Cisco WAN :: 7200 - Egress Netflow V9 And Output Packet Marking Order
Aug 17, 2011
when using egress netflow (v9) and output marking.
The topologie : Server <-----> R1 1>-----<1 R2 2>----<2 R3
R2 is a 7200 with c7200p-adventerprisek9-mz.124-15.T11.bin What I'm doing :- R2 forwards ping packets from Server to R3. When they arrive on R2, icmp packets are marked with CS3
- I change the DSCP to CS4 on R2 before forwarding packet to R3. I'm using for that an output service-policy on the R2-2 interface like this : interface ATM2/0.36 point-to-point
ip address 192.168.1.1 255.255.255.252
ip flow ingress
ip flow egress
[Code]....
View 3 Replies
ADVERTISEMENT
Nov 4, 2012
I have a question that so far I haven't been able to find a suitable answer for. This is focused from an ISP perspective. So suppose I have the following scenario:
I have a BGP transit area. On each edge of the my network I have a e BGP connection to the same client for redundancy. This client has his own ASN, iBGP and prefixes. I'm receiving the same NLRI from the client through both sides. Let's assume he's advertzing the prefix 10.10.0.0/16 through both ends. I'm receiving it with no problems and I'm passing it along to the next providers with whom I also have multiple ingress and egress points.
Something like this:
PROVIDER A PROVIDER A
| |
eBGP eBGP
| |
CLIENT A (ASN65100) --- eBGP --- MYROUTERA(ASN65200) ----- iBGP --- MYROUTERB(ASN65200) --- eBGP --- CLIENT A(ASN65100)
| |
eBGP eBGP
| |
PROVIDER B PROVIDER B
Let's say my client pays for a 10Mb. Both links are configured to 10Mb so that each can handle the load in case the other one fails and both are always active. So my question is:
How can I shaped or police the client's traffic across multiple points of entry on different routers so that it won't go beyond the 10Mb. The same scenario applies on how can I limit traffic coming from the providers A, and B destined to the client's prefix: 10.10.0.0/16.
I don't mean using MED, local-pref, weight. Sure I can funnel all the traffic through one single point, but consider that I'm also trying to move away from basic routing and more into PfR, which mean that I have more granular control of the flows. Perhaps there is a PfR service-policy or something that can work.
For this scenario I'm using 7200 as my routers. If there is a solution that assumes any other model don't hesitate to post it. TLDR; How can I police or shape across multi interfaces on different routers?
View 2 Replies
View Related
Oct 12, 2012
i'm doing B.E., final year.My project is IP TRACEBACK.so we hav to mark packets in router.Is it possibe to mark packet in cisco packet tracer?
View 1 Replies
View Related
Jun 9, 2013
I'm trying to configure a egress netflow in a 6500 (VSS) with VS-S720-10G supervisor. I foud some old posts and understood that netflow wasn't supported on 6500 but i found a new document and it seems that netflow is supported in Supervisor Engine 2T:[URL] Does the netflow still not supported in VS-S720-10G? It's weird because the command is supported:
#sh run int vlan 4
Building configuration...
Current configuration : 353 bytes
!
interface Vlan4
ip address X.X.X.X 255.255.0.0
[cod]....
View 1 Replies
View Related
Feb 20, 2011
My new small router 866vae crashes and makes cold reboots every 20-30 minutes. I updated IOS, but it didn't work. The logs show texts like this:
Possible software fault. Upon reccurence,crashinfo, "show tech" and contact Cisco Technical Support. http serverip http access-class 23ip http authentication localip http secure-serverip http timeout-policy idle 60 life 86400 requests 10000!ip dns serverip nat inside source list 101 interface Dialer0 overload!dialer-list 1 protocol ip permitmac-address-table aging-time 15no cdp run!access-list 23 permit 192.168.1.0 0.0.0.255access-list 101 permit ip 192.168.1.0 0.0.0.255 anyaccess-list 111 permit udp any eq bootps any eq bootpcaccess-list 111 permit tcp any anyaccess-list 111 permit udp any anyaccess-list 111 permit icmp any any echo-replyaccess-list 111 permit icmp any any time-exceededaccess-list 111 permit icmp any any unreachableaccess-list 111 permit icmp any any administratively-prohibitedaccess-list 111 permit icmp any any echoaccess-list 111 permit gre any any!control-plane!!line con 0login localno modem enableline aux 0line vty 0 4access-class 23 inprivilege level 15login localtransport input telnet!scheduler allocate 60000 1000!end
View 10 Replies
View Related
Apr 19, 2012
I have a 7200 router with a 12.2.(46a) IOS and I am trying to activate Netflow on a subinterface. From the documentation of Cisco, I should be able to do it since the ios 12.2.(14)S but the command is unavailable.
[URL]
I have tried also to enter the command in the subinterface directly but it doesn't recognize it.
View 2 Replies
View Related
Jul 23, 2012
router 7200 (12.2(33)SRE1)
two interfaces with traffic going through, placed in a Data-VRF
Another physical interface and loopback interface in the global routing-table.
ip flow ingress on all physical interfaces configured
It was running for at least a year: I was getting netflow packets on my analyzer from the box. Since a couple of weeks I get no netflow-packets anymore.debug ip flow export tells me "IPFLOW: Sending export pak to ... port 2055"
But the packet is not leaving the box. By setting up an ip sla monitor udp-echo I simulated some traffic (udp/2055) which is leaving the box.
[code]...
View 2 Replies
View Related
Mar 22, 2012
We have 7206 VXR running NPE-G1, we are looking for the GigE cards for 7200 which supports upto line rate and came across Cisco 7200 Series Input/Output Controllers The datasheet for the same doesnt say anything about line rates.
View 3 Replies
View Related
Mar 13, 2012
I have too much output drops in my cisco 7206 VxR NPE G1 router. I'm doing dot1Q on this interface and is connected to switch , i changed the router and IOS but still the error is same . What can be the reason . The interface on switch and router are 1000/Full and i changed the cable also . The traffic only comes about max70Mbps and it is really confusing. [code]
View 9 Replies
View Related
Jun 4, 2013
We have Cisco Catalyst 6509-V-E VSS Switch with Sup2T und IOS Version 15.0(1)SY2. We are gettin input netflow information from the gi2/3/7 but not output ... I am not sure why it does not work.
View 1 Replies
View Related
Jan 23, 2013
I´ve try to configure a VPN IPSEC between a Cisco 7200 and Juniper ISG2000.The tunnel looks like good but when a ping is sending, I´ve packets lost and getting the next error:IPSEC(epa_des_crypt): decrypted packet failed SA identity check.My configuration en both sites is the follow: [code] What is the possible problem here. mea be in the Cisco 7200 configuration or in ISG Configuraton??
View 4 Replies
View Related
Jan 30, 2012
MIB OID and the values.also i want to know the values og output packet and output packet drops MIB OID values of POS interface on GSR router (12000).because i am getting many output packet drops on these pos interface.how do i get these values from the router.
View 1 Replies
View Related
Dec 20, 2011
I have made some test and i noticed that qos input policy does not classify the icmp packet based on their dscp.The "match dscp ef" or "match precedence 5" is not working only the "match protocol icmp" shows hits.
We need to classify the different icmp packets based on dscp ( TOS ) for measurement purpose.CISCO 7200, 12.4.25d and 12.4.20T have a same behavior.
View 6 Replies
View Related
Mar 16, 2013
I am trying to troubleshoot a problem where in one of my remote site is not able to access some networks at HQ over Site to SIte VPN ( asa 5505 at Remote and 5520 at HQ). I ran packet tracer and HQ ASA looks clean as everything came out as ALLOW. Remote site ASA packet tracer give me DROP out at Phase 9 (VPN). I am not very sure what to look in ASA for resolution now. Is it an access list that is blocking the traffice or VPN setup.
View 5 Replies
View Related
Jun 7, 2012
I have a video feed coming into my 3570. It comes in at 5 minute input rate 18777000 bits/sec, 1695 packets/sec. However, the uplink to the router is much different, 5 minute output rate 130000 bits/sec, 28 packets/sec. I am in a lab and about ready to go into testing phase for a project when we discovered this problem, as this video feed is not veiwable on the other end.
Below is the config and capture from the switch.
BLOSSw1#sh int g1/0/6GigabitEthernet1/0/6 is up, line protocol is up (connected) Hardware is Gigabit Ethernet, address is a44c.112f.3506 (bia a44c.112f.3506) MTU 1500 bytes, BW 1000000 Kbit/sec, DLY 10 usec, reliability 255/255, txload 1/255, rxload 4/255 Encapsulation ARPA, loopback not set Keepalive not set Full-duplex, 1000Mb/s, link type is auto, media type is 10/100/1000BaseTX SFP input flow-control is off, output flow-control is unsupported ARP type: ARPA, ARP Timeout 04:00:00 Last input never, output 00:00:00, output hang never Last clearing of "show interface" counters 15:16:25 Input queue: 0/75/0/0 (size/max/drops/flushes); Total output drops: 0 Queueing strategy: fifo Output queue: 0/40 (size/max) 5 minute
[code]....
View 2 Replies
View Related
Nov 27, 2011
In my cisco 3845 router I can see output packet drop in some of the interfaces.I suspect that router is processing packet beyond its mix throughput limit. Moreover when i run show int fax/y switching command I can see packet drop by RP process.
View 11 Replies
View Related
Mar 13, 2012
Any major difrrence between Netflow v/s Netflow-Lite?
I am trying to understand if Cisco 4948E can do the same job as Cisco 4500E or not and difference between Netflow v/s Netflow-Lite will work for me to select correct product.
View 2 Replies
View Related
May 17, 2011
1) which DSCP marking to use for ex90s(HD video)?
2) as a test we are planning do to deploy ex90 at few of locations. at location 1 we will do DSCP EF marking while at the other location we will do DSCP AF41 for video..assume, LOC1 calls LOC2: so, when video traffic from LOC1 arrives to LOC2 will it be marked as EF? and when traffic from LOC2 arrives LOC1 then traffic will be marked as AF41? if yes, then will there be any issue sometimes in case if we run out of bandwidth for EF?
View 2 Replies
View Related
Aug 22, 2011
I have a weird issue with a QOS policy that I have implemented. Details are below.
This is basically the policy I have created. It is running on a Cisco 877 router (running Advance IP Services 12.4). The internet connection is an Internode ADSL service.
class-map match-any VOIP
match access-group name VOICE-OUT
!
!
[Code]....
View 14 Replies
View Related
Nov 2, 2011
We have subscribed for MPLS links from Service provider we have a DC where the core connectivity is 90 MB and Remote branch location Connectivity is 64 Kbps. We are in process of enabling QOS for our links with co-ordination with Service provider ; as per our finding the branches have more RX traffic (downloading) so after discussion with provider we were advised to mark traffic from the core end and give it to the provider.The provider at its PE will honor the marking and set some B/W percentages and prioroty based on the DSCP marking values.
We need to mark this traffic so it is feasible to mark the traffic at the core DC router which has the below H/W details,Cisco 7206VXR (NPE-G2) processor (revision A) with 917504K/65536K bytes of memory.
Processor board ID 36161439
MPC7448 CPU at 1666Mhz, Implementation 0, Rev 2.2
6 slot VXR midplane, Version 2.11
or is it feasible to mark the traffic at the core switch.
View 6 Replies
View Related
May 29, 2012
I have a Cisco 3725 router with IOS version "Cisco IOS Software, 3700 Software (C3725-ADVIPSERVICESK9-M), Version 12.4(12)". And this router is serving as a CE route for our MPLS connection to the service Provider. We do also have multiple VRFs ( around 10) and the WAN interface is DS3. So we created point-to-point subinterfaces and we put them in different vrfs. We have now transitioned to a new ISP and the ISP requested us to mark all of our outgoing traffics with DSCP AF31. So I have created the following policy-map
policy-map TRAFFIC-OUT-WAN-AF31
class TRAFFIC-OUT-WAN
set ip dscp af31
class-map match-any TRAFFIC-OUT-WAN
match any
Now we do have multiple GRE tunnel interfaces sourced from one of the WAN subinterface ( which is a member of VRF A). So the moment I applied the the policy-map on this WAN sub-interface (using the syntax "service-policy out TRAFFIC-OUT-WAN-AF31"), most of the GRE tunnels went down. And there is eBGP running on top of these GRE tunnels.
View 5 Replies
View Related
Jun 14, 2012
I am running 1.1.24 and spa303 phones I have a qos policy setup to mark all packets
The following is my qos
information 192.168.1.15/24
makring enabled
cos/DSCO DSCO
Value 0xb8
On my upstream device I only allow traffic that is marked with this dscp value. No traffic is coming through. RTP traffic is marked because it comes off the phone marked but I would expect the qos Policy so mark everything going to that ip space to be marked.
View 1 Replies
View Related
Nov 25, 2012
I want to mark traffic on Cisco 3020 switch entering to interface gigabitEthernet 0/1 ingress direction with DSCP values. interface gigabitEthernet 0/1 is in access mode and in vlan 10.
This is my config:
access-list 1 permit host 10.10.1.1
class-map match-all ipclass1
match access-group 1
[Code].....
View 2 Replies
View Related
Jun 2, 2012
why ip flow egress is not functioning on 7600?When I do "sho ip cach flow", I can see only inbound flows.
View 5 Replies
View Related
Sep 8, 2011
In regards to QoS profiles on the WLC. I have applied a profile to a newly created WLAN and set the Per User Bandwidth to 512k and it seems to be kicking in on the ingress only, this is supposed to work ingress AND egress or is it just designed to work one way? I have a 4402-25 with Cisco 3500 AP's and am running the 7.0.98 code. If it is designed to work one way only is there a different way to apply it ingress and egress simultaneously off the WLC?
View 3 Replies
View Related
Mar 16, 2012
i have a question regarding egress queuing on cat6500 modules. e.g. WS-X 6704 has 1p7q4t is egress-modell. my goal is to limit the priority queue to 15% of the available bandwidth. i can put weights on the wrr-queues and limit their ressources: "wrr-queue bandwidth 50 20 15 0 0 0 0." but this isn´t possible for the priority-queue. only available command is "priority-queue queue-limit 15" but this only restricts the buffer to 15%.
at the end of the day i want to prevent that the wrr-queues don´t have remaining bandwidth when the priority-queue is saturated.
is there an easy way to restrict the bandwidth of the priority queue or do i have to implement additionally some kind of policing?
View 5 Replies
View Related
Jul 21, 2012
i did on cisco 2960S switch at user ingress interface. but the marking is not showing in show policy-map interface gig 1/0/10 interface and ACL is not showing any match.
I also had a config reference from 2960S cisco guide.
access-list 103 permit tcp any any eq 80
access-list 104 permit tcp any any eq 23
access-list 105 permit icmp host 172.24.68.4 any
class-map IN_HTTP
match access-group 103
class-map IN_TELNET
match access-group 104(code)
View 1 Replies
View Related
Dec 6, 2011
I have a 7204VXR Router, with Neflow. The collection for all interfaces is ok, but one interface (Gigabitethernet 1/0), is not showing the egress traffic in the pictures. The configuration has "ip route-cache flow", ip flow egress, and ip flow ingress set. But, is not showing the egress traffic.
View 4 Replies
View Related
Apr 14, 2011
I have a 2811 Router with two fast ethernet wic cards installed. I need traffic to go out one interface, but it's received back through another. Both interfaces have public IP's and the same subnet, and are connected directly to satellite modems. One can receive data / the other only send.
View 3 Replies
View Related
Feb 15, 2012
Problem: My traffic coming inbound appears to be marked but is not marked when egressing.
Setup:
Ingress from encoder G3/9->> Egress G8/1Default DSCP/COS map table (DSCP 24 is COS3)
Cos-dscp map:
cos: 0 1 2 3 4 5 6 7
------------------------------------
dscp: 0 8 16 24 32 40 48 56
1. Any reason COS 3 is not marked outbound on this traffic? I'm determining this by doing a wireshark off of interface g8/1. The traffic appears to be marked on the ingress correctly but does not maintain its mark on the egress. I can confirm this with equipment on other Ethernet links in produciton as well as my test port listed in the config below with wireshark.
FYI: Unfortunately with my cards in the 6509 I cannot port mirror and see outbound multicast (determined through a TAC case). Because the STB does not understand tagged traffic I setup the native vlan for it to function. To see the multicast with tags I temporarily remove the native command and do the wireshark to see the multicast. It still shows a COS setting of 0. I will try to attach a capture of a multicast packet.
interface GigabitEthernet3/9 description Mulicast Encoder
switchport
switchport access vlan 962
switchport mode access
logging event link-status
load-interval 30
View 2 Replies
View Related
Oct 9, 2011
anyway to implement priority marking on the voice packets on the IP communcicator which installed in a laptop (running Data VLAN in the switch)?
View 1 Replies
View Related
Jan 29, 2012
I have a pair of Nexus 7K's running 5.1(3). I have a handful of edge devices that I need to mark ingress traffic, and need to mark both DSCP and CoS. Right now, I have a working config that marks DSCP appropriately.While that works dor DSCP, the MQC will not allow me to mark both DSCP and COS in the same class, and unlike IOS, it appears that Nexus does not have a default DSCP-to-COS mapping. My understanding is this can be solved using table maps, but I don't see how that can solve my problem in this specific scenario (it appears I can do marking or table-map mutation, but not both?). How I can accomplish both?
View 5 Replies
View Related
Jun 8, 2013
I have a 3750G switch running 12.2(44)SE6 my customer has some Cisco EX90 and ex-Tandberg VC units connected to the switch in a dedicated VLAN 600. The switch is then connected to the WAN router which has its own VLAN 6
From sh mls qos interface x/x/x statistics I can see that the traffic is marked by the VC units as DSCP 34 however when I run this command on the interface to the CE router the marking has been lost.
Similarly in the opposite direction incoming from the CE router I can see the marking coming from across the MPLS ok but when I check the output to the VC unit the marking has been lost.
This would indicate that in the process of routing between VLAN's the DSCP marking has been lost.
how to correct this issue. Because my interfaces are in different VLAN's do I need to VLAN based QoS?
View 3 Replies
View Related
