Title:
Integrated Cisco and UNIX network architectures
Personal Author:
Publication Information:
Indianapolis, IN : Cisco Press, 2005
ISBN:
9781587051210
Available:*
Library | Item Barcode | Call Number | Material Type | Item Category 1 | Status |
|---|---|---|---|---|---|
Searching... | 30000010129286 | TK5105.52 S35 2005 | Open Access Book | Book | Searching... |
On Order
Summary
Summary
Master the smooth operation of your UNIX and Cisco network architectures and get the most out of both Learn how to design, build, and administer integrated gateway routing systems Identify the advantages and disadvantages of Cisco/UNIX integrated systems Lab exercises throughout the book help concepts come to life and provide real-world implementation guides Identify Cisco-exclusive features that improve Cisco-UNIX network integration efficiency Integrated Cisco and UNIX Network Architectures shows how Cisco routers, switches, and firewalls work together with UNIX operating systems in an integrated routing/networking environment. strengths of Cisco/UNIX integrated routing with regards to systems integration and feature requirements. Detailed, progressively complex lab scenarios emphasize enterprise and ISP requirements, casting light on the similarities and differences of these two worlds, forwarding and signaling issues and a comparison of the UNIX network stacks and standard compliance with Cisco IOS. Part I lays the foundation, covering routing software, operating system features, kernel requirements, Layer-2 issues and gateway interfaces. Part II covers the heart of Cisco-UNIX routing by discussing the important concepts of integrated dynamic routing including the UNIX routing table. tunnels and VPNs and gradually emphasizing on high availability, NAT, bandwidth management, policy routing, and multicast architectures. This book also offers a guide to those features that are best built with Cisco equipment exclusively. Gernot Schmied is an independent consultant, analyst, researcher and trainer focusing on systems integration, networking, UNIX, and security. He has worked for several years in enterprise and ISP environments with a focus on senior engineering and architecture projects, service and portfolio development.
Author Notes
Gernot Schmied is an independent consultant, analyst, and researcher focusing on systems integration, networking, UNIX, and security
Table of Contents
| Introduction | p. xxiii |
| Chapter 1 Operating System Issues and Features-The Big Picture | p. 3 |
| Why UNIX Is Viable | p. 3 |
| Routing, Forwarding, and Switching Approaches | p. 4 |
| The Evolution of AT&T System V (SVR4) UNIX and 4.4-Lite BSD Derivatives | p. 4 |
| Operating Systems Design Considerations | p. 5 |
| Kernel-Space Modules Versus User-Space Applications | p. 5 |
| Cisco IOS Software | p. 6 |
| OpenBSD | p. 6 |
| FreeBSD | p. 6 |
| NetBSD | p. 7 |
| Linux | p. 7 |
| GNU Hurd/Mach | p. 7 |
| Other Commercial Unices | p. 7 |
| Summary | p. 8 |
| Recommended Reading | p. 8 |
| Endnotes | p. 9 |
| Chapter 2 User-Space Routing Software | p. 11 |
| The GNU Zebra Routing Software | p. 11 |
| The Quagga Project | p. 15 |
| The routed Daemon | p. 15 |
| GateD 3.6 | p. 23 |
| MRT (Multithreaded Routing Toolkit) | p. 25 |
| The Bird Project | p. 26 |
| The XORP Project | p. 27 |
| Multicast Routing Daemons: mrouted and pimd | p. 28 |
| Summary | p. 28 |
| Recommended Reading | p. 28 |
| Chapter 3 Kernel Requirements for a Full-Featured Lab | p. 31 |
| The sysctl Facility | p. 31 |
| IP Forwarding Control and Special Interfaces | p. 32 |
| Ethernet Channel Bonding | p. 34 |
| Multicast Support | p. 39 |
| Firewall and Traffic-Shaping Support | p. 40 |
| The IPv6 Protocol Stack | p. 40 |
| Summary | p. 40 |
| Recommended Reading | p. 41 |
| Chapter 4 Gateway WAN/Metro Interfaces | p. 43 |
| Dial-on-Demand Routing: Analog and ISDN Dialup | p. 44 |
| Wireless Technologies | p. 45 |
| SDH/SONET | p. 45 |
| Powerline Communications | p. 45 |
| Ethernet to the Home/Premises | p. 46 |
| Cisco Long-Reach Ethernet (LRE) | p. 46 |
| Synchronous Serial Interface and PRIs | p. 46 |
| ATM Interfaces | p. 47 |
| Cable Access (Ethernet Interfaces) | p. 48 |
| DSL Access | p. 49 |
| Lab 4-1 Synchronous Serial Connection Setup | p. 49 |
| Exercise 4-1 Frame Relay Point-to-Multipoint Setup | p. 52 |
| Summary | p. 52 |
| Recommended Reading | p. 53 |
| Chapter 5 Ethernet and VLANs | p. 55 |
| Ethernet NICs | p. 55 |
| Hubs, Bridges, and Multilayer Switches | p. 56 |
| Access Ports, Uplinks, Trunks, and EtherChannel Port Groups | p. 56 |
| Alias Interfaces | p. 57 |
| VLAN Configurations | p. 62 |
| A Few Words on Cabling | p. 70 |
| Lab 5-1 FreeBSD Bridge Cluster Lab | p. 70 |
| Lab 5-2 Linux Bridging and the Spanning Tree | p. 71 |
| Lab 5-3 OpenBSD Bridging and Spanning Tree | p. 74 |
| A Few Words on Layer 2 Security | p. 75 |
| Exercise 5-1 Linux/FreeBSD Ethernet Channel Bonding | p. 75 |
| Exercise 5-2 STP Operation | p. 76 |
| Summary | p. 77 |
| Recommended Reading | p. 77 |
| Chapter 6 The Analyzer Toolbox, DHCP, and CDP | p. 79 |
| Terminal Emulation Software | p. 79 |
| Secure Shell Tools | p. 80 |
| Protocol Analyzer | p. 83 |
| Statistical Tools | p. 84 |
| Port Scanners | p. 84 |
| Socklist and netstat | p. 85 |
| Ping and Traceroute Combinations | p. 89 |
| DNS Auditing Tools | p. 92 |
| Traffic and Packet Generators | p. 94 |
| Lab 6-1 Using Sniffers-DHCP Example | p. 100 |
| Lab 6-2 UNIX CDP Configuration | p. 104 |
| Summary | p. 106 |
| Recommended Reading | p. 106 |
| Chapter 7 The UNIX Routing and ARP Tables | p. 109 |
| Address Resolution: ARP and RARP | p. 109 |
| Power of the Linux ip, netstat, and route Utilities | p. 116 |
| ARP-Related Tools | p. 121 |
| Lab 7-1 ARP Security Issues | p. 125 |
| Summary | p. 126 |
| Recommended Reading | p. 126 |
| Endnote | p. 127 |
| Chapter 8 Static Routing Concepts | p. 129 |
| Administrative Distance and Metric | p. 129 |
| Classful Routing, VLSM, and CIDR | p. 130 |
| Default Gateways, Default Routes, and Route(s) of Last Resort | p. 130 |
| Route Caches, Routing Tables, Forwarding Tables, and the ISO Context | p. 131 |
| The Near and Far End of a Link | p. 135 |
| The route Command-Adding and Removing Routes | p. 135 |
| Route Cloning | p. 136 |
| Blackholes and Reject/Prohibit Routes | p. 139 |
| Floating Static Routes | p. 140 |
| Equal-Cost Multi-Path (ECMP) Routing | p. 140 |
| Lab 8-1 Interface Metrics, Floating Static Routes, and Multiple Equal-Cost Routes (ECMP) | p. 142 |
| Linux TEQL (True Link Equalizer) | p. 144 |
| Adding Static Routes via Routing Daemons | p. 145 |
| Summary | p. 146 |
| Recommended Reading | p. 146 |
| Endnotes | p. 147 |
| Chapter 9 Dynamic Routing Protocols-Interior Gateway Protocols | p. 149 |
| Interaction with the UNIX Routing Table | p. 149 |
| Classification of Dynamic Routing Protocols | p. 150 |
| From RIP to EIGRP | p. 151 |
| Lab 9-1 RIPv2 Scenario | p. 152 |
| Lab 9-2 RIP Neighbor Granularity | p. 164 |
| Lab 9-3 RIPv2 via GateD | p. 165 |
| Introduction to Link-State Routing Protocols | p. 167 |
| OSPFv2 | p. 169 |
| Lab 9-4 Leaf-Area Design Featuring GateD and Cisco IOS | p. 170 |
| Lab 9-5 Leaf-Area Design Featuring Zebra and Cisco IOS Software | p. 194 |
| ECMP-Manipulating Metric and Distance | p. 213 |
| The Art of Redistribution | p. 214 |
| Lab 9-6 Route Filtering and Redistribution | p. 214 |
| Lab 9-7 OSPF Authentication | p. 216 |
| Route Tagging and Multiple OSPF Processes/Instances | p. 218 |
| IS-IS (Intermediate System-to-Intermediate System) | p. 218 |
| Lab 9-8 IS-IS Flat Backbone Area | p. 220 |
| Lab 9-9 IS-IS Backbone and Leaf Area | p. 222 |
| Lab 9-10 OSPF Point-to-Point Lab | p. 224 |
| Advanced OSPF Features | p. 227 |
| Summary | p. 229 |
| Recommended Reading | p. 229 |
| Endnotes | p. 231 |
| Chapter 10 ISP Connectivity with BGPv4-An Exterior Gateway Path-Vector Routing Protocol for Interdomain Routing | p. 233 |
| Exterior Gateway Protocols: EGP and BGPv4 | p. 233 |
| Internet Exchange Points | p. 242 |
| EBGP and EBGP Multihop | p. 247 |
| IBGP Full Mesh, Route Reflectors, and Confederation | p. 251 |
| Lab 10-1 Route Reflection | p. 251 |
| Lab 10-2 Confederation | p. 268 |
| Lab 10-3 Multi-AS BGP Topology | p. 270 |
| Lab 10-4 BGP with GateD | p. 291 |
| Avoiding Single Points of Failure | p. 296 |
| Route Server and Routing Registries | p. 297 |
| Looking Glasses | p. 323 |
| Routing Policies | p. 336 |
| Special BGP Topics | p. 343 |
| Summary | p. 348 |
| Recommended Reading | p. 348 |
| Chapter 11 VPN Technologies, Tunnel Interfaces, and Architectures | p. 351 |
| The Rationale for Tunnels in Routing Environments | p. 351 |
| The VPNC Concept of VPNs | p. 353 |
| The OSI Stack Perspective | p. 353 |
| Internet, Intranet, and Extranet Terminology | p. 354 |
| IP-IP Tunnel | p. 355 |
| Generic Router Encapsulation (GRE) Tunnel | p. 362 |
| Special Multicast and IPv6 Tunneling (RFC 2473, RFC 3053) | p. 367 |
| Cisco L2F (Layer 2 Forwarding) | p. 367 |
| PPTP (Point-to-Point Tunnel Protocol) | p. 368 |
| L2TP (Layer 2 Tunnel Protocol) | p. 369 |
| Mobile IP | p. 372 |
| User-Space Tunneling | p. 373 |
| IPSec Foundation | p. 381 |
| General Tunnel and Specific IPSec Caveats | p. 389 |
| Advice About IPSec Lab Scenarios | p. 392 |
| Road-Warrior Scenarios (Road Warrior-to-OpenBSD/FreeBSD Gateway with IKE) | p. 399 |
| Dynamic Routing Protocols over Point-to-Point Tunnels-Transparent Infrastructure VPN | p. 400 |
| Summary | p. 401 |
| Recommended Reading | p. 401 |
| Endnotes | p. 402 |
| Chapter 12 Designing for High Availability | p. 405 |
| Increasing Availability | p. 406 |
| Withstanding a (D)DoS Attack | p. 406 |
| Network HA Approaches | p. 407 |
| Simple but Effective Approaches to Server HA | p. 409 |
| DNS Shuffle Records and Round-Robin (DNS RR) | p. 409 |
| Dynamic Routing Protocols | p. 411 |
| Firewall Failover | p. 411 |
| Clustering and Distributed Architectures | p. 412 |
| The Service Routing Redundancy Daemon (SRRD) | p. 415 |
| IPv4/IPv6 Anycast | p. 415 |
| A Few Words About Content Caches and Proxies | p. 415 |
| Load Balancing | p. 416 |
| Cisco HA and Load-Balancing Approaches | p. 422 |
| VRRP | p. 423 |
| OpenBSD CARP | p. 426 |
| IRDP | p. 427 |
| Summary | p. 430 |
| Recommended Reading | p. 430 |
| Endnotes | p. 431 |
| Chapter 13 Policy Routing, Bandwidth Management, and QoS | p. 433 |
| Policy Routing | p. 433 |
| Traffic Shaping, Queuing, Reservation, and Scheduling | p. 438 |
| Linux QoS | p. 439 |
| Layer 3 QoS: IP ToS, Precedence, CoS, IntServ, and DiffServ Codepoints | p. 442 |
| 802.1P/Q Tagging/Priority-QoS at the Data-Link/MAC Sublayer | p. 444 |
| MPLS Exp Field and MPLS Traffic Engineering | p. 445 |
| DiffServ and RSVP/RSVP-TE Implementations for UNIX | p. 446 |
| Cisco IOS QoS and Queuing Architectures | p. 447 |
| UNIX Firewalling Engines and Queuing | p. 447 |
| Summary | p. 456 |
| Recommended Reading | p. 456 |
| Endnote | p. 457 |
| Chapter 14 Multicast Architectures | p. 459 |
| Multicast Deployments | p. 459 |
| Multicast Addresses and Scope | p. 460 |
| Internet Group Management Protocol (IGMP) and Cisco Group Management Protocol (CGMP) | p. 464 |
| mrouted and DVMRP | p. 471 |
| The ip and smcroute Multicast Utilities | p. 483 |
| PIM Operation and Daemons | p. 485 |
| Multicast Open Shortest Path First (MOSPF) | p. 500 |
| Multicast Source Discovery Protocol (MSDP) | p. 501 |
| BGPv4 Multicast Extensions (Multiprotocol BGP, RFC 2858) | p. 501 |
| Multicast Transport Layer Protocols | p. 502 |
| Multicast Invitations and Session Announcements | p. 502 |
| Multicast Security | p. 502 |
| Summary | p. 503 |
| Recommended Reading | p. 503 |
| Chapter 15 Network Address Translation | p. 507 |
| The NAT Foundation-Basic/Traditional NAT | p. 507 |
| NAT, PAT(NAPT), Masquerading, and Port Mapping/Multiplexing | p. 508 |
| Static NAT and ARP/Routing Issues | p. 508 |
| Redirection (Port Forwarding/Relaying or Transparent Proxying) | p. 509 |
| UNIX NAT Approaches | p. 510 |
| NAT-Hostile Protocols | p. 515 |
| Future Developments: NAT-T, MPLS+NAT, Load Balancer | p. 516 |
| NAT Redundancy-Stateful Failover | p. 516 |
| Summary | p. 517 |
| Recommended Reading | p. 517 |
| Appendix A UNIX Kernel Configuration Files | p. 519 |
| Appendix B The FreeBSD Netgraph Facility | p. 533 |
| Index | p. 537 |
