第1页 / 共438页
第2页 / 共438页
第3页 / 共438页
第4页 / 共438页
第5页 / 共438页
第6页 / 共438页
第7页 / 共438页
第8页 / 共438页
Network Design Cookbook- Architecting Cisco Networks.pdf
Network Design Cookbook:
Architecting Cisco Networks
Practical Cisco Training for Network Engineers & Consultants!
Michel Thomatis, CCIE #6778
RouteHub Group, LLC
www.RouteHub.net
April 15, 2012
Network Design Cookbook | About the Author 1
Network Design Cookbook: Architecting Cisco Networks
by
Michel Thomatis, CCIE #6778
Copyright 2011 Michel Thomatis
All rights reserved.
ISBN-13: 978-1-257-75024-5
No part of this book may be reproduced in any form or by any electronic or mechanical
means including information storage and retrieval systems, without permission in writing
from the author. The only exception is by a reviewer, who may quote short excerpts in a
review.
May 8, 2011
CCDE, CCIE, CCDP, CCIP, CCNP, CCVP, CCSP, CCDA, CCNA, CCENT, Cisco, Cisco IOS, Cisco Systems, the Cisco Systems logo, and
Networking Academy are registered trademarks or trademarks of Cisco Systems, Inc. and/or its affiliates in the U.S. and certain other
countries. All other trademarks mentioned in this document or web site are the property of their respective owners.
Network Design Cookbook | About the Author 2
ROUTEHUB GROUP END-USER LICENSE AGREEMENT
END USER LICENSE FOR ONE (1) PERSON ONLY
IF YOU DO NOT AGREE WITH THESE TERMS AND CONDITIONS,
DO NOT OPEN OR USE THE TRAINING MATERIALS.
IMPORTANT! BE SURE TO CAREFULLY READ AND UNDERSTAND ALL OF THE RIGHTS AND RESTRICTIONS SET
FORTH IN THIS END-USER LICENSE AGREEMENT ("EULA"). YOU ARE NOT AUTHORIZED TO USE THIS NETWORK
CONFIGURATION GUIDE/TRAINING UNLESS AND UNTIL YOU ACCEPT THE TERMS OF THIS EULA.
This EULA is a binding legal agreement between you and ROUTEHUB GROUP, LLC (hereinafter "Licensor") for the
materials accompanying this EULA, including the accompanying computer Network Configuration Guide/Training, associated media,
printed materials and any "online" or electronic documentation (hereinafter the "Network Configuration Guide/Training"). By using
the Network Configuration Guide/Training, you agree to be bound by the terms of this EULA. If you do not agree to the terms of this
EULA, do not install or attempt to use the Network Configuration Guide/Training.
The Guide & Training Materials shall be used by only ONE (1) INDIVIDUAL who shall be the sole individual authorized to use the Guide &
Training Materials throughout the term of this License.
1. Grant of License
The Network Configuration Guide/Training is protected by copyright laws and international copyright treaties, as well as
other intellectual property laws and treaties. The Network Configuration Guide/Training is licensed, not sold. This EULA grants you
the following rights:
A. You may use, access, display and run only one copy of the Network Configuration Guide/Training, on a single
computer, workstation or terminal ("Computer"). The primary user of the Computer on which the Network Configuration
Guide/Training is installed may make a second copy for his or her exclusive use for archival purposes only.
B. You may store or install a copy of the Network Configuration Guide/Training on a storage device, such as a network
server, used only to run the Network Configuration Guide/Training on your other Computers over an internal network. You must,
however, acquire a license for each separate Computer on which the Network Configuration Guide/Training is run, displayed or
utilized from the server or similar device. A license for the Network Configuration Guide/Training may not be shared or used
concurrently on different Computers.
C. Your license rights under this EULA are non-exclusive. All rights not expressly granted herein are reserved by
Licensor.
D. You may not sell, transfer or convey the Network Configuration Guide/Training to any third party without Licensor's
prior express written consent.
2. Price and Payment
If you have not previously paid the license fee for the Network Configuration Guide/Training, then you must pay the license
fee within the period indicated in the applicable invoice sent to you by Licensor.
3. Support Services
This EULA is a license of the Network Configuration Guide/Training only, and Licensor does not assume any obligation to
provide maintenance, patches or fixes to the Network Configuration Guide/Training. Licensor further disclaims any obligation to
provide support or to prepare and distribute modifications, enhancements, updates and new releases of the Network Configuration
Guide/Training.
4. Replacement, Modification and/or Upgrades
Network Design Cookbook | About the Author 3
Licensor may, from time to time, and for a fee, replace, modify or upgrade the Network Configuration Guide/Training. When
accepted by you, any such replacement or modified Network Configuration Guide/Training code or upgrade to the Network
Configuration Guide/Training will be considered part of the Network Configuration Guide/Training and subject to the terms of this
EULA (unless this EULA is superceded by a further EULA accompanying such replacement or modified version of or upgrade to the
Network Configuration Guide/Training).
5. Termination
You may terminate this EULA at any time by destroying all your copies of the Network Configuration Guide/Training. Your
license to the Network Configuration Guide/Training automatically terminates if you fail to comply with the terms of this agreement.
Upon termination, you are required to remove the Network Configuration Guide/Training from your computer and destroy any copies
of the Network Configuration Guide/Training in your possession. No refund with the product will be granted.
6. Copyright
A. All title and copyrights in and to the Network Configuration Guide/Training (including but not limited to any images,
photographs, animations, video, audio, music and text incorporated into the Network Configuration Guide/Training), the
accompanying printed materials, and any copies of the Network Configuration Guide/Training, are owned by Licensor or its
suppliers. This EULA grants you no rights to use such content. If this Network Configuration Guide/Training contains documentation
that is provided only in electronic form, you may print one copy of such electronic documentation. Except for any copies of this
EULA, you may not copy the printed materials accompanying the Network Configuration Guide/Training.
B. You may not reverse engineer, de-compile, disassemble, alter, duplicate, modify, rent, lease, loan, sublicense, make
copies of, create derivative works from, distribute or provide others with the Network Configuration Guide/Training in whole or part,
transmit or communicate the application over a network.
7. Export Restrictions
You may not export, ship, transmit or re-export Network Configuration Guide/Training in violation of any applicable law or
regulation including but not limited to Export Administration Regulations issued by the U. S. Department of Commerce.
8. Disclaimer of Warranties
LICENSOR AND ITS SUPPLIERS PROVIDE THE NETWORK CONFIGURATION GUIDE/TRAINING "AS IS" AND WITH
ALL FAULTS, AND HEREBY DISCLAIM ALL OTHER WARRANTIES AND CONDITIONS, EITHER EXPRESS, IMPLIED OR
STATUTORY, INCLUDING BUT NOT LIMITED TO ANY (IF ANY) IMPLIED WARRANTIES OR CONDITIONS OF
MERCHANTABILITY, OF FITNESS FOR A PARTICULAR PURPOSE, OF LACK OF VIRUSES, AND OF LACK OF NEGLIGENCE
OR LACK OF WORKMANLIKE EFFORT. ALSO, THERE IS NO WARRANTY OR CONDITION OF TITLE, OF QUIET
ENJOYMENT, OR OF NONINFRINGEMENT. THE ENTIRE RISK ARISING OUT OF THE USE OR PERFORMANCE OF THE
NETWORK CONFIGURATION GUIDE/TRAINING IS WITH YOU.
9. Limitation of Damages
TO THE MAXIMUM EXTENT PERMITTED BY APPLICABLE LAW, IN NO EVENT WILL LICENSOR OR ITS SUPPLIERS
BE LIABLE FOR ANY CONSEQUENTIAL, INCIDENTAL, DIRECT, INDIRECT, SPECIAL, PUNITIVE OR OTHER DAMAGES
WHATSOEVER ARISING OUT OF OR IN ANY WAY RELATED TO THE USE OF OR INABILITY TO USE THE NETWORK
CONFIGURATION GUIDE/TRAINING AND WHETHER BASED ON CONTRACT, TORT, NEGLIGENCE, STRICT LIABILITY OR
OTHERWISE, EVEN IF LICENSOR OR ANY SUPPLIER HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES. THIS
EXCLUSION OF DAMAGES WILL BE EFFECTIVE EVEN IF ANY REMEDY FAILS OF ITS ESSENTIAL PURPOSE.
10. Arbitration
Any dispute arising under this EULA will be subject to binding arbitration by a single Arbitrator with the American Arbitration
Association (AAA), in accordance with its relevant industry rules, if any. The parties agree that this EULA will be governed by and
construed and interpreted in accordance with the laws of the State of California. The arbitration will be held in California. The
Arbitrator will have the authority to grant injunctive relief and specific performance to enforce the terms of this EULA. Judgment on
any award rendered by the Arbitrator may be entered in any Court of competent jurisdiction.
11. Severability
Network Design Cookbook | About the Author 4
If any term of this EULA is found to be unenforceable or contrary to law, it will be modified to the least extent necessary to
make it enforceable, and the remaining portions of this Agreement will remain in full force and effect.
12. No Waiver
No waiver of any right under this EULA will be deemed effective unless contained in writing signed by a duly authorized
representative of the party against whom the waiver is to be asserted, and no waiver of any past or present right arising from any
breach or failure to perform will be deemed to be a waiver of any future rights arising out of this EULA.
13. Entire Agreement
This EULA constitutes the entire agreement between the parties with respect to its subject matter, and supersedes all prior
agreements, proposals, negotiations, representations or communications relating to the subject matter. Both parties acknowledge
that they have not been induced to enter into this EULA by any representations or promises not specifically stated herein.
Network Design Cookbook | About the Author 5
Table of Contents
1
2
3
ABOUT THE AUTHOR .................................................................................................................................... 10
START HERE .................................................................................................................................................. 10
THE ARCHECTURE OF NETWORK DESIGN ..................................................................................................... 11
3.1
3.2
3.3
INFORMATION TECHNOLOGY AND ROLES ............................................................................................................... 11
COMPONENTS .................................................................................................................................................. 18
DESIGN ........................................................................................................................................................... 23
4 DESIGN PROCESS .......................................................................................................................................... 33
5 DESIGN STEPS............................................................................................................................................... 35
6 DESIGN: FOUNDATION SOLUTIONS .............................................................................................................. 37
6.1
LAN (CAMPUS) SOLUTION ............................................................................................................................ 38
6.2 WAN SOLUTION .............................................................................................................................................. 43
DATA CENTER SOLUTION .................................................................................................................................... 47
6.3
6.4
INTERNET EDGE SOLUTION ................................................................................................................................. 53
7 DESIGN: NETWORK SOLUTIONS ................................................................................................................... 56
7.1
7.2
SECURITY SOLUTIONS ........................................................................................................................................ 57
Firewalls ............................................................................................................................................... 58
7.1.1
Intrusion Prevention (IPS) .................................................................................................................... 63
7.1.2
Content Security ................................................................................................................................... 65
7.1.3
Secure Communications ....................................................................................................................... 68
7.1.4
Identity-Based Access Control .............................................................................................................. 72
7.1.5
PCI/DSS ................................................................................................................................................ 74
7.1.6
Proxy .................................................................................................................................................... 76
7.1.7
DMZ and Extranet ................................................................................................................................ 78
7.1.8
Physical Security ................................................................................................................................... 80
7.1.9
7.1.10
Endpoint Security ................................................................................................................................. 81
7.1.11 Data Loss Prevention ........................................................................................................................... 82
COLLABORATION SOLUTIONS............................................................................................................................... 83
Voice (IP Communications) .................................................................................................................. 84
7.2.1
Messaging ............................................................................................................................................ 95
7.2.2
Conferencing ........................................................................................................................................ 98
7.2.3
Customer Care ................................................................................................................................... 100
7.2.4
Presence ............................................................................................................................................. 101
7.2.5
Video .................................................................................................................................................. 102
7.2.6
Social Networking .............................................................................................................................. 104
7.2.7
7.2.8 Web 2.0 .............................................................................................................................................. 105
Network Design Cookbook | About the Author 6
7.4
7.3 MOBILITY SOLUTIONS ...................................................................................................................................... 106
7.3.1 Wireless .............................................................................................................................................. 107
Teleworker ......................................................................................................................................... 112
7.3.2
DATA CENTER SOLUTIONS ................................................................................................................................ 115
Virtualization ..................................................................................................................................... 116
7.4.1
Cloud Computing ............................................................................................................................... 118
7.4.2
High Performance Computing (HPC) .................................................................................................. 120
7.4.3
Unified Computing ............................................................................................................................. 122
7.4.4
Data Management (Storage) ............................................................................................................. 134
7.4.5
Content Switching .............................................................................................................................. 137
7.4.6
Optimization ...................................................................................................................................... 140
7.4.7
Disaster Recovery ............................................................................................................................... 142
7.4.8
7.4.9
Top Rack Switching ............................................................................................................................ 144
7.4.10 Web and E-Commerce ....................................................................................................................... 145
NETWORK MANAGEMENT SOLUTIONS ................................................................................................................ 147
GREEN COMPUTING SOLUTIONS ........................................................................................................................ 151
SYSTEM SOLUTIONS ........................................................................................................................................ 152
7.5
7.6
7.7
8
DESIGN: SERVICES ...................................................................................................................................... 153
8.1
8.2
8.3
GENERAL SERVICES ......................................................................................................................................... 154
CORE NETWORK SERVICES ................................................................................................................................ 155
IP Routing ........................................................................................................................................... 156
LAN Switching .................................................................................................................................... 172
Quality of Service (QoS) ..................................................................................................................... 181
IP Multicast ........................................................................................................................................ 198
IPv6 .................................................................................................................................................... 204
IP Services & Features ........................................................................................................................ 208
First Hop Redundancy Protocol (FHRP) .............................................................................................. 211
Network Management ....................................................................................................................... 212
SECURITY SERVICES ......................................................................................................................................... 213
Virtual Private Network (VPN) ........................................................................................................... 214
Network Security ................................................................................................................................ 221
Tunneling: L3VPN ............................................................................................................................... 223
Tunneling: L2VPN ............................................................................................................................... 228
Identity-Based Access Control ............................................................................................................ 229
Best Practices ..................................................................................................................................... 230
8.2.1
8.2.2
8.2.3
8.2.4
8.2.5
8.2.6
8.2.7
8.2.8
8.3.1
8.3.2
8.3.3
8.3.4
8.3.5
8.3.6
9 DESIGN RESOURCES ................................................................................................................................... 231
9.1
9.2
9.3
REQUIREMENTS .............................................................................................................................................. 231
SOLUTION DESIGN .......................................................................................................................................... 235
TOPOLOGY .................................................................................................................................................... 237
9.3.1
Topology Overview ............................................................................................................................ 238
9.3.2
LAN and Data Center ......................................................................................................................... 239
9.3.3 WAN and Internet Edge ..................................................................................................................... 248
Network Design Cookbook | About the Author 7
9.4
9.5
9.5.1
9.5.2
9.5.3
9.5.4
DEPLOYMENT ................................................................................................................................................. 253
BANDWIDTH SERVICES & PERFORMANCE ............................................................................................................ 255
LAN and Data Center ......................................................................................................................... 256
Private WAN, Public WAN (Internet Edge) ......................................................................................... 267
Internet Edge ..................................................................................................................................... 273
Solutions and Services ........................................................................................................................ 276
SERVICE DESIGN ............................................................................................................................................. 279
9.6
REDUNDANCY ................................................................................................................................................ 280
9.7
DESIGN OPTION ............................................................................................................................................. 295
9.8
9.9
CONSOILDATION MATRIX ................................................................................................................................. 297
9.10 HARDWARE ................................................................................................................................................... 300
STANDARDS ................................................................................................................................................... 309
9.11
9.11.1 Naming Standard ............................................................................................................................... 309
9.11.2
VLAN Schema ..................................................................................................................................... 310
9.11.3
IP Addressing Schema ........................................................................................................................ 311
9.11.4 Data Center Facilities ......................................................................................................................... 312
10
REFERENCE: HARDWARE ........................................................................................................................ 314
10.3
10.3.1
10.3.2
10.3.3
10.1 ROUTERS....................................................................................................................................................... 314
SWITCHES ..................................................................................................................................................... 315
10.2
10.2.1
LAN Switches ...................................................................................................................................... 315
10.2.2 Data Center Switches ......................................................................................................................... 319
SECURITY ...................................................................................................................................................... 320
Firewalls and VPN .............................................................................................................................. 320
Intrusion Prevention ........................................................................................................................... 321
Content Security ................................................................................................................................. 322
10.4 COLLABORATION ............................................................................................................................................ 323
10.4.1
Voice: Call Control .............................................................................................................................. 323
10.4.2
Voice: Voice Gateway (and Cisco CME Router) .................................................................................. 324
10.4.3 Messaging .......................................................................................................................................... 325
Conferencing ...................................................................................................................................... 326
10.4.4
10.4.5
Customer Care ................................................................................................................................... 327
Presence ............................................................................................................................................. 328
10.4.6
10.4.7
Video .................................................................................................................................................. 329
10.5 DATA CENTER ................................................................................................................................................ 330
10.5.1
Application Switching (Load Balancers) ............................................................................................. 330
10.5.2 Unified Computing ............................................................................................................................. 331
10.5.3 WAN OPtimization ............................................................................................................................. 333
10.6 MOBILITY ...................................................................................................................................................... 334
10.7 NETWORK MANAGEMENT ................................................................................................................................ 335
11
12
OTHER DESIGN RESOURCES .................................................................................................................... 336
NETWORK DESIGN COOKBOOK EXAMPLE .............................................................................................. 346
12.1
STEP 1 - REQUIREMENTS AND SOLUTIONS ........................................................................................................... 346
Network Design Cookbook | About the Author 8
相关推荐
2023年江西萍乡中考道德与法治真题及答案.doc
2012年重庆南川中考生物真题及答案.doc
2013年江西师范大学地理学综合及文艺理论基础考研真题.doc
2020年四川甘孜小升初语文真题及答案I卷.doc
2020年注册岩土工程师专业基础考试真题及答案.doc
2023-2024学年福建省厦门市九年级上学期数学月考试题及答案.doc
2021-2022学年辽宁省沈阳市大东区九年级上学期语文期末试题及答案.doc
2022-2023学年北京东城区初三第一学期物理期末试卷及答案.doc
2018上半年江西教师资格初中地理学科知识与教学能力真题及答案.doc
2012年河北国家公务员申论考试真题及答案-省级.doc
2020-2021学年江苏省扬州市江都区邵樊片九年级上学期数学第一次质量检测试题及答案.doc
2022下半年黑龙江教师资格证中学综合素质真题及答案.doc
