MPLS push-pop-swap labels

January 15, 2015, 8:27 am

≫ Next: ACS 5.6 CLI Logging

≪ Previous: Secure DC Nexus design with Routing and switching

$

0

0

Assuming this is the topology. CE1 is advertising prefix 10.1.1.0/24 and CE2 is 20.1.1.0/24 and they're both communicating each other.

CE1-PE1-P1  - P2 - PE2 - CE2

going back to the MPLS process, unlabeled packet adds label and MPLS routers do the rest of push-pop-swap and send across and stripped off the label as regular IP unlabeled format on the other side.

Let's say Host 10.1.1.100 is communicating to Host 20.1.1.100 and vice versa.

From PE's standpoint, how to determine that host 10.1.1.100 is added a label 10 (for example) ?  And I can trace mpls labels from left to right of the topology.

 

 

 

 

---

ACS 5.6 CLI Logging

January 15, 2015, 1:25 pm

≫ Next: Rack Rental tokens for sale

≪ Previous: MPLS push-pop-swap labels

$

0

0

Hey all,

This might be some low hanging fruit for one of you to answer - how do I enable successful and unsuccessful login attempts to the ACS 5.6 CLI to a syslog server?  I receive logging output to my syslog server upon successful and unsuccessful GUI login attempts , however, I get nothing for CLI login attempts.  Thank you much for your time!

Hansel

Rack Rental tokens for sale

June 27, 2013, 12:16 pm

≫ Next: Router-ID uniqueness requirements

≪ Previous: ACS 5.6 CLI Logging

$

0

0

I still have 4000 tokens left if anyone needs them.

Router-ID uniqueness requirements

January 12, 2015, 1:39 pm

≫ Next: GLBP Weighting

≪ Previous: Rack Rental tokens for sale

$

0

0

Just going through scenarios for the uniqueness of router-ids, thought to share my findings

EIGRP
- Must be unique within AS

OSPF
- Must be unique within area
- ASBR rids must also be unique

BGP
- Must be unique between ebgp neighbors
- Must be unique within a BGP "Real" AS not "confed-AS"

RIP
- Who cares -:)

MPLS
- Must be unique between ldp neighbors

Any other findings from anyone?

GLBP Weighting

January 15, 2015, 2:33 pm

≫ Next: T5 vs. Translated T7 to T5 LSA Forwarding Question

≪ Previous: Router-ID uniqueness requirements

$

0

0

Assume we have a router using the interface configuration below. Now lets say we used some tracking with an ip sla to decrement the weighting when a bunch of interfaces go down.  Assume now, that all of the external interface went down and the weighting has now gone to 70.  But now a couple interfaces have come up and the weight is now 85.  What happens? Does nothing happen until the weight restores itself with a value above 90?  I'm trying to work out the point of the middle values here.

 

int fa0/0

 glbp 1 ip x.x.x.x

 glbp 1 load-balancing weighted

 glbp 1 weighting 100 lower 80 upper 90

 

 

Another question on this topic

If, in the scenario above, another interface came up, and made the weight, say 95, does this dynamically adjust the load distribution on a 95:100 ratio (assuming we have another AVF with a default 100 weighting on it)?

T5 vs. Translated T7 to T5 LSA Forwarding Question

January 10, 2015, 2:51 pm

≫ Next: INE DC Full Scale Labs

≪ Previous: GLBP Weighting

$

0

0

In a normal T5 LSA, the forwarder is set to 0.0.0.0 which means to forward to the originator of the LSA. If the ASBR is not in the local area, use a T4 LSA to locate the ASBR.

In a T5 LSA that has been translated from a T7, the forward address is set to the ASBR in the NSSA that generated the route. When a router tries to locate the forwarder listed in the LSA instead of using a T4 LSA, it uses a T3 LSA.

If the router can use a T3 LSA to locate the ASBR inside of an NSSA, why can it not use a T3 LSA to locate the ASBR in a regular area?

Thanks!

INE DC Full Scale Labs

January 15, 2015, 1:22 pm

≫ Next: VMware Trial Software

≪ Previous: T5 vs. Translated T7 to T5 LSA Forwarding Question

$

0

0

Hi Everyone,

I was just wondering if someone has the Topology diagrams for Full Scale Lab 1? I see that in Full Scale Lab 2 it is available in the workbook, but I can’t find it in the first one.

Anyone knows if we can rent a DC topology where we can train with these Full Scale Labs?

Last, does anyone know if the difficulty is lower, equal or higher than what we will have to deal with on L-day (for Lab-day)?

Best Regards,

--
Pierre-Louis Gingembre
pierre-louis@gingembre.net

+33 6 33 26 75 45

@plgingembre

VMware Trial Software

January 15, 2015, 2:08 pm

≫ Next: System Message Logging

≪ Previous: INE DC Full Scale Labs

$

0

0

For those interested in learning VMware at home, but do not have licensing and do not want to have to rebuild the environment when the trial expires, you now have a new option. VMUG: EVALExperience

The VMUG subscription costs $200 a year, and one of the benefits is EVALExperience, which allows you to have a trial license that lasts 365 days for 9 VMware products. One of them is vSphere with Enterprise Plus licensing, which will allow you to mess around with the VMware Distributed Switch and 1000V

VMware vCenter Server™ 5 Standalone for vSphere 5

VMware vSphere® with Operations Management™ Enterprise Plus

VMware vCloud Suite® Standard

VMware vRealize™ Operations Insight™

VMware vRealize Operations™ 6 Enterprise

VMware vRealize Log Insight™

VMware vRealize Operations for Horizon®

VMware Horizon® Advanced Edition

VMware Virtual SAN™

http://www.vmug.com/p/cm/ld/fid=8792

 

---

System Message Logging

January 12, 2015, 6:03 am

≫ Next: EtherChannel vs routing protocol Equal Cost Multipath (ECMP) ?

≪ Previous: VMware Trial Software

$

0

0

Hi,

I disagree with the sample solution for this subtask:

• Debugging messages should be sent to the router consoles, but limited to 1 message per second.

which was solved with the following command in the sample solution: 

logging rate-limit console all 1

This will limit all syslog outputs for severity 0-7 to 1 msg per second on the console which is not what was asked for. In my opinion the solution should be: 

logging rate-limit console 1 except informational

http://www.cisco.com/c/en/us/td/docs/ios-xml/ios/esm/command/esm-cr-book/esm-cr-a1.html#wp7909503390

Thoughts?

EtherChannel vs routing protocol Equal Cost Multipath (ECMP) ?

January 7, 2015, 11:18 am

≫ Next: UCS FI's flood igmp traffic

≪ Previous: System Message Logging

$

0

0

I assume ECMP is load balance of L3 routing protocol like ospf , eigrp, right?  but then using that between switches? etherchannels seems to be better option.

 

UCS FI's flood igmp traffic

January 16, 2015, 12:11 am

≫ Next: GLBP & load-balancing

≪ Previous: EtherChannel vs routing protocol Equal Cost Multipath (ECMP) ?

$

0

0

Hi,

I've been doing some work with igmp within UCS, and it seems even with a multicast policy applied to vnics, and all the necessary igmp configuration, the FI's just seem to flood traffic to hosts that sit within UCS.

Has anyone got any experience with this, come across this issue before ?

The FI's are in EHM not switch mode.

Thanks

Dominic

GLBP & load-balancing

January 15, 2015, 3:26 pm

≫ Next: Cisco Unity Connect 8.6 AA ring duration on transfer

≪ Previous: UCS FI's flood igmp traffic

$

0

0

I have just one more question on GLBP here.  I setup GLBP between r1 and r2 on a network that looks like this:

 

R1 --trunk-- Sw1 --trunk--Sw2 --trunk-- R2

 

I brung the vlan out on Sw1 and Sw2 in SVI's so I could emulate 2 hosts for testing.  So effectively, R1 was 10.0.0.1, R2 was 10.0.0.2, Sw1 was 10.0.0.11, and Sw2 was 10.0.0.12.  The GLBP VIP was 10.0.0.10

I sent a bunch of pings from Sw1 and Sw2 to the VIP and kept checking & clearing the arp cache's on the switches to check I was getting different virtual mac addresses allocated from the AVG for my AVF, and I was.  At the same time, I was doing a #sh ip glbp detail on the AVG to check the "Client Selection Count" was being sequentially incremented between the two AVFs, and it was (i.e. round-robin was working).  The query I have, is that I noticed the Client Selection Count was also being incremented every time I cleared the arp-cache on the switch, and I can't understand why clearing arp-cache would have any affect on GLBP at all? All I'm doing is flushing my local arp-cache on the switch.  Can anyone explain this behaviour?

PS:I tested this multiple times to make sure it wasn't some random co-incidence. And yes, each time I clear the arp-cache, GLBP seems to allocate an AVF for this so called "traffic" I guess.

Cisco Unity Connect 8.6 AA ring duration on transfer

January 16, 2015, 1:38 am

≫ Next: VIRL or CML?

≪ Previous: GLBP & load-balancing

$

0

0

Hi,

I have configured a System Call handler and edited the caller input to transfer to alternate contact number after hearing a greeting.  The call action is a supervised transfer and recardless of the amount of rings to wait for it only rings the phone twice before going to voice mail.

Thanks for any help!

Greg

VIRL or CML?

January 15, 2015, 5:00 pm

≫ Next: Telnet without the telnet keyword

≪ Previous: Cisco Unity Connect 8.6 AA ring duration on transfer

$

0

0

Hi everyone,

I'm hoping to build a virtual lab environment in which multiple students have access to their individual pods of about 6-7 routers, and all of the "pods" of virtual routers are contained within a single host server.  I'd like this server to support maybe up to 15-pods, so we're talking about a maximum of 105-virtual routers running simultaneously, but each grouping of 6-7 routers being kept isolated from each other.

I've never built anything like this and when it comes to server managment or vmWare I'm a complete newbie.

I'm thinking that VIRL or CML might work for what I need.  Any thoughts or real-world experience with either of these that you'd care to share?

 

Thanks!

Telnet without the telnet keyword

January 7, 2015, 3:43 am

≫ Next: PIM DM (*,G)

≪ Previous: VIRL or CML?

$

0

0

Im trying to telnet without typing the "telnet" keyword

router#1.2.3.4

i noticed that it worked in some versions and didn't work in some,

what controls this option? any ideas?

 

I also tried the following

line console 0

 transport preferred telnet

It still didn't work

---

PIM DM (*,G)

January 14, 2015, 8:25 am

≫ Next: Delete this post (i put it in the wrong forum section)

≪ Previous: Telnet without the telnet keyword

$

0

0

hi all

 

I do not understand why PIM DM router creates (*,G) when it receives multicats traffic.

can someone explained shortly for me please ?

 

 

thanks,

Delete this post (i put it in the wrong forum section)

January 16, 2015, 5:25 am

≫ Next: CSR 1000v Netflow

≪ Previous: PIM DM (*,G)

$

0

0

Sugar, sorry I just put this in the wrong forum section. 

Delete this post 

CSR 1000v Netflow

January 6, 2015, 5:20 am

≫ Next: Issue with FCOE E-ports on N7k

≪ Previous: Delete this post (i put it in the wrong forum section)

$

0

0

hi all

 

I am trying to configure Netflow on my CSR 1000v in order to monitor it through an application called Whatsup Gold

I have seen the USer Manual Guide for the Netflow Command configuration,

 

! Create flow monitor

enable

configure terminal

flow monitor application-mon

 description app traffic analysis

 cache timeout active 60

! Define the flow record:

enable

configure terminal

flow monitor application-mon

 flow record nbar-appmon

 description NBAR Flow Monitor

 match ipv4 tos

 match ipv4 protocol

 match ipv4 source address

 match ipv4 destination address

 match transport source-port

 match transport destination-port

 match interface input

 match application name

 collect interface output

 collect counter bytes

 collect counter packets

 collect transport tcp flags

 collect routing source as

 collect routing destination as

 exit

flow monitor application-mon

 record nbar-appmon

! Create a flow exporter:

enable

configure terminal

flow exporter export-to-ipswitch-flow-monitor

 description Flexible NF v9

 destination 192.168.1.18

 source GigabitEthernet 1

 transport udp 9996

 template data timeout 120

 option interface-table

 option exporter-stats timeout 120

 option application-table timeout 120

! configure the flow monitor to use the new flow exporter

configure terminal

exporter export-to-ipswitch_flow_monitor

 

 

everything was configured fine, except the last command which is exporter export-to-ipswitch_flow_monitor

the router refused this, ??

 

is there altrenative solution ?

 

Issue with FCOE E-ports on N7k

January 16, 2015, 12:50 pm

≫ Next: Loop Guard

≪ Previous: CSR 1000v Netflow

$

0

0

Hi, 

I am trying to configure vfc in storage vdc on n7k, but getting some errors. I would be grateful if you could support me and let me know what is required to make it working. Thank you.

DEFAULT VDC-CONFIG:
============================================
vdc N7KA-vdc1 id 1
 limit-resource module-type f1
 cpu-share 5
 allocate interface Ethernet4/1-4
!
vdc storage id 4 type storage
 limit-resource module-type f1
 allow feature-set fcoe
!
vdc storage id 4
 allocate fcoe-vlan-range 100 from vdcs N7KA-vdc1
 allocate shared interface Ethernet4/1-4

STORAGE VDC-CONFIG:
!============================================
vlan 1,100
vlan 100
 fcoe vsan 100
!
vsan database
 vsan 100
!
interface Ethernet4/1
 no shutdown

!============================================

 

Now when I first create VFC and configure it as E, I cannot bind it to interface:

storage(config)# int vfc1
storage(config-if)# switchport mode e
storage(config-if)# bind int e4/1
ERROR: fcoe_mgr: VFC not bound (err_id 0x42070009)

 

When I do it in the opposite order, I am getting error as well:
storage(config)# int vfc1
storage(config-if)# bind int e4/1
storage(config-if)# switchport mode e
vfc1: (error) configuration of this port mode not allowed

Can you advise if there is any limitation (I got the same issue on N7K-F132XP-15 & N7K-F248XP-25E, I am running n7000-s2-dk9.6.2.8a.bin) or config change required to make it working?  

Maybe is it related with dedicated/shared interfaces:

N7KA-vdc1(config-if)# sh int e4/1
Ethernet4/1 is up
admin state is up, Dedicated(Shared) Interface
!
storage# sh int e4/1
Ethernet4/1 is up
admin state is up, Shared Interface

If so, how to change it (when I tried to change it in Eth VDC I am getting info that rate-mode is fixed, when I apply it on storage vdc, it looks like command is not accepted - i.e. it is not in the config). 

Thank you,
hidd 

Loop Guard

January 16, 2015, 5:28 am

≫ Next: NAT to translate traceroute replies

≪ Previous: Issue with FCOE E-ports on N7k

$

0

0

This feature is something I need a clearer understanding on.

In the picture in the link below, assume the connection between Sw1 and Sw3 is fibre.  Now assume UDLD and Loop Guard is disabled and the send channel from Sw1 toward Sw3 is broken. Sw3 stops receiving BPDU's and ages the stored BPDU out on the port. It then goes through listening & learning, and becomes designated (as it's no longer receiving BPDUs).  At this point, Sw1's port is designated, and Sw3's port is also designated for that segment, indicating that this would be cause a loop in the network.  HOWEVER, the traffic sent from Sw1 toward Sw3 is blackholed because of a broken fibre.  So, although both sides are designated/forwarding, only the traffic sent from Sw3 towards Sw1 actually goes through the fibre and comes out the other side.  Therefore, there is not technically a loop in the network because the layer 1 "transmit" fibre from Sw1 to Sw3 is blackholed due to the cut/problem.  So why would I need loop guard?

http://s11.postimg.org/kz8yllsqr/picture.png