Re: [c-nsp] Juniper - Cisco Catalyst Fast Ether Channel Load Balancing
Yep, Already there. Thanks for 2950 Hjan. rgs a.r.i.rangkayo sutan Gert Doering wrote: Hi, On Fri, Jan 25, 2008 at 07:24:25PM +0700, a. rahman isnaini r.sutan wrote: Both direction, cat 2950. To repeat my questions, with a few more words: Which of the directions do you have problems with the load distribution? (it needs to be tuned on the sender side, and we're not the Juniper list, so for tuning Juniper-Cisco, please go to j-nsp). How many ports? (load balancing will only work properly on 2-, 4- or 8-port channels) Besides this, with a 2950, it's a bit tough, since it will only balance based on ethernet MAC addresses. So if you have only a few machines on one side, talking to a single router on the other sides, traffic will almost always be imbalanced (because everything a single machine sends to the router will use only use ONE link of the channel). The direction Juniper-2950 might have different constraints. gert -- a. rahman isnaini r.sutan Research Development Division PT IndoInternet Cyber Building 8th Floor Jl. Kuningan Barat no.8 Jakarta Selatan Phone : +62 21 5210607 Fax : +62 21 5210612 ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
[c-nsp] IDSM load splitting with EC on C6k
Hi, Sorry if I keep spamming the list with data center related question. Write me if you think this is the wrong place. :-) I've been reading about IDSM load splitting with Etherchannels on Cat6500/Sup720, and it seems really nice that you can scale away from the 600 mbps per IDSM bottleneck. I still have a few worries though. First, the load splitting uses the standard EC hashing to make sure all packets from the same flow uses the same IDSM. What worries me is that communication between two hosts, e.g. a TCP stream, is actually two different flows. So I could have client-server traffic using one IDSM and server-client traffic using another. Doesn't that mean that the IDSM cannot identify bad streams, or do they work in a way that makes this a non-issue? Second, with DFC-enabled LAN cards and a Sup720, there shouldn't be any performance issues for traffic switched between these LAN cards, even if I put 6 IDSM classic bus modules in the chassis. But when using VLAN capture or SPAN to send the traffic to the IDSM, do I defeat the DFC advantages, ruining the decentralised concept? Or doesn't VLAN capture/SPAN replication disturb the forwarding process? Am I downgrading the system to 30 Mpps also for inter-DFC traffic? Again, thanks for any comments. :-) Regards, Peter ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] S/W for ASA 5550
On Sun, 2008-01-27 at 15:55 -0500, christian wrote: I've been running 7.2(3) in a production network terminating around 10 l2l vpn tunnels, ravpn, and passing about 90+mbps of traffic consistently since october..i've found no issues at all lately,stability seems to be great so far for an ED release. On Sun, 2008-01-27 at 15:48 -0500, Justin M. Streiner wrote: I can't speak specifically about the 5550, but I have other ASA 5500 series boxes running on 7.2(2) and 7.2(3) with no complaints. As always, your mileage may vary and I would balance stability against security, so definitely do a bug scrub on the versions of code that you're considering. We're running 7.2(2) in two data centers ourselves and it works without problems so far. (The only error we've run into was the snmp-server host limit mentioned a short while ago on this list.) So I think 7.2(3) it is. Thanks both. :-) On Sun, 2008-01-27 at 15:55 -0500, christian wrote: not sure how the 5580's compare, i havent really looked into them much yet, but pricing is around 50k for the 5580-20 and 100k for the 5580-40 i THINK That's not really bad, considering the performance. I'll ask my local equipment pusher for details. On Sun, 2008-01-27 at 15:48 -0500, Justin M. Streiner wrote: I have several FWSMs in production but I haven't been able to stress them to the point where I can say whether the numbers in the data sheets are legit. If I find out one way or the other, I'll let the list know :) We've tried pushing a couple of Gigs through an FWSM without problems. Now we're facing a medical imaging project saying they'll collect around 100 TB per year with some nice peaks, and we're wondering if we have to route traffic around the data center firewalls to make sure performance is okay for the rest of the servers... I wish they made a CEF720 FWSM with the 5580-40 performance. :-) Regards, Peter ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
[c-nsp] Incoming calls in AS5350
Hi, I am using a Cisco AS5350 as VOIP gateway and I have a problem. 80% of incoming calls come up with the number of head, and not with the telephone number assigned to each customer in our Asterisk. Where can be the problem? I am sure that problem is configuration AS, but not it can be. Thanks. AS configuration is as follows: Current configuration : 10675 bytes ! version 12.3 service timestamps debug datetime msec service timestamps log datetime msec service password-encryption ! boot-start-marker boot system flash c5350-is-mz.123-11.T9.bin no boot startup-test boot-end-marker ! ! ! resource-pool disable spe default-firmware spe-firmware-1 no aaa new-model ip subnet-zero ! ! no ip cef ! ! isdn switch-type primary-net5 ! ! voice service voip fax protocol t38 ls-redundancy 0 hs-redundancy 0 fallback cisco modem passthrough nse codec g711alaw sip ! ! voice class codec 1 codec preference 1 g729r8 codec preference 2 g711alaw ! ! ! ! controller E1 3/0 framing NO-CRC4 pri-group timeslots 1-31 ! controller E1 3/1 framing NO-CRC4 pri-group timeslots 1-31 ! controller E1 3/2 ! controller E1 3/3 ! controller E1 3/4 ! controller E1 3/5 ! controller E1 3/6 ! controller E1 3/7 ! ! interface FastEthernet0/0 ip address 192.168.100.253 255.255.255.0 secondary ip address 192.168.100.2 255.255.255.0 duplex auto speed auto ! interface FastEthernet0/1 no ip address shutdown duplex auto speed auto ! interface Serial0/0 no ip address shutdown clockrate 200 ! interface Serial3/0 no ip address shutdown ! interface Serial0/1 no ip address shutdown clockrate 200 ! interface Serial3/0:15 no ip address isdn switch-type primary-net5 isdn incoming-voice modem no cdp enable ! interface Serial3/1:15 no ip address isdn switch-type primary-net5 isdn incoming-voice modem no cdp enable ! interface Async1/00 no ip address ! interface Async1/01 no ip address ! (...) ! interface Async2/106 no ip address ! interface Async2/107 no ip address ! interface Group-Async0 no ip address no group-range ! ! ip classless ip route 0.0.0.0 0.0.0.0 192.168.100.3 no ip http server ! ! ! control-plane ! ! ! voice-port 3/0:D ! voice-port 3/1:D ! ! ! dial-peer voice 200 voip destination-pattern . voice-class codec 1 session protocol sipv2 session target sip-server dtmf-relay rtp-nte no vad ! dial-peer voice 1000 pots application session destination-pattern . translate-outgoing called 1 direct-inward-dial port 3/0:D forward-digits all ! dial-peer voice 1001 pots application session destination-pattern . translate-outgoing called 1 direct-inward-dial port 3/1:D forward-digits all ! ! sip-ua sip-server ipv4:10.10.0.54 ! ss7 mtp2-variant Bellcore 0 ss7 mtp2-variant Bellcore 1 ss7 mtp2-variant Bellcore 2 ss7 mtp2-variant Bellcore 3 ! line con 0 line aux 0 line vty 0 4 login local line 1/00 2/107 modem InOut ! scheduler allocate 1 400 ntp clock-period 17179943 ntp server 202.182.192.94 end Eusebio López Ruiz Administrador de Sistemas Palmanet Networking Services [EMAIL PROTECTED] mailto:[EMAIL PROTECTED] http://www.palmanet.net http://www.palmanet.net Tel +34 957649199 Fax +34 957644926 ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] Reflexive ACLs or CBAC on 6500
Thanks Brian Roland, I guess i'll stick with the ACLs then. Imho, cisco should put out a warning when configuring these features. Regards, Tassos Brian Stiff (bstiff) wrote on 27/1/2008 7:07 πμ: Hi Tassos- While YMMV, the IOS Firewall product management team has been discouraging use of IOS Firewall Inspection (CBAC) on the Cat6K for some time. For whatever reason, I can't locate the IOSFW EoL page, but please have a look at a link from last year: http://puck.nether.net/pipermail/cisco-nsp/2007-June/041176.html You may find that Classic FW is entirely adequate for your application. However, in the event that it works badly (as Roland pointed out that it may), there won't be much recourse for a resolution. ASA is Cisco's best option for inspection with a Cat 6K. Regards, Brian Brian Stiff 720.562.6462 IOS Firewall Technical Marketing Eng. Security Technology Group http://www.cisco.com/go/iosfw Date: Fri, 25 Jan 2008 12:19:20 +0200 From: Tassos Chatzithomaoglou [EMAIL PROTECTED] Has anyone real world experience of using these 2 features (Reflexive ACLs or CBAC) on 6500 with MSFC2 (SUP2) or MSFC3 (SUP720)? If i understand right (according do the documentation) both are processed in software in the MSFC, so that's going to hurt a little. Are there any hidden limitations? Does MSFC3 perform better than MSFC2? Should we prefer one instead of the other? Can we use both at the same time? We're already using FWSM on our main 6500s, but we have some spare 6500s (for test servers mainly) and we'd like to implement something better (and easier to maintain) than simple ACLs. -- Tassos ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/ ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] ASA5510 Code
would love to know what bugs you;ve encountered so far? As im testing this in lab right now, and so far all has been good my experience has been from stable PIX environment to what i would consider to be unstable ASA environment. on a trial deployment with the intention of phasing out various deployed PIX (nothing spectacular in terms of conf, firewall with a few spokes, acl's and inpsects, no ipsec/vpn) and within a short time we have discovered some rather problematic inspect bugs then soon after that crashing on 7.2(2), but no crash file written due to another bug.. went to 7.2(3) which was reasonably new at the time, within a week or so both my primary and secondary asa had crashed and rebooted a couple of times, with a crash file at least.. i still am awaiting a fix for this bug CSCsl89317, case was opened in nov '07 but as you can see the details on the bug are still sketchy at best. CSCsl89317 Status Open Severity 2 1st Found-In 7.2(3) ASA 7.2.3 crash Thread Name: Dispatch Unit (Old pc 0x00223a67 ebp 0x018b ASA 7.2.3 Crash Thread Name: Dispatch Unit (Old pc 0x00223a67 ebp0x018b0a90) ASA 7.2.3: Workaround: None nice eh less than impressed with the ASA (and cisco's response to addressing issues) at this point in time.. when you've come from rock solid PIX deployments to crashing high availability clusters it doesn't wash too well.. ... maybe i've just had an unlucky experience ... --matt ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
[c-nsp] LLDP-MED on Cisco 3750 12.2(44)SE
I am trying to get a Cisco 3750 to send a voice vlan via LLDP-MED. In the release notes this looks supported in version 12.2(44)SE. I can get LLDP sending but no MED. Any pointers? Thanks, Jay ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
[c-nsp] Accelerate Failure Detection of EoMPLS
Do you know if there is ways to accelerate detection of failure between PEs and shutdown extended Vlan (through EoMPLS or VPLS). PC1--PE1-PE2--PC2 |___| When simulating failure on link PE1---PE2, it is taking to long for traffic switchover. (already tested EoMPLS over TE with FRR, but it seems some issue with extended Vlan) By the way, there is layer 3 configured on Vlan with xconnect command. I am wondering if this is making IOS go crazy. Tks, Alaerte ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
[c-nsp] MPLS PE to PE over GRE/IPIP
I'm in process to connect two or more Provider Edge router using GRE/IPIP tunnels. What were your experiences? If the answer is yes than I would love to ask how do you connect a PE to another PE using the GRE/IPIP tunnel interfaces. Keeping in mind that I'm going to carry multiple customers traffic (VRF BGP-VPN) between these PEs. ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] Top 10 Network Engineering Tools
I vote for traceroute as one of the top tools (if not the topmost tool). Stoffi On Jan 28, 2008, at 9:22 PM, Joseph Jackson wrote: Hey all, Myself and a coworker are trying to get together a list of the top ten tools any network engineer shouldn't be without. We're looking for vendor neutral tools. So what do you all think are the most haves? Thanks Joseph ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/ -- CHRISTOPH LOIBL mailto:[EMAIL PROTECTED] |No trees were killed in the creation of this message. http://pix.tix.at |However, many electrons were terrible inconvenienced. CL8-RIPE PGP-Key-ID: 0x4B2C0055 +++ ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] 7604/Sup720 not MLS/CEF switching
To answer your last question, since the packets that are punted to software for switching are handled by one of the EARL7 rate-limiters, which don't have counters and also you cannot see what packets, are being punted to software, the best option would be use CPU-SPAN, to SPAN the traffic destined to RP-CPU and analyse that. sukumar Oh well. I found the problem - someone leaked too many prefixes, and it's %MLSCEF-SP-7-FIB_EXCEPTION: FIB TCAM exception for IPv4 unicast, Some routes will be software switched. Dunno why it's showing *these* symptoms, affecting some interfaces more than others. But still I'm interested in finding out how to see what packets are not being MLS/CEF-switched, and why, for the next round of debugging :-) -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Gert Doering Sent: Friday, January 25, 2008 8:07 AM To: cisco-nsp@puck.nether.net Subject: [c-nsp] 7604/Sup720 not MLS/CEF switching Hi, I could use a hint to start nailing this down. We have two 7604/Sup720s with 12.2(18)SXF7 here, doing a pretty similar traffic load (about 2-3 Gbit/s aggregate), and similar traffic pattern. IPv4, IPv6, MPLS, netflow export for IPv4. One of the boxes is running at 1-2% CPU, the other one is running at 60-80% (which started at 22:18 yesterday evening, with no significant change in traffic patterns). So, it's moving packets with a CPU not meant to be used for this. So I've checked two interfaces with very similar usage patterns (audio streaming of life radio, long-lasting flows with medium-to-large packets sizes), and there's a big difference in the percentage here: vlan1700, about 4% not MLS/CEF switched: Protocol PathPkts In Chars In Pkts Out Chars Out IPProcess 25150 24734247 0 0 Cache misses 0 Fast 1328140746 1350996135423191 58674 Auton/SSE 30723864532 30882213532050 18184117236 1335974238797 vlan4062, about 0.1% not MLS/CEF switched: Protocol PathPkts In Chars In Pkts Out Chars Out IPProcess 368914 54599634 31636639 3543640264 Cache misses 0 Fast 1670054191 1924596882515168 9913 Auton/SSE 1029709651247 1137649776167566 229040036204 16614962888496 there's difference on L2 for these interfaces (4062 is coming in via a dedicated port, 1700 is coming in via a trunk port), but I don't think this should make any difference. Most of the egress traffic for this is going via a L3 port-channel, or via a single L3 port. For both VLANs. Traffic level is about 400 Mbit on vlan 1700, 500 Mbit on vlan 4062, most of it incoming. No big difference here either. Similar PPS levels, about 50.000 pps incoming. This is how vlan1700 looks like: interface Vlan1700 description Streaming2/Trust (an1) ip address 194.97.x.y 255.255.255.240 ip verify unicast source reachable-via rx allow-default ip flow ingress no mop enabled end Something is funny here... - so - how do I start figuring out why 1/20 of those packets are not being MLS/CEF switched? Oh well. I found the problem - someone leaked too many prefixes, and it's %MLSCEF-SP-7-FIB_EXCEPTION: FIB TCAM exception for IPv4 unicast, Some routes will be software switched. Dunno why it's showing *these* symptoms, affecting some interfaces more than others. But still I'm interested in finding out how to see what packets are not being MLS/CEF-switched, and why, for the next round of debugging :-) gert -- USENET is *not* the non-clickable part of WWW! //www.muc.de/~gert/ Gert Doering - Munich, Germany [EMAIL PROTECTED] fax: +49-89-35655025 [EMAIL PROTECTED] ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] Top 10 Network Engineering Tools
1. A laptop with a built-in serial port or a USB-Serial converter that you know works (in fact, even if your laptop has a built-in serial port it could be useful to have a USB-Serial converter handy in case you need to connect to multiple devices at once). Also need to make sure that your terminal client works well and that you know how to configure it to access all your serial ports. 2. Console cables for connecting to all of the various devices you are in charge of. 3. Wireshark 4. SSH telnet clients. 5. An up-to-date, fully functional TFTP server 6. Rancid 7. A SQL database, with configuration infrastructure 8. ping, traceroute, whois Tony ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] Top 10 Network Engineering Tools
Hi, On Mon, Jan 28, 2008 at 12:22:51PM -0800, Joseph Jackson wrote: Myself and a coworker are trying to get together a list of the top ten tools any network engineer shouldn't be without. We're looking for vendor neutral tools. So what do you all think are the most haves? ping traceroute mtr lft smokeping telnet gert -- USENET is *not* the non-clickable part of WWW! //www.muc.de/~gert/ Gert Doering - Munich, Germany [EMAIL PROTECTED] fax: +49-89-35655025[EMAIL PROTECTED] pgpVDGC8FEhsL.pgp Description: PGP signature ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] Top 10 Network Engineering Tools
Joseph Jackson wrote: Hey all, Myself and a coworker are trying to get together a list of the top ten tools any network engineer shouldn't be without. We're looking for vendor neutral tools. So what do you all think are the most haves? Unix laptop (or OSX) with serial port or usb/serial adapter ssh client tftp server ethereal/wireshark nmap minicom loopback plugs/cables for T1, Ethernet, v.35, DS3, ST and SC fiber -- Jay Hennigan - CCIE #7880 - Network Engineering - [EMAIL PROTECTED] Impulse Internet Service - http://www.impulse.net/ Your local telephone and internet company - 805 884-6323 - WB6RDV ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] Control plane policy recommendation
On Tue, Jan 22, 2008 at 12:27:47PM +0530, Vikas Sharma wrote: Hi, I am configuring CoPP. If any one previously have implemented the same, pls help me in finding what should be the PPS for different traffic class? This depends on what platform you are running. The NPE-G1 or RSP720 can take quite a beating while Sup32 for example can't handle much at all. -K -- Kristian LarssonKLL-RIPE Network Engineer Peering Coordinator SpriteLink [AS39525] +46 704 910401[EMAIL PROTECTED] ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
[c-nsp] MAC address from cisco IOS switches
All, We have close to 15 2960 switches connected to twin 3750's with 15+ VLANs in the domain. 3750's are stacked and it is the VTP server with 2960's being client. There are no switches acting in transparent mode. I want to get the MAC addresses from 3750's and 2960 using SNMP, instead of logging into each switch and looking up mac address using sh mac address-table. I looked through Cisco website and stumbled upon this website: http://www.cisco.com/en/US/tech/tk648/tk362/technologies_tech_note09186a00801c9199.shtml This document deals only with Catalyst not IOS. Is there a easy way to get MAC entries using SNMP on IOS switch. BTW I am using pgurumur-vm-openbsd (OpenBSD): [~] 10.200.3.0: [1500]$ snmpget -v 1 -c silver4ro c2960-04 sysDescr.0 SNMPv2-MIB::sysDescr.0 = STRING: Cisco IOS Software, C2960 Software (C2960-LANBASEK9-M), Version 12.2(37)SE, RELEASE SOFTWARE (fc2) Copyright (c) 1986-2007 by Cisco Systems, Inc. Compiled Thu 10-May-07 16:43 by antonino when I query RFC1213-MIB::atPhysAddress I am getting the following entries but not the entire list pgurumur-vm-openbsd (OpenBSD): [~] 10.200.3.0: [1498]$ snmpwalk -v 1 -c silver4ro c2960-04 1.3.6.1.2.1.3.1.1.2 RFC1213-MIB::atPhysAddress.93.1.10.42.166.19 = Hex-STRING: 00 1C 0F A6 63 44 RFC1213-MIB::atPhysAddress.93.1.10.57.93.1 = Hex-STRING: 00 1C 0F A6 63 44 RFC1213-MIB::atPhysAddress.93.1.10.57.93.20 = Hex-STRING: 00 1C 0F 9D 26 41 RFC1213-MIB::atPhysAddress.93.1.10.57.166.241 = Hex-STRING: 00 1C 0F A6 63 44 RFC1213-MIB::atPhysAddress.93.1.10.200.1.253 = Hex-STRING: 00 1C 0F A6 63 44 sh mac address-table: Mac Address Table --- VlanMac Address TypePorts --- - All0100.0ccc.STATIC CPU All0100.0ccc.cccdSTATIC CPU All0180.c200.STATIC CPU All0180.c200.0001STATIC CPU All0180.c200.0002STATIC CPU All0180.c200.0003STATIC CPU All0180.c200.0004STATIC CPU All0180.c200.0005STATIC CPU All0180.c200.0006STATIC CPU All0180.c200.0007STATIC CPU All0180.c200.0008STATIC CPU All0180.c200.0009STATIC CPU All0180.c200.000aSTATIC CPU All0180.c200.000bSTATIC CPU All0180.c200.000cSTATIC CPU All0180.c200.000dSTATIC CPU All0180.c200.000eSTATIC CPU All0180.c200.000fSTATIC CPU All0180.c200.0010STATIC CPU All..STATIC CPU 1000c.30fa.d6c0DYNAMIC Gi0/48 1001c.0fa6.6306DYNAMIC Gi0/48 7001c.0fa6.6306DYNAMIC Gi0/48 64001c.0fa6.6306DYNAMIC Gi0/48 64001c.0fa6.6342DYNAMIC Gi0/48 93001c.0fa6.6300DYNAMIC Gi0/48 93001c.0fa6.6306DYNAMIC Gi0/48 93001c.0fa6.6344DYNAMIC Gi0/48 136000b.46f4.b740DYNAMIC Gi0/48 136000b.5fb6.4760DYNAMIC Gi0/48 136000c.30fa.d6c0DYNAMIC Gi0/48 1360010.7b9b.d840DYNAMIC Gi0/48 1360014.a850.dfbdDYNAMIC Gi0/48 136001c.0fa6.6306DYNAMIC Gi0/48 136001c.0fa6.6347DYNAMIC Gi0/48 1360030.4882.79afDYNAMIC Gi0/3 41000b.46f4.b741DYNAMIC Gi0/48 410010.7b9b.d861DYNAMIC Gi0/48 41001c.0fa6.6306DYNAMIC Gi0/48 41001c.0fa6.6341DYNAMIC Gi0/48 44000c.30fa.d6c0DYNAMIC Gi0/48 44001c.0fa6.6306DYNAMIC Gi0/48 44001c.0fa6.634aDYNAMIC Gi0/48 450004.23a6.467cDYNAMIC Gi0/48 450019.b9ea.ed0cDYNAMIC Gi0/48 45001c.0fa6.6306DYNAMIC Gi0/48 45001c.0fa6.634bDYNAMIC Gi0/48 450030.bd71.5c67DYNAMIC Gi0/48 90.747c.a0a7DYNAMIC Gi0/48 900004.23a6.37c3DYNAMIC Gi0/48 900005.1bbd.8500DYNAMIC Gi0/48 900007.4d22.7c70DYNAMIC Gi0/48 900008.744f.d97dDYNAMIC Gi0/48 90000b.db78.d8bcDYNAMIC Gi0/48 90000b.db7d.2f55DYNAMIC Gi0/48 90000d.565e.ef7dDYNAMIC Gi0/48 90000d.566e.3780DYNAMIC Gi0/48 90000d.5692.b1fbDYNAMIC Gi0/48 90000d.5699.1e48DYNAMIC Gi0/48 90000d.5699.41d3DYNAMIC Gi0/48 90000d.56be.89ceDYNAMIC Gi0/48 90000d.56fc.efbaDYNAMIC Gi0/48 90000f.1f8e.6679DYNAMIC Gi0/48 90000f.1fa5.5005DYNAMIC Gi0/48 90000f.1fa5.5dccDYNAMIC Gi0/48 90000f.1fff.0fceDYNAMIC Gi0/48 900011.434c.a4c3DYNAMIC Gi0/48 900012.3f01.2490DYNAMIC Gi0/48 900012.3f09.ca7eDYNAMIC Gi0/48 900012.3f14.da48DYNAMIC Gi0/48 900012.3f18.f91bDYNAMIC Gi0/48 900012.3ff3.e0e2
Re: [c-nsp] ASA5510 Code
I'd been running with no problems: --7.2(2)23 on my PIXs Had to upgrade from 7.2(2) to resolve a NAT bug I use these as firewalls, no VPNs --7.2(3) on ASA5510s These serve as firewalls, and also terminate L2L VPNs and VPN clients. --8.0(2) on ASA5505s These are just used as SOHO/small site firewalls and EzVPN devices. Sincerely, Michael -- Message: 4 Date: Fri, 25 Jan 2008 08:27:37 + From: William [EMAIL PROTECTED] Subject: [c-nsp] ASA5510 Code To: [c-nsp] cisco-nsp@puck.nether.net Message-ID: [EMAIL PROTECTED] Content-Type: text/plain; charset=ISO-8859-1 Hey, I'm implementing a ASA5510 for L2L VPN, EzVPN, VPN Client and other basic firewall functions, can the list recommend a stable version of code for my application? thanks for your time! W -- ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] Top 10 Network Engineering Tools
Here are the key network tools any network engineer shouldn't be without :) Packet sniffing (ethereal, tcpdump) terminal/console (v100) ping traceroute arp hping (ip spoofing, flooding to test your link or firewall and packet manipulation send custom ICMP, UDP and TCP packets) nslookup ssh (I don't like telnet anymore) nmap (TCP/UDP port scanner) gogle (www.google.com) Regards, Masood Ahmad Shah -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Joseph Jackson Sent: Tuesday, January 29, 2008 1:23 AM To: Cisco Subject: [c-nsp] Top 10 Network Engineering Tools Hey all, Myself and a coworker are trying to get together a list of the top ten tools any network engineer shouldn't be without. We're looking for vendor neutral tools. So what do you all think are the most haves? Thanks Joseph ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/ ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
[c-nsp] Top 10 Network Engineering Tools
Hey all, Myself and a coworker are trying to get together a list of the top ten tools any network engineer shouldn't be without. We're looking for vendor neutral tools. So what do you all think are the most haves? Thanks Joseph ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] MPLS PE to PE over GRE/IPIP
If you don't have mpls then using GRE between PEs would be okay. Do some thing like: int tun1 ip address 1.1.1.1 tunnel source x.x.x.x tunnel dest y.y.y.y y.y.y.y is the other PE backbone facing ip, reachable by x.x.x.x then advertise your loopback address through the tunnel using whatever you like...eigrp, ospf, static route. Loopback is mbgp peering point. Then just do your normal configs. -lmn On Jan 28, 2008 2:49 PM, Masood Ahmad Shah [EMAIL PROTECTED] wrote: I'm in process to connect two or more Provider Edge router using GRE/IPIP tunnels. What were your experiences? If the answer is yes than I would love to ask how do you connect a PE to another PE using the GRE/IPIP tunnel interfaces. Keeping in mind that I'm going to carry multiple customers traffic (VRF BGP-VPN) between these PEs. ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/ ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] S/W for ASA 5550
On Mon, 2008-01-28 at 11:11 -0600, Dale W. Carder wrote: Now we're facing a medical imaging project saying they'll collect around 100 TB per year with some nice peaks, and we're wondering if we have to route traffic around the data center firewalls to make sure performance is okay for the rest of the servers... Talk to your account team about this. There could be a FWSM feature in beta soon that maybe could address this. That's about all I can say without breaking NDA. Thanks, will do. Sounds interesting. :-) Regards, Peter ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] MAC address from cisco IOS switches
Prabhu Gurumurthy wrote: All, We have close to 15 2960 switches connected to twin 3750's with 15+ VLANs in the domain. 3750's are stacked and it is the VTP server with 2960's being client. There are no switches acting in transparent mode. I want to get the MAC addresses from 3750's and 2960 using SNMP, instead of logging into each switch and looking up mac address using sh mac address-table. If you are intending to track movements of individual MAC addresses, or search for particular devices, you might like to take a look at nedi, which will do this for you (www.nedi.ch), amonst a lot of other useful switch-related tasks. Howie ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] Top 10 Network Engineering Tools
On Mon, 28 Jan 2008, Joseph Jackson wrote: Myself and a coworker are trying to get together a list of the top ten tools any network engineer shouldn't be without. We're looking for vendor neutral tools. So what do you all think are the most haves? My must-have tools (physical): 1. a laptop with a real RS-232 serial port 2. console cables for whatever I need to touch 3. an assortment of flat and phillips-head screwdrivers 4. wire cutter/leatherman 5. reusable ESD grounding strap 6. keys for whatever cabinets/cages I need to get into 7. building access (swipe cards, proximity badges/fobs, keys, ID badges...) 8. jumpers - if not pre-made, include ends and tools to make them 9. OTDR with appropriate modules to test the lengths and types of fiber I need to test 10. extra flash/CF cards/CF to PC card adapters My must-have tools (software for my laptop (Linux)): 1. Minicom 2. SSH/SSH2 client 3. nmap 4. lft (layer 4 traceroute) 5. dhclient, in case I need to connect to a network that requires DHCP 7. wireshark 8. tcpdump 9. iperf 10. DNS tools (nslookup, host, dig, etc...) ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] MAC address from cisco IOS switches
I don't have any problem with below Cisco snmp query while retrieving learned mac table from a Cisco switch. snmpwalk -v2c -c nexsecure 192.168.0.1 RFC1213-MIB::atPhysAddress I suggest you must run with -v2c instead of -v 1 Regards, Masood Ahmad Shah -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Prabhu Gurumurthy Sent: Tuesday, January 29, 2008 1:51 AM To: cisco-nsp@puck.nether.net Subject: [c-nsp] MAC address from cisco IOS switches All, We have close to 15 2960 switches connected to twin 3750's with 15+ VLANs in the domain. 3750's are stacked and it is the VTP server with 2960's being client. There are no switches acting in transparent mode. I want to get the MAC addresses from 3750's and 2960 using SNMP, instead of logging into each switch and looking up mac address using sh mac address-table. I looked through Cisco website and stumbled upon this website: http://www.cisco.com/en/US/tech/tk648/tk362/technologies_tech_note09186a0080 1c9199.shtml This document deals only with Catalyst not IOS. Is there a easy way to get MAC entries using SNMP on IOS switch. BTW I am using pgurumur-vm-openbsd (OpenBSD): [~] 10.200.3.0: [1500]$ snmpget -v 1 -c silver4ro c2960-04 sysDescr.0 SNMPv2-MIB::sysDescr.0 = STRING: Cisco IOS Software, C2960 Software (C2960-LANBASEK9-M), Version 12.2(37)SE, RELEASE SOFTWARE (fc2) Copyright (c) 1986-2007 by Cisco Systems, Inc. Compiled Thu 10-May-07 16:43 by antonino when I query RFC1213-MIB::atPhysAddress I am getting the following entries but not the entire list pgurumur-vm-openbsd (OpenBSD): [~] 10.200.3.0: [1498]$ snmpwalk -v 1 -c silver4ro c2960-04 1.3.6.1.2.1.3.1.1.2 RFC1213-MIB::atPhysAddress.93.1.10.42.166.19 = Hex-STRING: 00 1C 0F A6 63 44 RFC1213-MIB::atPhysAddress.93.1.10.57.93.1 = Hex-STRING: 00 1C 0F A6 63 44 RFC1213-MIB::atPhysAddress.93.1.10.57.93.20 = Hex-STRING: 00 1C 0F 9D 26 41 RFC1213-MIB::atPhysAddress.93.1.10.57.166.241 = Hex-STRING: 00 1C 0F A6 63 44 RFC1213-MIB::atPhysAddress.93.1.10.200.1.253 = Hex-STRING: 00 1C 0F A6 63 44 sh mac address-table: Mac Address Table --- VlanMac Address TypePorts --- - All0100.0ccc.STATIC CPU All0100.0ccc.cccdSTATIC CPU All0180.c200.STATIC CPU All0180.c200.0001STATIC CPU All0180.c200.0002STATIC CPU All0180.c200.0003STATIC CPU All0180.c200.0004STATIC CPU All0180.c200.0005STATIC CPU All0180.c200.0006STATIC CPU All0180.c200.0007STATIC CPU All0180.c200.0008STATIC CPU All0180.c200.0009STATIC CPU All0180.c200.000aSTATIC CPU All0180.c200.000bSTATIC CPU All0180.c200.000cSTATIC CPU All0180.c200.000dSTATIC CPU All0180.c200.000eSTATIC CPU All0180.c200.000fSTATIC CPU All0180.c200.0010STATIC CPU All..STATIC CPU 1000c.30fa.d6c0DYNAMIC Gi0/48 1001c.0fa6.6306DYNAMIC Gi0/48 7001c.0fa6.6306DYNAMIC Gi0/48 64001c.0fa6.6306DYNAMIC Gi0/48 64001c.0fa6.6342DYNAMIC Gi0/48 93001c.0fa6.6300DYNAMIC Gi0/48 93001c.0fa6.6306DYNAMIC Gi0/48 93001c.0fa6.6344DYNAMIC Gi0/48 136000b.46f4.b740DYNAMIC Gi0/48 136000b.5fb6.4760DYNAMIC Gi0/48 136000c.30fa.d6c0DYNAMIC Gi0/48 1360010.7b9b.d840DYNAMIC Gi0/48 1360014.a850.dfbdDYNAMIC Gi0/48 136001c.0fa6.6306DYNAMIC Gi0/48 136001c.0fa6.6347DYNAMIC Gi0/48 1360030.4882.79afDYNAMIC Gi0/3 41000b.46f4.b741DYNAMIC Gi0/48 410010.7b9b.d861DYNAMIC Gi0/48 41001c.0fa6.6306DYNAMIC Gi0/48 41001c.0fa6.6341DYNAMIC Gi0/48 44000c.30fa.d6c0DYNAMIC Gi0/48 44001c.0fa6.6306DYNAMIC Gi0/48 44001c.0fa6.634aDYNAMIC Gi0/48 450004.23a6.467cDYNAMIC Gi0/48 450019.b9ea.ed0cDYNAMIC Gi0/48 45001c.0fa6.6306DYNAMIC Gi0/48 45001c.0fa6.634bDYNAMIC Gi0/48 450030.bd71.5c67DYNAMIC Gi0/48 90.747c.a0a7DYNAMIC Gi0/48 900004.23a6.37c3DYNAMIC Gi0/48 900005.1bbd.8500DYNAMIC Gi0/48 900007.4d22.7c70DYNAMIC Gi0/48 900008.744f.d97dDYNAMIC Gi0/48 90000b.db78.d8bcDYNAMIC Gi0/48 90000b.db7d.2f55DYNAMIC Gi0/48 90000d.565e.ef7dDYNAMIC Gi0/48 90000d.566e.3780DYNAMIC Gi0/48 90000d.5692.b1fbDYNAMIC Gi0/48 90000d.5699.1e48DYNAMIC Gi0/48 90000d.5699.41d3DYNAMIC Gi0/48 90000d.56be.89ceDYNAMIC Gi0/48
Re: [c-nsp] Top 10 Network Engineering Tools
This are just some of the junk I could think of. If you know how to use tcpdump, and can configure your switches to mirror data, then you can do a lot without any specialized hardware, but you must know what you are looking at first. UNIX tcpdump traceroute shell scripting perl snmp get, getnext, set, walk ssh TCP IP IP classes and masks ping arp DHCP bootp SNMP proto mibs and oids DNS Unicast/multicast Know your switch/router vendor Commands and what they really do. CISCO is usually a must switch-basics STP/MST bridge forwarding tables ACLs security routers RIP BGP security ACLs Jeff Fitzwater OIT Network Systems Princeton University On Jan 28, 2008, at 3:22 PM, Joseph Jackson wrote: Hey all, Myself and a coworker are trying to get together a list of the top ten tools any network engineer shouldn't be without. We're looking for vendor neutral tools. So what do you all think are the most haves? Thanks Joseph ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/ ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
[c-nsp] 6509 vrrp issue
I had a strange issue crop up last week with vrrp. In the following setup, all customer facing ports are L3 ports. The interconnect between the 6509s is L2. |--6509-1-cust2 cust1---2900XL | |--6509-2 Given the above setup, with the 6509s doing vrrp for cust1, and cust2 directly attached just to 6509-1, cust1 misconfigured their systems to use 6509-2's real IP rather than the vrrp virtual IP. 6509-1 was configured (higher priority) to be the vrrp master. This resulted in reachability issues between cust1 and cust2 reminiscent of dcef bugs we used to run into on the 7500 platform. Certain cust2 IPs could send packets to certain cust1 IPs, but replies wouldn't get back to them. i.e. TCP connections couldn't be opened. I was able to verify that for these failed connections, packets were getting to cust1 and cust1 was replying. Other cust2 IPs were able to communicate with other cust1 IPs. I fixed the problem by shutting cust1's interface on 6509-1. I need to wait until we can break things again, and try monitoring cust2's 6509-1 port to see if we're actually sending them the packets they're 'not receiving'...but I don't see why we wouldn't be...but I also don't see why their hosts wouldn't receive them if we were. -- Jon Lewis | I route Senior Network Engineer | therefore you are Atlantic Net| _ http://www.lewis.org/~jlewis/pgp for PGP public key_ ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] Top 10 Network Engineering Tools
putty.exe http://www.chiark.greenend.org.uk/~sgtatham/putty/download.html Casey On 1/28/08, Joseph Jackson [EMAIL PROTECTED] wrote: Hey all, Myself and a coworker are trying to get together a list of the top ten tools any network engineer shouldn't be without. We're looking for vendor neutral tools. So what do you all think are the most haves? Thanks Joseph ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/ ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] IDSM load splitting with EC on C6k
On Mon, 2008-01-28 at 13:56 +0100, Peter Rathlev wrote: First, the load splitting uses the standard EC hashing to make sure all packets from the same flow uses the same IDSM. What worries me is that communication between two hosts, e.g. a TCP stream, is actually two different flows. So I could have client-server traffic using one IDSM and server-client traffic using another. Doesn't that mean that the IDSM cannot identify bad streams, or do they work in a way that makes this a non-issue? Thinking about this for a while, I can see I overlooked something. Using a Src XOR Dst algorithm will give the same result for Src-Dst as for Dst-Src, so that way I can always force both parts of the flow through the same box. Just needed that extra cup of coffee. :-) Still unsure about the DFC/SPAN/classic bus issue though... Regards, Peter ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] Top 10 Network Engineering Tools
In addition to tools already mentioned perhaps the following are good also: -- rancid (besides it's ability to backup configs and show changes, it has very useful tools like clogin which for example allows you to make configuration changes on many devices by one command) -- monitoring is essential. nagios plus as very good addition mrtg, cacti or similar. -- perhaps ftp/tftp server at least running on laptop On Jan 28, 2008, at 11:22 PM, Joseph Jackson wrote: Hey all, Myself and a coworker are trying to get together a list of the top ten tools any network engineer shouldn't be without. We're looking for vendor neutral tools. So what do you all think are the most haves? -- Yaroslav Doroshenko ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] Top 10 Network Engineering Tools
Other network tools: mtr iperf arping pathload tracepath 2008/1/28, Masood Ahmad Shah [EMAIL PROTECTED]: Here are the key network tools any network engineer shouldn't be without :) Packet sniffing (ethereal, tcpdump) terminal/console (v100) ping traceroute arp hping (ip spoofing, flooding to test your link or firewall and packet manipulation send custom ICMP, UDP and TCP packets) nslookup ssh (I don't like telnet anymore) nmap (TCP/UDP port scanner) gogle (www.google.com) Regards, Masood Ahmad Shah -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Joseph Jackson Sent: Tuesday, January 29, 2008 1:23 AM To: Cisco Subject: [c-nsp] Top 10 Network Engineering Tools Hey all, Myself and a coworker are trying to get together a list of the top ten tools any network engineer shouldn't be without. We're looking for vendor neutral tools. So what do you all think are the most haves? Thanks Joseph ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/ ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/ ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] Top 10 Network Engineering Tools
On Mon, Jan 28, 2008 at 12:22:51PM -0800, Joseph Jackson wrote: Myself and a coworker are trying to get together a list of the top ten tools any network engineer shouldn't be without. We're looking for vendor neutral tools. So what do you all think are the most haves? I recently discovered Scamper: http://www.wand.net.nz/scamper/scamper-cvs-20070523i.tar.gz I use it to detect the maximum MTU size at each hop along a connection. Good for troubleshooting path MTU discovery problems. Having Netflow up and running on your network is an important tool, for problem diagnostics, performance measurement, forensics, billing, and more. Another handy tool is ngrep, like tcpdump but it only prints packets that match a particular pattern in the data. I'd also like to put in a word for tcptraceroute, which is like regular traceroute but via TCP so it can often give you extra information about hosts behind firewalls since the TCP packets make it all the way to the end host. ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] Top 10 Network Engineering Tools
Nmap Ping Tftp server Tracertoute Mtr Wireshark Tcpdump Ettercap Net-snmp tools Iperf Mrtg/rrdtool Flow-Tools (CAIDA) -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Jens Link Sent: Monday, January 28, 2008 7:24 PM To: 'Cisco' Subject: Re: [c-nsp] Top 10 Network Engineering Tools Masood Ahmad Shah [EMAIL PROTECTED] writes: Packet sniffing (ethereal, tcpdump) Ethereal is dead for more then 1.5 years now. Wireshark (http://www.wireshark.org/) is the successor and I strongly recommend an upgrade. For details about the change in names see: http://www.wireshark.org/faq.html#q1.2 cheers Jens -- [EMAIL PROTECTED] Berlin: http://www.guug.de/lokal/berlin/index.html http://www.openbc.com/go/invita/4269460 ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/ __ NOD32 2826 (20080127) Information __ This message was checked by NOD32 antivirus system. http://www.eset.com ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] Top 10 Network Engineering Tools
mtr arping pathload pathrate On Jan 28, 2008 4:12 PM, Garry [EMAIL PROTECTED] wrote: Joseph Jackson wrote: Hey all, Myself and a coworker are trying to get together a list of the top ten tools any network engineer shouldn't be without. We're looking for vendor neutral tools. So what do you all think are the most haves? Dunno if 10 will do, probably depends on your line of work ... - mtr - AsItHappens -garry -- Terrorists can't threaten a country's freedom and democracy. Only lawmakers and voters can do that. ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/ -- The network is the computer ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] Top 10 Network Engineering Tools
On Mon, 2008-01-28 at 13:02 -0800, Tony Li wrote: 1. A laptop with a built-in serial port or a USB-Serial converter that you know works (in fact, even if your laptop has a built-in serial port it could be useful to have a USB-Serial converter handy in case you need to connect to multiple devices at once). Also need to make sure that your terminal client works well and that you know how to configure it to access all your serial ports. 2. Console cables for connecting to all of the various devices you are in charge of. 3. Wireshark 4. SSH telnet clients. 5. An up-to-date, fully functional TFTP server 6. Rancid 7. A SQL database, with configuration infrastructure 7.5: Documentation. Lots of it. :-) 8. ping, traceroute, whois 9. A decent text-editor (I personally prefer Vim) with at least som (e)grep search and replace. (I used to use Textpad when I used Windows.) Regards, Peter ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] Top 10 Network Engineering Tools
Masood Ahmad Shah [EMAIL PROTECTED] writes: Packet sniffing (ethereal, tcpdump) Ethereal is dead for more then 1.5 years now. Wireshark (http://www.wireshark.org/) is the successor and I strongly recommend an upgrade. For details about the change in names see: http://www.wireshark.org/faq.html#q1.2 cheers Jens -- [EMAIL PROTECTED] Berlin: http://www.guug.de/lokal/berlin/index.html http://www.openbc.com/go/invita/4269460 ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] Top 10 Network Engineering Tools
I 2nd RANCID. A properly configured RANCID install is indispensable. A multi-homed sniffing box (or probe) connected to key points in the network. I have 2 Linux boxes connected to both core routers in our main POPs, each has multiple Ethernet connections for no purpose other than sniffing. I can't live without my tcpdump. I also 2nd Cacti/MRTG/RRDTool and Nagios. Syslog. Where would we be without a working syslog daemon. Your SSH client of choice. For me I can't do without SecureCRT. Everything else pales in comparison to the features of SecureCRT in my book. A good SSH client is like a good keyboard. You fumble around in a drunken stupor without the tool that you're used to. A reliable IP subnet calculator. It never hurts to doublecheck your work before you make a bone-headed mistake on a mask. A good command line. GUIs are great but CLIs are tops. Beef jerky. A working mail client with ready access to my friends on C-NSP. Justin Yaroslav Doroshenko wrote: In addition to tools already mentioned perhaps the following are good also: -- rancid (besides it's ability to backup configs and show changes, it has very useful tools like clogin which for example allows you to make configuration changes on many devices by one command) -- monitoring is essential. nagios plus as very good addition mrtg, cacti or similar. -- perhaps ftp/tftp server at least running on laptop ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] Top 10 Network Engineering Tools
Myself and a coworker are trying to get together a list of the top ten tools any network engineer shouldn't be without. We're looking for vendor neutral tools. So what do you all think are the most haves? Beer ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] Top 10 Network Engineering Tools
Mon, Jan 28, 2008 at 01:02:54PM -0800, Tony Li: 1. A laptop with a built-in serial port or a USB-Serial converter that you know works (in fact, even if your laptop has a built-in serial port it could be useful to have a USB-Serial converter handy in case you need to connect to multiple devices at once). Also need to make sure that your terminal client works well and that you know how to configure it to access all your serial ports. 2. Console cables for connecting to all of the various devices you are in charge of. 3. Wireshark 4. SSH telnet clients. 5. An up-to-date, fully functional TFTP server rcpd and ftp; tftp doesnt really cut it anymore. 6. Rancid 7. A SQL database, with configuration infrastructure 8. ping, traceroute, whois Tony ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/ ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] Top 10 Network Engineering Tools
Joseph Jackson wrote: Hey all, Myself and a coworker are trying to get together a list of the top ten tools any network engineer shouldn't be without. We're looking for vendor neutral tools. So what do you all think are the most haves? Dunno if 10 will do, probably depends on your line of work ... - mtr - AsItHappens -garry -- Terrorists can't threaten a country's freedom and democracy. Only lawmakers and voters can do that. ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] Top 10 Network Engineering Tools
Tue, Jan 29, 2008 at 12:00:20AM +, Stephen Stuart: heas said: 5. An up-to-date, fully functional TFTP server rcpd and ftp; tftp doesnt really cut it anymore. Not just any rcpd; you want jhawk's rcpd, whose README says: thats right; if can be found (with a few additions) here: ftp://ftp.shrubbery.net/pub/rcpd/rcpd-1.2.tar.gz ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] Top 10 Network Engineering Tools
heas said: 5. An up-to-date, fully functional TFTP server rcpd and ftp; tftp doesnt really cut it anymore. Not just any rcpd; you want jhawk's rcpd, whose README says: This is a standalone implementation of rcpd. When we say standalone, we mean it does not require an rshd to be running (in fact it is incompatible with running one), nor does it require special entries in /etc/passwd. This rshd is intended as a drop-in replacement for tftpd, to be used for uploading software to cisco routers, and other devices that support rcp as a non-authenticated file-transfer protocol. This implementation serves up files from a build-time-configurable directory, defaulting to /tftpboot. You can change that with: ./configure --with-bootdir=/path/to/tftpboot/directory We also implement a feature found in some tftpds, of looking in a subdirectory designated by the IP address of the source of the connection. Eg, an rcp of file from host 199.94.220.184, might result in the rcpd attempting to fetch /tftpboot/199.94.220.184/file. This feature is off by default, but may be enabled with ./configure --enable-ipaddrdirs This rcpd enforces tftpd-style access controls. It setuid()s to nobody prior to attempting file accesses, so requires files to be world readable or world writable to read/write from them (respectively). It also requires a file to exist before writing to it, even if the directory is world-writable. This software sets IP precedence INTERNETCONTROL on the tcp connection(s) it talks over, on the theory that this behavior may be desirable/important. See the file INSTALL for building instructions. There is no make install rule, because the maintainer is lame. I recommend installing in /usr/local/libexec/rcpd, though. An appropriate inetd.conf line would be: # Internet services syntax: # service_name socket_type proto flags user # server_pathname args # shell stream tcp nowait root/usr/local/libexec/rcpd # rcpd Please send all bug reports by electronic mail to: [EMAIL PROTECTED] (John Hawkinson) ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] Top 10 Network Engineering Tools
Thanks for all the great replies. I will complie a list of everything that I've recivied and email the list. ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] MAC address from cisco IOS switches
-Original Message- Subject: cisco-nsp Digest, Vol 62, Issue 115 Message: 9 Date: Mon, 28 Jan 2008 12:50:47 -0800 From: Prabhu Gurumurthy [EMAIL PROTECTED] Subject: [c-nsp] MAC address from cisco IOS switches To: cisco-nsp@puck.nether.net Message-ID: [EMAIL PROTECTED] Content-Type: text/plain; charset=ISO-8859-1; format=flowed All, We have close to 15 2960 switches connected to twin 3750's with 15+ VLANs in the domain. 3750's are stacked and it is the VTP server with 2960's being client. There are no switches acting in transparent mode. I want to get the MAC addresses from 3750's and 2960 using SNMP, instead of logging into each switch and looking up mac address using sh mac address-table. I looked through Cisco website and stumbled upon this website: http://www.cisco.com/en/US/tech/tk648/tk362/technologies_tech_note09186 a00801c9199.shtml This document deals only with Catalyst not IOS. Is there a easy way to get MAC entries using SNMP on IOS switch. BTW I am using pgurumur-vm-openbsd (OpenBSD): [~] 10.200.3.0: [1500]$ snmpget -v 1 -c silver4ro c2960-04 sysDescr.0 SNMPv2-MIB::sysDescr.0 = STRING: Cisco IOS Software, C2960 Software (C2960-LANBASEK9-M), Version 12.2(37)SE, RELEASE SOFTWARE (fc2) Copyright (c) 1986-2007 by Cisco Systems, Inc. Compiled Thu 10-May-07 16:43 by antonino when I query RFC1213-MIB::atPhysAddress I am getting the following entries but not the entire list This is the wrong community to retrieve the full table: You must issue one mac-address retrieval walk for each vlan. This uses indexed community strings ie. indexed community string = regular community string@vlan index The following document explains community string indexing: http://www.cisco.com/en/US/tech/tk648/tk362/technologies_tech_note09186a00801576ff.shtml This document and http://www.cisco.com/en/US/tech/tk648/tk362/technologies_tech_note09186a00801c9199.shtml Apply to both CatOS and Cisco IOS. The correct oid to get the mac address list is: 1.3.6.1.2.1.17.4.3.1.1 On larger platforms (6509 for example) with larger mac address tables this can be a very long process causing excessive CPU load. Matching bridge IDs with mac-addresses uses OID: 1.3.6.1.2.1.17.4.3.1.2 This is probably easiest to use if you are writing custom software. If you need to get the port you have to also get the bridge id and ifnum mappings. Another poster suggested using SNMP v2 which is not necessary but is recommended. -- LR Mack McBride Network Administrator Alpha Red, Inc ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] Top 10 Network Engineering Tools
Seconded. Preferably a nice trappist like st. Bernardus or rochefort. But more on-topic: everyone lists traceroute; anyone use paris-traceroute? aaron.glenn On 1/28/08, Mark Boolootian [EMAIL PROTECTED] wrote: Myself and a coworker are trying to get together a list of the top ten tools any network engineer shouldn't be without. We're looking for vendor neutral tools. So what do you all think are the most haves? Beer ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/ ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] Top 10 Network Engineering Tools
On Mon, Jan 28, 2008 at 04:47:27PM -0500, Justin M. Streiner wrote: My must-have tools (physical): 4. wire cutter/leatherman 8. jumpers - if not pre-made, include ends and tools to make them A brief note on these two: if you're going to be making cables (copper or fiber) it's worth it to spend the time money to learn how to do it right, including having the right tools. For example, just because a dull knife or small flathead screwdriver will work in a pinch, you really should invest in a nice punchdown tool. I'll never forget the time one of our techs was putting ends on a fiber jumper using the unicam kit. They had lost/damaged the cleaver and were using garden-variety scissors (you know, the kind with the blue plastic handles?!) to cut the fiber to length... I know, I know, it saves money on attenuators, but still! :-) If you're going to be touching anything power related, a volt meter might help keep the magic smoke where it belongs... there is another funny story about an unnamed facility engineer (we called him sparky, for obvious reasons) who thought he'd do some DC plant work in the middle of the day. While holding a *LIVE* -48v lead in his hand he managed to short it to the rack he was working on. Luckily he didn't kill himself, or anyone else, but he did knock out the DC plant for about 10 minutes... at noon... doh! --Jeff ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
[c-nsp] Nexus 7000
Has anyone looked at this monster? http://www.cisco.com/en/US/products/ps9402/index.html It looks like it only comes with two blades: 10GE and copper 10/100/1000 Lack of an fiber 1gbit blade is a major drawback. Has anyone checked out an approximate price? If it has higher throughput than the CRS-1, Where does that leave the CRS-1? -- LR Mack McBride Network Administrator Alpha Red, Inc. ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] Nexus 7000
Has anyone looked at this monster? http://www.cisco.com/en/US/products/ps9402/index.html It looks like it only comes with two blades: 10GE and copper 10/100/1000 Lack of an fiber 1gbit blade is a major drawback. Has anyone checked out an approximate price? If it has higher throughput than the CRS-1, Where does that leave the CRS-1? I came accross it about 30 mins ago. It looks like a beast. ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] Nexus 7000
If it has higher throughput than the CRS-1, Where does that leave the CRS-1? Able to terminate SONET connections? Stephen ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] Top 10 Network Engineering Tools
The 5-in-1 cross-over/console/null modem cable is a must for any type of field engineer http://www.ossmann.com/5-in-1.html I also highly suggest a cheap labelling machine if your connecting a lot of devices with no structured cabling systems. -Dan -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Jeff Aitken Sent: Tuesday, 29 January 2008 12:23 PM To: Justin M. Streiner Cc: Cisco Subject: Re: [c-nsp] Top 10 Network Engineering Tools On Mon, Jan 28, 2008 at 04:47:27PM -0500, Justin M. Streiner wrote: My must-have tools (physical): 4. wire cutter/leatherman 8. jumpers - if not pre-made, include ends and tools to make them A brief note on these two: if you're going to be making cables (copper or fiber) it's worth it to spend the time money to learn how to do it right, including having the right tools. For example, just because a dull knife or small flathead screwdriver will work in a pinch, you really should invest in a nice punchdown tool. I'll never forget the time one of our techs was putting ends on a fiber jumper using the unicam kit. They had lost/damaged the cleaver and were using garden-variety scissors (you know, the kind with the blue plastic handles?!) to cut the fiber to length... I know, I know, it saves money on attenuators, but still! :-) If you're going to be touching anything power related, a volt meter might help keep the magic smoke where it belongs... there is another funny story about an unnamed facility engineer (we called him sparky, for obvious reasons) who thought he'd do some DC plant work in the middle of the day. While holding a *LIVE* -48v lead in his hand he managed to short it to the rack he was working on. Luckily he didn't kill himself, or anyone else, but he did knock out the DC plant for about 10 minutes... at noon... doh! --Jeff ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/ ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] Nexus 7000
Call me crazy, but I got no sense that this new thingy can route, from the little video or any of the data sheets. They'd be spouting the pps of IPv6 hardware routing, if it could. I saw mention of VRFs, OSPFv2 and 3, and mentions of IPv4 and IPv6 among the existing documents, but no mention of PPS or anything else routing related. Hopefully more docos are on the way which will detail all of this. ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] Nexus 7000
It uses SFP+'s, they supposedly will be available in both 1GE and 10GE. -- http://dcp.dcptech.com -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of mack Sent: Monday, January 28, 2008 10:25 PM To: cisco-nsp@puck.nether.net Subject: [c-nsp] Nexus 7000 Has anyone looked at this monster? http://www.cisco.com/en/US/products/ps9402/index.html It looks like it only comes with two blades: 10GE and copper 10/100/1000 Lack of an fiber 1gbit blade is a major drawback. Has anyone checked out an approximate price? If it has higher throughput than the CRS-1, Where does that leave the CRS-1? -- LR Mack McBride Network Administrator Alpha Red, Inc. ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/ ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] Nexus 7000
mack wrote: Has anyone looked at this monster? http://www.cisco.com/en/US/products/ps9402/index.html If it has higher throughput than the CRS-1, Where does that leave the CRS-1? In a routed world, where people think DC power is better, and/or for SONET (as others have mentioned)? Call me crazy, but I got no sense that this new thingy can route, from the little video or any of the data sheets. They'd be spouting the pps of IPv6 hardware routing, if it could. Perhaps the 6500 will shift to closets, the 7600 to routing, and the 7010 to datacenter switching for enterprises? At least the Double Clear Front Door Kit is optional... pt ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] Nexus 7000
The only mentions of routing: IP routing and multicast: Supports state-of-the-art implementations of IPv4 and IPv6 services, routing protocols, and IP Multicast features to optimize and enhance data center scalability and performance, reducing capital expenditures (CapEx) and operating expenses (OpEx) The OS documents list the various RFC supported including all of the usual BGP and IPv6 RFCs. No mention of MPLS though which gives the CRS-1 a leg up on the backbone routing market. This looks like it kills for everything but SONET and MPLS. -- LR Mack McBride Network Administrator Alpha Red, Inc. -Original Message- From: Tom Storey [mailto:[EMAIL PROTECTED] Sent: Monday, January 28, 2008 10:03 PM To: Pete Templin Cc: mack; cisco-nsp@puck.nether.net Subject: Re: [c-nsp] Nexus 7000 Call me crazy, but I got no sense that this new thingy can route, from the little video or any of the data sheets. They'd be spouting the pps of IPv6 hardware routing, if it could. I saw mention of VRFs, OSPFv2 and 3, and mentions of IPv4 and IPv6 among the existing documents, but no mention of PPS or anything else routing related. Hopefully more docos are on the way which will detail all of this. ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] Nexus 7000
The documentation out for NX-OS shows support for most IP routing solutions around today. It will be interesting to see more doco from Cisco on what this box can actually do and find out where Cisco plans to slot it into the family tree (perhaps the illegitimate child of Mr. CRS-1 and Mrs. 7609?) -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Tom Storey Sent: Tuesday, 29 January 2008 3:03 PM To: Pete Templin Cc: mack; cisco-nsp@puck.nether.net Subject: Re: [c-nsp] Nexus 7000 Call me crazy, but I got no sense that this new thingy can route, from the little video or any of the data sheets. They'd be spouting the pps of IPv6 hardware routing, if it could. I saw mention of VRFs, OSPFv2 and 3, and mentions of IPv4 and IPv6 among the existing documents, but no mention of PPS or anything else routing related. Hopefully more docos are on the way which will detail all of this. ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/ ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] Nexus 7000
Microsoft is currently performing rigorous testing of the Nexus 7000 Series for security, manageability and performance in a lab environment I doubt Microsoft would be doing any type of WAN/mpls/backbone testing on it, just from the small amount of information available it looks to be good for combining your SAN switch fabrics with your lan/data switch fabric ... does this just seem like a bad idea to anyone else? Cheerio -Dan -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Geyer, Nick Sent: Tuesday, 29 January 2008 1:20 PM To: cisco-nsp@puck.nether.net Subject: Re: [c-nsp] Nexus 7000 The documentation out for NX-OS shows support for most IP routing solutions around today. It will be interesting to see more doco from Cisco on what this box can actually do and find out where Cisco plans to slot it into the family tree (perhaps the illegitimate child of Mr. CRS-1 and Mrs. 7609?) -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Tom Storey Sent: Tuesday, 29 January 2008 3:03 PM To: Pete Templin Cc: mack; cisco-nsp@puck.nether.net Subject: Re: [c-nsp] Nexus 7000 Call me crazy, but I got no sense that this new thingy can route, from the little video or any of the data sheets. They'd be spouting the pps of IPv6 hardware routing, if it could. I saw mention of VRFs, OSPFv2 and 3, and mentions of IPv4 and IPv6 among the existing documents, but no mention of PPS or anything else routing related. Hopefully more docos are on the way which will detail all of this. ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/ ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/ ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] Nexus 7000
Lincoln Dale (ltd) ha scritto: mack wrote: with initial I/O modules chassis, up to 240M PPS IPv6 h/w switched goodness. What about NX-OS ? Is it built upon qnx ? Regards, Gianluca ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] Nexus 7000
On (2008-01-28 21:24 -0600), mack wrote: Where does that leave the CRS-1? In the rack, MPLS switching packets and doing IP lookup on 128k FIB. It seems as if cisco made sure, that this time SP's won't be buying it's 'switch' as a cheap alternative to higher margin routers. Saying that, it looks like a nice product with quite a bit of innovation for the market it's targeting. -- ++ytti ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] Nexus 7000
At 09:57 PM 1/28/2008 -0600, Pete Templin observed: mack wrote: Has anyone looked at this monster? http://www.cisco.com/en/US/products/ps9402/index.html If it has higher throughput than the CRS-1, Where does that leave the CRS-1? In a routed world, where people think DC power is better, and/or for SONET (as others have mentioned)? Call me crazy, but I got no sense that this new thingy can route, Yes, it can route. from the little video or any of the data sheets. They'd be spouting the pps of IPv6 hardware routing, if it could. 30Mpps per slot IPv6 unicast routing. Perhaps the 6500 will shift to closets, the 7600 to routing, and the 7010 to datacenter switching for enterprises? The product targets data center routing switching - data center core/agg 10G server access are the sweet spots. At least the Double Clear Front Door Kit is optional... Wasn't there a thread on cool lookin' data centers? Alright, take the doors off if you like, but it'd look sweet w/blue neon behind it or sumthin' ;) Tim pt ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/ Tim Stevenson, [EMAIL PROTECTED] Routing Switching CCIE #5561 Technical Marketing Engineer, Data Center BU Cisco Systems, http://www.cisco.com IP Phone: 408-526-6759 The contents of this message may be *Cisco Confidential* and are intended for the specified recipients only. ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
