Free Delivery Over $100
|
|
|||
|
||||
OverviewDesigning Cisco Network Service Architectures (ARCH) Foundation Learning Guide, Third Edition, is a Cisco®-authorized, self-paced learning tool for CCDP® foundation learning. This book provides you with the knowledge needed to perform the conceptual, intermediate, and detailed design of a network infrastructure that supports desired network solutions over intelligent network services, in order to achieve effective performance, scalability, and availability. By reading this book, you will gain a thorough understanding of how to apply solid Cisco network solution models and recommended design practices to provide viable, stable enterprise internetworking solutions. The book presents concepts and examples that are necessary to design converged enterprise networks. Advanced network infrastructure technologies, such as virtual private networks (VPNs) and other security solutions are also covered. Designing Cisco Network Service Architectures (ARCH) Foundation Learning Guide, Third Edition teaches you the latest development in network design and technologies, including network infrastructure, intelligent network services, and converged network solutions. Specific topics include campus, routing, addressing, WAN services, data center, e-commerce, SAN, security, VPN, and IP multicast design, as well as network management. Chapter-ending review questions illustrate and help solidify the concepts presented in the book. Whether you are preparing for CCDP certification or simply want to gain a better understanding of designing scalable and reliable network architectures, you will benefit from the foundation information presented in this book. Designing Cisco Network Service Architectures (ARCH) Foundation Learning Guide, Third Edition, is part of a recommended learning path from Cisco that includes simulation and hands-on training from authorized Cisco Learning Partners and self-study products from Cisco Press. To find out more about instructor-led training, e-learning, and hands-on instruction offered by authorized Cisco Learning Partners worldwide, please visit www.cisco.com/go/authorizedtraining. John Tiso, CCIE No. 5162, CCDP is a Product Manager for Cisco Systems. He holds a B.S. Degree in Computer Science and Mathematics from Adelphi University and a Graduate Citation in Strategic Management from Harvard University. John is a published author, has served as a technical editor for Cisco Press, and has participated as a SME for the CCIE program. Prior to Cisco, he was a senior consultant and architect in the Cisco partner channel. · Learn about the Cisco Enterprise Architecture · Create highly available campus and data center network designs · Develop optimum Layer 3 designs · Examine advanced WAN services design considerations · Evaluate SAN design considerations · Deploy effective e-commerce module designs · Create effective security services and IPsec and SSL VPN designs · Design IP multicast networks · Understand the network management capabilities within Cisco IOS Software This book is in the Foundation Learning Guide Series. These guides are developed together with Cisco® as the only authorized, self-paced learning tools that help networking professionals build their understanding of networking concepts and prepare for Cisco certification exams. Category: Cisco Certification Covers: CCDP ARCH 642-874 Full Product DetailsAuthor: John Tiso , John Tiso , Diane TearePublisher: Pearson Education (US) Imprint: Cisco Press Edition: 3rd edition Dimensions: Width: 19.10cm , Height: 4.10cm , Length: 23.70cm Weight: 1.412kg ISBN: 9781587142888ISBN 10: 1587142880 Pages: 736 Publication Date: 15 November 2011 Audience: Professional and scholarly , Professional & Vocational Replaced By: 9781587144622 Format: Hardback Publisher's Status: Out of Print Availability: Awaiting stock  Table of ContentsForeword xxx Introduction xxxi Chapter 1 The Cisco Enterprise Architecture 1 Reviewing Cisco Enterprise Architecture 1 The Hierarchical Model 2 Example Hierarchical Network 3 Enterprise Network Design for Cisco Architectures 4 Service and Application Integration 7 Network Services 7 Network Applications 9 Modularity in Cisco Network Architectures for the Enterprise 9 Reviewing the Cisco PPDIOO Approach 12 PPDIOO Network Lifecycle Approach 13 Benefits of the Lifecycle Approach 14 Using the Design Methodology Under PPDIOO 16 Identifying Customer Requirements 16 Characterizing the Existing Network and Sites 17 Designing the Topology and Network Solutions 18 Dividing the Network into Areas 18 Summary 20 References 21 Review Questions 21 Chapter 2 Enterprise Campus Network Design 23 Designing High Availability in the Enterprise Campus 24 Enterprise Campus Infrastructure Review 24 Access Layer 24 Distribution Layer 26 Core Layer 27 Collapsed-Core Model 29 High-Availability Considerations 30 Implement Optimal Redundancy 30 Provide Alternate Paths 32 Avoid Single Points of Failure 33 Cisco NSF with SSO 33 Routing Protocol Requirements for Cisco NSF 34 Cisco IOS Software Modularity Architecture 35 Example: Software Modularity Benefits 37 Designing an Optimum Design for Layer 2 38 Recommended Practices for Spanning-Tree Configuration 38 Cisco STP Toolkit 40 STP Standards and Features 40 Recommended Practices for STP Hardening 41 Recommended Practices for Trunk Configuration and Vlan Trunking Protocol 43 Dynamic Trunking Protocol 45 Recommended Practices for UDLD Configuration 46 Recommended Practices for EtherChannel 47 Port Aggregation Protocol 49 Link Aggregation Control Protocol 49 Supporting Virtual Switching Systems Designs 50 Common Access-Distribution Block Designs 51 Multichassis EtherChannels and VSS 52 VSS Design Considerations 53 Dual Active Detection and Recovery 54 VSS Design Best Practices 55 Developing an Optimum Design for Layer 3 55 Managing Oversubscription and Bandwidth 56 Bandwidth Management with EtherChannel 56 Bandwidth Management with 10 Gigabit Interfaces 57 Link Load Balancing 57 Link Load Balancing with EtherChannel 58 EtherChannel Design Versus Equal-Cost Multipathing 59 Routing Protocol Design 60 Build Redundant Triangles 60 Peer Only on Transit Links 60 Summarize at the Distribution Layer 62 First-Hop Redundancy 64 Preempt Delay Tuning 65 Elimination of FHRP in VSS Designs 66 Overview of Gateway Load Balancing Protocol 67 Optimizing FHRP Convergence 69 Supporting a Layer 2 to Layer 3 Boundary Design 71 Layer 2 to Layer 3 Boundary Design Models 71 Layer 2 Distribution Switch Interconnection 71 Layer 3 Distribution Switch Interconnection (with HSRP) 72 Layer 3 Distribution Switch Interconnection (with GLBP) 72 Layer 3 Distribution Switch with VSS Interconnection 73 Layer 3 Access to Distribution Interconnection 74 EIGRP Access Design Recommendations 75 OSPF Access Design Recommendations 76 Potential Design Issues 77 Daisy Chaining Access Layer Switches 77 Cisco StackWise Technology in the Access Layer 78 Too Much Redundancy 79 Too Little Redundancy 80 Example: Impact of an Uplink Failure 80 Example: Impact on Return-Path Traffic 82 Asymmetric Routing (Unicast Flooding) 82 Unicast Flooding Prevention 83 Supporting Infrastructure Services 84 IP Telephony Considerations 84 IP Telephony Extends the Network Edge 84 PoE Requirements 85 Power Budget and Management 87 Multi-VLAN Access Port 89 Soft Phones and Voice VLANs 90 QoS Considerations 90 Recommended Practices for QoS 91 Transmit Queue Congestion 91 QoS Role in the Campus 92 Campus QoS Design Considerations 92 Cisco Catalyst Integrated Security Features 93 Port Security Prevents MAC-Based Attacks 93 DHCP Snooping Protects Against Rogue and Malicious DHCP Servers 94 Dynamic ARP Inspection Protects Against ARP Poisoning 94 IP Source Guard Protects Against Spoofed IP Addresses 95 Example Catalyst Integrated Security Feature Configuration 95 Summary 95 References 96 Review Questions 97 Chapter 3 Developing an Optimum Design for Layer 3 101 Designing Advanced IP Addressing 101 IP Address Planning as a Foundation 102 Summary Address Blocks 102 Summarization for IPv6 103 Changing IP Addressing Needs 104 Planning Addresses 104 Applications of Summary Address Blocks 105 Implementing Role-Based Addressing 105 Bit Splitting for Route Summarization 106 Example: Bit Splitting for Area 1 107 IPv6 Address Planning 107 Bit Splitting for IPv6 108 Addressing for VPN Clients 109 NAT in the Enterprise 109 NAT with External Partners 110 Design Considerations for IPv6 in Campus Networks 111 IPv6 Campus Design Considerations 111 Dual-Stack Model 112 Hybrid Model 112 Service Block Model 114 Designing Advanced Routing 115 Route Summarization and Default Routing 115 Originating Default Routes 116 Stub Areas and Default Route 117 Route Filtering in the Network Design 118 Inappropriate Transit Traffic 118 Defensive Filtering 120 Designing Redistribution 121 Filtered Redistribution 122 Migrating Between Routing Protocols 123 Designing Scalable EIGRP Designs 123 Scaling EIGRP Designs 124 EIGRP Fast Convergence 124 EIGRP Fast-Convergence Metrics 125 Scaling EIGRP with Multiple Autonomous Systems 126 Example: External Route Redistribution Issue 126 Filtering EIGRP Redistribution with Route Tags 127 Filtering EIGRP Routing Updates with Inbound Route Tags 128 Example: Queries with Multiple EIGRP Autonomous Systems 130 Reasons for Multiple EIGRP Autonomous Systems 130 Designing Scalable OSPF Design 131 Factors Influencing OSPF Scalability 131 Number of Adjacent Neighbors and DRs 132 Routing Information in the Area and Domain 132 Designing OSPF Areas 133 Area Size: How Many Routers in an Area? 134 OSPF Hierarchy 134 Area and Domain Summarization 136 Number of Areas in an OSPF Hub-and-Spoke Design 137 OSPF Hub-and-Spoke Design 137 Issues with Hub-and-Spoke Design 138 OSPF Hub-and-Spoke Network Types 140 OSPF Area Border Connection Behavior 141 Fast Convergence in OSPF 142 OSPF Exponential Backoff 143 Tuning OSPF Parameters 143 OSPF LSA Pacing 145 OSPF Event Processing 145 Bidirectional Forwarding Detection 145 Designing Scalable BGP Designs 146 Scaling BGP Designs 146 Full-Mesh IBGP Scalability 147 Scaling IBGP with Route Reflectors 148 BGP Route Reflector Definitions 148 Route Reflector Basics 150 Scaling IBGP with Confederations 151 BGP Confederation Definitions 151 Confederation Basics 151 Confederations Reduce Meshing 152 Deploying Confederations 154 Summary 155 References 157 Review Questions 158 Chapter 4 Advanced WAN Services Design Considerations 161 Advanced WAN Service Layers 161 Enterprise Optical Interconnections 162 Overview of SONET and SDH 163 Enterprise View of SONET 164 WDM Overview 165 CWDM Technical Overview 165 DWDM Technical Overview 166 DWDM Systems 167 RPR Overview 168 RPR in the Enterprise 168 Metro Ethernet Overview 170 Metro Ethernet Service Model 170 Metro Ethernet Architecture 170 Metro Ethernet LAN Services 172 Ethernet Private Line Service 173 Ethernet Relay Service 174 Ethernet Wire Service 175 Ethernet Multipoint Service 175 Ethernet Relay Multipoint Service 176 Any Transport over MPLS 176 Ethernet over MPLS 177 End-to-End QoS 179 Shaping and Policing on Subrate Ethernet WAN 180 Choosing the Right Service 181 VPLS Overview 181 VPLS Architecture Model 182 VPLS in the Enterprise 183 Hierarchical VPLS Overview 184 Scaling VPLS 184 QoS Issues with EMS or VPLS 186 EMS or VPLS and Routing Implications 186 VPLS and IP Multicast 187 VPLS Availability 187 MPLS VPN Overview 187 Customer Considerations with MPLS VPNs 188 Routing Considerations: Backdoor Routes 189 Routing Considerations: Managed Router Combined with Internal Routing 189 Routing Considerations: Managed Router from Two Service Providers 190 Implementing Advanced WAN Services 191 Advanced WAN Service Selection 192 Business Risk Assessment 192 WAN Features and Requirements 194 SLA Overview 195 SLA Monitoring 196 Application Performance Across the WAN 197 WAN CPE Selection Considerations 198 Cisco PfR Overview 200 Cisco PfR Operations 200 Cisco PfR Design and Deployment Considerations 203 Summary 204 References 205 Review Questions 206 Chapter 5 Enterprise Data Center Design 211 Designing the Core and Aggregation Layers 212 Data Center Architecture Overview 213 Benefits of the Three-Layer Model 213 The Services Layer 214 Using Dedicated Service Appliances 215 Data Center Core Layer Design 217 Layer 3 Characteristics for the Data Center Core 218 OSPF Routing Protocol Design Recommendations 220 EIGRP Routing Protocol Design Recommendations 221 Aggregation Layer Design 221 Scaling the Aggregation Layer 223 STP Design 224 Understanding Bridge Assurance 226 Integrated Service Modules 227 Service Module Placement Consideration 227 Service Modules and the Services Layer 228 Active STP, HSRP, and Service Context Alignment 230 Active/Standby Service Module Design 232 Active/Active Service Module Design 232 Establishing Inbound Path Preference 233 Using VRFs in the Data Center 235 Using the Cisco Nexus 7000 Series in the Core and Aggregation Layer 236 VDCs 238 Designs Enabled by VDCs 239 vPCs 241 vPC Best Practices 242 Designs Enabled by vPC 243 Layer 2 Multipathing 244 Designing the Access Layer 245 Overview of the Data Center Access Layer 245 Layer 2 Looped Designs 246 Layer 2 Looped Topologies 247 Layer 2 Looped Design Issues 249 Layer 2 Loop-Free Designs 250 Loop-Free Topologies 251 Example: Loop-Free U Design and Layer 2 Service Modules 253 Example: Loop-Free U Design and Cisco ACE Service Module 254 Layer 2 FlexLink Designs 255 FlexLink Issues and Considerations 256 Comparison of Layer 2 Access Designs 259 Layer 3 Access Layer Designs 260 Multicast Source Support 261 Benefits of Layer 3 Access 262 Drawbacks of Layer 3 Access 262 Blade Server Overview 262 Blade Server Connectivity Options 264 Blade Server Trunk Failover Feature 265 Virtual Blade Switching 266 Cisco Nexus Switch Family in the Access Layer 267 TOR and EOR Designs 267 Static and Dynamic Pinning 267 Cisco Nexus 2000 FEX Dynamic Pinning 268 Virtual Port Channel in the Data Center Access Layer 269 Straight-Through FEX Design 270 Active/Active FEX Design 270 Cisco Nexus 1000V in the Data Center Access Layer 272 Virtual Port Channel Host Mode 273 Design Considerations for the Cisco Nexus 1000V 274 Cisco Nexus 1010 275 Layer 2 or Layer 3 Access Design? 276 Scaling the Data Center Architecture 277 TOR Versus EOR Designs 277 Cabinet Design with TOR Switching 279 Example: Network Topology with TOR Switching Model 280 Cabinet Design with Modular Access Switches 281 Example: Network Topology with Modular Access Switches 281 Cabinet Design with Fabric Extenders 282 Server NIC Density 284 Hybrid Example with a Separate OOB Switch 284 Oversubscription and Uplinks 285 Scaling Bandwidth and Uplink Density 286 Optimizing EtherChannel Utilization with Load Balancing 286 Optimizing EtherChannel Utilization with Min-Links 287 Scaling with Service Layer Switches 288 Scaling Service on Cisco ACE Modules 289 Scaling Spanning Tree and High Availability 290 Scalability 290 STPs in the Data Center 290 STP Scaling 291 STP Logical Interfaces 292 STP Scaling with 120 Systemwide VLANs 293 STP in 1RU Designs 295 STP Scaling Design Guidelines 295 Scaling the Data Center Using Zones 296 High Availability in the Data Center 296 Common NIC Teaming Configurations 296 Server Attachment Methods 298 High Availability and Failover Times 299 High Availability and Cisco NSF with SSO 300 Describing Network Virtualization in More Detail 302 Definition of Virtualization 302 Virtualization Categories 303 Network Virtualization 304 Virtual Routing and Forwarding 305 Layer 3 VPNs and Network Virtualization 306 Summary 308 References 308 Review Questions 309 Chapter 6 SAN Design Considerations 313 Identifying SAN Components and Technologies 314 SAN Components 315 RAID Overview 317 Storage Topologies 318 DAS 318 NAS 319 SAN Technologies 320 SCSI Overview 320 Fibre Channel Overview 321 Fibre Channel Communications Model 322 VSAN 323 IVR 324 FSPF 325 Zoning 325 FICON 326 SANTap 327 Designing SAN and SAN Extension 328 Port Density and Topology Requirements 329 Device Oversubscription 330 Traffic Management 331 Fault Isolation 331 Convergence and Stability 331 SAN Designs with the Cisco MDS 9000 Family 331 SAN Consolidation with VSANs 332 Comprehensive SAN Security 332 Simplified SAN Management 332 Single-Switch Collapsed-Core Design 333 Small-Scale, Dual-Fabric Collapsed-Core Design 334 Medium-Scale, Dual-Fabric Collapsed-Core Design 335 Large-Scale, Dual-Fabric Core-Edge Design 336 SAN Extension 337 SAN Extension Protocols 339 Fibre Channel over IP 339 iSCSI 340 SAN Extension Developments 342 High-Availability SAN Extension 343 Integrated Fabric Designs Using Cisco Nexus Technology Overview 343 Unified Fabric Technologies 344 I/O Consideration in the Data Center 345 Challenges When Building a Unified Fabric Based on 10 Gigabit Ethernet 346 SAN Protocol Stack Extensions 348 FCoE Components: Converged Network Adapter 349 FCoE Components: Fibre Channel Forwarder 350 Data Center Bridging Standards 351 Unified Fabric Design Considerations 352 Deploying Nexus in the Access Layer 353 Nexus 5000/2000 Deployment Options in the Data Center 355 FCoE VLAN to VSAN Mapping, VLAN Trunking, and the CNA 355 Switch Mode Versus NPV Mode 357 Unified Fabric Best Practices 358 Summary 359 References 359 Review Questions 360 Chapter 7 E-Commerce Module Design 363 Designing High Availability for E-Commerce 363 E-Commerce High-Availability Requirements 364 Components of High Availability 364 Redundancy 365 Technology 365 People 366 Processes 366 Tools 367 Common E-Commerce Module Designs 368 Common E-Commerce Firewall Designs 368 Typical E-Commerce Module Topology 368 Using a Server as an Application Gateway 370 Virtualization with Firewall Contexts 371 Virtual Firewall Layers 372 Firewall Modes 373 Common E-Commerce Server Load Balancer Designs 375 Functions of a Server Load Balancer 375 SLB Design Models 376 SLB Router Mode 377 Application Control Engine 378 SLB Inline Bridge Mode 378 SLB One-Armed Mode 379 Common E-Commerce Design Topologies for Connecting to Multiple ISPs 382 One Firewall per ISP 382 Stateful Failover with Common External Prefix 384 Distributed Data Centers 384 Design Option: Distributed Data Centers 385 Additional Data Center Services 386 Integrated E-Commerce Designs 388 Base E-Commerce Module Design 388 Base Design Routing Logic 390 Base Design Server Traffic Flows 391 Two Firewall Layers in the E-Commerce Module Design 393 Traffic Flows in a Two-Firewall Layer Design 394 One-Armed SLB Two-Firewall E-Commerce Module Design 395 Traffic Flows in a One-Armed SLB Two-Firewall Layer Design 396 Direct Server Traffic Flows in a One-Armed SLB Two-Firewall Layer Design 398 One-Armed SLB E-Commerce Module Design with Firewall Contexts 398 Traffic Flows in a One-Armed SLB Design with Firewall Contexts 400 One-Armed SLB E-Commerce Module Design with ACE 401 Testing E-Commerce Module Designs 403 Summary 404 References 405 Review Questions 405 Chapter 8 Security Services Design 407 Designing Firewalls 407 Firewall Modes 408 Zone-Based Policy Firewall 410 Virtual Firewall Overview 411 Firewall Context Design Considerations 413 MSFC Placement 414 Active/Active Firewall Topology 415 Active/Active Topology Features 416 Asymmetric Routing with Firewalls 416 Asymmetric Routing with ASR Group on a Single FWSM 417 Asymmetric Routing with Active/Active Topology 418 Performance Scaling with Multiple FWSMs 419 Example: Load Balancing FWSMs Using PBR 419 Load Balancing FWSMs Using ECMP Routing 420 PVLAN Security 420 FWSM in a PVLAN Environment: Isolated Ports 422 FWSM in a PVLAN Environment: Community VLANs 423 Designing NAC Services 423 Network Security with Access Control 424 NAC Comparison 425 Cisco NAC Appliance Fundamentals 426 Cisco NAC Appliance Components 426 Cisco NAC Appliance Policy Updates 427 Process Flow with the Cisco NAC Appliance 428 Cisco NAS Scaling 429 Cisco NAS Deployment Options 429 Cisco NAS Gateway Modes 430 Cisco NAS Client Access Modes 431 Cisco NAS Operating Modes 431 Physical Deployment Models 432 Cisco NAC Appliance Designs 432 Layer 2 In-Band Designs 434 Example: Layer 2 In-Band Virtual Gateway 434 Example: Layer 2 In-Band Real IP Gateway 435 Layer 2 Out-of-Band Designs 435 Example: Layer 2 Out-of-Band Virtual Gateway 436 Layer 3 In-Band Designs 437 Example: Layer 3 In-Band Virtual Gateway 437 Example: Layer 3 In-Band with Multiple Remotes 438 Layer 3 Out-of-Band Designs 439 Example: Layer 3 OOB with Addressing 440 NAC Framework Overview 441 Router Platform Support for the NAC Framework 442 Switch Platform Support for the NAC Framework 443 IPS and IDS Overview 444 Threat Detection and Mitigation 444 IDSs 444 Intrusion-Prevention Systems 445 IDS and IPS Overview 446 Host Intrusion-Prevention Systems 447 IDS and IPS Design Considerations 447 IDS or IPS Deployment Considerations 448 IPS Appliance Deployment Options 448 Feature: Inline VLAN Pairing 450 IPS Deployment Challenges 450 IDS or IPS Management Interface Deployment Options 450 In-Band Management Through Tunnels 451 IDS and IPS Monitoring and Management 451 Scaling Cisco Security MARS with Global Controller Deployment 453 Summary 453 References 454 Review Questions 455 Chapter 9 IPsec and SSL VPN Design 459 Designing Remote-Access VPNs 459 Remote-Access VPN Overview 460 Example: Cisco Easy VPN Client IPsec Implementation 461 SSL VPN Overview 461 Clientless Access 462 Thin Client 463 Thick Client 464 Remote-Access VPN Design Considerations 464 VPN Termination Device and Firewall Placement 465 Address Assignment Considerations 465 Routing Design Considerations 465 Other Design Considerations 466 Designing Site-to-Site VPNs 467 Site-to-Site VPN Applications 468 WAN Replacement Using Site-to-Site IPsec VPNs 468 WAN Backup Using Site-to-Site IPsec VPNs 469 Regulatory Encryption Using Site-to-Site IPsec VPNs 470 Site-to-Site VPN Design Considerations 470 IP Addressing and Routing 470 Scaling, Sizing, and Performance 471 Cisco Router Performance with IPsec VPNs 471 Typical VPN Device Deployments 475 Design Topologies 476 VPN Device Placement Designs 476 VPN Device Parallel to Firewall 476 VPN Device on a Firewall DMZ 477 Integrated VPN and Firewall 478 Using IPsec VPN Technologies 478 IPsec VPN Overview 478 Extensions to Basic IPsec VPNs 480 Cisco Easy VPN 480 Overview of Cisco Easy VPN Server Wizard on Cisco SDM 480 Overview of Easy VPN Remote Wizard on Cisco SDM 482 GRE over IPsec Design Recommendations 483 GRE over IPsec Design Recommendations 483 DMVPN 485 DMVPN Overview 485 DMVPN Design Recommendations 487 Virtual Tunnel Interfaces Overview 487 Group Encrypted Transport VPN 489 GET VPN Topology 489 Managing and Scaling VPNs 491 Recommendations for Managing VPNs 491 Considerations for Scaling VPNs 491 Determining PPS 493 Routing Protocol Considerations for IPsec VPNs 497 EIGRP Metric Component Consideration 498 Summary 498 References 499 Review Questions 500 Chapter 10 IP Multicast Design 505 IP Multicast Technologies 506 Introduction to Multicast 506 Multicast Versus Unicast 506 IP Multicast Group Membership 507 Multicast Applications and Multicast Adoption Trends 508 Learning About Multicast Sessions 509 Advantages of Multicast 510 Disadvantages of Multicast 510 Multicast IP Addresses 511 Layer 2 Multicast Addresses 512 Multicast Address Assignment 514 Cisco Multicast Architecture 515 IGMP and CGMP 516 IGMP Version 1 516 IGMP Version 2 517 IGMP Version 3 518 Multicast with Layer 2 Switches 518 IGMP Snooping 519 CGMP 520 PIM Routing Protocol 520 PIM Terminology 521 Multicast Distribution Tree Creation 522 Reverse Path Forwarding 522 Source Distribution Trees 524 Shared Distribution Trees 525 Multicast Distribution Tree Notation 527 Deploying PIM and RPs 527 PIM Deployment Models 527 ASM or PIM-SM 528 PIM-SM Shared Tree Join 528 PIM-SM Sender Registration 529 PIM-SM SPT Switchover 530 Bidirectional PIM 532 Source-Specific Multicast 533 SSM Join Process 534 SSM Source Tree Creation 535 PIM Dense Mode 535 RP Considerations 536 Static RP Addressing 537 Anycast RP 537 Auto-RP 538 DM Fallback and DM Flooding 540 Boot Strap Router 541 Securing IP Multicast 543 Security Considerations for IP Multicast 543 Security Goals for Multicast Environments 543 Unicast and Multicast State Requirements 544 Unicast and Multicast Replication Requirements 546 Attack Traffic from Rogue Sources to Receivers 547 Attack Traffic from Sources to Networks Without Receivers 547 Attack Traffic from Rogue Receivers 548 Scoped Addresses 548 Multicast Access Control 549 Packet Filter-Based Access Control 549 Host Receiver-Side Access Control 551 PIM-SM Source Control 552 Disabling Multicast Groups for IPv6 553 Multicast over IPsec VPNs 553 Traditional Direct Encapsulation IPsec VPNs 554 Multicast over IPsec GRE 555 Multicast over DMVPN 555 Multicast Using GET VPN 557 Summary 558 References 560 Review Questions 561 Chapter 11 Network Management Capabilities Within Cisco IOS Software 565 Cisco IOS Embedded Management Tools 565 Embedded Management Rationale 566 Network Management Functional Areas 566 Designing Network Management Solutions 567 Cisco IOS Software Support of Network Management 567 Application Optimization and Cisco IOS Technologies 568 Syslog Considerations 571 Cisco IOS Syslog Message Standard 571 Issues with Syslog 572 NetFlow 573 NetFlow Overview 573 Principal NetFlow Uses 574 Definition of a Flow 574 Traditional IP Flows 575 Flow Record Creation 576 NetFlow Cache Management 578 NetFlow Export Versions 579 NetFlow Version 9 Export Packet 580 Flexible NetFlow Advantages 581 NetFlow Deployment 582 Where to Apply NetFlow Monitoring 582 NBAR 583 NBAR Overview 583 NBAR Packet Inspection 584 NBAR Protocol Discovery 586 NetFlow and NBAR Differentiation 586 Reporting NBAR Protocol Discovery Statistics from the Command Line 587 NBAR and Cisco AutoQoS 588 Cisco AutoQoS for the Enterprise 589 Example: Cisco AutoQoS Discovery Progress 590 Cisco AutoQoS Suggested Policy 591 IP SLA Considerations 592 IP SLA Overview 592 SLAs 592 Cisco IOS IP SLA Measurements 593 IP SLA SNMP Features 594 Deploying IP SLA Measurements 595 Impact of QoS Deployment on IP SLA Statistics 596 Scaling IP SLA Deployments 597 Hierarchical Monitoring with IP SLA Measurements 598 Network Management Applications Using IP SLA Measurements 599 CiscoWorks IPM Application Example 599 IP SLA Network Management Application Consideration 600 Summary 600 References 602 Review Questions 603 Appendix A Answers to Review Questions 605 Appendix B Acronyms and Abbreviations 611 Appendix C VoWLAN Design 625 TOC, 9781587142888, 9/29/2011ReviewsAuthor InformationJohn Tiso, CCIE #5162, CCDP is a Product Manager at Cisco Systems. His current responsibilities include the product management of Cisco’s training and certification programs around design and architecture. Before working with Cisco, John held various engineering and architecture roles in the Cisco partner channel. In addition to his CCIE and CCDP certifications, he holds multiple industry certifications from Cisco, Microsoft, CompTIA, and Sun Microsystems. He holds a Graduate Citation in strategic management from Harvard University and a Bachelor of Science degree in computer science and mathematics from Adelphi University. John is a published author and has served as a technical editor for both McGraw-Hill and Cisco Press. He has spoken multiple times at the Cisco Live! (Networkers) conference and the national CIPTUG conference. He has served as an expert on Cisco’s NetPro Forum “Ask the Expert” online events. John currently resides in Amherst, New Hampshire, with his wife, three children, and his running partner, Molly (who never complains, but sometimes barks). He is a nine-time marathon finisher, including five Boston Marathons. He can be reached at johnt@jtiso.com. Tab Content 6Author Website:Countries AvailableAll regions |
||||
