Re: [c-nsp] IOS-XR OSPF path selection
According to the below link, it's not quite as simple as the Cisco OSPF Design Guide writes: http://blog.ine.com/2011/04/04/understanding-ospf-external-route-path-selection/ ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] MPLS down to the CPE
We are looking for pros/cons of doing so. Just to mention several aspects: -with adding CEs into your MPLS cloud you're going to increase the number of routes IGP has to carry. -you mentioned the CE is in customer premises dependent on their environment variables that can eventually contribute to device outage which will consequently introduce instabilities to your IGP. Security is the main concern I don't know about this one. How plausible is that customer will replace your device with theirs without you noticing it + they crack all the passwords so they can run ISIS, LDP and BGP sessions with you. Are there any best practise types docs around this type of setup? Google for Unified MPLS. adam ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] MPLS down to the CPE
On (2013-03-05 09:58 +0100), Adam Vitkovsky wrote: -with adding CEs into your MPLS cloud you're going to increase the number of routes IGP has to carry. Unless you run OptB Security is the main concern I don't know about this one. How plausible is that customer will replace your device with theirs without you noticing it + they crack all the passwords so they can run ISIS, LDP and BGP sessions with you. They don't need to crack anything, they can just inject labels to the wire and get frames delivered. I feel customers are putting certain level of trust and expectation on how I handle MPLS network when they buy L3 MPLS VPN from me, and I suspect many would feel that above is breaking that trust. -- ++ytti ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] MPLS down to the CPE
Adam Vitkovsky adam.vitkov...@swan.sk writes: How plausible is that customer will replace your device with theirs without you noticing it + they crack all the passwords so they can run ISIS, LDP and BGP sessions with you. They don't need to do that. Just put a switch between the CE and the upstream. Then inject MPLS packets from a different port on the switch. Maybe one day we will get either strict MPLS label checks or L2 encryption and authentication. At that point the only attacks are to the CE itself. I am not holding my breath. /Benny ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] MPLS down to the CPE
On (2013-03-05 11:06 +0100), Benny Amorsen wrote: Maybe one day we will get either strict MPLS label checks or L2 encryption and authentication. At that point the only attacks are to the CE itself. I am not holding my breath. You need lung capacity of just weeks. Next IOS-XR release will implement RFC4364 page32 last sentence, i.e. uRPF/strict for OptB labels. -- ++ytti ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] MPLS down to the CPE
There are a number of solutions like using BGP labeled unicast, downstream on demand labels, or service level solutions like multi segment pseudowires. We have thousands of MPLS CPEs deployed at this point. Those endpoints are all L2 pseudowires, which are end to end or terminate into virtual L3 interfaces within VPNs. There is no way to inject anything, I have tested it extensively. Downsides to using MPLS CPEs is right sizing IGP areas and figuring out how to extend services. EVPN should help out with things as well. Phil From: Saku Ytti Sent: 3/4/2013 12:33 To: cisco-nsp@puck.nether.net Subject: Re: [c-nsp] MPLS down to the CPE On (2013-03-04 16:04 +0100), William Jackson wrote: I wanted to find out how many people run mpls down to the CPE ( owned by SP but co-located at customer ). We are looking for pros/cons of doing so. Security is the main concern, we have heard quite a lot about it as the current trend, but in reality is it a practise? I don't think it's very common, due to security reasons. Technically RFC4364 OptB would be quite nice replacement for VRFLite. But right now no one is implementing the 'uRPF/strict' style label checking RFC mandates, I know IOSXR short will. Maybe L2 pseudowires end-to-end from CEs securely probably isn't possible today. As labels are not randomized it's actually quite practical to send traffic to arbitrary L3 MPLS VPN, especially if you know what vendor they are running (to know where to start looking). -- ++ytti ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/ ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
[c-nsp] Influence VTI tunnel QoS based on remote site bw change?
Good morning, I would like to ask you all for some suggestions. In my scenario there are several hundreds of remote sites and 2 central sites. We're using IPSec VTI tunnels between the remote and central sites. Each remote site has a primary and a backup circuit with different BW. We were trying to figure out if there is a way to keep only 1 tunnel between each remote and central site, while if the primary circuit goes down on a remote site, the QoS policies are afected also on the central site VTI tunnel. In other words, if there a way (or feature) that the central site notices that the remote end is now using a backup link, so the VTI tunnel uses another QoS policy effectively adapting to the new receiver BW? With 2 tunnels per remote site, we could force each tunnel to only form itself on a specific circuit, but we were trying to avoid getting thousands of tunnels on the central sites. Any input is appreciated. Thanks! Regards, Fernando ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
[c-nsp] Lightweight Access Point behind NAT
Dear all, I am trying to deploy an Aironet 1242AG lightweight access point at a remote site which connects to the main office via an ADSL link. The ADSL modem also functions as a NAT gateway for this remote site. The problem I am facing is that although the LAP registers successfully with the WLC no clients are able to connect to the wireless network. The WLC I am using is a 5508 device running software version 7.4.100.0 and I have tried configuring the access point both in local mode and FlexConnect mode but without success. According to the documentation I could dig up on the cisco web site it should be possible to deploy a LAP behind NAT in such a manner so I am guessing that this is a question of nailing the right configuration. Could anyone point me in the right direction please? Best regards, Terence -- Ing. Terence H.Scott B.Eng. (Hons.), M.Sc. Senior IT Systems Engineer I IT Services University of Malta Tel. (+356) 2340 4126 E-mail: terence.sc...@um.edu.mt ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] MPLS down to the CPE
There are a number of solutions like using BGP labeled unicast, downstream on demand labels, or service level solutions like multi segment pseudowires Yes these all fall under the unified mpls umbrella EVPN should help out with things as well Yes the PBB-EVPN should be available this year adam ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
[c-nsp] Upgrading 12K IOS XR from 3.6 to 4.2
Hi, I'm in the process of upgrading 12K IOS XR from 3.6 to 4.2. But according to cisco upgrade path its seems to be from 3.6 - 3.9 , 3.9 - 4.2 ( http://www.cisco.com/web/Cisco_IOS_XR_Software/index.html#XR12000) . therefore i'm wondering that whether i can do turboboot . but there is no reference regarding the minimum rommon required to load the 4.2 IOS XR in turboboot ( min required is 1.24) . Also to upgrade the rommon there is no package available on the download section ( archive also doesn't have package) . Anyone having previous experience on 3.6 - 4.2 upgrade ? Thanks regards ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] MPLS down to the CPE
I was concerned about the control plane security. And I admit I haven't thought about the data-plane security i.e. sniffing or forging of the PE to PE data type of attacks. So you are 100% sure that no one can access your wires under no circumstances in all of your backbone? I mean this is why banks run their own encryption over our mpls links. adam -Original Message- From: cisco-nsp-boun...@puck.nether.net [mailto:cisco-nsp-boun...@puck.nether.net] On Behalf Of Saku Ytti Sent: Tuesday, March 05, 2013 11:28 AM To: cisco-nsp@puck.nether.net Subject: Re: [c-nsp] MPLS down to the CPE On (2013-03-05 11:06 +0100), Benny Amorsen wrote: Maybe one day we will get either strict MPLS label checks or L2 encryption and authentication. At that point the only attacks are to the CE itself. I am not holding my breath. You need lung capacity of just weeks. Next IOS-XR release will implement RFC4364 page32 last sentence, i.e. uRPF/strict for OptB labels. -- ++ytti ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/ ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] MPLS down to the CPE
On (2013-03-05 14:07 +0100), Adam Vitkovsky wrote: So you are 100% sure that no one can access your wires under no circumstances in all of your backbone? Not at all. But adding MPLS to customer would increase our exposure. -- ++ytti ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] Upgrading 12K IOS XR from 3.6 to 4.2
On 05-03-13 14:01, ibogzipper iboge wrote: Hi, I'm in the process of upgrading 12K IOS XR from 3.6 to 4.2. But according to cisco upgrade path its seems to be from 3.6 - 3.9 , 3.9 - 4.2 ( http://www.cisco.com/web/Cisco_IOS_XR_Software/index.html#XR12000) . therefore i'm wondering that whether i can do turboboot . but there is no reference regarding the minimum rommon required to load the 4.2 IOS XR in turboboot ( min required is 1.24) . Also to upgrade the rommon there is no package available on the download section ( archive also doesn't have package) . Anyone having previous experience on 3.6 - 4.2 upgrade ? As far as I remember you may need to repartition in order to the the upgrade and/or upgrade your flash. We didn't do as big step as you plan to do, and indeed the intermediate upgrade to 3.9 may be necessary. Please check the Cisco upgrade procedure, they are very good in describing what you can and what you can't. The rommon upgrades are in the fpd package, it is also very well described in Cisco docs. Please note some important SMU's for 4.2, some of them are reboot SMU's. -- Grzegorz Janoszka ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
[c-nsp] summary, but leak a couple
In ios xr how would I summarize all more specific's within this range, BUT leak a more specifics ? router bgp 64512 vrf one rd 1.1.1.1:1 address-family ipv4 unicast aggregate-address 10.0.0.0/8 summary-only but I want to leak, 10.10.10.0/24 how would I do that ? Aaron ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] Upgrading 12K IOS XR from 3.6 to 4.2
Thanks Grzegorz, down time window is the problem to go for 2 steps . rommon upgrades are in the FPD package but if i want to do the turboboot there is no way that i can install the new pie c12k-fpd.pie-4.2.4 on 3.6.2 and upgrade the rommon . is there any package that i can copy and upgrade the rommon like CRS .Cisco document mention about 3.x to 4.x with c12k-upgrade.pie-4.2.4 package but still confusing about direct 4.2 upgrade. On Tue, Mar 5, 2013 at 4:44 PM, Grzegorz Janoszka grzeg...@janoszka.plwrote: On 05-03-13 14:01, ibogzipper iboge wrote: Hi, I'm in the process of upgrading 12K IOS XR from 3.6 to 4.2. But according to cisco upgrade path its seems to be from 3.6 - 3.9 , 3.9 - 4.2 ( http://www.cisco.com/web/Cisco_IOS_XR_Software/index.html#XR12000) . therefore i'm wondering that whether i can do turboboot . but there is no reference regarding the minimum rommon required to load the 4.2 IOS XR in turboboot ( min required is 1.24) . Also to upgrade the rommon there is no package available on the download section ( archive also doesn't have package) . Anyone having previous experience on 3.6 - 4.2 upgrade ? As far as I remember you may need to repartition in order to the the upgrade and/or upgrade your flash. We didn't do as big step as you plan to do, and indeed the intermediate upgrade to 3.9 may be necessary. Please check the Cisco upgrade procedure, they are very good in describing what you can and what you can't. The rommon upgrades are in the fpd package, it is also very well described in Cisco docs. Please note some important SMU's for 4.2, some of them are reboot SMU's. -- Grzegorz Janoszka ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/ ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] Upgrading 12K IOS XR from 3.6 to 4.2
Have you looked to see if you download the rommon separately? On Tue, Mar 5, 2013 at 10:48 AM, ibogzipper iboge ibogzip...@gmail.comwrote: Thanks Grzegorz, down time window is the problem to go for 2 steps . rommon upgrades are in the FPD package but if i want to do the turboboot there is no way that i can install the new pie c12k-fpd.pie-4.2.4 on 3.6.2 and upgrade the rommon . is there any package that i can copy and upgrade the rommon like CRS .Cisco document mention about 3.x to 4.x with c12k-upgrade.pie-4.2.4 package but still confusing about direct 4.2 upgrade. On Tue, Mar 5, 2013 at 4:44 PM, Grzegorz Janoszka grzeg...@janoszka.pl wrote: On 05-03-13 14:01, ibogzipper iboge wrote: Hi, I'm in the process of upgrading 12K IOS XR from 3.6 to 4.2. But according to cisco upgrade path its seems to be from 3.6 - 3.9 , 3.9 - 4.2 ( http://www.cisco.com/web/Cisco_IOS_XR_Software/index.html#XR12000) . therefore i'm wondering that whether i can do turboboot . but there is no reference regarding the minimum rommon required to load the 4.2 IOS XR in turboboot ( min required is 1.24) . Also to upgrade the rommon there is no package available on the download section ( archive also doesn't have package) . Anyone having previous experience on 3.6 - 4.2 upgrade ? As far as I remember you may need to repartition in order to the the upgrade and/or upgrade your flash. We didn't do as big step as you plan to do, and indeed the intermediate upgrade to 3.9 may be necessary. Please check the Cisco upgrade procedure, they are very good in describing what you can and what you can't. The rommon upgrades are in the fpd package, it is also very well described in Cisco docs. Please note some important SMU's for 4.2, some of them are reboot SMU's. -- Grzegorz Janoszka ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/ ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/ ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] cisco nexus 6001/6004
25Mb per 3 QSFP ports. http://d2zmdbbm9feqrf.cloudfront.net/2013/eur/pdf/BRKARC-3453.pdf 6004 starts at $90k list. 6001 pricing is not finalized yet, but should be around half of that. -Original Message- From: cisco-nsp-boun...@puck.nether.net [mailto:cisco-nsp-boun...@puck.nether.net] On Behalf Of Piotr Sent: Tuesday, March 05, 2013 1:36 AM To: cisco-nsp@puck.nether.net Subject: [c-nsp] cisco nexus 6001/6004 Hi, I'm not sure about buffers in this switches: There are 25MB per every 3 ports 40Gb (800 MB per entire 6004) or only 25 MB per whole switch ? Anyone knows the gpl price for 6001 and 6004 ? thanks in advance regards Piotr ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/ ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] Influence VTI tunnel QoS based on remote site bw change?
[resending using cisco-nsp subscribed address] On Mar 6, 2013 5:13 AM, Dale Shaw dale.s...@gmail.com wrote: Hi Fernando, On Mar 5, 2013 9:52 PM, Fernando Santos fernandomiguelsan...@gmail.com wrote: […] We were trying to figure out if there is a way to keep only 1 tunnel between each remote and central site, while if the primary circuit goes down on a remote site, the QoS policies are afected also on the central site VTI tunnel. This is just an untested idea but perhaps you could combine EEM on the spoke side with the per-tunnel QoS NHRP feature available for DMVPN? http://www.cisco.com/en/US/docs/ios/sec_secure_connectivity/configuration/guide/sec_per_tunnel_qos.html Maybe using EEM to change the NHRP parameters on the spoke's VTI when it switches to the backup link is enough to signal to the hub that it should use a different outbound service-policy. I'm not sure if you'd have to be running DMVPN to make this work -- it'd have to be tested. Cheers, Dale ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] Influence VTI tunnel QoS based on remote site bw change?
Thanks for the suggestion Dale, I'll have a look into that. In the meantime, if anybody has any more ideas please let me know. Regards, Fernando On 05/03/2013, at 18:13, Dale Shaw dale.s...@gmail.com wrote: Hi Fernando, On Mar 5, 2013 9:52 PM, Fernando Santos fernandomiguelsan...@gmail.com wrote: […] We were trying to figure out if there is a way to keep only 1 tunnel between each remote and central site, while if the primary circuit goes down on a remote site, the QoS policies are afected also on the central site VTI tunnel. This is just an untested idea but perhaps you could combine EEM on the spoke side with the per-tunnel QoS NHRP feature available for DMVPN? http://www.cisco.com/en/US/docs/ios/sec_secure_connectivity/configuration/guide/sec_per_tunnel_qos.html Maybe using EEM to change the NHRP parameters on the spoke's VTI when it switches to the backup link is enough to signal to the hub that it should use a different outbound service-policy. I'm not sure if you'd have to be running DMVPN to make this work -- it'd have to be tested. Cheers, Dale ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
[c-nsp] mac flap
I hope someone has seen something like this: %SW_MATM-4-MACFLAP_NOTIF: Host .. in vlan 111 is flapping between port Fa0/15 and port Fa0/8 Fa0/15 and F0/8 are server ports,the servers connected to the ports are sending Ethernet frames destined to the all zero's mac address. What is it DHCP? BOOTP? It is isolated to three ports only, if I move one of the affected servers to a different port the behavior follows. Unconfigured virtualized servers may broadcast to the all zeros? Misconfiguration on the server? network boot enabled? Not likely since a static IP is assigned and the servers are active, vmware, vbox, etc .. not installed My logs are filed with these messages, I could disable the mac change notification but i would like to understand what is going on. tcpdump: 23:22:54.620303 00:00:00:00:00:00 00:00:00:00:00:00 Null Information, send seq 0, rcv seq 0, Flags [Command], length 46 23:22:55.628724 00:00:00:00:00:00 00:00:00:00:00:00 Null Information, send seq 0, rcv seq 0, Flags [Command], length 162 23:22:59.449619 00:00:00:00:00:00 00:00:00:00:00:00 Null Information, send seq 0, rcv seq 0, Flags [Command], length 46 23:23:00.579483 00:00:00:00:00:00 00:00:00:00:00:00 Null Information, send seq 0, rcv seq 0, Flags [Command], length 46 23:23:02.635356 00:00:00:00:00:00 00:00:00:00:00:00 Null Information, send seq 0, rcv seq 0, Flags [Command], length 46 23:23:05.362423 00:00:00:00:00:00 00:00:00:00:00:00 Null Information, send seq 0, rcv seq 0, Flags [Command], length 46 23:23:05.962898 00:00:00:00:00:00 00:00:00:00:00:00 Null Information, send seq 0, rcv seq 0, Flags [Command], length 46 thanks in advance, Mike ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] IOS XR and router rib rump always-replicate
About that, Oliver, is multicast-BGP production ready in IOS ans IOS XR. Specifically ASR9k, 7606 Sup720, ME3600X and 3560/3750? Whould be nice too remove PIM from the core, just as Gert says limited use = limited support. On 1 March 2013 19:23, Gert Doering g...@greenie.muc.de wrote: Hi, On Fri, Mar 01, 2013 at 02:56:07PM +0100, Mikael Abrahamsson wrote: I haven't tried to get Internet multicast working for a few years, basically because nobody used it. We had it working via transit and a few peers a few years back, I have no idea if it works now or not. Our experience: it doesn't. We turned it off with our upstreams a few years back, because every time someone wanted to use it for real (every few months) we found that some upstream changes had broken it again, like turning up new links but forgetting PIM on them and such. And debugging this is a major nightmare, as you need clueful people to look at every single step. Which, unfortunately, neither of our then-upstreams were able to provide (we do not see a problem, can we close the case?). gert -- USENET is *not* the non-clickable part of WWW! // www.muc.de/~gert/ Gert Doering - Munich, Germany g...@greenie.muc.de fax: +49-89-35655025 g...@net.informatik.tu-muenchen.de ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/ -- *Med Vänliga Hälsningar - Best Regards* *Mattias Gyllenvarg* *Nätutveckling* Bredband2 Tel: +46 406219712 ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] IOS XR and router rib rump always-replicate
On Wed, 6 Mar 2013, Mattias Gyllenvarg wrote: About that, Oliver, is multicast-BGP production ready in IOS ans IOS XR. Specifically ASR9k, 7606 Sup720, ME3600X and 3560/3750? People have been running multicast on XR (ASR9K) and 7600 since forever. I'd be more worried about ME3600X and 3560/3750, but at least on the 3560/3750 they're mature platforms so I'd imagine it works there as well. Whould be nice too remove PIM from the core, just as Gert says limited use = limited support. How is multicast supposed to work without PIM? What Gert was talking about was Internet multicast, ie multicast between ISPs. Watching NASA multicast streams for instance (I did this at my university in ~1995). Very few commercial ISPs support this. -- Mikael Abrahamssonemail: swm...@swm.pp.se ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/