Cisco WAN :: 7200 - Multicast Support In Single VRF
Mar 6, 2011
We have a client wanting us to support multicast across our network(They have multiple tails in single vrf, connected to our P/PE's(All 7200's)
(Customer is running there own RP)
As we are only providing multicast support to a single customer, On our P/PE routers is it still necessary to enable multicast routing globally, MP-BGP Loop Interfaces and tag-switching/mpls interfaces? (I'm guessing it would be as the client has tails terminating on multiple P/PE's?)
i.e.
Loop0 is MP-BGP loop
Router-PE1(config)#ip multicast-routingRouter-PE1(config)#interface Loopback0Router-PE1(config-if)#ip address 10.0.0.2 255.255.255.255Router-PE1(config-if)# [ code].....
Or, is it sufficient to enable it only within the vrf, and all Interfaces in that vrf?
Is DMVPN supported on Cisco 7200 XVR NPE-400, and would the NPE-400 module support QoS, multicast etc. I found an old doc mentioning DMVPN and this specific module.
I am trying to make the multicast working between few hosts inside a single vlan. Host are running mysql cluster and Multicast is used to send master/slave status information to the IP 228.10.10.10 on port 45566.The vlan is defined in FWSM and the host are connected via the core-switch(6513). (hosts-->core-sws--->fwsm)I have tried searching the documentation, but couldn't find specific info to enable multicast between hosts residing in same vlan. FWSM is running code 3.1(4). since the hosts are residing in the same vlan, I am thinking of applying the <multicast-routing> just for that SVI in FWSM.
We currently have ACE20's, which only support multicast in bridge mode.Was wondering if it's the same on ACE30's, or if Cisco finally implemented support for mcast in routed mode.
I haven't run into this before and I can't find anything in the documentation regarding it. (Our 2 4710 were setup prior in a routed configuration although I personally see no reason for it.) Regardless, we have 2 servers that host 4 websites on them. We built everything on the ACE with a new VIP and matching the http header. If we use firefox/chrome, it load balances properly and we are prompted for credentials as those browsers don't support single sign on. We enter our credentials and are able to get to the appropriate website on the server. When we use IE, it fails to open the page. A sniffer capture shows an authentication failure packet and a reset and that's it. We built the ACE both as sticky and non-sticky but neither worked properly with IE.
Is there something else in the ACE we need to configure to get SSO to work?
I have been asked to upgrade the IOS images on three 4506 switches with a single Supervisor IV engine in each to allow for SSH2 access.The current image is cat4000-i5s-mz.122-25.EWA.bin..I have uploaded cat4000-i5k91s-mz.122-25.EWA14.bin to bootflash on each Supervisor engine.The ROM on each SUP IV is 12.1(20r). I don't want to have to upgrade the ROM version.Will the cat4000-i5k91s-mz.122-25.EWA14.bin image retain all the current features of the current image and provide SSH2 support, without requiring a ROM upgrade?Each switch has 512 Mb of RAM.If this image will accomplish what I want, what are the commands used to select the new image from bootflash. I'm familiar with image updates on fixed chassis switches using the boot system flash command.
I have a new building to add to our campus and I have been encouraged to run single mode fiber. All of my other buildings are connected with multi-mode fiber. I just want to make sure i will not have an issue if I run single mode to the new building with SM SFP's.
I'm looking for switches that support single mode fiber connections and would like to know if "WS-C3750-FS-S Catalyst 3750 24 100BaseFX + 2 SFP" and "WS-C3750G-12S-S Catalyst 3750 12 SFP" can serve the purpose?
Does Nexus 7K support Multiple VDCs sharing ports on a single line card. One of our cisco parnter engineers stated that cisco doenst recommend using same line card for multiple VDCs.The second VDC (Non-Default VDC) will be used four our Outside, and DMZ Segment, and to phyiscally segregate our Firewall from our Internal/Inside Core Switch without using a physical DMZ Switch.I know Cisco used the Nexus in this way in their PCI DSS 2.0 Compliance Document. Module is N7K-M148GT-11L
Mod Ports Module-Type Model Status --- ----- -------------------------------- ------------------ ------------ 1 48 10/100/1000 Mbps Ethernet XL Mod N7K-M148GT-11L Mod Ports Module-Type Model Status --- ----- -------------------------------- ------------------ ------------ 1 48 10/100/1000 Mbps Ethernet XL Mod N7K-M148GT-11L
I try to pass multicast traffic between two vrf on the same 3750 switch. I have IP services IOS and sdm template routing.
here is my config:
ip routing ! ip vrf vpn2 rd 1:1 mdt default 232.1.1.1 route-target export 1:1 route-target import 1:1
[code]....
Now I'm stuck - I don't know what to do to pass multicast traffic. Do I have any chance to run this config on 3750 chassis?Perhaps "Configuring Multicast VPN Extranet Support" document will be useful, but it concerns Catalyst 6500? [URL]
I want to use chanelized POS PA in 7200 router. I want to know can I use chanelized PA for both chanelized and non-chanelized OC3/STM1? Does the both chanelized and non-chanelized feature is supported on chanelized module or I have to use other module?
I ran across this today on a 7200 that when all the vty lines are filled, and dont release, you enter clear line vty x and it is supposed to release the line. Well in some versions it doesn't work.
Here is the work around I found. clear tcp line vty x
I want to monitor my 7200's CPU packets per second rate.Any command i can run to show this?Or any MIB so I can poll this? 7200 NPE-G1 can handle 1mpps. And i want to verify the actual rate.
I am having issues with frequent bgp flaps on the Cisco 7200 series router from past 1 week. I have raised a ticket with ISP but couldn't get any resolution from them as the flap is for about 2min.When ever we see BGP flap, we are not able to ping the remote end IP, Also at that point we drops on the interface connected to ISP.
I was recently given a Cisco 7200 VXR and told to erase the stored configurations in it. how to do erasing of Cisco 7200 stored config else I might have to delete them line by line.
We have network consisting of approx. 8 7200's running LNS/MPLS/BGP and we provide predominantly private networks to clients(Majority of client networks are a mix of Ethernet tails and DSL).We have received a request from one client to support multicast - Having never implemented multicast, have a few questions:
1. Is is supported/possible to provide multicast within a vrf on 7200's?(From initial investigations, it appears to be)
2. Is it possible to only enable mutilcast in a vrf(i.e. not globally)?
3. Any recommended guides/best pratices?(Googling has revealed nothing really that is similiar to what we want to do)4. What are the potential ramifications?(Resource overhead, Security implications, anything else?)
I am planning to provide a redudnt link to our customer. The setup as below:
One link over wireless while the other link over wired link, I want to make sure that I should maintain the same public IP addresses for the customer therefore, I am looking for L2 failover for my customer.
If the wireless down the customer should migrated to wired and vis versa. I have 7200 CISCO Router as Core.
I am trying to configure a dynamic failover with IP SLA on a Cisco 7200 using 12.2(33) IOS. I would like to have something similar as the following configuration:
ip sla monitor 1type echo protocol ipIcmpEcho x.x.x.xfrequency 3ip sla monitor schedule 1 life forever start-time now!!track 10 rtr 1 reachability access-list 101 permit icmp any host X.X.X.X echo!route-map LOCAL_POL permit 10 match ip address 101 set ip next-hop Y.Y.Y.Y set interface Null0!ip local policy route-map LOCAL_POL ! ip route XX.XX.XX.XX 255.255.255.0 YY.YY.YY.YY track 10ip route XX.XX.XX.XX 255.255.255.0 ZZ..ZZ.ZZ.ZZ 254
My questions are the following
Question 1: What is the equivalent of ip sla monitor in 12.3 for dynamic failover with IPsla Should I used
ip sla ethernet-monitor 1 type echo domain name ?
or
ip sla 1 path echo X.X.X.X or ethernet mpid echo domain name or icmp-echo time out 1000 frequency 3 threhsold 2
I do not know if I have to used ethernet-monitor or ip sla. What is the domain name and the mpid associated to the ethernet-monitor ip sla.In the case where I have to used ip sla 1, shoud I used a path-echo, ethernet mpdi or icmp-echo for dynamic failover
Question 2: In 12.3, what is the equivalent to ip sla monitor schedule 1 life forever start-time now.I have found thec command ip sla schedule 1 start now but it does not seems that we could configure the duration.
I have a 7200 router with a 12.2.(46a) IOS and I am trying to activate Netflow on a subinterface. From the documentation of Cisco, I should be able to do it since the ios 12.2.(14)S but the command is unavailable.
[URL]
I have tried also to enter the command in the subinterface directly but it doesn't recognize it.
We have a Cisco 7204 G1 running c7200-advipservicesk9-mz.122-33.SRE7.bin and we're having a lot of difficulties getting a VTI working to a Cisco 2921 with adv. security. I've ruled out that the 2921 is at fault by successfully establishing a VTI to another 2921 and a 7200 running a different IOS release.
We see the tunnel come up, but when I sent a ping from the 2921 to the 7204 there isn't a reply. When I look at the results on the 7204 from a 'sh crypto engine connection active', I see the decrypt counters increase, but I don't see the Encrypt counters increase as it's trying to reply to the ping. I'm not sure if this is because there is an issue with the encryption or whether there might be a more fundamental issue with the router not replying to the pings.
I've tried the following IOS releases (c7200-advipservicesk9-mz.122-33.SRE7 & c7200-advipservicesk9-mz.122-33.SRE6) and they all behave the same way - this makes me think it might be a config issue rather than and IOS bug which is what I first thought. c7200-advipservicesk9-mz.122-33.SRE7.bin.
sh crypto engine connections active Crypto Engine Connections
ID Interface Type Algorithm Encrypt Decrypt IP Address 1 Tu10 IPsec 3DES+SHA 0 31 10.5.5.1 2 Tu10 IPsec 3DES+SHA 19 0 10.5.5.1 1001 Tu10 IKE SHA+3DES 0 0 10.5.5.1
Here is a copy of my config on the 7204 - the other end (Cisco 2921) is configured in the same way.
I have two 7204VXR with NPE-G2 and 1Gb of ram. One router has 2 eBGP peers and the other has 3. The routers receive all internet routes from the 5 peers and send 2 internal routes. There is an iBGP peering between both routers. On all peers I have a route-map to send only our routes.
All was working fine since a couple of months when I suddenly saw an increase of memory on one of the router (router B), 1 hour later the memory was 100% and router crash and reboot. The other router (router A) with the same hardware capacity, same ram and same amount of routes was working good. After router B restart, I shut all eBGP peering on it, keeping only iBGP with router A, ram used was the same as router A (about 50% used) but CPU was about 30% used by process Router BGP whereas router A which has active traffic and active eBGP is only 20% and bgp process i almost 0%. Restarting peers one by one on router B cause the same issue, increase of memory then crash, even with only one peer.
What I suspected :
- A peer on router B but I can't isolate one because the problem appears with each taken one by one
- Not enough memory, but router A has the same number of routes and don't have any problem
- IOS version ? same on both 12.4.(15)T1
- Why process router BGP use 30% on router B when all eBGP peers are shut except iBGP and no traffic pass.
- A routing loop but I only send internal routes to peers and only have one iBGP session with no sync nor redistribution with an IGP
Of course I can't run any debu ip bgp on routers as the number of routes is very large (300K).
My router is running with BGP (One eBGP and One IBGP session). I have filterdown the BGP roting table by using prefix-List and default route to upstream router.But still found the CPU process is high (80%/80% with 60MB traffic).
Sh Proc CPU ------------------- CPU utilization for five seconds: 88%/88%; one minute: 87%; five minutes: 87% PID Runtime(ms) Invoked uSecs 5Sec 1Min 5Min TTY Process
I am having a weird issue with my Cisco 7200 router. From the router i am able to ping and reach out to the internet but from the client i am able to reach out to the internet but unable to ping I am not sure where is the issue but when i traceroute to it my packets are dropped at my routers interface. All my pings from the client time out. I checked the Access list to make sure ICMP is not blocked. Following is my running conf
ip audit notify log ip audit po max-events 100 ip ssh break-string ~ ipv6 unicast-routing no ftp-server write-enable
My company has a spare 7200 VXR, originally planned to be placed on our TDM network. This plan was not followed through, but I'd like to switch it's function to work as a core router on our BGP network. I'd like for this 7200 to be able to handle full routes from our eBGP peer, something the SUP module in my 6500 isn't capable of doing. What kind of SUP module should i look at replacing this 7200 VXR with?
I'm using PA-SON-OC3 on 7200VXR (NPE-G1). I want to upgrade the link to OC12 with same wavelenght. I found PA-SRP-OC12SMI for this purpose but I'm not sure about compatiblity.
Primary optical link between CPE and PE, and backup 3G/ADSL link between CPE and PE.I am considering link failure detection on primary link (after which backup link should take over). Which method is the least CPU intesive:
1) BGP protocol between CPE and PE 2) RIP protocol between CPE and PE 3) BFD on static routes on PE
Is there difference in terms of CPU load between above mentioned methods or they are more or less the same?Hardver platforms are sup720 BXL and Cisco 7200 G2.
