Draft - Layer 3 LLD

TM
Advanced Services
R e g u s B G P a n d D a ta N e tw o rk
Low Level D es i g n V er s i on 1 . 1
C o rp o ra te C is c o 1 7 0 W e s t S a n J o s e , U S A h ttp ://w w w T e l: 4 0 8 0 F a x : 4 0
H e a d q u a rte r s T a s m a n D r iv e C A 9 5 1 3 4 -1 7 0 6 .c 8 0 8 is 5 5 5 c o 2 6 5 3 2 6 .c -4 -N -4 o m 0 0 0 E T S (6 3 8 7 ) 1 0 0
T H E S P E C IF IC A T IO N S A N D IN F O R M A T IO N R E G A R D IN G T H E P R O D U C T S IN T H IS M A N U A L A R E S U B J E C T T O C H A N G E W IT H O U T N O T IC E . A L L S T A T E M E N T S , IN F O R M A T IO N , A N D R E C O M M E N D A T IO N S IN T H IS M A N U A L A R E B E L IE V E D T O B E A C C U R A T E B U T A R E P R E S E N T E D W IT H O U T W A R R A N T Y O F A N Y K IN D , E X P R E S S O R IM P L IE D . U S E R S M U S T T A K E F U L L R E S P O N S IB IL IT Y F O R T H E IR A P P L IC A T IO N O F A N Y P R O D U C T S . T H E S O F T W A R E L IC E N S E A N D L IM IT E D W A R R A N T Y F O R T H E A C C O M P A N Y IN G P R O D U C T A R E S E T F O R T H IN T H E IN F O R M A T IO N P A C K E T T H A T S H IP P E D W IT H T H E P R O D U C T A N D A R E IN C O R P O R A T E D H E R E IN B Y T H IS R E F E R E N C E . IF Y O U A R E U N A B L E T O L O C A T E T H E S O F T W A R E L IC E N S E O R L IM IT E D W A R R A N T Y , C O N T A C T Y O U R C IS C O R E P R E S E N T A T IV E F O R A C O P Y . T h p u e n h a c o e f o l l o w i n g i n f o r m a ti o n i s f o r F C C c o r s u a n t to p a r t 1 5 o f th e F C C r u l e s . T h e v i r o n m e n t. T h i s e q u i p m e n t g e n e r a te s , r m f u l i n te r f e r e n c e to r a d i o c o m m u n i c a r r e c t th e i n te r f e r e n c e a t th e i r o w n e x p e g in fo rm a c c o rd a n c e th e l i m i ts a in s ts u c h ti o w fo in n is fo r i th C i s c r a C la s te r f e r e n F C o s s B c e C c in s d ig in a m p lia n c e s e l i m i ts u se s, a n d ti o n s . O p n se . n c e n in v ic e n ti a o f C la s s A d e v ic a r e d e s i g n e d to p c a n r a d i a te r a d i o e r a ti o n o f th i s e q o f C la s s B s tr u c ti o n s , in a c c o rd a l i n s ta l l a ti o d e v itm n c e n . H e s: T ro v id -f r e q u ip m h is e q u ip m e re a so n a b u e n c y e n e r e n tin a re s e in sp th q u ip m te r f e r e c ific e re is e n le g y id th a s b e e p r o te c ti o a n d , if n e n ti a l a r e n te s te d a n d n a g a in s th a o t i n s ta l l e d a i s l i k e l y to fo u n d rm fu l a n d u s c a u se to c o i n te r f e d in h a rm e n re le w m p l y w i th th e l i m i ts f o r a e r e n c e w h e n th e e q u i p m e n a c c o r d a n c e w i th th e i n s tr u f u l i n te r f e r e n c e , i n w h i c h C la tis c ti o c a s ss A o p e n m e u s d i g i ta l r a te d i n a n u a l, m e rs w ill d e v ic e , a c o m m e rc ia l a y c a u se b e r e q u i r e d to
T h e f o llo w in i n s ta l l e d i n a c o m p l y w i th p r o te c ti o n a g
o m p lia ta l l a ti o i ta l d e re s id e
ic e s : T h e a y c a u se w i th th e o w e v e r,
e n td e s c r ib e d in e n c e w i th r a d i o a a ti o n s i n p a r t 1 5 n o g u a r a n te e th a
th i s m a n u a l g n d te l e v i s i o n o f th e F C C r u t i n te r f e r e n c e
e r a te s a n d c e p ti o n . T h s. T h e se sp ill n o to c c u
m a y r a d i a te r a d i o -f r e is e q u ip m e n th a s b e e e c i f i c a ti o n s a r e d e s i g r i n a p a r ti c u l a r i n s ta
q u n n e lla
e n c y e n e rg y . If itis n o t te s te d a n d f o u n d to d to p r o v i d e r e a s o n a b l e ti o n .
Y o u c a n d e te r m i n e w h e th e r y o u r e q u i p m e n t i s c a u s i n g i n te r f e r e n c e b y tu r n i n g i t o f f . I f th e i n te r f e r e n c e s to p s , i t w a s p r o b a b l y c a u s e d b y th e C i s c o e q u i p m e n t o r o n e o f i ts p e r i p h e r a l d e v i c e s . I f th e e q u i p m e n t c a u s e s i n te r f e r e n c e to r a d i o o r te l e v i s i o n r e c e p ti o n , tr y to c o r r e c t th e i n te r f e r e n c e b y u s i n g o n e o r m o r e o f th e f o l l o w i n g m e a s u r e s : T u r n th e te l e v i s i o n o r r a d i o a n te n n a u n ti l th e i n te r f e r e n c e s to p s . M o v e th e e q u i p m e n t to o n e s i d e o r th e o th e r o f th e te l e v i s i o n o r r a d i o . M o v e th e e q u i p m e n t f a r th e r a w a y f r o m th e te l e v i s i o n o r r a d i o . th e te l e v i s i o n o r r a d i o . ( T h a t i s , m a k e c e r ta i n th e e q u i p m e n t a n d th e te l e v i s i o n o r r a d i o a r e o n c i r c u i ts P l u g th e e q u i p m e n t i n to a n o u tl e t th a t i s o n a d i f f e r e n t c i r c u i t f r o m c o n tr o l l e d b y d i f f e r e n t c i r c u i t b r e a k e r s o r f u s e s . )
M o d i f i c a ti o n s to th i s p r o d u c t n o t a u th o r i z e d b y C i s c o S y s te m s , I n c . c o u l d v o i d th e F C C a p p r o v a l a n d n e g a te y o u r a u th o r i ty to o p e r a te th e p r o d u c t. T h e f o l l o w i n g th i r d -p a r ty s o f tw a r e m a y b e i n c l u d e d w i th y o u r p r o d u c t a n d w i l l b e s u b j e c t to th e s o f tw a r e l i c e n s e a g r e e m e n t: C i s c o W o r k s s o f tw a r e a n d d o c u m e n ta ti o n a r e b a s e d i n p a r t o n H P O p e n V i e w u n d e r l i c e n s e f r o m P a c k a r d C o m p a n y . C o p y r i g h t 1 9 9 2 , 1 9 9 3 H e w l e tt-P a c k a r d C o m p a n y . th e H e w l e tt-P a c k a r d C o m p a n y . H P O p e n V i e w i s a tr a d e m a r k o f th e H e w l e tt-
T h e C i s c o i m p l e m e n ta ti o n o f T C P h e a d e r c o m p r e s s i o n i s a n a d a p ta ti o n o f a p r o g r a m d e v e l o p e d b y th e U n i v e r s i ty o f C a l i f o r n i a , B e r k e l e y ( U C B ) a s p a r t o f U C B s p u b l i c d o m a i n v e r s i o n o f th e U N I X o p e r a ti n g s y s te m . A l l r i g h ts r e s e r v e d . C o p y r i g h t 1 9 8 1 , R e g e n ts o f th e U n i v e r s i ty o f C a l i f o r n i a . N e tw o r k T i m e P r o to c o l ( N T P ) . C o p y r i g h t 1 9 9 2 , D a v i d L . M i l l s . T h e U n i v e r s i ty o f D e l a w a r e m a k e s n o r e p r e s e n ta ti o n s a b o u t th e s u i ta b i l i ty o f th i s s o f tw a r e f o r a n y p u rp o se . P o i n t-to -P o i n t P r o to c o l . C o p y r i g h t 1 9 8 9 , C a r n e g i e -M e l l o n U n i v e r s i ty . A l l r i g h ts r e s e r v e d . T h e n a m e o f th e U n i v e r s i ty m a y n o t b e u s e d to e n d o r s e o r p r o m o te p r o d u c ts d e r i v e d f r o m th i s s o f tw a r e w i th o u t s p e c i f i c p r i o r w r i tte n p e r m i s s i o n . T h e C i s c o i m p l e m e n ta ti o n o f T N 3 2 7 0 i s a n a d a p ta ti o n o f th e T N 3 2 7 0 , c u r s e s , a n d te r m c a p p r o g r a m s d e v e l o p e d b y th e U n i v e r s i ty o f C a l i f o r n i a , B e r k e l e y ( U C B ) a s p a r t o f th e U C B s p u b l i c d o m a i n v e r s i o n o f th e U N I X o p e r a ti n g s y s te m . A l l r i g h ts r e s e r v e d . C o p y r i g h t 1 9 8 1 -1 9 8 8 , R e g e n ts o f th e U n i v e r s i ty o f C a l i f o r n i a . C i s c o i n c o r p o r a te s F a s tm a c a n d T r u e V i e w s o f tw a r e a n d th e R i n g R u n n e r c h i p i n s o m e T o k e n R i n g p r o d u c ts . F a s tm a c s o f tw a r e i s l i c e n s e d to C i s c o b y M a d g e N e tw o r k s L i m i te d , a n d th e R i n g R u n n e r c h i p i s l i c e n s e d to C i s c o b y M a d g e N V . F a s tm a c , R i n g R u n n e r , a n d T r u e V i e w a r e tr a d e m a r k s a n d i n s o m e j u r i s d i c ti o n s r e g i s te r e d tr a d e m a r k s o f M a d g e N e tw o r k s L i m i te d . C o p y r i g h t 1 9 9 5 , M a d g e N e tw o r k s L i m i te d . A l l r i g h ts r e s e r v e d . X r e m o te i s a tr a d e m a r k o f N e tw o r k C o m p u ti n g D e v i c e s , I n c . C o p y r i g h t 1 9 8 9 , N e tw o r k C o m p u ti n g D e v i c e s , I n c . , M o u n ta i n V i e w , C a l i f o r n i a . N C D m a k e s n o r e p r e s e n ta ti o n s a b o u t th e s u i ta b i l i ty o f th i s s o f tw a r e f o r a n y p u r p o s e . T h e X W i n d o w S y s te m N O A L L IM D E T W I L F A IT A A L IN T H S T A N U L T S . C T IO N , T G , U S A i s a tr a d e m a r k o f th e X C o n s o r ti u m , C a m b r i d g e , M a s s a c h u s e tts . A l l r i g h ts r e s e r v e d . O T H E T H E A E R C H D E P R R W B O A N A C A V E T A T I R R -N B I C E A N T Y H E R E IN , A L L D O C U M E N T F IL E S A N D S O F T W A R E O F T H E S E S U P P L IE R S A R E P R O V ID E D A S IS W IT H A M E D S U P P L IE R S D IS C L A IM A L L W A R R A N T IE S , E X P R E S S E D O R IM P L IE D , IN C L U D IN G , W IT H O U T L IT Y , F IT N E S S F O R A P R A C T IC A L P U R P O S E A N D N O N IN F R IN G E M E N T O R A R IS IN G F R O M A C O U R S E O F . D IN G A N Y IS C O A N D H O S E O F M G E , O R T R A
IN N O E V E N T S H A L L C IS C O O R IT S S U P P L IE R S B E L IA B L E F O R A N Y IN D IR E C T , S P E C IA L , C O N S E Q U E N T IA L , O R IN C ID E N T A L D A M A G E S , IN C L U D IN G , W IT H O U T L IM IT A T IO N , L O S T P R O F IT S O R L O S S O R D A M A G E T O D A T A A R IS IN G O U T O F T H E U S E O R IN A B IL IT Y T O U S E T H IS M A N U A L , E V E N IF C IS C O O R IT S S U P P L IE R S H A V E B E E N A D V IS E D O F T H E P O S S IB IL IT Y O F S U C H D A M A G E S . A c c e s s P a th , A tm D i r e c to r , B r o w s e w i th M e , C C D E , C C I P , C C S I , C D -P A C , CiscoLink, th e C i s c o N e tW or ks l o g o , th e C i s c o P ow e r e d N e tw o r k l o g N e tw o r k i n g A c a d e m y , F a s t S te p , F o l l o w M e B r o w s i n g , F o r m S h a r e , F r a m e S h a r e , G i g a S ta c k , I G X , I n te r n e t Q u o ti e n t, I P / V C , i Q B r e a k th r o u g h , i Q th e i Q l o g o , i Q N e t R e a d i n e s s S c o r e c a r d , M G X , th e N e tw o r k e r s l o g o , P a cke t , R a te M U X , S c r i p tB u i l d e r , S c r i p tS h a r e , S l i d e C a s t, S M A R T n e t, T r a n W a v e l e n g th R o u te r , a n d W e b V i e w e r a r e tr a d e m a r k s o f C i s c o S y s te m s , I n c . ; C h a n g i n g th e W a y W e W o r k , L i v e , P l a y , a n d L e a r n , D i s c o v e r A l l T h E m p o w e r i n g th e I n te r n e t G e n e r a ti o n , a r e s e r v i c e m a r k s o f C i s c o S y s te m s , I n c . ; a n d A i r o n e t, A S I S T , B P X , C a ta l y s t, C C D A , C C D P , C C I E , C C N A C e r ti f i e d I n te r n e tw o r k E x p e r t L o g o , C i s c o I O S , th e C i s c o I O S l o g o , C i s c o S y s te m s , C i s c o S y s te m s C a p i ta l , th e C i s c o S y s te m s l o g o , E n te r p r i s e / S o E th e r S w i tc h , F a s tH u b , F a s tS w i tc h , I O S , I P / T V , L i g h tS tr e a m , M I C A , N e tw o r k R e g i s tr a r , P I X , P o s t-R o u ti n g , P r e -R o u ti n g , R e g i s tr a r , S tr a ta V i e w P T e l e R o u te r , a n d V C O a r e r e g i s te r e d tr a d e m a r k s o f C i s c o S y s te m s , I n c . a n d / o r i ts a f f i l i a te s i n th e U . S . a n d c e r ta i n o th e r c o u n tr i e s . o , C i s c o S y s te m s E x p e r ti s e , i Q F a s tT r a s P a th , U n i ty , V o i c e L a t s P o s s i b l e , a n d , C C N P , C i s c o , th e C l v e r , E th e r C h a n n e l , l u s , S tr a tm , S w i tc h P r c k , A N , is c o o b e ,
A l l o th e r tr a d e m a r k s m e n ti o n e d i n th i s d o c u m e n t o r W e b s i te a r e th e p r o p e r ty o f th e i r r e s p e c ti v e o w n e r s . T h e u s e o f th e w o r d p a r tn e r d o e s n o t i m p l y a p a r tn e r s h i p r e l a ti o n s h i p b e tw e e n C i s c o a n d a n y o th e r c o m p a n y . ( 0 1 0 5 R ) IN T E L L E C T U A L P R O P E R T Y R IG H T S : T H S H W S Y T H IS D O A L L N R IT T E S T E M E P R O C U M E N T C O N O T B E D IS C L N N O N -D I S C L S , IN C . T H E D D U C T (S ), T E C T A IN O S E D O S U R IS T R I H N O S V T O E A B U T L O G A L A N N D IO Y U A Y P R N O O F B L E P E R S O P R F T H IN T E T R O N IE T IS L L A D , O A R D O E C E S E R G A Y R C U M T U A C R E T N IZ A IG H T S E N T L P R O S A N D C O T IO N , O R A G R E E M D O E S N O P E R T Y D N F E N E N T G E S C ID E N T IT Y T O R R A N T R IB E T IA L U N L E IN T E A N Y D H E IN F O R M S S S U C L L E C T U L IC E N R E IN . A T H D A L S E I IO N O IS C L O P R O P N O R F C S U E R R IG IS C R E T Y H T O S Y IS S U L IC E S , IN S T E B J E N S E W H M S C T A G O L E , IN T O R E O C . A T H E E M E R IN N D P R N T P A IT S O V I A P P R T , T S U S IO R O O P P L N S V E D T H E IE R S , A N D O F A B Y C IS C O C O N T E N T ,
C o p y r i g h t 2 0 0 1 -2 , C i s c o S y s te m s , I n c . A l l r i g h ts r e s e r v e d . C O M M E R C I A L I N C O N F ID E N C E .
J a n u a r y 1 8 , 2 0 0 8
C o m p a n y C o n fid e n tia l.A
p r in te d c o p y o f th is d o c u m e n t is c o n s id e r e d u n c o n tr o lle d .
R e g u s L A N /W A N
T r a n s p o r t D e s ig n
Introduction.................................................................................................................................... 8 E x e cutiv e S um m a ry ................................................................................................................. 8 D ocum e nt P urp os e ................................................................................................................... 8
Inte nde d A udie nce ................................................................................................................... 9
S cop e ......................................................................................................................................... 9
D ocum e nt U s a g e G uide l ine s ................................................................................................... 9
A s s um p tions a nd C a v e a ts ...................................................................................................... 9
A b out T h is D e s ig n D ocum e nt .................................................................................................... 1 0 H is tory ..................................................................................................................................... 1 0 R e v ie w ..................................................................................................................................... 1 0
S ide s y m b ol s .......................................................................................................................... 1 1
R e l a te d D ocum e nts ................................................................................................................ 1 1
P roj e ct O v e rv ie w .......................................................................................................................... 1 2 N e tw ork O b j e ctiv e s ................................................................................................................ 1 2 D e s ig n A s s um p tions a nd C a v e a ts ....................................................................................... 1 2
C urre nt D a ta N e tw ork D e s ig ns ................................................................................................... 1 4 G l ob a l S ite C l a s s if ica tions .................................................................................................... 1 4 C l a s s if ica tion b y S e rv ice s ..................................................................................................... 1 4
G l ob a l S ite S ol ution S ta nda rds ............................................................................................. 1 6
Ex cep tions ......................................................................................................................................... 16
U .S Site Brea kdown .......................................................................................................................... 15
Sta r Network ..................................................................................................................................... 15
Converged Network Services (CNS) ................................................................................................ 15
Sta r (Concep t) ................................................................................................................................... 19 Inte rim D a ta N e tw ork A rch ite cture ............................................................................................ 2 0 D e s ig n S cop e ............................................................................................................. 2 0
NCO -Lite .......................................................................................................................................... 18
NCO -CM ........................................................................................................................................... 18
CNS P h a se 1(B) ................................................................................................................................ 18
CNS P h a se 1(A) ................................................................................................................................ 17
Step Z ero U .S .................................................................................................................................... 17
H y b rid U .S ........................................................................................................................................ 17
Step Z ero EM EA............................................................................................................................... 17
Step Z ero U .K ................................................................................................................................... 17
F ra m ework U .K / EM EA .................................................................................................................. 16
F ra m ework U .S ................................................................................................................................. 16
Inte rim
T e rm inol og y ............................................................................................................................ 2 0
N e tw ork T op ol og y .................................................................................................................. 2 1
P h y s ica l C onne ctiv ity O v e rv ie w ........................................................................................... 2 2
Core F a cing I nterf a ces ...................................................................................................................... 22 N e tw ork D e s ig n C om p one nts .................................................................................................... 2 3 B orde r G a te w a y P rotocol ( B G P ) ........................................................................................... 2 3 BG P Au tonom ou s Sy stem BG P T op ol ogy La y ers....................................................................................................................... 24 Nu m b er (ASN) ....................................................................................... 25
P E to CE F a cing I nterf a ces ............................................................................................................... 22
E nh a nce d Inte rior G a te w a y P rotocol ( E IG R P ) ..................................................................... 2 9 EI G R P R ou ter I D .............................................................................................................................. 29 EI G R P Au tonom ou s Sy stem Nu m b er ............................................................................................... 29
Su m m a ry of BG P Design.................................................................................................................. 28
BG P Def a u l t R ou tes .......................................................................................................................... 27
BG P Neigh b or Descrip tion ............................................................................................................... 27
BG P Log Neigh b or Ch a nges............................................................................................................. 27
BG P M a x im u m
BG P Au th entica tion .......................................................................................................................... 26 P ref ix es ................................................................................................................... 26
BG P R edistrib u tion ........................................................................................................................... 26
BG P Send Com m u nity ...................................................................................................................... 25
BG P R ou ter I D.................................................................................................................................. 25
Q ua l ity of S e rv ice ( Q oS ) ........................................................................................................ 3 1
Su m m a ry of EI G R P Design .............................................................................................................. 30
EI G R P Def a u l t / Su m m a ry R ou te ..................................................................................................... 30
EI G R P R edistrib u tion ....................................................................................................................... 30
EI G R P R ou te Annou ncem ents.......................................................................................................... 29
EI G R P P a ssive I nterf a ce Def a u l t ...................................................................................................... 29
I nternet Egress Q oS P ol icy ............................................................................................................... 38

J a n u a r y 1 8 , 2 0 0 8 R e g u s L A N /W A N T r a n s p o r t D e s ig n
Q u eu ing on th e I P P h one................................................................................................................... 38
Switch Q oS Q u eu e T u ning............................................................................................................. 37
Switch Q oS - R em a rking T ra f f ic ...................................................................................................... 36
Level -3 M P LS Q oS Service Cl a ss M a p p ing ..................................................................................... 36
Dedica ted Q u eu e Ba ndwidth Siz ing ................................................................................................. 35
Service P ol icies ................................................................................................................................. 34
Q oS Cl a sses....................................................................................................................................... 33
Sh a red Q u eu e Ba ndwidth Siz ing....................................................................................................... 33
P ol icing ............................................................................................................................................. 32
I nitia l Site Access Ba ndwidth ........................................................................................................... 32
R em ote Site Ba ndwidth O n Dem a nd ................................................................................................ 31
N a m ing C onv e ntions a nd A dditiona l S e rv ice s ................................................................... 4 2
Su m m a ry of Q oS Design .................................................................................................................. 41
P O P Egress M P LS Q oS P ol icy ......................................................................................................... 40
Da ta Center Egress M P LS Q oS P ol icy ............................................................................................. 39
CDP Services .................................................................................................................................... 49 S ite D e s ig ns ................................................................................................................................. 5 0 S ite R oute r D e s ig n ................................................................................................................. 5 0
AAA Services ................................................................................................................................... 48
O u t of Ba nd M a na gem ent ................................................................................................................. 48
I n Ba nd M a na gem ent (SSH ) ............................................................................................................. 48
Network T im e P rotocol (NT P ).......................................................................................................... 47
Sy sl og Servers................................................................................................................................... 47
Sim p l e Network M a na gem ent P rotocol (SNM P ).............................................................................. 47
Dom a in Na m e Service (DNS)........................................................................................................... 47
I P Addressing (P u b l ic a nd P riva te) ................................................................................................... 43
Na m ing Convention .......................................................................................................................... 42
S ite S w itch ing D e s ig n ............................................................................................................ 5 8 CE R ou ter Link ................................................................................................................................. 58 Switch T op ol ogy ............................................................................................................................... 58
Su m m a ry of Site R ou ter Design........................................................................................................ 57
DH CP Services ................................................................................................................................. 56
M u sic O n H ol d.................................................................................................................................. 56
P IM
M u l tica st ........................................................................................................................................... 55 ................................................................................................................................................... 55
Q u a l ity of Service ............................................................................................................................. 55
I nb ou nd ACL .................................................................................................................................... 55
I nsp ection R u l es ................................................................................................................................ 53
IO SF W
BG P Conf igu ra tion ........................................................................................................................... 52 ............................................................................................................................................. 53
EI G R P I nterf a ce Connectivity .......................................................................................................... 52
EI G R P P rocess .................................................................................................................................. 52
W AN Connectivity ............................................................................................................................ 51
M u l tica st ........................................................................................................................................... 6 1
V T P ................................................................................................................................................... 6 1
F a st Eth ernet P orts ............................................................................................................................ 6 0
V LAN I nterf a ces............................................................................................................................... 6 0
V LAN Def initions............................................................................................................................. 59
EI G R P P rocess .................................................................................................................................. 59
I nter-Switch T ru nks .......................................................................................................................... 58
C incinna ti D a ta C e nte r D e s ig n.............................................................................................. 7 1
Su m m a ry of Site Switch Design ....................................................................................................... 7 0
Attenda nt Consol e (EV O ) Q oS ......................................................................................................... 6 9
Q u a l ity of Service ............................................................................................................................. 6 9
M a na gem ent V LAN.......................................................................................................................... 6 8
P ower over Eth ernet (P oE)................................................................................................................ 6 8
Sp a nning T ree ................................................................................................................................... 6 7
Secu rity Service Access List ............................................................................................................. 6 4
Secu rity Service Cl a sses ................................................................................................................... 6 4
R em ote Site Secu rity ......................................................................................................................... 6 3
Switch SDM
I G M P Snoop ing ................................................................................................................................ 6 2 T em p l a te...................................................................................................................... 6 3
P IM
Stu b ........................................................................................................................................... 6 2
S a n F ra ncis co P O P D e s ig n ................................................................................................... 7 7
Su m m a ry of Da ta Center Design ...................................................................................................... 7 6
O O B M a na gem ent R ou ter................................................................................................................. 7 6
V T P ................................................................................................................................................... 7 5
Sp a nning T ree ................................................................................................................................... 7 5
M a na gem ent V LAN.......................................................................................................................... 7 5
DC Switch 2 U nity Dia l -O u t R ou ter ................................................................................................. 7 4
DC Switch 1 to DC Switch 2 V LAN ................................................................................................ 7 4
DC Switch 1 &
Eth erCh a nnel DC Switch 1 &
DC Switch
DC Switch 1 to Dra in CE................................................................................................................... 7 2 2 to Dra in CE .............................................................................................................. 7 3 2 to ASA .................................................................................................................. 7 4 2 ........................................................................................................ 7 3
V LAN Def initions............................................................................................................................. 7 2
R e g us D ra in S ite &
Su m m a ry of P O P Design .................................................................................................................. 8 0 Inte rne t A cce s s D e s ig n ........................................................................ 81
O O B M a na gem ent R ou ter................................................................................................................. 8 0
V T P ................................................................................................................................................... 7 9
Sp a nning T ree ................................................................................................................................... 7 9
M a na gem ent V LAN.......................................................................................................................... 7 8
P op Switch 1 to ASA ........................................................................................................................ 7 8
P op Switch 1 to Dra in CE ................................................................................................................. 7 8
V LAN Def initions............................................................................................................................. 7 7
Dra in CE to P E Connectivity a nd I X C P eering................................................................................. 8 5

BG P I X C R ou ting P ol icy .................................................................................................................. 8 4 6
Sy m m etrica l R ou ting Sol u tion .......................................................................................................... 8 3
T h e Need f or Sy m m etry : M u l tip l e Dra in Ch a l l enges ....................................................................... 8 2
BG P Dra in Concep t a nd Loca tions ................................................................................................... 8 1
Su m m a ry of Dra in Site Design ......................................................................................................... 9 1 S of tw a re R e l e a s e s ....................................................................................................................... 93 R oute r T e m p l a te s ........................................................................................................................ 94 7 201/ 7 206 Dra in CE R ou ter T em p l a te.............................................................................................. 9 5
ASA V P N U sers................................................................................................................................ 9 0
ASA Access V P N ............................................................................................................................. 9 0
CE Access &
ASA F W
ASA R ol e a nd NAT Connectivity ..................................................................................................... 8 6 R u l es.................................................................................................................................. 8 7 Site to Site V P Ns ........................................................................................................ 8 8
38 45 CE R ou ter T em p l a te................................................................................................................. 9 4
356 0 R ou ter T em p l a te (P O P ).......................................................................................................... 100 A p p e ndix A ................................................................................................................................. 1 0 1 R e g us Inte rim
356 0 Switch T em p l a te (Da ta Center) .............................................................................................. 100
356 0 Switch T em p l a te (Site)........................................................................................................... 100
356 0-R Switch T em p l a te (Site)....................................................................................................... 100
ASA 5500 F irewa l l T em p l a te ........................................................................................................... 9 8
7 201/ 7 206 I X C R ou ter T em p l a te ...................................................................................................... 9 6
Site # 9 9 1 ......................................................................................................................................... 101 A p p e ndix B ................................................................................................................................. 1 0 3 H a rdw a re B il l of M a te ria l s ................................................................................................... 1 0 3 G l os s a ry ..................................................................................................................................... 1 0 6
Site # 19 9 9 ....................................................................................................................................... 101
P O P ................................................................................................................................................. 101
Da ta Center ..................................................................................................................................... 101
IP T S ite L is t .................................................................................................. 1 0 1
J a n u a r y 1 8 , 2 0 0 8
Introduction
E x ecu t ive Su m m ary
Th is doc um ent is a Low Lev el Desig n (LLD) doc um ent desc rib ing th e Reg us N etw ork . It is b uil t b ased upon inf orm ation c ontained in th e H LD (H ig h Lev el Desig n) doc um ent.
Th is desig n im pl em ents Cisc o and industry b est prac tic e desig n m odel s, w h il e sim ul taneousl y inc orporating th e desig n requirem ents prov ided to Cisc o b y Reg us w h ic h c onsist of : H ig h l y S c al ab l e and F l exib l e B G P Desig n f or up to 3000 Reg us S ite routers c onnec ted to up to 8 Drain Loc ations in th e U S Desig n B G P P eering f or Rem ote S ites Rev iew and Depl oy Existing P h ase A S ite L3/ L2 Connec tiv ity at Data Center and Rem ote S ites F l exib l e Desig n to support Inter P rov ider MP LS P eering if nec essary P roj ec t Requires 1 P O P & end of April 2008 S ym m etric al Routing w ith Central iz ed N AT F unc tion (Dec entral iz ed f or S tatic N AT)
1 Data Centers, 3 Rem ote S ites to b e b roug h t onl ine b y
D o cu m ent P u rp o se
Th e purpose of th is doc um ent is to outl ine Cisc os Low Lev el Desig n (LLD) f or th e Reg us proj ec t. It detail s th e ph ysic al and l og ic al requirem ents and steps nec essary to m eet th ese requirem ents.
Th is doc um ent prov ides an ov eral l assessm ent of th e netw ork desig n and spec if ic operational f unc tions. Th e ob serv ations and sug g estions presented in th is doc um ent are th e resul t of inf orm ation ac quired f rom Reg us eng ineers during desig n sessions, tel ec onf erenc es, v isits, and/ or v ia doc um entation suppl ied to Cisc o. Th e doc um ent prov ides suf f ic ient detail to deriv e th e dev ic e c onf ig urations th at w il l b e doc um ented in th e N etw ork Im pl em entation P l an. Th e doc um ent c onsists of th e c onf ig uration tem pl ates f or eac h dev ic e type f or th e Interim Desig n. S om e param eters m ay b e f ine tuned during netw ork depl oym ent.
J a n u a r y 1 8 , 2 0 0 8
R e g u s
I nt ended Au dience
Th e intended audienc e of th is doc um ent is th e Reg us tec h nic al staf f and m anag em ent as w el l as Cisc o S ystem s and P artner depl oym ent eng ineers.
Sco p e
Th e sc ope of th is doc um ent is to identif y and doc um ent th e detail s nec essary to deriv e c onf ig uration tem pl ates f or rol e spec if ic dev ic es. Th ese dev ic es inc l ude Routers, S w itc h es and F irew al l s.
D o cu m ent U sag e G u idel ines

Th is doc um b uil d c onf ig serv ic es. Th dec isions w
Af ter ac c eptanc e of th e LLD b y Reg us, th e LLD doc um ent is stil l a l iv ing doc um ent th at w il l b e updated b y experienc es g ained th roug h out th e depl oym ent ph ase.
ent sh oul d b e used as a g uidel ine f or extrac ting th e nec essary inf orm ation to urations th at al l ow th e v arious netw ork el em ents to prov ide th e required is w il l al so al l ow th e depl oym ent eng ineer/ partner to m ak e appropriate h en depl oying and c onf ig uring th e netw ork .
Assu m p t io ns and C aveat s
It is assum ed th e reader is f am il iar w ith th e Reg us serv ic e requirem ents. F urth erm ore, it is al so assum ed th e reader is f am il iar w ith Cisc o IO S and h as a b asic understanding of th e netw ork and tec h nol og ies th at w il l b e used to f ul f il l Reg uss requirem ents.
J a n u a r y 1 8 , 2 0 0 8
A b out T h is D esig n D ocum ent

Auth or: Cisc o Adv anc ed S erv ic es Matt B irk ner and Darel l G odeaux Cisc o Adv anc ed S erv ic es
Ch ang e Auth ority:
H ist o ry
0.8 8 V e rs ion N o. 1/ 10/ 2008 1/ 17 / 2008 Is s ue D a te Dra f t S ta tus F irst rel ea se R e a s on f or C h a ng e 1.1
R eview
R e v ie w e r s D e ta il s V e rs ion N o. D a te
Ch a nge F oreca st: Low
T h is d o c u m e n t w ill b e k e p t u n d e r r e v is io n c o n tr o l.
J a n u a r y 1 8 , 2 0 0 8
1 0
Side sy m b o l s
Th is sym b ol m eans note. Th e user m ust add inf orm ation, w ritten or typed; to th e doc um ent during th e im pl em entation w ork or th at th e user m ust tak e note of th e inf orm ation presented.
R el at ed D o cu m ent s
R e f e re nce 1 2 3 D ocum e nt V e rs ion 11 1.0 N/ A
IB M Data N etw ork and Voic e Arc h itec ture Cisc o P roduc t Doc um entation
Cisc o H ig h Lev el Desig n Doc um ent (H LD) h ttp:/ / w w w .c isc o.c om / univ erc d/ c c / td/ doc / produc t/ index.h tm
J a n u a r y 1 8 , 2 0 0 8
1 1
P roj ect O v erv iew

N et w o rk O b j ect ives
Th e g oal of th e Reg us Data Desig n is to desig n and depl oy an Interim m eets th e f ol l ow ing k ey ob j ec tiv es: Arc h itec ture w h ic h
H ig h l y S c al ab l e and F l exib l e B G P Desig n f or up to 3000 Reg us S ite routers c onnec ted to up to 8 Drain Loc ations in U S and/ or Canada Desig n B G P P eering f or Rem ote S ites F l exib l e Desig n to support Inter P rov ider MP LS P eering if nec essary S ym m etric al Routing w ith Central iz ed N AT F unc tion Initial P h ase of th e P roj ec t Requires 2 Data Centers and 3 Rem ote S ites to b e b roug h t onl ine b y end of J an 2008
Cisc o w il l prov ide a Transf er of K now l edg e f or Reg us/ P artner and rec om m endation of S of tw are rel eases f or depl oym ent.
D esig n Assu m p t io ns and C aveat s
Assum ptions and k now n c av eats reg arding th e c urrent and/ or proposed desig n h av e al ready b een c om m unic ated to av oid m isunderstanding s l ater during th e netw ork desig n rev iew proc ess. Assum ptions and c av eats are detail ed b el ow . Adequate netw ork l ink util iz ation m easurem ents h av e b een c onduc ted b y Reg us to determ ine th e appropriate Link S iz ing to el im inate th e possib il ity of l ink saturation. Circ uit ordering and siz ing f or th e purpose of th is proj ec t is f ul l y m anag ed b y Reg us.
Th e b usiness dec isions w ere m ade at th is tim e b y Reg us to c ontinue w ith th ese k now n risk s. Reg us h as an exstab l ish ed h istory of suc c essf ul l y running equipm ent in Lev el -3s c o-l oc ation f ac il ities. Circ uit f ail ure risk is v iew ed as m inim iz ed b ec ause of th e c irc uits b eing c onnec ted w ith in th e f ac il ity.
J a n u a r y 1 8 , 2 0 0 8
Th ere is v ery l ittl e redundanc y in th e netw ork . F or exam pl e, eac h rem ote site is m ono-h om ed w ith a sing l e router. Al so, w h il e th e data c enter w il l c ontain a pair of sw itc h es, th ere stil l w il l b e onl y a sing l e router at th is l oc ation. Th is m eans th at sing l e point of f ail ure (ie. a router or th e Lev el 3 c irc uit) w il l c ause dow ntim e.
We h av e ob tained doc um entation f rom Reg us and in som e c ases, partners, on th e existing v oic e and data sol utions, IP Addressing , and VLAN inf orm ation. We
1 2
Th e orig inal IP T S O W is f or a Voic e sol ution onl y; it does not spec if y a Central iz ed (B roadh op) or Dec entral iz ed (Ac c ess Manag er) B andw idth on Dem and Model . In support of B andw idth on Dem and, th e l atest Reg us U S IB M P h ase A Model w il l b e depl oyed at eac h rem ote site using th e sam pl e c onf ig urations (Reg us S ite 380 & 761) and P h ase A Doc um entation. Th is w il l inc rease supportab il ity b y m inim iz ing th e dif f erenc es f rom oth er interim sol utions. Reg us understands th at Cisc o is depl oying th e prev ious IB M P h ase A m odel w h ic h is w ork ing w ith th e c urrent Reg us depl oym ents. Th e tim e pressure on th e proj ec t requires re-use of th e c urrent c onf ig uration. Reg us expec ts Cisc o to c al l out any prob l em s th at w oul d present a risk w ith th e c ontinued use of th e IB M P h ase A c onf ig uration. Th e onl y spec if ic sub net w ith in th e Reg us U S b l oc k th at is b eing adv ertised to th e Internet b y a non Lev el -3 IS P is 66.202.128.0/ 24 (f rom Look ing G l ass Look ups) Lev el -3 appears to b e announc ing th e 66.202.160.0/ 19 w h ic h is th e upper h al f of th e 66.202.128.0/ 18. Th us th ere w il l not b e any c onf l ic ts sinc e th is spac e w il l not b e used f or any of th e th ree new sites.
h av e b een instruc ted to re-use th is inf orm ation rath er th an redesig ning th ese sec tions. Muc h of th is is h ig h l ig h ted in th e Current Data N etw ork Desig ns S ec tion.
VP N P rof il es th at exist on th e F ram ew ork Routers f or IS I, IN X , N etsurant, and Reg us w il l b e reused and enab l ed b y Day 2 support team af ter site turn up. Th ey w il l not b e re-eng ineered, optim iz ed, or enh anc ed, sinc e VP N desig n is outside of th e sc ope of th is interim proj ec t.
Th ere are sev eral existing c onf ig urations th at w il l b e used f or th e interim etw ork . In a f uture proj ec t, Cisc o rec om m ends th at som e areas b e re-ev al uated f or optim al netw ork perf orm anc e. S om e g eneral areas f or im prov em ent in f uture proj ec ts inc l ude: o H ierarc h ic al Q oS Conf ig uration on CE (Q O S Redesig n) o DH CP usag e on S w itc h v s. Router (DH CP Redesig n) o MLS Trust Model v s. Rem ark ing on S w itc h (Q O S Redesig n) o Rate Lim iting on S w itc h v s. Router (Rate Lim iting / B O D Redesig n) o VP N Ac c ess Central iz ation or Direc t MP LS VP N Connec tions (VP N Redesig n)
J a n u a r y 1 8 , 2 0 0 8
1 3
C urrent D a ta N etw ork D esig ns

Reg us h as prov ided Cisc o w ith th e Doc um entation f or th is b rief sec tion. It is b eing inc l uded f or c om pl eteness.
G l o b al Sit e C l assif icat io ns
Th e Reg us tec h nic al arc h itec tural strateg y supports v arious c l ient b usiness ob j ec tiv es supported g l ob al l y. B y c reating a c entral iz ed serv ic e distrib ution m odel CN S / H ead Ends th is w il l al l ow Reg us to reduc e operations and support c osts w h il e prov iding g reater c l ient appl ic ation f eatures. Th is strateg y resul ts in l ow er adm inistration c osts to of f set an inc rease in netw ork c apac ity needed to support real tim e c onv erg ed appl ic ations. Th is desig n is b ased of f c ertain ag reed upon c ost approv al s and any dev iations need to b e pre-approv ed b y th e Arc h itec ture Rev iew B oard (ARB ). Th e f ol l ow ing def ines th e dif f erent c l asses of sites th at w il l b e depl oyed g l ob al l y.
Global Site Strategy

E u ro p e H ead E n d s (M P L S ) R u ssia C l u st er N o rt h -E ast Asia C l u st er P acif ic P eerin g
B ay Area P acif ic P eerin g Americas H ead E n d s (M P L S ) At l an t a N ew J ersey
At l an t ic P eerin g
E u rasia P eerin g M id d l e E ast C l u st er I n d ia C l u st er
C h in a C l u st er
H o n g K o n g
B raz il C l u st er
Existing Head Ends F u tu r e Head Ends C l u ster s ( M ini HEs)
Au st ral ia S o u t h Af rica C l u st er AP AC H ead E n d s (M P L S )
C o nnec tiv ity ( P eer ing)
C l assif icat io n b y Services
S erv ic es and th eir del iv ery h av e b een desig ned b ased on th e site c l assif ic ation. Th ese sites w il l h av e MP LS c onnec tiv ity to th e reg ional h ead end f or f ul l serv ic e c l ass f unc tional ity. F or sites
R e g u s L A N /W A N T r a n s p o r t D e s ig n
J a n u a r y 1 8 , 2 0 0 8
1 4
th at do not support MP LS due to c ost c onstraints or in c ountry reg ul atory issues, th e S tar desig n w il l b e c onsidered to prov ide sim il ar f unc tional ity g iv en l ow er b andw idth assum ptions. Th e N um b er of Total S ites per Reg ion is Dependent on th e Mix of S m al l (S S ), Medium Larg e (LS ), and Extra Larg e (X L). (MS ),
Converged Network Services (CNS)
Redundant c al l proc essing serv ic es w il l b e instal l ed at th e Atl anta, G A and S ec auc us, N J h ead ends to prov ide uninterrupted v oic e serv ic es. Voic e and netw ork c om ponents at th e h eadends m ust util iz e protec ted pow er sourc es Al l redundant c om ponents m ust b e c onnec ted to al ternate pow er sourc es Voic e g atew ays at m edium and l arg e l oc ations m ay h av e redundant c onnec tions to th e P ub l ic S w itc h ed Tel eph one N etw ork (P S TN ) on as needed b asis Rem ote sites m ust util iz e a rem ote surv iv ab il ity f eature in th e ev ent th at c onnec tiv ity is l ost b etw een th e rem ote site and th e c al l proc essing serv ers Th e initial P h ase I system sh oul d support up to 30,000 end dev ic es (20,000 h andsets, 10,000 v irtual ) Atl anta, G A and S ec auc us, N J h eadend l oc ations 48 U .S . b ased Reg us l oc ations (approxim atel y 10,000 total tel eph one dev ic es)
Sta r Network
Th is site c l assif ic ation is b eing c onsidered f or sites th at h av e l im ited b andw idth or c ountry reg ul atory issues prev enting th e transm ission of v oic e of data netw ork s. It h as b een disc ussed th at th is site w il l ac t as a reg ional CN S prov iding sim il ar serv ic es b ut l im ited due to c osts or netw ork serv ic e av ail ab il ity.
U . S Site B rea kdown

100 o r L e s s U s e r s ( S m a l l ) N C O -C M E
S m al l Reg us l oc al sites w il l rec eiv e netw ork and appl ic ation serv ic es f rom S m al l 3 up to 51 Work stations S m al l 2 up to 89 Work stations S m al l 1 up to 100 Work stations th e CN S site.
101 t o 2 2 5 U s e r s ( M e d i u m ) N C O -C M E
Larg e Reg us l oc al sites w il l rec eiv e th e appropriate netw ork and appl ic ation serv ic es as desc rib ed in th e appropriate sec tion of th is doc um ent. Th ese sites w il l rec eiv e al l oth er serv ic es f rom CN S sites. Medium Medium Medium 4 up to 113 Work stations 3 up to 134 Work stations 2 up to 165 Work stations
J a n u a r y 1 8 , 2 0 0 8
1 5
Medium
1 up to 225 Work stations
2 2 6 t o 4 6 0 U s e r s ( L a r g e ) N C O -C M
Custom Reg us l oc al sites w il l b e anal yz ed at th e tim e of depl oym ent. As a resul t of th e anal ysis, th is type of site m ay rec eiv e a c ustom c onf ig uration of serv ic es l oc al l y or m ay potential l y b ec om e a Tier 2 CN S site depending on c ountry reg ul ations and c arrier serv ic es supported. Larg Larg Larg Larg e 4 up to 293 Work e 3 up to 347 Work e 2 up to 393 Work e 1 up to 460 Work stations stations stations stations
E x cep tions
Exc eption sites are deem ed nec essary w h en th e c riteria f or im pl em enting a Larg e, Medium , or S m al l site c annot b e used. An exam pl e of th is w oul d b e Airports or Mini-Reg us sites. Th oug h it is dif f ic ul t to f orec ast al l situations th at w oul d require an exc eption site im pl em entation, a f ew situations h av e b een disc ussed th at m ay use existing arc h itec ture to c om pl ete. Th is is not w ith in th e sc ope b ut is w orth m entioning .
G l o b al Sit e So l u t io n St andards
It sh oul d b e noted th at th e g l ob al sol ution standards are not th e targ eted standards b ut prov ide l ik e f unc tional ity until suc h tim e w h en CN S is c om pl ete. An exam pl e of th is is th e F ram ew ork sol ution w h ic h w il l b e el im inated entirel y.
F ra m ework U . S
Th is sol ution is c onsidered an interim sol ution f or N CO s. It prov ides VoIP v oic e serv ic es using onsite v oic e serv ers, b asic B andw idth -on-Dem and c ontrol , h ow ev er, doesn' t inc l ude f air ac c ess sh ared b andw idth c ontrol and no ac c ess to h eadends. Depending on th e site c l assif ic ations th e sol ution c om ponents c onsist of Cisc o IS R (2851, 3825, 3845) routers and CN S -approv ed Cisc o sw itc h es, al so onsite 7845 Cal l Manag er, 7845 Cisc o U nity, N etw ise, IS I. Th is sol ution does not prov ide Layer-2 f air ac c ess sh ared b andw idth queue c ontrol and Internet onl y data T1s. Reg us does prov ide S MTP Mail Rel ay, S print DN S serv ers, IS DN P ol yc om and v ideo c onf erenc ing . Th is sol ution is suited b est f or sites needing Cisc o VoIP b ut no CN S P h ase A data inc l uding no f air ac c ess sh ared b andw idth c ontrol and no ac c ess to h eadends.
F ra m ework U . K / E M E A
Th is sol ution is al so c onsidered an interim sol ution f or N CO s and sh oul d b e c onsidered a c l ose of th e U .S F ram ew ork sites used f or v oic e onl y depl oym ents. Th e sol ution c om ponents are c onsistent w ith th e U .S b il l of m aterial s. Th is sol ution is m ost suited f or
J a n u a r y 1 8 , 2 0 0 8
1 6
sites needing VoIP in l ieu of th e h eadends b eing instal l ed w ith th e intention to m ig rate th ese sites to CN S w h en h eadends are c om pl ete.
Step Z ero U . K
S ites c onnec t v ia MP LS netw ork to tw o Internet G atew ays w ith B G P as th e routing protoc ol . Th is sol ution w il l prov ide B andw idth on Dem and (B oD) using Cisc o 3825 and 3845 router w ith H WIC-4ES W c ard used during m ig ration. Th ese routers are a c ut dow n v ersion of U .S CN S c onf ig uration inc l uding a 100Mb ps f ib er upl ink prov ided b y B ritish Tel ec om (B T) w ith rate l im iting . Initial U K rol l out to prov ide data. Rol l out c om pl ete - instal l ed in 100 sites. Master S ite List spreadsh eet l ists th e sites. B oM and desig n ag reed b y U S team . Reg us sig nof f of doc s ob tained. U pg rade routers to CN S spec w h en m ig rate to CN S . As per S tep 0 in U K , sites c onnec t v ia MP LS netw ork to tw o Internet G atew ays using B G P and B oD). S ites c onnec t at E3 (34Mb ps) upl ink s w ith a Cisc o 3845 router using N M1T3/ E3 c ard to stay c onsistent w ith U .S S tep 0 desig n. Depending on th e site c l assif ic ation th ere m ay b e a need f or onl y a E1 l ine c ard f or 3825 or 3845 routers.
Step Z ero E M E A
H y b rid U . S
Th is sol ution type is c onsidered th e 2nd interim sol ution f or N CO s. Th is sol ution prov ides VoIP v oic e serv ic es using dedic ated onsite v oic e serv ers w ith f ul l CN S B andw idth -onDem and c ontrol , ac c ess to h eadends v ia MP LS c irc uits. S im il ar c om ponents to th e F ram ew ork sol ution inc l uding ; IS R (2851, 3825, 3845) router. CN S -approv ed Cisc o sw itc h es. O nsite serv er c om ponents 7845 Cal l Manag er, 7845 Cisc o U nity, N etw ise, IS I. Layer 3 LAN w ith f air ac c ess sh ared b andw idth queue c ontrol . S print MP LS data T1s. H eadend S MTP Mail Rel ay and DN S serv ers. IS DN P ol yc om v ideo c onf erenc ing . Th is sol ution is b est suited f or sites needing Cisc o VoIP w ith CN S P h ase A data serv ic es. P rov ides B andw idth -on-Dem and serv ic es v ia DS 3 or Eth ernet WAN to U S l eg ac y sites. Com ponents used f or th is sol ution type are 3845 router, typic al l y sing l e 3560 sw itc h c onnec ting to Leg ac y LAN , Layer 3 LAN w ith f air ac c ess sh ared b andw idth queue c ontrol , L3 MP LS DS 3 or Eth ernet WAN , H eadend S MTP Mail Rel ay and DN S serv ers, l eg ac y P B X . F or sites needing B oD serv ic es 293 total U S sites none of w h ic h h av e b een depl oyed. Th is sol ution is aw aiting Reg us ARB approv al . P rov ides c om pl ete CN S P h ase 1A serv ic es inc l uding c entral iz ed P B X / v oic e m ail , audio/ w eb c onf erenc ing , v ideo c onf erenc ing , S MTP m ail rel ay, DN S serv ers and
C o m p a n y C o n fid e n tia l.A p r in te d c o p y o f th is d o c u m e n t is c o n s id e r e d u n c o n tr o lle d .
Step Z ero U . S
CNS Ph a se 1(A )
J a n u a r y 1 8 , 2 0 0 8
1 7
B andw idth -on-Dem and. IS R (2851, 3825, 3845) router, al l new CN S -approv ed Cisc o sw itc h es, c entral iz ed v oic e using H -U CS w ith N etw ise attendant c onsol e, CN S data desig n using L3 LAN f or B andw idth -on-Dem and, H E S MTP Mail Rel ay & DN S serv ers, H E P ol yc om . Th is sol ution type is f or sites needing f ul l CN S P h ase A serv ic es. Currentl y b eing used f or al l U S N CO s and sites w ith end-of -l if e P B X s. S ite c urrentl y depl oyed are LA, F ol som , Ch ic ag o, Atl anta and P etal um a. P h ase 1A v oic e c om pl ete. P h ase 1B data (B roadh op) P CR is b eing g enerated.
CNS Ph a se 1(B )
P rov ides c om pl ete CN S P h ase serv ic es as desc rib ed in th e orig inal S O W inc l uding c entral iz ed P B X / v oic e m ail , audio/ w eb c onf erenc ing , v ideo c onf erenc ing , S MTP m ail rel ay, DN S serv ers, B andw idth -on-Dem and, auth entic ation, data prov isioning autom ation. S ol ution c om ponents are sim il ar to CN S P h ase 1(A) inc l uding ; Cisc o IS R (2851, 3825, 3845) router, CN S -approv ed Cisc o sw itc h es, Central iz ed v oic e using H -U CS w ith N etw ise attendant c onsol e, CN S data desig n using L2 LAN f or B andw idth -on-Dem and, H E S MTP Mail Rel ay & DN S serv ers, H E P ol yc om , Autom ation of data prov isioning (ATP ) Rem ote ac c ess VP N and ac c ess auth entic ation F or sites needing f ul l CN S P h ase B serv ic es. Wil l b e used at al l N CO s or sites needing CN S serv ic es. Th e sol ution desig n is c om pl ete. Th e IB M P CR is b eing g enerated f or im pl em entation in U S & EMEA. Th is sol ution prov ides a l ow c ost IP Tel eph ony serv ic e prov iding l eg ac y P B X repl ac em ent w ith h eadend m ig ration support. Th e idea is th at th is sol ution w il l ev entual l y repl ac e th e H yb rid U .S and U .K / EMEA F ram ew ork sol utions. Th is sol ution m ay b e m ig rated to CN S , S tar, or w ork as S tandal one sol ution. Th is desig n is v oic e onl y and independent of th e f inal data desig n P h ase A/ B or Centrinet. Th is sol ution is b est suited f or site c l assif ic ations g reater th an 240 and l ess th an 900 IP P h ones using 3845-IS R-S RS T Router, 7825-I3 Cal l Manag er 4.2, 7825 U nity 4.2, IS I Cal l Log g er (B il l ing ), EVO Contac t Attendant Consol e.
NCO -CM
Current site depl oym ents are B risb ane, AU , h ow ev er, th ere are som e m inor serv er dif f erenc es due to th e tig h t tim e f ram es in w h ic h IB M h ad to operate in. IB M P CR 61 h as b een g enerated f or im pl em entation in U S & EMEA and AP . Reg us h as v erb al l y ac c epted th e sol ution and h as b een sub m itted to th e proposal to th e ARB , h ow ev er, no f orm al ac c eptanc e h as b een approv ed.
NCO -L ite
Th is sol ution prov ides a l ow c ost IP Tel eph ony serv ic e prov iding l eg ac y P B X repl ac em ent w ith h eadend m ig ration support. Th e idea is th at th is sol ution w il l ev entual l y repl ac e th e H yb rid U .S and U .K / EMEA F ram ew ork sol utions. Th is sol ution m ay b e m ig rated to CN S , S tar, or w ork as S tandal one sol ution.
J a n u a r y 1 8 , 2 0 0 8
1 8
Th is desig n is v oic e onl y and independent of th e f inal data desig n P h ase A/ B or Centrinet. Th is sol ution is b est suited f or site c l assif ic ations of g reater th an 240 IP P h ones using 3845IS R-CME Router, MCS -7825-I3 U nity 4.2, IS I Cal l Log g er (B il l ing ), EVO Contac t Attendant Consol e.
Th e onl y dif f erenc e b etw een th is sol ution and th e N CO -CME is th at th is sol ution does not require additional serv er h ardw are.
Sta r (Concep t)
O nc e th is sol ution type h as b een f ound to b e tec h nic al l y v iab l e m ore inf orm ation w il l b e prov ided to th is sec tion. U ntil th en w e do k now th at it sh oul d prov ide sim il ar f unc tional ity as a CN S supporting N CO l im itations on b andw idth , c irc uit c ost, and possib l e reg ul atory in c ountry c onstraints. F urth er test and dev el opm ent is needed to understand th e Reg ional CN S c onc ept inc l uding v oic e ag g reg ation, data desig n, Q oS , and supportab il ity. Th is researc h sh oul d b e c om pl eted w ith IB M/ Reg us and al l th ird party v endors.
J a n u a r y 1 8 , 2 0 0 8
1 9
Interim
I nt erim
D a ta N etw ork A rch itecture

D esig n Sco p e
Th e Interim Data N etw ork Arc h itec ture and Desig ns c ontained in th is doc um ent disc usses eac h site type and topol og ies b ased on requirem ents H ig h Lev el Desig n (H LD) doc um ent. Th e sec tions th at are addressed in th is doc um ent are: o N etw ork Topol og y o S ite Router Desig n o S ite S w itc h ing Desig n o Data Center Router Desig n o Data Center/ P O P S w itc h ing Desig n o Data Center F irew al l Desig n o Lev el -3 O w ned Routers
Eac h one of th ese sec tions is disc ussed in m ore detail in th e sub sequent sec tions.
T erm ino l o g y
Th roug h out th e c ourse of th is doc um ent, th ere are sev eral term s th at are used. Th ey are l isted h ere f or ref erenc e. D ra i n Internet peering l oc ation (up to 8 Lev el -3 U S l oc ations c onsisting of Drain CE, P E and IX C Router) P E P rov ider Edg e Router ow ned b y Lev el -3 C E Custom er Edg e Router ow ned b y Reg us
N o n D ra i n P E S tandard MP LS P E th at w il l rec eiv e a prim ary and sec ondary def aul t f rom prim ary and sec ondary drains D ra i n P E peers to Drain CE D ra i n C E Custom er Edg e Router at Drain Loc ation ow ned b y Reg us peers to Drain P E D ra i n I X C R o u t e r peers to Lev el -3 Internet Router AS N 146 7 6 Reg us B G P Autonom ous S ystem N um b er f rom ARIN
J a n u a r y 1 8 , 2 0 0 8
20
D a t a C e n t e r Lev el -3 Col l oc ation S ite th at h osts b oth Voic e and Data Cal l Manag er Cl uster w ith U nity & S an F ranc isc o, CA Cinc innati, O H Internet Drain
P o i n t o f P re s e n c e ( P OP ) Lev el -3 Col l oc ation S ite th at h osts Data O nl y Internet Drain O nl y
H u b S w i t c h Layer-3 sw itc h h andl es inter-VLAN routing and c onnec ts Layer-2 sw itc h es at a rem ote site
N et w o rk T o p o l o g y
As depic ted b el ow , th e netw ork topol og y c onsists of Drain IX C Routers, Drain CE Routers, Drain P E Routers, P E Routers, CE Routers and CE S w itc h es. Th e topol og y c onsists of 8 Drain Loc ations, eac h w ith a Drain IX C Router, a Drain CE Router and al so a Cisc o AS A F irew al l th at w il l prov ide N AT serv ic es f or priv ate address spac e th at is destined to th e Internet.
J a n u a r y 1 8 , 2 0 0 8
21
P h y sical C o nnect ivit y O verview

PE to CE F a cing I nterf a ces
Th e S ite P E to CE c onnec tions w il l util iz e Mul til ink P P P (nxT1), DS 3 or G ig ab it Eth ernet interf ac es. In th e c ase of th e Drain S ites (Cinc innati and S an F ranc isc o) Routers, th ere w il l b e G ig ab it Eth ernet c onnec tiv ity to th e P E Routers. Th e c ontrac ted CIR f or eac h l ink w il l b e used in a Q O S sh aper. Th ere w il l b e m ore detail s on th is in th e Q oS S ec tion. (Lev el -3 h as an of f ering of
Core F a cing I nterf a ces

Al l c ore f ac ing interf ac es are m anag ed and m aintained b y Lev el -3. Th ese are part of th e Lev el -3 MP LS Core Transport.
J a n u a r y 1 8 , 2 0 0 8
22
N etw ork D esig n C om p onents

Th e N etw ork Desig n c onsists of tw o m aj or protoc ol c om ponents, nam el y B order G atew ay P rotoc ol (B G P ) and Enh anc ed Interior G atew ay Routing P rotoc ol (EIG RP ).
B G P w il l b e used f or announc ing routes f rom a Reg us S ite/ P O P / Data Center to th e MP LS Core and al so f or c onnec ting to th e Internet at eac h drain l oc ation. EIG RP w il l b e al so used w ith in a site. Q ual ity of S erv ic e (Q oS ) is anoth er k ey aspec t of th e desig n as it reg ul ates th e b andw idth th at an end user c an use and al so protec ts v oic e and v ideo b y ensuring a l ow l atenc y queuing m ec h anism .
A k ey aspec t of th e desig n is to ensure sym m etry of traf f ic f l ow s as th ey enter and exit th e Internet. Th is w il l b e disc ussed in detail in th is sec tion as w el l .
Bo r d e r G a t e w a y P r o t o c o l ( BG P )
B G P is used extensiv el y in th e Reg us N G N . F undam ental l y, th ere are tw o c ateg ories f or w h ic h B G P is used, nam el y: B G P C o n f i g u ra t i o n s f o r L e v e l -3 Ow n e d R o u t e rs Drain P E (DP E) (Laurel Router) P E (Laurel Router)
B G P C o n f i g u ra t i o n s f o r R e g u s Ow n e d R o u t e rs IX C P eering Router (Cisc o 7206) Reg us CE Router (Cisc o 3845) Reg us Drain CE Router (Cisc o 7201)
Th e B G P Autonom ous S ystem b el ow :
N um b ers (AS N ) used f or peering outl ined in th e tab l e
Network
Lev el -3 MP LS Core Lev el -3 IX C P eering Reg us S ite (ARIN Reg istered)
A S N
1 3356
14676
J a n u a r y 1 8 , 2 0 0 8
23
Af ter disc ussions w ith Lev el -3, th ey h av e ag reed to th ey w il l prov ide th e f ol l ow ing B G P serv ic e f eatures using th eir Laurel MP LS P l atf orm . Wh il e Lev el -3 does not c urrentl y use Cisc o Routers as th eir P Es, th e sam e f eatures are av ail ab l e on Cisc o, so open standard f eature sets h av e b een used. Th ese f eatures are: AS Ov e rri d e h ttp:/ / w w w .c isc o.c om / univ erc d/ c c / td/ doc / produc t/ sof tw are/ ios120/ 120new f t/ 120t/ 120 t7/ v pn_ en.h tm # w p1045899 D e f a u l t R o u t e Ori g i n a t i o n h ttp:/ / w w w .c isc o.c om / en/ U S / doc s/ ios/ 12_ 3/ iproute/ c om m and/ ref erenc e/ ip2_ n1g .h tm l # w p1037042 S e n d i n g a n d R e c e i v i n g S t a n d a rd c o m m u n i t i e s f ro m C E
h ttp:/ / w w w .c isc o.c om / en/ U S / doc s/ ios/ 12_ 3/ iproute/ c om m and/ ref erenc e/ ip2_ n1g .h tm l # w p1039539
M D 5 Au t h e n t i c a t i o n
h ttp:/ / w w w .c isc o.c om / en/ U S / doc s/ ios/ 12_ 3/ iproute/ c om m and/ ref erenc e/ ip2_ n1g .h tm l # w p1081288
Ot h e r As s u m p t i o n s
With in th e Lev el -3 MP LS b ac k b one P Es w il l m atc h ing on Extended c om m unity attrib ute f or sel ec ted routes and setting a B G P l oc al pref erenc e to th ose m atc h ing routes, im port/ export Routes b y setting Route Targ ets. Th e Lev el -3 Routers do not prov ide Route Ref l ec tion. Lev el -3 is c urrentl y testing th e l ab Route Targ et sol ution on b oth th eir Laural and M120 netw ork . Th ey are on trac k to del iv er th e sol ution w ith out af f ec ting th e tim el ine of th e proj ec t.
B G P T op ol ogy L a y ers
B G P w il l b e used at v arious l oc ations, as w as stated earl ier. Th e f ol l ow ing diag ram sh ow s th e Reg us B G P Topol og y Layers. Th ere is EB G P used b etw een CE and P E as w el l as f or peering to th e Internet. Th ere w il l b e iB G P used f or P eering b etw een th e Drain Routers.
J a n u a r y 1 8 , 2 0 0 8
24
B G P A u tonom ou s Sy stem
Nu m b er (A SN)
N um b er of th e B G P proc ess to w h ic h th e
Th e proc ess ID is th e Autonom ous S ystem router b el ong s. Reg us w il l b e using th e B G P AS N 146 7 6 .
B G P Rou ter I D
Cisc o rec om m ends using a stab l e interf ac e IP address as th e Router ID. Loopb ac k interf ac e addresses are g eneral l y th e b est f it f or th is. Reg us w il l use Loopb ac k 0 IP address as th e B G P Router-id. Router IDs are typic al l y tak en out of th e 172.18.x.x rang e and assig ned b y Centri.net.
B GP R ou ter I D
router bgp 14676 router-id < l oopbac k _ 0 _ I P _ address>
B G P Send Com m u nity

Cisc o rec om m ends th at standard B G P b e sent to and f rom th e B G P neig h b ors, using th e neig h b or send-c om m unity c om m and in router c onf ig uration m ode. O ne k ey adv antag e to doing th is is th at w e c an send site spec if ic c om m unities to m ark th e route sourc es. Th is is desc rib ed in m ore detail in th e S ite Desig n sec tion.
25
B GP Sen d C om m u n ity C on f igu ration

router bgp 14676 n eigh bor < L ev el 3 or R egus I X C > sen d-c ommun ity
B G P Redistrib u tion
Th e Reg us netw ork w il l not require any redistrib ution statem ents. B G P netw ork statem ents are used to speed up c onv erg enc e and yiel d b etter stab il ity. Ev en in th e c ase w h ere EIG RP is used w ith in rem ote site c onnec tiv ity, no redistrib ution w il l b e depl oyed. B el ow is a sam pl e netw ork c onf ig uration using netw ork statem ents.
B GP Netw ork C on f igu ration
router bgp 14676 n etw ork < n etw ork to adv ertise> mask < mask v al ue>
B G P A u th entica tion
MD5 auth entic ation prov ides a m eans of sec urity suc h th at no passw ord trav el s on th e ph ysic al m edium . Instead, eac h router uses MD5 to produc e a m essag e dig est of th e B G P pac k et pl us th e k ey, w h ic h is sent on th e ph ysic al m edium . U sing MD5 auth entic ation prev ents a router f rom ac c epting unauth oriz ed or del ib eratel y m al ic ious routing updates, w h ic h c oul d c om prom ise netw ork sec urity. Th eref ore, MD5 auth entic ation w il l b e c onf ig ured f or al l B G P peers using th e f ol l ow ing c onf ig uration.
B GP Au th en tic ation C on f igu ration
router bgp 14676 n eigh bor < L ev el 3 n eigh bor < L ev el 3 n o auto-summary P E > remote-as 1 P E > passw ord 7 10 5C 0 C 1E 10 0 4
B G P M a x im u m
Pref ix es
To c ontrol h ow m any pref ixes c an b e rec eiv ed f rom a neig h b or, use th e neig h b or m axim um -pref ix c om m and in router c onf ig uration m ode. At al l CE sites, sinc e th e onl y route th at w il l b e send/ expec ted f rom a P E is th e def aul t route, w e w il l use th is to l im it th e m axim um num b er of pref ixes to 1. Th is is a g ood saf eg uard ag ainst g etting too m any routes and c ausing issues. A sysl og m essag e w il l al so b e produc ed w h en th e m axim um pref ixes are l earned and if m ore th an th e m axim um are l earned, th en th e peer w il l reset.
B GP M ax im u m P ref ix C on f igu ration
P E > maximum-pref ix 1 router bgp 14676 n eigh bor < L ev el 3
J a n u a r y 1 8 , 2 0 0 8
26
B G P L og Neigh b or Ch a nges
Th e b g p l og -neig h b or-c h ang es c om m and enab l es l og g ing of B G P neig h b or status c h ang es (up or dow n) and resets f or troub l esh ooting netw ork c onnec tiv ity prob l em s and m easuring netw ork stab il ity. U nexpec ted neig h b or resets m ig h t indic ate h ig h error rates or h ig h pac k et l oss in th e netw ork and sh oul d b e inv estig ated.
B GP L og Neigh bor C h an ges C on f igu ration
router bgp 14676 bgp l og-n eigh bor-c h an ges
B G P Neigh b or D escrip tion

To assoc iate a desc ription w ith a neig h b or, w e rec om m end using th e neig h b or desc ription c om m and in router c onf ig uration m ode. Th is w il l h el p to easil y identif y w h ere a B G P neig h b or is peering to.
B GP Neigh bor Des c rip tion C on f igu ration
router bgp 14676 n eigh bor < L ev el 3 P E > desc ription P E E R _ T O _ T H E _ O T H E R _ S I D E
B G P D ef a u l t Rou tes
Eac h rem ote site w il l rec eiv e a sing l e def aul t route f rom th e Lev el -3 Core P E f or InterS ite ac c ess. Ac c ess-l ist 50 w il l b e c onf ig ured on eac h site router to onl y al l ow f or th e def aul t route. Th is w il l th en b e appl ied to th e neig h b or using a distrib ute-l ist in.
B GP Def au lt R ou te an d Dis tribu te L is t C on f igu ration
router bgp 14676 n eigh bor < L ev el -3 P E > distribute-l ist 50 n o auto-summary ! ac c ess-l ist 50 permit 0 . 0 . 0 . 0 in
J a n u a r y 1 8 , 2 0 0 8
27
Su m m a ry of B G P D esign
Al l Reg us B G P Routers w il l h av e th e f ol l ow ing rul es: Al l B G P R o u t e rs w i l l h a v e t h e f o l l o w i n g R u l e s Reg us B G P AS N = 14676 S et a Router ID Manual l y to m atc h th e l oopb ac k address
U se netw ork statem ents f or Route Adv ertisem ent and m atc h ing route to N ul l 0 w ith adm in c ost of 254 to k eep f l apping to a m inim um Announc e N etw ork s w ith Route Maps to set standard c om m unity v al ues U se MD5 Auth entic ation Log N eig h b or Ch ang es
U se N eig h b or Desc riptions
S end/ rec eiv e B G P S tandard Com m unities v ia send-c om m unity k eyw ord
Al l R e g u s B G P M P L S C E R o u t e rs w i l l h a v e t h e f o l l o w i n g a d d i t i o n a l ru l e s : P eer to th e AS N f or Lev el 3 MP LS Core (AS N 1) Depl oy Route Maps f or Com m unity setting rul es:
O nl y If P ub l ic Address S pac e th at is f rag m ented b etw een Lev el 3 and S print spac e, set c om m unity to 14676:S iteN um b er pl us Drain P ref erenc e S etting . Th is m ust m atc h th e P E S etting s.
If P riv ate Address S pac e, set th e c om m unity to 14676:S iteN um b er
J a n u a r y 1 8 , 2 0 0 8
28
E nh anced I nt erio r G at ew ay P ro t o co l (E I G R P )
EIG RP w il l b e used b etw een 3845 and 3560 rem ote site sw itc h es f or l oc al site c onnec tiv ity.
E I G RP A u tonom ou s Sy stem
E I GR P ASN C on f igu ration
Nu m b er
Th e EIG RP AS N w il l b e 14676 to m atc h th e B G P reg istered AS N .

router eigrp 14676 passiv e-in terf ac e def aul t n o passiv e-in terf ac e GigabitE th ern et0 / 1 n etw ork < l oc al n etw ork > < in v erse mask > auto-summary
E I G RP Rou ter I D
Cisc o rec om m ends using a stab l e interf ac e IP address as th e Router ID. Loopb ac k interf ac e addresses are g eneral l y th e b est f it f or th is. Reg us w il l use Loopb ac k 0 IP address as th e EIG RP router-id.
E I GR P R ou ter I D
router eigrp 14676 eigrp router-id < l oopbac k 0 >
E I G RP Pa ssive I nterf a ce D ef a u l t
Cisc o rec om m ends using EIG RP P assiv e interf ac e def aul t. Th is m eans th at Enh anc ed IG RP is disab l ed on an interf ac e th at is c onf ig ured as passiv e al th oug h it adv ertises th e route. Th is prev ents il l ic it neig h b ors f rom f orm ing .
E I GR P P as s iv e I n terf ac e Def au lt
router eigrp 14676 passiv e-in terf ac e def aul t
E I G RP Rou te A nnou ncem ents

EIG RP announc es routes using netw ork statem ents. Th is is standard c onf ig uration as doc um ented in th e Cisc o.c om tec h nic al doc um entation pag es. S ee h ttp:/ / w w w .c isc o.c om / w arp/ pub l ic / 103/ eig rpf aq.sh tm l # th irteen f or detail s.
J a n u a r y 1 8 , 2 0 0 8
29
E I GR P U s e of Netw ork Statem en ts

router eigrp 14676 n etw ork < l oc al n etw ork > < in v erse mask >
E I G RP Redistrib u tion
Th ere w il l not b e any redistrib ution on th e EIG RP Routers. Th e l oc al site routes w il l b e announc ed into B G P v ia N etw ork S tatem ents.
E I G RP D ef a u l t / Su m m a ry Rou te
EIG RP w il l b e c onf ig ured to orig inate a def aul t route using th e sum m ary address c om m and on th e dow nstream interf ac e to th e EIG RP P eer. N ote th at th e sum m ary sh oul d b e set up w ith a adm inistrativ e distanc e of 254 so th at th e B G P l earned def aul t is not ov erridden.
E I GR P Su m m ary Ad d res s C on f igu ration
in terf ac e GigabitE th ern et0 / 1 ip summary-address eigrp 14676 0 . 0 . 0 . 0 0 . 0 . 0 . 0 2 54
Su m m a ry of E I G RP D esign
Al l E I G R P R o u t e rs w i l l h a v e t h e f o l l o w i n g R u l e s Router EIG RP AS N = 14676 S et a Router ID Manual l y to m atc h th e l oopb ac k address
O rig inate a Def aul t Route on th e interf ac e f ac ing to th e dow nstream
U se passiv e interf ac e def aul t f or al l interf ac es exc ept th e interf ac e f ac ing th e dow nstream
peer(s)
3560.
J a n u a r y 1 8 , 2 0 0 8
3 0
Q u al it y o f Service (Q o S)
Th e Q oS desig n h as th e f ol l ow ing requirem ents: Al l ow P rioritiz ation of Del ay S ensitiv e Appl ic ations (Voic e & B andw idth Control f or Cl ients Ac c essing th e Internet o S h ared S erv ic e o Dedic ated S erv ic e Video)
Note
Map Reg us Q oS Cl asses in Lev el 3 MP LS VP N Q oS Q ueues At th e instruc tion of Reg us, Cisc o w il l b e using th e IB M P h ase A Q oS Conf ig uration to im pl em ent B andw idth O n Dem and. Th ere are al ternate approac h es to Q oS w h ic h inc l udes of f l oading Q oS to th e sw itc h es rath er th an perf orm ing it on th e router, h ow ev er th is is outside of th e sc ope of th is proj ec t. Reg us expec ts Cisc o to c al l out any prob l em s th at w oul d present a risk w ith th e c ontinued use of th e IB M P h ase A c onf ig uration.
Rem ote Site B a ndwidth O n D em a nd

S h a re d o Th e sh ared serv ic e of f ering is sh ared b y m ul tipl e c l ients w ith in a sing l e site o A sing l e sh ared serv ic e of f ering is av ail ab l e at eac h rem ote site o F air ac c ess to av ail ab l e b andw idth is prov ided v ia w eig h ted f air queuing w h ere indiv idual usag e of av ail ab l e resourc es is sc al ed up and dow n b ased on th e nature of c om m unic ation f l ow s and am ount of av ail ab l e b andw idth w ith in th e of f ering Th e g uaranteed c om ponent is al w ays av ail ab l e f or outb ound traf f ic reg ardl ess of c onc urrent usag e of oth er serv ic e of f ering s S e rv i c e
o Th e sh ared serv ic e of f ering is c om prised of a g uaranteed and an up-to c om ponent Th e up-to c om ponent is av ail ab l e b andw idth in exc ess of th e g uaranteed c om ponent w h ic h v aries b ased on ov eral l site b andw idth usag e. Th e up-to c om ponent is c apped at a def ined l ev el up to w h ic h users m ay b urst
D e d i c a t e d S e rv i c e
o Th e g uaranteed portion of a dedic ated serv ic e partition h as priority ov er th e up-to portion of th e sh ared serv ic e of f ering
o Th e up-to portion of anoth er serv ic e partition m ay ov erl ap th e g uaranteed portion of a dedic ated serv ic e partition
o Dedic ated serv ic e partition m ust not ov erl ap th e g uaranteed portion of any oth er serv ic e partition
3 1
Voic e traf f ic ov er th e MP LS c arrier netw ork rec eiv es h ig h est priority
I nitia l Site A ccess B a ndwidth

Th e initial b andw idth required f or a new N CO S ite is not b ased on th e siz e of th e l oc ation, b ut th e am ount of c l ients and dedic ated serv ic e initial l y at th e l oc ation. B ased on Reg us experienc e eac h new N CO S ite needs a m inim um of 3Mb ps of ac c ess b andw idth to f unc tion. It is Reg us intention to sel l dedic ated b andw idth serv ic es. A 2 x T1 c onf ig uration w oul d onl y prov ide th e m inim um b andw idth , w ith out any room f or dedic ated serv ic es. Ev en th oug h th e 4 x T1 c onf ig uration prov ides additional b andw idth , it is dif f ic ul t to inc rem ental l y inc rease th e b andw idth . S ub -rated c onnec tions v ia DS 3 or G ig ab it Eth ernet are strateg ic f or Reg us and al l ow b andw idth to b e added in a tim el y m anner. If dedic ated serv ic es are pre-sol d or sol d in th e f uture, additional b andw idth into Lev el -3s MP LS S erv ic e m ay b e prov isioned ac c ording l y.
I n itial B an d w id th Gu id elin es f or All Site T yp es
Ac c e s s I n t e rf a c e 4 x T1s DS 3 (sub -rate) G ig ab it Eth ernet (sub -rate)
Ac c e s s B a n d 6.176 Mb 6.176 Mb 6.176 Mb
w id th ps ps ps
Pol icing
Th e ra t e -l i m i t i n p u t c om m and is used to enf orc e b andw idth c ontrol on b oth sh ared and dedic ated serv ic es. Rate l im iters are appl ied inb ound to b oth th e WAN and LAN interf ac es of th e Rem ote S ite CE Router. Eac h c l ient is assoc iated w ith a rate l im iter v ia a Layer 3 ac c ess l ist. Traf f ic exc eeding th e pol ic y is stric tl y dropped. Rate l im iting v al ues appl ied inb ound to b oth router interf ac es def ine th e av erag e rate, th e norm al b urst rate (1/ 8 av g rate) * 1.5, and exc ess b urst rate (2* norm al b urst rate).
C E P olic in g C on f igu ration
J a n u a r y 1 8 , 2 0 0 8
3 2
in terf ac e S erial 0 / 0 rate-l imit in put ac c ess-group 2 0 0 tran smit exc eed-ac tion drop ! in terf ac e GigabitE th ern et0 / 0 rate-l imit in put ac c ess-group 2 0 0 tran smit exc eed-ac tion drop ! ac c ess-l ist 2 0 0 1 remark V l an 60 1 ac c ess-l ist 2 0 0 1 den y ip 10 . 12 0 ac c ess-l ist 2 0 0 1 den y ip 10 . 12 0 ac c ess-l ist 2 0 0 1 permit ip 10 . 12 0 ac c ess-l ist 2 0 0 1 permit ip an y 10
1 2 0 48 0 0 0
3 8 40 0 0
768 0 0 0
c on f orm-ac tion
1 2 0 48 0 0 0 C l ien . 12 0 . . 12 0 . . 12 0 . . 12 0 . t 0 1 8 0 . 0 0 0 . 0 8 0 . 0 12 0 . 8
3 8 40 0 0
768 0 0 0
c on f orm-ac tion
R ate L imitin g . 0 . 7 10 . 12 0 . 12 0 . 0 0 . 0 . 7. 2 55 . 7. 2 55 10 . 12 0 . 12 0 . 8 0 . 0 . 0 . 7 . 0 . 7 an y 0 . 0 . 0 . 7
Sh a red Q u eu e B a ndwidth Siz ing

Th e tab l e b el ow c ontains th e sh ared queue g uidel ines w h ic h are b ased on Reg us past experienc e. Th e def aul t rate l im it v al ue f or al l c l ients inc l uding th e Wirel ess VLAN is 2.048 Mb . Th e ac tual siz e of th e sh ared queue w il l v ary depending on th e c l ient density and ac c eptanc e w ith in a l oc ation.
Sh ared Q u eu e & R ate L im it B an d w id th Gu id elin es
S ite T y p e S m al l Medium Larg e
S h a re d Q u e u e R e q u i re d 2.048 Mb 2.048 Mb 6.176 Mb
R a te L im it 2.048 Mb 2.048 Mb 2.048 Mb
C o u n t 100 224 460
8 0 % OC C 80 179 368
Q oS Cl a sses
Th e Q oS Cl asses w il l use th e standard DS CP m ark ing s. traf f ic , an ac c ess-l ist is used to c l assif y th e traf f ic .
C E C las s M ap C on f igu ration
c l ass-map matc h -al l V oic eP ayl oad matc h dsc p ef c l ass-map matc h -al l S h ared matc h dsc p def aul t c l ass-map matc h -al l M gmt matc h ac c ess-group n ame M gmt c l ass-map matc h -al l V ideo matc h dsc p af 41 c l ass-map matc h -al l D edic ated matc h dsc p af 2 2 c l ass-map matc h -al l R outin g matc h dsc p c s6 c l ass-map matc h -al l V oic eS ign al matc h dsc p c s3 c l ass-map matc h -an y S h aredI n gress matc h ac c ess-group 12 0
In th e c ase of m anag em ent
J a n u a r y 1 8 , 2 0 0 8
3 3
Service Pol icies

Tw o S erv ic e pol ic ies S h apeIng ress and S h apeEg ress are appl ied to th e WAN and LAN interf ac es of th e Rem ote S ite CE Router. Th e S h apeEg ress pol ic y prov ides Voic e prioritiz ation, b andw idth g uarantee b etw een c l asses of serv ic e and traf f ic sh aping into th e Lev el -3 MP LS S erv ic e. Reg us c al c ul ations are b ased on 80% oc c upanc y w ith a site. Th e tab l es b el ow def ine th e b andw idth c al c ul ations or f ixed v al ues used in th e serv ic es pol ic ies.
Serv ic e C las s B an d w id th C alc u lation s
S e rv i c e C l a s s
Voic e P ayl oad
S ite to S ite Cal l s = Voic e Mail = (5%
B a n d w id th C a lc u la tio n IP Com m unic ator = (5% (5%
of P h ones) * 84 k b ps of P h ones) * 84k b ps
Voic e P ayl oad = (S ite to S ite + IP C + VM) G 711 c odec = 84 k b ps
of P h ones) * 84 k b ps
Voic e S ig nal ing Dedic ated Mg m t
Total Dedic ated S erv ic e B andw idth S ol d 128 k b ps B ased on S h ared Q ueue B andw idth S iz ing Tab l e
(IP P h one + G atew ay) * 263 b ps
Cl ass-def aul t (S h ared) Video Routing
8 k b ps (Video is not b eing depl oyed) 32 k b ps
S ite T y p e S m al l
V oic e B an d w id th R eq u irem en ts
P h o n e s 100 224 460
8 0 % OC C
Medium Larg e
179 368
80
V o ic e S ig n a lin g B a n d w id th 21 k b ps 47 k b ps 97 k b ps
V o ic e P a y lo a d B a n d w id th 1.008 Mb ps 4.637 Mb ps 2.255 Mb ps
C E Serv ic e P olic y C on f igu ration

pol ic y-map F airQ ueue c l ass c l ass-def aul t f air-queue pol ic y-map S h apeI n gress c l ass S h aredI n gress ban dw idth 153 6 ran dom-detec t sh ape peak 153 60 0 0 serv ic e-pol ic y F airQ ueue
J a n u a r y 1 8 , 2 0 0 8
3 4
pol ic y-map S h apeE gress c l ass V oic eP ayl oad priority 8 set dsc p ef c l ass V oic eS ign al ban dw idth 8 set dsc p c s6 c l ass V ideo set dsc p ef priority 8 c l ass D edic ated ban dw idth 179 2 ran dom-detec t c l ass R outin g ban dw idth 3 2 c l ass M gmt ban dw idth 12 8 ran dom-detec t set dsc p af 2 1 c l ass c l ass-def aul t ban dw idth 153 6 ran dom-detec t sh ape peak 153 60 0 0 serv ic e-pol ic y F airQ ueue ! in terf ac e S erial 0 / 0 serv ic e-pol ic y output S h apeE n gress ! in terf ac e GigabitE th ern et0 / 1 serv ic e-pol ic y output S h apeI n gress
D edica ted Q u eu e B a ndwidth Siz ing

Th e dedic ated queue siz e m ust not exc eed th e WAN ac c ess b andw idth m inus th e total b andw idth al l oc ated in th e oth er c l asses of serv ic e. Th e tab l e b el ow sh ow s an exam pl e of c al c ul ating th e am ount of dedic ated b andw idth av ail ab l e to sel l . P rov isioning additional dedic ated b andw idth w oul d require upg rading th e ac c ess b andw idth of th e rem ote site. Th e Voic e B andw idth requirem ents h av e a direc t c orrel ation to c ost b ec ause of th e prov isioning of serv ic e w ith in Lev el -3 MP LS c l oud. Initial l y, Lev el -3 priority traf f ic w il l b e usag e b ased b il l ing , b ut th e Q oS serv ic e of f ering s m ay c h ang e w ith th e introduc tion of th e new h ardw are into Lev el -3 netw ork . Reg us w il l m onitor th e usag e w ith in eac h site and m ak e a determ ination w ith b andw idth required.
Ded ic ated B an d w id th C alc u lation M ed iu m
S e rv i c e
Site E x am p le
MP LS Ac c ess B andw idth (4 x T1) Routing Mg m t
B a n d w id th (k b p s ) 6 17 6 32
Voic e P ayl oad Video
Voic e S ig nal ing S h ared S erv ic e

J a n u a r y 1 8 , 2 0 0 8
2255
128 47
2048
3 5
D e d i c a t e d B a n d w i d t h Av a i l a b l e t o S e l l
T o ta l
6 17 6 - 45 9 4 = 16 5 8
45 18
L evel -3 M PL S Q oS Service Cl a ss M a p p ing

Th e s e t d s c p c om m ands in th e S h apeEg ress pol ic y m ap al l ow m apping of th e Reg us Q oS Cl asses to th e Lev el -3 MP LS VP N Q oS Cl asses. Th e ToS to DS CP m apping is 16 * ToS Val ue. (CS 1 = DS CP 16, CS 2 = DS CP 32, CS 3 = DS CP 48, etc )
L ev el 3 Q oS C las s es & R u les
C u rren t R egu s Q oS C las s es to L ev el 3 M ap p in g

Regus Phase A Class L ev el 3 Class O f f er i n g
Voice (EF)
Vid eo (A F4 1 )
Voice S ig n a l in g (C S 3 )
G O L D L EVEL 3
D ed ica t ed (A F2 2 ) R ou t in g (C S 6 ) M g m t (A F2 1 ) B R O N Z E L EVEL 3
C l a s s D ef a u l t (0 )
Switch Q oS - Rem a rking T ra f f ic

Dedic ated S erv ic e traf f ic is rem ark ed to f rom 0 to AF 22 (DS CP 20), b y appl ying th e m l s q o s d s c p -m u t a t i o n D e d i c a t e d c om m and to th e sw itc h port of th e c l ient. Th e rem ark ed traf f ic now m atc h es th e c l ass Dedic ated in th e serv ic e pol ic y S h apeEg ress and th e c l ient h as ac c ess to th e b andw idth of th e dedic ated serv ic e c l ass.
J a n u a r y 1 8 , 2 0 0 8
3 6
Sw itc h Q oS C on f ig
ml s qos map dsc p-mutation D edic ated 0 to 2 0 ! ! in terf ac e F astE th ern et0 / 11 pow er in l in e c on sumption 770 0 sw itc h port ac c ess v l an 2 sw itc h port mode ac c ess sw itc h port v oic e v l an 2 0 0 n o l oggin g ev en t l in k -status srr-queue ban dw idth sh are 10 10 60 2 0 srr-queue ban dw idth sh ape 10 0 0 0 priority-queue out ml s qos trust dsc p ml s qos dsc p-mutation D edic ated
Switch Q oS Q u eu e T u ning
Th e def aul t sw itc h queue v al ues are rec onf ig ured to ac c om m odate DS CP v al ues f or v oic e, dedic ated and sh ared serv ic e.
Sw itc h Q u eu e T u n in g C on f ig
ml ml ml ml ml ml ml ml ml ml ml ml ml ml ml ml ml ml ml ml ml ml ml ml ml ml ml ml ml ml ml ml s s s s s s s s s s s s s s s s s s s s s s s s s s s s s s s s qos qos qos qos qos qos qos qos qos qos qos qos qos qos qos qos qos qos qos qos qos qos qos qos qos qos qos qos qos qos qos qos srr-queue srr-queue srr-queue srr-queue srr-queue srr-queue srr-queue srr-queue srr-queue srr-queue srr-queue srr-queue srr-queue srr-queue srr-queue srr-queue srr-queue srr-queue srr-queue srr-queue srr-queue srr-queue srr-queue srr-queue srr-queue srr-queue srr-queue srr-queue srr-queue srr-queue srr-queue srr-queue
in put ban dw idth 9 0 10 in put th resh ol d 1 8 16 in put th resh ol d 2 3 4 66 in put buf f ers 67 3 3 in put c os-map queue 1 th resh ol d 2 1 in put c os-map queue 1 th resh ol d 3 0 in put c os-map queue 2 th resh ol d 1 2 in put c os-map queue 2 th resh ol d 2 4 6 7 in put c os-map queue 2 th resh ol d 3 3 5 in put dsc p-map queue 1 th resh ol d 2 9 10 11 12 13 14 15 in put dsc p-map queue 1 th resh ol d 3 0 1 2 3 4 5 6 7 in put dsc p-map queue 1 th resh ol d 3 3 2 in put dsc p-map queue 2 th resh ol d 1 16 17 18 19 2 0 2 1 2 2 2 3 in put dsc p-map queue 2 th resh ol d 2 3 3 3 4 3 5 3 6 3 7 3 8 3 9 48 in put dsc p-map queue 2 th resh ol d 2 49 50 51 52 53 54 55 56 in put dsc p-map queue 2 th resh ol d 2 57 58 59 60 61 62 63 in put dsc p-map queue 2 th resh ol d 3 2 4 2 5 2 6 2 7 2 8 2 9 3 0 3 1 in put dsc p-map queue 2 th resh ol d 3 40 41 42 43 44 45 46 47 output c os-map queue 1 th resh ol d 3 5 output c os-map queue 2 th resh ol d 3 3 6 7 output c os-map queue 3 th resh ol d 3 2 4 output c os-map queue 4 th resh ol d 2 1 output c os-map queue 4 th resh ol d 3 0 output dsc p-map queue 1 th resh ol d 3 40 41 42 43 44 45 46 47 output dsc p-map queue 2 th resh ol d 3 2 4 2 5 2 6 2 7 2 8 2 9 3 0 3 1 output dsc p-map queue 2 th resh ol d 3 48 49 50 51 52 53 54 55 output dsc p-map queue 2 th resh ol d 3 56 57 58 59 60 61 62 63 output dsc p-map queue 3 th resh ol d 3 16 17 18 19 2 1 2 2 2 3 3 2 output dsc p-map queue 3 th resh ol d 3 3 3 3 4 3 5 3 6 3 7 3 8 3 9 output dsc p-map queue 4 th resh ol d 1 8 output dsc p-map queue 4 th resh ol d 2 9 10 11 12 13 14 15 output dsc p-map queue 4 th resh ol d 3 0 1 2 3 4 5 6 2 0
J a n u a r y 1 8 , 2 0 0 8
3 7
ml ml ml ml ml ml ml ml ml ml
s s s s s s s s s s
qos qos qos qos qos qos qos qos qos qos
queue-set queue-set queue-set queue-set queue-set queue-set queue-set queue-set queue-set queue-set
output output output output output output output output output output
1 1 1 1
th resh ol th resh ol th resh ol th resh ol 2 th resh ol 2 th resh ol 2 th resh ol 2 th resh ol 1 buf f ers 2 buf f ers
d 1 13 8 13 8 9 2 d 2 13 8 13 8 9 2 d 3 3 6 77 10 0 3 d 4 2 0 50 67 40 d 1 149 149 10 0 d 2 118 118 10 0 d 3 41 68 10 0 2 d 4 42 72 10 0 2 10 10 2 6 54 16 6 17 61 ml s 0
13 8 40 0 18 149 2 3 5
72 42
qos trust dsc p
Q u eu ing on th e I P Ph one
A Cisc o IP P h one h as an internal 3-port 10/ 100 sw itc h . O ne port, P 0, is an internal port used f or c onnec ting th e ac tual v oic e el ec tronic s in th e ph one. P ort P 1 is used to c onnec t a daisy c h ained P C and P ort P 2 is used to upl ink to th e w iring -c l oset Eth ernet sw itc h . Eac h port h as 4 queues w ith a sing l e th resh ol d (4Q 1T) c onf ig uration. O ne of th ese queues, Q ueue 0, is a h ig h priority queue f or al l B P DU and CoS = 5 traf f ic . Th ese queues are al l serv ic ed in a round-rob in f ash ion w ith a tim er used on th e h ig h priority queue. If th is tim er expires w h il e th e queue sc h edul er is serv ic ing th e oth er queues, th e sc h edul er w il l autom atic al l y m ov e b ac k to th e h ig h priority queue and em pty its b uf f er, ensuring v oic e qual ity.
F igu re 1
I P P h on e Q u eu in g Sc h em e
I nternet E gress Q oS Pol icy

Th e IX C Router c onnec ts to Lev el -3 Internet S erv ic e v ia G ig ab it Eth ernet, b ut onl y h as a sub -rate serv ic e. A b asic outb ound sh aping pol ic y w il l f air queuing w il l b e appl ied to m atc h th e sub -rate b andw idth of th e Internet c onnec tion.
J a n u a r y 1 8 , 2 0 0 8
3 8
E gres s I n tern et Q oS P olic y C on f igu ration

pol ic y-map F airQ ueue c l ass c l ass-def aul t f air-queue ! pol ic y-map S h apeE gress c l ass c l ass-def aul t ban dw idth < L ev el -3 I n tern et Ac c ess B an dw idth > ran dom-detec t sh ape peak < L ev el -3 I n tern et Ac c ess B an dw idth > serv ic e-pol ic y F airQ ueue ! in terf ac e S erial 0 / 0 serv ic e-pol ic y output S h apeE n gress
D a ta Center E gress M PL S Q oS Pol icy

Th e Drain CE Router c onnec ts to Lev el -3 MP LS VP N S erv ic e v ia G ig ab it Eth ernet, b ut onl y h as a sub -rate serv ic e. An outb ound Q oS pol ic y m ust b e appl ied to m atc h th e sub rate b andw idth and enf orc e th e Reg us Q oS P ol ic ies and m ap to th e Lev el -3 queues. Th e tab l e b el ow c al c ul ates th e m axim um v al ues b ased on sites and ph ones. Initial h ead end b andw idth m ay not satisf y th ese m axim um v al ues. Th ey c an b e adj usted ov er tim e until as th e num b er of ph ones and h ead end b andw idth inc reases.
Data C en ter B an d w id th C alc u lation s
S e rv i c e C l a s s
Voic e P ayl oad
P h ones = 10,000 G atew ays = 67 S ites = 67
B a n d w id th C a lc u la tio n
Voic e Mail = (192 Max U nity P orts) * 84 k b ps V o ic e M a il = TAP s = 8 * 84 k b ps = 16 .12 8 M b p s 672 k b ps
I P C = 42 M b p s
IP Com m unic ator = (5%
of P h ones) * 84k b ps
Voic e S ig nal ing Mg m t
V o i c e P a y l o a d = 49 M b p s V o i c e S i g = 2 .6 48 M b p s
Voic e P ayl oad =
TAP s + IP C + VM
Voic e S ig = (IP P h one + G atew ays) * 263 b ps
Cl ass-def aul t (S h ared) Routing
128 k b ps 32 k b ps
F air Q ueue
J a n u a r y 1 8 , 2 0 0 8
3 9
E gres s M P L S Q oS P olic y C on f igu ration

pol ic y-map F airQ ueue c l ass c l ass-def aul t f air-queue ! pol ic y-map S h apeE gress c l ass V oic eP ayl oad priority 49 0 0 0 set dsc p ef c l ass V oic eS ign al ban dw idth 2 73 5 set dsc p c s6 c l ass V ideo set dsc p ef priority 8 c l ass R outin g ban dw idth 3 2 c l ass M gmt ban dw idth 12 8 ran dom-detec t set dsc p af 2 1 c l ass c l ass-def aul t ban dw idth < L ev el -3 M P L S Ac c ess B an dw idth > ran dom-detec t sh ape peak < L ev el -3 M P L S Ac c ess B an dw idth > serv ic e-pol ic y F airQ ueue ! in terf ac e S erial 0 / 0 serv ic e-pol ic y output S h apeE n gress
PO P E gress M PL S Q oS Pol icy

E gres s M P L S Q oS P olic y C on f igu ration
pol ic y-map F airQ ueue c l ass c l ass-def aul t f air-queue ! pol ic y-map S h apeE gress c l ass V oic eP ayl oad priority set dsc p ef c l ass V oic eS ign al ban dw idth set dsc p c s6 c l ass V ideo set dsc p ef priority 8
J a n u a r y 1 8 , 2 0 0 8
40
c l ass R outin g ban dw idth 3 2 c l ass M gmt ban dw idth 12 8 ran dom-detec t set dsc p af 2 1 c l ass c l ass-def aul t ban dw idth < L ev el -3 M P L S Ac c ess B an dw idth > ran dom-detec t sh ape peak < L ev el -3 M P L S Ac c ess B an dw idth > serv ic e-pol ic y F airQ ueue ! in terf ac e S erial 0 / 0 serv ic e-pol ic y output S h apeE n gress
Su m m a ry of Q oS D esign
Q oS m ust b e def ined on al l interf ac es to ensure appl ic ation b andw idth , j itter, and del ay requirem ents are m et during tim es of c ong estion Distinc t S h ared and Dedic ated S erv ic e Cl asses Lev el -3 MP LS Q oS S w itc h Q oS Mapping
Rem ark ing and Q ueue tuning
Internet Eg ress P ol ic y Data Center Eg ress P ol ic y P O P Eg ress P ol ic y
J a n u a r y 1 8 , 2 0 0 8
41
N am ing C o nvent io ns and Addit io nal Services

Na m ing Convention
Reg us netw ork el em ents are nam ed ac c ording to f unc tion w ith in th e inf rastruc ture prov iding c l ear del ineation at a g l anc e of a dev ic es rol e. Th is w il l c ontinue to b e used as w e rol l out th e S tar N etw ork S ol ution. S ite Router
rtr +
IDF num b er +
F l oor num b er +
S ite num b er +
Index
Layer 3 S w itc h
Exam pl e: 7704-7-1-rtr01 S ite num b er +
Layer 2 P ow ered S w itc h S ite num b er + F l oor num b er + psw + IDF num b er +
Exam pl e: 7704-7-1-psw 01-r
Index+ r
psw or nsw
IDF num b er +
F l oor num b er +
Layer 2 N on-P ow ered S w itc h S ite num b er + F l oor num b er + nsw + IDF num b er +
Exam pl e: 7704-7-1-psw 01
Index
Drain CE Router
J a n u a r y 1 8 , 2 0 0 8
Exam pl e: 7704-7-1-nsw 01
Index
42
Co-l oc ation S ite Ab b rev iation + Index dc e +
Exam pl e: CIN -dc e-01 Drain IX C Router dixc +
Co-l oc ation S ite Ab b rev iation +
Index
AS A (F irew al l ) asa + Index
Exam pl e: CIN -dixc -01 Co-l oc ation S ite Ab b rev iation +
Exam pl e: CIN -asa-01 Eac h f iel d, exc ept th e index, is separated b y a h yph en. S ite IDs are norm al iz ed to 4 dig its b y added a 7 to th e f ront of 3 dig it site IDs. Exam pl e: S ite 704 = 7704
I P A ddressing (Pu b l ic a nd Priva te)

In th e Interim N etw ork desig n, Reg us w il l c ontinue to use address spac e f rom th e b l oc k s of 10.0.0.0/ 8 172.18.0.0/ 16 and th eir pub l ic address spac e f rom 66.202.0.0/ 18.
P u b lic A d d r e s s S p a c e
O ptim al l y, sinc e th ere w il l b e Eig h t Reg ions, th e sim pl est c ase w oul d b e to b reak up th e / 18 into 8 / 21s and adv ertise a sing l e / 21 f or eac h reg ional drain. H ow ev er, th is is not tec h nic al l y f easib l e sinc e som e b l oc k s h av e al ready b een al l oc ated. B ut, it is possib l e to h av e 16 / 22s al l oc ated, ac h iev ing th e sam e net ef f ec t v ia an al l oc ation of a pair of / 22s per drain. We w il l th eref ore depl oy th is m odel . F or exam pl e, f or m edium sites, th ere w il l b e a / 27 al l oc ated f or th e site f or c ustom er pub l ic Address spac e. (Th is / 27 w il l b e tak en f rom one of th e tw o reg ional / 22 b l oc k s f or w h ic h th is site is a m em b er). F rom th is / 27, a / 29 w il l b e al l oc ated f or N AT Transl ation. Th e f irst / 32 f rom th e / 27 w il l b e used f or th e Router f or term inating VP N peering s f rom rem ote VP N users suc h as IN X , Centrinet, N etsurant, etc .
J a n u a r y 1 8 , 2 0 0 8
43
Note
In th e Ac c ess Manag er m odel , a / 29 is l oc ated at th e Rem ote S ite f or Loc al N AT. In th e Central iz ed N AT m odel f or th e Interim Desig n th e sam e sc h em e w il l b e used. H ow ev er, th e / 29 f or th e N AT P ool w il l b e l oc ated at th e prim ary drain th at w il l b e perf orm ing N AT/ P AT Transl ation. Th is al l ow s f or c onsistenc y f or N AT pool al l oc ation al l ow ed f or m ix/ m atc h N AT Tec h niques if nec essary ev en w ith in a Reg ion. In essenc e, th e onl y th ing th at c h ang es is th e l oc ation of th e N AT P ool . (Router v s. AS A F irew al l )
P r iv a te A d d r e s s S p a c e
F or a m edium S ite suc h as G l endal e, WI, th ere w il l b e a / 21 al l oc ated f rom 10.x.x.x address pool . Th is w il l b e assig ned b y Centrinet. th e P riv ate
F or th e H ead End Drain sites suc h as CIN or S F O , th ere w il l b e a / 24 al l oc ated out of th e 10.224.0.0/ 13 address spac e th at c urrent h ead ends in S ec auc us and Atl anta h av e som e al l oc ations al ready f rom . In th e CIN site, th is w il l b e used f or Cal l Manag er, U nity inf rastruc ture, serv ers, etc and w il l b e tak en f rom th e 10.224.16.0/ 24 address spac e. Cal l Manag er, U nity and Manag em ent at CIN w il l eac h b e al l oc ated a / 27. Th ere is a spec ial c ase w h ere th e RF C 1918 172.16.0.0 - 172.31.255.255 (172.16/ 12 pref ix) spac e is used f or Manag em ent VLAN s, Reg us S taf f and Router IDs. B ased on c onv ersations w ith Reg us and Centrinet, w e h av e dec ided to use th e f ol l ow ing spac e f or th is f unc tional ity: 172.20.0.0/ 12 th roug h 172.23.0.0/ 12 f or N ew Interim Desig n S ites 172.28.0.0/ 12 th roug h 172.31.0.0/ 12 f or IB M S ites (Al ready al l oc ated) Centrinet is responsib l e f or th e upk eep and prov isioning of address spac e. Th is tab l e w as prov ided to Cisc o f rom Centrinet in J anuary, 2008 and w il l b e used f or th e b asis f or al l IP Addressing . Drain 1 w il l b e al so k now n as th e Cinc innati Center. (CIN ), drain 2 w il l b e al so k now n as th e S an F ranc isc o P O P (S F O ), and so on. Th is is desc rib ed in th e tab l e b el ow .
Drain N am e C in c in n a t i Sa n F r a n N Y C D a lla s At l a n t a D C L A Se a t t l e
1 2 3 4 5 6 7 8
J a n u a r y 1 8 , 2 0 0 8
44
Eac h drain is al l oc ated a priv ate b l oc k of addresses f or inf rastruc ture, c al l m anag ers, serv ers, etc . Th is m apping is desc rib ed h ere:
Drain N u m b e r Drain N am e C in c in n a t i Sa n F r a n N Y C D a lla s At l a n t a D C L A Se a t t l e Drain s e rv ic e b l o c k s / 24 p e r d rain 10 . 224. 16. 0 / 24 10 . 224. 17. 0 / 24 10 . 224. 18. 0 / 24 10 . 224. 19 . 0 / 24 10 . 224. 20 . 0 / 24 10 . 224. 21. 0 / 24 10 . 224. 22. 0 / 24 10 . 224. 23. 0 / 24
1 2 3 4 5 6 7 8
Eac h drain is al so al l oc ated a pub l ic b l oc k of addresses f or eac h Reg ion.

C l ie nt P u b l ic I P al l o c at io ns Drains 1 2 3 1 2 4 5 3 1 6 2 7 4 8
A nc h / 29 ' s 66. 20 66. 20 66. 20 66. 20 66. 20 66. 20 66. 20 66. 20
o rB lo c k s 2. 160 . 0 2. 164. 0 2. 168. 0 2. 172. 0 2. 176. 0 2. 180 . 0 2. 184. 0 2. 188. 0 / 22 / 22 / 22 / 22 / 22 / 22 / 22 / 22
O th e 66. 20 66. 20 66. 20 66. 20 66. 20 66. 20 66. 20 66. 20
rb lo c k s 2. 128. 0 / 22 2. 132. 0 / 22 2. 136. 0 / 22 2. 140 . 0 / 22 2. 144. 0 / 22 2. 148. 0 / 22 2. 152. 0 / 22 2. 156. 0 / 22
Th e S ite Cl ient P ub l ic IP addresses are al l oc ated as f ol l ow s:

66. 20 2. 128. 0 / 18 An c h o r b l o c k s ( N AT ) SM AL L M E D IU M L AR G E R e g u s P u b l ic A d d re s s S p ac e / 29 / 28 / 27 / 26
J a n u a r y 1 8 , 2 0 0 8
45
Th e S ite Cl ient P riv ate IP addresses are sh ow n b el ow .
C l ie nt P riv at e I P al l o c at io ns Drains 1 2 3 1 2 4
5 3 1 6 2 7 4 8
M ain b l o 10 . 112. 0 10 . 116. 0 10 . 120 . 0 10 . 124. 0 10 . 128. 0 10 . 132. 0 10 . 136. 0 10 . 140 . 0
c k s . 0 / 14 . 0 / 14 . 0 / 14 . 0 / 14 . 0 / 14 . 0 / 14 . 0 / 14 . 0 / 14
O th e rb lo c k s 10 . 225. 0 . 0 / 16 10 . 226. 0 . 0 / 15 10 . 228. 0 . 0 / 15 10 . 230 . 0 . 0 / 16
Th e S taf f IP addresses are sh ow n b el ow . U pdate pending Centrinet.

S t af f I P al l o c at io ns Drains 1 2 3 1 2 4
5 3 1 6 2 7 4 8
M ain b l o c k s 172 172 172 172 172 172 172 172
T h is o n e n e e d s to b e u p d a te d b y C e n tr in e t
Th e f ol l ow ing Desig n Rul es are used f or IP Addressing and w il l c ontinue to b e used g oing f orw ard. P E a n d C E R o u t e r W AN I n t e rf a c e s Wil l b e tak en f rom C E R o u t e r L AN I n t e rf a c e Wil l b e / 30s Assig ned b y Centri.N et th e 10/ 8 address spac e
Assig ned and doc um ented b y Im pl em entation Team Th ird usab l e address f rom x.x.x.5 / 30 )
th e 10 rang e assig ned to th e site (ie. typic al l y
L 3 S w i t c h L AN R o u t e d I n t e rf a c e
J a n u a r y 1 8 , 2 0 0 8
Mem b er of a / 30 sub net w ith th e Layer 3 sw itc h LAN interf ac e
46
F ourth usab l e address f rom x.x.x.6/ 30) R o u te rL o o p b a c k
th e 10 rang e assig ned to th e site (ie. typic al l y
Mem b er of a / 30 sub net w ith CE LAN Interf ac e th e 172 rang e assig ned to th e site
/ 32 Mask
Last usab l e address - 5 f rom
D om a in Na m e Service (D NS)
Th e dom ain nam e f or Reg us netw ork ing equipm ent is ac c essreg us.c om . It is m anag ed and m aintained b y Lev el -3. Th e DN S N am e w il l b e c onf ig ured on al l routers as th e f ol l ow ing . Lev el -3 DN S serv ers < IP Address O ne>
< IP Address Tw o>
DNS C on f igu ration

ip domain -n ame ac c essregus. c om
Sim p l e Network M a na gem ent Protocol (SNM P)

S N MP c onf ig uration is required in order to enab l e f aul t m anag em ent system s to m onitor th e g eneral status of netw ork el em ents. S N MP w il l b e c onf ig ured w h en Day 2 support starts m anag ing th e netw ork .
Sy sl og Servers
Log g ing of S Y S LO G m essag es is a rec om m ended prac tic e and is essential f rom a m anag em ent perspec tiv e. S ysl og Messag es w il l b e b uf f ered on al l routers initial l y. Log g ing serv er IP addresses w il l b e added w h en Day 2 starts m anag ing th e netw ork .
Network T im e Protocol (NT P)

N TP sync h roniz es tim e-stam ping am ong f rom a serv er to a num b er of routers c onf ig ured f or N TP . Th e N TP desig n f or th e netw ork w il l f ol l ow at tiered approac h . Rem ote S ite Dev ic es sync of f CE Router Loopb ac k 0 interf ac e Drain P Es sync of f N TP sourc es on th e Internet o tic k .usnog ps.nav y.m il o tim e-a.nist.g ov
CE Routers sync of f prim ary and sec ondary Drain P E Loopb ac k 0 Interf ac es
J a n u a r y 1 8 , 2 0 0 8
47
NT P C on f igu ration
n tp update-c al en dar n tp serv er 10 . 2 2 4. 0 . 1
I n B a nd M a na gem ent (SSH )

S ec ure S h el l (S S H ) is a protoc ol th at prov ides a sec ure, rem ote c onnec tion to a router. Th ere are c urrentl y tw o v ersions of S S H av ail ab l e, S S H Version 1 and S S H Version 2. S S H Version 2 is rec om m ended.
Th e S S H serv er f eature enab l es a S S H c l ient to m ak e a sec ure, enc rypted c onnec tion to a Cisc o router. Th is c onnec tion prov ides f unc tional ity th at is sim il ar to an inb ound Tel net c onnec tion. Th e S S H serv er in Cisc o IO S sof tw are w il l w ork w ith pub l ic l y and c om m erc ial l y av ail ab l e S S H c l ients. Reg us w il l util iz e S S H as th e rem ote ac c ess protoc ol . SSH requires an IPsec image
SSH C on f ig
!--- Gen erate an R S A k ey pair f or your router, S S H c rypto k ey gen erate rsa !--- C on f igure S S H ! ip ssh time-out 60 ip ssh auth en tic ation -retries 3 !--- P r e v e n t n o n -S S H l in e v ty 0 4 tran sport in put ssh T e l n e t s . w h ic h automatic al l y en abl es
O u t of B a nd M a na gem ent
Th e standard depl oym ents w il l h av es m odem s attac h ed to eac h O O B router in th e Data Center and P O P and th e CE Router at rem ote sites.
A A A Services
Loc al Auth entic ation w il l b e c onf ig ured onl y on al l routers and sw itc h es. AAA serv er w il l b e c onf ig ured at a l ater date. Th e f ol l ow ing usernam e and priv il eg e l ev el s w ere extrac ted f rom an IB M P h ase A c onf ig uration. A new l ist needs to b e def ined or updated as Day 2 support starts m anag ing th e netw ork . In al l c ases th e usernam e c om m and sh oul d im pl em ent at sec ret passw ord w h ic h c annot b e dec rypted as passw ord 7.
J a n u a r y 1 8 , 2 0 0 8
48
U s ern am e C on f ig
usern usern usern usern usern usern usern usern usern usern ame ame ame ame ame ame ame ame ame ame
bv sm priv il ege 15 sec ret 5 n etsuran t priv il ege 15 sec ret 5 an il . v ettl e priv il ege 15 sec ret 5 mik e. tow er priv il ege 15 sec ret 5 bryan . darn el l priv il ege 15 sec ret 5 w il f red. dsouz a priv il ege 15 sec ret 5 saurabh . k h are priv il ege 15 sec ret 5 amit. sh arma priv il ege 15 sec ret 5 en gin eer priv il ege 15 sec ret 5 in x priv il ege 1 sec ret 5
CD P Services
Cisc o Disc ov ery P rotoc ol (CDP ) is used f or som e netw ork m anag em ent f unc tions, b ut is dang erous in th at it al l ow s any system on a direc tl y c onnec ted seg m ent to l earn th at th e router is a Cisc o dev ic e, and to determ ine th e m odel num b er and th e Cisc o IO S sof tw are v ersion b eing run. Th is inf orm ation m ay in turn b e used to desig n attac k s ag ainst th e router. CDP inf orm ation is ac c essib l e onl y to direc tl y c onnec ted system s. Th e CDP protoc ol m ay b e disab l ed g l ob al l y or on a partic ul ar interf ac e.
Note
It is Cisc os rec om m endation to disab l e CDP on al l external f ac ing interf ac es.
J a n u a r y 1 8 , 2 0 0 8
49
Site D esig n s
Sit e R o u t er D esig n
Eac h S ite Router w il l h av e a 3845 Router th at attac h es to th e Lev el 3 MP LS Core b y eith er:
M u l til ink P P P (Nx T 1)
Nx T 1 &
G iga b it Eth ernet
DS3 Connectivity
DS3 m a y b e p rovided b y Level -3 via G iga b it Eth ernet
J a n u a r y 1 8 , 2 0 0 8
50
W A N Connectivity
Th is sec tion disc usses th e WAN c onnec tiv ity to th e Core f or b oth N xT1 and DS 3 and h ig h l ig h ts th e c onf ig uration sam pl es f or c onnec tiv ity. It al so sh ow s th e Mul til ink P P P c onf ig uration th at w il l b e depl oyed f or N xT1 sites. Lev el -3 h as an additional P E h andof f th at m ay b e depl oyed w h ere nxT1 and DS 3 sites c onnec t v ia Eth ernet.
T 1 C on troller C on f igu ration
c on trol l er T 1 0 f ramin g esf l in ec ode b8 z s c h an n el -group ! c on trol l er T 1 0 f ramin g esf l in ec ode b8 z s c h an n el -group ! c on trol l er T 1 0 f ramin g esf l in ec ode b8 z s c h an n el -group ! c on trol l er T 1 0 f ramin g esf l in ec ode b8 z s c h an n el -group / 2 / 0
timesl ots 1-2 4 / 2 / 1 0 timesl ots 1-2 4 / 3 / 0 0 timesl ots 1-2 4 / 3 / 1 0 timesl ots 1-2 4
M u ltilin k C on f igu ration

in terf ac e M ul til in k 1 ip address 10 . 2 3 1. 3 2 . 2 0 6 2 55. 2 55. 2 55. 2 52 ppp mul til in k ppp mul til in k group 1 !
Serial I n terf ac e C on f igu ration

in terf ac e S erial 0 / 2 / 0 :0 n o ip address en c apsul ation ppp ppp mul til in k ppp mul til in k group 1 ! in terf ac e S erial 0 / 2 / 1:0 n o ip address en c apsul ation ppp ppp mul til in k ppp mul til in k group 1
J a n u a r y 1 8 , 2 0 0 8
51
in terf ac e S erial 0 / 3 / 0 :0 n o ip address en c apsul ation ppp ppp mul til in k ppp mul til in k group 1 ! in terf ac e S erial 0 / 3 / 1:0 n o ip address en c apsul ation ppp ppp mul til in k ppp mul til in k group 1
E I G RP Process
E I GR P C on f igu ration
R outer eigrp 14676 passiv e-in terf ac e def n o passiv e-in terf ac e n etw ork 10 . 2 . 1. 1 0 . 0 . n etw ork 10 . 12 2 . 2 0 8 . 0 auto-summary eigrp router-id 10 . 2 3 ! aul t GigabitE th ern et0 / 1 0 . 0 0 . 0 . 0 . 2 55 1. 3 2 . 2 0 6
E I G RP I nterf a ce Connectivity
E I GR P I n terf ac e C on f igu ration
! in terf ac e GigabitE th ern et0 / 1 ip address 10 . 12 2 . 2 0 8 . 5 2 55. 2 55. 2 55. 2 52 ip summary-address eigrp 14676 0 . 0 . 0 . 0 0 . 0 . 0 . 0 dupl ex auto speed auto media-type rj 45 !
2 54
B G P Conf igu ra tion

B GP C on f igu ration
router bgp 14676 n o syn c h ron iz ation bgp router-id 10 . 2 3 bgp l og-n eigh bor-c h n etw ork 10 . 12 2 . 2 0 8 . n etw ork 66. 2 0 2 . 12 8 . n etw ork 66. 2 0 2 . 13 5. n eigh bor 10 . 2 3 1. 3 2 .
1. 3 2 . 2 0 6 an ges 0 mask 2 55. 2 55. 2 48 . 0 0 mask 2 55. 2 55. 2 48 . 0 0 mask 2 55. 2 55. 2 55. 0 2 0 5 remote-as 650 0 0
route-map set_ regus_ c ommun ity route-map set_ publ ic _ c ommun ity
J a n u a r y 1 8 , 2 0 0 8
52
n eigh bor 10 . 2 3 1. 3 2 . 2 0 5 passw ord 7 10 5C 0 C 1E 10 0 4 n eigh bor 10 . 2 3 1. 3 2 . 2 0 5 sen d-c ommun ity n eigh bor 10 . 2 3 1. 3 2 . 2 0 5 distribute-l ist 50 in n eigh bor 10 . 2 3 1. 3 2 . 2 0 5 maximum-pref ix 1 n o auto-summary ip route 10 . 12 2 . 2 0 8 . 0 2 55. 2 55. 2 48 . 0 N ul l 0 2 54 ! ip bgp-c ommun ity n ew -f ormat ! ! ac c ess-l ist 10 permit 10 . 0 . 0 . 0 0 . 2 55. 2 55. 2 55 l og ac c ess-l ist 50 remark D istribute l ist f or E I GR P an d B GP ac c ess-l ist 50 permit 0 . 0 . 0 . 0 ac c ess-l ist 66 permit 66. 2 0 2 . 0 . 0 0 . 0 . 2 55. 2 55 ! ! route-map set_ publ ic _ c ommun ity permit 10 matc h ip address 66 set c ommun ity 66:1 67:3 14676:9 77 ! route-map set_ regus_ c ommun ity permit 10 matc h ip address 10 set c ommun ity 14676:9 77 !
D F AU L T -O N L Y
map
IO SF W
IO S F W w il l b e depl oyed on th e CE router at eac h rem ote site. S tandard inspec tion rul es w il l b e initial l y appl ied. Day 2 support w il l h andl e c ustom c h ang es f or spec if ic c l ients. Th e inspec tion rul es are appl ied inb ound on th e F ast Eth ernet c onnec tion to th e H ub Layer-3 S w itc h .
I nsp ection Ru l es
I n s p ec tion R u les C on f ig
ip ip ip ip ip ip ip ip ip ip ip ip ip ip ip ip ip ip ip in in in in in in in in in in in in in in in in in in in spec spec spec spec spec spec spec spec spec spec spec spec spec spec spec spec spec spec spec t t t t t t t t t t t t t t t t t t t n ame n ame n ame n ame n ame n ame n ame n ame n ame n ame n ame n ame n ame n ame n ame n ame n ame n ame n ame R egusI R egusI R egusI R egusI R egusI R egusI R egusI R egusI R egusI R egusI R egusI R egusI R egusI R egusI R egusI R egusI R egusI R egusI R egusI n spec n spec n spec n spec n spec n spec n spec n spec n spec n spec n spec n spec n spec n spec n spec n spec n spec n spec n spec t t t t t t t t t t t t t t t t t t t c useeme dn s f tp h 3 2 3 ic mp imap pop3 n etsh ow rc md real audio rtsp esmtp sql n et streamw ork s tf tp tc p udp v dol iv e sip
J a n u a r y 1 8 , 2 0 0 8
53
ip in spec t ip in spec t ip in spec t ip in spec t ip in spec t ip in spec t ip in spec t ip in spec t ip in spec t ip in spec t ip in spec t ip in spec t ip in spec t ip in spec t ip in spec t ip in spec t ip in spec t ip in spec t ip in spec t ip in spec t ip in spec t ip in spec t ip in spec t ip in spec t ip in spec t ip in spec t ip in spec t ip in spec t ip in spec t ip in spec t ip in spec t ip in spec t ip in spec t ip in spec t ip in spec t ip in spec t ip in spec t ip in spec t ip in spec t ip in spec t ip in spec t ip in spec t ip in spec t ip in spec t ip in spec t ip in spec t ip in spec t ip in spec t ip in spec t ip in spec t ip in spec t ip in spec t ip in spec t ip in spec t ip in spec t ip in spec t ip in spec t ip in spec t ip in spec t ip in spec t ip in spec t ip in spec t ip in spec t ip in spec t ip in spec t ! in terf ac e F ip in spec t J a n u a r y 1 8 , 2 0 0 8
n ame n ame n ame n ame n ame n ame n ame n ame n ame n ame n ame n ame n ame n ame n ame n ame n ame n ame n ame n ame n ame n ame n ame n ame n ame n ame n ame n ame n ame n ame n ame n ame n ame n ame n ame n ame n ame n ame n ame n ame n ame n ame n ame n ame n ame n ame n ame n ame n ame n ame n ame n ame n ame n ame n ame n ame n ame n ame n ame n ame n ame n ame n ame n ame n ame
R egusI R egusI R egusI R egusI R egusI R egusI R egusI R egusI R egusI R egusI R egusI R egusI R egusI R egusI R egusI R egusI R egusI R egusI R egusI R egusI R egusI R egusI R egusI R egusI R egusI R egusI R egusI R egusI R egusI R egusI R egusI R egusI R egusI R egusI R egusI R egusI R egusI R egusI R egusI R egusI R egusI R egusI R egusI R egusI R egusI R egusI R egusI R egusI R egusI R egusI R egusI R egusI R egusI R egusI R egusI R egusI R egusI R egusI R egusI R egusI R egusI R egusI R egusI R egusI R egusI
n spec n spec n spec n spec n spec n spec n spec n spec n spec n spec n spec n spec n spec n spec n spec n spec n spec n spec n spec n spec n spec n spec n spec n spec n spec n spec n spec n spec n spec n spec n spec n spec n spec n spec n spec n spec n spec n spec n spec n spec n spec n spec n spec n spec n spec n spec n spec n spec n spec n spec n spec n spec n spec n spec n spec n spec n spec n spec n spec n spec n spec n spec n spec n spec n spec
t t t t t t t t t t t t t t t t t t t t t t t t t t t t t t t t t t t t t t t t t t t t t t t t t t t t t t t t t t t t t t t t t
c itrix c itriximac l ien t ddn s-v 3 ec h o f ragmen t maximum 2 56 timeout 1 f tps h 3 2 3 c al l sigal t h 3 2 3 gatestat h srp ic a ic abrow ser iden t imap3 imaps ipsec -msf t isak mp k erberos l 2 tp l dap l dap-admin l daps l ogin mic rosof t-ds ms-c l uster-n et ms-dotn etster ms-sn a ms-sql msexc h -routin g mysql n 2 h 2 serv er n etbios-dgm n etbios-n s n etbios-ssn n etstat n f s n tp pc an yw h eredata pc an yw h erestat pop3 s qmtp r-w in soc k radius sen d sip-tl s sn mp ssh sn mptrap soc k s sql serv sql srv ssh el l stun sysl og sysl og-c on n tac ac s tac ac s-ds tel n et tel n ets time timed w h o w in s h ttp h ttps sk in n y al ert of f audit-trail of f
timeout 40 0 0
astE th ern et 0 / 48 R egusI n spec t in R e g u s L A N /W A N T r a n s p o r t D e s ig n
54
I nb ou nd A CL
Th e inb ound ACLs h eav il y rel y on th e standard addressing sc h em e depl oyed in th e netw ork . If IP Address spac e is not al l oc ated f rom th e standard b l oc k s suc h as th e S taf f VLAN (172.x.x.x.) th en th is ACL w il l h av e to b e m odif ied.
I n bou n d AC L C on f ig
in terf ac e S erial ip ac c ess-group ! ac c ess-l ist 13 0 ac c ess-l ist 13 0 ac c ess-l ist 13 0 ac c ess-l ist 13 0 ac c ess-l ist 13 0 ac c ess-l ist 13 0 ac c ess-l ist 13 0 ac c ess-l ist 13 0 ac c ess-l ist 13 0 ac c ess-l ist 13 0 ac c ess-l ist 13 0 ac c ess-l ist 13 0 ac c ess-l ist 13 0 ac c ess-l ist 13 0 ac c ess-l ist 13 0 ac c ess-l ist 13 0 ac c ess-l ist 13 0 0 / 0 13 0 in remark permit permit permit permit remark permit permit remark permit permit permit remark permit permit remark permit I n boun d AC L on T 3 S erial I n terf ac e ip 10 . 2 54. 0 . 0 0 . 0 . 3 1. 2 55 an y ip 10 . 2 54. 118 . 0 0 . 0 . 0 . 2 55 an y ip 2 16. 73 . 12 8 . 12 8 0 . 0 . 0 . 12 7 an y ip 66. 2 0 2 . 12 8 . 0 0 . 0 . 63 . 2 55 an y S ite P ubl ic Address R an ge ip an y 66. 2 0 2 . 161. 3 2 0 . 0 . 0 . 3 1 ip an y 66. 2 0 2 . 163 . 3 2 0 . 0 . 0 . 3 1 E xtern al P riv ate to I n tern al 10 D ot addresses ip 10 . 0 . 0 . 0 0 . 2 55. 2 55. 2 55 10 . 118 . 160 . 0 0 . 0 . 7. 2 55 ip 172 . 16. 0 . 0 0 . 15. 2 55. 2 55 10 . 118 . 160 . 0 0 . 0 . 7. 2 55 ip 19 2 . 168 . 0 . 0 0 . 0 . 2 55. 2 55 10 . 118 . 160 . 0 0 . 0 . 7. 2 55 E xtern al P riv ate to I n tern al 172 D ot addresses ip 10 . 0 . 0 . 0 0 . 2 55. 2 55. 2 55 172 . 2 8 . 168 . 0 0 . 0 . 1. 2 55 ip 172 . 16. 0 . 0 0 . 15. 2 55. 2 55 172 . 2 8 . 168 . 0 0 . 0 . 1. 2 55 E xtern al R outer W an I n terf ac e S ubn et bgp 172 . 2 8 . 169 . 2 52 0 . 0 . 0 . 3 an y
Q u a l ity of Service
S ee th e m ain Q oS sec tion in th is doc um ent.
M u l tica st
Mul tic ast Routing is required to support Music O n H ol d stream ing f or IP Com m unic ator and IP P h ones at eac h Rem ote S ite. Eac h CE Router w il l sourc e th e Music O n H ol d stream l oc al l y f rom a f il e in f l ash , so Mul tic ast ac ross th e Lev el -3 MP LS WAN is not required.
M u ltic as t C on f ig
ip mul tic ast routin g
PI M
P rotoc ol Im pendent Mul tic ast (P IM) is enab l ed on an interf ac e b asis b y c onf ig uring ip pim sparse-dense-m ode. It is required on th e Loopb ac k 0 interf ac e of th e CE Router. Additional l y, P IM m ust b e c onf ig ured on th e l ink b etw een th e 3845 CE Router and H ub Layer 3 S w itc h (3560).
55
P IM
C on f ig
in terf ac e L oopbac k 0 ip address 172 . 2 8 . 2 51. 2 51 2 55. 2 55. 2 55. 2 55 ip pim sparse-den se-mode ! in terf ac e GigabitE th ern et0 / 0 desc ription L in k to 3 560 H ub S w itc h F astE th ern et 0 / 48 ip address 10 . 119 . 2 40 . 5 2 55. 2 55. 2 55. 2 52 ip pim sparse-den se-mode
M u sic O n H ol d
Th e m usic f il e (m usic -on-h ol d.au) is stored on th e CE Router (3845) f l ash and stream to th e VLAN topol og y w ith in th e site. Th e exac t c onf ig uration is spec if ied w ith in th e IP T LLD Doc um ent.
D H CP Services
DH CP S erv ic es w il l b e h andl ed b y th e Rem ote S ite CE Router. A DH CP P ool w il l b e c reated f or eac h VLAN requiring serv ic es. S tatic IP Addresses (routers, Reg us Cl ients, etc ) w il l b e exc l uded f rom th e VLAN s pool . Th e IP P h one TF TP serv ers are spec if ied w ith th e O ption 150 c om m and. In addition to th e Voic e VLAN (200), O ption 150 m ust b e av ail ab l e to oth er VLAN s w h ere IP Com m unic ator w oul d b e depl oyed. Additional l y, th e dh c p b inding s datab ase w il l b e stored on th e CE Routers f l ash . Lev el -3 DN S serv ers w il l b e prov ided on Data VLAN s Internal DN S serv ers w il l b e prov ided on th e Voic e VLAN
DH C P C on f ig
ip dh c p database f l ash :dh c p_ bin din gs ip dh c p exc l uded-address 10 . 119 . 2 40 . 9 ip dh c p pool V L AN 649 n etw ork 10 . 118 . 161. 176 2 55. 2 55. 2 55. 2 40 n etbios-n ode-type h -n ode def aul t-router 10 . 118 . 161. 177 option 150 ip 10 . 2 2 4. 0 . 8 10 . 2 2 4. 8 . 9 domain -n ame ac c essregus. c om dn s-serv er < L ev el -3 D N S 1> < L ev el -3 D N S 2 > l ease 0 12
J a n u a r y 1 8 , 2 0 0 8
56
Su m m a ry of Site Rou ter D esign

G ig E Connec tiv ity direc tl y into 3560 S w itc h B G P P eering to Lev el -3 DS 3, nxT1 or G ig ab it Eth ernet c onnec tiv ity to Lev el 3
IO S F W f or S tatef ul Inspec tion DH CP S erv ic es f or al l VLAN s
Q O S O n 3845 Link to P E and Link to H ub Layer-3 S w itc h
EIG RP Def aul t Route P rov ided to 3560 S w itc h (no EIG RP on P E to CE l ink )
Mul tic ast Music O n H ol d (onl y f or LAN , no Mul tic ast on P E to CE l ink )
J a n u a r y 1 8 , 2 0 0 8
57
Sit e Sw it ch ing D esig n

Switch T op ol ogy
Th e LAN S w itc h ing desig n f or a Rem ote S ite util iz es non-stac k ab l e 3560 P oE sw itc h es (3560-48P S + 4 S F P ). Th e sw itc h attac h ing to th e CE Router w il l f unc tion as th e H ub Layer-3 S w itc h h andl ing al l inter-VLAN routing and m ul tic ast routing f or th e site. Inc reased port c apac ity is added to th e topol og y b y trunk ing additional Layer-2 sw itc h es to one of th e 3560 H ub S w itc h s f our G ig ab it Eth ernet S F P interf ac es. Its rec om m ended th at al l inter-sw itc h l ink s b e G ig ab it Eth ernet. A m axim um num b er of 240 10/ 100 Eth ernet ports are supported in th is topol og y w h ic h c an serv ic e b oth S m al l and Medium S ite types. A Larg e S ite topol og y c oul d b e ac c om pl ish ed in a sim il ar m anner, b ut w oul d require th e H ub S w itc h to h av e additional G ig ab it Eth ernet interf ac es (3560G ). O th er sol utions suc h as stac k ab l e or m odul ar c h assis sol utions are al so possib l e. Th e ph ysic al l ayout (num b er of f l oors, w iring c l oset l oc ation, etc ) of a Larg e S ite type w oul d al so inf l uenc e th e topol og y and sw itc h h ardw are sel ec tion. Th e N CO sites pl anned f or th is depl oym ent f al l into th e Medium S ite c ateg ory.
CE Rou ter L ink

Th e l ast port (F astEth ernet0/ 48) of th e H ub S w itc h w il l b e used to c onnec t to th e G ig ab itEth ernet 0/ 0 of th e CE Router. Th e speed and dupl ex of th e interf ac e w il l set to 100/ F ul l .
C E R ou ter L in k C on f ig
in terf ac e F astE th ern et0 desc ription U pl in k to n o sw itc h port ip address 10 . 118 . 160 . speed 10 0 dupl ex f ul l srr-queue ban dw idth sh srr-queue ban dw idth sh priority-queue out ml s qos trust dsc p / 48 C E R outer GigabitE th ern et0 / 0 6 2 55. 2 55. 2 55. 2 52 are 10 10 60 2 0 ape 10 0 0 0
I nter-Switch T ru nks
Inter-S w itc h Trunk s w il l util iz e th e f our G ig ab it Eth ernet S F P s ports on th e H ub S w itc h . Th e enc apsul ation of th e trunk s is set to dot1q.
J a n u a r y 1 8 , 2 0 0 8
58
I n ter-Sw itc h T ru n k C on f ig
in terf ac e GigabitE th ern et0 / 1 desc ription U pl in k to L ayer 2 S sw itc h port trun k en c apsul ation sw itc h port mode trun k srr-queue ban dw idth sh are 10 10 srr-queue ban dw idth sh ape 10 priority-queue out ml s qos trust dsc p ! in terf ac e GigabitE th ern et0 / 2 desc ription U pl in k to L ayer 2 S sw itc h port trun k en c apsul ation sw itc h port mode trun k srr-queue ban dw idth sh are 10 10 srr-queue ban dw idth sh ape 10 priority-queue out ml s qos trust dsc p
w itc h 1 dot1q 0 60 0 2 0 0
w itc h 2 dot1q 0 60 0 2 0 0
E I G RP Process
E I GR P C on f igu ration
R outer eigrp 14676 passiv e-in terf ac e def n o passiv e-in terf ac e n etw ork 10 . 2 . 1. 1 0 . 0 . n etw ork 10 . 12 2 . 2 0 8 . 0 auto-summary eigrp router-id 10 . 2 3 ! aul t F astE th ern et0 / 48 0 . 0 0 . 0 . 0 . 2 55 1. 3 2 . 2 0 6
V L A N D ef initions
Th e VLAN topol og y and num b ering is b ased th e f unc tion of a g iv en S ub net. Eac h Rem ote S ite w il l h av e th e f ol l ow ing VLAN def initions. Th e IP Address spac e al l oc ated b y Centrinet w il l b e sub div ided at eac h rem ote site. Th e f inal sub -div ision is h andl ed b y IN X w ith th e standard Reg us depl oym ent m odul e. S u b n e t F u n c tio n S taf f VLAN V L AN N u m b e r VLAN 2 VLAN 100
59
S h ared S erv ic es (P riv ate)

J a n u a r y 1 8 , 2 0 0 8
IP Address 172.x.x.x / 26 B l oc k 10.0.0.0 / 27

IP Address f rom
S h ared S erv ic es (P ub l ic ) Voic e IP Address f rom
66.202.x.x B l oc k / 29
VLAN 101 VLAN 200 VLAN 300
G uest Wirel ess P ub l ic
IP Address f or 10.x.x.x B l oc k / 23 IP Address f rom 10.x.x.x / 26 B l oc k
N o t e: W irel ess N o t p art o f t h is St ar SO W , b ut V L A N is d ef ined f o r f ut ure d ep l o y ment Eac h Cl ient w ith P ub l ic Address S pac e assig ned a separate VLAN starting w ith VLAN 400 IP Address f rom 66.202.x.x B l oc k
VLAN 400+
Touc h dow n U ser Cl ient
Def aul t VLAN f or un-assig ned ports IP Address f rom 10.x.x.x / 27
VLAN 600
Eac h Cl ient assig ned a separate VLAN starting w ith 601 IP Address f rom 10.x.x.x/ 29 (usual l y)
VLAN 601 +
Manag em ent
Manag em ent interf ac es f or al l netw ork dev ic es IP Address f rom 172.x.x.x / 27
VLAN 1000
V L A N I nterf a ces
A S w itc h Virtual Interf ac e (S VI) is c onf ig ured f or eac h c orresponding VLAN on th e H U B S w itc h .
V L AN I n terf ac e C on f ig
in terf ac e V l desc ription ip address ! in terf ac e V l desc ription ip address an 2 R egus S taf f V L AN 172 . 2 8 . 168 . 1 2 55. 2 55. 2 55. 19 2 an 10 0 S h aredR esourc es 10 . 118 . 163 . 12 9 2 55. 2 55. 2 55. 2 2 4
F a st E th ernet Ports
Al l unused ports w il l b e c onf ig ured as ac c ess sw itc h ports on th e Touc h dow n VLAN (600) w ith VLAN 200 as th e Voic e VLAN . P orts w il l b e assig ned to th e appropriate VLAN s depending on th e Reg us Cl ient ac c ess. Interf ac e desc riptions w il l b e updated as c l ients are assig ned ports.
60
F as tE th ern et P ort C on f ig
in terf ac e F astE th ern et0 / 46 c on sumption 770 0 sw itc h port ac c ess v l an 60 0 sw itc h port mode ac c ess sw itc h port v oic e v l an 2 0 0 n o l oggin g ev en t l in k -status srr-queue ban dw idth sh are 10 10 60 2 0 srr-queue ban dw idth sh ape 10 0 0 0 priority-queue out ml s qos trust dsc p ml s qos dsc p-mutation S h ared n o sn mp trap l in k -status span n in g-tree portf ast ! in terf ac e F astE th ern et0 / 47 desc ription ( V oc e C ommun ic ation s - P riv ate / pow er in l in e c on sumption 770 0 sw itc h port ac c ess v l an 60 7 sw itc h port mode ac c ess sw itc h port v oic e v l an 2 0 0 n o l oggin g ev en t l in k -status srr-queue ban dw idth sh are 10 10 60 2 0 srr-queue ban dw idth sh ape 10 0 0 0 priority-queue out ml s qos trust dsc p ml s qos dsc p-mutation S h ared n o sn mp trap l in k -status span n in g-tree portf ast
D edic ated 1M B ) pow er in l in e
V T P
Virtual Trunk ing P rotoc ol (VTP ) w as desig ned to propag ate a VLAN datab ase th roug h out a sw itc h ing topol og y. If a VLAN w as c reated th e c h ang e w oul d b e ref l ec ted on al l sw itc h es. U nf ortunatel y, th is f eature al so m ade it easy to ac c idental l y del ete an entire VLAN suc h as Voic e c ausing m aj or outag es. It rec om m ended running VTP in th e transparent m ode, w h ic h prev ents th e propag ation of VLAN inf orm ation.
V T P C on f ig
v tp domain ( R egus+ S ite I D ) v tp mode tran sparen t
M u l tica st
Mul tic ast Routing is required to support Music O n H ol d stream ing f or IP Com m unic ator and IP P h ones at eac h Rem ote S ite. O nl y th e Layer-3 H ub S w itc h requires m ul tic ast routing to b e enab l ed.
J a n u a r y 1 8 , 2 0 0 8
61
M u ltic as t R ou tin g C on f ig
ip mul tic ast-routin g distributed
PI M
Stu b
P rotoc ol Independent Mul tic ast S parse Mode (P IM-S M) m ust b e c onf ig ured on th e l ink b etw een th e 3845 CE Router and H ub Layer-3 S w itc h (3560) to al l ow m ul tic ast f rom th e CE Router
P rior to 12.2(37)S E c ode, th e IP B ase im ag e did not support m ul tic ast routing and P IM. It required th e IP S erv ic e im ag e. P IM S tub Mul tic ast f eature now supports m ul tic ast routing b etw een th e distrib ution l ayer and ac c ess l ayer. It supports tw o types of P IM interf ac es: upl ink P IM interf ac es and P IM passiv e interf ac es. In partic ul ar, a routed interf ac e c onf ig ured w ith th e P IM P assiv e m ode does not pass/ f orw ard P IM c ontrol pl ane traf f ic ; it onl y passes/ f orw ards IG MP traf f ic . O nl y direc t-c onnec ted m ul tic ast (IG MP ) rec eiv ers and sourc es are al l ow ed in th e l ayer 2 ac c ess dom ains. Th e P IM protoc ol is not supported in ac c ess dom ains.
Th e i p p i m p a s s i v e m ust b e c onf ig ured on eac h interf ac e VLAN w h ic h requires Music O n H ol d. It is not required on th e Layer-2 S w itc h es. Th e P IM S tub f eature h as not b een depl oyed w ith in th e c urrent Reg us env ironm ent w h ic h poses a potential risk during depl oym ent.
P IM C on f ig
in terf ac e F astE th ern et0 / 48 desc ription L in k to 3 8 45 C E ip address 10 . 119 . 2 40 . 5 2 55. ip pim sparse-den se-mode ! in terf ac e V l an 2 desc ription S taf f V L AN ip address 172 . 16. 10 . 1 2 55. 2 ip pim passiv e ! I n terf ac e V l an 2 0 0 desc ription V oic e V L AN ip address 10 . 119 . 2 3 9 . 0 2 55. ip pim passiv e R outer GigabitE th ern et0 / 0 2 55. 2 55. 2 52
55. 2 55. 0
2 55. 2 55. 0
I G M P Snoop ing
Internet G roup Manag em ent P rotoc ol (IG MP ) is a standard def ined in RF C1112 f or IG MP v 1, in RF C2236 f or IG MP v 2 and in RF C3376 f or IG MP v 3. IG MP spec if ies h ow a h ost or IP P h one c an request to j oin a m ul tic ast g roup. IG MP snooping al l ow s th e sw itc h to rec og niz e a j oin and enab l e a requested m ul tic ast g roup on a port. In addition, to th e Voic e VLAN (200), IG MP snooping m ust b e c onf ig ured on VLAN w h ere IP Com m unic ator m ay b e used.
J a n u a r y 1 8 , 2 0 0 8
62
I GM P Sn oop in g C on f ig
ip ip ip ip igmp igmp igmp igmp sn sn sn sn oopin oopin oopin oopin g g g g v l v l v l v l an an an an 2 0 0 648 642 643 immediate-l immediate-l immediate-l immediate-l eav eav eav eav e e e e
Switch SD M
T em p l a te
Th e S ec urity im pl em entation rel ies h eav y on Ac c ess Lists (ACLs). S w itc h resourc es m ust b e optim iz ed f or th e l arg e num b er of ACLS . Th e S w itc h Datab ase Manag em ent (S DM) tem pl ates al l ow tuning .
To al l oc ate ternary c ontent addressab l e m em ory (TCAM) resourc es f or dif f erent usag es, th e sw itc h S DM tem pl ates prioritiz e system resourc es to optim iz e support f or c ertain f eatures. Y ou c an sel ec t S DM tem pl ates f or IP Version 4 (IP v 4) to optim iz e th ese f eatures: VLAN sTh e VLAN tem pl ate disab l es routing and supports th e m axim um num b er of unic ast MAC addresses. It w oul d typic al l y b e sel ec ted f or a Layer 2 sw itc h . Ac c essTh e ac c ess tem pl ate m axim iz es system (ACLs) to ac c om m odate a l arg e num b er of ACLs. Def aul tTh e def aul t tem pl ate g iv es b al anc e to al l f unc tions. Routing Th e routing tem pl ate m axim iz es system resourc es f or unic ast routing , typic al l y required f or a router or ag g reg ator in th e c enter of a netw ork .
resourc es f or ac c ess c ontrol l ists
Sw itc h T em p late C on f ig
sdm pref er ac c ess
Note
Th is c om m and requires a rel oad of th e sw itc h to tak e af f ec t. Th e S DM tem pl ate in use c an b e v erif ied w ith th e s h o w s d m p re f e r c om m and.
Rem ote Site Secu rity

Th e H ub Layer 3 sw itc h (3560) restric ts or prev ents c om m unic ation b etw een th e l oc al VLAN s b y appl ied in and outb ound ACLs. Custom ers are isol ated f rom one anoth er in th is m anner. If c om m unic ation b etw een sev eral sites f or a g iv en c ustom er is required th e ACLs m ust b e c h ang ed to al l ow th is ac c ess. If inb ound traf f ic f rom th e Internet is required, th e IP serv ic e l im itation is enf orc ed exc l usiv el y on th e Layer 3 H ub S w itc h and is b ased on th e c ustom er serv ic e tem pl ate. To
J a n u a r y 1 8 , 2 0 0 8
63
k eep prov isioning sim pl er, m odul ar and site ag nostic , outb ound ACLs c om pl em ents inb ound ACL to ac h iev e th e sec urity requirem ents.
As w ith th e Q oS and B andw idth on Dem and, th e sec urity and c ustom er ac c ess tem pl ate are f rom th e IB M P h ase A m odel .
Secu rity Service Cl a sses

S e r v ic e C la s s A O u tb o u n d Al l p orts op en ou tb ou nd with th e f ol l owing ex cep tion - P ort/ Service p resenting a h igh secu rity risk In b o u n d Al l non-cl ient initia ted inb ou nd tra f f ic is b l ocked A d d r e ss T y p e S e r v ic e P a r titio n Sh a red
Sa m e a s Cl a ss A
- P ort/ Services th a t cou l d l oa d to revenu e l ea ka ge f or R egu s
V P N Cl ient
Sa m e a s Cl a ss A ex cep ting Sa m e a s Cl a ss A
P u b l ic (b u t cou l d b e rou ta b l e or p riva te a s wel l ) P riva te P u b l ic (or rou ta b l e)
Sh a red
SM T P I M AP P O P E Sa m e a s Cl a ss A
Sa m e a s Cl a ss A ex cep ting
Dedica ted
Dedica ted
Al l p orts op en ou tb ou nd with th e f ol l owing ex cep tion - P ort/ Service p resenting a h igh secu rity risk
H T T P /H T T P S
R ou ta b l e (or p u b l ic)
Dedica ted
- P ort/ Services th a t cou l d l ea d to revenu e l ea ka ge f or R egu s
Secu rity Service A ccess L ist

Th e tab l e b el ow l ists th e standard sec urity ac c ess-l ists w h ic h are appl ied depending upon th e c ustom er serv ic e c l ass. Th ese ACLs assum e th e standard Reg us m odel f or IP Address assig nm ent, so a dev iation w il l require ACL m odif ic ation. F or exam pl e, if th e Reg us S taf f VLAN is assig ned f rom th e 172.x.x.x IP Address B l oc k .
64
Access List Name

S taf f I n
Ap p l ied
to
V LAN
C u sto mer T emp l ate

D ef D ef D ef D ef D ef D ef D ef D ef D ef D ef D ef aul aul aul aul aul aul aul aul aul aul aul t t t t t t t t t t t
D ir ectio n
in
C ustomerI n C ustomerI n S taf f I n C ustomerI n P ub P ubN oI n bS v c O ut R ouN oI n bS v c O ut C ustomerI n V P N P ubI n bD O ut R outin bD O ut C ustom C ustom R estric tI P S c ope
S taf f ( 2 ) S h ared P riv ate ( 10 0 ) S h ared P ubl ic ( 10 1) V oic e ( 2 0 0 ) W irel ess ( 3 0 0 ) T ouc h dow n ( 60 0 ) P ubl ic I P ( 60 1) M an agemen t ( 10 0 0 ) P ubl ic C ustomer ( 40 0 + ) P ubl ic C ustomer ( 40 0 + ) P riv ate C ustomer ( 60 1+ ) P riv ate C ustomer ( 60 1+ ) P ubl ic C ustomer ( 40 0 + ) P riv ate C ustomer ( 60 1+ ) P ubl ic C ustomer ( 40 0 + ) P riv ate C ustomer ( 60 0 + ) U pl in k G0 / 48 ( 3 560 )
in in in in in out out in out out in in in
C l ass B C l ass D C l ass D S ite to S ite S ite to S ite S c ope restric tion
Sec u rity Ac c es s -lis t C on f ig

ip ac c ess-l ist exten ded C ustomerI n permit udp an y an y eq bootpc permit udp an y an y eq bootps permit tc p an y an y eq 9 10 0 permit tc p an y an y eq l pd permit ip an y 10 . 2 2 4. 0 . 0 0 . 0 . 15. 2 55 permit tc p an y an y eq 2 0 0 0 permit tc p an y an y eq 8 40 4 permit tc p an y an y eq 2 748 den y udp an y 10 . 0 . 0 . 0 0 . 2 55. 2 55. 2 55 gt 3 2 768 permit udp an y an y gt 163 8 4 permit tc p an y an y ran ge 3 2 3 0 3 2 3 7 permit udp an y an y ran ge 3 2 3 0 3 2 53 permit udp an y an y eq sysl og permit ic mp an y 172 . 16. 0 . 0 0 . 15. 2 55. 2 55 ec h o-repl y den y ip an y 172 . 16. 0 . 0 0 . 15. 2 55. 2 55 permit ic mp an y an y ec h o den y ip an y 10 . 0 . 0 . 0 0 . 2 55. 2 55. 2 55 den y tc p an y an y eq 172 3 den y gre an y an y den y udp an y an y eq 170 1 den y udp an y an y eq isak mp den y esp an y an y permit ip an y an y
J a n u a r y 1 8 , 2 0 0 8
65
ip ac c ess-l ist exten ded C ustomerI n P ub permit udp an y an y eq bootpc permit udp an y an y eq bootps permit tc p an y an y eq 9 10 0 permit tc p an y an y eq l pd permit ip an y 10 . 2 2 4. 0 . 0 0 . 0 . 15. 2 55 permit tc p an y an y eq 2 0 0 0 permit tc p an y an y eq 8 40 4 permit tc p an y an y eq 2 748 den y udp an y 10 . 0 . 0 . 0 0 . 2 55. 2 55. 2 55 gt 3 2 permit udp an y an y gt 163 8 4 permit tc p an y an y establ ish ed permit tc p an y an y ran ge 3 2 3 0 3 2 3 7 permit udp an y an y ran ge 3 2 3 0 3 2 53 permit udp an y an y eq sysl og permit ic mp an y 172 . 16. 0 . 0 0 . 15. 2 55. 2 55 ec h permit ic mp an y an y ec h o den y ip an y 10 . 0 . 0 . 0 0 . 2 55. 2 55. 2 55 permit ip an y an y ip ac c ess-l ist exten ded C ustomerI n V P N permit udp an y an y eq bootpc permit udp an y an y eq bootps permit tc p an y an y eq 9 10 0 permit tc p an y an y eq l pd permit ip an y 10 . 2 2 4. 0 . 0 0 . 0 . 15. 2 55 permit tc p an y an y eq 2 0 0 0 permit tc p an y an y eq 8 40 4 permit tc p an y an y eq 2 748 den y udp an y 10 . 0 . 0 . 0 0 . 2 55. 2 55. 2 55 gt 3 2 permit udp an y an y gt 163 8 4 permit tc p an y an y ran ge 3 2 3 0 3 2 3 7 permit udp an y an y ran ge 3 2 3 0 3 2 53 permit udp an y an y eq sysl og permit ic mp an y 172 . 16. 0 . 0 0 . 15. 2 55. 2 55 ec h den y ip an y 172 . 16. 0 . 0 0 . 15. 2 55. 2 55 permit ic mp an y an y ec h o den y ip an y 10 . 0 . 0 . 0 0 . 2 55. 2 55. 2 55 permit ip an y an y ip ac c ess-l ist exten ded P ubI n bD O ut permit ip 10 . 0 . 0 . 0 0 . 2 55. 2 55. 2 55 66. 2 0 2 . 12 8 permit ip 172 . 16. 0 . 0 0 . 15. 2 55. 2 55 66. 2 0 2 . 12 permit tc p an y an y eq w w w permit tc p an y an y eq 443 permit tc p an y an y eq 9 9 5 permit tc p an y an y eq pop3 permit tc p an y an y eq 465 permit tc p an y an y eq smtp permit tc p an y an y eq 143 permit tc p an y an y eq 9 9 3 permit tc p an y an y eq f tp permit tc p an y an y eq f tp-data permit tc p an y an y gt 1 establ ish ed permit esp an y an y permit udp an y an y permit gre an y an y permit ic mp an y an y den y ip an y an y ip ac c ess-l ist exten ded P ubI n bE O ut permit ip an y an y ip ac c ess-l ist exten ded P ubN oI n bS v c O ut permit tc p an y an y gt 1 establ ish ed permit ip 10 . 0 . 0 . 0 0 . 2 55. 2 55. 2 55 66. 2 0 2 . 12 8 permit ip 172 . 16. 0 . 0 0 . 15. 2 55. 2 55 66. 2 0 2 . 12 permit esp an y an y permit udp an y an y permit gre an y an y permit ic mp an y an y den y ip an y an y J a n u a r y 1 8 , 2 0 0 8
768
o-repl y
768
o-repl y
. 0
8 . 0
0 . 0 . 63 . 2 55 0 . 0 . 63 . 2 55
. 0 0 . 0 . 63 . 2 55 8 . 0 0 . 0 . 63 . 2 55
66
ip ac c ess-l ist exten ded R estric tI P S c ope permit ip an y an y ip ac c ess-l ist exten ded R ouI n bD O ut permit ip 66. 2 0 2 . 12 8 . 0 0 . 0 . 63 . 2 55 10 . 0 . 0 . 0 0 . 2 55. 2 55. 2 55 permit tc p an y an y eq w w w permit tc p an y an y eq 443 permit tc p an y an y eq 9 9 5 permit tc p an y an y eq pop3 permit tc p an y an y eq 465 permit tc p an y an y eq smtp permit tc p an y an y eq 143 permit tc p an y an y eq 9 9 3 permit tc p an y an y eq f tp permit tc p an y an y eq f tp-data permit tc p an y an y gt 1 establ ish ed permit tc p 10 . 0 . 0 . 0 0 . 2 55. 2 55. 2 55 an y permit esp an y an y permit udp an y an y permit gre an y an y permit ic mp an y an y den y ip an y an y ip ac c ess-l ist exten ded R ouI n bE O ut permit ip an y an y ip ac c ess-l ist exten ded R ouN oI n bS v c O ut permit ip 66. 2 0 2 . 12 8 . 0 0 . 0 . 63 . 2 55 10 . 0 . 0 . 0 0 . 2 55. 2 55. 2 55 permit tc p an y an y gt 1 establ ish ed permit tc p 10 . 0 . 0 . 0 0 . 2 55. 2 55. 2 55 an y permit esp an y an y permit udp an y an y permit gre an y an y permit ic mp an y an y den y ip an y an y ip ac c ess-l ist exten ded S taf f I n permit udp an y an y eq bootpc permit udp an y an y eq bootps permit tc p an y an y eq 9 10 0 permit tc p an y an y eq l pd permit tc p an y an y eq w w w permit ip an y 172 . 16. 0 . 0 0 . 15. 2 55. 2 55 permit ip an y 10 . 2 54. 118 . 0 0 . 0 . 0 . 2 55 permit ip an y 2 16. 73 . 12 8 . 12 8 0 . 0 . 0 . 12 7 permit ip an y 10 . 2 54. 0 . 0 0 . 0 . 3 1. 2 55 permit ic mp an y an y permit tc p an y an y ran ge 3 2 3 0 3 2 3 7 permit udp an y an y ran ge 3 2 3 0 3 2 53 permit ip an y 10 . 2 2 4. 0 . 0 0 . 0 . 15. 2 55 permit ip an y 10 . 2 3 9 . 2 48 . 0 0 . 0 . 1. 2 55 permit tc p an y an y eq 2 0 0 0 permit tc p an y an y eq 8 40 4 permit tc p an y an y eq 2 748 den y udp an y 10 . 0 . 0 . 0 0 . 2 55. 2 55. 2 55 gt 3 2 768 permit udp an y an y gt 163 8 4 permit udp an y an y eq sysl og den y ip an y 172 . 16. 0 . 0 0 . 15. 2 55. 2 55 permit ip an y an y
Sp a nning T ree
MS Ts or Mul tipl e S panning Trees (IEEE 802.1s) c om b ine th e b est aspec ts f rom b oth th e P VS T+ and th e 802.1q. Th e idea is th at sev eral VLAN s c an b e m apped to a reduc ed num b er of spanning tree instanc es b ec ause m ost netw ork s do not need m ore th an a f ew l og ic al topol og ies. MS T spanning tree is sel ec ted ov er P VS T b ec ause it reduc es th e
67
P ortf ast w il l b e th e standard c onf ig uration f or al l end user ac c ess ports. It suspends th e l istening and l earning ph ases of S TP w h ic h c an af f ec t DH CP requests f rom h osts.
H u b Sw itc h ST P C on f ig
! span n in g-tree mode mst span n in g-tree exten d system-id span n in g-tree mst 0 priority 0 ! in terf ac e F astE th ern et0 / 2 1 span n in g-tree portf ast
ov erh ead CP U b y sending a sing l e B P DU out f or al l VLAN s ac ross trunk s Th e H ub Layer 3 sw itc h w il l b e c onf ig ured as S TP Root.
L ayer-2 Sw itc h ST P C on f ig
span n in g-tree mode mst span n in g-tree exten d system-id
Power over E th ernet (PoE )

O n a 48-port P oE sw itc h , any 24 of th e 48 10/ 100 or 10/ 100/ 1000 P oE ports prov ide 15.4W of pow er or any c om b ination of ports prov ide an av erag e of 7.7 W of pow er at th e sam e tim e, up to a m axim um sw itc h pow er output of 370 W.
B y using th e p o w e r i n l i n e c o n s u m p t i o n < w a t t a g e > c onf ig uration c om m and, you c an ov erride th e def aul t pow er requirem ent spec if ied b y th e IEEE c l assif ic ation.
Note
CP -7970G ph ones c annot b e c onf ig ured to th e m axim um w ith suppl ied w ith th is am ount of pow er.
sc reen b rig h tness
P oE C on f ig
in terf ac e F astE th ern et0 / 2 1 pow er in l in e c on sumption 770 0
M a na gem ent V L A N
A Manag em ent VLAN (1000) is c reated at eac h site f or m anag em ent of th e sw itc h es. Eac h sw itc h w il l h av e an IP Address on th is VLAN .
J a n u a r y 1 8 , 2 0 0 8
68
M an agem en t V L AN C on f ig
in terf ac e V l an 10 0 0 desc ription M an agemen t ip address 172 . 2 8 . 2 51. 2 0 1 2 55. 2 55. 2 55. 2 2 4 n o ip redirec ts n o ip un reac h abl es n o ip proxy-arp n o ip route-c ac h e n o sn mp trap l in k -status
Q u a l ity of Service
S ee th e m ain Q ual ity of S erv ic e S ec tion in th is doc um ent f or th e m ain sw itc h Q oS setting s.
A ttenda nt Consol e (E V O ) Q oS
Th e EVO c onsol e resides on th e S taf f VLAN and requires a spec ial Q oS pol ic y on th e F ast Eth ernet port of th e sw itc h .
Atten d an t C on s ole Q oS P olic y C on f ig
c l ass-map matc h -al l v oic e-bearer matc h ac c ess-group n ame v oic e-bearer c l ass-map matc h -al l v oic e-sig-n ow matc h ac c ess-group n ame v oic e-sig-n ow ! pol ic y-map ev o-c on sol e c l ass v oic e-bearer set dsc p c s6 c l ass v oic e-sig-n ow set dsc p c s4 c l ass c l ass-def aul t set dsc p c s3 ! in terf ac e F astE th ern et0 / 3 4 pow er in l in e c on sumption 770 0 sw itc h port ac c ess v l an 2 sw itc h port mode ac c ess sw itc h port v oic e v l an 2 0 0 serv ic e-pol ic y in put ev o-c on sol e ! ip ac c ess-l ist exten ded v oic e-bearer permit udp an y an y ran ge 163 8 4 3 2 767 dsc p ef ip ac c ess-l ist exten ded v oic e-sig-n ow permit tc p an y an y ran ge 2 0 0 0 2 0 0 2 dsc p c s3 permit tc p an y an y ran ge 2 0 0 0 2 0 0 2 dsc p af 3 1 permit tc p an y an y eq 3 12 8 permit tc p an y an y eq 48 12 permit tc p an y an y eq 519 9 permit udp an y an y eq 519 9 permit udp an y an y eq 48 12 permit udp an y an y eq 3 12 8
J a n u a r y 1 8 , 2 0 0 8
69
Su m m a ry of Site Switch D esign

Dot1q Trunk to additional 3560 sw itc h es Mul tic ast Routing w ith P IM S tub EIG RP to CE Router
P redef ined VLAN and interf ac e c onf ig uration IG MP S nooping f or VLAN s requiring MoH S w itc h ing S DM Tem pl ate Ch ang e S ec urity S erv ic e Cl asses b ased on ACLs
EVO Attendant Consol e Q oS
S ite Manag em ent VLAN
P oE is av ail ab l e on ports
J a n u a r y 1 8 , 2 0 0 8
70
C incinnat i D at a C ent er D esig n
Th e b ase LAN topol og y in th e Data Center c onsists of tw o 3560G sw itc h es w h ic h are c onnec ted v ia Eth er Ch annel . B oth th e Cal l Manag er and U nity VLAN s are av ail ab l e on b oth sw itc h es to support dual N IC team ing . Th e Drain CE Router 7201 util iz es al l f our G ig ab it interf ac es w ith in th e desig n. A k ey desig n g oal w as to av oid a dot1q interf ac e on th e G ig ab it interf ac es w h ic h c an introduc e c om pl ic ations to Q oS pol ic ies and introduc e inter-VLAN routing on th e Drain CE router.
A Data Center dif f ers f rom a P O P l oc ation b ec ause it c ontains b oth an Internet Drain (1) and th e Cal l Manag er and U nity S erv ers. Th e Cinc innati DC is l oc ated w ith in Lev el -3 c o-l oc ation f ac il ity.
J a n u a r y 1 8 , 2 0 0 8
71
V L AN F u n c t i o n AS A VLAN V L AN N u m b e r VLAN 10
VLAN f or Drain CE to AS A traf f ic IP S ub net 10.231.39.248/ 30
Inter S w itc h VLAN
Cal l Manag er U nity
IP S ub net 10.231.x.x/ 30
L3 VLAN b etw een S w itc h es
VLAN 11
IP S ub net 10.224.16.0/ 27
CM, IS I, TAP S erv er VLAN
VLAN 201
Manag em ent
IP S ub net 10.224.16.32/ 27
U nity, AD, Exc h ang e S erv er
VLAN 202
Manag em ent interf ac es VLAN 10.224.16.64/ 27
VLAN 1000
D C Switch 1 to D ra in CE
Th e c onnec tion on VLAN 10 c oul d h av e term inated direc tl y into th e AS A, b ut is term inated on th e DC S w itc h 1 f or f uture options w h ic h m ay require spanning th e l ink . Th e sec ond G ig ab it interf ac e f rom th e Drain CE is used f or th e l ink to th e Cal l Manag er VLAN .
DC Sw itc h 1 Drain C E C on n ec tion C on f ig
in terf ac e GigabitE th ern et0 / 2 1 desc ription S F O -dc e-0 1 GigabitE th ern et0 / 0 sw itc h port ac c ess v l an 10 sw itc h port mode ac c ess n o l oggin g ev en t l in k -status srr-queue ban dw idth sh are 10 10 60 2 0 srr-queue ban dw idth sh ape 10 0 0 0 priority-queue out ml s qos trust dsc p n o sn mp trap l in k -status span n in g-tree portf ast J a n u a r y 1 8 , 2 0 0 8 R e g u s L A N /W A N T r a n s p o r t D e s ig n
72
in terf ac e GigabitE th ern et0 / 2 2 desc ription S F O -dc e-0 1 GigabitE th ern et0 / 1 ip address < 10 . 2 2 4. x. x> 2 55. 2 55. 2 55. 2 52 n o ip redirec ts n o ip un reac h abl es n o ip proxy-arp n o ip route-c ac h e n o sn mp trap l in k -status
D C Switch 2 to D ra in CE
Th is Drain CE G ig ab it c onnec tion is th e l ink to th e U nity VLAN
DC Sw itc h 2 Drain C E C on n ec tion C on f ig
in terf ac e GigabitE th ern et0 / 2 2 desc ription S F O -dc e-0 1 GigabitE th ern et0 / 3 ip address < 10 . 2 2 4. x. x> 2 55. 2 55. 2 55. 2 52 n o ip redirec ts n o ip un reac h abl es n o ip proxy-arp n o ip route-c ac h e n o sn mp trap l in k -status
E th erCh a nnel D C Switch 1 & 2

A Layer-2 Eth er Ch annel w il l b e c onf ig ured b etw een DC S w itc h 1 and DC S w itc h 2. Th e c h annel w il l add redundanc y to th e dot1q trunk w h ic h c arries al l VLAN s b etw een th e sw itc h es. With Cal l Mang er VLAN (201) and U nity (202) VLAN s b eing ac tiv e on b oth sw itc h es, serv ers w ith dual team ed N ICs c an attac h to eac h sw itc h , b ut rem ain in th e sam e VLAN . Th e desirab l e m ode is rec om m ended f or th e c h annel g roup w ith th e sw itc h port f orc ed to trunk and enc apsul ation of dot1q.
E th erC h an n el C on f ig
in terf ac e P ort-c h an n el 1 sw itc h port trun k en c apsul ation dot1q switchport mode trunk ! interf a ce G ig a b itE thernet0 / 2 3 switchport trunk enca psul a tion dot1 q switchport mode trunk cha nnel -g roup 1 mode desira b l e ! interf a ce G ig a b itE thernet0 / 2 4 switchport trunk enca psul a tion dot1 q switchport mode trunk cha nnel -g roup 1 mode desira b l e
J a n u a r y 1 8 , 2 0 0 8
73
D C Switch 1 & 2 to A SA
Th e AS A is c onnec ted to b oth DC S w itc h 1 and 2, b ut onl y th e c onnec tion to DC S w itc h w il l b e enab l ed. Th is extra prov ides f l exib il ity f or rec onf ig uration in th e ev ent th at DC S w itc h 1 f ail s.
ASA C on n ec tion C on f ig
in terf ac e GigabitE th ern et0 / 2 0 desc ription C I N -AS A-0 1 GigabitE th ern et0 / 1 sw itc h port ac c ess v l an 10 sw itc h port mode ac c ess n o l oggin g ev en t l in k -status srr-queue ban dw idth sh are 10 10 60 2 0 srr-queue ban dw idth sh ape 10 0 0 0 priority-queue out ml s qos trust dsc p n o sn mp trap l in k -status span n in g-tree portf ast
D C Switch 1 to D C Switch 2 V L A N
VLAN 11 w il l f orm a Layer-3 c onnec tion b etw een w ith DC S w itc h 1 and 2. It al l ow s Cal l Manag er VLAN to U nity VLAN traf f ic to av oid trav ersing th e Drain CE router.
DC Sw itc h 1 & 2 SV I C on f ig
in terf ac e V l an 11 desc ription C I N -n ip address < 10 . 2 2 n o ip redirec ts n o ip un reac h abl n o ip proxy-arp n o ip route-c ac h n o sn mp trap l in sw -0 1 to C I N -n sw -0 2 V L AN 4. x. x> 2 55. 2 55. 2 55. 2 52 es e k -status
D C Switch 2 U nity D ia l -O u t Rou ter

Th e U nity Dial -O ut Router (3845) w il l attac h to DC-S w itc h 2 (3560) and reside in th e U nity VLAN 202.
U n ity Dial R ou ter C on n ec tion C on f ig
in terf ac e GigabitE th ern et0 / 2 1 desc ription U n ity O ut D ial R outer GigabitE th ern et0 / 0 sw itc h port ac c ess v l an 2 0 2 sw itc h port mode ac c ess n o l oggin g ev en t l in k -status srr-queue ban dw idth sh are 10 10 60 2 0 srr-queue ban dw idth sh ape 10 0 0 0 priority-queue out ml s qos trust dsc p n o sn mp trap l in k -status span n in g-tree portf ast
J a n u a r y 1 8 , 2 0 0 8
74
A Manag em ent VLAN (1000) is c reated at eac h site f or m anag em ent of th e sw itc h es. Th e th ree IS I S erv ers interf ac es w il l al so reside in th is VLAN .
Sp a nning T ree
MS Ts or Mul tipl e S panning Trees (IEEE 802.1s) c om b ine th e b est aspec ts f rom b oth th e P VS T+ and th e 802.1q. Th e idea is th at sev eral VLAN s c an b e m apped to a reduc ed num b er of spanning tree instanc es b ec ause m ost netw ork s do not need m ore th an a f ew l og ic al topol og ies. MS T spanning tree is sel ec ted ov er P VS T b ec ause it reduc es th e ov erh ead CP U b y sending a sing l e B P DU out f or al l VLAN s ac ross trunk s. DC S w itc h 1 w il l b e th e Root of th e topol og y.
DC Sw itc h 1 ST P C on f ig
span n in g-tree mode mst span n in g-tree exten d system-id span n in g-tree mst 0 priority 0 in terf ac e F astE th ern et0 / 2 1 span n in g-tree portf ast span n in g-tree mode mst span n in g-tree exten d system-id in terf ac e F astE th ern et0 / 2 1 span n in g-tree portf ast
DC Sw itc h 2 ST P C on f ig
V T P
Virtual Trunk ing P rotoc ol (VTP ) w as desig ned to propag ate a VLAN datab ase th roug h out a sw itc h ing topol og y. If a VLAN w as c reated th e c h ang e w oul d b e ref l ec ted on al l sw itc h es. U nf ortunatel y, th is f eature al so m ade it easy to ac c idental l y del ete an entire VLAN suc h as Voic e c ausing m aj or outag es. It rec om m ended running VTP in th e transparent m ode, w h ic h prev ents th e propag ation of VLAN inf orm ation.
V T P C on f ig
J a n u a r y 1 8 , 2 0 0 8
75
O O B M a na gem ent Rou ter

Th e O O B Manag em ent Router (2811) w il l prov ide c onsol e ac c ess v ia m odem or rev erse tel net th roug h th e F ast Eth ernet interf ac e. A m odem w il l attac h to th e AU X port.
D e v ic e C o n s o le IX C Router
P h y s i c a l P o rt 1 2 3 4
P o rt N u m b e r 2033
Drain CE Router Data S w itc h 1 Data S w itc h 2 AS A U nity O ut Dial Modem
2034
2035 2036
AU X
2037
2038
Su m m a ry of D a ta Center D esign
Tw o 3560G sw itc h es c onnec ted v ia Eth erc h annel Manag em ent VLAN w ith O O B 2811 Router Cal l Manag er and U nity VLAN s on b oth sw itc h es f or dual N IC team ing
AS A 5550 f or N AT/ P AT S erv ic es
Drain CE and Drain IX C ac c ess v ia Lev el -3
J a n u a r y 1 8 , 2 0 0 8
76
San F rancisco P O P D esig n
Th e S an F ranc isc o P O P desig n onl y h as Internet Drain 2. N o Voic e equipm ent is instal l ed w ith in th is Lev el -3 c o-l oc ation f ac il ity. A sing l e 3560G sw itc h inter-c onnec ts th e Drain CE Router and AS A F W.
3 5 6 0 -24 T
A SA 5 5 5 0 GE 7 20 6 V X R NPE -G2
GE
F E GE 7 20 1 GE 28 1 1 O O B GE Level 3 M P LS N E T W O R K PO TS
I NTE R NE T
PSTN
Additional VLAN s m ay b e added in th e F uture f or DN S , Web serv ers and/ or Tel eP resenc e v ideo equipm ent. S u b n e t F u n c tio n AS A VLAN V L AN N u m b e r VLAN 10 VLAN 1000
Manag em ent
Inter c onnec tion f or th e Drain CE to AS A
Manag em ent interf ac es f or al l netw ork dev ic es IP Address f rom 10.224.17.x B l oc k
J a n u a r y 1 8 , 2 0 0 8
77
Pop Switch 1 to D ra in CE
Drain C E C on n ec tion C on f ig
in terf ac e GigabitE th ern et0 / 2 1 desc ription S F O -dc e-0 1 GigabitE th sw itc h port ac c ess v l an 10 sw itc h port mode ac c ess n o l oggin g ev en t l in k -status srr-queue ban dw idth sh are 10 10 srr-queue ban dw idth sh ape 10 0 priority-queue out ml s qos trust dsc p n o sn mp trap l in k -status span n in g-tree portf ast ! in terf ac e GigabitE th ern et0 / 2 2 desc ription S F O -dc e-0 1 GigabitE th ip address < 10 . 2 2 4. x. x> 2 55. 2 55. n o ip redirec ts n o ip un reac h abl es n o ip proxy-arp n o ip route-c ac h e n o sn mp trap l in k -status ern et0 / 0
60 0
2 0 0
ern et0 / 1 2 55. 2 52
Pop Switch 1 to A SA
ASA C on n ec tion C on f ig
in terf ac e GigabitE th ern et0 / 2 4 desc ription S F O -dc e-0 1 GigabitE th ern et0 / 1 sw itc h port ac c ess v l an 10 sw itc h port mode ac c ess n o l oggin g ev en t l in k -status srr-queue ban dw idth sh are 10 10 60 2 0 srr-queue ban dw idth sh ape 10 0 0 0 priority-queue out ml s qos trust dsc p n o sn mp trap l in k -status span n in g-tree portf ast
A Manag em ent VLAN (1000) is c reated at eac h site f or m anag em ent of th e sw itc h es. Eac h sw itc h w il l h av e an IP Address on th is VLAN .
J a n u a r y 1 8 , 2 0 0 8
78
Sp a nning T ree
MS Ts or Mul tipl e S panning Trees (IEEE 802.1s) c om b ine th e b est aspec ts f rom b oth th e P VS T+ and th e 802.1q. Th e idea is th at sev eral VLAN s c an b e m apped to a reduc ed num b er of spanning tree instanc es b ec ause m ost netw ork s do not need m ore th an a f ew l og ic al topol og ies. MS T spanning tree is sel ec ted ov er P VS T b ec ause it reduc es th e ov erh ead CP U b y sending a sing l e B P DU out f or al l VLAN s ac ross trunk s. Al th oug h th ere is onl y a sing l e sw itc h in th e P O P topol og y it is stil l rec om m ended to running spanning tree to av oid l oops b ec ause of c ab l ing issue or introduc tion of new equipm ent.
P O P Sw itc h 1 ST P C on f ig
! span n in g-tree mode mst span n in g-tree exten d system-id span n in g-tree mst 0 priority 0 ! in terf ac e F astE th ern et0 / 2 1 span n in g-tree portf ast
V T P
Virtual Trunk ing P rotoc ol (VTP ) w as desig ned to propag ate a VLAN datab ase th roug h out a sw itc h ing topol og y. If a VLAN w as c reated th e c h ang e w oul d b e ref l ec ted on al l sw itc h es. U nf ortunatel y, th is f eature al so m ade it easy to ac c idental l y del ete an entire VLAN suc h as Voic e c ausing m aj or outag es. It is rec om m ended to run VTP in th e transparent m ode, w h ic h prev ents th e propag ation of VLAN inf orm ation.
V T P C on f ig
J a n u a r y 1 8 , 2 0 0 8
79
O O B M a na gem ent Rou ter

Th e O O B Manag em ent Router (2811) w il l prov ide c onsol e ac c ess v ia m odem or rev erse tel net th roug h th e F ast Eth ernet interf ac e. A m odem w il l attac h to th e AU X port. D e v ic e C o n s o le IX C Router AS A P h y s i c a l P o rt 1 2 3 4 P o rt N u m b e r 2033 2034 2035 2036
Drain CE Router P O P S w itc h 1 Modem
AU X
Su m m a ry of PO P D esign
Drain CE, AS A and Drain IX C no serv ers S ing l e 3560 S w itc h
J a n u a r y 1 8 , 2 0 0 8
80
R eg u s D rain Sit e &
I nt ernet Access D esig n
At a drain site, th ere w il l exist 3 routers and 2 sw itc h es, as w el l as an AS A f irew al l . O ne router w il l b e ow ed b y Lev el -3 and th e oth er 2 as w el l as th e AS A f irew al l and sw itc h es w il l b e ow ned and operated b y Reg us or a P artner.
Note
Initial l y th ere w il l onl y b e tw o drain sites, l ater sc al ing to 8 Drain Loc ations ac ross N orth Am eric a.
B G P D ra in Concep t a nd L oca tions

With in th e Lev el -3 netw ork , th ere are 11 Maj or Lev el -3 P eering P oints in N orth Am eric a. Th ey are: 1. Atl anta 3. N Y C
2. S an F ranc isc o
8. S eattl e 9. Miam i
7. Los Ang el es
6. Wash ing ton, D.C.
5. Ch ic ag o
4. Dal l as
11. Cinc innati Lev el -3 and Reg us w ork ed tog eth er to m ap th e 8 Reg us Drain l oc ations to th ese P O P l oc ations:
Drain N am e C in c in n a t i Sa n F r a n N Y C D a lla s At l a n t a D C L A Se a t t l e
10. S an J ose
1 2 3 4 5 6 7 8
J a n u a r y 1 8 , 2 0 0 8
81
Th e m apping of Drain l oc ations to th e Lev el 3 P O P s is depic ted b el ow :
T h e Need f or Sy m m etry : M u l tip l e D ra in Ch a l l enges

Mul tipl e Internet Drains b ring s redundanc y and h ig h er av ail ab il ity to Reg uss c ustom er b ase. F rom a tec h nic al standpoint, it al so m eans th at m ul tipl e def aul t-routes w il l b e inj ec ted into th e Lev el -3 MP LS Cl oud. With in th e MP LS c l oud, a P E w il l see th e m ul tipl e def aul t routes b ut onl y instal l one into its routing tab l e b ased on th e B G P B est P ath Al g orith m . Th is def aul t b eh av ior does not prov ide enoug h Determ inism to m aintain routing sym m etry and traf f ic c oul d b e f irew al l ed/ l ost if not eng ineered properl y. F urth erm ore, l atenc y intol erant appl ic ations suc h as v oic e c oul d al so b e im pac ted. Th is is sh ow n b el ow w h ere a pac k et th at l eav es th e internet v ia IX C Router 1 m ay return v ia IX C Router 2. Th is w il l c ause traf f ic to b e l ost at IX C Router 2. (Ac tual l y at th e F irew al l b etw een IX C Router2 and Drain CE2)
J a n u a r y 1 8 , 2 0 0 8
82
Wh en deal ing w ith th e sym m etric al routing dec isions, th ere are th ree m aj or desig n issues: 1. Wh ic h Internet Drain w il l a CE U se? 2. Wh ic h Internet Drain w il l adv ertise a P ub l ic Address B l oc k ? 3. H ow do I ensure th at return path f rom
th e Internet is th e sam e one th at I l ef t on?
Sy m m etrica l Rou ting Sol u tion

In order to g uarantee sym m etric al routing , a sing l e def aul t Route w il l b e l earned f rom th e Internet & inj ec ted into th e Lev el -3 MP LS Cl oud as sh ow n b el ow . Eac h P E w il l l earn a pair of def aul ts (b ased on standard MP LS VP N Route Targ et im port) and insert th em into th eir respec tiv e routing tab l e f or VRF Reg us. Th e P Es w il l instal l th e c l osest exit points Drain as its P rim ary Def aul t Route P Es w il l instal l th e 2nd c l osest exit points Drain as its S ec ondary Def aul t Route. Th is m eans th at a Rem ote Reg us site w il l b e ab l e to ac c ess th e Internet th roug h a determ inistic path . Th is is sh ow n b el ow :
J a n u a r y 1 8 , 2 0 0 8
83
B G P I X C Rou ting Pol icy

Eac h IX C Router w il l announc e a sing l e or m ul tipl e (depending on h ow m any drains are depl oyed) / 22s out to th e Internet. Th e f ol l ow ing tab l e sh ow s th e dif f erent / 22s th at are assig ned to eac h Drain. F or eac h Drain th at is a prim ary f or a / 22 pair. Th e b ac k up drain w il l adv ertise th e sam e / 22 pair , b ut w ith a B G P AS P REP EN D. Th is w il l ensure sym m etric al routing . Th e f ol l ow ing tab l e sh ow s h ow th e Address Assig nm ent b l oc k s w il l l ook as w e g row f rom 2 Drains to 8 ov er tim e. As you c an see f rom th e c onf ig uration tem pl ates, th ese b l oc k s c orrel ate to B G P netw ork rang es th at are adv ertised on th e CE Drain and IX C Routers.
Drains 1 2 3 1 2 4
5 3 1 6 2 7 4 8
A nc h 66. 20 66. 20 66. 20 66. 20 66. 20 66. 20 66. 20 66. 20
o rB lo c 2. 160 . 0 2. 164. 0 2. 168. 0 2. 172. 0 2. 176. 0 2. 180 . 0 2. 184. 0 2. 188. 0
k s / 22 / 22 / 22 / 22 / 22 / 22 / 22 / 22
O th e 66. 20 66. 20 66. 20 66. 20 66. 20 66. 20 66. 20 66. 20
rb lo c k s 2. 128. 0 / 22 2. 132. 0 / 22 2. 136. 0 / 22 2. 140 . 0 / 22 2. 144. 0 / 22 2. 148. 0 / 22 2. 152. 0 / 22 2. 156. 0 / 22

J a n u a r y 1 8 , 2 0 0 8
84
F l exib il ity in th e desig n to adv ertise f rag m ented address spac e if needed using standard c om m unity m atc h ing pol ic y
In sum m ary, th e IX C CE w il l peer to Reg us ow ned Drain CE v ia iB G P (14676 ) and w il l al so peers to Internet v ia EB G P AS N 3356. Eac h IX C Router w il l announc e at LEAS T 2 pair of / 22s f rom 66.202.128/ 18 address spac e. In th e earl y stag es of th e proj ec t eac h IX C Router w il l adv ertise al l 16 / 22s. (Eac h IX C Router w il l announc e 8 / 22s w ith a B G P AS P repend f or address spac e f or w h ic h it is th e S ec ondary Drain)
D ra in CE to PE Connectivity a nd I X C Peering
Eac h Drain CE (DCE) w il l h av e th e sam e B G P AS N (14676) and w il l c onnec t to th e Lev el 3 P E router v ia G ig ab it Eth ernet. Al so, eac h DCE w il l peer to th e DP E v ia EB G P . Th e DCE w il l al so peer to th e IX C Router v ia iB G P th roug h an AS A F irew al l (using N ext h op sel f ). Eac h DCE w il l rec eiv e a sing l e def aul t route f rom th e IX C router and ALS O spec if ic routes f rom th e DP E. DCE w il l use B G P netw ork statem ents to adv ertise l oc al l y attac h ed netw ork s (ie. N etw ork statem ent f or priv ate and pub l ic address spac e of Voic e S ub nets f or exam pl e). As w as stated in th e B G P sec tion, no redistrib ution w il l b e used. Muc h l ik e th e Rem ote CE Routers do, th e DCE w il l set a site spec if ic c om m unity in th e B G P adv ertisem ents f or th e l oc al seg m ents.
J a n u a r y 1 8 , 2 0 0 8
85
A SA Rol e a nd NA T Connectivity
Th e AS A w il l perf orm N AT f or P ub l ic Address S pac e U sing a U nique P ool of P ub l ic Addresses and w il l al so h av e a pol ic y to l et B G P P eering th roug h th e f irew al l onl y f or th e IX C to Drain CE peering s.
ASA B GP C on f igu ration

ac c ess-l ac c ess-l bgp ac c ess-l ac c ess-l bgp ist 18 111-out_ ac c ess_ in ist 18 111-out_ ac c ess_ in ist 18 112 -in _ ac c ess_ in ist 18 112 -in _ ac c ess_ in remark B GP T h ru AS A exten ded permit tc p h ost 9 0 . 1. 2 . 3 h ost 9 0 . 1. 1. 2 eq eq
remark B GP T h ru AS A ( oth er direc tion ) exten ded permit tc p h ost 9 0 . 1. 2 . 3 h ost 9 0 . 1. 1. 2
N ext N AT w il l b e c onf ig ured on th e AS A f or th e priv ate address spac e. Eac h Drain w il l h av e a b l oc k (ie. a / 24) reserv ed f or a N AT P ool and th is S pec if ic B l oc k w il l b e adv ertised onl y f rom th at P eering P oint. F urth erm ore, N AT O v erl oading w il l b e used. Th e inside interf ac e w il l h av e a sec urity l ev el of 100 and th e outside (IX C Router F ac ing interf ac e w il l h av e a sec urity Lev el of 0)
J a n u a r y 1 8 , 2 0 0 8
86
ASA Sec u rity L ev el C on f igu ration

! in terf ac e E th ern et0 / 1 desc ription F ac in g I n tern et n ameif R egus_ I X C _ F ac in g sec urity-l ev el 0 ip address 9 0 . 1. 2 . 2 2 55. 2 55. 2 55. 0 ! in terf ac e E th ern et0 / 2 desc ription I n side Address ( f ac in g R egus) n ameif R egus_ C E _ F ac in g sec urity-l ev el 10 0 ip address 9 0 . 1. 1. 3 2 55. 2 55. 2 55. 0
Eac h Rem ote S ite is assig ned a pub l ic IP Address anc h or b l oc k / 29 f or N AT. Th e sec ond IP Address / 32 of th e / 29 b l oc k is used f or th e site spec if ic P AT address. Th e AS A c onf ig uration w il l use th e Reg us S ite-ID to c orrel ate th e inf orm ation.
ASA P AT C on f igu ration
gl obal n at ( 18 n at ( 18 ! gl obal gl obal n at ( 18 n at ( 18 n at ( 18 n at ( 18 ( 18 111-out) < R egus-S iteI D > < 2 n d I P of / 2 9 N AT B l oc k > n etmask 112 -in ) < R egus-S iteI D > < S ite P ubl ic An c h or B l oc k > < mask > 112 -in ) < R egus-S iteI D > < S ite S taf f B l oc k > < mask > ( 18 ( 18 112 112 112 112 111-out) 111-out) -in ) 79 9 -in ) 79 9 -in ) 19 9 -in ) 19 9 79 9 1 66. 2 19 9 9 66. 2 1 10 . 12 2 . 2 1 172 . X . X . 9 10 . 12 2 . 0 9 172 . x. x. 0 2 . 168 0 2 . 160 3 2 . 0 2 2 55. 0 . 0 . 0 2 x 2 55. . 2 49 . 2 n 55. 2 . 0 . 0 55. 0 0 . 0 . 0 n etmask 2 55. 2 55. 2 55. 2 55 etmask 2 55. 2 55. 2 55. 0 55. 2 48 . 0 . 0 . 0 2 55. 2 55. 2 55. 2 55
A SA F W
Ru l es
A c c e ss fr o m BT to a l l ow a ccess f rom - 6 6 .202.128 .0 / 18 th e In te r n e t th e I nternet to th e f ol l owing a ddress b l ocks: P u b l ic Address Bl ock
T h e f ol l owing p rotocol s to b e a l l owed: - Al l T CP p orts - Al l U DP p orts
A c c e ss to th e In te r n e t - 6 6 .202.128 .0/ 18
- I CM P (f or p ing a nd tra cerou te). th e f ol l owing a ddress b l ocks:
BT to a l l ow a ccess to th e I nternet f rom
T h e f ol l owing p rotocol s to b e a l l owed: - Al l T CP p orts - Al l U DP p orts
P u b l ic Address Bl ock
- I CM P (f or p ing a nd tra cerou te).
J a n u a r y 1 8 , 2 0 0 8
87
CE A ccess & Site to Site V PNs

Currentl y th e f ol l ow ing VP N g roups are h andl ed b y th e CE Router at eac h rem ote site. Th is m eth odol og y is f rom th e prev ious desig n. Col t H Q
B asil ic a
Manag em ent
C E Ac c es s V P N C on f igu ration
c rypto isak mp pol ic y 1 en c r 3 des auth en tic ation pre-sh are group 2 c rypto isak mp k ey R 3 gU 5V P N address c rypto isak mp k ey R 3 gU 5V P N address c rypto isak mp k ey R 3 gU 5V P N address c rypto isak mp k ey R 3 gU 5V P N address ! c rypto isak mp c l ien t c on f iguration k ey N 3 t5ur4n t dn s 10 . 156. 161. 15 10 . 2 54. 6. 12 0 w in s 10 . 2 54. 6. 10 1 10 . 2 54. 6. 10 2 domain ac c essregus. c om pool V P N _ P O O L _ 1 ac l 10 1 pf s n etmask 2 55. 2 55. 2 55. 0
2 13 . 8 6. 2 16. 73 . 12 . 19 3 . 9 0 . 152 .
173 . 11 n o-xauth 12 8 . 2 2 n o-xauth 166. 13 3 n o-xauth 3 . 10 n o-xauth
group N etsuran t
J a n u a r y 1 8 , 2 0 0 8
88
c rypto isak mp c l ien t c on f iguration group R egus k ey 2 0 10 R 3 gU 5v 0 ip dn s 10 . 156. 161. 15 10 . 2 54. 6. 12 0 w in s 10 . 2 54. 6. 10 1 10 . 2 54. 6. 10 2 domain ac c essregus. c om pool V P N _ P O O L _ 1 ac l 10 1 pf s n etmask 2 55. 2 55. 2 55. 0 ! c rypto isak mp c l ien t c on f iguration group I S I k ey 1S 1adm1n dn s 10 . 156. 161. 15 10 . 2 54. 6. 12 0 w in s 10 . 2 54. 6. 10 1 10 . 2 54. 6. 10 2 domain ac c essregus. c om pool V P N _ P O O L _ 1 ac l 10 1 pf s n etmask 2 55. 2 55. 2 55. 0 ! ! c rypto ipsec tran sf orm-set E S P -3 D E S -S H A esp-3 des esp-sh a-h mac c rypto ipsec df -bit c l ear ! c rypto dyn amic -map D Y N M AP _ 1 1 set sec urity-assoc iation idl e-time 72 0 0 set tran sf orm-set E S P -3 D E S -S H A rev erse-route qos pre-c l assif y ! c rypto map C M AP _ 1 c l ien t auth en tic ation l ist v pn _ xauth c rypto map C M AP _ 1 isak mp auth oriz ation l ist v pn _ group_ 1 c rypto map C M AP _ 1 c l ien t c on f iguration address respon d c rypto map C M AP _ 1 1 ipsec -isak mp desc ription T un n el to 9 0 . 152 . 3 . 10 ( B asil ic a) set peer 9 0 . 152 . 3 . 10 set tran sf orm-set E S P -3 D E S -S H A set pf s group2 matc h address T oB asil ic a c rypto map C M AP _ 1 2 ipsec -isak mp desc ription T un n el to 2 13 . 8 6. 173 . 11 ( C O L T ) set peer 2 13 . 8 6. 173 . 11 set tran sf orm-set E S P -3 D E S -S H A set pf s group2 matc h address T oC O L T c rypto map C M AP _ 1 3 ipsec -isak mp desc ription T un n el to 2 16. 73 . 12 8 . 2 2 ( H Q D al l as) set peer 2 16. 73 . 12 8 . 2 2 set tran sf orm-set E S P -3 D E S -S H A set pf s group2 matc h address T oH Q c rypto map C M AP _ 1 4 ipsec -isak mp desc ription T un n el to 12 . 19 3 . 166. 13 3 ( N etS uran t) set peer 12 . 19 3 . 166. 13 3 set tran sf orm-set E S P -3 D E S -S H A set pf s group2 matc h address T oN etS uran t c rypto map C M AP _ 1 6553 5 ipsec -isak mp dyn amic D Y N M AP _ 1 ! ip l oc al pool V P N _ P O O L _ 1 10 . 79 . 65. 2 2 4 10 . 79 . 65. 2 3 1
J a n u a r y 1 8 , 2 0 0 8
89
A SA A ccess V PN
VP N Ac c ess is not part of th is S O W, b ut it w il l b e m inim al l y c onf ig ured to support th e im pl em entation proc ess. U sers and VP N ac c ess w il l b e static al l y def ined.
ASA Ac c es s V P N C on f igu ration
ip l oc al pool v pn pool 172 . 16. 1. 10 0 -172 . 16. 1. 19 9 mask 2 55. 2 55. 2 55. 0 ! group-pol ic y regus_ v pn in tern al group-pol ic y regus_ v pn attributes dn s-serv er v al ue 172 . 16. 1. 11 v pn -tun n el -protoc ol I P S ec def aul t-domain v al ue ac c essregus. c om ! c rypto ipsec tran sf orm-set E S P -3 D E S -S H A esp-3 des esp-sh a-h mac c rypto dyn amic -map O utside_ dyn _ map 10 set tran sf orm-set E S P -3 D E S -S H A c rypto dyn amic -map outside_ dyn _ map 10 set sec urity-assoc iation l if etime sec on ds 2 8 8 0 0 0 c rypto map O utside_ map 10 ipsec -isak mp dyn amic O utside_ dyn _ map c rypto map O utside_ map in terf ac e O utside c rypto isak mp en abl e O utside c rypto isak mp pol ic y 10 auth en tic ation pre-sh are en c ryption 3 des h ash sh a group 2 l if etime 8 640 0 c rypto isak mp n at-trav ersal 2 0 ! tun n el -group regus_ v pn type ipsec -ra tun n el -group regus_ v pn gen eral -attributes address-pool v pn pool tun n el -group regus_ v pn ipsec -attributes pre-sh ared-k ey < regus_ v pn _ k ey>
A SA V PN U sers
U se r c isc o-as inx
ASA Static U s er C on f igu ration
! usern ame c isc o passw ord 6X mY w Q O O 9 tiY n U D N en c rypted usern ame in x passw ord 6X mY w Q O O 9 tiY n U D N en c rypted
Ac c e s s Al l N etw ork s
Al l N etw ork s
J a n u a r y 1 8 , 2 0 0 8
90
Su m m a ry of D ra in Site D esign
Router B G P AS N = 14676 S et a Router ID Manual l y to m atc h th e l oopb ac k address typic al l y P eer to th e AS N f or Lev el 3 MP LS Core (AS N 1) U se MD5 Auth entic ation
Announc e N etw ork s Via N etw ork S tatem ents and Route Maps to set c om m unity v al ues
S end/ rec iev e B G P S tandard Com m unities v ia send-c om m unity k eyw ord Do not send P ub l ic Addresses to IX C router sinc e th ey w il l b e N ATted Route Maps f or Com m unity setting w il l v ary:
If P riv ate Address S pac e, j ust set th e c om m unity to 14676:S iteN um b er
H ig h l y S c al ab l e and F l exib l e B G P Desig n f or up to 3000 Reg us S ite routers c onnec ted to up to 8 Drain Loc ations in U S and/ or Canada Desig n B G P P eering f or Rem ote S ites F l exib l e Desig n to support Inter P rov ider MP LS P eering if nec essary Initial P h ase of th e P roj ec t Requires 2 Data Centers and 3 Rem ote S ites to b e b roug h t onl ine b y end of J an 2008 Router B G P AS N = 14676 S et a Router ID Manual l y to m atc h th e l oopb ac k address typic al l y Eac h IX C w il l annouc e its / 21 B l oc k (or B l oc k s during interim ) P eer to th e AS N f or Lev el 3 IP Core (AS N 3356) U se MD5 Auth entic ation S ym m etric al Routing w ith Central iz ed N AT F unc tion
O nl y If P ub l ic Address S pac e th at is f rag m ented b etw een Lev el 3 and S print spac e, set c om m unity to 14676:S iteN um b er pl us Drain P ref erenc e S etting . Th is m ust m atc h th e P E S etting s.
S end/ rec eiv e B G P S tandard Com m unities v ia send-c om m unity k eyw ord N o P riv ate addresses w il l b e l earned or announc ed Route Maps f or Com m unity setting w il l v ary:
O nl y If P ub l ic Address S pac e th at is f rag m ented b etw een Lev el 3 and S print spac e, set c om m unity to 14676:S iteN um b er pl us Drain P ref erenc e S etting . Th is m ust m atc h th e P E S etting s. Maxim um P ref ix Enf orc ed
J a n u a r y 1 8 , 2 0 0 8
91
J a n u a r y 1 8 , 2 0 0 8
92
So f tw a r e R el ea ses
Cisc o rec om m ends th e f ol l ow ing sof tw are rel eases to b e used on th ese dev ic es.
Sof tw are R eleas e T able
Dev ic e 3845 7201 7206 3560 3560G 2811
124(X )T 12.0(32)S
Version
F eature S et
Im ag e N am e
124-4.X D8 12.2(40)S E 7.2(3) IP B ase
AS A 5550
12.2(40)S E
IP B ase
12.4 Mainl ine
J a n u a r y 1 8 , 2 0 0 8
93
R o u ter T em p l a tes
Th ese are onl y tem pl ates and does not al ig n w ith ph ysic al h ardw are l ayout present in th e Reg us routers. Th is is h ow ev er a g ood starting point and w il l require th at Reg us m ap interf ac e c onf ig urations to ph ysic al l oc ations. Y el l ow h ig h l ig h ts indic ate Data P oints th at need to b e m odif ied b ased on router l oc ation.
router bgp 14676 n o syn c h ron iz ation bgp router-id < L oopbac k Address> bgp l og-n eigh bor-c h an ges n etw ork < l oc al n etw ork > mask < mask > route-map set_ regus_ c ommun ity n etw ork < publ ic n etw ork > mask < mask > route-map set_ publ ic _ c ommun ity n eigh bor < L ev el -3 P E > remote-as 1 n eigh bor < L ev el -3 P E > passw ord 7 10 5C 0 C 1E 10 0 4 n eigh bor < L ev el -3 P E > sen d-c ommun ity n eigh bor < L ev el -3 P E > distribute-l ist 50 in n eigh bor < L ev el -3 P E > maximum-pref ix 1 n o auto-summary ! ip route < priv ate n etw ork used abov e> N ul l 0 2 54 ip route < publ ic n etw ork used abov e> N ul l 0 2 54 ! ip bgp-c ommun ity n ew -f ormat ! ac c ess-l ist 10 permit 10 . 0 . 0 . 0 0 . 2 55. 2 55. 2 55 ac c ess-l ist 50 permit 0 . 0 . 0 . 0 ac c ess-l ist 66 permit 66. 2 0 2 . 0 . 0 . 2 55. 2 55 ! ! route-map set_ publ ic _ c ommun ity permit 10 matc h ip address 66 set c ommun ity 66:< D rain P ref 1> 67:< D rain P ref 2 > 14676:< S iteN umber> ! route-map set_ regus_ c ommun ity permit 10 matc h ip address 10 set c ommun ity 14676:< S iteN umber> !
3 8 4 5 CE Rou ter T em p l a te
J a n u a r y 1 8 , 2 0 0 8
94
7 20 1/ 7 20 6 D ra in CE Rou ter T em p l a te
router bgp 14676 n o syn c h ron iz ation bgp router-id < l oopbac k 0 > bgp l og-n eigh bor-c h an ges n etw ork 0 . 0 . 0 . 0 n etw ork 10 . 2 3 1. 15. 2 48 mask 2 55. 2 55. 2 55. 2 n etw ork 66. 2 0 2 . 12 8 . 0 mask 2 55. 2 55. 2 52 . 0 n etw ork 66. 2 0 2 . 13 2 . 0 mask 2 55. 2 55. 2 52 . 0 n etw ork 66. 2 0 2 . 13 6. 0 mask 2 55. 2 55. 2 52 . 0 n etw ork 66. 2 0 2 . 140 . 0 mask 2 55. 2 55. 2 52 . 0 n etw ork 66. 2 0 2 . 144. 0 mask 2 55. 2 55. 2 52 . 0 n etw ork 66. 2 0 2 . 148 . 0 mask 2 55. 2 55. 2 52 . 0 n etw ork 66. 2 0 2 . 152 . 0 mask 2 55. 2 55. 2 52 . 0 n etw ork 66. 2 0 2 . 156. 0 mask 2 55. 2 55. 2 52 . 0 n etw ork 66. 2 0 2 . 160 . 0 mask 2 55. 2 55. 2 52 . 0 n etw ork 66. 2 0 2 . 164. 0 mask 2 55. 2 55. 2 52 . 0 n etw ork 66. 2 0 2 . 168 . 0 mask 2 55. 2 55. 2 52 . 0 n etw ork 66. 2 0 2 . 172 . 0 mask 2 55. 2 55. 2 52 . 0 n etw ork 66. 2 0 2 . 176. 0 mask 2 55. 2 55. 2 52 . 0 n etw ork 66. 2 0 2 . 18 0 . 0 mask 2 55. 2 55. 2 52 . 0 n etw ork 66. 2 0 2 . 18 4. 0 mask 2 55. 2 55. 2 52 . 0 n etw ork 66. 2 0 2 . 18 8 . 0 mask 2 55. 2 55. 2 52 . 0 n eigh bor < L ev el 3 P E > remote-as 1 n eigh bor < L ev el 3 P E > passw ord 7 0 3 3 65E 0 C n eigh bor < L ev el 3 P E > sen d-c ommun ity n eigh bor < L ev el 3 P E > distribute-l ist 66 n eigh bor < L ev el 3 P E > remote-as 14676 n eigh bor desc ription to D 1_ n eigh bor n ext-h op-sel f n eigh bor sen d-c ommun ity n eigh bor w eigh t 6553 5 n eigh bor maximum-pref ix 1 def aul t-in f ormation origin ate n o auto-summary c ess-l c ess-l c ess-l c ess-l c ess-l c ess-l c ess-l c ess-l c ess-l c ess-l c ess-l c ess-l c ess-l c ess-l c ess-l c ess-l c ess-l c ess-l c ess-l c ess-l c ess-l c ess-l c ess-l c ess-l c ess-l c ess-l c ess-l c ess-l c ess-l c ess-l c ess-l ist ist ist ist ist ist ist ist ist ist ist ist ist ist ist ist ist ist ist ist ist ist ist ist ist ist ist ist ist ist ist 66 66 66 66 66 66 66 66 66 66 66 66 66 66 66 66 66 66 70 70 70 70 70 70 70 70 70 75 75 75 75 remark den y den y den y den y den y den y den y den y den y den y den y den y den y den y den y den y permit remark permit permit permit permit permit permit permit permit remark permit permit permit D E N Y 66. 2 66. 2 66. 2 66. 2 66. 2 66. 2 66. 2 66. 2 66. 2 66. 2 66. 2 66. 2 66. 2 66. 2 66. 2 66. 2 an y AGGR 66. 2 66. 2 66. 2 66. 2 66. 2 66. 2 66. 2 66. 2 AGGR 66. 2 66. 2 66. 2 _ AL 0 2 . 0 2 . 0 2 . 0 2 . 0 2 . 0 2 . 0 2 . 0 2 . 0 2 . 0 2 . 0 2 . 0 2 . 0 2 . 0 2 . 0 2 . 0 2 . L _ AGGR 12 8 . 0 13 2 . 0 13 6. 0 140 . 0 144. 0 148 . 0 152 . 0 156. 0 160 . 0 164. 0 168 . 0 172 . 0 176. 0 18 0 . 0 18 4. 0 18 8 . 0 E GAT 0 . 0 . 0 . 0 . 0 . 0 . 0 . 0 . 0 . 0 . 0 . 0 . 0 . 0 . 0 . 0 . 0 . 0 . 0 . 0 . 0 . 0 . 0 . 0 . 0 . 0 . 0 . 0 . 0 . 0 . 0 . 0 .
52 route-map route-map route-map route-map route-map route-map route-map route-map route-map route-map route-map route-map route-map route-map route-map route-map 13 4B out I X C
P R I P R I P R I P R I S E C S E C S E C S E C P R I P R I P R I P R I S E C S E C S E C S E C
M AR M AR M AR M AR O N D O N D O N D O N D M AR M AR M AR M AR O N D O N D O N D O N D
Y _ AGG Y _ AGG Y _ AGG Y _ AGG AR Y _ AGG AR Y _ AGG AR Y _ AGG AR Y _ AGG Y _ AGG Y _ AGG Y _ AGG Y _ AGG AR Y _ AGG AR Y _ AGG AR Y _ AGG AR Y _ AGG
ac ac ac ac ac ac ac ac ac ac ac ac ac ac ac ac ac ac ac ac ac ac ac ac ac ac ac ac ac ac ac
E S _ T O _ P E _ L I S T 3 . 0 3 . 0 3 . 0 3 . 0 3 . 0 3 . 0 3 . 0 3 . 0 3 . 0 3 . 0 3 . 0 3 . 0 3 . 0 3 . 0 3 . 0 3 . 0 N D _ L I S T . 0 . 0 . 0 . 0 . 0 . 0 . 0 . 0 E _ L I S T . 0 . 0 . 0 R e g u s L A N /W A N T r a n s p o r t D e s ig n
E GAT E _ AS _ P R 0 2 . 144. 0 0 . 0 2 . 148 . 0 0 . 0 2 . 152 . 0 0 . 0 2 . 156. 0 0 . 0 2 . 176. 0 0 . 0 2 . 18 0 . 0 0 . 0 2 . 18 4. 0 0 . 0 2 . 18 8 . 0 0 . E GAT E _ AD V E R 0 2 . 12 8 . 0 0 . 0 2 . 13 2 . 0 0 . 0 2 . 13 6. 0 0 .
E P E 0 . 3 0 . 3 0 . 3 0 . 3 0 . 3 0 . 3 0 . 3 0 . 3 T I S 0 . 3 0 . 3 0 . 3
J a n u a r y 1 8 , 2 0 0 8
95
ac ac ac ac ac
c ess-l c ess-l c ess-l c ess-l c ess-l
ist ist ist ist ist
75 75 75 75 75
permit permit permit permit permit
66. 66. 66. 66. 66.
2 0 2 2 0 2 2 0 2 2 0 2 2 0 2
. 140 . . 160 . . 164. . 168 . . 172 . 0
0 0 0 0
0 . 0 0 . 0 0 . 0 0 . 0 0 . 0
. 3 . . 3 . . 3 . . 3 . . 3 . 0
0 0 0 0
route-map P R I M AR Y _ AGG desc ription S et L P ref desc ription * * * T h is matc h ip address 75 set l oc al -pref eren c e set c ommun ity 66:1
permit 10 / C omm f or P rimary( 66:1) is D rain # 1 * * * 10 0 0
Agg Adv ertisemen t
! route-map S E C O N D AR Y _ AGG permit 10 desc ription S et L P ref / C omm f or P rimary( 67:1) desc ription * * * T h is is D rain # 1 * * * matc h ip address 70 set l oc al -pref eren c e 10 set c ommun ity 67:1 ip ip ip ip ip ip ip ip ip ip ip ip ip ip ip ip ! route route route route route route route route route route route route route route route route 66. 66. 66. 66. 66. 66. 66. 66. 66. 66. 66. 66. 66. 66. 66. 66. 2 0 2 2 0 2 2 0 2 2 0 2 2 0 2 2 0 2 2 0 2 2 0 2 2 0 2 2 0 2 2 0 2 2 0 2 2 0 2 2 0 2 2 0 2 2 0 2 . 12 8 . . 13 2 . . 13 6. . 140 . . 144. . 148 . . 152 . . 156. . 160 . . 164. . 168 . . 172 . . 176. . 18 0 . . 18 4. . 18 8 . 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 2 55. 2 55. 2 55. 2 55. 2 55. 2 55. 2 55. 2 55. 2 55. 2 55. 2 55. 2 55. 2 55. 2 55. 2 55. 2 55. 2 55. 2 55. 2 55. 2 55. 2 55. 2 55. 2 55. 2 55. 2 55. 2 55. 2 55. 2 55. 2 55. 2 55. 2 55. 2 55. 2 52 2 52 2 52 2 52 2 52 2 52 2 52 2 52 2 52 2 52 2 52 2 52 2 52 2 52 2 52 2 52 . 0 . 0 . 0 . 0 . 0 . 0 . 0 . 0 . 0 . 0 . 0 . 0 . 0 . 0 . 0 . 0 N ul N ul N ul N ul N ul N ul N ul N ul N ul N ul N ul N ul N ul N ul N ul N ul l 0 l 0 l 0 l 0 l 0 l 0 l 0 l 0 l 0 l 0 l 0 l 0 l 0 l 0 l 0 l 0 2 54 2 54 2 54 2 54 2 54 2 54 2 54 2 54 2 54 2 54 2 54 2 54 2 54 2 54 2 54 2 54
Agg Adv ertisemen t
7 20 1/ 7 20 6 I X C Rou ter T em p l a te
J a n u a r y 1 8 , 2 0 0 8
96
router bgp 14676 n o syn c h ron iz ation bgp router-id < l oopbac k 0 > bgp l og-n eigh bor-c h an ges n eigh bor remote-as 14676 n eigh bor desc ription to D 1_ C E _ I B GP _ P E E R n eigh bor n ext-h op-sel f n eigh bor sen d-c ommun ity n eigh bor < L ev el 3 I n tern et> remote-as 3 3 56 n eigh bor < L ev el 3 I n tern et> desc ription to L 3 _ I X C _ P E E R n eigh bor < L ev el 3 I n tern et> passw ord regus n eigh bor < L ev el 3 I n tern et> distribute-l ist 50 in n eigh bor < L ev el 3 I n tern et> route-map d1_ pol ic y out n eigh bor < L ev el 3 I n tern et> maximum-pref ix 1 n o auto-summary ! ip route 2 55. 2 55. 2 55. 2 55 < f irew al l address> ! ip bgp-c ommun ity n ew -f ormat ip c ommun ity-l ist stan dard P R I M E permit 66:< mydrain n umber> ip c ommun ity-l ist stan dard S E C O N D AR Y permit 67:< mydrain n umber> ! n o ip h ttp serv er n o ip h ttp sec ure-serv er ! ac c ess-l ist 50 permit 0 . 0 . 0 . 0 ! ! ! route-map d1_ pol ic y permit 10 matc h c ommun ity P R I M E ! route-map d1_ pol ic y permit 2 0 matc h c ommun ity S E C O N D AR Y set as-path prepen d 14676 ! ! S ec urity B est P rac tic es n o ip domain -l ook up n o c dp run n o ip h ttp serv er n o ip sourc e-route n o serv ic e f in ger n o ip bootp serv er n o serv ic e pad n o serv ic e udp-smal l -serv er n o serv ic e tc p-smal l -serv er ! serv ic e tc p-k eepal iv es-in serv ic e tc p-k eepal iv es-out ! en abl e sec ret serv ic e passw ord-en c ryption ! ! O n al l in terf ac es n o ip redirec t n o ip direc ted-broadc ast n o ip proxy-arp
J a n u a r y 1 8 , 2 0 0 8
97
A SA 5 5 0 0 F irewa l l T em p l a te
AS A V ersion 7. 2 ( 2 ) ! h ostn ame AS Aw AI P -C L I domain -n ame c orp. c om en abl e passw ord W w X Y v tK rn j X qGbu1 en c rypted n ames ! in terf ac e GigabitE th ern et0 / 0 n ameif O utside sec urity-l ev el 0 ip address 10 . 10 . 10 . 2 2 55. 2 55. 2 55. 0 ! in terf ac e GigabitE th ern et0 / 1 n ameif in side sec urity-l ev el 10 0 ip address 172 . 16. 1. 2 2 55. 2 55. 2 55. 0 ! in terf ac e GigabitE th ern et0 / 2 sh utdow n n o n ameif n o sec urity-l ev el n o ip address ! in terf ac e GigabitE th ern et0 / 3 sh utdow n n o n ameif n o sec urity-l ev el n o ip address ! in terf ac e M an agemen t0 / 0 sh utdow n n o n ameif n o sec urity-l ev el n o ip address ! passw d 2 K F Q n bN I dI . 2 K Y O U en c rypted f tp mode passiv e dn s serv er-group D ef aul tD N S domain -n ame c orp. c om pager l in es 2 4 mtu O utside 150 0 mtu in side 150 0 ip l oc al pool v pn pool 172 . 16. 1. 10 0 -172 . 16. 1. 19 9 mask 2 55. 2 55. 2 55. 0 n o f ail ov er ic mp un reac h abl e rate-l imit 1 burst-siz e 1 n o asdm h istory en abl e arp timeout 1440 0 timeout xl ate 3 :0 0 :0 0 timeout c on n 1:0 0 :0 0 h al f -c l osed 0 :10 :0 0 udp 0 :0 2 :0 0 ic mp 0 :0 0 :0 2 timeout sun rpc 0 :10 :0 0 h 3 2 3 0 :0 5:0 0 h 2 2 5 1:0 0 :0 0 mgc p 0 :0 5:0 0 mgc p-pat 0 :0 5:0 0 timeout sip 0 :3 0 :0 0 sip_ media 0 :0 2 :0 0 sip-in v ite 0 :0 3 :0 0 sip-disc on n ec t 0 :0 2 :0 0 timeout uauth 0 :0 5:0 0 absol ute group-pol ic y h il l v al l eyv pn 1 in tern al group-pol ic y h il l v al l eyv pn 1 attributes dn s-serv er v al ue 172 . 16. 1. 11 v pn -tun n el -protoc ol I P S ec def aul t-domain v al ue test. c om usern ame marty passw ord 6X mY w Q O O 9 tiY n U D N en c rypted n o sn mp-serv er l oc ation n o sn mp-serv er c on tac t sn mp-serv er en abl e traps sn mp auth en tic ation l in k up l in k dow n c ol dstart c rypto ipsec tran sf orm-set E S P -3 D E S -S H A esp-3 des esp-sh a-h mac c rypto dyn amic -map O utside_ dyn _ map 10 set tran sf orm-set E S P -3 D E S -S H A c rypto dyn amic -map outside_ dyn _ map 10 set sec urity-assoc iation l if etime sec on ds 2 8 8 0 0 0 c rypto map O utside_ map 10 ipsec -isak mp dyn amic O utside_ dyn _ map c rypto map O utside_ map in terf ac e O utside J a n u a r y 1 8 , 2 0 0 8
98
c rypto isak mp en abl e O utside c rypto isak mp pol ic y 10 auth en tic ation pre-sh are en c ryption 3 des h ash sh a group 2 l if etime 8 640 0 c rypto isak mp n at-trav ersal 2 0 tun n el -group h il l v al l eyv pn type ipsec -ra tun n el -group h il l v al l eyv pn gen eral -attributes address-pool v pn pool tun n el -group h il l v al l eyv pn ipsec -attributes pre-sh ared-k ey * tel n et timeout 5 ssh timeout 5 c on sol e timeout 0 ! c l ass-map in spec tion _ def aul t matc h def aul t-in spec tion -traf f ic ! ! pol ic y-map type in spec t dn s preset_ dn s_ map parameters message-l en gth maximum 512 pol ic y-map gl obal _ pol ic y c l ass in spec tion _ def aul t in spec t dn s preset_ dn s_ map in spec t f tp in spec t h 3 2 3 h 2 2 5 in spec t h 3 2 3 ras in spec t n etbios in spec t rsh in spec t rtsp in spec t sk in n y in spec t esmtp in spec t sql n et in spec t sun rpc in spec t tf tp in spec t sip in spec t xdmc p ! gl obal ( sf o-ixc -0 1) 19 9 9 66. 2 0 2 . 18 4. 17 n etmask 2 gl obal ( sf o-ixc -0 1) 79 9 1 66. 2 0 2 . 168 . 2 49 n etmask n at ( sf o-dc e-72 0 1) 19 9 9 10 . 2 3 1. 2 4. 0 2 55. 2 55. 2 55. n at ( sf o-dc e-72 0 1) 79 9 1 10 . 2 3 1. 3 2 . 0 2 55. 2 55. 2 55. n at ( sf o-dc e-72 0 1) 79 9 1 10 . 12 2 . 2 3 2 . 0 2 55. 2 55. 2 48 n at ( sf o-dc e-72 0 1) 19 9 9 172 . 2 3 . 168 . 0 2 55. 2 55. 2 48 n at ( sf o-dc e-72 0 1) 19 9 9 10 . 13 9 . 3 2 . 0 2 55. 2 55. 2 40 . serv ic e-pol ic y gl obal _ pol ic y gl obal prompt h ostn ame c on text C ryptoc h ec k sum:0 f 78 ee7ef 3 c 19 6a68 3 ae7a48 0 4c e119 2 : en d
55. 2 55. 2 55. 2 48 2 55. 2 55. 2 55. 2 48 0 0 . 0 . 0 0
J a n u a r y 1 8 , 2 0 0 8
99
3 5 6 0 -R Switch T em p l a te (Site) 3 5 6 0 Switch T em p l a te (Site) 3 5 6 0 Switch T em p l a te (D a ta Center) 3 5 6 0 Rou ter T em p l a te (PO P)
J a n u a r y 1 8 , 2 0 0 8
1 0 0
A p p en d ix A
R eg u s I nt erim
D a ta Center
Cinc innati S ite P roj ec t Mg r: J osh Duerst IP Address Rang e: G l ue Link s:
I P T Sit e L ist
PO P
S an F ranc isc o
S ite P roj ec t Mg r: J osh Duerst
Site # 19 9 9
Dal l as, Texas Corporate O f f ic e (DALCO RP ) S uite 1400 Addison 15305 Dal l as P ark w ay
Dal l as, 75001 U nited S tates IP Address Rang e: G l ue Link s: Main Tel : + 1 972 361-8100
Site # 9 9 1
G l endal e, WI
J a n u a r y 1 8 , 2 0 0 8
1 0 1
J a n u a r y 1 8 , 2 0 0 8
1 0 2
A p p en d ix B
H ardw are B il l o f M at erial s
Th e f ol l ow ing h ardw are is b eing depl oyed at th e Reg us Drain Loc ations.
ATL Data Center
U nif ie d C o m m u nic at io ns M anag e r C l u s t e r C AL L M AN AG E R -5. 1 T o p L e v e l P a r t N u m b e r U s e d In O r d e r in g T o o M C S7845H 2-K 9 -C M A2 H W / SW C a l l M g r 5. 1 7845-H 2 Ap p l i a n c e , 0 Se C AB -AC P o w e r C o r d , 110 V C U O M SM -E V AL -K 9 C i s c o U n i f i e d O p e r a t i o n s M g r An d Se r v i c e M o SW -C U P 6. 0 -K 9 P U n i f i e d P r e s e n c e 6. 0 So f t w a r e - a v a i l a b l e w i t h U C C X -45-C M -B U N D L E 5 Se a t I P C C X E N H C C M B u n d l e - AV AI L AB L L I C -C M 5. 1-7845= L i c e n s e C a l l M g r 5. 1 7845 Ap p l i a n c e , 5, 0 0 0 s e
a ts
n it o r E v a l C D C C M E O N L Y W IT H C C M a t
6 6 6 6 6 6 6 30 30 2 2 2 2 2 2 2 2
U nif ie d C o m m u nic at io ns M anag e r - H ard w are and S o f t w are S u p p o rt ( 5 y e ars ) C O N -O SP -45H 2C M A2 O N SI T E 24X 7X 4 C a l l M g r 5. 1 7845-H 2 Ap p l i a n c e , 0 Se a t s C O N -E SW -C M 517845 E SSE N T I AL SW L i c e n s e C a l l M g r 5. 1 7845 Ap p , 5, 0 0 0 s e a t U nit U U U U U U U U y V N IT N IT N IT N IT N IT N IT N IT N IT o ic e m ail w it h F ail o v e r - 19 2 P o rt Y -B U N D L E U Y -4. X U Y -I P U Y -E X C H AN G E U Y -D S-E N G U Y -M S-E N G U Y 4. X -SL -M AX U Y -V M -U SR O s n it n it n it n it n it n it n it n e y B u n d le y 4. X y f o r C a llM a n a g e r , IP y fo r E x c h a n g e y D a t a St o r e - i n E n g y M e s s a g e St o r e i n E y s e r v e r lic e n s e f o r V U n it y V M U s e r
O n ly In te g r a t io n s lis h n g lis h . N o t r e q u ir e d fo r D o m in o . M o r U M . I n c l 9 6 s e s s i o n s . N o T T S.
U N I T Y -C L -U SR
U N I T Y -AD D L -L AN G U N I T Y -L I C -P O O L
O n e I M AP C l i e n t Ac c e s s u s e r l i c e n s e ( p r o m o p r i c e )
U N I T Y -D AT A-ST O R E U N I T Y -F O SV R -33-9 6 M C S-7845-H 2-E C S1 U N I T Y -SY SD I SK U N I T Y -P W R -U S
Su p p o r t f o r a n a d d i t i o n a l l a n g u a g e . M a y o r d e r u p t o 17.
U n i t y D a t a St o r e , r e q u i r e d f o r > 32 s e s s i o n s - P e r P r o c e s s o r U n i t y F a i l o v e r Se r v e r -33-9 6 P o r t s U n i t y O p e r a t i n g Sy s t e m 20 0 3 U n it y P o o le d L ic e n s e ( le t s m u lt ip le s e r v e r s s h a r e u s e r s )
2 2
M C S-7845-H 2; R a c k ; V M -8H D D ; SAS R AI D ; 2-C P U ; 4G B P o w e r C o r d - U S, C a n , M e x , P R , P h i l , V e n , T a i , C o l , E c u
U nit y V o ic e m ail - H ard w are and S o f t w are S u p p o rt ( 1 y e ar) C O N -O SP -U N I T Y 4X O N SI T E 24X 7X 4 T o p L v l U n i t y 4. X -s e e i n d i v c o m p e n t s

1 1 0 3
C O N -O SP -U N I T Y -I P C O C O C O C O N -O N -E N -E N -E SP SW SW SW -45H -U N -U N -U N 2E IT Y IT Y I 4X C S1 4X -I P SL M
O N SI T O N SI T 4G B E SSE N E SSE N E SSE N
E 24X 7X 4 U n i t y f o r C a l l M a n a g e r - T o p L e v e l E 24X 7X 4 M C S7845H 2 R a c k V M 6D D SAS R a i d 2C P U T I AL SW T I AL SW T I AL SW T o p L v l U n i t y 4. X -s e e i n d i v c o m p e n t s U n it y fo r C a llM a n a g e r -T o p L e v e l U n i t y Sv r L i c f o r V M o r U M 72 Se s s i o n s Se r v , 128F / 512D 0 V SE C f o r 380 0 Se r i e s 1
1 35 1 1 1 1 2 1 1 1 2 2 1 1 1 1 5 2 2 10 2 2 2 4 2 2 2 2 2 10 1 1 1 1 1 1 1 1 5 1 1 0 4
3845 I nt e g rat e d S e rv ic e s R o u t e r ( U nit C 3845-V SE C / K 9 C AB -AC P W R -3845-AC / 2 M E M 380 0 -512U 10 24D M E M 380 0 -128U 512C F P V D M 2-64 V W I C 2-2M F T -T 1/ E 1 S384AI SK 9 -1240 3 P W R -3845-AC R O U T E R -SD M P V D M 2-64 3845 I nt e g rat e d S e rv ic e s R o u t e r - H C O N -O SP -3845V K 9
y O u t d ial ) 3845 V o i c e Se c u r i t y B u n d l e , P V D M 2-64, Ad v I P P o w e r C o r d , 110 V C i s c o 3845 r e d u n d a n t AC p o w e r s u p p l y 512 t o 10 24M B D R AM f a c t o r y u p g r a d e f o r 380 128 t o 512M B C o m p a c t F l a s h f a c t o r y u p g r a d e 64-C h a n n e l P a c k e t V o i c e / F a x D SP M o d u l e 2-P o r t R J -48 M u l t i f l e x V o i c e / W AN T r u n k - T 1/ E C i s c o 3845 AD V AN C E D I P SE R V I C E S C i s c o 3845 AC p o w e r s u p p l y D e v ic e m a n a g e r fo r r o u te r s 64-C h a n n e l P a c k e t V o i c e / F a x D SP M o d u l e ard w are and S o f t w are S u p p o rt ( 5 y e ars ) O N SI T E 24X 7X 4 3845 V o i c e B u n d l e , P V a ta ly o w e r and S NSI T
Dat a C e nt e r S w it c h W S-C 3560 G -24T -S C C AB -AC P G ig ab it E t h e rne t S w it c h - H ard w are CO N-O SP -356 0G T S O
s t 3650 24 10 / 10 0 / 10 0 0 T C o r d , 110 V o f t w are S u p p o rt ( 5 y e ars ) E 24X 7 X 4 Ca t 356 0 24 10/ 100/ 1000T + 4 SF P St
G atew ay R o u ters ( 2 p er I nternet Drai n - 2 to tal Drai ns )
720 6V X R / N P E -G 2 720 6V X R w i t h N P E -G 2 i n c l u d e s 3G i g E / F E / E P o r t s a n d I P SW P W R -720 0 C i s c o 720 0 AC P o w e r Su p p l y O p t i o n P W R -720 0 / 2 C i s c o 720 0 R e d u n d a n t AC P o w e r Su p p l y O p t i o n ( 280 W ) C AB -AC P o w e r C o r d , 110 V S72P C -12231SB C i s c o 720 0 N P E G 2/ 720 1 I O S Se r i e s I P P L U S M E M -N P E -G 2-2G B 720 0 Se r i e s N P E -G 2 2G B M e m o r y , Sy s t e m SF P -G E -S 10 0 0 B ASE -SX SF P ( D O M ) N P E -G 2 720 0 s e r i e s N P E -G 2 e n g i n e w i t h 3 G E / F E / E p o r t s M E M -N P E -G 2-F L D 256 C i s c o 720 0 C o m p a c t F l a s h D i s k f o r N P E -G 2, 256 M B G at e w ay R o u t e rs - H ard w are S u p p o rt ( 5 y e ars ) C O N -O SP -720 6V X R N O N SI T E 24X 7X 4 720 6V X R w i t h N P E -G 2 S/ AE S
A d ap t iv e S e c u rit y A p p l ianc e ( F ire w al l - 1 p e r I nt e rne t Drain - 2 Drains ) ASA5550 -B U N -K 9 ASA 5550 Ap p l i a n c e w i t h SW , H A, 8G E + 1F E , 3D E C AB -AC P o w e r C o r d , 110 V SF -ASA-8. 0 -K 8 ASA 550 0 Se r i e s So f t w a r e v 8. 0 ASA550 0 -E N C R -K 9 ASA 550 0 St r o n g E n c r y p t i o n L i c e n s e ( 3D E S/ AE S) SSM -4G E -I N C SSM -4G E e m b e d d e d w i t h i n ASA 5550 s y s t e m s ASA-V P N -C L N T -K 9 C i s c o V P N C l i e n t So f t w a r e ( W i n d o w s , So l a r i s , L i n u ASA-180 W -P W R -AC ASA 180 W AC P o w e r Su p p l y ASA-AN Y C O N N -C SD -K 9 ASA 550 0 An y C o n n e c t C l i e n t + C i s c o Se c u r i t y D e s A d ap t iv e S e c u rit y A p p l ianc e - H ard w are and S o f t w are S u p p o rt ( 5 y e ars ) C O N -O SP -AS5550 B O N SI T E 24X 7X 4 ASA5550 w / SW , H A, 8G E + 1F E , R e m o t e A c c e s s S e rv e r ( f o r re m o t e o u t -o f -b and m anag e m e nt / d iag no s t ic s ) C I SC O 2811-16T S 2811 w / H W I C -16A a n d 2 C AB -H D 8-ASY N C
J a n u a r y 1 8 , 2 0 0 8
x , M a c ) k t o p So f t w a r e 3D E S/ AE S
T e r m i n a l Se r v e r
C AB -AC S28N I P B -1240 7 C AB -H D 8-ASY N C P W R -2811-AC R O U T E R -SD M M E M 280 0 -256D -I N C M E M 280 0 -64C F -I N C H W I C -16A
B u n d le P o w e r C o r d , 110 V C i s c o 280 0 I P B ASE W / O C R Y P H i g h D e n s i t y 8-p o r t E I A-232 As y C i s c o 2811 AC p o w e r s u p p l y D e v ic e m a n a g e r fo r r o u te r s 256M B D D R D R AM M e m o r y f a c 64M B C F d e f a u l t f o r C i s c o 280 0 16-P o r t As y n c H W I C
T O n c C a b le t o r y d e f a u l t f o r t h e C i s c o 280 0 Se r i e s
1 1 2 1 1 1 1 1
S F O
Dat a C e nt e r S w it c h W S-C 3560 G -24T -S C C AB -AC P G ig ab it E t h e rne t S w it c h - H ard w are CO N-O SP -356 0G T S O
Data Center
a ta ly o w e r and S NSI T
s t 3650 24 10 / 10 0 / 10 0 0 T C o r d , 110 V o f t w are S u p p o rt ( 5 y e ars ) E 24X 7 X 4 Ca t 356 0 24 10/ 100/ 1000T + 4 SF P St
1 1 5 2 4 4 4 2 1 2 10 1 1 1 1 1 1 1 1 5
G atew ay R o u ters ( 2 p er I nternet Drai n - 2 to tal Drai ns )
CI SCO 7 201 Cisco 7 201 Ch a ssis, 1G B M em ory , Du a l P / S, 256 M B F l a sh P W R -7 201-AC Cisco 7 201 AC P ower Su p p l y op tion Sy stem CAB-AC P ower Cord, 110V S7 2P C-12231SB Cisco 7 200P I O S Series I P P LU S M EM -7 201-2G B Cisco 7 201 2G B M em ory op tion SF P -G E -S 10 0 0 B ASE -SX SF P ( D O M ) M EM -7 201-F LD256 Cisco 7 201 Com p a ct F l a sh Disk, 256 M B Sy stem G at e w ay R o u t e rs - H ard w are S u p p o rt ( 5 y e ars ) CO N-O SP -CI SC7 201 O NSI T E 24X 7 X 4 7 201 Ch a ssis, 1G B m em du a l P / S 256 m b f l sh S/ AE S
A d ap t iv e S e c u rit y A p p l ianc e ( F ire w al l - 1 p e r I nt e rne t Drain - 2 Drains ) ASA5550 -B U N -K 9 ASA 5550 Ap p l i a n c e w i t h SW , H A, 8G E + 1F E , 3D E C AB -AC P o w e r C o r d , 110 V SF -ASA-8. 0 -K 8 ASA 550 0 Se r i e s So f t w a r e v 8. 0 ASA550 0 -E N C R -K 9 ASA 550 0 St r o n g E n c r y p t i o n L i c e n s e ( 3D E S/ AE S) SSM -4G E -I N C SSM -4G E e m b e d d e d w i t h i n ASA 5550 s y s t e m s ASA-V P N -C L N T -K 9 C i s c o V P N C l i e n t So f t w a r e ( W i n d o w s , So l a r i s , L i n u ASA-180 W -P W R -AC ASA 180 W AC P o w e r Su p p l y ASA-AN Y C O N N -C SD -K 9 ASA 550 0 An y C o n n e c t C l i e n t + C i s c o Se c u r i t y D e s A d ap t iv e S e c u rit y A p p l ianc e - H ard w are and S o f t w are S u p p o rt ( 5 y e ars ) C O N -O SP -AS5550 B O N SI T E 24X 7X 4 ASA5550 w / SW , H A, 8G E + 1F E ,
x , M a c ) k t o p So f t w a r e 3D E S/ AE S
R e m o t e A c c e s s S e rv e r ( f o r re m o t e o u t -o f -b and m anag e m e nt / d iag no s t ic s ) 2811 w / H W I C -16A a n d 2 C AB -H D 8-ASY N C T e r m i n a l Se r v e r C I SC O 2811-16T S B u n d le C AB -AC P o w e r C o r d , 110 V S28N I P B -1240 7 C i s c o 280 0 I P B ASE W / O C R Y P T O C AB -H D 8-ASY N C H i g h D e n s i t y 8-p o r t E I A-232 As y n c C a b l e P W R -2811-AC C i s c o 2811 AC p o w e r s u p p l y R O U T E R -SD M D e v ic e m a n a g e r fo r r o u te r s M E M 280 0 -256D -I N C 256M B D D R D R AM M e m o r y f a c t o r y d e f a u l t f o r t h e C i s c o 280 0 M E M 280 0 -64C F -I N C 64M B C F d e f a u l t f o r C i s c o 280 0 Se r i e s H W I C -16A 16-P o r t As y n c H W I C
1 1 1 2 1 1 1 1 1
J a n u a r y 1 8 , 2 0 0 8
1 0 5
G l o ssa r y
Th is sec tion prov ides def initions f or term s and ac ronym s used in th is doc um ent. S uppl y f rom Detail ed Desig n Doc um ent.
T erm P E Dra in or Acrony m Def inition
I nternet p eering l oca tion (u p to 8 Level -3 U S l oca tions consisting of Dra in CE, P E a nd I X C R ou ter)
P rovider Edge R ou ter owned b y Level -3
CE
Cu stom er Edge R ou ter owned b y R egu s
CE Non Dra in P E Dra in P E
Sta nda rd M P LS P E th a t wil l receive a p rim a ry a nd seconda ry def a u l t f rom p rim a ry a nd seconda ry dra in p eers to Dra in CE Cu stom er Edge R ou ter a t Dra in Loca tion owned b y R egu s p eers to Dra in P E Border G a tewa y P rotocol
Dra in CE BG P
EI G R P
Dra in I X C R ou ter
Enh a nced I nterior G a tewa y R ou ting P rotocol P eers to Level -3 I nternet R ou ter
Corporate Headquarters
E uropean Headquarters
A m eri c as Headquarters
A si a P ac i f i c Headquarters
J a n u a r y 1 8 , 2 0 0 8
1 0 6
C is c 1 7 0 S a n U S A w w w T e l:
o S y s te m s , In c . W e s t T a s m a n D riv e J o s e , C A 9 5 1 3 4 -1 7 0 6 m 8 5 2 6 -4 0 0 0 0 5 5 3 -N E T S ( 6 3 8 7 ) 8 5 2 6 -4 1 0 0
.c is c o .c o 4 0 8 0 F a x : 4 0
C is c o S y 1 1 R u e C 9 2 7 8 2 Is C e d e x 9 F ra n c e w w w -e u T e l: F a x :
s te m s E u ro p e a m ille D e s m o u lin s s y -L e s -M o u l i n e a u x r o p e .c is c o .c o m 3 3 1 5 8 0 4 6 0 0 0 3 3 1 5 8 0 4 6 1 0 0
C is c o 1 7 0 W S a n J U S A w w w T e l: F a x :
S y s te m s , In c . e s t T a s m a n D riv e o s e , C A 9 5 1 3 4 -1 7 0 6 .c is c o .c o m 4 0 8 5 2 6 -7 6 6 0 4 0 8 5 2 7 -0 8 8 3
C is c o S y s L e v e l 9 , 8 P .O . B o x N o rth S y d N S W 2 0 6 w w w .c is c T e l: F a x :
te m s A u s tr a lia , P ty ., L td 0 P a c ific H ig h w a y 4 6 9 n e y 0 A u s tra lia o .c o m + 6 1 2 8 4 4 8 7 1 0 0 + 6 1 2 9 9 5 7 4 3 5 0
C is c o S y s te m s h a s m o re th a n 2 0 0 o ffic e s in th e fo llo w in g c o u n trie s a n d re g io n s . A d d re s s e s , p h o n e n u m b e rs , a n d fa x n u m b e rs lis te d o n C i s c o W e b s i t e a t w w w .c i s c o .c o m / g o / o f f i c e s .

Argentina Australia Austria Belgium Brazil Bulgaria Canad a Ch ile Ch ina Co lo mb ia Co sta R ic a Cro atia Czec h R ep ub lic D enmark D ub ai, U AE F inland M alay sia M ex ic o T h e N eth erland s N ew Z ealand N o rw ay P eru P h ilip p ines P o land P o rtugal P uerto R ic o R o mania R ussia S aud i Arab ia S ingap o re T aiw an T h ailand T urk ey U k raine U nited K ingd o m U nited S tates V enezuela
F ranc e G ermany G reec e H o ng K o ng S AR H ungary I nd ia I nd o nesia I reland I srael I taly J ap an K o rea L ux emb o urg S lo v ak ia S lo v enia S o uth Af ric a S p ain S w ed en S w itzerland V ietnam Z imb ab w e
J a n u a r y 1 8 , 2 0 0 8
1 0 7

Draft - Layer 3 LLD

Hochgeladen von

Dokumentinformationen

Copyright

Verfügbare Formate

Dieses Dokument teilen

Dokument teilen oder einbetten

Freigabeoptionen

Stufen Sie dieses Dokument als nützlich ein?

Sind diese Inhalte unangemessen?

Copyright:

Verfügbare Formate

Draft - Layer 3 LLD

Hochgeladen von

Copyright:

Verfügbare Formate

TM

C o m p a n y C o n fid e n tia l.A

Inte nde d A udie nce ................................................................................................................... 9

D ocum e nt U s a g e G uide l ine s ................................................................................................... 9

R e l a te d D ocum e nts ................................................................................................................ 1 1

G l ob a l S ite S ol ution S ta nda rds ............................................................................................. 1 6

Ex cep tions ......................................................................................................................................... 16

U .S Site Brea kdown .......................................................................................................................... 15

Sta r Network ..................................................................................................................................... 15

Converged Network Services (CNS) ................................................................................................ 15

NCO -Lite .......................................................................................................................................... 18

NCO -CM ........................................................................................................................................... 18

CNS P h a se 1(B) ................................................................................................................................ 18

CNS P h a se 1(A) ................................................................................................................................ 17

Step Z ero U .S .................................................................................................................................... 17

Step Z ero EM EA............................................................................................................................... 17

Step Z ero U .K ................................................................................................................................... 17

P h y s ica l C onne ctiv ity O v e rv ie w ........................................................................................... 2 2

P E to CE F a cing I nterf a ces ............................................................................................................... 22

BG P Def a u l t R ou tes .......................................................................................................................... 27

BG P Neigh b or Descrip tion ............................................................................................................... 27

BG P Log Neigh b or Ch a nges............................................................................................................. 27

BG P Au th entica tion .......................................................................................................................... 26 P ref ix es ................................................................................................................... 26

BG P R edistrib u tion ........................................................................................................................... 26

BG P Send Com m u nity ...................................................................................................................... 25

Q ua l ity of S e rv ice ( Q oS ) ........................................................................................................ 3 1

EI G R P R edistrib u tion ....................................................................................................................... 30

EI G R P R ou te Annou ncem ents.......................................................................................................... 29

EI G R P P a ssive I nterf a ce Def a u l t ...................................................................................................... 29

I nternet Egress Q oS P ol icy ............................................................................................................... 38

Switch Q oS - R em a rking T ra f f ic ...................................................................................................... 36

Level -3 M P LS Q oS Service Cl a ss M a p p ing ..................................................................................... 36

Dedica ted Q u eu e Ba ndwidth Siz ing ................................................................................................. 35

Service P ol icies ................................................................................................................................. 34

Sh a red Q u eu e Ba ndwidth Siz ing....................................................................................................... 33

I nitia l Site Access Ba ndwidth ........................................................................................................... 32

R em ote Site Ba ndwidth O n Dem a nd ................................................................................................ 31

C o m p a n y C o n fid e n tia l.A

N a m ing C onv e ntions a nd A dditiona l S e rv ice s ................................................................... 4 2

P O P Egress M P LS Q oS P ol icy ......................................................................................................... 40

Da ta Center Egress M P LS Q oS P ol icy ............................................................................................. 39

AAA Services ................................................................................................................................... 48

O u t of Ba nd M a na gem ent ................................................................................................................. 48

I n Ba nd M a na gem ent (SSH ) ............................................................................................................. 48

Network T im e P rotocol (NT P ).......................................................................................................... 47

Sim p l e Network M a na gem ent P rotocol (SNM P ).............................................................................. 47

Dom a in Na m e Service (DNS)........................................................................................................... 47

I P Addressing (P u b l ic a nd P riva te) ................................................................................................... 43

Na m ing Convention .......................................................................................................................... 42

Su m m a ry of Site R ou ter Design........................................................................................................ 57

Q u a l ity of Service ............................................................................................................................. 55

I nsp ection R u l es ................................................................................................................................ 53

BG P Conf igu ra tion ........................................................................................................................... 52 ............................................................................................................................................. 53

EI G R P I nterf a ce Connectivity .......................................................................................................... 52

F a st Eth ernet P orts ............................................................................................................................ 6 0

V LAN I nterf a ces............................................................................................................................... 6 0

V LAN Def initions............................................................................................................................. 59

I nter-Switch T ru nks .......................................................................................................................... 58

C o m p a n y C o n fid e n tia l.A

C incinna ti D a ta C e nte r D e s ig n.............................................................................................. 7 1

Su m m a ry of Site Switch Design ....................................................................................................... 7 0

Attenda nt Consol e (EV O ) Q oS ......................................................................................................... 6 9

Q u a l ity of Service ............................................................................................................................. 6 9

M a na gem ent V LAN.......................................................................................................................... 6 8