QoS Crib Notes

These are my ‘crib notes’ that I’ve made to serve as a last minute refresher. Please forgive the grammer / spelling as I did not develop these notes with publishing in mind

QoS

*** Theory ****

  • Traffic Class: Traffic should be separated into queues. Should have a max bandwidth set as it should not eat all the bandwidth. Should have a min bandwidth to guarantee and should have prioritisation
  • Variable Length Delays:
    • Queuing delay – Time packet sits in exit queue before transmission
    • processing delay – Time from incoming queue to outgoing queue
  • Fixed Length Delays
    • Serialization Delay – Time it takes to put packet in hardware queue
    • Propagation Delay – Time it takes to send bits across the link (formula)
  • End to End Delay – sum or Queuing, processing, serialization and propagation delay and causes jitter for audio and video streams.
  • QoS Models
    • Best Effort – 1st in, 1st out.
    • IntServ – uses RSVP to reserve bandwidth in advance. Known as a signalling protocol. Not efficient as it waste bandwidth
    • DiffServ – uses Per Hop Behaviour (PHB). Every node makes a decision on the packet. More scalable and more preferred. Uses classification and marking
      • Classification – Identify certain types of traffic
      • Marking – Assigning a value to that class of traffic
  • Marking
    • CoS Value: Layer 2 marking, 3 bits = 8. Only applied on frames being trunked as no point in CoS for traffic that is local to that node i.e. switch. CoS markings are lost at each hop. There for copy CoS to ToS
    • IP Prec – Uses ToS value which is 8 bits. MSB, first 3 bits is the IP Prec
    • DSCP – ToS byte is referred as DiffServ and the first 6 bits makes up the DSCP. It is backward compatible with IP Prec via class selector, The AF bit defines four classes and the CS bit defines drop probability (3 = highest drop probability)
      • Expedited Forwarding (EF) – Ideal for voice and video
      • Assured Forwarding – noted as AFXX
        • 1st X = class number
        • 2nd X = CS Value
          • Class 1: AF11 (Low drop), AF12, AF13 (High drop)
          • Class 4: AF41, AF42, AF43
  • Ingress Interface
  • Queuing: Congestion management technique. What packet leaves the router first. Only 1 queuing scheme per interface
    • Bandwidth: Never assign more than 75% interface bandwidth
    • Queue Limit: Packets in queue before tail drop
  • FIFO – 1st in, 1st out. Default for greater than E1 speed.
  • Round Robin – No queue has priority. Round robin a packet from each queue
  • Weighted Round Robin – Like above, but can assign weight to a queue so more packets from that queue can be round robin. E.g. 2 packets from Q1 and 1 packet from Q3. No queue starvation in RR or WRR.
  • Priority Queuing: Suffer from queue starvation. Has 4 queues H, M , N (Default)  and L. Don’t have lots of traffic as high, otherwise lower queues will starve.
  • Weighted Fair Queuing – Default for serial interfaces running E1 or lower. WFQ does not use access lists. Packets handled based on flow. Flow can be;
    • Source and Dest IP / Port, Protocol Number, ToS

It gives priority to low-volume / small talker flow over high volume flows aka aggressive flows. Packets are dropped from high volume flows before low volume flows. WFQ dynamically builds and tear queues as needed. Max is 256 queues

  • Congestive Discard Threshold (CDT) – No. Of packets in queue before dropping it from high volume conversations.
  • WFQ will not work for: VI, loopback and diallers. Bridging or tunnelling, LAPB, X.25, SDLC
  • Class based WFQ – Create classes and place in own queue. The assign guarantee bandwidth. No risk of queue starvation. Up to 64 queues. Use either FIFO or WRED. Uses MQC
    • MQC – Modular Command Line
      • Access List – define interesting traffic
      • Class Map – Match Access List or other criteria
      • Policy Map – Assign QoS etc to class map
      • Service Policy output – Assign the Policy Map to the interface and direction
  • LLQ aka strict priority queue – Suitable for voice as it gives priority whereas CBWFQ etc don’t. It can be seen as extension of CBWFQ as it similar to setup. Uses priority command instead of bandwidth command.
  • NBAR: Identify flows on network and good to use for marking and classification. Uses PDLM to keep up with new definitions etc. Requires CEF and applies to interface only. Does not support non-IP traffic, packets created or destined for the local router, MPLS packets and fragments
  • Congestion Avoidance
    • Tail Drop – When the queue is fall, other packet entering the queue is dropped hence tail drop. Because of this, the sender realises the packets has been dropped and will throttle back it transmission as part of TCP detection & recovery. The sender gradually increases transmission. This leads to TCP Global Synchronisation
    • TCP Global Sync – Multiple senders will transmit at slow rate then fast rate in accordance to how full the queue is, the slow and fast typically is sync for all senders so link it either fully utilised or underutilised. To avoid this, we use RED or WRED
    • RED – Drop packets before the queue fills up, thereby avoiding tail drop that leads to TCP Sync issue. RED can drop at higher rate as the fuller the queue becomes. RED uses three values
      • Min threshold – When RED begins to drop packets
      • Max threshold – RED drops as many as it can
      • Mark Probability Denominator  – Value for how many packets can be dropped e.g. when the max threshold is met, drop 1 packet for every <MPD> packets
  • WRED – Same as RED, but uses IPrec /dscp values to determine which packets are dropped so it not totally random. Enable on interface, default is IPrec, weight is 9 and MPD is 10
  • Traffic Shaping – Friendly policy towards excess traffic. Good for bursty traffic. Applied only to outgoing interface
  • Traffic Policing – Packets are either dropped or re-marked. Set for incoming or outgoing interface
  • L2 Compression / L2 Payload Compression – uses stacker, predictor and msoft.
  • Header Compression (Done at the interface and one side must be active)
    • TCP – IP and TCP header is compressed. Use with CBWFQ for good data transmissions.
    • RTP – IP (20 bytes), RTP(12 bytes) and UDP(8 bytes) headers are compressed to around 2 to 4 bytes. Use RTP HC and LLQ for voice, which is good
  • Link fragmenting and interleaving – operates at L2. Sometimes we may have large data packets in the hardware queue (not software queue) and until that is sent, voice packets will have to wait. What we can do is fragment the large data packet into smaller packets and mix them with voice packets so the voice packets do not have to wait so long
  • QoS over VPN – Use QoS preclassification if QoS is not based on ToS but src or dst IP ports et
  • CoPPs – Protect control plane, Control Plane handles network control traffic.
  • FIFO – not ideal for time sensitive traffic
  • WFQ – Weighted Fair Queuing – Allows flow/stream to go through. Runs default on serial connections with E1 or less.
  • CBWFQ – Class Based – Allows admin to decide what flows are transmitted first. Manual. Cant assign more than 75% of interface bandwidth as 25% is reserved for network control and routing
    • WFQ and CBWFQ can’t be running together
    • Tail drop – packet drop due to tail drop results in TCP senders reducing transmission rate., congestion is reduced, then transmission increases from all senders which means congestion again. This problem is known as  tcp global synchronisation
    • Weighted (WRED) / Random Early Detection (RED) – Helps combat TCP global synchronisation by using this instead of tail drop. RED uses IP Prec or DSCP to drop packets early before queue is full. WRED drops packet from other queues before priority queue. Ineffective against UDP!
    • Low Latency Queuing (LLQ) – Adds to CBWFQ. Allows to avoid Jitter. Used for VoIP
      • WRED and LLQ can’t work together
      • LLQ Policy = create extended access list > create a class-map and match access-list > create policy-map and assign the class-map to it > assign policy-map to interface
      • Priority Queuing – High, Med, Normal, Low.  
Advertisements

Network Model Crib Notes

These are my ‘crib notes’ that I’ve made to serve as a last minute refresher. Please forgive the grammer / spelling as I did not develop these notes with publishing in mind

Network Modelling

*** Theory ***

  • Three Layer Model (3 Layers)
    • Core – Low latency, fast switching, Advanced QoS, Redundancy, Root Bridges
    • Distribution – Handle routing, High Speed ports,
    • Access – VLAN, Basic QoS, Traffic Filtering, Redundant uplinks, future growth, high port density
  • Cisco Enterprise Architecture (6 Modules)
    • Campus – Core layer of campus network.
    • Edge – Internet connectivity, DMZ, VPNs
    • WAN – PPP, Frame, DSL, MPLS
    • Branch – Remote Office
    • Teleworker – SOHO / Mobile Users
    • Data Centre – DR
  • Intelligent Information Network (Vision)
    • SONA – Single Vendor and Virtualisation
      • Application Layer – How end users interact
      • Interactive Service Layer – Virtualisation
      • Network Infrastructure layer

    *** Other ***

    • Reconinsense Attack –Uses packet sniffers etc . Combat with switched infrastructure.
    • DoS Attacks – Can use IP spoofing and DoS attacks
    • Virus – requires human assistance to spread
    • Worm – Saved in memory, spreads automatically
    • ip inspect – is IOS firewall (formly CBAC). Inside interface inspects inbound and outside interface inspects outbound

Cable Network Crib Notes

These are my ‘crib notes’ that I’ve made to serve as a last minute refresher. Please forgive the grammer / spelling as I did not develop these notes with publishing in mind

IPSec


*** Theory ***

  • DOCSIS – Standard governing how cable operators reserve bandwidth for data transfers. When modem boots up it finds a DOCSIS channel (scans for RF for QAM lock). CMTS sends 3 messages (MAP, UCD, SYNC) to modem. It then requests IP from DHCP Server. Modem gets config file via TFTP (address given by DHCP). Modem then register with CMTS and negotiates QoS etc
  • ADSL – Up to 8MB DL and 1MB UL. Limited to 18,000 feet limitation. Can use phone via POTS Splitter.
    • Coding methods
      • CAP – Single Carrier Method – Divides phone line into three separate channels. (V, Upstream, Downstream) – Been replaced by DMT
      • G.Lite – one of two multicarrier methods “splitterless ADSL”. Limited to 1.5MBPS DL and 512 KBPS UL = slow
      • DMT – The 2nd multicarrier method – Uses 256 channels to carry data
    • HDSL – Same UP/DL rate (Symmetric). Can’t use the phone
    • HDSL2 – Allows for VOIP
    • RADSL – UL/DL are adjusted dynamically
    • Satellite – Very slow.  DL 500K and UL 50K (On a clear day!)
      • Problems
        • Attenuation – Signal gets weak
        • Impedance Mismatch – Bad splice or corrosion
        • Cross talk (Inside)
        • AM Radio (Outside)
      • ATM – Uses DSLAM Switches (has DSL card) for data transport.
        • PPPoE vs PPPoA – Key difference is oA uses routing and oE uses bridging
        • PPPoE (RFC 2516) – Typically uses Chap.  Host devices uses discovery to get MAC of PPPoE Server. This creates SESSION_ID.
          • Interface setups
            • Connection to DSLAM – No IP address need and dial pool number (needed) which binds a dialler interface to an Ethernet one.
            • Dialler
              • Ip mtu 1492 – Reduce from 1500 to allow for PPPoE headers
              • Ip address negotiated – Allows for DHCP address to be given
              • Ip nat outside (if using Nat)
          • Default route should be dialler interface
          • Use dialler interface when using NAT inside for PAT.
      • PPPoA – If encapsulation is running under PVC, you are running PPPoA
        • Interface Setups
          • Connecting to DSLAM (ATM 0/0)
            • No ip address
            • Dsl operating-mode auto / Auto negotiate modulation with downstream router
            • Pvc 100/120 / Like DLCI
            • Pppoe-client-dialer-pool-number-1
      • RFC 1483/2684 Bridging – Easy to setup. Multiprotocol. Single user environment. Uses lots of broadcasts, not scalable, can be attacked.

      IPSec Crib Notes

      These are my ‘crib notes’ that I’ve made to serve as a last minute refresher. Please forgive the grammer / spelling as I did not develop these notes with publishing in mind

      IPSec

      *** Theory ***

      • VPNs
        • Data origin ,e.g. AH, ESP
        • Encryption
          • (S) Symmetric Encryption – Same key for enc/decryption. Aka secret key.
          • (A) Asymmetric Encryption – 2 keys. Public and Private.  Encrypt with public, decrypt with private. Private always stay local.
          • DH – Allows the exchange of secret keys over a non-secure connection
            • (S) DES is 56bit
            • (S) 3DES is 3 DES keys on top of each other. So 3 x 56 = 168bit (really 112)
            • (A) AES is the best.
      • Data Integrity AH, ESP
      • Anti replay AH, ESP
        • Mitigate via sequence number on packet.
        • GRE – Encapsulate packet in an IP header. Has no encryption. GRE is multiprotocol. IPSec is really IP only. So GRE over IPSec makes sense.  Can use GRE to send routing protocols over IPSec etc. GRE Encaps first then IPSec encaps
        • L2TP/PPTP – No encryption
        • IPSec – Earlier versions could not carry multicast traffic.
          • Tunnel Mode – Transparent to end host
          • Transport Mode
          • AH (Protocol 51) – Method for authentication and securing data (protects payload of packet. AH less overhead than ESP
          • ESP (protocol 50) – It authenticates, secures and encrypts. Preferred over AH
          • IKE (UDP 500) – negotiates the security parameters and authentication keys
            • Phase 1 – Agreement on methods to exchange data aka SA (Security Association). 1 SA per tunnel.
              • Aggressive Mode – Faster, but not encrypted. 3 Messages,
              • Main Mode – 6 messages. R 1 “DES or 3DES? MD5 or SHA?” R2 “DES and MD5 please” etc DH Keys, Authenticate
        • Phase 1.5 – Known as XAUTH for security
        • Phase 2 – 2 SA per 1 tunnel.
          • Quick Mode – 3 messages
          • Crypto Access List – Defines interesting traffic that starts the IKE/ IPSec process
            • Steps on Cisco Router
              • 1) Create ISAKMP policy 2) Create IPSec transform set 3) Define interesting traffic with crypto access-list 4) Create Crypto Map and apply to interface
          • Dead Peer Detection (DPD) – Keepalive for IPSec.  Sends hello every 10 seconds unless it receives a hello from peer. This means overhead because of enc ry/decryption. Can use on-demand where router sends DPD hello only prior to sending data to peer.
            • Troubleshooting
              • MM_NO_STATE – Phase 1 attribute mismatch
              • MM_KEY_EXCH – Incorrect pre-shared key or peer IP address

        MPLS Crib Notes

        These are my ‘crib notes’ that I’ve made to serve as a last minute refresher. Please forgive the grammer / spelling as I did not develop these notes with publishing in mind

        MPLS

        *** Theory ***

        • Nutshell – Tags packets so fewer layer 3 / route-table router lookups are needed. Can run in frame mode or cell (ATM) mode
        • Edge LSR (Entry / Exit points) – Performs routing lookup, assigns label and then sends to LSR. At the exit edge LSR a label lookup is done, only to realise there is no further label so the label is popped and then an IP look up is done to send the packet on its way.  These routers should be powerful. Also handles labelled and non-labelled networks
          • PHP – Instead of the exit edge LSR doing 2 lookups, we can make it more efficient by it requesting the downstream neighbour to pop the label instead so that it only has to do IP Lookup
        • LSR – Uses the label put on by edge LSR to route to next hop. No need to do route lookup. Does label lookup then a label swap
        • Label – Locally significant and identifies FEC. It is inserted between the L2 and L3 layer (aka 2.5). Local significance means multiple interfaces on the same router can use same label values. Label has 4 fields.
          • Label (20bits)
          • Experimental / CoS (3 bits) – Code of service
          • TTL (8 bits) – Time to Live
          • BOS (Bottom of stack, 1 bit) –
        • FEC – Forward Equivalent Class – Group of packets that is forward to the same next hop ip address & assigned the same level of treatment (QoS etc). Or is forwarded based on following;  Interface, IP Prec or DSCP, Src IP, Src or Dst port etc
        • Label Stack – Packet with more than 1 label. Typically used in MPLS VPNs to form encapsulations
        • pre-process – Label is binded to each route prefix. This is then shared to downstream MPLS routers using LDP, TDP , RVSP etc.
        • Process – E-LSR performs IP Lookup then assigns label (push). LSR looks up label table, swaps label to match downstream router and then forwards (swap). Exit E-LSR will remove (pop) label and send to customer. If a LSR has 2 potential next hops, the LSR will perform a label lookup in its LFIB that resides in the data plane. It will see what the upstream router has assigned as it label value and then place that value instead of it own when sending (swap)
          • Dropped packets – If a labelled packet comes in and has no entry in the FLIB. Exception is
            • Interim Packet Propagation – Time between a labelled packet arriving and time that the LSR has an entry in the FLIB for that label. In this case packet uses CEF. If not entry in FIB, then packet is finally dropped
        • Control Plane – Takes care of routing table. Label bindings are exchanged. Label binding allows LSR1 to know what label LSR2 is expecting. The control plane also has routing protocols.
          • LIB – Stores binding between local labels and FEC. Built via LDP/TDP. Sends these binding to neighbour
          • Routing Protocols
          • LDP UDP 646 (Industry and most popular) – Interface can run both LDP and TDP.
          • TDP TCP 711 (Cisco – being phased out) – Carries label information between LSR’s
          • RSVP – Reserve bandwidth for end-to-end for traffic engineering
        • Data / forwarding Plane – Handles forwarding of the traffic. Forwards by labels or address. It is a copy of the routing table but just in a different format
          • FIB – Has route table like information and is built via IGP
            • Distributed CEF – Uses multiple routers for CEF!
        • LFIB – Built by both IGP and LDP/TDP and performs the actual forwarding of labelled packets

        • LSP – Label Switch Path – The path the packet takes
        • Configuration – Must have CEF enabled. MTU should be changed to 1512. Enable MPLS via interface using  mpls ip
        • Before MPLS VPNS
          • Peer to peer – Client sends routes to ISP Edge router and that router shares it with all the other ISP routers. E.g. customer to edge is IGP. Then route redistribution into BGP to share with other routers
            • Bad – Can cause routing loops and have customers with overlapping subnets
        • Overlay – Provides VC but no routing services e.g. Frame Relay

        • MPLS VPNS – Allows MPLS for multiple customer s sharing the same ISP routers
          • VRF – Virtual Router & Forwarding Table – 1 Route table instance per customer = avoids overlapping subnets from different customers.
          • RD – Route Distinguisher – Unique 64 but attached to IP (vpnv4 prefix) & uses MPBGP on PE routers. So any overlapping subnets will have a unique prefix which mitigates this problem
          • BGP – Has attribute called RT. Route Target assigned the vpnv4 prefix

        • MTU – Must set to following otherwise could be seen as jumbo or giant frame which are frames that are dropped or fragmented.
          • PPPoE                                   = 1492
          • .1Q                                         = 1496
          • Ethernet                              = 1500
          • MPLS                                     = 1504
          • MPLS VPN                           = 1508 (As two labels are used)
          • MPLS VPNS + TE               =1512
          • Good practice for MPLS = 1512

        VLANS Crib Notes

        These are my ‘crib notes’ that I’ve made to serve as a last minute refresher. Please forgive the grammer / spelling as I did not develop these notes with publishing in mind.

        VLANS

        ***theory***

        • Best practice – 1 VLAN per IP
        • Broadcast – Routers can accept and generate broadcasts, but they cannot forward them
        • VLAN 1. 1002 – 1005 are shipped by default
        • Native VLAN – Default on Cisco is VLAN 1. All unassigned hosts are on Native Vlan
        • Static VLAN – Dependent on Host Port
        • Dynamic VLAN – Dependent on Host MAC Address, uses VLAN Membership Policy Server (VMPS – uses UDP). Host can most from port to port or switch to switch and vlan assignment is based on their MAC address. Uses TFTP server to map addresses. Port fast is enabled by default for dynamic vlans. Don’t use port security. Dynamic port cannot be a trunk port
        • VLAN.dat – VLANs kept in separate file. Most delete separately not done with erase
        • Vlan database – using CTRL+Z will not save the config. Must type apply
        • Dynamic Desirable Trunking – Port is actively trying to form a trunk
        • Troubleshooting – Check port speed/duplex and check MAC table
        • ISL – Cisco own trunk protocol. Places both header & trailer in frame, then encapsulates it = overhead. No native vlans = every frame is encapsulated = overhead
          • 26 byte header + 4 byte trailer CRC = 30BYTES. Too large for switch, considered as giant frames
          • 802.1Q – No encapsulation. Adds 4 byte header to frame
          • Trunk – Port must agree on duplex, speed and encapsulation
          • Giants are frame larger than 1518 or 1522 (802.3ac). Runts are frames smaller tan 64bytes. Baby Giants are 1500 < 2000 bytes
          • Dynamic Trunking Protocol – Attempts to negotiate a trunk with remote switch. Sends DTP frames every 30 sec (overhead)
          • VLAN Design – Keep broadcasts and multicast away from core
            • End to end (80/20) – 80% of local traffic stays local and 20% go to core. These vlans must be on every access-layer switch
            • Local (20/80) – 20% local, 80% core.
            • Port status
              • Trunk – Trunk port and no DTP negotiation.
              • Dynamic Desirable – Default. Responds to DTP and becomes a trunk, otherwise access.
              • Dynamic Auto – NOT actively negotiate a trunk, but will respond to DTP and become one if remote is trunk or dynamic desirable. Trunk will not form if both port are dynamic auto

        ***commands***

        # Show vlan brief Shows VLAN, name, status and ports. Does not show trunk ports

        # Show int trunk Shows trunk ports, mode, encapsulation, status and native vlan, allowed VLANS

        # Show vlan id 5 Shows VLAN 5 ports etc

        Wireless Crib Notes

        These are my ‘crib notes’ that I’ve made to serve as a last minute refresher. Please forgive the grammer / spelling as I did not develop these notes with publishing in mind.

        Wireless                                                                                                                                                              23/06/09

        *** Theory ****

        • WLAN – Is called a Basic Service Set BSS (Hub and Spoke). Area of coverage is called a Cell. Device associate with the wireless device. They are half duplex so uses CSMA/CA.
        • SSID – Service set identifier is case sensitive and up to 32 char.
        • AP – Access point aka WAP. Client can use to find AP;
          • Active scanning – Client sends probe request frames & wait for response
          • Passive scanning – Listens for beacons frames from AP. No probes sent
          • Authentication
            • Open system
            • Shared key  – like WEP, WEP can be hacked easily.
              • EAP/LEAP – EAP or LEAP. Leap is cisco only. It has 2-way auth between AP and client, AP uses RADIUS to auth client, Keys are dynamic (generated per authentication), not static. Better than WEP
              • WPA/WPA2 –
              • AD HOC WLAN – aka IBSS
              • Ranges
                • 802.11a – 25MBPS but can reach 54MBPS. Indoor range 100 ft. 5GHZ
                • 802.11b – 6.5MBPS upto 11MBPS. 100 ft. 2.4GHZ
                • 802.11g – 25MBPS to 11 MBPS. 100 ft. 2.4GHZ. Compatible with g hence b/g
                • 802.11n – 200MBPS upto 540MPS, 160 ft. 2.4 or 5 GHZ
                • Microwave can cause issue as it uses 2.4 GHZ band
                • Antenna
                  • Yagi Antenna – Sends signal in a single direction only. (P2P) BETWEEN AP
                  • Omni – Sends signal to all directions (P2M) BETWEEN AP AND HOSTS
                  • Cisco Unified Wireless Network – WLAN Contoller. Talks to LAP (Lightweight Access Point) via LWAPP (Lightweight Access Point Protocol) to make policy consistent. It a centralised Authority.
                  • Aironet tray utility