Re: mls Qos

Forgive me, I mix real life with real lab sometimes... or something like
that.

But as Scott and Narbik both have pointed out..

If you enable mls qos and rewrite your marking to 0 and they needed to
traverse one of these "extra-configured" switches... the points you lose
may be your own...

Has anyone ever lost points on QoS and failed to understand why?

And I love William's brief summary:

The rules should be:
1) Do what you have to do
2) Avoid doing extra
3) Understand the impact.

On Mon, Jul 27, 2009 at 7:27 AM, Scott Morris <smorris_at_ine.com> wrote:

> Now, Narbik.... You're going to give me less consulting work if you
> encourage people to think like that. ;) Cleaning up after people find a
> bad concoction of "extra commands" is a wonderful thing!
>
> You are correct, it is certainly a good idea. (as noted below by multiple
> folks) But lab worries are different than real-life worries, which I
> thought was the point. Although it was late when I posted that, so who
> knows!
>
> But I agree that "just in case" configuration is often a dangerous thing to
> be doing. While there are shortcuts we can take for the lab exam, it is
> better to not get in that habit!
>
>
>
>
> *Scott Morris*, CCIE*x4* (R&S/ISP-Dial/Security/Service Provider) #4713,
>
> JNCIE-M #153, JNCIS-ER, CISSP, et al.
>
> JNCI-M, JNCI-ER
>
> evil_at_ine.com
>
>
> Internetwork Expert, Inc.
>
> http://www.InternetworkExpert.com <http://www.internetworkexpert.com/>
>
> Toll Free: 877-224-8987
>
> Outside US: 775-826-4344
>
>
> Knowledge is power.
>
> Power corrupts.
>
> Study hard and be Eeeeviiiil......
>
>
> Narbik Kocharians wrote:
>
> But i have asked the proctors, at least 2 of them, this was my question:
> **
> *Would you guys subtract points for extra configuration?*
>
> Their reply:
>
> *NO Not unless it changes the behavior of the routers or switches.*
>
> So based on that i would say NOT to configure things because "*just in
> case*", besides people get in this bad habit and they configure extra
> commands for absolutely no reason, now consultants LOVE people like that
> because it keeps them in business, but i would recommend doing what you need
> to do and always remember that "MORE IS LESS".
>
> BTW, i am NOT saying this to go against Scott or others, i truly believe in
> what i am saying.
>
> On Sun, Jul 26, 2009 at 8:36 PM, Scott Morris <smorris_at_ine.com> wrote:
>
>> I don't think the proctors pay attention to any such thing where they'd
>> look at it and say "Dude, what a dork this guy is, he/she shouldn't be a
>> CCIE". The test is NOT about real life.
>>
>> Now, what I WOULD expect is that the test is designed in such a way that
>> if you simply randomly enabled mls qos and were not aware of the default
>> rewrite that will occur (either to 0, or to dscp 40 if you trust
>> incorrectly) that it would mess up QoS at downstream routers. That
>> would be a bitch to show since you don't really have hosts in the lab,
>> but it would be a REAL reason to say "ooo, you don't get these points
>> because it will not work the way you have it configured."
>>
>> Example, if you had NO QoS on your lab (as if!), you would not get
>> counted off for putting mls qos on there.
>>
>> Just my two cents. Beyond that (the extra penny), I think 'negligent'
>> may be a little harsh without putting a "situation" behind it, but
>> concept is correct!
>>
>>
>>
>>
>> *Scott Morris*, CCIE/x4/ (R&S/ISP-Dial/Security/Service Provider) #4713,
>>
>> JNCIE-M #153, JNCIS-ER, CISSP, et al.
>>
>> JNCI-M, JNCI-ER
>>
>> evil_at_ine.com
>>
>>
>> Internetwork Expert, Inc.
>>
>> http://www.InternetworkExpert.com <http://www.internetworkexpert.com/>
>>
>> Toll Free: 877-224-8987
>>
>> Outside US: 775-826-4344
>>
>>
>> Knowledge is power.
>>
>> Power corrupts.
>>
>> Study hard and be Eeeeviiiil......
>>
>>
>>
>>
>>
>> Evan Weston wrote:
>> > So you get in the exam and they ask you some OEQ about this stuff what
>> are
>> > you going to say?
>> >
>> > "I know I should have a trust boundary here but nah it might upset the
>> users
>> > because there's stuff on the network I don't know about"
>> >
>> > No, you're going to say "Im going to set my trust boundary here on the
>> > access ports" that's the textbook way of doing it and it's the way a
>> CCIE
>> > should do it.
>> >
>> > On Darbys point I suppose I agree - if you enter in commands and you
>> don't
>> > know what they do at this level then you deserve to fail.
>> >
>> > One thing Narbik said incidentally was that in close cases with
>> borderline
>> > pass or fail where the proctors mark by hand it can come down to this
>> stuff.
>> > i.e: does it look like the candidate has a lot of unneeded commands and
>> look
>> > like they don't have a clue i.e: broadcast on every frame-relay map
>> > statement, confederation peers on every confederation member needed or
>> not.
>> > So in the exam from that perspective alone I'd only put it on where
>> needed.
>> >
>> > -----Original Message-----
>> > From: nobody_at_groupstudy.com [mailto:nobody_at_groupstudy.com] On Behalf Of
>> Dale
>> > Shaw
>> > Sent: Monday, 27 July 2009 11:40 AM
>> > To: Evan Weston
>> > Cc: Darby Weaver; CCIE Groupstudy
>> > Subject: Re: mls Qos
>> >
>> > Hi,
>> >
>> > On Mon, Jul 27, 2009 at 11:25 AM, Evan Weston<evan_weston_at_hotmail.com>
>> > wrote:
>> >
>> >> Yeah sure it will wreak havoc if you haven't set up the trust
>> boundaries
>> >>
>> > on
>> >
>> >> your production network but whose fault it that? You just gave a better
>> >> example of negligent that the OP.
>> >>
>> >
>> > Darby's point was that turning on "mls qos", without understanding the
>> > consequences, is negligent. I wholeheartedly agree.
>> >
>> > If you break it down and isolate the argument to that simple scenario,
>> > it's a no-brainer.
>> >
>> > Networks aren't always (or can't be) managed perfectly, and sometimes
>> > there are long transitional states that require us to run a
>> > sub-optimal configuration. If you've never had to compromise on the
>> > technical integrity of a configuration because of some other
>> > hair-brained technical constraint or business decision, well, I'm
>> > jealous.
>> >
>> > An "optimal" configuration is not always the same for everyone,
>> > either: the viewpoint of a managed network service provider is
>> > different from an in-house managed network team. Anyway, we could go
>> > on and on about how flicking the 'mls qos' switch shouldn't break
>> > things in a perfectly designed/operated network, but that's not the
>> > point.
>> >
>> > cheers,
>> > Dale
>> >
>> >
>> > Blogs and organic groups at http://www.ccie.net
>> >
>> > _______________________________________________________________________
>> > Subscription information may be found at:
>> > http://www.groupstudy.com/list/CCIELab.html
>> >
>> >
>> > Blogs and organic groups at http://www.ccie.net
>> >
>> > _______________________________________________________________________
>> > Subscription information may be found at:
>> > http://www.groupstudy.com/list/CCIELab.html
>>
>>
>> Blogs and organic groups at http://www.ccie.net
>>
>> _______________________________________________________________________
>> Subscription information may be found at:
>> http://www.groupstudy.com/list/CCIELab.html
>>
>>
>>
>>
>>
>>
>>
>>
>
>
> --
> Narbik Kocharians
> CCSI#30832, CCIE# 12410 (R&S, SP, Security)
> www.MicronicsTraining.com <http://www.micronicstraining.com/>
> Sr. Technical Instructor

Blogs and organic groups at http://www.ccie.net
Received on Mon Jul 27 2009 - 09:26:27 ART