Python based Script to BULK Import/Delete devices using Cisco Prime API
Check my Repo on GitHub for all the details ( see below link )
... View more
If WSA stopped responding to Web requests and a reboot fixed it ... may be also if Cisco TAC confirmed you are hit with the Bug CSCve59632
Cisco Bug CSCve59632 affects WSA, As when Certain number of closed sessions reached the WSA will stop processing web requests.
I created a Python Script to query X number WSAs for the total number of closed sessions and if reached a certain limit ( you have to figure out that ) the script will send an email notification ... You need to workout what number if reached the WSA will stop working so you can adjust the number in the Script accordingly..
In the Script you can also add an automated action to proxy kick command to reboot the proxy service -- but take extra caution before doing that .. i recommend to do some testing using email notifications first before attempting to reboot the service automatically
here is a link to my script
... View more
In This Doc i will focus on The 6to4 Tunneling mechanism on finding the destination Tunnel peer IP address as this part was not clear for me in many Docs and articles that i had read
From the above topology we have IPv4 as the Transport between the routers and IPv6 will be tunneled into IPv4 to reach the IPv6 Destinations
I have this static route entry on all the three routers as follows:
ipv6 route 2002::/16 Tunnel0
6to4 Mechanism to find the destination peer:
When Any 6to4 router wants to reach any IPv6 destination it is going to checking
the RIB for routing information and since we have the above static route pointing to Tunnel0, The router will understand it is a 6to4 Tunnel interface and will extract the a 32bit from the IPv6 destination address to get the Destination peer IPv4 tunnel destionation ... Ha!
R1 to reach Int loopback 2 on R2
R1#ping 2002:C0A8:102:1::1 Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to 2002:C0A8:102:1::1, timeout is 2 seconds: !!!!! Success rate is 100 percent (5/5), round-trip min/avg/max = 28/50/92 ms
Behinde the Scens as we said R1 will find that to reach this IPv6 address he will use the Tunnel interface which is configured for 6to4 Tunnel ... hence it will extract the the 2nd and 3rd Section of the destination IPv6 add (32bit) and convert it decimal to get the destination tunnel interface IPv4 address
2002: C0A8:102 :1::1
C0A8:102 > HEX-Decimal > 192.168.1.2 which is R2 Tunnel source interface
This is not by Coincednce this is by Design as when i configured the Loopback 2 on R2 i used the same first 48bit from the Tunnel Source to make this to work ... so it is reverse engineering
R1 to reach Int loopback 3 on R3
R1#ping 2001::1 Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to 2002::1, timeout is 2 seconds: ..... Success rate is 0 percent (0/5)
Why this didn't work ?!! Simple, follow the same rule ...
When R1 tries to extract the IPv4 tunnel destination address it can't or in other casese it won't find a route since we have only one route for 2002::/16
So to solve this issue we need to add another route so that R1 can know the destination tunnel IPv4 peer.
ipv6 route 2001::/64 2002:C0A8:103::1
Now R1 will do recursive lookup on the above route and will know to reach next-hop
2002:C0A8:103::1 i will go to Tunnel 0 .. hence it is going to extract the IPv4 address
this time from the Next_hop ...
2002: C0A8:103 ::1
C0A8:103 > HEX-Decimal > 192.168.1.3 which is R3 Tunnel source interface and now R1
can reach the destination
R1#ping 2001::1 Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to 2001::1, timeout is 2 seconds: !!!!! Success rate is 100 percent (5/5), round-trip min/avg/max = 44/49/72 ms
6to4 mechanism is to extract the 32bit from the destination IPv6 address or the next hop address to know the Tunnel destination IPv4
Hence 6to4 uses special IPv6 addressing which is activated when using Tunnel mode 6to4
2002: XXXX : XXXX :/48 ( minimum address to be allocated to a Tunnel Interface )
XXXX : XXXX is the Tunnel IPv4 in Hex Decimal
So when desiging 6to4 Tunnel keep this point in mind
... View more