Re: [c-nsp] [SUMMARY]: 4900M vs. 4503 for core
We've been down this road before when searching for a 1U Ethernet switch that provides decent fibre-only port density. Extreme X650? The new X480 series also looks interesting. Steinar Haug, Nethelp consulting, sth...@nethelp.no ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
[c-nsp] Network Management solution for Large Cisco deployement
Hi all, We are moving forward at a very high pace at the moment. We currently maintain a multi-vendor environment with approx. 9000 switches, routers and firewalls. Over the next few years that number is expected to grow by another 3000-5000 devices. We have multiple NMS systems running today, but as we regionalizes we want to keep track of everything in one preferely NMS. CiscoWorks LMS has a limit of 10.000 devices (and it's only for Cisco ofc.) so i'm not sure this is the right solution for us. New devices deployed will be Cisco only. What are my alternatives in terms of large scale management and deployment (Up to 50.000+ devices) ? Thanks. // Ulrich ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] Network Management solution for Large Cisco deployement
On Jan 29, 2010, at 6:48 PM, Nils Kolstein wrote: Closed source: HP OpenView, IBM Tivoli. I believe Cisco also OEM NetCool. --- Roland Dobbins rdobb...@arbor.net // http://www.arbornetworks.com Injustice is relatively easy to bear; what stings is justice. -- H.L. Mencken ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] Network Management solution for Large Cisco deployement
On 29.01.2010 12:48, Nils Kolstein wrote: Open source? Closed source? Open Source gives several platforms like Nagios (also does service management but also element management). OpenNMS is also a good option. Closed source: HP OpenView, IBM Tivoli. Comes with a price tag of course. Remeber that most platforms need to be tweaked and tuned to get the best results. Also consider having your CMDB up to date and stuff like that. As we have rolled out OpenNMS at several customer sites (apart from our own network; site sizes range from a couple of dozens of devices up to something like 15000 systems with lots of room for growth) and previously were using Nagios, I very much doubt you'd be able to run Nagios on a network with 5 systems in it ... unless you start stacking up multiple servers to work in parallel ... There are OpenNMS-based installations out there with at least 48000 systems, running smoothly with detailed overview over the connected devices ... YMMV of course, but I believe OpenNMS is your best shot here ... License and support cost for OV will cost you more than an arm and a leg for such a large scenario, and Tivoli might not cover your requirements (apart from the cost performance). Both the latter we have replaced with OpenNMS in two customer installations ... and they are very glad they threw them out :) When we found that Nagios was unable to cope with our (and customer) requirements, we did an internal review of multiple FOSS systems - of those, only few were able to cope with anything larger than 1 systems, and most lacked important features we had on our must-have-list ... -garry ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] [SUMMARY]: 4900M vs. 4503 for core
The 4900m is a robust switch with plenty of BW on the fabric. Port density is not plentiful but...Using the twinG is a choice - just check on the limitation of use not only with using them on the onboard X2 slots, but also ASIC restrictions. I know that the SUP6E (the 4900m SUP?) uses stub asics to the fabric and has limitations for combining 1G and 10G on the same asic. The Juniper and HP boxes that others have suggested are good boxes too. It appears you have some time to investigate many solutions. The shortage of the 4900 and other such products are derived as a result of limited component production from Cisco's manufacturing plants (overseas). But the suggestion that Cisco is pushing other products (Nexus) is plausible. -nuff said. -kevin. -Original Message- From: cisco-nsp-boun...@puck.nether.net [mailto:cisco-nsp-boun...@puck.nether.net] On Behalf Of Jason Gurtz Sent: Thursday, January 28, 2010 15:34 To: cisco-nsp@puck.nether.net Subject: [c-nsp] [SUMMARY]: 4900M vs. 4503 for core Is there anything glaringly wrong with choosing the 4900M using twin-gig based connections to the access layer over the 4503 Sup6 and 46xx line cards in our situation? Thanks all for the replies! A person also responded privately with the opinion that most people want Netflow down the road. Unfortunately, since Netflow has been removed from the 45xx with the Sup6 it would require 65xx at $$++. Squarely in the want vs. need bucket for us Unfortunately, I left out that that most of the gig uplink connections are fiber so a 3560G doesn't have enough SFP ports. I did find the WS-C3750G-12S-E which looks like the good low-cost option. On the minuses side, it's a softswitch, and no 10G uplinks for linking in the server access switches. The main downside here is advocating for their replacement and purchasing strategies around here. eBay, used equip., etc... are pretty much verboten. Basically, if we buy these now, they'll be here in 5 years and forklifting the network core could be painful. Point well taken on the stacking related maintenance downtime issue. We plan on doing pure routing and GLBP so thankfully this wouldn't affect us. This issue will bite us with the server access layer. :( I'll join the many who want this problem to go away. The availability issues with 45xx and 49xx shouldn't be a problem as 4507's are being spec'ed for some access switches and we have until summertime to do this. It's interesting though, makes me wonder if it's just really high demand, or C pushing other platforms. I discovered the 4928-10G, but the 4900M config comes in cheaper, apparently due to only needing one 8 port card. I'm assuming the 2:1 oversubscription is not an issue when running these 10G ports at 1G. Only thing is 2000W of power supply vs. 600W. It does seem silly to do the twingig thing; if only there was a 20-port sfp halfcard! Thanks again, ~JasonG ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/ This e-mail, including any attachments and response string, may contain proprietary information which is confidential and may be legally privileged. It is for the intended recipient only. If you are not the intended recipient or transmission error has misdirected this e-mail, please notify the author by return e-mail and delete this message and any attachment immediately. If you are not the intended recipient you must not use, disclose, distribute, forward, copy, print or rely on this e-mail in any way except as permitted by the author. ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
[c-nsp] Memory Status in GSR
Dear Everyone, Kindly check the below Memory status on my GSR and suggest me what need to be done or everything looks okay. ~~ GW-04-KLS-AIMS-MY#show memory free Head Total(b)Used(b) Free(b) Lowest(b)Largest(b) Processor 5697F3A0 426249312 3431819888306732480783476 44276424 Fast 5695F3A0 131072 130712 360 360 316 ~~ Thanks and Regards Bharath K ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] Memory Status in GSR
As far as I understand the more important statistic is 'show ip cef resources'. thanks, -Drew -Original Message- From: cisco-nsp-boun...@puck.nether.net [mailto:cisco-nsp-boun...@puck.nether.net] On Behalf Of bharath kondi Sent: Friday, January 29, 2010 8:18 AM To: cisco-nsp@puck.nether.net Subject: [c-nsp] Memory Status in GSR Dear Everyone, Kindly check the below Memory status on my GSR and suggest me what need to be done or everything looks okay. ~~ GW-04-KLS-AIMS-MY#show memory free Head Total(b)Used(b) Free(b) Lowest(b)Largest(b) Processor 5697F3A0 426249312 3431819888306732480783476 44276424 Fast 5695F3A0 131072 130712 360 360 316 ~~ Thanks and Regards Bharath K ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/ ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] Memory Status in GSR
Dear Drew, I cannot see any thing from that command. Kindly check the below finding from our GSR. ~~~ GW-04-KLS-AIMS-MY#show ip cef resource ? | Output modifiers cr GW-04-KLS-AIMS-MY#show ip cef resource GW-04-KLS-AIMS-MY# ~~ Thanks Bharath On Fri, Jan 29, 2010 at 11:01 PM, Drew Weaver drew.wea...@thenap.comwrote: As far as I understand the more important statistic is 'show ip cef resources'. thanks, -Drew -Original Message- From: cisco-nsp-boun...@puck.nether.net [mailto: cisco-nsp-boun...@puck.nether.net] On Behalf Of bharath kondi Sent: Friday, January 29, 2010 8:18 AM To: cisco-nsp@puck.nether.net Subject: [c-nsp] Memory Status in GSR Dear Everyone, Kindly check the below Memory status on my GSR and suggest me what need to be done or everything looks okay. ~~ GW-04-KLS-AIMS-MY#show memory free Head Total(b)Used(b) Free(b) Lowest(b)Largest(b) Processor 5697F3A0 426249312 3431819888306732480783476 44276424 Fast 5695F3A0 131072 130712 360 360 316 ~~ Thanks and Regards Bharath K ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/ -- (¨`·.·´¨) With `·.¸(¨`·.·´¨) Lots of --- (¨`·.·´(¨`·.·´¨)¸.·´ Love Luck... `·.¸.·´ ♥ ηẩภî... ჱܓ ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
[c-nsp] IPV6 again
OK so looking at/listening to various recommendations, when allocating IPV6 addresses, stateless auto-configuration with DHCPv6 used to dish out the DNS servers and domain looks the most appealing. Since the IOS version we are using on our 6500s doesn't support IPV6 DHCP relaying (12.2(18)SXF13) I tried to set up a test using the 6500 itself to serve the DNS and domain information but I cannot get it to work. When I use the following configuration the clients are configured with appropriate v6 IPs and can get out into the IPV6 Internet, but no DNS or domain information is received. Turning on debug ipv6 DHCP yields no entries in the log at all for either an iMac or an XP laptop: am I missing some configuration? interface Vlan798 ipv6 address X/64 ipv6 enable ipv6 nd other-config-flag ipv6 dhcp server test end ! ! ipv6 dhcp pool test dns-server Y domain-name Z ! Thanks, Michael -- ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
[c-nsp] Card Throughput - 6148A-GE-TX
Hi there. We are aware of what the entire card is capable of (2 Gb/s), but is there any way to see how much is being utilized from within IOS itself? We can start counting up all the ports but is there an easier way? ;) Relating to this, is the card limited to 2Gb/s total or 1Gb/s per half? We have a situation with a couple of these cards where they are pushing the potential limits and we want to make sure.. Cheers, Paul ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] IPV6 again
So XP doesn't support IPv6 DHCP, nor do they support IPv6 DNS. Not sure about the macintosh. -- http://dcp.dcptech.com -Original Message- From: cisco-nsp-boun...@puck.nether.net [mailto:cisco-nsp- boun...@puck.nether.net] On Behalf Of Michael Robson Sent: Friday, January 29, 2010 11:33 AM To: cisco-nsp@puck.nether.net Subject: [c-nsp] IPV6 again OK so looking at/listening to various recommendations, when allocating IPV6 addresses, stateless auto-configuration with DHCPv6 used to dish out the DNS servers and domain looks the most appealing. Since the IOS version we are using on our 6500s doesn't support IPV6 DHCP relaying (12.2(18)SXF13) I tried to set up a test using the 6500 itself to serve the DNS and domain information but I cannot get it to work. When I use the following configuration the clients are configured with appropriate v6 IPs and can get out into the IPV6 Internet, but no DNS or domain information is received. Turning on debug ipv6 DHCP yields no entries in the log at all for either an iMac or an XP laptop: am I missing some configuration? interface Vlan798 ipv6 address X/64 ipv6 enable ipv6 nd other-config-flag ipv6 dhcp server test end ! ! ipv6 dhcp pool test dns-server Y domain-name Z ! Thanks, Michael -- ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/ ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
[c-nsp] 10GE WAN options for 7606 for market data / micro-bursting
We are planning on moving a large portion of our data center to a colo facility at an financial exchange. We will be using redundant 10-GE connections from our existing pair of 7604 to a new pair of 7606 with Sup720-3B. We won't be doing MPLS/VPN, etc... Just normal L3 routing including PIM sparse mode multicast. Since a significant amount of the traffic will be market data, the line rate will be very bursty including micro-bursts. We will be setting up a series of LLQ queues with Modular QoS CLI and are interested in H-QOS, so I have some questions regarding which 10GB interface. The choices are: 1) WS-X6704-10GE. The standard linecard. TX queue of 1p7q8t. 16MB per port buffer 2) 7600-ES20-10G3C. TX queue ??? (configurable ???), buffer size ??? 3) 7600-SIP-600 with SPA-10X1GE. TX queue ???, buffer size ??? The SIP and ES20 may be overkill, maybe not. We aren't doing MPLS or VRF, or QinQ or any other tunneling, but we need the most flexible, best 10GB WAN interface that can help us deal with bursting/QOS. Any experiences, suggestions, warnings...? Matthew Huff | One Manhattanville Rd OTA Management LLC | Purchase, NY 10577 http://www.ox.com | Phone: 914-460-4039 aim: matthewbhuff | Fax: 914-460-4139 ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] Memory Status in GSR
bharath kondi wrote: Dear Everyone, Kindly check the below Memory status on my GSR and suggest me what need to be done or everything looks okay. ~~ GW-04-KLS-AIMS-MY#show memory free Head Total(b)Used(b) Free(b) Lowest(b) Processor 5697F3A0 426249312 3431819888306732480783476 Your RP seems to be OK. I have less free memory on the one GSR I just spot-checked. I'd also recommend doing 'exec all sh mem summ | i ^Proc' to check all linecards. I came up with the following: core1-dlls#exec all sh mem summ | i ^Proc = Line Card (Slot 0) = Processor 44645E60 996909472 149267456 847642016 847640576 846752284 = Line Card (Slot 1) = Processor 44645E60 996909472 149270208 847639264 847636520 846993916 = Line Card (Slot 4) = Processor 44645E60 194748832 1097555408499329284993292 84019676 = Line Card (Slot 6) = Processor 44645E60 194748832 1095506568519817685181976 84362364 = Line Card (Slot 9) = Processor 44645E60 460038560 171487896 288550664 288550664 287672988 = Line Card (Slot 11) = Processor 44645E60 194748832 1206403687410846474102216 73371388 = Line Card (Slot 12) = Processor 44645E60 194748832 1206482847410054874100548 73281468 = Line Card (Slot 15) = Processor 44645E60 194748832 1104650168428381684282672 83334076 core1-dlls#sh diag | i Eng L3 Engine: 3 - ISE OC48 (2.5 Gbps) L3 Engine: 3 - ISE OC48 (2.5 Gbps) L3 Engine: 0 - OC12 (622 Mbps) L3 Engine: 0 - OC12 (622 Mbps) L3 Engine: 3 - ISE OC48 (2.5 Gbps) L3 Engine: 2 - Backbone OC48 (2.5 Gbps) L3 Engine: 2 - Backbone OC48 (2.5 Gbps) L3 Engine: 1 - Standard OC48 (2.5 Gbps) core1-dlls# My Engine 2 cards are the most likely to run out, though they're doing OK for now. The Engine 1/0 cards are next likely to have issues; the Engine 3 cards seem to be fine. pt ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] IPV6 again
Last I looked, DHCPv6 isn't implemented on Windows XP, Vista, or Server2003, nor on Mac OSX up to 10.6. Don't know about Win7, but the Server2008 DHCP server DOES include IPv6, so it may be there. I have used an open-source client called Dibbler for Windows boxes - works well. They have installable binaries for WindowsXP,Vista,2k3, Windows NT,2k, and Linux, with the source available as well. http://klub.com.pl/dhcpv6/ On the Mac, I don't know. If you have the Developers Kit installed, you might be able to build dhcp6c or Dibbler from source (I haven't tried it). Hope that helps. Brian Fitzgerald Sr. Network Security Admin. ITS, Camosun College, Victoria, BC. Phone: 250-370-3076 Fax: 250-370-3966 Email: fitzgeraldb (at) camosun.bc.ca On 10-01-29 9:07 AM, David Prall d...@dcptech.com wrote: So XP doesn't support IPv6 DHCP, nor do they support IPv6 DNS. Not sure about the macintosh. -- http://dcp.dcptech.com -Original Message- From: cisco-nsp-boun...@puck.nether.net [mailto:cisco-nsp- boun...@puck.nether.net] On Behalf Of Michael Robson Sent: Friday, January 29, 2010 11:33 AM To: cisco-nsp@puck.nether.net Subject: [c-nsp] IPV6 again OK so looking at/listening to various recommendations, when allocating IPV6 addresses, stateless auto-configuration with DHCPv6 used to dish out the DNS servers and domain looks the most appealing. Since the IOS version we are using on our 6500s doesn't support IPV6 DHCP relaying (12.2(18)SXF13) I tried to set up a test using the 6500 itself to serve the DNS and domain information but I cannot get it to work. When I use the following configuration the clients are configured with appropriate v6 IPs and can get out into the IPV6 Internet, but no DNS or domain information is received. Turning on debug ipv6 DHCP yields no entries in the log at all for either an iMac or an XP laptop: am I missing some configuration? interface Vlan798 ipv6 address X/64 ipv6 enable ipv6 nd other-config-flag ipv6 dhcp server test end ! ! ipv6 dhcp pool test dns-server Y domain-name Z ! Thanks, Michael -- ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/ ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/ ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] IPV6 again
Hi, OK so looking at/listening to various recommendations, when allocating IPV6 addresses, stateless auto-configuration with DHCPv6 used to dish out the DNS servers and domain looks the most appealing. Since the IOS version we are using on our 6500s doesn't support IPV6 DHCP relaying (12.2(18)SXF13) I tried to set up a test using the 6500 itself to serve the DNS and domain information but I cannot get it to work. When I use the following configuration the clients are configured with appropriate v6 IPs and can get out into the IPV6 Internet, but no DNS or domain information is received. Turning on debug ipv6 DHCP yields no entries in the log at all for either an iMac or an XP laptop: am I missing some configuration? DHCPv6 and stateless configuration are pretty much still very messy right now. yes, DHCPv6 would be a direct replacement for clients on the v6 landscape but not many clients support it worse, stateless configuration, whilst in a way elegant, hardly anything gets handed over to iteg DNS or NTP information . theres also no way to hand over any encrpytion or seed things eg for SeND - we've been in chats with people about getting some nice extensions into the stateless RFC - it'd be good/useful to have these things sorted. ..now...what are those IPv6 youtube addresses, I've got an hour to burn ;-) alan ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] 10GE WAN options for 7606 for market data / micro-bursting
On Fri, 29 Jan 2010, Matthew Huff wrote: 1) WS-X6704-10GE. The standard linecard. TX queue of 1p7q8t. 16MB per port buffer If it's bursty you may want to consider 6708 instead. It has bigger buffers. - typedef struct me_s { char name[] = { Thomas Habets }; char email[] = { tho...@habets.pp.se }; char kernel[]= { Linux }; char *pgpKey[] = { http://www.habets.pp.se/pubkey.txt; }; char pgp[] = { A8A3 D1DD 4AE0 8467 7FDE 0945 286A E90A AD48 E854 }; char coolcmd[] = { echo '. ./_. ./_'_;. ./_ }; } me_t; ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] Nexus 2000 vs Catalyst 4948 for access layer
wrt NX-OS vs. IOS, they are two different systems. NX-OS is very young in its development cycle; IOS is much more mature and has many more features. Nick I'm curious why you suggest that the NX-OS is very young. My understanding (I'm not a SAN guy) is that the NX-OS is just a move of bringing the MDS OS into a routing/switching combination with IOS. I had the recent experience of a Nexus CPOC down in RTP. Going into it I was apprehensive about learning a new OS. But through the CPOC I learned that it's not that much different from IOS. Seemed like they did a decent job of importing/aliasing the IOS related commands. I didn't feel as lost within the CLI as I had expected. -chris ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] Network Management solution for Large Cisco deployement
Hi all, We are moving forward at a very high pace at the moment. We currently maintain a multi-vendor environment with approx. 9000 switches, routers and firewalls. Over the next few years that number is expected to grow by another 3000-5000 devices. We have multiple NMS systems running today, but as we regionalizes we want to keep track of everything in one preferely NMS. CiscoWorks LMS has a limit of 10.000 devices (and it's only for Cisco ofc.) so i'm not sure this is the right solution for us. New devices deployed will be Cisco only. What are my alternatives in terms of large scale management and deployment (Up to 50.000+ devices) ? Thanks. // Ulrich If you aren't looking for an Open solution: Having worked with HP Openview, IBM Tivoli (ITNM), CA Spectrum and EMC SMARTS; I highly recommend SMARTS. During our bake-offs and side-by-side live trials SMARTS consistently showed a real ability to provide root cause analysis for fault management. In one shop we had an architecture of SMARTS servers that supported over 20,000 network devices. And being able to interact with and program into a common information database, we were able to tweak for all of our additional requirements. The one common trap enterprises fall into is the idea that one tool can provide all the fault management and performance management for each piece of the infrastructure (network, servers, storage). Regardless of vendor hype, there isn't one tool to rule them all. Regardless of what you choose, expect to have trained staff to make adjustments as needed. A robust NMS system should be considered part of the network eco system and as such also needs a percentage of the care and feeding that you apply to your routing and switching environments. -chris ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] IPV6 again
On Fri, 29 Jan 2010, Brian Fitzgerald wrote: Last I looked, DHCPv6 isn't implemented on Windows XP, Vista, or Server2003, nor on Mac OSX up to 10.6. Don't know about Win7, but the Server2008 DHCP server DOES include IPv6, so it may be there. Both Vista and Win7 can live in a purely native ipv6 environemnt without any ipv4, get DNS-server and IP via DHCPv6, and also get prefixes for Internet Connection Sharing via DHCPv6-PD. It doesn't null route the prefix it gets via PD (thus routing loop if you give it anything larger than /64), but that's another story. I have reported this to people in MS, don't know if there is a fix brewing somewhere. Haven't tested this in Win7, only Vista. -- Mikael Abrahamssonemail: swm...@swm.pp.se ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] IPV6 again
Alan Buxey a.l.m.bu...@lboro.ac.uk wrote: [snipped] worse, stateless configuration, whilst in a way elegant, hardly anything gets handed over to iteg DNS or NTP information . theres also no way to hand over any encrpytion or seed things eg for SeND - we've been in chats with people about getting some nice extensions into the stateless RFC - it'd be good/useful to have these things sorted. DNS is via RFC5006 (if your client supports it, however for now stateless DHCPv6 can give you that) and NTP should be discovered via multicast...like most other services. Cheers -- Alexander Clouter .sigmonster says: I will never lie to you. ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] Nexus 2000 vs Catalyst 4948 for access layer
On 29/01/2010 19:16, ch...@lavin-llc.com wrote: I'm curious why you suggest that the NX-OS is very young. My understanding (I'm not a SAN guy) is that the NX-OS is just a move of bringing the MDS OS into a routing/switching combination with IOS. I should have been more careful what I said there. Yes, san-os 4.1 was released as nx-os 4.1. However, san-os has been extended by quite a substantial amount in the last couple of years, and there is a lot of new code in the os relating to L3 stuff in particular. The basic SAN code is very mature, but the original poster was interested in the nexus boxes as ethernet switches rather than san switches. Nick ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
[c-nsp] Purposed of uRPF's allow-default Option?
All: I am curious what the purpose of uRPF's allow-default option is? Based on Cisco's page explaining the command, I interpret that it allows uRPF to match on a default route... but doesn't that defeat the purpose of uRPF? My best guess is that it allows you to set static routes for networks whose source IPs you want to drop (using the null interface) while allowing everything else. e.g. interface Vlan100 ip verify unicast source reachable-via any allow-default ! ip route 192.168.0.0 255.255.255.0 null0 ip route 0.0.0.0 0.0.0.0 x.x.x.x uRPF would allow Vlan100 to use any source IP address except 192.168.0.0/24. Is that correct? http://www.cisco.com/en/US/docs/switches/lan/catalyst6500/ios/12.2SXF/native/configuration/guide/secure.html Thanks! -- Devon ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] Purposed of uRPF's allow-default Option?
On Fri, 29 Jan 2010, Devon True wrote: I am curious what the purpose of uRPF's allow-default option is? Based on Cisco's page explaining the command, I interpret that it allows uRPF to match on a default route... but doesn't that defeat the purpose of uRPF? See below. interface Vlan100 ip verify unicast source reachable-via any allow-default ! ip route 192.168.0.0 255.255.255.0 null0 ip route 0.0.0.0 0.0.0.0 x.x.x.x uRPF would allow Vlan100 to use any source IP address except 192.168.0.0/24. Is that correct? Yes but that's not the interface where you would apply it. You apply 'allow-default' on your upstream interface that you point your default route to. Ie. if you set your default-route at a particular interface or IP address, then you add urpf 'allow-default' on the interface that leads to your upstream gateway. Antonio Querubin 808-545-5282 x3003 e-mail/xmpp: t...@lava.net ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] Purposed of uRPF's allow-default Option?
On Fri, 29 Jan 2010, Antonio Querubin wrote: Yes but that's not the interface where you would apply it. You apply ^ necessarilly 'allow-default' on your upstream interface that you point your default route to. Ie. if you set your default-route at a particular interface or IP address, then you add urpf 'allow-default' on the interface that leads to your upstream gateway. Ie. you normally do not use allow-default on most of your interfaces. You use it only on upstream interfaces. Antonio Querubin 808-545-5282 x3003 e-mail/xmpp: t...@lava.net ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] Purposed of uRPF's allow-default Option?
On 1/29/2010 4:57 PM, Antonio Querubin wrote: On Fri, 29 Jan 2010, Antonio Querubin wrote: Yes but that's not the interface where you would apply it. You apply ^ necessarilly 'allow-default' on your upstream interface that you point your default route to. Ie. if you set your default-route at a particular interface or IP address, then you add urpf 'allow-default' on the interface that leads to your upstream gateway. Ie. you normally do not use allow-default on most of your interfaces. You use it only on upstream interfaces. So it is for the situation where you do not have a full table (so strict and/or loose mode would not work), but you want uRPF on the edge to be able to drop packets whose network is routed to null on your FIB? -- Devon ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] 10GE WAN options for 7606 for market data / micro-bursting
The ES20 cards have 512MB, the SIP-600 has 256MB, but I think they both say 100ms unidirectional buffering... Is there a chance of congesting the egress interfaces where you would need the larger buffers? They all support LLQ for priority traffic. Phil On Jan 29, 2010, at 12:22 PM, Matthew Huff wrote: We are planning on moving a large portion of our data center to a colo facility at an financial exchange. We will be using redundant 10-GE connections from our existing pair of 7604 to a new pair of 7606 with Sup720-3B. We won't be doing MPLS/VPN, etc... Just normal L3 routing including PIM sparse mode multicast. Since a significant amount of the traffic will be market data, the line rate will be very bursty including micro-bursts. We will be setting up a series of LLQ queues with Modular QoS CLI and are interested in H-QOS, so I have some questions regarding which 10GB interface. The choices are: 1) WS-X6704-10GE. The standard linecard. TX queue of 1p7q8t. 16MB per port buffer 2) 7600-ES20-10G3C. TX queue ??? (configurable ???), buffer size ??? 3) 7600-SIP-600 with SPA-10X1GE. TX queue ???, buffer size ??? The SIP and ES20 may be overkill, maybe not. We aren't doing MPLS or VRF, or QinQ or any other tunneling, but we need the most flexible, best 10GB WAN interface that can help us deal with bursting/QOS. Any experiences, suggestions, warnings...? Matthew Huff | One Manhattanville Rd OTA Management LLC | Purchase, NY 10577 http://www.ox.com | Phone: 914-460-4039 aim: matthewbhuff | Fax: 914-460-4139 ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/ ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] Purposed of uRPF's allow-default Option?
Hi Devon - With loose mode uRPF (reachable-via any), allow-default does mean that any packet will pass the uRPF check (unless the default route goes away). However, with strict mode uRPF (reachable-via rx) with allow-default, traffic not matching a more specific prefix only passes the RPF check if it arrives on the interface(s) where the default is learned (and of course, only if the default route is present in the routing table). Hope that helps, Tim At 01:35 PM 1/29/2010, Devon True declared: All: I am curious what the purpose of uRPF's allow-default option is? Based on Cisco's page explaining the command, I interpret that it allows uRPF to match on a default route... but doesn't that defeat the purpose of uRPF? My best guess is that it allows you to set static routes for networks whose source IPs you want to drop (using the null interface) while allowing everything else. e.g. interface Vlan100 ip verify unicast source reachable-via any allow-default ! ip route 192.168.0.0 255.255.255.0 null0 ip route 0.0.0.0 0.0.0.0 x.x.x.x uRPF would allow Vlan100 to use any source IP address except 192.168.0.0/24. Is that correct? http://www.cisco.com/en/US/docs/switches/lan/catalyst6500/ios/12.2SXF/native/configuration/guide/secure.htmlhttp://www.cisco.com/en/US/docs/switches/lan/catalyst6500/ios/12.2SXF/native/configuration/guide/secure.html Thanks! -- Devon ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsphttps://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/http://puck.nether.net/pipermail/cisco-nsp/ Tim Stevenson, tstev...@cisco.com Routing Switching CCIE #5561 Technical Marketing Engineer, Cisco Nexus 7000 Cisco - http://www.cisco.com IP Phone: 408-526-6759 The contents of this message may be *Cisco Confidential* and are intended for the specified recipients only. ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
[c-nsp] Nexus 2000 vs Catalyst 4948 for access layer
1. Re: Nexus 2000 vs Catalyst 4948 for access layer (ch...@lavin-llc.com) Message: 1 Date: Fri, 29 Jan 2010 14:16:59 -0500 From: ch...@lavin-llc.com To: Nick Hilliard n...@inex.ie Cc: cisco-nsp@puck.nether.net Subject: Re: [c-nsp] Nexus 2000 vs Catalyst 4948 for access layer Message-ID: c322407a5ca5c76b043fa62c4bee5476.squir...@email.fatcow.com Content-Type: text/plain;charset=iso-8859-1 wrt NX-OS vs. IOS, they are two different systems. NX-OS is very young in its development cycle; IOS is much more mature and has many more features. Nick I'm curious why you suggest that the NX-OS is very young. My understanding (I'm not a SAN guy) is that the NX-OS is just a move of bringing the MDS OS into a routing/switching combination with IOS. I had the recent experience of a Nexus CPOC down in RTP. Going into it I was apprehensive about learning a new OS. But through the CPOC I learned that it's not that much different from IOS. Seemed like they did a decent job of importing/aliasing the IOS related commands. I didn't feel as lost within the CLI as I had expected. -chris We have about a dozen 2148Ts connected to 4 Nexus 5Ks and a couple of 7Ks I would absolutely NOT pick the 2148Ts for just switching unless you had some larger data center needs; they and their parent 5Ks don't route .. .so we do some ( and we wanted to) vlan tagging on servers to bypass routing. I will say that show log last 20 is worth every penny :) They are stable if you hook them up right - currently you can not do active/active with a FEX connected to multiple 5Ks do LACP teaming to servers. Got question - shoot them on over ... ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] BGP inject map question
thax for the reply, thats pretty much my fall back plan, its a little disapointing there isn't a better solution, to me an inject map just seems so neat. cheers Andrew, for the cisco people here (hehehe), can i do the following: use an inject map for a route that is locally originated, i think im having issues with the route source ie. I'm not 100% sure, but looking how this is implemented, it seems like you can't use the exist-map to match for locally-originated prefixes. Can you verify your config with a remotely-learnt route (i.e. just change the exist-map) to verify? i have been trying and cant get it working, basiclly i have an MPLS VPN extranet and lan address of the CE is in the same subnet as a /32 host i wish to advertise into the VPN. How about a hack: int fas 0/1 ip address 123.123.123.1 255.255.255.0 ! ip route 123.123.123.12 255.255.255.255 fas0/1 123.123.123.12 and then do a redistribute static or a network entry. So you will advertise the /32 as long as the interface is up, which should achieve the same as your inject-map example. Not very pretty, but effective? oli ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/