Posts tagged 642-845
ONT – Epic Fail
Feb 16th
I failed the ONT test today. It was an utter lack of subject matter knowledge that did me in from the beginning. When the first three questions mention things that I’ve never even heard, it’s going to be a long test. I’ll take blame on it for sure, but the test was a lot darker than I imagined it would be.
I heard from a couple people that the ONT test was the easiest of the 4 CCNP test. I must say today’s test was a LOT harder than the ISCW test I took back in December. Most of the questions were fair, but there were a few that were down-right evil or unanswerable. Without giving too much away, there were some matching questions that had multiple items with multiple answers, rendering the answer to a guess. I even ran into a CLI question about the WLC, which surely wasn’t mentioned anywhere I studied, and I don’t have a spare sitting around on which to test. The icing, though, was the number of questions about FRTS; I know I need to understand it, but the magical question dice landed on that topic way too many times in my opinion.
At the heart of it, I think my demise stemmed from using only the Cisco Press book. I really needed to get a wider exposure to the topics. Though the CP books might have mentioned some topics that I missed, a lot of it is mentioned in passing but appeared in detail on the test. I would think getting different training would fix that problem and I’ll be using some of our CLCs this week to do just that
The facility was great, though. I was comfortable and couldn’t hear traffic or the lecture across the hall this time. At least I know a good place to take tests now. I hope somebody gets some value from my absolute failure.
Send any test vouchers questions my way.
ONT Notes – WLAN Management
Feb 13th
Elements of Cisco Unified Wireless Network
- Client devices – Cisco compatible extensions on WLAN clients
- Mobility platform – allows configuration of LWAPs through WLCs
- Network unification – integration into the rest of the network with WLCs doing RF management, IPS, etc.
- World-class network management – centralized management through WCS
- Unified advanced services – supports advanced technologies and threat detection
WLAN Implementation
Autonomous and LWAP
| Category | Autonomous | LWAP |
|---|---|---|
| Access Point | Autonomous APs | LWAPs |
| Control | Individual configurations | Configuration through WLCs |
| Dependency | Independent operations | Dependent on WLC |
| Management | CiscoWorks WLSE and WDS | WCS |
| Redundancy | Through APs | Through WLCs |
Wireless LAN Services Engine (WLSE)
- Part of CiscoWorks
- Manages autonomous APs
- Centralized configuration, firmware, and radio management
- Autoconfig of new APs
- Misconfiguration and rogue AP alerts
- Proactive monitoring of APs, bridges, and 802.1x servers
- Supports SSH, HTTP, CDP, SNMP for up to 2500 APs
- WLSE Express supports 100 devices in either automatic or manual setups
Wireless Control System (WCS)
- Supports 50 WLCs and 1500 APs
- Three versions
- Base – can determine with which APs a devices in associated
- Location – Base plus RF fingerprinting
- Location + 2700 Series Wireless Location Appliance – Tracks devices in real time and stores historical location data
ONT Notes – 802.1x and Encryption on LWAPs
Feb 12th
- Traditional WLAN weaknesses
- SSID for security
- Vulnerable to rogue APs
- MAC filtering for security
- WEP
- WEP weaknesses
- Disribution of static keys is not scalable
- WEP keys can be cracked easily
- Vulnerable to dictionary attacks
- No protection against rogue APs
- Benefits of 802.1x
- Centralized authentication through Radius via AAA
- Mutual authentication between client and auth server
- Can use multiple encryption algorithms (AES, WPA, TKIP, WEP)
- Automatic dynamic WEP keys
- Roaming
- Requirements of 802.1x
- EAP-capable client (supplicant)
- 802.1x-capable AP (authenticator)
- EAP-capable auth server
| Feature | Cisco LEAP | EAP-FAST | EAP-TLS | PEAP-GTC | PEAP-MSCHAPv2 |
|---|---|---|---|---|---|
| User authentication DB | AD | AD, LDAP | OTP, LDAP, NDS, AD | OTP, LDAP, NDS, AD | AD |
| Requires server certs | No | No | Yes | Yes | Yes |
| Requires client certs | No | No | Yes | No | No |
| Single sign-on | Yes | Yes | Yes | No | Yes |
| Roaming | Yes | Yes | No | No | No |
| Works with WPA/WPA2 | Yes | Yes | Yes | Yes | Yes |
- WPA
- Features
- Authenticated key management – auths prior to key management
- Unicast and broadcast key management – keys are distributed and stored on the client and the AP
- TKIP and MIC
- Temporal Key Integrity Protocol (TKIP) – per-packet keying
- Message Integrity Checking (MIC) – integrity checking
- Initialization vector (IV) expansion – from 24 bits to 48 bits
- Shortcomings
- Relies on RC4
- Firmware support required in NICs, APs
- Susceptible to DoS attacks
- Dictionary attacks can discover PSKs
- Features
- WPA2
- Features
- 802.1x authentication or PSK
- Key distribution and renewal
- Proactive Key Caching (PKC) – allows roaming
- IDS for rogue APs and attacks
- Shortcomings
- Supplicant must have WPA2-compliance firmware
- AAA server must support EAP
- WPA2 uses more CPU, so a hardware upgrade may be required
- Older devices may not be upgradeable and must be replaced
- Features
| Mode | WPA | WPA2 |
|---|---|---|
| Enterprise | Auth: 802.1x/EAP Encryption: TKIP/MIC |
Auth: 802.1x/EAP Encryption: AES-CCMP |
| Personal |
Auth: PSK Encryption: TKIP/MIC |
Auth: PSK Encryption: AES-CCMP |
ONT Notes – QoS On Wireless Networks
Feb 10th
- Wireless LANs (WLANs)
- Extensions to wired LANs
- Carrier sense multiple access collision avoidance (CSMA/CA) as media access method
- Uses distributed coordinated function (DCF) for collision avoidance
- DCF is based on RF carrier sense, inter-frame spacing (IFS), and random wait timers
- Wifi QoS standards
- 802.11e
- IEEE standard
- 0-7 priority levels
- Wifi Multimedia (WMM)
- Four access categories
- Platinum (voice) – 6 or 7 802.11e
- Gold (video) – 4 or 5 802.11e
- Silver (BE) – 0 or 3 802.11e
- Bronze (Background) – 1 or 2 802.11e
- Four access categories
- WMM and 802.11e replace DCF with EDCF
- 802.11e
- Cisco Split-MAC
- Splits functions between Lightweight access points (LWAPs) and WLAN controllers (WLCs)
- LWAPs handle real-time functions
- Beacon generation
- Probe transmission and response
- Power management
- 802.11e/WMM scheduling and queuing
- Packet buffering
- Encryption/decryption
- Control frame/message processing
- WLCs handle non-real-time functions
- Association/disassociation/reassociation
- 802.11e/WMM resource reservation
- 802.1x EAP
- Key management
- Authentication
- Fragmentation
- Ethernet-WLAN bridging
- End-to-end QoS
- Step 1: WLC copies DSCP from switch to outer DSCP and outer 802.1p and sends to LWAP over LWAPP tunnel
- Step 2: LWAP copies outer DSCP from WLC to 802.11e/WMM field and sent to client
- Step 3: LWAP copies 802.11e/WMM value from the client to outer DSCP and sends it to WLC
- Step 4: WLC copies outer DSCP from WLAP to 802.1p (CoS) fields and sends it to the switch
- Web interface (do you even need to know this?)
- Controller>QoS Profiles
- Per-User Bandwidth Contracts – set avg data rate, burst data rate, avg real-time rate, and burst real-time rate
- Over the Air QoS
- Maximum RF usage per AP (%)
- Queue Depth – queue size before dropping packets
- Wired QoS Protocol – 802.1p or None
- Controller>WLANs>Edit
- For each WLAN ID, set the QoS value: plat, gold, silver, bronze
- WMM Policy
- Disabled – 802.11e/WMM QoS requests are ignored
- Allowed – 802.11e/WMM QoS requests are sent
- Required – 802.11e/WMM QoS requests are required
- Controller>QoS Profiles
ONT Notes – AutoQoS
Feb 10th
- AutoQoS benefits
- Automates QoS for most deployments
- Protects business-critical apps to maximize availability
- Simplifies QoS deployments
- Reduces configuration errors
- Cheaper, faster, and simpler deployments
- Follows DiffServ
- Allows complete control over QoS configs
- Allows modification of auto-generated configs
- AutoQoS phases of evolution
- AutoQoS VOIP – Early version that configures the basics without discovery
- AutoQoS for Enterprise – Second version that only runs on routers and uses two-step process
- Autodiscovery using NBAR
- Generation of class maps
- AutoQoS key elements
- Application classification
- Policy generation
- Configuration
- Monitoring and reporting
- Consistency
- Interfaces that you can configure AutoQoS on
- Serial ifs with PPP and HDLC
- FR point-to-point subifs (NOT multipoint)
- ATM point-to-point subifs
- FR-to-ATM links
- Prerequsites
- No Qos policy already configured on if
- CEF enabled on if
- Correct bandwidth configured on if
- IP address on low-speed if
- Configuring AutoQoS Enterprise on a router (NOT a switch)
- auto qos discovery – begins discovery process
- auto qos – generates and applies MQC-based policies
- Configuring AutoQoS VOIP
- auto qos voip [ trust | cisco-phone ]
- Verifying AutoQoS on router
- show auto discovery qos – get autodiscovery results
- show auto qos – examine configuration generated
- Number of classes
- Classification options
- Marking options
- Queuing mechanisms
- Other QoS mechanisms
- If, subif, PVC where policy is applied
- show policy-map interface – look at if stats
- Verify AutoQoS VOIP
- show auto qos
- show policy-map interface
- show mls qos maps – shows CoS to DSCP mappings
- Possible issues with AutoQoS
- Too many traffic classes – manually consolidate some
- Configuration doesn’t change – rerun AutoQoS
- Configuration may not fit your situation – fine-tune it by hand
- Fine-tuning AutoQoS
- Use QPM
- CLI
- copy policy into editor, change, reapply
- AutoQoS can match on characteristics besides ACLs and NBAR
- match input interface
- match cos
- match ip precedence
- match ip dscp
- match ip rtp
ONT Notes – Pre-classify and End-to-end QoS
Feb 3rd
- VPNs (Didn’t ISCW cover this?)
- Provide
- Confidentiality
- Integrity
- Authentication
- Types
- Remote-access
- Client-initiated
- NAS-initiated
- Site-to-site
- LAN-to-LAN
- Extranet
- Remote-access
- Provide
- L3 Tunneling protocols
- GRE
- IPSec
- Pre-classify allows traffic to be classified before being sent across a tunnel or crypto-ed.
- qos pre-classify
- Provides a view into the original IP headers
- To classify on pre-tunnel header, apply the policy to the tunnel interface WITHOUT pre-classify.
- To classify on post-tunnel header, apply the policy to the physical interface WITHOUT pre-classify.
- To classify on pre-tunnel header, apply the policy to the physical interface WITH pre-classify.
- SLA – agreement with provider to guarantee QoS mechanisms across their network based on your markings.
- Assures availability, loss, throughput, delay, and jitter.
- End-to-end QoS
- To be effective, each hop in the path must have QoS configured similarly.
- Necessary in three locations
- Campus – within the customer network
- The edges – customer facing the provider, provider facing customer
- On the provider network
- QoS tasks
- Campus access switches
- Speed/duplex settings
- Classification
- Trust
- Phone/access switch configs
- Multiple queues on switch ports, including priority for VOIP
- Campus distribution
- L3 policing and marking
- Multiple queues on switch ports, including priority for VOIP
- WRED
- WAN edge
- SLA definitions
- LLQ
- LFI
- WRED
- Shaping
- Provider cloud
- Capacity planning
- PHB
- LLQ
- WRED
- Campus access switches
- Enterprise campus QoS implementation
- Implement multiple queues to avoid congestion
- Assign VOIP and video to highest priority queue
- Esablish trust boundaries
- Use policing to rate-limit excess traffic
- Use hardware QoS when possible
- Control Plane Policing (CoPP)
- Applies QoS policy to traffic destined for the router
- Routing protocols
- Management protocols
- Can be used to avoid DOS attacks
- Applied to control-plane in global config
- Applies QoS policy to traffic destined for the router
ONT Notes – Congestion Avoidance, Policing, Shaping, and Link Efficiency
Feb 2nd
- Tail drop drawbacks
- TCP synchronization – Dropping TCP packets from different flows can cause them all to window down and back up again at the same time in cycles.
- TCP starvation – Non-TCP or aggressive flows can starve everyone else out when TCP throttles back.
- No differentiated drop – Tail drop doesn’t care who you are, so you get dropped if the queue is full.
- RED – Random Early Detection
- Avoids tail drop by randomly dropping packets from the queue before it gets full
- Only dropped TCP flows slow down instead of everyone who has sent a packet since the queue filled
- Queues are smaller.
- Link utilization is more efficient
- Configured with
- Minimum threshold – start dropping when the queue is this size
- Maximum threshold – if the queue is this big, start tail dropping
- Mark probability denominator (MPD) – 1/MPD is the ratio of packets to drop when between the thresholds
- WRED – Weighted RED
- Based on IP precedence or DSCP values
- Less-important packets are dropped more aggressively than important packets
- Applied to an interface, VC or a class within a policy map
- CBWRED – Class based WRED
- Configured with CBWFQ
- Policing
- Limits subrate bandwidth (give you 100kbps on a T1)
- Limits traffic of certain applications
- Any traffic that exceeds police is dropped or re-classified; it’s a hard limit
- Inbound or outbound
- Shaping
- Sets a limit but buffers any in excess
- Requires memory to store the buffer
- Buffers = delay and/or jitter
- Outbound only
- Can respond to network signals like BECNs and FECNs
- Token and bucket
- The queue is a bucket; if a byte of data needs to be sent, it needs a token.
- If there are enough tokens, the traffic is considered conforming.
- If there aren’t enough tokens, the traffic is considered exceeding, which triggers the drop (policing), re-classify (policing), or buffer (shaping).
- Frame relay traffic shaping (FRTS)
- Only controls frame relay traffic
- Applied on subif or DLCI
- Support fragmentation and interleaving
- Reacts to FECNs and BECNs
- Compression
- Removed redundancy and patterns in data
- Less data = less latency
- Hardware compression or hardware-assisted compression does not involve the main CPU
- Software compression does
- Payload compression
- Header compression
- Link fragmentation and interleaving
- Small data might be waiting for larger data pieces to finish sending
- Chunks data into smaller fragments so they don’t have to wait
- Interleaving shuffles flows in the Tx queue
ONT Notes – Queuing
Jan 23rd
Here are some more notes from my studies. Of course, no one cares about them but me, but it’s my blog. I’m sure someone will find it useful. Please help to correct dumbass mistakes.
- Congestion
- Speed mismatch – traffic leaves a lower-bandwidth interface than the one it came in on
- Aggregation problem – lots of links with one egress of equal bandwidth
- Confluence problem – a bunch of traffic needs to egress out of the same interface
- Queuing
- Transmit queue (TxQ) – hardware queue; there’s only one you can’t touch
- Software queue – where packets wait to be sent; there are many queue-types that you modified to police traffic
- FIFO
- If I beat you to the router, I leave the router first.
- Possible long delays, jitter, and starvation
- Priority queuing (PQ)
- Four queues
- High-priority
- Medium-priority
- Normal-priority
- Low-priority
- Scheduler starts from high and work to low
- When the high queue is empty, it processes a packet from medium, then starts all over
- Can you say starvation?
- Four queues
- Round robin queuing (RR)
- One packet from this queue, one from the next, etc., then start over again
- Custom queuing (CQ)
- Weighted round robin
- Queues are given weights (bandwidth guarantees)
- Weighted Fair Queuing (WFQ)
- Default queuing on slow links ( < E1 )
- Divides traffic into flows
- Equal bandwidth is given to each flow
- Provides faster scheduling to low-volume flows
- Provides more bandwidth to higher-priority flows
- Flows identified by a hash
- Source IP
- Destination IP
- Protocol number
- ToS
- Source port
- Destination port
- Each unique has is a new flow
- No way to allocate bandwidth among the flows
- By default, up to 256 queues are made, but that is changeable to a power of 2 between 16 and 4096
- If the max number of flows is reached, queues are reused for other flows
- If a queue is full, a packet may be dropped.
- WFQ early dropping drops packets when the queue reaches the congestive discard threshold (CDT)
- Advantages
- Simple configuration
- No starvation
- Guarantee processing of all flows
- Drops packets from big-hitter flows
- Faster service no low-hitters (interactive) flows
- Standard on (nearly) all IOS devices
- Disadvantages
- Classification and scheduling are not configurable
- Only on slow links
- No guarantee of bandwidth or delay
- Class-based Weighted Fair Queuing (CBWFQ)
- User-defined queues for flexibility
- Configured with class-maps via MQC
- Weights are calculated based on values give in class-map
- Bandwidth – guarantee this much bandwidth
- Bandwidth percent – give me this much of the available bandwidth
- Bandwidth remaining percent
- Advantages
- User-defined traffic classes
- Each queue gets its own bandwidth
- Scalability
- Disadvantages
- No delay guarantee (not good for real-time application like voice)
- Configuring
class-map TESTCM1 match access-group 100 ! class-map TESTCM2 match access-group 200 ! policy-map TESTPM class TESTCM1 bandwidth 64 class TESTCM2 bandwidth 128
- Low-latency Queuing
- Includes strict priority queue for delay-sensitive data
- Strict priority queue is policed to avoid starvation of other queues
- Configured the same way as normal CBWFQ, but with the priority keyword
- This configuration makes TESTCM2 a priority queue
class-map TESTCM1 match access-group 100 ! class-map TESTCM2 match access-group 200 ! policy-map TESTPM class TESTCM1 bandwidth 64 class TESTCM2 priority bandwidth 128
ONT Notes – Classification, Marking, and NBAR
Jan 22nd
Here’s another set of notes from my ONT studies. I’m sure someone will find it useful. Please help to correct dumbass mistakes.
- Classification is done with traffic desriptors
- Ingress interface
- CoS value on ISL or 802.1P frames
- Source/destination IP address
- IP Precedence or DSCP value
- MPLS EXP
- Application type
- Layer 3 QoS
- Type of Service (ToS) is 8-bit field.
- First 3 bits of ToS are the IP precedence.
- First 6 bits of ToS are the DSCP value.
- Last 2 bits of ToS are explicit congestion notification (ECN).
- Layer 2 QoS
- Ethernet
- Class of Service (CoS)
- On 802.1P frame
- 3-bit priority (PRI) field
- 000 – Routine – Best-effort
- 001 – Priority – Medium priority
- 010 – Immediate – High priority
- 011 – Flash – Call signaling
- 100 – Flash-Override – Video conferencing
- 101 – Critical – Voice bearer
- 110 – Internet – Reserved
- 111 – Network – Reserved
- Frame Relay
- 1-bit discard eligible (DE) field
- ATM
- 1-bit cell loss priority (CLP) field
- MPLS (layer 2 1/2)
- 3-bit experimental (EXP) field
- By default, the 3 most significant ToS bits (IP Precedence bits) are copied to EXP
- Ethernet
- Per-hop Behavior (PHB)
- “an externally observable fowarding behavior of a network node toward a group of IP packets that have the same DSCP value”
- In other words, treat packets with the same DSCP value in the same manner – scheduling, queuing, policing, etc.
- Behavior aggregate (BA) is a group of packets with the same DSCP value
- DSCP
- DSCP is chopped up into 4 PHBs
- Class selector PHB – (000) old IP precedence compatibility
- Default PHB – (000) best effort
- Assured forwarding (AF) PHB – (001, 010, 011, 100) guarantee bandwidth
- Provides 4 queues for 4 classes of traffic (AF1-4)
- Also specifies drop preference (ex., AF41, A13) where second number is preference (higher is more probable to be dropped)
- Each queue must have (W)RED to avoid drops
- No queue is any better than the other
- Backward compatible with IP precedence
-
- Expedited forwarding (EF) PHB – (101) low delay
- Minimum delay
- Bandwidth guarantee
- Policing
- Expedited forwarding (EF) PHB – (101) low delay
- DSCP is chopped up into 4 PHBs
- Trust boundaries
- Establish DSCP values as close to the source as possible
- On the device (IP phone), access switch, or distribution switch
- The core should never assign DSCP values
- Only trust DSCP values from devices you trust
- Examine and rewrite values from untrust sources
- Establish DSCP values as close to the source as possible
- Network-based Application Recognition (NBAR)
- Protocol discovery – discovers what protocols you’re running on your network
- Traffic statistics collection – keeps tracks of stats on each protocol
- Traffic classification – NBAR protocols can be used in class-maps to define traffic to be services
- Packet description language models (PDLMs) – table of what protocols NBAR recognizes
- Limitations
- Doesn’t work on EtherChannel interfaces
- Only handles 24 URLs, hosts, or MIME types
- Only analyzes first 400 bytes of the packets
- Requires CEF
- Doesn’t work on HTTPS, multicasts, or fragments
- Ignored traffic destined for the router itself
- NBAR commands
- Router(config)# ip nbar pdlm pdlm-name : Update the PDLM table
- Router(config)# ip nbar port-map protocol-name [tcp|udp] port-number : Adds an entry to the PDLM table
- Router# show ip nbar port-map protocol-name : Shows what’s in the PDLM table
- Router# show ip nbar protocol-discovery : Shows what’s been discovered
- Router(config-cmap)# match protocol name : a class-map match for an NBAR-discovered protocol
- Special protocol matching
- Can match beyond the port number with deep packet inspection
- Matches HTTP hostname, URL, or MIME type
- Matches fast-track P2P
- Matches RTP content
ONT Notes – Intro to QoS
Jan 20th
I’ll try to keep it a little shorter this time.
Major issues for converged enterprise networks
- Available bandwidth: competition among applications
- Fixes
- Increase bandwidth: More power!
- Properly queue based on classification and marking: QoS
- Compress: cRTP, TCP header compression, etc.
- Fixes
- Delay: Lead time to get a packet to the destination
- Types of delay
- Processing delay: routing, switch delay
- Queuing delay: how long a frame stays in an output queue
- Serialization delay: how long to put the frame on the wire
- Propagation delay: the time to cross the physical medium
- Types of delay
- Jitter (delay variation): Variation is the delay
- Different delays mean different arrival times
- De-jitter buffers save up packets to reduce jitter (like the old CD writers)
- Fixes
- More bandwidth
- Prioritize sensitive data and forward first
- Remark (reclassify) packets based on sensitivity
- Enable L2 payload compression: make sure compression delay isn’t worse than the jitter
- Use header compression
- Packet loss: Packets are lost in the network somewhere
- Fixes
- More bandwidth
- Increase buffers space: more room for the queue on the interface
- Provide guaranteed bandwidth: Queuing and QoS
- Congestion avoidance
- Random Early Detection (RED) and weighted RED (WRED) drop packets before the queue is full
- Selective dropping is better than FIFO or LIFO dropping
- Fixes
QoS History
- Priority queuing: gives certain data the right-of-way for transmission
- Weighted Fair Queuing (WFQ): prevents small packets from waiting too long for big packets
- RTP priority queuing: Gives voice packets the right-of-way
- CAC: Makes sure we don’t fill up the queue or pipe with voice traffic
Implementing QoS
- Step 1: Identify traffic types and requirements
- Network audit
- Business audit
- Define bandwidth requirements for each class found
- Step 2: Classify the traffic
- Common classes
- VOIP
- Mission-critical
- Signal traffic: for VOIP
- Transactional application: SAP, ERP
- Best-effort: Everything else
- Scavenger: Crap you don’t care about like P2P and your boss’s email
- Common classes
- Step 3: Define policies for each class
- Tasks for each class
- Set max bandwidth
- Set min bandwidth
- Assign relative priorities
- Apply congestion avoidance, congestion management, etc.
- Tasks for each class
QoS Models
- Best-effort: no QoS
- Scalable
- Easy
- No service guarantee: doesn’t care what you’re trying to do
- No service differentiation: all traffic is equal
- Integrated Service (IntServ)
- Hard-QoS
- Uses RSVP to guarantee bandwidth through the entire path
- Requires
- Admission control
- Classification
- Polices the traffic (ceiling)
- Queuing
- Scheduling
- Advantages
- End-to-end resource admission control
- Per-request policy admission control
- Signaling of dynamic ports
- Disadvantages
- Continuous signaling
- Not scalable
- Differentiated Services (DiffServ)
- Soft-QoS
- Configured on each hop
- Traffic is classified
- Enforces different treatment on different classes
- Defined based on business requirements
- Benefits
- Scalable
- Supports lots of service levels
- Drawbacks
- No absolute guarantee of service
- Complex configuration throughout network
QoS Implementation Methods
- CLI
- Old school
- Not used any more
- Modules QoS CLI (MQC)
- Step 1: class-map
- Step 2: policy-map
- Step 3: service-policy
- AutoQoS
- Automatically generates classes and policies based on traffic it sees
- Super-simple
- Requires CEF, NBAR, and correct bandwidth statements
- SDM QoS Wizard
- Next, next, next
- Can be used to implement, monitor, or troubleshoot QoS
