Re: [c-nsp] Redist "BGP" routes to "other" PE's (In same VRF)

2015-01-15 Thread Will Tardy 
This might work: On the ASR9K try the "advertise-as-vpn" command in the vrf 
definition section, for the import/export to GRT. On 1Ks, use a VASI pair to 
advertise via a BGP peering session.


> On 11 Jan 2015, at 11:19 pm, Oliver Boehmer (oboehmer)  
> wrote:
> 
> 
>> Hi Everyone,
>> 
>> I have a vrf (TEST), configured on 2 PE's...both learn each others
>> connected+static routes (redist connnected, redist static), so that
>> portion is working fine...but I also have leaked the default route from
>> PE_A (That we receive  from an upstream provider), into the vrf
>> TESTon PE_A, I can see the detault route in the VRF TEST, and also
>> GRT, and I can get to the Internet from an IP within the VRFI have
>> "default-information originate" on PE_A for vrf TEST, but the default
>> route is not being propagated to PE_B...the default route is seen as type
>> "BGP" when I issue "sh ip route vr TEST/sh ip route vrf test
>> 0.0.0.0"any suggestions on what is needed to redist this BGP route to
>> the other PE in the VRF?   i.e. under address family vrf TEST,
>> redistribute BGP xxx (with a route map to ensure only the default is
>> distributed to the other PE?)
> 
> A PE which imports a route into a VRF (and importing from global is no
> exception) will not advertise this route via iBGP to other PEs. So you
> would need to configure the same import on PE_B too..
> 
>oli
> 
> 
> ___
> cisco-nsp mailing list  cisco-nsp@puck.nether.net
> https://puck.nether.net/mailman/listinfo/cisco-nsp
> archive at http://puck.nether.net/pipermail/cisco-nsp/

___
cisco-nsp mailing list  cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/

Re: [c-nsp] TCN's - Causing brief outages on ASR1K

2014-12-18 Thread Will Tardy 
Switches can have rate-limiters (aka storm-control measures) to control 
broadcast, multicast and unknown-unicast. BPDU's are layer-2 multicast. Your 
issues sounds like you're losing BPDUs.

Try "debug spanning-tree root" to see if it's causing root changes.

If you are running a lot of VLANs worth of BPDUs, you might be bumping into a 
limit somewhere on your network or a peer's. 

It's because of problems like this, that STP shouldn't cross 
administrative-domains.


On 18 Dec 2014, at 4:09 pm, CiscoNSP List  wrote:

>> 
>> This seems like..."interesting" advice. At that point, you might as
>> well just turn spanning-tree off. This is somewhere around cutting off
>> your foot to stop your toe bleeding.
>> 
>> That said: This seems like "design problem" not so much "gear
>> problem". Why are you running spanning tree with devices you don't
>> administratively control? And if you do control them, why the hell are
>> you seeing TCNs so often if your network is stable?
> 
> 
> We dont control the device this port is connected to, and when the port was 
> configured, bpdufilter was not enabled(12months ago)TCN's have only 
> recently been "arriving" on this port.
> 
> 
>> 
>> -Blake
>> 
>> On Wed, Dec 17, 2014 at 8:35 PM, CiscoNSP List
>>  wrote:
>>> Another update on thisTAC are recommending that we enable bpdufilter on 
>>> "all" ports, as any port that is root and receives a TCN will cause an 
>>> "outage"we have bpdufilter enabled on customer facing ports(to other 
>>> switches), but some of our legacy equipment/connections would be missing 
>>> this command Im sureI find it incredibly difficult to believe that we 
>>> have not been hit by this in the past, if this is "expected" behaviour on 
>>> any switch.
>>> 
>>> Would love to hear from any switching experts on TAC's recommendation, and 
>>> have we just been "lucky" not to be impacted by this in the past?
>>> 
>>> 
>>> Cheers.
>>> 
>>> From: cisconsp_l...@hotmail.com
>>> To: peteli...@templin.org; mrantoinemonn...@gmail.com; luky...@hotmail.com; 
>>> cisco-nsp@puck.nether.net
>>> Subject: RE: [c-nsp] TCN's - Causing brief outages on ASR1K
>>> Date: Tue, 16 Dec 2014 10:51:07 +1100
>>> 
>>> 
>>> 
>>> 
>>> Thanks for all the replies.
>>> 
>>> Just an update to this - No issues for 4 days (with  spanning-tree portfast 
>>> trunk enabled on trunk port from 4948 -> ASR), then this morning, another 
>>> TCN was received on an AGG port(On the 4948) to a carrier (The TCN's (Since 
>>> we are now looking for them)) seem to only arrive on 2 ports...both being 
>>> carrier AGG ports, with multiple vlans, and to the same carrier.we do 
>>> not have any visibility into the carriers network
>>> 
>>> This TCN did also cause OSPF+LDP flaps on the ASRagain, only for a 
>>> ~5seconds
>>> 
>>> It's "RRR"(So highest priority) with TAC, but we are still in the same 
>>> place we were over a week ago.as you can imagine, customers are not 
>>> impressed!
>>> 
>>> 
>>> 
 Date: Mon, 15 Dec 2014 09:04:43 -0800
 From: peteli...@templin.org
 To: mrantoinemonn...@gmail.com; luky...@hotmail.com; 
 cisconsp_l...@hotmail.com; cisco-nsp@puck.nether.net
 Subject: Re: [c-nsp] TCN's - Causing brief outages on ASR1K
 
 You can run RSTP or MST all day long on a switch to get rapid STP
 convergence, but you'll only gain the rapidness of RSTP/MST on ports
 where they neighbor is actually participating in the correct STP
 variant. Routers don't participate in STP, so the 4948 has to treat
 those ports as legacy STP. Whenever there's a root placement event, the
 4948 has to block the port until the STP process/timers can confirm that
 there's no superior root bridge hiding inside or behind the router.
 
 Now, if there's a small enough event going on that SHOULDN'T be causing
 a root placement event but IS, that could be a bug in the 4948 code.
 
 However, I'd say very strongly that you SHOULD have portfast [trunk]
 towards any devices that aren't participating in the STP process, unless
 those devices are capable of creating an L2 loop.
 
> On 12/15/2014 1:18 AM, Antoine Monnier wrote:
> A TCN will cause all the learned MAC addresses to be flushed by the
> switiches, but it will not "block" traffic. So the TCN on its own should
> not be the cause of OSPF and LDP flaps.
> 
> Is your switch running out of space for all the learned MAC addresses?
> 
>  I dont see how enabling "portfast trunk" would help in that scenario (it
> should only change the behavior if an interface flaps).
> Has the source of TCN being identified? Configuring ports as "portfast"
> will lower the probability of generating TCN, that may be why they advised
> you to do this. However applying to a port that is stable (no interface
> flap) is not really going to help for this specific problem.
> 
> 
> 
>> On Mon, Dec 15, 2014 at 9:06 AM, Lukas Trib

Re: [c-nsp] next-hop-self under address-family vpnv4 also?

2014-09-18 Thread Will Tardy 
It¹s not needed.


"address-family vpnv4" section is used to define which routers participate
in the VPNv4.  The underlying MPLS network will forward labels between the
VPNv4 end-point CE's. Next-hop-self isn¹t required. All that¹s required is
MPLS and IGP reachability between the CE¹s participating in the vpnv4
domain.

On 19/09/2014 10:31 am, "CiscoNSP List"  wrote:

>Is it recommended to add it under vpnv4 also?
>
>i.e.
>
>router bgp xx
>...
>neighbor iBGP-IPv4-PEERS update-source Loopback0
>neighbor iBGP-IPv4-PEERS next-hop-self
>neighbor xxx.xxx.xxx.xxx peer-group  iBGP-IPv4-PEERS...
>address-family vpnv4
>  bgp redistribute-internal
>  neighbor  iBGP-IPv4-PEERS send-community extended
>  neighbor iBGP-IPv4-PEERS next-hop-self
>  neighbor xxx.xxx.xxx.xxx activate
>
>Cheers.
>
>
> 
>___
>cisco-nsp mailing list  cisco-nsp@puck.nether.net
>https://puck.nether.net/mailman/listinfo/cisco-nsp
>archive at http://puck.nether.net/pipermail/cisco-nsp/


___
cisco-nsp mailing list  cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/