Re: [c-nsp] ospf network type
On Sat, Oct 25, 2008 at 11:09 PM, Bruce Pinsky [EMAIL PROTECTED] wrote: Really depends on your convergence requirements. For some it's very important, for others not so much. If the link goes down, the missing ethernet keepalive should signal a topology change before the dead timer interval expires. Therefore, I'm not clear on how the difference in hello timers would impact convergence. Thanks, /b ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] ospf network type
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Brian Spade wrote: On Sat, Oct 25, 2008 at 11:09 PM, Bruce Pinsky [EMAIL PROTECTED] mailto:[EMAIL PROTECTED] wrote: Really depends on your convergence requirements. For some it's very important, for others not so much. If the link goes down, the missing ethernet keepalive should signal a topology change before the dead timer interval expires. Therefore, I'm not clear on how the difference in hello timers would impact convergence. It's not about the hello timers, it's about eliminating the DR/BDR election. - -- = bep -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.9 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iEYEARECAAYFAkkEDOYACgkQE1XcgMgrtyYwlACg0FqzQDekc/7Ydyi4u06SZrUJ 7G0AoKuRpOgG8YLwfGCEpvgX3Uu1xuDZ =OKYJ -END PGP SIGNATURE- ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] ospf network type
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Brian Spade wrote: Thanks Mark, that thread was very useful and answered my questions. My question stemmed from an insight into the best practice for this type of topology. Putting aside having to add additional commands for your OSPF configuration, the only advantage I see of changing the network type from broadcast to point-to-point is quicker OSPF adjacencies. So all-in-all, it probably doesn't make too much of a difference changing the default network type for this topology. Really depends on your convergence requirements. For some it's very important, for others not so much. - -- = bep -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.9 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iEYEARECAAYFAkkECZoACgkQE1XcgMgrtya28wCgxwnqks1vop5OAdKxUrp3ik3R A6EAoP1HPTlyY+taooQlsDTq9Ku1RIEI =d9PC -END PGP SIGNATURE- ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] OSPF over PPPoATM
Daniele Orlandi wrote on 25/10/2008 20:06: On Monday 20 October 2008 15:43:03 Marko Milivojevic wrote: Before I accuse intermediate DSLAM filtering them, could you post relevant interface and OSPF process configurations from both routers, please? Marko, Would it be possible for a DSLAM to implement filtering on the AAL5 encapsulated traffic? It would have to decapsulate and interpret UDP/IP packets to do it. Did you experience anything similar? I have met dslams that block broadcast/multicast traffic going from the user side to the network side. But it was IPoA traffic. In your case the traffic is encapsulated into PPP, so it should be much harder for the dslam to check inside it. I would point my finger at a IOS bug, however I tried several completely different IOSes on both the termination and DSL box with no change. Anyway, this is the relevant configuration: 7200 PPP terminator: -- interface ATM2/0 no ip address load-interval 30 atm sonet stm-1 atm pppatm passive no atm auto-configuration no atm ilmi-keepalive no atm address-registration no atm ilmi-enable range PPPOA-10 pvc 10/100 10/250 ubr 1000 dbs enable oam-range manage encapsulation aal5mux ppp Virtual-Template1 create on-demand interface Virtual-Template1 ip unnumbered Loopback0 no ip redirects no ip proxy-arp ip ospf message-digest-key 1 md5 7 ip ospf network point-to-point peer default ip address pool adsl ppp authentication pap callin adsl ppp authorization adsl ppp accounting adsl router ospf 9026 log-adjacency-changes area 0 authentication message-digest summary-address 62.212.6.0 255.255.255.0 summary-address 62.212.4.0 255.255.255.0 redistribute connected subnets redistribute static subnets network 62.212.0.0 0.0.31.255 area 0 - Below you don't have an ip address ;) Is everything (including ppp negotiation) working fine between the endpoints? Can you do a ping between them? Is loopback0 configured? gw-dsl#sh ip ospf interface Vi2.21 Virtual-Access2.21 is up, line protocol is up Internet Address 0.0.0.0/0, Area 0 Process ID 9026, Router ID 62.212.3.248, Network Type POINT_TO_POINT, Cost: 100 Transmit Delay is 1 sec, State POINT_TO_POINT, Timer intervals configured, Hello 10, Dead 40, Wait 40, Retransmit 5 oob-resync timeout 40 Hello due in 00:00:00 Index 33/33, flood queue length 0 Next 0x0(0)/0x0(0) Last flood scan length is 0, maximum is 0 Last flood scan time is 0 msec, maximum is 0 msec Neighbor Count is 1, Adjacent neighbor count is 0 Suppress hello for 0 neighbor(s) Message digest authentication enabled Youngest key id is 1 -- Tassos 2800 DSL Box: -- interface ATM0/1/0 no ip address no atm ilmi-keepalive dsl operating-mode auto pvc 8/35 encapsulation aal5mux ppp Virtual-Template1 interface Virtual-Template1 ip address negotiated ip ospf message-digest-key 1 md5 7 xxx ipv6 enable ppp pap sent-username uli.adsl password 7 xxx router ospf 9026 log-adjacency-changes area 0 authentication message-digest redistribute connected subnets redistribute static metric 200 subnets network 62.212.0.0 0.0.31.255 area 0 - gw-milano#sh ip ospf interface Vi1.1 Virtual-Access1.1 is up, line protocol is up Internet Address 62.212.6.189/32, Area 0 Process ID 9026, Router ID 62.212.3.243, Network Type POINT_TO_POINT, Cost: 284 Transmit Delay is 1 sec, State POINT_TO_POINT, Timer intervals configured, Hello 10, Dead 40, Wait 40, Retransmit 5 oob-resync timeout 40 Hello due in 00:00:07 Supports Link-local Signaling (LLS) Index 5/5, flood queue length 0 Next 0x0(0)/0x0(0) Last flood scan length is 0, maximum is 0 Last flood scan time is 0 msec, maximum is 0 msec Neighbor Count is 0, Adjacent neighbor count is 0 Suppress hello for 0 neighbor(s) Message digest authentication enabled Youngest key id is 1 Bye, ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] OSPF over PPPoATM
What does an ospf debug show on the 2800 side? I've had issues before with DSL ospf and mis-matched network types due to the point-to-multipoint type of relationship you get with an LNS/client, does putting a /30 on the link make any difference? I think the debug is going to be the one that tells the story, if you don't even see hello's then you probably have something blocking it in between. Ben -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Daniele Orlandi Sent: Sunday, 26 October 2008 3:37 AM To: cisco-nsp@puck.nether.net Subject: Re: [c-nsp] OSPF over PPPoATM On Monday 20 October 2008 15:43:03 Marko Milivojevic wrote: Before I accuse intermediate DSLAM filtering them, could you post relevant interface and OSPF process configurations from both routers, please? Marko, Would it be possible for a DSLAM to implement filtering on the AAL5 encapsulated traffic? It would have to decapsulate and interpret UDP/IP packets to do it. Did you experience anything similar? I would point my finger at a IOS bug, however I tried several completely different IOSes on both the termination and DSL box with no change. Anyway, this is the relevant configuration: 7200 PPP terminator: -- interface ATM2/0 no ip address load-interval 30 atm sonet stm-1 atm pppatm passive no atm auto-configuration no atm ilmi-keepalive no atm address-registration no atm ilmi-enable range PPPOA-10 pvc 10/100 10/250 ubr 1000 dbs enable oam-range manage encapsulation aal5mux ppp Virtual-Template1 create on-demand interface Virtual-Template1 ip unnumbered Loopback0 no ip redirects no ip proxy-arp ip ospf message-digest-key 1 md5 7 ip ospf network point-to-point peer default ip address pool adsl ppp authentication pap callin adsl ppp authorization adsl ppp accounting adsl router ospf 9026 log-adjacency-changes area 0 authentication message-digest summary-address 62.212.6.0 255.255.255.0 summary-address 62.212.4.0 255.255.255.0 redistribute connected subnets redistribute static subnets network 62.212.0.0 0.0.31.255 area 0 - gw-dsl#sh ip ospf interface Vi2.21 Virtual-Access2.21 is up, line protocol is up Internet Address 0.0.0.0/0, Area 0 Process ID 9026, Router ID 62.212.3.248, Network Type POINT_TO_POINT, Cost: 100 Transmit Delay is 1 sec, State POINT_TO_POINT, Timer intervals configured, Hello 10, Dead 40, Wait 40, Retransmit 5 oob-resync timeout 40 Hello due in 00:00:00 Index 33/33, flood queue length 0 Next 0x0(0)/0x0(0) Last flood scan length is 0, maximum is 0 Last flood scan time is 0 msec, maximum is 0 msec Neighbor Count is 1, Adjacent neighbor count is 0 Suppress hello for 0 neighbor(s) Message digest authentication enabled Youngest key id is 1 2800 DSL Box: -- interface ATM0/1/0 no ip address no atm ilmi-keepalive dsl operating-mode auto pvc 8/35 encapsulation aal5mux ppp Virtual-Template1 interface Virtual-Template1 ip address negotiated ip ospf message-digest-key 1 md5 7 xxx ipv6 enable ppp pap sent-username uli.adsl password 7 xxx router ospf 9026 log-adjacency-changes area 0 authentication message-digest redistribute connected subnets redistribute static metric 200 subnets network 62.212.0.0 0.0.31.255 area 0 - gw-milano#sh ip ospf interface Vi1.1 Virtual-Access1.1 is up, line protocol is up Internet Address 62.212.6.189/32, Area 0 Process ID 9026, Router ID 62.212.3.243, Network Type POINT_TO_POINT, Cost: 284 Transmit Delay is 1 sec, State POINT_TO_POINT, Timer intervals configured, Hello 10, Dead 40, Wait 40, Retransmit 5 oob-resync timeout 40 Hello due in 00:00:07 Supports Link-local Signaling (LLS) Index 5/5, flood queue length 0 Next 0x0(0)/0x0(0) Last flood scan length is 0, maximum is 0 Last flood scan time is 0 msec, maximum is 0 msec Neighbor Count is 0, Adjacent neighbor count is 0 Suppress hello for 0 neighbor(s) Message digest authentication enabled Youngest key id is 1 Bye, -- Daniele Orlandi つづく ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/ No virus found in this incoming message. Checked by AVG - http://www.avg.com Version: 8.0.175 / Virus Database: 270.8.2/1742 - Release Date: 24/10/2008 6:08 PM
Re: [c-nsp] ospf network type
On Sat, 2008-10-25 at 23:23 -0700, Bruce Pinsky wrote: Brian Spade wrote: If the link goes down, the missing ethernet keepalive should signal a topology change before the dead timer interval expires. Therefore, I'm not clear on how the difference in hello timers would impact convergence. It's not about the hello timers, it's about eliminating the DR/BDR election. And it simplifies the SPF graph, so for large networks the routers spend less time calculating the results. If you're using Ethernet as point-to-point, and you'll only ever have two routers on a segment, the links should be marked point-to-point for any SPF algorithm. Regards, Peter ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] OSPF over PPPoATM
On Sunday 26 October 2008 11:23:50 Tassos Chatzithomaoglou wrote: I have met dslams that block broadcast/multicast traffic going from the user side to the network side. But it was IPoA traffic. In your case the traffic is encapsulated into PPP, so it should be much harder for the dslam to check inside it. Yes, that's what I was thinking. Below you don't have an ip address ;) Yes, that sounds strange, it looks like OSPF isn't able to gather the IP address since the virtual-template use an unnumbered source address. However, trying to give an explicit address to the virtual-template isn't of any use, the IOS disables IP processing altogether on the cloned interfaces (maybe because the cloned interfaces would overlap). Is everything (including ppp negotiation) working fine between the endpoints? Can you do a ping between them? Is loopback0 configured? Yes, the router is already in production with hundreds of peers, everything (except ospf) seem to be working fine. Thanks, Bye, -- Daniele Orlandi つづく ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] BGP Multihomed Selective/Conditional Advertisement
2008/10/24 [EMAIL PROTECTED]: I have been trying to figure out how to do this and maybe someone will be able to help me out. I have two ISP connections ISP ATT and ISP Cogent. (ISP Cogent)(ISP ATT) | | RO --- R1 ATT would be used for primarily internet and access to our webservers. Cogent would be primarily used to access Cognet's network that use VPN for incoming connections only. I do not want to have other networks besides Cogent's network using this path to access our webserver. I would like to have each other act as a backup for one another. For instance if ATT fails I want everyone on the internet use Cogent to access me. If Cogent fails I want everyone on the internet and the VPN connections on Cogent's network to use ATT. So basically what I was thinking to setup is to accept a default router from ATT and Cogent. Lower the local preference of Cogent and that way I would accomplish using ATT as primary internet access. I would: -- forget about conditionals -- advertise three routes to Cogent. My whole network, with a lot of prepends, and the two halves of my network, without prepends but with a community saying don't export. -- receive from Cogent their networks (the VPN things you want) and default. If necessary receive full routes and filter out non-default non-Cogent routes. Set local preference lower than default on default route from Cogent, and local-preference higher than default on Cogent routes. -- advertise whole network to ATT, without prepends. -- receive default route from ATT, with default local-preference. If I've correctly understood what you want then that should do it. -- HTH, Nathan ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] BGP Multihomed Selective/Conditional Advertisement
Seconded. In fact, this could probably be accomplished merely by announcing the space once with a bunch of prepends and ensuring the local preference attribute is greater than other routes Cogent might see for this space. 174:135, I believe, will raise it to 135, FWIW (5 above their default, IIRC). -FC On Sun, Oct 26, 2008 at 9:08 AM, Nathan [EMAIL PROTECTED] wrote: 2008/10/24 [EMAIL PROTECTED]: I have been trying to figure out how to do this and maybe someone will be able to help me out. I have two ISP connections ISP ATT and ISP Cogent. (ISP Cogent)(ISP ATT) | | RO --- R1 ATT would be used for primarily internet and access to our webservers. Cogent would be primarily used to access Cognet's network that use VPN for incoming connections only. I do not want to have other networks besides Cogent's network using this path to access our webserver. I would like to have each other act as a backup for one another. For instance if ATT fails I want everyone on the internet use Cogent to access me. If Cogent fails I want everyone on the internet and the VPN connections on Cogent's network to use ATT. So basically what I was thinking to setup is to accept a default router from ATT and Cogent. Lower the local preference of Cogent and that way I would accomplish using ATT as primary internet access. I would: -- forget about conditionals -- advertise three routes to Cogent. My whole network, with a lot of prepends, and the two halves of my network, without prepends but with a community saying don't export. -- receive from Cogent their networks (the VPN things you want) and default. If necessary receive full routes and filter out non-default non-Cogent routes. Set local preference lower than default on default route from Cogent, and local-preference higher than default on Cogent routes. -- advertise whole network to ATT, without prepends. -- receive default route from ATT, with default local-preference. If I've correctly understood what you want then that should do it. -- HTH, Nathan ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/ ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
[c-nsp] packet loss
Hi What is easy way to see any packet loss in the router? eg: sh int ls this big problem for 100M interface? Input queue: 0/75/679/0 (size/max/drops/flushes); Total output drops: 4179819 Thank you Send instant messages to your online friends http://uk.messenger.yahoo.com ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] packet loss
Hi Adrian, More information would be needed. Like, when were the interface counters cleared, the last time? -Amol On Sun, Oct 26, 2008 at 10:22 PM, adrian kok [EMAIL PROTECTED]wrote: Hi What is easy way to see any packet loss in the router? eg: sh int ls this big problem for 100M interface? Input queue: 0/75/679/0 (size/max/drops/flushes); Total output drops: 4179819 Thank you Send instant messages to your online friends http://uk.messenger.yahoo.com ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/ -- Warm regards, Amol Sapkal --- When I'm not in my right mind, my left mind gets pretty crowded --- ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
[c-nsp] packet loss
Hi Adrian, I think a complete show interface fastethernet X/Y would be useful in order to consider how many drops are present as compared to the total number of packets and to get details about these drops ! Then, input drops are quite unusual, as it means that the input buffer was full at certain period of time. You should understand that (on a router) your input buffer is filled in by the controller as packets arrive and they are then unbuffered and handled by the CPU according to the forwarding scheme chosen (if your router allows CEF, I recommand you to ensure it is activated). If your CPU is overloaded, he has not enough time for handling some critical task, such as handling the input queues... So regarding your input drops, I would recommend you to first check your CPU usage and to ensure that your router is not overloaded. If not, you will have to check if your CPU is not overloaded at certain period of time by monitoring this value, as well as the input queue drop counter. We can have more informations about both the input/output drops with a complete show interface. If you can also describe the network topology where this router is installed, it would help us to understand if you are facing a potential aggregation or speed mismatch problem. Y. ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] packet loss
ro#sh int g1/0 1090542525 packets input, 87373962 bytes, 39 no buffer Received 176544249 broadcasts, 0 runts, 0 giants, 2079 throttles 0 input errors, 542 CRC, (Check this) 0 frame, 134 overrun, 0 ignored clearing interface : CRC should be 0. ro#clear counters ro#sh int g1/0 15240 packets input, 9343716 bytes, 0 no buffer Received 0 broadcasts, 0 runts, 0 giants, 0 throttles 0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored ro#sh int g1/0 25278 packets input, 14733654 bytes, 0 no buffer Received 0 broadcasts, 0 runts, 0 giants, 0 throttles 0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored a. rahman isnaini rangkayo sutan ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
