[c-nsp] Debug ssh?
What debug command is one to use to debug an outgoing ssh session from a router? Something like -vvv. Thanks, Hank ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
[c-nsp] HWIC-2SHDSL and HWIC-4SHDSL
Hello, I have a question regarding the HWIC-2SHDSL and HWIC-4SHDSL. We are getting our leased lines as seperate 2-wire-lines over each of which we establish a PPPoE-Sesson to our LNS. Now, some customers need more bandwidth than one line can provide. Before, we have bundled the lines with an C1841 and two WIC-1SHDSL-V3. Can we instead just use *one* HWIC-2SHDSL? Has anyone done this before? thanks in advance, Arne ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
[c-nsp] Limits of VRF-lite
Hi I am sure I have read somewhere that there is a limit of 26 VRFs per router when configuring VRF-lite (multi-VRF). Has anyone else seen this? Regards Gary ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] Cat6500 - Support for MPLS and IPv6
Asbjorn Hojmark - Lists wrote: OTOH, 6500 gets software modularity, which is something that we consider a *real* must for any decent high-availability environment. So, does anyone think IOS XE looks cool? Say, ISSU on a single hardware RP, for example. Well, I do. And it's from the same BU as the 7600... Oh yes, I'm jumping for joy at the idea of Cisco spreading their (clearly already stretched) software development resources even thinner... Cross your fingers everyone. Cross our fingers what? Cross our fingers that they'll neglect IOS in favour of IOS XE? How does that help anyone? Honestly, I don't mean to sound too combative, but Cisco do not need to be diversifying at this point; they need to be focussing. ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] OT: Check Point v Cisco PIX (ASA 5500 Series)
* A. L. M. Buxey: for a firewall, not sending an RST for a denied connection, isn´t it the Right Thing to do? ah, the perennial DROP or REJECT question. Not really. Faking the RST with the address of the target doesn't give you any hint what's rejected the connection attempt. I know that some people do not want to leak that data, but it's absence makes debugging quite hard. -- Florian Weimer[EMAIL PROTECTED] BFK edv-consulting GmbH http://www.bfk.de/ Kriegsstraße 100 tel: +49-721-96201-1 D-76133 Karlsruhe fax: +49-721-96201-99 ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] ONSs, DWDM SFPs, and the 3560/3750E
-Original Message- From: [EMAIL PROTECTED] [mailto:cisco-nsp- [EMAIL PROTECTED] On Behalf Of Justin Shore Sent: Monday, April 07, 2008 12:28 AM To: 'Cisco-nsp' Subject: [c-nsp] ONSs, DWDM SFPs, and the 3560/3750E So I'm working on a solution involving a pair of 15454s to transport numerous GigE links between a pair of sites over diverse paths and still give us a 10G upgrade path someday. Unfortunately I know little about the ONSs at this time even though I've been staring at data sheets, presentations and the Dynamic Config Tool for weeks if not months. Like where do I use the filters? I was in the same boat for the past year, so I feel your pain! I've been told we could use 15454s to build a fully-redundant chassis (PSUs, CPUs, etc) and then buy a pair of Xponder cards for each chassis. Each Xponder card would output a single 10G link and we'd ship that link over one path and other 10G link from the other Xponder over the other path (for PtP links or use both 10G interfaces for L2 VLAN redundancy). That's the basic plan as laid out in this doc (the only Xponder doc I could find): This sounds about right. At one site we meet both of our upstreams with fiber (one provider with a Fuji and another with a 15454). That site also has a data center which has numerous links between it and the other site. And at the other site is the core of the ISP and all our offices. I've been told that the Xponder card can only accept GigE fiber inputs using the DWDM SFPs and that we'll have to convert to DWDM optics with an external switch if we have to use copper or other fiber links. Is this true? It doesn't sound like you are using dark fiber if your fiber is passing through your provier's electronics. You're not going to be able to run DWDM over a lit pair that's handed off to you from a provider. What you are describing is a lit service where they're handing off a p2p GE or 10GE to you. Is this the case, or have I misunderstood? The one page I found on the Xponder card contradicts what this person is telling me. I haven't had any luck finding good design or implementation docs on this card or exactly how it's used. Both of our upstreams hand off as copper. Fiber is not an option with one of the upstreams and with the other it's not something that we've discussed. Either way it wouldn't be with DWDM optics. The current data center hardware can only accept copper, for now. Our internal connections can be fiber. See previous response. You cannot run DWDM over copper or over an already lit fiber. Your provider might be willing to sell you different wavelengths on their fiber and you can mux/aggregate multiple GEs or 10GEs at your switch, but you're not going to be able to mux/demux at the wavelength level yourself, unless you're the one generating the light. The first solution that comes to mind is to stack a 3750G-12S with a copper 3750G and use that to map VLANs between copper and DWDM ports. However I can't find any mention of DWDM SFP support in the 3750G. Then I looked at the 3750E. However there isn't a SFP-based chassis with the 3750E. There is however the 3560E-12D and 12SD. Since they are the exact same switches, sans the stacking interface, why isn't there an all-SFP or X2 3750E? I hate to take a guess. Then I started thinking I could take the 3560E-12D and put TwinGig modules in it. One side of the TwinGig would be the copper or standard fiber SFP and the other side would be the DWDM optic. Then I read the data sheet for the 3560E and found out that DWDM SFPs aren't supported in either the 12D or 12SD chassis (but are supported in all the other 3560Es). Is there a technical reason behind this? Previous answers aside, I doubt there is any technical reason behind any Cisco switch from supporting any SFP. So I'm rather stuck. This really isn't making any sense; I think I'm missing something here. I'm short on design and implementation information for a DWDM deployment with the 15454s. What info I do have seems to be contradicted by the data sheets, but if it's right is difficult to work around due to a lack of support for DWDM SFPs in various access switch platforms. I can't even find the 15454-GE-XP when I try to build a 15454 on the Dynamic Config Tool. I suspect there's more to it than what I'd seeing too. If you've already engaged your Cisco SE, I'm surprised that he/she has not mentioned to you that, with the physical setup you describe above, you're not going to be able to accomplish what you want. If you want to learn about Cisco-centric design and implementation, I suggest the Cisco Press book, Optical Network Design and Implementation (http://safari.ciscopress.com/1587051052). It gives a very detailed, scientific overview of how WDM works, then provides some great info on the various optical platforms that Cisco offers, as well as case studies. Other solutions are
[c-nsp] ASR performance
Hi list I was wondering if somebody has had the chance to play with the new ASR? From the introduction of ESP it's suppose to terminate 8000 subscribers on ESP5 and 16000 on ESP10, (32000 on ESP20)? Has somebody had the chance to actually test PPPoE termination performance on this box? e.g. number_of_subscribers vs. throughput vs. load ? Thanks in advance MKS http://www.cisco.com/en/US/prod/collateral/routers/ps9343/qa_c67-449980.html Q. Where are the 5- and 10-Gbps ESPs positioned in a service provider's broadband network? A. The Cisco ASR 1000 Series Router serves as a broadband aggregation router that terminates 8,000 to 16,000 subscriber sessions; supports features such as Cisco Session Border Controller (SBC) for voice over IP (VoIP), video Telepresence services, and hardware-assisted Firewall for security; and requires Gigabit Ethernet or 10 Gigabit Ethernet uplink capability. The Cisco ASR 1000 Series Router is ideally suited for deployment as a Point-to-Point Termination and Aggregation (PTA) device, L2TP Access Concentrator (LAC), or L2TP Network Server (LNS). ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] Limits of VRF-lite
This is for 3750ME. 1 vrf per port, 24 FE and 2 Enhanced GE. Eugene Vedistchev Gary Roberton wrote: Hi I am sure I have read somewhere that there is a limit of 26 VRFs per router when configuring VRF-lite (multi-VRF). Has anyone else seen this? Regards Gary ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/ ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] ONSs, DWDM SFPs, and the 3560/3750E
Thanks for the reply, Eric. Eric Van Tol wrote: I was in the same boat for the past year, so I feel your pain! It doesn't sound like you are using dark fiber if your fiber is passing through your provier's electronics. You're not going to be able to run DWDM over a lit pair that's handed off to you from a provider. What you are describing is a lit service where they're handing off a p2p GE or 10GE to you. Is this the case, or have I misunderstood? I should have given more detail in my post. We're the ILEC in the area and own all the fiber (including what our upstream come in on to our data center). While we own all the fiber, it's also a limited resource and definitely isn't free (though don't we all wish). So in our case I have unfettered access to the dark fiber itself without interference from other equipment. That definitely helps. WDM is definitely doable in our scenario thanks to that. I agree though that if this was through another provider we'd end up in a lengthy dark fiber lease to do the same thing. See previous response. You cannot run DWDM over copper or over an already lit fiber. Your provider might be willing to sell you different wavelengths on their fiber and you can mux/aggregate multiple GEs or 10GEs at your switch, but you're not going to be able to mux/demux at the wavelength level yourself, unless you're the one generating the light. Yeah, I should have been more specific earlier. Since we own the fiber we're not having to integrate this into something our upstreams are doing. They are just one of many Ethernet connections that I need to transport between 2 points without over-subscription. My bad. Previous answers aside, I doubt there is any technical reason behind any Cisco switch from supporting any SFP. That's along the same lines as my own thoughts. If you've already engaged your Cisco SE, I'm surprised that he/she has not mentioned to you that, with the physical setup you describe above, you're not going to be able to accomplish what you want. :-) Ok, ok. I should definitely have been more specific earlier. My fault. :-) If you want to learn about Cisco-centric design and implementation, I suggest the Cisco Press book, Optical Network Design and Implementation (http://safari.ciscopress.com/1587051052). It gives a very detailed, scientific overview of how WDM works, then provides some great info on the various optical platforms that Cisco offers, as well as case studies. I have a copy. Unfortunately it's packed away in a moving box and won't be accessible until after I move next week. The last time I cracked it open (almost 2 years ago) it was well over my head with my very limited ONS knowledge. Perhaps now it will make more sense. I've been told that the ONSs really aren't that hard to learn. I'm sure they would make much more sense to me if I could see them in action. Maybe I should pay a visit to Cisco's optical lab in Dallas. If I have your setup correct, then doing L2/L3 redundancy is your only option at this point. Unless you can get dark fiber from your providers, WDM is not going to work. I can say that moving to dark fiber can be costly at first, especially if your provider is a major player, but the long term benefits and cost savings are huge, since WDM offers almost limitless possibilities. Justin -- *hangs head in digital shame* ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] Ethernet Freezeup
Hi, (directly to Ed and Cc to list due to the original beeing quite old, feel free to reply to the list only) On Sat, Jul 15, 2006 at 05:23:20PM -0400, Ed Ravin wrote: A few times on this list, people have discussed how a Cisco 1700 series router can suddenly freeze up on its main Ethernet interface. The problem as I've observed it hits routers that have a single Ethernet interface (and no other interfaces in use). The symptom is that the router no longer receives traffic on the Ethernet - it still transmits ARP requests and retries of routing protocol packets, but nothing is received. Getting to the console of the router and issuing clear int faste0 always fixes the problem. Sadly I've came to know this bug in the last months as well. We've had this problem every 1-2 months on a 1720 in the field, which was tolerable since the router didn't have that many users on it, but now it has started happening on one of our core 7206 routers. We used this same router in a similar configuration for years in a different location with no problems, but back then it had multiple interfaces (a DS3 and the FastEthernet). I was seeing this with a 7206/IO-FE that *has* other interfaces, though what seemed to trigger it there was indeed single-armed routed traffic. The freezeups have happened on various IOS 12.1 versions on the 1720, and on 12.3.17 on the 7206 (non-VXR, NPE-225). After the effect hitting us regularly (mostly in the middle of the night when backups ran) I've finally done something I hoped would rule out any hardware issues: 1) Placed a new 7204VXR chassis next to the problem box (7206); 2) Plugged a NPE225 and IO-FE into the chassis (different from the modules in the 7204VXR) and took over the configuration and IOS; 3) Powered off the old box and took over the required PAs (one 8BRI, one MC-8E1 and one FE-TX) and cabling; 4) Booted the new box. Initially all seemed well. Even the next backup ran without a problem. But the next day, without any excessive traffic beeing there to trigger it like it did before, the exact same thing happened to the new box, even though it is another chassis, another NPE225 and another IO-FE. It hit the next time today, again without heavy trigger traffic, so the situation is in a way worse then before - now it seems to hit completely at random. For us, the issues actually seemed to start when the old NPE200 in the 7206 was replaced with a NPE225. Given that they have quite a different architecture, I'm pondering whether what we see is actually a software problem that hits NPE225s in general when used heavily one-armed with an IO-FE. I've seen it with 12.4 mainline and with the 12.2(31)SB train, so it might have been introduced after 12.2S - I remember the boxes with NPE225 beeing rock solid when running 12.2(25)S - never saw this issue creep up before. Now I have it on two chassis... BTW, I'm seeing a memory leak in 12.2(31)SB (up to SB11) in SNMP, I can't tell if it is related. I've also noticed that RTTs of packets that go through the box in question were distorted for several seconds before the interface actually froze - the effect seems to announce itself. This would could mean something is badly hitting the CPU, but it's hard to tell what it is after the fact. Any thoughts about what might be going on in the innards of the IOS, and how to troubleshoot or prevent recurrence? Ed, did you find a solution (other than going to a NPE-G1/2 or NPE-400) or workaround? Anyone else here on c-nsp still using these good old chassis and having advise? TIA, Andre. -- Real men don't make backups of their mail. They just send it out on the Internet and let the secret services do the hard work. - Andre Beck+++ ABP-RIPE +++ IBH IT-Service GmbH, Dresden - ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] ONSs, DWDM SFPs, and the 3560/3750E
-Original Message- From: Justin Shore [mailto:[EMAIL PROTECTED] Sent: Monday, April 07, 2008 9:12 AM To: Eric Van Tol Cc: 'Cisco-nsp' Subject: Re: [c-nsp] ONSs, DWDM SFPs, and the 3560/3750E Thanks for the reply, Eric. I should have given more detail in my post. We're the ILEC in the area and own all the fiber (including what our upstream come in on to our data center). While we own all the fiber, it's also a limited resource and definitely isn't free (though don't we all wish). So in our case I have unfettered access to the dark fiber itself without interference from other equipment. That definitely helps. WDM is definitely doable in our scenario thanks to that. I agree though that if this was through another provider we'd end up in a lengthy dark fiber lease to do the same thing. Gotcha...makes more sense now. :-) Yeah, I should have been more specific earlier. Since we own the fiber we're not having to integrate this into something our upstreams are doing. They are just one of many Ethernet connections that I need to transport between 2 points without over-subscription. My bad. So if I understand you correctly, you want to transport your transit connections from one location to another, along with an internal WAN link (or several). If your only option is copper to some of your upstreams, I'd suggest a media converter that can take DWDM optics. I believe MRV has some media converters that can do pluggable optics. I can't find the info on their site, but I have a PDF that I can unicast to you if you'd like it. I'd see this as being much cheaper than getting full-fledged switches whose only purpose is media conversion. I have a copy. Unfortunately it's packed away in a moving box and won't be accessible until after I move next week. The last time I cracked it open (almost 2 years ago) it was well over my head with my very limited ONS knowledge. Perhaps now it will make more sense. I've been told that the ONSs really aren't that hard to learn. I'm sure they would make much more sense to me if I could see them in action. Maybe I should pay a visit to Cisco's optical lab in Dallas. Again, same boat. It's my understanding as well that the ONS boxes are not hard to learn, especially with the CTC tool. However, my experience with viewing the CTC (in Cisco's lab), as well as secondhand experience doing circuit grooms with one of our T1 providers, it can be slow and clunky. Some circuits would take seconds to migrate and some would take minutes, with CTC crashing randomly in between grooms. This was a few years ago, so take that with a grain of salt. I've never been a fan of Java GUIs... If I have your setup correct, then doing L2/L3 redundancy is your only option at this point. Unless you can get dark fiber from your providers, WDM is not going to work. I can say that moving to dark fiber can be costly at first, especially if your provider is a major player, but the long term benefits and cost savings are huge, since WDM offers almost limitless possibilities. Justin -- *hangs head in digital shame* Hope this helps, evt ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] Ethernet Freezeup
The story so far: On Sat, Jul 15, 2006 at 05:23:20PM -0400, Ed Ravin wrote: A few times on this list, people have discussed how a Cisco 1700 series router can suddenly freeze up on its main Ethernet interface. The problem as I've observed it hits routers that have a single Ethernet interface (and no other interfaces in use). The symptom is that the router no longer receives traffic on the Ethernet - it still transmits ARP requests and retries of routing protocol packets, but nothing is received. Getting to the console of the router and issuing clear int faste0 always fixes the problem. And then: On Mon, Apr 07, 2008 at 03:28:12PM +0200, Andre Beck wrote: Sadly I've came to know this bug in the last months as well. ... I was seeing this with a 7206/IO-FE that *has* other interfaces, though what seemed to trigger it there was indeed single-armed routed traffic. ... Any thoughts about what might be going on in the innards of the IOS, and how to troubleshoot or prevent recurrence? Ed, did you find a solution (other than going to a NPE-G1/2 or NPE-400) or workaround? Anyone else here on c-nsp still using these good old chassis and having advise? I was seeing the problem in two routers - first in a 1750 with IOS 12.2.something, and then later on in a 7204 / NPE-225 non-VXR. Both routers were using router-on-a-stick configurations. We were able to get a close look with the sniffer at the 7204 in the stuck state: it was still sending ARP requests, OSPF HELOs, and HSRP UDP traffic, but apparently not seeing any received packets. The latter was especially painful since the router's OSPF neighbors noticed nothing wrong and dutifully routed traffic to the zombie router, and since the zombie was still sending out HSRP packets, the backup router saw no reason to step in and take over the virtual IP address. 11 weeks ago, I replaced the 1750 with a 1720 that had IOS 12.3(24a). I was originally planning to do just an IOS upgrade but the router was exhibiting some flaky behavior (would freeze up completely if I unplugged the console or aux port cable). We've had no problems with the new router since then. The old 1750 is still in use, with the same IOS, but it has been demoted to being a console server for the new router in case the problem returns. 4 weeks ago, I also upgraded the 7204 to IOS 12.3(24a). No problems since. I don't know whether the bug is quenched with the new IOS - this is definitely an improvement, but we've had similar quiet periods before. If I don't see it for another 2-3 months, then I might declare victory. We did find a workaround. We set up a cron job to run every 3 minutes on a Unix host that had RANCID installed. The job would try to ping the problem router, and if it didn't respond, it would tell RANCID to log in to the console port and issue a clear int FastEthernet0 (or Faste0/0 in the case of the 7204). That dirty trick worked remarkably well. Of course, you need a console server that can be reached by the host running RANCID. With a recent enough IOS, I suspect you could script a similar workaround on the router itself, using object tracking and/or the TCL capability. -- Ed ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
[c-nsp] Stephanie Castelain is out of the office.
I will be out of the office starting 07/04/2008 and will not return until 14/04/2008. I will respond to your message when I return. DISCLAIMER: This e-mail contains proprietary information some or all of which may be legally privileged. It is for the intended recipient only. If an addressing or transmission error has misdirected this e-mail, please notify the author by replying to this e-mail. If you are not the intended recipient you must not use, disclose, distribute, copy, print, or rely on this e-mail. ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] Ethernet Freezeup
Hi Ed, On Mon, Apr 07, 2008 at 10:10:38AM -0400, Ed Ravin wrote: On Mon, Apr 07, 2008 at 03:28:12PM +0200, Andre Beck wrote: Sadly I've came to know this bug in the last months as well. ... I was seeing this with a 7206/IO-FE that *has* other interfaces, though what seemed to trigger it there was indeed single-armed routed traffic. ... Any thoughts about what might be going on in the innards of the IOS, and how to troubleshoot or prevent recurrence? Ed, did you find a solution (other than going to a NPE-G1/2 or NPE-400) or workaround? Anyone else here on c-nsp still using these good old chassis and having advise? I was seeing the problem in two routers - first in a 1750 with IOS 12.2.something, and then later on in a 7204 / NPE-225 non-VXR. Both routers were using router-on-a-stick configurations. We were able to get a close look with the sniffer at the 7204 in the stuck state: it was still sending ARP requests, OSPF HELOs, and HSRP UDP traffic, but apparently not seeing any received packets. The latter was especially painful since the router's OSPF neighbors noticed nothing wrong and dutifully routed traffic to the zombie router, and since the zombie was still sending out HSRP packets, the backup router saw no reason to step in and take over the virtual IP address. Exactly the same thing here. HSRP failing here is especially bad, since there would be failover paths, but they aren't used. 11 weeks ago, I replaced the 1750 with a 1720 that had IOS 12.3(24a). I was originally planning to do just an IOS upgrade but the router was exhibiting some flaky behavior (would freeze up completely if I unplugged the console or aux port cable). We've had no problems with the new router since then. The old 1750 is still in use, with the same IOS, but it has been demoted to being a console server for the new router in case the problem returns. 4 weeks ago, I also upgraded the 7204 to IOS 12.3(24a). No problems since. Interesting. I've searched a bit in the Bug Toolkit, but didn't find anything conclusive. I don't know whether the bug is quenched with the new IOS - this is definitely an improvement, but we've had similar quiet periods before. If I don't see it for another 2-3 months, then I might declare victory. How I know this. Last change was swapping power supplies, now it's again waiting. But given your experiences, it's probably not power supplies at all... We did find a workaround. We set up a cron job to run every 3 minutes on a Unix host that had RANCID installed. The job would try to ping the problem router, and if it didn't respond, it would tell RANCID to log in to the console port and issue a clear int FastEthernet0 (or Faste0/0 in the case of the 7204). That dirty trick worked remarkably well. Of course, you need a console server that can be reached by the host running RANCID. I thought about this, but currently not having a rancid at the right side of the box (where it is still reachable) was a showstopper. With a recent enough IOS, I suspect you could script a similar workaround on the router itself, using object tracking and/or the TCL capability. OMG. Thanks for this hint - I just rolled up something with SLA, tracking and EEM that eventually might just do it. Let's see... Thanks, Andre. -- Real men don't make backups of their mail. They just send it out on the Internet and let the secret services do the hard work. - Andre Beck+++ ABP-RIPE +++ IBH IT-Service GmbH, Dresden - ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] Cat6500 - Support for MPLS and IPv6
On Monday 07 April 2008, Phil Mayers wrote: Honestly, I don't mean to sound too combative, but Cisco do not need to be diversifying at this point; they need to be focussing. Agree... IOS, IOS XR, IOS XE, NX-OS, CatOS, along with the various idiosyncrasies of each (and their *children*) does make things interesting. I know current incarnations of IOS are not that dissimilar from mainstream IOS, but... Mark. signature.asc Description: This is a digitally signed message part. ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
[c-nsp] Cat4K Sup3 issue using AGM.. Any ideas?
I know this is old stuff, but it still works for this small network here, so what the heck. I have a Cat4006 chasis, which had a Sup2 running of course CatOS, and then I had a WS-X4604-AGM installed in it which routed my T1 line back to main location. The unit was running 8.4(11)GLX for the CatOS, and the AGM was running 12.4(18) for it's IOS. This configuration has worked well for quite some time. Well of course not leaving well enough alone, and deciding having IOS instead of CatOS with some nicer QOS would be a good thing. I got my hands on A Sup3 card for the switch, which I thought would be a simple deal to upgrade. So I pop in the Sup3, load up the latest firmware and IOS for it, put in a baseline config and figure all is well. Wait, the AGM isn't working for some reason, let's look at this. I go to the AGM and it's booted, but shows no config, what the heck. Umm, OK, maybe going to IOS on the switch, I need to redo that as well. Sadly enough this was not the case. If I do a show conf, it's there, I can see it just fine. If I try and copy startup-conf to running, it tells me something is corrupted and it can't read it even after it just showed it to me complete and intact. I then tried erasing the NVRAM, and putting the config back in, but no go. If I put in a simple config of a few lines it will work, it seems like if I put in to much it breaks. If I put in the Sup2 all works fine, but with the Sup3 I have this problem, they should be separate items so no clue why the AGM is affected. I even tried updating the IOS to 12.4(19) which is the current version, but this also made no difference. I also tried compressing the config, so it was smaller, and that didn't seem to work, it decompressed it fine, I could read it with show conf, but still it refused to load and run. I have to say I have never run into one like this, I performed some google's which didn't show up anything, so I am at a loss. For now I just hooked up a 2650XM I had laying here before the AGM to get me online, but it was sure nice just having everything all-in-one. Anyone have any ideas on this issue, or any information that maybe I missed in my searches?? I know this is outdated stuff, but it's run great here for me, and still should for a while I hope... --- Howard Leadmon ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] Limits of VRF-lite
Thanks. Is there a martrix available anywhere showing limitations ? On Mon, Apr 7, 2008 at 12:56 PM, Eugene Vedistchev [EMAIL PROTECTED] wrote: This is for 3750ME. 1 vrf per port, 24 FE and 2 Enhanced GE. Eugene Vedistchev Gary Roberton wrote: Hi I am sure I have read somewhere that there is a limit of 26 VRFs per router when configuring VRF-lite (multi-VRF). Has anyone else seen this? Regards Gary ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/ ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/ ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] changing from ospf to eigrp
Also, if you ever want to buy a non-Cisco router for your network, you can't since you now run EIGRP. Which is a strong argument indeed. OTOH, EIGRP *is* a fairly nice protocol - easy to understand and debug, much nicer knobs to tweak for TE things (make this link bad for *this* prefix only), fairly fast convergence out of the box, etc. How's V6 on EIGRP? (I know little about EIGRP, does it need a new version for V6 like OSPF? Does it exist?) Not having to dual IGP for V6 is one of the main plus points of ISIS imo. We do ISIS for loopbacks/router links and BGP for all other prefixes. Sadly the ISIS does lock us out of using some hardware properly (like the 3750). adam. ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] Cat6500 - Support for MPLS and IPv6
We can't moan about IOS deficienciesand also moan when Cisco take the opportunity of fundamentally new hardware to fundamentally re-architect the software to fix those problems. I like many I suspect have been suffering recently. They don't seem to be able to add a feature (or even fix a bug) without breaking 2 others. And not minor breaks but fundamental things like QoS in recent mainline 12.4 code. Its killing us in terms of testing. We cant simply do a few spot checks - we have to check every release we want to use in fine detail. I'm hoping that something like IOS XE will give a clean break with the legacy code base (at least on some platforms). Of course time will tell and I'm hopefulnot confident! On Monday 07 April 2008, Phil Mayers wrote: Honestly, I don't mean to sound too combative, but Cisco do not need to be diversifying at this point; they need to be focussing. ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] ONSs, DWDM SFPs, and the 3560/3750E
Hello Justin: I am responding to your original post after reading your comments about owning the fiber. My comments are in line below. So I'm working on a solution involving a pair of 15454s to transport numerous GigE links between a pair of sites over diverse paths and still give us a 10G upgrade path someday. Unfortunately I know little about the ONSs at this time even though I've been staring at data sheets, presentations and the Dynamic Config Tool for weeks if not months. Like where do I use the filters? The filters are put in place between your 15454 and your one-pair uplink. So, something like this: 15454 - Lambda 1 \ - Lambda 2 - Filter (muxes wavelengths) - outbound fiber - Lambda 3 / And then same in reverse. So if you have 3 Lambdas, you will have 3 fiber connections into the filter from 15454 on separate wavelengths and the output will be on one set of fibers for transport. snip http://www.cisco.com/en/US/prod/collateral/optical/ps5724/ps2006/produc t_data_sheet0900aecd805ebef7.html snip I've been told that the Xponder card can only accept GigE fiber inputs using the DWDM SFPs and that we'll have to convert to DWDM optics with an external switch if we have to use copper or other fiber links. Is this true? The one page I found on the Xponder card contradicts what this person is telling me. I haven't had any luck finding good design or implementation docs on this card or exactly how it's used. Both of our upstreams hand off as copper. Fiber is not an option with one of the upstreams and with the other it's not something that we've discussed. Either way it wouldn't be with DWDM optics. The current data center hardware can only accept copper, for now. Our internal connections can be fiber. I didn't read it that way. Here's the quote I'm referring to that indicates you can plug basically anything into it on the distribution side. The 20 client ports can be equipped with different Gigabit Ethernet SFPs: SX, LX, ZX, coarse wavelength-division multiplexing (CWDM), DWDM, or electrical (RJ45). Figure 2 shows a Layer 2 logical scheme, and Figure 3 shows a Layer 1 physical scheme. snip I would get some Cisco pre-sales support for your design, particularly since it sounds like you're a little thin on the optical engineering side. There are other considerations that they can help with (do you need the filters, loss budget calculations, amplifiers, etc.). I have found their optical teams are pretty good and, if you tell them exactly what you're trying to do they should be able to come up with a design for you. If you don't have it already, you should have good OTDR data on your fiber runs because there are different optics that you will use depending on how far (from a db-loss perspective) you have to go on the two shots. Regards, Mike PGP.sig Description: PGP signature ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
[c-nsp] CSM for service providers
Hello everyone, I'm looking to solicit some input from others that are using the Cisco CSM, in particular, service providers that are using it to host layer 4-7 switching for customers. The archives don't seem to have a ton of opinions on these guys. In general, I like the device's performance and scalability. I have actually seen them handle a million simultaneous sessions, and I've seen VIPs with 900+k sessions cause no impact to other VIPs. However, we're run into some issues that are a bit troublesome: 1) Fault-tolerance is a feature that was obviously tacked-on after the fact. Config sync is slow process that interacts badly with other IOS features like SNMP. We've been reduced to manually syncing all configs because of IOS crash risk associated with config-sync. 2) The documentation is awful. I have read pretty much everything Cisco has published and some that hasn't been published. There's more undocumented features to this device than there are documented features! Has anyone found any good resources? I've read the configuration guide, Designing Content Switching solutions, Content Network Fundamentals, and some random MS Word files I've been emailed from TAC. They are all crappy. 3) There's a general mystery surrounding the CSM - it's incredibly difficult to get decent answers to fairly simple questions. In short - I basically like the CSM, but I'm questioning it's long-term viability right now. Any input would be greatly appreciated. -- Ross Vandegrift [EMAIL PROTECTED] The good Christian should beware of mathematicians, and all those who make empty prophecies. The danger already exists that the mathematicians have made a covenant with the devil to darken the spirit and to confine man in the bonds of Hell. --St. Augustine, De Genesi ad Litteram, Book II, xviii, 37 ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] Ethernet Freezeup
On Mon, Apr 07, 2008 at 10:10:38AM -0400, Ed Ravin wrote: The story so far: On Sat, Jul 15, 2006 at 05:23:20PM -0400, Ed Ravin wrote: A few times on this list, people have discussed how a Cisco 1700 series router can suddenly freeze up on its main Ethernet interface. The problem as I've observed it hits routers that have a single Ethernet interface (and no other interfaces in use). The symptom is that the router no longer receives traffic on the Ethernet - it still transmits ARP requests and retries of routing protocol packets, but nothing is received. Getting to the console of the router and issuing clear int faste0 always fixes the problem. ... 4 weeks ago, I also upgraded the 7204 to IOS 12.3(24a). No problems since. I don't know whether the bug is quenched with the new IOS - this is definitely an improvement, but we've had similar quiet periods before. If I don't see it for another 2-3 months, then I might declare victory. And sure enough, it happened again today with the 7204. Obviously the IOS upgrade was not the answer. Can anyone suggest some commands to run before the clear int FastE0/0 on the 7204 that might shed some light on what's going on? It has to get spooled out through a 9600 bps serial port so I don't want to run anything with a lot of output. ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] Cat6500 - Support for MPLS and IPv6
btw, you forgot ION (aka Modularize IOS) ;-) I to dont mean to sound like I am on the attack on Cisco but I, like many of you, have been continuaously bitten by the need to upgrade and upgrade just to fix my first upgrade if you follow me. I will say that the different IOS idiosyncrasies and OS made sense for them at one point. If they hadnt done what they did and adjusted/accomodated their customer requirement they very likely wouldnt off been the dominant vendor today (or atleast not as fast). I however think that they are way to far now to fix IOS in its current way and as a result they have to put out a new OS (or a few of them). Again, when you look at Juniper what they had was hindsight to know what not to do in order to meet the requirements of NGN (SP and Enterprises) and they have been extremely disipline about not taking the Cisco approach. Cisco now on the other hand is combating diversity vs. focus and sooner or later you will be affected by one or the other. They are to big to just look at one without the other because at the end of the day they (more so than others due to their size) cant afford to lose any existing revenue and most find new ways to please the shareholders. You have to ask why did Cisco decide to move forward with NX-OS when IOS-XR was suppose to be their next gen modular OS? What is wrong with IOS-XR that it wasnt good enough for DC3? On Mon, Apr 7, 2008 at 12:06 PM, Mark Tinka [EMAIL PROTECTED] wrote: On Monday 07 April 2008, Phil Mayers wrote: Honestly, I don't mean to sound too combative, but Cisco do not need to be diversifying at this point; they need to be focussing. Agree... IOS, IOS XR, IOS XE, NX-OS, CatOS, along with the various idiosyncrasies of each (and their *children*) does make things interesting. I know current incarnations of IOS are not that dissimilar from mainstream IOS, but... Mark. ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/ -- Mario Puras ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] ONSs, DWDM SFPs, and the 3560/3750E
Many thanks for the reply, Michael. Michael K. Smith - Adhost wrote: The filters are put in place between your 15454 and your one-pair uplink. So, something like this: 15454 - Lambda 1 \ - Lambda 2 - Filter (muxes wavelengths) - outbound fiber - Lambda 3 / And then same in reverse. So if you have 3 Lambdas, you will have 3 fiber connections into the filter from 15454 on separate wavelengths and the output will be on one set of fibers for transport. So, if I'm understanding correctly what you wrote and what I've been researching today, essentially the xponder card acts as a switch and uses the 10G interfaces for one of 3 L2 design scenarios (outlined in the line below). No DWDM is happening yet but instead we're using the xponder card as a 20 port GigE switch with 10G uplinks. Would that be a fair statement? Then, if we have multiple xponder cards we could take their output and stuff them into muxes (15216 for example), thus introducing the benefits of DWDM. Is that correct? Or we could just carry the xponder 10G links around the network without DWDM and add the DWDM gear when out bandwidth approaches the 10G mark. Am I on track or in the ditch? Can the output from DWDM SFPs in regular switches be used as input straight into the filters? Not that I have a use for this right now (unless the 3560E-12D gained support for DWDM SFPs) but it would still be interesting. I didn't read it that way. Here's the quote I'm referring to that indicates you can plug basically anything into it on the distribution side. The 20 client ports can be equipped with different Gigabit Ethernet SFPs: SX, LX, ZX, coarse wavelength-division multiplexing (CWDM), DWDM, or electrical (RJ45). Figure 2 shows a Layer 2 logical scheme, and Figure 3 shows a Layer 1 physical scheme. I think what our SE was getting at was the use of DWDM SFPs with the filters directly. I'm reading the doc the same as you and that's the only way it seems to make any sense. I would get some Cisco pre-sales support for your design, particularly since it sounds like you're a little thin on the optical engineering side. There are other considerations that they can help with (do you need the filters, loss budget calculations, amplifiers, etc.). I have found their optical teams are pretty good and, if you tell them exactly what you're trying to do they should be able to come up with a design for you. Well, we do have an SE working with us. He's an optical specialist and good to work with. His time is very limited unfortunately. Saying that my DWDM knowledge is a little thin is being generous. :-) I have some concepts but no applicable experience. Perhaps I can find some good training on the PEL site. If you don't have it already, you should have good OTDR data on your fiber runs because there are different optics that you will use depending on how far (from a db-loss perspective) you have to go on the two shots. I haven't gotten the guys to run the links through their OTDR yet. One path is about 10k and the other is around 20k I believe. I'm already using the fiber we'll be using for single-strand GigE links. The telco techs terminate all our own fiber so repairs shouldn't be a big problem. They usually do a really good job so I'm not expecting major problems. Thanks for the input. I've gotten some great suggestions here. DWDM, while it's not a difficult to grasp concept, it's definitely a learning curve when you're trying to learn it by seeing how a particular vendor implemented all the various aspects of it. It's mind bending at times. Thanks Justin ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] CSM for service providers
Last I knew, the CSM was on its way out and being replaced with the ACE blade/appliance. That's not quite the answer to the question you asked but it does address the long term viability issue. I don't believe you should be looking at the CSM as a long-term solution. If it's in place and working then it may have some life left in it. If it's for a new deployment, look elsewhere. I mean seriously look at other options. You just need to look at the bug list for the ACE releases to get a teeny bit wary of the ACE in general. There is no Safe Harbor code release as yet and it's been probably over a year since the product was available. Vijay Ramcharan -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Ross Vandegrift Sent: April 07, 2008 15:20 To: cisco-nsp@puck.nether.net Subject: [c-nsp] CSM for service providers Hello everyone, I'm looking to solicit some input from others that are using the Cisco CSM, in particular, service providers that are using it to host layer 4-7 switching for customers. The archives don't seem to have a ton of opinions on these guys. In general, I like the device's performance and scalability. I have actually seen them handle a million simultaneous sessions, and I've seen VIPs with 900+k sessions cause no impact to other VIPs. However, we're run into some issues that are a bit troublesome: 1) Fault-tolerance is a feature that was obviously tacked-on after the fact. Config sync is slow process that interacts badly with other IOS features like SNMP. We've been reduced to manually syncing all configs because of IOS crash risk associated with config-sync. 2) The documentation is awful. I have read pretty much everything Cisco has published and some that hasn't been published. There's more undocumented features to this device than there are documented features! Has anyone found any good resources? I've read the configuration guide, Designing Content Switching solutions, Content Network Fundamentals, and some random MS Word files I've been emailed from TAC. They are all crappy. 3) There's a general mystery surrounding the CSM - it's incredibly difficult to get decent answers to fairly simple questions. In short - I basically like the CSM, but I'm questioning it's long-term viability right now. Any input would be greatly appreciated. -- Ross Vandegrift [EMAIL PROTECTED] The good Christian should beware of mathematicians, and all those who make empty prophecies. The danger already exists that the mathematicians have made a covenant with the devil to darken the spirit and to confine man in the bonds of Hell. --St. Augustine, De Genesi ad Litteram, Book II, xviii, 37 ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/ ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] ONSs, DWDM SFPs, and the 3560/3750E
Hello Justin: More in line below. -Original Message- From: Justin Shore [mailto:[EMAIL PROTECTED] Sent: Monday, April 07, 2008 1:26 PM To: Michael K. Smith - Adhost Cc: Cisco-nsp Subject: Re: [c-nsp] ONSs, DWDM SFPs, and the 3560/3750E Many thanks for the reply, Michael. Michael K. Smith - Adhost wrote: The filters are put in place between your 15454 and your one-pair uplink. So, something like this: 15454 - Lambda 1 \ - Lambda 2 - Filter (muxes wavelengths) - outbound fiber - Lambda 3 / And then same in reverse. So if you have 3 Lambdas, you will have 3 fiber connections into the filter from 15454 on separate wavelengths and the output will be on one set of fibers for transport. So, if I'm understanding correctly what you wrote and what I've been researching today, essentially the xponder card acts as a switch and uses the 10G interfaces for one of 3 L2 design scenarios (outlined in the line below). No DWDM is happening yet but instead we're using the xponder card as a 20 port GigE switch with 10G uplinks. Would that be a fair statement? That is correct. Then, if we have multiple xponder cards we could take their output and stuff them into muxes (15216 for example), thus introducing the benefits of DWDM. Is that correct? Or we could just carry the xponder 10G links around the network without DWDM and add the DWDM gear when out bandwidth approaches the 10G mark. Am I on track or in the ditch? Yep, that would be Lambda 1 and Lambda 2 above. You would put on card on 155x.x and the other one on 155y.y and then carry them out on a single set of fibers. Can the output from DWDM SFPs in regular switches be used as input straight into the filters? Not that I have a use for this right now (unless the 3560E-12D gained support for DWDM SFPs) but it would still be interesting. Yep, as long as the wavelengths match. snip By the way, have you looked at the ML-series cards? It's a different approach to the same problem, but it gives you ring failover on the back end as well. Since you own the fibers and don't have to worry about purchasing lambdas from a provider, this may be a better solution for you from a resiliency perspective. (IMO, of course). Regards, Mike PGP.sig Description: PGP signature ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] CSM for service providers
From: Ramcharan, Vijay A [EMAIL PROTECTED] Date: Mon, 07 Apr 2008 20:30:17 + To: Ross Vandegrift [EMAIL PROTECTED], cisco-nsp@puck.nether.net Conversation: [c-nsp] CSM for service providers Subject: Re: [c-nsp] CSM for service providers Last I knew, the CSM was on its way out and being replaced with the ACE blade/appliance. That's not quite the answer to the question you asked but it does address the long term viability issue. I don't believe you should be looking at the CSM as a long-term solution. If it's in place and working then it may have some life left in it. If it's for a new deployment, look elsewhere. I mean seriously look at other options. You just need to look at the bug list for the ACE releases to get a teeny bit wary of the ACE in general. There is no Safe Harbor code release as yet and it's been probably over a year since the product was available. Vijay Ramcharan We've been having fun converting the CSM configs to ACE configs. Seems virtualization means different things to different people. And Ross, your 3 points below have been our experience also. Good hardware, bad documentation, worse planning by the BU. -d -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Ross Vandegrift Sent: April 07, 2008 15:20 To: cisco-nsp@puck.nether.net Subject: [c-nsp] CSM for service providers Hello everyone, I'm looking to solicit some input from others that are using the Cisco CSM, in particular, service providers that are using it to host layer 4-7 switching for customers. The archives don't seem to have a ton of opinions on these guys. In general, I like the device's performance and scalability. I have actually seen them handle a million simultaneous sessions, and I've seen VIPs with 900+k sessions cause no impact to other VIPs. However, we're run into some issues that are a bit troublesome: 1) Fault-tolerance is a feature that was obviously tacked-on after the fact. Config sync is slow process that interacts badly with other IOS features like SNMP. We've been reduced to manually syncing all configs because of IOS crash risk associated with config-sync. 2) The documentation is awful. I have read pretty much everything Cisco has published and some that hasn't been published. There's more undocumented features to this device than there are documented features! Has anyone found any good resources? I've read the configuration guide, Designing Content Switching solutions, Content Network Fundamentals, and some random MS Word files I've been emailed from TAC. They are all crappy. 3) There's a general mystery surrounding the CSM - it's incredibly difficult to get decent answers to fairly simple questions. In short - I basically like the CSM, but I'm questioning it's long-term viability right now. Any input would be greatly appreciated. -- Ross Vandegrift [EMAIL PROTECTED] The good Christian should beware of mathematicians, and all those who make empty prophecies. The danger already exists that the mathematicians have made a covenant with the devil to darken the spirit and to confine man in the bonds of Hell. --St. Augustine, De Genesi ad Litteram, Book II, xviii, 37 ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/ ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/ This email and any attachments (Message) may contain legally privileged and/or confidential information. If you are not the addressee, or if this Message has been addressed to you in error, you are not authorized to read, copy, or distribute it, and we ask that you please delete it (including all copies) and notify the sender by return email. Delivery of this Message to any person other than the intended recipient(s) shall not be deemed a waiver of confidentiality and/or a privilege. ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] Top 10 Network Engineering Tools
Did a followup email ever come out from Joseph Jackson? -- Regards, Jason Plank CCIE #16560 e: [EMAIL PROTECTED] -- Original message -- From: Christoph Loibl [EMAIL PROTECTED] I vote for traceroute as one of the top tools (if not the topmost tool). Stoffi On Jan 28, 2008, at 9:22 PM, Joseph Jackson wrote: Hey all, Myself and a coworker are trying to get together a list of the top ten tools any network engineer shouldn't be without. We're looking for vendor neutral tools. So what do you all think are the most haves? Thanks Joseph ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/ -- CHRISTOPH LOIBL mailto:[EMAIL PROTECTED] |No trees were killed in the creation of this message. http://pix.tix.at |However, many electrons were terrible inconvenienced. CL8-RIPE PGP-Key-ID: 0x4B2C0055 +++ ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/ ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
[c-nsp] SIP VoIP Config
Hi There, Trying to make calls from a POTS do VOIP in SIP setup in attach, calls from POTS are not beeing forwarded to VoIP port. Can any one help Pedro Wiliamo Matusse Telecomunicações de Moçambique (TDM) DSI Tel. +258 21 482820 Cell. +258 82 3080780 Fax: +258 21 487812 sh run Building configuration... Current configuration : 4612 bytes ! version 12.4 service tcp-keepalives-in service tcp-keepalives-out service timestamps debug datetime msec localtime show-timezone service timestamps log datetime msec localtime show-timezone service password-encryption service udp-small-servers service tcp-small-servers service sequence-numbers ! hostname Catembe ! boot-start-marker boot-end-marker ! card type t1 1 1 logging buffered 4096 no logging console enable secret ! aaa new-model ! ! ! ! aaa session-id common clock timezone PCTime 2 no network-clock-participate slot 1 network-clock-participate wic 0 ! ! ip cef ip tcp synwait-time 10 ! ! no ip bootp server no ip domain lookup ip domain name ? ip name-server ip name-server ? ip name-server ? ip name-server ? ! multilink virtual-template 1 multilink bundle-name authenticated ! isdn switch-type primary-ni voice-card 0 no dspfarm dsp services dspfarm ! voice-card 1 no dspfarm ! ! ! ! voice service voip redirect ip2ip sip bind control source-interface Serial0/0/0:0 bind media source-interface Serial0/0/0:0 ! ! voice class codec 1 codec preference 1 g711ulaw codec preference 2 g729r8 ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! username ? password ? username ? privilege 15 password ? ! ! controller E1 0/0/0 clock source line primary channel-group 0 timeslots 1-31 ! controller E1 0/0/1 ! controller T1 1/0 framing esf clock source line primary linecode b8zs cablelength short 133 pri-group timeslots 1-24 description Dialogic Production IVR Board (D/240SC-T1) ! controller T1 1/0/0 framing esf linecode b8zs cablelength short 133 pri-group timeslots 1-24 description Dialogic Production IVR Board (D/240SC-T1) ! translation-rule 1 Rule 1 1.. 14050 ! ! ! ! ! ! ! interface Loopback0 no ip address h323-gateway voip interface h323-gateway voip id ? ipaddr ? 1718 h323-gateway voip h323-id h323-gateway voip tech-prefix 258# ! interface GigabitEthernet0/0 ip address 192.168.4.254 255.255.255.0 ip nat inside ip virtual-reassembly duplex auto speed auto media-type rj45 no keepalive ! interface GigabitEthernet0/1 no ip address shutdown duplex auto speed auto media-type rj45 no keepalive ! interface Serial0/0/0:0 ip address ? 255.255.255.252 ip nat outside ip virtual-reassembly ! interface Serial1/0:23 no ip address encapsulation ppp autodetect encapsulation ppp v120 lapb-ta no snmp trap link-status isdn switch-type primary-ni isdn timer T310 6 isdn timer T321 0 isdn incoming-voice voice isdn T309-enable isdn sending-complete no cdp enable ! interface Serial1/0/0:23 no ip address encapsulation hdlc autodetect encapsulation ppp v120 lapb-ta no snmp trap link-status isdn switch-type primary-ni isdn timer T321 0 isdn incoming-voice voice no fair-queue no cdp enable ! interface Virtual-Template1 no ip address ppp multilink ppp multilink interleave ppp multilink fragment delay 20 ip rtp reserve 16384 100 64 ! ip route 0.0.0.0 0.0.0.0 ? ! ! ip http server ip http authentication local no ip http secure-server ip nat pool ? ? netmask 255.255.255.248 ip nat inside source list 1 pool ? overload ! ! access-list 1 permit 0.0.0.255 no cdp run ! ! ! ! ! ! control-plane ! ! ! voice-port 1/0:23 bearer-cap 3100Hz ! voice-port 1/0/0:23 bearer-cap 3100Hz ! ! ! ! ! dial-peer voice 123 pots service session answer-address 8882785987 destination-pattern 888... port 1/0:23 forward-digits all ! dial-peer voice 234 pots answer-address 888... destination-pattern 888... port 1/0/0:23 forward-digits all ! dial-peer voice 100 voip service session destination-pattern .T redirect ip2ip voice-class codec 1 session protocol sipv2 session target sip-server no vad ! ! gateway timer receive-rtp 1200 ! sip-ua disable-early-media 180 retry invite 4 retry response 2 retry bye 2 retry cancel 2 retry notify 2 retry options 0 oli sip-server ipv4:? ! ! banner login ^Authorized access only! Disconnect IMMEDIATELY if you are not an authorized user!^C ! line con 0 password stopbits 1 line aux 0 stopbits 1 line vty 0 4 exec-timeout 0 0 password ! scheduler allocate 3 4000 ! end ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] CSM for service providers
On Mon, Apr 07, 2008 at 08:30:17PM +, Ramcharan, Vijay A wrote: Last I knew, the CSM was on its way out and being replaced with the ACE blade/appliance. That's not quite the answer to the question you asked but it does address the long term viability issue. I don't believe you should be looking at the CSM as a long-term solution. If it's in place and working then it may have some life left in it. If it's for a new deployment, look elsewhere. I mean seriously look at other options. You just need to look at the bug list for the ACE releases to get a teeny bit wary of the ACE in general. There is no Safe Harbor code release as yet and it's been probably over a year since the product was available. We have two existing CSM installations, and the question is going to be do we size-up these to match demand or do we start moving to another solution? As for the ACE: unless the ACE represents substantial benefits, there's no way the cost of all the license crap is going to be worth it. And if Cisco wants to hold us CSM customers hostage for working redundancy, we'll find another solution. Interesting that the safe-harbor listing is gone - CSM does receive safe-harbor qualifications, and I know that 4.2(5) was previously listed as receiving qualifications. See the stub at: http://www.cisco.com/en/US/docs/safe_harbor/enterprise/csm/4_2_5__12_2_18_sxf5/425.html Interesting that this isn't linked from the main safe-harbor page anymore. Moreover, CSM 3.X has announced end-of-support in 2011. While there is no comparable EOL/EOS data (that I know of) on CSM 4.2 software, I have no reason to think it's going to drop out of support soon. Ross Vijay Ramcharan -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Ross Vandegrift Sent: April 07, 2008 15:20 To: cisco-nsp@puck.nether.net Subject: [c-nsp] CSM for service providers Hello everyone, I'm looking to solicit some input from others that are using the Cisco CSM, in particular, service providers that are using it to host layer 4-7 switching for customers. The archives don't seem to have a ton of opinions on these guys. In general, I like the device's performance and scalability. I have actually seen them handle a million simultaneous sessions, and I've seen VIPs with 900+k sessions cause no impact to other VIPs. However, we're run into some issues that are a bit troublesome: 1) Fault-tolerance is a feature that was obviously tacked-on after the fact. Config sync is slow process that interacts badly with other IOS features like SNMP. We've been reduced to manually syncing all configs because of IOS crash risk associated with config-sync. 2) The documentation is awful. I have read pretty much everything Cisco has published and some that hasn't been published. There's more undocumented features to this device than there are documented features! Has anyone found any good resources? I've read the configuration guide, Designing Content Switching solutions, Content Network Fundamentals, and some random MS Word files I've been emailed from TAC. They are all crappy. 3) There's a general mystery surrounding the CSM - it's incredibly difficult to get decent answers to fairly simple questions. In short - I basically like the CSM, but I'm questioning it's long-term viability right now. Any input would be greatly appreciated. -- Ross Vandegrift [EMAIL PROTECTED] The good Christian should beware of mathematicians, and all those who make empty prophecies. The danger already exists that the mathematicians have made a covenant with the devil to darken the spirit and to confine man in the bonds of Hell. --St. Augustine, De Genesi ad Litteram, Book II, xviii, 37 ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/ -- Ross Vandegrift [EMAIL PROTECTED] The good Christian should beware of mathematicians, and all those who make empty prophecies. The danger already exists that the mathematicians have made a covenant with the devil to darken the spirit and to confine man in the bonds of Hell. --St. Augustine, De Genesi ad Litteram, Book II, xviii, 37 ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] CSM for service providers
I've been running the CSM for about the year and a half I've been at the service provider I work for. I like the fact that it's pretty scalable and that you can be multiple L2 hops down the line and build it out however you like, and every port in the chassis is a load balanced capable port... I haven't been using the config sync feature since it requires a CSM software upgrade, which requires us to do an IOS upgrade; from what I can hear I haven't missed much. The fault tolerance has worked alright, I just had my first failover last night - I had some config sync related issues but that was due to our environment and not the blade... I push a fair amount of traffic through it and it doesn't skip a beat. However, other than the basic load balancing / health probes and the occasional serverfarm nat, I don't really use the CSM to it's fullest extent. I will also agree that the documentation is horrible; I learned more by running it than I ever did reading the documentation... Overall I think it's pretty decent though... I did hear it's on it's way out also, but I haven't used the ACE Chris On Mon, Apr 7, 2008 at 5:33 PM, Ross Vandegrift [EMAIL PROTECTED] wrote: On Mon, Apr 07, 2008 at 08:30:17PM +, Ramcharan, Vijay A wrote: Last I knew, the CSM was on its way out and being replaced with the ACE blade/appliance. That's not quite the answer to the question you asked but it does address the long term viability issue. I don't believe you should be looking at the CSM as a long-term solution. If it's in place and working then it may have some life left in it. If it's for a new deployment, look elsewhere. I mean seriously look at other options. You just need to look at the bug list for the ACE releases to get a teeny bit wary of the ACE in general. There is no Safe Harbor code release as yet and it's been probably over a year since the product was available. We have two existing CSM installations, and the question is going to be do we size-up these to match demand or do we start moving to another solution? As for the ACE: unless the ACE represents substantial benefits, there's no way the cost of all the license crap is going to be worth it. And if Cisco wants to hold us CSM customers hostage for working redundancy, we'll find another solution. Interesting that the safe-harbor listing is gone - CSM does receive safe-harbor qualifications, and I know that 4.2(5) was previously listed as receiving qualifications. See the stub at: http://www.cisco.com/en/US/docs/safe_harbor/enterprise/csm/4_2_5__12_2_18_sxf5/425.html Interesting that this isn't linked from the main safe-harbor page anymore. Moreover, CSM 3.X has announced end-of-support in 2011. While there is no comparable EOL/EOS data (that I know of) on CSM 4.2 software, I have no reason to think it's going to drop out of support soon. Ross Vijay Ramcharan -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Ross Vandegrift Sent: April 07, 2008 15:20 To: cisco-nsp@puck.nether.net Subject: [c-nsp] CSM for service providers Hello everyone, I'm looking to solicit some input from others that are using the Cisco CSM, in particular, service providers that are using it to host layer 4-7 switching for customers. The archives don't seem to have a ton of opinions on these guys. In general, I like the device's performance and scalability. I have actually seen them handle a million simultaneous sessions, and I've seen VIPs with 900+k sessions cause no impact to other VIPs. However, we're run into some issues that are a bit troublesome: 1) Fault-tolerance is a feature that was obviously tacked-on after the fact. Config sync is slow process that interacts badly with other IOS features like SNMP. We've been reduced to manually syncing all configs because of IOS crash risk associated with config-sync. 2) The documentation is awful. I have read pretty much everything Cisco has published and some that hasn't been published. There's more undocumented features to this device than there are documented features! Has anyone found any good resources? I've read the configuration guide, Designing Content Switching solutions, Content Network Fundamentals, and some random MS Word files I've been emailed from TAC. They are all crappy. 3) There's a general mystery surrounding the CSM - it's incredibly difficult to get decent answers to fairly simple questions. In short - I basically like the CSM, but I'm questioning it's long-term viability right now. Any input would be greatly appreciated. -- Ross Vandegrift [EMAIL PROTECTED] The good Christian should beware of mathematicians, and all those who make empty prophecies. The danger already exists that the mathematicians have made a covenant with the devil to darken the spirit and to confine man in the bonds of Hell. --St. Augustine, De
[c-nsp] Transparent ASA 5510 on a dot1q Trunk
Hey Guys, Forgive the dumb question, I'm not much of a Cisco security guy... I have a 5510 I need to put in transparent mode and I want it to sit in the middle of a dot1q trunk and filter traffic for the 4 VLANs traversing the trunk between the two switches. What is the best way to do this? As someone on the list had pointed out to me once, you should be able to create inside and outside VLAN subinterfaces for each VLAN but I'm still a little confused... Anyone else have any input? The ASA supposedly does some tag switching and you need to have the same VLANs have one tag on the inside, and another tag on the outside, but I'm not exactly sure how you associate each inside VLAN with it's respective outside VLAN and vice versa in the config... Thanks, Chris ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
[c-nsp] ERSPAN
Hi Everyone, Just a few quick questions regarding ERSPAN and Wireshark. I have a lab setup to test this functionality out (two 6509E's with Sup720-3B, 12.2(18)SXF11) however with a laptop connected to the destination mirror port with Wireshark running, I was unable to see any traffic. Just hoping someone may be able to provide a few pointers as to where I went wrong (since I am unable to find many real world example configurations). SWITCH-A has a Loopback address of 192.168.100.1/32 and GigabitEthernet1/47 (source port) is an access port, part of Vlan101. SWITCH-B has a Loopback address of 192.168.200.1/32 (routed network in the middle with several hops). SWITCH-A Configuration: monitor session 1 type erspan-source source interface GigabitEthernet1/47 destination ip address 192.168.200.1 origin ip address 192.168.100.1 erspan-id 1 SWITCH-B Configuration monitor session 1 type erspan-destination destination interface GigabitEthernet1/25 source ip address 192.168.100.1 erspan-id 1 Doing a 'show monitor detail' shows that switch-a is monitoring both rx and tx on port Gi1/47 and sending the data to 192.168.200.1. The same command on switch-b shows that the source is 192.168.100.1 and it is mirroring to port Gi1/25. Doing a 'show interface Gi1/25' shows that the port is up but line protocol is in a down (monitoring) state. If anyone can she any extra light on more configuration needed, or if Wireshark etc needs to be setup in a certain way it would be much appreciated. Cheers, Nick. ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] ERSPAN
Hi Nick, Just a shot in the dark, but did you remember the no shutdown command under the monitor configuration? The start in admin disabled state. We have no problems running ERSPAN. You need supervisor HW version 3.2 (IIRC) by the way. We have some 3 year old cards that are HW version 2.1, and they won't do it. A show module can tell you the version. Too low version and the CLI tells you hardware disabled when you try to no shut the session. Regards, Peter On Tue, 2008-04-08 at 08:54 +1000, Geyer, Nick wrote: Hi Everyone, Just a few quick questions regarding ERSPAN and Wireshark. I have a lab setup to test this functionality out (two 6509E's with Sup720-3B, 12.2(18)SXF11) however with a laptop connected to the destination mirror port with Wireshark running, I was unable to see any traffic. Just hoping someone may be able to provide a few pointers as to where I went wrong (since I am unable to find many real world example configurations). SWITCH-A has a Loopback address of 192.168.100.1/32 and GigabitEthernet1/47 (source port) is an access port, part of Vlan101. SWITCH-B has a Loopback address of 192.168.200.1/32 (routed network in the middle with several hops). SWITCH-A Configuration: monitor session 1 type erspan-source source interface GigabitEthernet1/47 destination ip address 192.168.200.1 origin ip address 192.168.100.1 erspan-id 1 SWITCH-B Configuration monitor session 1 type erspan-destination destination interface GigabitEthernet1/25 source ip address 192.168.100.1 erspan-id 1 Doing a 'show monitor detail' shows that switch-a is monitoring both rx and tx on port Gi1/47 and sending the data to 192.168.200.1. The same command on switch-b shows that the source is 192.168.100.1 and it is mirroring to port Gi1/25. Doing a 'show interface Gi1/25' shows that the port is up but line protocol is in a down (monitoring) state. If anyone can she any extra light on more configuration needed, or if Wireshark etc needs to be setup in a certain way it would be much appreciated. Cheers, Nick. ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/ ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
[c-nsp] csm Bride Mode Simple scenario. Is it Possible?
Hi Guys, I have a question that I simply cannot find an answer to on the Cisco site in regards to the CSM in Bridge mode. Is it possible to have the vserver (VIP) IP in a differnt subnet range than the real IP addresses in the serverfarm that is bound to it? In other words, as an example a typical bridge configuration is like this: vlan 221 client ip address 10.20.220.2 255.255.255.0 gateway 10.20.220.1 ! vlan 220 server ip address 10.20.220.2 255.255.255.0 Two VLANs with the same IP address are bridged together. serverfarm WEBFARM nat server no nat client real 10.20.220.10 inservice real 10.20.220.20 inservice ! vserver WEB virtual 10.20.220.100 tcp www serverfarm WEBFARM persistent rebalance inservice Is it possible to do something like this: vlan 221 client ip address 10.20.220.2 255.255.255.0 gateway 10.20.220.1 ! vlan 220 server ip address 10.20.220.2 255.255.255.0 Two VLANs with the same IP address are bridged together. serverfarm WEBFARM nat server no nat client real 10.20.220.10 inservice real 10.20.220.20 inservice ! vserver WEB virtual 50.40.220.99 tcp www Place the IP address in a different subnet than the IP's in the serverfarm serverfarm WEBFARM persistent rebalance inservice On the MSFC place a static route to route the 50.40.220.99 address towards the CSM IP on vlan 221. ip route 50.40.220.99 255.255.255.255 10.20.220.2 Please if somebody knows if this is or is not possible it would be highly appreciated to hear your feedback. Regards, Brad ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] ASR performance
As a p.s. to this post - does anyone know if the ASR has ISG on the roadmap? I've found zero mention of ISG with regards to the ASR (which does limit its use in DSL aggregation). Brad MKS wrote: Hi list I was wondering if somebody has had the chance to play with the new ASR? From the introduction of ESP it's suppose to terminate 8000 subscribers on ESP5 and 16000 on ESP10, (32000 on ESP20)? Has somebody had the chance to actually test PPPoE termination performance on this box? e.g. number_of_subscribers vs. throughput vs. load ? Thanks in advance MKS http://www.cisco.com/en/US/prod/collateral/routers/ps9343/qa_c67-449980.html Q. Where are the 5- and 10-Gbps ESPs positioned in a service provider's broadband network? A. The Cisco ASR 1000 Series Router serves as a broadband aggregation router that terminates 8,000 to 16,000 subscriber sessions; supports features such as Cisco Session Border Controller (SBC) for voice over IP (VoIP), video Telepresence services, and hardware-assisted Firewall for security; and requires Gigabit Ethernet or 10 Gigabit Ethernet uplink capability. The Cisco ASR 1000 Series Router is ideally suited for deployment as a Point-to-Point Termination and Aggregation (PTA) device, L2TP Access Concentrator (LAC), or L2TP Network Server (LNS). ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/ -- Brad Gould, Network Engineer Internode Level 5, 150 Grenfell Street, Adelaide 5000 P: 08 8228 2999 F: 08 8235 6999 [EMAIL PROTECTED]; http://www.internode.on.net/ ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
[c-nsp] Support of VPLS on 7200VXR?
Hi group. I came across some mention of VPLS support for the 7200VXR on Feature Navigator with the 12.2(33)SRB/C IOS. I'm just curious what kind of VPLS support is available for this platform? I know it can do EoMPLS fairly easily but can it actually do site to multi-site configurations? I think I even found some mention of this in the archives but mentioned that there could be hardware limitations as to how scalable it is. Thoughts or comments? Thanks. Jose ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] ERSPAN
On switch B, the source IP needs to be 192.168.200.1. Yeah, it makes no sense but it works. Geyer, Nick wrote: Hi Everyone, Just a few quick questions regarding ERSPAN and Wireshark. I have a lab setup to test this functionality out (two 6509E's with Sup720-3B, 12.2(18)SXF11) however with a laptop connected to the destination mirror port with Wireshark running, I was unable to see any traffic. Just hoping someone may be able to provide a few pointers as to where I went wrong (since I am unable to find many real world example configurations). SWITCH-A has a Loopback address of 192.168.100.1/32 and GigabitEthernet1/47 (source port) is an access port, part of Vlan101. SWITCH-B has a Loopback address of 192.168.200.1/32 (routed network in the middle with several hops). SWITCH-A Configuration: monitor session 1 type erspan-source source interface GigabitEthernet1/47 destination ip address 192.168.200.1 origin ip address 192.168.100.1 erspan-id 1 SWITCH-B Configuration monitor session 1 type erspan-destination destination interface GigabitEthernet1/25 source ip address 192.168.100.1 erspan-id 1 Doing a 'show monitor detail' shows that switch-a is monitoring both rx and tx on port Gi1/47 and sending the data to 192.168.200.1. The same command on switch-b shows that the source is 192.168.100.1 and it is mirroring to port Gi1/25. Doing a 'show interface Gi1/25' shows that the port is up but line protocol is in a down (monitoring) state. If anyone can she any extra light on more configuration needed, or if Wireshark etc needs to be setup in a certain way it would be much appreciated. Cheers, Nick. ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/ ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] changing from ospf to eigrp
Is EIGRP multiprotocol? Yes, and no. Cisco says yes mostly because ... well, just because it can route for IP, IPv6, IPX, AppleTalk. Some argue that point and insist that the fact that it runs as multiple independent processes (protocol depended modules) means it is closer to a ships in the night approach than the term multiprotocol tag implies. Also - EIGRP for IPv6 is not supported by Catalyst devices as of today, IIRC. /TJ -Original Message- From: [EMAIL PROTECTED] [mailto:cisco-nsp- [EMAIL PROTECTED] On Behalf Of Adam Armstrong Sent: Monday, April 07, 2008 12:34 PM To: Gert Doering; cisco-nsp@puck.nether.net Subject: Re: [c-nsp] changing from ospf to eigrp Also, if you ever want to buy a non-Cisco router for your network, you can't since you now run EIGRP. Which is a strong argument indeed. OTOH, EIGRP *is* a fairly nice protocol - easy to understand and debug, much nicer knobs to tweak for TE things (make this link bad for *this* prefix only), fairly fast convergence out of the box, etc. How's V6 on EIGRP? (I know little about EIGRP, does it need a new version for V6 like OSPF? Does it exist?) Not having to dual IGP for V6 is one of the main plus points of ISIS imo. We do ISIS for loopbacks/router links and BGP for all other prefixes. Sadly the ISIS does lock us out of using some hardware properly (like the 3750). adam. ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/ ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] Support of VPLS on 7200VXR?
On Tuesday 08 April 2008, Jose wrote: Hi group. I came across some mention of VPLS support for the 7200VXR on Feature Navigator with the 12.2(33)SRB/C IOS. I'm just curious what kind of VPLS support is available for this platform? I know it can do EoMPLS fairly easily but can it actually do site to multi-site configurations? I think I even found some mention of this in the archives but mentioned that there could be hardware limitations as to how scalable it is. Thoughts or comments? Well, I know 12.2(33)SRC has support for the L2VPN BGP address family feature: http://www.cisco.com/en/US/docs/ios/12_2sr/12_2srb/feature/guide/srbgpl2v.html lab#sh ver | i IOS Cisco IOS Software, 7200 Software (C7200-ADVENTERPRISEK9-M), Version 12.2(33)SRC, RELEASE SOFTWARE (fc3) lab# lab(config-router)#address-family ? ipv4 Address family ipv6 Address family l2vpn Address family nsap Address family vpnv4 Address family vpnv6 Address family lab(config-router)#address-family l2vpn ? vpls Address Family modifier cr lab(config-router)#address-family l2vpn vpls ? cr lab(config-router)#address-family l2vpn vpls We've, however, been advised to use BGP Autodiscovery in this release with caution, as the code still has a few more kinks in it that need to be ironed out. Depending on how long this takes to get fixed, we could consider using another vendor that has stable support for it already. We didn't plan to deploy VPLS on our 7200's after we realized support was not included for this platform :-(. Cheers, Mark. signature.asc Description: This is a digitally signed message part. ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] csm Bride Mode Simple scenario. Is it Possible?
Yes, I do this all the time... Chris On Mon, Apr 7, 2008 at 7:27 PM, Brad Case [EMAIL PROTECTED] wrote: Hi Guys, I have a question that I simply cannot find an answer to on the Cisco site in regards to the CSM in Bridge mode. Is it possible to have the vserver (VIP) IP in a differnt subnet range than the real IP addresses in the serverfarm that is bound to it? In other words, as an example a typical bridge configuration is like this: vlan 221 client ip address 10.20.220.2 255.255.255.0 gateway 10.20.220.1 ! vlan 220 server ip address 10.20.220.2 255.255.255.0 Two VLANs with the same IP address are bridged together. serverfarm WEBFARM nat server no nat client real 10.20.220.10 inservice real 10.20.220.20 inservice ! vserver WEB virtual 10.20.220.100 tcp www serverfarm WEBFARM persistent rebalance inservice Is it possible to do something like this: vlan 221 client ip address 10.20.220.2 255.255.255.0 gateway 10.20.220.1 ! vlan 220 server ip address 10.20.220.2 255.255.255.0 Two VLANs with the same IP address are bridged together. serverfarm WEBFARM nat server no nat client real 10.20.220.10 inservice real 10.20.220.20 inservice ! vserver WEB virtual 50.40.220.99 tcp www Place the IP address in a different subnet than the IP's in the serverfarm serverfarm WEBFARM persistent rebalance inservice On the MSFC place a static route to route the 50.40.220.99 address towards the CSM IP on vlan 221. ip route 50.40.220.99 255.255.255.255 10.20.220.2 Please if somebody knows if this is or is not possible it would be highly appreciated to hear your feedback. Regards, Brad ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/ ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] ASR performance
ISG and SBC both have embedded support on the ASR, look forward to seeing some test results :) Ben On 08/04/2008, at 9:23 AM, Brad Gould wrote: As a p.s. to this post - does anyone know if the ASR has ISG on the roadmap? I've found zero mention of ISG with regards to the ASR (which does limit its use in DSL aggregation). Brad MKS wrote: Hi list I was wondering if somebody has had the chance to play with the new ASR? From the introduction of ESP it's suppose to terminate 8000 subscribers on ESP5 and 16000 on ESP10, (32000 on ESP20)? Has somebody had the chance to actually test PPPoE termination performance on this box? e.g. number_of_subscribers vs. throughput vs. load ? Thanks in advance MKS http://www.cisco.com/en/US/prod/collateral/routers/ps9343/qa_c67-449980.html Q. Where are the 5- and 10-Gbps ESPs positioned in a service provider's broadband network? A. The Cisco ASR 1000 Series Router serves as a broadband aggregation router that terminates 8,000 to 16,000 subscriber sessions; supports features such as Cisco Session Border Controller (SBC) for voice over IP (VoIP), video Telepresence services, and hardware-assisted Firewall for security; and requires Gigabit Ethernet or 10 Gigabit Ethernet uplink capability. The Cisco ASR 1000 Series Router is ideally suited for deployment as a Point-to-Point Termination and Aggregation (PTA) device, L2TP Access Concentrator (LAC), or L2TP Network Server (LNS). ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/ -- Brad Gould, Network Engineer Internode Level 5, 150 Grenfell Street, Adelaide 5000 P: 08 8228 2999 F: 08 8235 6999 [EMAIL PROTECTED]; http://www.internode.on.net/ ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/ ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] SIP VoIP Config
If you haven't already, try posting this in the cisco-voip mailing list, they are very active, [EMAIL PROTECTED] Ben On 08/04/2008, at 6:38 AM, [EMAIL PROTECTED] [EMAIL PROTECTED] wrote: Hi There, Trying to make calls from a POTS do VOIP in SIP setup in attach, calls from POTS are not beeing forwarded to VoIP port. Can any one help Pedro Wiliamo Matusse Telecomunicações de Moçambique (TDM) DSI Tel. +258 21 482820 Cell. +258 82 3080780 Fax: +258 21 487812 config HJ3825 07 04 2008 23 00h.TXT___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/ ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] ERSPAN
Hi Peter, Definitely did a no shutdown on the session and it was showing as up. When the interface is in a monitoring state, I assume the interface counters still increment as per normal? Was getting 0pps on the destination interface, but the source interface was doing ~550pps. Will also try Patrick's suggestion of setting the IP on the destination switch to its own loopback rather than the sources loopback. Thanks, Nick -Original Message- From: Peter Rathlev [mailto:[EMAIL PROTECTED] Sent: Tuesday, 8 April 2008 9:09 AM To: Geyer, Nick Cc: cisco-nsp@puck.nether.net Subject: Re: [c-nsp] ERSPAN Hi Nick, Just a shot in the dark, but did you remember the no shutdown command under the monitor configuration? The start in admin disabled state. We have no problems running ERSPAN. You need supervisor HW version 3.2 (IIRC) by the way. We have some 3 year old cards that are HW version 2.1, and they won't do it. A show module can tell you the version. Too low version and the CLI tells you hardware disabled when you try to no shut the session. Regards, Peter On Tue, 2008-04-08 at 08:54 +1000, Geyer, Nick wrote: Hi Everyone, Just a few quick questions regarding ERSPAN and Wireshark. I have a lab setup to test this functionality out (two 6509E's with Sup720-3B, 12.2(18)SXF11) however with a laptop connected to the destination mirror port with Wireshark running, I was unable to see any traffic. Just hoping someone may be able to provide a few pointers as to where I went wrong (since I am unable to find many real world example configurations). SWITCH-A has a Loopback address of 192.168.100.1/32 and GigabitEthernet1/47 (source port) is an access port, part of Vlan101. SWITCH-B has a Loopback address of 192.168.200.1/32 (routed network in the middle with several hops). SWITCH-A Configuration: monitor session 1 type erspan-source source interface GigabitEthernet1/47 destination ip address 192.168.200.1 origin ip address 192.168.100.1 erspan-id 1 SWITCH-B Configuration monitor session 1 type erspan-destination destination interface GigabitEthernet1/25 source ip address 192.168.100.1 erspan-id 1 Doing a 'show monitor detail' shows that switch-a is monitoring both rx and tx on port Gi1/47 and sending the data to 192.168.200.1. The same command on switch-b shows that the source is 192.168.100.1 and it is mirroring to port Gi1/25. Doing a 'show interface Gi1/25' shows that the port is up but line protocol is in a down (monitoring) state. If anyone can she any extra light on more configuration needed, or if Wireshark etc needs to be setup in a certain way it would be much appreciated. Cheers, Nick. ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/ ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] csm Bride Mode Simple scenario. Is it Possible?
Hey Chris, Thanks for the reply, Have you ever seen any documentation for this type of configuration on the cisco website? Regards, Brad On Tue, Apr 8, 2008 at 11:24 AM, Chris Riling [EMAIL PROTECTED] wrote: Yes, I do this all the time... Chris On Mon, Apr 7, 2008 at 7:27 PM, Brad Case [EMAIL PROTECTED] wrote: Hi Guys, I have a question that I simply cannot find an answer to on the Cisco site in regards to the CSM in Bridge mode. Is it possible to have the vserver (VIP) IP in a differnt subnet range than the real IP addresses in the serverfarm that is bound to it? In other words, as an example a typical bridge configuration is like this: vlan 221 client ip address 10.20.220.2 255.255.255.0 gateway 10.20.220.1 ! vlan 220 server ip address 10.20.220.2 255.255.255.0 Two VLANs with the same IP address are bridged together. serverfarm WEBFARM nat server no nat client real 10.20.220.10 inservice real 10.20.220.20 inservice ! vserver WEB virtual 10.20.220.100 tcp www serverfarm WEBFARM persistent rebalance inservice Is it possible to do something like this: vlan 221 client ip address 10.20.220.2 255.255.255.0 gateway 10.20.220.1 ! vlan 220 server ip address 10.20.220.2 255.255.255.0 Two VLANs with the same IP address are bridged together. serverfarm WEBFARM nat server no nat client real 10.20.220.10 inservice real 10.20.220.20 inservice ! vserver WEB virtual 50.40.220.99 tcp www Place the IP address in a different subnet than the IP's in the serverfarm serverfarm WEBFARM persistent rebalance inservice On the MSFC place a static route to route the 50.40.220.99address towards the CSM IP on vlan 221. ip route 50.40.220.99 255.255.255.255 10.20.220.2 Please if somebody knows if this is or is not possible it would be highly appreciated to hear your feedback. Regards, Brad ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/ ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] Limits of VRF-lite
I have configured 31 vrf's on 6500's (sup720's) with no problem before. The 26 vrf limitation maybe specific to other hardware though. -- Colin McNamara (858)208-8105 CCIE #18233,RHCE,GCIH http://www.colinmcnamara.com http://www.linkedin.com/in/colinmcnamara The difficult we do immediately, the impossible just takes a little longer Gary Roberton wrote: Thanks. Is there a martrix available anywhere showing limitations ? On Mon, Apr 7, 2008 at 12:56 PM, Eugene Vedistchev [EMAIL PROTECTED] wrote: This is for 3750ME. 1 vrf per port, 24 FE and 2 Enhanced GE. Eugene Vedistchev Gary Roberton wrote: Hi I am sure I have read somewhere that there is a limit of 26 VRFs per router when configuring VRF-lite (multi-VRF). Has anyone else seen this? Regards Gary ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/ ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/ ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/ ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
[c-nsp] Stacking 3750s with 3550
Hi, I have a requirement of implementing standby(HSRP) for 6509 with two 3750s (each with 12 SFP ports) one 3550(2 Gigabit 48 Fast Ethernet Ports). I have stacked 3750s as a single unit. This is taking care of my SVI HSRP requirement. I want to make 3550 also part of the 3750 stack, so it can take care of my routed ports. I would like to know whether it is possible to make 3550 switch part of 3750 stack using gigabit ports etherchannelling. Just i got the idea, but i am not sure whether it is technically possible. Any help/suggestions are greatly appreciated. Thanks Regards, Sankar -- Open WebMail Project (http://openwebmail.org) --- End of Forwarded Message --- -- Open WebMail Project (http://openwebmail.org) ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] Limits of VRF-lite
The Sup720 is good for 1024 vrf's, the limitation is in the number of routes it can hold, which will vary on memory. On 08/04/2008, at 12:21 PM, Colin McNamara wrote: I have configured 31 vrf's on 6500's (sup720's) with no problem before. The 26 vrf limitation maybe specific to other hardware though. -- Colin McNamara (858)208-8105 CCIE #18233,RHCE,GCIH http://www.colinmcnamara.com http://www.linkedin.com/in/colinmcnamara The difficult we do immediately, the impossible just takes a little longer Gary Roberton wrote: Thanks. Is there a martrix available anywhere showing limitations ? On Mon, Apr 7, 2008 at 12:56 PM, Eugene Vedistchev [EMAIL PROTECTED] wrote: This is for 3750ME. 1 vrf per port, 24 FE and 2 Enhanced GE. Eugene Vedistchev Gary Roberton wrote: Hi I am sure I have read somewhere that there is a limit of 26 VRFs per router when configuring VRF-lite (multi-VRF). Has anyone else seen this? Regards Gary ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/ ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/ ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/ ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/ ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/