BGP Route Policy for transit AS

Similar Messages

• Routing Policy for Wi-Fi Users

  Hi All,
  In my office i am using Microsoft Thread management Gateway(Software Firewall).
  Can i set Security like as below,
  Users can connect Wi-fi Network but they would not able to access  internet but  they should be able to access for local network & for the internet they should go via Microsoft Thread management Gateway.
  Note:
  Wi-Fi ADSL Router has 192.168.1.x  series ip
  Microsoft Thread management Gateway server has 192.168.2.x series IP.
  Thanks In Advance
  Shailendra
  Shailendra Vishwakarma

  Hi,
  Connect the WiFi router directly to a dedicated NIC on the TMG Server.
  Configure the  NIC with a IP addresss from the 192.168.1x range with no Default Gateway
  Create a new network on the TMG server.
  Create a network rule from the new TMG network to External from type NAT.
  Create a Firewall Policy rule from the new TMG network to External for the required protocols (HTTP, DNS for example).
  Configure the Wifi router to provide IP addresses from DHCP with the default Gateway DHCP scope option from the new NIC on the TMG Server (192.168.1.x).
  For DNS name resolution you can use a public DNS Server like 8.8.8.8. This can also be provided via DHCP scope option. 
  regards Marc Grote aka Jens Baier - www.it-training-grote.de - www.forefront-tmg.de - www.galileocomputing.de/3570

• BGP route Selection for Outgoing Traffic

  Hi,
  I am going to implement a multihome internet connection to two different ISP.  Before implementing in real network, I have prepared the same in GNS3 and testing.  Subnet 10.x.5.0/24 should take R1 to outside from LAN and 10.x.6.0/24 should take R2 to outside from LAN.
  Below is my configuration;
  HSRP between R1 and R2 towards LAN.  R1 is the primary HSRP device.
  R6 is the host (example) and subnet .5.0/24 and .6.0/24 are connected to R6.
  R6 is sending a default route to HSRP VIP.
  R1 is advertising subnet 10.x.5.0/24 and R2 is advertising subnet 10.x.6.0/24
  iBGP is configured between R1 and R2
  From Internet to LAN:
  From router 5 (exam.: Internet) traffic is divided in to two routers.  traffic for 10.x.5.0/24 coming to R1 and traffic for 10.x.6.0/24 coming to R2.  This is absolutely fine. What i expected.
  From LAN to Internet:
  I need traffic from 10.x.5.0/24 should take R1 to go to internet (outside) and from 10.x.6.0/24 should take R2 to go to Inernet (outside).
  I have tried with higher Local Preference on each router but is not working. All traffic from R6 (i.e. LAN) to outside is taking only R1 to go outisde.
  Could any one can help on how I can share traffic for 10.x.5.0/24 & 10.x.6.0/24 divided in two Routers from LAN.
  Diagram is attached.

  IN HSRP keep R2 as active router for 10.x.6.0/24 Subnet.
  If you do not want to change HSRP, Then create a route map, match the  10.x.6.0/24 Subnet and the set the next hope as R4.

• ASR 9000 route-policy on ipv4 and vpnv4 neighbors

  Hi
  To reduce configuraton i would like to use the same route-policy for ipv4 and vpnv4 routes from the same neighbors on ASR 9000.
  I know that a "pass all" route-policy will work just fine, also a route-policy like this works fine:
  route-policy eBGP_NEIGHBORS
      set local-preference 50
    endif
  end-policy
  But why doesn´t this route-policy work?
  rd-set EXT_SERVICES_PRIMARY
    1.1.1.1:*
  end-set
  rd-set EXT_SERVICES_SECUNDARY
    2.2.2.2:*
  end-set
  route-policy eBGP_NEIGHBORS
    if rd in EXT_SERVICES_PRIMARY then
      set local-preference 120
    elseif rd in EXT_SERVICES_SECUNDARY then
      set local-preference 20
    else
      set local-preference 80
    endif
  end-policy
  The effect of this is that vpnv4 routes looks just fine but ipv4 routes is missing in bgp table. I have tryed all kind of configs but it just will not work, what am i missing?
  The idea of this route-policy is that routes advertised by rd 1.1.1.1 will act as primary and rd 2.2.2.2 as secundary.
  1.1.1.1 and 2.2.2.2 is handleing the same routes.
  1.1.1.1 is located in one AS and 2.2.2.2 in an other AS
  my ASR that i am working on is in a third AS
  And alla other routes will have a default local-pref of 80

  If you watch the if statement, you're challenging that if the RD is something, or else, else... but, maybe, it doesn't work if you don't have an RD.
  Based on the Mohit's answer I think that maybe, that's the reason.
  route-policy eBGP_NEIGHBORS
    if rd in EXT_SERVICES_PRIMARY then
      set local-preference 120
    elseif rd in EXT_SERVICES_SECUNDARY then
      set local-preference 20
    else   <<< So if not "EXT_SERVICES_PRIMARY" and not "EXT_SERVICES_SECUNDARY", but stills in "if rd.."
      set local-preference 80
    endif
  Mohit's:
  route-policy eBGP_NEIGHBORS
    if rd in EXT_SERVICES_PRIMARY then
      set local-preference 120
    elseif rd in EXT_SERVICES_SECUNDARY then
      set local-preference 20
    endif
      set local-preference 80 >>>> Outside the if statement!
    end-policy.
  Let us know if the Mohit's answer worked! Just to learn something new :)

• Rt-filter or route-policy in a route-reflector

  Hi,
  I want to implement a route reflector that i will use in two differents networks with differents VPNL3. So i do not want that my route reflector advertise the prefixes form a network to the other. I am using an ASR9000 with IOS XR 4.3.2 as route reflector.
  I tried two differents configurations in a testing enviroment and both work fine, one applying route-policy filtering by RD, and another using RT-filter. But i do not know what is better to implement on production. I will appreciate if somebody could help me to decide what is the best to implement in a production Network, thinking in the resources of the network and in the IPv6 deployment (i could not configure RT Filter with address-family ipv6)
  With route-policy
  rd-set RD_XXX
  65000:*
  end-set
  route-policy to_XXX
  if rd in RD_XXX then
     pass
    else
     drop
    endif
  end-policy
  route-policy to_YYY
  if rd in RD_XXX then
    drop
  else
    pass
  endif
  end-policy
  router bgp 65001
  neighbor-group XXX
    remote-as 65001
  address-family vpnv4 unicast
    route-reflector-client
    route-policy to_XXX out
  neighbor-group YYY
     remote-as 650001
     update-source Loopback0
    address-family vpnv4 unicast
      route-reflector-client
      route-policy to_YYY out
  with RT-Filter
  router bgp 65001
  address-family ipv4 rt-filter
  neighbor-group XXX
    address-family ipv4 rt-filter
     route-reflector-client
     soft-reconfiguration inbound always
  neighbor-group YYY
    address-family ipv4 rt-filter
     route-reflector-client
     soft-reconfiguration inbound always
  Regards

  Hi,
  One benefit I see with rt-filter is, this feature provides considerable savings in CPU cycles and transient memory usage, generally this will be beneficial when you have large number of prefixes to be filtered, as you do not need to define route-policy for all the prefixes, and also it simple to configure (only one command )
  Look at the  Restrictions for BGP: RT Constrained Route Distribution in below document
  http://www.cisco.com/en/US/docs/ios/ios_xe/iproute_bgp/configuration/guide/irg_rt_filter_xe.html
  HTH
  Regards,
  Sandip

• Query on BGP route distribution

  Hello Everyone
  In the below scenario (GNS3), IBGP peering enabled between R1-R2, R1-R3, R2-R3 and EBGP peering enabled between R2-R4,R3-R5,R4-R6,R5-R7. OSPF enabled as IGP. Scenario attached for reference.
  The problem I've observed in R1 is not getting entire BGP routing table for destinations 30.x.x.x/40.x.x.x.
  I'm able to see only best routes in R1 BGP routing table, but alternate valid routes are not visible in its topology table.
  R1#sh ip bgp
  BGP table version is 81, local router ID is 100.100.2.1
  *>i30.30.1.0/24     10.10.1.2                0    100      0 200 300 ?
  *>i30.30.2.0/24     10.10.1.2                0    100      0 200 300 ?
  *>i40.40.1.0/24     10.10.2.2                0    100      0 200 400 i
  *>i40.40.2.0/24     10.10.2.2                0    100      0 200 400 i
  *> 100.100.1.0/24   0.0.0.0                  0         32768 i
  *> 100.100.2.0/24   0.0.0.0                  0         32768 i
  More confusing part to me is when I disable IBGP peering between R2-R3 or shutdown interface between R2-R3 or else if I disable ospf in R1,R2 & R3 routers , I'm able to see both best route and alternate valid route in BGP topology table.
  R1#sh ip bgp

  Hi Milin & Renan,
  Thanks for your replies. To narrow down the problem, I’ve shut down the 40.40.x.x network.
  Now between R2-R3, R3 is not advertising 30.30.X.X network to R2, but whereas R2 is advertising 30.30.X.X network to R3. Why R3 is not advertising 30.30.X.X (route via 200 400 300) to R2.
  R2#sh ip bgp ( No alternate route)
   Network          Next Hop            Metric LocPrf Weight Path
  *> 30.30.1.0/24     10.10.4.2                              0 200 300 ?
  *> 30.30.2.0/24     10.10.4.2                              0 200 300 ?
  *>i100.100.1.0/24   10.10.1.1                0    100      0 i
  *>i100.100.2.0/24   10.10.1.1                0    100      0 i
  R2#sh ip bgp summary
  Neighbor        V    AS MsgRcvd MsgSent   TblVer  InQ OutQ Up/Down  State/PfxRcd
  10.10.1.1       4   100      96      98        5    0    0 01:05:50        2
  10.10.3.2       4   100      98     100        5    0    0 01:05:54        0
  10.10.4.2       4   200     100      98        5    0    0 01:05:39        2
  R3#sh ip bgp  ( only in R3 we can see both best route & alternate route)
     Network          Next Hop            Metric LocPrf Weight Path
  *>i30.30.1.0/24     10.10.3.1                0    100      0 200 300 ?
  *                   10.10.5.2                              0 200 400 300 ?
  *>i30.30.2.0/24     10.10.3.1                0    100      0 200 300 ?
  *                   10.10.5.2                              0 200 400 300 ?
  *>i100.100.1.0/24   10.10.2.1                0    100      0 i
  *>i100.100.2.0/24   10.10.2.1                0    100      0 i
  R3#sh ip bgp summary
  Neighbor        V    AS MsgRcvd MsgSent   TblVer  InQ OutQ Up/Down  State/PfxRcd
  10.10.2.1       4   100      54      57       19    0    0 00:50:17        2
  10.10.3.1       4   100      62      60       19    0    0 00:27:22        2
  10.10.5.2       4   200      58      58       19    0    0 00:50:08        2

• Does a route-policy override BGP split-horizon rule in IOS-XR?

  If I receive a default route from a non-client, can I turn around and send it to another non client if I have the following applied to the non-client?
  prefix-set send-default
    0.0.0.0/0
  end-set
  route-policy DEFAULT-POLICY
    if destination in send-default then
      pass
    else
      drop
    endif
  end-policy
   neighbor-group BLAH
    remote-as XXXXX
    password encrypted XXXXXXX
    description iBGP to Decryptors
    update-source Loopback0
    address-family ipv4 unicast
     route-policy DEFAULT-POLICY out
     soft-reconfiguration inbound always
   neighbor X.X.X.X
    use neighbor-group BLAH
  end

  Hi Carlopez,
  For BGP to inject a default rotue you need the "default-information originate" command, unfortunately, you can't redistribute or regenerate a route via the RPL method you described.
  regards
  xander

• In which add-family,routing policy should apply for MPBGP ?

  Hi,
  IN MPBGP protocol, where i will apply routing policy to apply  as- path prepand    so that Route  would be secondary to  neighbor.
  IGP-OSPF and BGP over MPLS is running.
  on Which  address-familiy nbr,should i apply, is it in VPNV4 or IPV4 or IPV4  VRF ?
  if i want 10.36.128.0/26 prefix should go to Neigbhor MPLS R2, what should i use access-list or Prefix list?
  please provide the reply with its config .
  Topology like
  regards,
  Ajay

  Hi Harlold,
  Thanks for reply...
  Please find the topology diagram
  1. Yes ,both are MPLS Network.
  2. L3VPN intraAS.
  3.Mpls router 1 and 2  are PE to connect the SPs MPLS rtr.
  4.My administration is upto Router R1.
  5.Both MPLS Router R1 and R2 belongs to other Vendor which giving us mpls service . and they want from to advertise only VRF MGMT subnets only with AS Prepend .
  So i want to where should Route-map apply? is it in address-family vpnv4 or ?
  router bgp 64513
    synchronization disable
    neighbor 10.49.5.230 remote-as 64513
    neighbor 10.49.5.230 update-source loopback1
  address-family vpnv4
      neighbor 10.49.5.230 activate
      neighbor 10.49.5.230 send-community both
      neighbor 10.49.5.230 route-map ONM_TO_AIR
  Route-map ONM_TO_AIR
  match ip add prefix-list ONM_TO_AIR
  set as-path prepend 64513  64513 64513 64513.
  ip prefix-list ONM_TO_AIR permit 10.49.30.128/26
  will it work?
  or I have to match extcommuntity in Route-map   as it apply to vpnv4 add-family ?
  Regards,
  Ajay

• EIGRP vs BGP route path selection scenario

  I am looking for a routing solution to the following scenario.  It is a fairly simple design. 
  I have two WAN connections between sites A and B.  One is a 20 Meg Metro Ethernet Circuit running EIGRP.  The other is a 10 Meg MPLS running BGP.  What do I need to do in my configuration to make sure that the 20 Meg connection is the chosen path based off the fact that it has better speed and bandwidth?  It appears to me that the MPLS is the preferred path even though it is slower.
  See attached Diagram:
  Site A Config
  interface GigabitEthernet1/0/12
   description PADC COX P2P 20 Meg
   no switchport
   bandwidth 20480
   ip address 172.20.1.1 255.255.255.252
  interface GigabitEthernet2/0/2
   description LEVEL 3 MPLS
   no switchport
   bandwidth 10240
   ip address 172.22.0.2 255.255.255.252
  router eigrp 1
   network 10.0.1.0 0.0.0.255
   network 172.20.1.0 0.0.0.3
   network 192.168.76.8 0.0.0.3
    redistribute bgp 65003 metric 100 1 255 1 1500 route-map MPLS_NETWORKS
   redistribute static route-map DEFAULT_ROUTE
  router bgp 65003
   bgp log-neighbor-changes
   redistribute static
   redistribute eigrp 1
   neighbor 172.22.0.1 remote-as 1
   default-information originate
  Site B Config
  interface GigabitEthernet0/1
   description COX Communications 10 Meg to Venyu
   bandwidth 20480
   ip address 172.20.1.2 255.255.255.252
   duplex auto
   speed auto
   service-policy output VOIP
  interface GigabitEthernet0/2
   description Level 3 MPLS
   bandwidth 10240
   ip address 172.22.1.2 255.255.255.252
   duplex full
   speed 100
  router eigrp 1
   network 10.3.1.0 0.0.0.31
   network 10.52.1.0 0.0.0.255
   network 10.76.6.0 0.0.0.255
   network 172.20.1.0 0.0.0.3
   network 192.168.63.64 0.0.0.63
   network 192.168.76.249 0.0.0.0
   passive-interface default
   no passive-interface GigabitEthernet0/0
   no passive-interface GigabitEthernet0/1
  router bgp 65003
   bgp log-neighbor-changes
   network 10.3.1.0 mask 255.255.255.224
   network 10.52.1.0 mask 255.255.255.0
   network 10.76.6.0 mask 255.255.255.0
   network 192.168.76.249 mask 255.255.255.255
   neighbor 172.22.1.1 remote-as 1

  If each router is receiving advertisements for the same networks/subnet masks from both BGP and EIGRP it will always choose the BGP routes because they have a lower AD ie. 20 vs EIGRP 90.
  Doesn't matter what the bandwidth is.
  If you want to prefer the 20Mbps links then there are a number of options -
  1) if you can summarise each sites subnets then advertise the summary via BGP and the more specific via EIGRP.  More specific will be chosen even before AD is taken into account.
  2) change the AD of either BGP or EIGRP so EIGRP ends up with the lower AD
  3) run BGP on both links although you would still need to manipulate the attributes to make sure the link you want is used.
  Jon

• Problem with route-policy and taging

  Hey!
  I'm trying to apply the following configuration but are receving the follow error:
  !!% Policy [aggregate-routes] uses the 'tag' attribute. There is no 'tag' attribute at the bgp aggregation-dflt attach point.
  route-policy aggregate-routes
    set community test
    set community test1
    if tag eq 1000 then
      set community (65000:1,65000:2,65000:3)
    endif
  end-policy
  router static
   address-family ipv4 unicast
    10.1.1.0/24 Null0 tag 1000 
    router bgp 65000
   address-family ipv4 unicast
    aggregate-address 10.1.1.0/24 route-policy aggregate-routes

  Hello.
  Please find set/match attributes per attach point in the following document - http://www.cisco.com/c/en/us/td/docs/routers/asr9000/software/asr9k_r4-2/routing/configuration/guide/b_routing_cg42asr9k/b_routing_cg42asr9k_chapter_0110.html#con_1240966
  Match tag is not supported for the attach point.

• Bgp slow peer for PE/RR

  Hi,
  Recently came into one concenpt, " bgp slow peer " for PE or RR
  In our network we have 2 no RR & all RR are having ibgp with PE router
  So, in that above case the feature will give any faster convergence
  What are the pros/cons of this feature
  Br/subhojit

  Hi,
  Slow peer in BGP is a feature that works in conjunction with BGP update groups. Update groups are formed automatically in BGP for iBGP and eBGP neighbors. Neighbors with the same outbound policy end up in the same update group. The BGP update is then created once and replicate to all other neighbors in the update group. This is more efficient than creating one BGP update for each neighbor seperately. Slow peer feature will detect if a peer is slowing in processing received BGP messages. That peer will be moved out of the update group. The reason is that one slow peer can slow down the whole update group, which has potentially many neighbors. So, the more neighbors in an update group, the effect will be greater of the slow peer feature. In the end, slow peer feature makes convergence go faster, if there is one or more slow BGP peer. This feature can benefit BGP everywhere, on RR, PE or any BGP router. Remember, the more BGP neighbors with the same outbound policy, the greater the effect can be. Likely, the RRs do not have different or any outbound policy on the iBGP sessions, so there it can be very useful. Also, it might benefit the PE-CE sessions, if you have more than one per VRF at least.
  Thanks,
  Luc

• Route determination for PO and Delivery

  Hi Experts,
  I would like to ask how to set up route fro deliveries and Stock transport orders.
  Hope you can help me on this.
  Thank you very much.
  Regards,
  Mylene

  Working with Route Schedules
  Use
  Using a route schedule, you can control periodic customer deliveries of a particular shipping point to different ship-to parties (for example, customers or stores) in a certain sequence on a certain defined route. The planning is based on calendar weeks. The period unit is a day. Also, route schedules have a goods issue time.
  The route schedule function supports the following processes:
  Periodic deliveries from a shipping point to stores or customers are planned in advance on the basis of calendar weeks and weekdays, also without reference to particular deliveries.
  You adapt the schedules in the specific cases to the planning. For example, you can plan a GI date for a Monday at 8 o’clock, without knowing the exact date or the delivery.
  On the basis of this planning, deliveries that are to leave the warehouse at the same time are combined into groups. In Shipping you can thus distribute the workload by processing these groups.
  Features
  You can display all deliveries for a particular route schedule on a particular day, for a particular shipping point, and so on. In this way, for example, you can choose picking lists on the basis of route schedules.
  You can create route schedules for the following documents:
  Sales orders
  Stock transfer orders
  Deliveries that are based on sales orders, store orders, stock allocations, stock transfer orders, and deliveries without reference.
  The route schedule is displayed in the header data of the delivery. For each delivery within the route, the system prints the expected date and the expected time of the delivery (on the basis of the local time at the original shipping point) on the delivery note; the goods issue date is used for the goods issue posting and the stock valuation.
  In Customizing, you define for each shipping point, delivery type, stock transfer order, and order type whether or not route schedules are to be used.
  You create the route schedules in the master data for shipping. Here you define the route schedule determination and the validity period for the route schedule and the itinerary.
  As soon as the legs have been defined, you can branch to another screen to determine the actual itinerary, as well as the time (days/hours/minutes) required to get from one unloading point to the next. In this screen there is a field beside each leg. Here you can enter the number of the itinerary for the individual legs of the route. If, for example, you enter legs A and B, but assign itinerary number 2 and 1 to these, B is the first unloading point on this route. If you press Enter, the legs are displayed in the correct sequence.
  At the same time it is possible to control the route schedule determination for each delivery type, stock transfer order, and order type. It is activated in the same manner as the repeated route determination. If the route schedule determination for a delivery is active, the system automatically attempts, during creation or change of a delivery, to determine a route schedule and records this in the delivery. Simultaneously, the scheduling is adjusted. All the deadlines, for example, the transportation planning time, the picking time, the loading time, the goods issue time, and the delivery time can change.
  Deliveries with the same route schedule and the same date can be selected for the same picking run and the same goods issue. The same procedure can be used for printing delivery notes and freight lists, for the grouping of deliveries into shipments, and for confirmation of picking orders.
  Deliveries that leave the warehouse at the same time, but are assigned to different routes and can therefore have different route schedules, can be combined together and processed through the creation of wave picks. The only condition is that all deliveries have the same goods issue time.
  Route Schedule Determination
  If exactly one route schedule is defined for a particular combination of requirements, then the system will use this.
  For each combination of requirements for the route schedule determination, you can define several route schedules.
  In the case of a delivery without a preceding document, the system determines the route schedule with the earliest delivery time at the ship-to party.
  In the case of deliveries based on preceding documents (for example, stock transfer orders), the system searches for the route schedule that is nearest to the planned date/time of the delivery. The system uses the following search algorithm:
  - If a route schedule exists for the specified time, this is assigned to the delivery.
  - If there is no route schedule for the time specified, the system searches for the previous route schedule up to the GI time.
  - If there is no route schedule from the GI time to the planned time, the system searches for the next route schedule in the future and assigns this to the delivery.
  Requirements for Route Schedules
  The route schedules are determined by the following conditions:
  · Shipping point
  Where are the goods coming from?
  Ship-to party and unloading point
  Where are the goods going to?
  Shipping condition
  How are the goods being shipped?
  Transportation group
  Which goods are shipped?
  ® For example, which type of goods?
  Calendar week / year
  When are the goods to be shipped?
  If you do not explicitly enter the week and the year, the entry applies for each calendar week. If you enter a week and a year, the route schedule only applies for this week.
  You can only use route schedules if you have maintained the working times and therefore at least one of the following times in minutes:
  · Transportation planning time
  · Pick/pack time
  · Loading time
  · Transit time
  A route schedule can leave the warehouse exactly once in a week. If a route schedule runs several times, either on several days or several times a day, it must be copied to another route schedule.
  Special schedules and public holiday weeks are possible.
  Processing a Route Schedule
  Implementation Options
  Wholesale trade customers and stores can receive goods at regular intervals. These delivery rhythms have an influence on the workload in the warehouse. To help delivery planning, the route schedule serves as a tool for planning regular, repetitive customer deliveries on a particular route. At the time of planning, potential deliveries that have not yet been created are grouped in the route schedule. When the deliveries are created, the system can automatically determine a route schedule and assign it to the delivery. All deliveries with the same route schedule and the same date can be processed together in the shipping point. All these deliveries leave the shipping point together at a particular time. They are distributed along the same geographical route.
  · Deliveries for route schedule MO10H leave the shipping on Mondays at 10:00 in the direction of Philadelphia.
  · Deliveries for route schedule MO10M leave the shipping point on Mondays at 10:00 in the direction of Boston.
  · Deliveries for route schedule MO10S leave the shipping point on Mondays at 10:00 in the direction of New York.
  You can print picking lists for all deliveries that belong to route schedules MO10H - MO10S together.
  Prerequisites
  If you want to define route schedules, you must perform the following tasks:
  - Activate the route determination
  - Activate the delivery scheduling
  - Activate the route schedule for your shipping point and make the following settings:
  Transaction
  Activity
  Delivery
  Route schedule determination for delivery type
  Sales order
  Route schedule determination for sales document type
  Stock transfer order
  Route schedule determination for delivery type
  Set delivering plant and order type
  Maintenance of the itinerary should be uniform for all the route schedules used. To ensure exact planning, maintain the itinerary for all the route schedules. If rough planning is sufficient in this case, you do not need to maintain the itinerary for a route schedule.
  If you do not define any goods accepted times in the customer master for the unloading points of the ship-to party, the system assumes that the goods acceptance is possible at any time. The system determines the delivery time from the departure time in the route schedule plus the required traveling time to the ship-to party, as set in the itinerary (specific move time). This delivery time must be within the goods acceptance time of the unloading point of the ship-to party. If not, the respective route schedule is not determined during delivery creation.
  For more information on route schedules, refer to the Implementation Guide (IMG) under Route Schedules.
  Process Flow
  Select the shipping point you are working for and enter the number of the route schedule.
  Enter the data that defines the route schedule more exactly:
  - Description of the route schedule
  - Route
  - Departure day (weekday)
  - Departure time
  You define the route schedule determination. When you create the delivery, the system can determine a route schedule on the basis of the following data:
  - Shipping point
  - Ship-to party
  - Unloading point (if available)
  - Shipping condition
  - Transportation group
  - (Optional) year/period
  You enter this data (with the exception of the shipping point already entered in step 1).
  You decide whether or not you wish to define the itinerary for this route schedule.
  (Optional) You enter the itinerary and, if required, also the travelling time.
  Creating a Route Schedule
  Choose Logistics ® Logistics Execution ® Master data ® Transportation ® Routes ® Route schedule ® Create.
  In the screen Create Route Schedule: Initial Screen, enter the shipping point and the number of the route schedule.
  If you wish to use data from an existing route schedule as a reference, enter the respective shipping point and the number of that route schedule. If you also wish to copy the itinerary, check the Copy itinerary box.
  Press ENTER .
  The Create Route Schedule screen appears (here the system displays the number you just entered for the route schedule and the shipping point).
  Enter the following data:
  Description of the route schedule
  The respective route
  Departure day (weekday)
  Departure time
  In the Determine route schedule section, enter the following data:
  Ship-to party
  Unloading point (if available)
  Shipping conditions
  Transportation group
  (Optional) Year/period
  If you wish to define for this route schedule the itinerary according to which the individual ship-to parties are to be delivered to, choose Extras ® Itinerary.
  The Create Itinerary screen appears.
  Enter the itinerary and, if necessary, the travelling time.
  When you determine the travelling time from one ship-to party to the next, you should include the wait time of the vehicle at the previous ship-to party.
  If the same route is planned for several route schedules, define for each of these route schedules the same itinerary that should correspond to the stages and legs of the route.
  Choose Goto ® Back.
  You return to the Create Route Schedule screen.
  In this screen, the Itinerary maintained field is now selected. If you wish to add other ship-to parties, you must also maintain the Itinerary for them.
  Check your data and save your entries.
  Reward if helpful...
  Regards,
  Diogo

• How to define JMX policy for the operation ALSBConfigurationMBean.getRefs

  Hello,
  I'm trying to configure the JMX policies of my Weblogic Server.
  I have followed the recommandations from the http://docs.oracle.com/cd/E13222_01/wls/docs100/ConsoleHelp/taskhelp/security/DefinePoliciesforMBeans.html link.
  I try to run the following code on a client side :
  ALSBConfigurationMBean lConfigMBean = (ALSBConfigurationMBean) lDomainMBean.findService(ALSBConfigurationMBean.NAME, ALSBConfigurationMBean.TYPE, null);
  lConfigMBean.getRefs-BusinessServiceQuery);
  I got the exception :
  Caused by: weblogic.management.NoAccessRuntimeException: Access not allowed for subject: principals=[], on Resource com.bea.wli.sb.management.configuration.DelegatedALSBConfigurationMBean Operation: invoke , Target: getRefs
       at weblogic.management.mbeanservers.internal.SecurityInterceptor.isAccessAllowedInvoke(SecurityInterceptor.java:1173)
       at weblogic.management.mbeanservers.internal.SecurityInterceptor.checkInvokeSecurity(SecurityInterceptor.java:813)
       at weblogic.management.mbeanservers.internal.SecurityInterceptor.invoke(SecurityInterceptor.java:443)
       at weblogic.management.jmx.mbeanserver.WLSMBeanServer.invoke(WLSMBeanServer.java:323)
       at weblogic.management.jmx.MBeanServerInvocationHandler.doInvoke(MBeanServerInvocationHandler.java:544)
       at weblogic.management.jmx.MBeanServerInvocationHandler.invoke(MBeanServerInvocationHandler.java:380)
       at $Proxy154.getRefs(Unknown Source)
       at com.csg.cs.services.tech.TECH_RegistryService_1_RegistryPortImpl.getServiceRef(TECH_RegistryService_1_RegistryPortImpl.java:224)
       at com.csg.cs.services.tech.TECH_RegistryService_1_RegistryPortImpl.lookup(TECH_RegistryService_1_RegistryPortImpl.java:117)
       ... 63 more
  And so I want to setup the JMX policy to give the rights to my client. But in the JMX Editor the ALSBConfigurationMBean doesn't exist, and I don't know which bean I have to set up.
  Anyone do know where I can find how to define policy for the Operation "getRefs" of the "ALSBConfigurationMBean" ?
  thanks and regards

  OEG provides several filters for encryption (XML, S/MIME and PGP). It's also possible to accept client certificates via 2-way SSL or route to a destination over 2-way SSL. For further information check out the OEG docs.

• MPLS BGP routes push to DMVPN spokes

  I have an MPLS with BGP. I also have sites that are not connected directly to the MPLS, but have a s2s VPN to hub sites that are connected to the MPLS and that way they access the MPLS resources. I need to communicate the route changes to the MPLS when the DMVPN fails-over to another hub.
  Currently this is my config:
  Datacenter (MPLS only)
  interface GigabitEthernet0/1
  description MPLS
  ip address 192.168.0.34 255.255.255.252
  interface Vlan2
  ip address 192.168.96.2 255.255.255.0
  router bgp 65511
  bgp log-neighbor-changes
  network 192.168.96.0
  neighbor 192.168.0.33 remote-as 65510
  Hub site 1 (MPLS + internet)
  interface Tunnel200
  ip address 10.99.99.1 255.255.255.0
  no ip redirects
  ip mtu 1400
  ip nhrp authentication auth
  ip nhrp map multicast dynamic
  ip nhrp network-id 12345
  ip nhrp holdtime 600
  tunnel source GigabitEthernet0/0
  tunnel mode gre multipoint
  tunnel key 200
  tunnel protection ipsec profile dmvpn
  interface GigabitEthernet0/1
  description MPLS
  ip address 192.168.1.2 255.255.255.0 secondary
  ip address 192.168.0.2 255.255.255.252
  router bgp 65001
  bgp log-neighbor-changes
  network 192.168.1.0
  network 192.168.21.0
  !10.99 clients are DMVPN spokes
  neighbor 10.99.99.3 remote-as 99010
  neighbor 10.99.99.3 route-reflector-client
  neighbor 10.99.99.21 remote-as 99001
  neighbor 10.99.99.21 route-reflector-client
  !as 65000 is the MPLS PE
  neighbor 192.168.0.1 remote-as 65000
  Hub Site 2, has the same configuration, except for local ip address and router BGP ID.
  Spoke site:
  interface Tunnel200
  ip address 10.99.99.3 255.255.255.0
  no ip redirects
  ip mtu 1400
  ip nhrp authentication auth
  ip nhrp map 10.99.99.1 PUBLIC_IP_HUB_1
  ip nhrp map 10.99.99.16 PUBLIC_IP_HUB_2
  ip nhrp network-id 12345
  ip nhrp holdtime 600
  ip nhrp nhs 10.99.99.1 priority 1
  ip nhrp nhs 10.99.99.16 priority 5
  ip nhrp nhs fallback 60
  tunnel source GigabitEthernet0/0
  tunnel mode gre multipoint
  tunnel key 200
  tunnel protection ipsec profile dmvpn
  interface GigabitEthernet0/1
  description Internal
  ip address 192.168.3.1 255.255.255.192
  router bgp 99010
  bgp log-neighbor-changes
  network 192.168.3.0
  neighbor 10.99.99.1 remote-as 65001
  neighbor 10.99.99.16 remote-as 65013
  On this spoke site 
  #sh ip route
  B 192.168.1.0/24 [20/0] via 10.99.99.1, 00:47:01
  which is the HUB network, but the rest of the MPLS routes are not "learned".
  What am I missing?
  Thanks!

  Hi Jon, I've ommited the configuration of the MPLS provider routers in between.  The DC is connected to a router that has the AS 65510.
  DC:CPE---PE:{MPLS}PE---CPE:HUB---{internet}---Spoke
  The DC is ok getting the network information via BGP:
  #sh ip route
  B 192.168.3.0/24 [20/0] via 192.168.0.33, 3d05h
  B 192.168.21.0/24 [20/0] via 192.168.0.33, 3d05h
  #sh ip bgp 192.168.21.0
  BGP routing table entry for 192.168.21.0/24, version 559
  Paths: (1 available, best #1, table default)
  Not advertised to any peer
  Refresh Epoch 1
  65510 3549 6140 3549 65000
  192.168.0.33 from 192.168.0.33 (###.###.###.###)
  Origin IGP, localpref 100, valid, external, best
  #sh ip route 192.168.21.0
  Routing entry for 192.168.21.0/24
  Known via "bgp 65511", distance 20, metric 0
  Tag 65510, type external
  Last update from 192.168.0.33 3d05h ago
  Routing Descriptor Blocks:
  * 192.168.0.33, from 192.168.0.33, 3d05h ago
  Route metric is 0, traffic share count is 1
  AS Hops 5
  Route tag 65510
  MPLS label: none
  Spoke:
  #sh ip bgp
  BGP table version is 494, local router ID is 192.168.21.1
  Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,
  r RIB-failure, S Stale, m multipath, b backup-path, f RT-Filter,
  x best-external, a additional-path, c RIB-compressed,
  Origin codes: i - IGP, e - EGP, ? - incomplete
  RPKI validation codes: V valid, I invalid, N Not found
  Network Next Hop Metric LocPrf Weight Path
  *> 10.0.129.32/27 10.99.99.16 0 65013 65012 3549 ?
  *> 192.168.96.0 10.99.99.16 0 65013 65012 3549 6745 65510 ?
  #sh ip route 192.168.96.0
  Routing entry for 192.168.96.0/24
  Known via "bgp 99001", distance 20, metric 0
  Tag 65013, type external
  Last update from 10.99.99.16 00:02:11 ago
  Routing Descriptor Blocks:
  * 10.99.99.16, from 10.99.99.16, 00:02:11 ago
  Route metric is 0, traffic share count is 1
  AS Hops 5
  Route tag 65013
  MPLS label: none
  #sh ip bgp 192.168.96.0
  BGP routing table entry for 192.168.96.0/24, version 465
  Paths: (1 available, best #1, table default)
  Not advertised to any peer
  Refresh Epoch 2
  65013 65012 3549 6745 65510
  10.99.99.16 from 10.99.99.16 (10.2.16.1)
  Origin incomplete, localpref 100, valid, external, best
  The route is not being updated to the rest of the routers, and the 192.168.21.0 network is still announced via the old route.
  (from spoke)
  ping 192.168.96.2
  Type escape sequence to abort.
  Sending 5, 100-byte ICMP Echos to 192.168.96.2, timeout is 2 seconds:
  Success rate is 0 percent (0/5)
  From DC
  #traceroute 192.168.21.1
  Type escape sequence to abort.
  Tracing the route to 192.168.21.1
  VRF info: (vrf in name/id, vrf out name/id)
  1 192.168.0.33 [AS 65510] 0 msec 0 msec 0 msec
  2 172.50.1.33 [AS 65510] 56 msec 36 msec 36 msec
  3 10.80.1.1 [AS 3549] 44 msec 44 msec 44 msec
  4 10.80.1.2 [AS 3549] 172 msec 172 msec 168 msec
  5 172.50.1.1 [AS 3549] 168 msec 168 msec 172 msec
  6 172.50.1.2 [AS 3549] 180 msec 180 msec 176 msec
  7 192.168.0.2 [AS 65000] 172 msec 172 msec 168 msec <- old route, should be 192.168.0.9
  8 192.168.0.2 [AS 65000] !H * !H

• Auto reboot / Manual reboot : easy way to apply group policy for each group without multiple AD links? Help appreciated

  Good morning,
  I have two policies for WSUS, one that auto-reboots the client and one that allows for manual reboots.  I'm sure this is very obvious, but i'm wanting to make sure I do this correctly.
  What's the easiest way to apply the policy for manual/auto reboots without having to go through my entire active directory tree and link it to each OU containing mixed computers?  
  I hope this makes sense, but I know i can set security groups and then set it for the scope, but if I go that route is there a way to apply it to all Domain Computers, EXCEPT those who are a member of security group "MPS - WSUS Manual" for example?
  Any input here is greatly appreciated
  Thank you

  If all the machines that you want to have the manual option are in a few select OUs then you could apply the auto reboot GPO to the root of the domain, and then link the manual GPO just to those GPOs containing the relevant machines. As explained here
  http://technet.microsoft.com/en-gb/library/cc785665(v=ws.10).aspx a policy applied to an OU overrides a policy applied to the domain as a whole.
  While I'm not sure, from your description I'm guessing that's the case, and they're actually mixed in throughout the domain? In which case, the other option might be to make use of group policies order or precedence. As described here
  http://blogs.msdn.com/b/muaddib/archive/2012/08/22/determine-gpo-precedence-with-gpmc-gpresult.aspx you'll see that the order that the GPOs are listed makes a difference to the order that they are applied, and the last to be applied takes precedence over
  those that come before. Therefore using that, if you applied the reboot policy to everyone, and then applied the manual one with a security filter so it only applied to your "MPS - WSUS Manual" group such that it had a higher precedence, all machines would
  receive the first GPO, but those machines in that group would have that overridden by the second policy.