Skip to main content
Ok, now we come to part 2 in the Voice QoS, in the first part we concluded when (I hope) we understand that Voice and QoS need to go together in order to Achieve a good and working env that will allow us to use all our application wisely. Also I have mentioned the wonderful NBAR, let me tell you this is the nicest tool I used in a long time and I am not kidding, what is better then simply Entering under the interface you want to see what is going on ! Interface X ip nbar protocol-discovery ! and poof like magic all your traffic is colored not pain no hassle you can see a table like so: sh ip nbar protocol-discovery stats bit-rate top-n 10 FastEthernet0/0 Input Output Protocol 5 minute bit rate (bps) 5 minute bit rate (bps) ------------------------ ------------------------ ------------------------ http 15000 13000 ssh 2000 0 rtp 21000 20000 smtp 0 0 secure-http 0 0 rtspplayer 0 0 eigrp 1000 0 icmp 0 0 pop3 2000 1000 dns 0 0 unknown 1000 1000 Total 42000 35000 Tell me isn’t it nice, now I can see clearly all my traffic marked and I can do what ever I want with it. Today networks are hybrid use all in one voice data video and as such each network need to be carefully examine and based on examination preparing a base line configuration for QoS. I have set on one of my network a classification like so: class-map match-any VOIP match protocol rtp audio class-map match-any DATA match protocol http match protocol ftp match protocol tftp match protocol secure-http match protocol secure-ftp match protocol pop3 match protocol smtp match protocol secure-pop3 match protocol snmp class-map match-any P2P match protocol gnutella match protocol gopher match protocol novadigm match protocol kazaa2 match protocol fasttrack match protocol napster class-map match-any HTTP_ATTACK match protocol http url "*.ida*" match protocol http url "*cmd.exe*" match protocol http url "*root.exe*" match protocol http url "*readme.eml*" classifying the most used and unwanted traffic! policy-map OFFICE class VOIP priority 100 set dscp ef class P2P drop class DATA bandwidth percent 40 policy-map OFFICE_IN class HTTP_ATTACK drop implementing a policy like so based on ~3 simultaneous voice calls setting for them a DSCP tag ef and any P2P I simply dropping where to Data I give at lease 40% of bandwidth on the incoming direction traffic matching the HTTP_ATTACK class I drop it also giving me some security using NBAR. So Now I showed you how you can use it on your Cisco nicely with a real world sample but be advised what is good for my network is not always and most cases isn’t what is good for yours so I strongly advice you start getting familiar first with nbar and what it can give you, then prepare you own network Baseline and then implement you own policy. Good Luck
Post a Comment

Popular posts from this blog

Step By Step MPLS – Basic MPLS Setup

Initial configuration , very basic with no MPLS, connectivity only to directly connected interfaces.R1R2R3R4!
!
!
interface Loopback0
ip address 1.1.1.1 255.255.255.255
!
interface FastEthernet0/0
ip address 10.0.31.1 255.255.255.0
duplex auto
speed auto
!
!
!
interface Loopback0
ip address 2.2.2.2 255.255.255.255
!
interface FastEthernet0/0
ip address 10.0.42.2 255.255.255.0
duplex auto
speed auto
!
!
!
interface Loopback0
ip address 3.3.3.3 255.255.255.255
no clns route-cache
!
interface FastEthernet0/0
ip address 10.0.31.3 255.255.255.0
duplex auto
speed auto
  no clns route-cache
!
interface Serial1/0
ip address 10.0.43.3 255.255.255.0
  serial restart-delay 0
no clns route-cache
!
!
!
interface Loopback0
ip address 4.4.4.4 255.255.255.255
no clns route-cache
!
interface FastEthernet0/0
ip address 10.0.42.4 255.255.255.0
duplex auto
speed auto
!
interface Serial1/0
ip address 10.0.43.4 255.255.255.0
  serial restart-delay 0
no clns route-cache
!
adding to the following configuration MPLS labels we will start wi…

What is about to change in CISSP from Apr 2018

Change have arrived and like with other professional certification there is almost a standard time before certification gets its update, with most anywhere it is between 3 - 4 years, CISSP is no different and since last update was on 2015 the change is arriving here as well.

For the people that wish to see the official existing and new outline

I have decided to write this post as the new out line is more of a list of Domain and Sections within the domain without hint or indication to what was modified actually and I could not find anyone else that done that comparison, I had to take the task and do the comparison, please be advised that I have done it for my own "pleasure" so apologies if I missed something :-)
Lets start with the obvious change:
CISSP - Before Apr 2018CISSP - from Apr 20181. Security and Risk Management16%15%2. Asset Security10%10%3. Security Engineering12%13%4. Communications and Network Security12%14%5. Identity and Access Management13%13%6. …

VRF Maximum Routes

Maximum routes under customer vrf, if the service provider had unlimited resources he would not have needed that!
however normally resources are limited and expensive, and Service provider would like to make money from his available resources. maximum routes configured under VRF provide a mean of controlling PE local resource and abuse avoidance from the CE side.I have vrf called DC_EXTRANET, you can see that I have 16 routes, I have configured 10 maximum routes under that vrf however I did not want to be aggressive so I have set the warning only option. See that immediately I get a notice that I have more routes then the maximum, however no action is taken other then alerting and sending a syslog. ! PE_ashdod_otherisp.n(config-vrf)# maximum routes 10 warning-only % The current number of routes in the routing table is equal to, or exceeds the configured warning limit PE_ashdod_otherisp.n(config-vrf)# *Nov 26 20:39:41.175: %IPRT-3-ROUTELIMITWARNING: IP routing table limit warning - DC_…