2003, Cisco Systems, Inc. All rights reserved.
|
|
- Amos McKinney
- 8 years ago
- Views:
Transcription
1 2003, Cisco Systems, Inc. All rights reserved. 1
2 Transparenz und Kontrolle von Netzwerkapplikationen Roland Schön Internetworking Consultant CCIE # 1785 Public Sector Team, Cisco Germany rschoen@cisco.com 2003, Cisco Systems, Inc. All rights reserved. 2
3 Agenda Erkennung von Netzwerkapplikationen - NBAR Funktion im IOS Einschränkung von Bandbreiten - NBAR und Policing - Rate-Limiting (Benutzer-basiert) SAA Service Assurance Agent G-WiN Zugangsrouter
4 Stimmt die Aussage...? There is always enough bandwidth available in my network and on my Internet-Connection. For each and every application! The Network Admin 2003, Cisco Systems, Inc. All rights reserved. 4
5 NBAR Übersicht Intelligent Classification Engine in Cisco IOS Used in conjunction with QoS class-based features Protocol Discovery analyzes application traffic patterns in real time Discovers which traffic is running on the network Supported Platforms Cisco 1700 Cisco 2600 Cisco 3600 / 3700 Cisco 7100 / 7200 Cisco 7500 Catalyst 6500 Flex Wan 2003, Cisco Systems, Inc. All rights reserved. 5
6 Network Based Application Recognition (NBAR) My application is too slow! Protect your business critical traffic / applications Router Link-Utilization Citrix 25% Netshow 15% Gnutella 10% FTP 30% HTTP 20% Citrix Action: Mark Citrix real-time as GOLD service and police FTP. Block Gnutella Result: Guarantee bandwidth for Citrix! 2003, Cisco Systems, Inc. All rights reserved. 6
7 Intelligente Klassifizierung von IP-Paketen IP Packet Classification Engine capable of classifying Applications that have Statically assigned TCP and UDP port numbers Non-TCP and Non-UDP IP protocols Dynamically assigned TCP and UDP port numbers during connection establishment Sub-port classification or Classification based on deep inspection Ability to look deeper into the packet to identify applications. HTTP traffic by URL, host name or MIME type using regular expressions (*,?, [ ]), Citrix ICA traffic, RTP Payload type classification NBAR Currently Supports >85 protocols/applications 2003, Cisco Systems, Inc. All rights reserved. 7
8 Das Inspizieren von IP Paketen IP Packet Stateful/Dynamic Inspection TCP/UDP Packet Data Packet ToS Byte Source IP Addr Dest IP Addr Src Port Dst Port Sub-Port/Deep Inspection egp exchange kerberos secure-nntp smtp gre finger l2tp notes snmp icmp ftp ldap novadigm socks ipinip secure-ftp secure-ldap ntp sqlnet ipsec gopher netshow pcanywhere ssh eigrp http pptp pop3 streamwork bgp secure-http sqlserver secure-pop3 syslog cuseeme imap netbios printer telnet dhcp irc nfs realaudio secure-telent dns secure-irc nntp rcmd tftp fasttrack gnutella citrix napster vdolive xwindows , Cisco Systems, Inc. All rights reserved. 8
9 Wie werden NBAR neue Applikationen hinzugefügt? Through the use of PDLM: Packet Description Language Module Custom-xx functionality in NBAR for Static TCP/UDP port applications 2003, Cisco Systems, Inc. All rights reserved. 9
10 Packet Description Language Module PDLMs define applications recognizable by NBAR New applications easily supported by adding new PDLMs No Cisco IOS software upgrade or reboot required to add new PDLMs* PDLMs must be produced by Cisco engineers * in most cases 2003, Cisco Systems, Inc. All rights reserved. 10
11 Custom-xx NBAR Funktion Used for static TCP/UDP port based applications that are not supported in NBAR. Up to 10 custom applications can be added Map 16 TCP and UDP ports each per application Statistics appear in the Protocol Discovery Router(config)#ip nbar port-map custom-01? - tcp TCP ports - udp UDP ports 2003, Cisco Systems, Inc. All rights reserved. 11
12 Protocol Discovery The Protocol Discovery feature discovers and provides real time statistics on applications per-interface, per-protocol, bi-directional statistics: 5 minute bit rate (bps) packet counts and byte counts. 2003, Cisco Systems, Inc. All rights reserved. 12
13 NBAR Protocol Discovery + QDM Graph Router# show ip nbar protocol-discovery interface FastEthernet 6/0 FastEthernet6/0 Input Output Protocol Packet Count Packet Count Byte Count Byte Count 5 minute bit rate (bps) 5 minute bit rate (bps) http pop snmp ftp Total , Cisco Systems, Inc. All rights reserved. 13
14 Kürzliche NBAR Erweiterungen Addition of New Applications and Protocols - Fasttrack & Gnutella PDLM on CCO Next Generation of Napster (aquired by Roxio) like applications Peer 2 Peer file sharing applications KaZaa, Morpheus, Grokster and Gnutella Does not require an IOS Release upgrade - Real-Time Protocol Payload (RTP) Classification [ since 12.2(8)T and 12.1(11b)E ] Stateful mechanism to identify real time audio and video traffic Differentiate on the basis of audio and video codecs 2003, Cisco Systems, Inc. All rights reserved. 14
15 Peer-to-Peer File Sharing Fasttrack: Kazaa, Morpheus, Grokster, Imesh clients Concept of Super Nodes: Simplifies the search criteria Currently Supported in NBAR as: Match protocol fasttrack file-transfer * Match protocol fasttrack file-transfer *.mpeg 2003, Cisco Systems, Inc. All rights reserved. 15
16 Peer-to-Peer File Sharing Gnutella: BearShare, LimeWire, Gnotella Currently Supported in NBAR as: Match protocol gnutella file-transfer * Match protocol gnutella file-transfer *.mpeg 2003, Cisco Systems, Inc. All rights reserved. 16
17 Agenda Erkennung von Netzwerkapplikationen - NBAR Funktion im IOS Einschränkung von Bandbreiten - NBAR und Policing - Rate-Limiting (Benutzer-basiert) SAA Service Assurance Agent G-WiN Zugangsrouter
18 Konfiguration u. Auswertung von NBAR 2003, Cisco Systems, Inc. All rights reserved. 18
19 1. Enable NBAR + Protocol discovery Router(config)# interface FastEthernet 1/0 ip nbar protocol-discovery Router# sh ip nbar protocol-discovery interface FastEthernet 1/0 Input Output Protocol Packet Count Packet Count Byte Count Byte Count 5 minute bit rate (bps) 5 minute bit rate (bps) http pop , Cisco Systems, Inc. All rights reserved. 19
20 1. Beispiel Protokoll Erkennung Router# sh ip nbar protocol-discovery interface Pos 4/0/0 Input Output Protocol Packet Count Packet Count Byte Count Byte Count 30 second bit rate (bps) 30 second bit rate (bps) http napster fasttrack smtp secure-http ,5Mbit/s 2,5Mbit/s 2003, Cisco Systems, Inc. All rights reserved. 20
21 2. Create Class Map Classification which traffic to look at? class-map match-all peer2peer match protocol gnutella file-transfer * match protocol fasttrack file-transfer *.mpeg match protocol kazaa2 class-map match-all sports match acl 103 match protocol url *sports* 2003, Cisco Systems, Inc. All rights reserved. 21
22 3. Create Policy Map Policing What to do with classified packets? e.g. drop policy-map Limit-fileshare class-map peer2peer police conform-action transmit exceed-action drop class-map sports police Limit to 1 Mbit/s, all above will be dropped 2003, Cisco Systems, Inc. All rights reserved. 22
23 4. Create Service Map Apply to an interface (for example FE 1/0) Router(config)# interface FastEthernet 1/0 service-map input limit-fileshare service-map output limit-fileshare 2003, Cisco Systems, Inc. All rights reserved. 23
24 5. Optional: Load PDLM PDLM Packed Description Language Module Add Protocol for NBAR Classification Engine with out IOS Update Router(config)# ip nbar pdlm <flash location> fasttrack.pdlm PDLMs can be found on CCO: , Cisco Systems, Inc. All rights reserved. 24
25 6. NBAR zum Klassifizieren von P2P Appl. und deren Einstufung in Best-Effort Klasse Activate PDLM into RAM: ip nbar pdlm flash:gnutella.pdlm Use MQC match protocol statements to classify the traffic class-map match-any protocol P2P match protocol gnutella match protocol fasttrack (identifies KaZaa, Morpheus and Grokster) WRED DSCP Based to cause drops from this traffic first policy-map P2P class P2P set dscp 2 Alternative is to place in separate bandwidth based queue with very small bandwidth guarantee policy-map P2P class P2P set dscp 2 policy-map QoS-Policy class class-default fair-queue random-detect dscp-based policy-map P2P-CBWFQ-MIN class P2P bandwidth percent , Cisco Systems, Inc. All rights reserved. 25
26 Refresher: Mechanismus des Policing Policy required: Make sure my traffic does not get more than x kbps of bandwidth at any time 2003, Cisco Systems, Inc. All rights reserved. 26
27 Policing vs. Shaping Traffic Traffic Traffic Rate Time Traffic Rate Time Policing Shaping Traffic Traffic Traffic Rate Time Traffic Rate Time Policer Causes TCP resends Oscillation of TCP windows Ingress Rate limiting with No buffering (drop) Shaper Egress Rate limiting with Buffering (delay or drop) Can adapt to network congestion (FR BECN, FECN) 2003, Cisco Systems, Inc. All rights reserved. 27
28 Traffic Shaping und Policing Implementierungen Shaping mechanisms: Class-based shaping Frame Relay traffic shaping (FRTS) Generic traffic shaping (GTS) Policing mechanisms: Two rate policer Class-based policing Committed access rate (CAR) 2003, Cisco Systems, Inc. All rights reserved. 28
29 Class-based Policer (1) Single Rate Policer Bc = Burst Commited Bc = CIR * Tc Bc + Be Bc Packet of Size B B < Bc+Be Be Yes No Conform Exceed Action Action 2003, Cisco Systems, Inc. All rights reserved. 29
30 Class-based policer (2) RFC 2698: Two Rate Three Color Policer in 12.2T Be = Burst Excess Be = PIR * Te Bc = Burst Commited Bc = CIR * Tc B > Be(t) No B > Bc(t) No Packet of Size B Yes Yes Violate Exceed Conform Drop Action Action 2003, Cisco Systems, Inc. All rights reserved. 30
31 Agenda Erkennung von Netzwerkapplikationen - NBAR Funktion im IOS Einschränkung von Bandbreiten - NBAR und Policing - Rate-Limiting (Benutzer-basiert) SAA Service Assurance Agent G-WiN Zugangsrouter
32 Zukünftiges Feature im Cat6K User-Based Rate Limiting z.b. Studentenwohnheim Traffic from Dorms Ingress Microflow policer Applied to user ports(s) Source-only Flow mask Use ACL to limit the scope of source IP addresses to intended users Traffic from Internet Ingress Microflow policer Applied to uplink ports Dest-only Flow mask Use ACL to limit the scope of destination IP addresses to intended users 2003, Cisco Systems, Inc. All rights reserved. 32
33 Zukünftiges Feature im Cat6K User-Based Rate Limiting - Konfiguration User Subnets n.x/24 int fast4/1-48 int gig3/1 Internet Traffic from Dorms access-list 101 permit ip n any class-map Users-Outbound match access-group 101 policy-map Users-Outbound class Users-Outbound police flow mask src-only blah int range fast4/1-48 service-policy input Users-Outbound Traffic from Internet access-list 102 permit ip any n class-map Users-Inbound match access-group 102 policy-map Users Inbound class Users-Inbound police flow mask dest-only blah ** int gig 3/1 service-policy input Users-Inbound ** e.g.: police flow mask dest-only conform-action transmit exceed-action drop Scales to 64 Different Rates and 128K Host IP addresses 2003, Cisco Systems, Inc. All rights reserved. 33
34 More Information on NBAR Main QoS Page Main NBAR Page NBAR Docs: 122newft/122t/122t8/dtnbarad.htm 2003, Cisco Systems, Inc. All rights reserved. 34
35 Agenda Erkennung von Netzwerkapplikationen - NBAR Funktion im IOS Einschränkung von Bandbreiten - NBAR und Policing - Rate-Limiting (Benutzer-basiert) SAA Service Assurance Agent G-WiN Zugangsrouter
36 Service-Level Monitoring im Netz Monitoren von SLAs Cisco IOS Router mit SA Agent SA Agent Cisco IOS Router mit SA Agent SA Agent Network Core Messbare SLA Metriken sind z.b. Antwortzeit Verfügbarkeit Verletzungen von Schwellwerten Jitter Paketverlust 2003, Cisco Systems, Inc. All rights reserved. 36
37 Einsatz des SA Agent What s up in my net? Performance Management: Collection, utilization, and performance data; analyze data and set utilization thresholds Why is Performance Management important? Problem isolation Service differentiation Network planning 2003, Cisco Systems, Inc. All rights reserved. 37
38 SA Agent Funktionsvielfalt Increasing Service Value HTTP FTP Connect DLSw QoS Support (ToS) TCP Jitter DNS/ DHCP UDP Echo SNA Path Echo ICMP Cisco IOS-Based Service Assurance* Agent Echo Path Jitter *With Cisco IOS 12.2(13)T (APM) ATM* Frame Relay MPLS VPN Aware 2003, Cisco Systems, Inc. All rights reserved. 38
39 IOS Releases und unterstützte Features Feature/Release ICMP Ping ICMP Echo Path SSCP (SNA) UDP Echo TCP Connect UDP Jitter HTTP DNS DHCP DLSw+ One-Way Latency with UDP Jitter FTP Get SNMP Support MPLS VPN Aware Frame Relay (CLI Only) ICMP Path Jitter Application Performance Monitor (3)T 12.0(5)T 12.0(8)S 12.1(1)T 12.2(2)T X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X 2003, Cisco Systems, Inc. All rights reserved. 39
40 Service Assurance Agent im Betrieb 2003, Cisco Systems, Inc. All rights reserved. 40
41 Wie funktioniert das mit dem SAA? Hop-by-hop analysis Proactive notification Rising and falling thresholds Robust threshold definition for SLAs SNMP traps generated when SLA violated Thresholds can trigger SA operation activation for further analysis Any IP Host Measure Measure Management Application SNMP Trap Configure Collect Present SA Agent Measure SA Agent Cisco IOS Device Measure (SA Agent Responder) 2003, Cisco Systems, Inc. All rights reserved. 41
42 SAA Basics Response Source Cisco-RTTMON P1 Response Stats P2 Response Stats P1 P2 Response Destination SNMP Get 2003, Cisco Systems, Inc. All rights reserved. 42
43 Beispiel 1: ICMP Probe SA Agent Network Any IP Device Does not require SA Agent responder Supports Echo, Path Echo and Path Jitter operations 2003, Cisco Systems, Inc. All rights reserved. 43
44 Beispiel 1: Echo IP SAA Cisco-RTTMon Completions Errors (7 Types) IP ICMP Echo Probe } SumCompletionTime MaxCompletionTime MinCompletionTime } Response IP Core Availability = IP Device a.b.c.d Completions Completions + Errors of IP Network 7 Types of Errors: Disconnects, Timeouts, Busies, No Connections, Drops, Sequence Errors, VerifyErrors 2003, Cisco Systems, Inc. All rights reserved. 44
45 Beipiel 2: HTTP Probe SAA Cisco-RTTMon HTTP Probe } IP Core HTTPCompletions HTTPErrors Availability = Completions Completions + HTTP Server Errors DNSRTT TCPConnectRTT TransactionRTT RTT to Perform Domain Lookup RTT to Perform TCP Connect to HTTP Server RTT to Send out Request and Get Response from Server 2003, Cisco Systems, Inc. All rights reserved. 45
46 Configuration Process Set operation number Configure operation type Configure operation characteristics Set reaction conditions Schedule the operation time 2003, Cisco Systems, Inc. All rights reserved. 46
47 Konfiguration des Operation Type einige Beispiele (config)# rtr 1 Operation number (config-rtr)# type jitter dest-ip a.b.c.d dest-port 99 num-packets 20 interval 20 type http Operation get url type echo protocol ipicmpecho Operation a.b.c.d type tcpconnect dest-ipaddr a.b.c.d dest-port , Cisco Systems, Inc. All rights reserved. 47
48 SA Agent Ecosystem Partner 2003, Cisco Systems, Inc. All rights reserved. 48
49 Management Applications Supporting SA Agent Internetwork Performance Monitor (IPM) Service Management Suite (SMS) VPN SC CNS Performance Engine ehealth VistaView PowerView Firehunter UpTime IPInsight MRTG Brixworx and Many More 2003, Cisco Systems, Inc. All rights reserved. 49
50 SA Agent Performance 2003, Cisco Systems, Inc. All rights reserved. 50
51 SA Agent Performance Memory and CPU usage on a c2600(40mhz M860 CPU): Type UDP Echo Jitter (UDP Plus) ICMP Echo Responder (UDP Echo) Responder (Jitter) # of Source Probe Operations per Minute Average Memory Usage (Bytes) 13K per Probe 17K per Probe 11K per Probe 58K Total 97K Total Avg. CPU Usage per Probe Operation (msec) CPU usage can be scaled based on the clock frequency of the RISC CPU: 7200(150MHz->40/150=0.27 times) 2003, Cisco Systems, Inc. All rights reserved. 51
52 Agenda Erkennung von Netzwerkapplikationen - NBAR Funktion im IOS Einschränkung von Bandbreiten - NBAR und Policing - Rate-Limiting (Benutzer-basiert) SAA Service Assurance Agent G-WiN Zugangsrouter
53 Geräteklassen für G-WiN Zugang und deren NBAR-Support ü NBAR Support Cisco 7200/7500 Medium ü in 12.2S with NPE-G100 Cisco 7300 System Performance 2003, Cisco Systems, Inc. All rights reserved. ü No! Cisco 7600 & Catalyst6500 Cisco very high 53
54 NBAR Performance-Zahlen NBAR is CEF supported! No NBAR in PXF-based Systems Performance Impact? Sample1: For Cisco 7200/NPE300, 45 Mbit/s in both directions + 8 % CPU Load for Protocol discovery + 15 % CPU Load for NBAR Classification Sample2: For Cisco 7500 with VIP2-50 to VIP4-80 (dnbar) + approx. 5% performance degradation 2003, Cisco Systems, Inc. All rights reserved. 54
55 Plattform-Support für SA Agent MC3810 Catalyst Cisco 36xx 4K/5K/6K/ with L3 Mod Cisco 25xx/26xx Cisco AS5400/5800 Cat5K Cisco3700 Cisco 4500/4700 Cisco GSR, 10K Cisco 6400/ 7200/7500, 7300/7400 Cisco 800/100x/14xx/16xx/17xx 2003, Cisco Systems, Inc. All rights reserved. 55
56
57 2002, Cisco Systems, Inc. All rights reserved. 57
58 Backup-slide configuring NBAR! Router config with NBAR enabbled for limiting NAPSTER! ip cef ip nbar pdlm slot0:napster.pdlm!! class-map match-all napster_nonstd match protocol napster non-std class-map match-all napster match protocol napster!! policy-map napout class napster_nonstd police conform-action drop exceed-action drop class napster police conform-action transmit exceed-action drop policy-map napin class napster_nonstd police conform-action drop exceed-action drop class napster police conform-action transmit exceed-action drop! interface FastEthernet0/0 description ***Residence Halls*** ip address xxx.xxx.xxx.xxx xxx.xxx no ip mroute-cache duplex full service-policy input napin service-policy output napout atm pvc aal5snap , Cisco Systems, Inc. All rights reserved. 58! interface FastEthernet0/1 description ***Admin*** ip address xxx.xxx.xxx.xxx xxx.xxx ip nbar protocol-discovery duplex full no ip mroute-cache! interface ATM1/0 description *** PVC to Sunnyville CSU router no ip address no atm ilmi-keepalive! interface ATM1/0.1 point-to-point bandwidth ip address xxx.xxx.xxx.xxx xxx.xxx ip nbar protocol-discovery ip policy route-map papapix
Network-Based Application Recognition
Network-Based Application Recognition Last Updated: March 2009 Cisco Content Networking delivers the network agility required by the enterprise to deploy new Internet business applications critical to
More informationLab 3.3 Configuring QoS with SDM
Lab 3.3 Configuring QoS with SDM Learning Objectives Configure Quality of Service tools with the SDM QoS wizard Monitor traffic patterns using the SDM QoS interface Topology Diagram Scenario Cisco Security
More information- QoS Classification and Marking -
1 - QoS Classification and Marking - Classifying and Marking Traffic Conceptually, DiffServ QoS involves three steps: Traffic must be identified and then classified into groups. Traffic must be marked
More informationApplication Aware Traffic Engineering and Monitoring
Course Number Presentation_ID 2000, 1999, 2000, Cisco Cisco Systems, Systems, Inc. Inc. 1 Application Aware Traffic Engineering and Monitoring Session 2000, Cisco Systems, Inc. 2 Agenda Challenges, Metrics,
More informationImplementing Cisco Quality of Service QOS v2.5; 5 days, Instructor-led
Implementing Cisco Quality of Service QOS v2.5; 5 days, Instructor-led Course Description Implementing Cisco Quality of Service (QOS) v2.5 provides learners with in-depth knowledge of QoS requirements,
More informationUsing IPM to Measure Network Performance
CHAPTER 3 Using IPM to Measure Network Performance This chapter provides details on using IPM to measure latency, jitter, availability, packet loss, and errors. It includes the following sections: Measuring
More informationQoS: Color-Aware Policer
QoS: Color-Aware Policer First Published: August 26, 2003 Last Updated: February 28, 2006 The QoS: Color-Aware Policer enables a color-aware method of traffic policing. This feature allows you to police
More informationLab 8.9.3 QoS Classification and Policing Using CAR
Lab 8.9.3 QoS Classification and Policing Using CAR Objective Scenario Step 1 This lab uses Committed Access Rate (CAR) to classify and police traffic. Although the classification and policing actions
More informationAll You Ever Wanted to Know About Network Management in 90 Minutes. (More or Less)
All You Ever Wanted to Know About Network Management in 90 Minutes (More or Less) Cisco University Adopted from 2006 Cisco Systems, Inc. All rights reserved. = CNC content Cisco Public 1 About the Speaker
More informationOptimizing Converged Cisco Networks (ONT)
Optimizing Converged Cisco Networks (ONT) Module 5: Implement Cisco AutoQoS Introducing Cisco AutoQoS Objectives Describe the features of Cisco Auto QoS. List the prerequisites when using Cisco Auto QoS.
More information"Charting the Course... ... to Your Success!" QOS - Implementing Cisco Quality of Service 2.5 Course Summary
Course Summary Description Implementing Cisco Quality of Service (QOS) v2.5 provides learners with in-depth knowledge of QoS requirements, conceptual models such as best effort, IntServ, and DiffServ,
More informationThe Power of SA as a SLM Tool
1 1 The Power of SA as a SLM Tool Building Scalable SLM Solutions Session 2 Agenda Customer Requirements Solution Overview Available Capabilities Example Deployment Summary 3 Customer Requirements 4 Customer
More informationRouting. Static Routing. Fairness. Adaptive Routing. Shortest Path First. Flooding, Flow routing. Distance Vector
CSPP 57130 Routing Static Routing Fairness Adaptive Routing Shortest Path First Flooding, Flow routing Distance Vector RIP Distance Vector Sometimes called Bellman-FOrd Original Arpanet, DECNet, Novell,
More informationIMPLEMENTING CISCO QUALITY OF SERVICE V2.5 (QOS)
IMPLEMENTING CISCO QUALITY OF SERVICE V2.5 (QOS) COURSE OVERVIEW: Implementing Cisco Quality of Service (QOS) v2.5 provides learners with in-depth knowledge of QoS requirements, conceptual models such
More informationMonitoring and analyzing audio, video, and multimedia traffic on the network
Monitoring and analyzing audio, video, and multimedia traffic on the network Slavko Gajin slavko.gajin@rcub.bg.ac.rs AMRES Academic Network of Serbia AMRES Academic Network of Serbia RCUB - Belgrade University
More informationConfiguring Control Plane Policing
CHAPTER 53 This chapter describes how to configure control plane policing (CoPP) with Cisco IOS Release 12.2SX. Note For complete syntax and usage information for the commands used in this chapter, see
More informationFlow Monitor for WhatsUp Gold v16.2 User Guide
Flow Monitor for WhatsUp Gold v16.2 User Guide Contents Table of Contents Flow Monitor Overview Welcome to WhatsUp Gold Flow Monitor... 1 What is Flow Monitor?... 2 How does Flow Monitor work?... 2 System
More information- QoS and Queuing - Queuing Overview
1 Queuing Overview - QoS and Queuing - A queue is used to store traffic until it can be processed or serialized. Both switch and router interfaces have ingress (inbound) queues and egress (outbound) queues.
More informationWhatsUpGold. v14.4. Flow Monitor User Guide
WhatsUpGold v14.4 Flow Monitor User Guide Contents ingress egress egress ingress enable configure terminal ip flow-export version ip flow-export destination interface
More informationDescription: To participate in the hands-on labs in this class, you need to bring a laptop computer with the following:
Course: Implementing Cisco Quality of Service Duration: 5 Day Hands-On Lab & Lecture Course Price: $ 3,395.00 Learning Credits: 34 Description: Implementing Cisco Quality of Service (QOS) v2.5 provides
More informationIBM. Tivoli. Netcool Performance Manager. Cisco Class-Based QoS 2.2.0.0 Technology Pack. User Guide. Document Revision R2E1
Tivoli Netcool Performance Manager Document Revision R2E1 IBM Cisco Class-Based QoS 2.2.0.0 Technology Pack User Guide Note Before using this information and the product it supports, read the information
More informationHow To Lower Data Rate On A Network On A 2Ghz Network On An Ipnet 2 (Net 2) On A Pnet 2 On A Router On A Gbnet 2.5 (Net 1) On An Uniden Network On
Lab 8.1.10.3 QoS Classification and Policing Using CAR Objective Scenario Step 1 This lab uses Committed Access Rate (CAR) to classify and police traffic. Although the classification and policing actions
More informationCisco Performance Monitor Commands
1 action (policy react and policy inline react) Cisco Performance Monitor Commands action (policy react and policy inline react) To configure which applications which will receive an alarm or notification,
More informationIP SLAs Overview. Finding Feature Information. Information About IP SLAs. IP SLAs Technology Overview
This module describes IP Service Level Agreements (SLAs). IP SLAs allows Cisco customers to analyze IP service levels for IP applications and services, to increase productivity, to lower operational costs,
More informationChapter 4 Rate Limiting
Chapter 4 Rate Limiting HP s rate limiting enables you to control the amount of bandwidth specific Ethernet traffic uses on specific interfaces, by limiting the amount of data the interface receives or
More informationFlow Monitor for WhatsUp Gold v16.1 User Guide
Flow Monitor for WhatsUp Gold v16.1 User Guide Contents Table of Contents Flow Monitor Overview Welcome to WhatsUp Gold Flow Monitor... 1 What is Flow Monitor?... 2 How does Flow Monitor work?... 2 System
More informationConfiguring Denial of Service Protection
24 CHAPTER This chapter contains information on how to protect your system against Denial of Service (DoS) attacks. The information covered in this chapter is unique to the Catalyst 6500 series switches,
More informationQuality of Service Commands
Quality of Service Commands Use the commands in this chapter to configure quality of service (QoS), a measure of performance for a transmission system that reflects its transmission quality and service
More informationTable of Contents. Cisco Blocking Peer to Peer File Sharing Programs with the PIX Firewall
Table of Contents Blocking Peer to Peer File Sharing Programs with the PIX Firewall...1 Document ID: 42700...1 Introduction...1 Prerequisites...1 Requirements...1 Components Used...1 Conventions...2 PIX
More informationDS3 Performance Scaling on ISRs
This document provides guidelines on scaling the performance of DS3 interface (NM-1T3/E3) for the Cisco 2811/2821/2851/3825/3845 Integrated Services Routers. The analysis provides following test results;
More informationWhatsUpGold. v15.0. Flow Monitor User Guide
WhatsUpGold v15.0 Flow Monitor User Guide Contents CHAPTER 1 Flow Monitor Overview Welcome to WhatsUp Gold Flow Monitor... 1 What is Flow Monitor?... 2 How does Flow Monitor work?... 2 System requirements...
More informationConfiguring MPLS QoS
CHAPTER 45 This chapter describes how to configure Multiprotocol Label Switching (MPLS) quality of service (QoS) in Cisco IOS Release 12.2SX. For complete syntax and usage information for the commands
More informationPolicing and Shaping Overview
Policing and Shaping Overview Cisco IOS QoS offers two kinds of traffic regulation mechanisms policing and shaping. The rate-limiting features of committed access rate (CAR) and the Traffic Policing feature
More informationNetwork Monitoring Using Cisco Service Assurance Agent
Network Monitoring Using Cisco Service Assurance Agent This chapter describes how to configure the Cisco Service Assurance Agent (SAA) to provide advanced network service monitoring information using Cisco
More informationPC-over-IP Protocol Virtual Desktop Network Design Checklist. TER1105004 Issue 2
PC-over-IP Protocol Virtual Desktop Network Design Checklist TER1105004 Issue 2 Teradici Corporation #101-4621 Canada Way, Burnaby, BC V5G 4X8 Canada p +1 604 451 5800 f +1 604 451 5818 www.teradici.com
More informationThe Basics. Configuring Campus Switches to Support Voice
Configuring Campus Switches to Support Voice BCMSN Module 7 1 The Basics VoIP is a technology that digitizes sound, divides that sound into packets, and transmits those packets over an IP network. VoIP
More informationNetwork Performance Monitoring at Minimal Capex
Network Performance Monitoring at Minimal Capex Some Cisco IOS technologies you can use to create a high performance network Don Thomas Jacob Technical Marketing Engineer About ManageEngine Network Servers
More informationCisco PIX. Upgrade-Workshop PixOS 7. Dipl.-Ing. Karsten Iwen CCIE #14602 (Seccurity) http://security-planet.de
Cisco PIX Upgrade-Workshop PixOS 7 http://security-planet.de 22 March, 2007 Agenda Basics Access-Control Inspections Transparent Firewalls Virtual Firewalls Failover VPNs Sec. 6-5 P. 343 Modular Policy
More informationCisco ASA, PIX, and FWSM Firewall Handbook
Cisco ASA, PIX, and FWSM Firewall Handbook David Hucaby, CCIE No. 4594 Cisco Press Cisco Press 800 East 96th Street Indianapolis, Indiana 46240 USA Contents Foreword Introduction xxii xxiii Chapter 1 Firewall
More informationConfiguring Class Maps and Policy Maps
CHAPTER 4 Configuring Class Maps and Policy Maps This chapter describes how to configure class maps and policy maps to provide a global level of classification for filtering traffic received by or passing
More informationThis topic lists the key mechanisms use to implement QoS in an IP network.
IP QoS Mechanisms QoS Mechanisms This topic lists the key mechanisms use to implement QoS in an IP network. QoS Mechanisms Classification: Each class-oriented QoS mechanism has to support some type of
More informationAutoQoS for Medianet
Appendix A AutoQoS for Medianet As of August 2010, an updated version of AutoQoS was released for the Catalyst 2960- G/S, 3560-G/E/X, and 3750-G/E/X family of switches (with IOS Release 12.2(55)SE). This
More informationIntroduction to Network Address Translation
1 Introduction to Network Address Translation Session 2 Agenda Basic Concept of Network Address Translation (NAT) and PAT Definition, Benefits, Availability and Application Support NAT Concepts and Terminology
More informationCiscoWorks Internetwork Performance Monitor
CiscoWorks Internetwork Performance Monitor (IPM) v2.6 Tutorial Introduction 1-1 About This Tutorial Identify the need for network service monitoring tools Describe how to use IPM to configure and monitor
More informationHow To Configure Qos On A Network With A Network (Cisco) On A Cell Phone Or Ipad On A Pq-Wifi On A 2G Network On A Cheap Cell Phone On A Slow Network On An Ipad Or Ip
Quality of Service for Voice Over IP (QoS for VoIP) Presented by: Dr. Peter J. Welcher Slide 1 Dr. Pete Welcher About the Speaker Cisco CCIE #1773, CCSI #94014, CCIP Network design & management consulting
More informationHow To Configure Voip Qos For A Network Connection
Version History Version Number Date Notes 1 4/16/2001 This document was created. 2 5/15/2001 Incoporated editorial comments. 3 6/30/2001 Incorporated additional editorial comments. discusses various quality
More informationOptimizing Converged Cisco Networks (ONT)
Optimizing Converged Cisco Networks (ONT) Module 3: Introduction to IP QoS Introducing QoS Objectives Explain why converged networks require QoS. Identify the major quality issues with converged networks.
More informationConfiguring QoS in a Wireless Environment
12 CHAPTER This chapter describes how to configure quality of service (QoS) on your Cisco wireless mobile interface card (WMIC). With this feature, you can provide preferential treatment to certain traffic
More informationDEPLOYING QUALITY OF SERVICE FOR CONVERGED NETWORKS
DEPLOYING QUALITY OF SERVICE FOR CONVERGED NETWORKS SESSION 1 Agenda Introduction Deployment Guide Monitoring QoS Case Studies Summary 2 Reference Materials QoS Page on CCO http://www.cisco.com/go/qos
More informationHighlighting a Direction
IP QoS Architecture Highlighting a Direction Rodrigo Linhares - rlinhare@cisco.com Consulting Systems Engineer 1 Agenda Objective IntServ Architecture DiffServ Architecture Some additional tools Conclusion
More informationDeploying ACLs to Manage Network Security
PowerConnect Application Note #3 November 2003 Deploying ACLs to Manage Network Security This Application Note relates to the following Dell PowerConnect products: PowerConnect 33xx Abstract With new system
More informationChapter 2 Quality of Service (QoS)
Chapter 2 Quality of Service (QoS) Software release 06.6.X provides the following enhancements to QoS on the HP 9304M, HP 9308M, and HP 6208M-SX routing switches. You can choose between a strict queuing
More informationAbout Firewall Protection
1. This guide describes how to configure basic firewall rules in the UTM to protect your network. The firewall then can provide secure, encrypted communications between your local network and a remote
More informationThe Ecosystem of Computer Networks. Ripe 46 Amsterdam, The Netherlands
The Ecosystem of Computer Networks Ripe 46 Amsterdam, The Netherlands Silvia Veronese NetworkPhysics.com Sveronese@networkphysics.com September 2003 1 Agenda Today s IT challenges Introduction to Network
More informationNetwork Worm/DoS. (whchoi@cisco.com) System Engineer. Cisco Systems Korea
Network Worm/DoS (whchoi@cisco.com) System Engineer Cisco Systems Korea Blaster Worm Router Switch Switch Security Service Module Epilogue Blaster Worm Router Switch Switch Security Service Module Epilogue
More informationConfiguring Quality of Service
CHAPTER 37 QoS functionality on Supervisor Engine 6-E, Supervisor Engine 6L-E, Catalyst 49M, and Catalyst 4948E are equivalent. This chapter describes how to configure quality of service (QoS) by using
More informationConfiguring Quality of Service
CHAPTER 33 This chapter describes how to configure quality of service (QoS) with either automatic QoS (auto-qos) commands or standard QoS commands on a switch running Supervisor Engine 7-E. It describes
More informationLoad Balance Router R258V
Load Balance Router R258V Specification Hardware Interface WAN - 5 * 10/100M bps Ethernet LAN - 8 * 10/100M bps Switch Reset Switch LED Indicator Power - Push to load factory default value or back to latest
More informationILTA HAND 8 QoS/CoS. Agenda. What is it?
ILTA HAND 8 QoS/CoS, Cisco 2011Systems, Inc. www.cisco.com Agenda Remember this is a 101 class. What is it? Do you need QoS? Explain QoS Lab Real World Examples Q&A What is it? Quality of service is the
More informationClass of Service Data Collection Document. For AT&T Managed Internet Service (MIS)
AT&T Managed Internet Service (MIS) Class of Service Data Collection Document Class of Service Data Collection Document For AT&T Managed Internet Service (MIS) 2010 AT&T Intellectual Property. All rights
More informationBasic Network Configuration
Basic Network Configuration 2 Table of Contents Basic Network Configuration... 25 LAN (local area network) vs WAN (wide area network)... 25 Local Area Network... 25 Wide Area Network... 26 Accessing the
More informationCisco Quality of Service and DDOS
Cisco Quality of Service and DDOS Engineering Issues for Adaptive Defense Network MITRE 7/25/2001 Contents 1. INTRODUCTION...1 2. TESTBED SETUP...1 3. QUALITY OF SERVICE (QOS) TESTS...3 3.1. FIRST IN,
More informationEnabling Remote Access to the ACE
CHAPTER 2 This chapter describes how to configure remote access to the Cisco Application Control Engine (ACE) module by establishing a remote connection by using the Secure Shell (SSH) or Telnet protocols.
More informationApplication Note. Configuring WAN Quality of Service for ShoreTel. Quality of Service Overview. Quality of Service Mechanisms. WAN QoS for ShoreTel 5
Application Note ST-0130 April 28, 2006 Configuring WAN Quality of Service for ShoreTel This application note discusses configuration techniques and settings that can be used to achieve highquality voice
More informationChapter 3 Using Maintenance & Troubleshooting Tools & Applications Objectives
Using Maintenance & Troubleshooting Tools & Applications Objectives Describe & utilise Cisco IOS diagnostic tools. Explain the need for specialist tools in the troubleshooting process. Configure software
More informationIOS NAT Load Balancing with Optimized Edge Routing for Two Internet Connections
IOS NAT Load Balancing with Optimized Edge Routing for Two Internet Connections Document ID: 99427 Contents Introduction Prerequisites Requirements Components Used Conventions Configure Network Diagram
More informationAuthentication with 802.1x and EAP Across Congested WAN Links
Application Note Authentication with 802.1x and EAP Across Congested WAN Links Overview Cisco has supported 802.1x authentication for 802.11 LANs since November 2000 with the introduction of the Lightweight
More information642 523 Securing Networks with PIX and ASA
642 523 Securing Networks with PIX and ASA Course Number: 642 523 Length: 1 Day(s) Course Overview This course is part of the training for the Cisco Certified Security Professional and the Cisco Firewall
More informationCISCO IOS IP SERVICE LEVEL AGREEMENT
DATA SHEET CISCO IOS IP SERVICE LEVEL AGREEMENT Network services have changed dramatically in recent years, most notably due to the addition of voice, video, and other mission-critical delay- and performance-sensitive
More informationA host-based firewall can be used in addition to a network-based firewall to provide multiple layers of protection.
A firewall is a software- or hardware-based network security system that allows or denies network traffic according to a set of rules. Firewalls can be categorized by their location on the network: A network-based
More informationOutput Interpreter. SHOW RUNNING-CONFIG SECURITY Analysis SHOW RUNNING-CONFIG - FW Analysis. Back to top
Output Interpreter You have chosen to display errors warnings general information, and helpful references. Headings are displayed for all supported commands that you submitted. SHOW RUNNING-CONFIG SECURITY
More informationGet Application Aware with Your Cisco Network Devices
WHITEPAPER Get Application Aware with Your Cisco Network Devices By: Ben Erwin, NetQoS, Inc. An important part of shifting a network management strategy from up/down availability measurements to one based
More informationQuality of Service (QoS)) in IP networks
Quality of Service (QoS)) in IP networks Petr Grygárek rek 1 Quality of Service (QoS( QoS) QoS is the ability of network to support applications without limiting it s s function or performance ITU-T T
More informationImproving Quality of Service
Improving Quality of Service Using Dell PowerConnect 6024/6024F Switches Quality of service (QoS) mechanisms classify and prioritize network traffic to improve throughput. This article explains the basic
More informationCisco IOS Quality of Service Solutions Command Reference. Release 12.2 T
Cisco IOS Quality of Service Solutions Command Reference Release 12.2 T Corporate Headquarters Cisco Systems, Inc. 170 West Tasman Drive San Jose, CA 95134-1706 USA http://www.cisco.com Tel: 408 526-4000
More informationEthernet Overhead Accounting
The feature enables the router to account for downstream Ethernet frame headers when applying shaping to packets. Finding Feature Information, page 1 Restrictions for, page 1 Information About, page 2
More informationBest Practice Recommendations for VLANs and QoS with ShoreTel
Application Note ST AppNote 10325 (AN 10325) August 17, 2011 Best Practice Recommendations for VLANs and QoS with ShoreTel Description: This application note discusses the use of Virtual LANs, DHCP scopes
More informationThis topic describes the basic purpose and function of AutoQoS. One command per interface to enable and configure QoS
Implementing AutoQoS AutoQoS This topic describes the basic purpose and function of AutoQoS. AutoQoS One command per interface to enable and configure QoS 14 AutoQoS enables customer networks the ability
More informationConfiguring NetFlow Secure Event Logging (NSEL)
75 CHAPTER This chapter describes how to configure NSEL, a security logging mechanism that is built on NetFlow Version 9 technology, and how to handle events and syslog messages through NSEL. The chapter
More information02-QOS-ADVANCED-DIFFSRV
IP QoS DiffServ Differentiated Services Architecture Agenda DiffServ Principles DS-Field, DSCP Historical Review Newest Implementations Per-Hop Behaviors (PHB) DiffServ in Detail DiffServ in other Environments
More informationConfiguring QoS and Per Port Per VLAN QoS
27 CHAPTER This chapter describes how to configure quality of service (QoS) by using automatic QoS (auto-qos) commands or by using standard QoS commands on a Catalyst 45 series switch. It also describes
More informationCisco IOS Flexible NetFlow Technology
Cisco IOS Flexible NetFlow Technology Last Updated: December 2008 The Challenge: The ability to characterize IP traffic and understand the origin, the traffic destination, the time of day, the application
More informationQuality of Service (QoS) for Enterprise Networks. Learn How to Configure QoS on Cisco Routers. Share:
Quality of Service (QoS) for Enterprise Networks Learn How to Configure QoS on Cisco Routers Share: Quality of Service (QoS) Overview Networks today are required to deliver secure, measurable and guaranteed
More informationLab 4.2.3 Analyzing Network Traffic
Lab 4.2.3 Analyzing Network Traffic Objective Device Designation Device Name Address Subnet Mask Discovery Server Network Services 172.17.1.1 255.255.0.0 R1 FC-CPE-1 Fa0/1 172.17.0.1 Fa0/0 10.0.0.1 255.255.0.0
More informationEXPLORER. TFT Filter CONFIGURATION
EXPLORER TFT Filter Configuration Page 1 of 9 EXPLORER TFT Filter CONFIGURATION Thrane & Thrane Author: HenrikMøller Rev. PA4 Page 1 6/15/2006 EXPLORER TFT Filter Configuration Page 2 of 9 1 Table of Content
More informationInternet Protocol: IP packet headers. vendredi 18 octobre 13
Internet Protocol: IP packet headers 1 IPv4 header V L TOS Total Length Identification F Frag TTL Proto Checksum Options Source address Destination address Data (payload) Padding V: Version (IPv4 ; IPv6)
More informationQuality of Service Analysis of site to site for IPSec VPNs for realtime multimedia traffic.
Quality of Service Analysis of site to site for IPSec VPNs for realtime multimedia traffic. A Network and Data Link Layer infrastructure Design to Improve QoS in Voice and video Traffic Jesús Arturo Pérez,
More informationCiscoWorks Internetwork Performance Monitor 4.0
CiscoWorks Internetwork Performance Monitor 4.0 Product Overview The CiscoWorks Internetwork Performance Monitor (IPM) is a network response-time and availability troubleshooting application. Included
More informationInternetwork Expert s CCNA Security Bootcamp. IOS Firewall Feature Set. Firewall Design Overview
Internetwork Expert s CCNA Security Bootcamp IOS Firewall Feature Set http:// Firewall Design Overview Firewall defines traffic interaction between zones or trust levels e.g. ASA security-level Common
More informationConfiguring QoS in a Wireless Environment
Configuring QoS in a Wireless Environment This chapter describes how to configure quality of service (QoS) on your Cisco wireless interface. With this feature, you can provide preferential treatment to
More informationTask 20.1: Configure ASBR1 Serial 0/2 to prevent DoS attacks to ASBR1 from SP1.
Task 20.1: Configure ASBR1 Serial 0/2 to prevent DoS attacks to ASBR1 from SP1. Task 20.2: Configure an access-list to block all networks addresses that is commonly used to hack SP networks. Task 20.3:
More informationPCoIP Protocol Network Design Checklist. TER1105004 Issue 3
PCoIP Protocol Network Design Checklist TER1105004 Issue 3 Teradici Corporation #101-4621 Canada Way, Burnaby, BC V5G 4X8 Canada phone +1.604.451.5800 fax +1.604.451.5818 www.teradici.com The information
More informationSup720 Hardware Assisted Features
Sup720 Hardware Assisted Features 1 IPV6 Switching on Supervisor 720 IPV6 IPV6 SOFTWARE SOFTWARE FEATURES FEATURES IPV6 IPV6 HARDWARE HARDWARE FEATURES FEATURES 128K 128K FIB FIB entries entries IPV6 IPV6
More informationQoS Design and Validation for Enterprise Networks
QoS Design and Validation for Enterprise Networks Cisco and ManageEngine Joint Webinar on designing and validating Quality of Service policies in Enterprise Networks Ken Briley Technical Lead, Cisco Systems
More informationAPPLICATION NOTE 209 QUALITY OF SERVICE: KEY CONCEPTS AND TESTING NEEDS. Quality of Service Drivers. Why Test Quality of Service?
QUALITY OF SERVICE: KEY CONCEPTS AND TESTING NEEDS By Thierno Diallo, Product Specialist With the increasing demand for advanced voice and video services, the traditional best-effort delivery model is
More informationLab 3.8.3 Configure Cisco IOS Firewall CBAC on a Cisco Router
Lab 3.8.3 Configure Cisco IOS Firewall CBAC on a Cisco Router Objective Scenario Topology Estimated Time: 35 minutes Number of Team Members: Two teams with four students per team In this lab exercise,
More informationAnyWeb AG / ITSM Practice Circle 23.01.2007 / Christof Madöry www.anyweb.ch
AnyWeb AG / ITSM Practice Circle 23.01.2007 / Christof Madöry www.anyweb.ch Cisco Works Neue Version LMS 2.6 und wie weiter CiscoWorks LAN Management Solution (LMS) AnyWeb AG / ITSM Practice Circle 23.01.2007
More informationCommon Application Guide
April 2009 Common Application Guide WAN Failover Using Network Monitor Brief Overview of Application To increase reliability and minimize downtime, many companies are purchasing more than one means of
More informationApproach to build MPLS VPN using QoS capabilities
International Journal of Engineering Research and Development e-issn: 2278-067X, p-issn: 2278-800X, www.ijerd.com Volume 7, Issue 8 (June 2013), PP. 26-32 Approach to build MPLS VPN using QoS capabilities
More informationConfiguring Server Load Balancing
CHAPTER 6 This chapter describes how to configure server load balancing (SLB) on the Cisco Application Control Engine (ACE) module. This chapter contains the following sections: Information About Server
More information