Dmvpn with Redundancy
I am setting up a backup dmvpn.
What is the best approach to this design whiile using eigrp
one tunnel with load balance or two tunnels while changing the metric on the SPOKES
Hi,
You can refer the below mentioned document to find a best fit solution for your redundant model.
http://www.cisco.com/c/en/us/support/docs/security-vpn/ipsec-negotiation-ike-protocols/41940-dmvpn.html
Regards
Karthik
Similar Messages
-
Problem with redundancy in CSS 11051
I have a problem with redundancy in CSS 11051. I use firewall load balancing and server load balancing. Load balancers which only load balance over 3 firewall switch from primary to master with no problems.
problem is with load balancers which load balance over firewalls and over servers two. whene the master is shutdown, backup keeps master function, all services on backup LB are alive, but it is not possible to display web page on address 10.10.7.16. Even if I try from the network 10.10.7.0/24, so before firewalls. below my config. any help appreciate.
===primary LB=====
!Generated on 10/30/2002 10:42:53
!Active version: ap0500002
configure
!*************************** GLOBAL ***************************
ip redundancy master
no console authentication
restrict ftp
app
app session 10.10.60.13
ip firewall 1 10.10.7.1 10.10.8.1 10.10.8.10
ip firewall 2 10.10.7.2 10.10.8.2 10.10.8.10
ip firewall 3 10.10.7.3 10.10.8.3 10.10.8.10
ip route 0.0.0.0 0.0.0.0 firewall 1 1
ip route 0.0.0.0 0.0.0.0 firewall 2 1
ip route 0.0.0.0 0.0.0.0 firewall 3 1
ip route 10.10.1.0 255.255.255.0 10.10.3.1 1
ip route 10.10.2.0 255.255.255.0 10.10.3.1 1
ip route 10.10.12.0 255.255.255.0 10.10.3.1 1
ip route 10.10.14.0 255.255.255.0 10.10.3.1 1
ip route 10.10.22.0 255.255.255.0 10.10.3.1 1
!************************* INTERFACE *************************
interface e1
phy 100Mbits-FD
bridge vlan 62
interface e2
phy 100Mbits-FD
bridge vlan 7
interface e3
bridge vlan 3
interface e4
phy 100Mbits-FD
bridge vlan 7
interface e5
phy 100Mbits-FD
interface e6
phy 100Mbits-FD
bridge vlan 6
interface e7
phy 100Mbits-FD
interface e8
phy 100Mbits-FD
bridge vlan 6
!************************** CIRCUIT **************************
circuit VLAN62
ip address 10.10.60.14 255.255.255.252
redundancy-protocol
circuit VLAN7
redundancy
ip address 10.10.7.10 255.255.255.0
circuit VLAN3
redundancy
ip address 10.10.3.10 255.255.255.0
no redirects
circuit VLAN6
redundancy
ip address 10.10.6.10 255.255.255.0
!************************** SERVICE **************************
service cc1
ip address 10.10.3.129
keepalive type tcp
keepalive port 443
service cc2
ip address 10.10.3.130
keepalive type tcp
keepalive port 443
active
service ssl1
ip address 10.10.6.131
keepalive port 443
keepalive type tcp
active
service ssl3
ip address 10.10.6.133
keepalive port 443
keepalive type tcp
active
service ssl4
ip address 10.10.6.141
keepalive type tcp
keepalive port 443
active
service ssl6
ip address 10.10.6.143
keepalive port 443
keepalive type tcp
active
service www1
ip address 10.10.6.101
keepalive type tcp
keepalive port 443
weight 2
active
service www3
ip address 10.10.6.103
keepalive type tcp
keepalive port 443
active
service www4
ip address 10.10.6.121
keepalive port 443
keepalive type tcp
active
service www6
ip address 10.10.6.123
keepalive type tcp
keepalive port 443
active
!*************************** OWNER ***************************
owner L5_Owner
content L5_Rule
vip address 10.10.7.6
application ssl
protocol tcp
port 443
url "/*"
add service www1
add service www3
add service www4
advanced-balance sticky-srcip
add service www6
balance weightedrr
active
content L5_Rule_CC
vip address 10.10.3.120
advanced-balance sticky-srcip
add service cc1
add service cc2
active
content L5_Rule_SSL
vip address 10.10.7.16
application ssl
protocol tcp
port 443
url "/*"
add service ssl1
add service ssl3
add service ssl4
advanced-balance sticky-srcip
add service ssl6
active
!*************************** GROUP ***************************
group CC
vip address 10.10.3.120
add destination service cc1
add destination service cc2
active
======
===backup LB=====
!Generated on 10/29/2002 20:47:30
!Active version: ap0503015
configure
!*************************** GLOBAL ***************************
ip redundancy
console authentication primary none
restrict ftp
app
app session 10.10.60.14
ip firewall 1 10.10.7.1 10.10.8.1 10.10.8.10
ip firewall 2 10.10.7.2 10.10.8.2 10.10.8.10
ip firewall 3 10.10.7.3 10.10.8.3 10.10.8.10
ip route 0.0.0.0 0.0.0.0 firewall 1 1
ip route 0.0.0.0 0.0.0.0 firewall 2 1
ip route 0.0.0.0 0.0.0.0 firewall 3 1
ip route 10.10.1.0 255.255.255.0 10.10.3.1 1
ip route 10.10.2.0 255.255.255.0 10.10.3.1 1
ip route 10.10.12.0 255.255.255.0 10.10.3.1 1
ip route 10.10.14.0 255.255.255.0 10.10.3.1 1
!************************* INTERFACE *************************
interface e1
phy 100Mbits-FD
bridge vlan 62
interface e2
phy 100Mbits-FD
bridge vlan 7
interface e3
phy 100Mbits-FD
bridge vlan 3
interface e4
phy 100Mbits-FD
bridge vlan 7
interface e5
phy 100Mbits-FD
interface e6
phy 100Mbits-FD
bridge vlan 6
interface e7
phy 100Mbits-FD
interface e8
phy 100Mbits-FD
bridge vlan 6
!************************** CIRCUIT **************************
circuit VLAN62
ip address 10.10.60.13 255.255.255.252
redundancy-protocol
circuit VLAN7
redundancy
ip address 10.10.7.10 255.255.255.0
circuit VLAN3
redundancy
ip address 10.10.3.10 255.255.255.0
no redirects
circuit VLAN6
redundancy
ip address 10.10.6.10 255.255.255.0
!************************** SERVICE **************************
service cc1
ip address 10.10.3.129
active
service cc2
ip address 10.10.3.130
active
service ssl1
ip address 10.10.6.131
keepalive port 443
keepalive type tcp
active
service ssl3
ip address 10.10.6.133
keepalive port 443
keepalive type tcp
active
service ssl4
ip address 10.10.6.141
keepalive type tcp
keepalive port 443
active
service ssl6
ip address 10.10.6.143
keepalive port 443
keepalive type tcp
active
service www1
ip address 10.10.6.101
keepalive type tcp
keepalive port 443
weight 2
active
service www3
ip address 10.10.6.103
keepalive type tcp
keepalive port 443
active
service www4
ip address 10.10.6.121
keepalive port 443
keepalive type tcp
active
service www6
ip address 10.10.6.123
keepalive type tcp
keepalive port 443
active
!*************************** OWNER ***************************
owner L5_Owner
content L5_Rule
vip address 10.10.7.6
protocol tcp
port 443
url "/*"
add service www1
add service www3
add service www4
advanced-balance sticky-srcip
add service www6
balance weightedrr
active
content L5_Rule_CC
vip address 10.10.3.120
advanced-balance sticky-srcip
add service cc1
add service cc2
active
content L5_Rule_SSL
vip address 10.10.7.16
protocol tcp
port 443
url "/*"
add service ssl1
add service ssl3
add service ssl4
advanced-balance sticky-srcip
add service ssl6
active
!*************************** GROUP ***************************
group CC
vip address 10.10.3.120
add destination service cc1
add destination service cc2
active
=======Please visit the folloiwing page where you can find many configuration examples on configuring CSS for Load Balancing.
http://www.cisco.com/en/US/products/hw/contnetw/ps789/prod_configuration_examples_list.html
Hope it helps. -
Two servers with redundant connections for Sun StorEdge 3320 SCSI arrays
Hello All,
I read in the "Sun StorEdge 3000 Family Installation, Operation and Service Manual" that it's possible to setup "two servers with redundant connections" but I never see a detailed schema to do this. I read also the "Best Pratices Guide" but this case is not mentioned. Is it really possible ?
My objective is to split a Sun StoreEdge 3320 SCSI array between two hosts with dual redundant scsi connection.
Thanks in advance for your answers.
Francois.At first this sounded easy, but looking at the parts listing for the 3320 seems to indicate otherwise. They're listing different part numbers for the chassis and midplane...
371-0105 chassis & midplane for JBOD
371-0106 chassis & midplane for RAID array
There are also different part numbers for the I/O boards....
370-7655 RAID SCSI I/O module
370-7713 JBOD SCSI I/O module
I can see what the difference is between the I/O modules, but am unsure of what differences if any are in the chassis and midplane. Seems like there's more involved here than what it would be worth to try and make it work. Perhaps the cost of a second HBA would be the lesser of two evils.......... -
Not clear with the statement ( A large double value with redundant D )
Hi,
I am not clear about the statment below. What does redundant D means.
*123.4E+306D// A large double value with redundant D*By default any floating-point literal in Java is a double, so the trailing D that specifies that explicitly is redundant.
-
Nexus 5596 reloads with redundant PS after 1 PS breaks down
Hi All,
We have a Nexus N5K-C5596UP with redundant power supply. 2 x N55-PAC-1100W.
Last week 1 of those PS broke down. When this happened the chassis reloaded. I wouldn't expect this to happen.
Does anyone have an idea of why this happened?
Our NX-OS version is n5000-uk9.5.2.1.N1.1a.
Thanks,
JorisJoris, good day.
I suppose it's your case: http://www.cisco.com/c/en/us/support/docs/field-notices/638/fn63893.html
Best regards,
Zakhar Belyakov. -
IPSec for Redundant DMVPN with VRF
Hi.
I have been labbing up a solution using DMVPN and VRF, similar to that described in the blog post here. It works very well, however when I try to extend the concept to a redundant hub, it breaks with IPSec. If I remove the tunnel protection, it works fine.
Does anyone have any ideas about providing IPSec protection to multiple DMVPN tunnels for VRFs to a redundant Hub?
Thanks.
Client config (no IPSec):
interface Tunnel10
ip vrf forwarding Staff
ip address 10.254.254.23 255.255.255.0
no ip redirects
ip mtu 1416
ip nhrp authentication MFS
ip nhrp map multicast 172.16.1.1
ip nhrp map 10.254.254.1 172.16.1.1
ip nhrp map 10.254.254.3 172.16.1.3
ip nhrp map multicast 172.16.1.3
ip nhrp network-id 10
ip nhrp holdtime 600
ip nhrp nhs 10.254.254.1
ip nhrp nhs 10.254.254.3
ip tcp adjust-mss 1360
tunnel source FastEthernet0/0
tunnel mode gre multipoint
tunnel key 10
interface Tunnel20
ip vrf forwarding Clients
ip address 10.254.253.23 255.255.255.0
no ip redirects
ip mtu 1416
ip nhrp authentication MFSC
ip nhrp map 10.254.253.1 172.16.1.1
ip nhrp map multicast 172.16.1.1
ip nhrp map multicast 172.16.1.3
ip nhrp map 10.254.253.3 172.16.1.3
ip nhrp network-id 20
ip nhrp holdtime 600
ip nhrp nhs 10.254.253.1
ip nhrp nhs 10.254.253.3
ip tcp adjust-mss 1360
tunnel source FastEthernet0/0
tunnel mode gre multipoint
tunnel key 20
Hub 1:
interface Tunnel10
ip vrf forwarding Staff
ip address 10.254.254.1 255.255.255.0
no ip redirects
ip mtu 1416
ip nhrp authentication MFS
ip nhrp map multicast dynamic
ip nhrp network-id 10
ip nhrp holdtime 360
ip tcp adjust-mss 1360
tunnel source FastEthernet0/0
tunnel mode gre multipoint
tunnel key 10
interface Tunnel20
ip vrf forwarding Clients
ip address 10.254.253.1 255.255.255.0
no ip redirects
ip mtu 1416
ip nhrp authentication MFSC
ip nhrp map multicast dynamic
ip nhrp network-id 20
ip nhrp holdtime 360
ip tcp adjust-mss 1360
tunnel source FastEthernet0/0
tunnel mode gre multipoint
tunnel key 20
Hub 2:
interface Tunnel10
ip vrf forwarding Staff
ip address 10.254.254.3 255.255.255.0
no ip redirects
ip mtu 1416
ip nhrp authentication MFS
ip nhrp map multicast dynamic
ip nhrp network-id 10
ip nhrp holdtime 360
ip nhrp server-only
ip tcp adjust-mss 1360
tunnel source FastEthernet0/0
tunnel mode gre multipoint
tunnel key 10
interface Tunnel20
ip vrf forwarding Clients
ip address 10.254.253.3 255.255.255.0
no ip redirects
ip mtu 1416
ip nhrp authentication MFSC
ip nhrp map multicast dynamic
ip nhrp network-id 20
ip nhrp holdtime 360
ip tcp adjust-mss 1360
tunnel source FastEthernet0/0 tunnel mode gre multipoint
tunnel key 20Under the Hub you have to add
HUB1
interface Tunnel10
ip nhrp map 10.254.254.1
ip nhrp map multicast < ip add of FastEthernet0/0 for HUB2>
HUB2
interface Tunnel10
ip nhrp map 10.254.254.3
ip nhrp map multicast < ip add of FastEthernet0/0 for HUB1>
The same thing for the other tunnel interfaces -
Guest web redirect with redundant ISE
Dears,
I have redundant ISE configured (primary and secondary) and integrated cisco WLC 5508.
I already configured SSID for Guest Web authentication.
With primary ISE the redirect link is working fine but when I power off the primary ISE the redirect link stop working even if I changed the Role of the secondary to primary.
Please I need your support,
Regards,Thank you for your reply,
- Yes on the same nodegroup.
- Yes resolved correctly in the DNS.
- I will recheck it but I already create an ACL for redirect.
- Yes the both ISE defined on the Radius Auth. on the WLC.
Now I will check the ACL and back to you.
Regards, -
Hi all. I hope this is the right section to post this kind of question.
Basically I need to know which switch should I buy to achieve the customer's needs.
Each floor will have 1 x 2960 with 2 10GB uplink to the core switch. The problem is I don't know which switch should I buy acting as a CORE. The customer needs at least 16 x 10G ports for each switch and the core must be redundant in some way. So the 3750 is not an option and I thought about the 4500-x with VSS but actually I'm not sure this is the best idea. Servers will be attached directly to the core switch (I know, this is not the best idea but this is what the customer want to do).
Thanks for you replies / help
RegardsDisclaimer
The Author of this posting offers the information contained within this posting without consideration and with the reader's understanding that there's no implied or expressed suitability or fitness for any purpose. Information provided is for informational purposes only and should not be construed as rendering professional advice of any kind. Usage of this posting's information is solely at reader's own risk.
Liability Disclaimer
In no event shall Author be liable for any damages whatsoever (including, without limitation, damages for loss of use, data or profit) arising out of the use or inability to use the posting's information even if Author has been advised of the possibility of such damage.
Posting
Yes, VSS with the 4500-X is one possibility, as would be the new 6880.
Or, instead of VSS, you could use a 4500, 6500 or 6807 with dual sups and dual line cards.
With VSS, your single point of failure is the IOS. With the (redundant card) chassis, your single point of failure is the chassis, itself. There's not much of a difference in MTBF.
Any of the above (or Nexus) would likely work well for you. Selection depends on your budget and feature requirements. -
Dual cloud dual hub single tier dmvpn with backup service provider
Hi,
I have a design issue with a WAN network. I have decided to use dual cloud dual hub single tier DMVPN topology (ref. to http://www.cisco.com/application/pdf/en/us/guest/netsol/ns171/c649/ccmigration_09186a008075ea98.pdf - "Dynamic Multipoint VPN (DMVPN) Design Guide"). I have tested in lab 2 hubs and 3 spokes, applying the mentioned technology. Everything is OK, when the primary hub fails, there is only 1-3 seconds loss (3 pings).
The problem is that each spoke and hub will have 2 service providers for WAN - primary and backup. I am still wondering which design is better and more stable to implement - using more DMVPN clouds (for the backup service provider network) or creating static IPSEC GRE tunnels in the backup links?
Is there a guide for this case?
What is the best practice in this case?
Thanks in advance,
MladenDynamic spoke-to-spoke requires your spoke routers to have mGRE tunnel interfaces. If you ever have a spoke which sources 2 tunnels from the same physical interface, you have a problem: how to resolve which tunnel is an incoming NHRP request for?
My DMVPN is a bit different in that the crypto is GETVPN on the physical interface. There is a crypto-map applied to the physical interface and it has 2 entries which correspond to the GETVPN crypto-groups for each tunnel.
I resolved this issue by making one of the 2 tunnels on each spoke router mGRE and the 2nd one point to point. the mGRE tunnel is preferred as primary (we use eBGP through the tunnel, so routes received through the mGRE tunnel are local-pref'd high and we AS path prepend routes advertised out the point-to-point tunnel)
I haven't gone back and tested what happens when you have a spoke which has 2 tunnels sourced from the same interface and another spoke with 2 tunnels sourced from the same interface or from 2 different physical interfaces. The concern is that you may get a situation where one router uses Tunnel 2 for dynamic spoke-to-spoke tunneling, and the other uses Tunnel1, and that the dynamic tunnel setup fails because the crypto map cannot properly decide which crypto group to use for the incoming traffic on the router where 2 tunnels use the same physical interface. -
DHCP loadsharing with redundant Guest Anchor Controllers
Hi
I have 2 x Redundant Guest Anchor Controllers (5508) located in 2 separate Data Centres with all the management and guest user VLAN spanned between two. Everything is working fine with the Guest WiFi access except the DHCP functionality as the Controllers are acting themselves as the internal DHCP Servers.
This is how I tried to distribute
network. 10.1.0.0/23
gateway: 10.1.1.254
Controller 1, DHCP Server pool: 10.1.0.2 - 10.1.0.254 Gw: 10.1.1.254
Controller 2, DHCP Server pool: 10.1.1.2 - 10.1.1.254 Gw: 10.1.1.254
As the user loadbalancing between the Anchor Controllers cannot be controlled (i.e. they are active/active), the same client sometime getting 2 different IP addresses from both the Controllers (as they do not talk to each other in terms of DHCP) hence depleting the pool addresses.
I guess one way of solving this is to just run 1 DHCP server in one of the controllers but that defeats the purpose of having N+1 Controllers. Is there a better way of doing the DHCP loadbalancing and having full redundancy at the same time?
Any suggestion will be greatly appreciated.
RegardsThanks Scott, I understand that it's quite obvious to get an external DHCP Server, unfortunately it's not an option for us The weired thing is, it seems when a client joins the guest WiFi, both the Anchor Controllers (both functioning as DHCP servers with mutually exclusive IP Address space) are providing IP addresses. While the client accepts only one the other Controller still reserves the IP address unused and hence depleting the DHCP Pool.
I thought for load balancing (in the very beginning) the Foreign controller will forward the DHCP request to only one of tthe Anchor Controllers, but in reality it's forwarding it to both. I have tested this with only one test AP, so mobility doesn't seem to be an issue here. Any thoughts? -
Metro Ethernet Design With Redundant Head Ends
We're getting ready to turn up some metro ethernet circuits that were just installed by AT&T. AT&T has provided a VLAN for each remote site (so each site has its own VLAN), and those VLANs are trunked to our head end switches (Cisco 3750 Metro Switches).
I'm struggling with the best design for IP routing. We currently use OSPF on our internal network, and I was going to extend OSPF to our metro solution as well, but I'm not so sure now.
I don't want routing to occur directly between head end #1 and head end #2, we already have redundant paths within our corporate network, and allowing our two head ends to route between each other via our metro ethernet solution is not what we want. However, running OSPF on each of the VLANs which have been provisioned for us would permit routing between the head ends.
We simply need to allow redundanny for our remote locations in the event that one head end were to fail, all of the traffic to/from the remote site would be routed through the head end which is still online.
Anyone suggestions on the best routing design for this situation would be greatly appreciated. I've attached a network diagram to make things clear. I believe I can also go back to AT&T and request one VLAN that includes all sites if that would simply things. I just need to make sure I can still do our traffic shaping because the remote sites are only 10mbps and the head ends are 1gbps.
Thanks,
-Stevejust at a glance it looks as if you should be able to have stp on and setup 1 site as primary and other as secondary
-
Spatial object with redundant geographic coordinates
Hi,
in my spatial table there are many entries with the same geographic coordinates (latitude and longitude). They are different sites with different site information. As I do a spatial query using MapViewer API method queryWithinRectangle(), the results of the sites with the same geographic coordinates can not be all retrieved or all rendered in the map. Has anybody met the same problems?
Best regardsThank you for your reply. I have used the methods you suggested all the time. I have not declared my problem clearly in the last post. I need to retrieve the geometries and render them in the map. On the other hand, I need to retrieve the non-spatial attributes and diplay them in a list. The problems I met are that the both retrieval result sets are not identical. I guess, the redundant spatial information in the database leads to this disagreement. For example, in my spatial table two different rows have the same spatial information (latitude and longitude). My question are whether somebody knows this problem and what is the solution?
-
Hi
We have a DMVPN network with about 270 spokes (831) and 2 hubs (3825). We run EIGRP in all branch of the network.
We had experience many problems so far, but one of them seems to be related with the amount of traffic that is generated when some of our hub went down for about 15 to 30 seconds. All of our spokes start blinking on EIGRP but our VPN still up. Here is some of our messages that we have on Hub side (peer goodbye receive, stuck in active, hold timer expire). Our EIGRP timer are 5/15 but we tried 60/180, but we had the same issue.
We have a fiber 5Mb on one hub and the other hub have 10Mb fiber link.
Does anyone heard someting about that ?
Thank your very much for your help.This problem may happen because of various reasons like one of the neighbors reseting the other due to routes stuck in active, some router reporting a k-value mismatch, etc. Following links may help you
http://www.cisco.com/en/US/tech/tk365/technologies_tech_note09186a00800949ab.shtml
http://www.cisco.com/en/US/tech/tk365/technologies_tech_note09186a0080093feb.shtml -
MPLS issues with redundant PE routers
Hello,
i'd like to set up an mpls lab. the layout of the gear is attached (mpls.jpg) At site A i have to PE router R4 and R6 which should have knowledge of the network 10.0.129.0/24 from site B. Router R1 is configured as a route reflector. the configuration of R1, R4, R5 and R6 are attached as well.
with the configuration
Routing Table R6
O E2 10.0.129.0 [110/1] via 172.16.128.9, 00:04:37, FastEthernet0/1.200
Routing table R4
B 10.0.129.0 [200/11] via 150.1.5.5, 00:05:00
a traceroute shows the path goes through R4 instead direkt through R1
Tracing the route to 10.0.129.1
VRF info: (vrf in name/id, vrf out name/id)
1 172.16.128.9 4 msec 0 msec 4 msec
2 172.16.128.1 [MPLS: Labels 19/29 Exp 0] 96 msec 100 msec 96 msec
3 150.1.0.2 [MPLS: Labels 19/29 Exp 0] 68 msec 64 msec 68 msec
4 172.16.129.9 [MPLS: Label 29 Exp 0] 64 msec 64 msec 64 msec
5 172.16.129.10 40 msec * 36 msec
show bgp vpnv4 unicast all 10.0.129.0 indicates an error
Rack1R6# show bgp vpnv4 unicast all 10.0.129.0
BGP routing table entry for 200:1:10.0.129.0/24, version 63
Paths: (1 available, best #1, table CENTRAL, RIB-failure(17) - next-hop mismatch)
Not advertised to any peer
Local
150.1.5.5 (metric 67) from 150.1.1.1 (150.1.1.1)
Origin incomplete, metric 11, localpref 100, valid, internal, best
Extended Community: RT:200:1 OSPF DOMAIN ID:0x0005:0x000000C80200
OSPF RT:0.0.0.0:3:0 OSPF ROUTER ID:172.16.129.242:0
Originator: 150.1.5.5, Cluster list: 150.1.1.1
mpls labels in/out nolabel/29
Rack1R4#show bgp vpnv4 unicast all 10.0.129.0
BGP routing table entry for 200:1:10.0.129.0/24, version 146
Paths: (1 available, best #1, table CENTRAL)
Not advertised to any peer
Local
150.1.5.5 (metric 67) from 150.1.1.1 (150.1.1.1)
Origin incomplete, metric 11, localpref 100, valid, internal, best
Extended Community: RT:200:1 OSPF DOMAIN ID:0x0005:0x000000C80200
OSPF RT:0.0.0.0:3:0 OSPF ROUTER ID:172.16.129.242:0
Originator: 150.1.5.5, Cluster list: 150.1.1.1
mpls labels in/out nolabel/29
any ideas what i have to do in order to have a redundant path towards site B?
thanks in advanced
AlexHi Alex,
I think you still have redundancy via R6, but BGP route on R6 is not getting installed in routing table because it is having OSPF route with lesser AD value. If R4 goes down, R6 will loose OSPF route for 10.0.129.0/24 coming from R4, install BGP route ,redistribute this to OSPF and will advertise it to SW4.
Routing Table R6
O E2 10.0.129.0 [110/1] via 172.16.128.9, 00:04:37, FastEthernet0/1.200
Rack1R6# show bgp vpnv4 unicast all 10.0.129.0
BGP routing table entry for 200:1:10.0.129.0/24, version 63
Paths: (1 available, best #1, table CENTRAL, RIB-failure(17) - next-hop mismatch)
Not advertised to any peer
Local
150.1.5.5 (metric 67) from 150.1.1.1 (150.1.1.1)
Origin incomplete, metric 11, localpref 100, valid, internal, best
Extended Community: RT:200:1 OSPF DOMAIN ID:0x0005:0x000000C80200
OSPF RT:0.0.0.0:3:0 OSPF ROUTER ID:172.16.129.242:0
Originator: 150.1.5.5, Cluster list: 150.1.1.1
mpls labels in/out nolabel/29 -
ASA Active/Active Failover with Redundant Guest Anchors
Does anyone know how an ASA and a guest anchor 5508 will interact if I setup an Active/Active failover pair with physical interface redundancy? I see from documentation that I can create a logical group in the ASA to bond physical interfaces together, but it doesn't describe what protocol is being used to manage that bundle. Do I assume etherchannel? If I were to create this scenario, can I run the 5508 in LAG mode?
The current failover configuration example is for PIX, and old code at that. I'm referencing an ASA/PIX guide ISBN:1-58705-819-7 beginning on page 531.
Regards,
ScottIn addition to what you have, you should add to each unit the global configuration command "failover".
We generally don't manually configure the MAC addresses in single context mode since the ASA ill automatically assign virtual MAC addresses and manage their moving to the newly active unit in the event of a failover event. Reference.
Maybe you are looking for
-
I see Oracle provides several instant client downloads. Is there a SQLLDR instant client, or a lite version that doesn't require the whole Oracle client for Linux (both 64 and 32 bit)?
-
Files not being saved correctly
I have a problem with what appears to be different versions of a file being mixed up on the server. A user reports that she was working on a file last night on our OS 10.4 server, after 6PM, and was having problems saving. She says the server respond
-
[Solved]Can`t create internet connection
I`ve installed arch linux on my lenovo y550, but, because I was too sleepy to think yesterday so I didn`t configure the /etc/rc.conf and /etc/resolv.conf file (I installed from CD). All in all i`ve got neither wired nor wireless connection to the int
-
Link query results to workbook
Hi folks, How can query (fixed structures) results can be linked to a pre-formatted workbook? Cant seem to find any help around it? Please advise. PS: BW Version 3.x Thanks!
-
Where is a Screen Recording in QuickTime Pro?
Where is a Screen Recording in QuickTime Pro?