[c-nsp] Practical limits of verify-availability (WAS: About Problem on Policay based routing)

Ramcharan, Vijay A vijay.ramcharan at verizonbusiness.com
Mon Jan 24 13:11:37 EST 2011


I understand that "verify-availability" either requires CDP for verification, (http://www.cisco.com/en/US/docs/ios/12_3t/12_3t4/feature/guide/gtpbrtrk.html#wp1057830) or IP SLA. 

What are the practical or theoretical limits for CDP neighbor status? 
For example, if I used this on a DMVPN solution with dual hubs (I need to always policy-route to one hub and fall back to the secondary if the primary fails) and about 1000 spokes, at which point is CDP no longer feasible on the hub? 

In the same scenario, can IP SLA (using ICMP) be a viable alternative (where the hubs are the IP SLA responders)? 

If burdening the hubs with ICMP is an issue and it is not possible to deploy a dedicated IP SLA responder device, are there other non-responder alternatives which can be used only on the spokes to watch for some other type of traffic? 

Hubs in the scenario are ASR 1000 devices. Spokes can be any ISR for a small/home office. 


Thank you. 

Vijay Ramcharan 
 


> -----Original Message-----
> From: cisco-nsp-bounces at puck.nether.net [mailto:cisco-nsp-
> bounces at puck.nether.net] On Behalf Of Arie Vayner (avayner)
> Sent: Sunday, January 23, 2011 8:44 AM
> To: Md. Jahangir Hossain; cisco-nsp at puck.nether.net
> Subject: Re: [c-nsp] About Problem on Policay based routing
> 
> I would suggest you try this mode of configuration:
> 
> track 1 interface GigabitEthernet3/1 line-protocol
>  delay up 15
> !
> track 2 interface GigabitEthernet3/2 line-protocol
>  delay up 15
> !
> route-map test2 permit 10
>  match ip address 100
>  set ip next-hop verify-availability 10.2.3.3 10 track 1
>  set ip next-hop verify-availability 10.2.2.3 20 track 2
> 
> 
> This will make sure the next hop is removed if the interface on which it
> exists goes down, and the less preferred next hop would be used.
> If all go down, the normal routing table should be used.
> 
> Arie
> 
> -----Original Message-----
> From: cisco-nsp-bounces at puck.nether.net [mailto:cisco-nsp-
> bounces at puck.nether.net] On Behalf Of Md. Jahangir Hossain
> Sent: Sunday, January 23, 2011 08:28
> To: cisco-nsp at puck.nether.net
> Subject: [c-nsp] About Problem on Policay based routing
> 
> Dear concern:
> 
> 
> We faced  problem policy based routing (PBR) on my cisco SAR 7606 router.
> 
> When my next hop down into my route-map packet not forwarded to destination
> using by default routing table but we got icmp to any destination. can any
> one  please check the config and IOS version  what is wrong my config or IOS
> ?
> 
> 
> Bellow by configuration and IOS version:
> 
> ip access-list extended 101 permit tcp any any eq www
> ip access-list extended 102 permit tcp any eq www any
> 
> route-map dst_80 q
> match ip address 101
> set ip next-hop 202.53.x.x
> 
> route-map src_80
> match ip address 102
> set ip next-hop 202.53.x.x
> 
> 
> interface gigabit interface
> 
> description {client}
> ip policy route-map dst_80
> 
> 
> interface gigabit interface
> 
> description [Internet]
> ip policy route-map src_80
> 
> 
> ######################################################
> 
> 
> SAR-7606#sh version
> Cisco IOS Software, c7600s3223_rp Software (c7600s3223_rp-ADVENTERPRISEK9-
> M), Version 12.2(33)SRD2a, RELEASE SOFTWARE (fc2)
> 
> ROM: System Bootstrap, Version 12.2(17r)S6, RELEASE SOFTWARE (fc1)
> BOOTLDR: Cisco IOS Software, c7600s3223_rp Software (c7600s3223_rp-
> ADVENTERPRISEK9-M), Version 12.2(33)SRD2a, RELEASE SOFTWARE (fc2)
> 
>  SAR-7606 uptime is 1 year, 9 weeks, 5 days, 23 hours, 2 minutes
> Uptime for this control processor is 1 year, 9 weeks, 5 days, 22 hours, 52
> minutes
> System returned to ROM by power-on (SP by power-on)
> System restarted at 13:07:24 BD Sun Nov 15 2009
> System image file is "sup-bootdisk:c7600s3223-adventerprisek9-mz.122-
> 33.SRD2a.bin"
> Last reload type: Normal Reload
> 
> 
> 
> _______________________________________________
> cisco-nsp mailing list  cisco-nsp at puck.nether.net
> https://puck.nether.net/mailman/listinfo/cisco-nsp
> archive at http://puck.nether.net/pipermail/cisco-nsp/
> 
> _______________________________________________
> cisco-nsp mailing list  cisco-nsp at puck.nether.net
> https://puck.nether.net/mailman/listinfo/cisco-nsp
> archive at http://puck.nether.net/pipermail/cisco-nsp/



More information about the cisco-nsp mailing list