300-420 ENSLD – Cisco CCNP Enterprise – CCNP Enterprise ENSLD (300-420): Designing WAN Resiliency

1. WAN Design Overview

The Van aggregation design model at the hub of a van deployment influences the remote site spoke design for implement. Many remote sites are designed with a single router van edge. However, certain remote site types require dual router van edge. Dual router candidate sites include regional office or remote campus locations with large user populations or sites with business critical needs that justify additional redundancy to remove single points of fail. Similarly, the size of the remote site land depends on factors such as the number of connected users and the PHYSIOT of the remote site. Van design options include single or dual van aggregation model, single or dual router design, and single or dual transport network.

The actual van remote site routing platforms remain unspite because the specification is tied closely to the bandwidth that is required for a location and the potential requirement use of service module slots. The ability to implement this solution with various potential router choices is one of the benefits of a modular design approach. There are many factors to consider in the selection of the wand remote routers. One of these factors, which is also a key element of the initial deployment, is the ability to pro the expected amount and type of traffic.

You also need to make sure that you have enough interfaces, modules and licenses for the set of features that the topology requires. The general topology that is used for remote sites is essentially the same regardless of the chosen van transport. The differences are apparent once you begin the deployment and configuration of the van routers.

2. Common MPLS Design Models

Mpls layer. Three virtual private networks VPNs use a peer to peer vpn model that leverages bgp tobute vpn related information. This peer to peer model allows enterprise subscribers to outsource information to service providers. The mpls van aggregation hub designs include one or two van routers. When van edge routers are referred to in the context of the connection to a carrier or service provider, typically known as customer edge ce routers. All van edge routers connect into a land distribution. The van transport options include Mpls vpn, which is used as a primary or secondary transport. Each transport connects to a dedicated ce router.

You use a similar method of connection and configuration. Both the primary differences between various designs are the usage of the routing protocols. For design model, you can select several router platforms with differing levels of performance and resiliency capabilities. Each of the design models uses lan connections into either a collapse core distribution layer or a dedicated van distribution layer. There are no functional differences between these two methods from the van aggregation perspective.

In all van aggregation designs, tasks such as IP route summarization are performed at the distribution layer. There are other various devices supporting van edge services such as application optimization and encryption, and thesears should also connect into the distribution layer. Each Mpls carrier terminates to a dedicated van route. The primary goal of eliminating any single points of failure. Three typical van remote site design model list mpls van no redundant Mpls van with a redundant link and Mpls van with a redundant link and A.

The no redundant variant is the only one that is compatible with the single carrier design models mpltic or Maples dynamic. The redundant variants are compatible with the dual Mpls design model. If you have implemented the dual Mpls design model, you may also connect a nonredundant remote site to either carrier. The typical remote site only uses a single van router. Certain remote sites may use a dual route line model. These remote sites are usually regional offices or locations with many users or sites that are business critical and need additional redundancy to remove single points of failure.

3. Describe Common Layer 2 WAN Design Models

Layer two van transports are now widely available from service providers. The most common implementations of the layer two are used to provide ethernet over the van using either a point to point service such as ethernet over mpls, or a point to multipoint service such as Virtual. Private land service providers can offer carrier ethernet or Metro ethernet services that are typically limited to a relatively small geographic area. There are two main aggregation design models simple demarcation and Trunk demarcation. The primary difference between the Simple demarcation and Trunk demarcation design models is the number of broadcast domains, or vlans, that have to communicate with a subset of remote site routers.

When you use the Simple demarcation design model, this provider connects your equipment using a single vlan. This vlan provides layer two connectivity between the central site and remote site. When you use the Trunk demarcation design odel, you connect your central and remote sites using 802. 1 Qvla and tagging. Service providers often refer to a trunk server queue in Qtunneling qinq. Each of the design models uses lan connections into either a collapse distribution layer or a dedicated van distribution layer. There are no functional differences between these urs from the van aggregation perspective.

In the van aggregation design tasks such as IP route summarize performed at the distribution layer. There are other various devices supporting Van Edge services such as application optimization and encryption, and these devices should also connect into the distribution layer. The remote site only includes a single Van Edge router. This router is a ce router that is connected to the provider network and has layer two connectivity with the hub router at the central site.

4. Describe Common VPN WAN Design Models

Vpn van is an enterprise managed van solution that can use different types of provider networks as a van transport. The technology that is widely used to provide vpn van as dynamic multi point vpn. vpn the solution that can be used to build scalable site to site vpns. It supports on demand full mesh connectivity with a simple hub and spoke configuration and a zero touch hub deployment model for adding remote sites that may have dynamic signed IP addresses. dmvpn is typically used with the Internet as its transport protocol. You can use the Internet for vpn as both a primary van transport or as a backup van transport when using an mpls vpn or layer two vpn as the primary van transport. dmvpn van aggregation designs include dmvpn only, dual dmvpn, dmvpn backup shared, and Dmvp cup dedicated.

The dmvpn only design model uses only Internet vpn as transport. The dual dmvpn design model uses Internet vpn as both the primary and secondary transport using dual isps. In both the dmvpn only and dual dmvpn design models, the dmvpn hub connect to the Internet indirectly through a firewall dmz. The dmz interface is contained within the Internet edge. The vpn hub routers are connected into the firewall dmz interface rather than being connected directly. isp routers.

Both design models can use one or two hub routers. When using the dmvpn only design model, you only have one isp at the central site. In contrast, the dual dmvpn model uses two isps to provide high availability. Both the dmvpn backup design model’s Internet vpn as a backup to an existing primary mpls van or layer two van transport. The prime difference between the dmvpn backup designs is whether the vpn hub is implemented on an existing Mplsc router, which is referred to as dmvpn backup shared, or the vpn hubbards implemented on a dedicated vpn hub ra, which is referred to as dmvpn backup dedicated. Each of the design models has lan connections into either a collapse core distribution layer or a dedicated van distribution layer.

From the van aggregation perspective, there are no functional differences between these two methods. IP route simmerization and similar tasks armed at the distribution layer. In the dmvpn backup shared design model, the dmvpn hub router is the Mplse router. The router is already connected to the distribution or core layer. The connect to the Internet is established through a firewall interface that is contained within the Internet edge. A dmz is notired for this design model. In the dmvpn backup dedicated design model, the Dmvp and hub routers for the Internet indirectly through a firewall dmz interface contained within the Internet edge.

The vpn hubbers are connected into the firewall dmz interface rather than being connected directly with isp. Routers are multiple variants of the Dmvp and backup dedicated design. The primary difference between them is the primary transport Dmvp and backup dedicated design model with mpls dynamic as the primary trout. dmvpn backup dedicated design model with dual mpls as the primary transport. dmvpn backup dedicated design model with layer two van as the primary transport. There are multiple options for vpn van remote side designs.

These options are based on various combinations of van spots and whether the internet is used. Used as a primary or backup transport. The remote site designs include single van edge routers. These routers can be either a Ce router for an mpls or layer two van or a vpo router. Sometimes a single van edge router can perform the role of both the Ce router and vpn’s router.

5. Describe Cellular VPN Design Models

Copper or fiber connectivity is not always an option when connecting a remote branch. cellular Connectivity and an Alternative Solution for these cases, an Internet vpn running over a 4g or 5g wireless van silly used as a backup solution for an npls or layer two van primary transport. You can also use this type of connectivity as the primary connectivity for smaller remote branches. The van aces usually use dynamic IP addresses. Therefore, dmvpn is an especially useful technique for these environments because it supports dynamically addressed spoke routers.