This might help:
http://www.nil.com/ipcorner/LoadBalancingBGP/
Ivan Pepelnjak
blog.ioshints.info / www.ioshints.info
> -Original Message-
> From: Matthew Melbourne [mailto:m...@melbourne.org.uk]
> Sent: Friday, February 05, 2010 12:33 PM
> To: cisco-nsp@puck.nether.net
>
ce got all the
details ;)
Your situation might be easier as you're using default routing from the central
site, but do try to go for "BGP everywhere".
Ivan Pepelnjak
blog.ioshints.info / www.ioshints.info
> -Original Message-
> From: Jason LeBlanc [mailto
Just guessing: Local policy routing that sets DF bit on ICMP ECHO traffic
between two known IP addresses with the "set ip df 1" command within the
route-map.
Let me know if it works ;)
Ivan Pepelnjak
blog.ioshints.info / www.ioshints.info
> -Original Message-
> From:
Gert,
If I understood the original question correctly, he's an MPLS VPN customer
running BGP with his Service Provider. Unless I'm mistaken, it's somewhat hard
to run IGP on top of that, unless you build GRE or DMVPN tunnels over MPLS VPN
first.
Ivan
> This is why I suggested to make this muc
over IPSec
due to failure at one of the remote sites.
Note: You might want to use something else to detect MPLS VPN failure, for
example IP SLA between remote router and central router. This will detect a
failure anywhere in the end-to-end path.
Ivan Pepelnjak
blog.ioshints.info / www.ioshints
wn.
So (I guess) the best you can do is to catch changes in tracked object's state
with an EEM applet that clears all NAT translations.
Ivan Pepelnjak
blog.ioshints.info / www.ioshints.info
> So what is the bottom line? Is this the best that can be done with
> simple end site r
symptoms.
Many stupid implementations have disruptive end-user symptoms. Microsoft
Network Load Balancing with unknown unicast MAC addresses immediately comes to
mind ;)
Ivan Pepelnjak
blog.ioshints.info / www.ioshints.info
___
cisco-nsp mailing list
;d change the NAT
parameters of a live session, you'd lose the session anyway.
> And I would be quite happy clearing just the translations for the
> "wrong" global for all local inside translations, but syntax does not
> seem to allow that.
Write a Tcl script that does &
ecific and use "clear ip nat translation outside " to kill
only the NAT translations tied to the failed IP address.
Ivan Pepelnjak
blog.ioshints.info / www.ioshints.info
> -Original Message-
> From: Joe Maimon [mailto:jmai...@ttec.com]
> Sent: Sunday, January 24, 2010 5:06
You need EEM 3.1 to catch outbound SNMP traps. EEM 3.1 is (at the moment) only
available in IOS release 15.0M.
Ivan Pepelnjak
blog.ioshints.info / www.ioshints.info
> -Original Message-
> From: Arie Vayner (avayner) [mailto:avay...@cisco.com]
> Sent: Wednesday, January 20, 2010
Not nearly enough traffic. If you have reasonable-speed links, it's almost
impossible to saturate them with low-end routers. We tried with several
IOS-based options, including TTCP and had to fall back to embedded Linux-based
solutions.
Ivan Pepelnjak
blog.ioshints.info / www.ioshints
The MTU on PA-FE (probably) does not include MAC header and definitely does not
include CRC trailer. Otherwise the minimum value of 1500 wouldn't make sense.
> -Original Message-
> From: Tony [mailto:td_mi...@yahoo.com]
> Sent: Wednesday, January 13, 2010 8:10 AM
> To: cisco-nsp@puck.neth
erate custom SNMP trap from an EEM applet with "action snmp-trap"
command (I haven't covered that one yet in my blog).
Hope it helps
Ivan Pepelnjak
blog.ioshints.info / www.ioshints.info
> -Original Message-
> From: Walter Keen [mailto:walter.k...@rainierconnect.net]
This might help:
http://wiki.nil.com/IS-IS_in_OSI_protocol_stack
The drafts you've found deal with the fact that LLC1 packets (those that don't
use Ethertypes) cannot use the "length" field higher than 1500 (otherwise the
differentiation between LLC1 and Ethernet-II breaks down).
Ivan
> -
/28 would be most likely filtered (even if you direct upstream
> >would send it through).
> >Arie
>
> Thanks arie, will keep it in mind.
>
> On Tue, Jan 5, 2010 at 5:00 PM, Ivan Pepelnjak wrote:
>
> > Are you trying to do destination-based routing (packet TO speci
Are you trying to do destination-based routing (packet TO specific address
should go over specific link) or source-based routing (packet FROM specific /28
should go over specific upstream link)?
> -Original Message-
> From: Dracul [mailto:chris.gar...@gmail.com]
> Sent: Tuesday, January
Let's back a step and ask the questions we should have been asking in the first
place:
* Are you an end-user or a Service Provider (somewhat reliable answer could be
gleaned from Drew's e-mail address)?
* What's the size of your network?
* How many uplinks do you have?
* How far apart are your u
> There will be Lots Of Fun when IPv4 runs out, and whole new markets
> of DSL customers (as in India, China, Arabia...) will not be able to
> access web sites from vendors that have no IPv6 reachability. Goodby,
> sales to that region...
Not gonna happen. Unfortunately there's so much stuff on
> > > > RPF check?
> > >
> > > won't help for "customer A is 10.0.0.1, customer B is 10.0.0.2,
> > > your router interface is 10.0.0.254/24".
> >
> > This is debatable as the host routes point to various L3
> interfaces ...
>
> Well, *if* you have "various L3 interfaces", *then* RPF is
> go
> > Well, I think that it's reckless to spend 4 globally routable IP
> > addresses instead of 1 per customer, when all you do is save a few
> > minutes of time per installation.
>
> As I said: our customers usually use many more IP addresses
> than just one.
>
> And, of course, you're welcome
> On Wed, Aug 26, 2009 at 04:21:52PM +0200, Ivan Pepelnjak wrote:
> > RPF check?
>
> won't help for "customer A is 10.0.0.1, customer B is
> 10.0.0.2, your router interface is 10.0.0.254/24".
This is debatable as the host routes point to various L3 interfac
> Actually... It did hurt somewhat :-/. Previous IOS that we
> were running (7600 SXx and SRBx) were injecting type 7.
> However, that behaviour changed with SRD2 and it injects
> both. Naturally, type 3 wins.
I wrote the article more than a year ago and the 12.4T behavior at that time
was the
RPF check?
> -Original Message-
> From: Mikael Abrahamsson [mailto:swm...@swm.pp.se]
> Sent: Wednesday, August 26, 2009 3:53 PM
> To: Gert Doering
> Cc: cisco-nsp@puck.nether.net
> Subject: Re: [c-nsp] Large networks
>
> On Wed, 26 Aug 2009, Gert Doering wrote:
>
> > So how do you prev
> Generally, putting each customer into a dedicated layer 3
> network segment is a good idea - because half of the attacks
> that a hacked server belonging to "customer 1" might do to a
> server from "customer 2" (ARP spoofing, IP address spoofing
> [-> blaim goes to customer 2], HSRP attacks t
> ABR's appear to be injecting both the type 3 and type 7.
> AHave I gone mad, or I need to hit back the books?
It depends :) Actually you've asked for it. The "no-summary" part of NSSA
statement generates type-3 default and the "default-information originate"
generates type-7 default. See the "N
"ip name-server VRF name address" specifies the DNS server to use for
operations in the specified VRF (for example, when doing traceroute, telnet
or ping on the PE-router within the VRF).
A bit more is written here:
http://www.cisco.com/en/US/docs/ios/12_4t/ip_addr/configuration/guide/tvrfdn
s.ht
Running the "telnet" command does not work too well (although it might work
a bit better from Tcl EEM policy than from tclsh).
http://blog.ioshints.info/2007/10/you-cannot-start-telnet-session-from.html
However, you can open a TCP socket (to telnet port) from Tcl and issue the
commands. You could
The router still belongs to the same area as it did before and would thus
advertise the area's prefix into L2 due to its own NET.
Remember the major difference between OSPF and IS-IS: A router (not an
interface) belongs to an area and a router (not an interface) has a NET.
Ivan
http://www.ioshi
>I've tried all manner of options but
> have yet to be successful NAT'ing between the global inside
> and outside FVRF.
Did you use classic NAT (ip nat inside ... commands) or NAT Virtual
Interface (ip nat enable ... commands)? NVI works better in VRF environment.
Ivan
http://www.ioshints.inf
http://wanem.sourceforge.net/
You can download an ISO image that boots off the CD. It can be used on a PC
with two interfaces (emulating a router) or with a bit of static-route
trickery on the end hosts.
Worked perfectly for me when I had to do similar tests.
Ivan
http://www.ioshints.info/abou
It's probably easier to use the NAT Virtual Interface ("ip nat enable"
instead of "ip nat inside|outside") in a VRF environment. You also don't
need NAT-on-a-stick with NVI.
Ivan
http://www.ioshints.info/about
http://blog.ioshints.info/
> -Original Message-
> From: Andy Saykao [mailto:a
First of all, you should use policing, not shaping. Although it's not as
user-friendly, it's not CPU-intensive (shaping is). See this article for
potential drawbacks:
http://wiki.nil.com/Policing_vs_shaping
A very simple implementation would push the policing rules to virtual access
interfaces th
Absolutely, with EEM 3.0 an applet can be triggered with an SNMP trap or
inform. The details are here (although the article describes a slightly
different task):
http://wiki.nil.com/Trigger_EEM_applets_with_SNMP_Informs
However, are you absolutely positive there is no other way to get what you
ne
@Luan: Thanks for the link :))
@Joe: if you have EBGP sessions with the core MPLS VPN network, you're
losing the BGP cost community (resulting in the EIGRP-related redistribution
issues). It might be possible to tweak the WEIGHT attribute on the PE
routers (the routes redistributed into BGP have v
You can do it with EEM 3.0 (12.4(22)T if I'm not mistaken). Unfortunately I
haven't been writing about this feature yet, but here's a sample applet that
compares DHCP-acquired address to the previously-acquired one, maybe it will
come handy:
event manager applet DetectDHCPChange
event syslog pat
Much easier: run multihop EBGP session between Customer and ISP2 (plus the
regular EBGP session Customer-ISP1). Just make sure something reachable
within ISP1 is announced as the next-hop.
> -Original Message-
> From: jack daniels [mailto:jckdaniel...@gmail.com]
> Sent: Monday, August 10
table with the
"distribute-list in".
Ivan
http://www.ioshints.info/about
http://blog.ioshints.info/
> -Original Message-
> From: Jeremiah Best [mailto:jb...@zyedge.com]
> Sent: Thursday, August 06, 2009 6:13 PM
> To: Ivan Pepelnjak; sk...@skoal.name; '
Just make sure you configure the "distribute-list in" on ALL OTHER routers
in the area, otherwise you'll get some hard-to-troubleshoot loops or
blackholes.
Ivan
http://www.ioshints.info/about
http://blog.ioshints.info/
> -Original Message-
> From: Gergely Antal [mailto:sk...@skoal.name]
OSPF does not work across unnumbered VLAN subinterfaces.
http://wiki.nil.com/Unnumbered_Ethernet_VLAN_interfaces#Limitations
Ivan
http://www.ioshints.info/about
http://blog.ioshints.info/
> -Original Message-
> From: Michael Ulitskiy [mailto:mulits...@acedsl.com]
> Sent: Monday, Augu
Gentlemen, you forgot about IDRP (http://www.javvin.com/protocolIDRP.html).
You can already transport IPv4 and IPv6 over CLNS, this is the next logical
step :D
> -Original Message-
> From: Justin Shore [mailto:jus...@justinshore.com]
> Sent: Tuesday, July 28, 2009 6:57 PM
> To: Hank Nuss
> is it really that simple? Will VRF-lite work without actually
> using BGP or MPLS? Are there docs somewhere in the Cisco
> spiderweb which are clearer on the topic than the ones which
> are part of the SX doc train?
Yes, it's that simple. You don't need MP-BGP or MPLS for VRF lite to work.
Yo
It's actually quite simple: you need an EEM applet that triggers on X
occurences of a well-known SYSLOG message (OSPF neighbor going down) within
Y seconds, modifies the configuration (to insert "passive-interface X" into
the "router ospf Y") and alerts the operators via an e-mail.
You'll find a f
Just configure "network 0.0.0.0 0.0.0.0" in your BGP process. Whenever
there's a default route in the IP routing table, BGP will advertise it. More
details in:
http://wiki.nil.com/BGP_default_route
http://blog.ioshints.info/2007/11/bgp-default-route.html
Ivan
http://www.ioshints.info/about
http
> To: 'Mateusz Blaszczyk'; 'Ivan Pepelnjak'
> Cc: cisco-nsp@puck.nether.net
> Subject: RE: [c-nsp] OSPF NSSA question
>
> I'm not sure filtering 'out' would work. Three routers all
> have one interface, each connecting to the ABR (which has
>
Are the VOICE and DATA traffic going to distinct servers? If that's the
case, you can tweak the BGP route selection policy on the CE router. See
this article for an example (not too far off from what you're looking for):
http://www.nil.com/ipcorner/ScalablePolicyRouting/
If you cannot distinguish
You're probably looking for the "ip ospf database-filter all out" command.
And there can be more than one router in the OSPF stub area.
Ivan
http://www.ioshints.info/about
http://blog.ioshints.info/
> Ok thanks. that answers my question. It's not a big deal, I
> just was wondering.
>
> As
Tcl doesn't have "expect" but it does have "typeahead" which you can
probably use to feed the input to Ping command.
http://wiki.nil.com/Insert_responses_to_command_prompts_in_Tclsh
http://wiki.nil.com/Tclsh_on_Cisco_IOS_tutorial
Ivan
http://www.ioshints.info/about
http://blog.ioshints.info/
You cannot block HTTPS on the router with anything but the IP-based access
lists because (by definition) the HTTP request (which the URL filter,
content filter or NBAR recognizing HTTP uses) is encrypted.
If you want to block HTTPS requests for particular hosts, you need a HTTP
proxy which interce
CE-PE subnets are part of VRF and thus cannot be inserted into the core IGP,
only in MP-BGP. It's way easier (and more scalable) to redistribute them
than to list them in the per-VRF BGP configuration.
Ivan
http://www.ioshints.info/about
http://blog.ioshints.info/
> -Original Message-
>This is good advice for newer machines but I've got a UBR
> 924 with 12.1T code on it - 'no service password-recover'
> isn't an option for me. Which config-register setting will do
> what I need?
None. You cannot disable break during the first minute (or so) with a config
register.
> See
Just make sure you test the feature (for each ROMMON release you're using)
with a known enable password first. It's somewhat impossible to break into
some ROMMON versions.
http://blog.ioshints.info/2007/12/recovering-from-disabled-password.html
Ivan
http://www.ioshints.info/about
http://blog.io
You'll probably find enough details here:
http://wiki.nil.com/Multihomed_MPLS_VPN_sites_running_EIGRP
If that's not the case, let me know and I'll fix the article.
Ivan
http://www.ioshints.info/about
http://blog.ioshints.info/
> -Original Message-
> From: Derick Winkworth [mailto:dwi
More specifically ... SOHO multihoming solutions (includes object tracking
and reliable static routing)
http://wiki.nil.com/Small_site_multihoming
More reliable static routing tricks:
http://blog.ioshints.info/search?q=reliable+static
More DHCP-related tricks:
http://blog.ioshints.info/search/
You'll find a lot of information about IP Event Dampening here:
http://www.nil.com/ipcorner/IncreaseStability/
I haven't tried it in the EBGP scenario ... Jon, thanks for the pointer.
Ivan
http://www.ioshints.info/about
http://blog.ioshints.info/
> Is there any way to force a delay on a
> This scheme also doesn't work. I added next-hop-self on
> rtr2_RR for both peers with rtr3 and rtr4.
I haven't been following this thread too closely, but it's worth mentioning
that the next-hop is not changed on reflected routes (even if you configure
next-hop-self on the neighbor). See Notes
Almost identical setup has been discussed on Nanog mailing list in the
beginning of June. Search the archives.
XCONNECT probably won't work over the Internet without MPLS/GRE/IP setup and
then you'll hit the MTU issues.
Ivan
http://www.ioshints.info/about
http://blog.ioshints.info/
> -Orig
[mailto:blah...@gmail.com]
> Sent: Tuesday, July 07, 2009 4:31 PM
> To: Ivan Pepelnjak
> Cc: cisco-nsp@puck.nether.net
> Subject: Re: [c-nsp] IOS XR BFD
>
> Ivan,
>
> >
> > BTW, even the more "traditional" fast convergence
> techniques (internal
>
The problem you have is that there's no outbound queue forming on the Dialer
interface (PPPoE is too fast, as it goes over outside Ethernet).
http://blog.ioshints.info/2009/06/adsl-qos-basics.html
You have to apply shaping to force a queue to form. The shaping has to be
configured on the physical
> > And my question is not how I should be in this situation.
> > What is the logical explanation that BFD does not work in internal
> > neighbors?
>
> because it hasn't been developed to work in this scenario
> under XR, which is likely due because it's not a commonly
> deployed setup.
... be
> > If you're the customer (having only CE routers), this is a classic
> > primary/backup problem, only this time using BGP as the
> core routing
> > protocol.
> >
> This sounds like what I'm planning on doing.GRE for the
> routing protocolswe are on the CE end. If you could,
> p
If you're the customer (having only CE routers), this is a classic
primary/backup problem, only this time using BGP as the core routing
protocol.
If you're the provider (using MPLS between your BGP routers to offer
whatever services), you can run MPLS over GRE over IPSec on the backup link
(just
> Is there anything like this out there? Or do I have to get my
> programmers to knock it up? ;-)
Dump the BGP table, process it with PERL, generate Quagga configuration and
you're done ... and don't forget to post the script when it works ;)
Here's a sample very simple Quagga configuration:
h
, June 26, 2009 3:52 PM
To: Ivan Pepelnjak
Cc: Roman A. Nozdrin; Lukas Garberg; cisco-nsp@puck.nether.net
Subject: Re: [c-nsp] passive-interface on VRF-specific OSPF process
type-2 ;)
On Fri, Jun 26, 2009 at 3:32 PM, Ivan Pepelnjak wrote:
> > while configuring an OSPF process for a VR
> > while configuring an OSPF process for a VRF on a Cisco 3550-12G
> > (running 12.2(25)SE) I notice that the command "passive-interface"
> > is unavailable. How can this be? Is there another way I can
> suppress
> > routing updates on an interface?
>
> You can put actual network commands in o
> while configuring an OSPF process for a VRF on a Cisco
> 3550-12G (running 12.2(25)SE) I notice that the command
> "passive-interface"
> is unavailable. How can this be?
Interesting ...
> Is there another way I can
> suppress routing updates on an interface?
Sure - filter inbound OSPF packe
I wanted to propose the EEM solution :)
How about Tclsh with "typeahead" command?
http://wiki.nil.com/Insert_responses_to_command_prompts_in_Tclsh
Ivan
http://www.ioshints.info/about
http://blog.ioshints.info/
> -Original Message-
> From: David Freedman [mailto:david.freed...@uk.clar
> Are you talking about OSPF reconverge time it the situation?
> If you are,
> the answer is 4 x OSPF hello timer configured on interfaces.( by
> default: 40 secs for broadcast-multiaccess and
> point-to-point and 120 secs for NBMA links).
Plus (worst case) the LSA origination timer (default:
You could use unnumbered Ethernet VLAN subinterfaces assuming your IOS
release supports them (or you could get your gear upgraded to a release that
does ... I am utterly confused when faced with Catalyst IOS releases):
http://www.cisco.com/en/US/docs/ios/12_3t/12_3t4/feature/guide/gtunvlan.html
I
Just guessing: for PBR you need netflow-like TCAM entries, so the first
packet in the flow is always processor-switched and then the subsequent
packets can be hardware-switched. Does this make sense to the switching
gurus?
Ivan
http://www.ioshints.info/about
http://blog.ioshints.info/
> -Or
See also http://wiki.nil.com/OSPF_default_routes for more details.
Best regards
Ivan
http://www.ioshints.info/about
http://blog.ioshints.info/
> -Original Message-
> From: Geoffrey Pendery [mailto:ge...@pendery.net]
> Sent: Friday, June 19, 2009 2:36 PM
> To: ying-xiang
> Cc: cisco-ns
The last time I've seen discussion on this topic, you had to have an
external back-to-back connection between a VRF interface and a global
interface.
> -Original Message-
> From: Clue Store [mailto:cluest...@gmail.com]
> Sent: Tuesday, June 16, 2009 4:18 PM
> To: cisco-nsp@puck.nether.ne
Could be yet another prompt-related EEM bug. See
http://blog.ioshints.info/2008/02/fix-bugs-in-eem-action-cli.html
http://blog.ioshints.info/2007/12/execute-cli-commands-with-prompts-in.html
Use the EEM debugging (debug event man action cli) to verify what's going
on.
Ivan
http://www.ioshints
> The obvious answer is to restrict the use of the shutdown command.
> Unfortunately the technicians that often make the mistakes
> have to be able to use the command to shut down Serial or
> Ethernet interfaces in the course of their work.
Something along the lines of this EEM Tcl policies:
ht
> PBR by its nature is operationally brittle and ugly; if
> there's another way to accomplish one's goal, it's generally
> best to pursue an alternate method, if at all possible.
Absolutely forcefully agree :) While this is a bit off-topic here's an
example of what you can do with a distance-vec
Haven't tried the server-based configuration yet (it only works on ISRs),
here's what you can do locally:
http://wiki.nil.com/Local_Content_Filtering_in_Cisco_IOS
Best regards
Ivan
http://www.ioshints.info/about
http://blog.ioshints.info/
> -Original Message-
> From: Jay Nakamura [mai
The only reason I could see for this behavior is the per-platform specific
IP packet processing on the egress PE router.
Obviously the difference between the 7300 and the ASR is the exact moment at
which the TTL is decrememented in the switching path. Based on your
description, ASR decrements TTL
Absolutely agree with Bruce. For your particular setup, it would be best to
use two pseudowires (A-B and B-C) and run your own routing protocol over
them. This would (worst case, try to avoid) also allow you to transport
non-IP LAN data between sites (I don't know what DS8100 can do). However,
keep
Let's be more precise. There is no publicly known way to remove a
non-private AS number from AS-path on a device running Cisco IOS ... but you
could always adapt Quagga source code to your needs.
As pointed out by previous replies, tweaking AS-PATH is a really bad idea.
BGP has numerous other tool
Pointers to everything you've ever wanted to know (and probably a lot of
what you don't want to know :)
http://wiki.nil.com/Small_site_multihoming
Hope it helps
Ivan
http://www.ioshints.info/about
http://blog.ioshints.info/
> -Original Message-
> From: Roy [mailto:r.engehau...@gmail.c
I absolutely agree with Charles ... although not on the "provider will give
you the necessary details" part. I've seen some service providers that were
somewhat inadequate in that respect (trying to be diplomatic :).
You might find some of the links/videos on my BGP resource center useful:
http:/
Dynamips (which is under the hood of GNS3) could be used to emulate IOS
switching behavior as long as what you're trying to do is supported on the
routers. If you're testing standard spanning tree, Dynamips should be just
fine (you'll just configure routers as bridges).
OPNET is a great network si
If the "local-as" feature is what you're looking for, this might help you
get started:
http://wiki.nil.com/Network_migration_or_merger_with_BGP_Local-AS_feature
Unfortunately I haven't covered the "replace-as" functionality yet, but
Arden has written a short article a while ago that covers it:
Your CPU is @ 70%, 25% of those spent in interrupt (CEF) packet switching
(the difference between 68% and 43% in the five-second figures), yet the IP
Input uses only 16%. There might be something else going on?
Ivan
http://www.ioshints.info/about
http://blog.ioshints.info/
> -Original Messa
Outbound traffic traverses the DMZ segment twice (FW -> R2 -> R1).
Inbound traffic traverses the DMZ segment once (R2 -> FW).
The difference is that FW has no idea where to send the traffic (follows
default route), whereas R2 knows the internal network is reachable through
the FW.
Hope this helps
An EEM applet can be triggered only by a single condition. If you want to
trigger it from the command line (with the "event man run" command), it
cannot be triggered by anything else, so it must have "event none"
pseudo-trigger.
The "event none" is used to indicate that "no trigger" is actually wh
The "drops" keyword expects a regular expression. You should use "fem"
instead of "*fem" (or maybe ".*fem").
Ivan
http://www.ioshints.info/about
http://blog.ioshints.info/
> -Original Message-
> From: Manu Chao [mailto:linux.ya...@gmail.com]
> Sent: Wednesday, April 01, 2009 12:26 PM
If you put each subnet in a VLAN, you could use interface counters.
Unfortunately, life is rarely so simple.
> -Original Message-
> From: char...@thewybles.com [mailto:char...@thewybles.com]
> Sent: Monday, March 30, 2009 10:15 PM
> To: Mohammad Khalil; cisco-nsp-boun...@puck.nether.net;
If all you need is to track whether you can ping the directly connected IP
address and react on the tracked object "down" status, you can use EEM with
the "event track X state up|down" trigger.
See the "Not so very static routes" section in this article
http://www.nil.com/ipcorner/SmallSiteMultiHo
> http://www.cisco.com/en/US/tech/tk543/tk545/technologies_tech_note0918
> > 6a00800b2d29.shtml
>
> Basically, the virtual interfaces "do not implement the
> "back-pressure algorithm" necessary to signal that excess
> packets should be queued by the Layer 3 (L3) queueing system."
>
> Ok, so I'm
much out of the DSL line as possible.
Best regards
Ivan
> -Original Message-
> From: Tim Franklin [mailto:t...@pelican.org]
> Sent: Tuesday, March 24, 2009 1:57 PM
> To: Ivan Pepelnjak
> Cc: 'John Lange'; 'Cisco NSP'
> Subject: Re: [c-nsp] Needs some h
> I have crafted and applied some rules which I thought would
> prioritize traffic from an 871w (via ADSL) to one specific
> host. The idea is that any traffic destined to this host
> should be prioritized over all other traffic.
What is your upstream connection? If you're using PPPoE, you won'
Did some tests on the NON-EXIST-MAP with 12.2SRC. I was spreading wrong
rumors, time to fix them:
* The route-map checks the routes in the BGP table (_not_ in the IP routing
table). Dale was right.
* It can take a while for the routes to be advertised/withdrawn; the
non-exist-map is checked only a
the IP routing
table :).
Ivan
_
From: Burak Dikici [mailto:bdik...@gmail.com]
Sent: Sunday, March 15, 2009 8:19 PM
To: Ivan Pepelnjak
Cc: Mateusz Blaszczyk; cisco-nsp@puck.nether.net
Subject: Re: [c-nsp] BGP conditional advertisemet - NON-EXIST route
map'saccess-list problem
Hi
You can't use "permit any" because it would match any route in the IP
routing table (including the connected interfaces). The access list used in
NON-EXIST-MAP is used on the IP routing table, not on the BGP table (that's
why the AS path doesn't work either).
Ivan
> -Original Message-
> F
Tcl/TK: A developer's guide
http://www.msen.com/~clif/DevGuide.html
A bit more advanced book when you want to go slightly beyond the basics. I
wasn't too happy with it, but it did the job.
Ivan
> -Original Message-
> From: Justin Shore [mailto:jus...@justinshore.com]
> Sent: Friday, Mar
, the Command Lookup Tool is a great place to start;
you can even install it in your browser's toolbar.
Best regards
Ivan
_
From: Deric Kwok [mailto:deric.kwok2...@gmail.com]
Sent: Tuesday, March 03, 2009 9:26 PM
To: Ivan Pepelnjak
Cc: cisco-nsp@puck.nether.net
Subject: Re: [c-nsp
Your original message indicated you had a router. Based on Cisco's
documentation tclsh doesn't work on most Catalyst switches.
Best regards
Ivan
_
From: Deric Kwok [mailto:deric.kwok2...@gmail.com]
Sent: Tuesday, March 03, 2009 2:22 PM
To: Ivan Pepelnjak
Cc: cisco-nsp@puck.
To get the top CPU consumers, use the "show proc cpu sorted" command. You're
probably experiencing increase in "interrupt CPU usage" (packet forwarding),
which is the second number in the "CPU utilization for five seconds" field
in the top line.
To get continuous CPU utilization display (similar t
> ok. Thanks. Well, I just miss the way Juniper shows things,
> the level of details. Juniper would display the next hop that
> it is carried in the BGP Update message.Marlon
Different EBGP neighbors might receive different next-hops in their updates.
Cisco IOS always displays what's in its BGP
99 matches
Mail list logo