[c-nsp] Re: UDLD - why is default 60 seconds? (Saku Ytti)
Delord, Simon
sdelord at uecomm.com.au
Thu Feb 23 17:36:22 EST 2006
Hi,
Sorry but can you describe a bit more this "corner case"?
Regards,
Simon
>
<http://www.cisco.com/en/US/products/hw/routers/ps368/products_configura
tion_guide_chapter09186a0080160ecf.html>
>
> Why is the default probe message time 60 seconds and in addition one
can
> only go as low as 7 seconds? If a GE port suddenly becomes
> unidirectional, I would like to know about in 1-2 seconds and not
after 7
> seconds, so that the link is forced down and OSPF turns to an
alternate
> path. Or am I missing something?
Valid question, which I don't have answer to, I agree they're quite
conservative. But I'd suggest that you'll solve your rapid IGP
livelyness detection with BFD instead, UDLD only helps in very spesific
problem, which should happen extremely rarely.
Also you may want to complement UDLD with STP loopguard, to cover
another corner case (mainly STP software issues).
>
> Thanks,
> Hank
> _______________________________________________
> cisco-nsp mailing list cisco-nsp at puck.nether.net
> https://puck.nether.net/mailman/listinfo/cisco-nsp
> archive at http://puck.nether.net/pipermail/cisco-nsp/
>
--
++ytti
------------------------------
Message: 2
Date: Thu, 23 Feb 2006 11:14:51 -0600
From: "Jessup, Toby" <Toby.Jessup at qwest.com>
Subject: [c-nsp] T3/E3 hybrid
To: <cisco-nsp at puck.nether.net>
Message-ID:
<E8CF3B5E10F4C64282C72BD1B6A95FE5019B926C at QTOMAE2K3M01.AD.QINTRA.COM>
Content-Type: text/plain; charset="us-ascii"
Is anyone out there knowledgeable about how/if T3/E3 hybrid circuits are
provisioned? Anyone aware of a provider doing this?
I am not even sure this is possible in most cases. I can't imagine how
any equipment owned by a service provider (or CSU product?) could
convert an unframed (C-bit) T3 directly to an unstructured E3. The
unframed T3 would have to be a subrate tiered service (34.368 kb/s), and
that makes this seems technically unlikely, given the complexity and the
varying standards for subrate T3 framing (?).
Converting a framed (M13) T3 service to a structured E3 seems more
likely, but still perhaps outside what most SPs can offer. There would
have to be only 16 channels, and those channels would have to be
operating as hybrid T1/E1 lines (24 DS0s). Agree?
------------------------------
Message: 3
Date: Thu, 23 Feb 2006 18:37:32 +0100
From: "Vincent De Keyzer" <vincent at dekeyzer.net>
Subject: RE: [c-nsp] RIB-failure - anything to worry about?
To: "'kostas anagnopoulos'" <kostas.anagnopoulos at oteglobe.net>
Cc: cisco-nsp at puck.nether.net
Message-ID: <009201c6389f$d3d56150$408115ac at osiris.grp>
Content-Type: text/plain; charset="iso-8859-1"
That's what it says, yes.
Thanks
Vincent
> -----Original Message-----
> From: cisco-nsp-bounces at puck.nether.net [mailto:cisco-nsp-
> bounces at puck.nether.net] On Behalf Of kostas anagnopoulos
> Sent: mercredi 22 f?vrier 2006 15:02
> To: Vincent De Keyzer
> Cc: cisco-nsp at puck.nether.net
> Subject: RE: [c-nsp] RIB-failure - anything to worry about?
>
> do a "show ip bgp rib-failure" and if the reason for the failure is
> "Higher
> admin distance" there's nothing to worry about
>
> regards
> Kostas
>
> -----Original Message-----
> From: cisco-nsp-bounces at puck.nether.net
> [mailto:cisco-nsp-bounces at puck.nether.net]On Behalf Of Vincent De
Keyzer
> Sent: Wednesday, February 22, 2006 3:44 PM
> To: cisco-nsp at puck.nether.net
> Subject: RE: [c-nsp] RIB-failure - anything to worry about?
>
>
> Please allow me to repost this one - with all the BGP gurus on this
list,
> I
> just can't believe that nobody can answer it...
>
> Vincent
>
> > -----Original Message-----
> > From: cisco-nsp-bounces at puck.nether.net [mailto:cisco-nsp-
> > bounces at puck.nether.net] On Behalf Of Vincent De Keyzer
> > Sent: lundi 20 f?vrier 2006 10:56
> > To: cisco-nsp at puck.nether.net
> > Subject: [c-nsp] RIB-failure - anything to worry about?
> >
> > Hi,
> >
> > I just noticed that, on our IX router, there is a little 'r' in
front of
> > the
> > advertised routes, which I don't see in front of the routes
advertised
> to
> > our upstreams.
> >
> > BRUBLUro72#sh ip bgp neighbors X.Y.172.90 advertised-routes
> > BGP table version is 6257967, local router ID is 217.64.240.145
> > Status codes: s suppressed, d damped, h history, * valid, > best, i
-
> > internal,
> > r RIB-failure, S Stale
> > Origin codes: i - IGP, e - EGP, ? - incomplete
> >
> > Network Next Hop Metric LocPrf Weight Path
> > r>iXXX.YYY.144.0/20 ZZZ.WWW.240.144 0 100 0 i
> > r>iAAA.BBB.0.0/18 ZZZ.WWW.240.144 0 100 0 i
> > r>iAAA.BBB.64.0/18 ZZZ.WWW.240.144 0 100 0 i
> > r>iZZZ.WWW.240.0/20 ZZZ.WWW.240.144 0 100 0 i
> > BRUBLUro72#
> >
> > When looking up CCO, it says that this can be caused by "Route with
> better
> > administrative distance already present in IGP . For example, if a
> static
> > route already exists in IP Routing table."
> >
> > This is the case, because those routes are known via OSPF (the
static
> > route
> > to Null0 on the upstream routers is advertised in OSPF). But on the
> > upstream
> > routers, those routes are known via the static route, so what's the
> > difference?
> >
> > The other possible reason seems to be a memory failure.
> >
> > Is there anything to worry about?
> >
> > Vincent
> >
> > _______________________________________________
> > cisco-nsp mailing list cisco-nsp at puck.nether.net
> > https://puck.nether.net/mailman/listinfo/cisco-nsp
> > archive at http://puck.nether.net/pipermail/cisco-nsp/
>
>
> _______________________________________________
> cisco-nsp mailing list cisco-nsp at puck.nether.net
> https://puck.nether.net/mailman/listinfo/cisco-nsp
> archive at http://puck.nether.net/pipermail/cisco-nsp/
>
> --
> This message has been scanned for viruses and
> dangerous content by MailScanner, and is
> believed to be clean.
>
>
>
>
> --
> This message has been scanned for viruses and
> dangerous content by MailScanner, and is
> believed to be clean.
>
> _______________________________________________
> cisco-nsp mailing list cisco-nsp at puck.nether.net
> https://puck.nether.net/mailman/listinfo/cisco-nsp
> archive at http://puck.nether.net/pipermail/cisco-nsp/
------------------------------
Message: 4
Date: Thu, 23 Feb 2006 18:41:03 +0100
From: "Vincent De Keyzer" <vincent at dekeyzer.net>
Subject: RE: [c-nsp] RIB-failure - anything to worry about?
To: "'Pete Templin'" <templin at photos.templin.org>
Cc: cisco-nsp at puck.nether.net
Message-ID: <009301c638a0$512b41b0$408115ac at osiris.grp>
Content-Type: text/plain; charset="us-ascii"
> Normally nothing to worry about, but you may want to reverify your
> origination points. I'm assuming you don't put /18s and /20s natively
> on interfaces, and that you subnet them much more than that. If so,
you
> may want to pick two or so key devices in your network to originate
your
> /18s and /20s (i.e. bgp 'network' or bgp 'redist stat route-map
> aggs-only'). Then take the aggregates OUT of OSPF. You'll no longer
> have RIB-failure
So basically, you are proposing to propagate the /18s and the /20s via
iBGP
rather than with OSPF? Fine for me, it that removes this scary 'r', it's
a
good idea.
> and if edge routers lose connectivity to your core,
> your edge routers will no longer blackhole some of your traffic.
... but I am already out of that danger, right? If my IX router looses
connectivity to the core, it will loose the route via OSPF, and will
stop
announcing it via eBGP, correct?
Vincent
------------------------------
Message: 5
Date: Thu, 23 Feb 2006 12:52:13 -0500
From: "barney gumbo" <barney.gumbo at gmail.com>
Subject: [c-nsp] packet monitoring?
To: cisco-nsp at puck.nether.net
Message-ID:
<2a4c197e0602230952s7f2e3e7dw4ea5ea833aefeac5 at mail.gmail.com>
Content-Type: text/plain; charset=ISO-8859-1
I have a complicated problem. I am trying to determine what
src-ip/src-prt
and dst-ip/dst-prt I need to allow outbound on the inside interface of
some
firewalls. Writing ACL's to restrict and then fixing later is not an
option.
The firewalls are PIX 525 and 535. The typical traffic throughput is
150-200 Mbps. Using log X interval Y on the PIX ACL's killed our CPU.
We've tried exporting netflow data from a set of 6509's with mls flow
cache
set to full and this is way to much data. To the best of my knowledge,
ethereal and sniffer can do this to a certain extent however I'm not
interested in using system resources to capture the whole packet
payload, I
just want to be able to sumarize layers 3 through 4 and if the app can
break
this down into complete sockets or estimate the UDP flows that would be
great too.
I realize there may be a way to do this with the existing flow-tools
apps
but I've read through the manuals and perhaps I'm missing something. If
I
could just see aggregates of src-ip/src-port and dst-ip/dst-prt I think
this
will suit my needs well; I don't need to verify that the flow was part
of a
particular data transfer session or anything along those lines.
Is there a tool that can listen passively (we would span the PIX inside
interface to this passive listener) and provide summarized data to meet
these requirements?
------------------------------
Message: 6
Date: Thu, 23 Feb 2006 13:03:53 -0500
From: Stephen Kratzer <kratzers at pa.net>
Subject: Re: [c-nsp] incompatible NPE-400??
To: cisco-nsp at puck.nether.net
Message-ID: <200602231303.53284.kratzers at pa.net>
Content-Type: text/plain; charset="iso-8859-1"
The VXR chassis will support all NPEs and the NSE-1. You need to upgrade
your
boot image.
On Thursday 23 February 2006 10:45, Chris Hale wrote:
> All -
>
>
>
> We just tried upgrading our 7206VXR this morning to an NPE-400 from
> NPE-300.
>
> After the reboot, we rec'd this message below. Someone mentioned our
VXR
> chassis is too old for this newer NPE-400?
>
>
>
> Does anyone have any guidelines on how to decipher the s/n etc. on the
> chassis to pre-determine the incompatibility?
>
>
>
> Thanks in advance,
>
> Chris
>
>
>
> ---------------------------------------------------------------------
>
>
>
> %%Unknown CPU card type
>
>
>
> System Bootstrap, Version 12.1(20000710:044039) [nlaw-121E_npeb 117],
> DEVELOPMENT SOFTWARE Copyright (c) 1994-2000 by cisco Systems, Inc.
>
> C7200 platform with 524288 Kbytes of main memory
>
>
>
> System Bootstrap, Version 12.1(20000710:044039) [nlaw-121E_npeb 117],
> DEVELOPMENT SOFTWARE Copyright (c) 1994-2000 by cisco Systems, Inc.
>
> C7200 platform with 524288 Kbytes of main memory
>
>
>
> Self decompressing the image :
>
>
########################################################################
###
>#
>
>
########################################################################
###
>#
>
>
########################################################################
###
>#
>
> ############################################# [OK]
>
>
>
> %%Unknown CPU card type
>
>
>
> System Bootstrap, Version 12.1(20000710:044039) [nlaw-121E_npeb 117],
> DEVELOPMENT SOFTWARE Copyright (c) 1994-2000 by cisco Systems, Inc.
>
> C7200 platform with 524288 Kbytes of main memory
>
>
>
> Self decompressing the image :
>
>
########################################################################
###
>#
>
>
########################################################################
###
>#
>
>
########################################################################
###
>#
>
>
########################################################################
###
>#
>
>
########################################################################
###
>#
>
>
########################################################################
###
>#
>
>
########################################################################
###
>#
>
> ############################################################# [OK]
>
>
>
> %%Unknown CPU card type
>
>
>
> System Bootstrap, Version 12.1(20000710:044039) [nlaw-121E_npeb 117],
> DEVELOPMENT SOFTWARE Copyright (c) 1994-2000 by cisco Systems, Inc.
>
> C7200 platform with 524288 Kbytes of main memory
>
>
>
> System Bootstrap, Version 12.1(20000710:044039) [nlaw-121E_npeb 117],
> DEVELOPMENT SOFTWARE Copyright (c) 1994-2000 by cisco Systems, Inc.
>
>
>
> *** WARNING ***
>
> Unknown CPU card ID in eeprom!
>
>
>
> C7200 platform with 524288 Kbytes of main memory
>
>
>
> Self decompressing the image :
>
>
########################################################################
###
>#
>
>
########################################################################
###
>#
>
>
########################################################################
###
>#
>
> ############################################# [OK]
>
>
>
> %%Unknown CPU card type
>
>
>
> System Bootstrap, Version 12.1(20000710:044039) [nlaw-121E_npeb 117],
> DEVELOPMENT SOFTWARE Copyright (c) 1994-2000 by cisco Systems, Inc.
>
>
>
> *** WARNING ***
>
> Unknown CPU card ID in eeprom!
>
>
>
> C7200 platform with 524288 Kbytes of main memory
>
> _______________________________________________
> cisco-nsp mailing list cisco-nsp at puck.nether.net
> https://puck.nether.net/mailman/listinfo/cisco-nsp
> archive at http://puck.nether.net/pipermail/cisco-nsp/
------------------------------
Message: 7
Date: Thu, 23 Feb 2006 19:28:26 +0100
From: "Oliver Boehmer \(oboehmer\)" <oboehmer at cisco.com>
Subject: [c-nsp] RE: [cisco-bba] Tunnel ids and MRTG..
To: "Mark Tohill" <Mark at u.tv>, <cisco-bba at puck.nether.net>
Cc: cisco-nsp at puck.nether.net
Message-ID:
<70B7A1CCBFA5C649BD562B6D9F7ED784019CEC9A at xmb-ams-333.emea.cisco.com>
Content-Type: text/plain; charset="us-ascii"
Mark Tohill <> wrote on Thursday, February 23, 2006 1:26 PM:
> Does anyone know if it is possible to dictate VPDN L2TP tunnel id's?
No, unfortunately (for your requirement) not..
oli
------------------------------
Message: 8
Date: Thu, 23 Feb 2006 15:10:40 -0500
From: "Chris Hale" <chris-lists at pipelinewireless.us>
Subject: SOLVED: RE: [c-nsp] incompatible NPE-400??
To: <cisco-nsp at puck.nether.net>
Message-ID: <054601c638b5$3a07bee0$800101df at pipelinewireless.local>
Content-Type: text/plain; charset="us-ascii"
Thanks all. Which version to use?
Chris
-----Original Message-----
From: Stephen Kratzer [mailto:kratzers at pa.net]
Sent: Thursday, February 23, 2006 1:04 PM
To: cisco-nsp at puck.nether.net
Subject: Re: [c-nsp] incompatible NPE-400??
The VXR chassis will support all NPEs and the NSE-1. You need to upgrade
your
boot image.
On Thursday 23 February 2006 10:45, Chris Hale wrote:
> All -
>
>
>
> We just tried upgrading our 7206VXR this morning to an NPE-400 from
> NPE-300.
>
> After the reboot, we rec'd this message below. Someone mentioned our
VXR
> chassis is too old for this newer NPE-400?
>
>
>
> Does anyone have any guidelines on how to decipher the s/n etc. on the
> chassis to pre-determine the incompatibility?
>
>
>
> Thanks in advance,
>
> Chris
>
>
>
> ---------------------------------------------------------------------
>
>
>
> %%Unknown CPU card type
>
>
>
> System Bootstrap, Version 12.1(20000710:044039) [nlaw-121E_npeb 117],
> DEVELOPMENT SOFTWARE Copyright (c) 1994-2000 by cisco Systems, Inc.
>
> C7200 platform with 524288 Kbytes of main memory
>
>
>
> System Bootstrap, Version 12.1(20000710:044039) [nlaw-121E_npeb 117],
> DEVELOPMENT SOFTWARE Copyright (c) 1994-2000 by cisco Systems, Inc.
>
> C7200 platform with 524288 Kbytes of main memory
>
>
>
> Self decompressing the image :
>
>
########################################################################
###
>#
>
>
########################################################################
###
>#
>
>
########################################################################
###
>#
>
> ############################################# [OK]
>
>
>
> %%Unknown CPU card type
>
>
>
> System Bootstrap, Version 12.1(20000710:044039) [nlaw-121E_npeb 117],
> DEVELOPMENT SOFTWARE Copyright (c) 1994-2000 by cisco Systems, Inc.
>
> C7200 platform with 524288 Kbytes of main memory
>
>
>
> Self decompressing the image :
>
>
########################################################################
###
>#
>
>
########################################################################
###
>#
>
>
########################################################################
###
>#
>
>
########################################################################
###
>#
>
>
########################################################################
###
>#
>
>
########################################################################
###
>#
>
>
########################################################################
###
>#
>
> ############################################################# [OK]
>
>
>
> %%Unknown CPU card type
>
>
>
> System Bootstrap, Version 12.1(20000710:044039) [nlaw-121E_npeb 117],
> DEVELOPMENT SOFTWARE Copyright (c) 1994-2000 by cisco Systems, Inc.
>
> C7200 platform with 524288 Kbytes of main memory
>
>
>
> System Bootstrap, Version 12.1(20000710:044039) [nlaw-121E_npeb 117],
> DEVELOPMENT SOFTWARE Copyright (c) 1994-2000 by cisco Systems, Inc.
>
>
>
> *** WARNING ***
>
> Unknown CPU card ID in eeprom!
>
>
>
> C7200 platform with 524288 Kbytes of main memory
>
>
>
> Self decompressing the image :
>
>
########################################################################
###
>#
>
>
########################################################################
###
>#
>
>
########################################################################
###
>#
>
> ############################################# [OK]
>
>
>
> %%Unknown CPU card type
>
>
>
> System Bootstrap, Version 12.1(20000710:044039) [nlaw-121E_npeb 117],
> DEVELOPMENT SOFTWARE Copyright (c) 1994-2000 by cisco Systems, Inc.
>
>
>
> *** WARNING ***
>
> Unknown CPU card ID in eeprom!
>
>
>
> C7200 platform with 524288 Kbytes of main memory
>
> _______________________________________________
> cisco-nsp mailing list cisco-nsp at puck.nether.net
> https://puck.nether.net/mailman/listinfo/cisco-nsp
> archive at http://puck.nether.net/pipermail/cisco-nsp/
_______________________________________________
cisco-nsp mailing list cisco-nsp at puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/
--
No virus found in this incoming message.
Checked by AVG Free Edition.
Version: 7.1.375 / Virus Database: 268.0.0/267 - Release Date: 2/22/2006
------------------------------
_______________________________________________
cisco-nsp mailing list
cisco-nsp at puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
End of cisco-nsp Digest, Vol 39, Issue 98
*****************************************
This message and its attachments may contain legally privileged or confidential information. It is for the intended addressee(s) only.
If you are not the intended recipient you must not disclose or use the information contained in it. If you have received this email in error please notify us immediately by return email and delete the document.
Any views expressed in this message are those of the individual sender, except where the sender specifies and with authority, states them to be the views of the Company.
Uecomm accepts no liability for any damage caused by this email or its attachments due to viruses, interference, interception, corruption or unauthorised access.
#####################################################################################
This e-mail message has been scanned for Viruses and Content and cleared
by NetIQ MailMarshal
#####################################################################################
More information about the cisco-nsp
mailing list