1587052156index.pdf - cisco press

I N D E X

Numerics50-ms resiliency, 15–16

Aaccess control lists (ACLs), 206, 337access layer, 143, 292–298accounting, management of, 334–335accumulated outage time (AOT), 356achieving high-availability, 16–25ACLs (access control lists), 206, 337Address Resolution Protocol (ARP), 49, 312addresses

Internet module, 194–199multihoming, 202net-hop address tracking (BGP), 214vMAC, 296

adjacency tables, 50–51adjusted availability, 18Adv Rtr (advertising router), 87aggregation

layer design, 298–300switches, 298

aggressive mode, UDLD configuration, 155alerts, PSIRT, 350ALG (Application Level Gateway), 226algorithms

fairness (SRP), 255universal load-sharing, 131

alternate ports, 146analysis

baselines. See baselinesthresholds, 344

Anomaly Detection and Mitigation Modules, 328ANS (authoritative name server), 321anti-spoofing, 206AOT (accumulated outage time), 356Application Level Gateway (ALG), 226applications, 5

classifying, 78effect of NAT on, 232

failures, 21QoS, 69–77that use UDP, 33

application-specific gateways, 233application-specific integrated circuit (ASIC), 3applying GSS, 323APS (Automatic Protection Switching), 249architecture

DPT, 252–258flow-based, 187MPLS-VPN, 269networks (Data Center module), 291–301next-generation IOS, 362scaling, 301–302servers, 288–289, 301switch forwarding, 314three-tier, 142two-tier, 142

ARP (Address Resolution Protocol), 49, 312ASIC (application-specific integrated circuit), 3assignment of addresses, 194attacks

DoS, 195, 204failures, 21

authoritative name server (ANS), 321auto route injection, 231Automatic Protection Switching (APS), 249autonegotiation, turning off, 178availability

calculating, 10defects-per-million method, 367devices, 369high-availability networks, 9

50-ms resiliency, 15–16achieving, 16–25five-nines, 9–12Telcordia GR-512-Core document, 12–15

HSA, 39measuring, 17of parallel devices, 369percentage method, 367simple network topologies, 370simple systems, 370theoretical availability of devices, 368–369

avoidance, congestion, 75

390

BBackboneFast, 152–154backbones, Gigabit Ethernets, 3backups

dial backups (WAN), 258–261simple hardware, 38

baselines, establishing, 337–345BCPs (Best Current Practices), 194best practices

Layer 2, 173–178Layer 3, 187, 189–190

BFD (Bidirectional Forwarding Detection), 103,EIGRP, 124–126

BGP (Border Gateway Protocol), 7, 193convergence, 213fast peering session deactivation, 214Internet modules, 222next-hop address tracking, 214route dampening, 215updates, 221

BID (bridge ID), 147Bidirectional Forwarding Detection. See BFDbidirectional line switch ring (BLSR), 249binding, delayed, 319blade server connectivity, 288blocks

private addresses, 195states, 148

BLSR (bidirectional line switch ring), 249boot codes, 334Border Gateway Protocol. See BGPBPDU (Bridge Protocol Data Unit), 153BPDUGuard, 157–158bridge ID (BID), 147Bridge Protocol Data Unit. See BPDUbridges, 146

root, 148selecting, 176

building blocks (access module), 144

Ccabling

Data Center module, 282–283options, 286

caches, 326calculations

availability, 10defects-per-million method, 367percentage method, 367simple network topologies, 370simple systems, 370theoretical availability of devices,

368–369downtime, 12MTBF using COOL, 357

capacity failures, 21Catalyst switch support, PVLANs, 310causes of network failures, 20CE (customer edge) routers, 270, 276–278CEF (Cisco Express Forwarding), 46, 129

central mode, 53configuring, 53dCEF, 54switching, 50

channeling, 171–173CIDR (classless interdomain routing), 194circuits

half, 239WAN leased lines, 237–244

Cisco Component Outage Online (COOL), 355Cisco Express Forwarding. See CEFCisco IOS deployment, 345–351Cisco Networking Services (CNS) events, 360CISCO-OUTAGE-MONITOR MIB, 355CISCO-PROCESS-MIB, OIDs within, 341Class-Based QoS MIB, 82classes of service, DPT/SPR, 254classification

applications, 78DiffServ model, 75IP Precedence, 66

classless interdomain routing (CIDR), 194client name server (CNS), 321clustering, 297CNS (Cisco Networking Services) events, 360CNS (client name server), 321cold restart feature, 37coloring, 75commands

backbonefast, 154debug dampening interface, 128

BackboneFast

391

debug ip ospf database-timer rate-limit, 99debug ip ospf flood, 99debug ip ospf spf, 95, 99debug isis adj, 121debug isis adj-packets, 115debug isis nsf, 121debug isis snp, 121execute-on <lot>, 125flood packet pacing timer, 104glbp priority, 184ip accounting, 335ip cef load-sharing algorithm original, 132ip ospf network point-to-point, 87ip tcp path-mtu-discovery, 213ip-ospf flood-reduction, 101mpls traffic-eng backup path tunnel, 135peer, 229pim query-interval, 138ping, 353portfast, 150primary, 229redistribute connected, 276redistribute ospf 10, 278router ospf 10 vrf RED, 278show, 337show bfd neigh detail, 125show ip bgp neighbors, 211show ip cef, 131show ip cef exact-route, 132show ip ospf, 96, 98show ip ospf neighbor detail, 110show ip pim neighbor, 138show ip route, 129show ip rpf events, 139show isis nsf, 120show running-config, 36spf-interval, 112timer lsa arrival, 100times spf spf-holdtime, 97tunnel mode gre, 264tunnel mode ipip, 264tunnel mpls traffic-eng fast-reroute, 135tunnel path-mtu-discovery, 264uplinkfast, 152

Common Spanning Tree (CST), 161community ports, 305community VLANs, 306

Complete Sequence Number Packet (CSNP), 117components

availability, 10COOL, 355network management, 331–337PBX systems, 12

conditioning, traffic, 76configuration

BackboneFast, 154BGP

NSF/SSO, 217–218route dampening, 215soft reconfiguration, 210

BPDUGuard, 158CE routers, 276–278CEF, 53DHCP, 315DPR/SPR rings, 256dynamic ARP inspection, 313EEM, 362EtherChannel, 177file management, 333GLBP, 186HSA, 38HSRP, 181IEEE 802.1s, 170IP

event dampening, 127tunnels, 263

IS-ISFast Hello, 115incremental SPF, 117LSA Flooding Reduction, 114LSP generation interval timers, 113partial route computation timers, 113SPF throttling, 112update packet-pacing timers, 116

ISL trunking, 159L2TP, 266LoopGuard, 157management, 333MPLS-VPN, 273MPPP, 243NAT

HSRP, 225maximum number of entries, 230multihoming, 223stateful NAT on HSRP, 227

configuration

392

networks, 86NSF, 46OSPF

BFD, 125Fast Hello, 102incremental SPF, 106LSA flood-reduction, 101LSA throttling, 98NSF/SSO, 109update packet-pacing timers, 104

P routers, 273PE routers, 274per-packet load balancing, 130PortFast, 150port security, 311PVLANs, 307RACL, 68Rapid-PVST+, 168reverse proxy caching, 327RootGuard, 156RPR, 40RPR+, 42single line card reload, 36SONET/SDH, 250SPF throttling, 96SSO, 44static routes, 259UDLD, 155WCCP, 326

congestionavoidance, 75management, 76QoS (uncongested links), 73transient, 73

connectionsblade servers, 288cabling, 283. See also cablingLayer 2, 175leased circuit encapsulation, 239NIC teaming, 296three-way handshakes (TCP), 31

conserving peering resources, 189content switching. See SLBContent Switching Module (CSM), 328continuous fault detection, 23control packets, tagging, 65

control planesMIB, 342policing, 314protecting, 55–56QoS, 63–69traffic, 76–77

controller cards, 13convergence

BGP, 213IP event dampening, 126MPLS-TE, 132multicast subsecond, 137–139network in the core, 85–86networks, 90OSPF, 86–95

COOL (Cisco Component Outage Online), 355core layer, 144counter-rotating rings (DPT), 252CRS-1 router, 3CSM (Content Switching Module), 328CSNP (Complete Sequence Number Packet), 117CST (Common Spanning Tree), 161customer edge (CE) routers, 270, 276–278customization. See also configuration

EIGRP, 123BFD, 124–126graceful shutdown, 123stub router, 123

IS-IS, 111Fast Hellos, 114–115graceful restart, 117–122incremental SPF, 116LSA flooding reduction, 114LSP generation, 113SPF throttling, 112–113update packet-pacing timer, 115–116

OSPF, 86–95Fast Hello, 102–103graceful restart, 106–111incremental SPF, 105LSA flooding reduction, 100–101LSA throttling, 98–100SPF, 97update packet-pacing timer, 104–105

cycles, STP, 148

configuration

393

Ddampening (routes), 215DARPA (Defense Advanced Research Projects

Agency), 4Data Center module, 281

environmental considerations, 282cabling, 282–283power supply, 287rack space, 283server architecture, 288–289server size, 284–287

networks, 289–291architecture, 291–301security, 289, 302–315server performance, 290

service optimization, 315–328data planes

MIBs, 342protecting, 55–56

datagrams, 27. See also UDPdCEF (Distributed CEF), 54debug commands

debug dampening interface, 128debug ip ospf database-timer rate-limit, 99debug ip ospf flood, 99debug ip ospf spf, 95, 99debug isis adj, 121debug isis adj-packets, 115debug isis nsf, 121debug isis snp, 121

default path costs for STP, 147defects-per-million method, 367Defense Advanced Research Projects Agency

(DARPA), 4defining

metrics, 19policies, 81

delayed binding, 319demilitarized zone (DMZ) servers, 196denial-of-service (DoS) attacks, 195, 204deployment

Cisco IOS, 345–351EtherChannel, 177IP tunnels, 263L2TPv3, 265QoS, 72, 77–82

designaccess layer, 292–298aggregation layer, 298–300ASIC, 3Data Center module, 281

cabling, 282–283environmental considerations, 282network architecture, 291–301network security, 289, 302–315network server performance, 290networks, 289–291power supply, 287rack space, 283servers, 284–289service optimization, 315–328

high availability, 21Internet module, 193

BGP, 222filtering, 206NAT, 235redundancy, 199–204security, 204–209

Internet modules, 194–199life cycle management (IOS), 349multilayer campus, 141–143

access layer, 143building blocks, 144core layer, 144distribution layer, 143Layer 2 domains, 145–178Layer 3 domains, 178–190

resiliency, 59–61security, 60

designated IS (DIS), 114designated ports, 146detection, 332

continuous fault, 23EEM, 361

device-level redundancy, 201device-level resiliency, 34, 57

HSA, 39NSF, 45–48OIR, 34–36RPR, 40–41RPR+, 41–43single line card reload, 36–37SSO, 43–45

device-level resiliency

394

devicesconfiguration file management, 333parallel, 369theoretical availability of, 368–369

DHCP (Dynamic Host Control Protocol)servers, 314snooping, 315

diagrams, cabling, 283dial backup (WAN), 258–261diameter keyword, 176DiffServ model (QoS), 74–76direct connections (Layer 2), 175directed mode (SLB), 318DIS (designated IS), 114disabled ports, 146disabled states, 148disasters (failures), 21discipline, cabling, 283dispatch mode (SLB), 318Distributed CEF (dCEF), 54distribution layer, 143DLC (domestic leased circuit), 238DMZ (demilitarized zone) servers, 196DNS (Domain Name System), 321DNSR (DNS resolver), 321documentation, cabling, 283Domain Name System (DNS), 321domains

Layer 2, 145–178Layer 3, 178–190

domestic leased circuit (DLC), 238DoNotAge link-state advertisements, 114DoS (denial-of-service) attacks, 195, 204downtime

calculating, 12fault management, 332scheduling, 23

DPT (Dynamic Packet Transport), 7, 251architecture, 252–258classes of service, 254

duplicate acknowledgment (DUPACK), 130dynamic ARP inspection, 312Dynamic Host Control Protocol. See DHCPDynamic Packet Transport. See DPTdynamic soft reset, 211

EEarly Deployment (ED) release, 346echo (ICMP), 353ECMP (equal-cost multipath), 129, 188ED (Early Deployment) release, 346EEM (Embedded Event Manager), 359–362effect of Internet growth, 4EIGRP (Enhanced Interior Gateway Routing

Protocol), 123BFD, 124–126graceful shutdown, 123stub routers, 123

Embedded Event Manager (EEM), 359–362enabling

BGP fast peering session deactivation, 214COOL, 357

encapsulationISL, 159leased circuit, 239

end nodes (L2TP), 268End of Engineering (EOE), 346End of Life (EOL), 346End of Sales (EOS), 346End-of-Table (EOT) signal, 123Enhanced Interior Gateway Routing Protocol.

See EIGRPentries

in adjacency tables, 51MIB, 340

entry limitation (NAT), 230environmental considerations (Data Center

module), 282cabling, 282–283power supply, 287rack space, 283servers

architecture, 288–289size, 284–287

EOE (End of Engineering), 346EOL (End of Life), 346EOS (End of Sales), 346EOT (End-of-Table) signal, 123equal-cost load balancing, 241equal-cost multipath (ECMP), 129, 188errors, software protection, 38establishing baselines, 337–345

devices

395

EtherChannel, 172configuring, 177deploying, 177Later 2, 177load balancing, 177

event dampening (IP), 126Event Publisher, 360Event Subscriber, 360events

CNS, 360EEM, 359–362internal trouble-ticket, 24

execute-on, 125exponential back-off behavior, SPF, 97extensions, graceful restart, 46external users, routing, 198extranet servers, reachability, 196

Ffailure, 3. See also troubleshooting

causes of, 20MTBF, 10, 368

fairness algorithms (SRP), 255farms (servers), 292, 301Fast EtherChannel (FEC), 171Fast Hellos

IS-IS, 114–115OSPF, 102

fast peering session deactivation, 214Fast Reroute (FRR), 6fast reroute link protection, 133fast reroute node protection, 136fault detection, 23fault management, 332fault-tolerant servers, 290FCIP (Fibre Channel over IP), 5FEC (FastEtherChannel), 171FEC (forwarding equivalence class), 6, 270Fibre Channel over IP (FCIP), 5Field Programmable Gate Array (FPGA) codes,

334files, configuration management, 333filtering (Internet module), 206Firewall Service Module (FWSM), 328five-nines availability, 9–12

flags, pak_priority, 66flaps (routing), 45flash crowds, 316floating static routes, 258flood packet pacing timer command, 104flooding

IS-IS, 114LSAs, 100–101

flow-based architecture, 187formatting UDP, 33. See also configurationforward delay timers, 149forwarding

architecture (switches), 314CEF, 46, 129

central mode, 53configuring, 53dCEF, 54switching, 50

NSF, 45–48packets, 134states, 148

forwarding equivalence class (FEC), 6, 270FPGA (Field Programmable Gate Array) codes,

334framing (SONET/SDH), 245FRR (Fast Reroute), 6functional entities, 57FWSM (Firewall Service Module), 328

Ggateways, application-specific, 233GD (General Deployment) release, 346GEC (Gigabit EtherChannel), 171General Deployment (GD) release, 346generation

LSP, 113of updates, 211

Gigabit EtherChannel (GEC), 171Gigabit Ethernet backbones, 3Gigabit Switch Router (GSR), 106GLBP (Global Load Balancing Protocol),

183–186glbp priority command, 184Global Load Balancing Protocol (GLBP),

183–186

Global Load Balancing Protocol (GLBP)

396

global server load balancing (GSLB), 320Global Site Selector (GSS), 320–323global synchronization, 75graceful restart

extensions, 46IS-IS, 117–122OSPF, 106–111

graceful shutdown (EIGRP), 123graphs, MRTG, 343groups, availability of, 369growth of Internet, effect of, 4GSLB (global server load balancing), 320GSR (Gigabit Switch Router), 106GSS (Global Site Selector), 320–323

Hhalf circuits, 239hardware

baselines. See baselinesfailures, 21simple backups, 38

headers, ISL, 158heartbeat mechanisms, 297Hello packets, 86Hello protocol, 102, 114–115hello timers, 149hierarchical IP addressing schemes, 190high system availability (HSA), 39high-availability networks, 9

50-ms resiliency, 15–16achieving, 16–25five-nines, 9–12Telcordia GR-512-Core document, 12–15

high-density server farms, scaling, 301high-priority services, 254hops, next-hop address tracking (BGP), 214Hot Standby Routing Protocol (HSRP), 179, 181

stateful NAT, 227static mapping, 224

hot swap capability, 35HSA (high system availability), 39HSRP (Hot Standby Routing Protocol), 179, 181


human error (failures), 21

IIANA (Internet Assigned Numbers Authority),

195ICMP (Internet Control Message Protocol)

echo, 353NAT, 232SLAs, 353

IEEE 802.17, 255IEEE 802.1d, 146IEEE 802.1q, 158IEEE 802.1s, 168–171IEEE 802.1w, 165–168IETF (Internet Engineering Task Force), 6, 118IGESM (Intelligent Gigabit Ethernet Switch

Module), 288impact of different switching paths, 48–55implementation. See also configuration

life cycle management (IOS), 350QoS, 82

inbound ACLs, 206inbound soft reset, 211incident response, 205incremental SPF, 116inferior BPDU, 153INS (intermediate name server), 321in-service software upgrade (ISSU), 364Integrated Service Digital Network. See ISDNintegrated service modules, 328–329Intelligent Gigabit Ethernet Switch Module

(IGESM), 288interfaces

IP event dampening, 126iSCSI, 5POS, 28

intermediate name server (INS), 321Intermediate System-to-Intermediate System (IS-

IS), 7Internal trouble-ticket events, 24internal users, routing, 197international private leased circuit (IPLC), 238International Telecommunication Union-

Telecommunication Standardization Sector (ITU-T), 15

Internet Assigned Numbers Authority (IANA), 195

Internet Control Message Protocol. See ICMP

global server load balancing (GSLB)

397

Internet Engineering Task Force (IETF), 6, 118Internet module, 193

addressing/routing, 194–199BGP, 222filtering, 206NAT, 235redundancy, 199–204security, 204–209

Internet Protocol. See IPInternet Small Computer System Interface

(iSCSI), 5Inter-Switch Link (ISL), 158intervals, 86inventory

management, 334snapshots, 340tracking, 333

IOS deployment, 345–351IP (Internet Protocol), 27–29

event dampening, 126next-generation transport systems, 6next-generation applications, 5

IP Storage, 5VoIP, 5

Precedence, 65SLA, 354VPNs, 261

ip accounting command, 335ip cef load-sharing algorithm original command,

132ip ospf flood-reduction command, 101ip ospf network point-to-point command, 87IP SLA (IP Service Level Agreement), 82, 352ip tcp path-mtu-discovery command, 213IPLC (international private leased circuit), 238iSCSI (Internet Small Computer System

Interface), 5ISDN (Integrated Service Digital Network)

as dial backups, 258IS-IS (Intermediate System-to-Intermediate

System), 7, 111Fast Hellos, 114–115graceful restart, 117–122incremental SPF, 116LSA flooding reduction, 114LSP generation, 113SPF throttling, 112–113update packet-pacing timer, 115–116

ISL (Inter-Switch Link), 158isolated ports, 305isolated VLANs, 306ISP-level redundancy (multihoming), 202ISSU (in-service software upgrade), 364ITU-T (International Telecommunication Union-

Telecommunication Standardization Sector), 15

J–Kjitter, 71

keywords, diameter, 176

LL2TP (Layer 2 Tunnel Protocol), 265Label Distribution Protocol (LDP), 270label edge router (LER), 269label switch router (LSR), 269label switched path (LSP), 113, 269labels

MPLS, 6stacking, 134

LAN Management Solution (LMS), 334LATA (Local Access and Transport Area)

switching systems, 12latency, 70Layer 2

best practices, 173–178control packets, 65domains, 145–178EtherChannel, 177security, 303–313

Layer 2 Tunnel Protocol (L2TP), 265Layer 3

best practices, 187, 189–190domains, 178–190security, 313–315

layersaccess design, 292–298aggregation design, 298–300multilayer campus design, 141–143

access, 143

layers

398

building blocks, 144core, 144distribution, 143Layer 2 domains, 145–178Layer 3 domains, 178–190

LD (limited deployment) release, 346LDP (Label Distribution Protocol), 270leaf nodes, 150learning states, 148leased lines (WAN), 237–244LER (label edge router), 269levels of security breaches, 205life cycle management (IOS), 348limitation of entries (NAT), 230Limited Deployment (LD) release, 346limiting spans of VLANs, 174lines cards, 13link local signaling (LLS), 108link-level redundancy, 58, 200Link-Local Opaque link-state advertisements,

107links

fast reroute link protection, 133sham, 278uncongested, 72

link-state advertisements. See LSAslink-state ID (LSID), 87link-state type (LS-Type), 87listening states, 148LLS (link local signaling), 108LMS (LAN Management Solution), 334load balancing

equal-cost, 241EtherChannel, 177GLBP, 183–184, 186multipath routing, 128per-destination, 130per-packet, 129

Local Access and Transport Area (LATA) switching systems, 12

local protection, 133logging, 332logical redundancy, 57LoopGuard, 157loops, 146–154

BPDUGuard, 157–158channeling, 171–173

IEEE 802.1s, 168–171IEEE 802.1w, 165–168LoopGuard, 157PortFast, 150RootGuard, 155–157UDLD, 154–155UplinkFast, 151VLANs, 158–165

loss, 72lower-bound thresholds, 344low-priority services, 254LSAs (link-state advertisements)

DoNotAge, 114flooding reduction, 100–101, 114Link-Local Opaque, 107neighbor propagation, 88OSPF, 87throttling, 98–100

LSID (link-state ID), 87LSP (label switched path), 113, 269LSR (label switch router), 269LS-Type (link-state type), 87

MMajor (IOS) release, 346management

accounting, 334–335configuration, 333congestion, 76EEM, 359–362fault, 332inventory, 334life cycles (IOS), 348LMS, 334networks

Cisco IOS deployment, 345–351components, 331–337establishing baselines, 337–345operations, 24proactive, 351–364

performance, 335–336security, 336–337software, 334

Management Information Base. See MIB

layers

399

mapsroutes (NAT with), 223static mapping with HSRP, 224

marking (DiffServ model), 75maximum age timers, 149maximum segment size (MSS), 213maximum transmission unit (MTU), 29MBGP (Multiprotocol BGP), 271mean time before failure (MTBF), 368mean time between failure (MTBF), 10, 355mean time to repair (MTTR), 368mean time to restore (MTTR), 355measurements. See also calculations

availability, 17COOL, 356high availability, 23

merge point (MP), 134messages

fault management, 332SRM, 118

metricsCOOL measurements, 356defining, 19

MHSRP (Multigroup HSRP), 181MIB (Management Information Base), 82

CISCO-OUTAGE-MONITOR, 355entries, 340

microcodes, 334models, network management, 331–337modularity of network design, 59modules

Data Center, 281architecture, 291–301cabling, 282–283environmental considerations, 282networks, 289–291power supply, 287rack space, 283security, 289, 302–315server architecture, 288–289server size, 284–287service optimization, 315–328

IGESM, 288integrated service, 328–329Internet, 193

addressing/routing, 194–199BGP, 222

filtering, 206NAT, 235redundancy, 199–204security, 204–209

pass-through, 288Traffic Anomaly Detector service, 335

monitoringQoS, 82RMON, 332

MP (merge point), 134MPLS (Multiprotocol Label Switching), 6mpls traffic-eng backup path tunnel command,

135MPLS-TE (MPLS Traffic Engineering), 6, 132MPLS-VPN, 269MPPP (Multilink Point-to-Point Protocol), 243MRTG (Multi-Router Traffic Grapher), 340, 343MSS (maximum segment size), 213MTBF (mean time between failure), 10, 355, 368MTTR (mean time to repair), 355, 368MTU (maximum transmission unit), 29multicast subsecond convergence, 137–139multifaceted servers, 291Multigroup HSRP (MHSRP), 181multihoming, 202, 223, 230multilayer campus design, 141–143

access layer, 143building blocks, 144core layer, 144distribution layer, 143Layer 2 domains, 145–178Layer 3 domains, 178–190

Multilink Point-to-Point Protocol (MPPP), 243multipath routing, 128multiplexing SONET, 247Multiprotocol BGP (MBGP), 271Multiprotocol Label Switching (MPLS), 6Multi-Router Traffic Grapher (MRTG), 340, 343

NNAF (number of accumulated failures), 356NAM (Network Analysis Module), 328, 332naming conventions (IOS), 346

naming conventions (IOS)

400

NAT (Network Address Translation), 49, 194effect on applications, 232entry limitation, 230ICMP, 232Internet modules, 235multihoming, 223, 230performance, 235security, 235stateful, 226TCP, 232VoIP, 234

NEBS (Network Equipment Building System), 57need for application QoS, 69–72neighbors

BFD, 125LSA neighbors, propagating, 88

NetFlow, 335Network Address Translation. See NATNetwork Analysis Module (NAM), 328, 332Network Equipment Building System (NEBS), 57network interface card (NIC), 288, 295network layer reachability information (NLRI),

213networks

configuring, 86convergence, 90core, 85–86Data Center module, 289–291

architecture, 291–301security, 289, 302–315server performance, 290

high-availability, 950-ms resiliency, 15–16achieving, 16–25five-nines, 9–12Telcordia GR-512-Core document, 12–15

Layer 2 best practices, 173–178management

Cisco IOS deployment, 345–351components, 331–337establishing baselines, 337–345proactive, 351–364

multilayer campus design, 141–143access layer, 143building blocks, 144core layer, 144distribution layer, 143

Layer 2 domains, 145–178Layer 3 domains, 178–190

WANdial backup, 258–261leased lines, 237–244RPR, 251–258SONET/SDH, 244–251VPN, 261–279

next-generation IOS architecture, 362next-generation IP applications, 5

IP Storage, 5VoIP, 5

next-hop address tracking (BGP), 214next-hop routers, 134NIC (network interface card), 288, 295NLRI (network layer reachability information),

213nodes

fast reroute node protection, 136leaf, 150

Non Stop Forwarding with Stateful Switchover (NSF/SSO), 106, 216

non-responder-based IP SLA operations, 354nonstop forwarding (NSF), 45–48normal mode, UDLD configuration, 155notification, 332NSF (nonstop forwarding), 45–48NSF/SSO (Non Stop Forwarding with Stateful

Switchover), 106, 216number of accumulated failures (NAF), 356

Oobject identifier (OID), 340objects, COOL measurements of, 356OID (object identifier), 340OIR (online insertion and removal), 34–36Open Shortest Path First. See OSPFOpen Systems Interconnection (OSI), 27operations

IP SLAs, 354life cycle management (IOS), 350non-responder-base IP SLA, 354responder-based IP SLA, 353

optimization. See also customizationBGP convergence, 213

NAT (Network Address Translation)

401

EIGRP, 123BFD, 124–126graceful shutdown, 123stub routers, 123

enhanced NAT resiliency, 222IS-IS, 111

Fast Hellos, 114–115graceful restart, 117–122incremental SPF, 116LSA flooding reduction, 114LSP generation, 113SPF throttling, 112–113update packet-pacing timer, 115–116

OSPF, 86–95Fast Hello, 102–103graceful restart, 106–111incremental SPF, 105LSA flooding reduction, 100–101LSA throttling, 98–100SPF throttling, 97update packet-pacing timer, 104–105

protocols, 7security, 7services, 315–328

optionscabling, 286EIGRP, 123

BFD, 124–126graceful shutdown, 123stub router, 123


OSPF, 86–95Fast Hello, 102–103graceful restart, 106–111incremental SPF, 105LSA flooding reduction, 100–101LSA throttling, 98–100SPF, 97update packet-pacing timer, 104–105

OSI (Open Systems Interconnection), 27OSPF (Open Shortest Path First), 7

enhancements, 86–95Fast Hello, 102–103graceful restart, 106–111incremental SPF, 105LSA

flooding reduction, 100–101throttling, 98–100

network convergence in the core, 85NSF, 46SPF throttling, 97update packet-pacing timer, 104–105

outbound soft reset, 211

PP (provider) routers, 270, 273Packet over SONET (POS) interface, 28packets

CSNP, 117DPT, 251–258forwarding, 134Hello intervals, 86loss, 72PSNP, 118RPR, 251–258tagging, 65

pak_priority flags, 66parallel components, 10parallel devices, availability of, 369Partial Sequence Number Packet (PSNP), 118partial SPF, 106pass-through modules, 288passwords, 337PAT (Protocol Address Translation), 222paths

default costs for STP, 147LSP, 269multipath routing, 128network convergence in the core, 85–86protection, 133switching, 48–55

PBX (private branch exchange) systems, 12PE (provider edge) routers, 270, 274peer command, 229

peer command

402

peering resources, conserving, 189penultimate hop popping, 134percentage method, calculating availability, 367per-destination load balancing, 130performance

baselines. See baselinesmanagement, 335–336NAT, 235

per-packet load balancing, 129Per-VLAN Spanning Tree (PVST), 162Per-VLAN Spanning Tree Plus (PVST+), 164physical redundancy, 57pim query-interval command, 138ping command, 353planning life cycle management (IOS), 349PLR (point of local repair), 134point of local repair (PLR), 134policies

defining, 81security, 204–205SLB, 317testing, 81

polling data (baselines), 340–343PortFast, 150portfast command, 150ports

alternate, 146designated, 146disabled, 146EtherChannel, 177IEEE 802.1w, 166PVLANs, 305root, 146routed (aggregation switches), 299security, 311trunks (aggregation switches), 298

POS (Packet over SONET) interface, 28power supplies, 13

Data Center module, 287UPS, 287

PPP over SONET/SDH, 247primary command, 229primary power equipment, 287primary VLANs, 306primary/secondary method (static NAT), 228principles of security policies, 205

prioritizationsyslog messages, 360thresholds, 345

private addresses, 194blocks, 195DoS attacks, 195filtering, 206

private branch exchange (PBX) systems, 12private VLANs (PVLANs), 304

Catalyst switch support, 310configuring, 307ports, 305

proactive network management, 351–364process switching, 49processors

RPR, 40–41RPR+, 41–43

Product Security Incident Response Team (PSIRT), 23, 350

promiscuous ports, 305properties, applications, 78protection

applications with QoS, 69–74control planes, 55–56, 63–69data planes, 55–56switching (SONET/SDH), 248

Protocol Address Translation (PAT), 222protocols

ARP, 49, 312BGP, 193–222

convergence, 213fast peering session deactivation, 214next-hop address tracking, 214route dampening, 215updates, 221

EIGRP, 123BFD, 124–126graceful shutdown, 123

GLBP, 183–186Hello, 102, 114–115HSRP, 179, 181


ICMP, 232IP, 27–29

peering resources, conserving

403


L2TP, 265LDP, 270MPPP, 243NAT, 235optimizing, 7OSPF

enhancements, 86–95Fast Hello, 102–103graceful restart, 106–111incremental SPF, 105LSA flooding reduction, 100–101LSA throttling, 98–100update packet-pacing timer, 104–105

routing, 65RSTP, 165SNMP, 332Spatial Reuse Protocol, 251STP, 146–150

BackboneFast, 152–154BPDUGuard, 157–158channeling, 171–173cycles, 148IEEE 802.1s, 168–171IEEE 802.1w, 165–168Layer 2 domains, 145LoopGuard, 157PortFast, 150RootGuard, 155–157UDLD, 154–155UplinkFast, 151VLANs, 158–165

TCP, 29–33delayed binding, 320MSS, 213NAT, 232three-way handshakes, 31

UDP, 33–34VRRP, 183WCCP, 324–328

provider (P) routers, 270, 273provider edge (PE) routers, 270, 274PSIRT (Product Security Incident Response

Team), 23, 350PSNP (Partial Sequence Number Packet), 118public addresses, 194–195, 202punting, 49PVLANs (private VLANs), 304

Catalyst switch support, 310configuring, 307ports, 305

PVST (Per-Vlan Spanning Tree), 162PVST+ (Per-Vlan Spanning Tree Plus), 164

QQoS (quality of service), 29, 63

applications, 69–74control plane traffic, 76–77control planes, 63–69deploying, 77–82DiffServ model, 74–76implementing, 82monitoring, 82

queues (SRP), 254

Rrack space, Data Center module, 283RACL (receive access control list), 67RANCID (Really Awesome New Cisco Config

Differ), 333random early detect (RED), 75Rapid Spanning Tree Protocol (RSTP), 165Rapid-PVST+, 168raw availability, 18reachability, 196Really Awesome New Cisco Config Differ

(RANCID), 333receive access control list (RACL), 67RED (random early detect), 75redistribute connected command, 276redistribute ospf 10 command, 278

redistribute ospf 10 command

404

redundancy, 13device-level, 201Internet modules, 199–204ISP-level, 202link-level, 58, 200logical, 57NIC teaming, 297physical, 57router status, 217RPR, 40–41, 107RPR+, 41–43, 216site-level, 203strategies, 56VRRP, 183

release, Cisco IOS, 346reliability, 9, 34

HSA, 39IP networks, 3NSF, 45–48OIR, 34–36RPR, 40–41RPR+, 41–43single line card reload, 36–37SSO, 43–45

remote monitoring (RMON), 332, 336Request For Proposals (RFPs), 12rerouting 85–86resiliency

50-ms, 15–16design, 59–61device-level, 34, 57

HSA, 39NSF, 45–48OIR, 34–36RPR, 40–41RPR+, 41–43single line card reload, 36–37SSO, 43–45

IP, 28strategies, 59

Resilient Packet Ring (RPR), 7, 85, 251–258resolution, DNS, 321resources, peering, 189responder-based IP SLA operations, 353restarting (graceful restart)

IS-IS, 117–122OSPF, 106–111

reverse proxy caching, 326RFC 3623, 107RFPs (Request For Proposals), 12rings, configuring DPR/SPR, 256RMON (remote monitoring), 332, 336RNS (root name server), 321root bridges, 148, 176root name server (RNS), 321root ports, 146RootGuard, 155–157route processor redundancy (RPR), 40–41, 107route processor redundancy plus (RPR+), 41–43,

216routed ports, aggregation switches, 299router ospf 10 vrf RED command, 278routers

Adv Rtr, 87CE, 276–278CRS-1, 3DPT, 252equal-cost load balancing, 241GSR, 106ISDN, 258leased line connections, 241LER, 269LSR, 269MPPP, 243NAT performance, 235next hop, 134P, 270, 273PE, 270, 274redundancy status, 217stub (EIGRP), 123

routesCE, 270dampening, 215floating static, 258maps (NAT), 223

routingCIDR, 194external users, 198flaps, 45internal users, 197Internet module, 194–199multipath, 128tagging, 65

redundancy

405

RPR (Resilient Packet Ring), 7, 85, 251–258RPR (route processor redundancy), 40–41, 107RPR+ (route processor redundancy plus), 41–43,

216RSTP (Rapid Spanning Tree Protocol), 165

SSAA (Service Assurance Agent), 82SAFE (Security Blueprint for Enterprise

Networks), 289scaling

architecture, 301–302strategies, 58

scheduling downtime, 23scripting (TCL), 360SDH (Synchronous Digital Hierarchy), 15security

Data Center networks, 289design, 60DHCP servers, 314Internet modules, 204–209Layer 2, 303–313Layer 3, 313–315management, 336–337NAT, 235networks (Data Center module), 302–315optimizing, 7policies, 204–205ports, 311

Security Blueprint for Enterprise Networks (SAFE), 289

selecting root bridges, 176send routing message (SRM), 118serial devices, availability of, 369series components, 10server load balancing (SLB), 316–320servers

blade connectivity, 288clustering, 297Data Center module, 284–289Data Center network performance, 290DHCP, 314DMZ, 196extranet reachability, 196failures, 21

farms, 292, 301fault-tolerant, 290

Service Assurance Agent (SAA), 82service level agreement. See SLAservices

classes of, 254integrated service modules, 328–329optimization, 315–328QoS. See QoS

sessions, fast peering deactivation, 214sham links, 278shortest path first. See SPFshortest-path tree. See SPTshow bfd neigh detail command, 125show commands, 337

show ip bgp neighbors, 211show ip cef, 131show ip cef exact-route, 132show ip ospf, 96, 98show ip ospf neighbor detail, 110show ip pim neighbor, 138show ip route, 129show ip rpf events, 139show isis nsf, 120show running-config, 36

SIA (stuck-in-active) state, 123signals, EOT, 123simple hardware backups, 38Simple Network Management Protocol (SNMP),

332simple network topology availability, 370simple system availability, 370simplicity

Layer 2, 173of network design, 59

single line card reload, 36–37site-level redundancy, 203sizing windows, 32SLA (service level agreement), 16, 335

ICMP, 353IP SLAs, 352

SLB (server load balancing), 316–320sliding windows (TCP), 32snapshots, taking of inventory, 340SNMP (Simple Network Management Protocol),

332snooping (DHCP), 315

snooping (DHCP)

406

soft reconfiguration (BGP), 210soft reset refresh, 211software error protection, 38software management, 334SONET (Synchronous Optical Network)/SDH

(Synchronous Digital Hierarchy), 244–251Spanning Tree Protocol. See STPspans of VLANs, limiting, 174Spatial Reuse Protocol, 251special-use address measures, 206speeds, SONET/SDH, 244SPF (shortest path first)

incremental, 105, 116partial, 106throttling (IS-IS), 112–113

spf-interval command, 112spoofing, anti-spoofing measures, 206SPT (shortest-path tree), 105SRM (send routing message), 118SSO (stateful switchover), 43–45stacking labels, 134standards, RPR, 255standby power equipment, 287stateful NAT, 226stateful switchover (SSO), 43–45states

blocking, 148disabled, 148forwarding, 148learning, 148listening, 148steady (STP), 149

static mapping with HSRP, 224static routes, configuring, 259status

router switching, 53RPR, 40RPR+, 42SSO, 44

steady state (STP), 149STM (Synchronous Transport Module), 244storage, IP, 5stored routing update information, 211STP (Spanning Tree Protocol), 7, 146–150

BackboneFast, 152–154BPDUGuard, 157–158channeling, 171–173

cycles, 148IEEE 802.1s, 168–171IEEE 802.1w, 165–168Layer 2 domains, 145LoopGuard, 157PortFast, 150RootGuard, 155–157UDLD, 154–155UplinkFast, 151VLANs, 158–165

strategieshigh availability, 21QoS deployment, 77–82redundancy, 56resiliency, 59scaling, 58

stream data transfers, 30STS (Synchronous Transport Signal), 244stub routers, 123stuck-in-active (SIA) state, 123switches, 146

aggregation, 298forwarding architecture, 314L2TPv3, 268PVLANs, 310

switchingCEF, 50LATA, 12MPLS, 6paths, 48–55process, 49protection (SONET/SDH), 248topology-based, 186

synchronization, global, 75Synchronous Optical Network (SONET)/

Synchronous Digital Hierarchy (SDH). See SONET/SDH

Synchronous Transport Module (STM), 244Synchronous Transport Signal (STS), 244syslog messages

fault management, 332prioritizing, 360

soft reconfiguration (BGP)

407

Ttables

adjacency, 50entries in, 51

TACACS, 337tagging

cables, 282routing protocols, 65

TCL (Tool Command Language), 360TCP (Transmission Control Protocol), 29–33

delayed binding, 320MSS, 213NAT, 232sliding windows, 32three-way handshakes, 31

TDM (time-division multiplexing), 13teaming (NIC), 295Telcordia GR-512-Core document, 12–15testing

life cycle management (IOS), 350policies, 81

theoretical availability of devices, 368–369three-tier architecture, 142three-way handshakes (TCP), 31thresholds

analyzing, 344baselines. See baselinesprioritizing, 345troubleshooting, 345

throttlingLSAs, 98–100SPF (IS-IS), 112–113

time-division multiplexing (TDM), 13timers

forward delay, 149hello, 149maximum age, 149

timers lsa arrival command, 100timers spf spf-holdtime command, 97Tool Command Language (TCL), 360tools

COOL, 355MRTG, 343

topologies 171–174topology-based switching, 186ToS (type-of-service), 29

trackinginventory, 333next-hop address tracking (BGP), 214

trafficconditioning, 76control planes, 76–77network convergence in the core, 85–86types that affect control planes, 64VoIP, 234

Traffic Anomaly Detector service module, 335transferring stream data, 30transient congestion, 73Transmission Control Protocol. See TCPtraps, SNMP, 332trees, SPT, 105triangle topologies, 174troubleshooting

congestion, 73DoS attacks, 195failures, 3, 20fault management, 332MTTR, 368thresholds, 345

trunkingcards, 13ports, 298STP, 158–165

tunnel mode gre command, 264tunnel mode ipip command, 264tunnel mpls traffic-eng fast-reroute command,

135tunnel path-mtu-discovery command, 264tunneling

IP, 261L2TP, 265

turning off autonegotiation, 178two-tier architecture, 142type-of-service (TOS), 29types

of ISDN, 258of traffic that affect control planes, 64of VLANs, 306

types

408

UUDLD (Unidirectional Link Detection), 154–155UDP (User Datagram Protocol), 33–34uncongested links, 72Unicast Reverse Path Forwarding (uRPF), 335Unidirectional Link Detection (UDLD), 154–155unidirectional self-healing ring (USHR), 248uninterruptible power supply (UPS), 287universal load-sharing algorithm, 131update packet-pacing timer, 104–105, 115–116updates

BGP, 221generating, 211

upgrading ISSU, 364UplinkFast, 151uplinkfast command, 152upper-bound thresholds, 344UPS (uninterruptible power supply), 287upstream failures, 21uRPF (Unicast Reverse Path Forwarding), 335User Datagram Protocol. See UDPUser IDs, 337USHR (undirectional self-healing ring), 248

VVACL (VLAN access control list), 310verification

OSPF in NSF mode, 47router switching status, 53RPR+ status, 42SSO status, 44

virtual LANs. See VLANsvirtual MAC (vMAC) addresses, 4, 296Virtual Private Network. See VPNvirtual router identifier (VRID), 183Virtual Router Redundancy Protocol (VRRP),

183viruses, 204VLAN access control list. See VACLVLANs (virtual LANs)

spans, 174types of, 306STP, 158–165

vMAC (virtual MAC) addresses, 4, 296VoIP (Voice over IP), 5, 234VPN (Virtual Private Network), 6, 261–279VRID (virtual router identifier), 183VRRP (Virtual Router Redundancy Protocol),

183

W–ZWAN (wide area network)

dial backup, 258–261leased lines, 237–244RPR, 251–258SONET/SDH, 244–251VPN, 261–279

warm standby mode, 40WCCP (Web Cache Communication Protocol),

324–328weighed random early detection (WRED), 30what-if analysis, 344windows, sliding (TCP), 32worms, 204, 304WRED (weighted random early detection), 30

UDLD (Unidirectional Link Detection)

1587052156index.pdf - cisco press

Documents