I second the toolmakers stuff, found here:
http://ftp.isc.org/isc/toolmakers/
We set it up, attached it to a cronjob and get daily emails about cruft.
Extremely handy.
On Thu, Aug 6, 2015 at 5:48 AM, John Kristoff j...@cymru.com wrote:
On Thu, 06 Aug 2015 07:47:01 +0300
Hank Nussbacher
Nope, you cannot see your own advertised communities. I am told that you
can do it with Quagga or BIRD, but Cisco land ... nada in my experience.
Unfortunately, your vendors looking glass is the thing to check.
That said, I'm in the industry for some new looking glass software - the
old lg.cgi
I posted this message over on Cisco-VoIP and had very little traction, so I
thought I'd try here.
I have a bunch of Cisco IAD24xx models out in the field all running SIP
talking to our softswitch, and I thought I'd get the collectives input on
the best method to secure them.
Up until a few weeks
If these devices are all on networks under your administrative control,
it's generally far better to drop undesirable packets at the edge, and far
easier to get an iACL and/or tACL right and deploy on edge interfaces, than
to get CoPP right.
I completely agree, the problem is that I have
We are considering connecting to the Any2-LA exchange. We are very familiar
with exchanges, but this one is a twist as would happen at 10gbps, with a
~2gbps line rate.
We have a standard edge/core/dist/access network, and our hangup is edging
10gbps. Our edge router requirements are that it
Hive Mind,
We're terminating an army of T1s in various locations on multiple DS3s, and
are looking at consolidating a couple key points into OC3s. However, it
seems like there is no channelized PA for 7206s, which are our preferred
platform for this kind of thing. It also seems that there isn't a
Collective Knowledge!
I have a lab 6509 with a sup720-3bxl with a single 6148A-GE in it, running
native IOS on 12.2(18).SXF7 . Once upon a time, it had dual supervisors, but
one was stolen to make our mpls lab. It complains that it does not pass the
TestFabricSnakeForward and
So far, we have confirmed that there doesn't seem to be an easy-to-use CLI
way to remove redundancy. Of the (config-red)# commands, only
'linecard-group' works with a no prefix, all the others have no effect.
The best idea so far is to remove the redundancy part from the config or
confreg to blank
NSP'ers,
For unfortunate reasons I am asking the collective if there is a way to do
VRF-lite style segragation for layer-2 interfaces. Situation is that I have
a 6509, and I need to make a single blade on the chassis have a completely
separate VLAN database from the rest of the chassis,
On Mon, Aug 23, 2010 at 6:34 AM, Zoe O'Connell zoe-...@complicity.co.ukwrote:
On 23/08/10 13:07, Florian Weimer wrote:
Yes, that's the conclusion we came to as well when we had it. (Luckily,
it was an iBGP link to a firewall so easier to troubleshoot than a
customer link). As far as I can
You know, I thought the same thing - because we're a small joint, we always
point the finger at ourselves first. We always, double, triple check
everything before we pick up the phone.
But I also figure that such a gigantic organization -- or the guy typing in
reload and looking at the results --
Cogent did an IOS upgrade to our local router, and immediately after our
peering with them started flapping wildly - gets about 10 seconds and
~69,000 prefixes in and resets with the following:
729078: Aug 22 16:21:39 MDT: %BGP-3-NOTIFICATION: sent to neighbor A.B.C.D
3/1 (update malformed) 21
On Sun, Aug 22, 2010 at 5:03 PM, Charles Mills w3y...@gmail.com wrote:
Try:
http://www.ciscosystems.com/en/US/docs/ios/12_0s/feature/guide/s_befasp.html
no bgp enforce-first-as under your BGP config (or turning it on)
I seem to remember a bug related to that. Not at the office or near a
NSP'ers,
We recently did a maintenance to upgrade some of our aging 3550s to
newer code. After the IOS upgrade, the switch came back online and
formed OSPF adjacencies exchanged traffic with all of our other
switches, but could not maintain one with any of our routers.
For example, the upgraded
the interrupt context). How are your MTUs on
your core interface up to (and including) the 3550?
Check show ip traffic, fragmentations should show up there..
oli
randal k wrote on Friday, November 21, 2008 23:18:
Burton,
There is already ~150mbps of other traffic flowing through this
switch
is just because of the volume of traffic, not
the contents. But don't quote me on that.
Easy way to test would be to push a similar volume of non-IPSec traffic and
see what the CPU does.
--
Burton Windle [EMAIL PROTECTED]
On Fri, 21 Nov 2008, randal k wrote
Hive Mind,
I have a customer who started selling a landed a largish VPN contract
for people all over the world. Since then, he pushes about 40mbps of
IPSec traffic, which is growing steadily. Around the same time I
noticed that CPU usage on the distribution 3550 that he is attached to
started
Mateusz,
The process is always IP Input. I'm pretty confident that it is IPSec
traffic, as this customer's traffic is overwhelmingly the VPN tunnels;
my 3550's CPU graph is an exact copy of his interface's traffic graph.
The adverse affects listed are not really doable in production, which
is why
I thought so too, except that we have 3% CPU usage; we have other 3550s
with 30+ VSI interfaces moving considerably more traffic without issue. The
anecdotes I've read say that # of routes is what makes them fall over, and
we're not even close.
1- u mentioned u transferred the affected VLANs to
Hey guys,
I've ran into a ridiculous problem that has me completely stumped.
Network is a standard edge/core/access/distribution network comprised of
7206,6509-sup7203bxls, 3550s3750s, and 3550s/2950s, respectively.
Distribution is pure OSPF, with 226 routes currently in area 0, while the
cores
20 matches
Mail list logo