Posts tagged vpn

ONT Notes – Pre-classify and End-to-end QoS

Feb 3rd

Posted by Aaron Conaway in ccnp

2 comments

  • VPNs (Didn’t ISCW cover this?)
    • Provide
      • Confidentiality
      • Integrity
      • Authentication
    • Types
      • Remote-access
        • Client-initiated
        • NAS-initiated
      • Site-to-site
        • LAN-to-LAN
        • Extranet
  • L3 Tunneling protocols
    • GRE
    • IPSec
  • Pre-classify allows traffic to be classified before being sent across a tunnel or crypto-ed.
    • qos pre-classify
    • Provides a view into the original IP headers
    • To classify on pre-tunnel header, apply the policy to the tunnel interface WITHOUT pre-classify.
    • To classify on post-tunnel header, apply the policy to the physical interface WITHOUT pre-classify.
    • To classify on pre-tunnel header, apply the policy to the physical interface WITH pre-classify.
  • SLA – agreement with provider to guarantee QoS mechanisms across their network based on your markings.
    • Assures availability, loss, throughput, delay, and jitter.
  • End-to-end QoS
    • To be effective, each hop in the path must have QoS configured similarly.
    • Necessary in three locations
      • Campus – within the customer network
      • The edges – customer facing the provider, provider facing customer
      • On the provider network
  • QoS tasks
    • Campus access switches
      • Speed/duplex settings
      • Classification
      • Trust
      • Phone/access switch configs
      • Multiple queues on switch ports, including priority for VOIP
    • Campus distribution
      • L3 policing and marking
      • Multiple queues on switch ports, including priority for VOIP
      • WRED
    • WAN edge
      • SLA definitions
      • LLQ
      • LFI
      • WRED
      • Shaping
    • Provider cloud
      • Capacity planning
      • PHB
      • LLQ
      • WRED
  • Enterprise campus QoS implementation
    • Implement multiple queues to avoid congestion
    • Assign VOIP and video to highest priority queue
    • Esablish trust boundaries
    • Use policing to rate-limit excess traffic
    • Use hardware QoS when possible
  • Control Plane Policing (CoPP)
    • Applies QoS policy to traffic destined for the router
      • Routing protocols
      • Management protocols
    • Can be used to avoid DOS attacks
    • Applied to control-plane in global config
, , , , , , , , , , , , , , , , , , , , , ,

Cheat Sheets from Packetlife.net

May 28th

Posted by Aaron Conaway in [...]

1 comment

My friend Josh over at blindhog.net has found a collection of cheat sheet gems for the network dude(tte).  There’s sheets on BGP, OSPF, Subnetting, QoS, connector types, and more.  Check it out.

Cheat Sheets – Packetlife.net

, , , , , ,

GRE Tunnels and Encryption

Mar 18th

Posted by Aaron Conaway in Uncategorized

No comments

GRE tunnels rock.  They are interfaces on a router that are used to “connect” to another router somewhere on your LAN, your WAN, the Internet, wherever.  The most popular use for them is for router-to-router VPNs.

I’ll let my friend Josh from blindhog.net show you how to do it.  He’s got a video on how to configure the tunnels, and another on how to set it up for VPN.

,