Wednesday, July 7, 2010

INE OLS - PFR COMPONENT SETUP

INSTRUCTOR -  ANTHONY SEQUEIRA


OVERVIEW
  • Focus here is on MC and one or more BRs
______________________________________________________________
REVIEW
  • MC is the BRAINS of the operation.
  • BRs connect to ISP or WAN exit points.
  • MD5 PROTECTS MC to BR communication.
  • SEPARATE protocol exits for their communication.
  • SEPARATE from ALL other routing traffic.
  • EACH BR must have an EXTERNAL interface and an INTERNAL interface.
_____________________________________________________________
PRE-REQUISITES
  • CEF on ALL routers.
  • Routing protocol or static routing in place.
  • IPSEC or GRE VPN support ONLY.
  • MULTIPLE BRs MUST see next-hops in DIFFERENT subnets.
    • BRs communicating with MULTIPLE providers over BC media are NOT supported.
  • Exclude inbound MC source address from PfR control.
  • TOKEN RING IS NOT SUPPORTED.
______________________________________________________________
MASTER CONTROLLER
  • How much does MC do in a network?
    • Function of available memory.
  • NOT in traffic path , but it MUST have EFFICIENT access to BRs.
  • Up to 10 BRs with up to 20 EXTERNAL interfaces are supported.
_____________________________________________________________
BORDER ROUTER
  • This is a device IN TRANSIT PATH.
  • Known as POLICY ENFORCEMENT POINT.
  • There are some caveats associated with 6500 series switches.
______________________________________________________________
PfR INTERFACES
  • EXTERNAL :- Defined on MC.
    • Used for ACTIVE monitoring.
  • INTERNAL :- Defines on MC.
    • Used for PASSIVE monitoring with NetFlow.
  • BOTH INTERFACES EXIST ON BR AND DEFINED ON MC.
  • LOCAL :- Used for BR to MC communication.
    • Defined on BRs
    • FOR A SINGLE MC/BR, A LOOPBACK SHOULD BE USED.
________________________________________________________________
CONFIGURATION STEPS
  • CONFIGURE MC
    • Create KEY CHAIN
    • Define MC
      • oer master
      • Takes CLI into a SUB-MENU
    • Define BRs on MC
      • border (IP) key-chain (NAME)
      • OWN LOOPBACK IP IS USED IF MC/BR IS ONE AND THE SAME.
      • Takes CLI FURTHER into another SUB-MENU
    • Define INTERFACES in BR sub-menu
      • interface (NAME) internal|external
      • External takes CLI into a FURTHER SUB-MENU.
    • Define BRs
      • oer border
      • Define LOCAL interface - MC is POINTING to this IP.
        • local
      • Define MC on BR
        • master key-chain ()
__________________________________________________________________
VERIFICATION
  • show oer master
    • Issued on MC
  • show oer border
    • Issued on BR
Posted by at
Labels: ,

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)