WEBVTT

00:02.020 --> 00:05.090
You have a normal TV working, right?

00:05.140 --> 00:09.640
So if I have what are my let's have this right here.

00:10.930 --> 00:13.270
What are my characteristics?

00:13.510 --> 00:13.930
Tunnel.

00:15.820 --> 00:26.260
Tunnel zero Tunnel Source Something and Tunnel Destination 23.3 IP Address

00:27.910 --> 00:30.430
1.2255255355.

00:30.460 --> 00:32.200
See, this is what I do, right?

00:32.200 --> 00:33.460
And then I protect it.

00:35.970 --> 00:41.340
IPsec IPV IPsec Profile I from.

00:43.860 --> 00:44.280
Right.

00:44.400 --> 00:50.040
The other thing that I can do is I'll create a separate policy class map.

00:50.370 --> 00:51.270
Remember, class map.

00:52.080 --> 00:53.190
I'll call it anything.

00:53.880 --> 00:55.950
I'll call it VPN one.

00:56.880 --> 00:59.340
I'll say match any.

01:00.690 --> 01:03.600
I'll create another policy map.

01:04.200 --> 01:08.310
I'll call it PM VPN one.

01:09.420 --> 01:10.710
I'll call the class.

01:12.870 --> 01:19.260
And for this I'll have an IP precedence of, say, five.

01:21.720 --> 01:24.780
Let me show it to you on a larger class map.

01:25.410 --> 01:26.250
I'll call it anything.

01:26.250 --> 01:26.730
VPN.

01:26.760 --> 01:29.160
CM VPN.

01:30.270 --> 01:34.020
Match any policy map.

01:34.860 --> 01:35.820
PM VPN.

01:36.420 --> 01:39.930
Call the class cm VPN.

01:40.850 --> 01:41.670
And then I'll say.

01:47.970 --> 01:50.730
This should be precedence.

01:51.570 --> 01:53.160
I can say priority also.

01:53.520 --> 01:54.900
I can give it a priority.

01:55.770 --> 01:59.720
But there is a precedence set precedents.

02:00.300 --> 02:02.730
Set IP precedence.

02:02.760 --> 02:04.830
Now I can have it as an internet route.

02:04.860 --> 02:05.430
A flash.

02:05.430 --> 02:08.520
A critical critical means treated with a critical precedence.

02:08.520 --> 02:12.860
This traffic should be given the highest priority to go through.

02:12.870 --> 02:15.480
I can have an internet, I can say network, priority, anything.

02:15.480 --> 02:18.930
These are just values which have a predefined.

02:19.560 --> 02:20.580
Set of rules.

02:21.450 --> 02:26.580
So when they see an President five, they have that guidebook which says five is critical.

02:26.850 --> 02:27.750
It's the same here.

02:27.750 --> 02:28.950
It'll be the same everywhere.

02:31.970 --> 02:32.300
Okay.

02:32.870 --> 02:37.380
So I can say IP precedence this and give it a precedence of five.

02:37.410 --> 02:40.970
Critical policy is created.

02:40.970 --> 02:45.890
Where do I apply this policy on the service policy?

02:47.220 --> 02:47.790
Input.

02:47.790 --> 02:49.320
I can say input and output both.

02:49.950 --> 02:52.730
So I'll say output right now because my traffic is going out.

02:52.740 --> 02:54.270
Should have an IP precedence.

02:54.610 --> 02:59.070
PM VPN on your mac.

02:59.940 --> 03:00.930
It will mark the packets.

03:00.930 --> 03:02.610
Right now I'm setting the precedence.

03:03.090 --> 03:03.630
What else?

03:04.290 --> 03:05.910
What else we can do is class map.

03:06.240 --> 03:07.920
I'll create another one on the other side.

03:08.400 --> 03:09.150
On the other side.

03:09.150 --> 03:10.260
Say this is the receiving end.

03:11.190 --> 03:14.100
Right VPN receive.

03:15.970 --> 03:18.650
I'll say match.

03:18.700 --> 03:19.630
I won't match this.

03:19.630 --> 03:21.490
I match IP precedence.

03:21.490 --> 03:25.600
If anything comes with an IP precedence of I will be matched in this class.

03:26.530 --> 03:28.060
Then I'll have another policy map.

03:28.090 --> 03:31.480
PM vpn receive.

03:32.720 --> 03:36.200
In the class of CM VPN.

03:36.950 --> 03:37.550
What was it called?

03:38.520 --> 03:42.530
VPN and the class of this.

03:43.280 --> 03:45.520
This class matches what any IP precedent.

03:45.530 --> 03:47.420
Five I can do other stuff with it.

03:47.420 --> 03:48.470
I can police it.

03:50.920 --> 03:52.570
Do this bit per second.

03:52.660 --> 03:54.310
Do not let him go about this bit.

03:54.340 --> 03:55.930
Or I could prioritize him.

03:56.050 --> 03:59.290
I'll give him a priority of, say, 25%.

04:00.010 --> 04:02.740
25% of the bandwidth will be allocated for this guy.

04:03.820 --> 04:09.320
So I make sure that whatever traffic is coming out through the tunnel does not go missing.

04:09.340 --> 04:13.410
If it is congested, at least 25% is dedicated to this guy.

04:13.420 --> 04:15.460
He will go through using that 25%.

04:19.090 --> 04:19.420
There.

04:19.540 --> 04:20.920
We have done all of this before.

04:21.910 --> 04:23.470
We have done all of this before.

04:23.710 --> 04:27.370
The only difference here is you apply this precedence on the tunnel.

04:29.590 --> 04:31.420
You only apply it on the tunnel.

04:33.320 --> 04:35.240
And you get one more single so that.

04:37.410 --> 04:37.690
I see.

04:38.400 --> 04:38.840
Yeah.

04:40.350 --> 04:44.460
For the cereal, you'll keep a different IP precedence value so you'll know that.

04:44.460 --> 04:45.690
See, if you match only one.

04:45.690 --> 04:46.980
He will never match the cereal.

04:48.330 --> 04:49.740
He will do nothing to the cereal.

04:49.740 --> 04:51.000
Let him go as a common man.

04:51.510 --> 04:54.900
Right now what I'm doing is for the IP traffic going out of the tunnel.

04:54.900 --> 04:59.730
I'm giving him that VIP status of five.

04:59.730 --> 05:01.830
I'm giving him an ambassador to go and.

05:02.820 --> 05:07.500
So when on the other guy, the guy sees this, this traffic is coming in, an ambassador.

05:07.500 --> 05:08.310
He's a VIP.

05:08.760 --> 05:10.830
He clears out the road and lets him go out.

05:12.070 --> 05:17.740
Even if this traffic jam, he goes in and clears it out for him, 25% he keeps for him.

05:19.120 --> 05:24.700
Remember Commonwealth divided the roads for for for VIPs.

05:24.850 --> 05:26.030
They did that, right.

05:26.050 --> 05:28.780
They had this separate line only for those people.

05:28.780 --> 05:29.890
That's what you do here.

05:31.090 --> 05:31.480
Yeah.

05:31.480 --> 05:32.740
Priority for those people.

05:33.790 --> 05:34.900
For the common man.

05:34.930 --> 05:36.130
You don't mark him at all.

05:36.640 --> 05:42.010
He goes wherever he wants to go, but he cannot go on this 25% mango people.

05:42.400 --> 05:43.480
But the mango people.

05:44.410 --> 05:44.890
Right.

05:45.770 --> 05:46.470
The other way.

05:46.520 --> 05:51.260
Now, if you don't have a tunnel, if you're doing with, say, easy VPN, there's also one more way

05:51.260 --> 05:52.130
of doing this.

05:52.700 --> 05:53.710
It's not this.

05:53.720 --> 05:55.340
You don't mark it this way.

05:55.490 --> 05:56.870
I'm showing you marking right now.

05:57.170 --> 05:58.370
You do it in.

06:00.920 --> 06:01.950
I can profile.

06:05.380 --> 06:07.540
You have something called group.

06:09.010 --> 06:10.380
For this I I tunnel.

06:10.870 --> 06:16.240
Your group market call it anything group is to.

06:18.340 --> 06:22.350
So for this tunnel, it belongs to a group two.

06:22.390 --> 06:27.400
When it reaches the other side, you can say class map shows VPN.

06:28.930 --> 06:29.520
Match.

06:29.710 --> 06:30.040
Match.

06:30.070 --> 06:30.520
What?

06:34.390 --> 06:34.580
Group.

06:37.510 --> 06:40.060
And then apply the policies in another policy map.

06:41.080 --> 06:47.350
PM shows group class is it called.

06:50.600 --> 06:53.540
Vasquez VPN and then do whatever you want.

06:53.570 --> 06:54.320
Again, policy.

06:54.320 --> 06:54.970
Prioritize.

06:54.980 --> 06:56.150
Prioritize.

06:59.100 --> 07:04.740
You can do again, same thing, compress it, give it a bandwidth of this dedicated bandwidth to this

07:04.740 --> 07:10.590
guy, given priority, police the data queue limit a lot of things.

07:10.590 --> 07:11.970
We have done all of them before.

07:12.840 --> 07:15.150
This is was only applying to VPNs.

07:17.970 --> 07:18.360
Right.

07:20.970 --> 07:21.300
Is this a.

07:22.470 --> 07:23.040
Yeah.

07:24.930 --> 07:26.010
This is just marking.

07:26.040 --> 07:27.210
See there?

07:27.210 --> 07:28.350
I did it in precedence.

07:28.350 --> 07:29.820
So I put him in an ambassador.

07:30.150 --> 07:35.010
Now I'm doing group means I'm still marking him, but I'm not putting him in an ambassador.

07:35.010 --> 07:38.070
I'm giving him a black leather jacket of number two.

07:38.910 --> 07:44.310
So from the other other end, they're all checking who's coming with the black jacket of number two.

07:44.520 --> 07:45.870
Whoever is with the black jacket.

07:45.870 --> 07:46.380
Come here.

07:46.380 --> 07:48.150
I have a separate line for you.

07:50.390 --> 07:53.540
We'll have different groups now see, for this tunnel, I'll have group two.

07:54.080 --> 07:56.350
I have another tunnel coming in from America.

07:56.360 --> 07:57.500
I'll keep it as group five.

07:58.040 --> 08:03.590
For group five, I'll give a priority of 25% for the group coming from India, I'll give a priority

08:03.590 --> 08:09.290
of 25, 10%, 20%, 15%, whatever you want it just marking.

08:09.290 --> 08:11.090
And then you do that stuff on the mark.

08:13.950 --> 08:16.470
So that would be helpful.

08:17.490 --> 08:19.980
What is the difference between maritime traffic shaping?

08:20.550 --> 08:21.690
Traffic shaping.

08:21.720 --> 08:22.230
Shaping.

08:25.660 --> 08:26.630
This shape.

08:26.650 --> 08:32.410
These are all different values that you can do because the traffic shaping, we also try to prioritize

08:32.410 --> 08:32.860
the data.

08:32.890 --> 08:35.260
Yeah, this is this is the policy that you apply.

08:35.950 --> 08:39.550
Shaping is applying policies is also you do a step.

08:39.580 --> 08:45.760
See I told you remember policy map does the class map is used for classification.

08:47.500 --> 08:48.820
The group that we did before.

08:48.820 --> 08:54.360
It was used only for classification shaping means he will shape it and put him in a good queue.

08:56.130 --> 08:57.630
He will put him ahead in the queue.

08:58.740 --> 09:01.550
With the thing, the bandwidth or priority.

09:01.560 --> 09:04.320
I divide my bandwidth of my link.

09:05.610 --> 09:06.890
I don't do anything to the queue.

09:06.900 --> 09:09.240
I'll divide my bandwidth in the link and let him go out.

09:10.050 --> 09:11.690
I keep that bandwidth for this.

09:11.700 --> 09:16.200
Anything that is marked with IP precedence of five or group of two.

09:17.610 --> 09:19.050
Where are these things?

09:20.000 --> 09:20.570
Marked.

09:20.930 --> 09:22.520
There is a special t o.

09:22.520 --> 09:24.350
S field in your IP header.

09:26.000 --> 09:27.290
It's called type of service.

09:28.220 --> 09:31.100
It's a special field which has this value.

09:31.880 --> 09:37.580
When you have a group of five, the value of that field will be zero zero 1 or 0 one 0 or 1 zero one

09:38.420 --> 09:39.230
different values.

09:39.380 --> 09:40.730
It's A33 bit field.

09:41.390 --> 09:42.350
The field.

09:44.350 --> 09:48.700
You know, you can do that in that field.

09:48.700 --> 09:51.310
In that field, you'll get that different value.

09:51.340 --> 09:53.800
One, two, three, one, four, five.

09:53.830 --> 09:56.290
See, as I told you, priority, not priority.

09:56.320 --> 09:58.360
Precedence was 15278.

09:58.390 --> 10:00.730
So three bit field with different values.

10:00.760 --> 10:03.670
One is one means 00100.

10:03.850 --> 10:13.390
One means IP precedence of 1010 means IP precedence of 2011 is 3100 is 6664.

10:15.910 --> 10:16.840
You understand what I'm saying?

10:19.410 --> 10:20.180
This is normal.

10:20.640 --> 10:23.790
This is your normal stress is applied here.

10:23.820 --> 10:26.110
The only difference is how you mark the traffic.

10:28.170 --> 10:31.210
Us is applied using class maps and policy maps.

10:31.930 --> 10:35.560
The only one thing you have to learn is how to mark the traffic going out of your turn.

10:38.910 --> 10:39.200
Right.

10:40.110 --> 10:41.220
These are only two ways.

10:41.850 --> 10:42.810
There are many.

10:43.410 --> 10:43.980
There are many.

10:43.980 --> 10:46.200
But these are the most predominantly used.

10:47.270 --> 10:48.050
See an IPCC.

10:48.080 --> 10:54.140
The most well known way of applying a tunnel of creating a tunnel is through vice.

10:54.350 --> 10:55.460
Or Gretna's.

10:55.580 --> 10:56.870
Crypto maps are not used.

10:56.870 --> 10:57.590
Usually used.

10:57.590 --> 10:58.010
Why?

10:58.040 --> 10:59.330
Because you don't send.

10:59.360 --> 11:01.280
You cannot send multicast through a crypto map.

11:01.400 --> 11:03.680
You cannot send a broadcast to a crypto.

11:04.010 --> 11:09.890
It can only be sent through tunnels or tunnels or IPsec or or your normal tunnels.

11:11.290 --> 11:11.790
So just.

11:14.590 --> 11:16.660
In crypto, you can't.

11:17.860 --> 11:22.360
You can't know it'll be because the other side should be a reflection of this side.

11:23.650 --> 11:27.800
You cannot you can never have a reflection with a source of 220 400.

11:30.850 --> 11:32.080
What will you have on the other side?

11:32.080 --> 11:33.790
The source of 224 001.

11:33.880 --> 11:37.210
The traffic will never come back as a source of 220 400 ten.

11:37.240 --> 11:39.670
He will come back with the source of that interface.

11:41.700 --> 11:43.910
The traffic from here is coming from this source too.

11:43.940 --> 11:45.330
220 400 ten.

11:45.480 --> 11:51.300
The reflection should be the source should be 220 400 ten, which will never be the case, but the source

11:51.300 --> 11:55.520
will change IP and can.

11:56.190 --> 11:56.820
It doesn't work.

11:57.670 --> 11:58.030
Try it.

11:58.060 --> 12:00.070
It should again be a reflection on the other side.

12:00.520 --> 12:01.180
Have you tried it?

12:01.990 --> 12:02.650
Does it work?

12:02.680 --> 12:03.320
It doesn't.

12:03.340 --> 12:06.250
That is the one big problem with crypto maps.

12:06.490 --> 12:09.850
Multicast and dynamic broadcasts do not work with crypto.

12:10.750 --> 12:12.580
That is why grids were introduced.

12:13.030 --> 12:16.000
That's why you cannot run routing protocols over crypto maps.

12:17.590 --> 12:24.040
So when you use this it's easy to do your cuz you either you either do it on a tunnel or you go to your

12:24.040 --> 12:24.850
profile.

12:25.060 --> 12:30.460
And in that profile you apply that group profile, you apply that group.

12:33.120 --> 12:33.630
Okay.

12:34.780 --> 12:35.490
Is that clear?

12:37.260 --> 12:38.520
Clear is very simple.

12:39.240 --> 12:40.170
Very, very simple.

12:40.170 --> 12:41.340
If you know how to do it with.

12:42.090 --> 12:44.910
All this policing and shaping and all the things we did there.

12:45.540 --> 12:47.610
All you have to do is how to match it.

12:48.440 --> 12:49.340
Do it on the notepad.

12:49.350 --> 12:50.790
The two ways of doing this.

12:53.010 --> 12:55.530
The first is this You have your tunnel.

12:57.120 --> 12:58.110
You have your tunnel.

12:58.140 --> 13:01.230
You go back inside your tunnel interface.

13:01.230 --> 13:05.460
Tunnel zero service policy.

13:06.300 --> 13:07.890
What is the name of the policy?

13:09.030 --> 13:11.640
This and the traffic which is going.

13:14.430 --> 13:17.710
I'm marking it with precedence of.

13:19.830 --> 13:20.670
Yes.

13:21.150 --> 13:22.440
The other way is.

13:26.450 --> 13:33.350
Crypto Ik v2 v2 Icy camp

13:35.840 --> 13:45.080
profile i ik Graph shows Group two.

13:45.410 --> 13:46.820
So you're doing it for the profile.

13:47.030 --> 13:52.250
Whenever that profile is used, all that traffic will be marked with the group of two.

13:54.280 --> 13:56.170
The marking will be done for you.

13:58.350 --> 13:58.800
Good.