Reroute Traffic

Let's consider 2 organizations - Fabrikam and Contoso. Each has its own Lync Servers 2013 deployment. Lync Federation is set up between the 2 organizations as to allow communication to happen. Fabrikam is purchased by Contoso. An email integration is also
performed, and due to a hard requirement each Fabrikam user now has 2 mailboxes - one with @fabrikam.com and another with @contoso.com, in order to allow users to be able to select the From field in Outlook (this behavior is not possible with one mailbox with
multiple aliases). Email forwarding is configured as to have just one of the mailboxes receive all the traffic. However this presents a problem for the migrated users: mails addressed to @fabrikam.com will allow recipients to use the contextual Lync menus
and directly Lync IM/call the respective contact, however those mails addressed to @contoso.com won't have this. An example: Ted is a Fabrikam employee; following the email integration he now has [email protected] and [email protected] His Lync account has [email protected]
as SIP address. Hence trying to use the Lync integration from within Outlook will fail for those emails addressed to [email protected], simply because this SIP address doesn't exist in the Contoso Lync deployment.
Is there a way to somehow reroute all Lync traffic addressed to [email protected] to [email protected] ? Ideally a behavior similar to the
targetAddress attribute, that's being used in Exchange.

Hi,
Base on my understanding, it is possible to achive with the method you provided above.
Here is a similar case for you:
https://social.technet.microsoft.com/Forums/en-US/f8630c35-c717-486b-b877-32d1beea8c46/lync-online-meeting-schedule?forum=lyncconferencing
However, it is better to add a sip domain in Lync Server (Contoso) and migrate users to it as Saleesh said above.
Best Regards,
Eason Huang
Please remember to mark the replies as answers if they help, and unmark the answers if they provide no help. If you have feedback for TechNet Support, contact [email protected]
Eason Huang
TechNet Community Support

Similar Messages

Reroute Traffic Destined for Outside IP Address

Please don’t laugh, but we have a legitimate need to have a Sling Box installed at our main location to enable our corporate PR/Marketing person at another office to be able to watch Live Television (News). For those familiar with a product called Sling Box, this is what they are made for.
Current configuration:
-Sling box installed at Waukesha
-Connected to LAN with an IP on our 32 vlan of 10.128.32.77 (DHCP reservation) -> in sling box terminology this is the “home IP"
-Configured ASA Firewall to NAT sling box to external IP of ##.###.###.216 -> in sling box terminology this is the “away IP"
-Accessing the sling box externally works perfectly
-Accessing the sling box internally on a computer in the same subnet works perfectly
-Accessing the sling box internally on a computer on any other vlan/subnet fails
Specific to the last point, there is some magic that apparently happens as I did a packet capture last night while at our remote office. There is a payload that comes from the sling box data center that tells the playback software which IP to use (home IP vs away IP) and the Wire Shark inspection literally shows the ##.###.###.216 address. For reasons beyond my understanding, but I remember from deplying the ASA and VPNs there is no way for traffic to leave our firewall (normal traffic is NAT’d to ##.###.###.210) and have it successfully re-enter the same outside interface to then come right back in on ##.###.###.216
I spoke with Sling Box support and there is absolutely no way to override or specify an IP address within the playback software to expressly connect to the home IP vs the outside IP.
All of that said, I am wondering how best to:
Intercept traffic destined for ##.###.###.216 and redirect it to the internal IP address of sling box of 10.128.32.77. Easy to do on Cisco routers or best to do on windows with a static route? I am lost and know there is likely a simple static route command or firewall configuration that will make this happen.

If your route point is a router or L3 switch then you could configure a route-map with an ACL that is used to change the next hop ip for the servers in the DC to the DRC. This will be a lot of manual configuration and testing but it maybe a viable solution.
Sent from Cisco Technical Support iPad App

New Airport Network - issues with some specific features

Hello,
I have just changed my wifi system for an Airport Network, with one AirPort Extreme and 2 AirPort Express. The goal was to extend the wifi network to the entire house. Everything is fine, all my computers are able to connect to the network and are able to access the internet. The AirPort Network is connected to the internet with the PPPoE procedure.
The issue is very specific here.
1. I use Outlook 2007 to handle my e-mails. Since I have shifted to the AirPort Network, Outlook is not able to connect to pop server anymore for 4 of my 5 accounts. Hotmail (pop) is functionning alright but Gmail is blocked !
2. Windows Update is also unable to connect to the appropriate server.
Maybe there is more but it's all I have noticed so far. I have not changed a single parameter by myself on my computers and both are affected the same way.
I first thought it was a firewall issue but disabling my software firewall (Bullguard) did not change anything. Vista Firewall is not active. Maybe is it the internal firewall of the AirPort Extreme ? But that would not explain why Outlook can send messages (smtp works fine).
Any idea or similar experience ? Thank you in advance.
Best regards,
AdG

Maybe my problem is just bad luck ! I might have shifted to my new network
the wrong day. One day earlier, I would not have seen any difficulty... if this is it.
Quakes slow cyber connections
By Zhu Shenshen | 2009-8-18 | NEWSPAPER EDITION
SHANGHAI'S international Internet connections slowed significantly yesterday after earthquakes rocked Taiwan and southern Japan. It was unclear last night how long repairs might take. Millions of Chinese Netizens were unable to connect to overseas Websites or use popular online chat tools yesterday afternoon.
About 15 million MSN instant message users in Shanghai and other parts of China were affected as the main servers are in the United States. Connections to most overseas Websites including those run by Yahoo and the New York Times were also clogged.
The chain of events that led to the service disruption had its origin in Typhoon Morakot, which struck Taiwan on August 7 and led to a later breakdown in an undersea telecommunications cable system.
Local Internet traffic was not influenced because transmissions were routed to a backup channel. But that cable failed yesterday near Busan, South Korea, apparently the victim of the earthquakes, according to China Unicom.
The failure affected Asian communications to the US and Europe.
The epicenter of the first quake, which struck at 8:05am yesterday, was about 188 kilometers southeast of Hualien on Taiwan's east coast at a depth of 11km, the island's weather bureau said. The US Geological Survey put the magnitude at 6.7.
The second quake, which was centered close to the first at a depth of 20km and struck at 6:10pm, measured 6.1, the Taiwan weather bureau said. It was also felt in Japan's Ishigaki Island.
"We've sent a team to repair the broken cable, but we can't give a detailed timetable for when it will be completed," said Song Guixiang, a public relations official for China Telecom.
The schedule will depend heavily on weather conditions, Song said.
Repairs are handled by a team comprising the carriers that use the cable.
In most cases it takes one to two months to fully repair damaged undersea cables. In the meantime, telecom operators will try to reroute traffic to operating cables and satellite systems.
Domestic Internet connections and international call services were normal yesterday, the carriers said.

Looking for some guidance on an Internet and Wan failover design

Hey Everyone,
I have a project that has been somewhat dropped my lap. The person who was going to do the project has abruptly bowed out. I'm stuck in a position where I can either find another contractor, or just do the work myself. For sake of saving my company, and putting another notch in my belt, I think I'm just going to do it myself. For background info, I am a CCIE Collaboration. I have held a CCNA in route switch for several years, and have used it extensively. I have done some pretty large networking projects. But I've never done this particular aspect of route switch. I'm hoping someone here can point me to a good location for reference materials or videos.
Here is what I'm looking to do. We have 30 branch offices, with 2 major data centers. Both data centers have a 100mg internet, and a 50mg mpls connection. Today our MPLS comes directly in to a Cisco 3945 router and then uplinks in to our datcenter on a 3750 stacked switch. Our internet connection comes in to a HA pair of ASA 5510's and then also uplinks to our switches. All of our branches come back to the datacenters over the MPLS for their internet services. Today, all of our offices go to our west coast datacenter. The only thing using our east coast datacenters internet is that office itself. I want to achieve two goals:
1) Make all internet connectivity load balance. If one site loses internet, all traffic routes to the other site.
2) If the MPLS is lost, I want the datacenters to reroute traffic through a VPN tunnel between each other
The way I understood it from the person who left the project is that I need to bring the internet connection and the MPLS in to a single router, or pair of clustered routers. That router can then make the patch selection and handle the BGP with our carrier.
Thank you all in advance.

I acually have similar setup at home using a 2611 router and forwarding port ranges to multiple ips on the internal network and it works great! My issue is that I have one dynamic ip assigned by my ISP and eventually I will have to manually change the ip for each nat statement. I wanted to know if there is a way to point to the outside interface instead of using on ip address. I found out that you can use a static nat statment
"ip nat inside source static tcp 10.0.0.2 22 interface fa0/0 22" instead of
"ip nat inside source static tcp 10.0.0.2 22 72.xxx.xxx.85 22 extendable"
but I cannot find how to point my route-map to the interface to fully resolve this dynamic ip change in the future. My config is listed below which works great if you have static ips assigned by your ISP!!! Though I would love some guidance on the dynamic issue if possible. Thanks
~Roman
P.S. ip nat statements work like numbered access lists and have to be in order or it will not work. I found out the hard way!.
interface fa0/0
ip nat outside
interface fa0/1
ip nat inside
interface s1/0
ip nat inside
ip nat inside source list 1 interface fa0/0 overload
ip nat inside source static tcp 10.0.0.2 22 72.xxx.xxx.85 22 extendable
ip nat inside source static 192.168.1.3 72.xxx.xxx.85 route-map DESKTOP extendable
access-list 1 remark NAT OVERLOAD List
access-list 1 permit 10.0.0.0 0.255.255.255
access-list 1 permit 192.168.0.0 0.0.255.255
access-list 1 permit 172.16.0.0 0.15.255.255
access-list 100 remark Desktop computer port-forwarding
access-list 100 permit tcp host 192.168.1.3 3389 any
access-list 100 permit tcp host 192.168.1.3 28960 any
access-list 100 permit udp host 192.168.1.3 range 28960 32000 any
route-map DESKTOP permit 10
match ip address 100

Iptables and tor, reroute all traffic for security... Help?

I'm attempting to route all TCP traffic that does not go through polipo through port 9040, tor's default TransPort. My web browser uses polipo to cache stuff, so I'd like to keep it in place if possible. However, all non-http traffic needs to be sent through the transPort. My current config, which does not take into account rerouting, is below:
# Generated by iptables-save v1.4.15 on Fri Oct 12 16:33:33 2012
#*nat
#:PREROUTING ACCEPT [12:3420]
#:INPUT ACCEPT [1:261]
#:OUTPUT ACCEPT [0:0]
#:POSTROUTING ACCEPT [0:0]
#-A OUTPUT ! -p tcp -m owner --owner-uid tor -j REDIRECT --to-ports 9040
#-A OUTPUT -p udp --dport 53 -j REDIRECT --to-ports 9053
#COMMIT
# Completed on Fri Oct 12 16:33:33 2012
# Generated by iptables-save v1.4.15 on Fri Oct 12 16:33:33 2012
*filter
:INPUT DROP [9:1175]
:FORWARD ACCEPT [0:0]
:OUTPUT DROP [8:488]
# allow loopback
-A INPUT -i lo -j ACCEPT
-A OUTPUT -o lo -j ACCEPT
# allow NTPD time syncs
-A OUTPUT -p udp --dport 123 -j ACCEPT
# allow tor
-A OUTPUT -j ACCEPT -m owner --uid-owner tor
-A OUTPUT -p tcp --dport 9040 -j ACCEPT
-A OUTPUT -p udp --dport 53 -j ACCEPT
# allow BitTorrent
-A OUTPUT -p tcp --dport 6969 -j ACCEPT
-A OUTPUT -p tcp --dport 51413 -j ACCEPT
-A OUTPUT -p udp --dport 51413 -j ACCEPT
# allow pings (still not working. fix?)
-A OUTPUT -p icmp --icmp-type 8 -j ACCEPT
-A INPUT -p icmp --icmp-type 8 -m conntrack --ctstate NEW -j ACCEPT
# allow traffic on established connections
-A INPUT -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
-A INPUT -m conntrack --ctstate INVALID -j DROP
COMMIT
# Completed on Fri Oct 12 16:33:33 2012
as you can see, I've already tried to redirect traffic using the --uid-owner polipo rule. So far, it's just caused iptables to spit out errors. I'm stumped, so I thought I'd come to you wonderful people at the Archlinux forums for help.

Using the command you gave me, I found that the polipo user is indeed executing /usr/bin/polipo. Other than that, polipo is executing no processes.
I tried adding the following to my iptables rules nat section:
-A OUTPUT -p tcp -m tcp -m owner ! --uid-owner polipo -j ACCEPT
-A OUTPUT -p tcp -m tcp -m owner ! --uid-owner polipo -j REDIRECT --to-ports 9040
polipo now works, but the rest of my traffic that should go to the TransPort gets blocked.
[EDIT]
I'm now trying the same thing, except that I've chained privoxy with polipo like so:
browser > privoxy > polipo > tor > internet
my iptables rules look like this:
# Generated by iptables-save v2.4.15 on Fri Oct 12 16:33:33 2012
*nat
:PREROUTING ACCEPT [12:3420]
:INPUT ACCEPT [1:261]
:OUTPUT ACCEPT [0:0]
:POSTROUTING ACCEPT [0:0]
#-A OUTPUT -p tcp -m tcp -m owner ! --uid-owner tor -j REDIRECT --to-ports 9040
-A OUTPUT -p tcp -m tcp -m owner ! --uid-owner tor -m owner ! --uid-owner polipo -m owner ! --uid-owner privoxy -j REDIRECT --to-ports 9040
COMMIT
# Completed on Fri Oct 12 16:33:33 2012
# Generated by iptables-save v1.4.15 on Fri Oct 12 16:33:33 2012
*filter
:INPUT DROP [9:1175]
:FORWARD ACCEPT [0:0]
:OUTPUT DROP [8:488]
# general
-A OUTPUT -p tcp -m owner --uid-owner tor -j ACCEPT
-A INPUT -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
-A OUTPUT -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
# allow loopback
-A INPUT -i lo -j ACCEPT
-A OUTPUT -o lo -j ACCEPT
-A INPUT -p all -s 127.0.0.1 -d 127.0.0.1 -j ACCEPT
# allow NTPD time syncs
-A OUTPUT -p udp --dport 123 -j ACCEPT
# allow tor
-A OUTPUT -p tcp --dport 9040 -j ACCEPT
-A OUTPUT -p udp --dport 53 -j ACCEPT
-A OUTPUT -p tcp --dport 8123 -j ACCEPT
-A OUTPUT -p tcp --dport 8118 -j ACCEPT
# allow pings
-A OUTPUT -p icmp --icmp-type 8 -j ACCEPT
COMMIT
# Completed on Fri Oct 12 16:33:33 2012
and it STILL won't route traffic right. iptables redirects to the TransPort, but any traffic passed through polipo or privoxy reveals "connection reset" error message. Help?
Last edited by ParanoidAndroid (2013-03-12 01:50:51)

Will Apple Maps reroute me around traffic if the screen is locked?

I have never received a reroute notification, has anyone? If you have, can it be received while navigating with the screen locked? I like to keep the screen locked to save battery life.
Best regards,
Tyler

If what you say is true, why does Apple's website say this?:
Traffic
... And if traffic’s a mess, Maps offers alternative routes to save you time.
With a picture of a reroute prompt? (Half way down the page)
http://www.apple.com/ios/maps/
Regards,

Re: Nokia Drive+ Beta Traffic rerouting option not...

Disappointed that lumia with drive beta has no traffic reroute as my N8 had. !!

Here Drive + is still only Beta so make sure you let Nokia know before tey release the final. You can use the Nokia Support tab below. This is a user to user support forum so your post may not be seen by the right people.

Nokia Drive+ Beta Traffic rerouting option not app...

Hi
I have a Lumia 920 with Nokia Drive+ Beta. Ive been told that it has traffic rerouting but dont see any traffic options in there. Ive looked through all the menus, including route settings and route optimisation but no traffic related options.
I live in reading, UK and travel towards and around London a lot so this would be very useful. Is it just not supported in London yet?

Hi,
Have you tried uninstalling and re-installing the application? Try to check as well if the application is updated. You may also take a look for related information here.

VPN 3005 - Reroute Internet traffic out local connection

We have a VPN 3005 concentrator that connects to our backbone switch. We have about 6 sites who have the following subnet:
site A: 172.16.x.x
site B: 172.17.x.x (etc)
When a user is at home, hotel, or directly connected to the Internet and they connect with the VPN client to our network we want all Internet traffic (cnn, google, etc) to route through their local connection and not through our network through our internal Internet connection. How can I setup the VPN Concentrator to allow all internal traffic and reroute all other traffic out their local Internet connection?

split tunneling needs to be configured on the concentrator.
firstly, create a network list.
go configuration>policy management>traffic management>network lists. then put the private lan ip behind concentrator on to the list.
go configuration>user management>groups>client config
you will see "split tunneling policy" and "split tunneling network list"
with option "split tunneling policy", choose "only tunnel networks on the list". with option "split tunneling network list", choose the network list you just created.

Reroute some vrf traffic between 2 sites over redundant link

hey guys,
We have a single client (in vrf) with 2 sites in different states and running over our mpls core.. Our primary link in our core is experiencing degredation of service and want to route this client over our redundant link while keeping all other clients going over our primary link - is this possible?
The client in question has its own vrf (L3VPN) at both sites and is running over mpls between both sites. We want to re-route this particular client to take our backup path, while keeping everyone else between both sites going over the primary. We are not using TE, instead LDP to build MPLS.
I don't believe this is possible to only re-route one client, however I thought I would ask the question.
We cannot failover to secondary link for everyone between both sites because the link doesn't have the capacity.
Thanks in advance.

Hi,
Using MPLS TE would certainly be an option. You would need to setup an MPLS TE LSP over the backup. You would also need to configure a separate lookback interface on each PE and use this loopback interface address as the next hop for the specific VRF
ip vrf X
bgp next-hop loopback 999
ip route 255.255.255.255 Tu1
This way you would make sure that only the traffic for this specific VRF would travel over the TE tunnel.
Regards

IP-Fast Reroute with MPLS remote LFA tunnels

I have a simple ring network with 4 3600Xs with IP/MPLS 10 gig backbone between all units (with OSPF running in the core). Per the 3600 design guide I turned on IPFRR under OSPF for fast reroute of traffic around faults. I have a l3vpn on the 3600s that I'm using to test. The FRR works quite well when the repair route is a ECMP (equal cost multipath) route, I don't even notice an interruption in ping between l3vpn sites when an 'active' link goes down.
The issue arises when the repair route is a remote-LFA (loop free alternative) MPLS tunnel. I've done a few tests, and the failover time when the repair route is a remote LFA tunnel is the same as when FRR isn't turned on at all, it's just the normal route convergence time and there is a significant traffic interruption (as compared to FRR when an ECMP route is the repair route).
The thing is I'm not quite sure how even to diagnose this. I was thinking that maybe the remote FLA tunnel was using the link that failed, so it in essence was 'down' as well, hence the traffic interruption as routing fully converged. But I looked at the remote-LFA interfaces, and as much as I understand them they are taking the right path out of the router anyway (that is, away from the link that would fail in order to activate the remote-LFA route).
Are there any resources or tips to help troubleshoot why these remote-LFA tunnel repair routes don't seem to be working well?

Thanks for the reply Nagendra. When you ask if I've seen the back path installed in RIB/FIB, I'm not exactly sure what you mean. I do see repair paths referncing remote LFAs on both the 3600 that would be the source and the destination of the test traffic. Like this:
* 172.16.0.3, from 10.10.10.3, 01:55:50 ago, via TenGigabitEthernet0/2
      Route metric is 2, traffic share count is 1
      Repair Path: 10.10.10.4, via MPLS-Remote-Lfa40
and on the other router:
* 172.16.0.2, from 10.10.10.1, 01:56:34 ago, via TenGigabitEthernet0/1
      Route metric is 2, traffic share count is 1
      Repair Path: 10.10.10.2, via MPLS-Remote-Lfa32
If you're looking for some specific command output, let me know.

Fast-Reroute on a ring with Gig Interface

Hi,
I'm trying to setup a fast-reroute option on a 4 routers ring connected through gige with OSPF.
The main idea is to be able to use xconnect between A & B for normal route with a backup through C & D in case of Gig failure AB.
I created two tunnel as follow on A
interface Tunnel50
ip unnumbered Loopback0
tunnel mode mpls traffic-eng
tunnel destination b.b.b.b
tunnel mpls traffic-eng autoroute announce
tunnel mpls traffic-eng priority 2 2
tunnel mpls traffic-eng path-option 1 explicit name b-fast
tunnel mpls traffic-eng fast-reroute node-protect
interface Tunnel51
ip unnumbered Loopback0
tunnel mode mpls traffic-eng
tunnel destination b.b.b.
tunnel mpls traffic-eng autoroute announce
tunnel mpls traffic-eng priority 5 5
tunnel mpls traffic-eng path-option 10 explicit name b-low
and configure A to B interfaces with
mpls traffic-eng backup-path Tunnel51
ip rsvp bandwidth
router ospf
mpls traffic-eng router-id Loopback0
mpls traffic-eng area 0
Same kind of conf on B side...
Well, if I shutdown A to B interface, the fast-reroute doesn't seems to operate and the xconnect resume on a ospf convergence base latency.
Should I also create tunnel A-C, A-D, B-C, B-D, ... like a full mesh ? or point to point on a ring AB, BC, CD, DA ?
Thanks for your help.
Laurent

I tried a xconnect between br01 and br04.
Routers are on a ring : br01(ge3/2)--(ge3/1)br03--br02--br04(ge3/2)--(ge3/1)br01
tunnel50 is the straight route and tunnel 51 is the low route
*Here the output from br04
br04-7600-mtp02#show mpls traffic-eng tunnels brief
Signalling Summary:
    LSP Tunnels Process:            running
    Passive LSP Listener:           running
    RSVP Process:                   running
    Forwarding:                     enabled
    Periodic reoptimization:        every 3600 seconds, next in 2803 seconds
    Periodic FRR Promotion:         Not Running
    Periodic auto-bw collection:    every 300 seconds, next in 103 seconds
P2P TUNNELS/LSPs:
TUNNEL NAME                      DESTINATION      UP IF      DOWN IF    STATE/PROT
br04-7600-mtp02_t50              94.103.128.56    -         Gi3/2     up/up
br04-7600-mtp02_t51              94.103.128.56    -         Gi3/1     up/up
br01-7600-par01_t50              94.103.128.59    Gi3/2      -          up/up
br01-7600-par01_t51              94.103.128.59    Gi3/1      -          up/up
Displayed 2 (of 2) heads, 0 (of 0) midpoints, 2 (of 2) tails
P2MP TUNNELS:
Displayed 0 (of 0) P2MP heads
P2MP SUB-LSPS:
Displayed 0 P2MP sub-LSPs:
          0 (of 0) heads, 0 (of 0) midpoints, 0 (of 0) tails
br04-7600-mtp02#show mpls traffic-eng fast-reroute database
P2P Headend FRR information:
Protected tunnel               In-label Out intf/label   FRR intf/label   Status
Tunnel50                       Tun hd   Gi3/2:implicit-n Tu51:implicit-nu Ready
P2P LSP midpoint frr information:
LSP identifier                 In-label Out intf/label   FRR intf/label   Status
P2MP Sub-LSP FRR information:
*Sub-LSP identifier
src_lspid[subid]->dst_tunid    In-label Out intf/label   FRR intf/label   Status
* Sub-LSP identifier format: _[SubgroupID]->_
Note: Sub-LSP identifier may be truncated.
Use 'detail' display for the complete key.
br04-7600-mtp02#show mpls traffic-eng tunnels backup
br04-7600-mtp02_t51
LSP Head, Admin: up, Oper: up
Tun ID: 51, LSP ID: 35, Source: 94.103.128.59
Destination: 94.103.128.56
Fast Reroute Backup Provided:
    Protected i/fs: Gi3/2
    Protected LSPs/Sub-LSPs: 1, Active: 0
    Backup BW: any pool unlimited; inuse: 0 kbps
    Backup flags: 0x0
*Here the output from br01
br01-7600-par01#show mpls traffic-eng tunnels brief
Signalling Summary:
    LSP Tunnels Process:            running
    Passive LSP Listener:           running
    RSVP Process:                   running
    Forwarding:                     enabled
    Periodic reoptimization:        every 3600 seconds, next in 2489 seconds
    Periodic FRR Promotion:         Not Running
    Periodic auto-bw collection:    every 300 seconds, next in 89 seconds
P2P TUNNELS/LSPs:
TUNNEL NAME                      DESTINATION      UP IF      DOWN IF    STATE/PROT
br01-7600-par01_t50              94.103.128.59    -         Gi3/1     up/up
br01-7600-par01_t51              94.103.128.59    -         Gi3/2     up/up
br04-7600-mtp02_t50              94.103.128.56    Gi3/1      -          up/up
br04-7600-mtp02_t51              94.103.128.56    Gi3/2      -          up/up
Displayed 2 (of 2) heads, 0 (of 0) midpoints, 2 (of 2) tails
P2MP TUNNELS:
Displayed 0 (of 0) P2MP heads
P2MP SUB-LSPS:
Displayed 0 P2MP sub-LSPs:
          0 (of 0) heads, 0 (of 0) midpoints, 0 (of 0) tails
br01-7600-par01#show mpls traffic-eng fast-reroute database
P2P Headend FRR information:
Protected tunnel               In-label Out intf/label   FRR intf/label   Status
Tunnel50                       Tun hd   Gi3/1:implicit-n Tu51:implicit-nu Ready
P2P LSP midpoint frr information:
LSP identifier                 In-label Out intf/label   FRR intf/label   Status
P2MP Sub-LSP FRR information:
*Sub-LSP identifier
src_lspid[subid]->dst_tunid    In-label Out intf/label   FRR intf/label   Status
* Sub-LSP identifier format: _[SubgroupID]->_
Note: Sub-LSP identifier may be truncated.
Use 'detail' display for the complete key.
br01-7600-par01#show mpls traffic-eng tunnels backup
br01-7600-par01_t51
LSP Head, Admin: up, Oper: up
Tun ID: 51, LSP ID: 30, Source: 94.103.128.56
Destination: 94.103.128.59
Fast Reroute Backup Provided:
    Protected i/fs: Gi3/1
    Protected LSPs/Sub-LSPs: 1, Active: 0
    Backup BW: any pool unlimited; inuse: 0 kbps
    Backup flags: 0x0
Thx,
Laurent

Fast Reroute on 7600 platform

Hi,
One quick enquiry, does 7600 platform support MPLS Fast Reroute.
Practical inputs would be of immense help.
Thanks
Cheers
~sultan

The MPLS Traffic EngineeringFast Reroute MIB provides Simple Network Management Protocol (SNMP)-based network management of the Multiprotocol Label Switching (MPLS) Fast Reroute (FRR) feature in Cisco IOS software.
The Fast Reroute MIB has the following features:
"Notifications can be created and queued.
"Command-line interface (CLI) commands enable notifications, and specify the IP address to where the notifications will be sent.
"The configuration of the notifications can be written into nonvolatile memory.
Refer to MPLS Traffic EngineeringFast Reroute MIB section for more information
http://www.cisco.com/en/US/docs/ios/mpls/configuration/guide/mp_te_fast_rr_mib_ps6922_TSD_Products_Configuration_Guide_Chapter.html#wp1101191

Single WAE \ WCCP \ Dual Routers - Slow Accelerated Traffic

Our standard WAE design was to have dual WAE's at sites with dual Routers.
The WAE's are either 674's or 574's and the routers are Cisco ISR's all works well.
Several new sites have coome online but these sites now only have a single WAE devcie and two WAN routers. Some users at
The issue I have now is that some "Accelerated" sessions via the WAE devices are reported by users as being very slow. When those sessions are removed from WAAS policy and set to pass through the user reports normal access again.
On looking at the problem I have possibly identified that the lack of the command;
ip wccp redirect exclude in on the router interface
But this command was never applied to the exisiting design, though potentialy under normal conditiaon where both routers and both WAE's are working it's never been a problem.
From Cisco;
In any scenario where egress redirection is used, the command above MUST be issued on the router interface adjacent to the WAE. This command, "ip wccp redirect exclude in", ensures that packets received on the interface are not redirected again. This prevents an optimized packet from being rerouted directly back to the WAE. Instead, with this command applied, the router would simply see the packet coming in and forward it normally (WCCP would be bypassed for packets received on that interface).
The WAE's are NOT L2 connected to the Routers so the following config is applied,
rtr no 1
ip wccp 61 redirect-list WAAS
ip wccp 62 redirect-list WAAS
ip cef
interface GigabitEthernet0/0
description *** Data LAN
ip address x.y.7.6 255.255.255.192
ip wccp 61 redirect in
ip wccp 62 redirect out
rtr no 2ip wccp 61 redirect-list WAAS
ip wccp 62 redirect-list WAAS
ip cef
interface GigabitEthernet0/0
description *** Data LAN
ip address x.y.7.1 255.255.255.192
ip wccp 61 redirect in
ip wccp 62 redirect out
WAE Configprimary-interface Standby 1
interface Standby 1
ip address x.y.7.65 255.255.255.192
interface GigabitEthernet 1/0
standby 1 primary
exit
interface GigabitEthernet 2/0
standby 1
exit
wccp router-list 1 x.y.7.1 x.y.7.6
wccp tcp-promiscuous router-list-num 1
wccp version 2
Option 2 below is used. But all sites have DUAL Routers. Note Redirect Exclude is NOT configured.
Thanks in advance for any support offered.

Thanks for your post, details below.
What do you mean by "sessions removed from WAE policy" ? Are you configuring static bypass on the WAE or are you excluding specific traffic with the WCCP redirect list ?
I am defining certain traffic as Passtrough via a ststic bypass on the WAE’s
- check if the slowness affects all the redirected traffic or just particular sources/destinations/applications
      Recent testing has identified it just seems to affect a certain share, which I am investigating as this share has some kind of "Archive" solution in place.
- make sure that the WCCP redirect ACL matches both directions of the connections
      It does
- check the redirect / return method that is being negotiated
      All OK
- make sure both routers are seeing the WAE via WCCP
      Yes they are
- check for "routing loop" in the WAE syslog.txt to understand if the WAE is receiving some traffic twice
      Investigating and will post reply.
Are the affected connections showing up in the "show stat connection" output on the WAE ? If so, are they optimized or PT ?
     They show as fully optimized when configured for the CIFS AO, but revert to PT when the static WAE policy is altered.

Topology changed and WAAS caused traffic interuption

We have 2 sites that connected via point to point circuits. These sites have 3 WAE's @ each location. The ingress vlan @ each site of the point to point ciruits is using ip wccp 62 redirect in. The svi's on the 6500's that house the users/servers have ip wccp 61 redirect in. Each of these sites have host ports to an MPLS cloud that contains other datacenters that don't currently have WAE's installed. Normal flow of traffic between those sites is directly to Site A or B, the interface that they enter the core 6500's is the same vlan that contain the 62 redirect. When all connectivity is good the traffic from one of the sites to either Site A or B is not affected by the waas due to the fact that there isn't a pair involved in the flow. Yesterday there was a major outage for our MPLS carrier and traffic began to take a path through A to get to B. Example:
Client---->SiteA Core 6500 Vlan interface with 62 in---->POINT to POINT----->SiteB Core 6500 Vlan interface with 62 in---Site B SVI with 61 in
Client could ping resource fine but could't pull up shares or create an ODBC connection.
From what I can tell Site A does have a "matching" 61 and 62 flow for connection but SiteB does.
We are using ACL's for WCCP but not sure they are correct, ie they are the same for both 61 and 62. From what I understand 61 is based on source address while 62 is base on destination, is this only for load balancing across multiple WAE's? Does any have a recomendation or thought on why this would have broke during the rerouting of traffic? I would also like some input on how to utilize the ACL's correctly. Should each site specific ACL's that are the inverse of each other, ie:
Site A
ip access-list extended WAAS_Traffic_61
permit ip 192.168.0.0 0.0.0.255 any
ip access-list extended WAAS_Traffic_62
permit ip any 192.168.0.0 0.0.0.255
Site B
ip access-list extended WAAS_Traffic_61
permit ip 192.168.1.0 0.0.0.255 any
ip access-list extended WAAS_Traffic_62
permit ip any 192.168.1.0 0.0.0.255
where 192.168.0.0/24 resides @ Site A and 192.168.1.0/24 resides @ Site B.
Thanks,
Joe

Hi Zach
I have implement this scenario and WAAS is performing optimization. I only need to optimize two sites that connect trough VPN, so I'm using WCCP only on Server VLAN and VPN VLAN that receive the remote users connections.
So, when I look to "sh stat conn" I see many PT Asymmetric connections.
I have disable EPM Accelerator cause I have read about EPM Accelerator does not work with Asymmetric Routing and also cause I had Microsoft access problem with one user VLAN that has WCCP command on it.
I need enable EPM Accelerator because MAPI accelerator needs it to work fine.
My doubts are:
I have many VLANs at Central Site that does not need optimize and that WAE Core are handling. Can I include this networks in a passtrough policy?
How can I identify the cause of Asymmetric to enable EPM Accelerator? I can see that the same connection is being see in two directions like bellow:
10.25.48.57:80 172.0.0.59:1973 N/A PT Asymmetric
172.0.0.59:1973 10.25.48.57:80 N/A PT Asymmetric
Is it normal I have MS-EndPointMapper between two internals VLANs, that are not in the WAAS path?
Thanks for help

Reroute Traffic

Similar Messages

Maybe you are looking for