RE: Serial Interface Bandwidth [7:50381]
A show interface serial 'x' where x = the serial interface's number will tell you a couple things that are important. 1) the 5 minute load average for input/output 2) the timeslots used You can use the timeslots to determine the bandwidth that is technically available, and the load average to get an idea of what is currently being used. hth, -mark -Original Message- From: Curious [mailto:[EMAIL PROTECTED]] Sent: Thursday, August 01, 2002 9:43 AM To: [EMAIL PROTECTED] Subject: Serial Interface Bandwidth [7:50381] I want to know the current bandwidth of my serial Interface of Router. Lets say i have a fractional T1, how would i know what bandwidth i have for my serial interface. thanks, "The information transmitted is intended only for the person or entity to which it is addressed and may contain confidential and/or privileged material. Any review, retransmission, dissemination or other use of, or taking of any action in reliance upon, this information by persons or entities other than the intended recipient is prohibited. If you received this in error, please contact the sender and delete the material from all computers." Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=50385&t=50381 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: BGP Full/Partial tables question [7:50382]
It sounds like the individual you are working with is sending you a default route. You might want to make sure he/she understands what partial (aka customer routes) routes really are. If not, you will want to escalate this issue... When they are advertising that one route, see what it is. "show ip bgp nei x.x.x.x rec" or "show ip bgp neigh x.x.x.x ro" depending on your local configuration. -Mark -Original Message- From: Bob Timmons [mailto:[EMAIL PROTECTED]] Sent: Thursday, August 01, 2002 9:52 AM To: [EMAIL PROTECTED] Subject: BGP Full/Partial tables question [7:50382] Hey all, I've got a problem. We're running a 7206vxr as our Internet router in NYC. It has 256MB of RAM and uses 2 T1's, each one to a different provider. We're using BGP to help 'load-share' and receiving full routes from each provider. The company needs this router for another use and has replaced it with a 3640. The issue is, the 3640 maxes out at 128MB of RAM and BGP is running out of memory. I've contacted each of my providers, UUNet & Digex (or Worldcom & Intermedia). UUNet sucessfully changed the policy to 'partial routes', so I'm now receiving about 49k routes from UUNet, down from about 110k routes. Digex, on the other hand, cannot seem to help me. Each time we've tried to modify the policy (on their side), I get only 1 route (according to the show ip bgp summary command) and it, basically, breaks. The 'show ip bgp summary' outputs both before & after are as follows: sho ip bgp summ BGP router identifier (w.x.y.z), local AS number 22791 BGP table version is 3769794, main routing table version 3769794 111999 network entries and 161920 paths using 16693023 bytes of memory 29127 BGP path attribute entries using 1748340 bytes of memory 25111 BGP AS-PATH entries using 642872 bytes of memory 0 BGP route-map cache entries using 0 bytes of memory 0 BGP filter-list cache entries using 0 bytes of memory BGP activity 190176/121829 prefixes, 1019863/857943 paths, scan interval 15 secs NeighborVAS MsgRcvd MsgSent TblVer InQ OutQ Up/Down State/PfxRcd 157.130.248.37 4 701 489287 488922 376979400 04:44:4349974 206.181.62.29 4 2548 1331896 252164 376979400 6d09h 111944 sho ip bgp summ BGP router identifier (w.x.y.z), local AS number 22791 BGP table version is 49976, main routing table version 49976 49973 network entries and 49972 paths using 6646373 bytes of memory 9237 BGP path attribute entries using 554340 bytes of memory 7881 BGP AS-PATH entries using 196336 bytes of memory 0 BGP route-map cache entries using 0 bytes of memory 0 BGP filter-list cache entries using 0 bytes of memory BGP activity 240151/233844 prefixes, 1069845/1019873 paths, scan interval 15 secs NeighborVAS MsgRcvd MsgSent TblVer InQ OutQ Up/Down State/PfxRcd (snip) 4 701 508340 4889384997600 00:01:0249969 (snip) 4 2548 1331909 2693044997600 00:01:031 What problem am I trying to solve? How can I load-share the two T1's with or without BGP? We've got about 500 users in NYC that use these pipes for their Internet connectivity. We're supposed to upgrade to a fractional T3, but, as anyone who has worked in a corporate environment can attest, it doesn't happen overnight, nevermind the telco portion. My outbound load sharing is being done by my firewall. We've split the 2 /22 networks into 8 /24 networks and are sending 4 /24's to each T1. any help would be appreciated Bob "The information transmitted is intended only for the person or entity to which it is addressed and may contain confidential and/or privileged material. Any review, retransmission, dissemination or other use of, or taking of any action in reliance upon, this information by persons or entities other than the intended recipient is prohibited. If you received this in error, please contact the sender and delete the material from all computers." Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=50386&t=50382 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Cat2950 VLAN 1 ip address...can't connect [7:50331]
Lore has it that changing the default vlan can result in leaking. Real life experiences? -Mark -Original Message- From: MADMAN [mailto:[EMAIL PROTECTED]] Sent: Thursday, August 01, 2002 10:30 AM To: [EMAIL PROTECTED] Subject: Re: Cat2950 VLAN 1 ip address...can't connect [7:50331] What do they mean by management? for inband managment you could use any VLAN, large switched networks will often choose a VLAN that is used for inband management only. VLAN 1 also is used by the switches for management via VTP, spanning, DISL, PAGP etc. Dave "The information transmitted is intended only for the person or entity to which it is addressed and may contain confidential and/or privileged material. Any review, retransmission, dissemination or other use of, or taking of any action in reliance upon, this information by persons or entities other than the intended recipient is prohibited. If you received this in error, please contact the sender and delete the material from all computers." Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=50393&t=50331 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: CEF [7:50396]
ch_c/xcprt2/index.htm hth, -mark -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] Sent: Thursday, August 01, 2002 11:08 AM To: [EMAIL PROTECTED] Subject: CEF [7:50396] Does anyone have any good links for info on CEF Switching? I'm trying to get a handle on it's uses to see if it's applicable to our borders Thanx, mkj ~~~ Michael Jablonski ABN AMRO Asset Management Holdings, Inc. 161 North Clark St. 9th Flr Chicago, IL 60601-2468 PH: 312.884.2996 FAX: 312.278.5550 ~~~ "The information transmitted is intended only for the person or entity to which it is addressed and may contain confidential and/or privileged material. Any review, retransmission, dissemination or other use of, or taking of any action in reliance upon, this information by persons or entities other than the intended recipient is prohibited. If you received this in error, please contact the sender and delete the material from all computers." Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=50398&t=50396 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Cat2950 VLAN 1 ip address...can't connect [7:50331]
I'm referring to trunks, sorry. -Original Message- From: MADMAN [mailto:[EMAIL PROTECTED]] Sent: Thursday, August 01, 2002 12:14 PM To: Turpin, Mark Cc: [EMAIL PROTECTED] Subject: Re: Cat2950 VLAN 1 ip address...can't connect [7:50331] Not sure what you mean. Your not changing the default VLAN, VLAN 1 will remain, can't delete it, (not talking about trunks). I know of no problems arising when using a VLAN other than 1 for inband connectivity. Dave "The information transmitted is intended only for the person or entity to which it is addressed and may contain confidential and/or privileged material. Any review, retransmission, dissemination or other use of, or taking of any action in reliance upon, this information by persons or entities other than the intended recipient is prohibited. If you received this in error, please contact the sender and delete the material from all computers." Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=50411&t=50331 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: FR traffic shaping [7:51044]
Scott, I'm sure you know how to configure it, so I'll leave configuration examples out. To get a conceptual overview of how shaping and policing actually works, check out this link: (wrap) http://www.cisco.com/univercd/cc/td/doc/product/software/ios122/122cgcr/fqos _c/fqcprt4/qcfpolsh.htm as well as picking up the book IP Quality of Service (its actually a good read!) The most important section that explains traffic shaping on frame is the section "Traffic Shaping and Rate of Transfer". Look for that, it explains it very well! Short answer, you can define Be/Bc values, but you're really better off leaving it to IOS to figure out. hth, -Mark -Original Message- From: Davis, Scott [ISE/RAC] [mailto:[EMAIL PROTECTED]] Sent: Friday, August 09, 2002 9:18 AM To: [EMAIL PROTECTED] Subject: FR traffic shaping [7:51044] I am not clear on two of the settings when configuring a map-class. Frame-relay bc and be Are these values supplied by the carrier or a value that you can calculate yourself based on other parameters? TIA Scott "The information transmitted is intended only for the person or entity to which it is addressed and may contain confidential and/or privileged material. Any review, retransmission, dissemination or other use of, or taking of any action in reliance upon, this information by persons or entities other than the intended recipient is prohibited. If you received this in error, please contact the sender and delete the material from all computers." Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=51050&t=51044 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: load balance/share [7:50988]
Jason, Is this your lab network? + PE Rtr + / \ / \ + + RtrA +--+ Rtr B + + \-> Client Networks <-/ With that diagram, or a revised one, can you clarify your question? You mention statics; what routers are you trying to advertise statics to, and from what router are you wishing to advertise them? In regards to load balancing, are you asking if you can load balance clients to router A and router B? Or do you want to load balance the PE router to A&B? Thanks, -Mark -Original Message- From: Jason Owens [mailto:[EMAIL PROTECTED]] Sent: Thursday, August 08, 2002 4:16 PM To: [EMAIL PROTECTED] Subject: load balance/share [7:50988] I am trying to lab up a scenario where I can load balance/share across two routers (for redundancy) connected into an MPLS cloud. Additionally, I have HSRP running between the two (I don't want to use MHSRP because I don't want two gateways on the LAN). There is a direct connection between the routers. I know I can use statics, however I want all traffic to be able to failover to the remaining link if one goes down, instead of being being blackholed. | | | | Router 1---Router 2 activestandby I have tried with EIGRP, however I was having trouble with getting a default route injected in (without using statics). Is there any way to do this? "The information transmitted is intended only for the person or entity to which it is addressed and may contain confidential and/or privileged material. Any review, retransmission, dissemination or other use of, or taking of any action in reliance upon, this information by persons or entities other than the intended recipient is prohibited. If you received this in error, please contact the sender and delete the material from all computers." Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=51055&t=50988 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: load balance/share [7:50988]
Jason, Lots! Basically your network looks like this: PER m10/ \m10 AB m10 Let's say a metric of 10 for each link for example? A->PER = 10 A->B->PER = 20 Before we get really far into this, have you looked into EIGRP's capability to load balance across unequal cost paths? Modifying the variance on your CE routers should do the trick. http://www.cisco.com/warp/public/103/eigrp1.html http://www.cisco.com/warp/public/103/eigrp9.html http://www.cisco.com/warp/public/103/19.html One question though when you do this: I have not tried a HSRP impelmentation like this. Variance should be local to the router. Please let me know if Router A changes the way it advertises its metrics to router B once variance is implemented. Thanks, -Mark -Original Message- From: Jason Owens [mailto:[EMAIL PROTECTED]] Sent: Friday, August 09, 2002 11:05 AM To: [EMAIL PROTECTED] Subject: RE: load balance/share [7:50988] Mark, Your diagram is correct. I am trying to load balance/share across the links to the PER (per-packet preferably). The clients are behind Rtr A & B using an HSRP address. So say Rtr A is the active router. I want to load balance across both links (half of the traffic needs to traverse out Rtr A's ser0 and the other half across the link to Rtr B and then out it's ser0). If I use a static and one link goes down, half of my traffic becomes blackholed. I was trying to find a way to have a default route put into a routing protocol so the routing process would recognize that if one link was down that it needed to send all traffic out the remaining link. Is this clearer? Turpin, Mark wrote: > > Jason, > > Is this your lab network? > > > + PE Rtr + > > / \ > / \ > + > + RtrA +--+ Rtr B + > + > \-> Client Networks > With that diagram, or a revised one, can you clarify > your question? You mention statics; what routers are > you trying to advertise statics to, and from what router > are you wishing to advertise them? > > In regards to load balancing, are you asking if you > can load balance clients to router A and router B? > Or do you want to load balance the PE router to A&B? > > Thanks, > -Mark > > > -Original Message- > From: Jason Owens [mailto:[EMAIL PROTECTED]] > Sent: Thursday, August 08, 2002 4:16 PM > To: [EMAIL PROTECTED] > Subject: load balance/share [7:50988] > > > I am trying to lab up a scenario where I can load balance/share > across two > routers (for redundancy) connected into an MPLS cloud. > Additionally, I have > HSRP running between the two (I don't want to use MHSRP because > I don't want > two gateways on the LAN). There is a direct connection between > the routers. > > I know I can use statics, however I want all traffic to be able > to failover > to the remaining link if one goes down, instead of being being > blackholed. > > | | > | | > Router 1---Router 2 > active standby > > I have tried with EIGRP, however I was having trouble with > getting a default > route injected in (without using statics). Is there any way to > do this? "The information transmitted is intended only for the person or entity to which it is addressed and may contain confidential and/or privileged material. Any review, retransmission, dissemination or other use of, or taking of any action in reliance upon, this information by persons or entities other than the intended recipient is prohibited. If you received this in error, please contact the sender and delete the material from all computers." Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=51092&t=50988 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Boson Exams [7:51034]
I used them for the MCAST+QOS (CCIP) exam and the R&S without the desktop protocols section for my C&S written. I passed my tests, but I wouldn't rely on Boson alone =] -Mark -Original Message- From: Vogel Matthew GS-11 CFAO/IRMD [mailto:[EMAIL PROTECTED]] Sent: Friday, August 09, 2002 12:39 PM To: [EMAIL PROTECTED] Subject: Boson Exams [7:51034] Has anyone used the Boson tests to study for the CCIE written and did they help? I am thinking about purchasing them. Matt "The information transmitted is intended only for the person or entity to which it is addressed and may contain confidential and/or privileged material. Any review, retransmission, dissemination or other use of, or taking of any action in reliance upon, this information by persons or entities other than the intended recipient is prohibited. If you received this in error, please contact the sender and delete the material from all computers." Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=51073&t=51034 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Most bug-free IOS version for the lab [7:51097]
I'm using 12.0.18S5, but a lot of my lab gear is refurbished higher end gear. 12.0S or T might be good for you if you have 7200+ gear. On the lab series gear, I've been using 12.1.10 with no problems. Re: 12.2* - I try and stay away from new IOS =] ymmv, -mark -Original Message- From: cebuano [mailto:[EMAIL PROTECTED]] Sent: Friday, August 09, 2002 3:48 PM To: [EMAIL PROTECTED] Subject: Most bug-free IOS version for the lab [7:51097] Hi all, I'd like to get a general feedback from people gearing up for the lab which 12.0 IOS release you find least problematic. I'm running flash:c4500-a3jk8s-mz.122-5.bin and flash:/c2500-jk8os-l.122-1b.bin. Haven't had any major issues until I hit OSPF labs. From "clear ip ospf proc" not working and requiring a reload to NBMA routes/LSA issues. Please post your recommendations or comments. Thank you. Elmer "The information transmitted is intended only for the person or entity to which it is addressed and may contain confidential and/or privileged material. Any review, retransmission, dissemination or other use of, or taking of any action in reliance upon, this information by persons or entities other than the intended recipient is prohibited. If you received this in error, please contact the sender and delete the material from all computers." Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=51163&t=51097 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Traffic geneartor for SNMP [7:51172]
Are your network management people stating that they are experiencing timeouts when attempting to communicate to your 7500, or through your 7500? I doubt the 7500 is going to be upset about passing UDP traffic through it. The router should just forward the traffic, generally speaking, the router doesn't care what kind of traffic it is. However, an SNMP query must be processed by the RSP, and requires an interrupt. A large amount of interrupts is going to cause slowdowns, and SNMP timeouts are possible. If they are doing large amounts of queries on the box, you might want to look into the following links: http://www.cisco.com/warp/public/63/highcpu.html http://www.cisco.com/warp/public/477/SNMP/ipsnmphighcpu.shtml http://www.cisco.com/warp/public/477/SNMP/collect_cpu_util_snmp.html As well as getting with your network management people to see just why in the world they need to pound your 7500 with SNMP queries. If that still doesn't help, it'd be handy to pull out a sniffer, or use tcpdump/snoop on the box making all those SNMP requests. See just what its sending the messages to, etc... hth, -mark -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] Sent: Saturday, August 10, 2002 7:16 PM To: [EMAIL PROTECTED] Subject: Traffic geneartor for SNMP [7:51172] Hi, Anybody know any traffic geneartor which is available for testing the snmp traffic. I am having a lab configuration with cisco 7500 router and the network management people are syaing that there are lot of SNMP timeouts. I want to pump in lot of UDP packets on to the network and see whether it's the problem of the network? How can u see the udp problem in Cisco routers? Is there any command to see that? How will you see the CPU utilization of the routers? Is there any command? Any help appreciated. gpj __ Pre-order the NEW Netscape 7.0 browser. Reserve your FREE CD and pay only $2.99 shipping and handling. http://cd.netscape.com/promo_one/ Get your own FREE, personal Netscape Mail account today at http://webmail.netscape.com/ "The information transmitted is intended only for the person or entity to which it is addressed and may contain confidential and/or privileged material. Any review, retransmission, dissemination or other use of, or taking of any action in reliance upon, this information by persons or entities other than the intended recipient is prohibited. If you received this in error, please contact the sender and delete the material from all computers." Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=51225&t=51172 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: * Routing/Subnetting question [7:51193]
James, I don't think I'm entirely catching what you're getting at. Probably because I'm a visual guy, and need to see a config. Can you post up an example of this config, and what you're trying to do with inline notes? Here's what it sounds like you're trying to do: int f0/0.1 desc lab net1 ip some ip int f0/0.2 desc lab net2 ip some ip int f0/0.3 desc pacbell's /29 - to dsl modem ip pacbells/29 ip nat outside int f0/0.4 desc dmz ip some.rfc1918.space ip nat inside ! ip nat inside source static rfc1918 someip.in.pacbell/29 Is this correct? Thanks, -Original Message- From: James Wilson [mailto:[EMAIL PROTECTED]] Sent: Sunday, August 11, 2002 3:22 PM To: [EMAIL PROTECTED] Subject: RE: * Routing/Subnetting question [7:51193] Nigel, The router itself calls the 100M interface fastethernet0/0, which is why I referred to it as such, and the trunking was because I am running lab configurations with more than two subnets on the private side and I need to be able to route between them as well as filter between them for security. The ISP is PacBell and for enhanced DSL they only give you a /29, and they take one of the addresses for their side of the connection. The reason I am leaving a host with a public address in the DMZ is because it is a DNS server, and there are issues with BIND and Solaris when the DNS server does not use the same IP address and name as that which is listed as authoritive for the domain (i.e. the domain server knows itself as on 10.50.0.65 in /etc/hosts but has the address 216.103.77.99 as its address within its zone.) If I want to protect that host with CBAC, I need to put the router between it and the ISP. Remember that the traffic is coming from the ISP via a DSL MODEM 10 M ethernet connection and not a WAN connection to the router. The addresses which would be valid in the /29 but not in the /30 would only be referenced as static NAT entries which would be translated on the interface with the /29 which is facing the ISP. Once the traffic for that address enters the Fa0/0 it would be translated to an RFC1918 address and sent out to the host on the 10. net, so the host would not know it is being referenced by the public address. I realize that this is not a standard type configuration for this, but PacBell will only give me a /29, and I'm trying to find a way to meet BIND's requirements for the DNS server and have the server protected by CBAC plus have other public IP addresses for static NAT entries for other servers on my net (I've got a number of different servers on my net and want to have public address to different services i.e. web server, mail server, application servers. Thanks! -- James D. Wilson, CCDA, MCP Sr. Network/Security Engineer "non sunt multiplicanda entia praeter necessitatem" William of Ockham (1285-1347/49) -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of Nigel Taylor Sent: Sunday, August 11, 2002 11:51 AM To: [EMAIL PROTECTED] Subject: Re: * Routing/Subnetting question [7:51193] James, See Inline.. - Original Message - From: "James Wilson" To: Sent: Sunday, August 11, 2002 12:34 PM Subject: * Routing/Subnetting question [7:51193] > I have a 1750 with a /29 assigned to me, and I need to create a DMZ to put > a DNS server on so that I can control access using CBAC. My FastEthernet > interface is trunked to a Cat 2924. I'd like to have the /29 on one > subinterface which talks to PacBell's router, and take a /30 out of the > /29 and put it on another subinterface so that I can hang the DNS server > off a port on that VLAN using a public IP address. NT: Why would you vlan traffic from you ISP instead of using the extra interface(eth0/0) You must consider a number of things when using your existing design. Firstly, the interface you're referring to as a FE interface is shown in the cisco catalog as a 10/100 ethernet interface. Secondly, please note that based on your current traffic utilization what kind of performance could be achieved/expected on the physical interface(the subs are technically part of the same physical NIC/transiciever). On the area of addressing you might want to take a look at the following links which could answer some of your questions as they apply to addressing(VLSM in particular). http://www.3com.com/other/pdfs/infra/corpinfo/en_US/501302.pdf (watch the wrap) http://www.ietf.org/rfc/rfc3021.txt?number=3021 >I'd also like to use > static NAT addresses out of the /29 including what would be an all zero or > all one address out of the /30. My thought is that this would work since > the NAT will take place via the subinterface on the /29 (ip nat outside), > and the only time the /30 will come into play is with traffic destined to > the DNS server, which is not NAT'ed. This would allow me to have routing > and CBAC protection for the host on the /30 net and not lose the ability > to use those addresses which would normally be lost from the /3
RE: load balance/share [7:50988]
Jason, Where are you trying to advertise a default route from? The PER? If so, check out http://www.cisco.com/warp/public/103/eigrp8.html where it discusses using a summary per interface to advertise a default to neighbors. You could stick this on your PER's interfaces towards RtrA and RtrB. If we're talking about BGP, you can have your PER advertise a default with 'neighbor x.x.x.x default-originate' http://www.cisco.com/univercd/cc/td/doc/product/software/ios122/122cgcr/fipr rp_r/bgp_r/1rfbgp1.htm#xtocid46 (wrap there) Let me know if this is what you meant, or if this works out for you. hth, -Mark -Original Message- From: Jason Owens [mailto:[EMAIL PROTECTED]] Sent: Monday, August 12, 2002 12:29 PM To: [EMAIL PROTECTED] Subject: RE: load balance/share [7:50988] Mark, I have looked EIGRP in this regard. My issue seems to be with the default route. If put it in statically there is no failover if one link goes down, and I can't figure out another way to get it in. I have looked at bgp to resolve this as well (both routers need it to peer with the PER anyway), however since the connection between Rtr A and B is IBGP, the EBGP route from the PER takes precedence and there is no load sharing. Turpin, Mark wrote: > > Jason, > Lots! Basically your network looks like this: > >PER > m10/ \m10 > AB >m10 > > Let's say a metric of 10 for each link for example? > A->PER = 10 > A->B->PER = 20 > > Before we get really far into this, have you looked into > EIGRP's capability to load balance across unequal cost paths? > Modifying the variance on your CE routers should do the trick. > http://www.cisco.com/warp/public/103/eigrp1.html > http://www.cisco.com/warp/public/103/eigrp9.html > http://www.cisco.com/warp/public/103/19.html > > One question though when you do this: > I have not tried a HSRP impelmentation like this. > Variance should be local to the router. Please let > me know if Router A changes the way it advertises > its metrics to router B once variance is implemented. > > Thanks, > -Mark > > > -Original Message- > From: Jason Owens [mailto:[EMAIL PROTECTED]] > Sent: Friday, August 09, 2002 11:05 AM > To: [EMAIL PROTECTED] > Subject: RE: load balance/share [7:50988] > > > Mark, > Your diagram is correct. I am trying to load balance/share > across the > links to the PER (per-packet preferably). The clients are > behind Rtr A & B > using an HSRP address. So say Rtr A is the active router. I > want to load > balance across both links (half of the traffic needs to > traverse out Rtr A's > ser0 and the other half across the link to Rtr B and then out > it's ser0). If > I use a static and one link goes down, half of my traffic > becomes > blackholed. I was trying to find a way to have a default route > put into a > routing protocol so the routing process would recognize that if > one link was > down that it needed to send all traffic out the remaining link. > Is this > clearer? > > Turpin, Mark wrote: > > > > Jason, > > > > Is this your lab network? > > > > > > + PE Rtr + > > > > / \ > > / \ > > + > > + RtrA +--+ Rtr B + > > + > > \-> Client Networks > > With that diagram, or a revised one, can you clarify > > your question? You mention statics; what routers are > > you trying to advertise statics to, and from what router > > are you wishing to advertise them? > > > > In regards to load balancing, are you asking if you > > can load balance clients to router A and router B? > > Or do you want to load balance the PE router to A&B? > > > > Thanks, > > -Mark > > "The information transmitted is intended only for the person or entity to which it is addressed and may contain confidential and/or privileged material. Any review, retransmission, dissemination or other use of, or taking of any action in reliance upon, this information by persons or entities other than the intended recipient is prohibited. If you received this in error, please contact the sender and delete the material from all computers." Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=51264&t=50988 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Multilayer Switching, CCO contradicts itself? [7:51272]
There types of flows:
Destination - per {dest} flow
Source Destination - per {source/dest address} pair
IP (aka Full) Flow - per {source, dest, protocol and port} set
Look under the section labeled Flow Mask Modes
hth,
-mark
-Original Message-
From: Sean Wolfe [mailto:[EMAIL PROTECTED]]
Sent: Monday, August 12, 2002 4:51 PM
To: [EMAIL PROTECTED]
Subject: Multilayer Switching, CCO contradicts itself? [7:51272]
Hello all. In the below quote from CCO, is Cisco contradicting themselves in
the 2nd paragraph regarding each transport-layer session being a different
flow? Or do they mean that IF only the destination IP is used to ID a flow,
THEN all diff transport-layer sessions are the same flow?
Thanks!
URL is:
http://www.cisco.com/univercd/cc/td/doc/product/lan/cat5000/rel_5_2/layer3/m
ls.htm
Quote is here:
"
A flow is a unidirectional sequence of packets between a particular source
and destination that share the same protocol and transport-layer
information. Communication from a client to a server and from the server to
the client are separate flows. For example, Telnet traffic transferred from
a particular source to a particular destination comprises a separate flow
from File Transfer Protocol (FTP) packets between the same source and
destination.
Flows are based only on Layer 3 addresses, which allow IP traffic from
multiple users or applications to a particular destination to be carried on
a single flow if only the destination IP address is used to identify a flow.
"
"The information transmitted is intended only for the person or entity to
which it is addressed and may contain confidential and/or privileged
material. Any review, retransmission, dissemination or other use of, or
taking of any action in reliance upon, this information by persons or
entities other than the intended recipient is prohibited. If you received
this in error, please contact the sender and delete the material from all
computers."
Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=51277&t=51272
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Using QoS to Control Utilization [7:51254]
Yasser,
So what you're saying is:
HQ has a 1Mbit/s link to the Internet
HQ has a 1Mbit/s link into a Frame/ATM cloud over which 4 PVC's have been
built
If Site A needs to access HQ, it should be able to do so without any
rate-limiting. If Site A and Site B need to access HQ, they should share
the 1Mbit/s evenly.
Unfortunately, there is not a way to do this directly with a rate-limit and
an access-list. You can not dynamically place in a structured/logical rate
limit of:
if site = transmitting {
check for other speakers;
}
if other transmitters = yes {
give site 1Mbit/s;
}
if other transmitters = no {
give site xMbit/s
}
If I'm wrong, someone please jump in and correct me.
What you should look into doing instead would be:
For traffic to/from the internet (remember the ACL I talked about before)
set precedence = 0
For traffic to/from HQ to/from a branch office (the opposite of the ACL) set
precedence = 5
Then you can use WRED to handle the congestion management part.
http://www.cisco.com/univercd/cc/td/doc/product/software/ios120/12cgcr/qos_c
/qcpart3/qcwred.htm
There's wrap there, so be careful.
hth,
-Mark
-Original Message-
From: YASSER ALY [mailto:[EMAIL PROTECTED]]
Sent: Monday, August 12, 2002 5:32 PM
To: [EMAIL PROTECTED]
Subject: RE: Using QoS to Control Utilization [7:51254]
Hi Mark,
The point is that the client is having only 1M feeding his branches, over
this 1M 4 PVCs are
created, each PVC is 1M by itself.
The idea behind that is if Branch A is accessing the HQ either for internal
access of for Internet the branch can get as much as it needs - even the
whole 1M - provided that no other branches are requesting any traffic.
However, if more than one branch were requesting traffic at the same time I
should gurantee a min bandwidth/branch (let's say 256K )
So scenario would be: Branch A working alone = A takes as much as he needs
Another branch started requesting
traffic then A's utilization should failover such that the other site get
it's minmum guranteed and the rest is best effort between them.
Do u think this is acheivable ??
Thanks,
Yasser
>
>Yasser,
>
>-HQ = 1MBit/s to Internet
>-HQ has four links to branches, each branch link = 1Mbit/s
>-Each branch will go through the HQ to reach the HQ, as well
> as other branches
>-Each branch will access the Internet through the HQ
>
>I hope I've got it right so far!? =]
>
>One easy way to do this would be to decide on a traffic-shaping,
>or policing policy for each site. Let's say I've decided
>to give each site 256Kbit/s access to the Internet (slightly
>oversubscribe my network 4*256=1024). Therefore, I need
>to tell the router that traffic destined for the Internet
>must be either shaped or policed to that rate.
>
>If the company has been using a good addressing scheme it should be rather
>easy to distinguish between traffic destined for the company
>network, versus the internet. To do this, simply right an access-list
>matching the networks of the company. Let's say they're using rfc1918
>10.0.0.0/8 space. Simply write up an access-list denying the 10 space (you
>might want to include addressing necessary for a dynamic routing protocol
>you might have in use). Then put a permit any at the end.
>This will deny policing or shaping the company space, and will shape/police
>the Internet traffic.
>
>Then, just apply your shaping/policing with the modular QoS, a
traffic-shape
>on the interface, or a rate-limit.
>
>If you would like configuration examples, let me know.
>
>Take care,
>-Mark
>
>
>-Original Message-
>From: YASSER ALY [mailto:[EMAIL PROTECTED]]
>Sent: Monday, August 12, 2002 2:00 PM
>To: [EMAIL PROTECTED]
>Subject: Using QoS to Control Utilization [7:51254]
>
>
>Hi Group I need your suggestions regarding the following Scenario.A
>company's main Branch is having 1M Internet and inturn it is providing
>Internet/Connectivity between 4 branches using a hub-&-spoke topology
>over another 1M.The client requirments are as follows1) Frame Relay is
>used to acheive connectivity between branches and the main office2) Main
>Branch is feeding the 4 branches with a total bandwidth of 1M3) Each
>Branch will have 1M connecting it to the main branch. (Over-Booking )4)
>Any branch can burst traffic up to the 1M if working alone.5) Traffic of
>any branch should fall to a pre-defined value incase more than one branch
>trying to access the main branch at the same time to either have Internet
>or to reach another branch through the hub. I thought about QoS and I
>guess this target can be acheived using it. Haven't digged enough yet to
>figure out how this could be done and thought about hearing from you
>about it. Thanks for your feedback. Regards,Yasser
>
>
>
>Send and receive Hotmail on your mobile device: Click Here
> "The information transmitted is i
RE: Using QoS to Control Utilization [7:51254]
Yasser, -HQ = 1MBit/s to Internet -HQ has four links to branches, each branch link = 1Mbit/s -Each branch will go through the HQ to reach the HQ, as well as other branches -Each branch will access the Internet through the HQ I hope I've got it right so far!? =] One easy way to do this would be to decide on a traffic-shaping, or policing policy for each site. Let's say I've decided to give each site 256Kbit/s access to the Internet (slightly oversubscribe my network 4*256=1024). Therefore, I need to tell the router that traffic destined for the Internet must be either shaped or policed to that rate. If the company has been using a good addressing scheme it should be rather easy to distinguish between traffic destined for the company network, versus the internet. To do this, simply right an access-list matching the networks of the company. Let's say they're using rfc1918 10.0.0.0/8 space. Simply write up an access-list denying the 10 space (you might want to include addressing necessary for a dynamic routing protocol you might have in use). Then put a permit any at the end. This will deny policing or shaping the company space, and will shape/police the Internet traffic. Then, just apply your shaping/policing with the modular QoS, a traffic-shape on the interface, or a rate-limit. If you would like configuration examples, let me know. Take care, -Mark -Original Message- From: YASSER ALY [mailto:[EMAIL PROTECTED]] Sent: Monday, August 12, 2002 2:00 PM To: [EMAIL PROTECTED] Subject: Using QoS to Control Utilization [7:51254] Hi Group I need your suggestions regarding the following Scenario.A company's main Branch is having 1M Internet and inturn it is providing Internet/Connectivity between 4 branches using a hub-&-spoke topology over another 1M.The client requirments are as follows1) Frame Relay is used to acheive connectivity between branches and the main office2) Main Branch is feeding the 4 branches with a total bandwidth of 1M3) Each Branch will have 1M connecting it to the main branch. (Over-Booking )4) Any branch can burst traffic up to the 1M if working alone.5) Traffic of any branch should fall to a pre-defined value incase more than one branch trying to access the main branch at the same time to either have Internet or to reach another branch through the hub. I thought about QoS and I guess this target can be acheived using it. Haven't digged enough yet to figure out how this could be done and thought about hearing from you about it. Thanks for your feedback. Regards,Yasser Send and receive Hotmail on your mobile device: Click Here "The information transmitted is intended only for the person or entity to which it is addressed and may contain confidential and/or privileged material. Any review, retransmission, dissemination or other use of, or taking of any action in reliance upon, this information by persons or entities other than the intended recipient is prohibited. If you received this in error, please contact the sender and delete the material from all computers." Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=51266&t=51254 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Multilayer Switching, CCO contradicts itself? [7:51272]
I can understand your disagreement. But I hope you will understand that
its semantics at this point. A flow by any other name is still a flow.
You use a mask to match it. Just like you use a wildcard mask to
match addresses in an access-list.
If I say to a co-worker, "Use a full flow on that switch", I know the
meaning is still conveyed. I want them to match on {s,d,prot,port}.
If you find yourself in a situation asking about a flow mask, and you're
faced with the options "Full flow" or "Full flow mask":
1) Comment and say that the use of those answers together is terrible
2) Pick the full flow mask since you are being asked about "masks"
I wouldn't lose any sleep over this one =]
cheers,
-Mark
-Original Message-
From: Thorne Gene [mailto:[EMAIL PROTECTED]]
Sent: Tuesday, August 13, 2002 3:44 PM
To: [EMAIL PROTECTED]
Subject: RE: Multilayer Switching, CCO contradicts itself? [7:51272]
I disagree. There are not 3 types of flows, just 3 ways to switch them.
"destination-ip—The least-specific flow mask. The MLS-SE maintains one
MLS entry for each destination IP address. All flows to a given destination
IP address use this MLS entry. This mode is used if there are no access
lists configured on any of the MLS-RP interfaces"
Note the use of the phrase "all flows" in the quote.
Turpin, Mark wrote:
>
> There types of flows:
> Destination - per {dest} flow
> Source Destination - per {source/dest address} pair
> IP (aka Full) Flow - per {source, dest, protocol and port} set
>
> Look under the section labeled Flow Mask Modes
"The information transmitted is intended only for the person or entity to
which it is addressed and may contain confidential and/or privileged
material. Any review, retransmission, dissemination or other use of, or
taking of any action in reliance upon, this information by persons or
entities other than the intended recipient is prohibited. If you received
this in error, please contact the sender and delete the material from all
computers."
Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=51323&t=51272
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: What I mean to Cisco [7:51492]
Bill, Do you have a SMARTnet contract for that 1710? Are you within the warranty period for support? If you're not familiar with SMARTnet take a moment to check it out: http://www.ciscomug.org/resources/files/cmugpresentation-20020206-smartnet.p pt After flipping through that presentation, are you still within the valid warranty period? If so, contact the TAC over the phone and tell them about the feelings you are having regarding their service. [EMAIL PROTECTED] != Cisco Customer Advocacy Representatives. If after going through those slides you realize you are outside your warranty, you should understand what's happening to you. It costs money to run a business. The pricing of their support is typically something I would not argue with. -Mark -Original Message- From: William Pearch [mailto:[EMAIL PROTECTED]] Sent: Thursday, August 15, 2002 11:40 PM To: [EMAIL PROTECTED] Subject: OT:What I mean to Cisco [7:51492] I've got a poorly behaving 1710 router (reboots when you log out/TACACS issue) that I'm trying to get straight with the TAC and I received this; Dear $Customer$, Thank you for contacting Cisco's Technical Assistance Center(TAC). We have recieved your request I love it when I'm a double dollar sign to a company :) Bill Anchorage, AK [GroupStudy.com removed an attachment of type application/x-pkcs7-signature which had a name of smime.p7s] "The information transmitted is intended only for the person or entity to which it is addressed and may contain confidential and/or privileged material. Any review, retransmission, dissemination or other use of, or taking of any action in reliance upon, this information by persons or entities other than the intended recipient is prohibited. If you received this in error, please contact the sender and delete the material from all computers." Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=51501&t=51492 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: IS-IS White Paper [7:51767]
It was I; you can get it at http://gomez.charter.com/~mark There is a link for the ISIS paper at the top. -Mark -Original Message- From: Wes Knight [mailto:[EMAIL PROTECTED]] Sent: Tuesday, August 20, 2002 2:21 PM To: [EMAIL PROTECTED] Subject: IS-IS White Paper [7:51767] Some time back, someone offered to send the IS-IS white paper out. Would you send it to me, please? Thanks, -- Wes Knight MCT, MCSE, CCNP, CSS1, CNE, ASE, etc. "The information transmitted is intended only for the person or entity to which it is addressed and may contain confidential and/or privileged material. Any review, retransmission, dissemination or other use of, or taking of any action in reliance upon, this information by persons or entities other than the intended recipient is prohibited. If you received this in error, please contact the sender and delete the material from all computers." Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=51789&t=51767 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: ISL/802.1q trunks [7:51745]
Jon, If you are talking about a single interface having both 802.1q and ISL I'd be very interested as to how a single switchport is going to support ISL and .1q trunking at the same time. To my knowledge, you can only configure one type of trunking on a single switchport interface at a time on the switch itself. Hope this helps, -Mark -Original Message- From: Jon Mcglashan [mailto:[EMAIL PROTECTED]] Sent: Tuesday, August 20, 2002 10:25 AM To: [EMAIL PROTECTED] Subject: ISL/802.1q trunks [7:51745] Can I configure a 3640 with a subinterfaces to run isl on some of the subinterfaces and 802.1q on other interfaces. Is this a supported configuration and if so what version of IOS do I need to be running. Jon McGlashan Diagonal Secure Networks Ltd [EMAIL PROTECTED] http://www.dsnuk.com Tel: +44 (0)1256 869000 Fax: +44 (0)1256 869001 This e-mail may contain confidential and/or privileged information. It is for the exclusive use of the intended recipient(s). If you are not the intended recipient(s), you must not use, distribute, copy or take any action in reliance on it, since to do so is strictly prohibited and may be unlawful. If you have received this e-mail in error, please return it to the sender immediately and delete it from your system. E-mail messages are not secure and attachments may contain software viruses which may damage your system. Whilst we have taken every reasonable precaution to minimise this risk, we cannot accept any liability for any damage which you sustain as a result of these factors. You are advised to carry out your own virus checks before opening any attachment. Any views or opinions expressed in this e-mail are solely those of the author and do not represent those of the Diagonal Group unless otherwise stated. "The information transmitted is intended only for the person or entity to which it is addressed and may contain confidential and/or privileged material. Any review, retransmission, dissemination or other use of, or taking of any action in reliance upon, this information by persons or entities other than the intended recipient is prohibited. If you received this in error, please contact the sender and delete the material from all computers." Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=51800&t=51745 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Multicast...please help [7:51822]
DJ, Bookmark this link. ftp://ftpeng.cisco.com/ipmulticast/index.html Typically you have IGMP running, PIM DR's elected, and PIM forwarding routers. Elections are based on this: - Lowest IP = IGMP2 querier - Highest IP = PIM DR - PIM forwarding router = if distance is not equal, lowest distance wins. if distance is equal, highest IP wins. IGMPv1 routers do not have group-specific queries, nor a querier election process like IGMPv2. These types of routers require the routing protocol to determine the DR for the network. In most cases the protocol will be PIM. So the PIM DR is elected and manages IGMP queries. There also exists the forwarder. In a multi-access network, there might be more than one path from a source. There must be a way to determine which router is going to be responsible for forwarding the traffic from the source so you aren't flooding the group with unnecessary traffic. This is where the forwarder comes in. Via the little test on distance or IP addresses I mentioned earlier, PIM can determine which router in a multi-access segment should be the designated forwarder. I hope this explanation helps. I can understand your confusion, its a common question. Ultimately, the best advice I've ever received is: "If in doubt, read the RFC." -Mark -Original Message- From: maine dude [mailto:[EMAIL PROTECTED]] Sent: Wednesday, August 21, 2002 4:44 AM To: [EMAIL PROTECTED] Subject: Multicast...please help [7:51822] Hi I have a question regarding the election of the LAN router which is supposed to send the queries for multicast accesses. In chapter 8, page 302, IGMPv2 querier election, it is mentioned that the router with the lowest IP address is elected as multicast querier. In Chapter 9, page 336, it is mentioned that the DR (designated Router) elected is the one with the highest IP address. "The DR is responsible for sending IGMP host-query messages to all host on the LAN". Could you please help me understand the differences between the two above cases, because for me, routers seem to have the exactly same role but are elected an opposite way... thanks DJ - Get a bigger mailbox -- choose a size that fits your needs. http://uk.docs.yahoo.com/mail_storage.html "The information transmitted is intended only for the person or entity to which it is addressed and may contain confidential and/or privileged material. Any review, retransmission, dissemination or other use of, or taking of any action in reliance upon, this information by persons or entities other than the intended recipient is prohibited. If you received this in error, please contact the sender and delete the material from all computers." Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=51836&t=51822 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: IS-IS White Paper [7:51767]
Shankar put out his standard IS-IS presentation @ networkers '01. I think there's a copy of it on the NANOG site as well (it might be updated too) watch the wrap: http://www.cisco.com/networkers/nw01/pres/preso/RoutingandSwitchingTechnolog ies/RST-208.pdf As far as sample labs for IS-IS, no, I haven't really looked out there for any sample labs. However, I guess if someone was really interested in working some sample IS-IS labs, I could publish some txt's. -Mark -Original Message- From: cebuano [mailto:[EMAIL PROTECTED]] Sent: Wednesday, August 21, 2002 9:38 PM To: 'Turpin, Mark' Subject: RE: IS-IS White Paper [7:51767] Mark, I can't thank you enough for this whitepaper, as it really cleared up a lot of gray areas after reading Doyle. I have two questions for you: 1. Is there a "part 2" that has more advanced topics? If so, do you have it? 2. Do you know by chance of sample labs on ISIS available somewhere? TIA, Elmer -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of Turpin, Mark Sent: Tuesday, August 20, 2002 5:21 PM To: [EMAIL PROTECTED] Subject: RE: IS-IS White Paper [7:51767] It was I; you can get it at http://gomez.charter.com/~mark There is a link for the ISIS paper at the top. -Mark -Original Message- From: Wes Knight [mailto:[EMAIL PROTECTED]] Sent: Tuesday, August 20, 2002 2:21 PM To: [EMAIL PROTECTED] Subject: IS-IS White Paper [7:51767] Some time back, someone offered to send the IS-IS white paper out. Would you send it to me, please? Thanks, -- Wes Knight MCT, MCSE, CCNP, CSS1, CNE, ASE, etc. "The information transmitted is intended only for the person or entity to which it is addressed and may contain confidential and/or privileged material. Any review, retransmission, dissemination or other use of, or taking of any action in reliance upon, this information by persons or entities other than the intended recipient is prohibited. If you received this in error, please contact the sender and delete the material from all computers." "The information transmitted is intended only for the person or entity to which it is addressed and may contain confidential and/or privileged material. Any review, retransmission, dissemination or other use of, or taking of any action in reliance upon, this information by persons or entities other than the intended recipient is prohibited. If you received this in error, please contact the sender and delete the material from all computers." Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=51898&t=51767 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
