Friday, February 23, 2007

CCIE LAB TIP 3550/3560

During my practice to the lab exam, i am facing with some new stuff and some memory refreshers. for me as I was explaining before I have been handling mostly voice in the past ~7 years, I would like to give you a tip hopefully it is only a memory refresher When you face with a setup of a new Catalyst 3550/3560 you will face the lab with some layer 3 When you take the Catalyst fresh configuration and you are trying to put under x interface an IP Address you could be facing with this error Bad mask /xx for address x.x.x.x and why!? due to the fact that Cisco do not use the first subnet after subneting the network unless you tell it to. also called subnet zero so under global config simply put ! (config)#ip subnet-zero ! and like magic no more Bad mask message.

Thursday, February 22, 2007

Ok, now we come to part 2 in the Voice QoS, in the first part we concluded when (I hope) we understand that Voice and QoS need to go together in order to Achieve a good and working env that will allow us to use all our application wisely. Also I have mentioned the wonderful NBAR, let me tell you this is the nicest tool I used in a long time and I am not kidding, what is better then simply Entering under the interface you want to see what is going on ! Interface X ip nbar protocol-discovery ! and poof like magic all your traffic is colored not pain no hassle you can see a table like so: sh ip nbar protocol-discovery stats bit-rate top-n 10 FastEthernet0/0 Input Output Protocol 5 minute bit rate (bps) 5 minute bit rate (bps) ------------------------ ------------------------ ------------------------ http 15000 13000 ssh 2000 0 rtp 21000 20000 smtp 0 0 secure-http 0 0 rtspplayer 0 0 eigrp 1000 0 icmp 0 0 pop3 2000 1000 dns 0 0 unknown 1000 1000 Total 42000 35000 Tell me isn’t it nice, now I can see clearly all my traffic marked and I can do what ever I want with it. Today networks are hybrid use all in one voice data video and as such each network need to be carefully examine and based on examination preparing a base line configuration for QoS. I have set on one of my network a classification like so: class-map match-any VOIP match protocol rtp audio class-map match-any DATA match protocol http match protocol ftp match protocol tftp match protocol secure-http match protocol secure-ftp match protocol pop3 match protocol smtp match protocol secure-pop3 match protocol snmp class-map match-any P2P match protocol gnutella match protocol gopher match protocol novadigm match protocol kazaa2 match protocol fasttrack match protocol napster class-map match-any HTTP_ATTACK match protocol http url "*.ida*" match protocol http url "*cmd.exe*" match protocol http url "*root.exe*" match protocol http url "*readme.eml*" classifying the most used and unwanted traffic! policy-map OFFICE class VOIP priority 100 set dscp ef class P2P drop class DATA bandwidth percent 40 policy-map OFFICE_IN class HTTP_ATTACK drop implementing a policy like so based on ~3 simultaneous voice calls setting for them a DSCP tag ef and any P2P I simply dropping where to Data I give at lease 40% of bandwidth on the incoming direction traffic matching the HTTP_ATTACK class I drop it also giving me some security using NBAR. So Now I showed you how you can use it on your Cisco nicely with a real world sample but be advised what is good for my network is not always and most cases isn’t what is good for yours so I strongly advice you start getting familiar first with nbar and what it can give you, then prepare you own network Baseline and then implement you own policy. Good Luck

Wednesday, February 21, 2007

Although I am taking the R&S Lab Exam my vast Experience is mainly i VOIP, I work for ~7 years with VoIP Company's and in the last 5 Years in the same Group Z-Group I have worked in the past years with more then 500 Carriers and with that I believe that I have the privileged to talk about it a little bit. As the Sys Admin in my company I have been loyal to Cisco Class 4 Equipment (mostly AS5300 AS5350 and AS5350XM I have also worked with MG200 AS5400 AS5800 and the small 26xx and 36xx), QoS is one of the major topics in the VoIP env as there is a growing number of Bandwidth Consuming Applications.in my company I am considering the QoS planing and deploying one of the most important part of deploying a successful and friendly VoIP Env. QoS is a way to make your network bandwidth utilization optimized without investing more bandwidth or separate env for voice and data. When you say that your network is full you should consider taking a survey see what is passing trough your network, one of the most usful tools I am using today is NBAR (Network Based Application Recognition)nbar is using PDLM (Protocol description Language Module) or in other words pre defined scripts that enabling the Cisco to recognize Applications and Protocols passing trough the Machine One of the first steps to deploy QoS is to recognize and define your traffic and some use also the term color your traffic. when you have colored traffic it is very easy to play with it, like we use tagging (mostly in OSPF) we can tag this is RTP that is P2P and so on...and after you have Classified your traffic you can say for example: if I want to give RTP priority over everything else I want to Drop P2P if they use more then 20KbpsI want to random detect (Work only with TCP called also WRED) and drop low classified packets randomly so I will not pass the threshold of allowed bandwidth. QoS allow us to set Queuing and Priorities to traffic patterns and that way: 1) Assuring important traffic over low important traffic 2) Allowing Administrator identify problems during and also before the happen 3) in some way also adding some security policy as you can defign that all P2P or IM should be Dropped and not allowed Most business's consider such applications as work disturbing Few Things regarding NBAR as it is grate it also has one major disadvantage, it is CPU consuming task and if you have already busy router you will have a problem, note that hardware issues are also one of the problems in achieving QoS. you must know your equipment and its capabilities. For now I will conclude this section of QoS and soon I will add part 2 to this with more notes mainly on Voice today and different types of implementations Scenarios.

Sunday, February 11, 2007

SORRY...

it has been a while since my last post as I am getting closer to the exam date my schedule is narrowing and I have a lot of pressure to achieve all my practice goals. I think it is very important mentally to achieve all your practice goals before any exam as you go into the exam you want to be able to say to your self that you did all you can to succeed. So again I apologies and soon I will give you some more notes on my prep

Risk Management - Quantitative risk assessment

The name kind of give away the type of assessment we talk about "Quantitative" according to google translate: relating to, meas...