--- Begin Message ---
Hi,
>
> >> Now some of my monitoring and management traffic, which is addressed
> >> to the customer facing interface addresses takes the shortest path
> >> into
> >> 10.0.0.0/24 and through this network and might then hit the interface
> >> of the router. But there is a ACL that blocks that, because it looks
> >> like the customer spoofed the source address of the monitoring system.
>
> > But you're doing it wrong. I'm not sure what is right without
> > understanding more accurately what you are doing, but some flavor of
>
> If I understand correctly, you are monitoring ICMP reachability of, say,
> 10.0.0.2, because reaching the router itself (e.g. its loopback or its
> backbone
> address) and getting via SNMP the state of its interface is not enough for
> you,
> you want to make sure to be able to reach addresses in the actual customer
> prefix, to detect routing problems with that specific prefix.
>
If I have understood correctly you are looking to force the monitoring through
router local links , but the monitoring system only has the one "shorter" path.
This may be done using a sla locally on the router and then polling the state
of the sla from the monitoring system
Brian
--- End Message ---
_______________________________________________
cisco-nsp mailing list cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/
