- •Contents
- •List of Figures
- •List of Tables
- •About the Author
- •Acknowledgements
- •Abbreviations
- •Introduction
- •1 Hardware Design
- •1.1 Separation of Routing and Forwarding Functionality
- •1.2 Building Blocks
- •1.2.1 Control Module
- •1.2.2 Forwarding Module
- •1.2.4 Stateful Failover
- •1.3 To Flow or Not to Flow?
- •1.4 Hardware Redundancy, Single Chassis or Multi Chassis
- •2 Transport Media
- •2.1 Maximum Transmission Unit (MTU)
- •2.1.1 Path MTU Discovery
- •2.1.2 Port Density
- •2.1.3 Channelized Interfaces
- •2.2 Ethernet
- •2.2.1 Address Resolution Protocol (ARP)
- •2.3 Asynchronous Transfer Mode (ATM)
- •2.4 Packet Over SONET (POS)
- •2.5.1 Intelligent Protection Switching
- •2.6 (Fractional) E1/T1/E3/T3
- •2.7 Wireless Transport
- •2.7.1 Regulatory Constraints
- •2.7.2 Interference
- •2.7.3 Obstructions
- •2.7.4 Atmospheric Conditions
- •3.1.1 Management Ethernet
- •3.1.2 Console Port
- •3.1.3 Auxiliary (Aux) Port
- •3.1.4 Remote Power Management
- •3.1.5 Uninterruptible Power Supplies (UPS)
- •3.2 Network Time Protocol (NTP)
- •3.3 Logging
- •3.4 Simple Network Management Protocol (SNMP)
- •3.4.1 SNMPv1, v2c and v3
- •3.5 Remote Monitoring (RMON)
- •3.6 Network Management Systems
- •3.6.1 CiscoWorks
- •3.6.2 JUNOScope
- •3.7.1 Concurrent Version System (CVS)
- •3.8 To Upgrade or Not to Upgrade
- •3.8.1 Software Release Cycles
- •3.9 Capacity Planning Techniques
- •4 Network Security
- •4.1 Securing Access to Your Network Devices
- •4.1.1 Physical Security
- •4.1.2 Authentication, Authorization and Accounting (AAA)
- •4.2 Securing Access to the Network Infrastructure
- •4.2.1 Authentication of Users, Hosts and Servers
- •4.2.2 Encryption of Information
- •4.2.3 Access Tools and Protocols
- •4.2.4 IP Security (IPsec)
- •4.2.5 Access Control Lists
- •4.2.6 RFC 1918 Addresses
- •4.2.7 Preventing and Tracing Denial of Service (DoS) Attacks
- •5 Routing Protocols
- •5.1 Why Different Routing Protocols?
- •5.2 Interior Gateway Protocols (IGP)
- •5.2.1 Open Shortest Path First (OSPF)
- •5.2.2 Authentication of OSPF
- •5.2.3 Stub Areas, Not So Stubby Areas (NSSA) and Totally Stubby Areas
- •5.2.4 OSPF Graceful Restart
- •5.2.5 OSPFv3
- •5.2.8 IS-IS Graceful Restart
- •5.2.9 Routing Information Protocol (RIP)
- •5.2.10 Interior Gateway Routing Protocol (IGRP) and Enhanced Interior Gateway Routing Protocol (EIGRP)
- •5.2.11 Diffusing Update Algorithm (DUAL)
- •5.2.12 Stuck-in-Active
- •5.2.13 Why use EIGRP?
- •5.3 Exterior Protocols
- •5.3.1 Border Gateway Protocol (BGP)
- •5.3.2 Authentication of BGP
- •5.3.3 BGP Graceful Restart
- •5.3.4 Multiprotocol BGP
- •6 Routing Policy
- •6.1 What is Policy For?
- •6.1.1 Who Pays Whom?
- •6.2 Implementing Scalable Routing Policies
- •6.3 How is Policy Evaluated?
- •6.3.2 The Flow of Policy Evaluation
- •6.4 Policy Matches
- •6.5 Policy Actions
- •6.5.1 The Default Action
- •6.5.2 Accept/Permit, Reject/Deny, and Discard
- •6.6 Policy Elements
- •6.7 AS Paths
- •6.9 Internet Routing Registries
- •6.10 Communities
- •6.11 Multi-Exit Discriminator (MED)
- •6.12 Local Preference
- •6.13 Damping
- •6.14 Unicast Reverse Path Forwarding
- •6.15 Policy Routing/Filter-Based Forwarding
- •6.16 Policy Recommendations
- •6.16.1 Policy Recommendations for Customer Connections
- •6.16.2 Policy Recommendations for Peering Connections
- •6.16.3 Policy Recommendations for Transit Connections
- •6.17 Side Effects of Policy
- •7 Multiprotocol Label Switching (MPLS)
- •7.2 Label Distribution Protocols
- •7.3 Tag Distribution Protocol (TDP)
- •7.4 Label Distribution Protocol (LDP)
- •7.4.1 LDP Graceful Restart
- •7.5.1 RSVP-TE Graceful Restart
- •7.6 Fast Reroute
- •7.7 Integrating ATM and IP Networks
- •7.8 Generalized MPLS (GMPLS)
- •8 Virtual Private Networks (VPNs)
- •8.1 VPNs at Layer 3
- •8.1.1 Layer 3 VPN (RFC 2547bis)
- •8.1.2 Generic Router Encapsulation (GRE)
- •8.1.3 IPsec
- •8.2 VPNs at Layer 2
- •8.2.1 Circuit Cross-Connect (CCC)
- •8.2.3 Martini (Layer 2 circuits)
- •8.2.4 Virtual Private Wire Service (VPWS)
- •8.2.5 Virtual Private LAN Service (VPLS)
- •8.2.6 Layer 2 Tunnelling Protocol (L2TP)
- •9.1 Design and Architectural Issues of CoS/QoS
- •9.2 CoS/QoS Functional Elements
- •9.2.3 Congestion Avoidance Mechanisms
- •9.2.4 Queueing Strategies
- •9.3 QoS Marking Mechanisms
- •9.3.1 Layer 2 Marking
- •9.3.2 Layer 3 QoS
- •9.3.3 MPLS EXP
- •9.4 Integrating QoS at Layer 2, in IP and in MPLS
- •9.4.1 DiffServ Integration with MPLS
- •10 Multicast
- •10.1 Multicast Forwarding at Layer 2
- •10.1.1 Multicast on Ethernet and FDDI
- •10.1.2 Multicast Over Token Ring
- •10.1.3 Internet Group Management Protocol (IGMP)
- •10.1.4 IGMP Snooping
- •10.1.5 PIM/DVMRP Snooping
- •10.1.6 Immediate Leave Processing
- •10.1.7 Cisco Group Management Protocol (CGMP)
- •10.2 Multicast Routing
- •10.2.1 Reverse Path Forwarding (RPF) Check
- •10.2.2 Dense Mode Protocols
- •10.2.3 Sparse Mode Protocols
- •10.2.4 Multicast Source Discovery Protocol (MSDP)
- •10.2.5 Multiprotocol BGP
- •10.2.6 Multicast Scoping
- •11.1 Evolution and Revolution
- •11.2 IPv6 Headers
- •11.3 IPv6 Addressing
- •11.3.1 Hierarchical Allocations
- •11.3.2 Address Classes
- •11.5 Domain Name System (DNS)
- •11.6 Transition Mechanisms
- •11.6.1 Dual Stack
- •11.6.3 Tunnelling IPv6 in IPv4
- •11.7 Routing in IPv6
- •11.7.2 OSPFv3
- •11.7.3 RIPng
- •11.7.4 Multiprotocol BGP
- •11.8 Multicast in IPv6
- •11.9 IPv6 Security
- •11.10 Mobility in IPv6
- •References
- •Index
158 |
IPv6 |
table from several locations, each client will use the ‘nearest’ server to source the content. It is worth noting that anycast addresses are taken from the global unicast address space and are syntactically indistinguishable from any other unicast address.
Anycast addresses in IPv6 require a prefix length, which defines the topological area within which all the members of the anycast group are located. Within that area, the anycast address must be maintained as a host route. If, as might commonly be the case, the devices are distributed globally, then there is no way to constrain the scope of the host route. This is clearly going to limit the scalability and applicability of such a mechanism.
11.4 STATELESS AUTOCONFIGURATION
Manual configuration of addresses represented as 32 hexadecimal digits on every host in a network certainly presents an administrative headache. Such long addresses are prone to misconfiguration through simple typing errors. However, in this area IPv6 provides significant potential benefits over IPv4. The term stateless refers to the fact that no server needs to maintain any state with respect to the available networks or the range of valid host addresses. Instead, the interface address is derived from information already held by the interface (e.g. the MAC address) and the network prefix announced by on-net routers in their router advertisements. The routers sourcing the router advertisements clearly know the prefix because they have a manually configured interface address with an associated prefix length. This does not provide any obvious benefit for routers in the network. However, for hosts, it provides a significant benefit. The administrative load associated with managing large numbers of hosts attached to a network is significantly reduced. There is, of course, nothing to prevent the address of an interface being statically configured or the use of a stateful autoconfiguration mechanism like DHCP.
11.5 DOMAIN NAME SYSTEM (DNS)
As mentioned above, addresses represented as 32 hexadecimal digits are prone to mistyping and also, significantly, are more difficult to remember than the dotted quad format of IPv4 addresses. Therefore, DNS takes on a new importance with respect to providing human readable addresses for IPv6 interfaces. Names are mapped to IPv6 addresses using AAAA (pronounced ‘quad A’) records. The domain analogous to IPv4’s in-addr.arpa for IPv6 is ip6.int. Reverse resolution of IPv6 addresses uses a very long format as demonstrated below:
1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.F.E.D.C.B.A.9.8.7.6.5.4.3.2.1.ip6.int.
This is the reverse entry for 1234:5678:9ABC:DEF0:0000:0000:0000:0001.