Cisco Telepresence Content Server: Windows Media Services Multicast and QoS

Tags

, , ,

So we have been working diligently to resolve an issue in relation to a vendor deployed Cisco Telepresence Show and Share setup. We ended up with through the troubleshooting process with two requirements. Basically what we were seeing was if the access port attached to the receiver was configured or negotiated at 100Mbps as opposed to Gigabit that the video stream would not play with any measure of predictability.

When everyone would go home or be out for lunch, the stream would play okay, but when the switch became even slightly busy, the video would most of the time not even provide a single key-frame and hence no video. Keep in mind that this was a 768kbps stream, so it was insane to think this could actually be the switch causing the issue.

With Auto-QoS defaults, we were dropping around 500 packets in 10 seconds. We actually forced this work by modifying marking the multicast traffic generated at the server on the server’s access switch and by modifying the output buffers for QoS on the client attached 2960S Access Switch. This required giving 70% of the buffer to the priority Queue, making sure CS5 marked traffic was getting inserted into the Priority Queue, and setting the thresholds for the priority queue to allow oversubsciption at 3200%.

Continue reading

Followup: DNS Lookup and Ping in Excel

Steve asked on my previous posting in regards to DNS Lookup in Excel if forward lookup could be done. (Find the IP Address from the Hostname). Believe it or not I one up your request. How about DNS Forward and Reverse lookup as well as Ping!

  1. Press Alt-F11 in Excel to get to the VBA screen.
  2. Right click on the Project View
  3. Click Add Module
  4. Add the following snippet.
  5. Use: GetHostname("4.2.2.1") in any Excel cell.
    or
    Use:
    GetIpAddress("www.google.com") in any Excel cell.
    or
    Use: Ping("4.2.2.1") in any Excel cell.

Continue reading

DS3/T3 Circuit Testing from the IOS Controller CLI

Bert Testing

loopback local

Puts the locally attached DSU (Internal to the Router) in Loop. This allows the testing of the local Card for errors with the line driver or modulator

loopback remote

Requests a loopback from the remote DSU. This allows the testing of the full circuit up to the DSU at the far end.

loopback network

Sets the local controller to loop towards the network allowing the far end to run test patterns across the entire path.

Testing Examples:

controller t3 1/0 !-- test the local hardware
 loopback local
 !
 bert pattern 0s interval 1
 do show controller t1 0/0
 !
 bert pattern 1s interval 1
 do show controller t1 0/0
 !
 bert pattern alt-0-1 interval 1
 do show controller t1 0/0
 !
 no loopback

controller t3 1/0 !-- test to the remote DSU.
 loopback remote
 bert pattern 0s interval 1
 do show controller t3 1/0
 !
 bert pattern 1s interval 1
 do show controller t3 1/0
 !
 bert pattern alt-0-1 interval 1
 do show controller t3 1/0
 !
 no loopback

controller t3 1/0 !-- allow the far end to perform end-to-end testing.
 loopback network
 !
 !-- WAIT FOR TESTING AT FAR END TO COMPLETE..
 !
 no loopback
!
end

Circuit Locating

You can transmit endpoint location information across a circuit using the ANSI Maintenance Description Set. The following example shows how this is specified:

Circuit Labeling Example:

controller t3 1/0 !-- Identification notation transmited via ANSI MDL Frames
 mdl string eic RouterA     !-- Equiptment ID Code
 mdl string fic 0x01        !-- Frame ID Code
 mdl string generator gen-1 !-- Generator Number in MDL Test Signal Message
 mdl string lic OKC         !-- Location ID Code
 mdl string pfi DT          !-- Facility ID Code
 mdl string port 1-0        !-- Port Number in MDL Idle Signal Message
 mdl string unit 2          !-- Unit Code
 !
 mdl transmit test-signal
!
end

Viewing example at far end of circuit:

show controllers t3 1/0

Results:
T3 1/0 is up.
  Applique type is Subrate T3
  Transmitter is sending AIS.
  Receiver has no alarms.
  MDL transmission is enabled
     EIC: Router-B, LIC: TUL, FIC: FO, UNIT: 1
  Far-End MDL Information Received
     EIC: Router-A, LIC: OKC, FIC: DT, UNIT: 1
  FEAC code received: No code is being received
  Framing is C-BIT Parity, Line Code is B3ZS, Clock Source is Line
  Data in current interval (30 seconds elapsed):
     0 Line Code Violations, 0 P-bit Coding Violation
     0 C-bit Coding Violation, 0 P-bit Err Secs
     0 P-bit Severely Err Secs, 0 Severely Err Framing Secs
     0 Unavailable Secs, 0 Line Errored Secs
     0 C-bit Errored Secs, 0 C-bit Severely Errored Secs
!
end

Securing Industrial Automation Networks – Part 1: Lingo and Regulation

Tags

, , , , , , , ,

We are currently working on a project to implement a security design around our Industrial Automation Networks in the Field. These range from gas measurement shacks with a single valve all the way up to multi-train gas processing plants. Post the StuxNet incident and the 60 minutes airing that notified the nation of the great dangers in exposing our vital infrastructure to the internet, there have been several regulatory commssions who have or are currently working on updating thier requirements around securing this vital infrastructure. Our goal is to beat them to the punch and be prepared for the worst while doing our Control Technicians a favor or two in providing them further isolation from the Enterprise.

In 2002 FISMA (Federal Information Security Management Act) kicked off a lot of these regulations by requiring each government entity to develop requirements to protect their perspective systems from cyber attack. Due to this, government agencies have become more and more aware of the threats imposed by networked system access to critical systems. In my opinion, this eyeopening will spark the proposal of additional regulation to protect these critical systems. In this first article, I’ll cover some common terms and we’ll note some regulatory bodies and any specific regulations already identified… Continue reading

Plain Vanilla SEO (Search Engine Optimization)

Tags

, , , , , , , , , , , , , , , ,

A common sense explanation and realist approach to Search Engine Optimization

I was reading through some articles on my father in law’s company blog /ebscospring/ in relation to ISO certifications. I started to leave a comment that eventually turned into an article, in reference to a post requested at the behest of the individual managing SEO for them. Even though SEO is not necissarily relevant to networking, it has come up quite a bit lately. Hopefully, my experience can provide some light in a rather conveluded maze of tactic.

SEO is a tough game. Most people get wind of the concepts and they build the following punch list in their heads:

Step 1. Build a website.

Step 2. ?

Step 3. $$$

Most people even realize you need people to look at it, and you need Top Search Order to make it easily accessible to your perspective audience. About this point is where we make big mistakes or just waste our own time.
Continue reading

TCP and Port Filtering / Firewalls with WinSock

Tags

, , ,

Introduction

This is in reference to the following article:
http://www.codeproject.com/Articles/85602/PortQry-Implementation-using-TcpClient-Socket-and

It’s been a few years since I’ve looked at this and recently I had received a notification that someone had posted a response. First I would like to agree with emilio_grv’s response in that Application Programmers should be very careful about handling timeouts within the application. As with any application development, make sure you cleanup any non-used resources as soon as possible, especially with sockets, as you’ll extinguish the available source ports that can be used. In windows environments, the default is 3977.

Background

As a connection timeout is not a parameter available within the TcpClient.BeginConnect() or TcpClient.Connect() functions, an issue arises for those who have large scale processes that must be accomplished in a timely fashion.

With the use of firewalls in the network we make a compromise, trading network visibility for security. We often no longer get a response from the TCP stack at the far end or sometimes even the ICMP message back when a packet passes a firewall whether there is a problem or not. Even more frustrating, we may have no choice in the matter, as another group or organization could be managing the firewalls, and so policy change can be difficult if not impossible altogether. Continue reading