ccdp arch
TRANSCRIPT
CCDP Arch
Modular Network Design
Distribution Layer
Core Layer
Is Core Layer Needed ?
Optimal Redundancy
Provide Alternate Paths
Avoid Single Points of Failure
Deterministic Design
Layer 2 Hardening
Topology for UDLD
Etherchannels
VSS Logical vs Physical Topology
Access Distribution Block Design
VSS and MEC
VSS Logical Topology
Build Redundant Triangle
Use Passive Interfaces at the Access Layer Triangles
Summarize at the Distribution Layer Triangles
Gateway Load Balancing Protocol Triangles
GLBP VLAN Spanning Triangles
GLBP and STP Tuning Triangles
Layer 2 Distribution Switch Interconnection
Layer 3 Distribution Switch Interconnection Triangles
Layer 3 Distribution Switch Interconnection with GLBP
VSS Layer 3 Interconnect
Layer 3 Access to Distribution Interconnection
Daisy Chaining Layer Access Switches
StackWise Technology
Too Little Redundancy
Impact of an Uplink Failure
Impact on Return-Path Traffic
Asymmetric Routing
IP Telephony Extends the Network Edge
Campus QoS Design Consideration
Route Summarization
Originating Default Routes
Avoid Inappropiate Transit Traffic
Defensive Filtering
Scaling EIGRP with Multiple Autonomous System
Example: External Route Redistribution Issue
Filtering EIGRP Redistribution with Route Tags
Filtering EIGRP Routing Updates with Inbound Route Tags
Example: Queries with multiple EIGRP Autonomous System
OSPF Hierarchy
Area and Domain Summarization
Number of Areas in Hub and Spoke Design
Issues with Hub and Spoke Design
OSPF Area Border Connection Behaviour
IBGP Full Mesh Requirement
BGP Route Reflectors
BGP Route Reflector Definitions
Route Reflector Basics
Confederation Definitions
IBGP Full Mesh Peering
Confederations Reduce the Number of IBGP Peers
Deploying Confederations
CWDM Technical Overview
DWDM Technical Overview
RPR Customer View
Metro Ethernet Architechture
End to End QoS
Hierarchical VPLS Overview
Managed Router combined with Internal Routing
Managed Router from two Service Provider
Example of PfR in the Enterprise
SAN Overview
Direct-Attached Storage
Network Attached Storage
FICON
SANTap
Major SAN Design Factors
Single-Switch Collapse-Core Design
Small Scale Dual Fabric: Collapsed Core Design
Medium Scale, Dual Fabric Collapse-Core Design
Large Scale, Dual Fabric Core-Edge Design
SAN Extension
FCIP
iSCSI
SAN Extension Development
High-Availability SAN Extension
Before I/O Consolidation
After I/O Consolidation
Nexus in the Access Layer
FCoE VLAN to VSAN Mapping and VLAN Trunking
Typical Ecommerce Module Topology
Logical Representation using a Server as an Application Gateway
Implementing Virtualization with Firewall Context
A Firewall runs in Either Transparent or Route Mode
Example use of a Firewall in Transparent Mode
A Server Load Balancer represents Multiple Servers
A SLB in Route Mode Routes between Outside and Inside Subnets
A SLB in Inline Bridge Mode Bridges Between VLAN in a Single Subnet
A SLB in one armed mode isn’t inline with the Traffic
Traffic Flow with Misconfiguration
Traffic Flows Correctly when the One-Arm SLB is configured with Client NAT
Using one Firewall per ISP
Using Statefull Failover with a Common External Prefix
Using Distributed Data Centers
Data Center Services includes Statefull Firewall, SSL Offload, SLB, WAFs, IPS
Base E-Commerce Module Design
Base E-Commerce Module Design Routing Logic
E-Commerce Module Design with Two Firewall Layers
E-Commerce Module One Armed SLB Design with Two Firewall Layers
E-Commerce module One-Armed SLB Design with Firewall Contexts
E-Commerce Module one Armed Design with ACE
Simple Zone Based Firewall with Three Zones
Virtual Firewall Overview
MSFC Placement
Active/Active Firewall Topology
Asymmetric Routing with ASR Group on a Single FWSM
Asymmetric Routing with Active/Active Topology
Load Balancing FWSM using PBR
Load Balancing FWSM using ECMP Routing
Isolated Ports on FWSM in Routed Mode
Community Ports on FWSM in Routed Mode
NAC Comparison
Process Flow with the NAC Appliance
Cisco NAS Gateway Modes
Cisco NAC Appliance Redundancy Design
Layer-2 in Band Design
Layer 2 In-Band Virtual Gateway
Layer 2 In-Band Real IP Gateway
Layer 2 Out of Band Virtual Gateway
Layer 3 In-Band Virtual Gateway
Layer 3 In-Band with Multiple Remotes
Layer 3 OOB with Addressing
NAC Framework
IDS and IPS Overview
IPS Appliance Deployment Options
Scaling Cisco Security MARS with Global Controller Deployment
Remote Access VPN
VPN Architechture
WAN Replacement with VPN
WAN Backup via VPN
VPN Device Placement: Pararel with Firewall
VPN Device on a Firewall DMZ
Integrated VPN and Firewall
IPSec VPN
GRE over IPSec
DMVPN Topology
GET VPN Topology
Unicast versus Multicast
IP Multicast Groups Define who receives Multicast data
Cisco Multicast Architechture
IGMPv3: Joining a Group
IGMP and CGMP inform Network Devices about Which host want which Multicast data
Multicast Distribution Tree are created by Routers
Source Distribution Tree for Source 1
Separate Source Tree is build for Source 2 sending to the Group
Sources send toward the RP and the RP Sends to the Receivers
PIM-SM Shared Tree Join
PIM-SM Sender Registration Process
PIM-SM Source Tree Switchover
Bidir-PIM is Efficient for Many to many Communication
SSM Join Process
SSM Source Path Tree Creation
With Anycast RP, the RP Load Share and act as a Hot Backup for each other
Auto-RP Announcement Go to 224.0.1.39
Auto-RP Discovery Messages Go to 224.0.1.40
To Elect an Active BSR, C-BSR send BSR Messages on All Interfaces
The Active BSR sends the Entire List of C-RP in Periodic BSR Messages
Multicast Replication Impacts where Access Control should be Applied
Network for Packet Filter-Based Access Control
Network for Host Receiver-Based Access Control
Network for PIM-SM Source Control
Application Optimization Technologies
Apply Netflow Monitoring