Re: [c-nsp] CoPP Hardware Counters on RSP720/7600
Hi Sebastian, Have you confirmed that mls qos is enabled globally? CoPP needs mls qos in order to work in HW. Thanks Ozgur --- On Sat, 20/9/08, Sebastian Wiesinger [EMAIL PROTECTED] wrote: From: Sebastian Wiesinger [EMAIL PROTECTED] Subject: [c-nsp] CoPP Hardware Counters on RSP720/7600 To: cisco-nsp@puck.nether.net Date: Saturday, 20 September, 2008, 4:05 PM Hello, I'm implementing a control plane policy for a 7600/RSP720 box. In this policy I have a class-map which matches icmp packets and polices them. That works fine, when I flood-ping the box there are icmp packets lost when the policer drops packets. The only thing that bothers me is that the hardware counters do not count up, only the software counters display an accurate packet count. The box is running 12.2SRC Is there a way to be sure that the packets are policed/dropped in hardware? These are the counters from show policy-map control-plane input: Hardware Counters: class-map: copp-monitoring (match-any) Match: access-group name copp-monitoring police : 248000 bps 45000 limit 45000 extended limit Earl in slot 5 : 562294 bytes 5 minute offered rate 0 bps aggregate-forwarded 562294 bytes action: transmit exceeded 0 bytes action: drop aggregate-forward 0 bps exceed 0 bps Software Counters: Class-map: copp-monitoring (match-any) 217841 packets, 17517388 bytes 5 minute offered rate 1000 bps, drop rate 0 bps Match: access-group name copp-monitoring 217841 packets, 17517388 bytes 5 minute rate 1000 bps police: cir 25 bps, bc 45000 bytes, be 45000 bytes conformed 215999 packets, 17336692 bytes; actions: transmit exceeded 459 packets, 44982 bytes; actions: drop violated 1395 packets, 136650 bytes; actions: drop conformed 1000 bps, exceed 0 bps, violate 0 bps #sh class-map copp-monitoring Class Map match-any copp-monitoring (id 3) Match access-group name copp-monitoring #sh access-lists copp-monitoring Extended IP access list copp-monitoring 10 permit icmp any any ttl-exceeded (1 match) 20 permit icmp any any port-unreachable (2 matches) 30 permit icmp any any echo-reply (78 matches) 40 permit icmp any any echo (310459 matches) #sh mls qos ip QoS Summary [IPv4]: (* - shared aggregates, Mod - switch module) Int Mod Dir Class-map DSCP Agg Trust Fl AgForward-By AgPoliced-By Id Id --- CPP 5 In copp-manag00*No 0n/an/a CPP 5 In copp-bgp00*No 0n/an/a CPP 5 In copp-ospf00*No 0n/an/a CPP 5 In copp-crit-00*No 0n/an/a CPP 5 In copp-tunne00*No 0n/an/a CPP 5 In copp-monit01 dscp 0 566066 0 CPP 5 In class-defa02 dscp 0 122496813 0 All 5 -Default00*No 069655086564 0 Regards, Sebastian -- GPG Key-ID: 0x76B79F20 (0x1B6034F476B79F20) 'Are you Death?' ... IT'S THE SCYTHE, ISN'T IT? PEOPLE ALWAYS NOTICE THE SCYTHE. -- Terry Pratchett, The Fifth Elephant ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/ ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] CoPP Hardware Counters on RSP720/7600
Hello, I have the same output on RSP720-3CXL with mls qos enabled. RSP720#sh mls qos QoS is enabled globally RSP720#sh policy-map control-plane input class copp-management Control Plane Service-policy input: control-plane-in Hardware Counters: class-map: copp-management (match-any) Match: access-group name coppacl-management-in Software Counters: Class-map: copp-management (match-any) 470321 packets, 31043704 bytes 5 minute offered rate 0 bps Match: access-group name coppacl-management-in 470321 packets, 31043704 bytes 5 minute rate 0 bps Regards, David On 9/22/08, Ozgur Guler [EMAIL PROTECTED] wrote: Hi Sebastian, Have you confirmed that mls qos is enabled globally? CoPP needs mls qos in order to work in HW. Thanks Ozgur --- On Sat, 20/9/08, Sebastian Wiesinger [EMAIL PROTECTED] wrote: From: Sebastian Wiesinger [EMAIL PROTECTED] Subject: [c-nsp] CoPP Hardware Counters on RSP720/7600 To: cisco-nsp@puck.nether.net Date: Saturday, 20 September, 2008, 4:05 PM Hello, I'm implementing a control plane policy for a 7600/RSP720 box. In this policy I have a class-map which matches icmp packets and polices them. That works fine, when I flood-ping the box there are icmp packets lost when the policer drops packets. The only thing that bothers me is that the hardware counters do not count up, only the software counters display an accurate packet count. The box is running 12.2SRC Is there a way to be sure that the packets are policed/dropped in hardware? These are the counters from show policy-map control-plane input: Hardware Counters: class-map: copp-monitoring (match-any) Match: access-group name copp-monitoring police : 248000 bps 45000 limit 45000 extended limit Earl in slot 5 : 562294 bytes 5 minute offered rate 0 bps aggregate-forwarded 562294 bytes action: transmit exceeded 0 bytes action: drop aggregate-forward 0 bps exceed 0 bps Software Counters: Class-map: copp-monitoring (match-any) 217841 packets, 17517388 bytes 5 minute offered rate 1000 bps, drop rate 0 bps Match: access-group name copp-monitoring 217841 packets, 17517388 bytes 5 minute rate 1000 bps police: cir 25 bps, bc 45000 bytes, be 45000 bytes conformed 215999 packets, 17336692 bytes; actions: transmit exceeded 459 packets, 44982 bytes; actions: drop violated 1395 packets, 136650 bytes; actions: drop conformed 1000 bps, exceed 0 bps, violate 0 bps #sh class-map copp-monitoring Class Map match-any copp-monitoring (id 3) Match access-group name copp-monitoring #sh access-lists copp-monitoring Extended IP access list copp-monitoring 10 permit icmp any any ttl-exceeded (1 match) 20 permit icmp any any port-unreachable (2 matches) 30 permit icmp any any echo-reply (78 matches) 40 permit icmp any any echo (310459 matches) #sh mls qos ip QoS Summary [IPv4]: (* - shared aggregates, Mod - switch module) Int Mod Dir Class-map DSCP Agg Trust Fl AgForward-By AgPoliced-By Id Id --- CPP 5 In copp-manag00*No 0n/an/a CPP 5 In copp-bgp00*No 0n/an/a CPP 5 In copp-ospf00*No 0n/an/a CPP 5 In copp-crit-00*No 0n/an/a CPP 5 In copp-tunne00*No 0n/an/a CPP 5 In copp-monit01 dscp 0 566066 0 CPP 5 In class-defa02 dscp 0 122496813 0 All 5 -Default00*No 069655086564 0 Regards, Sebastian -- GPG Key-ID: 0x76B79F20 (0x1B6034F476B79F20) 'Are you Death?' ... IT'S THE SCYTHE, ISN'T IT? PEOPLE ALWAYS NOTICE THE SCYTHE. -- Terry Pratchett, The Fifth Elephant ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/ ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/ ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] SXH3 ghost bugs - more details
On Fri, Sep 19, 2008 at 12:46:47PM -0500, Winders, Timothy A wrote: On 9/19/08 12:23 PM, Peter Rathlev [EMAIL PROTECTED] wrote: On Fri, 2008-09-19 at 18:51 +0200, Gert Doering wrote: On Thu, Sep 18, 2008 at 08:36:43PM -0400, Jared Mauch wrote: Your bug (CSCsu59917) should also be listed on CCO. cut What does CCO say about it, right now? (Don't want to check - $very expensive GPRS link...) Probably not totally legal to post this, but here goes. :-) CSCsu59917 SXF15: IPv4/v6 BGP routes not cleared when source routes is gone Severity: 1 - catastrophic. Status: Fixed. Fixed-In 12.2(18)SXF15 12.2(33.3.11)SXH 12.2(32.8.11)SX206 I don't understand. How can this show up in SXF15 and be fixed in SXF15? Because when we pull the label there are a few more test cycles that run pre-CCO post. If they find something catastrophic at the last minute they will fix it if at all possible. That appears to be what happened here with the SXF15 build and the bug that caused it. They are pushing for a faster rebuild on SXH to get the fix also. Rodney Or, am I reading this wrong? Tim Winders | Associate Dean of Information Technology | South Plains College ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/ ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] SXH3 ghost bugs - more details
They are Gert. Let me check on it... On Sat, Sep 20, 2008 at 09:29:53PM +0200, Gert Doering wrote: Hi, On Fri, Sep 19, 2008 at 07:23:36PM +0200, Peter Rathlev wrote: CSCsu59917 SXF15: IPv4/v6 BGP routes not cleared when source routes is gone Severity: 1 - catastrophic. Indeed... makes me wonder why they are not doing an SXH rebuild on their own, instead of making us wait 4-6 weeks for a bugfix for a *catastrophic* (!!) bug. (No news from our case yet regarding an interim rebuild) thanks, gert -- Gert Doering Mobile communications ... right now writing from * Sardegna, Italy * ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/ ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] SXH3 ghost bugs - more details
On 9/22/08 8:04 AM, Rodney Dunn [EMAIL PROTECTED] wrote: On Fri, Sep 19, 2008 at 12:46:47PM -0500, Winders, Timothy A wrote: On 9/19/08 12:23 PM, Peter Rathlev [EMAIL PROTECTED] wrote: On Fri, 2008-09-19 at 18:51 +0200, Gert Doering wrote: On Thu, Sep 18, 2008 at 08:36:43PM -0400, Jared Mauch wrote: Your bug (CSCsu59917) should also be listed on CCO. cut What does CCO say about it, right now? (Don't want to check - $very expensive GPRS link...) Probably not totally legal to post this, but here goes. :-) CSCsu59917 SXF15: IPv4/v6 BGP routes not cleared when source routes is gone Severity: 1 - catastrophic. Status: Fixed. Fixed-In 12.2(18)SXF15 12.2(33.3.11)SXH 12.2(32.8.11)SX206 I don't understand. How can this show up in SXF15 and be fixed in SXF15? Because when we pull the label there are a few more test cycles that run pre-CCO post. If they find something catastrophic at the last minute they will fix it if at all possible. That appears to be what happened here with the SXF15 build and the bug that caused it. They are pushing for a faster rebuild on SXH to get the fix also. Thanks for the answer Rodney. So, it was found in SXF15, but corrected before SXF15 was pushed out the door. Gotcha. Tim Winders | Associate Dean of Information Technology | South Plains College ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] SXH3 ghost bugs - more details
Hi, On Mon, Sep 22, 2008 at 09:04:03AM -0400, Rodney Dunn wrote: They are pushing for a faster rebuild on SXH to get the fix also. Cool! Thank you very much (if you have been involved in this - if not, at least for giving us some more background info). gert -- Gert Doering Mobile communications ... right now writing from * Sardegna, Italy * ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
[c-nsp] 12.2(33)SXI
Docs are starting to appear for 12.2(33)SXI: http://www.cisco.com/en/US/prod/collateral/switches/ps5718/ps708/qa_c67_494606_ns780_Networking_Solutions_Q_and_A.html *Q.* What is the first customer ship date for Cisco IOS Software Release 12.2(33)SXI? * A.* First customer ship is expected in September 2008. Tim: ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] Cisco ASA VPN Active/Standby - license requirements
Think LBSSP - Although Cisco making everything a 'Revenue Enhancement' opportunity puts my teeth on edge Cisco seems to have forgotten how they got to their dominant position mediocre products with GREAT support and reasonable licensing terms. They still have mediocre products but now support is expensive and delivered by call center drones reading from a script and unreasonable licensing terms. It used to be that Cisco was a compromise you could get all your support under one roof and the commonality of the products made the compromise worthwhile now more and more it seems the 'best of breed' approach is called for once again. The ASA is nowhere near the product the VPN3000 was I can see Cisco not wanting 3 separate hardware platforms for boxes with similar computational capabilities but at least come up with 3 separate images which are optimized for the task at hand NOT this LAME firewall with some VPN stuff thrown in. Case in point we use RRI on our VPN 3000's on the 3000's the RRI modifies the ospf routing table directly. in the ASA the RRI is handled by creating STATIC's so much for 'no redistribute static' if you have a out of band management network and want to handle that routing statically now what was a simple elegant solution which worked for years (7 in our case) now will become a science project with route maps from here to infinity and one that junior engineers will no longer be able to support. - Jeff Kell wrote: Garry wrote: ... makes sense especially for Active/Active standby, as it's more or less load balancing, too Bzzzttt! You can't do VPN in active/active mode, at least with 7.x and under. If you can, please tell me how! Jeff ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/ ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] 12.2(33)SXI
Tim Durack wrote: Docs are starting to appear for 12.2(33)SXI: http://www.cisco.com/en/US/prod/collateral/switches/ps5718/ps708/qa_c67_494606_ns780_Networking_Solutions_Q_and_A.html Interesting. They don't have long... *Q.* What is the first customer ship date for Cisco IOS Software Release 12.2(33)SXI? * A.* First customer ship is expected in September 2008. Documents like this have been appearing for a little while, google site:Cisco.com sxi e.g. the FWSM4 release notes reference SXI as a pre-requisite for the flow acceleration. http://www.cisco.com/en/US/docs/security/fwsm/fwsm40/release/notes/fwsmrn40.html That particular document doesn't talk about release dates, but I was reasonably sure I'd seen another. ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] 12.2(33)SXI
Yeah, I noticed the same thing. First time I saw a date though. Now I can start looking forward to the 6500 NX-OS migration (come on, the MDS-9000 is just a 6500 in sheep's clothing, and even the current iteration of the Nexus looks like it inherits technology from the 6500. I'd quite like my 6500s to be running a linux based control-plane...) Tim: On Mon, Sep 22, 2008 at 10:57 AM, Phil Mayers [EMAIL PROTECTED]wrote: Tim Durack wrote: Docs are starting to appear for 12.2(33)SXI: http://www.cisco.com/en/US/prod/collateral/switches/ps5718/ps708/qa_c67_494606_ns780_Networking_Solutions_Q_and_A.html Interesting. They don't have long... *Q.* What is the first customer ship date for Cisco IOS Software Release 12.2(33)SXI? * A.* First customer ship is expected in September 2008. Documents like this have been appearing for a little while, google site:Cisco.com sxi e.g. the FWSM4 release notes reference SXI as a pre-requisite for the flow acceleration. http://www.cisco.com/en/US/docs/security/fwsm/fwsm40/release/notes/fwsmrn40.html That particular document doesn't talk about release dates, but I was reasonably sure I'd seen another. ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
[c-nsp] WLC 4404 - Wirelss Lan Controller (DHCP issue)
Hello, A WLC4404 was configured with DHCP pool, Access nodes should get an IP from it every time it negotiates with the controller what happens is an intermittent problem where sometimes the access node does not negotiate an IP and give alert of limited or no connectivity any suggestions of what coult be the problem ? Note: the problem is intermittent, it sometimes happens , and other just simply go fine .. Thanks in advance ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] WLC 4404 - Wirelss Lan Controller (DHCP issue)
By access node, do you mean wireless access point, or wireless user? -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Ahmed Mohamed Sent: Monday, September 22, 2008 10:36 AM To: cisco-nsp@puck.nether.net Subject: [c-nsp] WLC 4404 - Wirelss Lan Controller (DHCP issue) Hello, A WLC4404 was configured with DHCP pool, Access nodes should get an IP from it every time it negotiates with the controller what happens is an intermittent problem where sometimes the access node does not negotiate an IP and give alert of limited or no connectivity any suggestions of what coult be the problem ? Note: the problem is intermittent, it sometimes happens , and other just simply go fine .. Thanks in advance ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/ ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
[c-nsp] Cisco 10720 Router?
I have an opportunity to get a Cisco 10720 router for very cheap, but I'm rather unfamiliar with this model, I have some questions that I can't seem to find the answer for. Has anyone used this model router, if so, have you used it with BGP and such? The IOS limitations are rather odd, only having the 12.0 series (with somewhat recent updates) also makes me wonder? The unit can have 512mb of ram, and mentions only being able to handle ~ 250k routes, but is this in reference to the older model that only had 256 mb of ram? This router looks pretty good, being able to do 2mil pps though. Let me know off-list or on if you have any info! Thanks, Kyle Duren Network Coordinator Noel Communications, Inc. Office: (509) 575-4780 Fax: (509) 457-5008 ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] WLC 4404 - Wirelss Lan Controller (DHCP issue)
I'm guessing it is wireless users. I have not seen an AP give the limited or no connectivity alert he mentions. How big is your dhcp scope? Maybe you're running out of IP's? What is your lease time? -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Dan Wilson Sent: Monday, September 22, 2008 12:25 PM To: 'Ahmed Mohamed'; cisco-nsp@puck.nether.net Subject: Re: [c-nsp] WLC 4404 - Wirelss Lan Controller (DHCP issue) By access node, do you mean wireless access point, or wireless user? -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Ahmed Mohamed Sent: Monday, September 22, 2008 10:36 AM To: cisco-nsp@puck.nether.net Subject: [c-nsp] WLC 4404 - Wirelss Lan Controller (DHCP issue) Hello, A WLC4404 was configured with DHCP pool, Access nodes should get an IP from it every time it negotiates with the controller what happens is an intermittent problem where sometimes the access node does not negotiate an IP and give alert of limited or no connectivity any suggestions of what coult be the problem ? Note: the problem is intermittent, it sometimes happens , and other just simply go fine .. Thanks in advance ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/ ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/ ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] sup720 / 6704 RELIABILITY DRIVER / weird ASIC msg (12.2.18 SXF2)
On Sun, Sep 21, 2008 at 10:26:20PM -0400, Paul wrote: Single sup720-3bxl. Tried different slot, even tried an entire different 6509 with same IOS SXF2.. Maybe something with the IOS, or a hardware revision of the chassis or sup module? Looking it up on the search gets no results :/ I got the same message you got, except it didn't contain the fabric channel sync error, just the power off error, and this was with ANOTHER 6704 module.. So two 6704 modules I tried , each different errors, would not work in either 6509 I have running SXF2. I got no errors putting it in a 6513, with SXH3 on it.. Will try SXF14, but I'm getting some TCAM errors with it which I'm about to post about :) I asked my coworker to upgrade the lab switch to SXF15 and try the 10G card again - mysterious NVRAM error goes away. Definitely related to older IOS thinking something was weird on the new one. The failed diagnostics on the other hand, well that appears to be a real problem - our line cards worked in spite of the NVRAM error. Ross Paul Ross Vandegrift wrote: On Sat, Sep 20, 2008 at 04:08:04PM -0400, Paul wrote: I'm getting the following messages when inserting a WS-X6704-10GE module into a 6509 running 12.2.18 SXF2 sup720-3bxl 00:00:04: %SYS-CFC9-5-RESTART: System restarted -- Cisco Internetwork Operating System Software IOS (tm) c6lc2 Software (c6lc2-SP-M), Version 12.2(18)SXF2, RELEASE SOFTWARE (fc1) Technical Support: http://www.cisco.com/techsupport Copyright (c) 1986-2006 by cisco Systems, Inc. Compiled Thu 19-Jan-06 04:37 by dchih *Nov 30 00:00:02.723: CFC9: Currently running ROMMON from S (Gold) region - RELIABILITY DRIVER: wrong signature on NVFLASH A co-worker reported the same message to me on Friday from a lab switch running SXD7b when he inserted a 6704-10GE w/dfc3bxl. Do you have redundant sups in the switch? This message is in our logs: 00:00:24: %SYS-DFC4-5-RESTART: System restarted -- Cisco Internetwork Operating System Software IOS (tm) c6lc2 Software (c6lc2-SP-M), Version 12.2(18)SXD7b, RELEASE SOFTWARE (fc1) Technical Support: http://www.cisco.com/techsupport Copyright (c) 1986-2006 by cisco Systems, Inc. Compiled Fri 08-Dec-06 12:34 by ccai 00:00:24: DFC4: Currently running ROMMON from S (Gold) region - RELIABILITY DRIVER: wrong signature on NVFLASH 00:18:40: SP: Disabling standby fabric in slot 6 and allowing module in slot 4 to go ONLINE as it's fabric channels could not sync with the standby but synced with the active fabric 00:18:40: %OIR-SP-3-PWRCYCLE: Card in module 6, is being power-cycled off (Fabric channel errors) 00:18:42: %PFREDUN-SP-6-ACTIVE: Standby processor removed or reloaded, changing to Simplex mode 00:18:43: %DIAG-SP-6-RUN_MINIMUM: Module 4: Running Minimum Diagnostics... 00:18:54: %DIAG-SP-6-DIAG_OK: Module 4: Passed Online Diagnostics Sep 20 13:19:21: %PM_SCP-SP-2-LCP_FW_ERR_INFORM: Module 9 is experiencing the following error: Port Asic 0: 2 important event Sep 20 14:02:51: %PM_SCP-SP-2-LCP_FW_ERR_INFORM: Module 9 is experiencing the following error: Port Asic 0: 1 important event I don't see any instances of this, so it could be different. Is this a bug in SXF2? I put the same module into another running SXH3 and I don't get the reliability driver message. Also this ASIC message does not look good but again it doesn't happen on SXH3.. Thanks ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/ -- GloboTech Communications Phone: 1-514-907-0050 Toll Free: 1-(888)-GTCOMM1 Fax: 1-(514)-907-0750 [EMAIL PROTECTED] http://www.gtcomm.net ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/ -- Ross Vandegrift [EMAIL PROTECTED] The good Christian should beware of mathematicians, and all those who make empty prophecies. The danger already exists that the mathematicians have made a covenant with the devil to darken the spirit and to confine man in the bonds of Hell. --St. Augustine, De Genesi ad Litteram, Book II, xviii, 37 ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] CoPP Hardware Counters on RSP720/7600
* Ozgur Guler [EMAIL PROTECTED] [2008-09-22 14:31]: Hi Sebastian, Have you confirmed that mls qos is enabled globally? CoPP needs mls qos in order to work in HW. Yes, mls qos is enabled. I tried doing a flood-ping with hping3 and have around 30-40% of CPU usage. This seems a little bit high, but I heard from others that without CoPP the session to the RSP720 would just freeze. With my CoPP enabled I was able to work without delay on the RSP720. I couldn't test the situation without CoPP but I hope I can do so tonight. Regards, Sebastian -- GPG Key-ID: 0x76B79F20 (0x1B6034F476B79F20) 'Are you Death?' ... IT'S THE SCYTHE, ISN'T IT? PEOPLE ALWAYS NOTICE THE SCYTHE. -- Terry Pratchett, The Fifth Elephant ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] Cisco 10720 Router?
We have several hundred and are quite happy. Pre-7201/ASR it was about the only option for a cost effective 4 gig box for proper Hqos. You're right though its 12.0S based and cant be far from EOL now (The ASR 1002 is the natural successor.). Dont expect to use it like a 7200 with every feature under the sun but if you need Ethernet, routing, QOS and maybe a few acls its great. Typical use for us is as Customer router for high bandwidth MPLS solutions (100Mbs to 750+) delivered on Gig. Route tables of 50K (large enterprise) rather than a full internet table. It only does sampled netflow which may or may not be an issue for you. Dean -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Kyle Duren Sent: 22 September 2008 18:16 To: cisco-nsp@puck.nether.net Subject: [c-nsp] Cisco 10720 Router? I have an opportunity to get a Cisco 10720 router for very cheap, but I'm rather unfamiliar with this model, I have some questions that I can't seem to find the answer for. Has anyone used this model router, if so, have you used it with BGP and such? The IOS limitations are rather odd, only having the 12.0 series (with somewhat recent updates) also makes me wonder? The unit can have 512mb of ram, and mentions only being able to handle ~ 250k routes, but is this in reference to the older model that only had 256 mb of ram? This router looks pretty good, being able to do 2mil pps though. Let me know off-list or on if you have any info! Thanks, Kyle Duren Network Coordinator Noel Communications, Inc. Office: (509) 575-4780 Fax: (509) 457-5008 ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/ ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
[c-nsp] OSM memory
Can any confirm for me if the memory for a 6500/7600 OSM is the same as the memory modules for the Sup2 or MSFC2? Just found out our 64MB OSMs don't like SXF14, no one thought to look at the OSM. Thanks, Chuck ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] IPV6 IPAM
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Mario Spinthiras wrote: Can anyone from the ISP/NSP sector tell me what else they would like to see in such an IPAM or what they feel would be a feature suited ? Some kind of out of band access to the system, such as XML/SOAP API over HTTP, would be useful. This could be for provisioning, import/export of data, 3rd party system (cron job) integration, and so on. The system sounds good - best of luck! - -- Oliver Gorwits, Network and Telecommunications Group, Oxford University Computing Services -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.7 (Darwin) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFI2BGJ2NPq7pwWBt4RAiQaAKDc+HnHuvdJHH/hCXENABS3ujgh4QCeMeJH 9aGExeP8fG/1QP3aYFN1XEY= =52OX -END PGP SIGNATURE- ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
[c-nsp] debugging all incoming traffic on an interface
I'm trying to give a local ILEC an idea on where to look to troubleshoot an issue on a bridged DSL circuit. It terminates directly onto a WIC-1ADSL interface in a 2651 on the one side and a VLAN on the other side. Can't pass traffic over it, but the inbound packet counters are incrementing on the 2651 side, however I have no idea what kind of traffic is actually hitting the interface, nor do I know what the source or destination of the traffic is. My question in all of this is what's the best way to see all the traffic coming into this interface? Attaching a access-list 100 permit ip any any log-input to the interface and/or subinterface via ip access-group didn't show anything - the interface counters incremented while the access-list counter didn't. I can't debug the ATM (sub)interface, nor can I configure a SPAN port on an ATM (sub)interface. Anyone know how I might go about this? I suppose in a worst case scenario, I could hook up a DSL modem to the line and plug that into a wireshark box, but I'm hoping there's a more localized solution. Thanks in advance.___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] debugging all incoming traffic on an interface
Hi James, It's bridged, so no. Regardless, an ACL works fine on the ATM subinterface, except the traffic isn't anything that is matched by an access-list, from what I can see based on what I've tried so far. In retrospect, I should have clarified that better initially. Sorry for the confusion. On 22-Sep-08, at 7:17 PM, James Baker wrote: Do you have a Dialer interface defined and attached to the ATM interfaces? If you do, try the ACL on that. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Jason Lixfeld Sent: Tuesday, 23 September 2008 10:52 a.m. To: cisco-nsp@puck.nether.net Subject: [c-nsp] debugging all incoming traffic on an interface I'm trying to give a local ILEC an idea on where to look to troubleshoot an issue on a bridged DSL circuit. It terminates directly onto a WIC-1ADSL interface in a 2651 on the one side and a VLAN on the other side. Can't pass traffic over it, but the inbound packet counters are incrementing on the 2651 side, however I have no idea what kind of traffic is actually hitting the interface, nor do I know what the source or destination of the traffic is. My question in all of this is what's the best way to see all the traffic coming into this interface? Attaching a access-list 100 permit ip any any log-input to the interface and/or subinterface via ip access-group didn't show anything - the interface counters incremented while the access-list counter didn't. I can't debug the ATM (sub)interface, nor can I configure a SPAN port on an ATM (sub)interface. Anyone know how I might go about this? I suppose in a worst case scenario, I could hook up a DSL modem to the line and plug that into a wireshark box, but I'm hoping there's a more localized solution. Thanks in advance. -- The information contained in this e-mail and any attachments is confidential and is intended for the attention and use of the named addressee(s) only. Any views expressed in this message are those of the individual sender and may not necessarily reflect the views of Chelmer Limited. # This e-mail message has been scanned for Viruses and Content and cleared by NetIQ MailMarshal # ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
[c-nsp] c4000
Hi all ls any different to setup vlan between catalyst 4000 and 2960? I need to setup the cisco2800 to have vlan this 4000 switch ls it easy? how setup the trunk port in 4000 switch? Thank you Send instant messages to your online friends http://uk.messenger.yahoo.com ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] debugging all incoming traffic on an interface
Do you have a Dialer interface defined and attached to the ATM interfaces? If you do, try the ACL on that. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Jason Lixfeld Sent: Tuesday, 23 September 2008 10:52 a.m. To: cisco-nsp@puck.nether.net Subject: [c-nsp] debugging all incoming traffic on an interface I'm trying to give a local ILEC an idea on where to look to troubleshoot an issue on a bridged DSL circuit. It terminates directly onto a WIC-1ADSL interface in a 2651 on the one side and a VLAN on the other side. Can't pass traffic over it, but the inbound packet counters are incrementing on the 2651 side, however I have no idea what kind of traffic is actually hitting the interface, nor do I know what the source or destination of the traffic is. My question in all of this is what's the best way to see all the traffic coming into this interface? Attaching a access-list 100 permit ip any any log-input to the interface and/or subinterface via ip access-group didn't show anything - the interface counters incremented while the access-list counter didn't. I can't debug the ATM (sub)interface, nor can I configure a SPAN port on an ATM (sub)interface. Anyone know how I might go about this? I suppose in a worst case scenario, I could hook up a DSL modem to the line and plug that into a wireshark box, but I'm hoping there's a more localized solution. Thanks in advance. -- The information contained in this e-mail and any attachments is confidential and is intended for the attention and use of the named addressee(s) only. Any views expressed in this message are those of the individual sender and may not necessarily reflect the views of Chelmer Limited. # This e-mail message has been scanned for Viruses and Content and cleared by NetIQ MailMarshal # ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] c4000
I presume the only difference in setting up vlans would show in CatOS which I haven't used and not sure people do today compared to IOS. If I remember correctly through my Cisco training CatOS is something like set vlan %x while as it should be straight forward with IOS using vlan %x in global config. I do however remember a mishap I used to do sometimes. I used to create virtual interfaces e.g Vlan401 and they wouldnt work for the simple fact that I didnt create the l2 vlan. Trunking should be fairly straight forward too. Int X/X/X switchport mode trunk switchport encap dot1q no shut thats about it. ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] c4000
On Tue, Sep 23, 2008, adrian kok wrote: Hi all ls any different to setup vlan between catalyst 4000 and 2960? I need to setup the cisco2800 to have vlan this 4000 switch ls it easy? how setup the trunk port in 4000 switch? I'd suggest finding the catalyst OS (catos) configuration guide on the Cisco website for the rough model / CatOS version you're using. It is all very well documented. Knowing where the docs are and reading them will probably enlighten you. Adrian ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] c4000
Wouldn't it be a lot wiser to migrate to IOS ? I know this is possible and I'm sure it's a step forward than anything else. Can anyone shed some light on the worthiness of migrating to IOS other than the obvious (consistency , easier) Regards, Mario ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] c4000
On Tue, Sep 23, 2008, Mario Spinthiras wrote: Wouldn't it be a lot wiser to migrate to IOS ? I know this is possible and I'm sure it's a step forward than anything else. Can anyone shed some light on the worthiness of migrating to IOS other than the obvious (consistency , easier) I believe only the very later Cat4000 Sup's can run IOS; the earlier ones (Sup1/Sup2 I think?) only run CatOS. CatOS mostly just works for a lot of switching environments and honestly isn't that scary. :) Adrian ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] Cisco 10720 Router?
There was a kit to upgrade to 512mb which also requires a IOS upgrade. We used it for gige and fe access in some pops. Aaron On Mon, Sep 22, 2008 at 1:16 PM, Kyle Duren [EMAIL PROTECTED] wrote: I have an opportunity to get a Cisco 10720 router for very cheap, but I'm rather unfamiliar with this model, I have some questions that I can't seem to find the answer for. Has anyone used this model router, if so, have you used it with BGP and such? The IOS limitations are rather odd, only having the 12.0 series (with somewhat recent updates) also makes me wonder? The unit can have 512mb of ram, and mentions only being able to handle ~ 250k routes, but is this in reference to the older model that only had 256 mb of ram? This router looks pretty good, being able to do 2mil pps though. Let me know off-list or on if you have any info! Thanks, Kyle Duren Network Coordinator Noel Communications, Inc. Office: (509) 575-4780 Fax: (509) 457-5008 ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/ ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/