Thx,
R.
On Mon, Dec 21, 2020 at 5:03 PM wrote:
> > Robert Raszuk
> > Sent: Saturday, December 19, 2020 10:02 AM
> >
> > > As far as I know, no way to set "ineligible" from a route-map. Is
> there?
> >
> > A workaround could be to set unreacha
r with a knob.
The question to ask if you want to advertise INVALID paths around ? Even if
not best path once you enable add-paths it may be advertised.
Thx,
R.
On Sat, Dec 19, 2020 at 10:47 AM Gert Doering wrote:
> Hi,
>
> On Sat, Dec 19, 2020 at 10:13:36AM +0100, Robert Raszuk wrot
Jakob,
It has been a while, but IIRC the original idea for the validation was that
regardless if this is done by configuration enabling pre-best path
eligibility or in route map no path will be dropped. At no point in the BGP
design discussions there was a plan to automatically do any of this. So
I think Aaron maybe looking for real thing :)
For CSR there is free trial for 60-days with 100 Kbps max throughput if
that is of any help.
https://www.cisco.com/c/dam/en/us/products/collateral/routers/cloud-services-router-1000v-series/sales-tool-c96-730727.pdf
You can just download from CCO
You need eiBGP multipath for this.
https://www.cisco.com/c/en/us/td/docs/ios-xml/ios/iproute_bgp/configuration/15-s/irg-15-s-book/irg-eibgp-multipath-for-nonvrf-interfaces.html
Thx,
R.
On Thu, Aug 13, 2020 at 1:54 AM Yham wrote:
> Hello Gentlemen,
>
> I wanted to configure whether BGP
>
> One of the advantages cited for SRv6 over MPLS is that the packet contains
>> a record of where it has been.
>>
>
Not really ... packets are not tourists in a bus.
First there are real studies proving that most large production networks
for the goal of good TE only need to place 1, 2 or 3
But talking about commodity isn't this mainly Broadcom ? And is there
single chip there which does not support line rate IP ? Or is there any
chip which supports MPLS and cost less then IP/MPLS one ?
On Fri, Jun 19, 2020 at 1:22 PM Benny Lyne Amorsen via cisco-nsp <
cisco-nsp@puck.nether.net>
xes.
r.
On Fri, Jun 19, 2020 at 1:04 PM Mark Tinka wrote:
>
>
> On 19/Jun/20 12:29, Robert Raszuk wrote:
> > Saku,
> >
> > What you are saying is technically true but not realistically important.
> >
> > Why - the answer is history of PTX.
> >
Saku,
What you are saying is technically true but not realistically important.
Why - the answer is history of PTX.
It was originally designed and architected on the very basis of hardware
cost and performance when you would only need to switch at rates MPLS.
Well real world showed that you
Hi Saku,
To your IGP point let me observe that OSPF runs over IP and ISIS does not.
That is first fundamental difference. There are customers using both all
over the world and therefore any suggestion to just use OSPFv3 is IMHO
quite unrealistic. Keep in mind that OSPF hierarchy is 2 (or 3 with
>
> Anything that can support LDPv4 today can support LDPv6, in hardware.
>
While I am trying to stay out of this interesting discussion the above
statement is not fully correct.
Yes in the MPLS2MPLS path you are correct,
But ingress and egress switching vectors are very different for LDPv6 as
>
> I'm not sure why this deep label stack keeps popping, if we need
> multiple levels of tunneling, we need it in IP too, and it's almost
> more expensive in IP.
>
Well imagine you need only one level of tunneling but rich ECMP.
Then with IP encap (even MPLS app demux carried in UDP) you just
> Well, we operate a single IS-IS L2 domain across 3 continents.
>
> We use what-I'd-call aggressive IS-IS detection and convergence timers,
> in addition to BFD and LFA/IP-FRR.
>
> We do very okay.
>
No doubt.
However one network is not equal the other. Especially SP/ISP network
requirements
> Seems weird, because neither LDP or SR implies globally significant
> labels, implementation choice. What SR does imply is a continuous
> block of labels of equal size in domain.
>
LDP or MPLS LSPs require hop by hop label swapping (directly connected or
over say IP tunnels). So labels in LDP
ore aggressive hence significantly reducing connectivity restoration
times upon failures.
Many thx,
R.
On Thu, Jun 11, 2020 at 12:15 PM Mark Tinka wrote:
>
>
> On 11/Jun/20 11:57, Robert Raszuk wrote:
>
>
> Nope that was not the main reason.
>
> Main reason was the be
>
> I don't like to conflate these two; SR is great, SRv6 is horrible
> abomination. SR is what MPLS should have been day1, but it probably
> was easier to market LDP than to say 'we need to change all IGP
> protocols'.
>
Nope that was not the main reason.
Main reason was the belief that labels
Lukas,
True. But I am actually not sure why RPKI state could not just expire by
itself say every 12 months unless renewed by the owner ? Just like DNS name
fee :)
Thx,
R.
On Fri, May 8, 2020 at 12:02 PM Lukas Tribus wrote:
> Hello Robert,
>
> On Fri, 8 May 2020 at 11:42, Robe
chain cares about RPKI - this entire
story of using this for validation becomes pretty weak. And this is no
longer NOT-FOUND. You get false INVALIDs which some may apply to suppress
or drop.
Best,
R.
On Fri, May 8, 2020 at 11:32 AM Mark Tinka wrote:
>
>
> On 8/May/20 11:23, Robert Ras
, 2020 at 1:13 AM Mark Tinka wrote:
>
>
> On 7/May/20 22:55, Robert Raszuk wrote:
>
> > Hi Pierre,
> >
> > I think this is well known bug on XE.
>
> In Cisco-land, this is a feature, not a bug.
>
> That said, there
Hi Pierre,
I think this is well known bug on XE.
We just had a thread week or so back on this list.
You need to enable extended community to carry the validation state as
otherwise XE considers IBGP learned paths by default as VALID.
I think Cisco is already backporting the fixes for this -
AM Mark Tinka wrote:
>
>
> On 30/Apr/20 11:31, Robert Raszuk wrote:
>
> > The problem here is that you are all correct in a sense :) The
> fundamental
> > issue is that routing protocols today just don't know how to create
> stable
> > routing topologie
> I just don't think the topologies are realistic for BW based.
Very true.
It is like GPS putting all cars on the big and congested highway when you
have a totally empty asphalt side road next to it :)
The BW based IGP metric mapping comes from times of F/R, 64 kbps satellite
uplinks and zyxel
Hi Ben,
On XE and Classic:
> 1. you can only preform validation on eBGP-received routes;
> 2. any iBGP-received route will get marked "Valid" unless it has a 8097
> extcomm to the contrary; and
> 2. bestpath selection will prefer "Valid" to "Unknown", at the first-
> step in the selection
Right Saku - the filtering is best to be done on the ASBRs facing eBGP.
However in some topologies you may not have all paths on all ASBRs and
there you need to validate on all BGP speakers (or at least RRs). If you do
have all external paths on all ASBRs - case solved - leave IBGP alone.
Using
Hi Bradley,
>From my cisco days I recall that you should not be seeing RIB being updated
over and over with the same route even if BGP keeps sending you implicit
withdraws in the form of new BGP UPDATEs. Of course I will not tell you if
the above is still identical today on all XE, NX & XR :)
>
> Moving to a session based approach instead of a tunnel based approach.
DTLS session based is using UDP and is shipping from Sproute Networks for a
many years now. It scales fantastic in a full mesh fashion too ! They also
have all cloud based multi tenant controller so both API and GUI
> The standardization is coming, check out
https://www.mef.net/mef-3-0-sd-wan
I spent 10 min browsing MEF web site and still do not know what "MEF"
stands for ... Looks to me like yet one more commercial entity to drain a
little bit of cash out of the vendors while perhaps help with marketing
d
some would like network to be a little bit more smart :)
Best,
R.
On Sun, Mar 15, 2020 at 12:31 PM Mark Tinka wrote:
>
>
> On 15/Mar/20 12:56, Robert Raszuk wrote:
> > All,
> >
> > It seems that most answers and in fact the question itself assumes that
> all
>
https://puck.nether.net/mailman/options/cisco-nsp
On Tue, Feb 11, 2020 at 2:49 PM twall wrote:
> How do we unsubscribe from this list?
>
> On 10/02/2020 15:39, Tom Hill wrote:
> > On 10/02/2020 15:35, Aaron Gould wrote:
> >> dsw2-4503#sh ver | in IOS
> >>
> >> Cisco IOS Software, Catalyst
> is there a reason why ?
Looks to me like you are pretty fast in repetitive show commands :)
What actually may be happening here is that adj. comes up fast and at this
point your router does not yet have the dynamic name. After some time it
receives it from the neighbor via flooding in TLV
>
> There is no reason for IP to simpler or more complex in control-plane
> compared
> to MPLS.
Disagree.
WIth flat MPLS transport labels must be present to reach all of your 100s
or 1000s of LSP endpoints in another IGP area or your other global AS.
Think VPN Option-C
With IP transport all I
like Arista FlexRoute .. the advantages of LEM
here are getting very marginal for the significant cost of control plane
complexity.
Best,
R.
On Thu, Jan 2, 2020 at 4:19 PM Saku Ytti wrote:
> On Thu, 2 Jan 2020 at 17:08, Robert Raszuk wrote:
>
> > But for me from the perspective of num
1 bug free 2020,
R.
On Thu, Jan 2, 2020 at 3:46 PM Saku Ytti wrote:
> On Thu, 2 Jan 2020 at 15:46, Robert Raszuk wrote:
>
>
> >> Hence I'd always prefer transit nodes to use solely the MPLS stack for
> any clues on how to load-share.
> >
> > That may not be a
> Hence I'd always prefer transit nodes to use solely the MPLS stack for any
> clues on how to load-share.
That may not be a good idea.
Think about SR-MPLS and global labels with say 5 TE segment nodes (hops).
As MPLS header would be identical all flows travelling via such TE path
would get
Radu,
The MPLS in modern DC is none starter purely from technology pov.
In modern DCs compute nodes are your tenant PEs all talking to rest of the
fabric L3. So if you want to roll MPLS you would need to do that to the
compute nodes. That means that with exact match you will see in MSDCs
ogy or solution for getting me TE capability
> in IP :)
>
> Remember when we used to do “no ip source-route” or “ip option ignore” …
>
>
>
> adam
>
>
>
> *From:* Robert Raszuk
> *Sent:* Tuesday, April 30, 2019 4:27 PM
> *To:* adamv0...@netconsultings.com
> *Cc:*
about making the network
summarization work again - without need for more hacks and layers - which
this "seamless mpls" is a pure 999,9 example of :)
Best,
R.
On Tue, Apr 30, 2019 at 5:04 PM wrote:
> > Robert Raszuk
> > Sent: Tuesday, April 30, 2019 3:01 PM
> >
> >
vanilla IP transport for any service you
like to offer.
On Tue, Apr 30, 2019 at 4:46 PM Mark Tinka wrote:
>
>
> On 30/Apr/19 16:00, Robert Raszuk wrote:
> >
> > Yes Mark ... numerous both in WAN and DC space.
> >
> > In fact entire Contrail was based on L3VPN over UDP
vendors so
they like to keep you tight to LDP :)
Best,
R.
On Tue, Apr 30, 2019 at 2:56 PM Mark Tinka wrote:
>
>
> On 29/Apr/19 15:53, Robert Raszuk wrote:
>
> > Even better to get rid of transport MPLS all together ... There is
> nothing
> > in LDP MPLS which would
Even better to get rid of transport MPLS all together ... There is nothing
in LDP MPLS which would be of any value as compared with basic IP UDP
encap. Of course you can still run all of your L3VPNs or EVPNs if you wish
so over IP transport.
Then you no longer need to carry 1000s of /32s in your
ument redefines this high-order bit in the default metric
field in TLVs 128 and 130 to be the up/down bit."
On Thu, Mar 21, 2019 at 5:13 PM Victor Sudakov wrote:
> Robert Raszuk wrote:
> > > >
> > > > A protocol designed to speak b
Yes - the examples are there on the net for most BGP resistant customers
and non managed CPEs ... But as others already said all biggest SPs which
are still offering L3VPNs are only doing BGP and static.
On Thu, Mar 21, 2019 at 4:45 PM Victor Sudakov wrote:
> Mark Tinka wrote:
> >
> > >
t; -Original Message-
> From: cisco-nsp On Behalf Of Robert
> Raszuk
> Sent: Thursday, January 31, 2019 4:28 PM
> To: Cisco NSPs
> Subject: [c-nsp] Console connections
>
> This message originates from outside of your organisation.
>
> Hello,
>
> What would yo
Hello,
What would you all recommend these days for min 8-12 port rack mounted
terminal servers to talk to various vendor's router and switches console
ports ?
For years I used cisco 2511 but now it is history .. so what's the best
cisco or not cisco successor for it ?
It would be awesome if it
Have you considered just using Diverse Path from both RRs instead of
add-paths ? RFC 6774
That way you will have two paths not 4 on the clients and no problem you
are facing :-)
Cheers,
R.
On Tue, Oct 30, 2018 at 12:25 AM Christian wrote:
> Hi list,
>
> considering my following situation,
Hi,
Would anyone be able to recommend some open or closed src tool which can
draw nice topology of the OSPFv2 single area0 based on the show ospf lsdb
output capture ?
I saw https://blog.webernetz.net/ospf-visualizer/ but looking for more
tools like this proven in battle field especially those
>
> Sounds standard practice.
>
This way of (D)DoS mitigation results with cutting the poor target
completely out of the network ... So the attacker succeeded very well with
your assistance as legitimate users can not any more reach the guy. Is it
his fault that he got attacked ?
Do you also do
some real valid use cases to
apply bgp policies on routes *received* over IBGP ?
Thx,
Robert.
On Fri, Oct 12, 2018, 00:13 heasley wrote:
> Thu, Oct 11, 2018 at 11:47:27PM +0200, Robert Raszuk:
> > Decent bgp implementation should not allow iBGP learned routes to be
> > subject to
ype of the
route.
Thx,
R.
On Thu, Oct 11, 2018 at 10:38 PM James Bensley wrote:
> On Thu, 11 Oct 2018 at 15:30, Robert Raszuk wrote:
> > I think the difference Mark may have in mind that iBGP routes say from
> RR are advertised from RR's control plane. Many RRs today are just x86
> c
> Hi Mark,
>
> What makes you think there would be a difference in time to load eBGP
> learned routes vs. iBGP learned routes? Something from personal experience?
James,
I think the difference Mark may have in mind that iBGP routes say from RR
are advertised from RR's control plane. Many RRs
Just to clarify ... I was not really worried about how to follow various
lists - mail client does a good job to combine them into one folder, filter
duplicates etc ...
But when writing general reply/question to Mark today about BGP sessions I
noticed it only had j-nsp - but oh the question is
Hey Mark,
It has been a while
> We've been running all address families on the same RR's (different
> sessions, obviously, but same hardware)
Out of pure curiosity how are you setting up different BGP sessions to the
same RR ?
I think what Adam is proposing is real TCP session isolation,
where, in which cases, it is better compared
to the hop-by-hop approach with ORF Maybe in cases where there's a RR
hierarchy between the RR-Clusters in the particular
Intra/Inter-AS-RR-Plane? (but in my opinion this is not an optimal
design anyway)
adam -Original Message- From: Robert
Adam,
RTC is a new AFI/SAFI. That's why it is enabled like any other AFI/SAFI
in IOS.
Best,
R.
I've just learned that instead of simple per neighbor cmd. that could have
been configured under the template peer-policy or af-group:
neighbor ip-address capability orf route-target [send |
Hi Aaron,
Are you sure those type 3s do not come with DN bit set ?
RFC4577:
4.2.5.1. The DN Bit
When a type 3 LSA is sent from a PE router to a CE router, the DN bit
[OSPF-DN] in the LSA Options field MUST be set. This is used to
ensure that if any CE router sends this type 3 LSA
...@puck.nether.net] On Behalf Of Robert Raszuk
Sent: Friday, May 04, 2012 5:48 PM
To: henrry huaman
Cc: cisco-nsp@puck.nether.net
Subject: Re: [c-nsp] Anycast//DNS - BGP
Hi Henry,
Currently we have issues with the RR (Only select the main route)
That's an easy one to solve :)
Try using either add-paths
Hi Henry,
Currently we have issues with the RR (Only select the main route)
That's an easy one to solve :)
Try using either add-paths or diverse-path on the RR. The latter is much
easier as it does not require upgrade of all of your BGP speakers !
http://goo.gl/KDjlg
Best,
R.
We want to
Hi Matthias,
it isn't quite that easy. Never heard before about the diverse-path
feature on Cisco for RRs, but looking at your link it looks like to
have this probably limiting restriction in most setups: 'Path
diversity is configured within an AS, within a single RR cluster.
That is, the RR
Jared, Oli,
The problems become more complex as you have this explosion happen
when someone else wants to do another hybrid solution.
useful, yes, but could also be expensive.. the more different services
you come up with, the more different routing table views you need to
provide, the more
One additional point as I think most comments assumed such equation:
Internet in a VRF = requirement for MPLS in the core.
It does not.
You can run mGRE encapsulation between ASBRs/PEs and the fact that
behind GRE header of the packet sits vpnv4/v6 mpls label would have no
bearing on the
Garry,
Do you see the same with mpls ldp targeted-sessions enabled (even for
normal LDP p2p peers) ? At least this is something I would try first ...
Thx,
R.
Hi *,
I've been fighting this problem for quite a while, need some ideas from
the collective intelligence ...
On of our backbone
Bruce,
you are fishing for an answer.
And what's wrong with that ???
Cheers,
R.
M K wrote:
Hi all,
i have the below OER question
i have been trying since a while but i am not sure about the solution
can anyone please help ?
Configure R4 to be the master controller and R1 and R2 to be
Hi Gert,
address first, VRF second.
Well no one sane would do that ;) I believe what Derick was asking was
why not have incoming_interface/table_id - prefix lookup.
And while in software each VRF has separate RIB and FIB data structures
for reasons already discussed on L3VPN IETF mailing
Hi Derick,
I previously blogged that a (totally hypothetical) multi-tenant
network built entirely with PBR or FBF would not pass audit because
of a lack of separate RIB and separate FIB structures for each tenant
in the network. Why wouldn't this pass audit? OpenFlow is similar.
Well I
Hi Keegan,
over another. However, if the vrf's all have separate tables in the real
world then that should require the table lookup to come before the prefix
lookup. If not there would be no way to figure out which fib to search.
For packets coming from customer (CE) there is no need for
Hi,
By reusing the AS number you mean you will configure the same AS on
more then one customer CE right then on each EBGP PE-CE session ?
If this is right assumption you need to be careful on the other side so
the routes will be accepted by the remote CE ... members of the same
VPN. By default
Hi Adam,
The discussion is about control plane RRs.
Therefor in control plane RRs you do not need to have any LSP on those
nor populate 3107 to RIB/LFIB. A default will work equally well for Next
Hop Tracking to consider your BGP next hops as valid in any address
family (if that is your
carry few
extra loopback addresses in my IGP.
Cheers,
R.
adam -Original Message- From: Robert Raszuk
[mailto:rob...@raszuk.net] Sent: Wednesday, August 31, 2011 2:15 PM
To: Vitkovsky, Adam Cc: mti...@globaltransit.net; Mack McBride;
cisco-nsp@puck.nether.net Subject: Re: [c-nsp] ASR
IGP.
Cheers, R.
adam -Original Message- From: Robert Raszuk
[mailto:rob...@raszuk.net] Sent: Wednesday, August 31, 2011 2:15 PM
To: Vitkovsky, Adam Cc: mti...@globaltransit.net; Mack McBride;
cisco-nsp@puck.nether.net Subject: Re: [c-nsp] ASR opinions..
Hi Adam
Hi Mark,
Don't speak too soon - we've come across a couple of cases in IOS
XR where a configuration will be committed with references made to
other bits of configurations that don't yet exist.
This is so by design not by mistake or bug. This is called forward
referencing.
Example quote from
My advice as an ex-cisco guy to you all would be to forget about
documentation, marketing, TMEs or consultants.
Instead get the router/switch and test it with the release you plan to use.
Each BU have bunch of routers/switches which they do ship left and right
to customers to try before you
Hi Mark,
It's just that the ASR1001 will only install 512,000 entries into
the FIB, and we're not yet sure what a control-plane only router
(route reflector role) will do when we exceed this maximum.
You do not need any BGP route to be send to RIB and FIB if you are
control plane only router
Hi Dale,
In the right vendor shop no matter how many networkers sessions you
attend there should be no need to make any thing apparent from the
power-point slides.
If CLI/parser allows to co-exist any feature combination - they are
expected to work. I am with Matthew here.
If they do not work
Hi,
Let's keep in mind that there has been number of BGP enhancements since
this book was published which are rather aimed at automatic self-tuning
so overwriting defaults may actually lead to much worse behaviour :)
To bring a few examples ...
RR Scale
BGP Selective Table Download –
Hi zaidoon,
Nope - I would not recommend that.
Your better choice is to peer between loopbacks and use
disable-connected-check knob or BGP multihop.
Two sessions will cause you to get the same paths two times wasting a
bit of control plane memory and CPU inbound processing - but that's
about
scenarios than a single
threaded design. Of course
I would also diversify the connections onto different linecards/slots as
well.
Mike
On Tue, Aug 23, 2011 at 7:58 AM, Robert Raszuk rob...@raszuk.net wrote:
Hi zaidoon,
Nope - I would not recommend that.
Your better choice is to peer
76 matches
Mail list logo
