I try to test add and remove Tenant by using Cobra, but it return Traceback (most recent call last): File "c:/Users/wisit.p.DCS/Documents/Python_temp/test002.py", line 48, in cfgRequest.removeMo(fvTenantMo) File "c:\python27\lib\site-packages\acicobra-3.0_1k-py2.7.egg\cobra\mit\request.py", line 823, in removeMo del self.__configMos[mo.dn] KeyError: <cobra.mit.naming.Dn object at 0x03B864D0> here are my code fvTenantMo = Tenant(uniMo, '4444') cfgRequest = ConfigRequest() cfgRequest.addMo(fvTenantMo) moDir.commit(cfgRequest) ==>Add complete, I can see new tenant on APIC GUI fvTenantMo = moDir.lookupByDn((r'uni/tn-4444')) cfgRequest = ConfigRequest() cfgRequest.removeMo(fvTenantMo) moDir.commit(cfgRequest) ==> I found error as above message Please help to give me some advice. Best regards Tumarha
... View more
I try to test to enable IPv6 route exchange with IPv4 Neighbor address by enable "address-family ipv6 unicast" under Neighbor IPv4. I am using XR 6.0.1. I found some problem that Next-Hop Address on eBGP route is incorret.
[IOS XE ] <-bgp> [XR]
######### Configuration on XE ###########
router bgp 1002 template peer-policy eBGP-Pol send-community both exit-peer-policy ! template peer-policy eBGPv6-Pol send-community both exit-peer-policy ! template peer-session eBGP remote-as 2 exit-peer-session ! bgp log-neighbor-changes no bgp default ipv4-unicast neighbor 126.96.36.199 inherit peer-session eBGP ! address-family ipv4 network 188.8.131.52 mask 255.255.255.255 neighbor 184.108.40.206 activate neighbor 220.127.116.11 inherit peer-policy eBGP-Pol exit-address-family ! address-family ipv6 network 2002:2:2::6/128 neighbor 18.104.22.168 activate neighbor 22.214.171.124 inherit peer-policy eBGPv6-Pol exit-address-family
######### Configuration on XR ###########
router bgp 2 bgp router-id 126.96.36.199 address-family ipv4 unicast network 188.8.131.52/32 ! address-family ipv6 unicast network 2002:2:2::9/128 ! af-group eBGP-Pol address-family ipv4 unicast route-policy PASS in route-policy PASS out ! af-group eBGP-Polv6 address-family ipv6 unicast route-policy PASS in route-policy PASS out ! session-group eBGP remote-as 1002 ! address-family ipv6 unicast use af-group iBGPv6-Pol ! ! neighbor 184.108.40.206 use session-group eBGP address-family ipv4 unicast use af-group eBGP-Pol ! address-family ipv6 unicast use af-group eBGP-Polv6 ! ! !
On IOS XE, it look fine, BGP routes and Routing Table look ok
R6#show bgp ipv6 unicast BGP table version is 53, local router ID is 220.127.116.11 Status codes: s suppressed, d damped, h history, * valid, > best, i - internal, r RIB-failure, S Stale, m multipath, b backup-path, f RT-Filter, x best-external, a additional-path, c RIB-compressed, Origin codes: i - IGP, e - EGP, ? - incomplete RPKI validation codes: V valid, I invalid, N Not found
Network Next Hop Metric LocPrf Weight Path *> 2002:2:2::6/128 :: 0 32768 i *> 2002:2:2::9/128 2002:2:2:69::9 0 0 2 i
R6#show ipv6 route bgp IPv6 Routing Table - default - 8 entries Codes: C - Connected, L - Local, S - Static, U - Per-user Static route B - BGP, R - RIP, H - NHRP, I1 - ISIS L1 I2 - ISIS L2, IA - ISIS interarea, IS - ISIS summary, D - EIGRP EX - EIGRP external, ND - ND Default, NDp - ND Prefix, DCE - Destination NDr - Redirect, RL - RPL, O - OSPF Intra, OI - OSPF Inter OE1 - OSPF ext 1, OE2 - OSPF ext 2, ON1 - OSPF NSSA ext 1 ON2 - OSPF NSSA ext 2, la - LISP alt, lr - LISP site-registrations ld - LISP dyn-eid, a - Application
B 2002:2:2::9/128 [20/0] via FE80::F816:3EFF:FE3F:1E5D, GigabitEthernet2
However on XR, BGP route is ok but when it install into routing table, next-hop address look strange,
RP/0/0/CPU0:R9#show bgp ipv6 unicast Fri Jan 6 06:11:37.164 UTC BGP router identifier 18.104.22.168, local AS number 2 BGP generic scan interval 60 secs Non-stop routing is enabled BGP table state: Active Table ID: 0xe0800000 RD version: 41 BGP main routing table version 41 BGP NSR Initial initsync version 2 (Reached) BGP NSR/ISSU Sync-Group versions 0/0 BGP scan interval 60 secs
Status codes: s suppressed, d damped, h history, * valid, > best i - internal, r RIB-failure, S stale, N Nexthop-discard Origin codes: i - IGP, e - EGP, ? - incomplete Network Next Hop Metric LocPrf Weight Path *> 2002:2:2::6/128 22.214.171.124 0 0 1002 i *> 2002:2:2::9/128 :: 0 32768 i
RP/0/0/CPU0:R9#show route ipv6 bgp Fri Jan 6 06:12:17.721 UTC
B 2002:2:2::6/128 [20/0] via ::ffff:126.96.36.199 (nexthop in vrf default), 00:14:53 <=======
Next-hop address is wrong ( ::ffff:188.8.131.52) and it doesn't look like IPv6 format.
Anyone, can you have any advice, what do I do wrong or is it bug? Please help to kindly advice. Thanks.
... View more
Your CoA tool is very great. I always use it for CoA functional on BNG/ISG. However, I wonder that is it possible to use this tool to send CoA request in binary command. I try to deactivate and activate multiple services in single CoA request but some documents of ISG specific that
"Text-based commands are not supported for multiple-service activation and deactivation in a single CoA message. Only binary commands are supported for multiple-service activation and deactivation in a single CoA message."
So, I don't know how to use this tool to send with binary command, I try many style of configuration but it won't work. Please help to give me some advice.
... View more
I have the problem about APIC and ASAv (single vm) integration. I am using APIC 1.2(1i), I have successful import ASAv device package 1.2 into APIC, you can check on picture_01.png. Then I try to create L4-L7 device under Tenant, I put all related parameters I can submit without any error, however, I found "Configuration issues : no cluster interface found", you can check on picture_02.png. On "Cluster", I don't put any Management IP Address but when I put "Management IP Address" under "Device 1", GUI has automatically put it by itself.
I also try to deploy ASAv with device that I have already created but I found that, it need cluster interface to be configured before apply, you can check on picture_03.png.
So, please help to give me some advice because last time, I use APIC 1.1, I didn't found this problem, I can create/deploy ASAv without specific "cluster" because I deploy single ASAv.
Thank you very much
Best regards Wisit
... View more
Dear All Just want to discuss about how to deploy Cisco ACI and APIC solution in case of customer has multiple DCs, I am proposing this solution to my customer. In case of I use N9K x 4 (2 Spine, 2 Leaf) + APIC x3, how do I deploy ACI+APIC on 2 DCs, my questions are 1. From my proposing solution, is it valid to deploy? 2. Do I need L2 Extension between both 2 DCs, if yes, what is the prefer technology (OTV, EoMPLS, or?) 3. Do I need 2 cluster of APIC or I can deploy only 1 cluster of APIC? 4. In case of I need 2 clusters of APIC (1 cluster per DC), how do I manage APIC, does it separate management? 5. If my customer has already use Cisco UCS Director, and if I need 2 cluster of APIC, how do I integrate 2 cluster of APIC and UCSD? (I know 1 UCSD and 1 cluster of APIC are possible but if 2 cluster of APIC, I have no idea) Please feel free to share any advice. Thank you very much. Best regards Wisit
... View more
Dear All I have some wonder about do N7K-F248XP-25 require to use with FAB-2 or not? I try to do on Configuration Tool with FAB-1 and N7K-F248XP-25, no any error found. I also try to check for all DS, but no any reference about N7K-F248XP-25 require FAB-2 or not? Please give me some advice. Thank you very much. Best regards Wisit
... View more
Dear Sir I am new for OER feature. My network topology is I have one internet GW router (2811), I have 2 x WAN (ISP A and ISP B) and 2 x LAN. LAN 1, I use for my Web Servers only so no any controls on this LAN 1, cause from LAN 1, I use Internet IP ADDRRESS from ISP B, then I need to do PBR to make sure that my Web Servers will go outside to ISP B only. For LAN 2, I also have some Web Servers that they must go to ISP A only because they use IP ADDRESS from ISP A. So, I also need to do PBR on LAN 2. Finally, I would like to load balance internet traffic between ISP A and ISP B for Internal users only and all Internal users are behind FW, which will PAT all Internal users into 1 IP ADDRESS before send to outside interface. Here are my configuration. ###################################################### oer master logging ! border 184.108.40.206 key-chain OER interface FastEthernet0/0 external max-xmit-utilization absolute 4000 interface FastEthernet0/1 external max-xmit-utilization absolute 4000 interface Vlan10 internal ! learn throughput delay periodic-interval 5 monitor-period 10 prefixes 500 mode route control mode route metric static tag 2000 resolve range priority 5 ! oer border logging local Loopback0 master 220.127.116.11 key-chain OER interface FastEthernet0/0 description ISP_A ip address 18.104.22.168 255.255.255.252 no ip redirects no ip proxy-arp ip nat outside ip virtual-reassembly load-interval 30 duplex auto speed auto ! interface FastEthernet0/1 description ISP_A ip address 22.214.171.124 255.255.255.252 ip nat outside ip virtual-reassembly load-interval 30 duplex auto speed auto interface Vlan1 description LAN_1 ip address 126.96.36.199 255.255.255.240 ip policy route-map ISPB-ForcePBR ! interface Vlan10 descritipn LAN_2 ip address 188.8.131.52 255.255.255.252 secondary ip address 184.108.40.206 255.255.255.240 secondary ip address 220.127.116.11 255.255.255.240 ip nat inside ip virtual-reassembly ip policy route-map ISPA-ForcePBR ! router bgp 65000 no synchronization bgp router-id 18.104.22.168 bgp log-neighbor-changes network 22.214.171.124 mask 255.255.255.240 network 126.96.36.199 mask 255.255.255.240 neighbor 188.8.131.52 remote-as 64600 neighbor 184.108.40.206 ebgp-multihop 4 neighbor 220.127.116.11 version 4 neighbor 18.104.22.168 soft-reconfiguration inbound no auto-summary ! ip forward-protocol nd ip route 0.0.0.0 0.0.0.0 22.214.171.124 ip route 0.0.0.0 0.0.0.0 126.96.36.199 ip route 2.2.764 255.255.255.240 Null0 254 name BGP_Route_Originate ip route 188.8.131.52 255.255.255.240 Null0 254 name BGP_Route_Originate ip route 184.108.40.206 255.255.255.255 220.127.116.11 name force_bgp ip nat inside source route-map INTERNAL-ISPA interface FastEthernet0/0 overload oer ip nat inside source route-map INTERNAL-ISPB interface FastEthernet0/1 overload oer ! ip access-list extended ISPA-NETWORK permit ip 18.104.22.168 0.0.0.15 any permit ip host 22.214.171.124 any permit ip host 126.96.36.199 any permit ip host 188.8.131.52 any permit ip host 184.108.40.206 any permit ip host 220.127.116.11 any permit ip host 18.104.22.168 any permit ip host 22.214.171.124 any permit ip host 126.96.36.199 any permit ip host 188.8.131.52 any permit ip host 184.108.40.206 any permit ip host 220.127.116.11 any permit ip host 18.104.22.168 any ip access-list extended ISPB-NETWORK permit ip 22.214.171.124 0.0.0.15 any ip access-list extended INTERNAL-INTERNAL permit ip host 126.96.36.199 any ip access-list extended VDO-Servers permit ip any host 188.8.131.52 permit ip any host 184.108.40.206 permit ip any host 220.127.116.11 permit ip any host 18.104.22.168 permit ip any host 22.214.171.124 permit ip any host 126.96.36.199 permit ip any host 188.8.131.52 permit ip any host 184.108.40.206 permit ip any host 220.127.116.11 permit ip any host 18.104.22.168 permit ip any host 22.214.171.124 ! route-map INTERNAL-ISPB permit 10 match ip address INTERNAL-INTERNAL match interface FastEthernet0/1 ! route-map ISPB-ForcePBR permit 10 match ip address ISPB-NETWORK set ip next-hop 126.96.36.199 ! route-map INTERNAL-ISPA permit 10 match ip address INTERNAL-INTERNAL match interface FastEthernet0/0 ! route-map ISPA-ForcePBR permit 10 match ip address ISPA-NETWORK set ip next-hop 188.8.131.52 ## I have some BGP configuration to announce my ISP A prefix. ################### My requirement is I would like to share internet traffic of Internal Users between ISP A and ISP B. Anyway, when I try to check how router learn prefix about which prefixes should be go outside to which ISPs by use command "show oer master prefix learn", there are no any output as below ################################### Internet-GW#sh oer master prefix detail Internet-GW# ################################### I am not sure about does OER is operate ok or not? because sometime, I can see router load traffic to ISP_B over "max-xmit-utilization absolute 4000" that I confgured. Please help me to find any solutions or answer. Thanks. Best regards Wisit
... View more
I have configed transparent proxy with ACE and CE510+Bluecoat. I also enable client-ip spoofing. I use PBR for redirect request web page from client to ACE and I also use PBR for return traffic from any web servers to ACE(make complete flow for client-ip spoofing). Any thing is fine, but I have a little bit issue that when I try to browse to the new website and ACE load my request to CE510, I seem long time for page response, I monitor at ACE, it show connection is "ESTABLISH". When first page on these new website response after that I try to browse other pages on these new website, the response is normal. This happen for everytime that I test. I have already send configuration of ACE and CE. Anyone, please see anything that I config is correct. Thank you very much.
... View more