Ccnp on Aaron's Worthless Words

The Start of Another Year

Wed, 05 Jan 2011 00:00:00 +0000

How did 2010 turn out? Not as well as I would have liked.

Stubby Post - Changes to CCNA Voice, CCVP, and CCSP

Wed, 20 Oct 2010 00:00:00 +0000

I don’t usually cover news from Cisco, but they’ve changed some certification stuff around again, and I thought I would bring it up. This time they’ve changed the CCNA Voice, CCVP, and CCSP, so, if you’ve on those tracks, be careful what you’re studying!

CCNA Voice

Circle 28 February 2011 on your calendars. That’s when the CCNA Voice track gets a shakeup. The IIUC (640-460) exam will be no more, and passing CVOICE (642-436) will no longer be a valid way to get the cert. After the big day, you’ll have to take ICOMM (640-461). This seems to be a much broader exam instead of having the enterprise and commercial focuses in CVOICE and IIUC, respectively. Look out for both CME- and CUCM-based topics including a troubleshooting section.

ROUTE - Epic Win!

Mon, 19 Jul 2010 00:00:00 +0000

Woohoo! I passed the ROUTE test this morning. That means I’m done with the CCNP track! :)

If you remember, I took it over a week ago and had some bad luck on it. Alright, bad luck is the wrong phrase. I didn’t study enough and failed it. This time, though, I had a special weapon on my side - the ROUTE Foundations book. I haven’t used the Foundations books before, but, I saw some tweets about this one, so I picked it up off of Safari. In just a couple pages, I realized that I was reading the answers to several questions directly out of the book. It was amazing. I only studied my weak points and wound up with 144 more points than I did last time. I can’t say that was entirely because of the book, but I must say it was a big reason.

ROUTE Notes - Further IGP Redistribution

Sun, 18 Jul 2010 00:00:00 +0000

As always, corrections are requested.

Study Questions

I’ve got IGRP and EIGRP both configured with the same AS number. What’s special about this configuration?

If both use the same AS number, then they automatically redistribute their routes into each other without using the redistribute command.

When redistributing one IGP into another, where’s a good place to filter routes?

There’s no one good place, but at the router(s) that’s doing the redistribution is a good start. There’s no need to send an IGP a bunch of routes it doesn’t need.

ROUTE Notes - Controlling BGP

Tue, 06 Jul 2010 00:00:00 +0000

Corrections, please. I skipped a bunch of BGP intro stuff to get to the juicy center. I’ll see if I can come back later and finish the other parts for posterity.

Study Notes

Is BGP route selection a controversial subject?

Yes. If you ask 1000 network guys the best way to influence BGP, you’ll probably get 1000 different answers.

At what position in the PA list of a BGP update do you find the weight attribute?

You don’t. Weight is a Cisco-proprietary thing.

ROUTE Notes - Branch Office Routing

Mon, 05 Jul 2010 00:00:00 +0000

Corrigeme, por favor.

Study Notes

What do IPSec tunnels give you when a branch office is on a broadband connection?

Privacy through encryption Authentication of the remote peer through ISAKMP Delivery of private data over the public Internet

What do you need to configure to get your branch router talking to the Internet?

ISP connection configuration such as PPPoE or PPPoA DHCP server configuration for internal users NAT Firewall services like inspection and filtering

ROUTE Notes - Implementing IPv6 in an IPv4 Network

Sun, 04 Jul 2010 00:00:00 +0000

Study Questions

Your boss says that ever host in the network needs to be converted over to IPv6 by the end of the day. Which of multipoint tunnels, point-to-point tunnels, or native IPv6 would be the most appropriate to use to help with that conversion?

Native IPv6

The engineering department wants to permanently use IPv6 on their test boxes in two offices. Which of multipoint tunnels, point-to-point tunnels, or native IPv6 would be the most appropriate to use?

Point-to-point tunnels

ROUTE Notes - Routing IPv6

Wed, 30 Jun 2010 00:00:00 +0000

Study Questions

Why would anyone develop a version of RIP that supports IPv6?

I have no idea. Boredom, maybe. Whatever the case, it works just like RIPv2, which is pretty scary.

In EIGRP for IPv4, there are several requirements for two routers to neighbor up. Which of those is not true for EIGRP for IPv6?

The two routers don’t need to be in the same subnet. The concept of the link local address takes care of that need since neighbors always share a common medium like an Ethernet segment or a serial link.

ROUTE Notes - Intro to IPv6

Tue, 29 Jun 2010 00:00:00 +0000

Study Notes

Exactly how big is an IPv6 address?

It’s 128 bits long.

This shouldn’t be on the test, but how many unique addresses is that?

That’s 2^128 or a “3” with 38 zeros after it. That’s also 2^95 addresses for each person on earth.

Surely we’re not writing in binary, are we?

No way. IPv6 uses 32 hex characters. Each character is 4 bits, so we wind up with 128 bits of data.

ROUTE Notes - PBR and IP SLA

Thu, 24 Jun 2010 00:00:00 +0000

Feel free to correct.

Study Questions

What’s the most primitive way to get traffic destined to a single host to use a different path than your dynamic IGP dictates?

Use a static route.

What’s the most primitive way to get traffic sourced from a single host to use a different path than your dynamic IGP dictates?

Use policy-based routing (PBR).

What’s the most primitive way to get traffic sourced from a single host and destined for another host to use a different path than your dynamic IGP dictates?

Use PBR.

ROUTE Notes - More IGP Redistribution

Wed, 23 Jun 2010 00:00:00 +0000

As always, feel free to correct.

Study Notes

When a router redistributes from one routing protocol to another, where does the router get the list of routes to redistribute?

From the routing table. Only IGP A’s routes (not topology or successors) are redistributed into IGP B’s domain.

What are two methods of filtering redistributed routes?

Use a route-map in the redistribute line or a distribute-list.

Of the two methods for filtering, which one has more options?

The route-map method has more options. You can match on all sorts of stuff, including an ACL or interface, and filter based on that.

ROUTE Notes - IGP Redistribution

Tue, 22 Jun 2010 00:00:00 +0000

As always, feel free to correct.

Study Questions

When you redistribute OSPF into EIGRP, what are you really redistributing?

Routes knows via OSPF Networks of OSPF-enabled interfaces

What’s the default cost of an EIGRP route redistributed into OSPF?

What’s the default metric of an OSPF route redistributed into EIGRP?

There is none since EIGRP has all those nifty k-values that have to be processed. Routes actually won’t redistribute without them.

ROUTE Notes - OSPF Virtual Links and Frame Relay Stuff

Mon, 21 Jun 2010 00:00:00 +0000

Feel free to correct. I feel like I’m missing a big piece here, so please fill in a gap if you see one. Thanks. :)

Study Questions

How many area 0s (zero) can you have in an OSPF implementation

Just one.

If my company merges with another company, and we’re both running OSPF, how can we get our networks routing together properly?

The easiest thing to do is to connect your two area 0s together through some physical link. If you can, you can use virtual links to connect an ABR to another ABR to extend the zones together.

ROUTE Notes - OSPF Filtering and Summarization

Sun, 20 Jun 2010 00:00:00 +0000

Feel free to correct all this stuff. Additions are also welcome.

Study Questions

How do I keep an area route from reaching a router in that area?

You don’t. That defeats the whole purpose of having the topology database on every router. If you filtered one route from a router, there’s no way that SPF could calculate routes correctly.

Fine, then. Where do I filter routes?

You filter routes on an ABR or ASBR. Since routers only have the whole topology for their area, it’s safe to filter routes from another area or from a redistributed routing protocol. On a more technical note, you’re filtering type-3 LSAs on an ABR and type-5 LSAs on an ASBR.

ROUTE Notes - Controlling Routes in EIGRP

Thu, 17 Jun 2010 00:00:00 +0000

Corrections welcome.

Study Questions

Why would you ever want to summarize routes?

Summarizing routes minimizes the routes advertised to the network. For example, instead of advertising 192.168.0.0/24, 192.168.1.0/24…192.168.n.0/24, a router can advertise a single route to 192.168.0.0/16. Keeping routing tables small saves hardware resources, minimizes convergence times, helps avoid route flapping, and makes the routing table easier to read for humans.

When will an EIGRP router auto-summarize a route?

If a router has interfaces that that are in different classes of network (Class A, B, C), then that router will auto-summarize those routes up to the classful boundary. For example, if you have a 10.0.0.1/24 and a 192.168.100.1/30, the router will advertise 10.0.0.0/8 and 192.168.100.0/24.

ROUTE Notes - EIGRP Neighbor Relationships

Thu, 17 Jun 2010 00:00:00 +0000

Or neighborships, as they call it in the book. What a terrible word.

Study Questions

What settings must match between two routers in order to become EIGRP neighbors?

Both routers must be in the same primary subnet Both routers must be configured to use the same k-values Both routers must in the same AS Both routers must have the same authentication configuration (within reason) The interfaces facing each other must not be passive

ROUTE Notes - EIGRP Topology Stuff

Thu, 17 Jun 2010 00:00:00 +0000

Study Questions

How do you keep EIGRP from killing your WAN?

You can use the ip bandwidth-percent eigrp AS X command to limit the amount of bandwidth that EIGRP uses to update neighbors.

How does EIGRP calculate how much bandwidth it can use for each frame relay PVC?

By default, EIGRP takes 50% of the (sub)interface’s configured bandwidth (with the bandwidth command) to use for updates on NBMA (non-broadcast mutliaccess) networks like frame relay. This value is divided equally among all the PVC configured on that interface.

ROUTE - Redistribution Nuance #2 - OSPF External Metric Types

Sun, 06 Jun 2010 00:00:00 +0000

Last time, we talked about a nifty little lab I set up for redistribution and how the OSPF ASBRs acted a little differently than I expected. This time, let’s look at how changing external OSPF routes to a metric-type of 1 (E1) affects the routing tables.

Here’s the network again.

The static routes are being redistributed into their respective IGPs, and EIGRP is being redistributed into OSPF. Let’s look at the routing table on R1.

SWITCH - Epic Fail

Thu, 06 May 2010 00:00:00 +0000

I did my standard 2ish-hour drive to the closest testing center today to take the SWTCH test (642-813). Utter failure. That’s 3 for those scoring at home.

The test was the absolute worst I’ve ever taken. I know that I complain a lot, but this is totally justified in my eyes. My 4th grade spelling tests were better than this. I’ve seen kindergarten plays with better production value.

First of all, it was poorly written. Whoever wrote those questions has a few pieces of information about English sentence structure missing from their skill set. A sentence needs a verb, right? Well, a lot of the sentences were missing those. It’s kind of important to know what the whole point of the sentence is, or is that too much to ask? The “drag this over here” exercise questions all started with the same 13-word phrase that left the question so long that it was unreadable. A couple of commas would have been nice in some. Others I just had to infer from the answers what they were trying to ask.

Stubby Post - UplinkFast

Wed, 28 Apr 2010 00:00:00 +0000

I’ve got a few switches daisy chained together with single links and have enabled UplinkFast on them. This switch is not the root bridge; F0/24 is the root port and F0/23 is a blocked alternate port. I’ve got debug spanning-tree uplinkfast on to help out.

SW3#sh span | incl 0/2[34]
Fa0/23           Altn BLK 3019      128.23   P2p
Fa0/24           Root FWD 3019      128.24   P2p

Now let’s unplug F0/24 and see what happens.

SWITCH - STP Exercise #1

Thu, 22 Apr 2010 00:00:00 +0000

Here’s an STP exercise for you. Given the bridge priorities, MAC addresses, and interface types in the diagram, calculate the root bridge, root ports, designated ports, and blocked ports. You can click on the image to enlarge it. I’ll post a solution in the next few days. As always, feel free to comment and ridicule my utter idiocy. Be gentle, though; I don’t usually post exercises like this.

Send any ~~configuration BPDUs~~ questions my way.

ONT - Epic WIN!

Thu, 08 Apr 2010 00:00:00 +0000

Two down, two to go. After much groaning and moaning, I’ve finally passed my ONT test. The path to this point has been full of road blocks and covered in potholes, but I finally managed to power through it. Thank $deity.

If you remember, I’ve had quite a time with finding a testing center that’s convenient (or open for that matter), so I took the test at yet another center to see what they offer. The facility was great; it was very quiet and clean, and the people were wonderfully friendly, which is a new concept to me. Usually, the people don’t care about testers, but, being a center for inmates at state prisons (yes, prisoners), they do nothing but vocational and professional testing there. That’s a lot better than the facilities who give their own students priority or who make money on training instead of testing. The center is just over 2 hours away, but I think this place may be the best so far. I’ll have to see what the future holds, though.

NBAR and HTTP Data Conversations

Mon, 08 Mar 2010 00:00:00 +0000

I’m still working on the ONT test and doing labs, so I marked up a lab for me to work. I’m using the same setup as I did last time. The two routers are 3640s running 12.4(25b).

Part of the lab was to identify HTTP traffic coming into F0/0 and mark it as CS3. That’s pretty easy, right? Of course, the lab I made up was a little more complicated, but the point comes clear with a simpler example.

Stubby post: ROUTE Cert Kit Giveaway

Thu, 04 Mar 2010 00:00:00 +0000

Rofi at ITDualism is giving away a ROUTE cert kit to a random commenter. Swing by there and put your name in the hat.

ONT - Epic Fail

Tue, 16 Feb 2010 00:00:00 +0000

I failed the ONT test today. It was an utter lack of subject matter knowledge that did me in from the beginning. When the first three questions mention things that I’ve never even heard, it’s going to be a long test. I’ll take blame on it for sure, but the test was a lot darker than I imagined it would be.

I heard from a couple people that the ONT test was the easiest of the 4 CCNP test. I must say today’s test was a LOT harder than the ISCW test I took back in December. Most of the questions were fair, but there were a few that were down-right evil or unanswerable. Without giving too much away, there were some matching questions that had multiple items with multiple answers, rendering the answer to a guess. I even ran into a CLI question about the WLC, which surely wasn’t mentioned anywhere I studied, and I don’t have a spare sitting around on which to test. The icing, though, was the number of questions about FRTS; I know I need to understand it, but the magical question dice landed on that topic way too many times in my opinion.

ONT Notes - WLAN Management

Sat, 13 Feb 2010 00:00:00 +0000

Elements of Cisco Unified Wireless Network

Client devices - Cisco compatible extensions on WLAN clients
Mobility platform - allows configuration of LWAPs through WLCs
Network unification - integration into the rest of the network with WLCs doing RF management, IPS, etc.
World-class network management - centralized management through WCS
Unified advanced services - supports advanced technologies and threat detection

WLAN Implementation

Autonomous and LWAP

Category	Autonomous	LWAP
Access Point	Autonomous APs	LWAPs
Control	Individual configurations	Configuration through WLCs
Dependency	Independent operations	Dependent on WLC
Management	CiscoWorks WLSE and WDS	WCS
Redundancy	Through APs	Through WLCs

Wireless LAN Services Engine (WLSE)

ONT Notes - 802.1x and Encryption on LWAPs

Fri, 12 Feb 2010 00:00:00 +0000

Traditional WLAN weaknesses
- SSID for security
- Vulnerable to rogue APs
- MAC filtering for security
- WEP
WEP weaknesses
- Disribution of static keys is not scalable
- WEP keys can be cracked easily
- Vulnerable to dictionary attacks
- No protection against rogue APs
Benefits of 802.1x
- Centralized authentication through Radius via AAA
- Mutual authentication between client and auth server
- Can use multiple encryption algorithms (AES, WPA, TKIP, WEP)
- Automatic dynamic WEP keys
- Roaming
Requirements of 802.1x
- EAP-capable client (supplicant)
- 802.1x-capable AP (authenticator)
- EAP-capable auth server

Table 1. Characteristics of the EAP variants

ONT Notes - QoS On Wireless Networks

Thu, 11 Feb 2010 00:00:00 +0000

Wireless LANs (WLANs)
- Extensions to wired LANs
- Carrier sense multiple access collision avoidance (CSMA/CA) as media access method
- Uses distributed coordinated function (DCF) for collision avoidance
- DCF is based on RF carrier sense, inter-frame spacing (IFS), and random wait timers
Wifi QoS standards
- 802.11e
  - IEEE standard
  - 0-7 priority levels
- Wifi Multimedia (WMM)
  - Four access categories
    - Platinum (voice) - 6 or 7 802.11e
    - Gold (video) - 4 or 5 802.11e
    - Silver (BE) - 0 or 3 802.11e
    - Bronze (Background) - 1 or 2 802.11e
- WMM and 802.11e replace DCF with EDCF
Cisco Split-MAC
- Splits functions between Lightweight access points (LWAPs) and WLAN controllers (WLCs)
- LWAPs handle real-time functions
  - Beacon generation
  - Probe transmission and response
  - Power management
  - 802.11e/WMM scheduling and queuing
  - Packet buffering
  - Encryption/decryption
  - Control frame/message processing
- WLCs handle non-real-time functions
  - Association/disassociation/reassociation
  - 802.11e/WMM resource reservation
  - 802.1x EAP
  - Key management
  - Authentication
  - Fragmentation
  - Ethernet-WLAN bridging
End-to-end QoS
- Step 1: WLC copies DSCP from switch to outer DSCP and outer 802.1p and sends to LWAP over LWAPP tunnel
- Step 2: LWAP copies outer DSCP from WLC to 802.11e/WMM field and sent to client
- Step 3: LWAP copies 802.11e/WMM value from the client to outer DSCP and sends it to WLC
- Step 4: WLC copies outer DSCP from WLAP to 802.1p (CoS) fields and sends it to the switch
Web interface (do you even need to know this?)
- Controller>QoS Profiles
  - Per-User Bandwidth Contracts - set avg data rate, burst data rate, avg real-time rate, and burst real-time rate
  - Over the Air QoS
    - Maximum RF usage per AP (%)
    - Queue Depth - queue size before dropping packets
    - Wired QoS Protocol - 802.1p or None
- Controller>WLANs>Edit
  - For each WLAN ID, set the QoS value: plat, gold, silver, bronze
  - WMM Policy
    - Disabled - 802.11e/WMM QoS requests are ignored
    - Allowed - 802.11e/WMM QoS requests are sent
    - Required - 802.11e/WMM QoS requests are required

ONT Notes - AutoQoS

Wed, 10 Feb 2010 00:00:00 +0000

AutoQoS benefits
- Automates QoS for most deployments
- Protects business-critical apps to maximize availability
- Simplifies QoS deployments
- Reduces configuration errors
- Cheaper, faster, and simpler deployments
- Follows DiffServ
- Allows complete control over QoS configs
- Allows modification of auto-generated configs
AutoQoS phases of evolution
- AutoQoS VOIP - Early version that configures the basics without discovery
- AutoQoS for Enterprise - Second version that only runs on routers and uses two-step process
  - Autodiscovery using NBAR
  - Generation of class maps
AutoQoS key elements
- Application classification
- Policy generation
- Configuration
- Monitoring and reporting
- Consistency
Interfaces that you can configure AutoQoS on
- Serial ifs with PPP and HDLC
- FR point-to-point subifs (NOT multipoint)
- ATM point-to-point subifs
- FR-to-ATM links
Prerequsites
- No Qos policy already configured on if
- CEF enabled on if
- Correct bandwidth configured on if
- IP address on low-speed if
Configuring AutoQoS Enterprise on a router (NOT a switch)
- auto qos discovery - begins discovery process
- auto qos - generates and applies MQC-based policies
Configuring AutoQoS VOIP
- auto qos voip [ trust | cisco-phone ]
Verifying AutoQoS on router
- show auto discovery qos - get autodiscovery results
- show auto qos - examine configuration generated
  - Number of classes
  - Classification options
  - Marking options
  - Queuing mechanisms
  - Other QoS mechanisms
  - If, subif, PVC where policy is applied
- show policy-map interface - look at if stats
Verify AutoQoS VOIP
- show auto qos
- show policy-map interface
- show mls qos maps - shows CoS to DSCP mappings
Possible issues with AutoQoS
- Too many traffic classes - manually consolidate some
- Configuration doesn’t change - rerun AutoQoS
- Configuration may not fit your situation - fine-tune it by hand
Fine-tuning AutoQoS
- Use QPM
- CLI
- copy policy into editor, change, reapply
AutoQoS can match on characteristics besides ACLs and NBAR
- match input interface
- match cos
- match ip precedence
- match ip dscp
- match ip rtp

ONT Notes - Pre-classify and End-to-end QoS

Thu, 04 Feb 2010 00:00:00 +0000

VPNs (Didn’t ISCW cover this?)
- Provide
  - Confidentiality
  - Integrity
  - Authentication
- Types
  - Remote-access
    - Client-initiated
    - NAS-initiated
  - Site-to-site
    - LAN-to-LAN
    - Extranet
L3 Tunneling protocols
- GRE
- IPSec
Pre-classify allows traffic to be classified before being sent across a tunnel or crypto-ed.
- qos pre-classify
- Provides a view into the original IP headers
- To classify on pre-tunnel header, apply the policy to the tunnel interface WITHOUT pre-classify.
- To classify on post-tunnel header, apply the policy to the physical interface WITHOUT pre-classify.
- To classify on pre-tunnel header, apply the policy to the physical interface WITH pre-classify.
SLA - agreement with provider to guarantee QoS mechanisms across their network based on your markings.
- Assures availability, loss, throughput, delay, and jitter.
End-to-end QoS
- To be effective, each hop in the path must have QoS configured similarly.
- Necessary in three locations
  - Campus - within the customer network
  - The edges - customer facing the provider, provider facing customer
  - On the provider network
QoS tasks
- Campus access switches
  - Speed/duplex settings
  - Classification
  - Trust
  - Phone/access switch configs
  - Multiple queues on switch ports, including priority for VOIP
- Campus distribution
  - L3 policing and marking
  - Multiple queues on switch ports, including priority for VOIP
  - WRED
- WAN edge
  - SLA definitions
  - LLQ
  - LFI
  - WRED
  - Shaping
- Provider cloud
  - Capacity planning
  - PHB
  - LLQ
  - WRED
Enterprise campus QoS implementation
- Implement multiple queues to avoid congestion
- Assign VOIP and video to highest priority queue
- Esablish trust boundaries
- Use policing to rate-limit excess traffic
- Use hardware QoS when possible
Control Plane Policing (CoPP)
- Applies QoS policy to traffic destined for the router
  - Routing protocols
  - Management protocols
- Can be used to avoid DOS attacks
- Applied to control-plane in global config

ONT Notes - Congestion Avoidance, Policing, Shaping, and Link Efficiency

Wed, 03 Feb 2010 00:00:00 +0000

Tail drop drawbacks
- TCP synchronization - Dropping TCP packets from different flows can cause them all to window down and back up again at the same time in cycles.
- TCP starvation - Non-TCP or aggressive flows can starve everyone else out when TCP throttles back.
- No differentiated drop - Tail drop doesn’t care who you are, so you get dropped if the queue is full.
RED - Random Early Detection
- Avoids tail drop by randomly dropping packets from the queue before it gets full
- Only dropped TCP flows slow down instead of everyone who has sent a packet since the queue filled
- Queues are smaller.
- Link utilization is more efficient
- Configured with
  - Minimum threshold - start dropping when the queue is this size
  - Maximum threshold - if the queue is this big, start tail dropping
  - Mark probability denominator (MPD) - 1/MPD is the ratio of packets to drop when between the thresholds
WRED - Weighted RED
- Based on IP precedence or DSCP values
- Less-important packets are dropped more aggressively than important packets
- Applied to an interface, VC or a class within a policy map
CBWRED - Class based WRED
- Configured with CBWFQ
Policing
- Limits subrate bandwidth (give you 100kbps on a T1)
- Limits traffic of certain applications
- Any traffic that exceeds police is dropped or re-classified; it’s a hard limit
- Inbound or outbound
Shaping
- Sets a limit but buffers any in excess
- Requires memory to store the buffer
- Buffers = delay and/or jitter
- Outbound only
- Can respond to network signals like BECNs and FECNs
Token and bucket
- The queue is a bucket; if a byte of data needs to be sent, it needs a token.
- If there are enough tokens, the traffic is considered conforming.
- If there aren’t enough tokens, the traffic is considered exceeding, which triggers the drop (policing), re-classify (policing), or buffer (shaping).
Frame relay traffic shaping (FRTS)
- Only controls frame relay traffic
- Applied on subif or DLCI
- Support fragmentation and interleaving
- Reacts to FECNs and BECNs
Compression
- Removed redundancy and patterns in data
- Less data = less latency
- Hardware compression or hardware-assisted compression does not involve the main CPU
- Software compression does
- Payload compression
- Header compression
Link fragmentation and interleaving
- Small data might be waiting for larger data pieces to finish sending
- Chunks data into smaller fragments so they don’t have to wait
- Interleaving shuffles flows in the Tx queue

ONT Notes - Queuing

Sun, 24 Jan 2010 00:00:00 +0000

Here are some more notes from my studies. Of course, no one cares about them but me, but it’s my blog. I’m sure someone will find it useful. Please help to correct dumbass mistakes.

Congestion
- Speed mismatch - traffic leaves a lower-bandwidth interface than the one it came in on
- Aggregation problem - lots of links with one egress of equal bandwidth
- Confluence problem - a bunch of traffic needs to egress out of the same interface
Queuing

ONT Notes – Classification, Marking, and NBAR

Fri, 22 Jan 2010 00:00:00 +0000

Here’s another set of notes from my ONT studies. I’m sure someone will find it useful. Please help to correct dumbass mistakes.

Classification is done with traffic desriptors
- Ingress interface
- CoS value on ISL or 802.1P frames
- Source/destination IP address
- IP Precedence or DSCP value
- MPLS EXP
- Application type
Layer 3 QoS
- Type of Service (ToS) is 8-bit field.
- First 3 bits of ToS are the IP precedence.
- First 6 bits of ToS are the DSCP value.
- Last 2 bits of ToS are explicit congestion notification (ECN).
Layer 2 QoS

ONT Notes - Intro to QoS

Thu, 21 Jan 2010 00:00:00 +0000

I’ll try to keep it a little shorter this time.

Major issues for converged enterprise networks

Available bandwidth: competition among applications
- Fixes
  - Increase bandwidth: More power!
  - Properly queue based on classification and marking: QoS
  - Compress: cRTP, TCP header compression, etc.
Delay: Lead time to get a packet to the destination
- Types of delay
  - Processing delay: routing, switch delay
  - Queuing delay: how long a frame stays in an output queue
  - Serialization delay: how long to put the frame on the wire
  - Propagation delay: the time to cross the physical medium
Jitter (delay variation): Variation is the delay
- Different delays mean different arrival times
- De-jitter buffers save up packets to reduce jitter (like the old CD writers)
- Fixes
  - More bandwidth
  - Prioritize sensitive data and forward first
  - Remark (reclassify) packets based on sensitivity
  - Enable L2 payload compression: make sure compression delay isn’t worse than the jitter
  - Use header compression
Packet loss: Packets are lost in the network somewhere
- Fixes
  - More bandwidth
  - Increase buffers space: more room for the queue on the interface
  - Provide guaranteed bandwidth: Queuing and QoS
  - Congestion avoidance
    - Random Early Detection (RED) and weighted RED (WRED) drop packets before the queue is full
    - Selective dropping is better than FIFO or LIFO dropping

QoS History

ONT Notes - VOIP Networks

Sun, 10 Jan 2010 00:00:00 +0000

Here are some of the notes I’ve been taking while reading over the ONT book. I hope it benefits somebody. Feel free to correct any stupid mistakes as a paraphrase to avoid a lawsuit.

There’s way too much info here. I’ll refine the process a little better for the next topics.

Benefits of Packet Telephony Networks

More efficient use of bandwidth and equipment - Packet telephony networks don’t dedicate channels or a static bandwidth to a call; it’s just another network application.
Consolidate network expense - The common infrastructure (IP-based networks) keeps you from having to support another distinct network for voice like in traditional PBX implementations.
Improved employee productivity - The phone can be used for more than just phone calls by utilizing the XML interface to run applications or provide content from the network.
Access to new communications devices - IP phones can communicate with computers, network gear, PDAs, etc., and not just the PBX.

Packet Telephony Components

ISCW Down, Three To Go

Thu, 10 Dec 2009 00:00:00 +0000

I took and passed the ISCW test today. I was super-nervous going into it, which is weird for me, but I finally calmed down after the first few questions. Here’s my take. I don’t want to get into any trouble so I’m not going to include very much detail.

The testing center wasn’t very good at all. It’s in an old building on the busiest road in town, and the noise from the street was barely dampened by the 1960s building materials. I can tell you that there are three different pipes in the walls since their vibrations resonated through the room every time somebody flushed or brewed some coffee. There was also a little foot traffic, which can be expected anywhere; they were working through some software problems on another testing station and were very respectful, so it wasn’t too bad. The worst part of the whole ordeal, though, was the Microsoft class I sat through while taking the test. They were across the hall, but it sounded like they were in the room with me. Usually, you hear the instructor yelling at the top of his lungs so the whole class can hear, but I could hear questions being asked and papers being moved. I think I can go pass a test of AD replication, though. I certainly won’t be using that facility for any more tests.

ISCW Notes - Role-based Views

Thu, 05 Nov 2009 00:00:00 +0000

I’m at training for the ISCW test this week, and this topic came up yesterday. Since it came up last week at the office, I figure it was a sign from $deity that it was time for a blog entry.

An admin in another business unit was trying to set up command access for some of his techs. He was going through a couple of routers and assigning commands to privilege levels so that his techs could access them. He was having a boat load of problems, though, and couldn’t get it to work

BCMSN Notes - EtherChannel Distribution

Tue, 23 Jun 2009 00:00:00 +0000

EtherChannel lets you aggregate links into one logical connection, but the distribution of traffic is not uniform. It does not use per-packet load-balancing or the like to determine what interface in the bundle to use. Instead, it uses a XOR function on packet information to generate a hash that is used to determine what interface to use.

By default, the switch will use both the source and destination IP addresses to generate the hash, but there are lots of others.

BCMSN Notes -- STP States

Fri, 22 May 2009 00:00:00 +0000

I’ve decided to take on the CCNP certification, so I’m going to wind up with a few posts will be more my own notes than anything. :)

A switch port on a 2960 comes up with a default configuration on VLAN 1. What happens from the perspective of spanning-tree?

First, the port comes up on blocking mode. This is to make sure that loops aren’t created without first listening to the network to see what’s going on.
Next, if the port may be a root or designated port, the port is moved to the listening state. In this state, the port can send and receives BPDUs only. It can’t send traffic, but it can discover the other switches participating in STP.
After the forwarding delay, the port goes into the learning state. In this state, the port can send and receive BPDUs as in listening, but it can now receive traffic. It can’t yet send any.
After the forwarding delay again, the port goes into the forwarding state. The port can now send and receive data.

If the port is configured with spanning-tree portfast, the mode goes from blocking directly to forwarding without going through these steps. Obviously you don’t want a switch plugged into a port configured for portfast since you may wind up with a loop.

The Cisco Network Hierarchical Model

Wed, 06 Feb 2008 00:00:00 +0000

I got my CCNP certification library the other day to finally get myself another cert, so I’ve been doing some reading of late. The thing I hate about certs is that, even if you have all the experience in the world, there’s always a whole mess of academic stuff that no one really knows or cares about. One of those things is the Cisco Network Hierarchical Model. This model is purely academic and comes with the caveat that you may or may not want to need to use this model in your situation. In other words, here’s what we recommend, but do what you want to make your network run properly.