CCDP Arch

Modular Network Design

Distribution Layer

Core Layer

Is Core Layer Needed ?

Optimal Redundancy

Provide Alternate Paths

Avoid Single Points of Failure

Deterministic Design

Layer 2 Hardening

Topology for UDLD

Etherchannels

VSS Logical vs Physical Topology

Access Distribution Block Design

VSS and MEC

VSS Logical Topology

Build Redundant Triangle

Use Passive Interfaces at the Access Layer Triangles

Summarize at the Distribution Layer Triangles

Gateway Load Balancing Protocol Triangles

GLBP VLAN Spanning Triangles

GLBP and STP Tuning Triangles

Layer 2 Distribution Switch Interconnection

Layer 3 Distribution Switch Interconnection Triangles

Layer 3 Distribution Switch Interconnection with GLBP

VSS Layer 3 Interconnect

Layer 3 Access to Distribution Interconnection

Daisy Chaining Layer Access Switches

StackWise Technology

Too Little Redundancy

Impact of an Uplink Failure

Impact on Return-Path Traffic

Asymmetric Routing

IP Telephony Extends the Network Edge

Campus QoS Design Consideration

Route Summarization

Originating Default Routes

Avoid Inappropiate Transit Traffic

Defensive Filtering

Scaling EIGRP with Multiple Autonomous System

Example: External Route Redistribution Issue

Filtering EIGRP Redistribution with Route Tags

Filtering EIGRP Routing Updates with Inbound Route Tags

Example: Queries with multiple EIGRP Autonomous System

OSPF Hierarchy

Area and Domain Summarization

Number of Areas in Hub and Spoke Design

Issues with Hub and Spoke Design

OSPF Area Border Connection Behaviour

IBGP Full Mesh Requirement

BGP Route Reflectors

BGP Route Reflector Definitions

Route Reflector Basics

Confederation Definitions

IBGP Full Mesh Peering

Confederations Reduce the Number of IBGP Peers

Deploying Confederations

CWDM Technical Overview

DWDM Technical Overview

RPR Customer View

Metro Ethernet Architechture

End to End QoS

Hierarchical VPLS Overview

Managed Router combined with Internal Routing

Managed Router from two Service Provider

Example of PfR in the Enterprise

SAN Overview

Direct-Attached Storage

Network Attached Storage

FICON

SANTap

Major SAN Design Factors

Single-Switch Collapse-Core Design

Small Scale Dual Fabric: Collapsed Core Design

Medium Scale, Dual Fabric Collapse-Core Design

Large Scale, Dual Fabric Core-Edge Design

SAN Extension

FCIP

iSCSI

SAN Extension Development

High-Availability SAN Extension

Before I/O Consolidation

After I/O Consolidation

Nexus in the Access Layer

FCoE VLAN to VSAN Mapping and VLAN Trunking

Typical Ecommerce Module Topology

Logical Representation using a Server as an Application Gateway

Implementing Virtualization with Firewall Context

A Firewall runs in Either Transparent or Route Mode

Example use of a Firewall in Transparent Mode

A Server Load Balancer represents Multiple Servers

A SLB in Route Mode Routes between Outside and Inside Subnets

A SLB in Inline Bridge Mode Bridges Between VLAN in a Single Subnet

A SLB in one armed mode isn’t inline with the Traffic

Traffic Flow with Misconfiguration

Traffic Flows Correctly when the One-Arm SLB is configured with Client NAT

Using one Firewall per ISP

Using Statefull Failover with a Common External Prefix

Using Distributed Data Centers

Data Center Services includes Statefull Firewall, SSL Offload, SLB, WAFs, IPS

Base E-Commerce Module Design

Base E-Commerce Module Design Routing Logic

E-Commerce Module Design with Two Firewall Layers

E-Commerce Module One Armed SLB Design with Two Firewall Layers

E-Commerce module One-Armed SLB Design with Firewall Contexts

E-Commerce Module one Armed Design with ACE

Simple Zone Based Firewall with Three Zones

Virtual Firewall Overview

MSFC Placement

Active/Active Firewall Topology

Asymmetric Routing with ASR Group on a Single FWSM

Asymmetric Routing with Active/Active Topology

Load Balancing FWSM using PBR

Load Balancing FWSM using ECMP Routing

Isolated Ports on FWSM in Routed Mode

Community Ports on FWSM in Routed Mode

NAC Comparison

Process Flow with the NAC Appliance

Cisco NAS Gateway Modes

Cisco NAC Appliance Redundancy Design

Layer-2 in Band Design

Layer 2 In-Band Virtual Gateway

Layer 2 In-Band Real IP Gateway

Layer 2 Out of Band Virtual Gateway

Layer 3 In-Band Virtual Gateway

Layer 3 In-Band with Multiple Remotes

Layer 3 OOB with Addressing

NAC Framework

IDS and IPS Overview

IPS Appliance Deployment Options

Scaling Cisco Security MARS with Global Controller Deployment

Remote Access VPN

VPN Architechture

WAN Replacement with VPN

WAN Backup via VPN

VPN Device Placement: Pararel with Firewall

VPN Device on a Firewall DMZ

Integrated VPN and Firewall

IPSec VPN

GRE over IPSec

DMVPN Topology

GET VPN Topology

Unicast versus Multicast

IP Multicast Groups Define who receives Multicast data

Cisco Multicast Architechture

IGMPv3: Joining a Group

IGMP and CGMP inform Network Devices about Which host want which Multicast data

Multicast Distribution Tree are created by Routers

Source Distribution Tree for Source 1

Separate Source Tree is build for Source 2 sending to the Group

Sources send toward the RP and the RP Sends to the Receivers

PIM-SM Shared Tree Join

PIM-SM Sender Registration Process

PIM-SM Source Tree Switchover

Bidir-PIM is Efficient for Many to many Communication

SSM Join Process

SSM Source Path Tree Creation

With Anycast RP, the RP Load Share and act as a Hot Backup for each other

Auto-RP Announcement Go to 224.0.1.39

Auto-RP Discovery Messages Go to 224.0.1.40

To Elect an Active BSR, C-BSR send BSR Messages on All Interfaces

The Active BSR sends the Entire List of C-RP in Periodic BSR Messages

Multicast Replication Impacts where Access Control should be Applied

Network for Packet Filter-Based Access Control

Network for Host Receiver-Based Access Control

Network for PIM-SM Source Control

Application Optimization Technologies

Apply Netflow Monitoring