Re: [c-nsp] L2VPN Interworking
the success rate is about (930/1000) and as i told u the MTU is configured on the ATM link to be 1500 the physical links are not congested what else can i add or modify to solve this issue ?? Subject: RE: [c-nsp] L2VPN Interworking Date: Tue, 11 Nov 2008 09:11:42 +0100 From: [EMAIL PROTECTED] To: [EMAIL PROTECTED]; cisco-nsp@puck.nether.net What does it mean - remarkable? If it's 100% then it *might* be related to MTU. If it's 100% (at least a few packets pass) then it's *not* MTU related. Check links, queues, ATM... ? -- deejay Dears i have the following setup: CE1 -- PE1 -- MPLS Cloud -- PE2 -- CE2 PE1 is 7609 and has the IOS image c7600rsp72043-advipservices-mz.122- 33.SRD.bin PE2 is a VXR G2 and has the IOS image c7200p-spservicesk9-mz.122- 33.SRC1.bin CE1 -- PE1 is ATM connection CE2 -- PE2 Vlan connection (Sub interface) i have established xconnect between the 2 sides the xconnect is up and there is a ping between the 2 sides but the problem is in the size when i issue the command ping x.x.x.x repeat 1000 size 1500 i face remarkable packet drop !! any ideas ?? knowing that there is no congestion at all in my links nor through the MPLS cloud _ News, entertainment and everything you care about at Live.com. Get it now! http://www.live.com/getstarted.aspx ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] 6500-sup-stdby
ambedkar wrote: Hi, i am using cisco 6509 with two sup engines. sup1 is main and sup2 is standby. The problem is sup2 is not booting automatically when the system is switched ON. it is going to rommon mode, where we have to type boot command so that it will boot. after booting, boot variable is missing. if we set the boot variable,it will show the boot variable but it is temporary. Again we switched OFF and ON, The same situation is there. i tried lot, please help me. some details are here... I had that on a sup720 once, it turned out that the onboard battery was dead. -- Peter Taphouse Bytemark Hosting http://www.bytemark-hosting.co.uk tel. +44 (0) 845 004 3 004 ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
[c-nsp] Upgrading edge router
Hi all, I am network admin in university that have a UNIX PC that functions as core router and firewall to accomodate : - 2 x 45 Mb link to research education network (REN) - 100Mb link to local exchange point - 10Mb link to Internet Currently we accept partial route from Internet, and aggregated with REN prefixes, we have at least 30k prefixes. We would like to upgrade our router to accomodate : - new STM-1 link (physical connector is not STM1 port, but it is converted to Gigeth by our telco) - at least 4 1000BaseT port - firewall feature (packet filter and inspection) would be nice - IPv6 multicast and MPLS feature - can keep up the load at least for 5 years - budget around $35k I have done some research, and our choice could come to : - Cisco 7603 with Sup32. I think this is the cheapest solution with 8 port gigabit ethernet, but I don't know whether it could handle the load. I also see it as integrated packet inspection with PISA daughterboard, but I don't have any experience with that. The supervisor is a bit old compared to ASR1000. - Cisco ASR1002 with ESP-5G. Newer supervisor and enhanced with packet inspection, but I don't know whether it can suit the budget. - Juniper M7i with 2 x 1Gbps SFP port. It has better OS (but I haven't compare it to Cisco IOS-XE in ASR1000), but it doesn't have 4 gigabit ports, and separate AS module can cost you too much. I don't know whether it suits the budget. - Foundry NetIron MLX-4 with 20 port 1000BaseT. I haven't had experience with this box, but the specs looks promising, and maybe it suits the budget. I would like your suggestion about my plan above, perhaps I can come out with better plan. Thank you, Regards, -affan ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] 7513 - RSP4 - 122-25.S15 - MLPPP / Dcef Weirdness
On Tue, 11 Nov 2008, Gregory Boehnlein wrote: Isn't 12.2(25)S really really not recommended on 7500? I seem to remember several exchanges where this was mentioned by cisco people here. I'm going to look through the list archives and see if I can find those references. Everything that I've seen revolves around earlier iterations of the code, not the S15 release that has been out for a year. I'm happy to consider upgrading to a different IOS version.. just looking for recommendations on what I should be looking at for a 7515 w/ Dual RSP 4+, 5 VIP cards and the need for LLQ, OSPF, BGP, VLANs, MLPPP etc.. My recommendation would be whatever number of 7206's are necessary to handle the interfaces you're running on those 5 VIPs :) I used to run somewhat earlier 12.2S on a couple of dual-RSP4 7500s, and they weren't quite stable (periodic dCEF bugs). IIRC, the cisco guys on-list used to recommend sticking with 12.0S on the 7500. -- Jon Lewis | I route Senior Network Engineer | therefore you are Atlantic Net| _ http://www.lewis.org/~jlewis/pgp for PGP public key_ ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] 7513 - RSP4 - 122-25.S15 - MLPPP / Dcef Weirdness
On Tuesday 11 November 2008 09:24:33 Gregory Boehnlein wrote: I'm going to look through the list archives and see if I can find those references. Everything that I've seen revolves around earlier iterations of the code, not the S15 release that has been out for a year. Hmm, is there a better search for the archives than using Marc.info or similar? I'm happy to consider upgrading to a different IOS version.. just looking for recommendations on what I should be looking at for a 7515 w/ Dual RSP 4+, 5 VIP cards and the need for LLQ, OSPF, BGP, VLANs, MLPPP etc.. See http://marc.info/?l=cisco-nspm=113154141708694w=2 for Rodney's take on it a while back. Recent releases of 12.0S support SSO HA. Whether they support the other features you need, I don't know, and I don't particularly trust Feature Navigator for 12.xS releases (especially since some of the latest releases, at least when I checked a while back, don't even show up in FN). ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] 7513 - RSP4 - 122-25.S15 - MLPPP / Dcef Weirdness
Gregory Boehnlein wrote: Isn't 12.2(25)S really really not recommended on 7500? I seem to remember several exchanges where this was mentioned by cisco people here. I'm going to look through the list archives and see if I can find those references. Everything that I've seen revolves around earlier iterations of the code, not the S15 release that has been out for a year. I'm happy to consider upgrading to a different IOS version.. just looking for recommendations on what I should be looking at for a 7515 w/ Dual RSP 4+, 5 VIP cards and the need for LLQ, OSPF, BGP, VLANs, MLPPP etc.. I've been very happy with 12.0(27)S5 for MLPPP, LLQ, OSPF, BGP, MPLS. VLANs could be an issue - we had problems with subinterfaces not being fully CEF-switched in earlier 12.0(27)S releases and abandoned that configuration. SSO is quite good. It'd be 100% stable if it weren't for VIP2-50s having memory issues and bombing out occasionally, but that's not a code issue. Lucky guess, the first two routers I checked have uptimes of 2y13w. I've been somewhat happy with 12.0(32)S[7,8,10] for simple core routing. MPLS Traffic Engineering is garbage, at least when talking to GSRs, and we've now officially abandoned MPLS TE on 7507s entirely. That said, I like Jon Lewis' suggestion to switch to enough 7206s to carry the PAs you're using. Single forwarding engine on a clean, very well baked architecture means simple and reliable. We're moving to 7206s for CT3 aggregation, GSRs for DS3 and OCx, and 6500/7600/Sup720-3BXL for Ethernet. pt ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] 7513 - RSP4 - 122-25.S15 - MLPPP / Dcef Weirdness
On Tuesday 11 November 2008 10:19:39 Lamar Owen wrote: See http://marc.info/?l=cisco-nspm=113154141708694w=2 for Rodney's take on it a while back. Also see http://marc.info/?l=cisco-nspm=116645064330255w=2 and http://marc.info/?l=cisco-nspm=113340513407711w=2 and http://marc.info/?l=cisco-nspm=113145616327633w=2 In essence: plain 12.2S isn't recommended (on any platform, unless I'm misunderstanding things, not just 7500); 12.2SB and others (SX, SR, etc) perhaps. ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] OIR in 6500/7600
Phil Mayers wrote: I can certainly state from experience that SXF BFD is highly unreliable with short timers (making it more or less useless). I have a particular 2821 dual-homed to 2 7600s that has a BFD event 6-8 times a day. I can't correlate it to high CPU on either side or a noticeable increase in traffic. The settings were 50/50x3. I raised them to 50/500x3 yesterday and haven't seen any more hiccups. Does SRB support BFD on SVIs? SRB and SRB1 both support BFD on SVIs. My understanding is that anything later removes that working feature. (see past posts about it from Gert and myself... :-( ). Email your account team weekly if you want to ever see that feature again. Justin ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
[c-nsp] Standby FWSM not responding to mgmt ssh
My standby FWSM all of a sudden stopped accepting inbound ssh (so says RANCID, which is no complaining incessantly). Short of a reboot, is there a quick fix for this? ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] 6500-sup-stdby
Also, make sure the flash was formatted by the chassis its currently in. There was an issue where, if formatted in another chassis, the flash could be read, but not booted from, resulting in a boot to rommon where you have to manually enter the boot command. --Pete On Tue, Nov 11, 2008 at 1:15 AM, ambedkar [EMAIL PROTECTED] wrote: Hi, i am using cisco 6509 with two sup engines. sup1 is main and sup2 is standby. The problem is sup2 is not booting automatically when the system is switched ON. it is going to rommon mode, where we have to type boot command so that it will boot. after booting, boot variable is missing. if we set the boot variable,it will show the boot variable but it is temporary. Again we switched OFF and ON, The same situation is there. i tried lot, please help me. some details are here... Before sup2: CAT_1 (enable) sh mod Mod Slot Ports Module-Type Model Sub Status --- - - --- --- - --- 1 12 1000BaseX Supervisor WS-X6K-S2U-MSFC2yes ok 15 11 Multilayer Switch Feature WS-F6K-MSFC2no ok 3 34810/100BaseTX Ethernet WS-X6348-RJ-45 yes ok 9 98 1000BaseX EthernetWS-X6408A-GBIC no ok After sup2: CAT_1 (enable) sh mod Mod Slot Ports Module-Type Model Sub Status --- - - --- --- - --- 1 12 1000BaseX Supervisor WS-X6K-S2U-MSFC2yes ok 15 11 Multilayer Switch Feature WS-F6K-MSFC2no ok 2 22 1000BaseX Supervisor WS-X6K-S2U-MSFC2yes standby 16 21 Multilayer Switch Feature WS-F6K-MSFC2no ok 3 34810/100BaseTX Ethernet WS-X6348-RJ-45 yes ok 9 98 1000BaseX EthernetWS-X6408A-GBIC no ok bye. ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/ ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] not understand some command
ip classless , This command allows the software to forward packets that are destined for unrecognized subnets of directly connected networks. The packets are forwarded to the best supernet route. ip proxy-arp , Proxy ARP is the technique in which one host, usually a router, answers ARP requests intended for another machine. By faking its identity, the router accepts responsibility for routing packets to the real destination. Proxy ARP can help machines on a subnet reach remote subnets without the need to configure routing or a default gateway. network-clock-participate , To allow the ports on a specified network module or voice/WAN interface card (VWIC) to use the network clock for timing, use the network-clock-participate command in global configuration mode. To restrict the device to use only its own clock signals, use the no form of this command. Date: Tue, 11 Nov 2008 07:57:46 -0500 From: [EMAIL PROTECTED] To: cisco-nsp@puck.nether.net Subject: [c-nsp] not understand some command Hi I am in new cisco I don't understand the different between ip classless and ip classful and why don't need those commands no network-clock-participate slot 1 no network-clock-participate slot 2 no network-clock-participate wic 0 no network-clock-participate wic 1 no network-clock-participate wic 2 no network-clock-participate aim 0 no network-clock-participate aim 1 and What is ip proxy-arp? why don't need it? Thank you - Ask a question on any topic and get answers from real people. Go to Yahoo! Answers. ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/ _ Connect to the next generation of MSN Messenger http://imagine-msn.com/messenger/launch80/default.aspx?locale=en-ussource=wlmailtagline ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
[c-nsp] ISIS / NSF IOS XR
I configured NSF under ISIS initially them removed it. Still shows NSF 'YES'; anyone seen this ? restarted ISIS process, cleared it nothing This is IOS XR 3.6.1 and 3.6.0 both same condition. RP/0/9/CPU0:P1#sh isis adjacency IS-IS NP Level-2 adjacencies: System Id InterfaceSNPA State Hold Changed NSF BFD P2 Gi0/1/1/8*PtoP* Up27 01:31:58 Yes None PE1Gi0/1/1/0*PtoP* Up29 01:32:04 Yes None PE1Gi0/1/1/1*PtoP* Up26 01:31:59 Yes None P3 PO0/0/0/0*PtoP* Up29 01:32:00 Yes None router isis NP set-overload-bit on-startup 300 is-type level-2-only net 49.0001.1921.1813.6001.00 log adjacency changes address-family ipv4 unicast metric-style wide ! interface Loopback0 passive address-family ipv4 unicast ! ! interface GigabitEthernet0/1/1/0 point-to-point hello-password keychain NP-ISIS address-family ipv4 unicast metric 10 ! ! interface GigabitEthernet0/1/1/1 point-to-point hello-password keychain NP-ISIS address-family ipv4 unicast metric 10 ! ! interface GigabitEthernet0/1/1/8 point-to-point hello-password keychain NP-ISIS address-family ipv4 unicast metric 10 mpls ldp sync ! ! interface POS0/0/0/0 hello-password keychain NP-ISIS address-family ipv4 unicast metric 100 ! ! ! ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
[c-nsp] HA / SSO - IOS XR 3.6.1
Q. SSO on GSR IOS XR is default? I have *not configured* LDP GR, NSF IETF on my IOS XR router; when RP failover occurs it does not see any packet loss; puzzled. LAB : PE1 (7606) -- P1 (GSR XR) -- P2 -- (GSR XR) -- PE3 (7606) PE1#sh mpls ld graceful-restart LDP Graceful Restart is disabled Neighbor Liveness Timer: 120 seconds Max Recovery Time: 120 seconds Forwarding State Holding Time: 600 seconds I reloaded the RP on P1; traffic goes through no packet loss. good but how? RP/0/9/CPU0:P1#sh mpls ldp graceful-restart RP/0/9/CPU0:P1# RP/0/8/CPU0:P2#sh mpls ldp graceful-restart RP/0/8/CPU0:P2# RP/0/9/CPU0:P1#sh mpls ldp neighbor br Peer GR Up Time Discovery Address - -- --- - --- 10.10.136.128:0 N 02:21:263 10 10.10.136.2:0 N 02:21:042 6 10.10.136.3:0 N 02:21:002 9 RP/0/9/CPU0:P1# RP/0/9/CPU0:P1#sh isis neighbors IS-IS NRP neighbors: System Id InterfaceSNPA State Holdtime Type IETF-NSF P2 Gi0/1/1/8*PtoP* Up25 L2 Capable PE1Gi0/1/1/0*PtoP* Up24 L2 Capable PE1Gi0/1/1/1*PtoP* Up27 L2 Capable P3 PO0/0/0/0*PtoP* Up25 L2 Capable PE1#ping Protocol [ip]: Target IP address: pe3 Repeat count [5]: 5 Datagram size [100]: Timeout in seconds [2]: Extended commands [n]: Sweep range of sizes [n]: Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to 10.10.136.130, timeout is 2 seconds: !! !! !! !! !! !! Success rate is 100 percent (5/5), round-trip min/avg/max = 1/1/92 ms ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] 6500-sup-stdby
Check to make sure the exact same image is on the bootflash of both supervisors. I've seen it where the primary sup boots up and when it tries to boot the second, the image is not available and it will sit in rommon. The boot variable from the primary is passed to the second and if it can't find the exact same image file, it will not boot. On Tue, Nov 11, 2008 at 3:31 AM, Peter Taphouse [EMAIL PROTECTED] wrote: ambedkar wrote: Hi, i am using cisco 6509 with two sup engines. sup1 is main and sup2 is standby. The problem is sup2 is not booting automatically when the system is switched ON. it is going to rommon mode, where we have to type boot command so that it will boot. after booting, boot variable is missing. if we set the boot variable,it will show the boot variable but it is temporary. Again we switched OFF and ON, The same situation is there. i tried lot, please help me. some details are here... I had that on a sup720 once, it turned out that the onboard battery was dead. -- Peter Taphouse Bytemark Hosting http://www.bytemark-hosting.co.uk tel. +44 (0) 845 004 3 004 ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/ ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
[c-nsp] Best practices/security feature mix for host ports
Hello, I have been recently doing some random research on mixes of security features (Well, not specifically security features, I suppose) but I guess port configurations. Such as setting the switchport type to host, enabling bpdufilter/bpduguard, loopguard, storm-control, etc. Does anyone have any anecdotal tales about what has worked for you, what hasn't worked for you, etc. (this is for the access layer, where hosts are connecting to switches but we don't necessarily have control over what these hosts do.) Any thoughts would be great. -Drew ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
[c-nsp] not understand some command
Hi I am in new cisco I don't understand the different between ip classless and ip classful and why don't need those commands no network-clock-participate slot 1 no network-clock-participate slot 2 no network-clock-participate wic 0 no network-clock-participate wic 1 no network-clock-participate wic 2 no network-clock-participate aim 0 no network-clock-participate aim 1 and What is ip proxy-arp? why don't need it? Thank you - Ask a question on any topic and get answers from real people. Go to Yahoo! Answers. ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
[c-nsp] Nexus 7000 fiber 1GBit linecard.
Hello list, We're interested in the Nexus 7000 platform but we're wondering if fiber 1GBit linecard is going to be available anytime soon ? Thanks in advance. Regards Juan ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] Upgrading edge router
Thank you for your prompt response, I would like to know a thing about ASR1000 software components : - It says on ASR1000 software ordering guide (http://www.cisco.com/en/US/prod/collateral/routers/ps9343/product_bulletin_c07-448862.html) that there is a FPM (flexible packet matching) service license and Firewall service license. I would like to know the difference between two license, since the latter cost the double from the former. - What version of IOS-XE is integrated in ASR1000 bundle ? Is it IP Base or Advanced IP Services ? I would like to run IPv6 on the router, so the router will need Advanced IP Services IOS. Regards, -affan On Tue, Nov 11, 2008 at 6:08 PM, Ben Steele [EMAIL PROTECTED] wrote: I'd try and go the ASR1002 option, it shouldn't be too far off your 35k budget without smartnet, although i'd recommend maintenance on the software as you will want access to TAC for bugs, also if you can option in the HA feature so you can get ISSU. With 5Gb of throughput, dual psu and 4Gb(SFP) int's out the box with room for expansion it's good bang for buck, the ASR is really aimed as the next generation 7200 swiss army knife, being a software based feature platform rather than a hardware(ie 7600/6500) it's a welcome new product and you should see good life out of it, it has some limitations in its current form, the only one that may concern you with your list that I can think of is lack of AToM MPLS support, but that is due out in upcoming software release. Put the quagga to rest! :) -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Affan Basalamah Sent: Tuesday, 11 November 2008 9:19 PM To: cisco-nsp@puck.nether.net Subject: [c-nsp] Upgrading edge router Hi all, I am network admin in university that have a UNIX PC that functions as core router and firewall to accomodate : - 2 x 45 Mb link to research education network (REN) - 100Mb link to local exchange point - 10Mb link to Internet Currently we accept partial route from Internet, and aggregated with REN prefixes, we have at least 30k prefixes. We would like to upgrade our router to accomodate : - new STM-1 link (physical connector is not STM1 port, but it is converted to Gigeth by our telco) - at least 4 1000BaseT port - firewall feature (packet filter and inspection) would be nice - IPv6 multicast and MPLS feature - can keep up the load at least for 5 years - budget around $35k I have done some research, and our choice could come to : - Cisco 7603 with Sup32. I think this is the cheapest solution with 8 port gigabit ethernet, but I don't know whether it could handle the load. I also see it as integrated packet inspection with PISA daughterboard, but I don't have any experience with that. The supervisor is a bit old compared to ASR1000. - Cisco ASR1002 with ESP-5G. Newer supervisor and enhanced with packet inspection, but I don't know whether it can suit the budget. - Juniper M7i with 2 x 1Gbps SFP port. It has better OS (but I haven't compare it to Cisco IOS-XE in ASR1000), but it doesn't have 4 gigabit ports, and separate AS module can cost you too much. I don't know whether it suits the budget. - Foundry NetIron MLX-4 with 20 port 1000BaseT. I haven't had experience with this box, but the specs looks promising, and maybe it suits the budget. I would like your suggestion about my plan above, perhaps I can come out with better plan. Thank you, Regards, -affan ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/ No virus found in this incoming message. Checked by AVG - http://www.avg.com Version: 8.0.175 / Virus Database: 270.9.0/1779 - Release Date: 10/11/2008 7:53 AM ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] 7513 - RSP4 - 122-25.S15 - MLPPP / Dcef Weirdness
The two games in town for 75xx will be: 12.0(32)S(x) rebuild -- more HA features 12.4(latest) mainline until full EoS for the platform. I wouldn't recommned any other train at this point for the platform even if the code is available. Rodney On Tue, Nov 11, 2008 at 09:33:15AM -0600, Pete Templin wrote: Gregory Boehnlein wrote: Isn't 12.2(25)S really really not recommended on 7500? I seem to remember several exchanges where this was mentioned by cisco people here. I'm going to look through the list archives and see if I can find those references. Everything that I've seen revolves around earlier iterations of the code, not the S15 release that has been out for a year. I'm happy to consider upgrading to a different IOS version.. just looking for recommendations on what I should be looking at for a 7515 w/ Dual RSP 4+, 5 VIP cards and the need for LLQ, OSPF, BGP, VLANs, MLPPP etc.. I've been very happy with 12.0(27)S5 for MLPPP, LLQ, OSPF, BGP, MPLS. VLANs could be an issue - we had problems with subinterfaces not being fully CEF-switched in earlier 12.0(27)S releases and abandoned that configuration. SSO is quite good. It'd be 100% stable if it weren't for VIP2-50s having memory issues and bombing out occasionally, but that's not a code issue. Lucky guess, the first two routers I checked have uptimes of 2y13w. I've been somewhat happy with 12.0(32)S[7,8,10] for simple core routing. MPLS Traffic Engineering is garbage, at least when talking to GSRs, and we've now officially abandoned MPLS TE on 7507s entirely. That said, I like Jon Lewis' suggestion to switch to enough 7206s to carry the PAs you're using. Single forwarding engine on a clean, very well baked architecture means simple and reliable. We're moving to 7206s for CT3 aggregation, GSRs for DS3 and OCx, and 6500/7600/Sup720-3BXL for Ethernet. pt ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/ ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
[c-nsp] PPPoE over VRF
I'm planning on terminating PPPoW sessions into a VRF , connected to a specific vlan instance and transporting the traffic to them via ethernet. how can i get the sessions to be inserted into the VRF correctly _ Invite your mail contacts to join your friends list with Windows Live Spaces. It's easy! http://spaces.live.com/spacesapi.aspx?wx_action=createwx_url=/friends.aspxmkt=en-us ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] Standby FWSM not responding to mgmt ssh
I believe we have run into a similar issue in the past. I think it was something to do with the FWSM not releasing prior sessions and eventually being unable to support additional mgmt sessions. I think the bug is CSCsd67334. At least that's what it looks like from what I remember. I do remember that the FWSM had to be reloaded to clear the sessions. Vijay Ramcharan -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of matthew zeier Sent: November 11, 2008 12:06 To: cisco-nsp@puck.nether.net Subject: [c-nsp] Standby FWSM not responding to mgmt ssh My standby FWSM all of a sudden stopped accepting inbound ssh (so says RANCID, which is no complaining incessantly). Short of a reboot, is there a quick fix for this? ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/ __ This e-mail has been scanned by Verizon Managed Email Content Service, using Skeptic(tm) technology powered by MessageLabs. For more information on Verizon Managed Email Content Service, visit http://www.verizonbusiness.com. __ ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
[c-nsp] RPSL Popularity and Usage
Hello Just wanted to ask how must is Internet Routing Registry used with RPSL currently on the Internet? Do a lot of providers still rely on that to create configurations or is that just more of a documentation process that doesn't get updated after the first use? Thank you for your input. Tom ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] 7513 - RSP4 - 122-25.S15 - MLPPP / Dcef Weirdness
On Monday 10 November 2008 11:05:03 Gregory Boehnlein wrote: Hello, Over the weekend, we updated one of our 7513s from 12.2.25S12 to the 12.2.25S15. The driver behind this was service policies used for LLQ dropping from interfaces, causing all sorts of havoc w/ our voice prioritization. The thought was that moving to the more current issue would address this. It did not. Isn't 12.2(25)S really really not recommended on 7500? I seem to remember several exchanges where this was mentioned by cisco people here. ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] RPSL Popularity and Usage
We totally rely on RADB in particular .. all our peering and customer BGP sessions are filtered against it's data. It's not bulletproof by any means but a reasonable method of filtering IP blocks in my opinion... Paul -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of [EMAIL PROTECTED] Sent: November 11, 2008 4:29 PM To: cisco-nsp@puck.nether.net Subject: [c-nsp] RPSL Popularity and Usage Hello Just wanted to ask how must is Internet Routing Registry used with RPSL currently on the Internet? Do a lot of providers still rely on that to create configurations or is that just more of a documentation process that doesn't get updated after the first use? Thank you for your input. Tom ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/ ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] RPSL Popularity and Usage
What are your thoughts on how much routing detail to put in there in terms of security? Thanks Tom -Original Message- From: Paul Stewart [mailto:[EMAIL PROTECTED] Sent: Tuesday, November 11, 2008 3:39 PM To: Kacprzynski, Tomasz; cisco-nsp@puck.nether.net Subject: RE: [c-nsp] RPSL Popularity and Usage We totally rely on RADB in particular .. all our peering and customer BGP sessions are filtered against it's data. It's not bulletproof by any means but a reasonable method of filtering IP blocks in my opinion... Paul -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of [EMAIL PROTECTED] Sent: November 11, 2008 4:29 PM To: cisco-nsp@puck.nether.net Subject: [c-nsp] RPSL Popularity and Usage Hello Just wanted to ask how must is Internet Routing Registry used with RPSL currently on the Internet? Do a lot of providers still rely on that to create configurations or is that just more of a documentation process that doesn't get updated after the first use? Thank you for your input. Tom ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/ ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] RPSL Popularity and Usage
Anything that someone with a bit of BGP knowledge can figure out would be ok to include - does that answer your actual question? ;) We're a service provider so anything you can find out about us with RADB would be the same (if not less) than you can figure out from us with some BGP tables... -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Sent: November 11, 2008 4:42 PM To: [EMAIL PROTECTED]; cisco-nsp@puck.nether.net Subject: RE: [c-nsp] RPSL Popularity and Usage What are your thoughts on how much routing detail to put in there in terms of security? Thanks Tom -Original Message- From: Paul Stewart [mailto:[EMAIL PROTECTED] Sent: Tuesday, November 11, 2008 3:39 PM To: Kacprzynski, Tomasz; cisco-nsp@puck.nether.net Subject: RE: [c-nsp] RPSL Popularity and Usage We totally rely on RADB in particular .. all our peering and customer BGP sessions are filtered against it's data. It's not bulletproof by any means but a reasonable method of filtering IP blocks in my opinion... Paul -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of [EMAIL PROTECTED] Sent: November 11, 2008 4:29 PM To: cisco-nsp@puck.nether.net Subject: [c-nsp] RPSL Popularity and Usage Hello Just wanted to ask how must is Internet Routing Registry used with RPSL currently on the Internet? Do a lot of providers still rely on that to create configurations or is that just more of a documentation process that doesn't get updated after the first use? Thank you for your input. Tom ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/ ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] PPPoE over VRF
We use Radius to place the PPPoX connection into the appropriate VRF. Your Radius config will look something similar to this. mplstest Password = network Service-Type = Framed-User, Framed-Protocol = PPP, Framed-Address = A.B.C.D, Framed-Netmask = 255.255.255.255, cisco-avpair=ip:vrf-id=NSTEST, cisco-avpair=ip:ip-unnumbered=lo100 cisco-avpair=ip:route=vrf NSTEST 192.168.1.0 255.255.255.0 203.17.103.50 Here I've set up Radius to accept the username of mplstest and place it into the VRF of NSTEST. Cheers. Andy -Original Message- Date: Tue, 11 Nov 2008 14:31:28 +0200 From: Mohammad Khalil [EMAIL PROTECTED] mailto:[EMAIL PROTECTED] Subject: [c-nsp] PPPoE over VRF To: cisco-nsp@puck.nether.net mailto:cisco-nsp@puck.nether.net Message-ID: [EMAIL PROTECTED] mailto:[EMAIL PROTECTED] Content-Type: text/plain; charset=windows-1256 I'm planning on terminating PPPoW sessions into a VRF , connected to a specific vlan instance and transporting the traffic to them via ethernet. how can i get the sessions to be inserted into the VRF correctly This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. Please notify the sender immediately by email if you have received this email by mistake and delete this email from your system. Please note that any views or opinions presented in this email are solely those of the author and do not necessarily represent those of the organisation. Finally, the recipient should check this email and any attachments for the presence of viruses. The organisation accepts no liability for any damage caused by any virus transmitted by this email. ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] Upgrading edge router
I'd try and go the ASR1002 option, it shouldn't be too far off your 35k budget without smartnet, although i'd recommend maintenance on the software as you will want access to TAC for bugs, also if you can option in the HA feature so you can get ISSU. With 5Gb of throughput, dual psu and 4Gb(SFP) int's out the box with room for expansion it's good bang for buck, the ASR is really aimed as the next generation 7200 swiss army knife, being a software based feature platform rather than a hardware(ie 7600/6500) it's a welcome new product and you should see good life out of it, it has some limitations in its current form, the only one that may concern you with your list that I can think of is lack of AToM MPLS support, but that is due out in upcoming software release. Put the quagga to rest! :) -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Affan Basalamah Sent: Tuesday, 11 November 2008 9:19 PM To: cisco-nsp@puck.nether.net Subject: [c-nsp] Upgrading edge router Hi all, I am network admin in university that have a UNIX PC that functions as core router and firewall to accomodate : - 2 x 45 Mb link to research education network (REN) - 100Mb link to local exchange point - 10Mb link to Internet Currently we accept partial route from Internet, and aggregated with REN prefixes, we have at least 30k prefixes. We would like to upgrade our router to accomodate : - new STM-1 link (physical connector is not STM1 port, but it is converted to Gigeth by our telco) - at least 4 1000BaseT port - firewall feature (packet filter and inspection) would be nice - IPv6 multicast and MPLS feature - can keep up the load at least for 5 years - budget around $35k I have done some research, and our choice could come to : - Cisco 7603 with Sup32. I think this is the cheapest solution with 8 port gigabit ethernet, but I don't know whether it could handle the load. I also see it as integrated packet inspection with PISA daughterboard, but I don't have any experience with that. The supervisor is a bit old compared to ASR1000. - Cisco ASR1002 with ESP-5G. Newer supervisor and enhanced with packet inspection, but I don't know whether it can suit the budget. - Juniper M7i with 2 x 1Gbps SFP port. It has better OS (but I haven't compare it to Cisco IOS-XE in ASR1000), but it doesn't have 4 gigabit ports, and separate AS module can cost you too much. I don't know whether it suits the budget. - Foundry NetIron MLX-4 with 20 port 1000BaseT. I haven't had experience with this box, but the specs looks promising, and maybe it suits the budget. I would like your suggestion about my plan above, perhaps I can come out with better plan. Thank you, Regards, -affan ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/ No virus found in this incoming message. Checked by AVG - http://www.avg.com Version: 8.0.175 / Virus Database: 270.9.0/1779 - Release Date: 10/11/2008 7:53 AM ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] 7513 - RSP4 - 122-25.S15 - MLPPP / Dcef Weirdness
Isn't 12.2(25)S really really not recommended on 7500? I seem to remember several exchanges where this was mentioned by cisco people here. I'm going to look through the list archives and see if I can find those references. Everything that I've seen revolves around earlier iterations of the code, not the S15 release that has been out for a year. I'm happy to consider upgrading to a different IOS version.. just looking for recommendations on what I should be looking at for a 7515 w/ Dual RSP 4+, 5 VIP cards and the need for LLQ, OSPF, BGP, VLANs, MLPPP etc.. ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] PPPoE over VRF
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Could use the virtual template for your PPPoE connections. interface Virtual-Template1 ip vrf forwarding vrf_pppoe - -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Mohammad Khalil Sent: Tuesday, November 11, 2008 4:31 AM To: cisco-nsp@puck.nether.net Subject: [c-nsp] PPPoE over VRF I'm planning on terminating PPPoW sessions into a VRF , connected to a specific vlan instance and transporting the traffic to them via ethernet. how can i get the sessions to be inserted into the VRF correctly _ Invite your mail contacts to join your friends list with Windows Live Spaces. It's easy! http://spaces.live.com/spacesapi.aspx?wx_action=createwx_url=/friends.aspxmkt=en-us ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/ -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.7 (MingW32) iD8DBQFJGgQlcGGHuFdGSWARAqO4AKCGeXS4zKvnSt+HDfNcWeECS0kbyACeIAD/ 9DBt9NQxswZURlrqYF6DnQ8= =bIhb -END PGP SIGNATURE- ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
[c-nsp] 2821 voice configuration
Hello everyone, we want to use a Cisco 2821 as SIP-PSTN media gateway and PRI switch for a slow migration from an old PBX to a VoIP PBX (Asterisk) | E1 carrier +--+---+ | Cisco 2821 + IP/SIP to Asterisk +--+---+ | E1 old PBX Required key feature is forwarding of calls between all three legs, especially transparent E1-E1 (using dial-peer statements). We have this setup running for more than three years on AS5350XM with a lot more E1 lines so I'm pretty sure how to configure that, but I have never done this with 2800 series and I don't want to buy anything we can't use afterwards. We want to use CISCO2821-V/K9 2821 Voice Bundle,PVDM2-32,SP Serv,64F/256D VWIC-2MFT-E12-Port RJ-48 Multiflex Trunk - E1 PVDM2-3232-Channel Packet Voice/Fax DSP Module can anyone see any reason why this might not work? Thanks, Bernhard ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
[c-nsp] ASR 9000
Did anyone else miss an announcement for the ASR 9000 series? http://www.cisco.com/en/US/products/ps9853/index.html How did I miss that bad boy? Anyone have any details? Justin ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] ASR 9000
Justin Shore wrote: Did anyone else miss an announcement for the ASR 9000 series? http://www.cisco.com/en/US/products/ps9853/index.html How did I miss that bad boy? Anyone have any details? Side to back airflow? Who thought that'd work well? Runs IOS XR, while the recent ASR 1000 series runs IOS XE? Consistency would be nice. Re-uses the RSP nomenclature, just recently put to bed in the 7500 series. However, adding CE (hundred-gig Ethernet) support on the initial datasheet is impressive, along with XE and GE. Skipping LXE is interesting though. pt ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
[c-nsp] (1|2)800 series hardware-based encryption
The data sheets for the 1800 series all mention hardware-based encryption being built into the units. The 1841 mentions AIM support as well for two to three times the performance of embedded encryption capabilities. No mention of AIM support for the 1861 but it too says hardware-based encryption. Does anyone have any performance numbers for IPSec-encrypted GRE on the 1800 series or the 800 series? I'm looking for an inexpensive platform for originating IPSec-encrypted GRE tunnels. Throughput will be reasonably low. OSPF and EIGRP support is required. It looks like the most cost-effective solution is the 881 with the Adv IP code which replaces the 871 (same price). The 1811, 1841 and 1861 all require DRAM and flash upgrades to support their respective image that has IPSec and IGP support (Adv IP for the 1811 and Adv Sec for the 1841 and 1861). That seriously jacks up the price compared to the turnkey 881. Any other recommendations? Thanks Justin ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
[c-nsp] L2TP errors on LNS and no PPP sessions from CPE
Dear All, I manage a LNS on which there are multiple L2TP tunnels. From one of the L2TP tunnels, I am not getting any PPP sessions. Unfortunately, I do not have access to the LAC. Below is what I am seeing on the LNS and the CPE : LNS# debug vpdn l2x-errors Nov 11 23:51:53.998 GMT: L2TP tnl 0BE86:41EC: Control connection authentication skipped/passed. Nov 11 23:51:54.618 GMT: L2TP tnl 05E82:C4DC: Control connection authentication skipped/passed. Nov 11 23:51:54.618 GMT: L2TP _:_:: Create session Nov 11 23:51:54.618 GMT: L2TP _:_:: Using ICRQ FSM Nov 11 23:51:54.618 GMT: L2TP _:_:: remote ip set to 22.7.101.23 Nov 11 23:51:54.622 GMT: L2TP _:_:: local ip set to 22.7.114.212 Nov 11 23:51:54.622 GMT: L2TP tnl 05E82:C4DC: FSM-CC ev Session-Conn Nov 11 23:51:54.622 GMT: L2TP tnl 05E82:C4DC: FSM-CCin established Nov 11 23:51:54.622 GMT: L2TP tnl 05E82:C4DC: FSM-CC do Session-Conn-Est Nov 11 23:51:54.622 GMT: L2TP tnl 05E82:C4DC: Session count now 2 Nov 11 23:51:54.622 GMT: L2TP _:05E82:A327: FSM-Sn ev CC-Up Nov 11 23:51:54.622 GMT: L2TP _:05E82:A327: FSM-Snin Idle Nov 11 23:51:54.622 GMT: L2TP _:05E82:A327: FSM-Sn do CC-Up-Ignore0-1 Nov 11 23:51:54.622 GMT: L2TP _:05E82:A327: Session attached Nov 11 23:51:54.622 GMT: L2TP _:05E82:A327: no cookies enabled Nov 11 23:51:54.622 GMT: L2TP _:05E82:A327: FSM-Sn ev Rx-ICRQ Nov 11 23:51:54.622 GMT: L2TP _:05E82:A327: FSM-Sn Idle-Proc-ICRQ Nov 11 23:51:54.622 GMT: L2TP _:05E82:A327: FSM-Sn do Rx-ICRQ Nov 11 23:51:54.622 GMT: L2TP _:05E82:A327: Chose application VPDN Nov 11 23:51:54.622 GMT: L2TP _:05E82:A327: App type set to VPDN Nov 11 23:51:54.622 GMT: L2TP tnl 05E82:C4DC: VPDN Session count now 2 Nov 11 23:51:54.622 GMT: L2TP _:05E82:A327: VPDN: process AVPs Nov 11 23:51:54.622 GMT: L2TP _:05E82:A327: Local AC is now UP Nov 11 23:51:54.622 GMT: L2TP _:05E82:A327: Remote AC is now UP Nov 11 23:51:54.622 GMT: L2TP _:05E82:A327: Nov 11 23:51:54.622 GMT: L2TP _:05E82:A327: Shutting down session Nov 11 23:51:54.622 GMT: L2TP _:05E82:A327: Result Code Nov 11 23:51:54.622 GMT: L2TP _:05E82:A327: Reserved (0) Nov 11 23:51:54.622 GMT: L2TP _:05E82:A327: Error Code Nov 11 23:51:54.622 GMT: L2TP _:05E82:A327: No error (0) Nov 11 23:51:54.622 GMT: L2TP _:05E82:A327: Vendor Error Nov 11 23:51:54.622 GMT: L2TP _:05E82:A327: None (0) Nov 11 23:51:54.622 GMT: L2TP _:05E82:A327: Optional Message Nov 11 23:51:54.622 GMT: L2TP _:05E82:A327: No disconnect reason given LNS# debug vpdn l2x-events Nov 11 23:54:54.971 GMT: L2TP tnl 0BE86:41EC: FSM-CC ev Session-Conn Nov 11 23:54:54.971 GMT: L2TP tnl 0BE86:41EC: FSM-CCin established Nov 11 23:54:54.971 GMT: L2TP tnl 0BE86:41EC: FSM-CC do Session-Conn-Est Nov 11 23:54:54.971 GMT: L2TP tnl 0BE86:41EC: Session count now 3 Nov 11 23:54:54.971 GMT: L2TP _:0BE86:A33A: FSM-Sn ev CC-Up Nov 11 23:54:54.971 GMT: L2TP _:0BE86:A33A: FSM-Snin Idle Nov 11 23:54:54.971 GMT: L2TP _:0BE86:A33A: FSM-Sn do CC-Up-Ignore0-1 Nov 11 23:54:54.971 GMT: L2TP _:0BE86:A33A: Session attached Nov 11 23:54:54.971 GMT: L2TP _:0BE86:A33A: no cookies enabled Nov 11 23:54:54.971 GMT: L2TP _:0BE86:A33A: FSM-Sn ev Rx-ICRQ Nov 11 23:54:54.971 GMT: L2TP _:0BE86:A33A: FSM-Sn Idle-Proc-ICRQ Nov 11 23:54:54.975 GMT: L2TP _:0BE86:A33A: FSM-Sn do Rx-ICRQ Nov 11 23:54:54.975 GMT: L2TP _:0BE86:A33A: Chose application VPDN Nov 11 23:54:54.975 GMT: L2TP _:0BE86:A33A: App type set to VPDN Nov 11 23:54:54.975 GMT: L2TP tnl 0BE86:41EC: VPDN Session count now 3 Nov 11 23:54:54.975 GMT: L2TP _:0BE86:A33A: VPDN: process AVPs Nov 11 23:54:54.975 GMT: L2TP _:0BE86:A33A: Local AC is now UP Nov 11 23:54:54.975 GMT: L2TP _:0BE86:A33A: Remote AC is now UP Nov 11 23:54:54.975 GMT: L2TP _:0BE86:A33A: Nov 11 23:54:54.975 GMT: L2TUN APP: handle/451345shutdown app session Nov 11 23:54:54.975 GMT: L2TP _:0BE86:A33A: Shutting down session Nov 11 23:54:54.975 GMT: L2TP _:0BE86:A33A: Result Code Nov 11 23:54:54.975 GMT: L2TP _:0BE86:A33A: Reserved (0) Nov 11 23:54:54.975 GMT: L2TP _:0BE86:A33A: Error Code Nov 11 23:54:54.975 GMT: L2TP _:0BE86:A33A: No error (0) Nov 11 23:54:54.975 GMT: L2TP _:0BE86:A33A: Vendor Error Nov 11 23:54:54.975 GMT: L2TP _:0BE86:A33A: None (0) Nov 11 23:54:54.975 GMT: L2TP _:0BE86:A33A: Optional Message Nov 11 23:54:54.975 GMT: L2TP _:0BE86:A33A: No disconnect reason given Nov 11 23:54:54.975 GMT: L2TP _:0BE86:A33A: Nov 11 23:54:54.975 GMT: L2TP _:0BE86:A33A: FSM-Sn
Re: [c-nsp] Upgrading edge router
Without looking at the article (don't have time right now) flexible packet matching and firewalling are definitely 2 different things, i'd say packet matching is referring more to something like NBAR with some additional features, remember it only says packet matching(not blocking), the latter is the full stateful firewall feature set, so if you aren't wanting it to do proper firewalling then you want that one. As for licenses this one is a little weird, basically adv enterprise is cheaper than adv ip even though it has all the features of adv ip, seems to be purely based on ppl not wanting features they will never use available on an image and Cisco making them pay more for that feature, my advice is buy the cheaper adv enterprise, it will do IPv6. -Original Message- From: Affan Basalamah [mailto:[EMAIL PROTECTED] Sent: Tuesday, 11 November 2008 10:25 PM To: Ben Steele Cc: cisco-nsp@puck.nether.net Subject: Re: [c-nsp] Upgrading edge router Thank you for your prompt response, I would like to know a thing about ASR1000 software components : - It says on ASR1000 software ordering guide (http://www.cisco.com/en/US/prod/collateral/routers/ps9343/product_bulletin_ c07-448862.html) that there is a FPM (flexible packet matching) service license and Firewall service license. I would like to know the difference between two license, since the latter cost the double from the former. - What version of IOS-XE is integrated in ASR1000 bundle ? Is it IP Base or Advanced IP Services ? I would like to run IPv6 on the router, so the router will need Advanced IP Services IOS. Regards, -affan On Tue, Nov 11, 2008 at 6:08 PM, Ben Steele [EMAIL PROTECTED] wrote: I'd try and go the ASR1002 option, it shouldn't be too far off your 35k budget without smartnet, although i'd recommend maintenance on the software as you will want access to TAC for bugs, also if you can option in the HA feature so you can get ISSU. With 5Gb of throughput, dual psu and 4Gb(SFP) int's out the box with room for expansion it's good bang for buck, the ASR is really aimed as the next generation 7200 swiss army knife, being a software based feature platform rather than a hardware(ie 7600/6500) it's a welcome new product and you should see good life out of it, it has some limitations in its current form, the only one that may concern you with your list that I can think of is lack of AToM MPLS support, but that is due out in upcoming software release. Put the quagga to rest! :) -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Affan Basalamah Sent: Tuesday, 11 November 2008 9:19 PM To: cisco-nsp@puck.nether.net Subject: [c-nsp] Upgrading edge router Hi all, I am network admin in university that have a UNIX PC that functions as core router and firewall to accomodate : - 2 x 45 Mb link to research education network (REN) - 100Mb link to local exchange point - 10Mb link to Internet Currently we accept partial route from Internet, and aggregated with REN prefixes, we have at least 30k prefixes. We would like to upgrade our router to accomodate : - new STM-1 link (physical connector is not STM1 port, but it is converted to Gigeth by our telco) - at least 4 1000BaseT port - firewall feature (packet filter and inspection) would be nice - IPv6 multicast and MPLS feature - can keep up the load at least for 5 years - budget around $35k I have done some research, and our choice could come to : - Cisco 7603 with Sup32. I think this is the cheapest solution with 8 port gigabit ethernet, but I don't know whether it could handle the load. I also see it as integrated packet inspection with PISA daughterboard, but I don't have any experience with that. The supervisor is a bit old compared to ASR1000. - Cisco ASR1002 with ESP-5G. Newer supervisor and enhanced with packet inspection, but I don't know whether it can suit the budget. - Juniper M7i with 2 x 1Gbps SFP port. It has better OS (but I haven't compare it to Cisco IOS-XE in ASR1000), but it doesn't have 4 gigabit ports, and separate AS module can cost you too much. I don't know whether it suits the budget. - Foundry NetIron MLX-4 with 20 port 1000BaseT. I haven't had experience with this box, but the specs looks promising, and maybe it suits the budget. I would like your suggestion about my plan above, perhaps I can come out with better plan. Thank you, Regards, -affan ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/ No virus found in this incoming message. Checked by AVG - http://www.avg.com Version: 8.0.175 / Virus Database: 270.9.0/1779 - Release Date: 10/11/2008 7:53 AM ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at
Re: [c-nsp] ASR 9000
On Wednesday 12 November 2008 06:55:20 Pete Templin wrote: Runs IOS XR, while the recent ASR 1000 series runs IOS XE? Consistency would be nice. I do like the fact that Cisco are starting to work on more consistent releases for their service provider platforms (SR, XE, XR). I just hope XR does not suffer too much from lack of features as compared to SR, especially when used in the edge. Cheers, Mark. signature.asc Description: This is a digitally signed message part. ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] ASR 9000
I think ASR is just the cool name of the moment. The new ASRs could be called CRS-0.5, CRS-0.1, Edge-CRS... Rubens On Tue, Nov 11, 2008 at 8:55 PM, Pete Templin [EMAIL PROTECTED] wrote: Justin Shore wrote: Did anyone else miss an announcement for the ASR 9000 series? http://www.cisco.com/en/US/products/ps9853/index.html How did I miss that bad boy? Anyone have any details? Side to back airflow? Who thought that'd work well? Runs IOS XR, while the recent ASR 1000 series runs IOS XE? Consistency would be nice. Re-uses the RSP nomenclature, just recently put to bed in the 7500 series. However, adding CE (hundred-gig Ethernet) support on the initial datasheet is impressive, along with XE and GE. Skipping LXE is interesting though. pt ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/ ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] ASR 9000
Runs IOS XR, while the recent ASR 1000 series runs IOS XE? Consistency would be nice. ...or atleast call this a CRS-2 or something. I'm still crossing my fingers that there's a master plan for consistency (or alternatively, clear differentiation) between XR/XE/12.2SX/12.2SR/NX-OS. Re-uses the RSP nomenclature, just recently put to bed in the 7500 series. Nope, 7600 already revived it (RSP720). I don't see reference to line cards, but the photos look like ES40's, which finally gives some credibility to the 6500/7600 split (where new linecards are shared between ASR9000 and 7600). ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] RPSL Popularity and Usage
http://nanog.org/meetings/nanog44/presentations/Tuesday/RAS_irrdata_N44.pdf On Tue, Nov 11, 2008 at 4:29 PM, [EMAIL PROTECTED] wrote: Hello Just wanted to ask how must is Internet Routing Registry used with RPSL currently on the Internet? Do a lot of providers still rely on that to create configurations or is that just more of a documentation process that doesn't get updated after the first use? Thank you for your input. Tom ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/ ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
[c-nsp] Setting up Cisco 1811 for dial in access
I am trying to set up a Cisco 1811 for ppp dial-in access for a client and am having difficulty finding configuration information. Most of the documentation I find is about using the router to dial out to support the network, but I am trying to do the opposite. I am trying to set up the router to provide access to the local network through a ppp dial in connection. Thank you for your help. -- Brian Raaen Network Engineer [EMAIL PROTECTED] ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] Setting up Cisco 1811 for dial in access
Hi Brian, You need to configure the async interface on your 1811. Take a look here http://www.cisco.com/en/US/docs/routers/access/1800/1801/software/config uration/guide/dialbkup.html#wp1031537 Aaron Riemer Network Engineer -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Brian Raaen Sent: Wednesday, 12 November 2008 1:27 PM To: cisco-nsp@puck.nether.net Subject: [c-nsp] Setting up Cisco 1811 for dial in access I am trying to set up a Cisco 1811 for ppp dial-in access for a client and am having difficulty finding configuration information. Most of the documentation I find is about using the router to dial out to support the network, but I am trying to do the opposite. I am trying to set up the router to provide access to the local network through a ppp dial in connection. Thank you for your help. -- Brian Raaen Network Engineer [EMAIL PROTECTED] ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/ LEGAL DISCLAIMER: This message contains confidential information and is intended only for the individual named. If you are not the named addressee you should not disseminate, distribute or copy this e-mail. Please notify the sender immediately by e-mail if you have received this e-mail by mistake and delete this e-mail from your system. If you are not the intended recipient you are notified that disclosing, copying, distributing or taking any action in reliance on the contents of this information is strictly prohibited. ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] Setting up Cisco 1811 for dial in access
Brian, This should be a good start. It has been a long time since I did this. -- http://dcp.dcptech.com -Original Message- From: [EMAIL PROTECTED] [mailto:cisco-nsp- [EMAIL PROTECTED] On Behalf Of Brian Raaen Sent: Tuesday, November 11, 2008 11:27 PM To: cisco-nsp@puck.nether.net Subject: [c-nsp] Setting up Cisco 1811 for dial in access I am trying to set up a Cisco 1811 for ppp dial-in access for a client and am having difficulty finding configuration information. Most of the documentation I find is about using the router to dial out to support the network, but I am trying to do the opposite. I am trying to set up the router to provide access to the local network through a ppp dial in connection. Thank you for your help. -- Brian Raaen Network Engineer [EMAIL PROTECTED] ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/ ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] Setting up Cisco 1811 for dial in access
This should help. http://www.cisco.com/en/US/docs/ios/12_2/dial/configuration/guide/dafmodmg.h tml -- http://dcp.dcptech.com -Original Message- From: David Prall [mailto:[EMAIL PROTECTED] Sent: Tuesday, November 11, 2008 11:48 PM To: 'Brian Raaen'; 'cisco-nsp@puck.nether.net' Subject: RE: [c-nsp] Setting up Cisco 1811 for dial in access Brian, This should be a good start. It has been a long time since I did this. -- http://dcp.dcptech.com -Original Message- From: [EMAIL PROTECTED] [mailto:cisco-nsp- [EMAIL PROTECTED] On Behalf Of Brian Raaen Sent: Tuesday, November 11, 2008 11:27 PM To: cisco-nsp@puck.nether.net Subject: [c-nsp] Setting up Cisco 1811 for dial in access I am trying to set up a Cisco 1811 for ppp dial-in access for a client and am having difficulty finding configuration information. Most of the documentation I find is about using the router to dial out to support the network, but I am trying to do the opposite. I am trying to set up the router to provide access to the local network through a ppp dial in connection. Thank you for your help. -- Brian Raaen Network Engineer [EMAIL PROTECTED] ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/ ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] lacp on serial
Thank you Oliver, Kind Regards. At 09:51 11/11/2008, Oliver Boehmer (oboehmer) wrote: RAZAFINDRATSIFA Rivo Tahina wrote on Tuesday, November 11, 2008 07:31: Dear All, I 'm looking for implementation of lacp on serial, docs only show on ethernet, is that possible? nope, you need to use multilink ppp to bundle serials on Layer 2.. oli ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/