Hi
I'm currently using 6500 with SUP720 and 67xx CFC linecards (mainly
almost all are 6704-10GE).
Is SUP-2T (PFC4) changes anything about possible simultaneous features
configured on one interface comparing to SUP720 (PFC3) ? My goal is to
have ingress netflow and microflow policing configured on
Dear All,
I am starting a project to implement VRF-lite for some customers,
does anybody know (or have a link to some Cisco documentation) the
maximum number of VRF-lite instances in the different ISR G2 routers
models of Cisco?
Thanks,
Matteo
___
On Wed, 2011-07-13 at 10:01 +0200, Matteo Castelli ML wrote:
I am starting a project to implement VRF-lite for some customers,
does anybody know (or have a link to some Cisco documentation) the
maximum number of VRF-lite instances in the different ISR G2 routers
models of Cisco?
I tried
On 07/12/2011 03:34 PM, Mark Tinka wrote:
On Tuesday, July 12, 2011 02:29:25 PM Alan Buxey wrote:
Use the sfp+ adapter?
I saw that too.
My point is I'm guessing the card could be cheaper (and
faster) if smaller sockets were used.
Also, XFP would give us better distance as of now, but sure,
On 07/13/2011 07:12 AM, Robert Hass wrote:
Hi
I'm currently using 6500 with SUP720 and 67xx CFC linecards (mainly
almost all are 6704-10GE).
Is SUP-2T (PFC4) changes anything about possible simultaneous features
configured on one interface comparing to SUP720 (PFC3) ? My goal is to
have ingress
According to the documentation at
http://www.cisco.com/en/US/docs/ios/ipv6/configuration/guide/ip6-sec_trfltr
_fw_ps10592_TSD_Products_Configuration_Guide_Chapter.html
The following should suffice as a simple stateful IPv6 firewall (no
reflection or zoning):
!
ipv6 unicast-routing
ipv6 cef
ipv6
On Wed, 13 Jul 2011, Peter Rathlev wrote:
On Wed, 2011-07-13 at 10:01 +0200, Matteo Castelli ML wrote:
I am starting a project to implement VRF-lite for some customers,
does anybody know (or have a link to some Cisco documentation) the
maximum number of VRF-lite instances in the different
On Wed, 2011-07-13 at 11:58 +0300, John Kougoulos wrote:
If I remember correctly another limitation that affects the number of VRFs
is the number of software IDBs that are available in each platform.
show idb will show how many are available, and how they are used.
I actually suspected
I take it you're unable or unwilling to change your netflow flowmask to
match that required by the microflow policer?
My mls netflow configuration below:
mls ipv6 acl compress address unicast
mls aging fast time 5 threshold 16
mls aging long 64
mls aging normal 32
mls netflow interface
mls
On 07/13/2011 10:29 AM, Robert Hass wrote:
You think I can change something here to have same flowmasks ?
Hmm. I'm a bit surprised TBH; there are two usable flowmasks on the
sup720 for IPv4; you're using one (interface-full) for netflow, so you
should be able to use another (destination)
It will also depend on how many routes are in each VRF.
David Rothera
On Wed, Jul 13, 2011 at 9:33 AM, Peter Rathlev pe...@rathlev.dk wrote:
On Wed, 2011-07-13 at 10:01 +0200, Matteo Castelli ML wrote:
I am starting a project to implement VRF-lite for some customers,
does anybody know
On 13/07/2011 09:45, Phil Mayers wrote:
The explanation back in the day was that Cisco had a lot of customers
wanting to run 10gig over old multimode fibre, and thus needed the LX4
transceiver which required a physically bigger housing to fit all the bits
into. I wonder if that's still their
Hello group,
I have a customer with a few 3560/3750's and one 4500/SUP5 acting as the
core switch.
For some reason, when a user start one multicast stream, the 4500 suffers
high cpu utilization and the network is affected. Only the 4500 suffers of
this problem, the 3560/3750's don't have any
Check the ttl on the multicast stream. A ttl of 1 will cause it to hit the
CPU of your first hop router.
On Jul 13, 2011 8:02 AM, Antonio Soares amsoa...@netcabo.pt wrote:
Hello group,
I have a customer with a few 3560/3750's and one 4500/SUP5 acting as the
core switch.
For some reason, when
I will check that, in fact the 4500 is the first hop router.
Thanks.
Regards,
Antonio Soares, CCIE #18473 (RS/SP)
mailto:amsoa...@netcabo.pt amsoa...@netcabo.pt
http://www.ccie18473.net http://www.ccie18473.net
From: Chris Evans [mailto:chrisccnpsp...@gmail.com]
Sent:
Dear all,
My organisation has two (old) Cisco 2600 series routers deployed in two
remote sites, one 2620 and one 2621. So far these routers have been
performing very well, however we are now looking at substantially
increasing the bandwidth of the WAN links that connect these two remote
Hi Terence.
Is this what you where looking for perhaps?
http://www.cisco.com/web/partners/downloads/765/tools/quickreference/routerp
erformance.pdf
Ciao
JC
-Original Message-
From: cisco-nsp-boun...@puck.nether.net
[mailto:cisco-nsp-boun...@puck.nether.net] On Behalf Of Terence Scott
Antonio Soares amsoa...@netcabo.pt wrote:
I have a customer with a few 3560/3750's and one 4500/SUP5 acting as the
core switch.
For some reason, when a user start one multicast stream, the 4500 suffers
high cpu utilization and the network is affected. Only the 4500 suffers of
this
The TTL=1, they use VLC and this is the default TTL value.
We found in the meanwhile that if the stream is sent to 239.x.x.x, there is
no impact on the 4500's cpu.
If the stream destination is somewhere in the 224.x.x.x range, the cpu goes
to the maximum. The packets are processed by the cpu.
I
On Wed, 2011-07-13 at 12:59 +0100, Antonio Soares wrote:
Usually the multicast streams are destined to 224.x.x.x. The end users do
not respect the 239 rule.
Beware that traffic to 224.0.0.0/24 (Local Network Control Block) is
_always_ process switched and will never be blocked by any switch. As
Hey Guys,
I am having a weird issue between 2 switchs that I hope someone can help out
with.
One end of the trunk is a cisco WS-C3548-XL running 12.0(5.3)WC(1) code
The other end is a ProCurve J9086A Switch 2610-24/12PWR software Version:
R.11.25
On the Procurve end I see absolutely nothing
2011/7/12 Gert Doering g...@greenie.muc.de
Hi,
On Tue, Jul 12, 2011 at 07:46:00PM +, Leigh Harrison wrote:
There is a legacy layer 2 network which has had an mpls network
built over it. A link between two of the data centres is a dark
fibre between two Cisco 3750E switches running
Hi,
On Wed, Jul 13, 2011 at 09:38:56AM -0400, Keegan Holley wrote:
You have an MTU problem. If you want to send (1500 byte + extra header
bytes) packets over a link with a MTU of 1500 - FAIL.
It's actually going to be 1500 - header sizes. So 1500 - MPLS (4bytes) =
1496 possibly -
Hi Terence,
As per the Cisco Router Performance link already posted by someone else these
routers will NOT handle anything much above 10Mbps (and even that is a
struggle).
You are going to require an upgrade.
If you are planning on trying to use the full 100Mbps link then you should in
If anyone is interested I've been building an IPv6 specific router
config/template for routing and security. I've been trying to work with
the team Cymru but progress is slow. Looking for collaborators
Ping me offline if interested.
-Hammer-
I was a normal American nerd
-Jack Herer
On
Unfortunately the 4500 doesn't have the mls options you mentioned.
Regards,
Antonio Soares, CCIE #18473 (RS/SP)
amsoa...@netcabo.pt
http://www.ccie18473.net
-Original Message-
From: cisco-nsp-boun...@puck.nether.net
[mailto:cisco-nsp-boun...@puck.nether.net] On Behalf Of Alexander
I have the same CPU problem but on a 3750. How would I add a similar
rate-limit for our ghost traffic? That command does not work on 12.2(52)SE.
Thank you,
Christina
Message: 9
Date: Wed, 13 Jul 2011 13:59:28 +0100
From: Alexander Clouter a...@digriz.org.uk
To:
Hi,
This is a new one for me and wanted to get some pointers / possible config
examples.
We have a branch office that is presently being fed back to a pop via single T1
which is about as vanilla as can be expected. It’s a simple connected /30 with
a few /29 blocks routed for the inside
It seems I need some sort of CoPP protection. I found a very nice document:
Infrastructure Protection on Cisco Catalyst 6500 and 4500 Series Switches
http://www.cisco.com/application/pdf/en/us/guest/netsol/ns171/c649/ccmigration_09186a0080825564.pdf
I'm now reading the section CoPP on Catalyst
On 07/13/2011 03:46 PM, Mark Tinka wrote:
On Wednesday, July 13, 2011 04:45:43 PM Phil Mayers wrote:
Cisco seem to have a real blindspot for 10G transceivers.
The explanation back in the day was that Cisco had a
lot of customers wanting to run 10gig over old multimode
fibre, and thus needed
It seems I found an explanation:
http://www.ryanhicks.net/blog/2008/12/cisco-4500-intermittant-high-cpu-utilization---part-2.html
The 4500 is capable of handling much higher volumes of multicast traffic, and
it has distributed hardware processing of multicast. It turns out that the
Scott,
Yes, policy routing will work, using it to off-load http and other non
time sensitive traffic for a customer. Using static object tracking to
avoid black-holing towards a dead next hop.
Chuck
On Jul 13, 2011 10:54 AM, Scott Granados sc...@granados-llc.net wrote:
Hi,
This is a new
On Wed, 2011-07-13 at 16:03 +0100, Antonio Soares wrote:
It seems I found an explanation:
http://www.ryanhicks.net/blog/2008/12/cisco-4500-intermittant-high-cpu-utilization---part-2.html
...
Now my question, is this limitation specific to the 4500's ? Or does
it mean that we can bring down
On 13/07/2011 15:56, Mark Tinka wrote:
Part number: FTLX8511D3-CS Serial number: FNS14510S11
the FTLX8511D3 is an SR transceiver, not an LR4. The electrical interface
on an SR transceiver is 10G, not 4 x 3.125G, i.e. no serdes required.
Juniper have this one locked down. I never have to
On Wednesday, July 13, 2011 04:45:43 PM Phil Mayers wrote:
Cisco seem to have a real blindspot for 10G transceivers.
The explanation back in the day was that Cisco had a
lot of customers wanting to run 10gig over old multimode
fibre, and thus needed the LX4 transceiver which
required a
On Wednesday, July 13, 2011 07:20:15 PM Nick Hilliard wrote:
Maybe some cisco designers just like X2? Maybe Cisco
have lots of experience with X2 and the architectural
move to XFI interfaces would mean board redesigns?
Difficult to tell really. I have to say that as a
customer, I view
On 07/13/2011 04:03 PM, Antonio Soares wrote:
Now my question, is this limitation specific to the 4500's ? Or does
it mean that we can bring down any catalyst network with a good
multicast stream ???
High traffic to 224.0.0.0/24 breaks a *lot* of kit. It's not just Cisco
or Catalyst.
On Wednesday, July 13, 2011 10:59:03 PM Phil Mayers wrote:
Specifically LX4 transceivers?
No, SR.
Sorry, thought the issue was multi-mode support itself, not
the need for an LX4 transceiver.
Cheers,
Mark.
signature.asc
Description: This is a digitally signed message part.
On Wednesday, July 13, 2011 11:17:57 PM Nick Hilliard wrote:
the FTLX8511D3 is an SR transceiver, not an LR4. The
electrical interface on an SR transceiver is 10G, not 4
x 3.125G, i.e. no serdes required.
Yes, fair point. Thought the issue was just about needing
multi-mode for 10Gbps, not
Thanks, I'm feeling better now :)
So in my case, one 4500 with ip routing enabled and ip multicast-routing
disabled, what could be simple and quick to implement ?
I'm think about storm-control multicast in all ports (all ports are .1q
trunks in this case). The 4500 is the L2 aggregator and first
Howdy,
I am trying to establish a GRE/IP tunnel over the Internet:
interface Tunnel1
description GRE-Tunnel
ip unnumbered GigabitEthernet7/0/0
no ip directed-broadcast
tunnel source Loopback1
tunnel destination x.x.x.x
end
Pretty much no matter what I do the interface status is always:
Tunnel1
On 07/13/2011 04:46 PM, Antonio Soares wrote:
Thanks, I'm feeling better now :)
So in my case, one 4500 with ip routing enabled and ip multicast-routing
disabled, what could be simple and quick to implement ?
I'm not familiar with Cat4500 I'm afraid.
On a 6500 I would do this:
ip
On 07/13/2011 04:34 PM, Mark Tinka wrote:
On Wednesday, July 13, 2011 10:59:03 PM Phil Mayers wrote:
Specifically LX4 transceivers?
No, SR.
Sorry, thought the issue was multi-mode support itself, not
the need for an LX4 transceiver.
AIUI, Cisco has (or believes it has) a lot of customers
On Wed, 2011-07-13 at 11:19 -0400, Drew Weaver wrote:
Pretty much no matter what I do the interface status is always:
Tunnel1 is up, line protocol is down
I've read that tunnels should be up/up unless you are using keepalives
and it detects a failure.
Is the destination reachable? I.e.
I will be applying CoPP today:
http://www.cisco.com/en/US/docs/switches/lan/catalyst4500/12.2/50sg/configur
ation/guide/cntl_pln.html
Something like:
Switch(config)# qos
Switch(config)# macro global apply system-cpp
Switch(config)# policy-map system-cpp-policy
Switch(config-pmap)# class
Hi, thanks, I thought that was heading in the right direction.
So I found this example here...
http://www.cisco.com/en/US/docs/ios/12_2/qos/configuration/guide/qcfpbr_ps1835_TSD_Products_Configuration_Guide_Chapter.html
In this example, they use only simple access lists matching an individual IP
If it cannot make the original connection it will show up/down
Can you route from the source to the tunnel destination and are there any
firewalls that would block the GRE protocol?
Can the destination route back to the source loopback1?
-Original Message-
From:
Hi experts,
Does that 7604 with SUP32 support Broadband users? If yes what image would
support that?
I feed up from searching the command vpdn enable?
Regards,
Amin
___
cisco-nsp mailing list cisco-nsp@puck.nether.net
2011/7/13 Gert Doering g...@greenie.muc.de
Hi,
On Wed, Jul 13, 2011 at 09:38:56AM -0400, Keegan Holley wrote:
You have an MTU problem. If you want to send (1500 byte + extra header
bytes) packets over a link with a MTU of 1500 - FAIL.
It's actually going to be 1500 - header sizes.
Hi,
On Wed, Jul 13, 2011 at 12:20:17PM -0400, Matthew Huff wrote:
If it cannot make the original connection it will show up/down
There is no connection to be made for a GRE tunnel.
Can you route from the source to the tunnel destination and are there any
firewalls that would block the GRE
I would like to add some redundancy to our network. we currently have a MAN
connection between two sites. Each site also has internet connectivity with
other providers (not our MAN provider).
Which is the better way to add redundancy over those internet connections:
GetVPN, or DMVPN using GRE
Can you route from the source to the tunnel destination and are there any
firewalls that would block the GRE protocol?
Can the destination route back to the source loopback1?
All not relevant, unless tunnel keepalive is active.
Normally, the tunnel is down if either source or destination IP
My Google-fu is failing me, or such items are made of unobtanium.
Does Cisco make a rack-mount kit for 7200 routers going into 23-inch
telco racks? If so can someone provide a part number?
If not, I can use aftermarket filler brackets but I would prefer the
cleaner installation of stock
The only reference I've found is here:
http://www.cisco.com/en/US/products/hw/routers/ps341/prod_technical_refe
rence09186a0080092120.html
It refers to a third-party manufacturer (Newton Instrument, P/N
2079590331). However, the document is old and searching the
manufacturer's site for it
On Wed, 13 Jul 2011, Jay Hennigan wrote:
Does Cisco make a rack-mount kit for 7200 routers going into 23-inch
telco racks? If so can someone provide a part number?
If not, I can use aftermarket filler brackets but I would prefer the
cleaner installation of stock brackets.
Never seen them.
Hi,
On Wed, Jul 13, 2011 at 08:19:54PM +0200, Sascha Pollok wrote:
Yes - or -imho- if the platform does not support it like a GSR
without a tunnel server card.
Oh, good point. We don't have any of these funny platforms... *duck*
gert
--
USENET is *not* the non-clickable part of WWW!
What is the address range used by ghost ? I've heard that ghost can kill a
network. But if it not using the 224.0.0.0/24 range and you have at least
ip igmp snooping on every switch, I don't see how this could affect the
network.
Regards,
Antonio Soares, CCIE #18473 (RS/SP)
amsoa...@netcabo.pt
This discussion brings me neatly onto my follow on question then:-
On the ME3600X switches they will allow me to set interface mtu of up to 9800
bytes. Some of my team are arguing that we only need 1548, some are saying
1600.
We've got dark fibre, so should we be going for the maximum mtu
That depends on your use. Some technologies such as certain types of
storage replication perform better without jumbo frames. Some won't even
use them. Generally speaking the maximum supported by all of your devices
would be the best thing to configure as long as it doesn't break some other
Hello my friends,
I had some problems on an optical fibre between two 6509 switches and
UDLD
kicked in to avoid STP loops, but when the switch tried to recover from
the error-disable state,
the link went up, even with optical fibre problems.
This misbehaviour caused a major outage in the network.
On Wed, 13 Jul 2011, Scott Voll wrote:
I would like to add some redundancy to our network. we currently have a MAN
connection between two sites. Each site also has internet connectivity with
other providers (not our MAN provider).
Which is the better way to add redundancy over those internet
On Wed, Jul 13, 2011 at 11:37 AM, Phil Mayers p.may...@imperial.ac.uk wrote:
sh platform hardware capacity netflow
...say?
#sh platform hardware capacity netflow
Netflow Resources
TCAM utilization: Module Created Failed %Used
5
On 07/13/2011 10:13 PM, Leigh Harrison wrote:
This discussion brings me neatly onto my follow on question then:-
On the ME3600X switches they will allow me to set interface mtu of up to 9800
bytes. Some of my team are arguing that we only need 1548, some are saying 1600.
We've got dark fibre,
On Wed, Jul 13, 2011 at 16:15, Leonardo Gama Souza
leonardo.so...@nec.com.br wrote:
Hello my friends,
I had some problems on an optical fibre between two 6509 switches and
UDLD
kicked in to avoid STP loops, but when the switch tried to recover from
the error-disable state,
the link went up,
Curious on feedback about
this: http://blinking-network.blogspot.com/2011/07/physical-cabling-dependencies-inhibit.html
Basically, I think VMWare should support MPLS or Q-in-Q in a meaninful way (no
VLAN 4095 hackery). Sadly the Nexus 1000v supports neither (or so I'm told).
Even if it or
I was thinking the same think. Automatic recovery usually is not a good
thing.
Regards,
Antonio Soares, CCIE #18473 (RS/SP)
amsoa...@netcabo.pt
http://www.ccie18473.net
-Original Message-
From: cisco-nsp-boun...@puck.nether.net
[mailto:cisco-nsp-boun...@puck.nether.net] On Behalf Of
I readsomething similar to that.. Which is why I tried using a straight
access port instead of trunk between both switchs. When I did that I started
receiving overruns instead. :(
2011/7/14 Jon Harald Bøvre j...@bovre.no
Hi
We had similar problems with a 3524XL some years ago.
Server
Hi Amin,
--- On Thu, 14/7/11, ccie c...@axizo.com wrote:
Does that 7604 with SUP32 support Broadband users?
No.
regards,
Tony.
___
cisco-nsp mailing list cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive
On Wednesday, July 13, 2011 11:57:10 PM Phil Mayers wrote:
AIUI, Cisco has (or believes it has) a lot of customers
with crappy old multimode that they can't replace, and
is over-length for traditional 10gig transceivers. Hence
the LX4, which gives you (marginally) better range than
other
Hello,
Is MPPE encryption supported in the CEF path?
According to cisco doc at
http:/www.cisco.com/en/US/docs/ios/12_1t/12_1t5/feature/guide/dt_pptp.html it
should, but in my tests all pptp virtual access created with CEF disabled and I
can't get more than 10M from 7200-NPE400 with 100% CPU.
70 matches
Mail list logo
