Link Redundancy Mpls primary on ethernet & point to point secoundary leaseline on serial
hi i am having one link mpls with internet (primary) (e0/0)-10.1.1.1 and secound link point to point serial (s0/0) i want to do redundancy between two links
but problem is mpls link never shows down . so if mpls fails then my point to point should be up please Find Attach file.
can i get confuration according to my e.g. drawing
as per my knowledge ip sla track command is thier but i dont know exact command.
Hi,
You are right...You should use IP SLA to track the primary link (ISP side IP)....
Try these...
track 125 ip sla 10 reachability
delay down 15 up 10
ip sla 10
icmp-echo 4.2.2.2 (change this with the exact IP) source-interface Dialer1
threshold 40
If it doesn't work, just tewak some parameters..Some the methodilogy remain same..
Good Luck !!!!
Similar Messages
-
Dual RAP Mesh Network vs PTP Wireless Ethernet Bridging to provide link redundancy
Currently looking at a few options to optimize a current point-to-point wireless LAN-to-LAN connectivity shot for a wired customer site for better redundancy (hardware diversity and/or logical path diversity). Currently the customer is fed via an older solution, using two Cisco 1522 APs with Cisco Aironet 14-dBi Path Antennas (AIR-ANT5114P-N) for a 5-GHz PTP wireless ethernet bridge (under 3km), in which one 1552AP hangs off a L3/L2 Distro switch and the customer's 1522AP hangs off a 3750X switch, which has another access switch hanging off it via a fiber run of about 2km, which is exposed in parts and can't be re-run again due some limitations.The customer doesn't utilize any wireless services. Due to their location, we can't connect them to our wired distro infrastructure directly via fiber.
Looking at setting up two wireless shots (instead of just one currently used); 5-GHz point-to-point bridges using upgraded gear: Cisco 1552EU APs with Cisco Aironet 14-dBi Path Antennas (AIR-ANT5114P2M-N) or straight Exalt r5005 solution. The PTP shot will hang off two seperate distro switches for redundancy purposes, pointing toward the customer site at two seperate locations, spaced apart by approximately 1 to 1.5 km, so that they aren't at the mercy of being isolated on one side if they have another fiber cut which connects their two main access switches together. If need be, we can hang two main APs on one distro facing two APs at the customer site, since this would create some redundancy, just not the same level as above.
The below is what I'm really unsure on.
Possibly looking at setting up a mesh network using Cisco 1552E APs with 2.4 GHz Omni-directional antennas (either a 2.4/5GHz Terrawave MIMO Omnidirectional antenna or Cisco AIR-ANT2547V-N antennas, which ever is best) with two RAPs, one RAP hanging off one distro and the other RAP hanging off another distro for hardware diversity, both under the same bridge group name and both RAPs hanging off the same WLAN management SVI subnet on the distros. The customer site will have two 1552E MAPs located at two seperate sites, as pointed out above. I don't think a third AP would be needed, since they don't use wireless services. Since there would be only two RAPs, not three, would it be best two set-up this with both RAPs on the same channel to minimize convergence time should the mesh transfer from one RAP to the other RAP, as long as both RAPs are spaced apart under ???? distance to avoid interference/other issues? Looking at some documenation, it appears you can have a MESH network, as long as your MAPs and RAPs fall within a 2 mile range area, preferably closer to a 1 mile range area (for better bandwidth & reliability). This solution has been brought up as possible dual-homed solution in theory, by virtue of having two more more MESH APs fall within the range listed above, to the RAPs. From a layer 3 perspective, I'm not sure what the most optimal idea to run with in this scenario set-up would be. Possibly set-up two seperate user SVI VLANs (for their data services), one placed on each access switches these MAPs will hang off at the customer site, & using the same management SVI subnets as the RAPs for the wireless managment side (for accessing the APs). From my understanding, the user data SVI doesn't matter from the perspective of when the mesh transfers from one RAP to another, it should be transparent to them. The distro switches will just have the management SVIs placed on them for the RAPs, the user SVIs will be placed local on the access switches only. And all APs will hang off access ports set to the management VLAN ID.
In my opinion, the PTP 5-GHz, dual distro homed solution makes the most since for wired client access, but since the latter option was brought up, it has to be weighed - plus I'm curious if it can work.The Exalt r5005 works great for redundancy PTP links. You have to use the sync cable between the two co-located bridges and also set the polarization on the bridges. You can then use routing or spanning tree to decide traffic path. With mesh, you will have to make sure you set the parent or else the maps will keep switching perhaps.
-
MPLS vs Point-to-Point over Citrix Performance Difference
We run Citrix at our remote locations. We have two circuits at each location. One is a point to point for backup and the other is an MPLS circuit that is our primary. Both circuits are T-1 speeds.
We have all thin clients at our remote locations. When communication goes through the point to point circuit it utilizes much more bandwidth. Maybe 1.2 Mbps on average but when we communication through the MPLS circuit only 800 Kbps of bandwith is actually being used.
Can anyone explain this? I was thinking that maybe MPLS does a faster job of switching the packets across the WAN and that the Citrix does not need to use as much bandwidth because of this. This analyis was completed across all of our sites and in each case Citrix uses more bandwidth on a point-to-point vs an MPLS circuit. I have not had any users complain when accessing either ciruits.
What do you think is causing this?Hi,
I fully agree with Swaroop. Being an instructor teaching many MPLS classes I was frequently confronted with the opinion MPLS is "faster" as it is "switching". This is not true and I always countered this - provocantly - stating that MPLS is reducing throughput, so it is slower! What I mean writing this: given a certain topology for IP forwarding and turning on MPLS on it will increase the overhead (additional overhead by adding labels) and thus reduce end to end IP throughput. The lookup is done by the same algorithm (CEF) at wire speeds for IPv4 and labeled packets - there is no speed gain for either technology.
Do not get me wrong, this does not mean MPLS is "bad" and in fact the difference between pure IPv4 forwarding and MPLS forwarding is marginal and most likely irrelevant for any real environment. The advantages of MPLS are plenty and thus a marginal throughput difference is not the most important thing to consider.
I guess the idea of "switching is faster than routing" stems from the fact that there were times, when IPv4 forwarding ("routing") was done in CPU, thus was slow, whereas L2 forwarding ("switching") was done in hardware and thus was faster. It dates back to those days where we used AGS+ (an old router, which is EOS, EOL and most likely even EOeBay ;-) and f.e. Cat5000.
Now coming back to the observed behaviour in the original post there might be some reasons to explain it:
1) different L2 overhead as pointed out by Swaroop, especially as I would assume rather small average packetsizes.
2) Additional traffic on the P2P link not sent through the MPLS cloud - check your routing, if it is exactly the same for both links.
3) Measurement artefacts - as Swaroop pointed out. Is the load interval the same for both interfaces? I would rather use a packet analyzer than only go for a "show interface" to get precise values.
Hope this helps!
Regards, Martin -
Hi,
i want to implement DMVPN to one of our branch as a fail over link if the MPLS point to point is down.
The MPLS VPN is working fine but due to SP faults we are experiencing frequent link downs.so i want to place a dsl router at branch and configure DMVPN to our existing HUB router.
i am configuring branch router as a spoke to HUB router R3 with rip so when the MPLS which using eigrp goes down , then DMVPN link should be up depending upon AD but, my doubt is if again MPLS link gets up, will it switchover to MPLS from DMVPN.
here is the topology
Here is the configurations for HO,HUB and Branch Routers
******** HO ********
interface Tunnel102
description " Tunnel HO-Br3"
bandwidth 2048
ip address 10.10.0.10 255.255.255.252
tunnel source 172.33.1.18
tunnel destination 172.33.33.18
interface FastEthernet0/0
description "HO-LAN"
ip address 192.168.1.10 255.255.255.0
duplex auto
speed auto
interface FastEthernet0/1
description " Connection MPLS SP"
ip address 172.33.1.18 255.255.255.252
duplex full
speed 100
router eigrp 200
redistribute ospf 10 metric 512 600 100 100 1500
network 10.10.0.8 0.0.0.3
no auto-summary
router ospf 10
log-adjacency-changes
redistribute eigrp 200 subnets
redistribute bgp 65350 subnets
network 192.168.12.0 0.0.0.255 area 0
router bgp 65350
no synchronization
bgp log-neighbor-changes
bgp redistribute-internal
network 10.10.10.0 mask 255.255.255.0
neighbor 172.31.3.17 remote-as 65400
no auto-summary
******** HUB *********
(Router R3 Config)
crypto isakmp policy 10
encr 3des
authentication pre-share
group 2
lifetime 3600
crypto isakmp key welc0me address 0.0.0.0 0.0.0.0
crypto ipsec transform-set strong esp-3des
crypto ipsec profile cisco
set security-association lifetime seconds 7200
set transform-set strong
interface Tunnel10
ip address 172.20.20.1 255.255.255.0
no ip redirects
ip mtu 1400
ip nhrp authentication welc0me
ip nhrp map multicast dynamic
ip nhrp network-id 250
ip tcp adjust-mss 1360
no ip split-horizon
delay 100
tunnel source GigabitEthernet0/1
tunnel mode gre multipoint
tunnel key 100
tunnel protection ipsec profile cisco
interface GigabitEthernet0/1
ip address 74.99.128.25 255.255.255.240
ip flow ingress
ip flow egress
duplex auto
speed auto
router rip
version 2
redistribute ospf 10 metric 5
network 172.20.0.0
no auto-summary
ip route 0.0.0.0 0.0.0.0 74.99.128.17
(Fail over DMVPN with RIP )
crypto isakmp policy 1
encr 3des
authentication pre-share
group 2
lifetime 3600
crypto isakmp key welc0me address 74.99.128.25
crypto ipsec transform-set strong esp-3des
crypto ipsec profile cisco
set security-association lifetime seconds 7200
set transform-set strong
interface Tunnel10
bandwidth 1024
ip address 172.20.20.2 255.255.255.0
no ip redirects
ip mtu 1400
ip nhrp authentication
ip nhrp map multicast 74.99.128.25
ip nhrp map 172.20.20.1 74.99.128.25
ip nhrp network-id 250
ip nhrp holdtime 300
ip nhrp nhs 172.20.20.1
ip nhrp registration no-unique
ip tcp adjust-mss 1360
no ip split-horizon
delay 1000
tunnel source FastEthernet4
tunnel destination 74.99.128.25
tunnel key 100
tunnel protection ipsec profile cisco
interface vlan 1
description " HWIC-DSL Link"
ip addresss dhcp
ip virtual-reassembly in
duplex auto
speed auto
router rip
version 2
network 172.20.0.0
network 192.168.50.0
no auto-summary
ip route 74.99.128.25 255.255.255.255 192.168.1.1
interface Tunnel102
description " Tunnel BR-HO "
bandwidth 2048
ip address 10.10.0.9 255.255.255.252
tunnel source 172.33.33.18
tunnel destination 172.33.1.18
interface FastEthernet0/0
description "BR LAN"
ip address 192.168.50.5 255.255.255.0
duplex auto
speed auto
interface FastEthernet0/1
bandwidth 2048
ip address 172.33.33.18 255.255.255.252
duplex auto
speed auto
router eigrp 200
network 10.10.0.8 0.0.0.3
network 192.168.50.0
no auto-summary
router bgp 65350
no synchronization
bgp log-neighbor-changes
neighbor 172.33.33.17 remote-as 65400
no auto-summaryHi,
i am running eigrp over MPLS and i want the dmvpn as failover, so configured rip as it's AD is higher and it will be preferred only when the primary is down, but i want to make sure , it switches over to primary as soon as MPLS comes up.
if not DMVPN then canyou please suggest me anyother way to get over it... -
Ethernet wont connect point to point
running 3.17 kernel, i can establish connection between my PC and 706board via network switch, however if i connect board directly to win7 PC via ethernet port i cant ping the board at all. I setup a board IP by using ifconfig eth0 someip
is there something i need to do in config menu ?
so after look at the bootup message i see this
under petalinux guide, during bootup
Configuring network interfaces... udhcpc (v1.20.2) started
Sending discover...
xemacps e000b000.ps7-ethernet: Set clk to 124999998 Hz
xemacps e000b000.ps7-ethernet: link up (1000/FULL)
however mine show when connect point to point
Configuring network interfaces... xemacps e000b000.ethernet: eth0: no PHY setup
udhcpc (v1.22.1) started
Sending discover...
Sending discover...
Sending discover...
No lease, forking to background
any ideas?
Are you running a DHCP servier on your PC? If not you may need the network switch for discovery unless you can program the board to use a fixed IP address.
-
Why we choose mpls over point to point only because it is cheap
I need a document explaining the advantages and disadvantages of converting point to point connectivity to MPLS and the plan / suggestion to overcome the disadvantages
Hi,
Converting a network that consists of point-to-point links to run MPLS can have benefits. This is regardless of the type of links you have in the network.
One starting point could be this one:
http://en.wikipedia.org/wiki/Multiprotocol_Label_Switching
The big benefit that comes with deploying MPLS in your network is the ability to run the MPLS applications. Here are the most important ones:
-MPLS VPN - Layer 3 (with multicast)
-MPLS VPN - Layer 2 - point-to-point or point-to-multipoint
-MPLS Traffic Engineering - point-to-point or point-to-multipoint
Each of these have their benefits, while running over a one common network : an IP network with MPLS enabled.
The most important benefits are:
L3 VPN : obviously gives you seperated VPNs, with the possibility of overlapping IP subnets
extreme easy provisioning of layer 3 VPNs
L2 VPN: supports transporting most supported layer 2 protocols, even protocols with clocking information
MPLS TE: steering of traffic through the network and extremely fast traffic protection
These are just the most important ones.
All of these applications run on one common network, while before MPLS, one needed to have multiple carrying networks (e.g. one Frame-Relay network, one ATM network, one IP network) in order to provide all the same functionality.
Regards,
Luc -
Primary site server a single point of failure?
I'm installing ConfigMgr 2012 R2, and employing a redundant design as much as possible. I have 2 servers, call them CM01,CM02, in a single primary site, and on each server I have installed the following roles: Management Point, Distribution Point, Software
Update Point, as well as the installing the SMS Provider on both servers. SQL is on a 3rd box.
I am now testing failover from a client perspective by powering down CM01 and querying the current management point on the client: (get-wmiobject -namespace root\ccm -class ccm_authority).CurrentManagementPoint . The management point assigned to
the client flips to the the 2nd server, CM02, as expected. However, when I try to open the CM management console, I cannot connect to the Site, and reading SMSAdminUI log reveals this error: "Provider machine not found".
Is the Primary site server a single point of failure?
Why can't I point the console to a secondary SMS provider?
If this just isn't possible, what is the course of action to restore console access once the Primary Site server is down?
Many ThanksYes, that is a completely false statement. Using a CAS and multiple primaries in fact will introduce multiple single points of failure. The only technical Eason for a CAD a multiple primary sites is for scale out; i.e., supporting 100,000+ managed systems.
HA is achieved from a client perspective by adding multiple site systems hosting the client facing roles: MP, DP, SUP, App Catalog.
Beyond that, all other roles are non-critical to client operations and thus have no built-in HA mechanism. This includes the site server itself also.
The real question is what service that ConfigMgr provides do you need HA for?
Jason | http://blog.configmgrftw.com -
IPv6 Addressing Point to Point Links in the enterprise
For an enterprise, it doesn't seem to make sense to use Global addressing for point to point, transit-only links and loopbacks.
Link-local only addressing breaks debugging tools like traceroute, DNS, etc.
Is Unique Local the correct choice for this?
I've searched quite a bit and I've not found a lot of discussion about scope selection for point to point links. Some RFCs such as 6164 imply Global scope vs Unique Local scope usage is a preference. Most discussions of point to point addressing focus on bit length. I'm assuming this means design concerns are agnostic toward scope selection.
Is anyone aware of documentation I've missed or have any recommendations in this area?
If ULA was the correct choice, address hierarchy might look like this:
DataNetwork1 -- Router1 -- ULA.1.1 -- Link -- ULA1.2 -- Agg Router -- Core
DataNetwork2 -- Router2 -- ULA.2.1 -- Link -- ULA2.2 -- Agg Router /
DataNetwork3 -- Router3 -- ULA.3.1 -- Link -- ULA3.2 -- Agg Router /
The network core would have summarized entries for DataNetwork[1|2|3] and ULA[1|2|3]. IE, there would be a Global hierarchy and a ULA hierarchy.Scott,
Let me break this down into some categories for you.
Address selection:
I believe that best practice is to use Global Unicast Addressing everywhere (coupled with a proper security policy at your edge). ULA was a compromise for Site Local never being properly defined and whilst it can be used in the same way as GUA I don't believe it is worth it. Irrespective of what you use (GUA or ULA), subject to your security and routing policy traceroute will work from both ends (e.g. you tracing out, someone tracing in)
Address masking:
The general rule of thumb is that you allocate /64s to eveything and then mask down to the appropriate mask for the function you are expecting (P.S. Forget everything you learnt about IPv4 address conservation). If you are using /127 masks then in theory every p2p link in your network is either a 0 (::) or a 1 (::1)
e.g.
traceroute HostB:
1 2001:1234:abcd:1::1
2 2001:1234:abcd:2::1
3 2001:1234:abcd:3::1
4 2001::4:10
The only exception to this is loopbacks, you can sequentially allocate /128s from the same /64 block
NOTE: /127 support is recent and may not be supported by some vendors, in this case use /126 masking (same as you would use /30s in IPv4)
If you have a /48 ( a normal enterise allocation) or larger then this should not be an issue ( you have access to 65536 x /64s) the only reason you would consider ULA for infrastructure numbering is because you have a small IPv6 pool. I would still argue you should get more IPv6 addresses than use ULA.
I hope this helps
Cheers -
I created a pdf form and then imported it to Forms Central for distribute. It is now loaded to my website and setup so a person clicks on the link to open the form. At this point they then have to go to upper right to open form using a different view. I would like the form to open directly in Adobe Reader form to make it easier to enter information. Thanks, Ike
If you created it in Forms Central, you have to edit it there. I believe Forms Central is similar to LiveCycle Designer in that the form created is no longer able to be edited in Acrobat. I might be wrong, but that is my understanding. You add the submit button in Forms Central. Within Acrobat, you should be able to go to the forms menu and Manage Data to save the data to an Excel file. Others better with forms should be by to clarify things, but this should get you started. In the future you might find it better to post a forms question in the forms discussions.
-
Rx load 100/255 observing packet drops on a point to point link
Hi, I have point to point link, if rxload goes above 40%, packets are getting dropped on a link. checked with ISP for mux issue but there is no problem from isp side. please suggest
Please post the configs and sh int output.
-
Create a point to point link with a wlc 4402
Hi to all,
i have a wlc 4402 and i need to configure a point to point link with two air-lap1310g-e-k9, i have found on cisco.com this link:
http://www.cisco.com/en/US/products/ps6366/products_configuration_example09186a00808e9c1b.shtml#zero
but on the wlc configuration page i cannot found some configuration step.
Someone have configured this type of behaviour or can give me some hints?!
How can i configure on the wlc the parameter about the bridges configuration?! Or i must configure the bridges overriding the global configuration?!
Thanks and best regards,
Carlo Sagratella.The correct thing to do would be to downgrade the 1310's to autonomous (or 1242's) and set up a root bridge and non-root bridge.
Alternately however, if you REALLY wanted one of the points to be LWAPP, in theory you could always make one of the Access Points Autonomous and join it as a workgroup bridge to the LWAPP AP. However, there really is no reason to do that since it would be cleaner to convert both to autonomous. -
I need a document explaining the advantages and disadvantages of converting point to point connectivity to
MPLS and the plan / suggestion to overcome the disadvantagesHi,
The answer depends on your requirements.
QoS (here: queueing) is a per interface feature and the encapsulation does not change much. The methods will also be the same (LLQ/CBWFQ).
A MPLS VPN solution offers some advantages, when connectivity between many sites is required AND many customers with overlapping IP addresses are present.
It allows a SP to setup a shared backbone resulting in lower costs per customer.
Depending on your requirements either solution could be best for your network.
Regards, Martin -
Bandwidth mismatch in Point-to-Point link
In point-to-point serial link connection, if the bandwidth setting on both sides are not the same, will the connection status is up and running? What will the bandwidth be? The lower one?
As I indicated earlier, the bandwidth configured at the interface level is only used for IGP metrics etc. If set to be different at either end, it will not affect the physical state of the interface. It will stay up.
However, it's better to make them the same.
PAresh -
I 'm using Labview to simulate a Point to Point radio link I would like to
save myself the effort of creating PSK and QAM modulators since i'm already
very busy in modeling the fading channel
Has anyone already done this and, if so, would they be willing to share
their files?
Thanks
HorackzPOOR (121% retries) Time Strength(dBm) SNR SNR Retries
msec In Out In Out In Out
Sent : 100, Avg 30 - 78 - 88 11 4 Tot: 103 140
Lost to Tgt: 0, Max 993 - 78 - 85 12 138 Max: 20 27
Lost to Src: 0, Min 2 - 80 -254 10 3 -
Design Help with MPLS/BGP and Point to Point VPNs using OSPF as backup
I need some advice on the configuration I want to implement. Basically we have a MPLS cloud using BGP. We are using OSPF for internal routing. Everything is working fine. Now we want to add a Point to Point VPN using new Cisco ASA's for a backup path at all of our remote locations. We want it to be on standby. I want to use OSPF for this. Miami and LA are datacenters. I want the VPN's to go into both datacenters if possible running OSPF for backups. I have a feeling this will be very tricky. I also wanted to use floating routes. Now I know I get the VPN's up and running using OSPF with no problem. Here are my questions:
But being that I am using different areas, will OSPF through the VPN work correctly? I have the Cisco PDF on setting this up but it looks like they are using the same, AREA0, in the example.
Can I get both VPN's to work with no problems? Or will it be too much of a pain?
What would you guys suggest?
Thanks.We are implementing the same solution, and was only able to make this work using HSRP one router for the MPLS connection and one for the VPN tunnel. I opened a TAC case and the tech couldn't get it to work either. I was able to establish the Lan-2-lan tunnel but triggering the route update was the problem. We ended up pulling our ASA5505's out and putting in 1841 routers.
Maybe you are looking for
-
How can I attach a PDF file on an iWeb created page?
How can I attach a PDF file on an iWeb created page so that person can click the link and open the file. I have a website for my Labradors and would like something that will link from the dogs web page to their pedigree. TIA.
-
Display Large Float w/o Scientific Notation
I have a series of dollar amounts (from an SQL cursor) that I am summing up using a java.lang.Float. The values total correctly, but when I display the value it is displayed using Scientific Notation (4.19150150185925 E12). I need to write my total v
-
WPA with 802.1x authentication
Hi experts, I need clarification in a fundamental concept. Is it possible to configure WPA with 802.1x authentication without external AAA / ACS server. If the username and password is configured in local device, is it possible to create 802.1x authe
-
Hi there, How does my client development PC get access to WebLogic server weblogic.jar in order to compile application for weblogic? My weblogic server is in a Sun Solaris box while the development client is in a Windows PC across the network. Many t
-
Hey Lost my itunes on my laptop when my hard drive crashed. They were able to to save a couple of songs and my cloud music. I purchased new music before on my new disc. Can I upload my ipod and save what little is on my hard drive and will I do any b