Re: [c-nsp] SDN
LOL. after so many years, this list does not stop making me more and more surprised, thank you, you made my day. 2014-12-18 7:35 GMT+01:00 cool hand luke coolhandl...@coolhandluke.org: On 12/17/2014 04:21 AM, GNANESH wrote: I need to understand and setup SDN in my office environment. Can you help me out with necessary videos and installation guides ? 1. could you be a little more vague? 2. is google broken? if google doesn't have what you need, then... 3. reply w/ your timeline and your training budget. /chl ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/ -- ++ ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] Divide large PVST domain?
If you are looking for real fun, aggregate redundant links with etherchannel, then disable STP. Il 09/lug/2014 18:21 Victor Sudakov v...@mpeks.tomsk.su ha scritto: John Gaffney wrote: You could consider MST to reduce the number of STP instances. Sometimes that can increase efficiency. Am I correct to assume that every time I need to move a vlan from one MST instance to another, my whole MST domain will fall apart until the MST reconfiguration is complete on all the switches? Somehow I don't like this idea. However what you are probably looking for is spanning-tree diameter command. If I recall that can make some auto adjustments to STP timers to accommodate for large switched networks. Even with the timer adjustments the maximum diameter is about 18 devices. Still my train does miraculously work provided the root switch is in the middle. You should also be aware that 20 switches connected in a straight line (hence middle switch) gives you a single point of failure. It is not exactly so because the radio equipment has a way to shunt the failed switch. So the continuity of the train can be quickly restored. But it is a different topic. I also have a backup root close to the middle of the train. This is also the reason why going all L3 is not an option. You cannot simply shunt a router. If it is truly a train of switches you could also not run STP - no ring/redundant link = no loop. As I have already said before, 'I have a train topology with some redundant links between neighboring switches'. There are however no rings in the sense that redundant links are only between neighbors. -- Victor Sudakov, VAS4-RIPE, VAS47-RIPN sip:suda...@sibptus.tomsk.ru ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/ ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
[c-nsp] macsec appliance?
Hi all, I'm looking for a macsec 802.1ae compliant appliance. Btw a switch cannot be used in this case, just a macsec blackbox GE/10GE. Do you know about any device of this type? Thanks ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] Nexus vPC loop avoidance details?
adrian, even if you found the solution already, here is a great reference document: http://bradhedlund.com/2010/12/16/routing-over-nexus-7000-vpc-peer-link-yes-and-no/ bye 2011/4/27 Lincoln Dale l...@cisco.com: whether a device sends to the 'right' or 'wrong' N7K depends on which physical link it chooses to use in a LAG bundle. as the neighboring device has no idea its a point-to-multipoint bundle, its not really in a position to choose the 'right' or 'wrong' link. This makes complete sense. It's just weird that when sourced from transit interfaces on the directly adjacent 6500s, traffic to the wrong N7K is actually dropped when the egress would be to another vPC, but when sourced from something beyond the 6500s, regardless of the physical link within the LAG that's chosen, all traffic appears to work. the example i was talking about was OSPF which uses link-local multicast and TTL==1 packets - which means that if they arrive at the 'wrong' device, they cannot easily just be sent to the 'right' device. i think what you're describing here is aspects of the vPC loop avoidance mechanism. as to how vPC does loop avoidance, its sort of beside the point as to how it actually does it - just that it _does_ do it. i don't think its a secret per-se as to how we do it, but what you've observed with routing protocols is somewhat orthogonal to that. Mostly curious as to why some scenarios appear to work even though the traffic is traversing links which are to the wrong N7K. vPC loop avoidance should be dropping these packets as well, so my assumption was that it is more involved than simply setting a bit when the packet traverses the peer-link and then filtering. the vPC loop avoidance system functions prevents loops by dropping packets/frames that are destined to go out a vPC member port _if all of: (a) that frame/packet arrived on the vPC peer-link (b) the vPC 'peer' switch could have sent the packet out an operational vPC member port itself e.g. lets say that a packet/frame arrived on Nexus-A Portchannel100 (vPC peer-link) from Nexux-B. if on making a forwarding decision Nexus-A determines that the packet/frame is to be forwarded to vPC PortChannel150 _and_ it knows that Nexus-B has operationally-up interfaces also in vPC PortChannel150, _then_ it will drop the frame/packet to prevent a loop, as it knows that Nexus-B could have sent it down that path itself. if you're seeing drops in various scenarios, suggest you diagnose/debug what the IP-address and MAC address is on where you are directing frames. it may well be that whatever you are testing is already in violation of RFC-791/RFC-826/RFC-5227 and are not associating a mac address with an IP address correctly. over time, we have discovered numerous devices from a variety of vendors that violate some very basic RFC behavior which has caused issues. introducing things like vPC peer-switch addresses some of these misbehaving devices, but are really addressing the symptom not the root cause. In any case, it's not a big deal. Unsupported, we won't do it, we'll leave it at that. :) if you absolutely must run a routing protocol over vPC there are ways you CAN do it. e.g. run it as router-on-a-stick that has L2 hops via vPC. you can achieve this on a single physical box on N7K by making use of VDCs. there's other ways too, e.g. run something like BGP with set-next-hop to the FHRP address. cheers, lincoln. ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/ -- Lo hai detto hermano. No se escherza con Jesus! (Jesus Quintana) ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
[c-nsp] no nbar on nx-os?
hi all, i was looking for a way by which prioritize http traffic towards some url's on nexus 7010. there is no nbar to classify traffic for a specific url, are there alternatives? is the extended acl (eg. matching tcp port 80) the most granular way to classify and then prioritize this traffic on nx-os? thank you -- ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] asa 8.4 + etherchannel + nexus7k
m guys, i really appreciate your recommendation, but we are talking here about 2 distinct data centers, where the 2 ASA chassis will be separated by a L2 dwdm link. so i can't use a cable for failover, but only a vlan carrying traffic destined to a subinterface into the default context. in any case, if some problems will affect the dwdm link and as a consequence the faiolver vlan is down, the split brain on the firewalls will be our last concern. 2011/4/6 robbie.ja...@regions.com: strong recommendation on the direct cable for failover; you may risk a split-brain scenario otherwise. -- robbie Ryan West rw...@zyedge.com To Sent by: Federico Cossu cisco-nsp-bounces federico.co...@gmail.com, @puck.nether.net cisco-nsp cisco-nsp@puck.nether.net cc 04/05/2011 01:43 PM Subject Re: [c-nsp] asa 8.4 + etherchannel + nexus7k On Tue, Apr 05, 2011 at 14:27:18, Federico Cossu wrote: Subject: [c-nsp] asa 8.4 + etherchannel + nexus7k hi all, i can't find any useful information about connecting ASA 8.4 etherchannels to 2 different nexus7K, where the 2 nexus devices are aggregating channels with vPC. the idea is to trunk inside, outside and failover vlan to ASA and let it manage routing between them. 8.4 supports LACP, so you should be fine to configure in this manner. Might want to consider a direct cable for the failover though. no L3 dynamic routing between asa --- nexus, my concern is that the nexus are also the L2/L3 boundary for the servers vlan, server have their default gateway on the nexus (hsrp). configuration guide cites only vss, not vpc unfortunately. http://www.cisco.com/en/US/docs/security/asa/asa84/configuration/guide / interface_start.html#wp1329030 thank you all for any shared information or experience. bye -ryan ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/ -- Lo hai detto hermano. No se escherza con Jesus! (Jesus Quintana) ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
[c-nsp] asa 8.4 + etherchannel + nexus7k
hi all, i can't find any useful information about connecting ASA 8.4 etherchannels to 2 different nexus7K, where the 2 nexus devices are aggregating channels with vPC. the idea is to trunk inside, outside and failover vlan to ASA and let it manage routing between them. no L3 dynamic routing between asa --- nexus, my concern is that the nexus are also the L2/L3 boundary for the servers vlan, server have their default gateway on the nexus (hsrp). configuration guide cites only vss, not vpc unfortunately. http://www.cisco.com/en/US/docs/security/asa/asa84/configuration/guide/interface_start.html#wp1329030 thank you all for any shared information or experience. bye ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] Nexus equipment in corporate networks
1) yes we do 2) no management vdc, but yes we do that as well. bye 2011/3/12 chris stand cstand...@gmail.com: Hello, Is anyone here using Nexus 7Ks in their corporate networks ? Other than the management vDC are you breaking up your networks into multiple vDCs ? thank you. Chris ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/ -- Lo hai detto hermano. No se escherza con Jesus! (Jesus Quintana) ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] OER + asymmetric routing issues?
sorry, to be true it's not so classical ;)) yes that's what we are planning, we can avoid using pfr/oer keeping flows aligned in a simpler/manual way, but having pfr would be nice. The scenario with 2 fw chassis is well documented, when having only 2 firewall chassis to be configured in an active/active inter-dc scenario. it is not yet decided, but we'll have 2 clusters each one into a datacenter where each datacenter will peer with a different internet isp. 2011/3/7 Nick Hilliard n...@foobar.org: On 07/03/2011 13:19, Federico Cossu wrote: thank you nick, it's clear to us how to manage ASR on active/active pairs, but what if i have 2 pairs on 2 separated data centers? does the asr group can be extended between separate clusters? any other way to do it? What exactly are you trying to do here? Your last email mentioned classical dual-homed scenario, but it looks like you're planning multiple firewall clusters over multiple data centres, and potentially multiple ingress points into your firewalled network zones, all tied together with pfr. This probably isn't your average simple dual homed scenario. Nick -- Lo hai detto hermano. No se escherza con Jesus! (Jesus Quintana) ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
[c-nsp] ipv4 snmp traps for monitoring ipv6
hi all, we would like to monitor some part of our ipv6 infrastructure, we have mp-bgp and ospfV3 peerings running over an ipv6 network. herehttp://www.cisco.com/en/US/docs/ios/ipv6/configuration/guide/ip6-mng_apps_ps6441_TSD_Products_Configuration_Guide_Chapter.html#wp1058406i can read that only few mib's are supported over ipv6, so i did some tests on dynamips and i've found that for a BGP peering both in ipv4 and ipv6 traps (eg: peer down, peer UP) are getting out only for the ipv4 peer relationship. can someone please tell me what kind of traps i can expect from an ipv6 network infrastructure? we are also expecting that ipv6-related traps will be forwarded through a classic ipv4 network infrastructure. thank you all -- -- ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] CSM probe
in my case they came from the vlan ip address where the real server resides. /BR 2010/6/25 Sony Scaria sony.sca...@gmail.com: Hello, I got a quick question, when the csm is probing the real servers, what source ip does the csm use for the probe?. ~Sony Sent from BlackBerry® wireless ___ cisco-nsp mailing list cisco-...@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/ -- -- ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] Etherchannel plus OSPF in GNS3
your topology isn't so clear ivan, i can tell you that GNS3( or better, dynamips) does not support L3 etherchanneling. if you want to see something on the cable wireshark (on real or virtual devices) can definitely help you. /BR 2010/6/23 Ivan Šimko ivan.si...@gmail.com: Hi all I've got question for GNS experienced guys. In my attached topology I have routers with etherchannel groups. Then 2 VRFs light and OSPF over SVI. Purpose of the network is achieve load balancing on port-channels and load balancing over OSPF also. Better understanding is here: Router has got 2 Etherchannel groups Router has got VRF with 2 VLANs One VLAN is memmber of etherchannel group 1 Second VLAN memmber of group 2 Each group consists from 2 ports - I'm using two different links for transmitting and want use them for higher throughput, that is the reason for etherchannel group OSPF for VRF Both VLANs are memmber of same VRF. Interconnections are VLANs /30. Netwrok works pretty nice but only thing what I'm missing are counters on physical FE ports and Port-channels what are still zero. Only ones updated counters are SVIs. OSPF does load balancing based on flow Port channel is set up based on src-dst-ip - how to confirm?? I want prove that portchannel is using both ports in one direction only. Counters should to help me but nothing is incremented. Used devices: 3640 Thanks for comments Ivan ___ cisco-nsp mailing list cisco-...@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/ -- -- ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
[c-nsp] mpls vpn load balancing issue [LONG]
hi all, my first post, please be kind! :) i have a typical mpls network, as a nation-wide mpls-vpn topology, where CE's are connected to PE's via eBGP sesssions. P routers and PE routers are each other inside an ospf area 0, all the PE's are connected to 3 core P's, and P's are acting as route reflectors for all PE's with MP-Bgp. ce1 ce2 ..ceN \ | / \ | / PE1 | | P / \ / \ / \ P---P / \ / \ PE2 PE3 / | / | / | / | ce4 ce5---ce6 ce7 PE are fully meshed with all three P's, please see Figure 6-5 for reference on http://fengnet.com/book/MPLS%20Configuration%20on%20Cisco%20IOS%20Software/ch06lev1sec2.html the ios is at Version 12.2(33)SRD2a. on the PE's, maximum-paths ibgb unequal 2 import 2 is configured under the routing bgp process, inside the address-family ipv4 vrf $VRFNAME. based on this, think about two different CE's in the same AS 65xxx, they are connected to two different PE for redundancy. (ce5 and ce6 above, connected to PE2 and PE3 respectively) BOTH ce5 and ce6 are advertising few routes, the SAME ROUTES for the two CE's, these routes are first statically configured and then announced via network command under the bgp process so for ce5 and ce6 i can see : ip route 1.2.3.0 255.255.255.0 g1/0 a.b.c.d1 ip route 1.2.4.0 255.255.255.0 g1/1 a.b.c.d2 ip route 1.2.5.0 255.255.255.0 g1/0 a.b.c.d1 ip route 1.2.6.0 255.255.255.0 g1/1 a.b.c.d2 and then router bgp 65xxx network 1.2.3.0 mask 255.255.255.0 network 1.2.4.0 mask 255.255.255.0 network 1.2.5.0 mask 255.255.255.0 network 1.2.6.0 mask 255.255.255.0 the issue can be noticed on the remote PE1. on this remote PE1, under the vrf bgp table, you can see that only one of those 4 routes is load balanced with 2 paths, the other 3 ones are not loadbalanced, even if all paths are there in the bgp table for the vrf. so for example on network 1.2.4.0 i have no multipath loadbalancing even if there are 3 available paths: PE1-ROUTER7600#sh ip bgp vpnv4 vrf $VRFNAME 1.2.4.0 BGP routing table entry for 10:1555:1.2.4.0/24, version 381822021 Paths: (3 available, best #3, table $VRFNAME) Multipath: iBGP Advertised to update-groups: 4 6 65xxx, imported path from 10::1.2.4.0/24 10.1.2.2 (metric 45) from 10.0.0.2 (10.10.10.2) Origin IGP, metric 0, localpref 100, valid, internal Extended Community: RT:10: Originator: 10.1.2.99, Cluster list: 0.0.0.1 mpls labels in/out nolabel/459 65xxx, imported path from 10::1.2.4.0/24 10.1.2.3 (metric 45) from 10.0.0.3 (10.10.10.3) Origin IGP, metric 0, localpref 100, valid, internal Extended Community: RT:10: Originator: 10.1.2.88, Cluster list: 0.0.0.2 mpls labels in/out nolabel/839 65xxx, imported path from 10::1.2.4.0/24 10.1.2.3 (metric 45) from 10.0.0.2 (10.10.10.2) Origin IGP, metric 0, localpref 100, valid, internal, multipath, best Extended Community: RT:10:777 Originator: 10.1.2.88, Cluster list: 0.0.0.1 mpls labels in/out nolabel/839 on network 1.2.3.0 i do have multipath and loadbalancing as expected: PE1-ROUTER7600#sh ip bgp vpnv4 vrf $VRFNAME 1.2.3.0 BGP routing table entry for 10::1.2.3.0/24, version 381822020 Paths: (3 available, best #3, table $VRFNAME) Multipath: iBGP Advertised to update-groups: 3 5 65xxx, imported path from 10::1.2.3.0/24 10.1.2.29 (metric 45) from 10.0.0.2 (10.10.10.2) Origin IGP, metric 0, localpref 100, valid, internal, multipath Extended Community: RT:10: Originator: 10.1.2.99, Cluster list: 0.0.0.1 mpls labels in/out nolabel/1282 65xxx, imported path from 10::1.2.3.0/24 10.1.2.28 (metric 45) from 10.0.0.3 (10.10.10.3) Origin IGP, metric 0, localpref 100, valid, internal Extended Community: RT:10: Originator: 10.1.2.88, Cluster list: 0.0.0.2 mpls labels in/out nolabel/719 65xxx, imported path from 10::1.2.3.0/24 10.1.2.28 (metric 45) from 10.0.0.2 (10.10.10.2) Origin IGP, metric 0, localpref 100, valid, internal, multipath, best Extended Community: RT:10: Originator: 10.1.2.88, Cluster list: 0.0.0.1 mpls labels in/out nolabel/719 why for a network i have lodbalancing and for the other one i haven't? other than the missing multipath, why the vrf bgp table shows 3 paths, even if i configured it to import only 2 at maximum? lastly, the issue isn't live all the days, somedays i have 4 paths for each prefix and multipathing occurs as well. hope it's clear enough, i did also a dynamips emulation but everything works fine there, even if with a newer 12.4T. thanks to whom patiently read til here and thanks anyway. best regards. -- -- ___ cisco-nsp mailing list cisco-nsp@puck.nether.net
[c-nsp] mpls vpn load balancing issue [LONG]
(sorry i forget to add the tag in front of the subject) hi all, my first post, please be kind! :) i have a typical mpls network, as a nation-wide mpls-vpn topology, where CE's are connected to PE's via eBGP sesssions. P routers and PE routers are each other inside an ospf area 0, all the PE's are connected to 3 core P's, and P's are acting as route reflectors for all PE's with MP-Bgp. ce1 ce2 ..ceN \ | / \ | / PE1 | | P / \ / \ / \ P---P / \ / \ PE2 PE3 / | / | / | / | ce4 ce5---ce6 ce7 PE are fully meshed with all three P's, please see Figure 6-5 for reference on http://fengnet.com/book/MPLS%20Configuration%20on%20Cisco%20IOS%20Software/ch06lev1sec2.html the ios is at Version 12.2(33)SRD2a. on the PE's, maximum-paths ibgb unequal 2 import 2 is configured under the routing bgp process, inside the address-family ipv4 vrf $VRFNAME. based on this, think about two different CE's in the same AS 65xxx, they are connected to two different PE for redundancy. (ce5 and ce6 above, connected to PE2 and PE3 respectively) BOTH ce5 and ce6 are advertising few routes, the SAME ROUTES for the two CE's, these routes are first statically configured and then announced via network command under the bgp process so for ce5 and ce6 i can see : ip route 1.2.3.0 255.255.255.0 g1/0 a.b.c.d1 ip route 1.2.4.0 255.255.255.0 g1/1 a.b.c.d2 ip route 1.2.5.0 255.255.255.0 g1/0 a.b.c.d1 ip route 1.2.6.0 255.255.255.0 g1/1 a.b.c.d2 and then router bgp 65xxx network 1.2.3.0 mask 255.255.255.0 network 1.2.4.0 mask 255.255.255.0 network 1.2.5.0 mask 255.255.255.0 network 1.2.6.0 mask 255.255.255.0 the issue can be noticed on the remote PE1. on this remote PE1, under the vrf bgp table, you can see that only one of those 4 routes is load balanced with 2 paths, the other 3 ones are not loadbalanced, even if all paths are there in the bgp table for the vrf. so for example on network 1.2.4.0 i have no multipath loadbalancing even if there are 3 available paths: PE1-ROUTER7600#sh ip bgp vpnv4 vrf $VRFNAME 1.2.4.0 BGP routing table entry for 10:1555:1.2.4.0/24, version 381822021 Paths: (3 available, best #3, table $VRFNAME) Multipath: iBGP Advertised to update-groups: 4 6 65xxx, imported path from 10::1.2.4.0/24 10.1.2.2 (metric 45) from 10.0.0.2 (10.10.10.2) Origin IGP, metric 0, localpref 100, valid, internal Extended Community: RT:10: Originator: 10.1.2.99, Cluster list: 0.0.0.1 mpls labels in/out nolabel/459 65xxx, imported path from 10::1.2.4.0/24 10.1.2.3 (metric 45) from 10.0.0.3 (10.10.10.3) Origin IGP, metric 0, localpref 100, valid, internal Extended Community: RT:10: Originator: 10.1.2.88, Cluster list: 0.0.0.2 mpls labels in/out nolabel/839 65xxx, imported path from 10::1.2.4.0/24 10.1.2.3 (metric 45) from 10.0.0.2 (10.10.10.2) Origin IGP, metric 0, localpref 100, valid, internal, multipath, best Extended Community: RT:10:777 Originator: 10.1.2.88, Cluster list: 0.0.0.1 mpls labels in/out nolabel/839 on network 1.2.3.0 i do have multipath and loadbalancing as expected: PE1-ROUTER7600#sh ip bgp vpnv4 vrf $VRFNAME 1.2.3.0 BGP routing table entry for 10::1.2.3.0/24, version 381822020 Paths: (3 available, best #3, table $VRFNAME) Multipath: iBGP Advertised to update-groups: 3 5 65xxx, imported path from 10::1.2.3.0/24 10.1.2.29 (metric 45) from 10.0.0.2 (10.10.10.2) Origin IGP, metric 0, localpref 100, valid, internal, multipath Extended Community: RT:10: Originator: 10.1.2.99, Cluster list: 0.0.0.1 mpls labels in/out nolabel/1282 65xxx, imported path from 10::1.2.3.0/24 10.1.2.28 (metric 45) from 10.0.0.3 (10.10.10.3) Origin IGP, metric 0, localpref 100, valid, internal Extended Community: RT:10: Originator: 10.1.2.88, Cluster list: 0.0.0.2 mpls labels in/out nolabel/719 65xxx, imported path from 10::1.2.3.0/24 10.1.2.28 (metric 45) from 10.0.0.2 (10.10.10.2) Origin IGP, metric 0, localpref 100, valid, internal, multipath, best Extended Community: RT:10: Originator: 10.1.2.88, Cluster list: 0.0.0.1 mpls labels in/out nolabel/719 why for a network i have lodbalancing and for the other one i haven't? other than the missing multipath, why the vrf bgp table shows 3 paths, even if i configured it to import only 2 at maximum? lastly, the issue isn't live all the days, somedays i have 4 paths for each prefix and multipathing occurs as well. hope it's clear enough, i did also a dynamips emulation but everything works fine there, even if with a newer 12.4T. thanks to whom patiently read til here and thanks anyway. best regards. -- -- ___ cisco-nsp mailing list
