Draft - Layer 3 LLD

R e g u s B G P a n d D a t a N e t w o r k Low Level D es i g n

V er s i on 1 . 1 C o r p o r a t e H e a d q u a r t e r s C i s c o 1 7 0 W e s t T a s m a n D r i v e S a n J o s e , C A 9 5 1 3 4 - 1 7 0 6 U S A h t t p : / / w w w . c i s c o . c o m T e l : 4 0 8 5 2 6 -4 0 0 0 8 0 0 5 5 3 -N E T S ( 6 3 8 7 ) F a x : 4 0 8 5 2 6 -4 1 0 0

TM

Advanced Services

J a n u a r y 1 8 , 2 0 0 8 R e g u s L A N / W A N T r a n s p o r t D e s i g n C o m p a n y C o n f i d e n t i a l . A p r i n t e d c o p y o f t h i s d o c u m e n t i s c o n s i d e r e d u n c o n t r o l l e d .

2

T H E S P E C I F I C A T I O N S A N D I N F O R M A T I O N R E G A R D I N G T H E P R O D U C T S I N T H I S M A N U A L A R E S U B J E C T T O C H A N G E W I T H O U T N O T I C E . A L L S T A T E M E N T S , I N F O R M A T I O N , A N D R E C O M M E N D A T I O N S I N T H I S M A N U A L A R E B E L I E V E D T O B E A C C U R A T E B U T A R E P R E S E N T E D W I T H O U T W A R R A N T Y O F A N Y K I N D , E X P R E S S O R I M P L I E D . U S E R S M U S T T A K E F U L L R E S P O N S I B I L I T Y F O R T H E I R A P P L I C A T I O N O F A N Y P R O D U C T S . T H E S O F T W A R E L I C E N S E A N D L I M I T E D W A R R A N T Y F O R T H E A C C O M P A N Y I N G P R O D U C T A R E S E T F O R T H I N T H E I N F O R M A T I O N P A C K E T T H A T S H I P P E D W I T H T H E P R O D U C T A N D A R E I N C O R P O R A T E D H E R E I N B Y T H I S R E F E R E N C E . I F Y O U A R E U N A B L E T O L O C A T E T H E S O F T W A R E L I C E N S E O R L I M I T E D W A R R A N T Y , C O N T A C T Y O U R C I S C O R E P R E S E N T A T I V E F O R A C O P Y . T h e f o l l o w i n g i n f o r m a ti o n i s f o r F C C c o m p l i a n c e o f C l a s s A d e v i c e s : T h i s e q u i p m e n t h a s b e e n te s te d a n d f o u n d to c o m p l y w i th th e l i m i ts f o r a C l a s s A d i g i ta l d e v i c e , p u r s u a n t to p a r t 1 5 o f th e F C C r u l e s . T h e s e l i m i ts a r e d e s i g n e d to p r o v i d e r e a s o n a b l e p r o te c ti o n a g a i n s t h a r m f u l i n te r f e r e n c e w h e n th e e q u i p m e n t i s o p e r a te d i n a c o m m e r c i a l e n v i r o n m e n t. T h i s e q u i p m e n t g e n e r a te s , u s e s , a n d c a n r a d i a te r a d i o -f r e q u e n c y e n e r g y a n d , i f n o t i n s ta l l e d a n d u s e d i n a c c o r d a n c e w i th th e i n s tr u c ti o n m a n u a l , m a y c a u s e h a r m f u l i n te r f e r e n c e to r a d i o c o m m u n i c a ti o n s . O p e r a ti o n o f th i s e q u i p m e n t i n a r e s i d e n ti a l a r e a i s l i k e l y to c a u s e h a r m f u l i n te r f e r e n c e , i n w h i c h c a s e u s e r s w i l l b e r e q u i r e d to c o r r e c t th e i n te r f e r e n c e a t th e i r o w n e x p e n s e . T h e f o l l o w i n g i n f o r m a ti o n i s f o r F C C c o m p l i a n c e o f C l a s s B d e v i c e s : T h e e q u i p m e n t d e s c r i b e d i n th i s m a n u a l g e n e r a te s a n d m a y r a d i a te r a d i o -f r e q u e n c y e n e r g y . I f i t i s n o t i n s ta l l e d i n a c c o r d a n c e w i th C i s c o ’ s i n s ta l l a ti o n i n s tr u c ti o n s , i t m a y c a u s e i n te r f e r e n c e w i th r a d i o a n d te l e v i s i o n r e c e p ti o n . T h i s e q u i p m e n t h a s b e e n te s te d a n d f o u n d to c o m p l y w i th th e l i m i ts f o r a C l a s s B d i g i ta l d e v i c e i n a c c o r d a n c e w i th th e s p e c i f i c a ti o n s i n p a r t 1 5 o f th e F C C r u l e s . T h e s e s p e c i f i c a ti o n s a r e d e s i g n e d to p r o v i d e r e a s o n a b l e p r o te c ti o n a g a i n s t s u c h i n te r f e r e n c e i n a r e s i d e n ti a l i n s ta l l a ti o n . H o w e v e r , th e r e i s n o g u a r a n te e th a t i n te r f e r e n c e w i l l n o t o c c u r i n a p a r ti c u l a r i n s ta l l a ti o n . Y o u c a n d e te r m i n e w h e th e r y o u r e q u i p m e n t i s c a u s i n g i n te r f e r e n c e b y tu r n i n g i t o f f . I f th e i n te r f e r e n c e s to p s , i t w a s p r o b a b l y c a u s e d b y th e C i s c o e q u i p m e n t o r o n e o f i ts p e r i p h e r a l d e v i c e s . I f th e e q u i p m e n t c a u s e s i n te r f e r e n c e to r a d i o o r te l e v i s i o n r e c e p ti o n , tr y to c o r r e c t th e i n te r f e r e n c e b y u s i n g o n e o r m o r e o f th e f o l l o w i n g m e a s u r e s : T u r n th e te l e v i s i o n o r r a d i o a n te n n a u n ti l th e i n te r f e r e n c e s to p s . M o v e th e e q u i p m e n t to o n e s i d e o r th e o th e r o f th e te l e v i s i o n o r r a d i o . M o v e th e e q u i p m e n t f a r th e r a w a y f r o m th e te l e v i s i o n o r r a d i o . P l u g th e e q u i p m e n t i n to a n o u tl e t th a t i s o n a d i f f e r e n t c i r c u i t f r o m th e te l e v i s i o n o r r a d i o . ( T h a t i s , m a k e c e r ta i n th e e q u i p m e n t a n d th e te l e v i s i o n o r r a d i o a r e o n c i r c u i ts c o n tr o l l e d b y d i f f e r e n t c i r c u i t b r e a k e r s o r f u s e s . ) M o d i f i c a ti o n s to th i s p r o d u c t n o t a u th o r i z e d b y C i s c o S y s te m s , I n c . c o u l d v o i d th e F C C a p p r o v a l a n d n e g a te y o u r a u th o r i ty to o p e r a te th e p r o d u c t. T h e f o l l o w i n g th i r d -p a r ty s o f tw a r e m a y b e i n c l u d e d w i th y o u r p r o d u c t a n d w i l l b e s u b j e c t to th e s o f tw a r e l i c e n s e a g r e e m e n t: C i s c o W o r k s s o f tw a r e a n d d o c u m e n ta ti o n a r e b a s e d i n p a r t o n H P O p e n V i e w u n d e r l i c e n s e f r o m th e H e w l e tt-P a c k a r d C o m p a n y . H P O p e n V i e w i s a tr a d e m a r k o f th e H e w l e tt-P a c k a r d C o m p a n y . C o p y r i g h t 1 9 9 2 , 1 9 9 3 H e w l e tt-P a c k a r d C o m p a n y . T h e C i s c o i m p l e m e n ta ti o n o f T C P h e a d e r c o m p r e s s i o n i s a n a d a p ta ti o n o f a p r o g r a m d e v e l o p e d b y th e U n i v e r s i ty o f C a l i f o r n i a , B e r k e l e y ( U C B ) a s p a r t o f U C B ’ s p u b l i c d o m a i n v e r s i o n o f th e U N I X o p e r a ti n g s y s te m . A l l r i g h ts r e s e r v e d . C o p y r i g h t 1 9 8 1 , R e g e n ts o f th e U n i v e r s i ty o f C a l i f o r n i a . N e tw o r k T i m e P r o to c o l ( N T P ) . C o p y r i g h t 1 9 9 2 , D a v i d L . M i l l s . T h e U n i v e r s i ty o f D e l a w a r e m a k e s n o r e p r e s e n ta ti o n s a b o u t th e s u i ta b i l i ty o f th i s s o f tw a r e f o r a n y p u r p o s e . P o i n t-to -P o i n t P r o to c o l . C o p y r i g h t 1 9 8 9 , C a r n e g i e -M e l l o n U n i v e r s i ty . A l l r i g h ts r e s e r v e d . T h e n a m e o f th e U n i v e r s i ty m a y n o t b e u s e d to e n d o r s e o r p r o m o te p r o d u c ts d e r i v e d f r o m th i s s o f tw a r e w i th o u t s p e c i f i c p r i o r w r i tte n p e r m i s s i o n . T h e C i s c o i m p l e m e n ta ti o n o f T N 3 2 7 0 i s a n a d a p ta ti o n o f th e T N 3 2 7 0 , c u r s e s , a n d te r m c a p p r o g r a m s d e v e l o p e d b y th e U n i v e r s i ty o f C a l i f o r n i a , B e r k e l e y ( U C B ) a s p a r t o f th e U C B ’ s p u b l i c d o m a i n v e r s i o n o f th e U N I X o p e r a ti n g s y s te m . A l l r i g h ts r e s e r v e d . C o p y r i g h t 1 9 8 1 -1 9 8 8 , R e g e n ts o f th e U n i v e r s i ty o f C a l i f o r n i a . C i s c o i n c o r p o r a te s F a s tm a c a n d T r u e V i e w s o f tw a r e a n d th e R i n g R u n n e r c h i p i n s o m e T o k e n R i n g p r o d u c ts . F a s tm a c s o f tw a r e i s l i c e n s e d to C i s c o b y M a d g e N e tw o r k s L i m i te d , a n d th e R i n g R u n n e r c h i p i s l i c e n s e d to C i s c o b y M a d g e N V . F a s tm a c , R i n g R u n n e r , a n d T r u e V i e w a r e tr a d e m a r k s a n d i n s o m e j u r i s d i c ti o n s r e g i s te r e d tr a d e m a r k s o f M a d g e N e tw o r k s L i m i te d . C o p y r i g h t 1 9 9 5 , M a d g e N e tw o r k s L i m i te d . A l l r i g h ts r e s e r v e d . X r e m o te i s a tr a d e m a r k o f N e tw o r k C o m p u ti n g D e v i c e s , I n c . C o p y r i g h t 1 9 8 9 , N e tw o r k C o m p u ti n g D e v i c e s , I n c . , M o u n ta i n V i e w , C a l i f o r n i a . N C D m a k e s n o r e p r e s e n ta ti o n s a b o u t th e s u i ta b i l i ty o f th i s s o f tw a r e f o r a n y p u r p o s e . T h e X W i n d o w S y s te m i s a tr a d e m a r k o f th e X C o n s o r ti u m , C a m b r i d g e , M a s s a c h u s e tts . A l l r i g h ts r e s e r v e d . N O T W I T H S T A N D I N G A N Y O T H E R W A R R A N T Y H E R E I N , A L L D O C U M E N T F I L E S A N D S O F T W A R E O F T H E S E S U P P L I E R S A R E P R O V I D E D “ A S I S ” W I T H A L L F A U L T S . C I S C O A N D T H E A B O V E -N A M E D S U P P L I E R S D I S C L A I M A L L W A R R A N T I E S , E X P R E S S E D O R I M P L I E D , I N C L U D I N G , W I T H O U T L I M I T A T I O N , T H O S E O F M E R C H A N T A B I L I T Y , F I T N E S S F O R A P R A C T I C A L P U R P O S E A N D N O N I N F R I N G E M E N T O R A R I S I N G F R O M A C O U R S E O F D E A L I N G , U S A G E , O R T R A D E P R A C T I C E . I N N O E V E N T S H A L L C I S C O O R I T S S U P P L I E R S B E L I A B L E F O R A N Y I N D I R E C T , S P E C I A L , C O N S E Q U E N T I A L , O R I N C I D E N T A L D A M A G E S , I N C L U D I N G , W I T H O U T L I M I T A T I O N , L O S T P R O F I T S O R L O S S O R D A M A G E T O D A T A A R I S I N G O U T O F T H E U S E O R I N A B I L I T Y T O U S E T H I S M A N U A L , E V E N I F C I S C O O R I T S S U P P L I E R S H A V E B E E N A D V I S E D O F T H E P O S S I B I L I T Y O F S U C H D A M A G E S . A c c e s s P a th , A tm D i r e c to r , B r o w s e w i th M e , C C D E , C C I P , C C S I , C D -P A C , CiscoLink , th e C i s c o N e t W or ks l o g o , th e C i s c o P ow e r e d N e tw o r k l o g o , C i s c o S y s te m s N e tw o r k i n g A c a d e m y , F a s t S te p , F o l l o w M e B r o w s i n g , F o r m S h a r e , F r a m e S h a r e , G i g a S ta c k , I G X , I n te r n e t Q u o ti e n t, I P / V C , i Q B r e a k th r o u g h , i Q E x p e r ti s e , i Q F a s tT r a c k , th e i Q l o g o , i Q N e t R e a d i n e s s S c o r e c a r d , M G X , th e N e tw o r k e r s l o g o , P a cke t , R a te M U X , S c r i p tB u i l d e r , S c r i p tS h a r e , S l i d e C a s t, S M A R T n e t, T r a n s P a th , U n i ty , V o i c e L A N , W a v e l e n g th R o u te r , a n d W e b V i e w e r a r e tr a d e m a r k s o f C i s c o S y s te m s , I n c . ; C h a n g i n g th e W a y W e W o r k , L i v e , P l a y , a n d L e a r n , D i s c o v e r A l l T h a t’ s P o s s i b l e , a n d E m p o w e r i n g th e I n te r n e t G e n e r a ti o n , a r e s e r v i c e m a r k s o f C i s c o S y s te m s , I n c . ; a n d A i r o n e t, A S I S T , B P X , C a ta l y s t, C C D A , C C D P , C C I E , C C N A , C C N P , C i s c o , th e C i s c o C e r ti f i e d I n te r n e tw o r k E x p e r t L o g o , C i s c o I O S , th e C i s c o I O S l o g o , C i s c o S y s te m s , C i s c o S y s te m s C a p i ta l , th e C i s c o S y s te m s l o g o , E n te r p r i s e / S o l v e r , E th e r C h a n n e l , E th e r S w i tc h , F a s tH u b , F a s tS w i tc h , I O S , I P / T V , L i g h tS tr e a m , M I C A , N e tw o r k R e g i s tr a r , P I X , P o s t-R o u ti n g , P r e -R o u ti n g , R e g i s tr a r , S tr a ta V i e w P l u s , S tr a tm , S w i tc h P r o b e , T e l e R o u te r , a n d V C O a r e r e g i s te r e d tr a d e m a r k s o f C i s c o S y s te m s , I n c . a n d / o r i ts a f f i l i a te s i n th e U . S . a n d c e r ta i n o th e r c o u n tr i e s . A l l o th e r tr a d e m a r k s m e n ti o n e d i n th i s d o c u m e n t o r W e b s i te a r e th e p r o p e r ty o f th e i r r e s p e c ti v e o w n e r s . T h e u s e o f th e w o r d p a r tn e r d o e s n o t i m p l y a p a r tn e r s h i p r e l a ti o n s h i p b e tw e e n C i s c o a n d a n y o th e r c o m p a n y . ( 0 1 0 5 R ) I N T E L L E C T U A L P R O P E R T Y R I G H T S : T H I S D O C U M E N T C O N T A I N S V A L U A B L E T R A D E S E C R E T S A N D C O N F I D E N T I A L I N F O R M A T I O N O F C I S C O S Y S T E M S , I N C . A N D I T ’ S S U P P L I E R S , A N D S H A L L N O T B E D I S C L O S E D T O A N Y P E R S O N , O R G A N I Z A T I O N , O R E N T I T Y U N L E S S S U C H D I S C L O S U R E I S S U B J E C T T O T H E P R O V I S I O N S O F A W R I T T E N N O N -D I S C L O S U R E A N D P R O P R I E T A R Y R I G H T S A G R E E M E N T O R I N T E L L E C T U A L P R O P E R T Y L I C E N S E A G R E E M E N T A P P R O V E D B Y C I S C O S Y S T E M S , I N C . T H E D I S T R I B U T I O N O F T H I S D O C U M E N T D O E S N O T G R A N T A N Y L I C E N S E I N O R R I G H T S , I N W H O L E O R I N P A R T , T O T H E C O N T E N T , T H E P R O D U C T ( S ) , T E C H N O L O G Y O F I N T E L L E C T U A L P R O P E R T Y D E S C R I B E D H E R E I N . C o p y r i g h t 2 0 0 1 -2 , C i s c o S y s te m s , I n c . A l l r i g h ts r e s e r v e d . C O M M E R C I A L I N C O N F I D E N C E .

Introduction....................................................................................................................................8 E x e cutiv e S um m a ry .................................................................................................................8 D ocum e nt P urp os e ...................................................................................................................8 Inte nde d A udie nce ...................................................................................................................9 S cop e .........................................................................................................................................9 D ocum e nt U s a g e G uide l ine s ...................................................................................................9 A s s um p tions a nd C a v e a ts ......................................................................................................9

A b out T h is D e s ig n D ocum e nt .................................................................................................... 1 0 H is tory ..................................................................................................................................... 1 0 R e v ie w ..................................................................................................................................... 1 0 S ide s y m b ol s .......................................................................................................................... 1 1 R e l a te d D ocum e nts ................................................................................................................ 1 1

P roj e ct O v e rv ie w .......................................................................................................................... 1 2 N e tw ork O b j e ctiv e s ................................................................................................................ 1 2 D e s ig n A s s um p tions a nd C a v e a ts ....................................................................................... 1 2

C urre nt D a ta N e tw ork D e s ig ns ................................................................................................... 1 4 G l ob a l S ite C l a s s if ica tions .................................................................................................... 1 4 C l a s s if ica tion b y S e rv ice s ..................................................................................................... 1 4 Converged Network Services (CNS) ................................................................................................ 15 Sta r Network ..................................................................................................................................... 15 U .S Site Brea kdown.......................................................................................................................... 15 Ex cep tions ......................................................................................................................................... 16

G l ob a l S ite S ol ution S ta nda rds ............................................................................................. 1 6 F ra m ework U .S ................................................................................................................................. 16 F ra m ework U .K / EM EA .................................................................................................................. 16 Step Z ero U .K ................................................................................................................................... 17 Step Z ero EM EA............................................................................................................................... 17 H y b rid U .S ........................................................................................................................................ 17 Step Z ero U .S .................................................................................................................................... 17 CNS P h a se 1(A) ................................................................................................................................ 17 CNS P h a se 1(B) ................................................................................................................................ 18 NCO -CM ........................................................................................................................................... 18 NCO -Lite .......................................................................................................................................... 18 Sta r (Concep t) ................................................................................................................................... 19

Inte rim D a ta N e tw ork A rch ite cture ............................................................................................ 2 0 Inte rim D e s ig n S cop e ............................................................................................................. 2 0


4

T e rm inol og y ............................................................................................................................ 2 0 N e tw ork T op ol og y .................................................................................................................. 2 1 P h y s ica l C onne ctiv ity O v e rv ie w ........................................................................................... 2 2 P E to CE F a cing I nterf a ces ............................................................................................................... 22 Core F a cing I nterf a ces ...................................................................................................................... 22

N e tw ork D e s ig n C om p one nts .................................................................................................... 2 3 B orde r G a te w a y P rotocol ( B G P ) ........................................................................................... 2 3 BG P T op ol ogy La y ers....................................................................................................................... 24 BG P Au tonom ou s Sy stem Nu m b er (ASN) ....................................................................................... 25 BG P R ou ter I D.................................................................................................................................. 25 BG P Send Com m u nity ...................................................................................................................... 25 BG P R edistrib u tion ........................................................................................................................... 26 BG P Au th entica tion .......................................................................................................................... 26 BG P M a x im u m P ref ix es ................................................................................................................... 26 BG P Log Neigh b or Ch a nges............................................................................................................. 27 BG P Neigh b or Descrip tion ............................................................................................................... 27 BG P Def a u l t R ou tes .......................................................................................................................... 27 Su m m a ry of BG P Design.................................................................................................................. 28

E nh a nce d Inte rior G a te w a y P rotocol ( E IG R P ) ..................................................................... 2 9 EI G R P Au tonom ou s Sy stem Nu m b er ............................................................................................... 29 EI G R P R ou ter I D .............................................................................................................................. 29 EI G R P P a ssive I nterf a ce Def a u l t ...................................................................................................... 29 EI G R P R ou te Annou ncem ents.......................................................................................................... 29 EI G R P R edistrib u tion ....................................................................................................................... 30 EI G R P Def a u l t / Su m m a ry R ou te ..................................................................................................... 30 Su m m a ry of EI G R P Design .............................................................................................................. 30

Q ua l ity of S e rv ice ( Q oS ) ........................................................................................................ 3 1 R em ote Site Ba ndwidth O n Dem a nd ................................................................................................ 31 I nitia l Site Access Ba ndwidth ........................................................................................................... 32 P ol icing ............................................................................................................................................. 32 Sh a red Q u eu e Ba ndwidth Siz ing....................................................................................................... 33 Q oS Cl a sses....................................................................................................................................... 33 Service P ol icies ................................................................................................................................. 34 Dedica ted Q u eu e Ba ndwidth Siz ing ................................................................................................. 35 Level -3 M P LS Q oS Service Cl a ss M a p p ing ..................................................................................... 36 Switch Q oS - R em a rking T ra f f ic ...................................................................................................... 36 Switch Q oS – Q u eu e T u ning............................................................................................................. 37 Q u eu ing on th e I P P h one................................................................................................................... 38 I nternet Egress Q oS P ol icy ............................................................................................................... 38


5

Da ta Center Egress M P LS Q oS P ol icy ............................................................................................. 39 P O P Egress M P LS Q oS P ol icy ......................................................................................................... 40 Su m m a ry of Q oS Design .................................................................................................................. 41

N a m ing C onv e ntions a nd A dditiona l S e rv ice s ................................................................... 4 2 Na m ing Convention .......................................................................................................................... 42 I P Addressing (P u b l ic a nd P riva te) ................................................................................................... 43 Dom a in Na m e Service (DNS)........................................................................................................... 47 Sim p l e Network M a na gem ent P rotocol (SNM P ) .............................................................................. 47 Sy sl og Servers................................................................................................................................... 47 Network T im e P rotocol (NT P ).......................................................................................................... 47 I n Ba nd M a na gem ent (SSH ) ............................................................................................................. 48 O u t of Ba nd M a na gem ent ................................................................................................................. 48 AAA Services ................................................................................................................................... 48 CDP Services .................................................................................................................................... 49

S ite D e s ig ns ................................................................................................................................. 5 0 S ite R oute r D e s ig n ................................................................................................................. 5 0 W AN Connectivity ............................................................................................................................ 51 EI G R P P rocess .................................................................................................................................. 52 EI G R P I nterf a ce Connectivity .......................................................................................................... 52 BG P Conf igu ra tion ........................................................................................................................... 52 I O S F W ............................................................................................................................................. 53 I nsp ection R u l es ................................................................................................................................ 53 I nb ou nd ACL .................................................................................................................................... 55 Q u a l ity of Service ............................................................................................................................. 55 M u l tica st ........................................................................................................................................... 55 P I M ................................................................................................................................................... 55 M u sic O n H ol d.................................................................................................................................. 56 DH CP Services ................................................................................................................................. 56 Su m m a ry of Site R ou ter Design........................................................................................................ 57

S ite S w itch ing D e s ig n ............................................................................................................ 5 8 Switch T op ol ogy ............................................................................................................................... 58 CE R ou ter Link ................................................................................................................................. 58 I nter-Switch T ru nks .......................................................................................................................... 58 EI G R P P rocess .................................................................................................................................. 59 V LAN Def initions............................................................................................................................. 59 V LAN I nterf a ces............................................................................................................................... 6 0 F a st Eth ernet P orts ............................................................................................................................ 6 0 V T P ................................................................................................................................................... 6 1 M u l tica st ........................................................................................................................................... 6 1


6

P I M Stu b ........................................................................................................................................... 6 2 I G M P Snoop ing ................................................................................................................................ 6 2 Switch SDM T em p l a te ...................................................................................................................... 6 3 R em ote Site Secu rity ......................................................................................................................... 6 3 Secu rity Service Cl a sses ................................................................................................................... 6 4 Secu rity Service Access List ............................................................................................................. 6 4 Sp a nning T ree ................................................................................................................................... 6 7 P ower over Eth ernet (P oE)................................................................................................................ 6 8 M a na gem ent V LAN.......................................................................................................................... 6 8 Q u a l ity of Service ............................................................................................................................. 6 9 Attenda nt Consol e (EV O ) Q oS ......................................................................................................... 6 9 Su m m a ry of Site Switch Design ....................................................................................................... 7 0

C incinna ti D a ta C e nte r D e s ig n.............................................................................................. 7 1 V LAN Def initions............................................................................................................................. 7 2 DC Switch 1 to Dra in CE................................................................................................................... 7 2 DC Switch 2 to Dra in CE.............................................................................................................. 7 3 Eth erCh a nnel DC Switch 1 & 2 ........................................................................................................ 7 3 DC Switch 1 & 2 to ASA.................................................................................................................. 7 4 DC Switch 1 to DC Switch 2 V LAN ................................................................................................ 7 4 DC Switch 2 U nity Dia l -O u t R ou ter ................................................................................................. 7 4 M a na gem ent V LAN.......................................................................................................................... 7 5 Sp a nning T ree ................................................................................................................................... 7 5 V T P ................................................................................................................................................... 7 5 O O B M a na gem ent R ou ter................................................................................................................. 7 6 Su m m a ry of Da ta Center Design ...................................................................................................... 7 6

S a n F ra ncis co P O P D e s ig n ................................................................................................... 7 7 V LAN Def initions............................................................................................................................. 7 7 P op Switch 1 to Dra in CE ................................................................................................................. 7 8 P op Switch 1 to ASA ........................................................................................................................ 7 8 M a na gem ent V LAN.......................................................................................................................... 7 8 Sp a nning T ree ................................................................................................................................... 7 9 V T P ................................................................................................................................................... 7 9 O O B M a na gem ent R ou ter................................................................................................................. 8 0 Su m m a ry of P O P Design .................................................................................................................. 8 0

R e g us D ra in S ite & Inte rne t A cce s s D e s ig n ........................................................................81 BG P Dra in Concep t a nd Loca tions ................................................................................................... 8 1 T h e Need f or Sy m m etry : M u l tip l e Dra in Ch a l l enges ....................................................................... 8 2 Sy m m etrica l R ou ting Sol u tion .......................................................................................................... 8 3 BG P I X C R ou ting P ol icy .................................................................................................................. 8 4 Dra in CE to P E Connectivity a nd I X C P eering................................................................................. 8 5


7

ASA R ol e a nd NAT Connectivity ..................................................................................................... 8 6 ASA F W R u l es.................................................................................................................................. 8 7 CE Access & Site to Site V P Ns ........................................................................................................ 8 8 ASA Access V P N ............................................................................................................................. 9 0 ASA V P N U sers................................................................................................................................ 9 0 Su m m a ry of Dra in Site Design ......................................................................................................... 9 1

S of tw a re R e l e a s e s .......................................................................................................................93

R oute r T e m p l a te s ........................................................................................................................94 38 45 CE R ou ter T em p l a te................................................................................................................. 9 4 7 201/ 7 206 Dra in CE R ou ter T em p l a te.............................................................................................. 9 5 7 201/ 7 206 I X C R ou ter T em p l a te ...................................................................................................... 9 6 ASA 5500 F irewa l l T em p l a te ........................................................................................................... 9 8 356 0-R Switch T em p l a te (Site)....................................................................................................... 100 356 0 Switch T em p l a te (Site)........................................................................................................... 100 356 0 Switch T em p l a te (Da ta Center) .............................................................................................. 100 356 0 R ou ter T em p l a te (P O P ) .......................................................................................................... 100

A p p e ndix A ................................................................................................................................. 1 0 1 R e g us Inte rim IP T S ite L is t .................................................................................................. 1 0 1 Da ta Center ..................................................................................................................................... 101 P O P ................................................................................................................................................. 101 Site # 19 9 9 ....................................................................................................................................... 101 Site # 9 9 1 ......................................................................................................................................... 101

A p p e ndix B ................................................................................................................................. 1 0 3 H a rdw a re B il l of M a te ria l s ................................................................................................... 1 0 3

G l os s a ry ..................................................................................................................................... 1 0 6

J a n u a r y 1 8 , 2 0 0 8 R e g u s C o m p a n y C o n f i d e n t i a l . A p r i n t e d c o p y o f t h i s d o c u m e n t i s c o n s i d e r e d u n c o n t r o l l e d .

8

Introduction

E x ecu t ive Su m m ary

Th is doc um ent is a Low Lev el Desig n (LLD) doc um ent desc rib ing th e Reg us N etw ork . It is b uil t b ased upon inf orm ation c ontained in th e H LD (H ig h Lev el Desig n) doc um ent. Th is desig n im pl em ents Cisc o and industry b est prac tic e desig n m odel s, w h il e sim ul taneousl y inc orporating th e desig n requirem ents prov ided to Cisc o b y Reg us w h ic h c onsist of :

� H ig h l y S c al ab l e and F l exib l e B G P Desig n f or up to 3000 Reg us S ite routers c onnec ted to up to 8 Drain Loc ations in th e U S

� Desig n B G P P eering f or Rem ote S ites � Rev iew and Depl oy Existing “P h ase A” S ite L3/ L2 Connec tiv ity at Data Center

and Rem ote S ites � F l exib l e Desig n to support Inter P rov ider MP LS P eering if nec essary � S ym m etric al Routing w ith Central iz ed N AT F unc tion (Dec entral iz ed f or S tatic

N AT) � P roj ec t Requires 1 P O P & 1 Data Centers, 3 Rem ote S ites to b e b roug h t onl ine b y

end of April 2008

D o cu m ent P u rp o se Th e purpose of th is doc um ent is to outl ine Cisc o’s Low Lev el Desig n (LLD) f or th e Reg us proj ec t. It detail s th e ph ysic al and l og ic al requirem ents and steps nec essary to m eet th ese requirem ents. Th is doc um ent prov ides an ov eral l assessm ent of th e netw ork desig n and spec if ic operational f unc tions. Th e ob serv ations and sug g estions presented in th is doc um ent are th e resul t of inf orm ation ac quired f rom Reg us eng ineers during desig n sessions, tel ec onf erenc es, v isits, and/ or v ia doc um entation suppl ied to Cisc o. Th e doc um ent prov ides suf f ic ient detail to deriv e th e dev ic e c onf ig urations th at w il l b e doc um ented in th e N etw ork Im pl em entation P l an. Th e doc um ent c onsists of th e c onf ig uration tem pl ates f or eac h dev ic e type f or th e Interim Desig n. S om e param eters m ay b e f ine tuned during netw ork depl oym ent.


9

I nt ended Au dience Th e intended audienc e of th is doc um ent is th e Reg us tec h nic al staf f and m anag em ent as w el l as Cisc o S ystem s and P artner depl oym ent eng ineers.

Sco p e Th e sc ope of th is doc um ent is to identif y and doc um ent th e detail s nec essary to deriv e c onf ig uration tem pl ates f or rol e spec if ic dev ic es. Th ese dev ic es inc l ude Routers, S w itc h es and F irew al l s.

D o cu m ent U sag e G u idel ines Th is doc um ent sh oul d b e used as a g uidel ine f or extrac ting th e nec essary inf orm ation to b uil d c onf ig urations th at al l ow th e v arious netw ork el em ents to prov ide th e required serv ic es. Th is w il l al so al l ow th e depl oym ent eng ineer/ partner to m ak e appropriate dec isions w h en depl oying and c onf ig uring th e netw ork . Af ter ac c eptanc e of th e LLD b y Reg us, th e LLD doc um ent is stil l a l iv ing doc um ent th at w il l b e updated b y experienc es g ained th roug h out th e depl oym ent ph ase.

Assu m p t io ns and C aveat s It is assum ed th e reader is f am il iar w ith th e Reg us serv ic e requirem ents. F urth erm ore, it is al so assum ed th e reader is f am il iar w ith Cisc o IO S and h as a b asic understanding of th e netw ork and tec h nol og ies th at w il l b e used to f ul f il l Reg us’s requirem ents.


1 0

A b out T h is D esig n D ocum ent Auth or: Cisc o Adv anc ed S erv ic es Matt B irk ner and Darel l G odeaux Ch ang e Auth ority: Cisc o Adv anc ed S erv ic es

H ist o ry V e rs ion N o. Is s ue D a te S ta tus R e a s on f or C h a ng e 0.8 8 1/ 10/ 2008 Dra f t F irst rel ea se 1.1 1/ 17 / 2008

R eview R e v ie w e r’ s D e ta il s V e rs ion N o. D a te

Ch a nge F oreca st: Low T h i s d o c u m e n t w i l l b e k e p t u n d e r r e v i s i o n c o n t r o l .


1 1

Side sy m b o l s Th is sym b ol m eans note. Th e user m ust add inf orm ation, w ritten or typed; to th e doc um ent during th e im pl em entation w ork or th at th e user m ust tak e note of th e inf orm ation presented.

R el at ed D o cu m ent s R e f e re nce

D ocum e nt V e rs ion

1 IB M Data N etw ork and Voic e Arc h itec ture 11 2 Cisc o H ig h Lev el Desig n Doc um ent (H LD) 1.0 3 Cisc o P roduc t Doc um entation

h ttp:/ / w w w .c isc o.c om / univ erc d/ c c / td/ doc / produc t/ index.h tm N/ A


1 2

P roj ect O v erv iew

N et w o rk O b j ect ives

Th e g oal of th e Reg us Data Desig n is to desig n and depl oy an Interim Arc h itec ture w h ic h m eets th e f ol l ow ing k ey ob j ec tiv es:

� H ig h l y S c al ab l e and F l exib l e B G P Desig n f or up to 3000 Reg us S ite routers c onnec ted to

up to 8 Drain Loc ations in U S and/ or Canada � Desig n B G P P eering f or Rem ote S ites � F l exib l e Desig n to support Inter P rov ider MP LS P eering if nec essary � S ym m etric al Routing w ith Central iz ed N AT F unc tion � Initial P h ase of th e P roj ec t Requires 2 Data Centers and 3 Rem ote S ites to b e b roug h t

onl ine b y end of J an 2008 � Cisc o w il l prov ide a Transf er of K now l edg e f or Reg us/ P artner and rec om m endation of

S of tw are rel eases f or depl oym ent.

D esig n Assu m p t io ns and C aveat s Assum ptions and k now n c av eats reg arding th e c urrent and/ or proposed desig n h av e al ready b een c om m unic ated to av oid m isunderstanding s l ater during th e netw ork desig n rev iew proc ess. Assum ptions and c av eats are detail ed b el ow .

• Adequate netw ork l ink util iz ation m easurem ents h av e b een c onduc ted b y Reg us to determ ine th e appropriate Link S iz ing to el im inate th e possib il ity of l ink saturation. Circ uit ordering and siz ing f or th e purpose of th is proj ec t is f ul l y m anag ed b y Reg us.

• Th ere is v ery l ittl e redundanc y in th e netw ork . F or exam pl e, eac h rem ote site is m ono-h om ed w ith a sing l e router. Al so, w h il e th e data c enter w il l c ontain a pair of sw itc h es, th ere stil l w il l b e onl y a sing l e router at th is l oc ation. Th is m eans th at sing l e point of f ail ure (ie. a router or th e Lev el 3 c irc uit) w il l c ause dow ntim e. Th e b usiness dec isions w ere m ade at th is tim e b y Reg us to c ontinue w ith th ese k now n risk s. Reg us h as an exstab l ish ed h istory of suc c essf ul l y running equipm ent in Lev el -3’s c o-l oc ation f ac il ities. Circ uit f ail ure risk is v iew ed as m inim iz ed b ec ause of th e c irc uits b eing c onnec ted w ith in th e f ac il ity.

• We h av e ob tained doc um entation f rom Reg us and in som e c ases, partners, on th e existing v oic e and data sol utions, IP Addressing , and VLAN inf orm ation. We


1 3

h av e b een instruc ted to re-use th is inf orm ation rath er th an redesig ning th ese sec tions. Muc h of th is is h ig h l ig h ted in th e “Current Data N etw ork Desig ns” S ec tion.

• Th e orig inal IP T S O W is f or a Voic e sol ution onl y; it does not spec if y a Central iz ed (B roadh op) or Dec entral iz ed (Ac c ess Manag er) B andw idth on Dem and Model . In support of B andw idth on Dem and, th e l atest Reg us U S IB M P h ase A Model w il l b e depl oyed at eac h rem ote site using th e sam pl e c onf ig urations (Reg us S ite 380 & 761) and P h ase A Doc um entation. Th is w il l inc rease supportab il ity b y m inim iz ing th e dif f erenc es f rom oth er interim sol utions. Reg us understands th at Cisc o is depl oying th e prev ious IB M P h ase A m odel w h ic h is w ork ing w ith th e c urrent Reg us depl oym ents. Th e tim e pressure on th e proj ec t requires re-use of th e c urrent c onf ig uration. Reg us expec ts Cisc o to c al l out any prob l em s th at w oul d present a risk w ith th e c ontinued use of th e IB M P h ase A c onf ig uration.

• Th e onl y spec if ic sub net w ith in th e Reg us U S b l oc k th at is b eing adv ertised to th e Internet b y a non Lev el -3 IS P is 66.202.128.0/ 24 (f rom Look ing G l ass Look ups) Lev el -3 appears to b e announc ing th e 66.202.160.0/ 19 w h ic h is th e upper h al f of th e 66.202.128.0/ 18. Th us th ere w il l not b e any c onf l ic ts sinc e th is spac e w il l not b e used f or any of th e th ree new sites.

• VP N P rof il es th at exist on th e F ram ew ork Routers f or IS I, IN X , N etsurant, and Reg us w il l b e reused and enab l ed b y “Day 2” support team af ter site turn up. Th ey w il l not b e re-eng ineered, optim iz ed, or enh anc ed, sinc e VP N desig n is outside of th e sc ope of th is interim proj ec t.

• Th ere are sev eral existing c onf ig urations th at w il l b e used f or th e interim etw ork . In a f uture proj ec t, Cisc o rec om m ends th at som e areas b e re-ev al uated f or optim al netw ork perf orm anc e. S om e g eneral areas f or im prov em ent in f uture proj ec ts inc l ude:

o H ierarc h ic al Q oS Conf ig uration on CE (Q O S Redesig n) o MLS Trust Model v s. Rem ark ing on S w itc h (Q O S Redesig n) o DH CP usag e on S w itc h v s. Router (DH CP Redesig n) o Rate Lim iting on S w itc h v s. Router (Rate Lim iting / B O D Redesig n) o VP N Ac c ess Central iz ation or Direc t MP LS VP N Connec tions (VP N

Redesig n)


1 4

C urrent D a ta N etw ork D esig ns Reg us h as prov ided Cisc o w ith th e Doc um entation f or th is b rief sec tion. It is b eing inc l uded f or c om pl eteness.

G l o b al Sit e C l assif icat io ns Th e Reg us tec h nic al arc h itec tural strateg y supports v arious c l ient b usiness ob j ec tiv es supported g l ob al l y. B y c reating a c entral iz ed serv ic e distrib ution m odel CN S / H ead Ends th is w il l al l ow Reg us to reduc e operations and support c osts w h il e prov iding g reater c l ient appl ic ation f eatures. Th is strateg y resul ts in l ow er adm inistration c osts to of f set an inc rease in netw ork c apac ity needed to support real tim e c onv erg ed appl ic ations. Th is desig n is b ased of f c ertain ag reed upon c ost approv al s and any dev iations need to b e pre-approv ed b y th e Arc h itec ture Rev iew B oard (ARB ). Th e f ol l ow ing def ines th e dif f erent c l asses of sites th at w il l b e depl oyed g l ob al l y.

Global Site Strategy

AmericasH ead E n d s( M P L S )

AP ACH ead E n d s( M P L S )

E u ro p eH ead E n d s( M P L S )

At l an t a

B ay Area

N ew J ersey

B raz ilC l u st er

S o u t h Af ricaC l u st er

N o rt h -E ast AsiaC l u st er

I n d iaC l u st er

M id d l e E astC l u st er

C h in aC l u st er

Au st ral ia

H o n g K o n g

R u ssiaC l u st er

At l an t ic P eerin g

P acif ic P eerin g P acif ic P eerin g

Existing Head EndsF u tu r e Head EndsC l u ster s ( M ini HE’s)C o nnec tiv ity ( P eer ing)

E u rasia P eerin g

AmericasH ead E n d s( M P L S )

AP ACH ead E n d s( M P L S )

E u ro p eH ead E n d s( M P L S )

At l an t a

B ay Area

N ew J ersey

B raz ilC l u st er

S o u t h Af ricaC l u st er

N o rt h -E ast AsiaC l u st er

I n d iaC l u st er

M id d l e E astC l u st er

C h in aC l u st er

Au st ral ia

H o n g K o n g

R u ssiaC l u st er

At l an t ic P eerin g

P acif ic P eerin g P acif ic P eerin g



E u rasia P eerin g

C l assif icat io n b y Services S erv ic es and th eir del iv ery h av e b een desig ned b ased on th e site c l assif ic ation. Th ese sites w il l h av e MP LS c onnec tiv ity to th e reg ional h ead end f or f ul l serv ic e c l ass f unc tional ity. F or sites


1 5

th at do not support MP LS due to c ost c onstraints or in c ountry reg ul atory issues, th e S tar desig n w il l b e c onsidered to prov ide sim il ar f unc tional ity g iv en l ow er b andw idth assum ptions. Th e N um b er of Total S ites per Reg ion is Dependent on th e Mix of S m al l (S S ), Medium (MS ), Larg e (LS ), and Extra Larg e (X L).

Converged Network Services (CNS) Redundant c al l proc essing serv ic es w il l b e instal l ed at th e Atl anta, G A and S ec auc us, N J h ead ends to prov ide uninterrupted v oic e serv ic es. • Voic e and netw ork c om ponents at th e h eadends m ust util iz e protec ted pow er sourc es • Al l redundant c om ponents m ust b e c onnec ted to al ternate pow er sourc es • Voic e g atew ays at m edium and l arg e l oc ations m ay h av e redundant c onnec tions to th e

P ub l ic S w itc h ed Tel eph one N etw ork (P S TN ) on as needed b asis • Rem ote sites m ust util iz e a rem ote surv iv ab il ity f eature in th e ev ent th at c onnec tiv ity

is l ost b etw een th e rem ote site and th e c al l proc essing serv ers • Th e initial P h ase I system sh oul d support up to 30,000 end dev ic es (20,000 h andsets,

10,000 v irtual ) • Atl anta, G A and S ec auc us, N J h eadend l oc ations • 48 U .S . b ased Reg us l oc ations (approxim atel y 10,000 total tel eph one dev ic es)

Sta r Network Th is site c l assif ic ation is b eing c onsidered f or sites th at h av e l im ited b andw idth or c ountry reg ul atory issues prev enting th e transm ission of v oic e of data netw ork s. It h as b een disc ussed th at th is site w il l ac t as a reg ional CN S prov iding sim il ar serv ic es b ut l im ited due to c osts or netw ork serv ic e av ail ab il ity.

U . S Site B rea kdown

100 o r L e s s U s e r s ( S m a l l ) N C O -C M E S m al l Reg us l oc al sites w il l rec eiv e netw ork and appl ic ation serv ic es f rom th e CN S site.

• S m al l 3 up to 51 Work stations • S m al l 2 up to 89 Work stations • S m al l 1 up to 100 Work stations

101 t o 2 2 5 U s e r s ( M e d i u m ) N C O -C M E Larg e Reg us l oc al sites w il l rec eiv e th e appropriate netw ork and appl ic ation serv ic es as desc rib ed in th e appropriate sec tion of th is doc um ent. Th ese sites w il l rec eiv e al l oth er serv ic es f rom CN S sites.

• Medium 4 up to 113 Work stations • Medium 3 up to 134 Work stations • Medium 2 up to 165 Work stations


1 6

• Medium 1 up to 225 Work stations

2 2 6 t o 4 6 0 U s e r s ( L a r g e ) N C O -C M Custom Reg us l oc al sites w il l b e anal yz ed at th e tim e of depl oym ent. As a resul t of th e anal ysis, th is type of site m ay rec eiv e a “c ustom c onf ig uration” of serv ic es l oc al l y or m ay potential l y b ec om e a Tier 2 CN S site depending on c ountry reg ul ations and c arrier serv ic es supported.

• Larg e 4 up to 293 Work stations • Larg e 3 up to 347 Work stations • Larg e 2 up to 393 Work stations • Larg e 1 up to 460 Work stations

E x cep tions Exc eption sites are deem ed nec essary w h en th e c riteria f or im pl em enting a Larg e, Medium , or S m al l site c annot b e used. An exam pl e of th is w oul d b e Airports or Mini-Reg us sites. Th oug h it is dif f ic ul t to f orec ast “al l ” situations th at w oul d require an exc eption site im pl em entation, a f ew situations h av e b een disc ussed th at m ay use existing arc h itec ture to c om pl ete. Th is is not w ith in th e sc ope b ut is w orth m entioning .

G l o b al Sit e So l u t io n St andards It sh oul d b e noted th at th e g l ob al sol ution standards are not th e targ eted standards b ut prov ide l ik e f unc tional ity until suc h tim e w h en CN S is c om pl ete. An exam pl e of th is is th e F ram ew ork sol ution w h ic h w il l b e el im inated entirel y.

F ra m ework U . S Th is sol ution is c onsidered an interim sol ution f or N CO s. It prov ides VoIP v oic e serv ic es using onsite v oic e serv ers, b asic B andw idth -on-Dem and c ontrol , h ow ev er, doesn' t inc l ude f air ac c ess sh ared b andw idth c ontrol and no ac c ess to h eadends. Depending on th e site c l assif ic ations th e sol ution c om ponents c onsist of Cisc o IS R (2851, 3825, 3845) routers and CN S -approv ed Cisc o sw itc h es, al so onsite 7845 Cal l Manag er, 7845 Cisc o U nity, N etw ise, IS I. Th is sol ution does not prov ide Layer-2 f air ac c ess sh ared b andw idth queue c ontrol and Internet onl y data T1s. Reg us does prov ide S MTP Mail Rel ay, S print DN S serv ers, IS DN P ol yc om and v ideo c onf erenc ing . Th is sol ution is suited b est f or sites needing Cisc o VoIP b ut no CN S P h ase A data inc l uding no f air ac c ess sh ared b andw idth c ontrol and no ac c ess to h eadends.

F ra m ework U . K / E M E A Th is sol ution is al so c onsidered an interim sol ution f or N CO s and sh oul d b e c onsidered a c l ose of th e U .S F ram ew ork sites used f or v oic e onl y depl oym ents. Th e sol ution c om ponents are c onsistent w ith th e U .S b il l of m aterial s. Th is sol ution is m ost suited f or


1 7

sites needing VoIP in l ieu of th e h eadends b eing instal l ed w ith th e intention to m ig rate th ese sites to CN S w h en h eadends are c om pl ete.

Step Z ero U . K S ites c onnec t v ia MP LS netw ork to tw o Internet G atew ays w ith B G P as th e routing protoc ol . Th is sol ution w il l prov ide B andw idth on Dem and (B oD) using Cisc o 3825 and 3845 router w ith H WIC-4ES W c ard used during m ig ration. Th ese routers are a c ut dow n v ersion of U .S CN S c onf ig uration inc l uding a 100Mb ps f ib er upl ink prov ided b y B ritish Tel ec om (B T) w ith rate l im iting . Initial U K rol l out to prov ide data. Rol l out c om pl ete - instal l ed in 100 sites. Master S ite List spreadsh eet l ists th e sites. B oM and desig n ag reed b y U S team . Reg us sig nof f of doc s ob tained. U pg rade routers to CN S spec w h en m ig rate to CN S .

Step Z ero E M E A As per S tep 0 in U K , sites c onnec t v ia MP LS netw ork to tw o Internet G atew ays using B G P and B oD). S ites c onnec t at E3 (34Mb ps) upl ink s w ith a Cisc o 3845 router using N M-1T3/ E3 c ard to stay c onsistent w ith U .S S tep 0 desig n. Depending on th e site c l assif ic ation th ere m ay b e a need f or onl y a E1 l ine c ard f or 3825 or 3845 routers.

H y b rid U . S Th is sol ution type is c onsidered th e 2nd interim sol ution f or N CO s. Th is sol ution prov ides VoIP v oic e serv ic es using dedic ated onsite v oic e serv ers w ith f ul l CN S B andw idth -on-Dem and c ontrol , ac c ess to h eadends v ia MP LS c irc uits. S im il ar c om ponents to th e F ram ew ork sol ution inc l uding ; • IS R (2851, 3825, 3845) router. • CN S -approv ed Cisc o sw itc h es. • O nsite serv er c om ponents 7845 Cal l Manag er, 7845 Cisc o U nity, N etw ise, IS I. • Layer 3 LAN w ith f air ac c ess sh ared b andw idth queue c ontrol . • S print MP LS data T1s. • H eadend S MTP Mail Rel ay and DN S serv ers. • IS DN P ol yc om v ideo c onf erenc ing . Th is sol ution is b est suited f or sites needing Cisc o VoIP w ith CN S P h ase A data serv ic es.

Step Z ero U . S P rov ides B andw idth -on-Dem and serv ic es v ia DS 3 or Eth ernet WAN to U S l eg ac y sites. Com ponents used f or th is sol ution type are 3845 router, typic al l y sing l e 3560 sw itc h c onnec ting to Leg ac y LAN , Layer 3 LAN w ith f air ac c ess sh ared b andw idth queue c ontrol , L3 MP LS DS 3 or Eth ernet WAN , H eadend S MTP Mail Rel ay and DN S serv ers, l eg ac y P B X . F or sites needing B oD serv ic es 293 total U S sites none of w h ic h h av e b een depl oyed. Th is sol ution is aw aiting Reg us ARB approv al .

CNS Ph a se 1(A ) P rov ides c om pl ete CN S P h ase 1A serv ic es inc l uding c entral iz ed P B X / v oic e m ail , audio/ w eb c onf erenc ing , v ideo c onf erenc ing , S MTP m ail rel ay, DN S serv ers and


1 8

B andw idth -on-Dem and. IS R (2851, 3825, 3845) router, al l new CN S -approv ed Cisc o sw itc h es, c entral iz ed v oic e using H -U CS w ith N etw ise attendant c onsol e, CN S data desig n using L3 LAN f or B andw idth -on-Dem and, H E S MTP Mail Rel ay & DN S serv ers, H E P ol yc om . Th is sol ution type is f or sites needing f ul l CN S P h ase A serv ic es. Currentl y b eing used f or al l U S N CO s and sites w ith end-of -l if e P B X ’s. S ite c urrentl y depl oyed are LA, F ol som , Ch ic ag o, Atl anta and P etal um a. P h ase 1A v oic e c om pl ete. P h ase 1B data (B roadh op) P CR is b eing g enerated.

CNS Ph a se 1(B ) P rov ides c om pl ete CN S P h ase serv ic es as desc rib ed in th e orig inal S O W inc l uding c entral iz ed P B X / v oic e m ail , audio/ w eb c onf erenc ing , v ideo c onf erenc ing , S MTP m ail rel ay, DN S serv ers, B andw idth -on-Dem and, auth entic ation, data prov isioning autom ation. S ol ution c om ponents are sim il ar to CN S P h ase 1(A) inc l uding ; • Cisc o IS R (2851, 3825, 3845) router, • CN S -approv ed Cisc o sw itc h es, • Central iz ed v oic e using H -U CS w ith N etw ise attendant c onsol e, • CN S data desig n using L2 LAN f or B andw idth -on-Dem and, • H E S MTP Mail Rel ay & DN S serv ers, • H E P ol yc om , • Autom ation of data prov isioning (ATP ) • Rem ote ac c ess VP N and ac c ess auth entic ation F or sites needing f ul l CN S P h ase B serv ic es. Wil l b e used at al l N CO s or sites needing CN S serv ic es. Th e sol ution desig n is c om pl ete. Th e IB M P CR is b eing g enerated f or im pl em entation in U S & EMEA.

NCO -CM Th is sol ution prov ides a l ow c ost IP Tel eph ony serv ic e prov iding l eg ac y P B X repl ac em ent w ith h eadend m ig ration support. Th e idea is th at th is sol ution w il l ev entual l y repl ac e th e H yb rid U .S and U .K / EMEA F ram ew ork sol utions. Th is sol ution m ay b e m ig rated to CN S , S tar, or w ork as S tandal one sol ution. Th is desig n is v oic e onl y and independent of th e f inal data desig n P h ase A/ B or Centrinet. Th is sol ution is b est suited f or site c l assif ic ations g reater th an 240 and l ess th an 900 IP P h ones using 3845-IS R-S RS T Router, 7825-I3 Cal l Manag er 4.2, 7825 U nity 4.2, IS I Cal l Log g er (B il l ing ), EVO Contac t Attendant Consol e. Current site depl oym ents are B risb ane, AU , h ow ev er, th ere are som e m inor serv er dif f erenc es due to th e tig h t tim e f ram es in w h ic h IB M h ad to operate in. IB M P CR 61 h as b een g enerated f or im pl em entation in U S & EMEA and AP . Reg us h as v erb al l y ac c epted th e sol ution and h as b een sub m itted to th e proposal to th e ARB , h ow ev er, no f orm al ac c eptanc e h as b een approv ed.

NCO -L ite Th is sol ution prov ides a l ow c ost IP Tel eph ony serv ic e prov iding l eg ac y P B X repl ac em ent w ith h eadend m ig ration support. Th e idea is th at th is sol ution w il l ev entual l y repl ac e th e H yb rid U .S and U .K / EMEA F ram ew ork sol utions. Th is sol ution m ay b e m ig rated to CN S , S tar, or w ork as S tandal one sol ution.


1 9

� Th e onl y dif f erenc e b etw een th is sol ution and th e N CO -CME is th at th is sol ution does not require additional serv er h ardw are.

Th is desig n is v oic e onl y and independent of th e f inal data desig n P h ase A/ B or Centrinet. Th is sol ution is b est suited f or site c l assif ic ations of g reater th an 240 IP P h ones using 3845-IS R-CME Router, MCS -7825-I3 U nity 4.2, IS I Cal l Log g er (B il l ing ), EVO Contac t Attendant Consol e.

Sta r (Concep t) O nc e th is sol ution type h as b een f ound to b e tec h nic al l y v iab l e m ore inf orm ation w il l b e prov ided to th is sec tion. U ntil th en w e do k now th at it sh oul d prov ide sim il ar f unc tional ity as a CN S supporting N CO l im itations on b andw idth , c irc uit c ost, and possib l e reg ul atory in c ountry c onstraints. F urth er test and dev el opm ent is needed to understand th e Reg ional CN S c onc ept inc l uding v oic e ag g reg ation, data desig n, Q oS , and supportab il ity. Th is researc h sh oul d b e c om pl eted w ith IB M/ Reg us and al l th ird party v endors.


20

Interim D a ta N etw ork A rch itecture

I nt erim D esig n Sco p e Th e Interim Data N etw ork Arc h itec ture and Desig ns c ontained in th is doc um ent disc usses eac h site type and topol og ies b ased on requirem ents H ig h Lev el Desig n (H LD) doc um ent. Th e sec tions th at are addressed in th is doc um ent are:

o N etw ork Topol og y o S ite Router Desig n o S ite S w itc h ing Desig n o Data Center Router Desig n o Data Center/ P O P S w itc h ing Desig n o Data Center F irew al l Desig n o Lev el -3 O w ned Routers

Eac h one of th ese sec tions is disc ussed in m ore detail in th e sub sequent sec tions.

T erm ino l o g y Th roug h out th e c ourse of th is doc um ent, th ere are sev eral term s th at are used. Th ey are l isted h ere f or ref erenc e. D ra i n – Internet peering l oc ation (up to 8 Lev el -3 U S l oc ations c onsisting of Drain CE, P E and IX C Router) P E – P rov ider Edg e Router ow ned b y Lev el -3 C E – Custom er Edg e Router ow ned b y Reg us N o n D ra i n P E – S tandard MP LS P E th at w il l rec eiv e a prim ary and sec ondary def aul t f rom prim ary and sec ondary drains D ra i n P E – peers to Drain CE D ra i n C E – Custom er Edg e Router at Drain Loc ation ow ned b y Reg us – peers to Drain P E D ra i n I X C R o u t e r – peers to Lev el -3 Internet Router AS N 146 7 6 – Reg us B G P Autonom ous S ystem N um b er f rom ARIN


21

D a t a C e n t e r – Lev el -3 Col l oc ation S ite th at h osts b oth Voic e and Data Cinc innati, O H Cal l Manag er Cl uster w ith U nity & Internet Drain

P o i n t o f P re s e n c e ( P OP ) – Lev el -3 Col l oc ation S ite th at h osts Data O nl y S an F ranc isc o, CA Internet Drain O nl y

H u b S w i t c h – Layer-3 sw itc h h andl es inter-VLAN routing and c onnec ts Layer-2 sw itc h es at a rem ote site

N et w o rk T o p o l o g y As depic ted b el ow , th e netw ork topol og y c onsists of Drain IX C Routers, Drain CE Routers, Drain P E Routers, P E Routers, CE Routers and CE S w itc h es. Th e topol og y c onsists of 8 Drain Loc ations, eac h w ith a Drain IX C Router, a Drain CE Router and al so a Cisc o AS A F irew al l th at w il l prov ide N AT serv ic es f or priv ate address spac e th at is destined to th e Internet.


22

P h y sical C o nnect ivit y O verview

PE to CE F a cing I nterf a ces Th e S ite P E to CE c onnec tions w il l util iz e Mul til ink P P P (nxT1), DS 3 or G ig ab it Eth ernet interf ac es. In th e c ase of th e Drain S ites (Cinc innati and S an F ranc isc o) Routers, th ere w il l b e G ig ab it Eth ernet c onnec tiv ity to th e P E Routers. Th e c ontrac ted CIR f or eac h l ink w il l b e used in a Q O S sh aper. Th ere w il l b e m ore detail s on th is in th e Q oS S ec tion. (Lev el -3 h as an of f ering of

Core F a cing I nterf a ces Al l c ore f ac ing interf ac es are m anag ed and m aintained b y Lev el -3. Th ese are part of th e Lev el -3 MP LS Core Transport.


23

N etw ork D esig n C om p onents

Th e N etw ork Desig n c onsists of tw o m aj or protoc ol c om ponents, nam el y B order G atew ay P rotoc ol (B G P ) and Enh anc ed Interior G atew ay Routing P rotoc ol (EIG RP ). B G P w il l b e used f or announc ing routes f rom a Reg us S ite/ P O P / Data Center to th e MP LS Core and al so f or c onnec ting to th e Internet at eac h drain l oc ation. EIG RP w il l b e al so used w ith in a site. Q ual ity of S erv ic e (Q oS ) is anoth er k ey aspec t of th e desig n as it reg ul ates th e b andw idth th at an end user c an use and al so protec ts v oic e and v ideo b y ensuring a l ow l atenc y queuing m ec h anism . A k ey aspec t of th e desig n is to ensure sym m etry of traf f ic f l ow s as th ey enter and exit th e Internet. Th is w il l b e disc ussed in detail in th is sec tion as w el l .

Bo r d e r G a t e w a y P r o t o c o l ( BG P ) B G P is used extensiv el y in th e Reg us N G N . F undam ental l y, th ere are tw o c ateg ories f or w h ic h B G P is used, nam el y: B G P C o n f i g u ra t i o n s f o r L e v e l -3 Ow n e d R o u t e rs

Drain P E (DP E) (Laurel Router) P E (Laurel Router)

B G P C o n f i g u ra t i o n s f o r R e g u s Ow n e d R o u t e rs IX C P eering Router (Cisc o 7206) Reg us Drain CE Router (Cisc o 7201) Reg us CE Router (Cisc o 3845)

Th e B G P Autonom ous S ystem N um b ers (AS N ) used f or peering outl ined in th e tab l e b el ow :

Network A S N Lev el -3 MP LS Core 1 Lev el -3 IX C P eering 3356 Reg us S ite (ARIN Reg istered) 14676


24

Af ter disc ussions w ith Lev el -3, th ey h av e ag reed to th ey w il l prov ide th e f ol l ow ing B G P serv ic e f eatures using th eir Laurel MP LS P l atf orm . Wh il e Lev el -3 does not c urrentl y use Cisc o Routers as th eir P Es, th e sam e f eatures are av ail ab l e on Cisc o, so open standard f eature sets h av e b een used. Th ese f eatures are: AS Ov e rri d e h ttp:/ / w w w .c isc o.c om / univ erc d/ c c / td/ doc / produc t/ sof tw are/ ios120/ 120new f t/ 120t/ 120t7/ v pn_ en.h tm # w p1045899 D e f a u l t R o u t e Ori g i n a t i o n h ttp:/ / w w w .c isc o.c om / en/ U S / doc s/ ios/ 12_ 3/ iproute/ c om m and/ ref erenc e/ ip2_ n1g .h tm l# w p1037042 S e n d i n g a n d R e c e i v i n g S t a n d a rd c o m m u n i t i e s f ro m C E h ttp:/ / w w w .c isc o.c om / en/ U S / doc s/ ios/ 12_ 3/ iproute/ c om m and/ ref erenc e/ ip2_ n1g .h tm l# w p1039539 M D 5 Au t h e n t i c a t i o n h ttp:/ / w w w .c isc o.c om / en/ U S / doc s/ ios/ 12_ 3/ iproute/ c om m and/ ref erenc e/ ip2_ n1g .h tm l# w p1081288

Ot h e r As s u m p t i o n s With in th e Lev el -3 MP LS b ac k b one P Es w il l m atc h ing on Extended c om m unity attrib ute f or sel ec ted routes and setting a B G P l oc al pref erenc e to th ose m atc h ing routes, im port/ export Routes b y setting Route Targ ets. Th e Lev el -3 Routers do not prov ide Route Ref l ec tion. Lev el -3 is c urrentl y testing th e l ab Route Targ et sol ution on b oth th eir Laural and M120 netw ork . Th ey are on trac k to del iv er th e sol ution w ith out af f ec ting th e tim el ine of th e proj ec t.

B G P T op ol ogy L a y ers B G P w il l b e used at v arious l oc ations, as w as stated earl ier. Th e f ol l ow ing diag ram sh ow s th e Reg us B G P Topol og y Layers. Th ere is EB G P used b etw een CE and P E as w el l as f or peering to th e Internet. Th ere w il l b e iB G P used f or P eering b etw een th e Drain Routers.


25

B G P A u tonom ou s Sy stem Nu m b er (A SN) Th e proc ess ID is th e Autonom ous S ystem N um b er of th e B G P proc ess to w h ic h th e router b el ong s. Reg us w il l b e using th e B G P AS N 146 7 6 .

B G P Rou ter I D Cisc o rec om m ends using a stab l e interf ac e IP address as th e Router ID. Loopb ac k interf ac e addresses are g eneral l y th e b est f it f or th is. Reg us w il l use Loopb ac k 0 IP address as th e B G P Router-id. Router IDs are typic al l y tak en out of th e 172.18.x.x rang e and assig ned b y Centri.net.

B GP R ou ter I D router bgp 14676 router-id < l oopbac k _ 0 _ I P _ address>

B G P Send Com m u nity Cisc o rec om m ends th at standard B G P b e sent to and f rom th e B G P neig h b ors, using th e neig h b or send-c om m unity c om m and in router c onf ig uration m ode. O ne k ey adv antag e to doing th is is th at w e c an send site spec if ic c om m unities to m ark th e route sourc es. Th is is desc rib ed in m ore detail in th e S ite Desig n sec tion.


26

B GP Sen d C om m u n ity C on f igu ration router bgp 14676 n eigh bor < L ev el 3 or R egus I X C > sen d-c ommun ity

B G P Redistrib u tion Th e Reg us netw ork w il l not require any redistrib ution statem ents. B G P “netw ork statem ents” are used to speed up c onv erg enc e and yiel d b etter stab il ity. Ev en in th e c ase w h ere EIG RP is used w ith in rem ote site c onnec tiv ity, no redistrib ution w il l b e depl oyed. B el ow is a sam pl e netw ork c onf ig uration using “netw ork ” statem ents.

B GP Netw ork C on f igu ration router bgp 14676 n etw ork < n etw ork to adv ertise> mask < mask v al ue>

B G P A u th entica tion MD5 auth entic ation prov ides a m eans of sec urity suc h th at no passw ord trav el s on th e ph ysic al m edium . Instead, eac h router uses MD5 to produc e a m essag e dig est of th e B G P pac k et pl us th e k ey, w h ic h is sent on th e ph ysic al m edium . U sing MD5 auth entic ation prev ents a router f rom ac c epting unauth oriz ed or del ib eratel y m al ic ious routing updates, w h ic h c oul d c om prom ise netw ork sec urity. Th eref ore, MD5 auth entic ation w il l b e c onf ig ured f or al l B G P peers using th e f ol l ow ing c onf ig uration.

B GP Au th en tic ation C on f igu ration router bgp 14676 n eigh bor < L ev el 3 P E > remote-as 1 n eigh bor < L ev el 3 P E > passw ord 7 10 5C 0 C 1E 10 0 4 n o auto-summary

B G P M a x im u m Pref ix es To c ontrol h ow m any pref ixes c an b e rec eiv ed f rom a neig h b or, use th e neig h b or m axim um -pref ix c om m and in router c onf ig uration m ode. At al l CE sites, sinc e th e onl y route th at w il l b e send/ expec ted f rom a P E is th e def aul t route, w e w il l use th is to l im it th e m axim um num b er of pref ixes to 1. Th is is a g ood saf eg uard ag ainst g etting too m any routes and c ausing issues. A sysl og m essag e w il l al so b e produc ed w h en th e m axim um pref ixes are l earned and if m ore th an th e m axim um are l earned, th en th e peer w il l reset. B GP M ax im u m P ref ix C on f igu ration router bgp 14676 n eigh bor < L ev el 3 P E > maximum-pref ix 1


27

B G P L og Neigh b or Ch a nges Th e b g p l og -neig h b or-c h ang es c om m and enab l es l og g ing of B G P neig h b or status c h ang es (up or dow n) and resets f or troub l esh ooting netw ork c onnec tiv ity prob l em s and m easuring netw ork stab il ity. U nexpec ted neig h b or resets m ig h t indic ate h ig h error rates or h ig h pac k et l oss in th e netw ork and sh oul d b e inv estig ated. B GP L og Neigh bor C h an ges C on f igu ration router bgp 14676 bgp l og-n eigh bor-c h an ges

B G P Neigh b or D escrip tion To assoc iate a desc ription w ith a neig h b or, w e rec om m end using th e neig h b or desc ription c om m and in router c onf ig uration m ode. Th is w il l h el p to easil y identif y w h ere a B G P neig h b or is peering to. B GP Neigh bor Des c rip tion C on f igu ration router bgp 14676 n eigh bor < L ev el 3 P E > desc ription P E E R _ T O _ T H E _ O T H E R _ S I D E

B G P D ef a u l t Rou tes Eac h rem ote site w il l rec eiv e a sing l e def aul t route f rom th e Lev el -3 Core P E f or Inter-S ite ac c ess. Ac c ess-l ist 50 w il l b e c onf ig ured on eac h site router to onl y al l ow f or th e def aul t route. Th is w il l th en b e appl ied to th e neig h b or using a distrib ute-l ist in. B GP Def au lt R ou te an d Dis tribu te L is t C on f igu ration router bgp 14676 n eigh bor < L ev el -3 P E > distribute-l ist 50 in n o auto-summary ! ac c ess-l ist 50 permit 0 . 0 . 0 . 0


28

Su m m a ry of B G P D esign Al l Reg us B G P Routers w il l h av e th e f ol l ow ing rul es: Al l B G P R o u t e rs w i l l h a v e t h e f o l l o w i n g R u l e s Reg us B G P AS N = 14676 S et a Router ID Manual l y to m atc h th e l oopb ac k address U se netw ork statem ents f or Route Adv ertisem ent and m atc h ing route to N ul l 0 w ith adm in c ost of 254 to k eep f l apping to a m inim um Announc e N etw ork s w ith Route Maps to set standard c om m unity v al ues U se MD5 Auth entic ation Log N eig h b or Ch ang es U se N eig h b or Desc riptions S end/ rec eiv e B G P S tandard Com m unities v ia send-c om m unity k eyw ord

Al l R e g u s B G P M P L S C E R o u t e rs w i l l h a v e t h e f o l l o w i n g a d d i t i o n a l ru l e s : P eer to th e AS N f or Lev el 3 MP LS Core (AS N 1) Depl oy Route Maps f or Com m unity setting rul es: If P riv ate Address S pac e, set th e c om m unity to 14676:S iteN um b er O nl y If P ub l ic Address S pac e th at is f rag m ented b etw een Lev el 3 and S print spac e, set c om m unity to 14676:S iteN um b er pl us Drain P ref erenc e S etting . Th is m ust m atc h th e P E S etting s.


29

E nh anced I nt erio r G at ew ay P ro t o co l (E I G R P )

EIG RP w il l b e used b etw een 3845 and 3560 rem ote site sw itc h es f or l oc al site c onnec tiv ity.

E I G RP A u tonom ou s Sy stem Nu m b er Th e EIG RP AS N w il l b e 14676 to m atc h th e B G P reg istered AS N .

E I GR P ASN C on f igu ration router eigrp 14676 passiv e-in terf ac e def aul t n o passiv e-in terf ac e GigabitE th ern et0 / 1 n etw ork < l oc al n etw ork > < in v erse mask > auto-summary

E I G RP Rou ter I D Cisc o rec om m ends using a stab l e interf ac e IP address as th e Router ID. Loopb ac k interf ac e addresses are g eneral l y th e b est f it f or th is. Reg us w il l use Loopb ac k 0 IP address as th e EIG RP router-id.

E I GR P R ou ter I D router eigrp 14676 eigrp router-id < l oopbac k 0 >

E I G RP Pa ssive I nterf a ce D ef a u l t Cisc o rec om m ends using EIG RP P assiv e interf ac e def aul t. Th is m eans th at Enh anc ed IG RP is disab l ed on an interf ac e th at is c onf ig ured as passiv e al th oug h it adv ertises th e route. Th is prev ents il l ic it neig h b ors f rom f orm ing .

E I GR P P as s iv e I n terf ac e Def au lt router eigrp 14676 passiv e-in terf ac e def aul t

E I G RP Rou te A nnou ncem ents EIG RP announc es routes using netw ork statem ents. Th is is standard c onf ig uration as doc um ented in th e Cisc o.c om tec h nic al doc um entation pag es. S ee h ttp:/ / w w w .c isc o.c om / w arp/ pub l ic / 103/ eig rpf aq.sh tm l # th irteen f or detail s.


3 0

E I GR P U s e of Netw ork Statem en ts

router eigrp 14676 n etw ork < l oc al n etw ork > < in v erse mask >

E I G RP Redistrib u tion Th ere w il l not b e any redistrib ution on th e EIG RP Routers. Th e l oc al site routes w il l b e announc ed into B G P v ia N etw ork S tatem ents.

E I G RP D ef a u l t / Su m m a ry Rou te EIG RP w il l b e c onf ig ured to orig inate a def aul t route using th e sum m ary address c om m and on th e dow nstream interf ac e to th e EIG RP P eer. N ote th at th e sum m ary sh oul d b e set up w ith a adm inistrativ e distanc e of 254 so th at th e B G P l earned def aul t is not ov erridden. E I GR P Su m m ary Ad d res s C on f igu ration in terf ac e GigabitE th ern et0 / 1 ip summary-address eigrp 14676 0 . 0 . 0 . 0 0 . 0 . 0 . 0 2 54

Su m m a ry of E I G RP D esign

Al l E I G R P R o u t e rs w i l l h a v e t h e f o l l o w i n g R u l e s Router EIG RP AS N = 14676 S et a Router ID Manual l y to m atc h th e l oopb ac k address O rig inate a Def aul t Route on th e interf ac e f ac ing to th e dow nstream peer(s) U se passiv e interf ac e def aul t f or al l interf ac es exc ept th e interf ac e f ac ing th e dow nstream 3560.


3 1

Q u al it y o f Service (Q o S)

Th e Q oS desig n h as th e f ol l ow ing requirem ents: • Al l ow P rioritiz ation of Del ay S ensitiv e Appl ic ations (Voic e & Video) • B andw idth Control f or Cl ients Ac c essing th e Internet

o S h ared S erv ic e o Dedic ated S erv ic e

• Map Reg us Q oS Cl asses in Lev el 3 MP LS VP N Q oS Q ueues �

Note At th e instruc tion of Reg us, Cisc o w il l b e using th e IB M P h ase A Q oS Conf ig uration to im pl em ent B andw idth O n Dem and. Th ere are al ternate approac h es to Q oS w h ic h inc l udes of f l oading Q oS to th e sw itc h es rath er th an perf orm ing it on th e router, h ow ev er th is is outside of th e sc ope of th is proj ec t. Reg us expec ts Cisc o to c al l out any prob l em s th at w oul d present a risk w ith th e c ontinued use of th e IB M P h ase A c onf ig uration.

Rem ote Site B a ndwidth O n D em a nd � S h a re d S e rv i c e

o Th e sh ared serv ic e of f ering is sh ared b y m ul tipl e c l ients w ith in a sing l e site o A sing l e sh ared serv ic e of f ering is av ail ab l e at eac h rem ote site o F air ac c ess to av ail ab l e b andw idth is prov ided v ia w eig h ted f air queuing

w h ere indiv idual usag e of av ail ab l e resourc es is sc al ed up and dow n b ased on th e nature of c om m unic ation f l ow s and am ount of av ail ab l e b andw idth w ith in th e of f ering

o Th e sh ared serv ic e of f ering is c om prised of a “g uaranteed” and an “up-to” c om ponent

� Th e g uaranteed c om ponent is al w ays av ail ab l e f or outb ound traf f ic reg ardl ess of c onc urrent usag e of oth er serv ic e of f ering s

� Th e “up-to” c om ponent is av ail ab l e b andw idth in exc ess of th e “g uaranteed” c om ponent w h ic h v aries b ased on ov eral l site b andw idth usag e. Th e “up-to” c om ponent is c apped at a def ined l ev el up to w h ic h users m ay “b urst”

� D e d i c a t e d S e rv i c e o Dedic ated serv ic e partition m ust not ov erl ap th e “g uaranteed” portion of

any oth er serv ic e partition o Th e “up-to” portion of anoth er serv ic e partition m ay ov erl ap th e

“g uaranteed” portion of a dedic ated serv ic e partition o Th e “g uaranteed” portion of a dedic ated serv ic e partition h as priority ov er

th e “up-to” portion of th e sh ared serv ic e of f ering


3 2

� Voic e traf f ic ov er th e MP LS c arrier netw ork rec eiv es h ig h est priority

I nitia l Site A ccess B a ndwidth Th e initial b andw idth required f or a new N CO S ite is not b ased on th e siz e of th e l oc ation, b ut th e am ount of c l ients and dedic ated serv ic e initial l y at th e l oc ation. B ased on Reg us’ experienc e eac h new N CO S ite needs a m inim um of 3Mb ps of ac c ess b andw idth to f unc tion. It is Reg us’ intention to sel l dedic ated b andw idth serv ic es. A 2 x T1 c onf ig uration w oul d onl y prov ide th e m inim um b andw idth , w ith out any room f or dedic ated serv ic es. Ev en th oug h th e 4 x T1 c onf ig uration prov ides additional b andw idth , it is dif f ic ul t to inc rem ental l y inc rease th e b andw idth . S ub -rated c onnec tions v ia DS 3 or G ig ab it Eth ernet are strateg ic f or Reg us and al l ow b andw idth to b e added in a tim el y m anner. If dedic ated serv ic es are pre-sol d or sol d in th e f uture, additional b andw idth into Lev el -3’s MP LS S erv ic e m ay b e prov isioned ac c ording l y.

I n itial B an d w id th Gu id elin es f or All Site T yp es

Ac c e s s I n t e rf a c e Ac c e s s B a n d w i d t h 4 x T1s 6.176 Mb ps

DS 3 (sub -rate) 6.176 Mb ps G ig ab it Eth ernet (sub -rate)

6.176 Mb ps

Pol icing Th e ra t e -l i m i t i n p u t c om m and is used to enf orc e b andw idth c ontrol on b oth sh ared and dedic ated serv ic es. Rate l im iters are appl ied inb ound to b oth th e WAN and LAN interf ac es of th e Rem ote S ite CE Router. Eac h c l ient is assoc iated w ith a rate l im iter v ia a Layer 3 ac c ess l ist. Traf f ic exc eeding th e pol ic y is stric tl y dropped. Rate l im iting v al ues appl ied inb ound to b oth router interf ac es def ine th e av erag e rate, th e norm al b urst rate (1/ 8 av g rate) * 1.5, and exc ess b urst rate (2* norm al b urst rate). C E P olic in g C on f igu ration


3 3

in terf ac e S erial 0 / 0 rate-l imit in put ac c ess-group 2 0 0 1 2 0 48 0 0 0 3 8 40 0 0 768 0 0 0 c on f orm-ac tion tran smit exc eed-ac tion drop ! in terf ac e GigabitE th ern et0 / 0 rate-l imit in put ac c ess-group 2 0 0 1 2 0 48 0 0 0 3 8 40 0 0 768 0 0 0 c on f orm-ac tion tran smit exc eed-ac tion drop ! ac c ess-l ist 2 0 0 1 remark V l an 60 1 C l ien t 0 1 R ate L imitin g ac c ess-l ist 2 0 0 1 den y ip 10 . 12 0 . 12 0 . 8 0 . 0 . 0 . 7 10 . 12 0 . 12 0 . 0 0 . 0 . 7. 2 55 ac c ess-l ist 2 0 0 1 den y ip 10 . 12 0 . 12 0 . 0 0 . 0 . 7. 2 55 10 . 12 0 . 12 0 . 8 0 . 0 . 0 . 7 ac c ess-l ist 2 0 0 1 permit ip 10 . 12 0 . 12 0 . 8 0 . 0 . 0 . 7 an y ac c ess-l ist 2 0 0 1 permit ip an y 10 . 12 0 . 12 0 . 8 0 . 0 . 0 . 7

Sh a red Q u eu e B a ndwidth Siz ing Th e tab l e b el ow c ontains th e sh ared queue g uidel ines w h ic h are b ased on Reg us’ past experienc e. Th e def aul t rate l im it v al ue f or al l c l ients inc l uding th e Wirel ess VLAN is 2.048 Mb . Th e ac tual siz e of th e sh ared queue w il l v ary depending on th e c l ient density and ac c eptanc e w ith in a l oc ation.

Sh ared Q u eu e & R ate L im it B an d w id th Gu id elin es

S i t e T y p e

S h a re d Q u e u e R e q u i re d

R a t e L i m i t

W S C o u n t

8 0 % OC C

S m al l 2.048 Mb 2.048 Mb 100 80 Medium 2.048 Mb 2.048 Mb 224 179 Larg e 6.176 Mb 2.048 Mb 460 368

Q oS Cl a sses Th e Q oS Cl asses w il l use th e standard DS CP m ark ing s. In th e c ase of m anag em ent traf f ic , an ac c ess-l ist is used to c l assif y th e traf f ic . C E C las s M ap C on f igu ration c l ass-map matc h -al l V oic eP ayl oad matc h dsc p ef c l ass-map matc h -al l S h ared matc h dsc p def aul t c l ass-map matc h -al l M gmt matc h ac c ess-group n ame M gmt c l ass-map matc h -al l V ideo matc h dsc p af 41 c l ass-map matc h -al l D edic ated matc h dsc p af 2 2 c l ass-map matc h -al l R outin g matc h dsc p c s6 c l ass-map matc h -al l V oic eS ign al matc h dsc p c s3 c l ass-map matc h -an y S h aredI n gress matc h ac c ess-group 12 0


3 4

Service Pol icies Tw o S erv ic e pol ic ies S h apeIng ress and S h apeEg ress are appl ied to th e WAN and LAN interf ac es of th e Rem ote S ite CE Router. Th e S h apeEg ress pol ic y prov ides Voic e prioritiz ation, b andw idth g uarantee b etw een c l asses of serv ic e and traf f ic sh aping into th e Lev el -3 MP LS S erv ic e. Reg us c al c ul ations are b ased on 80% oc c upanc y w ith a site. Th e tab l es b el ow def ine th e b andw idth c al c ul ations or f ixed v al ues used in th e serv ic es pol ic ies. Serv ic e C las s B an d w id th C alc u lation s S e rv i c e C l a s s B a n d w i d t h C a l c u l a t i o n Voic e P ayl oad S ite to S ite Cal l s = (5% of P h ones) * 84 k b ps

IP Com m unic ator = (5% of P h ones) * 84k b ps Voic e Mail = (5% of P h ones) * 84 k b ps Voic e P ayl oad = (S ite to S ite + IP C + VM) G 711 c odec = 84 k b ps

Voic e S ig nal ing (IP P h one + G atew ay) * 263 b ps Dedic ated Total Dedic ated S erv ic e B andw idth S ol d Mg m t 128 k b ps Cl ass-def aul t (S h ared) B ased on S h ared Q ueue B andw idth S iz ing Tab l e Video 8 k b ps (Video is not b eing depl oyed) Routing 32 k b ps V oic e B an d w id th R eq u irem en ts S i t e T y p e P h o n e s 8 0 %

OC C V o i c e S i g n a l i n g B a n d w i d t h

V o i c e P a y l o a d B a n d w i d t h

S m al l 100 80 21 k b ps 1.008 Mb ps Medium 224 179 47 k b ps 2.255 Mb ps Larg e 460 368 97 k b ps 4.637 Mb ps

C E Serv ic e P olic y C on f igu ration pol ic y-map F airQ ueue c l ass c l ass-def aul t f air-queue pol ic y-map S h apeI n gress c l ass S h aredI n gress ban dw idth 153 6 ran dom-detec t sh ape peak 153 60 0 0 serv ic e-pol ic y F airQ ueue


3 5

pol ic y-map S h apeE gress c l ass V oic eP ayl oad priority 8 set dsc p ef c l ass V oic eS ign al ban dw idth 8 set dsc p c s6 c l ass V ideo set dsc p ef priority 8 c l ass D edic ated ban dw idth 179 2 ran dom-detec t c l ass R outin g ban dw idth 3 2 c l ass M gmt ban dw idth 12 8 ran dom-detec t set dsc p af 2 1 c l ass c l ass-def aul t ban dw idth 153 6 ran dom-detec t sh ape peak 153 60 0 0 serv ic e-pol ic y F airQ ueue ! in terf ac e S erial 0 / 0 serv ic e-pol ic y output S h apeE n gress ! in terf ac e GigabitE th ern et0 / 1 serv ic e-pol ic y output S h apeI n gress

D edica ted Q u eu e B a ndwidth Siz ing Th e dedic ated queue siz e m ust not exc eed th e WAN ac c ess b andw idth m inus th e total b andw idth al l oc ated in th e oth er c l asses of serv ic e. Th e tab l e b el ow sh ow s an exam pl e of c al c ul ating th e am ount of dedic ated b andw idth av ail ab l e to sel l . P rov isioning additional dedic ated b andw idth w oul d require upg rading th e ac c ess b andw idth of th e rem ote site. Th e Voic e B andw idth requirem ents h av e a direc t c orrel ation to c ost b ec ause of th e prov isioning of serv ic e w ith in Lev el -3 MP LS c l oud. Initial l y, Lev el -3 priority traf f ic w il l b e usag e b ased b il l ing , b ut th e Q oS serv ic e of f ering s m ay c h ang e w ith th e introduc tion of th e new h ardw are into Lev el -3 netw ork . Reg us w il l m onitor th e usag e w ith in eac h site and m ak e a determ ination w ith b andw idth required.

Ded ic ated B an d w id th C alc u lation M ed iu m Site E x am p le S e rv i c e B a n d w i d t h ( k b p s ) MP LS Ac c ess B andw idth (4 x T1) 6 17 6 Routing 32 Mg m t 128 Voic e P ayl oad 2255 Voic e S ig nal ing 47 Video 8 S h ared S erv ic e 2048


3 6

T o t a l 45 18 D e d i c a t e d B a n d w i d t h Av a i l a b l e t o S e l l 6 17 6 - 45 9 4 = 16 5 8

L evel -3 M PL S Q oS Service Cl a ss M a p p ing Th e s e t d s c p c om m ands in th e S h apeEg ress pol ic y m ap al l ow m apping of th e Reg us Q oS Cl asses to th e Lev el -3 MP LS VP N Q oS Cl asses. Th e ToS to DS CP m apping is 16 * ToS Val ue. (CS 1 = DS CP 16, CS 2 = DS CP 32, CS 3 = DS CP 48, etc )

L ev el 3 Q oS C las s es & R u les

C u rren t R egu s Q oS C las s es to L ev el 3 M ap p in g

Voice (EF)Voice S ig n a l in g (C S 3 )Vid eo (A F4 1 )

D ed ica t ed (A F2 2 )R ou t in g (C S 6 )M g m t (A F2 1 )C l a s s D ef a u l t (0 )

G O L D L EVEL 3

B R O N Z E L EVEL 3

Regus Phase A Class L ev el 3 Class O f f er i n g

Switch Q oS - Rem a rking T ra f f ic Dedic ated S erv ic e traf f ic is rem ark ed to f rom 0 to AF 22 (DS CP 20), b y appl ying th e m l s q o s d s c p -m u t a t i o n D e d i c a t e d c om m and to th e sw itc h port of th e c l ient. Th e rem ark ed traf f ic now m atc h es th e c l ass Dedic ated in th e serv ic e pol ic y S h apeEg ress and th e c l ient h as ac c ess to th e b andw idth of th e dedic ated serv ic e c l ass.


3 7

Sw itc h Q oS C on f ig ml s qos map dsc p-mutation D edic ated 0 to 2 0 ! ! in terf ac e F astE th ern et0 / 11 pow er in l in e c on sumption 770 0 sw itc h port ac c ess v l an 2 sw itc h port mode ac c ess sw itc h port v oic e v l an 2 0 0 n o l oggin g ev en t l in k -status srr-queue ban dw idth sh are 10 10 60 2 0 srr-queue ban dw idth sh ape 10 0 0 0 priority-queue out ml s qos trust dsc p ml s qos dsc p-mutation D edic ated

Switch Q oS – Q u eu e T u ning Th e def aul t sw itc h queue v al ues are rec onf ig ured to ac c om m odate DS CP v al ues f or v oic e, dedic ated and sh ared serv ic e. Sw itc h Q u eu e T u n in g C on f ig ml s qos srr-queue in put ban dw idth 9 0 10 ml s qos srr-queue in put th resh ol d 1 8 16 ml s qos srr-queue in put th resh ol d 2 3 4 66 ml s qos srr-queue in put buf f ers 67 3 3 ml s qos srr-queue in put c os-map queue 1 th resh ol d 2 1 ml s qos srr-queue in put c os-map queue 1 th resh ol d 3 0 ml s qos srr-queue in put c os-map queue 2 th resh ol d 1 2 ml s qos srr-queue in put c os-map queue 2 th resh ol d 2 4 6 7 ml s qos srr-queue in put c os-map queue 2 th resh ol d 3 3 5 ml s qos srr-queue in put dsc p-map queue 1 th resh ol d 2 9 10 11 12 13 14 15 ml s qos srr-queue in put dsc p-map queue 1 th resh ol d 3 0 1 2 3 4 5 6 7 ml s qos srr-queue in put dsc p-map queue 1 th resh ol d 3 3 2 ml s qos srr-queue in put dsc p-map queue 2 th resh ol d 1 16 17 18 19 2 0 2 1 2 2 2 3 ml s qos srr-queue in put dsc p-map queue 2 th resh ol d 2 3 3 3 4 3 5 3 6 3 7 3 8 3 9 48 ml s qos srr-queue in put dsc p-map queue 2 th resh ol d 2 49 50 51 52 53 54 55 56 ml s qos srr-queue in put dsc p-map queue 2 th resh ol d 2 57 58 59 60 61 62 63 ml s qos srr-queue in put dsc p-map queue 2 th resh ol d 3 2 4 2 5 2 6 2 7 2 8 2 9 3 0 3 1 ml s qos srr-queue in put dsc p-map queue 2 th resh ol d 3 40 41 42 43 44 45 46 47 ml s qos srr-queue output c os-map queue 1 th resh ol d 3 5 ml s qos srr-queue output c os-map queue 2 th resh ol d 3 3 6 7 ml s qos srr-queue output c os-map queue 3 th resh ol d 3 2 4 ml s qos srr-queue output c os-map queue 4 th resh ol d 2 1 ml s qos srr-queue output c os-map queue 4 th resh ol d 3 0 ml s qos srr-queue output dsc p-map queue 1 th resh ol d 3 40 41 42 43 44 45 46 47 ml s qos srr-queue output dsc p-map queue 2 th resh ol d 3 2 4 2 5 2 6 2 7 2 8 2 9 3 0 3 1 ml s qos srr-queue output dsc p-map queue 2 th resh ol d 3 48 49 50 51 52 53 54 55 ml s qos srr-queue output dsc p-map queue 2 th resh ol d 3 56 57 58 59 60 61 62 63 ml s qos srr-queue output dsc p-map queue 3 th resh ol d 3 16 17 18 19 2 1 2 2 2 3 3 2 ml s qos srr-queue output dsc p-map queue 3 th resh ol d 3 3 3 3 4 3 5 3 6 3 7 3 8 3 9 ml s qos srr-queue output dsc p-map queue 4 th resh ol d 1 8 ml s qos srr-queue output dsc p-map queue 4 th resh ol d 2 9 10 11 12 13 14 15 ml s qos srr-queue output dsc p-map queue 4 th resh ol d 3 0 1 2 3 4 5 6 2 0


3 8

ml s qos queue-set output 1 th resh ol d 1 13 8 13 8 9 2 13 8 ml s qos queue-set output 1 th resh ol d 2 13 8 13 8 9 2 40 0 ml s qos queue-set output 1 th resh ol d 3 3 6 77 10 0 3 18 ml s qos queue-set output 1 th resh ol d 4 2 0 50 67 40 0 ml s qos queue-set output 2 th resh ol d 1 149 149 10 0 149 ml s qos queue-set output 2 th resh ol d 2 118 118 10 0 2 3 5 ml s qos queue-set output 2 th resh ol d 3 41 68 10 0 2 72 ml s qos queue-set output 2 th resh ol d 4 42 72 10 0 2 42 ml s qos queue-set output 1 buf f ers 10 10 2 6 54 ml s qos queue-set output 2 buf f ers 16 6 17 61 ml s qos trust dsc p

Q u eu ing on th e I P Ph one A Cisc o IP P h one h as an internal 3-port 10/ 100 sw itc h . O ne port, P 0, is an internal port used f or c onnec ting th e ac tual v oic e el ec tronic s in th e ph one. P ort P 1 is used to c onnec t a daisy c h ained P C and P ort P 2 is used to upl ink to th e w iring -c l oset Eth ernet sw itc h . Eac h port h as 4 queues w ith a sing l e th resh ol d (4Q 1T) c onf ig uration. O ne of th ese queues, Q ueue 0, is a h ig h priority queue f or al l B P DU and CoS = 5 traf f ic . Th ese queues are al l serv ic ed in a round-rob in f ash ion w ith a tim er used on th e h ig h priority queue. If th is tim er expires w h il e th e queue sc h edul er is serv ic ing th e oth er queues, th e sc h edul er w il l autom atic al l y m ov e b ac k to th e h ig h priority queue and em pty its b uf f er, ensuring v oic e qual ity.

F igu re 1 I P P h on e Q u eu in g Sc h em e

I nternet E gress Q oS Pol icy Th e IX C Router c onnec ts to Lev el -3 Internet S erv ic e v ia G ig ab it Eth ernet, b ut onl y h as a sub -rate serv ic e. A b asic outb ound sh aping pol ic y w il l f air queuing w il l b e appl ied to m atc h th e sub -rate b andw idth of th e Internet c onnec tion.


3 9

E gres s I n tern et Q oS P olic y C on f igu ration pol ic y-map F airQ ueue c l ass c l ass-def aul t f air-queue ! pol ic y-map S h apeE gress c l ass c l ass-def aul t ban dw idth < L ev el -3 I n tern et Ac c ess B an dw idth > ran dom-detec t sh ape peak < L ev el -3 I n tern et Ac c ess B an dw idth > serv ic e-pol ic y F airQ ueue ! in terf ac e S erial 0 / 0 serv ic e-pol ic y output S h apeE n gress

D a ta Center E gress M PL S Q oS Pol icy Th e Drain CE Router c onnec ts to Lev el -3 MP LS VP N S erv ic e v ia G ig ab it Eth ernet, b ut onl y h as a sub -rate serv ic e. An outb ound Q oS pol ic y m ust b e appl ied to m atc h th e sub -rate b andw idth and enf orc e th e Reg us Q oS P ol ic ies and m ap to th e Lev el -3 queues. Th e tab l e b el ow c al c ul ates th e m axim um v al ues b ased on sites and ph ones. Initial h ead end b andw idth m ay not satisf y th ese m axim um v al ues. Th ey c an b e adj usted ov er tim e until as th e num b er of ph ones and h ead end b andw idth inc reases.

Data C en ter B an d w id th C alc u lation s S e rv i c e C l a s s B a n d w i d t h C a l c u l a t i o n Voic e P ayl oad P h ones = 10,000

S ites = 67 G atew ays = 67 IP Com m unic ator = (5% of P h ones) * 84k b ps I P C = 42 M b p s Voic e Mail = (192 Max U nity P orts) * 84 k b ps V o i c e M a i l = 16 .12 8 M b p s TAP s = 8 * 84 k b ps = 672 k b ps Voic e P ayl oad = TAP s + IP C + VM V o i c e P a y l o a d = 49 M b p s

Voic e S ig nal ing Voic e S ig = (IP P h one + G atew ays) * 263 b ps V o i c e S i g = 2 .6 48 M b p s

Mg m t 128 k b ps Cl ass-def aul t (S h ared) F air Q ueue Routing 32 k b ps


40

E gres s M P L S Q oS P olic y C on f igu ration

pol ic y-map F airQ ueue c l ass c l ass-def aul t f air-queue ! pol ic y-map S h apeE gress c l ass V oic eP ayl oad priority 49 0 0 0 set dsc p ef c l ass V oic eS ign al ban dw idth 2 73 5 set dsc p c s6 c l ass V ideo set dsc p ef priority 8 c l ass R outin g ban dw idth 3 2 c l ass M gmt ban dw idth 12 8 ran dom-detec t set dsc p af 2 1 c l ass c l ass-def aul t ban dw idth < L ev el -3 M P L S Ac c ess B an dw idth > ran dom-detec t sh ape peak < L ev el -3 M P L S Ac c ess B an dw idth > serv ic e-pol ic y F airQ ueue ! in terf ac e S erial 0 / 0 serv ic e-pol ic y output S h apeE n gress

PO P E gress M PL S Q oS Pol icy E gres s M P L S Q oS P olic y C on f igu ration

pol ic y-map F airQ ueue c l ass c l ass-def aul t f air-queue ! pol ic y-map S h apeE gress c l ass V oic eP ayl oad priority set dsc p ef c l ass V oic eS ign al ban dw idth set dsc p c s6 c l ass V ideo set dsc p ef priority 8


41

c l ass R outin g ban dw idth 3 2 c l ass M gmt ban dw idth 12 8 ran dom-detec t set dsc p af 2 1 c l ass c l ass-def aul t ban dw idth < L ev el -3 M P L S Ac c ess B an dw idth > ran dom-detec t sh ape peak < L ev el -3 M P L S Ac c ess B an dw idth > serv ic e-pol ic y F airQ ueue ! in terf ac e S erial 0 / 0 serv ic e-pol ic y output S h apeE n gress

Su m m a ry of Q oS D esign • Q oS m ust b e def ined on al l interf ac es to ensure appl ic ation b andw idth , j itter,

and del ay requirem ents are m et during tim es of c ong estion • Distinc t S h ared and Dedic ated S erv ic e Cl asses • Lev el -3 MP LS Q oS Mapping • S w itc h Q oS Rem ark ing and Q ueue tuning • Internet Eg ress P ol ic y • Data Center Eg ress P ol ic y • P O P Eg ress P ol ic y


42

N am ing C o nvent io ns and Addit io nal Services

Na m ing Convention Reg us netw ork el em ents are nam ed ac c ording to f unc tion w ith in th e inf rastruc ture prov iding c l ear del ineation at a g l anc e of a dev ic e’s rol e. Th is w il l c ontinue to b e used as w e rol l out th e S tar N etw ork S ol ution. � S ite Router

– S ite num b er + – F l oor num b er + – IDF num b er + – “rtr” + – Index – Exam pl e: 7704-7-1-rtr01

� Layer 3 S w itc h – S ite num b er + – F l oor num b er + – IDF num b er + – “psw ” or “nsw ” – Index+ ”r” – Exam pl e: 7704-7-1-psw 01-r

� Layer 2 P ow ered S w itc h – S ite num b er + – F l oor num b er + – IDF num b er + – “psw ” + – Index – Exam pl e: 7704-7-1-psw 01

� Layer 2 N on-P ow ered S w itc h – S ite num b er + – F l oor num b er + – IDF num b er + – “nsw ” + – Index – Exam pl e: 7704-7-1-nsw 01

� Drain CE Router


43

– Co-l oc ation S ite Ab b rev iation + – “dc e” + – Index – Exam pl e: CIN -dc e-01

� Drain IX C Router – Co-l oc ation S ite Ab b rev iation + – “dixc ” + – Index – Exam pl e: CIN -dixc -01

� AS A (F irew al l ) – Co-l oc ation S ite Ab b rev iation + – “asa” + – Index – Exam pl e: CIN -asa-01

Eac h f iel d, exc ept th e index, is separated b y a h yph en. S ite IDs are norm al iz ed to 4 dig its b y added a 7 to th e f ront of 3 dig it site IDs. Exam pl e: S ite 704 = 7704

I P A ddressing (Pu b l ic a nd Priva te) In th e Interim N etw ork desig n, Reg us w il l c ontinue to use address spac e f rom th e b l oc k s of 10.0.0.0/ 8 172.18.0.0/ 16 and th eir pub l ic address spac e f rom 66.202.0.0/ 18.

P u b l i c A d d r e s s S p a c e O ptim al l y, sinc e th ere w il l b e Eig h t Reg ions, th e sim pl est c ase w oul d b e to b reak up th e / 18 into 8 / 21s and adv ertise a sing l e / 21 f or eac h reg ional drain. H ow ev er, th is is not tec h nic al l y f easib l e sinc e som e b l oc k s h av e al ready b een al l oc ated. B ut, it is possib l e to h av e 16 / 22s al l oc ated, ac h iev ing th e sam e net ef f ec t v ia an al l oc ation of a pair of / 22s per drain. We w il l th eref ore depl oy th is m odel . F or exam pl e, f or m edium sites, th ere w il l b e a / 27 al l oc ated f or th e site f or c ustom er pub l ic Address spac e. (Th is / 27 w il l b e tak en f rom one of th e tw o reg ional / 22 b l oc k s f or w h ic h th is site is a m em b er). F rom th is / 27, a / 29 w il l b e al l oc ated f or N AT Transl ation. Th e f irst / 32 f rom th e / 27 w il l b e used f or th e Router f or term inating VP N peering s f rom rem ote VP N users suc h as IN X , Centrinet, N etsurant, etc .


44

�

Note In th e Ac c ess Manag er m odel , a / 29 is l oc ated at th e Rem ote S ite f or “Loc al N AT”. In th e Central iz ed N AT m odel f or th e Interim Desig n th e sam e sc h em e w il l b e used. H ow ev er, th e / 29 f or th e N AT P ool w il l b e l oc ated at th e prim ary drain th at w il l b e perf orm ing N AT/ P AT Transl ation. Th is al l ow s f or c onsistenc y f or N AT pool al l oc ation al l ow ed f or m ix/ m atc h N AT Tec h niques if nec essary ev en w ith in a Reg ion. In essenc e, th e onl y th ing th at c h ang es is th e l oc ation of th e N AT P ool . (Router v s. AS A F irew al l )

P r i v a t e A d d r e s s S p a c e F or a m edium S ite suc h as G l endal e, WI, th ere w il l b e a / 21 al l oc ated f rom th e P riv ate 10.x.x.x address pool . Th is w il l b e assig ned b y Centrinet.

F or th e H ead End Drain sites suc h as CIN or S F O , th ere w il l b e a / 24 al l oc ated out of th e 10.224.0.0/ 13 address spac e th at c urrent h ead ends in S ec auc us and Atl anta h av e som e al l oc ations al ready f rom . In th e CIN site, th is w il l b e used f or Cal l Manag er, U nity inf rastruc ture, serv ers, etc and w il l b e tak en f rom th e 10.224.16.0/ 24 address spac e. Cal l Manag er, U nity and Manag em ent at CIN w il l eac h b e al l oc ated a / 27. Th ere is a spec ial c ase w h ere th e RF C 1918 172.16.0.0 - 172.31.255.255 (172.16/ 12 pref ix) spac e is used f or Manag em ent VLAN s, Reg us S taf f and Router IDs. B ased on c onv ersations w ith Reg us and Centrinet, w e h av e dec ided to use th e f ol l ow ing spac e f or th is f unc tional ity: 172.20.0.0/ 12 th roug h 172.23.0.0/ 12 f or N ew Interim Desig n S ites 172.28.0.0/ 12 th roug h 172.31.0.0/ 12 f or IB M S ites (Al ready al l oc ated) Centrinet is responsib l e f or th e upk eep and prov isioning of address spac e. Th is tab l e w as prov ided to Cisc o f rom Centrinet in J anuary, 2008 and w il l b e used f or th e b asis f or al l IP Addressing . Drain 1 w il l b e al so k now n as th e Cinc innati Center. (CIN ), drain 2 w il l b e al so k now n as th e S an F ranc isc o P O P (S F O ), and so on. Th is is desc rib ed in th e tab l e b el ow .

Drain N am e 1 C i n c i n n a t i 2 Sa n F r a n 3 N Y C 4 D a l l a s 5 At l a n t a 6 D C 7 L A 8 Se a t t l e


45

Eac h drain is al l oc ated a priv ate b l oc k of addresses f or inf rastruc ture, c al l m anag ers, serv ers, etc . Th is m apping is desc rib ed h ere:

Drain N u m b e r Drain N am e Drain s e rv ic e b l o c k s - / 24 p e r d rain

1 C i n c i n n a t i 10 . 224. 16. 0 / 24 2 Sa n F r a n 10 . 224. 17. 0 / 24 3 N Y C 10 . 224. 18. 0 / 24 4 D a l l a s 10 . 224. 19 . 0 / 24 5 At l a n t a 10 . 224. 20 . 0 / 24 6 D C 10 . 224. 21. 0 / 24 7 L A 10 . 224. 22. 0 / 24 8 Se a t t l e 10 . 224. 23. 0 / 24

Eac h drain is al so al l oc ated a pub l ic b l oc k of addresses f or eac h Reg ion.

C l ie nt P u b l ic I P al l o c at io ns

Drains A nc h o r B l o c k s / 29 ' s O t h e r b l o c k s

5 66. 20 2. 160 . 0 / 22 66. 20 2. 128. 0 / 22 3 3 66. 20 2. 164. 0 / 22 66. 20 2. 132. 0 / 22

1 1 1 66. 20 2. 168. 0 / 22 66. 20 2. 136. 0 / 22 6 66. 20 2. 172. 0 / 22 66. 20 2. 140 . 0 / 22 2 66. 20 2. 176. 0 / 22 66. 20 2. 144. 0 / 22

2 2 7 66. 20 2. 180 . 0 / 22 66. 20 2. 148. 0 / 22 4 4 66. 20 2. 184. 0 / 22 66. 20 2. 152. 0 / 22 8 66. 20 2. 188. 0 / 22 66. 20 2. 156. 0 / 22

Th e S ite Cl ient P ub l ic IP addresses are al l oc ated as f ol l ow s:

66. 20 2. 128. 0 / 18 R e g u s P u b l ic A d d re s s S p ac e

An c h o r b l o c k s ( N AT ) / 29

SM AL L / 28 M E D I U M / 27 L AR G E / 26


46

Th e S ite Cl ient P riv ate IP addresses are sh ow n b el ow .

C l ie nt P riv at e I P al l o c at io ns Drains M ain b l o c k s O t h e r b l o c k s 5 10 . 112. 0 . 0 / 14 3 3 10 . 116. 0 . 0 / 14 10 . 225. 0 . 0 / 16

1 1 1 10 . 120 . 0 . 0 / 14 10 . 226. 0 . 0 / 15 6 10 . 124. 0 . 0 / 14 2 10 . 128. 0 . 0 / 14

2 2 7 10 . 132. 0 . 0 / 14 10 . 228. 0 . 0 / 15 4 4 10 . 136. 0 . 0 / 14 10 . 230 . 0 . 0 / 16 8 10 . 140 . 0 . 0 / 14

Th e S taf f IP addresses are sh ow n b el ow . U pdate pending Centrinet.

S t af f I P al l o c at io ns Drains M ain b l o c k s 5 172 3 3 172

1 1 1 172 6 172 2 172

2 2 7 172 4 4 172 8 172 T h i s o n e n e e d s t o b e u p d a t e d b y C e n t r i n e t

Th e f ol l ow ing Desig n Rul es are used f or IP Addressing and w il l c ontinue to b e used g oing f orw ard.

P E a n d C E R o u t e r W AN I n t e rf a c e s - – Assig ned b y Centri.N et – Wil l b e tak en f rom th e 10/ 8 address spac e – Wil l b e / 30s

C E R o u t e r L AN I n t e rf a c e – Assig ned and doc um ented b y Im pl em entation Team – Th ird usab l e address f rom th e 10 rang e assig ned to th e site (ie. typic al l y

x.x.x.5 / 30 ) – Mem b er of a / 30 sub net w ith th e Layer 3 sw itc h LAN interf ac e

L 3 S w i t c h L AN R o u t e d I n t e rf a c e


47

– F ourth usab l e address f rom th e 10 rang e assig ned to th e site (ie. typic al l y x.x.x.6/ 30)

– Mem b er of a / 30 sub net w ith CE LAN Interf ac e R o u t e r L o o p b a c k

– Last usab l e address - 5 f rom th e 172 rang e assig ned to th e site – / 32 Mask

D om a in Na m e Service (D NS) Th e dom ain nam e f or Reg us netw ork ing equipm ent is ac c essreg us.c om . It is m anag ed and m aintained b y Lev el -3. Th e DN S N am e w il l b e c onf ig ured on al l routers as th e f ol l ow ing . Lev el -3 DN S serv ers

• < IP Address O ne> • < IP Address Tw o>

DNS C on f igu ration ip domain -n ame ac c essregus. c om

Sim p l e Network M a na gem ent Protocol (SNM P) S N MP c onf ig uration is required in order to enab l e f aul t m anag em ent system s to m onitor th e g eneral status of netw ork el em ents. S N MP w il l b e c onf ig ured w h en Day 2 support starts m anag ing th e netw ork .

Sy sl og Servers Log g ing of S Y S LO G m essag es is a rec om m ended prac tic e and is essential f rom a m anag em ent perspec tiv e. S ysl og Messag es w il l b e b uf f ered on al l routers initial l y. Log g ing serv er IP addresses w il l b e added w h en Day 2 starts m anag ing th e netw ork .

Network T im e Protocol (NT P) N TP sync h roniz es tim e-stam ping am ong f rom a serv er to a num b er of routers c onf ig ured f or N TP . Th e N TP desig n f or th e netw ork w il l f ol l ow at tiered approac h .

• Rem ote S ite Dev ic es sync of f CE Router Loopb ac k 0 interf ac e • CE Routers sync of f prim ary and sec ondary Drain P E Loopb ac k 0 Interf ac es • Drain P Es sync of f N TP sourc es on th e Internet

o tic k .usnog ps.nav y.m il o tim e-a.nist.g ov


48

NT P C on f igu ration

n tp update-c al en dar n tp serv er 10 . 2 2 4. 0 . 1

I n B a nd M a na gem ent (SSH ) S ec ure S h el l (S S H ) is a protoc ol th at prov ides a sec ure, rem ote c onnec tion to a router. Th ere are c urrentl y tw o v ersions of S S H av ail ab l e, S S H Version 1 and S S H Version 2. S S H Version 2 is rec om m ended. Th e S S H serv er f eature enab l es a S S H c l ient to m ak e a sec ure, enc rypted c onnec tion to a Cisc o router. Th is c onnec tion prov ides f unc tional ity th at is sim il ar to an inb ound Tel net c onnec tion. Th e S S H serv er in Cisc o IO S sof tw are w il l w ork w ith pub l ic l y and c om m erc ial l y av ail ab l e S S H c l ients. Reg us w il l util iz e S S H as th e rem ote ac c ess protoc ol . SSH requires an IPsec image

SSH C on f ig !--- Gen erate an R S A k ey pair f or your router, w h ic h automatic al l y en abl es S S H c rypto k ey gen erate rsa !--- C on f igure S S H ! ip ssh time-out 60 ip ssh auth en tic ation -retries 3 !--- P r e v e n t n o n -S S H T e l n e t s . l in e v ty 0 4 tran sport in put ssh

O u t of B a nd M a na gem ent Th e standard depl oym ents w il l h av es m odem s attac h ed to eac h O O B router in th e Data Center and P O P and th e CE Router at rem ote sites.

A A A Services Loc al Auth entic ation w il l b e c onf ig ured onl y on al l routers and sw itc h es. AAA serv er w il l b e c onf ig ured at a l ater date. Th e f ol l ow ing usernam e and priv il eg e l ev el s w ere extrac ted f rom an IB M P h ase A c onf ig uration. A new l ist needs to b e def ined or updated as Day 2 support starts m anag ing th e netw ork . In al l c ases th e usernam e c om m and sh oul d im pl em ent at sec ret passw ord w h ic h c annot b e dec rypted as passw ord 7.


49

U s ern am e C on f ig

usern ame bv sm priv il ege 15 sec ret 5 usern ame n etsuran t priv il ege 15 sec ret 5 usern ame an il . v ettl e priv il ege 15 sec ret 5 usern ame mik e. tow er priv il ege 15 sec ret 5 usern ame bryan . darn el l priv il ege 15 sec ret 5 usern ame w il f red. dsouz a priv il ege 15 sec ret 5 usern ame saurabh . k h are priv il ege 15 sec ret 5 usern ame amit. sh arma priv il ege 15 sec ret 5 usern ame en gin eer priv il ege 15 sec ret 5 usern ame in x priv il ege 1 sec ret 5

CD P Services Cisc o Disc ov ery P rotoc ol (CDP ) is used f or som e netw ork m anag em ent f unc tions, b ut is dang erous in th at it al l ow s any system on a direc tl y c onnec ted seg m ent to l earn th at th e router is a Cisc o dev ic e, and to determ ine th e m odel num b er and th e Cisc o IO S sof tw are v ersion b eing run. Th is inf orm ation m ay in turn b e used to desig n attac k s ag ainst th e router. CDP inf orm ation is ac c essib l e onl y to direc tl y c onnec ted system s. Th e CDP protoc ol m ay b e disab l ed g l ob al l y or on a partic ul ar interf ac e.

�

Note It is Cisc o’s rec om m endation to disab l e CDP on al l external f ac ing interf ac es.


50

Site D esig n s

Sit e R o u t er D esig n Eac h S ite Router w il l h av e a 3845 Router th at attac h es to th e Lev el 3 MP LS Core b y eith er: � M u l til ink P P P (Nx T 1) � DS3 Connectivity � G iga b it Eth ernet � Nx T 1 & DS3 m a y b e p rovided b y Level -3 via G iga b it Eth ernet


51

W A N Connectivity Th is sec tion disc usses th e WAN c onnec tiv ity to th e Core f or b oth N xT1 and DS 3 and h ig h l ig h ts th e c onf ig uration sam pl es f or c onnec tiv ity. It al so sh ow s th e Mul til ink P P P c onf ig uration th at w il l b e depl oyed f or N xT1 sites. Lev el -3 h as an additional P E h andof f th at m ay b e depl oyed w h ere nxT1 and DS 3 sites c onnec t v ia Eth ernet.

T 1 C on troller C on f igu ration c on trol l er T 1 0 / 2 / 0 f ramin g esf l in ec ode b8 z s c h an n el -group 0 timesl ots 1-2 4 ! c on trol l er T 1 0 / 2 / 1 f ramin g esf l in ec ode b8 z s c h an n el -group 0 timesl ots 1-2 4 ! c on trol l er T 1 0 / 3 / 0 f ramin g esf l in ec ode b8 z s c h an n el -group 0 timesl ots 1-2 4 ! c on trol l er T 1 0 / 3 / 1 f ramin g esf l in ec ode b8 z s c h an n el -group 0 timesl ots 1-2 4

M u ltilin k C on f igu ration in terf ac e M ul til in k 1 ip address 10 . 2 3 1. 3 2 . 2 0 6 2 55. 2 55. 2 55. 2 52 ppp mul til in k ppp mul til in k group 1 !

Serial I n terf ac e C on f igu ration

in terf ac e S erial 0 / 2 / 0 :0 n o ip address en c apsul ation ppp ppp mul til in k ppp mul til in k group 1 ! in terf ac e S erial 0 / 2 / 1:0 n o ip address en c apsul ation ppp ppp mul til in k ppp mul til in k group 1


52

in terf ac e S erial 0 / 3 / 0 :0 n o ip address en c apsul ation ppp ppp mul til in k ppp mul til in k group 1 ! in terf ac e S erial 0 / 3 / 1:0 n o ip address en c apsul ation ppp ppp mul til in k ppp mul til in k group 1

E I G RP Process E I GR P C on f igu ration

R outer eigrp 14676 passiv e-in terf ac e def aul t n o passiv e-in terf ac e GigabitE th ern et0 / 1 n etw ork 10 . 2 . 1. 1 0 . 0 . 0 . 0 n etw ork 10 . 12 2 . 2 0 8 . 0 0 . 0 . 0 . 2 55 auto-summary eigrp router-id 10 . 2 3 1. 3 2 . 2 0 6 !

E I G RP I nterf a ce Connectivity E I GR P I n terf ac e C on f igu ration

! in terf ac e GigabitE th ern et0 / 1 ip address 10 . 12 2 . 2 0 8 . 5 2 55. 2 55. 2 55. 2 52 ip summary-address eigrp 14676 0 . 0 . 0 . 0 0 . 0 . 0 . 0 2 54 dupl ex auto speed auto media-type rj 45 !

B G P Conf igu ra tion B GP C on f igu ration

router bgp 14676 n o syn c h ron iz ation bgp router-id 10 . 2 3 1. 3 2 . 2 0 6 bgp l og-n eigh bor-c h an ges n etw ork 10 . 12 2 . 2 0 8 . 0 mask 2 55. 2 55. 2 48 . 0 route-map set_ regus_ c ommun ity n etw ork 66. 2 0 2 . 12 8 . 0 mask 2 55. 2 55. 2 48 . 0 n etw ork 66. 2 0 2 . 13 5. 0 mask 2 55. 2 55. 2 55. 0 route-map set_ publ ic _ c ommun ity n eigh bor 10 . 2 3 1. 3 2 . 2 0 5 remote-as 650 0 0


53

n eigh bor 10 . 2 3 1. 3 2 . 2 0 5 passw ord 7 10 5C 0 C 1E 10 0 4 n eigh bor 10 . 2 3 1. 3 2 . 2 0 5 sen d-c ommun ity n eigh bor 10 . 2 3 1. 3 2 . 2 0 5 distribute-l ist 50 in n eigh bor 10 . 2 3 1. 3 2 . 2 0 5 maximum-pref ix 1 n o auto-summary ip route 10 . 12 2 . 2 0 8 . 0 2 55. 2 55. 2 48 . 0 N ul l 0 2 54 ! ip bgp-c ommun ity n ew -f ormat ! ! ac c ess-l ist 10 permit 10 . 0 . 0 . 0 0 . 2 55. 2 55. 2 55 l og ac c ess-l ist 50 remark D istribute l ist f or E I GR P an d B GP D F AU L T -O N L Y map ac c ess-l ist 50 permit 0 . 0 . 0 . 0 ac c ess-l ist 66 permit 66. 2 0 2 . 0 . 0 0 . 0 . 2 55. 2 55 ! ! route-map set_ publ ic _ c ommun ity permit 10 matc h ip address 66 set c ommun ity 66:1 67:3 14676:9 77 ! route-map set_ regus_ c ommun ity permit 10 matc h ip address 10 set c ommun ity 14676:9 77 !

I O S F W IO S F W w il l b e depl oyed on th e CE router at eac h rem ote site. S tandard inspec tion rul es w il l b e initial l y appl ied. Day 2 support w il l h andl e c ustom c h ang es f or spec if ic c l ients. Th e inspec tion rul es are appl ied inb ound on th e F ast Eth ernet c onnec tion to th e H ub Layer-3 S w itc h .

I nsp ection Ru l es I n s p ec tion R u les C on f ig

ip in spec t n ame R egusI n spec t c useeme ip in spec t n ame R egusI n spec t dn s ip in spec t n ame R egusI n spec t f tp ip in spec t n ame R egusI n spec t h 3 2 3 ip in spec t n ame R egusI n spec t ic mp ip in spec t n ame R egusI n spec t imap ip in spec t n ame R egusI n spec t pop3 ip in spec t n ame R egusI n spec t n etsh ow ip in spec t n ame R egusI n spec t rc md ip in spec t n ame R egusI n spec t real audio ip in spec t n ame R egusI n spec t rtsp ip in spec t n ame R egusI n spec t esmtp ip in spec t n ame R egusI n spec t sql n et ip in spec t n ame R egusI n spec t streamw ork s ip in spec t n ame R egusI n spec t tf tp ip in spec t n ame R egusI n spec t tc p ip in spec t n ame R egusI n spec t udp ip in spec t n ame R egusI n spec t v dol iv e ip in spec t n ame R egusI n spec t sip


54

ip in spec t n ame R egusI n spec t c itrix ip in spec t n ame R egusI n spec t c itriximac l ien t ip in spec t n ame R egusI n spec t ddn s-v 3 ip in spec t n ame R egusI n spec t ec h o ip in spec t n ame R egusI n spec t f ragmen t maximum 2 56 timeout 1 ip in spec t n ame R egusI n spec t f tps ip in spec t n ame R egusI n spec t h 3 2 3 c al l sigal t ip in spec t n ame R egusI n spec t h 3 2 3 gatestat ip in spec t n ame R egusI n spec t h srp ip in spec t n ame R egusI n spec t ic a ip in spec t n ame R egusI n spec t ic abrow ser ip in spec t n ame R egusI n spec t iden t ip in spec t n ame R egusI n spec t imap3 ip in spec t n ame R egusI n spec t imaps ip in spec t n ame R egusI n spec t ipsec -msf t ip in spec t n ame R egusI n spec t isak mp ip in spec t n ame R egusI n spec t k erberos ip in spec t n ame R egusI n spec t l 2 tp ip in spec t n ame R egusI n spec t l dap ip in spec t n ame R egusI n spec t l dap-admin ip in spec t n ame R egusI n spec t l daps ip in spec t n ame R egusI n spec t l ogin ip in spec t n ame R egusI n spec t mic rosof t-ds ip in spec t n ame R egusI n spec t ms-c l uster-n et ip in spec t n ame R egusI n spec t ms-dotn etster ip in spec t n ame R egusI n spec t ms-sn a ip in spec t n ame R egusI n spec t ms-sql ip in spec t n ame R egusI n spec t msexc h -routin g ip in spec t n ame R egusI n spec t mysql ip in spec t n ame R egusI n spec t n 2 h 2 serv er ip in spec t n ame R egusI n spec t n etbios-dgm ip in spec t n ame R egusI n spec t n etbios-n s ip in spec t n ame R egusI n spec t n etbios-ssn ip in spec t n ame R egusI n spec t n etstat ip in spec t n ame R egusI n spec t n f s ip in spec t n ame R egusI n spec t n tp ip in spec t n ame R egusI n spec t pc an yw h eredata ip in spec t n ame R egusI n spec t pc an yw h erestat ip in spec t n ame R egusI n spec t pop3 s ip in spec t n ame R egusI n spec t qmtp ip in spec t n ame R egusI n spec t r-w in soc k ip in spec t n ame R egusI n spec t radius ip in spec t n ame R egusI n spec t sen d ip in spec t n ame R egusI n spec t sip-tl s ip in spec t n ame R egusI n spec t sn mp ip in spec t n ame R egusI n spec t ssh ip in spec t n ame R egusI n spec t sn mptrap ip in spec t n ame R egusI n spec t soc k s ip in spec t n ame R egusI n spec t sql serv ip in spec t n ame R egusI n spec t sql srv ip in spec t n ame R egusI n spec t ssh el l ip in spec t n ame R egusI n spec t stun ip in spec t n ame R egusI n spec t sysl og ip in spec t n ame R egusI n spec t sysl og-c on n ip in spec t n ame R egusI n spec t tac ac s ip in spec t n ame R egusI n spec t tac ac s-ds ip in spec t n ame R egusI n spec t tel n et ip in spec t n ame R egusI n spec t tel n ets ip in spec t n ame R egusI n spec t time ip in spec t n ame R egusI n spec t timed ip in spec t n ame R egusI n spec t w h o ip in spec t n ame R egusI n spec t w in s ip in spec t n ame R egusI n spec t h ttp ip in spec t n ame R egusI n spec t h ttps ip in spec t n ame R egusI n spec t sk in n y al ert of f audit-trail of f timeout 40 0 0 ! in terf ac e F astE th ern et 0 / 48 ip in spec t R egusI n spec t in


55

I nb ou nd A CL Th e inb ound ACLs h eav il y rel y on th e standard addressing sc h em e depl oyed in th e netw ork . If IP Address spac e is not al l oc ated f rom th e standard b l oc k s suc h as th e S taf f VLAN (172.x.x.x.) th en th is ACL w il l h av e to b e m odif ied.

I n bou n d AC L C on f ig in terf ac e S erial 0 / 0 ip ac c ess-group 13 0 in ! ac c ess-l ist 13 0 remark I n boun d AC L on T 3 S erial I n terf ac e ac c ess-l ist 13 0 permit ip 10 . 2 54. 0 . 0 0 . 0 . 3 1. 2 55 an y ac c ess-l ist 13 0 permit ip 10 . 2 54. 118 . 0 0 . 0 . 0 . 2 55 an y ac c ess-l ist 13 0 permit ip 2 16. 73 . 12 8 . 12 8 0 . 0 . 0 . 12 7 an y ac c ess-l ist 13 0 permit ip 66. 2 0 2 . 12 8 . 0 0 . 0 . 63 . 2 55 an y ac c ess-l ist 13 0 remark S ite P ubl ic Address R an ge ac c ess-l ist 13 0 permit ip an y 66. 2 0 2 . 161. 3 2 0 . 0 . 0 . 3 1 ac c ess-l ist 13 0 permit ip an y 66. 2 0 2 . 163 . 3 2 0 . 0 . 0 . 3 1 ac c ess-l ist 13 0 remark E xtern al P riv ate to I n tern al 10 D ot addresses ac c ess-l ist 13 0 permit ip 10 . 0 . 0 . 0 0 . 2 55. 2 55. 2 55 10 . 118 . 160 . 0 0 . 0 . 7. 2 55 ac c ess-l ist 13 0 permit ip 172 . 16. 0 . 0 0 . 15. 2 55. 2 55 10 . 118 . 160 . 0 0 . 0 . 7. 2 55 ac c ess-l ist 13 0 permit ip 19 2 . 168 . 0 . 0 0 . 0 . 2 55. 2 55 10 . 118 . 160 . 0 0 . 0 . 7. 2 55 ac c ess-l ist 13 0 remark E xtern al P riv ate to I n tern al 172 D ot addresses ac c ess-l ist 13 0 permit ip 10 . 0 . 0 . 0 0 . 2 55. 2 55. 2 55 172 . 2 8 . 168 . 0 0 . 0 . 1. 2 55 ac c ess-l ist 13 0 permit ip 172 . 16. 0 . 0 0 . 15. 2 55. 2 55 172 . 2 8 . 168 . 0 0 . 0 . 1. 2 55 ac c ess-l ist 13 0 remark E xtern al R outer W an I n terf ac e S ubn et ac c ess-l ist 13 0 permit bgp 172 . 2 8 . 169 . 2 52 0 . 0 . 0 . 3 an y

Q u a l ity of Service S ee th e m ain Q oS sec tion in th is doc um ent.

M u l tica st Mul tic ast Routing is required to support Music O n H ol d stream ing f or IP Com m unic ator and IP P h ones at eac h Rem ote S ite. Eac h CE Router w il l sourc e th e Music O n H ol d stream l oc al l y f rom a f il e in f l ash , so Mul tic ast ac ross th e Lev el -3 MP LS WAN is not required.

M u ltic as t C on f ig ip mul tic ast routin g

PI M P rotoc ol Im pendent Mul tic ast (P IM) is enab l ed on an interf ac e b asis b y c onf ig uring ip pim sparse-dense-m ode. It is required on th e Loopb ac k 0 interf ac e of th e CE Router. Additional l y, P IM m ust b e c onf ig ured on th e l ink b etw een th e 3845 CE Router and H ub Layer 3 S w itc h (3560).


56

P I M C on f ig

in terf ac e L oopbac k 0 ip address 172 . 2 8 . 2 51. 2 51 2 55. 2 55. 2 55. 2 55 ip pim sparse-den se-mode ! in terf ac e GigabitE th ern et0 / 0 desc ription L in k to 3 560 H ub S w itc h F astE th ern et 0 / 48 ip address 10 . 119 . 2 40 . 5 2 55. 2 55. 2 55. 2 52 ip pim sparse-den se-mode

M u sic O n H ol d Th e m usic f il e (m usic -on-h ol d.au) is stored on th e CE Router (3845) f l ash and stream to th e VLAN topol og y w ith in th e site. Th e exac t c onf ig uration is spec if ied w ith in th e IP T LLD Doc um ent.

D H CP Services DH CP S erv ic es w il l b e h andl ed b y th e Rem ote S ite CE Router. A DH CP P ool w il l b e c reated f or eac h VLAN requiring serv ic es. S tatic IP Addresses (routers, Reg us Cl ients, etc ) w il l b e exc l uded f rom th e VLAN ’s pool . Th e IP P h one TF TP serv ers are spec if ied w ith th e O ption 150 c om m and. In addition to th e Voic e VLAN (200), O ption 150 m ust b e av ail ab l e to oth er VLAN s w h ere IP Com m unic ator w oul d b e depl oyed. Additional l y, th e dh c p b inding s’ datab ase w il l b e stored on th e CE Router’s f l ash .

• Lev el -3 DN S serv ers w il l b e prov ided on Data VLAN s • Internal DN S serv ers w il l b e prov ided on th e Voic e VLAN

DH C P C on f ig ip dh c p database f l ash :dh c p_ bin din gs ip dh c p exc l uded-address 10 . 119 . 2 40 . 9 ip dh c p pool V L AN 649 n etw ork 10 . 118 . 161. 176 2 55. 2 55. 2 55. 2 40 n etbios-n ode-type h -n ode def aul t-router 10 . 118 . 161. 177 option 150 ip 10 . 2 2 4. 0 . 8 10 . 2 2 4. 8 . 9 domain -n ame ac c essregus. c om dn s-serv er < L ev el -3 D N S 1> < L ev el -3 D N S 2 > l ease 0 12


57

Su m m a ry of Site Rou ter D esign • DS 3, nxT1 or G ig ab it Eth ernet c onnec tiv ity to Lev el 3 • G ig E Connec tiv ity direc tl y into 3560 S w itc h • B G P P eering to Lev el -3 • EIG RP Def aul t Route P rov ided to 3560 S w itc h (no EIG RP on P E to CE l ink ) • Q O S O n 3845 Link to P E and Link to H ub Layer-3 S w itc h • IO S F W f or S tatef ul Inspec tion • Mul tic ast Music O n H ol d (onl y f or LAN , no Mul tic ast on P E to CE l ink ) • DH CP S erv ic es f or al l VLAN s


58

Sit e Sw it ch ing D esig n

Switch T op ol ogy Th e LAN S w itc h ing desig n f or a Rem ote S ite util iz es non-stac k ab l e 3560 P oE sw itc h es (3560-48P S + 4 S F P ). Th e sw itc h attac h ing to th e CE Router w il l f unc tion as th e H ub Layer-3 S w itc h h andl ing al l inter-VLAN routing and m ul tic ast routing f or th e site. Inc reased port c apac ity is added to th e topol og y b y trunk ing additional Layer-2 sw itc h es to one of th e 3560 H ub S w itc h ’s f our G ig ab it Eth ernet S F P interf ac es. It’s rec om m ended th at al l inter-sw itc h l ink s b e G ig ab it Eth ernet. A m axim um num b er of 240 10/ 100 Eth ernet ports are supported in th is topol og y w h ic h c an serv ic e b oth S m al l and Medium S ite types. A Larg e S ite topol og y c oul d b e ac c om pl ish ed in a sim il ar m anner, b ut w oul d require th e H ub S w itc h to h av e additional G ig ab it Eth ernet interf ac es (3560G ). O th er sol utions suc h as stac k ab l e or m odul ar c h assis sol utions are al so possib l e. Th e ph ysic al l ayout (num b er of f l oors, w iring c l oset l oc ation, etc ) of a Larg e S ite type w oul d al so inf l uenc e th e topol og y and sw itc h h ardw are sel ec tion. Th e N CO sites pl anned f or th is depl oym ent f al l into th e Medium S ite c ateg ory.

CE Rou ter L ink Th e l ast port (F astEth ernet0/ 48) of th e H ub S w itc h w il l b e used to c onnec t to th e G ig ab itEth ernet 0/ 0 of th e CE Router. Th e speed and dupl ex of th e interf ac e w il l set to 100/ F ul l .

C E R ou ter L in k C on f ig in terf ac e F astE th ern et0 / 48 desc ription U pl in k to C E R outer GigabitE th ern et0 / 0 n o sw itc h port ip address 10 . 118 . 160 . 6 2 55. 2 55. 2 55. 2 52 speed 10 0 dupl ex f ul l srr-queue ban dw idth sh are 10 10 60 2 0 srr-queue ban dw idth sh ape 10 0 0 0 priority-queue out ml s qos trust dsc p

I nter-Switch T ru nks Inter-S w itc h Trunk s w il l util iz e th e f our G ig ab it Eth ernet S F P s ports on th e H ub S w itc h . Th e enc apsul ation of th e trunk s is set to dot1q.


59

I n ter-Sw itc h T ru n k C on f ig

in terf ac e GigabitE th ern et0 / 1 desc ription U pl in k to L ayer 2 S w itc h 1 sw itc h port trun k en c apsul ation dot1q sw itc h port mode trun k srr-queue ban dw idth sh are 10 10 60 2 0 srr-queue ban dw idth sh ape 10 0 0 0 priority-queue out ml s qos trust dsc p ! in terf ac e GigabitE th ern et0 / 2 desc ription U pl in k to L ayer 2 S w itc h 2 sw itc h port trun k en c apsul ation dot1q sw itc h port mode trun k srr-queue ban dw idth sh are 10 10 60 2 0 srr-queue ban dw idth sh ape 10 0 0 0 priority-queue out ml s qos trust dsc p

E I G RP Process E I GR P C on f igu ration

R outer eigrp 14676 passiv e-in terf ac e def aul t n o passiv e-in terf ac e F astE th ern et0 / 48 n etw ork 10 . 2 . 1. 1 0 . 0 . 0 . 0 n etw ork 10 . 12 2 . 2 0 8 . 0 0 . 0 . 0 . 2 55 auto-summary eigrp router-id 10 . 2 3 1. 3 2 . 2 0 6 !

V L A N D ef initions Th e VLAN topol og y and num b ering is b ased th e f unc tion of a g iv en S ub net. Eac h Rem ote S ite w il l h av e th e f ol l ow ing VLAN def initions. Th e IP Address spac e al l oc ated b y Centrinet w il l b e sub div ided at eac h rem ote site. Th e f inal sub -div ision is h andl ed b y IN X w ith th e standard Reg us depl oym ent m odul e. S u b n e t F u n c t i o n V L AN N u m b e r

S taf f VLAN • IP Address 172.x.x.x / 26 B l oc k

VLAN 2

S h ared S erv ic es (P riv ate) • IP Address f rom 10.0.0.0 / 27

VLAN 100


60

S h ared S erv ic es (P ub l ic ) • IP Address f rom 66.202.x.x B l oc k / 29

VLAN 101

Voic e • IP Address f or 10.x.x.x B l oc k / 23

VLAN 200

G uest Wirel ess • IP Address f rom 10.x.x.x / 26 B l oc k • N o t e: W irel ess N o t p art o f t h is St ar SO W , b ut V L A N is

d ef ined f o r f ut ure d ep l o y ment

VLAN 300

P ub l ic • Eac h Cl ient w ith P ub l ic Address S pac e assig ned a

separate VLAN starting w ith VLAN 400 • IP Address f rom 66.202.x.x B l oc k

VLAN 400+

Touc h dow n U ser • Def aul t VLAN f or un-assig ned ports • IP Address f rom 10.x.x.x / 27

VLAN 600

Cl ient • Eac h Cl ient assig ned a separate VLAN starting w ith 601 • IP Address f rom 10.x.x.x/ 29 (usual l y)

VLAN 601 +

Manag em ent • Manag em ent interf ac es f or al l netw ork dev ic es • IP Address f rom 172.x.x.x / 27

VLAN 1000

V L A N I nterf a ces A S w itc h Virtual Interf ac e (S VI) is c onf ig ured f or eac h c orresponding VLAN on th e H U B S w itc h .

V L AN I n terf ac e C on f ig in terf ac e V l an 2 desc ription R egus S taf f V L AN ip address 172 . 2 8 . 168 . 1 2 55. 2 55. 2 55. 19 2 ! in terf ac e V l an 10 0 desc ription S h aredR esourc es ip address 10 . 118 . 163 . 12 9 2 55. 2 55. 2 55. 2 2 4

F a st E th ernet Ports Al l unused ports w il l b e c onf ig ured as ac c ess sw itc h ports on th e Touc h dow n VLAN (600) w ith VLAN 200 as th e Voic e VLAN . P orts w il l b e assig ned to th e appropriate VLAN s depending on th e Reg us Cl ient ac c ess. Interf ac e desc riptions w il l b e updated as c l ients are assig ned ports.


61

F as tE th ern et P ort C on f ig

in terf ac e F astE th ern et0 / 46 c on sumption 770 0 sw itc h port ac c ess v l an 60 0 sw itc h port mode ac c ess sw itc h port v oic e v l an 2 0 0 n o l oggin g ev en t l in k -status srr-queue ban dw idth sh are 10 10 60 2 0 srr-queue ban dw idth sh ape 10 0 0 0 priority-queue out ml s qos trust dsc p ml s qos dsc p-mutation S h ared n o sn mp trap l in k -status span n in g-tree portf ast ! in terf ac e F astE th ern et0 / 47 desc ription ( V oc e C ommun ic ation s - P riv ate / D edic ated 1M B ) pow er in l in e pow er in l in e c on sumption 770 0 sw itc h port ac c ess v l an 60 7 sw itc h port mode ac c ess sw itc h port v oic e v l an 2 0 0 n o l oggin g ev en t l in k -status srr-queue ban dw idth sh are 10 10 60 2 0 srr-queue ban dw idth sh ape 10 0 0 0 priority-queue out ml s qos trust dsc p ml s qos dsc p-mutation S h ared n o sn mp trap l in k -status span n in g-tree portf ast

V T P Virtual Trunk ing P rotoc ol (VTP ) w as desig ned to propag ate a VLAN datab ase th roug h out a sw itc h ing topol og y. If a VLAN w as c reated th e c h ang e w oul d b e ref l ec ted on al l sw itc h es. U nf ortunatel y, th is f eature al so m ade it easy to ac c idental l y del ete an entire VLAN suc h as Voic e c ausing m aj or outag es. It rec om m ended running VTP in th e transparent m ode, w h ic h prev ents th e propag ation of VLAN inf orm ation.

V T P C on f ig v tp domain ( R egus+ S ite I D ) v tp mode tran sparen t

M u l tica st Mul tic ast Routing is required to support Music O n H ol d stream ing f or IP Com m unic ator and IP P h ones at eac h Rem ote S ite. O nl y th e Layer-3 H ub S w itc h requires m ul tic ast routing to b e enab l ed.


62

M u ltic as t R ou tin g C on f ig ip mul tic ast-routin g distributed

PI M Stu b P rotoc ol Independent Mul tic ast S parse Mode (P IM-S M) m ust b e c onf ig ured on th e l ink b etw een th e 3845 CE Router and H ub Layer-3 S w itc h (3560) to al l ow m ul tic ast f rom th e CE Router P rior to 12.2(37)S E c ode, th e IP B ase im ag e did not support m ul tic ast routing and P IM. It required th e IP S erv ic e im ag e. P IM S tub Mul tic ast f eature now supports m ul tic ast routing b etw een th e distrib ution l ayer and ac c ess l ayer. It supports tw o types of P IM interf ac es: upl ink P IM interf ac es and P IM passiv e interf ac es. In partic ul ar, a routed interf ac e c onf ig ured w ith th e P IM P assiv e m ode does not pass/ f orw ard P IM c ontrol pl ane traf f ic ; it onl y passes/ f orw ards IG MP traf f ic . O nl y direc t-c onnec ted m ul tic ast (IG MP ) rec eiv ers and sourc es are al l ow ed in th e l ayer 2 ac c ess dom ains. Th e P IM protoc ol is not supported in ac c ess dom ains. Th e i p p i m p a s s i v e m ust b e c onf ig ured on eac h interf ac e VLAN w h ic h requires Music O n H ol d. It is not required on th e Layer-2 S w itc h es. Th e P IM S tub f eature h as not b een depl oyed w ith in th e c urrent Reg us env ironm ent w h ic h poses a potential risk during depl oym ent.

P I M C on f ig in terf ac e F astE th ern et0 / 48 desc ription L in k to 3 8 45 C E R outer GigabitE th ern et0 / 0 ip address 10 . 119 . 2 40 . 5 2 55. 2 55. 2 55. 2 52 ip pim sparse-den se-mode ! in terf ac e V l an 2 desc ription S taf f V L AN ip address 172 . 16. 10 . 1 2 55. 2 55. 2 55. 0 ip pim passiv e ! I n terf ac e V l an 2 0 0 desc ription V oic e V L AN ip address 10 . 119 . 2 3 9 . 0 2 55. 2 55. 2 55. 0 ip pim passiv e

I G M P Snoop ing Internet G roup Manag em ent P rotoc ol (IG MP ) is a standard def ined in RF C1112 f or IG MP v 1, in RF C2236 f or IG MP v 2 and in RF C3376 f or IG MP v 3. IG MP spec if ies h ow a h ost or IP P h one c an request to j oin a m ul tic ast g roup. IG MP snooping al l ow s th e sw itc h to rec og niz e a j oin and enab l e a requested m ul tic ast g roup on a port. In addition, to th e Voic e VLAN (200), IG MP snooping m ust b e c onf ig ured on VLAN w h ere IP Com m unic ator m ay b e used.


63

I GM P Sn oop in g C on f ig

ip igmp sn oopin g v l an 2 0 0 immediate-l eav e ip igmp sn oopin g v l an 648 immediate-l eav e ip igmp sn oopin g v l an 642 immediate-l eav e ip igmp sn oopin g v l an 643 immediate-l eav e

Switch SD M T em p l a te Th e S ec urity im pl em entation rel ies h eav y on Ac c ess Lists (ACLs). S w itc h resourc es m ust b e optim iz ed f or th e l arg e num b er of ACLS . Th e S w itc h Datab ase Manag em ent (S DM) tem pl ates al l ow tuning . To al l oc ate ternary c ontent addressab l e m em ory (TCAM) resourc es f or dif f erent usag es, th e sw itc h S DM tem pl ates prioritiz e system resourc es to optim iz e support f or c ertain f eatures. Y ou c an sel ec t S DM tem pl ates f or IP Version 4 (IP v 4) to optim iz e th ese f eatures: • Routing —Th e routing tem pl ate m axim iz es system resourc es f or unic ast routing , typic al l y required f or a router or ag g reg ator in th e c enter of a netw ork . • VLAN s—Th e VLAN tem pl ate disab l es routing and supports th e m axim um num b er of unic ast MAC addresses. It w oul d typic al l y b e sel ec ted f or a Layer 2 sw itc h . • Def aul t—Th e def aul t tem pl ate g iv es b al anc e to al l f unc tions. • Ac c ess—Th e ac c ess tem pl ate m axim iz es system resourc es f or ac c ess c ontrol l ists (ACLs) to ac c om m odate a l arg e num b er of ACLs.

Sw itc h T em p late C on f ig

sdm pref er ac c ess �

Note Th is c om m and requires a rel oad of th e sw itc h to tak e af f ec t. Th e S DM tem pl ate in use c an b e v erif ied w ith th e s h o w s d m p re f e r c om m and.

Rem ote Site Secu rity Th e H ub Layer 3 sw itc h (3560) restric ts or prev ents c om m unic ation b etw een th e l oc al VLAN s b y appl ied in and outb ound ACLs. Custom ers are isol ated f rom one anoth er in th is m anner. If c om m unic ation b etw een sev eral sites f or a g iv en c ustom er is required th e ACLs m ust b e c h ang ed to al l ow th is ac c ess. If inb ound traf f ic f rom th e Internet is required, th e IP serv ic e l im itation is enf orc ed exc l usiv el y on th e Layer 3 H ub S w itc h and is b ased on th e c ustom er serv ic e tem pl ate. To


64

k eep prov isioning sim pl er, m odul ar and site ag nostic , outb ound ACLs c om pl em ents inb ound ACL to ac h iev e th e sec urity requirem ents. As w ith th e Q oS and B andw idth on Dem and, th e sec urity and c ustom er ac c ess tem pl ate are f rom th e IB M P h ase A m odel .

Secu rity Service Cl a sses

S e r v i c e C l a s s

O u t b o u n d I n b o u n d A d d r e s s T y p e S e r v i c e P a r t i t i o n

A Al l p orts op en ou tb ou nd with th e f ol l owing ex cep tion - P ort/ Service p resenting a h igh secu rity risk - P ort/ Services th a t cou l d l oa d to revenu e l ea ka ge f or R egu s

Al l non-cl ient initia ted inb ou nd tra f f ic is b l ocked

Sh a red

B Sa m e a s Cl a ss A Sa m e a s Cl a ss A ex cep ting V P N Cl ient

P u b l ic (b u t cou l d b e rou ta b l e or p riva te a s wel l )

Sh a red

C Sa m e a s Cl a ss A Sa m e a s Cl a ss A P riva te Dedica ted D Sa m e a s Cl a ss A Sa m e a s Cl a ss A

ex cep ting SM T P I M AP P O P H T T P / H T T P S

P u b l ic (or rou ta b l e) Dedica ted

E Sa m e a s Cl a ss A Al l p orts op en ou tb ou nd with th e f ol l owing ex cep tion - P ort/ Service p resenting a h igh secu rity risk - P ort/ Services th a t cou l d l ea d to revenu e l ea ka ge f or R egu s

R ou ta b l e (or p u b l ic) Dedica ted

Secu rity Service A ccess L ist Th e tab l e b el ow l ists th e standard sec urity ac c ess-l ists w h ic h are appl ied depending upon th e c ustom er serv ic e c l ass. Th ese ACLs assum e th e standard Reg us m odel f or IP Address assig nm ent, so a dev iation w il l require ACL m odif ic ation. F or exam pl e, if th e Reg us S taf f VLAN is assig ned f rom th e 172.x.x.x IP Address B l oc k .


65

Access List Name Ap p l ied to V LAN C u sto mer T emp l ate

D ir ectio n

S taf f I n S taf f ( 2 ) D ef aul t in S h ared P riv ate ( 10 0 ) D ef aul t S h ared P ubl ic ( 10 1) D ef aul t V oic e ( 2 0 0 ) D ef aul t C ustomerI n W irel ess ( 3 0 0 ) D ef aul t in C ustomerI n T ouc h dow n ( 60 0 ) D ef aul t in P ubl ic I P ( 60 1) D ef aul t in S taf f I n M an agemen t ( 10 0 0 ) D ef aul t in C ustomerI n P ub P ubl ic C ustomer ( 40 0 + ) D ef aul t in P ubN oI n bS v c O ut P ubl ic C ustomer ( 40 0 + ) D ef aul t out R ouN oI n bS v c O ut P riv ate C ustomer ( 60 1+ ) D ef aul t out C ustomerI n V P N P riv ate C ustomer ( 60 1+ ) C l ass B in P ubI n bD O ut P ubl ic C ustomer ( 40 0 + ) C l ass D out R outin bD O ut P riv ate C ustomer ( 60 1+ ) C l ass D out C ustom P ubl ic C ustomer ( 40 0 + ) S ite to S ite in C ustom P riv ate C ustomer ( 60 0 + ) S ite to S ite in R estric tI P S c ope U pl in k G0 / 48 ( 3 560 ) S c ope restric tion in

Sec u rity Ac c es s -lis t C on f ig

ip ac c ess-l ist exten ded C ustomerI n permit udp an y an y eq bootpc permit udp an y an y eq bootps permit tc p an y an y eq 9 10 0 permit tc p an y an y eq l pd permit ip an y 10 . 2 2 4. 0 . 0 0 . 0 . 15. 2 55 permit tc p an y an y eq 2 0 0 0 permit tc p an y an y eq 8 40 4 permit tc p an y an y eq 2 748 den y udp an y 10 . 0 . 0 . 0 0 . 2 55. 2 55. 2 55 gt 3 2 768 permit udp an y an y gt 163 8 4 permit tc p an y an y ran ge 3 2 3 0 3 2 3 7 permit udp an y an y ran ge 3 2 3 0 3 2 53 permit udp an y an y eq sysl og permit ic mp an y 172 . 16. 0 . 0 0 . 15. 2 55. 2 55 ec h o-repl y den y ip an y 172 . 16. 0 . 0 0 . 15. 2 55. 2 55 permit ic mp an y an y ec h o den y ip an y 10 . 0 . 0 . 0 0 . 2 55. 2 55. 2 55 den y tc p an y an y eq 172 3 den y gre an y an y den y udp an y an y eq 170 1 den y udp an y an y eq isak mp den y esp an y an y permit ip an y an y


66

ip ac c ess-l ist exten ded C ustomerI n P ub permit udp an y an y eq bootpc permit udp an y an y eq bootps permit tc p an y an y eq 9 10 0 permit tc p an y an y eq l pd permit ip an y 10 . 2 2 4. 0 . 0 0 . 0 . 15. 2 55 permit tc p an y an y eq 2 0 0 0 permit tc p an y an y eq 8 40 4 permit tc p an y an y eq 2 748 den y udp an y 10 . 0 . 0 . 0 0 . 2 55. 2 55. 2 55 gt 3 2 768 permit udp an y an y gt 163 8 4 permit tc p an y an y establ ish ed permit tc p an y an y ran ge 3 2 3 0 3 2 3 7 permit udp an y an y ran ge 3 2 3 0 3 2 53 permit udp an y an y eq sysl og permit ic mp an y 172 . 16. 0 . 0 0 . 15. 2 55. 2 55 ec h o-repl y permit ic mp an y an y ec h o den y ip an y 10 . 0 . 0 . 0 0 . 2 55. 2 55. 2 55 permit ip an y an y ip ac c ess-l ist exten ded C ustomerI n V P N permit udp an y an y eq bootpc permit udp an y an y eq bootps permit tc p an y an y eq 9 10 0 permit tc p an y an y eq l pd permit ip an y 10 . 2 2 4. 0 . 0 0 . 0 . 15. 2 55 permit tc p an y an y eq 2 0 0 0 permit tc p an y an y eq 8 40 4 permit tc p an y an y eq 2 748 den y udp an y 10 . 0 . 0 . 0 0 . 2 55. 2 55. 2 55 gt 3 2 768 permit udp an y an y gt 163 8 4 permit tc p an y an y ran ge 3 2 3 0 3 2 3 7 permit udp an y an y ran ge 3 2 3 0 3 2 53 permit udp an y an y eq sysl og permit ic mp an y 172 . 16. 0 . 0 0 . 15. 2 55. 2 55 ec h o-repl y den y ip an y 172 . 16. 0 . 0 0 . 15. 2 55. 2 55 permit ic mp an y an y ec h o den y ip an y 10 . 0 . 0 . 0 0 . 2 55. 2 55. 2 55 permit ip an y an y ip ac c ess-l ist exten ded P ubI n bD O ut permit ip 10 . 0 . 0 . 0 0 . 2 55. 2 55. 2 55 66. 2 0 2 . 12 8 . 0 0 . 0 . 63 . 2 55 permit ip 172 . 16. 0 . 0 0 . 15. 2 55. 2 55 66. 2 0 2 . 12 8 . 0 0 . 0 . 63 . 2 55 permit tc p an y an y eq w w w permit tc p an y an y eq 443 permit tc p an y an y eq 9 9 5 permit tc p an y an y eq pop3 permit tc p an y an y eq 465 permit tc p an y an y eq smtp permit tc p an y an y eq 143 permit tc p an y an y eq 9 9 3 permit tc p an y an y eq f tp permit tc p an y an y eq f tp-data permit tc p an y an y gt 1 establ ish ed permit esp an y an y permit udp an y an y permit gre an y an y permit ic mp an y an y den y ip an y an y ip ac c ess-l ist exten ded P ubI n bE O ut permit ip an y an y ip ac c ess-l ist exten ded P ubN oI n bS v c O ut permit tc p an y an y gt 1 establ ish ed permit ip 10 . 0 . 0 . 0 0 . 2 55. 2 55. 2 55 66. 2 0 2 . 12 8 . 0 0 . 0 . 63 . 2 55 permit ip 172 . 16. 0 . 0 0 . 15. 2 55. 2 55 66. 2 0 2 . 12 8 . 0 0 . 0 . 63 . 2 55 permit esp an y an y permit udp an y an y permit gre an y an y permit ic mp an y an y den y ip an y an y


67

ip ac c ess-l ist exten ded R estric tI P S c ope permit ip an y an y ip ac c ess-l ist exten ded R ouI n bD O ut permit ip 66. 2 0 2 . 12 8 . 0 0 . 0 . 63 . 2 55 10 . 0 . 0 . 0 0 . 2 55. 2 55. 2 55 permit tc p an y an y eq w w w permit tc p an y an y eq 443 permit tc p an y an y eq 9 9 5 permit tc p an y an y eq pop3 permit tc p an y an y eq 465 permit tc p an y an y eq smtp permit tc p an y an y eq 143 permit tc p an y an y eq 9 9 3 permit tc p an y an y eq f tp permit tc p an y an y eq f tp-data permit tc p an y an y gt 1 establ ish ed permit tc p 10 . 0 . 0 . 0 0 . 2 55. 2 55. 2 55 an y permit esp an y an y permit udp an y an y permit gre an y an y permit ic mp an y an y den y ip an y an y ip ac c ess-l ist exten ded R ouI n bE O ut permit ip an y an y ip ac c ess-l ist exten ded R ouN oI n bS v c O ut permit ip 66. 2 0 2 . 12 8 . 0 0 . 0 . 63 . 2 55 10 . 0 . 0 . 0 0 . 2 55. 2 55. 2 55 permit tc p an y an y gt 1 establ ish ed permit tc p 10 . 0 . 0 . 0 0 . 2 55. 2 55. 2 55 an y permit esp an y an y permit udp an y an y permit gre an y an y permit ic mp an y an y den y ip an y an y ip ac c ess-l ist exten ded S taf f I n permit udp an y an y eq bootpc permit udp an y an y eq bootps permit tc p an y an y eq 9 10 0 permit tc p an y an y eq l pd permit tc p an y an y eq w w w permit ip an y 172 . 16. 0 . 0 0 . 15. 2 55. 2 55 permit ip an y 10 . 2 54. 118 . 0 0 . 0 . 0 . 2 55 permit ip an y 2 16. 73 . 12 8 . 12 8 0 . 0 . 0 . 12 7 permit ip an y 10 . 2 54. 0 . 0 0 . 0 . 3 1. 2 55 permit ic mp an y an y permit tc p an y an y ran ge 3 2 3 0 3 2 3 7 permit udp an y an y ran ge 3 2 3 0 3 2 53 permit ip an y 10 . 2 2 4. 0 . 0 0 . 0 . 15. 2 55 permit ip an y 10 . 2 3 9 . 2 48 . 0 0 . 0 . 1. 2 55 permit tc p an y an y eq 2 0 0 0 permit tc p an y an y eq 8 40 4 permit tc p an y an y eq 2 748 den y udp an y 10 . 0 . 0 . 0 0 . 2 55. 2 55. 2 55 gt 3 2 768 permit udp an y an y gt 163 8 4 permit udp an y an y eq sysl og den y ip an y 172 . 16. 0 . 0 0 . 15. 2 55. 2 55 permit ip an y an y

Sp a nning T ree MS Ts or Mul tipl e S panning Trees (IEEE 802.1s) c om b ine th e b est aspec ts f rom b oth th e P VS T+ and th e 802.1q. Th e idea is th at sev eral VLAN s c an b e m apped to a reduc ed num b er of spanning tree instanc es b ec ause m ost netw ork s do not need m ore th an a f ew l og ic al topol og ies. MS T spanning tree is sel ec ted ov er P VS T b ec ause it reduc es th e


68

ov erh ead CP U b y sending a sing l e B P DU out f or al l VLAN s ac ross trunk s Th e H ub Layer 3 sw itc h w il l b e c onf ig ured as S TP Root. P ortf ast w il l b e th e standard c onf ig uration f or al l end user ac c ess ports. It suspends th e l istening and l earning ph ases of S TP w h ic h c an af f ec t DH CP requests f rom h osts.

H u b Sw itc h ST P C on f ig ! span n in g-tree mode mst span n in g-tree exten d system-id span n in g-tree mst 0 priority 0 ! in terf ac e F astE th ern et0 / 2 1 span n in g-tree portf ast

L ayer-2 Sw itc h ST P C on f ig

span n in g-tree mode mst span n in g-tree exten d system-id

Power over E th ernet (PoE ) O n a 48-port P oE sw itc h , any 24 of th e 48 10/ 100 or 10/ 100/ 1000 P oE ports prov ide 15.4W of pow er or any c om b ination of ports prov ide an av erag e of 7.7 W of pow er at th e sam e tim e, up to a m axim um sw itc h pow er output of 370 W. B y using th e p o w e r i n l i n e c o n s u m p t i o n < w a t t a g e > c onf ig uration c om m and, you c an ov erride th e def aul t pow er requirem ent spec if ied b y th e IEEE c l assif ic ation. �

Note CP -7970G ph ones c annot b e c onf ig ured to th e m axim um sc reen b rig h tness w ith suppl ied w ith th is am ount of pow er.

P oE C on f ig

in terf ac e F astE th ern et0 / 2 1 pow er in l in e c on sumption 770 0

M a na gem ent V L A N A Manag em ent VLAN (1000) is c reated at eac h site f or m anag em ent of th e sw itc h es. Eac h sw itc h w il l h av e an IP Address on th is VLAN .


69

M an agem en t V L AN C on f ig in terf ac e V l an 10 0 0 desc ription M an agemen t ip address 172 . 2 8 . 2 51. 2 0 1 2 55. 2 55. 2 55. 2 2 4 n o ip redirec ts n o ip un reac h abl es n o ip proxy-arp n o ip route-c ac h e n o sn mp trap l in k -status

Q u a l ity of Service S ee th e m ain Q ual ity of S erv ic e S ec tion in th is doc um ent f or th e m ain sw itc h Q oS setting s.

A ttenda nt Consol e (E V O ) Q oS Th e EVO c onsol e resides on th e S taf f VLAN and requires a spec ial Q oS pol ic y on th e F ast Eth ernet port of th e sw itc h .

Atten d an t C on s ole Q oS P olic y C on f ig c l ass-map matc h -al l v oic e-bearer matc h ac c ess-group n ame v oic e-bearer c l ass-map matc h -al l v oic e-sig-n ow matc h ac c ess-group n ame v oic e-sig-n ow ! pol ic y-map ev o-c on sol e c l ass v oic e-bearer set dsc p c s6 c l ass v oic e-sig-n ow set dsc p c s4 c l ass c l ass-def aul t set dsc p c s3 ! in terf ac e F astE th ern et0 / 3 4 pow er in l in e c on sumption 770 0 sw itc h port ac c ess v l an 2 sw itc h port mode ac c ess sw itc h port v oic e v l an 2 0 0 serv ic e-pol ic y in put ev o-c on sol e ! ip ac c ess-l ist exten ded v oic e-bearer permit udp an y an y ran ge 163 8 4 3 2 767 dsc p ef ip ac c ess-l ist exten ded v oic e-sig-n ow permit tc p an y an y ran ge 2 0 0 0 2 0 0 2 dsc p c s3 permit tc p an y an y ran ge 2 0 0 0 2 0 0 2 dsc p af 3 1 permit tc p an y an y eq 3 12 8 permit tc p an y an y eq 48 12 permit tc p an y an y eq 519 9 permit udp an y an y eq 519 9 permit udp an y an y eq 48 12 permit udp an y an y eq 3 12 8


70

Su m m a ry of Site Switch D esign • EIG RP to CE Router • Dot1q Trunk to additional 3560 sw itc h es • P redef ined VLAN and interf ac e c onf ig uration • Mul tic ast Routing w ith P IM S tub • IG MP S nooping f or VLAN s requiring MoH • S ec urity S erv ic e Cl asses b ased on ACLs • S w itc h ing S DM Tem pl ate Ch ang e • P oE is av ail ab l e on ports • S ite Manag em ent VLAN • EVO Attendant Consol e Q oS


71

C incinnat i D at a C ent er D esig n A Data Center dif f ers f rom a P O P l oc ation b ec ause it c ontains b oth an Internet Drain (1) and th e Cal l Manag er and U nity S erv ers. Th e Cinc innati DC is l oc ated w ith in Lev el -3 c o-l oc ation f ac il ity. Th e b ase LAN topol og y in th e Data Center c onsists of tw o 3560G sw itc h es w h ic h are c onnec ted v ia Eth er Ch annel . B oth th e Cal l Manag er and U nity VLAN s are av ail ab l e on b oth sw itc h es to support dual N IC team ing . Th e Drain CE Router 7201 util iz es al l f our G ig ab it interf ac es w ith in th e desig n. A k ey desig n g oal w as to av oid a dot1q interf ac e on th e G ig ab it interf ac es w h ic h c an introduc e c om pl ic ations to Q oS pol ic ies and introduc e inter-VLAN routing on th e Drain CE router.


72

V L A N D ef initions V L AN F u n c t i o n V L AN N u m b e r

AS A VLAN • VLAN f or Drain CE to AS A traf f ic • IP S ub net 10.231.39.248/ 30

VLAN 10

Inter S w itc h VLAN • L3 VLAN b etw een S w itc h es • IP S ub net 10.231.x.x/ 30

VLAN 11

Cal l Manag er • CM, IS I, TAP S erv er VLAN • IP S ub net 10.224.16.0/ 27

VLAN 201

U nity • U nity, AD, Exc h ang e S erv er • IP S ub net 10.224.16.32/ 27

VLAN 202

Manag em ent • Manag em ent interf ac es VLAN • 10.224.16.64/ 27

VLAN 1000

D C Switch 1 to D ra in CE Th e c onnec tion on VLAN 10 c oul d h av e term inated direc tl y into th e AS A, b ut is term inated on th e DC S w itc h 1 f or f uture options w h ic h m ay require spanning th e l ink . Th e sec ond G ig ab it interf ac e f rom th e Drain CE is used f or th e l ink to th e Cal l Manag er VLAN .

DC Sw itc h 1 Drain C E C on n ec tion C on f ig in terf ac e GigabitE th ern et0 / 2 1 desc ription S F O -dc e-0 1 GigabitE th ern et0 / 0 sw itc h port ac c ess v l an 10 sw itc h port mode ac c ess n o l oggin g ev en t l in k -status srr-queue ban dw idth sh are 10 10 60 2 0 srr-queue ban dw idth sh ape 10 0 0 0 priority-queue out ml s qos trust dsc p n o sn mp trap l in k -status span n in g-tree portf ast


73

in terf ac e GigabitE th ern et0 / 2 2 desc ription S F O -dc e-0 1 GigabitE th ern et0 / 1 ip address < 10 . 2 2 4. x. x> 2 55. 2 55. 2 55. 2 52 n o ip redirec ts n o ip un reac h abl es n o ip proxy-arp n o ip route-c ac h e n o sn mp trap l in k -status

D C Switch 2 to D ra in CE Th is Drain CE G ig ab it c onnec tion is th e l ink to th e U nity VLAN

DC Sw itc h 2 Drain C E C on n ec tion C on f ig in terf ac e GigabitE th ern et0 / 2 2 desc ription S F O -dc e-0 1 GigabitE th ern et0 / 3 ip address < 10 . 2 2 4. x. x> 2 55. 2 55. 2 55. 2 52 n o ip redirec ts n o ip un reac h abl es n o ip proxy-arp n o ip route-c ac h e n o sn mp trap l in k -status

E th erCh a nnel D C Switch 1 & 2 A Layer-2 Eth er Ch annel w il l b e c onf ig ured b etw een DC S w itc h 1 and DC S w itc h 2. Th e c h annel w il l add redundanc y to th e dot1q trunk w h ic h c arries al l VLAN s b etw een th e sw itc h es. With Cal l Mang er VLAN (201) and U nity (202) VLAN s b eing ac tiv e on b oth sw itc h es, serv ers w ith dual team ed N ICs c an attac h to eac h sw itc h , b ut rem ain in th e sam e VLAN . Th e desirab l e m ode is rec om m ended f or th e c h annel g roup w ith th e sw itc h port f orc ed to trunk and enc apsul ation of dot1q.

E th erC h an n el C on f ig in terf ac e P ort-c h an n el 1 sw itc h port trun k en c apsul ation dot1q switchport mode trunk ! interf a ce G ig a b itE thernet0 / 2 3 switchport trunk enca psul a tion dot1 q switchport mode trunk cha nnel -g roup 1 mode desira b l e ! interf a ce G ig a b itE thernet0 / 2 4 switchport trunk enca psul a tion dot1 q switchport mode trunk cha nnel -g roup 1 mode desira b l e


74

D C Switch 1 & 2 to A SA Th e AS A is c onnec ted to b oth DC S w itc h 1 and 2, b ut onl y th e c onnec tion to DC S w itc h w il l b e enab l ed. Th is extra prov ides f l exib il ity f or rec onf ig uration in th e ev ent th at DC S w itc h 1 f ail s.

ASA C on n ec tion C on f ig in terf ac e GigabitE th ern et0 / 2 0 desc ription C I N -AS A-0 1 GigabitE th ern et0 / 1 sw itc h port ac c ess v l an 10 sw itc h port mode ac c ess n o l oggin g ev en t l in k -status srr-queue ban dw idth sh are 10 10 60 2 0 srr-queue ban dw idth sh ape 10 0 0 0 priority-queue out ml s qos trust dsc p n o sn mp trap l in k -status span n in g-tree portf ast

D C Switch 1 to D C Switch 2 V L A N VLAN 11 w il l f orm a Layer-3 c onnec tion b etw een w ith DC S w itc h 1 and 2. It al l ow s Cal l Manag er VLAN to U nity VLAN traf f ic to av oid trav ersing th e Drain CE router.

DC Sw itc h 1 & 2 SV I C on f ig in terf ac e V l an 11 desc ription C I N -n sw -0 1 to C I N -n sw -0 2 V L AN ip address < 10 . 2 2 4. x. x> 2 55. 2 55. 2 55. 2 52 n o ip redirec ts n o ip un reac h abl es n o ip proxy-arp n o ip route-c ac h e n o sn mp trap l in k -status

D C Switch 2 U nity D ia l -O u t Rou ter Th e U nity Dial -O ut Router (3845) w il l attac h to DC-S w itc h 2 (3560) and reside in th e U nity VLAN 202.

U n ity Dial R ou ter C on n ec tion C on f ig in terf ac e GigabitE th ern et0 / 2 1 desc ription U n ity O ut D ial R outer GigabitE th ern et0 / 0 sw itc h port ac c ess v l an 2 0 2 sw itc h port mode ac c ess n o l oggin g ev en t l in k -status srr-queue ban dw idth sh are 10 10 60 2 0 srr-queue ban dw idth sh ape 10 0 0 0 priority-queue out ml s qos trust dsc p n o sn mp trap l in k -status span n in g-tree portf ast


75

M a na gem ent V L A N A Manag em ent VLAN (1000) is c reated at eac h site f or m anag em ent of th e sw itc h es. Th e th ree IS I S erv ers interf ac es w il l al so reside in th is VLAN .

M an agem en t V L AN C on f ig in terf ac e V l an 10 0 0 desc ription M an agemen t ip address 172 . 2 8 . 2 51. 2 0 1 2 55. 2 55. 2 55. 2 2 4 n o ip redirec ts n o ip un reac h abl es n o ip proxy-arp n o ip route-c ac h e n o sn mp trap l in k -status

Sp a nning T ree MS Ts or Mul tipl e S panning Trees (IEEE 802.1s) c om b ine th e b est aspec ts f rom b oth th e P VS T+ and th e 802.1q. Th e idea is th at sev eral VLAN s c an b e m apped to a reduc ed num b er of spanning tree instanc es b ec ause m ost netw ork s do not need m ore th an a f ew l og ic al topol og ies. MS T spanning tree is sel ec ted ov er P VS T b ec ause it reduc es th e ov erh ead CP U b y sending a sing l e B P DU out f or al l VLAN s ac ross trunk s. DC S w itc h 1 w il l b e th e Root of th e topol og y.

DC Sw itc h 1 ST P C on f ig span n in g-tree mode mst span n in g-tree exten d system-id span n in g-tree mst 0 priority 0 in terf ac e F astE th ern et0 / 2 1 span n in g-tree portf ast

DC Sw itc h 2 ST P C on f ig span n in g-tree mode mst span n in g-tree exten d system-id in terf ac e F astE th ern et0 / 2 1 span n in g-tree portf ast

V T P Virtual Trunk ing P rotoc ol (VTP ) w as desig ned to propag ate a VLAN datab ase th roug h out a sw itc h ing topol og y. If a VLAN w as c reated th e c h ang e w oul d b e ref l ec ted on al l sw itc h es. U nf ortunatel y, th is f eature al so m ade it easy to ac c idental l y del ete an entire VLAN suc h as Voic e c ausing m aj or outag es. It rec om m ended running VTP in th e transparent m ode, w h ic h prev ents th e propag ation of VLAN inf orm ation.



76

O O B M a na gem ent Rou ter Th e O O B Manag em ent Router (2811) w il l prov ide c onsol e ac c ess v ia m odem or rev erse tel net th roug h th e F ast Eth ernet interf ac e. A m odem w il l attac h to th e AU X port.

D e v i c e C o n s o l e P h y s i c a l P o rt P o rt N u m b e r

IX C Router 1 2033 Drain CE Router 2 2034 Data S w itc h 1 3 2035 Data S w itc h 2 4 2036 AS A 5 2037 U nity O ut Dial 6 2038 Modem AU X

Su m m a ry of D a ta Center D esign • Tw o 3560G sw itc h es c onnec ted v ia Eth erc h annel • Cal l Manag er and U nity VLAN s on b oth sw itc h es f or dual N IC team ing • Manag em ent VLAN w ith O O B 2811 Router • Drain CE and Drain IX C ac c ess v ia Lev el -3 • AS A 5550 f or N AT/ P AT S erv ic es


77

San F rancisco P O P D esig n Th e S an F ranc isc o P O P desig n onl y h as Internet Drain 2. N o Voic e equipm ent is instal l ed w ith in th is Lev el -3 c o-l oc ation f ac il ity. A sing l e 3560G sw itc h inter-c onnec ts th e Drain CE Router and AS A F W.

Level 3M P LS

N E T W O R KPSTN

3 5 6 0 -24 T

7 20 1

I NTE R NE T

7 20 6 V X RNPE -G2

28 1 1O O B

PO TS

A SA 5 5 5 0

GE

GE GEGE

GE F E

V L A N D ef initions Additional VLAN s m ay b e added in th e F uture f or DN S , Web serv ers and/ or Tel eP resenc e v ideo equipm ent. S u b n e t F u n c t i o n V L AN N u m b e r

AS A VLAN • Inter c onnec tion f or th e Drain CE to AS A

VLAN 10

Manag em ent • Manag em ent interf ac es f or al l netw ork dev ic es • IP Address f rom 10.224.17.x B l oc k

VLAN 1000


78

Pop Switch 1 to D ra in CE Drain C E C on n ec tion C on f ig

in terf ac e GigabitE th ern et0 / 2 1 desc ription S F O -dc e-0 1 GigabitE th ern et0 / 0 sw itc h port ac c ess v l an 10 sw itc h port mode ac c ess n o l oggin g ev en t l in k -status srr-queue ban dw idth sh are 10 10 60 2 0 srr-queue ban dw idth sh ape 10 0 0 0 priority-queue out ml s qos trust dsc p n o sn mp trap l in k -status span n in g-tree portf ast ! in terf ac e GigabitE th ern et0 / 2 2 desc ription S F O -dc e-0 1 GigabitE th ern et0 / 1 ip address < 10 . 2 2 4. x. x> 2 55. 2 55. 2 55. 2 52 n o ip redirec ts n o ip un reac h abl es n o ip proxy-arp n o ip route-c ac h e n o sn mp trap l in k -status

Pop Switch 1 to A SA ASA C on n ec tion C on f ig

in terf ac e GigabitE th ern et0 / 2 4 desc ription S F O -dc e-0 1 GigabitE th ern et0 / 1 sw itc h port ac c ess v l an 10 sw itc h port mode ac c ess n o l oggin g ev en t l in k -status srr-queue ban dw idth sh are 10 10 60 2 0 srr-queue ban dw idth sh ape 10 0 0 0 priority-queue out ml s qos trust dsc p n o sn mp trap l in k -status span n in g-tree portf ast

M a na gem ent V L A N A Manag em ent VLAN (1000) is c reated at eac h site f or m anag em ent of th e sw itc h es. Eac h sw itc h w il l h av e an IP Address on th is VLAN .


79

M an agem en t V L AN C on f ig

in terf ac e V l an 10 0 0 desc ription M an agemen t ip address 172 . 2 8 . 2 51. 2 0 1 2 55. 2 55. 2 55. 2 2 4 n o ip redirec ts n o ip un reac h abl es n o ip proxy-arp n o ip route-c ac h e n o sn mp trap l in k -status

Sp a nning T ree MS Ts or Mul tipl e S panning Trees (IEEE 802.1s) c om b ine th e b est aspec ts f rom b oth th e P VS T+ and th e 802.1q. Th e idea is th at sev eral VLAN s c an b e m apped to a reduc ed num b er of spanning tree instanc es b ec ause m ost netw ork s do not need m ore th an a f ew l og ic al topol og ies. MS T spanning tree is sel ec ted ov er P VS T b ec ause it reduc es th e ov erh ead CP U b y sending a sing l e B P DU out f or al l VLAN s ac ross trunk s. Al th oug h th ere is onl y a sing l e sw itc h in th e P O P topol og y it is stil l rec om m ended to running spanning tree to av oid l oops b ec ause of c ab l ing issue or introduc tion of new equipm ent.

P O P Sw itc h 1 ST P C on f ig ! span n in g-tree mode mst span n in g-tree exten d system-id span n in g-tree mst 0 priority 0 ! in terf ac e F astE th ern et0 / 2 1 span n in g-tree portf ast

V T P Virtual Trunk ing P rotoc ol (VTP ) w as desig ned to propag ate a VLAN datab ase th roug h out a sw itc h ing topol og y. If a VLAN w as c reated th e c h ang e w oul d b e ref l ec ted on al l sw itc h es. U nf ortunatel y, th is f eature al so m ade it easy to ac c idental l y del ete an entire VLAN suc h as Voic e c ausing m aj or outag es. It is rec om m ended to run VTP in th e transparent m ode, w h ic h prev ents th e propag ation of VLAN inf orm ation.



80

O O B M a na gem ent Rou ter Th e O O B Manag em ent Router (2811) w il l prov ide c onsol e ac c ess v ia m odem or rev erse tel net th roug h th e F ast Eth ernet interf ac e. A m odem w il l attac h to th e AU X port.

D e v i c e C o n s o l e P h y s i c a l P o rt P o rt N u m b e r

IX C Router 1 2033 Drain CE Router 2 2034 AS A 3 2035 P O P S w itc h 1 4 2036 Modem AU X

Su m m a ry of PO P D esign • S ing l e 3560 S w itc h • Drain CE, AS A and Drain IX C – no serv ers


81

R eg u s D rain Sit e & I nt ernet Access D esig n

At a drain site, th ere w il l exist 3 routers and 2 sw itc h es, as w el l as an AS A f irew al l . O ne router w il l b e ow ed b y Lev el -3 and th e oth er 2 as w el l as th e AS A f irew al l and sw itc h es w il l b e ow ned and operated b y Reg us or a P artner.

�

Note Initial l y th ere w il l onl y b e tw o drain sites, l ater sc al ing to 8 Drain Loc ations ac ross N orth Am eric a.

B G P D ra in Concep t a nd L oca tions With in th e Lev el -3 netw ork , th ere are 11 Maj or Lev el -3 P eering P oints in N orth Am eric a. Th ey are:

1. Atl anta 2. S an F ranc isc o 3. N Y C 4. Dal l as 5. Ch ic ag o 6. Wash ing ton, D.C. 7. Los Ang el es 8. S eattl e 9. Miam i 10. S an J ose 11. Cinc innati

Lev el -3 and Reg us w ork ed tog eth er to m ap th e 8 Reg us Drain l oc ations to th ese P O P l oc ations:

Drain N am e 1 C i n c i n n a t i 2 Sa n F r a n 3 N Y C 4 D a l l a s 5 At l a n t a 6 D C 7 L A 8 Se a t t l e


82

Th e m apping of Drain l oc ations to th e Lev el 3 P O P s is depic ted b el ow :

T h e Need f or Sy m m etry : M u l tip l e D ra in Ch a l l enges Mul tipl e Internet Drains b ring s redundanc y and h ig h er av ail ab il ity to Reg us’s c ustom er b ase. F rom a tec h nic al standpoint, it al so m eans th at m ul tipl e def aul t-routes w il l b e inj ec ted into th e Lev el -3 MP LS Cl oud. With in th e MP LS c l oud, a P E w il l see th e m ul tipl e def aul t routes b ut onl y instal l one into its routing tab l e b ased on th e B G P B est P ath Al g orith m . Th is def aul t b eh av ior does not prov ide enoug h Determ inism to m aintain routing sym m etry and traf f ic c oul d b e f irew al l ed/ l ost if not eng ineered properl y. F urth erm ore, l atenc y intol erant appl ic ations suc h as v oic e c oul d al so b e im pac ted. Th is is sh ow n b el ow w h ere a pac k et th at l eav es th e internet v ia IX C Router 1 m ay return v ia IX C Router 2. Th is w il l c ause traf f ic to b e l ost at IX C Router 2. (Ac tual l y at th e F irew al l b etw een IX C Router2 and Drain CE2)


83

Wh en deal ing w ith th e sym m etric al routing dec isions, th ere are th ree m aj or desig n issues: 1. Wh ic h Internet Drain w il l a CE U se? 2. Wh ic h Internet Drain w il l adv ertise a P ub l ic Address B l oc k ? 3. H ow do I ensure th at return path f rom th e Internet is th e sam e one th at I l ef t on?

Sy m m etrica l Rou ting Sol u tion

In order to g uarantee sym m etric al routing , a sing l e def aul t Route w il l b e l earned f rom th e Internet & inj ec ted into th e Lev el -3 MP LS Cl oud as sh ow n b el ow . Eac h P E w il l l earn a pair of def aul ts (b ased on standard MP LS VP N Route Targ et im port) and insert th em into th eir respec tiv e routing tab l e f or VRF Reg us. Th e P Es w il l instal l th e c l osest exit point’s Drain as its P rim ary Def aul t Route P Es w il l instal l th e 2nd c l osest exit point’s Drain as its S ec ondary Def aul t Route. Th is m eans th at a Rem ote Reg us site w il l b e ab l e to ac c ess th e Internet th roug h a determ inistic path . Th is is sh ow n b el ow :


84

B G P I X C Rou ting Pol icy Eac h IX C Router w il l announc e a sing l e or m ul tipl e (depending on h ow m any drains are depl oyed) / 22s out to th e Internet. Th e f ol l ow ing tab l e sh ow s th e dif f erent / 22s th at are assig ned to eac h Drain. F or eac h Drain th at is a prim ary f or a / 22 pair. Th e b ac k up drain w il l adv ertise th e sam e / 22 pair , b ut w ith a B G P AS P REP EN D. Th is w il l ensure sym m etric al routing . Th e f ol l ow ing tab l e sh ow s h ow th e Address Assig nm ent b l oc k s w il l l ook as w e g row f rom 2 Drains to 8 ov er tim e. As you c an see f rom th e c onf ig uration tem pl ates, th ese b l oc k s c orrel ate to B G P netw ork rang es th at are adv ertised on th e CE Drain and IX C Routers.

Drains A nc h o r B l o c k s O t h e r b l o c k s 5 66. 20 2. 160 . 0 / 22 66. 20 2. 128. 0 / 22 3 3 66. 20 2. 164. 0 / 22 66. 20 2. 132. 0 / 22

1 1 1 66. 20 2. 168. 0 / 22 66. 20 2. 136. 0 / 22 6 66. 20 2. 172. 0 / 22 66. 20 2. 140 . 0 / 22 2 66. 20 2. 176. 0 / 22 66. 20 2. 144. 0 / 22

2 2 7 66. 20 2. 180 . 0 / 22 66. 20 2. 148. 0 / 22 4 4 66. 20 2. 184. 0 / 22 66. 20 2. 152. 0 / 22 8 66. 20 2. 188. 0 / 22 66. 20 2. 156. 0 / 22


85

In sum m ary, th e IX C CE w il l peer to Reg us ow ned Drain CE v ia iB G P (14676 ) and w il l al so peers to Internet v ia EB G P AS N 3356. Eac h IX C Router w il l announc e at LEAS T 2 pair of / 22s f rom 66.202.128/ 18 address spac e. In th e earl y stag es of th e proj ec t eac h IX C Router w il l adv ertise al l 16 / 22s. (Eac h IX C Router w il l announc e 8 / 22s w ith a B G P AS P repend f or address spac e f or w h ic h it is th e S ec ondary Drain) F l exib il ity in th e desig n to adv ertise f rag m ented address spac e if needed using standard c om m unity m atc h ing pol ic y

D ra in CE to PE Connectivity a nd I X C Peering

Eac h Drain CE (DCE) w il l h av e th e sam e B G P AS N (14676) and w il l c onnec t to th e Lev el 3 P E router v ia G ig ab it Eth ernet. Al so, eac h DCE w il l peer to th e DP E v ia EB G P . Th e DCE w il l al so peer to th e IX C Router v ia iB G P th roug h an AS A F irew al l (using N ext h op sel f ). Eac h DCE w il l rec eiv e a sing l e def aul t route f rom th e IX C router and ALS O spec if ic routes f rom th e DP E. DCE w il l use B G P netw ork statem ents to adv ertise l oc al l y attac h ed netw ork s (ie. N etw ork statem ent f or priv ate and pub l ic address spac e of Voic e S ub nets f or exam pl e). As w as stated in th e B G P sec tion, no redistrib ution w il l b e used. Muc h l ik e th e Rem ote CE Routers do, th e DCE w il l set a site spec if ic c om m unity in th e B G P adv ertisem ents f or th e l oc al seg m ents.


86

A SA Rol e a nd NA T Connectivity Th e AS A w il l perf orm N AT f or P ub l ic Address S pac e U sing a U nique P ool of P ub l ic Addresses and w il l al so h av e a pol ic y to l et B G P P eering th roug h th e f irew al l onl y f or th e IX C to Drain CE peering s.

ASA B GP C on f igu ration ac c ess-l ist 18 111-out_ ac c ess_ in remark B GP T h ru AS A ac c ess-l ist 18 111-out_ ac c ess_ in exten ded permit tc p h ost 9 0 . 1. 2 . 3 h ost 9 0 . 1. 1. 2 eq bgp ac c ess-l ist 18 112 -in _ ac c ess_ in remark B GP T h ru AS A ( oth er direc tion ) ac c ess-l ist 18 112 -in _ ac c ess_ in exten ded permit tc p h ost 9 0 . 1. 2 . 3 h ost 9 0 . 1. 1. 2 eq bgp

N ext N AT w il l b e c onf ig ured on th e AS A f or th e priv ate address spac e. Eac h Drain w il l h av e a b l oc k (ie. a / 24) reserv ed f or a N AT P ool and th is S pec if ic B l oc k w il l b e adv ertised onl y f rom th at P eering P oint. F urth erm ore, N AT O v erl oading w il l b e used. Th e inside interf ac e w il l h av e a sec urity l ev el of 100 and th e outside (IX C Router F ac ing interf ac e w il l h av e a sec urity Lev el of 0)


87

ASA Sec u rity L ev el C on f igu ration ! in terf ac e E th ern et0 / 1 desc ription F ac in g I n tern et n ameif R egus_ I X C _ F ac in g sec urity-l ev el 0 ip address 9 0 . 1. 2 . 2 2 55. 2 55. 2 55. 0 ! in terf ac e E th ern et0 / 2 desc ription I n side Address ( f ac in g R egus) n ameif R egus_ C E _ F ac in g sec urity-l ev el 10 0 ip address 9 0 . 1. 1. 3 2 55. 2 55. 2 55. 0

Eac h Rem ote S ite is assig ned a pub l ic IP Address anc h or b l oc k / 29 f or N AT. Th e sec ond IP Address / 32 of th e / 29 b l oc k is used f or th e site spec if ic P AT address. Th e AS A c onf ig uration w il l use th e Reg us S ite-ID to c orrel ate th e inf orm ation. ASA P AT C on f igu ration gl obal ( 18 111-out) < R egus-S iteI D > < 2 n d I P of / 2 9 N AT B l oc k > n etmask 2 55. 2 55. 2 55. 2 55 n at ( 18 112 -in ) < R egus-S iteI D > < S ite P ubl ic An c h or B l oc k > < mask > n at ( 18 112 -in ) < R egus-S iteI D > < S ite S taf f B l oc k > < mask > ! gl obal ( 18 111-out) 79 9 1 66. 2 0 2 . 168 . 2 49 n etmask 2 55. 2 55. 2 55. 2 55 gl obal ( 18 111-out) 19 9 9 66. 2 0 2 . 160 . 2 n etmask 2 55. 2 55. 2 55. 0 n at ( 18 112 -in ) 79 9 1 10 . 12 2 . 2 3 2 . 0 2 55. 2 55. 2 48 . 0 n at ( 18 112 -in ) 79 9 1 172 . X . X . 2 55. 0 . 0 . 0 n at ( 18 112 -in ) 19 9 9 10 . 12 2 . 0 . 0 . 0 2 55. 0 . 0 . 0 n at ( 18 112 -in ) 19 9 9 172 . x. x. x 2 55. 0 . 0 . 0

A SA F W Ru l es A c c e s s f r o m t h e I n t e r n e t BT to a l l ow a ccess f rom th e I nternet to th e f ol l owing a ddress b l ocks: - 6 6 .202.128 .0 / 18 P u b l ic Address Bl ock T h e f ol l owing p rotocol s to b e a l l owed: - Al l T CP p orts - Al l U DP p orts - I CM P (f or p ing a nd tra cerou te). A c c e s s t o t h e I n t e r n e t BT to a l l ow a ccess to th e I nternet f rom th e f ol l owing a ddress b l ocks: - 6 6 .202.128 .0/ 18 P u b l ic Address Bl ock T h e f ol l owing p rotocol s to b e a l l owed: - Al l T CP p orts - Al l U DP p orts - I CM P (f or p ing a nd tra cerou te).


88

CE A ccess & Site to Site V PNs Currentl y th e f ol l ow ing VP N g roups are h andl ed b y th e CE Router at eac h rem ote site. Th is m eth odol og y is f rom th e prev ious desig n.

• H Q • Col t • B asil ic a • Manag em ent

C E Ac c es s V P N C on f igu ration

c rypto isak mp pol ic y 1 en c r 3 des auth en tic ation pre-sh are group 2 c rypto isak mp k ey R 3 gU 5V P N address 2 13 . 8 6. 173 . 11 n o-xauth c rypto isak mp k ey R 3 gU 5V P N address 2 16. 73 . 12 8 . 2 2 n o-xauth c rypto isak mp k ey R 3 gU 5V P N address 12 . 19 3 . 166. 13 3 n o-xauth c rypto isak mp k ey R 3 gU 5V P N address 9 0 . 152 . 3 . 10 n o-xauth ! c rypto isak mp c l ien t c on f iguration group N etsuran t k ey N 3 t5ur4n t dn s 10 . 156. 161. 15 10 . 2 54. 6. 12 0 w in s 10 . 2 54. 6. 10 1 10 . 2 54. 6. 10 2 domain ac c essregus. c om pool V P N _ P O O L _ 1 ac l 10 1 pf s n etmask 2 55. 2 55. 2 55. 0

!


89

c rypto isak mp c l ien t c on f iguration group R egus k ey 2 0 10 R 3 gU 5v 0 ip dn s 10 . 156. 161. 15 10 . 2 54. 6. 12 0 w in s 10 . 2 54. 6. 10 1 10 . 2 54. 6. 10 2 domain ac c essregus. c om pool V P N _ P O O L _ 1 ac l 10 1 pf s n etmask 2 55. 2 55. 2 55. 0 ! c rypto isak mp c l ien t c on f iguration group I S I k ey 1S 1adm1n dn s 10 . 156. 161. 15 10 . 2 54. 6. 12 0 w in s 10 . 2 54. 6. 10 1 10 . 2 54. 6. 10 2 domain ac c essregus. c om pool V P N _ P O O L _ 1 ac l 10 1 pf s n etmask 2 55. 2 55. 2 55. 0 ! ! c rypto ipsec tran sf orm-set E S P -3 D E S -S H A esp-3 des esp-sh a-h mac c rypto ipsec df -bit c l ear ! c rypto dyn amic -map D Y N M AP _ 1 1 set sec urity-assoc iation idl e-time 72 0 0 set tran sf orm-set E S P -3 D E S -S H A rev erse-route qos pre-c l assif y ! c rypto map C M AP _ 1 c l ien t auth en tic ation l ist v pn _ xauth c rypto map C M AP _ 1 isak mp auth oriz ation l ist v pn _ group_ 1 c rypto map C M AP _ 1 c l ien t c on f iguration address respon d c rypto map C M AP _ 1 1 ipsec -isak mp desc ription T un n el to 9 0 . 152 . 3 . 10 ( B asil ic a) set peer 9 0 . 152 . 3 . 10 set tran sf orm-set E S P -3 D E S -S H A set pf s group2 matc h address T oB asil ic a c rypto map C M AP _ 1 2 ipsec -isak mp desc ription T un n el to 2 13 . 8 6. 173 . 11 ( C O L T ) set peer 2 13 . 8 6. 173 . 11 set tran sf orm-set E S P -3 D E S -S H A set pf s group2 matc h address T oC O L T c rypto map C M AP _ 1 3 ipsec -isak mp desc ription T un n el to 2 16. 73 . 12 8 . 2 2 ( H Q D al l as) set peer 2 16. 73 . 12 8 . 2 2 set tran sf orm-set E S P -3 D E S -S H A set pf s group2 matc h address T oH Q c rypto map C M AP _ 1 4 ipsec -isak mp desc ription T un n el to 12 . 19 3 . 166. 13 3 ( N etS uran t) set peer 12 . 19 3 . 166. 13 3 set tran sf orm-set E S P -3 D E S -S H A set pf s group2 matc h address T oN etS uran t c rypto map C M AP _ 1 6553 5 ipsec -isak mp dyn amic D Y N M AP _ 1 ! ip l oc al pool V P N _ P O O L _ 1 10 . 79 . 65. 2 2 4 10 . 79 . 65. 2 3 1


90

A SA A ccess V PN VP N Ac c ess is not part of th is S O W, b ut it w il l b e m inim al l y c onf ig ured to support th e im pl em entation proc ess. U sers and VP N ac c ess w il l b e static al l y def ined.

ASA Ac c es s V P N C on f igu ration ip l oc al pool v pn pool 172 . 16. 1. 10 0 -172 . 16. 1. 19 9 mask 2 55. 2 55. 2 55. 0 ! group-pol ic y regus_ v pn in tern al group-pol ic y regus_ v pn attributes dn s-serv er v al ue 172 . 16. 1. 11 v pn -tun n el -protoc ol I P S ec def aul t-domain v al ue ac c essregus. c om ! c rypto ipsec tran sf orm-set E S P -3 D E S -S H A esp-3 des esp-sh a-h mac c rypto dyn amic -map O utside_ dyn _ map 10 set tran sf orm-set E S P -3 D E S -S H A c rypto dyn amic -map outside_ dyn _ map 10 set sec urity-assoc iation l if etime sec on ds 2 8 8 0 0 0 c rypto map O utside_ map 10 ipsec -isak mp dyn amic O utside_ dyn _ map c rypto map O utside_ map in terf ac e O utside c rypto isak mp en abl e O utside c rypto isak mp pol ic y 10 auth en tic ation pre-sh are en c ryption 3 des h ash sh a group 2 l if etime 8 640 0 c rypto isak mp n at-trav ersal 2 0 ! tun n el -group regus_ v pn type ipsec -ra tun n el -group regus_ v pn gen eral -attributes address-pool v pn pool tun n el -group regus_ v pn ipsec -attributes pre-sh ared-k ey < regus_ v pn _ k ey>

A SA V PN U sers

U s e r Ac c e s s

c isc o-as Al l N etw ork s inx Al l N etw ork s

ASA Static U s er C on f igu ration ! usern ame c isc o passw ord 6X mY w Q O O 9 tiY n U D N en c rypted usern ame in x passw ord 6X mY w Q O O 9 tiY n U D N en c rypted


91

Su m m a ry of D ra in Site D esign � Router B G P AS N = 14676 � S et a Router ID Manual l y to m atc h th e l oopb ac k address typic al l y � Announc e N etw ork s Via N etw ork S tatem ents and Route Maps to set c om m unity v al ues � P eer to th e AS N f or Lev el 3 MP LS Core (AS N 1) � U se MD5 Auth entic ation � S end/ rec iev e B G P S tandard Com m unities v ia send-c om m unity k eyw ord � Do not send P ub l ic Addresses to IX C router sinc e th ey w il l b e N AT’ted � Route Maps f or Com m unity setting w il l v ary:

If P riv ate Address S pac e, j ust set th e c om m unity to 14676:S iteN um b er O nl y If P ub l ic Address S pac e th at is f rag m ented b etw een Lev el 3 and S print spac e, set c om m unity to 14676:S iteN um b er pl us Drain P ref erenc e S etting . Th is m ust m atc h th e P E S etting s. H ig h l y S c al ab l e and F l exib l e B G P Desig n f or up to 3000 Reg us S ite routers c onnec ted to up to 8 Drain Loc ations in U S and/ or Canada Desig n B G P P eering f or Rem ote S ites F l exib l e Desig n to support Inter P rov ider MP LS P eering if nec essary S ym m etric al Routing w ith Central iz ed N AT F unc tion Initial P h ase of th e P roj ec t Requires 2 Data Centers and 3 Rem ote S ites to b e b roug h t onl ine b y end of J an 2008 Router B G P AS N = 14676 S et a Router ID Manual l y to m atc h th e l oopb ac k address typic al l y Eac h IX C w il l annouc e its / 21 B l oc k (or B l oc k s during interim ) P eer to th e AS N f or Lev el 3 IP Core (AS N 3356) U se MD5 Auth entic ation S end/ rec eiv e B G P S tandard Com m unities v ia send-c om m unity k eyw ord N o P riv ate addresses w il l b e l earned or announc ed Route Maps f or Com m unity setting w il l v ary: O nl y If P ub l ic Address S pac e th at is f rag m ented b etw een Lev el 3 and S print spac e, set c om m unity to 14676:S iteN um b er pl us Drain P ref erenc e S etting . Th is m ust m atc h th e P E S etting s. Maxim um P ref ix Enf orc ed


92


93

So f tw a r e R el ea ses

Cisc o rec om m ends th e f ol l ow ing sof tw are rel eases to b e used on th ese dev ic es. Sof tw are R eleas e T able Dev ic e Version F eature S et Im ag e N am e 3845 124(X )T 7201 124-4.X D8 7206 12.0(32)S 3560 12.2(40)S E IP B ase 3560G 12.2(40)S E IP B ase AS A 5550 7.2(3) 2811 12.4 Mainl ine


94

R o u ter T em p l a tes Th ese are onl y tem pl ates and does not al ig n w ith ph ysic al h ardw are l ayout present in th e Reg us routers. Th is is h ow ev er a g ood starting point and w il l require th at Reg us m ap interf ac e c onf ig urations to ph ysic al l oc ations. Y el l ow h ig h l ig h ts indic ate Data P oints th at need to b e m odif ied b ased on router l oc ation.

3 8 4 5 CE Rou ter T em p l a te router bgp 14676 n o syn c h ron iz ation bgp router-id < L oopbac k Address> bgp l og-n eigh bor-c h an ges n etw ork < l oc al n etw ork > mask < mask > route-map set_ regus_ c ommun ity n etw ork < publ ic n etw ork > mask < mask > route-map set_ publ ic _ c ommun ity n eigh bor < L ev el -3 P E > remote-as 1 n eigh bor < L ev el -3 P E > passw ord 7 10 5C 0 C 1E 10 0 4 n eigh bor < L ev el -3 P E > sen d-c ommun ity n eigh bor < L ev el -3 P E > distribute-l ist 50 in n eigh bor < L ev el -3 P E > maximum-pref ix 1 n o auto-summary ! ip route < priv ate n etw ork used abov e> N ul l 0 2 54 ip route < publ ic n etw ork used abov e> N ul l 0 2 54 ! ip bgp-c ommun ity n ew -f ormat ! ac c ess-l ist 10 permit 10 . 0 . 0 . 0 0 . 2 55. 2 55. 2 55 ac c ess-l ist 50 permit 0 . 0 . 0 . 0 ac c ess-l ist 66 permit 66. 2 0 2 . 0 . 0 . 2 55. 2 55 ! ! route-map set_ publ ic _ c ommun ity permit 10 matc h ip address 66 set c ommun ity 66:< D rain P ref 1> 67:< D rain P ref 2 > 14676:< S iteN umber> ! route-map set_ regus_ c ommun ity permit 10 matc h ip address 10 set c ommun ity 14676:< S iteN umber> !


95

7 20 1/ 7 20 6 D ra in CE Rou ter T em p l a te router bgp 14676 n o syn c h ron iz ation bgp router-id < l oopbac k 0 > bgp l og-n eigh bor-c h an ges n etw ork 0 . 0 . 0 . 0 n etw ork 10 . 2 3 1. 15. 2 48 mask 2 55. 2 55. 2 55. 2 52 n etw ork 66. 2 0 2 . 12 8 . 0 mask 2 55. 2 55. 2 52 . 0 route-map P R I M AR Y _ AGG n etw ork 66. 2 0 2 . 13 2 . 0 mask 2 55. 2 55. 2 52 . 0 route-map P R I M AR Y _ AGG n etw ork 66. 2 0 2 . 13 6. 0 mask 2 55. 2 55. 2 52 . 0 route-map P R I M AR Y _ AGG n etw ork 66. 2 0 2 . 140 . 0 mask 2 55. 2 55. 2 52 . 0 route-map P R I M AR Y _ AGG n etw ork 66. 2 0 2 . 144. 0 mask 2 55. 2 55. 2 52 . 0 route-map S E C O N D AR Y _ AGG n etw ork 66. 2 0 2 . 148 . 0 mask 2 55. 2 55. 2 52 . 0 route-map S E C O N D AR Y _ AGG n etw ork 66. 2 0 2 . 152 . 0 mask 2 55. 2 55. 2 52 . 0 route-map S E C O N D AR Y _ AGG n etw ork 66. 2 0 2 . 156. 0 mask 2 55. 2 55. 2 52 . 0 route-map S E C O N D AR Y _ AGG n etw ork 66. 2 0 2 . 160 . 0 mask 2 55. 2 55. 2 52 . 0 route-map P R I M AR Y _ AGG n etw ork 66. 2 0 2 . 164. 0 mask 2 55. 2 55. 2 52 . 0 route-map P R I M AR Y _ AGG n etw ork 66. 2 0 2 . 168 . 0 mask 2 55. 2 55. 2 52 . 0 route-map P R I M AR Y _ AGG n etw ork 66. 2 0 2 . 172 . 0 mask 2 55. 2 55. 2 52 . 0 route-map P R I M AR Y _ AGG n etw ork 66. 2 0 2 . 176. 0 mask 2 55. 2 55. 2 52 . 0 route-map S E C O N D AR Y _ AGG n etw ork 66. 2 0 2 . 18 0 . 0 mask 2 55. 2 55. 2 52 . 0 route-map S E C O N D AR Y _ AGG n etw ork 66. 2 0 2 . 18 4. 0 mask 2 55. 2 55. 2 52 . 0 route-map S E C O N D AR Y _ AGG n etw ork 66. 2 0 2 . 18 8 . 0 mask 2 55. 2 55. 2 52 . 0 route-map S E C O N D AR Y _ AGG n eigh bor < L ev el 3 P E > remote-as 1 n eigh bor < L ev el 3 P E > passw ord 7 0 3 3 65E 0 C 13 4B n eigh bor < L ev el 3 P E > sen d-c ommun ity n eigh bor < L ev el 3 P E > distribute-l ist 66 out n eigh bor < L ev el 3 P E > remote-as 14676 n eigh bor desc ription to D 1_ I X C n eigh bor n ext-h op-sel f n eigh bor sen d-c ommun ity n eigh bor w eigh t 6553 5 n eigh bor maximum-pref ix 1 def aul t-in f ormation origin ate n o auto-summary ac c ess-l ist 66 remark D E N Y _ AL L _ AGGR E GAT E S _ T O _ P E _ L I S T ac c ess-l ist 66 den y 66. 2 0 2 . 12 8 . 0 0 . 0 . 3 . 0 ac c ess-l ist 66 den y 66. 2 0 2 . 13 2 . 0 0 . 0 . 3 . 0 ac c ess-l ist 66 den y 66. 2 0 2 . 13 6. 0 0 . 0 . 3 . 0 ac c ess-l ist 66 den y 66. 2 0 2 . 140 . 0 0 . 0 . 3 . 0 ac c ess-l ist 66 den y 66. 2 0 2 . 144. 0 0 . 0 . 3 . 0 ac c ess-l ist 66 den y 66. 2 0 2 . 148 . 0 0 . 0 . 3 . 0 ac c ess-l ist 66 den y 66. 2 0 2 . 152 . 0 0 . 0 . 3 . 0 ac c ess-l ist 66 den y 66. 2 0 2 . 156. 0 0 . 0 . 3 . 0 ac c ess-l ist 66 den y 66. 2 0 2 . 160 . 0 0 . 0 . 3 . 0 ac c ess-l ist 66 den y 66. 2 0 2 . 164. 0 0 . 0 . 3 . 0 ac c ess-l ist 66 den y 66. 2 0 2 . 168 . 0 0 . 0 . 3 . 0 ac c ess-l ist 66 den y 66. 2 0 2 . 172 . 0 0 . 0 . 3 . 0 ac c ess-l ist 66 den y 66. 2 0 2 . 176. 0 0 . 0 . 3 . 0 ac c ess-l ist 66 den y 66. 2 0 2 . 18 0 . 0 0 . 0 . 3 . 0 ac c ess-l ist 66 den y 66. 2 0 2 . 18 4. 0 0 . 0 . 3 . 0 ac c ess-l ist 66 den y 66. 2 0 2 . 18 8 . 0 0 . 0 . 3 . 0 ac c ess-l ist 66 permit an y ac c ess-l ist 70 remark AGGR E GAT E _ AS _ P R E P E N D _ L I S T ac c ess-l ist 70 permit 66. 2 0 2 . 144. 0 0 . 0 . 3 . 0 ac c ess-l ist 70 permit 66. 2 0 2 . 148 . 0 0 . 0 . 3 . 0 ac c ess-l ist 70 permit 66. 2 0 2 . 152 . 0 0 . 0 . 3 . 0 ac c ess-l ist 70 permit 66. 2 0 2 . 156. 0 0 . 0 . 3 . 0 ac c ess-l ist 70 permit 66. 2 0 2 . 176. 0 0 . 0 . 3 . 0 ac c ess-l ist 70 permit 66. 2 0 2 . 18 0 . 0 0 . 0 . 3 . 0 ac c ess-l ist 70 permit 66. 2 0 2 . 18 4. 0 0 . 0 . 3 . 0 ac c ess-l ist 70 permit 66. 2 0 2 . 18 8 . 0 0 . 0 . 3 . 0 ac c ess-l ist 75 remark AGGR E GAT E _ AD V E R T I S E _ L I S T ac c ess-l ist 75 permit 66. 2 0 2 . 12 8 . 0 0 . 0 . 3 . 0 ac c ess-l ist 75 permit 66. 2 0 2 . 13 2 . 0 0 . 0 . 3 . 0 ac c ess-l ist 75 permit 66. 2 0 2 . 13 6. 0 0 . 0 . 3 . 0


96

ac c ess-l ist 75 permit 66. 2 0 2 . 140 . 0 0 . 0 . 3 . 0 ac c ess-l ist 75 permit 66. 2 0 2 . 160 . 0 0 . 0 . 3 . 0 ac c ess-l ist 75 permit 66. 2 0 2 . 164. 0 0 . 0 . 3 . 0 ac c ess-l ist 75 permit 66. 2 0 2 . 168 . 0 0 . 0 . 3 . 0 ac c ess-l ist 75 permit 66. 2 0 2 . 172 . 0 0 . 0 . 3 . 0 route-map P R I M AR Y _ AGG permit 10 desc ription S et L P ref / C omm f or P rimary( 66:1) Agg Adv ertisemen t desc ription * * * T h is is D rain # 1 * * * matc h ip address 75 set l oc al -pref eren c e 10 0 0 set c ommun ity 66:1 ! route-map S E C O N D AR Y _ AGG permit 10 desc ription S et L P ref / C omm f or P rimary( 67:1) Agg Adv ertisemen t desc ription * * * T h is is D rain # 1 * * * matc h ip address 70 set l oc al -pref eren c e 10 set c ommun ity 67:1 ip route 66. 2 0 2 . 12 8 . 0 2 55. 2 55. 2 52 . 0 N ul l 0 2 54 ip route 66. 2 0 2 . 13 2 . 0 2 55. 2 55. 2 52 . 0 N ul l 0 2 54 ip route 66. 2 0 2 . 13 6. 0 2 55. 2 55. 2 52 . 0 N ul l 0 2 54 ip route 66. 2 0 2 . 140 . 0 2 55. 2 55. 2 52 . 0 N ul l 0 2 54 ip route 66. 2 0 2 . 144. 0 2 55. 2 55. 2 52 . 0 N ul l 0 2 54 ip route 66. 2 0 2 . 148 . 0 2 55. 2 55. 2 52 . 0 N ul l 0 2 54 ip route 66. 2 0 2 . 152 . 0 2 55. 2 55. 2 52 . 0 N ul l 0 2 54 ip route 66. 2 0 2 . 156. 0 2 55. 2 55. 2 52 . 0 N ul l 0 2 54 ip route 66. 2 0 2 . 160 . 0 2 55. 2 55. 2 52 . 0 N ul l 0 2 54 ip route 66. 2 0 2 . 164. 0 2 55. 2 55. 2 52 . 0 N ul l 0 2 54 ip route 66. 2 0 2 . 168 . 0 2 55. 2 55. 2 52 . 0 N ul l 0 2 54 ip route 66. 2 0 2 . 172 . 0 2 55. 2 55. 2 52 . 0 N ul l 0 2 54 ip route 66. 2 0 2 . 176. 0 2 55. 2 55. 2 52 . 0 N ul l 0 2 54 ip route 66. 2 0 2 . 18 0 . 0 2 55. 2 55. 2 52 . 0 N ul l 0 2 54 ip route 66. 2 0 2 . 18 4. 0 2 55. 2 55. 2 52 . 0 N ul l 0 2 54 ip route 66. 2 0 2 . 18 8 . 0 2 55. 2 55. 2 52 . 0 N ul l 0 2 54 !

7 20 1/ 7 20 6 I X C Rou ter T em p l a te


97

router bgp 14676 n o syn c h ron iz ation bgp router-id < l oopbac k 0 > bgp l og-n eigh bor-c h an ges n eigh bor remote-as 14676 n eigh bor desc ription to D 1_ C E _ I B GP _ P E E R n eigh bor n ext-h op-sel f n eigh bor sen d-c ommun ity n eigh bor < L ev el 3 I n tern et> remote-as 3 3 56 n eigh bor < L ev el 3 I n tern et> desc ription to L 3 _ I X C _ P E E R n eigh bor < L ev el 3 I n tern et> passw ord regus n eigh bor < L ev el 3 I n tern et> distribute-l ist 50 in n eigh bor < L ev el 3 I n tern et> route-map d1_ pol ic y out n eigh bor < L ev el 3 I n tern et> maximum-pref ix 1 n o auto-summary ! ip route 2 55. 2 55. 2 55. 2 55 < f irew al l address> ! ip bgp-c ommun ity n ew -f ormat ip c ommun ity-l ist stan dard P R I M E permit 66:< mydrain n umber> ip c ommun ity-l ist stan dard S E C O N D AR Y permit 67:< mydrain n umber> ! n o ip h ttp serv er n o ip h ttp sec ure-serv er ! ac c ess-l ist 50 permit 0 . 0 . 0 . 0 ! ! ! route-map d1_ pol ic y permit 10 matc h c ommun ity P R I M E ! route-map d1_ pol ic y permit 2 0 matc h c ommun ity S E C O N D AR Y set as-path prepen d 14676 ! ! S ec urity B est P rac tic es n o ip domain -l ook up n o c dp run n o ip h ttp serv er n o ip sourc e-route n o serv ic e f in ger n o ip bootp serv er n o serv ic e pad n o serv ic e udp-smal l -serv er n o serv ic e tc p-smal l -serv er ! serv ic e tc p-k eepal iv es-in serv ic e tc p-k eepal iv es-out ! en abl e sec ret serv ic e passw ord-en c ryption ! ! O n al l in terf ac es n o ip redirec t n o ip direc ted-broadc ast n o ip proxy-arp


98

A SA 5 5 0 0 F irewa l l T em p l a te AS A V ersion 7. 2 ( 2 ) ! h ostn ame AS Aw AI P -C L I domain -n ame c orp. c om en abl e passw ord W w X Y v tK rn j X qGbu1 en c rypted n ames ! in terf ac e GigabitE th ern et0 / 0 n ameif O utside sec urity-l ev el 0 ip address 10 . 10 . 10 . 2 2 55. 2 55. 2 55. 0 ! in terf ac e GigabitE th ern et0 / 1 n ameif in side sec urity-l ev el 10 0 ip address 172 . 16. 1. 2 2 55. 2 55. 2 55. 0 ! in terf ac e GigabitE th ern et0 / 2 sh utdow n n o n ameif n o sec urity-l ev el n o ip address ! in terf ac e GigabitE th ern et0 / 3 sh utdow n n o n ameif n o sec urity-l ev el n o ip address ! in terf ac e M an agemen t0 / 0 sh utdow n n o n ameif n o sec urity-l ev el n o ip address ! passw d 2 K F Q n bN I dI . 2 K Y O U en c rypted f tp mode passiv e dn s serv er-group D ef aul tD N S domain -n ame c orp. c om pager l in es 2 4 mtu O utside 150 0 mtu in side 150 0 ip l oc al pool v pn pool 172 . 16. 1. 10 0 -172 . 16. 1. 19 9 mask 2 55. 2 55. 2 55. 0 n o f ail ov er ic mp un reac h abl e rate-l imit 1 burst-siz e 1 n o asdm h istory en abl e arp timeout 1440 0 timeout xl ate 3 :0 0 :0 0 timeout c on n 1:0 0 :0 0 h al f -c l osed 0 :10 :0 0 udp 0 :0 2 :0 0 ic mp 0 :0 0 :0 2 timeout sun rpc 0 :10 :0 0 h 3 2 3 0 :0 5:0 0 h 2 2 5 1:0 0 :0 0 mgc p 0 :0 5:0 0 mgc p-pat 0 :0 5:0 0 timeout sip 0 :3 0 :0 0 sip_ media 0 :0 2 :0 0 sip-in v ite 0 :0 3 :0 0 sip-disc on n ec t 0 :0 2 :0 0 timeout uauth 0 :0 5:0 0 absol ute group-pol ic y h il l v al l eyv pn 1 in tern al group-pol ic y h il l v al l eyv pn 1 attributes dn s-serv er v al ue 172 . 16. 1. 11 v pn -tun n el -protoc ol I P S ec def aul t-domain v al ue test. c om usern ame marty passw ord 6X mY w Q O O 9 tiY n U D N en c rypted n o sn mp-serv er l oc ation n o sn mp-serv er c on tac t sn mp-serv er en abl e traps sn mp auth en tic ation l in k up l in k dow n c ol dstart c rypto ipsec tran sf orm-set E S P -3 D E S -S H A esp-3 des esp-sh a-h mac c rypto dyn amic -map O utside_ dyn _ map 10 set tran sf orm-set E S P -3 D E S -S H A c rypto dyn amic -map outside_ dyn _ map 10 set sec urity-assoc iation l if etime sec on ds 2 8 8 0 0 0 c rypto map O utside_ map 10 ipsec -isak mp dyn amic O utside_ dyn _ map c rypto map O utside_ map in terf ac e O utside


99

c rypto isak mp en abl e O utside c rypto isak mp pol ic y 10 auth en tic ation pre-sh are en c ryption 3 des h ash sh a group 2 l if etime 8 640 0 c rypto isak mp n at-trav ersal 2 0 tun n el -group h il l v al l eyv pn type ipsec -ra tun n el -group h il l v al l eyv pn gen eral -attributes address-pool v pn pool tun n el -group h il l v al l eyv pn ipsec -attributes pre-sh ared-k ey * tel n et timeout 5 ssh timeout 5 c on sol e timeout 0 ! c l ass-map in spec tion _ def aul t matc h def aul t-in spec tion -traf f ic ! ! pol ic y-map type in spec t dn s preset_ dn s_ map parameters message-l en gth maximum 512 pol ic y-map gl obal _ pol ic y c l ass in spec tion _ def aul t in spec t dn s preset_ dn s_ map in spec t f tp in spec t h 3 2 3 h 2 2 5 in spec t h 3 2 3 ras in spec t n etbios in spec t rsh in spec t rtsp in spec t sk in n y in spec t esmtp in spec t sql n et in spec t sun rpc in spec t tf tp in spec t sip in spec t xdmc p ! gl obal ( sf o-ixc -0 1) 19 9 9 66. 2 0 2 . 18 4. 17 n etmask 2 55. 2 55. 2 55. 2 48 gl obal ( sf o-ixc -0 1) 79 9 1 66. 2 0 2 . 168 . 2 49 n etmask 2 55. 2 55. 2 55. 2 48 n at ( sf o-dc e-72 0 1) 19 9 9 10 . 2 3 1. 2 4. 0 2 55. 2 55. 2 55. 0 n at ( sf o-dc e-72 0 1) 79 9 1 10 . 2 3 1. 3 2 . 0 2 55. 2 55. 2 55. 0 n at ( sf o-dc e-72 0 1) 79 9 1 10 . 12 2 . 2 3 2 . 0 2 55. 2 55. 2 48 . 0 n at ( sf o-dc e-72 0 1) 19 9 9 172 . 2 3 . 168 . 0 2 55. 2 55. 2 48 . 0 n at ( sf o-dc e-72 0 1) 19 9 9 10 . 13 9 . 3 2 . 0 2 55. 2 55. 2 40 . 0 serv ic e-pol ic y gl obal _ pol ic y gl obal prompt h ostn ame c on text C ryptoc h ec k sum:0 f 78 ee7ef 3 c 19 6a68 3 ae7a48 0 4c e119 2 : en d


1 0 0

3 5 6 0 -R Switch T em p l a te (Site) 3 5 6 0 Switch T em p l a te (Site) 3 5 6 0 Switch T em p l a te (D a ta Center) 3 5 6 0 Rou ter T em p l a te (PO P)


1 0 1

A p p en d ix A

R eg u s I nt erim I P T Sit e L ist

D a ta Center Cinc innati S ite P roj ec t Mg r: J osh Duerst IP Address Rang e: G l ue Link s:

PO P S an F ranc isc o S ite P roj ec t Mg r: J osh Duerst

Site # 19 9 9 Dal l as, Texas – Corporate O f f ic e (DALCO RP ) 15305 Dal l as P ark w ay S uite 1400 Addison Dal l as, 75001 U nited S tates Main Tel : + 1 972 361-8100 IP Address Rang e: G l ue Link s:

Site # 9 9 1 G l endal e, WI


1 0 2


1 0 3

A p p en d ix B

H ardw are B il l o f M at erial s

Th e f ol l ow ing h ardw are is b eing depl oyed at th e Reg us Drain Loc ations.

ATL Data Center U nif ie d C o m m u nic at io ns M anag e r C l u s t e r C AL L M AN AG E R -5. 1 T o p L e v e l P a r t N u m b e r U s e d I n O r d e r i n g T o o l 6 M C S7845H 2-K 9 -C M A2 H W / SW C a l l M g r 5. 1 7845-H 2 Ap p l i a n c e , 0 Se a t s 6 C AB -AC P o w e r C o r d , 110 V 6 C U O M SM -E V AL -K 9 C i s c o U n i f i e d O p e r a t i o n s M g r An d Se r v i c e M o n i t o r E v a l C D 6 SW -C U P 6. 0 -K 9 P U n i f i e d P r e s e n c e 6. 0 So f t w a r e - a v a i l a b l e w i t h C C M 6 U C C X -45-C M -B U N D L E 5 Se a t I P C C X E N H C C M B u n d l e - AV AI L AB L E O N L Y W I T H C C M 6 L I C -C M 5. 1-7845= L i c e n s e C a l l M g r 5. 1 7845 Ap p l i a n c e , 5, 0 0 0 s e a t 6 U nif ie d C o m m u nic at io ns M anag e r - H ard w are and S o f t w are S u p p o rt ( 5 y e ars ) C O N -O SP -45H 2C M A2 O N SI T E 24X 7X 4 C a l l M g r 5. 1 7845-H 2 Ap p l i a n c e , 0 Se a t s 30 C O N -E SW -C M 517845 E SSE N T I AL SW L i c e n s e C a l l M g r 5. 1 7845 Ap p , 5, 0 0 0 s e a t 30 U nit y V o ic e m ail w it h F ail o v e r - 19 2 P o rt s U N I T Y -B U N D L E U n i t y B u n d l e 2 U N I T Y -4. X U n i t y 4. X 2 U N I T Y -I P U n i t y f o r C a l l M a n a g e r , I P O n l y I n t e g r a t i o n s 2 U N I T Y -E X C H AN G E U n i t y f o r E x c h a n g e 2 U N I T Y -D S-E N G U n i t y D a t a St o r e - i n E n g l i s h 2 U N I T Y -M S-E N G U n i t y M e s s a g e St o r e i n E n g l i s h . N o t r e q u i r e d f o r D o m i n o . 2 U N I T Y 4. X -SL -M AX U n i t y s e r v e r l i c e n s e f o r V M o r U M . I n c l 9 6 s e s s i o n s . N o T T S. 2 U N I T Y -V M -U SR O n e U n i t y V M U s e r 2 U N I T Y -C L -U SR O n e I M AP C l i e n t Ac c e s s u s e r l i c e n s e ( p r o m o p r i c e ) 2 U N I T Y -AD D L -L AN G Su p p o r t f o r a n a d d i t i o n a l l a n g u a g e . M a y o r d e r u p t o 17. 2 U N I T Y -D AT A-ST O R E U n i t y D a t a St o r e , r e q u i r e d f o r > 32 s e s s i o n s - P e r P r o c e s s o r 2 U N I T Y -L I C -P O O L U n i t y P o o l e d L i c e n s e ( l e t s m u l t i p l e s e r v e r s s h a r e u s e r s ) 2 U N I T Y -F O SV R -33-9 6 U n i t y F a i l o v e r Se r v e r -33-9 6 P o r t s 2 M C S-7845-H 2-E C S1 M C S-7845-H 2; R a c k ; V M -8H D D ; SAS R AI D ; 2-C P U ; 4G B 7 U N I T Y -SY SD I SK U n i t y O p e r a t i n g Sy s t e m 20 0 3 7 U N I T Y -P W R -U S P o w e r C o r d - U S, C a n , M e x , P R , P h i l , V e n , T a i , C o l , E c u 7 U nit y V o ic e m ail - H ard w are and S o f t w are S u p p o rt ( 1 y e ar) C O N -O SP -U N I T Y 4X O N SI T E 24X 7X 4 T o p L v l U n i t y 4. X -s e e i n d i v c o m p e n t s 1


1 0 4

C O N -O SP -U N I T Y - I P O N SI T E 24X 7X 4 U n i t y f o r C a l l M a n a g e r - T o p L e v e l 1 C O N -O SP -45H 2E C S1

O N SI T E 24X 7X 4 M C S7845H 2 R a c k V M 6D D SAS R a i d 2C P U 4G B 35

C O N -E SW -U N I T Y 4X E SSE N T I AL SW T o p L v l U n i t y 4. X -s e e i n d i v c o m p e n t s 1 C O N -E SW -U N I T Y -I P E SSE N T I AL SW U n i t y f o r C a l l M a n a g e r - T o p L e v e l 1 C O N -E SW -U N I 4X SL M E SSE N T I AL SW U n i t y Sv r L i c f o r V M o r U M 72 Se s s i o n s 1 3845 I nt e g rat e d S e rv ic e s R o u t e r ( U nit y O u t d ial ) C 3845-V SE C / K 9 3845 V o i c e Se c u r i t y B u n d l e , P V D M 2-64, Ad v I P Se r v , 128F / 512D 1 C AB -AC P o w e r C o r d , 110 V 2 P W R -3845-AC / 2 C i s c o 3845 r e d u n d a n t AC p o w e r s u p p l y 1 M E M 380 0 -512U 10 24D 512 t o 10 24M B D R AM f a c t o r y u p g r a d e f o r 380 0 V SE C 1 M E M 380 0 -128U 512C F 128 t o 512M B C o m p a c t F l a s h f a c t o r y u p g r a d e f o r 380 0 Se r i e s 1 P V D M 2-64 64-C h a n n e l P a c k e t V o i c e / F a x D SP M o d u l e 2 V W I C 2-2M F T -T 1/ E 1 2-P o r t R J -48 M u l t i f l e x V o i c e / W AN T r u n k - T 1/ E 1 2 S384AI SK 9 -1240 3 C i s c o 3845 AD V AN C E D I P SE R V I C E S 1 P W R -3845-AC C i s c o 3845 AC p o w e r s u p p l y 1 R O U T E R -SD M D e v i c e m a n a g e r f o r r o u t e r s 1 P V D M 2-64 64-C h a n n e l P a c k e t V o i c e / F a x D SP M o d u l e 1 3845 I nt e g rat e d S e rv ic e s R o u t e r - H ard w are and S o f t w are S u p p o rt ( 5 y e ars ) C O N -O SP -3845V K 9 O N SI T E 24X 7X 4 3845 V o i c e B u n d l e , P V 5 Dat a C e nt e r S w it c h W S-C 3560 G -24T -S C a t a l y s t 3650 24 10 / 10 0 / 10 0 0 T 2 C AB -AC P o w e r C o r d , 110 V 2 G ig ab it E t h e rne t S w it c h - H ard w are and S o f t w are S u p p o rt ( 5 y e ars ) CO N-O SP -356 0G T S O NSI T E 24X 7 X 4 Ca t 356 0 24 10/ 100/ 1000T + 4 SF P St 10 G atew ay R o u ters ( 2 p er I nternet Drai n - 2 to tal Drai ns ) 720 6V X R / N P E -G 2 720 6V X R w i t h N P E -G 2 i n c l u d e s 3G i g E / F E / E P o r t s a n d I P SW 2 P W R -720 0 C i s c o 720 0 AC P o w e r Su p p l y O p t i o n 2 P W R -720 0 / 2 C i s c o 720 0 R e d u n d a n t AC P o w e r Su p p l y O p t i o n ( 280 W ) 2 C AB -AC P o w e r C o r d , 110 V 4 S72P C -12231SB C i s c o 720 0 N P E G 2/ 720 1 I O S Se r i e s I P P L U S 2 M E M -N P E -G 2-2G B 720 0 Se r i e s N P E -G 2 2G B M e m o r y , Sy s t e m 2 SF P -G E -S 10 0 0 B ASE -SX SF P ( D O M ) 2 N P E -G 2 720 0 s e r i e s N P E -G 2 e n g i n e w i t h 3 G E / F E / E p o r t s 2 M E M -N P E -G 2-F L D 256 C i s c o 720 0 C o m p a c t F l a s h D i s k f o r N P E -G 2, 256 M B 2 G at e w ay R o u t e rs - H ard w are S u p p o rt ( 5 y e ars ) C O N -O SP -720 6V X R N O N SI T E 24X 7X 4 720 6V X R w i t h N P E -G 2 10 A d ap t iv e S e c u rit y A p p l ianc e ( F ire w al l - 1 p e r I nt e rne t Drain - 2 Drains ) ASA5550 -B U N -K 9 ASA 5550 Ap p l i a n c e w i t h SW , H A, 8G E + 1F E , 3D E S/ AE S 1 C AB -AC P o w e r C o r d , 110 V 1 SF -ASA-8. 0 -K 8 ASA 550 0 Se r i e s So f t w a r e v 8. 0 1 ASA550 0 -E N C R -K 9 ASA 550 0 St r o n g E n c r y p t i o n L i c e n s e ( 3D E S/ AE S) 1 SSM -4G E -I N C SSM -4G E e m b e d d e d w i t h i n ASA 5550 s y s t e m s 1 ASA-V P N -C L N T -K 9 C i s c o V P N C l i e n t So f t w a r e ( W i n d o w s , So l a r i s , L i n u x , M a c ) 1 ASA-180 W -P W R -AC ASA 180 W AC P o w e r Su p p l y 1 ASA-AN Y C O N N -C SD -K 9 ASA 550 0 An y C o n n e c t C l i e n t + C i s c o Se c u r i t y D e s k t o p So f t w a r e 1 A d ap t iv e S e c u rit y A p p l ianc e - H ard w are and S o f t w are S u p p o rt ( 5 y e ars ) C O N -O SP -AS5550 B O N SI T E 24X 7X 4 ASA5550 w / SW , H A, 8G E + 1F E , 3D E S/ AE S 5 R e m o t e A c c e s s S e rv e r ( f o r re m o t e o u t -o f -b and m anag e m e nt / d iag no s t ic s ) C I SC O 2811-16T S 2811 w / H W I C -16A a n d 2 C AB -H D 8-ASY N C T e r m i n a l Se r v e r 1


1 0 5

B u n d l e C AB -AC P o w e r C o r d , 110 V 1 S28N I P B -1240 7 C i s c o 280 0 I P B ASE W / O C R Y P T O 1 C AB -H D 8-ASY N C H i g h D e n s i t y 8-p o r t E I A-232 As y n c C a b l e 2 P W R -2811-AC C i s c o 2811 AC p o w e r s u p p l y 1 R O U T E R -SD M D e v i c e m a n a g e r f o r r o u t e r s 1 M E M 280 0 -256D -I N C 256M B D D R D R AM M e m o r y f a c t o r y d e f a u l t f o r t h e C i s c o 280 0 1 M E M 280 0 -64C F -I N C 64M B C F d e f a u l t f o r C i s c o 280 0 Se r i e s 1 H W I C -16A 16-P o r t As y n c H W I C 1

S F O Data Center Dat a C e nt e r S w it c h W S-C 3560 G -24T -S C a t a l y s t 3650 24 10 / 10 0 / 10 0 0 T 1 C AB -AC P o w e r C o r d , 110 V 1 G ig ab it E t h e rne t S w it c h - H ard w are and S o f t w are S u p p o rt ( 5 y e ars ) CO N-O SP -356 0G T S O NSI T E 24X 7 X 4 Ca t 356 0 24 10/ 100/ 1000T + 4 SF P St 5 G atew ay R o u ters ( 2 p er I nternet Drai n - 2 to tal Drai ns ) CI SCO 7 201 Cisco 7 201 Ch a ssis, 1G B M em ory , Du a l P / S, 256 M B F l a sh 2 P W R -7 201-AC Cisco 7 201 AC P ower Su p p l y op tion Sy stem 4 CAB-AC P ower Cord, 110V 4 S7 2P C-12231SB Cisco 7 200P I O S Series I P P LU S 4 M EM -7 201-2G B Cisco 7 201 2G B M em ory op tion 2 SF P -G E -S 10 0 0 B ASE -SX SF P ( D O M ) 1 M EM -7 201-F LD256 Cisco 7 201 Com p a ct F l a sh Disk, 256 M B Sy stem 2 G at e w ay R o u t e rs - H ard w are S u p p o rt ( 5 y e ars ) CO N-O SP -CI SC7 201 O NSI T E 24X 7 X 4 7 201 Ch a ssis, 1G B m em du a l P / S 256 m b f l sh 10 A d ap t iv e S e c u rit y A p p l ianc e ( F ire w al l - 1 p e r I nt e rne t Drain - 2 Drains ) ASA5550 -B U N -K 9 ASA 5550 Ap p l i a n c e w i t h SW , H A, 8G E + 1F E , 3D E S/ AE S 1 C AB -AC P o w e r C o r d , 110 V 1 SF -ASA-8. 0 -K 8 ASA 550 0 Se r i e s So f t w a r e v 8. 0 1 ASA550 0 -E N C R -K 9 ASA 550 0 St r o n g E n c r y p t i o n L i c e n s e ( 3D E S/ AE S) 1 SSM -4G E -I N C SSM -4G E e m b e d d e d w i t h i n ASA 5550 s y s t e m s 1 ASA-V P N -C L N T -K 9 C i s c o V P N C l i e n t So f t w a r e ( W i n d o w s , So l a r i s , L i n u x , M a c ) 1 ASA-180 W -P W R -AC ASA 180 W AC P o w e r Su p p l y 1 ASA-AN Y C O N N -C SD -K 9 ASA 550 0 An y C o n n e c t C l i e n t + C i s c o Se c u r i t y D e s k t o p So f t w a r e 1 A d ap t iv e S e c u rit y A p p l ianc e - H ard w are and S o f t w are S u p p o rt ( 5 y e ars ) C O N -O SP -AS5550 B O N SI T E 24X 7X 4 ASA5550 w / SW , H A, 8G E + 1F E , 3D E S/ AE S 5 R e m o t e A c c e s s S e rv e r ( f o r re m o t e o u t -o f -b and m anag e m e nt / d iag no s t ic s )

C I SC O 2811-16T S 2811 w / H W I C -16A a n d 2 C AB -H D 8-ASY N C T e r m i n a l Se r v e r B u n d l e 1

C AB -AC P o w e r C o r d , 110 V 1 S28N I P B -1240 7 C i s c o 280 0 I P B ASE W / O C R Y P T O 1 C AB -H D 8-ASY N C H i g h D e n s i t y 8-p o r t E I A-232 As y n c C a b l e 2 P W R -2811-AC C i s c o 2811 AC p o w e r s u p p l y 1 R O U T E R -SD M D e v i c e m a n a g e r f o r r o u t e r s 1 M E M 280 0 -256D -I N C 256M B D D R D R AM M e m o r y f a c t o r y d e f a u l t f o r t h e C i s c o 280 0 1 M E M 280 0 -64C F -I N C 64M B C F d e f a u l t f o r C i s c o 280 0 Se r i e s 1 H W I C -16A 16-P o r t As y n c H W I C 1


1 0 6

G l o ssa r y

Th is sec tion prov ides def initions f or term s and ac ronym s used in th is doc um ent. S uppl y f rom Detail ed Desig n Doc um ent.

T erm or Acrony m Def inition P E P rovider Edge R ou ter owned b y Level -3 Dra in I nternet p eering l oca tion (u p to 8 Level -3 U S l oca tions

consisting of Dra in CE, P E a nd I X C R ou ter)

CE Cu stom er Edge R ou ter owned b y R egu s

CE –Non Dra in P E Sta nda rd M P LS P E th a t wil l receive a p rim a ry a nd seconda ry def a u l t f rom p rim a ry a nd seconda ry dra in

Dra in P E p eers to Dra in CE Dra in CE Cu stom er Edge R ou ter a t Dra in Loca tion owned b y R egu s –

p eers to Dra in P E BG P Border G a tewa y P rotocol EI G R P Enh a nced I nterior G a tewa y R ou ting P rotocol Dra in I X C R ou ter P eers to Level -3 I nternet R ou ter

Corporate Headquarters E uropean Headquarters A m eri c as Headquarters A si a P ac i f i c Headquarters


1 0 7

C i s c o S y s t e m s , I n c . 1 7 0 W e s t T a s m a n D r i v e S a n J o s e , C A 9 5 1 3 4 -1 7 0 6 U S A w w w . c i s c o . c o m T e l : 4 0 8 5 2 6 -4 0 0 0 8 0 0 5 5 3 -N E T S ( 6 3 8 7 ) F a x : 4 0 8 5 2 6 -4 1 0 0

C i s c o S y s t e m s E u r o p e 1 1 R u e C a m i l l e D e s m o u l i n s 9 2 7 8 2 I s s y -L e s -M o u l i n e a u x C e d e x 9 F r a n c e w w w -e u r o p e . c i s c o . c o m T e l : 3 3 1 5 8 0 4 6 0 0 0 F a x : 3 3 1 5 8 0 4 6 1 0 0

C i s c o S y s t e m s , I n c . 1 7 0 W e s t T a s m a n D r i v e S a n J o s e , C A 9 5 1 3 4 -1 7 0 6 U S A w w w . c i s c o . c o m T e l : 4 0 8 5 2 6 -7 6 6 0 F a x : 4 0 8 5 2 7 -0 8 8 3

C i s c o S y s t e m s A u s t r a l i a , P t y . , L t d L e v e l 9 , 8 0 P a c i f i c H i g h w a y P . O . B o x 4 6 9 N o r t h S y d n e y N S W 2 0 6 0 A u s t r a l i a w w w . c i s c o . c o m T e l : + 6 1 2 8 4 4 8 7 1 0 0 F a x : + 6 1 2 9 9 5 7 4 3 5 0

C i s c o S y s t e m s h a s m o r e t h a n 2 0 0 o f f i c e s i n t h e f o l l o w i n g c o u n t r i e s a n d r e g i o n s . A d d r e s s e s , p h o n e n u m b e r s , a n d f a x n u m b e r s l i s t e d o n

C i s c o W e b s i t e a t w w w .c i s c o .c o m / g o / o f f i c e s .

Argentina • Australia • Austria • Belgium • Brazil • Bulgaria • Canad a • Ch ile • Ch ina • Co lo mb ia • Co sta R ic a • Cro atia • Czec h R ep ub lic D enmark • D ub ai, U AE F inland • F ranc e • G ermany • G reec e • H o ng K o ng S AR • H ungary • I nd ia • I nd o nesia • I reland • I srael • I taly • J ap an • K o rea • L ux emb o urg

• M alay sia • M ex ic o • T h e N eth erland s • N ew Z ealand • N o rw ay • P eru • P h ilip p ines • P o land • P o rtugal • P uerto R ic o • R o mania • R ussia • S aud i Arab ia • S ingap o re • S lo v ak ia • S lo v enia S o uth Af ric a • S p ain • S w ed en • S w itzerland • T aiw an • T h ailand • T urk ey • U k raine • U nited K ingd o m • U nited S tates • V enezuela • V ietnam • Z imb ab w e

Documents

Draft - Layer 3 LLD