Ciscopress - 31 Days Before Your CCNP and CCIE Enterprise Core Exam by Patrick Gargano.pdf

Unformatted text preview: 31 Days Before Your CCNP and CCIE Enterprise Core Exam A Day-By-Day Review Guide for the ENCOR 350-401 Certification Exam Patrick Gargano Cisco Press Contents Day 31. Enterprise Network Architecture Day 30. Packet Switching and Forwarding Day 29. LAN Connectivity Day 28. Spanning Tree Protocol Day 27. Port Aggregation Day 26. EIGRP Day 25. OSPFv2 Day 24. Advanced OSPFv2 & OSPFv3 Day 23. BGP Day 22. First-Hop Redundancy Protocols Day 21. Network Services Day 20. GRE and IPsec Day 19. LISP and VXLAN Day 18. SD-Access Day 17. SD-WAN Day 16. Multicast Day 15. QoS Day 14. Network Assurance (part 1) Day 13. Network Assurance (part 2) Day 12. Wireless Concepts Day 11. Wireless Deployment Day 10. Wireless Client Roaming and Authentication Day 9. Secure Network Access Day 8. Infrastructrure Security Day 7. Virtualization Day 6. SDN and Cisco DNA Center Day 5. Network Programmability Day 4. Automation Day 3. SPARE Day 2. SPARE Day 1. ENCOR Skills Review and Practice Table of Contents Day 31. Enterprise Network Architecture ENCOR 350-401 Exam Topics Key Topics Hierarchical LAN Design Model Enterprise Network Architecture Options Study Resources Day 30. Packet Switching and Forwarding ENCOR 350-401 Exam Topics Key Topics Layer 2 Switch Operation Layer 3 Switch Operation Forwarding Mechanisms Study Resources Day 29. LAN Connectivity ENCOR 350-401 Exam Topics Key Topics VLAN Overview Access Ports 802.1Q Trunk Ports Dynamic Trunking Protocol VLAN Trunking Protocol Inter-VLAN Routing Study Resources Day 28. Spanning Tree Protocol ENCOR 350-401 Exam Topics Key Topics IEEE 802.1D STP Overview Rapid Spanning Tree Protocol STP and RSTP Configuration and Verification STP Stability Mechanisms Multiple Spanning Tree Protocol Study Resources Day 27. Port Aggregation ENCOR 350-401 Exam Topics Key Topics Need for EtherChannel EtherChannel Mode Interactions EtherChannel Configuration Guidelines EtherChannel Load Balancing Options EtherChannel Configuration and Verification Advanced EtherChannel Tuning Study Resources Day 26. EIGRP ENCOR 350-401 Exam Topics Key Topics EIGRP Features EIGRP Reliable Transport Protocol Establishing EIGRP Neighbor Adjacency EIGRP Metrics EIGRP Path Selection EIGRP Load Balancing and Sharing Study Resources Day 25. OSPFv2 ENCOR 350-401 Exam Topics Key Topics OSPF Characteristics OSPF Process OSPF Neighbor Adjacencies Building a Link-State Database OSPF Neighbor States OSPF Packet Types OSPF LSA Types Single-Area and Multiarea OSPF OSPF Area Structure OSPF Network Types OSPF DR and BDR Election OSPF Timers Multiarea OSPF Configuration Verifying OSPF Functionality Study Resources Day 24. Advanced OSPFv2 & OSPFv3 ENCOR 350-401 Exam Topics Key Topics OSPF Cost OSPF Passive Interfaces OSPF Default Routing OSPF Route Summarization OSPF Route Filtering Tools OSPFv3 OSPFv3 Configuration Study Resources Day 23. BGP ENCOR 350-401 Exam Topics Key Topics BGP Interdomain Routing BGP Multihoming BGP Operations BGP Neighbor States BGP Neighbor Relationships BGP Path Selection BGP Path Attributes BGP Configuration Study Resources Day 22. First-Hop Redundancy Protocols ENCOR 350-401 Exam Topics Key Topics Default Gateway Redundancy First Hop Redundancy Protocol HSRP VRRP Study Resources Day 21. Network Services ENCOR 350-401 Exam Topics Key Topics Network Address Translation Network Time Protocol Study Resources Day 20. GRE and IPsec ENCOR 350-401 Exam Topics Key Topics Generic Routing Encapsulation IP Security (IPsec) Study Resources Day 19. LISP and VXLAN ENCOR 350-401 Exam Topics Key Topics Locator/ID Separation Protocol Virtual Extensible LAN (VXLAN) Study Resources Day 18. SD-Access ENCOR 350-401 Exam Topics Key Topics Software-Defined Access Study Resources Day 17. SD-WAN ENCOR 350-401 Exam Topics Key Topics Software-Defined WAN Study Resources Day 16. Multicast ENCOR 350-401 Exam Topics Key Topics Multicast Overview Study Resources Day 15. QoS ENCOR 350-401 Exam Topics Key Topics Quality of Service Study Resources Day 14. Network Assurance (part 1) ENCOR 350-401 Exam Topics Key Topics Troubleshooting Concepts Network Diagnostic Tools Cisco IOS IP SLAs Switched Port Analyzer Overview Study Resources Day 13. Network Assurance (part 2) ENCOR 350-401 Exam Topics Key Topics Logging Services Study Resources Day 12. Wireless Concepts ENCOR 350-401 Exam Topics Key Topics Explain RF Principles Study Resources Day 11. Wireless Deployment Day 10. Wireless Client Roaming and Authentication Day 9. Secure Network Access Day 8. Infrastructrure Security Day 7. Virtualization Day 6. SDN and Cisco DNA Center Day 5. Network Programmability Day 4. Automation Day 3. SPARE Day 2. SPARE Day 1. ENCOR Skills Review and Practice Day 31. Enterprise Network Architecture ENCOR 350-401 EXAM TOPICS Explain the different design principles used in an enterprise network • Enterprise network design such as Tier 2, Tier 3, and Fabric Capacity planning KEY TOPICS Today we review the hierarchical LAN design model, as well as the options available for different campus network deployments. This is a high-level overview of the enterprise campus architectures that can be used to scale from a small corporate network environment to a large campus-sized network. We will look at design options such as: Two-tier design (collapsed core) Three-tier design Layer 2 access layer (STP based) – loop-free and looped Layer 3 access layer (routed based) Simplified campus design using VSS and StackWise Software-Defined Access (SD-Access) Design Spine-and-leaf architecture HIERARCHICAL LAN DESIGN MODEL The campus LAN uses a hierarchical design model to break the design up into modular groups or layers. Breaking the design up into layers allows each layer to implement specific functions, which simplifies the network design and therefore the deployment and management of the network. In flat or meshed network architectures, even small configuration changes tend to affect many systems. Hierarchical design helps constrain operational changes to a subset of the network, which makes it easy to manage as well as improve resiliency. Modular structuring of the network into small, easy-tounderstand elements also facilitates resiliency via improved fault isolation. A hierarchical LAN design includes the following three layers: Access layer - Provides endpoints and users direct access to the network. Distribution layer - Aggregates access layers and provides connectivity to services. Core layer - Provides backbone connectivity between distribution layers for large LAN environments, as well as connectivity to other networks within or outside the organization. Figure 31-1 illustrates a hierarchical LAN design using three layers. Figure 31-1 Hierarchical LAN Design Access Layer The access layer is where user-controlled devices, useraccessible devices, and other end-point devices are connected to the network. The access layer provides both wired and wireless connectivity and contains features and services that ensure security and resiliency for the entire network. The access layer provides highbandwidth device connectivity, as well as a set of network services that support advanced technologies, such as voice and video. The access layer is one of the most feature-rich parts of the campus network since it provides a security, QoS, and policy trust boundary. It offers support for technologies like Power over Ethernet (PoE) and Cisco Discovery Protocol (CDP) for deployment of wireless access points (APs) and IP phones. Figure 31-2 illustrates the connectivity at the access layer. Figure 31-2 Access Layer Connectivity Distribution Layer In a network where connectivity needs to traverse the LAN end-to-end, whether between different access layer devices or from an access layer device to the WAN, the distribution layer facilitates this connectivity. This layer provides scalability and resilience as it is used to logically aggregate the uplinks of access switches to one or more distribution switches. Scalability is accomplished via the aggregation of those access switches, while the resilience is accomplished because of the logical separation with multiple distribution switches. The distribution layer is the place where routing and packet manipulation are performed, and this layer can be a routing boundary between the access and core layers where QoS and load balancing are implemented. Figure 31-3 illustrates the connectivity at the distribution layer. Figure 31-3 Distribution Layer Connectivity Core Layer The core layer is the high-speed backbone for campus connectivity, and it is the aggregation point for the other layers and modules in the hierarchical network architecture. It is designed to switch packets with minimal processing as fast as possible 24x7x365. The core must provide a high level of stability, redundancy, and scalability. In environments where the campus is contained within a single building—or multiple adjacent buildings with the appropriate amount of fiber—it is possible to collapse the core into distribution switches. Without a core layer, the distribution layer switches will need to be fully meshed. This design is difficult to scale and increases the cabling requirements because each new building distribution switch needs full-mesh connectivity to all the distribution switches. The routing complexity of a full-mesh design increases as you add new neighbors. Figure 31-4 illustrates a network with and without a core layer. The core layer reduces the network complexity, from N * (N-1) to N links for N distributions (if using link aggregation to the core, as shown in Figure 31-4), otherwise it would N * 2 if using individual links to a redundant core. Figure 31-4 LAN Topology With and Without a Core Layer ENTERPRISE NETWORK ARCHITECTURE OPTIONS There are multiple enterprise network architecture design options available for deploying a campus network, depending on the size of the campus as well as the reliability, resiliency, availability, performance, security, and scalability required for it. Each possible option should be evaluated against business requirements. Since campus networks are modular, an enterprise network could have a mixture of these options. Two-Tier Design (Collapsed Core) The distribution layer provides connectivity to networkbased services, to the data center/server room, to the WAN, and to the Internet edge. Network-based services can include but are not limited to Cisco Identity Services Engine (ISE) and wireless LAN controllers (WLC). Depending on the size of the LAN, these services and the interconnection to the WAN and Internet edge may reside on a distribution layer switch that also aggregates the LAN access-layer connectivity. This is also referred to as a collapsed core design because the distribution serves as the Layer 3 aggregation layer for all devices. It is important to consider that in any campus design even those that can physically be built with a collapsed core that the primary purpose of the core is to provide fault isolation and backbone connectivity. Isolating the distribution and core into two separate modules creates a clean delineation for change control between activities affecting end stations (laptops, phones, and printers) and those that affect the data center, WAN or other parts of the network. A core layer also provides for flexibility for adapting the campus design to meet physical cabling and geographical challenges. In Figure 31-5, illustrates a collapsed LAN core. Figure 31-5 Two-Tier Design: Distribution Layer Functioning as a Collapsed Core Three-Tier Design Larger LAN designs require a dedicated distribution layer for network-based services versus sharing connectivity with access layer devices. As the density of WAN routers, Internet edge devices, and WLAN controllers grows, the ability to connect to a single distribution layer switch becomes hard to manage. When connecting at least three distributions together, using a core layer for distribution connectivity should be a consideration. The three-tier campus network is mostly deployed in environments where multiple offices and buildings are located closely together, allowing for high-speed fiber connections to the headquarters owned by the enterprise. Examples could be the campus network at a university, a hospital with multiple buildings, or a large enterprise with multiple buildings on a privately-owned campus. Figure 31-6 illustrates a typical three-tier campus network design. Figure 31-6 Three-Tier Design for Large Campus Network Layer 2 Access Layer (STP Based) – LoopFree and Looped In the traditional hierarchical campus design, distribution blocks use a combination of Layer 2, Layer 3, and Layer 4 protocols and services to provide for optimal convergence, scalability, security, and manageability. In the most common distribution block configurations, the access switch is configured as a Layer 2 switch that forwards traffic on high-speed trunk ports to the distribution switches. Distribution switches are configured to support both Layer 2 switching on their downstream access switch trunks and Layer 3 switching on their upstream ports towards the core of the network. With traditional layer 2 access layer design, there is no true load balancing because STP blocks redundant links. Load balancing can be achieved through manipulation of STP and FHRP (HSRP, VRRP) settings and having traffic from different VLANs on different links. However, manual STP and FHRP manipulation is not true load balancing. Another way to achieve good load balancing is by limiting VLANs on a single switch and employing GLBP, but this design might get complex. Convergence can also be an issue. Networks using RSTP will have convergence times just below a second, but sub-second convergence is only possible with good hierarchical routing design and tuned FHRP settings and timers. Figure 31-7 illustrates two Layer 2 access layer topologies: loop-free and looped. A loop-free topology is where a VLAN is constrained to a single switch and a Layer 3 link is used between distribution layer switches to break the STP loop, ensuring that there are no blocked ports from the access layer to the distribution layer. A looped topology is where a VLAN spans multiple access switches. In this case, a Layer 2 trunk link is used between distribution layer switches. This design causes STP to block links which reduces the bandwidth from the rest of the network and can cause slower network convergence. Figure 31-7 Layer 2 Loop-Free and Looped Topologies Layer 3 Access Layer (Routed Based) An alternative configuration to the traditional distribution block model is one in which the access switch acts as a full Layer 3 routing node. The access-todistribution Layer 2 uplink trunks are replaced with Layer 3 point-to-point routed links. This means that the Layer 2/3 demarcation is moved from the distribution switch to the access switch. There is no need for FHRP and every switch in the network participates in routing. In both the traditional Layer 2 access layer and the Layer 3 routed access layer designs, each access switch is configured with unique voice and data VLANs. In the Layer 3 design, the default gateway and root bridge for these VLANs is simply moved from the distribution switch to the access switch. Addressing for all end stations and for the default gateway remain the same. VLAN and specific port configuration remains unchanged on the access switch. Router interface configuration, access lists, DHCP Helper, and any other configuration for each VLAN remain identical. However, they are now configured on the VLAN SVI defined on the access switch, instead of on the distribution switches. There are several notable configuration changes associated with the move of the Layer 3 interface down to the access switch. It is no longer necessary to configure a FHRP virtual gateway address as the “router” interfaces, because all the VLANs are now local. Figure 31-8 illustrates the difference between the traditional Layer 2 access layer design and the Layer 3 routed access layer design. Figure 31-8 Layer 2 Access Layer and Layer 3 Access Layer Designs Simplified Campus Design Using VSS and StackWise An alternative that can handle Layer 2 access layer requirements and avoid the complexity of the traditional multilayer campus is called a simplified campus design. This design uses multiple physical switches that act as a single logical switch, using either virtual switching system (VSS) or StackWise. One advantage of this design is that STP dependence is minimized, and all uplinks from the access layer to the distribution are active and forwarding traffic. Even in the distributed VLAN design, you eliminate spanning tree blocked links caused by looped topologies. You can also reduce dependence on spanning tree by using MultiChassis EtherChannel (MEC) from the access layer with dual-homed uplinks. This is a key characteristic of this design, and you can load balance between both physical distribution switches since the access layer see the VSS as a single switch. There are several other advantages to the simplified distribution layer design. You no longer need IP gateway redundancy protocols such as HSRP, VRRP, and GLBP, because the default IP gateway is now on a single logical interface and resiliency is provided by the distribution layer VSS switch. Also, the network will converge faster now that it is not depending on spanning tree to unblock links when a failure occurs, because MEC provides fast sub-second failover between links in an uplink bundle Figure 31-9 illustrates the deployment of both StackWise and VSS technologies. In the top diagram, two access layer switches have been united into a single logical unit by using special stack interconnect cables that create a bidirectional closed-loop path. This bidirectional path acts as a switch fabric for all the connected switches. When a break is detected in a cable, the traffic is immediately wrapped back across the remaining path to continue forwarding. Also, in this scenario the distribution layer switches are each configured with an EtherChannel link to the stacked access layer switches. This is possible because the two access layer switches are viewed as one logical switch from the perspective of the distribution layer. Figure 31-9 Simplified Campus Design with VSS and StackWise In the bottom diagram, the two distribution layer switches have been configured as a VSS pair using a virtual switch link (VSL). The VSL is made up of up to eight 10 Gigabit Ethernet connections that are bundled into an EtherChannel. The VSL carries the control plane communication between the two VSS members, as well as regular user data traffic. Notice the use of MEC at the access layer. This allows the access layer switch to establish an EtherChannel to the two different physical chassis of the VSS pair. These links can be either Layer 2 trunks or Layer 3 routed connections. Keep in mind that it is possible to combine both StackWise and VSS in the campus network. They are not mutually exclusive. Stackwise is typically found at the access layer, whereas VSS is found at the distribution and core layers. Common Access-Distribution Interconnection Designs To summarize, there are four common accessdistribution interconnection design options: Layer 2 looped design: Uses Layer 2 switching at the access layer and on the distribution switch interconnect. This introduces a Layer 2 loop between distribution switches and access switches. STP blocks one of the uplinks from the access switch to the distribution switches. The reconvergence time in case of uplink failure depends on STP and FHRP convergence times. Layer 2 loop-free design: Uses Layer 2 switching at the access layer and Layer 3 on the distribution switch interconnect. There are no Layer 2 loops between the access switch and the distribution switches. Both uplinks from the access layer switch are forwarding. Reconvergence time, in case of an uplink failure, depend...
View Full Document