[c-nsp] LNS av-pair vrf
Dears, I have an ASR functioning as a LNS, the LNS is configured as a PE router as well. I need to assign certain users to their proper VRF through the AAA server as it should be applied on the virtual-access interface. So what is the av-pair syntax required to accomplish this and the configuration required from the ASR also. Thanks, Ghassan ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] Full BGP Feed Convergence Time on ASR 1006 RP2 Setup
On Tuesday, August 16, 2011 08:02:29 AM Brent Roberts wrote: Can anyone provide real world BGP Table convergence times on 3 full Peers on an ASR 1006 RP2 for IPV4. Strictly in the IP V4 world scheme. Timing reference being sought is for the equivalent of CLEAR IP BGP ALL Command. Service engine would be a ASR1000-ESP10. I just brought up an ASR1006 + RP2 + ESP20 + SIP10, peering with 3x route reflectors, receiving a full v4/v6/VPNv4 table from them, simultaneously. For v4, the 1st session was done in about 48 seconds, the other two were done about 10 seconds earlier than that. Hope this helps. Cheers, Mark. signature.asc Description: This is a digitally signed message part. ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] Full BGP Feed Convergence Time on ASR 1006 RP2 Setup
On Tuesday, August 16, 2011 08:02:29 AM Brent Roberts wrote: Can anyone provide real world BGP Table convergence times on 3 full Peers on an ASR 1006 RP2 for IPV4. Strictly in the IP V4 world scheme. Timing reference being sought is for the equivalent of CLEAR IP BGP ALL Command. Service engine would be a ASR1000-ESP10. I just brought up an ASR1006 + RP2 + ESP20 + SIP10, peering with 3x route reflectors, receiving a full v4/v6/VPNv4 table from them, simultaneously. For v4, the 1st session was done in about 48 seconds, the other two were done about 10 seconds earlier than that. Hope this helps. Cheers, Mark. signature.asc Description: This is a digitally signed message part. ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] LNS av-pair vrf
Hi, On Fri, 11 Nov 2011, Ghassan.khalil wrote: Dears, I have an ASR functioning as a LNS, the LNS is configured as a PE router as well. I need to assign certain users to their proper VRF through the AAA server as it should be applied on the virtual-access interface. So what is the av-pair syntax required to accomplish this and the configuration required from the ASR also. I believe you would need something like: cisco-avpair=lcp:interface-config=ip vrf forwarding VRFNAME google turns up this: http://www.cisco.com/en/US/docs/routers/asr1000/configuration/guide/chassis/scaling.html Greetings Christian Thanks, Ghassan ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/ -- Christian Kratzer CK Software GmbH Email: c...@cksoft.de Wildberger Weg 24/2 Phone: +49 7032 893 997 - 0 D-71126 Gaeufelden Fax: +49 7032 893 997 - 9 HRB 245288, Amtsgericht Stuttgart Web: http://www.cksoft.de/ Geschaeftsfuehrer: Christian Kratzer ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] LNS av-pair vrf
I have an ASR functioning as a LNS, the LNS is configured as a PE router as well. I need to assign certain users to their proper VRF through the AAA server as it should be applied on the virtual-access interface. So what is the av-pair syntax required to accomplish this and the configuration required from the ASR also. the VRF itself as well as an interface Loopback n belonging to this VRF need to be defined on the ASR, and you need to nable Radius authorization (i.e. aaa authorization network default group radius or something like this). You need to define a virtual-template (I guess you already have one for your other users). Then you can include the below attributes to assign the user(s) to the VRF: Cisco-Avpair = ip:vrf-id=vrf-name, Cisco-Avpair = ip:ip-unnumbered=Loopbackn, There is also the Cisco-Avpair=lcp:interface-config=ip vrf forwarding ...\nip unnumbered ... way of assigning vrf membership, but the former is more effecient... oli ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] LNS av-pair vrf
On 11 November 2011 08:48, cisco-nsp-requ...@puck.nether.net wrote: Message: 4 Date: Fri, 11 Nov 2011 10:04:51 +0200 From: Ghassan.khalil ghassan.kha...@gmail.com To: cisco-nsp@puck.nether.net cisco-nsp@puck.nether.net Subject: [c-nsp] LNS av-pair vrf Message-ID: 87362fef-35e8-4030-90e9-fb565d70d...@gmail.com Content-Type: text/plain; charset=us-ascii Dears, I have an ASR functioning as a LNS, the LNS is configured as a PE router as well. I need to assign certain users to their proper VRF through the AAA server as it should be applied on the virtual-access interface. So what is the av-pair syntax required to accomplish this and the configuration required from the ASR also. You need to pass back some cisco-avpair attributes as part of RADIUS authorisation: cisco-avpair = lcp:interface-config=ip vrf forwarding CUST1 cisco-avpair = lcp:interface-config=ip unnumbered loopback101 The loopback101 interface (in this instance) also needs to be placed in the CUST1 VRF. A different loopback would be required on the LNS for each Customer VRF. Cheers, Matt -- Matthew Melbourne ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] LNS av-pair vrf
Thanks, As it seems from all the feedbacks that we need to have a dedicated loopback for each customer as this loopback is configured with the certain VRF. By this I will need to configure more than 100 loopbacks :) is this the only way ? It will not be a big problem as I also need to add an av-pair to those 100 users from the AAA server as well. Ghassan On Nov 11, 2011, at 11:15 AM, Matthew Melbourne m...@melbourne.org.uk wrote: On 11 November 2011 08:48, cisco-nsp-requ...@puck.nether.net wrote: Message: 4 Date: Fri, 11 Nov 2011 10:04:51 +0200 From: Ghassan.khalil ghassan.kha...@gmail.com To: cisco-nsp@puck.nether.net cisco-nsp@puck.nether.net Subject: [c-nsp] LNS av-pair vrf Message-ID: 87362fef-35e8-4030-90e9-fb565d70d...@gmail.com Content-Type: text/plain; charset=us-ascii Dears, I have an ASR functioning as a LNS, the LNS is configured as a PE router as well. I need to assign certain users to their proper VRF through the AAA server as it should be applied on the virtual-access interface. So what is the av-pair syntax required to accomplish this and the configuration required from the ASR also. You need to pass back some cisco-avpair attributes as part of RADIUS authorisation: cisco-avpair = lcp:interface-config=ip vrf forwarding CUST1 cisco-avpair = lcp:interface-config=ip unnumbered loopback101 The loopback101 interface (in this instance) also needs to be placed in the CUST1 VRF. A different loopback would be required on the LNS for each Customer VRF. Cheers, Matt -- Matthew Melbourne ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/ ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] Monitoring IPv6 BGP Peering Status via SNMP
Hi all, Joe Marr wrote: Does anyone have experience in monitoring IPv6 BGP peering via SNMP. I'm I don't know if this works with Cisco gear, but I think it's a standard MIB... Do a snmpwalk on BGP4-MIB::bgpPeerState. You will see an Entry for each BGP Peer (IPv4+IPv6) you have. But... The OID for the IPv6-Peers is notated as if it would be IPv4. =;-) So use the first (most left) 4 octets from the IPv6 address of the peer and note it decimal with points in between. This will give you the complete OID to ask for. Example: If the Peer is fe80:dad3:abcd::1 0xfe = 254 0x80 = 128 0xda = 218 0xd3 = 211 You have to ask for this OID BGP4-MIB::bgpPeerState.254.128.218.211 -- Greetz Thomas Voigt ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] Monitoring IPv6 BGP Peering Status via SNMP
Hi, On Fri, 11 Nov 2011, Voigt, Thomas wrote: Hi all, Joe Marr wrote: Does anyone have experience in monitoring IPv6 BGP peering via SNMP. I'm I don't know if this works with Cisco gear, but I think it's a standard MIB... Do a snmpwalk on BGP4-MIB::bgpPeerState. You will see an Entry for each BGP Peer (IPv4+IPv6) you have. But... The OID for the IPv6-Peers is notated as if it would be IPv4. =;-) So use the first (most left) 4 octets from the IPv6 address of the peer and note it decimal with points in between. This will give you the complete OID to ask for. which as people have pointed out before is totally pointless if you are peering with multiple peers in the same /64. The oid will be the same for all peers. Not sure if the are proprietary mibs available so that one could walk all ipv6 peers. Greetings Christian Example: If the Peer is fe80:dad3:abcd::1 0xfe = 254 0x80 = 128 0xda = 218 0xd3 = 211 You have to ask for this OID BGP4-MIB::bgpPeerState.254.128.218.211 -- Christian Kratzer CK Software GmbH Email: c...@cksoft.de Wildberger Weg 24/2 Phone: +49 7032 893 997 - 0 D-71126 Gaeufelden Fax: +49 7032 893 997 - 9 HRB 245288, Amtsgericht Stuttgart Web: http://www.cksoft.de/ Geschaeftsfuehrer: Christian Kratzer ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] LNS av-pair vrf
Ghassan, 1 loopback per VRF. -Dan -Original Message- From: cisco-nsp-boun...@puck.nether.net [mailto:cisco-nsp-boun...@puck.nether.net] On Behalf Of Ghassan.khalil Sent: Friday, 11 November 2011 6:38 PM To: Matthew Melbourne Cc: cisco-nsp@puck.nether.net Subject: Re: [c-nsp] LNS av-pair vrf Thanks, As it seems from all the feedbacks that we need to have a dedicated loopback for each customer as this loopback is configured with the certain VRF. By this I will need to configure more than 100 loopbacks :) is this the only way ? It will not be a big problem as I also need to add an av-pair to those 100 users from the AAA server as well. Ghassan On Nov 11, 2011, at 11:15 AM, Matthew Melbourne m...@melbourne.org.uk wrote: On 11 November 2011 08:48, cisco-nsp-requ...@puck.nether.net wrote: Message: 4 Date: Fri, 11 Nov 2011 10:04:51 +0200 From: Ghassan.khalil ghassan.kha...@gmail.com To: cisco-nsp@puck.nether.net cisco-nsp@puck.nether.net Subject: [c-nsp] LNS av-pair vrf Message-ID: 87362fef-35e8-4030-90e9-fb565d70d...@gmail.com Content-Type: text/plain; charset=us-ascii Dears, I have an ASR functioning as a LNS, the LNS is configured as a PE router as well. I need to assign certain users to their proper VRF through the AAA server as it should be applied on the virtual-access interface. So what is the av-pair syntax required to accomplish this and the configuration required from the ASR also. You need to pass back some cisco-avpair attributes as part of RADIUS authorisation: cisco-avpair = lcp:interface-config=ip vrf forwarding CUST1 cisco-avpair = lcp:interface-config=ip unnumbered loopback101 The loopback101 interface (in this instance) also needs to be placed in the CUST1 VRF. A different loopback would be required on the LNS for each Customer VRF. Cheers, Matt -- Matthew Melbourne ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/ ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/ ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] Monitoring IPv6 BGP Peering Status via SNMP
Cisco should have a new BGPv4 Mib out this month that can deal with v6 stuff better. I haven't seen it hit the ftp site yet though. On Fri, Nov 11, 2011 at 7:54 AM, Christian Kratzer ck-li...@cksoft.de wrote: Hi, On Fri, 11 Nov 2011, Voigt, Thomas wrote: Hi all, Joe Marr wrote: Does anyone have experience in monitoring IPv6 BGP peering via SNMP. I'm I don't know if this works with Cisco gear, but I think it's a standard MIB... Do a snmpwalk on BGP4-MIB::bgpPeerState. You will see an Entry for each BGP Peer (IPv4+IPv6) you have. But... The OID for the IPv6-Peers is notated as if it would be IPv4. =;-) So use the first (most left) 4 octets from the IPv6 address of the peer and note it decimal with points in between. This will give you the complete OID to ask for. which as people have pointed out before is totally pointless if you are peering with multiple peers in the same /64. The oid will be the same for all peers. Not sure if the are proprietary mibs available so that one could walk all ipv6 peers. Greetings Christian Example: If the Peer is fe80:dad3:abcd::1 0xfe = 254 0x80 = 128 0xda = 218 0xd3 = 211 You have to ask for this OID BGP4-MIB::bgpPeerState.254.128.218.211 -- Christian Kratzer CK Software GmbH Email: c...@cksoft.de Wildberger Weg 24/2 Phone: +49 7032 893 997 - 0 D-71126 Gaeufelden Fax: +49 7032 893 997 - 9 HRB 245288, Amtsgericht Stuttgart Web: http://www.cksoft.de/ Geschaeftsfuehrer: Christian Kratzer ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/ -- Just my $.02, your mileage may vary, batteries not included, etc ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] LNS av-pair vrf
Thanks, As it seems from all the feedbacks that we need to have a dedicated loopback for each customer as this loopback is configured with the certain VRF. By this I will need to configure more than 100 loopbacks :) is this the only way ? yes, as Daniel already mentioned. However you can assign the same IP address to all 100+ loopbacks and don't need to burn addresses.. It will not be a big problem as I also need to add an av-pair to those 100 users from the AAA server as well. not sure what you mean? oli ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] LNS av-pair vrf
Thanks Oli Matthew and Daniel, Oli what I meant with my last paragraph was that I though that all the configuration will be on the AAA side, and the creation of the new loopback interfaces was not in my calculations :). Anyway I will give it a try within a couple of days and give you a feedback guys. Really thanks On Nov 11, 2011, at 4:46 PM, Oliver Boehmer (oboehmer) oboeh...@cisco.com wrote: Thanks, As it seems from all the feedbacks that we need to have a dedicated loopback for each customer as this loopback is configured with the certain VRF. By this I will need to configure more than 100 loopbacks :) is this the only way ? yes, as Daniel already mentioned. However you can assign the same IP address to all 100+ loopbacks and don't need to burn addresses.. It will not be a big problem as I also need to add an av-pair to those 100 users from the AAA server as well. not sure what you mean? oli ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] LNS av-pair vrf
Oli what I meant with my last paragraph was that I though that all the configuration will be on the AAA side, and the creation of the new loopback interfaces was not in my calculations :). Well, neither is the creation of the actual VRFs, so you will always have to touch the LNS if you provision a new VRF. oli ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] LNS av-pair vrf
On 11 November 2011 14:41, cisco-nsp-requ...@puck.nether.net wrote: Message: 2 Date: Fri, 11 Nov 2011 09:58:33 +0100 From: Oliver Boehmer (oboehmer) oboeh...@cisco.com To: Ghassan.khalil ghassan.kha...@gmail.com, cisco-nsp@puck.nether.net Subject: Re: [c-nsp] LNS av-pair vrf Message-ID: 6e4d2678ac543844917ca081c9d6b33f05d2e...@xmb-ams-103.cisco.com Content-Type: text/plain; charset=us-ascii the VRF itself as well as an interface Loopback n belonging to this VRF need to be defined on the ASR, and you need to nable Radius authorization (i.e. aaa authorization network default group radius or something like this). You need to define a virtual-template (I guess you already have one for your other users). Then you can include the below attributes to assign the user(s) to the VRF: Cisco-Avpair = ip:vrf-id=vrf-name, Cisco-Avpair = ip:ip-unnumbered=Loopbackn, There is also the Cisco-Avpair=lcp:interface-config=ip vrf forwarding ...\nip unnumbered ... way of assigning vrf membership, but the former is more effecient... Is there a preference these days to run with the virtual-access sub-interface capable av-pairs: Cisco-Avpair = ip:vrf-id=vrf-name, Cisco-Avpair = ip:ip-unnumbered=Loopbackn, over the classical ones using lcp:interface-config? What additional attributes are required for forward the session from one non-PE LNS to another PE-capable LNS for certain customers? Presumably it's a matter of sending back more av-pairs with additional tunnel forwarding information? Cheers, Matt -- Matthew Melbourne ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] LNS av-pair vrf
Then you can include the below attributes to assign the user(s) to the VRF: Cisco-Avpair = ip:vrf-id=vrf-name, Cisco-Avpair = ip:ip-unnumbered=Loopbackn, There is also the Cisco-Avpair=lcp:interface-config=ip vrf forwarding ...\nip unnumbered ... way of assigning vrf membership, but the former is more effecient... Is there a preference these days to run with the virtual-access sub-interface capable av-pairs: Cisco-Avpair = ip:vrf-id=vrf-name, Cisco-Avpair = ip:ip-unnumbered=Loopbackn, over the classical ones using lcp:interface-config? Well, with the knob aaa policy interface-config allow-subinterface, most lcp:interface-config commands will no longer force a full VAI, so you can still benefit from the higher sub-VAI scalability. But even if you use this knob, lcp:interface-config can be a bit slower when it comes to bringing up the session, which can be a concern when you need to bring up lots of session within a short while. So as long as you use the knob (or lcp:interface-config allow-subinterface=yes in the profile), scalability is quite ok.. BTW: I also recall that new releases actually have this knob on per default.. It's been a while since I did radius/lns stuff :-} What additional attributes are required for forward the session from one non-PE LNS to another PE-capable LNS for certain customers? Presumably it's a matter of sending back more av-pairs with additional tunnel forwarding information? indeed. For that to work, I would enable vpdn multihop vpdn authen-before-forward ! see [1] for the 2nd cmd and then you can include ! if you use , instead of /, you can load-share across addresses instead of failing over. Cisco-AVPair = vpdn:ip-addresses=x.x.x.x/y.y.y.y , Cisco-AVPair = vpdn:l2tp-tunnel-password=cisco, Cisco-AVPair = vpdn:tunnel-type=l2tp to forward the session to another LNS. You can also use IETF attributes (check http://www.cisco.com/en/US/docs/ios/12_0t/12_0t5/feature/guide/rad_attr.html). oli [1] http://www.cisco.com/en/US/tech/tk801/tk703/technologies_configuration_example09186a0080094860.shtml ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] 1Gig-10Gig port-channel migration
Update for the archives: we realized it was simpler to put one of the 6500s into maintenance mode (max-metric, shutdown downstream connections etc) and then migrate the port-channel. This worked well. Thanks to all for their suggestions. On Thu, Oct 13, 2011 at 11:03 AM, Tim Durack tdur...@gmail.com wrote: I'm looking for ideas on a smart way to upgrade a 4x 1Gig port-channel to a 2x 10Gig port-channel with minimal/no impact. Port-channel connects two 6500s, 12.2(33)SXI6, collapsed core/aggregation/WAN/Internet/P/PE (we like to maximize ROI :-) -- Tim: ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] understanding interface traffic counters of Cisco router and Cisco switch
Sergey, Christopher: I doubt that it's the VLAN tag which adds this additional 0.3% traffic to switch interface counters when compared to router interface counters. As far as I understand, VLAN tag is added in case when frame leaves the switch via trunk(802.1Q) port, but this is not a case in my test- all the switch ports are in switchport mode access. Traffic between switch ports in the switch should have no VLAN information applied.. Any other ideas? Or am I wrong that traffic inside the switch-internal-VLAN has no VLAN tag information? regards, martin 2011/11/11 Christopher J. Pilkington c...@0x1.net: Fa0/1 is an access port, not a 802.1q trunk, the traffic on that interface is not tagged, so the monitor destination will see untagged traffic. On Nov 10, 2011, at 19:38, Martin T m4rtn...@gmail.com wrote: Sergey, I modified the setup a little: http://img64.imageshack.us/img64/5736/interfacestrafficcounte.png ..so now port Fa0/3 in the switch is in monitoring state and all the traffic from switch port Fa0/1 is copied to Fa0/3, which is connected to eth1 interface on ubuntu machine. Now if I start tcpdump -nei eth1 -c10 in ubuntu machine in the middle of the iperf test, then results are: root@ubuntu:~# tcpdump -nei eth1 -c10 tcpdump: WARNING: eth1: no IPv4 address assigned tcpdump: verbose output suppressed, use -v or -vv for full protocol decode listening on eth1, link-type EN10MB (Ethernet), capture size 65535 bytes 00:10:30.167558 10:40:10:40:10:40 00:06:d7:4d:c0:61, ethertype IPv4 (0x0800), length 1512: 10.10.10.2.54064 10.10.11.2.5001: UDP, length 1470 00:10:30.167563 00:06:d7:4d:c0:61 10:40:10:40:10:40, ethertype IPv4 (0x0800), length 1512: 10.10.11.2.46531 10.10.10.2.5001: UDP, length 1470 00:10:30.168556 10:40:10:40:10:40 00:06:d7:4d:c0:61, ethertype IPv4 (0x0800), length 1512: 10.10.10.2.54064 10.10.11.2.5001: UDP, length 1470 00:10:30.168805 00:06:d7:4d:c0:61 10:40:10:40:10:40, ethertype IPv4 (0x0800), length 1512: 10.10.11.2.46531 10.10.10.2.5001: UDP, length 1470 00:10:30.169805 10:40:10:40:10:40 00:06:d7:4d:c0:61, ethertype IPv4 (0x0800), length 1512: 10.10.10.2.54064 10.10.11.2.5001: UDP, length 1470 00:10:30.170055 00:06:d7:4d:c0:61 10:40:10:40:10:40, ethertype IPv4 (0x0800), length 1512: 10.10.11.2.46531 10.10.10.2.5001: UDP, length 1470 00:10:30.171054 10:40:10:40:10:40 00:06:d7:4d:c0:61, ethertype IPv4 (0x0800), length 1512: 10.10.10.2.54064 10.10.11.2.5001: UDP, length 1470 00:10:30.171303 00:06:d7:4d:c0:61 10:40:10:40:10:40, ethertype IPv4 (0x0800), length 1512: 10.10.11.2.46531 10.10.10.2.5001: UDP, length 1470 00:10:30.172304 10:40:10:40:10:40 00:06:d7:4d:c0:61, ethertype IPv4 (0x0800), length 1512: 10.10.10.2.54064 10.10.11.2.5001: UDP, length 1470 00:10:30.172308 00:06:d7:4d:c0:61 10:40:10:40:10:40, ethertype IPv4 (0x0800), length 1512: 10.10.11.2.46531 10.10.10.2.5001: UDP, length 1470 10 packets captured 10 packets received by filter 0 packets dropped by kernel root@ubuntu:~# In other words it looks like traffic isn't VLAN-tagged(ethertype should be 0x8100 in this case). Or might this be some sort of switch-internal VLAN tag? regards, martin 2011/11/10 Sergey Nikitin oldn...@oldnick.ru: Hi, Most likely this is because of 802.1Q tag (4 bytes) added to the counter on a switch interface (and obviously you don't see this tag on a router interface). For example, interfaces Fa3/0 and Fa0/24: 773476480 - 771435576 = 2040904 2040904 / 510226 = 4 HTH Martin T wrote: I made a following setup: http://img828.imageshack.us/img828/5736/interfacestrafficcounte.png ..and executed iperf -s -u -fm in ubuntu machine and iperf -c 10.10.11.2 -fm -u -d -b 10m -t600 in PE860 machine. Before the test I cleared all interface counters. Iperf results were following: root@PE860:~# iperf -c 10.10.11.2 -fm -u -d -b 10m -t600 Server listening on UDP port 5001 Receiving 1470 byte datagrams UDP buffer size: 0.12 MByte (default) Client connecting to 10.10.11.2, UDP port 5001 Sending 1470 byte datagrams UDP buffer size: 0.12 MByte (default) [ 3] local 10.10.10.2 port 44911 connected with 10.10.11.2 port 5001 [ 4] local 10.10.10.2 port 5001 connected with 10.10.11.2 port 49469 [ ID] Interval Transfer Bandwidth Jitter Lost/Total Datagrams [ 4] 0.0-600.0 sec 715 MBytes 10.0 Mbits/sec 0.008 ms 0/510205 (0%) [ 4] 0.0-600.0 sec 1 datagrams received out-of-order [ 3] 0.0-600.0 sec 715 MBytes 10.0 Mbits/sec [ 3] Sent 510206 datagrams [ 3] Server Report: [ 3] 0.0-600.0 sec 715 MBytes 10.0 Mbits/sec 0.026 ms 2/510205 (0.00039%) [ 3] 0.0-600.0 sec 1 datagrams received out-of-order root@PE860:~# For
Re: [c-nsp] understanding interface traffic counters of Cisco router and Cisco switch
What about all the other control packet stuff that might be running on the switch (CDP, Spanning Tree, VTP, etc)? Thanks, Erik Soosalu -Original Message- From: cisco-nsp-boun...@puck.nether.net [mailto:cisco-nsp-boun...@puck.nether.net] On Behalf Of Martin T Sent: Friday, November 11, 2011 2:12 PM To: Christopher J. Pilkington Cc: cisco-nsp@puck.nether.net Subject: Re: [c-nsp] understanding interface traffic counters of Cisco router and Cisco switch Sergey, Christopher: I doubt that it's the VLAN tag which adds this additional 0.3% traffic to switch interface counters when compared to router interface counters. As far as I understand, VLAN tag is added in case when frame leaves the switch via trunk(802.1Q) port, but this is not a case in my test- all the switch ports are in switchport mode access. Traffic between switch ports in the switch should have no VLAN information applied.. Any other ideas? Or am I wrong that traffic inside the switch-internal-VLAN has no VLAN tag information? regards, martin 2011/11/11 Christopher J. Pilkington c...@0x1.net: Fa0/1 is an access port, not a 802.1q trunk, the traffic on that interface is not tagged, so the monitor destination will see untagged traffic. On Nov 10, 2011, at 19:38, Martin T m4rtn...@gmail.com wrote: Sergey, I modified the setup a little: http://img64.imageshack.us/img64/5736/interfacestrafficcounte.png ..so now port Fa0/3 in the switch is in monitoring state and all the traffic from switch port Fa0/1 is copied to Fa0/3, which is connected to eth1 interface on ubuntu machine. Now if I start tcpdump -nei eth1 -c10 in ubuntu machine in the middle of the iperf test, then results are: root@ubuntu:~# tcpdump -nei eth1 -c10 tcpdump: WARNING: eth1: no IPv4 address assigned tcpdump: verbose output suppressed, use -v or -vv for full protocol decode listening on eth1, link-type EN10MB (Ethernet), capture size 65535 bytes 00:10:30.167558 10:40:10:40:10:40 00:06:d7:4d:c0:61, ethertype IPv4 (0x0800), length 1512: 10.10.10.2.54064 10.10.11.2.5001: UDP, length 1470 00:10:30.167563 00:06:d7:4d:c0:61 10:40:10:40:10:40, ethertype IPv4 (0x0800), length 1512: 10.10.11.2.46531 10.10.10.2.5001: UDP, length 1470 00:10:30.168556 10:40:10:40:10:40 00:06:d7:4d:c0:61, ethertype IPv4 (0x0800), length 1512: 10.10.10.2.54064 10.10.11.2.5001: UDP, length 1470 00:10:30.168805 00:06:d7:4d:c0:61 10:40:10:40:10:40, ethertype IPv4 (0x0800), length 1512: 10.10.11.2.46531 10.10.10.2.5001: UDP, length 1470 00:10:30.169805 10:40:10:40:10:40 00:06:d7:4d:c0:61, ethertype IPv4 (0x0800), length 1512: 10.10.10.2.54064 10.10.11.2.5001: UDP, length 1470 00:10:30.170055 00:06:d7:4d:c0:61 10:40:10:40:10:40, ethertype IPv4 (0x0800), length 1512: 10.10.11.2.46531 10.10.10.2.5001: UDP, length 1470 00:10:30.171054 10:40:10:40:10:40 00:06:d7:4d:c0:61, ethertype IPv4 (0x0800), length 1512: 10.10.10.2.54064 10.10.11.2.5001: UDP, length 1470 00:10:30.171303 00:06:d7:4d:c0:61 10:40:10:40:10:40, ethertype IPv4 (0x0800), length 1512: 10.10.11.2.46531 10.10.10.2.5001: UDP, length 1470 00:10:30.172304 10:40:10:40:10:40 00:06:d7:4d:c0:61, ethertype IPv4 (0x0800), length 1512: 10.10.10.2.54064 10.10.11.2.5001: UDP, length 1470 00:10:30.172308 00:06:d7:4d:c0:61 10:40:10:40:10:40, ethertype IPv4 (0x0800), length 1512: 10.10.11.2.46531 10.10.10.2.5001: UDP, length 1470 10 packets captured 10 packets received by filter 0 packets dropped by kernel root@ubuntu:~# In other words it looks like traffic isn't VLAN-tagged(ethertype should be 0x8100 in this case). Or might this be some sort of switch-internal VLAN tag? regards, martin 2011/11/10 Sergey Nikitin oldn...@oldnick.ru: Hi, Most likely this is because of 802.1Q tag (4 bytes) added to the counter on a switch interface (and obviously you don't see this tag on a router interface). For example, interfaces Fa3/0 and Fa0/24: 773476480 - 771435576 = 2040904 2040904 / 510226 = 4 HTH Martin T wrote: I made a following setup: http://img828.imageshack.us/img828/5736/interfacestrafficcounte.png ..and executed iperf -s -u -fm in ubuntu machine and iperf -c 10.10.11.2 -fm -u -d -b 10m -t600 in PE860 machine. Before the test I cleared all interface counters. Iperf results were following: root@PE860:~# iperf -c 10.10.11.2 -fm -u -d -b 10m -t600 Server listening on UDP port 5001 Receiving 1470 byte datagrams UDP buffer size: 0.12 MByte (default) Client connecting to 10.10.11.2, UDP port 5001 Sending 1470 byte datagrams UDP buffer size: 0.12 MByte (default) [ 3] local 10.10.10.2 port 44911 connected with 10.10.11.2 port 5001 [ 4] local 10.10.10.2 port 5001 connected with 10.10.11.2 port 49469 [ ID] Interval
Re: [c-nsp] Full BGP Feed Convergence Time on ASR 1006 RP2 Setup
On Fri, Nov 11, 2011 at 2:45 AM, Mark Tinka mti...@globaltransit.net wrote: I just brought up an ASR1006 + RP2 + ESP20 + SIP10, peering with 3x route reflectors, receiving a full v4/v6/VPNv4 table from them, simultaneously. For v4, the 1st session was done in about 48 seconds, the other two were done about 10 seconds earlier than that. Hope this helps. Cheers, Mark. Silly question time, but how are you judging that time on - router has stopped receiving prefixes on show ip bgp sum (or neighbor). Or are you defining it having a full feed with some other metric? Thanks ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] Operational experiences of aggressive bgp keepalive timers in private-IP (non-internet) networks?
Thanks guys. Maybe I'll compromise on 1/4 and see how it works at a few sites, and monitor the logs for hold timer expired, etc. I'd love to do BFD, but: For internal links, Cisco chooses to license it with the DATA license on ISRs, limiting it's adoption on CE equipment. The economics just aren't there for a basic IP-in IP-out box. It's really a simple feature that shouldn't be with licensing for stuff like MPLS, L2TPV3, DECNET, IPX, etc... but that's just my opinion. and For external links, my SP can't suppose it on all their equipment, they tell me due to control plane CPU issues if all customers used it. On Mon, Nov 7, 2011 at 12:43 AM, David Hughes da...@hughes.com.au wrote: Not specifically on ISR's, but we ran BGP timers of 1/5 on iBGP peers for years without issue. That included LAN, metro dark fibre, and interstate managed ethernet attached devices. In the mix of devices were various generations of 7200's which would have far less control plane processing power than current ISR's David ... On 04/11/2011, at 11:39 AM, P C wrote: What experiences have you had using very aggressive BGP timers on ISR's connecting to a service provider IP VPN/MPLS services on T1 and Ethernet links? Assuming the proper QOS is in place, have values as low as 1/3 or 2/6 proven reliable in production operations? ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/ ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
[c-nsp] ASA vs. ASR for large Wireless NAT deployment ?
We have a large campus wireless (~8-10K clients simultaneously) network that we are considering moving to private address space and NAT'ing to the outside world. I'm looking at the ASA 5585 with SSP20 or an ASA 1004 with an ESP20 and RP2. One requirement is that the NAT device not mangle IPv6 and only NAT IPv4 traffic destined to the Internet (we route some private address space internally). Any recommendations ? Thanks. -Neil -- Neil Johnson Network Engineer The University of Iowa Phone: 319 384-0938 Fax: 319 335-2951 Mobile: 319 540-2081 E-Mail: neil-john...@uiowa.edu ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] understanding interface traffic counters of Cisco router and Cisco switch
Erik, Harold: I already had disabled CDP and BPDU's. At the moment all switch interfaces involved in this setup have following configuration: switchport access vlan 333 switchport mode access switchport nonegotiate no keepalive no cdp enable spanning-tree bpdufilter enable spanning-tree bpduguard enable ..and spanning-tree on VLAN 333 is disabled(no spanning-tree vlan 333). Updated drawing is here: http://img525.imageshack.us/img525/5736/interfacestrafficcounte.png On top of all this I configured SPAN which had Fa0/1 as a source interface and Fa0/3 as a destination one: monitor session 1 source interface Fa0/1 monitor session 1 destination interface Fa0/3 ..and PC with tcpdump -nei eth0 not host 10.10.10.2 running was listening port Fa0/3. Throughout the 900 seconds long test(iperf -c 10.10.11.2 -u -d -b 20m -t 900) all that tcpdump captured were ARP requests and replies. In other words it looks like there are no protocols running on the switch which might cause such overhead.. In this case, as I mentioned, I did a 900s test with 20Mbps in both directions and difference between switch interfaces and router interfaces were 0.3% as usual: Cisco2950#show interfaces Fa0/1 | i packets input|packets output 1530640 packets input, 2320402324 bytes, 0 no buffer 1530646 packets output, 2320409968 bytes, 0 underruns Cisco2950#show interfaces Fa0/2 | i packets input|packets output 1530640 packets input, 2320409584 bytes, 0 no buffer 1530636 packets output, 2320402068 bytes, 0 underruns Cisco2950#show interfaces Fa0/23 | i packets input|packets output 1530645 packets input, 2320409904 bytes, 0 no buffer 1530641 packets output, 2320402388 bytes, 0 underruns Cisco2950#show interfaces Fa0/24 | i packets input|packets output 1530636 packets input, 2320402362 bytes, 0 no buffer 1530641 packets output, 2320409648 bytes, 0 underruns Cisco2950# C3640#show interfaces Fa2/0 | i packets input|packets output 1530641 packets input, 2314279824 bytes 1530645 packets output, 2314287324 bytes, 0 underruns C3640#show interfaces Fa3/0 | i packets input|packets output 1530641 packets input, 2314287084 bytes 1530635 packets output, 2314279464 bytes, 0 underruns C3640# Any additional ideas? :) regards, martin 2011/11/11 Erik Soosalu erik.soos...@calyxinc.com: What about all the other control packet stuff that might be running on the switch (CDP, Spanning Tree, VTP, etc)? Thanks, Erik Soosalu -Original Message- From: cisco-nsp-boun...@puck.nether.net [mailto:cisco-nsp-boun...@puck.nether.net] On Behalf Of Martin T Sent: Friday, November 11, 2011 2:12 PM To: Christopher J. Pilkington Cc: cisco-nsp@puck.nether.net Subject: Re: [c-nsp] understanding interface traffic counters of Cisco router and Cisco switch Sergey, Christopher: I doubt that it's the VLAN tag which adds this additional 0.3% traffic to switch interface counters when compared to router interface counters. As far as I understand, VLAN tag is added in case when frame leaves the switch via trunk(802.1Q) port, but this is not a case in my test- all the switch ports are in switchport mode access. Traffic between switch ports in the switch should have no VLAN information applied.. Any other ideas? Or am I wrong that traffic inside the switch-internal-VLAN has no VLAN tag information? regards, martin 2011/11/11 Christopher J. Pilkington c...@0x1.net: Fa0/1 is an access port, not a 802.1q trunk, the traffic on that interface is not tagged, so the monitor destination will see untagged traffic. On Nov 10, 2011, at 19:38, Martin T m4rtn...@gmail.com wrote: Sergey, I modified the setup a little: http://img64.imageshack.us/img64/5736/interfacestrafficcounte.png ..so now port Fa0/3 in the switch is in monitoring state and all the traffic from switch port Fa0/1 is copied to Fa0/3, which is connected to eth1 interface on ubuntu machine. Now if I start tcpdump -nei eth1 -c10 in ubuntu machine in the middle of the iperf test, then results are: root@ubuntu:~# tcpdump -nei eth1 -c10 tcpdump: WARNING: eth1: no IPv4 address assigned tcpdump: verbose output suppressed, use -v or -vv for full protocol decode listening on eth1, link-type EN10MB (Ethernet), capture size 65535 bytes 00:10:30.167558 10:40:10:40:10:40 00:06:d7:4d:c0:61, ethertype IPv4 (0x0800), length 1512: 10.10.10.2.54064 10.10.11.2.5001: UDP, length 1470 00:10:30.167563 00:06:d7:4d:c0:61 10:40:10:40:10:40, ethertype IPv4 (0x0800), length 1512: 10.10.11.2.46531 10.10.10.2.5001: UDP, length 1470 00:10:30.168556 10:40:10:40:10:40 00:06:d7:4d:c0:61, ethertype IPv4 (0x0800), length 1512: 10.10.10.2.54064 10.10.11.2.5001: UDP, length 1470 00:10:30.168805 00:06:d7:4d:c0:61 10:40:10:40:10:40, ethertype IPv4 (0x0800), length 1512: 10.10.11.2.46531 10.10.10.2.5001: UDP, length 1470 00:10:30.169805 10:40:10:40:10:40 00:06:d7:4d:c0:61, ethertype IPv4 (0x0800), length 1512:
[c-nsp] OSPF issue
OSPF Issue Hope someone can assist with an ospf problem - We have an existing ospf adj running fine between R1+R2, we have just provisioned a second link, enabled ospf and we see it form adjacency which lasts ~60seconds, then R1 sees R2 as dead, and R2 Cannot see ourself in hello from R1, and then the whole thing starts again. With both adj. up(From R1): Neighbor ID Pri State Dead Time Address Interfacexxx.xxx.76.2481 FULL/DR 00:00:00xxx.xxx.66.62 Port-channel1.87xxx.xxx.76.2481 FULL/DR 00:00:39xxx.xxx.66.2 FastEthernet3/0 Then new link loses adj. after ~60seconds Neighbor ID Pri State Dead Time Address Interfacexxx.xxx.76.2481 FULL/DR 00:00:38xxx.xxx.66.2 FastEthernet3/0 NB - pings to/from both R1+R2 are clean(No loss/excessive latency), and both ends(Ints) set to mtu of 1500. R1 logs Nov 12 10:12:48.716 aest: OSPF: xxx.xxx.76.248 address xxx.xxx.66.62 on Port-channel1.87 is deadNov 12 10:12:48.716 aest: OSPF: xxx.xxx.76.248 address xxx.xxx.66.62 on Port-channel1.87 is dead, state DOWNNov 12 10:12:48.716 aest: %OSPF-5-ADJCHG: Process 100, Nbr xxx.xxx.76.248 on Port-channel1.87 from FULL to DOWN, Neighbor Down: Dead timer expiredNov 12 10:12:48.716 aest: OSPF: Neighbor change Event on interface Port-channel1.87Nov 12 10:12:48.716 aest: OSPF: DR/BDR election on Port-channel1.87 Nov 12 10:12:48.716 aest: OSPF: Elect BDR xxx.xxx.76.238Nov 12 10:12:48.716 aest: OSPF: Elect DR xxx.xxx.76.238Nov 12 10:12:48.716 aest: OSPF: Elect BDR 0.0.0.0Nov 12 10:12:48.716 aest: OSPF: Elect DR xxx.xxx.76.238Nov 12 10:12:48.716 aest:DR: xxx.xxx.76.238 (Id) BDR: none Nov 12 10:12:48.716 aest: OSPF: Reset Port-channel1.87 flush timerNov 12 10:12:48.716 aest: OSPF: Remember old DR xxx.xxx.76.248 (id)Nov 12 10:12:49.216 aest: OSPF: Send with youngest Key 10Nov 12 10:12:4! 9.216 aest: OSPF: Send with youngest Key 10Nov 12 10:12:49.216 aest: OSPF: Send with youngest Key 10Nov 12 10:12:49.216 aest: OSPF: Build router LSA for area 0.0.0.0, router ID xxx.xxx.76.238, seq 0x80014360, process 100Nov 12 10:12:49.216 aest: OSPF: No full nbrs to build Net Lsa for interface Port-channel1.87Nov 12 10:12:51.716 aest: OSPF: Send with youngest Key 10Nov 12 10:12:51.732 aest: OSPF: Send with youngest Key 10Nov 12 10:12:58.432 aest: OSPF: Send with youngest Key 10Nov 12 10:12:58.432 aest: OSPF: Send with youngest Key 10Nov 12 10:12:58.432 aest: OSPF: Send with youngest Key 10Nov 12 10:12:58.432 aest: OSPF: Send with youngest Key 10Nov 12 10:12:58.448 aest: OSPF: 2 Way Communication to xxx.xxx.76.248 on Port-channel1.87, state 2WAYNov 12 10:12:58.448 aest: OSPF: Neighbor change Event on interface Port-channel1.87Nov 12 10:12:58.448 aest: OSPF: DR/BDR election on Port-channel1.87 Nov 12 10:12:58.448 aest: OSPF: Elect BDR 0.0.0.0Nov 12 10:12:58.448 aest: OSPF: E! lect DR xxx.xxx.76.248Nov 12 10:12:58.448 aest: OSPF: Elect BDR xxx.xxx.76.238Nov 12 10:12:58.448 aest: OSPF: Elect DR xxx.xxx.76.248Nov 12 10:12:58.448 aest:DR: xxx.xxx.76.248 (Id) BDR: xxx.xxx.76.238 (Id)Nov 12 10:12:58.448 aest: OSPF: Send DBD to xxx.xxx.76.248 on Port-channel1.87 seq 0x1717 opt 0x52 flag 0x7 len 32Nov 12 10:12:58.448 aest: OSPF: Send with youngest Key 10Nov 12 10:12:58.448 aest: OSPF: Set Port-channel1.87 flush timerNov 12 10:12:58.448 aest: OSPF: Remember old DR xxx.xxx.76.238 (id)Nov 12 10:12:58.448 aest: OSPF: Neighbor change Event on interface Port-channel1.87Nov 12 10:12:58.448 aest: OSPF: DR/BDR election on Port-channel1.87 Nov 12 10:12:58.448 aest: OSPF: Elect BDR xxx.xxx.76.238Nov 12 10:12:58.448 aest: OSPF: Elect DR xxx.xxx.76.248Nov 12 10:12:58.448 aest:DR: xxx.xxx.76.248 (Id) BDR: xxx.xxx.76.238 (Id)Nov 12 10:12:58.464 aest: OSPF: Rcv DBD from xxx.xxx.76.248 on Port-channel1.87 seq 0xB50 opt 0x52 flag 0x7 len 32 mtu 1500 state EXSTARTNov 12 10:12:58.464 aest: OSPF: NBR Negotiation Done. We a! re the SLAVENov 12 10:12:58.464 aest: OSPF: Send DBD to xxx.xxx.76.248 on Port-channel1.87 seq 0xB50 opt 0x52 flag 0x2 len 1412Nov 12 10:12:58.464 aest: OSPF: Send with youngest Key 10Nov 12 10:12:58.484 aest: OSPF: Rcv DBD from xxx.xxx.76.248 on Port-channel1.87 seq 0xB51 opt 0x52 flag 0x3 len 1412 mtu 1500 state EXCHANGENov 12 10:12:58.484 aest: OSPF: Send DBD to xxx.xxx.76.248 on Port-channel1.87 seq 0xB51 opt 0x52 flag 0x2 len 1412Nov 12 10:12:58.484 aest: OSPF: Send with youngest Key 10Nov 12 10:12:58.500 aest: OSPF: Rcv DBD from xxx.xxx.76.248 on Port-channel1.87 seq 0xB52 opt 0x52 flag 0x3 len 1412 mtu 1500 state EXCHANGENov 12 10:12:58.500 aest: OSPF: Send DBD to xxx.xxx.76.248 on Port-channel1.87 seq 0xB52 opt 0x52 flag 0x2 len 1412Nov 12 10:12:58.500 aest: OSPF: Send with youngest Key 10Nov 12 10:12:58.520 aest: OSPF: Rcv DBD from xxx.xxx.76.248 on Port-channel1.87 seq 0xB53 opt 0x52 flag 0x3 len 1412 mtu 1500 state EXCHANGENov 12 10:12:58.520
Re: [c-nsp] OSPF issue
Err - dont know where the line breaks went in that msg? I'll try re-send(Hopefully a tad more readable) Hope someone can assist with an ospf problem - We have an existing ospf adj running fine between R1+R2, we have just provisioned a second link, enabled ospf and we see it form adjacency which lasts ~60seconds, then R1 sees R2 as dead, and R2 Cannot see ourself in hello from R1, and then the whole thing starts again. With both adj. up(From R1):Neighbor ID Pri State Dead Time Address Interfacexxx.xxx.76.2481 FULL/DR 00:00:00 xxx.xxx.66.62 Port-channel1.87xxx.xxx.76.2481 FULL/DR 00:00:39 xxx.xxx.66.2FastEthernet3/0 Then new link loses adj. after ~60secondsNeighbor ID Pri State Dead Time Address Interfacexxx.xxx.76.2481 FULL/DR 00:00:38xxx.xxx.66.2FastEthernet3/0 NB - pings to/from both R1+R2 are clean(No loss/excessive latency), and both ends(Ints) set to mtu of 1500. R1 logs Nov 12 10:12:48.716 aest: OSPF: xxx.xxx.76.248 address xxx.xxx.66.62 on Port-channel1.87 is deadNov 12 10:12:48.716 aest: OSPF: xxx.xxx.76.248 address xxx.xxx.66.62 on Port-channel1.87 is dead, state DOWNNov 12 10:12:48.716 aest: %OSPF-5-ADJCHG: Process 100, Nbr xxx.xxx.76.248 on Port-channel1.87 from FULL to DOWN, Neighbor Down: Dead timer expiredNov 12 10:12:48.716 aest: OSPF: Neighbor change Event on interface Port-channel1.87Nov 12 10:12:48.716 aest: OSPF: DR/BDR election on Port-channel1.87 Nov 12 10:12:48.716 aest: OSPF: Elect BDR xxx.xxx.76.238Nov 12 10:12:48.716 aest: OSPF: Elect DR xxx.xxx.76.238Nov 12 10:12:48.716 aest: OSPF: Elect BDR 0.0.0.0Nov 12 10:12:48.716 aest: OSPF: Elect DR xxx.xxx.76.238Nov 12 10:12:48.716 aest:DR: xxx.xxx.76.238 (Id) BDR: none Nov 12 10:12:48.716 aest: OSPF: Reset Port-channel1.87 flush timerNov 12 10:12:48.716 aest: OSPF: Remember old DR xxx.xxx.76.248 (id)Nov 12 10:12:49.216 aest: OSPF: Send with youngest Key 10Nov 12 10:12:4! 9.216 aest: OSPF: Send with youngest Key 10Nov 12 10:12:49.216 aest: OSPF: Send with youngest Key 10Nov 12 10:12:49.216 aest: OSPF: Build router LSA for area 0.0.0.0, router ID xxx.xxx.76.238, seq 0x80014360, process 100Nov 12 10:12:49.216 aest: OSPF: No full nbrs to build Net Lsa for interface Port-channel1.87Nov 12 10:12:51.716 aest: OSPF: Send with youngest Key 10Nov 12 10:12:51.732 aest: OSPF: Send with youngest Key 10Nov 12 10:12:58.432 aest: OSPF: Send with youngest Key 10Nov 12 10:12:58.432 aest: OSPF: Send with youngest Key 10Nov 12 10:12:58.432 aest: OSPF: Send with youngest Key 10Nov 12 10:12:58.432 aest: OSPF: Send with youngest Key 10Nov 12 10:12:58.448 aest: OSPF: 2 Way Communication to xxx.xxx.76.248 on Port-channel1.87, state 2WAYNov 12 10:12:58.448 aest: OSPF: Neighbor change Event on interface Port-channel1.87Nov 12 10:12:58.448 aest: OSPF: DR/BDR election on Port-channel1.87 Nov 12 10:12:58.448 aest: OSPF: Elect BDR 0.0.0.0Nov 12 10:12:58.448 aest: OSPF: E! lect DR xxx.xxx.76.248Nov 12 10:12:58.448 aest: OSPF: Elect BDR xxx.xxx.76.238Nov 12 10:12:58.448 aest: OSPF: Elect DR xxx.xxx.76.248Nov 12 10:12:58.448 aest:DR: xxx.xxx.76.248 (Id) BDR: xxx.xxx.76.238 (Id)Nov 12 10:12:58.448 aest: OSPF: Send DBD to xxx.xxx.76.248 on Port-channel1.87 seq 0x1717 opt 0x52 flag 0x7 len 32Nov 12 10:12:58.448 aest: OSPF: Send with youngest Key 10Nov 12 10:12:58.448 aest: OSPF: Set Port-channel1.87 flush timerNov 12 10:12:58.448 aest: OSPF: Remember old DR xxx.xxx.76.238 (id)Nov 12 10:12:58.448 aest: OSPF: Neighbor change Event on interface Port-channel1.87Nov 12 10:12:58.448 aest: OSPF: DR/BDR election on Port-channel1.87 Nov 12 10:12:58.448 aest: OSPF: Elect BDR xxx.xxx.76.238Nov 12 10:12:58.448 aest: OSPF: Elect DR xxx.xxx.76.248Nov 12 10:12:58.448 aest:DR: xxx.xxx.76.248 (Id) BDR: xxx.xxx.76.238 (Id)Nov 12 10:12:58.464 aest: OSPF: Rcv DBD from xxx.xxx.76.248 on Port-channel1.87 seq 0xB50 opt 0x52 flag 0x7 len 32 mtu 1500 state EXSTARTNov 12 10:12:58.464 aest: OSPF: NBR Negotiation Done. We a! re the SLAVENov 12 10:12:58.464 aest: OSPF: Send DBD to xxx.xxx.76.248 on Port-channel1.87 seq 0xB50 opt 0x52 flag 0x2 len 1412Nov 12 10:12:58.464 aest: OSPF: Send with youngest Key 10Nov 12 10:12:58.484 aest: OSPF: Rcv DBD from xxx.xxx.76.248 on Port-channel1.87 seq 0xB51 opt 0x52 flag 0x3 len 1412 mtu 1500 state EXCHANGENov 12 10:12:58.484 aest: OSPF: Send DBD to xxx.xxx.76.248 on Port-channel1.87 seq 0xB51 opt 0x52 flag 0x2 len 1412Nov 12 10:12:58.484 aest: OSPF: Send with youngest Key 10Nov 12 10:12:58.500 aest: OSPF: Rcv DBD from xxx.xxx.76.248 on Port-channel1.87 seq 0xB52 opt 0x52 flag 0x3 len 1412 mtu 1500 state EXCHANGENov 12 10:12:58.500 aest: OSPF: Send DBD to xxx.xxx.76.248 on Port-channel1.87 seq 0xB52 opt 0x52 flag 0x2 len 1412Nov 12 10:12:58.500 aest: OSPF: Send with youngest Key 10Nov 12 10:12:58.520 aest: OSPF: Rcv DBD from xxx.xxx.76.248 on
Re: [c-nsp] OSPF issue
Well, that turned out better :/ From: johnellio...@hotmail.com To: cisco-nsp@puck.nether.net Date: Sat, 12 Nov 2011 11:47:58 +1100 Subject: Re: [c-nsp] OSPF issue Err - dont know where the line breaks went in that msg? I'll try re-send(Hopefully a tad more readable) Hope someone can assist with an ospf problem - We have an existing ospf adj running fine between R1+R2, we have just provisioned a second link, enabled ospf and we see it form adjacency which lasts ~60seconds, then R1 sees R2 as dead, and R2 Cannot see ourself in hello from R1, and then the whole thing starts again. With both adj. up(From R1):Neighbor ID Pri State Dead Time Address Interfacexxx.xxx.76.2481 FULL/DR 00:00:00 xxx.xxx.66.62 Port-channel1.87xxx.xxx.76.2481 FULL/DR 00:00:39xxx.xxx.66.2FastEthernet3/0 Then new link loses adj. after ~60secondsNeighbor ID Pri State Dead Time Address Interfacexxx.xxx.76.2481 FULL/DR 00:00:38xxx.xxx.66.2FastEthernet3/0 NB - pings to/from both R1+R2 are clean(No loss/excessive latency), and both ends(Ints) set to mtu of 1500. R1 logs Nov 12 10:12:48.716 aest: OSPF: xxx.xxx.76.248 address xxx.xxx.66.62 on Port-channel1.87 is deadNov 12 10:12:48.716 aest: OSPF: xxx.xxx.76.248 address xxx.xxx.66.62 on Port-channel1.87 is dead, state DOWNNov 12 10:12:48.716 aest: %OSPF-5-ADJCHG: Process 100, Nbr xxx.xxx.76.248 on Port-channel1.87 from FULL to DOWN, Neighbor Down: Dead timer expiredNov 12 10:12:48.716 aest: OSPF: Neighbor change Event on interface Port-channel1.87Nov 12 10:12:48.716 aest: OSPF: DR/BDR election on Port-channel1.87 Nov 12 10:12:48.716 aest: OSPF: Elect BDR xxx.xxx.76.238Nov 12 10:12:48.716 aest: OSPF: Elect DR xxx.xxx.76.238Nov 12 10:12:48.716 aest: OSPF: Elect BDR 0.0.0.0Nov 12 10:12:48.716 aest: OSPF: Elect DR xxx.xxx.76.238Nov 12 10:12:48.716 aest:DR: xxx.xxx.76.238 (Id) BDR: none Nov 12 10:12:48.716 aest: OSPF: Reset Port-channel1.87 flush timerNov 12 10:12:48.716 aest: OSPF: Remember old DR xxx.xxx.76.248 (id)Nov 12 10:12:49.216 aest: OSPF: Send with youngest Key 10Nov 12 10:12! :4! 9.216 aest: OSPF: Send with youngest Key 10Nov 12 10:12:49.216 aest: OSPF: Send with youngest Key 10Nov 12 10:12:49.216 aest: OSPF: Build router LSA for area 0.0.0.0, router ID xxx.xxx.76.238, seq 0x80014360, process 100Nov 12 10:12:49.216 aest: OSPF: No full nbrs to build Net Lsa for interface Port-channel1.87Nov 12 10:12:51.716 aest: OSPF: Send with youngest Key 10Nov 12 10:12:51.732 aest: OSPF: Send with youngest Key 10Nov 12 10:12:58.432 aest: OSPF: Send with youngest Key 10Nov 12 10:12:58.432 aest: OSPF: Send with youngest Key 10Nov 12 10:12:58.432 aest: OSPF: Send with youngest Key 10Nov 12 10:12:58.432 aest: OSPF: Send with youngest Key 10Nov 12 10:12:58.448 aest: OSPF: 2 Way Communication to xxx.xxx.76.248 on Port-channel1.87, state 2WAYNov 12 10:12:58.448 aest: OSPF: Neighbor change Event on interface Port-channel1.87Nov 12 10:12:58.448 aest: OSPF: DR/BDR election on Port-channel1.87 Nov 12 10:12:58.448 aest: OSPF: Elect BDR 0.0.0.0Nov 12 10:12:58.448 aest: OSPF:! E! lect DR xxx.xxx.76.248Nov 12 10:12:58.448 aest: OSPF: Elect BDR xxx.xxx.76.238Nov 12 10:12:58.448 aest: OSPF: Elect DR xxx.xxx.76.248Nov 12 10:12:58.448 aest:DR: xxx.xxx.76.248 (Id) BDR: xxx.xxx.76.238 (Id)Nov 12 10:12:58.448 aest: OSPF: Send DBD to xxx.xxx.76.248 on Port-channel1.87 seq 0x1717 opt 0x52 flag 0x7 len 32Nov 12 10:12:58.448 aest: OSPF: Send with youngest Key 10Nov 12 10:12:58.448 aest: OSPF: Set Port-channel1.87 flush timerNov 12 10:12:58.448 aest: OSPF: Remember old DR xxx.xxx.76.238 (id)Nov 12 10:12:58.448 aest: OSPF: Neighbor change Event on interface Port-channel1.87Nov 12 10:12:58.448 aest: OSPF: DR/BDR election on Port-channel1.87 Nov 12 10:12:58.448 aest: OSPF: Elect BDR xxx.xxx.76.238Nov 12 10:12:58.448 aest: OSPF: Elect DR xxx.xxx.76.248Nov 12 10:12:58.448 aest: DR: xxx.xxx.76.248 (Id) BDR: xxx.xxx.76.238 (Id)Nov 12 10:12:58.464 aest: OSPF: Rcv DBD from xxx.xxx.76.248 on Port-channel1.87 seq 0xB50 opt 0x52 flag 0x7 len 32 mtu 150! 0 state EXSTARTNov 12 10:12:58.464 aest: OSPF: NBR Negotiation Done. We a! re the SLAVENov 12 10:12:58.464 aest: OSPF: Send DBD to xxx.xxx.76.248 on Port-channel1.87 seq 0xB50 opt 0x52 flag 0x2 len 1412Nov 12 10:12:58.464 aest: OSPF: Send with youngest Key 10Nov 12 10:12:58.484 aest: OSPF: Rcv DBD from xxx.xxx.76.248 on Port-channel1.87 seq 0xB51 opt 0x52 flag 0x3 len 1412 mtu 1500 state EXCHANGENov 12 10:12:58.484 aest: OSPF: Send DBD to xxx.xxx.76.248 on Port-channel1.87 seq 0xB51 opt 0x52 flag 0x2 len 1412Nov 12 10:12:58.484 aest: OSPF: Send with youngest Key 10Nov 12 10:12:58.500 aest: OSPF: Rcv DBD from xxx.xxx.76.248 on Port-channel1.87 seq 0xB52 opt 0x52 flag 0x3 len 1412 mtu 1500 state
Re: [c-nsp] Full BGP Feed Convergence Time on ASR 1006 RP2 Setup
On Saturday, November 12, 2011 05:20:27 AM Joseph Jackson wrote: Silly question time, but how are you judging that time on - router has stopped receiving prefixes on show ip bgp sum (or neighbor). Yes - router had no iBGP sessions before. Sessions are pre- configured on the ASR1006, and then turned up on all 3x route reflectors simultaneously where I track 'sh ip bgp summary' on the ASR1006. It's crass, and you can feel the CPU working as it downloads all 3x full sessions at the same time, but that's the time the router takes. The 1st session that comes up takes about 10 seconds longer to complete than the remaining two; but all sessions are done in under a minute. Mark. signature.asc Description: This is a digitally signed message part. ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] OSPF issue
Lets try this once again: You have a port-channel between R1 and R2(over which; you have had ospf running without a problem...Correct? Also you have ospf-running on a broadcast-segment ie, netmask on port-channel ip-addr is NOT /30 is, not ospf-network point-to-point. So you now have a situation where you are asking two routers R1 and R2( with their-own ospf-router-ids to form another OSPF Neighbor relation via the same port-channel! The question you need to ask yourself is this: How can that be possible? It is NOT. Change your config to be point-to-point(ospf) and you will see the what-you-expect! HTH ./Randy --- On Fri, 11/11/11, John Elliot johnellio...@hotmail.com wrote: From: John Elliot johnellio...@hotmail.com Subject: Re: [c-nsp] OSPF issue To: cisco-nsp cisco-nsp@puck.nether.net Date: Friday, November 11, 2011, 4:51 PM Well, that turned out better :/ From: johnellio...@hotmail.com To: cisco-nsp@puck.nether.net Date: Sat, 12 Nov 2011 11:47:58 +1100 Subject: Re: [c-nsp] OSPF issue Err - dont know where the line breaks went in that msg? I'll try re-send(Hopefully a tad more readable) Hope someone can assist with an ospf problem - We have an existing ospf adj running fine between R1+R2, we have just provisioned a second link, enabled ospf and we see it form adjacency which lasts ~60seconds, then R1 sees R2 as dead, and R2 Cannot see ourself in hello from R1, and then the whole thing starts again. With both adj. up(From R1):Neighbor ID Pri State Dead Time Address Interfacexxx.xxx.76.248 1 FULL/DR 00:00:00 xxx.xxx.66.62 Port-channel1.87xxx.xxx.76.248 1 FULL/DR 00:00:39 xxx.xxx.66.2 FastEthernet3/0 Then new link loses adj. after ~60secondsNeighbor ID Pri State Dead Time Address Interfacexxx.xxx.76.248 1 FULL/DR 00:00:38 xxx.xxx.66.2 FastEthernet3/0 NB - pings to/from both R1+R2 are clean(No loss/excessive latency), and both ends(Ints) set to mtu of 1500. R1 logs Nov 12 10:12:48.716 aest: OSPF: xxx.xxx.76.248 address xxx.xxx.66.62 on Port-channel1.87 is deadNov 12 10:12:48.716 aest: OSPF: xxx.xxx.76.248 address xxx.xxx.66.62 on Port-channel1.87 is dead, state DOWNNov 12 10:12:48.716 aest: %OSPF-5-ADJCHG: Process 100, Nbr xxx.xxx.76.248 on Port-channel1.87 from FULL to DOWN, Neighbor Down: Dead timer expiredNov 12 10:12:48.716 aest: OSPF: Neighbor change Event on interface Port-channel1.87Nov 12 10:12:48.716 aest: OSPF: DR/BDR election on Port-channel1.87 Nov 12 10:12:48.716 aest: OSPF: Elect BDR xxx.xxx.76.238Nov 12 10:12:48.716 aest: OSPF: Elect DR xxx.xxx.76.238Nov 12 10:12:48.716 aest: OSPF: Elect BDR 0.0.0.0Nov 12 10:12:48.716 aest: OSPF: Elect DR xxx.xxx.76.238Nov 12 10:12:48.716 aest: DR: xxx.xxx.76.238 (Id) BDR: none Nov 12 10:12:48.716 aest: OSPF: Reset Port-channel1.87 flush timerNov 12 10:12:48.716 aest: OSPF: Remember old DR xxx.xxx.76.248 (id)Nov 12 10:12:49.216 aest: OSPF: Send with youngest Key 10Nov 12 10:12! :4! 9.216 aest: OSPF: Send with youngest Key 10Nov 12 10:12:49.216 aest: OSPF: Send with youngest Key 10Nov 12 10:12:49.216 aest: OSPF: Build router LSA for area 0.0.0.0, router ID xxx.xxx.76.238, seq 0x80014360, process 100Nov 12 10:12:49.216 aest: OSPF: No full nbrs to build Net Lsa for interface Port-channel1.87Nov 12 10:12:51.716 aest: OSPF: Send with youngest Key 10Nov 12 10:12:51.732 aest: OSPF: Send with youngest Key 10Nov 12 10:12:58.432 aest: OSPF: Send with youngest Key 10Nov 12 10:12:58.432 aest: OSPF: Send with youngest Key 10Nov 12 10:12:58.432 aest: OSPF: Send with youngest Key 10Nov 12 10:12:58.432 aest: OSPF: Send with youngest Key 10Nov 12 10:12:58.448 aest: OSPF: 2 Way Communication to xxx.xxx.76.248 on Port-channel1.87, state 2WAYNov 12 10:12:58.448 aest: OSPF: Neighbor change Event on interface Port-channel1.87Nov 12 10:12:58.448 aest: OSPF: DR/BDR election on Port-channel1.87 Nov 12 10:12:58.448 aest: OSPF: Elect BDR 0.0.0.0Nov 12 10:12:58.448 aest: OSPF:! E! lect DR xxx.xxx.76.248Nov 12 10:12:58.448 aest: OSPF: Elect BDR xxx.xxx.76.238Nov 12 10:12:58.448 aest: OSPF: Elect DR xxx.xxx.76.248Nov 12 10:12:58.448 aest: DR: xxx.xxx.76.248 (Id) BDR: xxx.xxx.76.238 (Id)Nov 12 10:12:58.448 aest: OSPF: Send DBD to xxx.xxx.76.248 on Port-channel1.87 seq 0x1717 opt 0x52 flag 0x7 len 32Nov 12 10:12:58.448 aest: OSPF: Send with youngest Key 10Nov 12 10:12:58.448 aest: OSPF: Set Port-channel1.87 flush timerNov 12 10:12:58.448 aest: OSPF: Remember old DR xxx.xxx.76.238 (id)Nov 12 10:12:58.448 aest: OSPF: Neighbor change Event on interface Port-channel1.87Nov 12 10:12:58.448 aest: OSPF: DR/BDR election on Port-channel1.87 Nov 12 10:12:58.448 aest: OSPF: Elect BDR xxx.xxx.76.238Nov 12 10:12:58.448 aest: OSPF: Elect DR xxx.xxx.76.248Nov 12 10:12:58.448 aest: DR: xxx.xxx.76.248 (Id) BDR: xxx.xxx.76.238
Re: [c-nsp] OSPF issue
Lets try this once again: You have a port-channel between R1 and R2(over which; you have had ospf running without a problem...Correct? No - We have a working ospf adj between FA3/0(R1), and a vlan/dot1q subint /30(R2) via provider A Also you have ospf-running on a broadcast-segment ie, netmask on port-channel ip-addr is NOT /30 is, not ospf-network point-to-point. No - We have a new link (/30) new vlan from new provider, same vlan at both ends(As dot1q subints) that is going up/down every ~60sec So you now have a situation where you are asking two routers R1 and R2( with their-own ospf-router-ids to form another OSPF Neighbor relation via the same port-channel! The question you need to ask yourself is this: How can that be possible? It is NOT. Change your config to be point-to-point(ospf) and you will see the what-you-expect! We have 2 links, both /30's, one (working) is handed of via vlan at R2(Which is portchan dot1q subint), the other is physical int FA3/0, the one that is up/down, is handed off via different provider, same vlan at each end, and as portchan dot1q subints. Hope that makes sense? HTH ./Randy --- On Fri, 11/11/11, John Elliot johnellio...@hotmail.com wrote: From: John Elliot johnellio...@hotmail.com Subject: Re: [c-nsp] OSPF issue To: cisco-nsp cisco-nsp@puck.nether.net Date: Friday, November 11, 2011, 4:51 PM Well, that turned out better :/ From: johnellio...@hotmail.com To: cisco-nsp@puck.nether.net Date: Sat, 12 Nov 2011 11:47:58 +1100 Subject: Re: [c-nsp] OSPF issue Err - dont know where the line breaks went in that msg? I'll try re-send(Hopefully a tad more readable) Hope someone can assist with an ospf problem - We have an existing ospf adj running fine between R1+R2, we have just provisioned a second link, enabled ospf and we see it form adjacency which lasts ~60seconds, then R1 sees R2 as dead, and R2 Cannot see ourself in hello from R1, and then the whole thing starts again. With both adj. up(From R1):Neighbor ID Pri State Dead Time Address Interfacexxx.xxx.76.248 1 FULL/DR 00:00:00 xxx.xxx.66.62 Port-channel1.87xxx.xxx.76.248 1 FULL/DR 00:00:39xxx.xxx.66.2 FastEthernet3/0 Then new link loses adj. after ~60secondsNeighbor ID Pri State Dead Time Address Interfacexxx.xxx.76.248 1 FULL/DR 00:00:38xxx.xxx.66.2 FastEthernet3/0 NB - pings to/from both R1+R2 are clean(No loss/excessive latency), and both ends(Ints) set to mtu of 1500. R1 logs Nov 12 10:12:48.716 aest: OSPF: xxx.xxx.76.248 address xxx.xxx.66.62 on Port-channel1.87 is deadNov 12 10:12:48.716 aest: OSPF: xxx.xxx.76.248 address xxx.xxx.66.62 on Port-channel1.87 is dead, state DOWNNov 12 10:12:48.716 aest: %OSPF-5-ADJCHG: Process 100, Nbr xxx.xxx.76.248 on Port-channel1.87 from FULL to DOWN, Neighbor Down: Dead timer expiredNov 12 10:12:48.716 aest: OSPF: Neighbor change Event on interface Port-channel1.87Nov 12 10:12:48.716 aest: OSPF: DR/BDR election on Port-channel1.87 Nov 12 10:12:48.716 aest: OSPF: Elect BDR xxx.xxx.76.238Nov 12 10:12:48.716 aest: OSPF: Elect DR xxx.xxx.76.238Nov 12 10:12:48.716 aest: OSPF: Elect BDR 0.0.0.0Nov 12 10:12:48.716 aest: OSPF: Elect DR xxx.xxx.76.238Nov 12 10:12:48.716 aest:DR: xxx.xxx.76.238 (Id) BDR: none Nov 12 10:12:48.716 aest: OSPF: Reset Port-channel1.87 flush timerNov 12 10:12:48.716 aest: OSPF: Remember old DR xxx.xxx.76.248 (id)Nov 12 10:12:49.216 aest: OSPF: Send with youngest Key 10Nov 12 10:12! :4! 9.216 aest: OSPF: Send with youngest Key 10Nov 12 10:12:49.216 aest: OSPF: Send with youngest Key 10Nov 12 10:12:49.216 aest: OSPF: Build router LSA for area 0.0.0.0, router ID xxx.xxx.76.238, seq 0x80014360, process 100Nov 12 10:12:49.216 aest: OSPF: No full nbrs to build Net Lsa for interface Port-channel1.87Nov 12 10:12:51.716 aest: OSPF: Send with youngest Key 10Nov 12 10:12:51.732 aest: OSPF: Send with youngest Key 10Nov 12 10:12:58.432 aest: OSPF: Send with youngest Key 10Nov 12 10:12:58.432 aest: OSPF: Send with youngest Key 10Nov 12 10:12:58.432 aest: OSPF: Send with youngest Key 10Nov 12 10:12:58.432 aest: OSPF: Send with youngest Key 10Nov 12 10:12:58.448 aest: OSPF: 2 Way Communication to xxx.xxx.76.248 on Port-channel1.87, state 2WAYNov 12 10:12:58.448 aest: OSPF: Neighbor change Event on interface Port-channel1.87Nov 12 10:12:58.448 aest: OSPF: DR/BDR election on Port-channel1.87 Nov 12 10:12:58.448 aest: OSPF: Elect BDR 0.0.0.0Nov 12 10:12:58.448 aest: OSPF:! E! lect DR xxx.xxx.76.248Nov 12 10:12:58.448 aest: OSPF: Elect BDR xxx.xxx.76.238Nov 12 10:12:58.448 aest: OSPF: Elect DR xxx.xxx.76.248Nov 12 10:12:58.448 aest: DR: xxx.xxx.76.248 (Id) BDR: xxx.xxx.76.238 (Id)Nov 12 10:12:58.448