Control Packets over non-MPLS connection

Is it possible to configure Cisco router 7204 to send BGP packets not over LSP that has been established for the BGP peer, PE router, but over non-MPLS connection, while all data traffic to the PE router get forwarded through the LSP. In other words, I'm wondering it is possible to constrain all control
packets, including BGP, OSPF and LDP, to the non-MPLS interfaces, even though the LSP exists for the destination prefixes for the BGP packets.
I hope it could be applied to establishing MP-iBGP sessions between PE routers in MPLS/VPN network, in other words, we want all BGP packets not be forwarded through the LSP established between two PE routers, which is actually an ATM LER system since we have established non-MPLS connections between LERs in order to forward control packets including routing protocol and MPLS signaling protocol.
Any response will greatly appreciated.
Regards,
Yongjun.

Yongjun,
r1------r2-----r3
\-------r4----/
r1, r3 are PEs
r2 is a P rotuer
r4 is a non-LSR
r1-r2-r3 is LSP
r1-r4-r3 is a ip path, non-lsp
Then, you can do 'local-policy routing on r1 and r3 to send the Bgp control traffic over r1--r4--r3 path.
config on r1:
ip local policy route-map foo
route-map foo perm 10
match ip addr 100
set ip next-hop
access-list 100 perm tcp host eq 179 host
access-list 100 perm tcp host host eq 179
you got to do similar config on r3.
let me know if you have further q's.
best regards,
gopal

Similar Messages

  • How to prevent packet forwarding over non-MPLS connection.

    I'm wondering if it is possible to configure Cisco ESR to not forward packet over non-MPLS connection(VPI/VCI=0/32) when an LSP for its destination has not been established, while allowing control packets(BGP, LDP, OSPF) to be sent over non-MPLS connection. The reason why I ask about is as follows.
    Referring to the following network configuration,
    R1 --- Cisco_ESR --- ATM_LSR --- LER --- R2
    <--> non-MPLS connection
    ----------------------->
    LSPs
    ----------------------->
    In the ordinary operation, when a packet arrives at Cisco_LER from R1, it gets forwarded over an LSP if available, while getting forwarded over non-MPLS connection(VPI/VCI=0/32) if the corresponding LSP is not available. In the configuration mentioned above,ATM_LSR does software-based packet processing for incoming packet through non-MPLS channel, while doing cell-switching for LSP traffic. Thus if ESR sends packet over non-MPLS connection, e.g, STM-1c, the ATM_LSR could get crashed or time-critical control traffic could be delayed or lost, thereby resulting in BGP/LDP session failure between ESR and ATM_LSR or LER.
    In summary, my question is how to prevent Cisco_ESR from forwarding packets over non-MPLS connection when LSPs for their destinations are not available due to LSP failures.
    Thanks.
    Yongjun.

    It already is, except for Aliens, they have access to everything on your phone(they always have had this access) .

  • Leaking netbios packets over dial up connection

    I have used a verizon USB internet card for over 1 1/2 years and have just recently started having issues. After about 6 minutes I am disconnected from the internet. After several hours on the phone with verizon tech support, I was informed that my computer was "leaking netbios packets over my dial up connection." When I called apple the guy I spoke to told me he had never heard of such a thing. Does anyone know what this means and how I can fix it???

    I guess you're using BootCamp and WinXP ??
    In Windows, right-click on the hard drive
    Highlight TCP/IP and select properties
    Click on the Advanced button
    Go to the WINS tab and select "Disable NetBIOS over TCP/IP"
    Click OK to accept changes and close the window

  • MPLS over non-MPLS network

    A Chairde,
    I am nearly sure the answer is no, but will ask anyway.
    I want to connect two private networks over a corporate WAN , and am looking to keep the router traffic (BGP) and routing traffic under control.
    I only have control of the two lab routers, the routers in middle are controlled by IT dept. , is there anyway of setting up MPLS with this scenario ???
    Any other suggestions ......

    You could indeed run MPLS over a GRE interface.
    If you want to run MPLS VPN, then I would suggest configuring MPLS VPN over l2tpv3. See the following URL for more details:
    http://www.cisco.com/en/US/products/sw/iosswrel/ps1829/products_feature_guide09186a00802b4817.html
    Let me know if I answered your question,

  • Need an inexpensive way to eavesdrop on MPLS connection

    We have a customer that needs to feed the data flowing over an MPLS connection into a software package that audits the content. They want to be able to see if inappropriate content is flowing and if so, to be able to take action on it. Any ideas on the lowest cost way to do this would be appreciated.
    This client requirement raises issues about policies, but I'm not here to question policies, but to solve technical problems.

    You will make the traffic over the core to flow via switche i.e.---> PE-Switch-P.. and enable SPAN and mirror the traffic to a software (ethereal/wireshark) and monitor the data flowing. Those software has the capability to capture the packets with the help of Outer Label(IGP), Inner Label(VPN) and Source/Destination IP address. So you can get the label values in the PE routers and map the values in the software which will show the data flow...
    HTH....

  • Is it possible to control (screen share) my Mac Book on my PC over a LAN connection with fullscreen 1920x1080 resolution AND sound?

    I've fiddled with Team Viewer and was able to control my Mac on my PC, but it wasn't over my LAN connection (it was slow), and it was a small windowed view without the Mac's sound. I want to cotrol my Mac, with my PC over LAN and on a 1920x1080 resolution with the Mac's sound on my PC.
    (Sry for a almost report of this (https://discussions.apple.com/thread/4031259) but I forgot to ask about the sound).

    well there is a program called logmein found at logmein.com. it fixes your resolution problem, but the speed is still not the best due to a lag still. As long as internet connections are decent, the lag should be minimal

  • WIFI stopped working after I woke the computer up, now says connected to the network but not the internet, all other coputers and devices connected still with no problems, have pinged IP address from router and got the message "4 packets sent none receive

    Hi,
    WIFI stopped working after I woke the computer up, now says connected to the network but not the internet, all other coputers and devices connected still with no problems, have pinged IP address from router and got the message "4 packets sent none received"... Help
    I have tried network diagnostics which doesnt help... The only other ting is, when I woke the computer up it said tat another device was using my IP... My wife had plugged her phone into the computer to charge etc but even when i turn wifi off on the phone there is no change... also in settings on the phone the IP address is different...

    The answer to your question is - neither!
    Your PC should to configured to obtain an IP address automatically, and to obtain DNS server IP addresses automatically, from the Airport Express. This is the way Windows (and Macs for that matter) are configued by default, and that is the way most people have their computers set up. If you manually configured your PC's IP address to be the same as your wife's Mac, it certainly explains why your PC is not able to access the internet.

  • Can you carry L3VPN MPLS packets over Ethernet XConnect?

    Hi All,
    Can you carry L3VPN MPLS packets over an ethernet port-based xconnect???
    Current:
    POP_1 >> Physical Circuit <<  POP_2
    Proposed:
    POP_1 >> Provider_Router_1 << ethernet port-based xconnect >> Provider_Router_2 << POP_2
    We are cancelling our physical circuits between each POP and going with another provider who is going to carry all our traffic between the POPS using ethernet xconnects. We have a few L3VPN MPLS customers and I wasn't 100% sure if their L3VPN data would be carried over the proposed xconnects.
    Thanks.
    Andy

    Thanks guys for your reply...
    One thing that I've never fully understood is the MTU setting you need within the Service Provider's core network (and I've read quite a bit about it).
    For example we've cut across to the new xconnect circuit last night and I can get a 1500 byte L3VPN MPLS packet through the Service Provider's core from one PE to another PE via the xconnect (see below). I think this is made up of the payload (1492 bytes) + 2 x Tunnel/VC headers (8 bytes) = 1500 bytes total - so the Service Provider's core has MTU of 1500 bytes (correct me if I'm wrong on this).
    Now I don't know if this is good or bad??? What should I be looking for? How do I determine what MTU is required through the Service Provider's core???
    PE_1#ping vrf NSTEST 172.16.100.17 size 1492 df-bit
    Type escape sequence to abort.
    Sending 5, 1492-byte ICMP Echos to 172.16.100.17, timeout is 2 seconds:
    Packet sent with the DF bit set
    Success rate is 100 percent (5/5), round-trip min/avg/max = 24/25/28 ms
    PE_1#ping vrf NSTEST 172.16.100.17 size 1493 df-bit
    Type escape sequence to abort.
    Sending 5, 1493-byte ICMP Echos to 172.16.100.17, timeout is 2 seconds:
    Packet sent with the DF bit set
    Thanks.
    Andy

  • DiffServ & TE paths are required to deploy commercial VoIP over a MPLS net.

    Dear members.
    There's something I'd like to know from those that truly and successfully
    implement commercial VoIP over a MPLS infrastructure.
    Supporting IP QoS (DiffServ) across the core backbone and/or MPLS traffic-
    engineered paths is really required ?
    Consider a whole backbone built with high speed throughput connections, plenty of bandwidth availability and no periods of congestion!
    I do believe TE tunnels (paths) are necessary for quick recovery when a node
    or link fails, but rather them assuming something I haven't experienced yet
    I'd like to listen from those who really have already successfully deployed
    commercial VoIP.
    Best regards.
    Murilo Pugliese.

    With increasing adoption of voice over IP (VoIP), the landscape for deployment is rapidly changing. Service providers are often driven by the need to provide customers a high grade of service to carry voice traffic across a network. However, today's multiservice packet networks rely on IP-based packet switching. In addition, IP by itself is simply best-effort service that is not sufficient to provide the strict delay, jitter, and bandwidth guarantees required for VoIP and other real-time traffic. Cisco IOS QoS features are ideal for this situation. Using the IETF differentiated services (DiffServ) model for QoS, VoIP traffic can be treated appropriately.
    http://www.cisco.com/en/US/netsol/ns341/ns396/ns172/ns155/networking_solutions_white_paper09186a00800a8441.shtml

  • Sending vectors over an Http connection

    Hello, I want to send vectors from my midlet over a http connection to a servlet. Is it possible by using a DataOutputStream in combination with an ByteArrayOutputstream? is it possible to send a vector over an http connection from j2me to jsee?

    I guess what you're saying is that you'd like to use a ByteArrayOutputStream wrapped by a ObjectOutputStream, marshal in the java.util.Vector, get the byte array and send it via HTTP somehow, and then do the reverse on the other side.
    That will work if you need to use HTTP. Otherwise, you could setup a non-HTTP connection or use a higher level system like RMI or RMI-IIOP.
    - Everett

  • RMI Protocol over JRMP transport: connection refused

    I changed the look and feel for disco plus to Jinitiator. I then started getting error RMI Protocol over JRMP transport: connection refused to host: 192.168.1.1
    I changed the settings back to java plugin 1.4 but I'm still getting the same error on all client machines.
    I'm running windows 2003 and application server 10.1.2.0.2
    Thanks for any help,
    Brian

    Hi Brian
    When you changed to JInitiator what did you set the style to be? Also, why would you not want to use the Sun Java?
    Anyhow, try getting the users to clear their local Sun Java cache, this will release the applet causing it to reload upon next connection, and try again.
    If you want to retry JInitiator, try this:
    1. Go to Control Panel | JInitiator 1.3.1.x or whatever version you are using
    2. Navigate to the Proxies tab
    3. Uncheck Use Browser Settings
    4. Click the Apply button
    5. Close all browser windows
    6. Reconnect to Discoverer Plus
    If the above steps do not help, try editing the security details of the Options menu in the Internet Explorer using this workflow:
    1. On the client machine, launch IE
    2. From the toolbar, select Tools | Internet Options
    3. Navigate to the Security tab
    4. Click on the Trusted Sites icon
    5. Click on the Sites button
    6. Add a fully, qualified HTTP link to your server
    7. Close all browser windows
    8. Reconnect to Discoverer Plus
    Of the two solutions above, the first is most likely to fix your issue. However, I advise all my customers to set up the application server connections as being trusted sites.
    One additional thing would be to delete your cookies. Discoverer Plus loves cookies.
    Best wishes
    Michael

  • IDS, detection of encrypted packets within non-SSL traffic streams?

    All...
    Here's the scenario:
    There's a host on the internal network that has a reverse shell to the outside world, and the packets being sent back to the attacker are encrypted, over a standard web (TCP/80) port - which is allowed by Websense or URL filter of choice.
    Can a custom signature be created to alert on the detection of encrypted packets / data streams over non-encrypted transmissions? We've found other IDS/IPS systems that we're able to build custom sigs to detect and alert on these streams, but are wondering if we can do that in within Cisco IDS/IPS?
    Please be specific if possible...let's assume the organization is using the latest version of Cisco IDS software.
    Thanks in advance...

    Have you got Sig 11233 series enabled?  It does, BTW, appear to exclude "WEBPORTS."  Maybe a copy could be made to exclude only TCP 443.

  • How to control which Airport device to connect?

    Hello,
    I am using Airport Extreme as my wifi router while I have another Airport Express configured as "Extend Network" to Airport Extreme at home. With the new Airport Utility, it's so great that I can see the connectivity of Airport Extreme, the Internet and the Airport Express. Also putting the mouse over the device I can see where my iPad/iPhone/iMac connected to using wifi.
    I start to notice that my apple devices are all connected to my Airport Extreme (using wifi) and none is connected to the Airport Express even I stand next to the Express. What's the mechanism for the device to connect to, and is there any method to enforce the connection choice?
    Regards,
    Earthy

    Computers will usually connect to the AirPort with the strongest signal automatically.  iOS devices like an iPhone and iPad use a different type of operating system.
    If you want the iPhone or iPad to connect to the AirPort Express, power off the device, move it close to the AirPort Express, and then power it back up again to see if it will connect to the Express.
    There are no settings on a computer or iOS device that will tell it specifically "where" to connect.

  • Is CS6 the last version able to install on a non-Internet-connected network?

    I work on a govt network, which has no connection to the Internet, so we just purchased Photoshop CS6.  Of course, we're having all sorts of problems because the damn application requires an Internet connection before it will run.  We're working with Adobe to try to find a way around this, but it's extremely frustrating.  I'm guessing we'll eventually be able to get an installer that doesn't try to connect to the Internet.
    My question is:  Assuming we can get PS CS6 functioning, is that the last version Adobe will build that will be installable on a non-Internet-connected network?  That seems a bit short-sighted and will eventually cause the govt to remove all Adobe products from use.  I can't imagine that's a scenario Adobe would be happy with, but maybe they don't care.
    Thoughts?  Does anybody else use Adobe products on a network that has no way to connect to the Internet?  Have you found good workarounds for working with these annoying apps?

    Thanks, John.  I knew that, but have no way of registering or activating after install.  I know that an installer can be built with the Serial Number built in that doesn't require an Internet connection, but I've never been able to get that to work.  It takes half a day just to get the transfer approved to move it to the correct network, and after doing this six times, I've run out of patience.  I'm not really sure what to do at this point.  After over six hours on the phone with Adobe support, I've come to a brick wall.  Adobe products are no longer viable on government networks.  I'm surprised they've given up this large pool of users...

  • Gre tunnel over 2 mpls routers

    I have 2 sites and the voice server is in site A and Site B are the remote phones . Right now voice vlan go over the DMVPN we are facing some degraded performance and decided to move voice traffic to mpls . 
    We need to carry the multicast traffic as well which is not supported over our MPLS circuit. I have no idea why provider is not supporting multicast traffic over mpls circuit.
    So we decided to create GRE tunnels to carry multicast traffic over MPLS .We have L3 switches on both sites Site A cisco 4500 and Site B cisco 3850  . and MPLS connectivity is reachable upto L3 core switches. With 3850 we had issue to create tunnels and i have upgraded the IOS after upgrading i came to know no more tunnels are supported on 3850. So cannot have Gre tunnel between our L3 switches over the MPLS.
    My Question is can i ask the MPLS provider to setup tunnels on their routers which they are ready to help and point the static routes for voice vlan towards gre tunnels over mpls . 
    Can you advise any other solution or does this solution would work.?

    Aneesh,
    Lost of connectivity between the two PEs would indeed cause the GRE tunnel interface to go down, assuming that you configure tunnel keepalives as follow:
    int tu0
    keepalive
    Regards

Maybe you are looking for