300-420 ENSLD – Cisco CCNP Enterprise – CCNP Enterprise ENSLD (300-420): Designing WAN Resiliency Part 2

6. Remote Site Local Internet Connectivity

Although many of the applications and services that remote site workers use are centrally located, there are benefits in providing deternet access at each remote site location. The local Internet remote site design provides the remote office local Internet access solutions for web browsing and cloud services without having Internet traffic be passed through to the van first. In the local Internet model, remote site user web traffic and hosted cloudysis traffic are permitted limited to use the local Internet link in a split tunneling manner. Also, a default route is generated locally connecting each remote site directly to the isp. Private van connections using dmv over the Internet, Mpls or the layer two van provide internal routes to the data center and campus in configurations.

Backup Internet routing is provided over the private van connections. Local Internet transformed directly to the Internet by using the default route, which is directed at the next hop router in the isp network. Because rfc 1918 addresses are used for internal networks, all Internet bound traffic is tranted to a public address by using pat on the isp connected interface.

You also need to provide stateful inspection to enforce a policy that only allows return traffic for sessions that internal users initiate. In the local Internet model, a default route over Internet based vpn tunnels cannot be allowed because route flapping can occur. In this case, because backup Internet routing is not possible over these vpn tunnels, the recommended best practice filter the central site default route, ensuring that the default route to the local isp is preferred over the central site. Default route also helps to avoid issues if the default route is not filtered due to misconfigurations, central Internet fallback is possible with Mpls based van services.

There are seven common local internet designs. Single router, single link, vpn van single router, dual link mpls van primary with vpn van backup. Single router, dual link layer two van primary with vpn van backup. Single Router Dual Link Dual vpn van Dual Router Mpls van Primary with vpn vanup Dual Router Layer Two van Primary with vpn van Backup Dual Router Dual vpan the following table summarizes the van transport options for remote sites using the local Internet. It is important to note that the remote site routing configuration changes when local Internet access is deployed.

7. Remote Site LAN Design

The primary role of the van is to interconnect the primary site and remote site lands. At remote sites, the Lantagi depends on the number of connected users and physical geography of the site. There are different options when you design a remote site network. Large sites may require the use of a distribution layer to support multiple access lasers. Other sites may only require an access layer switch that is directly connected to the van remote site route. For consistency and modularity, you should configure all van remote sites with the same vla and assign minimum. This model can be easily scaled to additional access closets by adding a distribution layer.

Van remote sites that do not require additional land distribution layer routing devices are considered to be flat or from a land perspective, are considered non routed. Layer two Sites The attached van routers provide all layer three services. The access switches can support services such as Data and Voice by using multiple vlans. Benefit of this design is that you can configure all access switches identically regardless of the number of sites. In this configuration, IP subnets are assigned on a per vlan basis. Usually, you can use 24 masks for the access layer even if less than 254 IP addresses are required. You must config connection between the router and the access switch for 802 one Qvla and trunking with subinter faces on the route map to the respective vla ns on the switch.

The various router sabinter faces act as the IP default waves for each of the IP subnet and vlan combinations. The flat layer two design can be extended to a router edge. This design change introduces some additional complexity. You will usually run a Routicle in this type of design. The routing protocol is configured between the routers. Because there are two routers per subnet, you must implement the first hop redundancy protocol such as hot standby routing protech srp virtual router redundancy protocol vrrp or gateway load balancing protocol. fhrp offers high availability by providing first hop routing redundancy for IP hosts that are configured with a default gateway IP address.

Enhanced Object Tracking IoT provides a consistent methodology for various router and switching features to conditionally modify their operation that is based on information objects available in other processes. The objects that can be tracked include interface Line protocol, IP Route reachability, IP slot reachability, and several others. For example, to improve convergence times after a prime man failure, you can monitor the reach ability of a next hop IP neighbor Mplsp A layer two van C E or dmvpn Hub by using IoT and ips L A. This combination allows for a row give up its active role if its upstream neighbor becomes unresponsive.

This solution provides additional network insi. The dual router designs also warrant an extra transit network component that is required for proper routing. Certain Scenarios in these cases, traffic flow from a remote site host might be sent to a destination that reachable via the alternate van transport. For example, a dual mpls remote site communicating with an mpls only remote site, the primary Van transport router then forwards the traffic back out the same data interface where it was received from the land to send it to the alternate Van transport router. This router then forwards the trick to the proper destination. This problem is referred to as hairpinning. The appropriate method to avoid send traffic outs. The same interface is to introduce an extra link between the routers and designate the link as a transit network.

There are no hosts that are connected to the transit network, and it is only used for router to router communication. The routing protocol runs between router sub interfaces that are assigned to the transit network. No additional interfaces are required with this design modification because the 802 one cube vla and trunk configure can easily accommodate an extra sub interface. Large remote sites may require a land environment similar to a small campus land that includes a distribution layer and access layer. This topology works well with either a single or dual router Van edge.

To implement this design, the router should connect via ether channel links. Distribution Switch These ether channel links are configured as 802. 1 qv la and trunks. This ether channel should support both a routed point to point link for routing with the distribution switch vla 101 and vla N 102 in the diagram and in the dual router design to provide a transit network for direct communication between the Van routers. In the diagram, the lan distribution switch handles access layer routing with vla and strunk to access switches. No fhrp is required when the designs are distribution layer.

8. Case Studies

In this case study, you will be guided through the process of designing the van for a bank which has several different types of remote sites. The case study will explain the aspects of choosing an appropriate transport and van aggregation design for the bank van that includes many sites with ATM machines, many branch offices and several regional offices. Study ATM sites van transport first you will design the ATM sites. Van An ATM remote site site represents a small remote site based on the business needs. You have identified the following requirements ATM needs low speed connectivity business users tolerate ATM unavailability for a couple of hours. Only one or two atms will be connected at each site. Physical van connectivity is not available for all sites.

Based on the requirements, you decide to choose the Internet as the transport network. The Internet is a less expensive alternative to provider managed vpns. Most of the sites will be connected with a physical connection. The sites where physical connectivity is not available will be connected with the cellularworks. You will use a single router model. There will be no link and router redundancy at the remote site. You will use two routers at the central site. Both routers will be connected to the distribution layer of drill site network. The connection to the Internet will be established through a firewall within the Internet edge. The Internet edge is already implemented with connectivity to two isps, while bgp will announce your public IP address space. Case Study ATM Sites Van Aggregation To provide ATM connectivity to the central site, you decide that you will implement the dmvpn solution. The dmvpn will be built on top of the plot network.

Each of the hub routers will have its own dmvpn cloud with a single hub router. The remote routers will have two tunnels. One tunnel will be used for the first dmvpn cloud and the second tunnel used for the second dmvpn cloud. The atms do not need connectivity between each other or you can use dmvpn. Phase One you want to implement a scalable routing solution for your ATM van. You will use bgp as the routing protocol because ATM machines do not need Internet access, only configure static routes for the public IP addresses of the hub routers. To provide connectivity to the central site networks, you will only send the default route to the remote routers through Dmvpns.

The remote routes will announce a connected land to the central hub routers. You will use the bgp routing protocol so you can in some sort of traffic engineering. You can use the bgp policy to route half of the remote sites through the hub router and the other half through the second hub router. With this solution, you can achieve load balancing whilsting a backup route if one of the hub routers fails. Case Study branch Office Van Transport After you have successfully designed your ATM van, your next step is to design a van for the branch offices based on business needs. You have identified the following requirements the Branch Office will have up to 20 users.

All business applications will be hosted in the data center at the central site. The users need data and video traffic. Users will connect to the Internet through the central site. The Branch Office can tolerate 2 hours of unavailability because branch users cannot tolerate a long outage. You must implement the highly available shin. You decide to use an mpls network as the primary connectivity for all your branch offices. You will implement an sla with the service provider to provide an acceptable service level.

You have also agreed with the service provider that it will fix connectivity issues within 4 hours. This agreement still offer reasonable cost for the mpls service. The repair time is more than your users at the Branch Office can tall, so you need a backup solution. You decide that the optimal solution is to use the Internet as the backup connective. Therefore, each router at the Branch Office will be connected to the mpls network as the primary link. Internet as a backup transport network you will use the same hub routers as you will use for the ATM van.

You will connect one of the hub routers to the mpls network of the service provider. You will use a flag model at the remote site. The van router will provide all layer three services. The access switches will connectivity for users and devices at the remote site. You will use vla and segmentation at the remotes and you will use the same vla and assignment scheme. In this way you can configure all the access switches. idly case Study Branch Office van Aggregation the primary link for connectivity to the central site must be an mpls network which provides an acceptable sla with the service provider. You will establish bgp with the P A routers of the service provider. You will announce all specific routes and the default route. The P A router from the central site.

You will also have a bgp session with the PA router. At each Rerunch Office router you will announce connected lans through bgp to the pay routers at the remote site. To implement the backup solution, you will establish a dmvpn cloud. The hub router for the dmvpn cloud will be the second router at the central site. You will also establish a bgp session from the remote router to the central hub router. You will announce only the default route from the hub router to the remote site. You will announce the land connected routes to the hub router from the remote routers. You will need to use the bgp routing policy at the central site to steer your traffic to the remote site primarily through the mpls network. You can use local preference.

The solution with bgp also allows you to use some sort of traffic engineering. You can send business critical data through the mpls network and you can, for example, send Internet traffic a dmvpn case Study regional Office van Transport Next, you design the regional offices van. These offices have special requirements. There can be up to 100 users in the regional office. All business applications will be hosted in the data center at the central site. The users need data, voice and video traffic. Users will connect to the Internet through the central site. The regional office can tolerate half an hour of unavailability. High speed connectivity to the central site is needed. Because regional offices have the highest availability demands, you decide to implement the dual mpls solution. Each of the outers will be connected to one mpls provider.

You can reuse the same mpls network that you will ranch office Connectivity you will need a second mpls network for redundancy on the second hub router. There is high demand for availability, so you will install two routers at the regional office. Two route will provide redundancy if there is failure of one of the routers. You will also install distribution layers that will provide layer three services to the land users. The design with dual links to the central site and DUALERS at the regional office enables you to meet the demands for availability.

Case Study Regional Office van Aggregation You will establish bgp routing from your hub routers to the P A routers at the central site. You will also establish bgp routing with P A routers at the regional offices. Further, you will establish ospf routing at the regional office between van routers and distribution switches. This cell will automatically change the van router even if there are failures. You can distribute only the default route distribution switches using bgp as the routing in the van, you can create a routing policy to load balance between both mpls networks. Some regional offices can use the first mpls network as the primary network. Others can use the second mpls network as the primary network. You will need to configure the bgp to implement this solution.

9. Describe Basic Traffic Engineering Techniques

Usually you have multiple van links to the remote sites. In a typical scenario, you use only one link while the other is a backup. For situations when and the primary link fails, sometimes you want to use all your van links. You can achieve load balancing by using basic traffic engineering techniques. Multiple links toward the central suffer two modes of operation active Standby Failover load Balancing bgp can provide loadribution by adjusting bosting its attributes. Weight Attribute Local Preference Attribute m e Tribute A S prepending When you use the active standby failover mode, only one van link is active, considered as the primary. The other link is a backup link. When the primary van link fails, the backup automatically takes over.

This mode provides symmetric routing with traffic flowing along the same path. In both shins, symmetric routing simplifies troubleshooting. Because bidirectional traffic flows always travers the same links, the active standby failover mode is typically used in vans. The IGP routing crawls can be easily implemented for these scenarios. However, when you use load balancing, both links are active. If one of the van links fail, the other automatically takes over the whole traffic. This mode is hard double shooting because the traffic could traverse one link in one direction and traverse the other link in the other direction. Bgp is the protocol that is the most appropriate when you want to perform some sort of traffic engineering. BP already includes tools that allow you to forward traffic that is based on the routing policy.

When you want to implement inbound or outbound road distribution with Bgp from the remote site, you have the following options weight Attribute this option is only available when you have a single router design. This attribute is a cisco proprietor GP attribute if you want to influence routing with the weight attribute, you can set a higher value to the roots that are from a specific Bgp neighbor hub router.

The roots with a higher weight attribute value will be selected as memory routes. Local Preference Attribute this attribute is similar to the weight attribute, but you can use it in router design as well. When you want to send some traffic over the other link, you need to set the low local preference for some higher value. The outbound traffic will then be forwarded on the Swan link. M-A-D attribute you can influence how the traffic will flow into your network. You can, for example, M-A-D on some low value for specific routes and send these routes to central routers. You can configure the routers to determine which link should be used for traffic to these specific destinations.

A S Propending can also propen extra A S numbers to the roots. With A S propending, you will make routes less diesel. With this technique, you can influence traffic forwarding into your network. Traffic Engineering with Bgp Local Preference The example in the figure shows a basic traffic engineering scenario. You want to achieve the following condition data traffic between networks 19216 8100, four and 1921-681-1024 must be forwarded over Wandlink. One voice traffic between networks 192-168-2024 and onenu, 16812 or 24 must be forwarded over wand.

Link two. You can achieve the desired data forwarding by using the local preference on all routers. Use the following routing policy. On hub one, set the local preference to 200 for the prefix 192-16-8114 that is received from the remote router. On hub two, set the local preference to 200 for the prefix 192168, dot one, two, or dot o, slash 24 that is received from the remote router. On the remote router, set the local preference to 200 for the prefix 19216 810, dot o, slash 24 that is received from hub one. On the remote router, set the local preference to 203 619-2168 dot 20 dot o slash 24 that is received from hub to.