date:20090326

Re: [c-nsp] mls cef max route

2009-03-26 Thread Peter Rathlev

On Thu, 2009-03-26 at 10:36 +0530, Swati Sharma wrote:
 Though I have just few routes still I am getting
 
 Mar 26 04:49:06.406 UTC: %MLSCEF-SP-4-FIB_EXCEPTION: FIB TCAM
 exception for IPv4 unicast, Some routes will be software switched.
 Use mls cef maximum-routes to modify FIB TCAM  partition.
 
 6500.LAB#sh mls cef maximum-routes
 FIB TCAM maximum routes :
 ===
 Current :-
 ---
  IPv4 + MPLS - 512k (default)
  IPv6 + IP Multicast - 256k (default)
...
 any idea !!!

What does show tcam counts and show platform hardware capacity pfc
say?

Regards,
Peter


___
cisco-nsp mailing list  cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/

[c-nsp] Getvpn same box ks and gm

2009-03-26 Thread Mike Louis

Does anyone know when cisco plans to support getvpn key server and group member 
configurations on the same box?

Note: This message and any attachments is intended solely for the use of the 
individual or entity to which it is addressed and may contain information that 
is non-public, proprietary, legally privileged, confidential, and/or exempt 
from disclosure. If you are not the intended recipient, you are hereby notified 
that any use, dissemination, distribution, or copying of this communication is 
strictly prohibited. If you have received this communication in error, please 
notify the original sender immediately by telephone or return email and destroy 
or delete this message along with any attachments immediately.
___
cisco-nsp mailing list  cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/

Re: [c-nsp] mls cef max route

2009-03-26 Thread Gert Doering

Hi,

On Thu, Mar 26, 2009 at 10:36:20AM +0530, Swati Sharma wrote:
 6500.LAB#sh mls cef maximum-routes

Try: sh mls cef su

to see what IOS is thinking about TCAM usage.

gert
-- 
USENET is *not* the non-clickable part of WWW!
   //www.muc.de/~gert/
Gert Doering - Munich, Germany g...@greenie.muc.de
fax: +49-89-35655025g...@net.informatik.tu-muenchen.de


pgprfgJyshA6Y.pgp
Description: PGP signature
___
cisco-nsp mailing list  cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/

Re: [c-nsp] Question about CBWFQ and PING times

2009-03-26 Thread Peter Rathlev

On Thu, 2009-03-26 at 11:04 +1100, Andy Saykao wrote:
 I tried to create a Heirarchical QoS policy on a spare 7606 we have here
 and no go. Tried to create a parent shaper and policer and neither
 worked when the service-policy was applied to the interface.

I would've thought the SIP-400 could do shaping. Data sheet says DTS is
supported, but I don't have one at hand to test it. The specific PA
might also set limitations. You may be out of luck with those
interfaces.

I assume it is a SPA in the SIP-400 you add the service-policy to,
right? Interface on LAN cards can't do it this way.

 You wrote - You need to tell the router that it only has 200 mbps and
 not the full 1 Gbps. Otherwise it will allocate ~50 mbps (your
 5%) for priority traffic and ~950 mbps for class-default.
 
 This statement may be true but when I do a show policy-map interface
 command, it seems to allocate the percentage of bandwidth correctly as
 to what I've specified with the bandwidth interface command (ie:
 bandwidth 5% (1 kbps)). I read somewhere that the QoS policy takes
 into account what you set the bandwidth interface command to. This
 seems to be true when I do a show policy-map interface because it's
 using the bandwidth interface command to allocate the bandwidth as
 shown below.

The bandwidth command doesn't do anything by itself, other than
letting e.g. routing protocols know what bandwidth is available on this
link. EIGRP and RSVP could use this. The command does not in itself help
with shaping/policing.

It's correct that the policy-map percent parameter looks at exactly
this parameter, but this is just configuration short-hand. Disregarding
everything but your priority queue, these four methods all reserve 100
mbps on a Gigabit-interface:

- No bandwidth parameter (default), priority percent 10
- No bandwidth parameter (default), priority 10
- Specify bandwidth 20, priority percent 50
- Specify bandwidth 20, priority 10

Consider the bandwidth parameter strictly informational.

You would have to find out what features your interface supports. DTS
and hierarchical QoS should let you use a parent shaper. Some LAN cards
support SRR which could give you a crude way of shaping.

We use shaping on 7200s with no problems, but I have never used DTS on
the switch platforms (7600/6500) so I may make some wrong conclusions.
And my SRR experience has so far been limited to lab tests.

Regards,
Peter


___
cisco-nsp mailing list  cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/

Re: [c-nsp] BGP session resets if NLRI exchanged

2009-03-26 Thread Harold Ritter (hritter)

Paul,

You might be running into CSCsl72955. If so, you could try the
workaround suggested by the following link or upgrade the code.

http://tools.cisco.com/Support/BugToolKit/search/getBugDetails.do?method
=fetchBugDetailsbugId=CSCsl72955 

Regards

-Original Message-
From: cisco-nsp-boun...@puck.nether.net
[mailto:cisco-nsp-boun...@puck.nether.net] On Behalf Of Paul Cosgrove
Sent: Wednesday, March 25, 2009 11:55 AM
To: cisco-nsp@puck.nether.net
Subject: [c-nsp] BGP session resets if NLRI exchanged

We are attempting to establish a new BGP session between one of our
CRS-1 routers, and a Redback SE800 router owned by another provider.  Am
not familiar with Redbacks myself and we have not peered with any before
(as far as we know anyway).  The BGP session only remains up if no NLRI
is exchanged.  If the other provider sends any prefixes to us we reply
with a invalid length for attribute notification; if we send any
prefixes to them they reply with  invalid or corrupt AS path. 

The other provider uses VPNv4 within their network, though I understand
that it is not configured on this peering.  I'm wondering whether these
errors could result if their router expects a RD (and sends one) on the
advertisements, perhaps due to a software bug or typo in the config. 

Perhaps someone has seen this problem before?

Paul.





___
cisco-nsp mailing list  cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/
___
cisco-nsp mailing list  cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/

[c-nsp] Tracking bandwidth hogs ... any recommendations ?

2009-03-26 Thread Wilkinson, Alex

Hi all,

I would like to put in place measures to be able to pin point the particular
user(s) who are thrashing out our WAN connection. I am thinking ...

  Mirror all ports (SPAN) to a spare port and use trafshow to pinpoint the 
culprit.

However, i am curious how others deal with this situation ?

 -aW

IMPORTANT: This email remains the property of the Australian Defence 
Organisation and is subject to the jurisdiction of section 70 of the CRIMES ACT 
1914.  If you have received this email in error, you are requested to contact 
the sender and delete the email.


___
cisco-nsp mailing list  cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/

Re: [c-nsp] Tracking bandwidth hogs ... any recommendations ?

2009-03-26 Thread Phil Mayers


Wilkinson, Alex wrote:

Hi all,

I would like to put in place measures to be able to pin point the particular
user(s) who are thrashing out our WAN connection. I am thinking ...

  Mirror all ports (SPAN) to a spare port and use trafshow to pinpoint the 
culprit.

However, i am curious how others deal with this situation ?


Netflow.
___
cisco-nsp mailing list  cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/

Re: [c-nsp] Tracking bandwidth hogs ... any recommendations ?

2009-03-26 Thread Rodney Dunn

Why not use Netflow?

On Thu, Mar 26, 2009 at 09:15:45PM +0900, Wilkinson, Alex wrote:
 Hi all,
 
 I would like to put in place measures to be able to pin point the particular
 user(s) who are thrashing out our WAN connection. I am thinking ...
 
   Mirror all ports (SPAN) to a spare port and use trafshow to pinpoint the 
 culprit.
 
 However, i am curious how others deal with this situation ?
 
  -aW
 
 IMPORTANT: This email remains the property of the Australian Defence 
 Organisation and is subject to the jurisdiction of section 70 of the CRIMES 
 ACT 1914.  If you have received this email in error, you are requested to 
 contact the sender and delete the email.
 
 
 ___
 cisco-nsp mailing list  cisco-nsp@puck.nether.net
 https://puck.nether.net/mailman/listinfo/cisco-nsp
 archive at http://puck.nether.net/pipermail/cisco-nsp/
___
cisco-nsp mailing list  cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/

Re: [c-nsp] Tracking bandwidth hogs ... any recommendations ?

2009-03-26 Thread Pender, James

http://www.cisco.com/en/US/products/sw/iosswrel/ps1838/products_feature_guide09186a0080259533.html

How to setup netflow to monitor top talkers, and even poll the results with 
SNMP.

 

-Original Message-
From: cisco-nsp-boun...@puck.nether.net 
[mailto:cisco-nsp-boun...@puck.nether.net] On Behalf Of Rodney Dunn
Sent: Thursday, March 26, 2009 9:50 AM
To: cisco-nsp@puck.nether.net
Subject: Re: [c-nsp] Tracking bandwidth hogs ... any recommendations ?

Why not use Netflow?

On Thu, Mar 26, 2009 at 09:15:45PM +0900, Wilkinson, Alex wrote:
 Hi all,
 
 I would like to put in place measures to be able to pin point the particular
 user(s) who are thrashing out our WAN connection. I am thinking ...
 
   Mirror all ports (SPAN) to a spare port and use trafshow to pinpoint the 
 culprit.
 
 However, i am curious how others deal with this situation ?
 
  -aW
 
 IMPORTANT: This email remains the property of the Australian Defence 
 Organisation and is subject to the jurisdiction of section 70 of the CRIMES 
 ACT 1914.  If you have received this email in error, you are requested to 
 contact the sender and delete the email.
 
 
 ___
 cisco-nsp mailing list  cisco-nsp@puck.nether.net
 https://puck.nether.net/mailman/listinfo/cisco-nsp
 archive at http://puck.nether.net/pipermail/cisco-nsp/
___
cisco-nsp mailing list  cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/
___
cisco-nsp mailing list  cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/

Re: [c-nsp] MLPPP

2009-03-26 Thread Rodney Dunn

You have it in a VRF which really shouldn't cause an issue as it's
tag2ip and ip2tag.

What code is it?

Make sure it's the latest 12.4 mainline as we did some work in 12.4 to make
this work.

Can you get a 'sh int mul 2 stat' after a clear counters...get it a few
times and send it?

Also, what are the other interface configs feeding this bundle?
It could be features on them causing the punts.

What does 'sh cef int' say?


Rodney

On Wed, Mar 25, 2009 at 05:03:03PM -0400, Jason Berenson wrote:
 Here's a sample:
 
 interface Multilink2
 ip vrf forwarding VPN1
 ip address x.x.x.x 255.255.255.252
 no cdp enable
 ppp multilink
 ppp multilink group 2
 service-policy output voice
 !
 interface Serial6/0/25:0
 no ip address
 encapsulation ppp
 down-when-looped
 no cdp enable
 ppp multilink
 ppp multilink group 2
 !
 interface Serial6/0/26:0
 no ip address
 encapsulation ppp
 down-when-looped
 no cdp enable
 ppp multilink
 ppp multilink group 2
 !
 
 -Jason
 
 
 Rodney Dunn wrote:
 The G1's with MLPPP should not be process switching the traffic.
 
 What is the config?
 
 The EC cards just offload the MLPPP to the new asic on the PA.
 
 Rodney
 
 On Wed, Mar 25, 2009 at 04:35:50PM -0400, Jason Berenson wrote:
   
 Greetings,
 
 I've got a 7206VXR NPE-G1 with a bunch of DS3 cards in it (PA-MC-T3).  
 There's about 25 multilinks with an average of 2 T1s per bundle.  I see 
 a lot of process switching on the router and I have a feeling it's 
 because we don't have the PA-MC-T3-EC card so the processor has to step 
 in for the MLPPP. 
 
 Is this the case?  If I get some PA-MC-T3-EC cards to swap in, will that 
 take a lot of load off the NPE-G1?  Any output needed, please let me know.
 
 Thanks,
 Jason
 ___
 cisco-nsp mailing list  cisco-nsp@puck.nether.net
 https://puck.nether.net/mailman/listinfo/cisco-nsp
 archive at http://puck.nether.net/pipermail/cisco-nsp/
 
___
cisco-nsp mailing list  cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/

Re: [c-nsp] Tracking bandwidth hogs ... any recommendations ?

2009-03-26 Thread Paul Stewart

Netflow would be our first choice if possible...

Paul

-Original Message-
From: cisco-nsp-boun...@puck.nether.net
[mailto:cisco-nsp-boun...@puck.nether.net] On Behalf Of Wilkinson, Alex
Sent: Thursday, March 26, 2009 8:16 AM
To: cisco-nsp@puck.nether.net
Subject: [c-nsp] Tracking bandwidth hogs ... any recommendations ?

Hi all,

I would like to put in place measures to be able to pin point the particular
user(s) who are thrashing out our WAN connection. I am thinking ...

  Mirror all ports (SPAN) to a spare port and use trafshow to pinpoint the
culprit.

However, i am curious how others deal with this situation ?

 -aW

IMPORTANT: This email remains the property of the Australian Defence
Organisation and is subject to the jurisdiction of section 70 of the CRIMES
ACT 1914.  If you have received this email in error, you are requested to
contact the sender and delete the email.

___
cisco-nsp mailing list  cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/

This message was delivered by MDaemon - http://www.altn.com/MDaemon/

___
cisco-nsp mailing list  cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/

Re: [c-nsp] MLPPP

2009-03-26 Thread Jason Berenson


Rodney,

It's running: 12.4(18a).  I had to downgrade from the latest about 6 
months ago because of a bug where 'show policy' would show no output 
even if QoS was working properly.


router#show int mul2 stat
Multilink2
 Switching pathPkts In   Chars In   Pkts Out  Chars Out
  Processor  0  0  0  0
Route cache  180493982931  25553   14234069
  Total  180493982931  25553   14234069
router#show int mul2 stat
Multilink2
 Switching pathPkts In   Chars In   Pkts Out  Chars Out
  Processor  0  0  0  0
Route cache  186014110973  26553   14682852
  Total  186014110973  26553   14682852

fonseca#show cef in mul 2
Multilink2 is up (if_number 132)
 Corresponding hwidb fast_if_number 132
 Corresponding hwidb firstsw-if_number 132
 Internet address is 10.3.4.229/30
 ICMP redirects are always sent
 Per packet load-sharing is disabled
 IP unicast RPF check is disabled
 Inbound access list is not set
 Outbound access list is not set
 Interface is marked as point to point interface
 Hardware idb is Multilink2
 Fast switching type 7, interface type 105
 IP CEF switching enabled
 IP CEF VPN Feature Fast switching turbo vector
 IP Null turbo vector
 VPN Forwarding table nypirg
 Input fast flags 0x1000, Input fast flags2 0x0, Output fast flags 
0x4000, Output fast flags2 0x0

 ifindex 127(127)
 Slot -1 Slot unit 2 Unit 2 VC -1
 Transmit limit accumulator 0x0 (0x0)
 IP MTU 1500

Does that mean that there's no processor switching going on there?  Why 
would a VRF make any difference to the MLPPP?  I see the same outputs 
for a non VRF'd MLPPP.


-Jason

Rodney Dunn wrote:

You have it in a VRF which really shouldn't cause an issue as it's
tag2ip and ip2tag.

What code is it?

Make sure it's the latest 12.4 mainline as we did some work in 12.4 to make
this work.

Can you get a 'sh int mul 2 stat' after a clear counters...get it a few
times and send it?

Also, what are the other interface configs feeding this bundle?
It could be features on them causing the punts.

What does 'sh cef int' say?


Rodney

On Wed, Mar 25, 2009 at 05:03:03PM -0400, Jason Berenson wrote:
  

Here's a sample:

interface Multilink2
ip vrf forwarding VPN1
ip address x.x.x.x 255.255.255.252
no cdp enable
ppp multilink
ppp multilink group 2
service-policy output voice
!
interface Serial6/0/25:0
no ip address
encapsulation ppp
down-when-looped
no cdp enable
ppp multilink
ppp multilink group 2
!
interface Serial6/0/26:0
no ip address
encapsulation ppp
down-when-looped
no cdp enable
ppp multilink
ppp multilink group 2
!

-Jason


Rodney Dunn wrote:


The G1's with MLPPP should not be process switching the traffic.

What is the config?

The EC cards just offload the MLPPP to the new asic on the PA.

Rodney

On Wed, Mar 25, 2009 at 04:35:50PM -0400, Jason Berenson wrote:
 
  

Greetings,

I've got a 7206VXR NPE-G1 with a bunch of DS3 cards in it (PA-MC-T3).  
There's about 25 multilinks with an average of 2 T1s per bundle.  I see 
a lot of process switching on the router and I have a feeling it's 
because we don't have the PA-MC-T3-EC card so the processor has to step 
in for the MLPPP. 

Is this the case?  If I get some PA-MC-T3-EC cards to swap in, will that 
take a lot of load off the NPE-G1?  Any output needed, please let me know.


Thanks,
Jason
___
cisco-nsp mailing list  cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/
   


___
cisco-nsp mailing list  cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/

Re: [c-nsp] Tracking bandwidth hogs ... any recommendations ?

2009-03-26 Thread Jeff Kell

Paul Stewart wrote:
 Netflow would be our first choice if possible...

If you can monitor it on a single span port, iftop is nice, quick, easy,
and free.

Jeff
___
cisco-nsp mailing list  cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/

Re: [c-nsp] Tracking bandwidth hogs ... any recommendations ?

2009-03-26 Thread William F. Maton Sotomayor


On Thu, 26 Mar 2009, Paul Stewart wrote:


Netflow would be our first choice if possible...


+1

Definitely NetFlow.  In a pinch, one could do 'show ip ca fl' over and 
over a few times to try and eyeball quickly rising counters, then isolate 
the interesting line by doing 'show ip ca fl | inc an IP address' to 
verify the type of traffic, etc for that IP.


For something longer-term OSU/Google code flow-tools is a good option.



Paul


-Original Message-
From: cisco-nsp-boun...@puck.nether.net
[mailto:cisco-nsp-boun...@puck.nether.net] On Behalf Of Wilkinson, Alex
Sent: Thursday, March 26, 2009 8:16 AM
To: cisco-nsp@puck.nether.net
Subject: [c-nsp] Tracking bandwidth hogs ... any recommendations ?

Hi all,

I would like to put in place measures to be able to pin point the particular
user(s) who are thrashing out our WAN connection. I am thinking ...

 Mirror all ports (SPAN) to a spare port and use trafshow to pinpoint the
culprit.

However, i am curious how others deal with this situation ?

-aW

IMPORTANT: This email remains the property of the Australian Defence
Organisation and is subject to the jurisdiction of section 70 of the CRIMES
ACT 1914.  If you have received this email in error, you are requested to
contact the sender and delete the email.


___
cisco-nsp mailing list  cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/




This message was delivered by MDaemon - http://www.altn.com/MDaemon/


___
cisco-nsp mailing list  cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/




wfms
___
cisco-nsp mailing list  cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/

Re: [c-nsp] Tracking bandwidth hogs ... any recommendations ?

2009-03-26 Thread Paul Stewart

Netflow would be our first choice if possible...

Paul

-Original Message-
From: cisco-nsp-boun...@puck.nether.net
[mailto:cisco-nsp-boun...@puck.nether.net] On Behalf Of Wilkinson, Alex
Sent: Thursday, March 26, 2009 8:16 AM
To: cisco-nsp@puck.nether.net
Subject: [c-nsp] Tracking bandwidth hogs ... any recommendations ?

Hi all,

I would like to put in place measures to be able to pin point the particular
user(s) who are thrashing out our WAN connection. I am thinking ...

  Mirror all ports (SPAN) to a spare port and use trafshow to pinpoint the
culprit.

However, i am curious how others deal with this situation ?

 -aW

IMPORTANT: This email remains the property of the Australian Defence
Organisation and is subject to the jurisdiction of section 70 of the CRIMES
ACT 1914.  If you have received this email in error, you are requested to
contact the sender and delete the email.

___
cisco-nsp mailing list  cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/

___
cisco-nsp mailing list  cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/

Re: [c-nsp] Tracking bandwidth hogs ... any recommendations ?

2009-03-26 Thread Jeff Kell

To add to my previous note...

Jeff Kell wrote:
 If you can monitor it on a single span port, iftop is nice, quick, easy,
 and free.

Or ipaudit, if you want longer-term samples (provides 30-minute, daily,
weekly).

Jeff
___
cisco-nsp mailing list  cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/

Re: [c-nsp] Tracking bandwidth hogs ... any recommendations ?

2009-03-26 Thread Lamar Owen

On Thursday 26 March 2009 08:15:45 Wilkinson, Alex wrote:
 I would like to put in place measures to be able to pin point the
 particular user(s) who are thrashing out our WAN connection. I am thinking

 However, i am curious how others deal with this situation ?

NetFlow feeding nTop. (www.ntop.org).
-- 
Lamar Owen
Chief Information Officer
Pisgah Astronomical Research Institute
1 PARI Drive
Rosman, NC  28772
http://www.pari.edu
___
cisco-nsp mailing list  cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/

[c-nsp] Cisco and Foundry and MST

2009-03-26 Thread Nick Griffin

I'm working with a client that is migrating to Foundry from Cisco and they
need to have interoperability on STP between the two vendors. I usually try
to do MST when I can, usually in a cisco environment, so I'm pretty
comfortable with it. Does anyone have any experience getting the 2 to play
together? It's a critical environment, so minimal disruption is required.
There is a core 6500 that can connects to a number of Cisco access switches,
the Cisco 6500 also connects into the Foundry FESX switches. I wanted to go
ahead and enable MST on the core 6500, and then working my way to the access
layer (assuming the interoperability works just fine), and then the Foundry
boxes. Just looking for any pro-pointers here to try to avoid baptism by
fire! Thanks in advance.

Nick Griffin
Systems Consultant, CCIE RS 17381
___
cisco-nsp mailing list  cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/

Re: [c-nsp] MLPPP

2009-03-26 Thread Rodney Dunn

On Thu, Mar 26, 2009 at 10:30:08AM -0400, Jason Berenson wrote:
 Rodney,
 
 It's running: 12.4(18a).  I had to downgrade from the latest about 6 
 months ago because of a bug where 'show policy' would show no output 
 even if QoS was working properly.
 
 router#show int mul2 stat
 Multilink2
  Switching pathPkts In   Chars In   Pkts Out  Chars Out
   Processor  0  0  0  0
 Route cache  180493982931  25553   14234069
   Total  180493982931  25553   14234069
 router#show int mul2 stat
 Multilink2
  Switching pathPkts In   Chars In   Pkts Out  Chars Out
   Processor  0  0  0  0
 Route cache  186014110973  26553   14682852
   Total  186014110973  26553   14682852
 
 fonseca#show cef in mul 2
 Multilink2 is up (if_number 132)
  Corresponding hwidb fast_if_number 132
  Corresponding hwidb firstsw-if_number 132
  Internet address is 10.3.4.229/30
  ICMP redirects are always sent
  Per packet load-sharing is disabled
  IP unicast RPF check is disabled
  Inbound access list is not set
  Outbound access list is not set
  Interface is marked as point to point interface
  Hardware idb is Multilink2
  Fast switching type 7, interface type 105
  IP CEF switching enabled
  IP CEF VPN Feature Fast switching turbo vector
  IP Null turbo vector
  VPN Forwarding table nypirg
  Input fast flags 0x1000, Input fast flags2 0x0, Output fast flags 
 0x4000, Output fast flags2 0x0
  ifindex 127(127)
  Slot -1 Slot unit 2 Unit 2 VC -1
  Transmit limit accumulator 0x0 (0x0)
  IP MTU 1500
 
 Does that mean that there's no processor switching going on there? 

Yep. It's all being interrupt switched so you should be fine.

 Why 
 would a VRF make any difference to the MLPPP?

forwarding vectors are different. But in this code we have the hooks
to do MPLSoMLPPP if that's what you were doing..which you are not.
The vrf interface on a bundle isn't what we call MPLSoMLPPP...that's when
you enable MPLS on the bundle.

  I see the same outputs 
 for a non VRF'd MLPPP.

It's working as it should.

With the new PA the overall CPU would be less b/c the mlppp work is offloaded
to an asic on the PA.

 
 -Jason
 
 Rodney Dunn wrote:
 You have it in a VRF which really shouldn't cause an issue as it's
 tag2ip and ip2tag.
 
 What code is it?
 
 Make sure it's the latest 12.4 mainline as we did some work in 12.4 to make
 this work.
 
 Can you get a 'sh int mul 2 stat' after a clear counters...get it a few
 times and send it?
 
 Also, what are the other interface configs feeding this bundle?
 It could be features on them causing the punts.
 
 What does 'sh cef int' say?
 
 
 Rodney
 
 On Wed, Mar 25, 2009 at 05:03:03PM -0400, Jason Berenson wrote:
   
 Here's a sample:
 
 interface Multilink2
 ip vrf forwarding VPN1
 ip address x.x.x.x 255.255.255.252
 no cdp enable
 ppp multilink
 ppp multilink group 2
 service-policy output voice
 !
 interface Serial6/0/25:0
 no ip address
 encapsulation ppp
 down-when-looped
 no cdp enable
 ppp multilink
 ppp multilink group 2
 !
 interface Serial6/0/26:0
 no ip address
 encapsulation ppp
 down-when-looped
 no cdp enable
 ppp multilink
 ppp multilink group 2
 !
 
 -Jason
 
 
 Rodney Dunn wrote:
 
 The G1's with MLPPP should not be process switching the traffic.
 
 What is the config?
 
 The EC cards just offload the MLPPP to the new asic on the PA.
 
 Rodney
 
 On Wed, Mar 25, 2009 at 04:35:50PM -0400, Jason Berenson wrote:
  
   
 Greetings,
 
 I've got a 7206VXR NPE-G1 with a bunch of DS3 cards in it (PA-MC-T3).  
 There's about 25 multilinks with an average of 2 T1s per bundle.  I see 
 a lot of process switching on the router and I have a feeling it's 
 because we don't have the PA-MC-T3-EC card so the processor has to step 
 in for the MLPPP. 
 
 Is this the case?  If I get some PA-MC-T3-EC cards to swap in, will 
 that take a lot of load off the NPE-G1?  Any output needed, please let 
 me know.
 
 Thanks,
 Jason
 ___
 cisco-nsp mailing list  cisco-nsp@puck.nether.net
 https://puck.nether.net/mailman/listinfo/cisco-nsp
 archive at http://puck.nether.net/pipermail/cisco-nsp/

 
___
cisco-nsp mailing list  cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/

Re: [c-nsp] Cisco and Foundry and MST

2009-03-26 Thread Ian MacKinnon

Hi Nick,
I did something similar a while ago, so here are some thoughts.

Plan for downtime :-(
Don't expect it to be totally transparent, so make the changes in a maintenance 
window.

I think SXH and later do a real standards compliant version of MSTP with 
interop with standard STP.
Are you planning to use multiple instances, or just use one?
Make sure that your instance 0 (ie the STP) is the same on both sides, and if 
you are only using one instance ensure it is 0 on both sides.

Be aware of the differences between Cisco RSTP and A.N.Other Spanning tree in 
rapid mode.

I realise I am teaching you to suck eggs here, but plan what devices are going 
to be the root and backup, and manually configure them.

Hope this is useful.
Ian


 -Original Message-
 From: cisco-nsp-boun...@puck.nether.net [mailto:cisco-nsp-
 boun...@puck.nether.net] On Behalf Of Nick Griffin
 Sent: 26 March 2009 16:48
 To: cisco-nsp
 Subject: [c-nsp] Cisco and Foundry and MST

 I'm working with a client that is migrating to Foundry from Cisco and
 they
 need to have interoperability on STP between the two vendors. I usually
 try
 to do MST when I can, usually in a cisco environment, so I'm pretty
 comfortable with it. Does anyone have any experience getting the 2 to
 play
 together? It's a critical environment, so minimal disruption is
 required.
 There is a core 6500 that can connects to a number of Cisco access
 switches,
 the Cisco 6500 also connects into the Foundry FESX switches. I wanted
 to go
 ahead and enable MST on the core 6500, and then working my way to the
 access
 layer (assuming the interoperability works just fine), and then the
 Foundry
 boxes. Just looking for any pro-pointers here to try to avoid baptism
 by
 fire! Thanks in advance.

 Nick Griffin
 Systems Consultant, CCIE RS 17381
 ___
 cisco-nsp mailing list  cisco-nsp@puck.nether.net
 https://puck.nether.net/mailman/listinfo/cisco-nsp
 archive at http://puck.nether.net/pipermail/cisco-nsp/

--

This email and any files transmitted with it are confidential and intended
solely for the use of the individual or entity to whom they are addressed.
If you have received this email in error please notify the sender. Any
offers or quotation of service are subject to formal specification.
Errors and omissions excepted.  Please note that any views or opinions
presented in this email are solely those of the author and do not
necessarily represent those of Lumison and nPlusOne.
Finally, the recipient should check this email and any attachments for the
presence of viruses.  Lumison and nPlusOne accept no liability for any
damage caused by any virus transmitted by this email.
___
cisco-nsp mailing list  cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/

Re: [c-nsp] MLPPP

2009-03-26 Thread Jason Berenson


Rodney,

With the PA-MC-T3-EC, any idea how much would be offloaded to the PA?  
The router is running at about 75% peak average utilization, which is a 
bit high considering it's mostly doing routing and not pushing more then 
100Mbits.  If this is being interrupt switched, I wouldn't expect the EC 
PA to help, right?


-Jason

Rodney Dunn wrote:

On Thu, Mar 26, 2009 at 10:30:08AM -0400, Jason Berenson wrote:
  

Rodney,

It's running: 12.4(18a).  I had to downgrade from the latest about 6 
months ago because of a bug where 'show policy' would show no output 
even if QoS was working properly.


router#show int mul2 stat
Multilink2
 Switching pathPkts In   Chars In   Pkts Out  Chars Out
  Processor  0  0  0  0
Route cache  180493982931  25553   14234069
  Total  180493982931  25553   14234069
router#show int mul2 stat
Multilink2
 Switching pathPkts In   Chars In   Pkts Out  Chars Out
  Processor  0  0  0  0
Route cache  186014110973  26553   14682852
  Total  186014110973  26553   14682852

fonseca#show cef in mul 2
Multilink2 is up (if_number 132)
 Corresponding hwidb fast_if_number 132
 Corresponding hwidb firstsw-if_number 132
 Internet address is 10.3.4.229/30
 ICMP redirects are always sent
 Per packet load-sharing is disabled
 IP unicast RPF check is disabled
 Inbound access list is not set
 Outbound access list is not set
 Interface is marked as point to point interface
 Hardware idb is Multilink2
 Fast switching type 7, interface type 105
 IP CEF switching enabled
 IP CEF VPN Feature Fast switching turbo vector
 IP Null turbo vector
 VPN Forwarding table nypirg
 Input fast flags 0x1000, Input fast flags2 0x0, Output fast flags 
0x4000, Output fast flags2 0x0

 ifindex 127(127)
 Slot -1 Slot unit 2 Unit 2 VC -1
 Transmit limit accumulator 0x0 (0x0)
 IP MTU 1500

Does that mean that there's no processor switching going on there? 



Yep. It's all being interrupt switched so you should be fine.

  
Why 
would a VRF make any difference to the MLPPP?



forwarding vectors are different. But in this code we have the hooks
to do MPLSoMLPPP if that's what you were doing..which you are not.
The vrf interface on a bundle isn't what we call MPLSoMLPPP...that's when
you enable MPLS on the bundle.

  I see the same outputs 
  

for a non VRF'd MLPPP.



It's working as it should.

With the new PA the overall CPU would be less b/c the mlppp work is offloaded
to an asic on the PA.

  

-Jason

Rodney Dunn wrote:


You have it in a VRF which really shouldn't cause an issue as it's
tag2ip and ip2tag.

What code is it?

Make sure it's the latest 12.4 mainline as we did some work in 12.4 to make
this work.

Can you get a 'sh int mul 2 stat' after a clear counters...get it a few
times and send it?

Also, what are the other interface configs feeding this bundle?
It could be features on them causing the punts.

What does 'sh cef int' say?


Rodney

On Wed, Mar 25, 2009 at 05:03:03PM -0400, Jason Berenson wrote:
 
  

Here's a sample:

interface Multilink2
ip vrf forwarding VPN1
ip address x.x.x.x 255.255.255.252
no cdp enable
ppp multilink
ppp multilink group 2
service-policy output voice
!
interface Serial6/0/25:0
no ip address
encapsulation ppp
down-when-looped
no cdp enable
ppp multilink
ppp multilink group 2
!
interface Serial6/0/26:0
no ip address
encapsulation ppp
down-when-looped
no cdp enable
ppp multilink
ppp multilink group 2
!

-Jason


Rodney Dunn wrote:
   


The G1's with MLPPP should not be process switching the traffic.

What is the config?

The EC cards just offload the MLPPP to the new asic on the PA.

Rodney

On Wed, Mar 25, 2009 at 04:35:50PM -0400, Jason Berenson wrote:

 
  

Greetings,

I've got a 7206VXR NPE-G1 with a bunch of DS3 cards in it (PA-MC-T3).  
There's about 25 multilinks with an average of 2 T1s per bundle.  I see 
a lot of process switching on the router and I have a feeling it's 
because we don't have the PA-MC-T3-EC card so the processor has to step 
in for the MLPPP. 

Is this the case?  If I get some PA-MC-T3-EC cards to swap in, will 
that take a lot of load off the NPE-G1?  Any output needed, please let 
me know.


Thanks,
Jason
___
cisco-nsp mailing list  cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/
  
   


___
cisco-nsp mailing list  cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/

[c-nsp] Free/low-cost traffic generator?

2009-03-26 Thread Inca

Does anyone know of a free (open source or otherwise) or low cost
traffic generator that we can use to stress test multiple gigabit
links simultaneously? Ideally, it would be a software package that one
can install on *nix/OSX/Windows.

Thanks!
___
cisco-nsp mailing list  cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/

Re: [c-nsp] Sending connected number from AS5350

2009-03-26 Thread Andreas Sikkema

[Reply to my own post]

I've tried more or less everythin but failed, so I asked our supplier to 
just set COLP to temporary restricted.

Thanks for thinking with me.

-- 
Andreas Sikkema
___
cisco-nsp mailing list  cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/

Re: [c-nsp] Tracking bandwidth hogs ... any recommendations ?

2009-03-26 Thread Rich Davies

You can turn up a NetFlow server which is at times complex or time
consuming.   A quick/dirty way to find out who is causing your issue may be
just to enable ip route-cache flow on a L3 interface that his traffic is
flowing through, then doing show ip cache flow - if he's sending out a ton
of packets you may be able to catch it w/ this versus going the NetFlow
route (NetFlow is much much better but unless you have a ton of unix/linux
background getting the netflow collector/analyzer active may be a complex
chore in itself..)

FYI I saw that SolarWinds just put out a free/30 day demo NetFlow
collector/analyzer in the past few months you can try that for a quick Win32
NetFlow software solution to isolate this quick...

http://www.solarwinds.com/products/orion/nta/


Best of luck!


-Rich


On Thu, Mar 26, 2009 at 8:15 AM, Wilkinson, Alex 
alex.wilkin...@dsto.defence.gov.au wrote:

 Hi all,

 I would like to put in place measures to be able to pin point the
 particular
 user(s) who are thrashing out our WAN connection. I am thinking ...

  Mirror all ports (SPAN) to a spare port and use trafshow to pinpoint the
 culprit.

 However, i am curious how others deal with this situation ?

  -aW

 IMPORTANT: This email remains the property of the Australian Defence
 Organisation and is subject to the jurisdiction of section 70 of the CRIMES
 ACT 1914.  If you have received this email in error, you are requested to
 contact the sender and delete the email.


 ___
 cisco-nsp mailing list  cisco-nsp@puck.nether.net
 https://puck.nether.net/mailman/listinfo/cisco-nsp
 archive at http://puck.nether.net/pipermail/cisco-nsp/

___
cisco-nsp mailing list  cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/

Re: [c-nsp] Free/low-cost traffic generator?

2009-03-26 Thread Charles Wyble


Conflicker is free and comes with unpatched windows systems. :)

On a more serious note, what sort of traffic/apps are you testing? 
Voice? Web?


Inca wrote:

Does anyone know of a free (open source or otherwise) or low cost
traffic generator that we can use to stress test multiple gigabit
links simultaneously? Ideally, it would be a software package that one
can install on *nix/OSX/Windows.

Thanks!

___
cisco-nsp mailing list  cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/

Re: [c-nsp] Free/low-cost traffic generator?

2009-03-26 Thread A . L . M . Buxey

Hi,

 Does anyone know of a free (open source or otherwise) or low cost
 traffic generator that we can use to stress test multiple gigabit
 links simultaneously? Ideally, it would be a software package that one
 can install on *nix/OSX/Windows.

netperf? the Linux packet generator?  what purpose? what do you want - 
lots of small SIP-style packets for QoS testing or lots of big FTP
frames that suck up massive TCP windows?

alan
___
cisco-nsp mailing list  cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/

Re: [c-nsp] Free/low-cost traffic generator?

2009-03-26 Thread Steve Bertrand

Inca wrote:
 Does anyone know of a free (open source or otherwise) or low cost
 traffic generator that we can use to stress test multiple gigabit
 links simultaneously? Ideally, it would be a software package that one
 can install on *nix/OSX/Windows.

iperf. Single binary application for both *nix and Windows.

Steve
___
cisco-nsp mailing list  cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/

Re: [c-nsp] Free/low-cost traffic generator?

2009-03-26 Thread Peter Rathlev

On Thu, 2009-03-26 at 10:10 -0700, Inca wrote:
 Does anyone know of a free (open source or otherwise) or low cost
 traffic generator that we can use to stress test multiple gigabit
 links simultaneously? Ideally, it would be a software package that one
 can install on *nix/OSX/Windows.

Any non-small collection of Windows machines will do this all by
themselves. :-)

Joke aside, you could use IPerf in UDP mode between to hosts:

server$ iperf -s -u -p 4999
client$ iperf -c server_ip -u -b 1000M -p 4999

If you just want to stress a link a don't care about measuring loss etc.
you could use nc in UDP mode sourcing from /dev/zero:

client$ dd if=/dev/zero count=66 bs=1500 | nc -u server_ip

You might face some problems trying to make PC hardware deliver multi
gigabit loads, but several PCs in parallel can do it.

Regards,
Peter


___
cisco-nsp mailing list  cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/

Re: [c-nsp] Free/low-cost traffic generator?

2009-03-26 Thread Christian Koch

d-itg
http://www.grid.unina.it/software/ITG/link.php
pageant ios

On Thu, Mar 26, 2009 at 10:27 AM, Steve Bertrand st...@ibctech.ca wrote:

 Inca wrote:
  Does anyone know of a free (open source or otherwise) or low cost
  traffic generator that we can use to stress test multiple gigabit
  links simultaneously? Ideally, it would be a software package that one
  can install on *nix/OSX/Windows.

 iperf. Single binary application for both *nix and Windows.

 Steve
 ___
 cisco-nsp mailing list  cisco-nsp@puck.nether.net
 https://puck.nether.net/mailman/listinfo/cisco-nsp
 archive at http://puck.nether.net/pipermail/cisco-nsp/

___
cisco-nsp mailing list  cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/

Re: [c-nsp] mls cef max route

2009-03-26 Thread Swati Sharma

Hi Peter,

most of the resources are available

6500.LAB#sh platform hardware capacity pfc
L2 Forwarding Resources
   MAC Table usage:   Module  Collisions  Total   Used
%Used
  50  65536 24
1%
 VPN CAM usage:   Total   Used
%Used
512  0
0%
L3 Forwarding Resources
 FIB TCAM usage: TotalUsed
%Used
  72 bits (IPv4, MPLS, EoM) 524288  75
1%
 144 bits (IP mcast, IPv6)  262144   5
1%
 detail:  ProtocolUsed
%Used
  IPv4  43
1%
  MPLS  32
1%
  EoM0
0%
  IPv6   2
1%
  IPv4 mcast 3
1%
  IPv6 mcast 0
0%
Adjacency usage: TotalUsed
%Used
   1048576 239
1%
 Forwarding engine load:
 Module   pps   peak-pps
peak-time
 5 17589  03:42:33 UTC Wed Mar 18
2009
Netflow Resources
  TCAM utilization:   Module   Created  Failed
%Used
  5  3   0
0%
  ICAM utilization:   Module   Created  Failed
%Used
  5  0   0
0%
 Flowmasks:   Mask#   TypeFeatures
IPv4: 0   reservednone
IPv4: 1   unused  none
IPv4: 2   unused  none
IPv4: 3   reservednone
IPv6: 0   reservednone
IPv6: 1   unused  none
IPv6: 2   unused  none
IPv6: 3   reservednone
CPU Rate Limiters Resources
 Rate limiters:   Total Used  Reserved
%Used
Layer 3   94 1
44%
Layer 2   42 2
50%
ACL/QoS TCAM Resources
  Key: ACLent - ACL TCAM entries, ACLmsk - ACL TCAM masks, AND - ANDOR,
   QoSent - QoS TCAM entries, QOSmsk - QoS TCAM masks, OR - ORAND,
   Lbl-in - ingress label, Lbl-eg - egress label, LOUsrc - LOU source,
   LOUdst - LOU destination, ADJ - ACL adjacency
  Module ACLent ACLmsk QoSent QoSmsk Lbl-in Lbl-eg LOUsrc LOUdst  AND  OR
ADJ
  5  1% 1% 1% 1% 1% 1% 0% 0%   0%  0%
1%
6500.LAB#
6500.LAB#
6500.LAB#sh tcam counts
   UsedFreePercent Used   Reserved
      
 Labels:(in)  640900
 Labels:(eg)  240940
ACL_TCAM

  Masks: 114085072
Entries: 60   327080   576
QOS_TCAM

  Masks:  74089018
Entries: 32   327360   144
LOU:  0 1280
  ANDOR:  0  160
  ORAND:  0  160
ADJ:  320450
6500.LAB#
Regards,

On Thu, Mar 26, 2009 at 2:28 PM, Peter Rathlev pe...@rathlev.dk wrote:

 On Thu, 2009-03-26 at 10:36 +0530, Swati Sharma wrote:
  Though I have just few routes still I am getting
 
  Mar 26 04:49:06.406 UTC: %MLSCEF-SP-4-FIB_EXCEPTION: FIB TCAM
  exception for IPv4 unicast, Some routes will be software switched.
  Use mls cef maximum-routes to modify FIB TCAM  partition.
 
  6500.LAB#sh mls cef maximum-routes
  FIB TCAM maximum routes :
  ===
  Current :-
  ---
   IPv4 + MPLS - 512k (default)
   IPv6 + IP Multicast - 256k (default)
 ...
  any idea !!!

 What does show tcam counts and show platform hardware capacity pfc
 say?

 Regards,
 Peter



___
cisco-nsp mailing list  cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/

Re: [c-nsp] Free/low-cost traffic generator?

2009-03-26 Thread Inca

Thanks for all of the responses. Some of them like interesting.

Ideally, we would like send out multiple streams of traffic (both
small and large packets) simultaneously through multiple gigabit
interfaces. While QoS testing maybe of interest later on, we more
mainly focus on seeing if some network gears can handle the load.
___
cisco-nsp mailing list  cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/

Re: [c-nsp] mls cef max route

2009-03-26 Thread Swati Sharma

Hi Gert,

6500.LAB#sh mls cef su
6500.LAB#sh mls cef summary
Total routes: 80
IPv4 unicast routes:  43
IPv4 Multicast routes:3
MPLS routes:  32
IPv6 unicast routes:  2
IPv6 multicast routes:0
EoM routes:   0
6500.LAB#
Regards,

On Thu, Mar 26, 2009 at 4:51 PM, Gert Doering g...@greenie.muc.de wrote:

 Hi,

 On Thu, Mar 26, 2009 at 10:36:20AM +0530, Swati Sharma wrote:
  6500.LAB#sh mls cef maximum-routes

 Try: sh mls cef su

 to see what IOS is thinking about TCAM usage.

 gert
 --
 USENET is *not* the non-clickable part of WWW!
   //
 www.muc.de/~gert/
 Gert Doering - Munich, Germany
 g...@greenie.muc.de
 fax: +49-89-35655025
 g...@net.informatik.tu-muenchen.de

___
cisco-nsp mailing list  cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/

Re: [c-nsp] MLPPP

2009-03-26 Thread Buhrmaster, Gary


 Rodney,
 
 With the PA-MC-T3-EC, any idea how much would be offloaded to 
 the PA?  

As always, your mileage will vary, but Cisco has some
examples and estimates available at:

http://www.cisco.com/en/US/prod/collateral/modules/ps2033/prod_white_paper0900aecd8056d3cb.html
 

(Note you need the appropriate IOS level to gain the benefits).
___
cisco-nsp mailing list  cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/

[c-nsp] Stratum 0 PPS Hardware clock compatibility

2009-03-26 Thread Jason Gurtz

I have found a lot of documentation online that states the 7200 is the
only Cisco device that supports a PPS hardware clock via the Aux port.  I
see recommendations for Trimble Acutime 2000 since replaced by mfr. and
other solutions but these documents are a few years old.  Has this feature
been added to other platforms such as the 6500 series?

~JasonG
___
cisco-nsp mailing list  cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/

[c-nsp] spanning-tree bpduguard vs. bpdufilter

2009-03-26 Thread Steven Fischer

When deploying our new network a few months ago, we set up Cisco Works to
manage it.  Cisco Works detected and flagged the lack of the following
commands as configuration errors:

spanning-tree bpduguard enable
spanning-tree bpdufilter enable

Thinking this recommendation came from Cisco Works, it follows that this
would make sense to do, right?  As some more information on the effect of
these commands has come to light, this is really not a good idea.  The
commands almost seem to serve opposite purposes - one shuts the port down if
a bpdu is detected, the other obstensibly ignores bpdus.  Which one of these
commands takes precendence?

From what I understand, spanning-tree portfast will in effect serve the same
purpose as spanning-tree bpdufilter enable IF the port is an active access
port...is that correct?

Thanks

Steve

-- 
To him who is able to keep you from falling and to present you before his
glorious presence without fault and with great joy
___
cisco-nsp mailing list  cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/

Re: [c-nsp] spanning-tree bpduguard vs. bpdufilter

2009-03-26 Thread A . L . M . Buxey

Hi,

 spanning-tree bpduguard enable
 spanning-tree bpdufilter enable
 
 Thinking this recommendation came from Cisco Works, it follows that this
 would make sense to do, right?  As some more information on the effect of
 these commands has come to light, this is really not a good idea.  The
 commands almost seem to serve opposite purposes - one shuts the port down if
 a bpdu is detected, the other obstensibly ignores bpdus.  Which one of these
 commands takes precendence?
 
 From what I understand, spanning-tree portfast will in effect serve the same
 purpose as spanning-tree bpdufilter enable IF the port is an active access
 port...is that correct?

no.  spanning-tree portfast wont listen/discover/span. if you want it do 
do this, you need to have the global spanning-tree command

spanning-tree portfast bpdufilter default

this will filter on portfast (what you alluded to).

however, if you have a switch in portfast mode then it should never receive
a bpdu from that port - if it does then something aint right on the network.
so perhaps it is worth having protection - which is what bpduguard does.

incidentally, it appears that some of this behvaiour changes from IOS to
IOS - we had many links with spanning-tree portfast trunk enabled...
and they got clobbered by bpduguard seeing bpdu coming down those links
from the other end switch - which we knew aboutcaveat empor etc

alan
___
cisco-nsp mailing list  cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/

Re: [c-nsp] BGP session resets if NLRI exchanged

2009-03-26 Thread Paul Cosgrove

Many thanks Harold! that does indeed look like the issue.  We are using 
32byte ASNs, but since the problem was occuring even after we filtered 
that advertisement we had begun looking elsewhere.


Paul.


Harold Ritter (hritter) wrote:

Paul,

You might be running into CSCsl72955. If so, you could try the
workaround suggested by the following link or upgrade the code.

http://tools.cisco.com/Support/BugToolKit/search/getBugDetails.do?method
=fetchBugDetailsbugId=CSCsl72955 


Regards

-Original Message-
From: cisco-nsp-boun...@puck.nether.net
[mailto:cisco-nsp-boun...@puck.nether.net] On Behalf Of Paul Cosgrove
Sent: Wednesday, March 25, 2009 11:55 AM
To: cisco-nsp@puck.nether.net
Subject: [c-nsp] BGP session resets if NLRI exchanged

We are attempting to establish a new BGP session between one of our
CRS-1 routers, and a Redback SE800 router owned by another provider.  Am
not familiar with Redbacks myself and we have not peered with any before
(as far as we know anyway).  The BGP session only remains up if no NLRI
is exchanged.  If the other provider sends any prefixes to us we reply
with a invalid length for attribute notification; if we send any
prefixes to them they reply with  invalid or corrupt AS path. 


The other provider uses VPNv4 within their network, though I understand
that it is not configured on this peering.  I'm wondering whether these
errors could result if their router expects a RD (and sends one) on the
advertisements, perhaps due to a software bug or typo in the config. 


Perhaps someone has seen this problem before?

Paul.





___
cisco-nsp mailing list  cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/

  


___
cisco-nsp mailing list  cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/

[c-nsp] Alun Mcglinchey is out of the office.

2009-03-26 Thread Alun Mcglinchey


I will be out of the office starting  26/03/2009 and will not return until
01/04/2009.

I will respond to your message when I return, if your query is urgent
please contact the IT servicedesk team on 6634 or email Cameron McKinnon
(cmckin...@wiseman-dairies.co.uk)



*
Disclaimer: This electronic mail, together with any attachments, is for the 
exclusive and confidential use of the recipient addressee. Any other 
distribution, use or reproduction without our prior consent is unauthorised and 
strictly prohibited. If you have received this message in error, please delete 
it immediately and contact the sender directly or the Robert Wiseman  Sons Ltd 
IT Helpdesk on +44 (0)1355 270634. Any views or opinions expressed in this 
message are those of the author and do not necessarily represent those of 
Robert Wiseman  Sons Ltd or of any of its associated companies. No reliance 
may be placed on this message without written confirmation from an authorised 
representative of the company.

Robert Wiseman  Sons Limited reserves the right to monitor all e-mail 
communications through its network.

This message has been checked for viruses but the recipient is strongly advised 
to re-scan the message before opening any attachments or attached executable 
files.

ROBERT WISEMAN  SONS LIMITED
Registered Number: 87376 Scotland
Registered Office: 159 Glasgow Road,
East Kilbride, Glasgow, G74 4PA


___
cisco-nsp mailing list  cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/

Re: [c-nsp] spanning-tree bpduguard vs. bpdufilter

2009-03-26 Thread Steven Fischer

On Thu, Mar 26, 2009 at 4:29 PM, a.l.m.bu...@lboro.ac.uk wrote:

 Hi,

  spanning-tree bpduguard enable
  spanning-tree bpdufilter enable
 
  Thinking this recommendation came from Cisco Works, it follows that this
  would make sense to do, right?  As some more information on the effect of
  these commands has come to light, this is really not a good idea.  The
  commands almost seem to serve opposite purposes - one shuts the port down
 if
  a bpdu is detected, the other obstensibly ignores bpdus.  Which one of
 these
  commands takes precendence?
 
  From what I understand, spanning-tree portfast will in effect serve the
 same
  purpose as spanning-tree bpdufilter enable IF the port is an active
 access
  port...is that correct?

 no.  spanning-tree portfast wont listen/discover/span. if you want it do
 do this, you need to have the global spanning-tree command


Right, it goes immediately from not active into forwarding state.



 spanning-tree portfast bpdufilter default

 this will filter on portfast (what you alluded to).


So, I need to add this spanning-tree portfast bpdufilter default if I want
bpdufilter as the default condition of interfaces configured with
portfast...correct?

The question is, if I'm using bpduguard on an interface, is there any
additional protection afforded by bpdufilter?



 however, if you have a switch in portfast mode then it should never receive
 a bpdu from that port - if it does then something aint right on the
 network.
 so perhaps it is worth having protection - which is what bpduguard does.

 incidentally, it appears that some of this behvaiour changes from IOS to
 IOS - we had many links with spanning-tree portfast trunk enabled...
 and they got clobbered by bpduguard seeing bpdu coming down those links
 from the other end switch - which we knew aboutcaveat empor etc

 alan


I prefer the protection of bpduguard over bpdufilter.  Sure, it's more
drastic, but its more idiot proof ...ok...idiot-resistent as well.

Thanks



-- 
To him who is able to keep you from falling and to present you before his
glorious presence without fault and with great joy
___
cisco-nsp mailing list  cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/

Re: [c-nsp] spanning-tree bpduguard vs. bpdufilter

2009-03-26 Thread Bielawa, Daniel W. (NS)

Hello

From experience, I can tell you that the bpdufilter command will 
override the bpduguard command. Bpdufilter effectively turns off spanning tree 
on a port, but portfast keeps spanning tree enabled on a port, With bpdufilter 
enabled there is nothing to protect you from a loop.

Thank You

Daniel Bielawa
Network Engineer
Liberty University Information Services

-Original Message-
From: cisco-nsp-boun...@puck.nether.net 
[mailto:cisco-nsp-boun...@puck.nether.net] On Behalf Of Steven Fischer
Sent: Thursday, March 26, 2009 4:06 PM
To: cisco-nsp@puck.nether.net
Subject: [c-nsp] spanning-tree bpduguard vs. bpdufilter

When deploying our new network a few months ago, we set up Cisco Works to
manage it.  Cisco Works detected and flagged the lack of the following
commands as configuration errors:

spanning-tree bpduguard enable
spanning-tree bpdufilter enable

Thinking this recommendation came from Cisco Works, it follows that this
would make sense to do, right?  As some more information on the effect of
these commands has come to light, this is really not a good idea.  The
commands almost seem to serve opposite purposes - one shuts the port down if
a bpdu is detected, the other obstensibly ignores bpdus.  Which one of these
commands takes precendence?

From what I understand, spanning-tree portfast will in effect serve the same
purpose as spanning-tree bpdufilter enable IF the port is an active access
port...is that correct?

Thanks

Steve

-- 
To him who is able to keep you from falling and to present you before his
glorious presence without fault and with great joy
___
cisco-nsp mailing list  cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/
___
cisco-nsp mailing list  cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/

Re: [c-nsp] Cisco 887 CPE and 890series?!?!?!?!?!

2009-03-26 Thread Brad Henshaw

Skeeve Stevens wrote:

 Seriously This is the biggest tease I've ever had!

Interesting sounding box. Glad to see the lack of those awful shared
console/aux ports.

GigE port to support the high-bandwidth demands of Metro Ethernet
deployments
on a low end software forwarding box, though? That's a bit of a joke
isn't it?
(unless I missed some amazing pps specification in the data sheet)

Regards,
Brad
___
cisco-nsp mailing list  cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/

Re: [c-nsp] Question about CBWFQ and PING times

2009-03-26 Thread Andy Saykao

Hi Peter,

Yes, it's a SPA in the SIP-400 that we add the service-policy to. DTS
and hierarchical qos should be supported as per the data sheet, and I'll
bring it up with our Cisco rep to see what the deal is.

 Consider the bandwidth parameter strictly informational.

How misleading is that then. When you issue the show policy-map
command, it calculates the bandwidth % using what's set with the
bandwidth interface command. I'll make a note to disregard this piece of
cosmetic from cisco when using the show policy-map command.

Just a few things with the show policy-map command. 

1/ There's an offered rate for each class - is this the amount of
bandwidth the router is currently reserving for each class?

POP2#sh policy-map int g4/0/2

 GigabitEthernet4/0/2

  Service-policy output: POP2-POP1-QOS-POLICY

  Counters last updated 00:00:00 ago

Class-map: POP2-POP1-PRIORITY-CLASS (match-all)
  299895137 packets, 119941773853 bytes
  30 second offered rate 1887000 bps, drop rate 0 bps
  Match: access-group name POP2-POP1-PRIORITY-ACL
  Queueing
  queue limit 2500 packets
  (queue depth/total drops/no-buffer drops) 0/0/0
  (pkts output/bytes output) 299892091/119940222481

  bandwidth 5% (1 kbps)

Class-map: class-default (match-any)
  19483508661 packets, 15273909817898 bytes
  30 second offered rate 115958000 bps, drop rate 0 bps
  Match: any

POP2#sh access-lists POP2-POP1-PRIORITY-ACL
Extended IP access list POP2-POP1-PRIORITY-ACL
20 permit ip 210.15.254.0 0.0.0.255 any
30 permit ip 203.10.110.0 0.0.0.255 any
40 permit ip 210.15.210.0 0.0.0.255 any
50 permit ip 203.17.103.0 0.0.0.255 any
60 permit icmp any any

2/ One odd thing I've found is that when I permit additional icmp's to
the ACL, the offered rate rapidly decreases until the offered rate
is ZERO. 

70 permit icmp any any echo-reply
80 permit icmp any any traceroute

POP2#sh policy-map int g4/0/2

 GigabitEthernet4/0/2

  Service-policy output: POP2-POP1-QOS-POLICY

  Counters last updated 00:00:00 ago

Class-map: POP2-POP1-PRIORITY-CLASS (match-all)
  300148641 packets, 120077235727 bytes
  30 second offered rate 0 bps, drop rate 0 bps
  Match: access-group name POP2-POP1-PRIORITY-ACL
  Queueing
  queue limit 2500 packets
  (queue depth/total drops/no-buffer drops) 0/0/0
  (pkts output/bytes output) 300150499/120077414678

  bandwidth 5% (1 kbps)

Class-map: class-default (match-any)
  19493929309 packets, 15281493202187 bytes
  30 second offered rate 0 bps, drop rate 0 bps
  Match: any

The throughput on the interface is still as expected.

POP2#sh int g4/0/2
  30 second input rate 50875000 bits/sec, 18880 packets/sec
  30 second output rate 117992000 bits/sec, 20690 packets/sec

Why does adding the extra icmp lines in the ACL cause the offered rate
to be zero in both classes???

Cheers.

Andy

This email and any files transmitted with it are confidential and intended
 solely for the use of the individual or entity to whom they are addressed. 
Please notify the sender immediately by email if you have received this 
email by mistake and delete this email from your system. Please note that
 any views or opinions presented in this email are solely those of the
 author and do not necessarily represent those of the organisation. 
Finally, the recipient should check this email and any attachments for 
the presence of viruses. The organisation accepts no liability for any 
damage caused by any virus transmitted by this email.

___
cisco-nsp mailing list  cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/

Re: [c-nsp] QoS on Tunnel Interfaces w/ DSL

2009-03-26 Thread Swati Sharma

Hi,

This depends whether you want to do QoS based on tos bit or source /
destination ip... if it is based on tos bit, u do not need to do anything
and if it is based on S/S ip
use QoS-pre classify command..

Regards,





Message: 2
Date: Wed, 25 Mar 2009 08:11:20 -0400
From: Jeff Cartier jcart...@acs.on.ca
Subject: [c-nsp] QoS on Tunnel Interfaces w/ DSL
To: cisco-nsp@puck.nether.net
Message-ID: bcd3e762f1767c42a5226bbacde49bfbce7...@loki.acs.local
Content-Type: text/plain;   charset=us-ascii
Greetings All,

I was wondering if anyone had any examples of how to impose QoS on a
Site that would be doing IPSec VPN tunnels to another site via a
standard DSL feed.

I'm curious to see if best-practice is to place the policy-shaping on
the interface tunnel and/or the Internet interface.

Thanks!
___
cisco-nsp mailing list  cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/

[c-nsp] qos on standard ethernet port for me3750

2009-03-26 Thread Michael Lee

Hello:

 Did anyone have experiences with QoS on ME3750 standard port (not ES port),
it looks like that it does not support CBWFQ,
how about SRR and priority queueing, is priority queue on the first queue?

thx,

~mike
___
cisco-nsp mailing list  cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/

Re: [c-nsp] qos on standard ethernet port for me3750

2009-03-26 Thread Brad Henshaw

Michael Lee wrote: 

 Did anyone have experiences with QoS on ME3750 standard port
 (not ES port), it looks like that it does not support CBWFQ,
 how about SRR and priority queueing, is priority queue on the
 first queue?

Yes it supports SRR (sharing and shaping) and priority queueing.

And yes, the priority queue is queue 1 if enabled on the port
(priority-queue out)

Regards,
Brad
___
cisco-nsp mailing list  cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/

45 matches

Mail list logo