Description
Book SynopsisSomit Maloo, CCIE No. 28603, CCDE No. 20170002, is a content architect from the data center team in the Learning & Certifications' organization. He holds a master's degree in telecommunication networks and a bachelor's degree in electronics and telecommunication engineering. He is also a penta CCIE in routing and switching, service provider, wireless, security, and data center technologies. Somit holds various industry-leading certifications, including CCDE, PMP, RHCSA, and VMware VCIX6 in Data Center and Network Virtualization. Somit has extensive experience in designing and developing various data center courses for the official Cisco curriculum. He started his career as a Cisco TAC engineer. Somit has more than 13 years of experience in the networking industry, working mostly with data center networks. You can reach Somit on Twitter: @somitmaloo.
Iskren Nikolov, CCIE No. 20164, CCSI No. 32481, MCT Alumni, content architect, engineer, and d
Table of Contents
Introduction xxxv
Part I Networking
Chapter 1 Implementing Routing in the Data Center 2
“Do I Know This Already?” Quiz 2
Foundation Topics 5
Routing Protocols Support on Cisco Nexus Devices 5
OSPF 6
OSPF Link-State Advertisements 7
OSPF Authentication 13
OSPF Configurations and Verifications 13
Border Gateway Protocol 24
BGP Peering 25
BGP Path Selection 26
Multiprotocol BGP 29
BGP Configurations and Verifications 30
Bidirectional Forwarding Detection 37
Rapid Detection of Failures 38
BFD Configurations and Verifications 38
Multicast 42
Internet Group Management Protocol 43
Switch IGMP Snooping 46
Multicast Listener Discovery 46
Multicast Distribution Trees 47
Protocol Independent Multicast 49
Multicast Forwarding 55
Multicast Configurations and Verifications 56
Hot Standby Router Protocol 69
Virtual Router Redundancy Protocol 73
VRRP Operation 73
VRRP Groups 75
VRRP Router Priority and Preemption 76
VRRP Authentication 77
VRRP Tracking 77
IPv6 First Hop Redundancy 77
HSRP/VRRP Configurations and Verifications 79
Exam Preparation Tasks 87
Chapter 2 Implementing Data Center Switching Protocols 90
“Do I Know This Already?” Quiz 90
Foundation Topics 93
Spanning Tree Protocols 93
STP Topology 93
STP Port Types 94
STP Extensions 94
Unidirectional Link Detection 97
Rapid PVST+ 98
Spanning Tree Configurations and Verifications 102
Port Channels 117
Port Channel Load Balance 120
Virtual Port Channel 122
vPC Traffic Flows 125
vPC Dual-Control Plane 126
vPC Primary and Secondary Roles 127
vPC Configuration Consistency 128
vPC Duplicate Frames Prevention Mechanism 129
vPC HSRP Gateway Considerations 131
vPC ARP Synchronization 131
vPC Peer Gateway 131
Port Channel Configurations and Verifications 132
Exam Preparation Tasks 146
Chapter 3 Implementing Data Center Overlay Protocols 150
“Do I Know This Already?” Quiz 150
Foundation Topics 151
Virtual Extensible LAN (VXLAN) Overview 151
VXLAN Encapsulation and Packet Format 152
VXLAN Tunnel Endpoint 152
Virtual Network Identifier 153
VXLAN Control Plane 154
VXLAN Gateways 157
VXLAN High Availability 157
VXLAN Tenant Routed Multicast 159
VXLAN Configurations and Verifications 159
Exam Preparation Tasks 169
Chapter 4 Describe Cisco Application Centric Infrastructure 172
“Do I Know This Already?” Quiz 172
Foundation Topics 174
Cisco Application Centric Infrastructure (ACI) Overview 174
Cisco Application Policy Infrastructure Controller 176
Cisco Nexus 9000 Series Spine and Leaf Switches for Cisco ACI 179
Cisco ACI Initial Setup, Fabric Discovery, Fabric Upgrade, and Fabric Access Policies 182
Cisco ACI Initial Setup 182
Cisco ACI Fabric Discovery 187
Startup with Cisco ACI Fabric Discovery and Configuration 188
Fabric Upgrade 189
Cisco ACI Fabric Access Policies 190
Cisco ACI Fabric Building Blocks, Policy Model, and VMM Domains 195
ACI Policy Model 197
Cisco ACI Tenants 198
Taboo Contracts 209
vzAny Rule 210
Filters and Subjects 213
Management Tenant 213
In-Band Management Access 214
ACI VXLAN 215
ACI Intersubnet Tenant Traffic 217
Policy Identification and Enforcement 218
ACI Fabric Traffic Storm Control 219
ACI Fabric Traffic Load Balance 219
ACI Fabric Loop Detection 220
ACI Design Best Practices 221
ACI LAB Configurations Example 221
Building ACI Fabric 224
Creating Tenant 227
Creating Contract and Filter 230
Deploying a Three-Tier Application 233
Integrating with vCenter 235
Exam Preparation Tasks 238
Chapter 5 Cisco Cloud Services and Deployment Models 240
“Do I Know This Already?” Quiz 240
Foundation Topics 242
What Is Cloud Computing? 242
Cloud Service Models 245
Software as a Service 245
Platform as a Service 246
Infrastructure as a Service 246
Cloud Deployment Models 248
Private Cloud 248
Public Cloud 248
Hybrid Cloud 249
Community Cloud 250
Exam Preparation Tasks 250
Chapter 6 Data Center Network Management and Monitoring 252
“Do I Know This Already?” Quiz 252
Foundation Topics 254
Cisco Nexus NX-OS Software Installation, Updates, and Their Impacts 254
PowerOn Auto Provisioning (POAP) 259
Data Center Infrastructure Software Lifecycle Management 263
Nexus Nondisruptive In-Service Software Upgrade 263
Nexus Disruptive and Nondisruptive Upgrade/Downgrade Procedure 265
Programmable Logical Devices Upgrade 269
Nexus Configuration Management 271
NX-OS Configuration Save and Backup 272
Nexus Config Rollback and Checkpoint 272
Network Time Management 274
Network Time Protocol 275
Precision Time Protocol 280
Network Infrastructure Monitoring 284
NX-OS System Message Logging 284
NX-OS Simple Network Management Protocol 286
Nexus Smart Call Home 292
Nexus NetFlow 293
Switched Port Analyzer 298
Streaming Telemetry 306
Network Assurance Concept 310
Exam Preparation Tasks 312
Chapter 7 Describe Cisco Nexus Dashboard 314
“Do I Know This Already?” Quiz 314
Foundation Topics 316
Cisco Nexus Dashboard 316
Cisco Nexus Dashboard Insights 318
Cisco Nexus Dashboard Orchestrator 323
Cisco Nexus Dashboard Fabric Controller 325
Cisco Nexus Dashboard Data Broker 335
Cisco Nexus Dashboard Platforms 337
Cisco Nexus Dashboard Cluster Nodes 339
Cisco Nexus Dashboard External Networks 341
Cisco Nexus Dashboard GUI Overview 342
One View Page 343
Admin Console Page 343
Exam Preparation Tasks 348
Part II Storage
Chapter 8 Implement Fibre Channel 352
“Do I Know This Already?” Quiz 353
Foundation Topics 356
Cisco MDS 9000 Series Hardware 356
Cisco MDS 9700 Series Multilayer Directors 356
Cisco MDS 9300 Series Multilayer Fabric Switches 360
Cisco MDS 9200 Series Multiservice Switches 361
Cisco MDS 9100 Series Multilayer Fabric Switches 362
Fibre Channel Basics 365
Fibre Channel Topologies 365
Fibre Channel Port Types 368
Fibre Channel Addressing 371
Flow Control 372
Switched Fabric Initialization 373
Device Registration: FLOGI, PLOGI, PRLI 378
FLOGI and FCNS Databases 378
CFS 380
CFS Features 381
CFS Fabric Lock 382
CFSoIP and CFSoFC 382
CFS Merge 384
CFS Regions 384
VSAN 386
VSAN Features 386
VSAN Attributes 387
VSAN Advantages 388
Dynamic Port VSAN Membership (DPVM) 388
VSAN Trunking 389
SAN Port Channels 396
Types of SAN Port Channels 396
Port Channel Load Balancing 398
Port Channel Modes 399
Zoning 404
Zoning Features 404
Zone Enforcement 406
Full and Active Zone Set 407
Autozone 410
Zone Merge 410
Smart Zoning 411
Enhanced Zoning 412
Device Alias 418
Device Alias Features 419
Device Alias Modes 419
Device Alias Distribution 420
Zone Aliases (FC Aliases) Versus Device Aliases 421
NPIV and NPV 424
Exam Preparation Tasks 431
Chapter 9 Implement FCoE Unified Fabric 434
“Do I Know This Already?” Quiz 434
Foundation Topics 436
FCoE Overview 436
Ethernet Enhancements 438
FCoE Frame Format 442
Virtual Fibre Channel (VFC) 444
FCoE Elements and Port Types 445
FCoE Addressing and Forwarding 447
FCoE Initialization Protocol (FIP) 448
Benefits of FCoE 451
FCoE Topology Options 451
FCoE Single-Hop Topology 451
FCoE Multi-Hop Topology 454
FCoE Implementations 455
FCoE Configuration on Cisco Nexus 7000 Series Switches 456
FCoE Configuration on Cisco Nexus 5000 Series Switches 458
FCoE Configuration on Cisco Nexus 9000 Series Switches 459
FCoE over FEX 461
FCoE NPV 463
FCoE Verification 466
Exam Preparation Tasks 475
Chapter 10 Describe NFS and NAS Concepts 478
“Do I Know This Already?” Quiz 478
Foundation Topics 479
Describe NFS Concepts 479
Describe NAS Concepts 481
NAS Benefits 483
Cisco UCS S-Series Storage Servers 483
Exam Preparation Tasks 485
Chapter 11 Describe Software Management and Infrastructure Monitoring 488
“Do I Know This Already?” Quiz 488
Foundation Topics 490
Cisco MDS NX-OS Setup Utility 490
Cisco MDS NX-OS Software Upgrade and Downgrade 498
Nondisruptive Upgrade on a Cisco MDS Fabric Switch 500
Disruptive Upgrade on a Cisco MDS Fabric Switch 505
Nondisruptive Downgrade on a Cisco MDS Fabric Switch 508
Disruptive Downgrade on a Cisco MDS Fabric Switch 513
EPLD Upgrade on Cisco MDS 9000 Series Switches 515
Infrastructure Monitoring 521
System Messages 521
Call Home 521
Embedded Event Manager 522
RMON 523
SPAN 523
Exam Preparation Tasks 528
Part III Compute
Chapter 12 Cisco Unified Computing Systems Overview 530
“Do I Know This Already?” Quiz 530
Foundation Topics 532
Cisco UCS Architecture 532
Cisco UCS Components and Connectivity 534
Cisco UCS 5108 Blade Server Chassis 536
UCS Blade Servers 536
Cisco UCS Rack Servers 537
Cisco UCS Storage Servers 537
Cisco UCS Mini 539
Cisco UCS Fabric Infrastructure 539
Cisco UCS 6536 Fabric Interconnect 540
Cisco UCS 6454 Fabric Interconnect 541
Cisco UCS 6300 Series Fabric Interconnects 543
Fabric Interconnect and Fabric Extender Connectivity 544
Cisco UCS Virtualization Infrastructure 550
Cisco UCS-X System 555
Cisco UCS Initial Setup and Management 557
Fabric Interconnect Connectivity and Configurations 565
Fabric Interconnect Port Modes 567
Fabric Failover for Ethernet: High-Availability vNIC 569
Ethernet Switching Mode 570
UCS Device Discovery 577
Chassis/FEX Discovery 577
Rack Server Discovery Policy 577
Initial Server Setup for Standalone UCS C-Series 578
Cisco UCS Network Management 584
UCS Virtual LAN 584
UCS Identity Pools 591
Service Profiles 596
UCS Server Policies 599
UCS Service Profile Templates 602
Quality of Service 608
Cisco UCS Storage 611
UCS SAN Connectivity 611
UCS SAN Configuration 615
Virtual Storage-Area Networks 616
World Wide Name Pool 621
SAN Connectivity Policies 624
Exam Preparation Tasks 625
Chapter 13 Cisco Unified Computing Infrastructure Monitoring 628
“Do I Know This Already?” Quiz 628
Foundation Topics 630
Cisco UCS System Monitoring 630
Data Management Engine 631
Application Gateway 631
Northbound Interfaces 631
Cisco UCS Monitoring Events and Logs 632
Cisco UCS Monitoring Policies 634
Traffic Monitoring 640
Cisco Intersight 647
Intersight Management as a Service 648
Intersight as a Telemetry Data Collection 650
Cisco Intersight Supported Software 650
Cisco Intersight Licensing 652
Exam Preparation Tasks 656
Chapter 14 Cisco Unified Compute Software and Configuration Management 658
“Do I Know This Already?” Quiz 658
Foundation Topics 660
Cisco UCS Configuration Management 660
Creating and Running a Backup Operation 661
Backup Policies 666
Backup Policy Configuration 666
Import Backups 668
Enable the Import Operation 669
System Restore 670
Restoring the Configuration for a Fabric Interconnect 671
UCS Firmware and Software Updates 672
Firmware Version Terminology 679
Firmware Upgrades Through Auto Install 680
Direct Upgrade After Auto Install Procedure 684
Install Infrastructure Firmware Procedure 688
Upgrading the Server Firmware with Auto Install 691
Standalone Cisco UCS C-Series Server Firmware Upgrade Using the Host Upgrade Utility (HUU) 693
Downloading and Preparing the ISO for an Upgrade 694
Exam Preparation Tasks 700
Chapter 15 Cisco HyperFlex Overview 702
“Do I Know This Already?” Quiz 702
Foundation Topics 704
Cisco HyperFlex Solution and Benefits 704
HyperFlex Benefits 707
HyperFlex as an Edge, Hybrid, and All-Flash Nodes 712
HyperFlex as an Edge Device 712
HyperFlex Hyperconverged Multicloud Platform (Hybrid or All-Flash) 714
HyperFlex All NVMe 715
Cisco HyperFlex Data Platform 716
Exam Preparation Tasks 728
Part IV Automation
Chapter 16 Automation and Scripting Tools 730
“Do I Know This Already?” Quiz 730
Foundation Topics 733
EEM Overview 733
Policies 733
Event Statements 734
Action Statements 734
Configuring EEM 735
Verifying the EEM Configuration 736
Scheduler 736
Configuring Scheduler 737
Verifying Scheduler Configuration 739
Bash Shell for Cisco NX-OS 740
Managing Feature RPMs 742
Managing Patch RPMs 742
Guest Shell for Cisco NX-OS 743
Accessing the Guest Shell 743
Resources Used for the Guest Shell 744
Capabilities in the Guest Shell 744
Managing the Guest Shell 746
XML 748
Example 749
XML Syntax 750
JSON 751
Rest API 752
Authentication 753
Response 754
NX-API 755
NX-API Request and Response Elements 757
NX-API Developer Sandbox 759
Exam Preparation Tasks 760
Chapter 17 Evaluate Automation and Orchestration Technologies 762
“Do I Know This Already?” Quiz 762
Foundation Topics 764
Ansible 764
Ansible Components 765
Important Ansible Concepts 766
Ansible CLI Tools 767
Cisco NX-OS and Ansible Example 767
Python 768
Python Package for Cisco 769
Using the CLI Command APIs 771
Python in Interactive Mode 772
Python in Noninteractive Mode 773
UCS Manager Python SDK 775
Convert to UCS Python 777
PowerOn Auto Provisioning (POAP) 777
Limitations of POAP 778
Network Requirements for POAP 778
POAP Configuration Script 778
POAP Process 779
Configuring a Switch Using POAP 782
HashiCorp Terraform 783
Terraform Concept 784
Terraform Components 784
Terraform Commands 786
PowerShell 789
Exam Preparation Tasks 795
Part V Security
Chapter 18 Network Security 798
“Do I Know This Already?” Quiz 798
Foundation Topics 801
Authentication, Authorization, and Accounting 801
AAA Service Configuration Options 802
Authentication and Authorization User Login Process 803
AAA NX-OS Configurations 804
Role-Based Access Control 807
NX-OS User Roles and Rules 809
NX-OS RBAC Configurations 811
Nexus First-Hop Security 815
Nexus Dynamic ARP Inspection 816
NX-OS DAI Configurations 819
NX-OS DHCP Snooping 827
Port Security 832
Nexus Port Secure MAC Address Maximum and Dynamic Address Aging 833
Port Security Violations and Actions 834
Nexus Port Types and Port Security 835
NX-OS Port Security Configuration 835
Nexus Control Plane Policing 837
Control Plane Packet 839
Classification for CoPP 840
NX-OS CoPP Configuration 844
Cisco ACI Contracts 851
Cisco ACI Contract Configuration Parameters 853
Create, Modify, or Remove Regular Contracts 854
Apply or Remove VRF Contracts 856
Inter-Tenant Contracts 857
Inter-Private Network Contracts Communication 858
Single Contract Bidirectional Reverse Filter 859
Single Contract Unidirectional with Multiple Filters 859
Multiple Contracts Unidirectional Single Filter 860
ACI Microsegmentation 860
Example: ACI Microsegmentation with VMs from a Single Application EPG 862
Example: ACI Microsegmentation with VMs in Different Application EPGs 863
ACI Microsegmentation Configurations 864
Keychain Authentication 868
NX-OS Keychain Configurations 868
Key Selection 871
Exam Preparation Tasks 872
Chapter 19 Compute Security 874
“Do I Know This Already?” Quiz 874
Foundation Topics 875
Securing UCS Management Using Authentication, Authorization, and Accounting 875
User RADIUS and TACACS+ Attributes 876
Two-Factor Authentication 879
UCS Web Session Refresh and Session Timeout Period 879
UCS LDAP Providers and Groups 879
RADIUS and TACACS+ Authentication Configurations 888
UCS Remote Users Role Policy 892
Multiple Authentication Services Configuration 894
Exam Preparation Tasks 895
Chapter 20 Storage Security 896
“Do I Know This Already?” Quiz 896
Foundation Topics 898
Authentication, Authorization, and Accounting 898
Authentication 899
Authorization 899
Accounting 900
Server Groups 900
AAA Service Configuration Options 900
AAA Server Monitoring 900
Remote AAA Services 901
Local AAA Services 911
AAA Authentication and Authorization Process 912
AAA Server Distribution 913
Merging RADIUS and TACACS+ Configurations 914
User Accounts and RBAC 914
User Roles 915
Rules 915
User Role Policies 917
RBAC Sample Configuration 918
Port Security 919
Port Security Configuration 921
Verification of Port Security 924
Fabric Binding 926
Fabric Binding Configuration 926
Port Security Versus Fabric Binding 928
Exam Preparation Tasks 929
Chapter 21 Final Preparation 932
Getting Ready 932
Tools for Final Preparation 933
Pearson Test Prep Practice Test Software and Questions on the Website 933
How to Access the Pearson Test Prep (PTP) App 933
Customizing Your Exams 934
Updating Your Exams 935
Chapter-Ending Review Tools 935
Learn the Question Types Using the Cisco Certification Exam Tutorial 935
Suggested Plan for Final Review/Study 940
Summary 940
Chapter 22 CCNP and CCIE Data Center Core DCCOR 350-601 Official Cert Guide Exam Updates 942
The Purpose of This Chapter 942
About Possible Exam Updates 943
Impact on You and Your Study Plan 943
News About the Next Exam Release 944
Updated Technical Content 944
Appendix A Answers to the “Do I Know This Already?” Quizzes 946
Glossary 961
Online Elements
Appendix B Memory Tables
Appendix C Memory Tables Answer Key
Appendix D Study Planner
Glossary
9780138228088 TOC 11/7/2023
