|
zalmoxes posted:I'm probably getting ahead of myself, but I'm just studying for the CCNA and wanted to know what happens to UDP traffic in a setup with load-ballancing? UDP doesn't offer any sort of error-recovery or reordering of packets, so if the traffic gets load ballanced over unequal links, how come it doesn't become scrambled on the other end?
|
#
?
Jul 21, 2012 16:29
|
|
|
|
| # ? May 31, 2024 06:13 |
|
|
This is also why voice and video use RTP on top of UDP: http://en.wikipedia.org/wiki/Real-time_Transport_Protocol e:fb
|
|
#
?
Jul 21, 2012 17:00
|
|
|
zalmoxes posted:I'm probably getting ahead of myself, but I'm just studying for the CCNA and wanted to know what happens to UDP traffic in a setup with load-ballancing? UDP doesn't offer any sort of error-recovery or reordering of packets, so if the traffic gets load ballanced over unequal links, how come it doesn't become scrambled on the other end? Regarding LACP, I think it's the Ethernet standard that says devices should avoid re-ordering packets whenever possible. That's part of the reason LACP doesn't scale exactly with the number of links added. LACP uses a hash algorithm to determine which link an outgoing packet will be sent over, and that hash algorithm is designed to keep a single flow on the same link, even if that results in unused capacity. There are multiple algorithm choices on some platforms but they're all based around how you determine what a flow is. In general, though, you can set up some kind of hosed up load balancing scenario that causes packets to be delivered out of order, and in the case of UDP (or any protocol that doesn't build in retransmits and reordering) it is possible for lost data or delayed data to cause problems. So don't do that!
|
|
#
?
Jul 21, 2012 22:43
|
|
|
Anyone recommend a Cisco router for our new fiber connection? We're going from bonded T's to a fiber ethernet hand off. The only "weird" part the ISP is giving me one subnet for the router and another subnet for our internal IP's
|
|
#
?
Jul 23, 2012 15:07
|
|
|
lilcasino posted:Anyone recommend a Cisco router for our new fiber connection? We're going from bonded T's to a fiber ethernet hand off. The only "weird" part the ISP is giving me one subnet for the router and another subnet for our internal IP's
|
|
#
?
Jul 23, 2012 15:17
|
|
|
falz posted:What speed and type of media is the handoff? What features do you need (Nat?) Also using a link net to route your block is nice since it will give you more usable IPs. Fairpoint has us a 10m right now but it is scalable to 100 if we need it. It is a straight RJ45 ethernet hand off. We average around 2500 connections at one time. I don't need the Cisco to do NAT my firewall would do that.
|
|
#
?
Jul 23, 2012 16:06
|
|
|
Depending on the features you need (Wireless etc) you can get away with a simple 888 or 1800.
|
|
#
?
Jul 23, 2012 16:09
|
|
|
lilcasino posted:Fairpoint has us a 10m right now but it is scalable to 100 if we need it. It is a straight RJ45 ethernet hand off. We average around 2500 connections at one time. I don't need the Cisco to do NAT my firewall would do that. Why do you want/need a router? If they're going to hand off Ethernet why not take it direct into your firewall, unless you have a need for something in a DMZ outside the firewall?
|
|
#
?
Jul 23, 2012 16:30
|
|
|
ragzilla posted:Why do you want/need a router? If they're going to hand off Ethernet why not take it direct into your firewall, unless you have a need for something in a DMZ outside the firewall? Fairpoint has given us a /52 for our router then a /40. I believe the only way I can route the /40 with our firewall is to use ARP and create static routes for each address. Wouldn't it be easier to configure and maintain to have a router on the /52 and then pass the /40 subnet? Or am I over or not thinking.
|
|
#
?
Jul 23, 2012 16:45
|
|
|
lilcasino posted:Fairpoint has given us a /52 for our router then a /40. I believe the only way I can route the /40 with our firewall is to use ARP and create static routes for each address. Wouldn't it be easier to configure and maintain to have a router on the /52 and then pass the /40 subnet? Or am I over or not thinking. Do you mean a 255.255.255.252 mask subnet and then a 255.255.255.240 mask subnet? You may want to check out http://www.subnet-calculator.com/cidr.php What is your firewall?
|
|
#
?
Jul 23, 2012 17:02
|
|
|
Ninja Rope posted:Regarding LACP, I think it's the Ethernet standard that says devices should avoid re-ordering packets whenever possible. That's part of the reason LACP doesn't scale exactly with the number of links added. LACP uses a hash algorithm to determine which link an outgoing packet will be sent over, and that hash algorithm is designed to keep a single flow on the same link, even if that results in unused capacity. There are multiple algorithm choices on some platforms but they're all based around how you determine what a flow is. At least from the WAN side going in, voice can get really jacked up if you just load balance everything without regard to the type of traffic. TCP works just fine, even when your setup is 2 3.8m VSATs connected by 1km of SM, voice not so much.
|
|
#
?
Jul 23, 2012 17:04
|
|
|
lilcasino posted:Fairpoint has given us a /52 for our router then a /40. I believe the only way I can route the /40 with our firewall is to use ARP and create static routes for each address. Wouldn't it be easier to configure and maintain to have a router on the /52 and then pass the /40 subnet? Or am I over or not thinking. I don't see why a firewall couldn't do a /30 on one ethernet interface and your /29 or whatever inside. What type of firewall is it?
|
|
#
?
Jul 23, 2012 17:30
|
|
|
lilcasino posted:Anyone recommend a Cisco router for our new fiber connection? We're going from bonded T's to a fiber ethernet hand off. The only "weird" part the ISP is giving me one subnet for the router and another subnet for our internal IP's It's probably overkill, but this is the setup we have for our leased line customers who have a fibre for the main connection, then ADSL as backup. We send out a 1941 for it with an HWIC1-ADSL or whatever it is. This then speaks BGP with our PE and advertises the customer network over both, but lower pref on the ADSL.
|
|
#
?
Jul 23, 2012 17:48
|
|
|
falz posted:I don't see why a firewall couldn't do a /30 on one ethernet interface and your /29 or whatever inside. What type of firewall is it? Typically I'd do /30 on the outside (presumably the provider has the /29 routed to the customer side of the /30) and all RFC1918 on the inside, then you can use all 8 IPs of the /29 for translations.
|
|
#
?
Jul 23, 2012 19:47
|
|
|
Cisco 2911/K9 (C2900-UNIVERSALK9-M), Version 15.1(4)M4, RELEASE SOFTWARE (fc1) Shouldn't this be supported? code:
|
|
#
?
Jul 24, 2012 03:28
|
|
|
brent78 posted:Cisco 2911/K9 (C2900-UNIVERSALK9-M), Version 15.1(4)M4, RELEASE SOFTWARE (fc1) Does urlfilter require security license/image?
|
|
#
?
Jul 24, 2012 04:17
|
|
|
I have a question regarding NAT. I currently have two networks 10.200.0.0/24 which is for my Cisco/Virtual stuff 192.168.1.0/24 which is my home network. I currently have internet access via the home network. I have a Cisco 2621XM sitting on both networks and am using NAT overload to get internet access for the cisco/virtual stuff. This works perfectly at the minute, but I'd like to forward a port on the home network to a virtual machine and vice versa. The home router can ONLY do port forwarding. Whenever I create a static PAT for the port I want to the virtual machine, The virtual machine loses it's internet connection, is there a way to forward this port as well as having NAT overload in place? edit: I'm using the command: ip nat outside source static tcp 192.168.1.1 PORT 10.200.0.110 PORT extendable edit2: Relevant config in place code:ToG fucked around with this message at 08:53 on Jul 24, 2012 |
|
#
?
Jul 24, 2012 07:07
|
|
|
Change ip nat outside source static tcp 192.168.1.1 PORT 10.200.0.110 PORT extendable to ip nat inside source static tcp 192.168.1.1 PORT 10.200.0.110 PORT extendable
|
|
#
?
Jul 24, 2012 14:19
|
|
|
Sepist posted:Change Sorry, I had meant that I just transposed it wrong. Doing that cuts off the internet connection to the virtual machine too
|
|
#
?
Jul 24, 2012 15:16
|
|
|
Ah, noticed the inside IP should be the first with the interface being the second. ip nat inside source static tcp 10.200.0.110 PORT interface FastEthernet0/0 PORT
|
|
#
?
Jul 24, 2012 15:21
|
|
|
ragzilla posted:Does urlfilter require security license/image?
|
|
#
?
Jul 24, 2012 15:22
|
|
|
Sepist posted:Ah, noticed the inside IP should be the first with the interface being the second. drat, How'd I miss that, I configured the nat overload like a day ago. Thanks  . Will test it when I get a chance.edit: Tested and it performs perfectly. Thanks again. ToG fucked around with this message at 15:23 on Jul 25, 2012 |
|
#
?
Jul 24, 2012 17:19
|
|
|
If you try and advertise a prefix to a peer, but the peer doesn't allow it due to a prefix filter, will "show ip bgp neighbor X.X.X.X advertised-routes" show the prefix? Or does it only show those which are accepted?
|
|
#
?
Jul 26, 2012 18:47
|
|
|
Anjow posted:If you try and advertise a prefix to a peer, but the peer doesn't allow it due to a prefix filter, will "show ip bgp neighbor X.X.X.X advertised-routes" show the prefix? Or does it only show those which are accepted? It will show up. If you have access to the peer, you can look at "sh ip bgp neigh X.X.X.X received-routes" and compare it to "sh ip bgp neigh X.X.X.X routes" to see what was advertised vs what was accepted and installed.
|
|
#
?
Jul 26, 2012 19:11
|
|
|
I use a NM-16A module on a router to console into other routers and switchescode:Here is how it looks. code:zalmoxes fucked around with this message at 20:16 on Jul 26, 2012 |
|
#
?
Jul 26, 2012 20:13
|
|
|
zalmoxes posted:I use a NM-16A module on a router to console into other routers and switches I have both a AS2511-RJ and NM-32A, my personal experience has been the same, being that I am lazy, I just copy and paste out of a text file all the clear line commands.
|
|
#
?
Jul 26, 2012 21:17
|
|
|
Ginger Beer Belly posted:It will show up. Caveat emptor, received-routes only works if soft-configuration is enabled for the peer.
|
|
#
?
Jul 27, 2012 21:49
|
|
|
lol internet. posted:Quick question, for Cisco ASA. Does anyone use the CLI to configure\manage access rules? Or is everyone using the ASDM? I use ASDM sometimes for debugging, but that's it. Once I used ASDM to create a VPN and some access rules. I was not impressed with the mess it dumped in the config.
|
|
#
?
Jul 29, 2012 04:35
|
|
|
quote:All Catalyst multilayer switches support the following types of layer 3 interfaces: I understand what an SVI is, but what is the difference between a 'routed port' and a 'BVI' on a Catalyst L3 switch. When I want to communicate with a router on L3 I type in int fa0/0 no switchport ip address xxx.xxx.xxx.xxx xxx.xxx.xxx.xxx and I have a routed port. When I need a Vlan Interface, I type in int Vlan20 ip address xxx.xxx.xxx.xxx xxx.xxx.xxx.xxx and I create a SVI What is a BVI?
|
|
#
?
Jul 31, 2012 00:15
|
|
|
zalmoxes posted:I understand what an SVI is, but what is the difference between a 'routed port' and a 'BVI' on a Catalyst L3 switch. I've never used it but this seemed to explain it ok to me: http://www.cisco.com/en/US/tech/tk389/tk815/technologies_tech_note09186a0080094663.shtml Basically it lets you provide a virtual interface that exists within a bridge-group of 2 or more routed ports.  It seems BVI is not really used anymore in favour of SVI, as I don't think there's any advantage in using routed ports in this fashion over VLAN/SVI? It essentially turns a router working like a switch, except split into bridge-groups instead of VLANs. BurgerQuest fucked around with this message at 03:33 on Jul 31, 2012 |
|
#
?
Jul 31, 2012 03:30
|
|
|
It's used to make a router appear somewhat switch like. You don't get SVIs in router land.
|
|
#
?
Jul 31, 2012 03:59
|
|
|
SVI's don't do traffic shaping, from what I've encountered.
|
|
#
?
Jul 31, 2012 04:00
|
|
|
SVIs are also virtual ports, whereas a Routed port is physical, meaning it his the L3 ASICs. EIGRP recovers faster over a pair of Routed Ports rather than an SVI. Also QoS/Shaping. http://packetlife.net/blog/2011/jan/24/convergence-delays-svi-vs-routed-interface/
|
|
#
?
Jul 31, 2012 15:24
|
|
|
Powercrazy posted:SVIs are also virtual ports, whereas a Routed port is physical, meaning it his the L3 ASICs.
|
|
#
?
Jul 31, 2012 17:49
|
|
|
Never done voice before, but now have two 7940 IP phones. My understanding is if I put the voice version of the IOS on my 2620 router, and then get a copy of UCM Express and put it on the router I should be able to get the phones to talk to each other given the correct settings. Is this more or less what I need to get or are there elements I'm missing?
|
|
#
?
Aug 1, 2012 04:35
|
|
|
As far as I know with the appropriate software, CME, the phones can talk to each other once it is configured, as it will do everything it needs to do internally. If your phones are SCCP anyways.
|
|
#
?
Aug 1, 2012 17:10
|
|
|
augh, why use skinny in 2012?
|
|
#
?
Aug 2, 2012 04:42
|
|
|
CrazyLittle posted:augh, why use skinny in 2012? Calm down, many people don't know any better, but of course if that is the case they shouldn't be deploying phones in the enterprise environment 
|
|
#
?
Aug 2, 2012 05:09
|
|
|
Well, we already drank the Cisco Kool-Aid, so I have 8000+ sets running SCCP. Converting them to SIP themselves seems pointless at this time.
|
|
#
?
Aug 2, 2012 20:14
|
|
|
|
| # ? May 31, 2024 06:13 |
|
|
What should I be deploying them as instead of SCCP?
|
|
#
?
Aug 2, 2012 22:38
|
|
