From: Jim Nguyen (nhatquang@thiennam.org)
Date: Sun Jul 18 2004 - 00:36:12 GMT-3
Thank you! I confirm this with a test, but I cannot figure out what is the
point of using set ip next-hop with set ip next-hop verify-availability
because the functions
are almost the same with set ip next-hop.
The packet is policy routed if the next hop is reachable. If the interface to
reach this next-hop is down, packet follows the normal routing table. So, what
is the difference of "verify-availability "?
ip local policy route-map route-policy
no ip http server
ip classless
!
!
access-list 100 permit ip any host 150.1.3.3
!
route-map route-policy permit 10
match ip address 100
set ip next-hop 187.1.23.3
Rack1R2#ping 150.1.3.3
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 150.1.3.3, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 44/45/48 ms
Rack1R2#
*Mar 1 00:58:14.283: IP: s=187.1.235.2 (local), d=150.1.3.3, len 100, policy
match
*Mar 1 00:58:14.283: IP: route map route-policy, item 10, permit
*Mar 1 00:58:14.283: IP: s=187.1.235.2 (local), d=150.1.3.3 (Serial0/1), len
100, policy routed
######################
int shut, next-hop unavailable
Rack1R2#ping 150.1.3.3
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 150.1.3.3, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 56/59/60 ms
Rack1R2#
*Mar 1 01:02:34.698: IP: s=187.1.235.2 (local), d=150.1.3.3, len 100, policy
match
*Mar 1 01:02:34.702: IP: route map route-policy, item 10, permit
*Mar 1 01:02:34.702: IP: s=187.1.235.2 (local), d=150.1.3.3, len 100, policy
rejected -- normal forwarding
----- Original Message -----
From: alsontra
To: 'Brian McGahan' ; 'ccie2be' ; 'Group Study'
Sent: Monday, April 18, 2005 6:32 AM
Subject: RE: What's the point of this?
Yeah, what he said....
HTH, ;-)
Al
-----Original Message-----
From: nobody@groupstudy.com [mailto:nobody@groupstudy.com] On Behalf Of
Brian McGahan
Sent: Sunday, April 17, 2005 6:03 PM
To: ccie2be; Group Study
Subject: RE: What's the point of this?
http://www.cisco.com/en/US/tech/tk364/technologies_configuration_example
09186a00801f3b54.shtml
HTH,
Brian McGahan, CCIE #8593
bmcgahan@internetworkexpert.com
Internetwork Expert, Inc.
http://www.InternetworkExpert.com
Toll Free: 877-224-8987 x 705
Outside US: 775-826-4344 x 705
24/7 Support: http://forum.internetworkexpert.com
Live Chat: http://www.internetworkexpert.com/chat/
> -----Original Message-----
> From: ccie2be [mailto:ccie2be@nyc.rr.com]
> Sent: Sunday, April 17, 2005 5:59 PM
> To: Brian McGahan; Group Study
> Subject: RE: What's the point of this?
>
> Brian,
>
> Thank you. Very Good Point.
>
> Would the behavior of the router be any different in your example if
the
> default keyword weren't there?
>
> If not, in what type of scenario would the default keyword be needed?
>
> IOW, if you just had this:
>
>>
>
> I can't see any difference between using or not using the default
keyword.
> If there is a difference, could you point it out to me.
>
> TIA, Tim
>
> -----Original Message-----
> From: Brian McGahan [mailto:bmcgahan@internetworkexpert.com]
> Sent: Sunday, April 17, 2005 4:49 PM
> To: ccie2be; alsontra; Group Study
> Subject: RE: What's the point of this?
>
> Tim,
>
> Keep in mind the context that this is used in, policy routing.
> When a policy match does not occur, normal forwarding ensues. So if
> your policy reads as follows:
>
> route-map POLICY permit 10
> set ip default next-hop 1.2.3.4
> set ip default next-hop verify-availability
> !
> interface Ethernet0/0
> ip policy route-map POLICY
>
> This means that all traffic coming in E0/0 will be sent towards
> 1.2.3.4 if it is available. If it is not available all traffic coming
> in E0/0 will be subject to normal forwarding.
>
>
> HTH,
>
> Brian McGahan, CCIE #8593
> bmcgahan@internetworkexpert.com
>
> Internetwork Expert, Inc.
> http://www.InternetworkExpert.com
> Toll Free: 877-224-8987 x 705
> Outside US: 775-826-4344 x 705
> 24/7 Support: http://forum.internetworkexpert.com
> Live Chat: http://www.internetworkexpert.com/chat/
>
>
> > -----Original Message-----
> > From: nobody@groupstudy.com [mailto:nobody@groupstudy.com] On Behalf
> Of
> > ccie2be
> > Sent: Sunday, April 17, 2005 2:36 PM
> > To: 'alsontra'; 'Group Study'
> > Subject: RE: What's the point of this?
> >
> > Alsontra,
> >
> > I guess the only reason to use the verify-availability option with
the
> set
> > ip default next-hop command is to save resource. But, I'm not sure
> how
> > much, if any, resource is actually saved when this option is used.
> >
> > It appears the router will expend cpu resource with cdp when you use
> this
> > option instead of arping when you don't. And, you might save
> bandwidth
> > but
> > again I don't know how much bandwidth would actually be saved.
> >
> > Imagine you're using a low bandwidth f/r link. (On a high bandwidth
> > ethernet, you probably care if you're sending arp's continuously).
> >
> > With the verify-avail option, u need to make sure cdp is enabled
which
> it
> > might not be depending on the type of f/r int you're using. So,
> instead of
> > sending user traffic packets across the f/r link and having them
> dropped,
> > you're sending cdp frames across the link and dropping the packets
> > locally.
> >
> > So, I think the bottom line is this:
> >
> > If the default next-hop is NOT available, packet to that next-hop
will
> be
> > dropped no matter what.
> >
> > The only issue left is where those packets get dropped on the router
> > checking availability or later.
> >
> > What do you think? Does this sound right to you?
> >
> > TIA, Tim
> >
> > -----Original Message-----
> > From: alsontra [mailto:alsontra@hotmail.com]
> > Sent: Sunday, April 17, 2005 10:42 AM
> > To: 'ccie2be'; 'Group Study'
> > Subject: RE: What's the point of this?
> >
> > Sorry, I'm not sure I understood your question.
> >
> > >If the preferred next-hop isn't available, the router will check if
> the
> > >DEFAULT is available.
> > >If the DEFAULT isn't available, the packet is dropped whether you
> check
> > if
> > >the DEFAULT is available or not. So, what's the point?
> >
> > I think what this means is your not going to senselessly send
traffic
> to a
> > nexthop that is unavailable. The " verify-availability " option
> doesn't
> > really seem to make a good amount of sense unless your using it in
the
> > "set
> > ip next-hop " snytax to make a more granular or discriminatory
> route-map.
> >
> > In addition, this may be a feature that reclaims some of the routers
> > resources. Note the following:
> >
> > "If the router is policy routing packets to the next hop and the
next
> hop
> > happens to be down, the router will try unsuccessfully to use
Address
> > Resolution Protocol (ARP) for the next hop (which is down). This
> behavior
> > will continue forever.
> >
> > To prevent this situation from occurring, use this command to
> configure
> > the
> > router to first verify that the next hops of the route map are the
> > router's
> > CDP neighbors before routing to that next hop. "
> >
> >
>
http://www.cisco.com/univercd/cc/td/doc/product/software/ios123/123cgcr/
> ip
> > rr
> > p_r/ip2_s1g.htm#wp1038423
> >
> > In a high traffic environment, this feature may save you some CPU.
(if
> cdp
> > is an option)
> >
> > HTH,
> > Al
> >
> > -----Original Message-----
> > From: nobody@groupstudy.com [mailto:nobody@groupstudy.com] On Behalf
> Of
> > ccie2be
> > Sent: Sunday, April 17, 2005 7:03 AM
> > To: 'alsontra'; 'Group Study'
> > Subject: RE: What's the point of this?
> >
> > Alsontra,
> >
> > Thanks for getting back to me.
> >
> > Although I appreciate your response, it didn't really address my
> question.
> >
> > My question was about the command:
> >
> > set ip DEFAULT next-hop verify-availability
> >
> > In this command, we're using DEFAULT and verify-availability in the
> same
> > command. In other words, we are telling the router to verify the
> default
> > before we use it. So, what happens when the DEFAULT is not
available?
> >
> > By definition, a DEFAULT is what's used as a last resort. In your
> > example,
> > you had a preferred next-hop which would be used if it's available
and
> a
> > default next-hop if the preferred next-hop isn't available. That
> makes
> > sense.
> >
> > Now, what happens when you add this command to your config.
> >
> > set ip next-hop 1.1.1.1
> > set ip next-hop verify-availability
> > set ip default next-hop 2.2.2.2
> > set ip DEFAULT next-hop verify-availability
> >
> >
> > If the preferred next-hop isn't available, the router will check if
> the
> > DEFAULT is available.
> > If the DEFAULT isn't available, the packet is dropped whether you
> check if
> > the DEFAULT is available or not. So, what's the point?
> >
> > The only difference I can see by verifying if the DEFAULT is
available
> > when
> > it's not is where the packet is dropped. But, either way the packet
is
> > dropped.
> >
> > Maybe that's all there is to that but I would appreciate any
comments.
> >
> > TIA, Tim
> >
> >
> > -----Original Message-----
> > From: alsontra [mailto:alsontra@hotmail.com]
> > Sent: Saturday, April 16, 2005 1:44 PM
> > To: 'ccie2be'; 'Group Study'
> > Subject: RE: What's the point of this?
> >
> >
> > Tim,
> >
> > There are at least two situations that demonstrate the point of this
> > option.
> > (at least from my humble perspective.)
> >
> > #1. Using only policy routing to create a DDR type solution.
> >
> > set ip next-hop 1.1.1.1
> > set ip next-hop verify-availability
> > set ip default next-hop 2.2.2.2
> >
> >
> > In this form, the router will policy route all packets to 1.1.1.1 as
> long
> > as
> > the adjacent router or 1.1.1.1 route destination is in the CDP
table.
> >
> > (set ip next-hop verify-availability uses cdp to verify adjacency)
> >
> > When this route is not verifiable via CDP, all packets will be
routed
> to
> > 2.2.2.2... Thereby creating your backup solution.
> >
> > #2. You can combine policy routing and normal routing to produce a
> hybrid
> > backup situation.
> >
> > set ip next-hop 1.1.1.1
> > set ip next-hop verify-availability
> >
> > ip route 0.0.0.0 0.0.0.0 2.2.2.2
> >
> > Once again, if the route to 1.1.1.1 is not verifiable all packets
get
> > routed
> > to 2.2.2.2. (pls note policy routing happens before normal routing)
> >
> > (shooting from the hip)
> >
> > HTH,
> > Alsontra
> >
> >
> >
> >
> > -----Original Message-----
> > From: nobody@groupstudy.com [mailto:nobody@groupstudy.com] On Behalf
> Of
> > ccie2be
> > Sent: Friday, April 15, 2005 11:53 AM
> > To: Group Study
> > Subject: What's the point of this?
> >
> > Hi guys,
> >
> > That prior question about conditional redist static got me thinking
> about
> > the verify-availability command.
> >
> > In the Command Reference I found another command which also uses the
> > verify-availability.
> >
> > set ip default next-hop x.x.x.x
> > set ip default next-hop verify-availability
> >
> > What's the point of this?
> >
> > Just think about this. If a certain next-hop is the default next-hop
> that
> > means this next-hop should be used if there's no other choice.
> >
> > But, if there's no other choice, what happens if this default
next-hop
> is
> > NOT available?
> >
> > Doesn't this seem to be a contradiction?
> >
> > Can someone provide an example where this command should be used and
> what
> > happens if the default next-hop is NOT available?
> >
> > TIA, Tim
> >
> >
>
_______________________________________________________________________
> > Subscription information may be found at:
> > http://www.groupstudy.com/list/CCIELab.html
> >
> >
>
_______________________________________________________________________
> > Subscription information may be found at:
> > http://www.groupstudy.com/list/CCIELab.html
> >
> >
>
_______________________________________________________________________
> > Subscription information may be found at:
> > http://www.groupstudy.com/list/CCIELab.html
_______________________________________________________________________
Subscription information may be found at:
http://www.groupstudy.com/list/CCIELab.html
_______________________________________________________________________
Subscription information may be found at:
http://www.groupstudy.com/list/CCIELab.html
This archive was generated by hypermail 2.1.4 : Tue May 03 2005 - 07:54:59 GMT-3