Re: [c-nsp] CCIE tracks
Hey Gabb I've worked for two internet providers (one was a telco) - and attempted the SP lab exam in November. And I must say, majority of the topics in the blueprint are used in the real world. I haven't attempted RS yet - but from what I understand SP concentrates more on bgp, and in particular MBGP and mpls (way I understand it is there is no vrf configuration in RS) where VPN's are very important for SP, as you can also see from the lab exam blueprint: http://www.cisco.com/web/learning/le3/ccie/sp/lab_exam_blueprint.html compared to http://www.cisco.com/web/learning/le3/ccie/rs/lab_exam_blueprint.html Now I've read people complaining about CCIE SP being the forgotten or lost CCIE track - because the blueprint hasn't been updated for the while, the lab uses old IOS's (http://www.cisco.com/web/learning/le3/ccie/sp/lab_equipment.html) and the equipment isn't really typcal equipment that big service providers use. Even though this is all true - the concepts and technologies tested in the exam and used in the real world aren't really that platform Dependant, and the ones that are are only slightly different (like dcef on distributed platforms vs cef on the ones used in the lab). (IOS-XR is obviously a different story) And you wont ever get a single exam that cover all the topics/technologies typically used by a company. The exam gives you a good foundation, the concepts won't be too foreign for you when you encounter them on a bigger/other platforms And apparently there are plans to update the blueprint for SP, so if you aren't too much in a hurry, maybe wait a bit longer for that. -- Regards, Dave Kruger Internet Architect Verizon Business 240 Main Avenue Newlands 7700 South Africa Telephone +27 21 658 8700 Customer Service 08600 88638 http://www.www.isp.co.za http://www.verizonbusiness.com/za Verizon Business - global capability. personal accountability. This e-mail is strictly confidential and intended only for use by the addressee unless otherwise indicated. Company Information: www.verizonbusiness.com/za/contact/legal/ Date: Wed, 14 Jan 2009 02:17:46 -0800 From: gabbarsingh9...@yahoo.com To: cisco-nsp@puck.nether.net Subject: [c-nsp] CCIE tracks Hi, Anyone working in a service provider or telco and done the CCIE (service provider)? I'm thinking of doing this, but am not sure of value/differences with say the CCIE (routing/switching) track. Any comments, opinions will be appreciated. Regards, Gabb. Stay connected to the people that matter most with a smarter inbox. Take a look http://au.docs.yahoo.com/mail/smarterinbox ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/-- ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] network connection tool
also see hping: http://www.hping.org/ hth Dave Andrew Gristina wrote: netcat http://siliconrust.blogspot.com/2006/04/what-do-you-do-to-emulate-server.html Quick tutorial on how to emulate a server. I guess that is what you are asking. On Wed, Jan 21, 2009 at 12:46 PM, Ibrahim Abo Zaid ibrahim.aboz...@gmail.com wrote: Hi All i want to know if there any network connectivity tool can be configured to respond to spesific TCP/UDP port number ? sometimes we do modifiy our security policy in FWs but the application level still have problem so we need to use this tool to configure it to respond to application port (that will be different for each application) and try some sort of ping or connect-attempt across FW to isolate is it FW problem or application problem ? is there any tool out there can help in that best regards --Ibrahim Abo Zaid ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/ ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/ ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] ISIS Adj-filter problem
Hi there have u managed to figure out what was causing that? Did you see that your clns filter references 49.0001...0100.00 where as your R1 router's Sys ID is 49.0001...0001.00 Regards, Dave Ibrahim Abo Zaid wrote: Hi All I was testing ISIS Adj-filter option , R1,R2 and R3 are connected over ethernet switch (using dynamips) with the below configuration the configuration works for adj point and both R2 and R3 have ADJ with R1 only , the problem is R2 is droping R1 and R3 LSPs and debug shows it is dropped due to invalid adj . can you help to resolve that ? Configuration R1 interface Loopback0 ip address 10.10.1.1 255.255.255.255 ! interface FastEthernet0/0 ip address 10.10.123.1 255.255.255.0 ip router isis router isis net is-type level-1 passive-interface Loopback0 R2 interface Loopback0 ip address 10.10.2.2 255.255.255.255 ! interface FastEthernet0/0 ip address 10.10.123.2 255.255.255.0 ip router isis isis adjacency-filter A1 ! router isis net 49.0001...0002.00 is-type level-1 passive-interface Loopback0 clns filter-set A1 permit 49.0001...0100.00 R3 interface Loopback0 ip address 10.10.3.3 255.255.255.255 ! interface FastEthernet0/0 ip address 10.10.123.3 255.255.255.0 ip router isis isis adjacency-filter A1 router isis net 49.0001...0003.00 is-type level-1 passive-interface Loopback0 clns filter-set A1 permit 49.0001...0100.00 verification R1#sh clns neighbors System Id Interface SNPAState Holdtime Type Protocol R2 Fa0/0 c201.0544. Up 8 L1 IS-IS R3 Fa0/0 c202.0544. Up 7 L1 IS-IS R1 has R2 and R3 LSPs R1#sh isis database IS-IS Level-1 Link State Database: LSPID LSP Seq Num LSP Checksum LSP Holdtime ATT/P/OL R1.00-00* 0x0010 0x2D88849 0/0/0 R2.00-00 0x0009 0x80371036 0/0/0 R2.01-00 0x0003 0x78D81036 0/0/0 R3.00-00 0x0005 0x4470552 0/0/0 R3.01-00 0x0006 0x78D31091 0/0/0 but has R3-Lo0 route ONLY !! R1#sh ip route isis 10.0.0.0/8 is variably subnetted, 3 subnets, 2 masks i L110.10.3.3/32 [115/10] via 10.10.123.3, FastEthernet0/0 R2#sh clns neighbors System Id Interface SNPAState Holdtime Type Protocol R1 Fa0/0 c200.0544. Up 21L1 IS-IS R2 don't have R1 and R3 LSPs !!! R2#sh isis database IS-IS Level-1 Link State Database: LSPID LSP Seq Num LSP Checksum LSP Holdtime ATT/P/OL R2.00-00* 0x0009 0x8037985 0/0/0 R2.01-00* 0x0003 0x78D8986 0/0/0 NO ISIS Route , it normal no LSP :) R2#sh ip route isis R2# R3 R3#sh clns neighbors System Id Interface SNPAState Holdtime Type Protocol R1 Fa0/0 c200.0544. Up 26L1 IS-IS R3#sh isis database IS-IS Level-1 Link State Database: LSPID LSP Seq Num LSP Checksum LSP Holdtime ATT/P/OL R1.00-00 0x0013 0x278B1181 0/0/0 R2.00-00 0x0009 0x8037845 0/0/0 R2.01-00 0x0003 0x78D8846 0/0/0 R3.00-00* 0x0006 0x42711186 0/0/0 R3.01-00* 0x0007 0x76D41185 0/0/0 route to R1-Lo0 only !! R3#sh ip route isis 10.0.0.0/8 is variably subnetted, 3 subnets, 2 masks i L110.10.1.1/32 [115/10] via 10.10.123.1, FastEthernet0/0 debug isis update-packets shows update is dropped due to invalid ADJ *Mar 1 00:30:16.751: ISIS-Upd: Invalid adjacency *Mar 1 00:30:26.619: ISIS-Upd: Invalid adjacency *Mar 1 00:30:34.151: ISIS-Upd: Invalid adjacency any ideas best regards --Ibrahim ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/ ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] BFD on 7600
Justin Shore wrote: MKS wrote: Can you share your experience with BFD on the 7600 platform and sw release? I use it and like it. So did we (on SRD), until we hit bug CSCek38313. Fix coming in mid Nov apparently Regards, Dave ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] BGP Hold time expired/ospf dropping 6500 Sup720-3BXL
Drew Weaver wrote: Howdy all, Last night I had an interesting encounter on one of my 6509s /w SUP7203-BXL. This switch has 3x iBGP sessions with full internet tables and is also running OSPF. Two of the three iBGP sessions randomly dropped with: %BGP-3-NOTIFICATION: sent to neighbor x.x.x.3 4/0 (hold time expired) 0 bytes, I also noticed that during this period OSPF dropped with Neighbor Down: Dead timer expired and then re-established, and then failed again, and re-established, and failed again, and so-on, and so-on. I checked the physical interfaces between this 6500 and the two GSR 12000s it peers with and there were no errors, there was also no obvious spike in traffic that would account for latency that might cause the hold timers to expire. I remember when this system first came online it took a really long time for it to download the full internet tables from the upstream GSRs and also during that time there was a lot of CPU time being eaten up, I am wondering if maybe the first session failing caused sort of a 'performance' domino effect which then caused everything else to fail, the issue eventually corrected itself and stabilized. This particular box is running 12.2(18)SXF17 so I am less likely to believe it is a software bug. Does anyone have any tips on both how I can avoid the hold timer issue altogether I dont think your issue is bgp and it's hold time - if ospf session drops then so will BGP session. Are you sure your upstream GSR's did not fail-over? If so NSF might help you http://www.cisco.com/en/US/partner/docs/ios/iproute/configuration/guide/irp_bgp_adv_features_ps6350_TSD_Products_Configuration_Guide_Chapter.html#wp1056241 If you have unstable IGP, try to figure out why, if you cant, dampen. If that doesnt help, disable next-hop address tracking http://www.cisco.com/en/US/partner/docs/ios/iproute/configuration/guide/irp_bgp_adv_features_ps6350_TSD_Products_Configuration_Guide_Chapter.html#wp1056441 Regards Dave and also how I can make it so that if a session does go down and re-establish it doesn't totally nail the CPU while it's trying to re-establish/download the routes? A long time ago I also read that increasing the MTU on both ends of a circuit can make BGP tables download faster, I don't know if that's true or not, has anyone else found that? thanks, -Drew ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/ ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] IP SLA
FYI - Last I checked Brix system can provision (via snmp) ipsla tests to ipsla enabled Cisco routers, but can not emulate it on their own hardware verifiers Dave On 10/20/2011 05:03 AM, Tony Tauber wrote: At a previous employer, we used Brix Networks which was acquired by EXFO and is presented here: http://www.exfo.com/en/Products/ProductList.aspx?Id=261 That was many years ago and I didn't work with it directly, but that is the intended use of the product. Tony On Wed, Oct 19, 2011 at 12:01 PM, Andrew Miehs and...@2sheds.de wrote: Hi all, I have been looking at IP SLA and was wondering whether there are any appliances around which emulate Ciscos IP SLA so that you can use it as a responder, or even better, the transmitter end? If not, does anyone have any alternative device/ software recommendations? Thanks Andrew ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/ ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/ ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
[c-nsp] 'allow-as' in has no effect on confederation peer
Hi All Is there some bgp rule that says sub AS's in a confederation are not allowed to be non contiguous? I have : router bgp 1234 bgp confederation identifier 1234 bgp confederation peers 65000 neighbor 4.4.4.4 remote-as 65000 neighbor 4.4.4.4 ebgp-multihop 255 neighbor 4.4.4.4 update-source Loopback0 address-family ipv4 neighbor 4.4.4.4 activate neighbor 4.4.4.4 allowas-in But I see: *Mar 1 05:49:03.922: BGP(0): 4.4.4.4 rcv UPDATE w/ attr: nexthop 1.0.0.1, origin ?, localpref 100, metric 0, originator 0.0.0.0, path (65000 1234), community , extended community *Mar 1 05:49:03.930: BGP(0): 4.4.4.4 rcv UPDATE about 1.1.2.0/24 -- DENIED due to: AS-PATH contains our own AS; *Mar 1 05:49:03.934: BGP(0): 4.4.4.4 rcv UPDATE about 1.0.0.1/32 -- DENIED due to: AS-PATH contains our own AS; 'allow-as in' works as expected when they are not confed peers Regards Dave ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
