Rightly or wrongly, I know lots of production networks where turning
this on would break stuff severely.
Consider this common scenario:
- IPTel/VoIP is deployed in a distributed network
- QoS is enabled only on the WAN routers (not in the LANs), where
interface congestion is a real problem
- WAN routers 'trust' packets marked by IP phone endpoints -- i.e.
marking is done by the phone
Yes, QoS should be enabled end-to-end, but it's often not. Switching
on 'mls qos' on the LAN switches without also applying the appropriate
trust configuration would wreak havoc. Suddently, voice traffic would
be fighting it out with YouTube.
So, *cue twilight zone theme music and raise left eyebrow David
Copperfield style*, I agree with Darby.
cheers,
Dale
On Mon, Jul 27, 2009 at 10:57 AM, Evan Weston<evan_weston_at_hotmail.com> wrote:
> How is it negligent? In a prod network I would have thought it better to not
> trust anything by default at the edge. Just a thought.
>
>
> -----Original Message-----
> From: nobody_at_groupstudy.com [mailto:nobody_at_groupstudy.com] On Behalf Of
> Darby Weaver
> Sent: Monday, 27 July 2009 10:47 AM
> To: Keegan.Holley_at_sungard.com
> Cc: CCIE Groupstudy; kaniyath minha
> Subject: Re: mls Qos
>
> True enough.
>
> However to simply turn mls qos on by itself without being aware of what it
> does and what it does not do is probably negligent at best.
Blogs and organic groups at http://www.ccie.net
Received on Mon Jul 27 2009 - 11:08:14 ART
This archive was generated by hypermail 2.2.0 : Sat Aug 01 2009 - 13:10:23 ART