Authorized Self-Study Guide Designing Cisco Network Service Architectures (ARCH) Second Edition Keith Hutton Mark Schofield Diane Teare Cisco Press 800 East 96th Street Indianapolis, IN 46240 ii Designing Cisco Network Service Architectures (ARCH) Authorized Self-Study Guide Designing Cisco Network Service Architectures (ARCH), Second Edition Keith Hutton Mark Schofield Diane Teare Copyright © 2009 Cisco Systems, Inc. Published by: Cisco Press 800 East 96th Street Indianapolis, IN 46240 USA All rights reserved. No part of this book may be reproduced or transmitted in any form or by any means, electronic or mechanical, including photocopying, recording, or by any information storage and retrieval sys- tem, without written permission from the publisher, except for the inclusion of brief quotations in a review. Printed in the United States of America First Printing December 2009 Library of Congress Cataloging-in-Publication Data: Hutton, Keith. Authorized self-study guide : designing Cisco network service architectures (ARCH) / Keith Hutton, Mark Schofield, Diane Teare. -- 2nd ed. p. cm. ISBN 978-1-58705-574-4 (hardcover) 1. Computer network architectures--Examinations--Study guides. 2. Computer networks--Design-- Examinations--Study guides. 3. Internetworking (Telecommunication)--Examinations--Study guides. I. Schofield,, Mark. II. Teare, Diane. III. Title. IV. Title: Designing Cisco network service architectures (ARCH). TK5105.52.H98 2008 004.6'5--dc22 2008049128 ISBN-13: 978-1-58705-574-4 ISBN-10: 1-58705-574-0 Warning and Disclaimer This book is designed to provide information about designing Cisco network service architectures. Every effort has been made to make this book as complete and as accurate as possible, but no warranty or fit- ness is implied. The information is provided on an “as is” basis. The authors, Cisco Press, and Cisco Systems, Inc. shall have neither liability nor responsibility to any person or entity with respect to any loss or damages arising from the information contained in this book or from the use of the discs or programs that may accompany it. The opinions expressed in this book belong to the author and are not necessarily those of Cisco Systems, Inc. iii Trademark Acknowledgments All terms mentioned in this book that are known to be trademarks or service marks have been appropriate- ly capitalized. Cisco Press or Cisco Systems, Inc., cannot attest to the accuracy of this information. Use of a term in this book should not be regarded as affecting the validity of any trademark or service mark. Corporate and Government Sales The publisher offers excellent discounts on this book when ordered in quantity for bulk purchases or spe- cial sales, which may include electronic versions and/or custom covers and content particular to your busi- ness, training goals, marketing focus, and branding interests. For more information, please contact: U.S. Corporate and Government Sales 1-800-382-3419 [email protected] For sales outside the United States please contact: International Sales [email protected] Feedback Information At Cisco Press, our goal is to create in-depth technical books of the highest quality and value. Each book is crafted with care and precision, undergoing rigorous development that involves the unique expertise of members from the professional technical community. Readers’ feedback is a natural continuation of this process. If you have any comments regarding how we could improve the quality of this book, or otherwise alter it to better suit your needs, you can contact us through email at [email protected]. Please make sure to include the book title and ISBN in your message. We greatly appreciate your assistance. Publisher:Paul Boger Cisco Press Program Manager:Jeff Brady Associate Publisher:Dave Dusthimer Technical Editors:Nathaly Landry, Richard Piquard Executive Editor:Brett Bartow Development Editor:Ginny Bess Munroe Managing Editor:Patrick Kanouse Copy Editor:Keith Cline Project Editor:Seth Kerney Proofreader:Paula Lowell Editorial Assistant:Vanessa Evans Indexer:Tim Wright Book Designer:Louisa Adair Composition:Mark Shirar iv Designing Cisco Network Service Architectures (ARCH) About the Authors Keith Huttonis an information technology professional with close to 20 years of experi- ence in the industry. Over the course of his career, Keith has worked as a professional services engineer, presales engineer, third-line operational support engineer, engineering team lead, instructor, and author. Keith currently works as a professional services engineer for Bell Canada, responsible for the design and configuration of network security infra- structures. Keith has a B.A. honors degree from Queen’s University, and is a certified Cisco instructor, Cisco Certified Network Professional (CCNP), Cisco Certified Design Professional (CCDP), and Cisco Certified Internetworking Professional (CCIP). Mark Schofieldhas been a network architect at Bell Canada for the past six years. Working for the largest service provider in Canada, he has designed Multiprotocol Layer Switching (MPLS) virtual private networks (VPNs) with IP quality of service (QoS) for large enterprise customers. During the past five years at Bell, he has been involved in the design, implementation, and planning of large national networks for Bell Canada’s federal government customers. As part of a cross-company team, he developed Bell Canada’s pre- mier MPLS VPN product. Mark has a MLIS from the University of Western Ontario and a B.A. and M.A. degrees from the University of Guelph. Industry certifications include the Cisco Certified Systems Instructor (CCIP), Cisco Certified Network Professional (CCNP), Citrix Certified Enterprise Administrator (CCEA), and Microsoft Certified Systems Engineer (MCSE). Diane Teareis a professional in the networking, training, project management, and e- learning fields. She has more than 20 years of experience in designing, implementing, and troubleshooting network hardware and software, and has been involved in teaching, course design, and project management. She has extensive knowledge of network design and routing technologies, and is an instructor with one of the largest authorized Cisco Learning Partners. She was recently the director of e-learning for the same company, where she was responsible for planning and supporting all the company’s e-learning offer- ings in Canada, including Cisco courses. Diane has a bachelor’s degree in applied science in electrical engineering and a master’s degree in applied science in management science. She is a certified Cisco instructor and currently holds her Cisco Certified Network Professional (CCNP), Cisco Certified Design Professional (CCDP), and Project Management Professional (PMP) certifications. She coauthored the Cisco Press titles Campus Network Design Fundamentals,the three editions of Authorized Self-Study Guide Building Scalable Cisco Internetworks (BSCI),andBuilding Scalable Cisco Networks; and edited the two editions of the Authorized Self-Study Guide Designing for Cisco Internetwork Solutions (DESGN)and Designing Cisco Networks. v About the Technical Reviewers Nathaly Landryattended the Royal Military College in Kingston, Ontario, Canada, where she graduated in 1989 with a bachelor’s degree in electrical engineering. She then worked for two years in the satellite communication section before going to Ottawa University for a master’s degree in electrical engineering. Upon graduation, she went back to the Department of National Defense and worked as a project manager for the imple- mentation of the Defense Wide-Area Network, and then became the in-service support manager for the network. From 1996 to 2000, she worked as a networking consultant and instructor for Learning Tree. In May 2000, she joined Cisco, where she supported a num- ber of federal accounts, and more recently has focused on Bell Canada as a channel sys- tems engineer. Richard Piquardis a senior network architect for Global Knowledge Network, Inc., one of the world’s largest Cisco Learning Partners. Richard has more than eight years’ experi- ence as a certified Cisco instructor, teaching introductory and advanced routing, switch- ing, design, and voice-related courses throughout North America and Europe. Richard has amassed a highly diverse skill set in design and implementation, of both Cisco and multivendor environments, throughout his nearly 15 years in the internetworking indus- try. His experience ranges from his military background as the network chief of the Marine Corps Systems Command, Quantico, Virginia, to a field engineer for the Xylan Corporation (Alcatel), Calabasas, California, to a member of a four-person, worldwide network planning and implementation team for the Household Finance Corporation in Chicago, Illinois. In addition, he has served as a technical reviewer for the Cisco Press title Authorized Self-Study Guide Designing for Cisco Internetwork Solutions (DESGN), Second Edition. vi Designing Cisco Network Service Architectures (ARCH) Dedications From Keith: This book is dedicated to my parents, for teaching me how to dream. From Mark: This book is dedicated to Roslyn. Thank you for all your love and support in this and all my endeavors. From Diane: This book is dedicated to my remarkable husband, Allan Mertin, who continues to inspire me; to our charming son, Nicholas, and his amazing desire to learn everything about the world; to my parents, Syd and Beryl, for their continuous love and support; and to my friends, whose wisdom keeps me going. vii Acknowledgments We would like to thank many people for helping us put this book together: The Cisco Press team: Brett Bartow, the executive editor, for coordinating the whole team and driving this book through the process, and for his unwavering support over the years. Vanessa Evans, for being instrumental in organizing the logistics and administra- tion. Ginny Bess Munroe, the development editor, has been invaluable in producing a high- quality manuscript. We would also like to thank Seth Kerney, the project editor, and Keith Cline, the copy editor, for their excellent work in steering this book through the editorial process. The Cisco ARCH course development team: Many thanks to the members of the team who developed the latest version of the ARCH course. The team included Glenn Tapley, Dennis Masters, and Dwayne Fields from Cisco Systems; along with Dr. Peter Welcher and Carole Warner-Reece of Chesapeake Netcraftsmen. The technical reviewers: We want to thank the technical reviewers of this book— Nathaly Landry and Richard Piquard—for their thorough, detailed review and valuable input. Our families: Of course, this book would not have been possible without the constant understanding and patience of our families. They have always been there to motivate and inspire us. We thank you all. viii Designing Cisco Network Service Architectures (ARCH) Contents at a Glance Foreword xxv Introduction xxvi Chapter 1 Cisco SONA and the Cisco Enterprise Architecture 3 Chapter 2 Enterprise Campus Network Design 23 Chapter 3 Developing an Optimum Design for Layer 3 87 Chapter 4 Advanced WAN Services Design Considerations 139 Chapter 5 Enterprise Data Center Design 177 Chapter 6 SAN Design Considerations 245 Chapter 7 E-Commerce Module Design 277 Chapter 8 Security Services Design 333 Chapter 9 IPsec and SSL VPN Design 383 Chapter 10 IP Multicast Design 425 Chapter 11 VoWLAN Design 479 Chapter 12 Network Management Capabilities Within Cisco IOS Software 527 Appendix A Answers to Review Questions 576 Acronyms and Abbreviations 590 Index 604 ix Contents Foreword xxv Introduction xxvi Chapter 1 Cisco SONA and the Cisco Enterprise Architecture 3 Reviewing Cisco SONA and the Cisco Enterprise Architecture 3 The Hierarchical Model 3 Example Hierarchical Network 4 Review of Cisco SONA 5 Benefits of Cisco SONA 6 Review of the Cisco Enterprise Architecture 7 Review of Cisco SONA Infrastructure Services 9 Review of the Cisco SONA Application Layer 10 Reviewing the Cisco PPDIOO Approach 10 PPDIOO Network Lifecycle Approach 11 Benefits of the Lifecycle Approach 12 Using the Design Methodology Under PPDIOO 13 Identifying Customer Requirements 14 Characterizing the Existing Network and Sites 15 Designing the Topology and Network Solutions 15 Example: Dividing the Network into Areas 16 Summary 17 References 17 Review Questions 19 Chapter 2 Enterprise Campus Network Design 23 Designing High Availability in the Enterprise Campus 23 Enterprise Campus Infrastructure Review 23 Access Layer 23 Distribution Layer 25 Core Layer 26 High-Availability Considerations 28 Implement Optimal Redundancy 28 Provide Alternate Paths 30 Avoid Single Points of Failure 30 Cisco NSF with SSO 32 Cisco IOS Software Modularity Architecture 33 Designing an Optimum Design for Layer 2 36 Recommended Practices for Spanning-Tree Configuration 36 STP Standards and Features 37 Cisco STP Toolkit 37 STP Standards and Features 37 Recommended Practices for Trunk Configuration 39 VLAN Trunking Protocol 40 Dynamic Trunking Protocol 41