1501 1120_06F9_c2
1
© 1999, Cisco Systems, Inc.
Large Meshed IP Backbone Architecture Session 1501
1501 1120_06F9_c2...
13 downloads
357 Views
1MB Size
Report
This content was uploaded by our users and we assume good faith they have the permission to share this book. If you own the copyright to this book and it is wrongfully on our website, we offer a simple DMCA procedure to remove your content from our site. Start by pressing the button below!
Report copyright / DMCA form
1501 1120_06F9_c2
1
© 1999, Cisco Systems, Inc.
Large Meshed IP Backbone Architecture Session 1501
1501 1120_06F9_c2
© 1999, Cisco Systems, Inc.
Copyright © 1998, Cisco Systems, Inc. All rights reserved. Printed in USA. Presentation_ID.scr
2
1
Agenda
• Why? What? Who? • Network Topologies • Addressing • Routing • Other Stuff 1501 1120_06F9_c2
3
© 1999, Cisco Systems, Inc.
Who Are You?
• Internet Service Provider/ telephone company • Very large corporation • Government • Aspiring one of above • Principles also apply to smaller nets 1501 1120_06F9_c2
© 1999, Cisco Systems, Inc.
Copyright © 1998, Cisco Systems, Inc. All rights reserved. Printed in USA. Presentation_ID.scr
4
2
Definitions • PoP—Point of Presence vPoP—Virtual PoP (backhauled access point) Hub—Major ISP presence; large central PoP
• Routing—Building a forwarding table • Forwarding—Switching packets between interfaces • Transit—Carrying traffic across a network, perhaps for a fee • Peering—Exchanging routing information and traffic • Default—A next hop indication when no explicit match is in the forwarding table 1501 1120_06F9_c2
5
© 1999, Cisco Systems, Inc.
Definitions • Neighbors—AS’s which directly exchange routing information • Announce—Send routing information to a neighbour • Accept—Receive and use routing information sent by a neighbour • Originate—Insert routing information into external announcements • Peers—Routers in neighbouring AS’s or within one AS which exchange routing and policy information 1501 1120_06F9_c2
© 1999, Cisco Systems, Inc.
Copyright © 1998, Cisco Systems, Inc. All rights reserved. Printed in USA. Presentation_ID.scr
6
3
Autonomous System (AS) AS 100
• Collection of networks with same routing policy • Single routing protocol • Usually under single ownership, trust and administrative control 1501 1120_06F9_c2
7
© 1999, Cisco Systems, Inc.
Customers • Define “us” or “them” • A domain (us.com, them.gov)? • An autonomous system? • Administrative boundaries and controls
Them 1501 1120_06F9_c2
© 1999, Cisco Systems, Inc.
Copyright © 1998, Cisco Systems, Inc. All rights reserved. Printed in USA. Presentation_ID.scr
Us 8
4
Customers (Cont.) • Easy for ISP—The people who give you money • Harder for very large organizations (corporations, governments, etc.) Subsidiaries Geographic boundaries Departments 1501 1120_06F9_c2
9
© 1999, Cisco Systems, Inc.
Basic Scaling Concepts
Regional Regional Network NetworkB B
• Hierarchy • Discipline • Information reduction • Consistency
NAP NAP
Japan
Europe
NAP
Milnet Milnet Backbone Backbone 22
Backbone Backbone 33
Fed Fed Nets Nets FIX-East FIX-East
FIX-West FIX-West
Australia
• Planning
1501 1120_06F9_c2
NAP NAP
Backbone Backbone 11
© 1999, Cisco Systems, Inc.
Copyright © 1998, Cisco Systems, Inc. All rights reserved. Printed in USA. Presentation_ID.scr
CIX CIX
Regional Regional Network NetworkA A
MAF(E/+)-East MAF(E/+)-East
Backbone Backbone 4, 4, 5, 5, N N
10
5
Scaling Sizes • First order: 1,000 sites • Second order: 10,000 sites 10 x 1,000 site networks
• Third order: 100,000 sites 100 x 1,000 site networks
• “Fractal Design” Self-repeating patterns 1501 1120_06F9_c2
11
© 1999, Cisco Systems, Inc.
Topology
Backbone
• Backbone • Distribution • Access
1501 1120_06F9_c2
© 1999, Cisco Systems, Inc.
Copyright © 1998, Cisco Systems, Inc. All rights reserved. Printed in USA. Presentation_ID.scr
Distribution
Access
12
6
Topology • Core routers—High speed trunk connections • Distribution routers—High port density • Access routers—Connections to others • Some functions may be collapsed into a single box • Some functions can be handled by switches (but not all at once) 1501 1120_06F9_c2
13
© 1999, Cisco Systems, Inc.
Backbone • 10 to 40-50 Locations Scaling Routing Manageability
• Simple One routing protocol One media No packet manipulation 1501 1120_06F9_c2
© 1999, Cisco Systems, Inc.
Copyright © 1998, Cisco Systems, Inc. All rights reserved. Printed in USA. Presentation_ID.scr
14
7
Backbone (Cont.) • Fast Interconnect only No customer access
• Highly reliable locations Power Staffing Physical Hardening 1501 1120_06F9_c2
15
© 1999, Cisco Systems, Inc.
Backbone (Cont.) • Locations Data centers Telephone central offices/PoPs
• Should follow physical topology Optical fiber plant ATM switches Circuit pricing issues 1501 1120_06F9_c2
© 1999, Cisco Systems, Inc.
Copyright © 1998, Cisco Systems, Inc. All rights reserved. Printed in USA. Presentation_ID.scr
16
8
Backbone
1501 1120_06F9_c2
17
© 1999, Cisco Systems, Inc.
Layer 2 Switched vs. Layer 3 Switched
• ATM or Frame Relay
• SONET
Finer control granularity
Less overhead
Circuit oriented
Layer 3 based control
N squared issue
1501 1120_06F9_c2
© 1999, Cisco Systems, Inc.
Copyright © 1998, Cisco Systems, Inc. All rights reserved. Printed in USA. Presentation_ID.scr
18
9
Network Topologies • Switched backbone • Frame Relay or ATM Switches in the core Surrounded by routers
• More complex routing and debugging • Traffic management 1501 1120_06F9_c2
19
© 1999, Cisco Systems, Inc.
Network Topologies
• Routed backbone • HDLC or PPP links between routers • Easier routing configuration and debugging
1501 1120_06F9_c2
© 1999, Cisco Systems, Inc.
Copyright © 1998, Cisco Systems, Inc. All rights reserved. Printed in USA. Presentation_ID.scr
20
10
POSIP vs ATM
• Pure IP networks • Efficient link usage • Well known routing protocols for best effort traffic
1501 1120_06F9_c2
• Multiservice networks Frame Relay Circuit emulation
• Very granular QoS
21
© 1999, Cisco Systems, Inc.
SONET SRP-LC
ADM
SRP-LC O-Rx I-Tx I-Rx O-Tx
ADM
O-Tx I-Rx I-Tx O-Rx
SONET/SDH Network
ADM
O-Tx I-Rx I-Tx O-Rx
SRP-LC
• Clock derived from SONET/SDH network • Looped or line timed 1501 1120_06F9_c2
© 1999, Cisco Systems, Inc.
Copyright © 1998, Cisco Systems, Inc. All rights reserved. Printed in USA. Presentation_ID.scr
22
11
WDM or Direct to Fiber SRP-LC O-Rx I-Tx
WDM
WDM
~ ~
~ ~
I-Rx O-Tx 20ppm
O-Tx I-Rx
SRP-LC 20ppm
I-Tx O-Rx Direct to Fiber or through Regen
• Clock derived from internal oscillator • No need for central clock source • No complex clocking requirements • Although it is a ring topology clocking is pt to pt • Similar to doing POS back to back 1501 1120_06F9_c2
23
© 1999, Cisco Systems, Inc.
Layer 2 Switched
• ATM Often less expensive (for noncarrier) Easy city-pair traffic engineering
1501 1120_06F9_c2
© 1999, Cisco Systems, Inc.
Copyright © 1998, Cisco Systems, Inc. All rights reserved. Printed in USA. Presentation_ID.scr
24
12
Layer 2 Switched • Full mesh of circuits
CHI
• Separates circuit capacity • A fully meshed ISP backbone is common mistake of single Layer 2 thinking • Full mesh ISP backbones limit scalability as they grow in size 1501 1120_06F9_c2
SFO BOS
LAX
NYC
DEN ATL DFW
25
© 1999, Cisco Systems, Inc.
Layer 2 Switched CHI
• n squared hard to manage • If buying bandwidth, can add to hot city pair • n(n-1) peers
SFO BOS
LAX
NYC
DEN ATL
• No hierarchy DFW
• Limited scalability 1501 1120_06F9_c2
© 1999, Cisco Systems, Inc.
Copyright © 1998, Cisco Systems, Inc. All rights reserved. Printed in USA. Presentation_ID.scr
26
13
State of the Internet POP 5,000
2 x OC48 4,000
City-Pair Bandwidth Requirements
3,000
Mbps
OC48 Tier 1 ISP
2,000
2 x OC12 1,000 OC12
Tier 2 ISP
500 0
Jan ’96 1501 1120_06F9_c2
Jan ’97
Jan ’98
Jan ’99
27
© 1999, Cisco Systems, Inc.
Layer 3—IP IP • Reducing unnecessary layers of equipment significantly Lowers equipment cost
ATM SONET/SDH
Lowers operational cost
WDM
Simplifies architecture
FIBER 1501 1120_06F9_c2
© 1999, Cisco Systems, Inc.
Copyright © 1998, Cisco Systems, Inc. All rights reserved. Printed in USA. Presentation_ID.scr
28
14
No Switched Layer 2 CHI SFO BOS
• Direct fiber connectivity
LAX
NYC
DEN ATL DFW
1501 1120_06F9_c2
29
© 1999, Cisco Systems, Inc.
Tiered Network Design Other Regions
Other Regions Core Other Regions
Distribution Layer
Access Layer 1501 1120_06F9_c2
© 1999, Cisco Systems, Inc.
Copyright © 1998, Cisco Systems, Inc. All rights reserved. Printed in USA. Presentation_ID.scr
30
15
Distribution Backbone
Distribution Networks
• Mesh of meshes • Take advantage of tariffs and regional infrastructure 1501 1120_06F9_c2
31
© 1999, Cisco Systems, Inc.
POP Intraconnect
FDDI 100Mbps
POS N x 155
1501 1120_06F9_c2
© 1999, Cisco Systems, Inc.
Copyright © 1998, Cisco Systems, Inc. All rights reserved. Printed in USA. Presentation_ID.scr
SRP 2 x 622Mbps
Fast/Gig Ethernet 100/1000Mbps
32
16
Distributed POP—Metro Area Backbone
MAN
Access Ring
Access Ring
Access Ring
1501 1120_06F9_c2
33
© 1999, Cisco Systems, Inc.
Frame Relay Example
Backbone PoP
Peer Networks
POP Intraconnect
Location Access
Residential Access Commercial Frame Relay Provider 1501 1120_06F9_c2
Commercial Bandwidth Provider
© 1999, Cisco Systems, Inc.
Copyright © 1998, Cisco Systems, Inc. All rights reserved. Printed in USA. Presentation_ID.scr
34
17
Access • Last piece of equipment you control Aggregation equipment in POP Customer Premise Equipment (CPE)
• Define demarcation point WAN link to customer? LAN port on router at customer? See Session #2xx Access Technologies 1501 1120_06F9_c2
© 1999, Cisco Systems, Inc.
35
Reliability vs. Cost Tradeoffs • Within backbone • Distribution to access • WAN links • Access equipment • Service level agreements • Users impacted X costs/user 1501 1120_06F9_c2
© 1999, Cisco Systems, Inc.
Copyright © 1998, Cisco Systems, Inc. All rights reserved. Printed in USA. Presentation_ID.scr
36
18
Point of Impact
Backbone
Peer Networks
PoP Location Access
Residential Access
1501 1120_06F9_c2
37
© 1999, Cisco Systems, Inc.
PoP Design • Triple Layered POP Redundancy Two connection to the backbone from any border router Two border routers, load balanced with one able to take the full load Two POP interconnect devices and/or a physical failover medium ( FE/GE, POS, DTP) 1501 1120_06F9_c2
© 1999, Cisco Systems, Inc.
Copyright © 1998, Cisco Systems, Inc. All rights reserved. Printed in USA. Presentation_ID.scr
Backbone
Border
Intra-POP Interconnect
POP Intraconnect
Access
38
19
Addressing
1501 1120_06F9_c2
39
© 1999, Cisco Systems, Inc.
Addressing
• Registered/nonregistered • Customer addresses • Infrastructure addresses • Aggregating addresses
See Session #806 “DNS, DHCP and IP Address Management” 1501 1120_06F9_c2
© 1999, Cisco Systems, Inc.
Copyright © 1998, Cisco Systems, Inc. All rights reserved. Printed in USA. Presentation_ID.scr
40
20
Not Registered (Private) • RFC 1918 10.0.0.0
10.255.255.255
172.16.0.0
172.31.255.255
192.68.0.0
192.68.255.255
• Not Internet routed • Technically possible to use for ISP Infrastructure—Not recommended 1501 1120_06F9_c2
41
© 1999, Cisco Systems, Inc.
Registered Space • Harder to get huge blocks • Expected with ISPs Traceroute—Public debugging help
• ARIN/APNIC/RIPE • Upstream/transit ISP offers some of their addressing Can lock you in 1501 1120_06F9_c2
© 1999, Cisco Systems, Inc.
Copyright © 1998, Cisco Systems, Inc. All rights reserved. Printed in USA. Presentation_ID.scr
42
21
Separate Infrastructure and Customer Addressing
• Eases administration of policies • Security and management • Routing management • Don’t share network 10!
1501 1120_06F9_c2
43
© 1999, Cisco Systems, Inc.
Customer vs. Infrastructure Customer 1 10.0.0.0
Customer 2 172.16.0.0
Customer 3 192.192.192.0 You 10.0.0.0? 172.16.0.0? W.X.Y.Z? ?
Customer 4 10.0.0.0
See Session #1306 “Expanding Connectivity With NAT” 1501 1120_06F9_c2
© 1999, Cisco Systems, Inc.
Copyright © 1998, Cisco Systems, Inc. All rights reserved. Printed in USA. Presentation_ID.scr
44
22
Addresses Not Scaling 195.54.212.16 195.54.212.17 195.54.212.18 195.54.212.19 195.54.212.24 195.54.212.25 195.54.212.26 195.54.212.27 195.54.212.33 195.54.212.34
lint.abc.com ping.abc.com biff.abc.com hill.abc.com ftp.abc.com mail.abc.com wish.abc.com dirt.abc.com note.abc.com rex.abc.com
195.54.212.14 195.54.212.15 195.54.212.20 195.54.212.21 195.54.212.22 195.54.212.23 195.54.212.28 195.54.212.29 195.54.212.30 195.54.212.31
jill.abc.com goof.abc.com over.abc.com retro.abc.com mike.abc.com lazy.abc.com wiz.abc.com sas.abc.com chez.abc.com pez.abc.com
• Too many routes • Wasted address space 1501 1120_06F9_c2
© 1999, Cisco Systems, Inc.
45
Aggregating Addresses
• Prefixes in backbone 60,000 Entries in Internet on 6/2/99 http://www.employees.org/~tbates/
• Scaling method for routing
1501 1120_06F9_c2
© 1999, Cisco Systems, Inc.
Copyright © 1998, Cisco Systems, Inc. All rights reserved. Printed in USA. Presentation_ID.scr
46
23
What Is Route Summarization? 172.16.25.0/24
172.16.26.0/24
I Can Route to the 172.16.0.0/16 Network
A
172.16.27.0/24
Routing Table 172.16.25.0/24 172.16.26.0/24 172.16.27.0/24
Routing Table 172.16.0.0/16
• Routing protocols can summarize addresses of several networks into one address 1501 1120_06F9_c2
47
© 1999, Cisco Systems, Inc.
Route Aggregation Old Method:
202.14.64.0 202.14.65.0 202.14.66.0
32 Routes
202.14.96.0
New Method:
202.14.64.0/19
1 Route
• 131.108.0.0 /16 versus 255.255.0.0 • Summarizable blocks of subnets 1501 1120_06F9_c2
© 1999, Cisco Systems, Inc.
Copyright © 1998, Cisco Systems, Inc. All rights reserved. Printed in USA. Presentation_ID.scr
48
24
Addressing and ISPs ISP #1 Customer Customer #1 #1 202.14.64.0/19 202.14.64.0/19
Customer Customer #2 #2 202.14.8.0/21 202.14.8.0/21
Customer Customer #3 #3 202.14.2.0/23 202.14.2.0/23
202.14.0.0/16
ISP #2
ISP #3
• Smaller routes aggregated within ISP #1 1501 1120_06F9_c2
49
© 1999, Cisco Systems, Inc.
Route Scaleability
1501 1120_06F9_c2
© 1999, Cisco Systems, Inc.
Copyright © 1998, Cisco Systems, Inc. All rights reserved. Printed in USA. Presentation_ID.scr
50
25
Effects of CIDR in the Internet
Before CIDR After CIDR
1501 1120_06F9_c2
51
© 1999, Cisco Systems, Inc.
Minimum Routing Table Entries Other Regions
Other Regions Backbone Other Regions
Distribution Layer
Could Be as Few as TWO Routing Table Entries from Region to Backbone
Access Layer 1501 1120_06F9_c2
© 1999, Cisco Systems, Inc.
Copyright © 1998, Cisco Systems, Inc. All rights reserved. Printed in USA. Presentation_ID.scr
52
26
Routing
1501 1120_06F9_c2
53
© 1999, Cisco Systems, Inc.
Routing
• Interior Gateway Protocols (IGPs) Infrastructure routes
• Exterior Routing Protocol (BGP) Customer routes, Internet routes
See Session #301 “Introduction to Routing” 1501 1120_06F9_c2
© 1999, Cisco Systems, Inc.
Copyright © 1998, Cisco Systems, Inc. All rights reserved. Printed in USA. Presentation_ID.scr
54
27
Interior vs. Exterior Routing Protocols • Interior
• Exterior
Automatic discovery
Specifically configured peers
Generally trust your IGP information
Connecting with outside networks
Routes go to all IGP routers
1501 1120_06F9_c2
Set administrative boundaries
55
© 1999, Cisco Systems, Inc.
Hierarchy of Routing Protocols Other ISPs BGP4
BGP4/OSPF
BGP4 Local NAP FDDI
1501 1120_06F9_c2
© 1999, Cisco Systems, Inc.
Copyright © 1998, Cisco Systems, Inc. All rights reserved. Printed in USA. Presentation_ID.scr
BGP4/Static
Customers
56
28
What Is an IGP? • Interior gateway protocol • Within an autonomous system • Carries information about internal prefixes • Examples—OSPF or ISIS or EIGRP • Classless (VLSM) 1501 1120_06F9_c2
57
© 1999, Cisco Systems, Inc.
Enhanced IGRP • Extremely fast convergence • Discontiguous subnets • Arbitrary route summarization • Supports prefix and host routing
• Best of DV and LS • Low overhead • Guaranteed loop free • Reliable, incremental update based • Does not enforce discipline!
See Session #307 “Deploying (E)IGRP)” 1501 1120_06F9_c2
© 1999, Cisco Systems, Inc.
Copyright © 1998, Cisco Systems, Inc. All rights reserved. Printed in USA. Presentation_ID.scr
58
29
OSPF • Open Shortest Path First • Link state or SPF technology • Developed by OSPF working group of IETF (RFC 1253) • Designed expressly for TCP/IP Internet environment 1501 1120_06F9_c2
• Fast convergence • Variable-length subnet masks • Discontiguous subnets • No periodic updates • Route authentication
59
© 1999, Cisco Systems, Inc.
OSPF Areas and Rules
• Backbone area (0) must be present Area 2
Area 3
• All other areas must have connection to backbone • Backbone must be contiguous
Area 0
Area 4 Area 1
• Do not partition area (0)
1501 1120_06F9_c2
© 1999, Cisco Systems, Inc.
Copyright © 1998, Cisco Systems, Inc. All rights reserved. Printed in USA. Presentation_ID.scr
60
30
Scalable OSPF Network Design
• Area hierarchy • Stub areas • Addressing • Route summarisation
1501 1120_06F9_c2
61
© 1999, Cisco Systems, Inc.
OSPF Rules of Thumb Backbone Area 0 Area 1
Area 3
Area 2
• Max of 3 areas per router • Max of 25, 50, or 100 routers per area • Use default routing and stub areas wherever possible • If links are unstable, reduce the number of routers per area 1501 1120_06F9_c2
© 1999, Cisco Systems, Inc.
Copyright © 1998, Cisco Systems, Inc. All rights reserved. Printed in USA. Presentation_ID.scr
62
31
Inter-Area Route Summarisation • Prefix or all subnets • Prefix or all networks
R2
• ‘Area range’ command With Summarisation
Network 1
Next Hop R1
Without Network Summarisation 1.A 1.B 1.C
Next Hop R1 R1 R1
FDDI Dual Ring
Backbone Area 0
R1 (ABR) Area 1
1501 1120_06F9_c2
1.A
1.B
1.C
63
© 1999, Cisco Systems, Inc.
When to Use OSPF
• Large hierarchical networks • Can scale very large • Topology restrictions
See Session #308 “Deploying OSPF/ISIS” 1501 1120_06F9_c2
© 1999, Cisco Systems, Inc.
Copyright © 1998, Cisco Systems, Inc. All rights reserved. Printed in USA. Presentation_ID.scr
64
32
IS-IS • IS = Intermediate System • Dual IS-IS • Integrated IS-IS • Metric is 6 bits wide (1-63)* • All interfaces default to 10 1501 1120_06F9_c2
• ISO 10589 • Two types of areas: Level-1 other areas Level-2 backbone
• Default for each level • Much like OSPF • Scales well
© 1999, Cisco Systems, Inc.
65
Configuring Aggregation
• Three ways to configure route aggregation Redistribute static Network command Aggregate-address command
1501 1120_06F9_c2
© 1999, Cisco Systems, Inc.
Copyright © 1998, Cisco Systems, Inc. All rights reserved. Printed in USA. Presentation_ID.scr
66
33
Not Summarised: Specific Links • Specific link LSA advertised out • Link state changes propagate out
External Links ASBR
Backbone Area #0
1.A 1.B 1.C 1.D
2.A 2.B 2.C
1.B
3.B
1.A Token Ring
Token Ring
3.A 3.B 3.C 3.D
Token Ring
2.B
Token Ring
Token Ring
1.D
1.C
3.A
3.C
3.D
2.A
Token Ring
2.C 1501 1120_06F9_c2
67
© 1999, Cisco Systems, Inc.
Not Summarised: Specific Links • Only summary LSA advertised in/out • Link state changes do not propagate
External Links ASBR
Backbone Area #0
1
3
2 1.B
3.B
1.A
3.A
2.B 1.C
1501 1120_06F9_c2
1.D
2.A
© 1999, Cisco Systems, Inc.
Copyright © 1998, Cisco Systems, Inc. All rights reserved. Printed in USA. Presentation_ID.scr
3.C
3.D
68
34
What Is an EGP? • Exterior Gateway Protocol • Used to convey routing information between autonomous systems • De-coupled from the IGP • Current EGP is border gateway protocol See Session #309 “Deploying BGP” 1501 1120_06F9_c2
© 1999, Cisco Systems, Inc.
69
Why Do We Need an EGP? • Scaling to large network Hierarchy Limit scope of failure
• Policy Control reachability to prefixes Merge separate organizations Connect multiple IGPs 1501 1120_06F9_c2
© 1999, Cisco Systems, Inc.
Copyright © 1998, Cisco Systems, Inc. All rights reserved. Printed in USA. Presentation_ID.scr
70
35
Border Gateway Protocol (BGP)
• BGP version 4 is the current de facto external routing protocol in the Internet • BGP-4 is required for CIDR
1501 1120_06F9_c2
© 1999, Cisco Systems, Inc.
71
Autonomous System Number (ASN) • Organizational networks within a single domain are known as Autonomous Systems (AS) ASNs are allocated by the APNIC, ARIN, or RIPE-NCC Must have an ASN to run BGP RFC 2050 defines the latest policies for ASN allocations 1501 1120_06F9_c2
© 1999, Cisco Systems, Inc.
Copyright © 1998, Cisco Systems, Inc. All rights reserved. Printed in USA. Presentation_ID.scr
72
36
Policy Drives BGP Requirements
AS 200 BGP
AS 100
BGP
AS 400
BGP
AS 300
• Policy for AS 100: Always use AS 300 path to reach AS 400 1501 1120_06F9_c2
73
© 1999, Cisco Systems, Inc.
Border Gateways • How it affects your traffic patterns
NAP
ISP #3 NAP
ISP #2 ISP #1
Same City
1501 1120_06F9_c2
© 1999, Cisco Systems, Inc.
Copyright © 1998, Cisco Systems, Inc. All rights reserved. Printed in USA. Presentation_ID.scr
74
37
BGP
• How does BGP work? Internal BGP Route reflectors External BGP
1501 1120_06F9_c2
75
© 1999, Cisco Systems, Inc.
Internal BGP (IBGP) Peering AS 100 D A
B
E
• • • • 1501 1120_06F9_c2
BGP peer within the same AS Not required to be directly connected IBGP neighbors should be fully meshed Few BGP speakers in corporate network
© 1999, Cisco Systems, Inc.
Copyright © 1998, Cisco Systems, Inc. All rights reserved. Printed in USA. Presentation_ID.scr
76
38
IBGP Core Architecture IGP 5
IGP 5
IGP 6
IGP 6 AS 64530
IGP 7
IGP 7
IGP 8
1501 1120_06F9_c2
IGP 8
77
© 1999, Cisco Systems, Inc.
Scaling iBGP mesh A
AS 100 B
C
• Need to avoid routing information loop • Solution should not change the current behaviour • Two solutions: Route reflectors—simpler to deploy and run Confederation—difficult 1501 1120_06F9_c2
© 1999, Cisco Systems, Inc.
Copyright © 1998, Cisco Systems, Inc. All rights reserved. Printed in USA. Presentation_ID.scr
78
39
Route Reflector: Principle • Router Reflector allows for a BGP hub (star) configuration
Reflector
A
AS 100 B
1501 1120_06F9_c2
C
© 1999, Cisco Systems, Inc.
79
Route Reflector: Benefits • Solves iBGP mesh problem • Packet forwarding is not affected • Normal BGP speakers co-exist • Multiple reflectors for redundancy • Easy migration • Multiple levels of route reflectors 1501 1120_06F9_c2
© 1999, Cisco Systems, Inc.
Copyright © 1998, Cisco Systems, Inc. All rights reserved. Printed in USA. Presentation_ID.scr
80
40
External BGP (EBGP) Peering
A
AS 100
AS 101 C B
• Between BGP speakers in different AS • Should be directly connected • Don’t run an IGP between EBGP peers 1501 1120_06F9_c2
© 1999, Cisco Systems, Inc.
81
Routing To Customers
• Normal—static route Redistribute to BGP
• eBGP with them • DO NOT SHARE YOUR IGP!
1501 1120_06F9_c2
© 1999, Cisco Systems, Inc.
Copyright © 1998, Cisco Systems, Inc. All rights reserved. Printed in USA. Presentation_ID.scr
82
41
Explicit vs. Default Routing • Default: Simple, cheap (cycles, memory, and bandwidth) Low granularity (metric games)
• Explicit More overhead, more complex, and higher cost High granularity 1501 1120_06F9_c2
83
© 1999, Cisco Systems, Inc.
Connecting to the Internet • Full routes option Greatest flexibility Resource intensive
• Default Simple Less granular 1501 1120_06F9_c2
© 1999, Cisco Systems, Inc.
Copyright © 1998, Cisco Systems, Inc. All rights reserved. Printed in USA. Presentation_ID.scr
84
42
Other Scaling Techniques
• Route flap dampening Tracks unreliable BGP routes More unreliable is carried less
1501 1120_06F9_c2
85
© 1999, Cisco Systems, Inc.
Route Filtering Network X
• Selectively announce routes, per neighbor Hide part of the topology/connectivity
• Do not believe your customers routes • Enable addresses block by block 1501 1120_06F9_c2
© 1999, Cisco Systems, Inc.
Copyright © 1998, Cisco Systems, Inc. All rights reserved. Printed in USA. Presentation_ID.scr
Advertise B and Y
Network A
Advertise B and X
Network B
Network Y 86
43
Redistribution
• Static -> BGP okay • IGP -> BGP rarely • Do not: IGP -> IGP BGP -> IGP 1501 1120_06F9_c2
87
© 1999, Cisco Systems, Inc.
The Other Stuff Bandwidth, Security, Team, and Testing 1501 1120_06F9_c2
© 1999, Cisco Systems, Inc.
Copyright © 1998, Cisco Systems, Inc. All rights reserved. Printed in USA. Presentation_ID.scr
88
44
Bandwidth • Levels of service Different services? Best effort internet vs. packet telephony QoS/priorities/traffic engineering
• Oversubscription ratios See Session #310 “Deploying Traffic Management (QoS) Technology” 1501 1120_06F9_c2
89
© 1999, Cisco Systems, Inc.
Security • Do not trust CPE equipment that is not under your complete (including physical) control • Securing infrastructure • Other security See Session #311 “Deploying Security Technology” 1501 1120_06F9_c2
© 1999, Cisco Systems, Inc.
Copyright © 1998, Cisco Systems, Inc. All rights reserved. Printed in USA. Presentation_ID.scr
90
45
Secure Routing Route Authentication Configure: Key and Hash Function
Campus Signs Route Updates
Verifies Signature Signature
Route Updates
• Certifies authenticity of neighbor and integrity of route updates 1501 1120_06F9_c2
© 1999, Cisco Systems, Inc.
91
Authentication, Authorization and Accounting (AAA)
• Verifies identity = Who are you? • Authorization = Configures integrity What are you permitted to do? • Accounting = Assists with audit What did you do?
1501 1120_06F9_c2
© 1999, Cisco Systems, Inc.
Copyright © 1998, Cisco Systems, Inc. All rights reserved. Printed in USA. Presentation_ID.scr
92
46
Centralized Security Servers
• Includes centralized security database with username, password and authorization information • For use with a variety of authentication protocols including TACACS+, RADIUS, one-time password mechanisms 1501 1120_06F9_c2
93
© 1999, Cisco Systems, Inc.
Other Infrastructure Security
• SMNP—limit • Telnet encryption • TFTP servers
1501 1120_06F9_c2
© 1999, Cisco Systems, Inc.
Copyright © 1998, Cisco Systems, Inc. All rights reserved. Printed in USA. Presentation_ID.scr
94
47
Access/Edge Functions • NAT #1306 “Expanding Connectivity With NAT”
• Content caching #1302 “Update on Web Caching Technology”
• Voice #402 “Introduction to Voice Over IP and Other Integrated Services” 1501 1120_06F9_c2
95
© 1999, Cisco Systems, Inc.
Web Caching Service Provider Backbone
POPs Exit to the Backbone Intra-POP Interconnect
Distribution: Service Node/ Customer Access
Bandwidth Mismatches—Broadband Customer Access 1501 1120_06F9_c2
© 1999, Cisco Systems, Inc.
Copyright © 1998, Cisco Systems, Inc. All rights reserved. Printed in USA. Presentation_ID.scr
96
48
Managing the Network • Document (for real) • Plan ahead #609 “Introduction to Capacity Planning and Performance Management”
• Know your limits #601, 602, 603 “Device Architecture and Performance”
• Limit centralized polling (SNMP, ping) See Session #8xx “Network Management Technologies” 1501 1120_06F9_c2
97
© 1999, Cisco Systems, Inc.
Scaling Operations
• Few operators allowed to configure backbone infrastructure • Define clear processes/automate customer provisioning • Documentation, simplicity, and repetition 1501 1120_06F9_c2
© 1999, Cisco Systems, Inc.
Copyright © 1998, Cisco Systems, Inc. All rights reserved. Printed in USA. Presentation_ID.scr
98
49
Empowering People • People—not bandwidth, content, or applications—are THE most critical factor • Raise skills
1501 1120_06F9_c2
99
© 1999, Cisco Systems, Inc.
Labs and Testing • Cisco IOS ™ is the OS for your intranet • Test new releases with existing applications, like a new server OS release • Test new applications on a test network before deployment, like a test server • An ounce of preparation is worth… 1501 1120_06F9_c2
© 1999, Cisco Systems, Inc.
Copyright © 1998, Cisco Systems, Inc. All rights reserved. Printed in USA. Presentation_ID.scr
100
50
Please Complete Your Evaluation Form Session 1501
1501 1120_06F9_c2
© 1999, Cisco Systems, Inc.
101
1501 1120_06F9_c2
© 1999, Cisco Systems, Inc.
102
Copyright © 1998, Cisco Systems, Inc. All rights reserved. Printed in USA. Presentation_ID.scr
51