Document for internetwork expert dynamips
internetwork expert dynamips in the news
span style="font-style: italic; color: rgb(255, 102, 0);">The Cisco 10000 ESR makes it possible for service providers to be able to turn on QoS features without degrading performance, for the first time.
But we all know how marketing is. When you're about to buy something, you get the answer "YES" in everything. But when it comes to technical deployment and you find out that something cannot be done, you're said "this is a known limitation".
I've been working with 10k routers for quite a few years. Their characteristics seemed (at the time of buying) above the relevant market's offers and they were Cisco, just like many other products of us. If you want to insert a new product into your network and you're being stressed in terms of time, you're looking for something that will adapt as easily as possible with your existing infrastructure. If your account team reassures you that everything a 7200 can do, can also be done (much faster) by the 10k router, then you have another good reason for choosing it.
After ~20 TAC cases opened in a period of 4 years, regarding things that should be done but cannot be done due to the PXF, or things not working as supposed to due to the PXF, i must say that PXF is a very bad thing. If my memory serves me right, there isn't a single IOS release i have tried on the 10k router (from XI & SB series) that i haven't met a PXF issue. And the worst part is when you find out that the issue is due to the PXF (you can disable PXF manually, although it's not recommended because CPU will get high with very little traffic). You start wishing for someone else (bigger companies are preferred) to have found the same issue before you, so cisco will have already started its fix, otherwise you'll wait for many months (years?) to get a solution. It was a little secret between 10k developers that PXF is not easily programmed and there must be a BU approval for many things to be done.
But i want to be honest. Starting from XI2 we ended to XI9 where most things worked fine. Afterwards we started from SB2 and ended to SB11 where most things work fine until now. In the meantime we changed 10% of our systems infrastructure in order to follow 10k's gimmickry.
As it seems, everyone, even 10k routers, need their time...You just have to learn to accept the "NO" as an answer.
Then we have the Ugly...the SW and the 7200:
7200 router is a humble but respectable router which uses its CPU for everything. I have been using various 7200 routers for all kinds of jobs and there must have been less than the-fingers-of-one-hand things that the router cannot do. Of course, the router cannot do many things simultaneously without affecting its CPU.
That's its biggest drawback. But you won't get an answer from TAC saying that "this cannot be done due to XXX limitations".
Just for your reference: 64k sessions officially supported on the 10k, 14k sessions (75% cpu) actually on our 10k routers (with many things disabled). 16k sessions officially supported on the 7200, 3k sessions (75% cpu) actually on our 7200s (with everything enabled). It's all a matter of traffic and extra features.
And finally we have the Good...the QFP and the ASR1000:
Looking at the specifications you'll see the numbers decrease as more features are added.
i.e. using the ASR1000-ESP5 and looking at the performance:
Now, looking at the introduction page, we see the following:
Cisco ASR 1000 Series routers offer service providers and enterprises industry-leading performance, service capabilities, reliability, and efficiencies in a compact form factor. Using an innovative new Cisco QuantumFlow processor, current and future services can be instantly turned on to operate at line rate without compromising network performance or availability.
I already know the answer from our account team. "Yes, you can do whatever you like with ASR1000". But i also know the answer from TAC : "Sorry, this cannot be done due to QFP". So why am i giving it the characterization of "Good"? Because i'm hopping (at least) for quicker fixes:
...the Cisco QuantumFlow Processor uses a software architecture based on a full ANSI-C development environment implemented in a true parallel processing environment. Some traditional network processors rely upon difficult-to-implement microcode, making it difficult and time-consuming to add new capabilities. Other network processors offer higher-level language development but into a feature pipelined architecture. With the Cisco QuantumFlow Processor, new features can be added quickly as customer requirements evolve by taking advantage of industry-standard tools and languages built upon a powerful parallel processing architecture. This architecture represents a paradigm shift and evolution in the software architectures associated with network processing today...
And this is the part i liked most:
The Cisco IOS Software has no direct access to the hardware components in the system and is largely isolated from the platform architecture. This concept allows for different types of redundancy and modularity in the system. Even if the Cisco IOS Software is down (or has crashed), router administration personnel can still access the console and auxiliary console, and they can even perform Telnet, Secure Shell (SSH) Protocol, and Secure Sockets Layer (SSL) in the system and restart the Cisco IOS Software or perform Trivial File Transfer Protocol (TFTP) out the core dumps and other relevant information through the route-processor management port.
I've also read the isocore report. But after reading all these test reports (still waiting for someone to come out with a negative report) i'm little bit skeptical about the difference between their results and the results of real/actual network traffic.
BTW, reading all the redundancy stuff, an old question of mine came back to my mind: Why Cisco doesn't make the standby processor/supervisor/whatever be in active state too, so the whole system can "double" its power? Like we can choose the dual power-supply operation mode, we should be able to choose the redundancy mode : standby or cooperation.
PS: Am i the only one worried about the future of Service Modules? Until now, Cisco was pushing people to buying extra modules for each one of their services (application networking, security, wireless, etc) for better performance and wider features. Now Cisco integrated some of them into a single card and it's planning to continue doing so. Are we going round and round just to make Cisco richer?
Tassos (CCIE™ No. 19858) tag:blogger.com,1999:blog-4567382598724166625.post-2429726989239059964 2008-03-03T21:28:00.015+02:00 2008-04-09T12:27:44.549+03:00 CCIP and then -maybe- CCIE SP The poll has been closed and it's time to announce my decision...
I guess the majority of those who voted will be disappointed, but my decision is to take the CCIP exam...and then -maybe- (see the explanation at the end) the CCIE SP.
I have already passed BSCI from CCNP and some days ago i passed the QoS exam. That means i still have BGP & MPLS. BGP should be easy, because i know most of the stuff (because of the recent CCIE exam).
MPLS will be the most difficult exam, because i have very little experience on it (although i have read the theory behind it). My job involves many things, but not MPLS (there is another engineer responsible for this). Recently i started experimenting with some L2/L3 VPNs based on MPLS and the basic stuff seemed easy. On the other hand, there were a lot of advanced features that seemed unknown to me. Based on my learning experience on past subjects i would say i'll need a month in order to gain a good understanding of MPLS. Something above the basic, but still not all the advanced topics.
Now....the explanation about the forementioned "maybe". If at the end of the CCIP i have enjoyed MPLS (i must enjoy a technology in order to understand it fully and experiment more with it), i'll probably proceed with the CCIE SP exam. MPLS/VPLS seems like (i won't say "is" because some other vendors have different opinions) a technology of the future (although it's already widely deployed) and i'm definitely interested in it. Surely VPLS looks more interesting because of my LAN "passion".
But there is another prerequisite. I don't know what will happen with my job. I was given a bonus for passing the CCIE lab, but i was to told to wait (for some weeks/months/years?) for an answer to my salary increase request. In the meantime i "rejected" another job, because i thought i would get the salary increase immediately (after the end of February) on the current job. I've asked to have a meeting with my boss hoping to get a more specific answer: when and how much. Based on this, i'll either continue with my current job or continue the who's-looking-for-a-ccie job hunting. And if i decide to change my job, i don't know whether i'll have the needed free time to go through another CCIE lab (at least in the beginning). So, only time will tell. Tassos (CCIE™ No. 19858) tag:blogger.com,1999:blog-4567382598724166625.post-8016989577573756202 2008-02-24T21:55:00.021+02:00 2008-02-25T12:12:51.591+02:00 How to match CoS on a 3750 During the last 2 days i have been trying to limit ingress PPPoE traffic passing through a 3750 switch. In order to be as strict as possible, i didn't want to drop any PPP/PPPoE control packets, like PPP keepalives/LCP auth or PADI/PADO/PADR/PADS, otherwise there was a high possibility that the PPPoE connections of some users would be dropped (because of missed PPP keepalives) or would not be established (because of missed PPPoE discovery packets).
The PPPoE connections start from the user's CPE and end at a 10000 router (bras). A rough network diagram is the following:
CPE --- DSLAM --- ME-3400 ----------|
CPE --- DSLAM --- ME-3400 ------- 3750 --- 7600 --- 10000 --- internet
CPE --- DSLAM --- ME-3400 ----------|
Double-tagging happens between the 3750 and the 10000 router (each ME-3400 represents a S-VLAN).
Since normal LAN cards (67xx) on the 7600 cannot do egress shaping/policing on L2 ports and PRE-2 on 10000 doesn't support hierarchical ethernet QoS, i though i should try to limit the downstream traffic (from internet to CPE) on the 3750.
Here comes the fun part...
3750 doesn't support (direct) classification based on CoS.
That would be the best solution, because the 10000 marks by default all the PPP/PPPoE control packet with CoS 7, so it would be very easy to distinguish them from the normal/data packets (that have CoS 0).
Then i though of using the ethertype field to differentiate the 2 PPPoE classes. PPPoE uses 2 different ethertypes, one for its discovery stage and one for its session stage.
That would also be a good solution, although i would miss the PPP control packets. But there is a major problem here. The PPPoE ethertype is hidden inside the double-tagged frame so it cannot be checked.
0x8100 is the ethertype used by the 802.1q standard. Cisco uses what i would call a "hack" in order to implement 802.1q tunneling (or QinQ). It uses the same value (0x8100) for the inner and outer ethertype.
There is an option to change the outer ethertype from the 10000's side (making it -among other choices- 802.1ad compliant), but you have to change it for all the subinterfaces of a main interface and of course you cannot define it explicitly for PPPoE control packets.
So what solved my problem? The following very simple config:
That way we can have indirect classification based on CoS.
Like we have DSCP & IP Prec match for ip access-lists, we can have a CoS match for mac access-lists. Just keep in mind that CoS (like most things) in switches is only checked by hardware. Packets forwarded or bridged by software are treated as having a CoS of 0 in ACL matches.
Here is an interesting question for all of you: How do you match IP traffic based on CoS? Tassos (CCIE™ No. 19858) tag:blogger.com,1999:blog-4567382598724166625.post-4642177543282425335 2008-02-23T16:30:00.023+02:00 2008-04-26T13:04:31.334+03:00 CCIE plaque - too cheap for a CCIE? From the CCIE Program Features :
CCIE Plaque and Certificate
As an official CCIE, you will receive an engraved plaque and certificate, shipped to the address listed in your profile within 10-12 weeks. Please make sure your contact information is up-to-date.
Yesterday, one month after my lab exam, i received my CCIE plaque (if that can be considered a plaque). According to some people it's a crystal inscribed plaque. According to my own perception/feeling/impression (call it whatever you like) it seems like a plastic frame with an inkjet-like "printed paper" inside it and glass on top of it. I'm also still searching for the "engraved" part of it.
As it seems, Cisco is trying to cut expenses (although the CCIE lab recently increased its price). It's a shame that the plaque for one of the best certifications out there seems so cheap. Someone else would probably have created a better plaque by simply putting the CCIE certificate inside a nice wooden/silver frame. Btw, the DHL receipt shows MJR as the sender and $10 as customs value.
After contacting a friend of mine (a CCIE too), i was told that the advertising company, that had created the first CCIE plaques (the ones with a bronzed circular medallion in a wooden frame), is probably still selling these for all CCIEs who may want the old-style plaque (my friend bought his 2 years ago). The company is Brandvia and this is the page from their website regarding the CCIE plaque and jacket.
I have sent them an email requesting more info about the price, the payment/delivery method and of course asking them if they still sell the old CCIE plaques.
I hope i'll get a positive answer soon...
Cisco, one more
for you!
Btw, one week ago, i had received my CCIE certification. Nothing extreme here:
Just an update here.
On 25/Feb/2008 i got an answer from BrandVia and they say that they are no longer authorized to make the old style CCIE plaques (like Scott said) and that i should talk with the Certification Program Manager, Abby Douglas. I sent an email to Abby too, but i never got an answer... Tassos (CCIE™ No. 19858) tag:blogger.com,1999:blog-4567382598724166625.post-324451312016310462 2008-02-13T22:49:00.051+02:00 2008-02-14T01:35:17.395+02:00 7600-ESM-20X1GE (7600-ES20) testing The last week i've been experimenting with an ES20 card and i must say i'm impressed. A lot of nice features (that should be standard in the simple 6500/7600 LAN cards too) are included while some other are there to help you accomplish whatever ethernet scenario comes into your mind.
These are some features that differentiate it from the simple 67xx cards:
The ES20 card supports (among other) the following L2 features:
Flexible QinQ Mapping and Service Awareness
The Flexible QinQ Mapping and Service Awareness on 7600-ESM-2X10GE and 7600-ESM-20X1GE feature allows service providers to offer triple-play services, residential internet access from a DSLAM, and business Layer 2 and Layer 3 VPN by providing for termination of double-tagged dot1q frames onto a Layer 3 subinterface at the access node.
I forgot to announce the countdown to my next attempts :)
As of now, it should be countdown from 6 to 1. Next Monday is my big day on the next attempt.
Nervous? Can't feel it ;)
I am making the statement now: I can claim that I am an 'expert' for CCIE candidancy. However, at times, I still
find some questions quite confusing. Most of the time, all of those questions turned out to be "ahhh ... just like
that", or in the more happening: "oh, so that is the meaning of that question".
Only two tasks left and those two tasks could only be carried out during exam. The first one is on how to ask
'proper' question to the proctor in order to clarify those 'confusing' questions. The second tasks is: the DocCD.
All this while, whenver I have some spare time at work, either I remote to home or I opened up the DocCD. The
second one is more likely to happen ;) I wish I could have Internet access from my client's toilet, hahaha ... but it
is not critical nor important to my client.
So far, I don't feel any 'improvements' in the DocCD skills as I have always used it for my daily tasks and
references. Before the preparation of this CCIE exam, I used DocCD for references only. During the preparation of
this exam, the DocCD has been turned just like my daily 'newspaper' that have no date and the contents never changed,
yet I like reading it just like the novel or any relaxing literature.
Am I start to sound like nuts? I always am! And I am proud to be called 'nuts' as all of my nutty ideas that
brought me up to this level (and many more exciting ideas to happen in my entire life!)
One of the nutty idea is being a (multiple) CCIE. So, this is considered a crazy ideas, either me or my close peer
that knows me :) You will know it later as I keep updating this blogs in the future and I will surely inform you all
on what happens after I have crossed the path on my first CCIE track.
If anyone of you asked, "what do you plan after you pass this CCIE?", my answer would be:
- If you are prospective employer: here I am, ready for your disposal (with appropriate reward of course)
- If you are my technology peer (in CCIE): I will get ready for CCIE storage ;)
- If you are my business partner: here I am, know having this credentials and how may I help you?
- If you are my students and you are wondering which path would secure you in the job market: follow my steps:
go straight away as CCIE. Do not waste your time in CCNA or CCNP exam. However, there is no harm in attending
the exam preparation, but no need to do the exam ;) - If you are my students and does not like networking: study hard ye lazy scum!
- If you are my students that study areas that I teached outside networking: take this opportunity while I can (and
willing) to share my knowledge. Squeeze my brain to 0 for your future! Challenge me for any mistakes that I did
(purposely or coincidentally). I am still human, but I will asure you: I am teaching you some lesson here :) - If you are my peers at SV: get ready to have me in your area and life soon! I will surely bring something
different that not many people would expect me to do it.
Which one are you from the above options? I will give you the chance to enjoy the benefits of having me in your
team. I am not talking big here, but when I decided to take that path and anjoy it, nothing will be able to stop me
:) If you feel you could afford me, then buzz me up or drop me a line, I will find the best way to give you the
solutions. Either I am the solution, I am part of the solution or I know someone that have that solution.
Till then ....
span style="font-style: italic; color: rgb(255, 102, 0);">The Cisco 10000 ESR makes it possible for service providers to be able to turn on QoS features without degrading performance, for the first time.
But we all know how marketing is. When you're about to buy something, you get the answer "YES" in everything. But when it comes to technical deployment and you find out that something cannot be done, you're said "this is a known limitation".
I've been working with 10k routers for quite a few years. Their characteristics seemed (at the time of buying) above the relevant market's offers and they were Cisco, just like many other products of us. If you want to insert a new product into your network and you're being stressed in terms of time, you're looking for something that will adapt as easily as possible with your existing infrastructure. If your account team reassures you that everything a 7200 can do, can also be done (much faster) by the 10k router, then you have another good reason for choosing it.
After ~20 TAC cases opened in a period of 4 years, regarding things that should be done but cannot be done due to the PXF, or things not working as supposed to due to the PXF, i must say that PXF is a very bad thing. If my memory serves me right, there isn't a single IOS release i have tried on the 10k router (from XI & SB series) that i haven't met a PXF issue. And the worst part is when you find out that the issue is due to the PXF (you can disable PXF manually, although it's not recommended because CPU will get high with very little traffic). You start wishing for someone else (bigger companies are preferred) to have found the same issue before you, so cisco will have already started its fix, otherwise you'll wait for many months (years?) to get a solution. It was a little secret between 10k developers that PXF is not easily programmed and there must be a BU approval for many things to be done.
But i want to be honest. Starting from XI2 we ended to XI9 where most things worked fine. Afterwards we started from SB2 and ended to SB11 where most things work fine until now. In the meantime we changed 10% of our systems infrastructure in order to follow 10k's gimmickry.
As it seems, everyone, even 10k routers, need their time...You just have to learn to accept the "NO" as an answer.
Then we have the Ugly...the SW and the 7200:
7200 router is a humble but respectable router which uses its CPU for everything. I have been using various 7200 routers for all kinds of jobs and there must have been less than the-fingers-of-one-hand things that the router cannot do. Of course, the router cannot do many things simultaneously without affecting its CPU.
That's its biggest drawback. But you won't get an answer from TAC saying that "this cannot be done due to XXX limitations".
Just for your reference: 64k sessions officially supported on the 10k, 14k sessions (75% cpu) actually on our 10k routers (with many things disabled). 16k sessions officially supported on the 7200, 3k sessions (75% cpu) actually on our 7200s (with everything enabled). It's all a matter of traffic and extra features.
And finally we have the Good...the QFP and the ASR1000:
Looking at the specifications you'll see the numbers decrease as more features are added.
i.e. using the ASR1000-ESP5 and looking at the performance:
| Up to 7 Mpps | Forwarding performance will vary depending on features configured |
| 4 Mpps | For the combination of the following commonly-used features: IPv4 forwarding, IP Multicast, ACL, QoS, Reverse Path Forwarding (RPF), load balancing, and Sampled NetFlow |
| 1 Mpps | For the combination of commonly-used features above + Firewall and Network Address Translation (FW/NAT); or, for the combination of commonly-used features above + IPsec hardware-assisted encryption |
Now, looking at the introduction page, we see the following:
Cisco ASR 1000 Series routers offer service providers and enterprises industry-leading performance, service capabilities, reliability, and efficiencies in a compact form factor. Using an innovative new Cisco QuantumFlow processor, current and future services can be instantly turned on to operate at line rate without compromising network performance or availability.
I already know the answer from our account team. "Yes, you can do whatever you like with ASR1000". But i also know the answer from TAC : "Sorry, this cannot be done due to QFP". So why am i giving it the characterization of "Good"? Because i'm hopping (at least) for quicker fixes:
...the Cisco QuantumFlow Processor uses a software architecture based on a full ANSI-C development environment implemented in a true parallel processing environment. Some traditional network processors rely upon difficult-to-implement microcode, making it difficult and time-consuming to add new capabilities. Other network processors offer higher-level language development but into a feature pipelined architecture. With the Cisco QuantumFlow Processor, new features can be added quickly as customer requirements evolve by taking advantage of industry-standard tools and languages built upon a powerful parallel processing architecture. This architecture represents a paradigm shift and evolution in the software architectures associated with network processing today...
And this is the part i liked most:
The Cisco IOS Software has no direct access to the hardware components in the system and is largely isolated from the platform architecture. This concept allows for different types of redundancy and modularity in the system. Even if the Cisco IOS Software is down (or has crashed), router administration personnel can still access the console and auxiliary console, and they can even perform Telnet, Secure Shell (SSH) Protocol, and Secure Sockets Layer (SSL) in the system and restart the Cisco IOS Software or perform Trivial File Transfer Protocol (TFTP) out the core dumps and other relevant information through the route-processor management port.
I've also read the isocore report. But after reading all these test reports (still waiting for someone to come out with a negative report) i'm little bit skeptical about the difference between their results and the results of real/actual network traffic.
BTW, reading all the redundancy stuff, an old question of mine came back to my mind: Why Cisco doesn't make the standby processor/supervisor/whatever be in active state too, so the whole system can "double" its power? Like we can choose the dual power-supply operation mode, we should be able to choose the redundancy mode : standby or cooperation.
PS: Am i the only one worried about the future of Service Modules? Until now, Cisco was pushing people to buying extra modules for each one of their services (application networking, security, wireless, etc) for better performance and wider features. Now Cisco integrated some of them into a single card and it's planning to continue doing so. Are we going round and round just to make Cisco richer?
I guess the majority of those who voted will be disappointed, but my decision is to take the CCIP exam...and then -maybe- (see the explanation at the end) the CCIE SP.
I have already passed BSCI from CCNP and some days ago i passed the QoS exam. That means i still have BGP & MPLS. BGP should be easy, because i know most of the stuff (because of the recent CCIE exam).
MPLS will be the most difficult exam, because i have very little experience on it (although i have read the theory behind it). My job involves many things, but not MPLS (there is another engineer responsible for this). Recently i started experimenting with some L2/L3 VPNs based on MPLS and the basic stuff seemed easy. On the other hand, there were a lot of advanced features that seemed unknown to me. Based on my learning experience on past subjects i would say i'll need a month in order to gain a good understanding of MPLS. Something above the basic, but still not all the advanced topics.
Now....the explanation about the forementioned "maybe". If at the end of the CCIP i have enjoyed MPLS (i must enjoy a technology in order to understand it fully and experiment more with it), i'll probably proceed with the CCIE SP exam. MPLS/VPLS seems like (i won't say "is" because some other vendors have different opinions) a technology of the future (although it's already widely deployed) and i'm definitely interested in it. Surely VPLS looks more interesting because of my LAN "passion".
But there is another prerequisite. I don't know what will happen with my job. I was given a bonus for passing the CCIE lab, but i was to told to wait (for some weeks/months/years?) for an answer to my salary increase request. In the meantime i "rejected" another job, because i thought i would get the salary increase immediately (after the end of February) on the current job. I've asked to have a meeting with my boss hoping to get a more specific answer: when and how much. Based on this, i'll either continue with my current job or continue the who's-looking-for-a-ccie job hunting. And if i decide to change my job, i don't know whether i'll have the needed free time to go through another CCIE lab (at least in the beginning). So, only time will tell.
The PPPoE connections start from the user's CPE and end at a 10000 router (bras). A rough network diagram is the following:
CPE --- DSLAM --- ME-3400 ----------|
CPE --- DSLAM --- ME-3400 ------- 3750 --- 7600 --- 10000 --- internet
CPE --- DSLAM --- ME-3400 ----------|
Double-tagging happens between the 3750 and the 10000 router (each ME-3400 represents a S-VLAN).
Since normal LAN cards (67xx) on the 7600 cannot do egress shaping/policing on L2 ports and PRE-2 on 10000 doesn't support hierarchical ethernet QoS, i though i should try to limit the downstream traffic (from internet to CPE) on the 3750.
Here comes the fun part...
3750 doesn't support (direct) classification based on CoS.
3750(config)#class-map TEST
3750(config-cmap)#match ?
access-group Access group
input-interface Select one or more input interfaces to match
ip IP specific values
That would be the best solution, because the 10000 marks by default all the PPP/PPPoE control packet with CoS 7, so it would be very easy to distinguish them from the normal/data packets (that have CoS 0).
Then i though of using the ethertype field to differentiate the 2 PPPoE classes. PPPoE uses 2 different ethertypes, one for its discovery stage and one for its session stage.
mac access-list extended PPPoE-DISCOVERY
permit any any 0x8863 0x0
mac access-list extended PPPoE-SESSION
permit any any 0x8864 0x0
class-map match-any PPPoE-DATA-CLASS
match access-group name PPPoE-SESSION
class-map match-any PPPoE-CONTROL-CLASS
match access-group name PPPoE-DISCOVERY
That would also be a good solution, although i would miss the PPP control packets. But there is a major problem here. The PPPoE ethertype is hidden inside the double-tagged frame so it cannot be checked.
PPPoE : Dest-MAC | Source-MAC | Ethertype | Payload
0x8863
single-tagged PPPoE : Dest-MAC | Source-MAC | Ethertype | Tag | Ethertype | Payload
0x8100 0x8863
double-tagged PPPoE : Dest-MAC | Source-MAC | Ethertype | Tag | Ethertype | Tag | Ethertype | Payload
0x8100 0x8100 0x8863
0x8100 is the ethertype used by the 802.1q standard. Cisco uses what i would call a "hack" in order to implement 802.1q tunneling (or QinQ). It uses the same value (0x8100) for the inner and outer ethertype.
There is an option to change the outer ethertype from the 10000's side (making it -among other choices- 802.1ad compliant), but you have to change it for all the subinterfaces of a main interface and of course you cannot define it explicitly for PPPoE control packets.
10000(config-if)#dot1q tunneling ethertype ?
0x88A8 dot1q tunneling etype 0x88A8
0x9100 dot1q tunneling etype 0x9100
0x9200 dot1q tunneling etype 0x9200
So what solved my problem? The following very simple config:
mac access-list extended PPPoE-DISCOVERY
permit any any cos 7
mac access-list extended PPPoE-SESSION
permit any any cos 0
That way we can have indirect classification based on CoS.
Like we have DSCP & IP Prec match for ip access-lists, we can have a CoS match for mac access-lists. Just keep in mind that CoS (like most things) in switches is only checked by hardware. Packets forwarded or bridged by software are treated as having a CoS of 0 in ACL matches.
Here is an interesting question for all of you: How do you match IP traffic based on CoS?
CCIE Plaque and Certificate
As an official CCIE, you will receive an engraved plaque and certificate, shipped to the address listed in your profile within 10-12 weeks. Please make sure your contact information is up-to-date.
Yesterday, one month after my lab exam, i received my CCIE plaque (if that can be considered a plaque). According to some people it's a crystal inscribed plaque. According to my own perception/feeling/impression (call it whatever you like) it seems like a plastic frame with an inkjet-like "printed paper" inside it and glass on top of it. I'm also still searching for the "engraved" part of it.
As it seems, Cisco is trying to cut expenses (although the CCIE lab recently increased its price). It's a shame that the plaque for one of the best certifications out there seems so cheap. Someone else would probably have created a better plaque by simply putting the CCIE certificate inside a nice wooden/silver frame. Btw, the DHL receipt shows MJR as the sender and $10 as customs value.
After contacting a friend of mine (a CCIE too), i was told that the advertising company, that had created the first CCIE plaques (the ones with a bronzed circular medallion in a wooden frame), is probably still selling these for all CCIEs who may want the old-style plaque (my friend bought his 2 years ago). The company is Brandvia and this is the page from their website regarding the CCIE plaque and jacket.
I have sent them an email requesting more info about the price, the payment/delivery method and of course asking them if they still sell the old CCIE plaques.
I hope i'll get a positive answer soon...
Cisco, one more
for you!Btw, one week ago, i had received my CCIE certification. Nothing extreme here:
Just an update here.
On 25/Feb/2008 i got an answer from BrandVia and they say that they are no longer authorized to make the old style CCIE plaques (like Scott said) and that i should talk with the Certification Program Manager, Abby Douglas. I sent an email to Abby too, but i never got an answer...
These are some features that differentiate it from the simple 67xx cards:
- Subinterfaces
- Subinterface Switchport / Subinterfaces MultiPoint Bridging (MPB) with Spanning Tree
- Ethernet Multipoint Bridging with Local VLAN significance per port
- Double-tag IP termination
- Flexible QinQ mapping and termination
- many MPLS features
- many QoS features
The ES20 card supports (among other) the following L2 features:
Flexible QinQ Mapping and Service Awareness
The Flexible QinQ Mapping and Service Awareness on 7600-ESM-2X10GE and 7600-ESM-20X1GE feature allows service providers to offer triple-play services, residential internet access from a DSLAM, and business Layer 2 and Layer 3 VPN by providing for termination of double-tagged dot1q frames onto a Layer 3 subinterface at the access node.
Unity - Trivial password check
Mon, 03 Jul 2006 19:52:44 +0000
To disable trivial password check go to
Subscriber > Account Policy > Check against trivial passwords for extra security
Latest software headlines from Network World:
IEWB-DYN Lab 8
Tue, 26 Feb 2008 22:46:48 +0000
Tonight I worked through the core sections of Lab 8. As I write this I have just completed all core sections up to and including BGP. I started at 20:00 prompt and it is now 22:45, so it took me 2 hours 45 minutes to work though the core sections. I will be writing up ...]
We would indeed be very happy if you showed some appreciation for what we have written here on internetwork expert dynamips. A referral to others will suffice as appreciation.
#
Recommended internetwork expert dynamips Items
Deals under $100 at CompUSA Today!
braindumps
bsci
bsci
posted by Larry-Smith06 at
5:36 PM
|
1 comments
