Metro Ethernet Design With Redundant Head Ends

Similar Messages

• Metro Ethernet Design question

  Hello,
  I was wondering how service providers guarantee their security protection in the Metro Ethernet model, especially when Internet is one of the applications used over the Metro network.
  For example: The customer edge switch (3550) is connected directly to the service provider aggregation layer(either Cisco Catalyst 4500 and 6500 Series switches ) .
  In the network core, Cisco 12000 or Cisco 7600 Series routers.
  So where is the security devices in this architecture, where is the firewalls, the IDS/IPS, that protects the service provider core from any threats.
  Providing the customer with Internet in Ethernet switching technology the service will put the provider in a vulnerable position.
  Am I thinking wrong here?

  Hi
  The CE will be hardened using storm control both multicast as well as broadcast on the ports where the end users are connected.
  About the accesiability between the other users who are connected on the ports of same switches you have switchport security coded which will take care of the access violation part.
  Also the maximum no of MAC address which can be permitted/allowed over the ports.
  This inturn will send u a trap and can shut the port if theres any violation detected on those ports..
  In the next layer where u say 6500 or 7600 u will have FWSM modules which will be taking care of filtering and other funtionalities which is very much similar to a standalone PIX firewall.
  you can have redundandcy or even load balancing with
  the FWSM modules over there in the 6500 switches.
  And ofcourse the IP addressing schemes deployed would be in private scopes and will have either NAT pools or PAT enabled in the FWSM.
  you got to have more n more ACLS on all the devices to mitigate the general known worms/virus or their variants in the network applied in applicable points.
  regds

• Metro Ethernet newbie needs help

  Need to configure new 15 site Metro Ethernet network with this physical topology:
  x=x=x=x=x=x=x=x
  |oooooooooooooo|
  X====X-X==x==X
  |oooooooooooooo|
  x======x======x
  x=7604, X=7606
  = 2x 10Gb Ethernet
  - 2x 1Gb Ethernet
  This network will provide metro ethernet services to several customers, but for now we only have one ME-3400G-2CS switch on each site.
  I've been reading about Metro Ethernet and MPLS technology for a few days now and I still don't have any clue how I'm going to put all this working together. Can anyone help me?

  As a metro Ethernet solution for service providers Cisco has launched a new product “Cisco ME 6524 Ethernet Switch” which is optimized for service provider locations where space and power are at a premium, this 1.5-rack-unit device cost-effectively meets the stringent performance, reliability, and quality of service (QoS) requirements of triple play and VPN services. It enables Gigabit Ethernet access for fiber and copper deployments.
  The below URL may help you:
  http://www.cisco.com/en/US/solutions/ns341/ns524/ns562/ns577/networking_solution_announcement0900aecd8040bfc5.html
  The following URL explains about the troubleshooting, installing, removal and replacement procedures of 7600 series router.
  http://www.cisco.com/en/US/docs/routers/7600/Hardware/Chassis_Installation/7600_Series_Router_Installation_Guide/instal.html
  The following URL's contains information about how to initially configure the Cisco 7600 series router also about the complete configuration of 7600 series router
  http://www.cisco.com/en/US/docs/routers/7600/ios/12.2SXF/configuration/guide/supcfg.html
  http://www.cisco.com/en/US/docs/routers/7600/ios/12.2SXF/configuration/guide/swcg.html

• EIGRP with over 1000 neighbors using Metro Ethernet

  No documentation about using EIGRP with what kind router can build a large network using Metro Ethernet. Cisco7600 become unstable unstable after applying over 600 eigrp neighbors.

  Is there a reason you need EIGRP? If you're scaling to 1000 neighbors you should really use BGP. It's meant to be scalabale (I have routers that have 150,000 BGP routes in it). It's really designed for scalability, where as I find EIGRP is preferable in a low-neighbor routing environment.
  -Mike
  http://cs-mars.blogspot.com

• Rsrb with multiple ring groups on head ends with one phy ring?

  working on an issue for a customer and I cant find good documentation on this anywhere for multiple ring-groups
  have 2 routers, each with 2 ring groups connected on a mau terminating multiple serial connections (wan, hence the rsrb) and utilizing rsrb tcp with local ack. The configuration was done sometime ago. It was set up to utilize frame which now they are using ptp t1s. I see in the remote routers they are forwarding pakcets to both routers to ring 20. (there are 2 routers if one fails then it is meant to learn its path to the CIP through the other router)
  ---------router1
  source-bridge ring-group 30
  source-bridge ring-group 31
  blahblah peers tcp local-ack
  int t0
  source-bridge 20 1 30 <----notice bridge 1
  source-bridge spanning
  int t1
  source-bridge 20 1 31 <----notice bridge 1
  source-bridge spanning
  --------router2
  source-bridge ring-group 30
  source-bridge ring-group 31
  blahblah peers tcp local-ack
  int t0
  source-bridge 20 2 30 <----notice bridge 2
  source-bridge spanning
  int t1
  source-bridge 20 2 31 <----notice bridge 2
  source-bridge spanning
  I thought the physical rings had to be different in order to run parrallel links. Or are different bridge #'s feasible? The end issue they are having is that when links bounce, they are not releasing the tcp session and the show llc shows remote sides as busy and the head end as connected. (then obviously removal of local ack fixed the issue)
  Not ready to live without local ack... could the same ring # on both routers be the issue since they are on the same mau and destined for the same location?
  ==MAU to CIP==
  | | | | all physical connection on mau are ring 20
  router1 router2
  | | | | | ring groups 30 and 31 configured on both routers with 1 statement to each router in the network per router (so each remote side is only connected to either ring group 30 or 31 (not both since you can only do over token ring) and the show source-bridge is showing forwards to each head end router's physical ring 20. I thought I would see one with forwards the other 0 since first response, but then saw the bridge # differed.)

  case was opened over a month ago with no luck or serious help. Have had great luck in the past with tac, but this one was frustrating and nothing was done.
  case#D039413
  And the remote routers connect directly to the cip with LLC2. (end to end connection, not remote to router 1 and 2 to CIP)
  show llc shows the local mac of the gateway and the cip token.
  the network goes like this
  rr = remote router
  fr= frame relay
  ptp= ptp t1
  rtr1 and rtr2 = router 1 and 2
  rr--fr--rr--ptp--rtr1 and rtr2 ---rr---cip
  I have tried numerous things on this and its apparent that the only option is dlsw and I have pressed the issue enough to start on it with test segments.
  my theory was when the host queried the gateway, its first reply was local-ack on rtr2 (could be rtr1 but for theory we will say rtr2) which was giving back RR and the other end was actually in a disconnect state and sending rnr's to the rtr1 (in this exapmple the host was talking thru rtr2 to the remote side and the remote side was trying the opposite router) which local ack would reply to the supervisor frames
  what was causing the problems in my opinion is the host provider does not utilize local ack since they only have lanned token rings and the customer provides their own wan routers. So the explorer would be answered quicker by the other router and that would be the source route bridged path to the remote side, where the other sides local ack and rif cache was routing through the opposite router. Unfortunately the site where we collected the data on I can not test since I have transitioned it to dlsw to solve their issues and show them the benfits of dlsw

• Help with setting up Metro Ethernet

  Can someone please help and give suggestions and possible configuration options for setting up metro ethernet in the following senario:
  Will be setting up ME between headquarters and three remote branch offices. Each remote branch will be provisioned to 10MB, and the headquarters will have one link for the aggregate provisioned to 30MB.
  My questions, we will have routers at the remotes, but how will this terminate at the headquarters? Do we connect the one ME aggregate connection to a router, or to a L3 switch? And how do you configure the headquarters devices to separate the traffic? Do you use sub interfaces like in frame relay? Please provide a sample config if possible.
  Thanks

  HI,
  Assume you have 3560 SW at your HQ and where you can terminate the ME circuts.
  Configuration in Switch as:
  3560SW#sh run int Fa0/5
  Building configuration...
  Current configuration : 123 bytes
  interface FastEthernet0/5
  description ***************
  switchport access vlan 40
  switchport mode access
  end
  Create a SVI interface at the Router, the configuration is as:
  7604-Backbone-RTR#sh run int Vl40
  Building configuration...
  Current configuration : 119 bytes
  interface Vlan40
  description *********
  ip vrf forwarding 1234-NAME-MESH
  ip address xx.xx.xx.xx 255.255.255.252
  end
  In the above configuration, VRF is applied on Interface to make the pefix unique across the Backbone.
  is it here at the remotes where I will configure the "sub-interfaces"?
  A. Yes, the case for remote is same as that of HQ.
  Pls Rate if HELPS
  Best Regards,
  Guru Prasad R.

• Is Metro-ethernet Secured ? Compare with FR/ATM

  Hi,
  Just would like to understand if Metro-ethernet has the same security level as FR and ATM ? Metro-ethernet has broadcast nature and it seems mirroring ethernet frame is much more easier than FR and ATM . Is there any study onto the security issues presented in the Metro-ethernet technology ?
  I see a lot of customers doing IPSec on the Metro-ethernet and they don't do this on the FR or ATM links ?
  Thanks

  I have not seen any document, but my understanding is that FR and ATM networks do not have broadcast capability which is an inherent security feature. Sites can communicte only if a VC is configured between them. In metro ethernet, broadcasting is possible and the providers have to implement security to islolate customers by configuring some feature. Since the customers may not trust the level of security provided by the providers, they may choose to run IPSec over this type of access.

• Metro Ethernet over Docsis

  Hello Gurus,
  I would like to know a bit more about this tecnologie (Metro Ethernet over Docsis).
  I work for a cable companie and we would like to know the implicationd of implementing such a technologie.
  If we go for a CPE based aproach we only have to configure a CPE like the Cisco 1805 in each costumer end-point?
  Which configurations does the CMTS and backbone require?
  What are the maximum speed we can offer with this technologie running on HFC?
  Any help would be much appreciated.
  Thanks in advance.

  You might want to read this:
  http://www.cisco.com/en/US/solutions/collateral/ns341/ns522/ns3/metro_ethernet_white_paper.pdf

• Metro ethernet and ethernet

  Hi all,
  I am new to metro ethernet concept. Can someone give me a head start and also, what are the differences in ME switches and normal switches ?

  Disclaimer
  The  Author of this posting offers the information contained within this  posting without consideration and with the reader's understanding that  there's no implied or expressed suitability or fitness for any purpose.  Information provided is for informational purposes only and should not  be construed as rendering professional advice of any kind. Usage of this  posting's information is solely at reader's own risk.
  Liability Disclaimer
  In  no event shall Author be liable for any damages whatsoever (including,  without limitation, damages for loss of use, data or profit) arising out  of the use or inability to use the posting's information even if Author  has been advised of the possibility of such damage.
  Posting
  As Peter wrote, Metro Ethernet is a vast topic.  However, from a non-provider perspective, the idea is to allow interconnecting widely physically separated (your) site networks just about as simply and similar to connecting your LAN together at one of your sites.  I.e. you just connect different (your) site devices with an Ethernet connection, and you use that connection pretty much like you would any other Ethernet link between your devices.
  From a carrier or MAN provider perspective, running a widely distributed, multiple customer Metro Ethernet (or a carrier Ethernet) network, you'll want some features not found in (as you say) "normal" Ethernet equipment.
  What's different about Metro Ethernet switches is they generally offer features not found in "normal" Ethernet switches.  Again, from a non-provider perspective, you often only need/desire a few additional features (and for that reason, it's not uncommon for non-providers to use "normal" Ethernet switches with Metro E - I've also seen Metro E switches used with "ordinary" LAN Ethernet networks).  From a provider's (carrier's) perceptive, you'll really want more features.  Because of these two perspectives, you'll often find Metro Ethernet switches marketed to non-providers, and Carrier Grade Ethernet switches marketed to the MAN Ethernet providers.

• Metro ethernet configuration

  Months agao I had a 10MB metro ethernet link installed between two of my locations within 3 miles of each other. The link is fiber with a conversion module to copper, 10MB ethernet.
  I have the link on one end coming into a fastether port on a cisco 2620 router and the other end on a fastether cisco 3745.
  My routing the man like a frame link, each location is on a seperate subnet.
  I have not configured either end for IPsec, tunnel, etc.
  I have had the line checked by the ISP, but constantly received interface resets,output errors and excessive collisons.
  I feel I'm missing something from the configuration.
  I have verified my equipment is fine, both fastethers have been changed so my equipment is good.
  Any suggestions would be appreciated.

  It is related to send a busty traffic to you Ethernet interface and check the duplex and speed for both ends (It should be match).Check any viruses updated from the local Computers. Normally collision will happen when an Ethernet or transceiver cable is too long or when there are more than two repeaters between stations. So if the error is more then automatically the interface is resets. I hope the below link provide you more information.
  http://www.cisco.com/en/US/products/hw/voiceapp/ps967/products_administration_guide_chapter09186a0080194668.html
  http://www.cisco.com/en/US/products/hw/optical/ps2006/products_installation_and_configuration_guide_chapter09186a00800a9f95.html

• Metro Ethernet

  Hi all
  iam trying to Build metro Ethernet in my own town
  I have office with a distannce of 10Km
  i want to bring them in metro ring and connect failover ring
  So i have 5500 Switch at central end
  and I have 2 3750 Switched with LH Giga Module SFP in it 2 ports
  Now iam confused, what kind of CARDs i need to Buy for 5500 so i can integrate with 3750SFP ports with 5500 with ring protection
  I have in 5500 Supervisor III with 100MB MMF,
  What kind of Modules need to connected with 3750 ( situated other 2 office)
  so all 3 going to be in ring protection
  help will be appriciated
  hari

  yes, you can integrate with 3750SFP ports with 5500 with ring protection .
  CISCO WS-X5302=. Catalyst 5000 Route Switch Module will be module that can be used.

• Building metro ethernet using cat3750

  Hi,
  I am Mazlan and work for one of ISP in Malaysia. We would like to discover metro ethernet technologies.
  We would like to use our current backbone network to create this metro network and we are planning to use cat3750.
  The design is something like this.
  R1--cat3750--RA--[WAN}--RB--cat3750--R2
  R1 and R2 is in different location but will be running on same VLAN (with help of cat3750). Let say there is customer connected to R1 and their branch at R2, they will only feel they are in same LAN, but actly they are in different location.
  We need some opinion of builidng this network. I need help for the configuration in cat3750 as well in the router. We have no experince in this technologies.
  Perhaps somebody whos is interested to help me out can email me at [email protected]
  Your help is highly appriciated.
  --mazlan

  The Catalyst 3750 switch supports IEEE 802.1Q tunneling and Layer 2 protocol tunneling.
  configure guide
  http://www.cisco.com/en/US/products/hw/switches/ps5023/products_configuration_guide_chapter09186a00805a650e.html
  http://www.cisco.com/en/US/products/hw/switches/ps5023/products_configuration_example09186a00801cc828.shtml

• Integrating Metro Ethernet to DSLAM

  Dear friends,
  I am very new to Metro Ethernet and currently I am facing a solution problem. The thing is my customer want to deploy a MEtro Ethernet Network, which in turn they should be able to interconnect to a DSLAM network. The specific customer requirements are below, i am getting smoke out of my ears working on this.
  1) Deploy a Metro ethernet network and integrate it to DSLAM network
  2) Design should be such that customers of my customer (SP) can change his bandwidth limitations. For eg: if the SP's customer wants to have a video conferencing for a few hours then say for some 4 hrs he/she should be able to change the provided bandwidth. The SP should be able to monitor and bill for this.
  3) As a section of this Metro Ethernet solution a part should be able to provide video,data,voice and other near future application on EXISTING RJ 11 telephone wire connection at the customer places.
  I have only 1.5 yrs experience in networking and that too only on configuring and installing routers,RAS FW switches etc. I have never been to Solution providing and this is the first one. I dont want to lose it. can any one help ???
  Pleeeeeeeeease !!!!!!!!!!!!

  Hi,
  Your requirment seems to be preety simple as far as metro ethernet deployment is concerned.
  Suggest you to look for Cisco Service Selection Gateway ( SSG ) feature set on Cisco 72xx,73xx,10K series routers. With SSG coupled with SESM , users have flexibilty of change the bandwidth on the fly and SP can bill him accordingly.
  Apart from the requirement of bandwidth change , i would like to make a point that your customer should go for ADSL 2 or 2 + for catering triple play services ( voice,video and data )
  As far as metro e network is concerned i would have gig ethernet bandwidth in the backhaul .
  If the customer is not so Cisco Savvy , you can look for Juniper SDX platform , which supports COPS !!! ;)
  you can reach me a [email protected] for any assitance required .
  Raj

• 3750 Metro ethernet switch

  Folks,
  I have 6500's at the core and want to use the 3750 at the PE. My question is the following:
  1) 3750 would do Q-IN-Q.
  2) Once the packet reaches the 6500(sup 720) running MPLS. What happens to the frame. Do i use xconnect to transfer the frame to the appropriate PE?
  Just confussed about how does the PE use the Q-IN-Q information to direct it to the appropriate PE?
  Sample config would be highly appreciated.
  Thanks

  Well.. its about product features .. you gotta compare products with your requirments at various layer of your network and to come out with justification of your requirments . Any ways below is snippet for you to have some justification between two products
  ===============================================
  What is the difference between the Cisco Catalyst 3750 Metro Series and the Cisco Catalyst 3750 Series?
  The Cisco Catalyst 3750 Metro Series is built for Metro Ethernet access in a customer location, enabling the delivery of more differentiated Metro Ethernet services. These switches feature bidirectional hierarchical QoS and Traffic Shaping; intelligent 802.1Q tunneling with class-of-service (CoS) mutation; VLAN translation; MPLS, EoMPLS, and Hierarchical Virtual Private LAN Service (H-VPLS) support; and redundant AC or DC power. They are ideal for service providers seeking to deliver profitable business services, such as Layer 2, Layer 3, and MPLS VPNs, in a variety of bandwidths and with different SLAs. With flexible software options, the Cisco Catalyst 3750 Metro Series offers a cost-effective path for meeting current and future service requirements from service providers.
  The standard Cisco Catalyst 3750 Series is an innovative product line for midsize organizations and enterprise branch offices. Featuring Cisco Systems® StackWise™ technology, Cisco Catalyst 3750 Series products improve LAN operating efficiency by combining industry-leading ease of use and high resiliency for stackable switches.
  What is the Metro Ethernet positioning of the Cisco Catalyst 3750 Metro Series, the Cisco Catalyst 3550 Series, and the Cisco Catalyst 2950 Series?
  Cisco Catalyst 3750 Metro Series Switches
  =========================================
  Cisco Catalyst 3750 Metro Series switches are a new line of premier, customer-located switches that bring greater intelligence for Metro Ethernet access, enabling the delivery of more differentiated Metro Ethernet services. These fixed configuration switches feature bidirectional hierarchical QoS and Traffic Shaping; intelligent 802.1Q tunneling; VLAN translation; MPLS, EoMPLS, and H-VPLS support; and redundant AC or DC power. They are ideal for service providers seeking to deliver profitable business services, such as Layer 2, Layer 3, and MPLS VPNs, in a variety of bandwidths and with different SLAs. With flexible software options, the Cisco Catalyst 3750 Metro Series offers a cost-effective path for meeting current and future service requirements from service providers.
  Cisco Catalyst 3550 Series Switches
  ==================================
  With a range of Fast Ethernet, Gigabit Ethernet, DC power, and fiber configurations, the Cisco Catalyst 3550 Series is an intelligent metro access switch for service providers serving the enterprise and small and medium-sized business markets. Featuring 802.1Q tunneling, high-performance IP routing, and subsecond Spanning Tree Protocol convergence, this line of powerful, cost-effective, fixed-configuration switches enables Metro Ethernet services such as Transparent LAN services and business-class Internet access.
  Cisco Catalyst 2950 Series Switches
  ===================================
  Ideal for Metro Ethernet access in residential markets, the Cisco Catalyst 2950 Series is an affordable line of fixed-configuration Fast Ethernet and Gigabit Ethernet switches. Featuring advanced rate limiting, voice VLAN support, and multicast management, these switches enable residential Metro Ethernet services such as Internet access, voice over IP (VoIP), and broadcast video.
  Hope it helps
  Ps rate this post if it helps u ..
  Thanks and Regards
  Raj

• Metro E Design Guide 3.1

  There is a document called:
  Metro Ethernet 3.1 Design and Implementation Guide
  How do I get hold of this? I can't locate it on CCO.

  I had to get it from my account team with an NDA in place.