Re: [c-nsp] debug mpls packet
Oliver Boehmer (oboehmer) wrote: Does anyone know what the middle number represents in a debug mpls packet ( eg: {7963 6 254} )? I can't find this information anywhere. 7693 = Label 6 = ??? 254 = I presume is the TTL What does the 6 represent?? it's the EXP value. you're right about the last being the TTL. oli Could it be the 3-bit EXP and 1-bit Bottom of Stack Flag combined? Hmm, why do you think so? Looking at the code, it only prints the 3 exp. bits. Cisco must have combined RFC3032 [2.1. Encoding the Label Stack] into one value. Roy ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] how not to write a release note
Jared, I took a quick look and this has to do with QOS. I have sent an internal query for more info. Will advise. Arie -Original Message- From: cisco-nsp-boun...@puck.nether.net [mailto:cisco-nsp-boun...@puck.nether.net] On Behalf Of Jared Mauch Sent: Tuesday, November 17, 2009 01:11 To: cisco-nsp@puck.nether.net Subject: [c-nsp] how not to write a release note Seems cisco is getting lazy.. SXI3 is out and this has to be one of the worst release notes ever: CSCta14457 - A Cisco device may report alignment errors %ALIGN-3-TRACE error messages accompanied with a traceback may be reported. Does not say anything about what may trigger it, eg: mtu, packet fragmentation, etc.. - Jared -- Jared Mauch | pgp key available via finger from ja...@puck.nether.net clue++; | http://puck.nether.net/~jared/ My statements are only mine. ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/ ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] debug mpls packet
roy wrote: Oliver Boehmer (oboehmer) wrote: Does anyone know what the middle number represents in a debug mpls packet ( eg: {7963 6 254} )? I can't find this information anywhere. 7693 = Label 6 = ??? 254 = I presume is the TTL What does the 6 represent?? it's the EXP value. you're right about the last being the TTL. oli Could it be the 3-bit EXP and 1-bit Bottom of Stack Flag combined? Hmm, why do you think so? Looking at the code, it only prints the 3 exp. bits. Cisco must have combined RFC3032 [2.1. Encoding the Label Stack] into one value. Referring to EXP/CoS + S, that is. Roy ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
[c-nsp] SXI3 / rogue DHCP feature?
Hmm: http://tools.cisco.com/Support/BugToolKit/search/getBugDetails.do?method=fetchBugDetailsbugId=CSCtb87454 Symptom: This bug deals with a feature requested by customer. Customer wants to send DHCPDISCOVER probes on untrusted ports to detect the Rogue DHCP Servers. Yet the release notes list no new features. Shame; it's an interesting-sounding idea! ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] BDF over port-channels?
Hi, On Tue, Nov 17, 2009 at 10:31:00AM +0100, luismi wrote: Did you try it' No. Our most relevant port-channels all are switchport type interfaces, and there is no BFD on SVI :-( But given the 6500/7600 architecture, I would be fairly confident that it works. On the other hand, well, BFD on SVI *did* work in the past... gert -- USENET is *not* the non-clickable part of WWW! //www.muc.de/~gert/ Gert Doering - Munich, Germany g...@greenie.muc.de fax: +49-89-35655025g...@net.informatik.tu-muenchen.de pgp8dzrhPKAop.pgp Description: PGP signature ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] how not to write a release note
I can't believe it, I need to check it. Still not as funny as this one: CSCso05336 Symptoms: A Cisco 1811 router reloads when trying to connect to irc.freenode.net during the first 36 hours following a reload. Conditions: The symptom is observed only in the first 36 hours following a reload. Workaround: Do not connect to irc.freenode.net the first 36 hours following a reload. We really need a wall of shame website where people can submit the true gems. :) ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] BDF over port-channels?
I see a message like BDF not supported over port-channels in my routers. Also sh bfd ... doesn't show anything. El mar, 17-11-2009 a las 10:54 +0100, Gert Doering escribió: Hi, On Tue, Nov 17, 2009 at 10:31:00AM +0100, luismi wrote: Did you try it' No. Our most relevant port-channels all are switchport type interfaces, and there is no BFD on SVI :-( But given the 6500/7600 architecture, I would be fairly confident that it works. On the other hand, well, BFD on SVI *did* work in the past... gert ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] BDF over port-channels?
Hi, On Tue, Nov 17, 2009 at 11:01:48AM +0100, luismi wrote: I see a message like BDF not supported over port-channels in my routers. Which IOS version is that? On what platform? You could be a bit more proactive in your questions... this makes it much easier to give meaningful responses, really... :-) gert -- USENET is *not* the non-clickable part of WWW! //www.muc.de/~gert/ Gert Doering - Munich, Germany g...@greenie.muc.de fax: +49-89-35655025g...@net.informatik.tu-muenchen.de pgpw03egI4LMt.pgp Description: PGP signature ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] SUP2 boot problem
On Mon, 16 Nov 2009, Jared Mauch wrote: Is that the latest rommon for sup2? You may also want to make sure your MFSC2 has the latest rommon as well, (assuming you have a MFSC2 in your sup2, which it would appear is the case). c6msfc2-rm2.srec.122-17r.S5 is that image. I upgraded rommon and it didnt help. I format a new flashcard from the SUP2 as the other cardm but this time it worked much better. Thanks! /Jonas ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] debug mpls packet
Does anyone know what the middle number represents in a debug mpls packet ( eg: {7963 6 254} )? I can't find this information anywhere. 7693 = Label 6 = ??? 254 = I presume is the TTL What does the 6 represent?? it's the EXP value. you're right about the last being the TTL. oli Could it be the 3-bit EXP and 1-bit Bottom of Stack Flag combined? Hmm, why do you think so? Looking at the code, it only prints the 3 exp. bits. Cisco must have combined RFC3032 [2.1. Encoding the Label Stack] into one value. still not sure what you refer to, and why you think the debug discussed shows the 4-bit Exp+S value rather than the 3-bit Exp only? oli ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] BDF over port-channels?
I wrote it in a previous email but here is again :D 7200 npe-g2 and 7600 rsp720-pfc3 I am using 12.2SRC but it is not supported there an I would like to know if it is supported in another train. El mar, 17-11-2009 a las 11:09 +0100, Gert Doering escribió: Hi, On Tue, Nov 17, 2009 at 11:01:48AM +0100, luismi wrote: I see a message like BDF not supported over port-channels in my routers. Which IOS version is that? On what platform? You could be a bit more proactive in your questions... this makes it much easier to give meaningful responses, really... :-) gert ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] FABRIC-3-ERR_HANDLE
Almost all LC's are reporting errors in the column CRC XBAR0. So i think that replacing the CSC0 will be the best to do at the moment. Regards, Antonio Soares, CCIE #18473 (RS) amsoa...@netcabo.pt _ From: e ninja [mailto:eni...@gmail.com] Sent: segunda-feira, 16 de Novembro de 2009 19:07 To: Antonio Soares Cc: cisco-nsp@puck.nether.net; eni...@gmail.com Subject: Re: [c-nsp] FABRIC-3-ERR_HANDLE Antonio, You should never troubleshoot fabric errors with any exec-on commands. They run over the fabric that may or may not be compromised. 1. Are any other LCs apart from slot 6 reporting CRC errors? 2. grab two sh contr fia from the RP and an attach to all the LCs and send over. Eninja On Mon, Nov 16, 2009 at 4:15 AM, Antonio Soares amsoa...@netcabo.pt wrote: Hello group, I have a 12k reporting this: %FABRIC-3-ERR_HANDLE: Reconfigure LC on fabric due to CRC error from slot 6 In one week, i have 4 of these messages. Slot 6 is a SIP-601 containing 2 x SPA-10G. What could be the problem ? The show controllers fia do not show any problem. The execute-on slot 6 show controllers fia show this: Switch cards present: 0x1F Switch cards monitored: 0x1F 0 1 2 3 4 los0 0 0 0 0 state OffOffOffOffOff crc16 53989 0 0 0 0 xor error0 0 0 0 cell drops1020 1020 1020 1020 IOS=c12kprp-p-mz.120-32.SY6.bin Thanks. Regards, Antonio Soares, CCIE #18473 (RS) amsoa...@netcabo.pt ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/ ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] BDF over port-channels?
Hi, On Tue, Nov 17, 2009 at 01:20:58PM +0100, luismi wrote: I wrote it in a previous email but here is again :D 7200 npe-g2 and 7600 rsp720-pfc3 These are very very *VERY* different platforms... I am using 12.2SRC but it is not supported there an I would like to know if it is supported in another train. ... so it might very well be supported on one of them, and not on the other... Just for the record - my assumption was wrong. I just tried to configure BFD on a 6500 with SXF and SXH3a, and neither even permits me to enter the bfd commands on the port-channel interfaces. Physical interfaces only. (Which makes some sort of sense, *iff* the BFD-handling is done in the line card - where it belongs, to be independent of whatever load the main CPU is having. OTOH, I don't think normal 6500 LAN cards are smart enough to run BFD locally. So whatever...) gert -- USENET is *not* the non-clickable part of WWW! //www.muc.de/~gert/ Gert Doering - Munich, Germany g...@greenie.muc.de fax: +49-89-35655025g...@net.informatik.tu-muenchen.de pgpyYxKSxy8Gm.pgp Description: PGP signature ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] FABRIC-3-ERR_HANDLE
Cool. ITMT, you may want to shut down CSC0 with a 'hw-module...' to minimize further impact to the fabric and clear fabric errors on all LCs. A fresh 'sh contr fia' (repeated a few times) thereafter should reveal 0 CRCs. Eninja On Nov 17, 2009, at 1:36 PM, Antonio Soares amsoa...@netcabo.pt wrote: Almost all LC's are reporting errors in the column CRC XBAR0. So i think that replacing the CSC0 will be the best to do at the moment. Regards, Antonio Soares, CCIE #18473 (RS) amsoa...@netcabo.pt From: e ninja [mailto:eni...@gmail.com] Sent: segunda-feira, 16 de Novembro de 2009 19:07 To: Antonio Soares Cc: cisco-nsp@puck.nether.net; eni...@gmail.com Subject: Re: [c-nsp] FABRIC-3-ERR_HANDLE Antonio, You should never troubleshoot fabric errors with any exec-on commands. They run over the fabric that may or may not be compromised. Are any other LCs apart from slot 6 reporting CRC errors? grab two sh contr fia from the RP and an attach to all the LCs and send over. Eninja On Mon, Nov 16, 2009 at 4:15 AM, Antonio Soares amsoa...@netcabo.pt wrote: Hello group, I have a 12k reporting this: %FABRIC-3-ERR_HANDLE: Reconfigure LC on fabric due to CRC error from slot 6 In one week, i have 4 of these messages. Slot 6 is a SIP-601 containing 2 x SPA-10G. What could be the problem ? The show controllers fia do not show any problem. The execute-on slot 6 show controllers fia show this: Switch cards present: 0x1F Switch cards monitored: 0x1F 0 1 2 3 4 los0 0 0 0 0 state OffOffOffOff Off crc16 53989 0 0 0 0 xor error0 0 0 0 cell drops1020 1020 1020 1020 IOS=c12kprp-p-mz.120-32.SY6.bin Thanks. Regards, Antonio Soares, CCIE #18473 (RS) amsoa...@netcabo.pt ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/ ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
[c-nsp] SXI(3) code status?
I have been running the SXI(3) on a test router with 100M MM 6324, which it did not recognize in previous versions, and so far no complaints but then again it's not in a real world yet. Does anyone else have GOOD or BAD new on SXI(3)? Jeff Fitzwater OIT Network Systems Princeton University ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
[c-nsp] Flowcontrol conflict 4506 SupIV / 6509 Sup720
This may end up a TAC case after I gather more information this morning, but thought I'd run this by the list in case it rang any bells (or you had similar configurations)... We had a maintenance window last night to push out some IOS upgrades to our distribution layer, complete with a scheduled reload to try to minimize downtime. Everything went well with one notable exception, a two-port etherchannel trunk between a 4506 and 6509 (that was working just fine beforehand). From the 6509 side (which was the side noting the issue): Nov 16 21:58:08.727 EST: %LINEPROTO-5-UPDOWN: Line protocol on Interface GigabitEthernet1/22, changed state to up Nov 16 21:58:08.727 EST: %LINK-3-UPDOWN: Interface Port-channel8, changed state to up Nov 16 21:58:08.731 EST: %LINEPROTO-5-UPDOWN: Line protocol on Interface Port-channel8, changed state to up Nov 16 21:58:08.743 EST: %LINEPROTO-5-UPDOWN: Line protocol on Interface GigabitEthernet2/43, changed state to up Nov 16 21:58:08.983 EST: %LINK-3-UPDOWN: Interface Vlan224, changed state to down Nov 16 21:58:08.987 EST: %LINEPROTO-5-UPDOWN: Line protocol on Interface Vlan224, changed state to down Nov 16 21:58:09.147 EST: %LINEPROTO-5-UPDOWN: Line protocol on Interface GigabitEthernet1/22, changed state to down Nov 16 21:58:09.175 EST: %LINK-3-UPDOWN: Interface GigabitEthernet1/22, changed state to down Nov 16 21:58:08.650 EST: %EC-SP-5-CANNOT_BUNDLE2: Gi1/22 is not compatible with Gi2/43 and will be suspended (flow control send of Gi1/22 is desired, Gi2/43 is off) Nov 16 21:58:08.658 EST: %LINEPROTO-SP-5-UPDOWN: Line protocol on Interface GigabitEthernet1/22, changed state to down Nov 16 21:58:08.698 EST: %EC-SP-5-COMPATIBLE: Gi1/22 is compatible with port-channel members I've never configured flowcontrol anywhere... and this is the first issue I've seen. The 6509 was untouched, the 4506 was changed/reloaded. The channel did not come up until I did a flowcontrol send off (which now does not appear anywhere in the config, making it even more confusing). 4506 side is the two SupIV supervisor ports. Was running 12.2(50)SG1 and working, rebooted into 12.2(53)SG1. 6509 blade 1 is a 6724-SFP, blade 2 is a 6748-SFP. The 6509 has 13 port-channels configured across these two blades and there have been no issues with any other port-channel. The 6509 has another port-channel to another 4506 configured practically the same (different switchport allowed vlans) and had no issues. Anyone see this before? Any words of wisdom regarding avoiding potential flowcontrol issues? Jeff ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] SXI(3) code status?
SXI2a running fine with MPLS, QoS, SVIs (no BFD on those... :-(), OSPF, BGP. PFC3C-only, no WAN cards/modules, no DFC. Rubens On Tue, Nov 17, 2009 at 12:51 PM, Jeff Fitzwater jf...@princeton.edu wrote: I have been running the SXI(3) on a test router with 100M MM 6324, which it did not recognize in previous versions, and so far no complaints but then again it's not in a real world yet. Does anyone else have GOOD or BAD new on SXI(3)? Jeff Fitzwater OIT Network Systems Princeton University ___ cisco-nsp mailing list cisco-...@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/ ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] SXI(3) code status?
SXI3 has a number of bug fixes for our network, including one that would cause the next-hop to be populated as 'drop' in hardware. I strongly recommend using it over prior versions of SXI. Due to the removal of hardware support we replaced the older 63xx/62xx series cards. - Jared On Nov 17, 2009, at 10:22 AM, Rubens Kuhl wrote: SXI2a running fine with MPLS, QoS, SVIs (no BFD on those... :-(), OSPF, BGP. PFC3C-only, no WAN cards/modules, no DFC. Rubens On Tue, Nov 17, 2009 at 12:51 PM, Jeff Fitzwater jf...@princeton.edu wrote: I have been running the SXI(3) on a test router with 100M MM 6324, which it did not recognize in previous versions, and so far no complaints but then again it's not in a real world yet. Does anyone else have GOOD or BAD new on SXI(3)? Jeff Fitzwater OIT Network Systems Princeton University ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/ ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/ ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
[c-nsp] No SVI throughput/bandwidth counters on Catalyst 4948
I started deploying Catalyst 4948 switches as TOR devices about 3 months ago. The policing and packet-handling have been behaving quite nicely. Physical ports are mapped to SVIs and the SVIs have policers attached. The primary reason for SVIs is to allow a paired 4948 to act as an HSRP partner across a dot1q trunk for the individual interfaces. Up until last night, everything seemed to be working fine. We moved our Checkpoint firewall from behind the core down to behind aggregation (new mantra; no customers attach at the core - everybody is a customer. We had some ad-hoc stuff attached to the core that I'm slowly pruning). From spot-checking, all of the SVIs and physical interfaces report bits/sec and packets/sec properly, other than the new interfaces I lit up for the firewall. Only the physical port interfaces show activity on bits/packets/sec. I am, however, seeing L3 Switched counters. The only differences I can think of are; a) firewall isn't policed, and b) Checkpoint does weird stuff with unicast-IP-on-multicast-MAC for its load-balancing and failover. I added a policer to the firewall interface, and added the magic static arp on (that Checkpoint uses) to an existing interface and the behavior didn't change. Checkpoint interface is weird, others are OK. Any suggestions on what to look for? Thanks, - -- Working: interface GigabitEthernet1/1 switchport access vlan 101 switchport mode access spanning-tree portfast spanning-tree bpduguard enable end #show int g1/1 GigabitEthernet1/1 is up, line protocol is up (connected) 5 minute input rate 215000 bits/sec, 53 packets/sec 5 minute output rate 258000 bits/sec, 47 packets/sec interface Vlan101 description Normal customer ip address x.y.34.226 255.255.255.248 no ip redirects no ip proxy-arp standby 101 ip x.y.34.225 standby 101 timers 5 15 standby 101 priority 110 standby 101 preempt service-policy input BW_12M service-policy output BW_12M end #show int vlan 101 Vlan101 is up, line protocol is up 5 minute input rate 21 bits/sec, 55 packets/sec 5 minute output rate 236000 bits/sec, 46 packets/sec L3 in Switched: ucast: 487633 pkt, 188595448 bytes - mcast: 0 pkt, 0 bytes L3 out Switched: ucast: 439823 pkt, 245564925 bytes - mcast: 0 pkt, 0 bytes -- Weird: interface GigabitEthernet1/46 description Checkpoint Firewall A switchport access vlan 146 switchport mode access spanning-tree portfast end #show int g1/46 GigabitEthernet1/46 is up, line protocol is up (connected) 5 minute input rate 25263000 bits/sec, 3476 packets/sec 5 minute output rate 15737000 bits/sec, 5351 packets/sec interface Vlan146 description Checkpoint Firewall A ip address x.y.1.82 255.255.255.248 no ip redirects no ip proxy-arp standby 146 ip x.y.1.81 standby 146 timers 5 15 standby 146 priority 110 standby 146 preempt end #show int vlan 146 Vlan146 is up, line protocol is up 5 minute input rate 0 bits/sec, 0 packets/sec 5 minute output rate 0 bits/sec, 0 packets/sec L3 in Switched: ucast: 94104774 pkt, 91006951231 bytes - mcast: 0 pkt, 0 bytes L3 out Switched: ucast: 44127262 pkt, 16712790232 bytes - mcast: 0 pkt, 0 bytes ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] BDF over port-channels?
On 2009-11-17 15:12, Gert Doering wrote: (Which makes some sort of sense, *iff* the BFD-handling is done in the line card - where it belongs, to be independent of whatever load the main CPU is having. OTOH, I don't think normal 6500 LAN cards are smart enough to run BFD locally. So whatever...) You're right. The current 6500 LCs don't have capability to run BFD in fully distributed mode. All BFD-bound functionality is job of the active Supervisor. -- Everything will be okay in the end. | Łukasz Bromirski If it's not okay, it's not the end. | http://lukasz.bromirski.net ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] BDF over port-channels?
Hi, On Tue, Nov 17, 2009 at 05:50:33PM +0100, ?ukasz Bromirski wrote: On 2009-11-17 15:12, Gert Doering wrote: (Which makes some sort of sense, *iff* the BFD-handling is done in the line card - where it belongs, to be independent of whatever load the main CPU is having. OTOH, I don't think normal 6500 LAN cards are smart enough to run BFD locally. So whatever...) You're right. The current 6500 LCs don't have capability to run BFD in fully distributed mode. All BFD-bound functionality is job of the active Supervisor. Out of curiosity: since the boot messages suggest that 67xx cards with CFC or DFC run some sort of local IOS - would those be smart enough? What about SIP and ES cards? So many things still to learn about this platform :-) gert -- USENET is *not* the non-clickable part of WWW! //www.muc.de/~gert/ Gert Doering - Munich, Germany g...@greenie.muc.de fax: +49-89-35655025g...@net.informatik.tu-muenchen.de pgpiGei5yp2hS.pgp Description: PGP signature ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] SXI(3) code status?
Jared, After quickly glancing at the release notes, I was unable to find anything about the removal of hardware support for the 63xx series cards. Do you have a URL or can you be more specific? Thanks in advance! Jared Mauch wrote: SXI3 has a number of bug fixes for our network, including one that would cause the next-hop to be populated as 'drop' in hardware. I strongly recommend using it over prior versions of SXI. Due to the removal of hardware support we replaced the older 63xx/62xx series cards. - Jared On Nov 17, 2009, at 10:22 AM, Rubens Kuhl wrote: SXI2a running fine with MPLS, QoS, SVIs (no BFD on those... :-(), OSPF, BGP. PFC3C-only, no WAN cards/modules, no DFC. Rubens On Tue, Nov 17, 2009 at 12:51 PM, Jeff Fitzwater jf...@princeton.edu wrote: I have been running the SXI(3) on a test router with 100M MM 6324, which it did not recognize in previous versions, and so far no complaints but then again it's not in a real world yet. Does anyone else have GOOD or BAD new on SXI(3)? Jeff Fitzwater OIT Network Systems Princeton University ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/ ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/ ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/ ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] BDF over port-channels?
I was just curious, because I would like to deploy BFD but I saw those messages on my routers because the port-channels configurations and I would like to know if it was supported in other train or something similar. El mar, 17-11-2009 a las 15:12 +0100, Gert Doering escribió: Hi, On Tue, Nov 17, 2009 at 01:20:58PM +0100, luismi wrote: I wrote it in a previous email but here is again :D 7200 npe-g2 and 7600 rsp720-pfc3 These are very very *VERY* different platforms... I am using 12.2SRC but it is not supported there an I would like to know if it is supported in another train. ... so it might very well be supported on one of them, and not on the other... Just for the record - my assumption was wrong. I just tried to configure BFD on a 6500 with SXF and SXH3a, and neither even permits me to enter the bfd commands on the port-channel interfaces. Physical interfaces only. (Which makes some sort of sense, *iff* the BFD-handling is done in the line card - where it belongs, to be independent of whatever load the main CPU is having. OTOH, I don't think normal 6500 LAN cards are smart enough to run BFD locally. So whatever...) gert ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] SXI(3) code status?
Release 12.2(33)SXH and later releases do not support the following hardware: These Ethernet Switching Modules: –WS-X6024-10FL-MT 24-port 10BASE-FL MT-RJ –WS-X6248A-TEL 48-port 10/100TX RJ-21 –WS-X6248-RJ-45 48-port 10/100TX RJ-45 –WS-X6248-TEL 48-port 10/100TX RJ-21 –WS-X6324-100FX-SM 24-port 100FX Ethernet –WS-X6224-100FX-MT 24-port 100FX Ethernet Multimode MT-RJ –WS-X6316-GE-TX 16-port Gigabit Ethernet RJ-45 –WS-X6416-GE-MT 16-Port Gigabit Ethernet MT-RJ Now, the caveat is that they did not actually remove the hardware support for some of these until SXI1, so while the release notes say one thing, the actual support varies. You will see something like this in 'show power': 4WS-X6248A-TEL 112.98 2.69 - - onoff (not supported) 8WS-X6248-RJ-45 112.98 2.69 - - onoff (not supported) It does appear the WS-X6324-100FX-MM card does power on for SXI3, but I can't recall if that was the case for SXI2/2a/or 1. - Jared On Nov 17, 2009, at 12:05 PM, Chris Phillips wrote: Jared, After quickly glancing at the release notes, I was unable to find anything about the removal of hardware support for the 63xx series cards. Do you have a URL or can you be more specific? Thanks in advance! Jared Mauch wrote: SXI3 has a number of bug fixes for our network, including one that would cause the next-hop to be populated as 'drop' in hardware. I strongly recommend using it over prior versions of SXI. Due to the removal of hardware support we replaced the older 63xx/62xx series cards. - Jared On Nov 17, 2009, at 10:22 AM, Rubens Kuhl wrote: SXI2a running fine with MPLS, QoS, SVIs (no BFD on those... :-(), OSPF, BGP. PFC3C-only, no WAN cards/modules, no DFC. Rubens On Tue, Nov 17, 2009 at 12:51 PM, Jeff Fitzwater jf...@princeton.edu wrote: I have been running the SXI(3) on a test router with 100M MM 6324, which it did not recognize in previous versions, and so far no complaints but then again it's not in a real world yet. Does anyone else have GOOD or BAD new on SXI(3)? Jeff Fitzwater OIT Network Systems Princeton University ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/ ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/ ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/ ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] BDF over port-channels?
luismi wrote: I wrote it in a previous email but here is again :D 7200 npe-g2 and 7600 rsp720-pfc3 I am using 12.2SRC but it is not supported there an I would like to know if it is supported in another train. 12.2SR is all you can run on the RSP720. SX and SR will both run on the Sup720 but certain LCs are not supported in SR and visa versa. I only run and recommend 12.4T on 7200s so I can't speak to the 12.2 features for that platform. Justin ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
[c-nsp] IOS XR version you use
Hi everyone! I look for a good choice of XR to upgrade to from 3.5. In terms of features there are no mandatory ones that could drive us to do 3.8 instead of 3.6 Does anyone of you use 3.8 in a production environment? Please share any thoughts on this. BR Eduard ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] BDF over port-channels?
According to Cisco: http://www.cisco.com/en/US/docs/ios/iproute/configuration/guide/irp_bfd.html#wp1054055 For the following Cisco IOS Releases, BFD on PortChannel is not a supported configuration: 12.2SXF, 12.2SRC, and 12.2SRB. Also there is CSCek67622: BFD should not be configurable on etherchannel intf Symptoms: The bfd interval command is accepted on EtherChannel and EtherChannel member interfaces. Conditions: This symptom is observed on a Cisco router while BFD is not supported on EtherChannels. Workaround: Do not enter the bfd interval command on EtherChannel and EtherChannel member interfaces. It's still not clear whether it's supported on SRD (and ES cards) or will be supported in the future... -- Tassos luismi wrote on 17/11/2009 14:20: I wrote it in a previous email but here is again :D 7200 npe-g2 and 7600 rsp720-pfc3 I am using 12.2SRC but it is not supported there an I would like to know if it is supported in another train. El mar, 17-11-2009 a las 11:09 +0100, Gert Doering escribió: Hi, On Tue, Nov 17, 2009 at 11:01:48AM +0100, luismi wrote: I see a message like BDF not supported over port-channels in my routers. Which IOS version is that? On what platform? You could be a bit more proactive in your questions... this makes it much easier to give meaningful responses, really... :-) gert ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/ -- Tassos ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
[c-nsp] 7600 ES card and module
Just a quick question or two. Does anybody have good/bad experience with a 7600-ES20-10G3CXL in a 7606 with 720-3bxl? I am looking to terminate a 1310nm or 1550nm 10Ge from another provider. No dense or coarse wave. Also I am trying to figure out if the XFP-10GLR-OC192SR module will work with this. Am I reading this correctly that this module is supported for both POS and regular 10G Ethernet? Thanks, Nick ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
[c-nsp] Portchannel, ttl 1 packets filling input queue.
Hey all, I had been suffering from some input/output queue drops on the Catalyst side of a connection between a [Cat6500 (Sup 720-3BXL) WS-6724-SFP] and a GSR 12810 /w SIP-601 SPA10x1GE-V2. Since this link was tremendously busy I thought perhaps it was simply a matter of micro bursts exceeding the maximum bandwidth of the interface, and instead of upgrading to 10GE for a microburst, I decided to create a port-channel. So I created the port channel using two ports on the 6724-SFP and two ports on the SPA10x1GE-V2. Since the GSR doesn't support anything but etherchannel (for what reason I can't tell you) I used etherchannel. I noticed as soon as this port-channel interface came up that the input queue was immediately getting drops/flushes so I did some: sh buffers input-interface port-channel 1 dump several times in there I saw this: source: x.x.x.x, destination: y.y.y.y, id: 0x, ttl: 1, TOS: 0 prot: 17, source port 32136, destination port 9810 where x.x.x.x is a host on my network and y.y.y.y is a host on the Internet. pretty much every time I ran it I saw several packets like this (all with TTL 1). This continued until I broke the port-channel and put everything back to how it was. I ran that same command: sh buffers input-interface g4/19 1 dump On the physical interface connecting the two (without the port channel) and I didn't get the same results. Does anyone know of any bugs or anything with port-channel, or any caveats that might explain what I am running into? thanks, -Drew ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] FABRIC-3-ERR_HANDLE
So, what is the difference in output from doing exec-on vs attach? You are still connecting via the same method. On Mon, Nov 16, 2009 at 14:07, e ninja eni...@gmail.com wrote: Antonio, You should *never* troubleshoot fabric errors with *any* exec-on commands. They run over the fabric that may or may not be compromised. 1. Are any other LCs apart from slot 6 reporting CRC errors? 2. grab two sh contr fia from the RP and an attach to all the LCs and send over. Eninja On Mon, Nov 16, 2009 at 4:15 AM, Antonio Soares amsoa...@netcabo.pt wrote: Hello group, I have a 12k reporting this: %FABRIC-3-ERR_HANDLE: Reconfigure LC on fabric due to CRC error from slot 6 In one week, i have 4 of these messages. Slot 6 is a SIP-601 containing 2 x SPA-10G. What could be the problem ? The show controllers fia do not show any problem. The execute-on slot 6 show controllers fia show this: Switch cards present: 0x1F Switch cards monitored: 0x1F 0 1 2 3 4 los0 0 0 0 0 state OffOffOffOffOff crc16 53989 0 0 0 0 xor error0 0 0 0 cell drops1020 1020 1020 1020 IOS=c12kprp-p-mz.120-32.SY6.bin Thanks. Regards, Antonio Soares, CCIE #18473 (RS) amsoa...@netcabo.pt ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/ ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/ ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] SXI(3) code status?
The 6324 100 MM is supported but did not come online in SXI 1, 2 , 2A. It did however work in SXI, which we are running now. The other flavors are not supported. Jeff On Nov 17, 2009, at 12:12 PM, Jared Mauch wrote: Release 12.2(33)SXH and later releases do not support the following hardware: These Ethernet Switching Modules: –WS-X6024-10FL-MT 24-port 10BASE-FL MT-RJ –WS-X6248A-TEL 48-port 10/100TX RJ-21 –WS-X6248-RJ-45 48-port 10/100TX RJ-45 –WS-X6248-TEL 48-port 10/100TX RJ-21 –WS-X6324-100FX-SM 24-port 100FX Ethernet –WS-X6224-100FX-MT 24-port 100FX Ethernet Multimode MT-RJ –WS-X6316-GE-TX 16-port Gigabit Ethernet RJ-45 –WS-X6416-GE-MT 16-Port Gigabit Ethernet MT-RJ Now, the caveat is that they did not actually remove the hardware support for some of these until SXI1, so while the release notes say one thing, the actual support varies. You will see something like this in 'show power': 4WS-X6248A-TEL 112.98 2.69 - - onoff (not supported) 8WS-X6248-RJ-45 112.98 2.69 - - onoff (not supported) It does appear the WS-X6324-100FX-MM card does power on for SXI3, but I can't recall if that was the case for SXI2/2a/or 1. - Jared On Nov 17, 2009, at 12:05 PM, Chris Phillips wrote: Jared, After quickly glancing at the release notes, I was unable to find anything about the removal of hardware support for the 63xx series cards. Do you have a URL or can you be more specific? Thanks in advance! Jared Mauch wrote: SXI3 has a number of bug fixes for our network, including one that would cause the next-hop to be populated as 'drop' in hardware. I strongly recommend using it over prior versions of SXI. Due to the removal of hardware support we replaced the older 63xx/62xx series cards. - Jared On Nov 17, 2009, at 10:22 AM, Rubens Kuhl wrote: SXI2a running fine with MPLS, QoS, SVIs (no BFD on those... :-(), OSPF, BGP. PFC3C-only, no WAN cards/modules, no DFC. Rubens On Tue, Nov 17, 2009 at 12:51 PM, Jeff Fitzwater jf...@princeton.edu wrote: I have been running the SXI(3) on a test router with 100M MM 6324, which it did not recognize in previous versions, and so far no complaints but then again it's not in a real world yet. Does anyone else have GOOD or BAD new on SXI(3)? Jeff Fitzwater OIT Network Systems Princeton University ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/ ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/ ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/ ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/ ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
[c-nsp] Cisco 7600 Broadband Licensing
Hi, Does anyone know if licensing is need on Cisco 7600 (and if so do you know the product number) for broadband activation on ES+ cards (not interested in SIP)? Let say that we want to enable subscriber management (PPPoE or IPoE) on ES+ cards, what licenses do we need? I know that bunch of BB licenses exist for ASR1K but could not find anything on 7600. Thanks, Marlon ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] how not to write a release note
Does not say anything about what may trigger it, eg: mtu, packet fragmentation, etc.. Though that one is higher profile, still not as bad as: http://www.cisco.com/en/US/docs/interfaces_modules/services_modules/csm/4.2.x/release/notes/ol_6897.html#wp274407 ...listed as a Limitation and Restriction (as opposed to Open Caveat) with no bug citation. At least there's some good bug release-note authors out there, as evidenced byCSCse14048: Cisco X2-10GB-LR transceiver modules with a version identification number lower than V03 might show intermittent frame check sequence (FCS) errors or be ejected from the switch during periods of operational shock greater than 50g. There is no workaround. (still waiting to be able to recommend that as a possible problem to a c-nsp poster...) ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] BDF over port-channels?
Just out of curiosity, what are the port-channel on the 7200/7600 is used for? Is it a point to point routed port, or with L2 VLANs switched on top of it? Arie -Original Message- From: cisco-nsp-boun...@puck.nether.net [mailto:cisco-nsp-boun...@puck.nether.net] On Behalf Of luismi Sent: Tuesday, November 17, 2009 19:11 To: Gert Doering Cc: cisco-nsp@puck.nether.net Subject: Re: [c-nsp] BDF over port-channels? I was just curious, because I would like to deploy BFD but I saw those messages on my routers because the port-channels configurations and I would like to know if it was supported in other train or something similar. El mar, 17-11-2009 a las 15:12 +0100, Gert Doering escribió: Hi, On Tue, Nov 17, 2009 at 01:20:58PM +0100, luismi wrote: I wrote it in a previous email but here is again :D 7200 npe-g2 and 7600 rsp720-pfc3 These are very very *VERY* different platforms... I am using 12.2SRC but it is not supported there an I would like to know if it is supported in another train. ... so it might very well be supported on one of them, and not on the other... Just for the record - my assumption was wrong. I just tried to configure BFD on a 6500 with SXF and SXH3a, and neither even permits me to enter the bfd commands on the port-channel interfaces. Physical interfaces only. (Which makes some sort of sense, *iff* the BFD-handling is done in the line card - where it belongs, to be independent of whatever load the main CPU is having. OTOH, I don't think normal 6500 LAN cards are smart enough to run BFD locally. So whatever...) gert ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/ ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
[c-nsp] snmpwalk for switch port status
Hi, Can anyone point me in right direction for a perl script that will snmpwalk the MIB for switch port status whether up or down including total number of ports available? I have approximately 400 switches that I would like to query via script and pipe the results to a file for every device. I'm currently querying it manually (see below) which is not scaling :-) $ snmpwalk -c community host_ip interfaces.ifTable.ifEntry.ifOperStatus | grep down Any pointers will be greatly appreciated. regards sky ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] how not to write a release note
Well, as feedback for the issue raised, the bug you flagged is not causing anything other than a traceback message... Arie -Original Message- From: cisco-nsp-boun...@puck.nether.net [mailto:cisco-nsp-boun...@puck.nether.net] On Behalf Of Arie Vayner (avayner) Sent: Tuesday, November 17, 2009 10:11 To: Jared Mauch; cisco-nsp@puck.nether.net Subject: Re: [c-nsp] how not to write a release note Jared, I took a quick look and this has to do with QOS. I have sent an internal query for more info. Will advise. Arie -Original Message- From: cisco-nsp-boun...@puck.nether.net [mailto:cisco-nsp-boun...@puck.nether.net] On Behalf Of Jared Mauch Sent: Tuesday, November 17, 2009 01:11 To: cisco-nsp@puck.nether.net Subject: [c-nsp] how not to write a release note Seems cisco is getting lazy.. SXI3 is out and this has to be one of the worst release notes ever: CSCta14457 - A Cisco device may report alignment errors %ALIGN-3-TRACE error messages accompanied with a traceback may be reported. Does not say anything about what may trigger it, eg: mtu, packet fragmentation, etc.. - Jared -- Jared Mauch | pgp key available via finger from ja...@puck.nether.net clue++; | http://puck.nether.net/~jared/ My statements are only mine. ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/ ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/ ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] BDF over port-channels?
Hi, On Tue, Nov 17, 2009 at 09:53:32PM +0100, Arie Vayner (avayner) wrote: Just out of curiosity, what are the port-channel on the 7200/7600 is used for? Is it a point to point routed port, or with L2 VLANs switched on top of it? Just for the records: on the 6500 with SXF or SXH3a, it wasn't possible to turn on BFD on a routed point-to-point port-channel. Switched + SVI is known to be unsupported and unconfigurable since SXH... gert -- USENET is *not* the non-clickable part of WWW! //www.muc.de/~gert/ Gert Doering - Munich, Germany g...@greenie.muc.de fax: +49-89-35655025g...@net.informatik.tu-muenchen.de pgpc3RPmRexci.pgp Description: PGP signature ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] BDF over port-channels?
we've got some p2p routed ports over here ! interface Port-channel1 description [removed] mtu 4470 ip address 192.168.11.105 255.255.255.252 no negotiation auto snmp trap link-status hold-queue 150 in ! Regards, Ge Moua | Email: moua0...@umn.edu Network Design Engineer University of Minnesota | Networking Telecommunications Services Arie Vayner (avayner) wrote: Just out of curiosity, what are the port-channel on the 7200/7600 is used for? Is it a point to point routed port, or with L2 VLANs switched on top of it? Arie -Original Message- From: cisco-nsp-boun...@puck.nether.net [mailto:cisco-nsp-boun...@puck.nether.net] On Behalf Of luismi Sent: Tuesday, November 17, 2009 19:11 To: Gert Doering Cc: cisco-nsp@puck.nether.net Subject: Re: [c-nsp] BDF over port-channels? I was just curious, because I would like to deploy BFD but I saw those messages on my routers because the port-channels configurations and I would like to know if it was supported in other train or something similar. El mar, 17-11-2009 a las 15:12 +0100, Gert Doering escribió: Hi, On Tue, Nov 17, 2009 at 01:20:58PM +0100, luismi wrote: I wrote it in a previous email but here is again :D 7200 npe-g2 and 7600 rsp720-pfc3 These are very very *VERY* different platforms... I am using 12.2SRC but it is not supported there an I would like to know if it is supported in another train. ... so it might very well be supported on one of them, and not on the other... Just for the record - my assumption was wrong. I just tried to configure BFD on a 6500 with SXF and SXH3a, and neither even permits me to enter the bfd commands on the port-channel interfaces. Physical interfaces only. (Which makes some sort of sense, *iff* the BFD-handling is done in the line card - where it belongs, to be independent of whatever load the main CPU is having. OTOH, I don't think normal 6500 LAN cards are smart enough to run BFD locally. So whatever...) gert ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/ ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/ ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] BDF over port-channels?
BFD over port-channel is supported on SRD1. HTH Abidin On 17 Nov 2009, at 17:35, Tassos Chatzithomaoglou wrote: According to Cisco: http://www.cisco.com/en/US/docs/ios/iproute/configuration/guide/irp_bfd.html#wp1054055 For the following Cisco IOS Releases, BFD on PortChannel is not a supported configuration: 12.2SXF, 12.2SRC, and 12.2SRB. Also there is CSCek67622: BFD should not be configurable on etherchannel intf Symptoms: The bfd interval command is accepted on EtherChannel and EtherChannel member interfaces. Conditions: This symptom is observed on a Cisco router while BFD is not supported on EtherChannels. Workaround: Do not enter the bfd interval command on EtherChannel and EtherChannel member interfaces. It's still not clear whether it's supported on SRD (and ES cards) or will be supported in the future... -- Tassos luismi wrote on 17/11/2009 14:20: I wrote it in a previous email but here is again :D 7200 npe-g2 and 7600 rsp720-pfc3 I am using 12.2SRC but it is not supported there an I would like to know if it is supported in another train. El mar, 17-11-2009 a las 11:09 +0100, Gert Doering escribió: Hi, On Tue, Nov 17, 2009 at 11:01:48AM +0100, luismi wrote: I see a message like BDF not supported over port-channels in my routers. Which IOS version is that? On what platform? You could be a bit more proactive in your questions... this makes it much easier to give meaningful responses, really... :-) gert ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/ -- Tassos ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/ ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] BDF over port-channels?
On 2009-11-17 17:57, Gert Doering wrote: Out of curiosity: since the boot messages suggest that 67xx cards with CFC or DFC run some sort of local IOS - would those be smart enough? No, the 'some sort of IOS' is there to perform only monitoring/ supervising work, not to add some intelligence. Mainly mirroring the SP work, so programming the DFCs, or bridging the requests to PFC on active Sup. What about SIP and ES cards? SIP-200/400 and ES40 may get distributed BFD support in future. AFAIK no current plans for rebuilds of SRC/SRD apart from scalability enhancements in centralized mode, and AFAIK SRE also won't contain any news here, but I may be wrong of course. SRE is still to be delivered. -- Everything will be okay in the end. | Łukasz Bromirski If it's not okay, it's not the end. | http://lukasz.bromirski.net ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] snmpwalk for switch port status
We use switchmap (http://switchmap.sourceforge.net/) it outputs name, description, admin status, oper status, vlan, and mac addresses. It outputs to plain text, as well as HTML. Thank You Daniel Bielawa Network Engineer Liberty University Network Services -Original Message- From: cisco-nsp-boun...@puck.nether.net [mailto:cisco-nsp-boun...@puck.nether.net] On Behalf Of sky vader Sent: Tuesday, November 17, 2009 3:47 PM To: cisco-nsp@puck.nether.net Subject: [c-nsp] snmpwalk for switch port status Hi, Can anyone point me in right direction for a perl script that will snmpwalk the MIB for switch port status whether up or down including total number of ports available? I have approximately 400 switches that I would like to query via script and pipe the results to a file for every device. I'm currently querying it manually (see below) which is not scaling :-) $ snmpwalk -c community host_ip interfaces.ifTable.ifEntry.ifOperStatus | grep down Any pointers will be greatly appreciated. regards sky ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/ ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] how not to write a release note
That is not true. Alignment corrections are very CPU intensive activity that may easily overwhelm a device if it occurs frequently. Thus, per thread, users need to know (via properly written release notes) the causes of software defects so they can take steps to workaround or rectify them. Eninja On Nov 17, 2009, at 9:57 PM, Arie Vayner (avayner) avay...@cisco.com wrote: Well, as feedback for the issue raised, the bug you flagged is not causing anything other than a traceback message... Arie -Original Message- From: cisco-nsp-boun...@puck.nether.net [mailto:cisco-nsp-boun...@puck.nether.net] On Behalf Of Arie Vayner (avayner) Sent: Tuesday, November 17, 2009 10:11 To: Jared Mauch; cisco-nsp@puck.nether.net Subject: Re: [c-nsp] how not to write a release note Jared, I took a quick look and this has to do with QOS. I have sent an internal query for more info. Will advise. Arie -Original Message- From: cisco-nsp-boun...@puck.nether.net [mailto:cisco-nsp-boun...@puck.nether.net] On Behalf Of Jared Mauch Sent: Tuesday, November 17, 2009 01:11 To: cisco-nsp@puck.nether.net Subject: [c-nsp] how not to write a release note Seems cisco is getting lazy.. SXI3 is out and this has to be one of the worst release notes ever: CSCta14457 - A Cisco device may report alignment errors %ALIGN-3-TRACE error messages accompanied with a traceback may be reported. Does not say anything about what may trigger it, eg: mtu, packet fragmentation, etc.. - Jared -- Jared Mauch | pgp key available via finger from ja...@puck.nether.net clue++; | http://puck.nether.net/~jared/ My statements are only mine. ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/ ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/ ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/ ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] snmpwalk for switch port status
Do the relevant scripts with NAGIOS meet your needs? See, for example, check_snmp_int. Frank -Original Message- From: cisco-nsp-boun...@puck.nether.net [mailto:cisco-nsp-boun...@puck.nether.net] On Behalf Of sky vader Sent: Tuesday, November 17, 2009 2:47 PM To: cisco-nsp@puck.nether.net Subject: [c-nsp] snmpwalk for switch port status Hi, Can anyone point me in right direction for a perl script that will snmpwalk the MIB for switch port status whether up or down including total number of ports available? I have approximately 400 switches that I would like to query via script and pipe the results to a file for every device. I'm currently querying it manually (see below) which is not scaling :-) $ snmpwalk -c community host_ip interfaces.ifTable.ifEntry.ifOperStatus | grep down Any pointers will be greatly appreciated. regards sky ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/ ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] debug mpls packet
Oliver Boehmer (oboehmer) wrote: Does anyone know what the middle number represents in a debug mpls packet ( eg: {7963 6 254} )? I can't find this information anywhere. 7693 = Label 6 = ??? 254 = I presume is the TTL What does the 6 represent?? it's the EXP value. you're right about the last being the TTL. oli Could it be the 3-bit EXP and 1-bit Bottom of Stack Flag combined? Hmm, why do you think so? Looking at the code, it only prints the 3 exp. bits. Cisco must have combined RFC3032 [2.1. Encoding the Label Stack] into one value. still not sure what you refer to, and why you think the debug discussed shows the 4-bit Exp+S value rather than the 3-bit Exp only? If I may, MPLS Fundamentals refers to the stack on Fig 2-1 as Label/EXP/BoS/TTL. It then breaks this on Example 3-8 with {label EXP TTL}. All things held constant; label at 20, TTL at 8, then EXP must be 3+1. Roy ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] debug mpls packet
On Tue, Nov 17, 2009 at 8:38 PM, roy bandwidth.u...@gmail.com wrote: Oliver Boehmer (oboehmer) wrote: Does anyone know what the middle number represents in a debug mpls packet ( eg: {7963 6 254} )? I can't find this information anywhere. 7693 = Label 6 = ??? 254 = I presume is the TTL What does the 6 represent?? it's the EXP value. you're right about the last being the TTL. oli Could it be the 3-bit EXP and 1-bit Bottom of Stack Flag combined? Hmm, why do you think so? Looking at the code, it only prints the 3 exp. bits. Cisco must have combined RFC3032 [2.1. Encoding the Label Stack] into one value. still not sure what you refer to, and why you think the debug discussed shows the 4-bit Exp+S value rather than the 3-bit Exp only? If I may, MPLS Fundamentals refers to the stack on Fig 2-1 as Label/EXP/BoS/TTL. It then breaks this on Example 3-8 with {label EXP TTL}. All things held constant; label at 20, TTL at 8, then EXP must be 3+1. Roy ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/ Reading too much into it. It's just not showing the stack bit. The output is for information. You don't need to know the stack bit, its the only label. And if there were more than one, then it would show all labels. ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
[c-nsp] BGP Community Problem (I think)
Hey all, I am confused as to why a BGP feed I take and take with a community and redistribute are some 50k routes different. Details follow: Platform is: SYD-A-BDR-A#sh ver Cisco IOS Software, 7200 Software (C7200-ADVIPSERVICESK9-M), Version 12.4(15)T1, RELEASE SOFTWARE (fc2) Technical Support: http://www.cisco.com/techsupport Copyright (c) 1986-2007 by Cisco Systems, Inc. Compiled Wed 18-Jul-07 13:29 by prod_rel_team ROM: System Bootstrap, Version 12.3(4r)T3, RELEASE SOFTWARE (fc1) BOOTLDR: Cisco IOS Software, 7200 Software (C7200-BOOT-M), Version 12.4(15)T1, RELEASE SOFTWARE (fc2) SYD-A-BDR-A uptime is 1 year, 43 weeks, 4 days, 20 hours, 26 minutes System returned to ROM by Reload Command at 08:32:21 UTC Mon Jan 8 2001 System restarted at 16:49:17 AEST Thu Jan 17 2008 System image file is disk2:c7200-advipservicesk9-mz.124-15.T1.bin - Inbound full route feed 114.x.x.65 4 4xxx 26710538 2546241 13026870900 9w1d 302167 114.x.x.66 4 4xxx 25400126 1834326 13026870910 2w5d 302163 - Tagged with community route-map PRI-IN permit 10 match as-path 50 set weight 80 set community 17xxx:2000 additive ! route-map PRI-IN permit 12 match as-path 52 set weight 90 set community 17xxx:2002 additive ! route-map PRI-IN permit 20 match as-path 2 set weight 80 set community 17xxx:2001 additive - Relevant config ip as-path access-list 2 permit .* ip as-path access-list 50 permit ^4xxx$ ip as-path access-list 52 permit ^4xxx_7xx_1xxx ! ip community-list 200 permit 17xxx:2000 ip community-list 201 permit 17xxx:2001 ip community-list 202 permit 17xxx:2002 - Now, this all seems to work. SYD-A-BDR-A#show ip bgp neighbors 114.x.x.66 received-routes | i Total Total number of prefixes 302163 SYD-A-BDR-A#show ip bgp community-list 201 | redirect tftp://x.x.x.x/dump/20091118.txt [r...@dump]# more 20091118.txt | grep 193.66 | wc -l 301542 [r...@dump]# more 20091118.txt | grep 193.65 | wc -l 301543 Now... there is a small difference which can be attributed to a variety of things... nothing I'm worried about since it is so close (500 routes). Next: route-map BNEA-OUT permit 10 match ip address prefix-list US-SEND-BNE-BLOCKS ! (Just local routes) ! route-map BNEA-OUT permit 20 match community 201 ! route-map BNEA-OUT permit 30 description Community 17xxx:250 mapped to CL 125 ! (Redistributing peering routes) match community 125 ! So.. we're tagging 301k routes inbound and examining the community list seems to be showing that is working fine, and then we are, using Community List 201 - sending that 301k + Local + Peering (7900 routes) to another PoP. But... SYD-A-BDR-A#show ip bgp neighbors 203.x.x.6 advertised-routes | i Total Total number of prefixes 250915 So this is missing about 51k routes + Peering routes of about 8k... but the peering routes seem to be there, so that makes it about 60k transit routes that are missing that are not being sent 'in router' onto the next neighbour. I hope I've included most significant information... if this doesn't make sense, let me know and I will explain in more detail? ...Skeeve -- Skeeve Stevens, CEO/Technical Director eintellego Pty Ltd - The Networking Specialists ske...@eintellego.net / www.eintellego.net Phone: 1300 753 383, Fax: (+612) 8572 9954 Cell +61 (0)414 753 383 / skype://skeeve www.linkedin.com/in/skeeve ; facebook.com/eintellego -- NOC, NOC, who's there? Disclaimer: Limits of Liability and Disclaimer: This message is for the named person's use only. It may contain sensitive and private proprietary or legally privileged information. You must not, directly or indirectly, use, disclose, distribute, print, or copy any part of this message if you are not the intended recipient. eintellego Pty Ltd and each legal entity in the Tefilah Pty Ltd group of companies reserve the right to monitor all e-mail communications through its networks. Any views expressed in this message are those of the individual sender, except where the message states otherwise and the sender is authorised to state them to be the views of any such entity. Any reference to costs, fee quotations, contractual transactions and variations to contract terms is subject to separate confirmation in writing signed by an authorised representative of eintellego. Whilst all efforts are made to safeguard inbound and outbound e-mails, we cannot guarantee that attachments are! virus-free or compatible with your systems and do not accept any liability in respect of viruses or computer problems experienced. ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] BGP Community Problem (I think)
On Tue, Nov 17, 2009 at 9:05 PM, Skeeve Stevens ske...@eintellego.netwrote: Hey all, I am confused as to why a BGP feed I take and take with a community and redistribute are some 50k routes different. Details follow: Platform is: SYD-A-BDR-A#sh ver Cisco IOS Software, 7200 Software (C7200-ADVIPSERVICESK9-M), Version 12.4(15)T1, RELEASE SOFTWARE (fc2) Technical Support: http://www.cisco.com/techsupport Copyright (c) 1986-2007 by Cisco Systems, Inc. Compiled Wed 18-Jul-07 13:29 by prod_rel_team ROM: System Bootstrap, Version 12.3(4r)T3, RELEASE SOFTWARE (fc1) BOOTLDR: Cisco IOS Software, 7200 Software (C7200-BOOT-M), Version 12.4(15)T1, RELEASE SOFTWARE (fc2) SYD-A-BDR-A uptime is 1 year, 43 weeks, 4 days, 20 hours, 26 minutes System returned to ROM by Reload Command at 08:32:21 UTC Mon Jan 8 2001 System restarted at 16:49:17 AEST Thu Jan 17 2008 System image file is disk2:c7200-advipservicesk9-mz.124-15.T1.bin - Inbound full route feed 114.x.x.65 4 4xxx 26710538 2546241 13026870900 9w1d 302167 114.x.x.66 4 4xxx 25400126 1834326 13026870910 2w5d 302163 - Tagged with community route-map PRI-IN permit 10 match as-path 50 set weight 80 set community 17xxx:2000 additive ! route-map PRI-IN permit 12 match as-path 52 set weight 90 set community 17xxx:2002 additive ! route-map PRI-IN permit 20 match as-path 2 set weight 80 set community 17xxx:2001 additive - Relevant config ip as-path access-list 2 permit .* ip as-path access-list 50 permit ^4xxx$ ip as-path access-list 52 permit ^4xxx_7xx_1xxx ! ip community-list 200 permit 17xxx:2000 ip community-list 201 permit 17xxx:2001 ip community-list 202 permit 17xxx:2002 - Now, this all seems to work. SYD-A-BDR-A#show ip bgp neighbors 114.x.x.66 received-routes | i Total Total number of prefixes 302163 SYD-A-BDR-A#show ip bgp community-list 201 | redirect tftp://x.x.x.x/dump/20091118.txt [r...@dump]# more 20091118.txt | grep 193.66 | wc -l 301542 [r...@dump]# more 20091118.txt | grep 193.65 | wc -l 301543 Now... there is a small difference which can be attributed to a variety of things... nothing I'm worried about since it is so close (500 routes). Next: route-map BNEA-OUT permit 10 match ip address prefix-list US-SEND-BNE-BLOCKS ! (Just local routes) ! route-map BNEA-OUT permit 20 match community 201 ! route-map BNEA-OUT permit 30 description Community 17xxx:250 mapped to CL 125 ! (Redistributing peering routes) match community 125 ! So.. we're tagging 301k routes inbound and examining the community list seems to be showing that is working fine, and then we are, using Community List 201 - sending that 301k + Local + Peering (7900 routes) to another PoP. But... SYD-A-BDR-A#show ip bgp neighbors 203.x.x.6 advertised-routes | i Total Total number of prefixes 250915 So this is missing about 51k routes + Peering routes of about 8k... but the peering routes seem to be there, so that makes it about 60k transit routes that are missing that are not being sent 'in router' onto the next neighbour. I hope I've included most significant information... if this doesn't make sense, let me know and I will explain in more detail? ...Skeeve -- Skeeve Stevens, CEO/Technical Director eintellego Pty Ltd - The Networking Specialists ske...@eintellego.net / www.eintellego.net Phone: 1300 753 383, Fax: (+612) 8572 9954 Cell +61 (0)414 753 383 / skype://skeeve www.linkedin.com/in/skeeve ; facebook.com/eintellego -- NOC, NOC, who's there? Disclaimer: Limits of Liability and Disclaimer: This message is for the named person's use only. It may contain sensitive and private proprietary or legally privileged information. You must not, directly or indirectly, use, disclose, distribute, print, or copy any part of this message if you are not the intended recipient. eintellego Pty Ltd and each legal entity in the Tefilah Pty Ltd group of companies reserve the right to monitor all e-mail communications through its networks. Any views expressed in this message are those of the individual sender, except where the message states otherwise and the sender is authorised to state them to be the views of any such entity. Any reference to costs, fee quotations, contractual transactions and variations to contract terms is subject to separate confirmation in writing signed by an authorised representative of eintellego. Whilst all efforts are made to safeguard inbound and outbound e-mails, we cannot guarantee that attachments are! virus-free or compatible with your systems and do not accept any liability in respect of viruses or computer problems experienced. ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/ Not sure off-hand, but
Re: [c-nsp] 3560/3750 policy routing
ML wrote: Metalíza wrote: Peter Rathlev wrote: On Mon, 2009-11-02 at 17:21 -0500, Ryan West wrote: We're using a couple of 3560s for PBR with no problems forwarding 100 Mbps+. There's no CPU load from the forwarding itself. We haven't tried actually pushing it yet but are planning to try sometime soon. The 3560 needs the routing SDM template for this to work; I guess the 3750 also needs this. What IOS version? I definitely had the proper SDM template applied, it won't work otherwise. It has been running IOS 12.2(50)SE1 IP Services all its life (some months). Hi guys, I have a similar problem: We have been using PBR for forwarding through an IP-in-IP tunnel: interface Tunnel0 ip address 192.168.1.2 255.255.255.252 tunnel source 147.32.98.1 tunnel destination 147.32.127.190 tunnel mode ipip ip access-list extended private-2-hill permit ip 10.13.0.0 0.0.255.255 147.32.112.0 0.0.15.255 permit ip 10.13.0.0 0.0.255.255 147.32.30.0 0.0.1.255 permit ip 10.13.0.0 0.0.255.255 147.32.99.0 0.0.0.255 ! route-map private-2-hill permit 10 match ip address private-2-hill set interface Tunnel0 ! interface Vlan201 ip address 10.13.0.1 255.255.0.0 ip policy route-map private-2-hill ! local policy route-map private-2-hill This had been all functional on 3560 with 12.2(44)SE. At first there had been set ip next-hop, but that hadn't worked, so I've switched to set interface. After replacement of IOS to 12.2(52)SE the set interface command was refused after appliance of route map to an SVI. But local PBR still worked. So I've changed to set ip next-hop (which has been accepted by IOS) but with no effect in forwarding (but the local PBR still have worked - because of the SW-based traffic?). After some debugging I've realized that there is broken PBR in the 12.2(52)SE for the 3560. Or am I wrong and have missed something? I had the same problem on an ME3400. I could not use the remote end of a GRE tunnel for PBR. Finally I have solved it! It's simple:-) set ip next-hop 192.168.1.1 192.168.1.2 More generallly: set ip next-hop remote end-point local end-point -- --- Metaliza @ NitHiA icq #: 63193671 skype: metaliza001 ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] debug mpls packet
Hobbs wrote: On Tue, Nov 17, 2009 at 8:38 PM, roy bandwidth.u...@gmail.com mailto:bandwidth.u...@gmail.com wrote: Oliver Boehmer (oboehmer) wrote: Does anyone know what the middle number represents in a debug mpls packet ( eg: {7963 6 254} )? I can't find this information anywhere. 7693 = Label 6 = ??? 254 = I presume is the TTL What does the 6 represent?? it's the EXP value. you're right about the last being the TTL. oli Could it be the 3-bit EXP and 1-bit Bottom of Stack Flag combined? Hmm, why do you think so? Looking at the code, it only prints the 3 exp. bits. Cisco must have combined RFC3032 [2.1. Encoding the Label Stack] into one value. still not sure what you refer to, and why you think the debug discussed shows the 4-bit Exp+S value rather than the 3-bit Exp only? If I may, MPLS Fundamentals refers to the stack on Fig 2-1 as Label/EXP/BoS/TTL. It then breaks this on Example 3-8 with {label EXP TTL}. All things held constant; label at 20, TTL at 8, then EXP must be 3+1. Roy ___ cisco-nsp mailing list cisco-nsp@puck.nether.net mailto:cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/ Reading too much into it. It's just not showing the stack bit. The output is for information. You don't need to know the stack bit, its the only label. And if there were more than one, then it would show all labels. Right on, too much reading. I didn't take the text as it is. Oli was on spot. Cheers! Roy ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] BGP Community Problem (I think)
But, the router isn't even sending them to the next router... between tagging them and re-sending them, they just aren't there so I would assume the neighbour they are being sent to is nothing to do with it? ...Skeeve -- Skeeve Stevens, CEO/Technical Director eintellego Pty Ltd - The Networking Specialists ske...@eintellego.net / www.eintellego.net Phone: 1300 753 383, Fax: (+612) 8572 9954 Cell +61 (0)414 753 383 / skype://skeeve www.linkedin.com/in/skeeve ; facebook.com/eintellego -- NOC, NOC, who's there? Not sure off-hand, but you can do show ip bgp neighbor and far down in the output you will see a section showing stats about why prefixes were dropped (route-map, dist-list, etc). What does it say? ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/ ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] BGP Community Problem (I think)
As Hobbs mentioned do a sh ip bgp neighbor your bgp peer and look for the prefix activity part which will tell you about prefixes that didn't get sent to that peer for various reasons. Have you looked at the communities attached to the prefixes you have learnt from your other peer that you aren't advertising?, do they have either no-advertise/no-export/local-as etc. on them? is the peer your receiving the feed from iBGP or eBGP? and is the peer your sending them to iBGP or eBGP? On Wed, Nov 18, 2009 at 5:40 PM, Skeeve Stevens ske...@eintellego.netwrote: But, the router isn't even sending them to the next router... between tagging them and re-sending them, they just aren't there so I would assume the neighbour they are being sent to is nothing to do with it? ...Skeeve -- Skeeve Stevens, CEO/Technical Director eintellego Pty Ltd - The Networking Specialists ske...@eintellego.net / www.eintellego.net Phone: 1300 753 383, Fax: (+612) 8572 9954 Cell +61 (0)414 753 383 / skype://skeeve www.linkedin.com/in/skeeve ; facebook.com/eintellego -- NOC, NOC, who's there? Not sure off-hand, but you can do show ip bgp neighbor and far down in the output you will see a section showing stats about why prefixes were dropped (route-map, dist-list, etc). What does it say? ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/ ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/ ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
[c-nsp] IP Traffic Types/Applications Supported by Cisco NAT?
Hey All, Is there any work around to get SNMP over 1-to-1 NAT on Cisco? I found an old overview from CCIE Routing TCP/IP, Volume II 2002, does anyone know where i could find an updated revision? Traffic Types/Applications Supported Any TCP/UDP traffic that does not carry source and/or destination IP addresses in the application data stream HTTP TFTP Telnet archie finger NTP NFS rlogin, rsh, rcp Traffic Types/Applications Supported with IP Addresses in Their Data Stream ICMP FTP (including PORT and PASV) NetBIOS over TCP/IP (datagram, name, and session services) Progressive Networks' RealAudio White Pines' CuSeeMe Xing Technologies' StreamWorks DNS A and PTR queries and responses H.323/NetMeeting [12.0(1)/12.0(1)T and later] VDOLive [11.3(4)/11.3(4)T and later] Vxtreme [11.3(4)/11.3(4)T and later] IP Multicast [12.0(1)T] (source address translation only) Traffic Types/Applications Not Supported Routing table updates DNS zone transfers BOOTP talk, ntalk SNMP NetShow Med venlig hilsen / Best Regards Ulrich Vestergaard B. Hansen Network Engineer / Siemens ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] BDF over port-channels?
Hi, On Tue, Nov 17, 2009 at 03:16:50PM -0600, Ge Moua wrote: we've got some p2p routed ports over here ! interface Port-channel1 description [removed] mtu 4470 ip address 192.168.11.105 255.255.255.252 no negotiation auto snmp trap link-status hold-queue 150 in ! ... and where's the BFD? gert -- USENET is *not* the non-clickable part of WWW! //www.muc.de/~gert/ Gert Doering - Munich, Germany g...@greenie.muc.de fax: +49-89-35655025g...@net.informatik.tu-muenchen.de pgp6O0WFe3ZVG.pgp Description: PGP signature ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/