CCIE Routing and Switching v5.0 Official Cert Guide, Volume 2
Cisco Press
978-1-58714-491-2 (ISBN)
CCIE Routing and Switching v5.0 Official Cert Guide, Volume 2, Fifth Edition from Cisco Press enables you to succeed on the exam the first time and is the only self-study resource approved by Cisco. Expert instructors Narbik Kocharians and Terry Vinson share preparation hints and test-taking tips, helping you identify areas of weakness and improve both your conceptual knowledge and hands-on skills. This second of two volumes covers IP BGP routing, quality of service (QoS), wide area networks, IP multicast, network security, and Multiprotocol Label Switching (MPLS) topics.
This complete study package includes
-- A test-preparation routine proven to help you pass the exams
-- Do I Know This Already? quizzes, which enable you to decide how much time you need to spend on each section
-- Chapter-ending exercises, which help you drill on key concepts you must know thoroughly
-- The powerful Pearson IT Certification Practice Test software, complete with hundreds of well-reviewed, exam-realistic questions, customization options, and detailed performance reports
-- A final preparation chapter, which guides you through tools and resources to help you craft your review and test-taking strategies
-- Study plan suggestions and templates to help you organize and optimize your study time
Well regarded for its level of detail, study plans, assessment features, challenging review questions and exercises, this official study guide helps you master the concepts and techniques that ensure your exam success.
The official study guide helps you master topics on the CCIE Routing and Switching v5.0 exams, including:
-- BGP operations and routing policies
-- QoS
-- WANs
-- IP Multicast
-- Device and network security and tunneling technologies
-- MPLS
CCIE Routing and Switching v5.0 Official Cert Guide, Volume 2, Fifth Edition is part of a recommended learning path from Cisco that includes simulation and hands-on training from authorized Cisco Learning Partners and self-study products from Cisco Press. To find out more about instructor-led training, e-learning, and hands-on instruction offered by authorized Cisco Learning Partners worldwide, please visit www.cisco.com/go/authorizedtraining.
The print edition of the CCIE Routing and Switching v5.0 Official Cert Guide, Volume 2, Fifth Edition contains more than 200 practice exam questions.
Also available from Cisco Press for Cisco CCIE R&S v5.0 study is the CCIE Routing and Switching v5.0 Official Cert Guide, Volume 2 Premium Edition eBook and Practice Test, Fifth Edition. This digital-only certification preparation product combines an eBook with enhanced Pearson IT Certification Practice Test.
This integrated learning package:
-- Allows you to focus on individual topic areas or take complete, timed exams
-- Includes direct links from each question to detailed tutorials to help you understand the concepts behind the questions
-- Provides additional unique sets of exam-realistic practice questions
-- Tracks your performance and provides feedback on a module-by-module basis, laying out a complete assessment of your knowledge to help you focus your study where it is needed most
This print book includes a 70% discount offer off the list price of the CCIE Routing and Switching v5.0 Official Cert Guide, Volume 2 Premium Edition eBook and Practice Test, Fifth Edition to help enhance your exam preparation experience.
Narbik Kocharians, CCIE No. 12410 (Routing and Switching, Security, SP), is a Triple CCIE with more than 32 years of experience in the IT industry. He has designed, implemented, and supported numerous enterprise networks. Narbik is the president of Micronics Training, Inc. (www.Micronicstraining.com), where he teaches CCIE R&S and SP boot camps. Terry Vinson, CCIE No. 35347 (Routing and Switching, Data Center), is a seasoned instructor with nearly 25 years of experience teaching and writing technical courses and training materials. Terry has taught and developed training content, as well as provided technical consulting for high-end firms in the north Virginia/Washington, D.C. area. His technical expertise lies in the Cisco arena with a focus on all routing and switching technologies as well as the latest data center technologies, including Nexus switching, unified computing, and storage-area networking (SAN) technologies. Terry currently teaches for CCIE R&S and Data Center Bootcamps for Micronics Training, Inc. and enjoys sailing and game design in his “free time.”
Introduction xxvii
Part I IP BGP Routing
Chapter 1 Fundamentals of BGP Operations 3
“Do I Know This Already?” Quiz 3
Foundation Topics 8
Building BGP Neighbor Relationships 9
Internal BGP Neighbors 10
External BGP Neighbors 13
Checks Before Becoming BGP Neighbors 14
BGP Messages and Neighbor States 15
BGP Message Types 16
Purposefully Resetting BGP Peer Connections 16
Building the BGP Table 18
Injecting Routes/Prefixes into the BGP Table 18
BGP network Command 18
Redistributing from an IGP, Static, or Connected Route 21
Impact of Auto-Summary on Redistributed Routes and the network Command 23
Manual Summaries and the AS_PATH Path Attribute 25
Adding Default Routes to BGP 29
ORIGIN Path Attribute 30
Advertising BGP Routes to Neighbors 31
BGP Update Message 31
Determining the Contents of Updates 32
Example: Impact of the Decision Process and NEXT_HOP on BGP Updates 34
Summary of Rules for Routes Advertised in BGP Updates 40
Building the IP Routing Table 40
Adding eBGP Routes to the IP Routing Table 40
Backdoor Routes 41
Adding iBGP Routes to the IP Routing Table 42
Using Sync and Redistributing Routes 44
Disabling Sync and Using BGP on All Routers in an AS 46
Confederations 47
Configuring Confederations 49
Route Reflectors 52
Multiprotocol BGP 57
Configuration of Multiprotocol BGP 58
Foundation Summary 63
Memory Builders 66
Fill In Key Tables from Memory 66
Definitions 67
Further Reading 67
Chapter 2 BGP Routing Policies 69
“Do I Know This Already?” Quiz 69
Foundation Topics 75
Route Filtering and Route Summarization 75
Filtering BGP Updates Based on NLRI 76
Route Map Rules for NLRI Filtering 79
Soft Reconfiguration 79
Comparing BGP Prefix Lists, Distribute Lists, and Route Maps 80
Filtering Subnets of a Summary Using the aggregate-address Command 81
Filtering BGP Updates by Matching the AS_PATH PA 82
The BGP AS_PATH and AS_PATH Segment Types 82
Using Regular Expressions to Match AS_PATH 84
Example: Matching AS_PATHs Using AS_PATH Filters 87
Matching AS_SET and AS_CONFED_SEQ 91
BGP Path Attributes and the BGP Decision Process 93
Generic Terms and Characteristics of BGP PAs 93
The BGP Decision Process 95
Clarifications of the BGP Decision Process 96
Three Final Tiebreaker Steps in the BGP Decision Process 96
Adding Multiple BGP Routes to the IP Routing Table 97
Mnemonics for Memorizing the Decision Process 98
Configuring BGP Policies 99
Background: BGP PAs and Features Used by Routing Policies 99
Step 1: NEXT_HOP Reachable 101
Step 2: Administrative Weight 101
Step 3: Highest Local Preference (LOCAL_PREF) 104
Step 4: Choose Between Locally Injected Routes Based on ORIGIN PA 107
Step 5: Shortest AS_PATH 107
Removing Private ASNs 108
AS_PATH Prepending and Route Aggregation 109
Step 6: Best ORIGIN PA 112
Step 7: Smallest Multi-Exit Discriminator 112
Configuring MED: Single Adjacent AS 114
Configuring MED: Multiple Adjacent Autonomous Systems 115
The Scope of MED 115
Step 8: Prefer Neighbor Type eBGP over iBGP 116
Step 9: Smallest IGP Metric to the NEXT_HOP 116
The maximum-paths Command and BGP Decision Process Tiebreakers 116
Step 10: Lowest BGP Router ID of Advertising Router (with One Exception) 117
Step 11: Lowest Neighbor ID 117
The BGP maximum-paths Command 118
BGP Communities 119
Matching COMMUNITY with Community Lists 123
Removing COMMUNITY Values 124
Filtering NLRIs Using Special COMMUNITY Values 125
Fast Convergence Enhancements 126
Fast External Neighbor Loss Detection 127
Internal Neighbor Loss Detection 127
EBGP Fast Session Deactivation 128
Foundation Summary 129
Memory Builders 132
Fill In Key Tables from Memory 133
Definitions 133
Further Reading 133
Part II QoS
Chapter 3 Classification and Marking 135
“Do I Know This Already?” Quiz 135
Foundation Topics 139
Fields That Can Be Marked for QoS Purposes 139
IP Precedence and DSCP Compared 139
DSCP Settings and Terminology 140
Class Selector PHB and DSCP Values 140
Assured Forwarding PHB and DSCP Values 141
Expedited Forwarding PHB and DSCP Values 142
Non-IP Header Marking Fields 143
Ethernet LAN Class of Service 143
WAN Marking Fields 143
Locations for Marking and Matching 144
Cisco Modular QoS CLI 145
Mechanics of MQC 145
Classification Using Class Maps 146
Using Multiple match Commands 147
Classification Using NBAR 149
Classification and Marking Tools 149
Class-Based Marking (CB Marking) Configuration 150
CB Marking Example 151
CB Marking of CoS and DSCP 155
Network-Based Application Recognition 156
CB Marking Design Choices 158
Marking Using Policers 158
QoS Pre-Classification 159
Policy Routing for Marking 160
AutoQoS 160
AutoQoS for VoIP 161
AutoQoS VoIP on Switches 161
AutoQoS VoIP on Routers 162
Verifying AutoQoS VoIP 163
AutoQoS for the Enterprise 163
Discovering Traffic for AutoQoS Enterprise 163
Generating the AutoQoS Configuration 164
Verifying AutoQoS for the Enterprise 164
Foundation Summary 165
Memory Builders 167
Fill In Key Tables from Memory 167
Definitions 167
Further Reading 168
Chapter 4 Congestion Management and Avoidance 171
“Do I Know This Already?” Quiz 171
Foundation Topics 175
Cisco Router Queuing Concepts 175
Software Queues and Hardware Queues 175
Queuing on Interfaces Versus Subinterfaces and Virtual Circuits 176
Comparing Queuing Tools 176
Queuing Tools: CBWFQ and LLQ 177
CBWFQ Basic Features and Configuration 178
Defining and Limiting CBWFQ Bandwidth 180
Low-Latency Queuing 182
Defining and Limiting LLQ Bandwidth 184
LLQ with More Than One Priority Queue 185
Miscellaneous CBWFQ/LLQ Topics 186
Queuing Summary 186
Weighted Random Early Detection 187
How WRED Weights Packets 188
WRED Configuration 189
Modified Deficit Round-Robin 190
LAN Switch Congestion Management and Avoidance 193
Cisco Switch Ingress Queuing 193
Creating a Priority Queue 193
Cisco 3560 Congestion Avoidance 195
Cisco 3560 Switch Egress Queuing 197
Resource Reservation Protocol (RSVP) 199
RSVP Process Overview 200
Configuring RSVP 201
Using RSVP for Voice Calls 203
Foundation Summary 205
Memory Builders 205
Fill In Key Tables from Memory 205
Definitions 205
Further Reading 205
Chapter 5 Shaping, Policing, and Link Fragmentation 207
“Do I Know This Already?” Quiz 207
Foundation Topics 211
Traffic-Shaping Concepts 211
Shaping Terminology 211
Shaping with an Excess Burst 213
Underlying Mechanics of Shaping 213
Generic Traffic Shaping 214
Class-Based Shaping 216
Tuning Shaping for Voice Using LLQ and a Small Tc 218
Configuring Shaping by Bandwidth Percent 221
CB Shaping to a Peak Rate 222
Adaptive Shaping 222
Policing Concepts and Configuration 222
CB Policing Concepts 222
Single-Rate, Two-Color Policing (One Bucket) 223
Single-Rate, Three-Color Policer (Two Buckets) 224
Two-Rate, Three-Color Policer (Two Buckets) 225
Class-Based Policing Configuration 227
Single-Rate, Three-Color Policing of All Traffic 227
Policing a Subset of the Traffic 228
CB Policing Defaults for Bc and Be 229
Configuring Dual-Rate Policing 229
Multi-Action Policing 229
Policing by Percentage 230
Committed Access Rate 231
Hierarchical Queuing Framework (HQF) 233
Flow-Based Fair-Queuing Support in Class-Default 235
Default Queuing Implementation for Class-Default 236
Class-Default and Bandwidth 236
Default Queuing Implementation for Shape Class 236
Policy Map and Interface Bandwidth 236
Per-Flow Queue Limit in Fair Queue 236
Oversubscription Support for Multiple Policies on Logical Interfaces 236
Shaping on a GRE Tunnel 237
Nested Policy and Reference Bandwidth for Child-Policy 237
Handling Traffic Congestion on an Interface Configured with Policy Map 237
QoS Troubleshooting and Commands 237
Troubleshooting Slow Application Response 238
Troubleshooting Voice and Video Problems 239
Other QoS Troubleshooting Tips 240
Approaches to Resolving QoS Issues 240
Foundation Summary 242
Memory Builders 243
Fill In Key Tables from Memory 243
Definitions 243
Further Reading 243
Part III Wide-Area Networks
Chapter 6 Wide-Area Networks 245
“Do I Know This Already?” Quiz 245
Foundation Topics 247
Layer 2 Protocols 247
HDLC 247
Point-to-Point Protocol 249
PPP Link Control Protocol 250
Basic LCP/PPP Configuration 251
Multilink PPP 252
MLP Link Fragmentation and Interleaving 254
PPP Compression 255
PPP Layer 2 Payload Compression 256
Header Compression 256
PPPoE 257
Server Configuration 258
Client Configuration 259
Authentication 260
Ethernet WAN 262
VPLS 262
Metro-Ethernet 263
Foundation Summary 264
Memory Builders 265
Fill In Key Tables from Memory 265
Definitions 265
Further Reading 265
Part IV IP Multicast
Chapter 7 Introduction to IP Multicasting 267
“Do I Know This Already?” Quiz 267
Foundation Topics 270
Why Do You Need Multicasting? 270
Problems with Unicast and Broadcast Methods 270
How Multicasting Provides a Scalable and Manageable Solution 273
Multicast IP Addresses 276
Multicast Address Range and Structure 276
Well-Known Multicast Addresses 276
Multicast Addresses for Permanent Groups 277
Multicast Addresses for Source-Specific Multicast Applications and Protocols 278
Multicast Addresses for GLOP Addressing 278
Multicast Addresses for Private Multicast Domains 278
Multicast Addresses for Transient Groups 278
Summary of Multicast Address Ranges 279
Mapping IP Multicast Addresses to MAC Addresses 280
Managing Distribution of Multicast Traffic with IGMP 281
Joining a Group 282
Internet Group Management Protocol 282
IGMP Version 2 283
IGMPv2 Host Membership Query Functions 285
IGMPv2 Host Membership Report Functions 286
IGMPv2 Solicited Host Membership Report 286
IGMPv2 Unsolicited Host Membership Report 288
IGMPv2 Leave Group and Group-Specific Query Messages 289
IGMPv2 Querier 291
IGMPv2 Timers 292
IGMP Version 3 292
IGMPv1 and IGMPv2 Interoperability 294
IGMPv2 Host and IGMPv1 Routers 294
IGMPv1 Host and IGMPv2 Routers 294
Comparison of IGMPv1, IGMPv2, and IGMPv3 295
LAN Multicast Optimizations 296
Cisco Group Management Protocol 296
IGMP Snooping 303
Router-Port Group Management Protocol 307
IGMP Filtering 309
IGMP Proxy 310
Foundation Summary 314
Memory Builders 314
Fill In Key Tables from Memory 314
Definitions 315
Further Reading 315
References in This Chapter 315
Chapter 8 IP Multicast Routing 317
“Do I Know This Already?” Quiz 317
Foundation Topics 321
Multicast Routing Basics 321
Overview of Multicast Routing Protocols 322
Multicast Forwarding Using Dense Mode 322
Reverse Path Forwarding Check 323
Multicast Forwarding Using Sparse Mode 325
Multicast Scoping 327
TTL Scoping 327
Administrative Scoping 328
Dense-Mode Routing Protocols 329
Operation of Protocol Independent Multicast Dense Mode 329
Forming PIM Adjacencies Using PIM Hello Messages 329
Source-Based Distribution Trees 330
Prune Message 331
PIM-DM: Reacting to a Failed Link 333
Rules for Pruning 335
Steady-State Operation and the State Refresh Message 337
Graft Message 339
LAN-Specific Issues with PIM-DM and PIM-SM 340
Prune Override 340
Assert Message 341
Designated Router 343
Summary of PIM-DM Messages 343
Distance Vector Multicast Routing Protocol 344
Multicast Open Shortest Path First 344
Sparse-Mode Routing Protocols 345
Operation of Protocol Independent Multicast Sparse Mode 345
Similarities Between PIM-DM and PIM-SM 346
Sources Sending Packets to the Rendezvous Point 346
Joining the Shared Tree 348
Completion of the Source Registration Process 350
Shared Distribution Tree 352
Steady-State Operation by Continuing to Send Joins 353
Examining the RP’s Multicast Routing Table 354
Shortest-Path Tree Switchover 355
Pruning from the Shared Tree 357
Dynamically Finding RPs and Using Redundant RPs 358
Dynamically Finding the RP Using Auto-RP 359
Dynamically Finding the RP Using BSR 363
Anycast RP with MSDP 365
Interdomain Multicast Routing with MSDP 367
Summary: Finding the RP 369
Bidirectional PIM 370
Comparison of PIM-DM and PIM-SM 371
Source-Specific Multicast 372
Implementing IPv6 Multicast PIM 373
Designated Priority Manipulation 376
PIM6 Hello Interval 377
IPv6 Sparse-Mode Multicast 379
IPv6 Static RP 379
IPv6 BSR 381
Multicast Listener Discovery (MLD) 385
Embedded RP 389
Foundation Summary 393
Memory Builders 397
Fill In Key Tables from Memory 397
Definitions 397
Further Reading 397
Part V Security
Chapter 9 Device and Network Security 399
“Do I Know This Already?” Quiz 399
Foundation Topics 403
Router and Switch Device Security 403
Simple Password Protection for the CLI 403
Better Protection of Enable and Username Passwords 405
Using Secure Shell Protocol 405
User Mode and Privileged Mode AAA Authentication 406
Using a Default Set of Authentication Methods 407
Using Multiple Authentication Methods 408
Groups of AAA Servers 410
Overriding the Defaults for Login Security 410
PPP Security 411
Layer 2 Security 412
Switch Security Best Practices for Unused and User Ports 413
Port Security 413
Dynamic ARP Inspection 417
DHCP Snooping 420
IP Source Guard 422
802.1X Authentication Using EAP 423
Storm Control 426
General Layer 2 Security Recommendations 427
Layer 3 Security 429
IP Access Control List Review 430
ACL Rule Summary 431
Wildcard Masks 433
General Layer 3 Security Considerations 433
Smurf Attacks, Directed Broadcasts, and RPF Checks 433
Inappropriate IP Addresses 435
TCP SYN Flood, the Established Bit, and TCP Intercept 436
Classic Cisco IOS Firewall 438
TCP Versus UDP with CBAC 439
Cisco IOS Firewall Protocol Support 439
Cisco IOS Firewall Caveats 440
Cisco IOS Firewall Configuration Steps 440
Cisco IOS Zone-Based Firewall 441
Control-Plane Policing 446
Preparing for CoPP Implementation 447
Implementing CoPP 448
Dynamic Multipoint VPN 451
Step 1: Basic Configuration of IP Addresses 452
Step 2: GRE Multipoint Tunnel Configuration on All Routers (for Spoke-to-Spoke Connectivity) 453
Step 3: Configure IPsec to Encrypt mGRE Tunnels 457
Step 4: DMVPN Routing Configuration 459
IPv6 First Hop Security 461
First Hop Security for IPv6 461
Link Operations 463
End Node Security Enforcement 463
First Hop Switch Security Enforcement 464
Last Router Security Enforcement 464
ICMPv6 and Neighbor Discovery Protocol 464
Secure Neighbor Discovery (SeND) 465
Securing at the First Hop 466
RA Guard 467
DHCPv6 Guard 468
DHCPv6 Guard and the Binding Database 469
IPv6 Device Tracking 471
IPv6 Neighbor Discovery Inspection 472
IPv6 Source Guard 473
Port Access Control Lists (PACL) 475
Foundation Summary 476
Memory Builders 480
Fill In Key Tables from Memory 480
Definitions 480
Further Reading 480
Chapter 10 Tunneling Technologies 483
“Do I Know This Already?” Quiz 483
Foundation Topics 486
GRE Tunnels 486
Dynamic Multipoint VPN Tunnels 487
DMVPN Operation 488
DMVPN Components 488
DMVPN Operation 489
IPv6 Tunneling and Related Techniques 495
Tunneling Overview 496
Manually Configured Tunnels 497
Automatic IPv4-Compatible Tunnels 499
IPv6-over-IPv4 GRE Tunnels 499
Automatic 6to4 Tunnels 499
ISATAP Tunnels 501
SLAAC and DHCPv6 502
NAT-PT 502
NAT ALG 502
NAT64 502
Layer 2 VPNs 503
Tagged Mode 503
Raw Mode 503
Layer 2 Tunneling Protocol (L2TPv3) 504
AToM (Any Transport over MPLS) 504
Virtual Private LAN Services (VPLS) 505
Overlay Transport Virtualization (OTV) 506
GET VPN 506
Foundation Summary 512
Memory Builders 512
Definitions 512
Part VI Multiprotocol Label Switching (MPLS)
Chapter 11 Multiprotocol Label Switching 515
“Do I Know This Already?” Quiz 515
Foundation Topics 519
MPLS Unicast IP Forwarding 519
MPLS IP Forwarding: Data Plane 520
CEF Review 520
Overview of MPLS Unicast IP Forwarding 521
MPLS Forwarding Using the FIB and LFIB 522
The MPLS Header and Label 524
The MPLS TTL Field and MPLS TTL Propagation 524
MPLS IP Forwarding: Control Plane 526
MPLS LDP Basics 527
The MPLS Label Information Base Feeding the FIB and LFIB 529
Examples of FIB and LFIB Entries 532
Label Distribution Protocol Reference 534
MPLS VPNs 535
The Problem: Duplicate Customer Address Ranges 535
The Solution: MPLS VPNs 537
MPLS VPN Control Plane 539
Virtual Routing and Forwarding Tables 540
MP-BGP and Route Distinguishers 541
Route Targets 543
Overlapping VPNs 545
MPLS VPN Configuration 546
Configuring the VRF and Associated Interfaces 548
Configuring the IGP Between PE and CE 550
Configuring Redistribution Between PE-CE IGP and MP-BGP 553
Configuring MP-BGP Between PEs 555
MPLS VPN Data Plane 558
Building the (Inner) VPN Label 559
Creating LFIB Entries to Forward Packets to the Egress PE 560
Creating VRF FIB Entries for the Ingress PE 562
Penultimate Hop Popping 564
Other MPLS Applications 565
Implement Multi-VRF Customer Edge (VRF Lite) 566
VRF Lite, Without MPLS 566
VRF Lite with MPLS 569
Foundation Summary 570
Memory Builders 570
Fill In Key Tables from Memory 570
Definitions 570
Further Reading 570
Part VII Final Preparation
Chapter 12 Final Preparation 573
Tools for Final Preparation 573
Pearson Cert Practice Test Engine and Questions on the CD 573
Install the Software from the CD 574
Activate and Download the Practice Exam 574
Activating Other Exams 575
Premium Edition 575
The Cisco Learning Network 575
Memory Tables 575
Chapter-Ending Review Tools 576
Suggested Plan for Final Review/Study 576
Using the Exam Engine 576
Summary 577
Part VIII Appendixes
Appendix A Answers to the “Do I Know This Already?” Quizzes 579
Appendix B CCIE Exam Updates 583
CD-Only
Appendix C Decimal to Binary Conversion Table
Appendix D IP Addressing Practice
Appendix E Key Tables for CCIE Study
Appendix F Solutions for Key Tables for CCIE Study
Glossary
9781587144912 TOC 10/22/2014
Erscheint lt. Verlag | 16.12.2014 |
---|---|
Reihe/Serie | Official Cert Guide |
Verlagsort | Indianapolis |
Sprache | englisch |
Maße | 195 x 240 mm |
Gewicht | 1180 g |
Themenwelt | Informatik ► Weitere Themen ► Zertifizierung |
ISBN-10 | 1-58714-491-3 / 1587144913 |
ISBN-13 | 978-1-58714-491-2 / 9781587144912 |
Zustand | Neuware |
Haben Sie eine Frage zum Produkt? |
aus dem Bereich