On Tuesday, November 29, 2011 07:59:00 AM Keegan Holley
wrote:
> into BGP with one set of filters, then maintaing routing
> policy with another, possibly one for iBGP and yet
> another for upstreams is can be a bit cumbersome. I'm
> not saying it's not doable, nor am I saying it's a
> reason in
> > You can also apply attributes directly to the aggregate.
> > So you can set origin code, local pref etc. directly on
> > the route.
>
> Yes, but you can also do that with a regular route-map for
> your outbound BGP policy toward the route reflectors.
>
> you have to admit creating a bunch of st
2011/11/28 Gert Doering
> Hi,
>
> On Mon, Nov 28, 2011 at 11:41:08AM -0500, Keegan Holley wrote:
> > That wasn't centered around aggregates and no. Some of us don't run
> > gigantic intercontinental ISP's :) So yes us lowly Tier-II and Tier-III
> > AS's may on occasion learn our own routes from
On Mon, Nov 28, 2011 at 08:27:17PM +0200, Ghassan.khalil wrote:
> Sure, REP was developed in a way to block BPDU messages on the REP ports.
> But my concern was the number of vlans that can be blocked using REP, cause I
> used PVST and it only supports 128 vlans thats is why I am thinking of using
Hi Ghassan:
The REP ring can take 4094 vlans. You can also block specific VLANs or sets of
VLANs for load-balancing purposes.
Mike
--
Michael K. Smith - CISSP, GSEC, GISP
Chief Technical Officer - Adhost Internet LLC mksm...@adhost.com
w: +1 (206) 404-9500 f: +1 (206) 404-9050
PGP: B49A DDF5 86
Sure, REP was developed in a way to block BPDU messages on the REP ports.
But my concern was the number of vlans that can be blocked using REP, cause I
used PVST and it only supports 128 vlans thats is why I am thinking of using
REP .
Does REP have a limitation on the number of supported vlans ?
This does not work:
Switch A -- REP switch 1
| (REP ring)
|-- REP switch 2
You have to use backup links on Switch A so that both links aren't active at
the same time.
Mike
--
Michael K. Smith - CISSP, GSEC, GISP
Chief Technic
On 2011-11-28 17:55, Michael K. Smith - Adhost wrote:
Hello:
The one limitation of REP is no spanning tree.
Well, isn't it obvious, as REP was developed to eliminate
need for STP?
REP can perfectly interwork with STP at the edges.
--
"There's no sense in being precise when | Łu
On Tuesday, November 29, 2011 01:29:41 AM P C wrote:
> I think t-mobile is running public customer trials with
> IPV6-only customers and NAT64. You can sign up here:
> http://www.personal.psu.edu/dvm105/blogs/ipv6/2010/07/t-m
> obile-ipv6-open-trial.html
We have ours working - of course, Skype a
On Tuesday, November 29, 2011 01:30:25 AM Oliver Boehmer
(oboehmer) wrote:
> this could be CSCte54703, dup'ed to CSCin97169..
Yep, looks a lot like what we have, although we see the
issue even without a system reboot.
The case notes about the issue happening after the 'no
switchport' command
7200 is just announced... it does still have several years of support
left though.
I didn't think a properly licensed 7201 was that much less expensive
than an ASR on a per-session basis, was it?
On Sun, Nov 27, 2011 at 5:42 PM, ar wrote:
> Any other options for LAC/LNS functionality for the n
On Tuesday, November 29, 2011 12:41:08 AM Keegan Holley
wrote:
> You can also apply attributes directly to the aggregate.
> So you can set origin code, local pref etc. directly on
> the route.
Yes, but you can also do that with a regular route-map for
your outbound BGP policy toward the route
asa823-10-smp-k8 is very stable for me on ASA 5580s (not 85) and
large-scale ipsec RA vpn termination.
Sounds like you are hitting a bug though, I'd push for escalation in
TAC. You have a traceback and can grab the crashinfo file off the
flash. They should be able to get a developer involved to
I think t-mobile is running public customer trials with IPV6-only
customers and NAT64. You can sign up here:
http://www.personal.psu.edu/dvm105/blogs/ipv6/2010/07/t-mobile-ipv6-open-trial.html
(google cache link to more details since google groups is throwing 500
errors right now when accessed di
> > FWIW We've seen the same static route name behavior with
> > 3560s running 12.2(50)SE. Occasionally the names
> > disappear from the routes. You can re-apply the
> > configuration from Rancid to put them back, and at some
> > point later they disappear again. We didn't dig into it
> > as i
I've got a pair of ASA-5585s in an Active/Standby config running
asa825-13-smp-k8.bin. A week or two after being deployed, the Active
unit started to crash every few hours; TAC had me move to
asa825-17-smp-k8.bin, and to also stop using remote-access IPSEC VPN
on these units.
Now, 2 weeks later,
Hi,
On Mon, Nov 28, 2011 at 11:41:08AM -0500, Keegan Holley wrote:
> That wasn't centered around aggregates and no. Some of us don't run
> gigantic intercontinental ISP's :) So yes us lowly Tier-II and Tier-III
> AS's may on occasion learn our own routes from an external connection.
These lowly
Hello:
The one limitation of REP is no spanning tree. So, if you're doing anything
with a switch connected to two switches on the ring and using STP for
redundancy, you'll need to modify your design to use something like a backup
interface.
Regards,
Mike
--
Michael K. Smith - CISSP, GSEC,
2011/11/28 Mark Tinka
> On Tuesday, November 29, 2011 12:06:28 AM Keegan Holley
> wrote:
>
> > It's cleaner to have a route type for aggregates than a
> > static null0 route with the same default preference of a
> > static route.
>
> Why would it be cleaner?
>
> The static route is basically use
2011/11/28 Mark Tinka
> On Saturday, November 26, 2011 12:01:35 AM Keegan Holley
> wrote:
>
> > There's no family aggregate in cisco. That's one of the
> > reasons people buy junipers in the first place.
>
> Definitely not us :-).
>
> If we're dying for such a feature and it's the only thing
> s
On Tuesday, November 29, 2011 12:06:28 AM Keegan Holley
wrote:
> It's cleaner to have a route type for aggregates than a
> static null0 route with the same default preference of a
> static route.
Why would it be cleaner?
The static route is basically used to pull-up the aggregate
into BGP. Th
On Friday, November 25, 2011 12:04:04 AM Oliver Boehmer
(oboehmer) wrote:
> But have you thought about orignating the aggregates you
> advertise to the Internet (and customers) via some
> central routers in your core, for example some RRs,
> instead of on the edge(s)? This way you will never
> ad
On Monday, November 28, 2011 10:09:43 PM Christian Meutes
wrote:
> - the source of the pings *must* be a loopback
> - the packet size must be between 4 and 7 Byte less than
> the configured MTU
> - there needs to be another ME3600X acting as LSR between
> the ping source and ping destination (A-B
On Friday, November 25, 2011 04:45:03 AM Gert Doering wrote:
> Sure. As soon as a L3 interface comes into the mesh, you
> need to have synchronized MTU settings among all devices
> involved, otherwise... *bang*
This mostly affects 3x types of switches:
1. A switch that supports large MT
On Monday, November 28, 2011 10:46:42 PM Cory Ayers wrote:
> FWIW We've seen the same static route name behavior with
> 3560s running 12.2(50)SE. Occasionally the names
> disappear from the routes. You can re-apply the
> configuration from Rancid to put them back, and at some
> point later they
On Saturday, November 26, 2011 12:01:35 AM Keegan Holley
wrote:
> There's no family aggregate in cisco. That's one of the
> reasons people buy junipers in the first place.
Definitely not us :-).
If we're dying for such a feature and it's the only thing
standing between us and a Cisco, and the
Mark,
> We've also been struck by an interesting one that Cisco
> still can't figure out. Initial configuration contains the
> 'name' option to the 'ip route' command. Log into the
> switch, make a change, and the 'name' portion disappears. We
> caught this on RANCID, showed it to Cisco, but they
Hi Waris,
On Sun, 27 Nov 2011 12:23:45 -0800, Waris Sagheer (waris) wrote:
I suspect it may be built in default control plane policers kicking
in
to protect the CPU.
If it's really a policer, then I would be a bit surprised about the
reasons why it needs the following conditions to be true t
On Wednesday, November 23, 2011 07:48:44 AM Ankur Mittal
wrote:
> What I am mainly concerned about is the service instance
> / bridge domain model that was introduced in the whales
> version. Have you found any weird behaviour with doing
> simple VLAN manipulation or Q-in-Q and the QoS
> classifi
On Wednesday, November 23, 2011 02:16:22 AM Ankur Mittal
wrote:
> Anyone out there tried the new IOS 15.1(2). Currently we
> are running 12.2(52) and wondering if we should be
> upgrading it 15.1(2) in production. Release notes
> mentioned a lot of open caveats rather than the fixed
> ones.
Stil
On Tuesday, November 22, 2011 05:55:09 PM Gert Doering
wrote:
> Can you give some more details on that? You really have
> IPv6-only customers?
Not yet :-). Only test subjects, today.
We're anticipating this scenario when we serve up our final
v4 address to customers. Projection is about 2 - 3
On Wednesday, November 23, 2011 11:50:39 AM Jeff Bacon
wrote:
> That might be an ideal end-game. I still need to finish
> flushing out EIGRP, though, and it's a
> continuously-in-flux network - we keep adding sites and
> kit and vendor connections seemingly as fast as we have
> time to string it
32 matches
Mail list logo
