2009/06/04 19:40 by Tony 本站原创
这次出差总体来说还算顺利,中间的过程是坎坷的,不过经过努力终于找到问题的解决办法,而且很好用,这令我很高兴,终于知道什么叫做绝处逢生了!至于什么问题就不在此说明,总之是用MPLS QOS的三种模式解决的,把这三种模式贴出来已提醒自己并和大家分享。
在MPLS VPN网络上,运营商往往需要在边缘路由器上做出一个选择,就是是否信任上行流量已经携带的优先级信息,此时,华为提供了三种不同的MPLS COS(Class of Service,业务类型)处理模式,以备运营商灵活选择。如图1:
图1:MPLS COS的三种处理模式
1. uniform模式:当运营商认为可以完全信任CE侧流量携带过来的QoS参数时,可以采用Uniform模式,这时PE将CE侧携带上来的报文的COS值直接复制到MPLS外层标签的EXP字段中,从而保证在Core中给予同样的QoS保证。
2. pipe模式:当运营商完全不关心CE侧用户设置的QoS参数时,就忽略用户携带的QoS参数,在PE上为MPLS外层标签的EXP字段重新赋值,结果是从ingress边缘路由器到egress边缘路由器,都按照运营商的意愿进行Core上的QoS调度,直到将流量送出Core之后,报文再根据其原来携带的COS值转发。
3. short-pipe模式:这是对pipe模式的改进,在进入Core的时候,和pipe做相同的处理,只是在egress端的倒数第二跳,就完成了QoS参数的恢复,换言之,从ingress边缘路由器到egress的倒数第二跳路由器,全部按照运营商的意愿进行QoS调度,到了egress边缘路由器上,就已经按照用户原来自己携带的QoS参数进行调度了。
在MPLS VPN网络上,运营商往往需要在边缘路由器上做出一个选择,就是是否信任上行流量已经携带的优先级信息,此时,华为提供了三种不同的MPLS COS(Class of Service,业务类型)处理模式,以备运营商灵活选择。如图1:
图1:MPLS COS的三种处理模式
1. uniform模式:当运营商认为可以完全信任CE侧流量携带过来的QoS参数时,可以采用Uniform模式,这时PE将CE侧携带上来的报文的COS值直接复制到MPLS外层标签的EXP字段中,从而保证在Core中给予同样的QoS保证。
2. pipe模式:当运营商完全不关心CE侧用户设置的QoS参数时,就忽略用户携带的QoS参数,在PE上为MPLS外层标签的EXP字段重新赋值,结果是从ingress边缘路由器到egress边缘路由器,都按照运营商的意愿进行Core上的QoS调度,直到将流量送出Core之后,报文再根据其原来携带的COS值转发。
3. short-pipe模式:这是对pipe模式的改进,在进入Core的时候,和pipe做相同的处理,只是在egress端的倒数第二跳,就完成了QoS参数的恢复,换言之,从ingress边缘路由器到egress的倒数第二跳路由器,全部按照运营商的意愿进行QoS调度,到了egress边缘路由器上,就已经按照用户原来自己携带的QoS参数进行调度了。
Posted in 工程项目 | 2 Comments | 111 Hits
2009/05/03 10:14 by Tony 本站原创
思科官方出的很全面的ACE配置实例指导,每个例子中包括设计指导、设计图、解释、具体配置,还有一定的测试指导,ACE测试必备!欢迎大家收藏!
文档下载:
文档下载:
2009/05/03 09:50 by Tony 本站原创
CCIE SP Lab考试中的一些小提示——MPLS VPN 避免这些错误
我无意中发现一个很不错的文档,是提示我们在CCIE SP LAB考试中针对MPLS VPN思科经常出的一些TROUB,觉得挺有用的,和大家一起分享。
Virtual private network (VPN) is an important section in the Cisco CCIE® Service Provider (SP) lab exam and is generally worth about 27 points. Most of the VPN questions are Multiprotocol Label Switching(MPLS) VPN questions. Comprehensive configurations pertaining to Cisco Express Forwarding, interior gateway protocol (IGP), Label Distribution Protocol (LDP),Multiprotocol Border Gateway Protocol (MPBGP),provider edge-customer edge (PE-CE) routing, virtual routing and forwarding (VRF), and route target are involved in creating MPLS VPN questions. Assume that candidates understand the MPLS VPN mechanism regarding control plane and forward plane and that they know how to configure MPLS VPN.
This tip sheet lists some of the common mistakes that candidates should try to avoid when completing the MPLS VPN section of the CCIE SP lab exam.
下载文件 (已下载 59 次)
我无意中发现一个很不错的文档,是提示我们在CCIE SP LAB考试中针对MPLS VPN思科经常出的一些TROUB,觉得挺有用的,和大家一起分享。
Virtual private network (VPN) is an important section in the Cisco CCIE® Service Provider (SP) lab exam and is generally worth about 27 points. Most of the VPN questions are Multiprotocol Label Switching(MPLS) VPN questions. Comprehensive configurations pertaining to Cisco Express Forwarding, interior gateway protocol (IGP), Label Distribution Protocol (LDP),Multiprotocol Border Gateway Protocol (MPBGP),provider edge-customer edge (PE-CE) routing, virtual routing and forwarding (VRF), and route target are involved in creating MPLS VPN questions. Assume that candidates understand the MPLS VPN mechanism regarding control plane and forward plane and that they know how to configure MPLS VPN.
This tip sheet lists some of the common mistakes that candidates should try to avoid when completing the MPLS VPN section of the CCIE SP lab exam.
下载文件 (已下载 59 次)Posted in 认证考试 | 0 Comments | 154 Hits
2009/04/08 08:40 by Tony 本站原创
通过在思科认证支持网站对2012年思科终止CCIE认证事件向思科官方求证事情的真相,思科回复如下:
Dear Myccie.net,
Thank you for contacting the Certifications Support Center.
The information that you have referenced was posted as an April Fool's joke for 01-Apr-2009, and there is no truth behind it. Please rest assured that the CCIE program will not be discontinued by 2012.
If you have any further questions, or require additional assistance, please click the hyperlink above to update your case.
Kind regards,
Rigo
Certification Support Center
奶奶的,原来是愚人节!!大家放心了!
Dear Myccie.net,
Thank you for contacting the Certifications Support Center.
The information that you have referenced was posted as an April Fool's joke for 01-Apr-2009, and there is no truth behind it. Please rest assured that the CCIE program will not be discontinued by 2012.
If you have any further questions, or require additional assistance, please click the hyperlink above to update your case.
Kind regards,
Rigo
Certification Support Center
奶奶的,原来是愚人节!!大家放心了!
Posted in 认证考试 | 0 Comments | 334 Hits
2009/04/07 09:49 by Tony 本站原创
考试过程遇到疑问 教您在思科官方网站创建CASE
当考生在考试前后出现疑问不能解决,比如考试ID、证书已经发放但是没有收到要求重发等情况,考生可以直接向思科官方网站提交您的问题,即创建一个CASE向思科官方反馈,以求思科官方的帮助解答问题,下面教您如何向思科官方站点创建CSAE!
第一步:打开以下的网站
http://ciscocert.custhelp....
下载文档
当考生在考试前后出现疑问不能解决,比如考试ID、证书已经发放但是没有收到要求重发等情况,考生可以直接向思科官方网站提交您的问题,即创建一个CASE向思科官方反馈,以求思科官方的帮助解答问题,下面教您如何向思科官方站点创建CSAE!
第一步:打开以下的网站
http://ciscocert.custhelp....
下载文档
Posted in 生活缩影 | 1 Comments | 340 Hits
2009/04/03 09:44 by Tony 本站原创
MPLS VPN Internet Access Route Leaking&NAT 路由渗漏
为了能让MPLS VPN客户可以访问Internet,有很多方法可以实现,比如采用Separate (Sub)interface的方式,或者采用Route Leaking和NAT的方式。
Separate (Sub)interface这种方式主要的原理就是在CE与PE之间再做出一条单独的非VRF的链路,CE通过这条链路去访问Internet,技术难度不大,但是需要投入额外的一些费用。这里不再叙述。
采用Route Leaking&NAT结合的方法还是比较常用的,不需要单独在PE和CE之间做一条链路,Internet流量和VPN流量都走VRF的链路。所以投入小,但是技术实现稍微有点难度。
PC---CE1------PE1----P----Internet
|
PE2
|
CE2
为了能让MPLS VPN客户可以访问Internet,有很多方法可以实现,比如采用Separate (Sub)interface的方式,或者采用Route Leaking和NAT的方式。
Separate (Sub)interface这种方式主要的原理就是在CE与PE之间再做出一条单独的非VRF的链路,CE通过这条链路去访问Internet,技术难度不大,但是需要投入额外的一些费用。这里不再叙述。
采用Route Leaking&NAT结合的方法还是比较常用的,不需要单独在PE和CE之间做一条链路,Internet流量和VPN流量都走VRF的链路。所以投入小,但是技术实现稍微有点难度。
PC---CE1------PE1----P----Internet
|
PE2
|
CE2
2009/04/01 13:30 by Tony 本站原创
Cisco Firewall Video Mentor is a unique video product that provides you with more than five hours of personal visual instruction from best-selling author and lead network engineer David Hucaby. In the 16 videos presented on the DVD, David walks you through common Cisco® firewall configuration and troubleshooting tasks. Designed to develop and enhance hands-on skills, each 10–30 minute video guides you through essential configuration tasks on the Cisco ASA and FWSM platforms and shows you how to verify that firewalls are working correctly.
Each video lab presents objectives, dynamic lab topology diagrams, command syntax overviews, and video captures of command-line input and GUI configuration. All of this is coupled with thorough audio instruction by an industry expert making learning easy and engaging.
Posted in 认证考试 | 11 Comments | 963 Hits
2009/03/25 21:52 by Tony 本站原创
前阶段做的防火墙模块的Failover配置,没有配置太多功能,供大家参考!
拓扑结构:Outside--VLAN 50 ,Inside--VLAN 49
6509-A---------------6509-B
| |
| |
6509-C---------------6509-D
| |
| |---Outside VLAN 50
| |
FWSM FWSM
| |--Inside VLAN 49
Server Server
拓扑结构:Outside--VLAN 50 ,Inside--VLAN 49
6509-A---------------6509-B
| |
| |
6509-C---------------6509-D
| |
| |---Outside VLAN 50
| |
FWSM FWSM
| |--Inside VLAN 49
Server Server
The theme Design by