Download - 1587052156index.pdf - Cisco Press
I N D E X
Numerics50-ms resiliency, 15–16
Aaccess control lists (ACLs), 206, 337access layer, 143, 292–298accounting, management of, 334–335accumulated outage time (AOT), 356achieving high-availability, 16–25ACLs (access control lists), 206, 337Address Resolution Protocol (ARP), 49, 312addresses
Internet module, 194–199multihoming, 202net-hop address tracking (BGP), 214vMAC, 296
adjacency tables, 50–51adjusted availability, 18Adv Rtr (advertising router), 87aggregation
layer design, 298–300switches, 298
aggressive mode, UDLD configuration, 155alerts, PSIRT, 350ALG (Application Level Gateway), 226algorithms
fairness (SRP), 255universal load-sharing, 131
alternate ports, 146analysis
baselines. See baselinesthresholds, 344
Anomaly Detection and Mitigation Modules, 328ANS (authoritative name server), 321anti-spoofing, 206AOT (accumulated outage time), 356Application Level Gateway (ALG), 226applications, 5
classifying, 78effect of NAT on, 232
failures, 21QoS, 69–77that use UDP, 33
application-specific gateways, 233application-specific integrated circuit (ASIC), 3applying GSS, 323APS (Automatic Protection Switching), 249architecture
DPT, 252–258flow-based, 187MPLS-VPN, 269networks (Data Center module), 291–301next-generation IOS, 362scaling, 301–302servers, 288–289, 301switch forwarding, 314three-tier, 142two-tier, 142
ARP (Address Resolution Protocol), 49, 312ASIC (application-specific integrated circuit), 3assignment of addresses, 194attacks
DoS, 195, 204failures, 21
authoritative name server (ANS), 321auto route injection, 231Automatic Protection Switching (APS), 249autonegotiation, turning off, 178availability
calculating, 10defects-per-million method, 367devices, 369high-availability networks, 9
50-ms resiliency, 15–16achieving, 16–25five-nines, 9–12Telcordia GR-512-Core document, 12–15
HSA, 39measuring, 17of parallel devices, 369percentage method, 367simple network topologies, 370simple systems, 370theoretical availability of devices, 368–369
avoidance, congestion, 75
390
BBackboneFast, 152–154backbones, Gigabit Ethernets, 3backups
dial backups (WAN), 258–261simple hardware, 38
baselines, establishing, 337–345BCPs (Best Current Practices), 194best practices
Layer 2, 173–178Layer 3, 187, 189–190
BFD (Bidirectional Forwarding Detection), 103,EIGRP, 124–126
BGP (Border Gateway Protocol), 7, 193convergence, 213fast peering session deactivation, 214Internet modules, 222next-hop address tracking, 214route dampening, 215updates, 221
BID (bridge ID), 147Bidirectional Forwarding Detection. See BFDbidirectional line switch ring (BLSR), 249binding, delayed, 319blade server connectivity, 288blocks
private addresses, 195states, 148
BLSR (bidirectional line switch ring), 249boot codes, 334Border Gateway Protocol. See BGPBPDU (Bridge Protocol Data Unit), 153BPDUGuard, 157–158bridge ID (BID), 147Bridge Protocol Data Unit. See BPDUbridges, 146
root, 148selecting, 176
building blocks (access module), 144
Ccabling
Data Center module, 282–283options, 286
caches, 326calculations
availability, 10defects-per-million method, 367percentage method, 367simple network topologies, 370simple systems, 370theoretical availability of devices,
368–369downtime, 12MTBF using COOL, 357
capacity failures, 21Catalyst switch support, PVLANs, 310causes of network failures, 20CE (customer edge) routers, 270, 276–278CEF (Cisco Express Forwarding), 46, 129
central mode, 53configuring, 53dCEF, 54switching, 50
channeling, 171–173CIDR (classless interdomain routing), 194circuits
half, 239WAN leased lines, 237–244
Cisco Component Outage Online (COOL), 355Cisco Express Forwarding. See CEFCisco IOS deployment, 345–351Cisco Networking Services (CNS) events, 360CISCO-OUTAGE-MONITOR MIB, 355CISCO-PROCESS-MIB, OIDs within, 341Class-Based QoS MIB, 82classes of service, DPT/SPR, 254classification
applications, 78DiffServ model, 75IP Precedence, 66
classless interdomain routing (CIDR), 194client name server (CNS), 321clustering, 297CNS (Cisco Networking Services) events, 360CNS (client name server), 321cold restart feature, 37coloring, 75commands
backbonefast, 154debug dampening interface, 128
BackboneFast
391
debug ip ospf database-timer rate-limit, 99debug ip ospf flood, 99debug ip ospf spf, 95, 99debug isis adj, 121debug isis adj-packets, 115debug isis nsf, 121debug isis snp, 121execute-on <lot>, 125flood packet pacing timer, 104glbp priority, 184ip accounting, 335ip cef load-sharing algorithm original, 132ip ospf network point-to-point, 87ip tcp path-mtu-discovery, 213ip-ospf flood-reduction, 101mpls traffic-eng backup path tunnel, 135peer, 229pim query-interval, 138ping, 353portfast, 150primary, 229redistribute connected, 276redistribute ospf 10, 278router ospf 10 vrf RED, 278show, 337show bfd neigh detail, 125show ip bgp neighbors, 211show ip cef, 131show ip cef exact-route, 132show ip ospf, 96, 98show ip ospf neighbor detail, 110show ip pim neighbor, 138show ip route, 129show ip rpf events, 139show isis nsf, 120show running-config, 36spf-interval, 112timer lsa arrival, 100times spf spf-holdtime, 97tunnel mode gre, 264tunnel mode ipip, 264tunnel mpls traffic-eng fast-reroute, 135tunnel path-mtu-discovery, 264uplinkfast, 152
Common Spanning Tree (CST), 161community ports, 305community VLANs, 306
Complete Sequence Number Packet (CSNP), 117components
availability, 10COOL, 355network management, 331–337PBX systems, 12
conditioning, traffic, 76configuration
BackboneFast, 154BGP
NSF/SSO, 217–218route dampening, 215soft reconfiguration, 210
BPDUGuard, 158CE routers, 276–278CEF, 53DHCP, 315DPR/SPR rings, 256dynamic ARP inspection, 313EEM, 362EtherChannel, 177file management, 333GLBP, 186HSA, 38HSRP, 181IEEE 802.1s, 170IP
event dampening, 127tunnels, 263
IS-ISFast Hello, 115incremental SPF, 117LSA Flooding Reduction, 114LSP generation interval timers, 113partial route computation timers, 113SPF throttling, 112update packet-pacing timers, 116
ISL trunking, 159L2TP, 266LoopGuard, 157management, 333MPLS-VPN, 273MPPP, 243NAT
HSRP, 225maximum number of entries, 230multihoming, 223stateful NAT on HSRP, 227
configuration
392
networks, 86NSF, 46OSPF
BFD, 125Fast Hello, 102incremental SPF, 106LSA flood-reduction, 101LSA throttling, 98NSF/SSO, 109update packet-pacing timers, 104
P routers, 273PE routers, 274per-packet load balancing, 130PortFast, 150port security, 311PVLANs, 307RACL, 68Rapid-PVST+, 168reverse proxy caching, 327RootGuard, 156RPR, 40RPR+, 42single line card reload, 36SONET/SDH, 250SPF throttling, 96SSO, 44static routes, 259UDLD, 155WCCP, 326
congestionavoidance, 75management, 76QoS (uncongested links), 73transient, 73
connectionsblade servers, 288cabling, 283. See also cablingLayer 2, 175leased circuit encapsulation, 239NIC teaming, 296three-way handshakes (TCP), 31
conserving peering resources, 189content switching. See SLBContent Switching Module (CSM), 328continuous fault detection, 23control packets, tagging, 65
control planesMIB, 342policing, 314protecting, 55–56QoS, 63–69traffic, 76–77
controller cards, 13convergence
BGP, 213IP event dampening, 126MPLS-TE, 132multicast subsecond, 137–139network in the core, 85–86networks, 90OSPF, 86–95
COOL (Cisco Component Outage Online), 355core layer, 144counter-rotating rings (DPT), 252CRS-1 router, 3CSM (Content Switching Module), 328CSNP (Complete Sequence Number Packet), 117CST (Common Spanning Tree), 161customer edge (CE) routers, 270, 276–278customization. See also configuration
EIGRP, 123BFD, 124–126graceful shutdown, 123stub router, 123
IS-IS, 111Fast Hellos, 114–115graceful restart, 117–122incremental SPF, 116LSA flooding reduction, 114LSP generation, 113SPF throttling, 112–113update packet-pacing timer, 115–116
OSPF, 86–95Fast Hello, 102–103graceful restart, 106–111incremental SPF, 105LSA flooding reduction, 100–101LSA throttling, 98–100SPF, 97update packet-pacing timer, 104–105
cycles, STP, 148
configuration
393
Ddampening (routes), 215DARPA (Defense Advanced Research Projects
Agency), 4Data Center module, 281
environmental considerations, 282cabling, 282–283power supply, 287rack space, 283server architecture, 288–289server size, 284–287
networks, 289–291architecture, 291–301security, 289, 302–315server performance, 290
service optimization, 315–328data planes
MIBs, 342protecting, 55–56
datagrams, 27. See also UDPdCEF (Distributed CEF), 54debug commands
debug dampening interface, 128debug ip ospf database-timer rate-limit, 99debug ip ospf flood, 99debug ip ospf spf, 95, 99debug isis adj, 121debug isis adj-packets, 115debug isis nsf, 121debug isis snp, 121
default path costs for STP, 147defects-per-million method, 367Defense Advanced Research Projects Agency
(DARPA), 4defining
metrics, 19policies, 81
delayed binding, 319demilitarized zone (DMZ) servers, 196denial-of-service (DoS) attacks, 195, 204deployment
Cisco IOS, 345–351EtherChannel, 177IP tunnels, 263L2TPv3, 265QoS, 72, 77–82
designaccess layer, 292–298aggregation layer, 298–300ASIC, 3Data Center module, 281
cabling, 282–283environmental considerations, 282network architecture, 291–301network security, 289, 302–315network server performance, 290networks, 289–291power supply, 287rack space, 283servers, 284–289service optimization, 315–328
high availability, 21Internet module, 193
BGP, 222filtering, 206NAT, 235redundancy, 199–204security, 204–209
Internet modules, 194–199life cycle management (IOS), 349multilayer campus, 141–143
access layer, 143building blocks, 144core layer, 144distribution layer, 143Layer 2 domains, 145–178Layer 3 domains, 178–190
resiliency, 59–61security, 60
designated IS (DIS), 114designated ports, 146detection, 332
continuous fault, 23EEM, 361
device-level redundancy, 201device-level resiliency, 34, 57
HSA, 39NSF, 45–48OIR, 34–36RPR, 40–41RPR+, 41–43single line card reload, 36–37SSO, 43–45
device-level resiliency
394
devicesconfiguration file management, 333parallel, 369theoretical availability of, 368–369
DHCP (Dynamic Host Control Protocol)servers, 314snooping, 315
diagrams, cabling, 283dial backup (WAN), 258–261diameter keyword, 176DiffServ model (QoS), 74–76direct connections (Layer 2), 175directed mode (SLB), 318DIS (designated IS), 114disabled ports, 146disabled states, 148disasters (failures), 21discipline, cabling, 283dispatch mode (SLB), 318Distributed CEF (dCEF), 54distribution layer, 143DLC (domestic leased circuit), 238DMZ (demilitarized zone) servers, 196DNS (Domain Name System), 321DNSR (DNS resolver), 321documentation, cabling, 283Domain Name System (DNS), 321domains
Layer 2, 145–178Layer 3, 178–190
domestic leased circuit (DLC), 238DoNotAge link-state advertisements, 114DoS (denial-of-service) attacks, 195, 204downtime
calculating, 12fault management, 332scheduling, 23
DPT (Dynamic Packet Transport), 7, 251architecture, 252–258classes of service, 254
duplicate acknowledgment (DUPACK), 130dynamic ARP inspection, 312Dynamic Host Control Protocol. See DHCPDynamic Packet Transport. See DPTdynamic soft reset, 211
EEarly Deployment (ED) release, 346echo (ICMP), 353ECMP (equal-cost multipath), 129, 188ED (Early Deployment) release, 346EEM (Embedded Event Manager), 359–362effect of Internet growth, 4EIGRP (Enhanced Interior Gateway Routing
Protocol), 123BFD, 124–126graceful shutdown, 123stub routers, 123
Embedded Event Manager (EEM), 359–362enabling
BGP fast peering session deactivation, 214COOL, 357
encapsulationISL, 159leased circuit, 239
end nodes (L2TP), 268End of Engineering (EOE), 346End of Life (EOL), 346End of Sales (EOS), 346End-of-Table (EOT) signal, 123Enhanced Interior Gateway Routing Protocol.
See EIGRPentries
in adjacency tables, 51MIB, 340
entry limitation (NAT), 230environmental considerations (Data Center
module), 282cabling, 282–283power supply, 287rack space, 283servers
architecture, 288–289size, 284–287
EOE (End of Engineering), 346EOL (End of Life), 346EOS (End of Sales), 346EOT (End-of-Table) signal, 123equal-cost load balancing, 241equal-cost multipath (ECMP), 129, 188errors, software protection, 38establishing baselines, 337–345
devices
395
EtherChannel, 172configuring, 177deploying, 177Later 2, 177load balancing, 177
event dampening (IP), 126Event Publisher, 360Event Subscriber, 360events
CNS, 360EEM, 359–362internal trouble-ticket, 24
execute-on, 125exponential back-off behavior, SPF, 97extensions, graceful restart, 46external users, routing, 198extranet servers, reachability, 196
Ffailure, 3. See also troubleshooting
causes of, 20MTBF, 10, 368
fairness algorithms (SRP), 255farms (servers), 292, 301Fast EtherChannel (FEC), 171Fast Hellos
IS-IS, 114–115OSPF, 102
fast peering session deactivation, 214Fast Reroute (FRR), 6fast reroute link protection, 133fast reroute node protection, 136fault detection, 23fault management, 332fault-tolerant servers, 290FCIP (Fibre Channel over IP), 5FEC (FastEtherChannel), 171FEC (forwarding equivalence class), 6, 270Fibre Channel over IP (FCIP), 5Field Programmable Gate Array (FPGA) codes,
334files, configuration management, 333filtering (Internet module), 206Firewall Service Module (FWSM), 328five-nines availability, 9–12
flags, pak_priority, 66flaps (routing), 45flash crowds, 316floating static routes, 258flood packet pacing timer command, 104flooding
IS-IS, 114LSAs, 100–101
flow-based architecture, 187formatting UDP, 33. See also configurationforward delay timers, 149forwarding
architecture (switches), 314CEF, 46, 129
central mode, 53configuring, 53dCEF, 54switching, 50
NSF, 45–48packets, 134states, 148
forwarding equivalence class (FEC), 6, 270FPGA (Field Programmable Gate Array) codes,
334framing (SONET/SDH), 245FRR (Fast Reroute), 6functional entities, 57FWSM (Firewall Service Module), 328
Ggateways, application-specific, 233GD (General Deployment) release, 346GEC (Gigabit EtherChannel), 171General Deployment (GD) release, 346generation
LSP, 113of updates, 211
Gigabit EtherChannel (GEC), 171Gigabit Ethernet backbones, 3Gigabit Switch Router (GSR), 106GLBP (Global Load Balancing Protocol),
183–186glbp priority command, 184Global Load Balancing Protocol (GLBP),
183–186
Global Load Balancing Protocol (GLBP)
396
global server load balancing (GSLB), 320Global Site Selector (GSS), 320–323global synchronization, 75graceful restart
extensions, 46IS-IS, 117–122OSPF, 106–111
graceful shutdown (EIGRP), 123graphs, MRTG, 343groups, availability of, 369growth of Internet, effect of, 4GSLB (global server load balancing), 320GSR (Gigabit Switch Router), 106GSS (Global Site Selector), 320–323
Hhalf circuits, 239hardware
baselines. See baselinesfailures, 21simple backups, 38
headers, ISL, 158heartbeat mechanisms, 297Hello packets, 86Hello protocol, 102, 114–115hello timers, 149hierarchical IP addressing schemes, 190high system availability (HSA), 39high-availability networks, 9
50-ms resiliency, 15–16achieving, 16–25five-nines, 9–12Telcordia GR-512-Core document, 12–15
high-density server farms, scaling, 301high-priority services, 254hops, next-hop address tracking (BGP), 214Hot Standby Routing Protocol (HSRP), 179, 181
stateful NAT, 227static mapping, 224
hot swap capability, 35HSA (high system availability), 39HSRP (Hot Standby Routing Protocol), 179, 181
stateful NAT, 227static mapping, 224
human error (failures), 21
IIANA (Internet Assigned Numbers Authority),
195ICMP (Internet Control Message Protocol)
echo, 353NAT, 232SLAs, 353
IEEE 802.17, 255IEEE 802.1d, 146IEEE 802.1q, 158IEEE 802.1s, 168–171IEEE 802.1w, 165–168IETF (Internet Engineering Task Force), 6, 118IGESM (Intelligent Gigabit Ethernet Switch
Module), 288impact of different switching paths, 48–55implementation. See also configuration
life cycle management (IOS), 350QoS, 82
inbound ACLs, 206inbound soft reset, 211incident response, 205incremental SPF, 116inferior BPDU, 153INS (intermediate name server), 321in-service software upgrade (ISSU), 364Integrated Service Digital Network. See ISDNintegrated service modules, 328–329Intelligent Gigabit Ethernet Switch Module
(IGESM), 288interfaces
IP event dampening, 126iSCSI, 5POS, 28
intermediate name server (INS), 321Intermediate System-to-Intermediate System (IS-
IS), 7Internal trouble-ticket events, 24internal users, routing, 197international private leased circuit (IPLC), 238International Telecommunication Union-
Telecommunication Standardization Sector (ITU-T), 15
Internet Assigned Numbers Authority (IANA), 195
Internet Control Message Protocol. See ICMP
global server load balancing (GSLB)
397
Internet Engineering Task Force (IETF), 6, 118Internet module, 193
addressing/routing, 194–199BGP, 222filtering, 206NAT, 235redundancy, 199–204security, 204–209
Internet Protocol. See IPInternet Small Computer System Interface
(iSCSI), 5Inter-Switch Link (ISL), 158intervals, 86inventory
management, 334snapshots, 340tracking, 333
IOS deployment, 345–351IP (Internet Protocol), 27–29
event dampening, 126next-generation transport systems, 6next-generation applications, 5
IP Storage, 5VoIP, 5
Precedence, 65SLA, 354VPNs, 261
ip accounting command, 335ip cef load-sharing algorithm original command,
132ip ospf flood-reduction command, 101ip ospf network point-to-point command, 87IP SLA (IP Service Level Agreement), 82, 352ip tcp path-mtu-discovery command, 213IPLC (international private leased circuit), 238iSCSI (Internet Small Computer System
Interface), 5ISDN (Integrated Service Digital Network)
as dial backups, 258IS-IS (Intermediate System-to-Intermediate
System), 7, 111Fast Hellos, 114–115graceful restart, 117–122incremental SPF, 116LSA flooding reduction, 114LSP generation, 113SPF throttling, 112–113update packet-pacing timer, 115–116
ISL (Inter-Switch Link), 158isolated ports, 305isolated VLANs, 306ISP-level redundancy (multihoming), 202ISSU (in-service software upgrade), 364ITU-T (International Telecommunication Union-
Telecommunication Standardization Sector), 15
J–Kjitter, 71
keywords, diameter, 176
LL2TP (Layer 2 Tunnel Protocol), 265Label Distribution Protocol (LDP), 270label edge router (LER), 269label switch router (LSR), 269label switched path (LSP), 113, 269labels
MPLS, 6stacking, 134
LAN Management Solution (LMS), 334LATA (Local Access and Transport Area)
switching systems, 12latency, 70Layer 2
best practices, 173–178control packets, 65domains, 145–178EtherChannel, 177security, 303–313
Layer 2 Tunnel Protocol (L2TP), 265Layer 3
best practices, 187, 189–190domains, 178–190security, 313–315
layersaccess design, 292–298aggregation design, 298–300multilayer campus design, 141–143
access, 143
layers
398
building blocks, 144core, 144distribution, 143Layer 2 domains, 145–178Layer 3 domains, 178–190
LD (limited deployment) release, 346LDP (Label Distribution Protocol), 270leaf nodes, 150learning states, 148leased lines (WAN), 237–244LER (label edge router), 269levels of security breaches, 205life cycle management (IOS), 348limitation of entries (NAT), 230Limited Deployment (LD) release, 346limiting spans of VLANs, 174lines cards, 13link local signaling (LLS), 108link-level redundancy, 58, 200Link-Local Opaque link-state advertisements,
107links
fast reroute link protection, 133sham, 278uncongested, 72
link-state advertisements. See LSAslink-state ID (LSID), 87link-state type (LS-Type), 87listening states, 148LLS (link local signaling), 108LMS (LAN Management Solution), 334load balancing
equal-cost, 241EtherChannel, 177GLBP, 183–184, 186multipath routing, 128per-destination, 130per-packet, 129
Local Access and Transport Area (LATA) switching systems, 12
local protection, 133logging, 332logical redundancy, 57LoopGuard, 157loops, 146–154
BPDUGuard, 157–158channeling, 171–173
IEEE 802.1s, 168–171IEEE 802.1w, 165–168LoopGuard, 157PortFast, 150RootGuard, 155–157UDLD, 154–155UplinkFast, 151VLANs, 158–165
loss, 72lower-bound thresholds, 344low-priority services, 254LSAs (link-state advertisements)
DoNotAge, 114flooding reduction, 100–101, 114Link-Local Opaque, 107neighbor propagation, 88OSPF, 87throttling, 98–100
LSID (link-state ID), 87LSP (label switched path), 113, 269LSR (label switch router), 269LS-Type (link-state type), 87
MMajor (IOS) release, 346management
accounting, 334–335configuration, 333congestion, 76EEM, 359–362fault, 332inventory, 334life cycles (IOS), 348LMS, 334networks
Cisco IOS deployment, 345–351components, 331–337establishing baselines, 337–345operations, 24proactive, 351–364
performance, 335–336security, 336–337software, 334
Management Information Base. See MIB
layers
399
mapsroutes (NAT with), 223static mapping with HSRP, 224
marking (DiffServ model), 75maximum age timers, 149maximum segment size (MSS), 213maximum transmission unit (MTU), 29MBGP (Multiprotocol BGP), 271mean time before failure (MTBF), 368mean time between failure (MTBF), 10, 355mean time to repair (MTTR), 368mean time to restore (MTTR), 355measurements. See also calculations
availability, 17COOL, 356high availability, 23
merge point (MP), 134messages
fault management, 332SRM, 118
metricsCOOL measurements, 356defining, 19
MHSRP (Multigroup HSRP), 181MIB (Management Information Base), 82
CISCO-OUTAGE-MONITOR, 355entries, 340
microcodes, 334models, network management, 331–337modularity of network design, 59modules
Data Center, 281architecture, 291–301cabling, 282–283environmental considerations, 282networks, 289–291power supply, 287rack space, 283security, 289, 302–315server architecture, 288–289server size, 284–287service optimization, 315–328
IGESM, 288integrated service, 328–329Internet, 193
addressing/routing, 194–199BGP, 222
filtering, 206NAT, 235redundancy, 199–204security, 204–209
pass-through, 288Traffic Anomaly Detector service, 335
monitoringQoS, 82RMON, 332
MP (merge point), 134MPLS (Multiprotocol Label Switching), 6mpls traffic-eng backup path tunnel command,
135MPLS-TE (MPLS Traffic Engineering), 6, 132MPLS-VPN, 269MPPP (Multilink Point-to-Point Protocol), 243MRTG (Multi-Router Traffic Grapher), 340, 343MSS (maximum segment size), 213MTBF (mean time between failure), 10, 355, 368MTTR (mean time to repair), 355, 368MTU (maximum transmission unit), 29multicast subsecond convergence, 137–139multifaceted servers, 291Multigroup HSRP (MHSRP), 181multihoming, 202, 223, 230multilayer campus design, 141–143
access layer, 143building blocks, 144core layer, 144distribution layer, 143Layer 2 domains, 145–178Layer 3 domains, 178–190
Multilink Point-to-Point Protocol (MPPP), 243multipath routing, 128multiplexing SONET, 247Multiprotocol BGP (MBGP), 271Multiprotocol Label Switching (MPLS), 6Multi-Router Traffic Grapher (MRTG), 340, 343
NNAF (number of accumulated failures), 356NAM (Network Analysis Module), 328, 332naming conventions (IOS), 346
naming conventions (IOS)
400
NAT (Network Address Translation), 49, 194effect on applications, 232entry limitation, 230ICMP, 232Internet modules, 235multihoming, 223, 230performance, 235security, 235stateful, 226TCP, 232VoIP, 234
NEBS (Network Equipment Building System), 57need for application QoS, 69–72neighbors
BFD, 125LSA neighbors, propagating, 88
NetFlow, 335Network Address Translation. See NATNetwork Analysis Module (NAM), 328, 332Network Equipment Building System (NEBS), 57network interface card (NIC), 288, 295network layer reachability information (NLRI),
213networks
configuring, 86convergence, 90core, 85–86Data Center module, 289–291
architecture, 291–301security, 289, 302–315server performance, 290
high-availability, 950-ms resiliency, 15–16achieving, 16–25five-nines, 9–12Telcordia GR-512-Core document, 12–15
Layer 2 best practices, 173–178management
Cisco IOS deployment, 345–351components, 331–337establishing baselines, 337–345proactive, 351–364
multilayer campus design, 141–143access layer, 143building blocks, 144core layer, 144distribution layer, 143
Layer 2 domains, 145–178Layer 3 domains, 178–190
WANdial backup, 258–261leased lines, 237–244RPR, 251–258SONET/SDH, 244–251VPN, 261–279
next-generation IOS architecture, 362next-generation IP applications, 5
IP Storage, 5VoIP, 5
next-hop address tracking (BGP), 214next-hop routers, 134NIC (network interface card), 288, 295NLRI (network layer reachability information),
213nodes
fast reroute node protection, 136leaf, 150
Non Stop Forwarding with Stateful Switchover (NSF/SSO), 106, 216
non-responder-based IP SLA operations, 354nonstop forwarding (NSF), 45–48normal mode, UDLD configuration, 155notification, 332NSF (nonstop forwarding), 45–48NSF/SSO (Non Stop Forwarding with Stateful
Switchover), 106, 216number of accumulated failures (NAF), 356
Oobject identifier (OID), 340objects, COOL measurements of, 356OID (object identifier), 340OIR (online insertion and removal), 34–36Open Shortest Path First. See OSPFOpen Systems Interconnection (OSI), 27operations
IP SLAs, 354life cycle management (IOS), 350non-responder-base IP SLA, 354responder-based IP SLA, 353
optimization. See also customizationBGP convergence, 213
NAT (Network Address Translation)
401
EIGRP, 123BFD, 124–126graceful shutdown, 123stub routers, 123
enhanced NAT resiliency, 222IS-IS, 111
Fast Hellos, 114–115graceful restart, 117–122incremental SPF, 116LSA flooding reduction, 114LSP generation, 113SPF throttling, 112–113update packet-pacing timer, 115–116
OSPF, 86–95Fast Hello, 102–103graceful restart, 106–111incremental SPF, 105LSA flooding reduction, 100–101LSA throttling, 98–100SPF throttling, 97update packet-pacing timer, 104–105
protocols, 7security, 7services, 315–328
optionscabling, 286EIGRP, 123
BFD, 124–126graceful shutdown, 123stub router, 123
IS-IS, 111Fast Hellos, 114–115graceful restart, 117–122incremental SPF, 116LSA flooding reduction, 114LSP generation, 113SPF throttling, 112–113update packet-pacing timer, 115–116
OSPF, 86–95Fast Hello, 102–103graceful restart, 106–111incremental SPF, 105LSA flooding reduction, 100–101LSA throttling, 98–100SPF, 97update packet-pacing timer, 104–105
OSI (Open Systems Interconnection), 27OSPF (Open Shortest Path First), 7
enhancements, 86–95Fast Hello, 102–103graceful restart, 106–111incremental SPF, 105LSA
flooding reduction, 100–101throttling, 98–100
network convergence in the core, 85NSF, 46SPF throttling, 97update packet-pacing timer, 104–105
outbound soft reset, 211
PP (provider) routers, 270, 273Packet over SONET (POS) interface, 28packets
CSNP, 117DPT, 251–258forwarding, 134Hello intervals, 86loss, 72PSNP, 118RPR, 251–258tagging, 65
pak_priority flags, 66parallel components, 10parallel devices, availability of, 369Partial Sequence Number Packet (PSNP), 118partial SPF, 106pass-through modules, 288passwords, 337PAT (Protocol Address Translation), 222paths
default costs for STP, 147LSP, 269multipath routing, 128network convergence in the core, 85–86protection, 133switching, 48–55
PBX (private branch exchange) systems, 12PE (provider edge) routers, 270, 274peer command, 229
peer command
402
peering resources, conserving, 189penultimate hop popping, 134percentage method, calculating availability, 367per-destination load balancing, 130performance
baselines. See baselinesmanagement, 335–336NAT, 235
per-packet load balancing, 129Per-VLAN Spanning Tree (PVST), 162Per-VLAN Spanning Tree Plus (PVST+), 164physical redundancy, 57pim query-interval command, 138ping command, 353planning life cycle management (IOS), 349PLR (point of local repair), 134point of local repair (PLR), 134policies
defining, 81security, 204–205SLB, 317testing, 81
polling data (baselines), 340–343PortFast, 150portfast command, 150ports
alternate, 146designated, 146disabled, 146EtherChannel, 177IEEE 802.1w, 166PVLANs, 305root, 146routed (aggregation switches), 299security, 311trunks (aggregation switches), 298
POS (Packet over SONET) interface, 28power supplies, 13
Data Center module, 287UPS, 287
PPP over SONET/SDH, 247primary command, 229primary power equipment, 287primary VLANs, 306primary/secondary method (static NAT), 228principles of security policies, 205
prioritizationsyslog messages, 360thresholds, 345
private addresses, 194blocks, 195DoS attacks, 195filtering, 206
private branch exchange (PBX) systems, 12private VLANs (PVLANs), 304
Catalyst switch support, 310configuring, 307ports, 305
proactive network management, 351–364process switching, 49processors
RPR, 40–41RPR+, 41–43
Product Security Incident Response Team (PSIRT), 23, 350
promiscuous ports, 305properties, applications, 78protection
applications with QoS, 69–74control planes, 55–56, 63–69data planes, 55–56switching (SONET/SDH), 248
Protocol Address Translation (PAT), 222protocols
ARP, 49, 312BGP, 193–222
convergence, 213fast peering session deactivation, 214next-hop address tracking, 214route dampening, 215updates, 221
EIGRP, 123BFD, 124–126graceful shutdown, 123
GLBP, 183–186Hello, 102, 114–115HSRP, 179, 181
stateful NAT, 227static mapping, 224
ICMP, 232IP, 27–29
peering resources, conserving
403
IS-IS, 111Fast Hellos, 114–115graceful restart, 117–122incremental SPF, 116LSA flooding reduction, 114LSP generation, 113SPF throttling, 112–113update packet-pacing timer, 115–116
L2TP, 265LDP, 270MPPP, 243NAT, 235optimizing, 7OSPF
enhancements, 86–95Fast Hello, 102–103graceful restart, 106–111incremental SPF, 105LSA flooding reduction, 100–101LSA throttling, 98–100update packet-pacing timer, 104–105
routing, 65RSTP, 165SNMP, 332Spatial Reuse Protocol, 251STP, 146–150
BackboneFast, 152–154BPDUGuard, 157–158channeling, 171–173cycles, 148IEEE 802.1s, 168–171IEEE 802.1w, 165–168Layer 2 domains, 145LoopGuard, 157PortFast, 150RootGuard, 155–157UDLD, 154–155UplinkFast, 151VLANs, 158–165
TCP, 29–33delayed binding, 320MSS, 213NAT, 232three-way handshakes, 31
UDP, 33–34VRRP, 183WCCP, 324–328
provider (P) routers, 270, 273provider edge (PE) routers, 270, 274PSIRT (Product Security Incident Response
Team), 23, 350PSNP (Partial Sequence Number Packet), 118public addresses, 194–195, 202punting, 49PVLANs (private VLANs), 304
Catalyst switch support, 310configuring, 307ports, 305
PVST (Per-Vlan Spanning Tree), 162PVST+ (Per-Vlan Spanning Tree Plus), 164
QQoS (quality of service), 29, 63
applications, 69–74control plane traffic, 76–77control planes, 63–69deploying, 77–82DiffServ model, 74–76implementing, 82monitoring, 82
queues (SRP), 254
Rrack space, Data Center module, 283RACL (receive access control list), 67RANCID (Really Awesome New Cisco Config
Differ), 333random early detect (RED), 75Rapid Spanning Tree Protocol (RSTP), 165Rapid-PVST+, 168raw availability, 18reachability, 196Really Awesome New Cisco Config Differ
(RANCID), 333receive access control list (RACL), 67RED (random early detect), 75redistribute connected command, 276redistribute ospf 10 command, 278
redistribute ospf 10 command
404
redundancy, 13device-level, 201Internet modules, 199–204ISP-level, 202link-level, 58, 200logical, 57NIC teaming, 297physical, 57router status, 217RPR, 40–41, 107RPR+, 41–43, 216site-level, 203strategies, 56VRRP, 183
release, Cisco IOS, 346reliability, 9, 34
HSA, 39IP networks, 3NSF, 45–48OIR, 34–36RPR, 40–41RPR+, 41–43single line card reload, 36–37SSO, 43–45
remote monitoring (RMON), 332, 336Request For Proposals (RFPs), 12rerouting 85–86resiliency
50-ms, 15–16design, 59–61device-level, 34, 57
HSA, 39NSF, 45–48OIR, 34–36RPR, 40–41RPR+, 41–43single line card reload, 36–37SSO, 43–45
IP, 28strategies, 59
Resilient Packet Ring (RPR), 7, 85, 251–258resolution, DNS, 321resources, peering, 189responder-based IP SLA operations, 353restarting (graceful restart)
IS-IS, 117–122OSPF, 106–111
reverse proxy caching, 326RFC 3623, 107RFPs (Request For Proposals), 12rings, configuring DPR/SPR, 256RMON (remote monitoring), 332, 336RNS (root name server), 321root bridges, 148, 176root name server (RNS), 321root ports, 146RootGuard, 155–157route processor redundancy (RPR), 40–41, 107route processor redundancy plus (RPR+), 41–43,
216routed ports, aggregation switches, 299router ospf 10 vrf RED command, 278routers
Adv Rtr, 87CE, 276–278CRS-1, 3DPT, 252equal-cost load balancing, 241GSR, 106ISDN, 258leased line connections, 241LER, 269LSR, 269MPPP, 243NAT performance, 235next hop, 134P, 270, 273PE, 270, 274redundancy status, 217stub (EIGRP), 123
routesCE, 270dampening, 215floating static, 258maps (NAT), 223
routingCIDR, 194external users, 198flaps, 45internal users, 197Internet module, 194–199multipath, 128tagging, 65
redundancy
405
RPR (Resilient Packet Ring), 7, 85, 251–258RPR (route processor redundancy), 40–41, 107RPR+ (route processor redundancy plus), 41–43,
216RSTP (Rapid Spanning Tree Protocol), 165
SSAA (Service Assurance Agent), 82SAFE (Security Blueprint for Enterprise
Networks), 289scaling
architecture, 301–302strategies, 58
scheduling downtime, 23scripting (TCL), 360SDH (Synchronous Digital Hierarchy), 15security
Data Center networks, 289design, 60DHCP servers, 314Internet modules, 204–209Layer 2, 303–313Layer 3, 313–315management, 336–337NAT, 235networks (Data Center module), 302–315optimizing, 7policies, 204–205ports, 311
Security Blueprint for Enterprise Networks (SAFE), 289
selecting root bridges, 176send routing message (SRM), 118serial devices, availability of, 369series components, 10server load balancing (SLB), 316–320servers
blade connectivity, 288clustering, 297Data Center module, 284–289Data Center network performance, 290DHCP, 314DMZ, 196extranet reachability, 196failures, 21
farms, 292, 301fault-tolerant, 290
Service Assurance Agent (SAA), 82service level agreement. See SLAservices
classes of, 254integrated service modules, 328–329optimization, 315–328QoS. See QoS
sessions, fast peering deactivation, 214sham links, 278shortest path first. See SPFshortest-path tree. See SPTshow bfd neigh detail command, 125show commands, 337
show ip bgp neighbors, 211show ip cef, 131show ip cef exact-route, 132show ip ospf, 96, 98show ip ospf neighbor detail, 110show ip pim neighbor, 138show ip route, 129show ip rpf events, 139show isis nsf, 120show running-config, 36
SIA (stuck-in-active) state, 123signals, EOT, 123simple hardware backups, 38Simple Network Management Protocol (SNMP),
332simple network topology availability, 370simple system availability, 370simplicity
Layer 2, 173of network design, 59
single line card reload, 36–37site-level redundancy, 203sizing windows, 32SLA (service level agreement), 16, 335
ICMP, 353IP SLAs, 352
SLB (server load balancing), 316–320sliding windows (TCP), 32snapshots, taking of inventory, 340SNMP (Simple Network Management Protocol),
332snooping (DHCP), 315
snooping (DHCP)
406
soft reconfiguration (BGP), 210soft reset refresh, 211software error protection, 38software management, 334SONET (Synchronous Optical Network)/SDH
(Synchronous Digital Hierarchy), 244–251Spanning Tree Protocol. See STPspans of VLANs, limiting, 174Spatial Reuse Protocol, 251special-use address measures, 206speeds, SONET/SDH, 244SPF (shortest path first)
incremental, 105, 116partial, 106throttling (IS-IS), 112–113
spf-interval command, 112spoofing, anti-spoofing measures, 206SPT (shortest-path tree), 105SRM (send routing message), 118SSO (stateful switchover), 43–45stacking labels, 134standards, RPR, 255standby power equipment, 287stateful NAT, 226stateful switchover (SSO), 43–45states
blocking, 148disabled, 148forwarding, 148learning, 148listening, 148steady (STP), 149
static mapping with HSRP, 224static routes, configuring, 259status
router switching, 53RPR, 40RPR+, 42SSO, 44
steady state (STP), 149STM (Synchronous Transport Module), 244storage, IP, 5stored routing update information, 211STP (Spanning Tree Protocol), 7, 146–150
BackboneFast, 152–154BPDUGuard, 157–158channeling, 171–173
cycles, 148IEEE 802.1s, 168–171IEEE 802.1w, 165–168Layer 2 domains, 145LoopGuard, 157PortFast, 150RootGuard, 155–157UDLD, 154–155UplinkFast, 151VLANs, 158–165
strategieshigh availability, 21QoS deployment, 77–82redundancy, 56resiliency, 59scaling, 58
stream data transfers, 30STS (Synchronous Transport Signal), 244stub routers, 123stuck-in-active (SIA) state, 123switches, 146
aggregation, 298forwarding architecture, 314L2TPv3, 268PVLANs, 310
switchingCEF, 50LATA, 12MPLS, 6paths, 48–55process, 49protection (SONET/SDH), 248topology-based, 186
synchronization, global, 75Synchronous Optical Network (SONET)/
Synchronous Digital Hierarchy (SDH). See SONET/SDH
Synchronous Transport Module (STM), 244Synchronous Transport Signal (STS), 244syslog messages
fault management, 332prioritizing, 360
soft reconfiguration (BGP)
407
Ttables
adjacency, 50entries in, 51
TACACS, 337tagging
cables, 282routing protocols, 65
TCL (Tool Command Language), 360TCP (Transmission Control Protocol), 29–33
delayed binding, 320MSS, 213NAT, 232sliding windows, 32three-way handshakes, 31
TDM (time-division multiplexing), 13teaming (NIC), 295Telcordia GR-512-Core document, 12–15testing
life cycle management (IOS), 350policies, 81
theoretical availability of devices, 368–369three-tier architecture, 142three-way handshakes (TCP), 31thresholds
analyzing, 344baselines. See baselinesprioritizing, 345troubleshooting, 345
throttlingLSAs, 98–100SPF (IS-IS), 112–113
time-division multiplexing (TDM), 13timers
forward delay, 149hello, 149maximum age, 149
timers lsa arrival command, 100timers spf spf-holdtime command, 97Tool Command Language (TCL), 360tools
COOL, 355MRTG, 343
topologies 171–174topology-based switching, 186ToS (type-of-service), 29
trackinginventory, 333next-hop address tracking (BGP), 214
trafficconditioning, 76control planes, 76–77network convergence in the core, 85–86types that affect control planes, 64VoIP, 234
Traffic Anomaly Detector service module, 335transferring stream data, 30transient congestion, 73Transmission Control Protocol. See TCPtraps, SNMP, 332trees, SPT, 105triangle topologies, 174troubleshooting
congestion, 73DoS attacks, 195failures, 3, 20fault management, 332MTTR, 368thresholds, 345
trunkingcards, 13ports, 298STP, 158–165
tunnel mode gre command, 264tunnel mode ipip command, 264tunnel mpls traffic-eng fast-reroute command,
135tunnel path-mtu-discovery command, 264tunneling
IP, 261L2TP, 265
turning off autonegotiation, 178two-tier architecture, 142type-of-service (TOS), 29types
of ISDN, 258of traffic that affect control planes, 64of VLANs, 306
types
408
UUDLD (Unidirectional Link Detection), 154–155UDP (User Datagram Protocol), 33–34uncongested links, 72Unicast Reverse Path Forwarding (uRPF), 335Unidirectional Link Detection (UDLD), 154–155unidirectional self-healing ring (USHR), 248uninterruptible power supply (UPS), 287universal load-sharing algorithm, 131update packet-pacing timer, 104–105, 115–116updates
BGP, 221generating, 211
upgrading ISSU, 364UplinkFast, 151uplinkfast command, 152upper-bound thresholds, 344UPS (uninterruptible power supply), 287upstream failures, 21uRPF (Unicast Reverse Path Forwarding), 335User Datagram Protocol. See UDPUser IDs, 337USHR (undirectional self-healing ring), 248
VVACL (VLAN access control list), 310verification
OSPF in NSF mode, 47router switching status, 53RPR+ status, 42SSO status, 44
virtual LANs. See VLANsvirtual MAC (vMAC) addresses, 4, 296Virtual Private Network. See VPNvirtual router identifier (VRID), 183Virtual Router Redundancy Protocol (VRRP),
183viruses, 204VLAN access control list. See VACLVLANs (virtual LANs)
spans, 174types of, 306STP, 158–165
vMAC (virtual MAC) addresses, 4, 296VoIP (Voice over IP), 5, 234VPN (Virtual Private Network), 6, 261–279VRID (virtual router identifier), 183VRRP (Virtual Router Redundancy Protocol),
183
W–ZWAN (wide area network)
dial backup, 258–261leased lines, 237–244RPR, 251–258SONET/SDH, 244–251VPN, 261–279
warm standby mode, 40WCCP (Web Cache Communication Protocol),
324–328weighed random early detection (WRED), 30what-if analysis, 344windows, sliding (TCP), 32worms, 204, 304WRED (weighted random early detection), 30
UDLD (Unidirectional Link Detection)