BGP As-set
Hi all,
My topology is very simple
R1 ------------------------- R2 ------------------------R3 -------------------------- R4
R1 is advertising 3 subnets. 192.168.1.0/24, 192.168.2.0/24, 192.168.3.0/24. All routers are in separate AS (1,2,3,4 respectively). Performing aggregation on R3
R3
router bgp 3
aggregate-address 192.168.0.0 255.255.0.0 summary-only
on R4
R4#show ip bgp 192.168.0.0 255.255.0.0
BGP routing table entry for 192.168.0.0/16, version 39
Paths: (1 available, best #1, table Default-IP-Routing-Table)
Flag: 0x820
Not advertised to any peer
3, (aggregated by 3 3.3.3.3)
10.1.34.3 from 10.1.34.3 (3.3.3.3)
Origin IGP, metric 0, localpref 100, valid, external, atomic-aggregate, best
Now on R3 if i use the keyword as-set, it removes the bolded atomic-aggregate, like below
R3
aggregate-address 192.168.0.0 255.255.0.0 as-set summary-only
on R4
BGP routing table entry for 192.168.0.0/16, version 40
Paths: (1 available, best #1, table Default-IP-Routing-Table)
Flag: 0x820
Not advertised to any peer
3 2 1, (aggregated by 3 3.3.3.3)
10.1.34.3 from 10.1.34.3 (3.3.3.3)
Origin IGP, metric 0, localpref 100, valid, external, best (its gone)
R4#
Is this normal behavior ?
Yes it is. Seeing the atomic-aggregate indicates to the receiving router that there are more AS's behind the one that's advertised it. If you'll notice that R3 has set itself as the only AS in the path and advertised that to R4. R4 sees it, but it only knows about R3. When you set as-set on the summary, it tells R3 to not aggregate all AS'es behind it, but instead pass the complete as-path to the upstream neighbor.
R4#show ip bgp 192.168.0.0 255.255.0.0
BGP routing table entry for 192.168.0.0/16, version 39
Paths: (1 available, best #1, table Default-IP-Routing-Table)
Flag: 0x820
Not advertised to any peer
3, (aggregated by 3 3.3.3.3)
10.1.34.3 from 10.1.34.3 (3.3.3.3)
Origin IGP, metric 0, localpref 100, valid, external, atomic-aggregate, best
R3
aggregate-address 192.168.0.0 255.255.0.0 as-set summary-only
on R4
BGP routing table entry for 192.168.0.0/16, version 40
Paths: (1 available, best #1, table Default-IP-Routing-Table)
Flag: 0x820
Not advertised to any peer
3 2 1, (aggregated by 3 3.3.3.3)
10.1.34.3 from 10.1.34.3 (3.3.3.3)
Origin IGP, metric 0, localpref 100, valid, external, best (its gone)
R4#
HTH,
John
*** Please rate all useful posts ***
Similar Messages
-
Hi,
I want to load share traffic for my two network segments. I have two routers with each internet circuit running BGP with two different ISPs(ISP- A & ISP-B). Also running IBGP between two routers. Since i have two /24 segments(not provided by ISP) so i want one segment to prefer via ISP A & other segment to prefer via ISP B. I have configured EBGP & IBGP and configured AS-path prepend but i see some asymmetric behaviour. Source traffic which prefer via ISP -A is going via it but incoming traffic is via ISP-B.
Pls suggest how this asymmetric behaviour could be fixed.Hi. Pls see below config. I have ASA configured with ip x.x.x.5 so while tracing from firewall to another location public ip(USA) trace goes to router-A via ISP-A. But when do trace from USA to ASA it goes through ISP-B.
Router-A#
router bgp 132965
bgp log-neighbor-changes
neighbor 14.140.191.181 remote-as 4755 --- ISP- A
neighbor X.X.X.18 remote-as 132965 ---- IBGP
address-family ipv4
network X.X.X.0 mask 255.255.255.0
network Y.Y.Y.0 mask 255.255.255.0
neighbor 14.140.191.181 activate
neighbor 14.140.191.181 soft-reconfiguration inbound
neighbor 14.140.191.181 route-map BGP-add out
neighbor 14.140.191.181 maximum-prefix 1000 1
neighbor X.X.X.18 activate
neighbor X.X.X.18 next-hop-self
neighbor X.X.X.18 soft-reconfiguration inbound
exit-address-family
ip route X.X.X.0 255.255.255.0 Null0 254
ip route Y.Y.Y.0 255.255.255.0 X.X.X.5 name DMZ
ip prefix-list BGP-236 seq 5 permit X.X.X.0/24
ip prefix-list BGP-237 seq 5 permit Y.Y.Y.0/24
route-map BGP-add permit 5
match ip address prefix-list BGP-236
route-map BGP-add permit 10
match ip address prefix-list BGP-237
set as-path prepend 132965 132965 132965 132965
===========================================================
Router-B#
router bgp 132965
bgp log-neighbor-changes
redistribute connected
network X.X.X.0 mask 255.255.255.0
network Y.Y.Y.0 mask 255.255.255.0
neighbor X.X.X.17 remote-as 132965 --- IBGP
neighbor X.X.X.17 next-hop-self
neighbor X.X.X.17 soft-reconfiguration inbound
neighbor 125.19.48.121 remote-as 9498 --- ISP-B
neighbor 125.19.48.121 soft-reconfiguration inbound
neighbor 125.19.48.121 route-map BGP-bhar out
neighbor 125.19.48.121 maximum-prefix 1000 1
ip route Y.Y.Y.0 255.255.255.0 X.X.X.5 name DMZ
ip prefix-list BGP-236 seq 5 permit X.X.X.0/24
ip prefix-list BGP-237 seq 5 permit Y.Y.Y.0/24
route-map BGP-bhar permit 5
match ip address prefix-list BGP-237
route-map BGP-bhar permit 10
match ip address prefix-list BGP-236
set as-path prepend 132965 132965 132965 132965 -
Hi,
I'm trying some configurations MPLS-TE with PBR in 7600 with SRC3 code and has not been able to make it work.
I have tried CBTS and regular autoroute tunnels and they work fine but not a regular mpls-te with PBR.
I've been following sample configurations and still not been able to make it work.
The lab has the following setup:
CE1->PE1->P->PE2->CE2
The configuration at PE1 looks like this:
interface GigaEthernet2/1
description Connection to CE1
ip vrf forwarding test
ip address 10.1.1.1 255.255.255.252
ip policy route-map PBR_in
interface Tunnel105
description MPLS-TE Test
ip unnumbered Loopback0
mpls ip !<-- also have tried without mpls
tunnel destination 172.16.100.22
tunnel mode mpls traffic-eng
tunnel mpls traffic-eng priority 3 3
tunnel mpls traffic-eng bandwidth sub-pool 250
tunnel mpls traffic-eng affinity 0x0 mask 0x0
tunnel mpls traffic-eng path-option 1000 dynamic
no routing dynamic
route-map PBR_in permit 10
match ip address CE_Loops
set mpls-label !<-- also have tried without this
set interface Tunnel105 !<-- also have tried set ip next-hop <remote-loop>
route-map PBR_in permit 100
ip access-list extended CE_Loops
10 permit ip host 1.1.1.1 host 2.2.2.2
20 permit ip host 2.2.2.2 host 1.1.1.1
And I can see the counters of Tunnel 105 going up but no response, nor any debugging related to it.
sh int tun 104
Tunnel transmit bandwidth 8000 (kbps)
Tunnel receive bandwidth 8000 (kbps)
Last input never, output 00:00:05, output hang never
Last clearing of "show interface" counters never
Input queue: 0/75/0/0 (size/max/drops/flushes); Total output drops: 0
Queueing strategy: fifo
Output queue: 0/0 (size/max)
5 minute input rate 0 bits/sec, 0 packets/sec
5 minute output rate 0 bits/sec, 0 packets/sec
0 packets input, 0 bytes, 0 no buffer
Received 0 broadcasts, 0 runts, 0 giants, 0 throttles
0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored, 0 abort
2364 packets output, 168564 bytes, 0 underruns
0 output errors, 0 collisions, 0 interface resets
0 unknown protocol drops
0 unknown protocol drops
0 output buffer failures, 0 output buffers swapped out
I have done "debug mpls packet" and but I can't see anything related to labels going on.
What am I missing? Is MPLS-TE with PBR really possible? How does it apply labels to the PBR packets?
WilliamHi Shivlu,
To have a dedicated tunnel per VPN:
1- Static routes in the VRF should work by specifying only the tunnel interface as the outgoing interface (no next-hop).
2- Another solution can be to change the BGP NH for each VPN:
- You have two VPNs configured on PE1 and PE2
- You have two TE tunnels T1 and T2 between PE1 and PE2. PE1 is the head-end
- BGP is build over Loopback0 IP addresses as usual
The idea is to create two new loopbacks one PE2 (L1 and L2) and to configure PE2 to use those loopbacks as BGP NH:
ip vrf VPN1
bgp next-hop loopback 1
ip vrf VPN2
bgp next-hop loopback 2
Now PE1 will receive VPNv4 updates from PE2 with BGP NH set to L1 for VPN1 and L2 for VPN2
on PE1 just add two static route so each loopback will be reachable via two different TE tunnels:
ip route L1/32 T1
ip route L2/32 T2
If you have other PEs with sites connected to these VPNS as well and you are not using TE tunnels, you need to redistribute L1 and L2 into the IGP so those other PEs will have a LSP to PE2 as well.
I agree if PBR could be aware of the interface in the GRT, it would be an easier solution.
Thanks
Laurent. -
Dual MPLS connection to one WAAS with inlinecard
Hi all,
Is it posible to use one Cisco WAAS with dual inlineports connected to two PTT routers?
Both PTT routers is active and load balacing with BGP wth local L3 switches.
Or is it a most to use WCCP?
JanHi Jan,
Just because I've previously ran into problems, because WAAS obfuscates sequence numbers.
On newer (greenfield) implementations of WAAS, BGP is set to pass-through as default.
From this link : http://www.cisco.com/c/en/us/td/docs/app_ntwk_services/waas/waas/v511/configuration/guide/cnfg/apx_apps.html
If the policies is migrated from a WAAS Central manager running versions earlier than 4.4, the default was LS+TFO+DRE - from 4.3.x the default changed to Pass-Through.
Best Regards
Finn Poulsen -
Is there a way to protect a network from the malicious use of ICMP without breaking PathMTU or disabling ping and traceroute? I usually do not add the no ip unreachables command on interfaces within my inside network but do have it on all of my interfaces on the internet facing routers. I already have an infrastructure ACL on my BGP interface set to deny all icmp packets but that is applied in the IN direction only. I'm doing a review of the config in preperation for routine maintenance and looking for some ideas.
Hi,
You might want to try Zone Base Firewall and only allow ICMP which ever are generated within the network.
HTH,
Smitesh
Please rate helpful posts... -
BGP, VRF and PBR ("set vrf")
Hi networkers!
Requirements:
- 2 locations (OFFICE, DC) in the same town
- each having two active WAN connections (carrying individual routing domains): The default Any2Any WAN (where several other locations are connected to) and a client specific MC WAN.
- There is a high speed "metro" connection between the locations
- Targets of MC WAN must only be available from a dedicated "MC LAN" network segment
- The default route of "MC LAN" is into Any2Any. Some specific routes coming from MC WAN will overrule A2A routes
- By default, all locally generated traffic should leave into the local WAN links
- In case of a local fault, the locally generated traffic should go via "metro" link into the remote WAN links.
- Traffic between office and DC has to use the metro link.
Hardware: Cat 4500X in VSS configuration at both locations acting as router.
The challenge is with the "MC LAN" that should be fully integrated into A2A routing (communicating locally with devices in other LAN segments and remotely with other sites) but it should also communicate with some special targets of the MC WAN that all other LAN segments must not see.
The general solution that I found is to set the "MC LAN segment" into the GRT but apply "ip vrf receive VRF_MC" and "set vrf VRF_MC" as PBR for targets that should be reached via MC-WAN. It is makes me a little unhappy, that I have to configure a static PBR "routing" because the MC routes are already available by BGP within VRF_MC. But I have tested several other solutions (route leackage e.g.). But they did not work (route leakage for example is not possible on-device between VLANs but only between physical ports).
I put in here only the OFFICE part of the configuration. At the DC there is no "MC LAN" only "MC WAN" which is fully isolated by VRF.
We create two transfer networks at each side. One for the Metro and one for the WAN and start BGP sessions with the neighbors. Failover is guaranteed by longer AS-PATH:
vrf definition VRF_MC
description MC routing domain
rd 65500:1
address-family ipv4
exit-address-family
interface Vlan3
description MC Office
ip vrf receive VRF_MC
ip address 1.40.1.1 255.255.255.0
no ip redirects
no ip proxy-arp
ip policy route-map MC_PBR_VRF
interface Vlan30
description WAN A2A transfer (partner 2.2.2.18 // remote-as 65293 - local AS 65502)
ip address 2.2.2.21 255.255.255.240
interface Vlan31
description WAN MC(partner 2.2.2.50 // remote-as 65293 - local AS 65502)
vrf forwarding VRF_MC
ip address 2.2.2.53 255.255.255.240
interface Vlan34
description Metro A2A transfer (partner 3.3.3.69 remote-as 65503)
ip address 3.3.3.66 255.255.255.240
interface Vlan36
description Metro MC transfer (partner 3.3.3.85 remote-as 65503)
vrf forwarding VRF_MC
ip address 3.3.3.82 255.255.255.240
router bgp 65502
bgp always-compare-med
bgp log-neighbor-changes
network 1.40.1.0 mask 255.255.255.0 <-- MC LAN
network 1.1.192.0 mask 255.255.248.0 <-- other Office LAN segments below
network 1.1.200.0 mask 255.255.248.0
network 1.1.208.0 mask 255.255.248.0
neighbor 2.2.2.18 remote-as 65293
neighbor 2.2.2.18 description to_A2A_WAN
neighbor 2.2.2.18 version 4
neighbor 2.2.2.18 remove-private-as
neighbor 2.2.2.18 soft-reconfiguration inbound
neighbor 2.2.2.18 prefix-list BGP_A2A_out out
neighbor 3.3.3.69 remote-as 65503
neighbor 3.3.3.69 description A2A_Metro_to_DC
neighbor 3.3.3.69 update-source Vlan34
neighbor 3.3.3.69 version 4
neighbor 3.3.3.69 soft-reconfiguration inbound
address-family ipv4 vrf VRF_MC
network 1.40.1.0 mask 255.255.255.0 <-- MC LAN
neighbor 2.2.2.50 remote-as 65293
neighbor 2.2.2.50 description to_MC_WAN
neighbor 2.2.2.50 version 4
neighbor 2.2.2.50 activate
neighbor 2.2.2.50 remove-private-as
neighbor 2.2.2.50 soft-reconfiguration inbound
neighbor 2.2.2.50 prefix-list BGP_MC_out out
neighbor 3.3.3.85 remote-as 65503
neighbor 3.3.3.85 description MC_Metro_to_DC
neighbor 3.3.3.85 update-source Vlan36
neighbor 3.3.3.85 activate
neighbor 3.3.3.85 soft-reconfiguration inbound
exit-address-family
route-map MC_PBR_VRF permit 10
match ip address MC_PBR_ROUTE
set vrf VRF_MC
! control BGP
ip prefix-list BGP_A2A_out seq 10 permit 1.1.192.0/21 le 32
ip prefix-list BGP_A2A_out seq 20 permit 1.1.200.0/21 le 32
ip prefix-list BGP_A2A_out seq 30 permit 1.1.208.0/21 le 32
ip prefix-list BGP_A2A_out seq 40 permit 1.40.1.0/24 le 32
! control BGP
ip prefix-list BGP_MC_out seq 10 permit 1.40.1.0/24 le 32
ip access-list extended MC_PBR_ROUTE
permit ip any 2.2.2.48 0.0.0.15
permit ip any 3.3.3.80 0.0.0.15
permit ip any 7.87.208.0 0.0.15.255
permit ip any 55.55.0.0 0.0.0.255
permit ip any host 93.93.93.93
That's all.
What is possible:
- traceroute into MC WAN from Office LAN router "traceroute vrf VRF_MC 55.55.0.83"
1 2.2.2.50 [AS 65276] 8 msec 0 msec 0 msec
2 10.10.21.189 [AS 65276] 4 msec 0 msec 4 msec
3 10.10.41.74 [AS 65276] 12 msec 8 msec 16 msec
- MC LAN is fully reachable from A2A WAN
- Metro link is used for backup and "city" traffic between office and DC.
What does not work:
- A device connected to MC LAN cannot reach any target in MC WAN. Example:
C:\Users\me>tracert -d 55.55.0.83
1 2 ms 1 ms 1 ms 2.2.2.53 <- IP local VLAN31 MC-WAN transfer net (belonging to VRF_MC)
2 <1 ms <1 ms <1 ms 2.2.2.18 <- jump back into the GTR (A2A WAN router IP)
3 1 ms 1 ms 1 ms 5.5.5.5 <- A2A WAN
What is missing?? Is my solution itself a no-go?
Additional question: There is a backup metro link with a smaller bandwidth that should be used only in case of main metro link is down. I installed a route-map to "set local-preference 20" for all routes received via this backup metro link. Is this the recommended way to implement such backup link.
Best regardsUse the route map as a noraml thing.
To match the all the ip address there should not be any match statement in the route map. -
Does editing a pre-fix set for bgp in IOS-XR cause a loss of network connectivity
Hi,
I have to edit an existing prefix-set for bpg in ios-xr. When I went to do it the first time it told me it would wipe the existing information so I aborted the change.
I have since read that you need to redo the whole list and add the new network you want.
For example.
existing
pre-fix set TEST
10.10.10.0/24,
11.11.11.0/24
new
pre-fix set TEST
10.10.10.0/24, 11.11.11.0/24, 12.12.12.0/24
1st) is the above correct?
2nd) when this is done will there be any drops in connectivity?
Thank you.1) It is correct, when you create the new prefix-set with the same name as the old one, it overwrites the old one. Meaning that, it wont "append" to the old config, it creates a new prefix-set from scratch
2) Depends on where are you referencing the prefix-set. For example, on BGP route-policy, there wont be any drop on BGP connectivity, you might even have to do a soft refresh in and out to refresh the advertised/filtered routes -
How does set metric-type internal (bgp) work?
i can't realise how the command "set metric-type internal " to work.
bgp announce to ebgp use the igp next-hop metric as the med.
the igp means only isis?
does ospf use it ?
will you tell me how to use it ? give me an example . thinksHi,
This command can be used into two different contexts:
1- Redistribution into ISIS
When you are redistributing routes into ISIS, you have the choice to set the metric-type as internal (between 0 and 64) or external (between 65 and 128)
Internal metric are always prefer over external metric
2- Set the MED to reflect IGP cost to the NH on eBGP updates
You are receiving an iBGP update and before sending it to your eBGP peers, you want the MED for that prefix set to your IGP cost to the iBGP peer announcing this prefix.
In this case the IGP can be anything.
This command is not necessary if you are redistributing the route into BGP directly instead of receiving them from iBGP. In such case, the MED reflects by default the IGP cost of the redistributed prefix.
HTH
Laurent. -
Load balance not happening in BGP
Dear Friends,
As per I know local BGP process may implement equal-cost load-balancing to the paths that:
Have the same set of path attributes up to the MED (weight, Local Preference, Origin, MED)
Are of the same type (both learned via iBGP or eBGP)
Have the same IGP cost to reach their NEXT_HOP IP address
If the above conditions are met andmaximum-paths [ibgp]is configured under the BGP process, BGP will install multiple equal-cost routes into the local RIB and use them for load-balancing. We call the above condition as load-balancing conditions for BGP.
As all the above criteria are matched still BGP is not doing load balance. Please find below routing table:
R1:
R1#sh ip bgp
BGP table version is 4, local router ID is 40.1.1.1
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,
r RIB-failure, S Stale
Origin codes: i - IGP, e - EGP, ? - incomplete
Network Next Hop Metric LocPrf Weight Path
*>i192.168.1.0 20.1.1.2 0 100 0 i
* i 30.1.1.1 0 100 0 i
R1#sh ip route
Gateway of last resort is not set
20.0.0.0/24 is subnetted, 1 subnets
R 20.1.1.0 [120/1] via 10.1.1.2, 00:00:03, FastEthernet0/0
40.0.0.0/24 is subnetted, 1 subnets
C 40.1.1.0 is directly connected, FastEthernet0/1
10.0.0.0/24 is subnetted, 1 subnets
C 10.1.1.0 is directly connected, FastEthernet0/0
B 192.168.1.0/24 [200/0] via 20.1.1.2, 00:12:01
30.0.0.0/24 is subnetted, 1 subnets
R 30.1.1.0 [120/1] via 40.1.1.2, 00:00:15, FastEthernet0/1
router bgp 100
no synchronization
bgp log-neighbor-changes
neighbor 10.1.1.2 remote-as 100
neighbor 40.1.1.2 remote-as 100
maximum-paths 2
no auto-summary
Please help....!!!!!!! why BGP is not load balancing here????
R1#traceroute 192.168.1.1
Type escape sequence to abort.
Tracing the route to 192.168.1.1
1 10.1.1.2 88 msec 60 msec 28 msec
2 20.1.1.2 104 msec 56 msec 120 msec
Regards,
SanjibDear Jon,
Thank you so much.
When I changed the configuration BGP is now loadbalancing. But in configuartion Max-path showing as 1 instead of 2.
R1#sh ip pro | sec bgp
Routing Protocol is "bgp 100"
Outgoing update filter list for all interfaces is not set
Incoming update filter list for all interfaces is not set
IGP synchronization is disabled
Automatic route summarization is disabled
Neighbor(s):
Address FiltIn FiltOut DistIn DistOut Weight RouteMap
12.1.1.2
13.1.1.3
Maximum path: 1
Routing Information Sources:
Gateway Distance Last Update
13.1.1.3 200 00:01:12
12.1.1.2 200 00:02:15
Distance: external 20 internal 200 local 200
Regards,
Sanjib -
With reference to cisco's document on BGP Best Path Selection Algorithm (http://www.cisco.com/c/en/us/support/docs/ip/border-gateway-protocol-bgp/13753-25.html).
Out of given 9 paths why 6th has been selected even though AS_PATH for 8th route is better.
Can anyone explains here, as this document has not considered the AS-PATH during path selection and used lowest ROUTER ID only.
Thanks in advance and expect technical explanation here.Hey Buddy
The AS_PATH for both is only 1, don't get confused by (AS_SET) which only counts as 1 no matter how many AS are in the set. Refer to section "How the Best Path Algorithm Works"
4.Prefer the path with the shortest AS_PATH.
Note: Be aware of these items:
◦An AS_SET counts as 1, no matter how many ASs are in the set.
So bearing the above in mind
Example: BGP Best Path Selection
Path6
(64955 65003) 65089 --- this equals 1
172.16.254.226 (metric 20645) from 10.57.255.11 (10.57.255.11)
Origin IGP, metric 0, localpref 100, valid, confed-external, best
Extended Community: RT:1100:1001
mpls labels in/out nolabel/362
!--- BGP selects this as the Best Path on comparing
!--- with all the other routes and selected based on lower router ID.
Path8
(65003) 65089 --- this equals 1
172.16.254.226 (metric 20645) from 172.16.254.234 (172.16.254.234)
Origin IGP, metric 0, localpref 100, valid, confed-external
Extended Community: RT:1100:1001
mpls labels in/out nolabel/362
Comparing path 6 with path 8:
Both paths have reachable next hops
Both paths have a WEIGHT of 0
Both paths have a LOCAL_PREF of 100
Both paths are learned
Both paths have AS_PATH length 1 --- because the (AS_SET) always equals 1
Both paths are of origin IGP
Both paths have the same neighbor AS, 65089, so comparing MED.
Both paths have a MED of 0
Both paths are confed-external
Both paths have an IGP metric to the NEXT_HOP of 20645
Path 6 is better than path 8 because it has a lower Router-ID.
Hope it helps (: -
How to prevent BGP code 6 (Cease) subcode 6 (Other Configuration Change)
Can anyone tell How to prevent BGP code 6 (Cease) subcode 6 (Other Configuration Change) ?
We are facing frequent problem with this error. Please suggest how to stop this....
Note :- We are using BGP VPN between this peers.
Logs :
Date/Time : 2015-04-30 00:49:40+05:30
State : Up
Date/Time : 2015-04-30 00:39:05+05:30
State : Down
Error Code : 6(CEASE)
Error Subcode : 6(Other Configuration Change)
Notification : Send Notification
Date/Time : 2015-04-29 18:22:11+05:30
State : Up
Date/Time : 2015-04-29 18:21:39+05:30
State : Down
Error Code : 6(CEASE)
Error Subcode : 6(Other Configuration Change)
Notification : Send Notificationon the same dates you mean the same request are posted in IT2001? ie both full days?
Please clarify
usually the Time collision checks are followed only via posting using report rptarqpost and not while applying through portal in ESS
This is very strange you indicate
SO you need to check the basic tables first
You may need to check the collision.
Collisions Tables V_T554Y and V_554Y_B reaction indicators.
and V_T508A
able T582A set to time constraint of "Z
In backend Pa30 collision works like this
1) the logical collision, checks if there is an overlap in the validity
interval of the IT´s (begda, endda).
2) the physical collision, checks if there is an overlap in the time
interval of the IT's.
In the logical collision it is checked if there is an overlap in the
validity interval if at least one of the records is a full-day
( that is the case when you enter a Daily Work Schedule (DWS) )
So when one of the records has a DWS it is considered to be a full day
record and the logical collision is taken into consideration.
If instead you enter the only the time interval manually the records
are considered to be partial-day and the physical collision is
performed. In that case only the time interval is important.
So if the clock times are not entered the physical collision can not
take place.
The collision functionality is always based on clock times and dates,
never on the total nr of hours.
Edited by: Siddharth Rajora on Sep 21, 2011 4:57 PM -
Nexus 7010 bgp state change alert not triggered to NNM
Hi ,
BGP state change alert not triggered to NNM on Nexus -7010 for Monitoring.
Details of the Device:
Nexus 7010 :
Software
BIOS: version 3.22.0
kickstart: version 5.1(3)
system: version 5.1(3)
BGP neighbor status :
Neighbor V AS MsgRcvd MsgSent TblVer InQ OutQ Up/Down State/PfxRcd
172.16.1.2 4 65505 5089234 5194515 51359 0 0 6w2d 391
172.16.1.3 4 65505 5044293 5146859 51359 0 0 30w4d 378
172.31.11.3 4 15404 120744 114811 51359 0 0 1w6d 1
172.31.42.3 4 65501 5261796 5264413 51359 0 0 2d06h 0
Snmp trap enabled:
snmp-server user admin network-admin auth md5 0x690c4ede8a88ba7f2de791dbe7a77f0a
priv 0x690c4ede8a88ba7f2de791dbe7a77f0a localizedkey
snmp-server host 172.30.0.55 traps version 2c xxxx
snmp-server enable traps bgp
Downloaded cisco-bgp4-mib version, bgp4-mib tried and performed snmpwalk as given below
nnmsnmpwalk.ovpl -c xxx 172.31.15.130 .1.3.6.1.4.1.9.9.187.0.6
Error : No MIB objects contained under subtree
nnmsnmpwalk.ovpl -v 2 -c xxx 172.31.15.130 .1.3.6.1.2.1.15.3.
No MIB objects contained under subtree
Kindly advise to resolve the issue
Regards
HariYou can set an alert for Warning State. This is feasible.
Juke Chou
TechNet Community Support -
Serial interfaces, ip vrf forwarding, and PBR with set vrf
I am doing some work with VRF-lite but I am having some trouble with serial interfaces. I have a PE router with a serial interface where I want to take incoming traffic and using policy-based routing send the traffic to the appropriate VRF. I want to assign the serial interface itself to be in one of those VRFs, not the global routing table. Eventually, I also want to overlap the VPNs/VRFs to send traffic going out the serial interface through the VRF assigned to the serial interface. Initially, it looks something like this:
ip vrf VRF1
rd 65000:3
route-target export 65000:3
ip vrf VRF2
rd 65000:18
route-target import 65000:3
ip route vrf VRF1 10.90.51.0 255.255.255.0 192.168.11.18
interface Serial0/0/0
ip vrf forwarding VRF1
ip address 192.168.11.17 255.255.255.252
router bgp 65000
no synchronization
bgp log-neighbor-changes
no auto-summary
address-family ipv4 vrf VRF1
redistribute static
no auto-summary
no synchronization
exit-address-family
ip access-list extended remote-source
permit ip 10.90.0.0 0.0.255.255 any
route-map SERIAL-INCOMING permit 100
match ip address remote-source
set vrf VRF2
But if I try to turn on the policy based routing at the serial interface, I get an error:
Router(conf)#interface Serial0/0/0
Router(config-if)#ip policy route-map SERIAL-INCOMING
% Can not apply route-map SERIAL-INCOMING to this interface
% Either remove 'set vrf' from route-map or unconfigure 'ip vrf forward'
I can sort of get around the problem by using an "ip vrf receive" instead of "ip vrf forward", but unfortunately, that leaves my Serial interface in the global table which isn't what I wanted.
What troubles me is that I can do this without any problems on an Ethernet interface. Are there any known issues with "ip vrf forward" and using PBR and "set vrf" on Serial interfaces, or have I configured something wrong?
If I stick with the "ip vrf receive", how can I force the physical Serial interface into the appropriate VRF?
Thanks.
Clarke Morledge
College of William and MaryUpon further investigation....
The serial interface issue was a red herring. It just so happens that every other time I've done this it has been on a flavor of 12.2x on a 6500/7600 where this feature is supported. The only systems I have with Serial interfaces are 1841s.
The problem with the 1841 is that most of the code revisions out there do not support this feature. It was only added to the regular code train with the recent release of 12.2(24)T. I tested with 12.2(24)T1 and you are now able to use "ip vrf forwarding" on all interfaces along with a PBR route-map that uses the "set vrf" option.
Thanks, Laurent, for pointing me towards the TAC on this.
Clarke Morledge
College of William and Mary -
Best Practice Two ISPs and BGP
Hello Experts.
I was wanting to hear opinions for the best way to setup two ISR4431's with two 2960x's and two ASA firewalls.
My current design is:
ISP1 router -> ISR4431-A ->{2960x pair} -> ASA-A
ISP2 router -> ISR4431-B ->{2960x pair} -> ASA-B
Currently using public BGP and HSRP on the inside with an SLA monitor to a public IP.
If HSRP is the best way to accomplish this, how do i solve these two problems or is there a better design? (The two 4431's are not connected to each other currently.)
-Least Cost routing (i guess that is what its called) - I want to visit a website that is located on ISP2's network (or close to it), but HSRP currently has ISP1 as active. If i go out ISP1 it may go around the country or 10 hops before it hit a site that is 4 hops away on the other ISP.
-Assymetric routing - i think that is where a reply comes in the non-active ISP - how do i prevent that.
I am really just looking for design advice about the best way to use this hardware to create as much redundancy as possible and best performance possible. If you could just share your opinion of "I would use ____" or give me a stamp of reassurance on the above design and any opinion on the two problems.
Thanks for the time!Hi,
If you are running BGP with the service provides, you need an IBGP link between the 2 ISR-4431 routers. If for example you want traffic to go out using sp-1 and come back using the same provider you need to us AS path prepending, so sp-2 sees a longer path to your network and so traffic goes out and comes back through the same provider. In this case you use sp-2 as backup link, if not you can be dealing with Asymmetric routing. In addition, for HSRP/VRRP to work both routers should be connecting to the set of 2960x switches. You can simply stack the 2960x switches so they logically look as one device. The same should go for the firewalls. They should connect to the switch stack.
HTH -
HELP! Been looking at this problem all day. Have a simple BGP config on my end (below). I have no control on the other end. Recently upgraded from 2811 to 2911. IOS: c2900-universalk9-mz.SPA.151-4.M7.bin Configs on old and new routers exactly the same.
Called our ISP. They see the same debug logs, but have no clue to fix. I can ping across fine. No MTU issues. Move connections back to old 2811 BGP comes up no problem.
interface Serial0/0/0
ip address X.X.X.86 255.255.255.252
no ip redirects
no ip unreachables
no ip proxy-arp
service-module t1 fdl ansi
no cdp enable
router bgp 65000
bgp log-neighbor-changes
network Y.Y.Y.0
network Y.Y.Y.16 mask 255.255.255.240
neighbor X.X.X.85 remote-as 2
neighbor X.X.X.85 password 7 06252C1268715E3C5139
debug
Nov 5 11:07:05.493: BGP: Selected new router ID Y.Y.Y.17 for scope global
Nov 5 11:07:05.537: BGP: Applying map to find origin for Y.Y.Y.16/28
Nov 5 11:07:05.541: BGP: Applying map to find origin for Y.Y.Y.16/28
Nov 5 11:07:05.541: BGP: Applying map to find origin for Y.Y.Y.16/28
Nov 5 11:07:05.549: BGP: nbr global X.X.X.85 Active open failed - can't get active topologies
Nov 5 11:07:05.549: BGP: nbr global X.X.X.85 Open active delayed 11264ms (35000ms max, 60% jitter)
Nov 5 11:07:06.457: BGP: X.X.X.85 passive open to X.X.X.86
Nov 5 11:07:06.461: BGP: X.X.X.85 passive went from Idle to Connect
Nov 5 11:07:06.461: BGP: ses global X.X.X.85 (0x307CA074:0) pas Setting open delay timer to 60 seconds.
Nov 5 11:07:06.461: BGP: ses global X.X.X.85 (0x307CA074:0) pas read request no-op
Nov 5 11:07:06.521: BGP: Sched timer-wheel running slow by 8 ticks
Nov 5 11:07:16.761: BGP: X.X.X.85 active went from Idle to Active
Nov 5 11:07:16.761: BGP: X.X.X.85 open active, local address X.X.X.86
Nov 5 11:07:16.773: BGP: ses global X.X.X.85 (0x30B937F4:0) act Adding topology IPv4 Unicast:base
Nov 5 11:07:16.773: BGP: ses global X.X.X.85 (0x30B937F4:0) act Send OPEN
Nov 5 11:07:16.773: BGP: X.X.X.85 active went from Active to OpenSent
Nov 5 11:07:16.773: BGP: X.X.X.85 active sending OPEN, version 4, my as: 65000, holdtime 180 seconds, ID CD464511
Nov 5 11:07:16.785: BGP: X.X.X.85 active rcv message type 3, length (excl. header) 5
Nov 5 11:07:16.785: %BGP-3-NOTIFICATION: received from neighbor X.X.X.85 active 2/8 (no supported AFI/SAFI) 3 bytes 000000
Nov 5 11:07:16.785: BGP: ses global X.X.X.85 (0x30B937F4:0) act Receive NOTIFICATION 2/8 (no supported AFI/SAFI) 3 bytes 000000
Nov 5 11:07:16.785: BGP: ses global X.X.X.85 (0x30B937F4:0) act Reset (BGP Notification received).
Nov 5 11:07:16.785: BGP: X.X.X.85 active went from OpenSent to Closing
Nov 5 11:07:16.785: BGP: nbr_topo global X.X.X.85 IPv4 Unicast:base (0x30B937F4:0) NSF delete stale NSF not active
Nov 5 11:07:16.785: BGP: nbr_topo global X.X.X.85 IPv4 Unicast:base (0x30B937F4:0) NSF no stale paths state is NSF not active
Nov 5 11:07:16.785: BGP: nbr_topo global X.X.X.85 IPv4 Unicast:base (0x30B937F4:0) Resetting ALL counters.
Nov 5 11:07:16.785: BGP: X.X.X.85 active closing
Nov 5 11:07:16.785: BGP: ses global X.X.X.85 (0x30B937F4:0) act Session close and reset neighbor X.X.X.85 topostate
Nov 5 11:07:16.785: BGP: nbr_topo global X.X.X.85 IPv4 Unicast:base (0x30B937F4:0) Resetting ALL counters.
Nov 5 11:07:16.785: BGP: X.X.X.85 active went from Closing to Idle
Nov 5 11:07:16.785: %BGP_SESSION-5-ADJCHANGE: neighbor X.X.X.85 IPv4 Unicast topology base removed from session BGP Notification received
Nov 5 11:07:16.785: BGP: ses global X.X.X.85 (0x30B937F4:0) act Removed topology IPv4 Unicast:base
Nov 5 11:07:16.785: BGP: ses global X.X.X.85 (0x30B937F4:0) act Removed last topology
Nov 5 11:07:16.785: BGP: nbr global X.X.X.85 Active open failed - existing passive session
Nov 5 11:07:16.785: BGP: nbr global X.X.X.85 Active open failed - existing passive sessionFrom what I'm finding, AFI 2 is IPv6. This seems like it's expecting IPv6:
Nov 5 11:07:16.785: %BGP-3-NOTIFICATION: received from neighbor X.X.X.85 active 2/8 (no supported AFI/SAFI) 3 bytes 000000
I'm also seeing that SAFI 8 is multicast:
http://www.iana.org/assignments/safi-namespace/safi-namespace.xhtml
If this is the case, the settings that you have above simply wouldn't work. I would contact the ISP to see what your peer is running.
http://routing-bits.com/2009/11/26/output-101-bgp-afisafi/
HTH,
John
Maybe you are looking for
-
How do you view a photo at 100% size like you can do in Photoshop? The zoom slider is cool but it does not give you any info as to what magnification size the image is at. Can anyone help? Thanks, Martin.
-
Maximizing display real estate...
Greetings, Can someone tell me how to maximize my display so that I am able to hide the bar at the top of the screen as well as the bars at the top of the application, such as Safari? I am losing over an inch of valuable display real estate at that t
-
Can't locate my mac but messages are dilivered to it
I can send messages to it, but it has absolutely no clue where in the world it is. how to solve this problem?
-
Add ability to see Lightroom ratings in Bridge
It would be nice to be able to see the ratings that have been created in Lightroom in Bridge. Since there is no way to open the RAW file in Photoshop via Lightroom, I spend a chunk of my time organizing in LR, and then using Bridge to find the files
-
Can I reset a non numbered user status based on a numbered user status?
Can I reset a non numbered user status based on a numbered user status?