Conditional Route Advertisement - VRF Address Family?
I would like to do conditional route advertisement within an IPv4 vrf address family but the "neighbor x advertise-map" command is not available within the vrf address family (at least in the code version I have). It is available in non-vrf address families.
Command/Config reference guides do not show any limitations regarding the command. Before I upgrade code (which may not be possible with my current platform) I wanted to see if anyone is doing this or if there is another way to accomplish the same task.
Thanks
-Ed-
Hi,
are you talking about PE->CE or PE->PE/RR ?
Similar Messages
-
Importing not-just-1-best bgp route to VRF in XR in case of unique RD per PE
I'm trying to import BGP prefix from several different sources into VRF for fast convergence. When RD on local and remote PE match, it works right away. But if RDs are different, then I can see many different routes in "sh bgp vpnv4 unicast rd x:x (remote PE's RD)" with NOT-IN-VRF flag, but only best one is present in "sh bgp vpnv4 unicast vrf YYY" or "sh bgp vpnv4 unicast rd y:y (RD of local PE)".
As I understand, in IOS it is handled like this:
router bgp 1
address-family ipv4 vrf YYY
import path selection all
import path limit 4
But can not figure out how to do it in XR. Any suggestions? Do not want to roll back to same-RD-on-all-PEs approach, as IOS doesn't do much of add-paths for VPNv4 ;(.I dont know if this will exactly suit your needs but you can enable PIC (Prefix independent convergence) with the additional-paths command.
The exact command depends on your XR version (additional-paths install backup or additional-paths election)
Refer to the document:
http://www.cisco.com/c/en/us/td/docs/routers/crs/software/crs_r4-1/routing/command/reference/b_routing_cr41crs/b_routing_cr41crs_chapter_01.html#wp2841279186 -
Reassigning IPv6 temporary address when it receives router advertisements
Hi everybody.
I've just met a problem with IPv6 connectivity.
*My environment*
I list my environment that I tested as follows.
1. MacBook Pro (A)
OS Version: 10.6.4
Card Type: AirPort Extreme (0x14E4, 0x93)
Firmware Version: Broadcom BCM43xx 1.0 (5.10.131.16.1)
IPv6 temporary address setting: net.inet6.ip6.use_tempaddr=1
2. AP+Router
TimeCapsule
N.B., I experienced same problem under other sets of router and access point (Cisco's ones). So, let me skip to write the detail of this.
3. MacBook Pro (B) (No problem with this Laptop)
OS Version: 10.6.4
Card Type: AirPort Extreme (0x168C, 0x87)
Firmware Version: Atheros 5416: 2.0.19.10
IPv6 temporary address setting: net.inet6.ip6.use_tempaddr=1
N.B., All user data and settings are transferred to MacBook Pro (A). I think the difference between these two MacBooks is about hardwares.
*The problem*
1. Connect the MacBook Pro (A) to AP+Router.
2. Receive IPv6 router advertisement from the router. (router lifetime=1800, valid lifetime=2592000, preferred lifetime=604800)
3. Assign both IPv6 EUI-64 address and temporary address.
4. Receive IPv6 router advertisement from the router again, 70 sec after previous one.
5. Both the EUI-64 and temporary addresses are removed, and then same EUI-64 address and _new_ temporary address are assigned.
The problem here is that MacBook Pro (A) configures _new_ temporary address, or it removes old temporary address. This causes additional issues on TCP connections because TCP sessions become no longer available after the temporary address has changed.
This problem is not experienced my old MacBook Pro (B); i.e., it keeps the temporary address even after receiving router advertisements.
All the data and setting in MacBook Pro (A) are transferred from MacBook Pro (B).
Therefore, I think the problem is due to hardwares.
I prefer to use IPv6 because I'm in a networking group and also prefer to use temporary addresses.
Do you experience same problem or any suggestions to me?
If you need additional environment description, please ask me.
Thank you in advance, and sorry for my poor English.
Message was edited by: scyphusThis bug has been stealthily fixed in the update http://support.apple.com/kb/HT4250 today, though I have received no reply from Apple bug reporter site.
-
Leaking MPLS VPN learned routes from VRF to Global
I'm trying to leak routes from a VRF to global. I can get the routes leaked from directly connected CE to the global, however I can't get the routes from remote CE's to leak in to the global routing table. Below are my configurations
RP/0/0/CPU0:B25BR1#sh run vrf TR
Wed Dec 17 22:40:33.772 UTC
vrf TR
address-family ipv4 unicast
import route-target
65000:7020
export to default-vrf route-policy TR-2-GLOBAL
export route-target
65000:7020
RP/0/0/CPU0:B25BR1#sh rpl route-policy TR-2-GLOBAL
Wed Dec 17 22:40:50.851 UTC
route-policy TR-2-GLOBAL
if destination in TR-2-GLOBAL then
pass
endif
end-policy
RP/0/0/CPU0:B25BR1#sh rpl prefix-set TR-2-GLOBAL
Wed Dec 17 22:40:57.861 UTC
prefix-set TR-2-GLOBAL
192.168.0.17/32,
192.168.0.18/32,
192.168.0.19/32,
192.168.0.20/32
end-set
!Routes that I want to see also are 192.168.0.19/32 and 192.168.0.20/32 which are there in the VRF routing table
RP/0/0/CPU0:B25BR1#sh route vrf TR
Wed Dec 17 22:41:45.767 UTC
Codes: C - connected, S - static, R - RIP, B - BGP, (>) - Diversion path
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2, E - EGP
i - ISIS, L1 - IS-IS level-1, L2 - IS-IS level-2
ia - IS-IS inter area, su - IS-IS summary null, * - candidate default
U - per-user static route, o - ODR, L - local, G - DAGR
A - access/subscriber, a - Application route, (!) - FRR Backup path
Gateway of last resort is not set
B 10.1.0.0/30 [20/0] via 10.1.0.5, 00:14:32
C 10.1.0.4/30 is directly connected, 06:57:19, GigabitEthernet0/0/0/2
L 10.1.0.6/32 is directly connected, 06:57:19, GigabitEthernet0/0/0/2
B 10.1.128.0/30 [20/0] via 10.1.0.5, 00:14:32
B 192.168.0.17/32 [20/0] via 10.1.0.5, 00:13:56
B 192.168.0.18/32 [20/0] via 10.1.0.5, 00:13:56
B 192.168.0.19/32 [200/0] via 192.168.0.4 (nexthop in vrf default), 00:13:31
B 192.168.0.20/32 [200/0] via 192.168.0.4 (nexthop in vrf default), 00:13:31
RP/0/0/CPU0:B25BR1#sh ip rou
Wed Dec 17 22:41:50.097 UTC
Codes: C - connected, S - static, R - RIP, B - BGP, (>) - Diversion path
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2, E - EGP
i - ISIS, L1 - IS-IS level-1, L2 - IS-IS level-2
ia - IS-IS inter area, su - IS-IS summary null, * - candidate default
U - per-user static route, o - ODR, L - local, G - DAGR
A - access/subscriber, a - Application route, (!) - FRR Backup path
Gateway of last resort is not set
S 10.0.0.0/27 is directly connected, 08:04:01, Null0
O 10.0.0.4/30 [110/2] via 10.0.0.9, 08:03:10, GigabitEthernet0/0/0/0
C 10.0.0.8/30 is directly connected, 08:04:00, GigabitEthernet0/0/0/0
L 10.0.0.10/32 is directly connected, 08:04:00, GigabitEthernet0/0/0/0
O 10.0.0.12/30 [110/3] via 10.0.0.9, 08:03:10, GigabitEthernet0/0/0/0
[110/3] via 10.0.128.9, 08:03:10, GigabitEthernet0/0/0/1
O 10.0.0.16/30 [110/2] via 10.0.128.9, 08:03:51, GigabitEthernet0/0/0/1
O 10.0.0.24/30 [110/3] via 10.0.128.9, 06:29:14, GigabitEthernet0/0/0/1
O 10.0.0.28/30 [110/2] via 10.0.128.9, 08:03:51, GigabitEthernet0/0/0/1
S 10.0.128.0/29 is directly connected, 08:04:01, Null0
O 10.0.128.0/30 [110/3] via 10.0.0.9, 08:03:10, GigabitEthernet0/0/0/0
[110/3] via 10.0.128.9, 08:03:10, GigabitEthernet0/0/0/1
O 10.0.128.4/30 [110/2] via 10.0.128.9, 08:03:51, GigabitEthernet0/0/0/1
C 10.0.128.8/30 is directly connected, 08:04:00, GigabitEthernet0/0/0/1
L 10.0.128.10/32 is directly connected, 08:04:00, GigabitEthernet0/0/0/1
S 10.1.0.4/30 is directly connected, 06:57:23, Null0
S 10.1.128.4/30 is directly connected, 08:04:01, Null0
C 10.18.0.0/16 is directly connected, 08:04:00, MgmtEth0/0/CPU0/0
L 10.18.0.9/32 is directly connected, 08:04:00, MgmtEth0/0/CPU0/0
L 127.0.0.0/8 [0/0] via 0.0.0.0, 08:04:04
O 192.168.0.1/32 [110/2] via 10.0.0.9, 08:03:10, GigabitEthernet0/0/0/0
O 192.168.0.2/32 [110/4] via 10.0.0.9, 08:03:10, GigabitEthernet0/0/0/0
[110/4] via 10.0.128.9, 08:03:10, GigabitEthernet0/0/0/1
O 192.168.0.3/32 [110/3] via 10.0.128.9, 08:03:40, GigabitEthernet0/0/0/1
O 192.168.0.4/32 [110/3] via 10.0.128.9, 08:03:51, GigabitEthernet0/0/0/1
O 192.168.0.5/32 [110/4] via 10.0.0.9, 08:03:10, GigabitEthernet0/0/0/0
[110/4] via 10.0.128.9, 08:03:10, GigabitEthernet0/0/0/1
O 192.168.0.6/32 [110/2] via 10.0.128.9, 08:03:51, GigabitEthernet0/0/0/1
O 192.168.0.7/32 [110/3] via 10.0.0.9, 08:03:10, GigabitEthernet0/0/0/0
[110/3] via 10.0.128.9, 08:03:10, GigabitEthernet0/0/0/1
L 192.168.0.8/32 is directly connected, 08:04:00, Loopback0
B 192.168.0.17/32 [20/0] via 10.1.0.5 (nexthop in vrf TR), 00:05:37
B 192.168.0.18/32 [20/0] via 10.1.0.5 (nexthop in vrf TR), 00:05:37
I'm only seeing the routes from the directly connected CE, but not the routes received from RR. What am I missing here?
Thanks!
-SajithI'm trying to leak routes from a VRF to global. I can get the routes leaked from directly connected CE to the global, however I can't get the routes from remote CE's to leak in to the global routing table. Below are my configurations
RP/0/0/CPU0:B25BR1#sh run vrf TR
Wed Dec 17 22:40:33.772 UTC
vrf TR
address-family ipv4 unicast
import route-target
65000:7020
export to default-vrf route-policy TR-2-GLOBAL
export route-target
65000:7020
RP/0/0/CPU0:B25BR1#sh rpl route-policy TR-2-GLOBAL
Wed Dec 17 22:40:50.851 UTC
route-policy TR-2-GLOBAL
if destination in TR-2-GLOBAL then
pass
endif
end-policy
RP/0/0/CPU0:B25BR1#sh rpl prefix-set TR-2-GLOBAL
Wed Dec 17 22:40:57.861 UTC
prefix-set TR-2-GLOBAL
192.168.0.17/32,
192.168.0.18/32,
192.168.0.19/32,
192.168.0.20/32
end-set
!Routes that I want to see also are 192.168.0.19/32 and 192.168.0.20/32 which are there in the VRF routing table
RP/0/0/CPU0:B25BR1#sh route vrf TR
Wed Dec 17 22:41:45.767 UTC
Codes: C - connected, S - static, R - RIP, B - BGP, (>) - Diversion path
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2, E - EGP
i - ISIS, L1 - IS-IS level-1, L2 - IS-IS level-2
ia - IS-IS inter area, su - IS-IS summary null, * - candidate default
U - per-user static route, o - ODR, L - local, G - DAGR
A - access/subscriber, a - Application route, (!) - FRR Backup path
Gateway of last resort is not set
B 10.1.0.0/30 [20/0] via 10.1.0.5, 00:14:32
C 10.1.0.4/30 is directly connected, 06:57:19, GigabitEthernet0/0/0/2
L 10.1.0.6/32 is directly connected, 06:57:19, GigabitEthernet0/0/0/2
B 10.1.128.0/30 [20/0] via 10.1.0.5, 00:14:32
B 192.168.0.17/32 [20/0] via 10.1.0.5, 00:13:56
B 192.168.0.18/32 [20/0] via 10.1.0.5, 00:13:56
B 192.168.0.19/32 [200/0] via 192.168.0.4 (nexthop in vrf default), 00:13:31
B 192.168.0.20/32 [200/0] via 192.168.0.4 (nexthop in vrf default), 00:13:31
RP/0/0/CPU0:B25BR1#sh ip rou
Wed Dec 17 22:41:50.097 UTC
Codes: C - connected, S - static, R - RIP, B - BGP, (>) - Diversion path
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2, E - EGP
i - ISIS, L1 - IS-IS level-1, L2 - IS-IS level-2
ia - IS-IS inter area, su - IS-IS summary null, * - candidate default
U - per-user static route, o - ODR, L - local, G - DAGR
A - access/subscriber, a - Application route, (!) - FRR Backup path
Gateway of last resort is not set
S 10.0.0.0/27 is directly connected, 08:04:01, Null0
O 10.0.0.4/30 [110/2] via 10.0.0.9, 08:03:10, GigabitEthernet0/0/0/0
C 10.0.0.8/30 is directly connected, 08:04:00, GigabitEthernet0/0/0/0
L 10.0.0.10/32 is directly connected, 08:04:00, GigabitEthernet0/0/0/0
O 10.0.0.12/30 [110/3] via 10.0.0.9, 08:03:10, GigabitEthernet0/0/0/0
[110/3] via 10.0.128.9, 08:03:10, GigabitEthernet0/0/0/1
O 10.0.0.16/30 [110/2] via 10.0.128.9, 08:03:51, GigabitEthernet0/0/0/1
O 10.0.0.24/30 [110/3] via 10.0.128.9, 06:29:14, GigabitEthernet0/0/0/1
O 10.0.0.28/30 [110/2] via 10.0.128.9, 08:03:51, GigabitEthernet0/0/0/1
S 10.0.128.0/29 is directly connected, 08:04:01, Null0
O 10.0.128.0/30 [110/3] via 10.0.0.9, 08:03:10, GigabitEthernet0/0/0/0
[110/3] via 10.0.128.9, 08:03:10, GigabitEthernet0/0/0/1
O 10.0.128.4/30 [110/2] via 10.0.128.9, 08:03:51, GigabitEthernet0/0/0/1
C 10.0.128.8/30 is directly connected, 08:04:00, GigabitEthernet0/0/0/1
L 10.0.128.10/32 is directly connected, 08:04:00, GigabitEthernet0/0/0/1
S 10.1.0.4/30 is directly connected, 06:57:23, Null0
S 10.1.128.4/30 is directly connected, 08:04:01, Null0
C 10.18.0.0/16 is directly connected, 08:04:00, MgmtEth0/0/CPU0/0
L 10.18.0.9/32 is directly connected, 08:04:00, MgmtEth0/0/CPU0/0
L 127.0.0.0/8 [0/0] via 0.0.0.0, 08:04:04
O 192.168.0.1/32 [110/2] via 10.0.0.9, 08:03:10, GigabitEthernet0/0/0/0
O 192.168.0.2/32 [110/4] via 10.0.0.9, 08:03:10, GigabitEthernet0/0/0/0
[110/4] via 10.0.128.9, 08:03:10, GigabitEthernet0/0/0/1
O 192.168.0.3/32 [110/3] via 10.0.128.9, 08:03:40, GigabitEthernet0/0/0/1
O 192.168.0.4/32 [110/3] via 10.0.128.9, 08:03:51, GigabitEthernet0/0/0/1
O 192.168.0.5/32 [110/4] via 10.0.0.9, 08:03:10, GigabitEthernet0/0/0/0
[110/4] via 10.0.128.9, 08:03:10, GigabitEthernet0/0/0/1
O 192.168.0.6/32 [110/2] via 10.0.128.9, 08:03:51, GigabitEthernet0/0/0/1
O 192.168.0.7/32 [110/3] via 10.0.0.9, 08:03:10, GigabitEthernet0/0/0/0
[110/3] via 10.0.128.9, 08:03:10, GigabitEthernet0/0/0/1
L 192.168.0.8/32 is directly connected, 08:04:00, Loopback0
B 192.168.0.17/32 [20/0] via 10.1.0.5 (nexthop in vrf TR), 00:05:37
B 192.168.0.18/32 [20/0] via 10.1.0.5 (nexthop in vrf TR), 00:05:37
I'm only seeing the routes from the directly connected CE, but not the routes received from RR. What am I missing here?
Thanks!
-Sajith -
Problem leaking route from VRF to global table on CSR 1000V
Hi Guys,
So I have a problem with VRF's on a CSR 1000V, specifically exporting a connected subnet from a VRF into the global routing table.
My config, very abbreviated, is as follows:
Router:
GE1: 10.0.0.1/31 VRF TEST
GE2: 172.30.20.1/24 (No VRF, BGP neighbor to 172.30.20.2, receiving 0.0.0.0/0 (default route))
Now sh ip route displays:
0.0.0.0/0 (BGP)
172.30.20.1/24 (Connected)
sh ip route vrf TEST displays:
0.0.0.0/0 (BGP)
10.0.0.1/31 connected
My VRF config is as follows:
ip vrf TEST
rd 1:1
import ipv4 unicast map GLOBAL
export ipv4 unicast map CONNECTED-SUBNET
ip prefix-list CONNECTED seq 1 permit 10.0.0.1/31
ip prefix-list DEFAULT seq 1 permit 0.0.0.0/0
route-map CONNECTED-SUBNET permit 10
match ip address prefix-list CONNECTED
route-map GLOBAL permit 10
match ip address prefix-list DEFAULT
Now my import command works perfectly (0.0.0.0/0 is imported from BGP into the VRF's routing table), however my export command does not function - seemingly at all.
Even though my prefix list is an exact match, I do not see 10.0.0.1/31 appearing in the global routing table, or the BGP table at all (show ip bgp 10.0.0.1 shows only the 0.0.0.0/0 default route)
Any thoughts on what is going on here? Am I misunderstanding the export command for VRF's? I was under the impression this will export directly to the BGP table, and then be imported to the global routing table if applicable?
Any thoughts/input would be appreciated!Hello
"GE1: 10.0.0.1/31 VRF TEST
GE2: 172.30.20.1/24 (No VRF, BGP neighbor to 172.30.20.2, receiving 0.0.0.0/0 (default route))"
I must have misunderstood somewhere I was assuming you had no vrf bgp between GE1-2 , and just vrf on subnet 10.0.0.0/x which needed to be advertised in the global routing table hence my last post suggested you redistribute into bgp,
So assuming you are accepting a default route from GE2 it went like this
GE1
int fa0/1
ip vrf forwading TEST
ip addresses 10.0.0.1 255.255.255.255
int xx
ip address 172.30.20.1 255.255.255.0
router bgp xy
neighbour 172.30.20.2 remote-as yx
redistribute static ( to advertised the vrf subnet to GE2)
ip route 10.0.0.1 255.255.255.255 fa0/1 ( this is tell the global rib where to go for the vrf route)
ip prefix-list VRF permit 0.0.0.0/0
route-map VRF_rm
match ip address prefix VRF ( match on the default route advertised from GE2 which is in the global rib)
ip vrf TEST
import-map ipv4 vrf VRF-rm ( import the default from global rib into the vrf rib)
res
Paul -
Problem to disable IPV6 Router Advertisements suppress command
Hello:
I Have a Cisco 877 with IOS:
Cisco IOS Software, C870 Software (C870-ADVIPSERVICESK9-M), Version 12.4(24)T6, RELEASE SOFTWARE (fc2)
I am implementing Hurricane Electric Tunnel Broker, but actually to do this test I have disconnected the Wan Interface , and It only has a Windows 7 host connected to port FastEthernet 0, through vlan1:
FONTENLAS#show ip interface brief Interface IP-Address OK? Method Status ProtocolATM0 unassigned YES NVRAM administratively down down ATM0.1 unassigned YES unset administratively down down Dialer0 unassigned YES NVRAM up up FastEthernet0 unassigned YES unset up up FastEthernet1 unassigned YES unset up down FastEthernet2 unassigned YES unset up down FastEthernet3 unassigned YES unset up down NVI0 unassigned YES unset administratively down down Tunnel0 unassigned YES NVRAM up down Vlan1 172.16.1.1 YES NVRAM up up FONTENLAS#pingFONTENLAS#ping 172.16.1.2Type escape sequence to abort.Sending 5, 100-byte ICMP Echos to 172.16.1.2, timeout is 2 seconds:.!!!!Success rate is 80 percent (4/5), round-trip min/avg/max = 1/1/4 msFONTENLAS#
I have configured an IPV6 address on Interface Vlan1, but I don't want that the prefix to be distributed through Autoconfiguration, so I have configured on interface Vlan1 the command: nd ra suppress as I show you
FONTENLAS#show run interface vlan 1Building configuration...Current configuration : 187 bytes!interface Vlan1 ip address 172.16.1.1 255.255.255.0 ip nat inside ip virtual-reassembly ip tcp adjust-mss 1412 ipv6 address 2001:470:1F15:EE2::/64 eui-64 ipv6 nd ra suppressendFONTENLAS#
As result, the router doesn't send its periodical Router Advertisements , but when the host is restarted, it sends a Router Solicitation message and the Router answers with Router Advertisement (that is making me crazy, because I understand it musn't send RA messages with suppres command configured)
That's what happens when I restart the connected Host:
FE80::219:AAFF:FEC2:30BC -> Router Link Local Address
FE80::7004:6BEB:4C26:79ED -> Host Link Local Address
FONTENLAS#show ipv6 interface brief ATM0 [administratively down/down] unassignedATM0.1 [administratively down/down] unassignedDialer0 [up/up] unassignedFastEthernet0 [up/up] unassignedFastEthernet1 [up/down] unassignedFastEthernet2 [up/down] unassignedFastEthernet3 [up/down] unassignedNVI0 [administratively down/down] unassignedTunnel0 [up/down] FE80::219:AAFF:FEC2:30BC 2001:470:1F14:EE2::2Vlan1 [up/up] FE80::219:AAFF:FEC2:30BC 2001:470:1F15:EE2:219:AAFF:FEC2:30BCFONTENLAS#show run interface vlan 1Building configuration...Current configuration : 187 bytes!interface Vlan1 ip address 172.16.1.1 255.255.255.0 ip nat inside ip virtual-reassembly ip tcp adjust-mss 1412 ipv6 address 2001:470:1F15:EE2::/64 eui-64 ipv6 nd ra suppressendFONTENLAS#*Mar 2 11:09:51.945: %LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0, changed state to down*Mar 2 11:09:51.945: %LINEPROTO-5-UPDOWN: Line protocol on Interface Vlan1, changed state to down*Mar 2 11:09:51.945: ICMPv6-ND: L3 down on Vlan1*Mar 2 11:09:51.949: IPv6-Address: Address 2001:470:1F15:EE2:219:AAFF:FEC2:30BC/64 is down on Vlan1*Mar 2 11:09:51.949: ICMPv6-ND: Linklocal FE80::219:AAFF:FEC2:30BC on Vlan1, Down*Mar 2 11:09:51.949: IPv6-Address: Address FE80::219:AAFF:FEC2:30BC/10 is down on Vlan1*Mar 2 11:09:52.949: %LINK-3-UPDOWN: Interface FastEthernet0, changed state to down*Mar 2 11:09:54.497: %LINEPROTO-5-UPDOWN: Line protocol on Interface Vlan1, changed state to up*Mar 2 11:09:54.501: ICMPv6-ND: L2 came up on Vlan1*Mar 2 11:09:54.501: IPv6-Addrmgr-ND: DAD request for FE80::219:AAFF:FEC2:30BC on Vlan1*Mar 2 11:09:54.501: ICMPv6-ND: Sending NS for FE80::219:AAFF:FEC2:30BC on Vlan1*Mar 2 11:09:54.505: ICMPv6: Sent N-Solicit, Src=::, Dst=FF02::1:FFC2:30BC*Mar 2 11:09:55.489: %LINK-3-UPDOWN: Interface FastEthernet0, changed state to up*Mar 2 11:09:55.501: IPv6-Addrmgr-ND: DAD: FE80::219:AAFF:FEC2:30BC is unique.*Mar 2 11:09:55.501: ICMPv6-ND: Sending NA for FE80::219:AAFF:FEC2:30BC on Vlan1*Mar 2 11:09:55.501: ICMPv6-ND: L3 came up on Vlan1*Mar 2 11:09:55.501: IPv6-Addrmgr-ND: DAD request for 2001:470:1F15:EE2:219:AAFF:FEC2:30BC on Vlan1*Mar 2 11:09:55.501: ICMPv6-ND: Sending NS for 2001:470:1F15:EE2:219:AAFF:FEC2:30BC on Vlan1*Mar 2 11:09:55.501: ICMPv6-ND: Linklocal FE80::219:AAFF:FEC2:30BC on Vlan1, Up*Mar 2 11:09:55.501: ICMPv6: Sent N-Advert, Src=FE80::219:AAFF:FEC2:30BC, Dst=FF02::1*Mar 2 11:09:55.501: ICMPv6: Sent N-Solicit, Src=::, Dst=FF02::1:FFC2:30BC*Mar 2 11:09:55.501: IPv6-Address: Address FE80::219:AAFF:FEC2:30BC/10 is up on Vlan1*Mar 2 11:09:56.490: %LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0, changed state to up*Mar 2 11:09:56.502: IPv6-Addrmgr-ND: DAD: 2001:470:1F15:EE2:219:AAFF:FEC2:30BC is unique.*Mar 2 11:09:56.502: ICMPv6-ND: Sending NA for 2001:470:1F15:EE2:219:AAFF:FEC2:30BC on Vlan1*Mar 2 11:09:56.502: IPv6-Address: Address 2001:470:1F15:EE2:219:AAFF:FEC2:30BC/64 is up on Vlan1*Mar 2 11:09:56.506: ICMPv6: Sent N-Advert, Src=2001:470:1F15:EE2:219:AAFF:FEC2:30BC, Dst=FF02::1*Mar 2 11:10:22.596: ICMPv6: Received R-Solicit, Src=FE80::7004:6BEB:4C26:79ED, Dst=FF02::2*Mar 2 11:10:22.596: ICMPv6-ND: Received RS on Vlan1 from FE80::7004:6BEB:4C26:79ED*Mar 2 11:10:22.596: ICMPv6-ND: Sending solicited RA on Vlan1*Mar 2 11:10:22.596: ICMPv6-ND: Sending RA from FE80::219:AAFF:FEC2:30BC to FE80::7004:6BEB:4C26:79ED on Vlan1*Mar 2 11:10:22.600: ICMPv6-ND: MTU = 1500*Mar 2 11:10:22.600: ICMPv6-ND: prefix = 2001:470:1F15:EE2::/64 onlink autoconfig*Mar 2 11:10:22.600: ICMPv6-ND: 2592000/604800 (valid/preferred)*Mar 2 11:10:22.600: ICMPv6: Received type 143, Src=FE80::7004:6BEB:4C26:79ED, Dst=FF02::16*Mar 2 11:10:22.604: ICMPv6-ND: STALE -> DELAY: FE80::7004:6BEB:4C26:79ED*Mar 2 11:10:22.604: ICMPv6: Sent R-Advert, Src=FE80::219:AAFF:FEC2:30BC, Dst=FE80::7004:6BEB:4C26:79ED*Mar 2 11:10:22.604: ICMPv6: Received type 143, Src=FE80::7004:6BEB:4C26:79ED, Dst=FF02::16*Mar 2 11:10:23.096: ICMPv6: Received type 143, Src=FE80::7004:6BEB:4C26:79ED, Dst=FF02::16*Mar 2 11:10:25.452: ICMPv6: Received type 143, Src=FE80::7004:6BEB:4C26:79ED, Dst=FF02::16*Mar 2 11:10:25.452: ICMPv6: Received type 143, Src=FE80::7004:6BEB:4C26:79ED, Dst=FF02::16*Mar 2 11:10:25.456: ICMPv6: Received type 143, Src=FE80::7004:6BEB:4C26:79ED, Dst=FF02::16*Mar 2 11:10:25.592: ICMPv6: Received type 143, Src=FE80::7004:6BEB:4C26:79ED, Dst=FF02::16*Mar 2 11:10:25.764: ICMPv6: Received type 143, Src=FE80::7004:6BEB:4C26:79ED, Dst=FF02::16*Mar 2 11:10:25.768: ICMPv6: Received type 143, Src=FE80::7004:6BEB:4C26:79ED, Dst=FF02::16*Mar 2 11:10:26.096: ICMPv6: Received type 143, Src=FE80::7004:6BEB:4C26:79ED, Dst=FF02::16*Mar 2 11:10:27.605: ICMPv6-ND: DELAY -> PROBE: FE80::7004:6BEB:4C26:79ED*Mar 2 11:10:27.605: ICMPv6-ND: Sending NS for FE80::7004:6BEB:4C26:79ED on Vlan1*Mar 2 11:10:27.609: ICMPv6: Sent N-Solicit, Src=FE80::219:AAFF:FEC2:30BC, Dst=FE80::7004:6BEB:4C26:79ED*Mar 2 11:10:27.609: ICMPv6: Received N-Advert, Src=FE80::7004:6BEB:4C26:79ED, Dst=FE80::219:AAFF:FEC2:30BC*Mar 2 11:10:27.609: ICMPv6-ND: Received NA for FE80::7004:6BEB:4C26:79ED on Vlan1 from FE80::7004:6BEB:4C26:79ED*Mar 2 11:10:27.609: ICMPv6-ND: PROBE -> REACH: FE80::7004:6BEB:4C26:79ED*Mar 2 11:10:28.753: ICMPv6: Received N-Solicit, Src=FE80::7004:6BEB:4C26:79ED, Dst=FF02::1:FFC2:30BC*Mar 2 11:10:28.753: ICMPv6-ND: Received NS for FE80::219:AAFF:FEC2:30BC on Vlan1 from FE80::7004:6BEB:4C26:79ED*Mar 2 11:10:28.757: ICMPv6-ND: Sending NA for FE80::219:AAFF:FEC2:30BC on Vlan1*Mar 2 11:10:28.761: ICMPv6: Sent N-Advert, Src=FE80::219:AAFF:FEC2:30BC, Dst=FE80::7004:6BEB:4C26:79ED*Mar 2 11:10:38.219: ICMPv6: Received N-Solicit, Src=FE80::7004:6BEB:4C26:79ED, Dst=FF02::1:FFC2:30BC*Mar 2 11:10:38.219: ICMPv6-ND: Received NS for FE80::219:AAFF:FEC2:30BC on Vlan1 from FE80::7004:6BEB:4C26:79ED*Mar 2 11:10:38.219: ICMPv6-ND: Sending NA for FE80::219:AAFF:FEC2:30BC on Vlan1*Mar 2 11:10:38.223: ICMPv6: Sent N-Advert, Src=FE80::219:AAFF:FEC2:30BC, Dst=FE80::7004:6BEB:4C26:79ED*Mar 2 11:10:39.619: ICMPv6: Received type 143, Src=FE80::7004:6BEB:4C26:79ED, Dst=FF02::16*Mar 2 11:10:40.095: ICMPv6: Received type 143, Src=FE80::7004:6BEB:4C26:79ED, Dst=FF02::16*Mar 2 11:11:10.114: ICMPv6-ND: REACH -> STALE: FE80::7004:6BEB:4C26:79EDFONTENLAS#
So the result is that the Host obtains again the prefix through Autoconfiguration from RA router message.
I haved looked for new cli commands on the router to prevent this but I haven't found any other. The more I had got is to configure the commands (specially the first one):
ipv6 nd prefix default no-advertise
ipv6 nd managed-config-flag
so now, the router doesn't send the Prefix on RA messages, but it continues answering to RS Host Messages with its RA message. And I don't want that, because although It doesn't send the prefix with "nd prefix default no-advertise" command, it sends the MTU and the Default Gateway to the router
and I don't want that because later I want to deploy a Windows Server in the same LAN to do that function (Dhcp server, DNS server...)
That's what happens (Router sends again RA)
FONTENLAS#show run interface vlan 1Building configuration...Current configuration : 253 bytes!interface Vlan1 ip address 172.16.1.1 255.255.255.0 ip nat inside ip virtual-reassembly ip tcp adjust-mss 1412 ipv6 address 2001:470:1F15:EE2::/64 eui-64 ipv6 nd prefix default no-advertise ipv6 nd managed-config-flag ipv6 nd ra suppressendFONTENLAS#*Mar 2 11:26:15.067: %LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0, changed state to down*Mar 2 11:26:15.067: %LINEPROTO-5-UPDOWN: Line protocol on Interface Vlan1, changed state to down*Mar 2 11:26:15.067: ICMPv6-ND: L3 down on Vlan1*Mar 2 11:26:15.071: IPv6-Address: Address 2001:470:1F15:EE2:219:AAFF:FEC2:30BC/64 is down on Vlan1*Mar 2 11:26:15.071: ICMPv6-ND: Linklocal FE80::219:AAFF:FEC2:30BC on Vlan1, Down*Mar 2 11:26:15.071: IPv6-Address: Address FE80::219:AAFF:FEC2:30BC/10 is down on Vlan1*Mar 2 11:26:16.068: %LINK-3-UPDOWN: Interface FastEthernet0, changed state to down*Mar 2 11:26:17.700: %LINEPROTO-5-UPDOWN: Line protocol on Interface Vlan1, changed state to up*Mar 2 11:26:17.704: ICMPv6-ND: L2 came up on Vlan1*Mar 2 11:26:17.704: IPv6-Addrmgr-ND: DAD request for FE80::219:AAFF:FEC2:30BC on Vlan1*Mar 2 11:26:17.704: ICMPv6-ND: Sending NS for FE80::219:AAFF:FEC2:30BC on Vlan1*Mar 2 11:26:17.708: ICMPv6: Sent N-Solicit, Src=::, Dst=FF02::1:FFC2:30BC*Mar 2 11:26:18.692: %LINK-3-UPDOWN: Interface FastEthernet0, changed state to up*Mar 2 11:26:18.704: IPv6-Addrmgr-ND: DAD: FE80::219:AAFF:FEC2:30BC is unique.*Mar 2 11:26:18.704: ICMPv6-ND: Sending NA for FE80::219:AAFF:FEC2:30BC on Vlan1*Mar 2 11:26:18.704: ICMPv6-ND: L3 came up on Vlan1*Mar 2 11:26:18.704: IPv6-Addrmgr-ND: DAD request for 2001:470:1F15:EE2:219:AAFF:FEC2:30BC on Vlan1*Mar 2 11:26:18.704: ICMPv6-ND: Sending NS for 2001:470:1F15:EE2:219:AAFF:FEC2:30BC on Vlan1*Mar 2 11:26:18.704: ICMPv6-ND: Linklocal FE80::219:AAFF:FEC2:30BC on Vlan1, Up*Mar 2 11:26:18.704: ICMPv6: Sent N-Advert, Src=FE80::219:AAFF:FEC2:30BC, Dst=FF02::1*Mar 2 11:26:18.704: ICMPv6: Sent N-Solicit, Src=::, Dst=FF02::1:FFC2:30BC*Mar 2 11:26:18.704: IPv6-Address: Address FE80::219:AAFF:FEC2:30BC/10 is up on Vlan1*Mar 2 11:26:19.692: %LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0, changed state to up*Mar 2 11:26:19.704: IPv6-Addrmgr-ND: DAD: 2001:470:1F15:EE2:219:AAFF:FEC2:30BC is unique.*Mar 2 11:26:19.704: ICMPv6-ND: Sending NA for 2001:470:1F15:EE2:219:AAFF:FEC2:30BC on Vlan1*Mar 2 11:26:19.704: IPv6-Address: Address 2001:470:1F15:EE2:219:AAFF:FEC2:30BC/64 is up on Vlan1*Mar 2 11:26:19.708: ICMPv6: Sent N-Advert, Src=2001:470:1F15:EE2:219:AAFF:FEC2:30BC, Dst=FF02::1*Mar 2 11:26:44.958: ICMPv6: Received R-Solicit, Src=FE80::7004:6BEB:4C26:79ED, Dst=FF02::2*Mar 2 11:26:44.958: ICMPv6-ND: Received RS on Vlan1 from FE80::7004:6BEB:4C26:79ED*Mar 2 11:26:44.958: ICMPv6-ND: Sending solicited RA on Vlan1*Mar 2 11:26:44.958: ICMPv6-ND: Sending RA from FE80::219:AAFF:FEC2:30BC to FE80::7004:6BEB:4C26:79ED on Vlan1*Mar 2 11:26:44.962: ICMPv6-ND: Managed address configuration*Mar 2 11:26:44.962: ICMPv6-ND: MTU = 1500*Mar 2 11:26:44.962: ICMPv6: Received type 143, Src=FE80::7004:6BEB:4C26:79ED, Dst=FF02::16*Mar 2 11:26:44.966: ICMPv6-ND: STALE -> DELAY: FE80::7004:6BEB:4C26:79ED*Mar 2 11:26:44.966: ICMPv6: Sent R-Advert, Src=FE80::219:AAFF:FEC2:30BC, Dst=FE80::7004:6BEB:4C26:79ED*Mar 2 11:26:45.458: ICMPv6: Received type 143, Src=FE80::7004:6BEB:4C26:79ED, Dst=FF02::16*Mar 2 11:26:47.879: ICMPv6: Received type 143, Src=FE80::7004:6BEB:4C26:79ED, Dst=FF02::16*Mar 2 11:26:47.879: ICMPv6: Received type 143, Src=FE80::7004:6BEB:4C26:79ED, Dst=FF02::16*Mar 2 11:26:47.883: ICMPv6: Received type 143, Src=FE80::7004:6BEB:4C26:79ED, Dst=FF02::16*Mar 2 11:26:47.955: ICMPv6: Received type 143, Src=FE80::7004:6BEB:4C26:79ED, Dst=FF02::16*Mar 2 11:26:48.187: ICMPv6: Received type 143, Src=FE80::7004:6BEB:4C26:79ED, Dst=FF02::16*Mar 2 11:26:48.191: ICMPv6: Received type 143, Src=FE80::7004:6BEB:4C26:79ED, Dst=FF02::16*Mar 2 11:26:48.459: ICMPv6: Received type 143, Src=FE80::7004:6BEB:4C26:79ED, Dst=FF02::16*Mar 2 11:26:49.967: ICMPv6-ND: DELAY -> PROBE: FE80::7004:6BEB:4C26:79ED*Mar 2 11:26:49.967: ICMPv6-ND: Sending NS for FE80::7004:6BEB:4C26:79ED on Vlan1*Mar 2 11:26:49.971: ICMPv6: Sent N-Solicit, Src=FE80::219:AAFF:FEC2:30BC, Dst=FE80::7004:6BEB:4C26:79ED*Mar 2 11:26:49.971: ICMPv6: Received N-Advert, Src=FE80::7004:6BEB:4C26:79ED, Dst=FE80::219:AAFF:FEC2:30BC*Mar 2 11:26:49.971: ICMPv6-ND: Received NA for FE80::7004:6BEB:4C26:79ED on Vlan1 from FE80::7004:6BEB:4C26:79ED*Mar 2 11:26:49.971: ICMPv6-ND: PROBE -> REACH: FE80::7004:6BEB:4C26:79ED*Mar 2 11:26:51.620: ICMPv6: Received N-Solicit, Src=FE80::7004:6BEB:4C26:79ED, Dst=FF02::1:FFC2:30BC*Mar 2 11:26:51.620: ICMPv6-ND: Received NS for FE80::219:AAFF:FEC2:30BC on Vlan1 from FE80::7004:6BEB:4C26:79ED*Mar 2 11:26:51.624: ICMPv6-ND: Sending NA for FE80::219:AAFF:FEC2:30BC on Vlan1*Mar 2 11:26:51.628: ICMPv6: Sent N-Advert, Src=FE80::219:AAFF:FEC2:30BC, Dst=FE80::7004:6BEB:4C26:79ED*Mar 2 11:27:02.606: ICMPv6: Received N-Solicit, Src=FE80::7004:6BEB:4C26:79ED, Dst=FF02::1:FFC2:30BC*Mar 2 11:27:02.606: ICMPv6-ND: Received NS for FE80::219:AAFF:FEC2:30BC on Vlan1 from FE80::7004:6BEB:4C26:79ED*Mar 2 11:27:02.606: ICMPv6-ND: Sending NA for FE80::219:AAFF:FEC2:30BC on Vlan1*Mar 2 11:27:02.610: ICMPv6: Sent N-Advert, Src=FE80::219:AAFF:FEC2:30BC, Dst=FE80::7004:6BEB:4C26:79ED*Mar 2 11:27:03.486: ICMPv6: Received type 143, Src=FE80::7004:6BEB:4C26:79ED, Dst=FF02::16*Mar 2 11:27:03.954: ICMPv6: Received type 143, Src=FE80::7004:6BEB:4C26:79ED, Dst=FF02::16*Mar 2 11:27:32.477: ICMPv6-ND: REACH -> STALE: FE80::7004:6BEB:4C26:79EDFONTENLAS#
So I would like to know If I making some mistake or some missconfiguration with this?
Maybe I haven't the correct knowless about how Slacc Autoconfiguration should work (Isn't right that with suppress comand configured the router shouldn't send any RA message ?), or maybe it's a problem with this IOS version. I'm gettin crazy with this.
This router has 24 Mb Flash, so If it's a problem with IOS version, I don't know which one to put on it because I think 15.X versions exceed 24Mb
Thanks for reading this large post and for helping
Kind regards
Pablo JCHi Harold:
Thanks so much for your answer.
Unfortunately, this Router has 128/24 Dram, but IOS 15.1(3)T3 requires 193/32.
Related to your answer I have found this link
Where it is explained:
CSCth90147
Symptoms: Router will respond to an RS with an RA.
Conditions: The symptom is observed when you configure the ipv6 nd ra suppress command. This command is only intended to suppress periodic mcast RAs. The router will still respond to unicast RS (that is intended behavior).
Workaround: Use an ACL to block the reception of RS packets.
I have read in another web that other possible solution is to use configuren the nd ra lifetime messages as 0.
I have combined several commands in this way:
interface Vlan1
ip address 172.16.1.1 255.255.255.0
ip nat inside
ip virtual-reassembly
ip tcp adjust-mss 1412
ipv6 address 2001:470:1F15:EE2::/64 eui-64
ipv6 nd prefix default no-advertise
ipv6 nd managed-config-flag
ipv6 nd ra suppress
ipv6 nd ra lifetime 0
end
With:
ipv6 nd ra suppress -> The router won't send periodical RA messages
ipv6 nd prefix default no-advertise -> The router won't publish the prefix in message RA that it send answering host RS
ipv6 nd ra lifetime 0 -> Does this prevent that the rest of the configuration send by RA could stay in hosts
ipv6 nd managed-config-flag
What do you thing about this configuration? I know it's a bit dirtier than using an ACL to block the reception of RS packet, but could it done the same function?
Kind regards
Thanks for reading -
Difference between address-family ipv6 and address-family ipv6 labeled unicast
Hello Experts,
Can someone explain me the difference between address-family ipv6 and address-family ipv6 labeled unicast. Per my understanding, i think both of them are used to send labelled IPv6 prefix advertisements through BGP..If so, are the following configs same?
address-family ipv6
neighbor 192.168.0.1 activate
neighbor 192.168.0.1 send-label
router bgp 10
neighbor 192.168.0.1
address-family ipv6 labelled unicast
Please let me know if my understanding is correct
Thanks
MukundhThanks for the reply Nagendra...
I have another related query regarding this. We have BGP neighborship flapping between 2 routers ...One is Cisco 7204 and another is Juniper M120 I think.... The Juniper logs show that BGP is flapped due to family inet6 not configured on the Juniper end and Juniper is receiving BGP advertisements with native IPv6 as next hop from Cisco when it shouldn't be receiving that.. The following are commands on Cisco and Juniper...
##### CISCO####
outer bgp 5603
neighbor 95.176.254.10 inherit peer-session LAR neighbor 95.176.254.10 description --- M320-LAB-LJ-CIGALETOVA address-family ipv4
neighbor 95.176.254.10 activate
neighbor 95.176.254.10 inherit peer-policy LAR-ipv4 address-family ipv6
neighbor 95.176.254.10 activate
neighbor 95.176.254.10 send-community both
neighbor 95.176.254.10 route-reflector-client
neighbor 95.176.254.10 send-label
template peer-session LAR
remote-as 5603
update-source Loopback0
timers 30 90
exit-peer-session
template peer-policy LAR-ipv4
route-map LAR-ipv4-out out
route-reflector-client
soft-reconfiguration inbound
send-community both
exit-peer-policy
####JUNIPER####
protocols{bgp{
group I-BGP-IPV4 {
type internal;
family inet {
unicast;
family inet6 {
labeled-unicast {
explicit-null;
export RR-Export-All;
neighbor 95.176.255.254 {
description C7201-RR-IP-CIGALETOVA;
local-address 95.176.254.10;
neighbor 95.176.255.252 {
description C7201-RR-IP-CIGALETOVA;
local-address 95.176.254.10;
By the cisco command above, shouldn't cisco be sending only labelled ipv6 prefixes or am I wrong in this. And if Cisco sends both unlabelled and labelled prefixes, is there a way to make it send only ipv6 prefixes?
Thanks
Mukundh -
MTU option of IPv6 router advertisement ignored
I recently turned up an IPv6 tunnel from Hurricane Electric (http://tunnelbroker.net/) to my home router, which is a Cisco 1921 ISR. The IPv6 tunnel works great, save for one small problem. That being that the MTU of the tunnel is 1480 and the MTU on my Mac is 1500. If I manually set the MTU on my Mac to 1480, everything works as expected. However, part of IPv6 autoconfig is setting the MTU for situations like this where there is a tunnel or the more common PPPoE, both of which require a lower MTU. The router is configured to set this option, and I can see it via tcpdump and radvdump:
[root@strongbad]# tcpdump -i en0 -n -XX icmp6
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on en0, link-type EN10MB (Ethernet), capture size 65535 bytes
11:36:09.218626 IP6 fe80::ca9c:1dff:fed6:17a0 > ff02::1: ICMP6, router advertisement, length 64
0x0000: 3333 0000 0001 c89c 1dd6 17a0 86dd 6e00 33............n.
0x0010: 0000 0040 3aff fe80 0000 0000 0000 ca9c ...@:...........
0x0020: 1dff fed6 17a0 ff02 0000 0000 0000 0000 ................
0x0030: 0000 0000 0001 8600 1266 4000 0708 0000 .........f@.....
0x0040: 0000 0000 0000 0101 c89c 1dd6 17a0 0501 ................
0x0050: 0000 0000 05c8 0304 40c0 0027 8d00 0009 ........@..'....
0x0060: 3a80 0000 0000 2001 0470 e9ba 0001 0000 :........p......
0x0070: 0000 0000 0000 ......
[root@strongbad]# radvdump
# radvd configuration generated by radvdump 1.6
# based on Router Advertisement from fe80::ca9c:1dff:fed6:17a0
# received by interface en0
interface en0
AdvSendAdvert on;
# Note: {Min,Max}RtrAdvInterval cannot be obtained with radvdump
AdvManagedFlag off;
AdvOtherConfigFlag off;
AdvReachableTime 0;
AdvRetransTimer 0;
AdvCurHopLimit 64;
AdvDefaultLifetime 1800;
AdvHomeAgentFlag off;
AdvDefaultPreference medium;
AdvSourceLLAddress on;
AdvLinkMTU 1480;
prefix 2001:470:e9ba:1::/64
AdvValidLifetime 2592000;
AdvPreferredLifetime 604800;
AdvOnLink on;
AdvAutonomous on;
AdvRouterAddr off;
}; # End of prefix definition
}; # End of interface definition
You can plainly see the MTU is at 1500, when it should be 1480:
[root@strongbad]# ifconfig en0
en0: flags=8863<UP,BROADCAST,SMART,RUNNING,SIMPLEX,MULTICAST> mtu 1500
ether 00:16:cb:ab:af:0d
inet6 fe80::216:cbff:feab:af0d%en0 prefixlen 64 scopeid 0x4
inet 192.168.1.44 netmask 0xffffff00 broadcast 192.168.1.255
inet6 2001:470:e9ba:1:216:cbff:feab:af0d prefixlen 64 autoconf
media: autoselect (1000baseT <full-duplex>)
status: active
[root@strongbad]# netstat -in
Name Mtu Network Address Ipkts Ierrs Opkts Oerrs Coll
lo0 16384 <Link#1> 800471 0 800471 0 0
lo0 16384 ::1/128 ::1 800471 - 800471 - -
lo0 16384 fe80::1%lo0 fe80:1::1 800471 - 800471 - -
lo0 16384 127 127.0.0.1 800471 - 800471 - -
gif0* 1280 <Link#2> 0 0 0 0 0
stf0* 1280 <Link#3> 0 0 0 0 0
en0 1500 <Link#4> 00:16:cb:ab:af:0d 24352460 0 36285322 0 0
en0 1500 fe80::216:c fe80:4::216:cbff: 24352460 - 36285322 - -
en0 1500 192.168.1 192.168.1.44 24352460 - 36285322 - -
en0 1500 2001:470:e9 2001:470:e9ba:1:2 24352460 - 36285322 - -
fw0 2030 <Link#5> 00:1c:b3:ff:fe:9b:6d:d0 0 0 0 0 0
en1 1500 <Link#6> 00:1c:b3:b0:41:f0 0 0 0 0 0
vmnet 1500 <Link#7> 00:50:56:c0:00:01 0 0 0 0 0
vmnet 1500 172.16.130/24 172.16.130.1 0 - 0 - -
vmnet 1500 <Link#8> 00:50:56:c0:00:08 0 0 0 0 0
vmnet 1500 172.16.123/24 172.16.123.1 0 - 0 - -
On my Mac in System Preferences > Network > Ethernet > Advanced > Ethernet the "Configure" value is set to "Automatically". I discovered a manual sysctl setting that looked promising, but had no noticeable effect:
[root@strongbad]# sysctl -w net.inet6.ip6.accept_rtadv=1
net.inet6.ip6.accept_rtadv: 0 -> 1
I'm running the latest version of Snow Leopard (10.6.7) on my Mac, and there doesn't appear to be any updates for it. Just for fun, here's the kernel banner:
[root@strongbad]# uname -a
Darwin strongbad.local 10.7.0 Darwin Kernel Version 10.7.0: Sat Jan 29 15:17:16 PST 2011; root:xnu-1504.9.37~1/RELEASE_I386 i386
Any ideas on how to get my Mac to honor the MTU in IPv6 router advertisements and set the MTU automatically?
Thanks in advance,
-LexI was wrong. The MTU in IPv6 router advertisements is not ignored by my Mac. In fact, it works great. A few things threw me off here:
1. The IPv6 MTU is not relected in ifconfig and netstat output if it's different than IPv4.
2. The MTU size was wrong. The IPv6 MTU also has to account for ADSL PPPoE overhead the same as any other protocol. PPPoE adds 8 bytes overhead per packet. That means with the 6in4 tunneling overhead of 20 bytes, the true MTU for an IPv6 packet over a 6in4 tunnel over PPPoE is 1472.
3. The firewall was correctly configured to pass ICMPv6, so PMTUD was working. However, this created the illusion that some destinations were working and some were not. I wrongly assumed that mucking with the MTU to and from 1480 was making a difference. In reality, it was PMTUD doing its thing, albeit slowly and on a strict destination by destination basis.
In sum, setting the MTU on the router interface closest to my Mac to 1472, made it all work beautifully. I had to wait for a few route advertisements to pass by, but my Mac did end up doing the right thing.
One last thing worth noting. On a Cisco router, setting the "ipv6 mtu" to something non-default will be reflected in the IPv6 route advertisements it sends out.
Hope this helps,
-Lex -
Conditional Routing of emails from Exchange 2007
I have a requirement to be able to control the routing of emails from Exchange 2007 based upon the sender email address.
For example, an exchange 2007 email system has 2 accepted domains, domain1.com and domain2.com. The system uses 2 external SMTP gateways used for sending all outbound email (gateway1 & gateway2)
If [email protected] emails [email protected] I want it to travel via gateway1
If [email protected] emails [email protected] I want it to travel via gateway2.
All mailboxes are on a single mailbox server cluster, and there are 2 load balanced Hub Transport servers.
I have looked into various ways of dealing with this and have had no success. I looked at transport rules, but I dont believe it is possible to specify the next hop. I've also looked into setting permissions on the send connectors, but it is not clear exactly what permissions I need to set, or whether it will work.
The only solution I can see is to forward all outbound emails to a separate SMTP gateway (such as postfix) which supports this kind of functionality. However I would rather solve the problem using Exchange.
Any suggestions?This is not possible natively in Exchange but you can create your own transport agent and hook it with Exchange to configure conditional routing. You may try posting a query in Development forum to get help from developers on writing a transport agent.
http://social.technet.microsoft.com/Forums/en-US/exchangesvrdevelopment/threads
Here is a great step-by-step example in that direction, not exactly what you are looking for but quite similar to that...
How to control routing from your own routing agent
http://blogs.technet.com/appssrv/archive/2009/08/26/how-to-control-routing-from-your-own-routing-agent.aspx
Amit Tank | MVP – Exchange Server | MCITP: EMA | MCSA: M | http://ExchangeShare.WordPress.com -
Arp aging time on router and mac address aging time on switches set close t
Hi,
appreciate some advice on the following:
what is the benefit of setting arp aging time on router and mac address aging time on switches close to each other?
Thanks,
ChristinaHi,
based on the below output, do you think implementing it will benefit? Thanks.
C2950#sh int fa0/43
FastEthernet0/43 is up, line protocol is up (connected)
Hardware is Fast Ethernet, address is 000d.5e11.4e2b (bia 000d.5e11.4e2b)
MTU 1500 bytes, BW 100000 Kbit, DLY 1000 usec,
reliability 255/255, txload 7/255, rxload 2/255
Encapsulation ARPA, loopback not set
Keepalive set (10 sec)
Full-duplex, 100Mb/s
input flow-control is off, output flow-control is off
ARP type: ARPA, ARP Timeout 04:00:00
Last input never, output 00:00:00, output hang never
Last clearing of "show interface" counters never
Input queue: 0/75/0/0 (size/max/drops/flushes); Total output drops: 0
Queueing strategy: fifo
Output queue: 0/40 (size/max)
5 minute input rate 933000 bits/sec, 149 packets/sec
5 minute output rate 2981000 bits/sec, 263 packets/sec
2819781393 packets input, 3782332886 bytes, 0 no buffer
Received 266693 broadcasts (0 multicast)
0 runts, 0 giants, 0 throttles
0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored
0 watchdog, 0 multicast, 0 pause input
0 input packets with dribble condition detected
4015025747 packets output, 2328228393 bytes, 0 underruns
0 output errors, 0 collisions, 2 interface resets
0 babbles, 0 late collision, 0 deferred
0 lost carrier, 0 no carrier, 0 PAUSE output
0 output buffer failures, 0 output buffers swapped out
C2950# -
Policy based routing on VRF interfaces to route traffic through TE Tunnel
Hi All,
Is there a method to do policy based routing on VRF interfaces and route data traffic through one TE tunnel and non-data traffic through another TE tunnel.
The tunnel is already build up with these below config
interface Tunnel25
ip unnumbered Loopback0
tunnel destination 10.250.16.250
tunnel mode mpls traffic-eng
tunnel mpls traffic-eng path-option 10 explicit name test
ip explicit-path name test enable
next-address x.x.x.x
next-address y.y.y.y
router ospf 1
mpls traffic-eng router-id Loopback0
mpls traffic-eng area 0
mpls traffic-eng tunnels
nterface GigabitEthernet5/2
mpls traffic-eng tunnels
mpls ip
Is there additional config needed to work ,also in the destination end for the return traffic,we want to use the normal PATH --I mean non TE tunnel.
We tested with the above scenario,but couldn't able to reach the destination.Meantime we had a question,when the packet uses the policy map while ingress,it may not know the associatuion with VRF(Is that right? --If so ,how to make it happen)
Any help would be really appreciated
Thanks
Regards
Anantha Subramanian Natarajanhi Anantha!
I might not be the right person to comment on your first question. I have not configured MVPNs yet and not very confertable with the topic.
But I am sure that if you read through the CBTS doc thoroughly, you might be able to derive the answer yourself. One thing I notice is that " a Tunnel will be selected regularly according to the routing process (even isf it is cbts enabled). From the tunnels selected using the regular best path selection, the traffic is mapped to a perticular tunnel in the group if specific class is mapped to that tunnel.
So a master tunnel can be the only tunnel between the 2 devices over which the routing (bgp next hops) are exchanged and all other tunnels can be members of this tunnel. So your RPF might not fail.
You might have to explore on this a bit more and read about the co-existance of multicast and TE. This will be the same as that.
For your second question, the answer would be easy :
If you want a specific eompls cust to take a particular tunnel/path, just create a seperate pair of loopbacks on the PEs. Make the loopback learnt on the remote PE through the tunnel/path that you want the eompls to take. Then establish the xconnect with this loopback. I am assuming that your question is that a particular eompls session should take a particular path.
If you meant that certain traffic from the same eompls session take a different path/tunnel, then CBTS will work.
Regards,
Niranjan -
BGP default route advertisement - change preference
hi guys,
I would appreciate some assistance here. We have a primary head office & a DR site. Routers at both sites connect to our carrier for an IP VPN service using BGP. BGP configs on each router advertise a default route 0.0.0.0.
#sh ip bgp neighbors x.x.x.x advertised-routes
BGP table version is 358, local router ID is x.x.x.x
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,
r RIB-failure, S Stale
Origin codes: i - IGP, e - EGP, ? - incomplete
Originating default network 0.0.0.0
Issue is, some of our remote sites prefer the DR router path for traffic destined to internet.
We are advertising multiple default routes to our carrier, and based on feedback from carrier, route with lowest MED is preferred.
This brings me to what i need to change from my side. Need to change the route preference so that from our remote offices, only the route to head office is preferred with DR site the least preferred route. I know there are multliple ways of doing this, however keen to get input from the experts out there.
DR site router has this BGP config currently applied:
router bgp XXXXX
bgp log-neighbor-changes
redistribute connected
redistribute ospf 1 match internal external 1 external 2
neighbor x.x.x.x remote-as XXXX
neighbor x.x.x.x default-originate
neighbor x.x.x.x soft-reconfiguration inbound
neighbor x.x.x.x route-map IMPORT-POLICY in
neighbor x.x.x.x route-map OPI-route-advertisement out
default-information originate
Removing the "neighbor x.x.x.x default-originate" is not an option, as we need to have the ability to failover to DR at any point.
Thanks in advance & if you need any further info pls advise.
RamaHi Milan,
Thanks. Answers below:
Does it provide an MPLS backbone to you? YES
Are you using the same AS number on all your sites or different ones? Same AS
Any way, what about advertising the default route from your DR site with the site AS number prepended several times (5 times, e.g.)? That's the thing I am struggling to understand as the route-map OPI-route-advertisement already has it prepended 2 times. Shouldn't that be enough to influence which route is least preferred?
route-map OPI-route-advertisement permit 20
match ip address prefix-list xxx default-route
set as-path prepend XXXXX XXXXX
If your provider would permit that and hasn't configured his routers to ignore the AS_PATH length (as him a question), it should make the default route advertised from your DR less preferred within your backbone. Will ask.
Given this, any other thoughts/questions?
Thanks, Rama -
Why is my WRT610 sending IPv6 router advertisements?
Set up my new WRT610N over the weekend. Generally working ok, but I'm having trouble with my IPv6 tunnel setup. Started seeing a new prefix show up on my inside boxes, one that is in the IPv6 6to4 range, and appropriate for my external IP address. Do a little digging with a packet sniffer, and it looks like the 610N is sending out Router Advertisements every 10 seconds or so advertising the 6to4 IPv6 prefix and itself as a IPv6 router. Anyone else see this? Is there a way to turn it off?
OK, Bonus points to Linksys for having some v6 support, but it'd be nice if there were some knobs to adjust it or turn it off.
System is running firmware 1.00.00 B18. Here's the text of the packet capture:
Ethernet II, Src: Cisco-Li_62:99:40 (00:22:6b:62:99:40), Dst: IPv6mcast_00:00:00
:01 (33:33:00:00:00:01)
Destination: IPv6mcast_00:00:00:01 (33:33:00:00:00:01)
Address: IPv6mcast_00:00:00:01 (33:33:00:00:00:01)
.... ...1 .... .... .... .... = IG bit: Group address (multicast/broadcast)
.... ..1. .... .... .... .... = LG bit: Locally administered address (this is NOT the factory default)
Source: Cisco-Li_62:99:40 (00:22:6b:62:99:40)
Address: Cisco-Li_62:99:40 (00:22:6b:62:99:40)
.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
.... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
Type: IPv6 (0x86dd)
Internet Protocol Version 6
0110 .... = Version: 6
[0110 .... = This field makes the filter "ip.version == 6" possible: 6]
.... 0000 0000 .... .... .... .... .... = Traffic class: 0x00000000
.... .... .... 0000 0000 0000 0000 0000 = Flowlabel: 0x00000000
Payload length: 56
Next header: ICMPv6 (0x3a)
Hop limit: 255
Source: fe80::222:6bff:fe62:9940 (fe80::222:6bff:fe62:9940)
Destination: ff02::1 (ff02::1)
Internet Control Message Protocol v6
Type: 134 (Router advertisement)
Code: 0
Checksum: 0x8226 [correct]
Cur hop limit: 64
Flags: 0x58
0... .... = Not managed
.1.. .... = Other
..0. .... = Not Home Agent
...1 1... = Router preference: Low
Router lifetime: 1800
Reachable time: 0
Retrans timer: 0
ICMPv6 Option (Prefix information)
Type: Prefix information (3)
Length: 32
Prefix length: 64
Flags: 0xc0
1... .... = Onlink
.1.. .... = Auto
..0. .... = Not router address
...0 .... = Not site prefix
Valid lifetime: 30
Preferred lifetime: 20
Prefix: 2002:62eb:e012::
ICMPv6 Option (Source link-layer address)
Type: Source link-layer address (1)
Length: 8
Link-layer address: 00:22:6b:62:99:40I'm seeing the issue on multiple computers and operating systems, all connected to the router. My systems are reacting appropriately to a IPv6 router advertisement by adding an IP address to their ethernet interfaces with the advertised prefix, unfortunately, it's one that doesn't work to reach normal IPv6 addresses.
On my unix based systems (linux, Mac OS X), I've been able to work around the issue by putting in a filter blocking icmp6 from the IPv6 link layer address of the linksys router, but I don't have that option on all my systems. -
Hi,
I want to understand VPNV4 and IPV4 address family.
when looking our PE router under the VPNV4 address family we have 4 commands
address-family vpnv4
neighbor partial-table send-community both
neighbor 1.1.1.1 activate
neighbor 2.2.2.2 activate
neighbor 3.3.3.3 activate
The address’s above are our route reflectors obviously on different ip’s
Do you need this command to bring up the IPV4 address family? so the first thing to do is create your address-family vpnv4 then your IPV4 address family?Hi James,
There are multiple options available when you configure BGP on cisco routers.
(config-router)#address-family ?
ipv4 Address family
ipv6 Address family
nsap Address family
vpnv4 Address family
More options on new codes---
IPV4 is for V4 address,IPv6 for V6 address and VPN4 is to carry VPN routes when using MPLS. This is basically gives you more options to manage bgp configuration. By default all the neighbors under address family are disabled hence activate command is required.
You can define yours neighbors under normal BGP process with no bgp default ipv4-unicast which will disable default behavior of IOS to exchange IPV4 routes and later on you can activate that neighbor in address family you want to use for route exchange.
Thanks
Ajay -
MacBook Pro Can't Find RV Park Router's IP Address
I was using the RV park's wifi, which does not require a password. Now my MBP won't connect because it can't find the router's IP address. I used IP Scanner and found the IP address. Is there some way I can "tell" my MBP what the IP address is? I know SSID, IP, ftp prot and domain port.
Thanks,
RobertRobert Martin7,
open the Network pane of System Preferences. If the padlock in the lower-left corner is locked, click on it (and provide the appropriate password) to unlock it. Select Wi-Fi on the left-hand side, and press the “Advanced…” button. Select the Wi-Fi tab, where it shows a list of Preferred Networks. Press the “+” button, enter their SSID in the Network Name textbox, and set Security to None. When it’s in the list, select it, then click on the TCP/IP tab and enter its IP address information (if it doesn’t use DHCP) by first setting the Configure IPv4 dropdown to “Manually”. When you’ve finished entering its information, press the OK button in the lower-right corner, relock the padlock in the lower-left corner if desired, and try selecting their network in the Network Name dropdown to see if you can now use their wi-fi.
Maybe you are looking for
-
Pricing in credit memo request
Hi Guys, I am creating a credit memo request with reference to the billing document , The price and the quanity got copied from the billing document.Now In the creditmemo request I changed the quantity ( suppose in billing doc. the quantity is 10 an
-
I lost my ipad and i need the serial number and IMEI , please help me how?
i lost my ipad and i need the serial number and IMEI , please help me how?
-
Where are my Web Form entries stored in the webBasics plan?
Where are my Web Form entries stored in the webBasics plan? Currently-in my trial site-I can access Web Form responses through a Custom Report. Will this option be available to me in the webBasics plan? My hope is to use the webBasics plan with a Web
-
Error in event driven procedure
Dear Gurus...I created the following procedure to implement Event Driven Reporting: CREATE OR REPLACE procedure ABC.eve_drv_rep as myPlist system.SRW_PARAMLIST; myIdent system.SRW.Job_Ident; BEGIN myPlist := system.SRW_PARAMLIST(system.SRW_PARAMETER(
-
Business Events in Oracle Learning Management?
Hi! Is there a Business Event, which fires, if i change the status of a class? I think there is no workflow behind the staus-change of a class. How can i trigger a event/worklfow when a user changes the class status? Thank you! Best regards, Thomas