Redundancy and Load Sharing Design Guide.pdf
(
2624 KB
)
Pobierz
V3PN: Redundancy and Load Sharing
Design Guide
OL-7102-01
Version 1.0
Corporate Headquarters
Cisco Systems, Inc.
170 West Tasman Drive
San Jose, CA 95134-1706
USA
http://www.cisco.com
Tel: 408 526-4000
800 553-NETS (6387)
Fax: 408 526-4100
THE SPECIFICATIONS AND INFORMATION REGARDING THE PRODUCTS IN THIS MANUAL ARE SUBJECT TO CHANGE WITHOUT NOTICE. ALL
STATEMENTS, INFORMATION, AND RECOMMENDATIONS IN THIS MANUAL ARE BELIEVED TO BE ACCURATE BUT ARE PRESENTED WITHOUT
WARRANTY OF ANY KIND, EXPRESS OR IMPLIED. USERS MUST TAKE FULL RESPONSIBILITY FOR THEIR APPLICATION OF ANY PRODUCTS.
THE SOFTWARE LICENSE AND LIMITED WARRANTY FOR THE ACCOMPANYING PRODUCT ARE SET FORTH IN THE INFORMATION PACKET THAT
SHIPPED WITH THE PRODUCT AND ARE INCORPORATED HEREIN BY THIS REFERENCE. IF YOU ARE UNABLE TO LOCATE THE SOFTWARE LICENSE
OR LIMITED WARRANTY, CONTACT YOUR CISCO REPRESENTATIVE FOR A COPY.
The Cisco implementation of TCP header compression is an adaptation of a program developed by the University of California, Berkeley (UCB) as part of UCB’s public
domain version of the UNIX operating system. All rights reserved. Copyright © 1981, Regents of the University of California.
NOTWITHSTANDING ANY OTHER WARRANTY HEREIN, ALL DOCUMENT FILES AND SOFTWARE OF THESE SUPPLIERS ARE PROVIDED “AS IS” WITH
ALL FAULTS. CISCO AND THE ABOVE-NAMED SUPPLIERS DISCLAIM ALL WARRANTIES, EXPRESSED OR IMPLIED, INCLUDING, WITHOUT
LIMITATION, THOSE OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OR ARISING FROM A COURSE OF
DEALING, USAGE, OR TRADE PRACTICE.
IN NO EVENT SHALL CISCO OR ITS SUPPLIERS BE LIABLE FOR ANY INDIRECT, SPECIAL, CONSEQUENTIAL, OR INCIDENTAL DAMAGES, INCLUDING,
WITHOUT LIMITATION, LOST PROFITS OR LOSS OR DAMAGE TO DATA ARISING OUT OF THE USE OR INABILITY TO USE THIS MANUAL, EVEN IF CISCO
OR ITS SUPPLIERS HAVE BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES.
AccessPath, AtmDirector, Browse with Me, CCIP, CCSI, CD-PAC,
CiscoLink,
the Cisco
Powered
Network logo, Cisco Systems Networking Academy, the Cisco Systems
Networking Academy logo, Cisco Unity, Fast Step, Follow Me Browsing, FormShare, FrameShare, IGX, Internet Quotient, IP/VC, iQ Breakthrough, iQ Expertise, iQ FastTrack, the
iQ Logo, iQ Net Readiness Scorecard, MGX, the Networkers logo, ScriptBuilder, ScriptShare, SMARTnet, TransPath, Voice LAN, Wavelength Router, and WebViewer are
trademarks of Cisco Systems, Inc.; Changing the Way We Work, Live, Play, and Learn, and Discover All That’s Possible are service marks of Cisco Systems, Inc.; and Aironet,
ASIST, BPX, Catalyst, CCDA, CCDP, CCIE, CCNA, CCNP, Cisco, the Cisco Certified Internetwork Expert logo, Cisco IOS, the Cisco IOS logo, Cisco Press, Cisco Systems, Cisco
Systems Capital, the Cisco Systems logo, Empowering the Internet Generation, Enterprise/Solver, EtherChannel, EtherSwitch, FastHub, FastSwitch, GigaStack, IOS, IP/TV,
LightStream, MICA, Network Registrar,
Packet,
PIX, Post-Routing, Pre-Routing, RateMUX, Registrar, SlideCast, StrataView Plus, Stratm, SwitchProbe, TeleRouter, and VCO are
registered trademarks of Cisco Systems, Inc. and/or its affiliates in the U.S. and certain other countries.
All other trademarks mentioned in this document or Web site are the property of their respective owners. The use of the word partner does not imply a partnership relationship
between Cisco and any other company. (0110R)
V3PN: Redundancy and Load Sharing Design Guide
Copyright © 2005 Cisco Systems, Inc. All rights reserved.
CONTENTS
1
CHAPTER
V3PN: Redundancy and Load-Sharing Introduction
Introduction
1-1
1-1
Solution Overview
1-2
Small Branch Deployments
Large Branch Deployments
1-2
1-3
1-3
General Deployment and V3PN Redundancy Issues
2
CHAPTER
Small Branch—DSL with ISDN Backup
2-1
Solution Characteristics
2-2
Traffic Encapsulated in IPSec
2-2
Redundant IPSec Head-ends
2-2
IPSec Peering
2-2
GRE Tunnel Controls Dial Backup
2-3
Digital Certificates and Dynamic Crypto Maps
2-3
Reverse Route Injection
2-3
Remote IP Routing—Floating Static and Specific Routes
Head-end IP Routing Requirements
2-4
Topology
2-4
2-6
2-6
2-4
Failover/Recovery Time
Performance Results
2-7
V3PN QoS Service Policy for Basic Rate ISDN
Implementation and Configuration
2-8
Remote GRE Tunnel Interface
2-8
Head-end GRE Router
2-9
IPSec Head-end Routers
2-10
Remote Router
2-13
Show Commands
2-16
Cisco IOS Versions Tested
Caveats
Debugging
Summary
2-19
2-20
2-20
2-19
V3PN: Redundancy and Load Sharing Design Guide
OL-7102-01
iii
Contents
CHAPTER
3
Small Branch—Cable with DSL Backup
Solution Characteristics
Topology
3-2
3-2
3-1
Failover/Recovery Time
3-3
Temporary Failure with Service Restoration
3-4
Failure of Primary Path—Recovery over Backup Path
Routing Topology Following Network Recovery
3-6
V3PN QoS Service Policy
Performance Results
3-8
3-8
3-5
Implementation and Configuration
3-9
Remote Router SAA and Tracking Configuration
Head-end SAA Target
3-10
IPSec Head-end Routers
3-11
Backup IPSec Peer
3-11
Primary IPSec Peers
3-13
Remote Router
3-16
Show Commands
3-20
Cisco IOS Versions Tested
Summary
4
3-21
3-20
3-9
CHAPTER
Small Branch—DSL with Async Backup
Solution Characteristics
Topology
4-2
4-3
4-4
4-1
4-1
Failover/Recovery Time
V3PN QoS Service Policy
Performance Results
4-4
Implementation and Configuration
4-5
Remote Router SAA and Tracking
4-5
Head-end SAA Target Router
4-6
IPSec Head-end Routers
4-6
Remote Router—Cisco 1711
4-6
Debugging
Summary
5
4-11
4-13
Cisco IOS Versions Tested
4-13
CHAPTER
Small Branch—Dial Backup to Cisco VPN 3000 Concentrator
Topology
5-1
5-1
V3PN: Redundancy and Load Sharing Design Guide
iv
OL-7102-01
Contents
Failover/Recovery Time
5-2
Caveats
5-3
EZVPN—Tunnel Goes to SS_OPEN State on Re-establishing Connection
RRI Fails to Insert the Appropriate Static Route
5-5
V3PN QoS Service Policy
Performance Results
5-5
5-5
5-3
Implementation and Configuration
5-6
Enterprise Intranet Backbone Router(s)
5-7
IPSec Primary and SAA Target Router
5-8
Primary WAN Router
5-9
Remote IPSec (1712) Router
5-11
Cisco VPN 3000 Concentrator Configuration
5-15
Interfaces
5-15
Groups
5-15
Users
5-19
Policy Management/Traffic Management /SAs
System/Tunneling Protocols/IPSec/IKE
5-22
Cisco IOS Versions Tested
Summary
6
5-23
5-23
5-21
CHAPTER
Small Branch—Load Sharing on Dual Broadband Links
Topology
6-2
Cable (DHCP) and DSL (PPPoE)
6-2
Load Sharing Behind Two Broadband Routers
Failover/Recovery Time
V3PN QoS Service Policy
6-4
6-5
6-1
6-3
Implementation and Configuration
6-5
Remote 1751 Router (DHCP and PPPoE)
6-5
Remote 1751 Router (DHCP and DHCP)
6-10
Alpha IPSec Head-end
6-10
Bravo IPSec Head-end
6-12
Enterprise Intranet Router
6-14
Show Commands
6-15
Enterprise Intranet Router
6-15
Remote 1751 Router (DHCP and PPPoE Configuration)
6-16
Fail Alpha ISP Network
6-18
Fail Bravo ISP Network
6-18
Remote 1751 Router (DHCP and DHCP Configuration)
6-19
V3PN: Redundancy and Load Sharing Design Guide
OL-7102-01
v
Plik z chomika:
musli_com
Inne pliki z tego folderu:
Cisco IP Routing Protocols Troubleshooting Techniques.chm
(33296 KB)
pix.rar
(22536 KB)
Cisco Press - Self Study CCSP Cisco Secure VPN Exam Certification Guide.pdf
(19180 KB)
CCIE Security book.pdf
(16077 KB)
Cisco - CCSP Cisco Secure VPN Exam Certification Guide (CCSP Self-Study).pdf.zip
(16884 KB)
Inne foldery tego chomika:
CCIE Checklist
CCIE Routing and Switching
CCIE SP
CCIE Summit
CCIE Voice
Zgłoś jeśli
naruszono regulamin