From: Jim Nguyen (nhatquang@thiennam.org)
Date: Sun Jul 18 2004 - 00:56:12 GMT-3
yeah, if the pvc to that next-hop is fail while there are other available
pvcs, the interface is still up/up so the router keeps forwarding packets to
a blackhole instead of falling back to normal forwarding. I now see why the
CCO uses a satellite link to demonstrate the usage of "verify-availability"
:)
Good point. Thank You.
Jim.
----- Original Message -----
From: Brian McGahan
To: Jim Nguyen ; alsontra ; ccie2be ; Group Study
Sent: Monday, April 18, 2005 10:38 AM
Subject: RE: What's the point of this?
Jim,
Suppose the neighbor is a router reachable across a main serial interface
running Frame Relay. In this situation the line protocol of the interface
could be up while the virtual circuit to the neighbor is down. With verify
reachability CDP gives higher layer information than just the layer 2 line
protocol status can track.
HTH,
Brian McGahan, CCIE #8593
bmcgahan@internetworkexpert.com
Internetwork Expert, Inc.
http://www.InternetworkExpert.com
Toll Free: 877-224-8987 x 705
Outside US: 775-826-4344 x 705
24/7 Support: http://forum.internetworkexpert.com
Live Chat: http://www.internetworkexpert.com/chat/
________________________________________
From: Jim Nguyen [mailto:nhatquang@thiennam.org]
Sent: Saturday, July 17, 2004 10:36 PM
To: alsontra; Brian McGahan; 'ccie2be'; 'Group Study'
Subject: Re: What's the point of this?
Thank you! I confirm this with a test, but I cannot figure out what is the
point of using set ip next-hop with set ip next-hop verify-availability
because the functions
are almost the same with set ip next-hop.
The packet is policy routed if the next hop is reachable. If the interface
to reach this next-hop is down, packet follows the normal routing table. So,
what is the difference of "verify-availability "?
ip local policy route-map route-policy
no ip http server
ip classless
!
!
access-list 100 permit ip any host 150.1.3.3
!
route-map route-policy permit 10
match ip address 100
set ip next-hop 187.1.23.3
Rack1R2#ping 150.1.3.3
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 150.1.3.3, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 44/45/48 ms
Rack1R2#
*Mar 1 00:58:14.283: IP: s=187.1.235.2 (local), d=150.1.3.3, len 100,
policy match
*Mar 1 00:58:14.283: IP: route map route-policy, item 10, permit
*Mar 1 00:58:14.283: IP: s=187.1.235.2 (local), d=150.1.3.3 (Serial0/1),
len 100, policy routed
######################
int shut, next-hop unavailable
Rack1R2#ping 150.1.3.3
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 150.1.3.3, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 56/59/60 ms
Rack1R2#
*Mar 1 01:02:34.698: IP: s=187.1.235.2 (local), d=150.1.3.3, len 100,
policy match
*Mar 1 01:02:34.702: IP: route map route-policy, item 10, permit
*Mar 1 01:02:34.702: IP: s=187.1.235.2 (local), d=150.1.3.3, len 100,
policy rejected -- normal forwarding
----- Original Message -----
From: alsontra
To: 'Brian McGahan' ; 'ccie2be' ; 'Group Study'
Sent: Monday, April 18, 2005 6:32 AM
Subject: RE: What's the point of this?
Yeah, what he said....
HTH, ;-)
Al
-----Original Message-----
From: nobody@groupstudy.com [mailto:nobody@groupstudy.com] On Behalf Of
Brian McGahan
Sent: Sunday, April 17, 2005 6:03 PM
To: ccie2be; Group Study
Subject: RE: What's the point of this?
http://www.cisco.com/en/US/tech/tk364/technologies_configuration_example
09186a00801f3b54.shtml
HTH,
Brian McGahan, CCIE #8593
bmcgahan@internetworkexpert.com
Internetwork Expert, Inc.
http://www.InternetworkExpert.com
Toll Free: 877-224-8987 x 705
Outside US: 775-826-4344 x 705
24/7 Support: http://forum.internetworkexpert.com
Live Chat: http://www.internetworkexpert.com/chat/
> -----Original Message-----
> From: ccie2be [mailto:ccie2be@nyc.rr.com]
> Sent: Sunday, April 17, 2005 5:59 PM
> To: Brian McGahan; Group Study
> Subject: RE: What's the point of this?
>
> Brian,
>
> Thank you. Very Good Point.
>
> Would the behavior of the router be any different in your example if
the
> default keyword weren't there?
>
> If not, in what type of scenario would the default keyword be needed?
>
> IOW, if you just had this:
>
>>
>
> I can't see any difference between using or not using the default
keyword.
> If there is a difference, could you point it out to me.
>
> TIA, Tim
>
> -----Original Message-----
> From: Brian McGahan [mailto:bmcgahan@internetworkexpert.com]
> Sent: Sunday, April 17, 2005 4:49 PM
> To: ccie2be; alsontra; Group Study
> Subject: RE: What's the point of this?
>
> Tim,
>
> Keep in mind the context that this is used in, policy routing.
> When a policy match does not occur, normal forwarding ensues. So if
> your policy reads as follows:
>
> route-map POLICY permit 10
> set ip default next-hop 1.2.3.4
> set ip default next-hop verify-availability
> !
> interface Ethernet0/0
> ip policy route-map POLICY
>
> This means that all traffic coming in E0/0 will be sent towards
> 1.2.3.4 if it is available. If it is not available all traffic coming
> in E0/0 will be subject to normal forwarding.
>
>
> HTH,
>
> Brian McGahan, CCIE #8593
> bmcgahan@internetworkexpert.com
>
> Internetwork Expert, Inc.
> http://www.InternetworkExpert.com
> Toll Free: 877-224-8987 x 705
> Outside US: 775-826-4344 x 705
> 24/7 Support: http://forum.internetworkexpert.com
> Live Chat: http://www.internetworkexpert.com/chat/
>
>
> > -----Original Message-----
> > From: nobody@groupstudy.com [mailto:nobody@groupstudy.com] On Behalf
> Of
> > ccie2be
> > Sent: Sunday, April 17, 2005 2:36 PM
> > To: 'alsontra'; 'Group Study'
> > Subject: RE: What's the point of this?
> >
> > Alsontra,
> >
> > I guess the only reason to use the verify-availability option with
the
> set
> > ip default next-hop command is to save resource. But, I'm not sure
> how
> > much, if any, resource is actually saved when this option is used.
> >
> > It appears the router will expend cpu resource with cdp when you use
> this
> > option instead of arping when you don't. And, you might save
> bandwidth
> > but
> > again I don't know how much bandwidth would actually be saved.
> >
> > Imagine you're using a low bandwidth f/r link. (On a high bandwidth
> > ethernet, you probably care if you're sending arp's continuously).
> >
> > With the verify-avail option, u need to make sure cdp is enabled
which
> it
> > might not be depending on the type of f/r int you're using. So,
> instead of
> > sending user traffic packets across the f/r link and having them
> dropped,
> > you're sending cdp frames across the link and dropping the packets
> > locally.
> >
> > So, I think the bottom line is this:
> >
> > If the default next-hop is NOT available, packet to that next-hop
will
> be
> > dropped no matter what.
> >
> > The only issue left is where those packets get dropped on the router
> > checking availability or later.
> >
> > What do you think? Does this sound right to you?
> >
> > TIA, Tim
> >
> > -----Original Message-----
> > From: alsontra [mailto:alsontra@hotmail.com]
> > Sent: Sunday, April 17, 2005 10:42 AM
> > To: 'ccie2be'; 'Group Study'
> > Subject: RE: What's the point of this?
> >
> > Sorry, I'm not sure I understood your question.
> >
> > >If the preferred next-hop isn't available, the router will check if
> the
> > >DEFAULT is available.
> > >If the DEFAULT isn't available, the packet is dropped whether you
> check
> > if
> > >the DEFAULT is available or not. So, what's the point?
> >
> > I think what this means is your not going to senselessly send
traffic
> to a
> > nexthop that is unavailable. The " verify-availability " option
> doesn't
> > really seem to make a good amount of sense unless your using it in
the
> > "set
> > ip next-hop " snytax to make a more granular or discriminatory
> route-map.
> >
> > In addition, this may be a feature that reclaims some of the routers
> > resources. Note the following:
> >
> > "If the router is policy routing packets to the next hop and the
next
> hop
> > happens to be down, the router will try unsuccessfully to use
Address
> > Resolution Protocol (ARP) for the next hop (which is down). This
> behavior
> > will continue forever.
> >
> > To prevent this situation from occurring, use this command to
> configure
> > the
> > router to first verify that the next hops of the route map are the
> > router's
> > CDP neighbors before routing to that next hop. "
> >
> >
>
http://www.cisco.com/univercd/cc/td/doc/product/software/ios123/123cgcr/
> ip
> > rr
> > p_r/ip2_s1g.htm#wp1038423
> >
> > In a high traffic environment, this feature may save you some CPU.
(if
> cdp
> > is an option)
> >
> > HTH,
> > Al
> >
> > -----Original Message-----
> > From: nobody@groupstudy.com [mailto:nobody@groupstudy.com] On Behalf
> Of
> > ccie2be
> > Sent: Sunday, April 17, 2005 7:03 AM
> > To: 'alsontra'; 'Group Study'
> > Subject: RE: What's the point of this?
> >
> > Alsontra,
> >
> > Thanks for getting back to me.
> >
> > Although I appreciate your response, it didn't really address my
> question.
> >
> > My question was about the command:
> >
> > set ip DEFAULT next-hop verify-availability
> >
> > In this command, we're using DEFAULT and verify-availability in the
> same
> > command. In other words, we are telling the router to verify the
> default
> > before we use it. So, what happens when the DEFAULT is not
available?
> >
> > By definition, a DEFAULT is what's used as a last resort. In your
> > example,
> > you had a preferred next-hop which would be used if it's available
and
> a
> > default next-hop if the preferred next-hop isn't available. That
> makes
> > sense.
> >
> > Now, what happens when you add this command to your config.
> >
> > set ip next-hop 1.1.1.1
> > set ip next-hop verify-availability
> > set ip default next-hop 2.2.2.2
> > set ip DEFAULT next-hop verify-availability
> >
> >
> > If the preferred next-hop isn't available, the router will check if
> the
> > DEFAULT is available.
> > If the DEFAULT isn't available, the packet is dropped whether you
> check if
> > the DEFAULT is available or not. So, what's the point?
> >
> > The only difference I can see by verifying if the DEFAULT is
available
> > when
> > it's not is where the packet is dropped. But, either way the packet
is
> > dropped.
> >
> > Maybe that's all there is to that but I would appreciate any
comments.
> >
> > TIA, Tim
> >
> >
> > -----Original Message-----
> > From: alsontra [mailto:alsontra@hotmail.com]
> > Sent: Saturday, April 16, 2005 1:44 PM
> > To: 'ccie2be'; 'Group Study'
> > Subject: RE: What's the point of this?
> >
> >
> > Tim,
> >
> > There are at least two situations that demonstrate the point of this
> > option.
> > (at least from my humble perspective.)
> >
> > #1. Using only policy routing to create a DDR type solution.
> >
> > set ip next-hop 1.1.1.1
> > set ip next-hop verify-availability
> > set ip default next-hop 2.2.2.2
> >
> >
> > In this form, the router will policy route all packets to 1.1.1.1 as
> long
> > as
> > the adjacent router or 1.1.1.1 route destination is in the CDP
table.
> >
> > (set ip next-hop verify-availability uses cdp to verify adjacency)
> >
> > When this route is not verifiable via CDP, all packets will be
routed
> to
> > 2.2.2.2... Thereby creating your backup solution.
> >
> > #2. You can combine policy routing and normal routing to produce a
> hybrid
> > backup situation.
> >
> > set ip next-hop 1.1.1.1
> > set ip next-hop verify-availability
> >
> > ip route 0.0.0.0 0.0.0.0 2.2.2.2
> >
> > Once again, if the route to 1.1.1.1 is not verifiable all packets
get
> > routed
> > to 2.2.2.2. (pls note policy routing happens before normal routing)
> >
> > (shooting from the hip)
> >
> > HTH,
> > Alsontra
> >
> >
> >
> >
> > -----Original Message-----
> > From: nobody@groupstudy.com [mailto:nobody@groupstudy.com] On Behalf
> Of
> > ccie2be
> > Sent: Friday, April 15, 2005 11:53 AM
> > To: Group Study
> > Subject: What's the point of this?
> >
> > Hi guys,
> >
> > That prior question about conditional redist static got me thinking
> about
> > the verify-availability command.
> >
> > In the Command Reference I found another command which also uses the
> > verify-availability.
> >
> > set ip default next-hop x.x.x.x
> > set ip default next-hop verify-availability
> >
> > What's the point of this?
> >
> > Just think about this. If a certain next-hop is the default next-hop
> that
> > means this next-hop should be used if there's no other choice.
> >
> > But, if there's no other choice, what happens if this default
next-hop
> is
> > NOT available?
> >
> > Doesn't this seem to be a contradiction?
> >
> > Can someone provide an example where this command should be used and
> what
> > happens if the default next-hop is NOT available?
> >
> > TIA, Tim
> >
> >
>
_______________________________________________________________________
> > Subscription information may be found at:
> > http://www.groupstudy.com/list/CCIELab.html
> >
> >
>
_______________________________________________________________________
> > Subscription information may be found at:
> > http://www.groupstudy.com/list/CCIELab.html
> >
> >
>
_______________________________________________________________________
> > Subscription information may be found at:
> > http://www.groupstudy.com/list/CCIELab.html
_______________________________________________________________________
Subscription information may be found at:
http://www.groupstudy.com/list/CCIELab.html
_______________________________________________________________________
Subscription information may be found at:
http://www.groupstudy.com/list/CCIELab.html
_______________________________________________________________________
Subscription information may be found at:
http://www.groupstudy.com/list/CCIELab.html
This archive was generated by hypermail 2.1.4 : Tue May 03 2005 - 07:54:59 GMT-3