RSVP Per Flow Limit and RSVP Call Rate
When configuring RSVP, the “ip rsvp bandwidth (bandwidth) [per flow limit]” command there is an optional parameter which limits the per flow bandwidth of individual RSVP reservation. When using Call Admission Control for VoIP, that is the rate of an individual voice call in one direction, but the behavior is not as clear cut as it seems.
This feature was added to prevent other application from reserving all of interface’s reservable bandwidth. If a video application uses RSVP within the network, it can take up majority of the reservation with a single video call. For example if the smallest interface only has 500 kbps RSVP bandwidth and a video conference request all 500 kbps, no voice calls will be allowed through. Per flow limit wouldn’t allow one reservation to request all of the bandwidth. There are other methods to limit other application’s ability to reserve bandwidth with a more granular method using a RSVP local policy.
The actual VoIP rate is depended on many factors such as codec, sampling rate and header overhead.[1] The most common codec is either G.711 or G.729. For the G.711 codec, the IP rate is 80 Continue reading
How Fast is Fast?
“How fast is fast?” In the “bad old days,” when routing protocols were young, and we still shot NERF guns at one another in TAC, IGRP was a going concern (not EIGRP, IGRP!). IGRP holds the distinction of being the slowest converging routing protocol (with default timers) ever deployed in real networks. How slow is […]
Author information
There’s No Stupid Question, But…
While I’m a big proponent of people asking questions, there are a few considerations that I’d like to address. These considerations are not about looking (or sounding) “stupid” or otherwise inhibiting the necessary free flow of information. These points are about the appropriateness and reasons for asking a question or series of questions. This article […]
Author information
The post There’s No Stupid Question, But… appeared first on Packet Pushers Podcast and was written by Paul Stewart.
A Question of DNS Protocols
One of the most prominent denial of service attacks in recent months was one that occurred in March 2013, launched against Spamhaus and Cloudflare. With a peak volume of attack traffic of some 120Gbps, it was a very significant attack. How did the attackers generate such massive volumes of attack traffic? The answer lies in the Domain Name System (DNS). The attackers asked about domain names, and the DNS system answered. Something we all do all of the time on the Internet. So how can a conventional activity of translating a domain name into an IP address be turned into a massive attack?Using Deny ACEs in your PBR ACL on your Nexus 7k
Quite a while ago I had a need for some network duct tape… Policy Based Routing while useful should only IMHO be used as a temporary fix. But as you know, temporary things soon become part of production and they end up staying around far too long. But I digress. I had a need for some PBR, but soon found out that NX-OS had no support for deny entries in your ACL. This can pose an issue depending on the amount of destinations needed. Mine needed to match everything on the internet, minus RFC1918, and some internal VPN routes and such. Over time, I ended up having to rewrite this 100 line ACL several times, until I saw that NX-OS 6.1(3) had support for deny statements.
I was so excited, I immediately rewrote my ACL into a very svelte 20 lines including remarks. My change window came, I applied my ACL, and was faced with an error message. Luckily, I quickly figured out that we need to enable the ability to use denies.
nexus-7010(config)# hardware access-list allow deny ace
Honestly, I just wanted to get this bit of info out there as I haven’t really seen information on it. Continue reading
RSVP Bandwidth on DMVPN Tunnels
Configuring RSVP on DMVPN mGRE tunnels requires few extra steps and a little bit of calculations to figure out the additional overhead. Without correctly configured overhead, the mismatch between RSVP and available LLQ bandwidth can cause degraded VoIP call performance.
Tunnel Bandwidth
By default, the bandwidth value on the tunnel interfaces is set to a low value. Older IOS versions use 8 Kbps while some of the newer IOS versions use 100 Kbps. The idea behind setting such a low bandwidth value is to make it less preferred by routing protocols like EIGRP and OSPF that rely on bandwidth for metric calculation to prevent recursive routing.
A low bandwidth value set on a tunnel interface can cause RSVP problem. If RSVP is enabled on a tunnel interface, by default 75% of its bandwidth is reserved for RSVP. Eight kbps or 100 kbps is too small for any VoIP calls. Ensure that that the correct bandwidth of the underlying physical interface is manually set. It is very easy to miss that Tun2 only have 75 Kbps of reservable bandwidth, while Gi0/2 has 75 Mbps.
b-ro02#sh ip rsvp interface
interface rsvp allocated i/f max flow max sub max VRF
Gi0/0 ena 0 Continue reading
Redistributing Internal BGP (iBGP) into an IGP – why is it dangerous ?
This article discusses the solutions for quiz 14 and it describes some scenarios to help understand why redistributing iBGP into IGP (OSPF in this case) is dangerous.
Making RSVP work over DVMPN
When using RSVP Call Admission Control (CAC) for VoIP, DMVPN and RSVP have limitations that prevent RSVP from working over DMVPN. If you have VoIP and you can’t use location based CAC, RSVP is the only answers. So what’s the problem with RSVP over DMVPN? The root of the problem is RSVP’s loop prevention mechanism. In this post I’ll describe an original solutions to make RSVP CAC work over DMVPN.
RSVP Split-Horizon on Tunnels
RSVP has a little known behavior used for loop prevention. It is similar to the split-horizon rule of many Distance Vector routing protocols and is described in RFC2205:
“[S]tate that is received through a particular interface must never be forwarded out the same interface.” [1]
When RSVP is set to be mandatory for call setup between two locations, RSVP has to successfully establish a reservation for each one way RTP audio stream. That reservation is done by voice gateways acting as the RSVP agents for IP phones. IP phones do not have RSVP running, but rely on voice gateways for that functionality.
Normally, when using DMVPN Phase 3, the initial packets sent between two spoke sites, match a route with the next-hop of the Continue reading
Benchmarking: Be Mindful Where You Set the Bar
At many fast-growing companies, there is a an organizational phenomenon that takes root as the middle management ranks swell. Early on, titles are handed out with thoughtful precision. The Director title, for instance, is held by folks who have demonstrated long-term value. Over time though, the company changes. It usually starts with an outside hire […]
Author information
The post Benchmarking: Be Mindful Where You Set the Bar appeared first on Packet Pushers Podcast and was written by Michael Bushong.
From SMB to Enterprise: Taking the Leap
After working in small business IT for over a decade, I made the leap to a large healthcare enterprise. Although I had been very successful in providing solutions in the SMB space, I didn’t know how well my skill set would transfer into a larger environment. Three years into my experience in the enterprise, I’ve […]
Author information
The post From SMB to Enterprise: Taking the Leap appeared first on Packet Pushers Podcast and was written by Eyvonne Sharp.
Network Virtualization Gets Physical
Network virtualization, as others have noted, is now well past the hype stage and in serious production deployments. One factor that has facilitated the adoption of network virtualization is the ease with which it can be incrementally deployed. In a typical data center, the necessary infrastructure is already in place. Servers are interconnected by a physical network that already meets the basic requirements for network virtualization: providing IP connectivity between the physical servers. And the servers are themselves virtualized, providing the ideal insertion point for network virtualization: the vswitch (virtual switch). Because the vswitch is the first hop in the data path for every packet that enters or leaves a VM, it’s the natural place to implement the data plane for network virtualization. This is the approach taken by VMware (and by Nicira before we were part of VMware) to enable network virtualization, and it forms the basis for our current deployments.
In typical data centers, however, not every machine is virtualized. “Bare metal” servers — that is, unvirtualized, or physical machines — are a fact of life in most real data centers. Sometimes they are present because they run software that is not easily virtualized, or because of Continue reading
Speaker for the Dead – Privacy and Trust
This series of articles allows me to play the part of a ‘Speaker for the Dead’ for technology that has or is becoming ‘end of life’ or legacy and/or irrelevant (or which should be). In this article, the subject isn’t a specific technology or protocol although technology has brought about it’s demise; it’s something far […]
Author information
The post Speaker for the Dead – Privacy and Trust appeared first on Packet Pushers Podcast and was written by Steven Iveson.
Why We Do Packet Pushers – Email From a Listener
I got this email from Joel which made my day. It is email like this that keep us motivated and feel that Ethan & I are creating something worthwhile. Sometimes ‘packet pushing’ is just a lot of work, sometimes it is great fun, sometime we make a bit of money from sponsors too. But knowing […]
Author information
The post Why We Do Packet Pushers – Email From a Listener appeared first on Packet Pushers Podcast and was written by Greg Ferro.
Flow
Have you ever struggled to explain to your parents or friends why you still study technical topics at night? It can be frustrating trying to explain to these people why you do what you do. Let’s be honest, it’s hard to explain ‘why’ to ourselves, never mind explain it to others. I have found a […]
Author information
The post Flow appeared first on Packet Pushers Podcast and was written by John Harrington.
Why Blog?
I have been involved in various technical social networks and blogging for quite a while. Beginning in about 2008, I started spending a lot of time helping others over at the Cisco Learning Network. About the same time I launched PacketU.com. In May of 2013, John Harrington and I coordinated the site that you’re currently […]
Author information
The post Why Blog? appeared first on Packet Pushers Podcast and was written by Paul Stewart.
Webinar: ManageEngine on Log Analysis and Netflow
ManageEngine is a well known vendor of Network Management tools with tens of thousands of customers worldwide with a portfolio covering the full spectrum including Performance, Server/Application, Help Desk, Desktop Management. Sign up here
Author information
The post Webinar: ManageEngine on Log Analysis and Netflow appeared first on Packet Pushers Podcast and was written by Greg Ferro.
Show 157 – ONS Roundup – SDN,Enterprise, Wireless and More
This show was recorded by Brent Salisbury at Open Networking Summit in April 2013 http://www.opennetsummit.org where he got a bunch of folks around a microphone to talk about OpenFlow/SDN and the progress being made in the organisations. Show topics How is OpenFlow progressing ? Open Daylight foundation and its inception. Is the future of OpenFlow assured and what […]
Author information
The post Show 157 – ONS Roundup – SDN,Enterprise, Wireless and More appeared first on Packet Pushers Podcast and was written by Greg Ferro.
Cisco VIRL – Virtual Internet Routing Lab
How does the internet work - We know what is networking
Virtualisation In a world in which every day I hear virtualization at least 50 times it would be very strange that there is some part of our digital environment which is not yet virtualised. Today we can see that almost every piece of our server equipment is going to the cloud hence is being virtualised. That is not a […]
Quiz #17 – Cisco vs. Juniper – BGP Advertisements
Your company decided to replace the existing Cisco devices with Juniper. The network team does that and configures the new Junipers as similar possible to the old Ciscos. But something does not work as intended. What is it ?