Monitoring Traffic on a tunnel - Netflow Version 7

Similar Messages

• Cisco ASR1002-X Netflow version 5 performance

  Hello,
  customer is asking me regarding 1:1 Netflow version 5 on ASR1002-X.
  Is it fully supported?
  Is there any known caveat?
  I suspect it lowers stability of the system, and need to be sure.
  Thank you,
  Josef Baloun

  Are you referring to the sampling ratio? 1:1 sampling is sending all traffic conversations for NetFlow analysis using sampling. This can result in an increase in CPU and memory utilization on the device - so if this is a traffic heavy network, 1:1 sampling is not recommended.
  Regards,
  Don Jacob
  http://www.solarwinds.com/netflow-traffic-analyzer.aspx
  PS: Dont forget to rate and close helpful answers.

• Cisco Configuration Professional - Monitor - Traffic Status - Application traffic view

  Installed the Latest version of CCP. Noticed that it use Internet Explorer as the default browser.
  Current issue - Monitor - Traffic Status - Application traffic view show a window that is to large for my current screen,
  I've tried several options to make it more viewable, but no luck.
  Screenshot, Explaining the issue - Notice the difficulty to view the graphs
  Any advice will be appreciated.
  Philip

  I've manage to fix it by changing the zoom on Internet Explorer

• Is it possible to buy an apple monitor for a mac book pro version 10.7.5 with Software  Mac OS X Lion 10.7.5

  is it possible to buy an apple monitor for a mac book pro version 10.7.5 with Software  Mac OS X Lion 10.7.5

  Look at the Apple menu's, "About This Mac," and then press "More Info" button, to identify your Mac model beyond just, "MacBook Pro."
  example:
  LED Cinema Display:
  System Requirements
  Mac OS X v10.6.4 or later
  Mac computer with Mini DisplayPort, including MacBook, MacBook Air, MacBook Pro, Mac Pro, Mac mini, and iMac
  http://store.apple.com/us/product/MC007LL/A/apple-led-cinema-display-27-flat-pan el?fnode=53

• Monitoring traffic but not use IP SLA

  Dear everyone,
  I have a problem. I make a leased line between ISP (Service Provider) to Customer. And customer want to monitor traffic on this link. I can use IP SLA to do it. But now, customer don't agree to open ICMP on this link so IP SLA fall
  Can everyone help me to resolve it?

  SNMP traps for IP SLAs are handled through the system logging (syslog) process. This means that system logging messages for IP SLAs violations are generated when the specified conditions are met, then sent as SNMP traps using the CISCO-SYSLOG-MIB. The ip sla monitor logging traps command is used to enable the generation of these IP SLAs specific traps. The generation of IP SLAs specific logging messages is dependant on the configuration of the standard set of logging commands (for example, logging on). IP SLAs logging messages are generated at the "informational" system logging severity level.
  The command ip sla monitor logging traps is sometime hidden and may not show with ?, so just copy and paste in global config mode and have logging on and check if any traps are generated.
  -Thanks
  Vinod
  **Encourage Contributors. RATE them**

• RF monitor traffic lights

  How do the two fields of capacity used work to define the workload for users in the RF monitor traffic lights?

  Hello,
  Does anyone know my question?
  Appreciate some help here.
  Thanks,
  tuff

• Netflow Version and Supported Devices

  Hi everyone,
  Does any one have or can any one direct me to any documentation on what devices support netflow version 5 and version 7? I used to have a Power Point Doc that listed the switches and routers that supported specific versin of netflow.

  You can find this information via the 'Feature Navigator'.
  www.cisco.com/go/fn
  Just 'search by feature'.
  Regards
  Farrukh

• IPSec secured L2TPv3 - one way traffic in L2 tunnel

  Sigh... after 7 hours battling coming here because I've exhausted all my options to find an answer for my problem.
  So here is the topology - standard (boring) IPSec secured L2TPv3 tunnel: on one side - 897 connected to a DSL box, on another side - 1921 with two interfaces.
  Purpose to setup a plain L2TPv3 tunnel between those locations so computers plugged into the 897's 8-port switch interface can communicate with number of devices connected to 1921 on other side. 
  897:
  crypto ikev2 keyring key1
   peer destination_ip_address
    address local_outside_ip_address
    pre-shared-key key
  crypto ikev2 profile default
   match identity remote address 1921_outside_ip_address 255.255.255.255
   identity local address 897_outside_ip_address
   authentication remote pre-share
   authentication local pre-share
   keyring local key1
  crypto ikev2 dpd 30 3 periodic
  controller VDSL 0
  ip ssh rsa keypair-name router-key
  ip ssh version 2
  pseudowire-class DZD
   encapsulation l2tpv3
   ip local interface Loopback1
   ip pmtu
   ip dfbit set
   ip tos reflect
  crypto ipsec transform-set default esp-aes esp-sha-hmac
   mode tunnel
  crypto ipsec df-bit set
  crypto map local 1 ipsec-isakmp
   set peer 1921_outside_ip_address
   set ikev2-profile default
   match address 130
  interface Loopback1
   ip address 172.16.1.1 255.255.255.255
  interface ATM0
   no ip address
   no atm ilmi-keepalive
  interface Ethernet0
   no ip address
  interface GigabitEthernet0
   no ip address
  interface GigabitEthernet1
   no ip address
  interface GigabitEthernet2
   no ip address
  interface GigabitEthernet3
   no ip address
   xconnect 172.16.1.2 1 encapsulation l2tpv3 pw-class DZD
  interface GigabitEthernet4
   no ip address
  interface GigabitEthernet5
   no ip address
  interface GigabitEthernet6
   no ip address
  interface GigabitEthernet7
   no ip address
  interface GigabitEthernet8
   no ip address
   duplex auto
   speed auto
   pppoe enable group global
   pppoe-client dial-pool-number 1
  interface Wlan-GigabitEthernet8
   no ip address
  interface wlan-ap0
   description Embedded Service module interface to manage the embedded AP
   ip unnumbered Vlan1
  interface Vlan1
   ip address 10.97.2.29 255.255.255.0
  interface Dialer1
   mtu 1492
   ip address negotiated
   ip nat outside
   ip virtual-reassembly in
   encapsulation ppp
   ip tcp adjust-mss 1452
   dialer pool 1
   dialer-group 1
   ipv6 address autoconfig
   ppp authentication pap callin
   ppp pap sent-username DSL_username password DSL_password
   crypto map local
  ip forward-protocol nd
  ip http server
  no ip http secure-server
  ip route 0.0.0.0 0.0.0.0 Dialer1
  access-list 130 permit ip host 172.16.1.1 host 172.16.1.2
  dialer-list 1 protocol ip permit
  c897#
  1921:
  crypto ikev2 keyring key1
   peer 897_outside_ip_address
    address 897_outside_ip_address
    pre-shared-key key
  crypto ikev2 profile default
   match identity remote address 897_outside_ip_address 255.255.255.255
   identity local address 1921_outside_ip_address
   authentication remote pre-share
   authentication local pre-share
   keyring local key1
  crypto ikev2 dpd 30 3 periodic
  ip ssh version 2
  lldp run
  pseudowire-class ZRH
   encapsulation l2tpv3
   ip local interface Loopback1
   ip pmtu
   ip dfbit set
   ip tos reflect
  crypto ipsec transform-set default esp-aes esp-sha-hmac
   mode tunnel
  crypto ipsec df-bit set
  crypto map local 1 ipsec-isakmp
   set peer 897_outside_ip_address
   set ikev2-profile default
   match address 130
  interface Loopback1
   ip address 172.16.1.2 255.255.255.255
  interface Embedded-Service-Engine0/0
   no ip address
  interface GigabitEthernet0/0
   description WAN-ACC
   ip address 1921_outside_ip_address 255.255.255.0
   duplex auto
   speed auto
   crypto map local
  interface GigabitEthernet0/1
   description LAN-Trunk
   no ip address
   duplex auto
   speed auto
   xconnect 172.16.1.1 1 encapsulation l2tpv3 pw-class ZRH
  ip forward-protocol nd
  ip route 0.0.0.0 0.0.0.0 default_gateway_of_1921
  logging host 10.96.2.21
  access-list 130 permit ip host 172.16.1.2 host 172.16.1.1
  pnc01921#
  Note - 1921 is connected to the Nexus 2248TP FEX, here is the config of the interface of the FEX:
  pnc00001# sh run int e101/1/6
  !Time: Thu May  1 06:15:02 2014
  version 5.0(3)N2(2b)
  interface Ethernet101/1/6
    switchport access vlan 702
  Now, IPsec tunnel comes up and does pass traffic - I can ping from one l1 another l1, below is the output from 897:
  sh cry ike sa
   IPv4 Crypto IKEv2  SA
  Tunnel-id Local                 Remote                fvrf/ivrf            Status
  1         897_outside_ip_address/500     1921_outside_ip_address/500     none/none            READY
        Encr: AES-CBC, keysize: 256, Hash: SHA512, DH Grp:5, Auth sign: PSK, Auth verify: PSK
        Life/Active Time: 86400/76 sec
   IPv6 Crypto IKEv2  SA
  #sh cry ips sa
  interface: Dialer1
      Crypto map tag: local, local addr 897_outside_ip_address
     protected vrf: (none)
     local  ident (addr/mask/prot/port): (172.16.1.1/255.255.255.255/0/0)
     remote ident (addr/mask/prot/port): (172.16.1.2/255.255.255.255/0/0)
     current_peer 1921_outside_ip_address port 500
       PERMIT, flags={origin_is_acl,}
      #pkts encaps: 7, #pkts encrypt: 7, #pkts digest: 7
      #pkts decaps: 51, #pkts decrypt: 51, #pkts verify: 51
      #pkts compressed: 0, #pkts decompressed: 0
      #pkts not compressed: 0, #pkts compr. failed: 0
      #pkts not decompressed: 0, #pkts decompress failed: 0
      #send errors 0, #recv errors 0
       local crypto endpt.: 897_outside_ip_address, remote crypto endpt.: 1921_outside_ip_address
       path mtu 1492, ip mtu 1492, ip mtu idb Dialer1
       current outbound spi: 0x852BF1F2(2234249714)
       PFS (Y/N): N, DH group: none
       inbound esp sas:
        spi: 0x5D9DFB1A(1570634522)
          transform: esp-aes esp-sha-hmac ,
          in use settings ={Tunnel, }
          conn id: 2, flow_id: Onboard VPN:2, sibling_flags 80000040, crypto map: local
          sa timing: remaining key lifetime (k/sec): (4190855/3504)
          IV size: 16 bytes
          replay detection support: Y
          Status: ACTIVE(ACTIVE)
       inbound ah sas:
       inbound pcp sas:
       outbound esp sas:
        spi: 0x852BF1F2(2234249714)
          transform: esp-aes esp-sha-hmac ,
          in use settings ={Tunnel, }
          conn id: 1, flow_id: Onboard VPN:1, sibling_flags 80000040, crypto map: local
          sa timing: remaining key lifetime (k/sec): (4190863/3504)
          IV size: 16 bytes
          replay detection support: Y
          Status: ACTIVE(ACTIVE)
  #ping 172.16.1.2 sour l1
  Type escape sequence to abort.
  Sending 5, 100-byte ICMP Echos to 172.16.1.2, timeout is 2 seconds:
  Packet sent with a source address of 172.16.1.1
  Success rate is 100 percent (5/5), round-trip min/avg/max = 20/23/24 ms
  Now, L2 tunnel shows to be up on both ends as well (output from 897 here)
  #sh xconnect all
  Legend:    XC ST=Xconnect State  S1=Segment1 State  S2=Segment2 State
    UP=Up       DN=Down            AD=Admin Down      IA=Inactive
    SB=Standby  RV=Recovering      NH=No Hardware
  XC ST  Segment 1                         S1 Segment 2                         S2
  ------+---------------------------------+--+---------------------------------+--
  UP     ac   Gi3(Ethernet)                UP l2tp 172.16.1.2:1                 UP
  However, if you look at detailed output of l2tunn, you will see that the tunnel receives traffic from 1921, but does not send anything:
  #sh l2tun tunnel all
  L2TP Tunnel Information Total tunnels 1 sessions 1
  Tunnel id 3504576447 is up, remote id is 2898810219, 1 active sessions
    Locally initiated tunnel
    Tunnel state is established, time since change 00:19:34
    Tunnel transport is IP  (115)
    Remote tunnel name is pnc01921
      Internet Address 172.16.1.2, port 0
    Local tunnel name is pnc0DRZD
      Internet Address 172.16.1.1, port 0
    L2TP class for tunnel is l2tp_default_class
    Counters, taking last clear into account:
      0 packets sent, 763 received
      0 bytes sent, 65693 received
      Last clearing of counters never
    Counters, ignoring last clear:
      0 packets sent, 763 received
      0 bytes sent, 65693 received
    Control Ns 18, Nr 9
    Local RWS 512 (default), Remote RWS 512 (max)
    Control channel Congestion Control is disabled
    Tunnel PMTU checking enabled
    Retransmission time 1, max 1 seconds
    Unsent queuesize 0, max 0
    Resend queuesize 0, max 2
    Total resends 0, ZLB ACKs sent 8
    Total out-of-order dropped pkts 0
    Total out-of-order reorder pkts 0
    Total peer authentication failures 0
    Current no session pak queue check 0 of 5
    Retransmit time distribution: 0 0 0 0 0 0 0 0 0
    Control message authentication is disabled
  Mirrored situation on other side - 1921 sends packets, but nothing is received:
  pnc01921#sh l2tun tunnel all
  L2TP Tunnel Information Total tunnels 1 sessions 1
  Tunnel id 2898810219 is up, remote id is 3504576447, 1 active sessions
    Remotely initiated tunnel
    Tunnel state is established, time since change 00:21:15
    Tunnel transport is IP  (115)
    Remote tunnel name is pnc0DRZD
      Internet Address 172.16.1.1, port 0
    Local tunnel name is pnc01921
      Internet Address 172.16.1.2, port 0
    L2TP class for tunnel is l2tp_default_class
    Counters, taking last clear into account:
      815 packets sent, 0 received
      69988 bytes sent, 0 received
      Last clearing of counters never
    Counters, ignoring last clear:
      815 packets sent, 0 received
      69988 bytes sent, 0 received
    Control Ns 9, Nr 20
    Local RWS 1024 (default), Remote RWS 512
    Control channel Congestion Control is disabled
    Tunnel PMTU checking enabled
    Retransmission time 1, max 1 seconds
    Unsent queuesize 0, max 0
    Resend queuesize 0, max 1
    Total resends 0, ZLB ACKs sent 18
    Total out-of-order dropped pkts 0
    Total out-of-order reorder pkts 0
    Total peer authentication failures 0
    Current no session pak queue check 0 of 5
    Retransmit time distribution: 0 0 0 0 0 0 0 0 0
    Control message authentication is disabled
  There is a Windows box plugged into 897's G3 with IP address 10.97.2.25. I can ping from it 897's VLAN1 at 10.97.2.29. However I can't ping anything across the L2TPv3 tunnel. At the same time on that Windows box I can see broadcast traffic coming across the tunnel.
  I give up. Anyone has some reasonable suggestion what might be wrong? I suspect that something is wrong at 897's side. 
  One last question - how can I create svi on 1921 and assign ip address from 10.97.2.0/24 network on it?

  Anybody? Opened ticket #630128425, no response from Cisco yet..

• View traffic "in the tunnel"?

  I have a VPN setup between two sites. My end has a 3000 concentrator, other end is unknown at this time.
  I know the tunnel is up and I know that the initial syn is being passed and hitting the system in question on the other side. I also know that the other side is responding with a syn/ack, but I don't see anything on my side.
  I don't have access to the other side but they assure me its NOT THEM.
  So I need to PROVE that I can see traffic go IN the tunnel and ALSO see that nothing is being dropped while in the tunnel on my side.
  I have yet to find how to view this. What classes should I have enable to view this?
  Appreciate any assistance or pointing to the documentation where this is found

  Kendall,
  You will have to work with the concentrator live event log as well as some basic test when bringing up the tunnel and stablishing the connection. You do not say who initiates this tunnel nor what type of tcp services are allowed, but lets assume host 10.2.2.2 on your side is the one initiating the tunnel to destination host on other side 192.168.1.1 , and that other side is allowing RDP port 3389.
  You may do a simple telnet test on 3389 port.
  e.g telnet 192.168.1.1 3389 you should get a black screen and at the some time this will also triger interesting traffic to bring up the tunnel, observe the live event log from concentrator which will provide detailed information on the two Ipsec Phases, that is Phase-1 and Phase-2 SA exchange etc... if indeed the tunnel comes up you should see it is the live event log as well as when you do the telnet test, you may provide the other side with log information from the your concentrator.
  As for encripted traffic on the concentrator loog at the Monitor sessions Window look at LAN-to-LAN section , if tunnel is up and traffic is exchanged you should see Bytes Tx, Bytes Rx as well as Encryption statistics on the tunnel.
  If this process is the other way around meaning the other side is initiating interesting traffic the same information applies, live event log should provide the IPsec tunnel being stablished or failing.
  Rgds
  Jorge

• Monitoring Traffic on CSM

  Guys,
  I have trouble (slow connection) on my servers behinds CSM. The SVI is on FWSM.
  I want to see all the traffic on my servers which is located behind CSM during one day, so I will know what is the root cause of the servers slow connection.
  The problem is how can I monitor the traffic in the CSM historically?
  I think netflow can't handle it because netflow only knows the real IP (physical IP) of the server, and netflow can't mapping from Real IP to Virtual IP.
  Thank for your help.
  Regards,
  Edwin

  Hi Edwin,
  To understand what is going on the connections through CSM, it is important to see server side sniffer data and client side sniffer data
  from the standpoint of CSM. If you have NAM installed in the Cat6k, you can SPAN port-channel of CSM. In that case traffic are
  captured with dot1q tag that makes troubleshooting easy. Without NAM, port SPAN or vlan SPAN of server side and client side are still useful.
  There is no historical data with which you can troubleshoot client & server connectivity / performance issue through CSM.
  Regards,
  Kimihito.

• Spiceworks Network Monitor not working after upgrading to version 1.2

  It's the same with my upgrade. Look like we need some oil and vinegar for the  pepper ;)

  Hello,
  I received the email informing the availability of the new release of Network Monitor. After upgrading, the web console locks at below step:
  The above issue persists whatever restarting the services or rebooting the computer hosting this service.
  I also noticed that the size of this release is 682KB which is obviously small compare to old version:
  Anyone else experiences the same issue?
  Thanks
  This topic first appeared in the Spiceworks Community

• Triple monitor: Sapphire HD5670 512MB (*non* eyefinity version)

  Those reading will know that, in order to have up to 3 displays showing content in a single graphics card, if it's an AMD card then you need a certain feature known as EyeFinity.
  In particular, I am talking about tihs card:
  http://www.google.co.uk/products/catalo … CDAQ8wIwAQ
  You will notice in the picture that this one has  DP, but there is another version that has VGA port in its place. I courd not for the life of me find it again, but at the time of buying the concern was CRT usage, so a VGA port was important. I did not know about EyeFinity at the time.
  This guide is for people whe made mistakes like this.
  This is typically the case. With my card in particular, you cannot get triple monitor in Windows, because the drivers prevent it (it is possible in Linux).
  I said prevent.
  If a card has 3 video outputs, each with their own RAMDAC (or none, if its digital-only), then why can you not use all 3 at the same time?
  Typically in such a setup, if it does not have EyeFinity, then the connectors are usually:
  VGA, DVI, HDMI (my card)
  or
  DVI, DVI, VGA (other cards)
  or
  DVI DVI, HDMI
  or
  HDMI, HDMI, DVI
  In other words, all ef these types of card without support for EyeFinity, do not have:
  DisplayPort connector
  This is a rather crude way of getting it to work, but any solution is a selution still.
  Well, here is a simple way I get triple monitor on my card that does not support EyeFinity:
  VGA lcd in the VGA
  DVI lcd in the DVI
  DVI lcd in the HDMI (using HDMI-DVI adapter)
  The HDMI is disconnected via a coupler, before I boot into Linux. I have a script with these commands:
  xrandr --auto --output VGA-0 --mode 1280x1024
  xrandr --auto --output DVI-0 --mode 1280x1024 --right-of VGA-0
  xrandr --auto --output HDMI-0 --mode 1280x1024 --right-of DVI-0
  (run it as a bash script)
  With the HDMI (via HDMI-DVI, then a DVI coupler, then DVI to DVI going to the monitor) disconnected at the coupler, I run this script.
  Of course, this script sets triple monitor, but right now only the DVI and VGA are hooked up.
  Once it has done, I have dual monitor.
  Then, connect at the coupler (or "gender changer") on the HDMI output. Now all 3 displays are connected, but you still have dual monitor.
  Run the above commands again, and you will see triple monitor.
  Now that you have solved the problem of getting tri-monitor in X, if you look at your TTYs you will notice that only one of the screens is showing. In X (usually terminal 7 or 8), simply disconnect the HDMI at the coupler for a few seconds, then reconnect it.
  Now you to your TTY (Ctrl-Alt-F{1-6}), and it will show text on all 3 screens (albeit duplicated).
  Thoughts,
  I am not sure as to why this is possible to do. I see it as "tricking" the other incapable hardware into outputting on 3 displays, but it seems penfectly functional.
  My guess is that this actually is an EyeFinity card, in the sense that it is the same base an which other cards (with DP, and thus, EyeFinity) are built, but that this particular card can be used in the same way, to get triple monitor.
  Either that, or this is a "bug" in X11/XrandR (if it is a bug, please do not fix it, I like my triple monitors, I call it a feature).
  I know that this certainly works in Xubuntu too, I tried it on a Live CD.
  I tried removing the graphics card and trying this on the intergrated graphics (HD 4290/4250 I think), which also has the same 3 outputs, but the hardwas itself actually enforces a maximum of 2 monitors. If you have DVI and HDMI hooked up, it defaults to HDMI, but masquerades as DVI (where the drivers are concerned). You could use this hack, but then it would still not work because the hardware itself, not the driver softawre, is enforcing it.
  The board is: ASUS M4a89GTD PRO
  Last edited by NightCrawler03X (2012-01-17 17:45:59)

  Hello,
  i get the same messages without any problems for my intel card.
  You can read more about it in this thread:
  http://forums.gentoo.org/viewtopic-t-85 … ec66f93bf2
  There are a fair amount of people who have posted their /proc/mtrr there, you can compare yours to them.
  In the end they come to the conclusion, that uncachable entries are not a problem, for the most systems.
  However uncachable regions of 1024MB seem to be too large.
  On my mtrr the biggest uncachable entry is 64MB.
  So you might get improvement from solving this.

• Policy based routing on VRF interfaces to route traffic through TE Tunnel

  Hi All,
  Is there a method to do policy based routing on VRF interfaces and route data traffic through one TE tunnel and non-data traffic through another TE tunnel.
  The tunnel is already build up with these below config
  interface Tunnel25
  ip unnumbered Loopback0
  tunnel destination 10.250.16.250
  tunnel mode mpls traffic-eng
  tunnel mpls traffic-eng path-option 10 explicit name test
  ip explicit-path name test enable
  next-address x.x.x.x
  next-address y.y.y.y
  router ospf 1
  mpls traffic-eng router-id Loopback0
  mpls traffic-eng area 0
  mpls traffic-eng tunnels
  nterface GigabitEthernet5/2
  mpls traffic-eng tunnels
  mpls ip
  Is there additional config needed to work ,also in the destination end for the return traffic,we want to use the normal PATH --I mean non TE tunnel.
  We tested with the above scenario,but couldn't able to reach the destination.Meantime we had a question,when the packet uses the policy map while ingress,it may not know the associatuion with VRF(Is that right? --If so ,how to make it happen)
  Any help would be really appreciated
  Thanks
  Regards
  Anantha Subramanian Natarajan

  hi Anantha!
  I might not be the right person to comment on your first question. I have not configured MVPNs yet and not very confertable with the topic.
  But I am sure that if you read through the CBTS doc thoroughly, you might be able to derive the answer yourself. One thing I notice is that " a Tunnel will be selected regularly according to the routing process (even isf it is cbts enabled). From the tunnels selected using the regular best path selection, the traffic is mapped to a perticular tunnel in the group if specific class is mapped to that tunnel.
  So a master tunnel can be the only tunnel between the 2 devices over which the routing (bgp next hops) are exchanged and all other tunnels can be members of this tunnel. So your RPF might not fail.
  You might have to explore on this a bit more and read about the co-existance of multicast and TE. This will be the same as that.
  For your second question, the answer would be easy :
  If you want a specific eompls cust to take a particular tunnel/path, just create a seperate pair of loopbacks on the PEs. Make the loopback learnt on the remote PE through the tunnel/path that you want the eompls to take. Then establish the xconnect with this loopback. I am assuming that your question is that a particular eompls session should take a particular path.
  If you meant that certain traffic from the same eompls session take a different path/tunnel, then CBTS will work.
  Regards,
  Niranjan

• HTTP tunnelling on version 9.0.2.0.0 - does it work?

  I can't get HTTP tunneling to work on version 9.0.2.0.0, though it seems to work OK on version 2.0.0.0 ( the version included with the JDev Release Candidate)
  on 9.0.2.0.0 when trying to connect to my session bean using HTTP tunneling I get the following error reported:
  com.evermind.server.rmi.OrionRemoteException: Invocation error: java.lang.ClassNotFoundException: com.aeroint.partsmarking.remote.PartSpecControlSSBHome
  ie it can't find my home interface. If I access the bean without the http tunneling set it works fine.

  Hi Barry,
  iMovie11, SnowLeopard 10.6.7.
  Different problem in the trailer:
  The main title shows "placeholders" as if the font is missing which it is likely not; I have not messed with fonts in a year.
  The placeholders resemble a box with the capital letter "A" within the box bordered by the phrase "BASIC LATIN" on top and bottom of the box and "0000" on the left and "00F7" on the right.
  To attempt to repair the malfunction, I eliminated the .plist file but this rids iMovie11 of the projects themselves, so this is no solution.
  I quit iMovie and restarted it but the problem persists.
  The previous trailer had no font problems, nor problems of any kind. My previous movies made in iMovie11 had no problems either.
  What to do?

• Monitoring traffic and collisions

  Hello-
  I am wondering if I could get some feedback on a utility that can be used to monitor collisions (source of problem) on the switches in my cluster. Current setup: 8 x 3548's -> 1 x 3550 in a star config. There seems to be alot of latency at times. I have MRTG running against the 3550, but I need to get to the root of the problem. Any help would be appreciated. Thx in advance.

  That is a strange graph from MRTG. Are you sure that MRTG is still updating? The only time I have seen MRTG draw a graph like that is when it stops updating. The reason for this is when MRTG can no longer collect data it just keeps using the last successful measurement and you end up with a never changing graph like you have.
  Ports blinking amber usually indicate errors. If you do a show interface command every couple of minutes do you see the error cuonters incrementing? If not then you might have failing hardware or heavy traffic in a half duplex environment. If you set the port speeds and duplex you must match the settings on all attached hosts. Hosts that are not set will match speed but end up at half duplex resulting in collisions.
  The MRTG/MIB stuff from the URL I supplied sometimes works - sometimes not. If it doesn't work it is the MIB portion that is ususally incorrect.
  -Mark