Routing loop concern
Hello all,
We have an MPLS setup with all remote sites connected to site X and site X is directly connected to site Y(datacenter). Note: site Y is not connected to MPLS cloud till now. All the traffic is passing from site X to site Y for accessing servers at datacenter. site X and site Y are connected to each other through Metro E. Now we have new circuit thats being provisioned for site Y(datacenter) that is going to be connected to MPLS cloud directly. We do bgp peering with ISP for MPLS connectivity and Internal routing protocol is Eigrp. We are doing mutual redistribution at each location for propogating routes at each site. Now the concern is when site Y is connected to MPLS and when I will do the route redistribution on site Y with MetroE connected to site X will there be a routing loop occurance or will there be a best path selection based on the metrics calculated and will choose the optimal path.
Need suggestions. Thanks in advance.
Okay no problem, it can be a little daunting when you haven't done it before :-)
1) No this isn't right.
When I refer to remote sites I mean sites other than X or Y.
So you must not allow either X or Y to redistribute any remote site networks into BGP.
There is no need because the remote site networks should never be advertised from X or Y and if you do allow it it will cause you problems.
So assuming you want X and Y to back each other up -
X redistributes it's own subnets from EIGRP into BGP and also Y's but no remote sites.
Y redistributes it's own subnets from EIGRP into BGP and also X's but again no remote sites.
If X and Y were not connected via a dedicated link this would not be an issue but because they are and they are exchanging EIGRP routes via that link they each receive EIGRP routes for the remote sites networks from each other as well as from their own MPLS router which is why you need to filter.
2) You can do the configuration on your CE routers.
MED or AS prepending are the tools you use.
So at X you advertise it's own subnets without any modification. You advertise Y's subnets but change one of the above BGP attributes.
At Y you advertise it's own subnets without any modification and X's subnets you need to modify the BGP attribute again.
This basically means that traffic will go direct to X or Y as long as their MPLS links are up.
Either should work although it may be worth having a quick chat with your provider and tell them what you are doing to make sure they are not doing anything that would override your settings.
Apart from that internally the L3 switches in X and Y should see their own MPLS routers as the best path to all remote sites because from your description the L3 switch is only one hop away from the MPLS router in X and Y whereas to go via the dedicated link would mean more hops.
I'm assuming it means more hops.
Quick way to check is do a traceroute from X L3 switch to it's MPLS router and then a traceroute from X L3 switch to Y MPLS router and hopefully there should be more hops going to Y.
Do the same from the Y L3 switch.
If it is the same number of hops then you may have to modify the EIGRP metrics.
All of the above about redistribution only applies to EIGRP to BGP.
There is nothing to do about the BGP to EIGRP redistribution.
Concentrate on the redistribution issue because that could seriously affect your network in terms of it working properly.
Regarding the second issue have a chat with your provider about the MED and AS prepending just to clear it with them.
It's not a given that traffic would go in the wrong site, it might, but it wouldn't be the end of the world if you got it wrong temporarily because traffic is doing exactly that to and from the DC at the moment ie. it goes into X and across to Y.
By all means come back if you need more help but like I say focus on the redistribution issue because that really does need addressing.
Jon
Similar Messages
-
500 5.4.6 Data command failed: Routing loop detected
I have recently installed OCS 10.1.2 on single box and configured email server. initially i could send email from web client to other domains. Later I made an MX entry in the named server to send and receive emails to the Oracle email server. At that moment also I could send emails to other domains from web client.
I then configured my email on outlook with smtp and pop server pointing to my hosted server. When I send emails to other domain from outlook I received and error "[550] 5.7.1 Rcpt command failed: Mail denied due to site's policy". I searched the forum and found a solution to take care of it. The message id is 1146225, where in I did the following
Enable Routing Control : active
allow message relay : true
allow message relay domain : *
flag process: -l
Recipient Rewriting Rules: $*@your host target smtp,$1@your domain target smtp,
example:
$*@mail.sinux.com.pe,$[email protected],
you should change the next value in smtp outbound
rele smtp : ip of your source mail or relay :port smtp
flag process: -l
After restarting the SMTP inbound and outbound server I didnt get the above error but after few days got a email saying message could not be delivered to other domains (though the message was delivered to my domain) and the errror says "500 5.4.6 Data command failed: Routing loop detected"
Any ideas to resolve it.
Warm regards,
VipulHey adminmilou,
Please reach out to our direct support via live chat and we will be able to look into this further: http://helpx.adobe.com/contact.html (select Business Catalyst). -
Need Help with Packet Loss and routing Loop perhaps???
Hi,
I am running into a very odd situation. One of our highly critical systems (172.18.1.2/16) is losing connection intermittently for brief periods of time (1minute, 3 minute, 50 seconds and so on).
I have gathered some information that I would like to share with you guys:
The switch is a 3560 (Show version is in ShowVersion.txt)
default gateway is 172.18.10.254/16 (virtual IP in an HSRP , packet capture is done on the active node)
I have noticed that pings to one of the default gateways drop infrequently (more frequently from machines on 172.18.0.0/16) segment.
total number of machines on 172.18.0.0/16 do not exceed 200
I have captured packets on Interface Vlan1 and I found something very weird, perhaps pointing to a routing loop??? (see capture.png) The ICMP request comes and hits the 172.18.10.254 with TTL of 128 TWICE! then packet capture shows that same packet with TTL decremented by one TWICE! again and again until it reaches TTL of 1 and then it responds with a reply.
At times it completely ignores the requests and causes a request timed out.
I am confused and need help in right direction. I really appreciate it.
can you also confirm if the multiple packets mean routing loop somewhere?
ThanksCould you post a copy of your HRSP config and the results of a #show standby?
Thanks -
i get these messages from our edge wae device, they have various host ip's not sure what to make of it. there is no routing loop unless waas/wae is doing something that i am not aware of to cause that to happen. wae is in a seperate net from the users and the router. we are running 4.0.17 and wccpV2, the prepositioning and and cifs functions seem to be performing as advertised, print services are being phased out and moved back to core as we cannot seem to find a good driver set for the various printers at the site, but it seems unlikely that would be the issue anyway.
any ideas appreciated.
Message #1: [2008-05-23 15:27:10,101][ WARN] - Host 172.84.12.245:139 was not discovered, bypass period: 0 sec, number of events: 76, reason: possible routing loop
Randy172.84.12.245 is indeed a branch host pc, is there a way to make this stop or is it just telling me that an unregistered server at the core is talking to a client at the branch ?
Thanks
RR -
Routing loop avoidance in Link State
"The link state method is not susceptible to routing loops which is an advantage over the distance vector method" Why? How it avoid routing loop?
Link-state protocols like OSPF use reliable flooding mechanisms to ensure that all routers are acting on the basis of the same information. Loops occur when routers act on the basis of inaccurate or old information. That is what link-state protocols avoid. All routers in a link-state database have the same view of the network.
Paresh -
I've discovered another problem with the current implementation of the sleep proxy. My proxy is an Airport Express that is NOT the router off my network (that's a separate Linux box with features not provided by Airport Express).
When a Mac registers with the sleep proxy on the Airport and goes to sleep, the Airport answers ARPs for the Mac's IP address. An incoming packet from the outside for the Mac is thus delivered to the proxy, but the proxy then hands it back to the router, which hands it to the proxy. This happens until the IP TTL decrements to zero and an ICMP Unreachable TTL Exceeded is returned to the sender.
This happens for each and every incoming packet for the Mac Pro as long as the Mac remains asleep. I run Bit Torrent on that Mac, so quite a bit of UDP traffic continues to arrive after the Mac has gone to sleep and each and every one of these packets gets caught in that forwarding loop. Very inelegant.I've discovered another problem with the current implementation of the sleep proxy. My proxy is an Airport Express that is NOT the router off my network (that's a separate Linux box with features not provided by Airport Express).
When a Mac registers with the sleep proxy on the Airport and goes to sleep, the Airport answers ARPs for the Mac's IP address. An incoming packet from the outside for the Mac is thus delivered to the proxy, but the proxy then hands it back to the router, which hands it to the proxy. This happens until the IP TTL decrements to zero and an ICMP Unreachable TTL Exceeded is returned to the sender.
This happens for each and every incoming packet for the Mac Pro as long as the Mac remains asleep. I run Bit Torrent on that Mac, so quite a bit of UDP traffic continues to arrive after the Mac has gone to sleep and each and every one of these packets gets caught in that forwarding loop. Very inelegant. -
Routing loop when tracing to remote ip address on vpn concentrator
When I try and ping a remote address on my vpn 3000 concentrator I get ttl exceded. When I try and tracert from my workstation to the remote address on my vpn 3000 I see a loop.
Tracing route to x.3.17.145
over a maximum of 30 hops:
1 29 ms 31 ms 28 ms 172.4.0.20
2 32 ms 30 ms 29 ms 172.4.0.25
3 38 ms 29 ms 31 ms 172.3.0.21
4 33 ms 30 ms 32 ms 172.4.0.25
5 32 ms 49 ms 27 ms 172.3.0.21
6 35 ms 30 ms 38 ms 172.4.0.25
7 31 ms 28 ms 28 ms 172.3.0.21
8 28 ms 28 ms 42 ms 172.4.0.25
9 38 ms 27 ms 32 ms 172.3.0.21
10 35 ms 28 ms 36 ms 172.4.0.25
11 35 ms 27 ms 28 ms 172.3.0.21
12 30 ms 28 ms 28 ms 172.4.0.25
13 39 ms 30 ms 43 ms 172.3.0.21
14 48 ms 28 ms 29 ms 172.4.0.25
15 36 ms 28 ms 34 ms 172.3.0.21
16 39 ms 39 ms 56 ms 172.4.0.25
17 42 ms 38 ms 47 ms 172.3.0.21
18 35 ms 39 ms 41 ms 172.4.0.25
19 49 ms 32 ms 29 ms 172.3.0.21
20 32 ms 28 ms 29 ms 172.4.0.25
21 28 ms 43 ms 30 ms 172.3.0.21
22 37 ms 32 ms 34 ms 172.4.0.25
23 29 ms 31 ms 32 ms 172.3.0.21
24 29 ms 33 ms 31 ms 172.4.0.25
25 32 ms 41 ms 43 ms 172.3.0.21
26 43 ms 29 ms 39 ms 172.4.0.25
27 47 ms 33 ms 31 ms 172.3.0.21
28 37 ms 29 ms 35 ms 172.4.0.25
29 44 ms 30 ms 91 ms 172.3.0.21
30 31 ms 41 ms 50 ms 172.4.0.25
172.3.0.21 is my private interface on the vpn 3000.
172.4.0.20 is my public interface on the vpn 3000.
172.4.0.25 is the default gateway / router interface on my router.
interface GigabitEthernet1/1/0.1
description connected to LAN
encapsulation dot1Q 1 native
ip address 10.3.0.25 255.255.255.0
interface GigabitEthernet0/0.4
description vpn 3000 concentratorconnection
encapsulation dot1Q 4
ip address 10.4.0.25 255.255.255.0
172.3.0.21 has a no default gateway on the vpn conentrator.
172.3.0.21 has a default gateway 172.4.0.25 on the vpn concentrator.Hi John
could you clarify where you are pinging from and where you are pinging to please?
From the LAN to a destination across a VPN tunnel?
Or from a source across the VPN tunnel to a host on the concentrator's LAN?
Or from a source across the VPN tunnel to a host on the Internet?
I suppose your last line has a typo, it should be
172.4.0.21 has a default gateway 172.4.0.25 on the vpn concentrator.
right?
Apart from the default gateway are there any other static routes configured on the vpn3k and the router? No dynamic routing protocol?
tnx
Herbert -
%IPRT-3-RIB_LOOP: Resolution loop formed by routes in RIB
Does someone know how to debug this error message please?
%IPRT-3-RIB_LOOP: Resolution loop formed by routes in RIB
This error message spread everywhere inside my network.
thanks!!Hello Vincent,
This error mean that RIB route producers have installed routes in the RIB that form a loop during resolution. But, there could be several reasons for this. For. eg: a route received from a neighboring device and being installed in the RIB that conflicted with an already known/installed path.
When were these logs observed? Are there any other logs alongside this which can shed some more light on the actual problem. The supporting logs can tell which component is triggering this (like CEF discovering the routing for a prefix has recursive paths that lead back to itself). These logs are merely symptoms.
"show log" and "show ip route loops" will be good to have to start with!
Regards,
Imran -
Need advice on creating ospf abr router
Hi, I'm studying for the CCNA, and am trying to learn and experiment with OSPF in packet tracer. I am having trouble with setting up a ABR to advertise a summary route for area 0 to another router in area 1. Lets say I have:
R1:
router ospf 1
network 192.168.1.0 0.0.0.255 area 0
network 192.168.2.0 0.0.0.255 area 0
network 192.168.3.0 0.0.0.255 area 0
area 0 range 192.168.0.0 255.255.252.0 <-- my summary route
ip route 0.0.0.0 0.0.0.0 10.1.1.1
default-information originate
R2:
router ospf 1
network 10.1.1.0 0.0.0.255
network 10.1.2.0 0.0.0.255
network 10.1.3.0 0.0.0.255
Assuming R1 in area0 is my main network, and I want to advertise my summary route to the area 1 router, what would I have to do?
I hope that makes sense. Thanks!Well I think I've got it now. I think I was over complicating it, by not realizing that a router could easy advertise routes to multiple areas, eg:
router ospf 1
net 192.168.1.1 area 0
net 192.168.2.1 area 0
net 10.10.10.10 area 1
net 10.10.20.10 area 1
etc, and then using the 'area 0 range 192.168.0.0 255.255.252.0
Also, as I understand it: If you put a default route on an ABR with default-information originate, the route is advertised to both AS's. But if the route is on either of these AS's, you can't do this because a routing loop will occur. Is this correct?
thanks again -
Hello All
We are facing the following issue while starting the SAP router. The router just hangs with the following statement in the command prompt.
trcfile dev_rout
no logging active
upon providing trace level 3 and looking into the dev_route file, the following information is found.
Please help in suggesting possible resolution.
trc file: "dev_rout", trc level: 3, release: "742"
Thu Apr 23 19:06:49 2015
NiIHSBufInit: initialize hostname buffer (IPv4)
NiHLInit: alloc host buf (200 entries)
NiSrvLInit: alloc serv bufs (200 entries)
NiIInit: allocated nitab (811 at 00000000041A2610)
NiIInit: host/serv bufs already initialized
SAP Network Interface Router, Version 40.4
Compiled Mar 30 2015 18:27:50
command line arg 0: saprouter
command line arg 1: -r
command line arg 2: -V
command line arg 3: 3
command line arg 4: -K
command line arg 5: p:CN=USCINSAPSVR10, OU=0000454027, OU=SAProuter,O=SAP, C=DE
service : 3299
routtab : ./saprouttab
plug-in : no plug-in
-argument: 'no argument'
clients : 800
max servers : 1
quelength : 1
maxheap : 20000000
timeoutL : 5000
tracefile : dev_rout
tracefile limit : 0 byte
tracefile maxcnt : 0
socket buffer size : 32768
logfile : no logging active
portrange : no portrange active
local address : default address
->> SncInit(prg=0, ini_fname=(NULL), &sec_avail=000000000213F148)
SncInit(): Initializing Secure Network Communication (SNC)
PC with Windows NT (mt,ascii,SAP_UC/size_t/void* = 8/64/64)
GetUserName()="um1adm" NetWkstaUser="um1adm"
SncInit(): Trying environment variable SNC_LIB as a
gssapi library name: "E:\usr\sap\saprouter\nt-x86_64\sapcrypto.dll".
DlLoadLib success: LoadLibrary("E:\usr\sap\saprouter\nt-x86_64\sapcrypto.dll"), hdl 0, count 1, addr 0000000010000000
using "E:\usr\sap\saprouter\nt-x86_64\sapcrypto.dll"
DlLoadFunc(): failed GetProcAddress("sapsnc_init_adapter") from "E:\usr\sap\saprouter\nt-x86_64\sapcrypto.dll"
with error 127 = "The specified procedure could not be found."
DlLoadFunc(): successful GetProcAddress("gss_acquire_cred") from "E:\usr\sap\saprouter\nt-x86_64\sapcrypto.dll"
DlLoadFunc(): successful GetProcAddress("gss_release_cred") from "E:\usr\sap\saprouter\nt-x86_64\sapcrypto.dll"
Thu Apr 23 19:06:49 2015
DlLoadFunc(): successful GetProcAddress("gss_init_sec_context") from "E:\usr\sap\saprouter\nt-x86_64\sapcrypto.dll"
DlLoadFunc(): successful GetProcAddress("gss_accept_sec_context") from "E:\usr\sap\saprouter\nt-x86_64\sapcrypto.dll"
DlLoadFunc(): successful GetProcAddress("gss_process_context_token") from "E:\usr\sap\saprouter\nt-x86_64\sapcrypto.dll"
DlLoadFunc(): successful GetProcAddress("gss_delete_sec_context") from "E:\usr\sap\saprouter\nt-x86_64\sapcrypto.dll"
DlLoadFunc(): successful GetProcAddress("gss_context_time") from "E:\usr\sap\saprouter\nt-x86_64\sapcrypto.dll"
DlLoadFunc(): successful GetProcAddress("gss_get_mic") from "E:\usr\sap\saprouter\nt-x86_64\sapcrypto.dll"
DlLoadFunc(): successful GetProcAddress("gss_verify_mic") from "E:\usr\sap\saprouter\nt-x86_64\sapcrypto.dll"
DlLoadFunc(): successful GetProcAddress("gss_wrap") from "E:\usr\sap\saprouter\nt-x86_64\sapcrypto.dll"
DlLoadFunc(): successful GetProcAddress("gss_unwrap") from "E:\usr\sap\saprouter\nt-x86_64\sapcrypto.dll"
DlLoadFunc(): successful GetProcAddress("gss_display_status") from "E:\usr\sap\saprouter\nt-x86_64\sapcrypto.dll"
DlLoadFunc(): successful GetProcAddress("gss_indicate_mechs") from "E:\usr\sap\saprouter\nt-x86_64\sapcrypto.dll"
DlLoadFunc(): successful GetProcAddress("gss_compare_name") from "E:\usr\sap\saprouter\nt-x86_64\sapcrypto.dll"
DlLoadFunc(): successful GetProcAddress("gss_display_name") from "E:\usr\sap\saprouter\nt-x86_64\sapcrypto.dll"
DlLoadFunc(): successful GetProcAddress("gss_import_name") from "E:\usr\sap\saprouter\nt-x86_64\sapcrypto.dll"
DlLoadFunc(): successful GetProcAddress("gss_release_name") from "E:\usr\sap\saprouter\nt-x86_64\sapcrypto.dll"
DlLoadFunc(): successful GetProcAddress("gss_release_buffer") from "E:\usr\sap\saprouter\nt-x86_64\sapcrypto.dll"
DlLoadFunc(): successful GetProcAddress("gss_release_oid_set") from "E:\usr\sap\saprouter\nt-x86_64\sapcrypto.dll"
DlLoadFunc(): successful GetProcAddress("gss_inquire_cred") from "E:\usr\sap\saprouter\nt-x86_64\sapcrypto.dll"
DlLoadFunc(): successful GetProcAddress("gss_inquire_cred_by_mech") from "E:\usr\sap\saprouter\nt-x86_64\sapcrypto.dll"
DlLoadFunc(): successful GetProcAddress("gss_inquire_context") from "E:\usr\sap\saprouter\nt-x86_64\sapcrypto.dll"
DlLoadFunc(): successful GetProcAddress("gss_wrap_size_limit") from "E:\usr\sap\saprouter\nt-x86_64\sapcrypto.dll"
DlLoadFunc(): successful GetProcAddress("gss_export_sec_context") from "E:\usr\sap\saprouter\nt-x86_64\sapcrypto.dll"
DlLoadFunc(): successful GetProcAddress("gss_import_sec_context") from "E:\usr\sap\saprouter\nt-x86_64\sapcrypto.dll"
DlLoadFunc(): successful GetProcAddress("gss_inquire_names_for_mech") from "E:\usr\sap\saprouter\nt-x86_64\sapcrypto.dll"
DlLoadFunc(): successful GetProcAddress("gss_inquire_mechs_for_name") from "E:\usr\sap\saprouter\nt-x86_64\sapcrypto.dll"
DlLoadFunc(): successful GetProcAddress("gss_canonicalize_name") from "E:\usr\sap\saprouter\nt-x86_64\sapcrypto.dll"
DlLoadFunc(): successful GetProcAddress("gss_export_name") from "E:\usr\sap\saprouter\nt-x86_64\sapcrypto.dll"
File "E:\usr\sap\saprouter\nt-x86_64\sapcrypto.dll" dynamically loaded as GSS-API v2 library.
DlLoadFunc(): successful GetProcAddress("sapcr_get_version") from "E:\usr\sap\saprouter\nt-x86_64\sapcrypto.dll"
DlLoadFunc(): successful GetProcAddress("sapcr_get_secudir") from "E:\usr\sap\saprouter\nt-x86_64\sapcrypto.dll"
SECUDIR="E:\usr\sap\saprouter" (from $SECUDIR)
The internal Adapter for the loaded GSS-API mechanism identifies as:
Internal SNC-Adapter (Rev 1.1) to SAPCRYPTOLIB 5.x
Product Version = SAPCRYPTOLIB 5.5.5C pl38 (Oct 7 2014) MT,AESNI,NB
<<- SncPDLInit()==SAP_O_K
<<- SncInit()==SAP_O_K
sec_avail = "true"
->> SncSetMyName(snc_hdl=0000000000000000, myname="p:CN=USCINSAPSVR10, OU=0000454027, OU=SAProuter,O=SAP, C=DE")
<<- SncSetMyName()==SAP_O_K
in: myname = "p:CN=USCINSAPSVR10, OU=0000454027, OU=SAProuter,O=SAP, C=DE"
NiBufISetParam: set max heap to 20000000
Thu Apr 23 19:06:49 2015
NiSetParamEx: switch NIP_CONNLOCAL off (not supported by platform)
NiSetParamEx: set NIP_SOCK_BUFFER_SIZE 32768
NiMyHostName: hostname = 'USCINSAPSVR10'
main: pid = 13232, ppid = 0, port = 3299, parent port = 0 (0 = parent is not a saprouter)
NiSelICreateSet: new set0
SiSelNInit: allocate 172528 bytes for FI (811)
NiSelIInit: size of set0 is 811
NiICreateHandle: hdl 1 state NI_INITIAL_LIS
NiIInitSocket: set default settings for new hdl 1/sock 508 (I4; ST)
Windows Version 6.1, Build 7601
Running on Windows Vista
NiITraceByteOrder: CPU byte order: little endian, reverse network, low val .. high val
NiIBind: hdl 1 bound to 3299 (IP only)
NiIBlockMode: set blockmode for hdl 1 FALSE
NiIListen: state of hdl 1 NI_LISTEN
SiSelNSet: sock 508 added to set pos 0
NiSelIAddMsg: added hdl 1 to set0
SiSelNSet: set events of sock 508 to: rp-
reading routtab: './saprouttab'
<<- SncNameToAclKey_r()==SAP_O_K
in: name = "p:CN=sapserv2, OU=SAProuter, O=SAP, C=DE"
'aclkey ' (addr=0000000003E5FF60, len=86) full hexdump
0x00000 00030401 00080606 2b240301 25010000 ........ +$..%...
0x00010 00443042 310b3009 06035504 06130244 .D0B1.0. ..U....D
0x00020 45310c30 0a060355 040a1303 53415031 E1.0...U ....SAP1
0x00030 12301006 0355040b 13095341 50726f75 .0...U.. ..SAProu
0x00040 74657231 11300f06 03550403 13087361 ter1.0.. .U....sa
0x00050 70736572 7632 pserv2
NiStrToAddrMask: '194.39.131.34' -> 194.39.131.34/32 (0/0)
<<- SncNameToAclKey_r()==SAP_O_K
in: name = "p:CN=sapserv2, OU=SAProuter, O=SAP, C=DE"
'aclkey ' (addr=0000000003E5FF60, len=86) full hexdump
0x00000 00030401 00080606 2b240301 25010000 ........ +$..%...
0x00010 00443042 310b3009 06035504 06130244 .D0B1.0. ..U....D
0x00020 45310c30 0a060355 040a1303 53415031 E1.0...U ....SAP1
0x00030 12301006 0355040b 13095341 50726f75 .0...U.. ..SAProu
0x00040 74657231 11300f06 03550403 13087361 ter1.0.. .U....sa
0x00050 70736572 7632 pserv2
addrinfo of 'USCINSAPSVR09':
0: 192.168.120.19:0 Thu Apr 23 19:06:49 2015
'USCINSAPSVR09' <unknown socket type 0> (0-2-0-0-16)
1: 192.168.120.19:0 <unknown socket type 0> (0-2-0-0-16)
NiHLGetNodeAddr: got hostname 'USCINSAPSVR09' from operating system
NiIGetNodeAddr: hostname 'USCINSAPSVR09' = addr 192.168.120.19
NiIGetServNo: servicename '3200' = port 3200
NiStrToAddrMask: '192.168.*.*' -> 192.168.0.0/16 (0/1)
NiStrToAddrMask: '194.39.131.34' -> 194.39.131.34/32 (0/0)
contents of routtab ('./saprouttab', 3 entries):
KT*,*<<- SncAclKeyToName()==SAP_O_K
'aclkey ' (addr=00000000042354D4, len=86) full hexdump
0x00000 00030401 00080606 2b240301 25010000 ........ +$..%...
0x00010 00443042 310b3009 06035504 06130244 .D0B1.0. ..U....D
0x00020 45310c30 0a060355 040a1303 53415031 E1.0...U ....SAP1
0x00030 12301006 0355040b 13095341 50726f75 .0...U.. ..SAProu
0x00040 74657231 11300f06 03550403 13087361 ter1.0.. .U....sa
0x00050 70736572 7632 pserv2
out: name = "p:CN=sapserv2, OU=SAProuter, O=SAP, C=DE"
p:CN=sapserv2, OU=SAProuter, O= 194.39.131.34/32 * *
KP*,*<<- SncAclKeyToName()==SAP_O_K
'aclkey ' (addr=000000000423599C, len=86) full hexdump
0x00000 00030401 00080606 2b240301 25010000 ........ +$..%...
0x00010 00443042 310b3009 06035504 06130244 .D0B1.0. ..U....D
0x00020 45310c30 0a060355 040a1303 53415031 E1.0...U ....SAP1
0x00030 12301006 0355040b 13095341 50726f75 .0...U.. ..SAProu
0x00040 74657231 11300f06 03550403 13087361 ter1.0.. .U....sa
0x00050 70736572 7632 pserv2
out: name = "p:CN=sapserv2, OU=SAProuter, O=SAP, C=DE"
Thu Apr 23 19:06:49 2015
p:CN=sapserv2, OU=SAProuter, O= 192.168.120.19/32 3200 p
P*,* 192.168.0.0/16 194.39.131.34/32 * *
******* NI-ROUTER LOOP ********
SiSelNSelect: start select (timeout=-1)** Trace file opened at 20150417 112112 Eastern Daylight Time, by disp+work
** Versions SAP-REL 721,0,201 RFC-VER U 3 1459980 MT-SL
ror RFCIO_ERROR_SYSERROR in abrfcpic.c : 2825
: Hostname or service of the message server unknown
ST =CONNECTION_PING
HOST =H/192.168.152.50/S/sapdp99/H/194.39.131.34/S/sapdp99/H/oss001
NAME =OSS
OUP =1_PUBLIC
AP Programm: CL_DSMOP_RFC_WATCHER==========CP (Transaction: )
er: SOLMAN_BTC (Client: 100)
stination: SAP-OSS (Handle: 1, DtConId: 00000000000000000000000000000000, DtConCnt: 0, ConvId: ,)
P RootContextId: 74D4356C5F6B1ED4B6E3593B0548B699, ConnectionId: 74D4356C5F6B1ED4B6E35960B5B7D699, ConnectionCnt: 1
P TransactionId: 5B15E5E476B3F1738EAD74D4356C5F6B
** Trace file opened at 20150417 112113 Eastern Daylight Time, by disp+work
** Versions SAP-REL 721,0,201 RFC-VER U 3 1459980 MT-SL
ror RFCIO_ERROR_SYSERROR in abrfcpic.c : 2825
: Hostname or service of the message server unknown
ST =SAP-OSS
HOST =H/192.168.152.50/S/sapdp99/H/194.39.131.34/S/sapdp99/H/oss001
NAME =OSS
OUP =1_PUBLIC
AP Programm: CL_SM_DATA_SENDER_RFC=========CP (Transaction: )
er: SOLMAN_BTC (Client: 100)
stination: SAP-OSS (Handle: 2, DtConId: 00000000000000000000000000000000, DtConCnt: 0, ConvId: ,)
P RootContextId: 74D4356C5F6B1ED4B6E3593B0548B699, ConnectionId: 74D4356C5F6B1ED4B6E35960B5B7D699, ConnectionCnt: 1
P TransactionId: 5B15E5E476B3F1738EAD74D4356C5F6B
** Trace file opened at 20150417 112113 Eastern Daylight Time, by disp+work
** Versions SAP-REL 721,0,201 RFC-VER U 3 1459980 MT-SL
ror RFCIO_ERROR_SYSERROR in abrfcpic.c : 2825
: Hostname or service of the message server unknown
ST =SAP-OSS
HOST =H/192.168.152.50/S/sapdp99/H/194.39.131.34/S/sapdp99/H/oss001
NAME =OSS
OUP =1_PUBLIC
AP Programm: CL_SM_DATA_SENDER_RFC=========CP (Transaction: ) -
(High Ip input) on My router , I need to troubleshoot why CPU is high !!!!
=================
i have a cisco router 7200 NPEG2 processor , worked as LNS for PPPOVPDN circuits (Router for ADSL clients)
i have "high ip input on my processor" and there is alot of differnce on my router between operations done by cef and operations done by router cpu
as an example , lets make show cpu process sorted
CPU utilization for five seconds: 67%/54%; one minute: 67%; five minutes: 68%
PID Runtime(ms) Invoked uSecs 5Sec 1Min 5Min TTY Process
87 10837056 46891299 231 6.31% 6.04% 6.32% 0 IP Input
122 4081972 38214106 106 2.47% 2.36% 2.46% 0 L2X Data Daemon
270 467844 2089101 223 0.79% 0.78% 0.79% 0 PPP Events
275 1862224 2102444 885 0.71% 0.73% 0.71% 0 SNMP ENGINE
112 627104 93588 6700 0.39% 0.36% 0.37% 0 CEF: IPv4 proces
273 854004 4207368 202 0.31% 0.26% 0.24% 0 IP SNMP
52 453256 12321 36787 0.31% 0.31% 0.31% 0 Compute load avg
258 295540 701580 421 0.23% 0.17% 0.15% 0 RADIUS
142 45792 14107303 3 0.23% 0.21% 0.21% 0 HQF Shaper Backg
78 86532 166975 518 0.23% 0.17% 0.13% 0 ACCT Periodic Pr
260 483164 248673 1942 0.23% 0.19% 0.24% 0 L2TP mgmt daemon
272 63980 1073491 59 0.15% 0.16% 0.15% 0 IPHC Admin
77 111560 184597 604 0.15% 0.08% 0.06% 0 AAA ACCT Proc
261 330572 217566 1519 0.15% 0.12% 0.15% 0 L2TUN Applicatio
274 450584 2102164 214 0.15% 0.15% 0.15% 0 PDU DISPATCHER
16 152352 1081873 140 0.07% 0.08% 0.19% 0 EnvMon
279 229040 27298 8390 0.07% 0.10% 0.11% 0 VTEMPLATE Backgr
40 23704 53593 442 0.07% 0.03% 0.02% 0 Net Background
95 4512 55604 81 0.07% 0.00% 0.00% 0 PPP Hooks
109 6844 62029 110 0.07% 0.00% 0.00% 0 IP Background
269 21384 1931910 11 0.07% 0.06% 0.07% 0 PPP manager
271 116 60672 1 0.07% 0.00% 0.00% 0 Multilink PPP
23 98400 321 306542 0.00% 0.07% 0.03% 0 AAA high-capacit
=====================
as we see above , we have high "IP Input" about differnece in cpu =67-54=13 % , which is high value process in software .
i follwed the article here :
http://www.cisco.com/c/en/us/support/docs/routers/7500-series-routers/41160-highcpu-ip-input.html
i check and found that my router is fine ,
no arp calls.
no routing loops.
no flapping links.
i checked that my router has cef enabled and no enormous routing protocol updates
i found that i have big differnce between hardware & software process on the router which is 13 %
but when the traffic is more and more , the cpu reach reach 93 % and begin to have drops.
i just want to ask , how can i debug the operations that are done on the cpu processor of the router ???
i mean that if i know that traffic , i can estimate and know the problem that increasing my cpu !!!
another question :
how to debug the packest that has a ttl exceeded 50 or ttl exceeded 100 ?????
i dont wan tto make debug ip packed , because i have a huge traffic and it will let my router hanged due to large debug !!
===============
righ now i will post my router config and some verification:
drvirus#sh running-config
Building configuration...
Current configuration : 12291 bytes
upgrade fpd auto
version 12.4
service tcp-keepalives-in
service tcp-keepalives-out
service timestamps debug datetime msec
service timestamps log datetime msec
service password-encryption
no service dhcp
hostname drvirus
boot-start-marker
boot system flash disk2:c7200p-adventerprisek9-mz.124-24.T7.bin
boot system flash disk2:c7200p-adventerprisek9-mz.124-24.T8.bin
boot-end-marker
logging message-counter syslog
aaa new-model
aaa group server radius radiusservers
server-private 10..f.f.f auth-port 1812 acct-port 1813 key 7 weifuhjkefkjdbhfjkasbfjka
aaa authentication login adminstaff local
aaa authentication login sdm_vpn_xauth_ml_1 group radius
aaa authentication login ahmad local
aaa authentication ppp vpdn group radiusservers local
aaa authentication ppp drvirus local
aaa authentication ppp vpdn1 local group radiusservers
aaa authentication ppp ddd none
aaa authentication ppp dddd none
aaa authentication ppp anyok none
aaa authorization network default group radius local
aaa authorization network vpdn group radiusservers local
aaa authorization network sdm_vpn_group_ml_1 local
aaa authorization network drvirus local
aaa authorization network vpdn1 local group radiusservers
aaa authorization network ddd none
aaa authorization network anyok none
aaa accounting delay-start
aaa accounting update newinfo periodic 10
aaa accounting network vpdn
action-type start-stop
broadcast
group radiusservers
aaa server radius dynamic-author
client xxxxxxxx
client 10.xxxxxx
client 10.xxxxxxxxx
server-key 7 dihcbsdjkbvcsdhmbvhsdbvsdhmbvsd
auth-type any
aaa session-id common
clock timezone GMT+3 3
no ip subnet-zero
no ip source-route
no ip gratuitous-arps
ip cef
no ip bootp server
ip domain name drvirus
ip name-server x.x.x.x.x
ip name-server 8.8.8.8
login block-for 180 attempts 3 within 60
login quiet-mode access-class telnet
login on-failure log
login on-success log
no ipv6 cef
ipv6 dhcp pool vvv
prefix-delegation pool version6
address prefix 3333::/64
dns-server 4444::1
multilink bundle-name authenticated
vpdn enable
vpdn logging
vpdn logging local
vpdn history failure table-size 50
vpdn-group eeeeeeeeeeee
accept-dialin
protocol l2tp
virtual-template 1
terminate-from hostname qqqqqq
local name rrrrrrr
lcp renegotiation on-mismatch
l2tp tunnel password 7ekfhjjeklfnlenfl
l2tp tunnel timeout no-session 60
ip mtu adjust
username drvirus@!34`!512&$8#$232!^@^FGsdGD privilege 0 password 7 000sdkjhvsdkjvnah94313085g2355091407458E32425D
interface Loopback1
ip address ttttttt 255.255.255.255
interface GigabitEthernet0/1
description ttttttt
ip address 10.60.60.2 255.255.255.0 secondary
ip address 10.200.200.200 255.255.255.0
no ip redirects
no ip unreachables
no ip proxy-arp
load-interval 30
duplex auto
speed auto
media-type rj45
negotiation auto
interface GigabitEthernet0/1.4
encapsulation dot1Q 4
ip address ttttttttt 255.255.255.224
interface GigabitEthernet0/1.14
encapsulation dot1Q 14
ip address 192.168.50.3 255.255.255.0
interface FastEthernet0/2
no ip address
shutdown
duplex auto
speed auto
interface GigabitEthernet0/2
ip address 10.160.150.2 255.255.255.0
duplex auto
speed auto
media-type rj45
negotiation auto
interface GigabitEthernet0/3
description rrrrrrr
ip address xxxxxxx 255.255.255.252
no ip redirects
no ip unreachables
no ip proxy-arp
load-interval 30
duplex full
speed 1000
media-type sfp
negotiation auto
interface Virtual-Template1
ip unnumbered Loopback1
ip tcp adjust-mss 1412
no logging event link-status
peer default ip address pool xxxxx xxxxxx
ppp mtu adaptive
ppp authentication pap vpdn1
ppp authorization vpdn1
ppp accounting vpdn
router eigrp 2
redistribute connected metric 1 2 1 2 1
passive-interface default
no passive-interface GigabitEthernet0/1
network 10.200.200.200 0.0.0.0
no auto-summary
eigrp router-id 2.2.2.2
ip forward-protocol nd
ip route 0.0.0.0 0.0.0.0 10.200.200.2
ip route dddddddddd 255.255.255.0 fffffff
ip route ddddddddd 255.255.255.0 ffffff
no ip http server
no ip http secure-server
ip radius source-interface GigabitEthernet0/2
radius-server attribute nas-port format d
radius-server configure-nas
radius-server host ddddddddddd auth-port 1812 acct-port 1813 key 7 dddddddddd
radius-server retransmit 0
radius-server key 7 dddddddddddddddddd
radius-server vsa send cisco-nas-port
radius-server vsa send accounting
radius-server vsa send authentication
control-plane
drvirus#sh ip traffic
IP statistics:
Rcvd: 92454889 total, 5908020 local destination
0 format errors, 94 checksum errors, 3789577 bad hop count
0 unknown protocol, 23360 not a gateway
0 security failures, 0 bad options, 3730347 with options
Opts: 0 end, 0 nop, 0 basic security, 0 loose source route
0 timestamp, 0 extended security, 0 record route
0 stream ID, 0 strict source route, 3730347 alert, 0 cipso, 0 ump
0 other
Frags: 1409002 reassembled, 485 timeouts, 0 couldn't reassemble
4542214 fragmented, 9089659 fragments, 2659413 couldn't fragment
Bcast: 6024 received, 0 sent
Mcast: 56503 received, 31033 sent
Sent: 15839581 generated, 2407203241 forwarded
Drop: 23 encapsulation failed, 0 unresolved, 0 no adjacency
0 no route, 0 unicast RPF, 0 forced drop
0 options denied
Drop: 0 packets with source IP address zero
Drop: 0 packets with internal loop back IP address
0 physical broadcast
ICMP statistics:
Rcvd: 0 format errors, 0 checksum errors, 0 redirects, 4 unreachable
140579 echo, 33742 echo reply, 0 mask requests, 0 mask replies, 0 quench
0 parameter, 0 timestamp, 0 timestamp replies, 0 info request, 0 other
0 irdp solicitations, 0 irdp advertisements
0 time exceeded, 0 info replies
Sent: 0 redirects, 3530 unreachable, 33744 echo, 140579 echo reply
0 mask requests, 0 mask replies, 0 quench, 0 timestamp, 0 timestamp replies
0 info reply, 46795 time exceeded, 0 parameter problem
0 irdp solicitations, 0 irdp advertisements
TCP statistics:
Rcvd: 19285 total, 0 checksum errors, 7 no port
Sent: 39402 total
BGP statistics:
Rcvd: 0 total, 0 opens, 0 notifications, 0 updates
0 keepalives, 0 route-refresh, 0 unrecognized
Sent: 0 total, 0 opens, 0 notifications, 0 updates
0 keepalives, 0 route-refresh
IP-EIGRP statistics:
Rcvd: 39154 total
Sent: 39275 total
PIMv2 statistics: Sent/Received
Total: 0/0, 0 checksum errors, 0 format errors
Registers: 0/0 (0 non-rp, 0 non-sm-group), Register Stops: 0/0, Hellos: 0/0
Join/Prunes: 0/0, Asserts: 0/0, grafts: 0/0
Bootstraps: 0/0, Candidate_RP_Advertisements: 0/0
Queue drops: 0
State-Refresh: 0/0
IGMP statistics: Sent/Received
Total: 0/0, Format errors: 0/0, Checksum errors: 0/0
Host Queries: 0/0, Host Reports: 0/0, Host Leaves: 0/0
DVMRP: 0/0, PIM: 0/0
Queue drops: 0
UDP statistics:
Rcvd: 5632168 total, 0 checksum errors, 9605 no port
Sent: 15536481 total, 0 forwarded broadcasts
OSPF statistics:
Rcvd: 0 total, 0 checksum errors
0 hello, 0 database desc, 0 link state req
0 link state updates, 0 link state acks
Sent: 0 total
0 hello, 0 database desc, 0 link state req
0 link state updates, 0 link state acks
ARP statistics:
Rcvd: 36012 requests, 25 replies, 0 reverse, 0 other
Sent: 3590 requests, 1883 replies (41 proxy), 0 reverse
Drop due to input queue full: 0
drvirus#sh interfaces switching
GigabitEthernet0/1 ffff
Throttle count 0
Drops RP 29334 SP 0
SPD Flushes Fast 183378 SSE 0
SPD Aggress Fast 0
SPD Priority Inputs 196591 Drops 0
Protocol IP
Switching path Pkts In Chars In Pkts Out Chars Out
Process 50222652 1410586379 38933488 2377282438
Cache misses 0 - - -
Fast 2501299905 502401799 1732463443 1178236678
Auton/SSE 0 0 0 0
Protocol DEC MOP
Switching path Pkts In Chars In Pkts Out Chars Out
Process 0 0 104 8008
Cache misses 0 - - -
Fast 0 0 0 0
Auton/SSE 0 0 0 0
Protocol ARP
Switching path Pkts In Chars In Pkts Out Chars Out
Process 36178 2170680 3643 233084
Cache misses 0 - - -
Fast 0 0 0 0
Auton/SSE 0 0 0 0
Protocol CDP
Switching path Pkts In Chars In Pkts Out Chars Out
Process 1039 385469 2067 772027
Cache misses 0 - - -
Fast 0 0 0 0
Auton/SSE 0 0 0 0
Protocol Other
Switching path Pkts In Chars In Pkts Out Chars Out
Process 2266 138297 6179 370740
Cache misses 0 - - -
Fast 0 0 0 0
Auton/SSE 0 0 0 0
NOTE: all counts are cumulative and reset only after a reload.
Interface FastEthernet0/2 is disabled
GigabitEthernet0/2
Throttle count 0
Drops RP 0 SP 0
SPD Flushes Fast 785 SSE 0
SPD Aggress Fast 0
SPD Priority Inputs 1900 Drops 0
Protocol IP
Switching path Pkts In Chars In Pkts Out Chars Out
Process 382927 34296776 382540 106683985
Cache misses 0 - - -
Fast 198 31569 0 0
Auton/SSE 0 0 0 0
Protocol DEC MOP
Switching path Pkts In Chars In Pkts Out Chars Out
Process 0 0 104 8008
Cache misses 0 - - -
Fast 0 0 0 0
Auton/SSE 0 0 0 0
Protocol ARP
Switching path Pkts In Chars In Pkts Out Chars Out
Process 1900 114000 1813 108780
Cache misses 0 - - -
Fast 0 0 0 0
Auton/SSE 0 0 0 0
Protocol CDP
Switching path Pkts In Chars In Pkts Out Chars Out
Process 1030 378010 1031 378377
Cache misses 0 - - -
Fast 0 0 0 0
Auton/SSE 0 0 0 0
Protocol Other
Switching path Pkts In Chars In Pkts Out Chars Out
Process 0 0 6180 370800
Cache misses 0 - - -
Fast 0 0 0 0
Auton/SSE 0 0 0 0
NOTE: all counts are cumulative and reset only after a reload.
GigabitEthernet0/3 drvirus
Throttle count 0
Drops RP 15 SP 0
SPD Flushes Fast 22435 SSE 0
SPD Aggress Fast 0
SPD Priority Inputs 194236 Drops 0
Protocol IP
Switching path Pkts In Chars In Pkts Out Chars Out
Process 40507058 2970006619 56462488 1872816742
Cache misses 0 - - -
Fast 1758170357 386468928 2449949282 3706868609
Auton/SSE 0 0 0 0
Protocol DEC MOP
Switching path Pkts In Chars In Pkts Out Chars Out
Process 0 0 105 8085
Cache misses 0 - - -
Fast 0 0 0 0
Auton/SSE 0 0 0 0
Protocol ARP
Switching path Pkts In Chars In Pkts Out Chars Out
Process 5 300 7 420
Cache misses 0 - - -
Fast 0 0 0 0
Auton/SSE 0 0 0 0
Protocol CDP
Switching path Pkts In Chars In Pkts Out Chars Out
Process 0 0 1034 379478
Cache misses 0 - - -
Fast 0 0 0 0
Auton/SSE 0 0 0 0
Protocol Other
Switching path Pkts In Chars In Pkts Out Chars Out
Process 0 0 6180 370800
Cache misses 0 - - -
Fast 0 0 0 0
Auton/SSE 0 0 0 0
NOTE: all counts are cumulative and reset only after a reload.
drvirus#sh ip route summary
IP routing table name is Default-IP-Routing-Table(0)
IP routing table maximum-paths is 32
Route Source Networks Subnets Overhead Memory (bytes)
connected 1 1644 105280 250040
static 3 0 192 456
eigrp 2 0 0 0 0
internal 5 5860
Total 9 1644 105472 256356
Removing Queue Size 0
drvirus#sh ip route summary
IP routing table name is Default-IP-Routing-Table(0)
IP routing table maximum-paths is 32
Route Source Networks Subnets Overhead Memory (bytes)
connected 1 1645 105344 250192
static 3 0 192 456
eigrp 2 0 0 0 0
internal 5 5860
Total 9 1645 105536 256508
Removing Queue Size 0
drvirus#sh ip route summary
IP routing table name is Default-IP-Routing-Table(0)
IP routing table maximum-paths is 32
Route Source Networks Subnets Overhead Memory (bytes)
connected 1 1645 105344 250192
static 3 0 192 456
eigrp 2 0 0 0 0
internal 5 5860
Total 9 1645 105536 256508
Removing Queue Size 0
drvirus#sh ip route summary
IP routing table name is Default-IP-Routing-Table(0)
IP routing table maximum-paths is 32
Route Source Networks Subnets Overhead Memory (bytes)
connected 1 1645 105344 250192
static 3 0 192 456
eigrp 2 0 0 0 0
internal 5 5860
Total 9 1645 105536 256508
Removing Queue Size 0
drvirus#
ANy help ??????!!!!!can some one determin if :
122 9166144 120227216 76 3.30% 2.81% 2.42% 0 L2X Data Daemon
has a relation to my high cpu
her is agian my cpu process :
drvirus#sh processes cpu sorted
CPU utilization for five seconds: 69%/51%; one minute: 62%; five minutes: 59%
PID Runtime(ms) Invoked uSecs 5Sec 1Min 5Min TTY Process
87 22165548 147317354 150 7.60% 6.54% 5.74% 0 IP Input
16 682988 2637213 258 3.61% 0.70% 0.37% 0 EnvMon
122 9166144 120227216 76 3.30% 2.81% 2.42% 0 L2X Data Daemon
270 484700 4987094 97 0.76% 0.84% 0.86% 0 PPP Events
260 746640 483367 1544 0.30% 0.51% 0.51% 0 L2TP mgmt daemon
112 1082540 228491 4737 0.30% 0.31% 0.31% 0 CEF: IPv4 proces
190 596 755 789 0.30% 0.02% 0.00% 2 SSH Process
279 461184 78909 5844 0.30% 0.39% 0.45% 0 VTEMPLATE Backgr
52 954592 29823 32008 0.30% 0.31% 0.31% 0 Compute load avg
272 53744 2782461 19 0.23% 0.17% 0.16% 0 IPHC Admin
261 513524 428266 1199 0.23% 0.38% 0.37% 0 L2TUN Applicatio
142 31888 35627222 0 0.23% 0.19% 0.20% 0 HQF Shaper Backg
258 570384 1602872 355 0.15% 0.18% 0.17% 0 RADIUS
78 43280 392561 110 0.15% 0.10% 0.08% 0 ACCT Periodic Pr
281 52340 385568 135 0.07% 0.08% 0.09% 0 IP-EIGRP: PDM
40 37300 138153 269 0.07% 0.09% 0.10% 0 Net Background
77 145860 443602 328 0.07% 0.06% 0.07% 0 AAA ACCT Proc
110 31060 53876 576 0.07% 0.03% 0.02% 0 IP RIB Update
45 11868 52400 226 0.07% 0.01% 0.00% 0 IF-MGR control p
115 20164 103667 194 0.07% 0.02% 0.00% 0 PPP IPCP
102 181600 489310 371 0.07% 0.14% 0.15% 0 SSM connection m
143 3148 1461382 2 0.07% 0.01% 0.00% 0 RBSCP Background
80 19488 22128 880 0.07% 0.02% 0.00% 0 CDP Protocol
23 189412 10771 17585 0.00% 0.15% 0.04% 0 AAA high-capacit
22 0 1 0 0.00% 0.00% 0.00% 0 CEF MIB API
21 0 2 0 0.00% 0.00% 0.00% 0 ATM Idle Timer
20 376 153594 2 0.00% 0.00% 0.00% 0 ARP Background
24 0 2 0 0.00% 0.00% 0.00% 0 AAA_SERVER_DEADT
25 0 1 0 0.00% 0.00% 0.00% 0 Policy Manager
26 1376 26590 51 0.00% 0.00% 0.00% 0 DDR Timers
31 4 30 133 0.00% 0.00% 0.00% 0 EEM ED Syslog
27 0 5 0 0.00% 0.00% 0.00% 0 Entity MIB API
33 324 147392 2 0.00% 0.00% 0.00% 0 GraphIt
34 0 2 0 0.00% 0.00% 0.00% 0 Dialer event
28 0 2 0 0.00% 0.00% 0.00% 0 Serial Backgroun
36 0 2 0 0.00% 0.00% 0.00% 0 XML Proxy Client -
CE dial-in to PE. What routing protocol I should use ?
Hi,
Situation - CE connected to PE via some ethernet interface (primary) and ISDN dial-up as backup, so I need to use some dynamic routing protocol to distribute customers networks to other sites. Now I'm looking towards extended (triggered) RIP, but maybe there are better choices?
As I know, only triggereg RIP and OSPF supports 'on-demand' circuits, but OSPF isn't recommended as CE-PE protocol because it has no VRF awareness and we would have to run separate OSPF process for every VRF what isn't nice. This makes RIP only choice? Or there are another possibilities, maybe BGP ?Hi,
over all there is static, RIPv2, EIGRP, OSPF, ISIS and BGP for PE-CE.
Well floating static alone seems no possibility in your case.
RIP and EIGRP have some issues when running on redundant links into the VPN (possibility of routing loops), which would be the case with backup active and primary coming back. Depending on the exact topology there might or might not be a workaround.
OSPF has to be run as separate processes. Might be tough on PE resources, depending on your exact setup details. Other than that it does the job.
eBGP with ebgp-multihop and static routes is an option. So eBGP doesn´t go down, just is directed over backup link in case primary is down.
Pick your poison! :-)
regards
Martin -
WRT54G Wireless Router Problem. Need Help!
I'll start with the basics of my situation and if more details are needed, I will provide to the best of my ability.
I have a comcast cable internet connection. I have 6 computers in my house. Two of them are downstairs (which is where our modem is.) The other four computers are upstairs. All of these computers are Desktop computers with the exception of one laptop.
My laptop (which is Windows XP) can pick up a random wireless signal from the room it is in. I also found out a way to share the internet connection on the computer by going into the properties of my network connection and enabling internet sharing on it. This means if I connect a network cable from my laptop to another computer, I can leech the connection from my laptop and have internet access on the other computer. I also had a switch that I used to connect the other 3 computers upstairs by means of the laptop. The problem was, the laptop was using someone else's wireless connection in the area, and it wasn't strong enough to keep up a constant connection.
I decided, if I can leech someone else's wireless connection, why not have my own. So i recently bought WRT54G Wireless Router and set it up on one of the computers downstairs (because that's where the modem is). It works fine as far as connecting my laptop to the internet from upstairs. My laptop can access the internet through the connection I set up in the LELA program.
Here is the part I am confused about. Everything is plugged in correctly as far as the router is concerned because the laptop can access the internet. But when I connect an ethernet cable directly to one of my other computers (which are Windows Vista, but I didn' t have a problem with it previously when I was leeching someone else's connection), the connection drops on my laptop, and the other computer still can't access the internet. A notice pops up that says its trying to identify the network, but it gives an error that says there is something wrong with the DNS. As soon as I disconnect the ethernet cable connecting my laptop to one of the other computers, the connection is fine again on the laptop. It's only when I connect the computers together that the connection drops.
I just don't understand why it wouldn't work when I created my own network if it worked with another network with no problem. My whole point in getting a wireless router was to have a router within good range to keep up a constant connection on my other computers that aren't in range of the modem downstairs. I just don't know where else to look. I'm not sure if it can be fixed on LELA, manually through my wireless settings, or if it could be a problem with one of my computers' settings. I've tried many different things and I'm not sure what else to do so any help is most definately appreciated. I feel like I've tried everything. I know it's possible because I've one it before, I just need the help because I'm not much of a networking person and I don't know what I should start with to make this work.
Thank you to anyone who can help or even point me in the right direction.Access router setup page ...Click on the Wireless tab on the Setup page- Here Wireless Network mode should be mixed- Provide any non-linksys name .... Set wireless channel to 11- And wireless SSID broadcast should be Enabled and then click on "Save Settings" >>Now Click on the Sub tab under wireless > "Wireless Security" Change the Wireless security mode to WEP/WPA ...type in the key & click save settings .... >>>>Click on Advanced Wireless settings>>Change the Beacon Interval to 75 >>Change the Fragmentation Threshold to 2304 Change the RTS Threshold to 2304 >>Click on "Save Settings" Check the connection once again & see if it works or not ...
-
Hi Guys,
I just installing and configured the saprouter in our system, when I'd registered the server SID in OSS, they gave me this IP which is not our internal or external IP.What's this IP for actually? Do I need to put it in my saprouttab coz right now I open the connection from OSS (Host did not respond X times).
TQHi,
I just configured my saprouter and everything went okay, even the OSS1 is working but when i open the connection in the OSS (service.sap.com), the connection is open for about 8 minutes but then its lost connection (yellow).Was there something missing here? I already put the outbound connection (KT "p:CN=sapserv2, OU=SAProuter, O=SAP, C=DE" 194.39.131.34 *) and our server (KP "p:CN=sapserv2, OU=SAProuter, O=SAP, C=DE" <my SAP router> *) in my saprouttab. Here the recent log from devrout :
trc file: "dev_rout", trc level: 3, release: "700"
Tue Jan 15 11:33:53 2008
NiHsLInit: alloc host/serv bufs (200/200 entries)
NiIInit: allocated nitab (811 at 00280048)
NiIInit: host/serv bufs already initialized
NiPGetNodeAddrList: got 1 interface(s) from operating system
[0] IP-Address: 192.168.1.220
NiIGetServNo: servicename '3299' = port 0C.E3/3299
SAP Network Interface Router, Version 38.10
Compiled Sep 27 2007 01:16:41
command line arg 0: d:\usr\sap\saprouter\saprouter.exe
command line arg 1: -r
command line arg 2: -R
command line arg 3: d:\usr\sap\saprouter\saprouttab
command line arg 4: -S
command line arg 5: 3299
command line arg 6: -K
command line arg 7: p:CN=vantage01, OU=0000336743, OU=SAProuter, O=SAP, C=DE
command line arg 8: -V3
service : 3299
routtab : d:\usr\sap\saprouter\saprouttab
plug-in : no plug-in
-argument: 'no argument'
clients : 800
max servers : 1
quelength : 1
maxheap : 20000000
timeoutL : 5000
tracefile : dev_rout
logfile : no logging active
portrange : no portrange active
local address : default address
->> SncInit(prg=0, ini_fname=(NULL), &sec_avail=01D1FF1B)
SncInit(): Initializing Secure Network Communication (SNC)
PC with Windows NT (mt,ascii,SAP_UC/size_t/void* = 8/32/32)
SncInit(): Trying environment variable SNC_LIB as a
gssapi library name: "D:\usr\sap\PD1\SYS\exe\nuc\NTI386\sapcrypto.dll".
load shared library (D:\usr\sap\PD1\SYS\exe\nuc\NTI386\sapcrypto.dll), hdl 0
using "D:\usr\sap\PD1\SYS\exe\nuc\NTI386\sapcrypto.dll"
DlLoadFunc: GetProcAddress(sapsnc_init_adapter) Error 127
Error 127 = "The specified procedure could not be found."
load shared func (gss_acquire_cred) from D:\usr\sap\PD1\SYS\exe\nuc\NTI386\sapcrypto.dll
load shared func (gss_release_cred) from D:\usr\sap\PD1\SYS\exe\nuc\NTI386\sapcrypto.dll
load shared func (gss_init_sec_context) from D:\usr\sap\PD1\SYS\exe\nuc\NTI386\sapcrypto.dll
load shared func (gss_accept_sec_context) from D:\usr\sap\PD1\SYS\exe\nuc\NTI386\sapcrypto.dll
load shared func (gss_process_context_token) from D:\usr\sap\PD1\SYS\exe\nuc\NTI386\sapcrypto.dll
load shared func (gss_delete_sec_context) from D:\usr\sap\PD1\SYS\exe\nuc\NTI386\sapcrypto.dll
load shared func (gss_context_time) from D:\usr\sap\PD1\SYS\exe\nuc\NTI386\sapcrypto.dll
load shared func (gss_get_mic) from D:\usr\sap\PD1\SYS\exe\nuc\NTI386\sapcrypto.dll
load shared func (gss_verify_mic) from D:\usr\sap\PD1\SYS\exe\nuc\NTI386\sapcrypto.dll
load shared func (gss_wrap) from D:\usr\sap\PD1\SYS\exe\nuc\NTI386\sapcrypto.dll
load shared func (gss_unwrap) from D:\usr\sap\PD1\SYS\exe\nuc\NTI386\sapcrypto.dll
load shared func (gss_display_status) from D:\usr\sap\PD1\SYS\exe\nuc\NTI386\sapcrypto.dll
load shared func (gss_indicate_mechs) from D:\usr\sap\PD1\SYS\exe\nuc\NTI386\sapcrypto.dll
load shared func (gss_compare_name) from D:\usr\sap\PD1\SYS\exe\nuc\NTI386\sapcrypto.dll
load shared func (gss_display_name) from D:\usr\sap\PD1\SYS\exe\nuc\NTI386\sapcrypto.dll
load shared func (gss_import_name) from D:\usr\sap\PD1\SYS\exe\nuc\NTI386\sapcrypto.dll
load shared func (gss_release_name) from D:\usr\sap\PD1\SYS\exe\nuc\NTI386\sapcrypto.dll
load shared func (gss_release_buffer) from D:\usr\sap\PD1\SYS\exe\nuc\NTI386\sapcrypto.dll
load shared func (gss_release_oid_set) from D:\usr\sap\PD1\SYS\exe\nuc\NTI386\sapcrypto.dll
load shared func (gss_inquire_cred) from D:\usr\sap\PD1\SYS\exe\nuc\NTI386\sapcrypto.dll
load shared func (gss_add_cred) from D:\usr\sap\PD1\SYS\exe\nuc\NTI386\sapcrypto.dll
load shared func (gss_inquire_cred_by_mech) from D:\usr\sap\PD1\SYS\exe\nuc\NTI386\sapcrypto.dll
load shared func (gss_inquire_context) from D:\usr\sap\PD1\SYS\exe\nuc\NTI386\sapcrypto.dll
load shared func (gss_wrap_size_limit) from D:\usr\sap\PD1\SYS\exe\nuc\NTI386\sapcrypto.dll
load shared func (gss_export_sec_context) from D:\usr\sap\PD1\SYS\exe\nuc\NTI386\sapcrypto.dll
load shared func (gss_import_sec_context) from D:\usr\sap\PD1\SYS\exe\nuc\NTI386\sapcrypto.dll
load shared func (gss_create_empty_oid_set) from D:\usr\sap\PD1\SYS\exe\nuc\NTI386\sapcrypto.dll
load shared func (gss_add_oid_set_member) from D:\usr\sap\PD1\SYS\exe\nuc\NTI386\sapcrypto.dll
load shared func (gss_test_oid_set_member) from D:\usr\sap\PD1\SYS\exe\nuc\NTI386\sapcrypto.dll
load shared func (gss_inquire_names_for_mech) from D:\usr\sap\PD1\SYS\exe\nuc\NTI386\sapcrypto.dll
load shared func (gss_inquire_mechs_for_name) from D:\usr\sap\PD1\SYS\exe\nuc\NTI386\sapcrypto.dll
load shared func (gss_canonicalize_name) from D:\usr\sap\PD1\SYS\exe\nuc\NTI386\sapcrypto.dll
load shared func (gss_export_name) from D:\usr\sap\PD1\SYS\exe\nuc\NTI386\sapcrypto.dll
load shared func (gss_duplicate_name) from D:\usr\sap\PD1\SYS\exe\nuc\NTI386\sapcrypto.dll
File "D:\usr\sap\PD1\SYS\exe\nuc\NTI386\sapcrypto.dll" dynamically loaded as GSS-API v2 library.
The internal Adapter for the loaded GSS-API mechanism identifies as:
Internal SNC-Adapter (Rev 1.0) to SECUDE 5/GSS-API v2
<<- SncPDLInit()==SAP_O_K
<<- SncInit()==SAP_O_K
sec_avail = "true"
->> SncSetMyName(snc_hdl=00000000, myname="p:CN=vantage01, OU=0000336743, OU=SAProuter, O=SAP, C=DE")
<<- SncSetMyName()==SAP_O_K
in: myname = "p:CN=vantage01, OU=0000336743, OU=SAProuter, O=SAP, C=DE"
NiBufISetParam: set max heap to 20000000
NiSetParamEx: switch NIP_CONNLOCAL off (not supported by platform)
NiIMyHostName: hostname = 'vantage01'
main: pid = 5072, ppid = 0, port = 3299, parent port = 0 (0 = parent is not a saprouter)
NiICreateHandle: hdl 0 state NI_INITIAL
NiIInitSocket: set default settings for new hdl 0 / sock 180 (I4; ST)
NiITraceByteOrder: CPU byte order: little endian, reverse network, low val .. high val
NiIBind: hdl 0 bound to 3299 (IP only)
NiIBlockMode: set blockmode for hdl 0 FALSE
NiIListen: state of hdl 0 NI_LISTEN
NiIListen: listen for client requests on hdl 0
NiSelICreateSet: new set0
SiSelNInit: allocate 134544 bytes for FI (811)
NiSelIInit: size of set0 is 811
SiSelNSet: sock 180 added to set pos 0
NiSelIAddMsg: added hdl 0 to set0
SiSelNSet: set events of sock 180 to: rp-
reading routtab: 'd:\usr\sap\saprouter\saprouttab'
<<- SncNameToAclKey_r()==SAP_O_K
in: name = "p:CN=sapserv2, OU=SAProuter, O=SAP, C=DE"
'aclkey ' (addr=0023F9E8, len=86) full hexdump
0x00000 00030401 00080606 2b240301 25010000 ........ +$..%...
0x00010 00443042 310b3009 06035504 06130244 .D0B1.0. ..U....D
0x00020 45310c30 0a060355 040a1303 53415031 E1.0...U ....SAP1
0x00030 12301006 0355040b 13095341 50726f75 .0...U.. ..SAProu
0x00040 74657231 11300f06 03550403 13087361 ter1.0.. .U....sa
0x00050 70736572 7632 pserv2
NiStrToAddrMask: '194.39.131.34' -> 194.39.131.34 [ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff]
<<- SncNameToAclKey_r()==SAP_O_K
in: name = "p:CN=sapserv2, OU=SAProuter, O=SAP, C=DE"
'aclkey ' (addr=0023F9E8, len=86) full hexdump
0x00000 00030401 00080606 2b240301 25010000 ........ +$..%...
0x00010 00443042 310b3009 06035504 06130244 .D0B1.0. ..U....D
0x00020 45310c30 0a060355 040a1303 53415031 E1.0...U ....SAP1
0x00030 12301006 0355040b 13095341 50726f75 .0...U.. ..SAProu
0x00040 74657231 11300f06 03550403 13087361 ter1.0.. .U....sa
0x00050 70736572 7632 pserv2
NiStrToAddrMask: '210.19.199.62' -> 210.19.199.62 [ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff]
<<- SncNameToAclKey_r()==SAP_O_K
in: name = "p:CN=sapserv2, OU=SAProuter, O=SAP, C=DE"
'aclkey ' (addr=0023F9E8, len=86) full hexdump
0x00000 00030401 00080606 2b240301 25010000 ........ +$..%...
0x00010 00443042 310b3009 06035504 06130244 .D0B1.0. ..U....D
0x00020 45310c30 0a060355 040a1303 53415031 E1.0...U ....SAP1
0x00030 12301006 0355040b 13095341 50726f75 .0...U.. ..SAProu
0x00040 74657231 11300f06 03550403 13087361 ter1.0.. .U....sa
0x00050 70736572 7632 pserv2
NiStrToAddrMask: '210.19.199.62' -> 210.19.199.62 [ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff]
NiIGetServNo: servicename '3200' = port 0C.80/3200
<<- SncNameToAclKey_r()==SAP_O_K
in: name = "p:CN=sapserv2, OU=SAProuter, O=SAP, C=DE"
'aclkey ' (addr=0023F9E8, len=86) full hexdump
0x00000 00030401 00080606 2b240301 25010000 ........ +$..%...
0x00010 00443042 310b3009 06035504 06130244 .D0B1.0. ..U....D
0x00020 45310c30 0a060355 040a1303 53415031 E1.0...U ....SAP1
0x00030 12301006 0355040b 13095341 50726f75 .0...U.. ..SAProu
0x00040 74657231 11300f06 03550403 13087361 ter1.0.. .U....sa
0x00050 70736572 7632 pserv2
NiStrToAddrMask: '210.19.199.62' -> 210.19.199.62 [ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff]
NiIGetServNo: servicename '3299' = port 0C.E3/3299
<<- SncNameToAclKey_r()==SAP_O_K
in: name = "p:CN=sapserv2, OU=SAProuter, O=SAP, C=DE"
'aclkey ' (addr=0023F9E8, len=86) full hexdump
0x00000 00030401 00080606 2b240301 25010000 ........ +$..%...
0x00010 00443042 310b3009 06035504 06130244 .D0B1.0. ..U....D
0x00020 45310c30 0a060355 040a1303 53415031 E1.0...U ....SAP1
0x00030 12301006 0355040b 13095341 50726f75 .0...U.. ..SAProu
0x00040 74657231 11300f06 03550403 13087361 ter1.0.. .U....sa
0x00050 70736572 7632 pserv2
NiStrToAddrMask: '210.19.199.62' -> 210.19.199.62 [ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff]
NiIGetServNo: servicename '3201' = port 0C.81/3201
NiStrToAddrMask: '194.39.131.34' -> 194.39.131.34 [ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff]
NiIGetServNo: servicename '3299' = port 0C.E3/3299
contents of routtab ('d:\usr\sap\saprouter\saprouttab', 7 entries):
KT,<<- SncAclKeyToName()==SAP_O_K
'aclkey ' (addr=002DD8E0, len=86) full hexdump
0x00000 00030401 00080606 2b240301 25010000 ........ +$..%...
0x00010 00443042 310b3009 06035504 06130244 .D0B1.0. ..U....D
0x00020 45310c30 0a060355 040a1303 53415031 E1.0...U ....SAP1
0x00030 12301006 0355040b 13095341 50726f75 .0...U.. ..SAProu
0x00040 74657231 11300f06 03550403 13087361 ter1.0.. .U....sa
0x00050 70736572 7632 pserv2
out: name = "p:CN=sapserv2, OU=SAProuter, O=SAP, C=DE"
p:CN=sapserv2, OU=SAProuter, O= 194.39.131.34 ffff:ffff:ffff: * *
KP,<<- SncAclKeyToName()==SAP_O_K
'aclkey ' (addr=002DDD48, len=86) full hexdump
0x00000 00030401 00080606 2b240301 25010000 ........ +$..%...
0x00010 00443042 310b3009 06035504 06130244 .D0B1.0. ..U....D
0x00020 45310c30 0a060355 040a1303 53415031 E1.0...U ....SAP1
0x00030 12301006 0355040b 13095341 50726f75 .0...U.. ..SAProu
0x00040 74657231 11300f06 03550403 13087361 ter1.0.. .U....sa
0x00050 70736572 7632 pserv2
out: name = "p:CN=sapserv2, OU=SAProuter, O=SAP, C=DE"
p:CN=sapserv2, OU=SAProuter, O= 210.19.199.62 ffff:ffff:ffff: * *
KP,<<- SncAclKeyToName()==SAP_O_K
'aclkey ' (addr=002DE1B0, len=86) full hexdump
0x00000 00030401 00080606 2b240301 25010000 ........ +$..%...
0x00010 00443042 310b3009 06035504 06130244 .D0B1.0. ..U....D
0x00020 45310c30 0a060355 040a1303 53415031 E1.0...U ....SAP1
0x00030 12301006 0355040b 13095341 50726f75 .0...U.. ..SAProu
0x00040 74657231 11300f06 03550403 13087361 ter1.0.. .U....sa
0x00050 70736572 7632 pserv2
out: name = "p:CN=sapserv2, OU=SAProuter, O=SAP, C=DE"
p:CN=sapserv2, OU=SAProuter, O= 210.19.199.62 ffff:ffff:ffff: 3200 *
KP,<<- SncAclKeyToName()==SAP_O_K
'aclkey ' (addr=002DE618, len=86) full hexdump
0x00000 00030401 00080606 2b240301 25010000 ........ +$..%...
0x00010 00443042 310b3009 06035504 06130244 .D0B1.0. ..U....D
0x00020 45310c30 0a060355 040a1303 53415031 E1.0...U ....SAP1
0x00030 12301006 0355040b 13095341 50726f75 .0...U.. ..SAProu
0x00040 74657231 11300f06 03550403 13087361 ter1.0.. .U....sa
0x00050 70736572 7632 pserv2
out: name = "p:CN=sapserv2, OU=SAProuter, O=SAP, C=DE"
p:CN=sapserv2, OU=SAProuter, O= 210.19.199.62 ffff:ffff:ffff: 3299 *
KP,<<- SncAclKeyToName()==SAP_O_K
'aclkey ' (addr=002DEA80, len=86) full hexdump
0x00000 00030401 00080606 2b240301 25010000 ........ +$..%...
0x00010 00443042 310b3009 06035504 06130244 .D0B1.0. ..U....D
0x00020 45310c30 0a060355 040a1303 53415031 E1.0...U ....SAP1
0x00030 12301006 0355040b 13095341 50726f75 .0...U.. ..SAProu
0x00040 74657231 11300f06 03550403 13087361 ter1.0.. .U....sa
0x00050 70736572 7632 pserv2
out: name = "p:CN=sapserv2, OU=SAProuter, O=SAP, C=DE"
p:CN=sapserv2, OU=SAProuter, O= 210.19.199.62 ffff:ffff:ffff: 3201 *
P, 0:0:0:0:0:0:0:0 0:0:0:0:0:0:0:0 194.39.131.34 ffff:ffff:ffff: 3299 *
D, 0:0:0:0:0:0:0:0 0:0:0:0:0:0:0:0 0:0:0:0:0:0:0:0 0:0:0:0:0:0:0:0 * *
NI-ROUTER LOOP ********
SiSelNSelect: start select (timeout=-1) -
We are starting a conversion of a rather large network from atm/frame to mpls. We will be managing the ce routers and talk bgp to the pe routers. Our current network is eigrp. We will have quite a few backdoor links in the network. Some will be backup only and not carry normal traffic, others such as the backdoor links between our data centers will be the primary path between the sites.
My question is what is the best way to handle the backdoor links. We are looking at:
1)running bgp on the backdoor links also and ibgp between the routers for the backdoor and the ce router.
2)running eigrp on the backdoor but under a seperate eigrp as number and redistributing into the primary eigrp as.
Both have their pros and cons. I was wondering which way other organization have gone and why.Hello,
my 2 cents on the subject.
I haven´t been involved with a customer in the situation you are. So those are some thoughts on the subject not backed up by experience.
First, you need mutual redistribution BGP<->EIGRP on all CE routers.
Second, as EIGRP will always prefer internal routes over external ones, you need another protocol on the backdoor links, which should be really backdoor.
This said I would first select the links, which really shall be backup to the MPLS network. All other (prefered) links should be running EIGRP with main AS to reduce complexity.
So lets first look at the "MPLS is backup" scenario. You will have the same networks on the CE learned through EIGRP and eBGP. The latter having AD=20 is prefered, which is undesired in this case. Setting eBGP to AD=150 could fix this. Additionally you need to tag the EIGRP networks learned from BGP with a site specific tag, which would allow to exclude them from redistribution back into BGP once they are announced through EIGRP to another CE.
Generally a tag should indicate that this network was already passed through the MPLS VPN and thus MUST not be redistributed again.
Now lets have a look at the "MPLS is primary" scenario. As you already stated you need another routing protocol/EIGRP AS in this case. On the CE this would still work, because external EIGRP with AD=170 is worse than (modified) AD=150 of BGP.
What remains is again to set proper filters to avoid routing loops most likely again with tags and route-maps for scalability.
With all this mutual redistribution it is clear, that any mistake in configuration or design of the filters will result in a routing loop.
The other option would be BGP everywhere. Be aware however, that this will most likely not remove the redistribution and filter complexity.
What I do not quite understand is, how the physical design looks like, i.e. where you have BGP routers and where EIGRP (main AS). In case you don´t want to black hole yourself, you need to redistribute back into EIGRP in any case, or run an iBGP full mesh on most of your internal routers.
So in the end you have a lot of complexity in both solutions. Both of them can be implemented. From an operation point of view I would say, that my tendency would be towards EIGRP instead of BGP. But just because your staff might know the latter good enough to operate the whole thing without too much pain.
Looking from a distance:
1) Have you pushed the SP hard enough (=$$ ?) to allow EIGRP on the PE-CE link? This would simplify the whole situation.
2) Have you thought of pushing the SP into OSPF on PE-CE and convert everything to OSPF internally? This would also simplify things. OSPF is better prepared to handle routing loops in MPLS VPNs and also sham links allow for having backdoor links, when required.
Hope this helps! PLease rate all posts.
Regards, Martin
Maybe you are looking for
-
I have changed the fonts on some of my web pages. I would like to preview them before quiting, but Firefox doesn't refresh teh pages. Changing to another site and then reopening my site doesn't do it, even though the pages show correctly on another c
-
About spfile creating in oracle 10g while creating a new database
hi everyone, i had this problem while i was creating a new database in oracle 10g.when running the database script, it gives an error about invalid option for create temporary tablespace. is it necessary to have an spfile created in 10g. when the scr
-
MB11/MB1C/MB1B post GL entry for tax for movement type 561 initial stock
Hi, We want to bring in stock into new system using movement type 561. The usual account posting is: Debit stock Credit account in OBYC GBB How can I add additional tax posting in the transaction? For e.g. Debit stock Debit input tax Credit accou
-
Mini won't go to disk setting, comp won't recognize.
I've worked through all the suggestions on the Apple site, and waded through some here, but can't find anything... I do the "hold on/off, then press down Menu and Select", get the Apple sign, then "hold Select and Play" to supposedly get it into disk
-
Can't get old calendar onto new phone. Help!
Hi - just got a replacement Droid Inc. 2 for mine that was dropped and shattered yesterday. Having a problem getting my calendar from my old Inc. 2 to sync with my new Inc. 2. I've never kept a calendar on Google, just kept appointments on my phone.