It depends on your platform, traffic and code versions. Aggregated links and
MLAG are the better option since they are simpler. However they are more
susceptible to bugs on certain platforms and traffic spread of course depends
what kind of traffic flows will traversing the links. It’s also
This is one of those things that isn’t supposed to happen but often does. The
first thing I’d look at are the log messages. Are you sure the neighbor went
down because of the DDOS attack? Could have been another type of error or even
a scheduled change during the attack.
Next I’d probably
Can you move the ACL to a beefier device and/or closer to the source? The 7200
(nonVXR) Isn’t exactly bleeding edge.
On Mar 2, 2014, at 2:05 PM, Mike mike-cisconspl...@tiedyenetworks.com wrote:
On 03/02/2014 09:33 AM, Nick Hilliard wrote:
On 28/02/2014 18:35, Mike wrote:
So my question
2012/5/30 Mark Tinka mark.ti...@seacom.mu
On Wednesday, May 30, 2012 03:34:04 AM Andrew Jones wrote:
In enterprise WAN environments, you could use BGP as the
sole routing protocol, if you treat each individual site
as a separate AS (private AS numbers offcourse).
Depending on the size
] On Behalf Of Keegan Holley
Sent: 21. maj 2012 04:26
To: Cisco NSPs
Subject: [c-nsp] 4500-E EOL?
Browsing cisco.com I found EOS/EOL notices for a few of the 4500E
chassis.
Someone correct me if I'm wrong but weren't these released in 2010?
http://www.cisco.com/en/US/prod/collateral/switches
Browsing cisco.com I found EOS/EOL notices for a few of the 4500E chassis.
Someone correct me if I'm wrong but weren't these released in 2010?
http://www.cisco.com/en/US/prod/collateral/switches/ps5718/ps4324/eol_c51-706059.html
___
cisco-nsp mailing
Are you sure? The only release bulletin I could find was from 2010 and
that's the year the EOS'd the non-E chassis.
2012/5/20 Tony Varriale tvarri...@comcast.net
On 5/20/2012 9:25 PM, Keegan Holley wrote:
Browsing cisco.com I found EOS/EOL notices for a few of the 4500E
chassis.
Someone
many of these so I haven't been looking very hard.
2012/5/20 Jeff Kell jeff-k...@utc.edu
On 5/20/2012 10:54 PM, Keegan Holley wrote:
Are you sure? The only release bulletin I could find was from 2010 and
that's the year the EOS'd the non-E chassis.
They dropped the non-Es for the -Es
The 3750X is relatively new so I've only seen a few of them. Stackwise in
general is pretty solid. I've never seen a whole stack fail. If a member
fails the stack just keeps going, if the master tails a new master is
elected. One thing to watch out for is the fact that the 3750X isn't
intended
32bit counters would wrap at 4.29GB so it would never get to 300GB. As far
as I know most newer devices have 64 bit counters, but I could be
mistaken. The last update I could find on cisco.com was from 2007. It
would be pretty stupid to have gigabit interfaces on a device with counters
that
2012/4/19 Peter Subnovic cnspmail...@googlemail.com
Thanks Chuck, Bruce and James for your replys,
I did clear the counters 6 weeks ago (near the beginning of march) while i
was troubleshooting another issue .
The router was not rebooted for 15 weeks.
Thanks for the hint that the counters
The dsx panel isn't active so it wouldn't bundle a circuit for you. Also,
there isn't a way (AFAIK) to hand off a T3 clear channel with 26 of the 28
timeslots as dead air. You could bring it in on a more expensive box and
hand off ethernet with 2M of bandwidth, but that wouldn't be worth the
in the middle
with a DSX panel or use transparent bridging/irb on your router.
2012/4/18 Mike mike-cisconspl...@tiedyenetworks.com
On 04/18/2012 09:54 AM, Keegan Holley wrote:
The dsx panel isn't active so it wouldn't bundle a circuit for you.
Also, there isn't a way (AFAIK) to hand off a T3 clear
I agree with that. If it doesn't link at all with auto auto then the link
pulse frames that control speed negotiation are some how hindered. Since you
have three different devices exhibiting the same behavior on newer code I would
even skip to the switch being bad.
Sent from my iPhone
On
I have a bunch of these in the lab and haven't had a problem. Have you
tried enabling auto-negotiation? Have you tried changing port? Also, what
is the other side set for? What does it say? The problem sounds kind of
vague without an interface config or the exact device or nic you are trying
Have you tried removing all commands related to spd/dup on both ends and seeing
what it negotiates? Also you haven't mentioned what's on the other end or how
its configured.
Sent from my iPhone
On Apr 15, 2012, at 6:09 PM, graham gra...@g-rock.net wrote:
Hi there,
Anyone out there still
Does anyone have the throughput numbers for the new cisco 29XX/39XX
routers? I see they continue to omit them from the website.
___
cisco-nsp mailing list cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at
-
From: cisco-nsp-boun...@puck.nether.net [mailto:
cisco-nsp-boun...@puck.nether.net] On Behalf Of Keegan Holley
Sent: Friday, March 23, 2012 5:41 PM
To: Cisco NSPs
Subject: [c-nsp] routerperformance
Does anyone have the throughput numbers for the new cisco 29XX/39XX
routers? I see
Does cisco support NAT on it's rack mountable switches yet? 3560/3750X
etc..
___
cisco-nsp mailing list cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/
I think the information you posted pretty much sum's it up. OTV can span
layer-3 hops, fabric-path is all layer-2. I'm sure someone from cisco can
elaborate further, but the differences are simple since there are existing
protocols that do the same things. OTV is like VPLS/L2VPN without mpls
2012/3/7 Jared Mauch ja...@puck.nether.net
On Mar 7, 2012, at 9:23 AM, Nick Hilliard wrote:
On 07/03/2012 14:16, chris stand wrote:
thoughts/ideas/concerns
This works fine until you try it on smaller boxes and you find out that
they only support port-channel names up to 48 or
I seem to remember someone posting that using twin-gig converters on a
4900M shrinks the buffers on the resulting gig interfaces. I can only find
complaints about the 3560 and 3750 (non-x) in the archives though. Can
anyone fill in the blanks in my memory.
It usually means the server wasn't listening, was listening on a different
port or did not have the proper keys generated and could not negotiate
encryption. I don't know the debug options for ssh off the top of my head
but they should be simple to find on the interwebs if you need them. If
what do you mean by isn't working. No routes, traceroute dies, routes
but no traffic, only a subset of the destinations are reachable,etc..
2012/2/13 alex nyagah alex.nyaga...@gmail.com
Hi Group,
I have the following configs in my router but auto failover between two ISP
is not working, can
.
Keegan Holley ▪ Network Architect ▪ SunGard Availability Services ▪ 401
North Broad St. Philadelphia, PA 19108 ▪ (215) 446-1242 ▪
*keegan.hol...@sungard.com* keegan.hol...@sungard.com Keeping People and
Information Connected® ▪ *http://www.availability.sungard.com/
* http
:27 AM, Keegan Holley keegan.hol...@sungard.com
wrote:
I've always been nervous about automating something like, but to each his
own. There are a few different solution that poll specifically with
performance in mind. You should also be able to set the generic pollers
to
trap based
On Nov 29, 2011, at 5:44 AM, Gert Doering g...@greenie.muc.de wrote:
Hi,
On Mon, Nov 28, 2011 at 06:44:48PM -0500, Keegan Holley wrote:
2011/11/28 Gert Doering g...@greenie.muc.de
On Mon, Nov 28, 2011 at 11:41:08AM -0500, Keegan Holley wrote:
That wasn't centered around aggregates
2011/11/29 Gert Doering g...@greenie.muc.de
Hi,
On Tue, Nov 29, 2011 at 08:04:42AM -0500, Keegan Holley wrote:
That's crap.
In that case: I encourage all my competitors to do so.
What's your AS number? Shall we see what happens if I announce the /24
with your name servers
ERROR: Traceback information was not found.
In order to decode the Traceback information, the Stack Decoder
requires the platform
and version information to be present in the output and precede any
Tracebacks
or Stack Traces.
This could be a clue..
TRY THIS: Collect the output of the
2011/11/28 Mark Tinka mti...@globaltransit.net
On Saturday, November 26, 2011 12:01:35 AM Keegan Holley
wrote:
There's no family aggregate in cisco. That's one of the
reasons people buy junipers in the first place.
Definitely not us :-).
If we're dying for such a feature and it's
2011/11/28 Mark Tinka mti...@globaltransit.net
On Tuesday, November 29, 2011 12:06:28 AM Keegan Holley
wrote:
It's cleaner to have a route type for aggregates than a
static null0 route with the same default preference of a
static route.
Why would it be cleaner?
The static route
2011/11/28 Gert Doering g...@greenie.muc.de
Hi,
On Mon, Nov 28, 2011 at 11:41:08AM -0500, Keegan Holley wrote:
That wasn't centered around aggregates and no. Some of us don't run
gigantic intercontinental ISP's :) So yes us lowly Tier-II and Tier-III
AS's may on occasion learn our own
You can also apply attributes directly to the aggregate.
So you can set origin code, local pref etc. directly on
the route.
Yes, but you can also do that with a regular route-map for
your outbound BGP policy toward the route reflectors.
you have to admit creating a bunch of static
There's no family aggregate in cisco. That's one of the reasons people buy
junipers in the first place. If you want it to disappear when the
comprising routes are gone you should redistribute and use the aggregate
address command. You can also use suppress maps but I can't remember if
they work
2011/11/21 Martin T m4rtn...@gmail.com
Lets assume there is a following setup:
http://img844.imageshack.us/img844/9133/stp.png
ISP manages R1, C3550-24-A, C-355-24-B and C2950-24-A.
Customer-SW is fully under customer control. As you can see, there
are two paths to Customer-SW. What are
Your diagram got mangled. I think your PE facing interface has to be a
tunnel as well depending on the type of router you are connected to. Are
you the provider or is the MPLS transport a managed service? Many platforms
have a discard counter that may increment if it's dropping frames because
...@gmail.com
On Thu, Oct 27, 2011 at 12:41 PM, Keegan Holley keegan.hol...@sungard.com
wrote:
Your diagram got mangled. I think your PE facing interface has to be a
tunnel as well depending on the type of router you are connected to.
Assuming that the user port was an access port for vlan
Is it possible that the devices stop talking if they don't get any traffic?
So there are two events that happen. One your device disappears, two the
arp times out. They may not be happening at the same time though. Your
network description is kind of vague so I'm not sure where to go from
there.
2011/10/20 Pavel Lunin plu...@senetsy.ru
Folks, let me make a tiny semi-philosophical summarization on this :)
Any layer of hierarchy in packet networks gives you another chance to
benefit from statistical multiplexing (trick, because of which packet
switching rules). The more flows from
I need to add a port channel with L3 sub interfaces to a 6509 with a
SUP720. Here's the code and a sh mod from the box. This isn't explicitly
in the feature navigator. Is this not supported at all or do I just need a
different code version or feature set.
s72033_rp Software
2011/10/19 Dobbins, Roland rdobb...@arbor.net
On Oct 19, 2011, at 10:46 AM, Keegan Holley wrote:
If you can connect all your PE's without adding aggregation and core
layers you'd obviously time, money and avoid complexity.
On the contrary, while collapsed-core designs have some
2011/10/19 Mark Tinka mti...@globaltransit.net
On Wednesday, October 19, 2011 11:46:53 AM Keegan Holley
wrote:
If you can
connect all your PE's without adding aggregation and
core layers you'd obviously time, money and avoid
complexity.
Correct on time and money, but curious about
2011/10/19 Mark Tinka mti...@globaltransit.net
On Wednesday, October 19, 2011 04:29:50 PM Keegan Holley
wrote:
It depends on the features. Whatever features you need
on the PE are always going to be there. Whether you
connect your PE to a core of P routers or connect the PE
routers
The real question:
Are you selling customer links that are near to or equal to the size of
your core links(s).
Why would anyone do this on purpose and not upgrade the core? I understand
over-subscription but having your edge links the same speed as your core is
just asking for trouble.
2011/10/19 Jared Mauch ja...@puck.nether.net
On Wed, Oct 19, 2011 at 12:58:41PM -0400, Keegan Holley wrote:
The real question:
Are you selling customer links that are near to or equal to the size of
your core links(s).
Why would anyone do this on purpose and not upgrade
2011/10/19 Mark Tinka mti...@globaltransit.net
On Thursday, October 20, 2011 12:49:39 AM Keegan Holley
wrote:
+1 on the $$$. Still PE is one network P+PE is
essentially two networks.
No. P + P/PE is one network.
P + P/PE are two devices.
Maybe I was a bit loose with the details
As others have said you should probably make the other route a /25 as well.
Also, you may want to advertise both routes from both sides and make one
version less preferred. If one of the /25 disappears you'll blackhole
traffic. As for outbound traffic if you add a second vrrp group as master
on
It depends on your routers and your business. People like P routers because
they have the option of running just the IGP and a label protocol with a
very small table. PE routers have to store an entire table, including L2VPN
and L3VPN routes. I would ask the opposite question. Is your network
It looks like your logs start after the boot/switchover. Do you have a
syslog server? Anything interesting come in before these messages that may
have been wiped on boot? Does your show ver show a strange reboot reason or
a traceback? Do you have any thing setup for automated logins to this box?
2011/10/16 Gert Doering g...@greenie.muc.de
Hi,
On Sun, Oct 16, 2011 at 06:05:16PM +0200, Mikael Abrahamsson wrote:
Make sure whatever discounts you get do not expire.
Like our Cisco Powered Network certification, which Cisco revoked
because we didn't sell enough boxes right in the middle
I've done it playing around with 7204's. Is the IGP and RSVP/LDP working?
That was usually what broke for me. Stupid question but did you configure
the xconnect on the other side?
2011/10/13 Amir Chaudhri amir.chaud...@ascertiva.com
has anyone ever successfully got EoMPLS working between a
2011/10/11 Vincent Aniello vincent.anie...@pipelinefinancial.com
Can you be a bit more specific about the config?
We have two routers, the first router has two Internet connections, ISP A
and ISP B. The second router has a backup connection to ISP A. All three
connections take a full BGP
2011/10/11 Devon True de...@noved.org
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On 10/11/2011 1:41 PM, Keegan Holley wrote:
BGP timers are negotiated to the lowest value so even if your
carrier doesn't like it they won't be able to stop you. This will
also save you the trouble
Do you have a backup of the config? Assuming you're doing all this just to
migrate to a new box why not use the backup config to build the new box or
migrate? If you are going to fix it why not get the new working NPE and use
the backup to rebuild? I'm not sure password hacking the broken one
It's probably supported given the right IOS since the 7300 was supposed to
be a high end platform. I'd be more worried about the fact that it's
EOL/EOS if you are rolling it out new.
2011/10/7 Gert Doering g...@greenie.muc.de
Hi,
On Fri, Oct 07, 2011 at 04:37:37PM -0400, Deric Kwok wrote:
2011/9/27 Robert Raszuk rob...@raszuk.net
Hi Keegan,
over another. However, if the vrf's all have separate tables in the real
world then that should require the table lookup to come before the prefix
lookup. If not there would be no way to figure out which fib to search.
For packets
I think MTU discovery just has to work if you are going to use something
smaller than 1500 and fragmentation needs to work if you are going to set it
to something small. There are other caveats for specific scenarios.
2011/9/22 Righa Shake righa.sh...@gmail.com
Hi,
Is there any required MTU
an found that I could pass traffic without any issues
when I eliminate the router.
When I set the MTU to 1500 the BG was up and am now able to pass traffic
without any problem.
Regards,
Righa Shake
On Thu, Sep 22, 2011 at 9:03 PM, Keegan Holley
keegan.hol...@sungard.comwrote:
I think MTU
2011/9/17 Jason Lixfeld ja...@lixfeld.ca
I'm running into an issue with a carrier NNI circuit that is manifesting
itself as one-way traffic over an EoMPLS VC. I believe this behaviour to be
the result of the ethertype that the carrier requires us to set on this
interface.
By and large, the
On Aug 24, 2011, at 5:12 AM, Arie Vayner (avayner) avay...@cisco.com wrote:
Do you want to strip only the outer tag? If yes, then it should be
easy... Just configure the port as a trunk, and the egress port as an
access port of the VLAN you want to send there (it would work for 1 out
tag
device strips the 802.1Q tag and puts the
traffic into the appropriate customer VLAN.
http://www.cisco.com/en/US/docs/switches/lan/catalyst6500/ios/12.2SX/configuration/guide/dot1qtnl.html
Andras
On Wed, Aug 24, 2011 at 2:37 PM, Keegan Holley
keegan.hol...@sungard.com wrote:
On Aug
Have you looked into irb? I'm not sure if it's more important to have vpls
in your lab or just to bridge the traffic. IRB is pretty easy and supported
on everything.
2011/8/21 Pshem Kowalczyk pshe...@gmail.com
On 21 August 2011 21:45, Robert Hass robh...@gmail.com wrote:
Hi
I just want
You didn't mention if the replies are destined for the server you're doing the
capture on, IE the mac addressed learned on the port you're sniffing. If not,
it might be unknown unicast. Switch flood frames destined for macs that
haven't been learned yet. What is the source and dest of the
On Aug 19, 2011, at 11:25 AM, Jay Nakamura zeusda...@gmail.com wrote:
While testing, I am wondering, is it standard practice to clear my
community strings from routes before going to peer/transit?
On Thu, Aug 18, 2011 at 4:00 PM, Jay Nakamura zeusda...@gmail.com wrote:
This is a bit
Does anyone know of any issues with 3750G's and metro-e circuits? I vaguely
remember hearing of issues where you couldn't disable auto-negotiation on
the 3750G so it wouldn't like to transport gear that doesn't autoneg. I'm
looking at a couple of metro-e circuits connected to 6509's that won't
2011/7/19 Steven Pfister spfis...@dps.k12.oh.us
I have a question regarding etherchannel load balancing. I've got a
4507R switch connected to a 3560 switch by means of two content filters
which are acting as transparent bridges. The two ports on each side that
the content filters are
2011/7/12 Gert Doering g...@greenie.muc.de
Hi,
On Tue, Jul 12, 2011 at 07:46:00PM +, Leigh Harrison wrote:
There is a legacy layer 2 network which has had an mpls network
built over it. A link between two of the data centres is a dark
fibre between two Cisco 3750E switches running
2011/7/13 Gert Doering g...@greenie.muc.de
Hi,
On Wed, Jul 13, 2011 at 09:38:56AM -0400, Keegan Holley wrote:
You have an MTU problem. If you want to send (1500 byte + extra header
bytes) packets over a link with a MTU of 1500 - FAIL.
It's actually going to be 1500 - header sizes
far.
Leigh
Sent from my iPhone - apologies for any spelling or grammar mistakes
On 13 Jul 2011, at 18:57, Keegan Holley keegan.hol...@sungard.com
wrote:
2011/7/13 Gert Doering g...@greenie.muc.de
Hi,
On Wed, Jul 13, 2011 at 09:38:56AM -0400, Keegan Holley wrote:
You have an MTU
Most switches (not specifically familiar with the ME series) will compensate
for dot1q tags by transparently allowing packets of MTU+dot1q tag size.
This is not usually true for mpls (again not directly familiar with the ME
series) that being said the mpls header is exactly 4 bytes which seems
2011/7/9 Renelson Panosky panocisc...@gmail.com
I have a couple nexus pod up and running so i just created two more SVI in
my Nexus 7010 with the following configuratons. All my other SVIs are
configured exactly the same way and all of them are UP UP but the two new
one i just add. They are
shared segment upstream from the firewall.
2011/7/8 Stefan Fouant sfou...@shortestpathfirst.net
On 7/8/2011 12:28 AM, Keegan Holley wrote:
Could be interesting. I've rarely seen firewall as a service done right
though. It's hard to keep, cpu, memory usage, DDOS attacks,
misconfiguration
: cisco-nsp-boun...@puck.nether.net [mailto:
cisco-nsp-boun...@puck.nether.net] On Behalf Of Stefan Fouant
Sent: Friday, July 08, 2011 1:51 PM
To: Keegan Holley
Cc: juniper-...@puck.nether.net; cisco-nsp@puck.nether.net
Subject: Re: [c-nsp] [j-nsp] Firewalls as-a-service in an MPLS
infrastructure
Could be interesting. I've rarely seen firewall as a service done right
though. It's hard to keep, cpu, memory usage, DDOS attacks,
misconfiguration, etc. of one customers from affecting the other customers
that share hardware. That being said there are better platforms to run the
firewall
Lol@ 4.2.2.2
The biggest problem with blocking you tube is that is available from multiple
IP's. Anyone smart enough to rind another on and set their dns host file to it
will easily get around this. Then there's VPN proxy exploits. The best thing
is to implement a web filtering solution.
2011/6/24 Derick Winkworth dwinkwo...@att.net
1. Yes there are studies and comparisons. They are usually skewed/biased
favorably towards the company that is paying to have the study/comparison
done.
Agree, I don't think any of the neutral parties care about vendor selection.
They are more
I'm struggling with a use for DWDM optics. I understand the concept of
DWDM/CWDM and phase shifting to create more links over a single fiber. Once
that is done the ASIC/FPGA bandwidth allocated to the port remains the same,
correct? So if I create multiple 1G connections on a single port with
No this is exactly what I was looking for. I can definitely understand the
usefulness of having your routers transmit on a specific channel. Thanks!
2011/6/4 Brandon Applegate bran...@burn.net
On Sat, 4 Jun 2011, Keegan Holley wrote:
I'm struggling with a use for DWDM optics. I understand
2011/5/31 vince anton mvan...@gmail.com
Hello everyone,
need some insight from the list as how to best approach a bgp
routing/policy
issue, and whats generally done and considered good practise and good
policy.
Not to be rude but this might actually be the least specific question I've
Depends on what you're looking for. I've had good results with IXIA
ixiacom.com. They will do everything from FC/FCoE to simulated bgp/mpls
peerings and IMIX traffic. It's a hardware appliance so it performs very
well and is very flexible in the types of data it can create. It also
scales
2011/5/31 James Bensley jwbens...@gmail.com
Hi list,
Is there any way from either a router or L3 switch I can saturate a
line/link? I don't want to use a computer or external device.
Network appliances just don't have the chops to generate line rate data.
You need an external device to get
yep it has to be processed, process switched and stored somewhere. All
things that don't happen with traffic that traverses the router. I wouldn't
consider this accurate unless you were using it to test the throughput on a
router upstream from the one you are using to download a file.
rancid is a good tool. It's also base on expect and perl so it's easy to
modify the scripts to do other things. I installed this in a few other labs
(non-certification) the biggest problem I ran into was everyone's tendency
to blow away the routes,interface IP's and account info that alows
and it works very well. I found the install to be easy and it's very
flexable.
On May 29, 2011, at 10:25 AM, Ryan West wrote:
On Sun, May 29, 2011 at 13:10:57, Keegan Holley wrote:
Cc: cisco-nsp@puck.nether.net
Subject: Re: [c-nsp] using RANCID in a CCIE lab
rancid is a good tool
. There were alot of steps to manual install in centos, but I get alot
less headaches from red hat based utility boxes even if software installs
are a pain.
2011/5/29 Ryan West rw...@zyedge.com
On Sun, May 29, 2011 at 14:28:34, Keegan Holley wrote:
Subject: Re: [c-nsp] using RANCID in a CCIE lab
Not that I'm aware of. BGP doesn't require the same computations as an IGP
so it's almost limitless. iBGP isn't much different than eBGP in the way
routes are calculated from the perspective of what you are trying to do.
The bottleneck is almost certainly going to be the amount of RAM in your
, Keegan Holley wrote:
Not that I'm aware of. BGP doesn't require the same computations as an
IGP
so it's almost limitless.
Try building a fully-meshed network of 2500 routers and be surprised on
the amount of computational power you'll need...
gert
--
USENET is *not* the non-clickable part
2011/5/26 Nick Hilliard n...@foobar.org
On 26/05/2011 18:20, Keegan Holley wrote:
Why on gods green earth would anyone fully mesh 2500 routers.
People do the most extraordinary things. A couple of years ago, a well
large italian access service provider natted their entire customer range
what ports? can you post some of it?
On Fri, May 13, 2011 at 8:46 PM, Kevin Graham
kgra...@industrial-marshmallow.com wrote:
vty access lists along with login max-failure? (guessing somewhat blindly
without visibility into what the active tcb's were)
[sent from my mobile]
On May 11,
On Sun, May 15, 2011 at 10:17 AM, Dobbins, Roland rdobb...@arbor.netwrote:
On May 15, 2011, at 7:49 PM, Joe Freeman wrote:
I about to the point where I'm going to create a TCL script and use the
event scheduler just to clear the TIMEWAIT sessions every 12 hours or s
It would probably be a
On 03/05/11 12:49, Arie Vayner (avayner) wrote:
James,
Why do you need to advertise multicast routes over BGP?
We had to do this a while back to comply with upstream policies. They were
running multicast AF, and if we didn't advertise our unicast prefixes into
the multicast AF as well
Oh, well if you set next hop self all eBGP routes will come in with DMZ's
address. iBGP routes are never modified. They are long overdue for BGP,
lots of other boxes already run it and have been for years.
On Wed, Apr 27, 2011 at 7:59 PM, Christopher J. Wargaski
war...@gmail.comwrote:
Hey
I don't understand the drawing, but it looks like you have two routers
separated by a firewall and you are trying to send traffic to the DMZ router
even though the routes are advertised by the Indy-rtr. This seems to not
make sense, but I think it's just because I don't understand your diagram.
Are you asking about a route to 0.0.0.0 or the default or a route with a
next-hop of 0.0.0.0?
On Tue, Apr 19, 2011 at 10:46 AM, tao liu taosys...@gmail.com wrote:
following is the config for bgp and show ip route, thanks
router bgp 65453
no synchronization
bgp router-id 192.168.96.2
bgp
I may be missing something obvious, but shouldn't your prefixes have hit the
Internet with a hop count of 1 and the bogus routes a hop count of at least
three? If that's the case wouldn't your prefixes be the best path? Assuming
I've missed something than the no-export community and as prepend
I don't think fiber negotiates. It isn't usually capable of anything but
gig-full. Are you sure the carrier is using 1g fiber. Carriers are always
provisioning 100m smf interfaces for low-cap connections if you don't tell them
otherwise. I had a few customers get bitten by this.
Sent from
It depends on your environment, but yes it is safe to connect two internal
routers to the same upstream AS. You should also configure iBGP or HSRP (but
usually not both)
to control outbound traffic to AS xyz. I would also avoid redistributing
BGP into your IGP or vice versa. You should
Sent from my iPhone
On Apr 6, 2011, at 9:44 PM, Jon Lewis jle...@lewis.org wrote:
On Wed, 6 Apr 2011, Wil Schultz wrote:
Not netflow, but I use cacti to graph all switchports and aggregate ports as
needed into 95th percentile. Works well and there aren't any load concerns
on the
Have you tried google? Or better yet wherever you bought your last cisco
router? Not to be too rude, but posts like this attract spammers.
On Mon, Apr 4, 2011 at 11:05 AM, Rogelio scubac...@gmail.com wrote:
Anyone have any recommendations for a Cisco shop that can sell me 8
new Cisco 7201
On Wed, Mar 30, 2011 at 1:33 PM, Neal Rauhauser neal.rauhau...@gmail.comwrote:
I have the following two 6509s connected via a short single mode fiber run
-
they're about a hundred yards apart.
Are you sure the fiber and path are ok? patch panels, sfp's etc.. I've
replaced good fiber with
1 - 100 of 234 matches
Mail list logo