Monitoring Traffic on a tunnel - Netflow Version 7
Hi,
I am trying to setup monitoring for Netflow and it is working but it doesn't seem I am capturing all the traffic as the utilization only shows 1-2%.
My current setup is this:
ip flow-cache timeout active 1
ip flow-export source GigabitEthernet0/1
ip flow-export version 5
ip flow-export destination xxx.xxx.xxx.xxx 9996 vrf xxxxxxxxxxxx
interface Tunnel1
ip vrf forwarding xxxxxxxxxxxxx
ip address xxxxxxxxxxxxxxxxxx
tunnel source xxxxxxxxxxxxxxxxxxxxxx
tunnel destination xxxxxxxxxxxxxxxxxxxx
tunnel vrf INTERNE
interface Tunnel2203
description WAN: US | xxx.xxx.xxx.xxx | xxx.xxx.xxx.xxx | xxx.xxx.xxx.xxx
ip vrf forwarding xxxxxxxxxxxxxxxx
ip address xxx.xxx.xxx.xxx xxx.xxx.xxx.xxx
ip mtu 1500
ip route-cache flow
ip tcp adjust-mss 1350
ip ospf authentication-key 7 xxxxxxxxxxxxxxxxxxx
ip ospf cost 20
keepalive 10 3
tunnel sourcexxx.xxx.xxx.xxx
tunnel destination xxx.xxx.xxx.xxx
tunnel key xxx.xxx.xxx.xxx
tunnel checksum
interface GigabitEthernet0/1
description xxxxxxxxxxxxx, F0/45
no ip address
ip flow ingress
ip flow egress
ip route-cache flow
duplex auto
speed auto
interface GigabitEthernet0/0
description xxxxxxxxxxxxxxxx, xxxxxxxxxxxxx
ip vrf forwarding xxxxxxxxxxxxxxxx
ip address xxxxxxxxxxxxxxxxx
no ip redirects
no ip unreachables
no ip proxy-arp
ip flow ingress
ip flow egress
ip route-cache flow
load-interval 30
duplex full
speed 100
no mop enabled
Both Gig0/0 and 0/1 connect to the core however, as you see Gig0/0 uses VRP forwarding which is how I have it setup for our Netflow. I only seem be able to see Tunnel 1 and Gig0/0. I cannot see tunnel 2203 or Gig0/1.
xxxxxxxxxxxxxxx#show ip flow export
Flow export v5 is enabled for main cache
Export source and destination details :
VRF ID : 1
Source(1) xxxxxxxxxxx (Tunnel2203)
Destination(1) xxxxxxxxxx (9996)
Version 5 flow records
3423675 flows exported in 115622 udp datagrams
0 flows failed due to lack of export packet
show ip cache flow
IP packet size distribution (1616M total packets):
1-32 64 96 128 160 192 224 256 288 320 352 384 416 448 480
.000 .398 .065 .054 .017 .030 .015 .011 .007 .007 .008 .005 .004 .003 .003
512 544 576 1024 1536 2048 2560 3072 3584 4096 4608
.002 .002 .003 .038 .321 .000 .000 .000 .000 .000 .000
IP Flow Switching Cache, 278544 bytes
287 active, 3809 inactive, 62297999 added
1265353168 ager polls, 0 flow alloc failures
Active flows timeout in 1 minutes
Inactive flows timeout in 15 seconds
IP Sub Flow Cache, 25800 bytes
287 active, 737 inactive, 3406160 added, 3406160 added to flow
0 alloc failures, 0 force free
1 chunk, 1 chunk added
last clearing of statistics never
Please help?
This is not possible ... if you LAG the links. But if you un-LAG it maybe you can. I haven't tried it.
So that tunneled guest traffic flow can come via one trunk and leave on the guest VLAN via another trunk going to another switch. This sounds "awful" (for the lack of a better PG-13 word).
Similar Messages
-
Cisco ASR1002-X Netflow version 5 performance
Hello,
customer is asking me regarding 1:1 Netflow version 5 on ASR1002-X.
Is it fully supported?
Is there any known caveat?
I suspect it lowers stability of the system, and need to be sure.
Thank you,
Josef BalounAre you referring to the sampling ratio? 1:1 sampling is sending all traffic conversations for NetFlow analysis using sampling. This can result in an increase in CPU and memory utilization on the device - so if this is a traffic heavy network, 1:1 sampling is not recommended.
Regards,
Don Jacob
http://www.solarwinds.com/netflow-traffic-analyzer.aspx
PS: Dont forget to rate and close helpful answers. -
Cisco Configuration Professional - Monitor - Traffic Status - Application traffic view
Installed the Latest version of CCP. Noticed that it use Internet Explorer as the default browser.
Current issue - Monitor - Traffic Status - Application traffic view show a window that is to large for my current screen,
I've tried several options to make it more viewable, but no luck.
Screenshot, Explaining the issue - Notice the difficulty to view the graphs
Any advice will be appreciated.
PhilipI've manage to fix it by changing the zoom on Internet Explorer
-
is it possible to buy an apple monitor for a mac book pro version 10.7.5 with Software Mac OS X Lion 10.7.5
Look at the Apple menu's, "About This Mac," and then press "More Info" button, to identify your Mac model beyond just, "MacBook Pro."
example:
LED Cinema Display:
System Requirements
Mac OS X v10.6.4 or later
Mac computer with Mini DisplayPort, including MacBook, MacBook Air, MacBook Pro, Mac Pro, Mac mini, and iMac
http://store.apple.com/us/product/MC007LL/A/apple-led-cinema-display-27-flat-pan el?fnode=53 -
Monitoring traffic but not use IP SLA
Dear everyone,
I have a problem. I make a leased line between ISP (Service Provider) to Customer. And customer want to monitor traffic on this link. I can use IP SLA to do it. But now, customer don't agree to open ICMP on this link so IP SLA fall
Can everyone help me to resolve it?SNMP traps for IP SLAs are handled through the system logging (syslog) process. This means that system logging messages for IP SLAs violations are generated when the specified conditions are met, then sent as SNMP traps using the CISCO-SYSLOG-MIB. The ip sla monitor logging traps command is used to enable the generation of these IP SLAs specific traps. The generation of IP SLAs specific logging messages is dependant on the configuration of the standard set of logging commands (for example, logging on). IP SLAs logging messages are generated at the "informational" system logging severity level.
The command ip sla monitor logging traps is sometime hidden and may not show with ?, so just copy and paste in global config mode and have logging on and check if any traps are generated.
-Thanks
Vinod
**Encourage Contributors. RATE them** -
How do the two fields of capacity used work to define the workload for users in the RF monitor traffic lights?
Hello,
Does anyone know my question?
Appreciate some help here.
Thanks,
tuff -
Netflow Version and Supported Devices
Hi everyone,
Does any one have or can any one direct me to any documentation on what devices support netflow version 5 and version 7? I used to have a Power Point Doc that listed the switches and routers that supported specific versin of netflow.You can find this information via the 'Feature Navigator'.
www.cisco.com/go/fn
Just 'search by feature'.
Regards
Farrukh -
IPSec secured L2TPv3 - one way traffic in L2 tunnel
Sigh... after 7 hours battling coming here because I've exhausted all my options to find an answer for my problem.
So here is the topology - standard (boring) IPSec secured L2TPv3 tunnel: on one side - 897 connected to a DSL box, on another side - 1921 with two interfaces.
Purpose to setup a plain L2TPv3 tunnel between those locations so computers plugged into the 897's 8-port switch interface can communicate with number of devices connected to 1921 on other side.
897:
crypto ikev2 keyring key1
peer destination_ip_address
address local_outside_ip_address
pre-shared-key key
crypto ikev2 profile default
match identity remote address 1921_outside_ip_address 255.255.255.255
identity local address 897_outside_ip_address
authentication remote pre-share
authentication local pre-share
keyring local key1
crypto ikev2 dpd 30 3 periodic
controller VDSL 0
ip ssh rsa keypair-name router-key
ip ssh version 2
pseudowire-class DZD
encapsulation l2tpv3
ip local interface Loopback1
ip pmtu
ip dfbit set
ip tos reflect
crypto ipsec transform-set default esp-aes esp-sha-hmac
mode tunnel
crypto ipsec df-bit set
crypto map local 1 ipsec-isakmp
set peer 1921_outside_ip_address
set ikev2-profile default
match address 130
interface Loopback1
ip address 172.16.1.1 255.255.255.255
interface ATM0
no ip address
no atm ilmi-keepalive
interface Ethernet0
no ip address
interface GigabitEthernet0
no ip address
interface GigabitEthernet1
no ip address
interface GigabitEthernet2
no ip address
interface GigabitEthernet3
no ip address
xconnect 172.16.1.2 1 encapsulation l2tpv3 pw-class DZD
interface GigabitEthernet4
no ip address
interface GigabitEthernet5
no ip address
interface GigabitEthernet6
no ip address
interface GigabitEthernet7
no ip address
interface GigabitEthernet8
no ip address
duplex auto
speed auto
pppoe enable group global
pppoe-client dial-pool-number 1
interface Wlan-GigabitEthernet8
no ip address
interface wlan-ap0
description Embedded Service module interface to manage the embedded AP
ip unnumbered Vlan1
interface Vlan1
ip address 10.97.2.29 255.255.255.0
interface Dialer1
mtu 1492
ip address negotiated
ip nat outside
ip virtual-reassembly in
encapsulation ppp
ip tcp adjust-mss 1452
dialer pool 1
dialer-group 1
ipv6 address autoconfig
ppp authentication pap callin
ppp pap sent-username DSL_username password DSL_password
crypto map local
ip forward-protocol nd
ip http server
no ip http secure-server
ip route 0.0.0.0 0.0.0.0 Dialer1
access-list 130 permit ip host 172.16.1.1 host 172.16.1.2
dialer-list 1 protocol ip permit
c897#
1921:
crypto ikev2 keyring key1
peer 897_outside_ip_address
address 897_outside_ip_address
pre-shared-key key
crypto ikev2 profile default
match identity remote address 897_outside_ip_address 255.255.255.255
identity local address 1921_outside_ip_address
authentication remote pre-share
authentication local pre-share
keyring local key1
crypto ikev2 dpd 30 3 periodic
ip ssh version 2
lldp run
pseudowire-class ZRH
encapsulation l2tpv3
ip local interface Loopback1
ip pmtu
ip dfbit set
ip tos reflect
crypto ipsec transform-set default esp-aes esp-sha-hmac
mode tunnel
crypto ipsec df-bit set
crypto map local 1 ipsec-isakmp
set peer 897_outside_ip_address
set ikev2-profile default
match address 130
interface Loopback1
ip address 172.16.1.2 255.255.255.255
interface Embedded-Service-Engine0/0
no ip address
interface GigabitEthernet0/0
description WAN-ACC
ip address 1921_outside_ip_address 255.255.255.0
duplex auto
speed auto
crypto map local
interface GigabitEthernet0/1
description LAN-Trunk
no ip address
duplex auto
speed auto
xconnect 172.16.1.1 1 encapsulation l2tpv3 pw-class ZRH
ip forward-protocol nd
ip route 0.0.0.0 0.0.0.0 default_gateway_of_1921
logging host 10.96.2.21
access-list 130 permit ip host 172.16.1.2 host 172.16.1.1
pnc01921#
Note - 1921 is connected to the Nexus 2248TP FEX, here is the config of the interface of the FEX:
pnc00001# sh run int e101/1/6
!Time: Thu May 1 06:15:02 2014
version 5.0(3)N2(2b)
interface Ethernet101/1/6
switchport access vlan 702
Now, IPsec tunnel comes up and does pass traffic - I can ping from one l1 another l1, below is the output from 897:
sh cry ike sa
IPv4 Crypto IKEv2 SA
Tunnel-id Local Remote fvrf/ivrf Status
1 897_outside_ip_address/500 1921_outside_ip_address/500 none/none READY
Encr: AES-CBC, keysize: 256, Hash: SHA512, DH Grp:5, Auth sign: PSK, Auth verify: PSK
Life/Active Time: 86400/76 sec
IPv6 Crypto IKEv2 SA
#sh cry ips sa
interface: Dialer1
Crypto map tag: local, local addr 897_outside_ip_address
protected vrf: (none)
local ident (addr/mask/prot/port): (172.16.1.1/255.255.255.255/0/0)
remote ident (addr/mask/prot/port): (172.16.1.2/255.255.255.255/0/0)
current_peer 1921_outside_ip_address port 500
PERMIT, flags={origin_is_acl,}
#pkts encaps: 7, #pkts encrypt: 7, #pkts digest: 7
#pkts decaps: 51, #pkts decrypt: 51, #pkts verify: 51
#pkts compressed: 0, #pkts decompressed: 0
#pkts not compressed: 0, #pkts compr. failed: 0
#pkts not decompressed: 0, #pkts decompress failed: 0
#send errors 0, #recv errors 0
local crypto endpt.: 897_outside_ip_address, remote crypto endpt.: 1921_outside_ip_address
path mtu 1492, ip mtu 1492, ip mtu idb Dialer1
current outbound spi: 0x852BF1F2(2234249714)
PFS (Y/N): N, DH group: none
inbound esp sas:
spi: 0x5D9DFB1A(1570634522)
transform: esp-aes esp-sha-hmac ,
in use settings ={Tunnel, }
conn id: 2, flow_id: Onboard VPN:2, sibling_flags 80000040, crypto map: local
sa timing: remaining key lifetime (k/sec): (4190855/3504)
IV size: 16 bytes
replay detection support: Y
Status: ACTIVE(ACTIVE)
inbound ah sas:
inbound pcp sas:
outbound esp sas:
spi: 0x852BF1F2(2234249714)
transform: esp-aes esp-sha-hmac ,
in use settings ={Tunnel, }
conn id: 1, flow_id: Onboard VPN:1, sibling_flags 80000040, crypto map: local
sa timing: remaining key lifetime (k/sec): (4190863/3504)
IV size: 16 bytes
replay detection support: Y
Status: ACTIVE(ACTIVE)
#ping 172.16.1.2 sour l1
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 172.16.1.2, timeout is 2 seconds:
Packet sent with a source address of 172.16.1.1
Success rate is 100 percent (5/5), round-trip min/avg/max = 20/23/24 ms
Now, L2 tunnel shows to be up on both ends as well (output from 897 here)
#sh xconnect all
Legend: XC ST=Xconnect State S1=Segment1 State S2=Segment2 State
UP=Up DN=Down AD=Admin Down IA=Inactive
SB=Standby RV=Recovering NH=No Hardware
XC ST Segment 1 S1 Segment 2 S2
------+---------------------------------+--+---------------------------------+--
UP ac Gi3(Ethernet) UP l2tp 172.16.1.2:1 UP
However, if you look at detailed output of l2tunn, you will see that the tunnel receives traffic from 1921, but does not send anything:
#sh l2tun tunnel all
L2TP Tunnel Information Total tunnels 1 sessions 1
Tunnel id 3504576447 is up, remote id is 2898810219, 1 active sessions
Locally initiated tunnel
Tunnel state is established, time since change 00:19:34
Tunnel transport is IP (115)
Remote tunnel name is pnc01921
Internet Address 172.16.1.2, port 0
Local tunnel name is pnc0DRZD
Internet Address 172.16.1.1, port 0
L2TP class for tunnel is l2tp_default_class
Counters, taking last clear into account:
0 packets sent, 763 received
0 bytes sent, 65693 received
Last clearing of counters never
Counters, ignoring last clear:
0 packets sent, 763 received
0 bytes sent, 65693 received
Control Ns 18, Nr 9
Local RWS 512 (default), Remote RWS 512 (max)
Control channel Congestion Control is disabled
Tunnel PMTU checking enabled
Retransmission time 1, max 1 seconds
Unsent queuesize 0, max 0
Resend queuesize 0, max 2
Total resends 0, ZLB ACKs sent 8
Total out-of-order dropped pkts 0
Total out-of-order reorder pkts 0
Total peer authentication failures 0
Current no session pak queue check 0 of 5
Retransmit time distribution: 0 0 0 0 0 0 0 0 0
Control message authentication is disabled
Mirrored situation on other side - 1921 sends packets, but nothing is received:
pnc01921#sh l2tun tunnel all
L2TP Tunnel Information Total tunnels 1 sessions 1
Tunnel id 2898810219 is up, remote id is 3504576447, 1 active sessions
Remotely initiated tunnel
Tunnel state is established, time since change 00:21:15
Tunnel transport is IP (115)
Remote tunnel name is pnc0DRZD
Internet Address 172.16.1.1, port 0
Local tunnel name is pnc01921
Internet Address 172.16.1.2, port 0
L2TP class for tunnel is l2tp_default_class
Counters, taking last clear into account:
815 packets sent, 0 received
69988 bytes sent, 0 received
Last clearing of counters never
Counters, ignoring last clear:
815 packets sent, 0 received
69988 bytes sent, 0 received
Control Ns 9, Nr 20
Local RWS 1024 (default), Remote RWS 512
Control channel Congestion Control is disabled
Tunnel PMTU checking enabled
Retransmission time 1, max 1 seconds
Unsent queuesize 0, max 0
Resend queuesize 0, max 1
Total resends 0, ZLB ACKs sent 18
Total out-of-order dropped pkts 0
Total out-of-order reorder pkts 0
Total peer authentication failures 0
Current no session pak queue check 0 of 5
Retransmit time distribution: 0 0 0 0 0 0 0 0 0
Control message authentication is disabled
There is a Windows box plugged into 897's G3 with IP address 10.97.2.25. I can ping from it 897's VLAN1 at 10.97.2.29. However I can't ping anything across the L2TPv3 tunnel. At the same time on that Windows box I can see broadcast traffic coming across the tunnel.
I give up. Anyone has some reasonable suggestion what might be wrong? I suspect that something is wrong at 897's side.
One last question - how can I create svi on 1921 and assign ip address from 10.97.2.0/24 network on it?Anybody? Opened ticket #630128425, no response from Cisco yet..
-
View traffic "in the tunnel"?
I have a VPN setup between two sites. My end has a 3000 concentrator, other end is unknown at this time.
I know the tunnel is up and I know that the initial syn is being passed and hitting the system in question on the other side. I also know that the other side is responding with a syn/ack, but I don't see anything on my side.
I don't have access to the other side but they assure me its NOT THEM.
So I need to PROVE that I can see traffic go IN the tunnel and ALSO see that nothing is being dropped while in the tunnel on my side.
I have yet to find how to view this. What classes should I have enable to view this?
Appreciate any assistance or pointing to the documentation where this is foundKendall,
You will have to work with the concentrator live event log as well as some basic test when bringing up the tunnel and stablishing the connection. You do not say who initiates this tunnel nor what type of tcp services are allowed, but lets assume host 10.2.2.2 on your side is the one initiating the tunnel to destination host on other side 192.168.1.1 , and that other side is allowing RDP port 3389.
You may do a simple telnet test on 3389 port.
e.g telnet 192.168.1.1 3389 you should get a black screen and at the some time this will also triger interesting traffic to bring up the tunnel, observe the live event log from concentrator which will provide detailed information on the two Ipsec Phases, that is Phase-1 and Phase-2 SA exchange etc... if indeed the tunnel comes up you should see it is the live event log as well as when you do the telnet test, you may provide the other side with log information from the your concentrator.
As for encripted traffic on the concentrator loog at the Monitor sessions Window look at LAN-to-LAN section , if tunnel is up and traffic is exchanged you should see Bytes Tx, Bytes Rx as well as Encryption statistics on the tunnel.
If this process is the other way around meaning the other side is initiating interesting traffic the same information applies, live event log should provide the IPsec tunnel being stablished or failing.
Rgds
Jorge -
Guys,
I have trouble (slow connection) on my servers behinds CSM. The SVI is on FWSM.
I want to see all the traffic on my servers which is located behind CSM during one day, so I will know what is the root cause of the servers slow connection.
The problem is how can I monitor the traffic in the CSM historically?
I think netflow can't handle it because netflow only knows the real IP (physical IP) of the server, and netflow can't mapping from Real IP to Virtual IP.
Thank for your help.
Regards,
EdwinHi Edwin,
To understand what is going on the connections through CSM, it is important to see server side sniffer data and client side sniffer data
from the standpoint of CSM. If you have NAM installed in the Cat6k, you can SPAN port-channel of CSM. In that case traffic are
captured with dot1q tag that makes troubleshooting easy. Without NAM, port SPAN or vlan SPAN of server side and client side are still useful.
There is no historical data with which you can troubleshoot client & server connectivity / performance issue through CSM.
Regards,
Kimihito. -
Spiceworks Network Monitor not working after upgrading to version 1.2
It's the same with my upgrade. Look like we need some oil and vinegar for the pepper ;)
Hello,
I received the email informing the availability of the new release of Network Monitor. After upgrading, the web console locks at below step:
The above issue persists whatever restarting the services or rebooting the computer hosting this service.
I also noticed that the size of this release is 682KB which is obviously small compare to old version:
Anyone else experiences the same issue?
Thanks
This topic first appeared in the Spiceworks Community -
Triple monitor: Sapphire HD5670 512MB (*non* eyefinity version)
Those reading will know that, in order to have up to 3 displays showing content in a single graphics card, if it's an AMD card then you need a certain feature known as EyeFinity.
In particular, I am talking about tihs card:
http://www.google.co.uk/products/catalo … CDAQ8wIwAQ
You will notice in the picture that this one has DP, but there is another version that has VGA port in its place. I courd not for the life of me find it again, but at the time of buying the concern was CRT usage, so a VGA port was important. I did not know about EyeFinity at the time.
This guide is for people whe made mistakes like this.
This is typically the case. With my card in particular, you cannot get triple monitor in Windows, because the drivers prevent it (it is possible in Linux).
I said prevent.
If a card has 3 video outputs, each with their own RAMDAC (or none, if its digital-only), then why can you not use all 3 at the same time?
Typically in such a setup, if it does not have EyeFinity, then the connectors are usually:
VGA, DVI, HDMI (my card)
or
DVI, DVI, VGA (other cards)
or
DVI DVI, HDMI
or
HDMI, HDMI, DVI
In other words, all ef these types of card without support for EyeFinity, do not have:
DisplayPort connector
This is a rather crude way of getting it to work, but any solution is a selution still.
Well, here is a simple way I get triple monitor on my card that does not support EyeFinity:
VGA lcd in the VGA
DVI lcd in the DVI
DVI lcd in the HDMI (using HDMI-DVI adapter)
The HDMI is disconnected via a coupler, before I boot into Linux. I have a script with these commands:
xrandr --auto --output VGA-0 --mode 1280x1024
xrandr --auto --output DVI-0 --mode 1280x1024 --right-of VGA-0
xrandr --auto --output HDMI-0 --mode 1280x1024 --right-of DVI-0
(run it as a bash script)
With the HDMI (via HDMI-DVI, then a DVI coupler, then DVI to DVI going to the monitor) disconnected at the coupler, I run this script.
Of course, this script sets triple monitor, but right now only the DVI and VGA are hooked up.
Once it has done, I have dual monitor.
Then, connect at the coupler (or "gender changer") on the HDMI output. Now all 3 displays are connected, but you still have dual monitor.
Run the above commands again, and you will see triple monitor.
Now that you have solved the problem of getting tri-monitor in X, if you look at your TTYs you will notice that only one of the screens is showing. In X (usually terminal 7 or 8), simply disconnect the HDMI at the coupler for a few seconds, then reconnect it.
Now you to your TTY (Ctrl-Alt-F{1-6}), and it will show text on all 3 screens (albeit duplicated).
Thoughts,
I am not sure as to why this is possible to do. I see it as "tricking" the other incapable hardware into outputting on 3 displays, but it seems penfectly functional.
My guess is that this actually is an EyeFinity card, in the sense that it is the same base an which other cards (with DP, and thus, EyeFinity) are built, but that this particular card can be used in the same way, to get triple monitor.
Either that, or this is a "bug" in X11/XrandR (if it is a bug, please do not fix it, I like my triple monitors, I call it a feature).
I know that this certainly works in Xubuntu too, I tried it on a Live CD.
I tried removing the graphics card and trying this on the intergrated graphics (HD 4290/4250 I think), which also has the same 3 outputs, but the hardwas itself actually enforces a maximum of 2 monitors. If you have DVI and HDMI hooked up, it defaults to HDMI, but masquerades as DVI (where the drivers are concerned). You could use this hack, but then it would still not work because the hardware itself, not the driver softawre, is enforcing it.
The board is: ASUS M4a89GTD PRO
Last edited by NightCrawler03X (2012-01-17 17:45:59)Hello,
i get the same messages without any problems for my intel card.
You can read more about it in this thread:
http://forums.gentoo.org/viewtopic-t-85 … ec66f93bf2
There are a fair amount of people who have posted their /proc/mtrr there, you can compare yours to them.
In the end they come to the conclusion, that uncachable entries are not a problem, for the most systems.
However uncachable regions of 1024MB seem to be too large.
On my mtrr the biggest uncachable entry is 64MB.
So you might get improvement from solving this. -
Policy based routing on VRF interfaces to route traffic through TE Tunnel
Hi All,
Is there a method to do policy based routing on VRF interfaces and route data traffic through one TE tunnel and non-data traffic through another TE tunnel.
The tunnel is already build up with these below config
interface Tunnel25
ip unnumbered Loopback0
tunnel destination 10.250.16.250
tunnel mode mpls traffic-eng
tunnel mpls traffic-eng path-option 10 explicit name test
ip explicit-path name test enable
next-address x.x.x.x
next-address y.y.y.y
router ospf 1
mpls traffic-eng router-id Loopback0
mpls traffic-eng area 0
mpls traffic-eng tunnels
nterface GigabitEthernet5/2
mpls traffic-eng tunnels
mpls ip
Is there additional config needed to work ,also in the destination end for the return traffic,we want to use the normal PATH --I mean non TE tunnel.
We tested with the above scenario,but couldn't able to reach the destination.Meantime we had a question,when the packet uses the policy map while ingress,it may not know the associatuion with VRF(Is that right? --If so ,how to make it happen)
Any help would be really appreciated
Thanks
Regards
Anantha Subramanian Natarajanhi Anantha!
I might not be the right person to comment on your first question. I have not configured MVPNs yet and not very confertable with the topic.
But I am sure that if you read through the CBTS doc thoroughly, you might be able to derive the answer yourself. One thing I notice is that " a Tunnel will be selected regularly according to the routing process (even isf it is cbts enabled). From the tunnels selected using the regular best path selection, the traffic is mapped to a perticular tunnel in the group if specific class is mapped to that tunnel.
So a master tunnel can be the only tunnel between the 2 devices over which the routing (bgp next hops) are exchanged and all other tunnels can be members of this tunnel. So your RPF might not fail.
You might have to explore on this a bit more and read about the co-existance of multicast and TE. This will be the same as that.
For your second question, the answer would be easy :
If you want a specific eompls cust to take a particular tunnel/path, just create a seperate pair of loopbacks on the PEs. Make the loopback learnt on the remote PE through the tunnel/path that you want the eompls to take. Then establish the xconnect with this loopback. I am assuming that your question is that a particular eompls session should take a particular path.
If you meant that certain traffic from the same eompls session take a different path/tunnel, then CBTS will work.
Regards,
Niranjan -
HTTP tunnelling on version 9.0.2.0.0 - does it work?
I can't get HTTP tunneling to work on version 9.0.2.0.0, though it seems to work OK on version 2.0.0.0 ( the version included with the JDev Release Candidate)
on 9.0.2.0.0 when trying to connect to my session bean using HTTP tunneling I get the following error reported:
com.evermind.server.rmi.OrionRemoteException: Invocation error: java.lang.ClassNotFoundException: com.aeroint.partsmarking.remote.PartSpecControlSSBHome
ie it can't find my home interface. If I access the bean without the http tunneling set it works fine.Hi Barry,
iMovie11, SnowLeopard 10.6.7.
Different problem in the trailer:
The main title shows "placeholders" as if the font is missing which it is likely not; I have not messed with fonts in a year.
The placeholders resemble a box with the capital letter "A" within the box bordered by the phrase "BASIC LATIN" on top and bottom of the box and "0000" on the left and "00F7" on the right.
To attempt to repair the malfunction, I eliminated the .plist file but this rids iMovie11 of the projects themselves, so this is no solution.
I quit iMovie and restarted it but the problem persists.
The previous trailer had no font problems, nor problems of any kind. My previous movies made in iMovie11 had no problems either.
What to do? -
Monitoring traffic and collisions
Hello-
I am wondering if I could get some feedback on a utility that can be used to monitor collisions (source of problem) on the switches in my cluster. Current setup: 8 x 3548's -> 1 x 3550 in a star config. There seems to be alot of latency at times. I have MRTG running against the 3550, but I need to get to the root of the problem. Any help would be appreciated. Thx in advance.That is a strange graph from MRTG. Are you sure that MRTG is still updating? The only time I have seen MRTG draw a graph like that is when it stops updating. The reason for this is when MRTG can no longer collect data it just keeps using the last successful measurement and you end up with a never changing graph like you have.
Ports blinking amber usually indicate errors. If you do a show interface command every couple of minutes do you see the error cuonters incrementing? If not then you might have failing hardware or heavy traffic in a half duplex environment. If you set the port speeds and duplex you must match the settings on all attached hosts. Hosts that are not set will match speed but end up at half duplex resulting in collisions.
The MRTG/MIB stuff from the URL I supplied sometimes works - sometimes not. If it doesn't work it is the MIB portion that is ususally incorrect.
-Mark
Maybe you are looking for
-
Cannot login using Active Directory credentials
We are experimenting with macs at our company. We bought a mac pro which is running 10.8.2. I am able to join active directory but cannot log in with any user account. I have tried logging in as myself and some test accounts. I have read some oth
-
Disk Utility: Unable to create "ImageName.dmg" error -39
Ladies, Gentlemen, I used Disk Utility to backup the internal hard drive of my iMac G5 iSight. The last backup of the hard drive was unsuccessful, ending with next message: Unable to create "ImageName.dmg"; error -39. The iMac is running OS X 10.4.11
-
How can I startup from my hard drive instead of Darwin/BSD screen?
Hi, I have read most of the forum that was discussed regarding about the darwin/bsd screen. I still can not find the solution to solving my problem. After using the Disk Warrior disc as a startup to fix the directory, and restarting the computer. It
-
File content conversion - sender adapter for Header and detail records
Hi Experts, I am receiving a field of fixed length content format.(Header)The first line of the file will follow the structure X having some fields and (DetailRecord)subsequent lines in the file will follow structure Y having somes f
-
Bulk Insert, Domain Based Attributes
Hi I have a product model similar to the ProductSamplemodel that ships with MDS. i.e. Product Category, Product Sub Category entities. Both of these entities have been created to automatically generate a code - as a code does not exist in the busines