MPLS, Multicast and CSM

Similar Messages

• What is the diffrence between multicasting and broadcasting?

  hi friends
  What is the diffrence between multicasting and broadcasting?
  i'm bit confused in multicasting and broadcasting.

  Broadcasts go everywhere within a range determined by the sender.
  Broadcasting is deprecated and unliikely to go beyond the nearest router.
  Multicasts go everywhere where receivers have declared they are present.
  Multicast can be implemented beyond routers in a WAN which you control but ISP routers generally don't support it.

• Performance end to end testing and comparison between MPLS VPN and VPLS VPN

  Hi,
  I am student of MSc Network Security and as for my project which is " Comparison between MPLS L3 VPN and VPLS VPN, performance monitoring by end to end testing " I have heard a lot of buzz about VPLS as becoming NGN, I wanted to exppore that and produce a comparison report of which technology is better. To accomplish this I am using GNS3, with respect to the MPLS L3 VPN lab setup that is not a problem but I am stuck at the VPLS part how to setup that ? I have searched but unable to find any cost effective mean, even it is not possible in the university lab as we dont have 7600 series
  I would appreciate any support, guidence, advice.
  Thanks
  Shahbaz

  Hi Shahbaz,
  I am not completely sure I understand your request.
  MPLS VPN and VPLS are 2 technologies meant to address to different needs, L3 VPN as opposed as L2 VPN. Not completely sure how you would compare them in terms of performance. Would you compare the performance of a F1 racing car with a Rally racing car?
  From the ISP point of view there is little difference (if we don't want to consider the specific inherent peculiarities of each technology) , as in the very basic scenarios we can boil down to the following basic operations for both:
  Ingress PE impose 2 labels (at least)
  Core Ps swap top most MPLS label
  Egress PE removes last label exposing underlying packet or frame.
  So whether the LSRs deal with underlying L2 frames or L3 IP packets there is no real difference in terms of performance (actually the P routers don't even notice any difference).
  About simulators, I am not aware of anyone able to simulate a L2 VPN (AtoM or VPLS).
  Riccardo

• I have to send messages through UDP multicast and unicast from same port. In Labview I tried that it throws error. I heard it is possible by means of Datagram (UDP unicast and multicast) Port Sharing. How can it be achieved in Labview?

  I have to send UDP multicast and Unicast messages to a remote port from a single source/local port. I tried by opening UDP unicast and multicast in the same port and got the expected error. I tried by opening a unicast connection and sending unicast messages.After that when multicast messages has to send I closed unicast and opened multicast in the same port.This is not throwing any error. But my requirenment is to comminicate with another application in C ++ which recieves this data, throwing an error of lost connectivity and both the applications are not abled to communicate properly. 
  In the other application with C++ this is implemented using port sharing. So how port sharing can be implemented in labview so that I can send both multicast and unicast messages from the same port?
  Thanks in advance

  UDP is a sessionless protocol, meaning that anyone listening on the specified port CAN receive the data. CAN because as you noted there is no guarantee in the protocol that it will be received. And if you send the data not to a specific address but a multicast address not only one computer can receive it but in fact every computer on the same subnet listening to that multicast address and depending on the TTL of the packet also computers in neighbouring subnets, although that last one is not a very reliable operation since routers can be configured to drop multicast packages anyhow despite of a different TTL saying otherwise.
  Accordingly there is no real way to make sure that a receiving UDP port is not already in use, since you don't build up a connection. UDP is more or less analogous to shouting your messages through a megaphone, and anyone listening on the right frequency (port) can hear it. You do bind the sender socket to a specific port number but that makes little difference.
  Rolf Kalbermatter
  CIT Engineering Netherlands
  a division of Test & Measurement Solutions

• Multicast and wirerless

  I have a 4404 controller running 6.0.202 code and more more people have Mac running bonjour and wanting to use Airplay.  I see how to turn on Multicasting and even provide a Multicast address for IGMP snooping but does anyone have a good feel as to the overall load Multicast adds to the wireless network?
  Thanks,
  Gary

  It depends on the type of deployment you have.
  If the network infrastructure supports multicast, you should enable Multicast - Multicast as the controller multicast mode and choose a multicast address in the 239.X.X.X range.
  If your network is not capable of supporting multicast, you would want to select Multicast - Unicast mode. This mode puts a load on the controller and on the wireless network as the Multicast is then sent as a unicast to each access point instead.
  These support articles should help you.
  Bonjour Deployment Guide
  http://www.cisco.com/en/US/products/hw/wireless/ps4570/products_tech_note09186a0080bb1d7c.shtml
  Multicast Deployment Guide
  https://supportforums.cisco.com/docs/DOC-14713

• I have two location one is Delhi(IP-192.168.100.*) and another is Mumbai(IP-192.168.1.*) and both are connected by MPLS line and ping with each other. We have one DC in Delhi location and domain name is CAPLDC and Delhi location all PC is member of this

  I have two location one is Delhi(IP-192.168.100.*) and another is Mumbai(IP-192.168.1.*) and both are connected by MPLS line and ping with each other.
  We have one DC in Delhi location and domain name is CAPLDC and Delhi location all PC is member of this domain and working properly.
  now i am trying join the Mumbai location PC with my Domain(CAPLDC) but they are not join with my DC and generate the error.
  I have chek the DNS and nslookup all are correct but this is generate error. 
   Is this possible Mumbai location join with this Domain(CAPLDC)???
  One more thing when i have created another DC with this name (papldc.com) then Mumbai location is joined properly.
  Pls find the error message below and also find the attachment.
  Note: This information is intended for a network administrator.  If you are not your network's administrator, notify the administrator that you received this information, which has been recorded in the file C:\Windows\debug\dcdiag.txt.
  The domain name "capldc" might be a NetBIOS domain name.  If this is the case, verify that the domain name is properly registered with WINS.
  If you are certain that the name is not a NetBIOS domain name, then the following information can help you troubleshoot your DNS configuration.
  DNS was successfully queried for the service location (SRV) resource record used to locate a domain controller for domain "capldc":
  The query was for the SRV record for _ldap._tcp.dc._msdcs.capldc
  The following domain controllers were identified by the query:
  capldcserver.capldc
  win-dyfq2poc88q.capldc
  However no domain controllers could be contacted.
  Common causes of this error include:
  - Host (A) or (AAAA) records that map the names of the domain controllers to their IP addresses are missing or contain incorrect addresses.
  - Domain controllers registered in DNS are not connected to the network or are not running.
  Pankaj Kumar

  Why are you using a single labeled domain? I would recommend renaming the domain name to be something like domain.com.
  Please refer to the articles below to fix your current issue:
  http://www.wincert.net/tips/networking/1614-cant-join-pc-to-a-domain-with-single-label.html
  http://www.itgeared.com/articles/1128-using-single-label-dns-names-for-active/
  This posting is provided AS IS with no warranties or guarantees , and confers no rights.
  Ahmed MALEK
  My Website Link
  My Linkedin Profile
  My MVP Profile

• [svn] 3777: Bug fix SDK-17677 Update to include MPL license and third-party notices.

  Revision: 3777
  Author: [email protected]
  Date: 2008-10-21 10:20:27 -0700 (Tue, 21 Oct 2008)
  Log Message:
  Bug fix SDK-17677 Update to include MPL license and third-party notices.
  QE Notes:
  Doc Notes:
  Bugs: SDK-17677
  Reviewer: Matt Chotin
  Ticket Links:
  http://bugs.adobe.com/jira/browse/SDK-17677
  http://bugs.adobe.com/jira/browse/SDK-17677
  Modified Paths:
  flex/sdk/trunk/modules/webtier/readme.txt

  Step by step, how did you arrive at seeing this agreement?

• FWSM and CSM in same 6509? Best Practice?

  I have a customer that has a FWSM and CSM in the same 6509 chassis. Is there a best practices configuration for doing this?

  Hi,
  Here are good documents:
  http://cisco.com/en/US/partner/netsol/ns340/ns394/ns224/ns304/networking_solutions_package.html
  In particular:
  http://cisco.com/application/pdf/en/us/guest/netsol/ns304/c649/cdccont_0900aecd8010e77f.pdf
  Best regards,
  Pascal

• 6500 sup 720 with MPLS, GRE and FWSM problem

  We have 6500 sup 720 with MPLS configured and FWSM in transparent  mode. We also terminate GRE tunnels on the same 6500.
  After implementing the command “mls mpls tunnel-recir” GRE tunnels are hardware switched (which we want them to be), but we don’t have any more connection from locations thru GRE tunnels to servers behind FWSM.
  Does anybody have idea how to solve this problem?

  Hi,
  not sure what you mean exactly.
  the command “mls mpls tunnel-recir” is needed to avoid packets corruption in cases where the Supervisor engine is handling both the GRE header encapsulation and the MPLS label stack imposition. Since it cannot do it in one single shot (without causing random corruption) recirculation is needed. Nevertheless its presence does not influence whether the GRE traffic is handled in hardware or in software. Even without it, IF THE GRE TUNNELS ARE CORRECTLY CONFIGURED (meaning that each GRE tunnels has its unique source address etc.), the traffic is handled in hardware.
  However since you say that after you enabled it you don't have connectivty anymore I suppose that some issue related to recirculation is happening (i.e. traffic ends up in the wrong internal vlan after recirculation).
  Unfortunately the support forum is not meant to help in this case as in-depth troubleshooting is required. For that you need a TAC case.
  regards,
  Riccardo

• ACL restriction of multicast and broadcast on SRW2016

  Hello all,
  I seem to be having difficulty setting up an ACL that restricts multicast and broadcast packets to a specified port on the SRW2016.
  In brief, I have one (physical) port that I need to prevent any broadcast or multicast packets from being sent to.  I need to allow clients which are on that port to send broadcast, however.  My take on this was to create an ACL with one rule of the type:
  Type: Deny
  Protocol: Any
  Source IP: 10.0.0.0/255.255.255.255
  Destination IP: 224.0.0.0/0.255.255.255
  Another type I tried was a 2-rule ACL to explicitly allow only a valid sender and deny all:
  Type: Allow
  Protocol: UDP
  Dest Port: 1234
  Source IP: 10.1.0.100/0.0.0.0
  Dest IP: 10.1.0.101/0.0.0.0
  Type: Deny
  Protocol: All
  I have tried various permutations these types of ACL (changing ordering, etc) but everything I have tried so far has allowed the multicast packets through unless I block it at the sending port (which obviously blocks it from all ports).
  Any suggestions or comments would be appreciated.  Is what I'm trying to do even possible in the SRW2016?
  Thanks,
  Mike

  Just to make sure I was creating/applying the ACLs correctly, I did a simple test with a very basic rule: I just set type to deny (basically a deny all rule).  I applied this rule to one port of the switch and verified that it was working by attempting to access the switch's web configuration interface (which correctly was inaccessable).  However, the multicast packets were still being delivered (verified via both an Ethernet dump and visual inspection of the switch's LED).
  Based on the above information, I feel it's fairly safe to say that Multicast is not filtered correctly via ACLs on the SRW2016.  Apparently Multicast packets take a different logical path than "normal" packets.  Since I don't expect an immediate firmware patch, I suspect that I need to see if I can get a router in addition or as a replacement for the switch.
  Edit: I found a method that appears to restrict the multicast packets via the "Bridge Multicast" interface (basically created a rule for the MAC related to my multicast address, set to Forbidden on one port, but this is not a generic solution for all multicast and I don't seem to be able to have more than 1 MAC address in the list...), but broadcast still gets through, regardless of the ACL I set up for the port.
  I'm beginning to wonder if my understanding of ACLs is flawed - does anyone know if they're applied to incoming packets for a port, outgoing packets for a port or both?  My assumption was both, but if the rule were only applied to incoming packets, it would explain the behavior I'm observing.
  Message Edited by michael.beresford on 03-02-2009 02:46 PM

• MPLS trace and Ping

  How to make trace and ping are available in MPLS PE router? Can I ping or trace a customer IP from the PE router?

  This functionality has been available since 12.0(27)S.
  http://www.cisco.com/en/US/products/ps6017/products_feature_guide09186a008041805b.html
  Please refer to the Cisco Feature Navigator to find out which other IOS releases and platforms it is supported on:
  Check for this specific feature:
  MPLS LSP Ping/Traceroute and AToM VCCV
  Cisco Feature Navigator:
  http://tools.cisco.com/ITDIT/CFN/jsp/index.jsp
  As to your other question, you can generally ping and traceroute to the customer network from the PE provided that the address you are using for the ping/traceroute is present in the VRF of the specific PE. This would exclude MPLS ping and traceroute thoug, if this is what you are asking.
  Hope this helps,

• FWSM and CSM

  Folks,
  I know a lot of customers like to implement both at the same time, so that FWSM can give protection to CSM. Can someone point me to the same config that talks about how to configure the 2 together. I remember looking at the config where the FWSM was configured in transparent mode and then the CSM was place behind the FWSM. But, there was a catch to the config which i forget.
  so lets say my fwsm is bridging between vlan 10 and 11, will the csm vip be in vlan 11 (high security interface on the fwsm), will this work, where would my real servers reside, has anyone tested this and could share a sample config please.

  i worked on a design where FWSM was in Routed Mode and CSM Server VLAN was on the secure network and FWSM had the necessary translations and Access-lists to pass the traffic.
  For FWSM in Transparent mode, it would still be the same case where VIP is on the secure side of the network.
  thanks
  Nadeem

• Design Help with MPLS/BGP and Point to Point VPNs using OSPF as backup

  I need some advice on the configuration I want to implement. Basically we have a MPLS cloud using BGP. We are using OSPF for internal routing. Everything is working fine. Now we want to add a Point to Point VPN using new Cisco ASA's for a backup path at all of our remote locations. We want it to be on standby. I want to use OSPF for this. Miami and LA are datacenters. I want the VPN's to go into both datacenters if possible running OSPF for backups. I have a feeling this will be very tricky. I also wanted to use floating routes. Now I know I get the VPN's up and running using OSPF with no problem. Here are my questions:
  But being that I am using different areas, will OSPF through the VPN work correctly? I have the Cisco PDF on setting this up but it looks like they are using the same, AREA0, in the example.
  Can I get both VPN's to work with no problems? Or will it be too much of a pain?
  What would you guys suggest?
  Thanks.

  We are implementing the same solution, and was only able to make this work using HSRP one router for the MPLS connection and one for the VPN tunnel. I opened a TAC case and the tech couldn't get it to work either. I was able to establish the Lan-2-lan tunnel but triggering the route update was the problem. We ended up pulling our ASA5505's out and putting in 1841 routers.

• About ASDM and CSM

  Dear Sirs,
  First, I'm not Bilingual so excuse my English.
  Please teach the functional difference between ASDM and CSM.
  ASDM: Cisco Adaptive Security Device Manager
  CSM: Cisco Security Manager
  Best regards,

  The part I'm sure of: CSM is a CiscoWorks-based multi-device management software, which helps configure various security devices (VPN, IDS/IDSM, etc.) and is separate cost.
  The part I'm not sure about: ASDM *sounds like* the same as SDM - Security Device Manager - which is a GUI to any single device but not (concurrently) multiple devices. But it's also used to configure the devices.
  HTH.

• [svn:osmf:] 16975: Fix bug FM-964, add media factory item for RTMFP multicast and remove the item from OSMFPlayer

  Revision: 16975
  Revision: 16975
  Author:   [email protected]
  Date:     2010-07-19 15:20:00 -0700 (Mon, 19 Jul 2010)
  Log Message:
  Fix bug FM-964, add media factory item for RTMFP multicast and remove the item from OSMFPlayer
  Ticket Links:
      http://bugs.adobe.com/jira/browse/FM-964
  Modified Paths:
      osmf/trunk/apps/samples/framework/OSMFPlayer/src/OSMFPlayer.as
      osmf/trunk/framework/OSMF/org/osmf/media/DefaultMediaFactory.as

  Welcome guy -
  Unless you are using Spry menus as a learning experience, you should move forward to a menus system that will display properly on the millions of portable devices that won't work with Spry which was deprecated 2 years ago.
  Many are using JQuery menus or pure HTML/CSS menus.
  If you wish to continue your Spry for learning experience, we'll be glad to assist; please let us know.
  By the way, your submenus are not showing because you need to add the red value to this rule in your vertical CSS
  ul.MenuBarVertical ul.MenuBarSubmenuVisible{
      width: 220px;
      left: 180px;