ARCH v3.0 - Designing Cisco Network Service Architectures

Networking/Server/Operating Systems
  LearnITAnytime Online Subscription (1 Year Subscription - $195.00)
  IT Online Library (1 Year Subscription - $1595.00)
  Private Mentoring 3 Hours ($225)
If quantity is more than 1, Please add all Attendees' Names /Voucher #/ Learning Credit below separated with a comma. If not specified, we will contact you prior to the class start date. Special Instructions

Designing Cisco Network Service Architectures (ARCH) v3.0 course will discuss design of internal routing, BGP routing, WAN, data center connectivity, security, QoS, transition to IPv6, and multicast.

Note:Students registering for this course will be receiving their course kit in a digital format. To be able to view your digital kit you will need to bring a laptop PC and/or a compatible iPad or Android tablet, the recommended system requirements and instructions to access the course kit content can be found at the following link:  Digital Course Kit Requirements and Instructions
Please also be aware that this digital version is designed for online use, not for printing. You can print up to 10 pages only in each guide within a course. Please note that every time you click the Print button in the book, this counts as one page printed, whether or not you click OK in the Print dialog.
If you have any questions or issues with meeting the recommended requirements, please contact us at to discuss.


Upon completing this course, the learner will be able to meet these overall objectives:

  • Design enterprise connectivity and high-availability
  • Design enterprise BGP connectivity
  • Design enterprise WAN connectivity
  • Design enterprise data center integration
  • Design security services in an enterprise network
  • Design QoS for optimized user experience
  • Design enterprise transition to IPv6
  • Design enterprise multicast network


To gain the prerequisite skills and knowledge, learners must have the CCNA, CCDA, BCMSN, and BCSI certifications.

  • Operate LANs with multiple switches, configure VLANs, trunking, spanning tree, DHCP, and port aggregation within Campus network
  • Configure and troubleshoot IPv4 and IPv6 routing within a Enterprise network (static, EIGRP, multi-area OSPF, and RIPng)
  • Implement enterprise Internet connectivity (static routes and intermediate BGP)
  • Implement route redistribution using filtering mechanisms
  • Implement path control using policy based routing and IP SLA
  • Implement First Hop redundancy in IPv4 and IPv6 environments
  • Secure campus network according to recommended practices
  • Describe and apply network design methodologies
  • Describe and apply network design concepts of modularity and hierarchy
  • Design a resilient and scalable Campus network
  • Design a resilient and scalable connectivity between parts of your Enterprise network
  • Design connectivity to the Internet and internal routing for your network
  • Integrate collaboration and wireless infrastructure into your core network
  • Create scalable IPv4 and IPv6 addressing

It is highly recommended that this course be taken after the following Cisco courses:

  • Implementing Cisco IP Switched Networks v2.0 (SWITCH v2.0)
  • Implementing Cisco IP Routing v2.0 (ROUTE v2.0)
  • Troubleshooting and Maintaining Cisco IP Networks v2.0 (TSHOOT v2.0)
  • Designing for Cisco Internetwork Solutions v3.0 (DESGN v3.0)

Who Should Attend

The target audience for the ARCH course consists of individuals seeking the Cisco Certified Design Professional (CCDP) certification. The course is also targeted at pre-sales and post-sales network engineers involved in the Enterprise network design, planning and implementation. (The post-sales network engineers involved in the implementation will be involved in providing feedback to the pre-sales network engineers and correct possible design flaws).


Module 1: Enterprise Connectivity and High-Availability

    Lesson 1: EIGRP Design Considerations
    • Scaling EIGRP Designs
    • EIGRP Fast Convergence
    • EIGRP with Multiple Autonomous Systems
    • Reasons for Multiple EIGRP Autonomous Systems
    • Bidirectional Forwarding Detection
    • EIGRP Graceful Restart/NSF Fundamentals
    • EIGRP Hierarchical Design Basics
    • Creating Choke Points
    • EIGRP Two-Layer Hierarchy
    • EIGRP Three-Layer Hierarchy
    • EIGRP Hub and Spoke Design
    • Summarization Challenges: Black Holes
    • Summarization Challenges: Suboptimal Routing
    • EIGRP Hub and Spoke Scaling
    • EIGRP Stub Leaking
    • Case Study: EIGRP DMVPN
    • EIGRP DMVPN Scaling
    • Summary

    Lesson 2: OSPF Design Considerations

    • Factors Influencing OSPF Scalability
    • OSPF Scalability: Adjacent Neighbors
    • Routing Information in the Area and Domain
    • OSPF Scalability: Routers in an Area
    • OSPF Scalability: Areas per ABR
    • Designing Areas
    • OSPF Hierarchy
    • Area and Domain Summarization
    • OSPF Full Mesh Design
    • OSPF Hub-and-Spoke Design
    • OSPF Hub-and-Spoke ABR Placement
    • Number of Areas in OSPF Hub-and-Spoke Design
    • OSPF Hub-and-Spoke Network Types
    • Improving OSPF Convergence
    • Bidirectional Forwarding Detection
    • OSPF Event Propagation
    • OSPF Event Processing
    • OSPF Flood Reduction
    • OSPF Database Overload Protection
    • Summary

    Lesson 3: IS-IS Design Considerations

    • Overview of IS-IS
    • IS-IS Hierarchical Design
    • IS-IS Characteristics
    • IS-IS Router and Link Types
    • IS-IS Adjacencies
    • Integrated IS-IS Routing
    • Similarities Between IS-IS and OSPF
    • OSPF and IS-IS Characteristics
    • Integrated IS-IS vs. OSPF: Area Design
    • Case Study: IS-IS Addressing
    • IS-IS Packets
    • IS-IS Information Data Flow
    • Case Study: IS-IS Routing Logic
    • Route Leaking
    • Route Leaking Loop Prevention
    • Asymmetric vs. Symmetric IS-IS Routing
    • IS-IS Network Types
    • IS-IS Operations
    • IS-IS LSP Flooding
    • IS-IS LSDB Synchronization
    • IS-IS Design Considerations
    • IS-IS Summarization
    • Integrated IS-IS for IPv6
    • IS-IS Single Topology Restrictions
    • Multitopology IS-IS for IPv6
    • Summary

    Lesson 4: Module Summary

    • References

    Lesson 5: Module Self-Check

Module 2: BGP Design

    Lesson 1: Designing IBGP Sessions
    • IBGP Scalability Issues
    • IBGP Scalability Solution: Route Reflectors
    • BGP Route Reflector Definitions
    • IBGP Scalability Solution: Confederations
    • Comparing BGP Confederations to BGP Route Reflectors
    • BGP Split-Horizon Rule
    • Route Reflector Split-Horizon Rule
    • BGP Split-Horizon Rules: Refresher
    • Redundant Route Reflectors
    • Route Reflector Clusters
    • Route Reflector Clusters: Cluster ID
    • Additional Loop-Prevention Mechanisms
    • Loop-Prevention: Cluster-List
    • Network Design with Route Reflectors
    • Hierarchical Route Reflector Design
    • Potential Network Issues
    • Summary

    Lesson 2: Designing BGP Communities

    • BGP Communities
    • Using BGP Communities
    • Case Study: Steps for Designing a BGP Solution Around BGP Communities
    • BGP Named Community Lists
    • Summary

    Lesson 3: Load Sharing

    • Single-Homing vs Multi-Homing
    • Dual-Homing and Multi-Homing Design Considerations
    • Load Sharing: Single-Homed, Multiple Links
    • Load Sharing: Dual-Homed to One ISP, Single Local Router
    • Load Sharing: Dual-Homed to One ISP, Multiple Routers
    • Load Sharing: Multihoming with Two ISPs, Single Local Router
    • Load Sharing: Multihomed, Two ISPs, Multiple Local Routers
    • Summary

    Lesson 4: Module Summary

    • References

    Lesson 5: Module Self-Check

Module 3: Wide Area Networks Design

    Lesson 1: Service Provider Managed VPNs
    • Choosing Your WAN Connection
    • Layer 3 MPLS VPN
    • MPLS/VPN Architecture
    • PE Router Architecture
    • Route Distinguishers
    • Route Targets
    • Using EIGRP as the PE-CE Routing Protocol
    • Using OSPF as the PE-CE Routing Protocol
    • Using BGP as the PE-CE Routing Protocol
    • Case Study: MPLS/VPN Routing Propagation
    • Forwarding in MPLS VPN
    • VPWS Overview
    • VPWS Design
    • VPLS Design
    • VPLS vs. VPWS
    • Summary

    Lesson 2: Enterprise Managed VPNs

    • Enterprise Managed VPNs Overview
    • GRE Overview
    • Multipoint GRE Overview
    • IPsec Overview
    • IPsec and GRE
    • IPsec and Virtual Tunnel Interface
    • IPsec and Dynamic VTI
    • GETVPN
    • DMVPN Overview
    • DMVPN Phase 1
    • DMVPN Phase 2
    • DMVPN Phase 3
    • Case Study: MPLS/VPN over GRE/DMVPN
    • DMVPN and Redundancy
    • SSL VPN Overview
    • FlexVPN Overview
    • FlexVPN Architecture
    • FlexVPN Capabilities
    • FlexVPN Configuration Blocks
    • Summary

    Lesson 3: WAN Resiliency Design

    • WAN Remote-Site Overview
    • Common MPLS WAN Design Models
    • Common Layer 2 WAN Design Models
    • Common VPN WAN Design Models
    • 3G/4G VPN Design Models
    • Remote-Site Using Local Internet
    • Remote-Site LAN
    • Case Study: Redundancy and Connectivity Use Cases
    • Basic Traffic Engineering Techniques
    • IWAN Solution Overview
    • Intelligent WAN Design Overview
    • IWAN Hybrid Design Model
    • Cisco PfR Overview
    • Cisco PfR Versions
    • Cisco PfR Operations
    • Multisite Cisco PfR
    • Cisco PfR Design and Deployment Considerations
    • Summary

    Lesson 4: Campus Edge and Connectivity to Partners

    • Case Study: Campus Edge
    • Challenges of Connecting External Partners
    • Extranet TopologyRemote LAN Model
    • Extranet TopologyInterconnect Model
    • Security and Multitenant Segmentation
    • Summary

    Lesson 5: SDN and APIC-EM

    • SDN Overview
    • SDN Challenges
    • Direction of Nontraditional SDN
    • SDN Requirements
    • Cisco SDN Solutions
    • Enterprise WAN and Access Management
    • Cisco ONE: APIC-EM
    • Design APIC-EM
    • SDN Security Challenges
    • SDN Security: DC and EM
    • Summary

    Lesson 6: Module Summary

    • References

    Lesson 7: Module Self-Check

Module 4: Enterprise Data Center Integration

    Lesson 1: Modular and Scalable Data Center Network
    • Case Study: Connecting Servers to Enterprise LAN
    • Case Study: 2-Tier Data Center Network Architecture
    • Case Study: 3-Tier Data Center Network Architecture
    • Data Center Inter-VLAN Routing
    • End of Row vs. Top of Rack Design
    • Fabric Extenders
    • Case Study: Data Center High-Availability
    • Network Interface Controller Teaming
    • Cisco FabricPath
    • Overlay Networking in Data Center
    • Summary

    Lesson 2: Multi-Tenant Data Center

    • Multi-Tenant Data Center Overview
    • Secure Tenant Separation
    • Layer 3 Separation with VRF-Lite
    • Virtual Device Contexts
    • Case Study: Multi-Tenant Data Center
    • Micro-Segmentation with Overlay Networks
    • Summary

    Lesson 3: Data Center Interconnections

    • Need for DCI
    • IP Address Mobility
    • Case Study: Dark Fiber DCI
    • Pseudowire DCI
    • Virtual Private LAN Service DCI
    • Any Transport over MPLS over GRE
    • Layer 2 DCI Caveats
    • Overlay Transport Virtualization DCI
    • Overlay Networking DCI
    • Summary

    Lesson 4: Data Center Traffic Flows

    • Traffic Flow Directions
    • Traffic Flow Types
    • Case Study: Separation of Application Tiers
    • Securing East-West Traffic
    • Summary

    Lesson 5: SDN and APIC-DC

    • Application Centric Infrastructure Data Center
    • Cisco ACI Fabric
    • Network Virtualization Overlays
    • Design Applications Using Cisco ACI
    • Design EPGs
    • Designing Applications
    • Application Network Profile Discovery
    • Application Network Profile DiscoveryUnknown Applications
    • Summary

    Lesson 6: Module Summary

    • References

    Lesson 7: Module Self-Check

Module 5: Design Security Services

    Lesson 1: Security Services Overview
    • Network Security Zoning
    • Cisco Modular Network Architecture
    • Cisco Next-Generation Security
    • Summary

    Lesson 2: Designing Infrastructure Protection

    • Cisco Network Infrastructure Protection
    • Infrastructure Device Access
    • Secure Management Access
    • Routing Infrastructure
    • Device Resiliency and Survivability
    • Network Policy Enforcement
    • Switching Infrastructure
    • Summary

    Lesson 3: Designing Firewall and IPS Solutions

    • Firewall Architectures
    • Case Study: Implementing Firewall in Data Center
    • Virtualized Firewalls
    • Case Study: Firewalls High Availability
    • IPS Architectures
    • IPS High Availability

    Lesson 4: Designing Network Access Control Solutions

    • IEEE 802.1X Overview
    • Case Study: Authorization Options
    • IEEE 802.1X Phased Deployment
    • Extensible Authentication Protocol
    • 802.1X Supplicants
    • Cisco TrustSec
    • Summary

    Lesson 5: Module Summary

    • References

    Lesson 6: Module Self-Check

Module 6: Design QoS for Optimized User Experience

    Lesson 1: QoS Overview
    • IntServ vs. DiffServ
    • Classification and Marking Tools
    • Layer 2 Marking: IEEE 802.1Q/p Class of Service
    • Layer 3 Marking: IP Type of Service
    • Layer 3 Marking: DSCP Per-Hop Behaviors
    • Layer 2.5 Marking: MPLS Experimental Bits
    • Mapping QoS Marking Between OSI Layers
    • Layer 7 Classification: NBAR/NBAR2
    • Policers and Shapers
    • Token Bucket Algorithms
    • Policing Tools: Single-Rate Three-Color Marker
    • Policing Tools: Two-Rate Three-Color Marker
    • Queuing Tools: Overview
    • Queuing Tools: Tx-Ring
    • Queuing Tools: Fair-Queuing
    • Queuing Tools: CBWFQ
    • Queuing Tools: LLQ
    • Dropping Tools: DSCP-Based WRED
    • Dropping Tools: IP ECN
    • Summary

    Lesson 2: Recommended QoS Design Principles

    • Classification and Marking Design Principles
    • Policing and Remarking Design Principles
    • Queuing Design Principles
    • Dropping Design Principles
    • Per-Hop Behavior Queue Design Principles
    • RFC 4594 QoS Recommendations
    • QoS Strategy Models
    • 4-Class QoS Strategy
    • 8-Class QoS Strategy
    • 12-Class QoS Strategy
    • Summary

    Lesson 3: Campus QoS Design

    • Why Do We Need QoS in Campus?
    • VoIP vs. Video
    • Buffers and Bursts
    • Trust States and Boundaries
    • Trust States and Boundaries Example
    • Dynamic Trust State
    • Classification/Marking/Policing QoS Model
    • Queuing/Dropping Recommendations
    • EtherChannel QoS Design
    • Example: Campus QoS Design
    • Summary

    Lesson 4: Data Center QoS Design

    • Need for QoS in Data Center
    • Example: High Performance Trading Architecture
    • Example: Big Data Architecture
    • Example: Virtualized Multiservice Architectures
    • Data Center Bridging Toolset
    • Example: DC QoS Application
    • Summary

    Lesson 5: WAN QoS Design

    • Need for QoS in WAN and Branch
    • Platform Performance Considerations
    • Latency and Jitter Considerations
    • Queuing Considerations
    • Example: WAN and Branch QoS
    • Summary

    Lesson 6: MPLS VPN QoS Design

    • Need for QoS in MPLS VPN
    • L2 Private WAN QoS Administration
    • Fully Meshed MPLS VPN QoS Administration
    • MPLS DiffServ Tunneling Modes
    • Example: MPLS VPN QoS Roles
    • Summary

    Lesson 7: IPsec VPN QoS Design

    • Need for QoS in IPsec VPN
    • VPN Use Cases and Their QoS Models
    • IPsec Refresher
    • IOS Encryption and Classification Order of Operations
    • MTU Considerations
    • DMVPN QoS Considerations
    • GET VPN QoS Considerations
    • Summary

    Lesson 8: Module Summary

    • References

    Lesson 9: Module Self-Check

Module 7: Transition to IPv6

    Lesson 1: Deploying IPv6
    • IPv6: Why?
    • IPv6 Phased Approach
    • IPv6 Phased Approach: Business and Network Discovery Phase
    • IPv6 Phased Approach: Assessment
    • IPv6 Phased Approach: Planning and Design
    • IPv6 Phased Approach: Implementation and Optimization
    • First Steps Towards IPv6
    • Provider Independent vs. Provider Assigned
    • Where to Start the Migration
    • IPv6 Islands
    • IPv6 WAN
    • Transition Mechanisms
    • NAT64 and DNS64
    • Manual Tunnels
    • Tunnel Brokers
    • 6 Rapid Deployment
    • DS-Lite
    • LISP
    • Dual-Stack
    • Summary

    Lesson 2: Challenges with Transition to IPv6

    • IPv6 Services
    • Link Layer Security Considerations
    • Application Support
    • Application Adaptation
    • Application Workarounds
    • Control Plane Security
    • Dual Stack Security Considerations
    • Tunneling Security Considerations
    • Multihoming
    • Summary

    Lesson 3: Module Summary

    • References

    Lesson 4: Module Self-Check

Module 8: IP Multicast Design

    Lesson 1: Defining Multicast Distribution Trees and Forwarding
    • How Does IP Multicast Work?
    • Multicast Group
    • IP Multicast Service Model
    • Functions of a Multicast Network
    • Multicast Protocols
    • Multicast Forwarding and RPF Check
    • Case Study: RPF Check Fails and Succeeds
    • Multicast Protocol Basics
    • Multicast Distribution Trees Identification
    • Summary

    Lesson 2: Introducing PIM-SM Protocol and PIM-SM Enhancements

    • PIM-SM Overview
    • Receiver Joins PIM-SM Shared Tree
    • Source Is Registered to RP
    • PIM-SM SPT Switchover
    • Multicast Routing Table
    • Basic SSM Concepts
    • SSM Scenario
    • Bidirectional PIM
    • PIM Modifications for Bidirectional Operation
    • DF Election
    • DF Election Messages
    • Case Study: DF Election
    • Summary

    Lesson 3: Rendezvous Point Distribution Solutions

    • Rendezvous Point Discovery
    • Rendezvous Point Placement
    • Auto-RP
    • Auto-RP Candidate RPs
    • Auto-RP Mapping Agents
    • Auto-RP Other Routers
    • Case Study: Auto-RP Operation
    • Auto-RP Scope Problem
    • PIMv2 BSR
    • PIMv2 BSRCandidate RPs
    • PIMv2 BSRBootstrap Router
    • PIMv2 BSRAll PIMv2 Routers
    • BSR Flooding Problem
    • IPv6 Embedded Rendezvous Points
    • Anycast RP Features
    • Anycast RP Example
    • MSDP Protocol Overview
    • MSDP Neighbor Relationship
    • Case Study: MSDP Operation
    • Summary

    Lesson 4: IP Multicast Security

    • Multicast Security Challenges
    • Problems in the Multicast Network
    • Multicast Network Security
    • Network Element Security
    • Security at the Network Edge
    • Securing Auto-RP and BSR
    • Internal Multicast Security
    • Sender Control
    • Receiver Control
    • Admission Control
    • MSDP Security
    • Summary

    Lesson 5: Module Summary

    • References

    Lesson 6: Module Self-Check

Written Labs Outline

Challenge 1: Design Enterprise Connectivity

  • Design Enterprise Connectivity

Challenge 2: Design Enterprise BGP Network with Internet Connectivity

  • Design Internet Connectivity

Challenge 3: Design Resilient Enterprise WAN

  • Design WAN

Challenge 4: Design Enterprise Data Center Connectivity

  • Design Data Center Connectivity

Challenge 5: Design Secure Enterprise Network

  • Design a Secure Network

Challenge 6: Design QoS in Enterprise Network

  • Design High-Level QoS Solution

Challenge 7: Design Enterprise IPv6 Network

  • Design Transition to IPv6