I wanted to use this feature too but to no avail. Whatever I tried, it didn't
work, so I opted for the less wanted option and installed the ddns client on my
PC
Ziv
-Original Message-
From: cisco-nsp-boun...@puck.nether.net
[mailto:cisco-nsp-boun...@puck.nether.net] On Behalf Of
Hi,
Had this come up in a job I was just doing on the weekend on a 857w
running 12.4(6)T6 ADVSECURITYK9-M. Here is the config I have working
with it:
ip ddns update method domain_ddns
HTTP
add
http://:x...@members.dyndns.org/nic/update?system=dyndnshostname=hmyip=a
interval maximum 1
I'll definitely try this at home and report back!
Thanks,
Ziv
-Original Message-
From: cisco-nsp-boun...@puck.nether.net
[mailto:cisco-nsp-boun...@puck.nether.net] On Behalf Of James Paussa
Sent: Tuesday 31 May 2011 12:05
To: cisco-nsp@puck.nether.net
Subject: Re: [c-nsp] Dynamic dns on
Hey everyone,
I would like to hear what are best practices when interconnecting
downlinks. We are small transit ISP, right now we are in middle of
network upgrade, and I would like to make network more redundant so it
less affect our downlinks when we having planed/unplanned maintenance.
Hi,
On Tue, May 31, 2011 at 02:21:05PM +0400, Nikolay Shopik wrote:
I would like to hear what are best practices when interconnecting
downlinks. We are small transit ISP, right now we are in middle of
network upgrade, and I would like to make network more redundant so it
less affect our
Hello everyone,
need some insight from the list as how to best approach a bgp routing/policy
issue, and whats generally done and considered good practise and good
policy.
I operate a transit AS (say AS10), and I have a customer (AS 5) who buys
transit from me.
I also peer with AS11 - no
On 31/05/11 14:50, Gert Doering wrote:
We try to separate core + uplink and customer connection routers,
so we can do works on core routers witout affecting customers - and
vice versa, if we have to reboot a customer connection router, we
know which customers are affected and that nothing else
2011/5/31 vince anton mvan...@gmail.com
Hello everyone,
need some insight from the list as how to best approach a bgp
routing/policy
issue, and whats generally done and considered good practise and good
policy.
Not to be rude but this might actually be the least specific question I've
Hi there
Can anyone help on the below questions?
Thanks a million
Sam
The Logic Group Enterprises Limited. Logic House, Waterfront Business Park,
Fleet Road, Fleet, Hampshire, GU51 3SB, United Kingdom. Registered in
England. Registered No. 2609323
The information in this email and any
Hi,
On Tue, May 31, 2011 at 03:11:14PM +0400, Nikolay Shopik wrote:
On 31/05/11 14:50, Gert Doering wrote:
We try to separate core + uplink and customer connection routers,
so we can do works on core routers witout affecting customers - and
vice versa, if we have to reboot a customer
Hello,
we are doing lab training on univ. with some cisco 6509, force10 e300 and
juniper m.
I personally have a rootserver from a popular french hoster. They recently
implemented some protections for their network.
- Limiting all incoming udp traffic to 50mbit/s per destination ip (server)
-
On 31/05/2011 14:21, Tom wrote:
As far as I know, they are using cisco routers
Is this type of policing implemented by qos?
Control Plane Policing, not qos.
Nick
___
cisco-nsp mailing list cisco-nsp@puck.nether.net
On 31/05/11 13:21, Tom wrote:
I personally have a rootserver from a popular french hoster. They recently
implemented some protections for their network.
- Limiting all incoming udp traffic to 50mbit/s per destination ip (server)
- Limiting all outgoing traffic (icmp+syn 32kb/s, udp 100mbit/s
On 31/05/11 16:15, Gert Doering wrote:
Well, it really depends on a number of factors - like do you need to
run different software on core/edge? or do you have junior network
admins that you want to start learning their way on the edge routers,
where they cannot break that much etc.
Got your
Ignore that part, my silliness.
On 31/05/11 16:43, Nikolay Shopik wrote:
Also can't we go with some kind router reflector which isn't passing any
traffic (changing next-hop to one of border)?
___
cisco-nsp mailing list cisco-nsp@puck.nether.net
Hi,
On Tue, May 31, 2011 at 04:43:57PM +0400, Nikolay Shopik wrote:
We found it useful to have this separation - but if you don't want that,
there is nothing particularily wrong with just have two boxes and
terminate upstream and downstream links on both of them - for
redundancy, give the
One time we had the same issue -first wth p2p command configured (removed this
command and adjacency came up), and second -we added p2p command to broadcast
link and adjacency came up. Both times the problem was with juniper filtering
-we used transit provider.
the point is that MAC
On Tue, 31 May 2011, Tom wrote:
we are doing lab training on univ. with some cisco 6509, force10 e300 and
juniper m.
Is this type of policing implemented by qos?
Cisco 6500/7600 has something called microflow policing which might do
some of what you're describing.
--
Mikael Abrahamsson
To me this appears as possible peering link abusing scenario
Where you can abuse the peering link and your peer's core-links and direct all
your customers to access AS5 via the peering link and AS11 core-links :)
But jokes aside
Because there's no need to learn prefixes of your customer over the
On 31/05/11 16:57, Gert Doering wrote:
In your case, I'd have the core/border routers do route-reflector functions
towards the customer-edge routers. Saves you having to do a full mesh
between all the customer-edge routers, and saves you from having to add
two more boxes (two! one RR is going
Hi,
On Tue, May 31, 2011 at 05:19:00PM +0400, Nikolay Shopik wrote:
Well, it depends a bit how the connectivity between CR1 and CR2 is
built. If you have two independent switches there, the direct link is
not strictly needed.
AR1 and AR2 two independent switches at different racks. If I
Hi,
There are some designs with their pros and cons.
1)
uplink/IX uplink/IX
||
CR1 -- CR2
| |
| |
| |
| |
AS1 -- AS2
| |
customer1 customer2
OR
2)
uplink/IX uplink/IX
||
CR1 CR2
\ /
hello experts.
Is anyone who success to connect vpn for Android on ASA or router?
I tried it with ASA L2TP but i couldnt.
Pls let me know. Thanks.
___
cisco-nsp mailing list cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
Mohammad,
The ES ports on the ME3750 are different than the other ports. Which
kind are yo using?
For ES ports you can use average rate shaping (class-based):
http://www.cisco.com/en/US/docs/switches/metro/catalyst3750m/software/release/12.2_50_se/configuration/guide/swqos.html#wp1282429
For
That makes sense as ISIS p2p adjacency is initialized by rx of a ISHs through
the ES-IS protocol followed by the exchange of the IIH
I was trying to figure out the mac layer mechanism difference between the p2p
and lan and your post helped me to fill in the gaps
Thanks a bunch Olga
adam
Hello expert,
Is there any requirements for vwic-1mft-g703 on 1841, the router see it in
the show inventory, but once I go to the configuration I can't configure
anything like
Isdn switch-type ? ! not available
Controller e1 0/0/0 ! also no available.
Any hints on that??
vince anton wrote:
So what happens now is that for this more specific customer prefix, I have a
specific route saying some AS5 nets are preferable via the peering link than
via the direct customer link, and if I want to deliver transit traffic to
my customer, my router would choose the peering
On Tue, 31 May 2011, Soon Lee wrote:
Is anyone who success to connect vpn for Android on ASA or router?
I tried it with ASA L2TP but i couldnt.
Pls let me know. Thanks.
I've heard of people doing things to get a working IPSEC session, like
rooting their phones and compiling vpnc themselves.
On Tue, May 31, 2011 at 10:38:21, ccie wrote:
Subject: [c-nsp] Vwic-1mft-g703 on cisco1841
Is there any requirements for vwic-1mft-g703 on 1841, the router see
it in the show inventory, but once I go to the configuration I can't
configure anything like
Isdn switch-type ? ! not
Do i have to do rooting ? Is there no option?
2011. 5. 31. 오후 11:42에 Justin M. Streiner strei...@cluebyfour.org님이 작성:
On Tue, 31 May 2011, Soon Lee wrote:
Is anyone who success to connect vpn for Android on ASA or router?
I tried it with ASA L2TP but i couldnt.
Pls let me know. Thanks.
On Tue, May 31, 2011 at 06:47:46, Justin M. Streiner wrote:
Cc: cisco-nsp@puck.nether.net
Subject: Re: [c-nsp] VPN for Android
On Tue, 31 May 2011, Soon Lee wrote:
Is anyone who success to connect vpn for Android on ASA or router?
I tried it with ASA L2TP but i couldnt.
Pls let me
On Tue, 31 May 2011, vince anton wrote:
I operate a transit AS (say AS10), and I have a customer (AS 5) who buys
transit from me.
I also peer with AS11 - no transit either way on this, just peering, ie
sending my networks to AS11, and receiving AS11's networks
Now AS5 also becomes a transit
ASA 8.2(5) and 8.4(1) add L2TP/IPsec support and SHA2 cert support for the
native Android VPN client.
-Original Message-
From: cisco-nsp-boun...@puck.nether.net
[mailto:cisco-nsp-boun...@puck.nether.net] On Behalf Of Soon Lee
Sent: Tuesday, May 31, 2011 10:51 AM
To: Justin M. Streiner
i tried 8.2.4 -_-.
I will try tmr.
Thanks.
2011. 6. 1. 오전 12:04에 Mohlmaster, Jarod jarod.mohlmas...@redemtech.com님이
작성:
ASA 8.2(5) and 8.4(1) add L2TP/IPsec support and SHA2 cert support for the
native Android VPN client.
-Original Message-
From: cisco-nsp-boun...@puck.nether.net
On 5/31/2011 5:50 AM, Gert Doering wrote:
We try to separate core + uplink and customer connection routers,
so we can do works on core routers witout affecting customers - and
vice versa, if we have to reboot a customer connection router, we
know which customers are affected and that nothing
On Tue, May 31, 2011 at 11:04:12, Mohlmaster, Jarod wrote:
Cc: cisco-nsp@puck.nether.net
Subject: Re: [c-nsp] VPN for Android
ASA 8.2(5) and 8.4(1) add L2TP/IPsec support and SHA2 cert support for
the native Android VPN client.
Release notes also claim AnyConnect for Android version 2.4,
On 5/31/2011 5:57 AM, vince anton wrote:
So what happens now is that for this more specific customer prefix, I have a
specific route saying some AS5 nets are preferable via the peering link than
via the direct customer link, and if I want to deliver transit traffic to
my customer, my router
On Tuesday, May 31, 2011 06:50:39 PM Gert Doering wrote:
So a text book scenario would have two core/uplink
routers here, fully meshed with two customer access
boxes (so there's no single switch in between that could
break),...
Well, in our large PoP's, we aggregate core and edge routers
On Tuesday, May 31, 2011 07:11:14 PM Nikolay Shopik wrote:
Well in our case all customers fiber/copper terminated in
same rack where is borders resides. So I just see no
point to having additional router for customer except
for additional redundancy of course. But this require
router able to
We ask customers who do bgp with us for their other asn's they peer with to
make sure of this. We then don't allow their prefixes from a peer we don't want
to push transit traffic over. I think most service providers are asking this
question on their bgp forms these days.
Troy Beisigl
On Tuesday, May 31, 2011 08:57:41 PM Gert Doering wrote:
Well, it depends a bit how the connectivity between CR1
and CR2 is built. If you have two independent switches
there, the direct link is not strictly needed. Still,
it has the advantage that if these switches should fail,
CR1 and CR2
On Tuesday, May 31, 2011 09:28:57 PM Gert Doering wrote:
(Interestingly enough, a few years ago I built a customer
setup that did not have this link, because I said well,
there's two switches here, with two power supplies, two
supervisors, 2x GE link bundles, this is just not
needed and the
On Tuesday, May 31, 2011 09:46:45 PM Kevin Loch wrote:
Instead of trying to figure out how to break your
customer's routing policy, you might ask them why they
prefer the other transit provider. Is it because of
cost? Capacity issues? Do they send you some more
specific and others to AS11?.
Right
I believe protecting for one element failure at a time is just enough
adam
-Original Message-
From: cisco-nsp-boun...@puck.nether.net
[mailto:cisco-nsp-boun...@puck.nether.net] On Behalf Of Mark Tinka
Sent: Tuesday, May 31, 2011 6:00 PM
To: cisco-nsp@puck.nether.net
Cc: Gert
My standard practice has always been to apply a high local preference
on customer-announced routes, medium local pref on peer-announced
routes, and low (but still higher than the system default of 100)
local pref on upstream-announced routes. The logic behind this is:
I'd rather get paid for
I am not quite sure I understand exactly which problem it is you are trying
to solve.
Let us assume you (AS10) have been assigned 10/8 from RIPE.
You assign your customer (AS5) a 10.0.0.0/22.
As stated, you peer with AS11.
Many providers will not route provider assigned (PA) addresses from
Kinda OT, I once was contracted to roll out a VPN solution for a large
federal client. Bad situation. The design was already completed by a third
party (without vendor consultation) and then handed to me to implement. They
had over 3000 sites and wanted to deploy mid-range VPN concentrators at
Hi,
On Tue, May 31, 2011 at 10:10:14AM -0500, Pete Templin wrote:
Having learned in a multi-pop environment, I learned to separate into
three groupings: edge routers for upstream transit/peer connections,
distribution for downstream customer connections, and core as the
glue that holds
Not only project scrapped but a waste of tax payer monies.
My experience with federal projects is the same. It's very sad.
On May 31, 2011, at 9:46 AM, Hammer wrote:
Kinda OT, I once was contracted to roll out a VPN solution for a large
federal client. Bad situation. The design was already
You missed filing appropriate route objects.
If you can file the correct objects it may mitigate upstream filter issues if
the upstreams build their data from filed objects.
On May 31, 2011, at 9:45 AM, Andrew Miehs wrote:
I am not quite sure I understand exactly which problem it is you are
On 5/31/2011 11:48 AM, Gert Doering wrote:
We do mostly hot-potato routing, that is: if local-pref, path-length
and med are all the same, just send out the nearest upstream / peering
point.
Which would do the right thing in that case :-) - but if your policy
is different, it won't.
If your
Anyone tested a reliable 10 GigE traffic generator capable of layer 2-7
that can also simulate client server type conenctions? I have purchased
one such simulator with mixed results, hopefully someone in the community
has had success somewhere else?
thanx in advanced,
Mike
Hi all
thanks for feedback. seems like different people are going around this in
different ways, some allow transit through peering links, and some outright
block this from day0
it surprises me that some people seem to be ok with passing transit traffic
over a peering link. I dont understand why
On Wednesday, June 01, 2011 02:31:45 AM vince anton wrote:
it surprises me that some people seem to be ok with
passing transit traffic over a peering link. I dont
understand why you would want to do this, as to me this
seems abuse or misconfiguration (possibly not
intentional), and
On 5/31/2011 1:31 PM, vince anton wrote:
thanks for feedback. seems like different people are going around this in
different ways, some allow transit through peering links, and some outright
block this from day0
it surprises me that some people seem to be ok with passing transit traffic
over a
Hi Tom,
Mikael's guess is very likely the way it would be implemented if they
are using a 6500. The nickname for this type of microflow policing is
UBRL - user-based rate-limiting.
It is limited based on the PFC/DFC's in use and the flowmask they are
using. For example, if you identify one
Hi,
Anyone tested a reliable 10 GigE traffic generator capable of layer 2-7
that can also simulate client server type conenctions? I have purchased
one such simulator with mixed results, hopefully someone in the community
has had success somewhere else?
packetstorm?
vince anton wrote:
it surprises me that some people seem to be ok with passing transit traffic
over a peering link. I dont understand why you would want to do this, as to
me this seems abuse or misconfiguration (possibly not intentional), and
potentially very expensive, or loss of revenue.
Hi,
That's correct.
I will test the Routed Pseudowire
Thanks much.
___
cisco-nsp mailing list cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/
That makes sense. The links between these 3 routers are through a
ethernet switched lan provider, who provides us a vlan on their network
(with pretty large mtu sizes), and after sniffing traffic at the various
locations, I decided to just create vlans in order to have a mesh of
point to point
Depends on what you're looking for. I've had good results with IXIA
ixiacom.com. They will do everything from FC/FCoE to simulated bgp/mpls
peerings and IMIX traffic. It's a hardware appliance so it performs very
well and is very flexible in the types of data it can create. It also
scales
Hi list,
Is there any way from either a router or L3 switch I can saturate a
line/link? I don't want to use a computer or external device.
Lets pretend that $provider has given me a 1Gbps up-link to a device
which terminates various 100 Mbps links, so having a pc with software
to pump out 1Gbps
May 30 17:25:43: %LTL-SP-2-LTL_PARITY_CHECK: LTL parity check request for
0x4B86.
Saw one of these on a 6500 with a Sup720-3BXL today, first time it's shown
up in the logs.. Anything to be concerned about?
Peter Kranz
www.UnwiredLtd.com
Desk: 510-868-1614 x100
Mobile: 510-207-
James,
One place to look is IP SLA, built into IOS. It can test a link with
parameters including round-trip time with UDP echo, FTP, HTTP, etc.
You can calculate bandwidth for example by dividing an FTP transfer with
bytes received / rtt.
Some more information here:
Hi Peter,
It's an error detection and recovery mechanism. Finding one error and
correcting it (which is what has happened here) once in a while is not a
bad thing.
Possibly open a TAC case if you see it again soon. Once or twice a year
is nothing to be concerned with though generally.
On Tue, 2011-05-31 at 20:31 +0200, vince anton wrote:
it surprises me that some people seem to be ok with passing transit traffic
over a peering link. I dont understand why you would want to do this, as to
me this seems abuse or misconfiguration (possibly not intentional), and
potentially very
2011/5/31 James Bensley jwbens...@gmail.com
Hi list,
Is there any way from either a router or L3 switch I can saturate a
line/link? I don't want to use a computer or external device.
Network appliances just don't have the chops to generate line rate data.
You need an external device to get
Been getting the following error when doing a write me on a 6500.
Jun 1 11:16:35.721 EST: %SYS-SPSTBY-4-CONFIG_NV_NEED_OVERRUN: Non config data
present at the end of nvram needs to be overwritten to fit the configuration
into nvram
Jun 1 11:16:37.437 EST: %PFINIT-SP-1-CONFIG_SYNC_FAIL:
Dear friend;
wishes all are fine
I have a 3750G switch which have some vlan as like 14,103,104 but problem is
we found some vlan flapping problem between two trunk ports .
Bellow some config;
interface GigabitEthernet1/0/6
description FON-FTP-VLAN-104
switchport access vlan 104
Anyone know what kind functionality hardware assisted on 7201 with its
ASIC w/o affecting CPU load?
___
cisco-nsp mailing list cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at
On Wednesday, June 01, 2011 06:31:42 AM Peter Rathlev wrote:
I'm seeing this from a customer perspective: Why on earth
should you not respect the more specific routes via the
peering link?
What if I have a primary connection from AS11 and buy a
backup connection (much lower bandwidth) from
71 matches
Mail list logo