Transcription
Building Service-AwareNetworksThe Next-Generation WAN/MANMuhammad Afaq Khan, CCIE No. 9070Cisco Press800 East 96th StreetIndianapolis, IN 46240
Building Service-Aware Networks: The Next-Generation WAN/MANContentsIntroductionxixPart IOverview of WAN ArchitecturesChapter 1Introduction to WAN Architectures1Introduction to WAN Solutions 1Branch/Private WAN Aggregation Role 2Basic Feature Requirements 5Basic Service Level Agreement RequirementsInternet Edge Role 8Basic Feature Requirements 9Data Center Interconnect 10Basic Feature Requirements 11Large Branch WAN 12Summary 15Review Questions 15Answers 15Further Reading 16Chapter 2Next-Generation WAN Architectures517The Evolution of Next-Generation WAN ArchitecturesBusiness Drivers Behind WAN Evolution 18Service Awareness and IntegrationInfrastructure Consolidation 19Segmentation/Virtualization 201718Security and Reliability 22Bandwidth Commoditization22Carbon Footprint Reduction 23Regulatory Compliance 24Time to Adoption 24Mean Time to Understanding and Troubleshooting 24How the Changing Business Requirements Relate to Network InfrastructureSummary 26Review Questions 27Answers 27Further Reading 27References 28
ixChapter 3Selecting and Qualifying Enterprise Edge Platforms forNext-Generation WANs 29Essential Attributes of an Enterprise Edge Platform29Carrier-Class Routing 29True Services Integration 29Robust In-Built Quality of ServiceFlexible System Architecture 3030Feature Velocity 31Common Sharing and Sparing for Investment ProtectionInterface Diversity and Density31Power and Space Friendly 31Industry Standard Compliance 32Qualifying the Enterprise WAN/MAN Edge PlatformAnatomy of a Test Plan 32Test Scope and Objective34Test Setup and TopologyTest Resources 3434Test Approach and MethodologyTest Entry and Exit Criteria 35Test Schedule 36Test Results ReportingTest Case DetailsSummary 36Sizing Up a Router3636Chapter Review QuestionsAnswers 37Further Reading 37Chapter 4353739What to Look for When Choosing a RouterMetrics for Benchmarking a Router 40Routing-Plane Performance and ScaleData-Plane Performance and ScaleSummary 42Chapter Review QuestionsAnswers 42Further Reading 42424141393231
xBuilding Service-Aware Networks: The Next-Generation WAN/MANPart IIASR 1000 System Hardware, Software, and ConfigurationChapter 5System Overview and Carrier-Class Attributes43Introduction to ASR 1000 Series Routers 43ASR 1000 Carrier-Class Attributes 46Availability46Reliability 46Scalability 48Quality of Service 48ROI and Investment ProtectionASR 1000 Applications 4949ASR 1000 Enterprise WAN Aggregation 49Enterprise Internet Gateway 49Enterprise Security Headend (Branch and Remote User Aggregation)Service Provider Layer 3 VPN5051Service Provider Layer 2 VPN 51Broadband Aggregation, Including FTTH and DSL LNS, LAC, and PTA 53High-End Customer Premises Equipment 54Reinventing Enterprise Routing with the ASR 1000 56Cisco QuantumFlow Processor and Embedded ServicesTrue Carrier-Class Routing 57Chassis Design and Modularity57Operating System Modularity 57In-Service Software Upgrade 58Separation of Planes 58Dealing with OversubscriptionIntegrated QoS 59BITS Reference Clock 60Nonstop Router Management5960Breadth and Diversity of LAN/WAN Interfaces 60Introducing ASR 1000 System Hardware Components 61Chassis Options61Chassis Slots Naming and NumberingRoute Processor 62Embedded Service ProcessorSPA Interface Processor 63636256
xiIntroducing ASR 1000 Software Components63IOS XE 63RP Software 63ESP Software 65SIP Software 66IOSD and Linux Kernel 67System ROMMON 68Basic Partitioning of the ASR 1000 SystemRouting Plane6868Data Plane 68Input/Output Plane 68Introduction to ASR 1000 System Redundancy and ModularitySummary 69Chapter Review QuestionsAnswers 70Further Reading 70Chapter 66869Cisco ASR 1000 Series Router Hardware and Software DetailsRoute Processor Overview 71Route Processor Functional Elements71Front Panel 72CPU, DRAM, Bootflash, Hard Disk Drive, and InterconnectApplication-Specific Integrated Circuits 73RP Initialization 75RP Packet Handling 75Hardware-Assisted Control-Plane ProtectionLegacy Protocol TrafficESP Overview 7978ESP Functional ElementsESP Initialization 81ESP Packet Handling7981ESP and Crypto Engine 82SPA Interface Processor Overview 83High-Level System Software ArchitectureRP Software Details 85RP Chassis Manager 85RP Forwarding Manager86857871
Building Service-Aware Networks: The Next-Generation WAN/MANRP Interface Manager 86ESP Software Details 86QFP Software 86ESP Forwarding Manager 86ESP Chassis Manager 87SIP Software Details 87SIP Chassis Manager 87SIP Interface Manager87SPA Drivers 87Day in the Life of a PacketIngress Processing 8888Arrival Processing 88Egress Processing 91Summary 91Review Questions 91Answers 92Further Reading 92Chapter 7Cisco IOS XE Software Packaging, Releases, and LicensingCisco IOS XE Software Overview 93Cisco IOS XE Software Packaging 94Software Redundancy 98Cisco IOS XE Software Releases 99Cisco IOS XE Software Licensing 100Summary 100Review Questions 101Answers 101Further Reading 102Chapter 8Cisco ASR 1000 Initial Setup and ConfigurationBooting the ASR 1000103103Initial Cisco ASR 1000 Configuration107Understanding the Cisco ASR 1000 File System StructureSummary 110Chapter Review QuestionsAnswers 111Further Reading111110109
xiiiChapter 9In-Service Software Upgrade and Software Modularity113Why ISSU Is Needed 113Operational Benefits 113Business Benefits 114ASR 1000 ISSU Details 114A Consolidated Package ISSU on a Fully Redundant 6RU117ISSU on 6RU System (with Dual RP and ESP) for IOSD Using Legacy i s s uCommands 118Subpackage ISSU on a Fully Redundant 6RU 124Upgrading SIP/SPA Subpackages131Upgrading the RP-Specific Subpackages on the Active RP132Upgrading the ESP Subpackage on the Standby RP (Formerly Active)Running Dual IOSD on a 2 or 4RU System 137Summary 138Chapter Review Questions 138Answers 138Further Reading139Part IIISystem Management and TroubleshootingChapter 10Using the ASR 1000 Embedded Graphical User InterfaceIntroduction to the ASR 1000 Web GUIConfiguring the ASR 1000 GUI 142Common Usage Examples 143Summary 146Review Questions 146Answers 147Further Reading 147Chapter 11135141141Understanding ASR 1000 System Troubleshooting and ErrorMessages149Troubleshooting Methodology149ASR 1000-Specific Troubleshooting Commands 150Troubleshooting System Hardware and Software 154Displaying the Overall Processor and Memory Utilization on an ASR 1000System 154Displaying IPv4-Related Drops for the Active QFP155Displaying Overall QFP Memory Statistics for IRAM, DRAM, andSRAM Usage 156
xivBuilding Service-Aware Networks: The Next-Generation WAN/MANDisplaying QFP Memory Statistics on a Per-IOS Feature and Internal-UsageBasis157Tracking Control CPU Usage from the Linux Shell161Tracking a Command Output Repeatedly Using the m o n i t o r CommandDisplaying the Status of Front-Panel LEDs Using the showh a r d w a r e Command 163Displaying the Status of SPAs in a SIPDisplaying Statistics for a Slot or SIP162platform163164Displaying Drop Statistics for All Interfaces in the System164Displaying the Interface-Level FIA for Both the Ingress and EgressFeature Set165Displaying System Components Such as RP, ESP, and SIP Insertion andUptime166Displaying QFP PPE Utilization InformationUseful debug Commands167168Troubleshooting IOS Features via Platform-Specific CommandsCommon System Error Messages169174Message: "Warning: Filesystem Is Not Clean" During RP Boot174Message: "%IOSXE-7-PLATFORM: FO: sntp: Resetting on Error x y" 175Message: "%ASR1000 PEM-3-PEMFAIL: The РЕМ in Slot 0 Is SwitchedOff or Encountering a Failure Condition" 175Summary175Review QuestionsAnswers176176Further Reading176Part IVASR 1000—Bringing Innovative Solutions to the RoutingIndustryChapter 12IP Routing Use Cases177Introduction to the Scalable and Modular Control Plane on the ASR 1000NSF/SSO, NSR, Graceful Restart to Ensure Robust RoutingUse Case: Achieving High Availability Using NSF/SSOPacket Capture Using Encapsulated Remote SPAN177179179184Use Case: Ethernet Frame Capture and Transport Across a Layer 3 Cloud184Achieving Segmentation Using MPLS over GRE and MPLS VPNs over GRESolutions 187Use Case: Self-Managed MPLS and Enterprise Private WANSegmentation 187
XVScalable v4/VPNv4 Route Reflector 190Use Case: Route Reflection 191Scalable and Flexible Internet Edge 193Use Case: Internet Gateway/Edge RouterScalable Data Center Interconnect 195193Use Case: Encrypting Traffic over an EoMPLS Psuedowire at Layer 2 UsingTrustSec 198Summary 203Chapter Review QuestionsAnswers 203Further ReadingChapter 13203204IP Services Use Cases205Introduction to IOS IP Services on the ASR 1000 205Scalable In-Built QoS Using QFP's Traffic Manager 206Ingress SIP Buffering207Traffic Manager Packet Buffering209Un icast Packets 210Multicast Packets 210Punt Packet 210Egress SIP Buffering 211ESP Interconnect Scheduler Default Behavior (Aggregating All SIPTraffic) 213ASR 1000 Traffic Manager Priority Queues 213Scalable Hierarchical QoS and Metro-E Use Case 216Scalable IPv4 and IPv6 Multicast Acceleration Using Cisco QuantumFlowProcessor 219Multicast High Availability on the ASR 1000Multicast Replication on the ESP 221Scalable In-Built Multigigabit NAT 221220High-Speed Logging Using NetFlow v9 Format for NAT and FirewallScalable In-Built Multigigabit NBAR and FPM 225Summary 228Chapter Review QuestionsAnswers 228Further Reading 229228223
xviBuilding Service-Aware NetworksChapter 14Security Services Use Cases231Introduction to IOS Security Services on the Cisco ASR 1000Secure Connectivity Solutions 232Introduction to IPsec Solutions on the Cisco ASR 1000IPsec Packet Flow (Ingress) 235231232IPsec Packet Flow (Egress) 235IPsec High-Availability Considerations 236IPsec and Interaction with IP Multicast 236Scalable Encryption with QoS Before/After Crypto Engine237Scalable DMVPN Hub and Spoke 239Scalable GETVPN Group Member for Data Center and Large BranchSolutions 242Cisco ASR 1000 GETVPN Solution Benefits 242Cisco ASR 1000 GETVPN Solution Architecture Overview 242GETVPN Configuration Overview246Cisco ASR 1000 Memory, Performance, and Scaling247Caveats and Limitations 248Cisco ASR 1000 GETVPN Deployment Models 248Troubleshooting GETVPN on Cisco ASR 1000 250Integrated Threat Control Solutions 251Introduction to Threat Control Solutions on the ASR 1000Using In-Built Firewall High Availability 253251IOS Firewall Zone/Zone Pair Scale 253Scalable Multigigabit Router Firewall at the Internet Edge: Use CaseSummary 256Chapter Review QuestionsAnswers 256Further Reading 257Chapter 15254256WAN Optimization Services Use Cases259Introduction to WAN Optimization Solutions on the Cisco ASR 1000Using WCCPv2 for Web Caching 260Interaction of WCCPv2 with Other IOS Features 261WAN Optimization Through WAAS Integration 262Campus WAN Headend Deployment 263Branch Deployment 264WAN Headend and IronPort's WSA Appliance265259
xviiTroubleshooting WCCPv2 on Cisco ASR 1000 265Voice Header Compression Using Cisco IOS cRTP 267Chapter Review Questions 267Answers 268Further Reading 268Chapter 16Unified Communications Services Use Cases269Introduction to Unified WAN Solutions on Cisco ASR 1000Using Integrated CUBE 271CUBE (SP) Deployment Scenarios274SP-to-SP Peering 274SP-to-Managed Enterprise and Residential SIP TrunkingBusiness-to-Business Telepresence 276Troubleshooting CUBE 279Using the WebEx Node Services Module 280WebEx Node Deployment ArchitectureDeployment ConsiderationsInstallation Steps 283Summary 285Review Questions 285Answers 286Further Reading 286Index287282269282275
ESP Interconnect Scheduler Default Behavior (Aggregating All SIP Traffic) 213 ASR 1000 Traffic Manager Priority Queues 213 Scalable Hierarchical QoS and Metro-E Use Case 216 Scalable IPv4 and IPv6 Multicast Acceleration Using Cisco QuantumFlow Processor 219 Multicast High Availability on the ASR 1000
