Outline VLAN. Inter-VLAN communication. Layer-3 Switches. Spanning Tree Protocol Recap

Size: px
Start display at page:

Download "Outline VLAN. Inter-VLAN communication. Layer-3 Switches. Spanning Tree Protocol Recap"

Transcription

1 Outline Network Virtualization and Data Center Networks DC Virtualization Basics Part 2 Qin Yin Fall Semester 2013 More words about VLAN Virtual Routing and Forwarding (VRF) The use of load balancers Load balancer proliferation in the data center ACE virtual contexts 1 2 VLAN Inter-VLAN communication VLANS are Ethernet broadcast domains Connecting VLANs Access ports: interfaces whose transmitted and received frames belong to a single VLAN VLAN trunks: transport multiple VLANs over a single Ethernet interface (VLAN tag) Inter-VLAN communication Router-on-a-Stick design Layer-3 switches Spanning tree protocol and VLANs Private VLAN Router Delicate one interface (0/0) connected to a switch trunk port Two sub-interfaces 0/ /0.201 Each sub-interface has an IP configured as the default gateway on the servers Router-on-a-Stick: VLAN-aware router can route IP packets between host located in different VLANs through a single Ethernet connection 3 4 Layer-3 Switches Spanning Tree Protocol Recap Switch Virtual Interface (SVI) Logical virtual interface Used to route IP packets from its associated VLAN Assign IP address to an SVI Use it as the default gateway for the servers belonging to the VLAN No need for an external router Misconception: Layer-3 VLAN Layer-3 switches: Network equipment that can implement hardware-based L2 switching and L3 forwarding STP algoryhme poem: I think that I shall never see A graph more lovely than a tree. A tree whose crucial property Is a loop-free connectivity. A tree that must be sure to span So packets can reach every LAN. First, the root must be selected. By ID, it is selected. Least-cost paths from root are traced. In the tree, these paths are placed. A mesh is made by folks like me, Then bridges find a spanning tree. Problem: loops Reason: Always forward a broadcast frame to every Ethernet interface except the one that received it Solution: spanning tree protocol Benefits: loopless topologies & path availability 5 6

2 Spanning Tree Protocol and VLANs Two solutions A single STP instance for all VLANs (CST) Different STP instances per VLAN (or group of VLANs) Benefits multiple instances Traffic from and to C can be statically load balanced A failure in segment A-C A failure in switch A With ST instances, VLANs can achieve virtualization in the control plan Private VLAN Three types of interfaces with a VLAN Promiscuous ports Isolated ports Community ports Two types of VLANs Primary VLAN Secondary VLAN Benefits Broadcast subdomains within a VLAN Improve partitioning scalability 7 8 Concepts From the Routing World (I) In DC, two classes of devices perform IP routing Layer 3 switches: routing between internal IP subnets Edge routers: connecting DC to external networks (Internet, corporate WAN, other DCs) Routing table (Routing Information Base - RIB) Control plane element Defines how to direct a received IP packet based on its destination address Can be controlled through Manual configuration (static routes) Routing protocols (OSPF, EIGRP, RIP, IS-IS, BGP) IP routing protocols assume all forwarding is destinationbased Concepts From the Routing World (II) Forwarding table (Forwarding Information Base FIB) Data plane element Effectively receives, stores, analyzes and forwards IP packets IP forwarding process Remove a packet from an input queue Check for sanity, decrement TTL Match packet s destination to a table entry field Place packet on correct output queue 9 10 VRF (Virtual Routing and Forwarding) VRF (Virtual Routing and Forwarding) In the same routing equipment Default routing instance: global routing table VRF virtual routing instances VRF is an independent router Interfaces and IP subnets Routing protocols Routing and forwarding table VRF natively virtualize both data and control planes In the same routing equipment Default routing instance: global routing table VRF virtual routing instances VRF is an independent router Interfaces and IP subnets Routing protocols Routing and forwarding table VRF natively virtualize both data and control planes A1 and A2 exchange routes through OSPF B1 and B2 exchange routes through EIGRP 11 12

3 VRF (Virtual Routing and Forwarding) VRFs In the same routing equipment Default routing instance: global routing table VRF virtual routing instances VRF is an independent router Interfaces and IP subnets Routing protocols Routing and forwarding table VRF natively virtualize both data and control planes Two common VLANs: VLAN 1100 and 1200 Used for L3 comm. between other subnets (called Transit VLANs) Provide isolated paths for VRFs in the same device (an SVI cannot belong to multiple VRFs) Were created to allow MPLS Layer 3 VPN deployment Each VRF represents a portion of a service provider router responsible for VPN customer routes In campus and DC networks, VRF Allows the creation of independent virtual routing instances that do not deploy MPLS (VRF-lite) Provides the partitioning of routing and forwarding tables within existing networking equipment Use Case DC Network Segmentation Use Case DC Network Segmentation Logical topology Three distinct environments Corporate Internet Partner Logical topology Global routing tables for corporate environment An Internet VRF A partner VRF VRFs on the edge router use physical interfaces VRFs on the switch use SVIs Logical topology Physical topology Application Networking Services Network services A set of repetitive operations that application servers or client devices would normally deploy Examples: load balancing, security, monitoring, acceleration, etc. Can be implemented by specialized network equipment Network service devices Grant services that save capital and operational investments Bring simplicity to the data center operations Avoiding multiple software configurations on servers and client devices Examples Security firewalls Performance monitor tools Accelerators Load balancer Very common in data centers today Will explore virtualization on one network service: app load balancing Network Service Device Challenges How to isolate these devices according to the company policies? How to correctly size these devices Trade-off Hardware budget Resource utilization Virtual contexts Allow the creation of abstract instances of network equipment inside a single physical device Support enhanced resource allocation control and management isolation 17 18

4 DNS Server Load Balancing Hardware-based load balancers To improve the server load-balancing solution that DNS servers provide Forwarding decisions are based on Layers 4 to 7 parameters TCP/UDP destination port, HTTP URL,HTTP session cookie, etc. Usage Application scaling, Traffic engineering tools Challenge 1: DNS servers are not aware of the application state in the balanced servers Challenge 2: DNS servers are not aware of the load information from the balanced servers Challenge 3: DNS request does not specify which type of traffic, or the type of device Load Balancer Comparison Load-Balancing Elements Platform dependency Management complexity Resource guarantee Server-based software solution LB configuration depends on the OS or app installed on the servers Be configured and managed in every server Shares server resources with the main application - can affect application performance Hardware-based load balancer No dependency One hardware Specialized hardware - Predictable performance Real Servers A server farm A set of real servers that share the same application Probes Check application availability on a real server (ICMP or HTTP GET) The virtual IP Internal address LB uses to receive client connections The stickiness table Store client info during its first access A predictor Method of load distribution among real servers in a farm Round-robin Predictor Next available server in an ordered list created for the server farm Application traffic characteristics Homogeneous user connections (in duration and data exchange) Unknown behavior Least-connections Predictor Directs to the server with the lowest number of existing connections in the server farm Application traffic characteristics Heterogeneous user connections (in duration and data exchange) Known maximum connections inflection point on servers 23 24

5 Hashing Predictor Perform a hashing operation on a predefined parameter like IP address, HTTP cookie, or URL Another connection with the same parameter will always reach the same server Application traffic characteristics Single-server selection since the first connection Cache or firewall load balancing Parameters that are wellspread among clients Least-loaded Predictor Measure the current utilization (or load) of the real servers Application traffic characteristics Server has SNMP agent MIB variable value can be used to define the server load Server Response Time Predictor Load balancing fine-tuning Directs to the server with the lowest average response time in a server farm Server response time is the time interval between A SYN sent to a server and a SYN/ACK received by the load balancer (Layer 4) An HTTP GET to a server and its response The establishment and explicit termination of a connection The choice depends on the switching operation type the load balancer is configured to perform Weights Define the proportion of connections each server will receive Round-robin predictor Percentage of all connections that are distributed to each server Least-connection predictor Percentage of current connections that are distributed to each server Limitation of connections Consider as nonoperational if real server reaches its max number of configured connections Until it lowers its value below min connections Layer 4 Switching Parameters considered IP addresses, IP protocols, TCP/UDP ports Contained in TCP SYN or first UDP datagram Load balancer Coordinates rewrites on Ethernet, IP, TCP/UDP Layer 7 Switching Parameters Obtained from Layer 5-7 (session, presentation, app) Load balancer Becomes a TCP proxy Establishes connection with client on behalf of real server Control two completely different connections (distinct checksum and sequence no.) The spoofing process is called delayed binding or proxy connection 29 30

6 Connection Management Symmetric All packets always reach the load balancer Load balancer is aware of the entire communication More popular Asymmetric Dispatching traffic to a server and not participating in the communication from the server back to the client Pros: not overloading LB from excessive return traffic from servers Cons: not supporting some features like address translation; timeout Address Translation and Load Balancing Several mode of address and port translation Server NAT Dual NAT Port redirection Transparent Server NAT Dual NAT LB protects servers that are on private networks not reachable by clients Connection symmetry is mandatory LB interface is the default gateway for the real server Static or dynamic routing forwards traffic from the servers to the LB Network Address Translation (NAT) and Port Address Translation (PAT) Port Redirection Transparent Mode Enables static translation of destination TCP & UDP port addresses Hide from the client the internal complexity of the servers that might receive connections from nontraditional ports No change on source or destination addresses Deploy in load-balancing scenarios of devices other than servers VIP is configured for all destination IP addresses or for a specific subnet 35 36

7 Load-balancing Applications Application on other service devices Firewall load balancing To scale out firewall capacity Reverse proxy load balancing Reverse proxy: a proxy server placed as a front-end service for clients coming from outside network Offloading servers Secure Socket Layer (SSL) offload TCP offload HTTP compression SSL Termination Total offload of encryption from the servers Layer 5-7 awareness for Layer 7 switching in SSL connections Savings on public certificates because only the load balancer requires one SSL Initiation Performs SSL negotiation and encryption on behalf of the SSL client (can be a local server) Useful for SSL servers accessible through the Internet Avoid spending on unnecessary public certificates End-to-End SSL Can deploy a less intensive encryption on the servers Allows Layer 7 switching without losing the connection security Only the load balancer needs a public certificate No exchange of business traffic in clear text Load Balancer Proliferation in DC Load Balancer Performance Load balancers are typically connected to the aggregation layer of a data center network Provide network service on VLANs accessible to servers Reality: load balancer proliferation Reasons Load balancer performance Security policies Suboptimal traffic avoidance Application environment independency Performance parameters Bandwidth How many bits per second can go through a load balancer Concurrent connections How many user connection the device can serve simultaneously New connections per second How fast a load balancer can absorb new client connections To deal with saturation Scaling up Scaling out 41 42

8 Security Policies No sharing of network devices among different application environment Separate LBs for security zones or app importance Configuration complexity grows when there is LB sharing among firewall security zones Every DMZ needs separate LBs These devices are underutilized Load balancer balances: - DMX servers (for Internet users) - Intranet servers (for employees) Suboptimal Traffic Sometime DC network topology justifies the decision to acquire another pair of load balancers Example: Load balancer shared among servers distributed on different aggregation switches Data packets from 2&3 must traverse the core switches twice Harms the uplink usage Increases application response time Application Environment Independency Reasons Company policies might restrict the level of device sharing among different tiers (managed by different teams). Multitenant data center with independent customers Virtual Contexts Introduced to address Load balancer proliferation Low utilization of the devices ACE (Cisco Application Control Engine) virtual context An abstraction of an independent load balancer with its own Interfaces Configuration Policies Administrators Overview of ACE Virtual Contexts Creating and Allocating resources to Virtual Contexts Memory resources Access list entries Buffers for syslog messages and TCP out-of-order segments Concurrent connections through the context Management connections to the context Proxy connections for Layer 7 switching Regular expression for operations such as URL switching Stickiness table entries Address translation Rate resources Bandwidth through the context Connections per second Inspected connection from special protocols HTTP compression performance MAC misses for frames for which ACE does not have an ARP entry Management connections per second to the context SSL connections per second Syslog messages per second 47 48

9 Resource Allocation Resource class Defines how the physical resources are allocated to a virtual context Configures the min and max for each resource independently (refer to the total physical device capacity) Total min allocated resource & physical resources <: Shared area of unallocated resources >: Error message all resources in use Load Balance Virtualization Increases efficiency in application rollouts No dependency on an acquisition and physical installation Resource allocation for virtual contexts Increases hardware utilization Performance customization - tailored for application environment performance Easy provision and fast deployment Easily change virtual context performance parameters Integrating ACE Virtual Context Three main designs for ACE virtual context networking Routed design Bridged design One-armed design Routed Design VC performs the function of a router, connecting different IP subnets ACE VC has SVIs as interfaces Symmetric connection ACE VC only supports static routing Bridged Design One-Armed Design VC acts similarly to a transparent bridge ACE VC has BVIs as interfaces Enables symmetric connection management without routing tweaks Permits VLANs to be mapped to a single subnet Only load-balanced connections are sent to the VC VC is relieved from direct traffic from or to the servers Avoiding unnecessary user of ACE resources For symmetric load balancing Policy based routing Dual NAT 53 54

10 Configuring ACE Virtual Context (I) By default, VC does not allow any management, control, or data plane communication Allowing management traffic to a Virtual Context Management class map Defines the management protocols ACE will allow (ICMP, telnet, SSH, etc.) Policy map Actually permits these protocols Apply the policy map to an interface, to a group of interfaces Configuring ACE Virtual Context (II) Allowing load balancing traffic through a virtual context Using access lists, a VC permits traffic to be processed by the ACE data plane Load balancing configuration steps Real servers and probe configuration Server farms (predictor and probes) (optional) Layer 7 class maps Enables Layer 7 switching (optional) Policy maps Links classes of traffic with server farms Virtual IP class map Multimatch policy map Links the VIP and policy map Service policy Multimatch policy can be applied to an interface, or a group of interfaces 55 56

Network Virtualization and Data Center Networks 263-3825-00 Data Center Virtualization - Basics. Qin Yin Fall Semester 2013

Network Virtualization and Data Center Networks 263-3825-00 Data Center Virtualization - Basics. Qin Yin Fall Semester 2013 Network Virtualization and Data Center Networks 263-3825-00 Data Center Virtualization - Basics Qin Yin Fall Semester 2013 1 Walmart s Data Center 2 Amadeus Data Center 3 Google s Data Center 4 Data Center

More information

Application Delivery Networking

Application Delivery Networking Application Delivery Networking. Raj Jain Washington University in Saint Louis Saint Louis, MO 63130 Jain@cse.wustl.edu These slides and audio/video recordings of this class lecture are at: 8-1 Overview

More information

Switching in an Enterprise Network

Switching in an Enterprise Network Switching in an Enterprise Network Introducing Routing and Switching in the Enterprise Chapter 3 Version 4.0 2006 Cisco Systems, Inc. All rights reserved. Cisco Public 1 Objectives Compare the types of

More information

Walmart s Data Center. Amadeus Data Center. Google s Data Center. Data Center Evolution 1.0. Data Center Evolution 2.0

Walmart s Data Center. Amadeus Data Center. Google s Data Center. Data Center Evolution 1.0. Data Center Evolution 2.0 Walmart s Data Center Network Virtualization and Data Center Networks 263-3825-00 Data Center Virtualization - Basics Qin Yin Fall emester 2013 1 2 Amadeus Data Center Google s Data Center 3 4 Data Center

More information

The Network Level in Local Area Networks. Fulvio Risso Politecnico di Torino

The Network Level in Local Area Networks. Fulvio Risso Politecnico di Torino The Network Level in Local Area Networks Fulvio Risso Politecnico di Torino 1 LANs and Routers Routers are a fundamental part of a LAN We cannot imagine a network without access to the Internet and/or

More information

VLAN und MPLS, Firewall und NAT,

VLAN und MPLS, Firewall und NAT, Internet-Technologien (CS262) VLAN und MPLS, Firewall und NAT, 15.4.2015 Christian Tschudin Departement Mathematik und Informatik, Universität Basel 6-1 Wiederholung Unterschied CSMA/CD und CSMA/CA? Was

More information

Networking and High Availability

Networking and High Availability TECHNICAL BRIEF Networking and High Availability Deployment Note Imperva appliances support a broad array of deployment options, enabling seamless integration into any data center environment. can be configured

More information

A host-based firewall can be used in addition to a network-based firewall to provide multiple layers of protection.

A host-based firewall can be used in addition to a network-based firewall to provide multiple layers of protection. A firewall is a software- or hardware-based network security system that allows or denies network traffic according to a set of rules. Firewalls can be categorized by their location on the network: A network-based

More information

Networking and High Availability

Networking and High Availability yeah SecureSphere Deployment Note Networking and High Availability Imperva SecureSphere appliances support a broad array of deployment options, enabling seamless integration into any data center environment.

More information

DMZ Network Visibility with Wireshark June 15, 2010

DMZ Network Visibility with Wireshark June 15, 2010 DMZ Network Visibility with Wireshark June 15, 2010 Ashok Desai Senior Network Specialist Intel Information Technology SHARKFEST 10 Stanford University June 14-17, 2010 Outline Presentation Objective DMZ

More information

SSVP SIP School VoIP Professional Certification

SSVP SIP School VoIP Professional Certification SSVP SIP School VoIP Professional Certification Exam Objectives The SSVP exam is designed to test your skills and knowledge on the basics of Networking and Voice over IP. Everything that you need to cover

More information

VXLAN: Scaling Data Center Capacity. White Paper

VXLAN: Scaling Data Center Capacity. White Paper VXLAN: Scaling Data Center Capacity White Paper Virtual Extensible LAN (VXLAN) Overview This document provides an overview of how VXLAN works. It also provides criteria to help determine when and where

More information

Proxy Server, Network Address Translator, Firewall. Proxy Server

Proxy Server, Network Address Translator, Firewall. Proxy Server Proxy Server, Network Address Translator, Firewall 1 Proxy Server 2 1 Introduction What is a proxy server? Acts on behalf of other clients, and presents requests from other clients to a server. Acts as

More information

Cisco Certified Network Associate Exam. Operation of IP Data Networks. LAN Switching Technologies. IP addressing (IPv4 / IPv6)

Cisco Certified Network Associate Exam. Operation of IP Data Networks. LAN Switching Technologies. IP addressing (IPv4 / IPv6) Cisco Certified Network Associate Exam Exam Number 200-120 CCNA Associated Certifications CCNA Routing and Switching Operation of IP Data Networks Operation of IP Data Networks Recognize the purpose and

More information

How To Configure InterVLAN Routing on Layer 3 Switches

How To Configure InterVLAN Routing on Layer 3 Switches How To Configure InterVLAN Routing on Layer 3 Switches Document ID: 41860 Contents Introduction Prerequisites Requirements Components Used Conventions Configure InterVLAN Routing Task Step by Step Instructions

More information

642 523 Securing Networks with PIX and ASA

642 523 Securing Networks with PIX and ASA 642 523 Securing Networks with PIX and ASA Course Number: 642 523 Length: 1 Day(s) Course Overview This course is part of the training for the Cisco Certified Security Professional and the Cisco Firewall

More information

Course Overview: Learn the essential skills needed to set up, configure, support, and troubleshoot your TCP/IP-based network.

Course Overview: Learn the essential skills needed to set up, configure, support, and troubleshoot your TCP/IP-based network. Course Name: TCP/IP Networking Course Overview: Learn the essential skills needed to set up, configure, support, and troubleshoot your TCP/IP-based network. TCP/IP is the globally accepted group of protocols

More information

Knowledgebase Solution

Knowledgebase Solution Knowledgebase Solution Goal Enable coexistence of a 3 rd -party VPN / Firewall with an EdgeMarc appliance. Describe characteristics and tradeoffs of different topologies. Provide configuration information

More information

20. Switched Local Area Networks

20. Switched Local Area Networks 20. Switched Local Area Networks n Addressing in LANs (ARP) n Spanning tree algorithm n Forwarding in switched Ethernet LANs n Virtual LANs n Layer 3 switching n Datacenter networks John DeHart Based on

More information

OVERLAYING VIRTUALIZED LAYER 2 NETWORKS OVER LAYER 3 NETWORKS

OVERLAYING VIRTUALIZED LAYER 2 NETWORKS OVER LAYER 3 NETWORKS OVERLAYING VIRTUALIZED LAYER 2 NETWORKS OVER LAYER 3 NETWORKS Matt Eclavea (meclavea@brocade.com) Senior Solutions Architect, Brocade Communications Inc. Jim Allen (jallen@llnw.com) Senior Architect, Limelight

More information

Exhibit n.2: The layers of a hierarchical network

Exhibit n.2: The layers of a hierarchical network 3. Advanced Secure Network Design 3.1 Introduction You already know that routers are probably the most critical equipment piece in today s networking. Without routers, internetwork communication would

More information

Top-Down Network Design

Top-Down Network Design Top-Down Network Design Chapter Five Designing a Network Topology Copyright 2010 Cisco Press & Priscilla Oppenheimer Topology A map of an internetwork that indicates network segments, interconnection points,

More information

Cisco Local Director Abstract. Stephen Gill E-mail: gillsr@cymru.com Revision: 1.0, 04/18/2001

Cisco Local Director Abstract. Stephen Gill E-mail: gillsr@cymru.com Revision: 1.0, 04/18/2001 Cisco Local Director Abstract Stephen Gill E-mail: gillsr@cymru.com Revision: 1.0, 04/18/2001 Contents Introduction... 2 Dispatch v. Directed... 2 Network Configuration Options... 3 Switched Environment

More information

DATA CENTER. Best Practices for High Availability Deployment for the Brocade ADX Switch

DATA CENTER. Best Practices for High Availability Deployment for the Brocade ADX Switch DATA CENTER Best Practices for High Availability Deployment for the Brocade ADX Switch CONTENTS Contents... 2 Executive Summary... 3 Introduction... 3 Brocade ADX HA Overview... 3 Hot-Standby HA... 4 Active-Standby

More information

640-816: Interconnecting Cisco Networking Devices Part 2 v1.1

640-816: Interconnecting Cisco Networking Devices Part 2 v1.1 640-816: Interconnecting Cisco Networking Devices Part 2 v1.1 Course Introduction Course Introduction Chapter 01 - Small Network Implementation Introducing the Review Lab Cisco IOS User Interface Functions

More information

Load Balancing and Sessions. C. Kopparapu, Load Balancing Servers, Firewalls and Caches. Wiley, 2002.

Load Balancing and Sessions. C. Kopparapu, Load Balancing Servers, Firewalls and Caches. Wiley, 2002. Load Balancing and Sessions C. Kopparapu, Load Balancing Servers, Firewalls and Caches. Wiley, 2002. Scalability multiple servers Availability server fails Manageability Goals do not route to it take servers

More information

DEPLOYMENT GUIDE Version 1.1. DNS Traffic Management using the BIG-IP Local Traffic Manager

DEPLOYMENT GUIDE Version 1.1. DNS Traffic Management using the BIG-IP Local Traffic Manager DEPLOYMENT GUIDE Version 1.1 DNS Traffic Management using the BIG-IP Local Traffic Manager Table of Contents Table of Contents Introducing DNS server traffic management with the BIG-IP LTM Prerequisites

More information

Cisco Application Networking Manager Version 2.0

Cisco Application Networking Manager Version 2.0 Cisco Application Networking Manager Version 2.0 Cisco Application Networking Manager (ANM) software enables centralized configuration, operations, and monitoring of Cisco data center networking equipment

More information

ZEN LOAD BALANCER EE v3.04 DATASHEET The Load Balancing made easy

ZEN LOAD BALANCER EE v3.04 DATASHEET The Load Balancing made easy ZEN LOAD BALANCER EE v3.04 DATASHEET The Load Balancing made easy OVERVIEW The global communication and the continuous growth of services provided through the Internet or local infrastructure require to

More information

Interconnecting Cisco Networking Devices Part 2

Interconnecting Cisco Networking Devices Part 2 Interconnecting Cisco Networking Devices Part 2 Course Number: ICND2 Length: 5 Day(s) Certification Exam This course will help you prepare for the following exam: 640 816: ICND2 Course Overview This course

More information

Network Virtualization Network Admission Control Deployment Guide

Network Virtualization Network Admission Control Deployment Guide Network Virtualization Network Admission Control Deployment Guide This document provides guidance for enterprises that want to deploy the Cisco Network Admission Control (NAC) Appliance for their campus

More information

Load Balancing. Final Network Exam LSNAT. Sommaire. How works a "traditional" NAT? Un article de Le wiki des TPs RSM.

Load Balancing. Final Network Exam LSNAT. Sommaire. How works a traditional NAT? Un article de Le wiki des TPs RSM. Load Balancing Un article de Le wiki des TPs RSM. PC Final Network Exam Sommaire 1 LSNAT 1.1 Deployement of LSNAT in a globally unique address space (LS-NAT) 1.2 Operation of LSNAT in conjunction with

More information

RESILIENT NETWORK DESIGN

RESILIENT NETWORK DESIGN Matěj Grégr RESILIENT NETWORK DESIGN 1/36 2011 Brno University of Technology, Faculty of Information Technology, Matěj Grégr, igregr@fit.vutbr.cz Campus Best Practices - Resilient network design Campus

More information

9025- TCP/IP Networking. History and Standards. Review of Numbering Systems. Local Signaling. IP Addressing

9025- TCP/IP Networking. History and Standards. Review of Numbering Systems. Local Signaling. IP Addressing 9025- TCP/IP Networking History and Standards ARPA NCP TCP, IP, ARPANET PARC Collaborative Network Requirements One Protocol? Peer-to-Peer Protocols Documentation and RFCs RFC Categories Where to Find

More information

Security+ Guide to Network Security Fundamentals, Fourth Edition. Chapter 6 Network Security

Security+ Guide to Network Security Fundamentals, Fourth Edition. Chapter 6 Network Security Security+ Guide to Network Security Fundamentals, Fourth Edition Chapter 6 Network Security Objectives List the different types of network security devices and explain how they can be used Define network

More information

CCT vs. CCENT Skill Set Comparison

CCT vs. CCENT Skill Set Comparison Operation of IP Data Networks Recognize the purpose and functions of various network devices such as Routers, Switches, Bridges and Hubs Select the components required to meet a given network specification

More information

Enabling Multiple Wireless Networks on RV320 VPN Router, WAP321 Wireless-N Access Point, and Sx300 Series Switches

Enabling Multiple Wireless Networks on RV320 VPN Router, WAP321 Wireless-N Access Point, and Sx300 Series Switches print email Article ID: 4941 Enabling Multiple Wireless Networks on RV320 VPN Router, WAP321 Wireless-N Access Point, and Sx300 Series Switches Objective In an ever-changing business environment, your

More information

Transport and Network Layer

Transport and Network Layer Transport and Network Layer 1 Introduction Responsible for moving messages from end-to-end in a network Closely tied together TCP/IP: most commonly used protocol o Used in Internet o Compatible with a

More information

Avaya P330 Load Balancing Manager User Guide

Avaya P330 Load Balancing Manager User Guide Avaya P330 Load Balancing Manager User Guide March 2002 Avaya P330 Load Balancing Manager User Guide Copyright 2002 Avaya Inc. ALL RIGHTS RESERVED The products, specifications, and other technical information

More information

"Charting the Course...

Charting the Course... Description "Charting the Course... Course Summary Interconnecting Cisco Networking Devices: Accelerated (CCNAX), is a course consisting of ICND1 and ICND2 content in its entirety, but with the content

More information

Understanding Slow Start

Understanding Slow Start Chapter 1 Load Balancing 57 Understanding Slow Start When you configure a NetScaler to use a metric-based LB method such as Least Connections, Least Response Time, Least Bandwidth, Least Packets, or Custom

More information

Advanced VSAT Solutions Bridge Point-to-Multipoint (BPM) Overview

Advanced VSAT Solutions Bridge Point-to-Multipoint (BPM) Overview 2114 West 7 th Street Tempe, AZ 85281 USA Voice +1.480.333.2200 E-mail sales@comtechefdata.com Web www.comtechefdata.com Advanced VSAT Solutions Bridge Point-to-Multipoint (BPM) Overview January 2014 2014

More information

ZEN LOAD BALANCER EE v3.02 DATASHEET The Load Balancing made easy

ZEN LOAD BALANCER EE v3.02 DATASHEET The Load Balancing made easy ZEN LOAD BALANCER EE v3.02 DATASHEET The Load Balancing made easy OVERVIEW The global communication and the continuous growth of services provided through the Internet or local infrastructure require to

More information

SSVVP SIP School VVoIP Professional Certification

SSVVP SIP School VVoIP Professional Certification SSVVP SIP School VVoIP Professional Certification Exam Objectives The SSVVP exam is designed to test your skills and knowledge on the basics of Networking, Voice over IP and Video over IP. Everything that

More information

Internet Firewall CSIS 4222. Packet Filtering. Internet Firewall. Examples. Spring 2011 CSIS 4222. net15 1. Routers can implement packet filtering

Internet Firewall CSIS 4222. Packet Filtering. Internet Firewall. Examples. Spring 2011 CSIS 4222. net15 1. Routers can implement packet filtering Internet Firewall CSIS 4222 A combination of hardware and software that isolates an organization s internal network from the Internet at large Ch 27: Internet Routing Ch 30: Packet filtering & firewalls

More information

IOS NAT Load Balancing with Optimized Edge Routing for Two Internet Connections

IOS NAT Load Balancing with Optimized Edge Routing for Two Internet Connections IOS NAT Load Balancing with Optimized Edge Routing for Two Internet Connections Document ID: 99427 Contents Introduction Prerequisites Requirements Components Used Conventions Configure Network Diagram

More information

Network Protocol Configuration

Network Protocol Configuration Table of Contents Table of Contents Chapter 1 Configuring IP Addressing... 1 1.1 IP Introduction... 1 1.1.1 IP... 1 1.1.2 IP Routing Protocol... 1 1.2 Configuring IP Address Task List... 2 1.3 Configuring

More information

Introduction about cisco company and its products (network devices) Tell about cisco offered courses and its salary benefits (ccna ccnp ccie )

Introduction about cisco company and its products (network devices) Tell about cisco offered courses and its salary benefits (ccna ccnp ccie ) CCNA Introduction about cisco company and its products (network devices) Tell about cisco offered courses and its salary benefits (ccna ccnp ccie ) Inform about ccna its basic course of networking Emergence

More information

Internet Ideal: Simple Network Model

Internet Ideal: Simple Network Model Middleboxes Reading: Ch. 8.4 Internet Ideal: Simple Network Model Globally unique identifiers Each node has a unique, fixed IP address reachable from everyone and everywhere Simple packet forwarding Network

More information

CCNP SWITCH: Implementing High Availability and Redundancy in a Campus Network

CCNP SWITCH: Implementing High Availability and Redundancy in a Campus Network CCNP SWITCH: Implementing High Availability and Redundancy in a Campus Network Olga Torstensson SWITCHv6 1 Components of High Availability Redundancy Technology (including hardware and software features)

More information

Multi-Homing Security Gateway

Multi-Homing Security Gateway Multi-Homing Security Gateway MH-5000 Quick Installation Guide 1 Before You Begin It s best to use a computer with an Ethernet adapter for configuring the MH-5000. The default IP address for the MH-5000

More information

What is VLAN Routing?

What is VLAN Routing? Application Note #38 February 2004 What is VLAN Routing? This Application Notes relates to the following Dell product(s): 6024 and 6024F 33xx Abstract Virtual LANs (VLANs) offer a method of dividing one

More information

Firewall Load Balancing

Firewall Load Balancing CHAPTER 6 This chapter describes the (FWLB) feature. It includes the following sections: FWLB Overview, page 6-1 FWLB Features, page 6-2 FWLB Configuration Tasks, page 6-3 Monitoring and Maintaining FWLB,

More information

Availability Digest. www.availabilitydigest.com. Redundant Load Balancing for High Availability July 2013

Availability Digest. www.availabilitydigest.com. Redundant Load Balancing for High Availability July 2013 the Availability Digest Redundant Load Balancing for High Availability July 2013 A large data center can comprise hundreds or thousands of servers. These servers must not only be interconnected, but they

More information

Configuring the Transparent or Routed Firewall

Configuring the Transparent or Routed Firewall 5 CHAPTER This chapter describes how to set the firewall mode to routed or transparent, as well as how the firewall works in each firewall mode. This chapter also includes information about customizing

More information

How Different Components of the Internet Works Together?

How Different Components of the Internet Works Together? How Different Components of the Internet Works Together? Sandip Chakraborty Department of Computer Science and Engineering, INDIAN INSTITUTE OF TECHNOLOGY KHARAGPUR April 12, 2015 Sandip Chakraborty (IIT

More information

Document No. FO1101 Issue Date: Work Group: FibreOP Technical Team October 31, 2013 FINAL:

Document No. FO1101 Issue Date: Work Group: FibreOP Technical Team October 31, 2013 FINAL: Document No. FO1101 Issue Date: Work Group: FibreOP Technical Team October 31, 2013 FINAL: Title: FibreOP Business Internet 5 Static IP Customer Configuration Version 1.1 Summary: This document provides

More information

Internet Protocol: IP packet headers. vendredi 18 octobre 13

Internet Protocol: IP packet headers. vendredi 18 octobre 13 Internet Protocol: IP packet headers 1 IPv4 header V L TOS Total Length Identification F Frag TTL Proto Checksum Options Source address Destination address Data (payload) Padding V: Version (IPv4 ; IPv6)

More information

EXINDA NETWORKS. Deployment Topologies

EXINDA NETWORKS. Deployment Topologies EXINDA NETWORKS Deployment Topologies September 2005 :: Award Winning Application Traffic Management Solutions :: :: www.exinda.com :: Exinda Networks :: info@exinda.com :: 2005 Exinda Networks Pty Ltd.

More information

Networking 4 Voice and Video over IP (VVoIP)

Networking 4 Voice and Video over IP (VVoIP) Networking 4 Voice and Video over IP (VVoIP) Course Objectives This course will give delegates a good understanding of LANs, WANs and VVoIP (Voice and Video over IP). It is aimed at those who want to move

More information

COURSE AGENDA. Lessons - CCNA. CCNA & CCNP - Online Course Agenda. Lesson 1: Internetworking. Lesson 2: Fundamentals of Networking

COURSE AGENDA. Lessons - CCNA. CCNA & CCNP - Online Course Agenda. Lesson 1: Internetworking. Lesson 2: Fundamentals of Networking COURSE AGENDA CCNA & CCNP - Online Course Agenda Lessons - CCNA Lesson 1: Internetworking Internetworking models OSI Model Discuss the OSI Reference Model and its layers Purpose and function of different

More information

Deploying the Barracuda Load Balancer with Office Communications Server 2007 R2. Office Communications Server Overview.

Deploying the Barracuda Load Balancer with Office Communications Server 2007 R2. Office Communications Server Overview. Deploying the Barracuda Load Balancer with Office Communications Server 2007 R2 Organizations can use the Barracuda Load Balancer to enhance the scalability and availability of their Microsoft Office Communications

More information

ExamPDF. Higher Quality,Better service!

ExamPDF. Higher Quality,Better service! ExamPDF Higher Quality,Better service! Q&A Exam : 1Y0-A21 Title : Basic Administration for Citrix NetScaler 9.2 Version : Demo 1 / 5 1.Scenario: An administrator is working with a Citrix consultant to

More information

- Multilayer Switching -

- Multilayer Switching - 1 Routing Between VLANs - Multilayer Switching - By default, a switch will forward both broadcasts and multicasts out every port but the originating port. However, a switch can be logically segmented into

More information

TRILL for Data Center Networks

TRILL for Data Center Networks 24.05.13 TRILL for Data Center Networks www.huawei.com enterprise.huawei.com Davis Wu Deputy Director of Switzerland Enterprise Group E-mail: wuhuajun@huawei.com Tel: 0041-798658759 Agenda 1 TRILL Overview

More information

Cisco ACE 4710 Application Control Engine

Cisco ACE 4710 Application Control Engine Data Sheet Cisco ACE 4710 Application Control Engine Product Overview The Cisco ACE 4710 Application Control Engine (Figure 1) belongs to the Cisco ACE family of application switches, used to increase

More information

2. IP Networks, IP Hosts and IP Ports

2. IP Networks, IP Hosts and IP Ports 1. Introduction to IP... 1 2. IP Networks, IP Hosts and IP Ports... 1 3. IP Packet Structure... 2 4. IP Address Structure... 2 Network Portion... 2 Host Portion... 3 Global vs. Private IP Addresses...3

More information

Enterprise Data Center Topology

Enterprise Data Center Topology CHAPTER 2 This chapter provides a detailed description on how to harden and modify enterprise data center topologies for data center security. It includes the following sections: Overview Network Design

More information

CLOUD NETWORKING FOR ENTERPRISE CAMPUS APPLICATION NOTE

CLOUD NETWORKING FOR ENTERPRISE CAMPUS APPLICATION NOTE CLOUD NETWORKING FOR ENTERPRISE CAMPUS APPLICATION NOTE EXECUTIVE SUMMARY This application note proposes Virtual Extensible LAN (VXLAN) as a solution technology to deliver departmental segmentation, business

More information

EVOLVING ENTERPRISE NETWORKS WITH SPB-M APPLICATION NOTE

EVOLVING ENTERPRISE NETWORKS WITH SPB-M APPLICATION NOTE EVOLVING ENTERPRISE NETWORKS WITH SPB-M APPLICATION NOTE EXECUTIVE SUMMARY Enterprise network managers are being forced to do more with less. Their networks are growing in size and complexity. They need

More information

Implementing Cisco IOS Network Security

Implementing Cisco IOS Network Security Implementing Cisco IOS Network Security IINS v3.0; 5 Days, Instructor-led Course Description Implementing Cisco Network Security (IINS) v3.0 is a 5-day instructor-led course focusing on security principles

More information

Set Up a VM-Series Firewall on the Citrix SDX Server

Set Up a VM-Series Firewall on the Citrix SDX Server Set Up a VM-Series Firewall on the Citrix SDX Server Palo Alto Networks VM-Series Deployment Guide PAN-OS 6.1 Contact Information Corporate Headquarters: Palo Alto Networks 4401 Great America Parkway Santa

More information

CLE202 Introduction to ServerIron ADX Application Switching and Load Balancing

CLE202 Introduction to ServerIron ADX Application Switching and Load Balancing Introduction to ServerIron ADX Application Switching and Load Balancing Student Guide Revision : Introduction to ServerIron ADX Application Switching and Load Balancing Corporate Headquarters - San

More information

Chapter 7. Address Translation

Chapter 7. Address Translation Chapter 7. Address Translation This chapter describes NetDefendOS address translation capabilities. Dynamic Network Address Translation, page 204 NAT Pools, page 207 Static Address Translation, page 210

More information

Cisco Discovery 3: Introducing Routing and Switching in the Enterprise 157.8 hours teaching time

Cisco Discovery 3: Introducing Routing and Switching in the Enterprise 157.8 hours teaching time Essential Curriculum Computer Networking II Cisco Discovery 3: Introducing Routing and Switching in the Enterprise 157.8 hours teaching time Chapter 1 Networking in the Enterprise-------------------------------------------------

More information

A Standard Modest WebSite

A Standard Modest WebSite A Standard Modest WebSite 3-tier application using Servlets and JDBC HTTP Servlet JDBC JSP...... Servlet DBMS Clients Application Server Roadmap Want to grow to robust enterprise-scale systems: replicated

More information

Interconnecting Cisco Networking Devices: Accelerated Course CCNAX v2.0; 5 Days, Instructor-led

Interconnecting Cisco Networking Devices: Accelerated Course CCNAX v2.0; 5 Days, Instructor-led Interconnecting Cisco Networking Devices: Accelerated Course CCNAX v2.0; 5 Days, Instructor-led Course Description Interconnecting Cisco Networking Devices: Accelerated (CCNAX) v2.0 is a 60-hour instructor-led

More information

Improving Quality of Service

Improving Quality of Service Improving Quality of Service Using Dell PowerConnect 6024/6024F Switches Quality of service (QoS) mechanisms classify and prioritize network traffic to improve throughput. This article explains the basic

More information

Cisco Certified Network Associate Version 2 ( )

Cisco Certified Network Associate Version 2 ( ) Cisco Certified Network Associate Version 2 (200-120) Exam Description: The 200-120 composite CCNA v2 exam is a 1-½ hour test with 50 60 questions. The 200-120 CCNA exam is the composite exam associated

More information

CORPORATE NETWORKING

CORPORATE NETWORKING CORPORATE NETWORKING C. Pham Université de Pau et des Pays de l Adour Département Informatique http://www.univ-pau.fr/~cpham Congduc.Pham@univ-pau.fr Typical example of Ethernet local networks Mostly based

More information

Inter-VLAN Routing Malin Bornhager Halmstad University

Inter-VLAN Routing Malin Bornhager Halmstad University Inter-VLAN Routing Malin Bornhager Halmstad University Session Number 2002, Svenska-CNAP Halmstad University 1 Objectives Inter-VLAN Routing Router-on-a-Stick Subinterface configuration Switch Security

More information

Zarząd (7 osób) F inanse (13 osób) M arketing (7 osób) S przedaż (16 osób) K adry (15 osób)

Zarząd (7 osób) F inanse (13 osób) M arketing (7 osób) S przedaż (16 osób) K adry (15 osób) QUESTION NO: 8 David, your TestKing trainee, asks you about basic characteristics of switches and hubs for network connectivity. What should you tell him? A. Switches take less time to process frames than

More information

IOS NAT Load Balancing for Two ISP Connections

IOS NAT Load Balancing for Two ISP Connections IOS NAT Load Balancing for Two ISP Connections Document ID: 100658 Contents Introduction Prerequisites Requirements Components Used Conventions Configure Network Diagram Configurations Verify Troubleshoot

More information

Quidway MPLS VPN Solution for Financial Networks

Quidway MPLS VPN Solution for Financial Networks Quidway MPLS VPN Solution for Financial Networks Using a uniform computer network to provide various value-added services is a new trend of the application systems of large banks. Transplanting traditional

More information

Gigabit Content Security Router

Gigabit Content Security Router Gigabit Content Security Router As becomes essential for business, the crucial solution to prevent your connection from failure is to have more than one connection. PLANET is the Gigabit Content Security

More information

FWSM introduction Intro 5/1

FWSM introduction Intro 5/1 Intro 5/0 Content: FWSM introduction Requirements for FWSM 3.2 How the Firewall Services Module Works with the Switch Using the MSFC Firewall Mode Overview Stateful Inspection Overview Security Context

More information

Configuring the Transparent or Routed Firewall

Configuring the Transparent or Routed Firewall CHAPTER 4 This chapter describes how to configure the firewall mode, routed or transparent, and how to customize transparent firewall operation. Note In multiple context mode, you cannot set the firewall

More information

Course Contents CCNP (CISco certified network professional)

Course Contents CCNP (CISco certified network professional) Course Contents CCNP (CISco certified network professional) CCNP Route (642-902) EIGRP Chapter: EIGRP Overview and Neighbor Relationships EIGRP Neighborships Neighborship over WANs EIGRP Topology, Routes,

More information

Firewall Defaults, Public Server Rule, and Secondary WAN IP Address

Firewall Defaults, Public Server Rule, and Secondary WAN IP Address Firewall Defaults, Public Server Rule, and Secondary WAN IP Address This quick start guide provides the firewall defaults and explains how to configure some basic firewall rules for the ProSafe Wireless-N

More information

Data Communication Networks and Converged Networks

Data Communication Networks and Converged Networks Data Communication Networks and Converged Networks The OSI Model and Encapsulation Layer traversal through networks Protocol Stacks Converged Data/Telecommunication Networks From Telecom to Datacom, Asynchronous

More information

Microsoft Lync Server Overview

Microsoft Lync Server Overview Organizations can use the to enhance the scalability and availability of their Microsoft Lync Server 2010 deployments (formerly known as Microsoft Office Communications Server). Barracuda Networks has

More information

Table of Contents. Cisco Configuring a Basic MPLS VPN

Table of Contents. Cisco Configuring a Basic MPLS VPN Table of Contents Configuring a Basic MPLS VPN...1 Introduction...1 Prerequisites...1 Requirements...1 Components Used...2 Related Products...2 Conventions...2 Configure...3 Network Diagram...3 Configuration

More information

Load Balance Router R258V

Load Balance Router R258V Load Balance Router R258V Specification Hardware Interface WAN - 5 * 10/100M bps Ethernet LAN - 8 * 10/100M bps Switch Reset Switch LED Indicator Power - Push to load factory default value or back to latest

More information

Content Switching Module for the Catalyst 6500 and Cisco 7600 Internet Router

Content Switching Module for the Catalyst 6500 and Cisco 7600 Internet Router Content Switching Module for the Catalyst 6500 and Cisco 7600 Internet Router Product Overview The Cisco Content Switching Module (CSM) is a Catalyst 6500 line card that balances client traffic to farms

More information

Barracuda Link Balancer

Barracuda Link Balancer Barracuda Networks Technical Documentation Barracuda Link Balancer Administrator s Guide Version 2.2 RECLAIM YOUR NETWORK Copyright Notice Copyright 2004-2011, Barracuda Networks www.barracuda.com v2.2-110503-01-0503

More information

Data Networking and Architecture. Delegates should have some basic knowledge of Internet Protocol and Data Networking principles.

Data Networking and Architecture. Delegates should have some basic knowledge of Internet Protocol and Data Networking principles. Data Networking and Architecture The course focuses on theoretical principles and practical implementation of selected Data Networking protocols and standards. Physical network architecture is described

More information

Cisco ASA, PIX, and FWSM Firewall Handbook

Cisco ASA, PIX, and FWSM Firewall Handbook Cisco ASA, PIX, and FWSM Firewall Handbook David Hucaby, CCIE No. 4594 Cisco Press Cisco Press 800 East 96th Street Indianapolis, Indiana 46240 USA Contents Foreword Introduction xxii xxiii Chapter 1 Firewall

More information

Server Iron Hands-on Training

Server Iron Hands-on Training Server Iron Hands-on Training Training Session Agenda Server Iron L4 Solutions Server Iron L7 Solutions Server Iron Security Solutions High Availability Server Iron Designs 2 Four Key Reasons for Server

More information

Hosting more than one FortiOS instance on. VLANs. 1. Network topology

Hosting more than one FortiOS instance on. VLANs. 1. Network topology Hosting more than one FortiOS instance on a single FortiGate unit using VDOMs and VLANs 1. Network topology Use Virtual domains (VDOMs) to divide the FortiGate unit into two or more virtual instances of

More information

Juniper / Cisco Interoperability Tests. August 2014

Juniper / Cisco Interoperability Tests. August 2014 Juniper / Cisco Interoperability Tests August 2014 Executive Summary Juniper Networks commissioned Network Test to assess interoperability, with an emphasis on data center connectivity, between Juniper

More information