Re: [c-nsp] OSPF redist customer routes
On 11/12/12 9:55 PM, CiscoNSP_list CiscoNSP_list wrote: Thanks Jay - We already run iBGP(Full mesh under VPNv4) across our POPs for vrf solutionshow best to migrate our customer routes from ospf-iBGP? (And how to separate our infrastructure IPs(Keep in OSPF)) Without knowing the details of your network it's going to be tough to go step-by-step. Assuming that you already have loopbacks on your routers in OSPF, BGP points to the loopbacks, and that you have full mesh iBGP or route reflectors in the global table, start with one router and redistribute static and connected into BGP. Use a route map limiting redistribution to customer prefixes or a single customer prefix for testing. The same route map can inject communities as needed (no-export would likely be nice). These would be in the global table unless in a VRF but you're already doing that. Take that prefix out of OSPF and verify that it propagates to your POPs, is reachable throughout your network and doesn't leak outside your AS. Repeat until you have all OSPF customer routes removed from a single router, then on to the next. iBGP is distance 200 and OSPF is 110 so you won't see the BGP route in the forwarding table until you remove the OSPF one. Customers with redundant connections can use a private AS into iBGP or tracked floating statics redistributed. A lot of our customers CE's dont support BGP (Or require a license upgrade)...so we are stuck(to a degree) with having to support OSPF? For non-redundant customers a static default at the customer edge is all that you need. For redundant customers either upgrade to BGP at the CE or use a floating static for the backup with the inverse at the PE. For backup routes we use a tagged floating static distance 200 on the PE and a route map to match the tag, set weight to 0 and de-pref local pref so that the backup doesn't propagate until the primary goes down. And as Andrew pointed out, if you use a private AS for BGP to the customer prem, then it is actually eBGP. I seem to recall a fairly good presentation writeup on OSPF-BGP migration in the NANOG archives but a quick search comes up empty. -- Jay Hennigan - CCIE #7880 - Network Engineering - j...@impulse.net Impulse Internet Service - http://www.impulse.net/ Your local telephone and internet company - 805 884-6323 - WB6RDV ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] OSPF redist customer routes
On 11/13/2012 05:55 AM, CiscoNSP_list CiscoNSP_list wrote: Thanks Jay - We already run iBGP(Full mesh under VPNv4) across our POPs for vrf solutionshow best to migrate our customer routes from ospf-iBGP? (And how to separate our infrastructure IPs(Keep in OSPF)) This isn't terribly tricky. Just setup the redistribution into BGP. The OSPF routes will be preferred but the BGP routes will be present, which you can verify. Then disable redist into OSPF. Separation just means only have network statements for your p2p and loopback nets in OSPF. A lot of our customers CE's dont support BGP (Or require a license upgrade)...so we are stuck(to a degree) with having to support OSPF? If you do have to use OSPF, redist-ing from the CE OSPF process into BGP is superior to redist-ing from CE to PE OSPF, because it isolates the PE OSPF process completely from customer operation. ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] OSPF redist customer routes
Jay/Phil - Thanks very much for your assistance! ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
[c-nsp] MTU Testing
Hi , am trying to configure my linux DHCP server to send the MTU size (Option 26) in the DHCP server Now , what are the best ways to test if the value sent via the offer is correct and as configured? Thanks ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] MTU Testing
Hi, The simplest way would be to ping your host from the dhcp server with packet size of just above and just below your desired mtu size with the df-bit set Eg. To test for an MTU of 1500 # ping -s 1472 192.168.1.50 -M do PING 192.168.1.50 (192.168.1.50) 1472(1500) bytes of data. 1480 bytes from 192.168.1.50: icmp_req=1 ttl=64 time=0.362 ms 1480 bytes from 192.168.1.50: icmp_req=2 ttl=64 time=0.293 ms # ping -s 1473 192.168.1.50 -M do PING 192.168.1.50 (192.168.1.50) 1473(1501) bytes of data. From 192.168.1.1 icmp_seq=1 Frag needed and DF set (mtu = 1500) From 192.168.1.1 icmp_seq=1 Frag needed and DF set (mtu = 1500) HTH Paul -Original Message- From: cisco-nsp-boun...@puck.nether.net [mailto:cisco-nsp-boun...@puck.nether.net] On Behalf Of M K Sent: 13 November 2012 12:17 To: cisco-nsp@puck.nether.net Subject: [c-nsp] MTU Testing Hi , am trying to configure my linux DHCP server to send the MTU size (Option 26) in the DHCP server Now , what are the best ways to test if the value sent via the offer is correct and as configured? Thanks ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/ --- -- * Confidentiality: The contents of this e-mail and any attachments transmitted with it are intended to be confidential to the intended recipient; and may be privileged or otherwise protected from disclosure. If you are not an intended recipient of this e-mail, do not duplicate or redistribute it by any means. Please delete it and any attachments and notify the sender that you have received it in error. This e-mail is sent by a William Hill PLC group company. The William Hill group companies include, among others, William Hill PLC (registered number 4212563), William Hill Organization Limited (registered number 278208), William Hill US HoldCo Inc, WHG (International) Limited (registered number 99191) and WHG Trading Limited (registered number 101439). Each of William Hill PLC, William Hill Organization Limited is registered in England and Wales and has its registered office at Greenside Hou! se, 50 Station Road, Wood Green, London N22 7TP. William Hill U.S. HoldCo, Inc. is 160 Greentree Drive, Suite 101, Dover 19904, Kent, Delaware, United States of America. Each of WHG (International) Limited and WHG Trading Limited is registered in Gibraltar and has its registered office at 6/1 Waterport Place, Gibraltar. Unless specifically indicated otherwise, the contents of this e-mail are subject to contract; and are not an official statement, and do not necessarily represent the views, of William Hill PLC, its subsidiaries or affiliated companies. Please note that neither William Hill PLC, nor its subsidiaries and affiliated companies can accept any responsibility for any viruses contained within this e-mail and it is your responsibility to scan any emails and their attachments. William Hill PLC, its subsidiaries and affiliated companies may monitor e-mail traffic data and also the content of e-mails for effective operation of the e-mail system, or for security, purpose! s. * ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
[c-nsp] DNS Server on Cisco 1941 - add hosts dynamically
Hi everyone, i have a Cisco 1941 and i'am trying to configure the internal DNS server. The Router is connected to a 8 Port Switch, my clients are connected to the Switch. I'm using the internal dhcp server, network is 172.26.128.0 / 24. The DHCP Server is offering IP's, I can ping a connected client named client1 by ip and by hostname. I would like to have the router to update the host table, as shown after typing sh ip hosts dynamically after connecting a new client to the switch. The assignment of ip addresses is working, but the router isn't updating the hosts list. Any method, to achieve my requirement? This is the current relevant Router configuration: # hostname Router ! ip dhcp excluded-address 172.26.128.210 ! ip dhcp pool test network 172.26.128.0 255.255.255.0 update dns both default-router 172.26.128.210 dns-server 172.26.128.210 domain-name dns.test.my-net.de ! ip dhcp update dns override ip domain name dns.test.my-net.de ip host router.dns.test.my-net.de 172.26.128.210 ip host dns.test.my-net.de ns router.dns.test.my-net.de ip host client1 172.26.128.1 ip host client1.dns.test.my-net.de 172.26.128.1 ip name-server 172.26.128.210 ip ddns update method updatetest internal ! ip dhcp-client update dns server both ! interface GigabitEthernet0/0 ip address 172.26.128.210 255.255.255.0 duplex auto speed auto ! ip dns server ip dns primary dns.test.my-net.de soa router.dns.test.my-net.de admin.dns.test.my-net.de 21600 900 7776000 86400 # ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
[c-nsp] 7600 starange issue-urgent
HI I can’t browse the internet when connect my pc directly on 7600(ES+20G3CXL )7606 SRD3 The tcp mss 1400 , ping and trcaroute is OK but the page doesn’t open Any idea how to troubleshooting this issue ZH ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] 7600 starange issue-urgent
Uhh, where to begin Has it ever worked? Did something change if it did work at one time? Is NAT involved? Is ping/traceroute working from the router itself, or from your PC? What are you pinging/tracerouting to? Does your PC have a valid IP address, gateway, DNS, etc? Could it be just a PC problem - hard coded proxy address that isn't reachable, etc, etc... Chuck -Original Message- From: cisco-nsp-boun...@puck.nether.net [mailto:cisco-nsp-boun...@puck.nether.net] On Behalf Of zaid Sent: Tuesday, November 13, 2012 12:35 PM To: cisco-nsp@puck.nether.net Subject: [c-nsp] 7600 starange issue-urgent HI I can’t browse the internet when connect my pc directly on 7600(ES+20G3CXL )7606 SRD3 The tcp mss 1400 , ping and trcaroute is OK but the page doesn’t open Any idea how to troubleshooting this issue ZH ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/ ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] 7600 starange issue-urgent
TCPDUMP and Wireshark is your friend. At the start run TCPDUMP and see if the sessions are being set up. Ie. you should see a SYN out and a SYN ACK back. See: http://www.inetdaemon.com/tutorials/internet/tcp/3-way_handshake.shtml Tim On Nov 13, 2012, at 12:56 PM, Chuck Church chuckchu...@gmail.com wrote: Uhh, where to begin Has it ever worked? Did something change if it did work at one time? Is NAT involved? Is ping/traceroute working from the router itself, or from your PC? What are you pinging/tracerouting to? Does your PC have a valid IP address, gateway, DNS, etc? Could it be just a PC problem - hard coded proxy address that isn't reachable, etc, etc... Chuck -Original Message- From: cisco-nsp-boun...@puck.nether.net [mailto:cisco-nsp-boun...@puck.nether.net] On Behalf Of zaid Sent: Tuesday, November 13, 2012 12:35 PM To: cisco-nsp@puck.nether.net Subject: [c-nsp] 7600 starange issue-urgent HI I can’t browse the internet when connect my pc directly on 7600(ES+20G3CXL )7606 SRD3 The tcp mss 1400 , ping and trcaroute is OK but the page doesn’t open Any idea how to troubleshooting this issue ZH ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/ ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/ ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
