Beruflich Dokumente
Kultur Dokumente
Advanced Services
R e g u s B G P a n d D a ta N e tw o rk
Low Level D es i g n V er s i on 1 . 1
C o rp o ra te C is c o 1 7 0 W e s t S a n J o s e , U S A h ttp ://w w w T e l: 4 0 8 0 F a x : 4 0
H e a d q u a rte r s T a s m a n D r iv e C A 9 5 1 3 4 -1 7 0 6 .c 8 0 8 is 5 5 5 c o 2 6 5 3 2 6 .c -4 -N -4 o m 0 0 0 E T S (6 3 8 7 ) 1 0 0
T h e f o llo w in i n s ta l l e d i n a c o m p l y w i th p r o te c ti o n a g
o m p lia ta l l a ti o i ta l d e re s id e
ic e s : T h e a y c a u se w i th th e o w e v e r,
e n td e s c r ib e d in e n c e w i th r a d i o a a ti o n s i n p a r t 1 5 n o g u a r a n te e th a
th i s m a n u a l g n d te l e v i s i o n o f th e F C C r u t i n te r f e r e n c e
e r a te s a n d c e p ti o n . T h s. T h e se sp ill n o to c c u
m a y r a d i a te r a d i o -f r e is e q u ip m e n th a s b e e e c i f i c a ti o n s a r e d e s i g r i n a p a r ti c u l a r i n s ta
q u n n e lla
e n c y e n e rg y . If itis n o t te s te d a n d f o u n d to d to p r o v i d e r e a s o n a b l e ti o n .
Y o u c a n d e te r m i n e w h e th e r y o u r e q u i p m e n t i s c a u s i n g i n te r f e r e n c e b y tu r n i n g i t o f f . I f th e i n te r f e r e n c e s to p s , i t w a s p r o b a b l y c a u s e d b y th e C i s c o e q u i p m e n t o r o n e o f i ts p e r i p h e r a l d e v i c e s . I f th e e q u i p m e n t c a u s e s i n te r f e r e n c e to r a d i o o r te l e v i s i o n r e c e p ti o n , tr y to c o r r e c t th e i n te r f e r e n c e b y u s i n g o n e o r m o r e o f th e f o l l o w i n g m e a s u r e s : T u r n th e te l e v i s i o n o r r a d i o a n te n n a u n ti l th e i n te r f e r e n c e s to p s . M o v e th e e q u i p m e n t to o n e s i d e o r th e o th e r o f th e te l e v i s i o n o r r a d i o . M o v e th e e q u i p m e n t f a r th e r a w a y f r o m th e te l e v i s i o n o r r a d i o . th e te l e v i s i o n o r r a d i o . ( T h a t i s , m a k e c e r ta i n th e e q u i p m e n t a n d th e te l e v i s i o n o r r a d i o a r e o n c i r c u i ts P l u g th e e q u i p m e n t i n to a n o u tl e t th a t i s o n a d i f f e r e n t c i r c u i t f r o m c o n tr o l l e d b y d i f f e r e n t c i r c u i t b r e a k e r s o r f u s e s . )
A l l o th e r tr a d e m a r k s m e n ti o n e d i n th i s d o c u m e n t o r W e b s i te a r e th e p r o p e r ty o f th e i r r e s p e c ti v e o w n e r s . T h e u s e o f th e w o r d p a r tn e r d o e s n o t i m p l y a p a r tn e r s h i p r e l a ti o n s h i p b e tw e e n C i s c o a n d a n y o th e r c o m p a n y . ( 0 1 0 5 R ) IN T E L L E C T U A L P R O P E R T Y R IG H T S : T H S H W S Y T H IS D O A L L N R IT T E S T E M E P R O C U M E N T C O N O T B E D IS C L N N O N -D I S C L S , IN C . T H E D D U C T (S ), T E C T A IN O S E D O S U R IS T R I H N O S V T O E A B U T L O G A L A N N D IO Y U A Y P R N O O F B L E P E R S O P R F T H IN T E T R O N IE T IS L L A D , O A R D O E C E S E R G A Y R C U M T U A C R E T N IZ A IG H T S E N T L P R O S A N D C O T IO N , O R A G R E E M D O E S N O P E R T Y D N F E N E N T G E S C ID E N T IT Y T O R R A N T R IB E T IA L U N L E IN T E A N Y D H E IN F O R M S S S U C L L E C T U L IC E N R E IN . A T H D A L S E I IO N O IS C L O P R O P N O R F C S U E R R IG IS C R E T Y H T O S Y IS S U L IC E S , IN S T E B J E N S E W H M S C T A G O L E , IN T O R E O C . A T H E E M E R IN N D P R N T P A IT S O V I A P P R T , T S U S IO R O O P P L N S V E D T H E IE R S , A N D O F A B Y C IS C O C O N T E N T ,
C o p y r i g h t 2 0 0 1 -2 , C i s c o S y s te m s , I n c . A l l r i g h ts r e s e r v e d . C O M M E R C I A L I N C O N F ID E N C E .
J a n u a r y 1 8 , 2 0 0 8
p r in te d c o p y o f th is d o c u m e n t is c o n s id e r e d u n c o n tr o lle d .
R e g u s L A N /W A N
T r a n s p o r t D e s ig n
S cop e ......................................................................................................................................... 9
A s s um p tions a nd C a v e a ts ...................................................................................................... 9
S ide s y m b ol s .......................................................................................................................... 1 1
C urre nt D a ta N e tw ork D e s ig ns ................................................................................................... 1 4 G l ob a l S ite C l a s s if ica tions .................................................................................................... 1 4 C l a s s if ica tion b y S e rv ice s ..................................................................................................... 1 4
Sta r (Concep t) ................................................................................................................................... 19 Inte rim D a ta N e tw ork A rch ite cture ............................................................................................ 2 0 D e s ig n S cop e ............................................................................................................. 2 0
H y b rid U .S ........................................................................................................................................ 17
F ra m ework U .K / EM EA .................................................................................................................. 16
F ra m ework U .S ................................................................................................................................. 16
Inte rim
T e rm inol og y ............................................................................................................................ 2 0
N e tw ork T op ol og y .................................................................................................................. 2 1
Core F a cing I nterf a ces ...................................................................................................................... 22 N e tw ork D e s ig n C om p one nts .................................................................................................... 2 3 B orde r G a te w a y P rotocol ( B G P ) ........................................................................................... 2 3 BG P Au tonom ou s Sy stem BG P T op ol ogy La y ers....................................................................................................................... 24 Nu m b er (ASN) ....................................................................................... 25
E nh a nce d Inte rior G a te w a y P rotocol ( E IG R P ) ..................................................................... 2 9 EI G R P R ou ter I D .............................................................................................................................. 29 EI G R P Au tonom ou s Sy stem Nu m b er ............................................................................................... 29
Su m m a ry of BG P Design.................................................................................................................. 28
BG P M a x im u m
BG P R ou ter I D.................................................................................................................................. 25
Su m m a ry of EI G R P Design .............................................................................................................. 30
EI G R P Def a u l t / Su m m a ry R ou te ..................................................................................................... 30
Q u eu ing on th e I P P h one................................................................................................................... 38
Switch Q oS Q u eu e T u ning............................................................................................................. 37
Q oS Cl a sses....................................................................................................................................... 33
P ol icing ............................................................................................................................................. 32
p r in te d c o p y o f th is d o c u m e n t is c o n s id e r e d u n c o n tr o lle d .
Su m m a ry of Q oS Design .................................................................................................................. 41
Sy sl og Servers................................................................................................................................... 47
S ite S w itch ing D e s ig n ............................................................................................................ 5 8 CE R ou ter Link ................................................................................................................................. 58 Switch T op ol ogy ............................................................................................................................... 58
DH CP Services ................................................................................................................................. 56
M u sic O n H ol d.................................................................................................................................. 56
P IM
I nb ou nd ACL .................................................................................................................................... 55
IO SF W
EI G R P P rocess .................................................................................................................................. 52
W AN Connectivity ............................................................................................................................ 51
M u l tica st ........................................................................................................................................... 6 1
J a n u a r y 1 8 , 2 0 0 8 R e g u s L A N /W A N T r a n s p o r t D e s ig n
V T P ................................................................................................................................................... 6 1
EI G R P P rocess .................................................................................................................................. 59
p r in te d c o p y o f th is d o c u m e n t is c o n s id e r e d u n c o n tr o lle d .
Switch SDM
P IM
Stu b ........................................................................................................................................... 6 2
S a n F ra ncis co P O P D e s ig n ................................................................................................... 7 7
V T P ................................................................................................................................................... 7 5
DC Switch 1 &
DC Switch
R e g us D ra in S ite &
V T P ................................................................................................................................................... 7 9
p r in te d c o p y o f th is d o c u m e n t is c o n s id e r e d u n c o n tr o lle d .
Su m m a ry of Dra in Site Design ......................................................................................................... 9 1 S of tw a re R e l e a s e s ....................................................................................................................... 93 R oute r T e m p l a te s ........................................................................................................................ 94 7 201/ 7 206 Dra in CE R ou ter T em p l a te.............................................................................................. 9 5
ASA V P N U sers................................................................................................................................ 9 0
CE Access &
ASA F W
38 45 CE R ou ter T em p l a te................................................................................................................. 9 4
P O P ................................................................................................................................................. 101
IP T S ite L is t .................................................................................................. 1 0 1
J a n u a r y 1 8 , 2 0 0 8
p r in te d c o p y o f th is d o c u m e n t is c o n s id e r e d u n c o n tr o lle d .
R e g u s L A N /W A N
T r a n s p o r t D e s ig n
Introduction
E x ecu t ive Su m m ary
Th is doc um ent is a Low Lev el Desig n (LLD) doc um ent desc rib ing th e Reg us N etw ork . It is b uil t b ased upon inf orm ation c ontained in th e H LD (H ig h Lev el Desig n) doc um ent.
Th is desig n im pl em ents Cisc o and industry b est prac tic e desig n m odel s, w h il e sim ul taneousl y inc orporating th e desig n requirem ents prov ided to Cisc o b y Reg us w h ic h c onsist of : H ig h l y S c al ab l e and F l exib l e B G P Desig n f or up to 3000 Reg us S ite routers c onnec ted to up to 8 Drain Loc ations in th e U S Desig n B G P P eering f or Rem ote S ites Rev iew and Depl oy Existing P h ase A S ite L3/ L2 Connec tiv ity at Data Center and Rem ote S ites F l exib l e Desig n to support Inter P rov ider MP LS P eering if nec essary P roj ec t Requires 1 P O P & end of April 2008 S ym m etric al Routing w ith Central iz ed N AT F unc tion (Dec entral iz ed f or S tatic N AT)
D o cu m ent P u rp o se
Th e purpose of th is doc um ent is to outl ine Cisc os Low Lev el Desig n (LLD) f or th e Reg us proj ec t. It detail s th e ph ysic al and l og ic al requirem ents and steps nec essary to m eet th ese requirem ents.
Th is doc um ent prov ides an ov eral l assessm ent of th e netw ork desig n and spec if ic operational f unc tions. Th e ob serv ations and sug g estions presented in th is doc um ent are th e resul t of inf orm ation ac quired f rom Reg us eng ineers during desig n sessions, tel ec onf erenc es, v isits, and/ or v ia doc um entation suppl ied to Cisc o. Th e doc um ent prov ides suf f ic ient detail to deriv e th e dev ic e c onf ig urations th at w il l b e doc um ented in th e N etw ork Im pl em entation P l an. Th e doc um ent c onsists of th e c onf ig uration tem pl ates f or eac h dev ic e type f or th e Interim Desig n. S om e param eters m ay b e f ine tuned during netw ork depl oym ent.
J a n u a r y 1 8 , 2 0 0 8
p r in te d c o p y o f th is d o c u m e n t is c o n s id e r e d u n c o n tr o lle d .
R e g u s
I nt ended Au dience
Th e intended audienc e of th is doc um ent is th e Reg us tec h nic al staf f and m anag em ent as w el l as Cisc o S ystem s and P artner depl oym ent eng ineers.
Sco p e
Th e sc ope of th is doc um ent is to identif y and doc um ent th e detail s nec essary to deriv e c onf ig uration tem pl ates f or rol e spec if ic dev ic es. Th ese dev ic es inc l ude Routers, S w itc h es and F irew al l s.
Af ter ac c eptanc e of th e LLD b y Reg us, th e LLD doc um ent is stil l a l iv ing doc um ent th at w il l b e updated b y experienc es g ained th roug h out th e depl oym ent ph ase.
ent sh oul d b e used as a g uidel ine f or extrac ting th e nec essary inf orm ation to urations th at al l ow th e v arious netw ork el em ents to prov ide th e required is w il l al so al l ow th e depl oym ent eng ineer/ partner to m ak e appropriate h en depl oying and c onf ig uring th e netw ork .
It is assum ed th e reader is f am il iar w ith th e Reg us serv ic e requirem ents. F urth erm ore, it is al so assum ed th e reader is f am il iar w ith Cisc o IO S and h as a b asic understanding of th e netw ork and tec h nol og ies th at w il l b e used to f ul f il l Reg uss requirem ents.
J a n u a r y 1 8 , 2 0 0 8
p r in te d c o p y o f th is d o c u m e n t is c o n s id e r e d u n c o n tr o lle d .
R e g u s L A N /W A N
T r a n s p o r t D e s ig n
H ist o ry
0.8 8 V e rs ion N o. 1/ 10/ 2008 1/ 17 / 2008 Is s ue D a te Dra f t S ta tus F irst rel ea se R e a s on f or C h a ng e 1.1
R eview
R e v ie w e r s D e ta il s V e rs ion N o. D a te
T h is d o c u m e n t w ill b e k e p t u n d e r r e v is io n c o n tr o l.
J a n u a r y 1 8 , 2 0 0 8
p r in te d c o p y o f th is d o c u m e n t is c o n s id e r e d u n c o n tr o lle d .
R e g u s L A N /W A N
T r a n s p o r t D e s ig n
1 0
Side sy m b o l s
Th is sym b ol m eans note. Th e user m ust add inf orm ation, w ritten or typed; to th e doc um ent during th e im pl em entation w ork or th at th e user m ust tak e note of th e inf orm ation presented.
R el at ed D o cu m ent s
R e f e re nce 1 2 3 D ocum e nt V e rs ion 11 1.0 N/ A
IB M Data N etw ork and Voic e Arc h itec ture Cisc o P roduc t Doc um entation
Cisc o H ig h Lev el Desig n Doc um ent (H LD) h ttp:/ / w w w .c isc o.c om / univ erc d/ c c / td/ doc / produc t/ index.h tm
J a n u a r y 1 8 , 2 0 0 8
p r in te d c o p y o f th is d o c u m e n t is c o n s id e r e d u n c o n tr o lle d .
R e g u s L A N /W A N
T r a n s p o r t D e s ig n
1 1
H ig h l y S c al ab l e and F l exib l e B G P Desig n f or up to 3000 Reg us S ite routers c onnec ted to up to 8 Drain Loc ations in U S and/ or Canada Desig n B G P P eering f or Rem ote S ites F l exib l e Desig n to support Inter P rov ider MP LS P eering if nec essary S ym m etric al Routing w ith Central iz ed N AT F unc tion Initial P h ase of th e P roj ec t Requires 2 Data Centers and 3 Rem ote S ites to b e b roug h t onl ine b y end of J an 2008
Cisc o w il l prov ide a Transf er of K now l edg e f or Reg us/ P artner and rec om m endation of S of tw are rel eases f or depl oym ent.
Assum ptions and k now n c av eats reg arding th e c urrent and/ or proposed desig n h av e al ready b een c om m unic ated to av oid m isunderstanding s l ater during th e netw ork desig n rev iew proc ess. Assum ptions and c av eats are detail ed b el ow . Adequate netw ork l ink util iz ation m easurem ents h av e b een c onduc ted b y Reg us to determ ine th e appropriate Link S iz ing to el im inate th e possib il ity of l ink saturation. Circ uit ordering and siz ing f or th e purpose of th is proj ec t is f ul l y m anag ed b y Reg us.
Th e b usiness dec isions w ere m ade at th is tim e b y Reg us to c ontinue w ith th ese k now n risk s. Reg us h as an exstab l ish ed h istory of suc c essf ul l y running equipm ent in Lev el -3s c o-l oc ation f ac il ities. Circ uit f ail ure risk is v iew ed as m inim iz ed b ec ause of th e c irc uits b eing c onnec ted w ith in th e f ac il ity.
J a n u a r y 1 8 , 2 0 0 8
Th ere is v ery l ittl e redundanc y in th e netw ork . F or exam pl e, eac h rem ote site is m ono-h om ed w ith a sing l e router. Al so, w h il e th e data c enter w il l c ontain a pair of sw itc h es, th ere stil l w il l b e onl y a sing l e router at th is l oc ation. Th is m eans th at sing l e point of f ail ure (ie. a router or th e Lev el 3 c irc uit) w il l c ause dow ntim e.
We h av e ob tained doc um entation f rom Reg us and in som e c ases, partners, on th e existing v oic e and data sol utions, IP Addressing , and VLAN inf orm ation. We
p r in te d c o p y o f th is d o c u m e n t is c o n s id e r e d u n c o n tr o lle d .
R e g u s L A N /W A N
T r a n s p o r t D e s ig n
1 2
Th e orig inal IP T S O W is f or a Voic e sol ution onl y; it does not spec if y a Central iz ed (B roadh op) or Dec entral iz ed (Ac c ess Manag er) B andw idth on Dem and Model . In support of B andw idth on Dem and, th e l atest Reg us U S IB M P h ase A Model w il l b e depl oyed at eac h rem ote site using th e sam pl e c onf ig urations (Reg us S ite 380 & 761) and P h ase A Doc um entation. Th is w il l inc rease supportab il ity b y m inim iz ing th e dif f erenc es f rom oth er interim sol utions. Reg us understands th at Cisc o is depl oying th e prev ious IB M P h ase A m odel w h ic h is w ork ing w ith th e c urrent Reg us depl oym ents. Th e tim e pressure on th e proj ec t requires re-use of th e c urrent c onf ig uration. Reg us expec ts Cisc o to c al l out any prob l em s th at w oul d present a risk w ith th e c ontinued use of th e IB M P h ase A c onf ig uration. Th e onl y spec if ic sub net w ith in th e Reg us U S b l oc k th at is b eing adv ertised to th e Internet b y a non Lev el -3 IS P is 66.202.128.0/ 24 (f rom Look ing G l ass Look ups) Lev el -3 appears to b e announc ing th e 66.202.160.0/ 19 w h ic h is th e upper h al f of th e 66.202.128.0/ 18. Th us th ere w il l not b e any c onf l ic ts sinc e th is spac e w il l not b e used f or any of th e th ree new sites.
h av e b een instruc ted to re-use th is inf orm ation rath er th an redesig ning th ese sec tions. Muc h of th is is h ig h l ig h ted in th e Current Data N etw ork Desig ns S ec tion.
VP N P rof il es th at exist on th e F ram ew ork Routers f or IS I, IN X , N etsurant, and Reg us w il l b e reused and enab l ed b y Day 2 support team af ter site turn up. Th ey w il l not b e re-eng ineered, optim iz ed, or enh anc ed, sinc e VP N desig n is outside of th e sc ope of th is interim proj ec t.
Th ere are sev eral existing c onf ig urations th at w il l b e used f or th e interim etw ork . In a f uture proj ec t, Cisc o rec om m ends th at som e areas b e re-ev al uated f or optim al netw ork perf orm anc e. S om e g eneral areas f or im prov em ent in f uture proj ec ts inc l ude: o H ierarc h ic al Q oS Conf ig uration on CE (Q O S Redesig n) o DH CP usag e on S w itc h v s. Router (DH CP Redesig n) o MLS Trust Model v s. Rem ark ing on S w itc h (Q O S Redesig n) o Rate Lim iting on S w itc h v s. Router (Rate Lim iting / B O D Redesig n) o VP N Ac c ess Central iz ation or Direc t MP LS VP N Connec tions (VP N Redesig n)
J a n u a r y 1 8 , 2 0 0 8
p r in te d c o p y o f th is d o c u m e n t is c o n s id e r e d u n c o n tr o lle d .
R e g u s L A N /W A N
T r a n s p o r t D e s ig n
1 3
Th e Reg us tec h nic al arc h itec tural strateg y supports v arious c l ient b usiness ob j ec tiv es supported g l ob al l y. B y c reating a c entral iz ed serv ic e distrib ution m odel CN S / H ead Ends th is w il l al l ow Reg us to reduc e operations and support c osts w h il e prov iding g reater c l ient appl ic ation f eatures. Th is strateg y resul ts in l ow er adm inistration c osts to of f set an inc rease in netw ork c apac ity needed to support real tim e c onv erg ed appl ic ations. Th is desig n is b ased of f c ertain ag reed upon c ost approv al s and any dev iations need to b e pre-approv ed b y th e Arc h itec ture Rev iew B oard (ARB ). Th e f ol l ow ing def ines th e dif f erent c l asses of sites th at w il l b e depl oyed g l ob al l y.
At l an t ic P eerin g
C h in a C l u st er
H o n g K o n g
B raz il C l u st er
S erv ic es and th eir del iv ery h av e b een desig ned b ased on th e site c l assif ic ation. Th ese sites w il l h av e MP LS c onnec tiv ity to th e reg ional h ead end f or f ul l serv ic e c l ass f unc tional ity. F or sites
R e g u s L A N /W A N T r a n s p o r t D e s ig n
J a n u a r y 1 8 , 2 0 0 8
1 4
p r in te d c o p y o f th is d o c u m e n t is c o n s id e r e d u n c o n tr o lle d .
th at do not support MP LS due to c ost c onstraints or in c ountry reg ul atory issues, th e S tar desig n w il l b e c onsidered to prov ide sim il ar f unc tional ity g iv en l ow er b andw idth assum ptions. Th e N um b er of Total S ites per Reg ion is Dependent on th e Mix of S m al l (S S ), Medium Larg e (LS ), and Extra Larg e (X L). (MS ),
Redundant c al l proc essing serv ic es w il l b e instal l ed at th e Atl anta, G A and S ec auc us, N J h ead ends to prov ide uninterrupted v oic e serv ic es. Voic e and netw ork c om ponents at th e h eadends m ust util iz e protec ted pow er sourc es Al l redundant c om ponents m ust b e c onnec ted to al ternate pow er sourc es Voic e g atew ays at m edium and l arg e l oc ations m ay h av e redundant c onnec tions to th e P ub l ic S w itc h ed Tel eph one N etw ork (P S TN ) on as needed b asis Rem ote sites m ust util iz e a rem ote surv iv ab il ity f eature in th e ev ent th at c onnec tiv ity is l ost b etw een th e rem ote site and th e c al l proc essing serv ers Th e initial P h ase I system sh oul d support up to 30,000 end dev ic es (20,000 h andsets, 10,000 v irtual ) Atl anta, G A and S ec auc us, N J h eadend l oc ations 48 U .S . b ased Reg us l oc ations (approxim atel y 10,000 total tel eph one dev ic es)
Sta r Network
Th is site c l assif ic ation is b eing c onsidered f or sites th at h av e l im ited b andw idth or c ountry reg ul atory issues prev enting th e transm ission of v oic e of data netw ork s. It h as b een disc ussed th at th is site w il l ac t as a reg ional CN S prov iding sim il ar serv ic es b ut l im ited due to c osts or netw ork serv ic e av ail ab il ity.
101 t o 2 2 5 U s e r s ( M e d i u m ) N C O -C M E
Larg e Reg us l oc al sites w il l rec eiv e th e appropriate netw ork and appl ic ation serv ic es as desc rib ed in th e appropriate sec tion of th is doc um ent. Th ese sites w il l rec eiv e al l oth er serv ic es f rom CN S sites. Medium Medium Medium 4 up to 113 Work stations 3 up to 134 Work stations 2 up to 165 Work stations
J a n u a r y 1 8 , 2 0 0 8
p r in te d c o p y o f th is d o c u m e n t is c o n s id e r e d u n c o n tr o lle d .
R e g u s L A N /W A N
T r a n s p o r t D e s ig n
1 5
Medium
2 2 6 t o 4 6 0 U s e r s ( L a r g e ) N C O -C M
Custom Reg us l oc al sites w il l b e anal yz ed at th e tim e of depl oym ent. As a resul t of th e anal ysis, th is type of site m ay rec eiv e a c ustom c onf ig uration of serv ic es l oc al l y or m ay potential l y b ec om e a Tier 2 CN S site depending on c ountry reg ul ations and c arrier serv ic es supported. Larg Larg Larg Larg e 4 up to 293 Work e 3 up to 347 Work e 2 up to 393 Work e 1 up to 460 Work stations stations stations stations
E x cep tions
Exc eption sites are deem ed nec essary w h en th e c riteria f or im pl em enting a Larg e, Medium , or S m al l site c annot b e used. An exam pl e of th is w oul d b e Airports or Mini-Reg us sites. Th oug h it is dif f ic ul t to f orec ast al l situations th at w oul d require an exc eption site im pl em entation, a f ew situations h av e b een disc ussed th at m ay use existing arc h itec ture to c om pl ete. Th is is not w ith in th e sc ope b ut is w orth m entioning .
G l o b al Sit e So l u t io n St andards
It sh oul d b e noted th at th e g l ob al sol ution standards are not th e targ eted standards b ut prov ide l ik e f unc tional ity until suc h tim e w h en CN S is c om pl ete. An exam pl e of th is is th e F ram ew ork sol ution w h ic h w il l b e el im inated entirel y.
F ra m ework U . S
Th is sol ution is c onsidered an interim sol ution f or N CO s. It prov ides VoIP v oic e serv ic es using onsite v oic e serv ers, b asic B andw idth -on-Dem and c ontrol , h ow ev er, doesn' t inc l ude f air ac c ess sh ared b andw idth c ontrol and no ac c ess to h eadends. Depending on th e site c l assif ic ations th e sol ution c om ponents c onsist of Cisc o IS R (2851, 3825, 3845) routers and CN S -approv ed Cisc o sw itc h es, al so onsite 7845 Cal l Manag er, 7845 Cisc o U nity, N etw ise, IS I. Th is sol ution does not prov ide Layer-2 f air ac c ess sh ared b andw idth queue c ontrol and Internet onl y data T1s. Reg us does prov ide S MTP Mail Rel ay, S print DN S serv ers, IS DN P ol yc om and v ideo c onf erenc ing . Th is sol ution is suited b est f or sites needing Cisc o VoIP b ut no CN S P h ase A data inc l uding no f air ac c ess sh ared b andw idth c ontrol and no ac c ess to h eadends.
F ra m ework U . K / E M E A
Th is sol ution is al so c onsidered an interim sol ution f or N CO s and sh oul d b e c onsidered a c l ose of th e U .S F ram ew ork sites used f or v oic e onl y depl oym ents. Th e sol ution c om ponents are c onsistent w ith th e U .S b il l of m aterial s. Th is sol ution is m ost suited f or
R e g u s L A N /W A N T r a n s p o r t D e s ig n
J a n u a r y 1 8 , 2 0 0 8
1 6
p r in te d c o p y o f th is d o c u m e n t is c o n s id e r e d u n c o n tr o lle d .
sites needing VoIP in l ieu of th e h eadends b eing instal l ed w ith th e intention to m ig rate th ese sites to CN S w h en h eadends are c om pl ete.
Step Z ero U . K
S ites c onnec t v ia MP LS netw ork to tw o Internet G atew ays w ith B G P as th e routing protoc ol . Th is sol ution w il l prov ide B andw idth on Dem and (B oD) using Cisc o 3825 and 3845 router w ith H WIC-4ES W c ard used during m ig ration. Th ese routers are a c ut dow n v ersion of U .S CN S c onf ig uration inc l uding a 100Mb ps f ib er upl ink prov ided b y B ritish Tel ec om (B T) w ith rate l im iting . Initial U K rol l out to prov ide data. Rol l out c om pl ete - instal l ed in 100 sites. Master S ite List spreadsh eet l ists th e sites. B oM and desig n ag reed b y U S team . Reg us sig nof f of doc s ob tained. U pg rade routers to CN S spec w h en m ig rate to CN S . As per S tep 0 in U K , sites c onnec t v ia MP LS netw ork to tw o Internet G atew ays using B G P and B oD). S ites c onnec t at E3 (34Mb ps) upl ink s w ith a Cisc o 3845 router using N M1T3/ E3 c ard to stay c onsistent w ith U .S S tep 0 desig n. Depending on th e site c l assif ic ation th ere m ay b e a need f or onl y a E1 l ine c ard f or 3825 or 3845 routers.
Step Z ero E M E A
H y b rid U . S
Th is sol ution type is c onsidered th e 2nd interim sol ution f or N CO s. Th is sol ution prov ides VoIP v oic e serv ic es using dedic ated onsite v oic e serv ers w ith f ul l CN S B andw idth -onDem and c ontrol , ac c ess to h eadends v ia MP LS c irc uits. S im il ar c om ponents to th e F ram ew ork sol ution inc l uding ; IS R (2851, 3825, 3845) router. CN S -approv ed Cisc o sw itc h es. O nsite serv er c om ponents 7845 Cal l Manag er, 7845 Cisc o U nity, N etw ise, IS I. Layer 3 LAN w ith f air ac c ess sh ared b andw idth queue c ontrol . S print MP LS data T1s. H eadend S MTP Mail Rel ay and DN S serv ers. IS DN P ol yc om v ideo c onf erenc ing . Th is sol ution is b est suited f or sites needing Cisc o VoIP w ith CN S P h ase A data serv ic es. P rov ides B andw idth -on-Dem and serv ic es v ia DS 3 or Eth ernet WAN to U S l eg ac y sites. Com ponents used f or th is sol ution type are 3845 router, typic al l y sing l e 3560 sw itc h c onnec ting to Leg ac y LAN , Layer 3 LAN w ith f air ac c ess sh ared b andw idth queue c ontrol , L3 MP LS DS 3 or Eth ernet WAN , H eadend S MTP Mail Rel ay and DN S serv ers, l eg ac y P B X . F or sites needing B oD serv ic es 293 total U S sites none of w h ic h h av e b een depl oyed. Th is sol ution is aw aiting Reg us ARB approv al . P rov ides c om pl ete CN S P h ase 1A serv ic es inc l uding c entral iz ed P B X / v oic e m ail , audio/ w eb c onf erenc ing , v ideo c onf erenc ing , S MTP m ail rel ay, DN S serv ers and
C o m p a n y C o n fid e n tia l.A p r in te d c o p y o f th is d o c u m e n t is c o n s id e r e d u n c o n tr o lle d .
Step Z ero U . S
CNS Ph a se 1(A )
J a n u a r y 1 8 , 2 0 0 8
R e g u s L A N /W A N
T r a n s p o r t D e s ig n
1 7
B andw idth -on-Dem and. IS R (2851, 3825, 3845) router, al l new CN S -approv ed Cisc o sw itc h es, c entral iz ed v oic e using H -U CS w ith N etw ise attendant c onsol e, CN S data desig n using L3 LAN f or B andw idth -on-Dem and, H E S MTP Mail Rel ay & DN S serv ers, H E P ol yc om . Th is sol ution type is f or sites needing f ul l CN S P h ase A serv ic es. Currentl y b eing used f or al l U S N CO s and sites w ith end-of -l if e P B X s. S ite c urrentl y depl oyed are LA, F ol som , Ch ic ag o, Atl anta and P etal um a. P h ase 1A v oic e c om pl ete. P h ase 1B data (B roadh op) P CR is b eing g enerated.
CNS Ph a se 1(B )
P rov ides c om pl ete CN S P h ase serv ic es as desc rib ed in th e orig inal S O W inc l uding c entral iz ed P B X / v oic e m ail , audio/ w eb c onf erenc ing , v ideo c onf erenc ing , S MTP m ail rel ay, DN S serv ers, B andw idth -on-Dem and, auth entic ation, data prov isioning autom ation. S ol ution c om ponents are sim il ar to CN S P h ase 1(A) inc l uding ; Cisc o IS R (2851, 3825, 3845) router, CN S -approv ed Cisc o sw itc h es, Central iz ed v oic e using H -U CS w ith N etw ise attendant c onsol e, CN S data desig n using L2 LAN f or B andw idth -on-Dem and, H E S MTP Mail Rel ay & DN S serv ers, H E P ol yc om , Autom ation of data prov isioning (ATP ) Rem ote ac c ess VP N and ac c ess auth entic ation F or sites needing f ul l CN S P h ase B serv ic es. Wil l b e used at al l N CO s or sites needing CN S serv ic es. Th e sol ution desig n is c om pl ete. Th e IB M P CR is b eing g enerated f or im pl em entation in U S & EMEA. Th is sol ution prov ides a l ow c ost IP Tel eph ony serv ic e prov iding l eg ac y P B X repl ac em ent w ith h eadend m ig ration support. Th e idea is th at th is sol ution w il l ev entual l y repl ac e th e H yb rid U .S and U .K / EMEA F ram ew ork sol utions. Th is sol ution m ay b e m ig rated to CN S , S tar, or w ork as S tandal one sol ution. Th is desig n is v oic e onl y and independent of th e f inal data desig n P h ase A/ B or Centrinet. Th is sol ution is b est suited f or site c l assif ic ations g reater th an 240 and l ess th an 900 IP P h ones using 3845-IS R-S RS T Router, 7825-I3 Cal l Manag er 4.2, 7825 U nity 4.2, IS I Cal l Log g er (B il l ing ), EVO Contac t Attendant Consol e.
NCO -CM
Current site depl oym ents are B risb ane, AU , h ow ev er, th ere are som e m inor serv er dif f erenc es due to th e tig h t tim e f ram es in w h ic h IB M h ad to operate in. IB M P CR 61 h as b een g enerated f or im pl em entation in U S & EMEA and AP . Reg us h as v erb al l y ac c epted th e sol ution and h as b een sub m itted to th e proposal to th e ARB , h ow ev er, no f orm al ac c eptanc e h as b een approv ed.
NCO -L ite
Th is sol ution prov ides a l ow c ost IP Tel eph ony serv ic e prov iding l eg ac y P B X repl ac em ent w ith h eadend m ig ration support. Th e idea is th at th is sol ution w il l ev entual l y repl ac e th e H yb rid U .S and U .K / EMEA F ram ew ork sol utions. Th is sol ution m ay b e m ig rated to CN S , S tar, or w ork as S tandal one sol ution.
C o m p a n y C o n fid e n tia l.A p r in te d c o p y o f th is d o c u m e n t is c o n s id e r e d u n c o n tr o lle d .
J a n u a r y 1 8 , 2 0 0 8
R e g u s L A N /W A N
T r a n s p o r t D e s ig n
1 8
Th is desig n is v oic e onl y and independent of th e f inal data desig n P h ase A/ B or Centrinet. Th is sol ution is b est suited f or site c l assif ic ations of g reater th an 240 IP P h ones using 3845IS R-CME Router, MCS -7825-I3 U nity 4.2, IS I Cal l Log g er (B il l ing ), EVO Contac t Attendant Consol e.
Th e onl y dif f erenc e b etw een th is sol ution and th e N CO -CME is th at th is sol ution does not require additional serv er h ardw are.
Sta r (Concep t)
O nc e th is sol ution type h as b een f ound to b e tec h nic al l y v iab l e m ore inf orm ation w il l b e prov ided to th is sec tion. U ntil th en w e do k now th at it sh oul d prov ide sim il ar f unc tional ity as a CN S supporting N CO l im itations on b andw idth , c irc uit c ost, and possib l e reg ul atory in c ountry c onstraints. F urth er test and dev el opm ent is needed to understand th e Reg ional CN S c onc ept inc l uding v oic e ag g reg ation, data desig n, Q oS , and supportab il ity. Th is researc h sh oul d b e c om pl eted w ith IB M/ Reg us and al l th ird party v endors.
J a n u a r y 1 8 , 2 0 0 8
p r in te d c o p y o f th is d o c u m e n t is c o n s id e r e d u n c o n tr o lle d .
R e g u s L A N /W A N
T r a n s p o r t D e s ig n
1 9
Interim
I nt erim
Th e Interim Data N etw ork Arc h itec ture and Desig ns c ontained in th is doc um ent disc usses eac h site type and topol og ies b ased on requirem ents H ig h Lev el Desig n (H LD) doc um ent. Th e sec tions th at are addressed in th is doc um ent are: o N etw ork Topol og y o S ite Router Desig n o S ite S w itc h ing Desig n o Data Center Router Desig n o Data Center/ P O P S w itc h ing Desig n o Data Center F irew al l Desig n o Lev el -3 O w ned Routers
Eac h one of th ese sec tions is disc ussed in m ore detail in th e sub sequent sec tions.
T erm ino l o g y
Th roug h out th e c ourse of th is doc um ent, th ere are sev eral term s th at are used. Th ey are l isted h ere f or ref erenc e. D ra i n Internet peering l oc ation (up to 8 Lev el -3 U S l oc ations c onsisting of Drain CE, P E and IX C Router) P E P rov ider Edg e Router ow ned b y Lev el -3 C E Custom er Edg e Router ow ned b y Reg us
N o n D ra i n P E S tandard MP LS P E th at w il l rec eiv e a prim ary and sec ondary def aul t f rom prim ary and sec ondary drains D ra i n P E peers to Drain CE D ra i n C E Custom er Edg e Router at Drain Loc ation ow ned b y Reg us peers to Drain P E D ra i n I X C R o u t e r peers to Lev el -3 Internet Router AS N 146 7 6 Reg us B G P Autonom ous S ystem N um b er f rom ARIN
T r a n s p o r t D e s ig n
J a n u a r y 1 8 , 2 0 0 8
p r in te d c o p y o f th is d o c u m e n t is c o n s id e r e d u n c o n tr o lle d .
R e g u s L A N /W A N
20
D a t a C e n t e r Lev el -3 Col l oc ation S ite th at h osts b oth Voic e and Data Cal l Manag er Cl uster w ith U nity & S an F ranc isc o, CA Cinc innati, O H Internet Drain
H u b S w i t c h Layer-3 sw itc h h andl es inter-VLAN routing and c onnec ts Layer-2 sw itc h es at a rem ote site
N et w o rk T o p o l o g y
As depic ted b el ow , th e netw ork topol og y c onsists of Drain IX C Routers, Drain CE Routers, Drain P E Routers, P E Routers, CE Routers and CE S w itc h es. Th e topol og y c onsists of 8 Drain Loc ations, eac h w ith a Drain IX C Router, a Drain CE Router and al so a Cisc o AS A F irew al l th at w il l prov ide N AT serv ic es f or priv ate address spac e th at is destined to th e Internet.
J a n u a r y 1 8 , 2 0 0 8
p r in te d c o p y o f th is d o c u m e n t is c o n s id e r e d u n c o n tr o lle d .
R e g u s L A N /W A N
T r a n s p o r t D e s ig n
21
J a n u a r y 1 8 , 2 0 0 8
p r in te d c o p y o f th is d o c u m e n t is c o n s id e r e d u n c o n tr o lle d .
R e g u s L A N /W A N
T r a n s p o r t D e s ig n
22
B G P w il l b e used f or announc ing routes f rom a Reg us S ite/ P O P / Data Center to th e MP LS Core and al so f or c onnec ting to th e Internet at eac h drain l oc ation. EIG RP w il l b e al so used w ith in a site. Q ual ity of S erv ic e (Q oS ) is anoth er k ey aspec t of th e desig n as it reg ul ates th e b andw idth th at an end user c an use and al so protec ts v oic e and v ideo b y ensuring a l ow l atenc y queuing m ec h anism .
A k ey aspec t of th e desig n is to ensure sym m etry of traf f ic f l ow s as th ey enter and exit th e Internet. Th is w il l b e disc ussed in detail in th is sec tion as w el l .
Bo r d e r G a t e w a y P r o t o c o l ( BG P )
B G P is used extensiv el y in th e Reg us N G N . F undam ental l y, th ere are tw o c ateg ories f or w h ic h B G P is used, nam el y: B G P C o n f i g u ra t i o n s f o r L e v e l -3 Ow n e d R o u t e rs Drain P E (DP E) (Laurel Router) P E (Laurel Router)
B G P C o n f i g u ra t i o n s f o r R e g u s Ow n e d R o u t e rs IX C P eering Router (Cisc o 7206) Reg us CE Router (Cisc o 3845) Reg us Drain CE Router (Cisc o 7201)
Network
Lev el -3 MP LS Core Lev el -3 IX C P eering Reg us S ite (ARIN Reg istered)
A S N
1 3356
14676
J a n u a r y 1 8 , 2 0 0 8
p r in te d c o p y o f th is d o c u m e n t is c o n s id e r e d u n c o n tr o lle d .
R e g u s L A N /W A N
T r a n s p o r t D e s ig n
23
Af ter disc ussions w ith Lev el -3, th ey h av e ag reed to th ey w il l prov ide th e f ol l ow ing B G P serv ic e f eatures using th eir Laurel MP LS P l atf orm . Wh il e Lev el -3 does not c urrentl y use Cisc o Routers as th eir P Es, th e sam e f eatures are av ail ab l e on Cisc o, so open standard f eature sets h av e b een used. Th ese f eatures are: AS Ov e rri d e h ttp:/ / w w w .c isc o.c om / univ erc d/ c c / td/ doc / produc t/ sof tw are/ ios120/ 120new f t/ 120t/ 120 t7/ v pn_ en.h tm # w p1045899 D e f a u l t R o u t e Ori g i n a t i o n h ttp:/ / w w w .c isc o.c om / en/ U S / doc s/ ios/ 12_ 3/ iproute/ c om m and/ ref erenc e/ ip2_ n1g .h tm l # w p1037042 S e n d i n g a n d R e c e i v i n g S t a n d a rd c o m m u n i t i e s f ro m C E
h ttp:/ / w w w .c isc o.c om / en/ U S / doc s/ ios/ 12_ 3/ iproute/ c om m and/ ref erenc e/ ip2_ n1g .h tm l # w p1039539
M D 5 Au t h e n t i c a t i o n
h ttp:/ / w w w .c isc o.c om / en/ U S / doc s/ ios/ 12_ 3/ iproute/ c om m and/ ref erenc e/ ip2_ n1g .h tm l # w p1081288
Ot h e r As s u m p t i o n s
With in th e Lev el -3 MP LS b ac k b one P Es w il l m atc h ing on Extended c om m unity attrib ute f or sel ec ted routes and setting a B G P l oc al pref erenc e to th ose m atc h ing routes, im port/ export Routes b y setting Route Targ ets. Th e Lev el -3 Routers do not prov ide Route Ref l ec tion. Lev el -3 is c urrentl y testing th e l ab Route Targ et sol ution on b oth th eir Laural and M120 netw ork . Th ey are on trac k to del iv er th e sol ution w ith out af f ec ting th e tim el ine of th e proj ec t.
B G P T op ol ogy L a y ers
B G P w il l b e used at v arious l oc ations, as w as stated earl ier. Th e f ol l ow ing diag ram sh ow s th e Reg us B G P Topol og y Layers. Th ere is EB G P used b etw een CE and P E as w el l as f or peering to th e Internet. Th ere w il l b e iB G P used f or P eering b etw een th e Drain Routers.
J a n u a r y 1 8 , 2 0 0 8
p r in te d c o p y o f th is d o c u m e n t is c o n s id e r e d u n c o n tr o lle d .
R e g u s L A N /W A N
T r a n s p o r t D e s ig n
24
B G P A u tonom ou s Sy stem
Nu m b er (A SN)
N um b er of th e B G P proc ess to w h ic h th e
Th e proc ess ID is th e Autonom ous S ystem router b el ong s. Reg us w il l b e using th e B G P AS N 146 7 6 .
B G P Rou ter I D
Cisc o rec om m ends using a stab l e interf ac e IP address as th e Router ID. Loopb ac k interf ac e addresses are g eneral l y th e b est f it f or th is. Reg us w il l use Loopb ac k 0 IP address as th e B G P Router-id. Router IDs are typic al l y tak en out of th e 172.18.x.x rang e and assig ned b y Centri.net.
B GP R ou ter I D
router bgp 14676 router-id < l oopbac k _ 0 _ I P _ address>
25
p r in te d c o p y o f th is d o c u m e n t is c o n s id e r e d u n c o n tr o lle d .
B G P Redistrib u tion
Th e Reg us netw ork w il l not require any redistrib ution statem ents. B G P netw ork statem ents are used to speed up c onv erg enc e and yiel d b etter stab il ity. Ev en in th e c ase w h ere EIG RP is used w ith in rem ote site c onnec tiv ity, no redistrib ution w il l b e depl oyed. B el ow is a sam pl e netw ork c onf ig uration using netw ork statem ents.
B GP Netw ork C on f igu ration
router bgp 14676 n etw ork < n etw ork to adv ertise> mask < mask v al ue>
B G P A u th entica tion
MD5 auth entic ation prov ides a m eans of sec urity suc h th at no passw ord trav el s on th e ph ysic al m edium . Instead, eac h router uses MD5 to produc e a m essag e dig est of th e B G P pac k et pl us th e k ey, w h ic h is sent on th e ph ysic al m edium . U sing MD5 auth entic ation prev ents a router f rom ac c epting unauth oriz ed or del ib eratel y m al ic ious routing updates, w h ic h c oul d c om prom ise netw ork sec urity. Th eref ore, MD5 auth entic ation w il l b e c onf ig ured f or al l B G P peers using th e f ol l ow ing c onf ig uration.
B GP Au th en tic ation C on f igu ration
router bgp 14676 n eigh bor < L ev el 3 n eigh bor < L ev el 3 n o auto-summary P E > remote-as 1 P E > passw ord 7 10 5C 0 C 1E 10 0 4
B G P M a x im u m
Pref ix es
To c ontrol h ow m any pref ixes c an b e rec eiv ed f rom a neig h b or, use th e neig h b or m axim um -pref ix c om m and in router c onf ig uration m ode. At al l CE sites, sinc e th e onl y route th at w il l b e send/ expec ted f rom a P E is th e def aul t route, w e w il l use th is to l im it th e m axim um num b er of pref ixes to 1. Th is is a g ood saf eg uard ag ainst g etting too m any routes and c ausing issues. A sysl og m essag e w il l al so b e produc ed w h en th e m axim um pref ixes are l earned and if m ore th an th e m axim um are l earned, th en th e peer w il l reset.
B GP M ax im u m P ref ix C on f igu ration
P E > maximum-pref ix 1 router bgp 14676 n eigh bor < L ev el 3
J a n u a r y 1 8 , 2 0 0 8
p r in te d c o p y o f th is d o c u m e n t is c o n s id e r e d u n c o n tr o lle d .
R e g u s L A N /W A N
T r a n s p o r t D e s ig n
26
B G P L og Neigh b or Ch a nges
Th e b g p l og -neig h b or-c h ang es c om m and enab l es l og g ing of B G P neig h b or status c h ang es (up or dow n) and resets f or troub l esh ooting netw ork c onnec tiv ity prob l em s and m easuring netw ork stab il ity. U nexpec ted neig h b or resets m ig h t indic ate h ig h error rates or h ig h pac k et l oss in th e netw ork and sh oul d b e inv estig ated.
B GP L og Neigh bor C h an ges C on f igu ration
router bgp 14676 bgp l og-n eigh bor-c h an ges
B G P D ef a u l t Rou tes
Eac h rem ote site w il l rec eiv e a sing l e def aul t route f rom th e Lev el -3 Core P E f or InterS ite ac c ess. Ac c ess-l ist 50 w il l b e c onf ig ured on eac h site router to onl y al l ow f or th e def aul t route. Th is w il l th en b e appl ied to th e neig h b or using a distrib ute-l ist in.
B GP Def au lt R ou te an d Dis tribu te L is t C on f igu ration
router bgp 14676 n eigh bor < L ev el -3 P E > distribute-l ist 50 n o auto-summary ! ac c ess-l ist 50 permit 0 . 0 . 0 . 0 in
J a n u a r y 1 8 , 2 0 0 8
p r in te d c o p y o f th is d o c u m e n t is c o n s id e r e d u n c o n tr o lle d .
R e g u s L A N /W A N
T r a n s p o r t D e s ig n
27
Su m m a ry of B G P D esign
Al l Reg us B G P Routers w il l h av e th e f ol l ow ing rul es: Al l B G P R o u t e rs w i l l h a v e t h e f o l l o w i n g R u l e s Reg us B G P AS N = 14676 S et a Router ID Manual l y to m atc h th e l oopb ac k address
U se netw ork statem ents f or Route Adv ertisem ent and m atc h ing route to N ul l 0 w ith adm in c ost of 254 to k eep f l apping to a m inim um Announc e N etw ork s w ith Route Maps to set standard c om m unity v al ues U se MD5 Auth entic ation Log N eig h b or Ch ang es
S end/ rec eiv e B G P S tandard Com m unities v ia send-c om m unity k eyw ord
Al l R e g u s B G P M P L S C E R o u t e rs w i l l h a v e t h e f o l l o w i n g a d d i t i o n a l ru l e s : P eer to th e AS N f or Lev el 3 MP LS Core (AS N 1) Depl oy Route Maps f or Com m unity setting rul es:
O nl y If P ub l ic Address S pac e th at is f rag m ented b etw een Lev el 3 and S print spac e, set c om m unity to 14676:S iteN um b er pl us Drain P ref erenc e S etting . Th is m ust m atc h th e P E S etting s.
J a n u a r y 1 8 , 2 0 0 8
p r in te d c o p y o f th is d o c u m e n t is c o n s id e r e d u n c o n tr o lle d .
R e g u s L A N /W A N
T r a n s p o r t D e s ig n
28
E nh anced I nt erio r G at ew ay P ro t o co l (E I G R P )
EIG RP w il l b e used b etw een 3845 and 3560 rem ote site sw itc h es f or l oc al site c onnec tiv ity.
E I G RP A u tonom ou s Sy stem
E I GR P ASN C on f igu ration
Nu m b er
E I G RP Rou ter I D
Cisc o rec om m ends using a stab l e interf ac e IP address as th e Router ID. Loopb ac k interf ac e addresses are g eneral l y th e b est f it f or th is. Reg us w il l use Loopb ac k 0 IP address as th e EIG RP router-id.
E I GR P R ou ter I D
router eigrp 14676 eigrp router-id < l oopbac k 0 >
E I G RP Pa ssive I nterf a ce D ef a u l t
Cisc o rec om m ends using EIG RP P assiv e interf ac e def aul t. Th is m eans th at Enh anc ed IG RP is disab l ed on an interf ac e th at is c onf ig ured as passiv e al th oug h it adv ertises th e route. Th is prev ents il l ic it neig h b ors f rom f orm ing .
E I GR P P as s iv e I n terf ac e Def au lt
router eigrp 14676 passiv e-in terf ac e def aul t
J a n u a r y 1 8 , 2 0 0 8
p r in te d c o p y o f th is d o c u m e n t is c o n s id e r e d u n c o n tr o lle d .
R e g u s L A N /W A N
T r a n s p o r t D e s ig n
29
E I G RP Redistrib u tion
Th ere w il l not b e any redistrib ution on th e EIG RP Routers. Th e l oc al site routes w il l b e announc ed into B G P v ia N etw ork S tatem ents.
E I G RP D ef a u l t / Su m m a ry Rou te
EIG RP w il l b e c onf ig ured to orig inate a def aul t route using th e sum m ary address c om m and on th e dow nstream interf ac e to th e EIG RP P eer. N ote th at th e sum m ary sh oul d b e set up w ith a adm inistrativ e distanc e of 254 so th at th e B G P l earned def aul t is not ov erridden.
E I GR P Su m m ary Ad d res s C on f igu ration
in terf ac e GigabitE th ern et0 / 1 ip summary-address eigrp 14676 0 . 0 . 0 . 0 0 . 0 . 0 . 0 2 54
Su m m a ry of E I G RP D esign
Al l E I G R P R o u t e rs w i l l h a v e t h e f o l l o w i n g R u l e s Router EIG RP AS N = 14676 S et a Router ID Manual l y to m atc h th e l oopb ac k address
U se passiv e interf ac e def aul t f or al l interf ac es exc ept th e interf ac e f ac ing th e dow nstream
peer(s)
3560.
J a n u a r y 1 8 , 2 0 0 8
p r in te d c o p y o f th is d o c u m e n t is c o n s id e r e d u n c o n tr o lle d .
R e g u s L A N /W A N
T r a n s p o r t D e s ig n
3 0
Q u al it y o f Service (Q o S)
Th e Q oS desig n h as th e f ol l ow ing requirem ents: Al l ow P rioritiz ation of Del ay S ensitiv e Appl ic ations (Voic e & B andw idth Control f or Cl ients Ac c essing th e Internet o S h ared S erv ic e o Dedic ated S erv ic e Video)
Note
Map Reg us Q oS Cl asses in Lev el 3 MP LS VP N Q oS Q ueues At th e instruc tion of Reg us, Cisc o w il l b e using th e IB M P h ase A Q oS Conf ig uration to im pl em ent B andw idth O n Dem and. Th ere are al ternate approac h es to Q oS w h ic h inc l udes of f l oading Q oS to th e sw itc h es rath er th an perf orm ing it on th e router, h ow ev er th is is outside of th e sc ope of th is proj ec t. Reg us expec ts Cisc o to c al l out any prob l em s th at w oul d present a risk w ith th e c ontinued use of th e IB M P h ase A c onf ig uration.
o Th e sh ared serv ic e of f ering is c om prised of a g uaranteed and an up-to c om ponent Th e up-to c om ponent is av ail ab l e b andw idth in exc ess of th e g uaranteed c om ponent w h ic h v aries b ased on ov eral l site b andw idth usag e. Th e up-to c om ponent is c apped at a def ined l ev el up to w h ic h users m ay b urst
D e d i c a t e d S e rv i c e
o Th e g uaranteed portion of a dedic ated serv ic e partition h as priority ov er th e up-to portion of th e sh ared serv ic e of f ering
J a n u a r y 1 8 , 2 0 0 8 R e g u s L A N /W A N T r a n s p o r t D e s ig n
o Th e up-to portion of anoth er serv ic e partition m ay ov erl ap th e g uaranteed portion of a dedic ated serv ic e partition
o Dedic ated serv ic e partition m ust not ov erl ap th e g uaranteed portion of any oth er serv ic e partition
3 1
p r in te d c o p y o f th is d o c u m e n t is c o n s id e r e d u n c o n tr o lle d .
w id th ps ps ps
Pol icing
Th e ra t e -l i m i t i n p u t c om m and is used to enf orc e b andw idth c ontrol on b oth sh ared and dedic ated serv ic es. Rate l im iters are appl ied inb ound to b oth th e WAN and LAN interf ac es of th e Rem ote S ite CE Router. Eac h c l ient is assoc iated w ith a rate l im iter v ia a Layer 3 ac c ess l ist. Traf f ic exc eeding th e pol ic y is stric tl y dropped. Rate l im iting v al ues appl ied inb ound to b oth router interf ac es def ine th e av erag e rate, th e norm al b urst rate (1/ 8 av g rate) * 1.5, and exc ess b urst rate (2* norm al b urst rate).
C E P olic in g C on f igu ration
J a n u a r y 1 8 , 2 0 0 8
p r in te d c o p y o f th is d o c u m e n t is c o n s id e r e d u n c o n tr o lle d .
R e g u s L A N /W A N
T r a n s p o r t D e s ig n
3 2
in terf ac e S erial 0 / 0 rate-l imit in put ac c ess-group 2 0 0 tran smit exc eed-ac tion drop ! in terf ac e GigabitE th ern et0 / 0 rate-l imit in put ac c ess-group 2 0 0 tran smit exc eed-ac tion drop ! ac c ess-l ist 2 0 0 1 remark V l an 60 1 ac c ess-l ist 2 0 0 1 den y ip 10 . 12 0 ac c ess-l ist 2 0 0 1 den y ip 10 . 12 0 ac c ess-l ist 2 0 0 1 permit ip 10 . 12 0 ac c ess-l ist 2 0 0 1 permit ip an y 10
1 2 0 48 0 0 0
3 8 40 0 0
768 0 0 0
c on f orm-ac tion
1 2 0 48 0 0 0 C l ien . 12 0 . . 12 0 . . 12 0 . . 12 0 . t 0 1 8 0 . 0 0 0 . 0 8 0 . 0 12 0 . 8
3 8 40 0 0
768 0 0 0
c on f orm-ac tion
R ate L imitin g . 0 . 7 10 . 12 0 . 12 0 . 0 0 . 0 . 7. 2 55 . 7. 2 55 10 . 12 0 . 12 0 . 8 0 . 0 . 0 . 7 . 0 . 7 an y 0 . 0 . 0 . 7
8 0 % OC C 80 179 368
Q oS Cl a sses
Th e Q oS Cl asses w il l use th e standard DS CP m ark ing s. traf f ic , an ac c ess-l ist is used to c l assif y th e traf f ic .
C E C las s M ap C on f igu ration
c l ass-map matc h -al l V oic eP ayl oad matc h dsc p ef c l ass-map matc h -al l S h ared matc h dsc p def aul t c l ass-map matc h -al l M gmt matc h ac c ess-group n ame M gmt c l ass-map matc h -al l V ideo matc h dsc p af 41 c l ass-map matc h -al l D edic ated matc h dsc p af 2 2 c l ass-map matc h -al l R outin g matc h dsc p c s6 c l ass-map matc h -al l V oic eS ign al matc h dsc p c s3 c l ass-map matc h -an y S h aredI n gress matc h ac c ess-group 12 0
J a n u a r y 1 8 , 2 0 0 8
p r in te d c o p y o f th is d o c u m e n t is c o n s id e r e d u n c o n tr o lle d .
R e g u s L A N /W A N
T r a n s p o r t D e s ig n
3 3
S e rv i c e C l a s s
of P h ones) * 84 k b ps
Total Dedic ated S erv ic e B andw idth S ol d 128 k b ps B ased on S h ared Q ueue B andw idth S iz ing Tab l e
S ite T y p e S m al l
V oic e B an d w id th R eq u irem en ts
8 0 % OC C
Medium Larg e
179 368
80
V o ic e S ig n a lin g B a n d w id th 21 k b ps 47 k b ps 97 k b ps
J a n u a r y 1 8 , 2 0 0 8
p r in te d c o p y o f th is d o c u m e n t is c o n s id e r e d u n c o n tr o lle d .
R e g u s L A N /W A N
T r a n s p o r t D e s ig n
3 4
pol ic y-map S h apeE gress c l ass V oic eP ayl oad priority 8 set dsc p ef c l ass V oic eS ign al ban dw idth 8 set dsc p c s6 c l ass V ideo set dsc p ef priority 8 c l ass D edic ated ban dw idth 179 2 ran dom-detec t c l ass R outin g ban dw idth 3 2 c l ass M gmt ban dw idth 12 8 ran dom-detec t set dsc p af 2 1 c l ass c l ass-def aul t ban dw idth 153 6 ran dom-detec t sh ape peak 153 60 0 0 serv ic e-pol ic y F airQ ueue ! in terf ac e S erial 0 / 0 serv ic e-pol ic y output S h apeE n gress ! in terf ac e GigabitE th ern et0 / 1 serv ic e-pol ic y output S h apeI n gress
S e rv i c e
Site E x am p le
B a n d w id th (k b p s ) 6 17 6 32
2255
128 47
2048
R e g u s L A N /W A N
p r in te d c o p y o f th is d o c u m e n t is c o n s id e r e d u n c o n tr o lle d .
T r a n s p o r t D e s ig n
3 5
D e d i c a t e d B a n d w i d t h Av a i l a b l e t o S e l l
T o ta l
6 17 6 - 45 9 4 = 16 5 8
45 18
Voice (EF)
Vid eo (A F4 1 )
Voice S ig n a l in g (C S 3 )
G O L D L EVEL 3
D ed ica t ed (A F2 2 ) R ou t in g (C S 6 ) M g m t (A F2 1 ) B R O N Z E L EVEL 3
C l a s s D ef a u l t (0 )
R e g u s L A N /W A N
T r a n s p o r t D e s ig n
3 6
Sw itc h Q oS C on f ig
ml s qos map dsc p-mutation D edic ated 0 to 2 0 ! ! in terf ac e F astE th ern et0 / 11 pow er in l in e c on sumption 770 0 sw itc h port ac c ess v l an 2 sw itc h port mode ac c ess sw itc h port v oic e v l an 2 0 0 n o l oggin g ev en t l in k -status srr-queue ban dw idth sh are 10 10 60 2 0 srr-queue ban dw idth sh ape 10 0 0 0 priority-queue out ml s qos trust dsc p ml s qos dsc p-mutation D edic ated
Switch Q oS Q u eu e T u ning
Th e def aul t sw itc h queue v al ues are rec onf ig ured to ac c om m odate DS CP v al ues f or v oic e, dedic ated and sh ared serv ic e.
Sw itc h Q u eu e T u n in g C on f ig
ml ml ml ml ml ml ml ml ml ml ml ml ml ml ml ml ml ml ml ml ml ml ml ml ml ml ml ml ml ml ml ml s s s s s s s s s s s s s s s s s s s s s s s s s s s s s s s s qos qos qos qos qos qos qos qos qos qos qos qos qos qos qos qos qos qos qos qos qos qos qos qos qos qos qos qos qos qos qos qos srr-queue srr-queue srr-queue srr-queue srr-queue srr-queue srr-queue srr-queue srr-queue srr-queue srr-queue srr-queue srr-queue srr-queue srr-queue srr-queue srr-queue srr-queue srr-queue srr-queue srr-queue srr-queue srr-queue srr-queue srr-queue srr-queue srr-queue srr-queue srr-queue srr-queue srr-queue srr-queue
in put ban dw idth 9 0 10 in put th resh ol d 1 8 16 in put th resh ol d 2 3 4 66 in put buf f ers 67 3 3 in put c os-map queue 1 th resh ol d 2 1 in put c os-map queue 1 th resh ol d 3 0 in put c os-map queue 2 th resh ol d 1 2 in put c os-map queue 2 th resh ol d 2 4 6 7 in put c os-map queue 2 th resh ol d 3 3 5 in put dsc p-map queue 1 th resh ol d 2 9 10 11 12 13 14 15 in put dsc p-map queue 1 th resh ol d 3 0 1 2 3 4 5 6 7 in put dsc p-map queue 1 th resh ol d 3 3 2 in put dsc p-map queue 2 th resh ol d 1 16 17 18 19 2 0 2 1 2 2 2 3 in put dsc p-map queue 2 th resh ol d 2 3 3 3 4 3 5 3 6 3 7 3 8 3 9 48 in put dsc p-map queue 2 th resh ol d 2 49 50 51 52 53 54 55 56 in put dsc p-map queue 2 th resh ol d 2 57 58 59 60 61 62 63 in put dsc p-map queue 2 th resh ol d 3 2 4 2 5 2 6 2 7 2 8 2 9 3 0 3 1 in put dsc p-map queue 2 th resh ol d 3 40 41 42 43 44 45 46 47 output c os-map queue 1 th resh ol d 3 5 output c os-map queue 2 th resh ol d 3 3 6 7 output c os-map queue 3 th resh ol d 3 2 4 output c os-map queue 4 th resh ol d 2 1 output c os-map queue 4 th resh ol d 3 0 output dsc p-map queue 1 th resh ol d 3 40 41 42 43 44 45 46 47 output dsc p-map queue 2 th resh ol d 3 2 4 2 5 2 6 2 7 2 8 2 9 3 0 3 1 output dsc p-map queue 2 th resh ol d 3 48 49 50 51 52 53 54 55 output dsc p-map queue 2 th resh ol d 3 56 57 58 59 60 61 62 63 output dsc p-map queue 3 th resh ol d 3 16 17 18 19 2 1 2 2 2 3 3 2 output dsc p-map queue 3 th resh ol d 3 3 3 3 4 3 5 3 6 3 7 3 8 3 9 output dsc p-map queue 4 th resh ol d 1 8 output dsc p-map queue 4 th resh ol d 2 9 10 11 12 13 14 15 output dsc p-map queue 4 th resh ol d 3 0 1 2 3 4 5 6 2 0
J a n u a r y 1 8 , 2 0 0 8
p r in te d c o p y o f th is d o c u m e n t is c o n s id e r e d u n c o n tr o lle d .
R e g u s L A N /W A N
T r a n s p o r t D e s ig n
3 7
ml ml ml ml ml ml ml ml ml ml
s s s s s s s s s s
qos qos qos qos qos qos qos qos qos qos
queue-set queue-set queue-set queue-set queue-set queue-set queue-set queue-set queue-set queue-set
output output output output output output output output output output
1 1 1 1
th resh ol th resh ol th resh ol th resh ol 2 th resh ol 2 th resh ol 2 th resh ol 2 th resh ol 1 buf f ers 2 buf f ers
13 8 40 0 18 149 2 3 5
72 42
Q u eu ing on th e I P Ph one
A Cisc o IP P h one h as an internal 3-port 10/ 100 sw itc h . O ne port, P 0, is an internal port used f or c onnec ting th e ac tual v oic e el ec tronic s in th e ph one. P ort P 1 is used to c onnec t a daisy c h ained P C and P ort P 2 is used to upl ink to th e w iring -c l oset Eth ernet sw itc h . Eac h port h as 4 queues w ith a sing l e th resh ol d (4Q 1T) c onf ig uration. O ne of th ese queues, Q ueue 0, is a h ig h priority queue f or al l B P DU and CoS = 5 traf f ic . Th ese queues are al l serv ic ed in a round-rob in f ash ion w ith a tim er used on th e h ig h priority queue. If th is tim er expires w h il e th e queue sc h edul er is serv ic ing th e oth er queues, th e sc h edul er w il l autom atic al l y m ov e b ac k to th e h ig h priority queue and em pty its b uf f er, ensuring v oic e qual ity.
F igu re 1
I P P h on e Q u eu in g Sc h em e
J a n u a r y 1 8 , 2 0 0 8
p r in te d c o p y o f th is d o c u m e n t is c o n s id e r e d u n c o n tr o lle d .
R e g u s L A N /W A N
T r a n s p o r t D e s ig n
3 8
S e rv i c e C l a s s
B a n d w id th C a lc u la tio n
I P C = 42 M b p s
of P h ones) * 84k b ps
V o i c e P a y l o a d = 49 M b p s V o i c e S i g = 2 .6 48 M b p s
TAP s + IP C + VM
128 k b ps 32 k b ps
F air Q ueue
J a n u a r y 1 8 , 2 0 0 8
p r in te d c o p y o f th is d o c u m e n t is c o n s id e r e d u n c o n tr o lle d .
R e g u s L A N /W A N
T r a n s p o r t D e s ig n
3 9
J a n u a r y 1 8 , 2 0 0 8
p r in te d c o p y o f th is d o c u m e n t is c o n s id e r e d u n c o n tr o lle d .
R e g u s L A N /W A N
T r a n s p o r t D e s ig n
40
c l ass R outin g ban dw idth 3 2 c l ass M gmt ban dw idth 12 8 ran dom-detec t set dsc p af 2 1 c l ass c l ass-def aul t ban dw idth < L ev el -3 M P L S Ac c ess B an dw idth > ran dom-detec t sh ape peak < L ev el -3 M P L S Ac c ess B an dw idth > serv ic e-pol ic y F airQ ueue ! in terf ac e S erial 0 / 0 serv ic e-pol ic y output S h apeE n gress
Su m m a ry of Q oS D esign
Q oS m ust b e def ined on al l interf ac es to ensure appl ic ation b andw idth , j itter, and del ay requirem ents are m et during tim es of c ong estion Distinc t S h ared and Dedic ated S erv ic e Cl asses Lev el -3 MP LS Q oS S w itc h Q oS Mapping
J a n u a r y 1 8 , 2 0 0 8
p r in te d c o p y o f th is d o c u m e n t is c o n s id e r e d u n c o n tr o lle d .
R e g u s L A N /W A N
T r a n s p o r t D e s ig n
41
rtr +
IDF num b er +
F l oor num b er +
S ite num b er +
Index
Layer 3 S w itc h
Layer 2 P ow ered S w itc h S ite num b er + F l oor num b er + psw + IDF num b er +
Index+ r
psw or nsw
IDF num b er +
F l oor num b er +
Layer 2 N on-P ow ered S w itc h S ite num b er + F l oor num b er + nsw + IDF num b er +
Exam pl e: 7704-7-1-psw 01
Index
Drain CE Router
J a n u a r y 1 8 , 2 0 0 8
Exam pl e: 7704-7-1-nsw 01
Index
p r in te d c o p y o f th is d o c u m e n t is c o n s id e r e d u n c o n tr o lle d .
R e g u s L A N /W A N
T r a n s p o r t D e s ig n
42
Index
Exam pl e: CIN -asa-01 Eac h f iel d, exc ept th e index, is separated b y a h yph en. S ite IDs are norm al iz ed to 4 dig its b y added a 7 to th e f ront of 3 dig it site IDs. Exam pl e: S ite 704 = 7704
P u b lic A d d r e s s S p a c e
O ptim al l y, sinc e th ere w il l b e Eig h t Reg ions, th e sim pl est c ase w oul d b e to b reak up th e / 18 into 8 / 21s and adv ertise a sing l e / 21 f or eac h reg ional drain. H ow ev er, th is is not tec h nic al l y f easib l e sinc e som e b l oc k s h av e al ready b een al l oc ated. B ut, it is possib l e to h av e 16 / 22s al l oc ated, ac h iev ing th e sam e net ef f ec t v ia an al l oc ation of a pair of / 22s per drain. We w il l th eref ore depl oy th is m odel . F or exam pl e, f or m edium sites, th ere w il l b e a / 27 al l oc ated f or th e site f or c ustom er pub l ic Address spac e. (Th is / 27 w il l b e tak en f rom one of th e tw o reg ional / 22 b l oc k s f or w h ic h th is site is a m em b er). F rom th is / 27, a / 29 w il l b e al l oc ated f or N AT Transl ation. Th e f irst / 32 f rom th e / 27 w il l b e used f or th e Router f or term inating VP N peering s f rom rem ote VP N users suc h as IN X , Centrinet, N etsurant, etc .
J a n u a r y 1 8 , 2 0 0 8
p r in te d c o p y o f th is d o c u m e n t is c o n s id e r e d u n c o n tr o lle d .
R e g u s L A N /W A N
T r a n s p o r t D e s ig n
43
Note
In th e Ac c ess Manag er m odel , a / 29 is l oc ated at th e Rem ote S ite f or Loc al N AT. In th e Central iz ed N AT m odel f or th e Interim Desig n th e sam e sc h em e w il l b e used. H ow ev er, th e / 29 f or th e N AT P ool w il l b e l oc ated at th e prim ary drain th at w il l b e perf orm ing N AT/ P AT Transl ation. Th is al l ow s f or c onsistenc y f or N AT pool al l oc ation al l ow ed f or m ix/ m atc h N AT Tec h niques if nec essary ev en w ith in a Reg ion. In essenc e, th e onl y th ing th at c h ang es is th e l oc ation of th e N AT P ool . (Router v s. AS A F irew al l )
P r iv a te A d d r e s s S p a c e
F or a m edium S ite suc h as G l endal e, WI, th ere w il l b e a / 21 al l oc ated f rom 10.x.x.x address pool . Th is w il l b e assig ned b y Centrinet. th e P riv ate
F or th e H ead End Drain sites suc h as CIN or S F O , th ere w il l b e a / 24 al l oc ated out of th e 10.224.0.0/ 13 address spac e th at c urrent h ead ends in S ec auc us and Atl anta h av e som e al l oc ations al ready f rom . In th e CIN site, th is w il l b e used f or Cal l Manag er, U nity inf rastruc ture, serv ers, etc and w il l b e tak en f rom th e 10.224.16.0/ 24 address spac e. Cal l Manag er, U nity and Manag em ent at CIN w il l eac h b e al l oc ated a / 27. Th ere is a spec ial c ase w h ere th e RF C 1918 172.16.0.0 - 172.31.255.255 (172.16/ 12 pref ix) spac e is used f or Manag em ent VLAN s, Reg us S taf f and Router IDs. B ased on c onv ersations w ith Reg us and Centrinet, w e h av e dec ided to use th e f ol l ow ing spac e f or th is f unc tional ity: 172.20.0.0/ 12 th roug h 172.23.0.0/ 12 f or N ew Interim Desig n S ites 172.28.0.0/ 12 th roug h 172.31.0.0/ 12 f or IB M S ites (Al ready al l oc ated) Centrinet is responsib l e f or th e upk eep and prov isioning of address spac e. Th is tab l e w as prov ided to Cisc o f rom Centrinet in J anuary, 2008 and w il l b e used f or th e b asis f or al l IP Addressing . Drain 1 w il l b e al so k now n as th e Cinc innati Center. (CIN ), drain 2 w il l b e al so k now n as th e S an F ranc isc o P O P (S F O ), and so on. Th is is desc rib ed in th e tab l e b el ow .
Drain N am e C in c in n a t i Sa n F r a n N Y C D a lla s At l a n t a D C L A Se a t t l e
R e g u s L A N /W A N T r a n s p o r t D e s ig n
1 2 3 4 5 6 7 8
J a n u a r y 1 8 , 2 0 0 8
44
p r in te d c o p y o f th is d o c u m e n t is c o n s id e r e d u n c o n tr o lle d .
Eac h drain is al l oc ated a priv ate b l oc k of addresses f or inf rastruc ture, c al l m anag ers, serv ers, etc . Th is m apping is desc rib ed h ere:
Drain N u m b e r Drain N am e C in c in n a t i Sa n F r a n N Y C D a lla s At l a n t a D C L A Se a t t l e Drain s e rv ic e b l o c k s / 24 p e r d rain 10 . 224. 16. 0 / 24 10 . 224. 17. 0 / 24 10 . 224. 18. 0 / 24 10 . 224. 19 . 0 / 24 10 . 224. 20 . 0 / 24 10 . 224. 21. 0 / 24 10 . 224. 22. 0 / 24 10 . 224. 23. 0 / 24
1 2 3 4 5 6 7 8
J a n u a r y 1 8 , 2 0 0 8
p r in te d c o p y o f th is d o c u m e n t is c o n s id e r e d u n c o n tr o lle d .
R e g u s L A N /W A N
T r a n s p o r t D e s ig n
45
C l ie nt P riv at e I P al l o c at io ns Drains 1 2 3 1 2 4
5 3 1 6 2 7 4 8
c k s . 0 / 14 . 0 / 14 . 0 / 14 . 0 / 14 . 0 / 14 . 0 / 14 . 0 / 14 . 0 / 14
5 3 1 6 2 7 4 8
T h is o n e n e e d s to b e u p d a te d b y C e n tr in e t
Th e f ol l ow ing Desig n Rul es are used f or IP Addressing and w il l c ontinue to b e used g oing f orw ard. P E a n d C E R o u t e r W AN I n t e rf a c e s Wil l b e tak en f rom C E R o u t e r L AN I n t e rf a c e Wil l b e / 30s Assig ned b y Centri.N et th e 10/ 8 address spac e
Assig ned and doc um ented b y Im pl em entation Team Th ird usab l e address f rom x.x.x.5 / 30 )
L 3 S w i t c h L AN R o u t e d I n t e rf a c e
J a n u a r y 1 8 , 2 0 0 8
p r in te d c o p y o f th is d o c u m e n t is c o n s id e r e d u n c o n tr o lle d .
R e g u s L A N /W A N
T r a n s p o r t D e s ig n
46
Mem b er of a / 30 sub net w ith CE LAN Interf ac e th e 172 rang e assig ned to th e site
/ 32 Mask
D om a in Na m e Service (D NS)
Th e dom ain nam e f or Reg us netw ork ing equipm ent is ac c essreg us.c om . It is m anag ed and m aintained b y Lev el -3. Th e DN S N am e w il l b e c onf ig ured on al l routers as th e f ol l ow ing . Lev el -3 DN S serv ers < IP Address O ne>
Sy sl og Servers
Log g ing of S Y S LO G m essag es is a rec om m ended prac tic e and is essential f rom a m anag em ent perspec tiv e. S ysl og Messag es w il l b e b uf f ered on al l routers initial l y. Log g ing serv er IP addresses w il l b e added w h en Day 2 starts m anag ing th e netw ork .
CE Routers sync of f prim ary and sec ondary Drain P E Loopb ac k 0 Interf ac es
J a n u a r y 1 8 , 2 0 0 8
p r in te d c o p y o f th is d o c u m e n t is c o n s id e r e d u n c o n tr o lle d .
R e g u s L A N /W A N
T r a n s p o r t D e s ig n
47
NT P C on f igu ration
n tp update-c al en dar n tp serv er 10 . 2 2 4. 0 . 1
Th e S S H serv er f eature enab l es a S S H c l ient to m ak e a sec ure, enc rypted c onnec tion to a Cisc o router. Th is c onnec tion prov ides f unc tional ity th at is sim il ar to an inb ound Tel net c onnec tion. Th e S S H serv er in Cisc o IO S sof tw are w il l w ork w ith pub l ic l y and c om m erc ial l y av ail ab l e S S H c l ients. Reg us w il l util iz e S S H as th e rem ote ac c ess protoc ol . SSH requires an IPsec image
SSH C on f ig
!--- Gen erate an R S A k ey pair f or your router, S S H c rypto k ey gen erate rsa !--- C on f igure S S H ! ip ssh time-out 60 ip ssh auth en tic ation -retries 3 !--- P r e v e n t n o n -S S H l in e v ty 0 4 tran sport in put ssh T e l n e t s . w h ic h automatic al l y en abl es
O u t of B a nd M a na gem ent
Th e standard depl oym ents w il l h av es m odem s attac h ed to eac h O O B router in th e Data Center and P O P and th e CE Router at rem ote sites.
A A A Services
Loc al Auth entic ation w il l b e c onf ig ured onl y on al l routers and sw itc h es. AAA serv er w il l b e c onf ig ured at a l ater date. Th e f ol l ow ing usernam e and priv il eg e l ev el s w ere extrac ted f rom an IB M P h ase A c onf ig uration. A new l ist needs to b e def ined or updated as Day 2 support starts m anag ing th e netw ork . In al l c ases th e usernam e c om m and sh oul d im pl em ent at sec ret passw ord w h ic h c annot b e dec rypted as passw ord 7.
J a n u a r y 1 8 , 2 0 0 8
p r in te d c o p y o f th is d o c u m e n t is c o n s id e r e d u n c o n tr o lle d .
R e g u s L A N /W A N
T r a n s p o r t D e s ig n
48
U s ern am e C on f ig
usern usern usern usern usern usern usern usern usern usern ame ame ame ame ame ame ame ame ame ame
bv sm priv il ege 15 sec ret 5 n etsuran t priv il ege 15 sec ret 5 an il . v ettl e priv il ege 15 sec ret 5 mik e. tow er priv il ege 15 sec ret 5 bryan . darn el l priv il ege 15 sec ret 5 w il f red. dsouz a priv il ege 15 sec ret 5 saurabh . k h are priv il ege 15 sec ret 5 amit. sh arma priv il ege 15 sec ret 5 en gin eer priv il ege 15 sec ret 5 in x priv il ege 1 sec ret 5
CD P Services
Cisc o Disc ov ery P rotoc ol (CDP ) is used f or som e netw ork m anag em ent f unc tions, b ut is dang erous in th at it al l ow s any system on a direc tl y c onnec ted seg m ent to l earn th at th e router is a Cisc o dev ic e, and to determ ine th e m odel num b er and th e Cisc o IO S sof tw are v ersion b eing run. Th is inf orm ation m ay in turn b e used to desig n attac k s ag ainst th e router. CDP inf orm ation is ac c essib l e onl y to direc tl y c onnec ted system s. Th e CDP protoc ol m ay b e disab l ed g l ob al l y or on a partic ul ar interf ac e.
Note
J a n u a r y 1 8 , 2 0 0 8
p r in te d c o p y o f th is d o c u m e n t is c o n s id e r e d u n c o n tr o lle d .
R e g u s L A N /W A N
T r a n s p o r t D e s ig n
49
Site D esig n s
Sit e R o u t er D esig n
Eac h S ite Router w il l h av e a 3845 Router th at attac h es to th e Lev el 3 MP LS Core b y eith er:
M u l til ink P P P (Nx T 1)
Nx T 1 &
DS3 Connectivity
J a n u a r y 1 8 , 2 0 0 8
p r in te d c o p y o f th is d o c u m e n t is c o n s id e r e d u n c o n tr o lle d .
R e g u s L A N /W A N
T r a n s p o r t D e s ig n
50
W A N Connectivity
Th is sec tion disc usses th e WAN c onnec tiv ity to th e Core f or b oth N xT1 and DS 3 and h ig h l ig h ts th e c onf ig uration sam pl es f or c onnec tiv ity. It al so sh ow s th e Mul til ink P P P c onf ig uration th at w il l b e depl oyed f or N xT1 sites. Lev el -3 h as an additional P E h andof f th at m ay b e depl oyed w h ere nxT1 and DS 3 sites c onnec t v ia Eth ernet.
T 1 C on troller C on f igu ration
c on trol l er T 1 0 f ramin g esf l in ec ode b8 z s c h an n el -group ! c on trol l er T 1 0 f ramin g esf l in ec ode b8 z s c h an n el -group ! c on trol l er T 1 0 f ramin g esf l in ec ode b8 z s c h an n el -group ! c on trol l er T 1 0 f ramin g esf l in ec ode b8 z s c h an n el -group / 2 / 0
timesl ots 1-2 4 / 2 / 1 0 timesl ots 1-2 4 / 3 / 0 0 timesl ots 1-2 4 / 3 / 1 0 timesl ots 1-2 4
J a n u a r y 1 8 , 2 0 0 8
p r in te d c o p y o f th is d o c u m e n t is c o n s id e r e d u n c o n tr o lle d .
R e g u s L A N /W A N
T r a n s p o r t D e s ig n
51
in terf ac e S erial 0 / 3 / 0 :0 n o ip address en c apsul ation ppp ppp mul til in k ppp mul til in k group 1 ! in terf ac e S erial 0 / 3 / 1:0 n o ip address en c apsul ation ppp ppp mul til in k ppp mul til in k group 1
E I G RP Process
E I GR P C on f igu ration
R outer eigrp 14676 passiv e-in terf ac e def n o passiv e-in terf ac e n etw ork 10 . 2 . 1. 1 0 . 0 . n etw ork 10 . 12 2 . 2 0 8 . 0 auto-summary eigrp router-id 10 . 2 3 ! aul t GigabitE th ern et0 / 1 0 . 0 0 . 0 . 0 . 2 55 1. 3 2 . 2 0 6
E I G RP I nterf a ce Connectivity
E I GR P I n terf ac e C on f igu ration
! in terf ac e GigabitE th ern et0 / 1 ip address 10 . 12 2 . 2 0 8 . 5 2 55. 2 55. 2 55. 2 52 ip summary-address eigrp 14676 0 . 0 . 0 . 0 0 . 0 . 0 . 0 dupl ex auto speed auto media-type rj 45 !
2 54
1. 3 2 . 2 0 6 an ges 0 mask 2 55. 2 55. 2 48 . 0 0 mask 2 55. 2 55. 2 48 . 0 0 mask 2 55. 2 55. 2 55. 0 2 0 5 remote-as 650 0 0
route-map set_ regus_ c ommun ity route-map set_ publ ic _ c ommun ity
J a n u a r y 1 8 , 2 0 0 8
p r in te d c o p y o f th is d o c u m e n t is c o n s id e r e d u n c o n tr o lle d .
R e g u s L A N /W A N
T r a n s p o r t D e s ig n
52
n eigh bor 10 . 2 3 1. 3 2 . 2 0 5 passw ord 7 10 5C 0 C 1E 10 0 4 n eigh bor 10 . 2 3 1. 3 2 . 2 0 5 sen d-c ommun ity n eigh bor 10 . 2 3 1. 3 2 . 2 0 5 distribute-l ist 50 in n eigh bor 10 . 2 3 1. 3 2 . 2 0 5 maximum-pref ix 1 n o auto-summary ip route 10 . 12 2 . 2 0 8 . 0 2 55. 2 55. 2 48 . 0 N ul l 0 2 54 ! ip bgp-c ommun ity n ew -f ormat ! ! ac c ess-l ist 10 permit 10 . 0 . 0 . 0 0 . 2 55. 2 55. 2 55 l og ac c ess-l ist 50 remark D istribute l ist f or E I GR P an d B GP ac c ess-l ist 50 permit 0 . 0 . 0 . 0 ac c ess-l ist 66 permit 66. 2 0 2 . 0 . 0 0 . 0 . 2 55. 2 55 ! ! route-map set_ publ ic _ c ommun ity permit 10 matc h ip address 66 set c ommun ity 66:1 67:3 14676:9 77 ! route-map set_ regus_ c ommun ity permit 10 matc h ip address 10 set c ommun ity 14676:9 77 !
D F AU L T -O N L Y
map
IO SF W
IO S F W w il l b e depl oyed on th e CE router at eac h rem ote site. S tandard inspec tion rul es w il l b e initial l y appl ied. Day 2 support w il l h andl e c ustom c h ang es f or spec if ic c l ients. Th e inspec tion rul es are appl ied inb ound on th e F ast Eth ernet c onnec tion to th e H ub Layer-3 S w itc h .
I nsp ection Ru l es
I n s p ec tion R u les C on f ig
ip ip ip ip ip ip ip ip ip ip ip ip ip ip ip ip ip ip ip in in in in in in in in in in in in in in in in in in in spec spec spec spec spec spec spec spec spec spec spec spec spec spec spec spec spec spec spec t t t t t t t t t t t t t t t t t t t n ame n ame n ame n ame n ame n ame n ame n ame n ame n ame n ame n ame n ame n ame n ame n ame n ame n ame n ame R egusI R egusI R egusI R egusI R egusI R egusI R egusI R egusI R egusI R egusI R egusI R egusI R egusI R egusI R egusI R egusI R egusI R egusI R egusI n spec n spec n spec n spec n spec n spec n spec n spec n spec n spec n spec n spec n spec n spec n spec n spec n spec n spec n spec t t t t t t t t t t t t t t t t t t t c useeme dn s f tp h 3 2 3 ic mp imap pop3 n etsh ow rc md real audio rtsp esmtp sql n et streamw ork s tf tp tc p udp v dol iv e sip
J a n u a r y 1 8 , 2 0 0 8
p r in te d c o p y o f th is d o c u m e n t is c o n s id e r e d u n c o n tr o lle d .
R e g u s L A N /W A N
T r a n s p o r t D e s ig n
53
ip in spec t ip in spec t ip in spec t ip in spec t ip in spec t ip in spec t ip in spec t ip in spec t ip in spec t ip in spec t ip in spec t ip in spec t ip in spec t ip in spec t ip in spec t ip in spec t ip in spec t ip in spec t ip in spec t ip in spec t ip in spec t ip in spec t ip in spec t ip in spec t ip in spec t ip in spec t ip in spec t ip in spec t ip in spec t ip in spec t ip in spec t ip in spec t ip in spec t ip in spec t ip in spec t ip in spec t ip in spec t ip in spec t ip in spec t ip in spec t ip in spec t ip in spec t ip in spec t ip in spec t ip in spec t ip in spec t ip in spec t ip in spec t ip in spec t ip in spec t ip in spec t ip in spec t ip in spec t ip in spec t ip in spec t ip in spec t ip in spec t ip in spec t ip in spec t ip in spec t ip in spec t ip in spec t ip in spec t ip in spec t ip in spec t ! in terf ac e F ip in spec t J a n u a r y 1 8 , 2 0 0 8
n ame n ame n ame n ame n ame n ame n ame n ame n ame n ame n ame n ame n ame n ame n ame n ame n ame n ame n ame n ame n ame n ame n ame n ame n ame n ame n ame n ame n ame n ame n ame n ame n ame n ame n ame n ame n ame n ame n ame n ame n ame n ame n ame n ame n ame n ame n ame n ame n ame n ame n ame n ame n ame n ame n ame n ame n ame n ame n ame n ame n ame n ame n ame n ame n ame
R egusI R egusI R egusI R egusI R egusI R egusI R egusI R egusI R egusI R egusI R egusI R egusI R egusI R egusI R egusI R egusI R egusI R egusI R egusI R egusI R egusI R egusI R egusI R egusI R egusI R egusI R egusI R egusI R egusI R egusI R egusI R egusI R egusI R egusI R egusI R egusI R egusI R egusI R egusI R egusI R egusI R egusI R egusI R egusI R egusI R egusI R egusI R egusI R egusI R egusI R egusI R egusI R egusI R egusI R egusI R egusI R egusI R egusI R egusI R egusI R egusI R egusI R egusI R egusI R egusI
n spec n spec n spec n spec n spec n spec n spec n spec n spec n spec n spec n spec n spec n spec n spec n spec n spec n spec n spec n spec n spec n spec n spec n spec n spec n spec n spec n spec n spec n spec n spec n spec n spec n spec n spec n spec n spec n spec n spec n spec n spec n spec n spec n spec n spec n spec n spec n spec n spec n spec n spec n spec n spec n spec n spec n spec n spec n spec n spec n spec n spec n spec n spec n spec n spec
t t t t t t t t t t t t t t t t t t t t t t t t t t t t t t t t t t t t t t t t t t t t t t t t t t t t t t t t t t t t t t t t t
c itrix c itriximac l ien t ddn s-v 3 ec h o f ragmen t maximum 2 56 timeout 1 f tps h 3 2 3 c al l sigal t h 3 2 3 gatestat h srp ic a ic abrow ser iden t imap3 imaps ipsec -msf t isak mp k erberos l 2 tp l dap l dap-admin l daps l ogin mic rosof t-ds ms-c l uster-n et ms-dotn etster ms-sn a ms-sql msexc h -routin g mysql n 2 h 2 serv er n etbios-dgm n etbios-n s n etbios-ssn n etstat n f s n tp pc an yw h eredata pc an yw h erestat pop3 s qmtp r-w in soc k radius sen d sip-tl s sn mp ssh sn mptrap soc k s sql serv sql srv ssh el l stun sysl og sysl og-c on n tac ac s tac ac s-ds tel n et tel n ets time timed w h o w in s h ttp h ttps sk in n y al ert of f audit-trail of f
timeout 40 0 0
54
p r in te d c o p y o f th is d o c u m e n t is c o n s id e r e d u n c o n tr o lle d .
I nb ou nd A CL
Th e inb ound ACLs h eav il y rel y on th e standard addressing sc h em e depl oyed in th e netw ork . If IP Address spac e is not al l oc ated f rom th e standard b l oc k s suc h as th e S taf f VLAN (172.x.x.x.) th en th is ACL w il l h av e to b e m odif ied.
I n bou n d AC L C on f ig
in terf ac e S erial ip ac c ess-group ! ac c ess-l ist 13 0 ac c ess-l ist 13 0 ac c ess-l ist 13 0 ac c ess-l ist 13 0 ac c ess-l ist 13 0 ac c ess-l ist 13 0 ac c ess-l ist 13 0 ac c ess-l ist 13 0 ac c ess-l ist 13 0 ac c ess-l ist 13 0 ac c ess-l ist 13 0 ac c ess-l ist 13 0 ac c ess-l ist 13 0 ac c ess-l ist 13 0 ac c ess-l ist 13 0 ac c ess-l ist 13 0 ac c ess-l ist 13 0 0 / 0 13 0 in remark permit permit permit permit remark permit permit remark permit permit permit remark permit permit remark permit I n boun d AC L on T 3 S erial I n terf ac e ip 10 . 2 54. 0 . 0 0 . 0 . 3 1. 2 55 an y ip 10 . 2 54. 118 . 0 0 . 0 . 0 . 2 55 an y ip 2 16. 73 . 12 8 . 12 8 0 . 0 . 0 . 12 7 an y ip 66. 2 0 2 . 12 8 . 0 0 . 0 . 63 . 2 55 an y S ite P ubl ic Address R an ge ip an y 66. 2 0 2 . 161. 3 2 0 . 0 . 0 . 3 1 ip an y 66. 2 0 2 . 163 . 3 2 0 . 0 . 0 . 3 1 E xtern al P riv ate to I n tern al 10 D ot addresses ip 10 . 0 . 0 . 0 0 . 2 55. 2 55. 2 55 10 . 118 . 160 . 0 0 . 0 . 7. 2 55 ip 172 . 16. 0 . 0 0 . 15. 2 55. 2 55 10 . 118 . 160 . 0 0 . 0 . 7. 2 55 ip 19 2 . 168 . 0 . 0 0 . 0 . 2 55. 2 55 10 . 118 . 160 . 0 0 . 0 . 7. 2 55 E xtern al P riv ate to I n tern al 172 D ot addresses ip 10 . 0 . 0 . 0 0 . 2 55. 2 55. 2 55 172 . 2 8 . 168 . 0 0 . 0 . 1. 2 55 ip 172 . 16. 0 . 0 0 . 15. 2 55. 2 55 172 . 2 8 . 168 . 0 0 . 0 . 1. 2 55 E xtern al R outer W an I n terf ac e S ubn et bgp 172 . 2 8 . 169 . 2 52 0 . 0 . 0 . 3 an y
Q u a l ity of Service
S ee th e m ain Q oS sec tion in th is doc um ent.
M u l tica st
Mul tic ast Routing is required to support Music O n H ol d stream ing f or IP Com m unic ator and IP P h ones at eac h Rem ote S ite. Eac h CE Router w il l sourc e th e Music O n H ol d stream l oc al l y f rom a f il e in f l ash , so Mul tic ast ac ross th e Lev el -3 MP LS WAN is not required.
M u ltic as t C on f ig
ip mul tic ast routin g
PI M
P rotoc ol Im pendent Mul tic ast (P IM) is enab l ed on an interf ac e b asis b y c onf ig uring ip pim sparse-dense-m ode. It is required on th e Loopb ac k 0 interf ac e of th e CE Router. Additional l y, P IM m ust b e c onf ig ured on th e l ink b etw een th e 3845 CE Router and H ub Layer 3 S w itc h (3560).
J a n u a r y 1 8 , 2 0 0 8 R e g u s L A N /W A N T r a n s p o r t D e s ig n
55
p r in te d c o p y o f th is d o c u m e n t is c o n s id e r e d u n c o n tr o lle d .
P IM
C on f ig
in terf ac e L oopbac k 0 ip address 172 . 2 8 . 2 51. 2 51 2 55. 2 55. 2 55. 2 55 ip pim sparse-den se-mode ! in terf ac e GigabitE th ern et0 / 0 desc ription L in k to 3 560 H ub S w itc h F astE th ern et 0 / 48 ip address 10 . 119 . 2 40 . 5 2 55. 2 55. 2 55. 2 52 ip pim sparse-den se-mode
M u sic O n H ol d
Th e m usic f il e (m usic -on-h ol d.au) is stored on th e CE Router (3845) f l ash and stream to th e VLAN topol og y w ith in th e site. Th e exac t c onf ig uration is spec if ied w ith in th e IP T LLD Doc um ent.
D H CP Services
DH CP S erv ic es w il l b e h andl ed b y th e Rem ote S ite CE Router. A DH CP P ool w il l b e c reated f or eac h VLAN requiring serv ic es. S tatic IP Addresses (routers, Reg us Cl ients, etc ) w il l b e exc l uded f rom th e VLAN s pool . Th e IP P h one TF TP serv ers are spec if ied w ith th e O ption 150 c om m and. In addition to th e Voic e VLAN (200), O ption 150 m ust b e av ail ab l e to oth er VLAN s w h ere IP Com m unic ator w oul d b e depl oyed. Additional l y, th e dh c p b inding s datab ase w il l b e stored on th e CE Routers f l ash . Lev el -3 DN S serv ers w il l b e prov ided on Data VLAN s Internal DN S serv ers w il l b e prov ided on th e Voic e VLAN
DH C P C on f ig
ip dh c p database f l ash :dh c p_ bin din gs ip dh c p exc l uded-address 10 . 119 . 2 40 . 9 ip dh c p pool V L AN 649 n etw ork 10 . 118 . 161. 176 2 55. 2 55. 2 55. 2 40 n etbios-n ode-type h -n ode def aul t-router 10 . 118 . 161. 177 option 150 ip 10 . 2 2 4. 0 . 8 10 . 2 2 4. 8 . 9 domain -n ame ac c essregus. c om dn s-serv er < L ev el -3 D N S 1> < L ev el -3 D N S 2 > l ease 0 12
J a n u a r y 1 8 , 2 0 0 8
p r in te d c o p y o f th is d o c u m e n t is c o n s id e r e d u n c o n tr o lle d .
R e g u s L A N /W A N
T r a n s p o r t D e s ig n
56
EIG RP Def aul t Route P rov ided to 3560 S w itc h (no EIG RP on P E to CE l ink )
Mul tic ast Music O n H ol d (onl y f or LAN , no Mul tic ast on P E to CE l ink )
J a n u a r y 1 8 , 2 0 0 8
p r in te d c o p y o f th is d o c u m e n t is c o n s id e r e d u n c o n tr o lle d .
R e g u s L A N /W A N
T r a n s p o r t D e s ig n
57
I nter-Switch T ru nks
Inter-S w itc h Trunk s w il l util iz e th e f our G ig ab it Eth ernet S F P s ports on th e H ub S w itc h . Th e enc apsul ation of th e trunk s is set to dot1q.
J a n u a r y 1 8 , 2 0 0 8
p r in te d c o p y o f th is d o c u m e n t is c o n s id e r e d u n c o n tr o lle d .
R e g u s L A N /W A N
T r a n s p o r t D e s ig n
58
I n ter-Sw itc h T ru n k C on f ig
in terf ac e GigabitE th ern et0 / 1 desc ription U pl in k to L ayer 2 S sw itc h port trun k en c apsul ation sw itc h port mode trun k srr-queue ban dw idth sh are 10 10 srr-queue ban dw idth sh ape 10 priority-queue out ml s qos trust dsc p ! in terf ac e GigabitE th ern et0 / 2 desc ription U pl in k to L ayer 2 S sw itc h port trun k en c apsul ation sw itc h port mode trun k srr-queue ban dw idth sh are 10 10 srr-queue ban dw idth sh ape 10 priority-queue out ml s qos trust dsc p
w itc h 1 dot1q 0 60 0 2 0 0
w itc h 2 dot1q 0 60 0 2 0 0
E I G RP Process
E I GR P C on f igu ration
R outer eigrp 14676 passiv e-in terf ac e def n o passiv e-in terf ac e n etw ork 10 . 2 . 1. 1 0 . 0 . n etw ork 10 . 12 2 . 2 0 8 . 0 auto-summary eigrp router-id 10 . 2 3 ! aul t F astE th ern et0 / 48 0 . 0 0 . 0 . 0 . 2 55 1. 3 2 . 2 0 6
V L A N D ef initions
Th e VLAN topol og y and num b ering is b ased th e f unc tion of a g iv en S ub net. Eac h Rem ote S ite w il l h av e th e f ol l ow ing VLAN def initions. Th e IP Address spac e al l oc ated b y Centrinet w il l b e sub div ided at eac h rem ote site. Th e f inal sub -div ision is h andl ed b y IN X w ith th e standard Reg us depl oym ent m odul e. S u b n e t F u n c tio n S taf f VLAN V L AN N u m b e r VLAN 2 VLAN 100
59
IP Address f rom
p r in te d c o p y o f th is d o c u m e n t is c o n s id e r e d u n c o n tr o lle d .
T r a n s p o r t D e s ig n
66.202.x.x B l oc k / 29
N o t e: W irel ess N o t p art o f t h is St ar SO W , b ut V L A N is d ef ined f o r f ut ure d ep l o y ment Eac h Cl ient w ith P ub l ic Address S pac e assig ned a separate VLAN starting w ith VLAN 400 IP Address f rom 66.202.x.x B l oc k
VLAN 400+
VLAN 600
Eac h Cl ient assig ned a separate VLAN starting w ith 601 IP Address f rom 10.x.x.x/ 29 (usual l y)
VLAN 601 +
Manag em ent
VLAN 1000
V L A N I nterf a ces
A S w itc h Virtual Interf ac e (S VI) is c onf ig ured f or eac h c orresponding VLAN on th e H U B S w itc h .
V L AN I n terf ac e C on f ig
in terf ac e V l desc ription ip address ! in terf ac e V l desc ription ip address an 2 R egus S taf f V L AN 172 . 2 8 . 168 . 1 2 55. 2 55. 2 55. 19 2 an 10 0 S h aredR esourc es 10 . 118 . 163 . 12 9 2 55. 2 55. 2 55. 2 2 4
F a st E th ernet Ports
Al l unused ports w il l b e c onf ig ured as ac c ess sw itc h ports on th e Touc h dow n VLAN (600) w ith VLAN 200 as th e Voic e VLAN . P orts w il l b e assig ned to th e appropriate VLAN s depending on th e Reg us Cl ient ac c ess. Interf ac e desc riptions w il l b e updated as c l ients are assig ned ports.
J a n u a r y 1 8 , 2 0 0 8 R e g u s L A N /W A N T r a n s p o r t D e s ig n
60
p r in te d c o p y o f th is d o c u m e n t is c o n s id e r e d u n c o n tr o lle d .
F as tE th ern et P ort C on f ig
in terf ac e F astE th ern et0 / 46 c on sumption 770 0 sw itc h port ac c ess v l an 60 0 sw itc h port mode ac c ess sw itc h port v oic e v l an 2 0 0 n o l oggin g ev en t l in k -status srr-queue ban dw idth sh are 10 10 60 2 0 srr-queue ban dw idth sh ape 10 0 0 0 priority-queue out ml s qos trust dsc p ml s qos dsc p-mutation S h ared n o sn mp trap l in k -status span n in g-tree portf ast ! in terf ac e F astE th ern et0 / 47 desc ription ( V oc e C ommun ic ation s - P riv ate / pow er in l in e c on sumption 770 0 sw itc h port ac c ess v l an 60 7 sw itc h port mode ac c ess sw itc h port v oic e v l an 2 0 0 n o l oggin g ev en t l in k -status srr-queue ban dw idth sh are 10 10 60 2 0 srr-queue ban dw idth sh ape 10 0 0 0 priority-queue out ml s qos trust dsc p ml s qos dsc p-mutation S h ared n o sn mp trap l in k -status span n in g-tree portf ast
V T P
Virtual Trunk ing P rotoc ol (VTP ) w as desig ned to propag ate a VLAN datab ase th roug h out a sw itc h ing topol og y. If a VLAN w as c reated th e c h ang e w oul d b e ref l ec ted on al l sw itc h es. U nf ortunatel y, th is f eature al so m ade it easy to ac c idental l y del ete an entire VLAN suc h as Voic e c ausing m aj or outag es. It rec om m ended running VTP in th e transparent m ode, w h ic h prev ents th e propag ation of VLAN inf orm ation.
V T P C on f ig
v tp domain ( R egus+ S ite I D ) v tp mode tran sparen t
M u l tica st
Mul tic ast Routing is required to support Music O n H ol d stream ing f or IP Com m unic ator and IP P h ones at eac h Rem ote S ite. O nl y th e Layer-3 H ub S w itc h requires m ul tic ast routing to b e enab l ed.
J a n u a r y 1 8 , 2 0 0 8
p r in te d c o p y o f th is d o c u m e n t is c o n s id e r e d u n c o n tr o lle d .
R e g u s L A N /W A N
T r a n s p o r t D e s ig n
61
M u ltic as t R ou tin g C on f ig
ip mul tic ast-routin g distributed
PI M
Stu b
P rotoc ol Independent Mul tic ast S parse Mode (P IM-S M) m ust b e c onf ig ured on th e l ink b etw een th e 3845 CE Router and H ub Layer-3 S w itc h (3560) to al l ow m ul tic ast f rom th e CE Router
P rior to 12.2(37)S E c ode, th e IP B ase im ag e did not support m ul tic ast routing and P IM. It required th e IP S erv ic e im ag e. P IM S tub Mul tic ast f eature now supports m ul tic ast routing b etw een th e distrib ution l ayer and ac c ess l ayer. It supports tw o types of P IM interf ac es: upl ink P IM interf ac es and P IM passiv e interf ac es. In partic ul ar, a routed interf ac e c onf ig ured w ith th e P IM P assiv e m ode does not pass/ f orw ard P IM c ontrol pl ane traf f ic ; it onl y passes/ f orw ards IG MP traf f ic . O nl y direc t-c onnec ted m ul tic ast (IG MP ) rec eiv ers and sourc es are al l ow ed in th e l ayer 2 ac c ess dom ains. Th e P IM protoc ol is not supported in ac c ess dom ains.
Th e i p p i m p a s s i v e m ust b e c onf ig ured on eac h interf ac e VLAN w h ic h requires Music O n H ol d. It is not required on th e Layer-2 S w itc h es. Th e P IM S tub f eature h as not b een depl oyed w ith in th e c urrent Reg us env ironm ent w h ic h poses a potential risk during depl oym ent.
P IM C on f ig
in terf ac e F astE th ern et0 / 48 desc ription L in k to 3 8 45 C E ip address 10 . 119 . 2 40 . 5 2 55. ip pim sparse-den se-mode ! in terf ac e V l an 2 desc ription S taf f V L AN ip address 172 . 16. 10 . 1 2 55. 2 ip pim passiv e ! I n terf ac e V l an 2 0 0 desc ription V oic e V L AN ip address 10 . 119 . 2 3 9 . 0 2 55. ip pim passiv e R outer GigabitE th ern et0 / 0 2 55. 2 55. 2 52
55. 2 55. 0
2 55. 2 55. 0
I G M P Snoop ing
Internet G roup Manag em ent P rotoc ol (IG MP ) is a standard def ined in RF C1112 f or IG MP v 1, in RF C2236 f or IG MP v 2 and in RF C3376 f or IG MP v 3. IG MP spec if ies h ow a h ost or IP P h one c an request to j oin a m ul tic ast g roup. IG MP snooping al l ow s th e sw itc h to rec og niz e a j oin and enab l e a requested m ul tic ast g roup on a port. In addition, to th e Voic e VLAN (200), IG MP snooping m ust b e c onf ig ured on VLAN w h ere IP Com m unic ator m ay b e used.
J a n u a r y 1 8 , 2 0 0 8
p r in te d c o p y o f th is d o c u m e n t is c o n s id e r e d u n c o n tr o lle d .
R e g u s L A N /W A N
T r a n s p o r t D e s ig n
62
I GM P Sn oop in g C on f ig
ip ip ip ip igmp igmp igmp igmp sn sn sn sn oopin oopin oopin oopin g g g g v l v l v l v l an an an an 2 0 0 648 642 643 immediate-l immediate-l immediate-l immediate-l eav eav eav eav e e e e
Switch SD M
T em p l a te
Th e S ec urity im pl em entation rel ies h eav y on Ac c ess Lists (ACLs). S w itc h resourc es m ust b e optim iz ed f or th e l arg e num b er of ACLS . Th e S w itc h Datab ase Manag em ent (S DM) tem pl ates al l ow tuning .
To al l oc ate ternary c ontent addressab l e m em ory (TCAM) resourc es f or dif f erent usag es, th e sw itc h S DM tem pl ates prioritiz e system resourc es to optim iz e support f or c ertain f eatures. Y ou c an sel ec t S DM tem pl ates f or IP Version 4 (IP v 4) to optim iz e th ese f eatures: VLAN sTh e VLAN tem pl ate disab l es routing and supports th e m axim um num b er of unic ast MAC addresses. It w oul d typic al l y b e sel ec ted f or a Layer 2 sw itc h . Ac c essTh e ac c ess tem pl ate m axim iz es system (ACLs) to ac c om m odate a l arg e num b er of ACLs. Def aul tTh e def aul t tem pl ate g iv es b al anc e to al l f unc tions. Routing Th e routing tem pl ate m axim iz es system resourc es f or unic ast routing , typic al l y required f or a router or ag g reg ator in th e c enter of a netw ork .
Sw itc h T em p late C on f ig
sdm pref er ac c ess
Note
Th is c om m and requires a rel oad of th e sw itc h to tak e af f ec t. Th e S DM tem pl ate in use c an b e v erif ied w ith th e s h o w s d m p re f e r c om m and.
J a n u a r y 1 8 , 2 0 0 8
63
p r in te d c o p y o f th is d o c u m e n t is c o n s id e r e d u n c o n tr o lle d .
k eep prov isioning sim pl er, m odul ar and site ag nostic , outb ound ACLs c om pl em ents inb ound ACL to ac h iev e th e sec urity requirem ents.
As w ith th e Q oS and B andw idth on Dem and, th e sec urity and c ustom er ac c ess tem pl ate are f rom th e IB M P h ase A m odel .
Sa m e a s Cl a ss A
Sa m e a s Cl a ss A
V P N Cl ient
Sa m e a s Cl a ss A ex cep ting Sa m e a s Cl a ss A
Sh a red
Sa m e a s Cl a ss A
SM T P I M AP P O P E Sa m e a s Cl a ss A
Sa m e a s Cl a ss A ex cep ting
Dedica ted
Dedica ted
Al l p orts op en ou tb ou nd with th e f ol l owing ex cep tion - P ort/ Service p resenting a h igh secu rity risk
H T T P /H T T P S
R ou ta b l e (or p u b l ic)
Dedica ted
64
p r in te d c o p y o f th is d o c u m e n t is c o n s id e r e d u n c o n tr o lle d .
Ap p l ied
to
V LAN
D ir ectio n
in
C ustomerI n C ustomerI n S taf f I n C ustomerI n P ub P ubN oI n bS v c O ut R ouN oI n bS v c O ut C ustomerI n V P N P ubI n bD O ut R outin bD O ut C ustom C ustom R estric tI P S c ope
S taf f ( 2 ) S h ared P riv ate ( 10 0 ) S h ared P ubl ic ( 10 1) V oic e ( 2 0 0 ) W irel ess ( 3 0 0 ) T ouc h dow n ( 60 0 ) P ubl ic I P ( 60 1) M an agemen t ( 10 0 0 ) P ubl ic C ustomer ( 40 0 + ) P ubl ic C ustomer ( 40 0 + ) P riv ate C ustomer ( 60 1+ ) P riv ate C ustomer ( 60 1+ ) P ubl ic C ustomer ( 40 0 + ) P riv ate C ustomer ( 60 1+ ) P ubl ic C ustomer ( 40 0 + ) P riv ate C ustomer ( 60 0 + ) U pl in k G0 / 48 ( 3 560 )
C l ass B C l ass D C l ass D S ite to S ite S ite to S ite S c ope restric tion
J a n u a r y 1 8 , 2 0 0 8
p r in te d c o p y o f th is d o c u m e n t is c o n s id e r e d u n c o n tr o lle d .
R e g u s L A N /W A N
T r a n s p o r t D e s ig n
65
ip ac c ess-l ist exten ded C ustomerI n P ub permit udp an y an y eq bootpc permit udp an y an y eq bootps permit tc p an y an y eq 9 10 0 permit tc p an y an y eq l pd permit ip an y 10 . 2 2 4. 0 . 0 0 . 0 . 15. 2 55 permit tc p an y an y eq 2 0 0 0 permit tc p an y an y eq 8 40 4 permit tc p an y an y eq 2 748 den y udp an y 10 . 0 . 0 . 0 0 . 2 55. 2 55. 2 55 gt 3 2 permit udp an y an y gt 163 8 4 permit tc p an y an y establ ish ed permit tc p an y an y ran ge 3 2 3 0 3 2 3 7 permit udp an y an y ran ge 3 2 3 0 3 2 53 permit udp an y an y eq sysl og permit ic mp an y 172 . 16. 0 . 0 0 . 15. 2 55. 2 55 ec h permit ic mp an y an y ec h o den y ip an y 10 . 0 . 0 . 0 0 . 2 55. 2 55. 2 55 permit ip an y an y ip ac c ess-l ist exten ded C ustomerI n V P N permit udp an y an y eq bootpc permit udp an y an y eq bootps permit tc p an y an y eq 9 10 0 permit tc p an y an y eq l pd permit ip an y 10 . 2 2 4. 0 . 0 0 . 0 . 15. 2 55 permit tc p an y an y eq 2 0 0 0 permit tc p an y an y eq 8 40 4 permit tc p an y an y eq 2 748 den y udp an y 10 . 0 . 0 . 0 0 . 2 55. 2 55. 2 55 gt 3 2 permit udp an y an y gt 163 8 4 permit tc p an y an y ran ge 3 2 3 0 3 2 3 7 permit udp an y an y ran ge 3 2 3 0 3 2 53 permit udp an y an y eq sysl og permit ic mp an y 172 . 16. 0 . 0 0 . 15. 2 55. 2 55 ec h den y ip an y 172 . 16. 0 . 0 0 . 15. 2 55. 2 55 permit ic mp an y an y ec h o den y ip an y 10 . 0 . 0 . 0 0 . 2 55. 2 55. 2 55 permit ip an y an y ip ac c ess-l ist exten ded P ubI n bD O ut permit ip 10 . 0 . 0 . 0 0 . 2 55. 2 55. 2 55 66. 2 0 2 . 12 8 permit ip 172 . 16. 0 . 0 0 . 15. 2 55. 2 55 66. 2 0 2 . 12 permit tc p an y an y eq w w w permit tc p an y an y eq 443 permit tc p an y an y eq 9 9 5 permit tc p an y an y eq pop3 permit tc p an y an y eq 465 permit tc p an y an y eq smtp permit tc p an y an y eq 143 permit tc p an y an y eq 9 9 3 permit tc p an y an y eq f tp permit tc p an y an y eq f tp-data permit tc p an y an y gt 1 establ ish ed permit esp an y an y permit udp an y an y permit gre an y an y permit ic mp an y an y den y ip an y an y ip ac c ess-l ist exten ded P ubI n bE O ut permit ip an y an y ip ac c ess-l ist exten ded P ubN oI n bS v c O ut permit tc p an y an y gt 1 establ ish ed permit ip 10 . 0 . 0 . 0 0 . 2 55. 2 55. 2 55 66. 2 0 2 . 12 8 permit ip 172 . 16. 0 . 0 0 . 15. 2 55. 2 55 66. 2 0 2 . 12 permit esp an y an y permit udp an y an y permit gre an y an y permit ic mp an y an y den y ip an y an y J a n u a r y 1 8 , 2 0 0 8
768
o-repl y
768
o-repl y
. 0
8 . 0
0 . 0 . 63 . 2 55 0 . 0 . 63 . 2 55
. 0 0 . 0 . 63 . 2 55 8 . 0 0 . 0 . 63 . 2 55
p r in te d c o p y o f th is d o c u m e n t is c o n s id e r e d u n c o n tr o lle d .
R e g u s L A N /W A N
T r a n s p o r t D e s ig n
66
ip ac c ess-l ist exten ded R estric tI P S c ope permit ip an y an y ip ac c ess-l ist exten ded R ouI n bD O ut permit ip 66. 2 0 2 . 12 8 . 0 0 . 0 . 63 . 2 55 10 . 0 . 0 . 0 0 . 2 55. 2 55. 2 55 permit tc p an y an y eq w w w permit tc p an y an y eq 443 permit tc p an y an y eq 9 9 5 permit tc p an y an y eq pop3 permit tc p an y an y eq 465 permit tc p an y an y eq smtp permit tc p an y an y eq 143 permit tc p an y an y eq 9 9 3 permit tc p an y an y eq f tp permit tc p an y an y eq f tp-data permit tc p an y an y gt 1 establ ish ed permit tc p 10 . 0 . 0 . 0 0 . 2 55. 2 55. 2 55 an y permit esp an y an y permit udp an y an y permit gre an y an y permit ic mp an y an y den y ip an y an y ip ac c ess-l ist exten ded R ouI n bE O ut permit ip an y an y ip ac c ess-l ist exten ded R ouN oI n bS v c O ut permit ip 66. 2 0 2 . 12 8 . 0 0 . 0 . 63 . 2 55 10 . 0 . 0 . 0 0 . 2 55. 2 55. 2 55 permit tc p an y an y gt 1 establ ish ed permit tc p 10 . 0 . 0 . 0 0 . 2 55. 2 55. 2 55 an y permit esp an y an y permit udp an y an y permit gre an y an y permit ic mp an y an y den y ip an y an y ip ac c ess-l ist exten ded S taf f I n permit udp an y an y eq bootpc permit udp an y an y eq bootps permit tc p an y an y eq 9 10 0 permit tc p an y an y eq l pd permit tc p an y an y eq w w w permit ip an y 172 . 16. 0 . 0 0 . 15. 2 55. 2 55 permit ip an y 10 . 2 54. 118 . 0 0 . 0 . 0 . 2 55 permit ip an y 2 16. 73 . 12 8 . 12 8 0 . 0 . 0 . 12 7 permit ip an y 10 . 2 54. 0 . 0 0 . 0 . 3 1. 2 55 permit ic mp an y an y permit tc p an y an y ran ge 3 2 3 0 3 2 3 7 permit udp an y an y ran ge 3 2 3 0 3 2 53 permit ip an y 10 . 2 2 4. 0 . 0 0 . 0 . 15. 2 55 permit ip an y 10 . 2 3 9 . 2 48 . 0 0 . 0 . 1. 2 55 permit tc p an y an y eq 2 0 0 0 permit tc p an y an y eq 8 40 4 permit tc p an y an y eq 2 748 den y udp an y 10 . 0 . 0 . 0 0 . 2 55. 2 55. 2 55 gt 3 2 768 permit udp an y an y gt 163 8 4 permit udp an y an y eq sysl og den y ip an y 172 . 16. 0 . 0 0 . 15. 2 55. 2 55 permit ip an y an y
Sp a nning T ree
MS Ts or Mul tipl e S panning Trees (IEEE 802.1s) c om b ine th e b est aspec ts f rom b oth th e P VS T+ and th e 802.1q. Th e idea is th at sev eral VLAN s c an b e m apped to a reduc ed num b er of spanning tree instanc es b ec ause m ost netw ork s do not need m ore th an a f ew l og ic al topol og ies. MS T spanning tree is sel ec ted ov er P VS T b ec ause it reduc es th e
J a n u a r y 1 8 , 2 0 0 8 R e g u s L A N /W A N T r a n s p o r t D e s ig n
67
p r in te d c o p y o f th is d o c u m e n t is c o n s id e r e d u n c o n tr o lle d .
P ortf ast w il l b e th e standard c onf ig uration f or al l end user ac c ess ports. It suspends th e l istening and l earning ph ases of S TP w h ic h c an af f ec t DH CP requests f rom h osts.
H u b Sw itc h ST P C on f ig
! span n in g-tree mode mst span n in g-tree exten d system-id span n in g-tree mst 0 priority 0 ! in terf ac e F astE th ern et0 / 2 1 span n in g-tree portf ast
ov erh ead CP U b y sending a sing l e B P DU out f or al l VLAN s ac ross trunk s Th e H ub Layer 3 sw itc h w il l b e c onf ig ured as S TP Root.
L ayer-2 Sw itc h ST P C on f ig
span n in g-tree mode mst span n in g-tree exten d system-id
B y using th e p o w e r i n l i n e c o n s u m p t i o n < w a t t a g e > c onf ig uration c om m and, you c an ov erride th e def aul t pow er requirem ent spec if ied b y th e IEEE c l assif ic ation.
Note
CP -7970G ph ones c annot b e c onf ig ured to th e m axim um w ith suppl ied w ith th is am ount of pow er.
P oE C on f ig
in terf ac e F astE th ern et0 / 2 1 pow er in l in e c on sumption 770 0
M a na gem ent V L A N
A Manag em ent VLAN (1000) is c reated at eac h site f or m anag em ent of th e sw itc h es. Eac h sw itc h w il l h av e an IP Address on th is VLAN .
J a n u a r y 1 8 , 2 0 0 8
p r in te d c o p y o f th is d o c u m e n t is c o n s id e r e d u n c o n tr o lle d .
R e g u s L A N /W A N
T r a n s p o r t D e s ig n
68
M an agem en t V L AN C on f ig
in terf ac e V l an 10 0 0 desc ription M an agemen t ip address 172 . 2 8 . 2 51. 2 0 1 2 55. 2 55. 2 55. 2 2 4 n o ip redirec ts n o ip un reac h abl es n o ip proxy-arp n o ip route-c ac h e n o sn mp trap l in k -status
Q u a l ity of Service
S ee th e m ain Q ual ity of S erv ic e S ec tion in th is doc um ent f or th e m ain sw itc h Q oS setting s.
A ttenda nt Consol e (E V O ) Q oS
Th e EVO c onsol e resides on th e S taf f VLAN and requires a spec ial Q oS pol ic y on th e F ast Eth ernet port of th e sw itc h .
Atten d an t C on s ole Q oS P olic y C on f ig
c l ass-map matc h -al l v oic e-bearer matc h ac c ess-group n ame v oic e-bearer c l ass-map matc h -al l v oic e-sig-n ow matc h ac c ess-group n ame v oic e-sig-n ow ! pol ic y-map ev o-c on sol e c l ass v oic e-bearer set dsc p c s6 c l ass v oic e-sig-n ow set dsc p c s4 c l ass c l ass-def aul t set dsc p c s3 ! in terf ac e F astE th ern et0 / 3 4 pow er in l in e c on sumption 770 0 sw itc h port ac c ess v l an 2 sw itc h port mode ac c ess sw itc h port v oic e v l an 2 0 0 serv ic e-pol ic y in put ev o-c on sol e ! ip ac c ess-l ist exten ded v oic e-bearer permit udp an y an y ran ge 163 8 4 3 2 767 dsc p ef ip ac c ess-l ist exten ded v oic e-sig-n ow permit tc p an y an y ran ge 2 0 0 0 2 0 0 2 dsc p c s3 permit tc p an y an y ran ge 2 0 0 0 2 0 0 2 dsc p af 3 1 permit tc p an y an y eq 3 12 8 permit tc p an y an y eq 48 12 permit tc p an y an y eq 519 9 permit udp an y an y eq 519 9 permit udp an y an y eq 48 12 permit udp an y an y eq 3 12 8
J a n u a r y 1 8 , 2 0 0 8
p r in te d c o p y o f th is d o c u m e n t is c o n s id e r e d u n c o n tr o lle d .
R e g u s L A N /W A N
T r a n s p o r t D e s ig n
69
P redef ined VLAN and interf ac e c onf ig uration IG MP S nooping f or VLAN s requiring MoH S w itc h ing S DM Tem pl ate Ch ang e S ec urity S erv ic e Cl asses b ased on ACLs
P oE is av ail ab l e on ports
J a n u a r y 1 8 , 2 0 0 8
p r in te d c o p y o f th is d o c u m e n t is c o n s id e r e d u n c o n tr o lle d .
R e g u s L A N /W A N
T r a n s p o r t D e s ig n
70
Th e b ase LAN topol og y in th e Data Center c onsists of tw o 3560G sw itc h es w h ic h are c onnec ted v ia Eth er Ch annel . B oth th e Cal l Manag er and U nity VLAN s are av ail ab l e on b oth sw itc h es to support dual N IC team ing . Th e Drain CE Router 7201 util iz es al l f our G ig ab it interf ac es w ith in th e desig n. A k ey desig n g oal w as to av oid a dot1q interf ac e on th e G ig ab it interf ac es w h ic h c an introduc e c om pl ic ations to Q oS pol ic ies and introduc e inter-VLAN routing on th e Drain CE router.
A Data Center dif f ers f rom a P O P l oc ation b ec ause it c ontains b oth an Internet Drain (1) and th e Cal l Manag er and U nity S erv ers. Th e Cinc innati DC is l oc ated w ith in Lev el -3 c o-l oc ation f ac il ity.
J a n u a r y 1 8 , 2 0 0 8
p r in te d c o p y o f th is d o c u m e n t is c o n s id e r e d u n c o n tr o lle d .
R e g u s L A N /W A N
T r a n s p o r t D e s ig n
71
V L A N D ef initions
V L AN F u n c t i o n AS A VLAN V L AN N u m b e r VLAN 10
IP S ub net 10.231.x.x/ 30
VLAN 11
IP S ub net 10.224.16.0/ 27
VLAN 201
Manag em ent
IP S ub net 10.224.16.32/ 27
VLAN 202
VLAN 1000
D C Switch 1 to D ra in CE
Th e c onnec tion on VLAN 10 c oul d h av e term inated direc tl y into th e AS A, b ut is term inated on th e DC S w itc h 1 f or f uture options w h ic h m ay require spanning th e l ink . Th e sec ond G ig ab it interf ac e f rom th e Drain CE is used f or th e l ink to th e Cal l Manag er VLAN .
DC Sw itc h 1 Drain C E C on n ec tion C on f ig
in terf ac e GigabitE th ern et0 / 2 1 desc ription S F O -dc e-0 1 GigabitE th ern et0 / 0 sw itc h port ac c ess v l an 10 sw itc h port mode ac c ess n o l oggin g ev en t l in k -status srr-queue ban dw idth sh are 10 10 60 2 0 srr-queue ban dw idth sh ape 10 0 0 0 priority-queue out ml s qos trust dsc p n o sn mp trap l in k -status span n in g-tree portf ast J a n u a r y 1 8 , 2 0 0 8 R e g u s L A N /W A N T r a n s p o r t D e s ig n
72
p r in te d c o p y o f th is d o c u m e n t is c o n s id e r e d u n c o n tr o lle d .
in terf ac e GigabitE th ern et0 / 2 2 desc ription S F O -dc e-0 1 GigabitE th ern et0 / 1 ip address < 10 . 2 2 4. x. x> 2 55. 2 55. 2 55. 2 52 n o ip redirec ts n o ip un reac h abl es n o ip proxy-arp n o ip route-c ac h e n o sn mp trap l in k -status
D C Switch 2 to D ra in CE
Th is Drain CE G ig ab it c onnec tion is th e l ink to th e U nity VLAN
DC Sw itc h 2 Drain C E C on n ec tion C on f ig
in terf ac e GigabitE th ern et0 / 2 2 desc ription S F O -dc e-0 1 GigabitE th ern et0 / 3 ip address < 10 . 2 2 4. x. x> 2 55. 2 55. 2 55. 2 52 n o ip redirec ts n o ip un reac h abl es n o ip proxy-arp n o ip route-c ac h e n o sn mp trap l in k -status
J a n u a r y 1 8 , 2 0 0 8
p r in te d c o p y o f th is d o c u m e n t is c o n s id e r e d u n c o n tr o lle d .
R e g u s L A N /W A N
T r a n s p o r t D e s ig n
73
D C Switch 1 & 2 to A SA
Th e AS A is c onnec ted to b oth DC S w itc h 1 and 2, b ut onl y th e c onnec tion to DC S w itc h w il l b e enab l ed. Th is extra prov ides f l exib il ity f or rec onf ig uration in th e ev ent th at DC S w itc h 1 f ail s.
ASA C on n ec tion C on f ig
in terf ac e GigabitE th ern et0 / 2 0 desc ription C I N -AS A-0 1 GigabitE th ern et0 / 1 sw itc h port ac c ess v l an 10 sw itc h port mode ac c ess n o l oggin g ev en t l in k -status srr-queue ban dw idth sh are 10 10 60 2 0 srr-queue ban dw idth sh ape 10 0 0 0 priority-queue out ml s qos trust dsc p n o sn mp trap l in k -status span n in g-tree portf ast
D C Switch 1 to D C Switch 2 V L A N
VLAN 11 w il l f orm a Layer-3 c onnec tion b etw een w ith DC S w itc h 1 and 2. It al l ow s Cal l Manag er VLAN to U nity VLAN traf f ic to av oid trav ersing th e Drain CE router.
DC Sw itc h 1 & 2 SV I C on f ig
in terf ac e V l an 11 desc ription C I N -n ip address < 10 . 2 2 n o ip redirec ts n o ip un reac h abl n o ip proxy-arp n o ip route-c ac h n o sn mp trap l in sw -0 1 to C I N -n sw -0 2 V L AN 4. x. x> 2 55. 2 55. 2 55. 2 52 es e k -status
J a n u a r y 1 8 , 2 0 0 8
p r in te d c o p y o f th is d o c u m e n t is c o n s id e r e d u n c o n tr o lle d .
R e g u s L A N /W A N
T r a n s p o r t D e s ig n
74
M a na gem ent V L A N
A Manag em ent VLAN (1000) is c reated at eac h site f or m anag em ent of th e sw itc h es. Th e th ree IS I S erv ers interf ac es w il l al so reside in th is VLAN .
M an agem en t V L AN C on f ig
in terf ac e V l an 10 0 0 desc ription M an agemen t ip address 172 . 2 8 . 2 51. 2 0 1 2 55. 2 55. 2 55. 2 2 4 n o ip redirec ts n o ip un reac h abl es n o ip proxy-arp n o ip route-c ac h e n o sn mp trap l in k -status
Sp a nning T ree
MS Ts or Mul tipl e S panning Trees (IEEE 802.1s) c om b ine th e b est aspec ts f rom b oth th e P VS T+ and th e 802.1q. Th e idea is th at sev eral VLAN s c an b e m apped to a reduc ed num b er of spanning tree instanc es b ec ause m ost netw ork s do not need m ore th an a f ew l og ic al topol og ies. MS T spanning tree is sel ec ted ov er P VS T b ec ause it reduc es th e ov erh ead CP U b y sending a sing l e B P DU out f or al l VLAN s ac ross trunk s. DC S w itc h 1 w il l b e th e Root of th e topol og y.
DC Sw itc h 1 ST P C on f ig
span n in g-tree mode mst span n in g-tree exten d system-id span n in g-tree mst 0 priority 0 in terf ac e F astE th ern et0 / 2 1 span n in g-tree portf ast span n in g-tree mode mst span n in g-tree exten d system-id in terf ac e F astE th ern et0 / 2 1 span n in g-tree portf ast
DC Sw itc h 2 ST P C on f ig
V T P
Virtual Trunk ing P rotoc ol (VTP ) w as desig ned to propag ate a VLAN datab ase th roug h out a sw itc h ing topol og y. If a VLAN w as c reated th e c h ang e w oul d b e ref l ec ted on al l sw itc h es. U nf ortunatel y, th is f eature al so m ade it easy to ac c idental l y del ete an entire VLAN suc h as Voic e c ausing m aj or outag es. It rec om m ended running VTP in th e transparent m ode, w h ic h prev ents th e propag ation of VLAN inf orm ation.
V T P C on f ig
v tp domain ( R egus+ S ite I D ) v tp mode tran sparen t
J a n u a r y 1 8 , 2 0 0 8
p r in te d c o p y o f th is d o c u m e n t is c o n s id e r e d u n c o n tr o lle d .
R e g u s L A N /W A N
T r a n s p o r t D e s ig n
75
D e v ic e C o n s o le IX C Router
P h y s i c a l P o rt 1 2 3 4
P o rt N u m b e r 2033
2034
2035 2036
AU X
2037
2038
Su m m a ry of D a ta Center D esign
Tw o 3560G sw itc h es c onnec ted v ia Eth erc h annel Manag em ent VLAN w ith O O B 2811 Router Cal l Manag er and U nity VLAN s on b oth sw itc h es f or dual N IC team ing
J a n u a r y 1 8 , 2 0 0 8
p r in te d c o p y o f th is d o c u m e n t is c o n s id e r e d u n c o n tr o lle d .
R e g u s L A N /W A N
T r a n s p o r t D e s ig n
76
Th e S an F ranc isc o P O P desig n onl y h as Internet Drain 2. N o Voic e equipm ent is instal l ed w ith in th is Lev el -3 c o-l oc ation f ac il ity. A sing l e 3560G sw itc h inter-c onnec ts th e Drain CE Router and AS A F W.
3 5 6 0 -24 T
A SA 5 5 5 0 GE 7 20 6 V X R NPE -G2
GE
F E GE 7 20 1 GE 28 1 1 O O B GE Level 3 M P LS N E T W O R K PO TS
I NTE R NE T
PSTN
V L A N D ef initions
Additional VLAN s m ay b e added in th e F uture f or DN S , Web serv ers and/ or Tel eP resenc e v ideo equipm ent. S u b n e t F u n c tio n AS A VLAN V L AN N u m b e r VLAN 10 VLAN 1000
Manag em ent
J a n u a r y 1 8 , 2 0 0 8
p r in te d c o p y o f th is d o c u m e n t is c o n s id e r e d u n c o n tr o lle d .
R e g u s L A N /W A N
T r a n s p o r t D e s ig n
77
Pop Switch 1 to D ra in CE
Drain C E C on n ec tion C on f ig
in terf ac e GigabitE th ern et0 / 2 1 desc ription S F O -dc e-0 1 GigabitE th sw itc h port ac c ess v l an 10 sw itc h port mode ac c ess n o l oggin g ev en t l in k -status srr-queue ban dw idth sh are 10 10 srr-queue ban dw idth sh ape 10 0 priority-queue out ml s qos trust dsc p n o sn mp trap l in k -status span n in g-tree portf ast ! in terf ac e GigabitE th ern et0 / 2 2 desc ription S F O -dc e-0 1 GigabitE th ip address < 10 . 2 2 4. x. x> 2 55. 2 55. n o ip redirec ts n o ip un reac h abl es n o ip proxy-arp n o ip route-c ac h e n o sn mp trap l in k -status ern et0 / 0
60 0
2 0 0
Pop Switch 1 to A SA
ASA C on n ec tion C on f ig
in terf ac e GigabitE th ern et0 / 2 4 desc ription S F O -dc e-0 1 GigabitE th ern et0 / 1 sw itc h port ac c ess v l an 10 sw itc h port mode ac c ess n o l oggin g ev en t l in k -status srr-queue ban dw idth sh are 10 10 60 2 0 srr-queue ban dw idth sh ape 10 0 0 0 priority-queue out ml s qos trust dsc p n o sn mp trap l in k -status span n in g-tree portf ast
M a na gem ent V L A N
A Manag em ent VLAN (1000) is c reated at eac h site f or m anag em ent of th e sw itc h es. Eac h sw itc h w il l h av e an IP Address on th is VLAN .
J a n u a r y 1 8 , 2 0 0 8
p r in te d c o p y o f th is d o c u m e n t is c o n s id e r e d u n c o n tr o lle d .
R e g u s L A N /W A N
T r a n s p o r t D e s ig n
78
M an agem en t V L AN C on f ig
in terf ac e V l an 10 0 0 desc ription M an agemen t ip address 172 . 2 8 . 2 51. 2 0 1 2 55. 2 55. 2 55. 2 2 4 n o ip redirec ts n o ip un reac h abl es n o ip proxy-arp n o ip route-c ac h e n o sn mp trap l in k -status
Sp a nning T ree
MS Ts or Mul tipl e S panning Trees (IEEE 802.1s) c om b ine th e b est aspec ts f rom b oth th e P VS T+ and th e 802.1q. Th e idea is th at sev eral VLAN s c an b e m apped to a reduc ed num b er of spanning tree instanc es b ec ause m ost netw ork s do not need m ore th an a f ew l og ic al topol og ies. MS T spanning tree is sel ec ted ov er P VS T b ec ause it reduc es th e ov erh ead CP U b y sending a sing l e B P DU out f or al l VLAN s ac ross trunk s. Al th oug h th ere is onl y a sing l e sw itc h in th e P O P topol og y it is stil l rec om m ended to running spanning tree to av oid l oops b ec ause of c ab l ing issue or introduc tion of new equipm ent.
P O P Sw itc h 1 ST P C on f ig
! span n in g-tree mode mst span n in g-tree exten d system-id span n in g-tree mst 0 priority 0 ! in terf ac e F astE th ern et0 / 2 1 span n in g-tree portf ast
V T P
Virtual Trunk ing P rotoc ol (VTP ) w as desig ned to propag ate a VLAN datab ase th roug h out a sw itc h ing topol og y. If a VLAN w as c reated th e c h ang e w oul d b e ref l ec ted on al l sw itc h es. U nf ortunatel y, th is f eature al so m ade it easy to ac c idental l y del ete an entire VLAN suc h as Voic e c ausing m aj or outag es. It is rec om m ended to run VTP in th e transparent m ode, w h ic h prev ents th e propag ation of VLAN inf orm ation.
V T P C on f ig
v tp domain ( R egus+ S ite I D ) v tp mode tran sparen t
J a n u a r y 1 8 , 2 0 0 8
p r in te d c o p y o f th is d o c u m e n t is c o n s id e r e d u n c o n tr o lle d .
R e g u s L A N /W A N
T r a n s p o r t D e s ig n
79
AU X
Su m m a ry of PO P D esign
Drain CE, AS A and Drain IX C no serv ers S ing l e 3560 S w itc h
J a n u a r y 1 8 , 2 0 0 8
p r in te d c o p y o f th is d o c u m e n t is c o n s id e r e d u n c o n tr o lle d .
R e g u s L A N /W A N
T r a n s p o r t D e s ig n
80
At a drain site, th ere w il l exist 3 routers and 2 sw itc h es, as w el l as an AS A f irew al l . O ne router w il l b e ow ed b y Lev el -3 and th e oth er 2 as w el l as th e AS A f irew al l and sw itc h es w il l b e ow ned and operated b y Reg us or a P artner.
Note
Initial l y th ere w il l onl y b e tw o drain sites, l ater sc al ing to 8 Drain Loc ations ac ross N orth Am eric a.
2. S an F ranc isc o
8. S eattl e 9. Miam i
7. Los Ang el es
5. Ch ic ag o
4. Dal l as
11. Cinc innati Lev el -3 and Reg us w ork ed tog eth er to m ap th e 8 Reg us Drain l oc ations to th ese P O P l oc ations:
Drain N am e C in c in n a t i Sa n F r a n N Y C D a lla s At l a n t a D C L A Se a t t l e
R e g u s L A N /W A N T r a n s p o r t D e s ig n
10. S an J ose
1 2 3 4 5 6 7 8
J a n u a r y 1 8 , 2 0 0 8
81
p r in te d c o p y o f th is d o c u m e n t is c o n s id e r e d u n c o n tr o lle d .
J a n u a r y 1 8 , 2 0 0 8
p r in te d c o p y o f th is d o c u m e n t is c o n s id e r e d u n c o n tr o lle d .
R e g u s L A N /W A N
T r a n s p o r t D e s ig n
82
Wh en deal ing w ith th e sym m etric al routing dec isions, th ere are th ree m aj or desig n issues: 1. Wh ic h Internet Drain w il l a CE U se? 2. Wh ic h Internet Drain w il l adv ertise a P ub l ic Address B l oc k ? 3. H ow do I ensure th at return path f rom
J a n u a r y 1 8 , 2 0 0 8
p r in te d c o p y o f th is d o c u m e n t is c o n s id e r e d u n c o n tr o lle d .
R e g u s L A N /W A N
T r a n s p o r t D e s ig n
83
Drains 1 2 3 1 2 4
5 3 1 6 2 7 4 8
k s / 22 / 22 / 22 / 22 / 22 / 22 / 22 / 22
J a n u a r y 1 8 , 2 0 0 8
p r in te d c o p y o f th is d o c u m e n t is c o n s id e r e d u n c o n tr o lle d .
R e g u s L A N /W A N
84
F l exib il ity in th e desig n to adv ertise f rag m ented address spac e if needed using standard c om m unity m atc h ing pol ic y
In sum m ary, th e IX C CE w il l peer to Reg us ow ned Drain CE v ia iB G P (14676 ) and w il l al so peers to Internet v ia EB G P AS N 3356. Eac h IX C Router w il l announc e at LEAS T 2 pair of / 22s f rom 66.202.128/ 18 address spac e. In th e earl y stag es of th e proj ec t eac h IX C Router w il l adv ertise al l 16 / 22s. (Eac h IX C Router w il l announc e 8 / 22s w ith a B G P AS P repend f or address spac e f or w h ic h it is th e S ec ondary Drain)
D ra in CE to PE Connectivity a nd I X C Peering
Eac h Drain CE (DCE) w il l h av e th e sam e B G P AS N (14676) and w il l c onnec t to th e Lev el 3 P E router v ia G ig ab it Eth ernet. Al so, eac h DCE w il l peer to th e DP E v ia EB G P . Th e DCE w il l al so peer to th e IX C Router v ia iB G P th roug h an AS A F irew al l (using N ext h op sel f ). Eac h DCE w il l rec eiv e a sing l e def aul t route f rom th e IX C router and ALS O spec if ic routes f rom th e DP E. DCE w il l use B G P netw ork statem ents to adv ertise l oc al l y attac h ed netw ork s (ie. N etw ork statem ent f or priv ate and pub l ic address spac e of Voic e S ub nets f or exam pl e). As w as stated in th e B G P sec tion, no redistrib ution w il l b e used. Muc h l ik e th e Rem ote CE Routers do, th e DCE w il l set a site spec if ic c om m unity in th e B G P adv ertisem ents f or th e l oc al seg m ents.
J a n u a r y 1 8 , 2 0 0 8
p r in te d c o p y o f th is d o c u m e n t is c o n s id e r e d u n c o n tr o lle d .
R e g u s L A N /W A N
T r a n s p o r t D e s ig n
85
A SA Rol e a nd NA T Connectivity
Th e AS A w il l perf orm N AT f or P ub l ic Address S pac e U sing a U nique P ool of P ub l ic Addresses and w il l al so h av e a pol ic y to l et B G P P eering th roug h th e f irew al l onl y f or th e IX C to Drain CE peering s.
N ext N AT w il l b e c onf ig ured on th e AS A f or th e priv ate address spac e. Eac h Drain w il l h av e a b l oc k (ie. a / 24) reserv ed f or a N AT P ool and th is S pec if ic B l oc k w il l b e adv ertised onl y f rom th at P eering P oint. F urth erm ore, N AT O v erl oading w il l b e used. Th e inside interf ac e w il l h av e a sec urity l ev el of 100 and th e outside (IX C Router F ac ing interf ac e w il l h av e a sec urity Lev el of 0)
J a n u a r y 1 8 , 2 0 0 8
p r in te d c o p y o f th is d o c u m e n t is c o n s id e r e d u n c o n tr o lle d .
R e g u s L A N /W A N
T r a n s p o r t D e s ig n
86
Eac h Rem ote S ite is assig ned a pub l ic IP Address anc h or b l oc k / 29 f or N AT. Th e sec ond IP Address / 32 of th e / 29 b l oc k is used f or th e site spec if ic P AT address. Th e AS A c onf ig uration w il l use th e Reg us S ite-ID to c orrel ate th e inf orm ation.
ASA P AT C on f igu ration
gl obal n at ( 18 n at ( 18 ! gl obal gl obal n at ( 18 n at ( 18 n at ( 18 n at ( 18 ( 18 111-out) < R egus-S iteI D > < 2 n d I P of / 2 9 N AT B l oc k > n etmask 112 -in ) < R egus-S iteI D > < S ite P ubl ic An c h or B l oc k > < mask > 112 -in ) < R egus-S iteI D > < S ite S taf f B l oc k > < mask > ( 18 ( 18 112 112 112 112 111-out) 111-out) -in ) 79 9 -in ) 79 9 -in ) 19 9 -in ) 19 9 79 9 1 66. 2 19 9 9 66. 2 1 10 . 12 2 . 2 1 172 . X . X . 9 10 . 12 2 . 0 9 172 . x. x. 0 2 . 168 0 2 . 160 3 2 . 0 2 2 55. 0 . 0 . 0 2 x 2 55. . 2 49 . 2 n 55. 2 . 0 . 0 55. 0 0 . 0 . 0 n etmask 2 55. 2 55. 2 55. 2 55 etmask 2 55. 2 55. 2 55. 0 55. 2 48 . 0 . 0 . 0 2 55. 2 55. 2 55. 2 55
A SA F W
Ru l es
A c c e ss fr o m BT to a l l ow a ccess f rom - 6 6 .202.128 .0 / 18 th e In te r n e t th e I nternet to th e f ol l owing a ddress b l ocks: P u b l ic Address Bl ock
A c c e ss to th e In te r n e t - 6 6 .202.128 .0/ 18
P u b l ic Address Bl ock
J a n u a r y 1 8 , 2 0 0 8
p r in te d c o p y o f th is d o c u m e n t is c o n s id e r e d u n c o n tr o lle d .
R e g u s L A N /W A N
T r a n s p o r t D e s ig n
87
B asil ic a
Manag em ent
C E Ac c es s V P N C on f igu ration
c rypto isak mp pol ic y 1 en c r 3 des auth en tic ation pre-sh are group 2 c rypto isak mp k ey R 3 gU 5V P N address c rypto isak mp k ey R 3 gU 5V P N address c rypto isak mp k ey R 3 gU 5V P N address c rypto isak mp k ey R 3 gU 5V P N address ! c rypto isak mp c l ien t c on f iguration k ey N 3 t5ur4n t dn s 10 . 156. 161. 15 10 . 2 54. 6. 12 0 w in s 10 . 2 54. 6. 10 1 10 . 2 54. 6. 10 2 domain ac c essregus. c om pool V P N _ P O O L _ 1 ac l 10 1 pf s n etmask 2 55. 2 55. 2 55. 0
2 13 . 8 6. 2 16. 73 . 12 . 19 3 . 9 0 . 152 .
group N etsuran t
J a n u a r y 1 8 , 2 0 0 8
p r in te d c o p y o f th is d o c u m e n t is c o n s id e r e d u n c o n tr o lle d .
R e g u s L A N /W A N
T r a n s p o r t D e s ig n
88
c rypto isak mp c l ien t c on f iguration group R egus k ey 2 0 10 R 3 gU 5v 0 ip dn s 10 . 156. 161. 15 10 . 2 54. 6. 12 0 w in s 10 . 2 54. 6. 10 1 10 . 2 54. 6. 10 2 domain ac c essregus. c om pool V P N _ P O O L _ 1 ac l 10 1 pf s n etmask 2 55. 2 55. 2 55. 0 ! c rypto isak mp c l ien t c on f iguration group I S I k ey 1S 1adm1n dn s 10 . 156. 161. 15 10 . 2 54. 6. 12 0 w in s 10 . 2 54. 6. 10 1 10 . 2 54. 6. 10 2 domain ac c essregus. c om pool V P N _ P O O L _ 1 ac l 10 1 pf s n etmask 2 55. 2 55. 2 55. 0 ! ! c rypto ipsec tran sf orm-set E S P -3 D E S -S H A esp-3 des esp-sh a-h mac c rypto ipsec df -bit c l ear ! c rypto dyn amic -map D Y N M AP _ 1 1 set sec urity-assoc iation idl e-time 72 0 0 set tran sf orm-set E S P -3 D E S -S H A rev erse-route qos pre-c l assif y ! c rypto map C M AP _ 1 c l ien t auth en tic ation l ist v pn _ xauth c rypto map C M AP _ 1 isak mp auth oriz ation l ist v pn _ group_ 1 c rypto map C M AP _ 1 c l ien t c on f iguration address respon d c rypto map C M AP _ 1 1 ipsec -isak mp desc ription T un n el to 9 0 . 152 . 3 . 10 ( B asil ic a) set peer 9 0 . 152 . 3 . 10 set tran sf orm-set E S P -3 D E S -S H A set pf s group2 matc h address T oB asil ic a c rypto map C M AP _ 1 2 ipsec -isak mp desc ription T un n el to 2 13 . 8 6. 173 . 11 ( C O L T ) set peer 2 13 . 8 6. 173 . 11 set tran sf orm-set E S P -3 D E S -S H A set pf s group2 matc h address T oC O L T c rypto map C M AP _ 1 3 ipsec -isak mp desc ription T un n el to 2 16. 73 . 12 8 . 2 2 ( H Q D al l as) set peer 2 16. 73 . 12 8 . 2 2 set tran sf orm-set E S P -3 D E S -S H A set pf s group2 matc h address T oH Q c rypto map C M AP _ 1 4 ipsec -isak mp desc ription T un n el to 12 . 19 3 . 166. 13 3 ( N etS uran t) set peer 12 . 19 3 . 166. 13 3 set tran sf orm-set E S P -3 D E S -S H A set pf s group2 matc h address T oN etS uran t c rypto map C M AP _ 1 6553 5 ipsec -isak mp dyn amic D Y N M AP _ 1 ! ip l oc al pool V P N _ P O O L _ 1 10 . 79 . 65. 2 2 4 10 . 79 . 65. 2 3 1
J a n u a r y 1 8 , 2 0 0 8
p r in te d c o p y o f th is d o c u m e n t is c o n s id e r e d u n c o n tr o lle d .
R e g u s L A N /W A N
T r a n s p o r t D e s ig n
89
A SA A ccess V PN
VP N Ac c ess is not part of th is S O W, b ut it w il l b e m inim al l y c onf ig ured to support th e im pl em entation proc ess. U sers and VP N ac c ess w il l b e static al l y def ined.
ASA Ac c es s V P N C on f igu ration
ip l oc al pool v pn pool 172 . 16. 1. 10 0 -172 . 16. 1. 19 9 mask 2 55. 2 55. 2 55. 0 ! group-pol ic y regus_ v pn in tern al group-pol ic y regus_ v pn attributes dn s-serv er v al ue 172 . 16. 1. 11 v pn -tun n el -protoc ol I P S ec def aul t-domain v al ue ac c essregus. c om ! c rypto ipsec tran sf orm-set E S P -3 D E S -S H A esp-3 des esp-sh a-h mac c rypto dyn amic -map O utside_ dyn _ map 10 set tran sf orm-set E S P -3 D E S -S H A c rypto dyn amic -map outside_ dyn _ map 10 set sec urity-assoc iation l if etime sec on ds 2 8 8 0 0 0 c rypto map O utside_ map 10 ipsec -isak mp dyn amic O utside_ dyn _ map c rypto map O utside_ map in terf ac e O utside c rypto isak mp en abl e O utside c rypto isak mp pol ic y 10 auth en tic ation pre-sh are en c ryption 3 des h ash sh a group 2 l if etime 8 640 0 c rypto isak mp n at-trav ersal 2 0 ! tun n el -group regus_ v pn type ipsec -ra tun n el -group regus_ v pn gen eral -attributes address-pool v pn pool tun n el -group regus_ v pn ipsec -attributes pre-sh ared-k ey < regus_ v pn _ k ey>
A SA V PN U sers
U se r c isc o-as inx
ASA Static U s er C on f igu ration
! usern ame c isc o passw ord 6X mY w Q O O 9 tiY n U D N en c rypted usern ame in x passw ord 6X mY w Q O O 9 tiY n U D N en c rypted
Ac c e s s Al l N etw ork s
Al l N etw ork s
J a n u a r y 1 8 , 2 0 0 8
p r in te d c o p y o f th is d o c u m e n t is c o n s id e r e d u n c o n tr o lle d .
R e g u s L A N /W A N
T r a n s p o r t D e s ig n
90
Su m m a ry of D ra in Site D esign
Router B G P AS N = 14676 S et a Router ID Manual l y to m atc h th e l oopb ac k address typic al l y P eer to th e AS N f or Lev el 3 MP LS Core (AS N 1) U se MD5 Auth entic ation
Announc e N etw ork s Via N etw ork S tatem ents and Route Maps to set c om m unity v al ues
S end/ rec iev e B G P S tandard Com m unities v ia send-c om m unity k eyw ord Do not send P ub l ic Addresses to IX C router sinc e th ey w il l b e N ATted Route Maps f or Com m unity setting w il l v ary:
H ig h l y S c al ab l e and F l exib l e B G P Desig n f or up to 3000 Reg us S ite routers c onnec ted to up to 8 Drain Loc ations in U S and/ or Canada Desig n B G P P eering f or Rem ote S ites F l exib l e Desig n to support Inter P rov ider MP LS P eering if nec essary Initial P h ase of th e P roj ec t Requires 2 Data Centers and 3 Rem ote S ites to b e b roug h t onl ine b y end of J an 2008 Router B G P AS N = 14676 S et a Router ID Manual l y to m atc h th e l oopb ac k address typic al l y Eac h IX C w il l annouc e its / 21 B l oc k (or B l oc k s during interim ) P eer to th e AS N f or Lev el 3 IP Core (AS N 3356) U se MD5 Auth entic ation S ym m etric al Routing w ith Central iz ed N AT F unc tion
O nl y If P ub l ic Address S pac e th at is f rag m ented b etw een Lev el 3 and S print spac e, set c om m unity to 14676:S iteN um b er pl us Drain P ref erenc e S etting . Th is m ust m atc h th e P E S etting s.
S end/ rec eiv e B G P S tandard Com m unities v ia send-c om m unity k eyw ord N o P riv ate addresses w il l b e l earned or announc ed Route Maps f or Com m unity setting w il l v ary:
O nl y If P ub l ic Address S pac e th at is f rag m ented b etw een Lev el 3 and S print spac e, set c om m unity to 14676:S iteN um b er pl us Drain P ref erenc e S etting . Th is m ust m atc h th e P E S etting s. Maxim um P ref ix Enf orc ed
J a n u a r y 1 8 , 2 0 0 8
p r in te d c o p y o f th is d o c u m e n t is c o n s id e r e d u n c o n tr o lle d .
R e g u s L A N /W A N
T r a n s p o r t D e s ig n
91
J a n u a r y 1 8 , 2 0 0 8
p r in te d c o p y o f th is d o c u m e n t is c o n s id e r e d u n c o n tr o lle d .
R e g u s L A N /W A N
T r a n s p o r t D e s ig n
92
So f tw a r e R el ea ses
Cisc o rec om m ends th e f ol l ow ing sof tw are rel eases to b e used on th ese dev ic es.
Sof tw are R eleas e T able
124(X )T 12.0(32)S
Version
F eature S et
Im ag e N am e
AS A 5550
12.2(40)S E
IP B ase
J a n u a r y 1 8 , 2 0 0 8
p r in te d c o p y o f th is d o c u m e n t is c o n s id e r e d u n c o n tr o lle d .
R e g u s L A N /W A N
T r a n s p o r t D e s ig n
93
R o u ter T em p l a tes
Th ese are onl y tem pl ates and does not al ig n w ith ph ysic al h ardw are l ayout present in th e Reg us routers. Th is is h ow ev er a g ood starting point and w il l require th at Reg us m ap interf ac e c onf ig urations to ph ysic al l oc ations. Y el l ow h ig h l ig h ts indic ate Data P oints th at need to b e m odif ied b ased on router l oc ation.
router bgp 14676 n o syn c h ron iz ation bgp router-id < L oopbac k Address> bgp l og-n eigh bor-c h an ges n etw ork < l oc al n etw ork > mask < mask > route-map set_ regus_ c ommun ity n etw ork < publ ic n etw ork > mask < mask > route-map set_ publ ic _ c ommun ity n eigh bor < L ev el -3 P E > remote-as 1 n eigh bor < L ev el -3 P E > passw ord 7 10 5C 0 C 1E 10 0 4 n eigh bor < L ev el -3 P E > sen d-c ommun ity n eigh bor < L ev el -3 P E > distribute-l ist 50 in n eigh bor < L ev el -3 P E > maximum-pref ix 1 n o auto-summary ! ip route < priv ate n etw ork used abov e> N ul l 0 2 54 ip route < publ ic n etw ork used abov e> N ul l 0 2 54 ! ip bgp-c ommun ity n ew -f ormat ! ac c ess-l ist 10 permit 10 . 0 . 0 . 0 0 . 2 55. 2 55. 2 55 ac c ess-l ist 50 permit 0 . 0 . 0 . 0 ac c ess-l ist 66 permit 66. 2 0 2 . 0 . 0 . 2 55. 2 55 ! ! route-map set_ publ ic _ c ommun ity permit 10 matc h ip address 66 set c ommun ity 66:< D rain P ref 1> 67:< D rain P ref 2 > 14676:< S iteN umber> ! route-map set_ regus_ c ommun ity permit 10 matc h ip address 10 set c ommun ity 14676:< S iteN umber> !
3 8 4 5 CE Rou ter T em p l a te
J a n u a r y 1 8 , 2 0 0 8
p r in te d c o p y o f th is d o c u m e n t is c o n s id e r e d u n c o n tr o lle d .
R e g u s L A N /W A N
T r a n s p o r t D e s ig n
94
7 20 1/ 7 20 6 D ra in CE Rou ter T em p l a te
router bgp 14676 n o syn c h ron iz ation bgp router-id < l oopbac k 0 > bgp l og-n eigh bor-c h an ges n etw ork 0 . 0 . 0 . 0 n etw ork 10 . 2 3 1. 15. 2 48 mask 2 55. 2 55. 2 55. 2 n etw ork 66. 2 0 2 . 12 8 . 0 mask 2 55. 2 55. 2 52 . 0 n etw ork 66. 2 0 2 . 13 2 . 0 mask 2 55. 2 55. 2 52 . 0 n etw ork 66. 2 0 2 . 13 6. 0 mask 2 55. 2 55. 2 52 . 0 n etw ork 66. 2 0 2 . 140 . 0 mask 2 55. 2 55. 2 52 . 0 n etw ork 66. 2 0 2 . 144. 0 mask 2 55. 2 55. 2 52 . 0 n etw ork 66. 2 0 2 . 148 . 0 mask 2 55. 2 55. 2 52 . 0 n etw ork 66. 2 0 2 . 152 . 0 mask 2 55. 2 55. 2 52 . 0 n etw ork 66. 2 0 2 . 156. 0 mask 2 55. 2 55. 2 52 . 0 n etw ork 66. 2 0 2 . 160 . 0 mask 2 55. 2 55. 2 52 . 0 n etw ork 66. 2 0 2 . 164. 0 mask 2 55. 2 55. 2 52 . 0 n etw ork 66. 2 0 2 . 168 . 0 mask 2 55. 2 55. 2 52 . 0 n etw ork 66. 2 0 2 . 172 . 0 mask 2 55. 2 55. 2 52 . 0 n etw ork 66. 2 0 2 . 176. 0 mask 2 55. 2 55. 2 52 . 0 n etw ork 66. 2 0 2 . 18 0 . 0 mask 2 55. 2 55. 2 52 . 0 n etw ork 66. 2 0 2 . 18 4. 0 mask 2 55. 2 55. 2 52 . 0 n etw ork 66. 2 0 2 . 18 8 . 0 mask 2 55. 2 55. 2 52 . 0 n eigh bor < L ev el 3 P E > remote-as 1 n eigh bor < L ev el 3 P E > passw ord 7 0 3 3 65E 0 C n eigh bor < L ev el 3 P E > sen d-c ommun ity n eigh bor < L ev el 3 P E > distribute-l ist 66 n eigh bor < L ev el 3 P E > remote-as 14676 n eigh bor < I X C R outer> desc ription to D 1_ n eigh bor < I X C R outer> n ext-h op-sel f n eigh bor < I X C R outer> sen d-c ommun ity n eigh bor < I X C R outer> w eigh t 6553 5 n eigh bor < I X C R outer> maximum-pref ix 1 def aul t-in f ormation origin ate n o auto-summary c ess-l c ess-l c ess-l c ess-l c ess-l c ess-l c ess-l c ess-l c ess-l c ess-l c ess-l c ess-l c ess-l c ess-l c ess-l c ess-l c ess-l c ess-l c ess-l c ess-l c ess-l c ess-l c ess-l c ess-l c ess-l c ess-l c ess-l c ess-l c ess-l c ess-l c ess-l ist ist ist ist ist ist ist ist ist ist ist ist ist ist ist ist ist ist ist ist ist ist ist ist ist ist ist ist ist ist ist 66 66 66 66 66 66 66 66 66 66 66 66 66 66 66 66 66 66 70 70 70 70 70 70 70 70 70 75 75 75 75 remark den y den y den y den y den y den y den y den y den y den y den y den y den y den y den y den y permit remark permit permit permit permit permit permit permit permit remark permit permit permit D E N Y 66. 2 66. 2 66. 2 66. 2 66. 2 66. 2 66. 2 66. 2 66. 2 66. 2 66. 2 66. 2 66. 2 66. 2 66. 2 66. 2 an y AGGR 66. 2 66. 2 66. 2 66. 2 66. 2 66. 2 66. 2 66. 2 AGGR 66. 2 66. 2 66. 2 _ AL 0 2 . 0 2 . 0 2 . 0 2 . 0 2 . 0 2 . 0 2 . 0 2 . 0 2 . 0 2 . 0 2 . 0 2 . 0 2 . 0 2 . 0 2 . 0 2 . L _ AGGR 12 8 . 0 13 2 . 0 13 6. 0 140 . 0 144. 0 148 . 0 152 . 0 156. 0 160 . 0 164. 0 168 . 0 172 . 0 176. 0 18 0 . 0 18 4. 0 18 8 . 0 E GAT 0 . 0 . 0 . 0 . 0 . 0 . 0 . 0 . 0 . 0 . 0 . 0 . 0 . 0 . 0 . 0 . 0 . 0 . 0 . 0 . 0 . 0 . 0 . 0 . 0 . 0 . 0 . 0 . 0 . 0 . 0 . 0 .
52 route-map route-map route-map route-map route-map route-map route-map route-map route-map route-map route-map route-map route-map route-map route-map route-map 13 4B out I X C
P R I P R I P R I P R I S E C S E C S E C S E C P R I P R I P R I P R I S E C S E C S E C S E C
M AR M AR M AR M AR O N D O N D O N D O N D M AR M AR M AR M AR O N D O N D O N D O N D
Y _ AGG Y _ AGG Y _ AGG Y _ AGG AR Y _ AGG AR Y _ AGG AR Y _ AGG AR Y _ AGG Y _ AGG Y _ AGG Y _ AGG Y _ AGG AR Y _ AGG AR Y _ AGG AR Y _ AGG AR Y _ AGG
ac ac ac ac ac ac ac ac ac ac ac ac ac ac ac ac ac ac ac ac ac ac ac ac ac ac ac ac ac ac ac
E S _ T O _ P E _ L I S T 3 . 0 3 . 0 3 . 0 3 . 0 3 . 0 3 . 0 3 . 0 3 . 0 3 . 0 3 . 0 3 . 0 3 . 0 3 . 0 3 . 0 3 . 0 3 . 0 N D _ L I S T . 0 . 0 . 0 . 0 . 0 . 0 . 0 . 0 E _ L I S T . 0 . 0 . 0 R e g u s L A N /W A N T r a n s p o r t D e s ig n
E P E 0 . 3 0 . 3 0 . 3 0 . 3 0 . 3 0 . 3 0 . 3 0 . 3 T I S 0 . 3 0 . 3 0 . 3
J a n u a r y 1 8 , 2 0 0 8
95
p r in te d c o p y o f th is d o c u m e n t is c o n s id e r e d u n c o n tr o lle d .
ac ac ac ac ac
75 75 75 75 75
2 0 2 2 0 2 2 0 2 2 0 2 2 0 2
0 0 0 0
0 . 0 0 . 0 0 . 0 0 . 0 0 . 0
. 3 . . 3 . . 3 . . 3 . . 3 . 0
0 0 0 0
route-map P R I M AR Y _ AGG desc ription S et L P ref desc ription * * * T h is matc h ip address 75 set l oc al -pref eren c e set c ommun ity 66:1
! route-map S E C O N D AR Y _ AGG permit 10 desc ription S et L P ref / C omm f or P rimary( 67:1) desc ription * * * T h is is D rain # 1 * * * matc h ip address 70 set l oc al -pref eren c e 10 set c ommun ity 67:1 ip ip ip ip ip ip ip ip ip ip ip ip ip ip ip ip ! route route route route route route route route route route route route route route route route 66. 66. 66. 66. 66. 66. 66. 66. 66. 66. 66. 66. 66. 66. 66. 66. 2 0 2 2 0 2 2 0 2 2 0 2 2 0 2 2 0 2 2 0 2 2 0 2 2 0 2 2 0 2 2 0 2 2 0 2 2 0 2 2 0 2 2 0 2 2 0 2 . 12 8 . . 13 2 . . 13 6. . 140 . . 144. . 148 . . 152 . . 156. . 160 . . 164. . 168 . . 172 . . 176. . 18 0 . . 18 4. . 18 8 . 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 2 55. 2 55. 2 55. 2 55. 2 55. 2 55. 2 55. 2 55. 2 55. 2 55. 2 55. 2 55. 2 55. 2 55. 2 55. 2 55. 2 55. 2 55. 2 55. 2 55. 2 55. 2 55. 2 55. 2 55. 2 55. 2 55. 2 55. 2 55. 2 55. 2 55. 2 55. 2 55. 2 52 2 52 2 52 2 52 2 52 2 52 2 52 2 52 2 52 2 52 2 52 2 52 2 52 2 52 2 52 2 52 . 0 . 0 . 0 . 0 . 0 . 0 . 0 . 0 . 0 . 0 . 0 . 0 . 0 . 0 . 0 . 0 N ul N ul N ul N ul N ul N ul N ul N ul N ul N ul N ul N ul N ul N ul N ul N ul l 0 l 0 l 0 l 0 l 0 l 0 l 0 l 0 l 0 l 0 l 0 l 0 l 0 l 0 l 0 l 0 2 54 2 54 2 54 2 54 2 54 2 54 2 54 2 54 2 54 2 54 2 54 2 54 2 54 2 54 2 54 2 54
7 20 1/ 7 20 6 I X C Rou ter T em p l a te
J a n u a r y 1 8 , 2 0 0 8
p r in te d c o p y o f th is d o c u m e n t is c o n s id e r e d u n c o n tr o lle d .
R e g u s L A N /W A N
T r a n s p o r t D e s ig n
96
router bgp 14676 n o syn c h ron iz ation bgp router-id < l oopbac k 0 > bgp l og-n eigh bor-c h an ges n eigh bor < I B GP P eer> remote-as 14676 n eigh bor < I B GP P eer> desc ription to D 1_ C E _ I B GP _ P E E R n eigh bor < I B GP P eer> n ext-h op-sel f n eigh bor < I B GP P eer> sen d-c ommun ity n eigh bor < L ev el 3 I n tern et> remote-as 3 3 56 n eigh bor < L ev el 3 I n tern et> desc ription to L 3 _ I X C _ P E E R n eigh bor < L ev el 3 I n tern et> passw ord regus n eigh bor < L ev el 3 I n tern et> distribute-l ist 50 in n eigh bor < L ev el 3 I n tern et> route-map d1_ pol ic y out n eigh bor < L ev el 3 I n tern et> maximum-pref ix 1 n o auto-summary ! ip route < I B GP _ peer_ th ru_ f irew al l > 2 55. 2 55. 2 55. 2 55 < f irew al l address> ! ip bgp-c ommun ity n ew -f ormat ip c ommun ity-l ist stan dard P R I M E permit 66:< mydrain n umber> ip c ommun ity-l ist stan dard S E C O N D AR Y permit 67:< mydrain n umber> ! n o ip h ttp serv er n o ip h ttp sec ure-serv er ! ac c ess-l ist 50 permit 0 . 0 . 0 . 0 ! ! ! route-map d1_ pol ic y permit 10 matc h c ommun ity P R I M E ! route-map d1_ pol ic y permit 2 0 matc h c ommun ity S E C O N D AR Y set as-path prepen d 14676 ! ! S ec urity B est P rac tic es n o ip domain -l ook up n o c dp run n o ip h ttp serv er n o ip sourc e-route n o serv ic e f in ger n o ip bootp serv er n o serv ic e pad n o serv ic e udp-smal l -serv er n o serv ic e tc p-smal l -serv er ! serv ic e tc p-k eepal iv es-in serv ic e tc p-k eepal iv es-out ! en abl e sec ret serv ic e passw ord-en c ryption ! ! O n al l in terf ac es n o ip redirec t n o ip direc ted-broadc ast n o ip proxy-arp
J a n u a r y 1 8 , 2 0 0 8
p r in te d c o p y o f th is d o c u m e n t is c o n s id e r e d u n c o n tr o lle d .
R e g u s L A N /W A N
T r a n s p o r t D e s ig n
97
A SA 5 5 0 0 F irewa l l T em p l a te
AS A V ersion 7. 2 ( 2 ) ! h ostn ame AS Aw AI P -C L I domain -n ame c orp. c om en abl e passw ord W w X Y v tK rn j X qGbu1 en c rypted n ames ! in terf ac e GigabitE th ern et0 / 0 n ameif O utside sec urity-l ev el 0 ip address 10 . 10 . 10 . 2 2 55. 2 55. 2 55. 0 ! in terf ac e GigabitE th ern et0 / 1 n ameif in side sec urity-l ev el 10 0 ip address 172 . 16. 1. 2 2 55. 2 55. 2 55. 0 ! in terf ac e GigabitE th ern et0 / 2 sh utdow n n o n ameif n o sec urity-l ev el n o ip address ! in terf ac e GigabitE th ern et0 / 3 sh utdow n n o n ameif n o sec urity-l ev el n o ip address ! in terf ac e M an agemen t0 / 0 sh utdow n n o n ameif n o sec urity-l ev el n o ip address ! passw d 2 K F Q n bN I dI . 2 K Y O U en c rypted f tp mode passiv e dn s serv er-group D ef aul tD N S domain -n ame c orp. c om pager l in es 2 4 mtu O utside 150 0 mtu in side 150 0 ip l oc al pool v pn pool 172 . 16. 1. 10 0 -172 . 16. 1. 19 9 mask 2 55. 2 55. 2 55. 0 n o f ail ov er ic mp un reac h abl e rate-l imit 1 burst-siz e 1 n o asdm h istory en abl e arp timeout 1440 0 timeout xl ate 3 :0 0 :0 0 timeout c on n 1:0 0 :0 0 h al f -c l osed 0 :10 :0 0 udp 0 :0 2 :0 0 ic mp 0 :0 0 :0 2 timeout sun rpc 0 :10 :0 0 h 3 2 3 0 :0 5:0 0 h 2 2 5 1:0 0 :0 0 mgc p 0 :0 5:0 0 mgc p-pat 0 :0 5:0 0 timeout sip 0 :3 0 :0 0 sip_ media 0 :0 2 :0 0 sip-in v ite 0 :0 3 :0 0 sip-disc on n ec t 0 :0 2 :0 0 timeout uauth 0 :0 5:0 0 absol ute group-pol ic y h il l v al l eyv pn 1 in tern al group-pol ic y h il l v al l eyv pn 1 attributes dn s-serv er v al ue 172 . 16. 1. 11 v pn -tun n el -protoc ol I P S ec def aul t-domain v al ue test. c om usern ame marty passw ord 6X mY w Q O O 9 tiY n U D N en c rypted n o sn mp-serv er l oc ation n o sn mp-serv er c on tac t sn mp-serv er en abl e traps sn mp auth en tic ation l in k up l in k dow n c ol dstart c rypto ipsec tran sf orm-set E S P -3 D E S -S H A esp-3 des esp-sh a-h mac c rypto dyn amic -map O utside_ dyn _ map 10 set tran sf orm-set E S P -3 D E S -S H A c rypto dyn amic -map outside_ dyn _ map 10 set sec urity-assoc iation l if etime sec on ds 2 8 8 0 0 0 c rypto map O utside_ map 10 ipsec -isak mp dyn amic O utside_ dyn _ map c rypto map O utside_ map in terf ac e O utside J a n u a r y 1 8 , 2 0 0 8
C o m p a n y C o n fid e n tia l.A p r in te d c o p y o f th is d o c u m e n t is c o n s id e r e d u n c o n tr o lle d .
R e g u s L A N /W A N
T r a n s p o r t D e s ig n
98
c rypto isak mp en abl e O utside c rypto isak mp pol ic y 10 auth en tic ation pre-sh are en c ryption 3 des h ash sh a group 2 l if etime 8 640 0 c rypto isak mp n at-trav ersal 2 0 tun n el -group h il l v al l eyv pn type ipsec -ra tun n el -group h il l v al l eyv pn gen eral -attributes address-pool v pn pool tun n el -group h il l v al l eyv pn ipsec -attributes pre-sh ared-k ey * tel n et timeout 5 ssh timeout 5 c on sol e timeout 0 ! c l ass-map in spec tion _ def aul t matc h def aul t-in spec tion -traf f ic ! ! pol ic y-map type in spec t dn s preset_ dn s_ map parameters message-l en gth maximum 512 pol ic y-map gl obal _ pol ic y c l ass in spec tion _ def aul t in spec t dn s preset_ dn s_ map in spec t f tp in spec t h 3 2 3 h 2 2 5 in spec t h 3 2 3 ras in spec t n etbios in spec t rsh in spec t rtsp in spec t sk in n y in spec t esmtp in spec t sql n et in spec t sun rpc in spec t tf tp in spec t sip in spec t xdmc p ! gl obal ( sf o-ixc -0 1) 19 9 9 66. 2 0 2 . 18 4. 17 n etmask 2 gl obal ( sf o-ixc -0 1) 79 9 1 66. 2 0 2 . 168 . 2 49 n etmask n at ( sf o-dc e-72 0 1) 19 9 9 10 . 2 3 1. 2 4. 0 2 55. 2 55. 2 55. n at ( sf o-dc e-72 0 1) 79 9 1 10 . 2 3 1. 3 2 . 0 2 55. 2 55. 2 55. n at ( sf o-dc e-72 0 1) 79 9 1 10 . 12 2 . 2 3 2 . 0 2 55. 2 55. 2 48 n at ( sf o-dc e-72 0 1) 19 9 9 172 . 2 3 . 168 . 0 2 55. 2 55. 2 48 n at ( sf o-dc e-72 0 1) 19 9 9 10 . 13 9 . 3 2 . 0 2 55. 2 55. 2 40 . serv ic e-pol ic y gl obal _ pol ic y gl obal prompt h ostn ame c on text C ryptoc h ec k sum:0 f 78 ee7ef 3 c 19 6a68 3 ae7a48 0 4c e119 2 : en d
J a n u a r y 1 8 , 2 0 0 8
p r in te d c o p y o f th is d o c u m e n t is c o n s id e r e d u n c o n tr o lle d .
R e g u s L A N /W A N
T r a n s p o r t D e s ig n
99
J a n u a r y 1 8 , 2 0 0 8
p r in te d c o p y o f th is d o c u m e n t is c o n s id e r e d u n c o n tr o lle d .
R e g u s L A N /W A N
T r a n s p o r t D e s ig n
1 0 0
A p p en d ix A
R eg u s I nt erim
D a ta Center
Cinc innati S ite P roj ec t Mg r: J osh Duerst IP Address Rang e: G l ue Link s:
I P T Sit e L ist
PO P
S an F ranc isc o
Site # 19 9 9
Dal l as, Texas Corporate O f f ic e (DALCO RP ) S uite 1400 Addison 15305 Dal l as P ark w ay
Dal l as, 75001 U nited S tates IP Address Rang e: G l ue Link s: Main Tel : + 1 972 361-8100
Site # 9 9 1
G l endal e, WI
J a n u a r y 1 8 , 2 0 0 8
p r in te d c o p y o f th is d o c u m e n t is c o n s id e r e d u n c o n tr o lle d .
R e g u s L A N /W A N
T r a n s p o r t D e s ig n
1 0 1
J a n u a r y 1 8 , 2 0 0 8
p r in te d c o p y o f th is d o c u m e n t is c o n s id e r e d u n c o n tr o lle d .
R e g u s L A N /W A N
T r a n s p o r t D e s ig n
1 0 2
A p p en d ix B
H ardw are B il l o f M at erial s
Th e f ol l ow ing h ardw are is b eing depl oyed at th e Reg us Drain Loc ations.
U nif ie d C o m m u nic at io ns M anag e r C l u s t e r C AL L M AN AG E R -5. 1 T o p L e v e l P a r t N u m b e r U s e d In O r d e r in g T o o M C S7845H 2-K 9 -C M A2 H W / SW C a l l M g r 5. 1 7845-H 2 Ap p l i a n c e , 0 Se C AB -AC P o w e r C o r d , 110 V C U O M SM -E V AL -K 9 C i s c o U n i f i e d O p e r a t i o n s M g r An d Se r v i c e M o SW -C U P 6. 0 -K 9 P U n i f i e d P r e s e n c e 6. 0 So f t w a r e - a v a i l a b l e w i t h U C C X -45-C M -B U N D L E 5 Se a t I P C C X E N H C C M B u n d l e - AV AI L AB L L I C -C M 5. 1-7845= L i c e n s e C a l l M g r 5. 1 7845 Ap p l i a n c e , 5, 0 0 0 s e
a ts
n it o r E v a l C D C C M E O N L Y W IT H C C M a t
6 6 6 6 6 6 6 30 30 2 2 2 2 2 2 2 2
U nif ie d C o m m u nic at io ns M anag e r - H ard w are and S o f t w are S u p p o rt ( 5 y e ars ) C O N -O SP -45H 2C M A2 O N SI T E 24X 7X 4 C a l l M g r 5. 1 7845-H 2 Ap p l i a n c e , 0 Se a t s C O N -E SW -C M 517845 E SSE N T I AL SW L i c e n s e C a l l M g r 5. 1 7845 Ap p , 5, 0 0 0 s e a t U nit U U U U U U U U y V N IT N IT N IT N IT N IT N IT N IT N IT o ic e m ail w it h F ail o v e r - 19 2 P o rt Y -B U N D L E U Y -4. X U Y -I P U Y -E X C H AN G E U Y -D S-E N G U Y -M S-E N G U Y 4. X -SL -M AX U Y -V M -U SR O s n it n it n it n it n it n it n it n e y B u n d le y 4. X y f o r C a llM a n a g e r , IP y fo r E x c h a n g e y D a t a St o r e - i n E n g y M e s s a g e St o r e i n E y s e r v e r lic e n s e f o r V U n it y V M U s e r
O n ly In te g r a t io n s lis h n g lis h . N o t r e q u ir e d fo r D o m in o . M o r U M . I n c l 9 6 s e s s i o n s . N o T T S.
U N I T Y -C L -U SR
U N I T Y -AD D L -L AN G U N I T Y -L I C -P O O L
O n e I M AP C l i e n t Ac c e s s u s e r l i c e n s e ( p r o m o p r i c e )
Su p p o r t f o r a n a d d i t i o n a l l a n g u a g e . M a y o r d e r u p t o 17.
U n i t y D a t a St o r e , r e q u i r e d f o r > 32 s e s s i o n s - P e r P r o c e s s o r U n i t y F a i l o v e r Se r v e r -33-9 6 P o r t s U n i t y O p e r a t i n g Sy s t e m 20 0 3 U n it y P o o le d L ic e n s e ( le t s m u lt ip le s e r v e r s s h a r e u s e r s )
2 2
1 1 0 3
p r in te d c o p y o f th is d o c u m e n t is c o n s id e r e d u n c o n tr o lle d .
C O N -O SP -U N I T Y -I P C O C O C O C O N -O N -E N -E N -E SP SW SW SW -45H -U N -U N -U N 2E IT Y IT Y I 4X C S1 4X -I P SL M
1 35 1 1 1 1 2 1 1 1 2 2 1 1 1 1 5 2 2 10 2 2 2 4 2 2 2 2 2 10 1 1 1 1 1 1 1 1 5 1 1 0 4
3845 I nt e g rat e d S e rv ic e s R o u t e r ( U nit C 3845-V SE C / K 9 C AB -AC P W R -3845-AC / 2 M E M 380 0 -512U 10 24D M E M 380 0 -128U 512C F P V D M 2-64 V W I C 2-2M F T -T 1/ E 1 S384AI SK 9 -1240 3 P W R -3845-AC R O U T E R -SD M P V D M 2-64 3845 I nt e g rat e d S e rv ic e s R o u t e r - H C O N -O SP -3845V K 9
y O u t d ial ) 3845 V o i c e Se c u r i t y B u n d l e , P V D M 2-64, Ad v I P P o w e r C o r d , 110 V C i s c o 3845 r e d u n d a n t AC p o w e r s u p p l y 512 t o 10 24M B D R AM f a c t o r y u p g r a d e f o r 380 128 t o 512M B C o m p a c t F l a s h f a c t o r y u p g r a d e 64-C h a n n e l P a c k e t V o i c e / F a x D SP M o d u l e 2-P o r t R J -48 M u l t i f l e x V o i c e / W AN T r u n k - T 1/ E C i s c o 3845 AD V AN C E D I P SE R V I C E S C i s c o 3845 AC p o w e r s u p p l y D e v ic e m a n a g e r fo r r o u te r s 64-C h a n n e l P a c k e t V o i c e / F a x D SP M o d u l e ard w are and S o f t w are S u p p o rt ( 5 y e ars ) O N SI T E 24X 7X 4 3845 V o i c e B u n d l e , P V a ta ly o w e r and S NSI T
Dat a C e nt e r S w it c h W S-C 3560 G -24T -S C C AB -AC P G ig ab it E t h e rne t S w it c h - H ard w are CO N-O SP -356 0G T S O
720 6V X R / N P E -G 2 720 6V X R w i t h N P E -G 2 i n c l u d e s 3G i g E / F E / E P o r t s a n d I P SW P W R -720 0 C i s c o 720 0 AC P o w e r Su p p l y O p t i o n P W R -720 0 / 2 C i s c o 720 0 R e d u n d a n t AC P o w e r Su p p l y O p t i o n ( 280 W ) C AB -AC P o w e r C o r d , 110 V S72P C -12231SB C i s c o 720 0 N P E G 2/ 720 1 I O S Se r i e s I P P L U S M E M -N P E -G 2-2G B 720 0 Se r i e s N P E -G 2 2G B M e m o r y , Sy s t e m SF P -G E -S 10 0 0 B ASE -SX SF P ( D O M ) N P E -G 2 720 0 s e r i e s N P E -G 2 e n g i n e w i t h 3 G E / F E / E p o r t s M E M -N P E -G 2-F L D 256 C i s c o 720 0 C o m p a c t F l a s h D i s k f o r N P E -G 2, 256 M B G at e w ay R o u t e rs - H ard w are S u p p o rt ( 5 y e ars ) C O N -O SP -720 6V X R N O N SI T E 24X 7X 4 720 6V X R w i t h N P E -G 2 S/ AE S
A d ap t iv e S e c u rit y A p p l ianc e ( F ire w al l - 1 p e r I nt e rne t Drain - 2 Drains ) ASA5550 -B U N -K 9 ASA 5550 Ap p l i a n c e w i t h SW , H A, 8G E + 1F E , 3D E C AB -AC P o w e r C o r d , 110 V SF -ASA-8. 0 -K 8 ASA 550 0 Se r i e s So f t w a r e v 8. 0 ASA550 0 -E N C R -K 9 ASA 550 0 St r o n g E n c r y p t i o n L i c e n s e ( 3D E S/ AE S) SSM -4G E -I N C SSM -4G E e m b e d d e d w i t h i n ASA 5550 s y s t e m s ASA-V P N -C L N T -K 9 C i s c o V P N C l i e n t So f t w a r e ( W i n d o w s , So l a r i s , L i n u ASA-180 W -P W R -AC ASA 180 W AC P o w e r Su p p l y ASA-AN Y C O N N -C SD -K 9 ASA 550 0 An y C o n n e c t C l i e n t + C i s c o Se c u r i t y D e s A d ap t iv e S e c u rit y A p p l ianc e - H ard w are and S o f t w are S u p p o rt ( 5 y e ars ) C O N -O SP -AS5550 B O N SI T E 24X 7X 4 ASA5550 w / SW , H A, 8G E + 1F E , R e m o t e A c c e s s S e rv e r ( f o r re m o t e o u t -o f -b and m anag e m e nt / d iag no s t ic s ) C I SC O 2811-16T S 2811 w / H W I C -16A a n d 2 C AB -H D 8-ASY N C
J a n u a r y 1 8 , 2 0 0 8
C o m p a n y C o n fid e n tia l.A
x , M a c ) k t o p So f t w a r e 3D E S/ AE S
T e r m i n a l Se r v e r
T r a n s p o r t D e s ig n
p r in te d c o p y o f th is d o c u m e n t is c o n s id e r e d u n c o n tr o lle d .
R e g u s L A N /W A N
C AB -AC S28N I P B -1240 7 C AB -H D 8-ASY N C P W R -2811-AC R O U T E R -SD M M E M 280 0 -256D -I N C M E M 280 0 -64C F -I N C H W I C -16A
B u n d le P o w e r C o r d , 110 V C i s c o 280 0 I P B ASE W / O C R Y P H i g h D e n s i t y 8-p o r t E I A-232 As y C i s c o 2811 AC p o w e r s u p p l y D e v ic e m a n a g e r fo r r o u te r s 256M B D D R D R AM M e m o r y f a c 64M B C F d e f a u l t f o r C i s c o 280 0 16-P o r t As y n c H W I C
T O n c C a b le t o r y d e f a u l t f o r t h e C i s c o 280 0 Se r i e s
1 1 2 1 1 1 1 1
S F O
Dat a C e nt e r S w it c h W S-C 3560 G -24T -S C C AB -AC P G ig ab it E t h e rne t S w it c h - H ard w are CO N-O SP -356 0G T S O
Data Center
a ta ly o w e r and S NSI T
1 1 5 2 4 4 4 2 1 2 10 1 1 1 1 1 1 1 1 5
CI SCO 7 201 Cisco 7 201 Ch a ssis, 1G B M em ory , Du a l P / S, 256 M B F l a sh P W R -7 201-AC Cisco 7 201 AC P ower Su p p l y op tion Sy stem CAB-AC P ower Cord, 110V S7 2P C-12231SB Cisco 7 200P I O S Series I P P LU S M EM -7 201-2G B Cisco 7 201 2G B M em ory op tion SF P -G E -S 10 0 0 B ASE -SX SF P ( D O M ) M EM -7 201-F LD256 Cisco 7 201 Com p a ct F l a sh Disk, 256 M B Sy stem G at e w ay R o u t e rs - H ard w are S u p p o rt ( 5 y e ars ) CO N-O SP -CI SC7 201 O NSI T E 24X 7 X 4 7 201 Ch a ssis, 1G B m em du a l P / S 256 m b f l sh S/ AE S
A d ap t iv e S e c u rit y A p p l ianc e ( F ire w al l - 1 p e r I nt e rne t Drain - 2 Drains ) ASA5550 -B U N -K 9 ASA 5550 Ap p l i a n c e w i t h SW , H A, 8G E + 1F E , 3D E C AB -AC P o w e r C o r d , 110 V SF -ASA-8. 0 -K 8 ASA 550 0 Se r i e s So f t w a r e v 8. 0 ASA550 0 -E N C R -K 9 ASA 550 0 St r o n g E n c r y p t i o n L i c e n s e ( 3D E S/ AE S) SSM -4G E -I N C SSM -4G E e m b e d d e d w i t h i n ASA 5550 s y s t e m s ASA-V P N -C L N T -K 9 C i s c o V P N C l i e n t So f t w a r e ( W i n d o w s , So l a r i s , L i n u ASA-180 W -P W R -AC ASA 180 W AC P o w e r Su p p l y ASA-AN Y C O N N -C SD -K 9 ASA 550 0 An y C o n n e c t C l i e n t + C i s c o Se c u r i t y D e s A d ap t iv e S e c u rit y A p p l ianc e - H ard w are and S o f t w are S u p p o rt ( 5 y e ars ) C O N -O SP -AS5550 B O N SI T E 24X 7X 4 ASA5550 w / SW , H A, 8G E + 1F E ,
x , M a c ) k t o p So f t w a r e 3D E S/ AE S
R e m o t e A c c e s s S e rv e r ( f o r re m o t e o u t -o f -b and m anag e m e nt / d iag no s t ic s ) 2811 w / H W I C -16A a n d 2 C AB -H D 8-ASY N C T e r m i n a l Se r v e r C I SC O 2811-16T S B u n d le C AB -AC P o w e r C o r d , 110 V S28N I P B -1240 7 C i s c o 280 0 I P B ASE W / O C R Y P T O C AB -H D 8-ASY N C H i g h D e n s i t y 8-p o r t E I A-232 As y n c C a b l e P W R -2811-AC C i s c o 2811 AC p o w e r s u p p l y R O U T E R -SD M D e v ic e m a n a g e r fo r r o u te r s M E M 280 0 -256D -I N C 256M B D D R D R AM M e m o r y f a c t o r y d e f a u l t f o r t h e C i s c o 280 0 M E M 280 0 -64C F -I N C 64M B C F d e f a u l t f o r C i s c o 280 0 Se r i e s H W I C -16A 16-P o r t As y n c H W I C
1 1 1 2 1 1 1 1 1
J a n u a r y 1 8 , 2 0 0 8
p r in te d c o p y o f th is d o c u m e n t is c o n s id e r e d u n c o n tr o lle d .
R e g u s L A N /W A N
T r a n s p o r t D e s ig n
1 0 5
G l o ssa r y
Th is sec tion prov ides def initions f or term s and ac ronym s used in th is doc um ent. S uppl y f rom Detail ed Desig n Doc um ent.
T erm P E Dra in or Acrony m Def inition
I nternet p eering l oca tion (u p to 8 Level -3 U S l oca tions consisting of Dra in CE, P E a nd I X C R ou ter)
CE
Sta nda rd M P LS P E th a t wil l receive a p rim a ry a nd seconda ry def a u l t f rom p rim a ry a nd seconda ry dra in p eers to Dra in CE Cu stom er Edge R ou ter a t Dra in Loca tion owned b y R egu s p eers to Dra in P E Border G a tewa y P rotocol
Dra in CE BG P
EI G R P
Dra in I X C R ou ter
Enh a nced I nterior G a tewa y R ou ting P rotocol P eers to Level -3 I nternet R ou ter
Corporate Headquarters
E uropean Headquarters
A m eri c as Headquarters
A si a P ac i f i c Headquarters
J a n u a r y 1 8 , 2 0 0 8
p r in te d c o p y o f th is d o c u m e n t is c o n s id e r e d u n c o n tr o lle d .
R e g u s L A N /W A N
T r a n s p o r t D e s ig n
1 0 6
C is c 1 7 0 S a n U S A w w w T e l:
o S y s te m s , In c . W e s t T a s m a n D riv e J o s e , C A 9 5 1 3 4 -1 7 0 6 m 8 5 2 6 -4 0 0 0 0 5 5 3 -N E T S ( 6 3 8 7 ) 8 5 2 6 -4 1 0 0
.c is c o .c o 4 0 8 0 F a x : 4 0
C is c o S y 1 1 R u e C 9 2 7 8 2 Is C e d e x 9 F ra n c e w w w -e u T e l: F a x :
s te m s E u ro p e a m ille D e s m o u lin s s y -L e s -M o u l i n e a u x r o p e .c is c o .c o m 3 3 1 5 8 0 4 6 0 0 0 3 3 1 5 8 0 4 6 1 0 0
C is c o 1 7 0 W S a n J U S A w w w T e l: F a x :
S y s te m s , In c . e s t T a s m a n D riv e o s e , C A 9 5 1 3 4 -1 7 0 6 .c is c o .c o m 4 0 8 5 2 6 -7 6 6 0 4 0 8 5 2 7 -0 8 8 3
C is c o S y s L e v e l 9 , 8 P .O . B o x N o rth S y d N S W 2 0 6 w w w .c is c T e l: F a x :
F ranc e G ermany G reec e H o ng K o ng S AR H ungary I nd ia I nd o nesia I reland I srael I taly J ap an K o rea L ux emb o urg S lo v ak ia S lo v enia S o uth Af ric a S p ain S w ed en S w itzerland V ietnam Z imb ab w e
J a n u a r y 1 8 , 2 0 0 8
p r in te d c o p y o f th is d o c u m e n t is c o n s id e r e d u n c o n tr o lle d .
R e g u s L A N /W A N
T r a n s p o r t D e s ig n
1 0 7