PlAwAnSaI
Administrator
"There are lots of peer technical CCIE tracks, but CCDE was the only one that matched my strategic design role. It is unique, vendor-neutral course, based on universal design principles and technologies that can be applied to solving comprehensive business needs."
Tony Brown, Enterprise Systems Architect - Verizon
Five ways to hide information in the control plane
Put each in a single layer:
Tony Brown, Enterprise Systems Architect - Verizon
- VRRP:
Transparent default gateway redundancy
Virtual IP address can also be a real address
IETF standard, so use VRRP if you need multivendor or interoperability
Preempt is enabled by default
Default Hello timer 1 seconds
- VRRP use 1 Virtual IP and 1 Virtual MAC address for gateway functionality.
- Cost
- Capital (CAPEX)
- Operational (OPEX)
- Flexibility/Agility
- Changes in Business
- Manageable
- Security
- Modularity
- The first key concept in network design
- Can be horizontal or vertical
- Resilience
- Decouples devices in different modules
- Decreases MTTR
- Manageability
- Repeatability
- Data Exfiltration
- Unusual Traffic Patterns
- Failed Sign-ins, Other Signs...
- Observe
- Observe what's going on
- Know what's normal
- Orient
- Understand the context
- Understand the intent
- Decide
- Evaluate possible courses of action
- Decide what action to take
- ACT > Execute
- "Chokepoints" between modules...
- Make great observation points
- To understand "normal"
- To orient to real targets/goals
- Make great decision points
- To limit which services will be impacted by actions
- To determine where to act and how
- Make great action points
- To pre-stage policy
- To focus policy at specific, identifiable points
- Traffic Engineering
- Ample Bandwidth
- Minimal Delay
- Low Jitter
- Consistent Path
- Fast Convergence
- MTBF: Mean Time Between Failures
- MTTR: Mean Time to Repair
- Time until traffic is flowing
- Time until network is "as designed"
- Reliability
- "9's of availability"
- "9's of availability"
- a = uptime / (uptime + downtime (as measured))
- 525,600 minutes in a year
4 minutes downtime
525,596 minutes uptime
a = 525,596 / (525,596 + 4)
a = .99999239...
a = 99.999%
- 99.999% ("five nines"):
Downtime/year: 5.26 minutes
Downtime/month: 25.9 seconds
Downtime/week: 6.05 seconds
- 99.9999% ("six nines"):
Downtime/year: 31.5 seconds
Downtime/month: 2.59 seconds
Downtime/week: 604.8 milliseconds
- 99.99999 ("seven nines"):
Downtime/year: 3.15 seconds
Downtime/month: 262.97 milliseconds
Downtime/week: 60.48 milliseconds
- 525,600 minutes in a year
- a(proj) = time period / (time period + downtime (proj))
- downtime(proj) = (time period / MTBF) * MTTR
- MTTR = downtime (as measured) / number of failures
- Discover:
- How long does it take to discover the failure?
- Protocol neighbor liveness
- Report:
- How long does it take to spread the news?
- Calculate:
- How long does it take to find a new path?
- Install:
- How long does it take to change to the new path?
- Protocol interaction with the RIB/FIB
- Protocol Hellos => Protocol Process => Fast
- BFD Hellos => BFD Process => Protocol Process => Faster
- ? => Interface Phy/Processor => Forwarding Plane/RIB => Protocol Process => Fastest
- Modularity
- The first key concept in network design
- Can be horizontal or vertical
- Resilience
- Failure Domains = Broadcast Segment
- Decouples devices in different modules
- Decreases MTTR
Five ways to hide information in the control plane
- Aggregation
- Summarization
- Filtering
- Virtualization
- Caching
- There are others, but not widely deployed
- IP Address carried in the packet payload
- IP address as a host identifier
- Dropped IP packets in a TCP stream
- Tunnel failure on underlay failure
- Jitter on control plane path change
Put each in a single layer:
- Forwarding:
Carry traffic between modules, topological areas, geographical regions, etc. - Aggregation:
Combine lots of smaller links into a smaller number of larger links; provide paths for engineering and virtualization - Policy:
Engineer traffic and control access- Aggregation
- Traffic Engineering
- Source-based Routing
- Service Chaining
- Load Balancing
- What do all of these have in common?
- They each have the potential to increase stretch
- Admittance:
Attach users, control access, classify traffic, terminate virtual overlays- Attach users
- Control access
- Classify traffic
- Terminate virtual overlays
- Includes any edge security policies
- Includes any edge QoS policies
- Towards a host, for instance...
- Unicast RPF filtering
- MAC Address filtering
- AAA controls
- Quality of service marking
- Towards an external network
- Bogon filtering
- Unicast RPF (if possible)
- Core => Forwarding
- Distribution => Aggregation & Policy
- Access => Admittance
- Core => Forwarding & Policy
- Aggregation => Aggregation & Admittance
- Core => Forwarding
- Aggregation => Policy & Aggregation & Admittance
- Core => Policy & Aggregation
- Aggregation => Admittance
- Degree of Connection
- Regularity
- Path Characteristics
- Longest Path
- Shortest Path
- Convergence Characteristics
- Troubleshooting Characteristics
- Flexibility
- A hybrid of protocol operation and network device operation models:
- DARPA four-layer model with the network layer broken apart
- Adds in network device (router) pieces
- Includes the control plane:
- Control plane protocols normally fall "outside" layered models
- Control plane protocols normally fall "outside" layered models
- Application:
- Uses information transported across the network
- Presents data through formatting and marshalling
- Can provide all four services "over the top"
- Primary consumer and producer of data
- Transport: TCP/UDP, etc.
- Flow control
- Error correction
- Application multiplexing
- Quality of service
- Helping fairness in the transport (WRED)
