Language: English
Pages: 150
Contents......Page 3
Audience......Page 7
Documentation Feedback......Page 8
Technical Assistance Center......Page 9
Cisco TAC Escalation Center......Page 10
Supporting Designs......Page 11
Composite Solution Description......Page 12
Solution Benefits......Page 13
Solution Scope......Page 14
References and Reading......Page 15
V3PN Solution Overview and Best Practices......Page 17
Solution Overview......Page 18
Solution Characteristics......Page 20
General Best Practices Guidelines......Page 21
General Solution Caveats......Page 22
IP Telephony (Voice over IP)......Page 23
Quality of Service (QoS)......Page 24
Issues Specific to V3PN......Page 26
Spoke-to-Spoke Crypto Delay......Page 27
Anti-Replay Failures......Page 28
IP Telephony (Voice over IP)......Page 29
Calculating Delay Budget......Page 30
Hub-to-Spoke versus Spoke-to-Spoke Calling......Page 31
Cisco IP Softphone......Page 32
Packet Size—IPSec Encrypted G.729......Page 33
Packet Size—IPSec Encrypted G.711......Page 34
Packet Size—Layer 2 Overhead......Page 35
Bandwidth Allocation by Traffic Category......Page 36
ToS Byte Preservation......Page 39
QoS Pre-Classify......Page 40
IPSec and GRE Tunnel Design Considerations......Page 43
Firewall Considerations for Transport of VoIP......Page 44
Anti-Replay Considerations......Page 45
Current VoIP over IPSec Crypto Engine Capabilities......Page 49
LLQ for Crypto Engine......Page 50
Head-end Topology......Page 51
Boundary Considerations......Page 53
Service Level Agreements (SLA)......Page 54
Design Checklist......Page 55
Product Selection......Page 57
Scalability Test Methodology......Page 58
Traffic Profiles......Page 59
Additional Voice Quality Validation......Page 61
Failover and Head-end Availability......Page 62
Performance Under Converged V3PN Traffic Profile......Page 63
Impact of QoS on VPN Head-end Performance......Page 64
Head-End Scalability and Performance Observations......Page 65
Product Applicability by Link Speed......Page 66
Performance Under Converged V3PN Traffic Profile......Page 68
Branch Scalability and Performance Observations......Page 70
Network Performance/Convergence......Page 71
Software Releases Evaluated......Page 73
Configure Switching Path......Page 75
EIGRP Summarization and Network Addressing......Page 76
IP GRE Tunnel Delay......Page 77
Campus QoS—Mapping ToS to CoS......Page 79
Configure QoS Class Map......Page 80
Configuration Example—512 Kbps Branch......Page 81
WAN Aggregation Router Configuration......Page 83
Frame Relay Traffic Shaping and FRF.12 (LFI)......Page 85
Attach Service Policy to Frame Relay Map Class......Page 88
Apply Traffic Shaping to the Output Interface......Page 89
Applying Service Policy to HDLC Encapsulated T1 Interfaces......Page 90
Combined WAN and IPSec/IP GRE Router Configuration—Cisco 7200 HDLC/HSSI......Page 91
IKE and IPSec Configuration......Page 93
Configure IPSec Local Address......Page 94
Configure Crypto Map......Page 95
Apply Crypto Map to Interfaces......Page 96
Configuring QoS Pre-Classify......Page 97
Implementation and Configuration Checklist......Page 98
Packet Fragmentation......Page 101
Displaying Anti-Replay Drops......Page 102
Verifying Tunnel Interfaces and EIGRP Neighbors......Page 103
How EIGRP calculates RTO values for Tunnel Interfaces......Page 104
Using NetFlow to Verify Layer 3 Packet Sizes......Page 105
Using NetFlow to Verify ToS Values......Page 106
Sample Show Commands for IPSec......Page 108
Clearing IPSec and IKE Security Associations......Page 110
Sample Show Commands for QoS......Page 112
Scalability Testbed Configuration Files and Network Diagram......Page 115
Head-end VPN Router......Page 116
Branch VPN Router—Frame Relay......Page 119
Branch VPN Router—HDLC......Page 122
Voice Module Configuration......Page 125
Router Configuration—vpn18-2600-2......Page 127
Router Configuration—vpn18-2600-3......Page 128
Router Configuration—vpn18-2600-4......Page 129
Router Configuration—vpn18-2600-8......Page 130
Router Configuration—vpn18-2600-9......Page 131
Router Configuration—vpn18-2600-10......Page 132
Router Configuration—vpn18-2600-6......Page 134
Configuration Supplement—Dynamic Crypto Maps, Reverse Route Injection......Page 137
Index......Page 145