I have an OSPF issue in a datacenter. This infrastructure exist in a redundant core and aggregation layer which are build with Cisco C6509-E with a Sup720-3BXL in the core and Sup720-3B in de aggregation. The interconnects are etherchannels of two 10Gbps interfaces which acts as L3 Port-channels.
My core is a MPLS VPN Superbackbone enabled network which consist of many MPLS/VPN's. This MPLS/VPN's are terminated at the core routers of de datacenter which I described above. At this point the MPLS/VPN's enter the datacenter from BGP into an OSPF vrf NSSA process en is propagated to the aggregation layer. At this point everything is stable.
Everything at the aggregation layer is routed statically en redistributed into OSPF and at the core in BGP. Almost every OSPF area is NSSA enabled. Now I wanted to do some dynamic routing between different OSPF area's by the use of firewalls and RIPv2. To get all the routes from a specific MPLS/VPN into OSPF I needed to transform the NSSA area to a regular area and do a mutual redistribution between the MPLS/VPN and the corresponding OSPF vrf proces.
At the core I tag the routes from BGP into OSPF en filter these routes inbound with a distribute-list route-map based on the previously added tag on the other core router. (and vice versa on the other core router).
After some time I saw other OSPF processes, and the target OSPF process, go down because of the dead timer expired. Somewhere the core router had not seen the keep-alive from the aggregation layer and missed it 4 times. The MPLS/VPN, that I redistributed into OSPF, has about 1450 prefixes that need te be learned. The first thing that came in mind that it was to much for OSPF to handle, but the specs of the Sup720 says that it can handle 1.000.000 and 256.000 for the 3BXL and 3B respectively. There is no MTU issue and the interfaces in the etherchannels are not under any kind of heavy load.
It's an interesting discussion. The problem with policing control plane traffic is how do you decide if it's a good or a bad packet. In some cases it's trivial but things like CDP, BPDUs, LACP etc can be difficult to determine how to police it.
We are pleased to announce availability of Beta software for 16.6.3.
16.6.3 will be the second rebuild on the 16.6 release train targeted
towards Catalyst 9500/9400/9300/3850/3650 switching platforms. We are
looking for early feedback from customers befor...
Introduction Featured Speakers Luis Espejel is the Telecommunications
Manager of IENova, an Oil & Gas company. Currently he works with Cisco
IOS® and Cisco IOS XE platforms, and NX to some extent. He has also
worked as a Senior Engineer with the Routing P...
In this session you can learn more about Layer 3 multicast and the best
practices to identify possible threats and take security measures. It
provides an overview of basic multicast, the best security practices for
use of this technology, and recommendati...