Bind Cinfiguration Examples

Download Report

Transcript Bind Cinfiguration Examples 

IP Transmission Technologies
Hourglass of TCP/IP Protocols
email WWW phone...
SMTP HTTP RTP...
TCP UDP…
IP
ethernet PPP…
CSMA async sonet...
copper fiber radio...
Transmission Technologies
 Ethernet (LAN)
Copper
Fiber
Wireless
Satellite DVB-RCS
 Point-to-point Leased Line
E1, SDH, DSL,...
 Packet-switched
X.25, Frame Relay
ATM
MPLS
QoS
Types of Point to Point
Protocols
SLIP over async
Very simple
IP only
Unreliable - no checksum
HDLC over sync
various proprietary versions
frames have checksum
PPP
Leased Line
Link Control Protocol (LCP)
Code
Identifier
Length
Data
PPP
Flag
Address
Control
Protocol
LCP
Control
Proprietary
FCS
Flag
FCS
Flag
Cisco HDLC
Flag
Address
S
S
DTE
DCE
V.35
S
Data
S
S
S
DCE
DTE
V.35
PPP
“SLIP done right”
Used for synchronous and asynchronous
transmission
Extended negotiation mechanism
Multiple protocol support
PPP and OSI model
IPCP
PPP
IPXCP
others
Network Control Protocol
Network Layer
Data Link Layer
LCP - Link Control Protocol
Synchronous or Asynchronous Physical Media
Physical Layer
LCP Configuration Options
Feature
Protocol
Authentication
PAP, CHAP
Compression
Stacker, ..
Error Detection Quality
Multilink
MPPP
PAP/CHAP
PAP
Password required
Unencrypted password sent via the link
Allows storage of encrypted passwords
CHAP
Challenge handshake
No passwords sent via the link
Need for storing unencrypted secrets
Selecting a PPP
Authentication Protocol
Remote Router
(SantaCruz)
PAP
2-Way Handshake
Central-Site Router
(HQ)
"santacruz, boardwalk"
Accept/Reject
Hostname: santacruz
Password: boardwalk
username santacruz
password boardwalk
Passwords sent in cleartext
Peer in control of attempts
Selecting a PPP
Authentication Protocol
Remote Router
(SantaCruz)
CHAP
3-Way Handshake
Central-Site Router
(HQ)
Challenge
Response
Hostname: santacruz
Password: boardwalk
Accept/Reject
username santacruz
password boardwalk
Use “secret” known only to authenticator and
peer
Multilink PPP
Combining physical links into one logical bundle
Result: higher speed and lower latency
MPPP / Bonding
MPPP assembles/disassembles frames on the Data
Link Layer
MPPP used for synchronous and asynchronous
physical links
Bonding assembles/disassembles on the bit level
Show ppp multilink
X.25
X.25
1970s
Data Terminal Equipment (DTE)
Data Circuit-terminating Equipment (DCE)
Packet Switching Exchange (PSE)
DCE provides clock
X.25 topology
Packet
Assembler/Disassembler
X.25 Stack
LAPB Frame
X.25 Data Link Control
Point to point full duplex data links
Correction of errors and congestion
control
Encapsulation of data in variable length
frames delimited by flags
Redundant error correction bits
Sliding window (8 or 128 frames)
X.121 address
X.121 address
Data Network Identification Code (DNIC)
National Terminal Number (NTN)
Packet Level Protocol
Several circuits multiplexed
Sliding window error and congestion
control for every VC
Call restriction, charging, QoS, ...
VC Setup
PVC: permanent entry in “routing” table
(static), substitute to leased lines
SVC: dynamic entry in “routing” table
triggered by an “open” packet and torn
down by “close” packet
Frame Relay
Characteristics
Introduced in 1984 but only (significantly)
deployed in the late 1980s
L1 and 2
Packet Switched technology: PVCs and
SVCs
Connection-oriented data link layer
communication
X.25 “lite”
Differences with X.25
Less robust
Assumes more reliable medium =>
 No retransmission of lost data
No windowing
Error control handled by higher layers
Higher performance and transmission
efficiency
Frame Relay Topology
DLCI
Data Link Connection Identifier
Uniquely identify circuits
Assigned by service provider
Local significance only (except with LMI)
DLCI
Frame Format
CIR
What you buy with a FR connection
Committed Information Rate
CIR= Committed Burst/Committed Time
Also Maximum Rate
Frame Relay
s0.1-DLCI=110
RTR2
s0.2-DLCI=110
s0.3-DLCI=130
RTR1
s0.3-DLCI=120
s0.2-DLCI=130
s0.1-DLCI=120
RTR3
ATM
Asynchronous Transfer
Mode
Characteristics
Originally designed to transmit voice,
video and data over the same network
Cell switching
Each communication is assigned a
timeslot
Timeslots are assigned on a demand-basis
=> asynchronous (as opposed to TDM)
Cells
53 bytes: 5 byte header + 48 byte
payload
Tradeoff between voice world and data
world:
Voice needs small payloads and low delay
Data needs big payload and less overhead
ATM
ATM Adaptation Layer
(AAL)
Together with ATM layer, equivalent to
Data Link layer in OSI model
AAL1: Connection Oriented => Voice and
Video
AAL 3,4: Connection Oriented and
Connectionless (similar to SMDS)
AAL 5: Connection Oriented and
Connectionless for CLIP and LANE
ATM AAL5
ATM Sources
ATM Addresses
ITU-T Standard: E.164 (Telephone #)
ATM Forum defined 20-byte NSAP
Addresses for use in private networks
E.164 address used as prefix on NSAP
Mapped to IP addresses by ATM ARP (in
CLIP)
ATM QoS
Traffic Contract: peak bandwidth, average
sustained bandwidth, burst size , …
Similar to FR
Traffic Shaping (end device): Queuing,
Buffering
Traffic Policing (switches): Enforces
contract
Path Establishment
MPLS Terminology
LDP: Label Distribution Protocol
LSP: Label Switched Path
FEC: Forwarding Equivalence Class
LSR: Label Switching Router
LER: Label Edge Router
MPLS: HOW DOES IT WORK ?
UDP-Hello
UDP-Hello
TIME
TCP-open
Initialization(s)
Label request
IP
#L2
Label mapping
MPLS BUILT ON STANDARD IP
Dest
47.1
47.2
47.3
Dest
47.1
47.2
47.3
Out
1
2
3
Out
1
2
3
1 47.1
3
1
Dest
47.1
47.2
47.3
Out
1
2
3
2
3
2
1
47.2
47.3 3
2
• Destination based forwarding tables as built by OSPF, RIP, etc.
MPLS Label Distribution
Intf Label Dest Intf Label
In In
Out Out
3
0.50 47.1 1
0.40
Intf
In
3
Label Dest Intf
In
Out
0.40 47.1 1
1
Request: 47.1
Intf Dest Intf Label
In
Out Out
3
47.1 1
0.50
47.3 3
3
2
3
1
47.1
1
2
Mapping: 0.40
47.2
2
MPLS VPNs
Layer 3 VPNs =
BGP/MPLS VPNs
(RFC 2547 bis)
InterProvider
Connectivity
(I-AS)
Layer 2 VPNs & AToM
(Any Transport over MPLS)
Carrier
Supporting
Carrier
(CSC)
Multicast over
MPLS VPNs
Managed VPN Services
(MPLS/BGP VPNs)
Inter--Area TE
Inter
Traffic Engineering
(TE)
Layer 2 VPN Services
(L2VPN)
Any Transport over MPLS
(AToM)
DiffServ-aware
Traffic Engineering
(DS-TE)
MPLS Forwarding and/or LDP
Quality of Service
(DiffServ QoS)
Layer 2 Vs. Layer 3 VPNs:
Depending on the type of customer payload, a
VPN can be classified as L2 or L3 VPNs:
Examples of L2VPN:
ATM LAN Emulation (LANE),
Ethernet over MPLS (Idraft-Martini, Idraft-KKompella,
VPLS: Idraft-Lasserre-VKompella, IPLS: Idraft-Shah)
Examples of L3VPN:
RFC 1577: Classical IP over ATM
IPSec Tunneling mode
RFC 2547: BGP/MPLS-based VPNs
Idraft-Declercq: BGP/IPSec VPNs
Idraft-Knight: Virtual Router Based VPNs
Encapsulation of Customer
Ethernet Frames in a L2 PPVPN
Untagged or Tagged
Customer Ethernet
Frames
 Ethernet

over MPLS
over Ethernet
Untagged or Tagged
Customer Ethernet
Frames
User
Enet
User
Enet
User
Enet
User
Enet
User
Enet
User
Enet
VLAN
VLAN
VLAN
VLAN
VLAN
VLAN
MPLS
MPLS
User
Enet
User
Enet
Enet
User
Enet
User
Enet
OR
Enet
User
Enet
User
Enet
MPLS
MPLS
Enet
Enet
VC Label
Tunnel Label
Customer or Other
Ethernet Access
Network
Provider Network
Customer or Other
Supporting L2PPVPN Ethernet Access
Network
MPLS-Domain
Single Customer VLAN Domain
Example of a L2 PPVPN
(VPLS)
802.1q VLANs
802.1q VLANs
Customer A
L2 Network,
e.g. Ethernet
Customer LAN
switch
Provider
Network
PE
PE
Customer B
L2 Network,
e.g. Ethernet
MPLS LSP
MESH
PE
Customer B
L2 Network,
e.g. Ethernet
Ethernet Frames
with or without
VLAN tags
PE
2 MPLS LABELS per
frame:
Tunnel Label = Outer
Label for delivery to
dest. PE
VC Label = Inner
Label to identify
L2VPN end-pts ;
Customer A
L2 Network,
e.g. Ethernet
Example of a L3 PPVPN
(RFC2547bis)
Customer A
Network
Customer Edge
Router
Provider
Network
PE
PE
Customer B
Network
MPLS LSP
MESH
PE
Customer B
Network
Customer
IP packets carrying
possibly Private IP
addresses
PE
2 MPLS LABELS per
frame:
Tunnel Label = Outer
Label for delivery to
dest. PE
VC Label = Inner
Label to identify
L2VPN end-pts ;
Customer A
Network
Ethernet over MPLS
Point to Point, Metro Ethernet Service
ISP C
MPLS Network
Enterprise
LAN
ISP A
PE
ISP 2
PE
PE
ISP B
PE
ISP 1
PE
ISP 3
PE
Distributed NAP
Based on draft-martini
VCs to VLANs => VCid maps to VLAN id
Enterprise
LAN
Ethernet 802.1q VLAN
Transport
Interface GigabitEthernet0/0.2
encapsulation dot1q 41
mpls l2transport route 1.0.0.8 312 <sequencing>
!
Interface GigabitEthernet1/0.2
encapsulation dot1q 56
mpls l2transport route 1.0.0.8 313 <sequencing>
VLAN 41
PE1
1.0.0.4
MPLS
VLAN 56
Customer
Site
PE1
1.0.0.8
VLAN 41
VLAN 56
Customer
Site
Customer
Site
802.1q to 802.1q VLAN Transport
Customer
Site
AToM - MTU
Considerations
Ingress PE checks
Egress PE outbound
interface MTU AND
egress interface into
MPLS backbone
Customer
Site
PDU
Incoming PDU
dropped if MTU
exceeded
Egress MTU
Signalled
using LDP
PE1
PE2
NO mechanism to
check backbone MTU
Provider MUST dictate MTU or direct traffic
away from low MTU links
Customer
Site
IETF DiffServ Architecture (RFC2475)
• The idea: different service levels for packets
• The service: some significant characteristics of packet
transmission in one direction across the network
Examples: bandwidth and latency
Type-of-Service (RFC791)
Precedence
Version
Length
0
D
ToS Field
R
Unused
…
Total Length
8
D
T
R
T
15
31
0
1
Normal Delay
Low Delay
Normal Throughput
High Throughput
Normal Reliability
High Reliability
IP Precedence Values
111
Network Control
110
Internetwork Control
101
Critical
100
Flash Override
011
Flash
010
Immediate
001
Priority
000
Routine
Network-Layer BWM
Bandwidth Management functions
classification, shaping
discarding, queuing
Queuing Disciplines
First-In-First-Out (FIFO)
no classes
fast, easy to implement
Priority Queuing
all traffic in a high-priority class is sent before any in
a lower priority one
Class-based Queuing (CBQ)
a number of bytes is sent from each class before
going to the next class
Priority Queuing
Class-Based Queuing
Queuing Disciplines (cont.)
Weighted Fair Queuing
traffic is divided into a number of flows
each flow is given a share of the traffic
(based on its weight)
small packets are given priority over large
ones (interactive and control traffic gets more
priority)
Weighted Fair Queuing
Token Bucket Model
Token Bucket characterizes traffic source
Tokens
Token Bucket main
parameters:
 Token Arrival Rate - v
 Bucket Depth - Bc
Overflow Tokens
 Time Interval – tc
 Link Capacity - C
v
Bc
C
tc = Bc/v
Incoming
packets
Conform
Exceed
Excess Burst (Be)
Cisco Implementation
CAR
allows RED like behavior:
 traffic fitting into Bc always conforms
 traffic fitting into Be conforms with probability proportional to
amount of tokens left in the bucket
 traffic not fitting into Be always exceeds
CAR uses the following parameters:




t – time period since the last packet arrival
Current Debt (Dcur) – Amount of debt during current time interval
Compound Debt (Dcomp) – Sum of all Dcur since the last drop
Actual Debt (Dact) – Amount of tokens currently borrowed
Excess Burst (Be)
Cisco Implementation
Packet of length
L arrived
Bccur – L > 0
Y
CAR Algorithm
Conform
Action
Bccur = Bccur – L
N
Dcur = L - Bccur
Bccur = 0
Dcomp = Dcomp + Dcur
Dact = Dact + Dcur
+v·t
Y
Dact > Be
Exceed
Action
N
Y
Dcomp > Be
N
Dcomp = 0
Policing Configuration
Sample
CAR Based
ip cef
interface serial 2/1
ip unnumbered loopback 0
rate-limit output access-group 100 64000 8000 16000
conform-action transmit excess-action drop
!
interface serial 2/2
ip unnumbered loopback 0
rate-limit input 128000 16000 32000 conform-action
transmit excess-action drop
!
access-list 100 permit tcp host 10.0.0.1 any eq http
Random Early Detection
(RED)
Developed by Van Jacobson in 1993
Starts randomly dropping packets before
actual congestion occurs
Keeps average queue depth low
Increases average throughput
Cisco AutoQoS Framework –
MLPPP Link Fragmentation & Interleaving
Problem: large packets “freeze out” voice
Voice Packet
60 bytes
Every 20 ms
Voice Packet
60 bytes
Every >214 ms
Voice Packet
60 bytes
Every >214 ms
~214ms Serialization Delay
Voice
1500 Data Bytes
Voice
Voice
1500 Data Bytes
10mbps Ethernet
Voice
Voice
1500 Data Bytes
Voice
10mbps Ethernet
56kb WAN
• Implemented via Multilink PPP (MLP) over FR, ATM, and leased lines
• Fragments are interleaved with the real-time packets, reducing the
Serialization delay experienced by Voice packets
Benefit: reduce the jitter in voice calls
Link Fragmentation and
Interleaving (LFI)
For links < 128kbps
Jumbogram
Voice
Packet
64 kbps
1500 bytes  190ms
Link Fragmentation and
Interleaving (LFI)
64 kbps
Supported interfaces:
 Multilink PPP
 Frame Relay DLCI
 ATM VC
LFI Configuration Sample
MLP version
interface virtual-template 1
ip unnumbered loopback 0
ppp multilink
ppp multilink interleave
ppp multilink fragment-delay 30
ip rtp interleave 16384 1024 512
…
FR Fragmentation and
Prioritization
interface Serial0/0
mtu 1600
encapsulation frame-relay
frame-relay fragment 160 end-to-end
frame-relay interface-queue priority
!
interface Serial0/0.116 point-to-point
ip unnumbered Loopback0
frame-relay interface-dlci 116
class HI
!
map-class frame-relay HI
frame-relay interface-queue priority high
!
map-class frame-relay LO
frame-relay interface-queue priority low