enterprise Campus High-Availability Design Considerations
VLANs, Trunking, and Link Aggregation Design Recommendations
VLAN Design
Trunking
Link Aggregation
First-Hop Redundancy Protocol (FHRP)
IP Gateway Redundancy Optimization with VSS
Layer 2 to Layer 3 Boundary Design Options and Considerations
Distribution-to-Distribution Link Design Considerations
A Summary of Enterprise Campus HA Designs
Summary
Review Questions
References
Chapter 2 EIGRP Design
Scalable EIGRP Design Overview
EIGRP with Multiple Autonomous Systems
EIGRP Queries
Multiple EIGRP Autonomous System Drivers
EIGRP Multilayer Architectures
EIGRP Two-Layer Hierarchy Architecture
EIGRP Three-Layer Hierarchy Architecture
EIGRP Hub-and-Spoke Design
Summarization Challenges
Route Summarization Black Holes
Route Summarization and Suboptimal Routing
EIGRP Hub-and-Spoke Scalability Optimization
EIGRP Stub Leaking
EIGRP DMVPN Scaling
EIGRP Fast Convergence Design Considerations
Bidirectional Forwarding Detection
EIGRP Graceful Restart/NSF Considerations
Summary
Review Questions
Chapter 3 OSPF Design
OSPF Scalability Design Considerations
Adjacent Neighbors
Routing Information in the Area and the Routed Domain
Numbers of Routers in an Area
Number of Areas per ABR
OSPF Area Design Considerations
OSPF Hierarchy
Area and Domain Summarization
OSPF Full-Mesh Design
OSPF Hub-and-Spoke Design
OSPF ABR Placement in Hub-and-Spoke Design
Number of Areas in OSPF Hub-and-Spoke Design
OSPF Network Types in Hub-and-Spoke Design
OSPF Convergence Design Considerations and Optimization Techniques
Event Detection
OSPF Event Propagation
OSPF Event Processing
OSPF Flooding Reduction
OSPF Database Overload Protection
Summary
Review Questions
Chapter 4 IS-IS Design
Protocol Overview
IS-IS Characteristics
Integrated IS-IS Routing
IS-IS Hierarchical Architecture Overview
IS-IS Router and Link Types
IS-IS Adjacencies
IS-IS Versus OSPF
Similarities Between IS-IS and OSPF
OSPF and IS-IS Characteristics
Integrated IS-IS and OSPF Area Designs
OSPF Area Design
Integrated IS-IS Area Design
IS-IS Technical Deep Dive
IS-IS Addressing
IS-IS Packets
IS-IS Information Data Flow
IS-IS Network Types
IS-IS Protocol Operations
Level 1 and Level 2 LSPs and IIHs
IS-IS Link-State Packets Flooding
IS-IS LSDB Synchronization
IS-IS Design Considerations
IS-IS Routing Logic Overview
Advanced IS-IS Routing
Route Leaking
Asymmetric Versus Symmetric IS-IS Routing
IS-IS Routing over NBMA Hub-and-Spoke
IS-IS Routing over a Full-Mesh Network
Flat IS-IS Routing Design
Hierarchal IS-IS Design
IS-IS Routes Summarization
Integrated IS-IS for IPv6
IS-IS Single-Topology Restrictions
Multitopology IS-IS for IPv6
Final Thoughts on IS-IS Routing Design
Summary
Review Questions
Chapter 5 Border Gateway Protocol Design
BGP Overview
BGP Speaker Types
BGP Loop Prevention and Split-Horizon Rule
BGP Path Attributes and Path Selection (Review)
BGP Path Attributes
How BGP Selects Paths
Designing Scalable iBGP Networks
iBGP Scalability Limitations
IBGP Scalability Solutions
BGP Route Reflectors
BGP Confederations
BGP Confederations Versus BGP Route Reflectors
BGP Route Reflector Design
Route Reflector Split-Horizon Rule
BGP Route Reflectors Redundancy Design Options and Considerations
Route Reflector Clusters
Loop-Prevention Mechanisms
Congruence of Physical and Logical Networks
Hierarchical Route Reflector Design
Route Reflector Potential Network Design Issues
Enhancing the Design of BGP Policies with BGP Communities
BGP Community Attribute Overview
Well-Known BGP Communities
BGP Named Community List
Planning for the Use of BGP Communities
Case Study: Designing Enterprise wide BGP Policies Using BGP Communities
Enterprise BGP Policy Requirements
BGP Community Solution Design
Solution Detailed Design and Traffic Flow
BGP Load-Sharing Design
Single-Homing Versus Multihoming
Dual-Homing and Multihoming Design Considerations
Single-Homed, Multiple Links
Dual-Homed to One ISP Using a Single Local Edge Router
Dual-Homed to One ISP Using Multiple Edge Routers
Multihoming with Two ISPs Using a Single Local Edge Router
Multihoming with Two ISPs Using Multiple Local Edge Routers
Summary
Review Questions
Part II Enterprise IPv6 Design Considerations and Challenges
Chapter 6 IPv6 Design Considerations in the Enterprise
IPv6 Deployment and Design Considerations
Business and Network Discovery Phase
Assessment Phase
Planning and Design Phase
Implementation and Optimization Phases
Considerations for Migration to IPv6 Design
Acquiring IPv6 Prefixes
Provider Independent Versus Provider Assigned
Where to Start the Migration
Migration Models and Design Considerations
IPv6 Island
IPv6 WAN
IPv6 Transition Mechanisms
Dual Stack
NAT64 and DNS64
Manual Tunnels
Tunnel Brokers
6 Rapid Deployment
Dual-Stack Lite (DS-Lite)
Locator/ID Separation Protocol (LISP)
LISP Site Edge Devices
LISP Infrastructure Devices
Final Thoughts on IPv6 Transition Mechanisms
Summary
Review Questions
Chapter 7 Challenges of the Transition to IPv6
IPv6 Services
Name Services
Implementation Recommendations
Addressing Services
Implementation Recommendations
Security Services
Link Layer Security Considerations
Application Support
Application Adaptation
Application Workarounds
Control Plane Security
Dual-Stack Security Considerations
Tunneling Security Considerations
Multihoming
Summary
Review Questions
Part III Modern Enterprise Wide-Area Networks Design
Chapter 8 Service Provider—Managed VPNs
Choosing Your WAN Connection
Layer 3 MPLS VPNs
MPLS VPN Architecture
Enterprise Routing Considerations
Provider Edge (PE) Router Architecture
Route Distinguishers
Route Target (RT)
PE-CE Routing Protocol
Using EIGRP as the PE-CE Routing Protocol
Using OSPF as the PE-CE Routing Protocol
Using BGP as the PE-CE Routing Protocol
Case Study: MPLS VPN Routing Propagation
Forwarding in MPLS VPN
Layer 2 MPLS VPN Services
Virtual Private Wire Service (VPWS)
Virtual Private LAN Service (VPLS)
VPLS Scalability Considerations
VPLS Resiliency Considerations
VPLS Versus VPWS
Summary
Review Questions
Chapter 9 Enterprise-Managed WANs
Enterprise-Managed VPN Overview
GRE Overview
Multipoint GRE Overview
Point-to-Point and Multipoint GRE Comparison
IPsec Overview
IPsec and GRE
IPsec and Virtual Tunnel Interface
IPsec and Dynamic VTI
DMVPN Overview
DMVPN Phase 1
DMVPN Phase 2
DMVPN Phase 3
Case Study: EIGRP DMVPN
EIGRP over DMVPN Phase 1
EIGRP over DMVPN Phase 2
EIGRP over DMVPN Phase 3
DMVPN Phase 1—3 Summary
DMVPN and Redundancy
Case Study: MPLS/VPN over GRE/DMVPN
SSL VPN Overview
FlexVPN Overview
FlexVPN Architecture
FlexVPN Capabilities
FlexVPN Configuration Blocks
GETVPN
Summary
Review Questions
Chapter 10 Enterprise WAN Resiliency Design
WAN Remote-Site Overview
MPLS Layer 3 WAN Design Models
Common Layer 2 WAN Design Models
Common VPN WAN Design Models
3G/4G VPN Design Models
Remote Site Using Local Internet
Remote-Site LAN
Case Study: Redundancy and Connectivity
ATM WAN Design
Remote-Site (Branch Office) WAN Design
Regional Offices WAN Design
Basic Traffic Engineering Techniques
NGWAN, SDWAN, and IWAN Solution Overview
Transport-Independent Design
Intelligent Path Control
Application Optimization
Secure Connectivity
Management
IWAN Design Overview
IWAN Hybrid Design Model
Cisco PfR Overview
Cisco PfR Operations
Cisco IWAN and PfRv3
Cisco PfRv3 Design and Deployment Considerations
Enterprise WAN and Access Management
APIC-EM
Design of APIC-EM
Summary
Review Questions
Part IV Enterprise Data Center Designs
Chapter 11 Multitier Enterprise Data Center Designs
Case Study 1: Small Data Centers (Connecting Servers to an Enterprise LAN)
Case Study 2: Two-Tier Data Center Network Architecture
Case Study 3: Three-Tier Data Center Network Architecture
Data Center Inter-VLAN Routing
End of Row Versus Top of Rack Design
Fabric Extenders
Data Center High Availability
Network Interface Controller Teaming
Summary
Review Questions
Chapter 12 New Trends and Techniques to Design Modern Data Centers
The Need for a New Network Architecture
Limitations of Current Networking Technology
Modern Data Center Design Techniques and Architectures
Spine-Leaf Data Center Design
Network Overlays
Cisco Fabric Path
Virtual Extensible LAN (VXLAN)
VXLAN Tunnel Endpoint
Remote VTEP Discovery and Tenant Address Learning
VXLAN Control-Plane Optimization
Software-Defined Networking
How SDN Can Help
Selection Criteria of SDN Solutions
SDN Requirements
SDN Challenges
Direction of Nontraditional SDN
Multitenant Data Center
Secure Tenant Separation
Layer 3 Separation with VRF-Lite
Device-Level Virtualization and Separation
Case Study: Multitenant Data Center
Microsegmentation with Overlay Networks
Summary
Review Questions
References
Chapter 13 Cisco Application-Centric Infrastructure
ACI Characteristics
How the Cisco ACI Addresses Current Networking Limitations
Cisco ACI Architecture Components
Cisco Application Policy Infrastructure Controller (APIC)
APIC Approach Within the ACI Architecture
Cisco ACI Fabric
ACI Network Virtualization Overlays
Application Design Principles with the Cisco ACI Policy Model
What Is an Endpoint Group in Cisco ACI?
Design EPGs
ACI Fabric Access Polices
Building Blocks of a Tenant in the Cisco ACI
Crafting Applications Design with the Cisco ACI
ACI Interaction with External Layer 2 Connections and Networks
Connecting ACI to the Outside Layer 2 Domain
ACI Integration with STP-Based Layer LAN
ACI Routing
First-Hop Layer 3 Default Gateway in ACI
Border Leaves
Route Propagation inside the ACI Fabric
Connecting the ACI Fabric to External Layer 3 Domains
Integration and Migration to ACI Connectivity Options
Summary
Review Questions
References
Chapter 14 Data Center Connections
Data Center Traffic Flows
Traffic Flow Directions
Traffic Flow Types
The Need for DCI
IP Address Mobility
Case Study: Dark Fiber DCI
Pseudowire DCI
Virtual Private LAN Service DCI
Customer-Managed Layer 2 DCI Deployment Models
Any Transport over MPLS over GRE
Customer-Managed Layer 2 DCI Deployment
Layer 2 DCI Caveats
Overlay Transport Virtualization DCI
Overlay Networking DCI
Layer 3 DCI
Summary
Review Questions
Part V Design QoS for Optimized User Experience
Chapter 15 QoS Overview
QoS Overview
IntServ versus DiffServ
Classification and Marking
Classifications and Marking Tools
Layer 2 Marking: IEEE 802.1Q/p Class of Service
Layer 3 Marking: IP Type of Service
Layer 3 Marking: DSCP Per-Hop Behaviors
Layer 2.5 Marking: MPLS Experimental Bits
Mapping QoS Markings between OSI Layers
Layer 7 Classification: NBAR/NBAR2
Policers and Shapers
Token Bucket Algorithms
Policing Tools: Single-Rate Three-Color Marker
Policing Tools: Two-Rate Three-Color Marker
Queuing Tools
Tx-Ring
Fair Queuing
CBWFQ
Dropping Tools
DSCP-Based WRED
IP ECN
Summary
Review Questions
Chapter 16 QoS Design Principles and Best Practices
QoS Overview
Classification and Marking Design Principles
Policing and Remarking Design Principles
Queuing Design Principles
Dropping Design Principles
Per-Hop Behavior Queue Design Principles
RFC 4594 QoS Recommendation
QoS Strategy Models
4-Class QoS Strategy
8-Class QoS Strategy
12-Class QoS Strategy
Summary
Review Questions
Chapter 17 Campus, WAN, and Data Center QoS Design
Campus QoS Overview
VoIP and Video
Buffers and Bursts
Trust States and Boundaries
Trust States and Boundaries Example
Dynamic Trust State
Classification/Marking/Policing QoS Model
Queuing/Dropping Recommendations
Link Aggregation “EtherChannel” QoS Design
Practical Example of Campus QoS Design
WAN QoS Overview
Platform Performance Considerations
Latency and Jitter Considerations
Queuing Considerations
Shaping Considerations
Practical Example of WAN and Branch QoS
Data Center QoS Overview
High-Performance Trading Architecture
Big Data Architecture
Case Study: Virtualized Multiservice Architectures
Data Center Bridging Toolset
Case Study: DC QoS Application
Summary
Review Questions
Chapter 18 MPLS VPN QoS Design
The Need for QoS in MPLS VPN
Layer 2 Private WAN QoS Administration
Fully Meshed MPLS VPN QoS Administration
MPLS DiffServ Tunneling Modes
Uniform Tunneling Mode
Short-Pipe Tunneling Mode
Pipe Tunneling Mode
Sample MPLS VPN QoS Roles
Summary
Review Questions
Chapter 19 IPsec VPN QoS Design
The Need for QoS in IPsec VPN
VPN Use Cases and Their QoS Models
IPsec Refresher
IOS Encryption and Classification: Order of Operations
MTU Considerations
DMVPN QoS Considerations
GET VPN QoS Considerations
Summary
Review Questions
Part VI IP Multicast Design
Chapter 20 Enterprise IP Multicast Design
How Does IP Multicast Work?
Multicast Group
IP Multicast Service Model
Functions of a Multicast Network
Multicast Protocols
Multicast Forwarding and RPF Check
Case Study 1: RPF Check Fails and Succeeds
Multicast Protocol Basics
Multicast Distribution Trees Identification
PIM-SM Overview
Receiver Joins PIM-SM Shared Tree
Registered to RP
PIM-SM SPT Switchover
Multicast Routing Table
Basic SSM Concepts
SSM Scenario
Bidirectional PIM
PIM Modifications for Bidirectional Operation
DF Election
DF Election Messages
Case Study 2: DF Election
Summary
Review Questions
Chapter 21 Rendezvous Point Distribution Solutions
Rendezvous Point Discovery
Rendezvous Placement
Auto-RP
Auto-RP Candidate RPs
Auto-RP Mapping Agents
Auto-RP and Other Routers
Case Study: Auto-RP Operation
Auto-RP Scope Problem
PIMv2 BSR
PIMv2 BSR: Candidate RPs
PIMv2 BSR: Bootstrap Router
PIMv2 BSR: All PIMv2 Routers
BSR Flooding Problem
IPv6 Embedded Rendezvous Point
Anycast RP Features
Anycast RP Example
MSDP Protocol Overview
MSDP Neighbor Relationship
Case Study: MSDP Operation
Summary
Review Questions
Part VII Designing Optimum Enterprise Network Security
Chapter 22 Designing Security Services and Infrastructure Protection
Network Security Zoning
Cisco Modular Network Architecture
Cisco Next-Generation Security
Designing Infrastructure Protection
Infrastructure Device Access
Routing Infrastructure
Device Resiliency and Survivability
Network Policy Enforcement
Switching Infrastructure
SDN Security Considerations
Summary
Review Questions
Chapter 23 Designing Firewall and IPS Solutions
Firewall Architectures
Virtualized Firewalls
Case Study 1: Separation of Application Tiers
Securing East-West Traffic
Case Study 2: Implementing Firewalls in a Data Center
Case Study 3: Firewall High Availability
IPS Architectures
Case Study 4: Building a Secure Campus Edge Design (Internet and Extranet Connectivity)
Campus Edge
Connecting External Partners
Challenges of Connecting External Partners
Extranet Topology: Remote LAN Model
Extranet Topology: Interconnect Model
Extranet: Security and Multitenant Segmentation
Summary
Review Questions
Chapter 24 IP Multicast Security
Multicast Security Challenges
Problems in the Multicast Network
Multicast Network Security Considerations
Network Element Security
Security at the Network Edge
Securing Auto-RP and BSR
MSDP Security
PIM and Internal Multicast Security
Multicast Sender Control
Multicast Receiver Controls
Multicast Admission Controls
Summary
Review Questions
Chapter 25 Designing Network Access Control Solutions
IEEE 802.1X Overview
Extensible Authentication Protocol
802.1X Supplicants
IEEE 802.1X Phased Deployment
Cisco TrustSec
Profiling Service
Security Group Tag
Case Study: Authorization Options
Summary
Review Questions
Part VIII Design Scenarios
Chapter 26 Design Case Studies
Case Study 1: Design Enterprise Connectivity
Detailed Requirements and Expectations
Design Analysis and Task List
Selecting a Replacement Routing Protocol
Designing for the New Routing Protocol
OSPF Design Optimization
Planning and Designing the Migration from the Old to the New Routing
Scaling the Design
Case Study 2: Design Enterprise BGP Network with Internet Connectivity
Detailed Requirements and Expectations
Design Analysis and Task List
Choosing the Routing Protocol
Choosing the Autonomous System Numbers
BGP Connectivity
BGP Sessions
BGP Communities
Routing Policy
Routing Policy in North American Sites
Routing Policy in European and Asian Sites
Internet Routing
Public IP Space Selection
Main HQ Multihoming
Default Routing
Case Study 3: Design Enterprise IPv6 Network
Detailed Requirements and Expectations
Design Analysis and Task List
Choosing the IP Address Type for the HQ
Connecting the Branch Sites
Deployment Model
Addressing
Address Provisioning
Communication Between Branches
Application and Service Migration
Case Study 4: Design Enterprise Data Center Connectivity
Detailed Requirements and Expectations
Design Analysis and Task List
Selecting the Data Center Architecture and Connectivity Model
DCN Detailed Connectivity
Connecting Network Appliances
Data Center Interconnect
Data Center Network Virtualization Design
Case Study 5: Design Resilient Enterprise WAN
Detailed Requirements and Expectations
Design Analysis and Task List
Selecting WAN Links
WAN Overlay
Case Study 6: Design Secure Enterprise Network
Detailed Requirements and Expectations
Security Domains and Zone Design
Infrastructure and Network Access Security
Layer 2 Security Considerations
Main and Remote Location Firewalling
Case Study 7: Design QoS in the Enterprise Network
Detailed Requirements and Expectations
Traffic Discovery and Analysis
QoS Design Model
QoS Trust Boundary
Congestion Management
Scavenger Traffic Considerations
MPLS WAN DiffServ Tunneling
Appendix A Answers to Review Questions
Appendix B References
9781587144622 TOC 11/28/2016