Documentation on Aaron's Worthless Words

ONT Notes - Pre-classify and End-to-end QoS

Thu, 04 Feb 2010 00:00:00 +0000

VPNs (Didn’t ISCW cover this?)
- Provide
  - Confidentiality
  - Integrity
  - Authentication
- Types
  - Remote-access
    - Client-initiated
    - NAS-initiated
  - Site-to-site
    - LAN-to-LAN
    - Extranet
L3 Tunneling protocols
- GRE
- IPSec
Pre-classify allows traffic to be classified before being sent across a tunnel or crypto-ed.
- qos pre-classify
- Provides a view into the original IP headers
- To classify on pre-tunnel header, apply the policy to the tunnel interface WITHOUT pre-classify.
- To classify on post-tunnel header, apply the policy to the physical interface WITHOUT pre-classify.
- To classify on pre-tunnel header, apply the policy to the physical interface WITH pre-classify.
SLA - agreement with provider to guarantee QoS mechanisms across their network based on your markings.
- Assures availability, loss, throughput, delay, and jitter.
End-to-end QoS
- To be effective, each hop in the path must have QoS configured similarly.
- Necessary in three locations
  - Campus - within the customer network
  - The edges - customer facing the provider, provider facing customer
  - On the provider network
QoS tasks
- Campus access switches
  - Speed/duplex settings
  - Classification
  - Trust
  - Phone/access switch configs
  - Multiple queues on switch ports, including priority for VOIP
- Campus distribution
  - L3 policing and marking
  - Multiple queues on switch ports, including priority for VOIP
  - WRED
- WAN edge
  - SLA definitions
  - LLQ
  - LFI
  - WRED
  - Shaping
- Provider cloud
  - Capacity planning
  - PHB
  - LLQ
  - WRED
Enterprise campus QoS implementation
- Implement multiple queues to avoid congestion
- Assign VOIP and video to highest priority queue
- Esablish trust boundaries
- Use policing to rate-limit excess traffic
- Use hardware QoS when possible
Control Plane Policing (CoPP)
- Applies QoS policy to traffic destined for the router
  - Routing protocols
  - Management protocols
- Can be used to avoid DOS attacks
- Applied to control-plane in global config

Using CDP To Track Down Physical Connections

Fri, 31 Oct 2008 00:00:00 +0000

We have a location that’s a few blocks down from the main office here, and we were reviewing the circuit size to make sure it was sized properly. Since not one person knows what’s going on and the trending graphs gave us conflicting details, one of our network dudes took me down to the site to do a physical survey to see what’s going on. Well, besides the fact that no one was there, we discovered a hodgepodge of routers and switches that were cross-connected to one another on multiple floors of the building (I really wish I could post pics to emote the effect). It’s kind of hard to figure out what’s going on when you can’t see both ends of the cable, so we had to abandon all hope.

Diagrams -- Physical Is Not Enough!

Thu, 24 Apr 2008 00:00:00 +0000

In my billion years in the industry, when I’ve asked for network diagrams, I’ve inevitably received a physical diagram – a diagram that shows where stuff is plugged in. This is fine and dandy and has lots of information, but that’s not really enough these days. In the times of Arthur, when every piece of network gear did a single thing, you only needed to know where things were plugged in. In the modern era, devices do more – a switch can route and house wireless, an ASA can terminate VPNs and be a switch – so you need more than just where the cables run.