[c-nsp] Cisco Console Port - Question ?
Hi All, I see that our normal Console port can be configured for the following commands .. Access-class X in Transport preferred TELNET In which scenario do we need these IP commands in a Console Port ??? Can Console port listen to IP traffic ?? Rijas ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
[c-nsp] EoMPLS terminating on PE?
Hi, I'm having a problem understanding how to configure EoMPLS in a specific case, I've read lots of docs and found lots of examples, but none that apply to my problem, so I'm not even sure that what I want to do is possible. I have two 7206 G1 PE routers with client-facing ATM interfaces, running CE-PE OSPF over the aal5snap VCs. I want one of those PEs to speak OSPF directly to a CE connected to a VC coming in on the *other* PE. In effect, I want to extend the VC coming in on one PE so that it (L3) terminates on another PE. I don't see how to configure this, is it possible ? Thanks, -- Nathan ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
[c-nsp] *** Problem with collecting flows
Hi all! I have some problems using flow-capture and Cisco routers 7206-VXR/NPE-G2. Once per 2 or 3 days the proccess flow-capture dies. It disappears from top-table on the server, working as a collector (FreeBSD, Intel Xeon 3220 4GB 4x1000GB 1x250GB ARECA 1110). A Collector is not loaded hardly. For example, results of tcpdump in the management VLAN during the problem are: 11:16:39.616421 arp who-has 10.0.11.3 tell 10.0.11.11 11:16:39.616426 arp who-has 10.0.11.3 tell 10.0.11.11 11:16:39.616509 arp reply 10.0.11.3 is-at 00:1a:2f:5b:48:18 (oui Unknown) 11:16:39.616515 arp reply 10.0.11.3 is-at 00:1a:2f:5b:48:18 (oui Unknown) 11:16:39.616559 IP 10.0.11.11 10.0.11.3: ICMP 10.0.11.11 udp port 9997 unreachable, length 36 11:16:39.616565 IP 10.0.11.11 10.0.11.3: ICMP 10.0.11.11 udp port 9997 unreachable, length 36 11:16:39.629802 IP 10.0.11.3.50494 10.0.11.11.9997: UDP, length 1464 11:16:39.629924 IP 10.0.11.3.50494 10.0.11.11.9997: UDP, length 1464 But 10-15 seconds before it: 11:16:25.804800 IP 10.0.11.1.57907 10.0.11.11.9997: UDP, length 1464 11:16:25.804921 IP 10.0.11.1.57907 10.0.11.11.9997: UDP, length 1464 11:16:25.805964 IP 10.0.11.3.50494 10.0.11.11.9997: UDP, length 1464 11:16:25.806088 IP 10.0.11.3.50494 10.0.11.11.9997: UDP, length 1464 11:16:25.809257 IP 10.0.11.124.snmp 10.0.11.14.54601: C=** GetResponse(36) interfaces.ifTable.ifEntry.ifInOctets.10013=2568101177 11:16:25.809262 IP 10.0.11.124.snmp 10.0.11.14.54601: C=** GetResponse(36) interfaces.ifTable.ifEntry.ifInOctets.10013=2568101177 Here, a collector has ip=10.0.11.11 and others addresses - routers(72XX) and switches(2960). Can anybody explain this situation and, maybe, help in it. Thanks for all Regards Sergey Kremeznoy ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] 7206VXR and CBWFQ
I see you have your PVC as vbr-nrt. Orig poster has UBR When we've tested QoS on ADSL we found the PVC had to be configured as VBR-NRT to make QOS work. this may be the issue here. I'm sure I found a reference on CCO to this behaviour but cant find it again quickly. Regards Dean - Original Message - From: Brian Turnbow [EMAIL PROTECTED] To: Victor Cappuccio [EMAIL PROTECTED] Cc: Networkers [EMAIL PROTECTED]; cisco-nsp@puck.nether.net Sent: Monday, October 20, 2008 10:20 AM Subject: Re: [c-nsp] 7206VXR and CBWFQ Please don't tell that to this router policy-map llq class sipRTP priority 512 class class-default fair-queue random-detect vc-class atm CVPHDSL-VoIP vbr-nrt 1524 1524 encapsulation aal5snap interface ATM3/0.20842 point-to-point description cust 1 ip address192.168.0.41 255.255.255.252 pvc CVPH_CUSTVOIP 208/42 class-vc CVPHDSL-VoIP service-policy out llq 7200-accessjn3#sh policy-map int ATM3/0.20842 ATM3/0.20842: VC 208/42 - Service-policy output: llq queue stats for all priority classes: queue limit 64 packets (queue depth/total drops/no-buffer drops) 0/0/0 (pkts output/bytes output) 5466056/418685691 Class-map: sipRTP (match-all) 5466056 packets, 418685691 bytes 5 minute offered rate 61000 bps, drop rate 0 bps Match: access-group 5 Priority: 512 kbps, burst bytes 12800, b/w exceed drops: 0 Class-map: class-default (match-any) 492783 packets, 493906760 bytes 5 minute offered rate 509000 bps, drop rate 0 bps Match: any 492783 packets, 493906760 bytes 5 minute rate 509000 bps Queueing queue limit 64 packets (queue depth/total drops/no-buffer drops/flowdrops) 0/50/0/50 (pkts output/bytes output) 492733/493866217 Fair-queue: per-flow queue limit 16 Exp-weight-constant: 9 (1/512) Mean queue depth: 0 packets class Transmitted Random drop Tail/Flow drop Minimum Maximum Mark pkts/bytespkts/bytes pkts/bytesthresh thresh prob 0 486842/493318682 0/0 50/40543 2040 1/10 1 54/22464 0/0 0/0 2240 1/10 2 6/746 0/0 0/0 2440 1/10 3 0/0 0/0 0/0 2640 1/10 4 5/330 0/0 0/0 2840 1/10 5 20/12000/0 0/0 3040 1/10 65753/515372 0/0 0/0 3240 1/10 7 53/74230/0 0/0 3440 1/10 http://www.cisco.com/en/US/tech/tk39/tk824/technologies_configuration_example09186a0080094cf6.shtml Brian From: Victor Cappuccio [mailto:[EMAIL PROTECTED] Sent: venerdì 17 ottobre 2008 18.52 To: Brian Turnbow Cc: Networkers; cisco-nsp@puck.nether.net Subject: Re: [c-nsp] 7206VXR and CBWFQ Hi, Subinterfaces and software interfaces do not have their own separate transmit (Tx) ring; therefore, no congestion can occur. These interface types include dialers, tunnels, and Frame Relay subinterfaces, and will only congest when their main hardware interface Tx ring congests. The Tx ring state is an indication of congestion for software interfaces. router(config)# interface Serial0/0.1 router(config-subif)# service-policy output test CBWFQ : Not supported on subinterfaces 1.- Create a child or lower-level policy that configures a queueing mechanism. In the example below, we configure LLQ using the priority command and CBWFQ using the bandwidth command. Refer to Congestion Management Overview for more information. policy-map child class voice priority 512 2. Create a parent or top-level policy that applies class-based shaping. Apply the child policy as a command under the parent policy since the admission control for the child class is done based on the shaping rate for the parent class. policy-map parent class class-default shape average 200 service-policy child 3. Apply the parent policy to the subinterface. interface Serial0/0.1 service-policy parent Cisco Page: http://tinyurl.com/ytt8ge Note: Class-based shaping works at the interface and subinterface level. Cisco IOS 12.2(2.5) introduces the ability to configure shaping on the main interface and IP addresses on the subinterfaces. thanks, Victor Cappuccio CCIE R/S# 20657 CCSI# 30452 www.anetworkerblog.com On Fri, Oct 17, 2008 at 6:19 PM, Brian Turnbow [EMAIL PROTECTED] wrote: Your pvc needs to be abr/vbr/cbr You can't do it on ubr Regards Brian -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Networkers Sent: venerdì 17
Re: [c-nsp] 7206VXR and CBWFQ
Here it is Because CBWFQ provides a minimum bandwidth guarantee, you can only apply CBWFQ to VCs with classes of service other than UBR and UBR+. http://www.cisco.com/en/US/tech/tk39/tk824/technologies_configuration_example09186a0080094cf6.shtml - Original Message - From: Dean Smith [EMAIL PROTECTED] To: cisco-nsp@puck.nether.net Sent: Monday, October 20, 2008 11:21 AM Subject: Re: [c-nsp] 7206VXR and CBWFQ I see you have your PVC as vbr-nrt. Orig poster has UBR When we've tested QoS on ADSL we found the PVC had to be configured as VBR-NRT to make QOS work. this may be the issue here. I'm sure I found a reference on CCO to this behaviour but cant find it again quickly. Regards Dean - Original Message - From: Brian Turnbow [EMAIL PROTECTED] To: Victor Cappuccio [EMAIL PROTECTED] Cc: Networkers [EMAIL PROTECTED]; cisco-nsp@puck.nether.net Sent: Monday, October 20, 2008 10:20 AM Subject: Re: [c-nsp] 7206VXR and CBWFQ Please don't tell that to this router policy-map llq class sipRTP priority 512 class class-default fair-queue random-detect vc-class atm CVPHDSL-VoIP vbr-nrt 1524 1524 encapsulation aal5snap interface ATM3/0.20842 point-to-point description cust 1 ip address192.168.0.41 255.255.255.252 pvc CVPH_CUSTVOIP 208/42 class-vc CVPHDSL-VoIP service-policy out llq 7200-accessjn3#sh policy-map int ATM3/0.20842 ATM3/0.20842: VC 208/42 - Service-policy output: llq queue stats for all priority classes: queue limit 64 packets (queue depth/total drops/no-buffer drops) 0/0/0 (pkts output/bytes output) 5466056/418685691 Class-map: sipRTP (match-all) 5466056 packets, 418685691 bytes 5 minute offered rate 61000 bps, drop rate 0 bps Match: access-group 5 Priority: 512 kbps, burst bytes 12800, b/w exceed drops: 0 Class-map: class-default (match-any) 492783 packets, 493906760 bytes 5 minute offered rate 509000 bps, drop rate 0 bps Match: any 492783 packets, 493906760 bytes 5 minute rate 509000 bps Queueing queue limit 64 packets (queue depth/total drops/no-buffer drops/flowdrops) 0/50/0/50 (pkts output/bytes output) 492733/493866217 Fair-queue: per-flow queue limit 16 Exp-weight-constant: 9 (1/512) Mean queue depth: 0 packets class Transmitted Random drop Tail/Flow drop Minimum Maximum Mark pkts/bytespkts/bytes pkts/bytesthresh thresh prob 0 486842/493318682 0/0 50/40543 20 40 1/10 1 54/22464 0/0 0/0 22 40 1/10 2 6/746 0/0 0/0 24 40 1/10 3 0/0 0/0 0/0 26 40 1/10 4 5/330 0/0 0/0 28 40 1/10 5 20/12000/0 0/0 30 40 1/10 65753/515372 0/0 0/0 32 40 1/10 7 53/74230/0 0/0 34 40 1/10 http://www.cisco.com/en/US/tech/tk39/tk824/technologies_configuration_example09186a0080094cf6.shtml Brian From: Victor Cappuccio [mailto:[EMAIL PROTECTED] Sent: venerdì 17 ottobre 2008 18.52 To: Brian Turnbow Cc: Networkers; cisco-nsp@puck.nether.net Subject: Re: [c-nsp] 7206VXR and CBWFQ Hi, Subinterfaces and software interfaces do not have their own separate transmit (Tx) ring; therefore, no congestion can occur. These interface types include dialers, tunnels, and Frame Relay subinterfaces, and will only congest when their main hardware interface Tx ring congests. The Tx ring state is an indication of congestion for software interfaces. router(config)# interface Serial0/0.1 router(config-subif)# service-policy output test CBWFQ : Not supported on subinterfaces 1.- Create a child or lower-level policy that configures a queueing mechanism. In the example below, we configure LLQ using the priority command and CBWFQ using the bandwidth command. Refer to Congestion Management Overview for more information. policy-map child class voice priority 512 2. Create a parent or top-level policy that applies class-based shaping. Apply the child policy as a command under the parent policy since the admission control for the child class is done based on the shaping rate for the parent class. policy-map parent class class-default shape average 200 service-policy child 3. Apply the parent policy to the subinterface. interface Serial0/0.1 service-policy parent Cisco Page: http://tinyurl.com/ytt8ge Note: Class-based shaping works at the interface and subinterface level. Cisco IOS 12.2(2.5) introduces the ability to configure shaping on the main interface and IP addresses on the subinterfaces. thanks,
Re: [c-nsp] EoMPLS terminating on PE?
Nathan wrote on Monday, October 20, 2008 10:29 AM: Hi, I'm having a problem understanding how to configure EoMPLS in a specific case, I've read lots of docs and found lots of examples, but none that apply to my problem, so I'm not even sure that what I want to do is possible. I have two 7206 G1 PE routers with client-facing ATM interfaces, running CE-PE OSPF over the aal5snap VCs. I want one of those PEs to speak OSPF directly to a CE connected to a VC coming in on the *other* PE. In effect, I want to extend the VC coming in on one PE so that it (L3) terminates on another PE. I don't see how to configure this, is it possible ? you need the routed pseudowire feature, but this is currently only supported on the 7600 (http://www.cisco.com/en/US/docs/ios/12_2sr/release/notes/122SRrn.html#w p3970796). If this is a one-off requirement (i.e. not supposed to scale), you could use a physical loop cable :-| oli ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
[c-nsp] NMS for l2vpn service instance
Hi experts !!! I'd like to ask you for help / advice on cisco 7600 l2 vpn's management Can you recommend any system for as much as monitoring and gathering statistics on l2 vpns? Do you know the software capable of discovering service instances on physical interface ? Service instance don't have ip address on them , nor they are subinterface but may contain connect/xconnect to another mpls router - and the role of this c7600 ends . L2 vfi ? I see Cisco Metro Ethernet Solution Center is the first choice but if it does a lot more - provisioning , but are there any opensource nms capable of doing this, out of the box ? // great thanks Peter Sawicki network admin / service provider poland ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] Sup720, SXH or SXF?
On 17/10/2008 09:09, Peter Taphouse wrote: * SXF15 which has a bug in BFD that caused a router to reload when it detects a link flap, turning a sub-second blip into a 10 minute brown out whilst the router reloaded. We're now still running SXF15, and we've not had any problems since we disabled bfd everywhere. Unfortunately, despite repeated prodding, Cisco have flatly refused to fix BFD in SXF - we ended up jumping to SRC1 on our 7600s, which was a shame as we were otherwise happy with SXF. ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] EoMPLS terminating on PE?
On Mon, Oct 20, 2008 at 12:54 PM, Oliver Boehmer (oboehmer) [EMAIL PROTECTED] wrote: you need the routed pseudowire feature, but this is currently only supported on the 7600 If this is a one-off requirement (i.e. not supposed to scale), you could use a physical loop cable :-| Most definitely one-off, but what kind of loop cable would that be ? An ATM one? I'm thinking that I could terminate the aal5snap pvc into a VLAN on some convenient third PE router, and then run a straight 802.1q into the PE router I want the termination on, but mightn't there be some kind of encapsulation problem? All the examples I've seen do xconnects between VLANs or between PVCs, not between a VLAN on one hand and a PVC on the other hand. Thanks, Nathan (Anxiously waiting to see if anyone has insights on my service provider network design question from a few days ago, no one's taken me up so far ;-)) ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] EoMPLS terminating on PE?
I don't think that routed pseudowire would work for you, but I could be mistaken. However, external loop may work. If I understand your problem well, this is what you want (horrible ascii art follows): [CE]---{ATM PVC}---[PE]---[P]---[PE] | {L3} | | +---xconnect---+ If I understood that correctly, and you are willing to play with external loopbacks (since you own 7600, you definitely are, btw.) read on. Most definitely one-off, but what kind of loop cable would that be ? An ATM one? Yes, you can loop, for example ATM3/0/0 to ATM3/0/1 on rightmost PE. Have xconnect from 3/0/0 to leftmost PE and L3 interface on 3/0/1. If you have available and unused ATM interfaces, this is the easiest thing to do. It's a little bit expensive, IMHO. I'm thinking that I could terminate the aal5snap pvc into a VLAN on some convenient third PE router, and then run a straight 802.1q into the PE router I want the termination on, but mightn't there be some kind of encapsulation problem? All the examples I've seen do xconnects between VLANs or between PVCs, not between a VLAN on one hand and a PVC on the other hand. This could be on the right track, though. I'm not entirely sure about support on 7600, but you could have xconnect between ATM and 802.1Q interface using IP interworking. Another approach, without 3rd party router would be to loop two GigabitEthernet inerfaces on rightmost PE using an external cable and do exactly the same thing as described with ATM loopback above. You would xconnect from one and have L3 on the other one. Note that if you are using LAN cards for this excercise, you will need to configure VLAN mapping, as VLAN's are global. It's still a little bit cheaper than using ATM interfaces, albeit messier. (Anxiously waiting to see if anyone has insights on my service provider network design question from a few days ago, no one's taken me up so far ;-)) ( it was a little bit unclear :-) ) HTH. -- Marko CCIE #18427 My network blog: http://cisco.markom.info/ ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] OSPF over PPPoATM
The 2800 is also connected to the 7200 via a frame-relay to ATM PVC on which OSPF is running fine (but not IPv6, but that's another story). What is happening to those hello packets? Who is eating them? Before I accuse intermediate DSLAM filtering them, could you post relevant interface and OSPF process configurations from both routers, please? -- Marko CCIE #18427 My network blog: http://cisco.markom.info/ ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
[c-nsp] rtr responder on 6500
We are setting up a testbed for IP SLA monitoring and I wanted to include our core 6500 switches into the test. For 2 of them this went without problem, on two others this doesn't work : I get the following error (after putting on debug) : RTR unable to set SO_STRICT_ADDR_BIND option I searched the Cisco website and also did a google search but this didn't give any results. Anyone an idea of what is going wrong here ? Both not-working routers have a SUP32, the working ones a SUP2 supervisor. Router1 s3223_rp-IPBASEK9-VM Version 12.2(18)SXF6 WS-SUP32-GE-3B : rtr responder not working Router2 s222_rp-IPSERVICESK9-M Version 12.2(18)SXF6 WS-X6K-SUP2-2GE : rtr responder working Router3 s3223_rp-IPBASEK9-VM Version 12.2(18)SXF6 WS-SUP32-GE-3B : rtr responder not working Router4 s222_rp-IPSERVICESK9-M Version 12.2(18)SXF6 WS-X6K-SUP2-2GE : rtr responder working Is it possible I need the ipservices version to do this ? Anyone a clue on what the error means ? The rtr responder command is accepted in all versions. Wim Holemans Netwerkdienst Universiteit Antwerpen ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] rtr responder on 6500
Holemans Wim wrote: We are setting up a testbed for IP SLA monitoring and I wanted to include our core 6500 switches into the test. For 2 of them this went without problem, on two others this doesn't work : I get the following error (after putting on debug) : RTR unable to set SO_STRICT_ADDR_BIND option I searched the Cisco website and also did a google search but this didn't give any results. Anyone an idea of what is going wrong here ? Both not-working routers have a SUP32, the working ones a SUP2 supervisor. Router1 s3223_rp-IPBASEK9-VM Version 12.2(18)SXF6 WS-SUP32-GE-3B : rtr responder not working Router2 s222_rp-IPSERVICESK9-M Version 12.2(18)SXF6 WS-X6K-SUP2-2GE : rtr responder working Router3 s3223_rp-IPBASEK9-VM Version 12.2(18)SXF6 WS-SUP32-GE-3B : rtr responder not working Router4 s222_rp-IPSERVICESK9-M Version 12.2(18)SXF6 WS-X6K-SUP2-2GE : rtr responder working Is it possible I need the ipservices version to do this ? Anyone a clue on what the error means ? The rtr responder command is accepted in all versions. I think you need ipservices. Also, IIRC RTR has crash-bugs under SXF, and you are advised to not use it at all :o( ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] rtr responder on 6500
Holemans Wim wrote on Monday, October 20, 2008 3:50 PM: We are setting up a testbed for IP SLA monitoring and I wanted to include our core 6500 switches into the test. For 2 of them this went without problem, on two others this doesn't work : I get the following error (after putting on debug) : RTR unable to set SO_STRICT_ADDR_BIND option I searched the Cisco website and also did a google search but this didn't give any results. Anyone an idea of what is going wrong here ? Both not-working routers have a SUP32, the working ones a SUP2 supervisor. Router1 s3223_rp-IPBASEK9-VM Version 12.2(18)SXF6 WS-SUP32-GE-3B : rtr responder not working Router2 s222_rp-IPSERVICESK9-M Version 12.2(18)SXF6 WS-X6K-SUP2-2GE : rtr responder working Router3 s3223_rp-IPBASEK9-VM Version 12.2(18)SXF6 WS-SUP32-GE-3B : rtr responder not working Router4 s222_rp-IPSERVICESK9-M Version 12.2(18)SXF6 WS-X6K-SUP2-2GE : rtr responder working Is it possible I need the ipservices version to do this ? Anyone a clue on what the error means ? The rtr responder command is accepted in all versions. Wim, this seems to be related to ION/Modular IOS (which you're running on R1 and R3) not supporting the SO_STRICT_ADDR_BIND which RTR responder uses.. looks like 12.2(33)SXH and later can be used.. oli ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] Conditional BGP
Hi Hank It's a good question. Your approach is good as mentioned by others in the thread, if you advertise both externally at the same time. Private peering agreements may still prefer the prepended route as it costs them less money. Hence do not advertise your prefix on the backup path as long as the backup ebgp peer is advertising the route back to you. This was done with local pref. simon -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Hank Nussbacher Sent: 19 October 2008 09:36 To: cisco-nsp@puck.nether.net Subject: Re: [c-nsp] Conditional BGP At 09:47 PM 18-10-08 +0500, Masood Ahmad Shah wrote: I am curious if anyone else uses conditional BGP as a poor man's DRP? Suppose you have site A with 192.168.1.0/24. The site is connected to 2 upstream ISPs and they have a number of servers at site A. They now create a DRP site (site B), which is also connected to 2 upstream ISPs and they create a mirror copy of those servers from site A over at site B and assign them the *exact* same IP addresses as at site A. They have the router at site B do conditional BGP, checking to see if it sees 192.168.1.0/24 from the Internet. As soon as it disappears (site A is gone), site B starts announcing 192.168.1.0/24 to the Internet and all the DRP servers at site B are suddenly active. Ignoring the syncing of the servers from site B to site A, what is the downside of such a poor mans' DRP solution? Regards, Hank A nice book on BGP Practical BGP By Russ White Regards, Masood BLOG: http://www.weblogs.com.pk/jahil -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Mark Boolootian Sent: Wednesday, September 24, 2008 6:06 AM To: [EMAIL PROTECTED] Cc: cisco-nsp@puck.nether.net Subject: Re: [c-nsp] Conditional BGP 2) View the NANOG presentation archives. Several come to mind; I'll try to compile a list of suggestions, or just browse away. Search the presentation archive for Smith and BGP. Philip Smith's BGP tutorials are outstanding. ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/ ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] 7206VXR and CBWFQ
Please don't tell that to this router policy-map llq class sipRTP priority 512 class class-default fair-queue random-detect vc-class atm CVPHDSL-VoIP vbr-nrt 1524 1524 encapsulation aal5snap interface ATM3/0.20842 point-to-point description cust 1 ip address192.168.0.41 255.255.255.252 pvc CVPH_CUSTVOIP 208/42 class-vc CVPHDSL-VoIP service-policy out llq 7200-accessjn3#sh policy-map int ATM3/0.20842 ATM3/0.20842: VC 208/42 - Service-policy output: llq queue stats for all priority classes: queue limit 64 packets (queue depth/total drops/no-buffer drops) 0/0/0 (pkts output/bytes output) 5466056/418685691 Class-map: sipRTP (match-all) 5466056 packets, 418685691 bytes 5 minute offered rate 61000 bps, drop rate 0 bps Match: access-group 5 Priority: 512 kbps, burst bytes 12800, b/w exceed drops: 0 Class-map: class-default (match-any) 492783 packets, 493906760 bytes 5 minute offered rate 509000 bps, drop rate 0 bps Match: any 492783 packets, 493906760 bytes 5 minute rate 509000 bps Queueing queue limit 64 packets (queue depth/total drops/no-buffer drops/flowdrops) 0/50/0/50 (pkts output/bytes output) 492733/493866217 Fair-queue: per-flow queue limit 16 Exp-weight-constant: 9 (1/512) Mean queue depth: 0 packets class Transmitted Random drop Tail/Flow drop Minimum Maximum Mark pkts/bytespkts/bytes pkts/bytesthresh thresh prob 0 486842/493318682 0/0 50/40543 2040 1/10 1 54/22464 0/0 0/0 2240 1/10 2 6/746 0/0 0/0 2440 1/10 3 0/0 0/0 0/0 2640 1/10 4 5/330 0/0 0/0 2840 1/10 5 20/12000/0 0/0 3040 1/10 65753/515372 0/0 0/0 3240 1/10 7 53/74230/0 0/0 3440 1/10 http://www.cisco.com/en/US/tech/tk39/tk824/technologies_configuration_example09186a0080094cf6.shtml Brian From: Victor Cappuccio [mailto:[EMAIL PROTECTED] Sent: venerdì 17 ottobre 2008 18.52 To: Brian Turnbow Cc: Networkers; cisco-nsp@puck.nether.net Subject: Re: [c-nsp] 7206VXR and CBWFQ Hi, Subinterfaces and software interfaces do not have their own separate transmit (Tx) ring; therefore, no congestion can occur. These interface types include dialers, tunnels, and Frame Relay subinterfaces, and will only congest when their main hardware interface Tx ring congests. The Tx ring state is an indication of congestion for software interfaces. router(config)# interface Serial0/0.1 router(config-subif)# service-policy output test CBWFQ : Not supported on subinterfaces 1.- Create a child or lower-level policy that configures a queueing mechanism. In the example below, we configure LLQ using the priority command and CBWFQ using the bandwidth command. Refer to Congestion Management Overview for more information. policy-map child class voice priority 512 2. Create a parent or top-level policy that applies class-based shaping. Apply the child policy as a command under the parent policy since the admission control for the child class is done based on the shaping rate for the parent class. policy-map parent class class-default shape average 200 service-policy child 3. Apply the parent policy to the subinterface. interface Serial0/0.1 service-policy parent Cisco Page: http://tinyurl.com/ytt8ge Note: Class-based shaping works at the interface and subinterface level. Cisco IOS 12.2(2.5) introduces the ability to configure shaping on the main interface and IP addresses on the subinterfaces. thanks, Victor Cappuccio CCIE R/S# 20657 CCSI# 30452 www.anetworkerblog.com On Fri, Oct 17, 2008 at 6:19 PM, Brian Turnbow [EMAIL PROTECTED] wrote: Your pvc needs to be abr/vbr/cbr You can't do it on ubr Regards Brian -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Networkers Sent: venerdì 17 ottobre 2008 17.10 To: cisco-nsp@puck.nether.net Subject: [c-nsp] 7206VXR and CBWFQ Whenever I try to apply the following I get an error message about how CBWFQ can't be applied to subinterfaces. What
[c-nsp] FWSM Static NAT gets stuck..
Hello All - Seeing an issue on FWSM running 3.2(4) code.. Where a static nat gets stuck, and the host becomes unreachable via both ingress/egress If i issue a clear xlate local x.x.x.x, this clears things up and connectivity is restored there are currently 2 hosts on the same network, yet this problem only occurs with one of them static (DMZ,OUTSIDE) 1.1.1.24 2.2.2.24 netmask 255.255.255.255 static (DMZ,OUTSIDE) 1.1.1.25 2.2.2.25 netmask 255.255.255.255 .24 is the one that becomes stuck, .25 is fine and never has a problem.. any ideas/possible bugs? thanks christian ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] FWSM Static NAT gets stuck..
Do you see the correct arp for the translation when it stops working? You might need to define a static arp with alias to fix it. --- On Mon, 20/10/08, Christian Koch [EMAIL PROTECTED] wrote: From: Christian Koch [EMAIL PROTECTED] Subject: [c-nsp] FWSM Static NAT gets stuck.. To: Cisco-nsp cisco-nsp@puck.nether.net Date: Monday, 20 October, 2008, 3:38 PM Hello All - Seeing an issue on FWSM running 3.2(4) code.. Where a static nat gets stuck, and the host becomes unreachable via both ingress/egress If i issue a clear xlate local x.x.x.x, this clears things up and connectivity is restored there are currently 2 hosts on the same network, yet this problem only occurs with one of them static (DMZ,OUTSIDE) 1.1.1.24 2.2.2.24 netmask 255.255.255.255 static (DMZ,OUTSIDE) 1.1.1.25 2.2.2.25 netmask 255.255.255.255 .24 is the one that becomes stuck, .25 is fine and never has a problem.. any ideas/possible bugs? thanks christian ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/ Send instant messages to your online friends http://uk.messenger.yahoo.com ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] FWSM Static NAT gets stuck..
i checked this when it happened the first time but i forgot what the ouput was...thanks for the suggestion, i'll have to check it again next time it pops up christian On Mon, Oct 20, 2008 at 10:58 AM, Ozgur Guler [EMAIL PROTECTED] wrote: Do you see the correct arp for the translation when it stops working? You might need to define a static arp with alias to fix it. --- On Mon, 20/10/08, Christian Koch [EMAIL PROTECTED] wrote: From: Christian Koch [EMAIL PROTECTED] Subject: [c-nsp] FWSM Static NAT gets stuck.. To: Cisco-nsp cisco-nsp@puck.nether.net Date: Monday, 20 October, 2008, 3:38 PM Hello All - Seeing an issue on FWSM running 3.2(4) code.. Where a static nat gets stuck, and the host becomes unreachable via both ingress/egress If i issue a clear xlate local x.x.x.x, this clears things up and connectivity is restored there are currently 2 hosts on the same network, yet this problem only occurs with one of them static (DMZ,OUTSIDE) 1.1.1.24 2.2.2.24 netmask 255.255.255.255 static (DMZ,OUTSIDE) 1.1.1.25 2.2.2.25 netmask 255.255.255.255 .24 is the one that becomes stuck, .25 is fine and never has a problem.. any ideas/possible bugs? thanks christian ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/ Send instant messages to your online friends http://uk.messenger.yahoo.com ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
[c-nsp] %UTIL-3-IDTREE_TRACE: SSM SEG freelist DB
Hi there... I just scanned Cisco's site and come up empty... got this weird message in our logs this morning on a 7206VXR-NPE2G: Oct 20 11:37:17: %UTIL-3-IDTREE_TRACE: SSM SEG freelist DB:Duplicate ID free for 11532219 (count = 2) -Traceback= 662444 6633DC 663B0C 2E1D644 2E1D7AC 17BCAA0 17A1FB0 17A56A4 17A5B08 It's running: Cisco IOS Software, 7200 Software (C7200P-ADVENTERPRISEK9-M), Version 12.2(33)SRC2, RELEASE SOFTWARE (fc2) Anyone have a clue what this means? Is it an IOS bug or some other type of error I should be concerned about? Best regards, Paul Stewart ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] %UTIL-3-IDTREE_TRACE: SSM SEG freelist DB
Googling UTIL-3-IDTREE_TRACE returns 6 hits. Apparently applicable for 10K and 12K boxes: http://74.125.45.104/search?q=cache:e_oNyDi2EUcJ:cco.cisco.com/en/US/doc s/ios/12_0/12_0sy/release/notes/120SYrn.html+UTIL-3-IDTREE_TRACEhl=enc t=clnkcd=1gl=us CSCek77589 Symptoms: The following message is observed in syslog/console. %UTIL-3-IDTREE_TRACE: SSM SEG freelist DB:Duplicate ID free Conditions: This symptom was observed during scalability testing of a large number (over 2000) of PPP sessions being brought up and torn down continuously. Workaround: There is no workaround. Listed under two other links: http://www.cisco.com/en/US/docs/ios/12_2sr/system/messages/sm2sr08.html http://www.cisco.com/en/US/docs/ios/12_2sx/system/messages/sm2sx09.html Error Message %UTIL-3-IDTREE_TRACE : [chars] ExplanationA software error occurred, resulting in a data structure inconsistency. Recommended ActionCopy the message exactly as it appears on the console or in the system log. Research and attempt to resolve the issue using the tools and utilities provided at http://www.cisco.com/tac. With some messages, these tools and utilities will supply clarifying information. Also perform a search of the Bug Toolkit http://www.cisco.com/pcgi-bin/Support/Bugtool/home.pl. If you still require assistance, open a case with the Technical Assistance Center via the Internet http://tools.cisco.com/ServiceRequestTool/create, or contact your Cisco technical support representative and provide the representative with the gathered information. The other Google provided links may or may not be relevant as the error message is listed slightly different than UTIL-3-IDTREE_TRACE: SSM SEG freelist DB Vijay Ramcharan -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Paul Stewart Sent: October 20, 2008 11:46 To: cisco-nsp@puck.nether.net Subject: [c-nsp] %UTIL-3-IDTREE_TRACE: SSM SEG freelist DB Hi there... I just scanned Cisco's site and come up empty... got this weird message in our logs this morning on a 7206VXR-NPE2G: Oct 20 11:37:17: %UTIL-3-IDTREE_TRACE: SSM SEG freelist DB:Duplicate ID free for 11532219 (count = 2) -Traceback= 662444 6633DC 663B0C 2E1D644 2E1D7AC 17BCAA0 17A1FB0 17A56A4 17A5B08 It's running: Cisco IOS Software, 7200 Software (C7200P-ADVENTERPRISEK9-M), Version 12.2(33)SRC2, RELEASE SOFTWARE (fc2) Anyone have a clue what this means? Is it an IOS bug or some other type of error I should be concerned about? Best regards, Paul Stewart ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/ ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
[c-nsp] WCS on CentOS?
Currently, my Wireless Control System is running on an upgraded WLSE box that runs RHEL 4 (which came with the WLSE-WCS conversion) and version 5.0.56 of the WCS software. I'd like to move to the latest version but it requires RHEL 5. I don't have any RHEL licenses otherwise as I use CentOS for my server OS. WCS detects that I'm running CentOS and not RHEL and won't install. Is there any way that I can work around that? Failing that is there a way that I can upgrade the old RHEL 4 install? -- Jeff Ollie You know, I used to think it was awful that life was so unfair. Then I thought, wouldn't it be much worse if life were fair, and all the terrible things that happen to us come because we actually deserve them? So, now I take great comfort in the general hostility and unfairness of the universe. -- Marcus to Franklin in Babylon 5: A Late Delivery from Avalon ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
[c-nsp] ASR1002
We are looking for a replacement for our 7200 BRAS routers. The ASR1002 looks promising: - Dual IOS (Software Redundancy / Much easier upgrading) - Standaard 4 GE ports - 6-8 Mpps - Front to back airflow in stead of side air flow - Much hardware features like QOS / SBC / NBAR Anybody some experience in a production environment with the ASR1002 regarding stability / IOS bugs ? Rinse ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] WCS on CentOS?
I'm not sure if this will help, but try altering your /etc/redhat-release (yes, centos has such a thing) file to say redhat version 5 instead of centos version 5 before you install the WCS and see if you can trick it into installing. Change it back to Centos, when you are done installing it. I'm not sure about the exact text that goes in a Redhat 5.x /etc/redhat-release. You can look on a redhat 5.x box for an example... Good luck, -Danny -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Jeffrey Ollie Sent: Monday, October 20, 2008 12:06 PM To: Cisco Network Service Providers Subject: [c-nsp] WCS on CentOS? Currently, my Wireless Control System is running on an upgraded WLSE box that runs RHEL 4 (which came with the WLSE-WCS conversion) and version 5.0.56 of the WCS software. I'd like to move to the latest version but it requires RHEL 5. I don't have any RHEL licenses otherwise as I use CentOS for my server OS. WCS detects that I'm running CentOS and not RHEL and won't install. Is there any way that I can work around that? Failing that is there a way that I can upgrade the old RHEL 4 install? -- Jeff Ollie You know, I used to think it was awful that life was so unfair. Then I thought, wouldn't it be much worse if life were fair, and all the terrible things that happen to us come because we actually deserve them? So, now I take great comfort in the general hostility and unfairness of the universe. -- Marcus to Franklin in Babylon 5: A Late Delivery from Avalon ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/ ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] ASR1002
I've got one customer running a ASR 1006 and seems to be working just fine on their 100 mb metro-e link; running 12.2(33) XNA - using basic EIGRP and QoS features.. I've heard unconfirmed claims of some software instability but maybe there's more people out there who have run into them. On Mon, Oct 20, 2008 at 1:08 PM, Rinse Kloek (Solcon) [EMAIL PROTECTED] wrote: We are looking for a replacement for our 7200 BRAS routers. The ASR1002 looks promising: - Dual IOS (Software Redundancy / Much easier upgrading) - Standaard 4 GE ports - 6-8 Mpps - Front to back airflow in stead of side air flow - Much hardware features like QOS / SBC / NBAR Anybody some experience in a production environment with the ASR1002 regarding stability / IOS bugs ? Rinse ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/ ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] WCS on CentOS?
You have to do the same thing to trick HP agents to install on Centos: Edit /etc/redhat-release to contain: Red Hat Enterprise Linux Client release 5 (Tikanga) -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Loughlin, Daniel J. Sent: Monday, October 20, 2008 10:46 AM To: Jeffrey Ollie; Cisco Network Service Providers Subject: Re: [c-nsp] WCS on CentOS? I'm not sure if this will help, but try altering your /etc/redhat-release (yes, centos has such a thing) file to say redhat version 5 instead of centos version 5 before you install the WCS and see if you can trick it into installing. Change it back to Centos, when you are done installing it. I'm not sure about the exact text that goes in a Redhat 5.x /etc/redhat-release. You can look on a redhat 5.x box for an example... Good luck, -Danny -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Jeffrey Ollie Sent: Monday, October 20, 2008 12:06 PM To: Cisco Network Service Providers Subject: [c-nsp] WCS on CentOS? Currently, my Wireless Control System is running on an upgraded WLSE box that runs RHEL 4 (which came with the WLSE-WCS conversion) and version 5.0.56 of the WCS software. I'd like to move to the latest version but it requires RHEL 5. I don't have any RHEL licenses otherwise as I use CentOS for my server OS. WCS detects that I'm running CentOS and not RHEL and won't install. Is there any way that I can work around that? Failing that is there a way that I can upgrade the old RHEL 4 install? -- Jeff Ollie You know, I used to think it was awful that life was so unfair. Then I thought, wouldn't it be much worse if life were fair, and all the terrible things that happen to us come because we actually deserve them? So, now I take great comfort in the general hostility and unfairness of the universe. -- Marcus to Franklin in Babylon 5: A Late Delivery from Avalon ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/ ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/ ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] NMS for l2vpn service instance
have you tried zenoss? ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
[c-nsp] BGP load-sharing *and* redundancy across 2 routers
Hi all. I have a typical BGP loopback setup to my ISP. 4 links across 2 routers. 2 links on each router. Easy -- no problemo. Now, how can I get loopback address redundancy? I'm currently using Router A as my loopback address, with an iBGP to Router B, and multihop and maximum-paths set up. So Router A knows about all 4 links outbound. Now, if I lose Router A (crash, power-off, etc), I want Router B to pick up the peering of it's 2 links, and bring the BGP session back up. The only way that I can figure out is (1) Make the loopback address an HSRP across both routers (is that even possible or been done?), or (2) Just bring up sessions on both routers using the same Loopback address. I guess the right way is to use 2 different loopback addresses, one for each router, and bring up peers for both, and use MEDs or their community map to make them pref one way or another across each loopback peer (with myself using local-pref). Do you know of any Tier-1's that let you do this? Thanks in advance! Rob Gutierrez / Conviva Inc. ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] Conditional BGP
On Sun, Oct 19, 2008 at 10:46:31PM, Matt Carter wrote: the main problem i've seen with this is that a lot of providers are going to local pref their downstreams such that they are not using provider/peer links for traffic going to directly connected customers. given local pref beats as path length, you are likely going to get traffic bleeding over to your DR site from ISP A/B local networks.. Indeed -- you have to work with each provider to make sure you know what they're doing. In addition to prepending we also advertised a local-pref community to each peer so that they set the desired local-pref upon receiving a given route from us. -Terry ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] FWSM Static NAT gets stuck..
ok just had it happen again and i checked, and the correct arp entry was there... On Mon, Oct 20, 2008 at 10:58 AM, Ozgur Guler [EMAIL PROTECTED] wrote: Do you see the correct arp for the translation when it stops working? You might need to define a static arp with alias to fix it. --- On Mon, 20/10/08, Christian Koch [EMAIL PROTECTED] wrote: From: Christian Koch [EMAIL PROTECTED] Subject: [c-nsp] FWSM Static NAT gets stuck.. To: Cisco-nsp cisco-nsp@puck.nether.net Date: Monday, 20 October, 2008, 3:38 PM Hello All - Seeing an issue on FWSM running 3.2(4) code.. Where a static nat gets stuck, and the host becomes unreachable via both ingress/egress If i issue a clear xlate local x.x.x.x, this clears things up and connectivity is restored there are currently 2 hosts on the same network, yet this problem only occurs with one of them static (DMZ,OUTSIDE) 1.1.1.24 2.2.2.24 netmask 255.255.255.255 static (DMZ,OUTSIDE) 1.1.1.25 2.2.2.25 netmask 255.255.255.255 .24 is the one that becomes stuck, .25 is fine and never has a problem.. any ideas/possible bugs? thanks christian ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/ Send instant messages to your online friends http://uk.messenger.yahoo.com ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
[c-nsp] QOS for VOIP 1811
Can anyone tell me what's wrong with this configuration or a better way to do it? It doesn't appear to be working. 1811 - Cisco IOS Software, C181X Software (C181X-ADVENTERPRISEK9-M), Version 12.4(20)T, RELEASE SOFTWARE (fc3) 3500Kb/s bi-directional connection via PPPOE - trying to give VOIP priority. matching against destination IP address of a Session Border Controller.. class-map match-all Call-Signalling match access-group 155 class-map match-all Voice match access-group 155 ! ! policy-map VOIP class Voice priority 100 class Call-Signalling bandwidth 10 class class-default fair-queue random-detect interface FastEthernet0 bandwidth 3500 no ip address ip mtu 1492 ip nat outside ip virtual-reassembly ip tcp adjust-mss 1452 duplex auto speed auto pppoe enable group global pppoe-client dial-pool-number 1 service-policy output VOIP interface Dialer0 bandwidth 3500 ip address negotiated ip nat outside ip virtual-reassembly encapsulation ppp ip tcp adjust-mss 1452 load-interval 30 dialer pool 1 dialer-group 1 no cdp enable ppp authentication pap callin ppp pap sent-username xx service-policy output VOIP As you can see, I'm trying to match in two places to cover all bases.. Also cannot find a way to do an inbound service policy.. Of which is most likely my problem. If I hit peak traffic my voice quality gets bad.. Can someone suggest a better way? ;) I've tried applying the QOS policy on Vlan1 (hoping I would get traffic in and out of the router that way) and get this: demarc-psa(config-if)#service-policy output VOIP Configuration failed! It's marking the packets correctly but not keeping the voice quality intact: demarc-psa#sh policy-map interface FastEthernet 0 FastEthernet0 Service-policy output: VOIP queue stats for all priority classes: Queueing queue limit 64 packets (queue depth/total drops/no-buffer drops) 0/0/0 (pkts output/bytes output) 724224/228059272 Class-map: Voice (match-all) 732132 packets, 230445897 bytes 5 minute offered rate 8 bps, drop rate 0 bps Match: access-group 155 Priority: 100 kbps, burst bytes 2500, b/w exceed drops: 0 Class-map: Call-Signalling (match-all) 56 packets, 42988 bytes 5 minute offered rate 0 bps, drop rate 0 bps Match: access-group 155 Queueing queue limit 64 packets (queue depth/total drops/no-buffer drops) 0/0/0 (pkts output/bytes output) 56/42988 bandwidth 10 kbps Class-map: class-default (match-any) 3392831 packets, 378440929 bytes 5 minute offered rate 0 bps, drop rate 0 bps Match: any Queueing queue limit 64 packets (queue depth/total drops/no-buffer drops/flowdrops) 0/0/0/0 (pkts output/bytes output) 3392833/378442341 Fair-queue: per-flow queue limit 16 Exp-weight-constant: 9 (1/512) Mean queue depth: 0 packets class Transmitted Random drop Tail/Flow drop Minimum Maximum Mark pkts/bytespkts/bytes pkts/bytesthresh thresh prob 0 3389220/378170759 0/0 0/0 2040 1/10 1 0/0 0/0 0/0 2240 1/10 2 0/0 0/0 0/0 2440 1/10 3 0/0 0/0 0/0 2640 1/10 4 0/0 0/0 0/0 2840 1/10 5 0/0 0/0 0/0 3040 1/10 63613/271582 0/0 0/0 3240 1/10 7 0/0 0/0 0/0 3440 1/10 Thanks in advance, Paul ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
[c-nsp] Strange cache flow seen on SB release for PPPoE/A connections
Hi All, Another interesting thing about the SB release we're using has to do with flows. After upgrading to the SB release (12.2(31)SB13) on a few production 7301 routers we noticed the usage was down for our PPPoE/A customers connecting to that router. Based on historical data, one PPPoE/A business customer would download 1-2G/day but after the upgrade to the SB release, they are now only doing 200-300M/day. Further investigation showed that the SB release were sending some flows to Null as the destination interface and this is probably why flows were not being collected properly. Here's an example of what I mean with me downloading something using the SB release. router#sh ip cache flow | inc 210.15.230.84 SrcIf SrcIPaddressDstIf DstIPaddressPr SrcP DstP Pkts Gi0/0.11 216.239.113.224 Vi3.2 210.15.230.84 06 0050 0753 1 Gi0/0.11 216.239.122.60 Null 210.15.230.84 06 0050 0792 6199 Vi3.2 210.15.230.84 Gi0/0.11* 216.239.122.60 06 0792 0050 3206 Vi3.2 210.15.230.84 Gi0/0.11 216.239.122.60 06 0792 0050 3206 Vi3.2 210.15.230.84 Gi0/0.11 216.239.113.224 06 0753 0050 2 Vi3.2 210.15.230.84 Gi0/0.11* 216.239.113.224 06 0753 0050 2 You can see that a download from 216.239.122.60 is being sent to the Null interface instead of to the Virtual-Access interface. And looking at our collector, no flows were collected for this download session. Also not sure why there appears to be duplicate flows, one with w/o a STAR and one with a STAR for some flows. We thought it might have something to do with the Virtual-Template as we were use to having ip route-cache flow enabled on it. But the SB release removes this command. Our PPP config looks like this: bba-group pppoe global virtual-template 2 ! interface GigabitEthernet0/1.21 description DSLAM VLAN encapsulation dot1Q 21 ip flow ingress pppoe enable group global ! interface Virtual-Template2 bandwidth 1500 ip unnumbered Loopback0 ip flow ingress ip tcp adjust-mss 1412 peer default ip address pool PPP-ADSL ppp mtu adaptive ppp authentication chap pap PPPCustomers ppp authorization PPPCustomers ppp accounting PPPCustomers ppp chap hostname PPP-VIC What we then discovered was that with the SB release we needed to add ip flow egress to the Virtual-Template to be able to capture flows properly. I had read somewhere that this appears to be work around for not being able to have ip route-cache flow on the Virtual-Template. Flows appear to be collecting properly now with both ip flow ingress and ip flow egress applied to the Virtual-Template. We're seeing two flows now, one going to Null and another going to the correct Virtual-Access interface for my download from 216.239.113.112. Without the ip flow egress in the Virtual-Template, the flow would go just to the Null interface. router#sh ip cache flow | inc 210.15.230.84 Gi0/0.11 74.80.127.24Vi3.2 210.15.230.84 06 0050 0AC6 1 Gi0/0.11 74.80.127.24Vi3.2*210.15.230.84 06 0050 0AC6 1 Gi0/0.11 216.239.113.112 Vi3.2*210.15.230.84 06 0050 0B13 6199 Gi0/0.11 216.239.113.112 Null 210.15.230.84 06 0050 0B13 6199 Vi3.2 210.15.230.84 Gi0/0.11 74.80.127.2406 0AC6 0050 1 Vi3.2 210.15.230.84 Gi0/0.11 216.239.113.112 06 0B13 0050 3166 I'm still puzzled as to what the STAR means in the flow and why there appears to be two duplicate flows. Any ideas??? This is also a PE router so not sure if MPLS has anything to do with it. Also, as discussed above we've had to apply both ip flow ingress and ip flow egress to the Virtual-Template for flows to be collected properly. How should I be collecting flows on the Virtual-Template?? Thanks in advance. Andy This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. Please notify the sender immediately by email if you have received this email by mistake and delete this email from your system. Please note that any views or opinions presented in this email are solely those of the author and do not necessarily represent those of the organisation. Finally, the recipient should check this email and any attachments for the presence of viruses. The organisation accepts no liability for any damage caused by any virus transmitted by this email. ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] QOS for VOIP 1811
Hi Paul, If I understand well, you're doing VoIP over a PPPoE link. I never tried such a configuration (does not mean it should not work, just I never had the chance to have to implement it), but as you're mentionning that voice quality is not good, I would consider: 1) First thing very surprising to me is your class maps definitions: both use the very same matches (match access-group 155 for Voice and Signalling). This sounds as incompatible for me as you can not define that signalling is matching one ACL, and that VoIP RTP streams is matching the exactly same ACL - that is the same source/destination addresses and ports. Try to split RTP and signalling into two different ACLs. You're using an SBC which can perform the B2BUA behavior for both SIP signalling and RTP flows I guess, then the following should be better (if your LAN net is 172.16.100.0/24 and your SBC is at 192.168.200.200): ip access-list extended aclVoipSignalling permit udp 172.16.100.0 0.0.0.255 eq 5060 host 192.168.200.200 eq 5060 ip access-list extended aclVoipRTP permit udp 172.16.100.0 0.0.0.255 host 192.168.200.200 class-map match-all Call-Signalling match access-group name aclVoipSignalling class-map match-all Voice match access-group name aclVoipRTP match not access-group name aclVoIPSignalling This way you ensures that class map Voice excludes SIP signalling. You can also add a deny udp on ports 5060 in the ACL directly. This is a more philosophical question now. However this should not explain (to me) why your show policy-map displays some traffic flowing in your Call-Signalling class ((pkts output/bytes output) 56/42988) 2) If 1 does not solve your problem. If your codec is G.711, increasing the bandwidth reserved in your LLQ (priority command) to (let say) 120kbps. PPPoE adds additional headers and headers are considered in reserved/guaranteed bandwidths. If problem is solved, then you can start to compute the exact value to allocate by knowing the codec, packetization rate, IP+UDP+RTP headers, PPPoE headers. It's too early here now to start for me computing this value (06:45am). 3) If 2 does not solve your problem. If your codec is G.711, ensure that only one call is flowing over your PPPoE link. A second call would degrade the overall quality of both calls, as the priority would police the traffic exceeding 100kbps. Good luck in your troubleshoot and let us know. Cheers, Y. ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/