Load Balancing 2 routers

Similar Messages

• Load balancing between two routers

  I have two routers connected through the LAN connection. The first one is using as routing protocol EIGRP, the other one is part of the managed service and I do not have access to it. I would like to make a load balancing between the two of them by redistributing the static routes in EIGRP. When I tried this, I am loosing the EIGRP entry for this route in the routing table. I would like to have both of them , so we could have traffic sharing. I appreciate if you give me any hints.

  Raju,
  you have two choices as far as I can see. If you want to use static routing over the WAN to your branch, you could duplicate your static routes to the branch and point them to the secondary router. You will have two identical sets of static routes in the primary router, one set pointing to the WAN interface and the other one pointing to the secondary router.
  ip route x.x.x.x "WAN-interface"
  ip route x.x.x.x "secondary router"
  ip route y.y.y.y "WAN-interface"
  ip route y.y.y.y "secondary router"
  etc.
  As a result the primary router will have two routes to the branch and will load-balance. If one next-hop fails (either the WAN interface or the secondary router), only the other will be used. If the next-hop comes back up, load-balancing will resume.
  The other choice would be to use EIGRP over the WAN, and make sure the two routers become EIGRP neighbors. Then you can use the "variance" command to achieve unequal cost load-balancing between the two routers. Let me know if you need more information about this, but i think static routes will be sufficient in your situation.
  HTH, Thomas

• Load balancing over two separate outside routers and two separate WAN Links

  Hi everybody,
  I have one 2851 setup with two separate ISP links and have it configured for failover with BGP.  It works great but doesn't load balance.
  Well now I have to new routers (3925's) to replace the single 2851 and I want to configure them to load balance over separate WAN links.
  Can someone help figure out the best approach to make this happen?  I would really appreciate it.
  Thank you,
  Thomas Reiling

  Disclaimer
  The Author of this posting offers the information contained within this posting without consideration and with the reader's understanding that there's no implied or expressed suitability or fitness for any purpose. Information provided is for informational purposes only and should not be construed as rendering professional advice of any kind. Usage of this posting's information is solely at reader's own risk.
  Liability Disclaimer
  In no event shall Author be liable for any damages whatsoever (including, without limitation, damages for loss of use, data or profit) arising out of the use or inability to use the posting's information even if Author has been advised of the possibility of such damage.
  Posting
  The "best approach", IMO, would be to use PfR (if your routers support it).

• Two 2911 routers and 3560 switches (load balancing and redundancy)

  Good day, Sir !
  I have a model with hierarchical model. Two routers 2911 and two core switches 3560, two providers.
  I want to design redundancy scheme. Can you advice me how is better to do it ? here you can find image with topology, can you say is it good idea to connect with devices in this way ?
  Hope on you help ! Thank you !!!

  Hi,
  If you want to configure redundancy in your network on LAN you can use HSRP and from the WAN side depending on the connection with the provider you can either use BGP or any IGP.
  If you want to have load balancing as well with redundancy you can define differnt  HSRP group for different  vlan and on the wan with BGP you can use multipath option or with IGP you can manipulate the route matric.
  Thanks & Regards
  Sandeep

• Load balance on routers LAN and WAN

  Hi ;
  I have a setup where i need to implement load balance on 2 routers in both sides ,LAN and WAN , and there is ASA in the LAN side , my question is that when do load blance in LAN side using GLBP how the 2 ASA's will act on this because they will have only 1 default gateway IP address .
  Thanks

  Not Harbi
  Not entirely sure i understand the question but i'll try to answer based on a few assumptions.
  It sounds like you have a pair of ASA devices on the LAN side. Assuming they are in active / failover then they will appear as one IP address to the routers - a VRRP address. When the ASA arps out for the default gateway address they will get one of the virtual mac addresses back from the AVG.
  They will send traffic to that mac address ie. they won't load balance.
  The load balancing aspect comes in when another host on the LAN then arps out for the default gateway and the AVG assigns it a different virtual mac address tied to a different router. But as the ASA pair always appear as one host entity they will always be tied to one of the routers at any one time.
  Hope this covers what you were asking
  Jon

• Load balance between DLSw and CIP routers

  Take a look on this environment:
  - 4 routers receiving all DLSw peers and circuits
  - 4 routers with CIP boards connected to 2 mainframes
  All CIP routers are configured with same MAC address. All routers (DLSw and CIP) are connected on a Ethernet LAN switching, so this traffic are pure LLC2.
  How I can balance the traffic between DLSw and CIP routers ?
  Thank's in advance.

  I am not sure if I totally understand the topology. Let me rephrase it. Please correct me if I misunderstand the topology. In a data centre, there are 4 DLSw routers terminating DLSw peer connections from the remote sites. In the same data centre, there are 4 CIP routers which connects to 2 mainframes. CSNA is configured on all CIP router, which uses the same MAC. You configure transparent bridging on the DLSw routers, which connect to the same ethernet switches as the CIP routers. You configure SR/TLB on the CIP routers; so that all LLC2 circuits coming from the DLSw routers connect through the ethernet interfaces of the CIP routers.
  Do you want the LLC2 circuits from a DLSw router load balance across 4 CIP routers? As duplicate MAC address is not allowed, there is no way to connect all 4 DLSw routers and CIP 4 routers on the same VLAN.
  I can think of a couple of workarounds.
  1. Enable SNASw on the 4 DLSw routers. Create a VDLC port on all 4 DLSw routers. The MAC address of the VDLC interface is the same. The VDLC MAC address is pointed by the remote SNA stations. Each DLSw router uses one of the CIP routers as DLUS.
  2. If this is the case, create 4 VLANs on the ethernet switches. Connect a pair of DLSw router and CIP router to each VLAN.

• Dual ISP load balancing with 2 routers and 2 FW without using BGP

  Hi all,
  Based on the attachment diagram, is the design viable?
  Do anyone has a similar deployment before and can you share with me the config guide to this because I'm at lost on a few configs:
  1. On core switch A and B, I understood we need to have a default route pointing to the firewall interface. For this case, I have different IPs for the same context on both the firewalls.
  So, how should the config be?
  CoreSW_A(config)#ip route 0.0.0.0 0.0.0.0 192.168.1.110
  CoreSW_A(config)#ip route 0.0.0.0 0.0.0.0 192.168.1.111
  I don't think the above will work as the core switch will load balance the traffic to both firewalls even if one of the context is on standby mode?
  2. The area from the firewall to the internet would all be public IP. Thus, if i put a switch in between the firewall and the router, then i would waste some public IP addresses but if i remove the switch, I would not have enough ports on the ASA firewall. What is the best recommended solution for this?
  3. How do I load balance traffic to both R1 and R2 to their respective ISPs without using BGP? I may be using only a 2811 router.
  Thanks alot!!.. really much looking forward for some guidance and tips on this as I havent found any guides on this deployment yet.. mostly are LAN HA.

  For policy based routing, I would need to create route maps on the core switch itself right?
  Correct me if I'm wrong, if i use route-maps, i would be assigning e.g. internal network A to go through firewall context A and internal network B to go through firewall context B.
  Context A will only have path to Router A and context B will only have path to Router B. But if router B goes down, network B won't be able to access the Internet, right?
  I'm not sure whether it's a PI or PA for this as the ISP will assign us a block of IP address, for example 202.111.1.8/29 (these IPs can be used for webservers, etc). There will also be a public IP of /30 on the serial interface to connect to their router.
  Thanks alot..

• Load balancing weirdness using NAT and same-metric route

  Hi.
  I'm trying to set up a double-WAN load-balancing scenario:
  I decided to attempt the "multiple same-metric routes with NAT" approach so I went for the example used in the IOS NAT Load-Balancing for Two ISP Connections Configuration Guide [1].
  I decided to use an upside-down Cisco 871-SEC/K9: use Vlan1 and Vlan2 for the routers and Fa4 for the LAN. I am hoping this is not an issue.
  There is this weirdness with some connections, particularly FTP. I pinpointed the problem to the following scenario: if I do a couple of pings to 100.1.1.1 using the FastEthernet4 as the source address, this is what I get in the logs:
  === PING 1 ECHO REQUEST ===
  *Mar 3 04:38:43.521: IP: tableid=0, s=192.168.60.4 (FastEthernet4), d=100.1.1.1 (Vlan1), routed via RIB
  *Mar 3 04:38:43.521: NAT: s=192.168.60.4->10.129.124.2, d=100.1.1.1 [14152]
  *Mar 3 04:38:43.521: IP: s=10.129.124.2 (FastEthernet4), d=100.1.1.1 (Vlan1), g=10.129.124.1, len 60, forward
  *Mar 3 04:38:43.521: ICMP type=8, code=0
  === PING 1 ECHO REPLY ===
  *Mar 3 04:38:45.589: NAT*: s=100.1.1.1, d=10.129.124.2->192.168.60.4 [19824]
  *Mar 3 04:38:45.589: IP: tableid=0, s=100.1.1.1 (Vlan1), d=192.168.60.4 (FastEthernet4), routed via RIB
  *Mar 3 04:38:45.589: IP: s=100.1.1.1 (Vlan1), d=192.168.60.4 (FastEthernet4), g=192.168.60.4, len 60, forward
  *Mar 3 04:38:45.589: ICMP type=0, code=0
  === (something else) ===
  *Mar 3 04:38:52.353: RT: SET_LAST_RDB for 0.0.0.0/0
  OLD rdb: via 10.129.124.33, Vlan2
  NEW rdb: via 10.129.124.1, Vlan1
  === PING 2 ECHO REQUEST ===
  *Mar 3 04:38:52.353: IP: tableid=0, s=192.168.60.4 (FastEthernet4), d=100.1.1.1 (Vlan2), routed via RIB
  *Mar 3 04:38:52.353: NAT: s=192.168.60.4->10.129.124.2, d=100.1.1.1 [14159]
  *Mar 3 04:38:52.353: IP: s=10.129.124.2 (FastEthernet4), d=100.1.1.1 (Vlan2), g=10.129.124.33, len 60, forward
  *Mar 3 04:38:52.353: ICMP type=8, code=0
  === PING 2 ECHO REPLY ===
  *Mar 3 04:38:53.029: NAT*: s=100.1.1.1, d=10.129.124.2->192.168.60.4 [19825]
  *Mar 3 04:38:53.029: IP: tableid=0, s=100.1.1.1 (Vlan1), d=192.168.60.4 (FastEthernet4), routed via RIB
  *Mar 3 04:38:53.033: IP: s=100.1.1.1 (Vlan1), d=192.168.60.4 (FastEthernet4), g=192.168.60.4, len 60, forward
  *Mar 3 04:38:53.033: ICMP type=0, code=0
  In the section "Ping 2 Echo Request" line 2 shows the NAT translating the packet to the address for the first provider but line 3 shows it routing it through the second one.
  In this case, the ICMP packet goes through but it is problematic if the ISP restricts the service by source-address (like RPF) or there is some acceleration mechanism inside the provider cloud, other than just plain routing.
  What am I missing? Here is the relevant part of the configuration. I deliberately disabled CEF to be able to debug the messages, but I *think* this may be altering the actual router behavior. This router does not have a "debug ip cef packet" command.
  no ip cef
  ip dhcp pool lan-side
  import all
  network 192.168.60.0 255.255.255.0
  default-router 192.168.60.1
  domain-name doublewan.local
  dns-server 8.8.8.8 8.8.4.4
  lease infinite
  ip domain name doublewan
  interface FastEthernet0
  !doesn't appear on running-config: vlan 1 is the default access vlan
  !switchport access vlan 1
  interface FastEthernet1
  switchport access vlan 2
  interface FastEthernet2
  shutdown
  interface FastEthernet3
  shutdown
  interface FastEthernet4
  ip address 192.168.60.1 255.255.255.0
  ip nat inside
  ip virtual-reassembly
  no ip route-cache
  duplex auto
  speed auto
  interface Vlan1
  ip address 10.129.124.2 255.255.255.224
  ip nat outside
  ip virtual-reassembly
  no ip route-cache
  interface Vlan2
  ip address 10.129.124.35 255.255.255.224
  ip nat outside
  ip virtual-reassembly
  no ip route-cache
  ip route 0.0.0.0 0.0.0.0 Vlan1 10.129.124.1
  ip route 0.0.0.0 0.0.0.0 Vlan2 10.129.124.33
  ip nat inside source route-map nat1 interface Vlan1 overload
  ip nat inside source route-map nat2 interface Vlan2 overload
  ip access-list standard acl4-nexthop-vlan1
  permit 10.129.124.1
  ip access-list standard acl4-nexthop-vlan2
  permit 10.129.124.33
  route-map nat2 permit 10
  match ip address 102
  match ip next-hop acl4-nexthop-vlan2
  match interface Vlan2
  route-map nat1 permit 10
  match ip address 101
  match ip next-hop acl4-nexthop-vlan1
  match interface Vlan1
  control-plane
  Of course, there is some configuration pending for redundancy and stuff.
  Thanks a lot in advance.
  [1] http://www.cisco.com/c/en/us/support/docs/ip/network-address-translation-nat/100658-ios-nat-load-balancing-2isp.html

  Hello.
  This might be a bug in debug command or the IOS (without ip cef) you use; as routing is done before NAT (inside to outside).
  To make sure it works fine with ip cef, just enable strict uRPF (or just ACL) on .1 and .33 interfaces and see if you see any packet sent over wrong interface.
  PS: please check "sh ip cef 100.1.1.1"; I guess ip cef would tell you "per-destination sharing".

• Load Balancing on 837 router

  HI Prof,
  I've two cisco 837 router with cisco IOS 12.3 currently. I would like to configure load balancing on both the router, have tried to configure GLBP but it show me that the hardware not supported.
  Is there any other protocol or technology to achieve my desire?
  Thank and Advice.

  What are your requirements. Do you have multiple segments to support? Are you only looking for load-balancing or do you have a high availibility requirement?
  In that case you can use multiple HSRP groups for instance.
  Do both 837 routers have a separate xDSL connection?
  Are you using NAT to translate between private and public address pools?
  There is more than one solution to achieve load-balancing. Please answer the above questions and if possible draw a simple diagram of your desired topology.
  HTH
  Leon

• RE: (forte-users) Call to the load-balanced SO not throughrouter

  We never call an SO from within an SO. Instead we do the following :
  MySO is mapped to MySOclass.
  MySOclass is a facade which has an attribute for every Policy Manager
  related to this SO.
  Each Policy manager is instanciated in MySOclass.
  Each Policy manager has an attribute called Parent.
  Parent is defined by MySOclass to be self.
  If two Policy managers need to work together we invoke methods via the
  parent attribute :
  Example
  I have a partition for Enrolments.
  It has three Policy Managers within it
  a Students Policy Manager (with a Add, Delete, Get methods)
  a Courses Policy Manager (with a Add, Delete, Get methods).
  an Enrolments Policy Manager (with a Add, Delete, Get methods).
  To enable this partition we have defined :
  EnrolmentsSO (environment visible, message duration) with the EnrolmentsMgr
  class as its related class.
  The EnrolmentsMgr class has the following methods and attributes :
  Methods :
  AddStudent
  AddCourse
  AddEnrolment
  GetStudent
  GetCourse
  GetEnrolment
  DeleteStudent
  DeleteCourse
  DeleteEnrolment
  All of these methods do a one line return statement, simply passing the
  method invocation to
  the appropriate Policy Manager. For example AddStudent would say
  Return theStudentPM.AddStudent(pInStudentParams : pInStudentParams)
  : pOutStudentParams
  In the Init method for the EnrolmentsMgr we instanciate the following
  attributes :
  theStudentPM (which is typed to the StudentPM class)
  theCoursePM (which is typed to the CoursePM class)
  theEnrolmentsPM (which is typed to the EnrolmentsPM class)
  Also in the Init method we set an attribute (called parent) on each
  PM to the value of Self.
  Then when one PM needs to invoke a method on another PM we simply do :
  For example in the theEnrolmentPM.GetEnrolment method we need to get
  Students and Courses
  thus we code :
  Parent.GetStudent(pInStudentParams = pInStudentParams) : pOutStudentParams
  Parent.GetCourse((pInCourseParams = pOutStudentParams.CourseStuff) :
  pOutCourseParams
  Build Enrol details based on student / course stuff.
  Return EnrolmentParams.
  Hope this makes sense.
  Regards,
  Chris Will, Dept. of Educ. Training, ITB, Sydney, Australia
  -----Original Message-----
  From: Peter Sham [mailto:[email protected]]
  Sent: Friday, 8 October 1999 9:35
  To: [email protected]; [email protected]
  Subject: Re: (forte-users) Replicating the PersistenceMgrSO
  Hi,
  Whenever you make a call to your load-balanced SO, it
  would go through the router. That is what I
  understand. No matter you make the call from inside
  or outside the SO.
  Secondly, you can turn on the "fail-over" option of a
  router but not load-balanced it. On these routers,
  you can check their instruments to see which one is
  really running.
  Hope this help.
  Regards,
  Peter Sham.

  We never call an SO from within an SO. Instead we do the following :
  MySO is mapped to MySOclass.
  MySOclass is a facade which has an attribute for every Policy Manager
  related to this SO.
  Each Policy manager is instanciated in MySOclass.
  Each Policy manager has an attribute called Parent.
  Parent is defined by MySOclass to be self.
  If two Policy managers need to work together we invoke methods via the
  parent attribute :
  Example
  I have a partition for Enrolments.
  It has three Policy Managers within it
  a Students Policy Manager (with a Add, Delete, Get methods)
  a Courses Policy Manager (with a Add, Delete, Get methods).
  an Enrolments Policy Manager (with a Add, Delete, Get methods).
  To enable this partition we have defined :
  EnrolmentsSO (environment visible, message duration) with the EnrolmentsMgr
  class as its related class.
  The EnrolmentsMgr class has the following methods and attributes :
  Methods :
  AddStudent
  AddCourse
  AddEnrolment
  GetStudent
  GetCourse
  GetEnrolment
  DeleteStudent
  DeleteCourse
  DeleteEnrolment
  All of these methods do a one line return statement, simply passing the
  method invocation to
  the appropriate Policy Manager. For example AddStudent would say
  Return theStudentPM.AddStudent(pInStudentParams : pInStudentParams)
  : pOutStudentParams
  In the Init method for the EnrolmentsMgr we instanciate the following
  attributes :
  theStudentPM (which is typed to the StudentPM class)
  theCoursePM (which is typed to the CoursePM class)
  theEnrolmentsPM (which is typed to the EnrolmentsPM class)
  Also in the Init method we set an attribute (called parent) on each
  PM to the value of Self.
  Then when one PM needs to invoke a method on another PM we simply do :
  For example in the theEnrolmentPM.GetEnrolment method we need to get
  Students and Courses
  thus we code :
  Parent.GetStudent(pInStudentParams = pInStudentParams) : pOutStudentParams
  Parent.GetCourse((pInCourseParams = pOutStudentParams.CourseStuff) :
  pOutCourseParams
  Build Enrol details based on student / course stuff.
  Return EnrolmentParams.
  Hope this makes sense.
  Regards,
  Chris Will, Dept. of Educ. Training, ITB, Sydney, Australia
  -----Original Message-----
  From: Peter Sham [mailto:[email protected]]
  Sent: Friday, 8 October 1999 9:35
  To: [email protected]; [email protected]
  Subject: Re: (forte-users) Replicating the PersistenceMgrSO
  Hi,
  Whenever you make a call to your load-balanced SO, it
  would go through the router. That is what I
  understand. No matter you make the call from inside
  or outside the SO.
  Secondly, you can turn on the "fail-over" option of a
  router but not load-balanced it. On these routers,
  you can check their instruments to see which one is
  really running.
  Hope this help.
  Regards,
  Peter Sham.

• Forcing traffic through load balancer rather than zone to zone

  I have several T5140s with 2 LDOMs. Within each LDOM I have multiple zones which contain 2 environments. Each environment comprises the following, an apache instance behind a BigIP load balancer, a JBoss instance, and several misc. The jboss zone has three IP address assigned for multiple applications. Each server is configured identically as far as zone and LDOM layout. We use mod_cluster to cluster our apache and Jboss environment. What I'm trying to accomplish is forcing the apache zone's traffic through the BigIP rather than zone to zone.
  Referring to the information below, server2ldom1jboss is one jboss node which needs to connect to both server2ldom1japache and server1ldom1apache. server2ldom1jboss connects to server2ldom1apache via its DNS name which is a NAT address. So webserver2 resolves to 10.10.2.5 which NATs to 10.10.1.5 behind the BigIP. webserver2 responds directly to the jboss zone rather than through the BigIP. Not good. server1ldom1apache works correctly as it's not a local zone.
  Referring to this document, https://blogs.oracle.com/solarium/resource/solaris-container-guide-en-v3.1.pdf
  section 5.2.7.8
  "Connection of zones via external routers using the shared IP instance"
  I've created the following routes
  route add 10.10.2.5 10.10.1.5
  route add 10.10.0.34 10.10.1.5 -interface -reject
  route add 10.10.0.35 10.10.1.5 -interface -reject
  route add 10.10.0.87 10.10.1.5 -interface -reject
  route add 10.10.1.5 10.10.0.87 -interface -reject
  route add 10.10.1.5 10.10.0.34 -interface -reject
  route add 10.10.1.5 10.10.0.35 -interface -reject
  This does prevent the zone to zone traffic, but it also preventing any response. I've tried other options as well, but have not been successful yet. What concerns me is this "These interfaces must not be used elsewhere in the global zone." The 5140 has 4 ethernet ports, which are configured into two port channels. vnet0 and vnet1. The apache instances use vnet1. The remaining zones use vnet0, including the global zone (server2ldom1 10.10.0.21). I think this may be the issue, but do not see an easy resolution without breaking my port channels and losing redundancy and fail-over.
  If there is anything I'm missing or a better/different way to do this, I would greatly appreciate any input on this matter.
  Thank you.
  webserver2 10.10.2.5 NATs to 10.10.1.5
  jboss apps 10.10.0.34, 10.10.0.35, 10.10.0.87
  10.10.0.0/24 is the lan
  10.10.1.0/24 is the network behind the BigIP
  10.10.2.0/24 is the webserver network (in front of the BigIP)
  [1658]root@server2:~# ldm list-bindings
  NAME STATE FLAGS CONS VCPU MEMORY UTIL UPTIME
  primary active -n-cv- SP 4 2G 1.1% 138d 5h
  MAC
  00:14:4f:ec:20:ff
  HOSTID
  0x84ec20b8
  VCPU
  VID PID UTIL STRAND
  0 0 2.0% 100%
  1 1 1.4% 100%
  2 2 0.7% 100%
  3 3 2.1% 100%
  MAU
  ID CPUSET
  0 (0, 1, 2, 3, 4, 5, 6, 7)
  MEMORY
  RA PA SIZE
  0x8000000 0x8000000 2G
  VARIABLES
  boot-device=/pci@0/pci@0/pci@2/scsi@0/disk@0,0:a disk net
  keyboard-layout=US-English
  nvramrc=devalias rootdisk /pci@0/pci@0/pci@2/scsi@0/disk@0,0:a devalias rootmirror /pci@0/pci@0/pci@2/scsi@0/disk@1,0:a
  security-mode=none
  security-password=
  use-nvramrc?=true
  IO
  DEVICE PSEUDONYM OPTIONS
  pci@0 pci
  niu@80 niu
  VCC
  NAME PORT-RANGE
  primary-vcc0 5000-5010
  CLIENT PORT
  group1@primary-vcc0 5000
  group1@primary-vcc0 5000
  VSW
  NAME MAC NET-DEV DEVICE DEFAULT-VLAN-ID PVID VID MODE
  primary-vsw0 00:14:4f:f9:ff:ff aggr1 switch@0 1 1
  PEER MAC PVID VID
  vnet0@ldom2 00:14:4f:fb:7b:ff 1
  vnet0@ldom1 00:14:4f:fb:1a:ff 1
  NAME MAC NET-DEV DEVICE DEFAULT-VLAN-ID PVID VID MODE
  primary-vsw1 00:14:4f:fb:8e:ff aggr2 switch@1 1 1
  PEER MAC PVID VID
  vnet1@ldom1 00:14:4f:f8:17:ff 1
  vnet1@ldom2 00:14:4f:f8:c2:ff 1
  VDS
  NAME VOLUME OPTIONS MPGROUP DEVICE
  primary-vds0 ldom2_swap /ldoms/swap/server2ldom2
  ldom2_root /dev/dsk/c4t600601601CE1210018F9E37BD2AADD11d0s2
  ldom1_swap /ldoms/swap/server2ldom1
  ldom1_root /dev/dsk/c4t600601601CE121007E02166CD2AADD11d0s2
  CLIENT VOLUME
  ldom2_swap@ldom2 ldom2_swap
  ldom2_root@ldom2 ldom2_root
  ldom1_swap@ldom1 ldom1_swap
  ldom1_root@ldom1 ldom1_root
  VCONS
  NAME SERVICE PORT
  SP
  NAME STATE FLAGS CONS VCPU MEMORY UTIL UPTIME
  ldom1 active -n---- 5000 30 15G 3.7% 192d 6h
  MAC
  00:14:4f:f8:a5:ff
  HOSTID
  0x84f8a5f5
  VCPU
  VID PID UTIL STRAND
  0 4 0.4% 100%
  1 5 0.3% 100%
  2 6 0.1% 100%
  3 7 4.4% 100%
  4 8 0.2% 100%
  5 9 0.2% 100%
  6 10 14% 100%
  7 11 0.1% 100%
  8 12 8.1% 100%
  9 13 0.1% 100%
  10 14 0.1% 100%
  11 15 0.1% 100%
  12 16 0.3% 100%
  13 17 0.1% 100%
  14 18 0.1% 100%
  15 19 0.1% 100%
  16 20 0.3% 100%
  17 21 0.6% 100%
  18 22 0.3% 100%
  19 23 0.1% 100%
  20 54 1.0% 100%
  21 55 0.5% 100%
  22 56 1.2% 100%
  23 57 0.2% 100%
  24 58 4.5% 100%
  25 59 0.9% 100%
  26 60 0.0% 100%
  27 61 0.1% 100%
  28 62 0.1% 100%
  29 63 0.3% 100%
  MAU
  ID CPUSET
  1 (8, 9, 10, 11, 12, 13, 14, 15)
  2 (16, 17, 18, 19, 20, 21, 22, 23)
  6 (48, 49, 50, 51, 52, 53, 54, 55)
  7 (56, 57, 58, 59, 60, 61, 62, 63)
  MEMORY
  RA PA SIZE
  0x8000000 0x88000000 10G
  0x401800000 0x6b1800000 5G
  VARIABLES
  auto-boot?=true
  boot-device=ldom1_root:b
  NETWORK
  NAME SERVICE DEVICE MAC MODE PVID VID
  vnet0 primary-vsw0@primary network@0 00:14:4f:fb:1a:ff 1
  PEER MAC MODE PVID VID
  primary-vsw0@primary 00:14:4f:f9:ff:ff 1
  vnet0@ldom2 00:14:4f:fb:7b:ff 1
  NAME SERVICE DEVICE MAC MODE PVID VID
  vnet1 primary-vsw1@primary network@1 00:14:4f:f8:17:ff 1
  PEER MAC MODE PVID VID
  primary-vsw1@primary 00:14:4f:fb:8e:ff 1
  vnet1@ldom2 00:14:4f:f8:c2:ff 1
  DISK
  NAME VOLUME TOUT DEVICE SERVER MPGROUP
  ldom1_swap ldom1_swap@primary-vds0 disk@0 primary
  ldom1_root ldom1_root@primary-vds0 disk@1 primary
  VCONS
  NAME SERVICE PORT
  group1 primary-vcc0@primary 5000
  NAME STATE FLAGS CONS VCPU MEMORY UTIL UPTIME
  ldom2 active -n---- 5000 30 15000M 0.8% 192d 6h
  MAC
  00:14:4f:fa:e8:ff
  HOSTID
  0x84fae839
  VCPU
  VID PID UTIL STRAND
  0 24 1.0% 100%
  1 25 1.0% 100%
  2 26 0.0% 100%
  3 27 0.0% 100%
  4 28 0.1% 100%
  5 29 0.3% 100%
  6 30 0.0% 100%
  7 31 0.0% 100%
  8 32 0.0% 100%
  9 33 0.1% 100%
  10 34 1.3% 100%
  11 35 0.0% 100%
  12 36 0.1% 100%
  13 37 1.0% 100%
  14 38 1.9% 100%
  15 39 0.0% 100%
  16 40 0.0% 100%
  17 41 0.0% 100%
  18 42 0.1% 100%
  19 43 0.5% 100%
  20 44 0.2% 100%
  21 45 0.0% 100%
  22 46 0.2% 100%
  23 47 0.4% 100%
  24 48 0.2% 100%
  25 49 0.0% 100%
  26 50 0.0% 100%
  27 51 0.0% 100%
  28 52 0.0% 100%
  29 53 0.0% 100%
  MAU
  ID CPUSET
  3 (24, 25, 26, 27, 28, 29, 30, 31)
  4 (32, 33, 34, 35, 36, 37, 38, 39)
  5 (40, 41, 42, 43, 44, 45, 46, 47)
  MEMORY
  RA PA SIZE
  0x8000000 0x308000000 15000M
  VARIABLES
  auto-boot?=true
  boot-device=/virtual-devices@100/channel-devices@200/disk@1:b ldom2_root
  keyboard-layout=US-English
  NETWORK
  NAME SERVICE DEVICE MAC MODE PVID VID
  vnet0 primary-vsw0@primary network@0 00:14:4f:fb:7b:ff 1
  PEER MAC MODE PVID VID
  primary-vsw0@primary 00:14:4f:f9:ff:ff 1
  vnet0@ldom1 00:14:4f:fb:1a:ff 1
  NAME SERVICE DEVICE MAC MODE PVID VID
  vnet1 primary-vsw1@primary network@1 00:14:4f:f8:c2:ff 1
  PEER MAC MODE PVID VID
  primary-vsw1@primary 00:14:4f:fb:8e:ff 1
  vnet1@ldom1 00:14:4f:f8:17:ff 1
  DISK
  NAME VOLUME TOUT DEVICE SERVER MPGROUP
  ldom2_swap ldom2_swap@primary-vds0 disk@0 primary
  ldom2_root ldom2_root@primary-vds0 disk@1 primary
  VCONS
  NAME SERVICE PORT
  group1 primary-vcc0@primary 5000
  [1657]root@server2ldom1:~# ifconfig -a
  lo0: flags=2001000849<UP,LOOPBACK,RUNNING,MULTICAST,IPv4,VIRTUAL> mtu 8232 index 1
  inet 127.0.0.1 netmask ff000000
  lo0:1: flags=2001000849<UP,LOOPBACK,RUNNING,MULTICAST,IPv4,VIRTUAL> mtu 8232 index 1
  zone server2ldom1z3
  inet 127.0.0.1 netmask ff000000
  lo0:2: flags=2001000849<UP,LOOPBACK,RUNNING,MULTICAST,IPv4,VIRTUAL> mtu 8232 index 1
  zone server2ldom1z2
  inet 127.0.0.1 netmask ff000000
  lo0:3: flags=2001000849<UP,LOOPBACK,RUNNING,MULTICAST,IPv4,VIRTUAL> mtu 8232 index 1
  zone server2ldom1z6
  inet 127.0.0.1 netmask ff000000
  lo0:4: flags=2001000849<UP,LOOPBACK,RUNNING,MULTICAST,IPv4,VIRTUAL> mtu 8232 index 1
  zone server2ldom1jboss
  inet 127.0.0.1 netmask ff000000
  lo0:5: flags=2001000849<UP,LOOPBACK,RUNNING,MULTICAST,IPv4,VIRTUAL> mtu 8232 index 1
  zone server2ldom1apache
  inet 127.0.0.1 netmask ff000000
  lo0:6: flags=2001000849<UP,LOOPBACK,RUNNING,MULTICAST,IPv4,VIRTUAL> mtu 8232 index 1
  zone server2ldom1z1
  inet 127.0.0.1 netmask ff000000
  vnet0: flags=1000843<UP,BROADCAST,RUNNING,MULTICAST,IPv4> mtu 1500 index 2
  inet 10.10.0.21 netmask ffffff00 broadcast 10.10.0.255
  ether 0:14:4f:fb:1a:ff
  vnet0:1: flags=1000843<UP,BROADCAST,RUNNING,MULTICAST,IPv4> mtu 1500 index 2
  zone server2ldom1z2
  inet 10.10.0.33 netmask ffffff00 broadcast 10.10.0.255
  vnet0:2: flags=1000843<UP,BROADCAST,RUNNING,MULTICAST,IPv4> mtu 1500 index 2
  zone server2ldom1z6
  inet 10.10.0.36 netmask ffffff00 broadcast 10.10.0.255
  vnet0:3: flags=1000843<UP,BROADCAST,RUNNING,MULTICAST,IPv4> mtu 1500 index 2
  zone server2ldom1jboss
  inet 10.10.0.34 netmask ffffff00 broadcast 10.10.0.255
  vnet0:4: flags=1000843<UP,BROADCAST,RUNNING,MULTICAST,IPv4> mtu 1500 index 2
  zone server2ldom1jboss
  inet 10.10.0.35 netmask ffffff00 broadcast 10.10.0.255
  vnet0:5: flags=1000843<UP,BROADCAST,RUNNING,MULTICAST,IPv4> mtu 1500 index 2
  zone server2ldom1z1
  inet 10.10.0.32 netmask ffffff00 broadcast 10.10.0.255
  vnet0:6: flags=1000843<UP,BROADCAST,RUNNING,MULTICAST,IPv4> mtu 1500 index 2
  zone server2ldom1z1
  inet 10.10.0.74 netmask ffffff00 broadcast 10.10.0.255
  vnet0:7: flags=1000843<UP,BROADCAST,RUNNING,MULTICAST,IPv4> mtu 1500 index 2
  zone server2ldom1jboss
  inet 10.10.0.87 netmask ffffff00 broadcast 10.10.0.255
  vnet1: flags=1000842<BROADCAST,RUNNING,MULTICAST,IPv4> mtu 1500 index 3
  inet 0.0.0.0 netmask 0
  ether 0:14:4f:f8:17:ff
  vnet1:1: flags=1000843<UP,BROADCAST,RUNNING,MULTICAST,IPv4> mtu 1500 index 3
  zone server2ldom1z3
  inet 10.10.1.101 netmask fffffc00 broadcast 10.10.47.255
  vnet1:2: flags=1000843<UP,BROADCAST,RUNNING,MULTICAST,IPv4> mtu 1500 index 3
  zone server2ldom1apache
  inet 10.10.1.5 netmask fffffc00 broadcast 10.10.47.255
  [1701]root@server2ldom1:~# zonecfg -z server2ldom1jboss info
  zonename: server2ldom1jboss
  zonepath: /zones/server2ldom1jboss
  brand: native
  autoboot: true
  bootargs:
  pool:
  limitpriv:
  scheduling-class:
  ip-type: shared
  inherit-pkg-dir:
  dir: /lib
  inherit-pkg-dir:
  dir: /platform
  inherit-pkg-dir:
  dir: /sbin
  inherit-pkg-dir:
  dir: /usr
  inherit-pkg-dir:
  dir: /opt/sfw
  inherit-pkg-dir:
  dir: /opt/
  net:
  address: 10.10.0.34
  physical: vnet0
  defrouter: 10.10.0.1
  net:
  address: 10.10.0.35
  physical: vnet0
  defrouter: 10.10.0.1
  net:
  address: 10.10.0.87
  physical: vnet0
  defrouter: 10.10.0.1
  attr:
  name: comment
  type: string
  value: server2ldom1jboss
  [1702]root@server2ldom1:~# zonecfg -z server2ldom1apache info
  zonename: server2ldom1apache
  zonepath: /zones/server2ldom1apache
  brand: native
  autoboot: true
  bootargs:
  pool:
  limitpriv:
  scheduling-class:
  ip-type: shared
  inherit-pkg-dir:
  dir: /lib
  inherit-pkg-dir:
  dir: /platform
  inherit-pkg-dir:
  dir: /sbin
  inherit-pkg-dir:
  dir: /usr
  inherit-pkg-dir:
  dir: /opt/sfw
  inherit-pkg-dir:
  dir: /opt/
  net:
  address: 10.10.1.5/22
  physical: vnet1
  defrouter not specified
  attr:
  name: comment
  type: string
  value: server2ldom1apache
  Edited by: coreyva on Feb 18, 2012 11:36 AM

  After further research, I think the best course of action will be to create a VLAN for the zone behind the BigIP and then create the corresponding interface in the vlan and zone. Using this links as my references in case anyone is interested. I'll post what I come up with.
  https://blogs.oracle.com/stw/entry/using_ip_instances_with_vlans
  https://blogs.oracle.com/stw/entry/solaris_zones_and_networking_common
  http://docs.oracle.com/cd/E19253-01/816-4554/816-4554.pdf # AdministeringVirtualLocalAreaNetworks
  http://docs.oracle.com/cd/E19053-01/ldoms.mgr11/820-4913-10/820-4913-10.pdf # Assign VLANs to a Virtual Switch and Virtual
  Network Device

• Ask the Expert: Configuration and Troubleshooting the Cisco Application Control Engine (ACE) load balancer

  With Ajay Kumar and Telmo Pereira 
  Welcome to the Cisco Support Community Ask the Expert conversation. This is an opportunity to learn and ask questions about configuration and troubleshooting the Cisco Application Control Engine (ACE) load balancer with Cisco expert Ajay Kumar and Telmo Pereira. The Cisco ACE Application Control Engine Module for Cisco Catalyst 6500 Series Switches and Cisco 7600 Series Routers is a next-generation load-balancing and application-delivery solution. A member of the Cisco family of Data Center 3.0 solutions, the module: Helps ensure business continuity by increasing application availability Improves business productivity by accelerating application and server performance Reduces data center power, space, and cooling needs through a virtualized architecture Helps lower operational costs associated with application provisioning and scaling
  Ajay Kumar  is a customer support engineer in the Cisco Technical Assistance Center in Brussels, covering content delivery network technologies including Cisco Application Control Engine, Cisco Wide Area Application Services, Cisco Content Switching Module, Cisco Content Services Switches, and others. He has been with Cisco for more than four years, working with major customers to help resolve their issues related to content products. He holds DCASI and VCP certifications. 
  Telmo Pereira is a customer support engineer in the Cisco Technical Assistance Center in Brussels, where he covers all Cisco content delivery network technologies including Cisco Application Control Engine (ACE), Cisco Wide Area Application Services (WAAS), and Digital Media Suite. He has worked with multiple customers around the globe, helping them solve interesting and often highly complex issues. Pereira has worked in the networking field for more than 7 years. He holds a computer science degree as well as multiple certifications including CCNP, DCASI, DCUCI, and VCP
  Remember to use the rating system to let Ajay know if you have received an adequate response.
  Ajay and Telmo might not be able to answer each question due to the volume expected during this event. Remember that you can continue the conversation on the Data Center sub-community discussion forum Application Networking shortly after the event.
  This event lasts through July 26, 2013. Visit this forum often to view responses to your questions and the questions of other community members.

  Hello Krzysztof,
  Another set of good/interesting questions posted. Thanks! 
  I will try to clarify your doubts.
  In the output below both resources (proxy-connections and ssl-connections rate) are configured with a min percentage of resources (column Min), while 'Max' is set to equal to the min.
  ACE/Context# show resource usage
                                                       Allocation
          Resource         Current       Peak        Min        Max       Denied
  -- outputs omitted for brevity --
    proxy-connections             0      16358      16358      16358      17872
    ssl-connections rate          0        626        626        626      23204
  Most columns are self explanatory, 'Current' is current usage, 'Peak' is the maximum value reached, and the most important counter to monitor 'Denied' represents the amount of packets denied/dropped due to exceeding the configured limits.
  On the resources themselves, Proxy-connections is simply the amount of proxied connections, in other words all connections handled at layer 7 (SSL connections are proxied, as are any connections with layer 7 load balance policies, or inspection).
  So in this particular case for the proxy-connections we see that Peak is equal to the Max allocated, and as we have denies we can conclude that you have surpassed the limits for this resource. We see there were 17872 connections dropped due to that.
  ssl-connections rate should be read in the same manner, however all values for this resource are in bytes/s, except for Denied counter, that is simply the amount of packets that were dropped due to exceeding this resource. 
  For your particular tests you have allocated a min percentage and set max equal to min, this way you make sure that this context will not use any other additional resources.
  If you had set the max to unlimited during resource allocation, ACE would be allowed to use additional resources on top of those guaranteed, if those resources were available.
  This might sound a great idea, but resource planning on ACE should be done carefully to avoid any sort of oversubscription, specially if you have business critical contexts.
  We have a good reference for ACE resource planning that contains also description of all resources (this will help to understand the output better):
  http://www.cisco.com/en/US/docs/interfaces_modules/services_modules/ace/v3.00_A2/configuration/virtualization/guide/config.html#wp1008224
  1) When a resource is utilized to its maximum limit, the ACE denies additional requests made by any context for that resource. In other words, the action is to Drop. ACE  should in theory silently drop (No RST is sent back to the client). So unless we changed something on the code, this is what you should see.
  To give more context, seeing resets with SSL connections is not necessarily synonym of drops. As it is usual to see them during normal transactions.
  For instance Microsoft servers are usually ungracefully terminating SSL connections with RESET. Also when there is renegotiation during an SSL transaction you may see RESETS, but this will pass unnoticed for end users. 
  2)  ACE will simply drop/ignore new connections when we reach the maximum amount of proxied connections for that context. Exisiting connections will continue there.
  As ACE doesn't respond back, client would simply retransmit, and if he is lucky maybe in the next attempt he will be able to establish the connection.
  To overcome the denies, you will definitely have to increase the resource allocation. This of course, assuming you are not reaching any physical limit of the box.
  As mentioned setting max as unlimited might work for you, assuming there are a lot of unused resources on the box.
  3)  If a new connection comes in with a sticky value, that matches the sticky entry of a real server, which is already in MAXCONNS state, then both the ACE module/appliance should reject the connection and that sticky entry would be removed.
  The client would at that point reestablish a new connection and ACE would associate a new sticky entry with the flow for a new RSERVER after the loadbalancing decision.
  I hope this makes things clearer! Uff...
  Regards,
  Telmo

• 2 ISP load balancing and redundancy

  Hello!!
  Our small company has about 40 branches spreaded within city. Branches are connected by optic wire supplied by our ISP. So in ISP our branches are located in one VLAN. From every branch we created VPN tunnel to our server room in central office. Central office is like a cetner point. If optic wire fails to central office, there would no VPN tunnels and no network to all branches. Moreover, all the traffice goes through central office.
  Now we decided to pave one more optic line to our central office. And that will increase bandwidth and redundancy.
  Private network topology: There are no default gateways and ip-addresses. For examle, at first branch I will plug computer directly into media converter and at the second branch plug another computer to the media converter. After that this two computers became in one network. And can assign any ip addresses to them.
  What I have: our firewall do enough work, don't want to overload it. But we have some free ports in our new cisco 3750. The question is how to do load balancing and redundanccy? Can it do load balancing according to traffic? And how load balance incoming traffic? For example, connection was established from branche's router, how this router will choose through which line make connection? By the way, at all branches we use noisy cisco
  3700 series routers.

  Sorry for upping 1 year old threat.
  We talked to our Network Provider. They said "these two cables are coming from two different places, so there is no way to use etherchannel. You must use active-standby solution."
  Relying on STP we just put two cables into 3750 stack. But with default STP settings, connection was very unstable, many packet losses and disconnections. So we found easy solution with "flex links", making one interface backup of the other. And only now I recognized that this is not a failover solution. Because, if network beyond media converter will down, link from media converter to switch would still up.
  What could I do to make our L2 WAN redundant? Are there any additional STP settings.

• SA520 load balancing for multiple IPSec connections

  Hello,
  I just would like to ask whether the following is possible or what other people think might be the best way to go.
  Let me describe the current setup:
  Our company has a main office which is connected to the internet through an SA520W appliance, and two satellite offices which have other IPSec routers installed. The SA520W is currently only connected through the main WAN interface to a DSL line (DSL 16000). The tunnels are established and it all works quite well.
  However, we have experienced lags and slow connections when someone transfers a larger file from the main office to the outside (either satellite office or, say, some FTP server on the internet). This is of course due to the limited upload capacity of the DSL line. Therefore, I am thinking about getting another DSL line for use as the optional WAN port of the SA520W.
  My question is: Is it possible to establish two IPSec tunnels from a satellite office to the main office, one to the main WAN port and one to the optional WAN port of the SA520W? The two main hurdles I see with that is that a) the SA520W can only bind IPSec to one port and b) the network mask of each IPSec phase 2 needs to identify the subnet uniquely. Am I correct with the assumption that this cannot be done?
  If so, the only way I can see right now is to bind all IPsec traffic to the optional port and have at least main office <-> internet traffic separated from all IPSec traffic. Or has anyone a better solution to this?
  Thanks in advance,
  Roland

  I honestly don't recall any issues with the load balancing. I've personally never seen an issue, opened a case for one or observed a problem in my lab using multiple T1 lines...
  That's not to say there could be a problem. But as far as I know this aspect of the router is solid.
  The only thing I strongly dislike about most modern DSL deployments, the ISP like to give out "residential" or "business" gateways. These things just make life terrible since it is a router/nat device.
  -Tom
  Please rate helpful posts

• Load Balancing Rip version 2

  I have a lab scenario, that is confusing me greatly. I can get per packet load-balancing working when I ping from R2 to interfaces in the 192.168.1.0/30. However, when I'm pinging from R3 , I can't packet load-balance to interfaces in 192.168.4.0/30. I also can't packet load-balance from R1 pinging to interfaces in 192.168.4.4/30. Am I doing something wrong? Thanks...
  I have three routers: R1, R2, R3.
  R1: Eth0 192.168.1.1/30 connected to R3 eth0
  R1: Ser0 192.168.4.1/30 connect to R2 Ser0
  R2: Ser0 192.168.4.2/30 connect to R1 Ser0
  R2: Ser1 192.168.4.5/30 connect to R3 Ser0
  R3: Eth0 192.168.1.2/30 connect to R1 eth0
  R3: Ser0 192.168.4.6/30 connect to R2 Ser1
  All of the routers run:
  2500 Software (C2500-I-L), Version 12.2(29a), RELEASE SOFTWARE (fc1)
  Configs for R1, R2, R3 are attached as a plain text file and listed below:
  R1 config:
  version 12.2
  service timestamps debug uptime
  service timestamps log uptime
  service password-encryption
  service udp-small-servers
  service tcp-small-servers
  hostname R1
  ip subnet-zero
  ip host R1 192.168.1.1
  ip host R2 192.168.4.2
  ip host R3 192.168.1.2
  interface Ethernet0
  ip address 192.168.1.1 255.255.255.252
  no ip route-cache
  no ip mroute-cache
  interface Serial0
  ip address 192.168.4.1 255.255.255.252
  no ip route-cache
  no ip mroute-cache
  interface Serial1
  no ip address
  no ip mroute-cache
  shutdown
  interface Serial2
  no ip address
  no ip mroute-cache
  shutdown
  interface Serial3
  no ip address
  no ip mroute-cache
  shutdown
  interface BRI0
  no ip address
  encapsulation hdlc
  no ip mroute-cache
  shutdown
  router rip
  version 2
  network 192.168.1.0
  network 192.168.4.0
  ip classless
  no ip http server
  line con 0
  line aux 0
  line vty 0 4
  end
  R2 config:
  version 12.2
  no service pad
  service timestamps debug uptime
  service timestamps log uptime
  service password-encryption
  hostname R2
  ip subnet-zero
  ip host R1 192.168.1.1
  ip host R2 192.168.4.2
  ip host R3 192.168.1.2
  interface Ethernet0
  shutdown
  interface Serial0
  ip address 192.168.4.2 255.255.255.252
  no ip route-cache
  no ip mroute-cache
  clockrate 56000
  interface Serial1
  ip address 192.168.4.5 255.255.255.252
  no ip route-cache
  no ip mroute-cache
  clockrate 56000
  interface Serial2
  no ip address
  shutdown
  interface Serial3
  no ip address
  shutdown
  interface Serial4
  no ip address
  shutdown
  interface Serial5
  no ip address
  shutdown
  interface Serial6
  no ip address
  shutdown
  interface Serial7
  no ip address
  shutdown
  interface Serial8
  no ip address
  shutdown
  interface Serial9
  no ip address
  shutdown
  interface BRI0
  no ip address
  encapsulation hdlc
  shutdown
  router rip
  version 2
  network 192.168.4.0
  ip classless
  no ip http server
  line con 0
  line aux 0
  line vty 0 4
  end
  R3 config:
  version 12.2
  service timestamps debug uptime
  service timestamps log uptime
  service password-encryption
  hostname R3
  ip subnet-zero
  ip host R2 192.168.4.2
  ip host R1 192.168.1.1
  ip host R3 192.168.1.2
  interface Ethernet0
  ip address 192.168.1.2 255.255.255.252
  no ip route-cache
  no ip mroute-cache
  interface Serial0
  ip address 192.168.4.6 255.255.255.252
  no ip route-cache
  no ip mroute-cache
  interface Serial1
  no ip address
  no ip mroute-cache
  shutdown
  interface BRI0
  no ip address
  encapsulation hdlc
  no ip mroute-cache
  shutdown
  router rip
  version 2
  network 192.168.1.0
  network 192.168.4.0
  ip classless
  no ip http server
  line con 0
  line aux 0
  line vty 0 4
  end

  I figured it out. When I configur "no auto-summary" on each router it behaves nicely with per packet load balancing. I guess I needed to get rid of the summarized routes listing /24 for my VLSMed 4.0 4.4 /30 networks.
  Thanks