Jump to content


  • Content Count

  • Joined

  • Last visited

  • Days Won


Everything posted by yoshi7

  1. Hi! Please reupload SANS SEC545 pdf material. Thanks!
  2. Hi! I don't have any lab, but some general tips. 1. Choose how many traffic classes you will provide to the end customer. Usually 4 or 6 classes are used in the world, as we have 8 different values in MPLS TrafficClass/EXP bits, at least 2 classes are reserved for SP itself(CS6 and CS7), maybe also IP Prec 2 will be also special class for SP itself, just for example. 2. Prepare Scheme of QoS for end customers to comply, like 4 class scheme: Class1 - REALTIME/REA (IP Prec 5) Class2 - PRIORITY/PRI (IP Prec 3) Class3 - STANDARD/STD (IP Prec 1) Class4 - DEFAULT/DEF(BE) (IP Prec 0) So you customer should mark its traffic egress direction with IP Prec values(or DSCP, but not much outcome) for SP to be able to differentiate traffic in its core/backbone. 3. Prepare several Traffic Profiles your customers will choose from. Its just an example of 4 profiles, you may create more: Profile 1 (80:60:30:10): REA - 80% of BW, Remaining BW(20%) is devided like: PRI - 60%, STD - 30%, DEF - 10% Profile 2 (40:80:10:10): REA - 40% of BW, Remaining BW(60%) is devided like: PRI - 80%, STD - 10%, DEF - 10% Profile 3 (20:40:20:20): REA - 20% of BW, Remaining BW(80%) is devided like: PRI - 40%, STD - 20%, DEF - 20% Profile 4 (00:40:40:20): REA - 0%, PRI - 40%, STD - 40%, DEF - 20% 4. Define policy, how traffic will be treated in defined profiles. ex.: REA traffic above defined CIR/CAR in profile will be dropped PRE traffic above its CIR/CAR will be remarked to DEF/BE(0) class (or to lower class STD(3) if you wish) and transmitted into SP backbone STD traffic above its CIR/CAR will be remarked to DEF/BE(0) class DEF/BE traffic above its CIR/CAR will not be policed and SP will try to transmit it further into backbone as lowest priority traffic. So this means you have to configure POLICING/RATE LIMITING of customer traffic ingress to PE device. If customer exceeds REA class - you will drop violated traffic. If customer exceeds PRE class - you will just remark its exceeding or violating portion of traffic to lower class or to BE and transmit(try to do). I assume that CE is directly connected to PE. If there is any last mile or L2 devices between CE and PE, consider where exactly you will be policing: at L2 edge device like switch or at SP MPLS PE device ingress. Customer should mark each class and SHAPE its egress traffic towards SP PE device it it would like to comply with your profiles and to comply general SLA with SP. HQoS Aggregate shaper will help to comply with overall contracted BW and also eliminate traffic drops during microbursts when customer CIR is sub-line rate for Interface LINE RATE, ex:. customer contracted CIR is 200Mbit/s, but its CE device is connected to SP using 1Gbit/s interface with line rate of 1Bbit/s. If customer will not accordingly shape its egress traffic - SP ingress policer will drop partial amount of legit traffic. In case of sub-line rate customer shaper burst size should be at least twice as lower as SP policer burst size. About sub-line rate read the book Read the book End-to-End QoS, page 775 (Sub-Line-Rate Ethernet Design Implications) page 795 (Sub-Line-Rate Ethernet: Hierarchical Shaping and Queueing Models) 5. At PE device you will configure some ingress policies which matches IP Prec bits from customer CE and set MPLS TC/EXP bits into the topmost label using policy described in section 4. 6. RFC 3270 defines three modes of MPLS DiffServ tunneling: Uniform Mode - do not use it Short Pipe Mode - treat traffic in mpls backbone using topmost label TC/EXP bits, but egressing traffic from PE to CE use DSCP/IPP bits in customers IP Packets. Usually when PHP is enabled and label 3 is advertised. Pipe Mode - I'd prefer this. Configure MPLS Explicit Null label and carry TC/EXP bits unchanged until last hop PE device. Read the book End-to-End QoS, part VII. There are also some configuration examples.
  3. Books of different quality. [Hidden Content]
  4. >as shown in the joined file the IOSs are not valid. This is real ios and ios-xe images for real hardware, exactly what you are requested. You didn't mention that you going to use it in GNS3. >Please can you confirm that this IOSs were tested from your side and are valid or not. No, I only downloaded each of them, and 99,9% that each will be working fine in real hw devices. >Ps : the verson of GNS3 is V 2.2.7 Never used GNS3, sorry. I don't know which images are valid for GNS3. Why are you thinking that images you are requested are able to run in GNS3? I'm unaware of such capability of GNS3 to run real images. If I'm wrong - you or somebody else should clarify this or read gns3 docs.
  5. Same issue with this particular image only.
  6. [Hidden Content]
  7. Guys, what is your exact image request? Provide some details then, ex. exact model or serial number or link to download from vendor site. [Hidden Content]
  8. @mir1218 Thanks for images shared. I do have a question about building one... I just buid own v1.2.3 iso image from source codes using the doc, but there are also rolling iso releases available. What is the difference between building my own iso and downloading roling release for particular date(ex. today)? should the result be near the same according to code stability/features or different?
  9. Just notice message #82 on page 6.
  10. lxc-lxd course, compressed mkv. [hide][Hidden Content]]
  11. So you can use it right now. No need to ckack anything. Just configure features needed(which covered by datak9 license) like MPLS, L2TPv3/AToM, etc, but don't put this device into the core layer Ok. If so, I can't help you, maybe someone else...
  12. I don't have any crack tool, but i believe you could just enable right-to-use for data license feature for ISR G2 routers and reboot device. When right-to-use license timeout expires(after 60 or 90 days) the right-to-use license should become active forever(life time). (config)#license accept end user agreement (config)#license boot module c2900 technology-package datak9 (config)#license boot ? #show license feature Feature name Enforcement Evaluation Subscription Enabled RightToUse datak9 yes yes no yes yes #show license right-to-use Feature: datak9 Period left: Life time License Type: RightToUse License State: Active, In Use License Count: Non-Counted License Priority: Low
  13. yoshi7

    Advise needed

    Hi! IMO, enterprise/campus R&S knowledge is literally not enough for SP, but is the good base and starting point to shift towards SP, as IGPs and BGP are the core protocols. Current(old enough) CCNP SP track(until Feb 24th, 2020) and student guide materials consist of many topics which almost not covered in RS or covered in general, such as IOS-XR specifics, Multicast(not in depth), IS-IS, QoS, MPLS fundamentals, classical MPLS Traffic Engineering with RSVP signaling, MPLS VPNs - L3 and L2 VPNs, as well as BGP Inter-AS options and CSC(Carrier-Supporting-Carrier). All these "core" topics(and some others) are covered in current CCNP SP track and I personally can't imagine how someone could just go over any of them. New SP track since Feb 24th, 2020 will have even more tech topics - just see a blueprint for exam to understand better. New SPCOR exam will be the prerequisite anyway, either for CCNP, or CCIE Lab. So, don't try to skip, actually you just can't go over , be sure you have a good understating and hands-on practice in your lab.
  14. VMware VCP6-NV Official Cert Guide Exam 2V0-641 It's a bit outdated, but fundamental staff of how NSX and its componets work described in details. [Hidden Content]
  • Create New...