Equivalent for an "IP accounting" in MPLS Network

Do we have an equivalent for an IP accounting in an interface in MPLS network. I would like to know this to identify traffic flowing across a WAN interface which is being tag/label switched

Thanks gopal. However this command "show tag-switching forwarding table" did not help me find a host in a network choking up the WAN link. I heard from one of the cisco reps saying cisco is releasing an IOS to do this in Feb. I hope that helps.

Similar Messages

  • Path Selection for Routes Across MPLS Network

    Customer hub site has two CE routers with two links connected to two seperate PE routers in the Carrier's MPLS network. At the customer's remote site one CE router on a single link is connected to PE router in MPLS network.
    How can I configure the CE routers at the hub site to advertised the same network across the MPLS network to the CE router at the remote site? Also, how can I configure the CE router at the remote site to select on of the router as the primary and the other as secondary? Can I use local-preference on the CE router at the remote site to selected on path over the other.
    I'm not sure if this makes any sense. Any help will be appreciated. Thanks

    Even with multiple RDs for VRFs belonging to the same VPN, you still need IBGP multipath, correct? Multiple RDs is just to get around the RR restriction.
    Also, you posted this message a while back:
    "If you have many VPN customers all using the same addresses (most likely rfc1918), the fact that they have different RDs and that the PE prepends the RD to the prefixes exchanged between PEs will make the same prefixes different in the MPLS VPN core
    cust1 advertises 192.168.1.0/24 with RD 1:1 therefore
    VPNv4 prefix is 1:1:192.168.1.0
    cust2 advertises 192.168.1.0/24 with RD 1:2 therefore
    VPNv4 prefix is 1:2:192.168.1.0"
    My test lab does not support the IBGP multipath command, and thus even with different RDs, it still only installs one best path.
    I understand that RD = make unique VPNv4 routes in SP space, and that RT = what to import into the VRF. However, I am having a hard time visualizing the scenario with mutiple RDs for the same VPN for load balancing purposes. I am trying to understand the logic behind it.
    Per your example, if both 1:1 and 1:2 are received by the remote PE, assuming IBGP multipath is enabled, why would the remote PE load balance between the two links? Why would it assume that the hub subnets are reachable via two different PEs, and that it's not two different, isolated VPNs altogether?
    Is it b/c you imported both 1:1 and 1:2 into a VRF at the remote PE?

  • Full mesh VPN solution for on MPLS network with PE and CPEs

    Hi,
    We are trying to evaluate some best solution for Hub-Spoke mesh vpn solution in a MPLS network. The VPN hub router will be in PE router and all the VPN spoke will be in CPE.
    Can someone please let us know what will be the best vpn solution, we understands that there will be some technical limitations going with GETVPN but still we did counld find any documenation for possiblity of using DMVPN.
    How about the recent flexvpn, can fex-vpn work on this requirement, where can i get a design/configuration document.?
    thanks in advance.

    Hello,
    GetVPN is intended for (ANY-to-ANY) type of VPN communication, over an MPLS network with Hub and Spoke Topology, your best Option is to look for Cisco (DMVPN) implementation where this type of VPN is primarily designed for Hub & Spoke.
    Regards,
    Mohamed

  • Routing Protocol recommendation for MPLS Network

    I am in the process of building a 14 site MPLS network for voice and data traffic. The vendor installing the network has configured RIPv2 as the routing protocol. I am considering switching this over to EIGRP. Can anyone explain to me why this would be better or should I just stay with RIP.
    Thanks

    Hi Chip,
    Its not very clear whether you are implementing a MPLS network or implementing a Network over MPLS for an end user with 14 sites.
    1) If MPLS network then other IGP variants than OSPF and ISIS best avoided. Now if the choice is between ISIS and OSPF then my personal recommendation would be OSPF. And this decision is purely driven by Operational Considerations rather than any technical advantages. Since at the end of the day what matters is how easy it is to implement add delete or troubleshoot the network.
    2)If for End User then it would not be right to recommend EIGRP or RIP or OSPF without knowing the current size & topology of each of these 14 sites, as well as the desired expansion plans. But if these 14 sites are the only sites and are all standalone branch sites connecting over MPLS VPN then RIP,EIGRP or OSPF can be implemented as per your and customer comfort.
    HTH-Cheers,
    Swaroop

  • MPLS Network for an Enterprise

    Hi,
    I am desiging an MPLS network for an enterprise customer. He would like to have both L2 and L3 VPNs (EoMPLS and VPLS). Initially I thought of positioning ASR1000 but later I ruled it out as it does not support VPLS. So it comes down to 7600. Then I have seen that we have 67XX, ES20 and SIP400 line cards. So what should be my choice for CE facing and Core facing line cards to run all the MPLS services (including MVPN). The customer needs only 3 ports to the access and 1 port as uplink.
    Regards,
    Prakash

    Hi Prakash,
    Definately go for the 7600 ES Line Cards:
    http://www.cisco.com/en/US/prod/collateral/routers/ps368/data_sheet_c78-570730.html
    They look like more than enough to do the job for your requirements.
    HTH.
    Regards,
    Joe.

  • L3 mpls network with out P router, all PE to PE plus daisy chainging

    Guys, is it possible to run a core l3 MPLS network over 7600s and 3800s with out any P routers? The reason i aak is because of the particular situation where we will have to daisy chain PE routers due to lack of fiber.
    any thoughts?

    As martin says absolutley limited problems with this it will work a charm UNTIL yo urun into scaling issues. You are daisy chaining all the PEs which would also suggest to me that you are daisy chaining your RRs. In an mpls network the RR's have enough state to handle to keep them busy enough without also having to deal with passing labels about the network. Also you will have any cisco account team breaking down your door putting the fear of god into you for not having at least 2 P routers ;-). So yes you can indeed run it like you say but the lifetime of your network will be very limited indeed. If your not an SP then dont be concerned - unless you are an enterprise with 10000000s routes then id start to worry. Oh they (cisco) also state that PEs also have enough to do in their life without passing labelled packets about the place. sit and think about what your poor PE is having to do daily it could be 100 vrfs routing tables, which in turn means layer 3 lookups to find out where the packet has to go, qos, multicast, bgp, ospf, rip, eigrp, your own internal IGP, TE tunnels, RSVP - this poor router has enough to do without also adding transit traffic. ;-)

  • Why CEF needed in MPLS Network??

    I have read the MPLS Fundamentals book by Luc De Ghein, So I understand from the from book that cef needs to enabled in edge routers to tag or untag labels (for Ip packets). I am eager to know why Mpls (Not a cisco proprietary) depends on a cisco proprietary CEF?? If I use Non-Cisco routers in the mpls edge how come the labels get tagged for ip packets??
    <<<<<<<<<Taken from Book>>>>>>>>>>>>>
    MPLS Fundamentals - Luc De Ghein
    Why Is CEF Needed in MPLS Networks?
    Concerning MPLS, CEF is special for a certain reason; otherwise, this book would not explicitly
    cover it. Labeled packets that enter the router are switched according to the label forwarding
    information base (LFIB) on the router. IP packets that enter the router are switched according to
    the CEF table on the router. Regardless of whether the packet is switched according to the LFIB
    or the CEF table, the outgoing packet can be a labeled packet or an IP packet
    <<<<<<<<>>>>>>>>>>

    Hello Bava,
    the key point is that LDP or RSVP TE are able to generate distribute labels for FECs but they do not create the FECs from stratch.
    FEC = Forwarding Equivalent Class
    a destination IP subnet is a typical FEC.
    cisco MPLS code takes advantage of the work done by CEF and uses as input data the FIB (Forwarding Information Base) mantained by CEF, to build the LFIB that is the table where for each FEC there is an association with a label taken from the local node label space.
    The work done by CEF is not so different from what is needed by MPLS: the biggest difference is that the CEF table is kept local and not exported to any other device. MPLS FEC/label bindings are advertised.
    In MPLS frame mode the labels are distributed in unsolicited downstream mode.
    Unsolicited means that the label/FEC association is buiilt based on the topology FIB instead  of waiting for some device to ask a label for the FEC.
    downstream means the labels are sent in the opposite direction of that used by traffic.
    Other attributes are:
    indipendent : means each LSR is free to create its own FEC/label association before receiving the label from the edge LSR that owns the prefix or from a device that is nerarest to the IP subnet (upstream)
    liberal retention: the device will keep note of labels advertised by neighbors even if they are currently not on the best path. This can be seen in the output of show mpls ldp binding and allows for faster recover in case of failure of the best path.
    The unsolicited and liberal retention in standard frame mode comes from the relatively big label space (roughly one milllion labels)
    This was not possible in MPLS cell mode where the label space was small. So MPLS cell mode used on demand downstream label binding and no retention.
    Also MPLS allows for label stacking = use of multiple levels of MPLS Label for services like L3 VPNs
    to be noted other implementations are different in some aspects and each vendor has its internal tecnique to build a table of FECs to be used as starting point for MPLS code.
    For example indipendent label/FEC mapping has its own drawbacks it may be better to wait for a label to be received from a device upstream = nearest to the IP prefix in order to ensure the path is end to end.
    Hope to help
    Giuseppe

  • [SOLVED] how to use diffrent iptables rules for different ppp account?

    x86 plantform run arch linux system , have two network interface etn1 eth0 .eth1 connect to internet. eth0 connect to other terminals through switch. want use different iptables rules for different pppoe account .also want to know how to forbidden more than one terminals established pppoe link use same account at the same time .
    Last edited by linuxsir (2013-09-26 06:48:01)

    (You establish PPPoE sessions over the local network to the Arch machine? Which then routes the traffic?)
    first question ,yes that is exactly what i am done. second question i also have a small  scripts on windows pc to solve routes traffic problem
    route -p delete 0.0.0.0
    route -p add 192.168.9.0 mask 255.255.255.0 192.168.9.1
    route -p add 0.0.0.0 mask 0.0.0.0 192.168.22.0
    but after a while i found scripts is not necessary because windows always attempt to use PPPoE sessions as default internet connection local connection is also ok
    and use  -i pppX in my iptables rules dose not  solve my problem , because same account start PPPoE session could be marked as ppp0 or ppp1. it is hard to identified which account start session.

  • In our enterprise MPLS network we are using 192.168.20.0/24 subnet, in this subnet we have not assigned the IP 192.168.20.200/30 & 204/30, But still these subnets are reachable . Are these NNI IP ...Please explain.

    In our enterprise MPLS network we are using 192.168.20.0/24 subnet, in this subnet we have not assigned the IP 192.168.20.200/30 & 204/30, But still these subnets are reachable . Are these NNI IP ...Please explain.

    I have checked with ISP, there response is like below:
    Those are the NNI to GBNET IPs for Dominican Republic. They are Network IPs. You should be able to ping them-that means they are working.
    WANRT01#show  ip route | include 192.168.20.20
    B        192.168.20.200/30 [20/0] via 192.168.20.226, 02:18:29
    B        192.168.20.204/30 [20/0] via 192.168.20.226, 02:18:29
    Here its shows from any of our MPLS site we are able to trace the IP and it seems like, 192.168.20.204/30 is one more site but in actual its not.
    INMUMWANRT01#ping 192.168.20.205
    Type escape sequence to abort.
    Sending 5, 100-byte ICMP Echos to 192.168.20.205, timeout is 2 seconds:
    Success rate is 100 percent (5/5), round-trip min/avg/max = 224/232/260 ms
    INMUMWANRT01#trace              
    INMUMWANRT01#traceroute 192.168.20.205
    Type escape sequence to abort.
    Tracing the route to 192.168.20.205
    VRF info: (vrf in name/id, vrf out name/id)
      1 192.168.20.226 24 msec 24 msec 24 msec
      2 192.168.20.206 [AS 8035] 232 msec 232 msec 252 msec
      3 192.168.20.205 [AS 8035] 224 msec 224 msec *

  • HT2589 My new ipad air will not download apps or ask for my itunes account info when I do try to download or purchase an app.

    Just added the new ipad air to my itunes account. When I go to purchase or download apps it will not ask for my itunes account info, a grey box appears on my main screen with "waiting" under it and in the "app store" it will show the app that i chose with a constant spinning circle. Any ideas?

    The iCloud account has nothing to do with downloading apps over wireless, but if you do not have an iCloud account you can delete that account information if you want to do so.  Do you have other use of WiFi with the iPad?  It is connecting and working correctly for email and such?
    You could try going to Settings > General > Reset > Reset Network Settings and then re-select the WiFi network and enter the password again...then do a reboot by holding both the power and home buttons until the apple logo appears, ignore the red slider if that appears.
    All of that may clear problems of a minor nature.

  • "Home Shared" Apps are asking for original iTunes Account?

    my Dad just got his iPad (64GB WiFi) and asked me to set it up for him (register, transfer content, etc)
    i've had mine (32GB 3G) for a while, so i have a bunch of apps (free and paid).
    i've never used _Home Sharing_ before but i figured that would be a better solution that re-downloading all these apps of mine to his MacBook Air or over WiFi to his iPad so i enabled _Home Sharing_ between his MBA and my MacBook Pro.
    i only transferred iPad apps. no other content.
    everything went fine. until one of the apps on his iPad had a software update. when he went to the App Store, on the iPad, it prompted him for MY iTUNES ACCOUNT and MY PASSWORD.
    *what am i doing wrong here?*
    *is this how home sharing is supposed to work?* (that he has to enter my iTunes account info or be stuck with whatever version of the app lives on his device at the time of the initial "Home Share"?)
    we live together but are rarely on the same network so really, this was intended to be a one time setup to get him started.
    Thanks in advance,
    L

    This situation of yours doesn't seem to be any different from my experiences over the years while using my iMac, iPhone, and my wife's iPhone.
    While using each device, we just sign in to iTunes using my own userName and password each time. It works, marvelously. (I didn't think about that five device limitation when recently adding our new iPad, though.)
    Each and every time we sign on to iTunes, it asks for userName and password. This is an essential task for Apple, otherwise they would lose accountability.
    Are you upset that your father cannot enter his own iTunes userName and password? Well, if he has his own account, then he had an iTunes library different from yours. If your father did not purchase the app being updated, then would you expect Apple to provide a free update based on his userName and password? (Don't hold your breath.)
    It's OK to have two or more iTunes accounts. If you want to let your father update your apps for you, then let him enter your iTunes userName and password when it is requested. (I bet he already knows what those vital statistics are!)
    Accounting is a nightmare for most of us, isn't it?

  • Tacacs authentication fails for one user account for only one switch

    Hi,
    I am having an scenario, where as Tacacs authentication fails for one user account for only one switch.
    The same user account works well for other devices.
    The AAA configs are same on every devices in the network.
    Heres the show tacacs output from the switch where only one user account fails;
                  Socket opens:        157
                 Socket closes:        156
                 Socket aborts:        303
                 Socket errors:          1
               Socket Timeouts:          2
       Failed Connect Attempts:          0
            Total Packets Sent:       1703
            Total Packets Recv:       1243
              Expected Replies:          0
    What could be the reason ?
    No errors on ACS server; same rights had been given to the user account.
    Thanks to advise.
    Prasey

    Hi there,
    Does the user get authenticated in the ACS logs?
    reports and activity----> failed attempts
    ro
    reports and activity----->  passed authentications
    That will help narrow it down.
    Brad

  • How do I share a computer account with a network account?

    So I've had my Macbook for about two years now, and up until now the only account I've had is the one I initially set up for myself. This year for school I had to set up my computer so that I could log into it via a network account. This required me to rename the computer, install an approved school antivirus (kinda unnecessary on a Mac, but whatever), and then set up a new account on my computer, which when connected to the college network, I would be able to log in to. So my problem is that even though I set up that new account as an administrator account, I cannot access any of the files on my original account. So when, for example, I want to run Parallels because the college's printer drivers are not Mac compatible and I want to be able to run the Virtual Machine I already have set up on my other account so that I can install them... It doesn't have access to that virtual machine. I can't find my original Window's OS disk, so I would much rather just port over the Virtual Machine I already have than to buy it again. Does anyone know how to access my original account from a network account?

    There are instructions for setting up home sharing on this page : http://support.apple.com/kb/HT4620
    If you want to copy your content onto another computer then see this page : http://support.apple.com/kb/HT4527

  • Calendar sync broken for Google Apps accounts

    The Calendar no longer syncs with my Google Apps account; not in either direction.  It pops up the sync notification and reports success, but nothing changes.  I tried removing and adding the account.  This actually broke in 1.2.1, but by the time I noticed, I assumed a fix was around the corner.  1.3.1 didn't help.  I even created a brand new test account using the newly enhanced support for Google Apps.  Mail and contacts work fine, but the calendar won't budge.  Palm, I can give you the test account to play with if you'd like.
    My standard Gmail account calendar syncs just fine.  Saw the troubleshooting for standard account calendars and tried playing with the invitation options in my Apps account to no avail.
    Post relates to: Pre p100eww (Sprint)

    #1 is good already.  I tried changing the other differences: Default View was month, Location had my zip code, Automatically Add Invitations was set to Yes.
    #2 using network settings correctly had me in Central, but it said Regina, Canada.  Changed it to Chicago and rebooted, but I'm still not syncing either way on my account nor the test account.
    Here's the really odd thing.  My Pre has all four of your entires on the test account from the 3rd and 4th.  I just tried creating entries for the test account from both my Pre and desktop, and I'm not seeing any syncing.  I've forced it about five times over the past 20 minutes.
    Sounds like we're down to it either being homebrew's fault or something stuck in my launch day profile that would survive a wipe.  I wiped my phone under 1.3.1 to undo a lot of homebrew cruft, but I still can't say I ever tested this in a virgin state.  Enh.  Go ahead and close the ticket.  My workaround is fine with me.  Feel free to keep using the test account for other stuff if you want.

  • "default interface" equivalent for SG300/500 switches?

    Can anyone tell me if there is an equivalent CLI command to reset an interface configuration to default?
    In IOS it is "default interface <interface>" which removes all configuration from that switch port. I don't seem to be able to find the same in the SG series CLI.
    Thanks,
    Rob

    Hello Rob,
    There isn't an equivalent command on the SG series switches, but I will be bringing it up as a feature request, because it would be quite useful.
    Until then the only way to reset a port would be to use all of the no versions of the commands, which I know can be a bit of a pain.
    Thank you for choosing Cisco,
    Christopher Ebert - Advanced Network Support Engineer
    Cisco Small Business Support Center
    *please rate helpful posts*

Maybe you are looking for

  • Driver for HP Photosmart 7510 for Mac OSX 10.8.4

    Hi All, I have an HP Photosmart printer and the drivers won't install on my new MacBookPro which has Mac OSX 10.8.4 I am unable to find any drivers on HP support for this OS. The drivers installed without any problems on my recent iMac which had OSX

  • Random restarts and freezes. Just upgraded my RAM trying to diagnose new RAM as the problem but they pass Rember test.

    Hey so I have been dealing with random reboots and computer freezes since upgrading my RAM. I also reinstalled my 10.8.2 at the same time I upgraded my RAM. I have a Mac Mini Mid 2011 with the OWC Data Doubler Kit and a Crucial M4 128GB Boot drive. M

  • Doesn't work for me. Please refund.

    Refund for this order please. Order number: AD013879714 Order date: Sunday, September 07, 2014 Status: Completed This product does not work for me. David Grove [email protected]

  • EMac problem

    Hello I own an Mac OSX 10.3.5 and there have been some things happening. I have an Ipod and i got the Sad Ipod icon so i sent it in under the warranty and got a new one. This happened a total of three times. So i figured it couldnt be the Ipod. Then

  • Excluding certain objects for automatic code inspection

    Greetings, We have turned on the automatic use of Code Inspector when releasing a transport.  In general, this works how we want.  None the less, there are certain programs that we want to exclude from being checked by Code Inspector.  Specifically,