2. Introduction to Project
The WAN is the networking infrastructure that provides an IP-based
interconnection between remote sites that are
separated by large geographic distances.
This project was implemented in order to demonstrate how
the company accesses its servers through internet.
By using sophisticated technology such as MultiProtocol Label
Switching (MPLS), the issue of delays can be eliminated.
MPLS Layer 3 VPNs use a peer-to-peer VPN Model that
leverages the Border gateway Protocol (BGP) to distribute
VPN-related information.
2
http://www.ciscoz.com/2014/04/isp-core-routing-topology/
3. Layout of project
http://www.ciscoz.com/2014/04/isp-core-routing-topology/ 3
4. Features of the Project
MPLS Layer 3 VPN
IPv6 Network with IPv6 DNS server
Redundancy
Dynamic Routing Protocols
Linux Server
Security
http://www.ciscoz.com/2014/04/isp-core-routing-topology/ 4
5. MPLS Layer3 VPN
MPLS stands for Multi Protocol Label Switching.
It is a mechanism in high-performance telecommunications
networks that directs data from one network node to the next
based on short path labels rather than long network addresses,
avoiding complex lookups in a routing table.
The labels identify virtual paths between distant nodes rather than
endpoints. MPLS can encapsulate packets of various network
protocols, like ATM, Frame Relay etc.
MPLS operates at a layer that is generally considered to lie
between traditional definitions of layer 2 (data link layer) and layer
3 (network layer), and thus is often referred to as a "layer 2.5"
protocol
http://www.ciscoz.com/2014/04/isp-core-routing-topology/ 5
6. MPLS L3VPN is a kind of PE-based L3VPN technology for
service provider VPN solutions. It uses BGP to advertise VPN
routes and uses MPLS to forward VPN packets on service
provider backbones.
MPLS-labeled packets are switched after a label
lookup/switch instead of a lookup into the IP table. When
MPLS was conceived, label lookup and label switching were
faster than a routing table or RIB (Routing Information Base)
lookup.
MPLS-based VPN connects geographically different branches
of a private network to form a united network by using LSPs.
http://www.ciscoz.com/2014/04/isp-core-routing-topology/ 6
8. Label Switching Router :- Router that performs routing based only
on the label is called a label switch router (LSR). This is a type of
router located in the middle of a MPLS network. It is responsible
for switching the labels used to route packets.
When an LSR receives a packet, it uses the label included in the
packet header as an index to determine the next hop on the label-switched
path (LSP) and a corresponding label for the packet from
a lookup table.
The old label is then removed from the header and replaced with
the new label before the packet is routed forward.
A label edge router (LER, also known as edge LSR) is a router that
operates at the edge of an MPLS network and acts as the entry
and exit points for the network. LERs respectively, push an MPLS
label onto an incoming packet and pop it off the outgoing packet.
http://www.ciscoz.com/2014/04/isp-core-routing-topology/ 8
9. Provider router :- MPLS-based virtual private network (VPN),
LERs that function as ingress and/or egress routers to the VPN
are often called PE (Provider Edge) routers. Devices that
function only as transit routers are similarly called P (Provider)
routers.
Label Distribution Protocol :- Labels are distributed between
LERs and LSRs using the Label Distribution Protocol (LDP).
LSRs in an MPLS network regularly exchange label and
reachability information with each other using standardized
procedures in order to build a complete picture of the network
they can then use to forward packets.
http://www.ciscoz.com/2014/04/isp-core-routing-topology/ 9
10. Label Distribution Protocol (LDP) - Purpose
Label distribution ensures that adjacent routers have
a common view of FEC <-> label bindings
Routing Table:
Addr-prefix Next Hop
47.0.0.0/8 LSR2
LSR1 LSR2 LSR3
IP Packet 47.80.55.3
Routing Table:
Addr-prefix Next Hop
47.0.0.0/8 LSR3
For 47.0.0.0/8
use label ‘17’
Label Information Base:
Label-In FEC Label-Out
17 47.0.0.0/8 XX
Label Information Base:
Label-In FEC Label-Out
XX 47.0.0.0/8 17
Step 1: LSR creates binding
between FEC and label value
Step 2: LSR communicates
binding to adjacent LSR
Step 3: LSR inserts label
value into forwarding base
Common understanding of which FEC the label is referring to!
Label distribution can either piggyback on top of an existing routing protocol,
or a dedicated label distribution protocol (LDP) can be created
http://www.ciscoz.com/2014/04/isp-core-routing-topology/ 10
11. IPv6 Network with IPv6 DNS server
IPv6 is the version of Internet Protocol.
IPv6 address is of 128 bits
Communication of IPv6 with IPv4
IPv6 Tunnelling over IPv4 Network
Dual Stacking
http://www.ciscoz.com/2014/04/isp-core-routing-topology/ 11
12. IPv6 Tunnelling over IPv4 Network
IPv6 Tunnel
source _router
IPv4_router
IPv6 Tunnel Des_router
IPv6 tunnelling is the one of the method to communicate IPv4 with IPv6 network.
IPv6 Tunnel is made over 2 routers which are enabled with IPv6 addresses. IPv4_router is the
network with IPv4 address enabled. There is no ipv6 address over this router. IPv6 tunnel is
directly over this IPv4_router network.
On both router IPv6 Tunnel source router and des router , a tunnel interface has been created
on which IPv6 addresses have been given to communicate.
http://www.ciscoz.com/2014/04/isp-core-routing-topology/ 12
13. Dual Stacking
2004::1/64
20.3.0.1
2004::2/64
20.3.0.3
2003::1/64
100.0.0.254
Server_router GLBP_router
Linux Server
Dual Stacking is the another method to communicate IPv4 to IPv6.
In this method both IPv4 and IPv6 addresses are given on the same interface, by which when IPv6 packet is
received by router then it transfer it using IPv6 address and when IPv4 then by IPv4 address.
In this topology Linux server has IPv6 enabled and dual stacking by having IPv4 address.
http://www.ciscoz.com/2014/04/isp-core-routing-topology/ 13
14. IPv6 DNS Server
In this Project IPv6 DNS server is made on Red Hat Enterprise Linux.
DNS server:- Server which resolve IP address to Hostname and Hostname to IP address. And when DNS server
resolve IPv6 address with Hostname then it is IPv6 enabled DNS server.
In the left picture, it is the configuration of for.zone , which has the entries ofCNAME and IP addresses and on
other side it is res.zone, it has entry for PTR records. The longest record is of IPv6 address which is resolved to
server.
http://www.ciscoz.com/2014/04/isp-core-routing-topology/ 14
15. Redundancy
Redundancy means multiple pathways to reach a single
destination.
Methods for Redundancy
1. HSRP
2. VRRP
3. GLBP
HSRP stands for Hot Standby Router Protocol.
http://www.ciscoz.com/2014/04/isp-core-routing-topology/ 15
16. HSRP
HSRP stands for Hot Standby Router Protocol.
It is a Cisco proprietary protocol.
It allows multiple routers or multilayer switches to masquerade as a single gateway.
Virtual IP address is allocated to all routers participating in HSRP.
In this topology HSRP is used to produce the redundancy in between the vlansmade on layer
3 switches DSw1 & DSw2.
When one of the switch connection goes down then the other switch give the redundancy to that
switch because on both switches same vlans are created. Layer 2 switches ASw1 -4 are the
switches whose ports are used to connect the customers.
http://www.ciscoz.com/2014/04/isp-core-routing-topology/ 16
17. VRRP
VRRP stands for Virtual Router Redundancy Protocol.
The industry-standard equivalent of HSRP is the Virtual Router Redundancy Protocol (VRRP).
The router with the highest priority becomes the Master Router.
All other routers become Backup Routers.
By default, the virtual MAC address is 0000.5e00.01xx, where xx is the hexadecimal group
number.
VRRP Hellos are sent to multicast address 224.0.0.18.
VRRP redundancy is provided in between SEMBO_TECH_GW , VRRP_router
and SEMBO_TECH. VRRP tunnel is made in between these three routers.
These have EIGRP routing in between to communicate with each other.
For SEMBO_TECH router have two paths to communicate with linux_server
one is SEMBO_TECH_GW router which is connected to MPLS, and other is
VRRP_Router which has eBGP in the path.
http://www.ciscoz.com/2014/04/isp-core-routing-topology/ 17
18. GLBP
GLBP stands for Gateway Load Balancing Protocol.
Each router is assigned a weight, and the default weight is 100. Weight can be statically
configured, or dynamically decided by the router.
In the topology GLBP is configured in between the server_router,
SEMBO_TECH_GW2 and GLBP_router. Tunnel is made between all these
three routers.
GLBP support the Load balancing of the paths, it means it sends the traffic
from both paths with the help of load balancing.
There are 3 methods, by which load balancing can be done
1. Round Robin
2. Weighted
3. Host-Dependent
But by default Round Robin is used.
http://www.ciscoz.com/2014/04/isp-core-routing-topology/ 18
19. Dynamic Routing Protocols
Dynamic routing protocols are those who perform there routing with the help of network
command.
It is very easy to configure, and to troubleshoot as compare to static .
Dynamic Routing Protocols used in topology :-
1. BGP
2. EIGRP
3. OSPF
4. RIP
http://www.ciscoz.com/2014/04/isp-core-routing-topology/ 19
20. BGP
BGP stands for Border Gateway Protocol.
The Border Gateway Protocol (BGP) routes traffic between autonomous systems. An
autonomous system is a network or group of networks under common administration and
with common routing policies.
BGP is a very robust and scalable routing protocol, as evidenced by the fact that it is the
routing protocol employed on the Internet.
There are two types of BGP
1. iBGP
2. eBGP
iBGP :- iBGP means Internal Border Gateway Protocol. It is used inn between same
Autonomous system.
eBGP :- eBGP means External Border Gateway Protocol. It is used inn between different
Autonomous system.
http://www.ciscoz.com/2014/04/isp-core-routing-topology/ 20
21. In this topology eBGP routing is used in between GLBP_router, eBGP_router and VRRP-router.
GLBP_router -> eBGP_router AS 65000 and eBGP_router -> VRRP_router AS 65001
On each router loopback addresses are configured on all three routers, loopback address is
the Router-ID for all the routers.
#bgp redistribute internal is the command to distribute the internal route of each router to
the other router through eBGP.
Redistribution is done over the eBGP router. Redistribution is needed because there are two
different AS present.
http://www.ciscoz.com/2014/04/isp-core-routing-topology/ 21
22. iBGP is configured on MPLS network, BGP is used with MPLS, because BGP helps MPLS to
speed up the transfer of data.
P router is Provider router which is ISP in the real topology, and other PEs are the Provider
Edge router.
Over this network Virtual Private Network VPN is also configured, to connect the SEMBO
offices for the secure data transfer.
Over PE1 router EIGRP and RIP is also running because some other offices uses EIGRP and
RIP for the connection from internet.
http://www.ciscoz.com/2014/04/isp-core-routing-topology/ 22
23. EIGRP
EIGRP stands for Enhanced Interior Gateway Routing Protocol.
EIGRP is an advanced distance-vector routing protocol, with optimizations to minimize both
the routing instability incurred after topology changes, as well as the use of bandwidth and
processing power in the router.
It uses Diffusing Update Algorithm(DUAL) to calculate the routing path.
In the topology EIGRP is used in these pictures.
SEMBO_TECH_GW_2 is connected through EIGRP
with PE1 router which is running MPLS, with
Server_router and GLBP_router there is redundancy is
created by Gateway Load Balancing Protocol (GLBP).
Here in both cases, there are 2 EIGRP is running in
both cases, one is for IPv4 and other is for IPv6.
http://www.ciscoz.com/2014/04/isp-core-routing-topology/ 23
24. OSPF
OSPF stands for Open Shortest Path First.
It uses a link state routing algorithm and falls into the group of interior routing protocols,
operating within a single autonomous system(AS).
In these places OSPF is running in this topology.
DEMBO_TECH_GW, PE2 and SEMBO_TECH_GW
are running OSPF10 in between them, to send route
to each other. SEMBO_TECH_GW is the gateway of
SEMBO_TECH on MPLS path.
Whereas OSPF 100 is running on the SEMBO_TECH_LAN,
there are 5 layer 3 switches, each are connected to each other with
multiple links to create the redundancy.
Redistribution of multiple protocols are done on SEMBO_TECH router.
http://www.ciscoz.com/2014/04/isp-core-routing-topology/ 24
25. Linux Server
Red Hat Enterprise Linux 6.0 is used as a server in this topology.
Linux server is installed on VmwareWorkstation 10 , connected to GNS3 topology through
loopback interface of the windows 8.1.
When linux server communicate with any router in GNS3 then, request and all other things
goes through this loopback interface.
Servers configured on Linux :-
1. DNS
2. APACHE
3. FTP
4. YUM
5. SSH
http://www.ciscoz.com/2014/04/isp-core-routing-topology/ 25
26. DNS Server :- DNS stands for DOMAIN NAME SERVER.
DNS server is used to translate the IP address to HOSTNAME.
In Linux Environment DNS server installed by BIND Packages. The name of service for DNS is
NAMED.
DNS Records :-
SOA (start of authority) :- This record automatically created when ZONE fie created. This is
the first record which is responsible for accept query and resolve it.
NS (Name Server) :- NS provide the domain name to clients.
CNAME :-Alise name, Duplicate name
Host Record :- It is used to add the IP Address.
SPF (Sender Policy Framework) : - text record
TXT Record :- It is used for authentication purpose.
APACHE Server :-APACHE server is called Apache HTTP server. It is a web server.
Virtual hosting allows one Apache installation to serve many different websites.
http://www.ciscoz.com/2014/04/isp-core-routing-topology/ 26
27. WEB Hosting is of two types :-
1. IP Based Hosting :- single ip single site
2. Name Based Hosting :- single ipmultiple sites
Service for APACHE :-httpd
Port number :- 80 (http) , 443 (https)
Default site storage path :- /var/www/html
Configuration file path :- /etc/http/conf/httpd.conf
FTP Server :- FTP stands for FILE TRANSFER PROTOCOL.
FTP is a server which is used for download and upload files on internet and intranet.
Website can be uploaded through FTP server. FTP always hits the pub directory directly.
Port number used :- 20(control)/21(access)
Directory used :- /var/ftp/pub
Configuration file :- /etc/vsftpd/vsftpd.conf
http://www.ciscoz.com/2014/04/isp-core-routing-topology/ 27
28. YUM Server :-YUM stands for Yellowdog Updater, Modified.
YUM is an open-source command-line package-management utility for Linux operating
systems using the RPM Package Manager.
Though yum has a command-line interface, several other tools provide graphical user
interfaces to yum functionality.Yumallows automatic updates, package and dependency
management, on RPM-based distributions.
Yum directory :- /etc/yum.repos.d/
SSH Server :- SSH stands for SECURE SHELL.
SSH uses public-key cryptography to authenticate the remote computer and allow it to
authenticate the user, if necessary.
There are several ways to use SSH; one is to use automatically generated public-private key
pairs to simply encrypt a network connection, and then use password authentication to log
on.
Service name :-sshd
Configuration file :- /etc/ssh/ssh_config
http://www.ciscoz.com/2014/04/isp-core-routing-topology/ 28
30. Enable Secret :- Enable Secret is the password that we set to restrict the user entry into the
enable mode of the router.
The enable secret is secure and is not visible even after the user has successfully logged in.
when user logged in and run #show run command then the password comes in encrypted
form.
Username and Password :- is the login password that has to be entered to log in to the router. It
is set in configuration mode-> console line.
Console Password :- is the password that is set on the router and the user is prompted for it
when trying to enter the router.
Only this password needs to be entered and no username is required.
VLAN :- Vlan stands for Virtual LAN.
Vlans are made on switch to divide the switch according to the administrator.
Vlan provide security by dividing the different department into different section.
Communication between these vlans is possible through Router.
http://www.ciscoz.com/2014/04/isp-core-routing-topology/ 30
31. ACL :-ACL stands for Access Control List.
An ACL specifies which users or system processes are granted access to objects, as well as
what operations are allowed on given objects.
Each ACL is identify by its name or number.
Firewall :- Firewall is a software or hardware-based network security system that controls the
incoming and outgoing network traffic based on applied rule set.
A firewall establishes a barrier between a trusted, secure internal network and another
network (e.g., the Internet) that is not assumed to be secure and trusted.
firewall
hardware firewall
Watch guard and pix firewall etc.
software firewall
Norton (windows).
Check-point (linux)
Access-control-list (acl)
(router and switch)
http://www.ciscoz.com/2014/04/isp-core-routing-topology/ 31