I already read topic about Cisco SDM (security device manager), Cisco SDM is web-based device management tool for cisco IOS software-based routers, benefit are smart wizards and build-in tutorials. Cisco make SDM factory installed on
- cisco 850 series
- cisco 870 series
- cisco 1800 series
- cisco 2800 series
- cisco 3800 series
Cisco also release Cisco SDM express can access from https://10.10.10.1 (factory default IP)
Cisco SDM can launch from a PC (program installed, Windows OS only) and from router flash memory (web)
Cisco SDM does not synchronize with the router configuration automatically must be used refresh button to resynchronize the router running config with cisco SDM.
Is it reliable there is feature SDM ? I think this is like management device from web to easy configuration not using CLI (command line interface) again and using for Best Common Practices. If using this method I can't using copy/paste :d, so must be memorize step-by-step path menu from SDM.
Sunday, July 22, 2007
Friday, July 20, 2007
dynamips in Mac OS X (PowerPC)
I already tried many time to rebuild dynamips from source in OS X with PowerPC processors, but still failed :(, but yesterday I read in ipflow.utc.fr blog mention in version 0.2.7 optimize PowerPC emmm this statement make me little happy but how rebuild it? all parameter configure using default? still confuse. Finally I try again step-by-step I repeat again, and sucess run dynamips in my iBook G4, oh this is make me very-very happy :)
This is my step
0.install XCode from OSX DVD or download from Apple site
1.install darwinports (MacPorts), download first using default internet get file like 'curl -O http://svn.macports.org/repository/macports/downloads/MacPorts-1.5.0/MacPorts-1.5.0-10.4.dmg', or you can wget if you already installed or using safari browser
2.run 'sudo port -d selfupdate'
3.run 'sudo port install libpcap'
4.download libelf package 'curl -O http://www.mr511.de/software/libelf-0.8.6.tar.gz', extract it 'tar -zxvf libelf-0.8.6.tar.gz' and build from source using '/configure --prefix=/usr/local' then 'make' and 'sudo make install'
5.download dynamips source code I using 0.2.7 version from http://www.ipflow.utc.fr/dynamips/dynamips-0.2.7.tar.gz, extract it using 'tar -zxvf dynamips-0.2.7.tar.gz', in directory source edit file 'Makefile' to use 'nojit' and change the line PCAP_LIB to 'PCAP_LIB=-L/opt/local/lib -lpcap'
6.run dynamips
- run as standalone router
./dynamips -X ios.bin (-X using to real memory not cache on hardisk)
- run as server
./dynamips -H 7200
First time I running still error
...
C7200 'R1': starting simulation (CPU0 PC=0xffffffffbfc00000), JIT enabled.
This function should not be called: void mips64_inc_cp0_count_reg(mips64_jit_tcb_t *b)
...
I think JIT cannot enabled, so I trick using ./dynamips -X -j ios.bin (-j disabled JIT)
this trick run normally if as standalone router but cannot run as server, there is no parameter use to disable JIT :(( I very stuck with this happen :(
I try to rebuild again from first step & what happen this is unbelievable, there is no error again JIT automatic disable without paramter -j oh, this great.
Now I can run dynamips on my iBook :D but I can't optimize idle-pc :(, I try to give idle-pc value from I ever use it just work (not absolutely well) on a IOS version :(
I still looking for to work well idle-pc and enable JIT, from information JIT can make faster process.
This is my step
0.install XCode from OSX DVD or download from Apple site
1.install darwinports (MacPorts), download first using default internet get file like 'curl -O http://svn.macports.org/repository/macports/downloads/MacPorts-1.5.0/MacPorts-1.5.0-10.4.dmg', or you can wget if you already installed or using safari browser
2.run 'sudo port -d selfupdate'
3.run 'sudo port install libpcap'
4.download libelf package 'curl -O http://www.mr511.de/software/libelf-0.8.6.tar.gz', extract it 'tar -zxvf libelf-0.8.6.tar.gz' and build from source using '/configure --prefix=/usr/local' then 'make' and 'sudo make install'
5.download dynamips source code I using 0.2.7 version from http://www.ipflow.utc.fr/dynamips/dynamips-0.2.7.tar.gz, extract it using 'tar -zxvf dynamips-0.2.7.tar.gz', in directory source edit file 'Makefile' to use 'nojit' and change the line PCAP_LIB to 'PCAP_LIB=-L/opt/local/lib -lpcap'
6.run dynamips
- run as standalone router
./dynamips -X ios.bin (-X using to real memory not cache on hardisk)
- run as server
./dynamips -H 7200
First time I running still error
...
C7200 'R1': starting simulation (CPU0 PC=0xffffffffbfc00000), JIT enabled.
This function should not be called: void mips64_inc_cp0_count_reg(mips64_jit_tcb_t *b)
...
I think JIT cannot enabled, so I trick using ./dynamips -X -j ios.bin (-j disabled JIT)
this trick run normally if as standalone router but cannot run as server, there is no parameter use to disable JIT :(( I very stuck with this happen :(
I try to rebuild again from first step & what happen this is unbelievable, there is no error again JIT automatic disable without paramter -j oh, this great.
Now I can run dynamips on my iBook :D but I can't optimize idle-pc :(, I try to give idle-pc value from I ever use it just work (not absolutely well) on a IOS version :(
I still looking for to work well idle-pc and enable JIT, from information JIT can make faster process.
20072007, going to CCIE
20072007, date time today, 20 07 2007. May be it not popular than a few day ago 070707 07 07 2007. Two day ago I finished with my CCIP (cisco certified internetwork professional) with 3 module BCSI, QoS and BGP+MPLS with high score, NOW I'm CCIP (*said in 18 07 2007), thank to god :), thank to my parent for always blessing to do anything positive, thank to my someone always support me every time I booring about my study or my lab, for my friend in rent house, for my team in company always give opportunity every time to study in my office work :d, to all my friend always support me in every time. in a few minutes ago I log in in Certificate Tracking System www.certmanager.net, I can see Certificate Status: CCIP but I still wait my certificate ship.
Next step going to CCIE (cisco certified internetwork expert) service provider track, actually I still little confuse about SP track or R&S track first :-s, to cope it, I study topic related with two track first so if in the middle way I change my choose I can adapt fast. In the middle of my way to going to CCIE may be I take specialist like CISS (cisco information security specialist) or etc. it's related with CCIE wannabe.
oh I almost forget, vote to iPod Nano (1st generation), always help to study in any where now it's time to 'iPod Nano' for CCIP-wannabe-that-must-travel-any-time. in next time I don't know, I can still using iPod Nano to help study in travel (cause this iPod I borrow from my someone :d), next CCIE-wannabe may be I need something can help me to watch video about 'class-on-demand' in travel time. emmm choose iPod video or Zune :-? it's still mistery ;)) before iPod Nano return to the owner I can still use it to study my summary in travel time.
Next step going to CCIE (cisco certified internetwork expert) service provider track, actually I still little confuse about SP track or R&S track first :-s, to cope it, I study topic related with two track first so if in the middle way I change my choose I can adapt fast. In the middle of my way to going to CCIE may be I take specialist like CISS (cisco information security specialist) or etc. it's related with CCIE wannabe.
oh I almost forget, vote to iPod Nano (1st generation), always help to study in any where now it's time to 'iPod Nano' for CCIP-wannabe-that-must-travel-any-time. in next time I don't know, I can still using iPod Nano to help study in travel (cause this iPod I borrow from my someone :d), next CCIE-wannabe may be I need something can help me to watch video about 'class-on-demand' in travel time. emmm choose iPod video or Zune :-? it's still mistery ;)) before iPod Nano return to the owner I can still use it to study my summary in travel time.
Friday, July 6, 2007
Regexp in BGP
A regular expression (regex or regexp for short) is a special text string for describing a search pattern. You can think of regular expressions as wildcards on steroids. You are probably familiar with wildcard notations such as *.txt to find all text files in a file manager. The regex equivalent is .*\.txt
Regexp use in BGP to match pattern AS number
^$ = i local AS
_100_ = going through
^100$ = directly connected
_100$ = originated in AS
^100_ = networks behind AS
.* = matches everything
Now try this, regexp to match pattern AS number
Regexp use in BGP to match pattern AS number
^$ = i local AS
_100_ = going through
^100$ = directly connected
_100$ = originated in AS
^100_ = networks behind AS
.* = matches everything
Now try this, regexp to match pattern AS number
telnet 12.0.1.28
Trying 12.0.1.28...
Connected to route-server.cbbtier3.att.net.
Escape character is '^]'.
CCCC
############## route-server.ip.att.net ###############
######### AT&T IP Services Route Monitor ###########
...
#################### route-server.ip.att.net ####################
route-server>Kerberos: No default realm defined for Kerberos!
route-server>sh ip bgp regexp ^15169$
route-server>sh ip bgp regexp ^15169
route-server>sh ip bgp regexp _15169_
BGP table version is 2822010, local router ID is 10.1.2.5
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,
S Stale
Origin codes: i - IGP, e - EGP, ? - incomplete
Network Next Hop Metric LocPrf Weight Path
*> 64.233.160.0/23 12.123.1.236 0 7018 209 15169 i
* 12.123.33.249 0 7018 209 15169 i
* 12.123.21.243 0 7018 209 15169 i
...
route-server>sh ip bgp regexp _15169$
BGP table version is 2822035, local router ID is 10.1.2.5
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,
S Stale
Origin codes: i - IGP, e - EGP, ? - incomplete
Network Next Hop Metric LocPrf Weight Path
*> 64.233.160.0/23 12.123.1.236 0 7018 209 15169 i
* 12.123.33.249 0 7018 209 15169 i
* 12.123.21.243 0 7018 209 15169 i
...
route-server>sh ip bgp regexp _209_
BGP table version is 2822037, local router ID is 10.1.2.5
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,
S Stale
Origin codes: i - IGP, e - EGP, ? - incomplete
Network Next Hop Metric LocPrf Weight Path
* 8.5.192.0/22 12.123.145.124 0 7018 209 13989 13989 13989 13989 i
* 12.123.45.252 0 7018 209 13989 13989 13989 13989 i
* 12.123.137.124 0 7018 209 13989 13989 13989 13989 i
...
Thursday, July 5, 2007
QoS | Quality of Service
- Quality of Service is QoS
- QoS was not important before networks converged
- networks converged: constant small packet voice flow competes with burstly data flow, critical traffic must get priority, voice & video are time sensitive, brief outages not acceptable
- before implement QoS: burstly data flow (tried to grab as much bw as it could at any give time), first-com first served access (data rate available depend number of users accessing), mostly not time sensitive - delays ok, brief outages are survivable
- converged networks quality issues:
.lack of bandwidth: multiple flows compete for a limited amount of bandwidth (upgrade, forward important packets first, compress payload of layer 2 frame, compress ip packet headers)
.end-to-end delay (fixed & variable): packets have to traverse many network devices & links that add up to the overall delay
.variation of delay (jitter is delta): sometimes there is a lot of other traffic, which results in more delay
.packet loss: packets may have to be dropped when a link is congested
- QoS was not important before networks converged
- networks converged: constant small packet voice flow competes with burstly data flow, critical traffic must get priority, voice & video are time sensitive, brief outages not acceptable
- before implement QoS: burstly data flow (tried to grab as much bw as it could at any give time), first-com first served access (data rate available depend number of users accessing), mostly not time sensitive - delays ok, brief outages are survivable
- converged networks quality issues:
.lack of bandwidth: multiple flows compete for a limited amount of bandwidth (upgrade, forward important packets first, compress payload of layer 2 frame, compress ip packet headers)
.end-to-end delay (fixed & variable): packets have to traverse many network devices & links that add up to the overall delay
.variation of delay (jitter is delta): sometimes there is a lot of other traffic, which results in more delay
.packet loss: packets may have to be dropped when a link is congested
Wednesday, July 4, 2007
Internet huge Routes
Internet is huge routes on public network with interconnected from many country divide into many service provider with single or multihomed link to internet. there are using AS-path to different with others. AS-path is single technical administration with many prefix in them. Usually a service provider have more than one uplink to internet or transit AS with other to connected. the many of interconnected among AS-number become internet like today.
To manage huge routes internet until today reach up to 200 thousands prefix using advanced algorithm / routing protocol. there is BGP (border gateway protocol). BGP is OPEN routing table, every produsen network can using it. BGP is advanced distance vectore categorires routing protocol with many ability using attributes to manage huge routes become optimal. the BGP routes are selected based on AS-path length. the default BPG route selection does not always result in optimum routing / optimal routing. route selection has to be performed based on AS numbers in the AS path. route selection do with AS administer usually from service provider to manage routing become optimum.
So Internet is the huge routes in the earth.
To manage huge routes internet until today reach up to 200 thousands prefix using advanced algorithm / routing protocol. there is BGP (border gateway protocol). BGP is OPEN routing table, every produsen network can using it. BGP is advanced distance vectore categorires routing protocol with many ability using attributes to manage huge routes become optimal. the BGP routes are selected based on AS-path length. the default BPG route selection does not always result in optimum routing / optimal routing. route selection has to be performed based on AS numbers in the AS path. route selection do with AS administer usually from service provider to manage routing become optimum.
So Internet is the huge routes in the earth.
Tuesday, July 3, 2007
QoS | Tail-drops Packet
In my post before you can found 'tail-drops', in here I will share about it.
This is we (I & You *reader) talk about tail-drops packet in network as specially in interface network (Cisco). Do you ever hear tail-drops, let read about that
- tail-drops occur when the output queue is full, these are common drops, which happen when a link is congested
.input queue drop: main cpu is congested & cannot process packets (input queue is full)
.ignore: router ran out of buffer space
.overrun: cpu is congested & cannot assign a free buffer to the new packet
.frame errors: hardware-detected error in a frame-cyclic redundancy check (CRC), runt, giant
- tail drop limitations (tail drop avoided because it contains significant flaws:)
.tcp synchronization
.tcp starvation
.no differentiated drop
- tcp synchronization: tail drops cause many packets of many sessions to be dropped at same time, tcp session restart at same time (synchronized)
- tcp delay, jitter & starvation
- characteristic of tail-drops
.tail drop does not look at IP precedence
.constant high buffer usage (long queue) causes delay
.more aggresive flows can cause other flows to starve
.no differentiated dropping occurs
This is we (I & You *reader) talk about tail-drops packet in network as specially in interface network (Cisco). Do you ever hear tail-drops, let read about that
- tail-drops occur when the output queue is full, these are common drops, which happen when a link is congested
.input queue drop: main cpu is congested & cannot process packets (input queue is full)
.ignore: router ran out of buffer space
.overrun: cpu is congested & cannot assign a free buffer to the new packet
.frame errors: hardware-detected error in a frame-cyclic redundancy check (CRC), runt, giant
- tail drop limitations (tail drop avoided because it contains significant flaws:)
.tcp synchronization
.tcp starvation
.no differentiated drop
- tcp synchronization: tail drops cause many packets of many sessions to be dropped at same time, tcp session restart at same time (synchronized)
- tcp delay, jitter & starvation
- characteristic of tail-drops
.tail drop does not look at IP precedence
.constant high buffer usage (long queue) causes delay
.more aggresive flows can cause other flows to starve
.no differentiated dropping occurs
Monday, July 2, 2007
QoS | Queueing Strategy ex. fifo (part 2)
This is example real condition about fifo & WFQ in example Serial interface on Cisco router.
#sh run int s2/0:1
Building configuration...
Current configuration : 187 bytes
!
interface Serial2/0:1
description Back-to-Back-Serial
bandwidth 256
ip address 1.2.3.1 255.255.255.252
no fair-queue
end
#sh int s2/0:1
Serial2/0:1 is up, line protocol is up
Hardware is Multichannel E1
Description: Back-to-Back-Serial
Internet address is 1.2.3.1/30
MTU 1500 bytes, BW 256 Kbit, DLY 20000 usec,
reliability 255/255, txload 242/255, rxload 139/255
Encapsulation HDLC, crc 16, Data non-inverted
Keepalive set (10 sec)
Last input 00:00:04, output 00:00:00, output hang never
Last clearing of "show interface" counters 4w1d
Input queue: 0/75/0/0 (size/max/drops/flushes); Total output drops: 913214
Queueing strategy: fifo
Output queue: 33/40 (size/max)
5 minute input rate 140000 bits/sec, 49 packets/sec
5 minute output rate 253000 bits/sec, 44 packets/sec
41308979 packets input, 1295718610 bytes, 0 no buffer
Received 0 broadcasts, 0 runts, 0 giants, 0 throttles
3 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored, 3 abort
43053273 packets output, 1159905965 bytes, 0 underruns
0 output errors, 0 collisions, 0 interface resets
0 output buffer failures, 0 output buffers swapped out
0 carrier transitions
no alarm present
Timeslot(s) Used:5-8, subrate: 64Kb/s, transmit delay is 0 flags
#ping 1.2.3.2 repeat 100
Type escape sequence to abort.
Sending 100, 100-byte ICMP Echos to 1.2.3.2, timeout is 2 seconds:
!!!!!!!!!!!!.!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!.!!!!!!!!!!!!!....!!!!!!!!!!!
Success rate is 94 percent (94/100), round-trip min/avg/max = 316/1066/1552 ms
#conf t
Enter configuration commands, one per line. End with CNTL/Z.
(config)#int s2/0:1
(config-if)#fair-queue
(config-if)#^Z
#sh int s2/0:1
Serial2/0:1 is up, line protocol is up
Hardware is Multichannel E1
Description: Back-to-Back-Serial
Internet address is 1.2.3.1/30
MTU 1500 bytes, BW 256 Kbit, DLY 20000 usec,
reliability 255/255, txload 249/255, rxload 120/255
Encapsulation HDLC, crc 16, Data non-inverted
Keepalive set (10 sec)
Last input 00:00:01, output 00:00:00, output hang never
Last clearing of "show interface" counters 4w1d
Input queue: 0/75/0/0 (size/max/drops/flushes); Total output drops: 915277
Queueing strategy: weighted fair
Output queue: 41/1000/64/915277 (size/max total/threshold/drops)
Conversations 11/19/64 (active/max active/max total)
Reserved Conversations 0/0 (allocated/max allocated)
Available Bandwidth 192 kilobits/sec
5 minute input rate 121000 bits/sec, 42 packets/sec
5 minute output rate 250000 bits/sec, 42 packets/sec
41316538 packets input, 1297929738 bytes, 0 no buffer
Received 0 broadcasts, 0 runts, 0 giants, 0 throttles
3 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored, 3 abort
43061143 packets output, 1165133767 bytes, 0 underruns
0 output errors, 0 collisions, 0 interface resets
0 output buffer failures, 0 output buffers swapped out
0 carrier transitions
no alarm present
Timeslot(s) Used:5-8, subrate: 64Kb/s, transmit delay is 0 flags
#ping 1.2.3.2 repeat 100
Type escape sequence to abort.
Sending 100, 100-byte ICMP Echos to 1.2.3.2, timeout is 2 seconds:
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
Success rate is 100 percent (100/100), round-trip min/avg/max = 56/370/1556 ms
#sh run int s2/0:1
Building configuration...
Current configuration : 187 bytes
!
interface Serial2/0:1
description Back-to-Back-Serial
bandwidth 256
ip address 1.2.3.1 255.255.255.252
no fair-queue
end
#sh int s2/0:1
Serial2/0:1 is up, line protocol is up
Hardware is Multichannel E1
Description: Back-to-Back-Serial
Internet address is 1.2.3.1/30
MTU 1500 bytes, BW 256 Kbit, DLY 20000 usec,
reliability 255/255, txload 242/255, rxload 139/255
Encapsulation HDLC, crc 16, Data non-inverted
Keepalive set (10 sec)
Last input 00:00:04, output 00:00:00, output hang never
Last clearing of "show interface" counters 4w1d
Input queue: 0/75/0/0 (size/max/drops/flushes); Total output drops: 913214
Queueing strategy: fifo
Output queue: 33/40 (size/max)
5 minute input rate 140000 bits/sec, 49 packets/sec
5 minute output rate 253000 bits/sec, 44 packets/sec
41308979 packets input, 1295718610 bytes, 0 no buffer
Received 0 broadcasts, 0 runts, 0 giants, 0 throttles
3 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored, 3 abort
43053273 packets output, 1159905965 bytes, 0 underruns
0 output errors, 0 collisions, 0 interface resets
0 output buffer failures, 0 output buffers swapped out
0 carrier transitions
no alarm present
Timeslot(s) Used:5-8, subrate: 64Kb/s, transmit delay is 0 flags
#ping 1.2.3.2 repeat 100
Type escape sequence to abort.
Sending 100, 100-byte ICMP Echos to 1.2.3.2, timeout is 2 seconds:
!!!!!!!!!!!!.!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!.!!!!!!!!!!!!!....!!!!!!!!!!!
Success rate is 94 percent (94/100), round-trip min/avg/max = 316/1066/1552 ms
#conf t
Enter configuration commands, one per line. End with CNTL/Z.
(config)#int s2/0:1
(config-if)#fair-queue
(config-if)#^Z
#sh int s2/0:1
Serial2/0:1 is up, line protocol is up
Hardware is Multichannel E1
Description: Back-to-Back-Serial
Internet address is 1.2.3.1/30
MTU 1500 bytes, BW 256 Kbit, DLY 20000 usec,
reliability 255/255, txload 249/255, rxload 120/255
Encapsulation HDLC, crc 16, Data non-inverted
Keepalive set (10 sec)
Last input 00:00:01, output 00:00:00, output hang never
Last clearing of "show interface" counters 4w1d
Input queue: 0/75/0/0 (size/max/drops/flushes); Total output drops: 915277
Queueing strategy: weighted fair
Output queue: 41/1000/64/915277 (size/max total/threshold/drops)
Conversations 11/19/64 (active/max active/max total)
Reserved Conversations 0/0 (allocated/max allocated)
Available Bandwidth 192 kilobits/sec
5 minute input rate 121000 bits/sec, 42 packets/sec
5 minute output rate 250000 bits/sec, 42 packets/sec
41316538 packets input, 1297929738 bytes, 0 no buffer
Received 0 broadcasts, 0 runts, 0 giants, 0 throttles
3 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored, 3 abort
43061143 packets output, 1165133767 bytes, 0 underruns
0 output errors, 0 collisions, 0 interface resets
0 output buffer failures, 0 output buffers swapped out
0 carrier transitions
no alarm present
Timeslot(s) Used:5-8, subrate: 64Kb/s, transmit delay is 0 flags
#ping 1.2.3.2 repeat 100
Type escape sequence to abort.
Sending 100, 100-byte ICMP Echos to 1.2.3.2, timeout is 2 seconds:
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
Success rate is 100 percent (100/100), round-trip min/avg/max = 56/370/1556 ms
Sunday, July 1, 2007
QoS | Queueing Strategy ex. fifo
I ever resume about queueing & congestion, there are
- occur at any point where there re points of speed mismatches, aggregation or confluence
- queuing manages congestion to provide bandwidth & delay guarantees
- queuing algorithms
.fifo: simplest algorithm, one queue
.pq (priority queuing): allows certain traffic to be strictly-prioritized, multiple queue, allow priority
.round robin: allows serveral traffic flows to share bandwidth, multiple queue, no prioritization
.wrr (weighted round robin): allows sharing of bw with preferential treatment, allow priority, assign a 'weight' to each queue, drawbacks not allocate bw accurately
.drr (deficit round robin): resolves problem with some wrr implementations (inaccurate bw), keeps track number of 'extra' bytes dispatched in each round, add 'deficit' in next round
- queuing components
.hardware queuing always use fifo
.software queuing can be selected: schedules packets into hardware queue
- queue mechanisms incl classification of packets
.after classification put packet into queue or drop
.drop if queue is full
.some mechanisms use intelligent dropping ex. wfq, wred
- soft queue use if hardware queue is full
- a full hardware queue indicates int congestion & soft queue is used to manage it
- a packet forward, router bypass soft queue
- hardware queue (txq) size
- logical interface like subinterface / vlan there is not have dedicated queueing but shared with main interface / physical interface
I have experience about queue, serial interface limit using time slot (controller E1) ex. 128Kbps, moment full traffic if try ping / telnet across the link still done but slow, result ping slow but sure (no time out), but ethernet interface using subinterface limit using rate-limit / policy-map ex. 128Kbps, condition full traffic if try ping / telnet across the link intermitten even time out (in ICMP) like ping. WHY ?
ok look at a little resume in there about queue management, serial default using 'weighted fair' so time-out if try ping just slow but sure, different about ethernet default using 'fifo' there is no queue, if tail drop happen packet are drop. if you want ethernet interface like serial can using command 'fair-queue' in interface configuration that mean enable fair queuing on an interface ;)
so remember default of queueing management every interface model is different.
- occur at any point where there re points of speed mismatches, aggregation or confluence
- queuing manages congestion to provide bandwidth & delay guarantees
- queuing algorithms
.fifo: simplest algorithm, one queue
.pq (priority queuing): allows certain traffic to be strictly-prioritized, multiple queue, allow priority
.round robin: allows serveral traffic flows to share bandwidth, multiple queue, no prioritization
.wrr (weighted round robin): allows sharing of bw with preferential treatment, allow priority, assign a 'weight' to each queue, drawbacks not allocate bw accurately
.drr (deficit round robin): resolves problem with some wrr implementations (inaccurate bw), keeps track number of 'extra' bytes dispatched in each round, add 'deficit' in next round
- queuing components
.hardware queuing always use fifo
.software queuing can be selected: schedules packets into hardware queue
- queue mechanisms incl classification of packets
.after classification put packet into queue or drop
.drop if queue is full
.some mechanisms use intelligent dropping ex. wfq, wred
- soft queue use if hardware queue is full
- a full hardware queue indicates int congestion & soft queue is used to manage it
- a packet forward, router bypass soft queue
- hardware queue (txq) size
- logical interface like subinterface / vlan there is not have dedicated queueing but shared with main interface / physical interface
I have experience about queue, serial interface limit using time slot (controller E1) ex. 128Kbps, moment full traffic if try ping / telnet across the link still done but slow, result ping slow but sure (no time out), but ethernet interface using subinterface limit using rate-limit / policy-map ex. 128Kbps, condition full traffic if try ping / telnet across the link intermitten even time out (in ICMP) like ping. WHY ?
ok look at a little resume in there about queue management, serial default using 'weighted fair' so time-out if try ping just slow but sure, different about ethernet default using 'fifo' there is no queue, if tail drop happen packet are drop. if you want ethernet interface like serial can using command 'fair-queue' in interface configuration that mean enable fair queuing on an interface ;)
so remember default of queueing management every interface model is different.
QoS | Get IP Address Accounting Information
here is I will share how capture near 'real-time' about packets accross interface ini Cisco router. by enabling IP accounting, you can see the number of bytes and packets switched through the Cisco IOS® software on a source and destination IP address basis. only transit IP traffic is measured and only on an outbound basis, traffic generated by the software or terminating in the software is not included in the accounting statistics. different feature on serial interface and ethernet you can see in below. this feature accounting information just work on physical interface not work in logical interface like subinterface or interface vlan except interface controller like 'serial1/0:4'.
#interface Serial
#interface FastEthernet
[...] optional
#interface Serial
(config-if)#ip accounting ?
access-violations Account for IP packets violating access lists on this interface
output-packets Account for IP packets output on this interface
precedence Count packets by IP precedence on this interface
#interface FastEthernet
(config-if)#ip accounting ?
access-violations Account for IP packets violating access lists on this interface
mac-address Account for MAC addresses seen on this interface
output-packets Account for IP packets output on this interface
precedence Count packets by IP precedence on this interface
interface Serial1
ip address x.x.x.x x.x.x.x
ip accounting output-packets
no fair-queue --> 'Queueing strategy: fifo'
end
sh ip accounting | [output-packets]
Source Destination Packets Bytes
172.16.1.55 172.16.0.3 6 552
172.16.1.55 172.16.0.3 2 96
172.16.1.55 172.16.0.3 4 192
Accounting data age is xdxxh
Accounting threshold exceeded for 952906 packets and 888094275 bytes
[...] optional
A Little of Network
continue my first post in a few hours ago, this time I want to describe what about I will share in this site. a little of network mean a little very very little as long as I know about network, may be I often share about proprietary of cisco b'cause I often play & experiment in there.
first time I share allocating of IP address in network, IP address is like address of your home in real live or real world
Class A
range : 1.0.0.0 - 126.0.0.0
network : 127 but only 126 can use
host every network : 16 777 216
first bit 0 in binary
Class B
range : 128.0.0.0 - 191.255.0.0
network : 16 384
host every network : 65 536
first 2 bit 10 in binary
Class C
range : 192.0.0.0 - 223.255.255.0
network : 2 097 152
host every network : 256
first 3 bit 110 in binary
Class D is Multicast
range : 224.0.0.0 - 239.255.255.255
Class E is Research
host 10.0.0.0
range : 172.16.0.0 - 172.31.0.0
host 192.168.0.0
I hope u not confuse with my post ;) next time I will share about subnet & something all there is connecting with IP address
first time I share allocating of IP address in network, IP address is like address of your home in real live or real world
Class A
range : 1.0.0.0 - 126.0.0.0
network : 127 but only 126 can use
host every network : 16 777 216
first bit 0 in binary
Class B
range : 128.0.0.0 - 191.255.0.0
network : 16 384
host every network : 65 536
first 2 bit 10 in binary
Class C
range : 192.0.0.0 - 223.255.255.0
network : 2 097 152
host every network : 256
first 3 bit 110 in binary
Class D is Multicast
range : 224.0.0.0 - 239.255.255.255
Class E is Research
host 10.0.0.0
range : 172.16.0.0 - 172.31.0.0
host 192.168.0.0
I hope u not confuse with my post ;) next time I will share about subnet & something all there is connecting with IP address
Subscribe to:
Posts (Atom)
