Re: [c-nsp] OSPF Adjacencies
output show ip ospf Supports only single TOS(TOS0) routes Supports opaque LSA Supports Link-local Signaling (LLS) Initial SPF schedule delay 5000 msecs Minimum hold time between two consecutive SPFs 1 msecs Maximum wait time between two consecutive SPFs 1 msecs Minimum LSA interval 5 secs. Minimum LSA arrival 1 secs LSA group pacing timer 240 secs Interface flood pacing timer 33 msecs Retransmission pacing timer 66 msecs Number of external LSA 0. Checksum Sum 0x00 Number of opaque AS LSA 0. Checksum Sum 0x00 Number of DCbitless external and opaque AS LSA 0 Number of DoNotAge external and opaque AS LSA 0 Number of areas in this router is 1. 1 normal 0 stub 0 nssa External flood list length 0 Area BACKBONE(0) (Inactive) Number of interfaces in this area is 8 (1 loopback) Area has message digest authentication SPF algorithm last executed 08:13:04.952 ago SPF algorithm executed 1 times Area ranges are Number of LSA 1. Checksum Sum 0x0064D2 Number of opaque link LSA 0. Checksum Sum 0x00 Number of DCbitless LSA 0 Number of indication LSA 0 Number of DoNotAge LSA 0 Flood list length 0 Rgrds, Shake On 5/12/10, Peter Rathlev pe...@rathlev.dk wrote: Hi Shake, On Wed, 2010-05-12 at 00:46 +0300, shake righa wrote: Sascha, Output show ip ospf [...] You forgot this: On Tue, May 11, 2010 at 10:43 PM, Sascha E. Pollok nsp-l...@pollok.netwrote: sh ip ospf interface .. and/or configuration snippets. = a show ip ospf interface might explain the reason. -- Peter ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] OSPF Adjacencies
Sascha, Output show ip ospf [...] As Peter already said, I was asking for the output of show ip ospf interface. It will show us whether something like a passive-nterface causes your problem. Thanks Sascha___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] OSPF Adjacencies
There's really not enough to go on. You haven't said what type of interfaces are involved or shown the configuration of those interfaces on two sides of a link. Are they Ethernet, SONET, Frame-Relay? My guess is that you don't have your ospf network type correct on your interfaces, but without seeing interface configs *and* your ospf router config, it's impossible to tell. Mike On 5/11/10 10:57 PM, shake righa ssri...@gmail.com wrote: output show ip ospf Supports only single TOS(TOS0) routes Supports opaque LSA Supports Link-local Signaling (LLS) Initial SPF schedule delay 5000 msecs Minimum hold time between two consecutive SPFs 1 msecs Maximum wait time between two consecutive SPFs 1 msecs Minimum LSA interval 5 secs. Minimum LSA arrival 1 secs LSA group pacing timer 240 secs Interface flood pacing timer 33 msecs Retransmission pacing timer 66 msecs Number of external LSA 0. Checksum Sum 0x00 Number of opaque AS LSA 0. Checksum Sum 0x00 Number of DCbitless external and opaque AS LSA 0 Number of DoNotAge external and opaque AS LSA 0 Number of areas in this router is 1. 1 normal 0 stub 0 nssa External flood list length 0 Area BACKBONE(0) (Inactive) Number of interfaces in this area is 8 (1 loopback) Area has message digest authentication SPF algorithm last executed 08:13:04.952 ago SPF algorithm executed 1 times Area ranges are Number of LSA 1. Checksum Sum 0x0064D2 Number of opaque link LSA 0. Checksum Sum 0x00 Number of DCbitless LSA 0 Number of indication LSA 0 Number of DoNotAge LSA 0 Flood list length 0 Rgrds, Shake On 5/12/10, Peter Rathlev pe...@rathlev.dk wrote: Hi Shake, On Wed, 2010-05-12 at 00:46 +0300, shake righa wrote: Sascha, Output show ip ospf [...] You forgot this: On Tue, May 11, 2010 at 10:43 PM, Sascha E. Pollok nsp-l...@pollok.netwrote: sh ip ospf interface .. and/or configuration snippets. = a show ip ospf interface might explain the reason. -- Peter ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/ ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] Web TV Streaming Solution?
I know VLC can do some cool stuff with video broadcasting through LAN Check this article out: http://blog.tmcnet.com/blog/tom-keating/voip/streaming-live-tv.asp HTH Ziv -Original Message- From: cisco-nsp-boun...@puck.nether.net [mailto:cisco-nsp-boun...@puck.nether.net] On Behalf Of Felix Nkansah Sent: Wednesday, May 12, 2010 1:19 AM To: cisco-nsp@puck.nether.net Subject: [c-nsp] Web TV Streaming Solution? Hi All, To informally permit employees to watch the upcoming soccer world cup without consuming all the bandwidth through the use of web TV, one of my customers came up with this requirement: They want to subscribe to a soccer web TV channel and access it over the Internet by a dedicated PC or server. Then users connect to the server via their browsers or provided client software to watch the soccer matches in real-time. In that case, only the server consumes bandwidth. What would you recommend? Thanks. Felix ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/ This footnote confirms that this email message has been scanned by PineApp Mail-SeCure for the presence of malicious code, vandals computer viruses. This footnote confirms that this email message has been scanned by PineApp Mail-SeCure for the presence of malicious code, vandals computer viruses. ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] OSPF Adjacencies
http://www.cisco.com/en/US/tech/tk365/technologies_tech_note09186a00800949f7 .shtml -Original Message- From: cisco-nsp-boun...@puck.nether.net [mailto:cisco-nsp-boun...@puck.nether.net] On Behalf Of Michael K. Smith Sent: mercredi 12 mai 2010 8:25 To: shake righa Cc: cisco-nsp@puck.nether.net Subject: Re: [c-nsp] OSPF Adjacencies There's really not enough to go on. You haven't said what type of interfaces are involved or shown the configuration of those interfaces on two sides of a link. Are they Ethernet, SONET, Frame-Relay? My guess is that you don't have your ospf network type correct on your interfaces, but without seeing interface configs *and* your ospf router config, it's impossible to tell. Mike On 5/11/10 10:57 PM, shake righa ssri...@gmail.com wrote: output show ip ospf Supports only single TOS(TOS0) routes Supports opaque LSA Supports Link-local Signaling (LLS) Initial SPF schedule delay 5000 msecs Minimum hold time between two consecutive SPFs 1 msecs Maximum wait time between two consecutive SPFs 1 msecs Minimum LSA interval 5 secs. Minimum LSA arrival 1 secs LSA group pacing timer 240 secs Interface flood pacing timer 33 msecs Retransmission pacing timer 66 msecs Number of external LSA 0. Checksum Sum 0x00 Number of opaque AS LSA 0. Checksum Sum 0x00 Number of DCbitless external and opaque AS LSA 0 Number of DoNotAge external and opaque AS LSA 0 Number of areas in this router is 1. 1 normal 0 stub 0 nssa External flood list length 0 Area BACKBONE(0) (Inactive) Number of interfaces in this area is 8 (1 loopback) Area has message digest authentication SPF algorithm last executed 08:13:04.952 ago SPF algorithm executed 1 times Area ranges are Number of LSA 1. Checksum Sum 0x0064D2 Number of opaque link LSA 0. Checksum Sum 0x00 Number of DCbitless LSA 0 Number of indication LSA 0 Number of DoNotAge LSA 0 Flood list length 0 Rgrds, Shake On 5/12/10, Peter Rathlev pe...@rathlev.dk wrote: Hi Shake, On Wed, 2010-05-12 at 00:46 +0300, shake righa wrote: Sascha, Output show ip ospf [...] You forgot this: On Tue, May 11, 2010 at 10:43 PM, Sascha E. Pollok nsp-l...@pollok.netwrote: sh ip ospf interface .. and/or configuration snippets. = a show ip ospf interface might explain the reason. -- Peter ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/ ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/ ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] Web TV Streaming Solution?
On Tue, 11 May 2010, Felix Nkansah wrote: To informally permit employees to watch the upcoming soccer world cup without consuming all the bandwidth through the use of web TV, one of my customers came up with this requirement: What would you recommend? Thanks. Get the stream using eg VLC and restream using multicast on the LAN Regards, John ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
[c-nsp] ASA 8.3
Hi All, Shortly I will be deploying some new ASAs and came across the 8.3 release. I didn't expect that a minor release would have quite so many fundamental changes. Without looking at the release notes, migration notes (http://www.cisco.com/en/US/docs/security/asa/asa83/upgrading/migrating.html) and various blogs etc on the Internet I would have expected things to be not too different than 8.2 which I have used recently. I would appreciate any feedback from those who have deployed 8.3 as a new install or migration. I will eventually have to decide if it is better to stick with the known 8.2 or the new 8.3 (new features and new bugs) to save the pain of an update later. Ivan ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] Huawei instead of Cisco
On Wednesday 12 May 2010 10:39:27 am Pshem Kowalczyk wrote: Generally - IMHO they lack maturity at this stage. Couldn't agree more. Mark. signature.asc Description: This is a digitally signed message part. ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] Unicast Reverse Path Forwarding - Loose Mode
Hello List, Let me bounce on this thread again as I am seriously thinking about implementing uRPF loose mode / RTBH on our backbone. We have been taking on some DDoS recently, Internet is a bitch ;-) I was thinking enabling it on the interfaces towards my : - Upstream Providers, - Peerings, - Virtual-template Interfaces (my clients connect on a bunch of LNS using PPPoATM). We have a bunch 6509s acting as core routers and a bunch of 7204VXRs (NPE-400 / NPE-G1) acting as LNS border routers. Problem Is : I am concerned about performance issues. Is uRPF a big consumer of CPU / Memory ? Do you guys have ever experienced any particulars problems ? Does activating this feature cause BGP or PPP sessions to flap ? Thanks for the feedback. Best regards. Y. 2010/4/18 Mark Tinka mti...@globaltransit.net On Thursday 08 April 2010 08:48:39 pm Steve Bertrand wrote: I guess what I'm trying to say is that enabling it is good,... Agree. and I've never run into any situation where enabling loose mode has caused problems. The only problem we've had is when peering privately with other networks and you ask them to ensure they don't announce your prefixes to the general Internet (they should be kept only within their AS + their [BGP] customers). Well, what happens is that when they (mistakenly, I hope) announce your prefixes to the Internet, they become a transit path back to you. But because your private peering router does not hold a full table, inbound traffic from some soul on the Internet (who is not a customer of your peering partner) gets dropped because a route back to said soul doesn't exist in your peering router. There have been many a situation like this for us, and it's not pretty. Be watchful of your private (and public) peers when running uRPF. One could announce prefixes with a NO_EXPORT community to the peers, but this assumes they support BGP communities. Also, it could potentially mean your routes won't get into their BGP customers' networks (which is likely not what you want). Alternatively, one's peering router could hold a full table, but there's probably more to it than just simply that. Cheers, Mark. ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/ -- Youssef BENGELLOUN-ZAHR …… Ingénieur Réseaux et Télécoms Technopole de l'Aube en Champagne - BP 601 - 10901 TROYES Cedex 9 Agence Paris : 6, rue Charles Floquet - 92120 MONTROUGE Tel +33 (0) 825 000 720 Tel. direct +33 (0) 1 77 35 59 14 Tel. portable +33 (0) 6 22 42 63 80 Emaily...@720.fr …….www.720.fr ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] Unicast Reverse Path Forwarding - Loose Mode
On 05/12/2010 10:55 AM, Youssef Bengelloun-Zahr wrote: We have a bunch 6509s acting as core routers and a bunch of 7204VXRs (NPE-400 / NPE-G1) acting as LNS border routers. Problem Is : I am concerned about performance issues. Is uRPF a big consumer of CPU / Memory ? On 6500, I believe the older sup2 has half the routing table capacity with uRPF enabled, but it's otherwise done in hardware. 6500/sup720 uRPF is free. There's no CPU/memory load. I don't know about the other platforms but I would be surprised if uRPF significantly affects their forwarding performance. ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] Unicast Reverse Path Forwarding - Loose Mode
On May 12, 2010, at 6:21 AM, Phil Mayers wrote: On 05/12/2010 10:55 AM, Youssef Bengelloun-Zahr wrote: We have a bunch 6509s acting as core routers and a bunch of 7204VXRs (NPE-400 / NPE-G1) acting as LNS border routers. Problem Is : I am concerned about performance issues. Is uRPF a big consumer of CPU / Memory ? On 6500, I believe the older sup2 has half the routing table capacity with uRPF enabled, but it's otherwise done in hardware. 6500/sup720 uRPF is free. There's no CPU/memory load. I don't know about the other platforms but I would be surprised if uRPF significantly affects their forwarding performance. FYI: In sup720, if you already have interfaces in loose mode and toggle one to strict any interface with uRPF enabled goes to strict. re: SUP2, you are correct, tcam is halved in size from 256k to 128k when uRPF is enabled, if you are running bgp this can trigger software switching of packets and high cpu utilization. - Jared ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] ASA 8.3
Ivan, -Original Message- Sent: Wednesday, May 12, 2010 4:12 AM To: cisco-nsp Subject: [c-nsp] ASA 8.3 Hi All, Shortly I will be deploying some new ASAs and came across the 8.3 release. I didn't expect that a minor release would have quite so many fundamental changes. Without looking at the release notes, migration notes (http://www.cisco.com/en/US/docs/security/asa/asa83/upgrading/migrating.html) and various blogs etc on the Internet I would have expected things to be not too different than 8.2 which I have used recently. I would appreciate any feedback from those who have deployed 8.3 as a new install or migration. I will eventually have to decide if it is better to stick with the known 8.2 or the new 8.3 (new features and new bugs) to save the pain of an update later. The structure of NAT has changed so much that any non vanilla implementations are going to be very touchy. If you're using a large pool of NAT exempt addresses and calling them from a object-group, this will be expanded per entry into statements like: Nat (inside,any) source static new generated object network (not an object-group) new generated object network (not an object-group) destination static object-group name object-group name So, seeing that for the first time might come as a surprise. I ran into two NAT bugs during a migration with PAT and order of operations. CSCtf89372 is one of them, which still is not fixed in the interim. A manual re-ordering of NAT rules fixes the issues, I thought Cisco had moved on from the PIX 6.3 days, guess not. -ryan ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
[c-nsp] circuit degradation/error simulator
Hi all, sorry for the not really Cisco-related topic, but the collected expertise present on this list might once again be the solution. For some testing I'm looking for a piece of software which is capable of inserting various degradation and/or errors into a traffic stream. The setup I thought of is setting up a PC with two NIC which passes traffic between the interfaces. In the middle the software should be able to generate packetloss, delay, jitter, fragmentation, reordering and alike within the traffic stream passed on. I didn't crawl through the depths of the internet dictionary (aka Google :)) yet, but maybe someone can point to a piece to look at. kind regards, Marcus ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] circuit degradation/error simulator
This was answered in the past I think. You can use WANem for that purpose http://wanem.sourceforge.net/ -Original Message- From: cisco-nsp-boun...@puck.nether.net [mailto:cisco-nsp-boun...@puck.nether.net] On Behalf Of Marcus.Gerdon Sent: Wednesday, May 12, 2010 5:00 PM To: cisco-nsp@puck.nether.net Subject: [c-nsp] circuit degradation/error simulator Hi all, sorry for the not really Cisco-related topic, but the collected expertise present on this list might once again be the solution. For some testing I'm looking for a piece of software which is capable of inserting various degradation and/or errors into a traffic stream. The setup I thought of is setting up a PC with two NIC which passes traffic between the interfaces. In the middle the software should be able to generate packetloss, delay, jitter, fragmentation, reordering and alike within the traffic stream passed on. I didn't crawl through the depths of the internet dictionary (aka Google :)) yet, but maybe someone can point to a piece to look at. kind regards, Marcus ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/ This footnote confirms that this email message has been scanned by PineApp Mail-SeCure for the presence of malicious code, vandals computer viruses. This footnote confirms that this email message has been scanned by PineApp Mail-SeCure for the presence of malicious code, vandals computer viruses. ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] circuit degradation/error simulator
For some testing I'm looking for a piece of software which is capable of inserting various degradation and/or errors into a traffic stream. The setup I thought of is setting up a PC with two NIC which passes traffic between the interfaces. In the middle the software should be able to generate packetloss, delay, jitter, fragmentation, reordering and alike within the traffic stream passed on. A FreeBSD box with dummynet can do this nicely. http://info.iet.unipi.it/~luigi/dummynet/ Steinar Haug, Nethelp consulting, sth...@nethelp.no ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] Huawei instead of Cisco
Your biggest issue will be support and associated costs. they tend to position themselves as a cheaper option in the begining but in the long run you end up paying more for deployment, support, spares training (not easy to find guys with extensive Huawei background off the shelf as you would with cisco + Juniper). I run a mixed network Huawei NE40, NE-40E, NE80's and some GGSN's based on the same platforms. Im happy with them but having worked with cisco/juniper and Huawei and a few other vendors switching/routing gear, I'd say go with cisco unless you have a budget for the enhanced models (NE-40E and NE-80E - I have never had issues with this apart from specialized applications that cisco won't have on a router anyway) and or your environment is lighweight I however have to agree that they are slowly catching up and In a few years I suspect I'll have changed my opinion. JG ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] Unicast Reverse Path Forwarding - Loose Mode
Hey, Our 6509 boxes are equiped with SUP720-3BXLs, so it shouldn't be a problem. I am more concerned about the 7204VXRs equiped with NPE-400s or NPE-G1s. I haven't been able to find docs on the Internet related the URPF impact on performances. Thanks. Y. 2010/5/12 Jared Mauch ja...@puck.nether.net On May 12, 2010, at 6:21 AM, Phil Mayers wrote: On 05/12/2010 10:55 AM, Youssef Bengelloun-Zahr wrote: We have a bunch 6509s acting as core routers and a bunch of 7204VXRs (NPE-400 / NPE-G1) acting as LNS border routers. Problem Is : I am concerned about performance issues. Is uRPF a big consumer of CPU / Memory ? On 6500, I believe the older sup2 has half the routing table capacity with uRPF enabled, but it's otherwise done in hardware. 6500/sup720 uRPF is free. There's no CPU/memory load. I don't know about the other platforms but I would be surprised if uRPF significantly affects their forwarding performance. FYI: In sup720, if you already have interfaces in loose mode and toggle one to strict any interface with uRPF enabled goes to strict. re: SUP2, you are correct, tcam is halved in size from 256k to 128k when uRPF is enabled, if you are running bgp this can trigger software switching of packets and high cpu utilization. - Jared ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/ -- Youssef BENGELLOUN-ZAHR …… Ingénieur Réseaux et Télécoms Technopole de l'Aube en Champagne - BP 601 - 10901 TROYES Cedex 9 Agence Paris : 6, rue Charles Floquet - 92120 MONTROUGE Tel +33 (0) 825 000 720 Tel. direct +33 (0) 1 77 35 59 14 Tel. portable +33 (0) 6 22 42 63 80 Emaily...@720.fr …….www.720.fr ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
[c-nsp] Cisco Security Advisory: Multiple vulnerabilities in Cisco PGW Softswitch
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Multiple vulnerabilities in Cisco PGW Softswitch Document ID: 111870 Advisory ID: cisco-sa-20100512-pgw http://www.cisco.com/warp/public/707/cisco-sa-20100512-pgw.shtml Revision 1.0 For Public Release 2010 May 12 1600 UTC (GMT) - - Summary === Multiple vulnerabilities exist in the Cisco PGW 2200 Softswitch series of products. Each vulnerability described in this advisory is independent from other. The vulnerabilities are related to processing Session Initiation Protocol (SIP) or Media Gateway Control Protocol (MGCP) messages. Successful exploitation of all but one of these vulnerabilities can crash the affected device. Exploitation of the remaining vulnerability will not crash the affected device, but it can lead to a denial-of-service (DoS) condition in which no new TCP-based connections will be accepted or created. Cisco has released free software updates that address these vulnerabilities. There are no workarounds that mitigate these vulnerabilities. This advisory is posted at http://www.cisco.com/warp/public/707/cisco-sa-20100512-pgw.shtml Affected Products = Vulnerable Products +-- The Cisco PGW 2200 Softswitch is affected by these vulnerabilities. The following table displays information about software releases that are affected by individual vulnerabilities. Each vulnerability in the table affects all software releases prior to the release that is listed in the table. +---+ | Cisco Bug | Affects All Software | | ID | Releases Prior This | || Version(s) | |+--| | CSCsz13590 | 9.8(1)S5 | |+--| | CSCsl39126 | 9.7(3)S11| |+--| | CSCsk32606 | 9.7(3)S11| |+--| | CSCsk44115 | 9.7(3)S11, 9.7(3)P11 | |+--| | CSCsk40030 | 9.7(3)S10| |+--| | CSCsk38165 | 9.7(3)S10| |+--| | CSCsj98521 | 9.7(3)S9, 9.7(3)P9 | |+--| | CSCsk04588 | 9.7(3)S9, 9.7(3)P9 | |+--| | CSCsk13561 | 9.7(3)S9, 9.7(3)P9 | +---+ To determine the software version running on a Cisco product, log in to the device and issue the RTRV-NE command. This command displays information about the Cisco PGW 2200 Softswitch hardware, software, and current state. The following example identifies a Cisco PGW 2200 Softswitch running software release 9.7(3): mml RTRV-NE Media Gateway Controller - MGC-01 2010-04-23 11:55:00.000 M RTRV Type:MGC (Switch Mode) Hardware platform:sun4u sparc SUNW,Sun-Fire-V210 Vendor:Cisco Systems, Inc. Location:MGC-01 - Media Gateway Controller Version:9.7(3) Patch:CSCOgs028/CSCOnn028 Platform State:ACTIVE ; Products Confirmed Not Vulnerable + No other Cisco products are currently known to be affected by these vulnerabilities. In particular, Cisco IOS Software is not affected by these vulnerabilities. Details === SIP is a popular signaling protocol used to manage voice and video calls across IP networks such as the Internet. SIP is responsible for handling all aspects of call setup and termination. Voice and video are the most popular types of sessions that SIP handles, but the protocol is flexible to accommodate for other applications that require call setup and termination. SIP call signaling can use UDP (port 5060), TCP (port 5060), or Transport Layer Security (TLS; TCP port 5061) as the underlying transport protocol. MGCP is the protocol for controlling telephony gateways from external call control elements known as media gateway controllers or call agents. A telephony gateway is a network element that provides conversion between the audio signals carried on telephone circuits and data packets carried over the Internet or other packet networks. Multiple DoS vulnerabilities exist in the Cisco PGW 2200 Softswitch SIP implementation, and one vulnerability is in the MGCP implementation. The following vulnerabilities can cause affected devices to crash: * CSCsl39126 (registered customers only), CVE ID CVE-2010-0601 * CSCsk32606 (registered customers only), CVE ID CVE-2010-0602 * CSCsk40030 (registered customers only), CVE ID CVE-2010-0603 * CSCsk38165 (registered customers only), CVE ID CVE-2010-0604 * CSCsk44115 (registered customers only), CVE ID CVE-2010-1561 * CSCsj98521 (registered customers only), CVE ID CVE-2010-1562 * CSCsk04588 (registered customers only), CVE ID CVE-2010-1563 * CSCsz13590
Re: [c-nsp] circuit degradation/error simulator
On Wed, 12 May 2010 15:59:43 +0200, marcus.ger...@versatel.de wrote: Hi all, sorry for the not really Cisco-related topic, but the collected expertise present on this list might once again be the solution. For some testing I'm looking for a piece of software which is capable of inserting various degradation and/or errors into a traffic stream. The setup I thought of is setting up a PC with two NIC which passes traffic between the interfaces. In the middle the software should be able to generate packetloss, delay, jitter, fragmentation, reordering and alike within the traffic stream passed on. I didn't crawl through the depths of the internet dictionary (aka Google :)) yet, but maybe someone can point to a piece to look at. You mean something like http://wanem.sourceforge.net/ ? First hit on google for WAN emulator :) I've been using it quite extensively in my home lab setup and it is very capable. //Johan ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] circuit degradation/error simulator
NETEM is a very good choice for this. We have a test enviroment using this including automatic graphs generation with RRDtool. http://www.linuxfoundation.org/collaborate/workgroups/networking/netem 2010/5/12 sth...@nethelp.no For some testing I'm looking for a piece of software which is capable of inserting various degradation and/or errors into a traffic stream. The setup I thought of is setting up a PC with two NIC which passes traffic between the interfaces. In the middle the software should be able to generate packetloss, delay, jitter, fragmentation, reordering and alike within the traffic stream passed on. A FreeBSD box with dummynet can do this nicely. http://info.iet.unipi.it/~luigi/dummynet/http://info.iet.unipi.it/%7Eluigi/dummynet/ Steinar Haug, Nethelp consulting, sth...@nethelp.no ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/ -- []'s Lívio Zanol Puppim ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] OSPF Adjacencies
Apologies for delayed response. Output from show ip ospf interface are as folows FastEthernet0/0 is up, line protocol is up Internet Address loopback ip , Area 0 Process ID 64512, Router ID loopback ip 8, Network Type BROADCAST, Cost: 1 Transmit Delay is 1 sec, State DR, Priority 1 Designated Router (ID) loopback ip , Interface address interface ip No backup designated router on this network Timer intervals configured, Hello 10, Dead 40, Wait 40, Retransmit 5 oob-resync timeout 40 Hello due in 00:00:01 Index 6/6, flood queue length 0 Next 0x0(0)/0x0(0) Last flood scan length is 0, maximum is 0 Last flood scan time is 0 msec, maximum is 0 msec Neighbor Count is 1, Adjacent neighbor count is 0 Suppress hello for 0 neighbor(s) Message digest authentication enabled Youngest key id is 1 Loopback0 is up, line protocol is up Internet Address loopback ip , Area 0 Process ID 64512, Router ID loopback ip , Network Type LOOPBACK, Cost: 1 Loopback interface is treated as a stub Host Rgrds, Shake ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] circuit degradation/error simulator
For some testing I'm looking for a piece of software which is capable of inserting various degradation and/or errors into a traffic stream. There are a number of open source tools (Dummynet, Wanem) with fairly basic capabilities. You can also program your typical router for pure shunning; I have a Mikrotik attached to a rig on my desktop I'm using to simply choke a link down to 512K at this very moment. These are good enough for a typical what happens when this happens kind of testing. Sometimes you need more interesting test environments, and then we use Shunra Virtual Enterprise (formerly Shunra Cloud, http://www.shunra.com/) and I've also used (but don't own) Linktropy (Apposite Technologies, http://www.apposite-tech.com/) jms -- Joel M Snyder, 1404 East Lind Road, Tucson, AZ, 85719 Senior Partner, Opus One Phone: +1 520 324 0494 j...@opus1.comhttp://www.opus1.com/jms ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] Unicast Reverse Path Forwarding - Loose Mode
On Wednesday 12 May 2010 11:30:20 pm Youssef Bengelloun-Zahr wrote: I am more concerned about the 7204VXRs equiped with NPE-400s or NPE-G1s. I haven't been able to find docs on the Internet related the URPF impact on performances. We've had a couple of NPE-G1's/G2's and we run both loose and strict mode uRPF on all customer-facing interfaces. Works like a charm. We have an NPE-G2 running close to 500Mbps @ 64% CPU utilization. All traffic to/from this box goes through tons of uRPF-enabled interfaces. No major drama. IOS 12.2(33)SRC5. Cheers, Mark. signature.asc Description: This is a digitally signed message part. ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] Nexus 5000 / Nexus 2000 SFP+ with LRM
Sorry to be late to the convo here, but I can personally attest that LRM'S work fine. Our 6513 with 6704's are glued to our N5K's with Xenpack LRM, and Merge Optics (Digikey special 280 per unit) SFP+ LRM's. We bought them because for our DC LRM is the sweet spot and Cisco doesn't offer LRM. (NPH till July) N5K-DC-02# sho interface transceiver Ethernet1/1 sfp is present name is MergeOptics GmbH part number is TRX10GDL0610 revision is B00 serial number is EM0838-00247 nominal bitrate is 10300 MBits/sec Link length supported for 50/125um fiber is 220 m(s) Link length supported for 62.5/125um fiber is 220 m(s) cisco id is -- cisco extended id number is 4 Ethernet1/2 sfp is present name is MergeOptics GmbH part number is TRX10GDL0610 revision is B00 serial number is EM0848-00015 nominal bitrate is 10300 MBits/sec Link length supported for 50/125um fiber is 220 m(s) Link length supported for 62.5/125um fiber is 220 m(s) cisco id is -- cisco extended id number is 4 Ethernet1/3 sfp is present name is MergeOptics GmbH part number is TRX10GDL0610 revision is B00 serial number is EM0838-00254 nominal bitrate is 10300 MBits/sec Link length supported for 50/125um fiber is 220 m(s) Link length supported for 62.5/125um fiber is 220 m(s) cisco id is -- cisco extended id number is 4 Sho cdp neigh - TBA05520665(COH-DC-6513-02-248)Eth1/1168T S WS-C6513 11/4 Other side: (yes, that’s CatOs) 6513-720-02 (enable) sho cdp neigh 11/4 * - indicates vlan mismatch. # - indicates duplex mismatch. Port Device-ID Port-ID Platform --- - 11/4 N5K-DC-02 Ethernet1/1 N5K-C5010P-BF Sho port Port Name Status Vlan Duplex Speed Type - -- -- -- --- 11/4 Trunk NX5K-02 1/1connected trunkfull 1 10G EDC1310 How? N5K-DC-02# sho run | inc uns service unsupported-transceiver Mike -Original Message- From: cisco-nsp-boun...@puck.nether.net [mailto:cisco-nsp-boun...@puck.nether.net] On Behalf Of Nick Hilliard Sent: Monday, May 10, 2010 4:53 AM To: cisco-nsp@puck.nether.net Subject: Re: [c-nsp] Nexus 5000 / Nexus 2000 SFP+ with LRM On 10/05/2010 08:34, Marian Ďurkovič wrote: LRM SFP+ is just part of the stuff you need. For LRM to work, the switch linecard must have appropriate EDC functionality. If it's not there, it simply won't work. To give some back-ground on this, LRM is long-reach multimode. As it's multimode, modal dispersion comes into play pretty quickly, and even over relatively short distances, it causes severe signal distortion - this is one of the primary distance limiting factors of multimode. On xenpaks, x2 and xfp, the dispersion compensation is performed on the transceiver (by the EDC), and you end up with a fully digital signal being transmitted from the transceiver's electrical interface to the line card. However as the SFP+ form factor is really tiny, there isn't enough room to house various components such as an EDC or a CDR (clock / data recovery). For SFP+, these components are housed on the line card, if at all, and in many cases the line card simply won't have EDC. Perhaps the n5k main board doesn't have EDC processors, which would make it unsuitable for LRM. (One more thanks to all people who thought that analog interface between SFP+ and linecard is a good idea...) Fibre and transceiver deployments are all about choosing the appropriate technology. If you need to run fibre over longer distances, doing this over MMF probably isn't the best idea. I appreciate that lots of organisation have cartloads of legacy 62.5µ MMF and that they tend to be unhappy about the prospect of changing longer runs to use SMF, but 62.5µ wasn't designed for longer runs at very high speeds. In some senses, you might as well complain that SFP+ isn't physically large enough to house enough lasers for LX4. 10G standards like LX4 and LRM were only created to try to deal with legacy plant deployments which weren't really designed for anything more than 100M-FX. Anyone sensible MMF deployment done over the past couple of years will have been OM3, where you can use SR transceivers instead of LRM or LX4. If you need distances longer than 200m, LR + SMF is a better choice of technology to use. Nick ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/ ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at
Re: [c-nsp] circuit degradation/error simulator
If you are looking for a commercially supported solution, there is a box called a network nightmare that can simulate most of that stuff. http://networknightmare.net/ (My understanding is that its just an embedded Linux box) John -Original Message- From: cisco-nsp-boun...@puck.nether.net [mailto:cisco-nsp-boun...@puck.nether.net] On Behalf Of Marcus.Gerdon Sent: Wednesday, May 12, 2010 9:00 AM To: cisco-nsp@puck.nether.net Subject: [c-nsp] circuit degradation/error simulator Hi all, sorry for the not really Cisco-related topic, but the collected expertise present on this list might once again be the solution. For some testing I'm looking for a piece of software which is capable of inserting various degradation and/or errors into a traffic stream. The setup I thought of is setting up a PC with two NIC which passes traffic between the interfaces. In the middle the software should be able to generate packetloss, delay, jitter, fragmentation, reordering and alike within the traffic stream passed on. I didn't crawl through the depths of the internet dictionary (aka Google :)) yet, but maybe someone can point to a piece to look at. kind regards, Marcus ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/ ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
[c-nsp] seeking an advice about PIM DM riddle
Hi all. I have several 7604+RSP720+6704card(12.2SRC) installed in a ring topology as a core part of our network. There is a multicast source attached with one of that 7600 routers. The routers successfuly use PIM DM to distribute multicast streams over the ring. Here comes the riddle. There is a situation when an intermediate router don't graft several streams, that are pruned in that moment. The streams are always random. I noticed, there are no Graft messages in a log on the intermediate 7600. The reciver can get such streams at the end of prune interval only. I steered multicast to another arc of the ring to observe the situation. The problem shifted to another router. Here is the question, is there any hardware limit or a caveate I have missed concerned with the behavior I described? I will appreciate any suggestions on the situation. WBR Roman A. Nozdrin ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
[c-nsp] Per subnet rate limiting (6500) simple solution?
Looking for a simple solution to do per-subnet rate limiting where we have a bunch of subnet's on the same VLAN.. we a single output interface for this traffic facing the customers, but lots of upstream links to the internet.. so ideally everything could live on the customer interface.. Peter Kranz http://www.unwiredltd.com/ www.UnwiredLtd.com Desk: 510-868-1614 x100 Mobile: 510-207- mailto:pkr...@unwiredltd.com pkr...@unwiredltd.com ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
[c-nsp] PPPoE termination on ES+20/12.2(33)SRE1
I'm trying to terminate 802.1q tagged PPPoE sessions on a 7600 with a ES+20G card. PPPoE works fine, but large packets (ie: 1500 bytes) fail. All MTU's are 9216 throughout the path until it hits the ES+20 card. I did some initial work with this as a test on a 7200, hit the same problem, and the resolution was the use of ip tcp adjust-mss, however that does not seem to be working here. I've tried it under gi2/1 as well, with no luck. Doesn't seem to be an option under 'bba-group' for it Of course adjusting the mtu on the client pc to something small, like 1400 resolves it, but I'm looking at a mass migration of dsl customers, so that's not a feasible solution. Has anyone run into this, before I open a tac case on it? bba-group pppoe TEST-BBA virtual-template 1 vendor-tag circuit-id service vendor-tag remote-id service vendor-tag dsl-sync-rate service mac-address autoselect sessions auto cleanup ! interface GigabitEthernet2/1 mtu 9216 no ip address speed 1000 ! interface GigabitEthernet2/1.460 access description Tnwx-E5111-001 encapsulation dot1Q 460 ip tcp adjust-mss 1400 pppoe enable group TEST-BBA ip subscriber l2-connected initiator unclassified mac-address ! ! interface Virtual-Template1 ip unnumbered Loopback0 no ip proxy-arp peer default ip address pool BRAS-DSL ppp authentication chap ! ! interface Loopback0 ip address xx.xx.xx.1 255.255.255.0 ! --- -- Walter Keen ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
[c-nsp] 20 second packet delay
Well, this was a new one for me. One way packet delay of around 20 seconds on a single link. I had never thought it was possible, but just when you think you've seen it all... I have a customer with a number of sites, each with 2 x 3750 in a stack. Each stack will typically have four ethernet hand offs to Ericsson equipment which provides transparent circuits over microwave. One member of the stack will have two circuits towards one neighbouring site, the other member will have two circuits towards a different neighbouring site. The same microwave equipment provides all four circuits (potentially spread across different line cards though) although with different dishes to provide the appropriate directionality for the microwave. Each circuit has a single P2P VLAN configured on it. This generally works fine. Yesterday we had a very interesting scenario where at approximately 1200 the 3750s saw interfaces flapping on both circuits between two particular sites. From 1220, one of those circuits appeared to introduce delay in one direction of 18-23 seconds. This could be demonstrated with debugs of both CDP and ICMP traffic. The relevant interface at both ends were both manually shut/no shut and also err-disabled/no shut due to UDLD detecting a problem. I'm pretty sure all interface up/downs were seen by the 3750s at both ends. The microwave equipment is meant to relay up/down events that occur any where in the path to all ethernet ports so that is expected regardless of where the event actually occurred. It is currently not clear if the microwave equipment logged all those events or just the ones caused due to UDLD or manual action. Around 1500 we again saw interfaces flapping on both circuits between the same two sites. Around 1600 I checked the fault again and it had cleared. My assumption is that it cleared after the flapping. Ignoring the specifics of the up/down events and even if it was the Cisco or Ericsson kit that was at fault, has anyone ever seen packets held up for 20 seconds across a link? Cheers, Ray ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] 20 second packet delay
On 5/12/10 2:28 PM, Raymond Lucas wrote: Well, this was a new one for me. One way packet delay of around 20 seconds on a single link. I had never thought it was possible, but just when you think you've seen it all... You must not be familiar with RFC1149. Ignoring the specifics of the up/down events and even if it was the Cisco or Ericsson kit that was at fault, has anyone ever seen packets held up for 20 seconds across a link? http://www.blug.linux.no/rfc1149/ shows ping times in the thousands of seconds. -- Jay Hennigan - CCIE #7880 - Network Engineering - j...@impulse.net Impulse Internet Service - http://www.impulse.net/ Your local telephone and internet company - 805 884-6323 - WB6RDV ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
[c-nsp] 6 T1s in a 2851
I am trying to populate a 2851 with 6 WIC-1DSU-T1v2 Cards. The first 4 cards can fit into the WIC slots on the 2851 but I am at a loss as to how to get the 5th and 6th card in the box. One page on the Cisco site recommends using the 2851 when terminating 6 T1s. That same page also says the NM-2W will not work in a 2851. Is there a replacement for the NM-2W or is there something like a WIC-2DSU-T1v2 card available? I assume that by saying not supported that means it won't work at all, or maybe it's It will work but don't ask us for support. http://www.cisco.com/en/US/prod/collateral/routers/ps5854/prod_qas0900aecd80 169bd6.html Richey ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] 6 T1s in a 2851
On 5/12/2010 14:15, Richey wrote: I am trying to populate a 2851 with 6 WIC-1DSU-T1v2 Cards. The first 4 cards can fit into the WIC slots on the 2851 but I am at a loss as to how to get the 5th and 6th card in the box. One page on the Cisco site recommends using the 2851 when terminating 6 T1s. That same page also says the NM-2W will not work in a 2851. Is there a replacement for the NM-2W or is there something like a WIC-2DSU-T1v2 card available? HWIC-4T1/E1 http://www.cisco.com/en/US/prod/collateral/modules/ps5949/product_data_sheet0900aecd80710c77.html ~Seth ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] 6 T1s in a 2851
Thanks, That's what I am looking for. Richey -Original Message- From: cisco-nsp-boun...@puck.nether.net [mailto:cisco-nsp-boun...@puck.nether.net] On Behalf Of Seth Mattinen Sent: Wednesday, May 12, 2010 6:49 PM To: cisco-nsp@puck.nether.net Subject: Re: [c-nsp] 6 T1s in a 2851 On 5/12/2010 14:15, Richey wrote: I am trying to populate a 2851 with 6 WIC-1DSU-T1v2 Cards. The first 4 cards can fit into the WIC slots on the 2851 but I am at a loss as to how to get the 5th and 6th card in the box. One page on the Cisco site recommends using the 2851 when terminating 6 T1s. That same page also says the NM-2W will not work in a 2851. Is there a replacement for the NM-2W or is there something like a WIC-2DSU-T1v2 card available? HWIC-4T1/E1 http://www.cisco.com/en/US/prod/collateral/modules/ps5949/product_data_sheet 0900aecd80710c77.html ~Seth ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/ ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] PPPoE termination on ES+20/12.2(33)SRE1
On my pppoe virtual templates I have an 'ip mtu 1492' that would probably help. From: cisco-nsp-boun...@puck.nether.net [cisco-nsp-boun...@puck.nether.net] On Behalf Of Walter Keen [walter.k...@rainierconnect.net] Sent: Wednesday, May 12, 2010 3:38 PM To: cisco-nsp@puck.nether.net Subject: [c-nsp] PPPoE termination on ES+20/12.2(33)SRE1 I'm trying to terminate 802.1q tagged PPPoE sessions on a 7600 with a ES+20G card. PPPoE works fine, but large packets (ie: 1500 bytes) fail. All MTU's are 9216 throughout the path until it hits the ES+20 card. I did some initial work with this as a test on a 7200, hit the same problem, and the resolution was the use of ip tcp adjust-mss, however that does not seem to be working here. I've tried it under gi2/1 as well, with no luck. Doesn't seem to be an option under 'bba-group' for it Of course adjusting the mtu on the client pc to something small, like 1400 resolves it, but I'm looking at a mass migration of dsl customers, so that's not a feasible solution. Has anyone run into this, before I open a tac case on it? bba-group pppoe TEST-BBA virtual-template 1 vendor-tag circuit-id service vendor-tag remote-id service vendor-tag dsl-sync-rate service mac-address autoselect sessions auto cleanup ! interface GigabitEthernet2/1 mtu 9216 no ip address speed 1000 ! interface GigabitEthernet2/1.460 access description Tnwx-E5111-001 encapsulation dot1Q 460 ip tcp adjust-mss 1400 pppoe enable group TEST-BBA ip subscriber l2-connected initiator unclassified mac-address ! ! interface Virtual-Template1 ip unnumbered Loopback0 no ip proxy-arp peer default ip address pool BRAS-DSL ppp authentication chap ! ! interface Loopback0 ip address xx.xx.xx.1 255.255.255.0 ! --- -- Walter Keen ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/ ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
[c-nsp] Vote for me on the Cisco contest! :-)
Hi guys, vote for me, the Next-Generation technical writer, on the Cisco Share the Wealth Contest! :-) https://learningnetwork.cisco.com/community/contest CCNP EIGRP Theory is written by me. Thanks and have a nice day. :-) http://itcertguides.blogspot.com/ _ The New Busy is not the too busy. Combine all your e-mail accounts with Hotmail. http://www.windowslive.com/campaign/thenewbusy?tile=multiaccountocid=PID28326::T:WLMTAGL:ON:WL:en-US:WM_HMP:042010_4 ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] circuit degradation/error simulator
On Wed, 2010-05-12 at 11:40 -0500, cisco...@secureobscure.com wrote: If you are looking for a commercially supported solution, there is a box called a network nightmare that can simulate most of that stuff. http://networknightmare.net/ (My understanding is that its just an embedded Linux box) I've used Network Nightmare. It works pretty well. It really doesn't do anything you couldn't craft up yourself from one of the free opensource solutions already mentioned but if you don't want to be bothered rolling your own appliance and just want something prepackaged and commercial it'll do the job. I did think the pricing was a bit steep however. -- /*=[ Jake Khuon kh...@neebu.net ]=+ | Packet Plumber, Network Engineers /| / [~ [~ |) | | | | for Effective Bandwidth Utilisation / |/ [_ [_ |) |_| NETWORKS | +==*/ ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/