Re: [c-nsp] Load Balancing of Unequal Ethernet Bandwidth
Hi Andy, What happens when one link goes down depends on a few variables. In the simplest case it works as you would expect. Eg: ip route 0.0.0.0 0.0.0.0 ATM0.1 5 ip route 0.0.0.0 0.0.0.0 Tunnel0 5 router#show ip route 0.0.0.0 Routing entry for 0.0.0.0/0, supernet Known via static, distance 5, metric 0 (connected), candidate default path Routing Descriptor Blocks: * directly connected, via ATM0.1 Route metric is 0, traffic share count is 1 directly connected, via Tunnel0 Route metric is 0, traffic share count is 1 router#conf t router(config)#int tun0 router(config-if)#shut router#sho ip route 0.0.0.0 Routing entry for 0.0.0.0/0, supernet Known via static, distance 5, metric 0 (connected), candidate default path Routing Descriptor Blocks: * directly connected, via ATM0.1 Route metric is 0, traffic share count is 1 In this case shutting down the tunnel0 interface removed the route to that interface from the list of valid routes and there is no load sharing anymore. regards, Tony. --- On Mon, 16/2/09, Andy Saykao andy.say...@staff.netspace.net.au wrote: From: Andy Saykao andy.say...@staff.netspace.net.au Subject: RE: Load Balancing of Unequal Ethernet Bandwidth To: td_mi...@yahoo.com Cc: cisco-nsp@puck.nether.net Date: Monday, 16 February, 2009, 6:39 PM Hi Tony, Thanks for that. Yeah I saw at an example of that at: http://blog.ioshints.info/2007/02/unequal-load-split-with-static-routes. html It's a nice trick to know. Although when one link goes down, I believe you'll lose packets (or they may be delayed or resent) as the load-sharing algorithm uses round-robin to distribute the load and doesn't take into account whether the link has gone down or not. Cheers. Andy -Original Message- From: Tony [mailto:td_mi...@yahoo.com] Sent: Monday, 16 February 2009 6:02 PM To: Andy Saykao Cc: cisco-nsp@puck.nether.net Subject: Re: [c-nsp] Load Balancing of Unequal Ethernet Bandwidth Hi Andy, What do you run as IGP then so that we can help you out ? If static routes, then you can do it using by having multiple routes that are to the same destination. eg. on 2x serial links you might have: serial1 = 200Mbps (10.1.1.1/30) serial2 = 100Mbps (10.1.1.5/3) You would then add static routes like this: ip route x y serial1 ip route x y 10.1.1.2 ip route x y serial2 This way when you do show ip route x you would see something like: * directly connected via serial1 Route metric is 0, traffic share count is 1 * directly connected via serial2 Route metric is 0, traffic share count is 1 * 10.1.1.2 Route metric is 0, traffic share count is 1 Your router would then divide the traffic into three with one third going to each of the destinations configured. The fact that two of those destinations are the same link means that two thirds will go down your 200Mbps link and one third down your 100Mbps link. This is fairly basic and doesn't scale very well, but will work. regards, Tony. --- On Mon, 16/2/09, Andy Saykao andy.say...@staff.netspace.net.au wrote: From: Andy Saykao andy.say...@staff.netspace.net.au Subject: Re: [c-nsp] Load Balancing of Unequal Ethernet Bandwidth To: Ben Steele illcrit...@gmail.com Cc: cisco-nsp@puck.nether.net Date: Monday, 16 February, 2009, 5:39 PM Hi Ben, When I googled around, there were many discussions abvout using the variance command with eigrp but we don't run eigrp internally as our IGP. This is a typical setup where we need to upgrade some of our links, so we might upgrade 50M on the second leg and end up with a situation where the first leg is100M and the second leg is 150M. As you may know, some providers aren't so flexible so you can't just upgrade 25M on each leg because they increment by 50M per leg only. Hence my question if it was possible to load balance across unequal ethernet circuits without buying additional bandwidth for both circuits. Thanks. Andy From: Ben Steele [mailto:illcrit...@gmail.com] Sent: Monday, 16 February 2009 5:29 PM To: Andy Saykao Subject: Re: [c-nsp] Load Balancing of Unequal Ethernet Bandwidth You could do this with variance in eigrp, just add variance 2 into the eigrp config and it will load balance on a 2:1 ratio, if your links are equally matched in terms of latency you can look at enabling per-packet load sharing on the 2 egress interfaces to get an even more granular distribution, this can wreck some havoc with unequal paths and out of sequence packets though, however if equally similar in characteristics then performance is usually very good. Ben On Mon, Feb 16, 2009 at 4:01 PM, Andy Saykao andy.say...@staff.netspace.net.au wrote: Is it possible to aggregate and then load balance unequal
Re: [c-nsp] Load Balancing of Unequal Ethernet Bandwidth
One trick you could do is to use VLANs to virtualized the links... On the 100M link run a single VLAN while on the 200M link run 2 sub interfaces, each on a different VLAN. This would create 3 equal cost paths (well, you need to set the cost manually to be the same) and you would get automatic load sharing. Arie -Original Message- From: cisco-nsp-boun...@puck.nether.net [mailto:cisco-nsp-boun...@puck.nether.net] On Behalf Of Andy Saykao Sent: Monday, February 16, 2009 09:47 To: Ben Steele; td_mi...@yahoo.com Cc: cisco-nsp@puck.nether.net Subject: Re: [c-nsp] Load Balancing of Unequal Ethernet Bandwidth Tony - we run OSPF as our IGP. Ben - on our WAN link we run BGP. We also have ethernet circuits between our POPS in each capital city which we run OSPF over. I'll give that link a read. Thanks From: Ben Steele [mailto:illcrit...@gmail.com] Sent: Monday, 16 February 2009 6:06 PM To: td_mi...@yahoo.com Cc: Andy Saykao; cisco-nsp@puck.nether.net Subject: Re: [c-nsp] Load Balancing of Unequal Ethernet Bandwidth Alternatively if you are using BGP, have a look at BGP Link Bandwidth http://www.cisco.com/en/US/docs/ios/12_2t/12_2t2/feature/guide/ftbgplb.h tml On Mon, Feb 16, 2009 at 5:32 PM, Tony td_mi...@yahoo.com wrote: Hi Andy, What do you run as IGP then so that we can help you out ? If static routes, then you can do it using by having multiple routes that are to the same destination. eg. on 2x serial links you might have: serial1 = 200Mbps (10.1.1.1/30) serial2 = 100Mbps (10.1.1.5/3) You would then add static routes like this: ip route x y serial1 ip route x y 10.1.1.2 ip route x y serial2 This way when you do show ip route x you would see something like: * directly connected via serial1 Route metric is 0, traffic share count is 1 * directly connected via serial2 Route metric is 0, traffic share count is 1 * 10.1.1.2 Route metric is 0, traffic share count is 1 Your router would then divide the traffic into three with one third going to each of the destinations configured. The fact that two of those destinations are the same link means that two thirds will go down your 200Mbps link and one third down your 100Mbps link. This is fairly basic and doesn't scale very well, but will work. regards, Tony. --- On Mon, 16/2/09, Andy Saykao andy.say...@staff.netspace.net.au wrote: From: Andy Saykao andy.say...@staff.netspace.net.au Subject: Re: [c-nsp] Load Balancing of Unequal Ethernet Bandwidth To: Ben Steele illcrit...@gmail.com Cc: cisco-nsp@puck.nether.net Date: Monday, 16 February, 2009, 5:39 PM Hi Ben, When I googled around, there were many discussions abvout using the variance command with eigrp but we don't run eigrp internally as our IGP. This is a typical setup where we need to upgrade some of our links, so we might upgrade 50M on the second leg and end up with a situation where the first leg is100M and the second leg is 150M. As you may know, some providers aren't so flexible so you can't just upgrade 25M on each leg because they increment by 50M per leg only. Hence my question if it was possible to load balance across unequal ethernet circuits without buying additional bandwidth for both circuits. Thanks. Andy From: Ben Steele [mailto:illcrit...@gmail.com] Sent: Monday, 16 February 2009 5:29 PM To: Andy Saykao Subject: Re: [c-nsp] Load Balancing of Unequal Ethernet Bandwidth You could do this with variance in eigrp, just add variance 2 into the eigrp config and it will load balance on a 2:1 ratio, if your links are equally matched in terms of latency you can look at enabling per-packet load sharing on the 2 egress interfaces to get an even more granular distribution, this can wreck some havoc with unequal paths and out of sequence packets though, however if equally similar in characteristics then performance is usually very good. Ben On Mon, Feb 16, 2009 at 4:01 PM, Andy Saykao andy.say...@staff.netspace.net.au wrote: Is it possible to aggregate and then load balance unequal ethernet
Re: [c-nsp] Router requirement
Pete, You are looking for a CPE and not a service aggregation point, right? Can you provide a bit more info about what kind of services this CPE would be terminating? What kind of interfaces do you need to support? (copper/fiber? FE/GE?) Arie -Original Message- From: cisco-nsp-boun...@puck.nether.net [mailto:cisco-nsp-boun...@puck.nether.net] On Behalf Of Pete Barnwell Sent: Sunday, February 15, 2009 20:15 To: cisco-nsp@puck.nether.net Subject: [c-nsp] Router requirement Hi, Wonder if anybody can help me with selecting the right router for CPE? It needs to be able to handle 100Mb/s delivered over FE, doing a bit of QoS and a few ACLs but no dynamic routing protocols. Thanks Pete ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/ ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] Router requirement
Peter, So would something like the ME3400 would be relevant: http://www.cisco.com/en/US/products/ps6580/index.html Note that there is a small model with only 2 ports, which is supposed to take a CPE role: ME-3400G-2CS-A Arie -Original Message- From: Pete Barnwell [mailto:pe...@whole-uk.com] Sent: Monday, February 16, 2009 18:20 To: Arie Vayner (avayner) Subject: Re: [c-nsp] Router requirement Arie Vayner (avayner) wrote: Pete, You are looking for a CPE and not a service aggregation point, right? Can you provide a bit more info about what kind of services this CPE would be terminating? What kind of interfaces do you need to support? (copper/fiber? FE/GE?) Hi Arie, Yes, CPE. It's to terminate a LAN extension that is handed off as Copper FE to us by the Telco. We need to handle a mix of data voice - inm this particular instance a fair chunk of the bandwidth is VPN, but that's terminated on an existing device. We just need to be able to priority queue the voice traffic, really. Regards Pete ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
[c-nsp] 3/11 (invalid or corrupt AS path)
I am starting to see random BGP neighbor messages from multiple neighbors on different boxes. %BGP-3-NOTIFICATION: received from neighbor X.X.X.X 3/11 (invalid or corrupt AS path) 516 bytes I dont see much documentation on this, and we are in the process of opening a TAC case, just curious if anyone else has seen these and may be able to shed some light. Thanks ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] 3/11 (invalid or corrupt AS path)
Ozar wrote: I am starting to see random BGP neighbor messages from multiple neighbors on different boxes. %BGP-3-NOTIFICATION: received from neighbor X.X.X.X 3/11 (invalid or corrupt AS path) 516 bytes I dont see much documentation on this, and we are in the process of opening a TAC case, just curious if anyone else has seen these and may be able to shed some light. No, it is not software error, it is extremly long as-path: AS path: 3356 29113 47868 47868 47868 47868 47868 47868 47868 47868 47868 47868 47868 47868 47868 47868 47868 47868 47868 47868 47868 47868 47868 47868 47868 47868 47868 47868 47868 47868 47868 47868 47868 47868 47868 47868 47868 47868 47868 47868 47868 47868 47868 47868 47868 47868 47868 47868 47868 47868 47868 47868 47868 47868 47868 47868 47868 47868 47868 47868 47868 47868 47868 47868 47868 47868 47868 47868 47868 47868 47868 47868 47868 47868 47868 47868 47868 47868 47868 47868 47868 47868 47868 47868 47868 47868 47868 47868 47868 47868 47868 47868 47868 47868 47868 47868 47868 47868 47868 47868 47868 47868 47868 47868 47868 47868 47868 47868 47868 47868 47868 47868 47868 47868 47868 47868 47868 47868 47868 47868 47868 47868 47868 47868 47868 47868 47868 47868 47868 47868 47868 47868 47868 47868 47868 47868 47868 47868 47868 47868 47868 47868 47868 47868 47868 47868 47868 47868 47868 47868 47868 47868 47868 47868 47868 47868 47868 47868 47868 47868 47868 47868 47868 47868 47868 47868 47868 47868 47868 47868 47868 47868 47868 47868 47868 47868 47868 47868 47868 47868 47868 47868 47868 47868 47868 47868 47868 47868 47868 47868 47868 47868 47868 47868 47868 47868 47868 47868 47868 47868 47868 47868 47868 47868 47868 47868 47868 47868 47868 47868 47868 47868 47868 47868 47868 47868 47868 47868 47868 47868 47868 47868 47868 47868 47868 47868 47868 47868 47868 47868 47868 47868 47868 47868 47868 47868 47868 47868 47868 47868 47868 47868 47868 47868 47868 47868 47868 47868 47868 47868 47868 47868 47868 47868 I -- Grzegorz Janoszka ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] 3/11 (invalid or corrupt AS path)
(Forgot to CC c-nsp) Someone is advertising a block with insane long prepend. We added it to our filter list and it seems most providers have filtered out that route by now. Our 28xx decided to flip out with IBGP. IOS 12.4(21). Is this a bug? Is there a bugID on this or a workaround to filter insane route? Can I filter prefix by how big it is? It's this route. #sh ip bgp 94.125.216.0 BGP routing table entry for 94.125.216.0/21, version 92436 Paths: (2 available, best #1, table Default-IP-Routing-Table) Flag: 0x820 Not advertised to any peer x.x.x.x from y.y.y.y (z.z.z.z) Origin IGP, metric 10, localpref 100, valid, external, best Community: 13697912 13697913 209 1299 29113 47868 47868 47868 47868 47868 47868 47868 47868 47868 47868 47868 47868 47868 47868 47868 47868 47868 47868 47868 47868 47868 47868 47868 47868 47868 47868 47868 47868 47868 47868 47868 47868 47868 47868 47868 47868 47868 47868 47868 47868 47868 47868 47868 47868 47868 47868 47868 47868 47868 47868 47868 47868 47868 47868 47868 47868 47868 47868 47868 47868 47868 47868 47868 47868 47868 47868 47868 47868 47868 47868 47868 47868 47868 47868 47868 47868 47868 47868 47868 47868 47868 47868 47868 47868 47868 47868 47868 47868 47868 47868 47868 47868 47868 47868 47868 47868 47868 47868 47868 47868 47868 47868 47868 47868 47868 47868 47868 47868 47868 47868 47868 47868 47868 47868 47868 47868 47868 47868 47868 47868 47868 47868 47868 47868 47868 47868 47868 47868 47868 47868 47868 47868 47868 47868 47868 47868 47868 47868 47868 47868 47868 47868 47868 47868 47868 47868 47868 47868 47868 47868 47868 47868 47868 47868 47868 47868 47868 47868 47868 47868 47868 47868 47868 47868 47868 47868 47868 47868 47868 47868 47868 47868 47868 47868 47868 47868 47868 47868 47868 47868 47868 47868 47868 47868 47868 47868 47868 47868 47868 47868 47868 47868 47868 47868 47868 47868 47868 47868 47868 47868 47868 47868 47868 47868 47868 47868 47868 47868 47868 47868 47868 47868 47868 47868 47868 47868 47868 47868 47868 47868 47868 47868 47868 47868 47868 47868 47868 47868 47868 47868 47868 47868 47868 47868 47868 47868 47868 47868 47868 47868 47868 47868 47868 47868 47868 47868 47868 47868 4 On Mon, Feb 16, 2009 at 11:55 AM, Ozar vegasnet...@gmail.com wrote: I am starting to see random BGP neighbor messages from multiple neighbors on different boxes. %BGP-3-NOTIFICATION: received from neighbor X.X.X.X 3/11 (invalid or corrupt AS path) 516 bytes I dont see much documentation on this, and we are in the process of opening a TAC case, just curious if anyone else has seen these and may be able to shed some light. Thanks ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/ ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] 3/11 (invalid or corrupt AS path)
On Mon, Feb 16, 2009 at 06:14:08PM +0100, Grzegorz Janoszka wrote: Ozar wrote: I am starting to see random BGP neighbor messages from multiple neighbors on different boxes. %BGP-3-NOTIFICATION: received from neighbor X.X.X.X 3/11 (invalid or corrupt AS path) 516 bytes [snip] No, it is not software error, it is extremly long as-path: The message itself, correct. The flapping sessions observed on some code, the long path is indeed triggering some bug. It is immaterial if it is the revival of an ld bug or a new one, there are folks flapping over this (and related) paths. Providers without some level of sanity filters (really need many-multiples the current diameter of the net?) should be shamed into limiting their customer's prepends. -- RSUC / GweepNet / Spunk / FnB / Usenix / SAGE ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] 3/11 (invalid or corrupt AS path)
Hello, I have spoken with AS29113 admin and they will fix( block or what ) issue with their customer AS47868 Regards Tomas Jay Nakamura wrote: (Forgot to CC c-nsp) Someone is advertising a block with insane long prepend. We added it to our filter list and it seems most providers have filtered out that route by now. Our 28xx decided to flip out with IBGP. IOS 12.4(21). Is this a bug? Is there a bugID on this or a workaround to filter insane route? Can I filter prefix by how big it is? It's this route. #sh ip bgp 94.125.216.0 BGP routing table entry for 94.125.216.0/21, version 92436 Paths: (2 available, best #1, table Default-IP-Routing-Table) Flag: 0x820 Not advertised to any peer x.x.x.x from y.y.y.y (z.z.z.z) Origin IGP, metric 10, localpref 100, valid, external, best Community: 13697912 13697913 209 1299 29113 47868 47868 47868 47868 47868 47868 47868 47868 47868 47868 47868 47868 47868 47868 47868 47868 47868 47868 47868 47868 47868 47868 47868 47868 47868 47868 47868 47868 47868 47868 47868 47868 47868 47868 47868 47868 47868 47868 47868 47868 47868 47868 47868 47868 47868 47868 47868 47868 47868 47868 47868 47868 47868 47868 47868 47868 47868 47868 47868 47868 47868 47868 47868 47868 47868 47868 47868 47868 47868 47868 47868 47868 47868 47868 47868 47868 47868 47868 47868 47868 47868 47868 47868 47868 47868 47868 47868 47868 47868 47868 47868 47868 47868 47868 47868 47868 47868 47868 47868 47868 47868 47868 47868 47868 47868 47868 47868 47868 47868 47868 47868 47868 47868 47868 47868 47868 47868 47868 47868 47868 47868 47868 47868 47868 47868 47868 47868 47868 47868 47868 47868 47868 47868 47868 47868 47868 47868 47868 47868 47868 47868 47868 47868 47868 47868 47868 47868 47868 47868 47868 47868 47868 47868 47868 47868 47868 47868 47868 47868 47868 47868 47868 47868 47868 47868 47868 47868 47868 47868 47868 47868 47868 47868 47868 47868 47868 47868 47868 47868 47868 47868 47868 47868 47868 47868 47868 47868 47868 47868 47868 47868 47868 47868 47868 47868 47868 47868 47868 47868 47868 47868 47868 47868 47868 47868 47868 47868 47868 47868 47868 47868 47868 47868 47868 47868 47868 47868 47868 47868 47868 47868 47868 47868 47868 47868 47868 47868 47868 47868 47868 47868 47868 47868 47868 47868 47868 47868 47868 47868 47868 47868 47868 47868 47868 47868 47868 47868 47868 4 On Mon, Feb 16, 2009 at 11:55 AM, Ozar vegasnet...@gmail.com wrote: I am starting to see random BGP neighbor messages from multiple neighbors on different boxes. %BGP-3-NOTIFICATION: received from neighbor X.X.X.X 3/11 (invalid or corrupt AS path) 516 bytes I dont see much documentation on this, and we are in the process of opening a TAC case, just curious if anyone else has seen these and may be able to shed some light. Thanks ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/ ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/ ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] 3/11 (invalid or corrupt AS path)
Joe Provo wrote: On Mon, Feb 16, 2009 at 06:14:08PM +0100, Grzegorz Janoszka wrote: Ozar wrote: I am starting to see random BGP neighbor messages from multiple neighbors on different boxes. %BGP-3-NOTIFICATION: received from neighbor X.X.X.X 3/11 (invalid or corrupt AS path) 516 bytes [snip] No, it is not software error, it is extremly long as-path: The message itself, correct. The flapping sessions observed on some code, the long path is indeed triggering some bug. It is immaterial if it is the revival of an ld bug or a new one, there are folks flapping over this (and related) paths. Providers without some level of sanity filters (really need many-multiples the current diameter of the net?) should be shamed into limiting their customer's prepends. According to the NANOG thread on this, it would seem that the bug would be CSCdr54230. Tim ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] 3/11 (invalid or corrupt AS path)
That would have to be *real* old code. That was fixed back in the 12.1(4) and 12.0(10)S3 days. On Mon, Feb 16, 2009 at 01:25:32PM -0500, Tim Donahue wrote: Joe Provo wrote: On Mon, Feb 16, 2009 at 06:14:08PM +0100, Grzegorz Janoszka wrote: Ozar wrote: I am starting to see random BGP neighbor messages from multiple neighbors on different boxes. %BGP-3-NOTIFICATION: received from neighbor X.X.X.X 3/11 (invalid or corrupt AS path) 516 bytes [snip] No, it is not software error, it is extremly long as-path: The message itself, correct. The flapping sessions observed on some code, the long path is indeed triggering some bug. It is immaterial if it is the revival of an ld bug or a new one, there are folks flapping over this (and related) paths. Providers without some level of sanity filters (really need many-multiples the current diameter of the net?) should be shamed into limiting their customer's prepends. According to the NANOG thread on this, it would seem that the bug would be CSCdr54230. Tim ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/ ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] Cisco 3012 IBM Blade Switch Configurations?
David Hughes wrote: On 14/02/2009, at 2:52 AM, ChrisSerafin wrote: I will have a pair of 2960's upstream that will have 2 bonded etherchannels going into each switch blade from each 2960. The etherchannels will be trunk links and then I will configure the internal virtual switchports as trunks going into the XEN ServerXEN is just like VMware/ESX.. the server tags the VLANs depending on what network they need to be on. Make sense at all? I've been google'ing until my eyes bleed trying to get up to speed on these devices. Yup, that makes perfect sense and is similar to our architecture (if you substitute 6500 for 2960 you'd pretty much have our standard setup). We run nodes of ESX farms on blades in this configuration. If you are planning on dense virtualisation or multi-node farms then you'll need to be running MST for your spanning tree. Running any form of per vlan STP will have you running out of STP instances before you run out of vlans you need to trunk to your ESX / Xen boxes. That brings up a good point about STP. If I have 1 etherchannel going from each switch blade to each upstream switch, will the switches detect the loops or do I need to manually configure this? Thanks for your comments! --chris ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] 3/11 (invalid or corrupt AS path)
Hi List, We have just experience the same problem on SRC but with a different reason, %BGP-3-NOTIFICATION: sent to neighbor X.X.X.X 3/11 (invalid or corrupt AS path) 518 bytes 50020202 02009531 23012306 71B9BAFC BA 23w4d: BGP: X.X.X.X Bad attributes Feb 16 21:26:04.918 pst: %BGP-4-MSGDUMP: unsupported or mal-formatted message received from X.X.X.X: 022C 0200 0002 1140 0101 0050 0202 0202 0095 3123 0123 0671 B9BA FCBA FCBA FCBA FCBA FCBA FCBA FCBA FCBA FCBA FCBA FCBA FCBA FCBA FCBA FCBA FCBA FCBA FCBA FCBA FCBA FCBA FCBA FCBA FCBA FCBA FCBA FCBA FCBA FCBA FCBA FCBA FCBA FCBA FCBA FCBA FCBA FCBA FCBA FCBA FCBA FCBA FCBA FCBA FCBA FCBA FCBA FCBA FCBA FCBA FCBA FCBA FCBA FCBA FCBA FCBA FCBA FCBA FCBA FCBA FCBA FCBA FCBA FCBA FCBA FCBA FCBA FCBA FCBA FCBA FCBA FCBA FCBA FCBA FCBA FCBA FCBA FCBA FCBA FCBA FCBA FCBA FCBA FCBA FCBA FCBA FCBA FCBA FCBA FCBA FCBA FCBA-- Any idea of reason? or what can be a bad message for BGP that can tear down adjacency ? Regards, M Usman Ashraf On Tue, Feb 17, 2009 at 12:07 AM, Rodney Dunn rod...@cisco.com wrote: That would have to be *real* old code. That was fixed back in the 12.1(4) and 12.0(10)S3 days. On Mon, Feb 16, 2009 at 01:25:32PM -0500, Tim Donahue wrote: Joe Provo wrote: On Mon, Feb 16, 2009 at 06:14:08PM +0100, Grzegorz Janoszka wrote: Ozar wrote: I am starting to see random BGP neighbor messages from multiple neighbors on different boxes. %BGP-3-NOTIFICATION: received from neighbor X.X.X.X 3/11 (invalid or corrupt AS path) 516 bytes [snip] No, it is not software error, it is extremly long as-path: The message itself, correct. The flapping sessions observed on some code, the long path is indeed triggering some bug. It is immaterial if it is the revival of an ld bug or a new one, there are folks flapping over this (and related) paths. Providers without some level of sanity filters (really need many-multiples the current diameter of the net?) should be shamed into limiting their customer's prepends. According to the NANOG thread on this, it would seem that the bug would be CSCdr54230. Tim ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/ ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/ ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] WS-SVC-IDSM-2 visio icon
Apologies for the delay in replying, romantic weekends always get in the way :-) Thanks for the replies, I recognise the FWSM icon is very similar, I was more concerned that I couldn't find it in the Cisco complete Visio zip and though there might be another location I could get it from. Cheers Steve On Thu, Feb 12, 2009 at 18:31, Gregori Parker gregori.par...@theplatform.com wrote: If you're after a physical icon, just doctor the FWSM, there's not much difference. If you're after a logical icon, the generally accepted icon for IDS (at least in my world) is the one called SwitchProbe in the Cisco logical shapes list - it's the cube with a magnifying glass on it. -Original Message- From: cisco-nsp-boun...@puck.nether.net [mailto:cisco-nsp-boun...@puck.nether.net] On Behalf Of Justin M. Streiner Sent: Thursday, February 12, 2009 9:43 AM To: cisco-nsp@puck.nether.net Subject: Re: [c-nsp] WS-SVC-IDSM-2 visio icon On Thu, 12 Feb 2009, Steve McNamara wrote: I'm looking for a Visio icon for a WS-SVC-IDSM-2 icon without any luck. I've downloaded the complete Viso icon zip from http://www.cisco.com/en/US/products/prod_visio_icon_list.html, but there's no icon for this module? There are other service modules such as NAM1 2 in the 6500 shape stencil, but not this one. Does anyone know where it can be found or have any other suggestions? If it comes down to it, you can always make one on your own. I've had to do that in several cases. jms ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/ ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/ ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] 3/11 (invalid or corrupt AS path)
We are working on that. I'll let you know once I have more. Rodney On Tue, Feb 17, 2009 at 12:41:34AM +0500, M Usman Ashraf wrote: Hi List, We have just experience the same problem on SRC but with a different reason, %BGP-3-NOTIFICATION: sent to neighbor X.X.X.X 3/11 (invalid or corrupt AS path) 518 bytes 50020202 02009531 23012306 71B9BAFC BA 23w4d: BGP: X.X.X.X Bad attributes Feb 16 21:26:04.918 pst: %BGP-4-MSGDUMP: unsupported or mal-formatted message received from X.X.X.X: 022C 0200 0002 1140 0101 0050 0202 0202 0095 3123 0123 0671 B9BA FCBA FCBA FCBA FCBA FCBA FCBA FCBA FCBA FCBA FCBA FCBA FCBA FCBA FCBA FCBA FCBA FCBA FCBA FCBA FCBA FCBA FCBA FCBA FCBA FCBA FCBA FCBA FCBA FCBA FCBA FCBA FCBA FCBA FCBA FCBA FCBA FCBA FCBA FCBA FCBA FCBA FCBA FCBA FCBA FCBA FCBA FCBA FCBA FCBA FCBA FCBA FCBA FCBA FCBA FCBA FCBA FCBA FCBA FCBA FCBA FCBA FCBA FCBA FCBA FCBA FCBA FCBA FCBA FCBA FCBA FCBA FCBA FCBA FCBA FCBA FCBA FCBA FCBA FCBA FCBA FCBA FCBA FCBA FCBA FCBA FCBA FCBA FCBA FCBA FCBA FCBA-- Any idea of reason? or what can be a bad message for BGP that can tear down adjacency ? Regards, M Usman Ashraf On Tue, Feb 17, 2009 at 12:07 AM, Rodney Dunn rod...@cisco.com wrote: That would have to be *real* old code. That was fixed back in the 12.1(4) and 12.0(10)S3 days. On Mon, Feb 16, 2009 at 01:25:32PM -0500, Tim Donahue wrote: Joe Provo wrote: On Mon, Feb 16, 2009 at 06:14:08PM +0100, Grzegorz Janoszka wrote: Ozar wrote: I am starting to see random BGP neighbor messages from multiple neighbors on different boxes. %BGP-3-NOTIFICATION: received from neighbor X.X.X.X 3/11 (invalid or corrupt AS path) 516 bytes [snip] No, it is not software error, it is extremly long as-path: The message itself, correct. The flapping sessions observed on some code, the long path is indeed triggering some bug. It is immaterial if it is the revival of an ld bug or a new one, there are folks flapping over this (and related) paths. Providers without some level of sanity filters (really need many-multiples the current diameter of the net?) should be shamed into limiting their customer's prepends. According to the NANOG thread on this, it would seem that the bug would be CSCdr54230. Tim ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/ ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/ ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] 3/11 (invalid or corrupt AS path)
On Mon, Feb 16, 2009 at 20:32, Rodney Dunn rod...@cisco.com wrote: We are working on that. I'll let you know once I have more. We've got one of these on our node running SRB3. It was trigerred on only one session when being announced to a customer. ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] 3/11 (invalid or corrupt AS path)
One of those what? All I want is: sh ver sh log sh ip bgp nei on a box that SENT the BGP notification on receipt of the update. Don't send it if the BGP session when down because the notification was received. rodney On Mon, Feb 16, 2009 at 09:00:02PM +, Marko Milivojevic wrote: On Mon, Feb 16, 2009 at 20:32, Rodney Dunn rod...@cisco.com wrote: We are working on that. I'll let you know once I have more. We've got one of these on our node running SRB3. It was trigerred on only one session when being announced to a customer. ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] 3/11 (invalid or corrupt AS path)
I don't know if it's related or not but one of my borders and another nearly identical box much further into the network logged these with 18 seconds of each other: Feb 16 10:23:38 10.64.0.1 968577: 968585: Feb 16 10:23:37 CST: %BGP-6-BIGCHUNK: Big chunk pool request (522) for aspath. Replenishing with malloc Both are running 12.4(15)Tn releases. Justin Rodney Dunn wrote: One of those what? All I want is: sh ver sh log sh ip bgp nei on a box that SENT the BGP notification on receipt of the update. Don't send it if the BGP session when down because the notification was received. rodney On Mon, Feb 16, 2009 at 09:00:02PM +, Marko Milivojevic wrote: On Mon, Feb 16, 2009 at 20:32, Rodney Dunn rod...@cisco.com wrote: We are working on that. I'll let you know once I have more. We've got one of these on our node running SRB3. It was trigerred on only one session when being announced to a customer. ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/ ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] 3/11 (invalid or corrupt AS path)
On Mon, Feb 16, 2009 at 03:45:29PM -0600, Justin Shore wrote: I don't know if it's related or not but one of my borders and another nearly identical box much further into the network logged these with 18 seconds of each other: Feb 16 10:23:38 10.64.0.1 968577: 968585: Feb 16 10:23:37 CST: %BGP-6-BIGCHUNK: Big chunk pool request (522) for aspath. Replenishing with malloc Related, but that's just an informational I've had to go and do a rather unexpectedly large request for memory, but I have, just thought I would mention it message. -- Euan Galloway ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
[c-nsp] VRF-Lite and VRF Source-select
Hi All I was reading about VRF Source-select feature and want to know is this this supported with VRF-Lite or needs MPLS-VPN backbone ? best regards --Ibrahim ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] Cisco 3012 IBM Blade Switch Configurations?
On 17/02/2009, at 5:21 AM, ChrisSerafin wrote: That brings up a good point about STP. If I have 1 etherchannel going from each switch blade to each upstream switch, will the switches detect the loops or do I need to manually configure this? Thanks for your comments! The blade switches operate as separate switches and can be viewed as if they were your normal 29xx or 35xx access switch depending on the CIGESM you buy (well, with a couple of caveats about their management interfaces). If the switches are connected to your network via a single etherchannel then there's no possibility of a loop - other than a mis-configured etherchannel. You don't get loops but you don't get any redundancy at the network layer. In this setup I assume you are using some form of NIC teaming and failover on the blades themselves for redundancy. That's not going to pick up a failed uplink on your primary switching path as most teaming drivers only look at link state on the NIC. If you are following a normal dual attached model where each access switch (be it a top of rack switch or a blade switch module) is uplinked to 2 different switches then you get link redundancy but naturally need STP. If you are running dense virtualisation or vm server farms then the STP you should be running is MST. Thanks David ... ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] 3/11 (invalid or corrupt AS path)
That's fine. It just means we fell back to malloc a block that could hold it. On Mon, Feb 16, 2009 at 03:45:29PM -0600, Justin Shore wrote: I don't know if it's related or not but one of my borders and another nearly identical box much further into the network logged these with 18 seconds of each other: Feb 16 10:23:38 10.64.0.1 968577: 968585: Feb 16 10:23:37 CST: %BGP-6-BIGCHUNK: Big chunk pool request (522) for aspath. Replenishing with malloc Both are running 12.4(15)Tn releases. Justin Rodney Dunn wrote: One of those what? All I want is: sh ver sh log sh ip bgp nei on a box that SENT the BGP notification on receipt of the update. Don't send it if the BGP session when down because the notification was received. rodney On Mon, Feb 16, 2009 at 09:00:02PM +, Marko Milivojevic wrote: On Mon, Feb 16, 2009 at 20:32, Rodney Dunn rod...@cisco.com wrote: We are working on that. I'll let you know once I have more. We've got one of these on our node running SRB3. It was trigerred on only one session when being announced to a customer. ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/ ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] Router requirement
We have a 2801 that holds at ~35% CPU while pushing 70Mbps+ from port to port day in/out: basic QOS, BGP for default origination only, 12.4(1c) Advanced IP Services K9. Naturally if you add NAT, NBAR, extensive QOS, etc. these numbers will change dramatically. IMO a 2821 would definitely do the job and provide copper Gigabit capabilities, although not wire speed. However, depending on what you're trying to do, the ME3400-2CS-A might be the best choice with both optical and electrical hand-offs and scalability to Gigabit. We typically prefer a 2800 at the edge for links 100Mbps for features like NAT, and go with a switch for anything 100Mbps. Cory Pete Barnwell wrote: Hi, Wonder if anybody can help me with selecting the right router for CPE? It needs to be able to handle 100Mb/s delivered over FE, doing a bit of QoS and a few ACLs but no dynamic routing protocols. If you can live with a worst-case scenario of 87MBit, a 2821 might be decent choice, too. Typical throughput, even with moderate QoS/ACL should be well over 100M (maybe even with a 2811). Otherwise, a 3825 with its two 1G interfaces built in would be a real good alternative to the rather pricey 72k ... -garry ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
[c-nsp] VPDN Multihop
Hi All, There is probably an obvious answer to this, but I am failing to make it work the way I want so I'm asking the resident experts. We are a wholesale ISP taking DSL tails as L2TP from carriers. We have an LNS which is currently setup to switch these sessions to downstream channel partners based on match against the domain/REALM. For one of the realms on which we receive L2TP sessions, we would like to select a destination (either locally terminated or switched-to-channel-partner) on a per-account basis. These currently are switched to us on a per-account basis by our upstream provider doing per-account authentication and A/V pairs to forward the sessions. Their A/V pairs are setting a tunnel-id for these. We thought was to leverage the multihop-hostname command under a request-dialin configured VPDN-group. The documentation on CCO seems to imply that it can be used to match against a VPDN tunnel-id, but we could not get that to work. multihop-hostname To enable a tunnel switch to initiate a tunnel based on the hostname or tunnel ID associated with an ingress tunnel, use the multihop-hostname command in VPDN request-dialin subgroup configuration mode. To disable this option, use the no form of this command. We tried configuring up a vpdn-group with a multihop hostname/initiate-to/local name/l2tp tunnel password, surely that would be enough to correctly match and therefore switch the session across to the downstream LNS? Unfortunately we could not get it to work, the error coming back was complaining that it could not assign a virtual-template to the session, which would seem to imply an attempt to terminate the session locally Feb 17 12:14:18: SSS MGR [uid:606]: Handling Policy Service Authorize action (1 pending sessions) Feb 17 12:14:18: SSS PM [uid:606][6858A474]: RM/VPDN disabled: RM/VPDN author not needed Feb 17 12:14:18: SSS PM [uid:606][6858A474]: AAA author needed for registered user Feb 17 12:14:18: SSS MGR [uid:606]: Got reply Need More Keys from PM Feb 17 12:14:18: SSS MGR [uid:606]: Handling Need More Keys action Feb 17 12:14:18: VPDN uid:606 disconnect (TEST-CMD) IETF: 9/nas-error Ascend: 62/VPDN No Resources Feb 17 12:14:18: VPDN uid:606 vpdn shutdown session, result=2, error=5, vendor_err=0 Feb 17 12:14:18: VPDN uid:606 VPDN/AAA: accounting stop sent Feb 17 12:14:18: L2TUN APP: uid:606handle/665997Destroying app session Feb 17 12:14:18: L2TUN APP: uid:606handle/665997Stopping service selection Feb 17 12:14:18: L2X SSS [uid:606]: Disc sent to SSS Feb 17 12:14:18: L2TP _:06839:70B5: Feb 17 12:14:18: L2TP _:06839:70B5: Shutting down session Feb 17 12:14:18: L2TP _:06839:70B5: Result Code Feb 17 12:14:18: L2TP _:06839:70B5: Call disconnected, refer to error msg (2) Feb 17 12:14:18: L2TP _:06839:70B5: Error Code Feb 17 12:14:18: L2TP _:06839:70B5: Insufficient resources (4) Feb 17 12:14:18: L2TP _:06839:70B5: Vendor Error Feb 17 12:14:18: L2TP _:06839:70B5: None (0) Feb 17 12:14:18: L2TP _:06839:70B5: Optional Message Feb 17 12:14:18: L2TP _:06839:70B5: No virtual-template specified Feb 17 12:14:18: L2TP _:06839:70B5: vpdn enable vpdn multihop vpdn aaa attribute nas-port vpdn-nas vpdn redirect vpdn logging vpdn logging local vpdn logging tunnel-drop vpdn history failure table-size 50 vpdn session-limit 2048 vpdn search-order multihop-hostname domain vpdn domain-delimiter @ suffix vpdn domain-delimiter / prefix ! vpdn-group customer3 request-dialin protocol l2tp multihop hostname tunnel-name initiate-to ip downstream LNS IP priority 1 local name my hostname l2tp tunnel password 0 mumble ! Any thoughts/suggestions? Regards, Kurt Bales ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] VPDN Multihop
Try it with vpdn authen-before-forward Ben On Tue, Feb 17, 2009 at 3:22 PM, Kurt Bales kwba...@kwbales.net wrote: Hi All, There is probably an obvious answer to this, but I am failing to make it work the way I want so I'm asking the resident experts. We are a wholesale ISP taking DSL tails as L2TP from carriers. We have an LNS which is currently setup to switch these sessions to downstream channel partners based on match against the domain/REALM. For one of the realms on which we receive L2TP sessions, we would like to select a destination (either locally terminated or switched-to-channel-partner) on a per-account basis. These currently are switched to us on a per-account basis by our upstream provider doing per-account authentication and A/V pairs to forward the sessions. Their A/V pairs are setting a tunnel-id for these. We thought was to leverage the multihop-hostname command under a request-dialin configured VPDN-group. The documentation on CCO seems to imply that it can be used to match against a VPDN tunnel-id, but we could not get that to work. multihop-hostname To enable a tunnel switch to initiate a tunnel based on the hostname or tunnel ID associated with an ingress tunnel, use the multihop-hostname command in VPDN request-dialin subgroup configuration mode. To disable this option, use the no form of this command. We tried configuring up a vpdn-group with a multihop hostname/initiate-to/local name/l2tp tunnel password, surely that would be enough to correctly match and therefore switch the session across to the downstream LNS? Unfortunately we could not get it to work, the error coming back was complaining that it could not assign a virtual-template to the session, which would seem to imply an attempt to terminate the session locally Feb 17 12:14:18: SSS MGR [uid:606]: Handling Policy Service Authorize action (1 pending sessions) Feb 17 12:14:18: SSS PM [uid:606][6858A474]: RM/VPDN disabled: RM/VPDN author not needed Feb 17 12:14:18: SSS PM [uid:606][6858A474]: AAA author needed for registered user Feb 17 12:14:18: SSS MGR [uid:606]: Got reply Need More Keys from PM Feb 17 12:14:18: SSS MGR [uid:606]: Handling Need More Keys action Feb 17 12:14:18: VPDN uid:606 disconnect (TEST-CMD) IETF: 9/nas-error Ascend: 62/VPDN No Resources Feb 17 12:14:18: VPDN uid:606 vpdn shutdown session, result=2, error=5, vendor_err=0 Feb 17 12:14:18: VPDN uid:606 VPDN/AAA: accounting stop sent Feb 17 12:14:18: L2TUN APP: uid:606handle/665997Destroying app session Feb 17 12:14:18: L2TUN APP: uid:606handle/665997Stopping service selection Feb 17 12:14:18: L2X SSS [uid:606]: Disc sent to SSS Feb 17 12:14:18: L2TP _:06839:70B5: Feb 17 12:14:18: L2TP _:06839:70B5: Shutting down session Feb 17 12:14:18: L2TP _:06839:70B5: Result Code Feb 17 12:14:18: L2TP _:06839:70B5: Call disconnected, refer to error msg (2) Feb 17 12:14:18: L2TP _:06839:70B5: Error Code Feb 17 12:14:18: L2TP _:06839:70B5: Insufficient resources (4) Feb 17 12:14:18: L2TP _:06839:70B5: Vendor Error Feb 17 12:14:18: L2TP _:06839:70B5: None (0) Feb 17 12:14:18: L2TP _:06839:70B5: Optional Message Feb 17 12:14:18: L2TP _:06839:70B5: No virtual-template specified Feb 17 12:14:18: L2TP _:06839:70B5: vpdn enable vpdn multihop vpdn aaa attribute nas-port vpdn-nas vpdn redirect vpdn logging vpdn logging local vpdn logging tunnel-drop vpdn history failure table-size 50 vpdn session-limit 2048 vpdn search-order multihop-hostname domain vpdn domain-delimiter @ suffix vpdn domain-delimiter / prefix ! vpdn-group customer3 request-dialin protocol l2tp multihop hostname tunnel-name initiate-to ip downstream LNS IP priority 1 local name my hostname l2tp tunnel password 0 mumble ! Any thoughts/suggestions? Regards, Kurt Bales ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/ ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/