1
00:00:00,510 --> 00:00:07,170
Now in networking devices specifically with quality of service we have the concept of trust and a trust

2
00:00:07,170 --> 00:00:08,460
boundary.

3
00:00:08,460 --> 00:00:09,690
Who are you going to trust.

4
00:00:11,040 --> 00:00:18,050
So as an example if a switch receives a data packet from a P.C. is it going to trust the markings.

5
00:00:18,270 --> 00:00:22,510
If the piece is telling the switch that its traffic is very important.

6
00:00:22,860 --> 00:00:30,450
Typically a switch will not trust a P.C. but a switch made trust to the markings from a phone an IP

7
00:00:30,450 --> 00:00:37,280
phone as an example will tell a switch by using a marking that its traffic is very important.

8
00:00:37,370 --> 00:00:41,740
A switch needs to be configured to trust that marking from the phone.

9
00:00:41,940 --> 00:00:48,280
So we have this concept of a trust boundary an untrusted domain is the part of the network that you

10
00:00:48,280 --> 00:00:49,290
are not managing.

11
00:00:49,290 --> 00:00:52,180
So it could be a P.C. it could be a printer.

12
00:00:52,260 --> 00:00:58,260
You're not going to trust the marking sent by a user's P.C. from a quality of service point of view.

13
00:00:58,260 --> 00:01:03,240
The trusted domain is the part of the network that only administrators can manage.

14
00:01:03,420 --> 00:01:09,490
So they are trusted devices such as routers and switches and in some cases IP phones.

15
00:01:09,600 --> 00:01:14,480
A broad is going to trust the markings that it receives from a switch and a switch is going to trust

16
00:01:14,550 --> 00:01:17,460
the markings that it receives from an IP phone.

17
00:01:17,460 --> 00:01:21,230
Now the trust boundary is where packets are classified and marked.

18
00:01:21,440 --> 00:01:24,680
So as an example the IP phones are a trust boundary.

19
00:01:24,900 --> 00:01:31,200
We don't trust the markings to the left of the IP phones but we do trust the marking centre between

20
00:01:31,200 --> 00:01:38,100
phones switches and routers so in an enterprise any markings received by any of these devices will be

21
00:01:38,100 --> 00:01:39,110
trusted.

22
00:01:39,510 --> 00:01:47,360
A service provider or ISP however may not trust the mocking sent on packets from customers.

23
00:01:47,580 --> 00:01:50,640
So this would be a separate trust boundary.

24
00:01:50,670 --> 00:01:58,830
The ISP will trust any markings of packets in its own domain or in its own network that may not trust

25
00:01:58,890 --> 00:02:04,920
the markings sent to it by a enterprise customer in an enterprise network.

26
00:02:04,920 --> 00:02:11,070
The trust boundaries typically the edge of the network for an ISP the trust boundaries typically found

27
00:02:11,070 --> 00:02:13,670
at the Lost device that it manages.

28
00:02:13,950 --> 00:02:21,390
So as an example if the ISP provide you a router that it manages the trust boundary is set there and

29
00:02:21,390 --> 00:02:27,630
it will trust any markings of devices that it controls but not markings received from devices that it

30
00:02:27,630 --> 00:02:29,410
doesn't control.

31
00:02:29,550 --> 00:02:35,670
Trust boundaries are important because by default Cisco riders will override any quality of service

32
00:02:35,670 --> 00:02:39,180
markings that they receive on an untrusted boundary.

33
00:02:39,750 --> 00:02:45,160
So foist traffic and video traffic and data traffic will be treated to the same.

34
00:02:45,240 --> 00:02:52,140
If you don't remark that traffic in other words if a rider receives traffic on an untrusted interface

35
00:02:52,140 --> 00:02:56,760
it will treat it the same which can have a negative effect on quality of service.