1
00:00:00,360 --> 00:00:06,630
Now in networking devices, specifically with quality of service, we have the concept of trust and

2
00:00:06,630 --> 00:00:08,070
a trust boundary.

3
00:00:08,340 --> 00:00:09,840
Who are you going to trust?

4
00:00:10,960 --> 00:00:18,180
So as an example, if a switch receives a data packet from a PC, is it going to trust the markings

5
00:00:18,190 --> 00:00:22,210
if the PC is telling the switch that its traffic is very important?

6
00:00:22,780 --> 00:00:29,610
Typically a switch will not trust a PC, but a switch may trust the markings from a phone.

7
00:00:29,830 --> 00:00:37,240
An IP phone, as an example, will tell a switch by using a marking that its traffic is very important.

8
00:00:37,270 --> 00:00:41,620
A switch needs to be configured to trust that marking from the phone.

9
00:00:41,740 --> 00:00:48,280
So we have this concept of a trust boundary and untrusted domain is the part of the network that you

10
00:00:48,280 --> 00:00:49,240
are not managing.

11
00:00:49,240 --> 00:00:51,700
So it could be a PC, it could be a printer.

12
00:00:52,120 --> 00:00:57,880
You're not going to trust the marking sent by a user's PC from a quality of service point of view.

13
00:00:58,210 --> 00:01:04,480
The trusted domain is the part of the network that only administrators can manage, so they are trusted

14
00:01:04,480 --> 00:01:09,130
devices such as routers and switches and in some cases IP phones.

15
00:01:09,520 --> 00:01:14,470
A router is going to trust the markings that it receives from a switch, and a switch is going to trust

16
00:01:14,560 --> 00:01:16,930
the markings that it receives from an IP phone.

17
00:01:17,320 --> 00:01:21,100
Now, the trust boundary is where packets are classified and marked.

18
00:01:21,250 --> 00:01:24,670
So as an example, the IP phones are a trust boundary.

19
00:01:24,670 --> 00:01:31,210
We don't trust the markings to the left of the IP phones, but we do trust the marking sent between

20
00:01:31,210 --> 00:01:33,040
phones, switches and routers.

21
00:01:33,430 --> 00:01:38,860
So in an enterprise, any markings received by any of these devices will be trusted.

22
00:01:39,430 --> 00:01:47,050
A service provider or ISP, however, may not trust the marking sent on packets from customers.

23
00:01:47,410 --> 00:01:50,500
So this would be a separate trust boundary.

24
00:01:50,500 --> 00:01:58,870
The ISP will trust any markings of packets in its own domain or in its own network, but may not trust

25
00:01:58,870 --> 00:02:03,220
the markings sent to it by a enterprise customer.

26
00:02:03,700 --> 00:02:07,930
In an enterprise network, the trust boundary is typically the edge of the network.

27
00:02:07,930 --> 00:02:13,360
For an ISP, the trust boundary is typically found at the lost device that it manages.

28
00:02:13,840 --> 00:02:20,980
So as an example, if the ISP provides you a router that it manages, the trust boundary is set there

29
00:02:21,010 --> 00:02:27,340
and it will trust any markings of devices that it controls, but not markings received from devices

30
00:02:27,340 --> 00:02:28,870
that it doesn't control.

31
00:02:29,380 --> 00:02:35,680
Trust boundaries are important because by default, Cisco routers will override any quality of service

32
00:02:35,680 --> 00:02:39,340
markings that they receive on an untrusted boundary.

33
00:02:39,550 --> 00:02:47,230
So voice traffic and video traffic and data traffic will be treated as the same if you don't remark

34
00:02:47,230 --> 00:02:48,430
that traffic.

35
00:02:48,460 --> 00:02:53,830
In other words, if a rider receives traffic on an untrusted interface, it will treat it the same,

36
00:02:53,830 --> 00:02:56,860
which can have a negative effect on quality of service.