- •Contents
- •List of Figures
- •List of Tables
- •About the Author
- •Acknowledgements
- •Abbreviations
- •Introduction
- •1 Hardware Design
- •1.1 Separation of Routing and Forwarding Functionality
- •1.2 Building Blocks
- •1.2.1 Control Module
- •1.2.2 Forwarding Module
- •1.2.4 Stateful Failover
- •1.3 To Flow or Not to Flow?
- •1.4 Hardware Redundancy, Single Chassis or Multi Chassis
- •2 Transport Media
- •2.1 Maximum Transmission Unit (MTU)
- •2.1.1 Path MTU Discovery
- •2.1.2 Port Density
- •2.1.3 Channelized Interfaces
- •2.2 Ethernet
- •2.2.1 Address Resolution Protocol (ARP)
- •2.3 Asynchronous Transfer Mode (ATM)
- •2.4 Packet Over SONET (POS)
- •2.5.1 Intelligent Protection Switching
- •2.6 (Fractional) E1/T1/E3/T3
- •2.7 Wireless Transport
- •2.7.1 Regulatory Constraints
- •2.7.2 Interference
- •2.7.3 Obstructions
- •2.7.4 Atmospheric Conditions
- •3.1.1 Management Ethernet
- •3.1.2 Console Port
- •3.1.3 Auxiliary (Aux) Port
- •3.1.4 Remote Power Management
- •3.1.5 Uninterruptible Power Supplies (UPS)
- •3.2 Network Time Protocol (NTP)
- •3.3 Logging
- •3.4 Simple Network Management Protocol (SNMP)
- •3.4.1 SNMPv1, v2c and v3
- •3.5 Remote Monitoring (RMON)
- •3.6 Network Management Systems
- •3.6.1 CiscoWorks
- •3.6.2 JUNOScope
- •3.7.1 Concurrent Version System (CVS)
- •3.8 To Upgrade or Not to Upgrade
- •3.8.1 Software Release Cycles
- •3.9 Capacity Planning Techniques
- •4 Network Security
- •4.1 Securing Access to Your Network Devices
- •4.1.1 Physical Security
- •4.1.2 Authentication, Authorization and Accounting (AAA)
- •4.2 Securing Access to the Network Infrastructure
- •4.2.1 Authentication of Users, Hosts and Servers
- •4.2.2 Encryption of Information
- •4.2.3 Access Tools and Protocols
- •4.2.4 IP Security (IPsec)
- •4.2.5 Access Control Lists
- •4.2.6 RFC 1918 Addresses
- •4.2.7 Preventing and Tracing Denial of Service (DoS) Attacks
- •5 Routing Protocols
- •5.1 Why Different Routing Protocols?
- •5.2 Interior Gateway Protocols (IGP)
- •5.2.1 Open Shortest Path First (OSPF)
- •5.2.2 Authentication of OSPF
- •5.2.3 Stub Areas, Not So Stubby Areas (NSSA) and Totally Stubby Areas
- •5.2.4 OSPF Graceful Restart
- •5.2.5 OSPFv3
- •5.2.8 IS-IS Graceful Restart
- •5.2.9 Routing Information Protocol (RIP)
- •5.2.10 Interior Gateway Routing Protocol (IGRP) and Enhanced Interior Gateway Routing Protocol (EIGRP)
- •5.2.11 Diffusing Update Algorithm (DUAL)
- •5.2.12 Stuck-in-Active
- •5.2.13 Why use EIGRP?
- •5.3 Exterior Protocols
- •5.3.1 Border Gateway Protocol (BGP)
- •5.3.2 Authentication of BGP
- •5.3.3 BGP Graceful Restart
- •5.3.4 Multiprotocol BGP
- •6 Routing Policy
- •6.1 What is Policy For?
- •6.1.1 Who Pays Whom?
- •6.2 Implementing Scalable Routing Policies
- •6.3 How is Policy Evaluated?
- •6.3.2 The Flow of Policy Evaluation
- •6.4 Policy Matches
- •6.5 Policy Actions
- •6.5.1 The Default Action
- •6.5.2 Accept/Permit, Reject/Deny, and Discard
- •6.6 Policy Elements
- •6.7 AS Paths
- •6.9 Internet Routing Registries
- •6.10 Communities
- •6.11 Multi-Exit Discriminator (MED)
- •6.12 Local Preference
- •6.13 Damping
- •6.14 Unicast Reverse Path Forwarding
- •6.15 Policy Routing/Filter-Based Forwarding
- •6.16 Policy Recommendations
- •6.16.1 Policy Recommendations for Customer Connections
- •6.16.2 Policy Recommendations for Peering Connections
- •6.16.3 Policy Recommendations for Transit Connections
- •6.17 Side Effects of Policy
- •7 Multiprotocol Label Switching (MPLS)
- •7.2 Label Distribution Protocols
- •7.3 Tag Distribution Protocol (TDP)
- •7.4 Label Distribution Protocol (LDP)
- •7.4.1 LDP Graceful Restart
- •7.5.1 RSVP-TE Graceful Restart
- •7.6 Fast Reroute
- •7.7 Integrating ATM and IP Networks
- •7.8 Generalized MPLS (GMPLS)
- •8 Virtual Private Networks (VPNs)
- •8.1 VPNs at Layer 3
- •8.1.1 Layer 3 VPN (RFC 2547bis)
- •8.1.2 Generic Router Encapsulation (GRE)
- •8.1.3 IPsec
- •8.2 VPNs at Layer 2
- •8.2.1 Circuit Cross-Connect (CCC)
- •8.2.3 Martini (Layer 2 circuits)
- •8.2.4 Virtual Private Wire Service (VPWS)
- •8.2.5 Virtual Private LAN Service (VPLS)
- •8.2.6 Layer 2 Tunnelling Protocol (L2TP)
- •9.1 Design and Architectural Issues of CoS/QoS
- •9.2 CoS/QoS Functional Elements
- •9.2.3 Congestion Avoidance Mechanisms
- •9.2.4 Queueing Strategies
- •9.3 QoS Marking Mechanisms
- •9.3.1 Layer 2 Marking
- •9.3.2 Layer 3 QoS
- •9.3.3 MPLS EXP
- •9.4 Integrating QoS at Layer 2, in IP and in MPLS
- •9.4.1 DiffServ Integration with MPLS
- •10 Multicast
- •10.1 Multicast Forwarding at Layer 2
- •10.1.1 Multicast on Ethernet and FDDI
- •10.1.2 Multicast Over Token Ring
- •10.1.3 Internet Group Management Protocol (IGMP)
- •10.1.4 IGMP Snooping
- •10.1.5 PIM/DVMRP Snooping
- •10.1.6 Immediate Leave Processing
- •10.1.7 Cisco Group Management Protocol (CGMP)
- •10.2 Multicast Routing
- •10.2.1 Reverse Path Forwarding (RPF) Check
- •10.2.2 Dense Mode Protocols
- •10.2.3 Sparse Mode Protocols
- •10.2.4 Multicast Source Discovery Protocol (MSDP)
- •10.2.5 Multiprotocol BGP
- •10.2.6 Multicast Scoping
- •11.1 Evolution and Revolution
- •11.2 IPv6 Headers
- •11.3 IPv6 Addressing
- •11.3.1 Hierarchical Allocations
- •11.3.2 Address Classes
- •11.5 Domain Name System (DNS)
- •11.6 Transition Mechanisms
- •11.6.1 Dual Stack
- •11.6.3 Tunnelling IPv6 in IPv4
- •11.7 Routing in IPv6
- •11.7.2 OSPFv3
- •11.7.3 RIPng
- •11.7.4 Multiprotocol BGP
- •11.8 Multicast in IPv6
- •11.9 IPv6 Security
- •11.10 Mobility in IPv6
- •References
- •Index
About the Author
Guy Davies has worked as an IP Architect for Telindus, a network integrator in the UK, for four years. While at Telindus, he has been involved in many projects ranging from the design, implementation and operation of customers’ core IP networks through to migration of ATM networks to an IP and MPLS-based infrastructure, and the design and implementation of large secured wireless networks and consultancy as well as the development of wireless rural broadband access. During this time, he has also worked as a contractor to Juniper Networks, providing engineering and consulting services both in the UK and overseas.
Prior to Telindus, Guy spent five years working for UUNET (and its previous incarnation in the UK, PIPEX). During his time at PIPEX and UUNET, Guy worked in a variety of engineering and management roles including systems administration, network operation and development roles. He was responsible for the design of the first pan-European MPLS core network built by UUNET.
Guy is JNCIE #20 and is also a CCIP.
BIOGRAPHY OF REVIEWER
Todd M. Regonini has almost ten years of industry experience in IP network design, implementation, and administration. He is currently employed as a Senior Systems Engineer working for Juniper Networks in Sunnyvale, California. Prior to that he worked for Cisco Systems where he consulted directly with customers on the design and implementation of IP networks. Todd is Juniper Networks Certified Internet Expert (JNCIE) #23.
Acknowledgements
This book has just one author. Despite that, it is only through the efforts of a number of people that this book has now been published.
I would first of all like to thank Patrick Ames. It was he who convinced me to write this book in the first place. Then, having got me to put my ideas down, it was he who helped me find a publisher for my work and he who kept me going, even when I doubted my own ability to complete the project. Without a doubt, this book would not have seen the light of day but for him.
Throughout the writing process, I have received corrections and advice from an array of friends and colleagues. Several engineers and consultants at Juniper Networks provided significant input. Particular thanks go to Aviva Garrett, Paul Goyette, Pete Moyer, Bill Nowak and Todd Regonini, who all provided invaluable technical information. I thank my former colleagues at UUNET, Tony Barber and John Whyte, for their thorough technical review and discussion of various issues covered in the book. I’d also like to thank Danny McPherson, who provided some useful insight into several issues surrounding BGP and the selection of parameters for policy. In addition to the technical reviewers above, Cressi Whyte gave some extremely useful advice on writing style.
I also received great help from Richard Southern of Juniper TAC in checking the configurations at the end of this book. I greatly appreciate the help he gave me at exceptionally short notice. Despite the time constraints, his work was thorough and accurate.
I would also like to thank the editing team at John Wiley & Sons, Ltd: Sally Mortimore, Birgit Gruber, Daniel Gill, Susan Dunsmore and Lucy Bryan.
Finally, I would especially like to thank my wife, Ghillie, and my children, Emily and George, for their endless patience. This book has taken much of my free time and most evenings for several months. I am sorry I have not paid as much attention to you or spent as much time with you as I should have done.