Table Of ContentCisco ISP Essentials
Barry Raveendran Greene
Philip Smith
Publisher: Cisco Press
First Edition April 19, 2002
ISBN: 1-58705-041-2, 448 pages
Cisco IOS(r) Software documentation is extensive
and detailed and is often too hard for many Internet
Front Matter service providers (ISPs) who simply want to switch
Table of Contents on and get going. Cisco ISP Essentials highlights
About the Author many of the key Cisco IOS features in everyday use
in the major ISP backbones of the world to help new
network engineers gain understanding of the power
of Cisco IOS Software and the richness of features
available specifically for them. Cisco ISP Essentials
also provides a detailed technical reference for the
expert ISP engineer, with descriptions of the various
knobs and special features that have been
specifically designed for ISPs. The configuration
examples and diagrams describe many scenarios,
ranging from good operational practices to network
security. Finally a whole appendix is dedicated to
using the best principles to cover the configuration
detail of each router in a small ISP Point of Presence.
This book is part of the Cisco Press Networking
Technologies Series, which offers networking
professionals valuable information for constructing
efficient networks, understanding new technologies,
and building successful careers.
1
Cisco® ISP Essentials
Published by:
Cisco Press
201 West 103rd Street
Indianapolis, IN 46290 USA
All rights reserved. No part of this book may be reproduced or
transmitted in any form or by any means, electronic or mechanical,
including photocopying, recording, or by any information storage and
retrieval system, without written permission from the publisher, except
for the inclusion of brief quotations in a review.
Printed in the United States of America 1 2 3 4 5 6 7 8 9 0
First Printing April 2002
Library of Congress Cataloging-in-Publication Number:
2001090435
Warning and Disclaimer
This book is designed to provide information about best common
practices for Internet service providers (ISPs). Every effort has been
made to make this book as complete and as accurate as possible, but
no warranty or fitness is implied.
The information is provided on an “as is” basis. The authors, Cisco
Press, and Cisco Systems, Inc., shall have neither liability nor
responsibility to any person or entity with respect to any loss or
damages arising from the information contained in this book or from
the use of the discs or programs that may accompany it.
The opinions expressed in this book belong to the author and are not
necessarily those of Cisco Systems, Inc.
Feedback Information
At Cisco Press, our goal is to create in-depth technical books of the
highest quality and value. Each book is crafted with care and precision,
2
undergoing rigorous development that involves the unique expertise of
members from the professional technical community.
Readers’ feedback is a natural continuation of this process. If you have
any comments regarding how we could improve the quality of this
book, or otherwise alter it to better suit your needs, you can contact
us through e-mail at feedback@ciscopress.com. Please make sure to
include the book title and ISBN in your message.
We greatly appreciate your assistance.
Trademark Acknowledgments
All terms mentioned in this book that are known to be trademarks or
service marks have been appropriately capitalized. Cisco Press or Cisco
Systems, Inc., cannot attest to the accuracy of this information. Use of
a term in this book should not be regarded as affecting the validity of
any trademark or service mark.
Publisher
John Wait
Editor-In-Chief
John Kane
Cisco Systems Program Management
Michael Hakkert
Tom Geitner
William Warren
Acquisitions Editor
Amy Lewis
Production Manager
Patrick Kanouse
Development Manager
3
Howard Jones
Project Editor
San Dee Phillips
Copy Editor
Krista Hansing
Technical Editors
Brian Morgan and Bill Wagner
Team Coordinator
Tammi Ross
Book Designer
Gina Rexrode
Cover Designer
Louisa Klucznik
Production Team
Octal Publishing, Inc.
Indexer
Tim Wright
Corporate Headquarters
Cisco Systems, Inc.
170 West Tasman Drive
San Jose, CA 95134-1706
USA
http://www.cisco.com
4
Tel: 408 526-4000
800 553-NETS (6387)
Fax: 408 526-4100
European Headquarters
Cisco Systems Europe
11 Rue Camille Desmoulins
92782 Issy-les-Moulineaux
Cedex 9
France
http://www-europe.cisco.com
Tel: 33 1 58 04 60 00
Fax: 33 1 58 04 61 00
Americas Headquarters
Cisco Systems, Inc.
170 West Tasman Drive
San Jose, CA 95134-1706
USA
http://www.cisco.com
Tel: 408 526-7660
Fax: 408 527-0883
Asia Pacific Headquarters
Cisco Systems Australia,
Pty., Ltd
5
Level 17, 99 Walker Street
North Sydney
NSW 2059 Australia
http://www.cisco.com
Tel: +61 2 8448 7100
Fax: +61 2 9957 4350
Cisco Systems has more than 200 offices in the following
countries. Addresses, phone numbers, and fax numbers are
listed on the Cisco Web site at www.cisco.com/go/offices
Argentina • Australia • Austria • Belgium • Brazil • Bulgaria • Canada •
Chile • China • Colombia • Costa Rica • Croatia • Czech Republic •
Denmark • Dubai, UAE • Finland • France • Germany • Greece • Hong
Kong Hungary • India • Indonesia • Ireland • Israel • Italy • Japan •
Korea • Luxembourg • Malaysia • Mexico The Netherlands • New
Zealand • Norway • Peru • Philippines • Poland • Portugal • Puerto
Rico • Romania Russia • Saudi Arabia • Scotland • Singapore •
Slovakia • Slovenia • South Africa • Spain • Sweden Switzerland •
Taiwan • Thailand • Turkey • Ukraine • United Kingdom • United
States • Venezuela • Vietnam Zimbabwe
Copyright © 2000, Cisco Systems, Inc. All rights reserved. Access
Registrar, AccessPath, Are You Ready, ATM Director, Browse with Me,
CCDA, CCDE, CCDP, CCIE, CCNA, CCNP, CCSI, CD-PAC, CiscoLink, the
Cisco NetWorks logo, the Cisco Powered Network logo, Cisco Systems
Networking Academy, Fast Step, FireRunner, Follow Me Browsing,
FormShare, GigaStack, IGX, Intelligence in the Optical Core, Internet
Quotient, IP/VC, iQ Breakthrough, iQ Expertise, iQ FastTrack, iQuick
Study, iQ Readiness Scorecard, The iQ Logo, Kernel Proxy, MGX,
Natural Network Viewer, Network Registrar, the Networkers logo,
Packet, PIX, Point and Click Internetworking, Policy Builder, RateMUX,
ReyMaster, ReyView, ScriptShare, Secure Script, Shop with Me,
SlideCast, SMARTnet, SVX, TrafficDirector, TransPath, VlanDirector,
Voice LAN, Wavelength Router, Workgroup Director, and Workgroup
Stack are trademarks of Cisco Systems, Inc.; Changing the Way We
Work, Live, Play, and Learn, Empowering the Internet Generation, are
service marks of Cisco Systems, Inc.; and Aironet, ASIST, BPX,
Catalyst, Cisco, the Cisco Certified Internetwork Expert Logo, Cisco
6
IOS, the Cisco IOS logo, Cisco Press, Cisco Systems, Cisco Systems
Capital, the Cisco Systems logo, Collision Free, Enterprise/Solver,
EtherChannel, EtherSwitch, FastHub, FastLink, FastPAD, IOS, IP/TV,
IPX, LightStream, LightSwitch, MICA, NetRanger, Post-Routing, Pre-
Routing, Registrar, StrataView Plus, Stratm, SwitchProbe, TeleRouter,
are registered trademarks of Cisco Systems, Inc. or its affiliates in the
U.S. and certain other countries.
All other brands, names, or trademarks mentioned in this document or
Web site are the property of their respective owners. The use of the
word partner does not imply a partnership relationship between Cisco
and any other company. (0010R)
Cisco® ISP Essentials
About the Authors
About the Technical Reviewers
Acknowledgments
Introduction
Motivation
Intended Audience
Organization
Further Information
1. Software and Router Management
Which Cisco IOS Software Version Should I Be Using?
IOS Software Management
Configuration Management
Command-Line Interface
Detailed Logging
Network Time Protocol
Simple Network Management Protocol
HTTP Server
Core Dumps
Conclusion
Endnotes
2. General Features
IOS Software and Loopback Interfaces
Interface Configuration
Interface Status Checking
Cisco Express Forwarding
NetFlow
Turn On Nagle
DNS and Routers
Conclusion
7
Endnotes
3. Routing Protocols
CIDR Features
Selective Packet Discard
Hot Standby Routing Protocol
IP Source Routing
Configuring Routing Protocols
IGP Configuration Hints
The BGP Path-Selection Process [1]
BGP Features and Commands
Applying Policy with BGP
BGP Policy Accounting
Multiprotocol BGP [5]
Summary
Endnotes
4. Security
Securing the Router
Unneeded or Risky Interface Services
Cisco Discovery Protocol
Login Banners
Use enable secret
The ident Feature
SNMP Security
Router Access: Controlling Who Can Get into the Router
Securing the Routing Protocol
Securing the Network
Access Control Lists: General Sequential-Based ACLs
BCP 38 Using Unicast RPF [10]
Committed Access Rate to Rate-Limit or Drop Packets [21]
Reacting to Security Incidents
Summary
Endnotes
5. Operational Practices
Point-of-Presence Topologies
Point-of-Presence Design
Backbone Network Design
ISP Services
IPv4 Addressing in an ISP Backbone
Interior Routing
Exterior Routing
Multihoming
Security
Out-of-Band Management
Test Laboratory
Operational Considerations
Summary
Endnotes
A. Access Lists and Regular Expressions
Access List Types
8
IOS Software Regular Expressions
Endnotes
B. Cut-and-Paste Templates
General System Template
General Interface Template
General Security Template
General iBGP Template
General eBGP Template
Martian and RFC 1918 Networks Template
C. Example Configurations
Simple Network Plan
Configurations
Summary
D. Route Flap Damping
BGP Flap Damping Configuration
E. Traffic Engineering Tools
Internet Traffic and Network Engineering Tools
Other Useful Tools to Manage Your Network
Overall Internet Status and Performance Tools
What Other ISPs Are Doing
Summary
F. Example ISP Access Security Migration Plan
Phase 1—Close Off Access to Everyone Outside the CIDR Block
Phase 2—Add Antispoofing Filters to Your Peers
Phase Three—Close Off Network Equipment to Unauthorized Access
Summary
Endnotes
Glossary
Glossary
Technical References and Recommended Reading
Software and Router Management
General Features
Security
Routing
Other References and Recommended Reading
9
About the Authors
Barry Raveendran Greene is a Senior Consultant in the Internet Architectures
Group of Consulting Engineering, Office of the CTO, Cisco Systems. Cisco’s CTO
Consulting group assist ISPs throughout the world to scale, grow, and expand their
networks. The assistance is delivered through consulting, developing new features,
working new standards (IETF and other groups), and pushing forward Best Common
Practices (BCPs) to the Internet community. Barry’s current topics of interests are
ISP Operations and Security as well as developing the features, functionality, and
techniques to enhance an ISP’s success.
Barry has been with Cisco since 1996, traveling to all parts of the world helping ISPs
and telcos build the Internet. He is a former board member for the Asia Pacific
Internet Association (APIA), co-creator for the APRICOT Conferences, Program
Committee Member for ITU’s Telecom 99, and facilitator for the creation of several
Internet eXchange Points (IXPs) in Asia and Pacific. Barry is the co-coordinator for
Cisco’s ISP Workshop Program, which is designed to empower engineering talent in
ISPs all over the world.
Mr. Greene has over 22 years experience in systems integration, security,
operations, maintenance, management, and training on a variety of computer,
internetworking, and telecommunications technologies. Before Cisco Systems, Barry
was Deputy Director Planning and Operations for Singapore Telecom’s SingNet
Internet Service and the Singapore Telecom Internet Exchange (STIX); Network
Engineer and Systems Integrator at Johns Hopkins University/ Applied Physics Lab
(JHU/APL), Network Engineer and Systems Integrator Science Application
International Corporation (SAIC), and a veteran of the United States Air Force.
Philip Smith is a Consulting Engineer in the Internet Architectures Group of
Consulting Engineering, Office of the CTO, Cisco Systems. His role includes providing
consultation and advice to ISPs primarily in the Asia Pacific region and also with
other providers around the world. He concentrates specifically on network strategies,
design, technology, and operations, as well as configuration, scaling, and training.
He plays or has played a major role in training ISP engineers, co-founding the Cisco
ISP/IXP Workshop programme, and providing ISP training and tutorials at many
networking events around the world, including NANOG, RIPE, APNIC, ISOC, and
APRICOT conferences. His other key interests include IPv6, BGP, IGPs, and network
performance and data analysis.
Philip has been with Cisco since January 1998. Since joining, he has been working to
promote and develop the Internet in the entire Asia Pacific region and has been
actively involved in bringing the Internet to some countries in the region. He is a
member of the APRICOT Executive Committee (the region’s annual ISP operational
and technology conference) as well as its Programme Committee, co-chair of APOPS
(the region’s ISP operational forum), and chair of two of APNIC’s special interest
groups (SIG)—the Routing SIG and the Exchange Point SIG. He also has a particular
research interest in the growth of the Internet and provides a detailed daily analysis
of the routing table as seen in the Asia Pacific to the general operator community
worldwide.
Prior to joining Cisco, he spent five years at PIPEX (now part of UUNET’s global ISP
business), the UK’s first commercial ISP, where he was Head of Network
10
Description:member of the APRICOT Executive Committee (the region's annual ISP operational and technology . book is to guide both newcomers and experienced network engineers through the optimal configuration of . 12.0T, specifically aimed at those ISPs deploying MPLS-based virtual private networks.
