【正文】 Resolution Protocol ? explicit configuration ? Router Discovery Protocol ? routing protocol. 58 Presentation_ID 169。 1999, Cisco Systems, Inc. Router Redundancy ? Hot Standby Router Protocol (HSRP) ? Provides a way for IP workstations to keep municating on the interwork even if their default router bees unavailable. 59 Presentation_ID 169。 1999, Cisco Systems, Inc. HSRP Example B r o a d wa yCe n t r a l P a r kEthernetA n d e r s o nP h a n t o m60 Presentation_ID 169。 1999, Cisco Systems, Inc. Server Redundancy ? In some environments, fully redundant (mirrored) file servers should be remended ? If plete server redundancy is not feasible due to cost considerations, mirroring or duplexing of the file server hard drives is a good idea 61 Presentation_ID 169。 1999, Cisco Systems, Inc. Route Redundancy ? Designing redundant routes has two purposes: – Load balancing – Minimizing downtime 62 Presentation_ID 169。 1999, Cisco Systems, Inc. Load Balancing ? By default AppleTalk and IPX do not support load balancing ? To support load balancing, keep bandwidth consistent within a layer of the hierarchical model so that all paths have the same cost 63 Presentation_ID 169。 1999, Cisco Systems, Inc. Minimizing Downtime ? In addition to facilitating load balancing, another reason to design redundant routes is to minimize work downtime. ? Routing protocols converge much faster if multiple equalcost paths to a destination work exist. ? By using redundant, meshed work designs, you can minimize the effect of link failures 64 Presentation_ID 169。 1999, Cisco Systems, Inc. Meshed works ? A work can be designed as a full mesh or a partial mesh ? A fullmesh work provides: – plete redundancy – good performance – $$$$ 65 Presentation_ID 169。 1999, Cisco Systems, Inc. Full Mesh Diagram The number of links in a full mesh is n(n1)/2 (n=device) 66 Presentation_ID 169。 1999, Cisco Systems, Inc. Partial Mesh 67 Presentation_ID 169。 1999, Cisco Systems, Inc. Media Redundancy ? In switched works, switches can have redundant links to each other. ? Because WAN links are often critical pieces of the interwork, redundant media is often deployed in WAN environments. ? Often backup links use a different technology 68 Presentation_ID 169。 1999, Cisco Systems, Inc. Secure Models ? Secure topologies are often designed using a firewall ? A firewall protects one work from another untrusted work ? You can design a firewall system using hardened firewalls or software platforms. 69 Presentation_ID 169。 1999, Cisco Systems, Inc. ThreePart Firewall System ? The classic firewall system, called the threepart firewall system, has three specialized layers: – An isolation LAN (Demilitarized Zone) – A router that acts as an inside packet filter or inside interface – Another router that acts as an outside packet filter or outside interface 70 Presentation_ID 169。 1999, Cisco Systems, Inc. Cisco 2611 Router with Cisco IOS Firewall Feature Set Users Users Protected Network Email Server Micro Webserver zip 100 Micro Webserver Web Server Public Access ISP and Inter Cisco IOS Firewall Topology 71 Presentation_ID 169。 1999, Cisco Systems, Inc. Cisco PIX Firewall ? A hardware firewall device offers the following benefits: – Less plex and more robust than packet filters – No downtime required for installation – No upgrading of hosts or routers is required – No daytoday management is necessary 72 Presentation_ID 169。 1999, Cisco Systems, Inc. Cisco PIX Firewall ? Eliminates administrative overhead and risks associated with UNIXbased, NT or routerbased firewall systems ? secure realtime kernel ? plete audit logs of all transactions, including attempted breakins. ? supports data encryption 73 Presentation_ID 169。 1999, Cisco Systems, Inc. PIX Firewall Topology Perimeter Networks Inside Network WWW DNS Email NT RAS Cisco Secure Java ActiveX URL Block Proxy Server Outside Network 74 1513_07F8_c2 EMEA/AN/ASIA/AMER_132 169。 1998, Cisco Systems, Inc.