Discontinuing Blog

Unfortunately, the Blogspot system continues to have "problems" that I have no time or ability to resolve. Namely, when I create medium to large sized posts, they are truncated and/or information drops out or is randomly rearranged. This not only upsets me, it makes it impossible to organize and publish a blog!

As of today, I am discontinuing the use of Blogspot for my CCIE studies.

350-001 Written: Spanning Tree & VTP Part 3

1. Refer to the exhibit above. The Layer 2 network uses VTP to manage its VLAN database. A network designer created all VLANs on the VTP server (switch 1) and it has been advertised through VTP to all other VTP clients (switches 2 through 4). Due to network growth, a network operator decided to add a new switch between switch 1 and switch 3. The network operator has been instructed to use a refurbished switch and make it a VTP client. Which three of these factors should the network operator consider to minimize the impact of adding a new switch? (Choose three)

A. Pay special attention to the VTP revision number, because the higher value takes the priority

B. Configure all VLANs manually on the new switch in order to avoid connectivity issuesC. A trunk should be established between the new switch and switches 1 and 3 as VTP only runs over trunk links.
D. Set at least the VTP domain name and password to get the new switch synchronized

E. An ISL trunk should be established between the new switch and switches 1 and 3, because VTP only runs over ISL

F. Pay special attention to the VTP revision number, because the lower value takes the priorityAnswer: A,C,D
Explanation: http://www.cisco.com/en/US/tech/tk389/tk689/technologies_configuration_example09186a0080890607.shtml#conf

2. Before inserting a new switch in the network, the network administrator checks that the VTP domain name is correct, the VTP mode is set to server, and revision is lower than the switches in the network. The administrator then configures interfaces and trunks, erases existing VLANs, and connects the switch to the network. Following that procedure, there is no connectivity in the network. What is a possible cause of this problem?

A. Because the configuration revision of the new switches is lower than the rest of the network, it can change the VLAN database of the other switches

B. As a VTP server, the new switch deleted all VLANs of the network

C. Erasing VLANs increases the VTP configuration revision

D. Since the configuration revision of the network is higher than the new switch, the VLANAnswer: C
Explanation: This answer is directly implied by the following URL on troubleshooting the VTP config revision numberhttp://www.cisco.com/en/US/tech/tk389/tk689/technologies_tech_note09186a0080890613.shtml#topic14

3. Network A has a spanning-tree problem in which the traffic is selecting a longer path. How is the path cost calculated? number of hops priority of the bridge interface bandwidth interface delay None of the above
database was automatically synchronized.

A. number of hops

B. priority of the bridge

C. interface bandwidth

D. interface delay

E. None of the aboveAnswer: C
Explanation: reference previous STP questions where interface bandwidth was the answer for path cost.

4. You deployed new fibers in your network to replace copper spans that were too long. While reconnecting the network, you experienced network problems because you reconnected wrong fibers to wrong ports. What could you do to prevent this type of problem in the future, particularly when connecting and reconnecting fiber pairs?

A. Only use fiber in pairs

B. Configure root guard on your switches

C. Do not use fiber but use copper

D. Configure UDLD to prevent one-way link conditionsAnswer: D
Explanation: http://www.cisco.com/en/US/docs/switches/lan/catalyst3550/software/release/12.1_19_ea1/configuration/guide/swudld.html#wp1020819

5. While deploying a new switch, you accidentally connect ports 3/12 and 3/18 together, creating a loop. STP detected it and placed port 3/18 in blocking mode. Why did STP not place port 3/12 in blocking mode instead?

A. Port 3/12 was already up and forwarding before the loop was created

B. Port priority is based on lowest priority and lowest port number

C. You connected the wire on port 3/18 last

D. None of the above, it is purely random

Answer: B

Explanation: "If all ports have the same priority value, the port with the lowest port number forwards frames." from the following URL http://www.cisco.com/en/US/docs/switches/lan/catalyst4000/7.4/configuration/guide/spantree.html#wp1138416

6. Prior to 802.1w, Cisco implemented a number of proprietary enhancements to 802.1D to improve convergence in a Layer 2 network. Which statement is correct?

A. Only UplinkFast and BackboneFast are specified in 802.1w; PortFast must be manually configured

B. Only PortFast is specified in 802.1w; UplinkFast and BackboneFast must be manually configured.
C. None of the proprietary Cisco enhancements are specified in 802.1w. PortFast, UplinkFast, and BackboneFast are specified in 802.1w.

D. PortFast, UplinkFast, and BackboneFast are specified in 802.1w

Answer: D

Explanation: see the 802.1w RSTP specifications at the URL belowhttp://www.cisco.com/en/US/tech/tk389/tk621/technologies_white_paper09186a0080094cfa.shtml#intro

7. As a network administrator, can you tell me what the root guard feature provides in a bridged network?

A. It ensures that BPDUs sent by the root bridge are forwarded in a timely manner

B. It enforces the root bridge placement in the networkC. It ensures that all ports receiving BPDUs from the root bridge are in the forwarding state
D. It ensures that the bridge is elected as root bridge in the network

Answer: B

Explanation: http://www.cisco.com/en/US/tech/tk389/tk621/technologies_tech_note09186a00800ae96b.shtml#feature

8. If a Cisco switch is configured with VTPv1 in transparent mode, what is done with received VTP advertisements?

A. They are discarded

B. The contents are altered to reflect the switch's own VTP database and then they are forward
out all trunking ports

C. The changes within the advertisements are made to the switch's VTP databaseD. The contents are ignored and they are forwarded out all trunking ports.
Answer: A

Explanation: "However, in VTP version 2, transparent switches do forward VTP advertisements that they receive from other switches from their trunk interfaces" fromhttp://www.cisco.com/en/US/docs/switches/lan/catalyst2950/software/release/12.1_9_ea1/configuration/guide/swvtp.html


9. Refer to the following descriptions, which three are true about Cisco spanning-tree features? (Choose three)

A. RPVST+ converges faster than RSTP during a topology change

B. STP BPDUs are relayed by all non-root bridges and RSTP BPDUs are generated by each bridge.

C. RSTP can only achieve rapid transition to Forwarding on edge ports and on point-to-point links

D. RPVST+ and RSTP are both based upon the IEEE 802.1w specification.

Answer: B,C,D

Explanation: some helpful RPVST+ info can be found athttp://www.cisco.com/en/US/products/hw/switches/ps708/products_configuration_example09186a00807b0670.shtml

10. When two bridges are competing for the root bridge of an IEEE 802.1D spanning tree and both have the same bridge priority configured, which parameter determines the winner?

A. highest-numbered IP interface

B. MAC address

C. device uptime
D. root port cost

Answer: B

Explanation: know your 802.1D

350-001 Written: Spanning Tree & VTP Part 1

1. Which two are effects of connecting a network segment that is running 802.1D to a network

segment that is running 802.1w? (Choose two.)

A.

The entire network switches to 802.1D and generates BPDUs to determine root bridge status.

B.

comes up.

A migration delay of three seconds occurs when the port that is connected to the 802.1D bridge

C.

bridge for the 802.1w segment, is chosen.

The entire network reconverges and a unique root bridge for the 802.1D segment, and a root

D.

mode and converts the BPDUs to either 802.1D or 802.1w BPDUs to the 802.1D or 802.1w

segments of the network.

The first hop 802.1w switch that is connected to the 802.1D runs entirely in 802.1D compatibility

E.

will not be necessary if point-to-point links and edge ports are properly identified and set by the

administrator.

Classic 802.1D timers, such as forward delay and max-age, will only be used as a backup, and

Answer: B,E

Explanation:
See the details about backwards compatibility on the following URLhttp://www.cisco.com/en/US/tech/tk389/tk621/technologies_white_paper09186a0080094cfa.shtml

2. Which statement is true about TCN propagation?

A.

The originator of the TCN immediately floods this information through the network.

B.

The TCN propagation is a two step process.

C.

A TCN is generated and sent to the root bridge.

D.

The root bridge must flood this information throughout the network.

Answer: A

Explanation:
Under RSTP (802.1W) TCNs are flooded to all ports immediately, without having to wait for the root switch. See the following URL
http://www.cisco.com/en/US/tech/tk389/tk621/technologies_white_paper09186a0080094cfa.shtml#prop

3. Which statement is true about loop guard?

A.

Loop guard only operates on interfaces that are considered point-to-point by the spanning tree.

B.

Loop guard only operates on root ports.

C.

Loop guard only operates on designated ports.

D.

Loop guard only operates on edge ports.

Answer: A

Explanation: Not needed. You should know loop guard at this point in your career. You can also reference the "Configuration Considerations" on the following URL.

http://www.cisco.com/en/US/tech/tk389/tk621/technologies_tech_note09186a0080094640.shtml

4. Which two options are contained in a VTP subset advertisement? (Choose two.)

A.

followers field

B.

MD5 digest

C.

VLAN information

D.

sequence number

Answer: C,D

Explanation: "Subset advertisements contain information on the status of the VLAN. They also contain the VLAN type (Ethernet, Token Ring, FDDI, or other), the VLAN name and ID, the MTU, and the SAID value." VTP sequence number is also a referenced field. URL follows:
https://learningnetwork.cisco.com/thread/7181

5. Which three options are features of VTP version 3? (Choose three.)

A.

VTPv3 supports 8K VLANs.B. VTPv3 supports private VLAN mapping.

C.

VTPv3 allows for domain discovery.

D.

VTPv3 uses a primary server concept to avoid configuration revision issues.

E.

VTPv3 is not compatible with VTPv1 or VTPv2.

F.

VTPv3 has a hidden password option.

Answer: B,D,F

Explanation:  Check out the following URL
http://www.cisco.com/en/US/docs/switches/lan/catalyst6500/catos/8.x/configuration/guide/vtp.html#wp1017196

6. Which three options are considered in the spanning-tree decision process? (Choose three.)

A.

lowest root bridge ID

B.

lowest path cost to root bridge

C.

lowest sender bridge ID

D.

highest port ID

E.

highest root bridge ID

F.

highest path cost to root bridge

Answer: A,B,C

Explanation:

7. In 802.1s, how is the VLAN to instance mapping represented in the BPDU?

A.

The VLAN to instance mapping is a normal 16-byte field in the MST BPDU.

B.

The VLAN to instance mapping is a normal 12-byte field in the MST BPDU.

C.

The VLAN to instance mapping is a 16-byte MD5 signature field in the MST BPDU.

D.

The VLAN to instance mapping is a 12-byte MD5 signature field in the MST BPDU.

Answer: C

Explanation: Reference pg. 142 of STD 802.1Q-2005, available here

http://standards.ieee.org/getieee802/download/802.1Q-2005.pdf

8. Users that are connected to switch SWD are complaining about slow performance when they are doing large file transfers from a server connected to switch SWB. All switches are running PVST+. Which option will improve the performance of the file transfers?

A.

Reconnect the clients from switch SWD to switch SWA.

B.

Reconnect the clients from switch SWD to switch SWC.

C.

Change PVST+ to RSTP.

D.

Change the STP root switch from switch SWA to switch SWB.

E.

Configure an EtherChannel between switch SWB and switch SWC.

Answer: D

Explanation: Due to spanning tree operation, the Gigabit link between B and C is not in use for these file transfers. Making switch B the root will activate this link and speed network access for the users on switch D.

9. While you are troubleshooting network performance issues, you notice that a switch is periodically flooding all unicast traffic. Further investigation reveals that periodically the switch is also having spikes in CPU utilization, causing the MAC address table to be flushed and relearned. What is the most likely cause of this issue?

A.

a routing protocol that is flooding updates

B.

a flapping port that is generating BPDUs with the TCN bit set

C.

STP is not running on the switch

D.

a user that is downloading the output of the show-tech command

E.

a corrupted switch CAM table

Answer: B

Explanation: n/a

10. When troubleshooting the issue, you notice the election of a new root bridge with an unknown MAC address. Knowing that all access ports have the PortFast feature enabled, what would be the easiest way to resolve the issue without losing redundant links?

A.

Enable bpduguard globally.

B.

Enable rootguard.

C.

Enable loopguard.

D.

Enable spanning tree.

E.

Enable UDLD.

Answer: A

Explanation: Loopguard, spanning tree, and UDLD are obvious red herrings. This leaves enabling rootguard or bpduguard. One key is that enabling bpduguard only affects ports that have portfast enabled; see the following URL under "Configuration." http://www.cisco.com/en/US/tech/tk389/tk621/technologies_tech_note09186a008009482f.shtml

11. Spanning Tree Protocol IEEE 802.1 s defines the ability to deploy which of these?

A.

one global STP instance for all VLANs

B.

one STP instance for each VLAN

C.

one STP instance per set of VLANs

D.

one STP instance per set of bridgesAnswer: C
Explanation: read the 802.1S document

12. Which two of these are used in the selection of a root bridge in a network utilizing Spanning Tree Protocol IEEE 802.1 D? (Choose two.)

A.

Designated Root Cost

B.

bridge ID priority

C.

max age

D.

bridge ID MAC address

E.

Designated Root PriorityF.
Answer: B,D
Explanation: read the 802.1D IEEE document

13. If a port configured with STP loop guard stops receiving BPDUs, the port will be put into which state?

A.

learning state

B.

listening state

C.

forwarding state

D.

loop-inconsistent stateAnswer: D
Explanation: http://www.cisco.com/en/US/tech/tk389/tk621/technologies_tech_note09186a0080094640.shtml

14. What is the purpose of the STP PortFast BPDU guard feature?

A.

enforce the placement of the root bridge in the network

B.

ensure that a port is transitioned to a forwarding state quickly if a BPDU is received

C.

enforce the borders of an STP domain

D.

ensure that any BPDUs received are forwarded into the STP domainAnswer: C
Explanation: http://www.cisco.com/en/US/tech/tk389/tk621/technologies_tech_note09186a008009482f.shtml#topic1

15. When STP UplinkFast is enabled on a switch utilizing the default bridge priority, what will the new bridge priority be changed to?

A.

8192

B.

16384

C.

49152

D.

65535Answer: C
Explanation: http://www.cisco.com/en/US/tech/tk389/tk621/technologies_tech_note09186a0080094641.shtml#cfg_upling_fast

16. Which of these best describes the actions taken when a VTP message is received on a switch configured with the VTP mode "transparent"?A.

B.

VTP updates are ignored and forwarded out trunks only.

C.

VTP updates are made to the VLAN database and are forwarded out trunks only.

D.

VTP updates are ignored and are not forwarded.Answer: B
Explanation: "In VTP version 2, transparent switches do forward VTP advertisements that they receive from other switches from their trunk interfaces."
http://www.cisco.com/en/US/docs/switches/lan/catalyst3550/software/release/12.1_13_ea1/configuration/guide/swvtp.html

17. The classic Spanning Tree Protocol (802.1 D 1998) uses which sequence of variables to determine the best received BPDU?

A.

1) lowest root bridge id, 2) lowest sender bridge id, 3) lowest port id, 4) lowest root path cost

B.

1) lowest root path cost, 2) lowest root bridge id, 3) lowest sender bridge id, 4) lowest sender port id

C.

1) lowest root bridge id, 2) lowest sender bridge id, 3) lowest root path cost 4) lowest sender port id

D.

1) lowest root bridge id, 2) lowest root path cost, 3) lowest sender bridge id, 4) lowest sender port idAnswer: D
Explanation: https://learningnetwork.cisco.com/thread/7653

18. Which three port states are used by RSTP 802.1w? (Choose three.)

A.

Listening

B.

Learning

C.

Forwarding

D.

Blocking

E.

Discarding

F.

DisabledAnswer: B,C,E
Explanation: http://www.cisco.com/en/US/tech/tk389/tk621/technologies_white_paper09186a0080094cfa.shtml#states

19. Refer to the exhibit above. Catalyst R is the root bridge for both VLAN 1 and VLAN 2. What is the easiest way to load-share traffic across both trunks and maintain redundancy in case a link fails, without using any type of EtherChannel link-bundling?

A.

Catalyst D so that port D2 becomes the root port on Catalyst D for VLAN 2.

Increase the root bridge priority (increasing the numerical priority number) for VLAN 2 on

B.

Decrease the port priority on R2 for VLAN 2 on Catalyst R so that port D1 will be blocked for VLAN 2 and port D2 will remain blocked for VLAN 1.

C.

VLAN 2 and port D2 will remain blocked for VLAN 1.

Decrease the path cost on R2 on Catalyst R for VLAN 2 so that port D1 will be blocked for

D.

Catalyst R so that R2 becomes the root port on Catalyst D for VLAN 2.

Increase the root bridge priority (decreasing the numerical priority number) for VLAN 2 onAnswer: B
Explanation: http://www.cisco.com/en/US/tech/tk389/tk621/technologies_tech_note09186a00800ae96a.shtml

Chapter 14: Shaping, Policing and Link Fragmentation

The three tools mentioned in the chapter title are used for traffic shaping. Traffic shaping involves delaying packets when exiting a router to ensure the traffic rate doesn't exceed a configured bit rate. We'll be discussing both concepts and the Cisco tools for shaping- Frame Relay Traffic Shaping and Class-Based Shaping.

Traffic policers moderate packet rates for trafffic entering or exiting a router. Once the defined rate is exceeded, the policer either remarks packets or discards enough to reach the proscribed bit rate. Traffic shaping in Cisco routers uses a shaping queue, which is used to delay packets and help them match the configured rate.

Traffic shaping is used to solve 2 problems in a multi-access network: first it discards traffic to ensure conformance, preventing customers from sending more than the agreed upon rate. Secondly, egress blocking is partially resolved. Egress blocking occurs when a frame relay or ATM switch has to queue data on the VC. Shaping moves this queuing to the router and allows for manipulation with queuing tools.

Details of Cisco Shaping

Theory
The Cisco shaper process uses a base time interval, known as Tc. It uses that time interval to calculate the number of bits that can be sent, per second, to match the configured shaping rate. Bc, or comitted burst, is the amount of data that can be sent per Tc interval. Comitted information rate, or CIR, is the defined rate of a VC. Excess burst, or BE, is the amount of data beyond Bc that can be sent after a period of inactivity.

The excess burst concept is used to deal with bursty traffic. After a period in which less data than the CIR has been sent, more than Bc bits can be sent over the course of one or more Tc intervals. If configured, the shaper allows Be extra bits to be sent.

Details
The formula used to calculate Tc is easy:

Tc = Bc / shaping rate
 
The values available determine how the remaining portion is calculated. For example if both Tc and shaping rate are configured on the router, Bc will be calculated as shaping rate * Tc using a derivative of the formula.

However, both frame relay traffic shaping and class based traffic shaping may use default values in some cases.

A token bucket model is used to handle shaping. Let's review a couple of situations to better understand the token bucket. First, consider a situation where Be is not configured. A bucket the size of Bc is filled with tokens at the start of each Tc, giving the ability to send Bc amount of data.

 The shaper will perform two functions related to the bucket: fill it with tokens, and spend them to forward packets. If the bucket is refilled and tokens still remain from the prior fill-up, any amount greater than Bc is excess and will not be used. To send a packet there must be enough tokens in the bucket; a token is equal to a bit. Hence, 1000 tokens are needed to send a 1000 bit packet. If not enough bits are available, the shaper must wait until the next interval.

In a second model, the Be model is implemented by making the single token bucket bigger. This allows for more tokens than Bc to be available at the beginning of an interval once the bucket is refilled.

Frame Relay and Traffic Shaping
When shaping traffic over a frame relay network, you can configure it to adjust the shaping rate over time based on presence or absence of traffic congestion. Effectively, you can set a floor for traffic shaping. As congestion increases, the shaper lowers the shaping rate. The minimum by default is 50%, but it can also be configured. This floor is known as the minimum information rate (MIR) or mincir.

Cisco routers detect congestion and lower the shaping rate in response to one of two inputs:

• receiving a frame with the BECN bit set
• receiving a Cisco-proprietary Foresight congestion message

Upon receiving either of these, the shaper slows traffic shaping by 25%. CB Shaping does this by decreasing Bc and Be by 25%, but keeping the same Tc. Once 16 Tc increments pass without receipt of a BECN or Foresight message, the shaping rate is allowed to grow again. It will grow by 1/16th of the actual Bc or Be values until the maximum rate is reached.

Generic Traffic Shaping (GTS)
GTS is a form of traffic shaping available on most routers, but not usable with flow switching. GTS is configured at the interface or subinterface level. The basic GTS configuration shapes all traffic leaving the interface but you can implement a more advanced setup using an ACL to identify a subset of traffic which is to be shaped. The ACL should permit traffic to be shaped and implicitly deny all other traffic.

The command to enable GTS is traffic-shape rate shaped-rate [Bc] [Be] [buffer-limit]

The shaped rate is specified in bps, and the Bc and Be figures are in bits. Buffer-limit sets the maximum size of the queue buffer and is set in bps. Only the shaped-rate is required; Bc and Be values will default to 1/4 of the shaped-rate if not explicitly specified.

GTS can also be configured on frame relay interfaces. First you'll need to configure the traffic-shape rate command, as above, and add the following separate command: traffic-shape adaptive bit-rate. The bit-rate in this command is given in bps and it specifies the minimum bandwidth the router will use if it receives BECNs.

RSVP- Resource Reservation Protocol

RSVP is covered in the CCIE R&S Exam guide, but I have not heard of this protocol being used in production environments (although I'm sure it is in use). Given that it uses an Intergrated Services model where the protocol reserves bandwidth before a call is made, it's not as common as "per hop behavior" or DiffServ QoS treatment of traffic. The bandwidth reservation happens separately in both directions, so that one reservation is for source to destination traffic and a second one is for the opposite (destination to source).

While some devices might be capable of issuing RSVP reservation requests, the expected behavior is that a gateway device will issue the request for the end user device. The RSVP protocol uses PATH and RESV messages to request and reply to reservations, respectively. Upon receipt of a RESVCONF message, the gateway devices will allow the call (or other traffic) to proceed.

Configuring RSVP

After you decide on the amount of bandwidth to be reserved per call or per flow and the total amount of RSVP allocated bandwidth per interface, you'll need to configure each router that will run RSVP. Because you must take into consideration the interface bandwidth and configuration on each interface of each configured router, you can tell this will be a non-trivial task. It also doesn't scale well, which explains why RSVP and the Integrated Services model haven't been widely adopted.

Relevant Cisco commands are:

router(config-if)# ip rsvp bandwidth TOTAL-KBPS SINGLE-FLOW-KBPS
   By default, RSVP will reserve 75% of the interface bandwidth (unless you configure this command). Also, any single flow can reserve the entire amount of bandwidth unless you specify otherwise with this command.

router(config-if)# ip rsvp signaling dscp DSCP-VALUE
  This command sets the DSCP value for RSVP control messages.

More about 3560 QoS

When it comes time to talk about queue-sets on the 3560, I find a LOT more research is needed than I expected. Check out the following blog from INE.com to better understand how QoS configuration changed between the 3550 and 3560. It has an excellent section which explains how queue-sets are just a buffer space partitioning scheme for the switch.

http://blog.ine.com/2008/03/03/bridging-the-gap-between-3550-and-3560-qos-part-i/

That URL plus some research on the Cisco website for 3560 QoS configuration helped me understand how queue-sets work.

http://www.cisco.com/en/US/docs/switches/lan/catalyst3560/software/release/12.1_19_ea1/configuration/guide/swqos.html#wp1163863

The upshot is that by having two queue-sets available, you can provision two different QoS egress architectures on a single 3560. This will let you customize thresholds and buffer allocation for two groups of ports. However, an interesting side note is that DSCP and CoS mapping to queues remains global for all ports. This means the queue-sets are being utilized only to address different port speeds on the switch.

More on LAN Switching and Congestion Avoidance

The 3560 is the model I've got in my lab to test things on. It's helped me understand things like the method in use for congestion avoidance, weighted tail drop (WTD). Enabled with QoS, WTD will create 3 thresholds per queue for tail drop. The CoS value is used to help set the thresholds- you associate a CoS value(s) with the threshold for drops. In this case, usually CoS 6 and/or 7 is set to the last (highest) threshold, which performs tail drops once the queue reaches 100% full.

WTD is highly granular because it can be configured separately for each of the 6 queues on a 3560 (there are two ingress and four egress queues). The complexity is increased because you have to decide whether to trust CoS (or DSCP) values on received traffic, or to remark the traffic. Let's look at what to do if you trust markings received.

To assign specific CoS values to a threshold, use the command:
mls qos srr-queue input cos-map threshold THRESHOLD_ID cos1 . . . cos8
If you are trusting DSCP values, the command used to associate them with thresholds is:
mls qos srr-queue input dscp-map threshold THRESHOLD_ID dscp1 . . . dscp8
The command to associate tail drop percentages with thresholds is:
mls qos srr-queue input threshold QUEUE_ID THRESHOLD-PERCENTAGE1 THRESHOLD-PERCENTAGE2

Cisco 3560 Egress Queuing
The 3560 has 4 egress queues per interface. Just like with ingress queues, you can configure DSCP or COS mappings to each, set up weights, and configure WTD drop thresholds. If you configure a priority queue, it MUST be queue 1. A major difference is that while ingress commands were executed at the global level egress commands are run at the interface level.

On an odd note, the 3560 apparently is architected to slow down egress traffic. The book claims this allows implementation of subrate speed for Metro Ethernet as well as to prevent "some types of DoS attacks." I can find no information on the latter.

Slightly complicating queuing is the fact that 3560s assign an internal DSCP value to a frame. This is determined when the forwarding decision is made. Once the internal DSCP is assigned and an exit interface determined, two things occur:

1. Internal DSCP value is compared to a global DSCP-to-COS map to determine the COS value of the frame
2. The per-interface COS-to-queue map indicates which queue the frame will be placed in

 Let's next discuss the scheduler, which handles packets after they are queued. Confusion can arise because the 3560 has two different methods for scheduling that use the same acronym of SRR: they are shared round robin and shaped round robin. Both address the issue of queue starvation when a priority queue exists, but the shaped version rate-limits queues so that they will not exceed the configured bandwidth allowance.

The text offers two examples to understand how these schedulers work. In the first one, all queues hold some amount of frames. Both shaped and shared scheduling will service queues based on the weighting configured. The commands for weighting egress queues are:

srr-queue bandwidth share weight1 weight2 weight3 weight4
srr-queue bandwidth shape weight1 weight2 weight3 weight4

Per the IOS command reference for 12.2.25SEE, SRR shaping default weight is 25 for queue1 and zero for the other three. The other three also operate in shared mode by default. However, the queue setup is different for SRR sharing- each queue is assigned one quarter of the bandwidth. It's worth noting here that as per the IOS command reference, shaped queues with a zero weight configured will IGNORE the weighting assigned with the command srr-queue bandwidth shape and instead will use the values configured with the command srr-queue bandwidth share. So by default, when shaping queues you also are sharing them and will want to configure both commands to complete your QoS config on the 3560. *sigh* I hate extra typing!

Moving on, let's consider how the schedulers operate when not all queues contain traffic. If only one queue contained traffic and that queue had a weight of 25, then in shared scheduling this queue would utilize all the bandwidth for its traffic. However, if shaped scheduling were in use, the scheduler would delay sending packets even if no other queues had traffic to send, to limit the queue to 25% of bandwidth.

Let's now talk about having a priority queue (queue 1 is the only choice possible, remember). If all queues had traffic EXCEPT queue1, and then queue 1 has frames arrive, the scheduler will finish sending its current packet and service queue1 to the configured bandwidth limit (25% by default). Excess frames will be queued rather than discarded in this scenario.

Now let's imagine that queue1 has packets queued up like crazy and the other queues are empty. Here the scheduler behaviors will be different. In shared mode queue1 will be allowed to transmit at full line rate. In shaped mode, queue1 will be serviced to guarantee only its configured percentage of bandwidth (25 by default). The main takeaway from these examples is that shaped SRR will never allow the priority queue to exceed its configured bandwidth percentage, even if no other queues have traffic to send.

Next time we'll discuss egress queue-sets and more of the architecture used in sending out traffic from 3560s.