Hi, I've configured Flexible Netflow on a Cisco ASR 1000, IOS XE Version 15.3(3)S2 to keep trace of the Source and Destination AS numbers of the traffic going to and coming from the Internet. This is an example of what I get with the command "show flow monitor Flow-Monitor cache format record" that shows the content of the Netflow local cache: IP SOURCE AS:       34618 IP DESTINATION AS:  0 INTERFACE INPUT:    Gi0/0/1.907 INTERFACE OUTPUT:   Gi0/0/1.901 FLOW DIRECTION:     Input counter bytes:      80 counter packets:    2 timestamp first:    12:07:22.820 timestamp last:     12:07:22.852 IP SOURCE AS:       6739 IP DESTINATION AS:  21469 INTERFACE INPUT:    Gi0/0/0.909 INTERFACE OUTPUT:   Gi0/0/0.950 FLOW DIRECTION:     Input counter bytes:      62 counter packets:    1 timestamp first:    12:07:15.557 timestamp last:     12:07:15.557 IP SOURCE AS:       0 IP DESTINATION AS:  20746 INTERFACE INPUT:    Gi0/0/1.901 INTERFACE OUTPUT:   Gi0/0/1.907 FLOW DIRECTION:     Output counter bytes:      61890610 counter packets:    62462 timestamp first:    11:59:01.573 timestamp last:     12:07:26.724   Most of the flows show IP SOURCE AS = 0 or IP DESTINATION AS = 0: what does it mean?   Thanks. Alessandro         ... View more

Hi, I'm using Whatsupgold as a Netflow collector . When I configure Flexible Netflow on a Cisco ASR 1000 as follows: flow exporter Whatsupgold destination 192.168.10.10 source GigabitEthernet0/0/0.970 ttl 10 transport udp 9999 flow monitor Flow-Monitor exporter Whatsupgold record netflow-original interface GigabitEthernet0/0/1.909 ip flow monitor Flow-Monitor unicast input ip flow monitor Flow-Monitor unicast output it works because the record is configured as "netflow-original" and it uses the old standard keys. But when I try to use a custom record like this: flow record AS-Path match routing source as peer match routing destination as peer match ipv4 destination address collect counter bytes long collect counter packets long collect timestamp sys-uptime first collect timestamp sys-uptime last ! ! flow monitor Flow-Monitor exporter Whatsupgold record netflow-original Whatsupgold does not show anything. Is it something wrong with the configuration or there is a compatibility issue between the new version of Netflow and Whatsupgold? Thanks Alessandro   ... View more

        HI, I cannot understand the resource allocation of the ACE I have configured, in particular why the MAX allocation is lower than the MIN allocation, or even 0. Probably, it's related to the RC0 class, where the maximum is set as unlimited, but I expected every context to have the maximum allocation equal to the class it belongs to. The only exception should be the Context D, the one associated to RC0 class, that could have a maximum of 54% = 30%(the minimum) + 24% (100% - 76% that is the sum of the minimum of all other contexts) . This is the resource configuration: ACE4710-O1-PRI/Admin# show run .... resource-class RC0   limit-resource all minimum 30.00 maximum unlimited resource-class RC1   limit-resource all minimum 10.00 maximum equal-to-min   limit-resource sticky minimum 10.00 maximum equal-to-min resource-class RC2   limit-resource all minimum 20.00 maximum equal-to-min   limit-resource sticky minimum 20.00 maximum equal-to-min resource-class RC3   limit-resource all minimum 5.00 maximum equal-to-min   limit-resource sticky minimum 5.00 maximum equal-to-min resource-class RC4   limit-resource all minimum 1.00 maximum equal-to-min   limit-resource sticky minimum 1.00 maximum equal-to-min   ..... context A   allocate-interface vlan 27   allocate-interface vlan 324   allocate-interface vlan 605   allocate-interface vlan 607   member RC2 context B   allocate-interface vlan 603   allocate-interface vlan 606   member RC1 context C   allocate-interface vlan 192-193   allocate-interface vlan 251   member RC3 context D   allocate-interface vlan 388-389   member RC0 context E   allocate-interface vlan 608-609   member RC4 context F   member RC1 This is the actual resource usage and allocation: ACE4710-O1-PRI/Admin# show resource usage                                                      Allocation         Resource         Current       Peak        Min        Max       Denied ------------------------------------------------------------------------------- ....... Context: A   conc-connections          11439      12244     400000          0          0   mgmt-connections             44         46      20000          0          0   proxy-connections         11439      12244      52429          0          0   xlates                        0          0      13107          0          0   acc-connections               0          0       2000          0          0   bandwidth               3413889   21806480   26843400  125000000          0     throughput            3413213    5408647   26843400          0          0     mgmt-traffic rate         676        676          0  125000000          0   connection rate              59         85     200000          0          0   ssl-connections rate         50         79       1000          0    5238386   mac-miss rate                 0          0        400          0          0   inspect-conn rate             0          0       8000          0          0   http-comp rate          2075434    4143487   13107200          0   21746221   acl-memory                16712      16712    7508336          0          0   sticky                       10         10     163840          0          0   regexp                    10138      10138     209715          0          0   syslog buffer            208896     208896     208896          0          0   syslog rate                   1          3      20000          0          0 Context: B   conc-connections            164       5571     200000          0          0   mgmt-connections              0         32      10000          0          0   proxy-connections           164       5571      26214          0          0   xlates                        0          0       6554          0          0   acc-connections               0          0       1000          0          0   bandwidth                 56475    4014023   13421700  125000000        648     throughput              53655    4001175   13421700          0        648     mgmt-traffic rate        2820      12848          0  125000000          0   connection rate               9       5847     100000          0          0   ssl-connections rate          7        201        500          0          0   mac-miss rate                 0          1        200          0          0   inspect-conn rate             0          0       4000          0          0   http-comp rate                0          0    6553600          0          0   acl-memory                12896      12912    3753136          0          0   sticky                       15         15      81920          0          0   regexp                     1314       1314     104858          0          0   syslog buffer            105472     208896     104448          0          0   syslog rate                   0         53      10000          0          0 Context: C   conc-connections              6        436     100000          0          0   mgmt-connections              0         30       5000          0          0   proxy-connections             4         41      13107          0          0   xlates                        0          0       3277          0          0   acc-connections               0          0        500          0          0   bandwidth                   176     857478    6710850  125000000          0     throughput                 90     841826    6710850          0          0     mgmt-traffic rate          86      15652          0  125000000          0   connection rate               0       6298      50000          0          0   ssl-connections rate          0         19        250          0          0   mac-miss rate                 0        200        100          0        979   inspect-conn rate             0          0       2000          0          0   http-comp rate                0          0    3276800          0          0   acl-memory                16576      16592    1875504          0          0   sticky                        1          3      40960          0          0   regexp                     1062       1062      52429          0          0   syslog buffer                 0          0      52224          0          0   syslog rate                   0          0       5000          0          0 Context: D   conc-connections           7124      18425     600000     480000          0   mgmt-connections              8         70      30000      24000          0   proxy-connections          7124      18421      78643      62914          0   xlates                        0          0      19661      15728          0   acc-connections               0          0       3000       2400          0   bandwidth               4971240   16084230   40265100  157212080          0     throughput            4971140   16079538   40265100   32212080          0     mgmt-traffic rate         100       4692          0  125000000          0   connection rate             126        844     300000     240000          0   ssl-connections rate        117        855       1500       1200          0   mac-miss rate                 0        109        600        480          0   inspect-conn rate             0          0      12000       9600          0   http-comp rate                0          0   19660800   15728640          0   acl-memory                 24400      24416   11263536    9012511          0   sticky                     3399       6713     245760          0          0   regexp                     2438       2438     314573     251658          0   syslog buffer                 0          0     314368     253952          0   syslog rate                   0          0      30000      24000          0 Context: E   conc-connections              0         16      20000          0          0   mgmt-connections              2         44       1000          0          0   proxy-connections             0          4       2621          0          0   xlates                        0          0        655          0          0   acc-connections               0          0        100          0          0   bandwidth                   262      79518    1342170  125000000          0     throughput                 90      72846    1342170          0          0     mgmt-traffic rate         172       6672          0  125000000          0   connection rate               2         10      10000          0          0   ssl-connections rate          0          0         50          0          0   mac-miss rate                 0          0         20          0          0   inspect-conn rate             0          0        400          0          0   http-comp rate                0          0     655360          0          0   acl-memory                24272      24272     373424          0          0   sticky                        0          7       8192          0          0   regexp                      914        914      10486          0          0   syslog buffer                 0          0      10240          0          0   syslog rate                   0          0       1000          0          0 Context: F   conc-connections              0          0     200000          0          0   mgmt-connections              0          0      10000          0          0   proxy-connections             0          0      26214          0          0   xlates                        0          0       6554          0          0   acc-connections               0          0       1000          0          0   bandwidth                     0          0   13421700  125000000          0     throughput                  0          0   13421700          0          0     mgmt-traffic rate           0          0          0  125000000          0   connection rate               0          0     100000          0          0   ssl-connections rate          0          0        500          0          0   mac-miss rate                 0          0        200          0          0   inspect-conn rate             0          0       4000          0          0   http-comp rate                0          0    6553600          0          0   acl-memory                 6976       7040    3753136          0          0   sticky                        0          0      81920          0          0   regexp                      914        914     104858          0          0   syslog buffer                 0          0     104448          0          0   syslog rate                   0          0      10000          0          0 This is the show ver: ACE4710-O1-PRI/Admin# show ver Cisco Application Control Software (ACSW) TAC support: http://www.cisco.com/tac Copyright (c) 1985-2009 by Cisco Systems, Inc. All rights reserved. The copyrights to certain works contained herein are owned by other third parties and are used and distributed under license. Some parts of this software are covered under the GNU Public License. A copy of the license is available at http://www.gnu.org/licenses/gpl.html . Software   loader:    Version 0.95   system:    Version A3(2.3) [build 3.0(0)A3(2.3) adbuild_16:41:21-2009/07/23_/auto/adbu-rel2/rel_a3_2_3_throttle/REL_3_0_0_A 3_2_3]   system image file: (hd0,1)/c4710ace-mz.A3_2_3.bin   Device Manager version 1.2 (0) 20090702:2137   installed license: ACE-AP-VIRT-020 ACE-AP-C-500-LIC ACE-AP-OPT-LIC-K9 ACE-AP-SSL-05K-K9 Hardware   cpu info:     Motherboard:         number of cpu(s): 2     Daughtercard:         number of cpu(s): 16   memory info:     total: 6226388 kB, free: 4129876 kB     shared: 0 kB, buffers: 23172 kB, cached 0 kB   cf info:     filesystem: /dev/hdb2     total: 861668 kB, used: 729204 kB, available: 88692 kB last boot reason:  Unknown configuration register:  0x1 ACE4710-O1-PRI kernel uptime is 435 days 15 hours 36 minute(s) 40 second(s) Thanks. Alessandro ... View more

I configured a HTTPS-HEAD Keepalive in a GSS that fails even if the server responds correctly. The problem could be that the server responds with a not trusted certificate. Does anyone know what the GSS's behaviour is in this particulal case? Thanks. Alessandro ... View more

From the CCNP SWITCH Book: "The UplinkFast feature on Catalyst switches enables leaf-node switches or switches at the ends of the spanning-tree branches to have a functioning root port while keeping one or more redundant or potential root ports in Blocking mode. When the primary root port uplink fails, another blocked uplink immediately can be brought up for use. [...] UplinkFast also makes some modifications to the local switch to ensure that it does not become the root bridge and that the switch is not used as a transit switch to get to the root bridge. In other words, the goal is to keep UplinkFast limited to leaf-node switches that are farthest from the root." I don't get the point why the Uplinkfast should be enabled only on leaf-node switches. Can you give me an example of a transit switch where putting the port that receives suboptimal BPDUs into FW state, immediately after the failure of the link connected to the Root port, could bring to a loop? Thanks in advance for help. Alessandro. ... View more

Hello. We have a WAP Gateway architecture with three groups of servers that contain, each, a serverfarm of Wap Gateways and one Radius server (the three groups share the same VIP). We need the following behaviour: the Radius traffic that comes from the client (that points a VIP) is sent to one of the three Radius servers (round-robin). Then, the WAP traffic (type 1 or 2, that is WSP or HTTP protocol), that also points a VIP, is balanced across the WAP GW Servers of the same group of that Radius server. Is this possible with IOS SLB and how? Thanks a lot. Alessandro ... View more

I would like to know if it is possible to implement an architecture where a Load Balancer (CSS or CSM) transparently intercepts HTTP traffic and redirects it, with load balancing, to a group of proxy servers that performs IP spoofing. I know, from an example ( http://www.cisco.com/en/US/products/hw/contnetw/ps546/products_configuration_example09186a00801adbe2.shtml ) that, on the CSS, this is possible with a single proxy (in the example a Cisco Cache Engine), configuring two routes to the same destination (the client network), one that points the gateway and one the Cache. Is this feasible also with a number of proxies (or Cache Engines)? In this case, do I need just to add a route to the same destination that points every single proxy as a gateway? How to implement the same thing on the CSM? Thanks. Alessandro ... View more

Hello. In a CSM, when a real server fails, the relative SNMP trap does not contain the ip address of the real server. Is it possible to set SNMP in order to have the IP Address of the real server inserted in the trap? Thanks. ... View more

Hello. How does the HTTP Probe with Method GET work on CSM and what is the difference with CSS? CSS calculates the HASH of the web page it receives as a first answer and considers that as a REFERENCE HASH, to compare with subsequent answers. Is the behaviour of the CSM the same? In the CSS it is also possible to insert the HASH in the configuration as a reference HASH. I did not find such a command on the CSM. Is that feature not present on CSM? Thanks. ... View more