[flashvideo filename=https://ipnet.xyz/vid/archive/2009/06/3GforCiscoIntegratedServicesRouters.flv image=https://ipnet.xyz/vid/archive/2009/06/3GforCiscoIntegratedServicesRouters.jpg /]
Author: Calin
Calin is a network engineer, with more than 20 years of experience in
designing, installing, troubleshooting, and maintaining large enterprise WAN and LAN networks.
Cisco: OSPF conditional inject of a Default Route
I believe most of you are familiar how OSPF is injecting a default route in a normal area. If not, you can find here all the documentation that you need. Please be familiar with this concept before reading this article.
Now, let’s assume that we have the following topology (click on image to have a more detailed view) :
As you can see we have a BGP peering between PE and CE router, with CE router having and OSPF connection with the Core. CE router is injecting a default route to Core:
router ospf 1
default-information originate always
This configuration is OK, but we can run into the following issue. Imagine that for some reason the BGP peering between PE and CE is broken (e.g. line being down), the CE router will have no clue about this and will still propagate the default route to the Core. In this situation, the Core will still forward all the packets without specific route to CE where it will have no further route to reach the destination, as the CE does not receive any route from the BGP peer. As you can imagine is better to avoid this situation, especially if for some reasons you are not monitoring the connection between PE and CE and you cannot react to change manually the route in case of a failure. We are lucky because some smart engineers have developed a solution to avoid this problem, called Conditional inject of a default route in OSPF.
With this solution, OSPF is monitoring the reachability of the point-to-point IP connection between PE and CE. When OSPF process on CE router notice that the IP connection is not available anymore, it automatically retract the propagation of the default route to the Core. The solution is simple an assume use of an ACL or prefix-list then match this on a route-map and finally use this route-map under “router ospf” process. For step-by-step configuration check below.
First we will create and ACL matching the IP subnet between PE and CE. In this example I’m using a p2p subnet 10.10.10.0 /30:
access-list 1 permit 10.10.10.0 0.0.0.3
Then I will match this into a route-map as follow:
route-map WAN-LINK permit 10
match ip address 1
Finall, we will use this route-map to implement the OSPF conditional injection of default route to Core router (192.168.0.0 /30 is the p2p IP subnet between CE and Core):
router ospf 1
log-adjacency-changes
network 192.168.10.2 0.0.0.0 area 0
default-information originate always route-map WAN-LINK
Now, the OSPF process on CE will inject a default route to the Core as long as the IP subnet between CE and PE is reachable.
IMPORTANT NOTE: This solution might not work if your connection from CE to PE is Ethernet and not Serial like in the example. I will explain why on the next post, when I’ll achieve the same behavior but using EEM together with an Ethernet based connection instead of a Serial one.
Please check below to see a small presentation how this is working on a test environment:
Cisco Hosts Investor Webcast: Consumer Strategy
Source: http://newsroom.cisco.com
June 15, 2009 – Cisco will host a webcast for the financial community with a corresponding slide presentation to discuss the company’s Consumer strategy, highlighting its consumer vision, market opportunity and expansion of its portfolio.
Who: co-hosted by Cisco executives, Ned Hooper, senior vice president of Corporate Development and Consumer, and Guido Jouret, vice president, chief technology officer of the Emerging Technologies Group. Following a brief presentation, a question & answer session will be held.
No previously unannounced issues will be discussed in this webcast.
Date: Tuesday, June 16, 2009
Time: 2:00pm PT
Listen and watch via the Internet:
Please listen to the webcast online at http://www.cisco.com/go/investors. We will offer live and replay audio broadcast of the conference call, with synchronized slides, on this website.
RSVP:
No RSVP is necessary
Cisco: How to determine the serial number of hardware components
Some days ago I had to check for the serial number of a faulty fan tray that need to be exchanged in C6500 series. Now most of you I believe know the commands “show version” or “show hardware” which will get all the information that you need most of the time, but not always. I decided to put in this post some useful commands to identify the Cisco hardware components and their respective identifiers (serial nnumber) on different platforms.
I will use for my example a C6500 series switch, because this support most of the commands that I know. Also the real serial numbers will be stripped out and replace with a fake one, as I don’t want this to be used by third parties.
show version – Any network administrators who work with Cisco devices are more than likely familiar with the show version command. The most common use of this command is to determine which version of the Cisco IOS a device is running, but this command also offers different usesful information like the IOS version, ROM bootstrap, uptime, RAM quantity, FLASH capacity and many more. Coming back to our topic from this post, show version ouput the Processor board ID which should be the same serial number like the one printed on a sticker on the back of the Cisco device. This is also used as the device serial number in any service contract that you might have. You can see below an excerpt of the show version command on C6500 platform:
Cisco Internetwork Operating System Software
IOS ™ s72033_rp Software (s72033_rp-JK9SV-M), Version 12.2(18)SXD6, RELEASE SOFTWARE (fc1)
Technical Support: http://www.cisco.com/techsupport
Copyright (c) 1986-2005 by cisco Systems, Inc.
Compiled Wed 17-Aug-05 17:48 by evmiller
Image text-base: 0x4002100C, data-base: 0x42698000ROM: System Bootstrap, Version 12.2(17r)S4, RELEASE SOFTWARE (fc1)
BOOTLDR: s72033_rp Software (s72033_rp-JK9SV-M), Version 12.2(18)SXD6, RELEASE SOFTWARE (fc1)r8-c6500 uptime is 6 weeks, 3 days, 20 hours, 32 minutes
Time since r8-c6500 switched to active is 6 weeks, 3 days, 20 hours, 31 minutes
System returned to ROM by reload at 18:50:17 PDT Sat Apr 7 2007 (SP by reload)
System image file is “disk0:s72033-jk9sv-mz.122-18.SXD6.bin”If you require further assistance please contact us by sending email to
[email protected].cisco WS-C6506 (R7000) processor (revision 3.0) with 458720K/65536K bytes of memory.
Processor board ID SAL00000XXX
SR71000 CPU at 600Mhz, Implementation 0x504, Rev 1.2, 512KB L2 Cache
Last reset from s/w reset
Bridging software.
X.25 software, Version 3.0.0.
SuperLAT software (copyright 1990 by Meridian Technology Corp).
TN3270 Emulation software.
1 Virtual Ethernet/IEEE 802.3 interface(s)
42 Gigabit Ethernet/IEEE 802.3 interface(s)
1917K bytes of non-volatile configuration memory.
8192K bytes of packet buffer memory.65536K bytes of Flash internal SIMM (Sector size 512K).
Configuration register is 0x2102
show module – beside giving you a list of the modules and slots where they are connected (e.g. on C6500 series), it also return status, model, hardware address, software / hardware version and the most important for us today, the serial number of each module / sub-module. Check C6500’s output of show module command:
Mod Ports Card Type Model Serial No.
— —– ————————————– —————— ———–
1 0 FRU type (0x6003, 0x450(1104)) 7600-SSC-400 JAB000000XX
2 2 IPSec VPN Accelerator WS-SVC-IPSEC-1 SAD0000X0X
3 16 SFM-capable 16 port 1000mb GBIC WS-X6516-GBIC SAL0000000
4 6 Firewall Module WS-SVC-FWM-1 SAD000000X
5 2 Supervisor Engine 720 (Active) WS-SUP720-3B SAL0000XX00
6 16 SFM-capable 16 port 1000mb GBIC WS-X6516-GBIC SAL0000XXXXMod MAC addresses Hw Fw Sw Status
— ———————————- —— ———— ———— ——-
1 0013.60a4.c688 to 0013.60a4.c6c7 1.0 Unknown Unknown PwrDown
2 0001.c9df.65ba to 0001.c9df.65bd 1.3 Unknown Unknown PwrDown
3 0009.11e3.1c84 to 0009.11e3.1c93 5.0 Unknown Unknown PwrDown
4 0019.5671.803a to 0019.5671.8041 4.0 7.2(1) 3.2(10) Ok
5 0013.c347.2e90 to 0013.c347.2e93 5.3 8.4(2) 12.2(18)SXD6 Ok
6 000d.65f7.1a8c to 000d.65f7.1a9b 5.5 6.3(1) 8.3(0.156)RO OkMod Sub-Module Model Serial Hw Status
— ————————— —————— ———— ——- ——-
5 Policy Feature Card 3 WS-F6K-PFC3B SAL0000XXX 2.3 Ok
5 MSFC3 Daughterboard WS-SUP720 SAL0000X0X0 2.6 OkMod Online Diag Status
— ——————-
1 Unknown
2 Unknown
3 Unknown
4 Pass
5 Pass
6 Pass
show inventory – retrieve and display the Unique Device Identifier (UDI) information from any Cisco product that has electronically stored such identity information. A UDI consists of the following elements: Product identifier (PID), Version identifier (VID) and Serial number (SN).
The PID is the name by which the product can be ordered; it has been historically called the “Product Name” or “Part Number.” This is the identifier that one would use to order an exact replacement part.
The VID is the version of the product. Whenever a product has been revised, the VID will be incremented. The VID is incremented according to a rigorous process derived from Telcordia GR-209-CORE, an industry guideline that governs product change notices.
The SN is the vendor-unique serialization of the product. Each manufactured product will carry a unique serial number assigned at the factory, which cannot be changed in the field. This is the means by which to identify an individual, specific instance of a product.
The raw parameter on the show inventory command is useful mostly for troubleshooting purpose. Compared with the previous commands, this one give you a better overview of the full range of hardware components installed (e.g. fan-tray, power source….) Below you can see an excerpt from the command output:
NAME: “WS-C6506”, DESCR: “Cisco Systems Catalyst 6500 6-slot Chassis System”
PID: WS-C6506 , VID: , SN: SAL00000XXXNAME: “WS-C6K-VTT 1”, DESCR: “VTT FRU 1”
PID: WS-C6K-VTT , VID: , SN: SMT0000X000NAME: “WS-C6K-VTT 2”, DESCR: “VTT FRU 2”
PID: WS-C6K-VTT , VID: , SN: SMT0000X000NAME: “WS-C6K-VTT 3”, DESCR: “VTT FRU 3”
PID: WS-C6K-VTT , VID: , SN: SMT0000X000NAME: “WS-C6000-CL 1”, DESCR: “C6K Clock FRU 1”
PID: WS-C6000-CL , VID: , SN: SMT0000X000NAME: “WS-C6000-CL 2”, DESCR: “C6K Clock FRU 2”
PID: WS-C6000-CL , VID: , SN: SMT0000A000NAME: “1”, DESCR: “7600-SSC-400 0 ports FRU type (0x6003, 0x450(1104)) Rev. 1.0”
PID: 7600-SSC-400 , VID: V01, SN: JAB000000XX
show diagbus – in order to find the serial number of port adapters that plug into the Flex WAN module, issue the show diagbus command from the MSFC command-line interface (CLI), like in the example below:
Slot 2: Logical_index 4
2 port adapter Enhanced FlexWAN controller
Board is analyzed ipc ready
HW rev 2.0, board revision A0
Serial Number: JAB0000000 Part number: 73-9539-03Slot database information:
Flags: 0x2004 Insertion time: 0x249E4 (18w3d ago)Controller Memory Size:
192 MBytes CPU Memory
63 MBytes Packet Memory
255 MBytes Total on Board SDRAM
Cisco IOS Software, cwlc Software (cwpa2-DW-M), Version 12.2(33)SXH3a, RELEASE SOFTWARE (fc1)PA Bay 0 Information:
T3+ Serial PA, 1 ports
EEPROM format version 1
HW rev 1.00, Board revision B1
Serial number: 15225203 Part number: 73-3762-02
Slot 2: Logical_index 5
2 port adapter Enhanced FlexWAN controller
Board is analyzed ipc ready
HW rev 2.0, board revision A0
Serial Number: JAB0000000 Part number: 73-9539-03Slot database information:
Flags: 0x2004 Insertion time: 0x209C0 (18w3d ago)Controller Memory Size:
192 MBytes CPU Memory
63 MBytes Packet Memory
255 MBytes Total on Board SDRAM
Cisco IOS Software, cwlc Software (cwpa2-DW-M), Version 12.2(33)SXH3a, RELEASE SOFTWARE (fc1)
show idprom – In order to determine the serial number for the chassis and other components. This command has multiple parameter to issue in case that you want to restrict the information that is returned to you show idprom [parameter]. Some parameter option would be: backplane, fan-tray, module, interface and others which you can discover with well known help command show idprom ? . An example you can see below:
show idprom backplane
IDPROM for backplane #0
(FRU is ‘Catalyst 6500 6-slot backplane’)
OEM String = ‘Cisco Systems’
Product Number = ‘WS-C6506’
Serial Number = ‘SAL0000XXX’
Manufacturing Assembly Number = ’73-3436-03′
Manufacturing Assembly Revision = ‘B0’
Hardware Revision = 3.0
Current supplied (+) or consumed (-) = –
As i said before not all of this commands are working on every Cisco device, that’s why I choose a C6500 for the example as it support all of them. Also this are the commands that I used mostly to obtain information about Cisco hardware components, if there are another ones that you find useful please add them to the comments section and I’ll add them to this article.
New DOS attacks threaten wireless data networks
Forget spam, viruses, worms, malware and phishing. These threats are apparently old school when compared to a new class of denial-of-service (DOS) attacks that threaten wireless data networks.
The latest wireless network threats were outlined in a talk here Thursday by Krishan Sabnani, vice president of networking research at Bell Labs, at the Cyber Infrastructure Protection Conference at City College of New York.
Sabnani said the latest wireless data network threats are the result of inherent weaknesses in Mobile IP, a protocol that uses tunneling and complex network triangulation to allow mobile devices to move freely from one network to another.
“We need to especially monitor the mobile networks – with limited bandwidth and terminal battery—for DOS attacks,” Sabnani said.
Here are five wireless data network threats outlined by Sabnani:
1. Signaling DOS
2. Battery Drain
3. Peer-to-Peer Applications
4. Malfunctioning Air Card
5. Excessive Port Scanning