BCNE achieved!

I have been really busy (as usual) with work, learning a number of new stuff in Provisioning services, making mistakes and learning from them etc. Amidst all that chaos I manage to sat (finally) my Brocade Certified Network Engineer (BCNE) exam. Pretty happy with my score, for the first time I got  a perfect score. It was surprisingly pretty easy as long as you got your Cisco basics boiled down.

So it was testing day, got to my pod, breezed through the questions. Unlike Cisco exams where you get lab sims, Brocade’s BCNE is more into concepts and examples. But them again, compared to Cisco’s CCNA R&S exam, Brocade goes more in depth with OSPF’s virtual links, QoS etc which you wouldn’t normally encounter until to get into the Cisco’s CCNP track.

I think it was a day or two later, I received an email from Brocade’s head quarters congratulating me at the same time asking me how I was able to finish the exam quickly and getting a perfect score. Told them my background that I work for an ISP, went through Brocade training given by Brocade trainers, I am sort of in-charge of deploying Brocade ICX switches in our core network and a CCNP, working towards getting a CCIE in the near future. She (Brocade University head) immediately replied, she’s just doing her duty and its all good as she also heard the same story from the rest who passed.

So for now, I’am going to give myself a month to just rest and concentrate more with work. It has been really stressful trying to balance everything. I think i’ve mentioned that I am not going to muck around with an associate certification and probably just go straight and study to get my CCIE number…finally.

Another QoS using LLQ with redundancy

Drawing1

As promised a couple of days ago, I will be posting another QoS config with the use of NBAR to easily mark packets as they come in from.

Scenario: Company A needs to prioritize VOIP/SIP traffic, then CITRIX/HTTPS traffic and all other traffic would be set as fair-queue. Site has a single router with two interface connected to two different ISPs to reach their private cloud.

Primary link is a 20Mb fiber connection while a back-up link using a 4Mb Wireless connection in the event ISP 1 fails or goes down.

I will not show the entire config of the router and will just focus more into the QoS section. I did a combination of extended ACLs and NBAR to identify the traffic for marking and used LLQ as they are passed on to the WAN.

! LAN Interface QoS To MARK Traffic.
!
access-list 101 permit tcp any any eq 443
access-list 101 permit tcp any any eq 2598
access-list 101 permit tcp any any eq 1494
! — identify CITRIX and HTTPS traffic
!
!
class-map match-any MARKING-APP_TRAFFIC
match access-group 101
class-map match-any MARKING-VOICE_TRAFFIC
match protocol sip
match protocol rtp
!
policy-map MARK-TRAFFIC
class MARKING-VOICE_TRAFFIC
set dscp ef
class MARKING-APP_TRAFFIC
set dscp af31
!
!
Interface g1/0
!– or any interface facing LAN —–
!
ip nbar protocol-discovery
Service-policy input MARK-TRAFFIC
exit
!
!
class-map match-any app-traffic-wan
match dscp af31
class-map match-any voice-traffic-wan
match dscp ef
!
policy-map WAN-EDGE-OUT
class voice-traffic-wan
priority percent 33
class app-traffic-wan
priority percent 20
class class-default
fair-queue
random-detect
!
! — 20MB Primary link
interface g0/0
band 20000
ip nbar protocol-discovery
service-policy output WAN-EDGE-OUT
!
! — 4MB Wireless secondary link
interface g0/1
band 4000
ip nbar protocol-discovery
service-policy output WAN-EDGE-OUT

BCNE, Sonicwall and random stuff

Long weekend ahead, it means I will have extra time in my hands to do some studying. It has been a month since I sat my CCDA and I have been really swapped with work since then. Dealing with support calls for work and doing a lot of provisioning training.

I get to play with Opengear’s top of the line out-of-band device the ML7200. As mentioned in a previous blog, best OOB I have seen. It’s an OBB that has multiple access such as dual network access, also has cellular access option. This thing can act as a wi-fi access point as well. So if you have this in your rackspace in a DC, no need to worry about internet just associate to it and viola, internet access so no more wires.

As I was saying, extra time means time to get some studying done. I intend to take my Brocade Certified Network Engineer (BCNE) exam soon. Hopefully within this month. I heard it is pretty easy as long as you know your Cisco well. LOL, last time I believed that was when I failed my BCvRE exam. No sir, I won’t take my chances anymore.

I also got an old Sonicwall NSA 240 at home to add to my home lab. I feel like I am a little weak in terms of my security skills. We are not a Cisco ASA shop at work, we mainly use Fortinets, our customers are either running Fortinet, Sonicwall or Watchguard. Have not seen anyone in our DC use a Juniper though as a firewall, may we have I just did not look enough.

I will be blogging another QoS config I did for a customer this week where I used NBAR soon. They were running multiple services with redundancy and wanting to have priority on SIP, Citrix and HTTPs.

Totally surprised when I assisted my brother the other night set up his wifi at home over the phone. OMG, it feels like being in LAN support. I honestly thought my brother was technical enough to know about IPs and routing. A good reminder never assume anything. Anyway he’s house is now online. He actually just hooked a very long ethernet cable across the street and having problems with his router.

Apparently his router’s WAN is getting the same subnet as what he has on his LAN. We had to re-assign a new subnet on his LAN and that fixed the issue.

Here’s to a long weekend and fruitful study…