| Follow me on: 
My, now official, former colleague Duncan Epping left Ictivity and is going to work for VMware as Senior PSO Consultant. Duncan is the owner of the Yellow-Bricks blog, which you need to check on interesting posts on VMware.
Duncan, it was great working with you. I learned a lot about VMware from you. Good luck and hopefully we stay in touch.
Today I visited a customer where the power a Cisco Catalyst 3548XL blew up. The switch had a manufacture date of December 2000. It is an old one, but still I haven’t seen a power supply being blown up from a Cisco switch from that age.
But oké, the switch needed to be replaced. The customer ordered some 3560 switches, so all the 3548 switches could be replaced. The customer was also using a Cisco 2650XL router for routing between the different VLAN’s. Because they purchased some layer 3 switches, I also wanted to remove the Cisco 2650XL router.
The configuration of the router wasn’t that spectacular, there was only some policy-based routing (PBR) configured. The switches had IP base images, so I had to upgrade one switch with IP services firmware. After upgrading the switch, I configured the ACL and route-map as listed below.
ip access-list extended ACL-PBR
permit ip 10.10.10.0 0.0.0.255 any!
route-map RM-PBR permit 10
match ip address ACL-PBR
set ip default next-hop 10.10.10.253
Next I wanted to apply the route-map to the correct interface, but that resultant in the following syslog message.
%PLATFORM_PBR-4-SDM_MISMATCH: PBR requires sdm template routing
Looking at the internet for a PBR example on a Cisco Catalyst 3560, I found that I had to change the SDM (Switch Database Management) template. The SDM manages the layer 2 and layer 3 switching information that is maintained in the Ternary Content Addressable Memory (TCAM). The TCAM is used for forwarding lookups.
Looking at the default configuration the switch had the following SDM configuration.
SW01-L3(config)#do sh sdm prefer
The current template is “desktop default” template.
The selected template optimizes the resources in
the switch to support this level of features for
8 routed interfaces and 1024 VLANs.number of unicast mac addresses: 6K
number of IPv4 IGMP groups + multicast routes: 1K
number of IPv4 unicast routes: 8K
number of directly-connected IPv4 hosts: 6K
number of indirect IPv4 routes: 2K
number of IPv4 policy based routing aces: 0
number of IPv4/MAC qos aces: 0.75K
number of IPv4/MAC security aces: 1K
Looking at the output, there is no memory configured for IPv4 policy based routing aces. This means that I have to change the SDM template to routing. This is achieved be entering the global configuration command:
sdm prefer routing
The execution of the command requires a switch reboot. After the reboot I checked the SDM configuration and noticed that memory is allocated for PBR, like displayed below:
SW01-L3(config)#do sh sdm prefer
The current template is “desktop routing” template.
The selected template optimizes the resources in
the switch to support this level of features for
8 routed interfaces and 1024 VLANs.number of unicast mac addresses: 3K
number of IPv4 IGMP groups + multicast routes: 1K
number of IPv4 unicast routes: 11K
number of directly-connected IPv4 hosts: 3K
number of indirect IPv4 routes: 8K
number of IPv4 policy based routing aces: 0.5K
number of IPv4/MAC qos aces: 0.75K
number of IPv4/MAC security aces: 1K
So I try to apply the route-map to the specific interface, but this resulted in another syslog message.
%PLATFORM_PBR-3-UNSUPPORTED_RMAP: Route-map RM-PBR not supported for Policy-Based Routing
Seems that the PBR configuration is not supported on the switch. At least some commands are not supported. Checking the internet again, I found a document with Unsupported Route Map Commands for a Catalyst 3550.
I had to change the next-hop configuration. I replaced the route-map with the following commands.
route-map RM-PBR permit 10
match ip address ACL-PBR
set ip next-hop 10.10.10.253
Finally, after changing the route-map it could be applied to the interface. After replacing the components I tested the route-map and it is working without any problems.
Yesterday I attended the QoS Design session and blogged on the subject. After posting the blog on the internet I received an e-mail about a statement in the blog. I placed the following statement on the blog:
“Remember e-mail is NOT mission-critical.”
In the e-mail I received the following comment on this statement.
“What he forgot to mention, and which is the most important aspect, and the most disruptive part of QoS, is the politics around prioritization of applications. Everyone’s application is Priority 1, even if it is only e-mail.”
This is indeed correct. Everybody will try to convince you that their applications are the most critical for the application. The process of marking and classification involves a lot of politics.
Purely speaking as a network engineer and in the most circumstances, applications like voice and video conferencing are mission-critical and need more priority in comparison with e-mail and normal web browsing.
Thanks for bringing this up. Hope it is more clear now….
Last night Cisco organized the Cisco Customer Appreciation Event. The event took place at Universal Orlando. I thought that should be cool and it really was……
A big part of the park was closed and only accessible for Cisco Live attendees. All the different rides were open, like the Mummy Returns, Terminator 2-D, Twister and many more. Not only all the rides were free, but also all food and beverages were free. I could just walk in a restaurant, order something to eat and take it without paying.
The best part of the evening was the performance by the Blue Man Group. There show was really great and of course free for everyone. The largest Hard Rock café in the world was also only accessible for Cisco Live attendees, including the free drinks and food.
The organization of the whole evening deserves a big THANK YOU. Really great evening, I had a great time.
What can somebody tell me about QoS after I passed the Cisco QoS (642-642) exam just one hour ago ?!?!?! ;-). A lot as I noticed from the session.
When designing QoS SLA’s are very important. What are the required latency, jitter and data loss for the different applications, which traffic is really mission-critical and which traffic isn’t?? Remember e-mail is NOT mission-critical.
Voice traffic shouldn’t have more 150ms one-way latency. A call, which traffics the network, will have different kind of latencies, like CODEC, Queuing, Serialization, Propagation and Network Latency.
When designing QoS, classification and marking is the first step taken as closely to the edge as possible. After classifying and marking packets with the correct CoS (Class of Service) and DSCP (Differentiated Services Code Point), you have to configure all uplinks between switches/routers to trust these CoS and DSCP markings.
Policing is one way for congestion management. ISP use policing on customer links. Policing, in an ISP perspective, just drops all traffic about a defined rate (exceeding traffic). With policing you have also the option of marking traffic with different CoS or DSCP values, when exceeding the defined maximum rate. In times of congestion this newly marked packets can be dropped, but when the network isn’t congested, these packets are just allowed through.
Shaping is comparable to policing, but is less aggressive in dropping packets. In cases where packets that exceed a defined maximum rate might be discarded, the sending device may choose just to slow down its sending rate, so that the packets aren’t discarded.
Defining the trust boundary between trusted and untrusted devices is also very important when design QoS implementations. Normally a PC isn’t a trusted devices, so all marking from a PC on packets shouldn’t be trusted. A IP phone normally is a trusted device, so CoS markings from an IP phone should be trusted. QoS can be port-based (default) or VLAN-based. To configure VLAN-based QoS, use the command mls qos vlan-based.
There are a lot more best-practices and considerations when designing and implementing QoS in a network, but this is to much to write down in this blog post. I find QoS very interesting, so if you have any questions about QoS, don’t hesitate to contact me.
