Optimal Routing Design By Russ White, Don Slice, Alvaro Retana Publisher: Cisco Press Pub Date: June 07, 2005 ISBN: 1-58705-187-7 Pages: 504 Table of Contents | Index The definitive guide to optimizing large-scale IP routing operation and managing network growth Build scalability into new designs and optimize existing, overly complex networks with design best practices presented in this book Learn from real-world case studies leveraging the authors' vast design and support experience Understand the latest routing protocol enhancements and design practices for cutting-edge technologies such as high availability, security, MPLS, and VPNsOptimal Routing Design provides the tools and techniqueslearned through years of experience with network design and deploymentto build a large-scale, or scalable, IP routed network The book uses an easy-to-read approach accessible to novice network designers while presenting invaluable, hard-to-find insight that will appeal to more advanced-level professionals Beginning with an overview of design fundamentals, the authors discuss the tradeoffs between various competing points of network design, the concepts of hierarchical network design, redistribution, and addressing and summarization.This first section provides techniques to work around real-world problems A checklist of questions and design goals provides a useful tool for network design evaluation Part two details specifics on deploying interior gateway protocols, including EIGRP, OSPF, and IS-IS, in real-world networks Updated sections include coverage of new features and deployment techniques and more A chapter on BGP covers using BGP in large-scale networks and to connect to outside domains, such as the Internet Part three starts with a discussion of designing highly available networks from a routing perspective, continues with coverage of routing security, and concludes with a chapter on MPLS Appendices include updated information on the fundamentals of OSPF, IS-IS, EIGRP, and BGP Optimal Routing Design By Russ White, Don Slice, Alvaro Retana Publisher: Cisco Press Pub Date: June 07, 2005 ISBN: 1-58705-187-7 Pages: 504 Table of Contents | Index Copyright About the Authors About the Technical Reviewers Acknowledgments Icons Used in This Book Command Syntax Conventions Foreword Introduction Who Should Read This Book? How This Book Is Organized Final Words Part I Network Design Overview Chapter 1 Network Design Goals and Techniques Goals for Network Design Reliability Reliability and Resiliency Manageability Scalability Layering Summary Review Questions Chapter 2 Applying the Fundamentals Hierarchical Design Addressing and Summarization Redistribution Review Questions Part II Interior Gateway Protocols Chapter 3 EIGRP Network Design Deploying EIGRP on a Large-Scale Three-Layer Hierarchical Network Deploying EIGRP on a Two-Layer Hierarchical Network New Features in EIGRP Case Study: Summarization Methods Case Study: Controlling Query Propagation Case Study: A Plethora of Topology Table Entries Case Study: Troubleshooting EIGRP Neighbor Relationships Case Study: Troubleshooting SIA Routes Case Study: Redistribution Case Study: Retransmissions and SIA Case Study: Multiple EIGRP Autonomous Systems Review Questions Chapter 4 OSPF Network Design Summarization and Aggregation Deploying OSPF on Specific Topologies Case Study: OSPF Externals and the Next Hop Case Study: Troubleshooting OSPF Neighbor Adjacencies Review Questions Chapter 5 IS-IS Network Design Deploying IS-IS on a Three-Layer Hierarchy Deploying IS-IS on a Two-Layer Hierarchy Working with IS-IS Routing Areas Deploying IS-IS on Specific Topologies Other Considerations in IS-IS Scaling Case Study: Troubleshooting IS-IS Neighbor Relationships Review Questions Part III Advanced Network Design Chapter 6 BGP Cores and Network Scalability Case Study: Troubleshooting BGP Neighbor Relationships BGP in the Core Scaling Beyond the Core BGP Network Growing Pains External Connections Review Questions Chapter 7 High Availability and Fast Convergence Considerations in Fast Convergence Fast Down Detection Slowing Down When the Network Speeds Up Calculating the Route Faster Deploying GR and Fast Convergence Technologies Review Questions Chapter 8 Routing Protocol Security Fundamentals of Routing and Security Types of Attacks Against Routing Systems Protecting Routing Domain Legitimacy Protecting Routing Information Future Directions in Routing Protocol Security Review Questions References Chapter 9 Virtual Private Networks MPLS IPSec GRE NHRP Dynamic Multipoint IPSec VPNs Review Questions References Part IV Appendixes Appendix A EIGRP for IP Basics of Operation DUAL Neighbor Relationships Metrics Loop-Free Routes Bounding Queries Using the Metrics Load Balancing Appendix B OSPF Basics of Operation General Theory of OSPF Areas External Route Injection Virtual Links Appendix C Integrated IS-IS Basics of Operation General Theory CLNS Addressing Routing Metrics Building Adjacencies LSP Flooding and SPF Recalculation Timers Neighbor Loss and LSP Regeneration IP Integration into IS-IS Multiple net Statements Appendix D Border Gateway Protocol 4 Basics of Operation A Path Vector Protocol Path Decision Operation The Next Hop Attribute Filtering Synchronization Summarization Appendix E IP Network Design Checklist Basic Network Operations Questions Topological Layout Redistribution and Interconnection Security Appendix F Answers to Review Questions Chapter 1 Chapter 2 Chapter 3 Chapter 4 Chapter 5 Chapter 6 Chapter 7 Chapter 8 Chapter 9 Appendix G Which Routing Protocol? Is One Protocol "Better" Than the Others? Which Designs Play to the Strength of Each Protocol? What Are the Tradeoffs? Index Copyright Copyright© 2005 Cisco Systems, Inc Cisco Press logo is a trademark of Cisco Systems, Inc Published by: Cisco Press 800 East 96th Street Indianapolis, IN 46240 USA All rights reserved No part of this book may be reproduced or transmitted in any form or by any means, electronic or mechanical, including photocopying, recording, or by any information storage and retrieval system, without written permission from the publisher, except for the inclusion of brief quotations in a review Printed in the United States of America 1 2 3 4 5 6 7 8 9 0 First Printing June 2005 Library of Congress Cataloging-in-Publication Number: 2003116562 Warning and Disclaimer This book is designed to provide information about scalable IP network design Every effort has been made to make this book as complete and as accurate as possible, but no warranty or fitness is implied The information is provided on an "as is" basis The authors, Cisco Press, and Cisco Systems, Inc shall have neither liability nor responsibility to any person or entity with respect to any loss or damages arising from the information contained in this book or from the use of the discs or programs that may accompany it The opinions expressed in this book belong to the author and are not necessarily those of Cisco Systems, Inc Trademark Acknowledgments All terms mentioned in this book that are known to be trademarks or service marks have been appropriately capitalized Cisco Press or Cisco Systems, Inc cannot attest to the accuracy of this information Use of a term in this book should not be regarded as affecting the validity of any trademark or service mark Corporate and Government Sales Cisco Press offers excellent discounts on this book when ordered in quantity for bulk purchases or special sales For more information, please contact U.S Corporate and Government Sales at 1800-382-3419 or at corpsales@pearsontechgroup.com For sales outside the U.S., please contact International Sales at international@pearsoned.com Feedback Information At Cisco Press, our goal is to create in-depth technical books of the highest quality and value Each book is crafted with care and precision, undergoing rigorous development that involves the unique expertise of members from the professional technical community Readers' feedback is a natural continuation of this process If you have any comments regarding how we could improve the quality of this book or otherwise alter it to better suit your needs, you can contact us through e-mail at feedback@ciscopress.com Please make sure to include the book title and ISBN in your message We greatly appreciate your assistance Credits Publisher John Wait Editor-in-Chief John Kane Cisco Representative Anthony Wolfenden Cisco Press Program Manager Jeff Brady Executive Editor Brett Bartow Production Manager Patrick Kanouse Senior Development Editor Christopher Cleveland Senior Project Editor Marc Fowler Copy Editor Karen A Gill Technical Editor(s) Neil Lovering, Danny McPherson, Steven Moore Team Coordinator Tammi Barnett Book and Cover Designer Louisa Adair Composition Mark Shirar Indexer Corporate Headquarters Cisco Systems, Inc 170 West Tasman Drive San Jose, CA 95134-1706 USA www.cisco.com Tel: 408 526-4000 800 553-NETS (6387) Fax: 408 526-4100 European Headquarters Cisco Systems International BV Haarlerbergpark Haarlerbergweg 13-19 1101 CH Amsterdam The Netherlands www-europe.cisco.com Tel: 31 0 20 357 1000 Fax: 31 0 20 357 1100 Americas Headquarters Cisco Systems, Inc 170 West Tasman Drive San Jose, CA 95134-1706 USA www.cisco.com Tel: 408 526-7660 Fax: 408 527-0883 Tim Wright Asia Pacific Headquarters Cisco Systems, Inc Capital Tower 168 Robinson Road #22-01 to #29-01 Singapore 068912 www.cisco.com Tel: +65 6317 7777 Fax: +65 6317 7799 Cisco Systems has more than 200 offices in the following countries and regions Addresses, phone numbers, and fax numbers are listed on the Cisco.com Web site at www.cisco.com/go/offices Argentina • Australia • Austria • Belgium • Brazil • Bulgaria • Canada • Chile • China PRC • Colombia • Costa Rica • Croatia • Czech Republic • Denmark • Dubai, UAE • Finland • France • Germany • Greece • Hong Kong SAR • Hungary • India • Indonesia • Ireland • Israel • Italy • Japan • Korea • Luxembourg • Malaysia • Mexico • The Netherlands • New Zealand • Norway • Peru • Philippines • Poland • Portugal • Puerto Rico • Romania • Russia • Saudi Arabia • Scotland • Singapore • Slovakia • Slovenia • South Africa • Spain • Sweden • Switzerland • Taiwan • Thailand • Turkey • Ukraine • United Kingdom • United States • Venezuela • Vietnam • Zimbabwe Copyright © 2003 Cisco Systems, Inc All rights reserved CCIP, CCSP, the Cisco Arrow logo, the Cisco Powered Network mark, the Cisco Systems Verified logo, Cisco Unity, Follow Me Browsing, FormShare, iQ Net Readiness Scorecard, Networking Academy, and ScriptShare are trademarks of Cisco Systems, Inc.; Changing the Way We Work, Live, Play, and Learn, The Fastest Way to Increase Your Internet Quotient, and iQuick Study are service marks of Cisco Systems, Inc.; and Aironet, ASIST, BPX, Catalyst, CCDA, CCDP, CCIE, CCNA, CCNP, Cisco, the Cisco Certified Internetwork Expert logo, Cisco IOS, the Cisco IOS logo, Cisco Press, Cisco Systems, Cisco Systems Capital, the Cisco Systems logo, Empowering the Internet Generation, Enterprise/Solver, EtherChannel, EtherSwitch, Fast Step, GigaStack, Internet Quotient, IOS, IP/TV, iQ Expertise, the iQ logo, LightStream, MGX, MICA, the Networkers logo, Network Registrar, Packet, PIX, Post-Routing, Pre-Routing, RateMUX, Registrar, SlideCast, SMARTnet, StrataView Plus, Stratm, SwitchProbe, TeleRouter, TransPath, and VCO are registered trademarks of Cisco Systems, Inc and/or its affiliates in the U.S and certain other countries (Border Gateway Protocol) 2nd IS-IS 2nd Index [SYMBOL] [A] [B] [C] [D] [E] [F] [G] [H] [I] [J] [K] [L] [M] [N] [O] [P] [Q] [R] [S] [T] [U] [V] [W] [X] scalability and redundancy 2nd scaling BGP (Border Gateway Protocol) 2nd secure origin BGP [See authentication;soBGP] security attacks BGP 2nd IS-IS 2nd 3rd 4th OSPF 2nd 3rd 4th protocol-layer attacks 2nd authentication 2nd transiting transiting trust 2nd 3rd authorization 2nd transiting trust 2nd 3rd 4th brittleness extranets 2nd 3rd BGP dampening prefixes 2nd filtering routes 2nd limiting route count 2nd using EGPs 2nd Internet connections protecting against transit 2nd 3rd route dampening router filtering 2nd IPSec protecting information protocol-layer attacks 2nd RADIUS servers routing attacks disrupting peering 2nd 3rd 4th disrupting routing domain stability 2nd 3rd 4th DoS attacks 2nd 3rd 4th falsifying routing information 2nd routing protocols 802.1x 2nd soBGP 2nd 3rd 4th 5th 6th 7th 8th 9th routing systems social engineering 2nd TACACs servers TCP trust 2nd 3rd 4th selecting appropriate hierarchical networks selector bits separating network functionality 2nd set metric-type internal command sharing load BGP (Border Gateway Protocol) 2nd 3rd 4th shortest path first (SPF) algorithm [See SPF algorithm] show cdp neighbor detail command show clns neighbor command show ip bgp neighbor command 2nd show ip bgp neighbors command show ip eigrp neighbor command show ip eigrp neighbors command 2nd show ip eigrp topo command 2nd 3rd show ip eigrp topology active command show ip eigrp topology command show ip interface brief command show ip ospf command 2nd show ip ospf neighbor detail command show ip ospf stat command show ip ospf timers rate-limit command show ip protocols command show ip route command show is-is nsf command show isis data detail command show isis database command show isis database detail command show isis spf-log command SIA SIA routes, troubleshooting 2nd 3rd 4th 5th 6th 7th SIAs (Stuck-in-Actives) signaling, link local 2nd single point of redistribution Smoothed Round Trip Time (SRRT), EIGRP soBGP (secure origin Border Gateway Protocol soBGP (secure origin Border Gateway Protocol) authentication 2nd 3rd authorization 2nd internetwork topology mapping 2nd social engineering 2nd sockets SONET 2nd errors SoO attribute (EIGRP) 2nd speakers BGP (Border Gateway Protocol) 2nd SPF incremental IS-IS IS-IS SPF () calculation time IS-IS () OSPF exponential backoff setting timers 2nd 3rd flooding link-state incremental SPF 2nd link-state partial SPF 2nd SPF (shortest path first) algorithm SPF throttling SPF timer spf-interval command SSH (secure shell) passwords standards track RFCs for IS-IS states BGP neighbors stub areas reducing flooding 2nd 3rd stub routers 2nd 3rd 4th 5th 6th stub routing subnetworks BGP (Border Gateway Protocol) 2nd suboptimal routing 2nd summarization 2nd 3rd 4th 5th BGP configuring in IS-IS controlling query propagation 2nd 3rd core layer 2nd summarizing into core 2nd summarizing to distribution layer 2nd distribute lists 2nd distribution layer summarizing toward core 2nd 3rd summarizing toward remote sites 2nd 3rd IP summary addresses 2nd 3rd 4th IS-IS multiple topology table entries 2nd 3rd versus aggregation summarizing IP addresses 2nd 3rd metrics 2nd suboptimal routing 2nd summary command suppress adjacency (SA) bit suppress limit route dampening BGP 2nd synchronization iBGP 2nd Index [SYMBOL] [A] [B] [C] [D] [E] [F] [G] [H] [I] [J] [K] [L] [M] [N] [O] [P] [Q] [R] [S] [T] [U] [V] [W] [X] tables BGP (Border Gateway Protocol) BGP load sharing (Border Gateway Protocol) 2nd tags [See route tags] TCP attacks TCP reset attack TCP reset attacks Telnet passwords three-layer hierarchies 2nd throttling LSA SPF Time To Live (TTL) mechanism timers 2nd IS-IS link-state generation timer link-state update generation OSPF SPF exponential backfoff 2nd 3rd SPF runs SPF timer timers active command timers lsa arrival command timers nsf route-hold command timers throttle lsa all command topologies BGP (Border Gateway Protocol) full mesh 2nd 3rd hub-and-spoke 2nd 3rd 4th topology maps, soBGP 2nd topology table EIGRP clearing totally NSSAs 2nd totally stubby areas traffic engineering IS-IS tranport mode, IPSec transit networks BGP (Border Gateway Protocol) 2nd transport-level attacks against BGP 2nd against EIGRP against OSPF/IS-IS 2nd 3rd troubleshooting EIGRP neighbor relationships 2nd mismatching primary addresses 2nd 3rd multicast delivery problems 2nd 3rd 4th OSPF neighbor adjacencies 2nd 3rd 4th trust, security aspects 2nd trust, transitive 2nd 3rd 4th TSNRFA (totally stubby not really full area) TTL (Time To Live) mechanism tunnel mode, IPSec two-layer hierarchies 2nd Index [SYMBOL] [A] [B] [C] [D] [E] [F] [G] [H] [I] [J] [K] [L] [M] [N] [O] [P] [Q] [R] [S] [T] [U] [V] [W] [X] updates BGP (Border Gateway Protocol) Index [SYMBOL] [A] [B] [C] [D] [E] [F] [G] [H] [I] [J] [K] [L] [M] [N] [O] [P] [Q] [R] [S] [T] [U] [V] [W] [X] virtual links virtual terminal passwords VPNs MPLS BGP/MPLS VPNs 2nd 3rd 4th 5th 6th 7th overlaying routing onto peer-to-peer routing over multipoint GRE tunnels 2nd 3rd Index [SYMBOL] [A] [B] [C] [D] [E] [F] [G] [H] [I] [J] [K] [L] [M] [N] [O] [P] [Q] [R] [S] [T] [U] [V] [W] [X] wait timers 2nd wide metric mode IS-IS wide metrics Index [SYMBOL] [A] [B] [C] [D] [E] [F] [G] [H] [I] [J] [K] [L] [M] [N] [O] [P] [Q] [R] [S] [T] [U] [V] [W] [X] X.509vs certificate, soBGP X_Toc443878965 X_Toc443878966 X_Toc443878967 X_Toc443878970 X_Toc443878971 X_Toc443878973 X_Toc443878974 X_Toc443878976 X_Toc443878977 X_Toc443878978 X_Toc443878985 X_Toc443878986 X_Toc443878988 X_Toc443878990 X_Toc443878991 X_Toc443878992 X_Toc443878995 X_Toc443880057 X_Toc443880058 X_Toc443880059 X_Toc443880060 X_Toc443880061 X_Toc443880064 X_Toc443880065 X_Toc443880066 X_Toc443880067 X_Toc443880070 X_Toc443880071 X_Toc443880073 X_Toc443880075 X_Toc443880076 X_Toc443880077 X_Toc443880084 X_Toc443880087 X_Toc443883204 X_Toc443883205 X_Toc443883206 X_Toc443883207 X_Toc443883208 X_Toc443883211 X_Toc443883212 X_Toc443883213 X_Toc443883215 X_Toc443883218 X_Toc443883219 X_Toc443883221 X_Toc443883222 X_Toc443883224 X_Toc443883225 X_Toc443883226 X_Toc443883233 X_Toc443883234 X_Toc445001269 X_Toc445001270 X_Toc445001271 X_Toc445001272 X_Toc445001273 X_Toc445001275 X_Toc445001276 X_Toc445001277 X_Toc445001279 X_Toc445001281 X_Toc445001282 X_Toc445001283 X_Toc445001285 X_Toc445001286 X_Toc445001288 X_Toc445001289 X_Toc445001290 X_Toc445001297 X_Toc445001298 X_Toc446431080 X_Toc446431081 X_Toc446431082 X_Toc446431083 X_Toc446431084 X_Toc446431086 X_Toc446431087 X_Toc446431088 X_Toc446431092 X_Toc446431095 X_Toc446431096 X_Toc446431098 X_Toc446431099 X_Toc446431101 X_Toc446431102 X_Toc446431104 X_Toc446431105 X_Toc446431106 X_Toc446431107 X_Toc446431108 X_Toc446431109 X_Toc446431110 X_Toc446431324 X_Toc446431325 X_Toc446431326 X_Toc446431327 X_Toc446431328 X_Toc446431330 X_Toc446431331 X_Toc446431332 X_Toc446431336 X_Toc446431339 X_Toc446431340 X_Toc446431342 X_Toc446431343 X_Toc446431345 X_Toc446431346 X_Toc446431348 X_Toc446431349 X_Toc446431350 X_Toc446431351 X_Toc446431352 X_Toc446431353 X_Toc446431354 X_Toc446431767 X_Toc446431768 X_Toc446431769 X_Toc446431770 X_Toc446431771 X_Toc446431773 X_Toc446431774 X_Toc446431775 X_Toc446431779 X_Toc446431782 X_Toc446431783 X_Toc446431785 X_Toc446431786 X_Toc446431788 X_Toc446431789 X_Toc446431791 X_Toc446431792 X_Toc446431793 X_Toc446431794 X_Toc446431795 X_Toc446431796 X_Toc446431797 X_Toc446432477 X_Toc446432478 X_Toc446432479 X_Toc446432480 X_Toc446432481 X_Toc446432482 X_Toc446432484 X_Toc446432485 X_Toc446432486 X_Toc446432490 X_Toc446432493 X_Toc446432494 X_Toc446432496 X_Toc446432497 X_Toc446432499 X_Toc446432500 X_Toc446432502 X_Toc446432503 X_Toc446432504 X_Toc446432505 X_Toc446432506 X_Toc446432507 X_Toc446432508 ... Cisco Systems, Inc.; and Aironet, ASIST, BPX, Catalyst, CCDA, CCDP, CCIE, CCNA, CCNP, Cisco, the Cisco Certified Internetwork Expert logo, Cisco IOS, the Cisco IOS logo, Cisco Press, Cisco Systems, Cisco Systems Capital, the Cisco Systems logo, Empowering the Internet Generation, Enterprise/Solver,.. .Optimal Routing Design By Russ White, Don Slice, Alvaro Retana Publisher: Cisco Press Pub Date: June 07, 2005 ISBN: 1-58705-187-7 Pages: 504 Table of Contents... What Are the Tradeoffs? Index Copyright Copyright© 2005 Cisco Systems, Inc Cisco Press logo is a trademark of Cisco Systems, Inc Published by: Cisco Press 800 East 96th Street Indianapolis, IN 46240 USA All rights reserved