Cisco - Headquarters or Centralized Location 1402

10 downloads 613 Views 1MB Size Report

This content was uploaded by our users and we assume good faith they have the permission to share this book. If you own the copyright to this book and it is wrongfully on our website, we offer a simple DMCA procedure to remove your content from our site. Start by pressing the button below!

Report copyright / DMCA form

DOWNLOAD PDF

1402 1030_05F9_c1

1

© 1999, Cisco Systems, Inc.

Headquarters or Centralized Location Session 1402

1402 1030_05F9_c1

© 1999, Cisco Systems, Inc.

Copyright © 1998, Cisco Systems, Inc. All rights reserved. Printed in USA. Presentation_ID.scr

2

1

Agenda

• Planning • Modular Design • Scalability and Redundancy • Management • Services 1402 1030_05F9_c1

3

© 1999, Cisco Systems, Inc.

Planning

1402 1030_05F9_c1

© 1999, Cisco Systems, Inc.

Copyright © 1998, Cisco Systems, Inc. All rights reserved. Printed in USA. Presentation_ID.scr

4

2

Planning

• Traffic analysis • Application analysis • Cabling plant • Media selection • Addressing 1402 1030_05F9_c1

5

© 1999, Cisco Systems, Inc.

Traffic Analysis • Where are your servers? • What is a “typical” user? • What is the volume per user? Historical data Lab measurements

• All this implies a target PPS capability required for each network element 1402 1030_05F9_c1

© 1999, Cisco Systems, Inc.

Copyright © 1998, Cisco Systems, Inc. All rights reserved. Printed in USA. Presentation_ID.scr

6

3

Application Analysis • SNA content? Traditional controllers TN3270 Web front-ends

• What is a typical transaction? How many round-trip times? Where does the information really come from? 1402 1030_05F9_c1

© 1999, Cisco Systems, Inc.

7

Application and Traffic Analysis: Related Networkers Presentations • 609—Introduction to Capacity and Performance Management • 704—Analyzing Network Response Time with IPM 2.0 • 706—TN3270 Server Access to Mainframe-Based SNA Applications and Data 1402 1030_05F9_c1

© 1999, Cisco Systems, Inc.

Copyright © 1998, Cisco Systems, Inc. All rights reserved. Printed in USA. Presentation_ID.scr

8

4

Cabling Plant • Category five horizontal cable 100 meter radius around wiring closets

• Fiber in the riser Usually multimode but with advent of Gigabit Ethernet, might want to start laying in single mode

• Fiber in the campus Single mode for at least half of the strands 1402 1030_05F9_c1

9

© 1999, Cisco Systems, Inc.

Media Selection

• Ethernet • Token Ring • FDDI • ATM • VLAN/trunk technologies 1402 1030_05F9_c1

© 1999, Cisco Systems, Inc.

Copyright © 1998, Cisco Systems, Inc. All rights reserved. Printed in USA. Presentation_ID.scr

10

5

Ethernet • Pro Variety of speeds Many times already on PC motherboard Very inexpensive

• Con QoS just beginning to emerge “Classic” Ethernet half duplex Inefficient as a shared segment 1402 1030_05F9_c1

11

© 1999, Cisco Systems, Inc.

Token Ring • Pro Variety of speed Deterministic LAN access Capable of very high efficiency even in shared segments

• Con Poor multicast support Expensive Lack of market share = lack of products 1402 1030_05F9_c1

© 1999, Cisco Systems, Inc.

Copyright © 1998, Cisco Systems, Inc. All rights reserved. Printed in USA. Presentation_ID.scr

12

6

FDDI • Pro Very high efficiency Deterministic LAN access Highly resilient

• Con Basically has lost out to ATM Chip manufacturers are starting to get out of the FDDI business 1402 1030_05F9_c1

13

© 1999, Cisco Systems, Inc.

ATM • Pro Variety of speeds Fine-grained QoS Compatible with SONET infrastructures

• Con Complex signaling plane Chopping 53 byte cells is gonna get real interesting as speeds so up 1402 1030_05F9_c1

© 1999, Cisco Systems, Inc.

Copyright © 1998, Cisco Systems, Inc. All rights reserved. Printed in USA. Presentation_ID.scr

14

7

LANE

• Pro Allows a common backbone for data and native ATM applications Provides LAN sub-networks with a higher-speed backbone First industry-standard VLAN technology 1402 1030_05F9_c1

15

© 1999, Cisco Systems, Inc.

LANE

• Con LANE signaling makes native ATM signaling look simple Currently no QoS or scalable multicast Version 2 attempts to address these issues 1402 1030_05F9_c1

© 1999, Cisco Systems, Inc.

Copyright © 1998, Cisco Systems, Inc. All rights reserved. Printed in USA. Presentation_ID.scr

16

8

LANE Overview LECS

LES

BUS

• Assign • Control and individual coordination function LEC to • Registering and different resolving MAC addresses emulated LANs

LECS

Handle data sent by LEC to: • Broadcast MAC address • Multicast data • Initial unicast data

LES

BUS

LEC LEC LEC

ATM Emulated LAN Ethernet 1402 1030_05F9_c1

17

© 1999, Cisco Systems, Inc.

LANE 1.0 Review (LEC VCCs) Control Direct VCC Control Distribute PMP VCC

LECS

LES

BUS

Configuration Direct VCC

LEC

LEC Data Direct VCC 1402 1030_05F9_c1

© 1999, Cisco Systems, Inc.

Copyright © 1998, Cisco Systems, Inc. All rights reserved. Printed in USA. Presentation_ID.scr

18

9

LANE v2.0

• LANE 2.0 adds LE service redundancy which adds to the robustness of the LANE environment • LANE 2.0 adds the possibilities for ABR, QoS classes and flow multiplexing • LANE 2.0 provides for “Special Multicasting Services” for better multicast management and scalability • LANE 2.0 builds on the already successful and mature LANE 1.0 standard 1402 1030_05F9_c1

19

© 1999, Cisco Systems, Inc.

MPOA

• Pro Delivers on the promise of layer three cut-throughs Exposes ATM QoS to layer three devices Defines a scalable multicast environment

1402 1030_05F9_c1

© 1999, Cisco Systems, Inc.

Copyright © 1998, Cisco Systems, Inc. All rights reserved. Printed in USA. Presentation_ID.scr

20

10

MPOA

• Con Makes LANE signaling look simple ;^) Just beginning to emerge Do layer three cut-throughs solve a non-problem given the advent of layer three switches? 1402 1030_05F9_c1

21

© 1999, Cisco Systems, Inc.

MPOA Service Basics MPOA Service

Configuration (Uses LECS)

Initialization of Parameters

Autodiscovery

Address Resolution

Default Forwarder

Connectionless Packet Forwarding Address Resolution and Can Initiate the Forwarding of Info to MPOA Clients

MPOA Server (MPS)

MPOA Clients (MPC)

1402 1030_05F9_c1

© 1999, Cisco Systems, Inc.

Copyright © 1998, Cisco Systems, Inc. All rights reserved. Printed in USA. Presentation_ID.scr

22

11

MPOA—Query and Response MPOA Server MPOA Query and Response

MPOA Server

MPOA Server OSPF, EIGRP, Etc

Subnet A Emulated LAN A

ATM Network

Subnet B Emulated LAN B

Resultant Direct Cut-Through VC

1402 1030_05F9_c1

Edge Devices

23

© 1999, Cisco Systems, Inc.

MPOA—Router Initiated ‘MPOA Trigger’

MPOA Server

MPOA Server

MPOA Server

Use This L3 Cut-Through for A to B

OSPF, EIGRP, Etc

Subnet A Emulated LAN A

ATM Network

Subnet B Emulated LAN B

Edge Devices

1402 1030_05F9_c1

© 1999, Cisco Systems, Inc.

Copyright © 1998, Cisco Systems, Inc. All rights reserved. Printed in USA. Presentation_ID.scr

24

12

Inter-Switch Link (ISL) • Two-level tagging scheme • Original frame is encapsulated with ISL header and FCS, i.e., two-level tagging • Initial support of up to 1,024 VLANs • Implemented in ASICs provides wire speed performance ISL Header 26 Bytes 1402 1030_05F9_c1

Encapsulated Frame 1 24.5 KBytes

FCS 4 Bytes 25

© 1999, Cisco Systems, Inc.

Two-Level Tagging • The original frame is left unchanged • A new external header is added in front of the original frame New SA, DA, (RIF), Ethertype, and VLAN-ID It is possible to support giant frames

• The RIF works better: Two-level tagging is a tunneling mechanism It is unclear how source routing works in Q1

• FCS fix-up in the new header allows original frame FCS to be retained 1402 1030_05F9_c1

© 1999, Cisco Systems, Inc.

Copyright © 1998, Cisco Systems, Inc. All rights reserved. Printed in USA. Presentation_ID.scr

26

13

IEEE 802.1Q • IEEE standards for local and metropolitan area networks: Virtual Bridged Local Area Network

• Draft 9 • Two main topics: Bridged/switched networks VLANs (Virtual LANs) 1402 1030_05F9_c1

27

© 1999, Cisco Systems, Inc.

Example of One-Level Tagging Tagging Ethernet IEEE 802.3 New Field

Ethernet v2.0 PREAM. SFD

DA

SA

TAG

PT

PREAM. SFD

DA

SA

TAG

LEN.

DATA

LLC PDU

FCS

PAD

FCS

IEEE 802.3 1402 1030_05F9_c1

© 1999, Cisco Systems, Inc.

Copyright © 1998, Cisco Systems, Inc. All rights reserved. Printed in USA. Presentation_ID.scr

28

14

Spanning Tree Issues • 802.1Q specifies one spanning tree per bridge cloud, but it does not preclude multiple spanning trees in later revisions of the specification • Cisco is implementing n spanning trees per m VLANs, n ≤ m 802.1Q is therefore the special case n = 1 Current Cisco solution is n = m

• One spanning tree (in 802.1Q) means you cannot use redundant infrastructure 1402 1030_05F9_c1

29

© 1999, Cisco Systems, Inc.

Cisco Fast EtherChannel—Today • Problem: The deployment of dedicated 10/100 connectivity requires higher-speed uplink bandwidth Switch to switch Switch to server Switch to router Router to server

800 MB

Fast EtherChannel Speed

• Solution: Fast EtherChannel Scalable bandwidth up to 800 MB True load balancing across links

800 MB

400 MB

400 MB

Note: Numbers Are Full-Duplex BW

• Scalable to Gigabit EtherChannel 1402 1030_05F9_c1

© 1999, Cisco Systems, Inc.

Copyright © 1998, Cisco Systems, Inc. All rights reserved. Printed in USA. Presentation_ID.scr

30

15

Scaling with Gigabit Ethernet and/or Etherchannels Fast EtherChannel and Gigabit Ethernet Data Center A 2 Gbps

Data Center B 2 Gbps

4 Gbps

Fast EtherChannel Gigabit Ethernet 400 Mbps

800 Mbps

400 Mbps

Wiring Closets

4 Gbps 800 Mbps

Wiring Closets

Scalable Bandwidth Ethernet/ Fast Ethernet

Fast EtherChannel

10–100 Mbps

200–800 Mbps

1402 1030_05F9_c1

Gigabit Ethernet

2 Gbps

Gigabit EtherChannel

Multigigabit 31

© 1999, Cisco Systems, Inc.

Media Selection: The Bottom Line • Ethernet is the default choice Gigabit Ethernet and EtherChannels for backbones

• Use Token Ring if you’ve got native SNA end stations but this approach is costing you money so you’d better have a conversion strategy • FDDI is dead, get off it as soon as possible 1402 1030_05F9_c1

© 1999, Cisco Systems, Inc.

Copyright © 1998, Cisco Systems, Inc. All rights reserved. Printed in USA. Presentation_ID.scr

32

16

Media Selection: The Bottom Line • ATM: A great backbone technology for the WAN Use it on campus if you’ve got native ATM application you’ve deployed in the WAN or as a bridge until Gigabit Ethernet prices come down Use native ATM applications sparingly Layer two solutions are tactical in nature: layer three lives on long after a particular media is dead and buried 1402 1030_05F9_c1

33

© 1999, Cisco Systems, Inc.

Media Selection: The Bottom Line • LANE and MPOA Still relevant as Gigabit Ethernet products mature However once you’ve got layer three capabilities in most of your edge switches, using your campus ATM core with 1483 and/or 1577 will be less complex and just as scalable as MPOA/LANEv2 for multicast and QoS 1402 1030_05F9_c1

© 1999, Cisco Systems, Inc.

Copyright © 1998, Cisco Systems, Inc. All rights reserved. Printed in USA. Presentation_ID.scr

34

17

Media Selection: The Bottom Line • 802.1Q/ISL ISL capabilities are a superset of 802.1Q capabilities ISL also has the user priority field Interoperability between shared spanning tree and multiple spanning trees: A qualified “yes” VLAN range of ISL hardware maps to VLAN range of 802.1Q 1402 1030_05F9_c1

35

© 1999, Cisco Systems, Inc.

Media Selection: The Bottom Line • In Cisco’s VLAN architecture 802.1Q is just another trunk type: ISL, LANE, IEEE 802.1Q, IEEE 802.10 Any mix of these in one VLAN is allowed by the hardware

• Cisco line cards support either ISL, 802.1Q, or 802.1Q and ISL • DISL will be extended to negotiate ISL vs. IEEE 802.1Q 1402 1030_05F9_c1

© 1999, Cisco Systems, Inc.

Copyright © 1998, Cisco Systems, Inc. All rights reserved. Printed in USA. Presentation_ID.scr

36

18

Media Selection: Related Networkers Presentations

1402 1030_05F9_c1

• 312—Deploying IP Switching Protocols • 503—Deploying LANE and MPOA • 603—LAN Switch Architectures and Performance • 703—Token Ring/Ethernet Backbone Products • 1102—Introduction to Cisco Catalyst Products 37

© 1999, Cisco Systems, Inc.

Addressing • Network topology determines address topology Addresses map onto topology, not the other way around The topology is a tree so the address scheme is a tree

• Mapping political and/or geographic structures in the address plan only works if those structures are congruent with network topology 1402 1030_05F9_c1

© 1999, Cisco Systems, Inc.

Copyright © 1998, Cisco Systems, Inc. All rights reserved. Printed in USA. Presentation_ID.scr

38

19

Addressing • If you don’t build a tree structured addressing plan, IP route summarization is impossible All VLSM techniques depend on binary contiguous ranges of address space

• Route protocol instability due to large route tables is one of the leading causes of network outages Redistribution errors are a close second 1402 1030_05F9_c1

39

© 1999, Cisco Systems, Inc.

Addressing • Private space NAT is the enabling technology Don’t have to be as frugal with IP addresses Can only use Internet applications that your NAT understands

• “Real” space Must use sparingly No limitation of applications due to NAT 1402 1030_05F9_c1

© 1999, Cisco Systems, Inc.

Copyright © 1998, Cisco Systems, Inc. All rights reserved. Printed in USA. Presentation_ID.scr

40

20

Addressing

• DHCP Use it Enough said

• DNS Likewise 1402 1030_05F9_c1

41

© 1999, Cisco Systems, Inc.

Addressing Example Building Module

Mainframe Module 10.2.128.0/17

10.4.0.0/16

WAN Module

Building Module

10.5.0.0/16

10.4.0.0/14 Building Module

10.6.0.0/16

10.1.0.0/16 Building Module

10.3.0.0/16

10.7.0.0/16

Internet Module

DNS

Internet 10.2.0.0/17 1402 1030_05F9_c1

Server Module

© 1999, Cisco Systems, Inc.

Copyright © 1998, Cisco Systems, Inc. All rights reserved. Printed in USA. Presentation_ID.scr

42

21

Addressing Example 10.1.0.0/16 Advertised to the Core 21 6 = 65536 Addresses 10.1.0.0 through 10.1.255.255 10.1.0.0/14 Assigned to Left Side 21 4 = 16384 Addresses 10.1.0.0 through 10.1.63.255

To Core

10.1.0.0/12 Assigned to Left Trunk 10.1.0.0 through 10.1.31.255 10.1.0.0 and 10.1.1.0 Used for Sub-Interfaces Addresses Using /30 Mask

10.1.64.0/12 Assigned to Left Trunk 10.1.64.0 through 10.1.95.255 10.1.64.0 and 10.1.65.0 Used for Sub-Interfaces Addresses Using /30 Mask

10.1.32.0/12 Assigned to Right Trunk 10.1.32.0 through 10.1.63.255 10.1.32.0 and 10.1.33.0 Used for Sub-Interface Addresses Using /30 Mask 10.1.2.0/9 Assigned to Remote Site on Left Trunk 10.1.2.0 through 10.1.3.255 1402 1030_05F9_c1

10.1.64.0/14 Assigned to Right Side 21 4 = 16384 Addresses 10.1.64.0 through 10.1.127.255

10.1.96.0/12 Assigned to Right Trunk 10.1.96.0 through 10.1.127.255 10.1.96.0 and 10.1.97.0 Used for Sub-Interface Addresses Using /30 Mask

xN

10.1.98.0/9 Assigned to Remote Site on Left Trunk 10.1.98.0 through 10.1.99.255

© 1999, Cisco Systems, Inc.

43

Addressing: Related Networkers Presentations

• 301—Introduction to Routing Protocols • 806—DNS, DHCP, and IP Address Management

1402 1030_05F9_c1

© 1999, Cisco Systems, Inc.

Copyright © 1998, Cisco Systems, Inc. All rights reserved. Printed in USA. Presentation_ID.scr

44

22

Modular Design

1402 1030_05F9_c1

45

© 1999, Cisco Systems, Inc.

Modular Design • Three-layer design methodology • Internet access module • WAN module • Campus module Server module Mainframe module Building module 1402 1030_05F9_c1

© 1999, Cisco Systems, Inc.

Copyright © 1998, Cisco Systems, Inc. All rights reserved. Printed in USA. Presentation_ID.scr

46

23

Three-Layer Design Methodology Bet You’ve Heard this before… • Core • Distribution • Access • Recursive design

1402 1030_05F9_c1

47

© 1999, Cisco Systems, Inc.

Core

• Highest-speed links • Coarse-grained QoS • Highest route prefix density • Interconnect between modules

1402 1030_05F9_c1

© 1999, Cisco Systems, Inc.

Copyright © 1998, Cisco Systems, Inc. All rights reserved. Printed in USA. Presentation_ID.scr

48

24

Distribution

• Redundant core connectivity • Redundant access connectivity • Fine to coarse QoS conversion • Route summarization toward the core • Route filtering toward access 1402 1030_05F9_c1

49

© 1999, Cisco Systems, Inc.

Access • Highest-density of physical connections This is where the user actually plugs in

• Admission control Security QoS Address assignment 1402 1030_05F9_c1

© 1999, Cisco Systems, Inc.

Copyright © 1998, Cisco Systems, Inc. All rights reserved. Printed in USA. Presentation_ID.scr

50

25

Recursive Design

• The entire network has this threelayer conceptual design • If a module is big enough, a given module may have a three-layer structure The core of a module is the distribution layer of the intranet 1402 1030_05F9_c1

51

© 1999, Cisco Systems, Inc.

Intranet Template Building Module Mainframe Module

WAN Module Access

Access

Distribution

Distribution

Core

Core

Internet Module

Distribution DNS

Access

Internet

Server Module 1402 1030_05F9_c1

© 1999, Cisco Systems, Inc.

Copyright © 1998, Cisco Systems, Inc. All rights reserved. Printed in USA. Presentation_ID.scr

52

26

Internet Access Module • Minimally provides connectivity Route filtering Redundant connections

• Firewall Stateful inspection, intruder detection Exterior servers Mail, DNS, Web

• Source of the default route 1402 1030_05F9_c1

53

© 1999, Cisco Systems, Inc.

Typical Internet Module Corporate Network Cisco Secure Server Engineering

Finance

ID/Auth. ID/Auth. TACACS+ TACACS+

PIX™ Firewall

Cisco IOS Firewall Cisco Router

Internet

Switch

WWW Server

Admin

DNS

DNS Server 1402 1030_05F9_c1

© 1999, Cisco Systems, Inc.

Copyright © 1998, Cisco Systems, Inc. All rights reserved. Printed in USA. Presentation_ID.scr

54

27

Internet Module: Related Networkers Presentations • 302—Introduction to Information Security • 309—Deploying BGP • 1112—Introduction to Cisco Security Manager • All the 1300 series courses 1402 1030_05F9_c1

55

© 1999, Cisco Systems, Inc.

WAN Module • Connects intranet sites Here’s where traffic and application analysis really pays off Bandwidth x delay = minimum window size Delay x (number of RTTs) = minimum transaction time

• Typically Frame Relay ATM WANs becoming price attractive

• Aggregate routes Send as little to the WAN as possible Summarize to the core 1402 1030_05F9_c1

© 1999, Cisco Systems, Inc.

Copyright © 1998, Cisco Systems, Inc. All rights reserved. Printed in USA. Presentation_ID.scr

56

28

Typical WAN Module

• Dual-homed remotes

To Core

• Might use remote concentration routers • Redundant connection to the core • Might also have dial back-up 1402 1030_05F9_c1

xN

© 1999, Cisco Systems, Inc.

57

WAN Module: Related Networkers Presentations • 100 series courses • 300 series: pick your favorite route protocol • 1401—Branch-Based Network Architecture • 1403—Globally Distributed Network Architecture 1402 1030_05F9_c1

© 1999, Cisco Systems, Inc.

Copyright © 1998, Cisco Systems, Inc. All rights reserved. Printed in USA. Presentation_ID.scr

58

29

Mainframe Module • Where DLSw peer routers reside Typically dedicated routers for the task

• Typically Token Ring media Peer routers to FEPs Peer routers to CIP routers

• Campus connections Bridged Token Rings and/or Token Ring VLANs if NetBIOS support is needed Campus DLSw peers if SNA only 1402 1030_05F9_c1

© 1999, Cisco Systems, Inc.

59

Typical Mainframe Module

• Dedicated DLSw Peer Routers • CIP router or FEPs • Token Ring switches • DLSw peers and/or core connectivity

1402 1030_05F9_c1

© 1999, Cisco Systems, Inc.

Copyright © 1998, Cisco Systems, Inc. All rights reserved. Printed in USA. Presentation_ID.scr

60

30

Example Campus Token Ring to Mainframe Connectivity NetBIOS Client A Access Layer

SNA Client B

Token Ring

Token Ring

Distribution Layer Switched Ethernet Backbone

Dual-Homed FDDI Backbone VLAN Trunk FE FEC E or FE Port Token Ring Port FDDI Port 1402 1030_05F9_c1

FDDI

Server Distribution Token Ring

NetBIOS Servers

Token Ring

IBM SNA FEPs TIC Attached 61

© 1999, Cisco Systems, Inc.

Mainframe Module: Related Networkers Presentations

• 700 Series Courses

1402 1030_05F9_c1

© 1999, Cisco Systems, Inc.

Copyright © 1998, Cisco Systems, Inc. All rights reserved. Printed in USA. Presentation_ID.scr

62

31

Server Module • High-speed inter-server access Many transaction environments have “back-end” networks Back-up network Storage area network

• Usually the module with the best core access • Usually a separate subnetwork Campus-wide VLANs to the servers don’t scale from the server’s point of view 1402 1030_05F9_c1

© 1999, Cisco Systems, Inc.

63

Typical Server Module • Multilayer switches: • Layer two for physical connectivity • Layer three for core connectivity • Back-end transaction, storage and/or back-up network 1402 1030_05F9_c1

© 1999, Cisco Systems, Inc.

Copyright © 1998, Cisco Systems, Inc. All rights reserved. Printed in USA. Presentation_ID.scr

64

32

Mainframe and Server Module: Related Networkers Presentations

• 700 Series Courses

1402 1030_05F9_c1

65

© 1999, Cisco Systems, Inc.

Building Module • Highest density of LAN connections in the Intranet • Highest complexity in terms of management and resiliency features • Typically heavy use of VLAN features • Typically low complexity for routing features • Hope you remember how to use spanning tree ;^)

1402 1030_05F9_c1

© 1999, Cisco Systems, Inc.

Copyright © 1998, Cisco Systems, Inc. All rights reserved. Printed in USA. Presentation_ID.scr

66

33

Typical Building Module • Distribution and core layers are typically layer two and layer three respectively • Trunk sizes determined by desired “over booking” factor • Both layer two and layer three resiliency features 1402 1030_05F9_c1

Same features provide load balancing 67

© 1999, Cisco Systems, Inc.

Scalability and Redundancy

1402 1030_05F9_c1

© 1999, Cisco Systems, Inc.

Copyright © 1998, Cisco Systems, Inc. All rights reserved. Printed in USA. Presentation_ID.scr

68

34

Scalability and Redundancy

• Layer three

• Layer two

HSRP

Spanning tree

Summarization

LANE SSRP

Information hiding

EtherChannels

Peer reduction 1402 1030_05F9_c1

© 1999, Cisco Systems, Inc.

69

Layer Three Scalability and Redundancy

1402 1030_05F9_c1

© 1999, Cisco Systems, Inc.

Copyright © 1998, Cisco Systems, Inc. All rights reserved. Printed in USA. Presentation_ID.scr

70

35

HSRP • Hot Standby Router Protocol Ensure that a default route is present for routing protocol impaired devices

• Implies at least two routers on the LAN segment • Router load can be balanced by running multiple, simultaneous HSRP groups and dividing the users on a subnet between them 1402 1030_05F9_c1

71

© 1999, Cisco Systems, Inc.

Redundancy and Load Balancing with HSRP Host A Even Subnet Gateway

10.1 Host B 10.0 Odd Subnet 10.100 Gateway

11.1 Host C 11.0 Odd Subnet 11.100 Gateway

X HSRP Primary Even Subnets, Even VLANs, 10, 12, 14, 16 1402 1030_05F9_c1

© 1999, Cisco Systems, Inc.

Copyright © 1998, Cisco Systems, Inc. All rights reserved. Printed in USA. Presentation_ID.scr

15.1 15.0 15.100

Host D Odd Subnet Gateway

17.1 17.0 17.100

Y HSRP Primary Odd Subnets, Odd VLANs, 11, 13, 15, 17 72

36

Summarization and Information Hiding • WAN modules have lots of routes But from the campus’ point of view, there’s no need to know all the detail Therefore, summarize to the core and thus to the campus routers

• Rule of thumb Summarize toward the core Send as few prefixes as possible toward the access layers 1402 1030_05F9_c1

73

© 1999, Cisco Systems, Inc.

Peer Reduction • Inverse relationship between number of router peers and number of route prefixes advertised As the number of peers go up, reduce the number of prefixes you send As the number of peers go down, you can generally advertise more routes

• Topology is how you control how many neighbors you have 1402 1030_05F9_c1

© 1999, Cisco Systems, Inc.

Copyright © 1998, Cisco Systems, Inc. All rights reserved. Printed in USA. Presentation_ID.scr

74

37

Peer Reduction

• VLANs and redundant, parallel routers on them can result in artificially highneighbor counts The same two routers end up seeing each other across many different sub-interfaces Turn off IP routing on all but the backbone links If the IPX® route table is big enough, you might need to sacrifice automatic layer three redundancy on VLANs 1402 1030_05F9_c1

© 1999, Cisco Systems, Inc.

75

Layer Two Scalability and Redundancy

1402 1030_05F9_c1

© 1999, Cisco Systems, Inc.

Copyright © 1998, Cisco Systems, Inc. All rights reserved. Printed in USA. Presentation_ID.scr

76

38

Spanning Tree • Ethernet packets have no concept of “time to live” (TTL) • Redundant topologies form loops • Without some mechanism to “break” the loop, packets would circulate through the network endlessly • Spanning tree creates a loop free topology • When a link changes state, a new tree is calculated 1402 1030_05F9_c1

77

© 1999, Cisco Systems, Inc.

Spanning Tree

• Depending on the VLAN technology, the tree is either common for all VLANs in a switched domain or each VLAN can have it’s own root and therefore it’s own tree topology • If each VLAN can have it’s own spanning tree, then this can be exploited for load balancing traffic 1402 1030_05F9_c1

© 1999, Cisco Systems, Inc.

Copyright © 1998, Cisco Systems, Inc. All rights reserved. Printed in USA. Presentation_ID.scr

78

39

Redundancy and Load Balancing with Spanning Tree VLANs 10, 11 A

VLANs 12, 13 B

F10 F 11 B11 B 10

F 12 F 13 B 13 B 12

VLANs 14, 15 C F 14 F 15 B 15 B 14

F Forwarding B Blocking X STP Root Even VLANs 10, 12, 14, 16 1402 1030_05F9_c1

VLANs 16, 17 D F 16 F 17 B 17 B 16

ISL Trunks VLAN Multiplexing Fast Ethernet or Fast EtherChannel

Y STP Root Odd VLANs 11, 13, 15, 17

© 1999, Cisco Systems, Inc.

79

Issues with Spanning Tree in a VLAN World • Spanning tree was designed for a general case that predates VLANs by a decade • Problem one: Convergence times are relatively slow even if one cranks the timers down real low

• Problem two: End stations directly connected to switch ports sometimes fail to properly initialize because the spanning tree state hasn’t reached “forwarding” in time 1402 1030_05F9_c1

© 1999, Cisco Systems, Inc.

Copyright © 1998, Cisco Systems, Inc. All rights reserved. Printed in USA. Presentation_ID.scr

80

40

Spanning Tree Optimization Features for Switches • Uplink Fast Fast convergence for link failure Fast relearning of the forwarding database

• Port Fast Full spanning tree logic is wasteful for end station switch ports Port goes immediately for forwarding Port reverts to full spanning tree if spanning tree BPDUs are present 1402 1030_05F9_c1

81

© 1999, Cisco Systems, Inc.

LANE SSRP

• Simple Server Redundancy Protocol • If the LANE services go down, the ELAN goes down • Must ensure that servers always exist so define multiple candidates for each LANE service function on each ELAN 1402 1030_05F9_c1

© 1999, Cisco Systems, Inc.

Copyright © 1998, Cisco Systems, Inc. All rights reserved. Printed in USA. Presentation_ID.scr

82

41

Simple Redundant Design • Cisco solution: LightStream ® 1010 with PNNI

Enterprise Network LECS #1

SSRP for LANE service redundancy

LES/ BUS 1-1

2 ATM ELANs

Catalyst 5000 with DUAL PHY LANE module LANE services distributed for performance and redundancy

LECS #2

LES/BUS 1-2 LES/BUS 2-1

LES/BUS 2-2

Cisco 7500 router redundancy with multiple HSRP groups over LANE 1402 1030_05F9_c1

© 1999, Cisco Systems, Inc.

83

Building Module: Related Networkers Presentations • 304—Introduction to New IP Switching Protocols • 312—Deploying IP Switching Protocols • 505—Deploying High-Availability Campus Networks • 1100 Series Courses—pick your favorite switch 1402 1030_05F9_c1

© 1999, Cisco Systems, Inc.

Copyright © 1998, Cisco Systems, Inc. All rights reserved. Printed in USA. Presentation_ID.scr

84

42

Network Management

1402 1030_05F9_c1

© 1999, Cisco Systems, Inc.

85

Network Management • Switch centric CDP (Cisco Discovery Protocol) DISL (Dynamic ISL Protocol) VTP VMPS VQP

• Global 1402 1030_05F9_c1

© 1999, Cisco Systems, Inc.

Copyright © 1998, Cisco Systems, Inc. All rights reserved. Printed in USA. Presentation_ID.scr

86

43

Issue: Lack of Layer 2 to Layer 3 Perspectives • NMS topology views extremely IP centric • NMS views do not reflect multiple active or redundant links between devices • NMS views unable to provide requisite visibility and control in switched environments 1402 1030_05F9_c1

87

© 1999, Cisco Systems, Inc.

Cisco Discovery Protocol (CDP) Cisco Discovery Protocol

• What is CDP? CDP is a media and protocol independent advertisement protocol providing visibility into network adjacencies and running on almost all Cisco devices 1402 1030_05F9_c1

Cisco Discovery Protocol

© 1999, Cisco Systems, Inc.

Copyright © 1998, Cisco Systems, Inc. All rights reserved. Printed in USA. Presentation_ID.scr

Cisco Discovery Protocol

Cisco Discovery Protocol

88

44

Problem: Auto-Configuration of VLAN Trunking • VLAN interoperability standard IEEE 802.1Q still awaiting ratification

Non-T

• The need to automate ISL trunk configuration to ease network management burden

T

• Possible loss in network connectivity and/or loops due to inconsistencies while ASIC-based ISL packet tagging attempts to connect to native fast Ethernet interfaces 1402 1030_05F9_c1

89

© 1999, Cisco Systems, Inc.

Dynamic ISL DISL Negotiation

• DISL synchronizes two ends of a fast Ethernet trunk to be in ISL mode or native Ethernet mode

• What State Are You in • BTW My State Is! • Lets Trunk! or Sorry!

• DISL prevents the need for management intervention on both sides of a trunking capable link • DISL state on a ISL trunking capable port can be set to either “Auto”, “On”, “Off” or “Desirable” 1402 1030_05F9_c1

Dynamic ISL

Dynamic ISL

© 1999, Cisco Systems, Inc.

Copyright © 1998, Cisco Systems, Inc. All rights reserved. Printed in USA. Presentation_ID.scr

Dynamic ISL 90

45

VTP • Problem: I want to add the first port of a pre-existing VLAN to a switch that currently has no ports in that VLAN How do I reconnect with the VLAN? Do I have to reconfigure every switch in the path

• VTP automates this function 1402 1030_05F9_c1

91

© 1999, Cisco Systems, Inc.

VQP/VMPS • Problem: I want ports to dynamically join VLAN and to authenticate their right to join • VMPS VLAN Membership Policy Server running on the switches is queried by

• VQP—Virtual Query Protocol VQP helps us recognize and authenticate users as they plug into these switches 1402 1030_05F9_c1

© 1999, Cisco Systems, Inc.

Copyright © 1998, Cisco Systems, Inc. All rights reserved. Printed in USA. Presentation_ID.scr

92

46

Network Management: Global

• Three modes of management Operational Drill down problem determination Planning

• Don’t forget it 1402 1030_05F9_c1

© 1999, Cisco Systems, Inc.

93

Network Management—Operational

• SNMP GUI for network maps Usually have to supplement with manually drawn maps No matter how you generate them, keep them current

• Syslog monitoring for alarms and events 1402 1030_05F9_c1

© 1999, Cisco Systems, Inc.

Copyright © 1998, Cisco Systems, Inc. All rights reserved. Printed in USA. Presentation_ID.scr

94

47

Network Management—Drill Down

• Console tools Cisco IOS debug

• Remote capture devices

1402 1030_05F9_c1

© 1999, Cisco Systems, Inc.

95

Network Management—Planning

• SNMP statistics capture • RMON statistics capture • NetFlow accounting stats • Completes the planning cycle

1402 1030_05F9_c1

© 1999, Cisco Systems, Inc.

Copyright © 1998, Cisco Systems, Inc. All rights reserved. Printed in USA. Presentation_ID.scr

96

48

Network Management: Related Networkers Presentations

• 800 Series Courses

1402 1030_05F9_c1

97

© 1999, Cisco Systems, Inc.

Services

1402 1030_05F9_c1

© 1999, Cisco Systems, Inc.

Copyright © 1998, Cisco Systems, Inc. All rights reserved. Printed in USA. Presentation_ID.scr

98

49

Services

• Security • QoS • Multicast

1402 1030_05F9_c1

99

© 1999, Cisco Systems, Inc.

Security

1402 1030_05F9_c1

© 1999, Cisco Systems, Inc.

Copyright © 1998, Cisco Systems, Inc. All rights reserved. Printed in USA. Presentation_ID.scr

100

50

Security Is an Operational Process Secure

Monitor Configuration Metrics

Security Actions

Corporate Security Policy

Attack Metrics

Vulnerability Metrics

Improve 1402 1030_05F9_c1

Test 101

© 1999, Cisco Systems, Inc.

Bare-Bones Internet/Extranet Connections Corporate Network

Engineering Engineering

Firewall

Finance Finance

Cisco Router

Internet

Switch

WWW Server

Admin Admin

DNS Server DNS

Cisco Router

Cisco Router

Dial-Up Dial-Up Access Access 1402 1030_05F9_c1

Business Business Partner Partner

© 1999, Cisco Systems, Inc.

Copyright © 1998, Cisco Systems, Inc. All rights reserved. Printed in USA. Presentation_ID.scr

102

51

Implement Identity and Integrity Functionality Corporate Network Cisco Secure Server Engineering Engineering

ID/Auth. ID/Auth. TACACS+ TACACS+

Finance Finance

PIX Firewall

Cisco IOS Firewall Cisco Router

Internet

Switch

WWW Server

Admin Admin

DNS Server DNS

Cisco IOS Firewall Cisco Router

Cisco IOS Firewall Cisco Router Dial-Up Dial-Up Access Access

1402 1030_05F9_c1

Business Business Partner Partner 103

© 1999, Cisco Systems, Inc.

Improve Security with Active Audit “Appliance” Capabilities Corporate Network

Cisco Secure NetRanger Server

NetRanger NetRanger

Engineering Engineering

ID/Auth. ID/Auth. TACACS+ TACACS+

Finance Finance

NetRanger NetRanger

PIX™ Firewall

Cisco IOS Firewall Cisco Router

Internet

Switch

WWW Server NetRanger NetRanger

NetRanger NetRanger

Encrypted Control Link

NetSonar DNS Server

Admin Admin

DNS

Cisco IOS Firewall Cisco Router

Cisco IOS Firewall Cisco Router Dial-Up Dial-Up Access Access

1402 1030_05F9_c1

Business Business Partner Partner

© 1999, Cisco Systems, Inc.

Copyright © 1998, Cisco Systems, Inc. All rights reserved. Printed in USA. Presentation_ID.scr

NetRanger Director

3rd Party Security Monitoring 104

52

Security: Related Networkers Presentations • 1303—Update on Firewall Technologies • 1305—Intrusion Detection and Scanning with Active Audit • 1306—Expanding ISP and Enterprise Connectivity with Cisco IOS NAT • 1308—Cisco Security Consulting Services Update 1402 1030_05F9_c1

© 1999, Cisco Systems, Inc.

105

Quality of Service

1402 1030_05F9_c1

© 1999, Cisco Systems, Inc.

Copyright © 1998, Cisco Systems, Inc. All rights reserved. Printed in USA. Presentation_ID.scr

106

53

Quality of Service

• Enable the network to run applications with conflicting requirements Protect the mission-critical applications Support the bandwidth, latency, and jitter requirements of audio, video, and real-time applications

• Enable intelligent and differentiated services 1402 1030_05F9_c1

© 1999, Cisco Systems, Inc.

107

Consistent Quality of Service • QoS signaling Resource reSerVation Protocol (RSVP) IP Precedence

• Smart scheduling Priority queuing Custom queuing Weighted fair queuing Random Early Detection (RED)

• Traffic shaping • Policy management applications (H2 ’98) 1402 1030_05F9_c1

© 1999, Cisco Systems, Inc.

Copyright © 1998, Cisco Systems, Inc. All rights reserved. Printed in USA. Presentation_ID.scr

108

54

Cisco’s Quality of Service Solutions ATM Switch RSVP <-> ATM QoS Translation RSVP, WFQ Router RSVP and RTP for Host <->Router Interface

GTS, FRTS, CAR, RED, WFQ for Backbone QoS Fragmentation and Interleaving for Slow Links

IP Precedence to 802.1p Mapping

Switch

RSVP and RTP in the Hosts (Cisco and Partner Companies) 1402 1030_05F9_c1

© 1999, Cisco Systems, Inc.

109

QoS: Related Networkers Presentations • 319—Advanced Traffic Management Concepts • 400 Series Courses • 502—Introduction to QoS for Campus Networks • 608—Video and Multimedia Protocols and Architectures • 807—Introduction to Cisco QoS Policy Manager

1402 1030_05F9_c1

© 1999, Cisco Systems, Inc.

Copyright © 1998, Cisco Systems, Inc. All rights reserved. Printed in USA. Presentation_ID.scr

110

55

Multicast

1402 1030_05F9_c1

111

© 1999, Cisco Systems, Inc.

Why Multicast?

• When sending same data to multiple receivers Better bandwidth utilization Less host/router processing

• Receivers’ addresses unknown 1402 1030_05F9_c1

© 1999, Cisco Systems, Inc.

Copyright © 1998, Cisco Systems, Inc. All rights reserved. Printed in USA. Presentation_ID.scr

112

56

Unicast vs. Multicast

Unicast Host Router

Multicast Host Router 1402 1030_05F9_c1

113

© 1999, Cisco Systems, Inc.

Multicast Advantages Example: Audio Streaming All Clients Listening to the Same 8 Kbps Audio

Multicast Unicast 0.8 0.6 Traffic 0.4 Mbps 0.2 0 1

20

40 60 # Clients

80

100

• Enhanced Efficiency: Controls network traffic and reduces server and CPU loads • Optimized Performance: Eliminates traffic redundancy • Distributed Applications: Makes multipoint applications possible 1402 1030_05F9_c1

© 1999, Cisco Systems, Inc.

Copyright © 1998, Cisco Systems, Inc. All rights reserved. Printed in USA. Presentation_ID.scr

114

57

Multicast Disadvantages Multicast Is UDP-Based • Best Effort Delivery: Drops are to be expected. Multicast applications should not expect reliable delivery of data and should be designed accordingly. Reliable multicast is still an area for much research. Expect to see more developments in this area. • No Congestion Avoidance: Lack of TCP windowing and “slowstart” mechanisms can result in network congestion. If possible, multicast applications should attempt to detect and avoid congestion conditions. • Duplicates: Some multicast protocol mechanisms (e.g., Asserts, Registers and SPT Transitions) result in the occasional generation of duplicate packets. Multicast applications should be designed to expect occasional duplicate packets. 1402 1030_05F9_c1

© 1999, Cisco Systems, Inc.

115

Types of Multicast Protocols • Dense-mode Broadcast and prune behavior Similar to radio broadcast

• Sparse-mode Explicit join behavior Similar to pay per view

• Sparse-dense mode Combines functions of both modes 1402 1030_05F9_c1

© 1999, Cisco Systems, Inc.

Copyright © 1998, Cisco Systems, Inc. All rights reserved. Printed in USA. Presentation_ID.scr

116

58

L2 Multicast Frame Switching Problem: Layer 2 Flooding of Multicast Frames • Typical L2 switches treat multicast traffic as unknown or broadcast and must “flood” the frame to every port

PIM

• Static entries can sometimes be set to specify which ports should receive which group(s) of multicast traffic

Multicast M

• Dynamic configuration of these entries would cut down on user administration 1402 1030_05F9_c1

117

© 1999, Cisco Systems, Inc.

L2 Multicast Frame Switching Solution 1: CGMP—Cisco Group Multicast Protocol • Runs on both the switches and the router

PIM

• Router sends CGMP multicast packets to the switches at a well known multicast MAC address: 0100.0cdd.dddd • CGMP packet contains: type field— join or LeaveMAC address of the IGMP client multicast address of the group

CGMP Commands

IGMP

• Switch uses CGMP packet info to add or remove an entry for a particular multicast MAC address 1402 1030_05F9_c1

© 1999, Cisco Systems, Inc.

Copyright © 1998, Cisco Systems, Inc. All rights reserved. Printed in USA. Presentation_ID.scr

118

59

L2 Multicast Frame Switching Solution 2: IGMP Snooping • Switches become “IGMP” aware

PIM

• IGMP packets intercepted by the NMP or by special hardware ASICs • Switch must examine contents of IGMP messages to determine which ports want what traffic IGMP membership reports IGMP leave messages

IGMP

• Impact on switch : Must process ALL Layer 2 multicast packets Admin. load increases with multicast traffic load

IGMP

Requires special h/w to maintain throughput 1402 1030_05F9_c1

© 1999, Cisco Systems, Inc.

119

Multicast: Related Networkers Presentations

• 302—Introduction to IP Multicast • 306—PIM Protocol Concepts • 314—Deploying IP Multicast • 320—Advances in Multicast Technology 1402 1030_05F9_c1

© 1999, Cisco Systems, Inc.

Copyright © 1998, Cisco Systems, Inc. All rights reserved. Printed in USA. Presentation_ID.scr

120

60

Summary • The size and complexity of modern networks lead to compartmentalization and specialization • Be that as it may, a system view is a requirement for efficient operation • It is essential that the various controlling entities cooperate • A master plan and a master architect must be identified • Don’t let your network turn into bad piece of performance art 1402 1030_05F9_c1

121

© 1999, Cisco Systems, Inc.

Please Complete Your Evaluation Form Session 1402

1402 1030_05F9_c1

© 1999, Cisco Systems, Inc.

Copyright © 1998, Cisco Systems, Inc. All rights reserved. Printed in USA. Presentation_ID.scr

122

61

1402 1030_05F9_c1

© 1999, Cisco Systems, Inc.

Copyright © 1998, Cisco Systems, Inc. All rights reserved. Printed in USA. Presentation_ID.scr

123

62