Uh-oh, it looks like your Internet Explorer is out of date.

For a better shopping experience, please upgrade now.

Designing Cisco Network Service Architectures (ARCH) Foundation Learning Guide: (CCDP ARCH 642-874) / Edition 3

Designing Cisco Network Service Architectures (ARCH) Foundation Learning Guide: (CCDP ARCH 642-874) / Edition 3

by John Tiso

See All Formats & Editions

ISBN-10: 1587142880

ISBN-13: 9781587142888

Pub. Date: 11/15/2011

Publisher: Cisco Press

Designing Cisco Network Service Architectures (ARCH) Foundation Learning Guide, Third Edition, is a Cisco®-authorized, self-paced learning tool for CCDP® foundation learning. This book provides you with the knowledge needed to perform the conceptual, intermediate, and detailed design of a network infrastructure that supports


Designing Cisco Network Service Architectures (ARCH) Foundation Learning Guide, Third Edition, is a Cisco®-authorized, self-paced learning tool for CCDP® foundation learning. This book provides you with the knowledge needed to perform the conceptual, intermediate, and detailed design of a network infrastructure that supports desired network solutions over intelligent network services, in order to achieve effective performance, scalability, and availability. By reading this book, you will gain a thorough understanding of how to apply solid Cisco network solution models and recommended design practices to provide viable, stable enterprise internetworking solutions. The book presents concepts and examples that are necessary to design converged enterprise networks. Advanced network infrastructure technologies, such as virtual private networks (VPNs) and other security solutions are also covered.

Designing Cisco Network Service Architectures (ARCH) Foundation Learning Guide, Third Edition teaches you the latest development in network design and technologies, including network infrastructure, intelligent network services, and converged network solutions. Specific topics include campus, routing, addressing, WAN services, data center, e-commerce, SAN, security, VPN, and IP multicast design, as well as network management. Chapter-ending review questions illustrate and help solidify the concepts presented in the book.

Whether you are preparing for CCDP certification or simply want to gain a better understanding of designing scalable and reliable network architectures, you will benefit from the foundation information presented in this book.

Designing Cisco Network Service Architectures (ARCH) Foundation Learning Guide, Third Edition, is part of a recommended learning path from Cisco that includes simulation and hands-on training from authorized Cisco Learning Partners and self-study products from Cisco Press. To find out more about instructor-led training, e-learning, and hands-on instruction offered by authorized Cisco Learning Partners worldwide, please visit www.cisco.com/go/authorizedtraining.

John Tiso, CCIE No. 5162, CCDP is a Product Manager for Cisco Systems. He holds a B.S. Degree in Computer Science and Mathematics from Adelphi University and a Graduate Citation in Strategic Management from Harvard University. John is a published author, has served as a technical editor for Cisco Press, and has participated as a SME for the CCIE program. Prior to Cisco, he was a senior consultant and architect in the Cisco partner channel.

· Learn about the Cisco Enterprise Architecture

· Create highly available campus and data center network designs

· Develop optimum Layer 3 designs

· Examine advanced WAN services design considerations

· Evaluate SAN design considerations

· Deploy effective e-commerce module designs

· Create effective security services and IPsec and SSL VPN designs

· Design IP multicast networks

· Understand the network management capabilities within Cisco IOS Software

This book is in the Foundation Learning Guide Series. These guides are developed together with Cisco® as the only authorized, self-paced learning tools that help networking professionals build their understanding of networking concepts and prepare for Cisco certification exams.

Category: Cisco Certification

Covers: CCDP ARCH 642-874

Product Details

Cisco Press
Publication date:
Foundation Learning Guides Series
Sales rank:
Product dimensions:
7.60(w) x 9.20(h) x 1.70(d)

Related Subjects

Table of Contents

Foreword xxx

Introduction xxxi

Chapter 1 The Cisco Enterprise Architecture 1

Reviewing Cisco Enterprise Architecture 1

The Hierarchical Model 2

Example Hierarchical Network 3

Enterprise Network Design for Cisco Architectures 4

Service and Application Integration 7

Network Services 7

Network Applications 9

Modularity in Cisco Network Architectures for the Enterprise 9

Reviewing the Cisco PPDIOO Approach 12

PPDIOO Network Lifecycle Approach 13

Benefits of the Lifecycle Approach 14

Using the Design Methodology Under PPDIOO 16

Identifying Customer Requirements 16

Characterizing the Existing Network and Sites 17

Designing the Topology and Network Solutions 18

Dividing the Network into Areas 18

Summary 20

References 21

Review Questions 21

Chapter 2 Enterprise Campus Network Design 23

Designing High Availability in the Enterprise Campus 24

Enterprise Campus Infrastructure Review 24

Access Layer 24

Distribution Layer 26

Core Layer 27

Collapsed-Core Model 29

High-Availability Considerations 30

Implement Optimal Redundancy 30

Provide Alternate Paths 32

Avoid Single Points of Failure 33

Cisco NSF with SSO 33

Routing Protocol Requirements for Cisco NSF 34

Cisco IOS Software Modularity Architecture 35

Example: Software Modularity Benefits 37

Designing an Optimum Design for Layer 2 38

Recommended Practices for Spanning-Tree Configuration 38

Cisco STP Toolkit 40

STP Standards and Features 40

Recommended Practices for STP Hardening 41

Recommended Practices for Trunk Configuration and Vlan Trunking Protocol 43

Dynamic Trunking Protocol 45

Recommended Practices for UDLD Configuration 46

Recommended Practices for EtherChannel 47

Port Aggregation Protocol 49

Link Aggregation Control Protocol 49

Supporting Virtual Switching Systems Designs 50

Common Access-Distribution Block Designs 51

Multichassis EtherChannels and VSS 52

VSS Design Considerations 53

Dual Active Detection and Recovery 54

VSS Design Best Practices 55

Developing an Optimum Design for Layer 3 55

Managing Oversubscription and Bandwidth 56

Bandwidth Management with EtherChannel 56

Bandwidth Management with 10 Gigabit Interfaces 57

Link Load Balancing 57

Link Load Balancing with EtherChannel 58

EtherChannel Design Versus Equal-Cost Multipathing 59

Routing Protocol Design 60

Build Redundant Triangles 60

Peer Only on Transit Links 60

Summarize at the Distribution Layer 62

First-Hop Redundancy 64

Preempt Delay Tuning 65

Elimination of FHRP in VSS Designs 66

Overview of Gateway Load Balancing Protocol 67

Optimizing FHRP Convergence 69

Supporting a Layer 2 to Layer 3 Boundary Design 71

Layer 2 to Layer 3 Boundary Design Models 71

Layer 2 Distribution Switch Interconnection 71

Layer 3 Distribution Switch Interconnection (with HSRP) 72

Layer 3 Distribution Switch Interconnection (with GLBP) 72

Layer 3 Distribution Switch with VSS Interconnection 73

Layer 3 Access to Distribution Interconnection 74

EIGRP Access Design Recommendations 75

OSPF Access Design Recommendations 76

Potential Design Issues 77

Daisy Chaining Access Layer Switches 77

Cisco StackWise Technology in the Access Layer 78

Too Much Redundancy 79

Too Little Redundancy 80

Example: Impact of an Uplink Failure 80

Example: Impact on Return-Path Traffic 82

Asymmetric Routing (Unicast Flooding) 82

Unicast Flooding Prevention 83

Supporting Infrastructure Services 84

IP Telephony Considerations 84

IP Telephony Extends the Network Edge 84

PoE Requirements 85

Power Budget and Management 87

Multi-VLAN Access Port 89

Soft Phones and Voice VLANs 90

QoS Considerations 90

Recommended Practices for QoS 91

Transmit Queue Congestion 91

QoS Role in the Campus 92

Campus QoS Design Considerations 92

Cisco Catalyst Integrated Security Features 93

Port Security Prevents MAC-Based Attacks 93

DHCP Snooping Protects Against Rogue and Malicious DHCP Servers 94

Dynamic ARP Inspection Protects Against ARP Poisoning 94

IP Source Guard Protects Against Spoofed IP Addresses 95

Example Catalyst Integrated Security Feature Configuration 95

Summary 95

References 96

Review Questions 97

Chapter 3 Developing an Optimum Design for Layer 3 101

Designing Advanced IP Addressing 101

IP Address Planning as a Foundation 102

Summary Address Blocks 102

Summarization for IPv6 103

Changing IP Addressing Needs 104

Planning Addresses 104

Applications of Summary Address Blocks 105

Implementing Role-Based Addressing 105

Bit Splitting for Route Summarization 106

Example: Bit Splitting for Area 1 107

IPv6 Address Planning 107

Bit Splitting for IPv6 108

Addressing for VPN Clients 109

NAT in the Enterprise 109

NAT with External Partners 110

Design Considerations for IPv6 in Campus Networks 111

IPv6 Campus Design Considerations 111

Dual-Stack Model 112

Hybrid Model 112

Service Block Model 114

Designing Advanced Routing 115

Route Summarization and Default Routing 115

Originating Default Routes 116

Stub Areas and Default Route 117

Route Filtering in the Network Design 118

Inappropriate Transit Traffic 118

Defensive Filtering 120

Designing Redistribution 121

Filtered Redistribution 122

Migrating Between Routing Protocols 123

Designing Scalable EIGRP Designs 123

Scaling EIGRP Designs 124

EIGRP Fast Convergence 124

EIGRP Fast-Convergence Metrics 125

Scaling EIGRP with Multiple Autonomous Systems 126

Example: External Route Redistribution Issue 126

Filtering EIGRP Redistribution with Route Tags 127

Filtering EIGRP Routing Updates with Inbound Route Tags 128

Example: Queries with Multiple EIGRP Autonomous Systems 130

Reasons for Multiple EIGRP Autonomous Systems 130

Designing Scalable OSPF Design 131

Factors Influencing OSPF Scalability 131

Number of Adjacent Neighbors and DRs 132

Routing Information in the Area and Domain 132

Designing OSPF Areas 133

Area Size: How Many Routers in an Area? 134

OSPF Hierarchy 134

Area and Domain Summarization 136

Number of Areas in an OSPF Hub-and-Spoke Design 137

OSPF Hub-and-Spoke Design 137

Issues with Hub-and-Spoke Design 138

OSPF Hub-and-Spoke Network Types 140

OSPF Area Border Connection Behavior 141

Fast Convergence in OSPF 142

OSPF Exponential Backoff 143

Tuning OSPF Parameters 143

OSPF LSA Pacing 145

OSPF Event Processing 145

Bidirectional Forwarding Detection 145

Designing Scalable BGP Designs 146

Scaling BGP Designs 146

Full-Mesh IBGP Scalability 147

Scaling IBGP with Route Reflectors 148

BGP Route Reflector Definitions 148

Route Reflector Basics 150

Scaling IBGP with Confederations 151

BGP Confederation Definitions 151

Confederation Basics 151

Confederations Reduce Meshing 152

Deploying Confederations 154

Summary 155

References 157

Review Questions 158

Chapter 4 Advanced WAN Services Design Considerations 161

Advanced WAN Service Layers 161

Enterprise Optical Interconnections 162

Overview of SONET and SDH 163

Enterprise View of SONET 164

WDM Overview 165

CWDM Technical Overview 165

DWDM Technical Overview 166

DWDM Systems 167

RPR Overview 168

RPR in the Enterprise 168

Metro Ethernet Overview 170

Metro Ethernet Service Model 170

Metro Ethernet Architecture 170

Metro Ethernet LAN Services 172

Ethernet Private Line Service 173

Ethernet Relay Service 174

Ethernet Wire Service 175

Ethernet Multipoint Service 175

Ethernet Relay Multipoint Service 176

Any Transport over MPLS 176

Ethernet over MPLS 177

End-to-End QoS 179

Shaping and Policing on Subrate Ethernet WAN 180

Choosing the Right Service 181

VPLS Overview 181

VPLS Architecture Model 182

VPLS in the Enterprise 183

Hierarchical VPLS Overview 184

Scaling VPLS 184

QoS Issues with EMS or VPLS 186

EMS or VPLS and Routing Implications 186

VPLS and IP Multicast 187

VPLS Availability 187

MPLS VPN Overview 187

Customer Considerations with MPLS VPNs 188

Routing Considerations: Backdoor Routes 189

Routing Considerations: Managed Router Combined with Internal Routing 189

Routing Considerations: Managed Router from Two Service Providers 190

Implementing Advanced WAN Services 191

Advanced WAN Service Selection 192

Business Risk Assessment 192

WAN Features and Requirements 194

SLA Overview 195

SLA Monitoring 196

Application Performance Across the WAN 197

WAN CPE Selection Considerations 198

Cisco PfR Overview 200

Cisco PfR Operations 200

Cisco PfR Design and Deployment Considerations 203

Summary 204

References 205

Review Questions 206

Chapter 5 Enterprise Data Center Design 211

Designing the Core and Aggregation Layers 212

Data Center Architecture Overview 213

Benefits of the Three-Layer Model 213

The Services Layer 214

Using Dedicated Service Appliances 215

Data Center Core Layer Design 217

Layer 3 Characteristics for the Data Center Core 218

OSPF Routing Protocol Design Recommendations 220

EIGRP Routing Protocol Design Recommendations 221

Aggregation Layer Design 221

Scaling the Aggregation Layer 223

STP Design 224

Understanding Bridge Assurance 226

Integrated Service Modules 227

Service Module Placement Consideration 227

Service Modules and the Services Layer 228

Active STP, HSRP, and Service Context Alignment 230

Active/Standby Service Module Design 232

Active/Active Service Module Design 232

Establishing Inbound Path Preference 233

Using VRFs in the Data Center 235

Using the Cisco Nexus 7000 Series in the Core and Aggregation Layer 236

VDCs 238

Designs Enabled by VDCs 239

vPCs 241

vPC Best Practices 242

Designs Enabled by vPC 243

Layer 2 Multipathing 244

Designing the Access Layer 245

Overview of the Data Center Access Layer 245

Layer 2 Looped Designs 246

Layer 2 Looped Topologies 247

Layer 2 Looped Design Issues 249

Layer 2 Loop-Free Designs 250

Loop-Free Topologies 251

Example: Loop-Free U Design and Layer 2 Service Modules 253

Example: Loop-Free U Design and Cisco ACE Service Module 254

Layer 2 FlexLink Designs 255

FlexLink Issues and Considerations 256

Comparison of Layer 2 Access Designs 259

Layer 3 Access Layer Designs 260

Multicast Source Support 261

Benefits of Layer 3 Access 262

Drawbacks of Layer 3 Access 262

Blade Server Overview 262

Blade Server Connectivity Options 264

Blade Server Trunk Failover Feature 265

Virtual Blade Switching 266

Cisco Nexus Switch Family in the Access Layer 267

TOR and EOR Designs 267

Static and Dynamic Pinning 267

Cisco Nexus 2000 FEX Dynamic Pinning 268

Virtual Port Channel in the Data Center Access Layer 269

Straight-Through FEX Design 270

Active/Active FEX Design 270

Cisco Nexus 1000V in the Data Center Access Layer 272

Virtual Port Channel Host Mode 273

Design Considerations for the Cisco Nexus 1000V 274

Cisco Nexus 1010 275

Layer 2 or Layer 3 Access Design? 276

Scaling the Data Center Architecture 277

TOR Versus EOR Designs 277

Cabinet Design with TOR Switching 279

Example: Network Topology with TOR Switching Model 280

Cabinet Design with Modular Access Switches 281

Example: Network Topology with Modular Access Switches 281

Cabinet Design with Fabric Extenders 282

Server NIC Density 284

Hybrid Example with a Separate OOB Switch 284

Oversubscription and Uplinks 285

Scaling Bandwidth and Uplink Density 286

Optimizing EtherChannel Utilization with Load Balancing 286

Optimizing EtherChannel Utilization with Min-Links 287

Scaling with Service Layer Switches 288

Scaling Service on Cisco ACE Modules 289

Scaling Spanning Tree and High Availability 290

Scalability 290

STPs in the Data Center 290

STP Scaling 291

STP Logical Interfaces 292

STP Scaling with 120 Systemwide VLANs 293

STP in 1RU Designs 295

STP Scaling Design Guidelines 295

Scaling the Data Center Using Zones 296

High Availability in the Data Center 296

Common NIC Teaming Configurations 296

Server Attachment Methods 298

High Availability and Failover Times 299

High Availability and Cisco NSF with SSO 300

Describing Network Virtualization in More Detail 302

Definition of Virtualization 302

Virtualization Categories 303

Network Virtualization 304

Virtual Routing and Forwarding 305

Layer 3 VPNs and Network Virtualization 306

Summary 308

References 308

Review Questions 309

Chapter 6 SAN Design Considerations 313

Identifying SAN Components and Technologies 314

SAN Components 315

RAID Overview 317

Storage Topologies 318

DAS 318

NAS 319

SAN Technologies 320

SCSI Overview 320

Fibre Channel Overview 321

Fibre Channel Communications Model 322

VSAN 323

IVR 324

FSPF 325

Zoning 325


SANTap 327

Designing SAN and SAN Extension 328

Port Density and Topology Requirements 329

Device Oversubscription 330

Traffic Management 331

Fault Isolation 331

Convergence and Stability 331

SAN Designs with the Cisco MDS 9000 Family 331

SAN Consolidation with VSANs 332

Comprehensive SAN Security 332

Simplified SAN Management 332

Single-Switch Collapsed-Core Design 333

Small-Scale, Dual-Fabric Collapsed-Core Design 334

Medium-Scale, Dual-Fabric Collapsed-Core Design 335

Large-Scale, Dual-Fabric Core-Edge Design 336

SAN Extension 337

SAN Extension Protocols 339

Fibre Channel over IP 339

iSCSI 340

SAN Extension Developments 342

High-Availability SAN Extension 343

Integrated Fabric Designs Using Cisco Nexus Technology Overview 343

Unified Fabric Technologies 344

I/O Consideration in the Data Center 345

Challenges When Building a Unified Fabric Based on 10 Gigabit Ethernet 346

SAN Protocol Stack Extensions 348

FCoE Components: Converged Network Adapter 349

FCoE Components: Fibre Channel Forwarder 350

Data Center Bridging Standards 351

Unified Fabric Design Considerations 352

Deploying Nexus in the Access Layer 353

Nexus 5000/2000 Deployment Options in the Data Center 355

FCoE VLAN to VSAN Mapping, VLAN Trunking, and the CNA 355

Switch Mode Versus NPV Mode 357

Unified Fabric Best Practices 358

Summary 359

References 359

Review Questions 360

Chapter 7 E-Commerce Module Design 363

Designing High Availability for E-Commerce 363

E-Commerce High-Availability Requirements 364

Components of High Availability 364

Redundancy 365

Technology 365

People 366

Processes 366

Tools 367

Common E-Commerce Module Designs 368

Common E-Commerce Firewall Designs 368

Typical E-Commerce Module Topology 368

Using a Server as an Application Gateway 370

Virtualization with Firewall Contexts 371

Virtual Firewall Layers 372

Firewall Modes 373

Common E-Commerce Server Load Balancer Designs 375

Functions of a Server Load Balancer 375

SLB Design Models 376

SLB Router Mode 377

Application Control Engine 378

SLB Inline Bridge Mode 378

SLB One-Armed Mode 379

Common E-Commerce Design Topologies for Connecting to Multiple ISPs 382

One Firewall per ISP 382

Stateful Failover with Common External Prefix 384

Distributed Data Centers 384

Design Option: Distributed Data Centers 385

Additional Data Center Services 386

Integrated E-Commerce Designs 388

Base E-Commerce Module Design 388

Base Design Routing Logic 390

Base Design Server Traffic Flows 391

Two Firewall Layers in the E-Commerce Module Design 393

Traffic Flows in a Two-Firewall Layer Design 394

One-Armed SLB Two-Firewall E-Commerce Module Design 395

Traffic Flows in a One-Armed SLB Two-Firewall Layer Design 396

Direct Server Traffic Flows in a One-Armed SLB Two-Firewall Layer Design 398

One-Armed SLB E-Commerce Module Design with Firewall Contexts 398

Traffic Flows in a One-Armed SLB Design with Firewall Contexts 400

One-Armed SLB E-Commerce Module Design with ACE 401

Testing E-Commerce Module Designs 403

Summary 404

References 405

Review Questions 405

Chapter 8 Security Services Design 407

Designing Firewalls 407

Firewall Modes 408

Zone-Based Policy Firewall 410

Virtual Firewall Overview 411

Firewall Context Design Considerations 413

MSFC Placement 414

Active/Active Firewall Topology 415

Active/Active Topology Features 416

Asymmetric Routing with Firewalls 416

Asymmetric Routing with ASR Group on a Single FWSM 417

Asymmetric Routing with Active/Active Topology 418

Performance Scaling with Multiple FWSMs 419

Example: Load Balancing FWSMs Using PBR 419

Load Balancing FWSMs Using ECMP Routing 420

PVLAN Security 420

FWSM in a PVLAN Environment: Isolated Ports 422

FWSM in a PVLAN Environment: Community VLANs 423

Designing NAC Services 423

Network Security with Access Control 424

NAC Comparison 425

Cisco NAC Appliance Fundamentals 426

Cisco NAC Appliance Components 426

Cisco NAC Appliance Policy Updates 427

Process Flow with the Cisco NAC Appliance 428

Cisco NAS Scaling 429

Cisco NAS Deployment Options 429

Cisco NAS Gateway Modes 430

Cisco NAS Client Access Modes 431

Cisco NAS Operating Modes 431

Physical Deployment Models 432

Cisco NAC Appliance Designs 432

Layer 2 In-Band Designs 434

Example: Layer 2 In-Band Virtual Gateway 434

Example: Layer 2 In-Band Real IP Gateway 435

Layer 2 Out-of-Band Designs 435

Example: Layer 2 Out-of-Band Virtual Gateway 436

Layer 3 In-Band Designs 437

Example: Layer 3 In-Band Virtual Gateway 437

Example: Layer 3 In-Band with Multiple Remotes 438

Layer 3 Out-of-Band Designs 439

Example: Layer 3 OOB with Addressing 440

NAC Framework Overview 441

Router Platform Support for the NAC Framework 442

Switch Platform Support for the NAC Framework 443

IPS and IDS Overview 444

Threat Detection and Mitigation 444

IDSs 444

Intrusion-Prevention Systems 445

IDS and IPS Overview 446

Host Intrusion-Prevention Systems 447

IDS and IPS Design Considerations 447

IDS or IPS Deployment Considerations 448

IPS Appliance Deployment Options 448

Feature: Inline VLAN Pairing 450

IPS Deployment Challenges 450

IDS or IPS Management Interface Deployment Options 450

In-Band Management Through Tunnels 451

IDS and IPS Monitoring and Management 451

Scaling Cisco Security MARS with Global Controller Deployment 453

Summary 453

References 454

Review Questions 455

Chapter 9 IPsec and SSL VPN Design 459

Designing Remote-Access VPNs 459

Remote-Access VPN Overview 460

Example: Cisco Easy VPN Client IPsec Implementation 461

SSL VPN Overview 461

Clientless Access 462

Thin Client 463

Thick Client 464

Remote-Access VPN Design Considerations 464

VPN Termination Device and Firewall Placement 465

Address Assignment Considerations 465

Routing Design Considerations 465

Other Design Considerations 466

Designing Site-to-Site VPNs 467

Site-to-Site VPN Applications 468

WAN Replacement Using Site-to-Site IPsec VPNs 468

WAN Backup Using Site-to-Site IPsec VPNs 469

Regulatory Encryption Using Site-to-Site IPsec VPNs 470

Site-to-Site VPN Design Considerations 470

IP Addressing and Routing 470

Scaling, Sizing, and Performance 471

Cisco Router Performance with IPsec VPNs 471

Typical VPN Device Deployments 475

Design Topologies 476

VPN Device Placement Designs 476

VPN Device Parallel to Firewall 476

VPN Device on a Firewall DMZ 477

Integrated VPN and Firewall 478

Using IPsec VPN Technologies 478

IPsec VPN Overview 478

Extensions to Basic IPsec VPNs 480

Cisco Easy VPN 480

Overview of Cisco Easy VPN Server Wizard on Cisco SDM 480

Overview of Easy VPN Remote Wizard on Cisco SDM 482

GRE over IPsec Design Recommendations 483

GRE over IPsec Design Recommendations 483


DMVPN Overview 485

DMVPN Design Recommendations 487

Virtual Tunnel Interfaces Overview 487

Group Encrypted Transport VPN 489

GET VPN Topology 489

Managing and Scaling VPNs 491

Recommendations for Managing VPNs 491

Considerations for Scaling VPNs 491

Determining PPS 493

Routing Protocol Considerations for IPsec VPNs 497

EIGRP Metric Component Consideration 498

Summary 498

References 499

Review Questions 500

Chapter 10 IP Multicast Design 505

IP Multicast Technologies 506

Introduction to Multicast 506

Multicast Versus Unicast 506

IP Multicast Group Membership 507

Multicast Applications and Multicast Adoption Trends 508

Learning About Multicast Sessions 509

Advantages of Multicast 510

Disadvantages of Multicast 510

Multicast IP Addresses 511

Layer 2 Multicast Addresses 512

Multicast Address Assignment 514

Cisco Multicast Architecture 515

IGMP and CGMP 516

IGMP Version 1 516

IGMP Version 2 517

IGMP Version 3 518

Multicast with Layer 2 Switches 518

IGMP Snooping 519

CGMP 520

PIM Routing Protocol 520

PIM Terminology 521

Multicast Distribution Tree Creation 522

Reverse Path Forwarding 522

Source Distribution Trees 524

Shared Distribution Trees 525

Multicast Distribution Tree Notation 527

Deploying PIM and RPs 527

PIM Deployment Models 527

ASM or PIM-SM 528

PIM-SM Shared Tree Join 528

PIM-SM Sender Registration 529

PIM-SM SPT Switchover 530

Bidirectional PIM 532

Source-Specific Multicast 533

SSM Join Process 534

SSM Source Tree Creation 535

PIM Dense Mode 535

RP Considerations 536

Static RP Addressing 537

Anycast RP 537

Auto-RP 538

DM Fallback and DM Flooding 540

Boot Strap Router 541

Securing IP Multicast 543

Security Considerations for IP Multicast 543

Security Goals for Multicast Environments 543

Unicast and Multicast State Requirements 544

Unicast and Multicast Replication Requirements 546

Attack Traffic from Rogue Sources to Receivers 547

Attack Traffic from Sources to Networks Without Receivers 547

Attack Traffic from Rogue Receivers 548

Scoped Addresses 548

Multicast Access Control 549

Packet Filter-Based Access Control 549

Host Receiver-Side Access Control 551

PIM-SM Source Control 552

Disabling Multicast Groups for IPv6 553

Multicast over IPsec VPNs 553

Traditional Direct Encapsulation IPsec VPNs 554

Multicast over IPsec GRE 555

Multicast over DMVPN 555

Multicast Using GET VPN 557

Summary 558

References 560

Review Questions 561

Chapter 11 Network Management Capabilities Within Cisco IOS Software 565

Cisco IOS Embedded Management Tools 565

Embedded Management Rationale 566

Network Management Functional Areas 566

Designing Network Management Solutions 567

Cisco IOS Software Support of Network Management 567

Application Optimization and Cisco IOS Technologies 568

Syslog Considerations 571

Cisco IOS Syslog Message Standard 571

Issues with Syslog 572

NetFlow 573

NetFlow Overview 573

Principal NetFlow Uses 574

Definition of a Flow 574

Traditional IP Flows 575

Flow Record Creation 576

NetFlow Cache Management 578

NetFlow Export Versions 579

NetFlow Version 9 Export Packet 580

Flexible NetFlow Advantages 581

NetFlow Deployment 582

Where to Apply NetFlow Monitoring 582

NBAR 583

NBAR Overview 583

NBAR Packet Inspection 584

NBAR Protocol Discovery 586

NetFlow and NBAR Differentiation 586

Reporting NBAR Protocol Discovery Statistics from the Command Line 587

NBAR and Cisco AutoQoS 588

Cisco AutoQoS for the Enterprise 589

Example: Cisco AutoQoS Discovery Progress 590

Cisco AutoQoS Suggested Policy 591

IP SLA Considerations 592

IP SLA Overview 592

SLAs 592

Cisco IOS IP SLA Measurements 593

IP SLA SNMP Features 594

Deploying IP SLA Measurements 595

Impact of QoS Deployment on IP SLA Statistics 596

Scaling IP SLA Deployments 597

Hierarchical Monitoring with IP SLA Measurements 598

Network Management Applications Using IP SLA Measurements 599

CiscoWorks IPM Application Example 599

IP SLA Network Management Application Consideration 600

Summary 600

References 602

Review Questions 603

Appendix A Answers to Review Questions 605

Appendix B Acronyms and Abbreviations 611

Appendix C VoWLAN Design 625

TOC, 9781587142888, 9/29/2011

Customer Reviews

Average Review:

Post to your social network


Most Helpful Customer Reviews

See all customer reviews