Instructor Materials Chapter X: Chapter Title
Chapter 3: Branch Connections
Connecting Networks
© 2008 Cisco Systems, Inc. All rights reserved.
Cisco Confidential
Presentation_ID
‹#›
Presentation_ID
‹#›
© 2008 Cisco Systems, Inc. All rights reserved.
Cisco Confidential
1
Cisco Networking Academy Program
Connecting Networks
Chapter 3: Branch Connections
© 2006, Cisco Systems, Inc. All rights reserved.
Presentation_ID.scr
Chapter 3- Sections & Objectives
3.1 Remote Access Connections
Select broadband remote access technologies to support business requirements.
3.2 PPPoE
Configure a Cisco router with PPPoE.
3.3 VPNs
Explain how VPNs secure site-to-site and remote access connectivity.
3.4 GRE
Implement a GRE tunnel.
3.5 eBGP
Implement eBGP in a single-homed remote access network.
Presentation_ID
‹#›
© 2008 Cisco Systems, Inc. All rights reserved.
Cisco Confidential
2
© 2006, Cisco Systems, Inc. All rights reserved.
Presentation_ID.scr
3.1 Remote Access Connections
© 2008 Cisco Systems, Inc. All rights reserved.
Cisco Confidential
Presentation_ID
‹#›
Presentation_ID
‹#›
© 2008 Cisco Systems, Inc. All rights reserved.
Cisco Confidential
3
Cisco Networking Academy Program
Connecting Networks
Chapter 3 Branch Connections
© 2006, Cisco Systems, Inc. All rights reserved.
Presentation_ID.scr
Remote Access Connections
Broadband Connections: Cable
The cable system uses a coaxial cable that carries radio frequency (RF) signals across the network.
A headend cable modem termination system (CMTS) communicates with cable modems (CMs) located in subscriber homes.
The hybrid fiber coaxial (HFC) network is a mixed optical-coaxial network in which optical fiber replaces the lower bandwidth coaxial cable.
Presentation_ID
‹#›
© 2008 Cisco Systems, Inc. All rights reserved.
Cisco Confidential
4
3.1 – Remote Access Connections
3.1.1 – Broadband Connections
© 2006, Cisco Systems, Inc. All rights reserved.
Presentation_ID.scr
Remote Access Connections
Broadband Connections: DSL
A Digital Subscriber Line (DSL) is a means of providing high-speed connections over installed copper wires.
The two important components are the DSL transceiver and the (Digital Subscriber Line Access Multiplexer_ DSLAM
The advantage that DSL has over cable technology is that DSL is not a shared medium. Each user has a separate direct connection to the DSLAM.
PSTN: Public Switched Telephone Network (sometimes called ”plain old telephone system” or POTS
Presentation_ID
‹#›
© 2008 Cisco Systems, Inc. All rights reserved.
Cisco Confidential
5
3.1 – Remote Access Connections
3.1.1 – Broadband Connections
© 2006, Cisco Systems, Inc. All rights reserved.
Presentation_ID.scr
Remote Access Connections
DSL Spectrum
Presentation_ID
‹#›
© 2008 Cisco Systems, Inc. All rights reserved.
Cisco Confidential
Remote Access Connections
Broadband Connections
Developments in broadband wireless technology are increasing wireless availability through three main technologies:
Municipal Wi-Fi – Most municipal wireless networks use a mesh of interconnected access points. Each access point is in range and can communicate with at least two other access points. The mesh blankets a particular area with radio signals.
Cellular/mobile – Mobile phones use radio waves to communicate through nearby cell towers. Cellular/mobile broadband access consists of various standards.
Satellite Internet – Satellite Internet services are used in locations where land-based Internet access is not available, or for temporary installations that are mobile. Internet access using satellites is available worldwide.
Presentation_ID
‹#›
© 2008 Cisco Systems, Inc. All rights reserved.
Cisco Confidential
7
3.1 – Remote Access Connections
3.1.1 – Broadband Connections
© 2006, Cisco Systems, Inc. All rights reserved.
Presentation_ID.scr
Remote Access Connections
Select a Broadband Connection
Each broadband solution has advantages and disadvantages.
Some factors to consider in making a decision include:
Cable – Bandwidth is shared by many users, upstream data rates are often slow during high-usage hours in areas with over-subscription.
DSL – Limited bandwidth that is distance sensitive (in relation to the ISP’s central office), upstream rate is proportionally quite small compared to downstream rate.
Fiber-to-the-Home – Requires fiber installation directly to the home.
Cellular/Mobile – Coverage is often an issue, even within a SOHO where bandwidth is relatively limited.
Wi-Fi Mesh – Most municipalities do not have a mesh network deployed; if it is available and the SOHO is in range, then it is a viable option.
Satellite – Expensive, limited capacity per subscriber; often provides access where no other access is possible.
Presentation_ID
‹#›
© 2008 Cisco Systems, Inc. All rights reserved.
Cisco Confidential
8
3.1 – Remote Access Connections
3.1.2 – Select a Broadband Connection
© 2006, Cisco Systems, Inc. All rights reserved.
Presentation_ID.scr
3.2 PPPoE
© 2008 Cisco Systems, Inc. All rights reserved.
Cisco Confidential
Presentation_ID
‹#›
Presentation_ID
‹#›
© 2008 Cisco Systems, Inc. All rights reserved.
Cisco Confidential
9
Cisco Networking Academy Program
Connecting Networks
Chapter 3 Branch Connections
© 2006, Cisco Systems, Inc. All rights reserved.
Presentation_ID.scr
PPPoE
PPPoE Overview
PPP can be used on all serial links including those links created with dial-up analog and ISDN modems.
PPP supports the ability to assign IP addresses to remote ends of a PPP link.
PPP supports CHAP authentication.
Ethernet links do not natively support PPP. PPP over Ethernet (PPPoE) provides a solution to this problem. PPPoE creates a PPP tunnel over an Ethernet connection.
Presentation_ID
‹#›
© 2008 Cisco Systems, Inc. All rights reserved.
Cisco Confidential
10
3.2 – PPPoE
3.2.1 – PPPoE Overview
© 2006, Cisco Systems, Inc. All rights reserved.
Presentation_ID.scr
PPPoE
Implement PPPoE
PPPoE Configuration
The dialer interface is created using the interface dialer number command.
The PPP CHAP configuration usually defines one-way authentication; therefore, the ISP authenticates the customer.
The physical Ethernet interface that connects to the DSL modem is then enabled with the command pppoe enable.
The dialer interface is linked to the Ethernet interface with the dialer pool and pppoe-client commands, using the same number.
The maximum transmission unit (MTU) should be set down to 1492, versus the default of 1500, to accommodate the PPPoE headers.
PPPoE Verification
The show ip interface brief command is issued to verify the IPv4 address automatically assigned to the dialer interface by the ISP router.
The show interface dialer command verifies the MTU and PPP encapsulation configured on the dialer interface.
The show pppoe session command is used to display information about currently active PPPoE sessions.
The Ethernet MAC addresses can be verified by using the show interfaces command on each router.
Presentation_ID
‹#›
© 2008 Cisco Systems, Inc. All rights reserved.
Cisco Confidential
11
3.2 – PPPoE
3.2.2 – Implement PPPoE
© 2006, Cisco Systems, Inc. All rights reserved.
Presentation_ID.scr
PPPoE
Implement PPPoE
PPPoE Troubleshooting
Verify PPP negotiation using the debug ppp negotiation command.
Re-examine the output of the debug ppp negotiation command.
PPPoE supports an MTU of only 1492 bytes in order to accommodate the additional 8-byte PPPoE header.
The ip tcp adjust-mss max-segment-size interface command adjusts the MSS value during the TCP 3-way handshake.
Presentation_ID
‹#›
© 2008 Cisco Systems, Inc. All rights reserved.
Cisco Confidential
12
3.2 – PPPoE
3.2.2 – Implement PPPoE
© 2006, Cisco Systems, Inc. All rights reserved.
Presentation_ID.scr
3.3 VPNs
© 2008 Cisco Systems, Inc. All rights reserved.
Cisco Confidential
Presentation_ID
‹#›
Presentation_ID
‹#›
© 2008 Cisco Systems, Inc. All rights reserved.
Cisco Confidential
13
Cisco Networking Academy Program
Connecting Networks
Chapter 3 Branch Connections
© 2006, Cisco Systems, Inc. All rights reserved.
Presentation_ID.scr
VPNs
Fundamentals of VPNs
Introducing virtual private networks (VPNs)
Organizations use VPNs to create an end-to-end private network connection over third-party networks, such as the Internet.
Today, a secure implementation of VPN with encryption, such as IPsec VPNs, is what is usually meant by virtual private networking.
To implement VPNs, a VPN gateway is necessary. The VPN gateway could be a router, a firewall, or a Cisco Adaptive Security Appliance (ASA).
Benefits of VPNs
Cost savings
Scalability
Compatibility with broadband technology
Security
Presentation_ID
‹#›
© 2008 Cisco Systems, Inc. All rights reserved.
Cisco Confidential
14
3.3 – VPNs
3.3.1 – Fundamentals of VPNs
© 2006, Cisco Systems, Inc. All rights reserved.
Presentation_ID.scr
VPNs
Types of VPNs
Site-to-Site
Site-to-site VPNs connect entire networks to each other, for example, they can connect a branch office network to a company headquarters network.
Remote Access
Remote-access VPNs are used to connect individual hosts that must access their company network securely over the Internet.
DMVPN
Dynamic Multipoint VPN (DMVPN) is a Cisco software solution for building multiple VPNs in an easy, dynamic, and scalable manner.
Presentation_ID
‹#›
© 2008 Cisco Systems, Inc. All rights reserved.
Cisco Confidential
15
3.3 – VPNs
3.3.2 – Types of VPNs
© 2006, Cisco Systems, Inc. All rights reserved.
Presentation_ID.scr
3.4 GRE
© 2008 Cisco Systems, Inc. All rights reserved.
Cisco Confidential
Presentation_ID
‹#›
Presentation_ID
‹#›
© 2008 Cisco Systems, Inc. All rights reserved.
Cisco Confidential
16
Cisco Networking Academy Program
Connecting Networks
Chapter 3 Branch Connections
© 2006, Cisco Systems, Inc. All rights reserved.
Presentation_ID.scr
GRE
GRE Overview
GRE Introduction
Generic Routing Encapsulation (GRE) is designed to manage the transportation of multiprotocol and IP multicast traffic between two or more sites, that may only have IP connectivity.
GRE Characteristics
IP tunneling using GRE enables network expansion across a single-protocol backbone environment.
While GRE tunnels traffic like a VPN, it does not perform any authentication or encryption and is thus insecure.
Presentation_ID
‹#›
© 2008 Cisco Systems, Inc. All rights reserved.
Cisco Confidential
17
3.4 – GRE
3.4.1 – GRE Overview
© 2006, Cisco Systems, Inc. All rights reserved.
Presentation_ID.scr
GRE
Implement GRE
There are five steps to configuring a GRE tunnel:
Step 1. Create a tunnel interface using the interface tunnel number command.
Step 2. Configure an IP address for the tunnel interface. This is normally a private IP address.
Step 3. Specify the tunnel source IP address.
Step 4. Specify the tunnel destination IP address.
Step 5. (Optional) Specify GRE tunnel mode as the tunnel interface mode.
Presentation_ID
‹#›
© 2008 Cisco Systems, Inc. All rights reserved.
Cisco Confidential
18
3.4 – GRE
3.4.2 – Implement GRE
© 2006, Cisco Systems, Inc. All rights reserved.
Presentation_ID.scr
GRE
Implement GRE
Verify GRE
To determine whether the tunnel interface is up or down, use the show ip interface brief command.
To verify the state of a GRE tunnel, use the show interface tunnel command.
Verify that an OSPF adjacency has been established over the tunnel interface using the show ip ospf neighbor command.
Troubleshoot GRE
Use the show ip interface brief command on both routers to verify that the tunnel interface is up and configured with the correct IP addresses for the physical interface and the tunnel interface.
Use the show ip ospf neighbor command to verify neighbor adjacency.
Use show ip route to verify that networks are being passed between the two routers
Presentation_ID
‹#›
© 2008 Cisco Systems, Inc. All rights reserved.
Cisco Confidential
19
3.4 – GRE
3.4.2 – Implement GRE
© 2006, Cisco Systems, Inc. All rights reserved.
Presentation_ID.scr
3.5 eBGP
© 2008 Cisco Systems, Inc. All rights reserved.
Cisco Confidential
Presentation_ID
‹#›
Presentation_ID
‹#›
© 2008 Cisco Systems, Inc. All rights reserved.
Cisco Confidential
20
Cisco Networking Academy Program
Connecting Networks
Chapter 3 Branch Connections
© 2006, Cisco Systems, Inc. All rights reserved.
Presentation_ID.scr
eBGP
BGP Overview
IGP and EGP
Interior Gateway Protocols (IGPs) are used to exchange routing information within a company network or an autonomous system (AS).
Exterior Gateway Protocols (EGPs) are used for the exchange of routing information between autonomous systems.
eBGP and iBGP
External BGP (eBGP) is the routing protocol used between routers in different autonomous systems.
Internal BGP (iBGP) is the routing protocol used between routers in the same AS.
This course focuses on eBGP only.
Presentation_ID
‹#›
© 2008 Cisco Systems, Inc. All rights reserved.
Cisco Confidential
21
3.5 – eBGP
3.5.1 – BGP Overview
© 2006, Cisco Systems, Inc. All rights reserved.
Presentation_ID.scr
Interior Gateway Protocols
and Exterior Gateway Protocols
Presentation_ID
‹#›
© 2008 Cisco Systems, Inc. All rights reserved.
Cisco Confidential
eBGP
BGP Design Considerations
When to use BGP
The use of BGP is most appropriate when an AS has connections to multiple autonomous systems.
BGP should not be used when at least one of the following conditions exist:
There is a single connection to the Internet or another AS. This is known as single-homed.
When there is a limited understanding of BGP.
Presentation_ID
‹#›
© 2008 Cisco Systems, Inc. All rights reserved.
Cisco Confidential
23
3.5 – eBGP
3.5.2 – BGP Design Considerations
© 2006, Cisco Systems, Inc. All rights reserved.
Presentation_ID.scr
eBGP
BGP Design Considerations
BGP Options
There are three common ways an organization can choose to implement BGP in a multi-homed environment:
Default Route Only – This is the simplest method to implement BGP. However, because the company only receives a default route from both ISPs, sub-optimal routing may occur.
Default Route and ISP Routes – This option allows Company-A to forward traffic to the appropriate ISP for networks advertised by that ISP.
All Internet Routes – Because Company-A receives all Internet routes from both ISPs, Company-A can determine which ISP to use as the best path to forward traffic for any network. Although this solves the issue of sub-optimal routing, the Company-A’s BGP router must contain all Internet routes.
Presentation_ID
‹#›
© 2008 Cisco Systems, Inc. All rights reserved.
Cisco Confidential
24
3.5 – eBGP
3.5.2 – BGP Design Considerations
© 2006, Cisco Systems, Inc. All rights reserved.
Presentation_ID.scr
eBGP
BGP Branch Configuration
BGP Configuration Commands
There are three steps to implement eBGP:
Step 1: Enable BGP routing.
Step 2: Configure BGP neighbor(s) (peering).
Step 3: Advertise network(s) originating from this AS.
Presentation_ID
‹#›
© 2008 Cisco Systems, Inc. All rights reserved.
Cisco Confidential
25
3.5 – eBGP
3.5.3 – eBGP Branch Configuration
© 2006, Cisco Systems, Inc. All rights reserved.
Presentation_ID.scr
eBGP
BGP Branch Configuration
Verify eBGP
Three commands can be used to verify eBGP
Presentation_ID
‹#›
© 2008 Cisco Systems, Inc. All rights reserved.
Cisco Confidential
26
3.5 – eBGP
3.5.3 – eBGP Branch Configuration
© 2006, Cisco Systems, Inc. All rights reserved.
Presentation_ID.scr
3.6 Chapter Summary
© 2008 Cisco Systems, Inc. All rights reserved.
Cisco Confidential
Presentation_ID
‹#›
Presentation_ID
‹#›
© 2008 Cisco Systems, Inc. All rights reserved.
Cisco Confidential
27
Cisco Networking Academy Program
Connecting Networks
Chapter 3 STP
© 2006, Cisco Systems, Inc. All rights reserved.
Presentation_ID.scr
Broadband transmission is provided by a wide range of technologies, including DSL, fiber-to-the-home, coaxial cable systems, wireless, and satellite. This transmission requires additional components at the home end and at the corporate end. Broadband wireless solutions include municipal Wi-Fi, cellular/mobile, and satellite Internet. Municipal Wi-Fi mesh networks are not widely deployed. Cellular/mobile coverage can be limited and bandwidth can be an issue. Satellite Internet is relatively expensive and limited, but it may be the only method to provide access.
If multiple broadband connections are available to a particular location, a cost-benefit analysis should be performed to determine the best solution. The best solution may be to connect to multiple service providers to provide redundancy and reliability.
PPPoE is a popular data link protocol for connecting remote networks to their ISPs. PPPoE provides the flexibility of PPP and the convenience of Ethernet.
Chapter Summary
Summary
Presentation_ID
‹#›
© 2008 Cisco Systems, Inc. All rights reserved.
Cisco Confidential
28
3.6 – Chapter Summary
3.6.1 – Summary
© 2006, Cisco Systems, Inc. All rights reserved.
Presentation_ID.scr
VPNs are used to create a secure end-to-end private network connection over a third party network, such as the Internet. GRE is a basic, non-secure site-to-site VPN tunneling protocol that can encapsulate a wide variety of protocol packet types inside IP tunnels, thus allowing an organization to deliver other protocols through an IP-based WAN. Today it is primarily used to deliver IP multicast traffic or IPv6 traffic over an IPv4 unicast-only connection.
BGP is the routing protocol implemented between autonomous systems. Three basic design options for eBGP are as follows:
The ISP advertises a default route only to the customer
The ISP advertises a default route and all of its routes to the customer.
The ISP advertises all Internet routes to the customer.
Implementing eBGP in a single-homed network only requires a few commands.
Chapter Summary
Summary Continued
Presentation_ID
‹#›
© 2008 Cisco Systems, Inc. All rights reserved.
Cisco Confidential
29
3.6 – Chapter Summary
3.6.1 – Summary
© 2006, Cisco Systems, Inc. All rights reserved.
Presentation_ID.scr
/docProps/thumbnail.jpeg