Outbound filters do not affect traffic originating on the router

R3 (f0/0 1.1.1.3) R4 (f0/0 1.1.1.4)

interface FastEthernet0/0
ip address 1.1.1.3 255.255.255.0
ip access-group 100 out

access-list 100 permit icmp any any
access-list 100 deny ip any any

route-map LOCAL permit 10
set interface Loopback0

ip local policy route-map LOCAL

R3#telnet 1.1.1.4
Trying 1.1.1.4 …
% Destination unreachable; gateway or host down

R3#sh ip access-lists 100
Extended IP access list 100
10 permit icmp any any
20 deny ip any any (2 matches)

Advertisements

ip pim rp-address ‘ip address’ override

R2 R1

R2:
interface Serial0/0
ip address 183.1.123.2 255.255.255.0
ip authentication mode eigrp 100 md5
ip authentication key-chain eigrp 100 EIGRP
ip pim sparse-mode
encapsulation frame-relay
no ip split-horizon eigrp 100
clock rate 2000000
no arp frame-relay
frame-relay map ip 183.1.123.1 201 broadcast
frame-relay map ip 183.1.123.3 203 broadcast
no frame-relay inverse-arp

interface Loopback0
ip address 100.2.2.2 255.255.255.0
ip pim sparse-mode
ip igmp join-group 239.1.1.1

no ip pim dm-fallback
ip pim bsr-candidate Serial0/0 0
ip pim rp-candidate Serial0/0

R2#sh ip pim bsr-router
PIMv2 Bootstrap information
This system is the Bootstrap Router (BSR)
BSR address: 183.1.123.2 (?)
Uptime: 00:07:24, BSR Priority: 0, Hash mask length: 0
Next bootstrap message in 00:00:14
Candidate RP: 183.1.123.2(Serial0/0)
Holdtime 150 seconds
Advertisement interval 60 seconds
Next advertisement in 00:00:05

R2#sh ip pim rp
Group: 239.1.1.1, RP: 183.1.123.1, v2, uptime 00:04:04, expires 00:02:24

R1:
interface Serial0/0
ip address 183.1.123.1 255.255.255.0
ip authentication mode eigrp 100 md5
ip authentication key-chain eigrp 100 EIGRP
ip pim sparse-mode
encapsulation frame-relay
clock rate 2000000
no arp frame-relay
frame-relay map ip 183.1.123.2 102 broadcast
frame-relay map ip 183.1.123.3 102
no frame-relay inverse-arp
no ip pim dm-fallback
ip pim bsr-candidate Serial0/0 0
ip pim rp-candidate Serial0/0

R1#sh ip pim bsr-router
PIMv2 Bootstrap information
BSR address: 183.1.123.2 (?)
Uptime: 00:03:53, BSR Priority: 0, Hash mask length: 0
Expires: 00:01:17
This system is a candidate BSR
Candidate BSR address: 183.1.123.1, priority: 0, hash mask length: 0
Candidate RP: 183.1.123.1(Serial0/0)
Holdtime 150 seconds
Advertisement interval 60 seconds
Next advertisement in 00:00:25

R1(config)#ip pim rp-address 100.2.2.2
R1(config)#do sh ip pim rp
Group: 239.1.1.1, RP: 183.1.123.1, v2, next RP-reachable in 00:01:00
Group: 224.0.1.40, RP: 100.2.2.2, uptime 00:00:05, expires never

R1(config)#ip pim rp-address 100.2.2.2 override
R1(config)#do sh ip pim rp
Group: 239.1.1.1, RP: 100.2.2.2, uptime 00:00:02, expires never
Group: 224.0.1.40, RP: 100.2.2.2, uptime 00:00:21, expires never

AToM – Any Transport over MPLS

The feature whereby any Layer 2 frame is carried across the MPLS backbone is called Any
Transport over MPLS (AToM). The routers that are switching the AToM traffic do not need to be
aware of the MPLS payload; they just need to be able to switch the labeled traffic by looking at
the label on top of it. In essence, MPLS label switching is a simple method of switching multiple
protocols in one network. You need to have a forwarding table consisting of incoming labels to be
swapped by outgoing labels and a next hop.

In short, AToM enables the service provider to provide the same Layer 2 service toward the
customers as with any specific non-MPLS network. At the same time, the service provider needs
only one unified network infrastructure to carry all kinds of customer traffic.

switch ‘system mtu’ command OSPF between switch and router

The command “system mtu 1500” on switches is the default one. Even
when value is changed, it will not be stored in neither running-config
nor startup-config. On Catalyst 3550, this information is stored in a
separate file on the flash. On Catalyst 3560, you can’t see it, unless
you do “show system mtu”.

This is one of the well-know little gotchas on the actual lab exam.
You *have* to know how to solve this. Hence, when configuring routing
protocols on switches, make sure you know what their MTU is.

Part of the OSPF adjacency negotiation is MTU. This has to be the same on both ends of the link before the neighbor comes up

Then there are several ways to fix it. First is change the switch MTU (best practice) , second is change the MTU on the router’s interface (have seen this fail, not able to set manually by user) and third is use the ‘ip ospf mtu-ignore’ command on both interfaces.

Traffic Policing

The Traffic Policing feature works with a token bucket mechanism. There are currently two types of token bucket algorithms: a single token bucket algorithm and a two token bucket algorithm. A single token bucket system is used when the violate-action option is not specified, and a two token bucket system is used when the violate-action option is specified.

Router(config-pmap-c)# police 8000 2000 4000 conform-action transmit exceed-action
set-qos-transmit 4 violate-action drop

average rate—Maximum long-term average rate of conforming traffic.

conform action—Action to take on packets with a burst size below the rate allowed by the rate limit.

DSCP—differentiated services code point

exceed action—Action to take on packets that exceed the rate limit.

excess burst size—Bytes allowed in a burst before all packets will exceed the rate limit.

normal burst size—Bytes allowed in a burst before some packets will exceed the rate limit. Larger bursts are more likely to exceed the rate limit.

QoS group—Internal QoS group ID for a packet used to determine weighted fair queuing characteristics for that packet.

policing policy—Rate limit, conform actions, and exceed actions that apply to traffic matching a certain criteria.

Versatile Interface Processor (VIP)—Interface card used by Cisco 7500 series and Cisco 7000 series with RSP7000 routers.

With the Two-Rate Policer, you can enforce traffic policing according to two separate rates—committed information rate (CIR) and peak information rate (PIR). You can specify the use of these two rates, along with their corresponding values, by using two keywords, cir and pir, of the police command.

The Two-Rate Policer manages the maximum rate of traffic through a token bucket algorithm. The token bucket algorithm can use the user-configured values to determine the maximum rate of traffic allowed on an interface at a given moment in time. The token bucket algorithm is affected by all traffic entering or leaving the interface (depending on the location of the interface on which the Two-Rate Policer is configured) and is useful in managing network bandwidth in cases where several large packets are sent in the same traffic stream.

The token bucket algorithm provides users with three actions for each packet: a conform action, an exceed action, and an optional violate action. Traffic entering the interface with Two-Rate Policer configured is placed in to one of these categories. Within these three categories, users can decide packet treatments. For instance, packets that conform can be configured to be sent, packets that exceed can be configured to be sent with a decreased priority, and packets that violate can be configured to be dropped.

The Two-Rate Policer is often configured on interfaces at the edge of a network to limit the rate of traffic entering or leaving the network. In the most common configurations, traffic that conforms is sent and traffic that exceeds is sent with a decreased priority or is dropped. Users can change these configuration options to suit their network needs.

The advantage of the dual rate is being able to set parameters on the exceeding (PIR) and violating traffic rates for further treatment in the network.

This is a brief read http://www.faqs.org/rfcs/rfc2698.html, but should help some too.
http://www.cisco.com/en/US/tech/tk543/tk545/technologies_tech_note09186a00800a3a25.shtml#policingvsshaping

LAN QoS

Interface commands:
mls qos trust dscp
mls qos trust cos
mls qos trust device cisco-phone

default, or untrusted, state – any marked packets recieved will be overwritten with a value of 0

CoS field only on dot1.q ‘trunked’ packets

Use the MQC to mark packets, if your CoS-to-DSCP map is already marking one value and you need another:

class-map match-all video
match access-group 1
!
access-list 1 permit 10.2.2.2
!
policy-map video
class video
set ip dscp 34
!
int f0/0
service-policy input video

Congestion Management (Queuing)
Weighted Round Robin (WRR) scheduled
Strict Priority & WRR scheduled

Assign CoS values 0-7 to one of the four egress queues:
wrr-queue cos-map 1 0 1 -> queue 1 CoS value 0,1
wrr-queue cos-map 2 2 -> queue 2 CoS value 2
wrr-queue cos-map 3 3 4 6 7 -> queue 3 CoS value 3,4,6,7 – 6 and 7 placed in queue 3 for routing and BPDU and should not be placed any lower due to possible starvation
wrr-queue cos-map 4 5 -> queue 4 ‘priority queue’

WRR Scheduling:
eliminates starving lower priority queues by assinging a weight to each queue, but NO DELAY GUARANTEE
wrr-queue bandwidth 5 10 25 50 -> 5 packets in queue 1, 10 in queue 2, 25 in queue 3, 50 in queue 4

Strict Priority and WRR Scheduling:
wrr-queue bandwidth 5 10 25 0 -> 5 packets in queue 1, 10 in queue 2, 25 in queue 3, 0 makes PRIORITY QUEUE

PIM DR and DF

RP
/
.254 DR .253
/
HOST

DR:
2 PIM-SM routers .254 and .253 only the DR .254 sends Joins to the RP to build the shared-tree….

If HOST sources multicast, the DR sends Register messages to the RP….

DF:
.254 and .253 both start receiving multicast traffic from the same source RP (source is upstream from the RP say), this triggers both to send PIM Assert messages to determine forwarder, PIM Assert determine if all the routers are running the same unicast protocol, the router with the best metric wins the Assert. If the metrics are equal, the router with the highest IP address is elected. Then .253 will prune and only .254 will send….