Erase the Config on a PIX firewall

pix# write erase
Erase PIX configuration in flash memory? [confirm]
pix# reload
Proceed with reload? [confirm]

Nuff said

Quick CatOS Configuration Guide

Platform: - Cisco 6509 catos
Author: -  Surender Singh

1. Setting the IP address and default gateway of the switch

1. # set int sc0 {ipaddress} {subnet mask}
2. # set route default {ipaddress}

1.  For setting the name of ports for each module.

1. # set port name {mod-num/port-num} {name}

1. For Setting the port Speed

1. # set port speed {mod-num/port-num} auto

1. For setting the port in half duplex or full duplex

1. # set port duplex {mod-num/port-num} {half/full}

1. For setting the ports for flow control for controlling the traffic or delay of traffic

1. # set port flow control {mod-num/port-num} Send ON (the port will send Flow control to far end.)
2. # set port flow control {mod-num/port-num} Receive ON (the port will require far end to send flow control)

1. Port Negotiation before establishing a link

1) #  Set port negotiation {mod-num/port-num}{enable/disable}
2) #show port

1. Clear config all will clear out all the config and all ports will collapse into VLAN1 which will cause instability. In order to avoid this all the ports are put into a blocking state.

1. # set default port status

1.  Configuring Ether Channels

In this all Ethernet links are grouped together to form one Ether Channel. A max of 8 Ether links can join a Admin Group. Port Aggression Protocol communicates by exchanging packets between the ports to establish a link; it adds the Ether channel to a spanning tree as one single bridge port to avoid loops.

1. # set port channel {mod-num/port-num} {admin-group(1-1024}
2. # set port chaneel {mod-num/port-num} { auto|desirable}

3) #set port channel all distribution {ipaddress|mac address} {source|destination}
4) # Show port channel

1.  Configuring Spanning Tree Protocol (IEEE 802.1 d)

In a switched network only a single path must exist between two stations .Each vlan has its STP defined.
If multiple patches exists between two stations loops can occur.

STP spans the extended switch network and force certain redundant paths into a standby or blocked state if any of the link goes down then the blocked path comes into forwarding state .All switches participate in a STP by exchanging Bridge protocol data units .the BPDU contains information of the switch ,port mac-address, priority, cost. This is used to elect the root switch.

Enabling STP on VLAN

1. # Set spantree enable {vlan_num}

Changing the port priority for putting it into forwarding state

1. # set spantree port priority {mod-num/port-num} {priority}
2.  # set spantree port vlan priority {mod-num/port-num} {priority} {vlan-num}

Changing the port cost

1. #set spantree port cost {mod-num/port-num} {cost}
2. #set spantree port vlan cost {mod-num/port-num} {cost} {vlan_num}

Configure a switch for root & secondary root

1. #set spantree root {Vlans} dia 4
2. #set spantree root secondary {Vlans} dia 5 hello 1

Disabling Spantree

1. #set spantree disable

How Port Fast works

By enabling port fast the port does not wait for the STP to converge and always remain in the forwarding state

Portfast BPDU Guard

It can prevent loops by moving a non trunking port into the Errdisable state when a BPDU is received on that port. When this is enabled STP shuts down the port.

Configuring Spatree portfast

1. #set spantree portfast {mod-num/port-num} enable
2. #set spantree portfast bpdu-guard enable
3. #set spantree uplinkfast enable(if the interface goes down between two switches ,uplink fast enables a blocked state interface directly into forwarding state).
4. #set spantree backbonefast enable (it enables an indirect link into forwarding state).

1. Configuring VTP

1. #set VTP domain {name}
2. #set VTP mode {server|client|transparent}
3. #set VTP password
4. #set VTP V2 enable
5. #set VTP purn eligible {Vlan Range}
6. #show trunks (verifies that appropriate Vlans are trunked)
7. #show VTP statistics

1. Configuring VLAN

1. #set Vlan {Vlan number (2-1000)} name {name}

VLAN 1 is by default the inband (SC0) interface of a switch ,by which any switch can be accessed without going thru the router.

1. #set Vlan {vlan number} {mod-num/port-num}

Valid range of Vlans for ISL is 1-1000; valid range for IEEE 802.1q is 0-4095

If non-Cisco devices r connected to Cisco devices thru 802.1q trunks, we must Map 802.1q Vlan numbers greater than 1000 to ISL Vlan numbers .802.1q vlan numbers in the range of 1-1000 r automatically mapped to ISL vlan .If greater than 1000 it has to be mapped manually to be recognized by Cisco switches. Upto 16 802.1q Vlans can be configured to ISL VLANs

1. #SET Vlan Mapping dot1q {vlan number} ISL {Vlan number}

1. Trunking (Important)

Configuring an ISL or dot1q trunk

1. # set trunk {mod-num/port-num} {auto|desirable|ON|OFF} dot1q

Negotiation

1. #set trunk {mod-num/port-num} desirable (mode) negotiate (dot1q or ISL) (assuming that the end port is in auto mode)

By default all Vlans are allowed when a trunk is set.
To disallow specific trunks

1. #clear trunk {mod-num/port-num} {vlan range}
2. # set trunk {mod-num/port-num} {vlan number or range}
3. # sh trunk {mod-num/port-num}

Disabling Trunk port

1. #set trunk {mod-num/port-num} OFF (turns trunking OFF on the port)
2. #clear trunk {mod-num/port-num}  (puts the port its default trunking)

1. GVRP: Generic attribute registration protocol

-------------------------
article courtesy of  www.knowurtech.com

Virtual Routing and Forwarding

Virtual routing and forwarding (VRF) is a technology included in IP
(Internet Protocol) network routers that allows multiple instances of a
routing table to exist in a router and work simultaneously. This
increases functionality by allowing network paths to be segmented
without using multiple devices. Because traffic is automatically
segregated, VRF also increases network security and can eliminate the
need for encryption and authentication. Internet service providers
(ISPs) often take advantage of VRF to create separate virtual private
networks (VPNs) for customers; thus the technology is also referred to
as VPN routing and forwarding.

VRF acts like a logical router, but while a logical router may include
many routing tables, a VRF instance uses only a single routing table.
In addition, VRF requires a forwarding table that designates the next
hop for each data packet, a list of devices that may be called upon to
forward the packet, and a set of rules and routing protocols that
govern how the packet is forwarded. These tables prevent traffic from
being forwarded outside a specific VRF path and also keep out traffic
that should remain outside the VRF path.

Configuring a VRF

Doug Downer
11.01.2005


In a recent tip called Keeping it all separate with VRFs, I started talking about an increasingly common scenario which involves the requirement to separate customers on shared devices using VPN Routing and Forwarding (VRF) instances. VRFs allow us to logically separate L2 and L3 functions for customers which share common network devices. This separation also allows service providers the ability to separate customers on their backbone with other technologies such as MPLS. MPLS is not within the scope of this series so we'll stick to just the VRF for now. In this tip, I'll show you how to configure a VRF using the scenario we looked at before.

Scenario recap

We have been looking at a scenario involving the requirement for two customers (A and B) to be given Internet access from a service provider (you). Because of the relatively small size of the service provider and customer -- one shared network device was installed to support this requirement. At first glance this scenario allows for the networks of Customer A and Customer B to mix together. To prevent that, the service provider puts each customer within a VRF.

Creating the VRF

The actual configuration of a VRF is not a difficult task. There are two main components to a VRF: The route distinguisher and the route target. A route distinguisher (RD) is a number -- which doesn't actually have any real significance other than to help identify a VPN in a provider's network and allow for overlapping IP space. The RD is an 8-byte number with two parts: A 2-byte type field followed by a 6-byte value field. Without going into too much detail, the value field of the RD is most often represented as an autonomous system number (ASN 2 bytes) followed by an arbitrary number (4 bytes) or an IP address (4 bytes) followed by an arbitrary number (2 bytes). You can enter an RD in either of these formats:

16-bit AS number: your 32-bit number
For example, 101:3.

32-bit IP address: your 16-bit number
For example, 192.168.122.15:1.

The route target (RT) indicates the VPN membership of a route and allows VPN routes to be imported or exported into or out of your VRFs. The RT functions a little like a routing policy -- determining how routes are distributed throughout the particular VPN. Like the RD, the RT is 8 bytes in length and can be entered as:

16-bit AS number: your 32-bit number
For example, 101:3.

32-bit IP address: your 16-bit number
For example, 192.168.122.15:1.

Using the example scenario, let's configure two VRFs on the service provider router. Customer A will have an RD of 192.168.1.1:100 and Customer B will have an RD of 192.168.2.1:200

• Customer A
SP_Router(config)#interface loopback 1
SP_Router(config-if)#description Loopback interface for Customer_A VRF
SP_Router(config)#interface g0/0
SP_Router(config-if)#description Connection to the Customer_A router
SP_Router(config)#ip vrf Customer_A
SP_Router(config-vrf)#rd 192.168.1.1:100
SP_Router(config-vrf)#route-target import 192.168.1.255:100
SP_Router(config-vrf)#route-target export 192.168.1.255:100
• Customer B
SP_Router(config)#interface loopback 2
SP_Router(config-if)#description Loopback interface for Customer_B VRF
SP_Router(config)#interface g0/1
SP_Router(config-if)#description Connection to the Customer_B router
SP_Router(config)#ip vrf Customer_B
SP_Router(config-vrf)#rd 192.168.2.1:200
SP_Router(config-vrf)#route-target import 192.168.2.255:200
SP_Router(config-vrf)#route-target export 192.168.2.255:200

Assigning the interfaces

Once you have created the VRF you can begin to assign the particular interfaces and start to separate the customers. Notice I did not assign an IP address to the interfaces which are intended to be in the VRF. If you put the IP addresses on prior to putting the interface in the VRF, the IP address will be removed and cause you to have to re-IP the interfaces.

• Customer A
SP_Router(config)#interface lo1
SP_Router(config-if)#ip vrf forwarding Customer_A
SP_Router(config-if)#ip address 192.168.1.1 255.255.255.255
SP_Router(config)#interface g0/0
SP_Router(config-if)#ip vrf forwarding Customer_A
SP_Router(config-if)#ip address 10.1.1.1 255.255.255.252
• Customer B
SP_Router(config)#interface lo2
SP_Router(config-if)#ip vrf forwarding Customer_B
SP_Router(config-if)#ip address 192.168.2.1 255.255.255.255
SP_Router(config)#interface g0/1
SP_Router(config-if)#ip vrf forwarding Customer_B
SP_Router(config-if)#ip address 10.1.2.1 255.255.255.252

These configurations have modified our picture somewhat. The figure below shows what the things look like now:

You can verify your configurations by using the show ip vrf command:

SP_Router #show ip vrf
Name	Default RD	Interfaces
Customer_A	192.168.1.1:100	Loopback1
		GigabitEthernet0/0
Customer_B	192.168.2.1:200	Loopback2
		GigabitEthernet0/1

Once you have the proper interfaces within the correct VRF, you can begin to establish IP connectivity and routing between the customer routers and the service provider routers.

--------------------------------------

article courtesy of searchenterprisewan.com

Overview of SPAN

What is SPAN and why is it needed? The SPAN feature was introduced on switches because of a fundamental difference that switches have with hubs. When a hub receives a packet on one port, the hub sends out a copy of that packet on all ports except on the one where the hub received the packet. After a switch boots, it starts to build up a Layer 2 forwarding table on the basis of the source MAC address of the different packets that the switch receives. After this forwarding table is built, the switch forwards traffic that is destined for a MAC address directly to the corresponding port.

For example, if you want to capture Ethernet traffic that is sent by host A to host B, and both are connected to a hub, just attach a sniffer to this hub. All other ports see the traffic between hosts A and B:

On a switch, after the host B MAC address is learned, unicast traffic from A to B is only forwarded to the B port. Therefore, the sniffer does not see this traffic:

In this configuration, the sniffer only captures traffic that is flooded to all ports, such as:

• Broadcast traffic

• Multicast traffic with CGMP or Internet Group Management Protocol (IGMP) snooping disabled

• Unknown unicast traffic

Unicast flooding occurs when the switch does not have the destination MAC in its content-addressable memory (CAM) table. The switch does not know where to send the traffic. The switch floods the packets to all the ports in the destination VLAN.

An extra feature is necessary that artificially copies unicast packets that host A sends to the sniffer port:

In this diagram, the sniffer is attached to a port that is configured to receive a copy of every packet that host A sends. This port is called a SPAN port. The other sections of this document describe how you can tune this feature very precisely in order to do more than just monitor a port.

SPAN Terminology

• Ingress traffic—Traffic that enters the switch.

• Egress traffic—Traffic that leaves the switch.

• Source (SPAN) port —A port that is monitored with use of the SPAN feature.

• Source (SPAN) VLAN —A VLAN whose traffic is monitored with use of the SPAN feature.

• Destination (SPAN) port —A port that monitors source ports, usually where a network analyzer is connected.

• Reflector Port —A port that copies packets onto an RSPAN VLAN.

• Monitor port—A monitor port is also a destination SPAN port in Catalyst 2900XL/3500XL/2950 terminology.

• Local SPAN—The SPAN feature is local when the monitored ports are all located on the same switch as the destination port. This feature is in contrast to Remote SPAN (RSPAN), which this list also defines.

• Remote SPAN (RSPAN)—Some source ports are not located on the same switch as the destination port. RSPAN is an advanced feature that requires a special VLAN to carry the traffic that is monitored by SPAN between switches. RSPAN is not supported on all switches. Check the respective release notes or configuration guide to see if you can use RSPAN on the switch that you deploy.

• Port-based SPAN (PSPAN)—The user specifies one or several source ports on the switch and one destination port.

• VLAN-based SPAN (VSPAN)—On a particular switch, the user can choose to monitor all the ports that belong to a particular VLAN in a single command.

• ESPAN—This means enhanced SPAN version. This term has been used several times during the evolution of the SPAN in order to name additional features. Therefore, the term is not very clear. Use of this term is avoided in this document.

• Administrative source—A list of source ports or VLANs that have been configured to be monitored.

• Operational source—A list of ports that are effectively monitored. This list of ports can be different from the administrative source. For example, a port that is in shutdown mode can appear in the administrative source, but is not effectively monitored.

Further details available at - http://www.cisco.com/en/US/products/hw/switches/ps708/products_tech_note09186a008015c612.shtml

Intelligent Platform Management Interface

The Intelligent Platform Management Interface (IPMI) specification defines a set of common interfaces to a computer system which system administrators can use to monitor system health and manage the system. Several dozen companies support IPMI. Dell, HP, Intel Corporation and NEC Corporation announced IPMI v1.0 on 1998-09-16, v1.5 on 2001-03-01, and v2.0 on 2004-02-14.

IPMI operates independently of the operating system and allows administrators to manage a system remotely even in the absence of an operating system or the system management software, or even if the monitored system is powered off, but connected to a power source. IPMI can also function after the operating system has started, and offers enhanced features when used with system management software. IPMI prescribes only the structure and format of the interfaces as a standard, while detailed implementations may vary.

An implementation of IPMI version 1.5 and later can send out alerts via a direct serial connection, a local area network (LAN) or a serial over LAN (SOL) connection to a remote client. System administrators can then use IPMI messaging to query platform status, to review hardware logs, or to issue other requests from a remote console through the same connections. The standard also defines an alerting mechanism for the system to send a simple network management protocol (SNMP) platform event trap (PET).

The IPMI consists of a main controller called the Baseboard Management Controller (BMC) and other satellite controllers. The satellite controllers within the same chassis connect to the BMC via the system interface called IPMB (Intelligent Platform Management Bus/Bridge) — an enhanced implementation of I²C (Inter-Integrated Circuit). The BMC connects to satellite controllers or another BMC in another chassis via IPMC (Intelligent Platform Management Chassis) bus/bridge. It may be managed with the Remote Management Control Protocol (RMCP), a specialized wire protocol defined by this specification.

A Field Replaceable Unit (FRU) holds the inventory (such as vendor id, manufacturer etc.) of potentially replaceable devices. A Sensor Data Records (SDR) repository provides the properties of the individual sensors present on the board. For example, the board may contain sensors for temperature, fan speed, and voltage.

The features of Cisco Catalyst Switches

Now that you know which switch features are used at which layer in a hierarchical network, you will learn about the Cisco switches that are applicable for each layer in the hierarchical network model. Today, you cannot simply select a Cisco switch by considering the size of a business. A small business with 12 employees might be integrated into the network of a large multinational enterprise and require all of the advanced LAN services available at the corporate head office. The following classification of Cisco switches within the hierarchical network model represents a starting point for your deliberations on which switch is best for a given application. The classification presented reflects how you might see the range of Cisco switches if you were a multinational enterprise. For example, the port densities of the Cisco 6500 switch only makes sense as an access layer switch where there are many hundreds of users in one area, such as the floor of a stock exchange. If you think of the needs of a medium-sized business, a switch that is shown as an access layer switch, the Cisco 3560 for example, could be used as a distribution layer switch if it met the criteria determined by the network designer for that application.

Cisco has seven switch product lines. Each product line offers different characteristics and features, allowing you to find the right switch to meet the functional requirements of your network. The Cisco switch product lines are:

Catalyst Express 500
Catalyst 2960
Catalyst 3560
Catalyst 3750
Catalyst 4500
Catalyst 4900
Catalyst 6500

Catalyst Express 500

The Catalyst Express 500 is Cisco's entry-layer switch. It offers the following:

Forwarding rates from 8.8 Gb/s to 24 Gb/s
Layer 2 port security
Web-based management
Converged data/IP communications support

This switch series is appropriate for access layer implementations where high port density is not required. The Cisco Catalyst Express 500 series switches are scaled for small business environments ranging from 20 to 250 employees. The Catalyst Express 500 series switches are available in different fixed configurations:

Fast Ethernet and Gigabit Ethernet connectivity
Up to 24 10/100 ports with optional PoE or 12 10/100/1000 ports

Catalyst Express 500 series switches do not allow management through the Cisco IOS CLI. They are managed using a built-in web management interface, the Cisco Network Assistant or the new Cisco Configuration Manager developed specifically for the Catalyst Express 500 series switches. The Catalyst Express does not support console access.

To learn more about the Cisco Express 500 series of switches, go to http://www.cisco.com/en/US/products/ps6545/index.html.

Catalyst 2960

The Catalyst 2960 series switches enable entry-layer enterprise, medium-sized, and branch office networks to provide enhanced LAN services. The Catalyst 2960 series switches are appropriate for access layer implementations where access to power and space is limited. The CCNA Exploration 3 LAN Switching and Wireless labs are based on the features of the Cisco 2960 switch.

The Catalyst 2960 series switches offers the following:

Forwarding rates from 16 Gb/s to 32 Gb/s
Multilayered switching
QoS features to support IP communications
Access control lists (ACLs)
Fast Ethernet and Gigabit Ethernet connectivity
Up to 48 10/100 ports or 10/100/1000 ports with additional dual purpose gigabit uplinks

The Catalyst 2960 series of switches do not support PoE.

The Catalyst 2960 series supports the Cisco IOS CLI, integrated web management interface, and Cisco Network Assistant. This switch series supports console and auxiliary access to the switch.

To learn more about the Catalyst 2960 series of switches, visit http://www.cisco.com/en/US/products/ps6406/index.html.

Catalyst 3560

The Cisco Catalyst 3560 series is a line of enterprise-class switches that include support for PoE, QoS, and advanced security features such as ACLs. These switches are ideal access layer switches for small enterprise LAN access or branch-office converged network environments.

The Cisco Catalyst 3560 Series supports forwarding rates of 32 Gb/s to 128 Gb/s (Catalyst 3560-E switch series).

The Catalyst 3560 series switches are available in different fixed configurations:

Fast Ethernet and Gigabit Ethernet connectivity
Up to 48 10/100/1000 ports, plus four small form-factor pluggable (SFP) ports
Optional 10 Gigabit Ethernet connectivity in the Catalyst 3560-E models
Optional Integrated PoE (Cisco pre-standard and IEEE 802.3af); up to 24 ports with 15.4 watts or 48 ports with 7.3 watts

To learn more about the Catalyst 3560 series of switches, visit http://www.cisco.com/en/US/products/hw/switches/ps5528/index.html.

Catalyst 3750

The Cisco Catalyst 3750 series of switches are ideal for access layer switches in midsize organizations and enterprise branch offices. This series offers forwarding rates from 32 Gb/s to 128 Gb/s (Catalyst 3750-E switch series). The Catalyst 3750 series supports Cisco StackWise technology. StackWise technology allows you to interconnect up to nine physical Catalyst 3750 switches into one logical switch using a high-performance (32 Gb/s), redundant, backplane connection.

The Catalyst 3750 series switches are available in different stackable fixed configurations:

Fast Ethernet and Gigabit Ethernet connectivity
Up to 48 10/100/1000 ports, plus four SFP ports
Optional 10 Gigabit Ethernet connectivity in the Catalyst 3750-E models
Optional Integrated PoE (Cisco pre-standard and IEEE 802.3af); up to 24 ports with 15.4 watts or 48 ports with 7.3 watts

To learn more about the Catalyst 3750 series of switches, visit http://www.cisco.com/en/US/products/hw/switches/ps5023/index.html.

Catalyst 4500

The Catalyst 4500 is the first midrange modular switching platform offering multilayer switching for enterprises, small- to medium-sized businesses, and service providers.

With forwarding rates up to 136 Gb/s, the Catalyst 4500 series is capable of managing traffic at the distribution layer. The modular capability of the Catalyst 4500 series allows for very high port densities through the addition of switch port line cards to its modular chassis. The Catalyst 4500 series offers multilayer QoS and sophisticated routing functions.

The Catalyst 4500 series switches are available in different modular configurations:

Modular 3, 6, 7, and 10 slot chassis offering different layers of scalability
High port density: up to 384 Fast Ethernet or Gigabit Ethernet ports available in copper or fiber with 10 Gigabit uplinks
PoE (Cisco pre-standard and IEEE 802.3af)
Dual, hot-swappable internal AC or DC power supplies
Advanced hardware-assisted IP routing capabilities

To learn more about the Catalyst 4500 series of switches, visit http://www.cisco.com/en/US/products/hw/switches/ps4324/index.html.

Catalyst 4900

The Catalyst 4900 series switches are designed and optimized for server switching by allowing very high forwarding rates. The Cisco Catalyst 4900 is not a typical access layer switch. It is a specialty access layer switch designed for data center deployments where many servers may exist in close proximity. This switch series supports dual, redundant power supplies and fans that can be swapped out while the switch is still running. This allows the switches to achieve higher availability, which is critical in data center deployments.

The Catalyst 4900 series switches support advanced QoS features, making them ideal candidates for the back-end IP telephony hardware. Catalyst 4900 series switches do not support the StackWise feature of the Catalyst 3750 series nor do they support PoE.

The Catalyst 4900 series switches are available in different fixed configurations:

Up to 48 10/100/1000 ports with four SFP ports or 48 10/100/1000 ports with two 10GbE ports
Dual, hot-swappable internal AC or DC power supplies
Hot-swappable fan trays

To learn more about the Catalyst 4900 series of switches, visit http://www.cisco.com/en/US/products/ps6021/index.html.

Catalyst 6500

The Catalyst 6500 series modular switch is optimized for secure, converged voice, video, and data networks. The Catalyst 6500 is capable of managing traffic at the distribution and core layers. The Catalyst 6500 series is the highest performing Cisco switch, supporting forwarding rates up to 720 Gb/s. The Catalyst 6500 is ideal for very large network environments found in enterprises, medium-sized businesses, and service providers.

The Catalyst 6500 series switches are available in different modular configurations:

Modular 3, 4, 6, 9, and 13 slot chassis
LAN/WAN service modules
PoE up to 420 IEEE 802.3af Class 3 (15.4W) PoE devices
Up to 1152 10/100 ports, 577 10/100/1000 ports, 410 SFP Gigabit Ethernet ports, or 64 10 Gigabit Ethernet ports
Dual, hot-swappable internal AC or DC power supplies
Advanced hardware-assisted IP routing capabilities

To learn more about the Catalyst 6500 series of switches, visit http://www.cisco.com/en/US/products/hw/switches/ps708/index.html.

The following tool can help identify the correct switch for an implementation: http://www.cisco.com/en/US/products/hw/switches/products_promotion0900aecd8050364f.html.

The following guide provides a detailed comparison of current switch offerings from Cisco: http://www.cisco.com/en/US/prod/switches/ps5718/ps708/networking_solutions_products_genericcontent0900aecd805f0955.pdf.

Multiprotocol Label Switching (MPLS) is a standards-approved technology for speeding up network traffic flow and making it easier to manage. MPLS involves setting up a specific path for a given sequence of packets, identified by a label put in each packet, thus saving the time needed for a router to look up the address to the next node to forward the packet to. With reference to the OSI model, MPLS allows most packets to be forwarded at Layer 2 (switching) rather than at Layer 3 (routing). In addition to moving traffic faster overall, MPLS makes it easy to manage a network for quality of service (QoS). For these reasons, the technique is expected to be readily adopted as networks begin to carry more and different mixtures of traffic. (Definition courtesy of Whatis.com.)

MPLS is called multiprotocol because it works with the Internet Protocol (IP), Asynchronous Transport Mode (ATM), and frame relay network protocols. The claim to fame of MPLS is "any-to-any" connectivity. This statement generally implies a comparison to permanent virtual circuit (PVC)-based technologies such as frame relay and ATM, where each site has a physical circuit connecting it to the "cloud." Logical circuits are then configured on the physical circuits to create virtual circuits connecting sites together.

If you were to purchase a full mesh of virtual circuits connecting every site to every other site, you would essentially have the same any-to-any connectivity offered by MPLS. Under the covers, of course, it's quite different, because packets are label switched and traffic engineered instead of being circuit-switched and provisioned.

An MPLS-based network consists of routers and switches interconnected via transport facilities such as fiber links. Customers connect to the backbone (core) network through multiservice edge (MSE) routers. The backbone comprises the core routers that provide high-speed transport and connectivity between the MSE routers. An MSE router contains different types of line cards and physical interfaces to provide Layer 2 and Layer 3 services, including ATM, FR, Ethernet, and IP/MPLS VPNs.

In the incoming direction, line cards receive packets from external interfaces and forward them to the switching fabric. In the outgoing direction, line cards receive packets from the switching fabric and forward them to the outgoing interfaces. The switching fabric, the heart of the router, is used for switching packets between line cards. The IP/MPLS control-plane software, the brain of a router, resides in the control processor card. The phrase IP/MPLS control plane refers to the set of tasks performed by IP routing and MPLS signaling protocols. IP routing protocols are used to advertise network topology, exchange routing information, and calculate forwarding paths between routers within (intra) and between (inter) network routing domains. Examples of IP routing protocols include Open Shortest Path First (OSPF), Intermediate System-to-Intermediate System (IS-IS), and Border Gateway Protocol (BGP). MPLS signaling protocols are used to establish, maintain, and release label-switched paths (LSP). Examples of MPLS signaling protocols include BGP, Label Distribution Protocol (LDP), and Resource Reservation Protocol (RSVP). The IP control plane may also contain tunneling protocols such as Layer 2 Tunneling Protocol (L2TP) and Generic Routing Encapsulation (GRE).

Because redundant network elements add to the overall network cost, service providers typically employ different levels and types of fault tolerance in the edge and core network. For example, the core network is generally designed to protect against core router failures through mesh connectivity. This allows alternative paths to be quickly established and used in the face of a failure. In the core, additional routers and links are used to provide fault tolerance. In contrast, on the edge, often thousands of customers are connected through a single router, and the edge router usually represents a single point of failure. The edge router is what most service providers consider the most vulnerable point of their network after the core is protected. On the edge, instead of using additional routers and links as in the core, redundancy within the edge router via redundant control processor cards, redundant line cards, and redundant links (such as SONET/SDH Automatic Protection Switching [APS]) are commonly used to provide fault tolerance.

ref: http://searchnetworking.techtarget.com/generic/0,295582,sid7_gci1225222,00.html#basics

A broadband remote access server (BRAS or BBRAS) routes traffic to and from the digital subscriber line access multiplexers (DSLAM) on an Internet service provider's (ISP) network.

The BRAS sits at the core of an ISP's network, and aggregates user sessions from the access network. It is at the BRAS that an ISP can inject policy management and IP Quality of Service (QoS).

The specific tasks include:

• Aggregates the output from DSLAMs
• Provides user PPP sessions over IP or ATM sessions
• Enforces quality of service (QoS) policies
• Routes traffic into an Internet service provider’s backbone network

A DSLAM collects data traffic from multiple subscribers into a centralized point so that it can be uploaded to the router over a Frame Relay, ATM, or Ethernet connection.

The router provides the logical termination for PPP sessions. These may be PPP over Ethernet (PPPoE) or PPP over ATM (PPPoA) encapsulated sessions. By acting as the PPP termination point, the BRAS is responsible for assigning session parameters such as IP addresses to the clients. The BRAS is also the first IP hop from the client to the Internet.

The BRAS is also the interface to authentication, authorization and accounting systems (see RADIUS)