Bonjour,
En faisant des recherches sur l’Anycast, je suis tombé par hasard sur un article réalisé par l’Agence Nationale de la Sécurité des Systèmes d’Information (ANSSI) et par l’Association Française pour le Nommage Internet en Coopération (AFNIC) qui a dressé un état des lieux de l’Internet français en 2011. Cette étude s’est focalisée sur le BGP et le DNS puisque ce sont les deux éléments clés de l’accessibilité et la résilience de l’Internet d’un pays.
L’article est accessible ici.
Hi falks,
The first thing is that VRRP, compared to HSRP, is an open standard protocol for router redundancy. But when we talk about routers we think Cisco, Nortel or Juniper…
I used VRRP to implement high availabality of Linux routers (a failover cluster). The solution was really reliable. But when I was thinking to enlarge the experience to Cisco routers I found my self asking this question: Can I use VRRP to allow high availability of IPsec Lan-To-Lan VPNs ?
After some reading, the answer from Cisco is Yes but with the use of HSRP and not VRRP, here’s a link from Cisco discussing the subject : http://www.cisco.com/en/US/docs/ios/12_1/12_1e9/feature/guide/ft_ipsha.html
This worked on a lab with HSRP, unfortunatly VRRP did not. My question to Cisco : Why VRRP based features are not more developped on Cisco routers ?
As I’m free (no job yet), I’m preparing myself for the Cisco BSCI exam for the CCNP… Say me good luck 🙂
One of my (may be) future colleague said me that it’s more interesting to have a Juniper certification… what’s your opinion ? mine : if I had enough time I will pass the two 🙂
Me again,
I wanted to have your feedback about Cisco’s REP (Resilient Ethernet Protocol) :
– where do you use it
– equipments needed
– reliability
– efficiency
Thanks in advance
Hi all,
Days ago I was facing an issue concerning a VRRP cluster (using keepalived). Every hour, the backup server was changing its VRRP state to master and two second later (after forced re-election) goes back to the backup state.
The same number of NICs are connected to each server, each NIC is configured in a vrrp_instance. But only one vrrp_instance on the backup server changed its state to master, the others did the same while they belong to the same vrrp_sync_group.
The vrrp_instance whose state is changing is connected to a Cisco VPN router.
After many days of investigation (looking at if the server is receiving VRRP packets, if there were errors on the packets… if there were dropped packets…) I discovered in the log of the VPN router some messages which warn that virtual-reassembly parameter was exceeded… Heu ???
After searching, I increased this parameter on each interface of the Cisco VPN router :
ip virtual-reassembly max-reassemblies 32
This solves the problem, but until now I don’t know why VRRP on a server complains about that, sniffing didn’t give me too much information to analyse…
Hi falks,
Today I tried to use for the first time the Cisco SDM. Unfortunatly, when the Cisco SDM Express launched, I got nothing. Bad news…
I looked at the Java JRE console and I found an IndexOutOfRange error !
In my workstation I had the Java 1.6.0_13 installed, after googling, I found this post where gays suggest to downgrade or upgrade Java JRE to resolve the problem.
I upgraded the JRE to 1.6.0_15 and now the SDM is working…
Hi,
In this article I will explain the different techniques used for gateway high availability.
So first let’s explain what is a HA gateway ?
A high available gateway is a first-hope router (layer 3) that is available 100% (or almost) of time. This can be achieved by using many strategies.
The most used, well known and reliable strategy is the first-hop redundancy where two or more routers act as a unique virtual gateway.
This strategy is divided into two techniques : Failover and Loadbalancing.
The failover technique defines a router as the master of the group and the others routers as the backups. When the master router goes down a backup router (depending on his priority) becomes the master.
The loadbalancing technique uses all the routers (all of them are masters). Every router is used, for example, in round robin manner.
The HSRP protocol (proprietary and no more supported by Cisco) and the VRRP protocol (Virtual Router Redundancy Protocol) are two protocols used for failover redundancy.
GLPB (Gateway Load Balancing Protocol) is a Cisco proprietary protocol that can be used for load balancing traffic between many gateways.
Here is a very nice cheat sheet from stretch
Hi all,
I was a little bit buzy to prepare my Cisco CCDA (640-863) exam… but the important thing is that I passed it !
Now, I’m going to prepare the CCNA…
Hi folks,
Two months ago we implemented a DRP network in a branch office. The connection between the main office and the branch one is done with a site-to-site IPSec VPN.
Here is the global schema :
VPN
Everything was ok until I tried to connect to the F0/0 IP of the remote VPN router (VPN-2). Thus, I was unable to get connected.
I checked ACLs, routes, … everything is ok.
Being connected on the VPN-2 (indirectly connected), I tried to telnet back to the 192.168.1.1 machine, then I got a Host unreachable error.
Strange, routes are ok (a default route exists throughout the ISP router)… The error suggests there is no route to the host, so I added an explicit route on VPN-2 indicating the ISP router as the gateway to connect to the 192.168.1.0/24 network.
ip route 192.168.1.0 255.255.255.0 A.B.C.D
As expected, this solved the problem.
After this, I thought why the default route wasn’t been used ?
My suggestion :
192.168.1.0/24 is a RFC1918 network and may be the IOS default route doesn’t hundle these networks.
Your comments are welcome.
Capcorne's Blog 