6 of 6 people found the following review helpful:
4.0 out of 5 stars
Great Service Provider VPN resource, March 9, 2005
This review is from: Troubleshooting Virtual Private Networks (VPN) (Hardcover)
I recently read the book titled "Troubleshooting Virtual Private Networks" by Mark Lewis. ISBN: 1587051044. This title covers Virtual Private Networking of many flavors. The term Virtual Private Network is a term used very loosely in the industry, so it's good to clarify the 'type' of VPN that's covered in this book. The type of VPN's covered in this books are essentially network based VPNs. The reason I mention this is because some folks call a software utility named SSH a form of VPN. Others stretch the term and call the use of HTTP over Secure Socket Layer (SSL) a VPN. To me the network layer VPN is the only true VPN and are the type covered in this title.
The book covers all the major protocols used to accomplish VPNs. From the Cisco proprietary Layer 2 Forwarding protocol to Microsoft's Point-to-Point Tunneling Protocol to the more widely deployed IP Security (IPSEC) Protocol. There is a wealth of information cover Layer 2 Tunneling Protocol (L2TP) and its variation. The authors' goal was to compile as much useful information into one text covering all type of VPN flavors. The author, for the most part, has succeeded in developing a great one-stop reference for Network Layer VPNs.
The author wastes little ink when covering a given protocol. The organizations of the sections are very well laid out. Each section takes you from the fundamentals of the protocol, to configuration and finally troubleshooting the technology. The format makes for an excellent representation of each technology.
There are plenty of protocol diagrams, supporting figures and tables to augment the text. I found the debug and screen output that where used in most all the sections very useful in understanding what to expect when troubleshooting and applying the techniques yourself.
I think this book is best suited for Service Provider Network Engineers responsible for developing and maintain VPN solutions. Enterprise Engineers will also find valuable information in the text as well. However, the majority of the protocols covered in the title are typically used in the Service Provider space.
I found the chapters that covered MPLS Layer 3 VPN and Any Transport over MPLS Based VPNs very interesting. The author explains the technologies very well. It really made me think outside of my box. Those chapters expanded my thinking.
You won't find information pertaining to Cisco VPN Concentrators in this title.
There are two appendices in the book that augment the book's wealth of information on VPNs. The first appendix has Review questions and answers for each chapter covering the different VPN technologies. This section is a great source of reference for review or even picking up key notes. The other appendix contains lab configurations that the reader can build to reinforce the technologies learned in the book. This depends on the lab equipment available to the reader. Most of the equipment is common and likely that anyone with a few pieces of equipment can workup most of the labs. There are a few labs that call for ISDN interfaces, but the reader can be creative and work around it in order to get the idea of the technology.
Over all this is a good title. Enterprise Professionals may find more useful information in the title "Network Security Principles and Practices (CCIE Professional Development)" by Saadat Malik. ISBN: 1587050250.
Help other customers find the most helpful reviews
Was this review helpful to you? Yes
No
8 of 9 people found the following review helpful:
5.0 out of 5 stars
Fun with Tunneling, July 4, 2004
This review is from: Troubleshooting Virtual Private Networks (VPN) (Hardcover)
Troubleshooting VPNs by Mark Lewis (Cisco Press, 2004) demystifies the major protocols used to create Virtual Private Networks. VPNs use a form of encapsulation called tunneling, or additions to packets or frames to make them distinguishable as part of a unique connection, to transmit different protocols or encrypted data across the wide area network.
The cost savings over dedicated leased line access-extended connectivity with potentially more bandwidth for less money-were compelling from the start, and the standardization process to secure VPNs and make them easier to implement moved quickly. But VPNs also meant that many disparate protocols (PAP/CHAP, LCP/NCP, ATM, IP) with many different functions (authentication, negotiation, and transport) would have to play together in new ways. The inevitable free-for-all that results from these "forced parties" has opened up a world of opportunity for network engineers with troubleshooting skills. That's where this book comes in to help.
The book begins by establishing some basic rules of thumb for VPN troubleshooting. These include bottom up and top down troubleshooting (the "up" and down" parts refer to the OSI stack) and end-to-end analysis of "what might have gone wrong where." Then the book moves on to quickly address older, less secure VPN-creation methods such as Point to Point Tunneling Protocol (PPTP), which is widely used for dial access, and Layer 2 Forwarding (L2F), before continuing on to more common protocols such as such as Layer 2 Tunneling Protocol (L2TP), IP Security (IPSec), Multi Protocol Label Switching (MPLS), and an emerging practice to adapt existing WAN protocols (especially ATM but also PPP and HDLC) to MPLS called Any Transport over MPLS (AToM).
For every protocol discussed, the book introduces the technology in some depth for those who might have only a cursory knowledge of what they're getting into. It offers deep detail on control messages, connection and session establishment, configuring and maintaining the VPN tunnel, and (of course) troubleshooting common failure scenarios known to occur with these technologies. All topics include a detailed glossary of common troubleshooting commands (show and debug), with tips on how to employ them and caveats on what to watch out for in terms of the amount of output they might generate or the effect they might have on the devices they are executing on.
In addition to very descriptive visuals walking you through such complex inner-workings as tunnel setup sequences (from initial channel establishment, through negotiation and authentication, and on to frame forwarding) the author has devised detailed troubleshooting flowcharts for every major VPN technology. These flowcharts include questions you should ask yourself while fixing a broken configuration; for instance, a PPTP flowchart instructs you to ask (in order, working up the stack) if LCP negotiation, PPP authentication, and NCP negotiation was successful. In working up through the data link sublayers in this way, any answer of "No" or "Not Sure" sends you to a section describing how to verify or correct what is happening at that sublayer.
Similarly, for AToM VPNs, you are asked whether CEF (required for MPLS) is enabled for internal (LSR) routers, and then whether MPLS and LDP are correctly enabled on these routers as well. A "Not Sure" sure answer directs you where to correct the problem.
Of course, there is an art to troubleshooting, and these flowcharts are guidelines rather than something that can be automated. But they are very well thought out, and combined with some practice and experience on the learner's part, can help foster a very strong knowledge of how to debug these tricky technologies.
For those who have the resource to set them up and the time to do them, there are labs with some invaluable assistance on handling common configurations gone wrong. The problems include incorrect IP addressing, password or protocol mismatches, or access lists blocking a needed protocol. The MPLS labs are especially useful, as there are a lot of dependencies on a successful MPLS VPN: MPLS itself has to be fully operational and stable before the VPN routing and forwarding (VRF) tables are established.
In describing the different protocols, the book ultimately illustrates some of the tradeoffs between Layer 2 and Layer 3 VPNs. Things have moved rapidly from L2F forwarding to IPSec and MPLS based services; however, Layer 2 VPNS (via L2TP) will continue to be developed because they're so much easier to implement and maintain and because they scale adequately and satisfy the requirements for most customer applications.
The need for Layer 3 comes into play when there's a large number of very small sites, but the tradeoff of a Layer 3 VPN service is that providers need to keep with changes in a customer's routing tables-a potentially costly operations expenditure. To automate some of the transfers of information needed at layer 3, a protocol called Multiprotocol BGP (MP-BGP) was developed for Layer 3 VPNs. This advertises customer routes and associated labels in the MPLS environment. The book includes a section on troubleshooting these Layer 3 VPNs with a variety of interior gateway protocols (RIPv2, EIGRP, or OSFP) working with the EGP. The nuts and bolts of multicast VPNs, another Layer 3 technology that facilitates one to many applications such as distance learning or conferencing, are also covered.
This book is entirely service provider focused - this makes sense considering the subject matter, but there are many separate issues in the enterprise arena that are not covered here. By and large, these are probably simpler problems, and might not warrant this level of treatment. They also include other devices such as VPN concentrators and the unique problems of terminating different VPN types (remote access versus site to site) in the enterprise edge, and positioning these termination solutions with a firewall or a server farm. Whether this belongs in another book (which would be my vote) or as a separate chapter here is a judgment call and doesn't take away from the quality of what is covered in the book, but rather just stands out as an open question.
Simply put, the numerous examples in this book are well thought out and acutely illustrative of real world problems, and the author always walks through detailed scenarios on how to solve them. Lewis is a CCIE who works in the service provider space and specializes in VPN technologies; the material in this book is clearly based on his experience and he has taken the trouble to make it as accessible as possible. Given the technical depth and how relatively new much of this material is, combined with the pressing need for expertise in troubleshooting VPNs in the service provider arena, this book gets five stars out of five.
Help other customers find the most helpful reviews
Was this review helpful to you? Yes
No
3 of 4 people found the following review helpful:
5.0 out of 5 stars
Specifically intended for the use of network engineers, October 10, 2004
This review is from: Troubleshooting Virtual Private Networks (VPN) (Hardcover)
Troubleshooting Virtual Private Networks presents by computer hardware and software expert Mark Lewise is a 1000 page systematic troubleshooting methodology "how to" manual specifically intended for the use of network engineers, administrators, and architects tasked with managing and deploying Cisco IOS VPNs. With eight self-contained chapters organized and designed to facilitate rapid and straightforward troubleshooting, Troubleshooting Virtual Private Networks provides detailed information on addressing all common and not-so-common issues associated with IPSec VPNs, MPLS Layer-3 VPNs, any transport over MPLS (AToM)-based Layer-2 VPNs, L2TP Version 3 (L2TPv3)-based Layer-2 VPNs, L2TP Version 2 (L2TPv2) VPNs, PPTP VPNs, and L2F VPNs. Troubleshooting Virtual Private Networks not only shows the user how to correct problems but also how to avoid them in the first place with expert VPN configuration guidance and optimization tips.
Help other customers find the most helpful reviews
Was this review helpful to you? Yes
No
