- •Contents
- •List of Figures
- •List of Tables
- •About the Author
- •Acknowledgements
- •Abbreviations
- •Introduction
- •1 Hardware Design
- •1.1 Separation of Routing and Forwarding Functionality
- •1.2 Building Blocks
- •1.2.1 Control Module
- •1.2.2 Forwarding Module
- •1.2.4 Stateful Failover
- •1.3 To Flow or Not to Flow?
- •1.4 Hardware Redundancy, Single Chassis or Multi Chassis
- •2 Transport Media
- •2.1 Maximum Transmission Unit (MTU)
- •2.1.1 Path MTU Discovery
- •2.1.2 Port Density
- •2.1.3 Channelized Interfaces
- •2.2 Ethernet
- •2.2.1 Address Resolution Protocol (ARP)
- •2.3 Asynchronous Transfer Mode (ATM)
- •2.4 Packet Over SONET (POS)
- •2.5.1 Intelligent Protection Switching
- •2.6 (Fractional) E1/T1/E3/T3
- •2.7 Wireless Transport
- •2.7.1 Regulatory Constraints
- •2.7.2 Interference
- •2.7.3 Obstructions
- •2.7.4 Atmospheric Conditions
- •3.1.1 Management Ethernet
- •3.1.2 Console Port
- •3.1.3 Auxiliary (Aux) Port
- •3.1.4 Remote Power Management
- •3.1.5 Uninterruptible Power Supplies (UPS)
- •3.2 Network Time Protocol (NTP)
- •3.3 Logging
- •3.4 Simple Network Management Protocol (SNMP)
- •3.4.1 SNMPv1, v2c and v3
- •3.5 Remote Monitoring (RMON)
- •3.6 Network Management Systems
- •3.6.1 CiscoWorks
- •3.6.2 JUNOScope
- •3.7.1 Concurrent Version System (CVS)
- •3.8 To Upgrade or Not to Upgrade
- •3.8.1 Software Release Cycles
- •3.9 Capacity Planning Techniques
- •4 Network Security
- •4.1 Securing Access to Your Network Devices
- •4.1.1 Physical Security
- •4.1.2 Authentication, Authorization and Accounting (AAA)
- •4.2 Securing Access to the Network Infrastructure
- •4.2.1 Authentication of Users, Hosts and Servers
- •4.2.2 Encryption of Information
- •4.2.3 Access Tools and Protocols
- •4.2.4 IP Security (IPsec)
- •4.2.5 Access Control Lists
- •4.2.6 RFC 1918 Addresses
- •4.2.7 Preventing and Tracing Denial of Service (DoS) Attacks
- •5 Routing Protocols
- •5.1 Why Different Routing Protocols?
- •5.2 Interior Gateway Protocols (IGP)
- •5.2.1 Open Shortest Path First (OSPF)
- •5.2.2 Authentication of OSPF
- •5.2.3 Stub Areas, Not So Stubby Areas (NSSA) and Totally Stubby Areas
- •5.2.4 OSPF Graceful Restart
- •5.2.5 OSPFv3
- •5.2.8 IS-IS Graceful Restart
- •5.2.9 Routing Information Protocol (RIP)
- •5.2.10 Interior Gateway Routing Protocol (IGRP) and Enhanced Interior Gateway Routing Protocol (EIGRP)
- •5.2.11 Diffusing Update Algorithm (DUAL)
- •5.2.12 Stuck-in-Active
- •5.2.13 Why use EIGRP?
- •5.3 Exterior Protocols
- •5.3.1 Border Gateway Protocol (BGP)
- •5.3.2 Authentication of BGP
- •5.3.3 BGP Graceful Restart
- •5.3.4 Multiprotocol BGP
- •6 Routing Policy
- •6.1 What is Policy For?
- •6.1.1 Who Pays Whom?
- •6.2 Implementing Scalable Routing Policies
- •6.3 How is Policy Evaluated?
- •6.3.2 The Flow of Policy Evaluation
- •6.4 Policy Matches
- •6.5 Policy Actions
- •6.5.1 The Default Action
- •6.5.2 Accept/Permit, Reject/Deny, and Discard
- •6.6 Policy Elements
- •6.7 AS Paths
- •6.9 Internet Routing Registries
- •6.10 Communities
- •6.11 Multi-Exit Discriminator (MED)
- •6.12 Local Preference
- •6.13 Damping
- •6.14 Unicast Reverse Path Forwarding
- •6.15 Policy Routing/Filter-Based Forwarding
- •6.16 Policy Recommendations
- •6.16.1 Policy Recommendations for Customer Connections
- •6.16.2 Policy Recommendations for Peering Connections
- •6.16.3 Policy Recommendations for Transit Connections
- •6.17 Side Effects of Policy
- •7 Multiprotocol Label Switching (MPLS)
- •7.2 Label Distribution Protocols
- •7.3 Tag Distribution Protocol (TDP)
- •7.4 Label Distribution Protocol (LDP)
- •7.4.1 LDP Graceful Restart
- •7.5.1 RSVP-TE Graceful Restart
- •7.6 Fast Reroute
- •7.7 Integrating ATM and IP Networks
- •7.8 Generalized MPLS (GMPLS)
- •8 Virtual Private Networks (VPNs)
- •8.1 VPNs at Layer 3
- •8.1.1 Layer 3 VPN (RFC 2547bis)
- •8.1.2 Generic Router Encapsulation (GRE)
- •8.1.3 IPsec
- •8.2 VPNs at Layer 2
- •8.2.1 Circuit Cross-Connect (CCC)
- •8.2.3 Martini (Layer 2 circuits)
- •8.2.4 Virtual Private Wire Service (VPWS)
- •8.2.5 Virtual Private LAN Service (VPLS)
- •8.2.6 Layer 2 Tunnelling Protocol (L2TP)
- •9.1 Design and Architectural Issues of CoS/QoS
- •9.2 CoS/QoS Functional Elements
- •9.2.3 Congestion Avoidance Mechanisms
- •9.2.4 Queueing Strategies
- •9.3 QoS Marking Mechanisms
- •9.3.1 Layer 2 Marking
- •9.3.2 Layer 3 QoS
- •9.3.3 MPLS EXP
- •9.4 Integrating QoS at Layer 2, in IP and in MPLS
- •9.4.1 DiffServ Integration with MPLS
- •10 Multicast
- •10.1 Multicast Forwarding at Layer 2
- •10.1.1 Multicast on Ethernet and FDDI
- •10.1.2 Multicast Over Token Ring
- •10.1.3 Internet Group Management Protocol (IGMP)
- •10.1.4 IGMP Snooping
- •10.1.5 PIM/DVMRP Snooping
- •10.1.6 Immediate Leave Processing
- •10.1.7 Cisco Group Management Protocol (CGMP)
- •10.2 Multicast Routing
- •10.2.1 Reverse Path Forwarding (RPF) Check
- •10.2.2 Dense Mode Protocols
- •10.2.3 Sparse Mode Protocols
- •10.2.4 Multicast Source Discovery Protocol (MSDP)
- •10.2.5 Multiprotocol BGP
- •10.2.6 Multicast Scoping
- •11.1 Evolution and Revolution
- •11.2 IPv6 Headers
- •11.3 IPv6 Addressing
- •11.3.1 Hierarchical Allocations
- •11.3.2 Address Classes
- •11.5 Domain Name System (DNS)
- •11.6 Transition Mechanisms
- •11.6.1 Dual Stack
- •11.6.3 Tunnelling IPv6 in IPv4
- •11.7 Routing in IPv6
- •11.7.2 OSPFv3
- •11.7.3 RIPng
- •11.7.4 Multiprotocol BGP
- •11.8 Multicast in IPv6
- •11.9 IPv6 Security
- •11.10 Mobility in IPv6
- •References
- •Index
24 |
ROUTER AND NETWORK MANAGEMENT |
NTP works in a hierarchy with stratum one at the top (stratum 0 is ‘undefined’). Primary reference servers are stratum one servers. When a server uses time signals from a stratum one server, it becomes a stratum two server. When a server uses time signals from a stratum two server, it becomes a stratum three server, and so on . . .
There are many stratum one servers based on a variety of Cesium clocks, GPS clocks, radio time signals, etc. Many of these offer public service so if you do not want to implement your own stratum one servers, it is possible to take service from these servers and have several stratum two servers within your network. All network devices in your network can then take service from each of these servers and their clocks will maintain accuracy as defined by stratum three. It is generally considered to be good practice to only use a public stratum one server if your server is likely to serve a fairly large set of clients and higher stratum servers (100 is considered to be a good figure). It is also considered good practice, if you are going to use a public stratum one server, to operate two or more stratum two servers to service your clients. A good rule of thumb is to operate three servers to provide service to a SP core network and their customers’ networks.
In general, the difference between service from a stratum one server and a stratum two server will be negligible, so do not use public stratum one servers unnecessarily.
3.3 LOGGING
Logging is, by definition, the acquisition and storage of large volumes of data regarding the performance of the network. The architecture of the network device defines the mechanisms by which logged information is acquired and the mechanisms and location of the storage of the resulting data. Many modern devices have large volume storage devices built in. These allow the storage of logging and accounting information locally and the transfer of that data in bulk to a central device for post-processing. Those devices with little or no local storage must send all logged information immediately to an external device for storage. This is generally done with syslog and SNMP. It is important to note that syslog and SNMP use UDP as the transport protocol. UDP is inherently unreliable so, during an outage, it can be quite difficult to ensure the delivery of vital messages. This is one of the major benefits of having significant local storage so that logging can be done locally, copied using standard mechanisms to remote servers and, in the event of the failure of standard mechanisms, the locally stored logs can be copied in bulk to the central location.
If you do not log events, it is just impossible to tell exactly what has happened on your network and when. If you offer SLAs, then the inability to identify events, which may impact your SLA, makes you liable to claims from your customers that you have not met your SLA and you have no way to prove or disprove the claim.
3.4SIMPLE NETWORK MANAGEMENT PROTOCOL (SNMP)
SNMP is a widely used set of protocols for monitoring the health of networks. SNMP is based on four major elements: (1) a network management station; (2) a network
3.4 SIMPLE NETWORK MANAGEMENT PROTOCOL (SNMP) |
25 |
management agent; (3) a network management protocol; and (4) management information bases (MIBs).
•The network management station is the workstation to and from which SNMP messages are sent and on which the results are analysed and presented to the operator.
•The network management agent is based on the network device. It responds to requests from the network management station and sends unsolicited notifications of network alert events.
•The network management protocol is the grammar used by the network management station and the network management agent for their conversations.
•The MIB is a dictionary, which describes the objects being given values, the type and range of the values available to each object and an identifier for each of those objects. These objects are formed into a hierarchy of objects.
SNMP provides two operations: GET and SET. GET is used to retrieve information from a network element. SET is used to overwrite a value of the configuration of a network element. The ability to GET and SET values on network devices provides the operator with the ability to both monitor and configure devices remotely using SNMP. The combination of polling (GET) and traps/informs provides a comprehensive mechanism for monitoring all manner of network devices.
3.4.1SNMPv1, v2c AND v3
There are, currently, three versions of SNMP in widespread use (SNMP v2p and v2u are both obsolete). Essentially, each version provides enhancements to various aspects of the previous versions.
With the standardization of version 3 in RFC 2271 through RFC 2275, the RFCs describing version 1, the initial version, and version 2c, a version with enhanced data types and larger counters, have been made historical.
3.4.1.1 Security in SNMP
SNMP is not an inherently secure protocol. However, security is a significant issue for SNMP, given the nature of the information being passed around. The security (or otherwise) of SNMP can have an impact on the utility of this protocol in larger networks. Since SNMP provides the ability to read and write information to managed devices, it is highly desirable for the manager to be able to decide who may and may not access the information available via SNMP. Versions 1 and 2c use a community string, which is a plain text password. Since each trap and poll sent to/from a network device contains the password in plain text, it is easy to find this password and, with that password, obtain and possibly modify vital network configuration and statistical information. It is not uncommon for