RE: mls Qos

Yes exactly. It means my customers can't mark all their web browsing traffic
as DSCP EF and get put in priority queues with whatever voice stuff I may
have. Good command to have on by default IMO. Still not seeing the
negligent.

From: Darby Weaver [mailto:ccie.weaver_at_gmail.com]
Sent: Monday, 27 July 2009 11:09 AM
To: Evan Weston
Cc: CCIE Groupstudy
Subject: Re: mls Qos

I think the part being missed is if you enable mls qos and nothing else...

All packets that enter the switch are re-written to null aka NO QOS Value...
AT ALL.

If one does not ALSO trust ports, this is likely not the desired behavior
that most of think we are buying when we invoke the command.

So...

conf t

mls qos

exit

By itself - it is inherently counter-productive and does opposite of what
most people might expect it to do. The switch now speaks mls qos BUT...

DOES NOT TRUST ANY PORTS.

Until those ports are explicitly confgiured to be trusted.

See what I mean by "negligent".

Basically turning on mls qos on a switch and doing nothing else -
EFFECTIVELY means that all traffic now entering OR traversing the switch in
question.... has its dscp/cos marking re-written to 0 and now are assigned
to class default.

Is that what most of us want to do when we enable the command?

Probably not if we have those things.... what are they called... like IP
Phones.... some of us have those and as a result...

Just turning on mls qos - probably did not solve our problem...

One of my team-mates went to a QoS class and returned with one main theme -
"TRUST" the interfaces, "TRUST" the trunks, etc.

That's not a bad thing to remember...

Next question is what exactly do you want to trust? rewrite, etc.

On Sun, Jul 26, 2009 at 8:57 PM, Evan Weston <evan_weston_at_hotmail.com>
wrote:

How is it negligent? In a prod network I would have thought it better to not
trust anything by default at the edge. Just a thought.

-----Original Message-----
From: nobody_at_groupstudy.com [mailto:nobody_at_groupstudy.com] On Behalf Of
Darby Weaver
Sent: Monday, 27 July 2009 10:47 AM
To: Keegan.Holley_at_sungard.com
Cc: CCIE Groupstudy; kaniyath minha

Subject: Re: mls Qos

True enough.

However to simply turn mls qos on by itself without being aware of what it
does and what it does not do is probably negligent at best.

On Sun, Jul 26, 2009 at 7:56 PM, <Keegan.Holley_at_sungard.com> wrote:

> Off the top of my head I think it's needed when ever QOS is being applied
> to switched traffic and not routed traffic or routed traffic during the
> switching operation. uch as being applied to a vlan or a layer-2 switch
> port. Examples of when it's not needed are policy maps (depending on
> their contents) added to vlan interfaces or layer-3 ports.
>
>
> Blogs and organic groups at http://www.ccie.net <http://www.ccie.net/>
>
> _______________________________________________________________________
> Subscription information may be found at:
> http://www.groupstudy.com/list/CCIELab.html

Blogs and organic groups at http://www.ccie.net <http://www.ccie.net/>
Received on Mon Jul 27 2009 - 11:11:52 ART