Messages

Fred's on the right track re: design

I'll cheers to that!  Poor design coupled with no budget is the whole reason that brought about this hack in the first place.   

The example I used in the original post is not exactly what I'm working with.  I thought it would be more direct to ask about a simple network with variables removed, rather than describe a production network.  Essentially I have a network topology between locations that looks like a C.  Trying to tunnel over a provider network to make it look more like an O.  Naturally the tunnel wants to form over the inside links, but I'd like it to form over the provider links to reduce convergence time.  I'd prefer to spin up another physical link, but that just aint gonna happen.

I'm open to suggestion if you've seen this dog and pony show before

PBR is probably not working as PBR applies only ingress to an interface, the router is probably not perceiving self sourced traffic as ingress on the interface. If you applied PBR inbound and sourced the tunnel from a router behind the PBR router then it would work

Ah yes, of course, I believe you're right.

I am currently using floating static routes (/32's) to influence the tunnel path, but that means any traffic sourced behind the router is also affected.  For the most part it's not a big deal, it just messes with a system that does monitoring on the network.  A possible solution might be to use PBR for the monitoring box, not the tunnel.  I'm going to have to think on this for a bit more.  Thanks for the feedback.

If I source from a loopback on the near end, then I must update the destination on the far end as well, correct?  If so, that's not what I'm trying to do.  Even though 2 paths exist, I only want the tunnel to ever form over 1 path and the tunnel to fail if that 1 path is broken.

And what do you mean by fix the /32 routes?  I think I understand what you mean, but I want to be sure.

I thought this would be a simple task, but I've gone off track somewhere.

I have 2 equal cost paths between Routers 1 and 4 on the network and I'd like to set up a GRE tunnel between them.  Since there are 2 paths, I would like to choose which path the tunnel forms over.

I thought this would be easy using PBR, however its not catching any traffic for policy routing.  I have applied the policy to the tunnel source interface as well as the local policy.

Anyone set this up before?

I can provide configs, but this is so basic, I didnt think it was necessary.  At this point, my policy looks like this:

R1#show ip access-lists
Extended IP access list 100
    10 permit gre any host 192.168.0.6
    20 permit ip any host 192.168.0.6

R1#show route-map       
route-map PBR, permit, sequence 10
  Match clauses:
    ip address (access-lists): 100
  Set clauses:
    ip next-hop 192.168.0.2
  Policy routing matches: 0 packets, 0 bytes

R1#show ip policy
Interface      Route map
local          PBR
Fa0/0          PBR

I've got an exam in the morning.  Following that, I will either a) drink heavily to drown my sorrows or b) drink heavily to celebrate.  That should pretty much put a wrap on Saturday.  Sunday, I have no plans except a hockey game in the PM.

What's dfw

Not from Texas, but believe it to be Dallas - Fort Worth

Totally. Of course, working on routers and stuff is kinda sorta also nerdy.

You be careful Deanwebb! 

Previous administrative staff saw fit to name production boxes after lord of the rings characters, they even configured motd with about 2 paragraphs of story about each character.

Having never seen any of the movies, I believe they are all a bunch of nerds.

Got a call this morning, turns out we had a circuit down hard and no back up for this particular site. About an hour later I get another call from the "trusted" server guys. Their complaint was that their servers are saying that they lost connection to the corp NTP server. . . . . I wanted to throw the phone across the room. I had to explain to them (AGAIN) that since their circuit is down that their connections to HQ and the Internet will be down. 

I've seen that dog and pony show before.  Half of me wants to string them along an ask them a bunch of basic questions like, are you able to check your email?  Can you get to any website on the internet?  Maybe its a DNS issue, are you able to ping by IP address, try 127.0.0.1?  Then the other (superior) half of me remembers that *most* techs are a bunch of derps and it's better for my health to lie, and tell them I've opened a ticket.

I would really like to start down the Datacenter track, but I think I've talked myself into doubling back and knocking out the CCNA Security, CCDA, and potentially the CCDP first.  Of course, this all hinges on my completion of CCNP (almost there).  Could be ambitious, but I've set these goals pretty soft since life is anything but consistent at this point.

Edit: Outside of the IT world, getting my Riggers ticket and Private Pilot are on the list too.

We are using a version of RTG in a colocation environment to determine monthly usage and billable 95th percentile.  This system was put in place long ago and we are considering alternatives.  Observium and rrdtool have caught my attention as tools to look into.  From what I understand MRTG (without rrdtool as a backend) does some fancy rounding/truncation to keep the database small, which wont do for record keeping.

Can anybody discuss or recommend a method that has worked well for them?

Howdy everyone,

  Changed careers about 7 months ago and landed a position working in a NOC.  Currently studying and hoping to wrap up my CCNP next weekend.