Integrated Cisco and UNIX Network Architectures

Integrated Cisco and UNIX Network Architectures

5 (1 rating by Goodreads)
By (author) 

List price: US$58.99

Currently unavailable

Add to wishlist

AbeBooks may have this title (opens in new window).

Try AbeBooks


Design, build, and operate integrated gateway routing systems

Learn how to design, build, and administer integrated gateway routing systems
Identify the advantages and disadvantages of Cisco/UNIX integrated designs
Review lab exercises throughout the book that bring concepts to life
Encounter the fascinating world of dynamic UNIX routing and TCP/IP stacks
Understand the way forwarding and signaling are implemented in the UNIX world
Gain proficiency with tunnels and VPNs
Utilize advanced features such as high availability, NAT, bandwidth management, policy routing, and multicast architectures
Explore Linux and BSD networking concepts

UNIX gateways introduce massive performance possibilities at a fraction of the price of dedicated proprietary appliances by performing network tasks entirely in software. With Cisco Systems routers dominating the Internet and enterprise networking and UNIX routing and gateway solutions spreading from within server farms and data centers, new opportunities and possibilities arise for system and network administrators who understand the benefit of integrated designs. For example, the use of UNIX gateways can enable intrusion detection, firewalling, cable and DSL access, terminal servers and access concentrators, VPNs, roaming user support, and other LAN and WAN services. Far from being mutually exclusive, Cisco devices, UNIX operating systems, and open source applications can enjoy a peaceful, perhaps even inevitable, coexistence for years to come. Integrated Cisco and UNIX Network Architectures shows how Cisco routers, switches, and firewalls seamlessly work together with UNIX operating systems in an integrated networking and security environment.

Integrated Cisco and UNIX Network Architectures reveals not just the feasibility but also the desirability of Cisco/UNIX integrated routing with regard to systems integration, interoperability, and feature requirements. Detailed, progressively complex lab scenarios emphasize enterprise and ISP requirements, casting light on the similarities and differences of these two worlds. Platform issues, such as behavior of firewall filters, kernel features, and proper standards compliance, are discussed, analyzed with sniffers, and tested with handcrafted traffic from packet generators and test applications.

If you want to master and maximize the operation of your UNIX and Cisco network architectures, this book shows you how.

This book is part of the Networking Technology Series from Cisco Press? which offers networking professionals valuable information for constructing efficient networks, understanding new technologies, and building successful careers.
show more

Product details

  • Hardback | 600 pages
  • 152.4 x 228.6 x 25.4mm | 628.22g
  • Cisco Press
  • Indianapolis, United States
  • English
  • 1587051214
  • 9781587051210

Table of contents


Chapter 1 Operating System Issues and Features-The Big Picture

Why UNIX Is Viable

Routing, Forwarding, and Switching Approaches

The Evolution of AT&T System V (SVR4) UNIX and 4.4-Lite BSD Derivatives

Operating Systems Design Considerations

Kernel-Space Modules Versus User-Space Applications

Cisco IOS Software





GNU Hurd/Mach

Other Commercial Unices


Recommended Reading


Chapter 2 User-Space Routing Software

The GNU Zebra Routing Software

Feature Description and Architecture of Zebra

Installation and Startup of Zebra

The Development Roadmap of Zebra

The Quagga Project

The routed Daemon

Feature Description of routed

Installation of routed

Lab 2-1: routed

GateD 3.6

Feature Description

Installation of GateD 3.6

Reliance on Service

Maturity, Scalability, and Stability of GateD 3.6

MRT (Multithreaded Routing Toolkit)

Feature Description of MRT

Installation of MRT

Maturity, Scalability, and Stability of MRT

The Bird Project

Feature Description of Bird

Installation of Bird

Maturity, Scalability, and Stability of Bird

The XORP Project

Feature Description of XORP

The MIT Click Modular Router Project

XORP Installation

Maturity, Scalability, and Stability of XORP

Multicast Routing Daemons: mrouted and pimd


Recommended Reading

Chapter 3 Kernel Requirements for a Full-Featured Lab

The sysctl Facility

IP Forwarding Control and Special Interfaces

VLAN Subinterface Support and Trunk Termination (802.1Q)

Alias or Secondary Interfaces

Ethernet Channel Bonding

Interface Cloning

ECMP (Equal-Cost Multi-Path)

Driver Support for LAN/WAN Interface Cards

Encapsulation Support for WAN Interface Cards

Support for Bridging Interfaces

TCP Tuning

Tunnel Support

Multicast Support

Firewall and Traffic-Shaping Support

The IPv6 Protocol Stack


Recommended Reading

Chapter 4 Gateway WAN/Metro Interfaces

Dial-on-Demand Routing: Analog and ISDN Dialup

Wireless Technologies


Powerline Communications

Ethernet to the Home/Premises

Cisco Long-Reach Ethernet (LRE)

Synchronous Serial Interface and PRIs

ATM Interfaces

Linux ATM Support

The FreeBSD HARP ATM Subsystem

Cable Access (Ethernet Interfaces)

DSL Access

Lab 4-1: Synchronous Serial Connection Setup

Exercise 4-1: Frame Relay Point-to-Multipoint Setup


Recommended Reading

Chapter 5 Ethernet and VLANs

Ethernet NICs

Hubs, Bridges, and Multilayer Switches

Access Ports, Uplinks, Trunks, and EtherChannel Port Groups

Alias Interfaces

VLAN Configurations

Linux VLAN Capabilities

FreeBSD/OpenBSD VLAN Capabilities

A Few Words on Cabling

Lab 5-1: FreeBSD Bridge Cluster Lab

Lab 5-2: Linux Bridging and the Spanning Tree

Lab 5-3: OpenBSD Bridging and Spanning Tree

A Few Words on Layer 2 Security

Exercise 5-1: Linux/FreeBSD Ethernet Channel Bonding

Exercise 5-2: STP Operation


Recommended Reading

Chapter 6 The Analyzer Toolbox, DHCP, and CDP

Terminal Emulation Software

Secure Shell Tools

Protocol Analyzer

Statistical Tools

Port Scanners

socklist and netstat

Ping and Traceroute Combinations

DNS Auditing Tools

Traffic and Packet Generators

What You Need in a Small Toolbox

The BSD ipfilter Traffic Generator

The Linux Kernel Packet Generator

Performance-Testing and Network-Benchmarking Tools

Lab 6-1: Using Sniffers-DHCP Example

Lab 6-2: UNIX CDP Configuration


Recommended Reading

Chapter 7 The UNIX Routing and ARP Tables

Address Resolution: ARP and RARP

Proxy ARP

ARP Cache

Static ARP Entries

Gratuitous ARP

Reverse ARP (RARP), the Bootstrap Protocol (BOOTP), and Dynamic H

Configuration Protocol (DHCP)


Inverse ARP (InARP), UNARP, and DirectedARP

Power of the Linux ip, netstat, and route Utilities

ARP-Related Tools

Lab 7-1: ARP Security Issues


Recommended Reading


Chapter 8 Static Routing Concepts

Administrative Distance and Metric

Classful Routing, VLSM, and CIDR

Default Gateways, Default Routes, and Route(s) of Last Resort

Route Caches, Routing Tables, Forwarding Tables, and the ISO Context

The Near and Far End of a Link

The route Command-Adding and Removing Routes

Route Cloning

Blackholes and Reject/Prohibit Routes

Floating Static Routes

Equal-Cost Multi-Path (ECMP) Routing

Lab 8-1: Interface Metrics, Floating Static Routes, and Multiple Equal-Cost Rou


Linux TEQL (True Link Equalizer)

Adding Static Routes via Routing Daemons


Recommended Reading


Chapter 9 Dynamic Routing Protocols-Interior Gateway Protocols

Interaction with the UNIX Routing Table

Classification of Dynamic Routing Protocols

Link-State Protocols

Distance-Vector Protocols


RIP-A Distance-Vector Routing Protocol (Bellman-Ford-Fulkerson)


Lab 9-1: RIPv2 Scenario

Lab 9-2: RIP Neighbor Granularity

Lab 9-3: RIPv2 via GateD

Exercise 9-1: RIPv2 over Frame Relay Topologies

Exercise 9-2: RIPv2 Metric Manipulation and Redistribution Control

Introduction to Link-State Routing Protocols

Area Concepts

The Full Picture-Autonomous Systems and Areas


Lab 9-4: Leaf-Area Design Featuring GateD and Cisco IOS

Exercise 9-3: Exporting Loopback Addresses

Lab 9-5: Leaf-Area Design Featuring Zebra and Cisco IOS Software

ECMP-Manipulating Metric and Distance

The Art of Redistribution

Lab 9-6: Route Filtering and Redistribution

Lab 9-7: OSPF Authentication

Route Tagging and Multiple OSPF Processes/Instances

IS-IS (Intermediate System-to-Intermediate System)

Disadvantages of IS-IS

Advantages of IS-IS

Relevant IS-IS Standards

Current IS-IS Developments

Lab 9-8: IS-IS Flat Backbone Area

Lab 9-9: IS-IS Backbone and Leaf Area

Lab 9-10: OSPF Point-to-Point Lab

Exercise 9-4: Dynamic Routing in Point-to-Multipoint Scenarios

Advanced OSPF Features

Traffic-Engineering Extensions

Opaque LSAs

Quagga's Implementation


Recommended Reading


Chapter 10 ISP Connectivity with BGPv4-An Exterior Gateway Path-Vector Rout

Protocol for Interdomain Routing

Exterior Gateway Protocols: EGP and BGPv4

BGPv4: Introductory Thoughts

Neighboring Relations

Limitations of IGPs

Flavors of BGPv4

BGP Message Types

Capabilities Negotiation

BGP Finite State Machine

BGP Path Attributes

BGP Active Path-Selection Criteria

BGP Loop Detection

Provider-Independent Addresses (PI Prefixes, Provider Aggregates)

Internet Exchange Points

EBGP and EBGP Multihop

Weighted Route Dampening

The next-hop-self Command

IGP Synchronization

The soft-reconfiguration Command

Multiple BGP Instances and Views and the Route Server Context

IBGP Full Mesh, Route Reflectors, and Confederation

Lab 10-1: Route Reflection

Exercise 10-1: BGP and IGP Interaction

Exercise 10-2: BGP Synchronization

Lab 10-2: Confederation

Lab 10-3: Multi-AS BGP Topology

Lab 10-4: BGP with GateD

Avoiding Single Points of Failure

Single-Homed Nontransit (Stub) Scenario with a Private AS

Multi-Homed Nontransit (Stub) Scenario

Transit Services

Route Server and Routing Registries

Requesting ASNs and IP Addresses

Zebra Route Server with Multiple Views

The Route Server Next Generation Project (RSng)

Internet Routing Registries

The Whois/Rwhois Interface


The IRRToolSet

Looking Glasses

Cisco IOS Configuration

The Looking Glass CGI Script and HTML Code

Zebra Looking Glasses

Routing Policies

Defining an AS Policy

BGP Route Maps and Filters

BGP Communities and Extended Communities

Special BGP Topics

BGP "Pseudo" Load Balancing

BGP Security Considerations

Multiprotocol BGP Extensions


Recommended Reading

Chapter 11 VPN Technologies, Tunnel Interfaces, and Architectures

The Rationale for Tunnels in Routing Environments

The VPNC Concept of VPNs

The OSI Stack Perspective

Internet, Intranet, and Extranet Terminology

IP-IP Tunnel

Lab 11-1: IP-IP Tunnel Linux-to-FreeBSD

Lab 11-2: IP-IP Tunnel OpenBSD-to-Cisco

Generic Router Encapsulation (GRE) Tunnel

Lab 11-3: GRE Tunnel OpenBSD-to-Cisco

Lab 11-4: GRE Tunnel Linux-to-FreeBSD (Featuring gre-tun)

Lab 11-5: Linux-to-Cisco GRE Tunnel

Exercise 11-1: GRE Advanced Features

Special Multicast and IPv6 Tunneling (RFC 2473, RFC 3053)

Cisco L2F (Layer 2 Forwarding)

PPTP (Point-to-Point Tunnel Protocol)

Exercise 11-2: PPTP on UNIX

L2TP (Layer 2 Tunnel Protocol)

Securing L2TP Using IPSec (RFC 3193)

L2TP Operation

L2TPv3 and Related "Work in Progress"

L2TPd for UNIX: A Project in Transition

Exercise 11-3: L2TP

Mobile IP

User-Space Tunneling

CIPE (Crypto IP Encapsulation)

V-TUN (Virtual Tunnel)


Stunnel/SSLwrap-SSL/TLS-Based "Wrapped" Tunnels and SSL Proxying/Relaying

Secure Shell (SSH)

IPSec Foundation

IPSec ESP/AH and Tunnel and Transport Mode

Manual/Automatic Keying, Preshared Secrets, and Certificates

IKE Phase 1 and 2: Main Mode and Aggressive Mode

Resolving the IKE, PKI, SA, ISAKMP, and Oakley Confusion

What Is Opportunistic Encryption (OE)?

What Is NAT-Traversal (NAT-T)?

DHCP Provisioning over IPSec Tunnel Mode

IPSec Implementations

Linux IPSec




General Tunnel and Specific IPSec Caveats

Tunnels and Firewalls

Tunnels Do Not Like NAT

Tunnels Cause MTU Issues

Tunnels Add Protocol Overhead

Unnumbered Links and Tunnel Routing

Multicast Transit via Point-to-Point Tunnels

Crypto Performance

High Availability

VPN Deployment and Scalability

Advice About IPSec Lab Scenarios

Lab 11-8: An IPSec with IKE (racoon/isakmpd) Scenario (Gateway-to-Gate

Tunnel Mode)

Road-Warrior Scenarios (Road Warrior-to-OpenBSD/FreeBSD Gateway with IKE)

Dynamic Routing Protocols over Point-to-Point Tunnels-Transpar

Infrastructure VPN

IPSec Development and Evolution


Recommended Reading


Chapter 12 Designing for High Availability

Increasing Availability

Withstanding a (D)DoS Attack

Network HA Approaches

Redundant Paths

Standby Equipment

Simple but Effective Approaches to Server HA

DNS Shuffle Records and Round-Robin (DNS RR)

Dynamic Routing Protocols

Firewall Failover

Clustering and Distributed Architectures

Linux Virtual Server Project (LVSP)

Connection Integrity Issues

LVS-Virtual Services

Linux Ultra Monkey

IP Address Takeover with Heartbeat

The Service Routing Redundancy Daemon (SRRD)

IPv4/IPv6 Anycast

A Few Words About Content Caches and Proxies

Load Balancing

Firewall Load-Balancing Approaches

HighUpTime Project loadd Daemon

Pure Load Balancer

The PEN Load Balancer

Super Sparrow

Cisco Gateway Load Balancing Protocol (GLBP)

Cisco HA and Load-Balancing Approaches

Cisco IOS Server Load Balancing (SLB) Feature

Cisco Content Networking Devices and Software




Comparison of the VRRP Implementations




Recommended Reading


Chapter 13 Policy Routing, Bandwidth Management, and QoS

Policy Routing

Policy Routing on BSD

Linux iproute2 Policy Routing

Cisco IOS Policy-Routing Example

Traffic Shaping, Queuing, Reservation, and Scheduling

Linux QoS

Layer 3 QoS: IP ToS, Precedence, CoS, IntServ, and DiffServ Codepoints

802.1P/Q Tagging/Priority-QoS at the Data-Link/MAC Sublayer

MPLS Exp Field and MPLS Traffic Engineering

DiffServ and RSVP/RSVP-TE Implementations for UNIX

Cisco IOS QoS and Queuing Architectures

UNIX Firewalling Engines and Queuing


FreeBSD ipfilter+ALTQ

FreeBSD IP Firewall(ipfw) + dummynet

Linux Firewall Marking and iproute2 (ip/tc)

Bell Labs' Eclipse-An Operating System with QoS Support


Recommended Reading


Chapter 14 Multicast Architectures

Multicast Deployments

Multicast Addresses and Scope

Administratively Scoped IP Multicast

The Multicast Protocol Cocktail

Internet Group Management Protocol (IGMP) and Cisco Group Managem

Protocol (CGMP)

IGMPv1 Operation

IGMPv2 Operation

IGMPv3 Implementations

Cisco IOS Multicast Router Configuration and IGMP/CGMP Operation

Cisco Group Management Protocol (CGMP)

The Cisco IOS Multicast Routing Monitor (MRM)

mrouted and DVMRP

mrouted and the MBONE

Lab 14-1: DVMRP via mrouted

Native-Multicast Test Applications

The ip and smcroute Multicast Utilities

PIM Operation and Daemons

Lab 14-2: Native Linux and FreeBSD Multicast (PIM-SMv2) in Combination w


Lab 14-3: XORP PIM Operation

Multicast Open Shortest Path First (MOSPF)

Multicast Source Discovery Protocol (MSDP)

BGPv4 Multicast Extensions (Multiprotocol BGP, RFC 2858)

Multicast Transport Layer Protocols

Multicast Invitations and Session Announcements

Multicast Security


Recommended Reading

Chapter 15 Network Address Translation

The NAT Foundation-Basic/Traditional NAT

NAT, PAT(NAPT), Masquerading, and Port Mapping/Multiplexing

Static NAT and ARP/Routing Issues

Redirection (Port Forwarding/Relaying or Transparent Proxying)

UNIX NAT Approaches

Lab 15-1: OpenBSD ipfilter

Lab 15-2: FreeBSD ipfw+natd

Lab 15-3: BSD Packet Filter (pf)

Lab 15-4: Linux NAT (iptables)

NAT-Hostile Protocols

Future Developments: NAT-T, MPLS+NAT, Load Balancer

NAT Redundancy-Stateful Failover


Recommended Reading

Appendix A UNIX Kernel Configuration Files

Appendix B The FreeBSD Netgraph Facility

show more

About Will Schmied

Gernot Schmied is an independent consultant, analyst, and researcher focusing on systems integration, networking, UNIX, and security. He has worked for several years in enterprise and ISP environments with a focus on senior engineering and architecture projects, service, and portfolio development. Gernot holds two masters' degrees in applied physics and information systems and is currently working on his Ph.D. thesis in his "spare" time. Gernot lives in Vienna, Austria.
show more

Rating details

1 ratings
5 out of 5 stars
5 100% (1)
4 0% (0)
3 0% (0)
2 0% (0)
1 0% (0)
Book ratings by Goodreads
Goodreads is the world's largest site for readers with over 50 million reviews. We're featuring millions of their reader ratings on our book pages to help you find your new favourite book. Close X