3850 and BGP

Similar Messages

• Question about network statement in OSPF and BGP

  The network statements in OSPF and BGP can be used to advertise networks. But I'm not clear under what circumstances would make more sense to use network statements to advertise a network than by using other methods to have the network learned by other routers.
  Here is an example: assume I'm running BGP on router A. I want to advertise network 10.1.1.0/24 to other BGP peers. I have a OSPF route for this network. I can do 2 things: one is to use "network 10.1.1.0 mask 255.255.255.0", the other is to do "redistribute OSPF ... route-map OSPF-INTO-BGP", and create a prefix list to permit 10.1.1.0/24.
  Both would work to have this network learned by other BGP peers. But which is better for what purpose?
  Thanks a lot
  Gary

  Hi Gary,
  There is one little difference between the use of the two approaches - the route injected into BGP by using a network statement will carry an Origin attribute of IGP, whereas the route injected using redistribution will have an Origin attribute of Incomplete. Now, that is not a huge issue since you can always change that whatever value you desire both with the use of the network statement and redistribution. The important thing, however, is that in the BGP best path selection process, the Origin attribute comparison is fairly high up and will prefer a route with the attribute of IGP.
  Apart from that, there is absolutely no difference between using the network statement and using redistribution with a route-map that matches exactly on the same route that you would have specified with the network statement.
  I guess one advantage of using the redistribute approach is that it does not clutter up the BGP config. If you wish to add more routes, you simply add them to the prefix list so that you don't really touch the BGP config portion at all..
  Hope that helps - pls do remember to rate posts that help.
  Paresh

• EIGRP and BGP

  when EIGRP and BGP is flapping.
  which portion should I check to find out
  if it is flapping because of high traffic or low quality access lines?
  which should config should I check?
  thanks a lot

  Following links may help you
  http://www.cisco.com/en/US/tech/tk365/technologies_tech_note09186a0080094613.shtml
  http://www.cisco.com/en/US/tech/tk365/technologies_tech_note09186a008009478a.shtml

• MACSEC between 3850 and 4500-X (manual switch-switch mode)

  Hi all
  As per post title, a couple of questions:
  1) Will MACSec encryption work between the above switches (using 1Gig port on the 3850 and a 1Gig SFP on the 4500-X)?
  2) If so, what versions of software are required, and what is the minimum feature set (IP Base?)
  3) Any special modules required like 3750X?
  4) Will Etherchannel work with the above?
  5) Bonus question: will the above run over 2 EoMPLS carrier provided services?
  Thanks
  A

  Plug your speakers into the soundcard as usual.
  use the front mounted headphone socket on the fromt of the X-Fi I/O unit to connect your headset and set the control panel to automatically mute your speakers when the headset is connected. Your speakers will mute when the headset is plugged in and all you have to do is plug or unplug the headset at the front to switch modes!...Now please do not ask about doing the same with your mike connector!! see other thread by me!! p.s creative do ship a /4" to 3.5mmm adapter with the card.
  Hope I have understood your post
  AndyMessage Edited by slef2003 on 0-4-2006 03:54 AM

• 3850 and amount of BGP neighbours

  Hi ,
  Does anyone know if there is a recommended maximum amount of iBGP neighbors that a 3850 can handle?
  Thanks,
  Lee.                  

  The 3850 supports 24k routes and has 4GB of DRAM.
  I don't think you would run into any problems with too many iBGP neighbors but if you have a lot I would consider moving to a Route Reflector setup.
  Daniel Dib
  CCIE #37149
  Please rate helpful posts.

• Converged Access Design Help (Catalyst 3850 and WLC 5508...Mobility Oracle)

  Hello,
  I am an engineer working with a Cisco Gold Partner in Saudi Arabia. We have a large university as our client where they are constructing a new
  building and require our services to build the network infrastructure. Therefore, we are to implement the routing and switching infrastructure as
  well as the Wireless solution.
  At present, I have no issues in implementing the R&S infrastructure as it is very straight forward but it has implications on the deployment of
  the wireless solution which I explain further below. The R&S infrastructure comprises of the typical Core, Distribution, and Access layers and we
  are focusing on the local distribution and access switches with regards to the new building. The client has a converged Layer 3 network spanning
  from distribution layer to core layer and they are running EIGRP for this convergence. This is not a problem and has already been implemented.
  Yet, the challenge arises in deploying the WLAN infrastructure. The client already has a Cisco WLAN infrastructure in place where they have a
  large number of LAPs that are registered with their controllers in the Data Center. They have two WLC 5508 where one is the Primary and the other
  the Secondary. The local distribution switch to which the WLC are connected also is the gateway for the SVIs for the SSIDs that are configured on
  the controllers. This means that once the packets from the AP come in to the WLC, they are tagged with the correct VLAN and sent to the directly
  connected distribution switch which then routes it into the rest of the Layer 3 network. Interestingly, the WLC 5508 are running AireOS 7.6 and
  support the "New Mobility" feature. The two controllers have formed a Mobility Group (MG) between each other.
  Now, the new building will have two Catalyst 3850 switches installed where each one has a total of 40 AP licenses pre-installed and activated
  i.e. a total of 80 APs can be supported by the two switches. A total of 67 LAPs will be deployed in the new building which can be accommodated
  between the two switches and their integrated controller.
  Yet, based on my understanding and research about Converged Access is that, ideally, the Catalyst 3850 will only run the Mobility Agent (MA)
  feature while a central controller would provide the Mobility Controller (MC) service. unfortunately, there are not enough licenses on the
  existing WLC 5508 nor can we migrate the new licenses that will facilitate such a split deployment.
  This means that I would need to configure the two Catalyst 3850 as independent MC and form a MG between them. I have done this and tested this
  already and the mobility is working fine. But my concern is not about getting the Catalyst 3850 to work as this is simple but rather it is
  focused on creating a common Mobility Domain (MD) so that clients can roam from this new building to the rest of the campus while maintaining the
  state of their connections to the WLAN infrastructure.
  To make things more complicated, since the new building will have its own Layer 3 distribution switch and the Catalyst 3850 switches will connect
  to this distribution switch, it means that new VLANs and SVIs need to be created for the SSIDs broadcast in the new building. This means that new
  subnets need to be assigned to the SSIDs.
  As such, I have the following questions:
  Q1) If we create new SVIs for the SSIDs (same SSIDs names will be used in the new building as in the rest of the university campus) this means
  that new subnets will be assigned to these SSIDs. Now, I believe I have two options...one is to make the new Catalyst 3850s to be in the same MG
  as the existing WLC 5508 which then cater for Layer 3 client roaming or I have to treat this as a totally seperate WLAN network and follow on to
  the solution as per the next question. Please advise which is a better option?
  Q2) I could create separate MG i.e. the new building Catalyst 3850s can be in one MG and the existing controllers can be in another MG. I can
  then have one of the existing WLC 5508 (the primary one) to run the Mobility Oracle (MO) feature so as to create a single Mobility Domain (MD).
  Would this facilitate in Layer 3 client roaming and RRM for all the controllers in the same MD?
  Q3) If I do create a MD, how is this accomplished in such an environment since the documentation is severely limited in this regard?
  Please advise at your earliest. To assist further, I have attached a topology diagram which may aid in explaining the situation with more
  clarity. If these things are clarified, I will be better able to wrap my head around the technology and in turn service my clients better.
  Regards,
  Amir

  Hi Amir,
  Q1) If we create new SVIs for the SSIDs (same SSIDs names will be used in the new building as in the rest of the university campus) this means that new subnets will be assigned to these SSIDs. Now, I believe I have two options...one is to make the new Catalyst 3850s to be in the same MG as the existing WLC 5508 which then cater for Layer 3 client roaming or I have to treat this as a totally seperate WLAN network and follow on to the solution as per the next question. Please advise which is a better option?
  I would configure them in the same mobility group. Also configure same SPG for those two 3850 stacks if users are frequently roaming within these two buildings.
  Q2) I could create separate MG i.e. the new building Catalyst 3850s can be in one MG and the existing controllers can be in another MG. I can then have one of the existing WLC 5508 (the primary one) to run the Mobility Oracle (MO) feature so as to create a single Mobility Domain (MD). Would this facilitate in Layer 3 client roaming and RRM for all the controllers in the same MD?
  MO is not required (it is only for very large scale deployments)
  Q3) If I do create a MD, how is this accomplished in such an environment since the documentation is severely limited in this regard?
  Yes, documents are hard to find :(
  These notes may be useful to you based on my experience. I am running IOS-XE 3.6.1 in my production.
  http://mrncciew.com/2014/05/06/configuring-new-mobility/
  http://mrncciew.com/2013/12/14/3850ma-with-5760mc/
  HTH
  Rasika
  *** Pls rate all useful responses ****

• Cisco 3850 and Licences for WLC??

  Hello
  We have a client who needs a new switch which is capable of intervlan routing and also a WLC.
  I am thinking a 48 port 3850 with IP Base which gives intervlan routing and WLC support.
  However I am not sure if we need to purchase additional AP licences or whether they are built in?
  Cheers

  In 3850 WLC functionality, your switch stack could act as MA (Mobiity Agengt) or MC (Mobility Controller). AP license required for your 3850, only if it is acting as MC. (for MA you do not require any AP licenses). Max 50 AP can handle by given 3850 switch stack. For MC functionality minimum you required IPbase image. (not LANbase)
  So it is based on your design you need to purchase 3850 AP license. In your case if it is for a single switch where client want WLC functionality (with no other controller available) then you have to go with AP license depend on how many AP they want to deploy.
  BRKCRS-2889 CiscoLive material will give you good overview of this new Converged Access Deployment model & MA/MC functionalilty & few design options.
  HTH
  Rasika
  **** Pls rate all useful responses ****

• Unable to fully form trunks between 3850 and 4503-E switches

  Hi all,
  This last weekend I tried to replace a stack of 3750G's with a stack of new 3850's.
  The stack of switches has 2 fibre uplinks to the core switches (4503-E).
  It didn't go well, and I had to revert the project.
  The stack was all pre-configured in the workshop but could not be tested  on the live LAN. When I connected it , I first connected up 1 of  the 2 uplinks. The link went to UP status, and I could see the remote core switch via CDP,  but it would not learn the VLANs (VTP was setup correctly), and looking  at the port on the switch, it flashed green, went solid green, then  flashed amber slowly. This cycled continuously, whilst the link status remained up and no errors were logged by either switch.
  I debugged spanning-tree but nothing stood out. I tried a replacement SFP, and a different slot but no difference.
  I re-connected one of the old 3750's and immediately the link came up stable, and everything was fine.
  I then erased the config on the new stack, and simply set the fibre port as  trunk, with udld enabled (matching the remote end) (neither switch  supports ISL, so the trunk is dot1q). The same issue persisted.
  Last night I spent a few hours in the office investigating.  I grabbed a spare 3560G from the store, configured a fibre port as a trunk, and connected this to the 3850's, and this worked fine.  I then provisioned a new fibre port on the core 4503-E and connected this up using brand new fibre tails, but had exactly the same issues as described above.
  The switches were running cat3k_caa-iosd-universalk9.SPA.150-1.EX3, and I have upgraded them to cat3k_caa-universalk9.SPA.03.03.01.SE.150-1.EZ1.bin as part of my troubleshooting but this has not made a difference.
  Does anyone have any advice? I am starting to wish I spec'd 3750X's instead!!
  Thanks

  Tim,
  From the 3850 install guide
  http://www.cisco.com/c/en/us/td/docs/switches/lan/catalyst3850/hardware/installation/guide/3850_hig/HIGOVERV.html#wp1263129
  Table 1-13 NETWORK MODULE LEDs
  Color
  NETWORK MODULE Link Status
  Off
  Link is off.
  Green
  Link is on, no activity.
  Blinking green
  Activity on a link, no faults.
  Note The LED will blink green even if there is very little control traffic.
  Blinking amber
  Link is off due to a fault or because it has exceeded a limit set in the switch software.
  Caution Link faults occur when noncompliant cabling is connected to an SFP or SFP+ port. Use only standard-compliant cabling to connect to Cisco SFP and SFP+ ports. You must remove from the network any cable or device that causes a link fault.
  Amber
  Link for the SFP or SFP+ has been disabled.
  What kind of SFPs are in the 3850
  What kind if GBICs are in the 4500
  What is the spec of your fibre cable & patches
  Regards,
  Alex.
  Please rate useful posts.

• Best Practice Two ISPs and BGP

  Hello Experts.
  I was wanting to hear opinions for the best way to setup two ISR4431's with two 2960x's and two ASA firewalls.
  My current design is:
  ISP1 router -> ISR4431-A ->{2960x pair} -> ASA-A
  ISP2 router -> ISR4431-B ->{2960x pair} -> ASA-B
  Currently using public BGP and HSRP on the inside with an SLA monitor to a public IP.
  If HSRP is the best way to accomplish this, how do i solve these two problems or is there a better design? (The two 4431's are not connected to each other currently.)
  -Least Cost routing (i guess that is what its called) - I want to visit a website that is located on ISP2's network (or close to it), but HSRP currently has ISP1 as active. If i go out ISP1 it may go around the country or 10 hops before it hit a site that is 4 hops away on the other ISP.
  -Assymetric routing - i think that is where a reply comes in the non-active ISP - how do i prevent that.
  I am really just looking for design advice about the best way to use this hardware to create as much redundancy as possible and best performance possible. If you could just share your opinion of "I would use ____" or give me a stamp of reassurance on the above design and any opinion on the two problems.
  Thanks for the time!

  Hi,
  If you are running BGP with the service provides, you need an IBGP link between the 2 ISR-4431 routers.  If for example you want traffic to go out using sp-1 and come back using the same provider you need to us AS path prepending, so sp-2 sees a longer path to your network  and so traffic goes out and comes back through the same provider.  In this case you use sp-2 as backup link, if not you can be dealing with Asymmetric routing. In addition, for HSRP/VRRP to work both routers should be connecting to the set of  2960x switches. You can simply stack the 2960x switches so they logically look as one device. The same should go for the firewalls. They should connect to the switch stack.
  HTH

• Connectivity between 3850 and wireless radio controller

  We are connecting a remote warehouse to corporate office through wireless radio controllers. we connected corporate office controller to a 3750 and configured the port as trunk. we connected the remote controller to a new 3850 switch. we are unable to ping radio controllers or switches. Any help would be greatly appreciated.

  Interface is showing up up.
  LAN-B55-F3-R325-SW01#sh int g1/0/1
  GigabitEthernet1/0/1 is up, line protocol is up (connected)
    Hardware is Gigabit Ethernet, address is d48c.b596.c501 (bia d48c.b596.c501)
    Description: *** Connection to Radio Controller ***
    MTU 1500 bytes, BW 100000 Kbit/sec, DLY 100 usec,
       reliability 255/255, txload 1/255, rxload 1/255
    Encapsulation ARPA, loopback not set
    Keepalive set (10 sec)
    Full-duplex, 100Mb/s, media type is 10/100/1000BaseTX
    input flow-control is off, output flow-control is unsupported
    ARP type: ARPA, ARP Timeout 04:00:00
    Last input 00:00:00, output 00:00:00, output hang never
    Last clearing of "show interface" counters never
    Input queue: 0/75/0/0 (size/max/drops/flushes); Total output drops: 363
    Queueing strategy: fifo
    Output queue: 0/40 (size/max)
    5 minute input rate 10000 bits/sec, 18 packets/sec
    5 minute output rate 86000 bits/sec, 135 packets/sec
       514671015 packets input, 73497025643 bytes, 0 no buffer
       Received 1085394 broadcasts (366403 multicasts)
       0 runts, 2 giants, 0 throttles
       1 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored
       0 watchdog, 366403 multicast, 0 pause input
       0 input packets with dribble condition detected
       612703588 packets output, 91643874369 bytes, 0 underruns
       0 output errors, 0 collisions, 3 interface resets
       0 unknown protocol drops
       0 babbles, 0 late collision, 0 deferred
       0 lost carrier, 0 no carrier, 0 pause output
       0 output buffer failures, 0 output buffers swapped out
  LAN-B55-F3-R325-SW01#

• Direct Connect OSPF and BGP AWS failover setup

  Hi,
  We recently installed AWS Direct Connect which was successful but now we are looking at the best way to  automatically fail over if our Direct Connect fails to route via our back VPN.
  The setup
  Cisco 6500 distributes routes via OSPF internally to all production environments with one area set.
  A second Cisco 2901 was installed to support the AWS Direct Connect which uses BGP with a single ASN. This router is connected to the Cisco 6500 and now within the OSPF area.  Static routes exist to the Cisco 2901 currently which unless we physically detach from the network fail over wont work.
  What we want to achieve
  The Cisco 2901 Direct Connect to be the default AWS route until we have a link issue or alike and dynamically fail over to our VPN via the firewall to AWS.  What we are confused is do we advertise these BGP routes within OSPF or should we setup BGP on the Cisco 6500? 
  I appreciate your time.

  Hi,
  We recently installed AWS Direct Connect which was successful but now we are looking at the best way to  automatically fail over if our Direct Connect fails to route via our back VPN.
  The setup
  Cisco 6500 distributes routes via OSPF internally to all production environments with one area set.
  A second Cisco 2901 was installed to support the AWS Direct Connect which uses BGP with a single ASN. This router is connected to the Cisco 6500 and now within the OSPF area.  Static routes exist to the Cisco 2901 currently which unless we physically detach from the network fail over wont work.
  What we want to achieve
  The Cisco 2901 Direct Connect to be the default AWS route until we have a link issue or alike and dynamically fail over to our VPN via the firewall to AWS.  What we are confused is do we advertise these BGP routes within OSPF or should we setup BGP on the Cisco 6500? 
  I appreciate your time.

• IMovie CoreData: error(3850) and dump

  hello to all,
  after many time using OS Snow Leopard Pro, I decided to update my Mac Book Pro to Mavericks and conseguently I have the new iMovie 10.0.3 installed.
  Following you can find the HW and SW information.
  Hardware Information:
            MacBook Pro (13-inch, Mid 2010)
            MacBook Pro - model: MacBookPro7,1
            1 2.4 GHz Intel Core 2 Duo CPU: 2 cores
            8 GB RAM
  System Software:
            OS X 10.9.2 (13C1021)
  The problem is:
  the continue stop (multicolor roller) on workin with the new iMovie 10.0.3.
  Looking in the console there are many of the following messages:
  02/05/14 16:59:55,278 iMovie[31888]: CoreData: error: (3850) I/O error for database at /Users/giovanni/Movies/Libreria iMovie.imovielibrary/ Filmati finalizzati/CurrentVersion.imovieevent.  SQLite error code:3850, 'not an error' errno:9
  There are also in, Diagnostic Report, many iMovie dumps. If it is necessary I can add, one of them, to the discussion.
  Many thanks in advance to who can help me

  Hi,
  seems that I have to pray!!
  I followed step by step all suggestions. and NO SUCCESS.
  Seems to work better with a different account but in console log there are the same messages.
  START of iMOVIE
  05/05/14 12:33:46,658 iMovie[3063]: Could not find image named '7F966C8D-418D-4C52-AEFB-2D79E62891BF'.
  05/05/14 12:33:46,658 iMovie[3063]: Could not find image named '41D5459D-E1BC-42EB-98D0-4D869675F009'.
  05/05/14 12:33:46,659 iMovie[3063]: Could not find image named '5924A8AF-43E5-4311-94CA-8E074F69A928'.
  05/05/14 12:33:47,242 librariand[2819]: ubiquity account is not configured (or is disabled for this client), not creating collection
  05/05/14 12:33:47,242 librariand[2819]: error in _handle_client_request: LibrarianErrorDomain/10/Unable to configure the collection.
  05/05/14 12:33:47,242 librariand[2819]: error in check_request_path: LibrarianErrorDomain/2/request does not include 'Path' key
  05/05/14 12:34:04,125 iMovie[3063]: CoreAnimation: warning, deleted thread with uncommitted CATransaction; set CA_DEBUG_TRANSACTIONS=1 in environment to log backtraces. This is different
  and then
  05/05/14 12:57:26,499 iMovie[3063]: CGSSetWindowAlpha: Invalid window 0x112
  05/05/14 13:06:52,000 kernel[0]: process iMovie[3063] caught causing excessive wakeups. Observed wakeups rate (per sec): 2736; Maximum permitted wakeups rate (per sec): 150; Observation period: 300 seconds; Task lifetime number of wakeups: 305330
  05/05/14 13:06:52,254 ReportCrash[6512]: Invoking spindump for pid=3063 wakeups_rate=2736 duration=17 because of excessive wakeups
  05/05/14 13:06:54,085 spindump[6513]: Saved wakeups_resource.spin report for iMovie version 10.0.3 (245586) to /Library/Logs/DiagnosticReports/iMovie_2014-05-05-130654_MacBook-Pro-di-Giovann i-Bruno.wakeups_resource.spin
  I tryed also with an Mac alweys with OS Mavericks and iMovie give the same error.
  So, I suppose to be an iMovie problem
  I upgrade the system from Slow Leopard Pro to Maverick.
  What I can do is reinstall the new OS Maverick starting from zero
  Many thanks to Apple
  Giovanni

• New ARIN Block Transition and BGP Setup

  Hello all,
  First post on the forum so I bear with me.  I am still young in my carrier and have not worked with BGP on a professional level.
  We received a new IP Address block from ARIN and need to transition to it.  The boss does not want to do a hard cut over but a phased migration instead.  I need to know if this is possible and any configuration guides that might be handy.
  Our current IP block is a /26 given to us by our ISP routing protocols are all handed by them we just use gateway of last resort/static routing.
  Is it possible to use the same physical link but use sub-interfaces in order to keep our current setup but allow for setup of BGP and the new ARIN block over the same physical interface up to the ISP?
  Has anyone transitioned this way before? Or know of any guides that might help me out in the configuration of something like this.  We are still in the planing phase and I just need to know if this is a viable solution or do we get another ISP (which is going to happen anyway eventually) and migrate over external services that way.
  Thank you,
  Jon

  Jon
  Am I correct in understanding that you have a single router connecting to a single ISP for Internet connectivity? And that the ISP handles routing to you and you have static routes pointing to the ISP? And that you now have been assigned your own block of addresses?
  If I have understood correctly then I will suggest to you that you may not need to use BGP as you implement the new address block. I would suggest that you could use this approach:
  - configure the new address block inside your network. Ask your ISP to route to these addresses over the existing connection (the ISP should be able to establish a static route for this block in their routing logic).
  - your ISP might ask you to advertise the address block to them. In that case you may need to run a dynamic routing protocol between your router and the ISP. Ask the ISP what routing protocol they support. BGP is probably one alternative but the ISP may have other routing protocols that they support for customer connections.
  HTH
  Rick

• MIB and BGP peer (BGP4-MIB::bgpPeerRemoteAddr)

  Hello,
  We're using NAGIOS to monitor the networks of our customers.
  We're using BGPv4 and vrf lite on many of those networks.
  On every remote routers, we have multiple bgp peer sessions facing two ASR-1002F backbone routers (GRT and VRFs...).
  I'd like to know if there's a way to monitor all bgp sessions, on a remote router, without having to enter the ip addresses of all neighbors....
  I'm wondering whether or not I can use the "bgpPeerState" state to monitor the status of these bgp peer sessions?
  Someone got an idea?
  Thanks in advance,
  BRGs
  /* Style Definitions */
  table.MsoNormalTable
  {mso-style-name:"Tableau Normal";
  mso-tstyle-rowband-size:0;
  mso-tstyle-colband-size:0;
  mso-style-noshow:yes;
  mso-style-priority:99;
  mso-style-qformat:yes;
  mso-style-parent:"";
  mso-padding-alt:0cm 5.4pt 0cm 5.4pt;
  mso-para-margin:0cm;
  mso-para-margin-bottom:.0001pt;
  mso-pagination:widow-orphan;
  font-size:11.0pt;
  font-family:"Calibri","sans-serif";
  mso-ascii-font-family:Calibri;
  mso-ascii-theme-font:minor-latin;
  mso-fareast-font-family:Calibri;
  mso-fareast-theme-font:minor-latin;
  mso-hansi-font-family:Calibri;
  mso-hansi-theme-font:minor-latin;
  mso-bidi-font-family:"Times New Roman";
  mso-bidi-theme-font:minor-bidi;
  mso-fareast-language:EN-US;}
  xxxxx@NOC-SV-PL-SUP01:/usr/local/nagios/libexec$ snmpwalk -v 2c -c TESTRO 172.27.20.119 BGP4-MIB::bgpPeerRemoteAddr     
  BGP4-MIB::bgpPeerRemoteAddr.10.40.3.25 = IpAddress: 10.40.3.25
  BGP4-MIB::bgpPeerRemoteAddr.10.40.3.29 = IpAddress: 10.40.3.29
  BGP4-MIB::bgpPeerRemoteAddr.10.40.8.153 = IpAddress: 10.40.8.153
  BGP4-MIB::bgpPeerRemoteAddr.10.40.8.157 = IpAddress: 10.40.8.157
  BGP4-MIB::bgpPeerRemoteAddr.172.25.3.17 = IpAddress: 172.25.3.17
  BGP4-MIB::bgpPeerRemoteAddr.172.25.3.18 = IpAddress: 172.25.3.18
  nsoc-iec@NOC-SV-PL-SUP01:/usr/local/nagios/libexec$ snmpwalk -v 2c -c TESTRO 172.27.20.119 BGP4-MIB::bgpPeerState.10.40.3.25
  BGP4-MIB::bgpPeerState.10.40.3.25 = INTEGER: established(6)

  Hello Joseph,
  Thanks for your answer.
  We've been testing some scripts and it's now working!
  We use the bgpPeerRemoteAddrMIB to get our ip @ and then we log any change in bgpPeerStateper ip@...
  An alarm is on when we have an IDLE state....
  Warning for the other BGP states
  OK for established.
  Regards
  Katy Desrosiers

• ASR Zones and BGP

  We're designing a second datacenter and are looking at routers for both our MPLS network and our Internet edge. In our current datacenter we have 4x3945e routers, two on the MPLS networks and two on the Internet edge networks. Since we're going to have a 1GB link between the two datacenters, I started looking at the ASR platform for it's impressive throughput compared to the 3945e.
  I noticed the Enterprise Applications feature supports zone-based policy firewall, which seems appealing. Given the raw power of the ASR and the ability to support zones, it seems one router could handle both the external Internet access and the MPLS traffic, each residing on it's own zone.
  Considering the ASR 1001x, my two questions are
  Is my assumption correct or would the above be a security concern?
  Can each zone support a different BGP AS number?
  Thank you,
  Denny

  From within the zone, you can see what pool you're bound to by simply using
  the -q argument to poolbind(1M) with a valid pid, such as "poolbind -q $$".
  Alternatively, you can use the pooladm(1M) command with no arguments.
  Note that if you don't have pools active, this will result in a "Facility is not active"
  message but otherwise you'll see the details about the pool this zone is bound
  to.
  From the global zone, you can see the actual pool the zone is currently bound
  by doing something like "zlogin myzone 'poolbind -q $$'". And you can see
  which pool the zone will attempt to bind to the next time it reboots by using
  the "zonecfg -z myzone info pool" command.
  Does this help?