1. Trang chủ
  2. » Giáo Dục - Đào Tạo

Cisco press MPLS and VPN architectures volume II

611 46 0

Đang tải... (xem toàn văn)

Tài liệu hạn chế xem trước, để xem đầy đủ mời bạn chọn Tải xuống

THÔNG TIN TÀI LIỆU

Thông tin cơ bản

Định dạng
Số trang 611
Dung lượng 8,92 MB

Nội dung

• Table of Contents • Index MPLS and VPN Architectures, Volume II ByJim Guichard, Ivan Pepelnjak, Jeff Apcar Publisher: Cisco Press Pub Date: June 06, 2003 ISBN: 1-58705-112-5 Pages: 504 WithMPLS and VPN Architectures, Volume II , you'll learn: How to integrate various remote access technologies into the backbone providing VPN service to many different types of customers The new PE-CE routing options as well as other advanced features, including per-VPN Network Address Translation (PE-NAT) How VRFs can be extended into a customer site to provide separation inside the customer network The latest MPLS VPN security features and designs aimed at protecting the MPLS VPN backbone How to carry customer multicast traffic inside a VPN The latest inter-carrier enhancements to allow for easier and more scalable deployment of inter-carrier MPLS VPN services Advanced troubleshooting techniques including router outputs to ensure high availability MPLS and VPN Architectures, Volume II , builds on the best-selling MPLS and VPN Architectures, Volume I (1-58705-002-1), from Cisco Press Extending into more advanced topics and deployment architectures, Volume II provides readers with the necessary tools they need to deploy and maintain a secure, highly available VPN MPLS and VPN Architectures, Volume II , begins with a brief refresher of the MPLS VPN Architecture Part II describes advanced MPLS VPN connectivity including the integration of service provider access technologies (dial, DSL, cable, Ethernet) and a variety of routing protocols (IS-IS, EIGRP, and OSPF), arming the reader with the knowledge of how to integrate these features into the VPN backbone Part III details advanced deployment issues including security, outlining the necessary steps the service provider must take to protect the backbone and any attached VPN sites, and also detailing the latest security features to allow more advanced topologies and filtering This part also covers multi-carrier MPLS VPN deployments Finally, Part IV provides a methodology for advanced MPLS VPN troubleshooting MPLS and VPN Architectures, Volume II , also introduces the latest advances in customer integration, security, and troubleshooting features essential to providing the advanced services based on MPLS VPN technology in a secure and scalable way This book is part of the Networking Technology Series from Cisco Press, which offers networking professionals valuable information for constructing efficient networks, understanding new technologies, and building successful careers • Table of Contents • Index MPLS and VPN Architectures, Volume II ByJim Guichard, Ivan Pepelnjak, Jeff Apcar Publisher: Cisco Press Pub Date: June 06, 2003 ISBN: 1-58705-112-5 Pages: 504 WithMPLS and VPN Architectures, Volume II , you'll learn: How to integrate various remote access technologies into the backbone providing VPN service to many different types of customers The new PE-CE routing options as well as other advanced features, including per-VPN Network Address Translation (PE-NAT) How VRFs can be extended into a customer site to provide separation inside the customer network The latest MPLS VPN security features and designs aimed at protecting the MPLS VPN backbone How to carry customer multicast traffic inside a VPN The latest inter-carrier enhancements to allow for easier and more scalable deployment of inter-carrier MPLS VPN services Advanced troubleshooting techniques including router outputs to ensure high availability MPLS and VPN Architectures, Volume II , builds on the best-selling MPLS and VPN Architectures, Volume I (1-58705-002-1), from Cisco Press Extending into more advanced topics and deployment architectures, Volume II provides readers with the necessary tools they need to deploy and maintain a secure, highly available VPN MPLS and VPN Architectures, Volume II , begins with a brief refresher of the MPLS VPN Architecture Part II describes advanced MPLS VPN connectivity including the integration of service provider access technologies (dial, DSL, cable, Ethernet) and a variety of routing protocols (IS-IS, EIGRP, and OSPF), arming the reader with the knowledge of how to integrate these features into the VPN backbone Part III details advanced deployment issues including security, outlining the necessary steps the service provider must take to protect the backbone and any attached VPN sites, and also detailing the latest security features to allow more advanced topologies and filtering This part also covers multi-carrier MPLS VPN deployments Finally, Part IV provides a methodology for advanced MPLS VPN troubleshooting MPLS and VPN Architectures, Volume II , also introduces the latest advances in customer integration, security, and troubleshooting features essential to providing the advanced • Table of Contents • Index MPLS and VPN Architectures, Volume II ByJim Guichard, Ivan Pepelnjak, Jeff Apcar Publisher: Cisco Press Pub Date: June 06, 2003 ISBN: 1-58705-112-5 Pages: 504 Copyright WithMPLS andAuthors VPN Architectures, Volume II , you'll learn: About the About the Technical Reviewers About Content Reviewer How the to integrate various Acknowledgments service to many remote access technologies into the backbone providing VPN different types of customers Introduction The new PE-CE Who Should Read routing This Book?options as well as other advanced features, including per-VPN Network Address Translation (PE-NAT) How This Book Is Organized Icons Used in This Book How VRFs can be extended into a customer site to provide separation inside the Command Conventions customerSyntax network Part I Introduction TheChapter latest1.MPLS VPNArchitecture security Overview features and designs aimed at protecting the MPLS VPN MPLS VPN backbone MPLS VPN Terminology Connection-Oriented VPNs How to carry customer multicast traffic inside a VPN Connectionless VPNs MPLS-Based VPNs The latest inter-carrier enhancements to allow for easier and more scalable deployment New MPLS VPN Developments of inter-carrier MPLS VPN services Summary Advanced troubleshooting techniques including router outputs to ensure high availability Part II Advanced PE-CE Connectivity Chapter Remote Access to an MPLS VPN MPLS and VPN Architectures, Volume II , builds on the best-selling MPLS and VPN Feature Enhancements for MPLS VPN Remote Access Architectures, Volume I (1-58705-002-1), from Cisco Press Extending into more advanced of Access Protocols and Procedures topics andOverview deployment architectures, Volume II provides readers with the necessary tools Dial-In to an MPLS VPN they need Providing to deploy andAccess maintain a secure, highly available VPN Providing Dial-Out Access via LSDO MPLS and Providing VPN Architectures, II , begins with a brief refresher of the MPLS VPN Dial-Out AccessVolume Without LSDO (Direct ISDN) Architecture Part II describes advanced MPLS VPN connectivity including the integration of Providing Dial Backup for MPLS VPN Access service provider access technologies (dial, DSL, cable, Ethernet) and a variety of routing Providing DSL Access to an MPLS VPN protocols (IS-IS, EIGRP, and OSPF), arming the reader with the knowledge of how to Providing Cable Access an MPLS integrate these features intotothe VPNVPN backbone Part III details advanced deployment issues Advanced Features for MPLS Remote Access including security, outlining the VPN necessary steps the service provider must take to protect the backbone Summary and any attached VPN sites, and also detailing the latest security features to allow more advanced and filtering This part covers multi-carrier MPLS VPN Chapter 3.topologies PE-CE Routing Protocol Enhancements and also Advanced Features deployments PartOSPF IV provides a methodology for advanced MPLS VPN PE-CEFinally, Connectivity: troubleshooting PE-CE Connectivity: Integrated IS-IS PE-CE Connectivity: EIGRP MPLS and VPN Architectures, Volume II , also introduces the latest advances in customer Summary integration, security, and troubleshooting features essential to providing the advanced Chapter Virtual Router Connectivity Configuring Virtual Routers on CE Routers Linking the Virtual Router with the MPLS VPN Backbone VRF Selection Based on Source IP Address Performing NAT in a Virtual Router Environment Summary Part III Advanced Deployment Scenarios • • Table of Contents Chapter Protecting the MPLS-VPN Backbone Index Inherent Security Capabilities MPLS and VPN Architectures, Volume II Neighbor Authentication ByJim Guichard, Ivan Pepelnjak, Jeff Apcar CE-to-CE Authentication Control of Routes That Are Injected into a VRF Publisher: Cisco Press PE to CE Circuits Pub Date: June 06, 2003 Extranet Access ISBN: 1-58705-112-5 Internet Access Pages: 504 IPSec over MPLS Summary Chapter Large-Scale Routing and Multiple Service Provider Connectivity Large Scale Routing: Carrier's Carrier Solution Overview Carrier Backbone Connectivity WithMPLS and VPN Architectures, Volume II , you'll learn: Label Distribution Protocols on PE-CE Links BGP-4 Between PE/CE Routers How Hierarchical to integrate various access VPNs: Carrier'sremote Carrier MPLS VPNs technologies into the backbone providing VPN service to many different types of customers VPN Connectivity Between Different Service Providers Summary The new PE-CE routing options as well as other advanced features, including per-VPN Chapter Address Multicast VPN Network Translation (PE-NAT) Introduction to IP Multicast How Enterprise VRFs can be extended into a customer site to provide separation inside the Multicast in a Service Provider Environment customer network mVPN Architecture MDTs The latest MPLS VPN security features and designs aimed at protecting the MPLS VPN Case Study of mVPN Operation in SuperCom backbone Summary Chapter IP customer Version Transport Across an MPLS Backbone How to carry multicast traffic inside a VPN IPv6 Business Drivers The latest inter-carrier enhancements to allow for easier and more scalable deployment Deployment of IPv6 in Existing Networks of inter-carrier MPLS VPN services Quick Introduction to IPv6 In-Depth 6PE Operation and techniques Configuration including router outputs to ensure high availability Advanced troubleshooting Complex 6PE Deployment Scenarios MPLS and Summary VPN Architectures, Volume II , builds on the best-selling MPLS and VPN Architectures, Volume I (1-58705-002-1), from Cisco Press Extending into more advanced Part IV Troubleshooting topics and deployment architectures, Volume II provides readers with the necessary tools Chapter Troubleshooting of MPLS-Based Solutions they need to deploy and maintain a secure, highly available VPN Introduction to Troubleshooting of MPLS-Based Solutions the MPLSVolume BackboneII , begins with a brief refresher of the MPLS VPN MPLS and Troubleshooting VPN Architectures, Other Quick Architecture Part IIChecks describes advanced MPLS VPN connectivity including the integration of MPLS Control Plane Troubleshooting(dial, DSL, cable, Ethernet) and a variety of routing service provider access technologies protocols (IS-IS, EIGRP, and OSPF), arming the reader with the knowledge of how to MPLS Data Plane Troubleshooting integrate these features into the VPN backbone Part III details advanced deployment issues MPLS VPN Troubleshooting including security, outlining the necessary steps the service provider must take to protect the In-Depth MPLS VPN Troubleshooting backbone and any attached VPN sites, and also detailing the latest security features to allow Summary more advanced topologies and filtering This part also covers multi-carrier MPLS VPN Index deployments Finally, Part IV provides a methodology for advanced MPLS VPN troubleshooting MPLS and VPN Architectures, Volume II , also introduces the latest advances in customer integration, security, and troubleshooting features essential to providing the advanced Copyright Copyright© 2003 Cisco Systems, Inc Cisco Press logo is a trademark of Cisco Systems, Inc • Table of Contents • Index Published by: MPLS and VPN Architectures, Volume II Cisco Press By JimWest Guichard , IvanStreet Pepelnjak, Jeff Apcar 201 103rd Indianapolis, IN 46290 USA Publisher: Cisco Press All rights reserved No part of this book may be reproduced or transmitted in any form or by Pub Date: June 06, 2003 any means, electronic or mechanical, including photocopying, recording, or by any ISBN: 1-58705-112-5 information storage and retrieval system, without written permission from the publisher, Pages: 504 except for the inclusion of brief quotations in a review Printed in the United States of America Library of Congress Cataloging-in-Publication Number: 619472051122 WithMPLS and VPN Architectures, Volume II , you'll learn: Warning and Disclaimer How to integrate various remote access technologies into the backbone providing VPN service to many different types of customers This book is designed to provide information about MPLS and VPN architectures Every effort has been made to make this book as complete and as accurate as possible, but no warranty The new PE-CE routing options as well as other advanced features, including per-VPN or fitness is implied Network Address Translation (PE-NAT) The information is provided on an "as is" basis The authors, Cisco Press, and Cisco Systems, How have VRFsneither can be liability extended into a customer to site to person provideor separation inside theto any Inc shall nor responsibility any entity with respect customer network loss or damages arising from the information contained in this book or from the use of the discs or programs that may accompany it The latest MPLS VPN security features and designs aimed at protecting the MPLS VPN backbone The opinions expressed in this book belong to the authors and are not necessarily those of Cisco Systems, Inc How to carry customer multicast traffic inside a VPN The latest inter-carrier enhancements to allow for easier and more scalable deployment Trademark Acknowledgments of inter-carrier MPLS VPN services All terms Advanced mentioned troubleshooting in this booktechniques that are known including to be router trademarks outputsortoservice ensuremarks high availability have been appropriately capitalized Cisco Press or Cisco Systems, Inc cannot attest to the MPLS andofVPN Volume , builds on book the best-selling and VPN accuracy thisArchitectures, information Use of a II term in this should not MPLS be regarded as affecting Architectures, Volume I (1-58705-002-1), from Cisco Press Extending into more advanced the validity of any trademark or service mark topics and deployment architectures, Volume II provides readers with the necessary tools they need to deploy and maintain a secure, highly available VPN Feedback Information MPLS and VPN Architectures, Volume II , begins with a brief refresher of the MPLS VPN Architecture Part II describes advanced MPLS VPN connectivity including the integration of At Cisco Press, our goal is to create in-depth technical books of the highest quality and value service provider access technologies (dial, DSL, cable, Ethernet) and a variety of routing Each book is crafted with care and precision, undergoing rigorous development that involves protocols (IS-IS, EIGRP, and OSPF), arming the reader with the knowledge of how to the unique expertise of members from the professional technical community integrate these features into the VPN backbone Part III details advanced deployment issues including security, outlining thecontinuation necessary steps the service If provider must to protect the Readers' feedback is a natural of this process you have anytake comments backbone and any attached VPN sites, and also detailing the latest security features to allow regarding how we could improve the quality of this book, or otherwise alter it to better suit more advanced topologies and filtering This part also covers multi-carrier MPLS VPN your needs, you can contact us through e-mail at feedback@ciscopress.com Please make deployments Part IV and provides for advanced MPLS VPN sure to includeFinally, the book title ISBN ainmethodology your message troubleshooting Credits MPLS and VPN Architectures, Volume II , also introduces the latest advances in customer integration, security, and troubleshooting features essential to providing the advanced We greatly appreciate your assistance Publisher John Wait Editor-In-Chief John Kane Cisco Representative Anthony Wolfenden • Table of Contents Program Manager •Cisco Press Index MPLS and VPN Architectures, Volume II Manager, Marketing Communications, Cisco Systems Sonia Torres Chavez Scott Miller ByJim Guichard, Ivan Pepelnjak, Jeff Apcar Cisco Marketing Program Manager Edie Quiroz Publisher: Cisco Press Acquisitions Editor Amy Moss Pub Date: June 06, 2003 Production Manager Patrick Kanouse Pages: 504 Editor Development Grant Munroe Project Editor Lori Lyons Copy Editor Karen A Gill ISBN: 1-58705-112-5 Technical Editors WithMPLS and VPN Architectures, Volume II , you'll learn: Content Editor Matt Birkner, Dan Tappan Monique Morrow How to integrate various remote access technologies into the backbone Team Coordinator Tammi Ross providing VPN service to many different types of customers Book Designer Gina Rexrode The new PE-CE routing options as well as other advanced features, including per-VPN Cover Designer Louisa Adair Network Address Translation (PE-NAT) Production Team Mark Shirar How VRFs can be extended into a customer site to provide separation inside the Indexer Tim Wright customer network The latest MPLS VPN security features and designs aimed at protecting the MPLS VPN backbone How to carry customer multicast traffic inside a VPN The latest inter-carrier enhancements to allow for easier and more scalable deployment Corporate Headquarters of inter-carrier MPLS VPN services Cisco Systems, Inc 170 West Tasman Drive Advanced troubleshooting techniques including router outputs to ensure high availability San Jose, CA 95134-1706 USA MPLS and VPN Architectures, Volume II , builds on the best-selling MPLS and VPN www.cisco.com Architectures, Volume I (1-58705-002-1), from Cisco Press Extending into more advanced Tel: 408 526-4000 topics and deployment architectures, Volume II provides readers with the necessary tools 800 553-NETS (6387) they need to deploy and maintain a secure, highly available VPN Fax: 408 526-4100 MPLS and VPN Architectures, Volume II , begins with a brief refresher of the MPLS VPN European Headquarters Architecture Part II describes advanced MPLS VPN connectivity including the integration of Cisco Systems BV service providerInternational access technologies (dial, DSL, cable, Ethernet) and a variety of routing Haarlerbergpark protocols (IS-IS, EIGRP, and OSPF), arming the reader with the knowledge of how to Haarlerbergweg 13-19 into the VPN backbone Part III details advanced deployment issues integrate these features 1101 CH Amsterdam including security, outlining the necessary steps the service provider must take to protect the The Netherlands backbone and any attached VPN sites, and also detailing the latest security features to allow www-europe.cisco.com more advanced topologies and filtering This part also covers multi-carrier MPLS VPN Tel: 31 20 357 1000Part IV provides a methodology for advanced MPLS VPN deployments Finally, Fax: 31 20 357 troubleshooting 1100 Americas Headquarters MPLS and VPN Architectures, Volume II , also introduces the latest advances in customer Cisco Systems, Inc and troubleshooting features essential to providing the advanced integration, security, 170 West Tasman Drive San Jose, CA 95134-1706 USA www.cisco.com Tel: 408 526-7660 Fax: 408 527-0883 Asia Pacific Headquarters • Table of Contents Cisco Systems, Inc • Index Capital Tower MPLS and VPN Architectures, Volume II 168 Robinson Road By Jim Guichard , Ivan Pepelnjak, Jeff Apcar #22-01 to #29-01 Singapore 068912 www.cisco.com Publisher: Cisco Press Tel:Pub +65 6317 Date: June 7777 06, 2003 Fax: +65 6317 7799 ISBN: 1-58705-112-5 Pages: 504 Cisco Systems has more than 200 offices in the following countries and regions Addresses, phone numbers, and fax numbers are listed on the Cisco.comWeb site at www.cisco.com/go/offices Argentina • Australia • Austria • Belgium • Brazil • Bulgaria • Canada • Chile • China PRC • Colombia Costa • Croatia • Volume Czech Republic WithMPLS •and VPNRica Architectures, II , you'llDenmark learn: • Dubai, UAE • Finland • France • Germany • Greece • Hong Kong SAR • Hungary • India • Indonesia • Ireland • Israel • Italy Japan • Korea • Luxembourg • Malaysia • Mexico • The Netherlands • New Zealand • Norway to integrate various• remote into the backbone providing VPN • PeruHow • Philippines • Poland Portugalaccess Puertotechnologies Rico • Romania • Russia • Saudi Arabia • service to many different types of customers Scotland • Singapore • Slovakia • Slovenia • South Africa • Spain • Sweden Switzerland • Taiwan • Thailand • Turkey • Ukraine • United Kingdom • United States • Venezuela • The•new PE-CE routing options as well as other advanced features, including per-VPN Vietnam Zimbabwe Network Address Translation (PE-NAT) Copyright © 2003 Cisco Systems, Inc All rights reserved CCIP, CCSP, the Cisco Arrow logo, How Powered VRFs canNetwork be extended customer site Verified to provide separation inside the Me the Cisco mark,into theaCisco Systems logo, Cisco Unity, Follow customer networkiQ Net Readiness Scorecard, Networking Academy, and ScriptShare Browsing, FormShare, are trademarks of Cisco Systems, Inc.; Changing the Way We Work, Live, Play, and Learn, The latest VPN security featuresQuotient, and designs protecting the MPLS VPN The Fastest WayMPLS to Increase Your Internet andaimed iQuickat Study are service marks of backbone Cisco Systems, Inc.; and Aironet, ASIST, BPX, Catalyst, CCDA, CCDP, CCIE, CCNA, CCNP, Cisco, the Cisco Certified Internetwork Expert logo, Cisco IOS, the Cisco IOS logo, Cisco How to carry customer multicast traffic inside a VPN Press, Cisco Systems, Cisco Systems Capital, the Cisco Systems logo, Empowering the Internet Enterprise/Solver, EtherChannel, Fast scalable Step, GigaStack, TheGeneration, latest inter-carrier enhancements to allow forEtherSwitch, easier and more deployment Internet Quotient, IOS, IP/TV, iQ Expertise, the iQ logo, LightStream, MGX, MICA, the of inter-carrier MPLS VPN services Networkers logo, Network Registrar, Packet, PIX, Post-Routing, Pre-Routing, RateMUX, Registrar, SlideCast, SMARTnet,techniques StrataViewincluding Plus, Stratm, TeleRouter, Advanced troubleshooting routerSwitchProbe, outputs to ensure high availability TransPath, and VCO are registered trademarks of Cisco Systems, Inc and/or its affiliates in the U.S certain other countries MPLS andand VPN Architectures, Volume II , builds on the best-selling MPLS and VPN Architectures, Volume I (1-58705-002-1), from Cisco Press Extending into more advanced All other trademarks mentioned in thisVolume document or Web readers site are with the property of their topics and deployment architectures, II provides the necessary tools respective owners of the word partner does not imply a partnership relationship they need to deployThe anduse maintain a secure, highly available VPN between Cisco and any other company (0303R) MPLS and VPN Architectures, Volume II , begins with a brief refresher of the MPLS VPN Printed in thePart USAII describes advanced MPLS VPN connectivity including the integration of Architecture service provider access technologies (dial, DSL, cable, Ethernet) and a variety of routing protocols (IS-IS, EIGRP, and OSPF), arming the reader with the knowledge of how to integrate these features into the VPN backbone Part III details advanced deployment issues including security, outlining the necessary steps the service provider must take to protect the backbone and any attached VPN sites, and also detailing the latest security features to allow To myadvanced wife Sadie, for putting with meThis writing bookmulti-carrier and the longMPLS lonely nights more topologies andupfiltering partanother also covers VPN associated with such an undertaking my children Aimee and Thomas, deployments Finally, Part IV providesTo a methodology for advanced MPLS who VPN always help to keep me smiling.—Jim troubleshooting Dedications To myand wifeVPN Karmen, who wasVolume always II there when I needed To my MPLS Architectures, , also introduces theencouragement latest advancesorinsupport customer children Maja and Monika, who waited patiently foressential my attention on too many integration, security, and troubleshooting features to providing the advanced occasions.—Ivan To my wife Anne, who is an exceptional person in every way To my children Caitlin, Conor, and especially Ronan: Despite his constant efforts to reboot my PC, I managed to lose a draft only once.—Jeff • Table of Contents • Index MPLS and VPN Architectures, Volume II ByJim Guichard, Ivan Pepelnjak, Jeff Apcar Publisher: Cisco Press Pub Date: June 06, 2003 ISBN: 1-58705-112-5 Pages: 504 WithMPLS and VPN Architectures, Volume II , you'll learn: How to integrate various remote access technologies into the backbone providing VPN service to many different types of customers The new PE-CE routing options as well as other advanced features, including per-VPN Network Address Translation (PE-NAT) How VRFs can be extended into a customer site to provide separation inside the customer network The latest MPLS VPN security features and designs aimed at protecting the MPLS VPN backbone How to carry customer multicast traffic inside a VPN The latest inter-carrier enhancements to allow for easier and more scalable deployment of inter-carrier MPLS VPN services Advanced troubleshooting techniques including router outputs to ensure high availability MPLS and VPN Architectures, Volume II , builds on the best-selling MPLS and VPN Architectures, Volume I (1-58705-002-1), from Cisco Press Extending into more advanced topics and deployment architectures, Volume II provides readers with the necessary tools they need to deploy and maintain a secure, highly available VPN MPLS and VPN Architectures, Volume II , begins with a brief refresher of the MPLS VPN Architecture Part II describes advanced MPLS VPN connectivity including the integration of service provider access technologies (dial, DSL, cable, Ethernet) and a variety of routing protocols (IS-IS, EIGRP, and OSPF), arming the reader with the knowledge of how to integrate these features into the VPN backbone Part III details advanced deployment issues including security, outlining the necessary steps the service provider must take to protect the backbone and any attached VPN sites, and also detailing the latest security features to allow more advanced topologies and filtering This part also covers multi-carrier MPLS VPN deployments Finally, Part IV provides a methodology for advanced MPLS VPN troubleshooting MPLS and VPN Architectures, Volume II , also introduces the latest advances in customer integration, security, and troubleshooting features essential to providing the advanced About the Authors Jim Guichard, CCIE No 2069, is a Technical Leader II within the Internet Technologies Division (ITD) at Cisco Systems During the past six years at Cisco and previously at IBM, Jim has been involved the design, implementation, and planning of many large-scale WAN and • Table ofin Contents LAN networks His breadth of industry knowledge, hands-on experience, and understanding • Index of complex internetworking architectures have enabled him to provide valued assistance to MPLS and VPN Architectures, Volume II many of Cisco's larger service provider customers His previous publications include MPLS ByJim Guichard, Ivan Pepelnjak, Jeff Apcar and VPN Architectures, by Cisco Press Ivan Publisher: Pepelnjak, Cisco Press CCIE No 1354, is the Chief Technology Advisor and member of the board withPub NIL Data (www.NIL.si), a high-tech data communications company Date: JuneCommunications 06, 2003 that focuses on providing high-value services in new-world service provider technologies ISBN: 1-58705-112-5 Pages: 504 Ivan has more than 10 years of experience in designing, installing, troubleshooting, and operating large corporate and service provider WAN and LAN networks, several of them already deploying MPLS-based virtual private networks (VPNs) He is the author or lead developer of a number of highly successful advanced IP courses covering MPLS/VPN, BGP, OSPF, and IP QoS, and he is the architect of NIL's remote lab solution Ivan's previous WithMPLS and VPN Architectures, II , you'll learn: publications include MPLS and VPNVolume Architectures and EIGRP Network Design Solutions, by Cisco Press How toisintegrate access technologies intoPacific the backbone providing Jeff Apcar a Senior various Design remote Consulting Engineer in the Asia Advanced ServicesVPN to Systems many different types customers groupservice at Cisco He is one of of the Cisco lead consultants on MPLS in the region and has designed MPLS networks for many service providers in AsiaPac using packet-based and The new PE-CE options as well other advanced including(500+ per-VPN cell-based MPLS Jeffrouting has also designed and as maintained large IPfeatures, router networks Network Address Translation (PE-NAT) nodes) and has a broad and deep range of skills covering many facets of networking communications How VRFs can be extended into a customer site to provide separation inside the customer network Jeff has more than 24 years of experience in data communications and holds Dip Tech (Information Processing) and B.App.Sc (Computing Science) (Hons) from the University of The latest MPLS VPN security features and designs aimed at protecting the MPLS VPN Technology, Sydney, Australia backbone How to carry customer multicast traffic inside a VPN The latest inter-carrier enhancements to allow for easier and more scalable deployment of inter-carrier MPLS VPN services Advanced troubleshooting techniques including router outputs to ensure high availability MPLS and VPN Architectures, Volume II , builds on the best-selling MPLS and VPN Architectures, Volume I (1-58705-002-1), from Cisco Press Extending into more advanced topics and deployment architectures, Volume II provides readers with the necessary tools they need to deploy and maintain a secure, highly available VPN MPLS and VPN Architectures, Volume II , begins with a brief refresher of the MPLS VPN Architecture Part II describes advanced MPLS VPN connectivity including the integration of service provider access technologies (dial, DSL, cable, Ethernet) and a variety of routing protocols (IS-IS, EIGRP, and OSPF), arming the reader with the knowledge of how to integrate these features into the VPN backbone Part III details advanced deployment issues including security, outlining the necessary steps the service provider must take to protect the backbone and any attached VPN sites, and also detailing the latest security features to allow more advanced topologies and filtering This part also covers multi-carrier MPLS VPN deployments Finally, Part IV provides a methodology for advanced MPLS VPN troubleshooting MPLS and VPN Architectures, Volume II , also introduces the latest advances in customer integration, security, and troubleshooting features essential to providing the advanced About the Technical Reviewers Matthew H Birkner, CCIE No 3719, is a Technical Leader at Cisco Systems, specializing in IP and MPLS network design He has influenced multiple large carrier and enterprise designs worldwide Matt spoken at Cisco Networkers on MPLS VPN technologies in both the U.S • Tablehas of Contents and EMEA over the past few years A "double CCIE", he has published the Cisco Press book, • Index Cisco Internetwork Design Matt holds a BSEE from Tufts University, where he majored in MPLS and VPN Architectures, Volume II electrical engineering ByJim Guichard, Ivan Pepelnjak, Jeff Apcar Dan Tappan is a distinguished engineer at Cisco Systems He has 20 years of experience withPublisher: internetworking, Cisco Press having worked on the ARPANET transition from NCP to TCP at Bolt, Beranek, and Newman Pub Date: June 06, 2003 For the past several years, Dan has been the technical lead for Cisco'sISBN: implementation 1-58705-112-5 of MPLS (tag switching) and MPLS/VPNs Pages: 504 WithMPLS and VPN Architectures, Volume II , you'll learn: How to integrate various remote access technologies into the backbone providing VPN service to many different types of customers The new PE-CE routing options as well as other advanced features, including per-VPN Network Address Translation (PE-NAT) How VRFs can be extended into a customer site to provide separation inside the customer network The latest MPLS VPN security features and designs aimed at protecting the MPLS VPN backbone How to carry customer multicast traffic inside a VPN The latest inter-carrier enhancements to allow for easier and more scalable deployment of inter-carrier MPLS VPN services Advanced troubleshooting techniques including router outputs to ensure high availability MPLS and VPN Architectures, Volume II , builds on the best-selling MPLS and VPN Architectures, Volume I (1-58705-002-1), from Cisco Press Extending into more advanced topics and deployment architectures, Volume II provides readers with the necessary tools they need to deploy and maintain a secure, highly available VPN MPLS and VPN Architectures, Volume II , begins with a brief refresher of the MPLS VPN Architecture Part II describes advanced MPLS VPN connectivity including the integration of service provider access technologies (dial, DSL, cable, Ethernet) and a variety of routing protocols (IS-IS, EIGRP, and OSPF), arming the reader with the knowledge of how to integrate these features into the VPN backbone Part III details advanced deployment issues including security, outlining the necessary steps the service provider must take to protect the backbone and any attached VPN sites, and also detailing the latest security features to allow more advanced topologies and filtering This part also covers multi-carrier MPLS VPN deployments Finally, Part IV provides a methodology for advanced MPLS VPN troubleshooting MPLS and VPN Architectures, Volume II , also introduces the latest advances in customer integration, security, and troubleshooting features essential to providing the advanced [SYMBOL] [A] [B] [C ] [D] [E] [F] [G] [H] [I ] [K ] [L] [M] [N] [O ] [P ] [R ] [S] [T] [U] [V] [W] maximum routes command controlling routes injected into VRF mBGP MDT updates 2nd 3rd MD5 • key chains MDT • Table of Contents Index updates 2nd 3rd MPLS and VPN Architectures, Volume II MDT-Groups ByJim Guichard, Ivan Pepelnjak, Jeff Apcar MDTs Data-MDT 2nd 3rd 4th 5th 6th 7th 8th 9th Publisher: Cisco Press Default-MDT Pub Date: June 06,interfaces 2003 multicast tunnel 2nd 3rd Default-MDTs ISBN: 1-58705-112-5 2nd MTI Pages: 2nd 504 SSM 2nd 3rd messages Data-MDT joins DHCP 2nd 3rd 4th RADIUS 2nd WithMPLS and VPN Architectures, Volume II , you'll learn: Miercom comparison of Layer 2-based VPNs and MPLS VPNs 2nd 3rd monitoring How to integrate various remote access technologies into the backbone providing VPN different types of customers interface-level CEF 2nd service to many OSPF processes inside VRF 2nd 3rd motivation IPv6PE-CE implementation Thefor new routing2nd options MPLS as well as other advanced features, including per-VPN Network Address Translation (PE-NAT) LSRs 2nd 3rd MPLS VPN How VRFs can be extended into a customer site to provide separation inside the access customer via cable network 2nd 3rd 4th 5th head-end PE router configuration The latest MPLS VPN verifying configuration 2nd security features and designs aimed at protecting the MPLS VPN backbone access via DSL configuring 2nd 3rd How 2nd to carry multicast PPPoA 3rd 4thcustomer 5th 6th 7th 8th traffic inside a VPN PPPoE 2nd 3rd 4th 5th 6th 7th The latest inter-carrier enhancements to allow for easier and more scalable deployment of inter-carrier MPLS VPN services RFC 1483 routed encapsulation RFC 1483 bridged encapsulation 2nd MPLS VPN Superbackbone Advanced troubleshooting techniques including router outputs to ensure high availability MPLS-based VPNs 2nd access technology integration 2nd MPLS and VPN Architectures, Volume II , builds on the best-selling MPLS and VPN penultimate hop popping Architectures, Volume I (1-58705-002-1), from Cisco Press Extending into more advanced technologies involved 2nd 3rd topics and deployment architectures, Volume II provides readers with the necessary tools MTI 2nd they need to deploy and maintain a secure, highly available VPN multi-VRF functionality BGP and VPN Architectures, Volume II , begins with a brief refresher of the MPLS VPN MPLS configuring Part 2nd 3rd 5th Architecture II 4th describes advanced MPLS VPN connectivity including the integration of configuring 2nd 3rd 4th 5th 6th 7th 8th service provider access technologies (dial, DSL, cable, Ethernet) and a variety of routing OSPF protocols (IS-IS, EIGRP, and OSPF), arming the reader with the knowledge of how to configuring 2nd 3rd 4th into the VPN backbone Part III details advanced deployment issues integrate these features multicast domains 2nd 3rd including security, outlining the necessary steps the service provider must take to protect the state flagsand 2nd any attached VPN sites, and also detailing the latest security features to allow backbone multicast forwarding topologies 2nd more advanced and filtering This part also covers multi-carrier MPLS VPN multicast routing table entry Part IV provides a methodology for advanced MPLS VPN deployments Finally, multicast tunnel interfaces 2nd 3rd troubleshooting Multihop MP-eBGP 2nd 3rd 4th 5th 6th between 2nd 3rd 4th 5th MPLS androute VPNreflectors Architectures, Volume II , also introduces the latest advances in customer Multiprotocol BGP integration, security, and troubleshooting features essential to providing the advanced controlling routes injected into VRF 2nd 3rd EIGRP route propagation 2nd extended community attributes CE-to-CE Authentication Token mVPN case study 2nd 3rd 4th 5th 6th 7th 8th 9th 10th 11th 12th 13th 14th 15th 16th 17th 18th 19th 20th 21st 22nd 23rd mVPN architecture 2nd • • multicast domains 2nd 3rd mVRF 2nd Table of Contents Index PIM adjacencies 2nd MPLS and VPN Architectures, Volume II mVPN forwarding ByJim Guichard , Ivan Pepelnjak, Jeff Apcar C-packets 2nd P-packets mVPN state flags 2ndPress Publisher: Cisco mVRF 2nd Pub Date: June 06, 2003 PIM adjacencies 2nd ISBN: 1-58705-112-5 routing entries 2nd 3rd 4th 5th 6th 7th Pages: 504 WithMPLS and VPN Architectures, Volume II , you'll learn: How to integrate various remote access technologies into the backbone providing VPN service to many different types of customers The new PE-CE routing options as well as other advanced features, including per-VPN Network Address Translation (PE-NAT) How VRFs can be extended into a customer site to provide separation inside the customer network The latest MPLS VPN security features and designs aimed at protecting the MPLS VPN backbone How to carry customer multicast traffic inside a VPN The latest inter-carrier enhancements to allow for easier and more scalable deployment of inter-carrier MPLS VPN services Advanced troubleshooting techniques including router outputs to ensure high availability MPLS and VPN Architectures, Volume II , builds on the best-selling MPLS and VPN Architectures, Volume I (1-58705-002-1), from Cisco Press Extending into more advanced topics and deployment architectures, Volume II provides readers with the necessary tools they need to deploy and maintain a secure, highly available VPN MPLS and VPN Architectures, Volume II , begins with a brief refresher of the MPLS VPN Architecture Part II describes advanced MPLS VPN connectivity including the integration of service provider access technologies (dial, DSL, cable, Ethernet) and a variety of routing protocols (IS-IS, EIGRP, and OSPF), arming the reader with the knowledge of how to integrate these features into the VPN backbone Part III details advanced deployment issues including security, outlining the necessary steps the service provider must take to protect the backbone and any attached VPN sites, and also detailing the latest security features to allow more advanced topologies and filtering This part also covers multi-carrier MPLS VPN deployments Finally, Part IV provides a methodology for advanced MPLS VPN troubleshooting MPLS and VPN Architectures, Volume II , also introduces the latest advances in customer integration, security, and troubleshooting features essential to providing the advanced [SYMBOL] [A] [B] [C ] [D] [E] [F] [G] [H] [I ] [K ] [L] [M] [N] [O ] [P ] [R ] [S] [T] [U] [V] [W] NAS (network acces server) NAT 2nd 3rd [See also PE-NAT] translation table neighbor authentication 2nd between PE routers 2nd • • on P-networks 2nd of Contents Table on PE/CE circuits Index2nd 3rd 4th neighbor discovery MPLS and VPN Architectures, Volume II IPv6 ByJim Guichard, Ivan Pepelnjak, Jeff Apcar network architecture point-to-point architecture 2nd 3rd 4th 5th 6th 7th 8th 9th 10th 11th 12th 13th 14th 15th 16th 17th 18th 19th 20th 21stPublisher: 22nd 23rdCisco 24th Press 25th 26th 27th 28th 29th 30th 31st 32nd 33rd 34th 35th 36th 37th 38th 39th 40th 41st 42nd 43rd 2003 44thPub 45thDate: 46thJune 47th06, 48th 49th 50th 51st 52nd 53rd 54th 55th 56th 57th 58th 59th 60th 61st 62nd 63rd 64th 65th 66th 67th 68th ISBN: 69th1-58705-112-5 70th 71st 72nd 73rd 74th 75th 76th 77th 78th 79th 80th 81st 82nd 83rd 84th 85th 86th 87th 88th 89th 90th 91st 92nd504 93rd 94th 95th 96th 97th 98th 99th 100th 101st 102nd 103rd 104th 105th 106th 107th 108th 109th Pages: 110th 111th 112th 113th 114th 115th 116th 117th 118th 119th 120th 121st 122nd 123rd 124th 125th 126th 127th 128th 129th 130th 131st 132nd 133rd 134th 135th 136th 137th 138th 139th 140th 141st 142nd 143rd 144th 145th 146th selecting 2nd 3rd 4th 5th 6th 7th 8th 9th 10th 11th 12th 13th 14th 15th 16th 17th 18th 19th 20th 21st 22nd 23rd 24th 25th 26th 27th 28th 29th 30th 31st 32nd 33rd 34th 35th 36th 37th 38th 39th 40th 41st 42nd 43rd 44th 45th 46th WithMPLS and VPN Architectures, Volume II , you'll learn: 47th 48th 49th 50th 51st 52nd 53rd 54th 55th 56th 57th 58th 59th 60th 61st 62nd 63rd 64th 65th 66th 67th 68th 69th 70th 71st 72nd 73rd 74th 75th 76th 77th 78th 79th 80th 81st 82nd 83rd 84th 85th 86th 87th 88th 89th 90th 91st 92nd 93rd 94th 95th 97th 98th 99th 100th 101st 102nd 103rd 104th 105th 106th 107th 108th 109th 110th 111thVPN 112th How to96th integrate various remote access technologies into the backbone providing 113th 114th 115th 117th 118th 119th 120th 121st 122nd 123rd 124th 125th 126th 127th 128th 129th 130th 131st service to116th many different types of customers 132nd 133rd 134th 135th 136th 137th 138th 139th 140th 141st 142nd 143rd 144th 145th 146th The new PE-CE routing options as well as other advanced features, including per-VPN Network Address Translation (PE-NAT) How VRFs can be extended into a customer site to provide separation inside the customer network The latest MPLS VPN security features and designs aimed at protecting the MPLS VPN backbone How to carry customer multicast traffic inside a VPN The latest inter-carrier enhancements to allow for easier and more scalable deployment of inter-carrier MPLS VPN services Advanced troubleshooting techniques including router outputs to ensure high availability MPLS and VPN Architectures, Volume II , builds on the best-selling MPLS and VPN Architectures, Volume I (1-58705-002-1), from Cisco Press Extending into more advanced topics and deployment architectures, Volume II provides readers with the necessary tools they need to deploy and maintain a secure, highly available VPN MPLS and VPN Architectures, Volume II , begins with a brief refresher of the MPLS VPN Architecture Part II describes advanced MPLS VPN connectivity including the integration of service provider access technologies (dial, DSL, cable, Ethernet) and a variety of routing protocols (IS-IS, EIGRP, and OSPF), arming the reader with the knowledge of how to integrate these features into the VPN backbone Part III details advanced deployment issues including security, outlining the necessary steps the service provider must take to protect the backbone and any attached VPN sites, and also detailing the latest security features to allow more advanced topologies and filtering This part also covers multi-carrier MPLS VPN deployments Finally, Part IV provides a methodology for advanced MPLS VPN troubleshooting MPLS and VPN Architectures, Volume II , also introduces the latest advances in customer integration, security, and troubleshooting features essential to providing the advanced [SYMBOL] [A] [B] [C ] [D] [E] [F] [G] [H] [I ] [K ] [L] [M] [N] [O] [P ] [R ] [S] [T] [U] [V] [W] ODAPs (on-demand address pools) 2nd 3rd 4th 5th 6th 7th off-net access to MPLS VPN features of Cisco IOS services 2nd olist omitting leading zeroes in IPv6 address notation OSPF • • Table of Contents authentication on CE routers Index controlling routes injected intoVolume VRF 2ndII MPLS and VPN Architectures, multi-VRF configuration 2nd 3rd 4th ByJim Guichard, Ivan Pepelnjak, Jeff Apcar PE-CE connectivity basic operation 2nd 3rd Publisher: Cisco controlling LSAPress type generation 2nd Pub Date: June 06, 2003 extended community attribute (BGP) 2nd 3rd monitoring ISBN: 1-58705-112-5 processes inside VRF 2nd 3rd MPLS VPN Superbackbone Pages: 504 process-id requirements router-id, modifying routing loop prevention 2nd sham-links WithMPLS and VPN Architectures, Volume II , you'll learn: VPN client backdoor links 2nd 3rd 4th 5th 6th overlapping circuit addresses avoiding How to integrate various remote access technologies into the backbone providing VPN overlapping VPN configuration on CE routers 2ndof 3rdcustomers 4th service to many different types overload NAT oversized packets The new PE-CE routing options as well as other advanced features, including per-VPN Translation (PE-NAT) troubleshooting 2nd Network Address How VRFs can be extended into a customer site to provide separation inside the customer network The latest MPLS VPN security features and designs aimed at protecting the MPLS VPN backbone How to carry customer multicast traffic inside a VPN The latest inter-carrier enhancements to allow for easier and more scalable deployment of inter-carrier MPLS VPN services Advanced troubleshooting techniques including router outputs to ensure high availability MPLS and VPN Architectures, Volume II , builds on the best-selling MPLS and VPN Architectures, Volume I (1-58705-002-1), from Cisco Press Extending into more advanced topics and deployment architectures, Volume II provides readers with the necessary tools they need to deploy and maintain a secure, highly available VPN MPLS and VPN Architectures, Volume II , begins with a brief refresher of the MPLS VPN Architecture Part II describes advanced MPLS VPN connectivity including the integration of service provider access technologies (dial, DSL, cable, Ethernet) and a variety of routing protocols (IS-IS, EIGRP, and OSPF), arming the reader with the knowledge of how to integrate these features into the VPN backbone Part III details advanced deployment issues including security, outlining the necessary steps the service provider must take to protect the backbone and any attached VPN sites, and also detailing the latest security features to allow more advanced topologies and filtering This part also covers multi-carrier MPLS VPN deployments Finally, Part IV provides a methodology for advanced MPLS VPN troubleshooting MPLS and VPN Architectures, Volume II , also introduces the latest advances in customer integration, security, and troubleshooting features essential to providing the advanced [SYMBOL] [A] [B] [C ] [D] [E] [F] [G] [H] [I ] [K ] [L] [M] [N] [O ] [P] [R ] [S] [T] [U] [V] [W] P-networks authentication 2nd P-packets forwarding PAP passive interfaces • Table of Contents PDBs (Protocol Descriptor Blocks) • Index PE (provider edge) devices MPLS and VPN Architectures, Volume II PE routers ByJim Guichard, Ivan Pepelnjak, Jeff Apcar 6PE configuring Publisher: designingCisco with Press BGP confederations Pub Date: June 2003 designing with06, BGP route reflectors 2nd 3rd inter-AS ISBN: 1-58705-112-5 6PE deployment 2nd inter-MP-BGP Pages: 504 session establishment 2nd 3rd IPv6 datagram forwarding across MPLS backbone 2nd 3rd 4th IPv6 route exchange between CE and PE routers 2nd 3rd route redistribution 2nd 3rd 6PElabeled IPv6 MP-BGP prefixes, configuring 2nd 3rd 4th authentication between 2nd WithMPLS and VPN Architectures, Volume II , you'll learn: PE-CE connectivity EIGRP extended (BGP) 2nd How tocommunity integrateattribute various remote requirements service to 2nd many access technologies into the backbone providing VPN different types of customers route propagation with Multiprotocol BGP 2nd separation VPN routing information 2ndas 3rdwell The newofPE-CE routing options VRF route types 2nd Network Address as other advanced features, including per-VPN Translation (PE-NAT) IS-IS level How1 VRFs topology can 2ndbe 3rdextended 4th into a customer site to provide separation inside the level customer 1-2 topology network 2nd 3rd level topology 2nd The latest 2nd MPLS requirements VPN security features and designs aimed at protecting the MPLS VPN backbone route propagation with Multiprotocol BGP 2nd routing loop prevention 2nd How to carry multicast separation of VPN customer routing information 2nd traffic inside a VPN OSPF The latest inter-carrier enhancements to allow for easier and more scalable deployment of inter-carrier MPLS VPN services controlling LSA type generation 2nd basic operation 2nd 3rd extended community attribute (BGP) 2nd 3rd Advanced troubleshooting techniques including router outputs to ensure high availability monitoring processes inside VRF 2nd 3rd Superbackbone MPLSMPLS andVPN VPN Architectures, Volume II , builds on the best-selling MPLS and VPN process-id Architectures, Volume I (1-58705-002-1), from Cisco Press Extending into more advanced requirements topics and deployment architectures, Volume II provides readers with the necessary tools they router-id, need tomodifying deploy and maintain a secure, highly available VPN routing loop prevention 2nd MPLSsham-links and VPN Architectures, Volume II , begins with a brief refresher of the MPLS VPN VPN client backdoor 2nd 3rd advanced 4th 5th 6th MPLS VPN connectivity including the integration of Architecture Part II links describes overlapping circuit addresses service provider access technologies (dial, DSL, cable, Ethernet) and a variety of routing PE-CE links (IS-IS, EIGRP, and OSPF), arming the reader with the knowledge of how to protocols LDP 2nd 3rd 4th features into the VPN backbone Part III details advanced deployment issues integrate these label distribution CSC the PE and CE routers steps 2nd 3rd the 4th service provider must take to protect the including security,between outlining necessary static default routes 2nd backbone and any attached VPN sites, and also detailing the latest security features to allow address usage 2nd and filtering This part also covers multi-carrier MPLS VPN moretransport advanced topologies PE-NAT deployments Finally, Part IV provides a methodology for advanced MPLS VPN accessing common services 2nd 3rd troubleshooting common server VRF configuration configuring 2nd Architectures, 3rd 4th MPLS and VPN Volume II , also introduces the latest advances in customer customer VRFsecurity, configuration 2nd 3rd 4th integration, and troubleshooting features essential to providing the advanced NAT pool configuration 2nd shared firewalls 2nd 3rd 4th 5th PE/CE circuits authentication 2nd 3rd 4th limiting access with access-lists 2nd 3rd 4th 5th penultimate hop popping per-VRF AAA 2nd 3rd 4th 5th physical site surveys • • Table of Contents perfroming 2nd 3rd 4th 5th 6th 7th 8th 9th 10th 11th 12th 13th 14th 15th 16th 17th 18th 19th 20th 21st 22nd 23rd Index 24th 25th 26th 27th 28th 29th 30th 31st 32nd 33rd 34th 35th 36th 37th 38th 39th 40th 41st 42nd 43rd 44th 45th 46th MPLS and VPN Architectures, Volume II 47th 48th 49th 50th 51st 52nd 53rd 54th 55th 56th 57th 58th 59th 60th 61st 62nd 63rd 64th 65th 66th 67th 68th 69th By Jim71st Guichard , Ivan74th Pepelnjak , Jeff77th Apcar 70th 72nd 73rd 75th 76th 78th 79th 80th 81st 82nd 83rd 84th 85th 86th 87th 88th 89th 90th 91st 92nd 93rd 94th 95th 96th 97th 98th 99th 100th 101st 102nd 103rd 104th 105th 106th 107th 108th 109th 110th 111th 112th 113th 114th 115th Publisher: Cisco116th Press117th 118th 119th 120th 121st 122nd 123rd 124th 125th 126th 127th 128th 129th 130th 131st 132nd 133rd 134th 135th 136th 137th 138th 139th 140th 141st 142nd 143rd 144th 145th 146th Pub Date: June 06, 2003 PIM ISBN: 1-58705-112-5 adjacencies 2nd Pages: 504 PIM Bi-Dir PIM DM PIM SM SSM PIM adjacencies 2nd With MPLS and VPN Architectures, Volume II , you'll learn: pinging between CE routers 2nd point-to-point architecture 2nd 3rd 4th 5th 6th 7th 8th 9th 10th 11th 12th 13th 14th 15th 16th 17th 18th 19th 20th 21st How to integrate various remote access technologies into the backbone providing VPN service to many different types of customers 22nd 23rd 24th 25th 26th 27th 28th 29th 30th 31st 32nd 33rd 34th 35th 36th 37th 38th 39th 40th 41st 42nd 43rd 44th 45th 46th 47th 48th 49th 50th 51st 52nd 53rd 54th 55th 56th 57th 58th 59th 60th 61st 62nd 63rd 64th 65th 66th 67th 68th 69th 70th 71st 72nd 73rd 74th 75th 76th 77th 78th 79th 80th 81st 82nd 83rd 84th 85th 86th 87th 88th 89th 90th The new PE-CE routing options as well as other advanced features, including per-VPN Network Address Translation (PE-NAT) 91st 92nd 93rd 94th 95th 96th 97th 98th 99th 100th 101st 102nd 103rd 104th 105th 106th 107th 108th 109th 110th 111th 112th 113th 114th 115th 116th 117th 118th 119th 120th 121st 122nd 123rd 124th 125th 126th 127th 128th 129th 130th 134th 135th 136th 137th 138thsite 139th 141st separation 142nd 143rd 144th 145th How 131st VRFs132nd can 133rd be extended into a customer to140th provide inside the146th PPP customer network L2TP 2nd LCPThe latest MPLS VPN security features and designs aimed at protecting the MPLS VPN authentication backbone CHAP PPPoA How to carry customer multicast traffic inside a VPN configuring MPLS VPN access via DSL 2nd 3rd 4th PPPoE The latest inter-carrier enhancements to allow for easier and more scalable deployment of inter-carrier MPLSviaVPN configuring MPLS VPN access DSL services 2nd 3rd preventing Advanced troubleshooting IS-IS routing loops 2nd techniques including router outputs to ensure high availability routering loops between OSPF sites 2nd MPLS and VPN Architectures, Volume II , builds on the best-selling MPLS and VPN private IP addresses Architectures, Volume I (1-58705-002-1), from Cisco Press Extending into more advanced NAT topics and deployment architectures, Volume II provides readers with the necessary tools process-id they needfor toVPN deploy selecting clientsand maintain a secure, highly available VPN process-id value (OSPF) MPLS and VPN Architectures, Volume II , begins with a brief refresher of the MPLS VPN propagation of MPLS VPN routes Architecture Part II describes advanced MPLS VPN connectivity including the integration of troubleshooting 2nd service provider access technologies (dial, DSL, cable, Ethernet) and a variety of routing provider control plane protocols (IS-IS, EIGRP, and OSPF), arming the reader with the knowledge of how to provisioning integrate these features into the VPN backbone Part III details advanced deployment issues Internet access 2nd including security, outlining the necessary steps the service provider must take to protect the CE routers with firewall functionality backbone and any attached VPN sites, and also detailing the latest security features to allow default routes more advanced topologies and filtering This part also covers multi-carrier MPLS VPN firewall co-location 2nd deployments Finally, Part IV provides a methodology for advanced MPLS VPN hub-and-spoke topology with global routing table 2nd troubleshooting OSPF VPN customers 2nd public address space MPLS and VPN Architectures, Volume II , also introduces the latest advances in customer IPv6 addresses integration, security, and troubleshooting features essential to providing the advanced • Table of Contents • Index MPLS and VPN Architectures, Volume II ByJim Guichard, Ivan Pepelnjak, Jeff Apcar Publisher: Cisco Press Pub Date: June 06, 2003 ISBN: 1-58705-112-5 Pages: 504 WithMPLS and VPN Architectures, Volume II , you'll learn: How to integrate various remote access technologies into the backbone providing VPN service to many different types of customers The new PE-CE routing options as well as other advanced features, including per-VPN Network Address Translation (PE-NAT) How VRFs can be extended into a customer site to provide separation inside the customer network The latest MPLS VPN security features and designs aimed at protecting the MPLS VPN backbone How to carry customer multicast traffic inside a VPN The latest inter-carrier enhancements to allow for easier and more scalable deployment of inter-carrier MPLS VPN services Advanced troubleshooting techniques including router outputs to ensure high availability MPLS and VPN Architectures, Volume II , builds on the best-selling MPLS and VPN Architectures, Volume I (1-58705-002-1), from Cisco Press Extending into more advanced topics and deployment architectures, Volume II provides readers with the necessary tools they need to deploy and maintain a secure, highly available VPN MPLS and VPN Architectures, Volume II , begins with a brief refresher of the MPLS VPN Architecture Part II describes advanced MPLS VPN connectivity including the integration of service provider access technologies (dial, DSL, cable, Ethernet) and a variety of routing protocols (IS-IS, EIGRP, and OSPF), arming the reader with the knowledge of how to integrate these features into the VPN backbone Part III details advanced deployment issues including security, outlining the necessary steps the service provider must take to protect the backbone and any attached VPN sites, and also detailing the latest security features to allow more advanced topologies and filtering This part also covers multi-carrier MPLS VPN deployments Finally, Part IV provides a methodology for advanced MPLS VPN troubleshooting MPLS and VPN Architectures, Volume II , also introduces the latest advances in customer integration, security, and troubleshooting features essential to providing the advanced [SYMBOL] [A] [B] [C ] [D] [E] [F] [G] [H] [I ] [K ] [L] [M] [N] [O ] [P ] [R ] [S] [T] [U] [V] [W] RADIUS 2nd AV pairs 2nd VSAs 2nd reachability of core networks 2nd redistribute bgp Table command • of Contents redistribution • Index troubleshooting 2nd 3rd MPLS and VPN Architectures, Volume II redundancy ByJim Guichard, Ivan Pepelnjak, Jeff Apcar dial backup for MPLS VPN access 2nd 3rd remote access Publisher: Cisco DHCP 2nd 3rd 4thPress Pub Date: June 06, 2003 PPP L2TP ISBN: 2nd1-58705-112-5 LCP 2nd 3rd Pages: 504 RADIUS 2nd AV pairs 2nd VSAs 2nd VPDNs 2nd 3rd 4th remote access to MPLS VPN WithMPLS and VPN Architectures, Volume II , you'll learn: features of Cisco IOS services 2nd via cable 2nd 3rd 4th 5th head router configuration Howend toPE integrate various verifying 2nd serviceconfiguration to many different remote access technologies into the backbone providing VPN types of customers renumbering IPv6 addresses The new PE-CE requirements Network routing options as well as other advanced features, including per-VPN Address Translation (PE-NAT) for EIGRP PE-CE conntectivity 2nd for IS-IS How PE-CE VRFsconnectivity can be extended 2nd into a customer site to provide separation inside the of OSPF customer PE-CE connectivity network 2nd 3rd 4th process-id The latest sham-links MPLS VPN security features and designs aimed at protecting the MPLS VPN backbone resistance to label spoofing 2nd static labels 2nd How revealing to carry customer multicast traffic inside a VPN core network addresses The latest inter-carrier enhancements to allow for easier and more scalable deployment of inter-carrier MPLS VPN services configuring MPLS VPN access via DSL 2nd RFC 1483 bridged encapsulation RFC 1483 routed encapsulation Advanced troubleshooting techniques including router outputs to ensure high availability configuring MPLS VPN access via DSL RFC 3107 support 2nd 3rd MPLS and VPN Architectures, Volume II , builds on the best-selling MPLS and VPN route filtering on CSC CE routers to PE router links Architectures, Volume I (1-58705-002-1), from Cisco Press Extending into more advanced RIPv2 topics and deployment architectures, Volume II provides readers with the necessary tools authentication on CE routers they need to deploy and maintain a secure, highly available VPN controlling routes injected into VRF 2nd key chains MPLS and VPN Architectures, Volume II , begins with a brief refresher of the MPLS VPN route export Architecture Part II describes advanced MPLS VPN connectivity including the integration of troubleshooting service provider2nd access technologies (dial, DSL, cable, Ethernet) and a variety of routing route import (IS-IS, EIGRP, and OSPF), arming the reader with the knowledge of how to protocols troubleshooting integrate these2nd features into the VPN backbone Part III details advanced deployment issues route leakingsecurity, outlining the necessary steps the service provider must take to protect the including route redistribution backbone and any attached VPN sites, and also detailing the latest security features to allow 6PE advanced 2nd 3rd more topologies and filtering This part also covers multi-carrier MPLS VPN router reflectors Finally, Part IV provides a methodology for advanced MPLS VPN deployments configuring in 6PE deployment 2nd 3rd troubleshooting router-id (OSPF) modifying MPLS and VPN Architectures, Volume II , also introduces the latest advances in customer routers integration, security, and troubleshooting features essential to providing the advanced 6PE routing IPv6 2nd routing loops between IS-IS sites preventing 2nd preventing between OSPF sites 2nd RPF 2nd • Table of Contents • Index RPF (Reverse Path Forwarding) RPF check 2nd 3rd MPLS and VPN Architectures, Volume II RPF interface ByJim Guichard, Ivan Pepelnjak, Jeff Apcar Publisher: Cisco Press Pub Date: June 06, 2003 ISBN: 1-58705-112-5 Pages: 504 WithMPLS and VPN Architectures, Volume II , you'll learn: How to integrate various remote access technologies into the backbone providing VPN service to many different types of customers The new PE-CE routing options as well as other advanced features, including per-VPN Network Address Translation (PE-NAT) How VRFs can be extended into a customer site to provide separation inside the customer network The latest MPLS VPN security features and designs aimed at protecting the MPLS VPN backbone How to carry customer multicast traffic inside a VPN The latest inter-carrier enhancements to allow for easier and more scalable deployment of inter-carrier MPLS VPN services Advanced troubleshooting techniques including router outputs to ensure high availability MPLS and VPN Architectures, Volume II , builds on the best-selling MPLS and VPN Architectures, Volume I (1-58705-002-1), from Cisco Press Extending into more advanced topics and deployment architectures, Volume II provides readers with the necessary tools they need to deploy and maintain a secure, highly available VPN MPLS and VPN Architectures, Volume II , begins with a brief refresher of the MPLS VPN Architecture Part II describes advanced MPLS VPN connectivity including the integration of service provider access technologies (dial, DSL, cable, Ethernet) and a variety of routing protocols (IS-IS, EIGRP, and OSPF), arming the reader with the knowledge of how to integrate these features into the VPN backbone Part III details advanced deployment issues including security, outlining the necessary steps the service provider must take to protect the backbone and any attached VPN sites, and also detailing the latest security features to allow more advanced topologies and filtering This part also covers multi-carrier MPLS VPN deployments Finally, Part IV provides a methodology for advanced MPLS VPN troubleshooting MPLS and VPN Architectures, Volume II , also introduces the latest advances in customer integration, security, and troubleshooting features essential to providing the advanced [SYMBOL] [A] [B] [C ] [D] [E] [F] [G] [H] [I ] [K ] [L] [M] [N] [O ] [P ] [R ] [S] [T] [U] [V] [W] secret keys Securing a Cisco Router whitepaper security address space separation 2nd 3rd authentication • • CE-to-CE 2nd 3rd Table of4th Contents comparing Layer 2-based VPNs and MPLS VPNs 2nd Index core network visibility 2nd MPLS and VPN Architectures, Volume II neighbor authentication 2nd ByJim Guichard, Ivan Pepelnjak, Jeff Apcar between PE routers 2nd on P-networks 2nd Publisher: Press on PE/CECisco circuits 2nd 3rd 4th Pub Date:to June 06, 2003 2nd resistance label spoofing static ISBN: labels 1-58705-112-5 2nd separation of EIGRP Pages: 504 VPN routing information 2nd 3rd service providers connectivity between 2nd backt-to-back VRFs 2nd 3rd external Multiprotocol BGP 2nd 3rd 4th 5th 6th 7th 8th 9th Multihop MP-eBGP 2nd 3rd 4th 5th 6th 7th 8th 9th 10th 11th WithMPLS and VPN Architectures, Volume II , you'll learn: requirements 2nd route distribution across ASBR-ASBR links 2nd 3rd 4th 5th 6th remote access services How to integrate sham links service various remote access technologies into the backbone providing VPN to many different types of customers sham-links configuring 2ndPE-CE 3rd 4th routing The new options as well as other advanced features, including per-VPN (PE-NAT) shared Network Internet access with default routes Address Translation shared trees distribution How VRFs trees can be extended into a customer site to provide separation inside the shared customer trees 2nd network show ip route vrf command 2nd 3rd Theinterface latest command MPLS VPN show mpls security features and designs aimed at protecting the MPLS VPN backbone show vpdn session command site surveys Howsite tosurveys carry physical customer multicast traffic inside a VPN performing 2nd 3rd 4th 5th 6th 7th 8th 9th 10th 11th 12th 13th 14th 15th 16th 17th 18th 19th 20th 21st 22nd The latest inter-carrier enhancements to allow for easier and more scalable deployment of inter-carrier MPLS VPN services 46th 47th 48th 49th 50th 51st 52nd 53rd 54th 55th 56th 57th 58th 59th 60th 61st 62nd 63rd 64th 65th 66th 67th 68th 23rd 24th 25th 26th 27th 28th 29th 30th 31st 32nd 33rd 34th 35th 36th 37th 38th 39th 40th 41st 42nd 43rd 44th 45th 69th 70th 71st 72nd 73rd 74th 75th 76th 77th 78th 79th 80th 81st 82nd 83rd 84th 85th 86th 87th 88th 89th 90th 91st Advanced troubleshooting techniques including router outputs to ensure high availability 92nd 93rd 94th 95th 96th 97th 98th 99th 100th 101st 102nd 103rd 104th 105th 106th 107th 108th 109th 110th 111th 112th 113th 114th 115th 116th 117th 118th 119th 120th 121st 122nd 123rd 124th 125th 126th 127th 128th 129th MPLS and VPN Architectures, Volume II , builds on the best-selling MPLS and VPN 130th 131st 132nd 133rd 134th 135th 136th 137th 138th 139th 140th 141st 142nd 143rd 144th 145th 146th Architectures, Volume I (1-58705-002-1), from Cisco Press Extending into more advanced sites topics and deployment architectures, Volume II provides readers with the necessary tools source IP address they need to deploy and maintain a secure, highly available VPN as VRF selection criteria 2nd 3rd 4th source MPLS trees and VPN Architectures, Volume II , begins with a brief refresher of the MPLS VPN distribution trees Architecture Part II describes advanced MPLS VPN connectivity including the integration of source trees 2ndaccess technologies (dial, DSL, cable, Ethernet) and a variety of routing service provider SSM 2nd 3rd (IS-IS, 4th protocols EIGRP, and OSPF), arming the reader with the knowledge of how to state flags 2nd integrate these features into the VPN backbone Part III details advanced deployment issues static defaultsecurity, routes including outlining the necessary steps the service provider must take to protect the on CSC CEand routers 2nd backbone any attached VPN sites, and also detailing the latest security features to allow static 2nd morelabels advanced topologies and filtering This part also covers multi-carrier MPLS VPN static NAT deployments Finally, Part IV provides a methodology for advanced MPLS VPN static routing troubleshooting between CSC PE/CE routers 2nd 3rd structure of IPv6 addresses MPLS and VPN Architectures, Volume II , also introduces the latest advances in customer interface ID security, and troubleshooting features essential to providing the advanced integration, • Table of Contents • Index MPLS and VPN Architectures, Volume II ByJim Guichard, Ivan Pepelnjak, Jeff Apcar Publisher: Cisco Press Pub Date: June 06, 2003 ISBN: 1-58705-112-5 Pages: 504 WithMPLS and VPN Architectures, Volume II , you'll learn: How to integrate various remote access technologies into the backbone providing VPN service to many different types of customers The new PE-CE routing options as well as other advanced features, including per-VPN Network Address Translation (PE-NAT) How VRFs can be extended into a customer site to provide separation inside the customer network The latest MPLS VPN security features and designs aimed at protecting the MPLS VPN backbone How to carry customer multicast traffic inside a VPN The latest inter-carrier enhancements to allow for easier and more scalable deployment of inter-carrier MPLS VPN services Advanced troubleshooting techniques including router outputs to ensure high availability MPLS and VPN Architectures, Volume II , builds on the best-selling MPLS and VPN Architectures, Volume I (1-58705-002-1), from Cisco Press Extending into more advanced topics and deployment architectures, Volume II provides readers with the necessary tools they need to deploy and maintain a secure, highly available VPN MPLS and VPN Architectures, Volume II , begins with a brief refresher of the MPLS VPN Architecture Part II describes advanced MPLS VPN connectivity including the integration of service provider access technologies (dial, DSL, cable, Ethernet) and a variety of routing protocols (IS-IS, EIGRP, and OSPF), arming the reader with the knowledge of how to integrate these features into the VPN backbone Part III details advanced deployment issues including security, outlining the necessary steps the service provider must take to protect the backbone and any attached VPN sites, and also detailing the latest security features to allow more advanced topologies and filtering This part also covers multi-carrier MPLS VPN deployments Finally, Part IV provides a methodology for advanced MPLS VPN troubleshooting MPLS and VPN Architectures, Volume II , also introduces the latest advances in customer integration, security, and troubleshooting features essential to providing the advanced [SYMBOL] [A] [B] [C ] [D] [E] [F] [G] [H] [I ] [K ] [L] [M] [N] [O ] [P ] [R ] [S] [T] [U] [V] [W] TDP/LDP Hello protocol verifying 2nd TDP/LDP session state verifying 2nd three-way handshake • CHAP Table of Contents traceroute command • Index revealing hidden core networkVolume addresses MPLS and VPN Architectures, II translation tables ByJim Guichard, Ivan Pepelnjak, Jeff Apcar transport address usage 2nd 3rd troubleshooting Publisher: Cisco Press control plane Pub Date: June 2003 2nd verifying label 06, exchange verifying ISBN: 1-58705-112-5 local TDP/LDP parameters 2nd verifying TDP/LDP Hello protocol 2nd Pages: 504 verifying TDP/LDP session state 2nd data plane plane monitoring interface-level CEF 2nd oversized packets 2nd egress CE-PE routing exchange 2nd 3rd WithMPLS and VPN Architectures, Volume II , you'll learn: MPLS VPN route propagation 2nd MPLS VPN route redistribution 2nd 3rd route export How to 2nd integrate route import 2nd service to many various remote access technologies into the backbone providing VPN different types of customers troubleshooting MPLS backbone verifying end-to-end LSProuting 2nd The new PE-CE options as well as other advanced features, including per-VPN (PE-NAT) troubleshooting MPLS-based Network Addresssolutions Translation customer control plane operation dataHow planeVRFs operation can2nd be extended into a customer site to provide separation inside the provider customer control plane network operation tunneling GREThe latest MPLS VPN security features and designs aimed at protecting the MPLS VPN backbone creating links between adjacent routers 2nd 3rd 4th 5th 6th 7th 8th 9th 10th 11th 12th L2TP How VPDN to carry customer inside VPN13th 14th 15th 16th 17th 18th 19th 20th 21st dial-in access 2nd 3rd 4thmulticast 5th 6th 7th traffic 8th 9th 10th 11tha 12th MDT The latest inter-carrier enhancements to allow for easier and more scalable deployment of inter-carrier MPLS VPN services MDTs mBGP updates 2nd 3rd Data-MDT 2nd 3rd 4th Advanced troubleshooting techniques including router outputs to ensure high availability Default-MDTs 2nd 2nd MPLSMTI and VPN Architectures, Volume II , builds on the best-selling MPLS and VPN multicast tunnel interfaces 2nd 3rd Architectures, Volume I (1-58705-002-1), from Cisco Press Extending into more advanced VPDNs 2nd 3rd 4th topics and deployment architectures, Volume II provides readers with the necessary tools they need to deploy and maintain a secure, highly available VPN MPLS and VPN Architectures, Volume II , begins with a brief refresher of the MPLS VPN Architecture Part II describes advanced MPLS VPN connectivity including the integration of service provider access technologies (dial, DSL, cable, Ethernet) and a variety of routing protocols (IS-IS, EIGRP, and OSPF), arming the reader with the knowledge of how to integrate these features into the VPN backbone Part III details advanced deployment issues including security, outlining the necessary steps the service provider must take to protect the backbone and any attached VPN sites, and also detailing the latest security features to allow more advanced topologies and filtering This part also covers multi-carrier MPLS VPN deployments Finally, Part IV provides a methodology for advanced MPLS VPN troubleshooting MPLS and VPN Architectures, Volume II , also introduces the latest advances in customer integration, security, and troubleshooting features essential to providing the advanced [SYMBOL] [A] [B] [C ] [D] [E] [F] [G] [H] [I ] [K ] [L] [M] [N] [O ] [P ] [R ] [S] [T] [U] [V] [W] unicast forwarding UPDATE authenticator attribute (BGP) • Table of Contents • Index MPLS and VPN Architectures, Volume II ByJim Guichard, Ivan Pepelnjak, Jeff Apcar Publisher: Cisco Press Pub Date: June 06, 2003 ISBN: 1-58705-112-5 Pages: 504 WithMPLS and VPN Architectures, Volume II , you'll learn: How to integrate various remote access technologies into the backbone providing VPN service to many different types of customers The new PE-CE routing options as well as other advanced features, including per-VPN Network Address Translation (PE-NAT) How VRFs can be extended into a customer site to provide separation inside the customer network The latest MPLS VPN security features and designs aimed at protecting the MPLS VPN backbone How to carry customer multicast traffic inside a VPN The latest inter-carrier enhancements to allow for easier and more scalable deployment of inter-carrier MPLS VPN services Advanced troubleshooting techniques including router outputs to ensure high availability MPLS and VPN Architectures, Volume II , builds on the best-selling MPLS and VPN Architectures, Volume I (1-58705-002-1), from Cisco Press Extending into more advanced topics and deployment architectures, Volume II provides readers with the necessary tools they need to deploy and maintain a secure, highly available VPN MPLS and VPN Architectures, Volume II , begins with a brief refresher of the MPLS VPN Architecture Part II describes advanced MPLS VPN connectivity including the integration of service provider access technologies (dial, DSL, cable, Ethernet) and a variety of routing protocols (IS-IS, EIGRP, and OSPF), arming the reader with the knowledge of how to integrate these features into the VPN backbone Part III details advanced deployment issues including security, outlining the necessary steps the service provider must take to protect the backbone and any attached VPN sites, and also detailing the latest security features to allow more advanced topologies and filtering This part also covers multi-carrier MPLS VPN deployments Finally, Part IV provides a methodology for advanced MPLS VPN troubleshooting MPLS and VPN Architectures, Volume II , also introduces the latest advances in customer integration, security, and troubleshooting features essential to providing the advanced [SYMBOL] [A] [B] [C ] [D] [E] [F] [G] [H] [I ] [K ] [L] [M] [N] [O ] [P ] [R ] [S] [T] [U] [V] [W] VCs (virtual circuits) verifing connectivity between CE routers 2nd verifying CEF operation • • CEF switching 2nd of Contents Table dial-in accessIndex on VPDNs 2nd 3rd 4th end-to-end LSP 2nd MPLS and VPN Architectures, Volume II label exchange 2nd ByJim Guichard, Ivan Pepelnjak, Jeff Apcar local TDP/LDP parameters 2nd LSR-wide MPLS operation 2nd Publisher: Ciscopropagation Press MPLS VPN route 2nd Pub Date: June 06, 2003 TDP/LDP Hello protocol 2nd TDP/LDP ISBN: session 1-58705-112-5 state 2nd VPDNs 2nd 3rd 504 4th Pages: dial-in access 2nd aggregating remote user host addresses 2nd configuring access between RADIUS servers 2nd 3rd 4th NAS/LAC configuration RADIUS server attributes 2nd 3rd 4th 5th WithMPLS and VPN Architectures, Volume II , you'll learn: verifying dial-in 2nd 3rd 4th VHG/PE router configuration 2nd 3rd VPDNs How (virtualtoprivate dialup network) integrate various VRF remote access technologies into the backbone providing VPN service to many different types of customers monitoring OSPF processes 2nd 3rd PE-NAT The new PE-CE routing options as well as other advanced features, including per-VPN (PE-NAT) accessing common services 2nd 3rd Network Address Translation common server VRF configuration configuring How VRFs 2nd can 3rd be 4th extended into a customer site to provide separation inside the customer customer VRFnetwork configuration 2nd 3rd 4th NAT pool configuration 2nd The latest MPLS VPN shared firerwalls 2nd 3rd 4thsecurity 5th features and designs aimed at protecting the MPLS VPN backbone selection based on source IP address 2nd 3rd 4th virtual routers How to to MPLS carry customer multicast traffic a 11th VPN12th 13th linking backbone 2nd 3rd 4th 5th 6th 7th 8thinside 9th 10th VRF (virtual routing and forwarding) The latest inter-carrier enhancements to allow for easier and more scalable deployment of inter-carrier MPLS VPN services BGP configuration 2nd 3rd 4th 5th multi-VRF functionality configuring 2nd 3rd 4th 5th 6th 7th 8th Advanced troubleshooting techniques including router outputs to ensure high availability OSPF configuration 2nd 3rd 4th VRF-aware support for DHCP Relay 2nd 3rd 4th 5th 6th MPLS and VPN Architectures, Volume II , builds on the best-selling MPLS and VPN VRFs Architectures, Volume I (1-58705-002-1), from Cisco Press Extending into more advanced address space separation topics and deployment architectures, Volume II provides readers with the necessary tools back-to-back 2nd 3rd they need to deploy and maintain a secure, highly available VPN controlling injected routes 2nd eBGP as Architectures, PE/CE routing protocol 2nd 3rd MPLSwith and VPN Volume II , begins with a brief refresher of the MPLS VPN with OSPF as PE/CE protocol 2nd Architecture Part II routing describes advanced MPLS VPN connectivity including the integration of withprovider RIPv2 as PE/CE routing protocol 2nd 3rd 4th 5th service access technologies (dial, DSL, cable, Ethernet) and a variety of routing enabling multicast protocols (IS-IS, 2nd EIGRP, and OSPF), arming the reader with the knowledge of how to VSAs (vendor-specific attributes)into 2nd the VPN backbone Part III details advanced deployment issues integrate these features including security, outlining the necessary steps the service provider must take to protect the backbone and any attached VPN sites, and also detailing the latest security features to allow more advanced topologies and filtering This part also covers multi-carrier MPLS VPN deployments Finally, Part IV provides a methodology for advanced MPLS VPN troubleshooting MPLS and VPN Architectures, Volume II , also introduces the latest advances in customer integration, security, and troubleshooting features essential to providing the advanced [SYMBOL] [A] [B] [C ] [D] [E] [F] [G] [H] [I ] [K ] [L] [M] [N] [O ] [P ] [R ] [S] [T] [U] [V] [W] whitepapers Securing a Cisco Router • Table of Contents • Index MPLS and VPN Architectures, Volume II ByJim Guichard, Ivan Pepelnjak, Jeff Apcar Publisher: Cisco Press Pub Date: June 06, 2003 ISBN: 1-58705-112-5 Pages: 504 WithMPLS and VPN Architectures, Volume II , you'll learn: How to integrate various remote access technologies into the backbone providing VPN service to many different types of customers The new PE-CE routing options as well as other advanced features, including per-VPN Network Address Translation (PE-NAT) How VRFs can be extended into a customer site to provide separation inside the customer network The latest MPLS VPN security features and designs aimed at protecting the MPLS VPN backbone How to carry customer multicast traffic inside a VPN The latest inter-carrier enhancements to allow for easier and more scalable deployment of inter-carrier MPLS VPN services Advanced troubleshooting techniques including router outputs to ensure high availability MPLS and VPN Architectures, Volume II , builds on the best-selling MPLS and VPN Architectures, Volume I (1-58705-002-1), from Cisco Press Extending into more advanced topics and deployment architectures, Volume II provides readers with the necessary tools they need to deploy and maintain a secure, highly available VPN MPLS and VPN Architectures, Volume II , begins with a brief refresher of the MPLS VPN Architecture Part II describes advanced MPLS VPN connectivity including the integration of service provider access technologies (dial, DSL, cable, Ethernet) and a variety of routing protocols (IS-IS, EIGRP, and OSPF), arming the reader with the knowledge of how to integrate these features into the VPN backbone Part III details advanced deployment issues including security, outlining the necessary steps the service provider must take to protect the backbone and any attached VPN sites, and also detailing the latest security features to allow more advanced topologies and filtering This part also covers multi-carrier MPLS VPN deployments Finally, Part IV provides a methodology for advanced MPLS VPN troubleshooting MPLS and VPN Architectures, Volume II , also introduces the latest advances in customer integration, security, and troubleshooting features essential to providing the advanced ... guidelines in the MPLS and VPN Architectures (Volume I) book MPLS and VPN Architectures, Volume II , builds on the best-selling MPLS and VPN Architectures, Volume I (1-58705-002-1), from Cisco Press Extending... an MPLS VPN MPLS and VPN Architectures, Volume II , builds on the best-selling MPLS and VPN Feature Enhancements for MPLS VPN Remote Access Architectures, Volume I (1-58705-002-1), from Cisco Press. .. availability MPLS and VPN Architectures, Volume II , builds on the best-selling MPLS and VPN Architectures, Volume I (1-58705-002-1), from Cisco Press Extending into more advanced topics and deployment architectures,

Ngày đăng: 27/10/2019, 21:28