Introduction xxiii Chapter 1 Network Fundamentals Review 1 Introduction to Networks 2 Protocols and the OSI Model 2 OSI Model 3 Protocols 3 OSI Layers 4 Physical Layer: Layer 1 4 Data Link Layer: Layer 2 4 Network Layer: Layer 3 5 Transport Layer: Layer 4 5 Upper Layers: Layers 5 Through 7 6 Communication Among OSI Layers 6 LANs and WANs 8 Network Devices 10 Terminology: Domains, Bandwidth, Unicast, Broadcast, and Multicast 10 Hubs 11 Physical Interfaces and Ports 11 Switches 11 Switches Versus Bridges 12 Routers 12 Introduction to the TCP/IP Suite 13 TCP/IP Transport Layer Protocols 15 Port Numbers 17 TCP Sequencing, Acknowledgment, and Windowing 18 TCP/IP Internet Layer Protocols 22 Protocols 22 IPv4 Datagrams 22 IPv6 Datagrams 24 Routing 25 Routers Work at the Lower Three OSI Layers 26 Routing Tables 27 Routing Protocols 28 Addressing 29 Physical Addresses 29 Logical Addresses 30 Routing and Network Layer Addresses 31 IPv4 Addresses 31 IPv4 Address Classes 31 Private and Public IPv4 Addresses 32 IPv4 Subnets 33 IPv6 Addresses 34 IPv6 Address Types 36 Switching Types 36 Layer 2 Switching 37 Layer 3 Switching 39 Spanning Tree Protocol 40 Redundancy in Layer 2 Switched Networks 40 STP Terminology and Operation 41 STP Terminology 41 STP States 43 Rapid STP 44 Virtual LANs 45 VLAN Membership 45 Trunks 46 STP and VLANs 46 Inter-VLAN Routing 47 Comprehensive Example 49 Summary 52 Review Questions 52 Chapter 2 Network Design Methodology 53 Understanding the Network Architectures for the Enterprise 53 Business Drivers for a New Network Framework 54 Business Forces 54 Technology-Related Forces 54 IT Challenges 55 Cisco Network Architectures for the Enterprise 55 Borderless Networks Architecture 56 Borderless Networks Architecture Approach 57 Collaboration Architecture Approach 58 Data Center/Virtualization Architecture Approach 59 Identifying Design Requirements 61 Using the PPDIOO Approach for Networks 61 Benefits of the Lifecycle Approach 63 Design Methodology 64 Identifying Customer Design Requirements 65 Identifying Network Applications and Network Services 65 Defining Organizational Goals 67 Identifying Organizational Constraints 69 Identifying Technical Goals 71 Assessing Technical Constraints 73 Characterizing the Existing Network and Sites 74 Identifying Major Features of the Network 74 Sample Site Contact Information 75 Sample High-Level Network Diagram 76 Auditing the Existing Network 77 Using Tools for Auditing the Network 79 RSPAN with VACLs for Granular Traffic Analysis 81 Analyzing Network Traffic and Applications 83 Using Tools for Analyzing Network Traffic 84 Reviewing Network Traffic Information 85 Analyzing Network Health 85 Creating a Draft Design Document 86 Time Estimates for Performing Network Characterization 88 Using the Top-Down Approach to Network Design 89 Top-Down Approach to Network Design 90 Top-Down Design Example 91 Decision Tables in Network Design 91 Assessing the Scope of the Network Design Project 93 Using Structured Design Principles 93 Logical Structure 94 Physical Structure 95 Network Design Tools 95 Testing the Design 96 Planning an Implementation 97 Documenting the Design 98 Summary 100 References 100 Review Questions 101 Chapter 3 Structuring and Modularizing the Network 103 Designing the Network Hierarchy 103 Introducing the Hierarchical Network Model 104 Describing Access Layer Functionality 106 Campus Access Layer Connectivity 107 Describing Distribution Layer Functionality 108 Virtual Switches 110 Describing Core Layer Functionality 111 Using a Modular Approach in Network Design 114 Describing the Enterprise Campus Functional Area 117 Enterprise Campus Infrastructure Module 117 Data Center Module 117 Describing the Enterprise Edge Area 119 E-Commerce Module 121 Internet Connectivity Module 121 WAN and MAN and Site-to-Site VPN Module 122 Remote Access and VPN Module 122 Describing the Service Provider Area 122 ISP Module 123 Public Switched Telephone Network Module 123 Frame Relay and ATM Module 123 Describing the Remote Area 124 Enterprise Branch Module 124 Enterprise Data Center Module 125 Enterprise Teleworker Module 125 Supporting Services on Borderless Networks 126 Explaining the Role of Borderless Network Services 126 Mobility Considerations 128 Security Infrastructure Services 129 Designing Security to Protect Against External Threats 132 Application Performance Considerations 134 Resolving Application Issues with Cisco Application Network Services 135 Cisco ANS Components 135 IP Communications 136 Voice Transport 137 High-Availability Network Services 141 Full-Mesh Versus Partial-Mesh Redundancy 142 Identifying Network Management Protocols and Features 145 Network Management Overview 145 SNMP 146 SNMP Message Types 147 SNMP Version 2 148 SNMP Version 3 149 MIB Characteristics 150 MIB Variable Retrieval 152 Using RMON 153 NetFlow Characteristics 155 NetFlow Versus RMON Information Gathering 157 Applications Using NetFlow 158 Cisco Discovery Protocol Features 159 Syslog Features 160 Summary 164 References 164 Review Questions 164 Chapter 4 Designing Basic Campus and Data Center Networks 167 Describing Campus Design Considerations 167 Campus Design Factors 168 Network Application Characteristics and Considerations 168 Peer-Peer Applications 169 Client-Local Server Applications 170 Client-Data Center Applications 170 Client-Enterprise Edge Applications 172 Application Requirements 173 Environmental Characteristics and Considerations 174 Intrabuilding Structure 174 Interbuilding Structure 175 Distant Remote Building Structure 175 Transmission Media Considerations 176 Copper 176 Optical Fiber 177 Wireless 177 Campus Transmission Media Comparison 178 Transmission Media Cabling Example 179 Infrastructure Device Characteristics and Considerations 179 Quality of Service (QoS) 180 Designing the Campus Infrastructure Module 181 Design Considerations for the Campus Network 181 Design Considerations for the Building Access Layer 182 Managing VLANs and STP 183 Managing Trunks Between Switches 186 Managing Default PAgP Settings 186 Consider Implementing Routing in the Building Access Layer 186 Design Considerations for the Building Distribution Layer 187 Best Practices in the Distribution Layer 187 Using First-Hop Redundancy Protocols 188 Deploying Layer 3 Routing Protocols 189 Using the Virtual Switching System at the Distribution Layer 191 Campus Core Design Considerations 192 Small and Medium Campus Design Options 195 Edge Distribution at the Campus Core 196 Describing Enterprise Data Center Considerations 197 Describing the Enterprise Data Center Architectures 197 Cisco Enterprise Data Center Architecture Framework 198 Server Challenges 200 Data Center Facility Aspects 200 Enterprise Data Center Infrastructure 205 Data Center Access Layer 206 Data Center Aggregation Layer 207 Data Center Core Layer 207 Describing Enterprise Network Virtualization Tools 208 Virtualization Challenges 208 What Is Virtualization? 209 Types of Virtualization 209 Virtualization Technologies 210 Network Virtualization Design Considerations 211 Summary 212 References 212 Review Questions 213 Chapter 5 Designing Remote Connectivity 215 Identifying WAN Technology Considerations 215 Review of WAN Features 216 Comparison of WAN Transport Technologies 217 Time-Division Multiplexing 218 ISDN Connectivity 218 Frame Relay 219 Multiprotocol Label Switching 219 Metro Ethernet 219 DSL Technology 220 Cable Technology 221 Wireless Technology 221 SONET and SDH Technology 222 DWDM Technology 223 Dark Fiber 224 WAN Link Categories 224 WAN Transport Technology Pricing and Contract Considerations 225 WAN Design Requirements 226 Response Time 227 Throughput 227 Packet Loss 228 Reliability 228 QoS Considerations for Bandwidth Constraints 228 Classification 229 Congestion Management 230 Traffic Shaping and Policing 231 Link Efficiency 232 Window Size 233 Designing the Enterprise WAN 233 Traditional WAN Designs 234 Star Topology 234 Fully Meshed Topology 235 Partially Meshed Topology 235 Remote-Access Network Design 235 VPN Design 236 Enterprise Versus Service Provider-Managed VPNs 237 Enterprise Managed VPN: IPsec 237 Service Provider-Managed VPNs: MPLS 242 Service Provider-Managed VPNs: Metro Ethernet 242 Service Provider-Managed VPNs: VPLS 243 WAN Backup Strategy Design 244 Using the Internet as a WAN Backup 245 Selecting the Enterprise WAN Architecture 246 Cisco Enterprise MAN and WAN Architecture 247 Selecting Enterprise WAN Components 249 Hardware Selection 249 Designing the Enterprise Branch 251 Enterprise Branch Architecture 251 Enterprise Branch Design 252 New Features on the ISR G2 Routers 253 Small Branch Office Design 254 Medium Branch Office Design 255 Large Branch Office Design 256 Enterprise Teleworker (Cisco Virtual Office Solution) Design 256 New ISRs for Small Offices and Teleworkers 257 Summary 259 References 259 Review Questions 260 Chapter 6 Designing IP Addressing 261 Designing IPv4 Addressing 261 IPv4 Addressing 261 Private and Public Addressing Guidelines 262 Recommended Practices for NAT 262 Developing an Addressing Plan 263 Planning the IP Addressing Hierarchy 266 Design Consideration: Route Summarization Groups 266 Address Blocks by Location 267 Hierarchical IP Addressing Plan 268 Recommended Practices for Name Resolution 270 Locating DHCP and DNS Servers in the Network 272 IP Address Space Planning Road Map 272 Designing IPv6 Addressing 272 IPv6 Addressing 273 Benefits of IPv6 Addressing 273 IPv6 Address Types 274 IPv6 Address Assignment Strategies 277 Identifying IPv6 Name Resolution 277 Making the Transition from IPv4 to IPv6 278 Strategies for IPv6 Deployment 279 Dual-Stack Model 280 Hybrid Model 281 Service Block Model 284 Summary 285 References 286 Review Questions 287 Chapter 7 Designing and Selecting Routing Protocols 289 Reviewing Enterprise Routing Protocols 289 Reviewing Routing Protocol Fundamentals 289 Differentiating Between Distance Vector and Link-State Routing Protocols 289 Differentiating Between Interior and Exterior Routing Protocols 292 Differentiating Between Hierarchical and Flat Routing Protocols 293 Routing Protocol Convergence 294 Routing Protocols for the Enterprise 295 EIGRP 295 Open Shortest Path First 296 Border Gateway Protocol 298 IPv6 Routing 300 Selecting an Enterprise Routing Protocol 301 When to Choose EIGRP 301 When to Choose OSPF 301 Designing a Routing Protocol Deployment 301 Applying Routing Protocols to a Hierarchical Network Structure 301 Routing in the Campus Core 302 Routing in the Building Distribution Layer 302 Routing in the Enterprise Edge Functional Area 302 Route Redistribution 303 Route Redistribution Planning 304 Remote-Access and VPN and Internet Connectivity Module Route Redistribution 305 Route Filtering 306 Route Filtering and Internet Connectivity 306 Route Summarization 306 Recommended Practice: Summarize at the Distribution Layer 307 Recommended Practice: Passive Interfaces for IGP at the Access Layer 308 IPv6 Route Summarization 308 Summary 309 Review Questions 310 Chapter 8 Evaluating Security Solutions for the Network 311 Defining Network Security 311 Network Security Background 312 Security Legislation 312 Threats and Risks 313 Reconnaissance Attacks 314 Vulnerability Assessment 315 Example Threat: Gaining Unauthorized Access to Systems 316 Example Risk: Loss of Availability 318 Everything Is a Potential Target 319 Understanding Network Security Policy and Processes 319 Definition of a Security Policy 319 Risk Assessment and Management 320 Example: Security Policy 322 Network Security Is a Continuous Process 323 Integrating Security Design and Network Design 324 Understanding the Cisco SAFE Approach 325 Cisco SAFE Architecture 325 The Network as a Platform for Security 326 Cisco Security Control Framework 327 Trust and Identity Management 328 Trust 329 Identity 330 Access Control 331 Trust and Identity Management Technologies 331 Example: Cisco IBNS 332 Example: Firewall Filtering Using ACLs 332 Example: Cisco NAC Appliance 333 Identity and Access Control Deployment Locations 333 Threat Defense 335 Incorporating Physical Security 335 Infrastructure Protection 336 Threat Detection and Mitigation 338 Threat Detection and Mitigation Solutions 339 Example: Cisco IronPort ESA 341 Example: Cisco IronPort WSA 341 Secure Connectivity 342 Encryption Fundamentals 343 VPN Protocols 344 Ensuring Privacy 345 Example: Providing Confidentiality over the Internet 347 Example: Protecting Communication over the Public Infrastructure 347 Example: Network Authentication over a VPN 347 Maintaining Data Integrity 347 Example: VPN Tunneling for Data Integrity 348 Example: Implementation of Digital Signatures 349 Security Management 349 Selecting Network Security Solutions 352 Security Integration in Network Devices 352 Cisco IOS Security 352 Security Appliances 354 Intrusion Prevention System 355 Cisco Catalyst Services Modules 356 Endpoint Security Solutions 357 Securing the Enterprise Network 358 Example: Deploying Identity and Access Control in the Enterprise Campus 358 Example: Deploying Threat Detection and Mitigation in the Enterprise Campus 359 Example: Deploying Infrastructure Protection in the Enterprise Campus 359 Example: Deploying Security in the Enterprise Campus 359 Example: Deploying Identity and Access Control in the Enterprise Data Center 361 Example: Deploying Threat Detection and Mitigation in the Enterprise Data Center 361 Example: Deploying Infrastructure Protection in the Enterprise Data Center 361 Example: Deploying Security in the Data Center 361 Example: Deploying Identity and Access Control in the Enterprise Edge 364 Example: Deploying Threat Detection and Mitigation in the Enterprise Edge 364 Example: Deploying Infrastructure Protection in the Enterprise Edge 364 Example: Deploying Security in the Enterprise Edge 366 Summary 367 References 368 Review Questions 369 Chapter 9 Identifying Voice and Video Networking Considerations 371 Integrating Voice and Video Architectures 371 Differentiating Between Analog and Digital Signaling 372 Introducing Voice and Video over IP 373 Voice and Video Standards 376 Terminals 376 Gateways 377 Gatekeepers 377 Multipoint Control Units 378 H.264 379 Introducing VoIP 379 IP Telephony Design Models 381 Introducing Video Considerations 385 Media Application Models 386 Delivery of Media Application 386 Architectural Framework for Media Services 387 Call Control and Transport Protocols 388 Call Control Functions with H.323 388 Voice Conversation with RTP 389 Call Control Functions with SSCP 389 Call Control Functions with SIP 390 Call Control Functions with MGCP 392 Identifying the Requirements of Voice and Video Technologies 393 Minimizing Delay, Jitter, and Loss 394 One-Way Network Delay Recommendations 394 Propagation Delay 394 Serialization Delay 395 Processing Delay 395 Queuing Delay 395 Dejitter Buffers 396 Packet Loss 397 Preventing Echo 398 Echo Canceller Example 399 Echo Cancellation Guidelines 399 Voice Coding and Compression 399 Codec Complexity, DSPs, and Voice Calls 402 Bandwidth Considerations 402 Reducing Voice Traffic with cRTP 403 Reducing Voice Traffic with VAD 403 Voice Bandwidth Calculation 404 Typical Video Resolution and Bandwidth 406 Using QoS for Voice and Video 407 QoS Considerations for Voice and Video in the WAN 413 Call Rerouting Alternatives 414 Call Admission Control Examples 414 Implementing CAC with RSVP 415 Voice Traffic Engineering Overview 416 Summary 418 References 419 Review Questions 420 Chapter 10 Identifying Design Considerations for Basic Wireless Networking 421 Cisco Unified Wireless Network Review 421 Cisco Unified Wireless Network Architecture 421 Cisco Unified Wireless Network Elements 422 CAPWAP and LWAPP Fundamentals 423 Split Media Access Control 425 Local Media Access Control 426 Access Point Modes 427 Wireless Infrastructure 428 Wireless Authentication 430 Overview of WLAN Controllers 432 Access Point Support and Scaling 435 Access Point Scalability Considerations 437 Multiple AP Manager Interface Example 437 Link Aggregation (LAG) with a Single AP Manager Interface Example 439 Wireless Network Controller Technology 440 Lightweight Access Point Connectivity to a WLC 440 WLC Selection 440 Lightweight Access Point Operations 442 Mobility in the Cisco Unified Wireless Network 442 Intracontroller Roaming 443 Intercontroller Roaming-Layer 2 444 Intercontroller Roaming-Layer 3 444 Mobility Groups 446 Mobility Group Requirement Example 447 Recommended Practices for Supporting Roaming 448 Controller Redundancy Design 449 Deterministic Controller Redundancy 449 Dynamic Controller Redundancy 451 N + 1 Redundancy Design 452 N + N Redundancy Design 453 N + N + 1 Redundancy Design 454 Radio Resource Management (RRM) and RF Groups 455 RF Grouping 456 Access Point Self-Healing 458 Designing Wireless Networks Using Controllers 458 RF Site Survey 458 RF Site Survey Process 459 Design Considerations for Campus Wireless Networks 466 CAPWAP Access Point Feature Summary 466 Controller Placement Design 467 Campus Cisco Wireless LAN Controller Options 469 Design Considerations for Branch Wireless Networks 470 Hybrid REAP 470 Branch Office Cisco Wireless LAN Controller Options 472 Design Considerations for Guest Services in Wireless Networks 474 Design Considerations for Outdoor Wireless Networks 474 Wireless Mesh Components 476 Mesh Design Recommendations 477 Summary 478 References 478 Review Questions 479 Appendix A Answers to Review Questions 481 Appendix B Acronyms and Abbreviations 489 9781587204241 TOC 6/29/2011