Questions for 642 801
Does Verizon's Voyager stack up to the iPhone?
Keith checks out the Verizon Wireless Voyager multimedia phone, and compares it to Apple's iPhone.
Watch now
IEWB-DYN Lab 8
Tue, 26 Feb 2008 22:46:48 +0000
Tonight I worked through the core sections of Lab 8. As I write this I have just completed all core
Control back to a function present in a Class
Tue, 29 Apr 2008 10:56:38 GMT
I am calling a form from a function present in a class. The function is in a 'for' loop. The form does some functionality and on click of a button on the form, the control should get back to the function from where the form was called. Please help me to do this.
Network statements are no longer needed in OSPF configuration by Ivan Pepelnjak
Tue, 15 Apr 2008 12:24:29 +0000
A quick little interesting article, but a big change none the less.
“If you’ve ever had to configure OSPF on a Cisco router, you’re well familiar with the venerable network statement, which effectively assigns interfaces into OSPF areas based on their IP addresses. Although our life became simpler when the network statements stopped being order-dependent (the ...]
span style="font-style: italic; color: rgb(255, 102, 0);">The Cisco 10000 ESR makes it possible for service providers to be able to turn on QoS features without degrading performance, for the first time.
But we all know how marketing is. When you're about to buy something, you get the answer "YES" in everything. But when it comes to technical deployment and you find out that something cannot be done, you're said "this is a known limitation".
I've been working with 10k routers for quite a few years. Their characteristics seemed (at the time of buying) above the relevant market's offers and they were Cisco, just like many other products of us. If you want to insert a new product into your network and you're being stressed in terms of time, you're looking for something that will adapt as easily as possible with your existing infrastructure. If your account team reassures you that everything a 7200 can do, can also be done (much faster) by the 10k router, then you have another good reason for choosing it.
After ~20 TAC cases opened in a period of 4 years, regarding things that should be done but cannot be done due to the PXF, or things not working as supposed to due to the PXF, i must say that PXF is a very bad thing. If my memory serves me right, there isn't a single IOS release i have tried on the 10k router (from XI & SB series) that i haven't met a PXF issue. And the worst part is when you find out that the issue is due to the PXF (you can disable PXF manually, although it's not recommended because CPU will get high with very little traffic). You start wishing for someone else (bigger companies are preferred) to have found the same issue before you, so cisco will have already started its fix, otherwise you'll wait for many months (years?) to get a solution. It was a little secret between 10k developers that PXF is not easily programmed and there must be a BU approval for many things to be done.
But i want to be honest. Starting from XI2 we ended to XI9 where most things worked fine. Afterwards we started from SB2 and ended to SB11 where most things work fine until now. In the meantime we changed 10% of our systems infrastructure in order to follow 10k's gimmickry.
As it seems, everyone, even 10k routers, need their time...You just have to learn to accept the "NO" as an answer.
Then we have the Ugly...the SW and the 7200:
7200 router is a humble but respectable router which uses its CPU for everything. I have been using various 7200 routers for all kinds of jobs and there must have been less than the-fingers-of-one-hand things that the router cannot do. Of course, the router cannot do many things simultaneously without affecting its CPU.
That's its biggest drawback. But you won't get an answer from TAC saying that "this cannot be done due to XXX limitations".
Just for your reference: 64k sessions officially supported on the 10k, 14k sessions (75% cpu) actually on our 10k routers (with many things disabled). 16k sessions officially supported on the 7200, 3k sessions (75% cpu) actually on our 7200s (with everything enabled). It's all a matter of traffic and extra features.
And finally we have the Good...the QFP and the ASR1000:
Looking at the specifications you'll see the numbers decrease as more features are added.
i.e. using the ASR1000-ESP5 and looking at the performance:
| Up to 7 Mpps | Forwarding performance will vary depending on features configured |
| 4 Mpps | For the combination of the following commonly-used features: IPv4 forwarding, IP Multicast, ACL, QoS, Reverse Path Forwarding (RPF), load balancing, and Sampled NetFlow |
| 1 Mpps | For the combination of commonly-used features above + Firewall and Network Address Translation (FW/NAT); or, for the combination of commonly-used features above + IPsec hardware-assisted encryption |
Now, looking at the introduction page, we see the following:
Cisco ASR 1000 Series routers offer service providers and enterprises industry-leading performance, service capabilities, reliability, and efficiencies in a compact form factor. Using an innovative new Cisco QuantumFlow processor, current and future services can be instantly turned on to operate at line rate without compromising network performance or availability.
I already know the answer from our account team. "Yes, you can do whatever you like with ASR1000". But i also know the answer from TAC : "Sorry, this cannot be done due to QFP". So why am i giving it the characterization of "Good"? Because i'm hopping (at least) for quicker fixes:
...the Cisco QuantumFlow Processor uses a software architecture based on a full ANSI-C development environment implemented in a true parallel processing environment. Some traditional network processors rely upon difficult-to-implement microcode, making it difficult and time-consuming to add new capabilities. Other network processors offer higher-level language development but into a feature pipelined architecture. With the Cisco QuantumFlow Processor, new features can be added quickly as customer requirements evolve by taking advantage of industry-standard tools and languages built upon a powerful parallel processing architecture. This architecture represents a paradigm shift and evolution in the software architectures associated with network processing today...
And this is the part i liked most:
The Cisco IOS Software has no direct access to the hardware components in the system and is largely isolated from the platform architecture. This concept allows for different types of redundancy and modularity in the system. Even if the Cisco IOS Software is down (or has crashed), router administration personnel can still access the console and auxiliary console, and they can even perform Telnet, Secure Shell (SSH) Protocol, and Secure Sockets Layer (SSL) in the system and restart the Cisco IOS Software or perform Trivial File Transfer Protocol (TFTP) out the core dumps and other relevant information through the route-processor management port.
I've also read the isocore report. But after reading all these test reports (still waiting for someone to come out with a negative report) i'm little bit skeptical about the difference between their results and the results of real/actual network traffic.
BTW, reading all the redundancy stuff, an old question of mine came back to my mind: Why Cisco doesn't make the standby processor/supervisor/whatever be in active state too, so the whole system can "double" its power? Like we can choose the dual power-supply operation mode, we should be able to choose the redundancy mode : standby or cooperation.
PS: Am i the only one worried about the future of Service Modules? Until now, Cisco was pushing people to buying extra modules for each one of their services (application networking, security, wireless, etc) for better performance and wider features. Now Cisco integrated some of them into a single card and it's planning to continue doing so. Are we going round and round just to make Cisco richer?
I guess the majority of those who voted will be disappointed, but my decision is to take the CCIP exam...and then -maybe- (see the explanation at the end) the CCIE SP.
I have already passed BSCI from CCNP and some days ago i passed the QoS exam. That means i still have BGP & MPLS. BGP should be easy, because i know most of the stuff (because of the recent CCIE exam).
MPLS will be the most difficult exam, because i have very little experience on it (although i have read the theory behind it). My job involves many things, but not MPLS (there is another engineer responsible for this). Recently i started experimenting with some L2/L3 VPNs based on MPLS and the basic stuff seemed easy. On the other hand, there were a lot of advanced features that seemed unknown to me. Based on my learning experience on past subjects i would say i'll need a month in order to gain a good understanding of MPLS. Something above the basic, but still not all the advanced topics.
Now....the explanation about the forementioned "maybe". If at the end of the CCIP i have enjoyed MPLS (i must enjoy a technology in order to understand it fully and experiment more with it), i'll probably proceed with the CCIE SP exam. MPLS/VPLS seems like (i won't say "is" because some other vendors have different opinions) a technology of the future (although it's already widely deployed) and i'm definitely interested in it. Surely VPLS looks more interesting because of my LAN "passion".
But there is another prerequisite. I don't know what will happen with my job. I was given a bonus for passing the CCIE lab, but i was to told to wait (for some weeks/months/years?) for an answer to my salary increase request. In the meantime i "rejected" another job, because i thought i would get the salary increase immediately (after the end of February) on the current job. I've asked to have a meeting with my boss hoping to get a more specific answer: when and how much. Based on this, i'll either continue with my current job or continue the who's-looking-for-a-ccie job hunting. And if i decide to change my job, i don't know whether i'll have the needed free time to go through another CCIE lab (at least in the beginning). So, only time will tell.
The PPPoE connections start from the user's CPE and end at a 10000 router (bras). A rough network diagram is the following:
CPE --- DSLAM --- ME-3400 ----------|
CPE --- DSLAM --- ME-3400 ------- 3750 --- 7600 --- 10000 --- internet
CPE --- DSLAM --- ME-3400 ----------|
Double-tagging happens between the 3750 and the 10000 router (each ME-3400 represents a S-VLAN).
Since normal LAN cards (67xx) on the 7600 cannot do egress shaping/policing on L2 ports and PRE-2 on 10000 doesn't support hierarchical ethernet QoS, i though i should try to limit the downstream traffic (from internet to CPE) on the 3750.
Here comes the fun part...
3750 doesn't support (direct) classification based on CoS.
3750(config)#class-map TEST
3750(config-cmap)#match ?
access-group Access group
input-interface Select one or more input interfaces to match
ip IP specific values
That would be the best solution, because the 10000 marks by default all the PPP/PPPoE control packet with CoS 7, so it would be very easy to distinguish them from the normal/data packets (that have CoS 0).
Then i though of using the ethertype field to differentiate the 2 PPPoE classes. PPPoE uses 2 different ethertypes, one for its discovery stage and one for its session stage.
mac access-list extended PPPoE-DISCOVERY
permit any any 0x8863 0x0
mac access-list extended PPPoE-SESSION
permit any any 0x8864 0x0
class-map match-any PPPoE-DATA-CLASS
match access-group name PPPoE-SESSION
class-map match-any PPPoE-CONTROL-CLASS
match access-group name PPPoE-DISCOVERY
That would also be a good solution, although i would miss the PPP control packets. But there is a major problem here. The PPPoE ethertype is hidden inside the double-tagged frame so it cannot be checked.
PPPoE : Dest-MAC | Source-MAC | Ethertype | Payload
0x8863
single-tagged PPPoE : Dest-MAC | Source-MAC | Ethertype | Tag | Ethertype | Payload
0x8100 0x8863
double-tagged PPPoE : Dest-MAC | Source-MAC | Ethertype | Tag | Ethertype | Tag | Ethertype | Payload
0x8100 0x8100 0x8863
0x8100 is the ethertype used by the 802.1q standard. Cisco uses what i would call a "hack" in order to implement 802.1q tunneling (or QinQ). It uses the same value (0x8100) for the inner and outer ethertype.
There is an option to change the outer ethertype from the 10000's side (making it -among other choices- 802.1ad compliant), but you have to change it for all the subinterfaces of a main interface and of course you cannot define it explicitly for PPPoE control packets.
10000(config-if)#dot1q tunneling ethertype ?
0x88A8 dot1q tunneling etype 0x88A8
0x9100 dot1q tunneling etype 0x9100
0x9200 dot1q tunneling etype 0x9200
So what solved my problem? The following very simple config:
mac access-list extended PPPoE-DISCOVERY
permit any any cos 7
mac access-list extended PPPoE-SESSION
permit any any cos 0
That way we can have indirect classification based on CoS.
Like we have DSCP & IP Prec match for ip access-lists, we can have a CoS match for mac access-lists. Just keep in mind that CoS (like most things) in switches is only checked by hardware. Packets forwarded or bridged by software are treated as having a CoS of 0 in ACL matches.
Here is an interesting question for all of you: How do you match IP traffic based on CoS?
CCIE Plaque and Certificate
As an official CCIE, you will receive an engraved plaque and certificate, shipped to the address listed in your profile within 10-12 weeks. Please make sure your contact information is up-to-date.
Yesterday, one month after my lab exam, i received my CCIE plaque (if that can be considered a plaque). According to some people it's a crystal inscribed plaque. According to my own perception/feeling/impression (call it whatever you like) it seems like a plastic frame with an inkjet-like "printed paper" inside it and glass on top of it. I'm also still searching for the "engraved" part of it.
As it seems, Cisco is trying to cut expenses (although the CCIE lab recently increased its price). It's a shame that the plaque for one of the best certifications out there seems so cheap. Someone else would probably have created a better plaque by simply putting the CCIE certificate inside a nice wooden/silver frame. Btw, the DHL receipt shows MJR as the sender and $10 as customs value.
After contacting a friend of mine (a CCIE too), i was told that the advertising company, that had created the first CCIE plaques (the ones with a bronzed circular medallion in a wooden frame), is probably still selling these for all CCIEs who may want the old-style plaque (my friend bought his 2 years ago). The company is Brandvia and this is the page from their website regarding the CCIE plaque and jacket.
I have sent them an email requesting more info about the price, the payment/delivery method and of course asking them if they still sell the old CCIE plaques.
I hope i'll get a positive answer soon...
Cisco, one more
for you!Btw, one week ago, i had received my CCIE certification. Nothing extreme here:
Just an update here.
On 25/Feb/2008 i got an answer from BrandVia and they say that they are no longer authorized to make the old style CCIE plaques (like Scott said) and that i should talk with the Certification Program Manager, Abby Douglas. I sent an email to Abby too, but i never got an answer...
These are some features that differentiate it from the simple 67xx cards:
- Subinterfaces
- Subinterface Switchport / Subinterfaces MultiPoint Bridging (MPB) with Spanning Tree
- Ethernet Multipoint Bridging with Local VLAN significance per port
- Double-tag IP termination
- Flexible QinQ mapping and termination
- many MPLS features
- many QoS features
The ES20 card supports (among other) the following L2 features:
Flexible QinQ Mapping and Service Awareness
The Flexible QinQ Mapping and Service Awareness on 7600-ESM-2X10GE and 7600-ESM-20X1GE feature allows service providers to offer triple-play services, residential internet access from a DSLAM, and business Layer 2 and Layer 3 VPN by providing for termination of double-tagged dot1q frames onto a Layer 3 subinterface at the access node.
We had put all our efforts to produce some respectable reading matter on 642 801. We sure do wish it's respectable enough for you.
#
642 801 Products we recommend
Photo Paper & Labels
ccie security lab
ccie security lab audio
Labels: ccie voice labs
posted by Jordan-Jones47 at 2:15 PM
0 comments
