A metropolitan -area Ethernet, Ethernet MAN, or metro Ethernet network is a metropolitan area network (MAN ) that is based on Ethernet standards. It is commonly used to connect subscribers to a larger service network or the Internet. Businesses can also use Ethernet-based MAN to connect their own offices to each other.
Ethernet on the MAN can be used as pure Ethernet, Ethernet over SDH, Ethernet over MPLS, or Ethernet over DWDM. Pure Ethernet-based deployments are cheaper but less reliable and scalable and thus are usually limited to small scale deployments. SDH-based deployments are useful when there is an existing SDH infrastructure already in place, its main shortcoming being the loss of flexibility in bandwidth management due to the rigid hierarchy imposed by the SDH network. MPLS-based deployments are costly but highly reliable and scalable and are typically used by large service providers.
Adam, Paul (2014-07-12). All-in-One CCIE V5 Written Exam Guide (Kindle Locations 2160-2167). . Kindle Edition.
2.3.b [iii] MLPPP
The Multilink Point-to-Point (MLPPP) feature provides load balancing functionality over multiple WAN links, while providing multi-vendor interoperability, packet fragmentation and proper sequencing, and load calculation on both inbound and outbound traffic.
Adam, Paul (2014-07-12). All-in-One CCIE V5 Written Exam Guide (Kindle Locations 2158-2159). . Kindle Edition.
2.3.b [ii] PPPoE
PPPoE combines Ethernet and PPP to provide an authenticated method of assigning IP addresses to client systems. PPPoE clients are typically personal computers connected to an ISP over a remote broadband connection, such as DSL or cable service. ISPs deploy PPPoE because it supports high-speed broadband access using their existing remote access infrastructure and because it is easier for customers to use. PPPoE provides a standard method of employing the authentication methods of the Point-to-Point Protocol (PPP) over an Ethernet network . When used by ISPs, PPPoE allows authenticated assignment of IP addresses. In this type of implementation, the PPPoE client and server are interconnected by Layer 2 bridging protocols running over a DSL or other broadband connection.
PPPoE is composed of two main phases:
● Active Discovery Phase—In this phase, the PPPoE client locates a PPPoE server, called an access concentrator. During this phase, a Session ID is assigned and the PPPoE layer is established.
● PPP Session Phase—In this phase, PPP options are negotiated and authentication is performed. Once the link setup is completed, PPPoE functions as a Layer 2 encapsulation method, allowing data to be transferred over the PPP link within PPPoE headers.
Adam, Paul (2014-07-12). All-in-One CCIE V5 Written Exam Guide (Kindle Locations 2149-2155). . Kindle Edition.
2.3.b [i] Authentication [PAP, CHAP]
The Challenge Handshake Authentication Protocol (CHAP) verifies the identity of the peer by means of a three-way handshake. These are the general steps performed during CHAP protocol exchange:
After the Link Control Protocol (LCP) phase is complete, and CHAP is negotiated between both devices, the authenticator sends a challenge message to the peer.
The peer responds with a value calculated through a one-way hash function Message Digest 5 (MD5).
The authenticator checks the response against its own calculation of the expected hash value. If the values match, the authentication is successful. Otherwise, the connection is terminated.
By default, authenticator uses its own hostname to identify to peer.
This authentication method depends on a “secret” known only to the authenticator and the peer. The secret is never sent over the link. Although the authentication is only one-way, you can negotiate CHAP in both directions, with the help of the same secret set for mutual authentication.
Adam, Paul (2014-07-12). All-in-One CCIE V5 Written Exam Guide (Kindle Locations 2137-2142). . Kindle Edition.
HDLC is a bit -oriented synchronous data link layer protocol. It supports various layer 3 protocols in addition to IP.
Adam, Paul (2014-07-12). All-in-One CCIE V5 Written Exam Guide (Kindle Locations 2127-2128). . Kindle Edition.
In networks where a Layer 2 switch interconnects several routers, the switch floods IP multicast packets on all multicast router ports by default, even if there are no multicast receivers downstream. With PIM snooping enabled, the switch restricts multicast packets for each IP multicast group to only those multicast router ports that have downstream receivers joined to that group. When you enable PIM snooping, the switch learns which multicast router ports need to receive the multicast traffic within a specific VLAN by listening to the PIM hello messages, PIM join and prune messages, and bi-directional PIM designated forwarder-election messages.
show ipv6 snooping command provides information about an interface on which both the Neighbor Discovery Inspection and RA Guard features are configured.
Adam, Paul (2014-07-12). All-in-One CCIE V5 Written Exam Guide (Kindle Locations 2098-2104). . Kindle Edition.
Multicast Listener Discovery
MLD is an IPv6 protocol that a host uses to request multicast data for a particular group. Using the information obtained through MLD, the device maintains a list of multicast group or channel memberships on a per-interface basis. The devices that receive MLD packets send the multicast data that they receive for requested groups or channels out the network segment of the known receivers.
MLDv1 is derived from IGMPv2, and MLDv2 is derived from IGMPv3. IGMP uses IP Protocol 2 message types, while MLD uses IP Protocol 58 message types, which is a subset of the ICMPv6 messages.
The MLD process is started automatically on the device. You cannot enable MLD manually on an interface. MLD is automatically enabled when you perform one of the following configuration tasks on an interface:
● Enable PIM6
● Statically bind a local multicast group
● Enable link-local group reports
MLD snooping allows the switch to examine MLD packets and make forwarding decisions based on their content as opposed to just flooding. You can configure the switch to use MLD snooping in subnets that receive MLD queries from either MLD or the MLD snooping querier. MLD snooping constraints IPv6 multicast traffic at Layer 2 by configuring Layer 2 LAN ports dynamically to forward IPv6 multicast traffic only to those ports that want to receive it.
Adam, Paul (2014-07-12). All-in-One CCIE V5 Written Exam Guide (Kindle Locations 2093-2096). . Kindle Edition.
An IGMP proxy enables hosts in a unidirectional link routing (UDLR) environment that are not directly connected to a downstream router to join a multicast group sourced from an upstream network.
Adam, Paul (2014-07-12). All-in-One CCIE V5 Written Exam Guide (Kindle Locations 2077-2078). . Kindle Edition.
2.2.a [iv] IGMP filter
IGMP filtering allows users to configure filters on a Switch Virtual Interface (SVI), a per-port, or a per-port per-VLAN basis to control the propagation of IGMP traffic through the network. IGMP filtering provides the capability to manage IGMP snooping, which in turn controls the forwarding of multicast traffic. When an IGMP packet is received, IGMP filtering uses the filters configured by the user to determine whether the IGMP packet should be discarded or allowed to be processed by the existing IGMP snooping code. With a IGMP version 1 or version 2 packet , the entire packet is discarded. With a IGMPv3 packet, the packet is rewritten to remove message elements that were denied by the filters.
IGMP traffic filters control the access of a port to multicast traffic. Access can be restricted based on the following:
● Which multicast groups or channels can be joined on a port. Channels are joined by IGMPv3 hosts that specify both the group and the source of the multicast traffic.
● Maximum number of groups or channels allowed on a specific port or interface (regardless of the number of hosts requesting service).
● IGMP protocol versions (for example, disallow all IGMPv1 messages).
When you enter an IGMP filtering command, a user policy is applied to a Layer 3 SVI interface, a Layer 2 port, or a particular VLAN on a Layer 2 trunk port. The Layer 2 port may be an access port or a trunk port. The IGMP filtering features will work only if IGMP snooping is enabled (either on the interface or globally).
Adam, Paul (2014-07-12). All-in-One CCIE V5 Written Exam Guide (Kindle Locations 2062-2074). . Kindle Edition.
2.2.a [iii] IGMP querier
When there is no multicast router in the VLAN to originate the queries, you must configure an IGMP snooping querier to send membership queries. When an IGMP snooping querier is enabled, it sends out periodic IGMP queries that trigger IGMP report messages from hosts that want to receive IP multicast traffic. IGMP snooping listens to these IGMP reports to establish appropriate forwarding.
Adam, Paul (2014-07-12). All-in-One CCIE V5 Written Exam Guide (Kindle Locations 2053-2055). . Kindle Edition.