Yeah, when do you do it? Or more precisely, when will it HELP?
In my early tech days of Windows 95/98 and NT/2000, it seemed like every single time you did something, you had to reboot the stupid computer. Change the IP address? Reboot. Change the DNS? Reboot. Install a program? Reboot. Change the desktop wallpaper? Reboot (just kidding).
In contrast though, in my experience with Cisco, a reboot hardly ever fixed a problem. That’s was mostly due to my own config errors. However, recently, a reboot DID fix a problem, much to my surprise.
I was changing vpn tunnel encryption methods on a core vpn router, moving the Virtual Tunnel Interfaces from using a crypto map to being protected by a vpn profile. After changing about 40 of the tunnels, we started seeing aberrant routing behavior. Some of the remote VPN peers have primary and secondary IP addresses on their internal interfaces, and while we could ping one, we couldn’t ping the other. On one peer, we could ping the primary but not the secondary. One another, we could ping the secondary but not the primary.
And of course, our monitoring alerts are going crazy in the background.
I did some quick troubleshooting: no ACLs affecting traffic on either side; no eigrp distribute lists blocking traffic on either side; checked the routing tables on core and hub – fine; checked the EIGRP topology tables on both – fine; run traceroutes from core and hub – the traffic from the remote can reach the core side of the VPN tunnel, but no farther. So routing looked fine, except for the mystery blocking at the core.
Really, only one thing left to do – reload the core. It was where all the changes were made. A couple nerve-wracking minutes later (will it come back? Do we have a SmartNet?), it comes back, and? Voila. Problem fixed.
Hunh. Never seen a reload fix a problem. But it worked for IPSEC issues.