Yeah sure it will wreak havoc if you haven't set up the trust boundaries on
your production network but whose fault it that? You just gave a better
example of negligent that the OP.
-----Original Message-----
From: nobody_at_groupstudy.com [mailto:nobody_at_groupstudy.com] On Behalf Of Dale
Shaw
Sent: Monday, 27 July 2009 11:08 AM
To: Evan Weston
Cc: Darby Weaver; CCIE Groupstudy
Subject: Re: mls Qos
Rightly or wrongly, I know lots of production networks where turning
this on would break stuff severely.
Consider this common scenario:
- IPTel/VoIP is deployed in a distributed network
- QoS is enabled only on the WAN routers (not in the LANs), where
interface congestion is a real problem
- WAN routers 'trust' packets marked by IP phone endpoints -- i.e.
marking is done by the phone
Yes, QoS should be enabled end-to-end, but it's often not. Switching
on 'mls qos' on the LAN switches without also applying the appropriate
trust configuration would wreak havoc. Suddently, voice traffic would
be fighting it out with YouTube.
So, *cue twilight zone theme music and raise left eyebrow David
Copperfield style*, I agree with Darby.
cheers,
Dale
Blogs and organic groups at http://www.ccie.net
Received on Mon Jul 27 2009 - 11:25:47 ART
This archive was generated by hypermail 2.2.0 : Sat Aug 01 2009 - 13:10:23 ART