This might help:
http://www.nil.com/ipcorner/LoadBalancingBGP/
Ivan Pepelnjak
blog.ioshints.info / www.ioshints.info
-Original Message-
From: Matthew Melbourne [mailto:m...@melbourne.org.uk]
Sent: Friday, February 05, 2010 12:33 PM
To: cisco-nsp@puck.nether.net
Subject: [c-nsp
Just guessing: Local policy routing that sets DF bit on ICMP ECHO traffic
between two known IP addresses with the set ip df 1 command within the
route-map.
Let me know if it works ;)
Ivan Pepelnjak
blog.ioshints.info / www.ioshints.info
-Original Message-
From: Christopher Hunt
the
details ;)
Your situation might be easier as you're using default routing from the central
site, but do try to go for BGP everywhere.
Ivan Pepelnjak
blog.ioshints.info / www.ioshints.info
-Original Message-
From: Jason LeBlanc [mailto:jasonlebl...@gmail.com]
Sent: Wednesday
IPSec
due to failure at one of the remote sites.
Note: You might want to use something else to detect MPLS VPN failure, for
example IP SLA between remote router and central router. This will detect a
failure anywhere in the end-to-end path.
Ivan Pepelnjak
blog.ioshints.info / www.ioshints.info
. Microsoft
Network Load Balancing with unknown unicast MAC addresses immediately comes to
mind ;)
Ivan Pepelnjak
blog.ioshints.info / www.ioshints.info
___
cisco-nsp mailing list cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo
guess) the best you can do is to catch changes in tracked object's state
with an EEM applet that clears all NAT translations.
Ivan Pepelnjak
blog.ioshints.info / www.ioshints.info
So what is the bottom line? Is this the best that can be done with
simple end site redundancy with object tracking
ip nat translation outside address to kill
only the NAT translations tied to the failed IP address.
Ivan Pepelnjak
blog.ioshints.info / www.ioshints.info
-Original Message-
From: Joe Maimon [mailto:jmai...@ttec.com]
Sent: Sunday, January 24, 2010 5:06 PM
To: cisco-nsp
Subject: [c
anyway.
And I would be quite happy clearing just the translations for the
wrong global for all local inside translations, but syntax does not
seem to allow that.
Write a Tcl script that does show ip nat translations and kills only the
relevant ones ;)
Ivan Pepelnjak
blog.ioshints.info
You need EEM 3.1 to catch outbound SNMP traps. EEM 3.1 is (at the moment) only
available in IOS release 15.0M.
Ivan Pepelnjak
blog.ioshints.info / www.ioshints.info
-Original Message-
From: Arie Vayner (avayner) [mailto:avay...@cisco.com]
Sent: Wednesday, January 20, 2010 10:11 PM
Not nearly enough traffic. If you have reasonable-speed links, it's almost
impossible to saturate them with low-end routers. We tried with several
IOS-based options, including TTCP and had to fall back to embedded Linux-based
solutions.
Ivan Pepelnjak
blog.ioshints.info / www.ioshints.info
The MTU on PA-FE (probably) does not include MAC header and definitely does not
include CRC trailer. Otherwise the minimum value of 1500 wouldn't make sense.
-Original Message-
From: Tony [mailto:td_mi...@yahoo.com]
Sent: Wednesday, January 13, 2010 8:10 AM
To:
custom SNMP trap from an EEM applet with action snmp-trap
command (I haven't covered that one yet in my blog).
Hope it helps
Ivan Pepelnjak
blog.ioshints.info / www.ioshints.info
-Original Message-
From: Walter Keen [mailto:walter.k...@rainierconnect.net]
Sent: Friday, January 08, 2010
Are you trying to do destination-based routing (packet TO specific address
should go over specific link) or source-based routing (packet FROM specific /28
should go over specific upstream link)?
-Original Message-
From: Dracul [mailto:chris.gar...@gmail.com]
Sent: Tuesday, January
arie, will keep it in mind.
On Tue, Jan 5, 2010 at 5:00 PM, Ivan Pepelnjak i...@ioshints.info wrote:
Are you trying to do destination-based routing (packet TO specific
address
should go over specific link) or source-based routing (packet FROM
specific
/28 should go over specific upstream
This might help:
http://wiki.nil.com/IS-IS_in_OSI_protocol_stack
The drafts you've found deal with the fact that LLC1 packets (those that don't
use Ethertypes) cannot use the length field higher than 1500 (otherwise the
differentiation between LLC1 and Ethernet-II breaks down).
Ivan
Let's back a step and ask the questions we should have been asking in the first
place:
* Are you an end-user or a Service Provider (somewhat reliable answer could be
gleaned from Drew's e-mail address)?
* What's the size of your network?
* How many uplinks do you have?
* How far apart are your
ABR's appear to be injecting both the type 3 and type 7.
AHave I gone mad, or I need to hit back the books?
It depends :) Actually you've asked for it. The no-summary part of NSSA
statement generates type-3 default and the default-information originate
generates type-7 default. See the
Generally, putting each customer into a dedicated layer 3
network segment is a good idea - because half of the attacks
that a hacked server belonging to customer 1 might do to a
server from customer 2 (ARP spoofing, IP address spoofing
[- blaim goes to customer 2], HSRP attacks to the
RPF check?
-Original Message-
From: Mikael Abrahamsson [mailto:swm...@swm.pp.se]
Sent: Wednesday, August 26, 2009 3:53 PM
To: Gert Doering
Cc: cisco-nsp@puck.nether.net
Subject: Re: [c-nsp] Large networks
On Wed, 26 Aug 2009, Gert Doering wrote:
So how do you prevent
Actually... It did hurt somewhat :-/. Previous IOS that we
were running (7600 SXx and SRBx) were injecting type 7.
However, that behaviour changed with SRD2 and it injects
both. Naturally, type 3 wins.
I wrote the article more than a year ago and the 12.4T behavior at that time
was the
On Wed, Aug 26, 2009 at 04:21:52PM +0200, Ivan Pepelnjak wrote:
RPF check?
won't help for customer A is 10.0.0.1, customer B is
10.0.0.2, your router interface is 10.0.0.254/24.
This is debatable as the host routes point to various L3 interfaces ... I
guess it's time to start another
Well, I think that it's reckless to spend 4 globally routable IP
addresses instead of 1 per customer, when all you do is save a few
minutes of time per installation.
As I said: our customers usually use many more IP addresses
than just one.
And, of course, you're welcome to join us
There will be Lots Of Fun when IPv4 runs out, and whole new markets
of DSL customers (as in India, China, Arabia...) will not be able to
access web sites from vendors that have no IPv6 reachability. Goodby,
sales to that region...
Not gonna happen. Unfortunately there's so much stuff on the
ip name-server VRF name address specifies the DNS server to use for
operations in the specified VRF (for example, when doing traceroute, telnet
or ping on the PE-router within the VRF).
A bit more is written here:
http://www.cisco.com/en/US/docs/ios/12_4t/ip_addr/configuration/guide/tvrfdn
Running the telnet command does not work too well (although it might work
a bit better from Tcl EEM policy than from tclsh).
http://blog.ioshints.info/2007/10/you-cannot-start-telnet-session-from.html
However, you can open a TCP socket (to telnet port) from Tcl and issue the
commands. You could
I've tried all manner of options but
have yet to be successful NAT'ing between the global inside
and outside FVRF.
Did you use classic NAT (ip nat inside ... commands) or NAT Virtual
Interface (ip nat enable ... commands)? NVI works better in VRF environment.
Ivan
The router still belongs to the same area as it did before and would thus
advertise the area's prefix into L2 due to its own NET.
Remember the major difference between OSPF and IS-IS: A router (not an
interface) belongs to an area and a router (not an interface) has a NET.
Ivan
http://wanem.sourceforge.net/
You can download an ISO image that boots off the CD. It can be used on a PC
with two interfaces (emulating a router) or with a bit of static-route
trickery on the end hosts.
Worked perfectly for me when I had to do similar tests.
Ivan
It's probably easier to use the NAT Virtual Interface (ip nat enable
instead of ip nat inside|outside) in a VRF environment. You also don't
need NAT-on-a-stick with NVI.
Ivan
http://www.ioshints.info/about
http://blog.ioshints.info/
-Original Message-
From: Andy Saykao
First of all, you should use policing, not shaping. Although it's not as
user-friendly, it's not CPU-intensive (shaping is). See this article for
potential drawbacks:
http://wiki.nil.com/Policing_vs_shaping
A very simple implementation would push the policing rules to virtual access
interfaces
@Luan: Thanks for the link :))
@Joe: if you have EBGP sessions with the core MPLS VPN network, you're
losing the BGP cost community (resulting in the EIGRP-related redistribution
issues). It might be possible to tweak the WEIGHT attribute on the PE
routers (the routes redistributed into BGP have
Absolutely, with EEM 3.0 an applet can be triggered with an SNMP trap or
inform. The details are here (although the article describes a slightly
different task):
http://wiki.nil.com/Trigger_EEM_applets_with_SNMP_Informs
However, are you absolutely positive there is no other way to get what you
You can do it with EEM 3.0 (12.4(22)T if I'm not mistaken). Unfortunately I
haven't been writing about this feature yet, but here's a sample applet that
compares DHCP-acquired address to the previously-acquired one, maybe it will
come handy:
event manager applet DetectDHCPChange
event syslog
Much easier: run multihop EBGP session between Customer and ISP2 (plus the
regular EBGP session Customer-ISP1). Just make sure something reachable
within ISP1 is announced as the next-hop.
-Original Message-
From: jack daniels [mailto:jckdaniel...@gmail.com]
Sent: Monday, August 10,
Just make sure you configure the distribute-list in on ALL OTHER routers
in the area, otherwise you'll get some hard-to-troubleshoot loops or
blackholes.
Ivan
http://www.ioshints.info/about
http://blog.ioshints.info/
-Original Message-
From: Gergely Antal [mailto:sk...@skoal.name]
with the
distribute-list in.
Ivan
http://www.ioshints.info/about
http://blog.ioshints.info/
-Original Message-
From: Jeremiah Best [mailto:jb...@zyedge.com]
Sent: Thursday, August 06, 2009 6:13 PM
To: Ivan Pepelnjak; sk...@skoal.name; 'Manaf Al Oqlah'
Cc: cisco-nsp@puck.nether.net
OSPF does not work across unnumbered VLAN subinterfaces.
http://wiki.nil.com/Unnumbered_Ethernet_VLAN_interfaces#Limitations
Ivan
http://www.ioshints.info/about
http://blog.ioshints.info/
-Original Message-
From: Michael Ulitskiy [mailto:mulits...@acedsl.com]
Sent: Monday, August
Gentlemen, you forgot about IDRP (http://www.javvin.com/protocolIDRP.html).
You can already transport IPv4 and IPv6 over CLNS, this is the next logical
step :D
-Original Message-
From: Justin Shore [mailto:jus...@justinshore.com]
Sent: Tuesday, July 28, 2009 6:57 PM
To: Hank
is it really that simple? Will VRF-lite work without actually
using BGP or MPLS? Are there docs somewhere in the Cisco
spiderweb which are clearer on the topic than the ones which
are part of the SX doc train?
Yes, it's that simple. You don't need MP-BGP or MPLS for VRF lite to work.
You
It's actually quite simple: you need an EEM applet that triggers on X
occurences of a well-known SYSLOG message (OSPF neighbor going down) within
Y seconds, modifies the configuration (to insert passive-interface X into
the router ospf Y) and alerts the operators via an e-mail.
You'll find a few
Are the VOICE and DATA traffic going to distinct servers? If that's the
case, you can tweak the BGP route selection policy on the CE router. See
this article for an example (not too far off from what you're looking for):
http://www.nil.com/ipcorner/ScalablePolicyRouting/
If you cannot
[mailto:blah...@gmail.com]
Sent: Wednesday, July 22, 2009 1:10 AM
To: Ivan Pepelnjak
Cc: Ruben Alvarez; cisco-nsp@puck.nether.net
Subject: Re: [c-nsp] OSPF NSSA question
2009/7/22 Ivan Pepelnjak i...@ioshints.info:
You're probably looking for the ip ospf database-filter
all out command
Just configure network 0.0.0.0 0.0.0.0 in your BGP process. Whenever
there's a default route in the IP routing table, BGP will advertise it. More
details in:
http://wiki.nil.com/BGP_default_route
http://blog.ioshints.info/2007/11/bgp-default-route.html
Ivan
http://www.ioshints.info/about
Tcl doesn't have expect but it does have typeahead which you can
probably use to feed the input to Ping command.
http://wiki.nil.com/Insert_responses_to_command_prompts_in_Tclsh
http://wiki.nil.com/Tclsh_on_Cisco_IOS_tutorial
Ivan
http://www.ioshints.info/about
http://blog.ioshints.info/
You're probably looking for the ip ospf database-filter all out command.
And there can be more than one router in the OSPF stub area.
Ivan
http://www.ioshints.info/about
http://blog.ioshints.info/
Ok thanks. that answers my question. It's not a big deal, I
just was wondering.
As for
You cannot block HTTPS on the router with anything but the IP-based access
lists because (by definition) the HTTP request (which the URL filter,
content filter or NBAR recognizing HTTP uses) is encrypted.
If you want to block HTTPS requests for particular hosts, you need a HTTP
proxy which
This is good advice for newer machines but I've got a UBR
924 with 12.1T code on it - 'no service password-recover'
isn't an option for me. Which config-register setting will do
what I need?
None. You cannot disable break during the first minute (or so) with a config
register.
Seems
CE-PE subnets are part of VRF and thus cannot be inserted into the core IGP,
only in MP-BGP. It's way easier (and more scalable) to redistribute them
than to list them in the per-VRF BGP configuration.
Ivan
http://www.ioshints.info/about
http://blog.ioshints.info/
-Original Message-
Just make sure you test the feature (for each ROMMON release you're using)
with a known enable password first. It's somewhat impossible to break into
some ROMMON versions.
http://blog.ioshints.info/2007/12/recovering-from-disabled-password.html
Ivan
http://www.ioshints.info/about
More specifically ... SOHO multihoming solutions (includes object tracking
and reliable static routing)
http://wiki.nil.com/Small_site_multihoming
More reliable static routing tricks:
http://blog.ioshints.info/search?q=reliable+static
More DHCP-related tricks:
You'll probably find enough details here:
http://wiki.nil.com/Multihomed_MPLS_VPN_sites_running_EIGRP
If that's not the case, let me know and I'll fix the article.
Ivan
http://www.ioshints.info/about
http://blog.ioshints.info/
-Original Message-
From: Derick Winkworth
This scheme also doesn't work. I added next-hop-self on
rtr2_RR for both peers with rtr3 and rtr4.
I haven't been following this thread too closely, but it's worth mentioning
that the next-hop is not changed on reflected routes (even if you configure
next-hop-self on the neighbor). See Notes
You'll find a lot of information about IP Event Dampening here:
http://www.nil.com/ipcorner/IncreaseStability/
I haven't tried it in the EBGP scenario ... Jon, thanks for the pointer.
Ivan
http://www.ioshints.info/about
http://blog.ioshints.info/
Is there any way to force a delay on a BGP
: Tuesday, July 07, 2009 4:31 PM
To: Ivan Pepelnjak
Cc: cisco-nsp@puck.nether.net
Subject: Re: [c-nsp] IOS XR BFD
Ivan,
BTW, even the more traditional fast convergence
techniques (internal
BGP fast fallover) might be too aggressive and do more harm
than good.
Could you elaborate
Almost identical setup has been discussed on Nanog mailing list in the
beginning of June. Search the archives.
XCONNECT probably won't work over the Internet without MPLS/GRE/IP setup and
then you'll hit the MTU issues.
Ivan
http://www.ioshints.info/about
http://blog.ioshints.info/
The problem you have is that there's no outbound queue forming on the Dialer
interface (PPPoE is too fast, as it goes over outside Ethernet).
http://blog.ioshints.info/2009/06/adsl-qos-basics.html
You have to apply shaping to force a queue to form. The shaping has to be
configured on the
And my question is not how I should be in this situation.
What is the logical explanation that BFD does not work in internal
neighbors?
because it hasn't been developed to work in this scenario
under XR, which is likely due because it's not a commonly
deployed setup.
... because
If you're the customer (having only CE routers), this is a classic
primary/backup problem, only this time using BGP as the
core routing
protocol.
This sounds like what I'm planning on doing.GRE for the
routing protocolswe are on the CE end. If you could,
please
If you're the customer (having only CE routers), this is a classic
primary/backup problem, only this time using BGP as the core routing
protocol.
If you're the provider (using MPLS between your BGP routers to offer
whatever services), you can run MPLS over GRE over IPSec on the backup link
(just
Is there anything like this out there? Or do I have to get my
programmers to knock it up? ;-)
Dump the BGP table, process it with PERL, generate Quagga configuration and
you're done ... and don't forget to post the script when it works ;)
Here's a sample very simple Quagga configuration:
while configuring an OSPF process for a VRF on a Cisco
3550-12G (running 12.2(25)SE) I notice that the command
passive-interface
is unavailable. How can this be?
Interesting ...
Is there another way I can
suppress routing updates on an interface?
Sure - filter inbound OSPF packets. If
while configuring an OSPF process for a VRF on a Cisco 3550-12G
(running 12.2(25)SE) I notice that the command passive-interface
is unavailable. How can this be? Is there another way I can
suppress
routing updates on an interface?
You can put actual network commands in ospf
26, 2009 3:52 PM
To: Ivan Pepelnjak
Cc: Roman A. Nozdrin; Lukas Garberg; cisco-nsp@puck.nether.net
Subject: Re: [c-nsp] passive-interface on VRF-specific OSPF process
type-2 ;)
On Fri, Jun 26, 2009 at 3:32 PM, Ivan Pepelnjak i...@ioshints.info wrote:
while configuring an OSPF process
I wanted to propose the EEM solution :)
How about Tclsh with typeahead command?
http://wiki.nil.com/Insert_responses_to_command_prompts_in_Tclsh
Ivan
http://www.ioshints.info/about
http://blog.ioshints.info/
-Original Message-
From: David Freedman
Are you talking about OSPF reconverge time it the situation?
If you are,
the answer is 4 x OSPF hello timer configured on interfaces.( by
default: 40 secs for broadcast-multiaccess and
point-to-point and 120 secs for NBMA links).
Plus (worst case) the LSA origination timer (default: 5
You could use unnumbered Ethernet VLAN subinterfaces assuming your IOS
release supports them (or you could get your gear upgraded to a release that
does ... I am utterly confused when faced with Catalyst IOS releases):
http://www.cisco.com/en/US/docs/ios/12_3t/12_3t4/feature/guide/gtunvlan.html
See also http://wiki.nil.com/OSPF_default_routes for more details.
Best regards
Ivan
http://www.ioshints.info/about
http://blog.ioshints.info/
-Original Message-
From: Geoffrey Pendery [mailto:ge...@pendery.net]
Sent: Friday, June 19, 2009 2:36 PM
To: ying-xiang
Cc: cisco-nsp
Just guessing: for PBR you need netflow-like TCAM entries, so the first
packet in the flow is always processor-switched and then the subsequent
packets can be hardware-switched. Does this make sense to the switching
gurus?
Ivan
http://www.ioshints.info/about
http://blog.ioshints.info/
The last time I've seen discussion on this topic, you had to have an
external back-to-back connection between a VRF interface and a global
interface.
-Original Message-
From: Clue Store [mailto:cluest...@gmail.com]
Sent: Tuesday, June 16, 2009 4:18 PM
To: cisco-nsp@puck.nether.net
The obvious answer is to restrict the use of the shutdown command.
Unfortunately the technicians that often make the mistakes
have to be able to use the command to shut down Serial or
Ethernet interfaces in the course of their work.
Something along the lines of this EEM Tcl policies:
Could be yet another prompt-related EEM bug. See
http://blog.ioshints.info/2008/02/fix-bugs-in-eem-action-cli.html
http://blog.ioshints.info/2007/12/execute-cli-commands-with-prompts-in.html
Use the EEM debugging (debug event man action cli) to verify what's going
on.
Ivan
PBR by its nature is operationally brittle and ugly; if
there's another way to accomplish one's goal, it's generally
best to pursue an alternate method, if at all possible.
Absolutely forcefully agree :) While this is a bit off-topic here's an
example of what you can do with a
Haven't tried the server-based configuration yet (it only works on ISRs),
here's what you can do locally:
http://wiki.nil.com/Local_Content_Filtering_in_Cisco_IOS
Best regards
Ivan
http://www.ioshints.info/about
http://blog.ioshints.info/
-Original Message-
From: Jay Nakamura
The only reason I could see for this behavior is the per-platform specific
IP packet processing on the egress PE router.
Obviously the difference between the 7300 and the ASR is the exact moment at
which the TTL is decrememented in the switching path. Based on your
description, ASR decrements TTL
Absolutely agree with Bruce. For your particular setup, it would be best to
use two pseudowires (A-B and B-C) and run your own routing protocol over
them. This would (worst case, try to avoid) also allow you to transport
non-IP LAN data between sites (I don't know what DS8100 can do). However,
Let's be more precise. There is no publicly known way to remove a
non-private AS number from AS-path on a device running Cisco IOS ... but you
could always adapt Quagga source code to your needs.
As pointed out by previous replies, tweaking AS-PATH is a really bad idea.
BGP has numerous other
Pointers to everything you've ever wanted to know (and probably a lot of
what you don't want to know :)
http://wiki.nil.com/Small_site_multihoming
Hope it helps
Ivan
http://www.ioshints.info/about
http://blog.ioshints.info/
-Original Message-
From: Roy
Dynamips (which is under the hood of GNS3) could be used to emulate IOS
switching behavior as long as what you're trying to do is supported on the
routers. If you're testing standard spanning tree, Dynamips should be just
fine (you'll just configure routers as bridges).
OPNET is a great network
I absolutely agree with Charles ... although not on the provider will give
you the necessary details part. I've seen some service providers that were
somewhat inadequate in that respect (trying to be diplomatic :).
You might find some of the links/videos on my BGP resource center useful:
Your CPU is @ 70%, 25% of those spent in interrupt (CEF) packet switching
(the difference between 68% and 43% in the five-second figures), yet the IP
Input uses only 16%. There might be something else going on?
Ivan
http://www.ioshints.info/about
http://blog.ioshints.info/
-Original
Outbound traffic traverses the DMZ segment twice (FW - R2 - R1).
Inbound traffic traverses the DMZ segment once (R2 - FW).
The difference is that FW has no idea where to send the traffic (follows
default route), whereas R2 knows the internal network is reachable through
the FW.
Hope this helps
An EEM applet can be triggered only by a single condition. If you want to
trigger it from the command line (with the event man run command), it
cannot be triggered by anything else, so it must have event none
pseudo-trigger.
The event none is used to indicate that no trigger is actually what you
The drops keyword expects a regular expression. You should use fem
instead of *fem (or maybe .*fem).
Ivan
http://www.ioshints.info/about
http://blog.ioshints.info/
-Original Message-
From: Manu Chao [mailto:linux.ya...@gmail.com]
Sent: Wednesday, April 01, 2009 12:26 PM
To:
If you put each subnet in a VLAN, you could use interface counters.
Unfortunately, life is rarely so simple.
-Original Message-
From: char...@thewybles.com [mailto:char...@thewybles.com]
Sent: Monday, March 30, 2009 10:15 PM
To: Mohammad Khalil; cisco-nsp-boun...@puck.nether.net;
If all you need is to track whether you can ping the directly connected IP
address and react on the tracked object down status, you can use EEM with
the event track X state up|down trigger.
See the Not so very static routes section in this article
http://www.nil.com/ipcorner/SmallSiteMultiHoming/
I have crafted and applied some rules which I thought would
prioritize traffic from an 871w (via ADSL) to one specific
host. The idea is that any traffic destined to this host
should be prioritized over all other traffic.
What is your upstream connection? If you're using PPPoE, you won't
out of the DSL line as possible.
Best regards
Ivan
-Original Message-
From: Tim Franklin [mailto:t...@pelican.org]
Sent: Tuesday, March 24, 2009 1:57 PM
To: Ivan Pepelnjak
Cc: 'John Lange'; 'Cisco NSP'
Subject: Re: [c-nsp] Needs some help with QOS
On Tue, March 24, 2009 12:12 pm
http://www.cisco.com/en/US/tech/tk543/tk545/technologies_tech_note0918
6a00800b2d29.shtml
Basically, the virtual interfaces do not implement the
back-pressure algorithm necessary to signal that excess
packets should be queued by the Layer 3 (L3) queueing system.
Ok, so I'm going to
Did some tests on the NON-EXIST-MAP with 12.2SRC. I was spreading wrong
rumors, time to fix them:
* The route-map checks the routes in the BGP table (_not_ in the IP routing
table). Dale was right.
* It can take a while for the routes to be advertised/withdrawn; the
non-exist-map is checked only
You can't use permit any because it would match any route in the IP
routing table (including the connected interfaces). The access list used in
NON-EXIST-MAP is used on the IP routing table, not on the BGP table (that's
why the AS path doesn't work either).
Ivan
-Original Message-
:).
Ivan
_
From: Burak Dikici [mailto:bdik...@gmail.com]
Sent: Sunday, March 15, 2009 8:19 PM
To: Ivan Pepelnjak
Cc: Mateusz Blaszczyk; cisco-nsp@puck.nether.net
Subject: Re: [c-nsp] BGP conditional advertisemet - NON-EXIST route
map'saccess-list problem
Hi Ivan ,
Ok than , what
Tcl/TK: A developer's guide
http://www.msen.com/~clif/DevGuide.html
A bit more advanced book when you want to go slightly beyond the basics. I
wasn't too happy with it, but it did the job.
Ivan
-Original Message-
From: Justin Shore [mailto:jus...@justinshore.com]
Sent: Friday, March
Your original message indicated you had a router. Based on Cisco's
documentation tclsh doesn't work on most Catalyst switches.
Best regards
Ivan
_
From: Deric Kwok [mailto:deric.kwok2...@gmail.com]
Sent: Tuesday, March 03, 2009 2:22 PM
To: Ivan Pepelnjak
Cc: cisco-nsp@puck.nether.net
, the Command Lookup Tool is a great place to start;
you can even install it in your browser's toolbar.
Best regards
Ivan
_
From: Deric Kwok [mailto:deric.kwok2...@gmail.com]
Sent: Tuesday, March 03, 2009 9:26 PM
To: Ivan Pepelnjak
Cc: cisco-nsp@puck.nether.net
Subject: Re: [c-nsp] how
To get the top CPU consumers, use the show proc cpu sorted command. You're
probably experiencing increase in interrupt CPU usage (packet forwarding),
which is the second number in the CPU utilization for five seconds field
in the top line.
To get continuous CPU utilization display (similar to the
ok. Thanks. Well, I just miss the way Juniper shows things,
the level of details. Juniper would display the next hop that
it is carried in the BGP Update message.Marlon
Different EBGP neighbors might receive different next-hops in their updates.
Cisco IOS always displays what's in its BGP
96 matches
Mail list logo
