PART 1 INTRODUCTORY CHAPTERS

1. Next Generation Networks 2. Routers 3. Routing 4. Address Translation 5. Access Control Lists 6. MPLS 7. PHP

1|Page

1. NEXT GENERATION NETWORKS

Next Generation Networking (NGN) is a broad term to describe some key architectural evolutions in telecommunication core and access networks that will be deployed over the next 5-10 years. The general idea behind NGN is that one network transports all information and services (voice, data, and all sorts of media such as video) by encapsulating these into packets, like it is on the Internet. NGNs are commonly built around the Internet Protocol, and therefore the term "all-IP" is also sometimes used to describe the transformation towards NGN. According to ITU-T the definition is A Next Generation Network (NGN) is a packet-based network able to provide services including Telecommunication Services and able to make use of multiple broadband, QoS-enabled transport technologies and in which service-related functions are independent from underlying transport-related technologies. It offers unrestricted access by users to different service providers. It supports generalized mobility which will allow consistent and ubiquitous provision of services to users. From a practical perspective, NGN involves three main architectural changes that need to be looked at separately:

In the core network, NGN implies a consolidation of several (dedicated or overlay) transport networks each historically built for a different service into one core transport network (often based on IP and Ethernet). It implies amongst others the migration of voice from a circuit-switched architecture (PSTN) to VoIP, and also migration of legacy services such as X.25, Frame Relay (either commercial migration of the customer to a new service like IP VPN, or technical emigration by emulation of the "legacy service" on the NGN).

In the wired access network, NGN implies the migration from the "dual" legacy voice next to xDSL setup in the local exchanges to a converged setup in which we integrate voice ports or VoIP, allowing removing the voice switching infrastructure from the exchange.

2|Page

In cable access network, NGN convergence implies migration of constant bit rate voice to Cable Labs Packet Cable standards that provide VoIP and SIP services. Both services ride over DOCSIS as the cable data layer standard. In an NGN, there is a more defined separation between the transport (connectivity) portion of the network and the services that run on top of that transport. This means that whenever a provider wants to enable a new service, they can do so by defining it directly at the service layer without considering the transport layer - i.e. services are independent of transport details. Increasingly applications, including voice, will tend to be independent of the access network (de-layering of network and applications) and will reside more on end-user devices (phone, PC, Set-top box).

1.1 System Architecture

The basic premise for NGN is architecture on several independent levels. These include the access area, the core network area; the control level and the service management level. The connection of subscribers and terminals to the NGN can be achieved with various access technologies. The information and transmission formats of the various networks must be converted into information that is comprehensible for the NGN. This calls for Gateways for the connection of business and private customers. The core network of the NGN is an IP network. This is a standardized transport platform consisting of various IP routers and switches. The connection control of the individual components is carried out by the control level. Standard and value-added services can then be provided via the service management level. MODULAR STRUCTURE OF NGN

3|Page

The aim of an NGN is to operate the current wide range of access and communications technologies under a common umbrella in the future network on IP. This convergence allows a transition from a vertical to horizontal service integration. In vertical network structures, services (e.g. phone services, TV services) can only be received with suitable networks and the relevant end devices. With a horizontal approach, on the other hand, users in future will be given the possibility of using the desired services regardless of the platform and the technology with a single end device

AN ALL IP NETWORK

4|Page

1.2 Motivation for NGN

The heterogeneity of the infrastructure, the growing competition and the falling call sales can be regarded at present as the primary threats to the telecommunications industry. Established network operators are finding themselves forced to rethink their business models and to convert their infrastructure to a fully IP-based platform the Next Generation Network. The overall aim is to reduce costs and to create new sources of income.

Reasons for the Migration to NGN

5|Page

1.3 Fundamental Characteristics of NGN

Separation of control functions among bearer capabilities,

call/session, and application/ service Decoupling of service provision from network, and provision of open interfaces Support for a wide range of services, applications and mechanisms based on service building blocks (including real time/ streaming/ non-real time services and multi-media, Triple- play)

Broadband capabilities with end-to-end QoS and transparency Inter working with legacy networks via open interfaces Generalized mobility support Unrestricted access by users to different service providers A variety of identification schemes which can be resolved to IP addresses for the purposes of routing in IP networks Unified service characteristics for the same service as perceived by the user Converged services between Fixed/Mobile Independence of service-related functions from underlying transport technologies Compliant with all Regulatory requirements, for example concerning access to emergency communications and security

monitoring/privacy, etc.

6|Page

1.4 Advantages of NGN

Cost savings With fewer components required (e.g. lines, routers, hubs and switches), NGNs are more reliable and cheaper to run, as carriers are able to offer equipment and network economies of scale by investing in high-end equipment and capacity. Increased flexibility also means that expansion or modifying of networks through organic growth and acquisition becomes far easier, and ultimately less expensive.

Productivity Emerging services such as IP based voice, web conferencing, collaboration and unified messaging can all be supported by NGN. NGNs also provide any time, any place information flow and presence visibility, similar to MSN Messenger.

Scalability Generally, without disruption to service, users, sites and communication services can be added in line with varying business demand. Enterprises can deploy services in a series of phases allowing for resource and budgetary constraints. The emergence of NGN points to the end of Fork Lift upgrades to both voice and data infrastructures - a desired goal for many organizations.

Business continuity Through the use of a common (IP) based infrastructure, business continuity can be easily engineered to deliver a more reliable and robust network. The flexibility offered by NGNs as an underlying infrastructure means that risk can be mitigated and policies configured to protect against service disruption. Traditionally this has often been managed as a separate plan rather than as an integral part of the network design.

Continued technological development means that the traditional phone system can run via an NGN, acting as a low cost back-up solution for disaster recovery sites. Increased flexibility of design and the ability to merge legacy systems more easily into a manageable infrastructure means that NGNs are also able to effectively eliminate single points of failure across the network.

7|Page

2. ROUTERS
A router is a device that forwards data packets across computer networks. Routers perform the data "traffic directing" functions on the Internet. A router is connected to two or more data lines from different networks. When data comes in on one of the lines, the router reads the address information in the packet to determine its ultimate destination. When multiple routers are used in interconnected networks, the routers exchange information about destination addresses, using a dynamic routing protocol. Routers may also be used to connect two or more logical groups of computer devices known as subnets, each with a different subnetwork address. A router has two stages of operation called planes.

Control plane: A router records a routing table listing what route should be used to forward a data packet, and through which physical interface connection. It does this by using internal pre-configured addresses, called static routes.

Forwarding plane: The router forwards data packets between incoming and outgoing interface connections. It routes it to the correct network type using information that the packet header contains. It uses data recorded in the routing table control plane.

2.1 Router Passwords:

Console: The console port is where we would initially start to configure a new router. Router(config)# line console 0 Router(config-line)# password secretcisco Router(config-line)# login

Aux: This is short for auxiliary port. This is also a physical access port on the router. Router(config)# line aux 0 Router(config-line)# password secretcisco Router(config-line)# login

8|Page

VTY: We would use this line to Telnet or SSH into the router. Router(config)# line vty 0 4 Router(config-line)# password secretcisco Router(config-line)# login

Enable password: The enable password prevents someone from getting full access to the router. Router(config)# enable password secretcisco Router(config)# exit

Enable secret: The enable secret password has the same function as the enable password, but with enable secret, the password is stored in a much stronger form of encryption: Router# configure terminal Router(config)# enable secret password

9|Page

3. ROUTING
Routing is the main process used by Internet hosts to deliver packets. Internet uses a hop-byhop routing model, which means that each host or router that handles a packet examines the Destination Address in the IP header, computes the next hop that will bring the packet one step closer to its destination, and delivers the packet to the next hop, where the process is repeated. There are three types of routing depending upon the type of routing table: Static Routing Default Routing Dynamic Routing

3.1 Static Routing: A static routing table contains information entered manually. The administrator enters the route for each destination into the table. When a table is created, it cannot update automatically when there is a change in the Internet. The table must be manually altered by the administrator. A static routing table can be used in smaller networks that do not change very often. With a network that has hundreds of routes, static routes are not scalable since one would have to configure each route on each router.

Static Route Configuration: Router(config)# ip route destination_network_# [subnet mask] IP_address_of_next_hop_neighbor [administrative_distance] [permanent] OR Router(config)# ip route destination_network_# [subnet mask] Interface_to_exit [administrative_distance] [permanent]

3.2 IP ROUTING: IP Routing is an umbrella term for the set of protocols that determine the path that data follows in order to travel across multiple networks from its source to its destination. Data is routed from its source to its destination through a series of routers, and across multiple networks. The Internet, for the purpose of routing, is divided into Autonomous Systems (ASs). An AS is a group of routers that are under the control of a single administration and exchange routing information using a common routing protocol. An AS can be classified as one of the following three types.

10 | P a g e

A Stub AS has a single connection to one other AS. Any data sent to, or received from, a destination outside the AS must travel over that connection. A small campus network is an example of a stub AS.

A Transit AS has multiple connections to one or more ASs, which permits data that is not destined for a node within that AS to travel through it. An ISP network is an example of a transit AS.

A Multihomed AS also has multiple connections to one or more ASs, but it does not permit data received over one of these connections to be forwarded out of the AS again. In other words, it does not provide a transit service to other ASs.

An Interior Gateway Protocol (IGP) calculates routes within a single AS. The IGP enables nodes on different networks within an AS to send data to one another. The IGP also enables data to be forwarded across an AS from ingress to egress, when the AS is providing transit services. Routes are distributed between ASs by an Exterior Gateway Protocol (EGP). The EGP enables routers within an AS to choose the best point of egress from the AS for the data they are trying to route. The EGP and the IGPs running within each AS cooperate to route data across the Internet. The EGP determines the ASs that data must cross in order to reach its destination, and the IGP determines the path within each AS that data must follow to get from the point of ingress (or the point of origin) to the point of egress (or the final destination). 3.3 ROUTING PROTOCOLS: A routing protocol is used by a router to dynamically find all the networks in the internetwork and to ensure that all the routers have the same routing table. Basically a routing protocol determines the path of a packet through an internetwork. Routing protocols used by the Internet Protocol suite include:

Routing Information Protocol (RIP) Open Shortest Path First (OSPF) Intermediate System to Intermediate System (IS-IS) Interior Gateway Routing Protocol (IGRP) Border Gateway Protocol (BGP)

11 | P a g e

3.4 Administrative distances (AD): AD is used to rate the trustworthiness of routing information received on a router from a neighbor router. An Administrative Distance is an integer from 0 to 255, where 0 is the most trusted and 255 means no traffic will be passed via this route. The route with the lowest AD will be placed in the routing table. If both advertised routes to the same network have the same AD, then routing protocol metrics (such as hop count or bandwidth of the lines) will be used to find the best path to the remote network.

Default Administrative Distance for a Cisco Router

Routing Source Connected interface Static Route EIGRP IGRP OSPF RIP External EIGRP Unknown

Default Administrative Distance 0 1 90 100 110 120 170 255 (this route will never be used)

12 | P a g e

3.5 Three classes of dynamic routing protocols:

1) Distance-Vector: These protocols find the best path to a remote network by judging the distance. The route with the least number of hops to the network is determined to be the best route. Both RIP and IGRP are of this type. 2) Link State: Also called shortest-path-first protocols. The routers each create three separate tables. One of these tables keeps track of directly attached neighbors, one determines the topology of the entire internetwork, and one is used as the routing table. OSPF is a link state protocol. Link state protocols send updates containing the state of their own links to all other routers on the network. 3) Hybrid: Hybrid protocols use the aspects of both distance vector and link state protocols. EIGRP is of this type. Metrics: Metrics are used to weight the different paths to a destination. If there is more than one way to the destination, the metric is used as a tie-breaker. The router will put the best metric paths in its routing table. There are many different types of metrics, such as bandwidth, reliability, load, frame size (MTU), delay, and hop-count. Each routing protocol uses its own metric structure.

Metric
Bandwidth Cost Delay Hop count Load Maximum Transmission Unit (MTU) Reliability Ticks

Routing Protocols EIGRP, IGRP OSPF EIGRP, IGRP RIP EIGRP, IGRP EIGRP, IGRP

Description
The capacity of the link in Kbps Measurement in the inverse of the BW of the links Time it takes to reach the destination How many routes away from the destination The path with the least utilization The path that supports the largest frame sizes

EIGRP, IGRP IPX RIP

Path with the least amount of errors or downtime. Measurement in delay (55 milliseconds)

13 | P a g e

3.6 OPEN SHORTEST PATH FIRST PROTOCOL (OSPF)

It is a link state protocol that handles routing for IP traffic. Features of OSPF: Consists of areas and autonomous systems Minimizes routing update traffic Allows scalability Supports VLSM/CIDR Has unlimited hop count Allows multi-vendor deployment (open standard)

OSPF has the following main advantages: It will run on most routers, since it is based on an open standard. It uses the SPF algorithm, developed by Dijkstra, to provide a loop-free topology. It provides fast convergence with triggered, incremental updates via Link State Advertisements (LSAs). It is a classless protocol and allows for a hierarchical design with VLSM and route summarization. Given its advantages, OSPF does have its share of disadvantages: It requires more memory to hold the adjacency, topology, and routing tables. It requires extra CPU processing to run the SPF algorithm, which is especially true when one first turns on the routers and they are initially building the adjacency and topology tables. For large networks, it requires careful design to break up the network into an appropriate hierarchical design by separating routers into different areas. It is complex to configure.

Configuring OSPF: Router(config)# router ospf process_ID Router(config-router)# network IP_address wildcard_mask area area_#

The process_ID is used to differentiate between different OSPF processes running on the router. A wildcard mask tells the router what part of the address it should match on. It is 32 bits long and is an inverted subnet mask. 14 | P a g e

4. ADDRESS TRANSLATION
Address translation was originally developed to solve two problems: handling a shortage of IP addresses and hiding network addressing schemes. Because of the huge Internet explosions during the early 1990s, it was foreseen that the current IP addressing scheme would not accommodate the number of devices that would need public addresses. Private Addresses: when devices want to communicate, each device needs a unique IP address. The following table shows the range of private addresses:

CLASS A B C

Range Of Address 10.0.0.0 to 10.255.255.255 172.16.0.0 to 172.31.255.255 192.168.0.0 to 192.168.255.255

One of the main issues of RFC 1918 addresses is that they can be used only internally within a company and cannot be used to communicate to a public network such as the Internet. For this reason they are commonly referred to as private addresses. Address Translation: A second standard, RFC 1631, was created to solve this problem. It defines a process which allows us to change an IP address in a packet to a different address. Address translation allows us to translate the internal private addresses to public addresses before these packets leave the network.

4.1 Common Address Translation Terms

TERM Inside Outside Local Global Inside local IP address Inside global IP address Outside global IP address Outside local IP address

DEFINITION Networks located on the inside of private network Networks located on the outside of private network The private IP address physically assigned to a device The public IP address physically or logically assigned to a device An inside device with an assigned private IP address An inside device with a registered public IP address An outside device with a registered public IP address An outside device with an assigned private IP address

15 | P a g e

4.2 Types of Address Translation:

Address translation comes in a variety of types, like Network Address Translation (NAT), Port Address Translation (PAT), dynamic address translation, and static address translation.

4.2.1 Network Address Translation (NAT): NAT translates one IP address to another. This can be a source address or a destination address. There are two basic implementations of NAT: static and dynamic. Static NAT: With static NAT, a manual translation is performed by an address translation device, translating one IP address to a different one. The figure given below shows a simple example of outside users trying to access an internal web server with a private address 10.1.1.1. The web server needs to be presented as having a public address. This is defined in the address translation device. The web server is assigned an inside global IP address of 200.200.200.1 on the router and the DNS server advertises this address to the outside users. When outside users send packets to the 200.200.200.1 address, the router examines its translation table for a matching entry. On finding the match, the router changes the destination IP address to 10.1.1.1 and forwards it to the inside web server.

Likewise, when the web server sends traffic out to the public network, the router compares the source IP address to entries in its translation table, and if it finds a match, it changes the inside local IP address (10.1.1.1) to the inside global IP address (200.200.200.1). 16 | P a g e

Dynamic NAT: With static address translation, we need to manually build the translations. With dynamic NAT, we must manually define two sets of addresses on the address translation device. One set defines which inside addresses are allowed to be translated, and the other defines what these addresses are to be translated to.

4.2.2 Port Address Translation (PAT):

One problem with static or dynamic NAT is that it provides only a one-to-one address translation. Therefore, if there are 5,000 internal devices with private addresses, and all 5000 devices try to reach the Internet simultaneously, we need 5000 public address inside the global address pool. If we have only 1000 public addresses, only the first 1000 devices are translated and the remaining 4000 will not be able to reach outside destinations. To overcome this problem, we can use a process called address overloading. This process is also known as Port Address Translation (PAT) and Network Address Port Translation (NAPT).

Using the same IP address: With PAT, all machines that go through the address translation device, have the same global IP address assigned to them and so the source port numbers are used to differentiate the different connections. If two devices have the same source port number, the translation device changes one of them to ensure uniqueness. The translation table in PAT consists of the following items:

Inside local IP address (original source private IP) Inside local port number (original source port number) Inside global IP address (translated public source IP) Inside global port number (new source port number) Outside global IP address (destination public address) Outside global port number (destination port number)

17 | P a g e

5. ACCESS CONTROL LISTS (ACLs)

ACLs are basically a set of commands, grouped together by a number or name, that are used to filter traffic entering or leaving an interface. ACL commands define specifically which traffic is permitted and which is denied. When activating an ACL on an interface, we must specify in which direction the traffic should be filtered:

Inbound (as the traffic comes into an interface): With inbound ACLs, the router compares the packet to the interface ACL before the router will forward it to another interface.

Outbound (before the traffic exits an interface): With outbound ACLs, the packet is received on an interface and forwarded to the exit interface. The router then compares the packet to the ACL.

One restriction that the ACLs have is that they cannot filter traffic that the router originates itself. For example, if we execute a ping or if we telnet from the router to another device, ACLs applied to the routers interfaces cannot filter these connections. However, if an external device tries to ping or telnet to the router or through the router to a remote destination, the router can filter these packets.

There are two main types of access lists:

Standard ACL: These can filter only on the source IP address inside a packet. This means that standard access lists basically permit or deny an entire suite of protocols. They do not distinguish between any of the many types of IP traffic such as web, Telnet, UDP and so on.

Extended ACL: These can filter on the source and destination IP addresses in the packet, the IP protocol (TCP, UDP, ICMP, and so on), and protocol information (such as the TCP or UDP source and destination port numbers). With an extended ACL, we can be very precise in the filtering.

18 | P a g e

Some general access list guidelines that should be followed while creating and implementing access lists on routers: One can assign only one access list per interface per protocol per direction. This means that when creating IP access lists we can have only one inbound access list and one outbound access list per interface. Order of statements is important: organize the access list so that the more restrictive tests are at the top of the access list. Any time a new entry is added to the access list, it will be placed at the bottom of the list. The router cannot filter traffic that it itself originates. ACL statements are processed top-down until a match is found, and then no more statements in the list are processed. If no match is found in the ACL, the packet is dropped (implicit deny). In order for an ACL to have an implicit deny statement, we need at least one actual permit or deny statement. Unless the access list ends with a permit any command, all packets will be discarded if they do not meet any of the lists tests. Every list must have at least one permit statement or it will deny all traffic. Applying an empty ACL to an interface permits all traffic by default. Each ACL needs either a unique number or a unique name.

ACL Types and Numbers ACL TYPE IP Standard Standard Vines IP Extended Extended Vines DECnet AppleTalk 48-bit MAC Address Access List Extended 48-bit MAC Address Access List ACL NUMBERS 1-99, 1300-1999 (expanded range) 1-99 100-199, 2000-2699 (expanded range) 100-199 300-399 600-699 700-799 1100-1199

19 | P a g e

Basic ACL Configuration: Router(config)# access-list ACL_# permit|deny conditions Activating an ACL: Router(config)# interface type [slot_#] port_# Router(config-if)# ip access-group ACL_# in|out

5.1 Standard Numbered ACLs

Basic Configuration: Router(config)# access-list 1-99/1600-1999 permit/deny source_IP_address [wildcard_mask] [log] Activation: Router(config)# interface type [slot_#] port_# Router(config-if)# ip access-group ACL_# in/out Examples: Router(config)# access-list 1 permit 192.168.1.1 Router(config)# access-list 1 deny 192.168.1.2 Router(config)# access-list 1 permit 192.168.1.0 0.0.0.255 Router(config)# access-list 1 deny any Router(config)# interface serial 0 Router(config-if)# ip access-group 1 in

5.2 Extended Numbered ACLs

Command Syntax: Router(config)# access-list 100-199/2000-2699 permit/deny IP_protocol source_address Source_wildcard_mask [protocol_information] Destination_address destination_wildcard_mask [protocol_information] [log]

20 | P a g e

6. Multiprotocol Label Switching

6.1 Problems that led to the development of MPLS:
Traditional IP forwarding based on: Routing protocols used to distribute Layer 3 routing information Forwarding based on the destination address only Routing lookups performed on every hop Every router may need full Internet routing information (more than 100,000 routes)

Let us consider a simple service provider network. The following figure (a) shows four POPs (Points of Presence): Delhi, Mumbai, Chennai, and Kolkata. At each of these POPs, the routers are connected to ATM switches that are fully meshed, creating the core of the service provider network. Another way to represent the network is to show the POP locations connected to a cloud in figure (b). The cloud is a way to demonstrate the problem faced when integrating ATM and IP-based routers. The ATM switches are only concerned with moving traffic based on VPI/VCI values of which the IP-based POP routers are unaware. IP-based POP routers are Layer 3 devices, concerned with forwarding packets based on information contained in the packet, of which the ATM switches are unaware.

Another problem experienced by service providers is scalability. To allow for maximum redundancy and optimum routing, a full mesh of virtual circuits (VCs) must be created, resulting in an overlay. For four POP routers connected together with a full mesh of VCs, six VCs are required. If two more POP routers are added a total of 15 VCs are required to

21 | P a g e

provide full-mesh connectivity. As more and more POP routers are added to this core, more and more VCs will be required to provide a full mesh. Not only are there scalability problems with the number of VCs required implementing a full mesh, but there are also scalability problems associated with the routing protocols in use in the network. As more and more VCs are created, more and more routers must form adjacencies with one another to ensure redundancy. All of these routers must exchange routing table updates with every router, thus creating a great deal of traffic that is merely updating routing tables. This excessive traffic can utilize significant resources on the routers and slow them down. The ATM world has a rich feature set that is used for traffic engineering. Traffic engineering is simply a process by which traffic is optimized to follow certain paths based on specified requirements. The IP world also has features, although not nearly as extensive as ATM, to provide for traffic engineering. The problem experienced by service providers is how to combine the traffic engineering of IP with the traffic engineering of ATM. Since ATM and IP are totally separate technologies, it is difficult to implement combined end-to-end traffic engineering. Both IP and ATM have Quality of Service (QoS) capabilities. The difference between the two has to do with their operation. IP is connectionless and ATM is connection-oriented. Again, the problem experienced by a service provider is how to combine these two different ways of implementing QoS into a firm end-to-end solution. MPLS, as a technology, evolved from early attempts to glue the IP world and ATM world together. What we know as MPLS today is, for the most part, a standardized version of Ciscos proprietary tag switching.

MPLS is a new forwarding mechanism in which packets are forwarded based on labels.

Labels usually correspond to IP destination networks (equal to traditional IP forwarding)

Labels can also correspond to other parameters, such as QoS or source address MPLS was designed to support forwarding of other protocols as well

22 | P a g e

6.2 MPLS architecture:

MPLS has two major components:

1) Control Plane:
Exchanges Layer 3 routing information and labels. Control plane contains complex mechanisms to exchange routing information, such as OSPF, EIGRP, IS-IS and BGP, and to exchange labels such as TDP, LDP, BGP and RSVP. TDP: The Tag Distribution Protocol (TDP) is Ciscos proprietary protocol that is used to bind tags (which are the same as MPLS labels) to network routes in the routing table. LDP: The Label Distribution Protocol (LDP) is the IETF version of Ciscos TDP. LDP is used to bind labels to network routes. The label information base (LIB) is a mapping of incoming labels to outbound labels, along with outbound interface and link information.

Forwarding Equivalence Class (FEC): FEC is a grouping of IP packets that are treated in the same way. For example, a destination subnet could correspond to an FEC. Labels are bound to FECs. FECs can be based on a number of criteria, including IP ToS bits, IP protocol ID, port numbers, etc.

2) Forwarding or Data plane:

An MPLS-enabled router switches IP packets instead of forwarding them traditionally. The forwarding component of the MPLS architecture (known as the forwarding plane or data plane) is where information created and maintained from the control plane is actually used. The routing table is built in the control plane and cached in the forwarding plane. For labels, the LIB is built in the control plane, and only those labels in use reside in the label forwarding information base (LFIB). The LFIB is a subset of the LIB. An additional component that resides in the forwarding plane is the forwarding information base (FIB). The FIB is built by Cisco Express Forwarding (CEF). The FIB is essentially a cached version of the IP routing table that eliminates the need for a route-cache. For Cisco MPLS or tag switching to work, CEF must be enabled.

23 | P a g e

6.3 MPLS Network Components:

CE: A customer edge (CE) device. This is a router that connects to the customer network and to a service provider. PE: A provider edge (PE) device. This is a service provider piece of equipment that connects to a customer and into the provider (P) network. P: A provider (P) device. This is a service provider piece of equipment that exists entirely in the provider (P) network and only connects to other service provider devices (not to customers). In addition, the PE and P routers are label switch routers. There are two types of label switch routers: LSR: A label switch router (LSR) is a Cisco IOS router/switch that is capable of forwarding packets based on labels. The CE, or customer, devices are not LSRs and can handle regular unlabeled IP packets.

Functions: Exchange routing information Exchange labels Forward packets (LSRs and edge-LSRs) or cells (ATM LSRs and ATM edge-LSRs) Insert (push) a label or a stack of labels on ingress Swap a label with next hop label or a stack of labels in the core Remove (pop) a label on the egress 24 | P a g e

Edge-LSR: An edge label switch router (edge-LSR) is a more specific term for the PE routers. The Edge-LSR may have interfaces that are MPLS-enabled and also has interfaces that are not MPLS-enabled. It primarily labels IP packets and forwards them into the MPLS domain, or removes labels and forwards IP packets out of the MPLS domain.

A label-switched path (LSP) is a unidirectional set of LSRs that the labeled packet must flow through in order to get to a particular destination.

Usually only one label is assigned to a packet. The following scenarios may produce more than one label: MPLS VPNs (two labels: the top label points to the egress router and the second label identifies the VPN) MPLS TE (two or more labels: the top label points to the endpoint of the traffic engineering tunnel and the second label points to the destination) MPLS VPNs combined with MPLS TE (three or more labels)

25 | P a g e

6.4 Applications of MPLS:

MPLS and ATM: By turning a standard ATM Forum ATM switch into an ATM label switch router (ATM-LSR), it is possible to merge the ATM and IP worlds to provide end-toend solutions. An ATM-LSR is an ATM switch that is capable of forwarding packets based on labels. Quality of Service: MPLS addresses QoS by allowing packets to be classified at the network edge. Standard IP packets enter the network at an edge-LSR. The Experimental (EXP) field of the MPLS label stack is used to hold QoS information for use by MPLS-enabled devices along the LSP. The Experimental field is three bits in size. With three bits, a total of eight values are possible, but only six values are available for QoS. (The remaining two values are reserved for internal network use only.)

Traffic Engineering: Traffic engineering is described as the process of controlling how traffic flows through a network to optimize resource utilization and network performance. TE is basically concerned with two problems that occur from routing protocols that only use the shortest path as the parameter when they construct a routing table. The shortest paths from different sources overlap at some links, causing congestion on those links. The traffic from a source to a destination exceeds the capacity of the shortest path, while a longer path between these two routers is under-utilized. MPLS can be used as a traffic engineering tool to direct traffic in a network in a more efficient way then original IP shortest path routing. MPLS can be used to control which paths traffic travels through the network and therefore a more efficient use of the network resources can be achieved. Paths in the network can be reserved for traffic that is sensitive, and links and router that is more secure and not known to fail can be used for this kind of traffic.

6.5 Advantages of MPLS:

Traffic can be forwarded based on other parameters (QoS, source, etc). Load sharing across unequal paths can be achieved.

26 | P a g e

7. PHP
PHP is the web development language written by and for web developers. PHP stands for PHP: Hypertext Preprocessor. The product was originally named Personal Home Page Tools, and many people still think thats what the acronym stands for, but as it expanded in scope, a new and more appropriate (albeit GNU-ishly recursive) name was selected by community vote. PHP is currently in its sixth major rewrite, called PHP6 or just plain PHP. PHP is a server-side scripting language, usually used to create web applications in combination with a web server, such as Apache. PHP can also be used to create commandline scripts akin to Perl or shell scripts, but such use is much less common than PHPs use as a web language. Cost PHP is one of the Ps in the popular LAMP stack. The LAMP stack refers to the popular combination of Linux, Apache, MySQL, and PHP/Perl/Python that runs many web sites and powers many web applications. Many of the components of the LAMP stack are free, and PHP is no exception. PHP is free, as in there is no cost to develop in and run programs made with PHP. Though MySQLs license and costs have changed, we can obtain the Community Server edition for free. MySQL offers several levels of support contracts for their database server. Both PHP and MySQL run on a variety of platforms, including many variants of Linux, Microsoft Windows, and others. Running on an operating system such as Linux gives the opportunity for a completely free web application platform, with no up-front costs. Years of real-world experience with Linux, Apache, MySQL, and PHP in production environments has proved that the total cost of maintaining these platforms is lower, many times much lower, than maintaining an infra- structure with proprietary, non-free software

27 | P a g e

HTML-embeddedness:

A Sample PHP program: PHP can be embedded within

HTML. In other words, PHP pages are ordinary HTML pages that escape into PHP mode only when necessary. Here is an example: <HEAD> <TITLE>Example.com greeting</TITLE> </HEAD> <BODY> <P>Hello, <?php // We have now escaped into PHP mode. // Instead of static variables, the next three lines // could easily be database calls or even cookies; // or they could have been passed from a form. $firstname = Joyce; $lastname = Park; $title = Ms.; echo $title $lastname; // OK, we are going back to HTML now. ?> . We know who you are! Your first name is <?php echo $firstname; ?>.</P> <P>You are visiting our site at <?php echo date(Y-m-d H:i:s); ?></P> <P>Here is a link to your account management page: <A HREF=http://www.example.com/accounts/<?php echo $firstname$lastname; ?>/><?php echo $firstname; ?>s account management page</A></P> </BODY> </HTML> When a client requests this page, the web server preprocesses it. This means it goes through the page from top to bottom, looking for sections of PHP, which it will try to resolve. For one thing, the parser will suck up all assigned variables (marked by dollar signs) and try to plug them into later PHP commands (in this case, the echo function). If everything goes smoothly, 28 | P a g e

the preprocessor will eventually return a normal HTML page to the clients browser, as shown in A result of preprocessed PHP

the View menu will look like this: <HEAD> <TITLE>Example.com greeting</TITLE> </HEAD> <BODY> <P>Hello, Ms. Park . We know who you are! Your first name is Joyce.</P> <P>You are visiting our site at 2002-04-21 19:34:24</P> <P>Here is a link to your account management page: <A HREF=http:// www.example.com/accounts/JoycePark/>Joyces account management page</ A></P> </BODY> </HTML> This code is exactly the same as if we were to write the HTML by hand.

29 | P a g e

The HTML-embeddedness of PHP has many helpful consequences:

PHP can quickly be added to code produced by WYSIWYG editors. PHP lends itself to a division of labor between designers and programmers. Every line of HTML does not need to be rewritten in a programming language. PHP can reduce labor costs and increase efficiency because of its shallow learning curve and ease of use.

Cross-platform compatibility o PHP and MySQL run native on every popular flavor of Linux/Unix (including Mac OS X) and Microsoft Windows. o PHP is compatible with the leading web servers: Apache HTTP Server for Linux/Unix and Windows and Microsoft Internet Information Server. o It also works with several lesser-known servers.

Stability : The word stable means two different things in this context: o The server doesnt need to be rebooted or restarted often. o The software doesnt change radically and incompatibly from release to release. To our advantage, both of these connotations apply to both MySQL and PHP. o Apache Server is generally considered the most stable of major web servers, with a reputation for enviable uptime percentages. Most often, a server reboot isnt required for each setting change. PHP inherits this reliability; plus, its own implementation is solid yet lightweight.

30 | P a g e

Role of PHP in our project:In our project we are using one of the most interesting
features of PHP. We are using server side scripting which will be discussed in detail later. We will host our dynamic webpages using server side scripting also known as a CGI (Common Gateway interface). The technological aspects and screenshots are given below for a much clearer understanding Server-side web scripting is mostly about connecting web sites to backend servers, processing data and controlling the behavior of higher layers such as HTML and CSS. This enables the following types of two-way communication: Server to client: Web pages can be assembled from backend-server output. Client to server: Customer-entered information can be acted upon. Server-side scripting products consist of two main parts: the scripting language and the scripting engine (which may or may not be built into the web server). The engine parses and interprets pages written in the language. What Is Server-Side Scripting Good For? Server-side scripting languages such as PHP perfectly serve most of the truly useful aspects of the web, such as the items in this list: Content sites (both production and display) Community features (forums, bulletin boards, and so on) Customer-support and technical-support systems Advertising networks Directories and membership rolls Surveys, polls, and tests Filling out and submitting forms online Personalization technologies Catalog, brochure, and informational sites CGI Script: The Common Gateway Interface (CGI) is a standard (method for web server software to delegate the generation of web pages to executable files. Such files are known as CGI scripts; they are programs, often stand-alone applications, usually written in a scripting language. 31 | P a g e

PART 2 PROJECT DESCRIPTION

Our project is mainly based on emulation of Next Generation Networks i.e. IP-based network designed for providing scalable converged Triple play services. The project is mainly a small depiction of core and access part of a network. Security is provided by means of service policies and end-to-end QoS is provided by means of class maps. Backbone of our network is Cisco 7200 Advanced Enterprise Router connected in a mesh topology and main protocol is MPLS-TE. Aggregation and Access is Cisco 36745 IVS router and routing protocol is OSPF v2. Provider Edge Routers are connected to Costumer Routers by BGP4 and CME routers are equipped with Cisco Call Manager Express which is capable of handling 180 IP Phones. Video Access is provided by means of DVMP tunnel from source to connecting Access routers. This project can serve a small or medium Organization which does not need very high level of security though communication to other sites is possible by means of VPN or GRE tunnels

1.

32 | P a g e

CORE NETWORK
A core network, or network core, is the central part of a telecommunication network that provides various services to customers who are connected by the access network. It typically provides the following functionality: 1. Aggregation: The highest level of aggregation in a service provider network. The next level in the hierarchy under the core nodes is the distribution networks and then the edge networks. Customer Premise Equipment (CPE) does not normally connect to the core networks of a large service provider. 2. Authentication: The function to decide whether the user requesting a service from the telecom network is authorized to do so within this network or not. 3. Call Control/Switching: Call control or switching functionality decides the future course of call based on the call signaling processing. 4. Charging: This functionality handles the collation and processing of charging data generated by various network nodes. 5. Service Invocation: Core network performs the task of service invocation for its subscribers. Service invocation may happen based on some explicit action (e.g. call transfer) by user or implicitly (call waiting). 6. Gateways: Gateways shall be present in the core network to access other networks. Gateway functionality is dependent on the type of network it interfaces with. The core in the project is MPLS-based with various Quality of Service functionalities. The routing protocol used is OSPF.

33 | P a g e

1.1 Configuring OSPF:

Router(config)# router ospf process_ID Router(config-router)# network IP_address wildcard_mask area area_# e.g. Router(config)# router ospf 100 Router(config-router)# network 192.168.1.1 0.0.0.255 area 0

1.2 MPLS on providing backbone:

Router(config)# ip cef Router(config)# mpls label protocol [ldp | tdp | both] Router(config)# interface {int} Router(config-if)# mpls ip

MPLS QoS:
Router(config)# mls qos Router(config)# interface {int} Router(config-if)# mls qos

1.3 VPN Routing and Forwarding (VRF):

VRF is a technology that allows multiple instances of tables to co-exist on the same router. Each instance operates independently and provides isolation between different clients running the same address space. A VRF consists of a separate RIB (Routing Information Base), FIB (Forwarding Information Base) and LFIB (Label Forwarding Information Base) table per instance. It is locally significant to a router. Traffic that enters on a VRF enabled interface will belong to that VRF instance. Each interface can only be assigned to one VRF, but a VRF can have many interfaces assigned.

Configuring MPLS VPN:

Router(config)# ip vrf {name} Router(config-vrf)# ip vrf {vrf-name} Router(config-vrf)# rd {router-distinguisher} 34 | P a g e

Router(config-vrf)# route-target export {rt} Router(config-vrf)# route-target import {rt} Router(config-vrf)# import map {route-map} Router(config-vrf)# export map {route-map} Router(config-vrf)# vpn id {vpn-index} Router(config-vrf)# maximum routes {limit} [warn-thres | warn-only] Router(config)# interface {int} Router(config-if)# ip vrf forwarding {name}

1.4 Configuring MP-BGP:

Router(config)# router bgp as-number Router(config-router)# no bgp default ipv4-unicast Router(config-router)# neighbor {ip-address}remote-as as-number Router(config-router)# address-family nsap [unicast] Router(config-router-af)# neighbor ip-address activate

1.5 MPLS and service policing on each Interface

PER_1(config-if)#mpls ip PER_1(config-if)#mpls bgp forwarding PER_1(config-if)#mpls traffic-eng flooding thresholds down PER_1(config-if)#mpls label protocol ldp PER_1(config-if)#service-policy output VOICE PER_1(config-if)#traffic-shape rate 800000 1000000 R1(config-if)#bgp-policy accounting input

Global config settings PER_1(config)#username gaurav secret cisco PER_1(config)#aaa new-model PER_1(config)#aaa authentication login default local enable 35 | P a g e

PER_1(config)#aaa authentication enable default enable line PER1(config)#aaa authorization exec default if-authenticated PER_1(config)#router ospf 100 PER_1(config-router)#network 10.10.10.0 0.0.0.255 area 0 PER_1(config-router)#network 192.168.1.0 0.0.0.255 area 0 PER_1(config-router)#network 2.2.2.2 0.0.0.255 area 0 R1(config-router)#redistribute bgp 100 subnets R1(config-router)#redistribute bgp 200 subnets R1(config-router)#redistribute connected subnets R1(config-router)#log-adjacency-changes detail

PER_1(config)#mpls ip PER_1(config)#mpls traffic-eng path-selection metric te PER_1(config)#ip access-list extended VOICE PER_1(config-ext-nacl)#permit ip 192.168.10.0 0.0.0.255 any PER_1(config-ext-nacl)#permit ip 192.168.10.0 0.0.0.255 any

PER_1(config)#class-map VOICE PER_1(config-cmap)#match access-group name VOICE

PER_1(config)#policy-map VOICE PER_1(config-pmap)#class VOICE PER_1(config-pmap-c)#shape average percent 30 PER_1(config-pmap-c)#shape fr-voice-adapt PER_1(config-pmap-c)#fair-queue

ER_1(config)#router bgp 100 PER_1(config-router)#neighbor 192.168.1.2 remote-as 200 PER_1(config-router)#redistribute ospf 100

36 | P a g e

2. AGGREGATION

Link aggregation describe various methods of combining (aggregating) multiple network connections in parallel to increase throughput beyond what a single connection could sustain, and to provide redundancy in case one of the links fails. Link aggregation offers an inexpensive way to set up a high-speed backbone network that transfers much more data than any one single port or device can deliver. This allows several devices to communicate simultaneously at their full single-port speed while not allowing any one single device to monopolize all available backbone capacity. Link aggregation also allows the network's backbone speed to grow incrementally as demand on the network increases, without having to replace everything and buy new hardware. The figure above shows the aggregation used in our project. The core network connects to Provider Edge Router 1 with the network address of 192.168.1.0 with a subnet of /32 and Provider Edge Router 2 with the network address of 192.168.1.0 with a subnet of /32

37 | P a g e

3. ACCESS NETWORK
An access network is that part of a telecommunications network which connects subscribers to their immediate service provider. It is contrasted with the core network, which connects local providers to each other. Depending on the technology used for accessing NGN services, the access network includes functions related to: 1) Cable access 2) xDSL access 3) Wireless access (e.g. IEEE 802.11 and 802.16 technologies, and 3G RAN access) 4) Optical access

38 | P a g e

4. INTERNET ACCESS

39 | P a g e

5. IPTV
Internet Protocol television (IPTV) is a system through which television services are delivered using the Internet protocol suite over a packet-switched network such as the Internet, instead of being delivered through traditional terrestrial, satellite signal, and cable television formats. IPTV is represented by a profile of closed, proprietary TV systems such as those present today on cable services but delivered via IP-based secure channels representing a sharp increase in control of content distribution.

5.1 MULTICASTING settings WWW(config)#ip multicast auto-enable WWW(config)#ip multicast-routing WWW(config)#ip pim rp-address 192.168.99.1 Interface fa 0/0 WWW(config-if)#ip pim sparse-dense-mode WWW(config)#int tunnel 0 WWW(config-if)#ip address 172.16.10.1 255.255.255.0 WWW(config-if)#tunnel source fastEthernet 0/0 WWW(config-if)#tunnel mode dvmrp 40 | P a g e

5.2 DHCP configuration CME_2(config)#ip dhcp pool IP CME_2(dhcp-config)#network 192.168.10.0 255.255.255.0 CME_2(dhcp-config)#option 150 ip 192.168.10.1 CME_2(dhcp-config)#default-router 192.168.10.1

41 | P a g e

6. VOIP
Voice over IP (VoIP) commonly refers to the communication protocols, technologies, methodologies, and transmission techniques involved in the delivery of voice

communications and multimedia sessions over Internet Protocol (IP) networks, such as the Internet. Other terms commonly associated with VoIP are IP telephony, Internet telephony, voice over broadband (VoBB), broadband telephony, and broadband phone.

There are several advantages to using Voice Over IP, including advanced features that standard telephone systems are not capable of and the ability to have a phone number usually associated with a particular local area anywhere in the world. But the biggest single advantage VoIP has over standard telephone systems is cost. In addition, international calls using VoIP are usually very inexpensive. One other advantage, which will become much more pronounced as VoIP use climbs, calls between VoIP users are usually free.

42 | P a g e

6.1 Telephony Service CME_2(config)#telephony-service CME_2(config-telephony)#max-dn 10 CME_2(config-telephony)#max-ephones 10 CME_2(config-telephony)#max-conferences 4 gain -6 CME_2(config-telephony)#auto-reg-ephone CME_2(config-telephony)#moh music.wav CME_2(config-telephony)#ip source-address 192.168.10.1 port 20

CME_2(config)#ephone 1 CME_2(config-ephone)#codec g7129r8 CME_2(config-ephone)#type cIPC CME_2(config-ephone)#button 1:2 CME_2(config)#ephone-dn 1 CME_2(config-ephone-dn)#number 1001 CME_2(config-ephone-dn)#label PHN CME_2(config-ephone-dn)#call-waiting beep CME_2(config-ephone-dn)#name PHONE 2

43 | P a g e

PART 3 CONCLUSION

The traditionally familiar market boundaries between fixed networks, mobile telephony and data networks are disappearing more and more quickly. This gives the customer the advantage that he can call on an extremely wide range of services, regardless of his access technology. Next Generation Networks will help in this development. The market already features individual examples of a general trend toward the convergence of various technologies, communications channels and media. Particularly remarkable is VoIP, which has developed strongly in the last two years, with its use of the Internet for phone calls (which was not actually designed for this purpose). At the end of the day, the network convergence will also lead to a convergence of the end devices, depending on the actual needs. Multimedia-compatible computers will be given telephone and video communication functions, data services will be available by telephone and Internet access via the television (browsing using an Internet-compatible setup box) and the cell-phone will be common. In our project we have fully tried to emulate the Next Generation Networks. In the course of the project development we have come across several hurdles like implementing BGP, creating a dynamic webpage using PHP and also implementing the servers using Apache. We also faced problems in implementing VOIP and IPTV. Most of the time it was because we had forgotten to activate an interface or set up an IP address properly. With practice, we improved our skills as well as our knowledge in network designing. One of the aspects that our project does not cover is IPTV billing or IP phone usage. Also, Layer 2 emulation is also not possible so switches are not used in the project. This network design can be used for small and medium businesses with only one switch.

FUTURE PROSPECTS: Upgrading from IPv4 to IPv6 for future prospects can be achieved. Addition of physical Access switches to the topology to provide more security and VLAN support which is very important in large organizations can also be done.

44 | P a g e

APPENDICES

APPENDIX A: About GNS3 APPENDIX B: Running Configurations APPENDIX C: Abbreviations APPENDIX D: Definitions

45 | P a g e

APPENDIX A: About GNS3

GNS3 is a graphical network simulator that allows simulation of complex networks. It allows us to run a Cisco IOS in a virtual environment on our computer. To allow complete simulations, GNS3 is strongly linked with:

Dynamips, the core program that allows Cisco IOS emulation. Dynagen, a text-based front-end for Dynamips. It runs on top of dynamips to create a more user-friendly text-based environment.

Qemu, a generic and open source machine emulator and virtualizer.

Features:
Design of high quality and complex network topologies Emulation of many Cisco router platforms and PIX firewalls Simulation of simple Ethernet, ATM and Frame Relay switches Connection of the simulated network to the real world Packet capture using Wireshark

Advantages:
Emulation is possible for a long list of router platforms and PIX firewalls There are a number of router simulators on the market, but they are limited to the commands that the developer chooses to include. In these simulators we are only seeing a representation of the output of a simulated router. While with GNS3 we are running an actual Cisco IOS, so we will see exactly what the IOS produces and will have access to any command or parameter supported by the IOS. GNS3 is an open source, free program that may be used on multiple operating systems, including Windows, Linux, and MacOS X.

Drawbacks:

We need our own Cisco IOS images in order to make use of the simulator. GNS3 does not come with built-in IOS images and explicitly states on the front of their page that users must provide their own IOS images. Another drawback would be the amount of CPU resources used by GNS3. When an IOS is running, it will consume up to 100% of the CPU time. This will cause the computer to become very sluggish and will prevent building more complex topologies. 46 | P a g e

Configuring the location for a Cisco IOS 1) On the Edit menu choose IOS images and hypervisors.

2) Under the IOS Images tab, click

and find the Cisco IOS file and click Open.

3) Click the drop-down arrow next to Platform and choose the platform that corresponds to the IOS file.

47 | P a g e

4) Click the drop-down arrow next to Model and choose the model corresponding to the IOS file.

GNS3 Window:
It is divided into four panes: The left-most pane lists the type of nodes available. The right-most pane will provide a topology summary. The top pane of the middle section is the work area where topology may be graphically built. The bottom pane of the middle section is called the Console and shows the Dynagen at work.

48 | P a g e

APPENDIX B: Running Configurations

R1: Hostname > P1
! upgrade fpd auto version 12.4 service timestamps debug datetime msec service timestamps log datetime msec no service password-encryption ! hostname P1 ! boot-start-marker boot-end-marker archive ! log config logging message-counter syslog hidekeys enable secret 5 $1$oEaL$0/t0JEboLpr6RDUuPGph7. ! ! aaa new-model ! aaa authentication username-prompt Enter aaa authentication login default local enable aaa authentication enable default enable line aaa authorization exec default if-authenticated ! aaa session-id common ip source-route ip cef crypto isakmp 255.255.255.0 ! class-map match-all VOICE match access-group name VOICE class-map match-all class1 description class map for core router match any match protocol appletalk ! key cisco address 192.168.5.0 ! no ip domain lookup no ipv6 cef ! multilink bundle-name authenticated ! rtsp client rtpsetup enable ! memory-size iomem 0 username gaurav secret $1$hp6V$S8KwBLU5eS2TDDXC2NqUh/ 5

49 | P a g e

policy-map pol1 class class1 policy-map VOICE class VOICE shape average percent 30

mpls ip ! interface FastEthernet4/0 description INTERFACE BACKHAND TO SERVERS OR

ip address 192.168.99.1 255.255.255.252 ! duplex auto interface FastEthernet0/0 speed auto no ip address mpls ip shutdown ! duplex half interface FastEthernet4/1 ! no ip address interface GigabitEthernet1/0 shutdown ip address 10.10.10.1 255.255.255.252 duplex auto negotiation auto speed auto mpls ip ! traffic-shape rate 800000 1000000 1000000 1000 router ospf 100 bgp-policy accounting input log-adjacency-changes ! redistribute connected subnets interface GigabitEthernet2/0 redistribute bgp 100 ip address 10.10.10.5 255.255.255.252 network 10.10.10.0 0.0.0.255 area 0 negotiation auto network 192.168.99.0 0.0.0.255 area 10 mpls ip ! ! ip forward-protocol nd interface GigabitEthernet3/0 no ip http server ip address 10.10.10.9 255.255.255.252 no ip http secure-server negotiation auto !

50 | P a g e

ip access-list extended VOICE permit ip 192.168.10.0 0.0.0.255 any permit ip 192.168.5.0 0.0.0.255 any ! control-plane ! mgcp fax t38 ecm ! gatekeeper shutdown ! line con 0 exec-timeout 0 0 logging synchronous stopbits 1 line aux 0 stopbits 1 line vty 0 4 exec-timeout 180 0 password cisco login authentication cisco line vty 5 100 exec-timeout 180 0 password cisco login authentication cisco ! end

R2: Hostname > PER_1

! upgrade fpd auto version 12.4 service timestamps debug datetime msec service timestamps log datetime msec no service password-encryption ! hostname PER_1 ! boot-start-marker boot-end-marker ! logging message-counter syslog enable secret $1$enmu$qjDDVkFEqWIpZSgzwzHZI1 5

51 | P a g e

! aaa new-model ! aaa authentication login default local enable aaa authentication enable default enable line aaa authorization exec default if-authenticated ! aaa session-id common ip source-route ip cef ! no ip domain lookup no ipv6 cef ! multilink bundle-name authenticated mpls traffic-eng fast-reroute backup-prot-preempt optimize-bw !

! interface FastEthernet0/0 no ip address shutdown duplex half ! interface GigabitEthernet1/0 ip address 10.10.10.2 255.255.255.252 negotiation auto mpls bgp forwarding mpls ip ! interface GigabitEthernet2/0 ip address 10.10.10.13 255.255.255.252 negotiation auto mpls label protocol ldp mpls ip !

memory-size iomem 0 interface GigabitEthernet3/0 username gaurav secret $1$IGJm$bvRXfu9CuKMnxE2E7R7j/. archive log config hidekeys 5 ip address 10.10.10.17 255.255.255.252 negotiation auto mpls ip !

52 | P a g e

interface FastEthernet4/0 ip address 192.168.1.1 255.255.255.252 duplex auto speed auto mpls ip ! interface FastEthernet4/1 no ip address shutdown duplex auto speed auto ! router ospf 100 log-adjacency-changes redistribute connected subnets network 10.10.10.0 0.0.0.255 area 0 network 192.168.1.0 0.0.0.255 area 1 ! ip forward-protocol nd no ip http server

no ip http secure-server ! control-plane ! mgcp fax t38 ecm

! gatekeeper shutdown ! line con 0 exec-timeout 0 0 logging synchronous stopbits 1 line aux 0 stopbits 1 line vty 0 4 ! end

53 | P a g e

R3: Hostname > PER_2

! upgrade fpd auto version 12.4 service timestamps debug datetime msec service timestamps log datetime msec no service password-encryption ! ! aaa new-model hostname PER_2 ! ! aaa authentication login default local enable boot-start-marker aaa authentication enable default enable line boot-end-marker aaa authorization exec default if-authenticated ! ip cef ! logging message-counter syslog enable secret $1$YmUc$NYMJDvxcmjGO4zjwtCpP7. 5

54 | P a g e

! aaa session-id common cef table consistency-check IPv4 ip source-route no ip domain lookup no ipv6 cef ! multilink bundle-name authenticated mpls traffic-eng logging lsp path-errors mpls traffic-eng fast-reroute backup-prot-preempt optimize-bw !

negotiation auto mpls ip ! interface GigabitEthernet2/0 ip address 10.10.10.6 255.255.255.252 negotiation auto mpls ip ! interface GigabitEthernet3/0 ip address 10.10.10.21 255.255.255.252 negotiation auto mpls ip

memory-size iomem 0 ! username gaurav secret $1$x8JN$mSD/Chy.DyNSdEstjtteg. archive log config hidekeys ! interface FastEthernet0/0 no ip address shutdown duplex half ! interface GigabitEthernet1/0 ip address 10.10.10.14 255.255.255.252 5 interface FastEthernet4/0 ip address 192.168.2.1 255.255.255.252 duplex auto speed auto mpls ip ! interface FastEthernet4/1 no ip address shutdown duplex auto speed auto

55 | P a g e

! router ospf 100 log-adjacency-changes redistribute connected subnets network 10.10.10.0 0.0.0.255 area 0 network 192.168.2.0 0.0.0.255 area 2 ! ip forward-protocol nd no ip http server no ip http secure-server ! control-plane ! mgcp fax t38 ecm ! gatekeeper

shutdown ! line con 0 exec-timeout 0 0 password cisco logging synchronous stopbits 1 line aux 0 stopbits 1 line vty 0 4 password cisco line vty 5 100 password cisco ! end

R4: Hostname > CER_1

! version 12.4 service timestamps debug datetime msec service timestamps log datetime msec no service password-encryption ! hostname CER_1 ! boot-start-marker boot-end-marker ! enable secret 5 $1$VFQv$E19pdcz9j.psmA54y8JG2. ! aaa new-model

56 | P a g e

! aaa authentication login default local enable aaa authentication enable default enable line aaa authorization exec default if-authenticated ! aaa session-id common memory-size iomem 5 ip cef ! multilink bundle-name authenticated ! rtsp client rtpsetup enable ! username gaurav secret $1$VeLT$wCwV8fkvWQcK5jvz3S7j90 archive 5

police cir percent 30 conform-action set-dscp-transmit af11 ! interface FastEthernet0/0 no ip address shutdown duplex auto speed auto ! interface FastEthernet0/1 no ip address shutdown duplex auto speed auto service-policy output VOICE !

log config interface FastEthernet1/0 hidekeys no ip address ! shutdown class-map match-all VOICE duplex auto match access-group name VOICE speed auto ! ! ! ip forward-protocol nd policy-map VOICE ! class VOICE ip http server shape average percent 30 ! shutdown

57 | P a g e

ip access-list extended VOICE permit ip 192.168.10.0 0.0.0.255 any ! control-plane ! gatekeeper

! line con 0 line aux 0 line vty 0 4 ! end

R5: Hostname > CER_2

! version 12.4 service timestamps debug datetime msec service timestamps log datetime msec no service password-encryption ! hostname CER_2 ! boot-start-marker boot-end-marker ! enable secret 5 $1$nP9k$T0S5shIj0.4X0KRaD/rFL/ ! archive aaa new-model log config ! hidekeys aaa authentication login default local enable ! aaa authentication enable default enable line aaa authorization exec default if-authenticated ! aaa session-id common memory-size iomem 5 ip cef ! multilink bundle-name authenticated ! rtsp client rtpsetup enable ! username gaurav secret $1$tlCL$xjyy710dBMJMlJknGmhRI/ 5

58 | P a g e

class-map match-all VOICE match access-group name VOICE ! policy-map VOICE class VOICE shape average percent 30 police cir percent 30 conform-action set-dscp-transmit af11 ! interface FastEthernet0/0 no ip address shutdown duplex auto speed auto service-policy output VOICE ! interface FastEthernet0/1 no ip address shutdown duplex auto speed auto ! interface FastEthernet1/0 no ip address

! interface FastEthernet1/0 no ip address shutdown duplex auto speed auto ! ip forward-protocol nd ! ip http server ! ip access-list extended VOICE permit ip 192.168.10.0 0.0.0.255 any ! control-plane ! gatekeeper shutdown ! line con 0 line aux 0 line vty 0 4 ! end

59 | P a g e

R6: Hostname > P2

! upgrade fpd auto version 12.4 service timestamps debug datetime msec service timestamps log datetime msec no service password-encryption ! hostname P2 ! ! boot-start-marker memory-size iomem 0 boot-end-marker ! logging message-counter syslog enable secret 5 $1$JG0f$gWVBswqosZBSlQazvj9zv1 ! aaa new-model ! aaa authentication login default local enable aaa authentication enable default enable line aaa authorization exec default if-authenticated ! aaa session-id common cef table consistency-check IPv4 ip source-route ! class-map match-all VOICE description VOICE CLASS match access-group name VOICE ! policy-map VOICE class VOICE shape average percent 30 set qos-group dscp username gaurav secret $1$BBbT$obzM5CmGg9SDwR75qBmq3. archive log config hidekeys 5 ip cef ! no ip domain lookup no ipv6 cef ! multilink bundle-name authenticated mpls traffic-eng logging lsp path-errors mpls traffic-eng fast-reroute backup-prot-preempt optimize-bw

60 | P a g e

! interface FastEthernet0/0 no ip address shutdown duplex half ! interface GigabitEthernet1/0 ip address 10.10.10.18 255.255.255.252 negotiation auto mpls ip ! interface GigabitEthernet2/0 ip address 10.10.10.22 255.255.255.252 negotiation auto mpls ip ! interface GigabitEthernet3/0 ip address 10.10.10.10 255.255.255.252 negotiation auto mpls ip ! router ospf 100 log-adjacency-changes redistribute connected subnets network 10.10.10.0 0.0.0.255 area 0 !

ip forward-protocol nd no ip http server no ip http secure-server ! ip access-list extended VOICE permit ip 192.168.10.0 0.0.0.255 any ! control-plane ! mgcp fax t38 ecm ! gatekeeper shutdown ! line con 0 exec-timeout 0 0 logging synchronous stopbits 1 line aux 0 stopbits 1 line vty 0 4 password cisco line vty 5 100 password cisco ! end

61 | P a g e

R7: Hostname > CME_1

! version 12.4 service timestamps debug datetime msec service timestamps log datetime msec no service password-encryption archive ! log config hostname CME_1 hidekeys ! ! boot-start-marker class-map match-all VOICE boot-end-marker match access-group name VOICE ! ! enable secret $1$onbJ$nWDak5EfgMGgQwTCkixIW/ ! aaa new-model ! aaa authentication login default local enable aaa authentication enable default enable line aaa authorization exec default if-authenticated ! aaa session-id common memory-size iomem 5 ip cef ! multilink bundle-name authenticated ! interface FastEthernet0/0 no ip address shutdown duplex auto speed auto service-policy output VOICE ! 5 policy-map VOICE class VOICE shape average percent 30 police cir percent 30 conform-action set-dscp-transmit af11 ! rtsp client rtpsetup enable ! username gaurav secret $1$eKp5$jf1y7NNm3.7fexjqRMPAr/ 5

62 | P a g e

interface FastEthernet0/1 no ip address shutdown duplex auto speed auto ! ip forward-protocol nd ! ip http server ! ip access-list extended VOICE permit ip 192.168.10.0 0.0.0.255 any

! control-plane ! gatekeeper shutdown ! line con 0 line aux 0 line vty 0 4 ! end

R8: Hostname > CME_2

! version 12.4 service timestamps debug datetime msec service timestamps log datetime msec no service password-encryption ! hostname CME_2 ! boot-start-marker boot-end-marker ! enable secret 5 $1$AB.4$8tCoJvV7BurrYdMHJx3.b0 ! aaa new-model ! aaa authentication login default local enable aaa authentication enable default enable line aaa authorization exec default if-authenticated ! aaa session-id common memory-size iomem 5 ip cef !

63 | P a g e

multilink bundle-name authenticated ! rtsp client rtpsetup enable ! username gaurav secret $1$p4xA$Eoy9vu0kbJDFLUjCdNzaC. archive 5

shutdown duplex auto speed auto service-policy output VOICE ip forward-protocol nd ip http server ip access-list extended VOICE

log config permit ip 192.168.10.0 0.0.0.255 any hidekeys ! ! control-plane class-map match-all VOICE ! match access-group name VOICE gatekeeper ! shutdown policy-map VOICE telephony-service class VOICE max-ephones 10 shape average percent 30 max-dn 10 police cir percent 30 max-conferences 8 gain -6 conform-action set-dscp-transmit af11 transfer-system full-consult interface FastEthernet0/0 ephone-dn 1 no ip address ! shutdown ephone 1 duplex auto ! speed auto line con 0 service-policy output VOICE line aux 0 interface FastEthernet0/1 line vty 0 4 no ip address ! end

64 | P a g e

R9: Hostname > www

! version 12.4 service timestamps debug datetime msec service timestamps log datetime msec no service password-encryption ! hostname WWW ! archive boot-start-marker log config boot-end-marker hidekeys ! ! enable secret $1$nNYj$eeDHCYEB0yTd1SD0k4c900 ! aaa new-model ! aaa authentication login default local enable aaa authentication enable default enable line aaa authorization exec default if-authenticated ! aaa session-id common memory-size iomem 5 ip cef ! ! interface Loopback1 ip address 9.9.9.9 255.255.255.255 ! interface Tunnel0 description TUNNEL TO MULTICAST 5 class-map match-all VOICE match access-group name VOICE ! policy-map VOICE class VOICE shape average percent 30 police cir percent 30 conform-action set-dscp-transmit af11 no ip domain lookup ip multicast-routing ip multicast auto-enable ip dvmrp interoperability multilink bundle-name authenticated ! username gaurav secret $1$x.jM$WssJq23vUm2sKZ47nbJgB1 5

65 | P a g e

ip address 172.16.10.1 255.255.255.0 tunnel source FastEthernet0/0 tunnel destination 192.168.5.0 tunnel mode dvmrp ! interface FastEthernet0/0 ip address 192.168.100.2 255.255.255.0 duplex auto speed auto ! interface FastEthernet0/1 ip address 192.168.98.1 255.255.255.0 duplex auto speed auto ! interface FastEthernet1/0 ip address 192.168.99.2 255.255.255.252 duplex auto speed auto ! router ospf 100 log-adjacency-changes redistribute connected subnets network 9.9.9.9 0.0.0.0 area 10 network 192.168.98.0 0.0.0.255 area 10

network 192.168.99.0 0.0.0.255 area 10 network 192.168.100.0 0.0.0.255 area 10 ! ip forward-protocol nd ! no ip http server ! ip access-list extended VOICE permit ip 192.168.10.0 0.0.0.255 any ! control-plane ! gatekeeper shutdown ! line con 0 exec-timeout 0 0 logging synchronous line aux 0 line vty 0 4 ! end

66 | P a g e

APPENDIX C: Abbreviations

AD: ATM-LSR: CE: CEF: FEC: FIB: LDP: LER: LFIB: LIB: LSP: LSR: MP-BGP: P: PE: QoS: RD: TDP: TE: VPN: VRF:

Administrative Distance ATM label switch router Customer Edge Cisco Express Forwarding Forward Equivalence Class Forwarding Information Base Label Distribution Protocol Label Edge Router Label Forwarding Information Base Label Information Base Label Switched Path Label Switch Router Multiprotocol Border Gateway Protocol Provider Provider Edge Quality of Service Route Distinguisher Tag Distribution Protocol Traffic Engineering Virtual Private Network VPN Routing and Forwarding (or) Virtual Routing and Forwarding

67 | P a g e

APPENDIX D: Definitions
Area border router (ABR): An OSPF router that has interfaces configured for two or more areas. Autonomous system boundary router (ASBR): An OSPF router that has at least one interface in the OSPF domain and one interface connecting to an external network. Backbone area: The OSPF Area 0. Backbone router: An OSPF router that has at least one interface in Area 0. Cisco Express Forwarding (CEF): CEF creates an optimized, cached version of the routing table. CEF is a requirement for MPLS and tag switching. Control plane: A component of the MPLS architecture that is responsible for binding a label to network routes and distributing those bindings among other MPLS-enabled routers. Data plane: A component of the MPLS architecture where information that is created and maintained from the control plane is actually used. Also known as the forwarding plane. Egress router: An edge router where packets leave the network. Forwarding equivalence class (FEC): An FEC is a grouping of IP packets that are all treated the same way Forwarding information base (FIB): A FIB is essentially a cached version of the IP routing table that eliminates the need for a route-cache. Ingress router: An edge router where packets enter the network. Internal router: An OSPF router that has all configured interfaces in the same OSPF area. Label Distribution Protocol (LDP): The Label Distribution Protocol (LDP) is the IETF version of Ciscos TDP. LDP is used to bind labels to network routes. Label forwarding information base (LFIB): The LIB is built in the control plane, and only those labels in use reside in the LFIB. The LFIB is a subset of the LIB. Label imposition: The point in the transit of a packet through a service provider network where the label is applied by a router and used by subsequent devices to label-switch the packet. Label information base (LIB): A mapping of incoming labels to outbound labels, along with outbound interface and link information. Label stacking: An MPLS feature where more than one label can be carried. Label stacking is useful for applications such as traffic engineering and VPNs. Label-switched path (LSP): A unidirectional set of LSRs that the labelled packet must flow through to get to a particular destination. 68 | P a g e

Label switch router (LSR): A router that is capable of forwarding packets based on MPLS labels. MPLS VPN: A VPN made possible with MPLS. Multi-Protocol BGP (MP-BGP): An expanded BGP that has extensions used to carry MPLS-specific attributes through a network. Optimal routing: Optimal routing is the process of a router selecting the best path for sending traffic. OSPF domain: A set of OSPF routers belonging to the same autonomous system. Penultimate hop popping: A process by which the next-to-last router in an LSP removes a label and forwards it as unlabeled IP. Popping: The process of removing the MPLS label. Pushing: The process of applying the MPLS label. Redistribution: The process of importing routes from another routing protocol or process. Route distinguisher (RD): A 64-bit value that is used to keep possibly overlapping address from actually doing so in MP-IBGP. Shim header: Another way of referring to the MPLS label. Tag Distribution Protocol (TDP): Ciscos proprietary protocol that isused to bind tags (which are the same as MPLS labels) to network routes in the routing table. Traffic engineering: A process by which traffic is optimized to follow certain paths based on specified requirements. Virtual circuit identifier (VCI): The address contained in the ATM cell header that is used to designate the virtual channel within the virtual path on the physical ATM link. Virtual path identifier (VPI): An identifier in the ATM cell header that is used to designate the virtual path on the ATM physical link. Virtual private network (VPN): A virtual private network is a network that overlays public network infrastructure and that provides its own routing, security, and quality of service configuration. Virtual router: A condition where a single router appears to be many routers to customers. Customer routing tables are kept separate even though they all connect to the same router.

69 | P a g e

REFERENCES
1. GRE TUNNEL: http://packetlife.net/blog/2012/feb/27/gre-vs-ipip-tunneling/ 2. MULICASTING: http://blog.gns3.net/2010/11/multicast-lab/ http://tools.ietf.org/html/rfc2328 (OSPF v2 RFC) 3. IOS Generic commands: http://packetlife.net/wiki/category/ios-configuration/ 4. BGP4: http://tools.ietf.org/html/rfc4271 5. GNS3 configuration: http://forum.gns3.net/topic1677.html 6. MPLS: http://www.cisco.com/en/US/tech/tk436/tk428/technologies_configurat ion_example09186a00800a6c11.shtml http://packetlife.net/blog/2008/jul/16/getting-to-know-mpls/ CCIP MPLS Study Guide James Reagan QoS in Packet Networks Kun I. Park 7. PHP: Beginning PHP, Apache, MySQL Web Development - Michael Glass, Yann Le Scouarnec, , Elizabeth Naramore, Gary Mailer, Jeremy Stolz, Jason Gerner 8. Webhosting: http://www.howtoforge.com/virtual-hosting-with-virtualmin-oncentos5.1 http://dev.antoinesolutions.com/apache-server 9. CME (Cisco Communication manager Express) setup http://www.ciscopress.com/articles/article.asp?p=1182471&seqNum=2 http://www.cisco.com/en/US/products/sw/voicesw/ps4625/products_in stallation_and_configuration_guides_list.html 10. Books referred PHP Cookbook, 2nd Edition (Aug.2006) By Adam Trachtenberg, David Sklar Publisher: O'Reilly Media (Page no. 200 -225) Network Warrior by Gary A. Donahue Publisher: O'Reilly (June 2007) (Page no 323-338, 430-435,506-510)

70 | P a g e