MPLS TE tunnel problem

Hi,
i created MPLS TE tunnel between three Cisco 2811 series routers and configured that MPLS TE tunnel will reserve 1Mbps of bandwidth.Then I started to send constant 3 Mbps data flow trough the MPLS TE tunnel (everything looks ok: tunnel is up, bandwidth is reserved, all the data flow entering the tunnel). The problem is that data flow leaving the tunnel at 3Mbps rate. Why tunnel dont limit data rate?????

The tunnel doesn't do rate-limiting. Bandwidth at the tunnel level is only a control plane feature.
You need to configure admission control on the tunnel headend with CAR or some other form of rate limiting if you want to enforce the tunnel reserved bandwidth.
Hope this helps,

Similar Messages

MPLS TE tunnels with DS-TE - step2

Dear Sir!
in Further to my previous thread (MPLS TE tunnels with DS-TE), I'll want to implement this solution:
One of the ways to solve this problem is to use different BGP next-hops for the prefixes (probably VoIP prefixes) that attract the LLQ-bound traffic .
PE1----PE2
Either PE2 would need to change the next-hop from Loo0 to Loo10 (say) and advertise those (VoIP) VPN prefixes (for this VPN) to PE1,
or let PE1 change the next-hop for the relevant prefixes via an import-map within that VRF.
And then you could use the tunnel10's destination to be the Loop10 IP address
Rajiv Asati .
as Rajiv Asati says, because of I've 36x0 routers, which don't support CBTS (Class Based TUnnel selection).
But when I try to make tunnel10's destination to be the Loop10 IP address, then I find that line protocol of this tunnel is DOWN (of course, Lo10-network are in IGP protocol of MPLS TE domain)
when I make
PE1:
interface Tunnel10
description for LLQ
ip unnumbered Loopback0
tunnel destination PE2-lo10-ip
tunnel mode mpls traffic-eng
tunnel mpls traffic-eng autoroute announce
tunnel mpls traffic-eng priority 0 0
tunnel mpls traffic-eng bandwidth sub-pool 2048
tunnel mpls traffic-eng path-option 1 dynamic
end
sh mpls traf tu Tu10
command I find that:
Shortest Unconstrained Path Info:
Path Weight: UNKNOWN
Explicit Route: UNKNOWN
History:
Tunnel:
Time since created: 9 minutes, 46 seconds
Path Option 1:
Last Error: PCALC:: Destination IP address, PE2-lo10-ip, not found
(of course, Lo10-network are in IGP protocol of MPLS TE domain)
I don't understand - why (can I've for MPLS TE tunnel destination other address that MPLS TE RID)?
Can you suppose what is my possible mistake?
Best regards,
Maxim Denisov

You need to change the next-hop outbound under address-family vpnv4 as follow:
bgp xx
address-family vpnv4
neighbor route-map setNH out
route-map setNH permit 10
match extcommunity 1
set ip next-hop
route-map setNH permit 20
match extcommunity 2
set ip next-hop
route-map setNH permit 30
ip extcommunity-list 1 permit rt
ip extcommunity-list 2 permit rt
Hope this helps,

MPLS-TE Tunnel (FRR) Issue

Hi
Need some discussion on MPLS - TE tunnel issue.
One of Tunnel with FRR configured, creates problem after a while affects the traffic running on the link until I shut the tunnel manually.
Configs are ok because same configurations made for different cities to authenticate to a AAA server located in one of city.
following is the generic diagram and complete config for respective links in all 3 cities but the tunnel on link highlighted with RED arrow creates problem after a while not at once until I shut the tunnel,
The Platform is Cisco CISCO7609-S and all links are on 7600-SIP-400 module
interface GigabitEthernet2/2/0
description *** Physical Interface ***
dampening
mtu 9216
ip address x.x.x.x x.x.x.x
no ip redirects
no ip proxy-arp
ip ospf message-digest-key 1 md5 7 xxx
ip ospf network point-to-point
load-interval 30
carrier-delay msec 0
negotiation auto
mpls traffic-eng tunnels
mpls traffic-eng backup-path Tunnel2300
mpls ip
service-policy output egress_policy
hold-queue 4096 in
hold-queue 4096 out
ip rsvp bandwidth percent 95
ip rsvp signalling dscp 48
end
x.x.x.x#sh running-config int tun 1300
Building configuration...
Current configuration : 377 bytes
interface Tunnel1300
description *** Primary Tunnel ***
ip unnumbered Loopback0
shutdown
mpls ip
tunnel destination x.x.x.x
tunnel mode mpls traffic-eng
tunnel mpls traffic-eng autoroute announce
tunnel mpls traffic-eng path-option 10 explicit name path-1300
tunnel mpls traffic-eng fast-reroute
end
x.x.x.x#sh running-config int tun 2300
Building configuration...
Current configuration : 332 bytes
interface Tunnel2300
description *** Backup Tunnel ***
ip unnumbered Loopback0
shutdown
mpls ip
tunnel destination x.x.x.x
tunnel mode mpls traffic-eng
tunnel mpls traffic-eng path-option 10 explicit name path-2300
tunnel mpls traffic-eng record-route
end

Hi,
Issue was figured out, the traffic was dropping dut to EF tagged traffic in the service policy applied under the physical interface.
The limit of EF tagged traffic was defined less as per actual traffic which was causing drop in peak hours

MPLS TE tunnel not coming up - RSVP issue?

Hello,
I have two routers R2 and R5 back to back and I am trying to create an MPLS TE tunnel between them. R2 already has one tunnel up and running to another router R1.
I think my issue is that no RSVP traffic is being sent by R2 or R5. Here is my interface config on R5 and some show commands:
R5#show run int s2/0
Building configuration...
Current configuration : 143 bytes
interface Serial2/0
ip address 192.168.25.5 255.255.255.0
mpls traffic-eng tunnels
fair-queue 64 256 32
ip rsvp bandwidth 1000 1000
end
R5#show ip int brief s2/0
Interface IP-Address OK? Method Status Protocol
Serial2/0 192.168.25.5 YES NVRAM up up
R5#show ip rsvp counters in s2/0
Serial2/0 Recv Xmit Recv Xmit
Path 0 0 Resv 0 0
PathError 0 0 ResvError 0 0
PathTear 0 0 ResvTear 0 0
ResvConfirm 0 0 ResvTearConfirm 0 0
UnknownMsg 0 0 Errors 0 0
R5#
I have mpls traffic-eng tunnels on all routers and interfaces. Here here is my tunnel config on R5 towards R2:
R5#show run int tun 2
Building configuration...
Current configuration : 174 bytes
interface Tunnel2
ip unnumbered Loopback0
tag-switching ip
tunnel destination 10.0.0.2
tunnel mode mpls traffic-eng
tunnel mpls traffic-eng path-option 1 dynamic
end
I also am learning all addresses via OSPF so R5 does have a route (and can ping) 10.0.0.2 (R2's loopback)
Any ideas where this is failing? Why isn't RSVP sending packets?
Thanks,

Here you go. I have made some changes since then but nothing major. Just adding interfaces under the OSPF MPLS traffic-eng to see if that will work. Also, there is a couple tunnels you see that I have not started to work on yet. Tunnel 5 on R2 points to R5. Tunnel 2 on R5 points to R2.
=====================================
R2:
R2# show run
Building configuration...
Current configuration : 1965 bytes
version 12.2
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
hostname R2
logging buffered 16384 debugging
ip subnet-zero
ip cef
no ip domain-lookup
mpls label protocol ldp
mpls traffic-eng tunnels
tag-switching tdp router-id Loopback0
interface Loopback0
ip address 10.0.0.2 255.255.255.255
interface Tunnel1
ip unnumbered Loopback0
tunnel destination 10.0.0.1
tunnel mode mpls traffic-eng
tunnel mpls traffic-eng path-option 1 dynamic
interface Tunnel3
ip unnumbered Loopback0
tag-switching ip
tunnel destination 10.0.0.3
tunnel mode mpls traffic-eng
tunnel mpls traffic-eng path-option 1 dynamic
interface Tunnel5
ip unnumbered Loopback0
tunnel destination 10.0.0.5
tunnel mode mpls traffic-eng
tunnel mpls traffic-eng path-option 1 dynamic
interface FastEthernet1/0
ip address 205.127.233.242 255.255.254.0
speed 100
full-duplex
interface Serial2/0
ip address 192.168.12.2 255.255.255.0
mpls traffic-eng tunnels
fair-queue 64 256 37
ip rsvp bandwidth 1500 1500
interface Serial2/1
bandwidth 20000
ip address 192.168.25.2 255.255.255.0
mpls traffic-eng tunnels
fair-queue 64 256 37
ip rsvp bandwidth 1000 1000
interface Serial2/2
no ip address
shutdown
interface Serial2/3
no ip address
shutdown
router ospf 1
router-id 10.0.0.2
log-adjacency-changes
network 10.0.0.2 0.0.0.0 area 0
network 192.168.12.0 0.0.0.255 area 0
network 192.168.23.0 0.0.0.255 area 0
network 192.168.25.0 0.0.0.255 area 0
mpls traffic-eng router-id Loopback0
mpls traffic-eng area 0
mpls traffic-eng interface Serial2/0 area 0
mpls traffic-eng interface Serial2/1 area 0
mpls traffic-eng interface Loopback0 area 0
ip classless
ip http server
ip pim bidir-enable
call rsvp-sync
mgcp profile default
dial-peer cor custom
line con 0
exec-timeout 0 0
logging synchronous
line aux 0
line vty 0 4
login
end
R2#
====================================
R5:
R5#show run
Building configuration...
Current configuration : 1492 bytes
version 12.2
service timestamps debug uptime
service timestamps log uptime
no service password-encryption
hostname R5
logging buffered 16384 debugging
ip subnet-zero
no ip domain-lookup
mpls label protocol ldp
mpls traffic-eng tunnels
tag-switching tdp router-id Loopback0
interface Loopback0
ip address 10.0.0.5 255.255.255.255
interface Tunnel2
ip unnumbered Loopback0
tunnel destination 10.0.0.2
tunnel mode mpls traffic-eng
tunnel mpls traffic-eng path-option 1 dynamic
interface Serial2/0
ip address 192.168.25.5 255.255.255.0
mpls traffic-eng tunnels
fair-queue 64 256 32
ip rsvp bandwidth 1000 1000
interface Serial2/1
ip address 192.168.45.5 255.255.255.0
shutdown
mpls traffic-eng tunnels
fair-queue 64 256 37
ip rsvp bandwidth 1000 1000
interface Serial2/2
no ip address
shutdown
fair-queue 64 256 37
ip rsvp bandwidth 10000 10000
interface Serial2/3
no ip address
shutdown
router ospf 1
router-id 10.0.0.5
log-adjacency-changes
network 10.0.0.5 0.0.0.0 area 0
network 192.168.25.0 0.0.0.255 area 0
network 192.168.45.0 0.0.0.255 area 0
mpls traffic-eng router-id Loopback0
mpls traffic-eng area 0
mpls traffic-eng interface Serial2/0 area 0
mpls traffic-eng interface Loopback0 area 0
ip classless
ip http server
ip pim bidir-enable
call rsvp-sync
mgcp profile default
dial-peer cor custom
end
R5#
======================================
thanks

MPLS TE tunnels doesn't come up after BGP arrived at the scene

Hi folks,
I was running a little lab where I had an mpls te tunnel running fine from one router located at the border of the network to the other, I was using ISIS as the IGP. Everything was fine untill I added BGP to the lab and suddenly the tunnel turn down. I want to know if I got to add an additional configuration to my PE routers to succesfully bring up my tunnel like before. My tunnel's explicits path were LSR-PE2 and LSR PE1. My topology looks like this.
                                 LSR
         eBGP         /               \          eBGP
ASx ------------ PE1 ----------------- PE2--------------ASy
                               iBGP
Thanks,
Francis.

Here I leave the configurations and I correct myself about the network topology, I added a pic about the exact topology too. The tunnel is built PE1-R1-R3.
PE1 - R0
clns routing
mpls label protocol ldp
mpls traffic-eng tunnels
interface Loopback0
ip address 10.201.0.0 255.255.255.255
ip router isis
interface Tunnel0
ip unnumbered Loopback0
tunnel destination 10.201.0.3
tunnel mode mpls traffic-eng
tunnel mpls traffic-eng priority 5 5
tunnel mpls traffic-eng bandwidth 1000
tunnel mpls traffic-eng path-option 10 explicit name te
no routing dynamic
interface FastEthernet0/0
bandwidth 100000
ip address 10.200.0.1 255.255.255.252
ip router isis
duplex auto
speed auto
mpls label protocol ldp
mpls ip
mpls traffic-eng tunnels
ip rsvp bandwidth 75000
ip rsvp resource-provider none
interface FastEthernet1/0
bandwidth 100000
ip address 10.200.0.5 255.255.255.252
ip router isis
duplex auto
speed auto
mpls label protocol ldp
mpls ip
mpls traffic-eng tunnels
ip rsvp bandwidth 85000
ip rsvp resource-provider none
interface FastEthernet2/0
ip address 190.80.239.1 255.255.255.252
duplex auto
speed auto
router isis
net 49.0123.0000.0000.0000.00
is-type level-1
metric-style wide
mpls traffic-eng router-id Loopback0
mpls traffic-eng level-1
router bgp 6400
no synchronization
bgp log-neighbor-changes
network 190.80.239.0 mask 255.255.255.252
neighbor 10.201.0.4 remote-as 6400
neighbor 10.201.0.4 password cisco
neighbor 10.201.0.4 update-source Loopback0
neighbor 190.80.239.2 remote-as 1630
neighbor 190.80.239.2 password cisco
no auto-summary
ip explicit-path name te enable
next-address 10.201.0.1
next-address 10.201.0.3
mpls ldp router-id Loopback0
LSR- R1
clns routing
mpls label protocol ldp
mpls traffic-eng tunnels
interface Loopback0
ip address 10.201.0.1 255.255.255.255
ip router isis
interface FastEthernet0/0
bandwidth 100000
ip address 10.200.0.6 255.255.255.252
ip router isis
duplex auto
speed auto
mpls label protocol ldp
mpls ip
mpls mtu 1508
mpls traffic-eng tunnels
ip rsvp bandwidth 75000
ip rsvp resource-provider none
interface Serial1/0
bandwidth 1500
ip address 10.200.0.9 255.255.255.252
ip router isis
encapsulation ppp
mpls label protocol ldp
mpls ip
mpls traffic-eng tunnels
serial restart-delay 0
ip rsvp bandwidth 1200
ip rsvp resource-provider none
interface Ethernet2/0
bandwidth 10000
ip address 10.200.0.13 255.255.255.252
ip router isis
full-duplex
mpls label protocol ldp
mpls ip
mpls mtu 1508
mpls traffic-eng tunnels
ip rsvp bandwidth 7500
ip rsvp resource-provider none
router isis
net 49.0123.0000.0000.0001.00
is-type level-1
metric-style wide
mpls traffic-eng router-id Loopback0
mpls traffic-eng level-1
mpls ldp router-id Loopback0
LSR-R3
ip cef
no ip domain lookup
mpls label protocol ldp
mpls traffic-eng tunnels
interface Loopback0
ip address 10.201.0.3 255.255.255.255
ip router isis
interface Tunnel0
ip unnumbered Loopback0
tunnel destination 10.201.0.0
tunnel mode mpls traffic-eng
tunnel mpls traffic-eng priority 5 5
tunnel mpls traffic-eng bandwidth 1000
tunnel mpls traffic-eng path-option 10 explicit name te
no routing dynamic
interface FastEthernet0/0
bandwidth 100000
ip address 10.200.0.2 255.255.255.252
ip router isis
duplex auto
speed auto
mpls label protocol ldp
mpls ip
mpls traffic-eng tunnels
ip rsvp bandwidth 75000
ip rsvp resource-provider none
interface Serial1/0
bandwidth 1500
ip address 10.200.0.10 255.255.255.252
ip router isis
encapsulation ppp
mpls label protocol ldp
mpls ip
mpls traffic-eng tunnels
serial restart-delay 0
isis metric 1677214
ip rsvp bandwidth 1200
interface Ethernet2/0
bandwidth 10000
ip address 10.200.0.14 255.255.255.252
ip router isis
full-duplex
mpls label protocol ldp
mpls ip
mpls traffic-eng tunnels
ip rsvp bandwidth 7500
ip rsvp resource-provider none
interface FastEthernet3/0
bandwidth 100000
ip address 10.200.0.17 255.255.255.252
ip router isis
duplex auto
speed auto
mpls label protocol ldp
mpls ip
mpls traffic-eng tunnels
isis metric 1677214
ip rsvp bandwidth 75000
router isis
net 49.0123.0000.0000.0003.00
is-type level-1
metric-style wide
mpls traffic-eng router-id Loopback0
mpls traffic-eng level-1
ip explicit-path name te enable
next-address 10.200.0.13
next-address 10.201.0.0
mpls ldp router-id Loopback0
PE2- R4
ip cef
no ip domain lookup
clns routing
mpls label protocol ldp
mpls traffic-eng tunnels
interface Loopback0
ip address 10.201.0.4 255.255.255.255
ip router isis
interface FastEthernet0/0
bandwidth 10000
ip address 10.200.0.18 255.255.255.252
ip router isis
duplex auto
speed auto
mpls label protocol ldp
mpls ip
mpls traffic-eng tunnels
ip rsvp bandwidth 75000
interface FastEthernet1/0
ip address 190.80.239.5 255.255.255.252
duplex auto
speed auto
router isis
net 49.0123.0000.0000.0004.00
is-type level-1
metric-style wide
mpls traffic-eng router-id Loopback0
mpls traffic-eng level-1
router bgp 6400
no synchronization
bgp log-neighbor-changes
network 190.80.239.4 mask 255.255.255.252
neighbor 10.201.0.0 remote-as 6400
neighbor 10.201.0.0 password cisco
neighbor 10.201.0.0 update-source Loopback0
neighbor 190.80.239.6 remote-as 36256
neighbor 190.80.239.6 password cisco
no auto-summary
mpls ldp router-id Loopback0

MPLS TE tunnel autoroute announce metric in SPF computation

Hi, I have a doubt whether MPLS TE tunnel metric is taking into SPF computation when the tunnel has "autoroute announce" configured.
From the book "MPLS traffice enginnering" written by Osbourn, IGP SPF computation is always performed before tunnel metric is modified, I found this is only true if IGP is ISIS, but if IGP is OSPF, tunnel metric specified by "autoroute metric" will always be taken into SPF computation, a.k.a, if tunnel metric is configured to be less than underlying IGP metric, a suboptimal routing will always happen to destination routers that are in between tunnel head and tunnel tail.
Any idea why there is a inconsistent behavior between OSPF and ISIS SPF computation? or I missed anything?

Hi,
You're right. There is a different behavior between OSPF and ISIS on how they handle the autoroute metric feature.
ISIS: TE tunnel metric is not taken into account during SPF computation.
OSPF: TE tunnel metric is taken into account during SPF computation.
So playing with this feature can change the SPT if your IGP is OSPF.
The difference seems coming from the SPF implementation of OSPF and ISIS
HTH
Laurent.

MPLS TE Tunnel priority

Hi ,
I have a doubt on MPLS TE tunnel selection for LSP. I understood that by using the TE tunnels , suppose if have 3 different path to reach the next hop router. we can set a priority by using the command tunnel mpls traffic-eng priority (set priority) (hold priority).
if i have configured tunnel 1 and i have given tunnel mpls traffic-eng priority 1 1 and the back up tunnel for this is tunnel 2 and the relevant priority is tunnel mpls traffic-eng priority 2 2 , so now the first tunnel is the first best path to reach the desired next hop Ldp ID and if the link associated with that tunnel is down the automatically the back up tunnel with the priority 2 2 should come up.
and i need in rare case if both the links associated with the Tunnel 1 and tunnel are down then the 3rd tunnel should come up. For achieving this is it enough if i create another one tunnel 3 and give the command tunnel mpls traffic-eng priority 3 3.
Or since i have 3 seperate path to reach the next hop router , is it possible to do the load balancing between LSP. if its good to do the load balancing how can we achieve this.
Regards,
Hariharan k

yes, you can configure load balancing, all tunnels toward the same destination appear as equal-cost paths, even when their TE bandwidths are not the same.
config is given below
interface Tunnel0
ip unnumbered Loopback0
tunnel destination a.b.c.d
tunnel mode mpls traffic-eng
tunnel mpls traffic-eng autoroute announce
tunnel mpls traffic-eng priority 7 7
tunnel mpls traffic-eng path-option 1 explicit path1
interface Tunnel1
ip unnumbered Loopback0
tunnel destination 172.16.0.21
tunnel mode mpls traffic-eng
tunnel mpls traffic-eng autoroute announce
tunnel mpls traffic-eng priority 7 7
tunnel mpls traffic-eng path-option 1 explicit path2
after this if you run the show ip route command, you will see the two paths listed in routing table.
regards
shivlu jain

Ping Packet Loss across MPLS TE Tunnels

Hello...Please Help,
I have a Single Area OPSF network running across 4 main routers via GigEth Ckts. The OSPF Network is working correctly. I recently implemented MPLS TE creating two Tunnels - One Explicit Path and One Dynamic Path. Two of the Routers also have a T1 Frame Relay Link over which the Explicit path is configured. It is up and woking but I am experiencing 50-60 percent packet loss when pinging between these PE routers. When I force it to the dynamic tunnel it follows the same FR path and experiences the same packet loss. There is no packet loss anywhere else in the network.
This is a Lab environment w/three LAN's Two 7206VXR & Two 3745 routers and Three 3550 Switches - one per LAN
Suggestions?

Thank You for your response. The problem may not be an MPLS TE problem.
But would my "path-option" and "priority" being set the same for the Dynamic and Explicit Tunnels cause one tunnel to come up and the other go down and cease to signal. Right now I have one or the other working when viewed w/the "show mpls traffic-eng tunnels" command. If I take one down the other works.
The IPs are 10.1.101.1 & 2/30 respectively for the FR Link. That was a Typo...I have corrected it.
The FR interfaces are not SubInt's as the Serial Interface holds the IP address. These are strictly Point to Point but I have the "IP OSPF Network Broadcast" command set and OSPF going across them.
I have SubInt's set on the Gi0/3 Interface.
Gi0/3.1 & 3.10 for VLAN's 1 & 10
There are not any drops when pinging from Within the routers "Interface to Interface".
But when I ping the LAN Node to Node or from within the Router "if" I do not specify an "interface source" I receive the drops.
The result is the same from either side of the Network on both of the 7206 Routers.
Thanks, Kevin

VPN tunnel Problem

Hi all ,
I need create VPN tunnels between two ASAs devices . And these devices are connected through DSL . And as you know in this case we use private outside IP address , because there is a NAT device at the outside . The problem is that no VPN tunnel is created even though all the parameters and the pre-shared-key are typical .

I hve allready configured following configuration.
no crypto map newmap interface outside
no crypto map newmap 171 set peer 195.11.199.144
no isakmp key ********* address 195.11.199.144 netmask 255.255.255.255 no-xauth no-config-mode
crypto map newmap 171 set peer 195.11.204.5
isakmp key ******** address 195.11.204.5 netmask 255.255.255.255 no-xauth no-config-mode
clear crypto ipsec sa
clear crypto isakmp sa
crypto map newmap interface outside
Setting were applied successfully however Still VPN tunnel is not been initiated.

Tunneling Problem using HttpsUrlConnection

Hi,
I had gone through forums regarding this topic and still i am facing the same problem using the HttpsUrlConnection. We are working behind a proxy so we have to make a proxy authorization if we want to connect to a server in the internet.
But in case of HttpUrlConnection, everything works
fine. But if we do the same with a HttpsUrlConnection, the authentication fails. It throws an IOException
with the message
Unable to tunnel through 192.9.100.10:80.
Proxy returns "HTTP/1.1 407 Proxy authentication required"
Sample code as follows,
The following code doesn't have any problem becos it works fine with HttpUrlConnection and also it is working without proxyserver for https as well.
This is running under MSVM.
I don't want to use SSLSocketFactory and i need to use following layout(i.e only with Httpsurlconnection)
Is there any way to make work with proxyserver? Or can't we do this at all?
System.setProperty("proxySet","true");
System.setProperty("https.proxyHost","proxyIP");
System.setProperty("https.proxyPort","80");
OutputStream os = null;
OutputStreamWriter osw = null;
InputStream is = null;
InputStreamReader isr = null;
BufferedReader br = null;
URL url;
String line = null;
System.setProperty("java.protocol.handler.pkgs","com.sun.net.ssl.internal.www.protocol");
Security.addProvider(new com.sun.net.ssl.internal.ssl.Provider());
String login = proxyUserName+":"+proxyPassWord;
String encodedLogin = new sun.misc.BASE64Encoder().encode(login.getBytes());
url = new URL("https://www.verisign.com");
HttpsURLConnection con = null;
con =(HttpsURLConnection) url.openConnection();
con.setRequestProperty("Proxy-Authorization", encodedLogin);
con.setRequestMethod("GET");
con.setDoOutput(true);
con.setDoInput(true);
con.setUseCaches(false);
con.connect();
os = con.getOutputStream();
osw = new OutputStreamWriter(os);
osw.write("SampleMsg");
osw.flush();
osw.close();
is = con.getInputStream();
isr = new InputStreamReader(is);
br = new BufferedReader(isr);
while ( (line = br.readLine()) != null)
System.out.println("line: " + line);
Can any one help me regarding this?I need a reply very urgently.
Thanks,
Prabhakaran R

Hope this help.
Note to change the properties to fit your system, and use the supported package ( JSSE, JRE1.5.......).
You can use URLConnection for both HTTP or HTTPS protocol.
import java.io.*;
import java.net.*;
import java.security.*;
import java.util.*;
import javax.net.ssl.*;
public class testSSL9 {
public testSSL9() {
byte[] data = httpConnection();
System.out.println(new String(data));
public static void main(String[] args) {
Properties sysprops = System.getProperties();
Security.addProvider(new com.sun.net.ssl.internal.ssl.Provider());
// sysprops.put("java.protocol.handler.pkgs",
// "com.sun.net.ssl.internal.www.protocol");
sysprops.put("java.protocol.handler.pkgs",
"javax.net.ssl.internal.www.protocol");
sysprops.put("javax.net.ssl.trustStore",
"D:/jdk1.4/jre/lib/security/cacerts");
sysprops.put("javax.net.debug", "ssl,handshake,data,trustmanager");
sysprops.put("https.proxyHost", "172.16.0.1");
sysprops.put("https.proxyPort", "3128");
sysprops.put("https.proxySet", "true");
sysprops.put("http.proxyHost", "172.16.0.1");
sysprops.put("http.proxyPort", "3128");
sysprops.put("proxySet", "true");
testSSL9 testSSL91 = new testSSL9();
private byte[] httpConnection() {
try {
URL url = null;
// String strurl = "https://www.verisign.com";
String strurl = "https://central.sun.net";
// String strurl = "http://www.yahoo.com"; --> use: HttpURLConnection
url = new URL(strurl);
HttpsURLConnection connection = (HttpsURLConnection) url.openConnection();
HttpsURLConnection.setFollowRedirects(false);
connection.setDoOutput(true);
connection.setDoInput(true);
connection.setUseCaches(false);
connection.connect();
InputStream stream = null;
BufferedInputStream in = null;
ByteArrayOutputStream bytearr = null;
BufferedOutputStream out = null;
try {
stream = connection.getInputStream();
in = new BufferedInputStream(stream);
bytearr = new ByteArrayOutputStream();
out = new BufferedOutputStream(bytearr);
catch (Exception ex1) {
System.out.println(ex1);
System.out.println("Server reject connection...sory");
int i = 0;
while ( (i = in.read()) != -1) {
out.write(i);
out.flush();
stream.close();
in.close();
bytearr.close();
out.close();
return bytearr.toByteArray();
catch (Exception ex) {
ex.printStackTrace();
return null;
}

Oracle 9i Web Services Quickstart Install TCP tunneling problem

When I try to run the OTNGUIDGenerator example using the TCP Tunneling portion of the Oracle 9i Web Services Quickstart
Install I get this in the From localhost8900 tunnel window:
<?xml version='1.0' encoding='UTF-8'?>
<SOAP-ENV:Envelope xmlns:SOAP-ENV="http://schemas.xmlsoap.org/soap/envelope/" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:xsd="http://www.w3.org/2001/XMLSchema">
<SOAP-ENV:Body>
<ns1:getGUID xmlns:ns1="oracle.otn.ws.emarket.OTNGUIDGenerator" SOAP-ENV:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/">
</ns1:getGUID>
</SOAP-ENV:Body>
</SOAP-ENV:Envelope>
I get this in the From 127.0.0.1:8888 window:
HTTP/1.1 404 Not Found
Date: Mon, 28 Oct 2002 20:38:06 GMT
Server: Oracle9iAS (9.0.2.0.0) Containers for J2EE
Content-Length: 171
Connection: Close
Content-Type: text/html
<HTML><HEAD><TITLE>404 Not Found</TITLE></HEAD><BODY><H1>404 Not Found</H1>Resource /j2ee-web/oracle.otn.ws.emarket.OTNGUIDGenerator not found on this server</BODY></HTML>
This is my webservices stub
public class OTNGUIDGeneratorStub
/** public String endpoint = "http://otn.oracle.com/ws/oracle.otn.ws.emarket.OTNGUIDGenerator"; */
public String endpoint = "http://127.0.0.1:8900/j2ee-web/oracle.otn.ws.emarket.OTNGUIDGenerator";
private OracleSOAPHTTPConnection m_httpConnection = null;
public OTNGUIDGeneratorStub()
System.setProperty("oracle.soap.transport.noHTTPClient", "true");
m_httpConnection = new OracleSOAPHTTPConnection();
Properties props = new Properties();
/** props.put(OracleSOAPHTTPConnection.PROXY_AUTH_TYPE, "basic");
props.put(OracleSOAPHTTPConnection.PROXY_HOST, "proxy.scott.af.mil");
props.put(OracleSOAPHTTPConnection.PROXY_PORT, "375");
props.put(OracleSOAPHTTPConnection.PROXY_USERNAME, "fowlerji");
props.put(OracleSOAPHTTPConnection.PROXY_PASSWORD, "F1234567*g"); */
m_httpConnection.setProperties(props);
Not sure what to call the server - this works okay when I'm not using tunneling and using our proxy server??

I think your problem is that you have a proxy user/password and the TCP Monitor (both the command line and built-in 9.0.3 version) do not support that - they only support specification of the proxy server itself :-(
It is a feature request that I hope will make it into the late spring/early summer release of JDeveloper - I wrote it up as a request based on the number of folks who faced this issue with these tutorials.
Mike.

Anchor Eiop tunnel problem 5.2

Hi,
were using two dmz WLCs for "guest-Access" - one is designated for an Hotspot and one for a direct dmz access. The internal wlc uses the management-interface as interface in the wlan-config and the internal wlc has all accesspoints directly connected and have the same configuration as the dmz wlcs and both ssids are active. Between the inside and outside wlcs we have differend subnets routers and also checkpoint firewall clusters - but no NAT. All Wlcs are in the same mobility group.
The problem is, that under some condition the mobility feature hangs up ! The internal WLC authenticates the client and give him full access (including IP) but the client can not ping or connect to any device behind the eiop tunnel.(in the DMZ) That problem occurs to both DMZ WLCs. On the wcs i can see that there was a short interrupt of the ancor-tunnels but the alarm disappears. While the client can't forward any traffic a debug mobility or an mobility ping works fine and shows no problems (a lot of keepalives from all wlcs)! The only way to get the tunnel working for traffic-forwarding is to reboot the external wlcs in the DMZ. Rebooting the internal won't help!
Do you have any information or suggestion what can causes that kind of problem ? Is there any debug command wehere i can detect the problem ?
Thanks, Dennis

I am just wanting to verify that all controllers are on the same version of code. A mismatch between an older 5.1 controller or before my result in a problem establishing the tunnel because of the 2 different protocols being used to talk between the AP and the controllers. 5.1 and before is LWAPP 5.2 and later is CAPWAP I believe.

Reverse SSH Tunnel problem?

I'm trying to do a reverse SSH tunnel for a VNC project. I'm successful when I do it on a Linux box or Cygwin under Windows, but I'm having problems under Mac OS.
Here's what I do:
Terminal 1:
ssh -nNTvvv -R 5500:localhost:5500 -l my_username myhost.com
Then, to see what's going on, I run in terminal 2:
nc -l -p 5500
Then, in a third terminal, I ssh over to myhost.com, and telnet to localhost 5500.
If I initiate this whole setup on other platforms, I can then type stuff in my in the third terminal and see it echoed happily in terminal 2.
Under Mac OS, everything goes fine until I do the telnet on myhost.com. The diagnostic in terminal 1 is:
debug1: channel 0: new [::1]
debug1: confirm forwardeded-tcpip
debug3: channel 0: waiting for connection
debug1: channel 0: not connected: Connection refused
It's not a firewall issue, as I can telnet directly to port 5500 on the Mac from myhost.com without any problem.
Google gives me no help here. Any ideas?
Thanks!
12" G4 Powerbook Mac OS X (10.4.8)

Figured it out - did a no ip ssh v 2 and hey presto started working

Tunnel Problem

I'm trying to simulate a tunnel through a service provider:
I have 3 Routers, which are connected with static routes and are all pinging each other other through serial and fastethernet interfaces.
Router 1 and Router 3 are acting as tunnel endpoints. Router 2 is service provider.
Configurations:
Router 1 Loopbacks:
192.168.2.0
192.168.3.0
192.168.4.0
Router 3 Loopbacks:
192,168.13.0
192.168.14.0
Router 1 and 2: 192.168.8.1 255.255.255.252
Rouer 2 and 3: 192.168.9.1 255.255.255.252
Tunnel is: 10.40.40.1 on R1
10.40.40.2 on R3
Router 1:
Interface Tunnel 0
Tunnel Source: 192.168.8.1
Tunnel Destination: 192.168,9.2
ip route 192.168.9.2 255.255.255.255 192.168.8.2
router eigrp 1
network 192.168.2.0
network 192.168.3.0
network 192.168.4.0
Router 3:
Interface Tunnel 0
Tunnel Source: 192.168.9.2
Tunnel Destination: 192.168.8.1
ip route 192.168.8.1 255.255.255.255 192.168.9.1
router eigrp 1
network 192.168.13.0
network 192.168.14.0
After these configurations I see on both routers 1 and 3 the Tunnels are in up/up and I can ping 10.40.40.1 to 10.40.40.2, but no eigrp router are coming up, what is the problem ??? Is the source and destination ip addresses correct, are my ip route statics correct ?? Please help.
Thanks,
Sergei.
After this configuration I see my Tunnel on both Roter

Sergei,
Add the tunnel network into your Router EIGRP 1 statements in router 1 & 3. I believe that should do the trick.
router eigrp 1
network 10.40.40.0

VTI tunnel problem

Hi all,
We have VTI tunnels between Cisco (3825 and 878) and Juniper (SRX3600).
Sometimes tunnel is going down and I should manualy shutdown and no shutdown tunnel interface to bring it up.
This is logs from Cisco:
%%crypto-4-recvd_pkt_inv_spi: decaps: rec'd ipsec packet has invalid spi for destaddr=X.Y.100.200, prot=50, spi=0xc5d07a33(3318774323), srcaddr=X.Y.100.100
%%crypto-4-ikmp_no_sa: ike message from X.Y.100.100 has no sa and is not an initialization offer
X.Y.100.100 is Juniper SRX3600
X.Y.100.200 is Cisco 3825
But I see this logs more often, than tunnel is going down!
So what is problem?
Thanks

Hello,
this should help #crypto isakmp invalid-spi-recovery
http://www.cisco.com/en/US/tech/tk583/tk372/technologies_tech_note09186a0080bf6100.shtml
Best Regards
Please rate all helpful posts and close solved questions

MPLS TE tunnel problem

Similar Messages

Maybe you are looking for