Re: [c-nsp] per-packet load sharing.
hi virendra, Per packet load sharing is CPU intensive and if you are running something like voice then it is not recommended that you run per packet. Even with per packet you will never get exact load sharing for both links. Best Regards Raymond On Dec 10, 2007 4:39 AM, virendra rode // [EMAIL PROTECTED] wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Hi, I have a GRE tunnel configured on a L3 device running ospf w/ cef enabled which ties into two edge routers in a dual-isp setup. L3 switch# int tun0 ip add 10.0.0.1 255.255.255.252 tunnel source 192.168.0.1 tunnel destination 192.168.2.1 router ospf 100 network x.x.x.x y.y.y.y area 0 ip route x.x.x.x y.y.y.y 10.0.0.2 In order to distribute traffic (load-sharing) across two links I'm looking at enabling equal cost traffic (per-packet load sharing) going out both serial links as their data processing is overloading one link. The equal cost routes with CEF default load sharing is not distributing the load over the 2 links as expected. MLPPP is not an option for budget reasons hence I'm looking at doing per-packet. router-1# ip cef (enabled globally) ip cef load-sharing algorithm original fa0/0 connected to L3 on vlan5 interface Serial0/0/0:0 bandwidth 1544 no ip address encapsulation frame-relay frame-relay lmi-type cisco ip load-sharing per-packet interface Serial0/0/0:0.100 point-to-point bandwidth 1544 ip address x.x.x.x y.y.y.y frame-relay interface-dlci 100 router-2# ip cef (enabled globally) ip cef load-sharing algorithm original fa0/0 connected to L3 on vlan5 interface Serial0/0/0:0 bandwidth 1544 no ip address encapsulation frame-relay frame-relay lmi-type cisco ip load-sharing per-packet interface Serial0/0/0:0.200 point-to-point bandwidth 1544 ip address x.x.x.x y.y.y.y frame-relay interface-dlci 200 Any recommendation and /or feedback will be appreciated. regards, /virendra -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.2.2 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFHXJi6pbZvCIJx1bcRAhA+AJwOmJrc51G2t+Z21SJNrh6XapMA9gCgsz40 hdhegCO5uU6vhlVTY1NyaaA= =MgKh -END PGP SIGNATURE- ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/ -- Raymond Macharia ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] per-packet load sharing.
On Sun, Dec 09, 2007 at 05:39:07PM -0800, virendra rode // wrote: [snip] In order to distribute traffic (load-sharing) across two links I'm looking at enabling equal cost traffic (per-packet load sharing) going out both serial links as their data processing is overloading one link. The equal cost routes with CEF default load sharing is not distributing the load over the 2 links as expected. MLPPP is not an option for budget reasons hence I'm looking at doing per-packet. [snip] Any recommendation and /or feedback will be appreciated. ECMP in routing protocols good, per-packet bad. If you care at all about TCP performance or have jitter-sensitive traffic then don't do it. Your best bet is to suss out how much BGP you can eat on the platform, get that data and (backfill with 0/0 if you are on a limited platform), then slice and dice your load at that level. Cheers, Joe -- RSUC / GweepNet / Spunk / FnB / Usenix / SAGE ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] per-packet load sharing.
On Mon, Dec 10, 2007 at 11:14:37AM +0300, Raymond Macharia wrote: hi virendra, Per packet load sharing is CPU intensive CPU intensive for who? and if you are running something like voice then it is not recommended that you run per packet. Even with per packet you will never get exact load sharing for both links. Best Regards Raymond On Dec 10, 2007 4:39 AM, virendra rode // [EMAIL PROTECTED] wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Hi, I have a GRE tunnel configured on a L3 device running ospf w/ cef enabled which ties into two edge routers in a dual-isp setup. L3 switch# int tun0 ip add 10.0.0.1 255.255.255.252 tunnel source 192.168.0.1 tunnel destination 192.168.2.1 router ospf 100 network x.x.x.x y.y.y.y area 0 ip route x.x.x.x y.y.y.y 10.0.0.2 In order to distribute traffic (load-sharing) across two links I'm looking at enabling equal cost traffic (per-packet load sharing) going out both serial links as their data processing is overloading one link. The equal cost routes with CEF default load sharing is not distributing the load over the 2 links as expected. MLPPP is not an option for budget reasons hence I'm looking at doing per-packet. router-1# ip cef (enabled globally) ip cef load-sharing algorithm original fa0/0 connected to L3 on vlan5 interface Serial0/0/0:0 bandwidth 1544 no ip address encapsulation frame-relay frame-relay lmi-type cisco ip load-sharing per-packet interface Serial0/0/0:0.100 point-to-point bandwidth 1544 ip address x.x.x.x y.y.y.y frame-relay interface-dlci 100 router-2# ip cef (enabled globally) ip cef load-sharing algorithm original fa0/0 connected to L3 on vlan5 interface Serial0/0/0:0 bandwidth 1544 no ip address encapsulation frame-relay frame-relay lmi-type cisco ip load-sharing per-packet interface Serial0/0/0:0.200 point-to-point bandwidth 1544 ip address x.x.x.x y.y.y.y frame-relay interface-dlci 200 Any recommendation and /or feedback will be appreciated. regards, /virendra -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.2.2 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFHXJi6pbZvCIJx1bcRAhA+AJwOmJrc51G2t+Z21SJNrh6XapMA9gCgsz40 hdhegCO5uU6vhlVTY1NyaaA= =MgKh -END PGP SIGNATURE- ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/ -- Raymond Macharia ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/ ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] per-packet load sharing.
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Hi, Ibrahim Abo Zaid wrote: Hi Rode i believe that according for GRE order of operation , GRE encapsulation occurs first then routing decesion will be taken based on destination address of GRE-Encapsualted headers means that you will need 2 equal-cost routes for the GRE-tunnel destination 192.168.2.1 so check your router routing table for network 192.168.2.1 route and ensure it has 2 routes - - The thing is the cef is load-balancing packets across equal-cost links on a per-destination which is how its suppose to be which I get it. The issue is my tunnel traffic is destined to a single core router on the far end of the links consuming the majority of the BW for any single link. Hence I'm looking at using per-packet method. I don't have any latency sensitive application that I need to worry in this case. Not sure if I need to enable ip load-sharing per-packet on L2 port / serial links off dual routers? regards, /virendra also , CEF has a default load-sharing per-destination enabled so make sure to change it under interfaces to load-sharing per-packet best regards --Abo Zaid On Dec 10, 2007 1:42 PM, Joe Provo [EMAIL PROTECTED] wrote: On Sun, Dec 09, 2007 at 05:39:07PM -0800, virendra rode // wrote: [snip] In order to distribute traffic (load-sharing) across two links I'm looking at enabling equal cost traffic (per-packet load sharing) going out both serial links as their data processing is overloading one link. The equal cost routes with CEF default load sharing is not distributing the load over the 2 links as expected. MLPPP is not an option for budget reasons hence I'm looking at doing per-packet. [snip] Any recommendation and /or feedback will be appreciated. ECMP in routing protocols good, per-packet bad. If you care at all about TCP performance or have jitter-sensitive traffic then don't do it. Your best bet is to suss out how much BGP you can eat on the platform, get that data and (backfill with 0/0 if you are on a limited platform), then slice and dice your load at that level. Cheers, Joe -- RSUC / GweepNet / Spunk / FnB / Usenix / SAGE ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/ ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/ -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.2.2 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFHXVRvpbZvCIJx1bcRAjqMAKCipcfSht9pAUK6yvEUpB8ie+p8sACg2z8+ AaxHQ9fc9vXSM+G13VES97Y= =rWJy -END PGP SIGNATURE- ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] Flowmask Config?
Do a show mls netflow flowmask Nat requires interface full flow Take a look here http://www.cisco.com/en/US/docs/switches/lan/catalyst6500/ios/12.2SXF/native/configuration/guide/netflow.html Brian -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Skeeve Stevens Sent: lunedì 10 dicembre 2007 15.24 To: cisco-nsp@puck.nether.net Subject: [c-nsp] Flowmask Config? Hey guys, I am trying to setup NAT for a few machines on a private network which enters a 7609 on a Ethernet interface. When I put the NAT commands, this error appears in the logs, and the NAT does not work. Can someone point me in the right direction to figure out what is going on? ...Skeeve === Error Message %FM_EARL7-4-MLS_FLOWMASK_CONFLICT : mls flowmask may not be honored on interface [chars] due to flowmask conflict Explanation The configured MLS flow mask conflicts with other features/QoS configuration. The traffic on this interface will be sent to software under this condition. NetFlow data export may not function correctly for this interface under this condition. Recommended Action Remove the conflicting configuration and re-configure the MLS flowmask -- Skeeve Stevens, RHCE [EMAIL PROTECTED] / www.skeeve.org Cell +61 (0)414 753 383 / skype://skeeve eintellego - [EMAIL PROTECTED] - www.eintellego.net -- I'm a groove licked love child king of the verse Si vis pacem, para bellum ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/ ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] Flowmask Config?
I knew someone else out there would see this problem. Skeeve the problem is the you can't run QOS and NDE concurrently. Both NDE and QOS use the same TCAM hardware and therefor you can't have two different FLOWMASKS. This rule applies to any QOS feature like UBRL User Based Rate Limiting which uses microflows. Only one or the other will function correctly. We have the same problem here because we have been using UBRL and now want to use NDE. We have 720-3Bs which support multiple flowmasks, but they have only allocated two for the netflow TCAM and those two appear to be an exclusive function, where you can have two for UBRL ( like SRC and DST masks) or NDE (interface-full) not both. I hate to say it but if you look hard enough the doc states that QOS and NDE don't work together. Both are very important features and should work. Princeton U. has been in touch with CISCO, but there seems to be no solution. Jeff Fitzwater OIT Network Telecommunications Systems Princeton University On Dec 10, 2007, at 9:24 AM, Skeeve Stevens wrote: Hey guys, I am trying to setup NAT for a few machines on a private network which enters a 7609 on a Ethernet interface. When I put the NAT commands, this error appears in the logs, and the NAT does not work. Can someone point me in the right direction to figure out what is going on? …Skeeve === Error Message %FM_EARL7-4-MLS_FLOWMASK_CONFLICT : mls flowmask may not be honored on interface [chars] due to flowmask conflict ExplanationThe configured MLS flow mask conflicts with other features/QoS configuration. The traffic on this interface will be sent to software under this condition. NetFlow data export may not function correctly for this interface under this condition. Recommended ActionRemove the conflicting configuration and re- configure the MLS flowmask -- Skeeve Stevens, RHCE [EMAIL PROTECTED] / www.skeeve.org Cell +61 (0)414 753 383 / skype://skeeve eintellego - [EMAIL PROTECTED] - www.eintellego.net -- I'm a groove licked love child king of the verse Si vis pacem, para bellum ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/ ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] Configure IP helper via SNMP?
Drew Weaver wrote: Does anyone know if there is a way to do per vlan configuration of the IP helper commands via SNMP, we would like to only have it enabled when systems need to be pxe-booted, although I suppose we could always have it enabled and control whether or not the system pxeboots via the dhcpd configuration (both was the original plan...) ? If you're using DHCP, the ip helper needs to be enabled permanently, does it not? ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] per-packet load sharing.
The thing is the cef is load-balancing packets across equal-cost links on a per-destination which is how its suppose to be which I get it. The issue is my tunnel traffic is destined to a single core router on the far end of the links consuming the majority of the BW for any single link. Under 12.4(11)T there's now an algorithm that includes ports numbers in the hash: http://www.cisco.com/en/US/products/ps6441/products_configuration_guide_chapter09186a0080824974.html#wp1046335 Hence I'm looking at using per-packet method. I don't have any latency sensitive application that I need to worry in this case. The concern with per-packet isn't an increase in latency, its the jitter and out-of-order delivery (the OoO's being especially harsh on bulk TCP transfers). ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] per-packet load sharing.
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Kevin Graham wrote: The thing is the cef is load-balancing packets across equal-cost links on a per-destination which is how its suppose to be which I get it. The issue is my tunnel traffic is destined to a single core router on the far end of the links consuming the majority of the BW for any single link. Under 12.4(11)T there's now an algorithm that includes ports numbers in the hash: http://www.cisco.com/en/US/products/ps6441/products_configuration_guide_chapter09186a0080824974.html#wp1046335 - I could possibly give this is a try provided traffic gets load shared over equal cost paths. Just wondering if ip cef load-sharing algorithm include-ports source destination feature is supported on 12.4(10c)? Hence I'm looking at using per-packet method. I don't have any latency sensitive application that I need to worry in this case. The concern with per-packet isn't an increase in latency, its the jitter and out-of-order delivery (the OoO's being especially harsh on bulk TCP transfers). - Understand and this been highlighted to the customer which will be monitored as part of their performance review. regards, /virendra -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.2.2 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFHXXk4pbZvCIJx1bcRAlt0AKCgFWjwS4LOXkEBtSRXm5FdNMkwmgCguBDE HHRiIc/N0YlOokIhWkFILJM= =0UDH -END PGP SIGNATURE- ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] Configure IP helper via SNMP?
although I suppose we could always have it enabled and control whether or not the system pxeboots via the dhcpd configuration (both was the original plan...) I'm guessing that the PXE boot is being done for installations, in which case you really don't want to depend on whether the helper address was configured or not to prevent 'surprise' reinstalls. If the concern is potentially forwarding lots of garbage at the boot server, then try whittling down 'ip forward-protocol'. (To answer your actual question though, as far as I know your best approach would be to CISCO-CONFIG-COPY-MIB snippets into running-config) ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] per-packet load sharing.
On Mon, Dec 10, 2007 at 09:36:56AM -0800, virendra rode // wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Kevin Graham wrote: The thing is the cef is load-balancing packets across equal-cost links on a per-destination which is how its suppose to be which I get it. The issue is my tunnel traffic is destined to a single core router on the far end of the links consuming the majority of the BW for any single link. Under 12.4(11)T there's now an algorithm that includes ports numbers in the hash: http://www.cisco.com/en/US/products/ps6441/products_configuration_guide_chapter09186a0080824974.html#wp1046335 - I could possibly give this is a try provided traffic gets load shared over equal cost paths. Just wondering if ip cef load-sharing algorithm include-ports source destination feature is supported on 12.4(10c)? No. 12.4(11)T and later only. Will be in 12.5(x) mainline. Rodney Hence I'm looking at using per-packet method. I don't have any latency sensitive application that I need to worry in this case. The concern with per-packet isn't an increase in latency, its the jitter and out-of-order delivery (the OoO's being especially harsh on bulk TCP transfers). - Understand and this been highlighted to the customer which will be monitored as part of their performance review. regards, /virendra -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.2.2 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFHXXk4pbZvCIJx1bcRAlt0AKCgFWjwS4LOXkEBtSRXm5FdNMkwmgCguBDE HHRiIc/N0YlOokIhWkFILJM= =0UDH -END PGP SIGNATURE- ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/ ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] MLPPP support on a 2651XM
Yes, I believe you can. Dave. Justin Shore wrote: Can anyone tell me if MLPPP is supported on a 2651XM with 2x WIC-1DSU-T1 (might be a V2s) and a VWIC-2MFT-T1 mounted on a NM-2W? The router and WICs are pre-existing and the customer needs to double their bandwidth. It's cheaper to buy a NM-2W and a VWIC-2MFT-T1, reusing the WICs, instead of buying 2x VWIC-2MFT-T1 modules. I found the doc referencing the minimum IOS rev but I haven't found anything that will tell me if I can put a MLPPP bundle across these interfaces. Thanks Justin ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/ ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] per-packet load sharing.
Sent from my Verizon Wireless BlackBerry ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] per-packet load sharing.
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Rodney Dunn wrote: On Mon, Dec 10, 2007 at 09:36:56AM -0800, virendra rode // wrote: Kevin Graham wrote: The thing is the cef is load-balancing packets across equal-cost links on a per-destination which is how its suppose to be which I get it. The issue is my tunnel traffic is destined to a single core router on the far end of the links consuming the majority of the BW for any single link. Under 12.4(11)T there's now an algorithm that includes ports numbers in the hash: http://www.cisco.com/en/US/products/ps6441/products_configuration_guide_chapter09186a0080824974.html#wp1046335 I could possibly give this is a try provided traffic gets load shared over equal cost paths. Just wondering if ip cef load-sharing algorithm include-ports source destination feature is supported on 12.4(10c)? No. 12.4(11)T and later only. Will be in 12.5(x) mainline. Rodney - --- Bummer. We have a stringent code selection process for all our CE routers. Just curious, anyone running 12.4(11)T would like to share their experiences from a stability standpoint. regards, /virendra Hence I'm looking at using per-packet method. I don't have any latency sensitive application that I need to worry in this case. The concern with per-packet isn't an increase in latency, its the jitter and out-of-order delivery (the OoO's being especially harsh on bulk TCP transfers). Understand and this been highlighted to the customer which will be monitored as part of their performance review. regards, /virendra ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/ -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.2.2 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFHXZIHpbZvCIJx1bcRAnK9AKDQeCDKcy2PjnxfpzjOgefHcaIgRgCeLmcE UBXfrnHu6FokdKaVNxGRCJ4= =1mBh -END PGP SIGNATURE- ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] Configure IP helper via SNMP?
Hi Drew, On Dec 11, 2007 5:30 AM, Drew Weaver [EMAIL PROTECTED] wrote: Well, we were going to use both 'whether the helper address was configured' and whether the MAC address of the NIC (which would've been configured dynamically via an application in which it gets added/removed from the configuration for the DHCP server) to determine whether it should be PXE booted, and we weren't really initially thinking of autoinstalls we were thinking of having an autobooting rescue environment similar to a busybox shell which booted which would allow us to resolve issues remotely on a plethora of linux machines which are not local. What about taking a lead from systems like Novell's ZENworks, where the system boots via PXE every time, but to continue loading the boot image, the user has to hold down a key? Otherwise it drops back out and boots as per usual. This way you can leave your ip helper configuration alone, and don't need to fiddle with your DHCP server configuration. If there is really no one local to the machine that can press and hold a key for you, maybe one of the things the boot image could check for is a per-system flag or something to determine whether to continue loading the image. cheers, Dale ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] per-packet load sharing.
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Aamer Akhter (aakhter) wrote: Veranda, Have you looked at PfR (Performance Routing) to distribute the flows across the links? Differently that the CEF hash, PfR has flow and link utilization awareness, and can very granularly move flows amongst exit links (ie for a site). - -- No I haven't looked into it. I will need to test in the lab before I can deploy this on our dual router CE router setup. I don't think PFR is supported in 12.4(10c)? regards, /virendra -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.2.2 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFHXaTqpbZvCIJx1bcRAsULAKCjOqRRlvOBGWEItAlVoVNB2wlGXQCg5eCg 0I688iyWicGSJfH1n5u8RYw= =L6qh -END PGP SIGNATURE- ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] per-packet load sharing.
Hi Virendra, OER/PfR is there in one form in 12.3 and 12.4. But the real support and many of the really nice functions are going to be in 12.4T. Regards, -- Aamer Akhter / [EMAIL PROTECTED] Ent Commercial Systems, cisco Systems -Original Message- From: virendra rode // [mailto:[EMAIL PROTECTED] Sent: Monday, December 10, 2007 3:43 PM To: Aamer Akhter (aakhter) Cc: [EMAIL PROTECTED]; cisco-nsp Subject: Re: [c-nsp] per-packet load sharing. -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Aamer Akhter (aakhter) wrote: Veranda, Have you looked at PfR (Performance Routing) to distribute the flows across the links? Differently that the CEF hash, PfR has flow and link utilization awareness, and can very granularly move flows amongst exit links (ie for a site). - -- No I haven't looked into it. I will need to test in the lab before I can deploy this on our dual router CE router setup. I don't think PFR is supported in 12.4(10c)? regards, /virendra -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.2.2 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFHXaTqpbZvCIJx1bcRAsULAKCjOqRRlvOBGWEItAlVoVNB2wlGXQCg5eCg 0I688iyWicGSJfH1n5u8RYw= =L6qh -END PGP SIGNATURE- ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] One or two policy and class maps?
To answer my own question, almost two months later: we settled on using an 'any any' for our ACL and since I'm told this is done in hardware, it doesn't really matter if there are one or two class maps. We can only do policing, not shaping, because we're not working with OSMs. Yes, the traffic flow is choppy, but that's all there's to it. It does seem to work consistently well if the traffic in inter or intra-blade. So despite the fancy SUP module and DFC3C's on our 10/100/1000 blade, the only thing we gain is outbound policing. Frank -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Frank Bulk Sent: Thursday, October 18, 2007 9:36 PM To: cisco-nsp@puck.nether.net Subject: [c-nsp] One or two policy and class maps? I have a 7609-S with the RSP720 and PFC3C, which supports in and outbound QoS flows. Should I be using one or two policy and class maps? The first method, if I understand this correctly, has a single service policy in configuration that is moot because there will never be matches one direction. The second one, while more complex, eliminates checking flow ACL matches that will never exist. This: class-map match-any test-networks match access-group name test-policer-inbound match access-group name test-policer-outbound policy-map test-policer class test-networks police cir 200 pir 200conform-action transmit exceed-action drop interface Vlan203 ip address 167.a.b.c 255.255.255.252 service-policy input test-policer service-policy output test-policer end or this: class-map match-any test-inbound-networks match access-group name test-policer-inbound class-map match-any test-outbound-networks match access-group name test-policer-outbound policy-map test-inbound-policer class test-inbound-networks police cir 200 pir 200conform-action transmit exceed-action drop policy-map test-outbound-policer class test-outbound-networks police cir 200 pir 200conform-action transmit exceed-action drop interface Vlan203 ip address 167.a.b.c 255.255.255.252 service-policy input test-inbound-policer service-policy output test-outbound-policer end The rest of the config can be found below. Regards, Frank = vlan 203 name Test interface GigabitEthernet1/5 description Test switchport switchport access vlan 203 speed 100 duplex full ip access-list extended test-policer_inbound permit ip any d.e.f.0 0.0.0.255 ip access-list extended test-policer_outbound permit ip d.e.f.0 0.0.0.255 any ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/ ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
[c-nsp] cisco acs v3.3
Hi All, A quick thanks up front for any help. Had our Cisco ACS box die, but managed to get the hard drive to mount in Linux and copied the CiscoSecure ACS v3.3 folder off the drive. Built up a new box and replaced the default CiscoSecure ACS v3.3 with the old servers folder. All the user/group info came up, but unfortunately the network devices did not. I know we should have used the csutil to back it up, but unfortunately the ops group hadn't been managing the backups. My question is there a way to restore the network devices? and where does the network device information live? Thanks Ivan ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
[c-nsp] 10G LFS function
Hi, Does cisco products support LFS function of 802.3ae? We have a WS-X6704-10GE. Regards, Hiromasa ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
[c-nsp] underruns error locally inputs errors, runts and abort on remote interface
Hello, I'm seeing underruns errors on local STM1 interface, on the remote router i'm seeing runts, aborts and imput errors the controller is clean(during a certain period). a policy map is created on the local router since there is lot of output traffic Policy Map Shaper Class class-default Average Rate Traffic Shaping cir 13700 (bps) please advice! local-router#sh int pos1/1/0 controller POS1/1/0 is up, line protocol is up Hardware is Packet over Sonet MTU 4470 bytes, BW 155000 Kbit, DLY 100 usec, reliability 255/255, txload 161/255, rxload 170/255 Encapsulation FRAME-RELAY, crc 16, loopback not set Keepalive not set Scramble disabled LMI DLCI 1023 LMI type is CISCO frame relay DTE FR SVC disabled, LAPF state down Broadcast queue 0/256, broadcasts sent/dropped 69/0, interface broadcasts 0 Last input 00:00:03, output 00:00:03, output hang never Last clearing of show interface counters 00:22:46 Input queue: 18/75/0/0 (size/max/drops/flushes); Total output drops: 0 Queueing strategy: Class-based queueing a policy rate limiting is applying Output queue: 0/40 (size/max) 30 second input rate 103503000 bits/sec, 28439 packets/sec 30 second output rate 98274000 bits/sec, 16845 packets/sec 34956914 packets input, 10987190786 bytes, 0 no buffer Received 0 broadcasts (0 IP multicasts) 0 runts, 0 giants, 0 throttles 0 parity 0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored, 0 abort 23509473 packets output, 17366111957 bytes, 705 underruns 0 output errors, 0 applique, 0 interface resets 0 output buffer failures, 0 output buffers swapped out 0 carrier transitions POS1/1/0 SECTION LOF = 0 LOS= 0BIP(B1) = 0 LINE AIS = 0 RDI= 0 FEBE = 0 BIP(B2) = 0 PATH AIS = 0 RDI= 0 FEBE = 0 BIP(B3) = 0 PLM = 0 UNEQ = 0 TIM = 0 TIU = 0 LOP = 0 NEWPTR = 61 PSE = 61 NSE = 0 Active Defects: None Active Alarms: None Alarm reporting enabled for: SF SLOS SLOF B1-TCA B2-TCA PLOP B3-TCA Framing: SDH APS COAPS = 0 PSBF = 0 State: PSBF_state = False Rx(K1/K2): 01/00 Tx(K1/K2): 00/00 S1S0 = 02, C2 = CF Remote aps status (none); Reflected local aps status (none) CLOCK RECOVERY RDOOL = 0 State: RDOOL_state = False PATH TRACE BUFFER: STABLE Remote hostname : remote-router Remote interface: POS9/1/0 Remote IP addr : 0.0.0.0 Remote Rx(K1/K2): 00/00 Tx(K1/K2): 00/00 BER thresholds: SF = 10e-3 SD = 10e-6 TCA thresholds: B1 = 10e-6 B2 = 10e-6 B3 = 10e-6 Clock source: internal remote-router#sh int pos9/1/0 controller POS9/1/0 is up, line protocol is up Hardware is Packet over Sonet MTU 4470 bytes, BW 155000 Kbit, DLY 100 usec, reliability 255/255, txload 96/255, rxload 166/255 Encapsulation FRAME-RELAY, crc 16, loopback not set Keepalive not set Scramble disabled FR SVC disabled, LAPF state down Broadcast queue 0/256, broadcasts sent/dropped 0/0, interface broadcasts 0 Last input 00:00:00, output 00:00:00, output hang never Last clearing of show interface counters 00:08:44 Input queue: 18/75/1812/0 (size/max/drops/flushes); Total output drops: 0 Queueing strategy: fifo Output queue: 0/40 (size/max) 30 second input rate 101192000 bits/sec, 16987 packets/sec 30 second output rate 58761000 bits/sec, 24464 packets/sec 8894360 packets input, 6582475450 bytes, 0 no buffer Received 0 broadcasts (0 IP multicasts) 912 runts, 0 giants, 0 throttles 0 parity 1206 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored, 366 abort 13133325 packets output, 3998372082 bytes, 0 underruns 0 output errors, 0 applique, 0 interface resets 0 output buffer failures, 0 output buffers swapped out 0 carrier transitions POS9/1/0 SECTION LOF = 0 LOS= 0BIP(B1) = 0 LINE AIS = 0 RDI= 0 FEBE = 0 BIP(B2) = 0 PATH AIS = 0 RDI= 0 FEBE = 0 BIP(B3) = 0 PLM = 0 UNEQ = 0 TIM = 0 TIU = 0 LOP = 0 NEWPTR = 1105 PSE = 1666 NSE = 0 Active Defects: None Active Alarms: None Alarm reporting enabled for: SF SD SLOS SLOF B1-TCA LAIS LRDI B2-TCA PAIS PLOP PRDI PPLM PUNEQ PTIM PTIU B3-TCA RDOOL Framing: SDH APS COAPS = 0 PSBF = 0 State: PSBF_state = False Rx(K1/K2): 00/00 Tx(K1/K2): 00/00 S1S0 = 02, C2 = CF Remote aps status (none); Reflected local aps status (none) CLOCK RECOVERY RDOOL = 0 State: RDOOL_state = False PATH TRACE BUFFER: STABLE Remote hostname : local-router Remote interface: POS1/1/0 Remote IP addr : 0.0.0.0 Remote Rx(K1/K2): 01/00 Tx(K1/K2): 00/00 BER thresholds: SF = 10e-3 SD = 10e-6 TCA thresholds: B1 = 10e-6 B2 = 10e-6 B3 = 10e-6 Clock