[c-nsp] Re: UDLD - why is default 60 seconds? (Saku Ytti)
Saku Ytti
saku+cisco-nsp at ytti.fi
Fri Feb 24 01:43:12 EST 2006
On (2006-02-24 09:36 +1100), Delord, Simon wrote:
>
> Hi,
> Sorry but can you describe a bit more this "corner case"?
STP loopguard with UDLD already applied? If for one reason or another
STP doesn't work like it should work and goes unidirectional (no infrerior
BPDU received while it should receive them to keep inferior link blocked),
while link is working perfectly bidirectionally (so not catched by UDLD)
you could end up having L2 loops and of course broadcast storms.
http://www.cisco.com/en/US/tech/tk389/tk621/technologies_tech_note09186a0080094640.shtml#udld
> Regards,
> Simon
>
> >
> <http://www.cisco.com/en/US/products/hw/routers/ps368/products_configura
> tion_guide_chapter09186a0080160ecf.html>
> >
> > Why is the default probe message time 60 seconds and in addition one
> can
> > only go as low as 7 seconds? If a GE port suddenly becomes
> > unidirectional, I would like to know about in 1-2 seconds and not
> after 7
> > seconds, so that the link is forced down and OSPF turns to an
> alternate
> > path. Or am I missing something?
>
> Valid question, which I don't have answer to, I agree they're quite
> conservative. But I'd suggest that you'll solve your rapid IGP
> livelyness detection with BFD instead, UDLD only helps in very spesific
> problem, which should happen extremely rarely.
>
> Also you may want to complement UDLD with STP loopguard, to cover
> another corner case (mainly STP software issues).
>
> >
> > Thanks,
> > Hank
> > _______________________________________________
> > cisco-nsp mailing list cisco-nsp at puck.nether.net
> > https://puck.nether.net/mailman/listinfo/cisco-nsp
> > archive at http://puck.nether.net/pipermail/cisco-nsp/
> >
>
> --
> ++ytti
>
>
> ------------------------------
>
> Message: 2
> Date: Thu, 23 Feb 2006 11:14:51 -0600
> From: "Jessup, Toby" <Toby.Jessup at qwest.com>
> Subject: [c-nsp] T3/E3 hybrid
> To: <cisco-nsp at puck.nether.net>
> Message-ID:
>
> <E8CF3B5E10F4C64282C72BD1B6A95FE5019B926C at QTOMAE2K3M01.AD.QINTRA.COM>
> Content-Type: text/plain; charset="us-ascii"
>
> Is anyone out there knowledgeable about how/if T3/E3 hybrid circuits are
> provisioned? Anyone aware of a provider doing this?
>
> I am not even sure this is possible in most cases. I can't imagine how
> any equipment owned by a service provider (or CSU product?) could
> convert an unframed (C-bit) T3 directly to an unstructured E3. The
> unframed T3 would have to be a subrate tiered service (34.368 kb/s), and
> that makes this seems technically unlikely, given the complexity and the
> varying standards for subrate T3 framing (?).
>
> Converting a framed (M13) T3 service to a structured E3 seems more
> likely, but still perhaps outside what most SPs can offer. There would
> have to be only 16 channels, and those channels would have to be
> operating as hybrid T1/E1 lines (24 DS0s). Agree?
>
>
>
> ------------------------------
>
> Message: 3
> Date: Thu, 23 Feb 2006 18:37:32 +0100
> From: "Vincent De Keyzer" <vincent at dekeyzer.net>
> Subject: RE: [c-nsp] RIB-failure - anything to worry about?
> To: "'kostas anagnopoulos'" <kostas.anagnopoulos at oteglobe.net>
> Cc: cisco-nsp at puck.nether.net
> Message-ID: <009201c6389f$d3d56150$408115ac at osiris.grp>
> Content-Type: text/plain; charset="iso-8859-1"
>
> That's what it says, yes.
>
> Thanks
>
> Vincent
>
> > -----Original Message-----
> > From: cisco-nsp-bounces at puck.nether.net [mailto:cisco-nsp-
> > bounces at puck.nether.net] On Behalf Of kostas anagnopoulos
> > Sent: mercredi 22 f?vrier 2006 15:02
> > To: Vincent De Keyzer
> > Cc: cisco-nsp at puck.nether.net
> > Subject: RE: [c-nsp] RIB-failure - anything to worry about?
> >
> > do a "show ip bgp rib-failure" and if the reason for the failure is
> > "Higher
> > admin distance" there's nothing to worry about
> >
> > regards
> > Kostas
> >
> > -----Original Message-----
> > From: cisco-nsp-bounces at puck.nether.net
> > [mailto:cisco-nsp-bounces at puck.nether.net]On Behalf Of Vincent De
> Keyzer
> > Sent: Wednesday, February 22, 2006 3:44 PM
> > To: cisco-nsp at puck.nether.net
> > Subject: RE: [c-nsp] RIB-failure - anything to worry about?
> >
> >
> > Please allow me to repost this one - with all the BGP gurus on this
> list,
> > I
> > just can't believe that nobody can answer it...
> >
> > Vincent
> >
> > > -----Original Message-----
> > > From: cisco-nsp-bounces at puck.nether.net [mailto:cisco-nsp-
> > > bounces at puck.nether.net] On Behalf Of Vincent De Keyzer
> > > Sent: lundi 20 f?vrier 2006 10:56
> > > To: cisco-nsp at puck.nether.net
> > > Subject: [c-nsp] RIB-failure - anything to worry about?
> > >
> > > Hi,
> > >
> > > I just noticed that, on our IX router, there is a little 'r' in
> front of
> > > the
> > > advertised routes, which I don't see in front of the routes
> advertised
> > to
> > > our upstreams.
> > >
> > > BRUBLUro72#sh ip bgp neighbors X.Y.172.90 advertised-routes
> > > BGP table version is 6257967, local router ID is 217.64.240.145
> > > Status codes: s suppressed, d damped, h history, * valid, > best, i
> -
> > > internal,
> > > r RIB-failure, S Stale
> > > Origin codes: i - IGP, e - EGP, ? - incomplete
> > >
> > > Network Next Hop Metric LocPrf Weight Path
> > > r>iXXX.YYY.144.0/20 ZZZ.WWW.240.144 0 100 0 i
> > > r>iAAA.BBB.0.0/18 ZZZ.WWW.240.144 0 100 0 i
> > > r>iAAA.BBB.64.0/18 ZZZ.WWW.240.144 0 100 0 i
> > > r>iZZZ.WWW.240.0/20 ZZZ.WWW.240.144 0 100 0 i
> > > BRUBLUro72#
> > >
> > > When looking up CCO, it says that this can be caused by "Route with
> > better
> > > administrative distance already present in IGP . For example, if a
> > static
> > > route already exists in IP Routing table."
> > >
> > > This is the case, because those routes are known via OSPF (the
> static
> > > route
> > > to Null0 on the upstream routers is advertised in OSPF). But on the
> > > upstream
> > > routers, those routes are known via the static route, so what's the
> > > difference?
> > >
> > > The other possible reason seems to be a memory failure.
> > >
> > > Is there anything to worry about?
> > >
> > > Vincent
> > >
> > > _______________________________________________
> > > cisco-nsp mailing list cisco-nsp at puck.nether.net
> > > https://puck.nether.net/mailman/listinfo/cisco-nsp
> > > archive at http://puck.nether.net/pipermail/cisco-nsp/
> >
> >
> > _______________________________________________
> > cisco-nsp mailing list cisco-nsp at puck.nether.net
> > https://puck.nether.net/mailman/listinfo/cisco-nsp
> > archive at http://puck.nether.net/pipermail/cisco-nsp/
> >
> > --
> > This message has been scanned for viruses and
> > dangerous content by MailScanner, and is
> > believed to be clean.
> >
> >
> >
> >
> > --
> > This message has been scanned for viruses and
> > dangerous content by MailScanner, and is
> > believed to be clean.
> >
> > _______________________________________________
> > cisco-nsp mailing list cisco-nsp at puck.nether.net
> > https://puck.nether.net/mailman/listinfo/cisco-nsp
> > archive at http://puck.nether.net/pipermail/cisco-nsp/
>
>
>
>
> ------------------------------
>
> Message: 4
> Date: Thu, 23 Feb 2006 18:41:03 +0100
> From: "Vincent De Keyzer" <vincent at dekeyzer.net>
> Subject: RE: [c-nsp] RIB-failure - anything to worry about?
> To: "'Pete Templin'" <templin at photos.templin.org>
> Cc: cisco-nsp at puck.nether.net
> Message-ID: <009301c638a0$512b41b0$408115ac at osiris.grp>
> Content-Type: text/plain; charset="us-ascii"
>
> > Normally nothing to worry about, but you may want to reverify your
> > origination points. I'm assuming you don't put /18s and /20s natively
> > on interfaces, and that you subnet them much more than that. If so,
> you
> > may want to pick two or so key devices in your network to originate
> your
> > /18s and /20s (i.e. bgp 'network' or bgp 'redist stat route-map
> > aggs-only'). Then take the aggregates OUT of OSPF. You'll no longer
> > have RIB-failure
>
> So basically, you are proposing to propagate the /18s and the /20s via
> iBGP
> rather than with OSPF? Fine for me, it that removes this scary 'r', it's
> a
> good idea.
>
> > and if edge routers lose connectivity to your core,
> > your edge routers will no longer blackhole some of your traffic.
>
> ... but I am already out of that danger, right? If my IX router looses
> connectivity to the core, it will loose the route via OSPF, and will
> stop
> announcing it via eBGP, correct?
>
> Vincent
>
>
>
>
> ------------------------------
>
> Message: 5
> Date: Thu, 23 Feb 2006 12:52:13 -0500
> From: "barney gumbo" <barney.gumbo at gmail.com>
> Subject: [c-nsp] packet monitoring?
> To: cisco-nsp at puck.nether.net
> Message-ID:
> <2a4c197e0602230952s7f2e3e7dw4ea5ea833aefeac5 at mail.gmail.com>
> Content-Type: text/plain; charset=ISO-8859-1
>
> I have a complicated problem. I am trying to determine what
> src-ip/src-prt
> and dst-ip/dst-prt I need to allow outbound on the inside interface of
> some
> firewalls. Writing ACL's to restrict and then fixing later is not an
> option.
>
> The firewalls are PIX 525 and 535. The typical traffic throughput is
> 150-200 Mbps. Using log X interval Y on the PIX ACL's killed our CPU.
> We've tried exporting netflow data from a set of 6509's with mls flow
> cache
> set to full and this is way to much data. To the best of my knowledge,
> ethereal and sniffer can do this to a certain extent however I'm not
> interested in using system resources to capture the whole packet
> payload, I
> just want to be able to sumarize layers 3 through 4 and if the app can
> break
> this down into complete sockets or estimate the UDP flows that would be
> great too.
>
> I realize there may be a way to do this with the existing flow-tools
> apps
> but I've read through the manuals and perhaps I'm missing something. If
> I
> could just see aggregates of src-ip/src-port and dst-ip/dst-prt I think
> this
> will suit my needs well; I don't need to verify that the flow was part
> of a
> particular data transfer session or anything along those lines.
>
> Is there a tool that can listen passively (we would span the PIX inside
> interface to this passive listener) and provide summarized data to meet
> these requirements?
>
>
> ------------------------------
>
> Message: 6
> Date: Thu, 23 Feb 2006 13:03:53 -0500
> From: Stephen Kratzer <kratzers at pa.net>
> Subject: Re: [c-nsp] incompatible NPE-400??
> To: cisco-nsp at puck.nether.net
> Message-ID: <200602231303.53284.kratzers at pa.net>
> Content-Type: text/plain; charset="iso-8859-1"
>
> The VXR chassis will support all NPEs and the NSE-1. You need to upgrade
> your
> boot image.
>
> On Thursday 23 February 2006 10:45, Chris Hale wrote:
> > All -
> >
> >
> >
> > We just tried upgrading our 7206VXR this morning to an NPE-400 from
> > NPE-300.
> >
> > After the reboot, we rec'd this message below. Someone mentioned our
> VXR
> > chassis is too old for this newer NPE-400?
> >
> >
> >
> > Does anyone have any guidelines on how to decipher the s/n etc. on the
> > chassis to pre-determine the incompatibility?
> >
> >
> >
> > Thanks in advance,
> >
> > Chris
> >
> >
> >
> > ---------------------------------------------------------------------
> >
> >
> >
> > %%Unknown CPU card type
> >
> >
> >
> > System Bootstrap, Version 12.1(20000710:044039) [nlaw-121E_npeb 117],
> > DEVELOPMENT SOFTWARE Copyright (c) 1994-2000 by cisco Systems, Inc.
> >
> > C7200 platform with 524288 Kbytes of main memory
> >
> >
> >
> > System Bootstrap, Version 12.1(20000710:044039) [nlaw-121E_npeb 117],
> > DEVELOPMENT SOFTWARE Copyright (c) 1994-2000 by cisco Systems, Inc.
> >
> > C7200 platform with 524288 Kbytes of main memory
> >
> >
> >
> > Self decompressing the image :
> >
> >
> ########################################################################
> ###
> >#
> >
> >
> ########################################################################
> ###
> >#
> >
> >
> ########################################################################
> ###
> >#
> >
> > ############################################# [OK]
> >
> >
> >
> > %%Unknown CPU card type
> >
> >
> >
> > System Bootstrap, Version 12.1(20000710:044039) [nlaw-121E_npeb 117],
> > DEVELOPMENT SOFTWARE Copyright (c) 1994-2000 by cisco Systems, Inc.
> >
> > C7200 platform with 524288 Kbytes of main memory
> >
> >
> >
> > Self decompressing the image :
> >
> >
> ########################################################################
> ###
> >#
> >
> >
> ########################################################################
> ###
> >#
> >
> >
> ########################################################################
> ###
> >#
> >
> >
> ########################################################################
> ###
> >#
> >
> >
> ########################################################################
> ###
> >#
> >
> >
> ########################################################################
> ###
> >#
> >
> >
> ########################################################################
> ###
> >#
> >
> > ############################################################# [OK]
> >
> >
> >
> > %%Unknown CPU card type
> >
> >
> >
> > System Bootstrap, Version 12.1(20000710:044039) [nlaw-121E_npeb 117],
> > DEVELOPMENT SOFTWARE Copyright (c) 1994-2000 by cisco Systems, Inc.
> >
> > C7200 platform with 524288 Kbytes of main memory
> >
> >
> >
> > System Bootstrap, Version 12.1(20000710:044039) [nlaw-121E_npeb 117],
> > DEVELOPMENT SOFTWARE Copyright (c) 1994-2000 by cisco Systems, Inc.
> >
> >
> >
> > *** WARNING ***
> >
> > Unknown CPU card ID in eeprom!
> >
> >
> >
> > C7200 platform with 524288 Kbytes of main memory
> >
> >
> >
> > Self decompressing the image :
> >
> >
> ########################################################################
> ###
> >#
> >
> >
> ########################################################################
> ###
> >#
> >
> >
> ########################################################################
> ###
> >#
> >
> > ############################################# [OK]
> >
> >
> >
> > %%Unknown CPU card type
> >
> >
> >
> > System Bootstrap, Version 12.1(20000710:044039) [nlaw-121E_npeb 117],
> > DEVELOPMENT SOFTWARE Copyright (c) 1994-2000 by cisco Systems, Inc.
> >
> >
> >
> > *** WARNING ***
> >
> > Unknown CPU card ID in eeprom!
> >
> >
> >
> > C7200 platform with 524288 Kbytes of main memory
> >
> > _______________________________________________
> > cisco-nsp mailing list cisco-nsp at puck.nether.net
> > https://puck.nether.net/mailman/listinfo/cisco-nsp
> > archive at http://puck.nether.net/pipermail/cisco-nsp/
>
>
> ------------------------------
>
> Message: 7
> Date: Thu, 23 Feb 2006 19:28:26 +0100
> From: "Oliver Boehmer \(oboehmer\)" <oboehmer at cisco.com>
> Subject: [c-nsp] RE: [cisco-bba] Tunnel ids and MRTG..
> To: "Mark Tohill" <Mark at u.tv>, <cisco-bba at puck.nether.net>
> Cc: cisco-nsp at puck.nether.net
> Message-ID:
>
> <70B7A1CCBFA5C649BD562B6D9F7ED784019CEC9A at xmb-ams-333.emea.cisco.com>
> Content-Type: text/plain; charset="us-ascii"
>
> Mark Tohill <> wrote on Thursday, February 23, 2006 1:26 PM:
>
>
> > Does anyone know if it is possible to dictate VPDN L2TP tunnel id's?
>
> No, unfortunately (for your requirement) not..
>
> oli
>
>
>
> ------------------------------
>
> Message: 8
> Date: Thu, 23 Feb 2006 15:10:40 -0500
> From: "Chris Hale" <chris-lists at pipelinewireless.us>
> Subject: SOLVED: RE: [c-nsp] incompatible NPE-400??
> To: <cisco-nsp at puck.nether.net>
> Message-ID: <054601c638b5$3a07bee0$800101df at pipelinewireless.local>
> Content-Type: text/plain; charset="us-ascii"
>
> Thanks all. Which version to use?
>
> Chris
>
> -----Original Message-----
> From: Stephen Kratzer [mailto:kratzers at pa.net]
> Sent: Thursday, February 23, 2006 1:04 PM
> To: cisco-nsp at puck.nether.net
> Subject: Re: [c-nsp] incompatible NPE-400??
>
> The VXR chassis will support all NPEs and the NSE-1. You need to upgrade
> your
> boot image.
>
> On Thursday 23 February 2006 10:45, Chris Hale wrote:
> > All -
> >
> >
> >
> > We just tried upgrading our 7206VXR this morning to an NPE-400 from
> > NPE-300.
> >
> > After the reboot, we rec'd this message below. Someone mentioned our
> VXR
> > chassis is too old for this newer NPE-400?
> >
> >
> >
> > Does anyone have any guidelines on how to decipher the s/n etc. on the
> > chassis to pre-determine the incompatibility?
> >
> >
> >
> > Thanks in advance,
> >
> > Chris
> >
> >
> >
> > ---------------------------------------------------------------------
> >
> >
> >
> > %%Unknown CPU card type
> >
> >
> >
> > System Bootstrap, Version 12.1(20000710:044039) [nlaw-121E_npeb 117],
> > DEVELOPMENT SOFTWARE Copyright (c) 1994-2000 by cisco Systems, Inc.
> >
> > C7200 platform with 524288 Kbytes of main memory
> >
> >
> >
> > System Bootstrap, Version 12.1(20000710:044039) [nlaw-121E_npeb 117],
> > DEVELOPMENT SOFTWARE Copyright (c) 1994-2000 by cisco Systems, Inc.
> >
> > C7200 platform with 524288 Kbytes of main memory
> >
> >
> >
> > Self decompressing the image :
> >
> >
> ########################################################################
> ###
> >#
> >
> >
> ########################################################################
> ###
> >#
> >
> >
> ########################################################################
> ###
> >#
> >
> > ############################################# [OK]
> >
> >
> >
> > %%Unknown CPU card type
> >
> >
> >
> > System Bootstrap, Version 12.1(20000710:044039) [nlaw-121E_npeb 117],
> > DEVELOPMENT SOFTWARE Copyright (c) 1994-2000 by cisco Systems, Inc.
> >
> > C7200 platform with 524288 Kbytes of main memory
> >
> >
> >
> > Self decompressing the image :
> >
> >
> ########################################################################
> ###
> >#
> >
> >
> ########################################################################
> ###
> >#
> >
> >
> ########################################################################
> ###
> >#
> >
> >
> ########################################################################
> ###
> >#
> >
> >
> ########################################################################
> ###
> >#
> >
> >
> ########################################################################
> ###
> >#
> >
> >
> ########################################################################
> ###
> >#
> >
> > ############################################################# [OK]
> >
> >
> >
> > %%Unknown CPU card type
> >
> >
> >
> > System Bootstrap, Version 12.1(20000710:044039) [nlaw-121E_npeb 117],
> > DEVELOPMENT SOFTWARE Copyright (c) 1994-2000 by cisco Systems, Inc.
> >
> > C7200 platform with 524288 Kbytes of main memory
> >
> >
> >
> > System Bootstrap, Version 12.1(20000710:044039) [nlaw-121E_npeb 117],
> > DEVELOPMENT SOFTWARE Copyright (c) 1994-2000 by cisco Systems, Inc.
> >
> >
> >
> > *** WARNING ***
> >
> > Unknown CPU card ID in eeprom!
> >
> >
> >
> > C7200 platform with 524288 Kbytes of main memory
> >
> >
> >
> > Self decompressing the image :
> >
> >
> ########################################################################
> ###
> >#
> >
> >
> ########################################################################
> ###
> >#
> >
> >
> ########################################################################
> ###
> >#
> >
> > ############################################# [OK]
> >
> >
> >
> > %%Unknown CPU card type
> >
> >
> >
> > System Bootstrap, Version 12.1(20000710:044039) [nlaw-121E_npeb 117],
> > DEVELOPMENT SOFTWARE Copyright (c) 1994-2000 by cisco Systems, Inc.
> >
> >
> >
> > *** WARNING ***
> >
> > Unknown CPU card ID in eeprom!
> >
> >
> >
> > C7200 platform with 524288 Kbytes of main memory
> >
> > _______________________________________________
> > cisco-nsp mailing list cisco-nsp at puck.nether.net
> > https://puck.nether.net/mailman/listinfo/cisco-nsp
> > archive at http://puck.nether.net/pipermail/cisco-nsp/
> _______________________________________________
> cisco-nsp mailing list cisco-nsp at puck.nether.net
> https://puck.nether.net/mailman/listinfo/cisco-nsp
> archive at http://puck.nether.net/pipermail/cisco-nsp/
>
>
>
>
> --
> No virus found in this incoming message.
> Checked by AVG Free Edition.
> Version: 7.1.375 / Virus Database: 268.0.0/267 - Release Date: 2/22/2006
>
>
>
>
> ------------------------------
>
> _______________________________________________
> cisco-nsp mailing list
> cisco-nsp at puck.nether.net
> https://puck.nether.net/mailman/listinfo/cisco-nsp
>
>
> End of cisco-nsp Digest, Vol 39, Issue 98
> *****************************************
> This message and its attachments may contain legally privileged or confidential information. It is for the intended addressee(s) only.
> If you are not the intended recipient you must not disclose or use the information contained in it. If you have received this email in error please notify us immediately by return email and delete the document.
> Any views expressed in this message are those of the individual sender, except where the sender specifies and with authority, states them to be the views of the Company.
> Uecomm accepts no liability for any damage caused by this email or its attachments due to viruses, interference, interception, corruption or unauthorised access.
>
> #####################################################################################
> This e-mail message has been scanned for Viruses and Content and cleared
> by NetIQ MailMarshal
> #####################################################################################
>
> _______________________________________________
> cisco-nsp mailing list cisco-nsp at puck.nether.net
> https://puck.nether.net/mailman/listinfo/cisco-nsp
> archive at http://puck.nether.net/pipermail/cisco-nsp/
>
--
++ytti
More information about the cisco-nsp
mailing list