[c-nsp] (no subject)

Tom Zingale tomz at cisco.com
Sun Apr 24 22:09:01 EDT 2005


>Thanks for introduce me to the new command :) This ip sla monitor thing 

>came out with 12.2SX and 12.2SB already?

Not yet by the end of the year

 

 IPSLA works in two phases:

1) Control phase uses UDP. Source port is random, destination port 1967. 

As discussed below.

2) Measurement phase goes from source (port is either fixed, or picked

randomly) and go to destination where the port number has been configured on
the sender. This is a stream of UDP packets.

3) The receiver (called the responder in our case) mirror the packets back
to the sender.

Running an operation Inside->Outside is not a problem. However, from outside
to inside it would require:

- To open 1967/UDP

- To statically configure the source-port AND dest-port

- To open the pair src-ip/src-port/dst-ip/dst-port on the firewall.

If you do not configure statically the ports, it is going to be really
difficult for the operation to go through without opening a lot of useless
conduits.

 

>X-BrightmailFiltered: true

>X-Brightmail-Tracker: AAAAAA==

>X-IronPort-AV: i="3.92,124,1112598000"; 

> d="scan'208"; a="64678839:sNHT39166694"

>X-Envelope-From: luan.nguyen at mci.com

>Date: Fri, 22 Apr 2005 11:02:17 -0400

>From: Luan Nguyen <luan.nguyen at mci.com>

>Subject: RE: [c-nsp] IP SLA through NAT Firewall

>To: "'Eric Helm'" <helmwork at ruraltel.net>, cisco-nsp at puck.nether.net

>X-Mailer: Microsoft Office Outlook, Build 11.0.5510

>Thread-index: AcVHR69YGIN+dgbwTdKgur3cB//onAAA2qhQ

>X-BeenThere: cisco-nsp at puck.nether.net

>X-Mailman-Version: 2.1.6b1

>List-Id: "list for people using cisco in a NSP \(Network service provider\)

> environment" <cisco-nsp.puck.nether.net>

>List-Unsubscribe: < <https://puck.nether.net/mailman/listinfo/cisco-nsp>
https://puck.nether.net/mailman/listinfo/cisco-nsp>,

> < <mailto:cisco-nsp-request at puck.nether.net?subject=unsubscribe>
mailto:cisco-nsp-request at puck.nether.net?subject=unsubscribe>

>List-Archive: < <https://puck.nether.net/pipermail/cisco-nsp>
https://puck.nether.net/pipermail/cisco-nsp>

>List-Post: < <mailto:cisco-nsp at puck.nether.net>
mailto:cisco-nsp at puck.nether.net>

>List-Help: < <mailto:cisco-nsp-request at puck.nether.net?subject=help>
mailto:cisco-nsp-request at puck.nether.net?subject=help>

>List-Subscribe: < <https://puck.nether.net/mailman/listinfo/cisco-nsp>
https://puck.nether.net/mailman/listinfo/cisco-nsp>,

> < <mailto:cisco-nsp-request at puck.nether.net?subject=subscribe>
mailto:cisco-nsp-request at puck.nether.net?subject=subscribe>

>Sender: cisco-nsp-bounces at puck.nether.net

>X-PMX-Version: 4.7.0.111621

>X-from-outside-Cisco: 128.107.243.13

>X-OriginalArrivalTime: 22 Apr 2005 15:06:13.0595 (UTC) 

>FILETIME=[D32CEAB0:01C5474C]

>

>Thanks for introduce me to the new command :) This ip sla monitor thing 

>came out with 12.2SX and 12.2SB already?

>I saw on Cisco web, it says coming out to replace rtr in 12.4 and 12.4.T.

>Anyhow, for rtr stuffs, first the router will send a control message 

>UDP high port to the responder udp port 1967. The responder will 

>respond back

>1967 ---> UDP highport. If this goes through the firewall, then normal 

>jitter operation will follow, from udp highport to the 16384 specified 

>by you.

>You config seems to specify the router as both the probe and the responder.

>IMHO, NAT probably doesn't break your sla...probably the firewall.

>

>Luan

 
 
------------------------
Tom Zingale
Product Manager
Internet Technologies Group
408-527-7535
 <http://www.cisco.com/go/ipsla> Cisco IOS IP SLAs
http://www.cisco.com/go/ipsla
Cisco IOS NetFlow
http://www.cisco.com/go/netflow
--------------------------------
 


More information about the cisco-nsp mailing list