1403 0914_04F9_c4
1
© 1999, Cisco Systems, Inc.
Globally Distributed Enterprise Network Architecture Session 1403
14...
69 downloads
625 Views
1MB Size
Report
This content was uploaded by our users and we assume good faith they have the permission to share this book. If you own the copyright to this book and it is wrongfully on our website, we offer a simple DMCA procedure to remove your content from our site. Start by pressing the button below!
Report copyright / DMCA form
1403 0914_04F9_c4
1
© 1999, Cisco Systems, Inc.
Globally Distributed Enterprise Network Architecture Session 1403
1403 0914_04F9_c4
© 1999, Cisco Systems, Inc.
Copyright © 1998, Cisco Systems, Inc. All rights reserved. Printed in USA. Presentation_ID.scr
2
1
Worldwide Networks Business Issues— Buy or Build: Technologies 1403 0914_04F9_c4
3
© 1999, Cisco Systems, Inc.
Agenda • Definitions • Examples , Maps • Business Issues—Buy or Build • Design Principles • More Information • Technologies 1403 0914_04F9_c4
© 1999, Cisco Systems, Inc.
Copyright © 1998, Cisco Systems, Inc. All rights reserved. Printed in USA. Presentation_ID.scr
4
2
Globally Distributed Definitions • Small company, wide scope • Large company, continuous operations • Design for maximum effect with minimum effort 1403 0914_04F9_c4
5
© 1999, Cisco Systems, Inc.
Audience Definitions • Operating and extending a network for one company • Designing and supporting distributed networks as consultant • Building and operating network as a service 1403 0914_04F9_c4
© 1999, Cisco Systems, Inc.
Copyright © 1998, Cisco Systems, Inc. All rights reserved. Printed in USA. Presentation_ID.scr
6
3
Small Global Business NETSYS Example • U.S. sales offices • Home offices • International sales • Support • Network in HQ, dial-in, ISP. Demarc in HQ 1403 0914_04F9_c4
7
© 1999, Cisco Systems, Inc.
Large Global Network Example—Cisco Cache Engine
Internet (Q4 1999)
• Five ISPs
OC-3 DS-3
• Clear channel • FR
7507
CCO and Services FW
7507
Commerce Transaction Firewall (STA)
7507
• Wireless, xDSL
Cache GSR GSR Engines FW San Jose
• Demarcs at HQ, in homes, in offices, at partners, at customers
DS-3
DS-3
7507 7507
FW RTP
Australia Sydney
Japan Tokyo
FW
FW Cache Engine
FW Cache Engine
7200
Cache Engine
7200 512K
1403 0914_04F9_c4
DS-3
Cisco Intranet
Europe AMS
E-1
Cache Engine
© 1999, Cisco Systems, Inc.
Copyright © 1998, Cisco Systems, Inc. All rights reserved. Printed in USA. Presentation_ID.scr
7200 512K
8
4
Maps
http//www.teleglobe.ca/network/mapall.html 1403 0914_04F9_c4
© 1999, Cisco Systems, Inc.
9
Maps—Northern Europe
Viatel—Project Circe
1403 0914_04F9_c4
© 1999, Cisco Systems, Inc.
Copyright © 1998, Cisco Systems, Inc. All rights reserved. Printed in USA. Presentation_ID.scr
10
5
Asia Pacific • Access One • AAPT (Connect.Com) • ChinaNet • Chunghwa Telecom (HiNet) • Dacom • Hong Kong Telecom • IDC (Japan) • ITJ (Japan) • KDD • Korean Telecom (KorNet) • Jaring (MIMOS) • SingTel/STIX • Telekom Malaysia • Telstra • VSNL Copyright © 1998 Barry Raveendran Greene
1403 0914_04F9_c4
11
© 1999, Cisco Systems, Inc.
Further Reading
• WIRED Archive | 4.12 - Dec 1996 | Mother Earth Mother Board By Neal Stephenson http://www.wired.com/wired/archive/4 .12/ffglass_pr.html
1403 0914_04F9_c4
© 1999, Cisco Systems, Inc.
Copyright © 1998, Cisco Systems, Inc. All rights reserved. Printed in USA. Presentation_ID.scr
12
6
Business Issues • Understand organization context (industry, government, charity … ) • Competitors, revenue and profitability, typical gross margins, customers’ expectations • Business goals—consistent ? • Determines build or buy decision 1403 0914_04F9_c4
13
© 1999, Cisco Systems, Inc.
Goals Drive Design Business Issues • New technologies may need more or different applications and network infrastructure • Pay attention to cultural differences • Design for hardware, links, service is the result 1403 0914_04F9_c4
© 1999, Cisco Systems, Inc.
Copyright © 1998, Cisco Systems, Inc. All rights reserved. Printed in USA. Presentation_ID.scr
14
7
Build or Buy—Outsourcing? Business Issues • Own your own backbone and building fiber • Lease TDM bandwidth, own your own building plant • Buy VPN for WAN connections • Buy complete service to desktop 1403 0914_04F9_c4
15
© 1999, Cisco Systems, Inc.
Business Advantage Business Issues • In the network? • In the information on the network? • Network is plumbing
1403 0914_04F9_c4
© 1999, Cisco Systems, Inc.
Copyright © 1998, Cisco Systems, Inc. All rights reserved. Printed in USA. Presentation_ID.scr
16
8
Internet Business Solutions at Cisco Financial Contribution • Customer Care Headcount Avoidance Software Distribution
• Document Publishing Internet Commerce Headcount Avoidance Supply Chain Management Reduced Operating Costs Increased Contribution
$ 75,000,000 $327,000,000
$ 40,000,000 $ 30,000,000 $ 75,000,000 $100,000,000
• Employees Services Online Hiring Productivity Increase
• Total 1403 0914_04F9_c4
$ 8,000,000 $ 30,000,000
$685,000,000 + 17
© 1999, Cisco Systems, Inc.
Boundary between Buy and Build—Demarcation Point Business Issues • Responsibility • Billing • Troubleshooting • Aggregation • Security
1403 0914_04F9_c4
© 1999, Cisco Systems, Inc.
Copyright © 1998, Cisco Systems, Inc. All rights reserved. Printed in USA. Presentation_ID.scr
18
9
Business Goals Drive Design Business Issues • Applications—response time, volume, availability requirements • Budget and timescale • Trends (e.g., SNA to TCP/IP migration, telecommuting, appliances) 1403 0914_04F9_c4
19
© 1999, Cisco Systems, Inc.
Stability in Face of Change Business Issues • New applications • New transport rates and technologies • New access rates • New ways of working
1403 0914_04F9_c4
© 1999, Cisco Systems, Inc.
Copyright © 1998, Cisco Systems, Inc. All rights reserved. Printed in USA. Presentation_ID.scr
20
10
Forward Planning Business Issues • Extranets • Compressed video, voice, fax in IP packets • Electronic commerce • Telecommuting • Mobile sales/service support 1403 0914_04F9_c4
21
© 1999, Cisco Systems, Inc.
Complexity vs. Cost of Capacity Business Issues • Operations and maintenance costs • Design for 80% utilization of switches, routers and links will need constant tuning • Design for 50% utilization, systematic monitoring, takes less effort • Compare cost of skilled people with cost of equipment and services 1403 0914_04F9_c4
© 1999, Cisco Systems, Inc.
Copyright © 1998, Cisco Systems, Inc. All rights reserved. Printed in USA. Presentation_ID.scr
22
11
Design for Scalability Design Principles • Core • Distribution • Access • Recursive design
1403 0914_04F9_c4
23
© 1999, Cisco Systems, Inc.
Modular Design—Three Layers Design Principles • Internet access module • WAN module • Campus module Server module Mainframe module Building module 1403 0914_04F9_c4
© 1999, Cisco Systems, Inc.
Copyright © 1998, Cisco Systems, Inc. All rights reserved. Printed in USA. Presentation_ID.scr
24
12
Three Layer Template Design Principles Building Module Mainframe Module WAN Module
Access
Access Distribution
Distribution
Core
Core
Internet Module
Distribution DNS
Access Server Module 1403 0914_04F9_c4
Internet
25
© 1999, Cisco Systems, Inc.
Operations Plan Design Principles • Monitoring and reporting • Swing with clock • Regular reviews • Not performance art 1403 0914_04F9_c4
© 1999, Cisco Systems, Inc.
Copyright © 1998, Cisco Systems, Inc. All rights reserved. Printed in USA. Presentation_ID.scr
26
13
Other Foundation Sessions More Information Title
1403 0914_04F9_c4
1401
Branch Based Network Architecture
1402
Headquarters or Centralized Location
1404
Merger and Acquisition Integration
1501
Large Meshed IP Backbone Architecture
1505
Large Network Operations Architecture
1506
Open Packet Telephony Architecture 27
© 1999, Cisco Systems, Inc.
Technologies
• Routing • Addressing, boundaries • Security • Compression • Policy 1403 0914_04F9_c4
© 1999, Cisco Systems, Inc.
Copyright © 1998, Cisco Systems, Inc. All rights reserved. Printed in USA. Presentation_ID.scr
28
14
Technologies
• Caching • Policy for user admission, resource reservation, multicast • Complexity vs. cost of capacity
1403 0914_04F9_c4
29
© 1999, Cisco Systems, Inc.
Other Routing Presentations
• 301 Introduction • 307, 308, 315, 316 EIGRP/IGRP/ OSPF/NLSP/IS-IS • 309, 317 BGP
1.1.1.01.1.4.0
3.3.1.0 3.3.4.0 Token Ring
Token Ring
1.1.2.0
2.2.1.0
Token Ring
2.2.3.0 Token Ring
Token Ring Token Ring
3.3.4.0 3.3.3.0
2.2.2.0
1403 0914_04F9_c4
© 1999, Cisco Systems, Inc.
Copyright © 1998, Cisco Systems, Inc. All rights reserved. Printed in USA. Presentation_ID.scr
30
15
Routing Protocol Goals • Optimal path selection
• Easy to configure
• Loop-free routing
• Adapts to changes easily and quickly
• Fast convergence • Limited design administration • Minimize update traffic • Handle address limitations • Support hierarchical topology • Incorporate rapid convergence 1403 0914_04F9_c4
• Does not create a lot of traffic • Scales to a large size • Compatible with existing hosts and routers • Supports variable length subnet masks and discontiguous subnets • Supports policy routing 31
© 1999, Cisco Systems, Inc.
Scope of IP Routing Protocols
Autonomous System 1
Autonomous System 123
• Host to router • Interior—router to router • Exterior—autonomous system to autonomous system 1403 0914_04F9_c4
© 1999, Cisco Systems, Inc.
Copyright © 1998, Cisco Systems, Inc. All rights reserved. Printed in USA. Presentation_ID.scr
32
16
Interior vs. Exterior Routing Protocols • Interior
1403 0914_04F9_c4
• Exterior
Automatic discovery
Specifically configured peers
Generally trust your IGP routers
Connecting with outside networks
Routes go to all IGP routers
Set administrative boundaries 33
© 1999, Cisco Systems, Inc.
IGP vs. EGP • What is an IGP?
• What is an EGP?
Interior Gateway Protocol
Exterior Gateway Protocol
Within an autonomous system
Used to convey routing information between ASs Decoupled from the IGP
Carries information about internal prefixes Examples—OSPF, ISIS, EIGRP… 1403 0914_04F9_c4
© 1999, Cisco Systems, Inc.
Copyright © 1998, Cisco Systems, Inc. All rights reserved. Printed in USA. Presentation_ID.scr
Current EGP is BGP
34
17
EIGRP Advanced Distance Vector Z A B C
1 13 20
A B C
On Startup Routing Tables Are Exchanged; Routing Table Built-Based on Best Paths from Topology Table
27 12 35
A
Q
Y
A B C
Q Z X
2 13 13
Y’s Table A B C
1403 0914_04F9_c4
5 3 3
B ..
27
Z
1
Q
5
X
12 ..
Z ..
Topology Table X X’s Table
• Construct neighbor tables • Construct topology tables • Compute routes
© 1999, Cisco Systems, Inc.
35
(E) IGRP Timers Basic • Update—the rate (time in seconds between updates) at which routing updates are sent • Invalid—the interval of time (in seconds) after which a route is declared invalid • Holddown—the interval (in seconds) during which routing information regarding better paths is suppressed • Flush—the amount of time (in seconds) that must pass before a route is removed from the routing table • Sleeptime—the amount of time for which routing updates will be postponed 1403 0914_04F9_c4
© 1999, Cisco Systems, Inc.
Copyright © 1998, Cisco Systems, Inc. All rights reserved. Printed in USA. Presentation_ID.scr
36
18
EIGRP Tables • Topology table
• Neighbor table
Acted upon by DUAL All routes advertised by neighbors List of neighbors for each route Routes passive or active 1403 0914_04F9_c4
Keeps adjacent neighbor’s address Keeps the hold time Information for reliable transport
37
© 1999, Cisco Systems, Inc.
When to Use EIGRP
• Very large, complex networks • VLSM • For fast convergence • Little network design • Multiprotocol support 1403 0914_04F9_c4
© 1999, Cisco Systems, Inc.
Copyright © 1998, Cisco Systems, Inc. All rights reserved. Printed in USA. Presentation_ID.scr
38
19
OSPF • Dynamic routing protocol • Fast convergence • Link state or SPF technology
• Variable-length subnet masks
• Developed by OSPF working group of IETF (RFC 1253)
• Discontiguous subnets • No periodic updates • Route authentication
• Intra-autonomous system (IGP)
• Delivered two years after IGRP
• Designed expressly for TCP/IP Internet environment 1403 0914_04F9_c4
39
© 1999, Cisco Systems, Inc.
Link State • • • •
OSPF ISIS NLSP DECNET Q
Z’s Link States Z
Y
Q’s Link State X
1403 0914_04F9_c4
A B C
Q Z X
2 13 13
Topology Information Is Kept in a Database Separate from the Routing Table
X’s Link State © 1999, Cisco Systems, Inc.
Copyright © 1998, Cisco Systems, Inc. All rights reserved. Printed in USA. Presentation_ID.scr
40
20
Topology/Link-State Database • A router has a separate LS database for each area to which it belongs • All routers belonging to the same area have identical database • SPF calculation is performed separately for each area • LSA flooding is bounded by area • Router ID determined by interface or command
1403 0914_04F9_c4
41
© 1999, Cisco Systems, Inc.
OSPF Areas Backbone Area #0
Area #1
Area #2
Area #3
• Rules Backbone area must be present All other areas must have connection to backbone Backbone must be contiguous 1403 0914_04F9_c4
© 1999, Cisco Systems, Inc.
Copyright © 1998, Cisco Systems, Inc. All rights reserved. Printed in USA. Presentation_ID.scr
42
21
Types of Areas Stub Area
Does Not Accept External LSAs
1403 0914_04F9_c4
Backbone Area 0
Interconnects Areas Accepts All LSAs
Totally Stubby Area
Does Not Accept External or Summary LSAs
43
© 1999, Cisco Systems, Inc.
Classification of OSPF Routers
Backbone Routers
Autonomous System Boundary Router
Area Border Router
Internal Routers
• Four overlapping categories of routers 1403 0914_04F9_c4
© 1999, Cisco Systems, Inc.
Copyright © 1998, Cisco Systems, Inc. All rights reserved. Printed in USA. Presentation_ID.scr
44
22
Autonomous System Boundary Router Consolidates External Routes Internet Service Provider BGP Updates Autonomous System Boundary Router
An Autonomous System Boundary Router Forwards External Links or Default External Link 0.0.0.0
Autonomous System 1
• Summarize external LSAs 1403 0914_04F9_c4
45
© 1999, Cisco Systems, Inc.
When to Use OSPF • Large hierarchical networks • Complex networks, except… Topology restrictive Additional network design
• VLSM • Fast convergence • Multivendor 1403 0914_04F9_c4
© 1999, Cisco Systems, Inc.
Copyright © 1998, Cisco Systems, Inc. All rights reserved. Printed in USA. Presentation_ID.scr
46
23
BGP Basics Peering A
C
AS 100
AS 101 B
• Runs over TCP • Path vector protocol
D E
AS 102
• Incremental update 1403 0914_04F9_c4
© 1999, Cisco Systems, Inc.
47
BGP General Operation
• Learns multiple paths via internal and external BGP speakers • Picks the best path and installs in the IP forwarding table • Policies applied by influencing the best path selection 1403 0914_04F9_c4
© 1999, Cisco Systems, Inc.
Copyright © 1998, Cisco Systems, Inc. All rights reserved. Printed in USA. Presentation_ID.scr
48
24
Internal BGP Peering AS 100 A
D
B
E
• BGP peer within the same AS • Not required to be directly connected • IBGP neighbors should be fully meshed • Few BGP speakers in corporate network 1403 0914_04F9_c4
49
© 1999, Cisco Systems, Inc.
External BGP Peering A
AS 100
AS 101 C B
• Between BGP speakers in different AS • Should be directly connected
1403 0914_04F9_c4
© 1999, Cisco Systems, Inc.
Copyright © 1998, Cisco Systems, Inc. All rights reserved. Printed in USA. Presentation_ID.scr
50
25
When Not to Use BGP Network Number
Static A Advertise Default Network via IGP
ISP Runs BGP
B
C
Use a Static Route to Provide Connectivity
• Avoid BGP configuration by using default networks and static routes Appropriate when the local policy is the same as the ISP policy 1403 0914_04F9_c4
51
© 1999, Cisco Systems, Inc.
Policy Drives BGP Requirements AS 200
Static Route
BGP AS 100
BGP BGP
F
AS 400
AS 300
• Policy for AS 100: Always use AS 300 path to reach AS 400 1403 0914_04F9_c4
© 1999, Cisco Systems, Inc.
Copyright © 1998, Cisco Systems, Inc. All rights reserved. Printed in USA. Presentation_ID.scr
52
26
BGP Sessions AS 2 IBGP
EBGP
AS 1
IBGP Service Provider IBGP
• BGP traffic is carried by TCP connections • Two types of BGP sessions: External and internal 1403 0914_04F9_c4
53
© 1999, Cisco Systems, Inc.
BGP Operation IGP Routing
IP
BGP
Protocol
BGP Routing Protocol
• BGP routes can be redistributed into the IP routing table • Not recommended for Internet connections 1403 0914_04F9_c4
© 1999, Cisco Systems, Inc.
Copyright © 1998, Cisco Systems, Inc. All rights reserved. Printed in USA. Presentation_ID.scr
54
27
BGP Operation (Cont.) IGP Routing
IP
BGP
Protocol
BGP Routing Protocol
• Redistributing IP into BGP requires Not recommended for Internet connections The route to be known The BGP network command 1403 0914_04F9_c4
55
© 1999, Cisco Systems, Inc.
BGP Configuration Example 19.0.0.0
15.0.0.0
15.1.1.0
AS 100
AS 200 A
15.1.1.1
Configuration for A Router BGP 100 Network 19.0.0.0 Neighbor 15.1.1.2 Remote-AS 200
15.1.1.2
B
Configuration for B Router BGP 200 Network 15.0.0.0 Neighbor 15.1.1.1 Remote-AS 100
• Representative of most BGP configurations
1403 0914_04F9_c4
© 1999, Cisco Systems, Inc.
Copyright © 1998, Cisco Systems, Inc. All rights reserved. Printed in USA. Presentation_ID.scr
56
28
Policy Routing Customer A
ISP A
Customer B
ISP B
• Forwarding decision not based on destination address • Selects defined path based on attributes of user packet (source/destination IP address, application port, packet lengths, and so forth • Set next hop or interface • Set default next hop or interface 1403 0914_04F9_c4
57
© 1999, Cisco Systems, Inc.
Comparison of Routing Protocols Link State
Traditional Distance Vector
Advance Distance Vector
Scalability Bandwidth
Good Low
Low High
Excellent Low
Memory CPU
High High
Low Low
Moderate Low
Fast Moderate
Slow Easy
Fast Easy
Convergence Configuration
1403 0914_04F9_c4
© 1999, Cisco Systems, Inc.
Copyright © 1998, Cisco Systems, Inc. All rights reserved. Printed in USA. Presentation_ID.scr
58
29
Internet Routing Protocols IP Routing Protocols Are Characterized as Name
Type
Proprietary Function
Updates Metric VLSM Summ
RIP
DV
No
Interior
30 Sec
Hops
No
Auto
RIPV2
DV
No
Interior
30 Sec
Hops
Yes
Auto
IGRP
DV
Yes
Interior
90 Sec
Comp
No
Auto
EIGRP Adv DV
Yes
Interior
Trig
Comp
Yes
Both
OSPF
LS
No
Interior
Trig
Cost
Yes
Man
IS-IS
LS
No
Int/Ext
Trig
Cost
Yes
Auto
BGP
DV
No
Exterior
Trig
N/A
N/A
Man
1403 0914_04F9_c4
59
© 1999, Cisco Systems, Inc.
Controlling Routing Updates
• Passive interfaces • Filtering • Authentication
1403 0914_04F9_c4
© 1999, Cisco Systems, Inc.
Copyright © 1998, Cisco Systems, Inc. All rights reserved. Printed in USA. Presentation_ID.scr
60
30
Passive Interface
s0 Router xxx Passive Interface Serial 0 Neighbor w.x.y.z
• Prevents routing updates from being transmitted out an interface • As an alternative to passive interfaces you: Do not configure a routing protocol on the interface Use access lists to filter routing protocols Use route redistribution 1403 0914_04F9_c4
61
© 1999, Cisco Systems, Inc.
Filtering Incoming Updates Control Input of Routing Data 172.16.1.0
10.0.0.0
10.0.0.0
129.1.1.0
s0 Partner Network Distribute List 1 in Serial 0 Access-List 1 Permit 129.1.0.0 Access-List 2 Deny 0.0.0.0 255.255.255.255 1403 0914_04F9_c4
© 1999, Cisco Systems, Inc.
Copyright © 1998, Cisco Systems, Inc. All rights reserved. Printed in USA. Presentation_ID.scr
62
31
Filtering Outgoing Updates Useful to Propagate Default Route s0
Router EIGRP 1 Network 128.1.0.0 Distribute List 1 Out Serial 0 Access-List 1 Permit 128.1.0.0 0.0.0.0 IP Default Network 128.1.0.0
1403 0914_04F9_c4
© 1999, Cisco Systems, Inc.
63
Precedence of Filters • Filter routing updates in or out bound • Interface specific or global • Evaluation order: interface, global • Example: Access-list 1 deny 1.0.0.0 0.255.255.255 Access-list 2 permit 1.2.3.0 0.0.0.255 Router rip Distribute-list 1 in ethernet 0 Distribute-list 2 in
• List 2 is overridden on interface ethernet 0 1403 0914_04F9_c4
© 1999, Cisco Systems, Inc.
Copyright © 1998, Cisco Systems, Inc. All rights reserved. Printed in USA. Presentation_ID.scr
64
32
ACL Oversights
• Access control lists can filter routing updates
1403 0914_04F9_c4
RIP
UDP Port 520
255.255.255.255
RIPv2
UDP Port 520
224.0.0.9 (Default) 255.255.255.255
IGRP
IP Protocol Field 9
255.255.255.255
EIGRP
IP Protocol Field 88
224.0.0.10
OSPF
IP Protocol Field 89
224.0.0.5 (AllOSPFRouters) 224.0.0.6 (DRRouters)
BGP
TCP Port 179
Neighbor Address
65
© 1999, Cisco Systems, Inc.
Secure Routing Route Authentication Configure Key and Hash Function Campus Signs Route Updates
Verifies Signature Signature
Route Updates
• Certifies authenticity of neighbor and integrity of route updates 1403 0914_04F9_c4
© 1999, Cisco Systems, Inc.
Copyright © 1998, Cisco Systems, Inc. All rights reserved. Printed in USA. Presentation_ID.scr
66
33
Signature Generation Router A Routing Update
Hash Function
Signature
Hash
Routing Update
Signature
Signature = Encrypted Hash of Routing Update 1403 0914_04F9_c4
67
© 1999, Cisco Systems, Inc.
Signature Verification Router B Signature
Receiving Router Separates Routing Update and Signature
Routing Update
Routing Update
Re-Hash the Routing Update
Signature Hash Function
Decrypt Using Preconfigured Key Hash
If Hashes Are Equal, Signature Is Authentic 1403 0914_04F9_c4
© 1999, Cisco Systems, Inc.
Copyright © 1998, Cisco Systems, Inc. All rights reserved. Printed in USA. Presentation_ID.scr
Hash
68
34
Secure Routing Route Filtering • Selectively announce routes, per neighbor Hide part of the topology/connectivity
Network X
• Selectively accept routes, per neighbor
Network A
Refuse erroneous “make-believe” announcements Protect against redistribution loops
• Route filter with “distribute-list” command • Can filter anywhere in distancevector protocols
Advertise B and Y
Network B
RIP, IGRP, EIGRP, DECnet, RIP/SAP, etc
• Can filter at redistribution points between Advertise B any protocols: and X RIP, EIGRP, OSPF, IGRP, IS-IS, BGP, Static, etc
• Use “route-maps” at redistribution points Based on extended access-lists for route prefixes Based on “tags” of route origin or history Based on AS filters in BGP 1403 0914_04F9_c4
Network Y 69
© 1999, Cisco Systems, Inc.
What Is Route Summarization? 172.16.25.0/24
I Can Route to the 172.16.0.0/16 Network
172.16.26.0/24 A
B Routing Table
172.16.27.0/24 Routing Table
172.16.0.0/16
172.16.25.0/24 172.16.26.0/24 172.16.27.0/24
• Routing protocols can summarize addresses of several networks into one address 1403 0914_04F9_c4
© 1999, Cisco Systems, Inc.
Copyright © 1998, Cisco Systems, Inc. All rights reserved. Printed in USA. Presentation_ID.scr
70
35
Route Summarization Control Growth of Routing Tables 128.1.1.0 128.1.5.0 128.1.8.0 128.2.0.0 128.3.0.0 10.0.0.0
128.2.1.0 128.2.5.0 128.2.8.0 128.1.0.0 128.3.0.0 10.0.0.0
128.3.1.0 128.3.5.0 128.3.8.0 128.1.0.0 128.2.0.0 10.0.0.0
10.1.1.0 10.1.5.0 10.1.8.0 128.1.0.0 128.2.0.0 128.3.0.0
128.1.0.0
128.2.0.0
128.3.0.0
10.0.0.0
1403 0914_04F9_c4
71
© 1999, Cisco Systems, Inc.
Summarizing Addresses in a VLSM-Designed Network 172.16.128.0/20 B
172.16.32.64/26
17 2. 16 .1 28 .0 /2 0
172.16.32.0/24 C
Internet
A 172.16.0.0/16 0 /2 .0 4 .6 16 2. 7 1
172.16.32.128/26
172.16.64.0/20
1403 0914_04F9_c4
D
© 1999, Cisco Systems, Inc.
Copyright © 1998, Cisco Systems, Inc. All rights reserved. Printed in USA. Presentation_ID.scr
72
36
Summarization Determines Scalability Network Routes within Autonomous System
Subnet Routes within Network Host Routes within Subnet
• Routing scales because of consolidation • IP internetworks are hierarchical 1403 0914_04F9_c4
73
© 1999, Cisco Systems, Inc.
Ground Rules • Under normal operation, there should be exactly one interior routing protocol on any network segment Use “passive-interface” as necessary to ensure this
• The number of redistribution boundaries should be kept to a minimum • Run as few routing protocols as possible 1403 0914_04F9_c4
© 1999, Cisco Systems, Inc.
Copyright © 1998, Cisco Systems, Inc. All rights reserved. Printed in USA. Presentation_ID.scr
74
37
Addressing and Other Services
• Addressing should be contiguous with respect to network and routing protocol topology • Allows for summarization • DNS, DHCP, User Registration, Network Time Protocol 1403 0914_04F9_c4
© 1999, Cisco Systems, Inc.
75
Address Management Presentation
• 806—DNS, DHCP and IP Address Management
1403 0914_04F9_c4
© 1999, Cisco Systems, Inc.
Copyright © 1998, Cisco Systems, Inc. All rights reserved. Printed in USA. Presentation_ID.scr
76
38
Addressing—Scalable Design • Large route tables are hard to debug • Reduce route table sizes with summarization • Requires addressing plan matching network and protocol topology • Public or private addresses decision • Not all applications understand NAT 1403 0914_04F9_c4
77
© 1999, Cisco Systems, Inc.
Security The Security Wheel • Time-based reasoning • Used to value data by time when data storage expensive
5 Manage and Improve
• Security uses different scarce resource, same principle
2 Secure
1 Corporate Security Policy
3 Monitor
4 Audit/Test
• Export restrictions 1403 0914_04F9_c4
© 1999, Cisco Systems, Inc.
Copyright © 1998, Cisco Systems, Inc. All rights reserved. Printed in USA. Presentation_ID.scr
78
39
Deep Crack—22Hrs 15 Minutes • Jan 19th 1999 Distributed.Net, a worldwide coalition of computer enthusiasts, worked with the Electronic Frontier Foundation's (EFF) “Deep Crack,” a specially designed supercomputer, and a worldwide network of nearly 100,000 PCs on the Internet, to win RSA Data Security’s DES Challenge III in a recordbreaking 22 hours and 15 minutes, beating the previous record of 56 hours”
• [http://www.rsa.com/rsalabs/des3/index.html] • It only cost $250,000 to build Deep Crack 1403 0914_04F9_c4
79
© 1999, Cisco Systems, Inc.
Export Issues
• Know the export laws of your country, and the import laws of the country which needs the bits or equipment • All of these laws are changing rapidly around the world • Keep informed 1403 0914_04F9_c4
© 1999, Cisco Systems, Inc.
Copyright © 1998, Cisco Systems, Inc. All rights reserved. Printed in USA. Presentation_ID.scr
80
40
Security and VPNs
• Privacy—from MPLS • Tunnels • IPSEC—confidentiality, integrity, authentication • Scale effects • Network or host-based 1403 0914_04F9_c4
81
© 1999, Cisco Systems, Inc.
IPSec full mesh n nodes, n^2 policies
Scaling Exponential growth Nodes 8
policies 56
100
9900
500
249500
1000
999000 Encryption Tunnel
1403 0914_04F9_c4
© 1999, Cisco Systems, Inc.
Copyright © 1998, Cisco Systems, Inc. All rights reserved. Printed in USA. Presentation_ID.scr
82
41
IPSec hub: n nodes, 2n policies
Scaling Linear growth Nodes policies 8
16
100
200
500
1000
1000
2000 Encryption Tunnel
1403 0914_04F9_c4
83
© 1999, Cisco Systems, Inc.
MPLS 1a. Existing Routing Protocols (e.g., OSPF, ISIS) Establish Reachability to Destination Networks 1b. Label Distribution Protocol (LDP) Establishes Tag to Destination Network Mappings
2. Ingress Label Switch Router Receives Packet, Performs Layer 3 Value-Added Services, and “Tags” Packets 1403 0914_04F9_c4
4. Egress LSR Removes Label and Delivers Packet
3. Core LSR Switch Packets Using Label Swapping
© 1999, Cisco Systems, Inc.
Copyright © 1998, Cisco Systems, Inc. All rights reserved. Printed in USA. Presentation_ID.scr
84
42
Other Security Presentations
• 302 Introduction • 311 Deployment • 318 Advanced
1403 0914_04F9_c4
85
© 1999, Cisco Systems, Inc.
Expensive Circuits—Compression • One compression service adapter/ module will service multiple connections
Cisco 7507 w/CSA and VIP2
Cisco 7206 w/CSA
ISP Peer
Rule of thumb on pricing x 2 the port/transit cost x 2 on port/transit cost for the price of x 1 circuit may be worth it 1403 0914_04F9_c4
Cisco 7206 w/CSA
© 1999, Cisco Systems, Inc.
Copyright © 1998, Cisco Systems, Inc. All rights reserved. Printed in USA. Presentation_ID.scr
Cisco 3640 w/CM
Cisco 3640 w/No Compression 86
43
Data Compression over Transoceanic Links Bandwidth
Recommended Max Line Speed
Notes
RSP2-Based Compression Encryption
2 Mbps 3 ~ 9 Mbps
256 kbps 1 E1
Watch CPU Load
VIP Distributed Compression Encryption
2 Mbps 3 ~ 9 Mbps
256 kbps 1 E1
Performance Per VIP
Service Adapter Compression Encryption
30 Mbps 30 Mbps
8 E1 Lines 8 E1 Lines
0% Utilization on RSP and VIP
1403 0914_04F9_c4
© 1999, Cisco Systems, Inc.
87
Policy—Work in Progress
• QoS • User authentication • User server access • User reservation rights
1403 0914_04F9_c4
© 1999, Cisco Systems, Inc.
Copyright © 1998, Cisco Systems, Inc. All rights reserved. Printed in USA. Presentation_ID.scr
88
44
Policy —Where to Drop Packets The Rest of the Internet
Remote Office
Tools
Tools
• Any QoS, CoS, or DiffServ tools need to be applied on the upstream router’s interface If drop packets on the downstream side they’ve already been sent on the expensive link Need control or at least access to a router at the high-volume side 1403 0914_04F9_c4
89
© 1999, Cisco Systems, Inc.
Applications
• Remember the laws of physics • Ocean fiber roundtrip times • Caching for Web
1403 0914_04F9_c4
© 1999, Cisco Systems, Inc.
Copyright © 1998, Cisco Systems, Inc. All rights reserved. Printed in USA. Presentation_ID.scr
90
45
Objective—Max PPS Video Sound Fast Graphics Push/Pull
Fast Web
Medium Web
Commerce Web Server
Slow Web User Applications
Performance Need
Fast Web and Integrated Applications
30-70pps/User
Medium Web
6-15pps/User
Slow Web/Text
5pps/User
Technology 128k ISDN 84k Compressed Modem 64k ISDN Modem 56k Modem 42k Modem 28.8 Modem
Max Speed 63pps 42pps 31pps 27pps 21pps 14pps
* 256 Byte Packets
1403 0914_04F9_c4
© 1999, Cisco Systems, Inc.
91
Analyze Existing Infrastructure • List applications and response time characteristics • Get volume information from “show interface” on the routers • Get source destination pairs • On routers which support NetFlow, Cisco IOS ® version 11.1(5) or later, get data on number of flows, packets per flow, bytes per packet, by application 1403 0914_04F9_c4
© 1999, Cisco Systems, Inc.
Copyright © 1998, Cisco Systems, Inc. All rights reserved. Printed in USA. Presentation_ID.scr
92
46
Measure and Understand the Baseline Threshold
Upgrade!
• Baseline quality levels are critical • Average utilization and packet loss need to be monitored on the entire network— use SNMP • Set QoS thresholds 1403 0914_04F9_c4
93
© 1999, Cisco Systems, Inc.
Flow Activation Locations
Ingress Aggregation
Egress Aggregation
WAN Access Router
Transit 1403 0914_04F9_c4
© 1999, Cisco Systems, Inc.
Copyright © 1998, Cisco Systems, Inc. All rights reserved. Printed in USA. Presentation_ID.scr
94
47
NetFlow Data Record (V5) Usage
• Packet Count • Byte Count
• Source IP Address • Destination IP Address
Time of Day
• Start Timestamp • End Timestamp
• Source TCP/UDP Port • Destination TCP/UDP Port
• •
Input Interface Port Output Interface Port
• Next Hop Address • Source AS Number • Dest AS Number
• • •
Type of Service TCP Flags Protocol
Port Utilization
QoS
Application Routing and Peering
Who Is Doing What, Where, and When 1403 0914_04F9_c4
95
© 1999, Cisco Systems, Inc.
Network Architecture POP
POP Backbone
POP
POP Scalable Solutions Require Cooperative Edge and Backbone Functions
• Edge Functions
• Backbone Functions
Packet classification Admission control Bandwidth management Queuing Services and traffic metering Security filtering Customer access aggregation 1403 0914_04F9_c4
© 1999, Cisco Systems, Inc.
Copyright © 1998, Cisco Systems, Inc. All rights reserved. Printed in USA. Presentation_ID.scr
High-speed switching and transport Congestion management Queue management Traffic management QoS interworking
96
48
Applications—Interaction with Network • Scale effects • Installation, service and support requirements—understand available expertise • Contingency plan for changes in pricing and feasible data bandwidth—Gigabit Ethernet, xDSL, WDM, optical internetworking 1403 0914_04F9_c4
97
© 1999, Cisco Systems, Inc.
More Information
• 609 Capacity Planning
1403 0914_04F9_c4
© 1999, Cisco Systems, Inc.
Copyright © 1998, Cisco Systems, Inc. All rights reserved. Printed in USA. Presentation_ID.scr
98
49
The Web: The Killer Application
• Drives bandwidth needs • Drives need for optimization tools • Different traffic patterns from client server or “green screen” apps 1403 0914_04F9_c4
99
© 1999, Cisco Systems, Inc.
Cache Engine Operation Web Server
Internet
Cisco Cache Engine(s)
Cache Engine Requests URL
1403 0914_04F9_c4
© 1999, Cisco Systems, Inc.
Copyright © 1998, Cisco Systems, Inc. All rights reserved. Printed in USA. Presentation_ID.scr
100
50
Cache Engine Operation (Cont.) Web Server
Internet
Cisco Cache Engine(s)
Cache Engine Simultaneously Fills URL Request
1403 0914_04F9_c4
101
© 1999, Cisco Systems, Inc.
Cache Engine Operation (Cont.) Web Server
Internet
Cisco Cache Engine(s)
Cache Engine Fills Subsequent Requests 1403 0914_04F9_c4
© 1999, Cisco Systems, Inc.
Copyright © 1998, Cisco Systems, Inc. All rights reserved. Printed in USA. Presentation_ID.scr
102
51
Improved Response Time Web Server
20–30 Sec
Internet
Cisco Cache Engine(s)
1 Sec
Web Clients 28.8 Kbps, 56 Kbps, xDSL, Transoceanic Links 1403 0914_04F9_c4
103
© 1999, Cisco Systems, Inc.
International Caching and Content Mgmt Cache Farm take IPv4Addresses from NSP1’s CIDR BlockReturning Traffic over Satellite
Cache Farm Points Default over Satellite Cache Farm
Satellite WWW Traffic ISP’s Satellite GW
NSP’s Satellite GW
Internet
Customers ISP’s Terrestrial GW
NSP’s Terrestrial GW
WCCP Intercepts Traffic 1403 0914_04F9_c4
© 1999, Cisco Systems, Inc.
Copyright © 1998, Cisco Systems, Inc. All rights reserved. Printed in USA. Presentation_ID.scr
104
52
Network Design Summary • Business requirements—understand your comparative advantage • Available expertise constrains what can be operated • Use three layer model, technologies as appropriate • Prepare for change and growth 1403 0914_04F9_c4
105
© 1999, Cisco Systems, Inc.
Please Complete Your Evaluation Form Session 1403
1403 0914_04F9_c4
© 1999, Cisco Systems, Inc.
Copyright © 1998, Cisco Systems, Inc. All rights reserved. Printed in USA. Presentation_ID.scr
106
53
1403 0914_04F9_c4
© 1999, Cisco Systems, Inc.
Copyright © 1998, Cisco Systems, Inc. All rights reserved. Printed in USA. Presentation_ID.scr
107
54
