QoS on Cisco

Просто о сложном. Заметки для себя.

QOS НА КОММУТАТОРАХ CISCO.

ОГЛАВЛЕНИЕ

QoS на коммутаторах Cisco.

1. Функции средств контроля качества (QoS) обслуживания коммутаторов Cisco Catalyst

2. Функции обеспечения качества обслуживания входящих данных (Ingress QoS)

2.1. Конфигурации QoS по умолчанию

2.2. Классификация и маркировка

2.2.1. Классификация и маркирование на базе портов

2.2.2. Классификация — настройка доверенных портов

2.2.3. Маркировка — настройка таблиц карт качества обслуживания (MLS QOS MAP)

2.2.4. Классификация и маркировка на базе MQC

2.3. Ограничение трафика (Policing)

2.3.1. Классификация, маркирование и ограничение трафика (действие при превышении — drop)

2.3.2. Классификация, маркирование и ограничение трафика (действие при превышении - policed-dscp-transmit)

2.4. Управление и предотвращение перегрузок

2.4.1. Формирование очередей, отбрасывание пакетов и планирование загрузки — конфигурация по умолчанию

2.4.2. Формирование очередей и планирование нагрузки

3. Функции обеспечения качества обслуживания (QoS) исходящего(egress) трафика

3.1. Команды управления качеством (QoS) для исходящей очереди

3.1.1. Конфигурация по умолчанию для egress qos

3.1.2. Обработка очереди, сброс пакетов и планирование

Все о полисинге…

Understand How Virtual Machine Traffic Routes

Я надеюсь что в этом посте наглядно покажу как виртуальные машины осуществляют коммуникацию между собой в различных сценариях с другими виртуальными машинами.

VM's connected with Same vSwitch, same port group and VLAN

VM1 and VM2 are connected to same vSwitch called "vSwitch1" ,same port group called Production and also same VLAN called VLAN 20 and also both are running in the same ESXi host called ESX1. Network traffic between these VM's (VM1 & VM2) does not go to physical NICs on the ESXi host and this frames also not forwarded to physical network like physical switch and router because VM's will communicate within the vSwitch and results in achieving the increased network speed and lesser network latency.

Supervisor 2T White Paper

The Cisco Catalyst 6500 Supervisor Engine 2T is the latest addition to the Catalyst 6500 & 7600 family of Multi-Layer Switching Supervisor Engines. It offers much higher levels of forwarding performance, increases the scalability of many previously supported features, and introduces a host of new hardware-enabled functions beyond all previous Catalyst 6500 & 7600 Supervisor models.

This white paper will provide an architectural overview of the new Supervisor 2T. It will explore the physical layout of the Supervisor 2T, provide details about its updated hardware components, and give an overview of its newly introduced features.

High-Level Description of Supervisor 2T

The Supervisor 2T is made up of four main physical components:

●   The baseboard

●   The 5^th generation Multi-Layer Switching Feature Card (MSFC5)

●   The 4^th generation Policy Feature Card (PFC4)

●   The 2 Tbps Switch Fabric

ICMP Redirect и с чем его едят?

How ICMP Redirect Messages Work

ICMP redirect messages are used by routers to notify the hosts on the data link that a better route is available for a particular destination.

For example, the two routers R1 and R2 are connected to the same Ethernet segment as Host H. The default gateway for Host H is configured to use router R1. Host H sends a packet to router R1 to reach the destination on Remote Branch office Host 10.1.1.1. Router R1, after it consults its routing table, finds that the next-hop to reach Host 10.1.1.1 is router R2. Now router R1 must forward the packet out the same Ethernet interface on which it was received. Router R1 forwards the packet to router R2 and also sends an ICMP redirect message to Host H. This informs the host that the best route to reach Host 10.1.1.1 is by way of router R2. Host H then forwards all the subsequent packets destined for Host 10.1.1.1 to router R2.

This debug message shows router R1, as in the network diagram, sending an ICMP redirect message to Host H (172.16.1.1).

Заметки продвинутого пользователя SSH.

В статье описаны продвинутые функций OpenSSH, которые позволяют сильно упростить жизнь системным администраторам и программистам, которые не боятся шелла. В отличие от большинства руководств, которые кроме ключей и -L/D/R опций ничего не описывают, я попытался собрать все интересные фичи и удобства, которые с собой несёт ssh. Статья скопирована с Хабра.

Предупреждение: пост очень объёмный, но для удобства использования я решил не резать его на части.

Оглавление:

• управление ключами
• копирование файлов через ssh
• Проброс потоков ввода/вывода
• Монтирование удалённой FS через ssh
• Удалённое исполнение кода
• Алиасы и опции для подключений в .ssh/config
• Опции по-умолчанию
• Проброс X-сервера
• ssh в качестве socks-proxy
• Проброс портов — прямой и обратный
• Реверс-сокс-прокси
• туннелирование L2/L3 трафика
• Проброс агента авторизации
• Туннелирование ssh через ssh сквозь недоверенный сервер (с большой вероятностью вы этого не знаете)

NSF with SSO Supervisor Engine Redundancy

SSO Operation

SSO establishes one of the supervisor engines as active while the other supervisor engine is designated as standby, and then SSO synchronizes information between them. A switchover from the active to the redundant supervisor engine occurs when the active supervisor engine fails, or is removed from the switch, or is manually shut down for maintenance. This type of switchover ensures that Layer 2 traffic is not interrupted.

In networking devices running SSO, both supervisor engines must be running the same configuration so that the redundant supervisor engine is always ready to assume control following a fault on the active supervisor engine. SSO switchover also preserves FIB and adjacency entries and can forward Layer 3 traffic after a switchover. Configuration information and data structures are synchronized from the active to the redundant supervisor engine at startup and whenever changes to the active supervisor engine configuration occur. Following an initial synchronization between the two supervisor engines, SSO maintains state information between them, including forwarding information.

During switchover, system control and routing protocol execution is transferred from the active supervisor engine to the redundant supervisor engine. The switch requires between 0 and 3 seconds to switchover from the active to the redundant supervisor engine.

Диагностика проблем Switch Fabric

Introduction

What is Switch Fabric?

The switch fabric is essentially the backplane for all ports and modules on the switch module. When a connection is made from a port on one module to a port on another module, it is made across the switch fabric. Physically, it is the combination of silicon, plastic, and metal that enables ports to connect and pass traffic between themselves.

The switch fabric can be blocking or non-blocking. Non-blocking fabric ensures that the total bandwidth of all ports that use the switch fabric do not exceed its capacity. What this means is that the density of the ports on the switch are such that their total capacity will never be greater than that of the switch fabric. Switches operating in non-blocking mode ensure that congestion will never occur on the switch, nor will ports ever want for bandwidth between each other.

A blocking switch has a port density capacity that exceeds the total capacity of the switch fabric. Control is possible by blocking traffic flow when the switch fabric capacity is exceeded or otherwise not available.

The switch fabric resides on the SE. When a port has to communicate with another port, it has the supervisor check its tables (Content Addressable Memory [CAM] for Layer 2 addresses and Ternary CAM [TCAM] for Layer 3 addresses) to determine what slot and port it needs. The supervisor then establishes the connection between the ports.The switch fabric can also reside on its own module (such as the Switch Fabric Module 2 (WS-X6500-SFM2) and the Switch Fabric Module (WS-C6500-SFM for the Catalyst 6500 Series), which enables the available capacity to be expanded without replacing the SE, or to expand beyond the capacity of the SE.

Архитектура Cisco Catalyst 6500

Multilayer Switch Feature Card (MSFC)

 Multilayer Switch Feature Card is the Layer 3 switching engine that sites on the Catalyst Supervisor as a daughter card. The MSFC is an integral part of the Supervisor Engine, providing high performance, multilayer switching and routing intelligence. On the MSFC daughter card, the route processor (RP) is located on the MSFC itself. Equipped with a high performance processor, the MSFC runs layer 2 protocols on one CPU and layer 3 protocols on the second CPU. These include routing protocol support, layer 2 protocols (Spanning Tree Protocol and VLAN Trunking Protocol for example), and security services.

 The control plane functions in the Cisco Catalyst 6500 are processed by the MSFC and include handling Layer 3 routing protocols, maintaining the routing table, some access control, flow initiation, and other services not found in hardware. Performance of the control plane is dependent on the type and number of processes running on the MSFC. The MSFC3 can support forwarding rates up to 500Kpps. The MSFC provide a means to perform Multilayer Switching (MLS) and interVLAN routing.

The MSFC builds the Cisco Express Forwarding information Base (FIB) table in software and then downloads this table to the hardware Application-specific-integrated circuits (ASICs) on the PFC and DFC (if present) that make the forwarding decisions for IP unicast and multicast traffic.

Role of MSFC 

1. Provide IOS based multi-protocol routing using a variety of routing protocols.
2. Work with the PFC for implementing layer 3 switching & traditional router based input/output ACL's. Note, PFC can implement ACL's without requiring a MSFC.
3. Provide other SW based features (like NAT, Policy Routing, Encryption etc) which are not supported in PFC hardware.