Re: mls Qos

From: Scott Morris <smorris_at_ine.com>
Date: Mon, 27 Jul 2009 07:27:11 -0400

Now, Narbik.... You're going to give me less consulting work if you
encourage people to think like that. ;) Cleaning up after people find
a bad concoction of "extra commands" is a wonderful thing!

You are correct, it is certainly a good idea. (as noted below by
multiple folks) But lab worries are different than real-life worries,
which I thought was the point. Although it was late when I posted that,
so who knows!

But I agree that "just in case" configuration is often a dangerous thing
to be doing. While there are shortcuts we can take for the lab exam, it
is better to not get in that habit!

 

*Scott Morris*, CCIE/x4/ (R&S/ISP-Dial/Security/Service Provider) #4713,

JNCIE-M #153, JNCIS-ER, CISSP, et al.

JNCI-M, JNCI-ER

evil_at_ine.com

Internetwork Expert, Inc.

http://www.InternetworkExpert.com

Toll Free: 877-224-8987

Outside US: 775-826-4344

Knowledge is power.

Power corrupts.

Study hard and be Eeeeviiiil......

Narbik Kocharians wrote:
> But i have asked the proctors, at least 2 of them, this was my question:
> *//*
> */Would you guys subtract points for extra configuration?/*
>
> Their reply:
>
> */NO Not unless it changes the behavior of the routers or switches./*
>
> So based on that i would say NOT to configure things because "*/just
> in case/*", besides people get in this bad habit and they configure
> extra commands for absolutely no reason, now consultants LOVE people
> like that because it keeps them in business, but i would recommend
> doing what you need to do and always remember that "MORE IS LESS".
>
> BTW, i am NOT saying this to go against Scott or others, i truly
> believe in what i am saying.
>
> On Sun, Jul 26, 2009 at 8:36 PM, Scott Morris <smorris_at_ine.com
> <mailto:smorris_at_ine.com>> wrote:
>
> I don't think the proctors pay attention to any such thing where
> they'd
> look at it and say "Dude, what a dork this guy is, he/she
> shouldn't be a
> CCIE". The test is NOT about real life.
>
> Now, what I WOULD expect is that the test is designed in such a
> way that
> if you simply randomly enabled mls qos and were not aware of the
> default
> rewrite that will occur (either to 0, or to dscp 40 if you trust
> incorrectly) that it would mess up QoS at downstream routers. That
> would be a bitch to show since you don't really have hosts in the lab,
> but it would be a REAL reason to say "ooo, you don't get these points
> because it will not work the way you have it configured."
>
> Example, if you had NO QoS on your lab (as if!), you would not get
> counted off for putting mls qos on there.
>
> Just my two cents. Beyond that (the extra penny), I think 'negligent'
> may be a little harsh without putting a "situation" behind it, but
> concept is correct!
>
>
>
>
> *Scott Morris*, CCIE/x4/ (R&S/ISP-Dial/Security/Service Provider)
> #4713,
>
> JNCIE-M #153, JNCIS-ER, CISSP, et al.
>
> JNCI-M, JNCI-ER
>
> evil_at_ine.com <mailto:evil_at_ine.com>
>
>
> Internetwork Expert, Inc.
>
> http://www.InternetworkExpert.com <http://www.internetworkexpert.com/>
>
> Toll Free: 877-224-8987
>
> Outside US: 775-826-4344
>
>
> Knowledge is power.
>
> Power corrupts.
>
> Study hard and be Eeeeviiiil......
>
>
>
>
>
> Evan Weston wrote:
> > So you get in the exam and they ask you some OEQ about this
> stuff what are
> > you going to say?
> >
> > "I know I should have a trust boundary here but nah it might
> upset the users
> > because there's stuff on the network I don't know about"
> >
> > No, you're going to say "Im going to set my trust boundary here
> on the
> > access ports" that's the textbook way of doing it and it's the
> way a CCIE
> > should do it.
> >
> > On Darbys point I suppose I agree - if you enter in commands and
> you don't
> > know what they do at this level then you deserve to fail.
> >
> > One thing Narbik said incidentally was that in close cases with
> borderline
> > pass or fail where the proctors mark by hand it can come down to
> this stuff.
> > i.e: does it look like the candidate has a lot of unneeded
> commands and look
> > like they don't have a clue i.e: broadcast on every frame-relay map
> > statement, confederation peers on every confederation member
> needed or not.
> > So in the exam from that perspective alone I'd only put it on
> where needed.
> >
> > -----Original Message-----
> > From: nobody_at_groupstudy.com <mailto:nobody_at_groupstudy.com>
> [mailto:nobody_at_groupstudy.com <mailto:nobody_at_groupstudy.com>] On
> Behalf Of Dale
> > Shaw
> > Sent: Monday, 27 July 2009 11:40 AM
> > To: Evan Weston
> > Cc: Darby Weaver; CCIE Groupstudy
> > Subject: Re: mls Qos
> >
> > Hi,
> >
> > On Mon, Jul 27, 2009 at 11:25 AM, Evan
> Weston<evan_weston_at_hotmail.com <mailto:evan_weston_at_hotmail.com>>
> > wrote:
> >
> >> Yeah sure it will wreak havoc if you haven't set up the trust
> boundaries
> >>
> > on
> >
> >> your production network but whose fault it that? You just gave
> a better
> >> example of negligent that the OP.
> >>
> >
> > Darby's point was that turning on "mls qos", without
> understanding the
> > consequences, is negligent. I wholeheartedly agree.
> >
> > If you break it down and isolate the argument to that simple
> scenario,
> > it's a no-brainer.
> >
> > Networks aren't always (or can't be) managed perfectly, and
> sometimes
> > there are long transitional states that require us to run a
> > sub-optimal configuration. If you've never had to compromise on the
> > technical integrity of a configuration because of some other
> > hair-brained technical constraint or business decision, well, I'm
> > jealous.
> >
> > An "optimal" configuration is not always the same for everyone,
> > either: the viewpoint of a managed network service provider is
> > different from an in-house managed network team. Anyway, we could go
> > on and on about how flicking the 'mls qos' switch shouldn't break
> > things in a perfectly designed/operated network, but that's not the
> > point.
> >
> > cheers,
> > Dale
> >
> >
> > Blogs and organic groups at http://www.ccie.net
> <http://www.ccie.net/>
> >
> >
> _______________________________________________________________________
> > Subscription information may be found at:
> > http://www.groupstudy.com/list/CCIELab.html
> >
> >
> > Blogs and organic groups at http://www.ccie.net
> <http://www.ccie.net/>
> >
> >
> _______________________________________________________________________
> > Subscription information may be found at:
> > http://www.groupstudy.com/list/CCIELab.html
>
>
> Blogs and organic groups at http://www.ccie.net <http://www.ccie.net/>
>
> _______________________________________________________________________
> Subscription information may be found at:
> http://www.groupstudy.com/list/CCIELab.html
>
>
>
>
>
>
>
>
>
>
> --
> Narbik Kocharians
> CCSI#30832, CCIE# 12410 (R&S, SP, Security)
> www.MicronicsTraining.com <http://www.MicronicsTraining.com>
> Sr. Technical Instructor

Blogs and organic groups at http://www.ccie.net
Received on Mon Jul 27 2009 - 07:27:11 ART

This archive was generated by hypermail 2.2.0 : Sat Aug 01 2009 - 13:10:23 ART