Static routes within VRF
Is there a limit to the number of static route one could use within a VRF ?
We have a large customer connected to MPLS VRF based backbone and due to various limiting factors this customer uses static routing from a PE-CE perspective.
We have been experiencing a problem where a static needsto be removed and placed back as routing to a site stops (No traffic passed) , this happes intermittently and to different sites within diffrent regions as well. All the general or expected troubleshooting procedures have been followed i.e. Check routing table , bgp , CEF tables , FIB etc. All seems fine , the only thing that reloves this is removing the static and then replacing it.
My thinking is that there might be a limit to the number of static's that one can use within a VRF and that we have reached the limit for this customer , which causes the intermittent failure.
Please advise.
I know of a "maximum routes limit " command to limit the number of routes in a Vrf on a PE.
From this command reference i find there are no default values for this.
http://www.cisco.com/univercd/cc/td/doc/product/software/ios122/122cgcr/fswtch_r/xrfscmd3.htm#1032272
So I assume, the default is to allow a huge value and the only limitations would be the memory/capacity and the number of vrfs on the PE router.
If you are experiencing a problem in this regard and removing a static route is helping to overcome it, then I would only suspect a bug here.
I am also curious to know how may many static routes you have in this particular vrf.
Similar Messages
-
How do I inject a static default route into vrf
Could anybody give me any advise on injecting a static default route into vrf.
The static route is to the internet, I can't enable vrf forwading on the fa interface as other users also use this internet connection.
I am configuring a 7206 VXR 12.3(26) and have attached a copy of the config
Any help gratefully receivedHi
I think you have to specify the route as this
ip route vrf delegate_wireless fa0/0 0.0.0.0 0.0.0.0 194.154.168.1 global
it tells the router to to use a next hop that is not part of the vrf.
Also, don't forget that the return traffic has to be routed out to the vrf.
Something like this.
ip route a.b.c.d tu1 10.252.254.2
/Mikael -
Cannot add static routes wrt350n
Router has latest firmware and was just set to default values. I cannot add a static route, says "static route invalid" no matter what address I input (keeping it simple, trying 192.168.1.XXX)
I have never had this problem with any other router and I'm thinking it's broken. Thought I'd ask here to make sure I wasn't missing a setting before I throw this thing out the window.
Any help would be appreciated.
Thanks, Nick.Thanks for the help, it is appreciated...
I would like to use a static IP address for my LAN multimedia server, MythTV reccommends a static address for the backend server. I have also always used Static IP addresses for my LAN.
I am a little confused, and my networking is very rusty so please bear with me. Perhaps I have not provided enough information, because I do not fully understand your response. I don't understand how subnetting is relevant.
My network is a simple home network, with one router separating my LAN from the cloud. I have one LAN, no subnetting, 192.168.1.0/255.255.255.0.
Every home router I have used before I have set up the LAN portion like this... And it has always worked in the past...
gateway: 192.168.1.1/24.
static routes 192.168.1.(2-5)/24 for my stationary hosts.
dhcp range 192.168.1.(10-15)/24 for laptops and guests.
In response:
1) Yes it is LAN traffic, but the hosts still need addresses, right? Not sure what you're getting at here.
2) Not sure what you mean... example host 192.168.1.20/24, and the router 192.168.1.1/24are both within the 192.168.1.0/24 network, right? So requests from the cloud are broadcast to all in my LAN, right? How is this relevant?
3) I thought the gateway (on my only router) has to be part of the LAN addressing. By Linksys/Cisco default, the router LAN side gateway is 192.168.1.1/24 and it sends out dhcp addresses to 192.168.1.(100-149)/24.
Am I severly confused or are we just on the wrong page? -
Leaking MPLS VPN learned routes from VRF to Global
I'm trying to leak routes from a VRF to global. I can get the routes leaked from directly connected CE to the global, however I can't get the routes from remote CE's to leak in to the global routing table. Below are my configurations
RP/0/0/CPU0:B25BR1#sh run vrf TR
Wed Dec 17 22:40:33.772 UTC
vrf TR
address-family ipv4 unicast
import route-target
65000:7020
export to default-vrf route-policy TR-2-GLOBAL
export route-target
65000:7020
RP/0/0/CPU0:B25BR1#sh rpl route-policy TR-2-GLOBAL
Wed Dec 17 22:40:50.851 UTC
route-policy TR-2-GLOBAL
if destination in TR-2-GLOBAL then
pass
endif
end-policy
RP/0/0/CPU0:B25BR1#sh rpl prefix-set TR-2-GLOBAL
Wed Dec 17 22:40:57.861 UTC
prefix-set TR-2-GLOBAL
192.168.0.17/32,
192.168.0.18/32,
192.168.0.19/32,
192.168.0.20/32
end-set
!Routes that I want to see also are 192.168.0.19/32 and 192.168.0.20/32 which are there in the VRF routing table
RP/0/0/CPU0:B25BR1#sh route vrf TR
Wed Dec 17 22:41:45.767 UTC
Codes: C - connected, S - static, R - RIP, B - BGP, (>) - Diversion path
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2, E - EGP
i - ISIS, L1 - IS-IS level-1, L2 - IS-IS level-2
ia - IS-IS inter area, su - IS-IS summary null, * - candidate default
U - per-user static route, o - ODR, L - local, G - DAGR
A - access/subscriber, a - Application route, (!) - FRR Backup path
Gateway of last resort is not set
B 10.1.0.0/30 [20/0] via 10.1.0.5, 00:14:32
C 10.1.0.4/30 is directly connected, 06:57:19, GigabitEthernet0/0/0/2
L 10.1.0.6/32 is directly connected, 06:57:19, GigabitEthernet0/0/0/2
B 10.1.128.0/30 [20/0] via 10.1.0.5, 00:14:32
B 192.168.0.17/32 [20/0] via 10.1.0.5, 00:13:56
B 192.168.0.18/32 [20/0] via 10.1.0.5, 00:13:56
B 192.168.0.19/32 [200/0] via 192.168.0.4 (nexthop in vrf default), 00:13:31
B 192.168.0.20/32 [200/0] via 192.168.0.4 (nexthop in vrf default), 00:13:31
RP/0/0/CPU0:B25BR1#sh ip rou
Wed Dec 17 22:41:50.097 UTC
Codes: C - connected, S - static, R - RIP, B - BGP, (>) - Diversion path
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2, E - EGP
i - ISIS, L1 - IS-IS level-1, L2 - IS-IS level-2
ia - IS-IS inter area, su - IS-IS summary null, * - candidate default
U - per-user static route, o - ODR, L - local, G - DAGR
A - access/subscriber, a - Application route, (!) - FRR Backup path
Gateway of last resort is not set
S 10.0.0.0/27 is directly connected, 08:04:01, Null0
O 10.0.0.4/30 [110/2] via 10.0.0.9, 08:03:10, GigabitEthernet0/0/0/0
C 10.0.0.8/30 is directly connected, 08:04:00, GigabitEthernet0/0/0/0
L 10.0.0.10/32 is directly connected, 08:04:00, GigabitEthernet0/0/0/0
O 10.0.0.12/30 [110/3] via 10.0.0.9, 08:03:10, GigabitEthernet0/0/0/0
[110/3] via 10.0.128.9, 08:03:10, GigabitEthernet0/0/0/1
O 10.0.0.16/30 [110/2] via 10.0.128.9, 08:03:51, GigabitEthernet0/0/0/1
O 10.0.0.24/30 [110/3] via 10.0.128.9, 06:29:14, GigabitEthernet0/0/0/1
O 10.0.0.28/30 [110/2] via 10.0.128.9, 08:03:51, GigabitEthernet0/0/0/1
S 10.0.128.0/29 is directly connected, 08:04:01, Null0
O 10.0.128.0/30 [110/3] via 10.0.0.9, 08:03:10, GigabitEthernet0/0/0/0
[110/3] via 10.0.128.9, 08:03:10, GigabitEthernet0/0/0/1
O 10.0.128.4/30 [110/2] via 10.0.128.9, 08:03:51, GigabitEthernet0/0/0/1
C 10.0.128.8/30 is directly connected, 08:04:00, GigabitEthernet0/0/0/1
L 10.0.128.10/32 is directly connected, 08:04:00, GigabitEthernet0/0/0/1
S 10.1.0.4/30 is directly connected, 06:57:23, Null0
S 10.1.128.4/30 is directly connected, 08:04:01, Null0
C 10.18.0.0/16 is directly connected, 08:04:00, MgmtEth0/0/CPU0/0
L 10.18.0.9/32 is directly connected, 08:04:00, MgmtEth0/0/CPU0/0
L 127.0.0.0/8 [0/0] via 0.0.0.0, 08:04:04
O 192.168.0.1/32 [110/2] via 10.0.0.9, 08:03:10, GigabitEthernet0/0/0/0
O 192.168.0.2/32 [110/4] via 10.0.0.9, 08:03:10, GigabitEthernet0/0/0/0
[110/4] via 10.0.128.9, 08:03:10, GigabitEthernet0/0/0/1
O 192.168.0.3/32 [110/3] via 10.0.128.9, 08:03:40, GigabitEthernet0/0/0/1
O 192.168.0.4/32 [110/3] via 10.0.128.9, 08:03:51, GigabitEthernet0/0/0/1
O 192.168.0.5/32 [110/4] via 10.0.0.9, 08:03:10, GigabitEthernet0/0/0/0
[110/4] via 10.0.128.9, 08:03:10, GigabitEthernet0/0/0/1
O 192.168.0.6/32 [110/2] via 10.0.128.9, 08:03:51, GigabitEthernet0/0/0/1
O 192.168.0.7/32 [110/3] via 10.0.0.9, 08:03:10, GigabitEthernet0/0/0/0
[110/3] via 10.0.128.9, 08:03:10, GigabitEthernet0/0/0/1
L 192.168.0.8/32 is directly connected, 08:04:00, Loopback0
B 192.168.0.17/32 [20/0] via 10.1.0.5 (nexthop in vrf TR), 00:05:37
B 192.168.0.18/32 [20/0] via 10.1.0.5 (nexthop in vrf TR), 00:05:37
I'm only seeing the routes from the directly connected CE, but not the routes received from RR. What am I missing here?
Thanks!
-SajithI'm trying to leak routes from a VRF to global. I can get the routes leaked from directly connected CE to the global, however I can't get the routes from remote CE's to leak in to the global routing table. Below are my configurations
RP/0/0/CPU0:B25BR1#sh run vrf TR
Wed Dec 17 22:40:33.772 UTC
vrf TR
address-family ipv4 unicast
import route-target
65000:7020
export to default-vrf route-policy TR-2-GLOBAL
export route-target
65000:7020
RP/0/0/CPU0:B25BR1#sh rpl route-policy TR-2-GLOBAL
Wed Dec 17 22:40:50.851 UTC
route-policy TR-2-GLOBAL
if destination in TR-2-GLOBAL then
pass
endif
end-policy
RP/0/0/CPU0:B25BR1#sh rpl prefix-set TR-2-GLOBAL
Wed Dec 17 22:40:57.861 UTC
prefix-set TR-2-GLOBAL
192.168.0.17/32,
192.168.0.18/32,
192.168.0.19/32,
192.168.0.20/32
end-set
!Routes that I want to see also are 192.168.0.19/32 and 192.168.0.20/32 which are there in the VRF routing table
RP/0/0/CPU0:B25BR1#sh route vrf TR
Wed Dec 17 22:41:45.767 UTC
Codes: C - connected, S - static, R - RIP, B - BGP, (>) - Diversion path
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2, E - EGP
i - ISIS, L1 - IS-IS level-1, L2 - IS-IS level-2
ia - IS-IS inter area, su - IS-IS summary null, * - candidate default
U - per-user static route, o - ODR, L - local, G - DAGR
A - access/subscriber, a - Application route, (!) - FRR Backup path
Gateway of last resort is not set
B 10.1.0.0/30 [20/0] via 10.1.0.5, 00:14:32
C 10.1.0.4/30 is directly connected, 06:57:19, GigabitEthernet0/0/0/2
L 10.1.0.6/32 is directly connected, 06:57:19, GigabitEthernet0/0/0/2
B 10.1.128.0/30 [20/0] via 10.1.0.5, 00:14:32
B 192.168.0.17/32 [20/0] via 10.1.0.5, 00:13:56
B 192.168.0.18/32 [20/0] via 10.1.0.5, 00:13:56
B 192.168.0.19/32 [200/0] via 192.168.0.4 (nexthop in vrf default), 00:13:31
B 192.168.0.20/32 [200/0] via 192.168.0.4 (nexthop in vrf default), 00:13:31
RP/0/0/CPU0:B25BR1#sh ip rou
Wed Dec 17 22:41:50.097 UTC
Codes: C - connected, S - static, R - RIP, B - BGP, (>) - Diversion path
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2, E - EGP
i - ISIS, L1 - IS-IS level-1, L2 - IS-IS level-2
ia - IS-IS inter area, su - IS-IS summary null, * - candidate default
U - per-user static route, o - ODR, L - local, G - DAGR
A - access/subscriber, a - Application route, (!) - FRR Backup path
Gateway of last resort is not set
S 10.0.0.0/27 is directly connected, 08:04:01, Null0
O 10.0.0.4/30 [110/2] via 10.0.0.9, 08:03:10, GigabitEthernet0/0/0/0
C 10.0.0.8/30 is directly connected, 08:04:00, GigabitEthernet0/0/0/0
L 10.0.0.10/32 is directly connected, 08:04:00, GigabitEthernet0/0/0/0
O 10.0.0.12/30 [110/3] via 10.0.0.9, 08:03:10, GigabitEthernet0/0/0/0
[110/3] via 10.0.128.9, 08:03:10, GigabitEthernet0/0/0/1
O 10.0.0.16/30 [110/2] via 10.0.128.9, 08:03:51, GigabitEthernet0/0/0/1
O 10.0.0.24/30 [110/3] via 10.0.128.9, 06:29:14, GigabitEthernet0/0/0/1
O 10.0.0.28/30 [110/2] via 10.0.128.9, 08:03:51, GigabitEthernet0/0/0/1
S 10.0.128.0/29 is directly connected, 08:04:01, Null0
O 10.0.128.0/30 [110/3] via 10.0.0.9, 08:03:10, GigabitEthernet0/0/0/0
[110/3] via 10.0.128.9, 08:03:10, GigabitEthernet0/0/0/1
O 10.0.128.4/30 [110/2] via 10.0.128.9, 08:03:51, GigabitEthernet0/0/0/1
C 10.0.128.8/30 is directly connected, 08:04:00, GigabitEthernet0/0/0/1
L 10.0.128.10/32 is directly connected, 08:04:00, GigabitEthernet0/0/0/1
S 10.1.0.4/30 is directly connected, 06:57:23, Null0
S 10.1.128.4/30 is directly connected, 08:04:01, Null0
C 10.18.0.0/16 is directly connected, 08:04:00, MgmtEth0/0/CPU0/0
L 10.18.0.9/32 is directly connected, 08:04:00, MgmtEth0/0/CPU0/0
L 127.0.0.0/8 [0/0] via 0.0.0.0, 08:04:04
O 192.168.0.1/32 [110/2] via 10.0.0.9, 08:03:10, GigabitEthernet0/0/0/0
O 192.168.0.2/32 [110/4] via 10.0.0.9, 08:03:10, GigabitEthernet0/0/0/0
[110/4] via 10.0.128.9, 08:03:10, GigabitEthernet0/0/0/1
O 192.168.0.3/32 [110/3] via 10.0.128.9, 08:03:40, GigabitEthernet0/0/0/1
O 192.168.0.4/32 [110/3] via 10.0.128.9, 08:03:51, GigabitEthernet0/0/0/1
O 192.168.0.5/32 [110/4] via 10.0.0.9, 08:03:10, GigabitEthernet0/0/0/0
[110/4] via 10.0.128.9, 08:03:10, GigabitEthernet0/0/0/1
O 192.168.0.6/32 [110/2] via 10.0.128.9, 08:03:51, GigabitEthernet0/0/0/1
O 192.168.0.7/32 [110/3] via 10.0.0.9, 08:03:10, GigabitEthernet0/0/0/0
[110/3] via 10.0.128.9, 08:03:10, GigabitEthernet0/0/0/1
L 192.168.0.8/32 is directly connected, 08:04:00, Loopback0
B 192.168.0.17/32 [20/0] via 10.1.0.5 (nexthop in vrf TR), 00:05:37
B 192.168.0.18/32 [20/0] via 10.1.0.5 (nexthop in vrf TR), 00:05:37
I'm only seeing the routes from the directly connected CE, but not the routes received from RR. What am I missing here?
Thanks!
-Sajith -
How do you promote a static route over a directly connected?
Hi all,
I have a need for a static route to be used instead of a directly connected route. (Long story - involving firewalls and anti-spoofing.. but can go further if required)
I am using a Cisco 3750 switch. I notice directly connected routes have a metric of 0, and the highest metric I can give a static route is 1.
Therefore, how is it possible for me to make the switch use the static route and not the directly connected?
Any help would be appreciated!
Cheers,
BenHi Rick,
Thanks for your patience.
Maybe I should start again.
Initially we had 16 VLANs within the 10.0/16 address space. We have some Cisco 3750's connected by dark fibre accross a couple of kms and then lower access switches all hanging of these by some means. The network is flat.
We have a checkpoint firewall hanging off one of the 3750s connected using a TRUNK port. The firewall has an IP address on all VLANs and is used to route traffic between VLANs based on its ruleset.
So if I have a user in VLAN 10 who wants to talk to VLAN 20, they travel to the firewall, if a rule permits the access, the firewall routes the packet on to VLAN 2 and the switches deliver at Layer 2.
The switches all have their default VLAN 1 disabled, and have an IP address on our management VLAN to allow us to manage the switches.
Its quite important that this IP is on a secured management VLAN as we don't want just anyone being able to snoop switch logins etc..
If we need to login to a switch, the firewall routes our traffic from whatever VLAN we are on to the Management VLAN.
One of our VLANs (the Desktop VLAN) is quite large (approx 1300 hosts) and suffers a great deal from too much arp broadcast traffic.
As we have a flat switched network across several kms, the cost of putting in routers to subnet this large VLAN is excessive.
However, the 3750's we have are perfectly capable of routing between VLANs, so we decide to create a load of new VLANs instead of subnetting our large VLAN. We don't want to use the firewall to route between these new VLANs as thats just giving the firewall more to do, and previously all these hosts were on a single subnet, so we have no need for any strict security - at most we can use ACLs on the switches if we even need that!
So far so good.
With 1300 hosts, we obviously can't make sudden topology changes. Therefore we need to be able to route between the Desktop VLAN and the new VLANs.
We therefore introduce the static routes between the firewall and the switches.
So the firewall says:
route 10.1.0.0/16 via Multilayer switch IP on 10.1.0.0/16
The multilayer switch says:
route 10.0.0.0/16 via Firewall IP on 10.1.0.0/16
This allows routing perfectly between the Desktop VLAN and the new VLANs.
However the moment we enable ip routing on the switches we break access between the desktop VLAN and the Management VLAN.
A packet leaves the desktop VLAN through the default gateway on the firewall. This is then routed to the Management VLAN. The return packet doesn't use the Management VLAN default gateway (firewall), it follows the static route on the switch and ends up at the firewall on 10.1.0.0/16. This is subsequently dropped as the firewall knows the packet hasn't come from the 10.1.0.0/16 network, it originally came from the desktop VLAN on 10.0.0.0/16.
It might seem we can define a route on the switch to say:
route 10.0.50.0/24 (management VLAN) via 10.0.50.254 (firewall). However, this would result in all packets from 10.1.0.0/16 being dropped by the firewall.
The other problem is that if we are on a new VLAN and want to talk to the management VLAN. The packet goes to its default gateway on the switch. The switch says - "I have an IP on the management VLAN, its directly connected" - therefore it ignores the static route, and passes the packet on its way. We have now bypassed the firewall, which is bad.
Incidentally the return packets get routed through the firewall and dropped, as the original packet didn't come through the firewall, there is no entry in the state table for its return.
I think if we turned off the management interface on the switch and managed it through the interface on 10.1.0.0/16, I assume everything would work. However, we don't want to do this for a whole load of other reasons I wont go into.
Im sure there must be a fairly simple solution - I just don't have enough experience!
Cheers,
Ben -
Redistributing Floating Static route
Hi All,
I have a question.when we redistribute a static route with AD as 210 into MP-iBGP to carry the route to other PE's ,will it also carry the AD value for this route ?
Help would be really appreciated.
Thanks
Regards
Anantha Subramanian NatarajanHello Anantha,
AD is locally significant and is never propagated to another node by any protocol including BGP.
the other PE will see a route in VRF of type iBGP so it will see something like
B [200/0]
the BGP AS path will have an origin ? meaning the prefix is the result of a redistribution on originator PE and not by the usage of network command.
Hope to help
Giuseppe -
Router can perform static route load balance
Dear All
I am not sure a question. I need your idea and help. The question is if the router can perform static route load balance. I tested it. The result showed No. If you have any experience on it, could share it with me. I also post my result here. Thank youDisclaimer
The Author of this posting offers the information contained within this posting without consideration and with the reader's understanding that there's no implied or expressed suitability or fitness for any purpose. Information provided is for informational purposes only and should not be construed as rendering professional advice of any kind. Usage of this posting's information is solely at reader's own risk.
Liability Disclaimer
In no event shall Author be liable for any damages whatsoever (including, without limitation, damages for loss of use, data or profit) arising out of the use or inability to use the posting's information even if Author has been advised of the possibility of such damage.
Posting
Normally they can, but you generally need different next hops. How did you "test". -
Default static route and Null 0
Hi Everyone,
Need to clear some doubts for below setup
Switch 3550A is connected to Internet Router and has OSPF nei relationship with it.
3550A# sh run int fa0/11
Building configuration...
Current configuration : 272 bytes
interface FastEthernet0/11
description OSPF LAN Connection to 2691 Router Interface Fas 0/1
no switchport
ip address 192.168.5.2 255.255.255.254
sh ip route shows
3550A#sh ip route
Gateway of last resort is 192.168.5.3 to network 0.0.0.0
O*E2 0.0.0.0/0 [110/1] via 192.168.5.3, 20:39:56, FastEthernet0/11
3550A#
All is working fine.
For testing purposes i config below static route on 3550A
ip default-network 192.168.1.0
ip route 192.168.1.0 255.255.255.0 Null0
After above change
3550A# sh ip route
Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2
i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
ia - IS-IS inter area, * - candidate default, U - per-user static route
o - ODR, P - periodic downloaded static route
Gateway of last resort is not set
S* 192.168.1.0/24 is directly connected, Null0
O*E2 0.0.0.0/0 [110/1] via 192.168.5.3, 20:38:38, FastEthernet0/11
Now i can not ping to internet as below
3550A#ping 4.2.2.2
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 4.2.2.2, timeout is 2 seconds:
Success rate is 0 percent (0/5)
When we ping from Switch then source IP is always the Outside interface IP right?
So in this case Switch is using which IP as source?
Ping to internet is not working as default network is set to 192.168.1.0 and all request goes to this IP and then it goes to
Null interface right?
Extended ping works fine as below
3550A#ping
Protocol [ip]:
Target IP address: 4.2.2.2
Repeat count [5]:
Datagram size [100]:
Timeout in seconds [2]:
Extended commands [n]: y
Source address or interface: 192.168.5.2
Type of service [0]:
Set DF bit in IP header? [no]:
Validate reply data? [no]:
Data pattern [0xABCD]:
Loose, Strict, Record, Timestamp, Verbose[none]:
Sweep range of sizes [n]:
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 4.2.2.2, timeout is 2 seconds:
Packet sent with a source address of 192.168.5.2
Success rate is 100 percent (5/5), round-trip min/avg/max = 76/79/80 ms
Second thing to confirm is this ping works because 192.168.5.2 is directly connected to Internet Router interface?
Regards
MAheshHi Mahesh,
When we ping from Switch then source IP is always the Outside interface IP right?
That is correct. By default it is always the outgoing interface on the device unless you specify it differently.
Ping to internet is not working as default network is set to 192.168.1.0 and all request goes to this IP and then it goes to
Null interface right?
That is correct. Null0 can't be used as next-hop.
Second thing to confirm is this ping works because 192.168.5.2 is directly connected to Internet Router interface?
No, that is because 192.168.5.0/30 is NATed. Remember 192.168.x.x address is a private segment and cannot access the Internet unless NAT is used.
HTH
Reza -
Advertise implicit-null label for static routes
Hi, I want to ask if there is any way to change the label or stop adveritise label for an static route. Normally LDP advertises an Implicit Null label for directly connected routes. We want to do similar thing for static routes.
We need to do this is because somehow we need to do rate-limit on the PE interface connecting to the core network instead of the interface connecting to CE. As the incoming packets still got labelled, the rate-limit is skipped. So we want to stop the PE creates label for the static routes or advertises them with implicit null label. Thanks in advance.Calvin,
Bear in mind that if you only enter the "no mpls ldp advertise-label" command, LDP will stop propagating all labels, which might not ba what you want. If you selectively want to propagate certain labels, then you need to also use "mpls advertise label for " as Shivlu suggested.
Regards, -
Check for Null in Mediator Static Routing filter
Using Expression Builder for Mediator component how can I check the values for NULL in a particular XML element. In my case the XSD is
<xs:complexType name="OdsCadDataSet">
<xs:choice>
<xs:element name="odsCadCase" type="OdsCadCase" minOccurs="0"
maxOccurs="1"/>
<xs:element name="odsCadEvent" type="OdsCadEvent" minOccurs="0"
maxOccurs="1"/>
<xs:element name="odsCadUnitStatus" type="OdsCadUnitStatus"
minOccurs="0" maxOccurs="1"/>
</xs:choice>
</xs:complexType>
I want to check in expression builder of mediator whether odsCase, odsCadEvent, odsCadUnitStatus is been processed. I have three static routing for each element and plan to put filter which checks is odsCadCase is null and so forth. How to have this use case.
Thanks
Edited by: user5108636 on 28/06/2010 00:15helo, i have same problem here...
I have a xsd:choice on request like this:
<message>
<properties>
<property name="tracking.compositeInstanceId" value="80003"/>
<property name="tracking.ecid" value="0000J1MQVAZBDC^5lVg8yZ1DtZWJ000T5r"/>
<property name="transport.http.remoteAddress" value="10.106.17.137"/>
</properties>
<parts>
<part name="request">
<ns1:parametrosConsultaGuia>
<ns1:guiaCompensacaoRequest>
<ns1:anoGuia>2011</ns1:anoGuia>
<ns1:numeroGuia>314</ns1:numeroGuia>
<ns1:codigoFatoGerador>6</ns1:codigoFatoGerador>
<ns1:codigoPorte>77011</ns1:codigoPorte>
</ns1:guiaCompensacaoRequest>
<ns1:guiaComplementarRequest>
<ns1:codigoEntidade/>
<ns1:classeEmbarcacao/>
<ns1:codigoPorte/>
<ns1:codigoAssunto/>
<ns1:fatoGerador/>
<ns1:numeroTransacaoInternet/>
</ns1:guiaComplementarRequest>
<ns1:guiaDesarquivamentoRequest>
<ns1:codigoAssunto/>
<ns1:idPessoa/>
</ns1:guiaDesarquivamentoRequest>
<ns1:guiaDividaAtivaRequest>
<ns1:numeroDebito/>
<ns1:codigoUsuario/>
</ns1:guiaDividaAtivaRequest>
<ns1:guiaNormalRequest>
<ns1:codigoEntidade/>
<ns1:codigoAssunto/>
<ns1:fatoGerador/>
<ns1:numeroTransacaoInternet/>
</ns1:guiaNormalRequest>
<ns1:guiaReferenciaRequest>
<ns1:numeroGuiaPai/>
<ns1:anoGuiaPai/>
<ns1:codigoEntidade/>
<ns1:classeEmbarcacao/>
<ns1:codigoAssunto/>
</ns1:guiaReferenciaRequest>
<ns1:guiaRemanescenteRequest>
<ns1:numeroDebito/>
<ns1:codigoUsuario/>
</ns1:guiaRemanescenteRequest>
<ns1:guiaMultaRequest>
<ns1:codigoEntidade/>
<ns1:dataVencimento/>
<ns1:valorMulta/>
<ns1:percentualDesconto/>
<ns1:percentualAcrescimo/>
</ns1:guiaMultaRequest>
</ns1:parametrosConsultaGuia>
</part>
</parts>
</message>
I tried everything to check if some of the requests are filled but allways mediator returns null:
03/06/2011 13:50:42MensagemEvaluation of xpath condition "string-length($in.request/guia:guiaRequest/guia:parametrosConsultaGuia/guia:guiaReferenciaRequest) > 0" resulted false
<payload>
Atividade03/06/2011 13:50:42MensagemonCase "GuiaCompensacao.getGuiaCompensacao"
03/06/2011 13:50:42MensagemEvaluation of xpath condition "$in.request/guia:guiaRequest/guia:parametrosConsultaGuia/guia:guiaCompensacaoRequest != ''" resulted false
<payload>
Atividade03/06/2011 13:50:42MensagemonCase "GuiaRemanescenteService.getGuiaRemanescente"
03/06/2011 13:50:42MensagemEvaluation of xpath condition "string-length($in.request/guia:guiaRequest/guia:parametrosConsultaGuia/guia:guiaRemanescenteRequest) > 0" resulted false
<payload>
Atividade03/06/2011 13:50:42MensagemonCase "GuiaMultaService.gerarBoleto"
03/06/2011 13:50:42MensagemEvaluation of xpath condition "string-length($in.request/guia:guiaRequest/guia:parametrosConsultaGuia/guia:guiaMultaRequest) > 0" resulted false
<payload>
Atividade03/06/2011 13:50:42MensagemonCase "GuiaDividaAtiva.getGuiaDividaAtiva"
03/06/2011 13:50:42MensagemEvaluation of xpath condition "string-length($in.request/guia:guiaRequest/guia:parametrosConsultaGuia/guia:guiaDividaAtivaRequest) > 0" resulted false
<payload>
Atividade03/06/2011 13:50:42MensagemonCase "GuiaDesarquivamento.getGuiaDesarquivamento"
03/06/2011 13:50:42MensagemEvaluation of xpath condition "string-length($in.request/guia:guiaRequest/guia:parametrosConsultaGuia/guia:guiaDesarquivamentoRequest) > 0" resulted false
<payload>
Atividade03/06/2011 13:50:42MensagemonCase "GuiaComplementarService.gerarBoleto"
03/06/2011 13:50:42MensagemEvaluation of xpath condition "string-length($in.request/guia:guiaRequest/guia:parametrosConsultaGuia/guia:guiaComplementarRequest) > 0" resulted false
<payload>
Atividade03/06/2011 13:50:42MensagemonCase "GuiaNormalService.gerarBoleto"
03/06/2011 13:50:42MensagemEvaluation of xpath condition "string-length($in.request/guia:guiaRequest/guia:parametrosConsultaGuia/guia:guiaNormalRequest) > 0" resulted false
<payload> -
Problems setting up static routing
HI
I'm having a problem setting up static routing. I keep getting the message "invalid static route". I have an E1550 router and my frimware is up to date. I have tried a few different gateway addresses ie 192.168.1.1, 127.0.0.1 and my router's address on the net, but I keep getting the same message. Has anyone else had this problem and been able to fix it?I think the E1550 router supports LAN to LAN routing provided that you have two local networks. If you only have a plain modem and the E1550, I believe you can't do Static routing on that type of setup. Found this link that might help: http://kb.linksys.com/Linksys/ukp.aspx?vw=1&docid=12a84336a124498eb5d6f0204b85191e_17589.xml&pid=80&...
-
Is there a way to add a static route in an Ipod touch ?
I am trying to get the ipod touch to configure correctly for our wireless network.
The wireless side does not provide DNS or DHCP directly . Rather this is done from a different
subnet . This assists to a small extent with our wirless security in that the attacker must also know
routing address and DNS and DHCP addresses to steal web access. In windows or Linux this can be done
by route add (DHCP IP Address) netmask 255.255.255.255 (gateway IP address)
and route add (DNS IP Address) netmask 255.255.255.255 (gateway IP address)
and manually specifying the DNS and DHCP addresses. Even if i manually enter the
the IP address without a simple static route I will not get DNS services across the gateway.
I am no apple expert but route add has been in use since the internet was still on 2 wheels
surely this can still be done ?
Thanks in advancehi!
have you seen javax.swing.JMenuItem ?
and have a look into
http://java.sun.com/docs/books/tutorial/uiswing/components/menu.html
:) -
Setting up static routing in sa520. Im stuck.
Hello,
I finally got my cisco router and all excited about it i tried to set it up. Everything went fine until i wanted a local machine to get its own IP adress that is reachable from the outside.
Basicly i used static IP setting in the wan/ip4v menu. This worked great and with the router assigning dhcp too all computers.
Now all the local computers has internet connection and they share one ip adress on the outside.
As for where im stuck. I have a xserve with 2 networkcards. It runs a FTP server which we use local but we also have customers needing to reach it from the outside. The local FTP works but im having difficulties assigning a outside IP too it. Our ISP has provided 5 different ipadresses.
I have tried to do this in 2 different ways where the second way is preferable.
first try:
Use the optional port as a second wan. give it the same settings as the first wan got but another ip-adress.
Then connect the xserves outside network card directly too that wan port and use dhcp. This did not work.
second try:
Assign a static routing from the wan2(optional port) too the local ipadress for the xserve.
Can someone elaborate on how this should be done?
Thank you.
Edit:
Later today i will try this firewall rule.
http://bildr.no/view/580301
Basicly i want to forward any connections from wan2 too 192.168.1.33 which is my server. Does that look correct?Thank you for your quick reply.
Im using version 1.1.21.
Im actully quite sure that its a user problem rather then firmware error. It´s the first time i evern touch a Cisco router and i havn´t done that much networking.
I can show you how i did it on my xserve. Maybe you can elaborate on how i can do it the same way.
redirect_port
proto
tcp
targetIP
192.168.1.50
targetPortRange
80
aliasIP
77.40.XXX.220
aliasPortRange
8888
Basicly it says push whatever trafic from ip 77.40.xxx.220 too 192.168.1.50 on the local network.
How can i do the same thing on my cisco router? It´s a NAT ip-forward rule.
Edit:
Screenshot shows what i have been trying.
I have chosen optional wan which is set to use another external IP adress but this does not work. It would be so much easier if i could just type in the external IP adress there and use the same gateway, dns as the main WAN.
Added config aswell.
Thank you. -
How do you Redistribution EIGRP into OSPF and maintain a distance of 250 for a static route?
Ok, I have scoured the forums long enough and have to post. The design is below. I moved a firewall to our new data center, which required adding some static routes for VPN connections and broadband backups. To minimize the amount of static routes I redistribute static into EIGRP with a route-map and prefix-list.
My problem is the next part of my network. When the data leaves my 56128's it hits an edge device connecting to our dark fiber. On this edge device I am running OSPF onto the dark fiber, then redistribute some EIGRP subnets into OSPF and again all is well.
Everything works up until the point the redistributed routes hit my RIB at my main data center where I am running IBGP. IBPG is run between our MPLS router and core for all our remote sites. When my backup route from the 56128's hits the cores, it supersedes the BGP route because the AD route O E2 [110/20] is lower than the BGP AD B [200/0]. Given the configuration below what can be done to remedy this? Oh when I redistribute I can only change the AD for the backup routes, all other routes should stay the same.
56128's where my static routes are:
ip route 192.168.101.0/24 192.168.30.77 name firewall 250
router eigrp 65100
redistribute static route-map Static-To-Eigrp
route-map Static-To-Eigrp permit 10
match ip address prefix-list Static2Eigrp
ip prefix-list Static2Eigrp seq 2 permit 192.168.101.0/24
Edge device:
router eigrp 65100
network 172.18.0.5 0.0.0.0
network 172.18.0.32 0.0.0.3
network 172.18.0.36 0.0.0.3
redistribute ospf 65100 metric 2000000 0 255 1 1500
redistribute static metric 200000 0 255 1 1500 route-map STATICS_INTO_EIGRP
passive-interface default
no passive-interface Port-channel11
no passive-interface Port-channel12
eigrp router-id 172.18.0.5
router ospf 65100
router-id 172.18.0.5
log-adjacency-changes
redistribute eigrp 65100 subnets route-map EIGRP_INTO_OSPF
passive-interface default
no passive-interface GigabitEthernet1/0/1
no passive-interface GigabitEthernet1/0/2
no passive-interface GigabitEthernet2/0/1
no passive-interface GigabitEthernet2/0/2
network 172.18.0.0 0.0.255.255 area 0
ip prefix-list EIGRP_INTO_OSPF seq 5 permit 172.18.0.0/16 le 32
ip prefix-list EIGRP_INTO_OSPF seq 10 permit 192.168.94.0/29 le 32
ip prefix-list EIGRP_INTO_OSPF seq 15 permit 192.168.26.32/29 le 32
ip prefix-list EIGRP_INTO_OSPF seq 20 permit 192.168.30.72/29 le 32
ip prefix-list EIGRP_INTO_OSPF seq 25 permit 192.168.20.128/25 le 32
ip prefix-list EIGRP_INTO_OSPF seq 26 permit 192.168.101.0/24 le 32 <- Backup Route for MPLS Remote Office
route-map EIGRP_INTO_OSPF permit 10
match ip address prefix-list EIGRP_INTO_OSPFSo in the case of a /24. If it were say broken up into /25's? From our remote sites we are using aggregate-address summary-only. Not sure how I would advertise a more specific route via BGP, sorry.
I didnt have this problem until I moved my firewalls. They plugged into the cores where IBGP was running and the static never kicked in unless the bgp route disappeared. I guess I could use my static redistribution for my VPN sites and use statics across the cores for the handful of backup links I have. -
Interworking on Static Routing as IGP
Was testing interworking between Vlan over ethernet and FR. As long as my LDP was on static routing, I couldnt reach end-to-end. The moment i configured OSPF as my routing protocol it came up. Can anyone let me know what the reason could be ?
Gautam,
This is actually normal behavior.
Before the label learnt via an LDP peer is coupled to a route in the FIB, the next-hop IP address of the route needs to match one of the interface IP addresses bound to the LDP peer (see below). So basically it will not work without a next IP address.
r2#sh mpls ldp nei
Peer LDP Ident: 3.3.3.3:0; Local LDP Ident 2.2.2.2:0
TCP connection: 3.3.3.3.11004 - 2.2.2.2.646
State: Oper; Msgs sent/rcvd: 27/27; Downstream
Up time: 00:15:07
LDP discovery sources:
Serial3/0, Src IP addr: 192.168.23.3
Addresses bound to peer LDP Ident:
3.3.3.3 192.168.34.3 192.168.23.3 <++++++ the route next hop has to match one of these addresses.
Hope this helps,
Maybe you are looking for
-
Hi , I have a file to ido scenario.The file size is suppose to be big (atmost 5mb).I am getting the following error in SM58 Time limit Exceeded . I am able to see my idocs in idx5. Kindly help
-
How do I get a Win serial number when I was sent a Mac code? I don't have a Mac...
I had purchased Captivate 8 on June 21. However, I received a Mac serial number on June 21, which is not recognized by my Win trial version of Captivate 8. I had called about this on Monday June 23, was passed through several fellows, and was told I'
-
9i won't install oo4o components
I'm trying to install 9i on a Win98 machine and it won't install the oo4o dll's. There's no oo4e folder in the oracle directory tree. I've installed three times now. I need them for a VB database application. I keep getting Runtime Error 429 ActiveX
-
Publishing iBook for non US residents
I want to sell a book through the iTunes Store in Mexico and have followed all the steps but I can´t go forward because I'm asked to provide my EIN or SSN / ITIN. I live in Mexico, I am an independent author, and it is very difficult to get these doc
-
Hi, We are using one standard BSP application. we run the application from the portal . If we logoff from the Portal by clicking on the "Log Off' button it is unlocking all the underlying database. But when we close the application by clicking on C