Cisco Support
English
Feedback Help
Cisco Support Community
Register
cancel
turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Member since ‎07-23-2010
‎08-18-2017
philip moore
philip moore
Community Member

Iwan Pfr transit spoke

Created by philip moore in WAN, Routing and Switching
‎12-12-2016 03:03 PM
‎12-12-2016 03:03 PM
Hi community  Does anyone know if it is feasible to have 2 spokes at different sites advertise the same prefix? for example  Prefix 1.1.1.0/24 is advertised from Spoke a with bgp local pref 100 and from spoke b with lp 500 (prefer b) Or Spoke a advertises  1.1.1.0/24 and spoke b advertises 1.1.0.0/16 (prefer a) Are either of those scenarios supported by iwan/pfr? the reason to ask is that I'd like to have transit spoke available as a standby route available should the preferred path fail Many thanks!! ... View more

Is it mandatory to define an RD for IWA...

Created by philip moore in Other Service Provider Subjects
‎11-07-2016 03:23 AM
‎11-07-2016 03:23 AM
Hi Community! I have a question regarding IWAN configuration of VRF. Is it mandatory to define an RD? In the latest IWAN deployment it says is not required, example is: vrf definition IWAN-TRANSPORT-1  address-family ipv4 I was thought that RD was required for "what is essentially a vrf-lite configuration" in order for the router to locally distinguish which local routes belong in each vrf. In my mind that was why it was mandatory to type it, and why no 2 vrf's on the same router can share the same RD. If it's not required for this, I guess the router uses some other mechanism, like creating a seperate RiB for each vrf name. Thanks a lot for helping my understanding! Cheers! Ref: https://www.cisco.com/c/dam/en/us/td/docs/solutions/CVD/Oct2016/CVD-IWANDeployment-2016OCT.pdf The topic is also discussed here: http://ieoc.com/forums/t/16561.aspx ... View more

Genius!!

Created by philip moore in VPN
‎04-23-2016 10:45 AM
‎04-23-2016 10:45 AM
Genius!! ... View more

Iwan shopping list

Created by philip moore in WAN, Routing and Switching
‎04-23-2016 10:00 AM
‎04-23-2016 10:00 AM
Hi! The company where I work are interested in Iwan. I am looking for recommendations on hardware selection, particularly for master and transit master controller. I don't find anything in cvd or wiki. I guess ultimately what I need is an Iwan shopping list. branch are isrg2 all with sec lic. I guess I have to buy APP lic. The hub are asr1006. there is interest in prime Iwan so I need licenses there. the MC is somewhat a mystery. i guess answer is, as normal , it depends. there will be 10 branches with dual router to begin. Sizing up to maybe 50, 100, 150 over 3 years then who knows. Any pointers of other use case to follow would be appreciated  cheers!!! ... View more

Hello I have almost the same

Created by philip moore in MPLS
‎05-08-2015 08:18 AM
‎05-08-2015 08:18 AM
Hello   I have almost the same issue. The only difference is that I have to apply the ACL to non-mpls interface, not the tunnel. Test I am doing is a ping from loopback on MPLS switch with tunnel, through MPLSoGRE to other MPLS switch, then out interface to a regular router loopback. echo (out) is ok - it is received by rtrB loopback_swA > MPLSoGRE_swA > MPLSoGRE_swB > int_swB > int_rtrC > loopback_rtrC   echo-reply not ok  loopbackrtrB > int_rtrC > XXX But if I put the permit any any ACL on int_swB inbound it works.   In a packet capture on swB (NAM) I see the 2 packets: (see screenshot) 1) MPLS encap 2) regular icmp echo-reply I tried the mls commands, made no difference. All this started by upgrading to IOS 15.1(2)SY4a Did you get an answer from TAC? My case is in progress, no answer yet.   Thanks a lot! Phil   ... View more

hi, thanks for your reply. It

Created by philip moore in Network Management
‎04-27-2015 06:56 AM
‎04-27-2015 06:56 AM
hi, thanks for your reply. It is the config search archive feature we really need. It used for compliance check. Have you a recommendation on that. I agree, I'd rather Cisco (all other evndor) produce the ULTIMATE solution. I won't want to be left managing customer apps and scripts. Not scalable, and we don't have the time or skillset Do you work for Cisco? Is funny because I heard the same story from them 2 years about the "pipeline". Would love to see this plan with some timescales.   cheers ... View more

hi, thanks for your reply. It

Created by philip moore in Network Management
‎04-27-2015 06:55 AM
‎04-27-2015 06:55 AM
hi, thanks for your reply. It is the config search archive feature we really need. It used for compliance check. Have you a recommendation on that. I agree, I'd rather Cisco (all other evndor) produce the ULTIMATE solution. I won't want to be left managing customer apps and scripts. Not scalable, and we don't have the time or skillset Do you work for Cisco? Is funny because I heard the same story from them 2 years about the "pipeline". Would love to see this plan with some timescales.   cheers ... View more

free tools to replace Cisco Works RME f...

Created by philip moore in Network Management
‎04-27-2015 02:12 AM
‎04-27-2015 02:12 AM
Dear Community   We have recently "upgraded" to Cisco Prime from LMS 3.2 and what a sad state it is. We lost all of the great abilities we had before for archive search, and I I'm not enjoying the new GUI/flow. I'd like to hear of other peoples experience, and if there is any recommendation on free (or paid) tools to do the CiscoWorks RME fuction.   Thanks a lot! Phil ... View more

stability of IOS 15.1(2)SY4a on Catalys...

Created by philip moore in WAN, Routing and Switching
‎04-13-2015 02:50 PM
‎04-13-2015 02:50 PM
Dear Community In order to use a new feature ( BGP - local-AS allow-policy) , I am forced (or suggested) by TAC to upgrade to IOS 15.1(2)SY4a on Catalyst 6513 Sup720/MSFC3 (The feature actually appeared on 15.1(1)SY1, but the one quoted is recommended on Cisco download) Currently devices are running IOS 12.2(33)SXI9. Has anyone any experience of this image that could comment on stability/reliability? Thanks! Phil ... View more

If it is anything like LMS 4,

Created by philip moore in Security and Network Management
‎11-09-2014 03:30 PM
‎11-09-2014 03:30 PM
If it is anything like LMS 4, it treats each context as a separate object. Configure an IP on each context and add that to Prime. ... View more

Hi Bhastiann It entirely

Created by philip moore in LAN, Switching and Routing
‎11-09-2014 03:28 PM
‎11-09-2014 03:28 PM
Hi Bhastiann   It entirely depends on your requirements :)   Admins are generally considered to have access everywhere so maybe best as promiscuous. If the other groups need to connect to each other then they need to be in a community. Infrastructure generally do, and you could say they are trusted so why not place them in a single community. If you don't want students to connect directly, place them in an isolated. I'd trust teachers even less :) The method to share files should be by file server. Don't forget, subnetting and access control. I wouldn't recommend placing all devices in a single subnet. depends on how many you have, but certainly a subnet for end users (teachers, students) and infrastructure would be a good idea.   HTH   ... View more

Hi JosephThanks so much for

Created by philip moore in WAN, Routing and Switching
‎10-06-2014 07:21 AM
‎10-06-2014 07:21 AM
Hi Joseph Thanks so much for your reply. First I will add the missing info, yes there is QoS policy on both MPLS (5-class model with voice, video + 3 data classes, I don't think they are shaping, I expect is police.) and similar policy for VPN (using per-tunnel QoS). They both share the same DSCP marking, marked in the LAN ingress to the BR. SO yes, PfR traffic class by DSCP marking is what I would be looking into. Asymmetric is seen as a bad word in the customer's world, and is something to be avoided. Usually it is because it means some routing has gone awry and possibly traffic is being routed one way via high speed leased-line, and back via a low bw/high latency VSAT. Also apps like Domino don't seem to like it very much and refuse to transfer mail under those conditions. But all that said, I can try it. I think PfR can help us with the outbound traffic from branch, but I struggle to see how it can help with the inbound IF using utilization only on HUB BR - agree it would never go out of policy (10M to a single branch means the hub is only at 10%). So to enable this you think I should be looking at monitor delay also at HUB? Or have you any experience with inbound route control using BGP? http://www.cisco.com/c/en/us/td/docs/ios-xml/ios/pfr/configuration/xe-3s/pfr-xe-3s-book/pfr-bgp-inbound.html The MPLS WAN does not use GETVPN. Do you think using that gives better options for traffic control? The suggested PfR policy came straight from the Cisco example. What is typical PfR policy for you/in the real world? Thanks a lot for your interest! ... View more

Hi!I am looking for some help

Created by philip moore in WAN, Routing and Switching
‎10-05-2014 02:44 PM
‎10-05-2014 02:44 PM
Hi! I am looking for some help with PfR. Did you ever get this working? I have a customer who wants to route everything over MPLS, and when it reaches 80% utilisation to failover non-critical traffic to DMVPN. Any advice you may have would be really appreciated. Thanks! ... View more

Hey Rug, Long time, gathered

Created by philip moore in WAN, Routing and Switching
‎10-05-2014 02:35 PM
‎10-05-2014 02:35 PM
Hey Rug, Long time, gathered dust. In the end my question was quite different to your problem. We managed to get it sorted. The limitation was can only do shaping in a parent policy in class-default. as a result, I had to subnet and use dot1q interfaces for each wan link. Actually, we found a neat way using per-tunnel qos feature (the wan is dmvpn) for the child classes, with default/shape on the physical.    Id din't try yet with the priority 1 and priority 2 queues. Besides, looks like you don't need my tequila, Ibiza! I'm in the wrong job ;) ciao! ... View more

PfR symmetry

Created by philip moore in WAN, Routing and Switching
‎10-05-2014 02:28 PM
‎10-05-2014 02:28 PM
Dear All,   I am mid way through delivery of an MPLS network for a customer. We have the option of adding a DMVPN internet backup. The WAN routing protocol is BGP for both DMVPN and MPLS (MPLS is straight routing - no overlay or getvpn)   The customer has some pretty odd ideas about how to use the service, mainly they are very paranoid about oversubscibing the MPLS link for their "golden" application, so have come up with all kinds of weird and wacky solutions that they call "requirements".  As a result, they have the idea that they cannot route all traffic over MPLS, and instead want to create a mix of route filter, PBR, NAT, ACL and all kinds of horrible things to keep the MPLS link "sacred".   I would like to guide them to use the service in a better way leveraging PfR, something simple to start with like:   - use MPLS all of the time by default - when it reaches 80% utilisation, switch the non-critical traffic to DMVPN yet keep the "golden" app on MPLS - this policy is applied at both branch and hub BRs   I have read this cisco wiki (it is rather good!!!!):   http://docwiki.cisco.com/wiki/PfR:Solutions:EnterpriseDualVPN#PfR_performance_and_load_policy_test_case   Where I get a bit lost is in the symmetry. Is it symmetrical?   For example, if a branch MPLS link hits 81% outbound utilisation, then uses dynamic PBR to switch outbound traffic to VPN. Sorted! but what about the inbound? If that is hitting 81% also. What does PfR do?   This is where I get a bit lost. For the inbound to branch, the hub must do something surely? Consider the MPLS capacity is 100M - the 8.1M to the branch is in policy so should keep forwarding via MPLS. How does it know that the branch is OOP?   If it doesn't do that, you end up with assymetric traffic (branch outbound DMVPN, inbound MPLS).   Am I missing something here? Any advice you can give us much appreciated.   Thanks a million!    Phil ... View more
Public Statistics
Date Registered ‎07-23-2010 06:13 AM
Date Last Visited ‎08-18-2017 04:00 AM
Total Messages Posted 50
Badges
Bio
Network Engineer for United Nations