O'Reilly logo

Stay ahead with the world's most comprehensive technology and business learning platform.

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, tutorials, and more.

Start Free Trial

No credit card required

Designing for Cisco Network Service Architectures (ARCH) Foundation Learning Guide, Fourth Edition

Book Description

Designing for Cisco Network Service Architectures (ARCH) Foundation Learning Guide, Fourth Edition

·         Learn about the Cisco modular enterprise architecture

·         Create highly available enterprise network designs

·         Develop optimum Layer 3 designs

·         Examine advanced WAN services design considerations

·         Evaluate data center design considerations

·         Design effective modern WAN and data center designs

·         Develop effective migration approaches to IPv6

·         Design resilient IP multicast networks

·         Create effective network security designs


Designing for Cisco Network Service Architectures (ARCH) Foundation Learning Guide, Fourth Edition, is a Cisco-authorized, self-paced learning tool for CCDP foundation learning. This book provides you with the knowledge needed to perform the conceptual, intermediate, and detailed design of a network infrastructure that supports desired network solutions over intelligent network services to achieve effective performance, scalability, and availability. This book presents concepts and examples necessary to design converged enterprise networks. You learn additional aspects of modular campus design, advanced routing designs, WAN service designs, enterprise data center design, IP multicast design, and security design. Advanced and modern network infrastructure solutions, such as virtual private networks (VPN), Cisco Intelligent WAN (IWAN), and Cisco Application-Centric Infrastructure (ACI), are also covered.

Chapter-ending review questions illustrate and help solidify the concepts presented in the book.

Whether you are preparing for CCDP certification or CCDE certification, or simply want to gain a better understanding of designing scalable and reliable network architectures, you will benefit from the foundation information presented in this book.


Designing for Cisco Network Service Architectures (ARCH) Foundation Learning Guide, Fourth Edition, is part of a recommended learning path from Cisco that includes simulation and hands-on training from authorized Cisco Learning Partners and self-study products from Cisco Press. To find out more about instructor-led training, e-learning, and hands-on instruction offered by authorized Cisco Learning Partners worldwide, please visit https://learningnetwork.cisco.com.


Category: Cisco Certification

Covers: CCDP ARCH 300-320

Table of Contents

  1. About This E-Book
  2. Title Page
  3. Copyright Page
  4. About the Authors
  5. About the Technical Reviewers
  6. Dedications
  7. Acknowledgments
  8. Contents at a Glance
  9. Contents
  10. Icons Used in This Book
  11. Command Syntax Conventions
  12. Reader Services
  13. Introduction
    1. Goals of This Book
    2. Who Should Read This Book
    3. How This Book Is Organized
  14. Part I: Designing Reliable and Resilient Enterprise Layer 2 and Layer 3 Networks
    1. Chapter 1. Optimal Enterprise Campus Design
      1. Enterprise Campus Design Principles
      2. Hierarchy
        1. Access Layer
        2. Distribution Layer
        3. Core Layer
        4. Enterprise Campus Two-Tier Layer Model
        5. Enterprise Campus Three-Tier Layer Model
      3. Modularity
        1. Modular Enterprise Campus Architecture and Modular Enterprise Campus with OSPF
        2. Access-Distribution Block
      4. Flexibility
        1. Campus Network Virtualization
        2. Campus Network Virtualization Technologies and Techniques
      5. Resiliency
        1. Enterprise Campus High-Availability Design Considerations
        2. VLANs, Trunking, and Link Aggregation Design Recommendations
        3. First-Hop Redundancy Protocol (FHRP)
        4. Layer 2 to Layer 3 Boundary Design Options and Considerations
      6. Summary
      7. Review Questions
      8. References
    2. Chapter 2. EIGRP Design
      1. Scalable EIGRP Design Overview
      2. EIGRP with Multiple Autonomous Systems
        1. EIGRP Queries
        2. Multiple EIGRP Autonomous System Drivers
      3. EIGRP Multilayer Architectures
        1. EIGRP Two-Layer Hierarchy Architecture
        2. EIGRP Three-Layer Hierarchy Architecture
      4. EIGRP Hub-and-Spoke Design
        1. Summarization Challenges
        2. EIGRP Hub-and-Spoke Scalability Optimization
        3. EIGRP DMVPN Scaling
      5. EIGRP Fast Convergence Design Considerations
        1. Bidirectional Forwarding Detection
      6. EIGRP Graceful Restart/NSF Considerations
      7. Summary
      8. Review Questions
    3. Chapter 3. OSPF Design
      1. OSPF Scalability Design Considerations
        1. Adjacent Neighbors
        2. Routing Information in the Area and the Routed Domain
        3. Numbers of Routers in an Area
        4. Number of Areas per ABR
      2. OSPF Area Design Considerations
        1. OSPF Hierarchy
        2. Area and Domain Summarization
      3. OSPF Full-Mesh Design
      4. OSPF Hub-and-Spoke Design
        1. OSPF ABR Placement in Hub-and-Spoke Design
        2. Number of Areas in OSPF Hub-and-Spoke Design
        3. OSPF Network Types in Hub-and-Spoke Design
      5. OSPF Convergence Design Considerations and Optimization Techniques
        1. Event Detection
        2. OSPF Event Propagation
        3. OSPF Event Processing
        4. OSPF Flooding Reduction
        5. OSPF Database Overload Protection
      6. Summary
      7. Review Questions
    4. Chapter 4. IS-IS Design
      1. Protocol Overview
        1. IS-IS Characteristics
        2. Integrated IS-IS Routing
      2. IS-IS Hierarchical Architecture Overview
        1. IS-IS Router and Link Types
        2. IS-IS Adjacencies
      3. IS-IS Versus OSPF
        1. Similarities Between IS-IS and OSPF
        2. OSPF and IS-IS Characteristics
        3. Integrated IS-IS and OSPF Area Designs
      4. IS-IS Technical Deep Dive
        1. IS-IS Addressing
        2. IS-IS Link-State Packets Flooding
        3. IS-IS LSDB Synchronization
      5. IS-IS Design Considerations
        1. IS-IS Routing Logic Overview
        2. Route Leaking
        3. Asymmetric Versus Symmetric IS-IS Routing
        4. IS-IS Routing over NBMA Hub-and-Spoke
        5. IS-IS Routing over a Full-Mesh Network
        6. Flat IS-IS Routing Design
        7. Hierarchal IS-IS Design
        8. IS-IS Routes Summarization
        9. Integrated IS-IS for IPv6
        10. Final Thoughts on IS-IS Routing Design
      6. Summary
      7. Review Questions
    5. Chapter 5. Border Gateway Protocol Design
      1. BGP Overview
        1. BGP Speaker Types
        2. BGP Loop Prevention and Split-Horizon Rule
        3. BGP Path Attributes and Path Selection (Review)
      2. Designing Scalable iBGP Networks
        1. iBGP Scalability Limitations
        2. IBGP Scalability Solutions
      3. BGP Route Reflector Design
        1. Route Reflector Split-Horizon Rule
        2. BGP Route Reflectors Redundancy Design Options and Considerations
        3. Route Reflector Potential Network Design Issues
      4. Enhancing the Design of BGP Policies with BGP Communities
        1. BGP Community Attribute Overview
        2. Well-Known BGP Communities
        3. BGP Named Community List
        4. Planning for the Use of BGP Communities
      5. Case Study: Designing Enterprise wide BGP Policies Using BGP Communities
        1. Enterprise BGP Policy Requirements
        2. BGP Community Solution Design
      6. BGP Load-Sharing Design
        1. Single-Homing Versus Multihoming
        2. Dual-Homing and Multihoming Design Considerations
      7. Summary
      8. Review Questions
  15. Part II: Enterprise IPv6 Design Considerations and Challenges
    1. Chapter 6. IPv6 Design Considerations in the Enterprise
      1. IPv6 Deployment and Design Considerations
        1. Business and Network Discovery Phase
        2. Assessment Phase
        3. Planning and Design Phase
        4. Implementation and Optimization Phases
      2. Considerations for Migration to IPv6 Design
        1. Acquiring IPv6 Prefixes
        2. Where to Start the Migration
        3. Migration Models and Design Considerations
      3. IPv6 Transition Mechanisms
        1. Dual Stack
        2. NAT64 and DNS64
        3. Manual Tunnels
        4. Tunnel Brokers
        5. 6 Rapid Deployment
        6. Dual-Stack Lite (DS-Lite)
        7. Locator/ID Separation Protocol (LISP)
      4. Final Thoughts on IPv6 Transition Mechanisms
      5. Summary
      6. Review Questions
    2. Chapter 7. Challenges of the Transition to IPv6
      1. IPv6 Services
        1. Name Services
        2. Addressing Services
        3. Security Services
      2. Link Layer Security Considerations
        1. Application Support
        2. Control Plane Security
        3. Dual-Stack Security Considerations
        4. Tunneling Security Considerations
        5. Multihoming
      3. Summary
      4. Review Questions
  16. Part III: Modern Enterprise Wide-Area Networks Design
    1. Chapter 8. Service Provider–Managed VPNs
      1. Choosing Your WAN Connection
      2. Layer 3 MPLS VPNs
        1. MPLS VPN Architecture
        2. Enterprise Routing Considerations
        3. Provider Edge (PE) Router Architecture
        4. PE-CE Routing Protocol
      3. Case Study: MPLS VPN Routing Propagation
        1. Forwarding in MPLS VPN
      4. Layer 2 MPLS VPN Services
        1. Virtual Private Wire Service (VPWS)
        2. Virtual Private LAN Service (VPLS)
        3. VPLS Versus VPWS
      5. Summary
      6. Review Questions
    2. Chapter 9. Enterprise-Managed WANs
      1. Enterprise-Managed VPN Overview
      2. GRE Overview
      3. Multipoint GRE Overview
      4. Point-to-Point and Multipoint GRE Comparison
      5. IPsec Overview
        1. IPsec and GRE
        2. IPsec and Virtual Tunnel Interface
      6. IPsec and Dynamic VTI
      7. DMVPN Overview
        1. DMVPN Phase 1
        2. DMVPN Phase 2
        3. DMVPN Phase 3
      8. Case Study: EIGRP DMVPN
        1. EIGRP over DMVPN Phase 1
        2. EIGRP over DMVPN Phase 2
        3. EIGRP over DMVPN Phase 3
        4. DMVPN Phase 1–3 Summary
      9. DMVPN and Redundancy
      10. Case Study: MPLS/VPN over GRE/DMVPN
      11. SSL VPN Overview
      12. FlexVPN Overview
        1. FlexVPN Architecture
        2. FlexVPN Capabilities
        3. FlexVPN Configuration Blocks
      13. GETVPN
      14. Summary
      15. Review Questions
    3. Chapter 10. Enterprise WAN Resiliency Design
      1. WAN Remote-Site Overview
      2. MPLS Layer 3 WAN Design Models
      3. Common Layer 2 WAN Design Models
      4. Common VPN WAN Design Models
      5. 3G/4G VPN Design Models
      6. Remote Site Using Local Internet
      7. Remote-Site LAN
      8. Case Study: Redundancy and Connectivity
        1. ATM WAN Design
        2. Remote-Site (Branch Office) WAN Design
        3. Regional Offices WAN Design
        4. Basic Traffic Engineering Techniques
      9. NGWAN, SDWAN, and IWAN Solution Overview
        1. Transport-Independent Design
        2. Intelligent Path Control
        3. Application Optimization
        4. Secure Connectivity
        5. Management
      10. IWAN Design Overview
        1. IWAN Hybrid Design Model
      11. Cisco PfR Overview
        1. Cisco PfR Operations
        2. Cisco IWAN and PfRv3
        3. Cisco PfRv3 Design and Deployment Considerations
      12. Enterprise WAN and Access Management
        1. APIC-EM
        2. Design of APIC-EM
      13. Summary
      14. Review Questions
  17. Part IV: Enterprise Data Center Designs
    1. Chapter 11. Multitier Enterprise Data Center Designs
      1. Case Study 1: Small Data Centers (Connecting Servers to an Enterprise LAN)
      2. Case Study 2: Two-Tier Data Center Network Architecture
      3. Case Study 3: Three-Tier Data Center Network Architecture
        1. Data Center Inter-VLAN Routing
        2. End of Row Versus Top of Rack Design
        3. Fabric Extenders
        4. Data Center High Availability
        5. Network Interface Controller Teaming
      4. Summary
      5. Review Questions
    2. Chapter 12. New Trends and Techniques to Design Modern Data Centers
      1. The Need for a New Network Architecture
      2. Limitations of Current Networking Technology
      3. Modern Data Center Design Techniques and Architectures
        1. Spine-Leaf Data Center Design
        2. Network Overlays
        3. VXLAN Tunnel Endpoint
        4. Remote VTEP Discovery and Tenant Address Learning
        5. VXLAN Control-Plane Optimization
        6. Software-Defined Networking
      4. Multitenant Data Center
        1. Secure Tenant Separation
        2. Case Study: Multitenant Data Center
        3. Microsegmentation with Overlay Networks
      5. Summary
      6. Review Questions
      7. References
    3. Chapter 13. Cisco Application-Centric Infrastructure
      1. ACI Characteristics
      2. How the Cisco ACI Addresses Current Networking Limitations
      3. Cisco ACI Architecture Components
        1. Cisco Application Policy Infrastructure Controller (APIC)
        2. Cisco ACI Fabric
      4. ACI Network Virtualization Overlays
      5. Application Design Principles with the Cisco ACI Policy Model
        1. What Is an Endpoint Group in Cisco ACI?
        2. ACI Fabric Access Polices
        3. Building Blocks of a Tenant in the Cisco ACI
        4. Crafting Applications Design with the Cisco ACI
        5. ACI Interaction with External Layer 2 Connections and Networks
      6. ACI Routing
        1. First-Hop Layer 3 Default Gateway in ACI
        2. Border Leaves
        3. Route Propagation inside the ACI Fabric
        4. Connecting the ACI Fabric to External Layer 3 Domains
        5. Integration and Migration to ACI Connectivity Options
      7. Summary
      8. Review Questions
      9. References
    4. Chapter 14. Data Center Connections
      1. Data Center Traffic Flows
        1. Traffic Flow Directions
        2. Traffic Flow Types
      2. The Need for DCI
      3. IP Address Mobility
      4. Case Study: Dark Fiber DCI
      5. Pseudowire DCI
        1. Virtual Private LAN Service DCI
        2. Customer-Managed Layer 2 DCI Deployment Models
        3. Overlay Networking DCI
        4. Layer 3 DCI
      6. Summary
      7. Review Questions
  18. Part V: Design QoS for Optimized User Experience
    1. Chapter 15. QoS Overview
      1. QoS Overview
      2. IntServ versus DiffServ
      3. Classification and Marking
        1. Classifications and Marking Tools
        2. Layer 2 Marking: IEEE 802.1Q/p Class of Service
        3. Layer 3 Marking: IP Type of Service
        4. Layer 3 Marking: DSCP Per-Hop Behaviors
        5. Layer 2.5 Marking: MPLS Experimental Bits
        6. Mapping QoS Markings between OSI Layers
        7. Layer 7 Classification: NBAR/NBAR2
      4. Policers and Shapers
        1. Token Bucket Algorithms
      5. Policing Tools: Single-Rate Three-Color Marker
      6. Policing Tools: Two-Rate Three-Color Marker
      7. Queuing Tools
        1. Tx-Ring
        2. Fair Queuing
        3. CBWFQ
      8. Dropping Tools
        1. DSCP-Based WRED
        2. IP ECN
      9. Summary
      10. Review Questions
    2. Chapter 16. QoS Design Principles and Best Practices
      1. QoS Overview
      2. Classification and Marking Design Principles
      3. Policing and Remarking Design Principles
      4. Queuing Design Principles
      5. Dropping Design Principles
      6. Per-Hop Behavior Queue Design Principles
      7. RFC 4594 QoS Recommendation
      8. QoS Strategy Models
        1. 4-Class QoS Strategy
        2. 8-Class QoS Strategy
        3. 12-Class QoS Strategy
      9. Summary
      10. Review Questions
    3. Chapter 17. Campus, WAN, and Data Center QoS Design
      1. Campus QoS Overview
        1. VoIP and Video
        2. Buffers and Bursts
        3. Trust States and Boundaries
        4. Classification/Marking/Policing QoS Model
        5. Queuing/Dropping Recommendations
        6. Link Aggregation “EtherChannel” QoS Design
        7. Practical Example of Campus QoS Design
      2. WAN QoS Overview
        1. Platform Performance Considerations
        2. Latency and Jitter Considerations
        3. Queuing Considerations
        4. Shaping Considerations
        5. Practical Example of WAN and Branch QoS
      3. Data Center QoS Overview
        1. High-Performance Trading Architecture
        2. Big Data Architecture
        3. Case Study: Virtualized Multiservice Architectures
        4. Data Center Bridging Toolset
        5. Case Study: DC QoS Application
      4. Summary
      5. Review Questions
    4. Chapter 18. MPLS VPN QoS Design
      1. The Need for QoS in MPLS VPN
      2. Layer 2 Private WAN QoS Administration
      3. Fully Meshed MPLS VPN QoS Administration
      4. MPLS DiffServ Tunneling Modes
        1. Uniform Tunneling Mode
        2. Short-Pipe Tunneling Mode
        3. Pipe Tunneling Mode
      5. Sample MPLS VPN QoS Roles
      6. Summary
      7. Review Questions
    5. Chapter 19. IPsec VPN QoS Design
      1. The Need for QoS in IPsec VPN
      2. VPN Use Cases and Their QoS Models
      3. IPsec Refresher
      4. IOS Encryption and Classification: Order of Operations
      5. MTU Considerations
      6. DMVPN QoS Considerations
      7. GET VPN QoS Considerations
      8. Summary
      9. Review Questions
  19. Part VI: IP Multicast Design
    1. Chapter 20. Enterprise IP Multicast Design
      1. How Does IP Multicast Work?
        1. Multicast Group
        2. IP Multicast Service Model
        3. Functions of a Multicast Network
      2. Multicast Protocols
      3. Multicast Forwarding and RPF Check
        1. Case Study 1: RPF Check Fails and Succeeds
      4. Multicast Protocol Basics
        1. Multicast Distribution Trees Identification
      5. PIM-SM Overview
        1. Receiver Joins PIM-SM Shared Tree
        2. Registered to RP
        3. PIM-SM SPT Switchover
      6. Multicast Routing Table
      7. Basic SSM Concepts
        1. SSM Scenario
      8. Bidirectional PIM
        1. PIM Modifications for Bidirectional Operation
        2. Case Study 2: DF Election
      9. Summary
      10. Review Questions
    2. Chapter 21. Rendezvous Point Distribution Solutions
      1. Rendezvous Point Discovery
        1. Rendezvous Placement
        2. Auto-RP
        3. PIMv2 BSR
        4. IPv6 Embedded Rendezvous Point
      2. Anycast RP Features
      3. Anycast RP Example
      4. MSDP Protocol Overview
        1. MSDP Neighbor Relationship
        2. Case Study: MSDP Operation
      5. Summary
      6. Review Questions
  20. Part VII: Designing Optimum Enterprise Network Security
    1. Chapter 22. Designing Security Services and Infrastructure Protection
      1. Network Security Zoning
      2. Cisco Modular Network Architecture
      3. Cisco Next-Generation Security
      4. Designing Infrastructure Protection
        1. Infrastructure Device Access
        2. Routing Infrastructure
        3. Device Resiliency and Survivability
        4. Network Policy Enforcement
        5. Switching Infrastructure
        6. SDN Security Considerations
      5. Summary
      6. Review Questions
    2. Chapter 23. Designing Firewall and IPS Solutions
      1. Firewall Architectures
      2. Virtualized Firewalls
      3. Case Study 1: Separation of Application Tiers
        1. Securing East-West Traffic
      4. Case Study 2: Implementing Firewalls in a Data Center
      5. Case Study 3: Firewall High Availability
      6. IPS Architectures
      7. Case Study 4: Building a Secure Campus Edge Design (Internet and Extranet Connectivity)
        1. Campus Edge
        2. Connecting External Partners
      8. Summary
      9. Review Questions
    3. Chapter 24. IP Multicast Security
      1. Multicast Security Challenges
      2. Problems in the Multicast Network
      3. Multicast Network Security Considerations
        1. Network Element Security
        2. Security at the Network Edge
        3. PIM and Internal Multicast Security
      4. Summary
      5. Review Questions
    4. Chapter 25. Designing Network Access Control Solutions
      1. IEEE 802.1X Overview
      2. Extensible Authentication Protocol
      3. 802.1X Supplicants
      4. IEEE 802.1X Phased Deployment
      5. Cisco TrustSec
        1. Profiling Service
        2. Security Group Tag
      6. Case Study: Authorization Options
      7. Summary
      8. Review Questions
  21. Part VIII: Design Scenarios
    1. Chapter 26. Design Case Studies
      1. Case Study 1: Design Enterprise Connectivity
        1. Detailed Requirements and Expectations
        2. Design Analysis and Task List
        3. Selecting a Replacement Routing Protocol
        4. Designing for the New Routing Protocol
        5. OSPF Design Optimization
        6. Planning and Designing the Migration from the Old to the New Routing
        7. Scaling the Design
      2. Case Study 2: Design Enterprise BGP Network with Internet Connectivity
        1. Detailed Requirements and Expectations
        2. Design Analysis and Task List
        3. Choosing the Routing Protocol
        4. Choosing the Autonomous System Numbers
        5. BGP Connectivity
        6. Routing Policy
        7. Internet Routing
      3. Case Study 3: Design Enterprise IPv6 Network
        1. Detailed Requirements and Expectations
        2. Design Analysis and Task List
        3. Choosing the IP Address Type for the HQ
        4. Connecting the Branch Sites
        5. Deployment Model
        6. Addressing
        7. Communication Between Branches
        8. Application and Service Migration
      4. Case Study 4: Design Enterprise Data Center Connectivity
        1. Detailed Requirements and Expectations
        2. Design Analysis and Task List
        3. Selecting the Data Center Architecture and Connectivity Model
        4. DCN Detailed Connectivity
        5. Connecting Network Appliances
        6. Data Center Interconnect
        7. Data Center Network Virtualization Design
      5. Case Study 5: Design Resilient Enterprise WAN
        1. Detailed Requirements and Expectations
        2. Design Analysis and Task List
        3. Selecting WAN Links
        4. WAN Overlay
      6. Case Study 6: Design Secure Enterprise Network
        1. Detailed Requirements and Expectations
        2. Security Domains and Zone Design
        3. Infrastructure and Network Access Security
        4. Layer 2 Security Considerations
        5. Main and Remote Location Firewalling
      7. Case Study 7: Design QoS in the Enterprise Network
        1. Detailed Requirements and Expectations
        2. Traffic Discovery and Analysis
        3. QoS Design Model
        4. QoS Trust Boundary
        5. Congestion Management
        6. Scavenger Traffic Considerations
        7. MPLS WAN DiffServ Tunneling
  22. Appendix A. Answers to Review Questions
    1. Chapter 1
    2. Chapter 2
    3. Chapter 3
    4. Chapter 4
    5. Chapter 5
    6. Chapter 6
    7. Chapter 7
    8. Chapter 8
    9. Chapter 9
    10. Chapter 10
    11. Chapter 11
    12. Chapter 12
    13. Chapter 13
    14. Chapter 14
    15. Chapter 15
    16. Chapter 16
    17. Chapter 17
    18. Chapter 18
    19. Chapter 19
    20. Chapter 20
    21. Chapter 21
    22. Chapter 22
    23. Chapter 23
    24. Chapter 24
    25. Chapter 25
  23. Appendix B. References
  24. Index
  25. Code Snippets