Re: [c-nsp] redirecting links to a given web page question

If you have the dollars to spend, companies such as Front Porch and PerfTech have some good solutions for this. There's also Cisco L4 redirect and ISG captive portal that you can also look at. I had a look at some of this technology in a similar post. http://puck.nether.net/pipermail/cisco-bba/

[c-nsp] MIB to monitor EoMPLS xconnect

Hi All, Is there a MIB to monitor the status of the EoMPLS xconnect as being UP or DOWN??? core1#sh mpls l2transport vc Local intf Local circuitDest addressVC ID Status - --- -- -- Gi2/14 Ethernet

[c-nsp] Connecting remote pops with EoMPLS?

Hi All, Not sure if I'm on the right track but I want to put pc-2 on the same ethernet segment (ip subnet) as pc-1. How do I accomplish this? Should I be looking at EoMPLs? Network Topology: pc-1 -> switch-1 ->7606-1 <---> 7606-2 <-- switch-2 <-- pc-2 - All the "1' devices are geographically se

Re: [c-nsp] Service Provider products

Hi Jack, I used a multitue of books and online tutorials/labs when designing our MPLS network. I found this an excellent introduction into the basics of MPLS: MPLS Fundamentals By Luc De Ghein This hands on lab really helped me put everything together. Human Modem's MPLS Series - Vol. 2 - MPLS

[c-nsp] [Resolved] Strange SSH lag with ACL applied

rsday, 7 January 2010 2:16 PM To: Andy Saykao; cisco-nsp@puck.nether.net Subject: RE: Strange SSH lag with ACL applied >From Host A, is traffic allowed to your DNS servers in your ACL? If not, the delay might be a reverse DNS lookup timing out. > -Original Message- > From:

[c-nsp] Strange SSH lag with ACL applied

Hi All, I have what seems like a trivial problem but can't figure out what's causing it. I am trying to SSH from Host A (210.15.210.x) to Host B (203.12.53.x). Host B is in VLAN2 and there's an ACL on VLAN2 that denies external IP's from accessing it. What I'm finding is that when I apply the

Re: [c-nsp] QoS for different types of internet customers

hat you're saying. -Original Message- From: Arie Vayner (avayner) [mailto:avay...@cisco.com] Sent: Monday, 30 November 2009 12:54 AM To: Andy Saykao; cisco-nsp@puck.nether.net Subject: RE: [c-nsp] QoS for different types of internet customers What could be done is to build a few pro

Re: [c-nsp] QoS for different types of internet customers

Sorry to diverse a bit from this discussion, but for customers on the Gold plan such as the one mentioned by Will, do you just prioritize their voip/video traffic so this traffic goes into the LLQ??? What happens to their other traffic - how will it be handled by the QoS policy? Cheers. Andy ---

[c-nsp] tacacs+ versions

Hi All, For those running tacacs+, are you using the version from www.shrubbery.net/tac_plus/ or the version from www.networkforums.net? I've played with both and like the version from www.networkforums.net because it's pac

[c-nsp] debug mpls packet

Hi All, Does anyone know what the middle number represents in a "debug mpls packet" ( eg: {7963 6 254} )? I can't find this information anywhere. router#debug mpls packet gigabitEthernet 0/2 Packet debugging is on on idb GigabitEthernet0/2 router# Nov 17 16:26:07.670 AEDT: MPLS turbo: Gi0/2: r

Re: [c-nsp] Can not establish MP-BGP sessions

This has been resolved. Thanks for everyone's help. Turns out it was something within our Provider's network which does the backhaul for us that had some mac-access group configured on their switch and was blocking the PE's loopbacks from communicating with each other. This email and any files t

Re: [c-nsp] Can not establish MP-BGP sessions

AM To: Andy Saykao Cc: Alex; cisco-nsp@puck.nether.net Subject: Re: [c-nsp] Can not establish MP-BGP sessions What is the HW on both ends? Possible one has a bug that is causing headaches. On Mon, Nov 16, 2009 at 08:51, Andy Saykao wrote: Hi Alex, 1/ When "mpls

Re: [c-nsp] Can not establish MP-BGP sessions

ew protected switched ethernet circuit. Thanks. Andy -Original Message- From: Alex [mailto:ecra...@hotmail.com] Sent: Monday, 16 November 2009 5:52 PM To: Andy Saykao; cisco-nsp@puck.nether.net Subject: Re: [c-nsp] Can not establish MP-BGP sessions Hi Andy, Couple of questions: 1/ Can y

[c-nsp] Can not establish MP-BGP sessions

Hi All, We migrated a link between two pops onto a Switched Ethernet circuit and since then we can't pass MPLS VPN traffic between those two pops from PE1 to PE2 because PE1 and PE2 can not establish a MP-BGP session. - BGP log on PE1: - Nov 16

Re: [c-nsp] Troubelshooting Output Drops on 7301

Hi All, Is it bad to change the hold-queue from it's default of 40 on the Cisco 7301? I came across this article which isn't specific to the 7301, but in the article they recommended changing the hold-queue on a 1G interface to "hold-queue 1024 out". http://fasterdata.es.net/cisco.html

[c-nsp] Troubelshooting Output Drops on 7301

Hi All, We're seeing some output drops occur on one of our interstate links. Just wondering how I can track what's causing it and/or whether it's normal behaviour for the output queue to fill up every now and then because of an increase in bursty traffic at the time. Input queue: 0/75/0/0 (s

[c-nsp] Debug help with AS5400

Hi All, Just wondering if anybody has any ideas on what debug commands I should be using on the AS5400 to see why our fax server keeps receiving a busy signal. No changes have been done on the fax server and AS5400. We've tried rebooting both the fax server and AS5400 but no joy. We send fax re

Re: [c-nsp] SUP720 - 12.2(18)SXF17

We went to 12.2(18)SXF16 and got burnt by a nat bug (BUG id CSCed60335) that caused our router to continually reboot. Had to down grade back to 12.2(18)SXF11. Not sure if the nat bug has been fixed in 12.2(18)SXF17 yet. Cheers. Andy This email and any files transmitted with it are confidential

[c-nsp] Help with understanding AS5400

Hey All, I'm new to all this voice stuff... We've just installed a AS5400 and plugged the PRI's in but I'm not seeing the interfaces below show up in the config. Eg: interface Serial6/0:15 interface Serial6/1:15 interface Serial6/2:15 interface Serial6/3:15 The Carrier is seeing alarms on

Re: [c-nsp] Which IP's belong to AS1234?

Thanks to all that replied to me about this issue. A lot to digest and your feedback has been greatly apprecaited. Cheers. Andy This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. Please notify th

Re: [c-nsp] Which IP's belong to AS1234?

Thanks for the reply guys. What I'm trying to achieve is to monitor the bandwidth utilization on our Internet link. So for example we want to know how much bandwidth is being utilized by our customers so we can say "ah huh out of our 100M internet link, 90M of traffic is from youtube.com, so let's

[c-nsp] Which IP's belong to AS1234?

This might be a silly question but is there a tool somewhere that will give me a list of IP's that are owned by a particular AS. As an example, I might want to know which IP blocks belong to AS1234? Thanks. Andy This email and any files transmitted with it are confidential and intended sole

Re: [c-nsp] Router logs going to dmesg

Thanks John. Your suggestion did the trick. Much appreciated. Cheers. Andy -Original Message- From: John Kougoulos [mailto:k...@intracom.gr] Sent: Monday, 21 September 2009 6:03 PM To: Andy Saykao Cc: cisco-nsp@puck.nether.net Subject: Re: [c-nsp] Router logs going to dmesg Hello

[c-nsp] Router logs going to dmesg

Hi All, I'm trying to send cisco logs to a syslog server running Solaris 9. It's logging fine except that I'm seeing some logs showing up in dmesg. Example of a dmesg outout: Sep 21 13:44:16 [172.16.9.18.224.173] 3297: Sep 21 13:44:15.981 AEST: %LINK-3-UPDOWN: Interface GigabitEthernet0/45,

Re: [c-nsp] AnyConnect VPN client, IOS, and Vista

Jay, I've been doing some testing with WebVPN and AnyConnect client and have had no problems with Vista honouring the certificate. I'm using a 7301 as the SSL/WebVPN Gateway running IOS 12.4(24)T1. My config resembles your config somewhat. Below I've shown the relevant parts of my config. crypto

[c-nsp] Is Cisco SLB vrf aware?

Does anyone know if Cisco SLB is vrf aware??? Can't seem to find much information on it which is leading me to believe it's not vrf aware. Trying to implement this on Cisco 7301 running 12.2(18)S13. Thanks. Andy This email and any files transmitted with it are confidential and intended sole

Re: [c-nsp] MST and Uplinkfast

and enable bpduguard. No need to configure anything on the 3750's (although it would be best practice to also define these access ports as edge ports). Cheers. Andy -Original Message- From: Lincoln Dale [mailto:l...@cisco.com] Sent: Friday, 28 August 2009 12:07 PM To: Andy S

Re: [c-nsp] MST and Uplinkfast

Hi All, I have noticed that with MST and rapid failover that those ports which are not boundary ports or do not have portfast enabled go through the blocking, listening and learning states again before forwarding. Here's me shutting off the primary link Gi0/49. You can see the redundant link on G

Re: [c-nsp] MST and Uplinkfast

09 4:49 PM To: Andy Saykao Cc: cisco-nsp@puck.nether.net Subject: Re: [c-nsp] MST and Uplinkfast The fact that Rapid STP is an active protocol (rather than the old listen / learn / wait) implies that workarounds like uplinkfast are nolonger required. MST uses RSTP as the STP within the instances a

[c-nsp] MST and Uplinkfast

Hi All, Can anybody confirm if uplinkfast is enabled when you run MST? http://www.cisco.com/en/US/products/hw/switches/ps708/products_configura tion_example09186a00807b075f.shtml "The spanning tree uplinkfast and backbonefast features are PVST+ features, and it is disabled when you enable MST

Re: [c-nsp] NAT-ON-A-STICK for VRF Traffic

ete. Not sure why all the hops don't show up when I do a traceroute from either CE's Thanks. Andy -Original Message- From: Ivan Pepelnjak [mailto:i...@ioshints.info] Sent: Monday, 17 August 2009 11:42 PM To: Andy Saykao; cisco-nsp@puck.nether.net Subject: RE: [c-nsp] NA

Re: [c-nsp] Nat Virtual Interface

Sorry...fixed...after more googling, found that you can view the nat translation with: test-mpls-cr#sh ip nat nvi translations Pro Source global Source local Destin local Destin global tcp 74.125.109.25:80 74.125.109.25:80 210.15.230.x:1129 192.168.2.2:1129 tcp 74.125.

[c-nsp] Nat Virtual Interface

Are we suppose to be able to view the nat translations taking place when using a NAT Virtual Interface. Here's me pinging google using a NVI, but I can't see any NAT translations taking place The translation must be taking place because my PC has address of 192.168.2.2 (gets natted to 210.15.2

Re: [c-nsp] NAT-ON-A-STICK for VRF Traffic

Worked it out...had the wrong NAT statement. Change from: ip nat inside source list NSTEST-NAT-ACL pool NSTEST-NAT-POOL vrf NSTEST overload Change to: ip nat source list NSTEST-NAT-ACL pool NSTEST-NAT-POOL vrf NSTEST overload Thanks. Andy -Original Message- From: Andy Saykao Sent

Re: [c-nsp] NAT-ON-A-STICK for VRF Traffic

enabled" can be used in a MPLS L3 VPN enviroment and whether I've set up the NAT-PE correctly??? Thanks. Andy -Original Message- From: Ivan Pepelnjak [mailto:i...@ioshints.info] Sent: Monday, 17 August 2009 11:42 PM To: Andy Saykao; cisco-nsp@puck.nether.net Subject: RE: [

[c-nsp] NAT-ON-A-STICK for VRF Traffic

I want to set up a NAT-PE Internet Gateway and NAT vrf traffic using NAT-ON-A-STICK. Is this possible? Easy enough to do when it's IP traffic using policy-based routing as per this article: http://www.cisco.com/en/US/tech/tk648/tk361/technologies_tech_note09186a 0080094430.shtml Just wonderi

[c-nsp] Trying to collect flows for NAT VRF aware traffic

Hi All, I've set up an MPLS L3 VPN Internet Gateway on one of our PE routers and need some ideas on how to collect netflow for public IP's in the NAT-POOL so we can bill the customer for usage. We are using NAT VRF aware as seen by the config below. ---

Re: [c-nsp] soft-disco/redirection

We use SSG which is what Arie's talking about in this previous email. You basically tunnel users who haven't paid their bill to a SSG LNS router and lock them down to the dns and url's they can access. You can read more about what some people do from this older post: http://puck.nether.net/piperm

Re: [c-nsp] How to monitor ipsec tunnel

Cheers. Andy -Original Message- From: biwh...@gmail.com [mailto:biwh...@gmail.com] On Behalf Of Ben White Sent: Friday, 31 July 2009 5:43 PM To: Andy Saykao Cc: cisco-nsp@puck.nether.net Subject: Re: [c-nsp] How to monitor ipsec tunnel You can get a count of the number of t

[c-nsp] How to monitor ipsec tunnel

Hi All, We've got an IPSEC tunnel configured with another provider for the exchange of some sensitive data and I wanted to know if there was a way to monitor the IPSEC tunnel to ensure it was up. We're using a Cisco 3640 running 12.2(46a). I've checked the mibs for this hardware platform an

Re: [c-nsp] vrf-lite vs. MPLS vrf

Hi Randy, I use this web page to search for past nsp posts. http://markmail.org/search/?q=cisco%20nsp#query:cisco%20nsp%20list%3Anet .nether.puck.cisco-nsp+page:1+state:facets Cheers. Andy This email and any files transmitted with it are confidential and intended solely for the use of the in

Re: [c-nsp] Strange NAT and DHCP Problem

-Original Message----- From: Andy Saykao Sent: Tuesday, 21 July 2009 2:45 PM To: 'Church, Charles'; cisco-nsp@puck.nether.net Subject: RE: [c-nsp] Strange NAT and DHCP Problem Hi Charles, Tried what you suggested but no go. no ip bootp server clear ip dhcp binding Client has obt

Re: [c-nsp] Strange NAT and DHCP Problem

harris.com] Sent: Monday, 20 July 2009 10:12 PM To: Andy Saykao; cisco-nsp@puck.nether.net Subject: RE: [c-nsp] Strange NAT and DHCP Problem The infinite DHCP entry is probably a BOOTP client, which doesn't have the concept of a lease. There are knobs (ip dhcp bootp ignore) that can turn off

[c-nsp] Strange NAT and DHCP Problem

1 Running on Cisco 7606 with IOS 12.2(18)SXF11. Thanks. -- Regards, Andy Saykao Systems Administrator Netspace Online Systems Pty Ltd Phone : 03 9811 0049 Mobile : 0401 422 406 Fax : 03 9811 0044 E-Mail : andy.say...@staff.netspace.net.au mailto:andy.say...@staff.netspace.net.au

Re: [c-nsp] Can you apply crypto map to SVI

Hi Ge, This is being implemented on a Cisco 7606 (SUP720) running 12.2(18)SXF16. Thanks. Andy -Original Message- From: Ge Moua [mailto:moua0...@umn.edu] Sent: Wednesday, 17 June 2009 2:15 PM To: Andy Saykao Cc: cisco-nsp@puck.nether.net Subject: Re: Can you apply crypto map to SVI

Re: [c-nsp] Can you apply crypto map to SVI

t: Tuesday, 16 June 2009 7:03 PM To: Andy Saykao Cc: cisco-nsp@puck.nether.net Subject: Re: [c-nsp] Can you apply crypto map to SVI Yes, this should work contigent on hw plaform. If you do a "sh cry engine" do you see an active crypto engine in sw or hw? If not then the crypto commands w

[c-nsp] Can you apply crypto map to SVI

Hi All, Got a problem with a site-to-site IPSEC vpn implementation where one end is using SVI. Does any body know if a crypto map can be applied to a SVI to bring up the IPSEC tunnel? It accepts the command but I can't pass any traffic to/from it. interface vlan 10 crypto map MY-MAP Or do

[c-nsp] data corruption erros on the 7606 sup-720

Anybody come across data corruption erros on the 7606 sup-720 before? What's causing them? Are they bad or can we live with them Eg: router-1#sh data-corruption Data inconsistency records for: s72033_rp Software (s72033_rp-IPSERVICESK9_WAN-M), Version 12.2(18)SXF16, RELEASE SOFTWARE (fc2

[c-nsp] Strange FLOW behaviour on ATM interface

Hi All, I have a strange flow issue for a number of our ATM customers. The config is identicle for all customers but what I'm finding is that flows for certain customers are not being collected in the download direction to the customer. 1/ Working example: Me pinging customer RED's IP (210.15

Re: [c-nsp] How to apply individual QoS policies to on an ingress Interface?

Thanks Pelle for the link. >From that link, I took a look at "Configuring MQC Support for IP Sessions" but the IOS I am using c7301-a3jk91s-mz.122-31.SB13.bin doesn't support the command to apply the service policy to. http://www.cisco.com/en/US/docs/ios/isg/configuration/guide/isg_mqc_ipse ssion

[c-nsp] How to apply individual QoS policies to on an ingress Interface?

Hi All, I know you can only have one service-policy in/out on an interface - but what if you need to rate limit mulitple IP's that transit through the interface??? A bit of background first... We have several customers (100's of them) who we handle the IP/Internet side of things for and we u

[c-nsp] Question about Multiple Spanning Tee (MST)

Hi All, Our switch network needs to be migrated from PVST+ to MST in order for our Cisco switches to be able to speak RSTP to some non-cisco switches. Given that we have a few hundred vlans configured, is there some best practice to determine how many instances we need or can we basically do what

[c-nsp] QoS Lab Recommendations

Hi All, I'm looking for some QoS hands on labs to try out - does any body have any recommendations or reference material I can use? I've got all the hardware to pretty much set up any lab I want. Is there a way or some program I can use to create (simulate) congestion on a link in a lab set up

Re: [c-nsp] Question about CBWFQ and PING times

Hi Peter, Yes, it's a SPA in the SIP-400 that we add the service-policy to. DTS and hierarchical qos should be supported as per the data sheet, and I'll bring it up with our Cisco rep to see what the deal is. > Consider the "bandwidth" parameter strictly informational. How misleading is that the

Re: [c-nsp] Question about CBWFQ and PING times

? Or does the fact that it's a GigE interface mean that the buffers never become exhausted and in theory no congestion will take place, so the "bandwidth" interface command (eventhough set) plays no real part ??? Thanks. -- Regards, Andy Saykao Systems Administrator Netspace

Re: [c-nsp] Question about CBWFQ and PING times

lto:pe...@rathlev.dk] Sent: Wednesday, 25 March 2009 12:38 PM To: Andy Saykao Cc: cisco-nsp@puck.nether.net Subject: Re: [c-nsp] Question about CBWFQ and PING times Hi Andy, On Wed, 2009-03-25 at 11:15 +1100, Andy Saykao wrote: > 1/ We have a 200mb link between two POPS that is being congested

[c-nsp] Question about CBWFQ and PING times

Hi All, Two questions... 1/ We have a 200mb link between two POPS that is being congested in the evening. Congestion is happening on the outbound direction from POP2 to POP1, so from a user's perspective in GROUP1 it would be impacting their download. [GROUP1] --> [ POP1] <--> [POP2] --> [HOS

Re: [c-nsp] NBAR support for 7600-SIP-400 ?

o mpls ip On other platforms I tested (eg: 7301), even without the "ip flow ingress", NBAR was still functioning fine. Thanks for your reply. Cheers. Andy -Original Message- From: Tolstykh, Andrew [mailto:atolst...@integrysgroup.com] Sent: Friday, 13 March 2009 2:37 AM To

[c-nsp] NBAR support for 7600-SIP-400 ?

Does anyone know if NBAR is supported on the 7600-SIP-400 (4-subslot SPA Interface Processor-400)? I've applied "ip nbar protocol-discovery" on Gig4/0/2 but do not see any matches. This is a 7606 SUP32 running 12.2(33)SRB3. interface GigabitEthernet4/0/2 bandwidth 20 ip address 203.x.x.x 25

[c-nsp] BGP Route Selection

Hi All, Just trying to get my head around why BGP prefers a certain route over others in my example below. I've read up on how BGP makes it's path selection decision but I can't follow why it hasn't chosen a route with a higher local preferences. Here's my example... Edge-Router#sh ip bgp 202.

[c-nsp] L3 MPLS VPN Question - Redundant Internet Access

Hi All, I'm trying to build some redundancy for our L3 MPLS VPN customers for Internet access. At the moment, customers gain Internet access via their Central Site. We configure a default route on the PE connecting the Central Site and use BGP to redistribute the default route to all other PE'

[c-nsp] Help with debug commands to diagnose ADSL subscribers not connecting to a non-existent VRF

Hi There, I'm trying to debug ppp packets on our LNS (NAS) for ADSL subscribers when the VRF is not yet configured on the LNS. When I set a bogus (non-existent) VRF in the Radius flat file, I woud like to see what debug error messages appear on the LNS (if any). vpntest3 Password = "

Re: [c-nsp] Load Balancing of Unequal Ethernet Bandwidth

y, 16 February 2009 6:06 PM To: td_mi...@yahoo.com Cc: Andy Saykao; cisco-nsp@puck.nether.net Subject: Re: [c-nsp] Load Balancing of Unequal Ethernet Bandwidth Alternatively if you are using BGP, have a look at BGP Link Bandwidth http://www.cisco.com/en/US/docs/ios/12_2t/12_2t2/feature/guide/ftbg

Re: [c-nsp] Load Balancing of Unequal Ethernet Bandwidth

ad-sharing algorithm uses round-robin to distribute the load and doesn't take into account whether the link has gone down or not. Cheers. Andy -Original Message- From: Tony [mailto:td_mi...@yahoo.com] Sent: Monday, 16 February 2009 6:02 PM To: Andy Saykao Cc: cisco-nsp@puck.nether.net Subj

Re: [c-nsp] Load Balancing of Unequal Ethernet Bandwidth

ying additional bandwidth for both circuits. Thanks. Andy From: Ben Steele [mailto:illcrit...@gmail.com] Sent: Monday, 16 February 2009 5:29 PM To: Andy Saykao Subject: Re: [c-nsp] Load Balancing of Unequal Ethernet Bandwidth You could do this with variance

[c-nsp] Load Balancing of Unequal Ethernet Bandwidth

Is it possible to aggregate and then load balance unequal ethernet circuits like so: I have two ethenet circuits on my Cisco router. Both have equal costs to the next hop. Ethernet Circuit #1- 200M Ethernet Circuit #2 - 100M Can I aggregate both ethernet circuits so that the total amount of ban

[c-nsp] MPLS QoS question about the HOSE model

Hi All, I'm continuing to try and understand QoS a little better in relation to applying it to our MPLS VPN network but it seems the more I read about it the more I'm confused. Not to mention the lack of configuration examples out there. I understand that we can provide two QoS solutions for MP

[c-nsp] Strange NAT Issue on 7200

Hi there, I'm trying to get NAT working on a Cisco 7204VXR (NPE-G1) but can not see any NAT translations taking place on the router. Running 12.2(31)SB13 on the router. [Internet] <- [7200 Router] <- [3560G Switch] <-- [LAN] Here is the relevant NAT config on the router. It's almost identical

[c-nsp] MPLS Question - Applying QoS using MQC

Hi All, I have just have a few questions about MQC and how to use the class-map match command to match incoming traffic from MPLS VPN customers at the PE so that we can apply the correct QoS treatment. 1/ Match Sub-Interfaces ??? For example, we have some MPLS VPN customers that are connected

Re: [c-nsp] Any good filters for syslog output (Tuc at T-B-O-H)

You can use OSSEC (http://www.ossec.net/) to monitor your log files for you. It's pretty easy to set up and then you can set up your own custom filters like below. When OSSEC finds a match in the log it will email you. For example we have OSSEC monitoring a few syslog messages like: %SEC-6-I

[c-nsp] Question about class-map, policy-map and TOS field?

Hi All, We're trying to reduce the CPU on one of our core routers (7606) by using class-map and applying the policy-map to the interface rather then the old PBR way of "ip policy route-map". Here's our current config using the PBR way of doing things: interface GigabitEthernet4/1/1 bandwidt

Re: [c-nsp] PPPoE over VRF

We use Radius to place the PPPoX connection into the appropriate VRF. Your Radius config will look something similar to this. mplstest Password = "network" Service-Type = Framed-User, Framed-Protocol = PPP, Framed-Address = A.B.C.D, Framed-Netmask = 255.25

[c-nsp] Monitoring tools for MPLS VPN customers

Hi All, We have some MPLS VPN customers waiting to come on board and have asked us about what sort of monitoring we can provide for all their sites. By monitoring I can only guess that the customer is asking us to identify when a VPN site goes down. Other desirable features might be to implement

[c-nsp] Strange cache flow seen on SB release for PPPoE/A connections

Hi All, Another interesting thing about the SB release we're using has to do with flows. After upgrading to the SB release (12.2(31)SB13) on a few production 7301 routers we noticed the usage was down for our PPPoE/A customers connecting to that router. Based on historical data, one PPPoE/A bus

Re: [c-nsp] Strange Radius Debug seen with SB Release

Good pickup Euan. Added "aaa accounting delay-start all" to fix the problem. test-lns-mel(config)#aaa accounting delay-start ? all Delay start records for all vrf and non-vrf users. vrf VPN Routing/Forwarding parameters If using "aaa accounting delay-start", it doesn't delay the accoun

[c-nsp] Strange Radius Debug seen with SB Release

Hi All, I'm doing some testing with the SB release of 12.2(31)SB13 on a 7301 that we plan to put into production to terminate L2TP connections for our MPLS VPN customers. The SB release was chosen because it has the LSP Ping and Traceroute command which is required if we want to take full advanta

Re: [c-nsp] How does the egress PE determine which VRF the VPN label is for?

Argh worked it out. The VRF is seen if you include the "detail" in the command. PE2#sh mpls forwarding-table detail | begin _44169_ 44169 Aggregate 172.16.66.2/32[V] 5752 MAC/Encaps=0/0, MRU=0, Tag Stack{} VPN route: TEST No output feature configured This email and any

Re: [c-nsp] How does the egress PE determine which VRF the VPN label is for?

nal to the PE router? Thanks. Andy -Original Message- From: Rodney Dunn [mailto:[EMAIL PROTECTED] Sent: Wednesday, 24 September 2008 11:01 AM To: Andy Saykao Cc: cisco-nsp@puck.nether.net Subject: Re: [c-nsp] How does the egress PE determine which VRF the VPN label is for? On Wed, S

[c-nsp] How does the egress PE determine which VRF the VPN label is for?

Given the scenario in which the packet has reached the egress PE, how does the router then determine which VRF the packet is destined for based on the remaining VPN label? I understand the concept of there being two labels, an IGP label and a VPN label. I'm just not sure how the egress PE is able t

Re: [c-nsp] Inter VRF Routing help needed

Hi cc loo - It took me a while to understand the difference between RD and RT's too. Most literature will have examples of where the RD and RT are exactly the same and you can't help but be confused when you see them being different and you'll start to ask yourself "what's the point of having thi

[c-nsp] Can the PE router take on multiple roles?

Hi All, We have a few spare 7301's out the back and I was thinking of using one of them to be a NAT-PE router. No biggie with doing this but I was wondering if the NAT-PE router could also take on other roles which would be beneficial in a MPLS VPN environment such as using it to act as a SSL VPN

Re: [c-nsp] MPLS VPN Question about PE-CE - Private or Public IP?

:08 AM To: Brandon Price Cc: [EMAIL PROTECTED]; Andy Saykao; cisco-nsp@puck.nether.net Subject: Re: [c-nsp] MPLS VPN Question about PE-CE - Private or Public IP? Because you can never guarantee what addresses your customers are going to use, and you can't force them to renumber, because they&#

[c-nsp] MPLS VPN Question about PE-CE - Private or Public IP?

Just wondering from those in the know, whether it's best practice to implement public or private IP's for the PE-to-CE link. What's everyone using and why? For our MPLS network, I've been asked by my Manager to use private IP's for the PE-CE link in order to give the customer the appearance that

Re: [c-nsp] IP/MPLS Design Resource

(MPLS) 2.1 - EXPRESS http://www.cisco.com/web/learning/le36/learning_partner_e-learning_conne ction_tool_launch.html -- Regards, Andy Saykao System Administrator Netspace Online Systems Ph : 03 9811 0049 Mob : 0401 422 406 Fax : 03 9811 0044 Email: [EMAIL PROTECTED] -Original Message-

[c-nsp] Setting up a Internet Gateway (NAT-PE) for MPLS VPN Customers

Hi All We are looking at providing our Layer 3 MPLS VPN customers with the option of a managed internet gateway via a NAT-PE router. This would mean that remote sites no longer have to access the internet via the Central Site model as this is the way we've been implementing Internet access for MP

[c-nsp] MPLS affecting normal IP cache flows

Hi All, I've deployed MPLS across parts of our core network and everything appears to be working fine. I've also got MPLS VPN's going which is the main reason for us rolling out MPLs in the first place. However, I've run into a problem with netflow on one of the PE routers that affects normal I