Instruction/ maintenance manual of the product OL-4344-01 Cisco Systems
Go to page of 32
CH A P T E R 1-1 Cisco IP Solution Center, 3.0: MPLS VPN Ma nagement User Guide, 3.0 OL-4344-01 1 About Cisco IP Solution Center Cisco IP Solution Center (ISC) is a car rier- class ne two rk and service-management solution for the rapid and cost-effecti ve deli very of IP services.
1-2 Cisco IP Solution Center, 3.0: MPLS VPN Manage ment User Guide, 3.0 OL-4344-01 Chapter 1 Ab out Cisco IP Solution Center Overview of ISC The notable ISC network elements are as follows: • ISC Ne.
1-3 Cisco IP Solution Center, 3.0: MPLS VPN Ma nagement User Guide, 3.0 OL-4344-01 Chapter 1 About Cisco IP Solution Center Overview of ISC It is not required that the set of IPv4 addresses us ed in a.
1-4 Cisco IP Solution Center, 3.0: MPLS VPN Manage ment User Guide, 3.0 OL-4344-01 Chapter 1 Ab out Cisco IP Solution Center Overview of ISC • VLAN ID Management : ISC allocates VLAN IDs per customer and per Et hernet Service deployed.
1-5 Cisco IP Solution Center, 3.0: MPLS VPN Ma nagement User Guide, 3.0 OL-4344-01 Chapter 1 About Cisco IP Solution Center Overview of ISC Figur e 1 -3 Access Do main Assigned 2. All the network elements hav e been discov ered dur ing the Autodiscov ery process, as well as the network topol ogy (connect i vity betw een sites).
1-6 Cisco IP Solution Center, 3.0: MPLS VPN Manage ment User Guide, 3.0 OL-4344-01 Chapter 1 Ab out Cisco IP Solution Center Overview of ISC • Route Distinguisher (RD) pool : The IP subnets advert ised by the CE routers to the PE routers are augmented with a 64-bit pref ix called a route dist inguisher (RD) to make them unique.
1-7 Cisco IP Solution Center, 3.0: MPLS VPN Ma nagement User Guide, 3.0 OL-4344-01 Chapter 1 About Cisco IP Solution Center Overview of ISC • VRF confi guration (exp ort map, import map, maximum num.
1-8 Cisco IP Solution Center, 3.0: MPLS VPN Manage ment User Guide, 3.0 OL-4344-01 Chapter 1 Ab out Cisco IP Solution Center Overview of ISC Figur e 1 -4 Defining the User Role The permissions to Crea.
1-9 Cisco IP Solution Center, 3.0: MPLS VPN Ma nagement User Guide, 3.0 OL-4344-01 Chapter 1 About Cisco IP Solution Center The Customer’s and Provider ’ s View of the Netw ork The Customer’s an.
1-10 Cisco IP Solution Center, 3.0: MPLS VPN Manage ment User Guide, 3.0 OL-4344-01 Chapter 1 Ab out Cisco IP Solution Center The Customer’s and Provider’s View of the Network Figur e 1 -6 Service Provider’ s View of the Networ k About Provider Edge Routers (PEs) At the edge of the provider network are provider ed ge routers (PEs).
1-11 Cisco IP Solution Center, 3.0: MPLS VPN Ma nagement User Guide, 3.0 OL-4344-01 Chapter 1 About Cisco IP Solution Center The Customer’s and Provider ’ s View of the Netw ork A Multi-VRF CE is unlik e a CE in that there is no label e xchange, no LDP ad jacency , and no labeled packet flo w between the PE a nd the CE.
1-12 Cisco IP Solution Center, 3.0: MPLS VPN Manage ment User Guide, 3.0 OL-4344-01 Chapter 1 Ab out Cisco IP Solution Center Using Templates to Custom ize Configuration Files Mapping IPsec Tunnels to.
1-13 Cisco IP Solution Center, 3.0: MPLS VPN Ma nagement User Guide, 3.0 OL-4344-01 Chapter 1 About Cisco IP Solution Center Using Templates to Custom ize Configuration Files The template fi les and data f iles are in XML format. The template f ile, its data f iles, and all templat e configuration f ile fi les are ma pped to a single directory .
1-14 Cisco IP Solution Center, 3.0: MPLS VPN Manage ment User Guide, 3.0 OL-4344-01 Chapter 1 Ab out Cisco IP Solution Center About MPLS VPNs • Audit Existing Services : Checks and ev aluates conf igurat ion of deployed service to see if the service is still in ef fect.
1-15 Cisco IP Solution Center, 3.0: MPLS VPN Ma nagement User Guide, 3.0 OL-4344-01 Chapter 1 About Cisco IP Solution Center About MPLS VPNs Characteristics of MPLS VPNs MPLS VPNs have the follo wing .
1-16 Cisco IP Solution Center, 3.0: MPLS VPN Manage ment User Guide, 3.0 OL-4344-01 Chapter 1 Ab out Cisco IP Solution Center About MPLS VPNs VPN Routing and Forwarding Tables (VRFs) The VPN routing and forw arding table (VRF) is a ke y element in the MPLS VPN technolog y .
1-17 Cisco IP Solution Center, 3.0: MPLS VPN Ma nagement User Guide, 3.0 OL-4344-01 Chapter 1 About Cisco IP Solution Center About MPLS VPNs Figur e 1 - 9 VRFs for Sites i n Multiple VPNs VRF Implemen.
1-18 Cisco IP Solution Center, 3.0: MPLS VPN Manage ment User Guide, 3.0 OL-4344-01 Chapter 1 Ab out Cisco IP Solution Center About MPLS VPNs • The MPLS VPN backbone relies on the appropr iate Interior Gate wa y Protocol (IGP) that is configured for MPLS, fo r example, EIGRP , or OSPF .
1-19 Cisco IP Solution Center, 3.0: MPLS VPN Ma nagement User Guide, 3.0 OL-4344-01 Chapter 1 About Cisco IP Solution Center About MPLS VPNs ISC chooses route tar get v alues by default, b ut you can .
1-20 Cisco IP Solution Center, 3.0: MPLS VPN Manage ment User Guide, 3.0 OL-4344-01 Chapter 1 Ab out Cisco IP Solution Center About MPLS VPNs ISC supports multiple CEs pe r site and multiple site s connected to the same PE. Each CERC has unique route targ ets (R T), route distinguisher (RD) and VRF naming.
1-21 Cisco IP Solution Center, 3.0: MPLS VPN Ma nagement User Guide, 3.0 OL-4344-01 Chapter 1 About Cisco IP Solution Center Security Requirements for MPLS VPNs Security Requirements for MPLS VPNs This section discusses the security requirements for MPLS VPN archit ectures.
1-22 Cisco IP Solution Center, 3.0: MPLS VPN Manage ment User Guide, 3.0 OL-4344-01 Chapter 1 Ab out Cisco IP Solution Center Security Requirements for MPLS VPNs Gi ven addressi ng and routing separati on across an MPLS core network , MPLS of fers in thi s respect the same security as comparable Layer 2 VPNs, such as A TM or Frame Relay .
1-23 Cisco IP Solution Center, 3.0: MPLS VPN Ma nagement User Guide, 3.0 OL-4344-01 Chapter 1 About Cisco IP Solution Center Security Requirements for MPLS VPNs Resistance to Attacks It is not possible to d irectly intrude into other VPNs. Ho we v er , i t is possible to attack the MPLS core, and try to attack other VPNs from there.
1-24 Cisco IP Solution Center, 3.0: MPLS VPN Manage ment User Guide, 3.0 OL-4344-01 Chapter 1 Ab out Cisco IP Solution Center Security Requirements for MPLS VPNs In practice, access to the PE router o ver the CE-PE int erface can be limi ted to the required rou ting protocol b y using access control lists (A CLs).
1-25 Cisco IP Solution Center, 3.0: MPLS VPN Ma nagement User Guide, 3.0 OL-4344-01 Chapter 1 About Cisco IP Solution Center Security Requirements for MPLS VPNs For security reasons, a PE router should ne ver accep t a p acket with a label fr om a CE router .
1-26 Cisco IP Solution Center, 3.0: MPLS VPN Manage ment User Guide, 3.0 OL-4344-01 Chapter 1 Ab out Cisco IP Solution Center Security Requirements for MPLS VPNs • PE-P link: use LDP MD5 authen tication • P-P This pre vents att ackers from spoof ing a peer rout er and introducin g bogus routing infor mation.
1-27 Cisco IP Solution Center, 3.0: MPLS VPN Ma nagement User Guide, 3.0 OL-4344-01 Chapter 1 About Cisco IP Solution Center Security Requirements for MPLS VPNs From a security point of vie w , the merged VPNs beha ve like one logical VPN, and the security mechanisms described abov e apply now between th e merged VPN and other VPNs.
1-28 Cisco IP Solution Center, 3.0: MPLS VPN Manage ment User Guide, 3.0 OL-4344-01 Chapter 1 Ab out Cisco IP Solution Center Security Requirements for MPLS VPNs The forwarding table for a PE contains only addre ss entries for members of the sa me VPN.
1-29 Cisco IP Solution Center, 3.0: MPLS VPN Ma nagement User Guide, 3.0 OL-4344-01 Chapter 1 About Cisco IP Solution Center Security Requirements for MPLS VPNs • Layer 2 VPN Service • MPLS VPN Se.
1-30 Cisco IP Solution Center, 3.0: MPLS VPN Manage ment User Guide, 3.0 OL-4344-01 Chapter 1 Ab out Cisco IP Solution Center Security Requirements for MPLS VPNs • The Processing server can be added dynami cally . The W atchdog will discov er their e xistence when you start up ISC.
1-31 Cisco IP Solution Center, 3.0: MPLS VPN Ma nagement User Guide, 3.0 OL-4344-01 Chapter 1 About Cisco IP Solution Center The Four-Tier System Architecture Figur e 1 -12 Redundant Load Balancing Configur ation The Four-Tier System Architecture The Cisco ISC architecture is a four-t ier architecture.
1-32 Cisco IP Solution Center, 3.0: MPLS VPN Manage ment User Guide, 3.0 OL-4344-01 Chapter 1 Ab out Cisco IP Solution Center The Four-Tier System Architectu re • Contr o l tier The Control T ier consists of the ISC Repository (a relational database) and the task scheduling and distrib ution system.
An important point after buying a device Cisco Systems OL-4344-01 (or even before the purchase) is to read its user manual. We should do this for several simple reasons:
If you have not bought Cisco Systems OL-4344-01 yet, this is a good time to familiarize yourself with the basic data on the product. First of all view first pages of the manual, you can find above. You should find there the most important technical data Cisco Systems OL-4344-01 - thus you can check whether the hardware meets your expectations. When delving into next pages of the user manual, Cisco Systems OL-4344-01 you will learn all the available features of the product, as well as information on its operation. The information that you get Cisco Systems OL-4344-01 will certainly help you make a decision on the purchase.
If you already are a holder of Cisco Systems OL-4344-01, but have not read the manual yet, you should do it for the reasons described above. You will learn then if you properly used the available features, and whether you have not made any mistakes, which can shorten the lifetime Cisco Systems OL-4344-01.
However, one of the most important roles played by the user manual is to help in solving problems with Cisco Systems OL-4344-01. Almost always you will find there Troubleshooting, which are the most frequently occurring failures and malfunctions of the device Cisco Systems OL-4344-01 along with tips on how to solve them. Even if you fail to solve the problem, the manual will show you a further procedure – contact to the customer service center or the nearest service center