Messages

What is the difference between these two L2vpn technologies?

The bits of info I was able to find but still don't answer my question-

VPWS:

Virtual private wire service (VPWS)—Has a characteristic of a fixed relationship between an attachment-virtual circuit and an emulated virtual circuit. VPWS-based services are point-to-point (for example, Frame-Relay/ATM/Ethernet services over IP/MPLS).

source: http://www.ciscopress.com/articles/article.asp?p=680839&seqNum=10

X-connect:

Xconnects are used to connect 2 distant sites that can use any of these technologies : Frame-Relay, PPP, Ethernet, ATM, that's why xconnects are also called Any Transport over MPLS (AToM).

source: https://learningnetwork.cisco.com/thread/68730

BGP can advertise a whole bunch of AFI/SAFIs, one of them is IPv4/IPv6 labeled unicast. I was wondering what are the practical applications of this kind of route? And how is it different from a VPN route? From what I understand in both cases a label is attached to the advertised prefix. (Is the difference that VPN allocates a label per VRF, and in the labeled unicast case a label is allocated per route?)

From my research I found out that IPv6 labeled unicast is used in 6PE scenarios, where the core MPLS network is IPv4 and is used to connect between IPv6 speaking PE routers. What are the use cases for IPv4 labeled unicast then? To connect IPv4 speaking PE routers over an IPv6 MPLS core? (Does it have a formal name 4PE??) Any other use cases ?

Please help me clear my understanding. Thanks.

Edit: found out that ipv4 labeled unicast is also used in inter-AS L3VPN option C

Thank you all for your kind advises!

The CCDE sounds nice, but it is too is kind out of my scope - since recently I became more focused on programming (routing protocols etc).
I think I will take this written R&S piece of crap this time  
since I don't have a 100% job security at my current place. It actually might close down any time soon (Not because of me, of course!!!)

And we'll see how things will turn out in about two years and re-evaluate.

The question is - Does the keyword "expired" make me less attractive for general networking positions?

ristau5741,
I have it for two and a half years.

Thanks for the info!
Actually I rarely work with Cisco gear, furthermore
on a daily basis I don't work on all existing technologies at the same time - so I don't remember all these little bits about EIGRP for example.

So this exam feels kind of useless in the sense that it doesn't really reflect your skill level,
it just reflects your ability to remember this huge amount of data, which undoubtedly will be forgotten after the test is taken !

Sorry if this is off-topic.
I asked this question here, since I know you guys.
And I know you can point me to the right direction and help me make a good decision.

Has anyone done this without brain-dumps ??

I honestly thought that one day, once I become a true expert,
I will know to answer this kind of questions just from experience - but it's so far from being true.

I feel really dis-encouraged in doing this that way, but otherwise I will just fail.

What do you guys think?
Is renewal really that important these days from your experience?

Hi,

I'm trying to establish an MD5 authenticated ISIS session between MX and ASR routers.

ASR9k configuration:

Code Select Expand


router isis 1
net 49.0001.0030.0300.3003.00
nsf ietf
nsf lifetime 120
address-family ipv4 unicast
  metric-style wide
  mpls traffic-eng level-2-only
  mpls traffic-eng router-id 3.3.3.3
!
interface Loopback0
  passive
  address-family ipv4 unicast
  !
!
interface TenGigE0/0/2/3
  circuit-type level-2-only
  point-to-point
  lsp-interval 1
  hello-interval 3
  hello-password keychain exa-key
  address-family ipv4 unicast
  !
!
!
key chain exa-key
key 0
  accept-lifetime 00:00:00 january 01 2000 infinite
  key-string password 060317205B4F1B1C
  cryptographic-algorithm MD5
!
!



MX configuration:

Code Select Expand


show protocols isis
reference-bandwidth 1000g;
spf-options delay 100;
graceful-restart restart-duration 120;

interface xe-2/0/3.0 {
    lsp-interval 1;
    point-to-point;
    level 2 {
        metric 100;
        hello-authentication-key-chain exa-key;
        hello-interval 3;
        hold-time 9;
    }
}
interface lo0.0 {
    passive;
}

show security
authentication-key-chains {
    key-chain exa-key {
        key 0 {
            secret "$9$.P5Fp0IEhrBIEyeK7Ns24"; ## SECRET-DATA
            start-time "2000-1-1.00:00:00 +0200";
            algorithm md5;
        }
    }
}




From isis adjacency debug of ASR9k I get the following error -

Code Select Expand


RP/0/RSP0/CPU0:ASR9K-R3#debug isis adjacencies interface tenGigE 0/0/2/3
Tue Aug 15 05:51:17.741 Jerusalem
RP/0/RSP0/CPU0:ASR9K-R3#RP/0/RSP0/CPU0:Aug 15 05:51:18.522 : isis[1006]: SEND P2P IIH (L2) on TenGigE0/0/2/3: Holdtime 9s, Length 1497
RP/0/RSP0/CPU0:Aug 15 05:51:20.638 : isis[1006]: BAD P2P IIH rcvd from TenGigE0/0/2/3 SNPA 44f4.771f.954d: dropped because authentication TLV not found



It is as if authentication is not even enabled on MX.


Please help 

That's no different from IOS - you had to manually enable PIM on interfaces as well as ip multicast-routing. I think what he's after is HOW to enable it?

Yep, I see no option to enable it per interface.
Perhaps i'm not supposed to. The syntax is a bit different I guess.

Hi,

I want to configure basic PIM-SM on Cisco ASR9k.
I just want to bring up a neighbor using PIM, and then statically join a multicast group on some of its other ports to trigger pim join upstream towards the RP (statically configured).

Searched the web everywhere, found only very complex examples with hundreds of pages with TMI....

Would appreciate any help.


Tried this but it doesn't work -

Code Select Expand


RP/0/RSP0/CPU0:ASR9k-1(config)#multicast-routing
RP/0/RSP0/CPU0:ASR9k-1(config)#router pim interface tenGigE 0/0/2/0 enable
RP/0/RSP0/CPU0:ASR9k-1(config)#router pim rp-address 30.30.30.30
RP/0/RSP0/CPU0:ASR9k-1(config)#router igmp interface loopback 0 static-group 225.1.1.1

PIM is off on all interfaces ->

Code Select Expand

RP/0/RSP0/CPU0:ASR9k-1#show pim interface
Wed Jun 14 08:06:39.184 Jerusalem

PIM interfaces in VRF default
Address               Interface                     PIM  Nbr   Hello  DR    DR
                                                         Count Intvl  Prior

3.3.3.3               Loopback0                     off  0     30     1     not elected
10.3.30.3             TenGigE0/0/2/0                off  0     30     1     not elected
100.129.101.101       TenGigE0/0/2/1                off  0     30     1     not elected
10.3.107.3            TenGigE0/0/2/2                off  0     30     1     not elected
100.104.101.101       TenGigE0/0/2/3                off  0     30     1     not elected
1.1.1.100             TenGigE0/0/2/0.10             off  0     30     1     not elected

Hi,

Are you familiar with the possibility to enable a combination of:  path protection + link/node protection on ingress PE routers?
I want to be able to handle remote failures with path protection, as well as react fast (sub 50msec) for local failures.

Which IOS supports this?

+ would be glad for some configuration guidelines ( How should the backup tunnel be configured, should I take into account a backup tunnel only for path protection? )


Thanks !!

1. Yes that's the one!
2. If they had labels on them, then they would be just routed according to LFIB and that would cause the TE-tunnel to constantly flap, since transit RSVP LSRs wouldn't be able to process these packets.
3. About that i'm not 100% sure..it does ignore if you only use CSPF without any explicit constraint definitions. But if you use some conatrains then it does take them into account while forming the tunnel.

It was a bug.
RSVP control is routed differentely than normal traffic.
If there is an explicit path then its sent hop by hop according to the list of routes -without labels, and each RSVP enabled router checks if its in the path and allocates resourses accordingly.
For CSPF its just sent according to the IGP best path, and again without label information .
In both cases...after the tunnel has been established each router on the tunnel path has to somehow know that these RSVP packets are destined to the CPU, since they're sent without label information with a destination IP of the tail-end.
For this there is a special flag (which I forgot its name) which tells the router to check this RSVP packet and process it(in case RSVP is enabled)

Hope this helps.

We had this issue with our router.
RSVP signaling was routed inside the tunnel it has created.
RSVP signaling should be treated differently from other traffic and shouldn't have label information imposed.

Thanks


Had too much work lately...