a bit off topic
heys, just passed the ccda exam today (ccna prior). looking to get some hands-on experience on a contract, part-time basis. any thoughts on how/where to start (dc area)? thanks. _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: debug ip error
one tip is to issue the no debug all command prior to issuing debug all. that way when the router display begins spewing debug info you can issue an up arrow and enter command sequence to get out of debug mode. Gayathri wrote: > Hi Group, > > Recently due to some problems my colleague issued a debug ip error command > on the rsm. > > The problem is we could not stop the process at all. We tried using the no > debug ip error but it never came out of the process, there was a lot of > details regarding routing info . Luckily for us we had HSRP. > > We had to reboot the RSM , manually i.e, remove the card and insert it back. > Is this a common thing that we cant stop the debug ip error process. > > Thanks > > Gayathri _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Manchester symbols [7:6655]
i remember the term symbol as equated to a state change. in modulation techniques where 1 symbol = 1 bit, the symbol rate and the bit rate are the same. some modulation techniques can yield multiple bits from a single symbol. qpsk (quaternary phase shift keying) is a form of phase angle modulation used in rf where 1 symbol = 2 data bits. so the symbol rate is 1/2 the bit rate (23 megasymbols per second = 46mbps). Priscilla Oppenheimer wrote: > The original 10-Mbps Ethernet II and 802.3 standards use Manchester > encoding for all media types. Manchester encoding specifies that a bit > period is divided into two equal intervals and there is always a transition > from either high to low or low to high in the middle of the bit period. A > binary zero is high first and then low. A binary one is low first and then > high. I haven't heard these called symbols, but perhaps your reference > calls them symbols. > > Priscilla > > At 07:09 PM 5/31/01, hal9001 wrote: > >Thanx for that any idea about the symbols? > > > >Karl > >- Original Message - > >From: "Fred Ingham" > >To: "hal9001" ; > >Sent: Thursday, May 31, 2001 11:45 AM > >Subject: Re: Manchester symbols [7:6655] > > > > > > > Manchester encoding is used on 10 Mbps Ethernet, Differential Manchester > > > encoding is used on token ring. > > > > > > Fred. > > > > > > hal9001 wrote: > > > > > > > > Something to do with Ethernet Encoding I fink...anyone else? > > > > > > > > Karl > > > > - Original Message - > > > > From: "g_study" > > > > To: > > > > Sent: Thursday, May 31, 2001 9:07 PM > > > > Subject: Manchester symbols [7:6655] > > > > > > > > > What are Manchester symbols? > > > Priscilla Oppenheimer > http://www.priscilla.com Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=6835&t=6655 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Passed BSCN but..............? [7:7719]
i just passed this am with, would you believe, a 919 also. used cisco press for self study (paquet/teare - it is a very good text, btw - only a few typos). for what it is worth i found that working the configuration exercises in each chapter really helped. ever onward, rearward never, faithfully we strive. dawkins c wrote: > I have just passed the BSCN with a score of 919. I should be happy about > this but I found the test relatively easy. I would have prefered to > "manfully" struggle through the questions and succeed after my heroic > attempts (OK slightly overstated). Instead I was waiting for the questions > to get harder. I know this sounds silly. Maybe I just got the right > questions for me? > > Your comments > > PS .. no I am not some Cisco Guru (far from it), just a journeyman Cisco > network designer. Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=7735&t=7719 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
why change mtu on ethernet switch [7:34715]
curious why one would want to change the mtu on an ethernet switch port? trunk ports appear to handle the mini-jumbo frames without the change. a quick scan of the www.cisco reveals how to but not why. thoughts? Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=34715&t=34715 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
it started out as a really good idea [7:64636]
i have a need for a high availability solution for a default gateway configuration. just finished the ccdp and thought it might be interesting to try hsrp on a pair of 2514's. put some of that theory to work. instead of highly resiliant i've managed to configure it for mass failure. arg.., not exactly what i had in mind. now, any time i take down 1 of the 4 links, the connect between 2 remote hosts dies. this is in a lab (production is not a lab, production is not a lab...) so it is a mystery i would like to solve, but it is not critical. here is the basic config (hope it makes it): pc host 1 -+- e0 router 1, e1 +- pc host 2 | | |- e0 router 2, e1 | the routers act as a default gateway between the internal network (represented by pc host 1) and the external world (represented by pc host 2). i have used 10.3 and 10.4 /16 as the addresses for each side of the divide. i want to run hsrp on both sets of router interfaces so that in the event a router or an interface fails, the traffic impact is minimized. in the real world pc host 2 will be a firewall and there will be other hosts off that segment as well looks easy. sounds plausible. read the cisco docs. looks like it should work. minimal incantations before tickling the keyboard. key in the configs and it fires up nicely. do the show standby thingee and all looks cool. can ping the 2 stations end to end. most excellent. put a router in debug mode. when i pull one of the 4 router cables the router goes through a state change but no bits make it to the far end. not even the shiney ones. bitstream courtesy of ping. maybe i misunderstood what hsrp was suppose to do. the configs are below, along with the show standby results. both are 2514's (2 aui's) and both are running 12.2(1d). probably forgot to put the interface in mumble mode or something equally easy. no laughter, please. thanks in advance. router 1 interface Ethernet0 ip address 10.3.255.2 255.255.0.0 no ip route-cache no ip mroute-cache standby 1 priority 200 preempt standby 1 ip 10.3.0.2 ! interface Ethernet1 ip address 10.4.254.2 255.255.0.0 no ip route-cache no ip mroute-cache standby 2 priority 200 preempt standby 2 ip 10.4.254.10 router 2 interface Ethernet0 ip address 10.3.255.1 255.255.0.0 no ip route-cache no ip mroute-cache standby 1 priority 225 preempt standby 1 ip 10.3.0.2 ! interface Ethernet1 ip address 10.4.254.1 255.255.0.0 no ip route-cache no ip mroute-cache standby 2 priority 150 preempt standby 2 ip 10.4.254.10 results of show standby Router1#show standby Ethernet0 - Group 1 Local state is Standby, priority 200, may preempt Hellotime 3 holdtime 10 Next hello sent in 00:00:00.940 Hot standby IP address is 10.3.0.2 configured Active router is 10.3.255.1 expires in 00:00:09, priority 225 Standby router is local 20 state changes, last state change 00:22:34 Ethernet1 - Group 2 Local state is Active, priority 200, may preempt Hellotime 3 holdtime 10 Next hello sent in 00:00:01.676 Hot standby IP address is 10.4.254.10 configured Active router is local Standby router is 10.4.254.1 expires in 00:00:08 Standby virtual mac address is .0c07.ac02 17 state changes, last state change 00:23:26 Router1# Router2#show standby Ethernet0 - Group 1 Local state is Active, priority 225, may preempt Hellotime 3 holdtime 10 Next hello sent in 00:00:01.010 Hot standby IP address is 10.3.0.2 configured Active router is local Standby router is 10.3.255.2 expires in 00:00:09 Standby virtual mac address is .0c07.ac01 24 state changes, last state change 00:22:04 Ethernet1 - Group 2 Local state is Standby, priority 150, may preempt Hellotime 3 holdtime 10 Next hello sent in 00:00:01.272 Hot standby IP address is 10.4.254.10 configured Active router is 10.4.254.2 expires in 00:00:09, priority 200 Standby router is local 32 state changes, last state change 00:22:25 Router2# Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=64636&t=64636 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
it started out as a really good idea ... [7:64638]
i have a need for a high availability solution for a default gateway configuration. just finished the ccdp and thought it might be interesting to try hsrp on a pair of 2514's. put some of that theory to work. instead of highly resiliant i've managed to configure it for mass failure. arg.., not exactly what i had in mind. now, any time i take down 1 of the 4 links, the connect between 2 remote hosts dies. this is in a lab (production is not a lab, production is not a lab...) so it is a mystery i would like to solve, but it is not critical. here is the basic config (hope it makes it): pc host 1 -+- e0 router 1, e1 +- pc host 2 | | |- e0 router 2, e1 | the routers act as a default gateway between the internal network (represented by pc host 1) and the external world (represented by pc host 2). i have used 10.3 and 10.4 /16 as the addresses for each side of the divide. i want to run hsrp on both sets of router interfaces so that in the event a router or an interface fails, the traffic impact is minimized. in the real world pc host 2 will be a firewall and there will be other hosts off that segment as well looks easy. sounds plausible. read the cisco docs. looks like it should work. minimal incantations before tickling the keyboard. key in the configs and it fires up nicely. do the show standby thingee and all looks cool. can ping the 2 stations end to end. most excellent. put a router in debug mode. when i pull one of the 4 router cables the router goes through a state change but no bits make it to the far end. not even the shiney ones. bitstream courtesy of ping. maybe i misunderstood what hsrp was suppose to do. the configs are below, along with the show standby results. both are 2514's (2 aui's) and both are running 12.2(1d). probably forgot to put the interface in mumble mode or something equally easy. no laughter, please. thanks in advance. router 1 interface Ethernet0 ip address 10.3.255.2 255.255.0.0 no ip route-cache no ip mroute-cache standby 1 priority 200 preempt standby 1 ip 10.3.0.2 ! interface Ethernet1 ip address 10.4.254.2 255.255.0.0 no ip route-cache no ip mroute-cache standby 2 priority 200 preempt standby 2 ip 10.4.254.10 router 2 interface Ethernet0 ip address 10.3.255.1 255.255.0.0 no ip route-cache no ip mroute-cache standby 1 priority 225 preempt standby 1 ip 10.3.0.2 ! interface Ethernet1 ip address 10.4.254.1 255.255.0.0 no ip route-cache no ip mroute-cache standby 2 priority 150 preempt standby 2 ip 10.4.254.10 results of show standby Router1#show standby Ethernet0 - Group 1 Local state is Standby, priority 200, may preempt Hellotime 3 holdtime 10 Next hello sent in 00:00:00.940 Hot standby IP address is 10.3.0.2 configured Active router is 10.3.255.1 expires in 00:00:09, priority 225 Standby router is local 20 state changes, last state change 00:22:34 Ethernet1 - Group 2 Local state is Active, priority 200, may preempt Hellotime 3 holdtime 10 Next hello sent in 00:00:01.676 Hot standby IP address is 10.4.254.10 configured Active router is local Standby router is 10.4.254.1 expires in 00:00:08 Standby virtual mac address is .0c07.ac02 17 state changes, last state change 00:23:26 Router1# Router2#show standby Ethernet0 - Group 1 Local state is Active, priority 225, may preempt Hellotime 3 holdtime 10 Next hello sent in 00:00:01.010 Hot standby IP address is 10.3.0.2 configured Active router is local Standby router is 10.3.255.2 expires in 00:00:09 Standby virtual mac address is .0c07.ac01 24 state changes, last state change 00:22:04 Ethernet1 - Group 2 Local state is Standby, priority 150, may preempt Hellotime 3 holdtime 10 Next hello sent in 00:00:01.272 Hot standby IP address is 10.4.254.10 configured Active router is 10.4.254.2 expires in 00:00:09, priority 200 Standby router is local 32 state changes, last state change 00:22:25 Router2# Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=64638&t=64638 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: it started out as a really good idea ... [7:64638]
i do apologize about the drawing - never could stay in the lines with crayons either. you are correct, both e0's in one subnet and both e1's in the other. appropriate virtual routers as well. pc1 is attached to e0's (all in hub 1) and pc2 with the e1's in hub 2. guess the drawing lost something in translation. i didn't trying pinging back the other way round but will tomorrow am. the lab's at work and (finally) i'm not. i pulled debug standby traces and i'll go through them tonite. the pc has the virtual mac address in its arp table and the virtual address does move from interface e0 to interface e1. but i like your theory of no return path. thanks much. garrett - Original Message - From: Priscilla Oppenheimer Date: Thursday, March 6, 2003 6:23 pm Subject: Re: it started out as a really good idea ... [7:64638] > Um, he already has both the E0s in the same subnet and both the > E1s in the > same subnet, according to his config. > > His drawing is confusing but I think he's got PC1 and both E0s in > subnet10.3.0.0/16, say on a hub or a switch. > > He's got PC2 and both E1s in subnet 10.4.0.0, on another hub or > switch. > If the problem isn't related to misconfiguration of the default > gateway on > the PCs, I do have another theory. :-) > > Say he pulls the E0 cable on Router 1. No problem, PC1 will start > usingRouter2. > > Then he pings from PC1 to PC2. The ping will probably get there > but what > about the reply coming back? > > What happens if PC2 is using Router 1 and Router 1 has no way to > send PC2's > packet from itself to Router 2 due to the missing cable, not to > mention lack > of any routing protocol configured. > > Think about it! :-) > > Priscilla > > The Long and Winding Road wrote: > > > > ""garrett allen"" wrote in message > > news:[EMAIL PROTECTED] > > > i have a need for a high availability solution for a default > > gateway > > > configuration. just finished the ccdp and thought it might be > > > interesting to try hsrp on a pair of 2514's. put some of > > that theory > > > to work. instead of highly resiliant i've managed to > > configure it for > > > mass failure. arg.., not exactly what i had in mind. now, > > any time i > > > take down 1 of the 4 links, the connect between 2 remote > > hosts dies. > > > this is in a lab (production is not a lab, production is not > > a lab...) > > > so it is a mystery i would like to solve, but it is not > > critical. > > > > > > here is the basic config (hope it makes it): > > > > > > pc host 1 -+- e0 router 1, e1 +- pc > > host 2 > > > | | > > > |- e0 router 2, e1 | > > > > > > the routers act as a default gateway between the internal > > network > > > (represented by pc host 1) and the external world > > (represented by pc > > > host 2). i have used 10.3 and 10.4 /16 as the addresses for > > each side > > > of the divide. i want to run hsrp on both sets of router > > interfaces so > > > that in the event a router or an interface fails, the traffic > > impact is > > > minimized. in the real world pc host 2 will be a firewall > > and there > > > will be other hosts off that segment as well > > > > > > looks easy. sounds plausible. read the cisco docs. looks > > like it > > > should work. minimal incantations before tickling the > > keyboard. key > > > in the configs and it fires up nicely. do the show standby > > thingee and > > > all looks cool. can ping the 2 stations end to end. most > > excellent. > > > put a router in debug mode. when i pull one of the 4 router > > cables the > > > router goes through a state change but no bits make it to the > > far end. > > > not even the shiney ones. bitstream courtesy of ping. > > > > > > maybe i misunderstood what hsrp was suppose to do. the > > configs are > > > below, along with the show standby results. both are 2514's > > (2 aui's) > > > and both are running 12.2(1d). probably forgot to put the > > interface in > > > mumble mode or something equally easy. no laughter, please. > > > > > > HSRP assumes the ehternet interfaces to be on the same subnet. > > your ehternet > > side is on two different subnets. hence - no failover. > > > > to get th
Re: it started out as a really good idea ... [7:64638]
bnet > > 10.3.0.0/16, say on a hub or a switch. > > > > He's got PC2 and both E1s in subnet 10.4.0.0, on another hub > > or switch. > > > > If the problem isn't related to misconfiguration of the > > default gateway on > > the PCs, I do have another theory. :-) > > > > Say he pulls the E0 cable on Router 1. No problem, PC1 will > > start using > > Router2. > > > > Then he pings from PC1 to PC2. The ping will probably get > > there but what > > about the reply coming back? > > > > What happens if PC2 is using Router 1 and Router 1 has no way > > to send PC2's > > packet from itself to Router 2 due to the missing cable, not > > to mention > > lack > > of any routing protocol configured. > > > > Think about it! :-) > > > > Priscilla > > > > The Long and Winding Road wrote: > > > > > > ""garrett allen"" wrote in message > > > news:[EMAIL PROTECTED] > > > > i have a need for a high availability solution for a > > default > > > gateway > > > > configuration. just finished the ccdp and thought it > > might be > > > > interesting to try hsrp on a pair of 2514's. put some of > > > that theory > > > > to work. instead of highly resiliant i've managed to > > > configure it for > > > > mass failure. arg.., not exactly what i had in mind. > > now, > > > any time i > > > > take down 1 of the 4 links, the connect between 2 remote > > > hosts dies. > > > > this is in a lab (production is not a lab, production is > > not > > > a lab...) > > > > so it is a mystery i would like to solve, but it is not > > > critical. > > > > > > > > here is the basic config (hope it makes it): > > > > > > > > pc host 1 -+- e0 router 1, e1 +- pc > > > host 2 > > > > | | > > > > |- e0 router 2, e1 | > > > > > > > > the routers act as a default gateway between the internal > > > network > > > > (represented by pc host 1) and the external world > > > (represented by pc > > > > host 2). i have used 10.3 and 10.4 /16 as the addresses > > for > > > each side > > > > of the divide. i want to run hsrp on both sets of router > > > interfaces so > > > > that in the event a router or an interface fails, the > > traffic > > > impact is > > > > minimized. in the real world pc host 2 will be a firewall > > > and there > > > > will be other hosts off that segment as well > > > > > > > > looks easy. sounds plausible. read the cisco docs. > > looks > > > like it > > > > should work. minimal incantations before tickling the > > > keyboard. key > > > > in the configs and it fires up nicely. do the show standby > > > thingee and > > > > all looks cool. can ping the 2 stations end to end. most > > > excellent. > > > > put a router in debug mode. when i pull one of the 4 > > router > > > cables the > > > > router goes through a state change but no bits make it to > > the > > > far end. > > > > not even the shiney ones. bitstream courtesy of ping. > > > > > > > > maybe i misunderstood what hsrp was suppose to do. the > > > configs are > > > > below, along with the show standby results. both are > > 2514's > > > (2 aui's) > > > > and both are running 12.2(1d). probably forgot to put the > > > interface in > > > > mumble mode or something equally easy. no laughter, > > please. > > > > > > > > > HSRP assumes the ehternet interfaces to be on the same > > subnet. > > > your ehternet > > > side is on two different subnets. hence - no failover. > > > > > > to get this to work using 2514's: > > > > > > > > > E0--2514_1---E1 > > > > > > E0--2514_2---E1 > > > > > > > > > the e0's on the same subnet, the e1's on the same subnet > > > > > > &g
Re: RE: it started out as a really good idea [7:64636]
never any offense in the search for truth, just truth. the pc's are configured with the virtual router as the default gateway. i checked the arp cache on the pc's (w2k) with arp -a before i unplugged, during the unplug time, and afterwards. the mac address remained the same, which is to say the 0c... virtual mac address that cisco uses. it is different than the bia on the interfaces and when doing a show interfaces you can see which interface has the virtual mac address since its hardware address is different than its bia. i read through a tac article last nite that may hold a clue. it suggests using the bia as the virtual mac address via the "standby use- bia". it stipulated that even though the pc uses the virtual mac address return packets will bear the bia of the router as the source mac. it is a function of the lower end cisco gear and how many mac addresses they can have. these are 2514's. i haven't fully thought through the ramifications of this but have found in practice that asymmetry usually leads to bad juju, so changing the mac may help by making things consistent. it did caution that some end stations may not play well when the mac changes, but a gratuitous arp was sent. so we'll see today. i hesitated to post the traces as they were rather large. i will do so later today with fresh traces unless someone objects about the noise volume. if so i can send offline to whomsoever is interested. i've never worked with hsrp so i am interested in getting it resolved and understanding the why's of unsuccessful and successful operation. like i said in the beginning, it seemed like a really good idea... cheers for now (off to the salt mines ...) garrett - Original Message - From: Troy Leliard Date: Friday, March 7, 2003 4:46 am Subject: RE: it started out as a really good idea [7:64636] > Looks like you have it configured correctly, and that they are forming > "adjacencies". At the risk of offending, but always best to start > right at > the beginning, the gateway on your hosts are set to the HSRP > address correct? > > When you unplug any of the 4 cables, you can no longer ping the > either side > of the host. Perhaps give us a debug standby during one of these > events ? > > > garrett allen wrote: > > > > i have a need for a high availability solution for a default > > gateway > > configuration. just finished the ccdp and thought it might be > > interesting to try hsrp on a pair of 2514's. put some of that > > theory > > to work. instead of highly resiliant i've managed to configure > > it for > > mass failure. arg.., not exactly what i had in mind. now, any > > time i > > take down 1 of the 4 links, the connect between 2 remote hosts > > dies. > > this is in a lab (production is not a lab, production is not a > > lab...) > > so it is a mystery i would like to solve, but it is not > > critical. > > > > here is the basic config (hope it makes it): > > > > pc host 1 -+- e0 router 1, e1 +- pc host 2 > > | | > > |- e0 router 2, e1 | > > > > the routers act as a default gateway between the internal > > network > > (represented by pc host 1) and the external world (represented > > by pc > > host 2). i have used 10.3 and 10.4 /16 as the addresses for > > each side > > of the divide. i want to run hsrp on both sets of router > > interfaces so > > that in the event a router or an interface fails, the traffic > > impact is > > minimized. in the real world pc host 2 will be a firewall and > > there > > will be other hosts off that segment as well > > > > looks easy. sounds plausible. read the cisco docs. looks > > like it > > should work. minimal incantations before tickling the > > keyboard. key > > in the configs and it fires up nicely. do the show standby > > thingee and > > all looks cool. can ping the 2 stations end to end. most > > excellent. > > put a router in debug mode. when i pull one of the 4 router > > cables the > > router goes through a state change but no bits make it to the > > far end. > > not even the shiney ones. bitstream courtesy of ping. > > > > maybe i misunderstood what hsrp was suppose to do. the configs > > are > > below, along with the show standby results. both are 2514's (2 > > aui's) > > and both are running 12.2(1d). probably forgot to put the > > interface in > > mumble mode or something equally easy. no laughter, please. > > > > tha
Re: RE: it started out as a really good idea ... [7:64638]
must ... find... coffee just catching back up as dc awakens. the default gateways used by the pc's are the virtual router addresses, a different one for each (i.e. pc1 uses virtual router 1 and pc2 uses virtual router 2). the pc arp caches correctly reflect the virtual mac address (cisco generated 0c...)which are different than the router interfaces bia's. the virtual macs do move and the different interfaces do seem to stop and start their role as the active interface. looking over the traces last nite didn't yield much more. i have a couple things to try and i did find a tac article that holds some hope using standby use-bia. we'll see. thanks for all your thoughts and help. i'll get this to work or i'll revert to plan b, 2 tin cans and ... - Original Message - From: Priscilla Oppenheimer Date: Thursday, March 6, 2003 5:14 pm Subject: RE: it started out as a really good idea ... [7:64638] > What did you use a default gateway on the PCs?? > > Priscilla > > garrett allen wrote: > > > > i have a need for a high availability solution for a default > > gateway > > configuration. just finished the ccdp and thought it might be > > interesting to try hsrp on a pair of 2514's. put some of that > > theory > > to work. instead of highly resiliant i've managed to configure > > it for > > mass failure. arg.., not exactly what i had in mind. now, any > > time i > > take down 1 of the 4 links, the connect between 2 remote hosts > > dies. > > this is in a lab (production is not a lab, production is not a > > lab...) > > so it is a mystery i would like to solve, but it is not > > critical. > > > > here is the basic config (hope it makes it): > > > > pc host 1 -+- e0 router 1, e1 +- pc host 2 > > | | > > |- e0 router 2, e1 | > > > > the routers act as a default gateway between the internal > > network > > (represented by pc host 1) and the external world (represented > > by pc > > host 2). i have used 10.3 and 10.4 /16 as the addresses for > > each side > > of the divide. i want to run hsrp on both sets of router > > interfaces so > > that in the event a router or an interface fails, the traffic > > impact is > > minimized. in the real world pc host 2 will be a firewall and > > there > > will be other hosts off that segment as well > > > > looks easy. sounds plausible. read the cisco docs. looks > > like it > > should work. minimal incantations before tickling the > > keyboard. key > > in the configs and it fires up nicely. do the show standby > > thingee and > > all looks cool. can ping the 2 stations end to end. most > > excellent. > > put a router in debug mode. when i pull one of the 4 router > > cables the > > router goes through a state change but no bits make it to the > > far end. > > not even the shiney ones. bitstream courtesy of ping. > > > > maybe i misunderstood what hsrp was suppose to do. the configs > > are > > below, along with the show standby results. both are 2514's (2 > > aui's) > > and both are running 12.2(1d). probably forgot to put the > > interface in > > mumble mode or something equally easy. no laughter, please. > > > > thanks in advance. > > > > router 1 > > interface Ethernet0 > > ip address 10.3.255.2 255.255.0.0 > > no ip route-cache > > no ip mroute-cache > > standby 1 priority 200 preempt > > standby 1 ip 10.3.0.2 > > ! > > interface Ethernet1 > > ip address 10.4.254.2 255.255.0.0 > > no ip route-cache > > no ip mroute-cache > > standby 2 priority 200 preempt > > standby 2 ip 10.4.254.10 > > > > > > router 2 > > interface Ethernet0 > > ip address 10.3.255.1 255.255.0.0 > > no ip route-cache > > no ip mroute-cache > > standby 1 priority 225 preempt > > standby 1 ip 10.3.0.2 > > ! > > interface Ethernet1 > > ip address 10.4.254.1 255.255.0.0 > > no ip route-cache > > no ip mroute-cache > > standby 2 priority 150 preempt > > standby 2 ip 10.4.254.10 > > > > results of show standby > > Router1#show standby > > Ethernet0 - Group 1 > > Local state is Standby, priority 200, may preempt > > Hellotime 3 holdtime 10 > > Next hello sent in 00:00:00.940 > > Hot standby IP address is 10.3.0.2 configured > > Active router is 10.3.255.1 expires in 00:00:09,
Re: RE: it started out as a really good idea ... [7:64638]
mirable dictu! secret is in the standby track command. lost 9 pings and then picked up just like nothing happened. can pull any of the 4 links now an it works just like in the movies. thanks all. - Original Message - From: garrett allen Date: Friday, March 7, 2003 6:57 am Subject: Re: RE: it started out as a really good idea ... [7:64638] > must ... find... coffee > > just catching back up as dc awakens. the default gateways used by > the > pc's are the virtual router addresses, a different one for each > (i.e. > pc1 uses virtual router 1 and pc2 uses virtual router 2). the pc > arp > caches correctly reflect the virtual mac address (cisco generated > 0c...)which are different than the router interfaces bia's. > the > virtual macs do move and the different interfaces do seem to stop > and > start their role as the active interface. > > looking over the traces last nite didn't yield much more. i have > a > couple things to try and i did find a tac article that holds some > hope > using standby use-bia. we'll see. > > thanks for all your thoughts and help. i'll get this to work or > i'll > revert to plan b, 2 tin cans and ... > > - Original Message - > From: Priscilla Oppenheimer > Date: Thursday, March 6, 2003 5:14 pm > Subject: RE: it started out as a really good idea ... [7:64638] > > > What did you use a default gateway on the PCs?? > > > > Priscilla > > > > garrett allen wrote: > > > > > > i have a need for a high availability solution for a default > > > gateway > > > configuration. just finished the ccdp and thought it might be > > > interesting to try hsrp on a pair of 2514's. put some of that > > > theory > > > to work. instead of highly resiliant i've managed to configure > > > it for > > > mass failure. arg.., not exactly what i had in mind. now, any > > > time i > > > take down 1 of the 4 links, the connect between 2 remote hosts > > > dies. > > > this is in a lab (production is not a lab, production is not a > > > lab...) > > > so it is a mystery i would like to solve, but it is not > > > critical. > > > > > > here is the basic config (hope it makes it): > > > > > > pc host 1 -+- e0 router 1, e1 +- pc host 2 > > > | | > > > |- e0 router 2, e1 | > > > > > > the routers act as a default gateway between the internal > > > network > > > (represented by pc host 1) and the external world (represented > > > by pc > > > host 2). i have used 10.3 and 10.4 /16 as the addresses for > > > each side > > > of the divide. i want to run hsrp on both sets of router > > > interfaces so > > > that in the event a router or an interface fails, the traffic > > > impact is > > > minimized. in the real world pc host 2 will be a firewall and > > > there > > > will be other hosts off that segment as well > > > > > > looks easy. sounds plausible. read the cisco docs. looks > > > like it > > > should work. minimal incantations before tickling the > > > keyboard. key > > > in the configs and it fires up nicely. do the show standby > > > thingee and > > > all looks cool. can ping the 2 stations end to end. most > > > excellent. > > > put a router in debug mode. when i pull one of the 4 router > > > cables the > > > router goes through a state change but no bits make it to the > > > far end. > > > not even the shiney ones. bitstream courtesy of ping. > > > > > > maybe i misunderstood what hsrp was suppose to do. the configs > > > are > > > below, along with the show standby results. both are 2514's (2 > > > aui's) > > > and both are running 12.2(1d). probably forgot to put the > > > interface in > > > mumble mode or something equally easy. no laughter, please. > > > > > > thanks in advance. > > > > > > router 1 > > > interface Ethernet0 > > > ip address 10.3.255.2 255.255.0.0 > > > no ip route-cache > > > no ip mroute-cache > > > standby 1 priority 200 preempt > > > standby 1 ip 10.3.0.2 > > > ! > > > interface Ethernet1 > > > ip address 10.4.254.2 255.255.0.0 > > > no ip route-cache > > > no ip mroute-cache > > &g
Re: it started out as a really good idea ... [7:64638]
having the interfaces track one another was in fact the secret sauce that made it work. i can pull any of the links and it contines to ping with minimal interruption. cheers! - Original Message - From: John Neiberger Date: Friday, March 7, 2003 11:42 am Subject: Re: it started out as a really good idea ... [7:64638] > That's an excellent point. With this design you run a risk of > asymmetrical routing. To solve this, in the HSRP configuration on > eachrouter have the e0 interface track the e1 interface and vice- > versa. > That way, if you pull a cable on one side, this triggers failover on > both sides. > > Give that a shot, I think it will work. > > John > > >>> "Priscilla Oppenheimer" 3/6/03 4:23:46 PM > >>> > Um, he already has both the E0s in the same subnet and both the > E1s in > the > same subnet, according to his config. > > His drawing is confusing but I think he's got PC1 and both E0s in > subnet > 10.3.0.0/16, say on a hub or a switch. > > He's got PC2 and both E1s in subnet 10.4.0.0, on another hub or > switch. > > If the problem isn't related to misconfiguration of the default > gatewayon > the PCs, I do have another theory. :-) > > Say he pulls the E0 cable on Router 1. No problem, PC1 will start > using > Router2. > > Then he pings from PC1 to PC2. The ping will probably get there but > what > about the reply coming back? > > What happens if PC2 is using Router 1 and Router 1 has no way to send > PC2's > packet from itself to Router 2 due to the missing cable, not to > mentionlack > of any routing protocol configured. > > Think about it! :-) > > Priscilla > > The Long and Winding Road wrote: > > > > ""garrett allen"" wrote in message > > news:[EMAIL PROTECTED] > > > i have a need for a high availability solution for a default > > gateway > > > configuration. just finished the ccdp and thought it might be > > > interesting to try hsrp on a pair of 2514's. put some of > > that theory > > > to work. instead of highly resiliant i've managed to > > configure it for > > > mass failure. arg.., not exactly what i had in mind. now, > > any time i > > > take down 1 of the 4 links, the connect between 2 remote > > hosts dies. > > > this is in a lab (production is not a lab, production is not > > a lab...) > > > so it is a mystery i would like to solve, but it is not > > critical. > > > > > > here is the basic config (hope it makes it): > > > > > > pc host 1 -+- e0 router 1, e1 +- pc > > host 2 > > > | | > > > |- e0 router 2, e1 | > > > > > > the routers act as a default gateway between the internal > > network > > > (represented by pc host 1) and the external world > > (represented by pc > > > host 2). i have used 10.3 and 10.4 /16 as the addresses for > > each side > > > of the divide. i want to run hsrp on both sets of router > > interfaces so > > > that in the event a router or an interface fails, the traffic > > impact is > > > minimized. in the real world pc host 2 will be a firewall > > and there > > > will be other hosts off that segment as well > > > > > > looks easy. sounds plausible. read the cisco docs. looks > > like it > > > should work. minimal incantations before tickling the > > keyboard. key > > > in the configs and it fires up nicely. do the show standby > > thingee and > > > all looks cool. can ping the 2 stations end to end. most > > excellent. > > > put a router in debug mode. when i pull one of the 4 router > > cables the > > > router goes through a state change but no bits make it to the > > far end. > > > not even the shiney ones. bitstream courtesy of ping. > > > > > > maybe i misunderstood what hsrp was suppose to do. the > > configs are > > > below, along with the show standby results. both are 2514's > > (2 aui's) > > > and both are running 12.2(1d). probably forgot to put the > > interface in > > > mumble mode or something equally easy. no laughter, please. > > > > > > HSRP assumes the ehternet interfaces to be on the same subnet. > > your ehternet > > side is on two different subnets. hence - no failover. > > > > to get this to work using 2514's: > > > > > >
Re: network design [7:64422]
personally, i've had very good luck with vendor designs. in particular if you have some inkling about what your requirements are and the rudiments of a solution set in mind. if you know enough about a solution to intelligently pose questions and negotiate features/costs tradeoffs then you can get a really decent design that is up to date with what your favorite vendor currently offers and it cost you 2 vendor meetings at 1.5 hours each, plus prep time. really a deal. but you do need to know the requirements. so in this case the questions posed earlier by chuck would need to be answered so the vendor can work their magic. off to germany for a week - will return with more "opportunities to excel", no doubt. garrett - Original Message - From: Scott Roberts Date: Friday, March 7, 2003 2:42 pm Subject: Re: network design [7:64422] > I guess I'm the only one with the problem of that many then. I'll > take your > words for it that it works OK, but I still keep thinking back to > that one > study (don't recall its name), and can't help but think effiecency > would go > by some noticeable degree. anybody can through switch and hubs > around,we're supposed to do it right, not just "to get by". > > I mean if 700 is ok, then why not 1000? at some point you have to > agreethere is going to be a performance hit. hasn't any > manufacturor thought to > retest this performance issue with the newer equipment? > > scott > > ""Priscilla Oppenheimer"" wrote in message > news:[EMAIL PROTECTED] > > Great answer Chuck. It sounds like you figured out his/her basic > needs,> though we would need more detail to provide a detailed > design, of course, > > and payment for design services. :-) Well, actually your idea of > asking a > > vendor to do an RFP might mean a free design (that would be > biased toward > > the vendor, of course, but still a good start.) > > > > I'm not in disagreement that today 700 nodes in one broadcast > domain might > > be OK. In other words, I would probably recommend no VLANs as a > start.VLANs > > complicate matters. If the network admins are somewhat new to > networking,> they should avoid VLANs to start. > > > > The reason 700 nodes in one broadcast domain could work is > because NICs > and > > CPUs are really not bothered by broadcasts like they were in the > mid-1990s. > > They are much fast, have better buffers, etc. Some would argue > they never > > were affected as much as Cisco claimed! > > > > I help out once in a while on a city-wide school network with > that many > > nodes in one broadcast domain. It has all the risk factors: > > > > Lots of AppleTalk traffic > > Lots of Novell traffic > > Lots of NetBIOS traffic > > Lots of IP traffic > > Ancient PCs with slow CPUs > > > > There are no performance issues. > > > > Priscilla > > > > The Long and Winding Road wrote: > > > > > > ""ferry ferry"" wrote in message > > > news:[EMAIL PROTECTED] > > > > I need a scheme of network.It need seven hundreds > > > points.please give me > > > some > > > > advice on how to design it.It include that how to select > > > network > > > > product,product configuration.They are seted in a building.It > > > have twenty > > > > layers. > > > > > > > > > Let's see if I understand you correctly. > > > > > > A company is located in a multistory building. There are 700 > > > users spread > > > out among 20 floors. So on average there are 35 users per floor. > > > > > > I'm going to assume a single data center with your servers and > > > internet > > > connection. > > > > > > Got fiber running from your data center to the various floors? > > > How is this > > > structured? how far from the dataccenter to each of the floors? > > > > > > the answer to this will help determine if you use a collapsed > > > backbone or if > > > you connect your switches in series. > > > > > > do you have groups of users who should logically be separated > > > from > > > eachother. Some companies like their payroll department to be > > > on a separate > > > network from other departments, for example. are there some > > > services that > > > need to be separated and unavailable to some users? > > > > > > These days, 700 uses, particularly in a switched environment, > > > is not such a > > > large braodcast domain ( stop grinding your teeth, Priscilla > > > ;-> ) but > > > still, you might just want to separated out logical groups into > > > vlans. or > > > maybe do it by grouping a couple of florrs together into vlans. > > > > > > my knee jerk thought, not knowing too much about the > > > particulars, is > > > determine your port counts per floor, determine connectivity - > > > fiber runs > > > between closets, and where those runs terminate. if it's > > > copper, you got > > > troubles :-> > > > > > > determine your logical / vlan structures. who needs to see what > > > and when. > > > > > > Then go through the provisioning process. > > > > > > Don't be afraid to call in a couple of vendors
Re: Gratuitous ARP and HSRP [7:65633]
eric, i can only comment in a limited way and only based on what i have read. the lower end cisco products (like the 2500's i've been deploying in remote offices) can only associate one virtual mac address to an interface and so can only belong to a single hsrp group. if you have a need to support more than one hsrp group on an interface one way around that limitation it is to use the bia of the interface as the virtual address and to issue a gratuitous arp whenever the interface takes over - the command is "standby use-bia" i recall. higher end products don't have the limitation and some end stations don't really respond well to it. i haven't actually used this before for money, so there is the possibility of being wrong and your mileage may vary will use. but it should start the ball rolling to hear from others. cheers. garrett - Original Message - From: ericbrouwers Date: Tuesday, March 18, 2003 1:24 am Subject: Gratuitous ARP and HSRP [7:65633] > Hello all, > > I've read in the CCNP Switching Exam Cert. Guide that a standby > router that > becomes active in an HSRP group, sends a gratuitous ARP to update > the ARP > cache of the end stations with the new active MAC address... > > This is strange, since the same virtual MAC address is used by > active and > standby HSRP routers. > > However, maybe Cisco's implementation has once been like this, > because I've > seen instances in the field that ARP caches contained the real MAC > instead of > the virtual MAC address when using HSRP. > > Can someone give comments on this? > > Thanks, > > Eric Brouwers > [EMAIL PROTECTED] > Nondisclosure violations to [EMAIL PROTECTED] Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=65673&t=65633 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: acl question [7:66952]
correction. it should read in para #2 "... i apply an acl on the inbound e0 to block tcp traffic destined for the 172.20 internal network from the 10.2.100 one unless it is established by the 172.20 network." i'm fading fast... sorry for the confusion. - Original Message - From: garrett allen Date: Sunday, April 6, 2003 0:01 am Subject: acl question > it's midnite, i'm bored, outta beer and my head is starting to > hurt > from too many random thoughts about what should be a simple acl. > i've > sufficiently banged my head against the wall so now i solicit help > from > the wise. we are not worthy ...we are not worthy > > i've got a little 2514 bridging 2 intenal networks. e0 is > 172.20.0.2 > and e1 is 10.2.100.2. i apply an acl on the inbound e0 to block > tcp > traffic that is initiated by the 172.20 internal network to the > 10.2.100 one. that seems to work ok. i can do what i need to do > from > the 172.20 net on devices in the 10.2.100 one. the problem is > that i > also want to use the e0 interface as the default gateway for the > 172.20 > network (basically issuing redirects to hosts to go out the > firewall). > that's where i run into problems. no redirects occur :-( > > the acl i created is simple (and obviously not working): > access-list 101 permit tcp 172.20.0.0 0.0.255.255 10.2.100.0 > 0.0.0.255 > established > > interface Ethernet0 > ip address 172.20.0.2 255.255.0.0 > ip access-group 101 in > > what did i miss? the fallback plan is to change the dhcp parms to > use > the firewall as the default gateway. i was trying to shift load > from > the firewall and use the router for, well, routing. > > thoughs? beer? help? > > thanks. Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=66952&t=66952 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: RE: number of CCIE [7:70151]
you make an a priori argument that lower is better. is a lower number cpa better than a higher numbered one? actually, probably the inverse is true as the more recent the certification the more recent the material covered. this is balanced against with age comes opportunities and experiences. threads like this are like discussing the maximum number of angels dancing on the head of a pin. i vote we kill the thread before it spawn. later. - Original Message - From: n rf Date: Thursday, June 5, 2003 5:16 pm Subject: RE: number of CCIE [7:70151] > Well, there are still less than 10,000 CCIE's. So the population > hasn'taccelerated THAT dramatically. > > Having said that, I will say that the CCIE has most likely gotten less > rigorous and therefore less valuable over time. I know this is > going to > greatly annoy some people when I say this, but the truth is, the > averagequality of the later (read: high-number) CCIE's is probably > lower than the > average quality of the higher (read: lower-number) CCIE's. > > Before any of you high-number CCIE's decides to flame me, ask > yourself if > you were given the opportunity to trade your number for a lower > number,would you do it? For example, if you are CCIE #11,000 and > you could trade > that number for CCIE #1100, would you take it? Be honest with > yourself. > I'm sure you would concede that you would. By the same token we > also know > that no low-number CCIE would willingly trade his number for a > higher one. > The movement is therefore all "one-way". If all CCIE's were > really "created > equal" then nobody would really care one way or another which > number they > had. Therefore the CCIE community realizes that all CCIE's are not > createdequal and that intuitively that the lower number is more > desirable and the > higher number is less desirable (otherwise, why does everybody > want a lower > number?). Simply put, the test is not as rigorous as it was in > the past, > which is why lower numbers are preferred. > > Or, I'll put it to you another way. Let's say that starting at > #12,000Cisco makes the test ridiculously hard, putting in all > kinds of funky > technologies, and making the pass rate less than 1% or some other > god-awful > number. What would happen? Simple. Word would get around that > the "new" > CCIE was super-rigorous and therefore very prestigious to pass. > Eventually,numbers greater than #12000 would be coveted, and > everybody would want to > trade in their number for one greater than #12000. Recruiters and > HR people > would start giving preference to CCIE's with numbers greater than > #12000. > The point is that when rigor increases, prestige and desirability > tends to > follow. When rigor declines, so does prestige and desirability. > > > And what is the cause of this decline in rigor? Well, you alluded to > several factors. While it is still rather controversial exactly > how the > switch from 2 days to 1 day impacted the program, it is widely > conceded that > it probably didn't help. Nor does having all these braindumps all > over the > Internet, and not just for the written, but the lab as well. The > CCIE has > certain arcane logistical rules that people have figured out how > to 'game' - > for example, for example, some people who live near test sites > just attempt > the lab every month over and over again. Finally, there is the > consensusthat the CCIE program has simply not kept up with the > growing amount of > study material, bootcamps, lab-guides, and so forth. We all know > there's an > entire cottage industry devoted just to helping people to pass the > lab, and > while there's nothing wrong with that per se, it does mean that > Cisco needs > to keep pace to maintain test rigor. To offer a parallel > situation, when > the MCSE bootcamps started to proliferate, the value of the MCSE > plummetedbecause Microsoft did not properly maintain the rigor of > the cert. > Nondisclosure violations to [EMAIL PROTECTED] Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=70228&t=70151 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
question on operational efficiency of vpn's [7:69739]
just finished an 8 city (3 u.s./5 e.u.) vpn deployment. we were in a bit of a rush and now that we have finished the initial deployment we have the luxury of time to think things through a little more clearly. one oversight that we made in our haste to deploy we just confirmed - the overhead associated with ipsec is causing packet fragmentation for packets exiting one location and destined for another over the vpn tunnels. i don't have the traces in front of me but we did run a trace on an ftp session and confirmed it. on an ftp session between vpn locations you see the following pattern of packets received on the destination network: packet 1 - 1460 bytes packet 2 - 120 bytes packet 3 - 1460 bytes packet 4 - 120 bytes &c. they probably started life as 1500 bytes, the ipsec overhead forced a fragment, which appears as the second, smaller packet. the solution is to make all host mtu's slightly smaller, say 1460. this avoids fragmentation and results in an actual wan bandwidth savings of something like 3-5%, although it appears counter intuitive. the question i have is this - is it worth it to adjust each hosts mtu and take on that task? what are considered operational best practices - optimize wan or lan packet sizes and throughput. take on more server administration or ... given the recent thread on the death of design maybe the issue is moot? thanks in advance for your insights. now, if i could just remember how to enable the hub ports on a 2507 ... cheers! Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=69739&t=69739 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: RE: question on operational efficiency of vpn's [7:69739]
thanks for the feedback. to add a little more insight, bandwidth is more expensive in de than in the u.s., so we are using adsl. our de facilities use adsl with t-1 speeds for downloads but only 160kbps for uploads. the de site in question is hosting an ftp server that u.s. users access to get data files and copy them back to the states. they are several hundred megs in size and can take 4-8 hours to complete, depending on what else is going on. it appears to be the single largest consumer of wan uplink bandwidth. there are complaints of the amount of time required to complete an ftp but the folks do understand the math ... i suggested international overnite delivery as an option as there is a point where a tape is actually faster. the question was somewhat rhetorical. no right or wrong answer but i was interested in hearing different operational perspectives. cheers! - Original Message - From: Priscilla Oppenheimer Date: Thursday, May 29, 2003 12:57 pm Subject: RE: question on operational efficiency of vpn's [7:69739] > Good questions. I wish some others would pipe in so you would get > a bigger > sample space, but I'll pipe in since nobody else did yet! > > What do the rest of you think? The exec summary is that we're > wondering how > common it is to adjust host MTU to avoid fragmentation with VPN > and IPSec. > > See below. > > garrett allen wrote: > > > > just finished an 8 city (3 u.s./5 e.u.) vpn deployment. we > > were in a > > bit of a rush and now that we have finished the initial > > deployment we > > have the luxury of time to think things through a little more > > clearly. one oversight that we made in our haste to deploy we > > just > > confirmed - the overhead associated with ipsec is causing > > packet > > fragmentation for packets exiting one location and destined for > > another over the vpn tunnels. i don't have the traces in front > > of me > > but we did run a trace on an ftp session and confirmed it. on > > an ftp > > session between vpn locations you see the following pattern of > > packets > > received on the destination network: > > packet 1 - 1460 bytes > > packet 2 - 120 bytes > > packet 3 - 1460 bytes > > packet 4 - 120 bytes > > &c. > > > > they probably started life as 1500 bytes, the ipsec overhead > > forced a > > fragment, which appears as the second, smaller packet. the > > solution > > is to make all host mtu's slightly smaller, say 1460. this > > avoids > > fragmentation and results in an actual wan bandwidth savings of > > something like 3-5%, although it appears counter intuitive. > > the > > question i have is this - is it worth it to adjust each hosts > > mtu and > > take on that task? > > What would your goal be if you were to adjust each host's MTU? > Would it > matter much if utilization on the WAN links was reduced by 3-5%? > Are you > approaching a high utilization on the WAN links already? > > How much does throughput get affected by the fragmentation? Do you > have some > measurements before and after? I think the throughput would be > less due to > the fragmentation, but maybe not enough less to matter. How about the > response time? Although response time doesn't matter too much with a > non-interactive application, it could matter it if went way up > (which it > probably didn't though). > > Here's the most important question: Have the users noticed? Are they > complaining? If no, don't wory about it. And if yes, then are the > complaintsreally because of the fragmentation or more because of > the overhead inherent > in IPSec? > > You say you tested with FTP. Is that the application the users use > the most? > You should definitely test with their own applications. You may > find that > their favorite applications don't have the problem anyway. For > example, a > lot of HTTP implementations don't fill a 1500-byte packet anyway. > They use > shorter packets because the user's perceived performance is better if > smaller chunks of data appear on the screen quickly, rather than > waiting for > 1500 bytes at a time. > > > what are considered operational best > > practices - > > optimize wan or lan packet sizes and throughput. take on more > > server > > administration or ... given the recent thread on the death of > > design > > maybe the issue is moot? > > Maybe if you ghost the images and there's an easy way to make the > change on > every host it might be worth it, but you have to consider whether the &
Re: question on operational efficiency of vpn's [7:69739]
i appreciated all your inputs. we're back in eu in early august. given that ftp is the one application that is the most demanding on the uplink bandwidth at each of the remote sites, we've proposed what we believe to be a practical tradeoff - reduce the mtu on the ftp servers but leave the other servers as is. not perfect from an engineering or optimization standpoint, but good enough (which is often a good enough solution). thanks again. - Original Message - From: Priscilla Oppenheimer Date: Friday, May 30, 2003 1:49 pm Subject: Re: question on operational efficiency of vpn's [7:69739] > It's good that we're getting a discussion going on this. We all > understandthe theory. The real question is an operational one. Is > it worth the trouble > to configure every host for a lower MTU? In his case, he doesn't > need to, as > it is working, albeit with fragmentation, but should he do it in > order to > improve efficiency, reduce link utilization, increase throughput? > Is it > worth the tradeoff? > > DoctorTCP sounds intriguing but I don't think it would reduce the > managementhassle too much, though I don't know much about it. > > One final comment: I'm surpised that MTU Discovery isn't the > default for > most applications. I would have thought it was. > > Good point about the need to allow the ICMP Frag Needed But DF Bit Set > message back in through firewalls if you are doing MTU Discovery. > > Priscilla > > One testlab wrote: > > > > Hi Garret, > > > > I've some experience of this also. With TCP, the "don't > > fragment bit is set" > > so when a 1500 byte frame hits the VPN tunnel, the VPN device > > sends an ICMP > > message back to the host saying "I need to fragment your packet > > but you are > > telling me not to fragment" because it needs to add extra > > header. The host > > will then try a lower MTU until the packet gets through. This > > is how "MTU > > path discovery works". This relies on your hosts (or IP stack) > > supporting > > MTU discovery and also upon ICMP messages being allowed back to > > your host > > (firewall?). If you have both of these then you are laughing > > and we have > > gotten away with this more often that not. If not you might > > have to manually > > reduce the MTU down on their hosts and/or Proxy Server using > > something like > > DoctorTCP. > > > > Regards > > > > ""garrett allen"" wrote in message > > news:[EMAIL PROTECTED] > > > just finished an 8 city (3 u.s./5 e.u.) vpn deployment. we > > were in a > > > bit of a rush and now that we have finished the initial > > deployment we > > > have the luxury of time to think things through a little more > > > clearly. one oversight that we made in our haste to deploy > > we just > > > confirmed - the overhead associated with ipsec is causing > > packet > > > fragmentation for packets exiting one location and destined > > for > > > another over the vpn tunnels. i don't have the traces in > > front of me > > > but we did run a trace on an ftp session and confirmed it. > > on an ftp > > > session between vpn locations you see the following pattern > > of packets > > > received on the destination network: > > > packet 1 - 1460 bytes > > > packet 2 - 120 bytes > > > packet 3 - 1460 bytes > > > packet 4 - 120 bytes > > > &c. > > > > > > they probably started life as 1500 bytes, the ipsec overhead > > forced a > > > fragment, which appears as the second, smaller packet. the > > solution > > > is to make all host mtu's slightly smaller, say 1460. this > > avoids > > > fragmentation and results in an actual wan bandwidth savings > > of > > > something like 3-5%, although it appears counter intuitive. > > the > > > question i have is this - is it worth it to adjust each hosts > > mtu and > > > take on that task? what are considered operational best > > practices - > > > optimize wan or lan packet sizes and throughput. take on > > more server > > > administration or ... given the recent thread on the death of > > design > > > maybe the issue is moot? > > > > > > thanks in advance for your insights. now, if i could just > > remember > > > how to enable the hub ports on a 2507 ... > > > > > > cheers! > Nondisclosure violations to [EMAIL PROTECTED] Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=69912&t=69739 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: question on operational efficiency of vpn's [7:69739]
i appreciated all your inputs. we're back in eu in early august. given that ftp is the one application that is the most demanding on the uplink bandwidth at each of the remote sites, we've proposed what we believe to be a practical tradeoff - reduce the mtu on the ftp servers but leave the other servers as is. not perfect from an engineering or optimization standpoint, but good enough (which is often a good enough solution). thanks again. - Original Message - From: Priscilla Oppenheimer Date: Friday, May 30, 2003 1:49 pm Subject: Re: question on operational efficiency of vpn's [7:69739] > It's good that we're getting a discussion going on this. We all > understandthe theory. The real question is an operational one. Is > it worth the trouble > to configure every host for a lower MTU? In his case, he doesn't > need to, as > it is working, albeit with fragmentation, but should he do it in > order to > improve efficiency, reduce link utilization, increase throughput? > Is it > worth the tradeoff? > > DoctorTCP sounds intriguing but I don't think it would reduce the > managementhassle too much, though I don't know much about it. > > One final comment: I'm surpised that MTU Discovery isn't the > default for > most applications. I would have thought it was. > > Good point about the need to allow the ICMP Frag Needed But DF Bit Set > message back in through firewalls if you are doing MTU Discovery. > > Priscilla > > One testlab wrote: > > > > Hi Garret, > > > > I've some experience of this also. With TCP, the "don't > > fragment bit is set" > > so when a 1500 byte frame hits the VPN tunnel, the VPN device > > sends an ICMP > > message back to the host saying "I need to fragment your packet > > but you are > > telling me not to fragment" because it needs to add extra > > header. The host > > will then try a lower MTU until the packet gets through. This > > is how "MTU > > path discovery works". This relies on your hosts (or IP stack) > > supporting > > MTU discovery and also upon ICMP messages being allowed back to > > your host > > (firewall?). If you have both of these then you are laughing > > and we have > > gotten away with this more often that not. If not you might > > have to manually > > reduce the MTU down on their hosts and/or Proxy Server using > > something like > > DoctorTCP. > > > > Regards > > > > ""garrett allen"" wrote in message > > news:[EMAIL PROTECTED] > > > just finished an 8 city (3 u.s./5 e.u.) vpn deployment. we > > were in a > > > bit of a rush and now that we have finished the initial > > deployment we > > > have the luxury of time to think things through a little more > > > clearly. one oversight that we made in our haste to deploy > > we just > > > confirmed - the overhead associated with ipsec is causing > > packet > > > fragmentation for packets exiting one location and destined > > for > > > another over the vpn tunnels. i don't have the traces in > > front of me > > > but we did run a trace on an ftp session and confirmed it. > > on an ftp > > > session between vpn locations you see the following pattern > > of packets > > > received on the destination network: > > > packet 1 - 1460 bytes > > > packet 2 - 120 bytes > > > packet 3 - 1460 bytes > > > packet 4 - 120 bytes > > > &c. > > > > > > they probably started life as 1500 bytes, the ipsec overhead > > forced a > > > fragment, which appears as the second, smaller packet. the > > solution > > > is to make all host mtu's slightly smaller, say 1460. this > > avoids > > > fragmentation and results in an actual wan bandwidth savings > > of > > > something like 3-5%, although it appears counter intuitive. > > the > > > question i have is this - is it worth it to adjust each hosts > > mtu and > > > take on that task? what are considered operational best > > practices - > > > optimize wan or lan packet sizes and throughput. take on > > more server > > > administration or ... given the recent thread on the death of > > design > > > maybe the issue is moot? > > > > > > thanks in advance for your insights. now, if i could just > > remember > > > how to enable the hub ports on a 2507 ... > > > > > > cheers! > Nondisclosure violations to [EMAIL PROTECTED] Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=69918&t=69739 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: RE: number of CCIE [7:70151]
yawn. - Original Message - From: n rf Date: Saturday, June 7, 2003 12:09 pm Subject: Re: RE: number of CCIE [7:70151] > garrett allen wrote: > > > > you make an a priori argument that lower is better. is a lower > > number > > cpa better than a higher numbered one? > > You got me wrong. I didn't say that lower is better at all times. > Read my > entire post again. > > I said that more rigorous equates to prestige. This is why I > included my > example of what would happen if Cisco decided to change the CCIE > exam to > become extremely rigorous - then eventually people would prize > "high-number" > CCIE's who passed the more rigorous version. The fact is, > prestige follows > rigor. If something is more rigorous, then it becomes rigorous > and vice > versa. This is why graduating from MIT is more prestigious than > graduatingfrom Podunk Community College. But the fact is, the > CCIE on the whole has > probably gotten more rigorous (i.e. chopping the test from 2 days > to 1, > eliminating the dedicated troubleshooting section, more > bootcamps/braindumps, more cheating, etc. etc.) which is why it > has become > less prestigious. > > > >actually, probably the > > inverse > > is true as the more recent the certification the more recent > > the > > material covered. this is balanced against with age comes > > opportunities and experiences. > > Unfortunately, the free market disagrees with you. The fact is, a > growingnumber of recruiters, headhunters, and HR people are > starting to give > preference to lower-number CCIE's. Go check out the > groupstudy.jobs forum. > Yet I have never heard of any recruiter giving preference to > higher-number > CCIE. It's always one-way, and that's my point. > > > > > > threads like this are like discussing the maximum number of > > angels > > dancing on the head of a pin. i vote we kill the thread before > > it > > spawn. > > > > later. > > > > > > > > > > > > - Original Message - > > From: n rf > > Date: Thursday, June 5, 2003 5:16 pm > > Subject: RE: number of CCIE [7:70151] > > > > > Well, there are still less than 10,000 CCIE's. So the > > population > > > hasn'taccelerated THAT dramatically. > > > > > > Having said that, I will say that the CCIE has most likely > > gotten > > less > > > rigorous and therefore less valuable over time. I know this > > is > > > going to > > > greatly annoy some people when I say this, but the truth is, > > the > > > averagequality of the later (read: high-number) CCIE's is > > probably > > > lower than the > > > average quality of the higher (read: lower-number) CCIE's. > > > > > > Before any of you high-number CCIE's decides to flame me, ask > > > yourself if > > > you were given the opportunity to trade your number for a > > lower > > > number,would you do it? For example, if you are CCIE #11,000 > > and > > > you could trade > > > that number for CCIE #1100, would you take it? Be honest > > with > > > yourself. > > > I'm sure you would concede that you would. By the same token > > we > > > also know > > > that no low-number CCIE would willingly trade his number for > > a > > > higher one. > > > The movement is therefore all "one-way". If all CCIE's were > > > really "created > > > equal" then nobody would really care one way or another which > > > number they > > > had. Therefore the CCIE community realizes that all CCIE's > > are not > > > createdequal and that intuitively that the lower number is > > more > > > desirable and the > > > higher number is less desirable (otherwise, why does > > everybody > > > want a lower > > > number?). Simply put, the test is not as rigorous as it was > > in > > > the past, > > > which is why lower numbers are preferred. > > > > > > Or, I'll put it to you another way. Let's say that starting > > at > > > #12,000Cisco makes the test ridiculously hard, putting in all > > > kinds of funky > > > technologies, and making the pass rate less than 1% or some > > other > > > god-awful > > > number. What would happen? Simple. Word would get around > > that > &g
Re: RE: 40% Ping Success [7:70327]
what kind of circuit is it and is the success rate the same regardless of the destination address pinged? - Original Message - From: Nathan Date: Sunday, June 8, 2003 7:09 am Subject: RE: 40% Ping Success [7:70327] > Well, the only route my router sees is the directly connected router's > IP. This is due to the fact that we haven't gotten BGP up yet. Also, > from what I know, the serial link is the only link sending out > packets. > -Original Message- > From: [EMAIL PROTECTED] [EMAIL PROTECTED] On Behalf Of > Devrim Yener KUCUK > Sent: Sunday, June 08, 2003 2:15 AM > To: [EMAIL PROTECTED] > Subject: Re: 40% Ping Success [7:70327] > > > please verify where the packets are lost...(which layer...?) > > Like any routing issue..2 packets may be sent from one link and 3 > may be > from other.. or physical layer issue (like packet loss... ) cle > countersand check sh int ser ..., sh controller.. which outputs > are increasing > > regards > > de > > > - Original Message - > From: "Nathan" > To: > Sent: Sunday, June 08, 2003 10:01 AM > Subject: 40% Ping Success [7:70327] > > > > Ok guys here's an interesting issue. Once we got the internet > circuit > > up, the ping was only 40% successful. Why would that be? > > > > Here's the setup: > > > > 3700 -> CSU/DSU -> DMARK -> SBC -> Service Provider. > Nondisclosure violations to [EMAIL PROTECTED] Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=70344&t=70327 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: RE: number of CCIE [7:70151]
the intent of this list is to discuss preparation cisco exams, not opportunities in the various job markets. if your comments don't relate to the study blueprint in some meaninful way, please keep them to yourself. thanks. - Original Message - From: n rf Date: Sunday, June 8, 2003 4:14 pm Subject: Re: RE: number of CCIE [7:70151] > garrett allen wrote: > > > > yawn. > > Bored? > > I don't want to be overly confrontational, but if you really > thought this > thread was so boring that you're yawning, then why did you bother > to make a > rebuttal to me in the first place? The fact that you did > obviously means > that you don't think it's THAT boring. > Nondisclosure violations to [EMAIL PROTECTED] Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=70360&t=70151 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
network issue, but not cisco [7:45820]
all, this technically isn't a cisco question, but i've been a long-time reader and this is a puzzle eluding solution thus far so i thought i would try. i also find it somewhat intriguing. we're connected to our upstream provider via a t-1 (we're a software house). per mrtg we use around 400kbps inbound and half that outbound. the external router runs at very low cpu utilization ( 80 [SYN] Seq=1649310639 Ack=0 Win=16384 Len=0 486 7.44557910.3.107.219 207.68.172.254TCP 1416 > 80 [SYN] Seq=1649310639 Ack=0 Win=16384 Len=0 496 7.529725207.68.172.25410.3.107.219 TCP 80 > 1416 [SYN, ACK] Seq=392139821 Ack=1649310640 Win=17520 Len=0 497 7.530401207.68.172.25410.3.107.219 TCP 80 > 1416 [SYN, ACK] Seq=392139821 Ack=1649310640 Win=17520 Len=0 and here the unsuccessful one: No. TimeSourceDestination Protocol Info 152 3.32927610.3.107.219 10.3.1.4 NBNS Name query NB WWW.MSN.COM 153 3.32964210.3.1.4 10.3.107.219 NBNS Name query response 154 3.32970910.3.107.219 10.3.1.2 NBNS Name query NB WWW.MSN.COM 155 3.33004110.3.1.2 10.3.107.219 NBNS Name query response 157 3.33327010.3.107.219 10.3.255.255 NBNS Name query NB WWW.MSN.COM 193 4.08439210.3.107.219 10.3.255.255 NBNS Name query NB WWW.MSN.COM 246 4.83546710.3.107.219 10.3.255.255 NBNS Name query NB WWW.MSN.COM 1019 11.505372 10.3.107.219 10.3.55.16TCP 1354 > 1541 [PSH, ACK] Seq=3806101123 Ack=882030577 Win=16240 Len=68 1020 11.505846 10.3.55.1610.3.107.219 TCP 1541 > 1354 [PSH, ACK] Seq=882030577 Ack=3806101191 Win=8364 Len=32 1038 11.665308 10.3.107.219 10.3.55.16TCP 1354 > 1541 [ACK] Seq=3806101191 Ack=882030609 Win=16208 Len=0 notice the successful one does a dns lookup and the unsuccessful one a nbns. curious. here is how the workstation is presently config'd: Microsoft Windows 2000 [Version 5.00.2195] (C) Copyright 1985-1999 Microsoft Corp. C:\>netstat Active Connections Proto Local Address Foreign AddressState TCPgallen:1037hrnexch2:1047 ESTABLISHED TCPgallen:1041hrnexch2:1063 ESTABLISHED TCPgallen:1044hrnexch2:1047 ESTABLISHED TCPgallen:1048hrnexch2:1063 ESTABLISHED TCPgallen:1065HRNPRINT:netbios-ssn ESTABLISHED TCPgallen:1437go.msn.com:httpTIME_WAIT C:\>ipconfig Windows 2000 IP Configuration Ethernet adapter Local Area Connection: Connection-specific DNS Suffix . : ser.com IP Address. . . . . . . . . . . . : 10.3.107.219 Subnet Mask . . . . . . . . . . . : 255.255.0.0 Default Gateway . . . . . . . . . : 10.3.0.1 C:\>nbtstat -n Local Area Connection: Node IpAddress: [10.3.107.219] Scope Id: [] NetBIOS Local Name Table Name Type Status - GALLEN UNIQUE Registered HERNDON GROUP Registered GALLEN UNIQUE Registered GALLEN UNIQUE Registered HERNDON GROUP Registered INet~ServicesGROUP Registered IS~GALLEN.. UNIQUE Registered C:\>arp -a Interface: 10.3.107.219 on Interface 0x103 Internet Address Physical Address Type 10.3.0.10 08-00-20-ac-27-1d dynamic 10.3.1.2 00-50-8b-ec-7c-14 dynamic 10.3.1.4 00-50-8b-ec-88-64 dynamic 10.3.1.5 00-50-8b-bd-30-1b dynamic 10.3.1.10 00-a0-c9-82-47-4b dynamic 10.3.1.24 00-08-c7-91-83-9e dynamic thanks in advance for your comments. Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=45820&t=45820 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
firewalls and frame relay [7:55915]
not strictly a study topic - more a design topic. when designing a wan and interconnecting multiple sites via frame relay, does it improve overall security posture to place firewalls between the internal networks at each remote location and the frame routers? my thought is that it would not improve security in an appreciable way since traffic is over pvc's between each location. you could traffic shape with the firewall by filtering on the egress but a router access list / extended access list would do the same. also, assume no nat is required between locations (for discussion purposes assume you're using a routable class b address - all nodes assigned unique, routable addresses via dhcp) and internet connections (which are firewalled) are on separate links. this isn't connected to a consulting contract or any other for-pay activity - i'm wrapping-up cit to complete the ccnp and looking towards the ccdp in december and would appreciate your thoughts. thanks. Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=55915&t=55915 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Frame relay circuit speed from IOS? [7:55908]
we use mrtg (a freely available network monitoring tool) for a multi-site frame network. we don't own the routers or have legitimate password access to them (our vendor provides as part of the service) so we had the vendor set up an snmp community string (read only) and an access control list on each of the frame routers provided, allowing access by a couple of monitor stations on our network. it has come in very handy. i'm not at work right now but if interested i can send a sanitized version of the config file we use for mrtg (which shows the mibs accessed). thanks. - Original Message - From: "YASSER ALY" To: Sent: Saturday, October 19, 2002 12:17 AM Subject: RE: Frame relay circuit speed from IOS? [7:55908] > The short answer for your question is to use " sh frame-relay pvc > > > Here is a link illustrating this > > http://www.cisco.com/en/US/tech/tk713/tk237/technologies_tech_note09186a0080 093c06.shtml > > You can use any other relative command from the show frame-relay family > and check the CIR value, this will be the value that the provider has > configured for your circuit as CIR > > HTH, > > Yasser > > > >"Mossburg, Geoff (MAN-Corporate)" wrote: > > > > All, > > I've got a > problem that has me stumped. I have an external CSU/DSU > > off of > Serial0 at a remote site going to a frame-relay circuit of unknown > > > speed. Is there any way to determine the circuit speed with the router's > > > IOS? I want to be able to get this information remotely from many > sites, >so > > having someone physically look at the CSU/DSU's config is > impractical for > > me. > > Thanks very much! > > GM >-- >David Madland > >CCIE# 2016 >Sr. Network Engineer >Qwest Communications >612-664-3367 > > >"You don't make the poor richer by making the rich poorer." --Winston > misconduct and Nondisclosure violations to [EMAIL PROTECTED] > > > > Unlimited Internet access -- and 2 months free! Try MSN. Click Here Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=55941&t=55908 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
ack attack or config prob? [7:56341]
heys, ran into something interesting today. not sure if it is a dos attack or if it indicates an ip stack misconfig. here is the symptom: periodically through the day today we received 100,000 packet bursts on a t-1 circuit. this is a name-brand provider. when the burst occurs it is from the same ip address. on some bursts the packets are all acks. on others they are all fin acks. they are directed at our email servers. when they occur the packets in a burst are all sourced from the same ip address. in the one case where we resolved the ip address back it was another orgs email server. based on the router interface stats the traffic is coming from the outside and is not an internal broadcast storm. per the ms site, "A default-configured Windows NT 3.5x or 4.0 computer will retransmit the SYN-ACK 5 times, doubling the time-out value after each retransmission." if the same logic holds for other parts of the handshake then i'm at a loss to explain tens of thousands of packets unless it is an exploit of a weakness in the stack that allows for virtually unlimited retries. anyone run into this kind of situation before and was the resolution a service pack or other such server upgrade? it caused considerable slowness on external accesses as you might imagine. i grabbed a number of traces documenting it and we did contact our provider (they opened a ticket with their security folk). thanks. Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=56341&t=56341 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: ack attack or config prob? [7:56341]
mark, will keep you informed when we do hear from the vendors security folk. as an aside ethereal (a really great lil' analyzer freely available for download) had no problem keeping up with the data volumes - but do configure it with various address translations turned off or it will appear to hang when dealing with these data volumes. we are on exchange 5.5 / nt 4 running the latest service packs. the ms web site is generally good for technical info but i've not found anything on this particular set of symptoms which is why i question whether it is an exploit or a misconfig. thanks. - Original Message - From: "Mark W. Odette II" To: Sent: Saturday, October 26, 2002 3:41 PM Subject: RE: ack attack or config prob? [7:56341] > I don't have an answer to your question, though it does sound like a DoS > attack to me... > > My only input is that if you are running NT 4.0 Servers, definitely > ensure they are running Service Pack 6a, which you can get from MS's > site. Also, if you are running Exchange, make sure you have SP 4 > installed, as it fixes several issues relating to some critical Exchange > functions. For more info, review the release notes for both service > packs before installing. > > Let us know what the ISP's security folks find... this would be an > interesting learning experience. > > -Mark > -Original Message- > From: Garrett Allen [mailto:garrett.allen@;erols.com] > Sent: Friday, October 25, 2002 10:51 PM > To: [EMAIL PROTECTED] > Subject: ack attack or config prob? [7:56341] > > heys, > > ran into something interesting today. not sure if it is a dos attack or > if > it > indicates an ip stack misconfig. here is the symptom: > > periodically through the day today we received 100,000 packet bursts on > a t-1 > circuit. this is a name-brand provider. when the burst occurs it is > from > the > same ip address. on some bursts the packets are all acks. on others > they > are > all fin acks. they are directed at our email servers. when they occur > the > packets in a burst are all sourced from the same ip address. in the one > case > where we resolved the ip address back it was another orgs email server. > based > on the router interface stats the traffic is coming from the outside and > is > not an internal broadcast storm. > > per the ms site, "A default-configured Windows NT 3.5x or 4.0 computer > will > retransmit the SYN-ACK 5 times, doubling the time-out value after each > retransmission." if the same logic holds for other parts of the > handshake > then i'm at a loss to explain tens of thousands of packets unless it is > an > exploit of a weakness in the stack that allows for virtually unlimited > retries. > > anyone run into this kind of situation before and was the resolution a > service > pack or other such server upgrade? it caused considerable slowness on > external accesses as you might imagine. i grabbed a number of traces > documenting it and we did contact our provider (they opened a ticket > with > their security folk). > > thanks. Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=56362&t=56341 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: ack attack or config prob? [7:56341]
priscilla, the bursts were To: Sent: Saturday, October 26, 2002 7:40 PM Subject: RE: ack attack or config prob? [7:56341] > It sounds like you were under attack, though it's hard to say for sure. I > doubt that it's a misconfig on your end, though. It could be a misconfig at > the other server, but probably not. I don't think you can set the parameters > that badly!? :-) > > It sounds like a DoS attack because of the volume of 100,000 packets. What's > the timeframe, though? You said "burst" so I assume pretty quick. > > Did the problem happen just once or has it reoccured? > > What do any relevant logs show? Do you have a firewall or Intrusion > Detection System that logs info? How about the server itself? Does it show > anything in its log? > > Were all the packets to the server? > > Were they ACKs or SYN ACKs? You mentioned both. > > Were they in response to something your server sent? > > Were they always the same ACK number? > > What were the port numbers? You mentioned e-mail, so were the packets to > port 25 for SMTP? SMTP implementations used to have many security flaws. > Hopefully those would be fixed in a modern OS, but you never know. > > Usually, DoS attacks are SYNs, but there are probably ones that use ACKs or > SYN ACKs too. A search on Google might reveal more info. > > Anyway, I think you did the right thing by getting the ISP security folks > involved. Keep us posted, unless they recommend that you keep it quiet. > > ___ > > Priscilla Oppenheimer > www.troubleshootingnetworks.com > www.priscilla.com > > Garrett Allen wrote: > > > > heys, > > > > ran into something interesting today. not sure if it is a dos > > attack or if it > > indicates an ip stack misconfig. here is the symptom: > > > > periodically through the day today we received 100,000 packet > > bursts on a t-1 > > circuit. this is a name-brand provider. when the burst occurs > > it is from the > > same ip address. on some bursts the packets are all acks. on > > others they are > > all fin acks. they are directed at our email servers. when > > they occur the > > packets in a burst are all sourced from the same ip address. > > in the one case > > where we resolved the ip address back it was another orgs email > > server. based > > on the router interface stats the traffic is coming from the > > outside and is > > not an internal broadcast storm. > > > > per the ms site, "A default-configured Windows NT 3.5x or 4.0 > > computer will > > retransmit the SYN-ACK 5 times, doubling the time-out value > > after each > > retransmission." if the same logic holds for other parts of > > the handshake > > then i'm at a loss to explain tens of thousands of packets > > unless it is an > > exploit of a weakness in the stack that allows for virtually > > unlimited > > retries. > > > > anyone run into this kind of situation before and was the > > resolution a service > > pack or other such server upgrade? it caused considerable > > slowness on > > external accesses as you might imagine. i grabbed a number of > > traces > > documenting it and we did contact our provider (they opened a > > ticket with > > their security folk). > > > > thanks. Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=56369&t=56341 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: ack attack or config prob? [7:56341]
the filter doesn't like special characters. sorry. here is another try without the less than symbol: priscilla, the bursts were less than 2mins each in duration as i recall. they occurred sporatically through the day. i have traces and i'll look for more precise timeframes later tonite. within each burst the packets were from the same ip address. there were at least 2 unique non-contiguous ip addresses involved and 1 repeated a burst at least once that we tracked (i.e. at least 2 bursts of 100k packets). the trace reveals acks and fin acks; no syn or syn ack's noted (my reference to syn acks in the prior email was the only reference i could find on the ms site that discussed their retry implementation, which could cause this if it was unlimited). firewalls are in place which is why i was going down the path of a misconfiguration on our servers. in theory the firewall vendor states that the firewall is doing a stateful inspection and we did see some evidence of packets being dropped at the firewall - but not all. if the session was not previously opened the firewall should drop the ack and fin ack's as they are not a valid start of session transmission. each burst contained the same sequence and ack numbers. i wondered at first if it was our servers that was initiating this behavior pattern. we did reboot the servers. urban legend has it (i.e. my neighbor has a friend whose wife's cousin said ...) that unexpected terminations of outlook web access can cause this kind of behavior to occur, but it is just legend. an examination of the trace doesn't point in that direction but i need to spend more time reviewing them. and the problem reoccurred after the reboots. like i said i think it is an interesting issue because there are so many possibilities and it forces one to think about all the many things that can go wrong. thanks for your insights and thoughtful questions. - Original Message - From: "Garrett Allen" To: Sent: Saturday, October 26, 2002 9:59 PM Subject: Re: ack attack or config prob? [7:56341] > priscilla, > > the bursts were > To: > Sent: Saturday, October 26, 2002 7:40 PM > Subject: RE: ack attack or config prob? [7:56341] > > > > It sounds like you were under attack, though it's hard to say for sure. I > > doubt that it's a misconfig on your end, though. It could be a misconfig > at > > the other server, but probably not. I don't think you can set the > parameters > > that badly!? :-) > > > > It sounds like a DoS attack because of the volume of 100,000 packets. > What's > > the timeframe, though? You said "burst" so I assume pretty quick. > > > > Did the problem happen just once or has it reoccured? > > > > What do any relevant logs show? Do you have a firewall or Intrusion > > Detection System that logs info? How about the server itself? Does it show > > anything in its log? > > > > Were all the packets to the server? > > > > Were they ACKs or SYN ACKs? You mentioned both. > > > > Were they in response to something your server sent? > > > > Were they always the same ACK number? > > > > What were the port numbers? You mentioned e-mail, so were the packets to > > port 25 for SMTP? SMTP implementations used to have many security flaws. > > Hopefully those would be fixed in a modern OS, but you never know. > > > > Usually, DoS attacks are SYNs, but there are probably ones that use ACKs > or > > SYN ACKs too. A search on Google might reveal more info. > > > > Anyway, I think you did the right thing by getting the ISP security folks > > involved. Keep us posted, unless they recommend that you keep it quiet. > > > > ___ > > > > Priscilla Oppenheimer > > www.troubleshootingnetworks.com > > www.priscilla.com > > > > Garrett Allen wrote: > > > > > > heys, > > > > > > ran into something interesting today. not sure if it is a dos > > > attack or if it > > > indicates an ip stack misconfig. here is the symptom: > > > > > > periodically through the day today we received 100,000 packet > > > bursts on a t-1 > > > circuit. this is a name-brand provider. when the burst occurs > > > it is from the > > > same ip address. on some bursts the packets are all acks. on > > > others they are > > > all fin acks. they are directed at our email servers. when > > > they occur the > > > packets in a burst are all sourced from the same ip address. > > > in the one case > > > where we resolved the ip address back it was another orgs email > > > server. base
question on router switching [7:57600]
last minute prep question (and jitters) on how a router switches traffic. setting for the cit tomorrow. attempting to confirm my understanding of which type of switching is default for ip and which type for ipx, appletalk, etc. from ciscopress "cisco internetwork troubleshooting" by chappell and farkas chapter 3 page 156 states that fast switching is the default switching mechanism for all protocols except ip. page 157 states that optimium switching is the default switching mechanism for tcp/ip traffic. question 3.5 at the end of the chapter asks "what is the default switching mechanism for ip traffic" and the given answer is "fast switching is the default switching mechanism for ip traffic" which is contradictory. the cisco site docs state optimum switching for ip and it makes sense given the underlying data structures (trie). then i run into the following question from a subscription service which runs counter to the whole lot "You have enabled priority queuing, custom queuing, or weighted fair queuing. Which traffic will always be classified by fast-switching logic? A - IP B - IPX C - AppleTalk D - DecNet Correct Answer - A IP traffic will always be classified by fast-switching logic. All other traffic will be process switched. Process switching means to find a route. Fast-switching logic puts the traffic in a cache." i'm guessing their talking about older versions of ios prior to optimum switching. arg, head hurts . thanks. Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=57600&t=57600 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
passed cit. that's a wrap on ccnp [7:57741]
took the exam today and passed, barely. of the 4 it was by far the hardest. ccdp next and then, well who knows. perhaps i'll finish that piano concerto thanks all. Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=57741&t=57741 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: passed cit. that's a wrap on ccnp [7:57741]
sorry, i was out of town the past few days in sunny detroit. sounds like we agree - the answer is "it depends." thanks all. - Original Message - From: "Elwood P. Suggins" To: Sent: Thursday, November 21, 2002 6:00 PM Subject: RE: passed cit. that's a wrap on ccnp [7:57741] > huh.. i guess that all depends on what kind of experience you have. Routing > is the hardest, support, remote access, switching Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=57915&t=57741 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: bandwidth vs. latency [7:57899]
not sure there is an absolute answer as it would depend on actual cable distance travelled (not as the crow flies), number of hops, policies enforced, congestion, etc. as a rule of thumb i would use estimated distance in kilometers / (400kilometers per second * .6). it is usually in the ballpark. if you are an order of magnitude higher it would indicate a problem. thanks. - Original Message - From: "Symon Thurlow" To: Sent: Saturday, November 23, 2002 8:33 AM Subject: RE: bandwidth vs. latency [7:57899] > Anyone know what the average expected latency over Frame Relay is? > > -Original Message- > From: Priscilla Oppenheimer [mailto:[EMAIL PROTECTED]] > Sent: 23 November 2002 01:24 > To: [EMAIL PROTECTED] > Subject: RE: bandwidth vs. latency [7:57899] > > > Mirza, Timur wrote: > > > > does anyone have a good reference (e.g., white paper) on the nature of > > bandwidth vs latency & the distinction bet/ the two? > > Well, the distinction is easy. They don't mean the same thing at all. A > good site is Merriam Webster's online dictionary. The 2nd definition for > bandwidth is: > > Bandwidth: the capacity for data transfer of an electronic > communications system > > Latency, on the other hand, means delay. Websters isn't too helpful in > this case, but might help you understand the origin of the word, which > is related to dormancy. > > Cisco's Terms and Acronyms document has a couple definitions of latency, > which are somewhat helpful: > > 1. Delay between the time a device requests access to a network and the > time it is granted permission to transmit. > > 2. Delay between the time a device receives a frame and the time that > frame is forwarded out the destination port. > > Those definitions allude to the many contributors to delay (latency) on > a > network: > > * media access time > * queuing time at internetworking devices > * processing time at internetworking devices and at the sender and > receiver > * serialization delay to send and receive bits at the rate specified by > the bandwidth of the sending and receiving interfaces > * propagation delay which is distance dependent and to a certain extent > medium dependent, although most media support about 2/3 the speed of > light > > Testing latency is reasonably easy. Just do some pings. Predicting, > modeling, and simulating delay is advanced engineering. A few books > cover it at a very basic level, including Top-Down Network Design by > Oppenheimer, and Data Network Design by Spohn. > > Howard Berkowitz has written some RFCs that discuss performance > measurement, if I recall. > > There are graduate level computer science classes that cover performance > measurement in computer networks at many universities. > > And, finally, you can get some info from white papers written by vendors > who sell modelling software. For example, try http://www.netpredict.com/ > and http://www.opnet.com/. > > ___ > > Priscilla Oppenheimer > www.troubleshootingnetworks.com > www.priscilla.com > > > > > > Timur Mirza > > Principal Network Engineer > > Network Planning & Engineering, West Region > > 15505-B Sand Canyon Avenue > > Irvine, California 92618 > > Verizon Wireless > > 949.286.6623 (o) > > 949.697.7964 (c) > = > > This email has been content filtered and > subject to spam filtering. If you consider > this email is unsolicited please forward > the email to [EMAIL PROTECTED] and > request that the sender's domain be > blocked from sending any further emails. > > = Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=57939&t=57899 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
ot: ospf humor [7:59364]
for those tired of studying ospf, now you can sing it. i'm unaffiliated with the link, just stumbled onto it. http://www.oceanwave.com/technical-resources/humor/ospf.html enjoy. Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=59364&t=59364 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: CCIE Vs. BS or MS dergree [7:59481]
and on a lighter note "i never let school interfere with my education." having done the management thing for 20 years i can say from a pragmatic standpoint that a degree's value is primarily getting in the door. having passed that hurdle comes the real test - do you know what you profess to know. degree, certificate, whatever, you must be able to apply the requisite body of knowledge and respond under interview circumstances to "how would you fix" or "how would you design" questions. if you can get past the hr droids experience shows that the ccie holds a better chance at landing a networking position. either way be prepared to answer the "you've got 5 minutes to tell me why i should hire you" question. thanks. - Original Message - From: "Geoff Zinderdine" To: Sent: Thursday, January 02, 2003 5:04 AM Subject: Re: CCIE Vs. BS or MS dergree [7:59481] > > I understand everything you said, and I agree that college coursework > should > > modernize, but I think you may be missing the point of a college > education. > > > > The point of a college education is not to prepare you to step into a job > > immediately. That is not its purpose, and never has been - even for such > > 'professional' degrees like engineering and CS. The purpose of the > college > > degree is to provide you with a a reservoir of general knowledge upon > which > > you can draw, as well as practice in life-skills such as problem-solving, > > critical thinking, and time-management. In essence, you learn how to > learn. > > In the abstract this is a nice thought and perhaps how things should work. > In practice, university seemed to me to be mostly about learning how to > impress a bevy of preening mandarins who have long since lost any relevance > to the world at large. By removing accountability, tenure enforces this > irrelevance. There are some wonderful teachers and amazing researchers to > be sure, but they tend to be focused in disciplines which are very much > practical in nature such as medicine which are preparing students for real > world tasks. > > The real reason that college programs are far behind the times > technologywise is not because of any noble liberal arts approach to > learning. It is because the people on the cutting edge of technology are > working for companies that can remunerate them better than schools. There > is no fundamental benefit to studying old technology over new outside of > inculcating some small sense of nostalgia for an age when you could almost > know everything about the field. At issue is a lack of people qualified to > teach at the cutting edge. > > >They hire him because he has proven in > > college to be a hard-worker who knows how to think critically. This is > > these companies put such an emphasis on GPA - not because they actually > > think the subject matter has anything to do with the job, but because a > top > > GPA indicates a strong work ethic and a supple mind. > > That is generous. A high GPA indicates a strong work ethic and an ability > to coax the results that you want out of the system often by agreeing with a > prof whose theory you disagree with. This is a warped form of Kuhnean > "puzzle-solving". University does very little to encourage shifting > paradigms. In my short academic career I watched scholars rail against > paradigm shifts because they invalidated their life's work. Rather than > revising their disproven ideas they fought tooth and nail to preserve them. > Heaven help you if you contradict them. Supple, capable minds merely > *survive* formal education they aren't produced or even nursed by it. > > > To wit - look at the top management of any large company and notice how by > > and large everybody is a college graduate. Look at Congress - everybody's > a > > graduate. Clearly that means that there's something going on, and that > the > > degree isn't totally worthless. In fact, consider the case of the most > > famous dropout of all - Bill Gates, who himself has chosen to fill the > > entire ranks of Microsoft's top management with college graduates. Gates > > could have put whoever he wanted into those positions, so if the degree > > really wasn't valuable, don't you think Gates would have figured this out > by > > now? If even Gates agrees, I would say that clearly there is something > > valuable about that degree. > > I think you are committing 'post hoc ergo propter hoc'. Gates values smart > people and as most smart people go through university it is moot whether it > is the diploma that is significant in getting them the job or their > intelligence that is more important. > > Though I do not have a degree, I most certainly have an education. For me > the CCIE was an entry into a whole different realm of career possibilities. > Not once in any of my interviews was I looked at unfavourably for not having > completed my degree. All of these tokens, be it degree or certification are > only for getting an interview. If on
bcran [7:51764]
just passed bcran 605 w/888 (706 minimum). fairly straightforward. between routing, switching and remote access (the 3 ccnp exams i've taken thus far) this has had the most direct relevant use. (we're a software/hardware integrator with 7 offices (4 international), 300 people, frame cloud, vpn, wintel/*nix). i found the breadth of subject matter the most difficult aspect of preparation; the depth of coverage was fairly light, however. curious, how do most organizations view telephony/telecommunications - a part of info technology or tucked away in some other corner, like admin or facilities. any experiences working the telcom providers to reduce costs/improve performance when telephony is put in your tender care? thanks. Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=51764&t=51764 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: LAN Design [7:54023]
as a rule of thumb 10mbps ethernet to the user end station is fine for typical user applications in businesses where the network plant is switched - exchange, file sharing, etc. servers on 100mbps. i'm told that more data intensive applications may require 100mbps ethernet to the desktop, but i haven't run into any yet. that said, before making any design decisions first understand the nature of the applications and the kind of traffic they generate. then apply to your proposed physical layout. it is similar to the primary rule of woodworking; measure twice, cut once. thanks. - Original Message - From: "Jimmy" To: Sent: Wednesday, September 25, 2002 5:17 AM Subject: Re: LAN Design [7:54023] > hmm...Let don't talk about product. Just for a general view. Will a normal > 100Mbps switch able to support 300 user? Is it realistic in real life > application? > > ""Larry Letterman"" wrote in message > [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > > which platform are you going to use for 300 users... > > 6500 ? > > 4006 ? > > or multiple stackables ? > > > > Jimmy wrote: > > > > >Let say if i use a 100Mbps switch for 300 user for each floor. Will it be > > >very slow? How do i really calculate the BW for each user. Doing an > > >approximation? 100M/300 ? > > > > > >Cheers, > > >Jimmy > > > > > >""Jimmy"" wrote in message > > >[EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > > > > > >>If i have to design network for 3 storey on a building. There are around > > >>200-300 workstations in 2 storey each. Is it advisable to use Ethernet > to > > >>link them up. As for the other storey it is for admin purpose. The > > >> > > >distance > > > > > >>is around 150m between the further storey. However it is possible to put > a > > >>switch/router at the middle for interconnect. > > >> > > >>Cheers, > > >>Jimmy > > -- > > > > Larry Letterman > > Network Engineer > > Cisco Systems Inc. Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=54048&t=54023 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: LAN Design [7:54023]
depends on how you define the "uber" layers. here's mine: layer 8 - religion (in the sense of big/little endian) layer 9 - politics layer 10 - economics. have been bitten by each at one point or another, so they are relevant but contextual. thanks. - Original Message - From: "Tom Lisa" To: Sent: Thursday, September 26, 2002 1:45 AM Subject: Re: LAN Design [7:54023] > Yes, Sem1 does concentrate on Layer 1. We teach the concepts from the > bottom up. But, as we all know, Top Down Network Design is best. Didn't > someone write a book on it? All good design starts by getting Layer 8 > issues resolved first. > > Prof. Tom Lisa, CCAI > Community College of Southern Nevada > Cisco ATC/Regional Networking Academy > > Priscilla Oppenheimer wrote: > > Tom Lisa wrote: > > > > I'm hurt to say the least. I touch on all of those, albeit > > briefly. After all, I'm not > > teaching CCDA/DP courses. > > > > Prof. Tom Lisa, CCAI > > Community College of Southern Nevada > > Cisco ATC/Regional Networking Academy > > I'm sure experienced, knowledgable professors such as yourself do > teach > design in a well-rounded fashion. ;-) It's more the Academy course > materials > I was concerned about. They teach design from a cabling, hardware, > product > viewpoint, which does have some value, by the way. As Chuck > mentioned, you > have to think about the positioning of wiring closets, the MDF, etc. > Cisco > Networking Academy harps on that a lot, from what I remember. > > Priscilla > > > > > Priscilla Oppenheimer wrote: > > > > > Thank-you very much for the recommendations for Top-Down > > Network Design. I > > > probably don't express my gratitude often enough to the many > > people who > > > bought the book. > > > > > > I suspect that we may be helping a Cisco Networking Academy > > student with > > > homework. ;-) This sounds a lot like the exercises they do. > > That program has > > > a tendency to teach a bottom-up design methodology that > > focuses on physcial > > > size and technology/media selection, before gaining an > > understanding for: > > > > > > business and "political" concerns > > > budget > > > user expectations for reliability, response time, etc. > > > application requirements for bandwidth, delay, etc. > > > appliation behavior in terms of broadcasts, traffic patterns, > > etc. > > > > > > You all did a good job of pointing out the importantance of > > these concepts, > > > so I will say no more. > > > > > > Priscilla > > > > > > > > > > > > Chuck's Long Road wrote: > > > > > > > > ""Tim Medley"" wrote in message > > > > [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > > > > > If you are serious about designing this netwoek and > > designing > > > > ir correctly > > > > > for scalability and functionality, pick up a good network > > > > design book. > > > > > > > > > > My reccomendation is Top Down Network Design, by Priscilla > > > > Openheimer. U > > > > > have two copies one at home and one at the office, I > > refer to > > > > this tome > > > > > quite often. Great book, excellent methodology. > > > > > > > > CL: a good book indeed. the irony here is that oftentimes, > > > > particularly in > > > > smaller environments, the person who has to make these > > > > decisions is under a > > > > severe time constraint, and does not have time to attain the > > > > background that > > > > all of us study. back in the days when I was a network > > manager, > > > > I never had > > > > time to learn this stuff. my own road to correct network > > > > thinking began > > > > after I was downsized. :-> > > > > > > > > > > > > > > > > > > > > > > > > Tim Medley, CCNP+Voice, CCDP, CWNA > > > > > Sr. Network Architect > > > > > VoIP Group > > > > > iReadyWorld > > > > > > > > > > > > > > > -Original Message- > > > > > From: Jimmy [mailto:[EMAIL PROTECTED]] > > > > > Sent: Tuesday, September 24, 2002 11:01 PM > > > > > To: [EMAIL PROTECTED] > > > > > Subject: LAN Design [7:54023] > > > > > > > > > > > > > > > If i have to design network for 3 storey on a building. > > There > > > > are around > > > > > 200-300 workstations in 2 storey each. Is it advisable to > > use > > > > Ethernet to > > > > > link them up. As for the other storey it is for admin > > > > purpose. The > > > > distance > > > > > is around 150m between the further storey. However it is > > > > possible to put a > > > > > switch/router at the middle for interconnect. > > > > > > > > > > Cheers, > > > > > Jimmy > [EMAIL PROTECTED] Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=54218&t=54023 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL
experience with vpn over directway satellite (2way)? [7:54701]
does anyone have experience (preferably successful) with using vpn over a directway 2way satellite? if so please contact me off list. thanks. garrett Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=54701&t=54701 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Neebie to list, need help [7:54904]
the tx/rx loads aren't that great and as it is a t-1 interface the amount of traffic isn't that great. the thing of interest is the interface description - link to uuwho. they have been having significant latency issues. the url may not make it but i posted it below. it describes some of their travails. we use them as well and have seen similar problems yesterday and today. nothing to troubleshoot but you do need to let your users know what is going on with the provider. here is the url >http://www.matrixnetsystems.com/ea/advisories/20021003_instant_alert.jsp hope it helps. - Original Message - From: "Chuck's Long Road" To: Sent: Friday, October 04, 2002 3:29 PM Subject: Re: Neebie to list, need help [7:54904] > in line ( like the skates ) below > > -- > > > > Kerpal.Abdar wrote in message > [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > > Hi All, I am in need of some help. Can anyone tell me what "drops" mean > when > > I issue a "show interface" on a Cisco router? Is this something bad and > if > > so > > what can I do to fix it? > > > > > > Serial0/0 is up, line protocol is up > > Hardware is DSCC4 with integrated T1 CSU/DSU > > Description: LINK TO UUNET > > MTU 1500 bytes, BW 1536 Kbit, DLY 2 usec, > > reliability 255/255, txload 18/255, rxload 64/255 > > Encapsulation FRAME-RELAY IETF, loopback not set > > Keepalive set (10 sec) > > LMI enq sent 145889, LMI stat recvd 145889, LMI upd recvd 0, DTE LMI up > > LMI enq recvd 0, LMI stat sent 0, LMI upd sent 0 > > LMI DLCI 0 LMI type is ANSI Annex D frame relay DTE > > Broadcast queue 0/64, broadcasts sent/dropped 0/0, interface broadcasts > 0 > > Last input 00:00:03, output 00:00:04, output hang never > > Last clearing of "show interface" counters 2w2d > > Queueing strategy: fifo > > Output queue 0/40, 516 drops; input queue 0/75, 999 drops > > > CL: it means that your buffers are overflowing and therefore dropping > packets. not a lot. and to judge from your traffic, it's no big deal. > > CL: what you may want to do is issue a "clear counters" cokmmand, and then > periodically check, and maybe keep a chart. I can't tell from the output > here over how long a period of time this has been happening. > > > > > 5 minute input rate 389000 bits/sec, 68 packets/sec > > 5 minute output rate 113000 bits/sec, 64 packets/sec > > 21344933 packets input, 3254757193 bytes, 0 no buffer > > Received 0 broadcasts, 0 runts, 0 giants, 0 throttles > > 1 input errors, 0 CRC, 1 frame, 0 overrun, 0 ignored, 0 abort > > 27242775 packets output, 1682958597 bytes, 0 underruns > > 0 output errors, 0 collisions, 3 interface resets > > 0 output buffer failures, 0 output buffers swapped out > > 0 carrier transitions > > DCD=up DSR=up DTR=up RTS=up CTS=up > > > > > > > > I am experiencing a lot of latency on the network and I am starting to > > troubleshoote to see what could be causing it. I noticed that on this > link > > the inbound rate tends to spike to full line rate which may be the cause > but > > not sure yet. > > > > Thanks. > > > > Kerpal Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=54923&t=54904 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: RE: Multimedia/Voice over VSAT [7:71706]
interactive voice over satellite is problematic due to the inherent latency of the signal travelling 40,000km distance to the satellite and another 40,000km back. this adds 125ms of latency in each direction (to/from the bird), give or take. if you remeber using satellite for long distance calls it took some getting used to (a bit like talking on a 2 way radio) and the perceived signal quality was less than using an under the pond cable. satellite for 1 way video is fine, carriers use it for backhaul on a regular basis, but interactive video suffers the same difficulties as interactive voice. so with the amount of latency already involved i would try to reduce any further quality impairments caused by voip or digital video processing. satellite offers a variety of quality impairments of its Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=71943&t=71706 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
