From: Kenneth Wygand (KWygand@customonline.com)
Date: Thu Sep 25 2003 - 16:22:31 GMT-3
Never a problem. Always glad I can help wherever I can. That's what
this group is about - helping each other out. :)
Kenneth E. Wygand
Systems Engineer, Project Services
CISSP #37102, CCNP, CCDP, MCP 2000, CNA 5.1, Network+, A+
Custom Computer Specialists, Inc.
"It's not just about ending up where you want to be, it's about making
the most of the trip there."
-Anonymous
-----Original Message-----
From: ccie2be [mailto:ccie2be@nyc.rr.com]
Sent: Thursday, September 25, 2003 3:19 PM
To: Group Study; Kenneth Wygand
Subject: Re: Should I disable cdp on ISDN
Wow, that was one heck of an impressive and comprehensive explanation.
That's kind of what I thought should happen, but you sure did say it
much
better than I ever could. Thanks so much for taking the time to go
through
that. dt
----- Original Message -----
From: "Kenneth Wygand" <KWygand@customonline.com>
To: "ccie2be" <ccie2be@nyc.rr.com>
Sent: Thursday, September 25, 2003 2:46 PM
Subject: RE: Should I disable cdp on ISDN
DT,
These are all good questions. Yes, by using a Dialer interface, you are
not keeping your physical BRI interfaces out of commission. Essentially
the Dialer (virtual) interface is pulled down at layer 2, but what do we
care? It doesn't matter because the BRI interfaces are simply MEMBERS
of the pool of interfaces the Dialer interface can use when it needs to
make a call. This keeps the BRI channels up and available for any other
configured uses.
Your question about the second channel is a good one as well.
Essentially what you are asking is what happens if Dialer interface
tried to grab a BRI interface to dial out when a primary link fails.
Let's walk through the scenario.
1) A dialer interface is configured and is used as the backup of a
primary line. You have a single BRI interface that is a member of the
pool that the Dialer Interface will tap on the shoulder to dial when it
needs to. The primary line is up so the Dialer Interface is ripped down
at layer two but the physical BRI channel is up at layer 2.
2) The first channel of your BRI interface is brought up by some means
other than being used by the Dialer interface. So now one channel is
being used and the other is free.
3) The primary link that "backup interface" is monitoring goes down, so
the Backup Interface (Dialer interface in this case) is brought up at
layer 3. Now IF INTERESTING TRAFFIC CAUSES THE DIALER INTERFACE TO
DIAL, it will tap a physical interface of one of the BRI channels in its
configured pool on the shoulder and ask to borrow him/her for a little
while.
4) Interesting traffic hits the dialer interface and it needs to dial.
It will see that the BRI interface is a member of it's pool and request
a connection from this interface. Upon request, it will see that the
first channel is in-use and it should then request the second channel.
This channel will dial-up to the first dial-string listed in the Dialer
profile.
5) If both channels were used and the Dialer interface needed to use
one, the IOS should invoke the fast-idle-timeout instead of the normal
idle-timeout. This will cause the link to come down faster if it's not
being used so that the Dialer interface can use this link.
6) Additionally if you have any form of multilink ppp configured on
either of these connections, if an additional line is requested by
either connection, the fast-idle timeout should be invoked on the other
line.
I haven't actually tested this out, but based on my experiences and
studies with ISDN, this is the way it should work. If anyone can
confirm this, it would be much appreciated.
Thanks,
Kenneth E. Wygand
Systems Engineer, Project Services
CISSP #37102, CCNP, CCDP, MCP 2000, CNA 5.1, Network+, A+
Custom Computer Specialists, Inc.
"It's not just about ending up where you want to be, it's about making
the most of the trip there."
-Anonymous
-----Original Message-----
From: ccie2be [mailto:ccie2be@nyc.rr.com]
Sent: Thursday, September 25, 2003 2:20 PM
To: Group Study; Kenneth Wygand
Subject: Re: Should I disable cdp on ISDN
Hi Ken,
Thanks for the clarification. However, now you've got me wondering
about
Dialer Int #. I thought that one of the primary benefits of using a
Dialer
Int is that because it's a virtual interface, a physical isdn interface
isn't "taken out of commission" by the use of Backup Interface. Am I
mistaken about that?
Also, suppose you have a scenario where there's interesting traffic
defined
directly on the physical isdn interface and you have a Dialer Interface
used
as a Backup Interface which uses the same physical isdn interface. What
happens when interesting traffic brings up the phy isdn interface and
uses
one channel and then the primary link fails. Would the Dialer interface
consider the phy isdn interface unavailable or would it just use the
other B
channel or would the fast idle-timeout kick in or something else I
didn't
think of happen?
Thanks, dt
----- Original Message -----
From: "Kenneth Wygand" <KWygand@customonline.com>
To: "ccie2be" <ccie2be@nyc.rr.com>; "Group Study"
<ccielab@groupstudy.com>;
"Jonathan V Hays" <jhays@jtan.com>
Sent: Thursday, September 25, 2003 12:06 PM
Subject: RE: Should I disable cdp on ISDN
Everything you said is correct except for two things:
1) Backup interface will not initiate any call. When a link is
configured to use a dialer interface or BRI interface as a backup link,
it brings that link DOWN at layer 2. All attempts to bring the link up
(such as interesting traffic) try to bring the link up at layer 3 and
fail while the primary line is up because layer-2 has been yanked down
by Backup Interface. Do a "debug dialer" and watch the interesting
traffic try to bring the link up and fail if backup interface is holding
it down. However, when the primary line goes down and it "fails over"
to the backup interface, it simply brings the dialer or BRI line back up
at layer 2 - IT DOES NOT INITIATE THE CALL - this is very important - it
STILL requires some other mechanism to provide interesting traffic to
bring the link up.
2) After the link is up, the idle-timeout counts down and is reset to
its configured time every time it sees an interesting piece of traffic
cross the link. When it expires, the link is gracefully torn down at
layer 3 (unlike backup interface which operates at layer 2). The only
exception is dialer watch, which will allow the idle-timeout to count
all the way down to zero (of course, resetting every time it sees
interesting traffic)... once the idle-timeout hits zero, dialer watch
checks to see if the route you are watching is available through any
interface other than the interface dialer-watch has been configured on
itself. If the route is not available through any other interfaces,
dialer watch will reset the idle timeout to the initial value and start
the countdown once again.
If anything is unclear, please let me know and I'll do my best to
explain further.
Kenneth E. Wygand
Systems Engineer, Project Services
CISSP #37102, CCNP, CCDP, MCP 2000, CNA 5.1, Network+, A+
Custom Computer Specialists, Inc.
"It's not just about ending up where you want to be, it's about making
the most of the trip there."
-Anonymous
-----Original Message-----
From: ccie2be [mailto:ccie2be@nyc.rr.com]
Sent: Thursday, September 25, 2003 11:45 AM
To: Group Study; Jonathan V Hays
Subject: Re: Should I disable cdp on ISDN
Hi all,
While I can't claim to be 100% positive about what I'm about to say, I
think
my previous statements remain correct. To reiterate, there are 2
issues a)
what trigger call and b) what traffic transits the link once it's UP.
With Backup Interface, the primary interface going down triggers call.
With Dialer Watch, the the absense of a watched route triggers call.
With OSPF Demand Circuit, the initial sync of the link state db and
subsequent changes to link state db triggers call.
With interesting traffic defined, the interesting traffic triggers call.
As far as I know, it seems that with the exception of Backup Interface,
these triggering methods aren't mutually exclusive, so it's possible,
for
example, to have both OSPF Demand Circuit and Interesting traffic both
in
effect and both trigger calls. In other words, when both features are
in
effect, either OSPF Demand Circuit or Interesting traffic can trigger a
call.
The 2nd issue - what traffic transits an isdn link when it's up - is
independent of what triggers the call. The way I understand it, once
the
link is up any traffic that should transit the link will transit the
link.
So, if you don't want CDP traffic to cross the link when it's UP,
disable
CDP on that interface, regardless of what caused the link to come up in
the
first place.
Another issue to keep in mind, is what causes the isdn link to go down
and
when should the link come down. "Normally", the absense of interesting
traffic for the dialer idle-timeout period. But, I believe there are
other
factors that may have a role in how this issue is handled.
HTH, dt
----- Original Message -----
From: "Jonathan V Hays" <jhays@jtan.com>
To: "'Nawaz, Ajaz'" <Ajaz.Nawaz@bskyb.com>; "'Donny MATEO'"
<donny.mateo@sg.ca-indosuez.com>; "'Peng Zheng'" <zpnist@yahoo.com>
Cc: <ccielab@groupstudy.com>; <nobody@groupstudy.com>
Sent: Thursday, September 25, 2003 9:31 AM
Subject: RE: Should I disable cdp on ISDN
> Now you've got my curiosity up. Exactly how does CDP interact with an
> OSPF demand circuit?
>
> I'm not trying to criticize or flame here - I am ignorant and would
like
> to know. A preliminary search of the Doc CD does not have any
> information tying CDP to OSPF.
>
> Please help,
>
> Jonathan
>
>
> -----Original Message-----
> From: nobody@groupstudy.com [mailto:nobody@groupstudy.com] On Behalf
Of
> Nawaz, Ajaz
> Sent: Thursday, September 25, 2003 8:58 AM
> To: 'Donny MATEO'; Peng Zheng
> Cc: ccielab@groupstudy.com; nobody@groupstudy.com
> Subject: RE: Should I disable cdp on ISDN
>
>
> as a reader this is the most complete reply.
> as I understand it, OPSF demand circuit is the only time where you
would
> explicity disable cdp (interface only) in order to prevent an isdn
> circuit
> from coming UP unecessarily.
>
> ajaz
>
> -----Original Message-----
> From: Donny MATEO [mailto:donny.mateo@sg.ca-indosuez.com]
> Sent: 25 September 2003 08:57
> To: Peng Zheng
> Cc: ccielab@groupstudy.com; nobody@groupstudy.com
> Subject: Re: Should I disable cdp on ISDN
>
>
> What techology are you refering to ? It really is technology specific
>
> backup interface => no need
> static route => make sure you didn't define CDP as interesting traffic
> in
> the dialer-list (there is no need to turn it off)
> ospf demand-circuit => filter it out or turn it off
> dialer-watch=> no need i believe..not sure though..
>
> so which one is it are you refering to ?
>
> Donny
>
>
>
>
>
>
> Peng Zheng <zpnist@yahoo.com>
> Sent by: nobody@groupstudy.com
> 09/25/2003 03:24 PM
> Please respond to Peng Zheng
>
>
> To: ccielab@groupstudy.com
> cc: (bcc: Donny MATEO/ADPC/ASIA/BANQUE_INDOSUEZ/FR)
> Subject: Should I disable cdp on ISDN
>
>
> On page 144 CCIE Practical Studies: Security, it said
> cdp triggers the ISDN call and therefore should be
> disabled if it isn't needed.
>
> Is that true? SHould I always disable cdp when
> configure DDR on ISDN?
>
>
>
> __________________________________
> Do you Yahoo!?
> The New Yahoo! Shopping - with improved product search
> http://shopping.yahoo.com
>
> ***Get your CCIE and a FREE vacation: Shop.GroupStudy.com***
>
This archive was generated by hypermail 2.1.4 : Wed Oct 01 2003 - 07:24:37 GMT-3