T992
PC13--(v603)dw1_FGT_dw2(v603)--PC14
issue 1:
a-a mode, the slave send its packet to the master's mac
because the rtcache had been rewritten by the master's bonce
traffic. SO the symptom is when the session handled by the slave,
traffic stop.
5140-slot5 (NBF60301F) # d ip rtcache list
family=02 tab=254 vf=2 type=01 tos=0 flag=80000200
192.168.3.130@0->192.168.3.14@26(Vlan603-north) gwy=0.0.0.0 prefsrc=0.0.0.0
ci: ref=4 lastused=0 expire=0 err=00000000 used=2 br=1 pmtu=1500
00:11:43:eb:86:2d->00:11:43:58:6d:39
family=02 tab=254 vf=2 type=01 tos=0 flag=80000200
192.168.3.14@0->192.168.3.130@27(Vlan603-south) gwy=0.0.0.0 prefsrc=0.0.0.0
ci: ref=195 lastused=0 expire=0 err=00000000 used=2 br=1 pmtu=1500
00:11:43:58:6d:39->00:11:43:eb:86:2d
issue 2:
a-a mode, change server's mac address, the master is able to correct its rtcache
but the slave won't. so when the traffic is handled by the slave,
the slave will send the packets to the server's old mac.
Friday, September 11, 2009
Tuesday, September 8, 2009
Some useful link
http://ieoc.com/forums/
vol_I_lab_13_RouteReflection
router bgp 100
neighbor 150.1.1.1 remote-as 100
neighbor 150.1.1.1 update-source Loopback0
neighbor 150.1.3.3 remote-as 100
neighbor 150.1.3.3 update-source Loopback0
neighbor 150.1.4.4 remote-as 100
neighbor 150.1.4.4 update-source Loopback0
neighbor 150.1.6.6 remote-as 100
neighbor 150.1.6.6 update-source Loopback0
!
address-family ipv4 ===>???Why
neighbor 150.1.1.1 activate
no neighbor 150.1.3.3 activate
no neighbor 150.1.4.4 activate
no neighbor 150.1.6.6 activate
exit-address-family
!
address-family vpnv4
neighbor 150.1.3.3 activate
neighbor 150.1.3.3 send-community extended ==> why not both which is for the =====>other lab
neighbor 150.1.3.3 route-reflector-client
neighbor 150.1.4.4 activate
neighbor 150.1.4.4 send-community extended
neighbor 150.1.4.4 route-reflector-client
neighbor 150.1.6.6 activate
neighbor 150.1.6.6 send-community extended
neighbor 150.1.6.6 route-reflector-client
exit-address-family
Monday, September 7, 2009
vol_I_lab_12_OSPF_Domain_ID
link: http://www.bbfish.net/vpn/vpn_239.html
why domain-id?
如果使用标准的BGP/OSPF,PE2 将把BGP VPN 路由通过Type5 LSAs,即ASE LSAs,发布给CE3 和CE4。但CE1 与CE3、CE4 属于同一个OSPF 域,它们之间的路由发布应该使用Type3 LSAs,即区域间路由(inter-area routes)。
为了解决上述问题,PE 使用一种经过修改的BGP/OSPF 交互过程(简称为BGP/OSPF互操作功能),发布从一个Site 到另一个Site 的路由,将这种路由与真正的ASExternal路由进行区分。这一过程需要BGP 使用扩展团体属性,携带可以标识OSPF属性的信息。
在华为 NE80 的实现中,要求每个OSPF 域有一个可配置的域ID(Domain ID)。一般建议:与每个VPN 实例相关的网络中的所有OSPF 实例要么配置一个相同的域ID,要么都使用缺省的域ID。域ID 作为BGP 的扩展团体属性传播,这样,在收到BGP 的VPN 路由时,域ID 相同的是来自同一VPN 实例的路由。