[c-nsp] cisco-nsp Digest, Vol 124, Issue 29
sherif mostafa
sherifmka2004 at hotmail.com
Tue Mar 12 06:46:16 EDT 2013
Hello All,
It's not supported on my IOS 12.4, Is there any other way to advertise the both routes (best & non-best) to other route-reflector clients knowing that there's no MPLS in core network.
Thank you & Best Regards,
Sherif Mostafa
> From: cisco-nsp-request at puck.nether.net
> Subject: cisco-nsp Digest, Vol 124, Issue 29
> To: cisco-nsp at puck.nether.net
> Date: Tue, 12 Mar 2013 06:05:19 -0400
>
> Send cisco-nsp mailing list submissions to
> cisco-nsp at puck.nether.net
>
> To subscribe or unsubscribe via the World Wide Web, visit
> https://puck.nether.net/mailman/listinfo/cisco-nsp
> or, via email, send a message with subject or body 'help' to
> cisco-nsp-request at puck.nether.net
>
> You can reach the person managing the list at
> cisco-nsp-owner at puck.nether.net
>
> When replying, please edit your Subject line so it is more specific
> than "Re: Contents of cisco-nsp digest..."
>
>
> Today's Topics:
>
> 1. Re: Sup720 software forwarding (T?th Andr?s)
> 2. Re: nx-os ssh connection startup delay ? (Andrew Miehs)
> 3. Re: 1.1.1.0/24 and Cisco WLCs (Tony Varriale)
> 4. Re: 1.1.1.0/24 and Cisco WLCs (Tony Varriale)
> 5. Re: 4500-X VSS %EC-5-CANNOT_BUNDLE2 (CiscoNSP List)
> 6. Re: BGP neighbor fall-over vs BFD (Adam Vitkovsky)
> 7. Re: 4500-X VSS %EC-5-CANNOT_BUNDLE2 (Gert Doering)
> 8. Re: Route-Reflector & Sub-optimal Routing (sherif mostafa)
> 9. Re: Route-Reflector & Sub-optimal Routing (Phil Mayers)
>
>
> ----------------------------------------------------------------------
>
> Message: 1
> Date: Mon, 11 Mar 2013 20:03:43 +0100
> From: T?th Andr?s <diosbejgli at gmail.com>
> To: Peter Rathlev <peter at rathlev.dk>
> Cc: cisco-nsp <cisco-nsp at puck.nether.net>
> Subject: Re: [c-nsp] Sup720 software forwarding
> Message-ID:
> <CAAtZb4ogMe-412mQA9PFEToUMrFjGoh4KcNqa23MdwTy5kOmXQ at mail.gmail.com>
> Content-Type: text/plain; charset=ISO-8859-1
>
> Hi Peter,
>
> MAC learning is fully hardware based on 6500 Sup720, therefore even if it's
> flapping it will not cause packets to be software switched, nor CPU usage
> to increase due to learning.
>
> Did you rectify the MAC flapping issue? If so, did you see an improvement
> with those flows, i.e. did they disappear from ibc/netdr and the CPU usage
> went down?
>
> Any traces of warnings in the logs? Any resources exhausted? "sh pla ha ca"
> might reveal it.
>
> Best regards,
> Andras
>
>
>
> On Mon, Mar 11, 2013 at 7:18 AM, Peter Rathlev <peter at rathlev.dk> wrote:
>
> > On Sat, 2013-03-09 at 04:15 -0600, William McCall wrote:
> > > On 03/08/2013 09:57 AM, Peter Rathlev wrote:
> > > > Is there a way to rate-limit this kind of punting? Standard "mls
> > > > rate-limit" doesn't seem to have anything useful, unless I'm just too
> > > > tired to see it.
> > >
> > > Looks like CoPP might do it in this case (I want to be more certain, but
> > > time constraints make it prohibitive to lab up right now).
> >
> > We'll try that in a test-setup. The device in question was actually
> > using a CoPP profile but not a very strict one. We tried disabling it
> > and saw no improvement, but that was of course expected. :-)
> >
> > If the punting is only for logging then discarding the packets is okay.
> >
> > But if they need to be software forwarded it's worse. The MAC flapping
> > was the only hint that something was wrong, and I had not expected MAC
> > flapping to make a Sup720 punt packets. If CoPP would discard traffic
> > I'd rather have the sup forward what it can until I can find a fix.
> >
> > --
> > Peter
> >
> >
> > _______________________________________________
> > cisco-nsp mailing list cisco-nsp at puck.nether.net
> > https://puck.nether.net/mailman/listinfo/cisco-nsp
> > archive at http://puck.nether.net/pipermail/cisco-nsp/
> >
>
>
> ------------------------------
>
> Message: 2
> Date: Tue, 12 Mar 2013 08:39:30 +1100
> From: Andrew Miehs <andrew at 2sheds.de>
> To: "Jeffrey G. Fitzwater" <jfitz at Princeton.EDU>
> Cc: "cisco-nsp at puck.nether.net" <cisco-nsp at puck.nether.net>
> Subject: Re: [c-nsp] nx-os ssh connection startup delay ?
> Message-ID: <CCA28678-356F-46F8-B6FE-B3AF5772BBBC at 2sheds.de>
> Content-Type: text/plain; charset=us-ascii
>
>
>
> Sent from a mobile device
>
> On 12/03/2013, at 2:55, "Jeffrey G. Fitzwater" <jfitz at Princeton.EDU> wrote:
>
> > cisco 7k 6.1.2
> >
> > We are seeing delays when ssh-ing to system just before the banner page comes up.
>
> Misconfigured tacacs/ aaa settings?
>
>
>
>
> ------------------------------
>
> Message: 3
> Date: Mon, 11 Mar 2013 18:08:57 -0500
> From: Tony Varriale <tvarriale at comcast.net>
> To: cisco-nsp at puck.nether.net
> Subject: Re: [c-nsp] 1.1.1.0/24 and Cisco WLCs
> Message-ID: <513E6409.8080205 at comcast.net>
> Content-Type: text/plain; charset=ISO-8859-1; format=flowed
>
> On 3/11/2013 9:37 AM, Phil Mayers wrote:
> > On 11/03/13 13:42, Tony Varriale wrote:
> >
> >> engineer worth their salt does not use this.
> >
> > Maybe. But a lot of people *have* used it, because I've seen it when
> > doing webauth logins e.g. in airports, train networks, etc. And by
> > definition, the people unwise enough to use it are also likely to be
> > the people unwise enough to return and fix things up in the
> > installations they did.
>
> Yes, very unfortunate. But, I know of a lot of installs that have not. :)
>
> >
> > Cisco wrote docs suggesting that people did this:
> >
> > """
> > Enter the IP address of the controller's virtual interface. You should
> > enter a fictitious, unassigned IP address, such as 1.1.1.1.
> > """
> >
> > http://www.cisco.com/en/US/docs/wireless/controller/2100/quick/guide/ctrl206q.html
> > (amongst others)
> >
> > This was always terrible, very naughty advice. That sentence should
> > have read:
> >
> > """
> > You should enter an IP address from a range you control, such as
> > public IPs owned by your organisation or RFC 1918 space e.g. 10.1.1.1
> > """
> >
> > Bad cisco! Bad! No treats for you!
> >
>
> Yes, definitely a doc issue. Unfortunately, not fixed :(
>
> tv
>
>
> ------------------------------
>
> Message: 4
> Date: Mon, 11 Mar 2013 18:09:37 -0500
> From: Tony Varriale <tvarriale at comcast.net>
> To: cisco-nsp at puck.nether.net
> Subject: Re: [c-nsp] 1.1.1.0/24 and Cisco WLCs
> Message-ID: <513E6431.7060907 at comcast.net>
> Content-Type: text/plain; charset=ISO-8859-1; format=flowed
>
> On 3/11/2013 9:49 AM, Sandy Breeze wrote:
> > On 11/03/13 14:37, Phil Mayers wrote:
> >> Cisco wrote docs suggesting that people did this:
> >>
> >> """
> >> Enter the IP address of the controller's virtual interface. You
> >> should enter a fictitious, unassigned IP address, such as 1.1.1.1.
> >> """
> >>
> >> http://www.cisco.com/en/US/docs/wireless/controller/2100/quick/guide/ctrl206q.html
> >> (amongst others)
> >
> >
> > Unfortunately, WLC documentation is littered with references to 1.1.1.1.
> >
> > http://www.cisco.com/en/US/docs/wireless/controller/7.0/configuration/guide/c70users.html
> > <----- even goes as far as to suggest administrators create a cert
> > with CN=1.1.1.1 !
> >
>
> I hope you do not do everything Cisco suggests. :)
>
> tv
>
>
> ------------------------------
>
> Message: 5
> Date: Tue, 12 Mar 2013 12:42:46 +1100
> From: CiscoNSP List <cisconsp_list at hotmail.com>
> To: "ed at edgeoc.net" <ed at edgeoc.net>,
> "cisco-nsp-bounces at puck.nether.net"
> <cisco-nsp-bounces at puck.nether.net>, "cisco-nsp at puck.nether.net"
> <cisco-nsp at puck.nether.net>
> Subject: Re: [c-nsp] 4500-X VSS %EC-5-CANNOT_BUNDLE2
> Message-ID: <SNT123-W499FD18F6466566937196D8AE20 at phx.gbl>
> Content-Type: text/plain; charset="iso-8859-1"
>
>
>
>
> Hi,
>
> Just an update to this - If I remove "switch virtual link " from the portchans, and then re-apply them to the tenGig ints, the portchan comes up?
>
> Portchan conf (That fails): (Hotmail will probably screw the formatting):
>
> interface Port-channel5
> switchport
> switchport mode trunk
> switchport nonegotiate
> switch virtual link 1
>
> And Int conf:
>
> interface TenGigabitEthernet1/16 switchport mode trunk
> switchport nonegotiate
> no lldp transmit
> no lldp receive
> no cdp enable
> channel-group 5 mode on
> service-policy output VSL-Queuing-Policy
>
>
>
>
> > Subject: Re: [c-nsp] 4500-X VSS %EC-5-CANNOT_BUNDLE2
> > To: cisconsp_list at hotmail.com; cisco-nsp-bounces at puck.nether.net; cisco-nsp at puck.nether.net
> > From: ed at edgeoc.net
> > Date: Fri, 8 Mar 2013 06:12:02 +0000
> >
> > 'sho run in te1/16'
> >
> > Sounds like you have dtp on it currently and it doesn't like that... Try defaulting the interface first?
> >
> >
> > ------Original Message------
> > From: CiscoNSP List
> > Sender: cisco-nsp-bounces at puck.nether.net
> > To: cisco-nsp at puck.nether.net
> > Subject: [c-nsp] 4500-X VSS %EC-5-CANNOT_BUNDLE2
> > Sent: Mar 7, 2013 9:39 PM
> >
> >
> >
> > Hi Guys,
> >
> > Following this guide: https://supportforums.cisco.com/docs/DOC-29472 and when trying to add the physical Int to the portchan, I get:
> >
> > %EC-5-CANNOT_BUNDLE2: TE1/16 is not compatible with PO5 and will be suspended (trunk mode of TE1/16 is dynamic, P05 is trunk)
> >
> > Config has been entered as per the above doc - Any suggestions as to why this is happening?
> >
> > Both switches are running:
> > cat4500-e-ios-promupgrade-150-1r-SG7cat4500e-universalk9.SPA.03.04.00.SG.151-2.SG.bin
> >
> >
> > Cheers.
> >
> >
> > _______________________________________________
> > cisco-nsp mailing list cisco-nsp at puck.nether.net
> > https://puck.nether.net/mailman/listinfo/cisco-nsp
> > archive at http://puck.nether.net/pipermail/cisco-nsp/
> >
>
>
> ------------------------------
>
> Message: 6
> Date: Tue, 12 Mar 2013 09:01:55 +0100
> From: Adam Vitkovsky <adam.vitkovsky at swan.sk>
> To: "'Steven Raymond'" <sraymond at acedatacenter.com>, "'John
> Neiberger'" <jneiberger at gmail.com>
> Cc: cisco-nsp at puck.nether.net
> Subject: Re: [c-nsp] BGP neighbor fall-over vs BFD
> Message-ID: <01cf01ce1ef7$dd5f0370$981d0a50$@swan.sk>
> Content-Type: text/plain; charset="us-ascii"
>
> >the rest of the IBGP has to then wait for your BGP timeout to drop. Yes,
> that is slow.
> No you don't need to wait for bgp altogether. You can rely on your fast IGP
> to propagate the NH reachability information throughout the AS.
> On each router, once the RIB is updated by IGP, RIB will notify BGP to
> invalidate the particular NH thanks to BGP next-hop-tracking which is
> enabled by default as the session forms.
>
>
> adam
> -----Original Message-----
> From: cisco-nsp-bounces at puck.nether.net
> [mailto:cisco-nsp-bounces at puck.nether.net] On Behalf Of Steven Raymond
> Sent: Monday, March 11, 2013 6:14 PM
> To: John Neiberger
> Cc: cisco-nsp at puck.nether.net
> Subject: Re: [c-nsp] BGP neighbor fall-over vs BFD
>
> On Mar 11, 2013, at 10:52 AM, John Neiberger wrote:
>
> > I was just reading a bit about next-hop tracking and neighbor
> > fall-over and now I'm a little confused about what fall-over actually
> > does. The docs say that it enables fast peering session deactivation,
> > but I can't tell what that really means. The wording in the docs makes
> > it sound a lot like BFD, but not exactly. In fact, fall-over can be used
> with BFD.
> >
> > Can someone shed some light on this? What is fall-over really doing
> > and when might it be useful?
>
> BFD is useful for detecting failure of links between directly-connected
> neighbors.
>
> Fall-over is useful for immediate notification of distant IBGP neighbors.
>
> So while BFD will inform your immediate neighbor of link down, the rest of
> the IBGP has to then wait for your BGP timeout to drop. Yes, that is slow.
> FYI, Brocade MLX-series does not have this feature, so in a mixed
> environment I ended up tweaking the keepalive timers on the Brocade
> neighbors to compensate.
>
>
>
>
> _______________________________________________
> cisco-nsp mailing list cisco-nsp at puck.nether.net
> https://puck.nether.net/mailman/listinfo/cisco-nsp
> archive at http://puck.nether.net/pipermail/cisco-nsp/
>
>
>
> ------------------------------
>
> Message: 7
> Date: Tue, 12 Mar 2013 09:39:58 +0100
> From: Gert Doering <gert at greenie.muc.de>
> To: CiscoNSP List <cisconsp_list at hotmail.com>
> Cc: "cisco-nsp at puck.nether.net" <cisco-nsp at puck.nether.net>,
> "cisco-nsp-bounces at puck.nether.net"
> <cisco-nsp-bounces at puck.nether.net>
> Subject: Re: [c-nsp] 4500-X VSS %EC-5-CANNOT_BUNDLE2
> Message-ID: <20130312083958.GI953 at greenie.muc.de>
> Content-Type: text/plain; charset="us-ascii"
>
> Hi,
>
> On Tue, Mar 12, 2013 at 12:42:46PM +1100, CiscoNSP List wrote:
> > Portchan conf (That fails): (Hotmail will probably screw the formatting):
> >
> > interface Port-channel5
> > switchport
> > switchport mode trunk
> > switchport nonegotiate
> > switch virtual link 1
> >
> > And Int conf:
> >
> > interface TenGigabitEthernet1/16 switchport mode trunk
> > switchport nonegotiate
> > no lldp transmit
> > no lldp receive
> > no cdp enable
> > channel-group 5 mode on
> > service-policy output VSL-Queuing-Policy
>
> Don't configure stuff on member interfaces after joining a channel. Ever.
>
> (IOS should just disallow this in the first place)
>
>
> The "right" sequence of things is:
>
> int te1/16
> switchport
> channel-group 5 mode on
> no shut
>
> and then *everything else* is configured under "int port-channel 5", including
> trunk/no trunk, vlans, service-policy, ...
>
> (For some stupid reasons, switchport/no switchport needs to be set on the
> interface first, before joining the channel)
>
> gert
> --
> USENET is *not* the non-clickable part of WWW!
> //www.muc.de/~gert/
> Gert Doering - Munich, Germany gert at greenie.muc.de
> fax: +49-89-35655025 gert at net.informatik.tu-muenchen.de
> -------------- next part --------------
> A non-text attachment was scrubbed...
> Name: not available
> Type: application/pgp-signature
> Size: 305 bytes
> Desc: not available
> URL: <https://puck.nether.net/pipermail/cisco-nsp/attachments/20130312/37b32f97/attachment-0001.sig>
>
> ------------------------------
>
> Message: 8
> Date: Tue, 12 Mar 2013 08:48:55 +0000
> From: sherif mostafa <sherifmka2004 at hotmail.com>
> To: "juxiangt at yahoo.com" <juxiangt at yahoo.com>,
> "cisco-nsp at puck.nether.net" <cisco-nsp at puck.nether.net>, Adam
> Vitkovsky <adam.vitkovsky at swan.sk>
> Subject: Re: [c-nsp] Route-Reflector & Sub-optimal Routing
> Message-ID: <BLU149-W15F7712EE662247DF61A7BADE20 at phx.gbl>
> Content-Type: text/plain; charset="iso-8859-1"
>
> Hello All,
>
> I don't know what's the "Add Path" attribute, could you illustrate more & send me the commands knowing that Routers' are IOS 2800 series.
> Thanks,
> Thank you & Best Regards,
> Sherif Mostafa
>
> Date: Mon, 11 Mar 2013 08:21:38 -0700
> From: juxiangt at yahoo.com
> Subject: Re: [c-nsp] Route-Reflector & Sub-optimal Routing
> To: sherifmka2004 at hotmail.com; cisco-nsp at puck.nether.net; adam.vitkovsky at swan.sk
>
> Yes. You can do it with BGP "Add path" attributes. It should be a available now.
>
> -Judy
>
> --- On Mon, 3/11/13, Adam Vitkovsky <adam.vitkovsky at swan.sk> wrote:
>
>
> From: Adam Vitkovsky <adam.vitkovsky at swan.sk>
> Subject: Re: [c-nsp] Route-Reflector & Sub-optimal Routing
> To: "'sherif mostafa'" <sherifmka2004 at hotmail.com>, cisco-nsp at puck.nether.net
> Date: Monday, March 11, 2013, 1:19 PM
>
>
> >Is there any method to allow the Route-Reflector to send all routes to
> clients (not the best one)?
> If you have mpls in your core, you can use unique RD per VRF per PE -this
> will allow the RR to consider all the paths for a particular prefix as
> unique prefixes and advertise all of them to the PEs.
>
> adam
>
> _______________________________________________
> cisco-nsp mailing list cisco-nsp at puck.nether.net
> https://puck.nether.net/mailman/listinfo/cisco-nsp
> archive at http://puck.nether.net/pipermail/cisco-nsp/
>
>
> ------------------------------
>
> Message: 9
> Date: Tue, 12 Mar 2013 10:05:16 +0000
> From: Phil Mayers <p.mayers at imperial.ac.uk>
> To: cisco-nsp at puck.nether.net
> Subject: Re: [c-nsp] Route-Reflector & Sub-optimal Routing
> Message-ID: <513EFDDC.1070700 at imperial.ac.uk>
> Content-Type: text/plain; charset=ISO-8859-1; format=flowed
>
> On 03/12/2013 08:48 AM, sherif mostafa wrote:
> > Hello All,
> >
> > I don't know what's the "Add Path" attribute, could you illustrate
> > more & send me the commands knowing that Routers' are IOS 2800
>
> BGP add-path is an extension; it needs to be supported by both ends, and
> you need IOS versions for your platform(s) to do that.
>
> I don't know if the 2800 has any IOS with add-path; others might, but
> you could always look yourself - google "site:cisco.com bgp add path".
>
>
> ------------------------------
>
> _______________________________________________
> cisco-nsp mailing list
> cisco-nsp at puck.nether.net
> https://puck.nether.net/mailman/listinfo/cisco-nsp
>
> End of cisco-nsp Digest, Vol 124, Issue 29
> ******************************************
More information about the cisco-nsp
mailing list