Session Network Technology Technical Level Session Title Speaker(s)

ACC-2002 Access & Aggregation Networks 2 Enhanced Aggregation in Broadband Deployment Kali Mishra

SEC-2009 Access & Aggregation Networks 2 SP Deployment of Cisco (formerly Riverhead) Detectors and Guards for DDoS Protection

Kunjal Trivedi

NMS-2021 Campus & Local Area Networks 2 Large Scale Deployments of CiscoWorks Joe Clarke

NMS-2202 Campus & Local Area Networks 2 How Cisco Achieved High Availability in its Local Area Network Darrell Root

NMS-2305 Campus & Local Area Networks 2 Deploying and Managing a Content Switched Network Jeffrey Ostermiller

NMS-2306 Campus & Local Area Networks 2 Disaster Recovery and Geographic Load Balancing

Stefano Testa, Zeeshan Naseh

NMS-2307 Campus & Local Area Networks 2 SSL Optimization and Server Offload for Content Management Stefano Testa

RST-2504 Campus & Local Area Networks 2 Cisco Catalyst 6500 Service Module Design and Implementation Stefano Testa

RST-2505 Campus & Local Area Networks 2 Campus Design Fundamentals Mark Montanez

RST-2506 Campus & Local Area Networks 2 Analyzing the Impact of Emerging Technologies on Campus Design Michael Herbert

RST-2514 Campus & Local Area Networks 2 High Availability in Campus Network Deployments Hazim Dahir

RST-3509 Campus & Local Area Networks 3 Troubleshooting Cisco Catalyst 6500 Series Switches Christopher Travis

SEC-2002 Campus & Local Area Networks 2 Understanding and Stopping Layer 2 Attacks Troy Sherman

SEC-2020 Campus & Local Area Networks 2 Deploying Firewalls Brian Ford

SEC-2030 Campus & Local Area Networks 2 Deploying Network-Based Intrusion Detection and Prevention Systems William Battle

SEC-2031 Campus & Local Area Networks 2 Understanding and Deploying Host-Based Intrusion Protection Technology Jonathan Hogue

SEC-2040 Campus & Local Area Networks 2 Understanding and Deploying Network Admission Control Russell Rice

SEC-3010 Campus & Local Area Networks 3 Troubleshooting Cisco IOS Firewall-Based and Cisco Secure PIX Firewall-Based IPSec VPNs

Jazib Frahim

SEC-3020 Campus & Local Area Networks 3 Troubleshooting Firewalls Obaid Vanjara

SEC-3030 Campus & Local Area Networks 3 Troubleshooting Intrusion Detection Systems Marcus Sitzman

CERT-2100 General Networking Scenarios 2 CCNP Certification (Building Scalable

Cisco Internetworks-BSCI) Gary Rubin, Kip Peterson

NMS-1011 General Networking Scenarios 1 Principles of Fault Management Christopher Elliott NMS-1101 General Networking Scenarios 1 Understanding DHCP and DNS John Schnizlein

NMS-2001 General Networking Scenarios 2 Network Troubleshooting Tools and Techniques Joe Clarke

NMS-2031 General Networking Scenarios 2 Traffic Accounting Scenarios Ralf Wolter

NMS-2032 General Networking Scenarios 2 NetFlow for Accounting, Analysis and Attack Paul Kohler

Networkers Online 2004

New Orleans: July 13-15, 2004

- 2 -

Session Network Technology Technical Level Session Title Speaker(s)

NMS-2042 General Networking Scenarios 2 Performance Measurement with Cisco Devices David Melton

NMS-2101 General Networking Scenarios 2 DNS Deployment and Operation Patrik Faltstrom NMS-2102 General Networking Scenarios 2 Deploying and Troubleshooting NAT Michael Hollowell NMS-2201 General Networking Scenarios 2 Network Availability Measurement James Thompson

NMS-3011 General Networking Scenarios 3 Getting the Right Events from Network Elements Benoit Claise

NMS-4043 General Networking Scenarios 4 Advanced Service Assurance Agent Emmanuel Tychon RST-1305 General Networking Scenarios 1 IPv6 concepts Khalid Raza RST-1701 General Networking Scenarios 1 Introduction to IP Multicast Bryan McLaughlin RST-2303 General Networking Scenarios 2 Deployment and Analysis of BGP Steven Moore RST-2304 General Networking Scenarios 2 Deploying Mobile IP Stefan Raab RST-2305 General Networking Scenarios 2 IPv6 Deployment Shannon McFarland

RST-2310 General Networking Scenarios 2 Which Routing Protocol Russ White, James, Ng, Harold Ritter

RST-2311 General Networking Scenarios 2 Packet Forwarding and Operation of Mid to High End Routers and Switches Phil Harris

RST-2312 General Networking Scenarios 2 Control Plane Operation in Mid to High End Routers and Switches Phil Harris

RST-2510 General Networking Scenarios 2 Deploying QoS for Converged Networks Ramya Venkatraman RST-2701 General Networking Scenarios 2 Deploying IP Multicast Beau Williamson RST-2702 General Networking Scenarios 2 Deploying IP Multicast VPNs Yiqun Cai

RST-2800 General Networking Scenarios 2 Designing and Debugging a SNASwitch Enterprise Extender Solution to Replace SNA Routing in the Data Center

Ray Romney

RST-3300 General Networking Scenarios 3 Troubleshooting EIGRP Don Slice RST-3301 General Networking Scenarios 3 Troubleshooting OSPF Faraz Shamm

RST-3303 General Networking Scenarios 3 Troubleshooting and Advanced Topics in BGP Daniel Walton

RST-3311 General Networking Scenarios 3 Troubleshooting and Optimizing the Operation of Cisco Routers Eric Osborne

RST-3507 General Networking Scenarios 3 Troubleshooting Cisco Catalyst 3750, 3550, and 2900 Series Switches Mike Pavlovich

RST-3508 General Networking Scenarios 3 Troubleshooting Cisco Catalyst 4000 and 4500 Series Switches

Hemant Verma, John Bartlomiejczyk

RST-3511 General Networking Scenarios 3 Troubleshooting LAN Protocols Thomas Settle RST-4300 General Networking Scenarios 4 Advances in EIGRP Donnie Savage RST-4301 General Networking Scenarios 4 Advances in OSPF Faraz Shamm RST-4311 General Networking Scenarios 4 Optimized Edge Routing Dana Blair RST-4312 General Networking Scenarios 4 High Availability in Routing Micah Bartell

RST-4313 General Networking Scenarios 4 Multitopology Routing Chetan Khetani, Scott Sturgess

RST-4314 General Networking Scenarios 4 Advances in Router Architecture David Ward, David Tsiang

RST-4701 General Networking Scenarios 4 Advanced IP Multicast Michael McBride SEC-1000 General Networking Scenarios 1 Introduction to Network Security Keith Stewart SEC-2000 General Networking Scenarios 2 Secure Enterprise Design Russell Rice

SEC-2003 General Networking Scenarios 2 IPv6 Security Threats Darrin Miller, Sean Convery

SEC-2005 General Networking Scenarios 2 Understanding 802.1x, IBNS, and Network Identity Services Ian Foo

SEC-2006 General Networking Scenarios 2 Managing Security Technologies Erik Lenten

SEC-2010 General Networking Scenarios 2 Deploying Remote Access IPSec and SSL VPNs Dan Angst

SEC-4000 General Networking Scenarios 4 Advanced Concepts in Security Threats Brian Best

SEC-4011 General Networking Scenarios 4 Advanced IPSec Algorithms and Protocols Saadat Malik

- 3 -

Session Network Technology Technical Level Session Title Speaker(s)

VVT-2014 General Networking Scenarios 2 Centralized and Distributed Deployment Models for IP Contact Centers Christos Klardie

ACC-2001 Metro Area Networks 2 Design considerations for Sizing and Scaling Metro Layer 2 Services Michele Black

OPT-1041 Metro Area Networks 1 Introduction to Next-Generation Intelligent DWDM Networks

Donyel Jones-Williams

OPT-1042 Metro Area Networks 1 Metropolitan Ethernet Design Fundamentals

Chiara Regale, Jason Sauviac

OPT-2041 Metro Area Networks 2 Implementing Optical Ethernet Networks with Pluggable Optics Alessandro Barbieri

OPT-2043 Metro Area Networks 2 802.17 and Spatial Reuse Protocol (SRP) Protocols Simon Herriotts

OPT-2044 Metro Area Networks 2 Service Aggregation Over DWDM for Network Consolidation Michael Noto

OPT-2045 Metro Area Networks 2 Extending Metro Ethernet Across SONET/SDH Transport Infrastructure Tejas Vashi

OPT-4041 Metro Area Networks 4 Advanced Optical Technology for Next Generation Data Services Masum Mir

ACC-1020 Mobile Networks 1 Mobile Wireless - An Overview of the History and Present State of Mobile Wireless

William Parkhurst

OPT-1051 Storage Area Networks 1 Introduction to Storage Topologies and Applications Lincoln Dale

OPT-2051 Storage Area Networks 2 Fibre Channel Storage Area Network Design Thomas Nosella

OPT-2052 Storage Area Networks 2 FCIP Design and Implementation Mark Allen OPT-2053 Storage Area Networks 2 iSCSI Design and Implementation Vivian He OPT-2054 Storage Area Networks 2 Storage Networking Security Lincoln Dale

OPT-3051 Storage Area Networks 3 Troubleshooting MDS9000 Fibre Channel Storage Area Networks Michael Frase

OPT-3052 Storage Area Networks 3 Troubleshooting MDS9000 IP Storage Area Networks Michael Frase

OPT-4051 Storage Area Networks 4 Design and Architecture of Storage Networking Platforms Thomas Edsall

OPT-4052 Storage Area Networks 4 Case Study: Cisco IT Storage Strategy William Williams

NMS-2301 Video Networks & Applications 2 Deploying Streaming Video Horst Dumcke

NMS-2302 Video Networks & Applications 2 Deploying Corporate Communications and E-learning James French

NMS-2304 Video Networks & Applications 2 Deploying Web Application Acceleration and Employee Internet Management James French

VVT-2030 Video Networks & Applications 2 Understanding IP Video Telephony and Audio and Data Conferencing Solutions David Morrison

VVT-2031 Video Networks & Applications 2 Designing and Deploying IP Video Telephony Networks

Jonathan Roberts, Thomase Schepers

VVT-2032 Video Networks & Applications 2 Designing and Deploying IP-Based Audio and Web Conferencing Solutions Jonathan Roberts

VVT-3030 Video Networks & Applications 3 Troubleshooting IP Video Telephony Networks Kevin McMenamy

ACC-1000 Virtual Private Networks 1 Introduction to Layer 2 Transport and Tunneling Technologies (L2VPNs) Eric Matkovich

ACC-2000 Virtual Private Networks 2 Layer 2 Transport and Tunneling (L2VPN) Application and Deployment Eric Matkovich

ACC-3001 Virtual Private Networks 3 Troubleshooting Layer 2 Transport and Tunneling (L2VPN) Technologies Dmitry Bokotey

RST-3606 Virtual Private Networks 3 Troubleshooting MPLS VPNs Rajiv Asati SEC-2011 Virtual Private Networks 2 Deploying Site-to-Site IPSec VPNs Dan Angst

- 4 -

Session Network Technology Technical Level Session Title Speaker(s)

SEC-3011 Virtual Private Networks 3 Troubleshooting Cisco VPN 3000 IPSec and SSL Implementations Aamir Waheed

SEC-4010 Virtual Private Networks 4 Advanced IPSec Deployments and Concepts of DMVPN Networks Michael Sullenberger

RST-2602 Voice Networks & Applications 2 Deploying MPLS VPNs Zaheer Aziz, Rajiv Asati

VVT-1001 Voice Networks & Applications 1 Understanding ENUM Patrik Faltstrom

VVT-2000 Voice Networks & Applications 2 Choosing the Correct Voice/Video Signaling Strategy: H.323 Craig Mulholland

VVT-2001 Voice Networks & Applications 2 Choosing the Correct Voice/Video Signaling Strategy: MGCP/SIP James Polk

VVT-2002 Voice Networks & Applications 2 Deploying Unified Communications in the Enterprise

Peter Hansen, Shane Lisenbea

VVT-2003 Voice Networks & Applications 2 IP Telephony Security Gregory Moore

VVT-2004 Voice Networks & Applications 2 Designing Voice Enabled IPSec VPNs Joel King

VVT-2005 Voice Networks & Applications 2 Implementing Voice Enabled IPsec VPNs Joel King

VVT-2006 Voice Networks & Applications 2 Emergency Services and IP Telephony Marc Linser

VVT-2010 Voice Networks & Applications 2 Applied Scripting for IP IVR/IPCC Express Duke Bond

VVT-2011 Voice Networks & Applications 2 Internet Service Node (ISN) for IP Contact Centers Design Session Adam Mermel

VVT-2012 Voice Networks & Applications 2 Troubleshooting IP Contact Centers William Webb, Jason Ward

VVT-2013 Voice Networks & Applications 2 Designing IP Contact Centers: Resources, Servers, and Bandwidth Provisioning

Mohammed Darwish

VVT-2015 Voice Networks & Applications 2 IP Contact Centers: Clustering Over the WAN (High Availability and Resiliency) Zachariah Hallock

VVT-2021 Voice Networks & Applications 2 Designing and Deploying Business (Hosted or Managed) IP Voice/Data Services

Helen Robison

VVT-3020 Voice Networks & Applications 3 Troubleshooting IP Telephony Networks: Elements of Dial Plan Functionality

Paul Giralt, Daniel Keller

VVT-3021 Voice Networks & Applications 3 Troubleshooting IP Telephony Networks: Elements of CallManager Functionality

Dustin Grant, Ramesh Kaza

VVT-4000 Voice Networks & Applications 4 Advanced SIP Session James Polk

VVT-4001 Voice Networks & Applications 4 Advanced Dial Plan Design for IP Telephony Networks

Luc Bouchard, Gregory Edwards

VVT-4002 Voice Networks & Applications 4 Advanced Preferential IP Telephony Services for the Internet Frederick Baker

ACC-3000 Wide Area Networks 3 Troubleshooting WAN Protocols in Cisco IOS Mark Atkins

NMS-4012 Wide Area Networks 4 MPLS Embedded Management Tools Muhammad Moizuddin, Mukhtiar Shaikh

RST-1601 Wide Area Networks 1 Introduction to Multiprotocol Label Switching (MPLS) Azhar Sayeed

RST-1607 Wide Area Networks 1 QoS in MPLS Networks Santiago Alvarez RST-2603 Wide Area Networks 2 Deploying MPLS Traffic Engineering Eric Osborne

RST-2606 Wide Area Networks 2 Understanding Convergence in MPLS VPN Networks

Muhammad Moizuddin, Mukhtiar Shaikh

- 5 -

Session Network Technology Technical Level Session Title Speaker(s)

RST-3605 Wide Area Networks 3 Troubleshooting MPLS Networks Yousuf Hasan

RST-4512 Wide Area Networks 4 Current Methods and Issues for High-Performance TCP Flows Lawrence Dunn

RST-4607 Wide Area Networks 4 Advanced Topics and Future Directions in MPLS Bruce Davie

RST-4608 Wide Area Networks 4 New Developments in Pseudowires George Swallow

SEC-2007 Wide Area Networks 2 Internet Service Provider Security Best Practices Pavan Reddy

SEC-2008 Wide Area Networks 2 Service Provider Responses to Denial-of-Service Attacks Paul Quinn

ACC-1010 Wireless Networks 1 Introduction to 802.11 Wireless Networks Michael De Leo

ACC-1011 Wireless Networks 1 Introduction to Wireless Mobile Networks Lawrence Searcy

ACC-2010 Wireless Networks 2 Deploying Mobility in High Availability Wireless LANs Jake Woodhams

ACC-2011 Wireless Networks 2 Deploying Secure Wireless LANs Sriganeshan Sundaralingam

ACC-2012 Wireless Networks 2 Design and Deployment of Outdoor Wireless LAN/Bridging Networks Jonathan Leary

ACC-2013 Wireless Networks 2 Wireless LAN and Cisco Voice Deployment Recommendations

Jason Romanosky, Matthew Stein

ACC-2014 Wireless Networks 2 Designing & Deploying Public Wireless LANs Sherelle Farrington

ACC-2002 Enhanced Aggregation in Broadband Deployment Kali Mishra Technical Level: 2 This presentation covers the implementation of revenue-generating services in broadband deployments, features that help reduce operating expenses (OpEx) and capital expenditures (CapEx), and those features that minimize effects of large-scale outages. Dynamic bandwidth selection, various methods for per-subscriber or tiered service differentiation, per-session and per-subscriber quality of service (QoS), per-user security, and service selection are some of the newer service infrastructures that are discussed. The presentation also includes a case study involving many of these features.

SEC-2009 SP Deployment of Cisco (formerly Riverhead) Detectors and Guards for DDoS Protection Kunjal Trivedi Technical Level: 2 Cyber attacks have evolved over time and today we must defend against increasingly large and sophisticated attacks, including application connection floods and massive botnets that can generate attacks reaching millions of bad packets per seconds. Increasingly, edge customers are turning to their Service Providers for large-scale detection and attack mitigation that ensures legitimate traffic is correctly identified and forwarded to its destination in order to maintain uninterrupted operations of business of critical applications. This session will cover the Cisco (formerly Riverhead) Detector and Guard product functionality, as well as network design and SP deployment guidelines that provide various service levels to mitigate DDoS. Design models and associated guidelines for both SP premise and customer premise deployments will be explored. We will address anomaly detection, and once an attack is detected how to divert traffic to a Guard cluster that provides a multi-layer intelligent filtering complex for intelligent attack mitigation. A detailed case study will be used to illustrate a real world example of a deployed Traffic Anomaly Detector and Guard topology.

NMS-2021 Large Scale Deployments of CiscoWorks Joe Clarke Technical Level: 2 This session focuses on tools and techniques to effectively scale CiscoWorks up to its maximum device capacity, and the deployment models needed to manage larger networks. The course examines server requirements, redundancy scenarios, tools such as the Data Export Engine, Remote Syslog Analyzer Collect, and Device List Management Services, as well as real-world, large-scale deployments.

NMS-2202 How Cisco Achieved High Availability in its Local Area Network Darrell Root Technical Level: 2 This session shares the experience of the Cisco IT Networking organization during its quest to achieve high availability in the 50-building San Jose campus. This session describes how Cisco IT Networking measures network availability, shares Cisco availability results, and explains the technologies and operational best practices Cisco used to achieve those results.

NMS-2305 Deploying and Managing a Content Switched Network Jeffrey Ostermiller Technical Level: 2 Application developers often say: It is the network; the network is the problem. Many customers are challenged to prove that the network is not the problem. Many of the issues relate to the complexity around troubleshooting and managing a load-balanced network. This session focuses on the skills to help troubleshoot load-balanced networks. The course examines the various load-balancer configurations for bridged mode, routed mode, and one-armed configurations of the Cisco Content Switching Module (CSM) and the Cisco Content Services Switch (CSS) in issues around these design options. The session focuses on the troubleshooting aspects of the designs, including server connectivity, persistence, and scripted health checking. The session also addresses the top ten load-balancing questions, issues, and concerns from Cisco Technical Assistance Center (TAC) cases. Finally, the course examines common load-balancing deployment models, and multitiered intranet and Internet load-balancing deployments.

NMS-2306 Disaster Recovery and Geographic Load Balancing Zeeshan Naseh, Stefano Testa Technical Level: 2 Zero downtime is one of the key principles in network design, in particular when building data-centers, where key applications and data need to be accessed at any given time. Content switches have traditionally been used to build scaleable and resilient data-centers offering local load balancing for the data-center front-end and multi-tier architectures. Over the past years enterprises and services providers around the world have started to utilize content switches (often in conjunction with other dedicated GSLB [expand the acronym] devices) to also provide redundancy across multiple distinct geographic locations. The session introduces Global Server Load Balancing (GSLB) concepts and terminology, like active-standby, active-active, and disaster recovery, before diving into a detailed description of the most common GSLB technologies, including DNS-based solutions, L3-based solutions (Route Health Injection) and HTTP-only mechanisms. Examples of real-world deployments, with caveats and strengths of each solution, complete the session.

NMS-2307 SSL Optimization and Server Offload for Content Management Stefano Testa Technical Level: 2 Providing authentication, encryption and integrity, the Secure Sockets Layer (SSL) protocol is today widely used for communication between applications across intranets and the Internet. SSL represents a significant and growing percentage of the total traffic that enterprise and service provider networks are carrying. Networks and connected devices need to rapidly adapt to transport and process large amount of encrypted data. This session starts by reviewing the basics of the SSL protocol stack and functions. It covers mechanisms of Public Key Infrastructure, including SSL certificates, Certificate Authorities and Certificate Revocation Lists. SSL termination devices (SSL offloaders) are then presented in detail: which advantages they offer, how they fit in the network, what are their features, and how to measure their performance. The session includes network diagrams and packet flows for both basic and advanced designs with SSL termination devices, like SSL termination, back-end SSL, and SSL initiation.

RST-2504 Cisco Catalyst 6500 Service Module Design and Implementation Stefano Testa Technical Level: 2 The Cisco® Catalyst® 6500 Series switching platform supports a range of service modules that are designed to provide high-performance services for specific applications. This presentation discusses many of those modules, specifically the firewall, VPN, intrusion detection, content switching, and Secure Sockets Layer (SSL) modules. This session gives attendees a quick review of the features provided by each module, design considerations for implementing the modules in a network, and configuration examples to show how they interact with each another.

RST-2505 Campus Design Fundamentals Mark Montanez Technical Level: 2 This session discusses best practices for deploying the Cisco® multilayer campus model. It will focus on the technology alternatives related to enterprise campus networks. The session will illustrate the hierarchical layers of the model: access, distribution and core with guidance on technology and protocol alternatives such as Spanning Tree (PVSTP+) and Rapid Spanning Tree (Rapid PVST+), and the use of routing in the access layer (EIGRP and OSPF). The session will also examine features and design principles at each layer of the model for successfully deploying an enterprise network. Detailed examples of failure analysis scenarios, discussions on LAN, and Interior Gateway Protocol (IGP) tuning related to enterprise networks will be illustrated. Finally the session will focus on how to avoid common pitfalls such as CEF polarization, asymmetrical routing, unicast flooding, routing black holes, and best practices needed to optimize an enterprise network to support today's current business applications.

RST-2506 Analyzing the Impact of Emerging Technologies on Campus Design Michael Herbert Technical Level: 2 This session examines the impact of emerging network technologies and solutions on enterprise campus network design. Participants will gain an in-depth understanding of design best practices required to meet emerging business, security, and availability requirements. This session includes design guidance focused on how to support campus wireless LAN integration, how to implement the services required for voice and video applications. Other areas covered in this session include how to integrate security best practices and worm mitigation techniques, while enabling highly available voice, data, wireless, and video services.

RST-2514 High Availability in Campus Network Deployments Hazim Dahir Technical Level: 2 This session focuses on leading-edge high-availability and redundancy features in Cisco switches and how they work together to provide nonstop network resiliency. Session topics include Cisco Catalyst Nonstop Forwarding (NSF) and switch stack resiliency technologies. Additional topics include gateway load balancing, advanced spanning-tree enhancements, resilient ring topologies and deployment strategies designed to minimize or eliminate network disruption and improve convergence.

RST-3509 Troubleshooting Cisco Catalyst 6500 Series Switches Christopher Travis Technical Level: 3 This session covers troubleshooting commands and methods for the Cisco Catalyst 6000 and 6500 series switches. In addition to discussing code maintenance and conversion, system health monitoring and troubleshooting, this session will also address platform specifics in troubleshooting packet forwarding, supervisor and MSFC redundancy, spanning tree, IP multicast, access-control lists, and quality of service.

SEC-2002 Understanding and Stopping Layer 2 Attacks Troy Sherman Technical Level: 2 Most networks today are built on the foundations of the seven-layer (OSI) model. This session focuses on the security issues associated with Layer 2, the data link layer. Studies show that a significant percentage of all network attacks originate from inside the corporate firewall; therefore, exploring this soft underbelly of data networking is critical for any secure network design. Security issues focused on in this session include Address Resolution Protocol (ARP) spoofing, MAC flooding, VLAN hopping, Dynamic Host Configuration Protocol (DHCP) attacks, and Spanning-Tree Protocol concerns. Common myths about Ethernet switch security are either confirmed or debunked, and specific security lockdown recommendations are provided. Attack mitigation options include the new DHCP snooping and Dynamic ARP Inspection (DAI) function. Attendees can expect to learn Layer 2 design considerations from a security perspective, and mitigation techniques for Layer 2 attacks.

SEC-2020 Deploying Firewalls Brian Ford Technical Level: 2 A firewall is considered by many to be a minimum requirement for any secured network. Firewall technology can be found in devices ranging from network interface cards to software available for a wide variety of computer devices to specialized appliances. The firewall is thought to provide an important point of defense against a wide variety of vulnerabilities and reduce the profile of the network to a wide range of threats and vulnerabilities. This presentation explores some of the most common firewall deployment scenarios, including how a firewall can be used to implement security policy. Numerous methods for implementing and testing firewalls in these scenarios are presented. This presentation also examines and contrasts the security capabilities of many existing firewalls, as well as highlighting the relationship of firewalls to other related security technologies such as filtering, antivirus, intrusion prevention, and intrusion detection systems. These capabilities are matched against numerous threats that have been discovered during the past year to help the attendee understand the contribution of the various capabilities when trying to address these threats.

SEC-2030 Deploying Network-Based Intrusion Detection and Prevention Systems William Battle Technical Level: 2 Intrusion detection and prevention systems have become an essential technology in the deployment of a "defense-in-depth" security architecture. These systems provide packet and flow analysis and have the capability of taking response actions to various events, such as dropping malicious or offending traffic. These abilities are not available through other security technologies. This session discusses the roles of network-based intrusion detection and prevention systems, and where these systems can be best deployed to maximize coverage and benefit. The session provides an in-depth look at the capabilities and components of Cisco Intrusion Detection System (IDS) Threat Defense technologies and presents a series of strategies and techniques on how to design, deploy, and tune network-based intrusion and prevention systems in several environments. Issues such as device placement, traffic selection and aggregation, design validation, capture options, and scalability are discussed. Also covered are some of the key monitoring and attack validation concepts specific to IDS deployments. A series of deployment case studies are examined.

SEC-2031 Understanding and Deploying Host-Based Intrusion Protection Technology Jonathan Hogue Technical Level: 2 Recent Internet-born worm and Trojan incidents have made malicious mobile code protection an issue of top concern for many organizations. Host intrusion prevention technologies provides threat protection for server and desktop computing systems, also known as endpoints. It can identify and prevent malicious behavior, thereby eliminating known and unknown ("Day Zero") security risks and helping to reduce operational costs. This session provides an in-depth look at the capabilities and components of host intrusion protection technology, the deployment process, and its integration within various computing environments.

SEC-2040 Understanding and Deploying Network Admission Control Russell Rice Technical Level: 2 Cisco Network Admission Control (NAC) is an industry-wide collaboration led by Cisco to focus on limiting damage from emerging security threats such as viruses and worms. Customers using NAC can allow network access only to compliant and trusted endpoint devices (for example, PCs, servers, personal digital assistants [PDAs]) and can restrict the access of noncompliant devices. With the newly shipping initial phase, Cisco NAC helps enable Cisco routers to enforce access privileges when an endpoint device attempts to connect to a network. This decision can be based on information about the endpoint device such as its current antivirus state and operating system patch level. Cisco NAC allows noncompliant devices to be denied access, placed in a quarantined area, or given restricted access to computing resources. This session provides an overview of Cisco NAC, its key components and capabilities, and the underlying technologies, design considerations, management considerations, and troubleshooting tips.

SEC-3010 Troubleshooting Cisco IOS Firewall-Based and Cisco Secure PIX Firewall-Based IPSec VPNs Jazib Frahim Technical Level: 3 This session demonstrates detailed techniques for troubleshooting Cisco IOS Firewall and Cisco Secure PIX Firewall-based IP Security (IPSec) designs and implementations. It covers the debugging tools available within Cisco IOS Firewall and Cisco Secure PIX Firewall to troubleshoot IPSec VPN configurations. This session also provides solutions to the most commonly seen issues concerning IPSec VPN designs and implementations, based on the experiences of Cisco Technical Assistance Center (TAC) engineers.

SEC-3020 Troubleshooting Firewalls Obaid Vanjara Technical Level: 3 Firewalls are crucial components of today's networks. Their optimal functioning is critical to an enterprise network. It is essential for network engineers to be able to quickly and efficiently troubleshoot them. This presentation focuses on the tools and techniques that can be used to troubleshoot the Cisco PIX Firewall, the Cisco Firewall Service Module (FWSM), and the Cisco IOS Firewall, enabling the attendees to successfully maintain their Cisco firewalls. This presentation also covers some common troubleshooting scenarios in a case study format.

SEC-3030 Troubleshooting Intrusion Detection Systems Marcus Sitzman Technical Level: 3 This presentation focuses on troubleshooting intrusion detection systems (IDSs) using Cisco IDS Software 4.0 on sensors and Web-based configuration tools for network IDS appliances such as the Cisco IDS Device Manager (IDM) and the Cisco IDS Event Viewer. Detailed troubleshooting steps are examined for the Cisco Security Agent Management Console (SAMC), which is a part of the CiscoWorks VPN/Security Management Solution (VMS) 2.2 Software bundle with regard to installation, configuration, and deployment issues.

CERT-2100 CCNP Certification (Building Scalable Cisco Internetworks-BSCI) Kip Peterson, Gary Rubin Technical Level: - Advanced Networks Information, a Cisco Learning Partner will focus on topics covered in the Building Scalable Cisco Internetworks (BSCI) course such as advanced IP addressing, manipulating routing updates, Enhanced Interior Gateway Routing Protocol (EIGRP), Open Shortest Path First (OSPF), Intermediate System-to-Intermediate System (IS-IS) Protocol, and Border Gateway Protocol (BGP). This session gives candidates on the CCNP certification track an understanding of the issues associated with route redistribution (exchanging route information) between different IP routing protocols. Session attendees will be guided through route redistribution scenarios and will learn how to identify the presence of unwanted routing feedback. The presentation focuses on using Cisco IOS tools, especially route filters and route maps, to address the negative effects created by routing feedback loops. Attendance of this session prepares candidates for the proper implementation and troubleshooting of route redistribution in medium and large networks.

NMS-1011 Principles of Fault Management Christopher Elliott Technical Level: 1 An effective fault-management process is essential to maintain network service and high availability. This session teaches how to improve network availability through the use of fault-management tools and techniques. It provides an overview of the fault-management process, as well as specifics on fault-management tools, including event- or fault-reporting capabilities in Cisco devices and available fault-management applications. The course goes into some detail about Simple Network Managment Protocol (SNMP) and syslog notifications, as well as additional capabilities in Cisco devices, such as the Cisco Service Assurance Agent, Remote Monitoring (RMON) alarms and events, and the Event MIB. In addition, the session provides a brief introduction to the Expression MIB. Discussion includes applications that can be used to manage fault-reporting capabilities and fault-management systems such as the Cisco Internetwork Performance Monitor, Cisco Info Center, CiscoWorks Device Fault Manager, and several third-party applications.

NMS-1101 Understanding DHCP and DNS John Schnizlein Technical Level: 1 This session describes how to manage IP addresses and host and domain names. It covers the protocols and operation of Dynamic Host Configuration Protocol (DHCP) and Domain Name System (DNS). It covers the interaction between DHCP and DNS through Dynamic DNS. It also includes methods for supporting various applications and recent standards developments in the IETF.

NMS-2001 Network Troubleshooting Tools and Techniques Joe Clarke Technical Level: 2 This session covers general network troubleshooting tools and techniques, focusing on classifying network problems in order to determine what tools to use to troubleshoot them. The course examines some general tools of the trade, such as ping, traceroute, sniffers, and Remote Monitoring (RMON), as well as Cisco tools such as Service Assurance Agent and command-line interface (CLI) commands.

NMS-2031 Traffic Accounting Scenarios Ralf Wolter Technical Level: 2 This session identifies and distinguishes different accounting techniques and discusses how to apply them to various scenarios, such as performance monitoring, network baselining, traffic engineering, security analysis, peering agreements, and billing scenarios (usage- and time-based and voice over IP [VoIP]). Technologies covered include NetFlow, Simple Network Management Protocol (SNMP), network-based application recognition (NBAR), Remote Monitoring (RMON), application response time (ART), authentication, authorization, and accounting (AAA), RADIUS, TACAS, and Border Gateway Protocol (BGP) policy accounting.

NMS-2032 NetFlow for Accounting, Analysis and Attack Paul Kohler Technical Level: 2 This session covers NetFlow features such as aggregation schemes, versions, IP Multicast, Border Gateway Protocol (BGP) Next Hop, Egress NetFlow, Multiprotocol Label Switching (MPLS), Sampled NetFlow, sub-interface support, and recent features such as NetFlow input filters, NetFlow MIB, and top talkers. Subjects include configuration, deployment, troubleshooting, performance, platform support, and standards for NetFlow. NetFlow has become the leading accounting, analysis, and denial-of-service attack mitigation technology at Cisco and now the industry.

NMS-2042 Performance Measurement with Cisco Devices David Melton Technical Level: 2 This session focuses on Cisco IOS Software features to measure performance in the Network. Understanding the different technologies, including Application Response Time (ART), Remote Monitoring (RMON), NBAR, different MIBs, Embedded Event Manager, NetFlow and Service Assurance Agent (SAAgent), will allow attendees to measure availability, usage, and performance on their network through the command-line interface (CLI) or Simple Network Management Protocol (SNMP).

NMS-2101 DNS Deployment and Operation Patrik Faltstrom Technical Level: 2 The Domain Name System (DNS) is used in almost all the application layer protocols we use on the Internet. Therefore, stable, reliable DNS is important for communication. This session examines in detail operational and technical constraints when a domain name owner wants to deploy DNS for the domain name. The goal is to describe how an enterprise should set up DNS for its organization. This involves numerous different steps, including but not limited to management of hidden master servers, secure zone transfer, split DNS scenarios in firewall situations, and similar day-to-day operational issues.

NMS-2102 Deploying and Troubleshooting NAT Michael Hollowell Technical Level: 2 This session discusses the configuration and deployment of Cisco IOS Software-based Network Address Translation (NAT) in an enterprise environment. The discussion varies from why someone might want to implement NAT to the configuration and troubleshooting of a network that is using NAT technology. Focus is on Virtual Private Network (VPN), voice, and new enhancements to Cisco IOS Software-based NAT functions, and comparisons to how NAT operates on the Cisco Secure PIX Firewall.

NMS-2201 Network Availability Measurement James Thompson Technical Level: 2 The session introduces availability definitions and their relationship to business objectives in enterprise and service provider networks. The focus is on collection and calculation needs from component level through service level. Measurement techniques such as Component/Device/Network availability %, defects per million (DPM), and impacted user minutes (IUM) are compared and contrasted. We will discuss technologies to gather availability which will includes the use of component-outage-online (COOL) measurement and embedded event manager. A case study depicting data-collection technologies and their correlation to automated trouble ticketing systems is shown. How these create the ability to produce availability reports is discussed. The final section covers the development of an 'Availability Culture' within an organization wherein availability is one of the primary metrics used to identify and categorize the root causes of downtime, which would then be addressed by the appropriate team.

NMS-3011 Getting the Right Events from Network Elements Benoit Claise Technical Level: 3 An effective fault-management process is essential to quickly detect problems and maintain network services. This session teaches how to improve network availability through the use of fault-management techniques. It provides a quick overview of the fault-management process, including event- or fault-reporting capabilities in Cisco devices. Simple Network Management Protocol (SNMP) and syslog notifications are discussed in detail, as well as additional capabilities in Cisco devices, such as the Remote Monitoring (RMON) alarms and events, the Event MIB, and the Cisco Service Assurance Agent. This session provides a brief introduction to the Expression MIB. In addition, new fault-management features embedded in Cisco devices are also described. Note that several examples and scenarios, including command-line interface (CLI) configuration and show commands, are analyzed.

NMS-4043 Advanced Service Assurance Agent Emmanuel Tychon Technical Level: 4 For attendees already familiar with Cisco Service Assurance Agent (SA Agent), this course explains how to get the most out of it. In particular, the course explains how to find the ideal set of parameters that can be set to achieve more accurate and meaningful results with SAA, such as frequency, interval, and packet size. Then, more advanced topics and new features are reviewed, such as mean-opinion-score (MOS) measurement for a voice-over-IP (VoIP), and the use of Cisco SA Agent in a Multiprotocol Label Switching (MPLS) or VPN network.

RST-1305 IPv6 concepts Khalid Raza Technical Level: 1 This session will examine the need for IPv6, and the differences and similarities between IPv4 and IPv6. Different types of IPv6 addresses and neighbor discovery protocols will also be discussed. This session will also examine routing protocols like OSPF, BGP, and ISIS for IPv6. We will also discuss integration and migration techniques for IPv6 by examining tunnelling techniques. Finally, we will review case studies on how IPv6 is being deployed.

RST-1701 Introduction to IP Multicast Bryan Mclaughlin Technical Level: 1 This session provides an overview of the fundamentals of IP Multicast. It covers the basic concepts of several essential components of IP Multicast such as link layer addressing, host-router signaling (Internet Group Management Protocol Versions 1 through 3 [IGMP v1–v3]), distribution trees, and Reverse Path Forwarding. The session then gives an overview of Protocol Independent Multicast sparse mode (PIM-SM). This PIM-SM overview provides a brief, high-level look at the various PIM-SM modes of operation, concentrating on basic sparse mode because this is the mode most widely deployed mode of IP Multicast. Also included is a brief overview of bidirectional (bidir) and source-specific multicast. The concepts of several interdomain multicast protocols such as Multiprotocol Border Gateway Protocol (MBGP), Multiprotocol Source Discovery Protocol (MSDP), and multicast VPNs are briefly introduced. Also included is a brief overview of IPv6 Multicast.

RST-2303 Deployment and Analysis of BGP Steven Moore Technical Level: 2 This session offers an introduction to the Border Gateway Protocol (BGP). The session includes such topics as building and troubleshooting peering relationships, common deployment considerations such as controlling traffic flow through policy, peering arrangements, and policies, and route reflectors. The target audience is network engineers who have deployed or are considering deploying the BGP protocol in their networks, either in a peering arrangement with other (external) routing domains (such as the Internet), or as a way to scale the core of a large-scale network.

RST-2304 Deploying Mobile IP Stefan Raab Technical Level: 2 This session addresses Mobile IP specifications, functions, and operation. It compares and contrasts Mobile IP with traditional routing protocols to clearly define its role in the network. Mobile IP configuration fundamentals and best practices are presented, and operational issues are discussed. This session presents a foundation applicable to all Mobile IP deployments, including enterprise wireless LAN, mobile networks, and Code Division Multiple Access (CDMA) 2000.

RST-2305 IPv6 Deployment Shannon Mcfarland Technical Level: 2 This session focuses on IPv6 deployment options for the enterprise. Networkers receive in-depth information about IPv6 operation and transition methods. The session focuses Enterprise IPv6 deployment and includes: multicast operation, quality of service (QoS), mobility, and how to deploy IPv6 using various transition tools. The session features best practices for deploying IPv6 in the enterprise and how to select the correct transition method for an enterprise network. Detailed configuration examples are given for IPv6 services such as IPv6 tunneling and multicast routing Finally, the session breaks down the best practices and configurations based on specific areas of the network such as campus, WAN, and remote access.

RST-2310 Which Routing Protocol James Ng, Harold Ritter, Russ White Technical Level: 2 Routing protocols engineers all over the world are always asking: Which routing protocol should I use in this network? Should I switch routing protocols? What are the advantages and disadvantages of each protocol? Is one protocol really that much better than any of the others? This session explores the mysteries of routing protocols selection, discusses the differences between them, and shows how different topologies and network goals fit different routing philosophies and different routing protocols.

RST-2311 Packet Forwarding and Operation of Mid to High End Routers and Switches Phil Harris Technical Level: 2 Primarily designed to analyze the path of a packet through mid to high end routers and switches (7100, 7200, 7300, 7400, 7600, GSR, and Catalyst 4000/6500). In particular, we will look at the operation and functionality of the FORWARDING/DATA PLANE, and it's interaction with the control and management plane, in the allocation of platform resources to complete the various tasks required to forward packets. We will look at both "vanilla" packet paths, as well as understanding how specific features are implemented within the devices, including the order in which features are applied, and how this can help us optimize forwarding performance as well as avoid feature conflict. Features we will examine include packet classifications, and the subsequent use of classification to make decisions such as ACL operation, Netflow operation, QoS prioritization, application layer control (WCCP and NBAR).

RST-2312 Control Plane Operation in Mid to High End Routers and Switches Phil Harris Technical Level: 2 This session is primarily designed for any attendee looking for an understanding of the architectural and operational aspects of mid to high end routers and switches with respect to the way in which topology information is used to create, maintain and utilize the CONTROL PLANE required to forward packets. The session looks to analyze router design architecture and function, and then move on to examine how the design and functionality of a platform affect stability and performance from the perspective of building, maintaining and stabilizing the control plane, both locally on individual devices, as well as their interaction with other routing and switching components in the Network. Specific subjects that will be covered will include Cisco Express Forwarding (CEF), and memory utilization of the various forwarding and state tables and how this can be determined and planned for, as well as understanding how to interpret the various terms used in CEF such as Nodes, leaves, paths etc. Finally we will discuss specific issues associated with convergence of the Control plane from an operational perspective. Looking at both the forwarding and receiving of Routing Protocol updates as well as the processing of the updates on a node by node basis. Examples of the way CONTROL PLANE information is handled with respect to other transient traffic will be examined.

RST-2510 Deploying QoS for Converged Networks Ramya Venkatraman Technical Level: 2 This presentation discusses aspects involved in designing and implementing Quality of Service (QoS) in converged enterprise networks. This session covers how QoS tools can be used to optimize the network to meet requirements of various applications, such as voice and video, and how to identify and protect critical data applications by enabling multiple classes of service on the network. Networkers will learn details about the latest QoS features available in Cisco IOS Software, capabilities to aid in solving problems, as well as simplifying the implementation of QoS, and how to monitor and report on QoS performance. This session also covers aspects of the Cisco AutoQoS framework that drastically simplifies IP QoS configuration, and reduces the cost and time required for large-scale QoS deployments in enterprise networks.

RST-2701 Deploying IP Multicast Beau Williamson Technical Level: 2 This presentation covers numerous aspects of configuring and deploying a IP Multicast solution in both enterprise and service provider networks. Example configurations begin with basic multicast deployments and progress to the deployment of larger, mission-critical multicast networks. Topics covered include details on various multicast router configuration commands along with the use of administrative scoping, Auto-RP, bootstrap router (BSR), and Anycast-RP techniques in Protocol Independent Multicast sparse mode (PIM-SX) networks. Finally, the fundamentals of two new emerging multicast technologies, bidirectional (bidir) PIM and source-specific multicast, are introduced, along with how these new technologies provide better scalability of IP Multicast.

RST-2702 Deploying IP Multicast VPNs Yiqun Cai Technical Level: 2 This session covers the protocols and mechanics of multicast VPN (MVPN). MVPN is built upon a new IP tunneling technology that uses multicast group addresses as tunnel destination addresses. The detailed operation, as well as the pros and cons, is presented and analyzed in this session. An additional mechanism is introduced to optimize the flooding of multicast traffic in the service provider network. Various options of deploying MVPN in a multi-AS service provider network are studied. Finally, techniques to offer extranet services are discussed. Throughout the session, configuration and deployment examples are provided to help illustrate the key aspects of MVPN.

RST-2800 Designing and Debugging a SNASwitch Enterprise Extender Solution to Replace SNA Routing in the Data Center Ray Romney Technical Level: 2 This session covers how the SNA Switching Services (SNASwitch) feature of IOS can be used to support SNA host applications and network devices while removing SNA routing/bridging from the data center. It describes how SNASwitch fits into an IBM APPN/HPR/DLUR environment, which Front End Processor (FEP) functions/devices it can and cannot replace, and where to best position the SNASwitch routers in the network (including coexistence with Data Link Switching - DLSW). Specific configuration options and samples will be discussed. The last part of the session covers troubleshooting strategies and tools, including the internal sniffer-like Data Link Control trace (dlctrace).

RST-3300 Troubleshooting EIGRP Don Slice Technical Level: 3 EIGRP can present some significant challenges in troubleshooting. This session provides techniques for troubleshooting even the hardest EIGRP problems, including stuck in active routes, neighbor relationship issues, and reliable transport problems.

RST-3301 Troubleshooting OSPF Faraz Shamim Technical Level: 3 This session focuses on the techniques for troubleshooting OSPF using various scenarios. It goes into details on the problem/solution pairs for neighbor relationships, route not being installed in the routing table, SPF problems, etc. It also discusses the show commands that are useful in troubleshooting OSPF networks

RST-3303 Troubleshooting and Advanced Topics in BGP Daniel Walton Technical Level: 3 This session provides information on troubleshooting, advanced features, and new developments in BGP. We will show how to troubleshoot some of the most common BGP problems followed by a discussion on new features. New feature topics include peer-templates, BTSH, OER, security, and improvements in BGP convergence.

RST-3311 Troubleshooting and Optimizing the Operation of Cisco Routers Rodney Dunn Technical Level: 3 This session covers troubleshooting and optimization techniques for the Cisco IOS Software system. Topics that will be covered include memory utilization, CPU usage, and buffer management. These topics will be explained in the context of particular hardware architectures where applicable. This session will also cover common optimizations to enhance the performance of the platform as well as software features used.

RST-3507 Troubleshooting Cisco Catalyst 3750, 3550, and 2900 Series Switches Mike Pavlovich Technical Level: 3 This session covers troubleshooting commands and methods for Cisco Catalyst 3750, 3550, and 2900 series switches. In addition to code maintenance and stacking, this session also covers platform-specific details for how to troubleshoot packet forwarding, multicast, access-control lists, and quality-of-service issues.

RST-3508 Troubleshooting Cisco Catalyst 4000 and 4500 Series Switches John Bartlomiejczyk, Hemant Verma Technical Level: 3 This session covers troubleshooting commands and methods for the Cisco Catalyst 4000 and 4500 series switches. In addition to discussing system health monitoring and troubleshooting, this session will also address platform specifics in troubleshooting packet forwarding, supervisor redundancy in the Cisco Catalyst 4507R switch, spanning tree, multicast, access-control lists, and quality of service.

RST-3511 Troubleshooting LAN Protocols Thomas Settle Technical Level: 3 This session introduces troubleshooting terminology and methods universal to all Cisco Catalyst products. Topics covered in a platform-independent fashion include: VLANs, VLAN Trunking Protocol (VTP), trunking, channeling, spanning tree and spanning-tree features, IP multicast, access-control lists, and quality of service concepts. This session will also explore data collection and recording techniques and problem-solving strategies.

RST-4300 Advances in EIGRP Donnie Savage Technical Level: 4 Several new features and capabilities have been integrated into EIGRP in the last several years, and many more are planned. In this session, new features and their use in real-world networks will be discussed, including EIGRP PE/CE for integration into MPLS VPNs, extended tagging and community support, and enhancements to EIGRP stubs.

RST-4301 Advances in OSPF Faraz Shamim Technical Level: 4 This session focuses on deployment techniques for Open Shortest Path First (OSPF) in service provider, enterprise, and Internet service provider (ISP) dial networks. Discussions include dividing OSPF flooding domains through areas, advanced summary techniques, and features such as Fast Convergence, Nonstop Forwarding, Stub Router advertisement, and flooding reduction. Example configurations and deployment techniques are discussed for each feature.

RST-4311 Optimized Edge Routing Dana Blair Technical Level: 4 Optimized Edge Routing (OER) is a technique that allows network administrators to guide their outbound traffic toward networks of interest based on real-time measures of path performance, load, and cost. OER allows the network administrator to determine which outbound path to use among several options to use based upon delay, loss, reachability, use, load distribution, and transmit cost.

RST-4312 High Availability in Routing Micah Bartell Technical Level: 4 High availability is a much discussed topic in the networking industry, with engineers working to achieve the magical 5 nines of availability. How do routing protocols fit into this high-availability drive? This session discusses how to optimize routing to fit into the highly available network, including fast convergence, graceful restart, and other techniques, and focusing on their deployment in real-world networks.

RST-4313 Multitopology Routing Chetan Khetani, Scott Sturgess Technical Level: 4 Many enterprise networks have increasingly put forward new requirements to route traffic with different classes of service through different parts of their network infrastructure. Multitopology Routing (MTR), currently being developed, provides this capability. This session introduces the concepts and provides deployment basics for this new technology.

RST-4314 Advances in Router Architecture David Tsiang, David Ward Technical Level: 4 Routers and Router Operating Systems are an area of constant improvement within Cisco; this session discusses advances in this area, primarily a new router platform, and its accompanying operating system. This session will cover the basic architecture of these two new products, including an overview of the exciting new capabilities they bring to large-scale, highly available networks.

RST-4701 Advanced IP Multicast Michael Mcbride Technical Level: 4 This session covers the protocols and topologies associated with Interdomain multicast routing, including details on the operation of MSDP and MBGP as they relate to PIM. This session also introduces the latest trends in Interdomain multicast routing, PIM Source Specific Multicast (SSM), Multicast VPNs, and IPv6 Multicast. During this session, the fundamentals of MBGP and MSDP are covered along with their basic configuration as well as the use of Anycast RPs. Numerous topology examples with regard to Interdomain multicast using MBGP and MSDP are presented along with configuration examples for both service providers and customers. Next, the session introduces Source Specific Multicast and shows how this method of Interdomain multicast solves some of the problems associated with traditional Interdomain PIM-SM multicast. Multicast VPNs in an MPLS VPN environment will be presented. IPv6 Multicast will be discussed. Methods to secure a multicast network will be presented. Finally, source redundancy options will be discussed.

SEC-1000 Introduction to Network Security Keith Stewart Technical Level: 1 In the last few years, network security has become dramatically more important to the business success of an organization. Current threats to the organization such as worms, denial of service (DoS), and electronic theft pose increasing risks to the bottom line. Security has become a concern of all network professionals, yet for those new to the field, the broad array of technologies and terminology can be daunting. This session presents an overview of the key concepts and current best practices in network security. The central role of a security policy and its ongoing maintenance are discussed. Using reference designs for a few key areas of the network, the role that each security and network technology plays in securing the network is examined. Finally, the session closes with a discussion of security event monitoring, as well as incident response.

SEC-2000 Secure Enterprise Design Russell Rice Technical Level: 2 Network security is no longer exclusively the domain of dedicated information security teams. Throughout the enterprise, from the access through to the core and out to the Internet perimeter, network security must be an intergal part of network design. This session introduces key concepts to consider when designing and evaluating network security systems. It starts with the fundamentals: axioms, the design process, and important design principles. These concepts are then applied to a variety of best practice designs and case studies in an interactive design discussion.

SEC-2003 IPv6 Security Threats Sean Convery, Darrin Miller Technical Level: 2 IPv6 is seeing increased deployments worldwide and is expected to ramp up significantly with the U.S. Department of Defense mandate of IPv6 by 2008. Much of the existing security discussion around IPv6 has focused on its inclusion of IPSec. While the confidentiality, integrity, and authentication features of IPSec are clearly useful, IPSec deployment will suffer many of the same deployment challenges as are currently seen in IPv4 (identity, key management, and configuration issues). This session will present IPv6 security as contrasted with IPv4 from a threats perspective. Common threats you may be familiar with in IPv4 will be compared to how those threats may evolve in IPv6 and what new considerations or best practices will be necessary to mitigate these threats. Potential best practices for the use of IPv6 in a dual-stack mode in an Internet edge will be presented as well.

SEC-2005 Understanding 802.1x, IBNS, and Network Identity Services Ian Foo Technical Level: 2 This session covers the applications and implications of identity and authentication as a means of enhancing network security via access control. Topics include identity-based access control and policy enforcement techniques using Cisco’s Identity Based Networking Services (802.1x, RADIUS, Extensible Authentication Protocol [EAP], etc.), deployment and migration issues associated with introducing identity concepts into the network, and advanced network authentication concepts. A brief overview of supporting technologies and their relevance in complementing identity in the network (Public Key Infrastructure [PKI], Transport Layer Security [TLS], leveraging of Identity Management Systems & Data Stores, etc.) also are discussed.

SEC-2006 Managing Security Technologies Erik Lenten Technical Level: 2 This session examines the issues involved in managing security technologies. Best practices will be explained by using case studies for commonly deployed security technologies including firewalls, network- and host-based intrusion prevention systems and IPsec virtual private networks (VPNs). We will cover both tooling for small to medium-sized networks and tooling used for larger enterprises and managed security service providers. Details will also be provided on how to use these tools when addressing security related events, such as best practices for storing and managing events, and available reports for viewing security events most effectively. Finally, an update will be given on how security events can be aggregated and correlated.

SEC-2010 Deploying Remote Access IPSec and SSL VPNs Dan Angst, Dennis Vogel Technical Level: 2 This session covers the essentials for effectively planning, deploying, and managing VPNs for remote access. It includes analysis of IP Security (IPSec), Secure Sockets Layer (SSL), and operating system-supplied client options for providing remote user connectivity, as well as showing how these protocols can be used to provide transport security for wireless LANs (WLANs). Authentication choices, scalability and resiliency options, as well as device placement and network design are all covered. In addition, solutions to common concerns such as Network Address Translation (NAT) transparency, desktop security integration, user management, and bandwidth allocation are highlighted. Finally, case studies are reviewed to demonstrate remote access VPN deployment examples and their corresponding configurations.

SEC-4000 Advanced Concepts in Security Threats Brian Best Technical Level: 4 The recent rounds of viruses and worms that continue to plague the Internet have indicated an increasing level of activity among malicious code writers trying to exploit systems. While viruses typically rely on social engineering by getting end-users to execute their payloads, worms rely on more automatic methods such as stack and heap overflows. This session examines the mechanics of stack and heap overflows in detail. This information will then be applied to examine two recent, widely publicized vulnerabilities in order to understand the mechanics of their exploitation code. These vulnerabilities include the Microsoft ASN.1 library length overflow heap corruption and the ASN.1 library bit string Heap corruption.

SEC-4010 Advanced IPSec Deployments and Concepts of DMVPN Networks Michael Sullenberger Technical Level: 4 This session covers advanced IP Security (IPSec) VPN site-to-site design and deployment with a focus on scaling to very large IPSec VPNs. It begins with dual-hub Dynamic Multipoint VPN (DMVPN) solution designs, progresses to multihub DMVPN, and ends with very large scale hubs using the Cisco Catalyst 6500. The main focus is on design, deployment, and managment, with some in-depth description of the functioning of DMVPN. The course also covers specific issues when using DMVPN with Network Address Translation transparency (NAT-T), quality of service (QoS), Multiprotocol Label Switching (MPLS), and dynamic routing.

SEC-4011 Advanced IPSec Algorithms and Protocols Saadat Malik Technical Level: 4 This session details how the Internet Key Exchange (IKEv1 as well as IKEv2) and the IP Security (IPSec) protocols work. The session also analyzes the authentication protocols involved in the IKE process. Encryption and hashing mechanisms, including the new Advanced Encryption Standard (AES) in IPSec, is also discussed. After describing the workings of these main protocols and mechanisms, the presentation addresses how some of the most important IPSec features and enhancements actually work. Examples of these include mode configuration, extended authentication, dead peer detection (DPD), IPSec Network Address Translation (NAT) transparency, and Tunnel Endpoint Discovery (TED). The session emphasizes protocol-level details of how the various features have been implemented, using packet flow charts and descriptions of the various fields in the packets. The session also includes discussions about some of the new implementations being worked in the IPSec space, such as multicast IPSec (group domain of interpretation [GDOI]).

VVT-2014 Centralized and Distributed Deployment Models for IP Contact Centers Christos Klardie Technical Level: 2 This session focuses on planning and deploying the Cisco IP Contact Center (IPCC) solution (Express and Enterprise) for small, medium-sized, and large deployments. Specific centralized and distributed deployment models and configurations will be presented. Attendees will gain an in-depth understanding of Cisco IPCC interworking components, their functions, and the decisions needed while planning a Cisco IPCC deployment. Topics include configuration overview, scripting overview (business logic), call flows, call routing, call transfers, Cisco interactive voice response (IVR) queuing, and single- and multi-site deployments. Attendees will receive recommendations for a successful IPCC deployment.

ACC-2001 Design considerations for Sizing and Scaling Metro Layer 2 Services Christopher Lewis, Vijay Raghavendran Technical Level: 2 This presentation delivers results from the extensive testing performed in Cisco labs, where analysis of point-to-point Virtual Private Wire Service (VPWS) and point-to-multipoint Virtual Private LAN Service (VPLS) implementations has been undertaken. The technology- and implementation-specific components of metropolitan (metro) Layer 2 service scalability are identified, along with best practice recommendations for architecture and configurations necessary for a successful deployment.

OPT-1041 Introduction to Next-Generation Intelligent DWDM Networks Donyel Jones-Williams Technical Level: 1 The falling prices of optical components coupled with the adoption of 10-Gbps technology has enabled the next generation of dense wavelength-division multiplexing (DWDM) networks. The intelligence required to provision, monitor, and maintain these networks is moving from the network administrator to the network elements. Layer 1 phenomena such as nonlinear effects, chromatic dispersion, optical noise, and fiber degradation along with network-affecting disruptions caused by operator error can now be detected, isolated, and, in some cases compensated for, by the network itself. This presentation details the most common Layer 1 limitations that a customer will face, along with how the network can avoid or mitigate them. A section delineating the advantages of this new intelligent network, such as less down time because of faster fault isolation and auto fault recovery, as well as lower maintenance costs because of the ease of provisioning new services, is also included.

OPT-1042 Metropolitan Ethernet Design Fundamentals Chiara Regale, Jason Sauviac Technical Level: 1 As service providers and enterprises look to meet the need for high-speed connectivity services, Ethernet has emerged as a viable metropolitan-area network (MAN) and WAN technology. This session focuses on the enterprise drivers for ethernet based services and explores different design considerations for a successful metropolitan (metro) ethernet deployment. Areas covered include service provider and enterprise Quality-of-Service (QoS) model interaction plus security and network availability models for both customer premises equipment (CPE) and service provider equipment. The presentation also introduces the latest Cisco Metro Ethernet capabilities and their impact on the overall solution.

OPT-2041 Implementing Optical Ethernet Networks with Pluggable Optics Alessandro Barbieri Technical Level: 2 This session focuses on implementing optical ethernet networks using pluggable optics. From multimode fiber to dense wavelength-division multiplexing (DWDM), this course is a practical guide to implementing campus and metropolitan (metro) ethernet applications with switches and routers. This presentation details the optical technologies available in pluggable modules (gigabit interface converters [GBICs], Small Form-Factor Pluggables [SFPs], Xenpaks, etc.), ranging from multimode optics to 10 Gigabit Ethernet and wavelength-division multiplexing (WDM). The presentation is a review of the applications, deployment guidelines, standards, and developments behind pluggable optics.

OPT-2043 802.17 and Spatial Reuse Protocol (SRP) Protocols Simon Herriotts Technical Level: 2 Resilient Packet Ring (RPR) technology has been gaining interest in both service provider and enterprise organizations in recent years because of its advantages in providing scalable, high-bandwidth Internet services, its reliable IP-aware optical transport, its ability to support Differentiated Services, and its simplified service network operations. The session provides a brief overview of the features and benefits of RPR as well as key applications. A technical overview of the emerging 802.17 RPR (Layer 2) protocol is given, including MAC operation, ring bandwidth control, and protection switching. The configuration and troubleshooting of RPR networks is discussed. The session concludes with a discussion on design and deployment recommendations for building RPR networks illustrated by several case studies.

OPT-2044 Service Aggregation Over DWDM for Network Consolidation Michael Noto Technical Level: 2 This session explores the application of high-density service aggregation over dense wavelength-division multiplexing (DWDM) as a strategy for business continuance and disaster recovery. This technology is evaluated in the context of industry regulations (for example, FED and SEC, Health Insurance Portability and Accountability Act of 1996 [HIPPA]), growing application traffic, support for new protocols, and the need to consolidate multiple networks for storage, data, LAN, voice, and video applications. The session illustrates how the service aggregation technology can be combined with a resilient, highly available networking architecture based on DWDM, to help implement a scalable disaster recovery strategy. The strategy addresses application requirements today (and will address them in the future), provides efficient utilization of fiber, inter-connects high-speed campus networks, and consolidates storage, data, and traditional networks. Featured case studies in the financial and banking, healthcare, and government verticals highlight the advantages of deploying service aggregation as part of a robust networking infrastructure to support a business continuance strategy.

OPT-2045 Extending Metro Ethernet Across SONET/SDH Transport Infrastructure Tejas Vashi Technical Level: 2 Advanced enterprise applications are driving the demand for metropolitan-area network (MAN) services. Providers are looking to offer these high-bandwidth value-added services with greater network flexibility through metropolitan (metro) Ethernet. These services demand diverse network architectures, such as point to point, hub and spoke, and multipoint. Providers can take advantage of the existing SONET/SDH infrastructure to offer all these variations in an efficient, resilient manner. This session addresses how providers can scale their metro Ethernet service delivery while maintaining the traditional voice services. Case studies illustrate the converged network design and model high-volume Ethernet traffic. The impact of quality of service (QoS) in transport network optimization is highlighted.

OPT-4041 Advanced Optical Technology for Next Generation Data Services Masum Mir Technical Level: 4 Advanced technology developments in IP and data services are the primary drivers for next-generation optical networks. Creation of an optical transmission infrastructure that is optimized for packet service delivery is the cornerstone of these efforts. This session outlines the challenges associated with a high-speed packet-optimized transmission network. Then, advanced optical technologies (tunable laser, R-OADM, optical layer performance monitoring, enhanced Forward Error Correction [FEC], and signaling) aimed at resolving these concerns are explored.

ACC-1020 Mobile Wireless - An Overview of the History and Present State of Mobile Wireless William Parkhurst Technical Level: 1 This presentation covers the history and present state of mobile wireless. The history discusses the evolution of the generations of mobile wireless systems from first generation analog to third generation digital systems. The technologies and modulation techniques that differentiate each generation are discussed in order to understand how data services have been added to cellular networks. The current state looks at the architecture and terminology of the two flavors of 3G mobile wireless, cdma2000 and UMTS, and the Cisco solutions for both approaches.

OPT-1051 Introduction to Storage Topologies and Applications Ravindra Neelakant Technical Level: 1 This session introduces storage terminologies, storage subsystems, and logical and physical storage definitions. The different storage protocols such as Small Computer System Interface (SCSI), Fibre Channel Protocol (FCP), SCSI over IP (iSCSI), Fibre Channel over IP (FCIP), and Internet FCP (iFCP) are discussed, along with a discussion of Fibre Channel as the transport layer for SCSI. The industry-prevalent storage deployment architectures such as Direct Attached Storage (DAS), Network Attached Storage (NAS), and Storage-Area Network (SAN) are introduced and discussed. The session is designed to introduce the audience to the different types of applications that exist in a data center and the appropriate storage protocol to be used. The session then covers application and data availability schemes using local and remote data replication.

OPT-2051 Fibre Channel Storage Area Network Design Thomas Nosella Technical Level: 2 As customers continue to deploy storage-area network (SAN) technology, the SAN is rapidly becoming a full-service network. No longer a simple port multiplexer, a SAN requires many of the same scaling and resiliency capabilities offered in many other networking technologies. This session focuses on the best practices for building Fibre Channel SANs and addresses scalability, high availability, security, and management design criteria. Features including port channels, virtual SANs (VSANs), interoperability, and topology design are discussed in detail. Multiprotocol expansion through Small Computer System Interface over IP (iSCSI) and Fibre Channel Interface Protocol (FCIP) are discussed briefly as an introduction to other sessions on these two topics.

OPT-2052 FCIP Design and Implementation Mark Allen Technical Level: 2 This session will focus on Fibre Channel over IP (FCIP) solutions for storage area network (SAN) extension over IP. It will cover the business continuance and application drivers for SAN extension to provide a context for the selection of the appropriate transport. It will then cover the FCIP protocol and specific implementations on the MDS9000, SN5428-2, and FC Port Adapter for the 7200. The session will illustrate several design and implementation considerations.

OPT-2053 iSCSI Design and Implementation Vivian He Technical Level: 2 This session focuses on the Small Computer System Interface over IP (iSCSI) for IP attachment to storage. It covers the SCSI and iSCSI protocols and the implementations on the Cisco MDS 9000 Series Multilayer Switch and Cisco SN 5428-2 Storage Router platforms. It then looks at various design and implementation issues that face enterprises wishing to deploy iSCSI, including scaling, performance, configuration, and security of IP storage.

OPT-2054 Storage Networking Security Lincoln Dale Technical Level: 2 Security in storage networking is a hot topic as organizations seek to ensure protection of data on their storage-area network (SAN). This session examines, in detail, the various security threats within Fibre Channel, storage over IP, and SAN management, and the techniques to mitigate the threats. Various denial-of-service and SAN attacks are demonstrated, and the techniques used to mitigate them shown. This in-depth session covers all aspects of SAN security, including topics such as authentication, zoning, port security, Fibre Channel Security Protocol (FC-SP), access control, virtual SANs (VSANs), VSAN security, role-based access control, and encryption.

OPT-3051 Troubleshooting MDS9000 Fibre Channel Storage Area Networks Michael Frase Technical Level: 3 This session will be primarily focused on the troubleshooting of the MDS9000 Fibre Channel (FC) switch and attached Fibre Channel SAN. Discussions will include MDS9000 troubleshooting methodology using Command Line Interface (CLI) debug outputs, use of built-in serviceability tools like the FCanaylzer, SPAN, FCping and FCtrace, along with the usability and understanding of CLI outputs. This session will discuss the operations of the Fibre Channel Services and FCP Protocol as it relates to the MDS family of switches and attached storage and host systems. Practical issues with Inter-Switch Link (ISL) connectivity, zoning and configurations are part of the learning discussions. Troubleshooting methods and tools using the Cisco Fabric and Device Manager will be discussed as part of this session. Case studies will be included. Note that MDS9000 IP storage technology is not part of this session, IP storage is covered in the session "Troubleshooting MDS9000 IP Storage Area Networks"

OPT-3052 Troubleshooting MDS9000 IP Storage Area Networks Michael Frase Technical Level: 3 This session will be focusing on the troubleshooting of the Cisco IP Storage technology found in the MDS9000 IPS module and SN5428 IP Storage Router. Both iSCSI and FCIP protocol troubleshooting as well as TCP/IP functions found within the Cisco storage switches will be covered. We will have a look at the interaction of the IP storage protocols with Fibre Channel as it pertains to the transport of block storage end to end. Configuration issues and debugging of the IP SAN including the layer 2 switch networks and routed networks will be discussed. Troubleshooting iSCSI drivers and the uses of available tools to analyze the Cisco IP SAN are discussed as part of this session. Fibre Channel troubleshooting as it applies to the Inter-Switch Link (ISL) within the FCIP tunnel and TCP transport will be covered. Netwrokers will experience case studies with tools like SPAN for the iSCSI and FCIP interfaces to the Cisco Port Analyzer and logging uses of the Cisco Fabric manager.

OPT-4051 Design and Architecture of Storage Networking Platforms Thomas Edsall Technical Level: 4 This advanced session on the design and architecture of platforms for storage networking provides attendees with the essential knowledge to understand how technology and design choices influence the design of highly scalable and reliable platforms for storage networking. The session will discuss concepts such as cut-through versus store-and-forward, the relevance of different queuing strategies like input vs. output buffering and the importance of virtual output queuing. The design choices needed to achieve the adequate level of flexibility to implement QoS, high availability, and high-performance switching will also be part of the discussion. In addition, this session explains how specific technology constraints affect the architecture of a storage networking product. For example, the session includes a discussion of how different architectural choices help to satisfy some basic requirements of storage networking such as data integrity and in-order delivery.

OPT-4052 Case Study: Cisco IT Storage Strategy William Williams Technical Level: 4 Rampant growth of data storage related to application enhancements and legislation enacted to ensure corporate governance and business continuance capabilities have joined forces to create many new and complex storage management challenges. The slow-down in capital spending (coupled with recent advances in storage technology) has formed a unique opportunity for technology leaders to deploy storage networks and to use storage networking technologies to lower the overall storage total cost of ownership (TCO), in turn increasing the corporation's bottom line. In this session attendees will: learn how Cisco manages 2.1 petabytes of storage worldwide and understand the steps required to build a utility-like storage service; learn how Cisco has deployed the Cisco MDS 9000 Series Multilayer Switch across its enterprise as an enabling technology for a storage utility architecture; understand the benefits of consolidation, reducing points of management to increase economies of scale and increase efficiencies; discover how to reclaim unused storage to lower the storage TCO and decrease the number and frequency of storage purchases; review the basic components of measuring storage TCO; and understand basic financial metrics such as return on investment (ROI) and net present value (NPV) for measuring return.

NMS-2301 Deploying Streaming Video Horst Dumcke Technical Level: 2 Delivering live or on-demand multimedia content enables enterprises to improve internal and external communication and reduce costs by taking advantage of existing data networks. This session covers the streaming multimedia technologies in detail and shows how to enable different streaming protocols using the Cisco Application and Content Networking System (ACNS). This session is built for those who plan to deploy or are already deploying and want to scale services for Windows Media Technologies, Real Networks, Quicktime, the Cisco IP/TV system, or the Internet Streaming Media Alliance (ISMA). Solutions for all these protocols in various network topologies using unicast or multicast delivery are discussed.

NMS-2302 Deploying Corporate Communications and E-learning James French Technical Level: 2 Customers that have been hesitant to deploy rich media e-learning applications and software distribution are no longer constrained by expensive limited WAN resources. They're also not constrained by the administrative overhead of deploying a general purpose server for video or a dedicated storage device. This session will focus on deploying e-learning and corporate communications. Initially, the session will review the standard multimedia request protocols, session protocols, and CODECs. We'll examine the various Cisco Content Engine video services including serving, caching, and splitting. Finally, we'll review what's involved in safely, efficiently, and securely acquiring and distributing corporate multimedia content using a Content Distribution Network (CDN). Finally, we'll learn about request routing methods so that client requests are intelligently routed to the best available Content Engine to service the request.

NMS-2304 Deploying Web Application Acceleration and Employee Internet Management James French Technical Level: 2 Every web object requested by your employees will cross the WAN or Internet link at least as many times as there are employees. In this session, we'll focus on deploying intranet caching edge servers to improve the enterprise branch web client experience for web enabled applications like Siebel, SAP, Oracle, JDE, and others. Similarly, we will examine Internet edge Employee Internet Management which enables enterprise customers to authenticate, content filter, and log Internet usage for policy enforcement. Finally, we'll look at common Internet proxy deployment models, tiered intranet and Internet web caching deployments, and securing the enterprise from worm propagation.

VVT-2030 Understanding IP Video Telephony and Audio and Data Conferencing Solutions David Morrison Technical Level: 2 This session will provide an overview of the technical components required for rich-media conferencing over an IP network with specific information about Cisco® CallManager 4.0 and Cisco MeetingPlace and how they operate in a Cisco IP Communications environment. Attendees at this session will be able to ascertain how these products might be beneficial to their organization, and can then follow the appropriate technology tracks to learn more about designing, deploying, and troubleshooting these products. Cisco CallManager 4.0 and Cisco MeetingPlace bring audio ,video and Web-based data collaboration to the desktop. Cisco MeetingPlace integrates with popular messaging applications such as Microsoft Outlook and Lotus Notes, while also offering future integration with instant messaging and presence applications, and video communications solutions.

VVT-2031 Designing and Deploying IP Video Telephony Networks Jonathan Roberts, Thomas Schepers Technical Level: 2 Video communication capabilities have been integrated into Cisco® CallManger 4.0. These capabilities extend a host of voice features to video, including hold, transfer, conference, call forwarding, integrated directories, and extensible markup language (XML) services. This session covers Cisco CallManager 4.0 video-related capabilities in depth, including a detailed explanation of how quality of service (QoS) should be deployed, which protocols are used (such as H.323, Skinny Control Client Protocol [SCCP], and Sessions Initiation Protocol [SIP]), how to integrate existing videoconferencing equipment, what monitoring and reporting capabilities are available, and which applications and endpoint solutions offer integrated video features. This session will also include a detailed discussion of the public branch exchange (PBX) system-like call routing functions in Cisco CallManager; including least cost routing, automatic alternate routing, and calling permission per user and device.

VVT-2032 Designing and Deploying IP-Based Audio and Web Conferencing Solutions Jonathan Roberts Technical Level: 2 This session will provide a detailed overview of the Cisco® MeetingPlace solution and what each component does. Other topics include how Cisco MeetingPlace integrates with the public switched telephone network (PSTN), traditional public branch exchange (PBX) systems, Cisco CallManager, Microsoft Outlook and Lotus Notes messaging and calendaring clients, and how to provide Web collaboration capabilities to your users.

VVT-3030 Troubleshooting IP Video Telephony Networks Kevin Mcmenamy Technical Level: 3 This session will discuss how to troubleshoot various aspects of an IP video telephony deployment, including SCCP Video endpoints, H.323 video endpoints, SCCP and H.323 Multipoint Conference Bridges, H.320 Gateways and H.323 Gatekeepers. We will review the troubleshooting tools available, including CallManager Trace files, Real-Time Monitoring Tool (RTMT), CDR Analysis and Reporting Tool (CAR), Sniffer traces, and much more. Finally, we will review many aspects of CallManager Administration/Configuration and how those administrative choices you make impact the way things operate. This will include discussions of bandwidth control through CallManager Regions and Locations, Dial Plan configuration caveats, Automatic Alternate Routing configuration choices, endpoint, MCU and gateway configuration choices, how to integrate H.323 Gatekeepers into CallManager by using H.225 Trunks, and more.

ACC-1000 Introduction to Layer 2 Transport and Tunneling Technologies (L2VPNs) Eric Matkovich Technical Level: 1 This session provides an in-depth analysis of the technologies available for the transport of Layer 2 frames across IP and Multiprotocol Label Switching (MPLS) cores. Focusing on the advantages of consolidated core networks, the course gives an overview of new technologies that will enable forwarding ATM, Frame Relay, Ethernet, and other encapsulations directly over IP-based cores. The presentation examines efforts being made in the IETF to standardize methods of Layer 2 transport for packet-switched networks (PSNs). A full discussion of the Cisco implementation of Any Transport over MPLS (AToM), Layer 2 Tunneling Protocol Version 3 (L2TPv3) , virtual private LAN service (VPLS), and Layer 2 interworking protocols is presented. We consider what problems they solve and some of the common challenges associated with these services.

ACC-2000 Layer 2 Transport and Tunneling (L2VPN) Application and Deployment Eric Matkovich Technical Level: 2 This presentation focuses on how layer 2 VPN technology is being applied by many service providers to enhance the use of their converged networks. Taking a case study approach to several deployment scenarios, the primary focus is on how ATM, Ethernet, and Frame Relay edge services can be deployed over packet-switched networks. This includes a discussion of tools that allow the service provider to offer Differentiated Services over a packet-based infrastructure. For a Multiprotocol Label Switching (MPLS) backbone, the presentation discusses how enhancements in traffic engineering and bandwidth protection can be used to provide tight service-level agreements (SLAs).

ACC-3001 Troubleshooting Layer 2 Transport and Tunneling (L2VPN) Technologies Dmitry Bokotey Technical Level: 3 This presentation focuses on troubleshooting of Layer 2 VPN technologies. Building on configuration experiences and review, and using a case study approach, Networkers learn how to troubleshoot scenarios that involve deployments of ATM, Ethernet, Point-to-Point Protocol (PPP), and Frame Relay over packet-switched networks (PSN). The case studies include Multiprotocol Label Switching (MPLS) and Layer 2 Tunneling Protocol Version 3 (L2TPv3) backbones and their specific troubleshooting techniques. In particular, the session presents case studies for interworking of different layer 2 technologies over Any Transport over MPLS (AToM), local switching examples of Ethernet to Ethernet, Frame Relay to Frame Relay, and local switching plus interworking with locally switched Frame Relay to ATM. This session is designed for engineers in charge of converged packet-switched network deployments. Networkers with an understanding of Cisco IOS Software configuration of WAN protocols as well as transport and tunneling technologies, including MPLS and L2TPv3, should attend.

RST-3606 Troubleshooting MPLS VPNs Rajiv Asati Technical Level: 3 As native IP networks are migrating into Multiprotocol Label Switching (MPLS)-based networks, the expertise required to troubleshoot such networks has taken a completely new approach. Understanding how MPLS labels and prefixes are attached, installed, and advertised is crucial to successful troubleshooting. Where and how Forwarding Information Base (FIB) and Label FIB (LFIB) tables fit in a MPLS VPN environment is one of the key elements to successful troubleshooting.This presentation begins with a brief introduction to MPLS VPN and the use of Multiprotocol BGP (MP-BGP), and offers in-depth MPLS VPN control plane and forwarding plane troubleshooting techniques with many real-life examples illustrated. Examples of problem resolutions include: FIB or LFIB related, Border Gateway Protocol (BGP) or MPLS, MPLS core or outside the core, control plane or forwarding plane, software or hardware, and what Cisco IOS Software show commands are helpful.

SEC-2011 Deploying Site-to-Site IPSec VPNs Dan Angst Technical Level: 2 This session addresses how to plan, design, and deploy site-to-site IP Security (IPSec) VPNs. It covers deployment of site-to-site VPNs, including the configuration of common designs using various topologies, products, and deployment technologies. Important concepts making VPN deployment practical such as dynamic peers, load balancing, high availability, and Dynamic Multipoint VPN (DMVPN)are discussed. Advantages and disadvantages for various device placement options and how they fit into the overall security policy are addressed. Common issues and solutions relating to IPSec interaction with Network Address Translation (NAT), generic routing encapsulation (GRE), IP maximum transmission unit (MTU), routing, and quallity of service (QoS) are offered. Case studies are provided to demonstrate site-to-site VPN deployment examples.

SEC-3011 Troubleshooting Cisco VPN 3000 IPSec and SSL Implementations Aamir Waheed Technical Level: 3 This session shows detailed techniques for troubleshooting Cisco VPN 3000 IP Security (IPSec) and Secure Sockets Layer (SSL) implementations. This presentation discusses the tools and techniques that can be used to troubleshoot the Cisco VPN 3000 while covering detailed descriptions of the logs, provides troubleshooting tips and resolution to common issues, and discusses case studies involving real-world scenarios.

SEC-4010 Advanced IPSec Deployments and Concepts of DMVPN Networks Michael Sullenberger Technical Level: 4 This session covers advanced IP Security (IPSec) VPN site-to-site design and deployment with a focus on scaling to very large IPSec VPNs. It begins with dual-hub Dynamic Multipoint VPN (DMVPN) solution designs, progresses to multihub DMVPN, and ends with very large scale hubs using the Cisco Catalyst 6500. The main focus is on design, deployment, and managment, with some in-depth description of the functioning of DMVPN. The course also covers specific issues when using DMVPN with Network Address Translation transparency (NAT-T), quality of service (QoS), Multiprotocol Label Switching (MPLS), and dynamic routing.

RST-2602 Deploying MPLS VPNs Zaheer Aziz, Rajiv Asati Technical Level: 2 This session covers the deployment of Multiprotocol Label Switching (MPLS) VPNs, specifically Layer 3 MPLS VPNs as defined in RFC 2547. Topics include a review of the basic MPLS and MPLS VPN configuration, MPLS VPN design, and deployment guidelines.

VVT-1001 Understanding ENUM Patrik Faltstrom Technical Level: 1 ENUM is a protocol that translates an E.164 number (also known as a "telephone number") into a list of URIs (Universal Resource Indicators). These URIs can be anything from other telephone numbers to SIP and e-mail addresses. This session explores the ENUM protocol in detail, use of the Domain Name System (DNS), and namespace definitions. This session concludes with an example deployment of SIP in a VoIP environment in which Cisco IOS Software-based gateways are used between Internet and PSTN. Also discussed will be gateways that use ENUM to translate from E.164 numbers to SIP URIs.

VVT-2000 Choosing the Correct Voice/Video Signaling Strategy: H.323 Craig Mulholland Technical Level: 2 This session examines the H.323 architecture and its use in building a multimedia infrastructure. The International Telecommunications Union (ITU) standard H.323 is the most widely deployed VoIP signaling standard in the world today. In this session the elements of the H.323 standard are briefly reviewed, and used to develop a VoIP network design. The inherent H.323 capabilities are examined, and best common practices to avoid potential problem areas are discussed. Security and address translation issues in an H.323 signaling architecture are highlighted. Logical designs for intercommunication between H.323 and other common VoIP signaling protocols such as MGCP, SIP, and Cisco's SCCP are developed to complete the view of signaling in today's multimedia network infrastructure.

VVT-2001 Choosing the Correct Voice/Video Signaling Strategy: MGCP/SIP James Polk Technical Level: 2 This session will describe the history, efforts, and status of the Session Initiation Protocol (SIP) and Media Gateway Control Protocol (MGCP), prefaced with an introduction to the Internet Engineering Task Force (IETF) Standards process to understand what is and is not an IETF Standard. Once that section is complete, a thorough examination of the core features and capabilities of SIP and MGCP is presented, including what the elements are for each protocol, what the call flows look like and what they reveal, and how the two protocols work together when a user of one protocol attempts to communicate with a user of the other protocol.

VVT-2002 Deploying Unified Communications in the Enterprise Peter Hansen, Shane Lisenbea Technical Level: 2 This session gives network engineers designing or deploying Unified Communications (using Cisco Unity software) in the enterprise environment direction to the planning process, and identifies clear and methodical ways for such design and implementation to occur. Supporting resources will also be discussed, as will some of the common pitfalls and the ways they can be avoided.

VVT-2003 IP Telephony Security Gregory Moore Technical Level: 2 This session will cover the technical details of securing voice over IP. This session will outline the methods and technologies for hardening of the infrastructure, operating systems, and endpoints, and will include an extensive discussion of certificate-based authentication and encryption of signaling and media streams.

VVT-2004 Designing Voice Enabled IPSec VPNs Joel King Technical Level: 2 This session covers planning and design issues as they relate to voice over IP, QoS, IPSec, and service provider implementations using Internet T1s, Frame Relay, and broadband (DSL and cable) links. The advantages and issues of deploying IPSec only, IPSec with GRE (a tunneling technology), GRE with dynamic crypto maps, and DMVPN (Dynamic Multipoint VPN) will be reviewed, as well as the performance characteristics of each option. The session will also address designing IPSec VPNs for high availability using dial-backup and multiple broadband links. Head-end redundancy and traffic load-balancing will also be reviewed. This solution covers details on the technology for deploying At Home Agent using Cisco IP Contact Center (IPCC), and design rules and best practices for an IPCC application will be also be discussed.

VVT-2005 Implementing Voice Enabled IPsec VPNs Joel King Technical Level: 2 This session is for enterprise customers interested in implementing a successful voice over IP (VoIP) over IPSec VPN deployment. Configuration examples will be reviewed for the typical deployment models (site to site, small office, and home office)using access methods of Frame Relay, Internet T1s, cable, and DSL. Basic Rate ISDN (BRI) and ASYNC dial backup configurations for small office, home office (SOHO) deployments will also be included. Performance data from internal testing will help guide the attendee on the selecting the appropriate product for the desired link speed and number of users. Troubleshooting techniques including use of Service Assurance Agent (SAA) and Netflow will be illustrated. A review of common problems and lessons learned from supporting customer and internal Cisco deployments will also be provided. Case studies of SOHO and site-to-site deployments over MPLS and IP Internet service providers will be reviewed.

VVT-2006 Emergency Services and IP Telephony Marc Linsner Technical Level: 2 Emergency services calling (9-1-1 in the United States and Canada) can be an important part of your IP telephony system. The mobility of an IP phone can cause problems for the emergency responders locating the caller. This session will provide an overview of the 9-1-1 network, connection options for 9-1-1 calling, and the effects on design considerations for your IP telephony implementation. Standards that are developing around emergency services will also be discussed.

VVT-2010 Applied Scripting for IP IVR/IPCC Express Duke Bond Technical Level: 2 This session will provide attendees examples of how to use the advanced interactive voice response (IVR) capabilities of the Cisco IPIVR and IPCC Express solutions. Advanced IVR capabilities covered include database integration, Automatic Speech Recognition (ASR), Text to Speech (TTS), Voice XML, Java, HTTP triggers, and e-mail generation.

VVT-2011 Internet Service Node (ISN) for IP Contact Centers Design Session Adam Mermel Technical Level: 2 This session familiarizes attendees with the principles of designing Cisco Internet Service Node (ISN) solutions for voice XML-based self-service interactive voice response (IVR), queuing, and call control applications. ISN deployment models, network design, call transfer methods, and call flows will be discussed, and attendees will review a sample ISN sizing exercise.

VVT-2012 Troubleshooting IP Contact Centers William Webb, Jason Ward Technical Level: 2 This session will include problem analysis and troubleshooting methodologies associated with the Cisco IPCC (Internet Protocol Contact Center) product suite. The attendee will experience step-by-step methodologies and tools that will help in understanding how to manage the IPCC environment. Highlights will include the new 5.0 ICM (Intelligent Contact Manager) Support Dashboard Tools.

VVT-2013 Designing IP Contact Centers: Resources, Servers, and Bandwidth Provisioning Mohammed Darwish Technical Level: 2 This session reviews traffic engineering principles and the use of Cisco authored traffic Erlang models (such as the IPC Resource Calculator) and other tools to determine required call center resources, server capacities, and bandwidth requirements. Attendees will learn how to determine the required number of agents, interactive voice response (IVR) ports, and gateway ports (PSTN trunks) using traffic calculators to meet required service levels. Topics include capacity sizing rules for determining the number of Cisco CallManager and Cisco IP Contact Center (IPCC) servers required. The session will highlight the Cisco IPCC application/real-time traffic flows; network quality of service (QoS), and bandwidth requirements between remote Cisco IPCC components deployed over a WAN.

VVT-2015 IP Contact Centers: Clustering Over the WAN (High Availability and Resiliency) Zachariah Hallock Technical Level: 2 This session will provide attendees with knowledge of the model for Cisco IPCC Enterprise high-availability clustering core components over the WAN. The session examines deployment model specifics including: layout and configuration of components and communication paths, component interaction across the WAN, network/bandwidth requirements and provisioning, call/messaging flows in normal and failure scenarios, design rules and best practices, and caveats and safe deployment rules.

VVT-2021 Designing and Deploying Business (Hosted or Managed) IP Voice/Data Services Helen Robison Technical Level: 2 The Cisco Business Voice Services Solution enables service providers to offer a portfolio of voice and data services over a common IP transport core to small and medium-sized business (SMB) and enterprise customers. This session discusses deployment models, VPN design for private and overlapping dial plans, routing logic examples, call flows, and scaling, billing, and high-availability considerations for service providers to manage or host core services such as business phone, site-to-site voice/data connectivity , centralized PSTN and Internet access. Other areas of focus include how the multiple deployment options interconnect in a unified architecture, the operations support system (OSS) overlay, Multiprotocol Label Switching (MPLS)-based network advantages and voice-over-IP (VoIP) applications. This session also includes a discussion of component options (e.g. call agents, gateways, Cisco Call Manager and Call Manager Express for H.323 IP phones, managed IADs and SIP IP phones), hosted versus managed service considerations, planning for end-to-end voice quality and security, and customer case studies.

VVT-3020 Troubleshooting IP Telephony Networks: Elements of Dial Plan Functionality Paul Giralt, Daniel Keller Technical Level: 3 The dial plan is at the very core of any telephony implementation and as such, is one of the most important and complex elements in IP telephony design. The role of the dial plan in IP telephony networks is to help users reach dialed destinations, provide the flexibility to select alternative routes based on route availability or cost where digit manipulation is required, and set calling policies based on users or groups. This session will provide an in-depth look at the functional primitives of dial plan functionality in the Cisco® CallManager, Cisco IOS® Software-based H.323 gateways, and Cisco IOS Software-based gatekeepers, such as: best match routing logic, dial plan wildcards, calling search spaces, partitions, route lists and route groups, digit manipulations, transformation masks, and other Cisco CallManager-based dial plan entries. This session will also address the dial peers matching process (inbound and outbound), POTS and VoIP dial peers configuration, Cisco IOS Software dial plan wildcards, matching on calling/called number, and other H.323 dial plan entries including gatekeeper address resolution involving tech prefixes, zone prefixes, and other dial plan entries.

VVT-3021 Troubleshooting IP Telephony Networks: Elements of CallManager Functionality Dustin Grant, Ramesh Kaza Technical Level: 3 This session will focus on troubleshooting techniques for Cisco® CallManager, with a strong emphasis on traces as generated by Cisco CallManager, Cisco IOS® gateways, and Cisco IOS gatekeepers. Analysis of traces allows elaboration of case studies describing the step-by-step progress of calls, including interactions between devices at call setup, voice conversation, and call tear-down. Protocol-level presentation of SCCP, H.323 and sub-protocols, Q.931, TFTP, DHCP will also be discussed. To augment the attendees' understanding of how to troubleshoot problems on an IP telephony network, case studies will be included to illustrate the function and protocol exchange on calls between SCCP Cisco IP phones, MGCP gateways, H.323 gateways, gatekeepers, and Cisco CallManager systems.

VVT-4000 Advanced SIP Session James Polk Technical Level: 4 This session will delve deep into the Session Initiation Protocol (SIP) features and functionality. As an augmentation to VVT-2001 "Understanding SIP and MGCP, this session will more thoroughly cover such SIP functionality as signal flows for each SIP Request (14 total), capabilities such as Security considerations (involving IPsec, TLS, S/MIME, Digest, SIPFRAG and Asserted Identity), Preconditions (involving the use of RSVP), Firewall Traversal using STUN, Content Indirection, and look at the challenges involved in providing services such as Location Conveyance and an e911/112-like service.

VVT-4001 Advanced Dial Plan Design for IP Telephony Networks Luc Bouchard, Gregory Edwards Technical Level: 4 This session provides detailed dial-plan design guidelines for each of the Cisco® IP telephony deployment models based on Cisco CallManager, with recommended best practices to help ensure successful, scalable deployments. The dial plan is one of the most important and complex elements in IP telephony design, providing a way to for users to reach dialed destinations, delivering the flexibility to select alternative routes based on route availability or cost, and establishing calling policies based on users or groups. This session will address the various dial plan tools available in Cisco CallManager and Cisco IOS® Software, such as: route patterns; translation patterns for digit manipulation; dial plan interaction with PTSN gateways; Class of Restriction (COR) dial peers; translation rules in Cisco IOS® Software; and intercluster calls through an H.323 gatekeeper. This session will also cover how to best use these tools to deal with real-world deployments. The main focus of this session is on system design, with some implementation aspects.

VVT-4002 Advanced Preferential IP Telephony Services for the Internet Frederick Baker Technical Level: 4 Today's governments and military organizations use a telephone system service designed to prioritize calls. This capability is designed to help ensure that specific authorized people or command and control offices can place calls when the system is completely overwhelmed with calls. In the United States, these services area called the Government Emergency Telecommunications Service (GETS) and Multilevel Preemption and Precedence (MLPP), respectively. The services that are included in this effort extend beyond basic telephone and other real-time data services to include non-real-time (otherwise referred to as "elastic") data transmission services. In addition, similar services have been required on the Internet in response to the growing perception of the Internet as a critical communications infrastructure. The session includes discussion of what happened on the Internet on September 11, 2001 (and around other major outages), the kinds of services being called for, the issues that such services face in their design and deployment, and current recommendations on how to deploy them.

ACC-3000 Troubleshooting WAN Protocols in Cisco IOS Mark Atkins Technical Level: 3 This session focuses on troubleshooting commonly deployed WAN protocols on Cisco IOS Software based enterprise platforms. Building on their configuration experiences, participants learn how to troubleshoot scenarios such as "interface up, but line protocol down," "red, yellow, and blue alarms," "link up, but cannot pass traffic," "CRC errors on an ATM interface," and data-link connection identifier (DLCI) mapping problems. In addition to Layer 2 WAN protocols, this session also focuses on how to troubleshoot Layer 1 WAN problems arising on T1/T3 (T-carriers) and SONET lines such as "red, yellow, and blue alarms," "loopbacks," and "RDI and AIS alarms."

NMS-4012 MPLS Embedded Management Tools Muhammad Moizuddin, Mukhtiar Shaikh Technical Level: 4 Fault management and diagnosis is a challenge in MPLS networks due to the separation of control plane and data plane. Several tools are available to detect control and data plane failures. This toolset has been expanded recently to include data plane liveliness check for Label Switched Path (LSP), Traffic Engineered (TE) tunnels and pseudo wires. This presentation discusses the tools available for diagnosis and management of faults in control and data plane. It discusses capabilities such as VPN Routing and Forwarding (VRF) Aware Ping, Traceroute, LSP Ping, Trace and Virtual Circuit Connection Verification (VCCV) for comprehensive embedded fault management and diagnosis of network elements. Also covered would be Service Assurance Agent (SA Agent) to measure end to end Service Level Agreements (SLA) and benefits of Netflow in MPLS environment.

RST-1601 Introduction to Multiprotocol Label Switching (MPLS) Azhar Sayeed Technical Level: 1 This session introduces Multiprotocol Label Switching (MPLS) and its various uses, including traffic engineering, VPNs, quality of service (QoS), MPLS Transport, and virtual leased lines. Basic MPLS terminology and concepts are covered, such as label forwarding, Resource Reservation Protocol (RSVP) and Label Distribution Protocol (LDP), Label-Switched-Path (LSP) setup, Fast Reroute (FRR) protection, Differentiated Services Traffic Engineering (DS-TE), and MPLS management. This session also examines the motivations for deploying MPLS in a service provider's network and how an enterprise customer can access and benefit from such a deployment.

RST-1607 QoS in MPLS Networks Santiago Alvarez Technical Level: 1 Differentiated Services (DiffServ) can be implemented on IP and Multiprotocol Label Switching (MPLS) networks to provide quality of service (QoS) for Layer 3 or Layer 2 traffic. MPLS DiffServ can extend the IP DiffServ mechanisms to allow service providers to deliver QoS-based service without impacting the customer's QoS. MPLS QoS combined with MPLS Traffic Engineering can be a powerful tool for delivering QoS on packet networks. This presentation details MPLS DiffServ and all the QoS modes with short pipe, pipe, and extended pipe mode. It also explores DiffServ-Aware Traffic Engineering and Inter-AS QoS that can deliver better QoS to end customers.

RST-2603 Deploying MPLS Traffic Engineering Eric Osborne Technical Level: 2 Service providers now have the ability with Multiprotocol Label Switching (MPLS) Traffic Engineering to constrain network traffic to certain paths. MPLS Traffic Engineering gives service providers a way to take greater control of resources in the network, enabling them to bypass congested resources in a network, load balance across unequal-cost paths, provide protection against node and link failures, prevent oversubscription of delay-sensitive traffic (such as voice traffic), and override decisions made by the Interior Gateway Protocol (IGP). This session covers the "what, how, and why" of MPLS Traffic Engineering. It also covers the areas of network design and scalability, as well as providing some handy deployment tips for those who are ready to take control of their network.

RST-2606 Understanding Convergence in MPLS VPN Networks Muhammad Moizuddin, Mukhtiar Shaikh Technical Level: 2 Convergence in a Layer 3 VPN (L3VPN) environment can be defined as the time it takes for the traffic to be restored between VPN sites when a new site comes up, a new prefix is advertised, or a better path is advertised for an existing prefix, resulting in recomputation and advertisement of the best path. This is referred to as up convergence. Similarly, how fast the prefixes are withdrawn from the VPN sites after a failure in the network occurs to minimize the black holing of traffic is referred to as the down convergence. This session explains. in depth. various tunable variables that affect both the up convergence and down convergence in Multiprotocol Label Switching (MPLS) L3VPN networks. The session provides best practices for parameter tuning for better convergence in MPLS L3VPN networks. The following provider edge-customer edge protocols are covered as part of this presentation: Open Shortest Path First (OSPF), Border Gateway Protocol (BGP), Routing Information Protocol (RIP), and external BGP (eBGP).

RST-3605 Troubleshooting MPLS Networks Yousuf Hasan Technical Level: 3 Many service providers have deployed MPLS using LDP (Label Distribution Protocol) a protocol primarily used for allocating/exchanging labels for the IGP routes. Because an MPLS network builds upon the IP network and then helps to bypass IP forwarding inside the MPLS network, the day-to-day problems are no longer simply IP problems. Hence, it becomes crucial to understand the MPLS troubleshooting techniques to be able to resolve day-to-day problems. The presentation will cover topics in both the control plane and the data plane. For the MPLS Control Plane we will discuss LDP implementation and contrast it with TDP, the interaction of various tables (RIB, FIB, LIB, LFIB, etc.). On the MPLS Forwarding Plane side, we will examine different labels and their usage, explain load sharing and fragmentation in MPLS. For both we will show a list of helpful Cisco IOS commands, review troubleshooting tips illustrated with real life examples.

RST-4512 Current Methods and Issues for High-Performance TCP Flows Lawrence Dunn Technical Level: 4 Now that a large number of high-speed wide-area networks have been deployed, network designers and application developers and users are often frustrated when their uncongested 100-Mbps network achieves only 5 - 10 Mbps for individual file transfers. This session examines the underlying causes for such performance issues, surveys current and proposed methods for improving TCP behavior, and offers practical advice for network designers and operators who are attempting to understand and correct performance issues. Topics include: TCP dynamics review, available instrumentation (web100, net100), buffer tuning, revitalizing path maximum-transmission-unit (MTU) discovery, alternative TCP stacks (HS-TCP, FAST, scalable TCP), experimental results, and case studies.

RST-4607 Advanced Topics and Future Directions in MPLS Bruce Davie Technical Level: 4 This course covers numerous advanced topics and recent developments in Multiprotocol Label Switching (MPLS), starting with an overview of the recent MPLS standardization activities in the IETF. The session then provides a detailed examination of the latest developments in many important areas: - Traffic engineering, including inter-area and inter-AS traffic engineering - Layer 2 VPNs, including virtual private LAN service (VPLS), and the signaling and discovery protocols for Layer 2 VPNs (Border Gateway Protocol [BGP], Label Distribution Protocol [LDP]) - Quality of service (QoS), including DiffServ-aware traffic engineering (DS-TE), new forwarding mechanisms to support quality of service (QoS), and QoS for Layer 2 VPNs - Fast reroute, including bandwidth protection on backup tunnels

RST-4608 New Developments in Pseudowires George Swallow Technical Level: 4 The basic IETF specifications for pseudowires are nearly complete, enabling ATM, Frame Relay, and circuit emulation over Multiprotocol Label Switching (MPLS). So what is next? After a brief overview of pseudowires to set the context, this course covers interworking existing ATM and Frame Relay permanent virtual circuits (PVCs) with MPLS; operations, administration, and maintenance (OA&M) for pseudowires; interworking pseudowire OA&M with ATM and Frame Relay OA&M; and giving quality-of-service guarantees to pseudowires.

SEC-2007 Internet Service Provider Security Best Practices Pavan Reddy Technical Level: 2 As the Internet grows in importance to global commerce, security becomes a paramount requirement. Security incidents are increasing, particularly direct infrastructure attacks, and service providers need to secure their backbones to protect their customers and maintain the overall stability of the global Internet. This session focuses on the foundational requirements necessary to improve service provider backbone security. It provides an overview of features and techniques available to service providers to help improve security by "hardening" the core network. A review of service provider security best practices, routing protocol security recommendations, and features to mitigate direct infrastructure attack is included. Finally, deployment of specific features and how those features can be used to improve backbone security is discussed.

SEC-2008 Service Provider Responses to Denial-of-Service Attacks Paul Quinn Technical Level: 2 Denial-of-service (DoS) attacks and worms have become a daily occurrence for most service providers. The frequency and complexity of these attacks are increasing, and service providers need to be prepared to react effectively to this barrage. A security toolkit has been developed to combat these attacks. This toolkit divides DoS responses into distinct categories and associated techniques such as attack identification, traceback, and reaction. This session reviews this toolkit and discusses how service providers can use the techniques to effectively respond to large-scale attacks.

ACC-1010 Introduction to 802.11 Wireless Networks Michael De Leo Technical Level: 1 This session provides an introduction to wireless IEEE 802.11 LAN technology. Participants receive an introduction to wireless radio characteristics, fundamental concepts, government regulation, basic IEEE 802.11 architecture, media access control (MAC), modulation techniques, and the differences between IEEE 802.11 technologies.

ACC-1011 Introduction to Wireless Mobile Networks Lawrence Searcy Technical Level: 1 Whether the vehicle is a first responder, a commuter train, a service truck, or a bus, having constant data and voice communication within mobile environments allows for capabilities never before possible. This session covers what a Wireless Mobile Network (WMN) architecture is, a brief overview of Mobile IP, and an example of how one is implemented. Networkers will learn the different technologies that make up a WMN and eliminate the need for installation of any special software on the locally connected devices (laptops, etc.) in the mobile environment.

ACC-2010 Deploying Mobility in High Availability Wireless LANs Jake Woodhams Technical Level: 2 The Cisco Structured Wireless Aware Network (SWAN) is an innovative approach to delivering 802.11 WLAN awareness in a Cisco infrastructure. Cisco SWAN delivers features such as fast, secure mobility, RF medium control and security, and simplified operational management by taking advantage of advanced intelligence in Cisco IOS Software and innovative management tools such as the Cisco Wireless LAN Solution Engine (WLSE). This in-depth session investigates the Cisco SWAN components down to the packet transfer level, covering setup and theory of operations and providing best practices for design, deployment, and operations.

ACC-2011 Deploying Secure Wireless LANs Darren Douglas, Sriganeshan Sundaralingam Technical Level: 2 This session focuses on best practices and guidelines for deploying secure wireless LANs (WLANs). WLAN security vulnerabilities and threats along with design and deployment criteria for securing WLAN networks are discussed. Latest developments and enhancements in WLAN security (such as Wi-Fi Protected Access and 802.11i) are included as part of this discussion. Topics covered include how to select authentication types (Cisco Extensible Authentication Protocol [LEAP], Protected Extensible Authentication Protocol-Generic Token Card [PEAP-GTC], PEAP-Microsoft Challenge Handshake Authentication Protocol Version 2 [PEAP-MS-CHAPv2], Transparent LAN Services [TLS], Tunneled TLS [TTLS], IP Security [IPSec], etc.); how to select encryption protocols (RC4, Advanced Encryption Standard [AES], and Triple Digital Encryption Standard [3DES]); key management (unicast/broadcast); authentication, authorization, and accounting [AAA] server scaling for EAP and 802.1x deployment; and redundancy for AAA, Dynamic Host Configuration Protocol (DHCP), and Domain Name System (DNS) services. Example enterprise, small and medium-sized business, and industry vertical deployments are examined as well.

ACC-2012 Design and Deployment of Outdoor Wireless LAN/Bridging Networks Jonathan Leary Technical Level: 2 This session about outdoor 802.11 wireless network design includes an overview and deployment of wireless bridging. The application of outdoor 802.11 networks for metropolitan mobile networks, public access, and enterprise bridging are presented. Topics discussed include the transport of data and voice over wireless bridge links; outdoor wireless network design guidelines, including site surveys, antenna selection, and alignment; troubleshooting; propagation; and interference. Real world case studies drawn from various industries are discussed.

ACC-2013 Wireless LAN and Cisco Voice Deployment Recommendations Jason Romanosky, Matthew Stein Technical Level: 2 With the advent of adding voice to predominantly data wireless networks, site surveys and wireless deployments have to be adjusted. Just as new standards were required for wired telephony, so too have standards been updated for wireless telephony. Many of these standards have only recently been solidified. This session addresses many of the recommended standards needed to successfully deploy Cisco 7920 wireless phones and a voice-capable wireless network. These recommendations encompass RF site surveys, configuration of access points, phones, Cisco CallManager, and access control servers (ACSs).

ACC-2014 Designing & Deploying Public Wireless LANs Sherelle Farrington Technical Level: 2 This session describes how to design and deploy public wireless networks. The session focuses on the architectures and design factors to consider for deployment of a public wireless network. Networkers will learn about the current market trends, subscriber ease of use, security considerations, access control, delivery of high-value services, location-based context and branding, roaming, scalability, availability and more. Network deployment models implemented by Cisco customers worldwide are discussed, as well as the key features implemented to deliver a high-quality service.