Building VPNs. Nam-Kee Tan. With IPSec and MPLS. McGraw-Hill CCIE #4307 S&



Similar documents
Implementing Cisco MPLS

IMPLEMENTING CISCO MPLS V3.0 (MPLS)

For internal circulation of BSNLonly

BUY ONLINE AT:

IMPLEMENTING CISCO MPLS V2.3 (MPLS)

Introducing Basic MPLS Concepts

PRASAD ATHUKURI Sreekavitha engineering info technology,kammam

Implementing Cisco Service Provider Next-Generation Edge Network Services **Part of the CCNP Service Provider track**

MPLS Implementation MPLS VPN

AMPLS - Advanced Implementing and Troubleshooting MPLS VPN Networks v4.0

How Routers Forward Packets

Configuring MPLS Hub-and-Spoke Layer 3 VPNs

Implementing Secured Converged Wide Area Networks (ISCW) Version 1.0

MPLS VPN Implementation

Table of Contents. Introduction

Part The VPN Overview

MPLS-based Virtual Private Network (MPLS VPN) The VPN usually belongs to one company and has several sites interconnected across the common service

Introduction to MPLS-based VPNs

MPLS-based Layer 3 VPNs

RFC 2547bis: BGP/MPLS VPN Fundamentals

Case Study for Layer 3 Authentication and Encryption

MPLS Concepts. Overview. Objectives

Kingston University London

Cisco CCNP Implementing Secure Converged Wide Area Networks (ISCW)

White Paper. Cisco MPLS based VPNs: Equivalent to the security of Frame Relay and ATM. March 30, 2001

HP Networking BGP and MPLS technology training

Cisco Dynamic Multipoint VPN: Simple and Secure Branch-to-Branch Communications

Introduction Inter-AS L3VPN

- Multiprotocol Label Switching -

PKI Uncovered. Cisco Press. Andre Karamanian Srinivas Tenneti Francois Dessart. 800 East 96th Street. Indianapolis, IN 46240

APNIC elearning: IPSec Basics. Contact: esec03_v1.0

MP PLS VPN MPLS VPN. Prepared by Eng. Hussein M. Harb

Junos MPLS and VPNs (JMV)

Securing Networks with Cisco Routers and Switches 1.0 (SECURE)

IPv6 over IPv4/MPLS Networks: The 6PE approach

Configuring a Basic MPLS VPN

Investigation of different VPN Solutions And Comparison of MPLS, IPSec and SSL based VPN Solutions (Study Thesis)

SEC , Cisco Systems, Inc. All rights reserved.

MPLS VPN Route Target Rewrite

TABLE OF CONTENTS NETWORK SECURITY 2...1

Designing and Developing Scalable IP Networks

CCNP: Implementing Secure Converged Wide-area Networks

Table of Contents. Cisco Configuring a Basic MPLS VPN

Advanced IPSec with GET VPN. Nadhem J. AlFardan Consulting System Engineer Cisco Systems

IPv6 Fundamentals, Design, and Deployment

Cisco Exam CCIE Service Provider Written Exam Version: 7.0 [ Total Questions: 107 ]

l.cittadini, m.cola, g.di battista

DD2491 p MPLS/BGP VPNs. Olof Hagsand KTH CSC

Implementing MPLS VPN in Provider's IP Backbone Luyuan Fang AT&T

How To Make A Network Secure

Configuring IPsec VPN with a FortiGate and a Cisco ASA

CCNA Security 1.1 Instructional Resource

Notice the router names, as these are often used in MPLS terminology. The Customer Edge router a router that directly connects to a customer network.

BGP as an IGP for Carrier/Enterprise Networks

Department of Communications and Networking. S /3133 Networking Technology, Laboratory course A/B

Connecting Remote Offices by Setting Up VPN Tunnels

IMPLEMENTING CISCO IP ROUTING V2.0 (ROUTE)

Transition to IPv6 in Service Providers

Quidway MPLS VPN Solution for Financial Networks

Lecture 17 - Network Security

IP/MPLS-Based VPNs Layer-3 vs. Layer-2

Cisco Exam Implementing Cisco Service Provider Next-Generation Egde Network Services Version: 7.0 [ Total Questions: 126 ]

Cisco Which VPN Solution is Right for You?

Exam Name: BGP + MPLS Exam Exam Type Cisco Case Studies: 3 Exam Code: Total Questions: 401

Fundamentals of Mobile and Pervasive Computing

IPsec VPN Security between Aruba Remote Access Points and Mobility Controllers

Lab 4.4.8a Configure a Cisco GRE over IPSec Tunnel using SDM

MPLS VPN Security in Service Provider Networks. Peter Tomsu Michael Behringer Monique Morrow

Point-to-Point GRE over IPsec Design and Implementation

MPLS VPN. Agenda. MP-BGP VPN Overview MPLS VPN Architecture MPLS VPN Basic VPNs MPLS VPN Complex VPNs MPLS VPN Configuration (Cisco) L86 - MPLS VPN

Cisco Site-to-Site VPN Lab 3 / GRE over IPSec VPNs by Michael T. Durham

Using OSPF in an MPLS VPN Environment

MPLS Concepts. MPLS Concepts

MPLS WAN Explorer. Enterprise Network Management Visibility through the MPLS VPN Cloud

MPLS VPN over mgre. Finding Feature Information. Prerequisites for MPLS VPN over mgre

Deploying IPSec VPN in the Enterprise

UNDERSTANDING JUNOS OS NEXT-GENERATION MULTICAST VPNS

RA-MPLS VPN Services. Kapil Kumar Network Planning & Engineering Data. Kapil.Kumar@relianceinfo.com

Enterprise Network Simulation Using MPLS- BGP

Case Studies. Static p2p GRE over IPsec with a Branch Dynamic Public IP Address Case Study. Overview CHAPTER

Example: Advertised Distance (AD) Example: Feasible Distance (FD) Example: Successor and Feasible Successor Example: Successor and Feasible Successor

Implementing VPN over MPLS

SNRS. Securing Networks with Cisco Routers and Switches. Length 5 days. Format Lecture/lab

Layer 3 MPLS VPN Enterprise Consumer Guide Version 2

Why Is MPLS VPN Security Important?

Chapter 4 Virtual Private Networking

Configure ISDN Backup and VPN Connection

MPLS in Private Networks Is It a Good Idea?

Fundamentals Multiprotocol Label Switching MPLS III

Building Trusted VPNs with Multi-VRF

MikroTik RouterOS Introduction to MPLS. Prague MUM Czech Republic 2009

S ITGuru Exercise (3: Building the MPLS BGP VPN) Spring 2006

Exam : Implementing Cisco Service Provider Next-Generation Egde Network Services. Title :

Data Networking and Architecture. Delegates should have some basic knowledge of Internet Protocol and Data Networking principles.

IPv6 Security. Scott Hogg, CCIE No Eric Vyncke. Cisco Press. Cisco Press 800 East 96th Street Indianapolis, IN USA

MPLS over IP-Tunnels. Mark Townsley Distinguished Engineer. 21 February 2005

Tackling the Challenges of MPLS VPN Testing. Todd Law Product Manager Advanced Networks Division

Transcription:

Building VPNs With IPSec and MPLS Nam-Kee Tan CCIE #4307 S& -.jr."..- i McGraw-Hill New York Chicago San Francisco Lisbon London Madrid Mexico City Milan New Delhi San Juan Seoul Singapore Sydney Toronto

Figures xv Tables xix Code Listings xxi Preface xxxi Acknowledgments xxxv About the Author xxxvii Part 1: The VPN Overview Chapter 1: VPN-in-Brief 3 1.1 VPN Overview 3 1.2 VPN Types and Solutions 4 1.2.1 Remote Access 4 1.2.2 Site-to-Site 5 1.2.3 Firewall-based 5 1.3 VPN Terminology 5 1.4 VPN Models 6 1.4.1 Overlay Model 6 1.4.1.1 Layer 1 Implementation 7 1.4.1.2 Layer 2 Implementation 8 1.4.1.3 Layer 3 Implementation 8 1.4.2 Peer-to-Peer Model 9 1.4.2.1 Shared PE Router Model 10 1.4.2.2 Dedicated PE Router Model 11 1.4.3 MPLS VPN Model 12 1.5 Comparison between Various VPN Implementations 14 1.6 IPSec versus MPLS VPNs 14 1.7 Summary 15 Part 2: Implementing IPSEC VPN in Enterprises Chapter 2: IPSec and IKE Overview 19 2.1 Introduction 19 2.2 IPSec Overview 19 vii

viii Contents 2.3 2.4 2.5 2.6 2.7 IPSec VPN Services Encryption Concepts and Algorithms 2.4.1 Symmetric Algorithms 2.4.2 Asymmetric Algorithms Hashing Concepts and Algorithms Key Exchanges 2.6.1 Diffie-Hellman Key Exchange Authentication Mechanisms 2.7.1 Digital Signatures 2.7.2 Digital Certificates 2.7.3 Digital Envelopes 2.8 IPSec Protocol Framework 2.8.1 IPSec 2.8.2 Authentication Header 2.8.3 Encapsulating Security Payload 2.8.4 IPSec Modes 2.8.5 IPSec Key Management 2.8.5.1 Manual Keying 2.8.5.2 Internet Key Exchange 2.9 IPSec Operation 2.9.1 Step 1 Interesting Traffic 2.9.2 Step 2 IKE Phase 1 2.9.2.1 IKE Policy Sets 2.9.2.2 Peer Authentication 2.9.3 Step 3 IKE Phase 2 2.9.3.1 IPSec Transform Sets 2.9.3.2 Security Associations 2.9.3.3 SA Lifetime 2.9.4 Step 4 Data Transfer 2.9.5 Step 5 Tunnel Termination 2.10 Summary 41 19 20 20 22 23 25 25 26 26 28 28 29 30 30 31 32 34 34 35 36 36 37 38 38 39 40 40 40 40 41 Chapter 3: Site-to-Site IPSec VPN Using Pre-shared Keys 43 3.1 Chapter Overview 43 3.2 IKE Peer Authentication Overview 43 3.3 Pre-shared Keys Overview and Types 44 3.4 Preparing for IKE (ISAKMP) and IPSec 44 3.4.1 IKE (ISAKMP) Policy 45 3.4.2 IPSec Policy 45 3.4.3 Activating IKE (ISAKMP) and IPSec 46 3.5 Case Study 3.1: Pre-shared Keys Example 46 3.5.1 Case Overview and Network Topology 46 3.5.2 ISAKMP Pre-shared Keys and IPSec Configurations ' 47-3.5.3 IPSec Configuration Caveats 50 3.5.4 Monitoring IP Routes between the IPSec Routers 51 3.5.5 Monitoring and Verifying IKE (ISAKMP) and IPSec Operations 52 3.5.5.1 Verifying IKE (ISAKMP) and IPSec Policies 52 3.5.5.2 Monitoring IKE (ISAKMP) and IPSec Debug Trace 55 3.5.5.3 Verifying IKE (ISAKMP) and IPSec Security Associations 61 3.6 Case Study 3.2: Dynamic Crypto Map Deployment 65 3.6.1 Dynamic Crypto Map Primer 65 3.6.2 Dynamic Crypto Map Configurations 66 3.6.3 Verifying Dynamic Crypto Map Operations 68

ix 3.7 Tunnel Endpoint Discovery 71 3.8 Summary 72 Chapter 4: Site-to-Site IPSec VPN Using RSA Encrypted Nonces and RSA Signatures 73 4.1 Chapter Overview 73 4.2 RSA Keys Overview 73 4.3 IKE Using RSA Encrypted Nonces 74 4.4 Case Study 4.1: RSA Encrypted Nonces Example 75 4.4.1 Generating RSA Key Pairs 75 4.4.2 Specifying and Verifying RSA Public Keys 78 4.4.3 ISAKMP RSA Encrypted Nonces and IPSec Configurations 82 4.4.4 Verifying IKE (ISAKMP) and IPSec Policies 85 4.4.5 Monitoring IKE (ISAKMP) and IPSec Debug Trace 88 4.4.6 Verifying IKE (ISAKMP) and IPSec Security Associations 91 4.5 Scalability Issues 95 4.6 Digital Certificates 95 4.7 Certificate Authority 97 4.8 Registration Authority 98 4.9 Implementing IPSec with CA 98 4.10 Certificate Generation 98 4.10.1 File-based Enrollment 99 4.10.2 Network-based Enrollment 99 4.10.2.1 CA Distribution/RA Certificate 100 4.10.2.2 Certificate Enrollment 101 4.10.2.3 Certificate Revocation 102 4.10.2.4 Certificate Access 102 4.10.2.5 CRL Distribution 102 4.11 Certificate Validation 103 4.11.1 Signature Validation 103 4.11.2 Validity Period 104 4.11.3 Certificate Revocation List 104 4.12 IKE Using RSA Signature 105 4.13 Case Study 4.2: RSA Signatures Example 106 4.13.1 Setting Up the CA Server 106 4.13.2 Retrieving Certificates for End-Entities 108 4.13.3 Verifying IKE (ISAKMP) and IPSec Policies 125 4.13.4 Monitoring IKE (ISAKMP) and IPSec Debug Trace 127 4.13.5 Verifying IKE (ISAKMP) and IPSec Security Associations 131 4.14 Summary 135 Chapter 5: Deploying IPSec VPN in the Enterprise 137 5.1 Chapter Overview 137 5.2 Meshed versus Hub-and-Spoke Networks 137 5.3 Case Study 5.1: IPSec VPN in a Hub and Spoke Topology 138 5.3.1 Case Overview and Network Topology 138 5.3.2 Hub and Spoke IPSec Configurations 139 5.3.3 Verifying Crypto Access Lists 143 5.3.4 Monitoring and Verifying Hub and Spoke IPSec Operations 145

5.4 Scaling IPSec VPNs 165 5.4.1 Meshed Networks and Tunnel Endpoint Discovery 165 5.4.2 Hub and Spoke Networks and Multi-hop Crypto 166 5.5 Summary 167 Chapter 6: Advanced IPSec VPN Deployment 169 6.1 Chapter Overview 169 6.2 Network Address Translation Overview 169 6.2.1 NAT Background 169 6.2.2 NAT Terminologies 170 6.2.3 NAT Concepts 170 6.2.3.1 Static versus Dynamic Translations 170 6.2.3.2 NAT versus PAT 170 6.2.3.3 Inside versus Outside Source Translations 171 6.2.4 NAT and IPSec 171 6.3 Case Study 6.1: IPSec with NAT 171 6.3.1 Case Overview 171 6.3.2 Scenario 1 IPSec with Plain NAT 173 6.3.2.1 Configurations 173 6.3.2.2 Verification Test Results 178 6.3.2.3 Proposed Solution 180 6.3.3 Scenario 2 IPSec and NAT with Internal Server 184 6.3.3.1 Configurations 185 6.3.3.2 Verification Test Results 185 6.3.3.3 Proposed Solution 188 6.4 HSRP Overview 193 6.5 Case Study 6.2: IPSec with HSRP 194 6.5.1 Case Overview 194 6.5.2 Scenario 1 IPSec Dual Peers with HSRP 195 6.5.2.1 Configurations 195 6.5.2.2 Verification Before HSRP Failover 201 6.5.2.3 Verification After HSRP Failover 204 6.5.3 Scenario 2 IPSec Backup Peers with HSRP 208 6.5.3.1 Configurations 209 6.5.3.2 Verification Before HSRP Failover 209 6.5.3.3 Verification After HSRP Failover 209 6.5.4 GRE Tunnel Overview 214 6.5.4.1 Tunneling Preliminaries 214 6.5.4.2 IPSec VPN Resiliency with GRE Tunnels 214 6.5.5 Scenario 3 IPSec and GRE Tunnels with HSRP 216 6.5.5.1 Configurations 216 6.5.5.2 Verification Before HSRP Failover 221 6.5.5.3 Verification After HSRP Failover 227 6.6 IPSec VPN Performance Optimization 230 6.6.1 Fragmentation 231 6.6.2 IKE SA Lifetimes 231 6.6.3 IKE Keepalives 231 6.7 Summary 232

xi Part 3: Deployment of MPLS VPN for Service Providers Chapter 7: MPLS Concepts 235 7.1 Introduction 235 7.2 Terminologies 235 7.3 Conventional IP Forwarding Versus MPLS Forwarding 236 7.4 MPLS Architecture 238 7.5 Frame-Mode MPLS 239 7.6 Label Switch Routers 240 7.6.1 Upstream and Downstream LSRs 241 7.6.2 Architecture of LSRs 242 7.6.3 MPLS Frame-Mode Forwarding Operation 244 7.7 MPLS Labels 245 7.8 MPLS Label Stack 246 7.9 MPLS TTL Processing 248 7.10 MPLS Label Assignment, Distribution, and Retention 248 7.10.1 Label Space 249 7.10.2 Label Distribution 249 7.10.3 Label Distribution Control 250 7.10.4 Label Retention 250 7.10.5 Label Distribution Protocol 251 7.11 Label Switch Paths 251 7.12 Penultimate Hop Popping 252 7.13 MPLS Applications 253 7.14 Summary 254 Chapter 8: MPLS VPN Architecture 257 8.1 Introduction 257 8.2 MPLS VPN Terminologies 257 8.3 MPLS VPN Functional Components 258 8.3.1 Customer Edge Routers 258 8.3.2 Provider Edge Routers 259 8.3.3 Provider Routers 260 8.4 MPLS Architectural Components 261 8.4.1 Route Distinguisher 261 8.4.2 Route Target 261 8.4.3 MPLS VPN Connectivity Model 262 8.5 MPLS VPN Routing Model 263 8.5.1 CE Routing 263 8.5.2 P Routing 264 8.5.3 PE Routing 264 8.5.4 MP-BGP Update 265 8.5.4.1 VPNv4 Addresses 266 8.5.4.2 BGP Extended Communities 266 8.5.5 MPLS VPN Routing Example 267 8.6 MPLS VPN Packet Forwarding 269 8.6.1 MPLS VPN Label Stack and Label Propagation 269 8.6.2 MPLS VPN Label Forwarding 270 8.6.3 MPLS VPN Penultimate Hop Popping 271 8.6.4 MPLS VPN Packet Forwarding Operation 271 8.6.5 Caveats of MPLS VPN Packet Forwarding 271 8.7 Summary 273

xii Contents Chapter 9: Building MPLS VPN 275 9.1 Introduction 275 9.2 Design and Implementation Preliminaries 275 9.2.1 VPN-Aware PE-CE Routing Protocols 275 9.2.2 VRF Tables 276 9.3 Design Considerations 277 9.3.1 VPN Topology 277 9.3.2 Selecting the Backbone Interior Gateway Protocol 277 9.3.2.1 Integrated IS-IS Overview 277 9.3.2.2 IS-IS Addressing 278 9.3.2.3 IS-IS Levels 278 9.3.2.4 IS-IS Routing Metrics 279 9.3.2.5 IS-IS Routing Algorithms 279 9.3.2.6 IS-IS IP Routing 279 9.3.2.7 Simple IS-IS Design 280 9.3.3 Autonomous System Numbering 280 9.3.4 Selecting a Route Distinguisher 281 9.3.5 Selecting a Route Target 281 9.3.6 Selecting a Site-of-Origin 281 9.3.7 PE-CE Addressing Scheme 282 9.3.8 Selecting the PE-CE Routing Protocol 282 9.3.8.1 Static Routing 282 9.3.8.2 RIP Version 2 Routing 283 9.3.8.3 EBGP Routing 283 9.4 MPLS VPN Configuration Checklist 283 9.5 Case Study 9.1: EBGP as PE-CE Routing Protocol 284 9.5.1 Case Overview 284 9.5.2 Network Design 285 9.5.2.1 VPN Topology 285 9.5.2.2 Backbone IGP 286 9.5.2.3 Autonomous System Numbering 286 9.5.2.4 Selecting the RD and RT 287 9.5.2.5 PE-CE Addressing Scheme 287 9.5.2.6 PE-CE Routing Protocol 287 9.5.3 Configuring the CE Routers 287 9.5.4 Configuring the PE Routers 290 9.5.5 Monitoring MPLS VPN Operation 300 9.5.5.1 Verifying the IP Connectivity between the PE Routers 301 9.5.5.2 Verifying VRFs Configured in the PE Routers 302 9.5.5.3 Per-VRF Label Forwarding Information Base of Brussels-PE 304 9.5.5.4 Per-VRF Label Forwarding Information Base of London-PE 306 9.5.5.5 Per-VRF Label Forwarding Information Base of Paris-PE 307 9.5.5.6 Monitoring the PE Routers for VRF vpn101 309 9.5.5.7 Monitoring the CE Routers in vpn101 312. 9.5.5.8 Monitoring the PE Routers for VRF vpn102 316 9.5.5.9 Monitoring the CE Routers in vpn102 318 9.5.5.10 Verifying the Coexistent of Overlapping Address Spaces 320 9.6 Case Study 9.2: Static Routes and RIPv2 as PE-CE Routing Protocol 321 9.6.1 Case Overview and Network Topology 321 9.6.2 CE Configurations 322 9.6.3 Configuring RIPv2 as PE-CE Routing Protocol 324 9.6.4 Configuring Per-VRF Static Routes 325 9.6.5 Verifying the Inter-Site Connectivity for vpn101 326 9.6.6 Verifying the Inter-Site Connectivity for vpn102 329

xiii 9.7 Case Study 9.3: Site-of-Origin Application 9.7.1 Case Overview 9.7.2 AS-Override 9.7.3 CE Configurations 9.7.4 PE Configurations 9.7.5 Before Implementing AS-Override 9.7.6 After Implementing AS-Override 9.7.7 After Setting SOO 9.8 Summary 331 331 331 332 333 337 338 340 342 Chapter 10: MPLS VPN Topologies 10.1 Introduction 10.2 Case Study 10.1: Overlapping VPN Topology 10.2.1 Case Overview 10.2.2 Overlapping VPN Topology 10.2.3 CE Configurations 10.2.4 PE Configurations 10.2.5 Verifying VRFs Configured in the PE Routers 10.2.6 Monitoring BGP VPNv4 Tables of the PE Routers 10.2.7 Verifying the Inter-Site Connectivity 10.3 Case Study 10.2: Central Services VPN Topology 10.3.1 Case Overview 10.3.2 Central Services VPN Topology 10.3.3 CE Configurations 10.3.4 PE Configurations 10.3.5 Verifying VRFs Configured in the PE Routers 10.3.6 Monitoring BGP VPNv4 Tables of the PE Routers 10.3.7 Verifying the Inter-Site Connectivity 10.4 Case Study 10.3: Hybrid VPN Topology 10.4.1 Case Overview 10.4.2 Hybrid VPN Topology 10.4.3 CE Configurations 10.4.4 PE Configurations 10.4.5 Verifying VRFs Configured in the PE Routers 10.4.6 Monitoring BGP VPNv4 Tables of the PE Routers 10.4.7 Verifying the Inter-Site Connectivity 10.5 Case Study 10.4: Hub-and-Spoke VPN Topology 10.5.1 Case Overview 10.5.2 Hub and Spoke VPN Topology 10.5.3 Allowas-in 10.5.4 CE Configurations 10.5.5 PE Configurations 10.5.6 Verifying VRFs Configured in the PE Routers 10.5.7 Monitoring BGP VPNv4 Tables of the PE Routers 10.5.8 Verifying the Inter-Site Connectivity 10.6 Case Study 10.5: Single ASN Deployment For All Customer Sites 10.6.1 Case Overview 10.6.2 CE Configurations 10.6.3 PE Configurations 10.6.4 Monitoring BGP VPNv4 Tables of the PE Routers 10.6.5 Monitoring BGP Tables of the CE Routers 10.7 Internet Access and MPLS VPN 10.7.1 Internet Access with a Separate VPN 10.7.2 Internet Access with Global Routing 343 343 344 344 344 347 349 354 356 357 359 359 359 363 363 371 373 375 378 378 378 381 381 387 389 391 394 394 394 397 398 399 404 406 408 410 410 411 412 415 416 418 418 419

xiv Contents 10.8 MPLS VPN Performance Optimization 419 10.8.1 BGP Route Advertisement 419 10.8.2 BGP Scanner Process 420 10.8.3 BGP Import Process 420 10.8.4 VRF Route Limit 420 10.9 Summary 420 Chapter 11: Scaling MPLS VPN with Route Reflectors 423 11.1 MPLS VPN Scaling Overview 423 11.2 MPLS VPN RR Partitioning 423 11.2.1 Dedicated VPN Route Reflectors 424 11.2.2 Partitioned VPN Route Reflectors 425 11.3 Case Study 11.1: Partitioned VPN Route Reflectors with Standard BGP Communities 426 11.3.1 Case Overview and Network Topology 426 11.3.2 Inbound versus Outbound Filters 427 11.3.3 BGP and Partitioned VPN RR Configurations 428 11.3.4 Monitoring IGP Routes between the PE Routers 445 11.3.5 Monitoring and Verifying Partitioned VPN RR Operations 447 11.3.5.1 Propagating network 9.0.0.0/8 from VPN 102 at Brussels-CE2 to London-CE2 447 11.3.5.2 Propagating subnet 5.5.0.0/16 from VPN 102 at London-CE2 to Brussels-CE2 452 11.3.5.3 Propagating subnet 8.8.8.0/24 from VPN 101 at Brussels-CE1 to London-CE1 455 11.3.5.4 Propagating host route 6.6.6.6/32 from VPN 101 at London-CE1 to Brussels-CE1 460 11.3.5.5 Propagating Internet host route 223.0.0.1 from Brussels-PE to London-PE 464 11.4 Route Reflector Performance Tuning and Optimization 466 11.4.1 BGP Peer Groups 466 11.4.2 Input Queue Size 466 11.4.3 Path MTU 467 11.5 Summary 467 Appendix A: Acronyms and Abbreviations 469 Appendix B: Bibliography 475 Index 479

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information