Showing posts from January 24, 2010

BPDU Guard vs BPDU Filter

When you configure PortFast on an access or trunk port, you assure that switch it should not expect a switch on this path. With this assurance, the switch can pass right through forward delay and go directly to forwarding when it gains link.

By default, PortFast does not disable STP on the port, but by skipping the listening and learning stats you do increase the probability of creating a loop if a switchin connected. To protect against this situation, you can enable BPDU guard or BPDU filter globally for PortFast port.

BPDU guard will error-disable the port if a BPDU is recevied.

Switch(config)# spanning-tree portfast bpduguard

When the BPDU filter is enabled globally, it causes PortFast ports to stop sending BPDUs. If a BPDU is recevied, the PortFast feature is disabled for that port and normal STP operation resumes.

Switch(config)# spanning-tree portfast bpdufilter

Cisco Announces New Service Provider Operations Track

Cisco Announces New Service Provider Operations Track
Built on the growing demand for dedicated professionals who can manage, maintain and troubleshoot complex service provider IP NGN core network infrastructures, Cisco is introducing a new Service Provider (SP) Operations track. This new track is focused on developing associate, professional and expert-level capabilities to operate large, complex SP networks. These new, first of their kind certifications are designed specifically for Cisco Service Provider Customers, Partners and Cisco Networking Engineers.

Over the coming months Cisco will release new CCIE, CCNP, and CCNA SP Operations courses and exams. In addition, the written exam topics for the CCIE SP Operations certification are now available on the Cisco Learning Network. The CCIE SP Operations written exam is scheduled for release in the second quarter of 2010.

CCIE SP Operations CertificationThe Cisco CCIE SP Operations certification assesses and validates core IP NGN service …

FRTS shape to 95% of CIR

Frame Relay Dual-FIFO

On the low-end router non-distributed platforms (Cisco 7200 and lower), Frame Relay employs a dual-FIFO queuing technique that automatically is invoked at the interface level when FRF.12 is configured. FRF.12 depends on Frame Relay traffic shaping (FRTS) or class-based FRTS being enabled.

In a Frame Relay environment, the Tx-ring does not directly provide back pressure to the Layer 3 queuing algorithm. Instead, when the Tx-ring is full, it provides back pressure to the shaper (FRTS or CB-FRTS), which, in turn, signals the Layer 3 queuing system (LLQ) to engage. Because the FRTS mechanism does not take into account Frame Relay headers and cyclic redundancy checks (CRCs) in its calculations, it generally is recommended that you shape to 95 percent of CIR on Frame Relay circuits up to T1/E1 speeds. This, in turn, engages the LLQ algorithm slightly earlier and improves performance for real-time traffic.

Traffic from each PQ for each DLCI is funneled into the high-pri…

ECN-Echo (ECE)

在Cisco QoS 2.3課程中的ECN(Explicit Congestion Notification)的章節中第一次談到了ECN-Echo(ECE),透過ECE(注意,這個欄位不在ToS中,而是在TCP header中的flag之一)可以通知對方放慢傳送的速度。當另一方收到ECE時,會減少它的congestion windows來放慢傳輸速率。然後在第一個封包中設置TCP header flag(CWR, Congestion Window Reduced),用來通知原先發送ECE的那一方已經減少windows size並且放慢了傳輸速率.
TCP 中的 ECN 支援當路由器將 IP 封包的 ECN 欄位設定為 11 時,接收端 (而不是傳送端) 就會接到路徑中擁塞的通知。ECN 使用 TCP 標頭向傳送端指出網路正遇到擁塞狀況,同時向接收端指出傳送端已經從接收端接到擁塞指標,並且降低傳輸速率。
TCP 中的 ECN 支援使用 TCP 標頭中的兩個未使用位元 (先前定義為保留)。為 ECN 支援定義的兩個新旗標如下所示:
ECE ECN-Echo (ECE) 旗標是用來指出,在 TCP 三方信號交換程序期間,TCP 對等體具備 ECN 功能,並指出 ECN 欄位在 IP 標頭中設定為 11 的連線上接到 TCP 區段。如需有關 TCP 三方信號交換程序的資訊,請參閱 RFC 793。
CWR Congestion Window Reduced (CWR) 旗標是由傳送主機設定,指出已接到設定 ECE 旗標的 TCP 區段。擁塞視窗是由 TCP 維護的內部變數,可管理傳送視窗的大小。
[圖 2] 顯示 TCP 標頭中 ECE 和 CWR 旗標相對於其它旗標的位置。如需有關 TCP 標頭中其它旗標的資訊,請參閱 RFC 793。

圖 2:TCP 標頭中的 ECE 和 CWR 旗標觀看完整大小的影像
當兩個具備 ECN 功能的 TCP 對等體建立 TCP 連線時,它們交換 Synchronize (SYN)、SYN-Acknowledgement (SYN-ACK) 和 ACK 區段。SYN 區段已經針對具備 ECN 功能的 TCP 對等體同時設定 ECE 和 CWR 旗標;但是 SYN-ACK 區段則是設定 ECE 旗標,同時清除 CWR 旗標。
具備 ECN 功能的主機…