Re: [c-nsp] Etherchannel load-balance on 3750-3560

2012-01-03 Thread Mark Tinka 
On Wednesday, January 04, 2012 04:42:02 AM Leonardo Gama Souza wrote:

> I have a dumb question.
> 
> Is the 3560/3750 platform able to load-balance MPLS
> packets based on src-dst IP on an Etherchannel?

Not according to this:

lab#sh etherchannel load-balance 
EtherChannel Load-Balancing Configuration:
src-mac

EtherChannel Load-Balancing Addresses Used Per-Protocol:
Non-IP: Source MAC address
  IPv4: Source MAC address
  IPv6: Source MAC address

lab#

lab#conf t
Enter configuration commands, one per line.  End with CNTL/Z.
lab(config)#port-channel load-balance ?
  dst-ip   Dst IP Addr
  dst-mac  Dst Mac Addr
  src-dst-ip   Src XOR Dst IP Addr
  src-dst-mac  Src XOR Dst Mac Addr
  src-ip   Src IP Addr
  src-mac  Src Mac Addr

lab(config)#


The above is a 3560G.

The ME3750 does support MPLS, but not when doing 802.1AX
for hashing.

We have 6500's that hash on MPLS labels for 802.1AX.

Cheers,

Mark.


signature.asc
Description: This is a digitally signed message part.
___
cisco-nsp mailing list  cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/

Re: [c-nsp] OSPF stability issues with 12.2SXI on 6500/Sup720?

2012-01-03 Thread Chuck Church 
Any control plane policing?  We had a similar issue at last job, turned out
a few of our OSPF sessions weren't placed in the above-best-effort class.
Our IA people running a network scanner occasionally without telling us
would cause many drops in the best effort class, causing OSPF session drops.
After adding those few OSPF sessions to the right class, problem went away.
This as with SXI3, and eventually SXI4.  Other than that, no issues.  That
was with VSS mode, and lots of DFCs, if that makes a difference.

Chuck

-Original Message-
From: cisco-nsp-boun...@puck.nether.net
[mailto:cisco-nsp-boun...@puck.nether.net] On Behalf Of Justin M. Streiner
Sent: Tuesday, January 03, 2012 6:42 PM
To: cisco-nsp@puck.nether.net
Subject: [c-nsp] OSPF stability issues with 12.2SXI on 6500/Sup720?

Has anyone seen any serious stability issues with OSPFv2 in 12.2(33)SXI? 
I've tried both SXI6 and SXI7 Advanced Enterprise, and in both cases, after
about two weeks of normal operation, OSPF sessions will start dropping on
the affected switch, due to an expired dead timer.  Devices at the other
ends of those adjacencies do not report them dropping for any odd reason,
but they do report the adjacencies re-establishing.  I've seen no underlying
interface-level errors.

The issue appears to be specific to OSPFv2.  I have not seen any stability
problems in OSPFv3 adjacencies on the same device.  It almost seems like
OSPFv2 in 12.2(33)SXI could be mangling hellos, or simply stop sending them.
Unfortunately I didn't have the time to investigate that in depth, during
the issue I dealt with today.

I backed off to 12.2(33)SXH5 Advanced IP Services and the problem went away.
This is the second time an upgrade to 12.2SXI was done and had to be backed
off.  I haven't found anything interesting in the release notes yet for
12.2SXH - 12.2SXJ that leads to an answer.  A cursory look through the bug
toolkit also didn't turn up any really good matches.

The overall configuration isn't terribly exotic.  The 6500 is dual-stacked
- IPv4 IGP is OSPFv2 and IPv6 IGP is OSPFv3.  There is one VRF being handled
by a separate OSPFv2 process in the box.  There are LDP and MSDP peers with
other core devices on the backbone.  No BFD, and currently no authentication
on the OSPFv2 neighbors.

I have a case open with TAC on this, but I wanted to see if these symptoms
line up with behavior that other people might have seen.

jms
___
cisco-nsp mailing list  cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/

___
cisco-nsp mailing list  cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/

[c-nsp] OSPF stability issues with 12.2SXI on 6500/Sup720?

2012-01-03 Thread Justin M. Streiner 
Has anyone seen any serious stability issues with OSPFv2 in 12.2(33)SXI? 
I've tried both SXI6 and SXI7 Advanced Enterprise, and in both cases, 
after about two weeks of normal operation, OSPF sessions will start 
dropping on the affected switch, due to an expired dead timer.  Devices at 
the other ends of those adjacencies do not report them dropping for any 
odd reason, but they do report the adjacencies re-establishing.  I've seen 
no underlying interface-level errors.


The issue appears to be specific to OSPFv2.  I have not seen any stability 
problems in OSPFv3 adjacencies on the same device.  It almost seems like 
OSPFv2 in 12.2(33)SXI could be mangling hellos, or simply stop sending 
them.  Unfortunately I didn't have the time to investigate that in depth, 
during the issue I dealt with today.


I backed off to 12.2(33)SXH5 Advanced IP Services and the problem went 
away.  This is the second time an upgrade to 12.2SXI was done and had to 
be backed off.  I haven't found anything interesting in the release notes 
yet for 12.2SXH - 12.2SXJ that leads to an answer.  A cursory look through 
the bug toolkit also didn't turn up any really good matches.


The overall configuration isn't terribly exotic.  The 6500 is dual-stacked 
- IPv4 IGP is OSPFv2 and IPv6 IGP is OSPFv3.  There is one VRF being handled

by a separate OSPFv2 process in the box.  There are LDP and MSDP peers with
other core devices on the backbone.  No BFD, and currently no 
authentication on the OSPFv2 neighbors.


I have a case open with TAC on this, but I wanted to see if these symptoms 
line up with behavior that other people might have seen.


jms
___
cisco-nsp mailing list  cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/

Re: [c-nsp] Nexus debug output

2012-01-03 Thread Bob Sinclair 
Works like a chm!  Thanks Tim!

-Original Message-
From: Tim Stevenson [mailto:tstev...@cisco.com] 
Sent: Tuesday, January 03, 2012 5:54 PM
To: b...@bobsinclair.net; cisco-nsp@puck.nether.net
Subject: RE: [c-nsp] Nexus debug output

Hi Bob,

Try using the "debug-filter" options - eg, if you're debugging ospf in vrf
foo:

debug-filter ip ospf vrf foo
debug ip ospf adj

The debug-filters are really pretty powerful, it helps you narrow down the
debugs to just what you're looking for. Filters are available for most L3
protocols & infrastructure.

Hope that helps,
Tim


At 02:37 PM 1/3/2012, Bob Sinclair stated:

>Thanks Tim! That was it.  Huge help!
>
>I can also now debug activity in a non-default VDC, but only for 
>activity on default vrf interfaces.  That seems like a real limitation, 
>but I cannot find any vrf keywords on debug commands.  I also tried 
>changing routing-context to the non-default vrf, but that did not help.  
>Any way to debug activity in the non-default vrfs?  For example, debug ip
ospf events?
>
>Thanks!
>
>-Original Message-
>From: Tim Stevenson 
>[mailto:tstev...@cisco.com]
>Sent: Tuesday, January 03, 2012 4:32 PM
>To: b...@bobsinclair.net; cisco-nsp@puck.nether.net
>Subject: Re: [c-nsp] Nexus debug output
>
>Hi Bob,
>
>What are you pinging? I assume it's something out the mgmt0 interface. 
>In this case, debug ip packet detail will not generate any output - 
>many debugs are applicable to the inband interface only (as in this case).
>
>One alternative if you want to capture mgmt0 traffic is to use the 
>ethanalyzer, eg something like:
>
>ethan local int mgmt capture-filter "icmp" limit-captured-frames 20 
>detail > bootflash:foo
>
>etc.
>
>Or, if you're just trying to see how the debug logfile works, ping 
>something connected to something other than mgmt0.
>
>Hope that helps,
>Tim
>
>
>At 12:46 PM 1/3/2012, Bob Sinclair stated:
> >Hi,
> >
> >
> >
> >I am not able to see any debug output on my Nexus 7K.  I am logged 
> >into the default VDC as netadmin.  I have set up a debug logfile.  
> >But when, for example, I turn on 'debug ip packet' then try a ping  I 
> >get nothing from 'show debug logfile mydebugs'  I have searched 
> >command references, config guides and googled, to no avail.
> >
> >
> >
> >Any help would be most appreciated.
> >
> >
> >
> >C1-Default# sh debug
> >
> >
> >Output forwarded to file mydebugs (size: 4194304 bytes)
> >
> >
> >Debug level is set to Minor(1)
> >
> >
> >  default for new sessions logging level: 3
> >
> >
> >
> >
> >
> >debug ip packet
> >
> >
> >`end`
> >
> >
> >C1-Default# sh debug logfile mydebugs
> >
> >
> >C1-Default#
> >
> >___
> >cisco-nsp mailing list  cisco-nsp@puck.nether.net 
> >https://puck.ne
> ther.net/mailman/listinfo/cisco-nsp
> >archive at
> http://puck.nether.net/pi
> permail/cisco-nsp/
>
>
>
>
>Tim Stevenson, tstev...@cisco.com
>Routing & Switching CCIE #5561
>Distinguished Technical Marketing Engineer, Cisco Nexus 7000 Cisco - 
>http://www.cisco.com IP Phone: 408-526-6759
>
>The contents of this message may be *Cisco Confidential* and are 
>intended for the specified recipients only.
>
>
>
>
>-
>No virus found in this message.
>Checked by AVG - www.avg.com
>Version: 2012.0.1901 / Virus Database: 2109/4720 - Release Date: 
>01/03/12
>
>-
>No virus found in this message.
>Checked by AVG - www.avg.com
>Version: 2012.0.1901 / Virus Database: 2109/4720 - Release Date: 
>01/03/12
>-
>No virus found in this message.
>Checked by AVG - www.avg.com
>Version: 2012.0.1901 / Virus Database: 2109/4720 - Release Date: 
>01/03/12
>-
>No virus found in this message.
>Checked by AVG - www.avg.com
>Version: 2012.0.1901 / Virus Database: 2109/4720 - Release Date: 
>01/03/12




Tim Stevenson, tstev...@cisco.com
Routing & Switching CCIE #5561
Distinguished Technical Marketing Engineer, Cisco Nexus 7000 Cisco -
http://www.cisco.com IP Phone: 408-526-6759

The contents of this message may be *Cisco Confidential* and are intended
for the specified recipients only.




-
No virus found in this message.
Checked by AVG - www.avg.com
Version: 2012.0.1901 / Virus Database: 2109/4720 - Release Date: 01/03/12

-
No virus found in this message.
Checked by AVG - www.avg.com
Version: 2012.0.1901 / Virus Database: 2109/4720 - Release Date: 01/03/12
-
No virus found in this message.
Checked by AVG - www.avg.com
Version: 2012.0.1901 / Virus Database: 2109/4720 - Release Date: 01/03/12
-
No virus found in this message.
Checked by AVG - www.avg.com
Version: 2012.0.1901 / Virus Database: 2109/4720 - Release Date: 01/03/12

___
cisco-nsp mailing list  cisco-nsp@puck.nether.net

Re: [c-nsp] Etherchannel load-balance on 3750-3560

2012-01-03 Thread Peter Rathlev 
On Tue, 2012-01-03 at 18:42 -0200, Leonardo Gama Souza wrote:
> Is the 3560/3750 platform able to load-balance MPLS packets based on
> src-dst IP on an Etherchannel?

I wouldn't think so. Since it doesn't understand MPLS it will probably
just see it as a non-IP Ethernet frame and balance as such.

-- 
Peter


___
cisco-nsp mailing list  cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/

Re: [c-nsp] Nexus debug output

2012-01-03 Thread Tim Stevenson 

Hi Bob,

Try using the "debug-filter" options - eg, if you're debugging ospf in vrf foo:

debug-filter ip ospf vrf foo
debug ip ospf adj

The debug-filters are really pretty powerful, it helps you narrow 
down the debugs to just what you're looking for. Filters are 
available for most L3 protocols & infrastructure.


Hope that helps,
Tim


At 02:37 PM 1/3/2012, Bob Sinclair stated:


Thanks Tim! That was it.  Huge help!

I can also now debug activity in a non-default VDC, but only for activity
on default vrf interfaces.  That seems like a real limitation, but I cannot
find any vrf keywords on debug commands.  I also tried changing
routing-context to the non-default vrf, but that did not help.  Any way to
debug activity in the non-default vrfs?  For example, debug ip ospf events?

Thanks!

-Original Message-
From: Tim Stevenson [mailto:tstev...@cisco.com]
Sent: Tuesday, January 03, 2012 4:32 PM
To: b...@bobsinclair.net; cisco-nsp@puck.nether.net
Subject: Re: [c-nsp] Nexus debug output

Hi Bob,

What are you pinging? I assume it's something out the mgmt0 interface. In
this case, debug ip packet detail will not generate any output - many debugs
are applicable to the inband interface only (as in this case).

One alternative if you want to capture mgmt0 traffic is to use the
ethanalyzer, eg something like:

ethan local int mgmt capture-filter "icmp" limit-captured-frames 20 detail >
bootflash:foo

etc.

Or, if you're just trying to see how the debug logfile works, ping something
connected to something other than mgmt0.

Hope that helps,
Tim


At 12:46 PM 1/3/2012, Bob Sinclair stated:
>Hi,
>
>
>
>I am not able to see any debug output on my Nexus 7K.  I am logged into
>the default VDC as netadmin.  I have set up a debug logfile.  But when,
>for example, I turn on 'debug ip packet' then try a ping  I get nothing
>from 'show debug logfile mydebugs'  I have searched command references,
>config guides and googled, to no avail.
>
>
>
>Any help would be most appreciated.
>
>
>
>C1-Default# sh debug
>
>
>Output forwarded to file mydebugs (size: 4194304 bytes)
>
>
>Debug level is set to Minor(1)
>
>
>  default for new sessions logging level: 3
>
>
>
>
>
>debug ip packet
>
>
>`end`
>
>
>C1-Default# sh debug logfile mydebugs
>
>
>C1-Default#
>
>___
>cisco-nsp mailing list  cisco-nsp@puck.nether.net
>https://puck.ne 
ther.net/mailman/listinfo/cisco-nsp
>archive at 
http://puck.nether.net/pipermail/cisco-nsp/





Tim Stevenson, tstev...@cisco.com
Routing & Switching CCIE #5561
Distinguished Technical Marketing Engineer, Cisco Nexus 7000 Cisco -
http://www.cisco.com IP Phone: 408-526-6759

The contents of this message may be *Cisco Confidential* and are intended
for the specified recipients only.




-
No virus found in this message.
Checked by AVG - www.avg.com
Version: 2012.0.1901 / Virus Database: 2109/4720 - Release Date: 01/03/12

-
No virus found in this message.
Checked by AVG - www.avg.com
Version: 2012.0.1901 / Virus Database: 2109/4720 - Release Date: 01/03/12
-
No virus found in this message.
Checked by AVG - www.avg.com
Version: 2012.0.1901 / Virus Database: 2109/4720 - Release Date: 01/03/12
-
No virus found in this message.
Checked by AVG - www.avg.com
Version: 2012.0.1901 / Virus Database: 2109/4720 - Release Date: 01/03/12





Tim Stevenson, tstev...@cisco.com
Routing & Switching CCIE #5561
Distinguished Technical Marketing Engineer, Cisco Nexus 7000
Cisco - http://www.cisco.com
IP Phone: 408-526-6759

The contents of this message may be *Cisco Confidential*
and are intended for the specified recipients only.


___
cisco-nsp mailing list  cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/

Re: [c-nsp] Nexus debug output

2012-01-03 Thread Bob Sinclair 
Thanks Tim! That was it.  Huge help!   

I can also now debug activity in a non-default VDC, but only for activity
on default vrf interfaces.  That seems like a real limitation, but I cannot
find any vrf keywords on debug commands.  I also tried changing
routing-context to the non-default vrf, but that did not help.  Any way to
debug activity in the non-default vrfs?  For example, debug ip ospf events?

Thanks!

-Original Message-
From: Tim Stevenson [mailto:tstev...@cisco.com] 
Sent: Tuesday, January 03, 2012 4:32 PM
To: b...@bobsinclair.net; cisco-nsp@puck.nether.net
Subject: Re: [c-nsp] Nexus debug output

Hi Bob,

What are you pinging? I assume it's something out the mgmt0 interface. In
this case, debug ip packet detail will not generate any output - many debugs
are applicable to the inband interface only (as in this case).

One alternative if you want to capture mgmt0 traffic is to use the
ethanalyzer, eg something like:

ethan local int mgmt capture-filter "icmp" limit-captured-frames 20 detail >
bootflash:foo

etc.

Or, if you're just trying to see how the debug logfile works, ping something
connected to something other than mgmt0.

Hope that helps,
Tim


At 12:46 PM 1/3/2012, Bob Sinclair stated:
>Hi,
>
>
>
>I am not able to see any debug output on my Nexus 7K.  I am logged into 
>the default VDC as netadmin.  I have set up a debug logfile.  But when, 
>for example, I turn on 'debug ip packet' then try a ping  I get nothing 
>from 'show debug logfile mydebugs'  I have searched command references, 
>config guides and googled, to no avail.
>
>
>
>Any help would be most appreciated.
>
>
>
>C1-Default# sh debug
>
>
>Output forwarded to file mydebugs (size: 4194304 bytes)
>
>
>Debug level is set to Minor(1)
>
>
>  default for new sessions logging level: 3
>
>
>
>
>
>debug ip packet
>
>
>`end`
>
>
>C1-Default# sh debug logfile mydebugs
>
>
>C1-Default#
>
>___
>cisco-nsp mailing list  cisco-nsp@puck.nether.net 
>https://puck.nether.net/mailman/listinfo/cisco-nsp
>archive at http://puck.nether.net/pipermail/cisco-nsp/




Tim Stevenson, tstev...@cisco.com
Routing & Switching CCIE #5561
Distinguished Technical Marketing Engineer, Cisco Nexus 7000 Cisco -
http://www.cisco.com IP Phone: 408-526-6759

The contents of this message may be *Cisco Confidential* and are intended
for the specified recipients only.




-
No virus found in this message.
Checked by AVG - www.avg.com
Version: 2012.0.1901 / Virus Database: 2109/4720 - Release Date: 01/03/12

-
No virus found in this message.
Checked by AVG - www.avg.com
Version: 2012.0.1901 / Virus Database: 2109/4720 - Release Date: 01/03/12
-
No virus found in this message.
Checked by AVG - www.avg.com
Version: 2012.0.1901 / Virus Database: 2109/4720 - Release Date: 01/03/12
-
No virus found in this message.
Checked by AVG - www.avg.com
Version: 2012.0.1901 / Virus Database: 2109/4720 - Release Date: 01/03/12

___
cisco-nsp mailing list  cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/

Re: [c-nsp] Nexus debug output

2012-01-03 Thread Tim Stevenson 

Hi Bob,

What are you pinging? I assume it's something out the mgmt0 
interface. In this case, debug ip packet detail will not generate any 
output - many debugs are applicable to the inband interface only (as 
in this case).


One alternative if you want to capture mgmt0 traffic is to use the 
ethanalyzer, eg something like:


ethan local int mgmt capture-filter "icmp" limit-captured-frames 20 
detail > bootflash:foo


etc.

Or, if you're just trying to see how the debug logfile works, ping 
something connected to something other than mgmt0.


Hope that helps,
Tim


At 12:46 PM 1/3/2012, Bob Sinclair stated:

Hi,



I am not able to see any debug output on my Nexus 7K.  I am logged into the
default VDC as netadmin.  I have set up a debug logfile.  But when, for
example, I turn on 'debug ip packet' then try a ping  I get nothing from
'show debug logfile mydebugs'  I have searched command references, config
guides and googled, to no avail.



Any help would be most appreciated.



C1-Default# sh debug


Output forwarded to file mydebugs (size: 4194304 bytes)


Debug level is set to Minor(1)


 default for new sessions logging level: 3





debug ip packet


`end`


C1-Default# sh debug logfile mydebugs


C1-Default#

___
cisco-nsp mailing list  cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/





Tim Stevenson, tstev...@cisco.com
Routing & Switching CCIE #5561
Distinguished Technical Marketing Engineer, Cisco Nexus 7000
Cisco - http://www.cisco.com
IP Phone: 408-526-6759

The contents of this message may be *Cisco Confidential*
and are intended for the specified recipients only.


___
cisco-nsp mailing list  cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/

[c-nsp] Etherchannel load-balance on 3750-3560

2012-01-03 Thread Leonardo Gama Souza 
Hi list,

 

I have a dumb question.

Is the 3560/3750 platform able to load-balance MPLS packets based on
src-dst IP on an Etherchannel?

 

Cheers.

 

___
cisco-nsp mailing list  cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/

[c-nsp] Nexus debug output

2012-01-03 Thread Bob Sinclair 
Hi,

 

I am not able to see any debug output on my Nexus 7K.  I am logged into the
default VDC as netadmin.  I have set up a debug logfile.  But when, for
example, I turn on 'debug ip packet' then try a ping  I get nothing from
'show debug logfile mydebugs'  I have searched command references, config
guides and googled, to no avail.

 

Any help would be most appreciated.

 

C1-Default# sh debug


Output forwarded to file mydebugs (size: 4194304 bytes)


Debug level is set to Minor(1)


 default for new sessions logging level: 3


 


debug ip packet


`end`


C1-Default# sh debug logfile mydebugs


C1-Default#

___
cisco-nsp mailing list  cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/

Re: [c-nsp] inter-as mp-bgp with ttl-security issue

2012-01-03 Thread Gert Doering 
Hi,

On Tue, Jan 03, 2012 at 05:51:37PM +0100, Vitkovsky, Adam wrote:
> Now here's the catch:
> If I decide to use "ttl-security" in the session template on both ends I 
> won't get routing updates across the established session
> Reason according to debug: -- DENIED due to: non-connected MP_REACH NEXTHOP;, 
> label 18

Unless you use "ebgp-multihop" or "disabled-connected-check", the
next-hop received must be in a locally connected(!) subnet on the 
receiving side.

> -which is not true as the Inter-AS-route-reflector has a route to the 
> originating PE in the other AS route is pointing to the ASBR connecting to 
> the other AS

... which is not "connected".  Very much not so :-)

Note that it doesn't tell you "non-reachable ... NEXTHOP" but "non-connected".

gert
no 4-letter certificates
-- 
USENET is *not* the non-clickable part of WWW!
   //www.muc.de/~gert/
Gert Doering - Munich, Germany g...@greenie.muc.de
fax: +49-89-35655025g...@net.informatik.tu-muenchen.de


pgpFHDYvpajIM.pgp
Description: PGP signature
___
cisco-nsp mailing list  cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/

[c-nsp] inter-as mp-bgp with ttl-security issue

2012-01-03 Thread Vitkovsky, Adam 
I just ran across this issue again so I decided to find some reasonable 
explanation if there's one

I've just set up a vpnv4 session between two inter-as route-reflectors (7200s 
runing 12.2(33)SRE4)
Since it's MP-eBGP session I either can use "ebgp-multihop" or "ttl-security" 
to manipulate the ttl in bgp packets allowing them to pas between AS domains

Now here's the catch:
If I decide to use "ttl-security" in the session template on both ends I won't 
get routing updates across the established session
Reason according to debug: -- DENIED due to: non-connected MP_REACH NEXTHOP;, 
label 18
-which is not true as the Inter-AS-route-reflector has a route to the 
originating PE in the other AS route is pointing to the ASBR connecting to the 
other AS
And the label-switched-path exist as verified by the mpls ping between the 
inter-as-route-reflector and the PE in other AS

However when I deconfigure the "ttl-security" and use "ebgp-multihop" instead 
and reset the session I'll get all the inter-as vpnv4 routes -no issues




Adam Vitkovsky CCIP(r) CCNP(r) certified
System Engineer | AT&T Business Solutions - Global Customer Service
Phone: +421-269-257-375
Email: av0...@att.com

"This message and any attachments to it contain confidential business 
information intended solely for the recipients. If you have received this email 
in error please do not forward or distribute it to anyone else, but email me to 
report the error, and then delete this message from your system."

___
cisco-nsp mailing list  cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/