Cover image for Building resilient IP networks
Title:
Building resilient IP networks
Personal Author:
Lee, Kok-keong
Series:
Networking technology series
Publication Information:
Indianapolis, IN : Cisco Press, 2006
ISBN:
9781587052156
Subject Term:
TCP/IP (Computer network protocol)

Computer networks
Added Author:
Lim, Fung

Ong, Beng-Hui

Available:*

Library
Item Barcode
Call Number
Material Type
Item Category 1
Status
Searching...
 30000010105343 TK5105.585 L434 2006 Open Access Book Book
Searching...

On Order

Summary

Summary

The practical guide to building resilient and highly available IP networks 

Learn from an all-in-one introduction to new features and developments in building a resilient IP network Enable your organization to meet internal service-level agreements (SLAs) for mission-critical resources Understand how a resilient IP network can help in delivering mission-critical information such as video and voice services Work with configuration examples that are based on real-world issues and customer requirements Get tips and best practices from field personnel who have worked on some of the largest networks with stringent uptime requirements and SLAs More companies are building networks with the intention of using them to conduct business. Because the network has become such a strategic business tool, its availability is of utmost importance to companies and their service providers. The challenges for the professionals responsible for these networks include ensuring that the network remains up all the time, keeping abreast of the latest technologies that help maintain uptime, and reacting to ever-increasing denial-of-service (DoS) attacks.

 

Building Resilient IP Networks helps you meet those challenges. This practical guide to building highly available IP networks captures the essence of technologies that contribute to the uptime of networks. You gain a clear understanding of how to achieve network availability through the use of tools, design strategy, and Cisco IOS® Software.

 

With Building Resilient IP Networks , you examine misconceptions about five-nines availability and learn to focus your attention on the real issues: appreciating the limitations of the protocols, understanding what has been done to improve them, and keeping abreast of those changes. Building Resilient IP Networks highlights the importance of having a modular approach to building an IP network and, most important, illustrates how a modular design contributes to a resilient network. You learn how an IP network can be broken down to various modules and how these modules interconnect with one another. Then you explore new network resiliency features that have been developed recently, categorized with respect to the design modules.

 

Building Resilient IP Networks is relevant to both enterprise and service provider customers of all sizes. Regardless of whether the network connects to the Internet, fortifying IP networks for maximum uptime and prevention of attacks is mandatory for anyone's business.

 

This book is part of the Networking Technology Series from Cisco Press®, which offers networking professionals valuable information for constructing efficient networks, understanding new technologies, and building successful careers.

 


Author Notes

Kok-Keong "KK" Lee , CCIE® No. 8427, a consulting systems engineer for

Cisco Systems® South Asia, works closely with service providers and defense and large enterprise customers in Asia Pacific on network architecture. He has been a networking engineer since 1990 and specializes in IP core and MPLS technologies.

Fung Lim , CCIE No. 11970, is a systems engineer for Cisco and has been working with service providers in areas pertaining to network design, operations, and security. He has also been involved in the design of several provider networks in the Asia region.

Beng-Hui Ong is a product manager for the Cisco Broadband Edge and Midrange Routing Business Unit. He works with service providers and cable operators in the Asia Pacific region on network design and operations.


Table of Contents

Introductionp. xx
Chapter 1 Rise of the IP Transport Systemp. 3
The Internet Explosionp. 4
Next-Generation IP Applicationsp. 5
Voice over IPp. 5
IP Storagep. 5
MPLS: New Kid on the Blockp. 6
Next-Generation IP Transport Systemp. 6
Continuous Improvements of Protocolsp. 7
Chapter 2 Establishing a High-Availability Networkp. 9
Understanding the Five-Nines Availability Debatep. 9
Differentiating Between Reliability and Availabilityp. 9
The Five-Nines Approachp. 11
Idiosyncrasies of the Telcordia GR-512-Core Documentp. 12
The Truth About 50-ms Resiliencyp. 15
A Practical Approach to Achieving High Availabilityp. 16
Measuring Availabilityp. 17
Defining a Metricp. 19
Understanding the Issue of Network Availabilityp. 20
Setting a Strategy to Achieve High Availabilityp. 21
Designing a Network for High Availabilityp. 22
Establishing Continuous Fault Detection and Measurement of Network Availabilityp. 22
Making Full Use of Scheduled Downtimep. 23
Instituting a Disciplined Approach to Network Operation and Processesp. 24
Summaryp. 25
Chapter 3 Fundamentals of IP Resilient Networksp. 27
Revisiting IP, TCP, and UDPp. 27
Internet Protocolp. 27
Transmission Control Protocolp. 29
TCP Three-Way Handshakep. 31
TCP Sliding Windowp. 32
User Datagram Protocolp. 33
Device-Level Resiliencyp. 34
Online Insertion and Removal (OIR)p. 34
Single Line Card Reloadp. 36
High System Availabilityp. 37
Route Processor Redundancyp. 40
Route Processor Redundancy Plusp. 41
Stateful Switchoverp. 43
Nonstop Forwardingp. 45
Impact of Different Switching Pathsp. 48
Process Switchingp. 49
Cisco Express Forwarding Switchingp. 50
Central CEFp. 53
Distributed CEFp. 54
Protecting the Control Plane and Data Planep. 55
Establishing a Resiliency Strategyp. 56
Redundancy Strategyp. 56
Logical Resiliencyp. 57
Physical Resiliencyp. 57
Scaling Strategyp. 58
Key Principles for Designing Resilient Networksp. 59
Simplicityp. 59
Modularityp. 59
Securityp. 60
Summaryp. 61
Chapter 4 Quality of Servicep. 63
Protecting the Control Plane with QoSp. 63
Traffic Types That Affect the Control Planep. 64
Tagging Routing Protocol and Layer 2 Control Packetsp. 65
IP Precedencep. 65
The pak_priority Flagp. 66
Selective Packet Discardp. 67
Receive ACLp. 67
Control-Plane Policingp. 68
Protecting Applications with QoSp. 69
Understanding the Need for Application QoSp. 69
Latencyp. 70
Jitterp. 71
Lossp. 72
Determining When to Deploy QoSp. 72
Scenario 1 Undercongested Linkp. 72
Scenario 2 Occasionally Congested Linkp. 73
Scenario 3 Badly Congested Linkp. 74
Building Blocks of QoSp. 74
Classification and Markingp. 75
Congestion Avoidancep. 75
Congestion Managementp. 76
Traffic Conditioningp. 76
Application QoS and Control-Plane Trafficp. 76
QoS Deployment Strategyp. 77
Classifying Applicationsp. 78
Defining Policiesp. 81
Testing Policiesp. 81
Implementing QoS Featuresp. 82
Monitoringp. 82
Summaryp. 83
Chapter 5 Core Modulep. 85
Network Convergence in the Corep. 85
OSPF Enhancementsp. 86
Shortest Path First (SPF) Throttlingp. 95
OSPF LSA Throttlingp. 98
OSPF LSA Flooding Reductionp. 100
OSPF Fast Hellop. 102
OSPF Update Packet-Pacing Timerp. 104
OSPF Incremental SPFp. 105
OSPF Graceful Restartp. 106
RFC 3623p. 107
Cisco Implementationp. 108
IS-IS Enhancementsp. 111
IS-IS SPF Throttlingp. 112
IS-IS LSP Generationp. 113
IS-IS LSA Flooding Reductionp. 114
IS-IS Fast Hellosp. 114
IS-IS Update Packet-Pacing Timerp. 115
IS-IS Incremental SPFp. 116
IS-IS Graceful Restartp. 117
Cisco Implementationp. 117
IETF Implementationp. 118
EIGRP Enhancementsp. 123
EIGRP Graceful Shutdownp. 123
EIGRP Graceful Restartp. 123
EIGRP Stub Router Functionalityp. 123
Bidirectional Forwarding Detection (BFD)p. 124
IP Event Dampeningp. 126
Multipath Routingp. 128
Load Balancingp. 128
Equal-Cost Multipath (ECMP)p. 129
Per Packetp. 129
Per Destinationp. 130
MPLS Traffic Engineeringp. 132
Fast Reroute Link Protectionp. 133
Fast Reroute Node Protectionp. 136
Multicast Subsecond Convergencep. 137
Summaryp. 139
Chapter 6 Access Modulep. 141
Multilayer Campus Designp. 141
Access Layerp. 143
Distribution Layerp. 143
Core Layerp. 144
Access Module Building Blocksp. 144
Layer 2 Domainp. 145
The Spanning Tree Protocol: IEEE 802.1dp. 146
PortFastp. 150
UplinkFastp. 151
BackboneFastp. 152
Unidirectional Link Detection (UDLD)p. 154
RootGuardp. 155
LoopGuardp. 157
BPDUGuardp. 157
VLANs and Trunkingp. 158
Common Spanning Tree (CST)p. 161
Per-VLAN Spanning Tree (PVST)p. 162
Per-VLAN Spanning Tree Plus (PVST+)p. 164
IEEE 802.1wp. 165
IEEE 802.1sp. 168
Channeling Technologyp. 171
Layer 2 Best Practicesp. 173
Simple Is Betterp. 173
Limit the Span of VLANsp. 174
Build Triangles, Not Squaresp. 174
Protect the Network from Usersp. 175
Selecting Root Bridgesp. 176
Use Value-Added Featuresp. 176
EtherChannel Deploymentp. 177
EtherChannel Load Balancingp. 177
Consistent EtherChannel Port Settingsp. 177
Layer 2 Setting for EtherChannelp. 178
Turning Off Autonegotiationp. 178
Layer 3 Domainp. 178
Hot Standby Routing Protocol (HSRP)p. 179
Virtual Router Redundancy Protocol (VRRP)p. 183
Global Load Balancing Protocol (GLBP)p. 183
Layer 3 Best Practicesp. 186
Adopt Topology-Based Switchingp. 186
Using Equal-Cost Multipathp. 188
Conserve Peering Resourcesp. 189
Adopt a Hierarchical Addressing Schemep. 190
Summaryp. 190
Chapter 7 Internet Modulep. 193
Understanding Addressing and Routing in the Internet Modulep. 194
Address-Assignment Schemep. 194
Routingp. 196
Routing for Internal Usersp. 197
Routing for External Usersp. 198
Establishing Internet Module Redundancyp. 199
Link-Level Redundancyp. 200
Device-Level Redundancyp. 201
ISP-Level Redundancyp. 202
Site-Level Redundancyp. 203
Implementing Security Measuresp. 204
Security Policyp. 204
Filtering at the Internet Modulep. 206
Resilient Border Gateway Protocol (BGP) Designp. 210
BGP Soft Reconfigurationp. 210
BGP Convergence Optimizationp. 213
BGP Next-Hop Address Trackingp. 214
BGP Support for Fast Peering Session Deactivationp. 214
BGP Route Dampeningp. 215
Nonstop Forwarding with Stateful Switchover (NSF/SSO) for BGPp. 216
Using Network Address Translation (NAT)p. 222
Enhanced NAT Resiliencyp. 222
NAT with Route Mapp. 223
Static Mapping with Hot Standby Routing Protocol (HSRP) Supportp. 224
Stateful NATp. 226
Limiting NAT Entriesp. 230
Multihoming with NATp. 230
Effects of NAT on Network and Applicationsp. 232
Implications on TCP and ICMP Trafficp. 232
Application-Specific Gatewaysp. 233
Effects on Voice over IP (VoIP) Trafficp. 234
Effects on Router Performancep. 235
Effects on Network Securityp. 235
Summaryp. 235
Chapter 8 WAN Modulep. 237
Leased Linep. 237
Domestic Leased Circuit Versus International Private Leased Circuitp. 238
Leased Circuit Encapsulationp. 239
Equal-Cost Load Balancingp. 241
Multilink Point-to-Point Protocol (MPPP)p. 242
SONET/SDHp. 244
SONET/SDH Framingp. 245
PPP over SONET/SDHp. 247
SONET/SDH Protection Switchingp. 248
Resilient Packet Ringp. 251
DPT Architecturep. 252
DPT/SRP Classes of Servicep. 254
SRP Queuingp. 254
SRP Fairness Algorithmp. 255
RPR Standardsp. 255
Differences Between 802.17 and DPT/SRPp. 255
Dial Backupp. 258
Virtual Private Network (VPN)p. 261
IP Tunnelp. 261
L2TPv3p. 265
L2TPv3 Deploymentp. 265
MPLS-VPNp. 269
Summaryp. 279
Chapter 9 Data Center Modulep. 281
Data Center Environmental Considerationsp. 282
Cablingp. 282
Taggingp. 282
Documentationp. 283
Disciplinep. 283
Rack Spacep. 283
Server Sizep. 284
Powerp. 287
Next-Generation Server Architecturep. 288
Data Center Network Considerationsp. 289
Securityp. 289
Server Performancep. 290
Fault-Tolerant Server Featuresp. 290
Multifaceted Serverp. 291
Data Center Network Architecturep. 291
Access Layer Designp. 292
NIC Teamingp. 295
Clusteringp. 297
Aggregation Layer Designp. 298
Trunk Ports on an Aggregation Switchp. 298
Routed Ports on an Aggregation Switchp. 299
Architecture Scaling Considerationp. 301
Data Center Network Securityp. 302
Layer 2 Securityp. 303
Private VLANs (PVLANs)p. 304
VLAN Access Control List (VACL)p. 310
Port Securityp. 311
Dynamic ARP Inspectionp. 312
Layer 3 Securityp. 313
Switch Forwarding Architecturep. 314
Control Plane Policingp. 314
DHCP Server Protectionp. 314
Service Optimizationp. 315
Server Load Balancingp. 316
Global Site Selectorp. 320
Understanding DNS Resolutionp. 321
Using GSSp. 323
Web Cache Communication Protocol (WCCP)p. 324
Integrated Service Modulesp. 328
Summaryp. 329
Chapter 10 Beyond Implemention: Network Managementp. 331
Components of Network Managementp. 331
Fault Managementp. 332
Configuration Managementp. 333
Configuration File Managementp. 333
Inventory Managementp. 334
Software Managementp. 334
Accounting Managementp. 334
Performance Managementp. 335
Security Managementp. 336
ACLsp. 337
User IDs and Passwordsp. 337
TACACSp. 337
Establishing a Baselinep. 337
Step 1 Take a Snapshot of Inventoryp. 340
Step 2 Collect Relevant Datap. 340
MIB Entries and Object Identifiersp. 340
Multi-Router Traffic Grapherp. 343
Step 3 Analyze Datap. 344
Step 4 Prioritize Problem Areasp. 345
Step 5 Determine a Course of Actionp. 345
Managing Cisco IOS Deploymentp. 345
Overview of IOS Releasesp. 346
Understanding IOS Naming Conventionp. 346
IOS Software Life Cycle Managementp. 348
Planningp. 349
Designp. 349
Testingp. 350
Implementationp. 350
Operationp. 350
Moving Toward Proactive Managementp. 351
IP Service Level Agreementp. 352
ICMP-Based IP SLA Operationp. 353
Responder-Based IP SLA Operationp. 354
Nonresponder-Based IP SLA Operationp. 354
Examples of IP SLA Operationsp. 354
Component Outage Online (COOL) Measurementp. 355
Embedded Event Manager (EEM)p. 358
Next-Generation IOS Architecturep. 362
Summaryp. 364
End Notesp. 365
Appendix A Calculating Network Availabilityp. 367
Appendix B RFCs Relevant to Building a Resilient IP Networkp. 375
Appendix C The Cisco Powered Network Checklistp. 383
Indexp. 389