Monitoring flap in MPLS cloud
Hi,
I'm having 2 MPLS links over 2 different service provider. BGP is configured. Sometimes we get disconnection for few mins in 2 or 3 days, it's not consistent. The logs did not show any flapping on the interface. What can i do now to help the situation? Or even gather some prove that the flap is within the MPLS cloud?
Thanks,
Steven
Hi,
what do you mean by disconnected? does that simply mean no connectivity, but still all routing info in place?
Then it sounds like a MPLS LSP problem in the provider backbone. MPLS VPN packets can only be delivered when a LSP exists. Routing packets however can be delivered through IP in the provider backbone without LSP. This is because VPN routing information is transported by BGP from PE to PE (loopbacks).
So a failed LSP disrupts your data plane (IP packets sent) but not the control plane (BGP).
Unfortunately for you, there is no way to detect that from a CE control plane perspective. So even the typical backup scenarios fail here like floating static, dialer watch and the like.
Hope this helps
Martin
Similar Messages
-
Hi. I have an MPLS cloud on which i want to provide basic Internet connectivity for customers in the cloud. This will not be for VPN services, simply http, ftp etc (possibly some inbound NAT for webservers). I have a 7200VXR for the job. My plan is to set this up as an effective PE in the cloud and use 'NAT VRF AWARE' features to NAT networks in each VRF to Single public IP (currently this is 1 per VRF from a large pool). I cant see a reason for this not working but i wanted to get advice on this. I am also unsure as to how the public facing interface will be seen by the customer VRF since it will not be statically labeled with any VRF.
Any thoughts on this?
Thanks in advance.Hi Swaroop, I'm trying to follow your advice regarding the global default. I have 2 vrf's I'll be using called CUST1 and CUST2. Traffic will come into the e2/0.1 sub interface and should then be NATed to 210.10.10.17 (global interface not VRF). If i use static translations inside they work fine. Dynamic however translations do not seem to work. I have really tried to follow Cisco's documentation, but I'm not having much luck. Do you notice anything incorrect with the following.
interface Ethernet2/0.1
description "CUST1 Interface"
encapsulation dot1Q 10
ip vrf forwarding CUST1
ip address 172.16.1.10 255.255.255.252
ip nat inside
ip virtual-reassembly
interface FastEthernet0/0
description "OUTSIDE INT"
ip address 210.10.10.17 255.255.255.0
ip nat outside
ip virtual-reassembly
duplex full
ip nat pool CUST1_POOL 210.10.10.17 210.10.10.17 netmask 255.255.255.0
ip nat inside source list 1 pool CUST1_POOL vrf CUST1 overload
access-list 1 permit 172.16.0.0 0.0.255.255 log
ip route vrf CUST1 0.0.0.0 0.0.0.0 FastEthernet0/0 210.10.10.254 global
Any help you can give me would be very appreciated.
Thanks
Dan. -
Monitoring Servers hosted on Cloud.
Hi Guys,
I came across a request to check if it possible to monitor servers hosted on Cloud (Any cloud), servers in cloud are Windows and Centos flavors.
Pls help me in getting the possible solution and consideration which has to be taken care prior planning.
Pls Note: My request here is about only monitoring servers in the cloud, not the cloud itself.
Thanks !
- Thanks, SaiSure, that's possible.
You will need the Firewall(s) konfigured to allow TCP 5723 from the agent or gateway to the manager. Further, if there is no domain level trust you have to use certificates to achieve that.
https://technet.microsoft.com/en-us/library/dn249696.aspx --> Firewall, Support firewall scenarios
https://technet.microsoft.com/en-us/library/hh487288.aspx --> Security Considerations
https://technet.microsoft.com/en-us/library/hh456447.aspx --> Deploying a Gateway Server
HTH, Cheers,
Patrick
Please remember to click “Mark as Answer” on the post that helped you.
Patrick Seidl (System Center and Private Cloud)
Website: http://www.syliance.com
Blog: http://www.systemcenterrocks.com -
EIGRP Routing across MPLS Cloud
I appologize if this has been covered but I dont see any exact hits...
We are working with our Service Provider to implement MPLS between our remote sites and main campus. We are currently using PtoP T1 in a hub and spoke model. We are running EIGRP in our entire environment.
We would like to continue to run EIGRP in our environment but the SP does not support this protocol through the cloud. I would prefer not to introduce any new routing protocols into our environment such as BGP. (I believe SP is running BGP).
I have read snippits that I can us e GRE tunnel between sites and send EIGRP routing updates via this tunnel.
Can anyone support this method or are there better alternatives? If I implement GRE, I will still need to configure static routes so GRE knows how to reach the remote sites. I also cannot find any literature on how to configure GRE tunnels and use them ONLY for routing updates. I would think sending all traffic via GRE would cause additional overhead.
I will also have a need to send Multicast traffic between sites. I have read that GRE is the way to do this. To me it seems GRE will serve dual purposes.. first to allowing Dynamic routing updates between sites and also to allow Multicast traffic.
I appreciate any comments or suggestions!Hello Phil,
using GRE tunnels to build an overlay would deny one of the greatest benefits of MPLS L3 VPN: the peer model where each CE talks only with local PE node.
unless you have a small number of sites this approach is not recommended.
What if a new site is added in the future? you would need to configure a tunnel GRE to the new site in each of the existing sites.
You could run a DMVPN ( that is to use mGRE) to solve this but it has some complexity.
You can run BGP without using mutual redistribution: BGP allows to advertise internal networks using the network command even if they are not directly connected to the CE router but learned via EIGRP.
So it is enough to redistribute only BGP into EIGRP by setting a default seed metric (it requires five values in EIGRP and it is necessary or redistribution will not occur)
router bgp 65001
neigh PE-address remote-as SP-AS-number
network 10.10.10.0 mask 255.255.255.0
network 10.10.20.0 mask 255.255.254.0
no auto-summary
! note:if auto-summary is disabled you need to provide the exact mask / prefix length
router eigrp 100
redistribute bgp 65001
default-metric 10000 1000 255 1 1500
! BW delay reliabilty load MTU
Hope to help
Giuseppe -
Hi,
I'm looking at a topology where a number of collapsed PE/P nodes (50>100) access a L2 cloud in a full-mesh topology. The underlying cloud architecture could be something like VPLS from an external provider with the MPLS domain mapped on top. The attached shows the nodes on the periphery of the cloud and these could be spread globally. What I'm looking for are pros and cons and whether there is a case study or CVD for this type of topoolgy. Particular interest is on scalability around IGP, LSP's, sub-optimal routing conditions, IGP/LSP synchronisation, IGP link/domain costs etc... The network will provision L2/L3 VPN's and other standard MPLS features.
Thanks, WayneHi,
You'd need to implement QOS for sure. What many people do is to have data traffic use precedence/EXP 0 and Voice precedence/EXP 5. You could make the video traffic precedence/EXP 4, for example. This also maps to certain DSCP values.
You could also consider MPLS Traffic Engineering (TE). There is point-to-point TE for your data traffic, but you could also deploy (check platform and IOS support) point-to-multipoint (p2mp) TE to carry the IP multicast (video) traffic. With TE, you could steer traffic through the network and have fast protection (FRR). You'd still need to use QOS, because MPLS TE does not automatically hook into QOS.
Regards,
Luc -
Monitoring using Enterprise Manger (Cloud Control 12c)
Hello,
I have problems using Enterprise Manager to Monitor the GoldenGate Manager.
The Jagent is running, and the host agent is known by Cloud Control, but it doesnt find the jagent.
Somebody an idea?
http://docs.oracle.com/cd/E24628_01/install.121/e27804/toc.htm
ThanksSee this step by step guide on Oracle support:
GoldenGate Monitor Plug-In for Enterprise Manager 12c Visual Installation Guide (Doc ID 1469108.1)
Good luck,
-joe -
Multiple Customer Default Routes over MPLS Cloud
I have a customer with a Core network connected together over VPLS, and runnng EIGRP as the IGP. For the branch offices the are using MPLS, and SP requires us to use BGP when sending routes to them.
We have the core site, A, B, C. Site A&B have an internet connection. I want to have 1/2 the branches going to Site A and 1/2 going to Site B, and the SiteA orB and Site C as a backup. there is a single VRF. The SP will not make any changes for us...so I have been told. So I need to find out if there is a way to do this without SP involvement. I have tried Communities (CE side) with no Luck unless I make changes in the P/PE Net.
Attached is a drawing of the high level network.
Any Ideas....Some addtional informtion
Handling Multiple Default Routes with BGP as PE-CE Protocol
http://www.cisco.com/en/US/docs/solutions/Enterprise/WAN_and_MAN/L3VPNCon.html#wp321066
Layer 3 MPLS VPN Enterprise Consumer Guide Version 2
This section tells almost what I want to do. But I want the left side of the diagram to go left...and the right side to go right. -
Trace from a linux through MPLS cloud
Hi,
I got this trace from a customer.
1 10.50.128.254 1.940 ms 16.754 ms 16.482 ms
2 10.50.128.253 0.837 ms 0.733 ms 0.881 ms
3 192.168.105.181 4.040 ms 4.250 ms 3.982 ms
4 192.168.16.89 44.597 ms 44.532 ms 44.772 ms
MPLS Label=27 CoS=5 TTL=1 S=0
MPLS Label=129 CoS=3 TTL=1 S=0
5 192.168.18.141 15.380 ms 37.758 ms 10.681 ms
MPLS Label=129 CoS=5 TTL=1 S=0
6 192.168.18.142 23.174 ms * 22.015 ms
Can someone give me an explanation about the way linux box is able to find MPLS tags from the network?The routers will include that information in the ICMP TTL expired messages according to the following draft:
"ICMP Extensions for MultiProtocol Label Switching"
http://www.ietf.org/proceedings/01mar/I-D/mpls-icmp-02.txt
It appears that Linux implements this draft too.
Hope this helps, -
Frame-Relay through MPLS cloud
Hi All ,
Can anybody explain if I make a MPLS pe act as a frame-relay sw too is there in LDP related issue or not ?It is possible to use Frame Relay switches as Label, Switching Routers. Such Frame Relay switches run network layer routing algorithms (such as OSPF, IS-IS, etc.), and their forwarding
is based on the results of these routing algorithms. No specific
Frame Relay routing is needed.
When a Frame Relay switch is used for label switching, the top
(current) label, on which forwarding decisions are based, is carried
in the DLCI field of the Frame Relay data link layer header of a
frame. Additional information carried along with the top (current)
label, but not processed by Frame Relay switching, along with other
labels, if the packet is multiply labeled, are carried in the generic
MPLS encapsulation defined in [STACK].
Check this out.
http://www.ietf.org/rfc/rfc3034.txt -
Hi,
Is there any single point or a way to monitor all the connections in MPLS cloud.
Like there are 5 Sites connecting to each other in MPLS and if any site wants to send a packets to remote sites then it directly sends the packets, as this is not a Hub and Spoke, its a MESH like in MPLS. So is there any single point where I can monitor all the 5 sites using any thing like IDS/ IPS, or any other monitoring tool?You can also deploy MPLS VPN in a hub and spoke topology. This would be the only way to ensure that all traffic goes through the IDS located at the hub site. The same applies if you want to implement a FW or other centralized network services.
Hope this helps, -
Help in strategy for Migrating to MPLS from PRN cloud Same provider
Dear,
We are planning to migrate to MPLS from PRN using same provider, I have about 12 sites to migrate, new circuits have been provisioned and new routers are ready to be shipped to each site for installation.
Now, I am facing a dilemma, briefly speaking with provider they tell me that we can migrate a site a time no problem here, then next day they tell me it needs to be a hot cut over migration how can this be? so going back and forth and tayloring routers configurations I literally stopped, would like ask for assistance and your opinion on how to go about such migration to tentatively lock into a solid strategy.
Any documents out there you can point me to or experience in such migration will be appreciated.
All of our sites currently connect to PRN cloud including HQ, running OSPF multiple areas, at a glance I was thinking the provider would somehow bridge the two clouds so that I could build a parallel infrastructure and migrate branch offices one at a time but I am still unclear on how to proceed, I will be speaking with the provider more extensively in the next few days but any guidance will be appreciated.
Best RegardsHenry, thanks for those links and help.
Would like to share what I have done which seems so far to be working properly, so that if any one comes accross they get an idea.
It turned out our RPN/MPLS provider cannot or don't want to somehow cross connect the two clouds, so I was forced to do the cross connect at my end begining with two sites, I have setup what I had in mind, for each of the two targeted sites I have installed a new 3845 router with new DS3 link to MPLS cloud and created a cross connect to a 6509_switch_router that is connected under the PRN infrastructure. The 3845 was configured as a virtual link for ospf, all good here so far the 3845 joing ospf domain and received routing table from from PRN side. The next site had also new router and new circuit for the MPLS side, at this second site I brough down the router connecting to PRN cloud then brought up the new 2811 router which I had preconfigured under the same ospf domain and received routing table from the 3845 router DS3 MPLS link. We will let it run for a week to allow to troubleshoot or spod any issues before proceeding to migrate more sites.
Rgds
Jorge -
Question about Network In/Out in the Monitor of the Cloud Service
Hi there
My question is that what kind of data is the monitor monitoring? The monitor is in the cloud service.
And what are network in/out in the monitor stand for? The network in/out are in the monitor.
The monitor had monitored a huge amount of data in my cloud, but I have no ides what are they.
Thanks a lot!hi Tianchi,
Thanks for your posting!
>>what kind of data is the monitor monitoring? The monitor is in the cloud service
From the concepts side, By default, minimal monitoring is provided for a new cloud service using performance counters gathered from the host operating system for the roles instances (virtual machines). The minimal metrics are limited to
CPU Percentage, Data In, Data Out, Disk Read Throughput, and Disk Write Throughput.
If you want to monitor other metrics, you could use the azure Diagnostic to custom
performance counter in your cloud service or set
Verbose setting on the azure portal. For this issue, I suggest you could refer to the concepts part of this page (http://azure.microsoft.com/en-us/documentation/articles/cloud-services-how-to-monitor/
>>And what are network in/out in the monitor stand for? The network in/out are in the monitor.
Base on my understanding, Network in/out include the
performance counter "Bytes receive" and "Bytes send". Maybe it seems that your data size of network in/out is huge amount. But only your outbound data
can be charged. Of course, if you have some doubt about data or data billing, you could contact Azure Billing support for more details.
Regards,
Will
We are trying to better understand customer views on social support experience, so your participation in this interview project would be greatly appreciated if you have time. Thanks for helping make community forums a great place.
Click
HERE to participate the survey. -
Cloud Control 12c monitoring Oracle 11g Standard Edition alert.log
Hi guys.
I just installed Cloud Control 12c3 and added my cluster database, I have readed many papers, tech docs and tech discuss and now i have a huge confussion about packs, licensing and other fruits. Please help...
I have four Oracle 11g databases (differents hosts) Standard Edition, and i want monitoring and notificate alert.log errors. For example, if alert.log says "ORA-01438, blablabla" i want a email notification.
I read about packs, and says that "diagnostic pack" is needed for alert.log monitoring in Cloud Control 12c. But my version database is Standard Edition without packs, so I CAN'T MONITORING ALERT LOG!!!.
Question:
Do I really need Diagnostic Pack for monitoring alert.log with Cloud Control?
If Diagnostinc Pack is not necessary, how can i monitoring alert.log?
ThanksI do not think you require any pack for alert.log content monitoring but you might need to check with Oracle rep. I am saying so because if you go to the "Alert log content" page and click on management pack for this page, Grid will display a message that this page does not require any pack.
Go to the Alert log content by "oracle database -> logs -> alert log contents"
then
go to SETUP -> management packs -> packs for this page
You will see the message will be displayed " this pages does not require any pack"
Can you also provide the doc where it says that this pae needs diagnostic pack? -
Monitor Network in QOS environment
Hi All,
i am using L3 MPLS VPN services from a provider.
They are doing QOS, like my Voice, Data, ICMP. all traffic is classified in their network and take different paths.
Now sometime when we face voice issues, simple ICMP ping , TCP ping, will not give me insight if there are any packet losses, since Voice packets are taking someother path with in MPLS cloud due to DSCP marking of Voice pack to 46.
is there any tool in which i can change DSCP value of my packets and test out network response? or any monitoring tool that can do this by default?
i am looking for freeware at the moment or trialCisco's IP SLA feature set is designed for jsut this sort of thing. Depending on what platforms you are using, it may suit your needs.
-
ASA 5505 to allow 2nd network segment through mpls
I have been having a heck of a time trying to configure my 5505 to allow the second segment on my network to use the internet.
Office 1 has a fiber internet connection, and all traffic flows fine.
Office 2 had gotten it's internet from AT&T, via a network based firewall injecting a default route into the mpls cloud.
both offices connunicate to each other through the mpls.
When we added the fiber to office 1, we had the mpls people change the default internet route to the inside address of the 5505 and things worked fine.
when AT&T attempted to remove the NBF defaut route, and inject the 5505's address as default, things didn't go so well.
AT&T claims that it is within my nat cmmands on the 5505, but won't tell me anything else. I assume that they are correct, and I assume that I am not good enough with the 5505 ASDM to tell it what to do.
Office 1 uses 10.10.30.xx addresses and Office 2 uses 10.10.10.xx - the 5505 inside interface is 10.10.30.2 the internal interfaces of the mpls are 10.10.30.1 and 10.10.10.1
I don't know what other information you would need, but am stuck here at Office 1 until I can get this working.
ThanksHi,
Ok, so IF I have not understood anything wrong (which is still possible ), it would seem to me that the network mask of the ASA is atleast one reason that will cause problems for WI LAN if they try to use the Internet through the ASA5505 on the PA site.
This is what I would presume will happen when a host on the WI LAN initiates a connection to the Internet
WI PC 10.10.10.10 sends a TCP SYN to initiate/open a TCP connection with a Web server on the Internet
The TCP SYN gets forwarded to the default gateway of the PC which is 10.10.10.1
The TCP SYN packet traverses the ISP MPLS network all the way to the PA Site
The PA Site 3900 has a default route probably towards PA ASA 10.10.30.2
TCP SYN gets forwarded from the PA 3900 to the PA ASA according to the above mentioned default route on the PA 3900
TCP SYN arrives on the ASA and gets forwarded to the Internet
TCP SYN,ACK from the Web server arrives on the ASA
ASA will ARP for the MAC address of the WI PC IP address of 10.10.10.10 because it thinks that the host is directly connected to the ASAs "inside" interface because of the "inside" interfaces large /16 network mask which contains addresses between 10.10.0.0 - 10.10.255.255
The ARP request sent from the ASA never receives a reply since the WI PC isnt directly connected
PA ASA will never be able to forward the traffic to the WI PC which is trying to open the connection to the Internet because of the above mentioned problem. Therefore the TCP connection from WI PC never succeeds and timeouts.
Now you might ask, why does the connections between the PA and WI LAN work. To my understanding is that because the traffic from the PA hosts gets first forwarded to the PA 3900 then they have a working route to the WI LAN. The same way the WI LAN has a working route towards the PA LAN since the ASA isnt not involed in anyway.
The PA Internet connection naturally works as the 10.10.30.0/24 hosts are directly connected to the ASA so the above mentioned ARP will not fail on their part and traffic is forwarded just fine between the PA LAN and the Internet.
So to my understanding the solution to this problem would be to change the PA ASA "inside" subnet mask from 255.255.0.0 to 255.255.255.0.
If you are unsure of the of this change I would suggest you do it when there is low network use (so you can revernt the change) Naturally if you are on the PA LAN then you can probably access the Console connection if something were to go wrong. I cant see any configurations on the PA ASA which would imply that you configure the device remotely through the Internet.
Hope I made sense and hope this helps
Naturally ask more if needed
- Jouni
Maybe you are looking for
-
Windows SharePoint Services on Windows Server 2012 R2
Hi, Can someone please guide me on how to install/activate windows share point services on Windows Server 2012 R2? Many thanks. Thanks, Mathan
-
Reading the value of the "WaitForTarget" attribute of the Wait step
I am trying to access the "Step.WaitForTarget" attribute for the Wait step but can't find the correct syntax to use in an expression or the correct API calls to use in an action step. I intend to use this in an expression as I am looking for a spec
-
Update on help with PHP to send an email
On Jan 9th Iasked for help Asking for help with PHP to send an email wanting to send myself an email when a particular web page was opened.The group gave me lots of ideas / suggestions but unfortunately I was not able to make it work the way I wanted
-
Sorting internal table by date
Hello experts, i wat to sort internal table in asscending order and am using the code as follows, APPEND wa_final TO it_final. sort it_final by edatu vbeln ASCENDING. am getting output as 05.09.2008
-
I want to change my country in my account settings but i have got 0,70 pences how i can change country ?