IntroductionChapter 1 Rise of the IP Transport SystemThe Internet ExplosionNext-Generation IP ApplicationsVoice over IPIP StorageMPLS: New Kid on the BlockNext-Generation IP Transport SystemContinuous Improvements of ProtocolsChapter 2 Establishing a High-Availability NetworkUnderstanding the Five-Nines Availability DebateDifferentiating Between Reliability and AvailabilityThe Five-Nines ApproachIdiosyncrasies of the Telcordia GR-512-Core DocumentThe Truth About 50-ms ResiliencyA Practical Approach to Achieving High AvailabilityMeasuring AvailabilityDefining a MetricUnderstanding the Issue of Network AvailabilitySetting a Strategy to Achieve High AvailabilityDesigning a Network for High AvailabilityEstablishing Continuous Fault Detection and Measurement of Network AvailabilityMaking Full Use of Scheduled DowntimeInstituting a Disciplined Approach to Network Operation and ProcessesSummaryChapter 3 Fundamentals of IP Resilient NetworksRevisiting IP, TCP, and UDPInternet ProtocolTransmission Control ProtocolTCP Three-Way HandshakeTCP Sliding WindowUser Datagram ProtocolDevice-Level ResiliencyOnline Insertion and Removal (OIR)Single Line Card ReloadHigh System AvailabilityRoute Processor RedundancyRoute Processor Redundancy PlusStateful SwitchoverNonstop ForwardingImpact of Different Switching PathsProcess SwitchingCisco Express Forwarding SwitchingCentral CEFDistributed CEFProtecting the Control Plane and Data PlaneEstablishing a Resiliency StrategyRedundancy StrategyLogical ResiliencyPhysical ResiliencyScaling StrategyKey Principles for Designing Resilient NetworksSimplicityModularitySecuritySummaryChapter 4 Quality of ServiceProtecting the Control Plane with QoSTraffic Types That Affect the Control PlaneTagging Routing Protocol and Layer 2 Control PacketsIP PrecedenceThe pak_priority FlagSelective Packet DiscardReceive ACLControl-Plane PolicingProtecting Applications with QoSUnderstanding the Need for Application QoSLatencyJitterLossDetermining When to Deploy QoSScenario 1: Undercongested LinkScenario 2: Occasionally Congested LinkScenario 3: Badly Congested LinkBuilding Blocks of QoSClassification and MarkingCongestion AvoidanceCongestion ManagementTraffic ConditioningApplication QoS and Control-Plane TrafficQoS Deployment StrategyClassifying ApplicationsDefining PoliciesTesting PoliciesImplementing QoS FeaturesMonitoringSummaryChapter 5 Core ModuleNetwork Convergence in the CoreOSPF EnhancementsShortest Path First (SPF) ThrottlingOSPF LSA ThrottlingOSPF LSA Flooding ReductionOSPF Fast HelloOSPF Update Packet-Pacing TimerOSPF Incremental SPFOSPF Graceful RestartRFC 3623Cisco ImplementationIS-IS EnhancementsIS-IS SPF ThrottlingIS-IS LSP GenerationIS-IS LSA Flooding ReductionIS-IS Fast HellosIS-IS Update Packet-Pacing TimerIS-IS Incremental SPFIS-IS Graceful RestartCisco ImplementationIETF ImplementationEIGRP EnhancementsEIGRP Graceful ShutdownEIGRP Graceful RestartEIGRP Stub Router FunctionalityBidirectional Forwarding Detection (BFD)IP Event DampeningMultipath RoutingLoad BalancingEqual-Cost Multipath (ECMP)Per PacketPer DestinationMPLS Traffic EngineeringFast Reroute Link ProtectionFast Reroute Node ProtectionMulticast Subsecond ConvergenceSummaryChapter 6 Access ModuleMultilayer Campus DesignAccess LayerDistribution LayerCore LayerAccess Module Building BlocksLayer 2 DomainThe Spanning Tree Protocol: IEEE 802.1dPortFastUplinkFastBackboneFastUnidirectional Link Detection (UDLD)RootGuardLoopGuardBPDUGuardVLANs and TrunkingCommon Spanning Tree (CST)Per-VLAN Spanning Tree (PVST)Per-VLAN Spanning Tree Plus (PVST+)IEEE 802.1wIEEE 802.1sChanneling TechnologyLayer 2 Best PracticesSimple Is BetterLimit the Span of VLANsBuild Triangles, Not SquaresProtect the Network from UsersSelecting Root BridgesUse Value-Added FeaturesEtherChannel DeploymentEtherChannel Load BalancingConsistent EtherChannel Port SettingsLayer 2 Setting for EtherChannelTurning Off AutonegotiationLayer 3 DomainHot Standby Routing Protocol (HSRP)Virtual Router Redundancy Protocol (VRRP)Global Load Balancing Protocol (GLBP)Layer 3 Best PracticesAdopt Topology-Based SwitchingUsing Equal-Cost MultipathConserve Peering ResourcesAdopt a Hierarchical Addressing SchemeSummaryChapter 7 Internet ModuleUnderstanding Addressing and Routing in the Internet ModuleAddress-Assignment SchemeRoutingRouting for Internal UsersRouting for External UsersEstablishing Internet Module RedundancyLink-Level RedundancyDevice-Level RedundancyISP-Level RedundancySite-Level RedundancyImplementing Security MeasuresSecurity PolicyFiltering at the Internet ModuleResilient Border Gateway Protocol (BGP) DesignBGP Soft ReconfigurationBGP Convergence OptimizationBGP Next-Hop Address TrackingBGP Support for Fast Peering Session DeactivationBGP Route DampeningNonstop Forwarding with Stateful Switchover (NSF/SSO) for BGPUsing Network Address Translation (NAT)Enhanced NAT ResiliencyNAT with Route MapStatic Mapping with Hot Standby Routing Protocol (HSRP) SupportStateful NATLimiting NAT EntriesMultihoming with NATEffects of NAT on Network and ApplicationsImplications on TCP and ICMP TrafficApplication-Specific GatewaysEffects on Voice over IP (VoIP) TrafficEffects on Router Performance Effects on Network SecuritySummaryChapter 8 WAN ModuleLeased LineDomestic Leased Circuit Versus International Private Leased CircuitLeased Circuit EncapsulationEqual-Cost Load BalancingMultilink Point-to-Point Protocol (MPPP)SONET/SDHSONET/SDH FramingPPP over SONET/SDHSONET/SDH Protection SwitchingResilient Packet RingDPT ArchitectureDPT/SRP Classes of ServiceSRP QueuingSRP Fairness AlgorithmRPR StandardsDifferences Between 802.17 and DPT/SRPDial BackupVirtual Private Network (VPN)IP TunnelL2TPv3L2TPv3 DeploymentMPLS-VPNSummaryChapter 9 Data Center ModuleData Center Environmental ConsiderationsCablingTaggingDocumentationDisciplineRack SpaceServer SizePowerNext-Generation Server ArchitectureData Center Network ConsiderationsSecurityServer PerformanceFault-Tolerant Server FeaturesMultifaceted ServerData Center Network ArchitectureAccess Layer DesignNIC TeamingClusteringAggregation Layer Design Trunk Ports on an Aggregation Switch Routed Ports on an Aggregation SwitchArchitecture Scaling ConsiderationData Center Network SecurityLayer 2 SecurityPrivate VLANs (PVLANs)VLAN Access Control List (VACL)Port SecurityDynamic ARP InspectionLayer 3 SecuritySwitch Forwarding ArchitectureControl Plane PolicingDHCP Server ProtectionService OptimizationServer Load BalancingGlobal Site SelectorUnderstanding DNS ResolutionUsing GSSWeb Cache Communication Protocol (WCCP)Integrated Service ModulesSummaryChapter 10 Beyond Implemention: Network ManagmentComponents of Network ManagementFault ManagementConfiguration ManagementConfiguration File ManagementInventory ManagementSoftware ManagementAccounting Management Performance ManagementSecurity ManagementACLsUser IDs and PasswordsTACACSEstablishing a BaselineStep 1: Take a Snapshot of InventoryStep 2: Collect Relevant DataMIB Entries and Object IdentifiersMulti-Router Traffic GrapherStep 3: Analyze DataStep 4: Prioritize Problem AreasStep 5: Determine a Course of ActionManaging Cisco IOS DeploymentOverview of IOS ReleasesUnderstanding IOS Naming ConventionIOS Software Life Cycle ManagementPlanningDesignTestingImplementationOperationMoving Toward Proactive ManagementIP Service Level AgreementICMP-Based IP SLA OperationResponder-Based IP SLA OperationNonresponder-Based IP SLA OperationExamples of IP SLA OperationsComponent Outage Online (COOL) MeasurementEmbedded Event Manager (EEM)Next-Generation IOS ArchitectureSummaryEnd NotesAppendix A Calculating Network AvailabilityAppendix BRFCs Relevant to Building a Resilient IP NetworkAppendix CThe Cisco Powered Network ChecklistIndex1587052156TOC112205
More and more companies are building networks that are used not only for corporate communication, but most importantly, for doing business. Since the network has become such a strategic business tool, its availbality is of utmost importance to these companies and to their service providers. Therefore, the challenge for network professionals is ensuring networks are up at all times; keeping abreast of the latest technology that helps maintain uptime; and reacting to ever-increasing denial of service attacks. Problems faced by network professionals when meeting these challenges include lack of understanding regarding network availability; ignorance of the latest features and tools; hard-to-find documentation; lack of education programs; savvy black hats who attack networks. Building Resilient IP Networks helps network professionals take on these challenges. First it shows what network availability means and focuses on real-life issues: appreciating the limitations of protocols and understanding what's been done to improve them. Next the book addresses the benefits of modular design and illustrates how modular design contributes to a resilient network. The bulk of the book explores new features and tools that recently developed with respect to modular design.
Kok-Keong "KK" Lee, CCIE (R) No. 8427, a consulting systems engineer for Cisco Systems (R) South Asia, works closely with service providers and defense and large enterprise customers in Asia Pacific on network architecture. He has been a networking engineer since 1990 and specializes in IP core and MPLS technologies. Fung Lim, CCIE No. 11970, is a systems engineer for Cisco and has been working with service providers in areas pertaining to network design, operations, and security. He has also been involved in the design of several provider networks in the Asia region. Beng-Hui Ong is a product manager for the Cisco Broadband Edge and Midrange Routing Business Unit. He works with service providers and cable operators in the Asia Pacific region on network design and operations.