Book Review: End-to-End QoS Network Design, 2nd Edition

As a Network Consultant and CCIE 5022, I have worked with Cisco QoS since, frankly, the beginning of QoS (yes I am old). I have been eagerly awaiting this books release. In the two weeks, I have had this book; I have already referred to it several times to gain additional insight. This book is an all-encompassing presentation and tutorial on Cisco Quality of Service (QoS).

The book flows very well. A reader new to QoS can start at the beginning and build up to the design strategies and product specific sections. Those more experienced, can fast forward to the more advanced sections. The authors have done a tremendous job explaining the foundational architecture and concepts of QoS, and the flow and syntax of Cisco's Modular QoS Command-line (MQC).

The opening section, “Part 1: QoS Design Overview” (Chapter 1 – 9) layout the history of QoS, including the evolution of IETF RFCs, and the QoS implementation tools. The chapters build on each other, and do a great job of introducing a topic, then diving deeper into the details. Each of these chapters starts with a ‘Terminology’ section. This has the nice effect of clearly defining the chapters’ concepts.

The next section, “Part II: QoS Design Strategies” offers a discussion of business and application QoS requirements and thoroughly explores the overall design principles and implementation strategies. Applications covered include voice, broadcast video, multimedia conferencing, and mission-critical data applications. Within this section are my favorite nuggets… The design best practices and recommendations.

The remaining sections provide comprehensive design and configuration information on campus networks (Cisco Catalyst switches), traditional wireless networks, and new ‘Converged Access’ wired and wireless networks (Catalyst 3850, and Cisco 5760 WLC).

Of particular help to me was the Data Center QoS section. On the Cisco web site, Nexus QoS design and best practices information is lacking. This section fills this void and provides great information on the QoS hardware architectures and configuration. The covered platforms are Nexus 7000, 5500, 2000 and 1000v. Great stuff!

The final sections explore WAN, VPN and Branch QoS. I was pleasantly surprised with the inclusion of the Cisco ASR 1000, ASR 9000, and Cisco CSR.

I strongly recommend this book to anyone working with Cisco infrastructure. QoS is intimidating; however, this book is a tremendous resource that will ease your anxiety.

This book is kept in my cubicle and is already filled with highlights, notes in the margin, and many dog-eared pages.

End-to-End QoS Network Design 2nd Edition at Cisco Press

Cisco ACI - My Take

Recently Cisco introduced Application Centric Infrastructure and the Nexus 9000 family. I have read many terrific posts about ACI and everything ACI brings to the table.

My New Assistant
Network Engineer

To recap, ACI uses the Application Policy Infrastructure Controller (APIC) to unite physical and virtual networks. APIC is a policy management application, which creates application profiles and their associated physical, virtual, layer 4-layer7 dependencies, and automates their deployment. Think data center automation combined with SDN.

Sounds like a Software Defined Data Center (SDDC) doesn’t it? Well…there is more. Insieme, now part of Cisco, also developed the hardware and ASICs for the Nexus 9000 as the Infrastructure.

To support ACI, the Nexus 9000s are deployed in a leaf and spine architecture and run in ACI mode. Together the Nexus 9000 and APIC provide an integrated hardware, software, custom ASIC, 40Gb, smoking fast, secure, multi-tenant cloud infrastructure.

So with ACI and the Nexus 9000, can better define this as a Software Defined Hardware Implemented Data Center?  SDHDID….

Needs a better acronym

Home

Cisco Live 2013 and Alligators

Cisco Live and alligators. What could these possibly have in common? What they have in common starts with a tweet from @CommsNinja (aka Amy Lewis, Data Center and Cloud Marketing @Cisco).

“Are you faster than an alligator? Find out 6/26 in Orlando. http://on.fb.me/11beA5K #CLUS (RT please!)”

I have been to Cisco Live twice and I know things can get crazy. So I was thinking the Cisco Appreciation Event could include alligator races. Instead I found something very serious, important, and very close to my heart.

The 2nd Annual Unofficial CLUS Charity 5K. This year donations are going to the Wounded Warrior Project. The Cisco Live Charity Fun Run donation page for the Wounded Warrior Project is here. I would love to know if I am faster than an alligator, but running a 5K would require a small medical contingent and an oxygen tank.

I am not able to run but I would like to donate. I will donate $1.00 for every one runner faster than an alligator ($300 max).

I challenge other Cisco Live attendees. I challenge you to also donate $1.00 for every one faster than an alligator.

I will donate an extra $10 if John Chambers and $10 if Richard Branson are faster than an alligator.

Donations may be given at Wounded Warriors Project.

See you at Cisco Live 2013 Orlando!!

Home

Cisco ASA Static NAT Multiple Global IPs to Single Real IP

I am finally getting comfortable with Cisco ASA Object NAT introduced with software version 8.3. I like that ACLs use the real IP address not the global/translated IP Address.

I am still struggling when in the CLI trying to parse the different elements of the of the object because there are two "object network XYX" references in the configuration, one for the host and one for the NAT mapping.

Now on to the NAT fun....

I had an interesting Static NAT configuration scenario with Cisco ASA software version 9.1(1) recently. A customer has a domain registered and hosts their own public DNS servers. Originally they had two Authoritative Name Servers (NS) with different IP Addresses.

NS1
Public IP X.X.X.1
Private IP Z.Z.Z.1

NS2
Public IP X.X.X.2
Private IP Z.Z.Z.2

The ASA had the standard object with static nat translations:

object network inside-NS1
 host Z.Z.Z.1
 nat (inside,outside) static X.X.X.1
!
object network inside-NS2
 host Z.Z.Z.2
 nat (inside,outside) static X.X.X.2


They wanted to decommission the NS2. The NS records with the Internet Domain Name Registrar where updated, NS2 was powered off, and object inside-NS2 NAT and access list references was removed from the ASA configuration.

After a few days I saw in the ASA logs, packets blocked for DNS requests to X.X.X.2/Z.Z.Z.2. Since there was no long a real server at Z.Z.Z.2 I could not recreate the NAT translation.

I found Cisco documentation for Static NAT with One-to-Many. This allows for multiple public/global/outside IP addresses to be mapped to a single real/internal address.

1st we have to remove the remaining NS1 translation

object network inside-NS1
 host Z.Z.Z.1
 no nat (inside,outside) static X.X.X.1

2nd we create the object range for the global/outside addresses

object network outside-ns1-ns2
 range X.X.X.1 X.X.X.2

3rd we add a new nat statement

object network inside-ns1
 host Z.Z.Z.1
 nat (inside,outside) static outside-ns1-ns2

The nice thing about this solution is how it handles traffic flows. When Internet traffic sent to X.X.X.1, the returning traffic has a source IP of X.X.X.1, and Internet traffic sent to X.X.X.2, the returning traffic has a source IP of X.X.X.2.

Cisco ASA One to Many Static NAT

---

For this post:
 X.X.X.# = external, public, Internet routable IP Addresses
Z.Z.Z.# = internal, private, IP Addresses.

---

References:
Cisco Support Forums ASA 8.3 Upgrade - What You Need to Know
Cisco ASA CLI Configuration Guide, 9.0

Home

A Network Engineer Jumps into VMware with The Official VCP5 Certification Guide

My Assistant Network
Engineer Margo.

I have worked in the IT industry for 18 years. All this time I have been focused on the Network and Network Infrastructure. I have worked on everything network, from Token Ring to ATM, Frame Relay to MPLS, 10Mbps Ethernet to Fibre Channel over Ethernet, and even Fibre Channel over Token Ring.

I decided I was ready to officially jump into virtualization. I say officially because 1) I have been "touching" VMware for the last two years and 2) I'm ready to earn VCP5 certification.

To start my journey, I recently attended the vSphere 5.1 Install, Manage, and Configure class (the official class is required for VCP5 certification). The class was great for the lecture, lab, and discussion. I needed more. To prepare for the VCP5 Exam I also need a guide to further solidify my understanding.

I am making my way through The Official VCP5 Certification Guide (VMware Press Certification). This book is great! Each section provides thorough details and explanations.

Given my networking background, I enjoyed the section "Planning and Configuring vSphere Networking". I have to admit, I have felt a little out-of-the-loop when the Virtualization guys talk about virtual switches, virtual ports, virtual networks. I'm the networking guy!! I'm supposed to be working on anything with the word "network" in it. Here they are building virtual networks I know nothing about....Rude!

The book has also helped me understand storage (don't get me started on being left out with Fibre-Channel and iSCSI networking). Storage is an area that I felt was surprisingly complicated. I saw an enclosure with a bunch of hard drives connected to a mysterious box called a "Controller" and all was good. Storage admins started talking all "Zone this", "LUN that", "my HBA flogged the target via the WWN". I think the Jets and the Sharks have been replaced with the SANs and the LANs.

Thanks to Bill Ferguson's "The Official VCP5 Certification Guide" my studies in VMware vSphere are flourishing. The book is well written, provides thorough and precise explanations. I will schedule my VCP5 exam in the next few weeks and provide an update.

Thumbs Up, Great Book!!

Billy Carter

CCIE 5022