Bind Cinfiguration Examples

Download Report

Transcript Bind Cinfiguration Examples 

IP Transmission Technologies
Hourglass of TCP/IP Protocols
email WWW phone...
SMTP HTTP RTP...
TCP UDP…
IP
ethernet PPP…
CSMA async sonet...
copper fiber radio...
Transmission Technologies
Ethernet (10Mbps – 1Gbps)
Copper
Fiber
Wireless
Satellite
Leased Line (64Kbps – 2Mbps)
Frame Relay (64Kbps – 2Mbps)
Packet Over Sonet (155Mbps – 2.4Gbps)
ATM (155Mbps – 2.4Gbps)
Access: DSL, CATV, ISDN, GPRS, Dial-up
Wireless data everywhere
Some Issues:
•service discovery
•security
•management
•spectrum coexistence
Satellite
Example (Digital Video Broadcast: DVBRCS)
Types of Point to Point
Protocols
SLIP over async
Very simple
IP only
Unreliable - no checksum
HDLC over sync
various proprietary versions
frames have checksum
PPP
Leased Line
Link Control Protocol (LCP)
Code
Identifier
Length
Data
PPP
Flag
Address
Control
Protocol
LCP
Control
Proprietary
FCS
Flag
FCS
Flag
Cisco HDLC
Flag
Address
S
S
DTE
DCE
V.35
S
Data
S
S
S
DCE
DTE
V.35
PPP
“SLIP done right”
Used for synchronous and asynchronous
transmission
Extended negotiation mechanism
Multiple protocol support
PPP and OSI model
IPCP
PPP
IPXCP
others
Network Control Protocol
Network Layer
Data Link Layer
LCP - Link Control Protocol
Synchronous or Asynchronous Physical Media
Physical Layer
LCP Configuration Options
Feature
Protocol
Authentication
PAP, CHAP
Compression
Stacker, ..
Error Detection Quality
Multilink
MPPP
PAP/CHAP
PAP
Password required
Unencrypted password sent via the link
Allows storage of encrypted passwords
CHAP
Challenge handshake
No passwords sent via the link
Need for storing unencrypted secrets
Selecting a PPP
Authentication Protocol
Remote Router
(SantaCruz)
PAP
2-Way Handshake
Central-Site Router
(HQ)
"santacruz, boardwalk"
Accept/Reject
Hostname: santacruz
Password: boardwalk
username santacruz
password boardwalk
Passwords sent in cleartext
Peer in control of attempts
Selecting a PPP
Authentication Protocol
Remote Router
(SantaCruz)
CHAP
3-Way Handshake
Central-Site Router
(HQ)
Challenge
Response
Hostname: santacruz
Password: boardwalk
Accept/Reject
username santacruz
password boardwalk
Use “secret” known only to authenticator and
peer
Multilink PPP
Combining physical links into one logical bundle
Result: higher speed and lower latency
MPPP / Bonding
MPPP assembles/disassembles frames on the Data
Link Layer
MPPP used for synchronous and asynchronous
physical links
Bonding assembles/disassembles on the bit level
ISDN Call setup and
Teardown
Corresponds with output from debug isdn q931
Show ppp multilink
Show that both B channels are involved with the
connection
Frame Relay
s0.1-DLCI=110
RTR2
s0.2-DLCI=110
s0.3-DLCI=130
RTR1
s0.3-DLCI=120
s0.2-DLCI=130
s0.1-DLCI=120
RTR3
Packet Over Sonet (POS)
SONET/SDH
OS
SONET
ES
SDH
ES
OC-1
STS-1
OC-3
STS-3
STM-1
155.52
OC-9
STS-9
STM-3
466.56
OC-12
STS-12
STM-4
622.08
OC-18
STS-18
STM-6
933.12
OC-24
STS-24
STM-8
1244.16
OC-36
STS-36
STM-12
1866.24
OC-48
STS-48
STM-16
2488.32
Link Rate
Mbps
51.84
ATM
ATM AAL5
MPLS VPNs
Layer 3 VPNs =
BGP/MPLS VPNs
(RFC 2547 bis)
InterProvider
Connectivity
(I-AS)
Layer 2 VPNs & AToM
(Any Transport over MPLS)
Carrier
Supporting
Carrier
(CSC)
Multicast over
MPLS VPNs
Managed VPN Services
(MPLS/BGP VPNs)
Inter--Area TE
Inter
Traffic Engineering
(TE)
Layer 2 VPN Services
(L2VPN)
Any Transport over MPLS
(AToM)
DiffServ-aware
Traffic Engineering
(DS-TE)
MPLS Forwarding and/or LDP
Quality of Service
(DiffServ QoS)
Layer 2 Vs. Layer 3 VPNs:
Depending on the type of customer payload, a
VPN can be classified as L2 or L3 VPNs:
Examples of L2VPN:
ATM LAN Emulation (LANE),
Ethernet over MPLS (Idraft-Martini, Idraft-KKompella,
VPLS: Idraft-Lasserre-VKompella, IPLS: Idraft-Shah)
Examples of L3VPN:
RFC 1577: Classical IP over ATM
IPSec Tunneling mode
RFC 2547: BGP/MPLS-based VPNs
Idraft-Declercq: BGP/IPSec VPNs
Idraft-Knight: Virtual Router Based VPNs
Encapsulation of Customer
Ethernet Frames in a L2 PPVPN
Untagged or Tagged
Customer Ethernet
Frames
 Ethernet

over MPLS
over Ethernet
Untagged or Tagged
Customer Ethernet
Frames
User
Enet
User
Enet
User
Enet
User
Enet
User
Enet
User
Enet
VLAN
VLAN
VLAN
VLAN
VLAN
VLAN
MPLS
MPLS
User
Enet
User
Enet
Enet
User
Enet
User
Enet
OR
Enet
User
Enet
User
Enet
MPLS
MPLS
Enet
Enet
VC Label
Tunnel Label
Customer or Other
Ethernet Access
Network
Provider Network
Customer or Other
Supporting L2PPVPN Ethernet Access
Network
MPLS-Domain
Single Customer VLAN Domain
Example of a L2 PPVPN
(VPLS)
802.1q VLANs
802.1q VLANs
Customer A
L2 Network,
e.g. Ethernet
Customer LAN
switch
Provider
Network
PE
PE
Customer B
L2 Network,
e.g. Ethernet
MPLS LSP
MESH
PE
Customer B
L2 Network,
e.g. Ethernet
Ethernet Frames
with or without
VLAN tags
PE
2 MPLS LABELS per
frame:
Tunnel Label = Outer
Label for delivery to
dest. PE
VC Label = Inner
Label to identify
L2VPN end-pts ;
Customer A
L2 Network,
e.g. Ethernet
Example of a L3 PPVPN
(RFC2547bis)
Customer A
Network
Customer Edge
Router
Provider
Network
PE
PE
Customer B
Network
MPLS LSP
MESH
PE
Customer B
Network
Customer
IP packets carrying
possibly Private IP
addresses
PE
2 MPLS LABELS per
frame:
Tunnel Label = Outer
Label for delivery to
dest. PE
VC Label = Inner
Label to identify
L2VPN end-pts ;
Customer A
Network
Ethernet over MPLS
Point to Point, Metro Ethernet Service
ISP C
MPLS Network
Enterprise
LAN
ISP A
PE
ISP 2
PE
PE
ISP B
PE
ISP 1
PE
ISP 3
PE
Distributed NAP
Based on draft-martini
VCs to VLANs => VCid maps to VLAN id
Enterprise
LAN
Ethernet 802.1q VLAN
Transport
Interface GigabitEthernet0/0.2
encapsulation dot1q 41
mpls l2transport route 1.0.0.8 312 <sequencing>
!
Interface GigabitEthernet1/0.2
encapsulation dot1q 56
mpls l2transport route 1.0.0.8 313 <sequencing>
VLAN 41
PE1
1.0.0.4
MPLS
VLAN 56
Customer
Site
PE1
1.0.0.8
VLAN 41
VLAN 56
Customer
Site
Customer
Site
802.1q to 802.1q VLAN Transport
Customer
Site
AToM - MTU
Considerations
Ingress PE checks
Egress PE outbound
interface MTU AND
egress interface into
MPLS backbone
Customer
Site
PDU
Incoming PDU
dropped if MTU
exceeded
Egress MTU
Signalled
using LDP
PE1
PE2
NO mechanism to
check backbone MTU
Provider MUST dictate MTU or direct traffic
away from low MTU links
Customer
Site
Strategy for MPLS VPNs
MPLS VPNs for Single
Networks
MPLS VPNs for
Multiple Networks
MPLS VPNs for Multiple
Transport Types
Layer 2 VPNs –Using AToM
Optical VPNs
•Carrier
Supporting
Carrier
•Inter AS
•VPN ID
•ATM (AAL5) over
MPLS
•Ethernet over MPLS
•Frame Relay over
MPLS
•PPP over MPLS
•HDLC over MPLS
•Cell Relay over MPLS
Cisco’s MPLS
VPNs L3 (rfc2547)
Time
IETF DiffServ Architecture
(RFC-2475)
• The idea: different service levels for packets
• The service: some significant characteristics of packet
transmission in one direction across the network
Examples: bandwidth and latency
Type-of-Service (RFC791)
Precedence
Version
Length
0
D
ToS Field
R
Unused
…
Total Length
8
D
T
R
T
15
31
0
1
Normal Delay
Low Delay
Normal Throughput
High Throughput
Normal Reliability
High Reliability
IP Precedence Values
111
Network Control
110
Internetwork Control
101
Critical
100
Flash Override
011
Flash
010
Immediate
001
Priority
000
Routine
Network-Layer BWM
Bandwidth Management functions
classification, shaping
discarding, queuing
Queuing Disciplines
First-In-First-Out (FIFO)
no classes
fast, easy to implement
Priority Queuing
all traffic in a high-priority class is sent before any in
a lower priority one
Class-based Queuing (CBQ)
a number of bytes is sent from each class before
going to the next class
Priority Queuing
Class-Based Queuing
Queuing Disciplines (cont.)
Weighted Fair Queuing
traffic is divided into a number of flows
each flow is given a share of the traffic
(based on its weight)
small packets are given priority over large
ones (interactive and control traffic gets more
priority)
Weighted Fair Queuing
Token Bucket Model
Token Bucket characterizes traffic source
Tokens
Token Bucket main
parameters:
 Token Arrival Rate - v
 Bucket Depth - Bc
Overflow Tokens
 Time Interval – tc
 Link Capacity - C
v
Bc
C
tc = Bc/v
Incoming
packets
Conform
Exceed
Excess Burst (Be)
Cisco Implementation
CAR
allows RED like behavior:
 traffic fitting into Bc always conforms
 traffic fitting into Be conforms with probability proportional to
amount of tokens left in the bucket
 traffic not fitting into Be always exceeds
CAR uses the following parameters:




t – time period since the last packet arrival
Current Debt (Dcur) – Amount of debt during current time interval
Compound Debt (Dcomp) – Sum of all Dcur since the last drop
Actual Debt (Dact) – Amount of tokens currently borrowed
Excess Burst (Be)
Cisco Implementation
Packet of length
L arrived
Bccur – L > 0
Y
CAR Algorithm
Conform
Action
Bccur = Bccur – L
N
Dcur = L - Bccur
Bccur = 0
Dcomp = Dcomp + Dcur
Dact = Dact + Dcur
+v·t
Y
Dact > Be
Exceed
Action
N
Y
Dcomp > Be
N
Dcomp = 0
Policing Configuration
Sample
CAR Based
ip cef
interface serial 2/1
ip unnumbered loopback 0
rate-limit output access-group 100 64000 8000 16000
conform-action transmit excess-action drop
!
interface serial 2/2
ip unnumbered loopback 0
rate-limit input 128000 16000 32000 conform-action
transmit excess-action drop
!
access-list 100 permit tcp host 10.0.0.1 any eq http
Random Early Detection
(RED)
Developed by Van Jacobson in 1993
Starts randomly dropping packets before
actual congestion occurs
Keeps average queue depth low
Increases average throughput
Cisco AutoQoS Framework –
MLPPP Link Fragmentation & Interleaving
Problem: large packets “freeze out” voice
Voice Packet
60 bytes
Every 20 ms
Voice Packet
60 bytes
Every >214 ms
Voice Packet
60 bytes
Every >214 ms
~214ms Serialization Delay
Voice
1500 Data Bytes
Voice
Voice
1500 Data Bytes
10mbps Ethernet
Voice
Voice
1500 Data Bytes
Voice
10mbps Ethernet
56kb WAN
• Implemented via Multilink PPP (MLP) over FR, ATM, and leased lines
• Fragments are interleaved with the real-time packets, reducing the
Serialization delay experienced by Voice packets
Benefit: reduce the jitter in voice calls
Link Fragmentation and
Interleaving (LFI)
For links < 128kbps
Jumbogram
Voice
Packet
64 kbps
1500 bytes  190ms
Link Fragmentation and
Interleaving (LFI)
64 kbps
Supported interfaces:
 Multilink PPP
 Frame Relay DLCI
 ATM VC
LFI Configuration Sample
MLP version
interface virtual-template 1
ip unnumbered loopback 0
ppp multilink
ppp multilink interleave
ppp multilink fragment-delay 30
ip rtp interleave 16384 1024 512
…
DHCP
Dynamic Host Configuration Protocol
Based on old BootP protocol for diskless
workstations
DHCP server on Router or Network Server
ip dhcp pool soho
network 10.0.0.0 255.0.0.0
default-router 10.0.0.1
dns-server 195.13.160.52 195.122.1.59
VoIP: