Re: [c-nsp] OSPF LSA Type 11
It is a good question. The RFC describes the scopes of the 3 opaque LSAs. LSA11 has AS scope like LSA5. Nothing related to MPLS TE though. As far as I researched and read LSA10 is used in MPLS TE. br Ovidiu On Tue, Apr 13, 2010 at 9:38 PM, Shimol Shah shims...@cisco.com wrote: 5250 obsoletes 2370 http://tools.ietf.org/html/rfc5250 On 4/13/10 2:31 PM, Pritesh Patel wrote: rfc 2370. --Pritesh On Tue, Apr 13, 2010 at 11:15 AM, Ibrahim Abo Zaid ibrahim.aboz...@gmail.com wrote: Hi i want to know the role of OSPF Opaque LSA Type 11 in MPLS TE ? thanks ___ cisco-nsp mailing list cisco-...@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/ ___ cisco-nsp mailing list cisco-...@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/ ___ cisco-nsp mailing list cisco-...@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/ ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] BGP Multi-homing
Hi Bob, I suggest you to receive full bgp routes from both your provider if your router is capable to handle it. so that you can tune your outgoing traffic as required. As you are receiving only default route from primary provider and full bgp table from secondary, then it will be complicated to tune outgoing traffic towards primary provider. Coz default route will be check at last,if there are no specific route for the traffic on the table Here in your scenario what you can do is: received only local route and default route from secondary provider and increase local preference received default route from primary ISP, so the traffic for the local route (must specific) will go via secondary and rest to the primary. For return traffic you can announce your prefixes prepending to secondary provider and default to primary provider. I think this will help to achieve your requirement. Thank you, Ramesh On Tue, Apr 13, 2010 at 5:29 PM, Tim Vollebregt t.vollebr...@leaseweb.comwrote: Hi Bob, There are a lot of configuration options to do this. A simple solution for this, hereby I assume that your secondary neighbor is accepting (default) bgp communities. Primary neighbor (default route): 1.1.1.1 AS10 Secondary neighbor (full table): 2.2.2.2 AS20 Local AS: AS30 Local prefixes: 3.3.3.0/24 and 4.4.4.0/24 Create as-path acl: ip as-path access-list 2 permit _20$ Create no-export access-list (specify your local/customer prefixes here): ip prefix-list no-export seq 1 permit 3.3.3.0/24 ip prefix-list no-export seq 2 permit 4.4.4.0/24 ip prefix-list no-export seq 10 deny 0.0.0.0/0 le 32 Create route-maps: --inbound-- route-map secondary-in permit 5 match as-path 2 set localpref 105 route-map secondary-in permit 10 set localpref 80 --outbound-- route-map secondary-out permit 5 match ip address prefix-list no-export set community no-export additive You don't have to change anything in the configuration of your primary neighbor, only put the in and outbound route-maps on the bgp session: Router bgp 30 Address-family ipv4 Neighbor 2.2.2.2 send-community Neighbor 2.2.2.2 route-map secondary-in in Neighbor 2.2.2.2 route-map secondary-out out Please make sure you also have an normal outbound prefix list on the session. If your secondary neighbor has a lot of 'local' routes which you want to send traffic to, but these routes are not originated from AS20. You should ask them if they can specify a customer bgp community. Afterwards you can match that community in the inbound route-map and set a localpref of 100+ to it. Regards, Tim -Original Message- From: cisco-nsp-boun...@puck.nether.net [mailto: cisco-nsp-boun...@puck.nether.net] On Behalf Of bobby hajhassan Sent: dinsdag, 13 april, 2010 10:01 To: cisco-nsp@puck.nether.net Subject: [c-nsp] BGP Multi-homing Turning up a backup BGP session with a secondary provider. Currently accepting a default route from my primary provider and will have full table from secondary. Would like to continue to have the primary provider as the preferred inbound/outbound path once i've turned up the secondary session. I would however like to prefer the local only routes from my secondary provider and have all other routes preferred through my primary. Config templete would be great...any help is appreciated. Thanks Bob _ Hotmail has tools for the New Busy. Search, chat and e-mail from your inbox. http://www.windowslive.com/campaign/thenewbusy?ocid=PID28326::T:WLMTAGL:ON:WL:en-US:WM_HMP:042010_1 ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/ ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/ ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] Nagios config frontends
Eric Cables ecab...@gmail.com writes: Sorry if this is a bit OT, but I was wondering what configuration frontend people have settled on for Nagios. emacs (or vi) and some shell / perl Jens -- - | Foelderichstr. 40 | 13595 Berlin, Germany| +49-151-18721264 | | http://blog.quux.de | jabber: jensl...@guug.de | --- | - ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] Nagios config frontends
On 13/04/10 21:58, Eric Cables wrote: Sorry if this is a bit OT, but I was wondering what configuration frontend We generate ours from our registration database (a.k.a. IPAM system - a postgres DB with web UI) It's a model I can heartily endorse; it forces you to keep the registration DB up-to-date. ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] Bonding multiple 3G HWIC signals?
Hi Stephen, I think that Cisco is saying you should use different carries because if you have 3-4 3G cards with services from the same carrier all those 3G cards will associate with the same wireless phone cell and that cell may or may not have enough uplink bandwidth. For example if that cell has 4 E1s for packet traffic that would only sum up to 8Mbps. This should apply to one or multiple routers in the same location. Andrei. On Wed, Apr 14, 2010 at 3:36 AM, Stephen Cobb sc...@telecoast.com wrote: I'm curious as to whether or not Cisco's 3G HWIC's can somehow be aggregated (through IOS or not) in order to essentially get an Nx3G amount of bandwidth over a single carrier's network...haven't found any luck googling. Cisco says the only option is to use multiple carriers, if in the same router (and I'm not sure whether or not to believe that): http://www.cisco.com/en/US/prod/collateral/modules/ps5949/ps7272/prod_qas0900aecd80600f5d.html The application is for sending HD video over wireless, and we'd need at least 3-4 3G signals to make this work. Does anyone have experience with doing something like this with one single router? (i.e. 2800 with multiple HWIC-3G-CDMA's) OR...Is the only option to buy a few 1841's with one 3G HWIC in each, and route everything back to our LAN? Any advice is greatly appreciated! sc -- Stephen F. Cobb • Senior Sales Engineer CCNA/CCDA/DCNID/ATSP Telecoast Communications, LLC • Santa Barbara, CA o 877.677.1182 x272 • c 760.807.0570 • f 805.618.1610 aim/yahoo telecoaststephen ___ cisco-nsp mailing list cisco-...@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/ ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
[c-nsp] 3750X?
Our vendor wants to do a dog pony show on the new 3750X (and 3560X and 2960S) switches that Cisco has just released. http://www.cisco.com/en/US/products/ps10745/index.html We're about to plonk down a big chunk of money to buy 3750G switches to replace a lot of our older network gear. We don't have 10G in the core (yet) so 10G uplinks aren't a big seller for me. The PoE+ would be nice to power the Cisco 802.11n gear that requires more than 15 watts to energize both radios (which I don't have anyway), but I don't know of any other gear yet that would require the higher power... So, before the meeting, does anyone else have opinions or questions that I should be asking? -- Jeff Ollie ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] 3750X?
Under the very clear heading of personal opinion, I have always tried to buy the best equipment I could. I tend to have to use equipment longer than I would normally like. I know if I were ordering equipment for a new building on campus today, I would would want the PoE+ and the 10G option for the future needs I will expect the equipment to cover for the next five or six years. Also the shared power is a cool sounding idea. The only problem I ever had out of our 3750 stacks were power issues. As far as questions to ask. I would want my vendor to tell me when I could expect to see the equipment. In my environment here I only order when I need something. At best I can keep one or two switches on the shelf for emergencies. With Cisco currently, I am having to wait way longer than I can (politically speaking) for the equipment. I have even had it suggested from my administration that other companies networking gear may not be as good as Cisco's; but, it can be ordered and arrive at a reasonable time. I have been bit several times ordering a new product to be hit with the dreaded 'new product hold'. I am a little cynical about it... John L. Exum Network Manager Harding University On Wed, Apr 14, 2010 at 8:57 AM, Jeffrey Ollie j...@ocjtech.us wrote: Our vendor wants to do a dog pony show on the new 3750X (and 3560X and 2960S) switches that Cisco has just released. http://www.cisco.com/en/US/products/ps10745/index.html We're about to plonk down a big chunk of money to buy 3750G switches to replace a lot of our older network gear. We don't have 10G in the core (yet) so 10G uplinks aren't a big seller for me. The PoE+ would be nice to power the Cisco 802.11n gear that requires more than 15 watts to energize both radios (which I don't have anyway), but I don't know of any other gear yet that would require the higher power... So, before the meeting, does anyone else have opinions or questions that I should be asking? -- Jeff Ollie ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/ ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] 3750X?
Having the ability to place two power supplies in the chassis and also having the power stacking to share power supplies across multiple chassis really has me interested. The rest I mostly perceive as fluff, even if it is nice fluff. On 14 April 2010 07:57, Jeffrey Ollie j...@ocjtech.us wrote: Our vendor wants to do a dog pony show on the new 3750X (and 3560X and 2960S) switches that Cisco has just released. http://www.cisco.com/en/US/products/ps10745/index.html We're about to plonk down a big chunk of money to buy 3750G switches to replace a lot of our older network gear. We don't have 10G in the core (yet) so 10G uplinks aren't a big seller for me. The PoE+ would be nice to power the Cisco 802.11n gear that requires more than 15 watts to energize both radios (which I don't have anyway), but I don't know of any other gear yet that would require the higher power... So, before the meeting, does anyone else have opinions or questions that I should be asking? -- Jeff Ollie ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/ -- __ Saxon Jones Email: saxon.jo...@gmail.com Telephone: (780) 669-0899 Toll-free: (866) 701-8022 x2 United Kingdom: 0(1315)168664 ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
[c-nsp] Strange ME3400 PPS Limit
I have an ME3400 running 12.2(46)SE that will not pass (much) more than 1000pps through its copper gig port. The interface counters hover around 1000pps tx/rx, while the bps rate fluctuates (presumable due to the variable packet sizes getting thrown at it). There are no service policys or rate limits applied to any of the interfaces. Any thoughts? 5 minute input rate 1681000 bits/sec, 879 packets/sec 5 minute output rate 7545000 bits/sec, 1012 packets/sec ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
[c-nsp] Cisco Security Advisory: Cisco Secure Desktop ActiveX Control Code Execution Vulnerability
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Cisco Security Advisory: Cisco Secure Desktop ActiveX Control Code Execution Vulnerability Advisory ID: cisco-sa-20100414-csd Revision 1.0 +- Summary === Cisco Secure Desktop contains a vulnerable ActiveX control that could allow an attacker to execute arbitrary code with the privileges of the user who is currently logged into the affected system. Cisco has released a free software update that addresses this vulnerability. There is a workaround that mitigates this vulnerability. This advisory is posted at: http://www.cisco.com/warp/public/707/cisco-sa-20100414-csd.shtml Affected Products = Vulnerable Products +-- Cisco Secure Desktop versions prior to 3.5.841 are affected. Products Confirmed Not Vulnerable + No other Cisco products are currently known to be affected by this vulnerability. Details === A Cisco-signed ActiveX control that is used by Cisco Secure Desktop fails to properly verify the integrity of an executable file that is used by the Cisco Secure Desktop installation process. If an attacker can entice a user to visit an attacker controlled web page, the vulnerable ActiveX control could be invoked to download an attacker-modified package. The package could contain a malicious executable file that executes with the privileges of the affected user. A successful exploit could result in a complete compromise of a vulnerable system. This vulnerability is documented in Cisco Bug ID CSCta25876 and has been assigned the Common Vulnerabilities and Exposures (CVE) ID CVE-2010-0589. Vulnerability Scoring Details = Cisco has provided scores for the vulnerabilities in this advisory based on the Common Vulnerability Scoring System (CVSS). The CVSS scoring in this Security Advisory is done in accordance with CVSS version 2.0. CVSS is a standards-based scoring method that conveys vulnerability severity and helps determine urgency and priority of response. Cisco has provided a base and temporal score. Customers can then compute environmental scores to assist in determining the impact of the vulnerability in individual networks. Cisco has provided an FAQ to answer additional questions regarding CVSS at: http://www.cisco.com/web/about/security/intelligence/cvss-qandas.html Cisco has also provided a CVSS calculator to help compute the environmental impact for individual networks at: http://intellishield.cisco.com/security/alertmanager/cvss CSCta25876 CVSS Base Score - 9.3 Access Vector - Network Access Complexity - Medium Authentication - None Confidentiality Impact - Complete Integrity Impact- Complete Availability Impact - Complete CVSS Temporal Score - 7.7 Exploitability - Functional Remediation Level - Official-Fix Report Confidence - Confirmed Impact == Successful exploitation of this vulnerability could result in a complete compromise of the affected system. Software Versions and Fixes === When considering software upgrades, also consult http://www.cisco.com/go/psirt and any subsequent advisories to determine exposure and a complete upgrade solution. In all cases, customers should exercise caution to be certain the devices to be upgraded contain sufficient memory and that current hardware and software configurations will continue to be supported properly by the new release. If the information is not clear, contact the Cisco Technical Assistance Center (TAC) or your contracted maintenance provider for assistance. Cisco Secure Desktop version 3.5.841 can be downloaded at the following link: http://tools.cisco.com/support/downloads/go/ImageList.x?relVer=3.5.841mdfid=280277835sftType=CSD+package-+ASA+DistributionoptPlat=nodecount=2edesignator=nullmodelName=Cisco+Secure+DesktoptreeMdfId=268438162treeName=Securitymodifmdfid=nullimname=hybrid=imst=lr=Y Note: Cisco Secure Desktop versions 3.0 and 3.1 are only supported for operation with certain versions of Cisco IOS software and Cisco Adaptive Security Appliance (ASA) software version 7.x. Cisco Secure Desktop versions 3.2 through 3.5 are only supported for operation with Cisco ASA software version 8.x. Customers running Cisco Secure Desktop versions 3.2 through 3.5 with a supported Cisco ASA software version are encouraged to upgrade to Cisco Secure Desktop version 3.5.841. Customers with active software licenses for Cisco Secure Desktop versions 3.0 and 3.1 should send email to the following address for instructions on migrating to non-vulnerable software: csd-activex-inqu...@cisco.com Workarounds === Administrators can mitigate this vulnerability by using the kill bit feature of Microsoft Windows to prevent the loading and execution of the vulnerable ActiveX control. Administrators must use the Class identifier (CLSID
Re: [c-nsp] 3750X?
Still missing one killer feature that I would really like to see present in the access/distribution layers: NetFlow On Apr 14, 2010, at 10:44 AM, Saxon Jones wrote: Having the ability to place two power supplies in the chassis and also having the power stacking to share power supplies across multiple chassis really has me interested. The rest I mostly perceive as fluff, even if it is nice fluff. On 14 April 2010 07:57, Jeffrey Ollie j...@ocjtech.us wrote: Our vendor wants to do a dog pony show on the new 3750X (and 3560X and 2960S) switches that Cisco has just released. http://www.cisco.com/en/US/products/ps10745/index.html We're about to plonk down a big chunk of money to buy 3750G switches to replace a lot of our older network gear. We don't have 10G in the core (yet) so 10G uplinks aren't a big seller for me. The PoE+ would be nice to power the Cisco 802.11n gear that requires more than 15 watts to energize both radios (which I don't have anyway), but I don't know of any other gear yet that would require the higher power... So, before the meeting, does anyone else have opinions or questions that I should be asking? -- Jeff Ollie ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/ -- __ Saxon Jones Email: saxon.jo...@gmail.com Telephone: (780) 669-0899 Toll-free: (866) 701-8022 x2 United Kingdom: 0(1315)168664 ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/ ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] 3750X?
On 14/04/2010 17:30, Andrew Tolstykh wrote: Still missing one killer feature that I would really like to see present in the access/distribution layers: NetFlow and sflow for l2 stuff. Nick ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] Strange ME3400 PPS Limit
You're doing or testing something wrong. (It's not possible to say what with the limited information you provide). The ME-3400 will happily do line rate. -A On Wed, 14 Apr 2010 11:57:47 -0400, you wrote: I have an ME3400 running 12.2(46)SE that will not pass (much) more than 1000pps through its copper gig port. The interface counters hover around 1000pps tx/rx, while the bps rate fluctuates (presumable due to the variable packet sizes getting thrown at it). There are no service policys or rate limits applied to any of the interfaces. Any thoughts? 5 minute input rate 1681000 bits/sec, 879 packets/sec 5 minute output rate 7545000 bits/sec, 1012 packets/sec ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] Strange ME3400 PPS Limit
On 14 April 2010 11:57, Jeremy Parr jeremyp...@gmail.com wrote: I have an ME3400 running 12.2(46)SE that will not pass (much) more than 1000pps through its copper gig port. The interface counters hover around 1000pps tx/rx, while the bps rate fluctuates (presumable due to the variable packet sizes getting thrown at it). There are no service policys or rate limits applied to any of the interfaces. Any thoughts? 5 minute input rate 1681000 bits/sec, 879 packets/sec 5 minute output rate 7545000 bits/sec, 1012 packets/sec I am also seeing the following in the logs %PLATFORM_UCAST-6-PREFIX: One or more, more specific prefixes could not be programmed into TCAM and are being covered by a less specific prefix ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] Strange ME3400 PPS Limit
Which means the 3400 CPU and not the switching engine is forwarding the packets... how many routes are you trying to feed the 3400 ? Rubens On Wed, Apr 14, 2010 at 1:40 PM, Jeremy Parr jeremyp...@gmail.com wrote: On 14 April 2010 11:57, Jeremy Parr jeremyp...@gmail.com wrote: I have an ME3400 running 12.2(46)SE that will not pass (much) more than 1000pps through its copper gig port. The interface counters hover around 1000pps tx/rx, while the bps rate fluctuates (presumable due to the variable packet sizes getting thrown at it). There are no service policys or rate limits applied to any of the interfaces. Any thoughts? 5 minute input rate 1681000 bits/sec, 879 packets/sec 5 minute output rate 7545000 bits/sec, 1012 packets/sec I am also seeing the following in the logs %PLATFORM_UCAST-6-PREFIX: One or more, more specific prefixes could not be programmed into TCAM and are being covered by a less specific prefix ___ cisco-nsp mailing list cisco-...@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/ ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] Strange ME3400 PPS Limit
On 14/04/2010 17:40, Jeremy Parr wrote: I am also seeing the following in the logs %PLATFORM_UCAST-6-PREFIX: One or more, more specific prefixes could not be programmed into TCAM and are being covered by a less specific prefix Congratulations, you have managed to turn your ME3400 into a C2500 by throwing too many routing entries at the FIB :-D Try cutting down on the number of prefixes the box is holding. If it's dealing with a full DFZ, then cut that out and use some defaults. If this is being caused by a large interior network, then you need to segment / confederate / summarise / whatever in order to drop the number of prefixes. If it's related to having more VRFs than you can shake a stick at, then you need to cut down on that. Nick ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] Strange ME3400 PPS Limit
Hello, We use more than 100 of ME3400 and ME3400G for a long time.. We have never seen such problems. For example: 5 minute input rate 5544000 bits/sec, 2253 packets/sec 5 minute output rate 3593000 bits/sec, 2006 packets/sec This is ME3400 with 12.2(35)SE1 Full-duplex, 1000Mb/s, link type is auto, media type is 10/100/1000BaseTX SFP On Wed, 14 Apr 2010, Jeremy Parr wrote: I have an ME3400 running 12.2(46)SE that will not pass (much) more than 1000pps through its copper gig port. The interface counters hover around 1000pps tx/rx, while the bps rate fluctuates (presumable due to the variable packet sizes getting thrown at it). There are no service policys or rate limits applied to any of the interfaces. Any thoughts? 5 minute input rate 1681000 bits/sec, 879 packets/sec 5 minute output rate 7545000 bits/sec, 1012 packets/sec -- Dmitry Valdov CCIE #15379 (RS and SP) ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] Strange ME3400 PPS Limit
On Wed, Apr 14, 2010 at 12:40:46PM -0400, Jeremy Parr wrote: On 14 April 2010 11:57, Jeremy Parr jeremyp...@gmail.com wrote: I have an ME3400 running 12.2(46)SE that will not pass (much) more than 1000pps through its copper gig port. The interface counters hover around 1000pps tx/rx, while the bps rate fluctuates (presumable due to the variable packet sizes getting thrown at it). There are no service policys or rate limits applied to any of the interfaces. Any thoughts? ?5 minute input rate 1681000 bits/sec, 879 packets/sec ?5 minute output rate 7545000 bits/sec, 1012 packets/sec I am also seeing the following in the logs %PLATFORM_UCAST-6-PREFIX: One or more, more specific prefixes could not be programmed into TCAM and are being covered by a less specific prefix I hit that warning as well, IOS is 12.2(53)SE, and the routing table is not huge. If you ever find a clue, let me know... ME3400#sh ip route summary IP routing table name is Default-IP-Routing-Table(0) IP routing table maximum-paths is 32 Route SourceNetworksSubnets OverheadMemory (bytes) connected 1 3 256 608 static 0 2 192 304 internal3 3516 Total 4 5 448 4428 ME3400# ME3400#sh ip cef summary IPv4 CEF is enabled for distributed and running VRF Default: 30 prefixes (30/0 fwd/non-fwd) Table id 0 Database epoch:2 (30 entries at this epoch) ME3400# Cheers, Everton ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] Strange ME3400 PPS Limit
How may arp entries is the device learning? Each one of them will translate to a /32 in the hardware FIB. Ian On 4/14/10 10:41 AM, Everton da Silva Marques wrote: On Wed, Apr 14, 2010 at 12:40:46PM -0400, Jeremy Parr wrote: On 14 April 2010 11:57, Jeremy Parr jeremyp...@gmail.com wrote: I have an ME3400 running 12.2(46)SE that will not pass (much) more than 1000pps through its copper gig port. The interface counters hover around 1000pps tx/rx, while the bps rate fluctuates (presumable due to the variable packet sizes getting thrown at it). There are no service policys or rate limits applied to any of the interfaces. Any thoughts? ?5 minute input rate 1681000 bits/sec, 879 packets/sec ?5 minute output rate 7545000 bits/sec, 1012 packets/sec I am also seeing the following in the logs %PLATFORM_UCAST-6-PREFIX: One or more, more specific prefixes could not be programmed into TCAM and are being covered by a less specific prefix I hit that warning as well, IOS is 12.2(53)SE, and the routing table is not huge. If you ever find a clue, let me know... ME3400#sh ip route summary IP routing table name is Default-IP-Routing-Table(0) IP routing table maximum-paths is 32 Route SourceNetworksSubnets OverheadMemory (bytes) connected 1 3 256 608 static 0 2 192 304 internal3 3516 Total 4 5 448 4428 ME3400# ME3400#sh ip cef summary IPv4 CEF is enabled for distributed and running VRF Default: 30 prefixes (30/0 fwd/non-fwd) Table id 0 Database epoch:2 (30 entries at this epoch) ME3400# Cheers, Everton ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/ ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] Strange ME3400 PPS Limit
On Wed, Apr 14, 2010 at 01:59:02PM -0400, Jean-Francois Levesque wrote: What is the output of # sh sdm prefer ME3400#sh sdm prefer The current template is layer-2 template. The selected template optimizes the resources in the switch to support this level of features for 8 routed interfaces and 1024 VLANs. number of unicast mac addresses: 8K number of IPv4 IGMP groups: 1K number of IPv4 multicast routes: 0 number of IPv4 unicast routes:0 number of IPv4 policy based routing aces: 0 number of IPv4/MAC qos aces: 0.5K number of IPv4/MAC security aces: 1K ME3400# Everton ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] Strange ME3400 PPS Limit
You are using layer-2 template with no place in the TCAM for ip routes. If you are using this switch as a L3 switch, take a look at the default template. For more info: http://www.cisco.com/en/US/docs/switches/metro/me3400/software/release/12.2_52_se/configuration/guide/swsdm.html JF Everton da Silva Marques wrote: On Wed, Apr 14, 2010 at 01:59:02PM -0400, Jean-Francois Levesque wrote: What is the output of # sh sdm prefer ME3400#sh sdm prefer The current template is layer-2 template. The selected template optimizes the resources in the switch to support this level of features for 8 routed interfaces and 1024 VLANs. number of unicast mac addresses: 8K number of IPv4 IGMP groups: 1K number of IPv4 multicast routes: 0 number of IPv4 unicast routes:0 number of IPv4 policy based routing aces: 0 number of IPv4/MAC qos aces: 0.5K number of IPv4/MAC security aces: 1K ME3400# Everton ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] Strange ME3400 PPS Limit
What is the output of # sh sdm prefer JF Everton da Silva Marques wrote: On Wed, Apr 14, 2010 at 12:40:46PM -0400, Jeremy Parr wrote: On 14 April 2010 11:57, Jeremy Parr jeremyp...@gmail.com wrote: I have an ME3400 running 12.2(46)SE that will not pass (much) more than 1000pps through its copper gig port. The interface counters hover around 1000pps tx/rx, while the bps rate fluctuates (presumable due to the variable packet sizes getting thrown at it). There are no service policys or rate limits applied to any of the interfaces. Any thoughts? ?5 minute input rate 1681000 bits/sec, 879 packets/sec ?5 minute output rate 7545000 bits/sec, 1012 packets/sec I am also seeing the following in the logs %PLATFORM_UCAST-6-PREFIX: One or more, more specific prefixes could not be programmed into TCAM and are being covered by a less specific prefix I hit that warning as well, IOS is 12.2(53)SE, and the routing table is not huge. If you ever find a clue, let me know... ME3400#sh ip route summary IP routing table name is Default-IP-Routing-Table(0) IP routing table maximum-paths is 32 Route SourceNetworksSubnets OverheadMemory (bytes) connected 1 3 256 608 static 0 2 192 304 internal3 3516 Total 4 5 448 4428 ME3400# ME3400#sh ip cef summary IPv4 CEF is enabled for distributed and running VRF Default: 30 prefixes (30/0 fwd/non-fwd) Table id 0 Database epoch:2 (30 entries at this epoch) ME3400# Cheers, Everton ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/ ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] Strange ME3400 PPS Limit
This message is printed even with a single default route, if you happen to use the l2 sdm template. -- Tassos Everton da Silva Marques wrote on 14/04/2010 20:41: On Wed, Apr 14, 2010 at 12:40:46PM -0400, Jeremy Parr wrote: On 14 April 2010 11:57, Jeremy Parrjeremyp...@gmail.com wrote: I have an ME3400 running 12.2(46)SE that will not pass (much) more than 1000pps through its copper gig port. The interface counters hover around 1000pps tx/rx, while the bps rate fluctuates (presumable due to the variable packet sizes getting thrown at it). There are no service policys or rate limits applied to any of the interfaces. Any thoughts? ?5 minute input rate 1681000 bits/sec, 879 packets/sec ?5 minute output rate 7545000 bits/sec, 1012 packets/sec I am also seeing the following in the logs %PLATFORM_UCAST-6-PREFIX: One or more, more specific prefixes could not be programmed into TCAM and are being covered by a less specific prefix I hit that warning as well, IOS is 12.2(53)SE, and the routing table is not huge. If you ever find a clue, let me know... ME3400#sh ip route summary IP routing table name is Default-IP-Routing-Table(0) IP routing table maximum-paths is 32 Route SourceNetworksSubnets OverheadMemory (bytes) connected 1 3 256 608 static 0 2 192 304 internal3 3516 Total 4 5 448 4428 ME3400# ME3400#sh ip cef summary IPv4 CEF is enabled for distributed and running VRF Default: 30 prefixes (30/0 fwd/non-fwd) Table id 0 Database epoch:2 (30 entries at this epoch) ME3400# Cheers, Everton ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/ -- Tassos ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] OSPF LSA Type 11
Opaque LSA types 9-11 are used for TE reachability. I tried to google this, but didn't find any hits. I think the best reference for this area is Eric Osborn's RSVP-TE book, its excellent. To be honest, the best way to learn this is to try it out in a lab, it is just not very well documented. You can also try googling OSPF-TE. Here's one tiny description: http://www.cisco.com/en/US/tech/tk436/tk428/technologies_configuration_example09186a0080093fd0.shtml Leah -Original Message- From: cisco-nsp-boun...@puck.nether.net [mailto:cisco-nsp-boun...@puck.nether.net] On Behalf Of Ovidiu Neghina Sent: Tuesday, April 13, 2010 11:19 PM To: shims...@cisco.com Cc: cisco-nsp@puck.nether.net Subject: Re: [c-nsp] OSPF LSA Type 11 It is a good question. The RFC describes the scopes of the 3 opaque LSAs. LSA11 has AS scope like LSA5. Nothing related to MPLS TE though. As far as I researched and read LSA10 is used in MPLS TE. br Ovidiu On Tue, Apr 13, 2010 at 9:38 PM, Shimol Shah shims...@cisco.com wrote: 5250 obsoletes 2370 http://tools.ietf.org/html/rfc5250 On 4/13/10 2:31 PM, Pritesh Patel wrote: rfc 2370. --Pritesh On Tue, Apr 13, 2010 at 11:15 AM, Ibrahim Abo Zaid ibrahim.aboz...@gmail.com wrote: Hi i want to know the role of OSPF Opaque LSA Type 11 in MPLS TE ? thanks ___ cisco-nsp mailing list cisco-...@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/ ___ cisco-nsp mailing list cisco-...@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/ ___ cisco-nsp mailing list cisco-...@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/ ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/ This email may contain confidential and privileged material for the sole use of the intended recipient. Any review, use, distribution or disclosure by others is strictly prohibited. If you are not the intended recipient (or authorized to receive for the recipient), please contact the sender by reply email and delete all copies of this message. ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] Strange ME3400 PPS Limit
That's it! Thanks a lot! Everton On Wed, Apr 14, 2010 at 02:09:03PM -0400, Jean-Francois Levesque wrote: You are using layer-2 template with no place in the TCAM for ip routes. If you are using this switch as a L3 switch, take a look at the default template. For more info: http://www.cisco.com/en/US/docs/switches/metro/me3400/software/release/12.2_52_se/configuration/guide/swsdm.html JF Everton da Silva Marques wrote: On Wed, Apr 14, 2010 at 01:59:02PM -0400, Jean-Francois Levesque wrote: What is the output of # sh sdm prefer ME3400#sh sdm prefer The current template is layer-2 template. The selected template optimizes the resources in the switch to support this level of features for 8 routed interfaces and 1024 VLANs. number of unicast mac addresses: 8K number of IPv4 IGMP groups: 1K number of IPv4 multicast routes: 0 number of IPv4 unicast routes:0 number of IPv4 policy based routing aces: 0 number of IPv4/MAC qos aces: 0.5K number of IPv4/MAC security aces: 1K ME3400# Everton ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
[c-nsp] bgp maximum-paths
We are a multi-homed ISP with connections to 2 different providers (AS Numbers) Does the bgp maximum-paths 2 command have any effect on load balancing between the 2 connections since they are different AS's or does that command only work when you have multiple paths to the same AS? -- Chris Gotstein, Sr Network Engineer, UP Logon/Computer Connection UP http://uplogon.com | +1 906 774 4847 | ch...@uplogon.com ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] cost community alternatives
Thanks Luan. I tried indeed and it worked. However, since offset-list actually modifies the metric and all those ext eigrp routes are still viewable with an AD of 170, how does it happen for them to be preferable over internal eigrp ones?? Finally what is the difference of an offset-list when compared to a route-map setting a low metric for external routes while redistributing from ebgp to eigrp? Cheers, Pan - Try using the offset list command. Regards, - Luan Nguyen Chesapeake NetCraftsmen, LLC. -Original Message- From: cisco-nsp-bounces at puck.nether.net [mailto:cisco-nsp-bounces at puck.nether.net] On Behalf Of Pan vangels Sent: Monday, April 12, 2010 1:57 PM To: cisco-nsp at puck.nether.net Subject: [c-nsp] cost community alternatives If 1) ebgp is used as PE-CE protocol, 2) eigrp is used into customer's network, and 3) a backdoor link exists between CE routers, is there any way of external eigrp routes coming from ebgp into eigrp to be prefered over normal eigrp routes advertised through the backdoor link? Distance command would do the trick but this has to be defined on all internal customer routes. On the other way cost community is not extendable over an ebgp session... Thnx, Pan _ Your E-mail and More On-the-Go. Get Windows Live Hotmail Free. https://signup.live.com/signup.aspx?id=60969 ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] bgp maximum-paths
-Original Message- From: cisco-nsp-boun...@puck.nether.net [mailto:cisco-nsp- boun...@puck.nether.net] On Behalf Of Chris Gotstein Sent: Wednesday, April 14, 2010 1:04 PM To: cisco-nsp@puck.nether.net Subject: [c-nsp] bgp maximum-paths We are a multi-homed ISP with connections to 2 different providers (AS Numbers) Does the bgp maximum-paths 2 command have any effect on load balancing between the 2 connections since they are different AS's or does that command only work when you have multiple paths to the same AS? It's just for 2 connections to the same upstream AS. Mike ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] bgp maximum-paths
On Wed, Apr 14, 2010 at 3:03 PM, Chris Gotstein ch...@uplogon.com wrote: We are a multi-homed ISP with connections to 2 different providers (AS Numbers) Does the bgp maximum-paths 2 command have any effect on load balancing between the 2 connections since they are different AS's or does that command only work when you have multiple paths to the same AS? Taken from http://www.cisco.com/en/US/tech/tk365/technologies_configuration_example09186a00800945bf.shtml By default, BGP chooses one best path among the possible equal-cost paths that are learned from one AS. However, you can change the maximum number of parallel equal-cost paths that are allowed. In order to make this change, include the maximum-paths paths command under the BGP configuration. Use a number between 1 and 6 for the paths argument. That feature is only of use if you are dual-homed to the same AS. ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] bgp maximum-paths
Does this seem like a valid way to load balance? http://ccnalab.net/bgp-routing/bgp-load-sharing-2-isp/ Chris Gotstein, Sr Network Engineer, UP Logon/Computer Connection UP http://uplogon.com | +1 906 774 4847 | ch...@uplogon.com On 4/14/2010 4:23 PM, MrPaul wrote: On Wed, Apr 14, 2010 at 3:03 PM, Chris Gotstein ch...@uplogon.com mailto:ch...@uplogon.com wrote: We are a multi-homed ISP with connections to 2 different providers (AS Numbers) Does the bgp maximum-paths 2 command have any effect on load balancing between the 2 connections since they are different AS's or does that command only work when you have multiple paths to the same AS? Taken from http://www.cisco.com/en/US/tech/tk365/technologies_configuration_example09186a00800945bf.shtml By default, BGP chooses one best path among the possible equal-cost paths that are learned from one AS. However, you can change the maximum number of parallel equal-cost paths that are allowed. In order to make this change, include the maximum-paths paths command under the BGP configuration. Use a number between 1 and 6 for the paths argument. That feature is only of use if you are dual-homed to the same AS. ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] cost community alternatives
What if you used a different routing protocol on the backdoor link and redistributed (carefully) between EIGRP and the diff routing protocol on the backdoor router at each location? You'd have external EIGRP routes everywhere then and could create different seed metrics at the MPLS border (CE router) and on the backdoor routers to automagically prefer one path over the other. You'd have to tag routes at points of redistribution and filter them on CE router (keep site B's routes from being advertised via BGP on CE router at site A and vice versa for example). A little messy but works. Kenny On Wed, Apr 14, 2010 at 2:16 PM, Pan vangels panvang...@hotmail.com wrote: Thanks Luan. I tried indeed and it worked. However, since offset-list actually modifies the metric and all those ext eigrp routes are still viewable with an AD of 170, how does it happen for them to be preferable over internal eigrp ones?? Finally what is the difference of an offset-list when compared to a route-map setting a low metric for external routes while redistributing from ebgp to eigrp? Cheers, Pan - Try using the offset list command. Regards, - Luan Nguyen Chesapeake NetCraftsmen, LLC. -Original Message- From: cisco-nsp-bounces at puck.nether.net [mailto:cisco-nsp-bounces at puck.nether.net] On Behalf Of Pan vangels Sent: Monday, April 12, 2010 1:57 PM To: cisco-nsp at puck.nether.net Subject: [c-nsp] cost community alternatives If 1) ebgp is used as PE-CE protocol, 2) eigrp is used into customer's network, and 3) a backdoor link exists between CE routers, is there any way of external eigrp routes coming from ebgp into eigrp to be prefered over normal eigrp routes advertised through the backdoor link? Distance command would do the trick but this has to be defined on all internal customer routes. On the other way cost community is not extendable over an ebgp session... Thnx, Pan _ Your E-mail and More On-the-Go. Get Windows Live Hotmail Free. https://signup.live.com/signup.aspx?id=60969 ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/ ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] bgp maximum-paths
Phil Smith has some good introductory slides on the nanog archive. There are lots of tools for attempting to influence the return path of your traffic. (Assuming this is the load balancing you're trying to do). Selective prepending, announcing sub-aggregates along with your full aggregate, etc. -b -Original Message- From: cisco-nsp-boun...@puck.nether.net [mailto:cisco-nsp-boun...@puck.nether.net] On Behalf Of Chris Gotstein Sent: Wednesday, April 14, 2010 2:26 PM To: cisco-nsp@puck.nether.net Subject: Re: [c-nsp] bgp maximum-paths Does this seem like a valid way to load balance? http://ccnalab.net/bgp-routing/bgp-load-sharing-2-isp/ Chris Gotstein, Sr Network Engineer, UP Logon/Computer Connection UP http://uplogon.com | +1 906 774 4847 | ch...@uplogon.com On 4/14/2010 4:23 PM, MrPaul wrote: On Wed, Apr 14, 2010 at 3:03 PM, Chris Gotstein ch...@uplogon.com mailto:ch...@uplogon.com wrote: We are a multi-homed ISP with connections to 2 different providers (AS Numbers) Does the bgp maximum-paths 2 command have any effect on load balancing between the 2 connections since they are different AS's or does that command only work when you have multiple paths to the same AS? Taken from http://www.cisco.com/en/US/tech/tk365/technologies_configuration_example09186a00800945bf.shtml By default, BGP chooses one best path among the possible equal-cost paths that are learned from one AS. However, you can change the maximum number of parallel equal-cost paths that are allowed. In order to make this change, include the maximum-paths paths command under the BGP configuration. Use a number between 1 and 6 for the paths argument. That feature is only of use if you are dual-homed to the same AS. ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/ ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] bgp maximum-paths
Are you wanting to load balance inbound, outbound, or both? Without knowing all the details the cleanest solution would be to split your address space in half. Then send one half to provider A and the other half to provider B. Also send the entire network block to both provider A B for backup purposes. The only issue here is you need to hope that you have enough address space to support this. That way under normal circumstances 1/2 your IP space will come in provider A while the other half will come provider B. For outbound load balancing you'll probably need to take full routes and then do something like prefer odd addresses out provider A and even out provider B. You may find that taking full routes will balance enough. Typical customers don't bother load balancing outbound traffic as there isn't much. Paul On Wed, Apr 14, 2010 at 4:26 PM, Chris Gotstein ch...@uplogon.com wrote: Does this seem like a valid way to load balance? http://ccnalab.net/bgp-routing/bgp-load-sharing-2-isp/ Chris Gotstein, Sr Network Engineer, UP Logon/Computer Connection UP http://uplogon.com | +1 906 774 4847 | ch...@uplogon.com On 4/14/2010 4:23 PM, MrPaul wrote: On Wed, Apr 14, 2010 at 3:03 PM, Chris Gotstein ch...@uplogon.com mailto:ch...@uplogon.com wrote: We are a multi-homed ISP with connections to 2 different providers (AS Numbers) Does the bgp maximum-paths 2 command have any effect on load balancing between the 2 connections since they are different AS's or does that command only work when you have multiple paths to the same AS? Taken from http://www.cisco.com/en/US/tech/tk365/technologies_configuration_example09186a00800945bf.shtml By default, BGP chooses one best path among the possible equal-cost paths that are learned from one AS. However, you can change the maximum number of parallel equal-cost paths that are allowed. In order to make this change, include the maximum-paths paths command under the BGP configuration. Use a number between 1 and 6 for the paths argument. That feature is only of use if you are dual-homed to the same AS. ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/ ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] bgp maximum-paths
It's inbound i'm mostly concerned with. I'm taking full routes from both providers. Paths to both a relatively equal, so the path with the lowest ID is winning, causing it to be overloaded. Chris Gotstein, Sr Network Engineer, UP Logon/Computer Connection UP http://uplogon.com | +1 906 774 4847 | ch...@uplogon.com On 4/14/2010 4:43 PM, MrPaul wrote: Are you wanting to load balance inbound, outbound, or both? Without knowing all the details the cleanest solution would be to split your address space in half. Then send one half to provider A and the other half to provider B. Also send the entire network block to both provider A B for backup purposes. The only issue here is you need to hope that you have enough address space to support this. That way under normal circumstances 1/2 your IP space will come in provider A while the other half will come provider B. For outbound load balancing you'll probably need to take full routes and then do something like prefer odd addresses out provider A and even out provider B. You may find that taking full routes will balance enough. Typical customers don't bother load balancing outbound traffic as there isn't much. Paul On Wed, Apr 14, 2010 at 4:26 PM, Chris Gotstein ch...@uplogon.com mailto:ch...@uplogon.com wrote: Does this seem like a valid way to load balance? http://ccnalab.net/bgp-routing/bgp-load-sharing-2-isp/ Chris Gotstein, Sr Network Engineer, UP Logon/Computer Connection UP http://uplogon.com | +1 906 774 4847 | ch...@uplogon.com mailto:ch...@uplogon.com On 4/14/2010 4:23 PM, MrPaul wrote: On Wed, Apr 14, 2010 at 3:03 PM, Chris Gotstein ch...@uplogon.com mailto:ch...@uplogon.com mailto:ch...@uplogon.com mailto:ch...@uplogon.com wrote: We are a multi-homed ISP with connections to 2 different providers (AS Numbers) Does the bgp maximum-paths 2 command have any effect on load balancing between the 2 connections since they are different AS's or does that command only work when you have multiple paths to the same AS? Taken from http://www.cisco.com/en/US/tech/tk365/technologies_configuration_example09186a00800945bf.shtml By default, BGP chooses one best path among the possible equal-cost paths that are learned from one AS. However, you can change the maximum number of parallel equal-cost paths that are allowed. In order to make this change, include the maximum-paths paths command under the BGP configuration. Use a number between 1 and 6 for the paths argument. That feature is only of use if you are dual-homed to the same AS. ___ cisco-nsp mailing list cisco-nsp@puck.nether.net mailto:cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/ ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] bgp maximum-paths
Pick the top as numbers, set local-pref higher on the other link. Instant traffic management. Manolo -Original Message- From: Chris Gotstein ch...@uplogon.com Date: Wed, 14 Apr 2010 16:48:06 To: cisco-nsp@puck.nether.net \cisco-...@puck.nether.net\cisco-nsp@puck.nether.net Subject: Re: [c-nsp] bgp maximum-paths It's inbound i'm mostly concerned with. I'm taking full routes from both providers. Paths to both a relatively equal, so the path with the lowest ID is winning, causing it to be overloaded. Chris Gotstein, Sr Network Engineer, UP Logon/Computer Connection UP http://uplogon.com | +1 906 774 4847 | ch...@uplogon.com On 4/14/2010 4:43 PM, MrPaul wrote: Are you wanting to load balance inbound, outbound, or both? Without knowing all the details the cleanest solution would be to split your address space in half. Then send one half to provider A and the other half to provider B. Also send the entire network block to both provider A B for backup purposes. The only issue here is you need to hope that you have enough address space to support this. That way under normal circumstances 1/2 your IP space will come in provider A while the other half will come provider B. For outbound load balancing you'll probably need to take full routes and then do something like prefer odd addresses out provider A and even out provider B. You may find that taking full routes will balance enough. Typical customers don't bother load balancing outbound traffic as there isn't much. Paul On Wed, Apr 14, 2010 at 4:26 PM, Chris Gotstein ch...@uplogon.com mailto:ch...@uplogon.com wrote: Does this seem like a valid way to load balance? http://ccnalab.net/bgp-routing/bgp-load-sharing-2-isp/ Chris Gotstein, Sr Network Engineer, UP Logon/Computer Connection UP http://uplogon.com | +1 906 774 4847 | ch...@uplogon.com mailto:ch...@uplogon.com On 4/14/2010 4:23 PM, MrPaul wrote: On Wed, Apr 14, 2010 at 3:03 PM, Chris Gotstein ch...@uplogon.com mailto:ch...@uplogon.com mailto:ch...@uplogon.com mailto:ch...@uplogon.com wrote: We are a multi-homed ISP with connections to 2 different providers (AS Numbers) Does the bgp maximum-paths 2 command have any effect on load balancing between the 2 connections since they are different AS's or does that command only work when you have multiple paths to the same AS? Taken from http://www.cisco.com/en/US/tech/tk365/technologies_configuration_example09186a00800945bf.shtml By default, BGP chooses one best path among the possible equal-cost paths that are learned from one AS. However, you can change the maximum number of parallel equal-cost paths that are allowed. In order to make this change, include the maximum-paths paths command under the BGP configuration. Use a number between 1 and 6 for the paths argument. That feature is only of use if you are dual-homed to the same AS. ___ cisco-nsp mailing list cisco-nsp@puck.nether.net mailto:cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/ ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/ ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] Bonding multiple 3G HWIC signals?
On Wed, Apr 14, 2010 at 12:07 PM, Andrei-Marius Radu andr...@gmail.com wrote: Hi Stephen, I think that Cisco is saying you should use different carries because if you have 3-4 3G cards with services from the same carrier all those 3G cards will associate with the same wireless phone cell and that cell may or may not have enough uplink bandwidth. For example if that cell has 4 E1s for packet traffic that would only sum up to 8Mbps. This should apply to one or multiple routers in the same location. IANAWWANE*, but I'd be curious to know just how unique cell cites are to a carrier in dense/interesting locations; from my small, cursory knowledge of cell sites and associated backhaul archs, it's more GSM/CDMA than Carrier A/Carrier B...and even then... regards, aaron.glenn *I am not a wireless WAN engineer ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] bgp maximum-paths
On Wed, 2010-04-14 at 16:26 -0500, Chris Gotstein wrote: Does this seem like a valid way to load balance? http://ccnalab.net/bgp-routing/bgp-load-sharing-2-isp/ (For the lazy on the list: The document explains prepending your own AS on an inbound route-map from each provider, thus making the routes appear from same AS.) If it works (the example tends to say it does) it would balance your outbound traffic only, i.e. what you send to your upstreams. Multipath balanced BGP-traffic is problematic in that the balancing is typically some kind flow based of hashing of L3/L4 information, and that makes it difficult to predict what upstream a given flow ends up using. Troubleshooting can be very problematic; a problem from one host towards ftp.example.com might not exist on another host in the same subnet. For outbound balancing it's probably more desirable to do as Manolo says and adjust traffic per-AS with local-pref. Inbound traffic balancing is another thing completely. The easy method is asking your upstreams for a list of communities you can use for selective propagation of your prefixes through their net. The bad (for the size of the DFZ) is to chop up your prefixes and announce different more specifics to each provider. -- Peter ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] 3750X?
On Wed, 2010-04-14 at 08:57 -0500, Jeffrey Ollie wrote: So, before the meeting, does anyone else have opinions or questions that I should be asking? Ask them when they will begin supporting software upgrades per-member in a stack. :-) The power sharing looks impressive. And it supports MACsec, though that's probably hardly relevant yet. Together with PoE+ those are the things that make it stand out from the 3750E in my eyes. Are these X-models considerably more expensive than E-models? Or are they targeted at replacing the E-models? -- Peter ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] 3750X?
the X-models are at a lower list price then the E-models. thanks .siva On Thu, 15 Apr 2010, Peter Rathlev wrote: On Wed, 2010-04-14 at 08:57 -0500, Jeffrey Ollie wrote: So, before the meeting, does anyone else have opinions or questions that I should be asking? Ask them when they will begin supporting software upgrades per-member in a stack. :-) The power sharing looks impressive. And it supports MACsec, though that's probably hardly relevant yet. Together with PoE+ those are the things that make it stand out from the 3750E in my eyes. Are these X-models considerably more expensive than E-models? Or are they targeted at replacing the E-models? -- Peter ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/ ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] bgp maximum-paths
On 4/14/10 2:48 PM, Chris Gotstein ch...@uplogon.com wrote: It's inbound i'm mostly concerned with. I'm taking full routes from both providers. Paths to both a relatively equal, so the path with the lowest ID is winning, causing it to be overloaded. Chris Gotstein, Sr Network Engineer, UP Logon/Computer Connection UP http://uplogon.com | +1 906 774 4847 | ch...@uplogon.com Ugh. There aren't very many subtle ways to do inbound shaping. The hammer approach is as-path prepend, and you could do it more granularly via route-maps. As an example, match access-list 100 prepend once, match access-list 200, prepend twice, etc. Another way to approach it is to ask your upstream providers if they have communities you can match to set their local preference on your behalf. If you're email is your AS, then it looks like you have Qwest and a more local provider. Qwest communities can be found at http://onesc.net/communities/as209/. I don't see a listing for AS46208 so you may have to ask them. Regards, Mike ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] 3750X?
I couldn't find the maximum routes when one uses the IPv4+IPv6 template, is it the same of 3750, as the IPv4 only number seems to be ? Rubens On Wed, Apr 14, 2010 at 9:29 PM, Siva Valliappan svall...@cisco.com wrote: the X-models are at a lower list price then the E-models. thanks .siva On Thu, 15 Apr 2010, Peter Rathlev wrote: On Wed, 2010-04-14 at 08:57 -0500, Jeffrey Ollie wrote: So, before the meeting, does anyone else have opinions or questions that I should be asking? Ask them when they will begin supporting software upgrades per-member in a stack. :-) The power sharing looks impressive. And it supports MACsec, though that's probably hardly relevant yet. Together with PoE+ those are the things that make it stand out from the 3750E in my eyes. Are these X-models considerably more expensive than E-models? Or are they targeted at replacing the E-models? -- Peter ___ cisco-nsp mailing list cisco-...@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/ ___ cisco-nsp mailing list cisco-...@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/ ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] bgp maximum-paths
I've looked into the communities option, but only Qwest supports them, my other provider doesn't support communities at this time. Though the Qwest link is the one i want to push more traffic to, so maybe i can just use their communities and see what happens. On 4/14/2010 7:56 PM, Michael K. Smith wrote: On 4/14/10 2:48 PM, Chris Gotsteinch...@uplogon.com wrote: It's inbound i'm mostly concerned with. I'm taking full routes from both providers. Paths to both a relatively equal, so the path with the lowest ID is winning, causing it to be overloaded. Chris Gotstein, Sr Network Engineer, UP Logon/Computer Connection UP http://uplogon.com | +1 906 774 4847 | ch...@uplogon.com Ugh. There aren't very many subtle ways to do inbound shaping. The hammer approach is as-path prepend, and you could do it more granularly via route-maps. As an example, match access-list 100 prepend once, match access-list 200, prepend twice, etc. Another way to approach it is to ask your upstream providers if they have communities you can match to set their local preference on your behalf. If you're email is your AS, then it looks like you have Qwest and a more local provider. Qwest communities can be found at http://onesc.net/communities/as209/. I don't see a listing for AS46208 so you may have to ask them. Regards, Mike -- Chris Gotstein Sr Network Engineer UP Logon/Computer Connection UP 500 N Stephenson Ave Iron Mountain, MI 49801 Phone: 906-774-4847 Fax: 906-774-0335 ch...@uplogon.com ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] bgp maximum-paths
If you're email is your AS, then it looks like you have Qwest and a more local provider. I love how people on these lists casually deduces someone's AS and upstream from the mail header and gives more specific advice. Love it. :) ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] 3750X?
On Thu, 15 Apr 2010 01:39:18 +0200, you wrote: Are these X-models considerably more expensive than E-models? Less. Or are they targeted at replacing the E-models? Yes, both E and G, as far as I'm told. (The final prices are not in the GPL) -A ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/