Full internet routing in an internet MPLS VPN

Similar Messages

• Selective Route Import/Export in MPLS VPN

  Champs
  I have multiple brach locations and 3 DC locations.DC locations host my internal applications , DC's  also have central Internet breakout for the region. My requirement is to have full mesh MPLS-VPN but at same time brach location Internet access should be from nearest IDC in the region  if nearest IDC is not availalbe it should go to second nearest DC for internet.I have decided which are primary and seconday DC for Internet breakout. How can this be achieved in MPLS-VPN scenario.Logically i feel , i have to announce specific LAN subnet and default route(with different BGP attribute like AS Path)  from all 3 DCs. Spokes in the specific region should be able to import default route  from primary DC and secondary DCs only  using some route filter?
  Regards
  V

  Hello Aaron,
  the route example works for all routers except the one, where the VRF vpn2 is configured. What you can do for management purposes is either to connect through a neighbor router using packet leaking or configure another Loopback into VRF vpn2.
  The last option (and my recommendation) is to establish another separate IP connection from your NMS to the MPLS core. Once VRFs are failing (for whatever reason, f.e. erroneously deleted) you might just not get connectivity to your backbone anymore to repair what went wrong.
  So I would create an "interconnection router" with an interface in the VRF vpn2 and one interface in global IP routing table. This way you will still be able to access PEs, even if VRFs or MBGP is gone.
  Hope this helps! Please rate all posts.
  Regards, Martin

• Full internet routes in MPLS-VRF

  hi~ all
  I just have some confused , whether it's good way load full internet routes in MPLS VRF , which there's no any service routing in core network but topology routing . but there's dual upstream ISP connecting ASBR , I'm afraid if I load these two full internet routes into VRF on 7600 , is it possible ? does it take so long time for loading routes in VRF ?
  could someone give me some proposal about it or some experience about internet routes in VRF , thanks.

  Its not a good practise to load all the internet rouetes in the vrf. Do use vrf leaking. For this create a vrf of named internet which will be loaded with the default route and export that route with the rd and mport that route in your particular vrf. With this you will be having only 1 route in the vrf.
  regards
  shivlu

• Central Site Internet Connectivity for MPLS VPN User

  What are the solutions of Central site Internet connectivity for a MPLS VPN user, and what is the best practice?

  Hello,
  Since you mentioned that Internet Access should be through a central site, it is clear that all customer sites (except the central) will somehow have a default (static/dynamic) to reach the central site via the normal VPN path for unknown destinations. Any firewall that might be needed, would be placed at the central site (at least). So, the issue is how the central site accesses the Internet.
  Various methods exist to provide Internet Access to an MPLS VPN. I am not sure if any one of them is considered the best. Each method has its pros and cons, and since you have to balance various factors, those factors might conflict at some point. It is hard to get simplicity, optimal routing, maximum degree of security (no matter how you define "security"), reduced memory demands and cover any other special requirements (such as possibility for overlapping between customer addresses) from a single solution. Probably the most secure VPN is the one which is not open to the Internet. If you open it to the Internet, some holes also open inevitably.
  One method is to create a separate Internet_Access VPN and have other VPNs create an extranet with that Internet_Access VPN. This method is said to be very secure (at least in terms of backbone exposure). However, if full routing is a requirement, the increased memory demands of this solution might lead you to prefer to keep the internet routing table in the Global Routing Table (GRT). You might have full routing in the GRT of PEs and Ps or in PEs only (second is probably better).
  Some names for solutions that exist are: static default routing, dynamic default routing, separate BGP session between PE and CE (via separate interface, subinterface or tunnel), extranet with internet VRF (mentioned earlier), extranet with internet VRF + VRF-aware NAT.
  The choice will depend on the requirements of your environment. I cannot possibly describe all methods here and I do not know of a public document that does. If you need an analysis of MPLS VPN security, you may want to take a look at Michael Behringer's great book with M.Morrow "MPLS VPN Security". Another book that describes solutions is "MPLS and VPN Architectures" by Ivan Pepelnjak. There is a Networkers session on MPLS VPNs that lists solutions. There is also a relevant document in CCO:
  http://www.cisco.com/en/US/tech/tk436/tk428/technologies_configuration_example09186a00801445fb.shtml (covering static default routing option).
  Kind Regards,
  M.

• Centralize internet access in MPLS VPN

  Can i implement Centralize internet access (the Hub CE Router to performs NAT) in cisco MPLS VPN solution?
  If so, is there any example about that? i can't find it at CCO~
  Thanks a lot~

  If you run dynamic routing protocol in PE-CE,like rip2,ospf,bgp,do the following task.
  1:set a default route in HUB CE;and generate the default route under its dynamic protocol.
  2:in other CEs, make sure they can learn this route.
  If you run static route and vrf static route between CE and PE,do the following task.
  1.set default route in HUB CE, and set default route in other CEs.
  2.In all PEs,redistribute the connected and static rotues to address-family ipv4 of customer vrf.
  3.set the customer vrf default route in all PE which connected your all CEs.
  Note: make sure all PEs can reach the GW address of vrf deafult route. GW IP address is the interface of which HUB CE towards PE.
  command: "ip route vrf 0.0.0.0 0.0.0.0 global.
  TRY

• MPLS-VPN w/NAT for Internet connectivity.

  We have implemented MPLS-VPN and site-to-site connectivity seems to be working fairly well. However, we are having strange issue when trying to access the Internet. For some odd reason, we are not able to get to some sites such as ebay.com, latimes.com, nytimes.com, moviefone.com. We are running dynamic NAT and the topology looks like this:
  Laptop----CE-------PE-----NAT------BR-----Internet
  This is a simple layout of what we have currently in the lab. NAT router is not running MPLS but we are using VRF to create sub-interfaces on FE connecting PE and NAT router for each customers. I have access-list allowing 10.x.x.x/8.
  Laptop-CE - 10.0.0.8/30
  CE-PE - 10.0.0.0/30
  PE-NAT - 10.0.1.0/30
  Also, we are able to ping, trace, ftp, use remote desktop, pcanywhere. It seems to be only affecting http. We've been working on this for couple of days now and we've hit a wall. Any help will be greatly appreciated.
  JK

  I had a slightly different yet similar problem a few months ago on our mpls network with the CE devices, and turned out the DF bit had to be set to 0 to enable fragmentation _prior_ to traffic entering the core.
  Fixed it right up by setting a policy on the ethernet port.
  -Jeff

• Internet Access in MPLS VPN scenario

  Hi,
  I do have topology CE8-PE2(AS 65001)-PE1(AS 65001)-ASBR1(AS1).
  Now PE2 and PE1 both are in same AS and PE1 has ebgp with ASBR1, ASBR1 is my internet router.
  I do have vrf ce on router PE2 and have attached that vrf on PE2 interface where CE8 is connected.
  and all the config are in attachment.
  regards
  Devang

  Hi,
  Some config is missing from the BGP vrf, you have not generated the VPNV4 routes for the vrf, please add on PE2;
  router bg 65001
  address-family ipv4 vrf ce
  red connected
  red static
  can you post ;
  show ip route
  show ip bgp
  From the PE1 & PE2?
  + show ip bg vpn all from PE2 only
  Thanks,
  LR

• Trouble getting internet route table distributet in a VRF

  Hi every one ..
  I'm have some trouble getting distributed the internet routing table between PE routers ...
  CE1 og PE1 works fine, BGP routes all internet routes are shown i en route table, but distributing between PE1 and PE2 is now working .. any one having a clue !!.
  My gold is to move internet access into it's oven VRF, and away from the global routing table
  In the MPLS core aim running the same AS number as our official AS, that we use for peering to the internet..
  snap of configurations
  ***CE1***
  router bgp 65534
  neighbor 172.31.61.55 remote-as 65534
  neighbor 172.31.61.55 description PE-1
  neighbor 172.31.61.55 shutdown
  neighbor 172.31.61.55 update-source Loopback0
  neighbor 172.31.61.55 next-hop-self
  ***MPLS PE1***
  ip vrf NET-INTERNET
  rd 65534:10051
  route-target export 65534:10051
  route-target import 65534:10051
  interface Port-channel1.35
  encapsulation dot1Q 35
  ip vrf forwarding NET-INTERNET
  ip address 172.31.61.55 255.255.255.224
  mpls label protocol ldp
  tag-switching mtu 1546
  tag-switching ip
  router bgp 65534
  neighbor 192.168.0.146 remote-as 65534
  neighbor 192.168.0.146 description PE2
  neighbor 192.168.0.146 update-source Loopback0
  neighbor 192.168.0.146 version 4
  neighbor 192.168.0.146 next-hop-self
  address-family vpnv4
  neighbor 192.168.0.146 activate
  neighbor 192.168.0.146 send-community both
  exit-address-family
  address-family ipv4 vrf NET-INTERNET
  neighbor 172.31.1.2 remote-as 65534
  neighbor 172.31.1.2 activate
  neighbor 172.31.1.2 description CE1
  no auto-summary
  no synchronization
  exit-address-family
  ***MPLS PE2***
  ip vrf NET-INTERNET
  rd 65534:10051
  route-target export 65534:10051
  route-target import 65534:10051
  interface Port-channel1.67
  encapsulation dot1Q 67
  ip vrf forwarding NET-INTERNET
  ip address 172.31.254.1 255.255.255.252
  mpls label protocol ldp
  tag-switching mtu 1546
  tag-switching ip
  router bgp 65534
  neighbor 192.168.0.132 remote-as 65534
  neighbor 192.168.0.132 description PE1
  neighbor 192.168.0.132 update-source Loopback0
  neighbor 192.168.0.132 version 4
  address-family ipv4 vrf NET-INTERNET
  neighbor 172.31.254.2 remote-as 65534
  neighbor 172.31.254.2 activate
  Best regards
  /Peter

  For VPN routes to be exchanged between the two PEs, you first need to configure VPNv4 address family on each one of the PEs.
  Carrying the full Internet routing table over VPNv4 will work but it is not very scalable since all PE routers have to hold the full Internet routing table in the VRF context in addition to potentially full Internet routing table in the global routing table. If you want to exchange full Internet routing table between the two CEs, it would be preferable to use something Carrier Supporting Carrier (CSC).
  Please refer to the following URL for additional information on CSC:
  http://www.cisco.com/univercd/cc/td/doc/product/software/ios120/120newft/120limit/120s/120s23/fscscl23.htm
  Hope this helps,

• Internet routes - Global or VRF

  Hi. We are implementing an upgrade to a MPLS-VPN Core. We are doing this for a Telco Service Provider which also has Internet offering. We are deciding whether to put the full internet routes in a VRF or into the global roouting table.
  Can anyone give us the pros and cons on this dilemma?
  Initially, our design was to put the Internet in a VRF. The MPLS-VPN is intended to be a multiservice core offering eventually VOIP, VPLS , eoMPLS, etc. The core consists of GSR12406 P routers, 7606sUP720 PE, and 7200-NPEG1 PEs.
  Thanks.
  bing

  Hi, thanks for the response. I have additional questions.
  1. would there be any security issue when i have full internet routes in my global routing table while i have VPN customer ( i.e. EoMPLS, L3VPN ) in my VRFs?
  2. When i use CSC - this means that my "Internet" becomes my Customer Carrier (ISP) although this is really owned by the same company. I would have to use BGP between the PE and the CE ( Internet routers) for scalability. I need this because i need to use the PE to participate in BGP routing, since we own this anyway. This would mean that i would have Internet routes ( whether full or selective routes) in my "Internet" VRF. is this understanding correct?
  3. related to #2, if i use CSC and i have 2 Internet PoPs belonging to the same AS number which traverses a CSC, i would have to use AS-override functionality. ( e.g. if my Internet AS is 100, and my CSC AS number is 300, i would have to traverse this path: PoP#1 AS100 - AS300 - PoP#2 AS100). When i do a traceroute, i will see AS300 as part of the path. Would there be a way to hide the AS number of the CSC? - so that it will not appear in the traceroute.
  Thanks.
  Bing

• Redundant access from MPLS VPN to global routing table

  Several our customers have MPLS VPNs deployed over our infrastructure. Part of them requires access to Internet (global routing table in our case).
  As I'm not aware of any methods how to dynamicaly import/export routes between VRF/Global routing tables, at the moment there are static routes configured - one inside VRF pointing to global next hop, another one in global routing table, pointing to interface inside VRF.
  Task is to configure redundant access to Internet. By redundancy I mean using several exit points (primary and backup), what physically represents separate boxes.
  Here comes tricky part - both global static routes (on both boxes, meaning) are valid and reachable in all cases - no matter if specific prefix is reachable in VRF or not. What I'd like to achieve is that specific static route becomes valid only if specific prefix is reachable inside VRF. Yea, sounds like dynamic routing :), I know
  OK, hope U got the idea. Any solutions/recommendations ? Running all Internet routing inside VRF isn't an option, at least for now :(

  Hi Andris,
  I did not mean to have a VRF on the CE. The CE would have both PVCs in the global routing table - his ONLY routing table in fact. One PVC would be used to announce routes into the customer specific VPN (VRF configured on the PE). The other PVC would allow for internet access through the PE (global IP routing table on the PE).
  dot1q will be ok as well.
  This way the CE can be a normal BGP peer to the PE, i.e. there is no MPLS VPN involved here. This allows all options of customer-ISP connectivity.
  Example:
  PE config:
  interface Serial0/0
  encapsulation frame-relay
  interface Serial0/0.1 point-to-point
  description customer VPN access
  ip vrf customer
  ip address 10.1.1.1 255.255.255.252
  interface Serial0/0.2 point-to-point
  description customer Internet access
  ip address 192.168.1.1 255.255.255.252
  router rip
  address-family ipv4 vrf customer
  version 2
  network 10.0.0.0
  no auto-summary
  redistribute bgp 65000 metric 5
  router bgp 65000
  neighbor 192.168.1.2 remote-as 65001
  address-family ipv4 vrf customer
  redistribute rip
  CE config:
  interface Serial0/0
  encapsulation frame-relay
  interface Serial0.1 point-to-point
  description VPN access
  ip address 10.1.1.2 255.255.255.252
  interface Serial0.2 point-to-point
  description Internet access
  ip address 192.168.1.2 255.255.255.252
  router bgp 65001
  neighbor 192.168.1.1 remote-as 65000
  router rip
  version 2
  network 10.0.0.0
  no auto-summary
  Of course you can replace RIP with whatever is suitable for you. And don´t sue me when you do not apply required BGP filters for internet access... ;-)
  The other option ("mini internet") would be feasible as well. Just make sure your BGP filters are NEVER messed up and additionally apply a limit on the numbers of prefixes in your VRF mini-internet.
  Regards
  Martin

• Injecting Global default Routes into a MPLS VPN

  Hi,
  I have a PE router running MPBGP which receives two default routes to the internet through an IPV4 BGP session. I need to import these routes in to a VRF and export them to different customer VRFs so that these VRFs are able to access Internet.
  I have used the feature called "BGP Support for IP Prefix Import from Global Table into a VRF Table" (URL:http://www.cisco.com/en/US/products/sw/iosswrel/ps5207/products_feature_guide09186a00803b8db9.html#wp1063870)
  and imported these routes into a VRF.
  The issue is these routes are not propagated to any of the other PE routers which has customer VRFs configured.
  Has anybody tried this or a similar method to inject a dynamic default route into a MPLS VPN.
  Any suggestions would be highly appreciated.
  Thanks
  Subhash

  Hi Subhash,
  is there anything preventing you from terminating your internet BGP sessions in a VRF? Then everything should go smoothly, i.e. standard VRF import/export.
  So possibility A) create a VRF Internet, move bgp neighbor commands there and use filters preventing anything but the default route, then use route targets to distribute the default route into other VRFs.
  Possibility B) use static routing with packet leaking. Could look like this:
  ip route vrf Internet 0.0.0.0 0.0.0.0 global
  ip route vrf Internet 0.0.0.0 0.0.0.0 global 250
  ip route Serial0/0 !assuming this is where the customer router connects.
  Note: the BGP peer IP does not have to be directly connected! There has to be a LDP label for it though. so include your BGP peers network into your IGP and the backup will work, when you loose the link to the peer.
  Hope this helps! Please rate all posts.
  Regards, Martin

• Basic Internet Routing Configuration Help -- Cisco 2811

  Hi everyone,
  I want to start by saying that I brought a Cisco 2811 Router to use at home and to practice advanced networking with. So far, I believe I've configured everything as it should be, however, I am not getting any internet connection.
  DHCP is set up and working properly, I can lease addresses without issue.
  Both interfaces are configured, fe0/1 with a static IP, and fe0/0 as a DHCP client.
  I have connected fe0/0 directly to the Cable modem and it acquires an IP without issue. Connecting my laptop directly into fe0/1 allows my laptop to lease an IP from the router's DHCP server. So I know everything up to there is working properly. I've set up NAT as best I can with what I know, but I am still not getting the router to provide internet access. 
  The following is my Router's Configuration. Does anything seem to be missing? I used Configuration Professional to set it up.
  ------------Begin Configuration-------------
  Building configuration...
  Current configuration : 2570 bytes
  version 12.4
  no service pad
  service tcp-keepalives-in
  service tcp-keepalives-out
  service timestamps debug datetime msec localtime show-timezone
  service timestamps log datetime msec localtime show-timezone
  service password-encryption
  service sequence-numbers
  hostname Network
  boot-start-marker
  boot-end-marker
  security authentication failure rate 10 log
  security passwords min-length 6
  no logging buffered
  logging console critical
  enable secret 5 $1$4FJS$RQUEiWuTaMOAGhVx1O1Du0
  enable password 7 046F03070C291D175F40
  aaa new-model
  aaa authentication login local_auth local
  aaa session-id common
  dot11 syslog
  no ip source-route
  no ip routing
  no ip gratuitous-arps
  no ip cef
  no ip dhcp use vrf connected
  ip dhcp excluded-address 192.168.100.1
  ip dhcp pool Network
     import all
     network 192.168.100.0 255.255.255.0
     dns-server 4.2.2.2 4.2.2.1 
     lease 7
  no ip bootp server
  ip domain name Network
  ip name-server 4.2.2.2
  ip name-server 4.2.2.1
  login block-for 5 attempts 5 within 1
  multilink bundle-name authenticated
  voice-card 0
   no dspfarm
  username Admin password 7 1526035D5D7C72252B3B
  archive
   log config
    hidekeys
  interface FastEthernet0/0
   description $ETH-WAN$
   ip address dhcp client-id FastEthernet0/0
   no ip redirects
   no ip unreachables
   no ip proxy-arp
   ip nat outside
   ip virtual-reassembly
   no ip route-cache
   duplex full
   speed auto
   no mop enabled
  interface FastEthernet0/1
   ip address 192.168.100.1 255.255.255.0
   no ip redirects
   no ip unreachables
   no ip proxy-arp
   ip nat inside
   ip virtual-reassembly
   no ip route-cache
   duplex full
   speed auto
   no mop enabled
  ip forward-protocol nd
  ip http server
  no ip http secure-server
  ip nat pool Network 192.168.100.1 192.168.100.254 netmask 255.255.255.0
  ip nat inside source list 101 interface FastEthernet0/0 overload
  logging trap debugging
  logging facility local2
  access-list 100 permit udp any any eq bootpc
  access-list 101 remark INTERNET ACCESS THROUGH NAT
  access-list 101 remark CCP_ACL Category=2
  access-list 101 permit ip 192.168.100.0 0.0.0.255 any
  dialer-list 1 protocol ip permit
  snmp-server community public RO
  no cdp run
  control-plane
  banner motd ^C Welcome! ^C
  line con 0
   login authentication local_auth
   transport output telnet
  line aux 0
   exec-timeout 15 0
   login authentication local_auth
   transport output telnet
  line vty 0 4
   password 7 107D0C1A10051B1F15
   login authentication local_auth
   transport input telnet
  scheduler allocate 20000 1000
  end
  ------------------End Configuration-------------------
  Does anything seem amiss? Thank you all in advance for your help!
  John

  Hi Again,
  I sent
  dhcp pool Network
  default-router 192.168.100.1
  to the router and wrote it to config. I still didn't have internet access at first, so I followed John's tip and hooked up my machine to an old Catalyst 2849G switch I had laying around. The switch has no settings, just gets an ip from the router and does its own thing. After doing so, I do now have internet access. I'm using it to post this reply in fact.
  Here are the results of ipconfig /all on my Ethernet NIC on my machine before even having the switch:
  Ethernet adapter Local Area Connection:
     Connection-specific DNS Suffix  . : hsd1.ut.comcast.net.
     Description . . . . . . . . . . . : Intel(R) Ethernet Connection I217-LM
     Physical Address. . . . . . . . . : 54-EE-75-27-6F-06
     DHCP Enabled. . . . . . . . . . . : Yes
     Autoconfiguration Enabled . . . . : Yes
     Link-local IPv6 Address . . . . . : fe80::7cdd:83b5:e603:127e%13(Preferred)
     IPv4 Address. . . . . . . . . . . : 192.168.100.2(Preferred)
     Subnet Mask . . . . . . . . . . . : 255.255.255.0
     Lease Obtained. . . . . . . . . . : Thursday, October 02, 2014 7:57:10 AM
     Lease Expires . . . . . . . . . . : Thursday, October 09, 2014 7:57:10 AM
     Default Gateway . . . . . . . . . :
     DHCP Server . . . . . . . . . . . : 192.168.100.1
     DHCPv6 IAID . . . . . . . . . . . : 290778741
     DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-1B-B2-3D-AF-54-EE-75-27-6F-06
     DNS Servers . . . . . . . . . . . : 75.75.76.76
                                         75.75.75.75
     NetBIOS over Tcpip. . . . . . . . : Enabled
  It seems everything was working as it should, but I didn't have internet access and windows still reported it as an unknown network.
  After hooking up my Switch, Windows reported seeing 'Network' (From my router's host name, I presume?) and once I reset the modem, I had internet access. 
  This was a huge learning experience and I am glad to have help from all of you. Is there anything else I can to do optimize my configurations? Also, why didn't I have internet access when directed hooked up to FastEthernet0/1 even though my machine acquired IP's and DNS info?
  Here is another copy of the running config with today's changes:
  ---------------------Begin Configuration------------------------
  Building configuration...
  Current configuration : 2401 bytes
  version 12.4
  no service pad
  service tcp-keepalives-in
  service tcp-keepalives-out
  service timestamps debug datetime msec localtime show-timezone
  service timestamps log datetime msec localtime show-timezone
  service password-encryption
  service sequence-numbers
  hostname Network
  boot-start-marker
  boot-end-marker
  security authentication failure rate 10 log
  security passwords min-length 6
  logging buffered 4096
  logging console critical
  enable secret 5 $1$4FJS$RQUEiWuTaMOAGhVx1O1Du0
  enable password 7 046F03070C291D175F40
  aaa new-model
  aaa authentication login local_auth local
  aaa session-id common
  dot11 syslog
  no ip source-route
  no ip gratuitous-arps
  ip cef
  no ip dhcp use vrf connected
  ip dhcp excluded-address 192.168.100.1
  ip dhcp pool Network
     import all
     network 192.168.100.0 255.255.255.0
     default-router 192.168.100.1 
     lease 7
  no ip bootp server
  ip domain name Network
  login block-for 5 attempts 5 within 1
  multilink bundle-name authenticated
  voice-card 0
   no dspfarm
  username Admin password 7 1526035D5D7C72252B3B
  archive
   log config
    hidekeys
  interface FastEthernet0/0
   description $ETH-WAN$
   ip address dhcp client-id FastEthernet0/0
   no ip redirects
   no ip unreachables
   no ip proxy-arp
   ip nat outside
   ip virtual-reassembly
   duplex full
   speed auto
   no mop enabled
  interface FastEthernet0/1
   ip address 192.168.100.1 255.255.255.0
   no ip redirects
   no ip unreachables
   no ip proxy-arp
   ip nat inside
   ip virtual-reassembly
   duplex full
   speed auto
   no mop enabled
  ip forward-protocol nd
  ip route 0.0.0.0 0.0.0.0 dhcp
  ip http server
  no ip http secure-server
  ip nat pool Network 192.168.100.1 192.168.100.254 netmask 255.255.255.0
  ip nat inside source list 10 interface FastEthernet0/0 overload
  logging trap debugging
  logging facility local2
  access-list 10 permit 192.168.100.0 0.0.0.255
  access-list 100 permit udp any any eq bootpc
  dialer-list 1 protocol ip permit
  snmp-server community public RO
  no cdp run
  control-plane
  banner motd ^C Welcome! ^C
  line con 0
   login authentication local_auth
   transport output telnet
  line aux 0
   exec-timeout 15 0
   login authentication local_auth
   transport output telnet
  line vty 0 4
   password 7 107D0C1A10051B1F15
   login authentication local_auth
   transport input telnet
  scheduler allocate 20000 1000
  end
  --------------------------End Configuration-------------------------
  Let me know if there is anything else you guys need or I should do, I'll be back after classes today. Thanks again!
  -John

• Hp 2910-al as router for charter internet

  trying to use 2910-al directly connected to charter internet router...multiple vlans... vlans 1,2,3,4...vlan 4 is one port untagged connected to charter modem..vlan 3 is for wireles network.. vlan 2 is for wired network.. vlan 1 is unused.. all vlan can communicate with each other.. vlan 4 can communicate with charter modem...vlan 2 and vlan 3 cannot communicate with charter modem but can communicate with ip on vlan 4...default route for switch is charter modem ip..default gateway for all connected clients is procurve switch.. will not work..works fine with cisco(linksys) router in between the charter modem and hp switch..why would this not work without the cisco(linksys) router??? also tried putting charter modem on vlan 2 and giving it two ip addresses (one for vlan 2 wired clients and one on the same subnet as charter modem.. same result...

  Re: HP LaserJet P1102w & Mountain Lion Wireless [ Edited ] 
  Options 
  10-12-2012 02:25 AM - edited 10-18-2012 01:39 AM
  Hi JustenB84,
  The current software for your Laserjet P1102w available for this printer is actually not supporting Mountain Lion. Officially, this Laserjet can only be installed in Mountain Lion via AirPrint.
  For this you need to connect the Laserjet in ad-hoc mode to your Mac first. On the WiFi of your Mac look for the printers SSID. Hence you selected this SSID you can open the EWS (embedded web server) via the Bonjour Bookmark in Safari. This Bonjour Bookmark you can enable in the Preferences of Safari. Then open the Bonjour Bookmark and select the printer (it might be listed in a subfolder Printers or Websites). Within the EWS you can now go to Network - Wireless and make the settings for your network.
  When the Laserjet is now connected to your Network, open the System Preferences Print & Scan. Click on the Plus icon to add a printer. Select the Laserjet. Next to Use you should now find AirPrint listed. Also see this document: Installing the Printer on a Mac Running OS X 10.8 Mountain Lion (Network Connections Only)
  However, a software version for 10.7 is available on a HP.com that I also tested successfully in Mountain Lion. With this software you can also try the USB to Wireless setup via HTML Config:  HP LaserJet Full Feature Software and Driver
  (You might need to change the Security settings to "Allow applications downloaaded from: Anywhere". You can change this back after the installation was done.)

• The growth of the internet routing table + LISP

  I have been challenged with the task of putting together a 15-20 minute presentation of how I might go about solving the problem of the growth of the internet routing table.
  If I am understanding the question correctly - as the internet grows so will the number of IPv4 and (moreso) IPv6 prefixes that appear in the global internet routing table. This will mean that the PE and P routers in a Service Provider network will find themselves having to deal with more prefixes that will in turn increase the possibility of bogons interferring with proper routing and increase the load on the routers themselves.
  Besides being a very open ended question, I am trying to look at it from the perspective of a Service Provider (whom I work for) and have come up with the following options (admittedly this is only after a quick google on the topic):
  > Improvise in the short term by adjusting CAM table allocation
  > Use selective hearing by filtering prefixes that are not important
  > Use external assistance like LISP and DNS
  > Spend Money and upgrading existing routers to handle the load
  Obviously with only a 20 minute window I cannot talk about much and I would like the options to be innnovative and interesting. LISP seems like an interesting option and I would like to learn about it - however I am having trouble tracking down resources that give a basic introduction to exactly what and how LISP works (every time I try and search for it a get pushed to sites talking about the programming language ).
  So this leads me to two questions:
  1. Is there anything important, vital or interesting that I have not included in my quickly put together list above.
  2. Is anyone aware for a good site/resource that explains LISP from a beginners/tutorial-type perspective.

  I have been challenged with the task of putting together a 15-20 minute presentation of how I might go about solving the problem of the growth of the internet routing table.
  If I am understanding the question correctly - as the internet grows so will the number of IPv4 and (moreso) IPv6 prefixes that appear in the global internet routing table. This will mean that the PE and P routers in a Service Provider network will find themselves having to deal with more prefixes that will in turn increase the possibility of bogons interferring with proper routing and increase the load on the routers themselves.
  Besides being a very open ended question, I am trying to look at it from the perspective of a Service Provider (whom I work for) and have come up with the following options (admittedly this is only after a quick google on the topic):
  > Improvise in the short term by adjusting CAM table allocation
  > Use selective hearing by filtering prefixes that are not important
  > Use external assistance like LISP and DNS
  > Spend Money and upgrading existing routers to handle the load
  Obviously with only a 20 minute window I cannot talk about much and I would like the options to be innnovative and interesting. LISP seems like an interesting option and I would like to learn about it - however I am having trouble tracking down resources that give a basic introduction to exactly what and how LISP works (every time I try and search for it a get pushed to sites talking about the programming language ).
  So this leads me to two questions:
  1. Is there anything important, vital or interesting that I have not included in my quickly put together list above.
  2. Is anyone aware for a good site/resource that explains LISP from a beginners/tutorial-type perspective.

• Can I use an airport express as a range extender to a NON apple router using an internet cable (so not wireless)

  can I use an airport express as a range extender to a NON apple router using an internet cable (so not wireless)

  Yes, if the AirPort Express is set up to create a wireless network that uses the exact same wireless network name as the other router and the same wireless network password as the other router.