Académique Documents
Professionnel Documents
Culture Documents
Packet Magazine
CISCO SYSTEMS USERS MAGAZINE
PACKET MAGAZINE
Packet Magazine
!"
! "#
$ %
() &
'# ((#)*
#
$% Infrastructure &$
!"
()+*
, +
*
" $ '$( )
999/9
,
28 . 1, !, #
-
). )% &#('"*
!
&## #$
! !" 10330 )*/! $ +# *
#()* &
&('
+,
! &-
)0+++#)*& " #
$ % Service Provider &-
1)$
-+)*! 1
'#**
! &( & * &#++
* +,
!
PACKET MAGAZINE #
$
%
%2 % (#&
&#('"*&*'
() #**
! +! * +%
.(
!
&%&/
!
1
1. +! ! +2#/01 managed service
!
0
- 3%1 +0)%$(1(&-
&
'()
*
+
)
- !4
- '
5
6* &
(:;-) + '
5
$
% Byond Speeds + Feeds &-#
$%$"
=
()
' -+)*
)0 Cover Story (## * &
&'
$!
&*
345%
(>
*? *
)*
/ # "6 ',+
+*&7)
345%$"6
/+
(-+)* ) % "!
3 4 5% 8
%!
+), *
#$*$
!#
"
!"8
&*
!
)0 Feature (#%
#10 #4$
#$$1$"'
345%
4/(
#**
!
!& * 9',+
?
* &
03
'' ! 9 (Tunnel)
&', ./ + + !7%+ 8 , !'$
%==>9 &
*+ 8 (
Encapsulation)
%==>%+
/$79+?'' *%
%+ ' , %, * !!%+ *$
0#@CD 9 (CE H Customer Edge) *$0#@CD 9
(PE- Provider Edge) %+ 7**$%==>9
%==> + ! "#$ !'*$
!
'
# $
/ %==>9.
03
,
9
7 Label Distribution Protocol (LDP) Sig- IPsec, L2TP *$ SSL/TLS # IPSec VPN
naling
7.*%
+ 8 Virtual Circuit (VC) *$ L2TP VPN (%+&039' )
Label %+**$%==> 2 J.+, 9
$&J=*
',/
Last-Mile =%+',9 !9J J.+
+ 7.%,
8 <,%92,,+ 9%+2,
#$'
, L2TPv3 #,J*%+
,8 *$ KSession IDM *$/ , %9 ==>
SSL VPN (:<J!
WebVPN)
2 9,
=9 * #$%+ VPWS 7 &'
'
$&
VPN
+ * Point-to-Point ,/ Virtual $
',/ *$,&J=*
03;<
Private LAN Service (VPLS) *$ IP-Only LAN Ser- %,/& Access Control %+*,
vice (IPLS) VPN $792
,+ * '
#,
/
!9J7.
Multipoint (Any-to-Any) J.+ VPLS *$ IPLS $;, <,%
+'&'%+
&'0%!! MPLS, L2TPv3 '
J *$+ % 9
IEEE 802.1Q + Ethernet *$
IP *,2', SSL 79,
9 !''90$;
' (Digital Certificate) *$
Layer 3 Site-to-Site VPN H
*/
9#9 (Integrity Check) *$,<
+ !?*$ 8 7%+9
,9 (Confidentiality) '
'
, J.+ 0#9
/ $' !' %0 !'
5*
,
*''
*$03
%+ 0# , (Secret Key)
PE %+ %==>9 !'#
*''?''& + SSL VPN + $
!9J,
%+
,,&
/ $'./
-
BGP/MPLS IP VPN J.+ ./ ,q IETF RFC ,%*+ , #, %/ 2
4364 (
/ + RFC 2547bis) 03%!!
&'
*,'%+977.&'
3 %+ 9
,039 ',
J.+ !'#'+ %+ %"7.
0# PE $%*$=
''% 9 *$+ 8 J.+ IPSec VPN
2
,* $
*, % 9 8 %+
9%7.%,% &'
&
9,/ $&', 0$;
0 # PE % J Policy '8 ./
03;< &
%,
+ 7.,!' Multiprotocol Border Gateway Pro- #%+ 9 7.%,
%+ Clientless VPN
tocol (MP-BGP) *$*%
8 BGP & ,
J$'
!
'&J=*
**$*''0J
%,/% 9 + *&' *$
7. %,
9* $
K90*M
9 IPSec VPN 0
% Layer 3 Site-to-Site VPN 2
,<,%%+%,/ SSL VPN *$ IPSec VPN
BGP/MPLS VPN *
, %!! Virtual
'
, :,#
J!
Router VPN J.+ , 2
' IETF ~,
.+ VPN 3000 Series Concentrator *$ Cisco ASA
%+ +
KNetwork based IP VPN Architecture us- 5500 Series Adaptive Security Appliance %+ - ,
ing Virtual RoutersM (cisco.com/packet/182_4b1) '$7%
&'%,/* !'
#/ , 8 $%2*$ ~$ ASA 5500 Seiries %+
*
,
0# PE 2
,* $
*$* $, &=
$0I, (IPS) *$
$ Instance !!03
*/&
,0#'
'
?
Remote Access VPN Site-to-Site VPN %+ 9 ,'$&',
!!*$%!! 8 %+ 03 '
=>&
0# CE &=
7 ! * J
,/ 0$'
J% J.+ #/ !
CHALK TALK
DESIGN STRATEGY
? !"#$%
&
'"(
)*'
'
+
+'
',&
ÈÙ
!" #$ %
&' )
*+,
$
-". #
/
! +
&
*0
#% !"+
/
9
!" + #
+, ('A
&
) &53&
2+&3
*
&
7#8 *
!"4
&"!
0
/
+, *C*1
+,
3#3+!1
?
1 !1 ! & 2!
*. /
/
!! !"!"2+&3
34 !"
+,% 3++#5"% *8 %3*
+
73 !"+-1
#% -" 3!" **.
4$3
+,# D& #& !" ! *& 2& -1 #
37
&
*6#&
&
7 !"
+,7 *973 !"!
+
-1
*
!
#
7**.
*/
5 5" 8 ! 9!
*!#%!1: "#
$%$ &
!
5
, + &3,*$ !" 4
8
%
!
#
0 49
(Load Balancing)
+, #
30-&3
*
<
* #7
0
+,3*
/
8 -"
$
534&'
*+,#8 !"
+,
# 5" !"
+,3*%*2, 9
!"
* 9&2! !" *4
5
, + 3
# $.5" 51 !" % 0-& 51 !"
!"7=33+ 5"3&#&9#
8 Instance
* Firewall Services Module (FWSM)
% !1 # &+,
!1$3*0 /
FWSM !" # -" *3 Cisco VPN/
!" $"%& Security Management Solution (CiscoWorks VMS)
'( F 9 " %
/
3 #0- %0*9
1 3*
&' ' !"
*3*33*
34
0-%9
3 Catalyst
*&'#8 3*% !" (5 6500 Supervisor Engine ,! CSM # Supervi-
!"&,!) /
#8 !"97 sor Engine 07 0*'A &
) 3*1 ,#*
& $# (Untrusted) /
(Trusted)
F 5"!
3 ,* !" Aggregation-Layer
* Access-Layer
$#& !" 53&9
-" 3*% &3, Trusted Zone
# 5 !" *3%9
+ #3* 4%
-1 951 )
!" 53& 31
4"3*0 #%
 Catalyst
0- $#& -" (7 %'
/
3*-
&' CSM
CSM $3*9
4"
3 *71 4 % Core-Layer, 1%$&'#8 -"0&"!
Aggregation-Layer
* Access-Layer 9 !" & 7-" #%
&
7&' %,!
#8 $#& 7 #9
%'
5 34
SSL 3*3% Aggregation-Layer
<,*!1 4/
!
9
5
<,*!1 ''A !"&"3$&'-
#
*
Aggregation Switch 1 Access %
&
7&'3*%9
Switch !"75"# Aggregation Switch 3*
-"3*!1
&
7&'34
Aggregation Module -"
/
##&#)
&' 5"& 3
$ 4% !&" Aggregation Module
5#. 7
* CSM $3*9
4"
75" #
Core Switch 3
17
3*79
&&2
1 !1 ! Y4
5" ''A%
Catalyst 6500 Switch 4&9
9
+ 8 /& -"
*
!" &' 0-&%'
<,* 75" #%!#0+% !:1
/
9
#8 9
&# Multilayer Switch Feature
#; Aggregation Switch # 5 virtual 0.0.0.0 0.0.0.0 any
#
% Aggregation Switch $# ! serverfarm ROUTE
4 -"+ Cisco Hot Standby persistent rebalance
Routing Protocol (HSRP) Catalyst 6500 Series inservice
4'=7#&/&0%09 !
3#% # !"% !"#
3!1 CSM
* FWSM +,
*#%
5
'A 7 !"! 3 MSFC
* Stateful 3- 40*3# Aggregation Switch:
-"% !#-" 334
# CSM
*
FWSM
%%5" 4 !"#5" # MSFC SVI
!" 1
!'
## CSM
5 HSRP Group !
IP Catalyst 6513 MSFC VLAN 16 interface Vlan16
ip address 10.16.1.2 255.255.255.0
%& '
standby 16 ip 10.16.1.1
#%
'A 7 CSM !"74 standby 16 priority 150
#!1:
()#*+ !" ,
!
1 !1 #<
module ContentSwitchingModule 3 !"%'
!"#$ Self-Tunnel
';/%1. ;
/:% CUST1 <
(Redundant Path)
!%
/:
+'//&*
!
"#$
!!%&! 2%,' ISP1 /:% ISP2 /
'
*+! %,"#$-.
%&!& %,"#$/
%1.*'9-.
%&!&'% L9
'%/& 0
* HSRP (Hot ';1.-0&/
1/
*+
Standby Router Protocol) /&1% *2/
:2& CUST1
9
+
%1 ISP1
*301%
4 ! Cisco IOS Software & ; ISP2 ';
:?
'
12.3 !9, /: Object Tracking for Reliable <!*% track
Static Routing Backup + Tunneling (3*
%1!.) ;/
(<.1
)
Self-Tunnel
%1.;;/' :#=/&
+ *;& := # !
! ;
*30 IOS 3 12.3 9 !&*301%
**
MSelf-TunnelQ (> 2) 9 Self-
&%%
+
4 Tunnel , -9 3 * % 1 ! .
:#=,/&
% ;:.
&% !
1%&
*2.
%
/:, CUST1:
'> 1 ISP1 ; ISP2 *+
"#$ /
9 interface Loopback6000
ISP1
:?
:2& HSRP 9/&%1*2 ip address 10.26.247.1 255.255.255.252
*% track 1
(Serial0/0) & ! see note
1!/
, ' ;3 =
D; !
/:%/
. *& Tunneling
&& interface Tunnel1000
!& CUST1 ; CUST2 *+
"#$.* ip address 10.26.247.9 255.255.255.252
9 CUST1 /&1% *2
:?
backup interface ser0/0
tunnel source 10.26.247.2
>;:
2 %, &9 : . tunnel destination 10.26.247.2
10.26.248.0/24 ';< ISP1 (9/&%1*2 no keep-alive
: ip route 10.26.248.0 255.255.255.0 ser0/ !
0)
+
! CUST1 !%&! ISP1 interface Tunnel2000
Standby 1 priority 105 /, : 192.168.60.60/30 :Y.
1 (9
Standby 1 track Serial0/0
:?'
1 Fa0/0 ) %, *% backup in-
terface ! T2000 '; Loopback6000 %*&
Interface Serial0/0 .
;
3, Tunnel1000 ';&/:& (
;
Ip address 172.16.1.2 255.255.255.252 (omit- .: 1
, :?%,
;:!3*) ;
ted) Serial0/0 '; (
; Serial0/0
:?
1%
! Tunnel1000)
ip route 192.168.60.60 255.255.255.252
FastEthernet0/0 ! This subnet is used only
-
+ & FastEthernet0/0
&!%&!
to change Tunnel2000 interface status. !
';-.1'
1 ; T2000 ';
& < Loopback6000 %1
ip route 10.26.249.0 255.255.255.0 172.16.1.1 %1 T1000 ;3& Ser0/0 ';&&<!
*% backup interface
+ /, -.
Loopback6000
';
/
:?!
'
CUST1 '>, %/
!
-
/ & (% *+ / * &
+ ISP1 ' ;&
% 9 ;
3 -;!
/, : 10.26.247.0 1%
< 30 HSRP
:' active
:? standby &<!
:Y.
%
10.26.0.0/16 *% track *2/1
;
:Y.
1 Tunnel1000 '; D;%, 2!
!';
: /: < ISP2 9
& 9 !%&!/ Self-Tunnel /)
, :?
%
%,
:?
-04 9
%1!9, *30''
:?
:;3
**+&
+' Self-Tunnel
*2 /&
* CUST1-2
+
Recursive Lookup
:?
1:
!"
CUST1 #
Cisco Unified Communications
;'09@. '
%
;# $ $
E"
*"!2"
;# $ $
E
/0
+ -
%
33 %"
& "# % *'
"
+:
!EA 1 Cisco Unified Com-
munications : Y
%
1 Cisco Unified Communications
$
<1*'. +
1#<
+
''"
1;#
!?'$
?+. " %
'
''" (Presence Information) 32 $"% $.
!/ %
%
+
''" ;# '
''""
<# ''
- ". ,Cisco Unified Communications !%
$"
''"
"#
+ ;
1
!/ +
Session Initiation Protocol (SIP) !% %G '"
A
<'
'
#
+:
.+'. --++$%"A *12& & $"+ /0
+
!/
SIP 12&
-+;;'
!
1+
4
+
''"+
1G"# +* '. /
1 Cisco Voice
<
$"
H+.-# Technology Group %
%*
% %
Cisco Mobile Connect ?'
Cisco Unified
Communications
!' $ Unified Communications -! '
" #
1
*'%E" -'"+
'!'&? ,
+:
1
""# '\ 91G "%E"
1
&
"'#
;# $
<
2 &'
"
+
1
$*
';$E
"
!?4 3.. - %
#
32
<2
& #
+
1
"
$ %
<''"
H+.
& *
$
1
$ 1
%
'"
+
>3$
$ Cisco Unified MeetingPlace Express
$ -
!
" ;"
* (?
-$. . %;# 1
$
<%*%
-
" - 1
"#%
"
" ) 1
(
N+
+
$H+. Cisco Unified IP Phone 7985
<
-%*0
++A ) 32 !%+
%"
&
<%*1' -!
<2
-
. 32 ";%+
1
>
1
"
*
' /
0 % % "
)" "
12/!& !/
+)",&&+%"
<2 10.00 .
'%
+% %",&&+34
5/
*"& ')"6*"&"#!+$"# Cisco Unity *.3
*"+"* "
",
-") + Preference )& ,9'
Cisco Unified Personal Communicator $"
%+
<
" ''" %
"' '";"
$"
"'"
$ 9.'%"#4 - . #<
1" & % Cisco Unified Communica-
"
,
' 1
"
- "1
"<2 tions 32 Cisco Unified CallManager, Cisco Unified IP
+ -"H+.
<
<# -?+#'' " " phones, Cisco Unity Messaging, Cisco Unified MeetingPlace '
*?4
'.-'$.
& -
1%"
" '"
A -. $" 3.|. Cisco Unified
3 "
<
SIP Cisco Unified CallManager
1
" # " H+. !% ?'
CallManager 5.0, Cisco Unified Call Manager Express 3.4 - Cisco
Unified Survivable Remote Site Telephony 3.4 <2 9.H+. ,;
<'<
H+.
*$
9"<2
- +
" -
& SIP !%
?+'
+Y%
1''"0
1
"
& 4 . * . ;# -#
+
& =
Cisco Unified CallManager G '"
A ' '& *' . 1G Warner Pacific Insurance Services 32 $
Cisco Unified CallManager
<
"
$ SIP %
SCCP "
%
!% Cisco Unified Communications "
"
%2 %
$+ & +' -- SCCP
9 '
"
-'"
- SIP -3%
"
- " Cisco Unified Service Monitor
;#;' 9.
<$
1
'=
+ 90
+13. '"
A 1*' . '-
%.<'
| .$ %"A 0
% 3.3$ +
;+/.?- Mean Opinion
Score (MOS) A %2
!E Cisco Unified Communications "+-'" Cisco Unified
CallManager "
& SIP %
<2 Cisco Unified &#
+ + )(
CallManager Express - Cisco Survivable Remote Site Telephony
0
+ %
!E1 Cisco Unified Communica-
(SRST) 32 $.1
+'. SIP SRST
tions
$$.
N0
+1*' . +
+ /-
;
H+. (Call-Processing) !
$"- 0
+
-
"
1 !/ & & 3
0
1"
WAN $
%"
3|. . Cisco Unified '.
G
0-1*- "<2
'=
CallManager !
"# " ;# $ * $ 9.- -> ($" SIP %
SIMPLE)
-++$
+
-++$'
' %9 ;- &