Documenti di Didattica
Documenti di Professioni
Documenti di Cultura
HSRP Overview
First-hop redundancy allows a highly available network to recover
from the failure of the device acting as the default gateway for the
end stations on a physical segment.
Layer 3 default gateway service for the corresponding Layer 2
domain to maintain the availability of such key functions.
Cisco has developed the Hot Standby Router Protocol (HSRP) to
address this need.
The Hot Standby Router Protocol (HSRP) protects data traffic
from a failed router or circuit, like GLBP and VRRP, while
allowing packet load sharing between a group of redundant routers.
When HSRP is used to provide default gateway redundancy, the
backup members of the peer relationship are idle, waiting for a
failure event to occur for them to take over and actively forward
traffic,
GLBP Overview
GLBP utilized uplinks more efficiently and to ensure that
STP/RSTP root roles are alternated between distribution node
peers.
GLBP offers all the benefits of HSRP plus load balancing the
default gateway.
GLBP, a group of routers function as one virtual router by sharing
one virtual IP address but using multiple virtual MAC addresses
for traffic forwarding.
Consequently, traffic from a single common subnet can go through
multiple redundant gateways using a single virtual IP address.
GLBP leads to asymmetrical routing because it will send outbound
traffic flows over the available upstream paths, and most probably
the return traffic of these distributed flows will come back over a
single return path.
The solution to this issue is to consider HSRP and align the subnet
advertisement to the outside networks to ensure return traffic
comes back over the same path by default, lead to asymmetrical
routing.
■ Broadcast: Multiaccess subnetworks that support the addressing of a group of attached systems.
mGRE:
Multipoint GRE enables a single GRE interface to support multiple
GRE tunnels and simplifies the complexity of the configuration.
All DMVPN members use GRE or mGRE interfaces to build tunnels
between devices.
NHRP
the hub acts as an NHRP server and the spokes act as NHRP clients.
The hub maintains an NHRP database of mappings between the outer
(public, physical, NBMA interface) and tunnel (inside the tunnel interface)
IP addresses of each spoke.
IPsec
Internet Protocol Security provides transmission protection for GRE
tunnels.
Major features of the DMVPN solution include the following:
■ Configuration reduction
■ Zero-touch deployment (ZTD)
■ Dynamic routing protocol support
■ QoS and per tunnel QoS support
■ Hub-and-spoke multicast support
■ Support for dynamically addressed peers
■ Support for devices behind NAT
■ Partial-mesh and full-mesh VPN capabilities
■ Capability to be used with or without IPsec encryption
Deployment Models
DMVPN supports two deployment models:
Hub and spoke:
A strict hub-and-spoke DMVPN deployment model requires each branch to
be configured with a point-to-point GRE interface to the hub. All traffic between
spoke networks must flow through the hub router. DMVPN provides scalable
configuration to the hub router but does not facilitate direct spoke-to-spoke
communication.
Spoke-to-spoke:
A spoke-to-spoke DMVPN deployment model requires each branch to be
configured with an mGRE interface in which dynamic spoke-to-spoke tunnels are
used for the spoke-to-spoke traffic. In this model, DMVPN provides a scalable
configuration model for all involved devices and also allows spoke devices to
dynamically peer and establish optimal routing paths. DMVPN will not
immediately produce a partially meshed or fully meshed topology. DMVPN
initially establishes a permanent hub-and-spoke topology, from which a partial
mesh or full mesh is dynamically generated based on traffic patterns and DMVPN
Phase 2 or Phase 3 configuration, which is discussed later in this chapter (DMVPN
Phase 2 subsection).
Point to Point Vs Multipoint
Transport Mode Vs Tunnel Mode
■ Tunnel mode: This mode introduces a new IPsec header to the packet, and the
complete user IP packet is encapsulated as the payload.
■ Transport mode: This mode preserves the original IP header, and forwarding
decisions are based on this original header.
QoS
IntServ Vs DiffServ
QoS Queuing
Classification and Marking Design Principles
The first fundamental design principle is that QoS policies should always be
enabled in hardware whenever possible.
Cisco routers perform QoS in software, and such behavior can increase the
load on the CPU.
Dedicated hardware called application-specific integrated circuits (ASIC),
which are used to perform QoS operations.
Cisco ASR, can perform QoS operations (such as queuing) in dedicated
hardware ASICs,
Classification and marking should be done closest to the source of traffic.
This design principle promotes DiffServ and per-hop behaviors (PHB) as the
recommended end-to-end design.
To provide interoperability on the border between enterprise and service
provider n etworks, you should use standard-based DSCP PHB markings
DSCP markings are the recommended method for marking IP traffic for the
following reasons:
■ It has support for end-to-end Layer 3 marking.
■ It is a more granular method of marking that supports 64 levels as compared
to class of service (CoS) and MPLS Experimental EXP, which have 8 levels.
■ It is more extensible than Layer 2 markings as these markings are lost when
media changes.
12class strategy