|
Chapter OneCisco IOS SoftwareWe have all heard the saying "It’s what’s inside that counts" at some point in our lives. In the world of networking Cisco’s Internetwork Operating Systems (IOS) has taken that saying to heart. The very core of Cisco Systems phenomenal success is the breadth of services provided by the Cisco IOS software. No two networks are exactly alike. There are connectivity requirements that differ between healthcare and manufacturing, entertainment and shipping, finance and telecommunications. Each of which has different security issues. Each requires the ability to scale with reliability and manageability. The Cisco IOS software has proven to meet these criteria and to build on new requirements due to its flexibility in meeting the rapid changing network requirements of all businesses.
Cisco IOS software provides a foundation for meeting all the current and future networking requirements found in today’s complex services driven business environments. Businesses rely heavily on generating income from their network infrastructure. Cisco IOS software has the broadest set of networking features primarily based on international standards allowing Cisco products to interoperate with disparate media and devices across an enterprise network. Most importantly, Cisco IOS software enables corporations to deliver mission-critical applications seamlessly between various computing and networking systems. The network infrastructure for every corporation must be flexible to meet all the current and future internetworking requirements. Cisco IOS software uses some proprietary but also adheres to international standards for congestion avoidance using scalable routing protocols. These routing protocols allow a network using Cisco IOS to overcome network protocol limitations and deficiencies inherent in the protocols architectures. Additional features in scaling an efficient use of bandwidth and resources is the ability of the IOS software is detailed packet filtering for reducing "chatty" protocol traffic as well as reducing network broadcasts through timers and helper addresses. All these features and more are available with the goal to reduce network traffic overhead thereby maintaining an efficient yet effective network infrastructure. Network outages occur frequently in corporate networks. However, many times these outages are not effecting the flow of business do to the reliability and adaptiveness of the policy-based IOS software routing features. Using routing protocols, each Cisco router can dynamically decide on the best route for delivering packets through the network around outages thereby providing reliable delivery of information. The prioritization of packets and services enables Cisco routers to adapt to bandwidth constraints due to outages or high bandwidth utilization. IOS software load balances traffic throughput over various network connections preserving bandwidth and maintaining network performance. The concept of virtual LANs has become a reality for many corporate networks. Cisco routers have the ability to participate in these virtual LANs using emulated LAN functions for physical LAN extensions and ATM LAN Emulation (LANE) services. These are just two of the many newer networking technologies incorporated into the IOS software feature set enabling networks to implement newer technologies without the added expense of new hardware. The Cisco IOS software access support encompasses remote access and protocol translation services. These services provide connectivity to:
There are various network configurations for connecting these network resources over LANs and WANs. LAN terminal service support is:
Over WANs Cisco IOS, software supports four flavors of server operations. These are:
Optimizing networks requires network equipment to dynamically make decisions on routing packets cost effectively over the network. Cisco IOS software has two features that can greatly enhance bandwidth management, recovery and routing in the network. These two features are dial-on-demand access (DDA) and dial-on-demand routing (DDR). DDA is useful in several scenarios. These are:
In many instances connectivity to a location fails because of a modem, DSU/CSU failure or the main telecommunications line to the office is disrupted in some way. A good network design has a backup solution for this type of outage. Using DDA a router can sense the line outage and perform a dial backup connection over a switched serial, ISDN, T1, or frame relay. In this manner, the office maintains connectivity to the WAN with minimal downtime. The DDA function monitors the primary line for activation and can cut back to the primary connection automatically if so desired. DDA features the ability to determine a low and high bandwidth watermark on the permanent lines. This feature allows the addition of temporary bandwidth to another location to meet throughput and performance criteria. The IOS monitors the permanent line for high bandwidth utilization. If the bandwidth reaches the defined threshold DDA is enabled to add extra bandwidth to the remote location of the permanent line. IOS continues to monitor the bandwidth for utilization to fall under the threshold for a period of time. Once low water mark is reached, IOS disconnects the DDA line. Using DDA in this fashion enables the IOS to maintain performance criteria between the two locations. DDR allows Cisco routers to create temporary WAN connections based on interesting packets. IP, Novell IPX, X.25, Frame Relay and SMDS destination addresses may be specified under DDR as interesting packets. Once the router interprets the packet and determines it is and interesting packet it performs the dial up connection to the destination network specified in the packet that corresponds to the DDR configuration. In this way, connectivity to remote locations are provided on a temporary basis thereby saving network connectivity costs.
Cisco IOS software supports the two versions of Simple Network Management Protocol (SNMP) for IP based network management systems, Common Management Interface Protocol (CMIP)/Common Management Interface Service (CMIS) for OSI based network management systems and IBM Network Management Vector Transport (NMVT) for SNA based network management systems. These management protocols are pertinent to the type of network supported by the Cisco router. The IOS itself has the ability for an operator to perform configuration management services, monitoring and diagnostics services using the IOS command interface. Cisco Systems has a suite of network management tools under the name of CiscoWorks. CiscoWorks is a set of network management tools that work with Cisco IOS for change, configuration, accounting, performance and fault management disciplines. Cisco IOS software supports many different types of security capabilities. Some of these, such as, filtering, are not usually thought of as a security feature. Filtering, for example, was actually the first means of creating the now infamous firewall techniques for corporate connectivity the Internet prior to actual commercial offerings. Secondly, filtering can be used to partition networks and prohibit access to high security server networks. The IOS has the ability to encrypt passwords, authenticate dial-in access, require permissions on changing configurations and provides accounting and logging to identify unauthorized access. The IOS supports standard authentication packages for access to the router. These are RADIUS and TACACS+. Each security package requires unique user identification for access to the router. These security packages offer multilevel access to IOS command interface functions.
The ordering of Cisco IOS software has been streamlined into feature sets. Prior to IOS Version 11.2 the IOS software was built based on the router requirements. A second enhancement to the delivery of IOS software is the use of feature packs. Feature packs allow you to order the IOS software images and a Windows 95 utility to load the image on the router. Each feature set contains a standard offering. However, options are provided to enable the IOS software to meet more specific needs. Each hardware platform has a feature set. For the most part, all the routers share the same feature sets. The sets are broken down into three categories. These are:
The list of features and feature sets and the platforms supporting them are found in Appendix A.
IOS Release 11.2 introduces software feature packs. Feature packs offer a means for receiving all materials including software images, loading utilities and manuals on CD-ROMs. Each feature pack contains two CD-ROMs. The software CD-ROM contains:
A second CD-ROM is included providing the Cisco IOS software documentation reference library. The remaining documentation provided by the feature pack includes an instruction manual for using the Windows 95 software installer program, release notes for the IOS release included on the software CD-ROM and the software license.
All the features found in the matrices of Appendix A are applicable to each router and access server platform. These features cross a wide range of services and functions to take into account old, current and future network configurations. Cisco IOS supports a wide array of networking protocols. Of these protocols, Transmission Control Protocol/Internet Protocol (TCP/IP) is by far the most widely used. TCP/IP Cisco IOS software supports TCP/IP features:
Release 10 and 10.3 of IOS introduced new features to already existing standards that have given Cisco routers the ability to provide higher level of security, greater availability, and increase network scalability. Among these features are:
With the introduction of release 11 and 11.1 the Cisco IOS software enhances router functionality in the areas of security, performance, and routing services. The major enhancements for these releases are:
Release 11.2 implements more routing protocol enhancements, IP address translation features and access control list usability. The major features introduced are:
ISO CLNS The Open Systems Interconnection (OSI) reference model implements the International Organization for Standardization (ISO) Connectionless Network Service (CLNS) as the network layer protocol. Cisco IOS fully supports the forwarding and routing of ISO CLNS. The ISO standards and Cisco implemented features supported by Cisco IOS are:
DECnet Phase IV and Phase V Cisco routers have supported DECnet for sometime. IOS software has full functional support of local- and wide-area DECnet Phase IV and Phase V routing on all media types. Currently, Cisco IOS supports these enhanced DECnet features:
Novell IPX Since IOS release 10.0, Cisco IOS provides complete IPX support. Beginning with release 10.3, IOS enhancements for Novell have centered on performance, management, security and usability. These enhancements are:
AppleTalk Phase 1 and Phase 2 AppleTalk has been a long standing supported protocol on Cisco IOS software. Extended and non-extended networks under AppleTalk Phase 2 are supported. Cisco IOS routes AppleTalk packets over all media types. The AppleTalk features implemented by Cisco IOS are:
Banyan VINES Banyan’s Virtual Integrated Network Service (VINES) is supported on all media types with Cisco IOS software. The VINES routing protocol itself automaticallydetermines a metric for delivering routing updates. This metric is based on the delay set for the interface. Cisco IOS enhances this metric by allowing you to customize the value for the metric. Other enhancements and features supported on Banyan VINES using Cisco IOS are:
Xerox Network System (XNS) XNS is the foundation for Novell IPX protocol. As such, Cisco IOS supports a XNS routing protocol subset of the XNS protocol stack. XNS is supported on Ethernet, FDDI, Token Ring, point-to-point serial lines using HDLC, Link Access Procedure Balanced (LAPB), X.25 Frame relay and SMDS networks. Apollo Domain Apollo workstations use the Apollo Domain routing protocol. Cisco IOS supports packet forward and routing of this protocol on Ethernet FDDI, HDLC and X.25 encapsulation. HP Probe HP Probe is a protocol used by HP devices that provides machine name resolution to the physical IEEE 802.3 address. Cisco routers acting as HP Probe Proxy servers on IEEE802.3 LANs allows the router to resolve the machine name to IEEE 802.3 address eliminating the need for a separate server on each IEEE802.3 LAN saving corporate resources. Multiring Cisco IOS supports the framing of Layer 3 protocol packets in Source Route Bridging packets using the Multiring protocol. Multiring is primarily used for Token ring networks.
Cisco IOS software supports the three network management schemas: SNMP, CMIP/CMIS and IBM NMVT. These network management schemas use by network management applications executing on workstations, minicomputers or mainframes. For the most part, they use a client/server type of architecture between the router and the management system. IOS release 11.2 introduced the ability to manage Cisco routers using HyperText Transfer Protocol (HTTP) from Web browsers. HTTP utilizes HyperText Markup Language (HTML) for navigating web pages from a browser. Cisco routers at release 11.2 or higher have the capability of presenting a home page to a web browser. The default home page allows you to IOS command line interface commands using Web-like hot links. This home page is modifiable to meet the needs of any router or organization. Specific to the Cisco 7200 series router is a logical representation of the router hardware configuration using HTTP. With this enhancement, the operator, using a pointing device such as a mouse, points to the logical view of a router interface and clicks on it to display the status or modify the interfaces configuration. Building on the ease of operation using Web-based interfaces, Cisco has implemented a Web-based application on the Cisco access product line called ClickStart. The ClickStart interface, beginning in release 11.0, presents at installation an initial setup form guiding the operator through router configuration. Once the router is configured and connected to the network it is manageable from any central location. ClickStart is available on the Cisco 700, 1000 and 1600 access routers The advent of higher bandwidth and technologies enabling the integration of audio, video and data on the same network medium have given rise to the need for supporting multimedia applications with guaranteed service. Cisco IOS release 11.2 meets the quality of service (QoS) requirement of multimedia applications Resource Reservation Protocol (RSVP), Random Early Detection (RED) and Generic Traffic Shaping. RSVP is an IETF standard that enables applications to dynamically reserve network resources (i.e., bandwidth) from end-to-end. Video or audio feeds over the network can now co-exist with bursty data traffic without the needs for parallel networks. Each router or networking device used on the path between the two end resources requiring RSVP participate in delivering the QoS demanded by the multimedia application. Network congestion is monitored and managed through the implementation of Random Early detection (RED). During peak traffic loads, transmission volume can lead to network congestion. RED works in concert with RSVP to maintain end-to-end QoS during these peak loads by selectively dropping traffic at the source using TCP slowstart characteristics. Thus, the source stations feeding into the network slow down their feed until the network metrics defined for the low-water mark against RED are met. Generic traffic shaping works in a similar fashion to RED. However, generic traffic shaping, also called interface independent traffic shaping, reduces the flow of outbound traffic to the network backbone. This takes effect when a router connecting to a network backbone composed of Frame Relay, SMDS or Ethernet, receives Layer 2 type congestion packets from down stream network transport devices. Generic traffic shaping throttles back the outbound traffic entering the backbone network at the source of entry. Security, privacy and confidentiality over public or untrusted IP networks are paramount for using Virtual Private Networks (VPN). Cisco IOS release 11.2 reduces the exposure by enabling the ability to provide router authentication and network–layer encryption. Router authentication enables two routers to exchange a two-way Digital Signature Standard (DSS) public keys before transmitting encrypted traffic over VPNs using generic routing encapsulation (GRE). The exchange is performed once to authenticate the routers by comparing the hash signature of the keys. Network-layer encryption uses Diffie-Hellman keys for security. These keys form a Data Encryption Standard (DES) 40- or 56-bit session key. The keys are configurable and set a "crypto-map" that use extended IP access lists to define network, subnet, host and/or protocol pairs requiring encryption between routers. Cisco has been the leader in providing SNA and NetBIOS support over IP networks. Cisco IOS has several means for transporting IBM type traffic, specifically SNA, over router backbone networks. The basis for the transport is encapsulation. Cisco IOS has five different encapsulation techniques and supports full APPN functionality in its native form. The five-encapsulation techniques are:
Along with the five-encapsulation techniques, Cisco IOS supports SDLC –to-LLC2 (SDLLC) conversion. This allows SNA devices suing IBM SDLC protocol to attach serially to the router, as if the router were functioning as an IBM front-end processor. SDLLC converts the SDLC frame into a LLC2 frame for transmission using RSRB or DLSw+ to the mainframe. IBM configuration and connectivity are also enhanced using Cisco IOS as TN3270 Server and as a Downstream Physical Unit (DSPU). TN3270 is an IETF RC standard that allows non- –SNA devices to act as IBM 3270 terminals. Routers using Cisco IOS can act as a TN3270 Server for these devices and present their representation to the mainframe as IBM 3270 terminals attached to IBM 3174 Control Units. The DSPU feature allows a Cisco router to have up to 255 logical SNA physical units attached to it and representing all of them as a single IBM SNA physical unit. Direct connectivity to the mainframe from a Cisco router is using a Channel Interface Processor (CIP). The CIP can connect the Cisco 7x00 router series to the mainframe using ESCON or block multiplexing channel connectivity. The CIP provides for SNA, TCP/IP services for connecting to the mainframe. Two management enhancements for supporting IBM SNA over Cisco routers enable SNA network management and performance. Cisco IOS now supports IBM NMVT command set for sending alerts to the mainframe network management system (i.e., NetView) when SNA devices defined to the router have outages or errors. The IOS also has a Response Time Reporter (RTR) feature allowing operators to analyze SNA response time problems on each leg of the path to the mainframe form the end user device. This is extremely important to determine bottlenecks in the Cisco router network affecting SNA response time problems.
Cisco IOS supports a variety of routing protocols. Two of these are Cisco developed and therefore considered proprietary. All other routing protocols are international standards. The two Cisco routing protocols are Interior Gateway Protocol (IGRP) and Enhanced (IGRP). IGRP supports IP and ISO CLNS networks. IGRP has its roots in distance vector transport routing schemas with enhancements for determining the best route based on bandwidth along the route. In this decision process, IGRP assumes that the route with the least amount of hops and the higher bandwidth should be the preferred route. However, it does not take into account bandwidth utilization and can therefore itself overload a route and cause congestion. Enhanced IGRP utilizes the Diffusing Update Algorithm (DUAL) along with its roots in link state routing protocols to determine the best path between two points. Enhanced IGRP merges the best of distance vector and link state routing algorithms to provide greater route decision making control. Enhanced IGRP has support for routing IP, AppleTalk and IPX natively. The following list provides the remaining open standard routing protocols available for use on Cisco routers:
Independent Local Area Networks (LANs) have traditionally been bridged together to expand their size and reach. There are two bridging techniques that all others are based on: Transparent and Source Route. Transparent bridging is also known as a learning bridge. This type of bridge is the type typically found bridging Ethernet LANs. Cisco IOS supports the following Transparent bridging features:
Source Route bridging provides the path between session partners within the frame itself. Transparent bridging has been coupled with Source Route bridging to allow both techniques to be operable on the same interface. This bridging technique is known as Source Route Transparent (SRT) bridging. Another type of bridging that enables the passing of LAN frames from an Ethernet to a Token Ring LAN is called Source Route/Translational Bridging (SR/TLB). This bridging technique, for example, enables SNA devices on an Ethernet to communicate with the mainframe off a Token ring LAN.
Packet switching has its foundation in X.25 networks. Today, the most wide spread use of packet switching is considered to be frame relay. Cisco provides packet switching for frame relay, SMDS, and X.25 for corporate network support. The most comprehensive of these is frame relay. Cisco IOS supports the following functions and enhancements to frame relay networking:
Details of session flows through the router network used to be an elusive quest for the network management team. Cisco IOS NetFlow Switching provides "call detail recording" of traffic through the network on both the network and transport layers. This allows Cisco IOS to manage traffic on a per-user, per application basis. It does this using a connection-oriented model of the end-to-end flows, applying relevant services to the flow of data. What makes NetFlow even more attainable it is accomplished in software without added hardware features on the Cisco 7500 and 7000 series routers using Route Switch Processor (RSP) or Versatile Interface Processor (VIP) boards. Cisco IOS is fully compliant with all the ATM standards. Cisco itself is very active in establishing the ATM standards and as such has a complete feature set. Cisco IOS supports all the ATM standards including the following:
As mentioned earlier, Cisco support dial-on-demand services that enhances the availability and performance of internetworks. Dial-on-demand routing (DDR) uses switched circuit connections through public telephone networks. Using these switched circuits allows Cisco routers to provide reliable backup and bandwidth optimization between locations. The features supported by Cisco DDR include:
Cisco routers that function primarily as devices for remote users to access the network are referred to as access servers. These access servers support all the features of dial-on-demand with enhancements to support terminal types, connection protocols, security, management, and virtual private networks over the Internet. Access servers provide the following services and features:
Cisco central site routers, like the 7x00 series, can extend their LAN connectivity over a WAN link using Cisco IOS LAN Extension. The central site router configures LAN Extension services to a multilayer switch at the remote site in a hub-and-spoke configuration. This connection provides a logical extension of the central sites LAN to the remote. LAN extension is a practical use of Cisco’s CiscoFusion architecture. CiscoFusion describes the combined use of Layer 2 switching or bridging with Layer 3 switching or routing. This combination provides transparent connectivity under LAN extension supporting IP, IPX, AppleTalk, DECnet, VINES and XNS protocols. Since LAN extension supports functions of Layer 2 and 3, MAC address filtering and protocol filtering and priority queuing are accomplished over the WAN links for efficient use of bandwidth.
|
||||||||||||||||||||
With any suggestions or questions please feel free to contact us |