Re: [c-nsp] Console problems
You can't have both NPE and I/O card console interfaces to work together. I'm not sure if it's configurable but the default will be the I/O card, so if you MUST have the I/O card inserted use the console port on it and not the one on the NPE Ziv -Original Message- From: cisco-nsp-boun...@puck.nether.net [mailto:cisco-nsp-boun...@puck.nether.net] On Behalf Of Richey Sent: Thursday, June 17, 2010 6:04 AM To: cisco-nsp@puck.nether.net Subject: [c-nsp] Console problems I can't seem to come up with the right keyword combination to google this. I've got a 7206VXR with an NPE-400 and an I/O 2FE/E card. Using a Belkin USB to Serial adaptor I can watch the router boot and get to the Press Return to get Started prompt. After I hit return the interfaces go up and then admin down. After that I can't get anything out of the console. I can insert and remove a DS3 card and I will see a message saying the card was inserted and removed but I can't interact with the box. I've connected to a 3550 I have laying here and I am able to get a console session going with it. Does anyone have any ideas on this one? Everything I am googleing relates to the router crashing or hanging which this one does not seem to do. Richey ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/ This footnote confirms that this email message has been scanned by PineApp Mail-SeCure for the presence of malicious code, vandals computer viruses. This footnote confirms that this email message has been scanned by PineApp Mail-SeCure for the presence of malicious code, vandals computer viruses. ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] BGP routing table !!
Can you post your BGP settings with your peer? Do you have a maximum-prefix setting on your neighbor peer? -Original Message- From: cisco-nsp-boun...@puck.nether.net [mailto:cisco-nsp-boun...@puck.nether.net] On Behalf Of Raheel Muhammad Sent: Thursday, June 17, 2010 2:09 AM To: cisco-nsp@puck.nether.net Subject: [c-nsp] BGP routing table !! Hi guys, Might be a basic question but i couldnt find anything, i have cisco 7606 i just had a new peering with our upstream provider, but router rebooted when routes reached 300k, router is not running anything else as well. Any idea? Cisco CISCO7606-S (M8500) processor (revision 1.0) with 851968K/65536K bytes of memory. Processor board ID FOX1310G2VB BASEBOARD: RSP720 CPU: MPC8548_E, Version: 2.0, (0x80390020) CORE: E500, Version: 2.0, (0x80210020) CPU:1200MHz, CCB:400MHz, DDR:200MHz, L1:D-cache 32 kB enabled I-cache 32 kB enabled Regards ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/ This footnote confirms that this email message has been scanned by PineApp Mail-SeCure for the presence of malicious code, vandals computer viruses. This footnote confirms that this email message has been scanned by PineApp Mail-SeCure for the presence of malicious code, vandals computer viruses. ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
[c-nsp] 6506-E module provisioning
I've been searching the cisco website for this but didn't find an answer. We have a new 6506-E to replace an old one, and I'll have to move some modules between them as we don't have spare ones. Is there a way to 'provision' these modules in the config of the new router so I can just copy the old config to the new one and won't have to add the config for these modules after the cards have been switched ? The modules will move to the same slot in the new router. Greetings, Wim Holemans Network Services University of Antwerp ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] BGP routing table !!
Hi, On Thu, Jun 17, 2010 at 02:08:45AM +0300, Raheel Muhammad wrote: Might be a basic question but i couldnt find anything, i have cisco 7606 i just had a new peering with our upstream provider, but router rebooted when routes reached 300k, router is not running anything else as well. Any idea? Which IOS version? gert -- USENET is *not* the non-clickable part of WWW! //www.muc.de/~gert/ Gert Doering - Munich, Germany g...@greenie.muc.de fax: +49-89-35655025g...@net.informatik.tu-muenchen.de pgphoxjjPHy1z.pgp Description: PGP signature ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] Console problems
Hi, On Thu, Jun 17, 2010 at 09:25:43AM +0300, Ziv Leyes wrote: You can't have both NPE and I/O card console interfaces to work together. I'm not sure if it's configurable but the default will be the I/O card, so if you MUST have the I/O card inserted use the console port on it and not the one on the NPE The NPE-400 doesn't have a console port :-) - and *does* require an IO board. (Your statement is correct for NPE-G1 and NPE-G2). gert -- USENET is *not* the non-clickable part of WWW! //www.muc.de/~gert/ Gert Doering - Munich, Germany g...@greenie.muc.de fax: +49-89-35655025g...@net.informatik.tu-muenchen.de pgpvIuQqiwQgD.pgp Description: PGP signature ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] Cisco 6500 experiencing %CPU_MONITOR-SP-6-NOT_HEARD
Hello again Jeroen, Looked at the Cisco page regarding resolved caveats regarding 12.2(33)SXH rebuilds, only found entry CSCsm84267 about %CPU_MONITOR-SP-6-NOT_HEARD but the symptoms doesn't match our case. Still digging. Y. 2010/6/16 Youssef Bengelloun-Zahr yous...@720.fr We run our 6500 as core routers will full BGP feed on each and Route Reflection. Plus, each core router has multiple Internal BGP peers and multiple External BGP peers on different IXPs. Yes, CPU is slow but it does the job ;-) Thanks. Y. 2010/6/16 Phil Mayers p.may...@imperial.ac.uk On 16/06/10 14:10, Youssef Bengelloun-Zahr wrote: Hello Jeroen, Thanks for the feedback. If you can find the bug IDs, please do not hesitate to send them, it come in handy sometimes. I have been thinking of upgrading to SXI3 (why not SXI4, hey ;-) for a long time and have labed it, all my configs were correctly accepted. We are running some basic BGP / MPLS and route reflection on this router, have experienced any weird things regarding theese on SXI3 / SXI4 ? We run a BGP/MPLS network on 6500/sup720 with SXI3 (previously on SXI zero for over a year) with no problems. 2 of the routers are route reflectors (yes yes slow CPUs blah - it's ~800 routes and ~20 iBGP peers) ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/ -- Youssef BENGELLOUN-ZAHR …… Ingénieur Réseaux et Télécoms Technopole de l'Aube en Champagne - BP 601 - 10901 TROYES Cedex 9 Agence Paris : 6, rue Charles Floquet - 92120 MONTROUGE Tel +33 (0) 825 000 720 Tel. direct +33 (0) 1 77 35 59 14 Tel. portable +33 (0) 6 22 42 63 80 Emaily...@720.fr …….www.720.fr -- Youssef BENGELLOUN-ZAHR …… Ingénieur Réseaux et Télécoms Technopole de l'Aube en Champagne - BP 601 - 10901 TROYES Cedex 9 Agence Paris : 6, rue Charles Floquet - 92120 MONTROUGE Tel +33 (0) 825 000 720 Tel. direct +33 (0) 1 77 35 59 14 Tel. portable +33 (0) 6 22 42 63 80 Emaily...@720.fr …….www.720.fr ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] Cisco 6500 experiencing %CPU_MONITOR-SP-6-NOT_HEARD
On 17/06/10 10:00, Youssef Bengelloun-Zahr wrote: Hello again Jeroen, Looked at the Cisco page regarding resolved caveats regarding 12.2(33)SXH rebuilds, only found entry CSCsm84267 about %CPU_MONITOR-SP-6-NOT_HEARD but the symptoms doesn't match our case. Still digging. Well, my comment was related to whether SXI worked for the feature set you asked about, rather than your original %CPU_MONITOR issue. Having said that: I'm fairly sure the SXH and SXI have significant differences in the way IPC happens, some of which is related to ISSU, some of which seems to be more aggressive monitoring (or even just logging of such) We've had %XDR_* errors where standby supervisors go away; TAC claimed it was a hardware fault, but to my mind that's not credible, especially since the hardware passes full GOLD diags in our test chassis, and various combinations of reboots and upgrades made it go away. [Having said that: TAC basically say duh RMA the sup about 50% of the time in cases like this. Some engineers seem to think memory corruption twice in a row means hardware fault, because of course memory corruption can't come from a software bug. We end up having to explain memory santiy debug to them, and the fact that corruption might not have been caused by the process that triggered the traceback...] In short; I think all this infrastructure changed from SXF to SXH/SXI and I think the early versions had bugs. I know from past experience that Cisco don't necessarily expose all bugs fixed in the bug toolkit, so there may be a bug that matches yours and I'd just upgrade and see if it stops. ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] BGP routing table !!
Hi, The version is c7600rsp72043-advipservicesk9-mz.122-33.SRD.bin. No i did not set maximum prefix option under BGP. Thanks On Thu, Jun 17, 2010 at 11:08 AM, Gert Doering g...@greenie.muc.de wrote: Hi, On Thu, Jun 17, 2010 at 02:08:45AM +0300, Raheel Muhammad wrote: Might be a basic question but i couldnt find anything, i have cisco 7606 i just had a new peering with our upstream provider, but router rebooted when routes reached 300k, router is not running anything else as well. Any idea? Which IOS version? gert -- USENET is *not* the non-clickable part of WWW! // www.muc.de/~gert/ Gert Doering - Munich, Germany g...@greenie.muc.de fax: +49-89-35655025 g...@net.informatik.tu-muenchen.de ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] BGP routing table !!
On 17/06/10 00:08, Raheel Muhammad wrote: Hi guys, Might be a basic question but i couldnt find anything, i have cisco 7606 i just had a new peering with our upstream provider, but router rebooted when routes reached 300k, router is not running anything else as well. Any idea? That's pretty vague. Did the router log anything before rebooting? I assume you have syslog setup? Did you have anything attached to the serial console, and if so did it output anything? What does sh ver say with regards the last reload reason? e.g. ac-core#sh ver snip System returned to ROM by power cycle at 07:01:04 BST Tue Jun 8 2010 (SP by power on) System restarted at 07:12:11 BST Tue Jun 8 2010 System image file is ... Last reload reason: Reason unspecified Are there any crashinfo files? Try: dir bootflash: dir sup-bootflash: You say routes reached 300k - are you running XL PFC DFCs? What does: sh platform hardware pfc mode ...say? ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] BGP routing table !!
Do you use AS path access list? Can you post it? -- ogion 2010/6/17 Raheel Muhammad raheel.muham...@gmail.com: Hi, The version is c7600rsp72043-advipservicesk9-mz.122-33.SRD.bin. No i did not set maximum prefix option under BGP. Thanks On Thu, Jun 17, 2010 at 11:08 AM, Gert Doering g...@greenie.muc.de wrote: Hi, On Thu, Jun 17, 2010 at 02:08:45AM +0300, Raheel Muhammad wrote: Might be a basic question but i couldnt find anything, i have cisco 7606 i just had a new peering with our upstream provider, but router rebooted when routes reached 300k, router is not running anything else as well. Any idea? Which IOS version? gert -- USENET is *not* the non-clickable part of WWW! // www.muc.de/~gert/ Gert Doering - Munich, Germany g...@greenie.muc.de fax: +49-89-35655025 g...@net.informatik.tu-muenchen.de ___ cisco-nsp mailing list cisco-...@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/ ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] BGP routing table !!
Hi, Cisco CISCO7606-S (M8500) processor (revision 1.0) with 851968K/65536K bytes of memory. Processor board ID FOX1310G2VB BASEBOARD: RSP720 CPU: MPC8548_E, Version: 2.0, (0x80390020) CORE: E500, Version: 2.0, (0x80210020) CPU:1200MHz, CCB:400MHz, DDR:200MHz, L1:D-cache 32 kB enabled I-cache 32 kB enabled Last reset from s/w reset 2 SIP-400 controllers (5 GigabitEthernet)(5 POS). 1 Virtual Ethernet interface 9 Gigabit Ethernet interfaces 5 Packet over SONET interfaces 3964K bytes of non-volatile configuration memory. 507024K bytes of Internal ATA PCMCIA card (Sector size 512 bytes). Configuration register is 0x2102 #sh platform hardware pfc mode PFC operating mode : PFC3C No i am not using AS path access-list, its just a straight forward configuration with route-maps having prefix-lists in it. Regards, Raheel On Thu, Jun 17, 2010 at 1:36 PM, Phil Mayers p.may...@imperial.ac.ukwrote: On 17/06/10 00:08, Raheel Muhammad wrote: Hi guys, Might be a basic question but i couldnt find anything, i have cisco 7606 i just had a new peering with our upstream provider, but router rebooted when routes reached 300k, router is not running anything else as well. Any idea? That's pretty vague. Did the router log anything before rebooting? I assume you have syslog setup? Did you have anything attached to the serial console, and if so did it output anything? What does sh ver say with regards the last reload reason? e.g. ac-core#sh ver snip System returned to ROM by power cycle at 07:01:04 BST Tue Jun 8 2010 (SP by power on) System restarted at 07:12:11 BST Tue Jun 8 2010 System image file is ... Last reload reason: Reason unspecified Are there any crashinfo files? Try: dir bootflash: dir sup-bootflash: You say routes reached 300k - are you running XL PFC DFCs? What does: sh platform hardware pfc mode ...say? ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/ ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] BGP routing table !!
On Thu, 2010-06-17 at 14:18 +0300, Raheel Muhammad wrote: Got the issue, but what would be the work around for this? Mqaximum i am allowed is 223K. You need an XL size TCAM to hold more then 239k routes. You can adjust the TCAM partitioning up to that from 223k with mls cef maximum-routes ip 239, but there isn't really much point in that now. Otherwise you'd have to employ filtering on your BGP sessions, e.g. discarding /24 prefixes or longer. You will then need a default route to something that has full reachability, and you will have to accept less than optimal routing in some cases. -- Peter ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] BGP routing table !!
Dear All, Thanks for the replies but it looks like i have to upgrade the RSP but can anyone tell me that the limitation is for the routes which will be installed in forwarding table for. e.g. if i am receiving 3 routing tables so it will be 3xlimit or limit will only be for what is installed in the forwarding table. Regards On Thu, Jun 17, 2010 at 2:46 PM, Marcus.Gerdon marcus.ger...@versatel.dewrote: Raheel, I'm not sure about RSP720 models available ad hoc, but based on Sup720 the basic hardware only allows for 256k routes at most. Only having a -XL version allows for 1m of (v4) routes. Your output only shows 'PFC-3C mode' - which tells the current operational limit is 256k, but doesn't tell about maximum capacity possible in hardware. If you do have a XL deployed (look for PFC-3CXL in 'sh mod') just follow the hint given in the error message: use 'mls cef maximum-routes' to increase the number of forwarding entries allowed in hardware. Should you have got a non-XL and RSP720 being equal to Sup720 in regards to capacity (that's the 256k max) you'll need to swap RSP to handle a full BGP table. Also pay attention to the combination of RSP and DFC's equipped. A XL-RSP will operate in non-XL-mode as soon as even a single non-XL-DFC is installed in the chassis. regards, Marcus -Ursprüngliche Nachricht- Von: cisco-nsp-boun...@puck.nether.net [mailto:cisco-nsp-boun...@puck.nether.net] Im Auftrag von Raheel Muhammad Gesendet: Donnerstag, 17. Juni 2010 13:18 An: Phil Mayers Cc: cisco-nsp@puck.nether.net Betreff: Re: [c-nsp] BGP routing table !! Hi, Got the issue, but what would be the work around for this? Mqaximum i am allowed is 223K. 12:44:10.257: %MLSCEF-SP-4-FIB_EXCEPTION_THRESHOLD: Hardware CEF entry usage is at 95% capacity for MPLS protocol. 12:44:09.650: %MLSCEF-SP-STDBY-4-FIB_EXCEPTION_THRESHOLD: Hardware CEF entry usage is at 95% capacity for MPLS protocol. 12:44:13.182: %CFIB-SP-STDBY-3-CFIB_EXCEPTION: FIB TCAM exception for IPv4 unicast. Packets through some routes will be dropped. Use mls cef maximum-routes to modify the FIB TCAM partition or/and consider a hardware upgred. Examine your network and collect the necessary information from this setup. The only way to recover from this state is by reload the router. 12:44:12.913: %CFIB-SP-3-CFIB_EXCEPTION: FIB TCAM exception for IPv4 unicast. Packets through some routes will be dropped. Use mls cef maximum-routes to modify the FIB TCAM partition or/and consider a hardware upgred. Examine your network and collect the necessary information from this setup. The only way to recover from this state is by reload the router. Regards, Raheel On Thu, Jun 17, 2010 at 1:51 PM, Raheel Muhammad raheel.muham...@gmail.comwrote: Hi, Cisco CISCO7606-S (M8500) processor (revision 1.0) with 851968K/65536K bytes of memory. Processor board ID FOX1310G2VB BASEBOARD: RSP720 CPU: MPC8548_E, Version: 2.0, (0x80390020) CORE: E500, Version: 2.0, (0x80210020) CPU:1200MHz, CCB:400MHz, DDR:200MHz, L1:D-cache 32 kB enabled I-cache 32 kB enabled Last reset from s/w reset 2 SIP-400 controllers (5 GigabitEthernet)(5 POS). 1 Virtual Ethernet interface 9 Gigabit Ethernet interfaces 5 Packet over SONET interfaces 3964K bytes of non-volatile configuration memory. 507024K bytes of Internal ATA PCMCIA card (Sector size 512 bytes). Configuration register is 0x2102 #sh platform hardware pfc mode PFC operating mode : PFC3C No i am not using AS path access-list, its just a straight forward configuration with route-maps having prefix-lists in it. Regards, Raheel On Thu, Jun 17, 2010 at 1:36 PM, Phil Mayers p.may...@imperial.ac.ukwrote: On 17/06/10 00:08, Raheel Muhammad wrote: Hi guys, Might be a basic question but i couldnt find anything, i have cisco 7606 i just had a new peering with our upstream provider, but router rebooted when routes reached 300k, router is not running anything else as well. Any idea? That's pretty vague. Did the router log anything before rebooting? I assume you have syslog setup? Did you have anything attached to the serial console, and if so did it output anything? What does sh ver say with regards the last reload reason? e.g. ac-core#sh ver snip System returned to ROM by power cycle at 07:01:04 BST Tue Jun 8 2010 (SP by power on) System restarted at 07:12:11 BST Tue Jun 8 2010 System image file is ... Last reload reason: Reason unspecified Are there any crashinfo files? Try: dir bootflash: dir sup-bootflash: You say routes reached 300k - are you running XL PFC DFCs? What does: sh platform hardware pfc mode ...say? ___
[c-nsp] Alert: Correction
An employee of The University of Toledo, Jason Mishka, transmitted a message to this listserv on January 15, 2010, giving his personal opinion about Bluecat Networks products. It has since been published on other listservs and re-transmitted without authorization to other sites/forums. His assessments and statements are his opinion and NOT that of The University of Toledo. The University of Toledo does not agree with or support his opinion. Businesses deciding whether to utilize Bluecat Networks products should not rely upon his opinion message in any way. We would appreciate it if all remarks were disregarded and if possible, removed from the listserv. Thank you. VP IT/CIO. ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] BGP routing table !!
On 17/06/10 12:18, Raheel Muhammad wrote: Hi, Got the issue, but what would be the work around for this? Mqaximum i am allowed is 223K. This is one issue; your router is incapable of 300k routes. The only solution is to: 1. Upgrade your Sup linecards DFCs to -XL models 2. Remove some routes using a route-map However - AFAIK TCAM exceptions don't normally crash the box; they just bring it to a halt as the CPU forwards traffic for routes which don't fit. ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] 6506-E module provisioning
Hello, I've been searching the cisco website for this but didn't find an answer. We have a new 6506-E to replace an old one, and I'll have to move some modules between them as we don't have spare ones. Is there a way to 'provision' these modules in the config of the new router so I can just copy the old config to the new one and won't have to add the config for these modules after the cards have been switched ? The modules will move to the same slot in the new router. If the 6506-E is not yet live, you could copy startup-config to flash:/ or ftp:// and then copy it back to startup-config on the new 6506 Supervisor. At that point I would reboot the device to verify that it tries to load the configuration and that boot variables haven't been upset. Once that looks good, power the chassis back down, move the cards over, boot it back up and compare configs to make sure everything took. Rancid is excellent for this, but you could also use UN*X diff. Newer IOS allows you to compare from the console with: show archive config differences nvram:startup-config system:running-config If the 6506-E is already live and in production you could still copy the startup-config off to an FTP server, edit the file to only include the relevant interfaces, and then copy it back to _running-config_, but you will have to no shutdown the interfaces. HTH Cory Greetings, Wim Holemans Network Services University of Antwerp ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/ ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] BGP routing table !!
Raheel, I'm not sure about RSP720 models available ad hoc, but based on Sup720 the basic hardware only allows for 256k routes at most. Only having a -XL version allows for 1m of (v4) routes. Your output only shows 'PFC-3C mode' - which tells the current operational limit is 256k, but doesn't tell about maximum capacity possible in hardware. If you do have a XL deployed (look for PFC-3CXL in 'sh mod') just follow the hint given in the error message: use 'mls cef maximum-routes' to increase the number of forwarding entries allowed in hardware. Should you have got a non-XL and RSP720 being equal to Sup720 in regards to capacity (that's the 256k max) you'll need to swap RSP to handle a full BGP table. Also pay attention to the combination of RSP and DFC's equipped. A XL-RSP will operate in non-XL-mode as soon as even a single non-XL-DFC is installed in the chassis. regards, Marcus -Ursprüngliche Nachricht- Von: cisco-nsp-boun...@puck.nether.net [mailto:cisco-nsp-boun...@puck.nether.net] Im Auftrag von Raheel Muhammad Gesendet: Donnerstag, 17. Juni 2010 13:18 An: Phil Mayers Cc: cisco-nsp@puck.nether.net Betreff: Re: [c-nsp] BGP routing table !! Hi, Got the issue, but what would be the work around for this? Mqaximum i am allowed is 223K. 12:44:10.257: %MLSCEF-SP-4-FIB_EXCEPTION_THRESHOLD: Hardware CEF entry usage is at 95% capacity for MPLS protocol. 12:44:09.650: %MLSCEF-SP-STDBY-4-FIB_EXCEPTION_THRESHOLD: Hardware CEF entry usage is at 95% capacity for MPLS protocol. 12:44:13.182: %CFIB-SP-STDBY-3-CFIB_EXCEPTION: FIB TCAM exception for IPv4 unicast. Packets through some routes will be dropped. Use mls cef maximum-routes to modify the FIB TCAM partition or/and consider a hardware upgred. Examine your network and collect the necessary information from this setup. The only way to recover from this state is by reload the router. 12:44:12.913: %CFIB-SP-3-CFIB_EXCEPTION: FIB TCAM exception for IPv4 unicast. Packets through some routes will be dropped. Use mls cef maximum-routes to modify the FIB TCAM partition or/and consider a hardware upgred. Examine your network and collect the necessary information from this setup. The only way to recover from this state is by reload the router. Regards, Raheel On Thu, Jun 17, 2010 at 1:51 PM, Raheel Muhammad raheel.muham...@gmail.comwrote: Hi, Cisco CISCO7606-S (M8500) processor (revision 1.0) with 851968K/65536K bytes of memory. Processor board ID FOX1310G2VB BASEBOARD: RSP720 CPU: MPC8548_E, Version: 2.0, (0x80390020) CORE: E500, Version: 2.0, (0x80210020) CPU:1200MHz, CCB:400MHz, DDR:200MHz, L1:D-cache 32 kB enabled I-cache 32 kB enabled Last reset from s/w reset 2 SIP-400 controllers (5 GigabitEthernet)(5 POS). 1 Virtual Ethernet interface 9 Gigabit Ethernet interfaces 5 Packet over SONET interfaces 3964K bytes of non-volatile configuration memory. 507024K bytes of Internal ATA PCMCIA card (Sector size 512 bytes). Configuration register is 0x2102 #sh platform hardware pfc mode PFC operating mode : PFC3C No i am not using AS path access-list, its just a straight forward configuration with route-maps having prefix-lists in it. Regards, Raheel On Thu, Jun 17, 2010 at 1:36 PM, Phil Mayers p.may...@imperial.ac.ukwrote: On 17/06/10 00:08, Raheel Muhammad wrote: Hi guys, Might be a basic question but i couldnt find anything, i have cisco 7606 i just had a new peering with our upstream provider, but router rebooted when routes reached 300k, router is not running anything else as well. Any idea? That's pretty vague. Did the router log anything before rebooting? I assume you have syslog setup? Did you have anything attached to the serial console, and if so did it output anything? What does sh ver say with regards the last reload reason? e.g. ac-core#sh ver snip System returned to ROM by power cycle at 07:01:04 BST Tue Jun 8 2010 (SP by power on) System restarted at 07:12:11 BST Tue Jun 8 2010 System image file is ... Last reload reason: Reason unspecified Are there any crashinfo files? Try: dir bootflash: dir sup-bootflash: You say routes reached 300k - are you running XL PFC DFCs? What does: sh platform hardware pfc mode ...say? ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/ ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/ ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp
Re: [c-nsp] BGP routing table !!
Looks like you're using a RSP720-3C, which has that TCAM limitation. You need RSP720-3CXL do take more routes. -Original Message- From: cisco-nsp-boun...@puck.nether.net [mailto:cisco-nsp-boun...@puck.nether.net] On Behalf Of Raheel Muhammad Sent: 17 June 2010 12:18 To: Phil Mayers Cc: cisco-nsp@puck.nether.net Subject: Re: [c-nsp] BGP routing table !! Hi, Got the issue, but what would be the work around for this? Mqaximum i am allowed is 223K. 12:44:10.257: %MLSCEF-SP-4-FIB_EXCEPTION_THRESHOLD: Hardware CEF entry usage is at 95% capacity for MPLS protocol. 12:44:09.650: %MLSCEF-SP-STDBY-4-FIB_EXCEPTION_THRESHOLD: Hardware CEF entry usage is at 95% capacity for MPLS protocol. 12:44:13.182: %CFIB-SP-STDBY-3-CFIB_EXCEPTION: FIB TCAM exception for IPv4 unicast. Packets through some routes will be dropped. Use mls cef maximum-routes to modify the FIB TCAM partition or/and consider a hardware upgred. Examine your network and collect the necessary information from this setup. The only way to recover from this state is by reload the router. 12:44:12.913: %CFIB-SP-3-CFIB_EXCEPTION: FIB TCAM exception for IPv4 unicast. Packets through some routes will be dropped. Use mls cef maximum-routes to modify the FIB TCAM partition or/and consider a hardware upgred. Examine your network and collect the necessary information from this setup. The only way to recover from this state is by reload the router. Regards, Raheel On Thu, Jun 17, 2010 at 1:51 PM, Raheel Muhammad raheel.muham...@gmail.comwrote: Hi, Cisco CISCO7606-S (M8500) processor (revision 1.0) with 851968K/65536K bytes of memory. Processor board ID FOX1310G2VB BASEBOARD: RSP720 CPU: MPC8548_E, Version: 2.0, (0x80390020) CORE: E500, Version: 2.0, (0x80210020) CPU:1200MHz, CCB:400MHz, DDR:200MHz, L1:D-cache 32 kB enabled I-cache 32 kB enabled Last reset from s/w reset 2 SIP-400 controllers (5 GigabitEthernet)(5 POS). 1 Virtual Ethernet interface 9 Gigabit Ethernet interfaces 5 Packet over SONET interfaces 3964K bytes of non-volatile configuration memory. 507024K bytes of Internal ATA PCMCIA card (Sector size 512 bytes). Configuration register is 0x2102 #sh platform hardware pfc mode PFC operating mode : PFC3C No i am not using AS path access-list, its just a straight forward configuration with route-maps having prefix-lists in it. Regards, Raheel On Thu, Jun 17, 2010 at 1:36 PM, Phil Mayers p.may...@imperial.ac.ukwrote: On 17/06/10 00:08, Raheel Muhammad wrote: Hi guys, Might be a basic question but i couldnt find anything, i have cisco 7606 i just had a new peering with our upstream provider, but router rebooted when routes reached 300k, router is not running anything else as well. Any idea? That's pretty vague. Did the router log anything before rebooting? I assume you have syslog setup? Did you have anything attached to the serial console, and if so did it output anything? What does sh ver say with regards the last reload reason? e.g. ac-core#sh ver snip System returned to ROM by power cycle at 07:01:04 BST Tue Jun 8 2010 (SP by power on) System restarted at 07:12:11 BST Tue Jun 8 2010 System image file is ... Last reload reason: Reason unspecified Are there any crashinfo files? Try: dir bootflash: dir sup-bootflash: You say routes reached 300k - are you running XL PFC DFCs? What does: sh platform hardware pfc mode ...say? ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/ ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/ ** This e-mail message and any attachments are confidential. Dissemination, distribution or copying of this e-mail or any attachments by anyone other than the intended recipient is prohibited. If you are not the intended recipient, please notify Ipreo immediately by replying to this e-mail, and destroy all copies of this e-mail and any attachments. Thank you! ** ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] BGP routing table !!
Raheel, only the forwarding table built will be copied into the FIB TCAM (plus some overhead possibly, but that can be ignored as far as I can see on our routers). regards, Marcus Von: Raheel Muhammad [mailto:raheel.muham...@gmail.com] Gesendet: Donnerstag, 17. Juni 2010 13:56 An: Marcus.Gerdon Cc: cisco-nsp@puck.nether.net Betreff: Re: [c-nsp] BGP routing table !! Dear All, Thanks for the replies but it looks like i have to upgrade the RSP but can anyone tell me that the limitation is for the routes which will be installed in forwarding table for. e.g. if i am receiving 3 routing tables so it will be 3xlimit or limit will only be for what is installed in the forwarding table. Regards On Thu, Jun 17, 2010 at 2:46 PM, Marcus.Gerdon marcus.ger...@versatel.de wrote: Raheel, I'm not sure about RSP720 models available ad hoc, but based on Sup720 the basic hardware only allows for 256k routes at most. Only having a -XL version allows for 1m of (v4) routes. Your output only shows 'PFC-3C mode' - which tells the current operational limit is 256k, but doesn't tell about maximum capacity possible in hardware. If you do have a XL deployed (look for PFC-3CXL in 'sh mod') just follow the hint given in the error message: use 'mls cef maximum-routes' to increase the number of forwarding entries allowed in hardware. Should you have got a non-XL and RSP720 being equal to Sup720 in regards to capacity (that's the 256k max) you'll need to swap RSP to handle a full BGP table. Also pay attention to the combination of RSP and DFC's equipped. A XL-RSP will operate in non-XL-mode as soon as even a single non-XL-DFC is installed in the chassis. regards, Marcus -Ursprüngliche Nachricht- Von: cisco-nsp-boun...@puck.nether.net [mailto:cisco-nsp-boun...@puck.nether.net] Im Auftrag von Raheel Muhammad Gesendet: Donnerstag, 17. Juni 2010 13:18 An: Phil Mayers Cc: cisco-nsp@puck.nether.net Betreff: Re: [c-nsp] BGP routing table !! Hi, Got the issue, but what would be the work around for this? Mqaximum i am allowed is 223K. 12:44:10.257: %MLSCEF-SP-4-FIB_EXCEPTION_THRESHOLD: Hardware CEF entry usage is at 95% capacity for MPLS protocol. 12:44:09.650: %MLSCEF-SP-STDBY-4-FIB_EXCEPTION_THRESHOLD: Hardware CEF entry usage is at 95% capacity for MPLS protocol. 12:44:13.182: %CFIB-SP-STDBY-3-CFIB_EXCEPTION: FIB TCAM exception for IPv4 unicast. Packets through some routes will be dropped. Use mls cef maximum-routes to modify the FIB TCAM partition or/and consider a hardware upgred. Examine your network and collect the necessary information from this setup. The only way to recover from this state is by reload the router. 12:44:12.913: %CFIB-SP-3-CFIB_EXCEPTION: FIB TCAM exception for IPv4 unicast. Packets through some routes will be dropped. Use mls cef maximum-routes to modify the FIB TCAM partition or/and consider a hardware upgred. Examine your network and collect the necessary information from this setup. The only way to recover from this state is by reload the router. Regards, Raheel On Thu, Jun 17, 2010 at 1:51 PM, Raheel Muhammad raheel.muham...@gmail.comwrote: Hi, Cisco CISCO7606-S (M8500) processor (revision 1.0) with 851968K/65536K bytes of memory. Processor board ID FOX1310G2VB BASEBOARD: RSP720 CPU: MPC8548_E, Version: 2.0, (0x80390020) CORE: E500, Version: 2.0, (0x80210020) CPU:1200MHz, CCB:400MHz, DDR:200MHz, L1:D-cache 32 kB enabled I-cache 32
Re: [c-nsp] Alert: Correction
Jun Kemail junkemail...@gmail.com wrote: An employee of The University of Toledo, Jason Mishka, transmitted a message to this listserv on January 15, 2010, giving his personal opinion about Bluecat Networks products. It has since been published on other listservs and re-transmitted without authorization to other sites/forums. His assessments and statements are his opinion and NOT that of The University of Toledo. This is almost edging on a kind of Streisand effect[1]... The University of Toledo does not agree with or support his opinion. Businesses deciding whether to utilize Bluecat Networks products should not rely upon his opinion message in any way. We would appreciate it if all remarks were disregarded and if possible, removed from the listserv. Thank you. VP IT/CIO. From a Gborg account, especially one called 'Jun kEmail'? Assuming this is a legit email, if you plan on making official statements regarding an employee's obviously personal opinion[2], it is probably more effective in my view to consider using your organisation's email address? As for the Bluecat Networks' sales droids who, in my opinion, obviously pressed for this statement to be released, congratulations It is this attempt to censor opinion rather than to actually improve your customers opinion of you that has guaranteed I will not even look at your product line. Cheers [1] http://en.wikipedia.org/wiki/Streisand_effect [2] *I'd* recommend against a bluecat appliance based on our experience. -- Alexander Clouter .sigmonster says: A fool and your money are soon partners. ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
[c-nsp] BGP Scanner running amok
Hi, Following yesterday's issue with BGP full feed, I have updated the IOS from SRD3 to SRE1 on the Cisco 7606 (RSP720-3CXL). The BGP continuous resets have been resolved but now I have a mad BGP Scanner. It is running constantly consuming over 60% of my CPU. c7600#sh proc cpu | e 0.00 CPU utilization for five seconds: 99%/2%; one minute: 99%; five minutes: 99% PID Runtime(ms) Invoked uSecs 5Sec 1Min 5Min TTY Process 8 332596 17885 18596 1.59% 0.99% 0.95% 0 Check heaps 13 48648 232252209 0.15% 0.13% 0.15% 0 ARP Input 221 11188 39246285 0.07% 0.04% 0.05% 0 IP ARP Adjacency 223 342396 3957629 86 1.03% 1.04% 1.02% 0 IP Input 259 30712 3542903 8 0.07% 0.09% 0.07% 0 Ethernet Msec Ti 340 166323284 5064 0.15% 0.05% 0.05% 0 QoS stats proces 468 4327380 4895130884 14.07% 13.71% 13.43% 0 BGP Router 491 12072 134101 90 0.07% 0.03% 0.02% 0 Port manager per 497 1531916 4876536314 4.55% 4.39% 4.32% 0 BGP I/O 511 10380 61690168 0.07% 0.05% 0.01% 0 IP SNMP 551 14300 804916 17 0.07% 0.06% 0.02% 0 SNMP ENGINE 555 12756 1933774 6 0.15% 0.20% 0.21% 0 HSRP Common 556 17816 836123 21 0.07% 0.05% 0.05% 0 HSRP IPv4 557 5214300 4875375 1069 16.23% 15.80% 15.46% 0 BGP Task 55818923640 4869667 3886 58.31% 57.58% 56.41% 0 BGP Scanner c7600# also it is sending lots and lot of updates to a number of my peers. Basically I have a particular peer who was sent 6,000,000 updates in 6 hours! Did anyhow experiencing something similar? Tks/rgds Gordon ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
[c-nsp] Weird ACL behaviour
Hi all, I'm facing a strange behaviour on an ACL just wanted to know if someone has encountered a similar issue? Here're the facts: I'm using a Cisco 6509 on SXI2, I've setup Netflow to collect and send traffic to a collector. The collector is on my management network. The relevant configs: [...snip...] mls netflow interface mls flow ip interface-full mls nde sender [... some interfaces has ip flow ingress configured...] interface FastEthernet3/48 description Management Network ip address 10.16.x.y 255.255.255.0 ip access-group Management out no ip proxy-arp ip flow-export source FastEthernet3/48 ip flow-export version 9 origin-as ip flow-export destination 10.16.x.z 9995 ip access-list extended Management deny ip any any with this configuration in place the collector only receives flows generated by CPU switch traffic. All the traffic generated by the mls nde sender command does get blocked by the ACL. As soon as I remove the ACL the traffic flows fine. I was under the assumption that traffic generated by the router was not affected by the ACLs, and in fact all the rest of the traffic is fine... Maybe I'm catching a bug here, or is that written somewhere that packets created by the mls gets blocked by ACLs? Cheers, ]\/[arco -- I'm Winston Wolf, I solve problems. ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] Alert: Correction
Interesting. If it were an official statement, I'm sure it would come from a university of toledo account vs gmail :) Just so everyone knows it's not really possible to un-ring the bell of this type of thing posted to the list. Lots of other people (markmail etc) seem to archive the list as well. If anyone has questions about the policies that I use to run the lists, please send me a note in private. - Jared (Who once commented on a poorly performing vendor who was never able to fix their problem for us and we returned it, but they still griped about my truthful post). On Jun 17, 2010, at 8:01 AM, Jun Kemail wrote: An employee of The University of Toledo, Jason Mishka, transmitted a message to this listserv on January 15, 2010, giving his personal opinion about Bluecat Networks products. It has since been published on other listservs and re-transmitted without authorization to other sites/forums. His assessments and statements are his opinion and NOT that of The University of Toledo. The University of Toledo does not agree with or support his opinion. Businesses deciding whether to utilize Bluecat Networks products should not rely upon his opinion message in any way. We would appreciate it if all remarks were disregarded and if possible, removed from the listserv. Thank you. VP IT/CIO. ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/ ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] Continous BGP session resets on SRD3
It happens when you peer with GSR with _particular_(my personal assumption) version and your IOS do not support 4byte AS. The problem was caused by malicious update from one AS which disappeared from internet table yesterday after 4 or 5 hours. Gordon Bezzina wrote: Hi, The other end is a GSR, but I do not have control on. Anyhow performed emergency upgrade my 7600 from SRD3 to SRE1, did the trick. It now works without any problems. Thanks to all. Best Regards Gordon ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] Alert: Correction
On Thu, 2010-06-17 at 09:28 -0400, Jared Mauch wrote: Interesting. If it were an official statement, I'm sure it would come from a university of toledo account vs gmail :) Are you saying that Junk Email^H^H^H. I mean Jun Kemail is NOT a University of Toledo employee!? :) -- Matt Zagrabelny - mzagr...@d.umn.edu - (218) 726 8844 University of Minnesota Duluth Information Technology Systems Services PGP key 4096R/42A00942 2009-12-16 Fingerprint: 5814 2CCE 2383 2991 83FF C899 07E2 BFA8 42A0 0942 He is not a fool who gives up what he cannot keep to gain what he cannot lose. -Jim Elliot signature.asc Description: This is a digitally signed message part ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] Continous BGP session resets on SRD3
We are working to get some clarification on this. In the interim... Can anyone prove they saw this when either: a) The upstream speaker did not have the AS Path limit configured to something lower (say less than 200)? b) The upstream speaker was running with code *newer* than one of these: 15.1(01.07.01)PIA14 15.1(01.05.01)PIA13 15.1(01)XB 15.0(01.01)SID 15.0(01)M 12.4(24.06.06)PIL12 12.4(24.06.05)PIB12 12.4(24.06)PI11l 12.2(33.01.21)MCP05 12.2(33)ZI 12.2(33)XNE 12.2(33)SXI02 12.2(32.08.17)REC186 12.2(32.08.15)YCA273.10 12.2(32.08.11)XJC273.11 12.2(32.08.11)SX277 12.2(32.08.06)YCA246.10 12.2(32.08.01)YCA273.15 12.0(32)SY10 From what Shimol and I appear to have gleaned so far it's an issue between a 4byte AS (new) speaker and and non 4 byte (old) speaker *and* the 4byte AS (new) upstream speaker is on a version of code older than one of the ones above. Can folks confirm/deny if their deployment where they saw this either did or did not match those conditions above? Read it carefully as it can be tricky. Thanks, Rodney On 6/17/10 12:19 AM, Gordon Bezzina wrote: Hi, The other end is a GSR, but I do not have control on. Anyhow performed emergency upgrade my 7600 from SRD3 to SRE1, did the trick. It now works without any problems. Thanks to all. Best Regards Gordon -Original Message- From: John van Oppen [mailto:jvanop...@spectrumnet.us] Sent: L-Erbgħa, 16 ta' Ġunju 2010 17:43 To: Kostas Fotiadis; Gordon Bezzina Cc: cisco-nsp@puck.nether.net Subject: RE: [c-nsp] Continous BGP session resets on SRD3 We saw this issue about 8 hours ago too... It appeared to affect GSRs running anything older than gsr-k4p-mz.120-32.SY9.bin as well as 7200s running non-current versions of IOS. Our 6500s were all fine but they are all running at least s72033-adventerprisek9_wan-mz.122-33.SXI1.bin. This sure looked like it was tickling CSCeh13489 but we already limit the maximum AS-path length to well-under 255 and that did not seem to protect us. We ended up doing an emergency upgrade of the GSRs involved. John van Oppen Spectrum Networks Direct: 206-973-8302 Main: 206-973-8300 From: cisco-nsp-boun...@puck.nether.net [cisco-nsp-boun...@puck.nether.net] on behalf of Kostas Fotiadis [kostas.fotia...@oteglobe.net] Sent: Wednesday, June 16, 2010 4:41 AM To: Gordon Bezzina Cc: cisco-nsp@puck.nether.net Subject: Re: [c-nsp] Continous BGP session resets on SRD3 Hi Gordon, Just hang-up the phone with TAC. We also had the same issue this morning. One session was iBGP and the other eBGP. Engineer said, undocumented bug, needs to do more research and get back to be. Don't know what he did and fix it. I guess you need to open a case... Good luck, Kostas On 16/6/2010 12:37 μμ, Gordon Bezzina wrote: Hi, Since this morning I am experiencing a weird problem on one of my full feeds link. My router is a 7606 with dual RSP720-3CXL-GE and running SRD3. I have a multihop bgp peer to get the full bgp feed from my customer. Suddenly this morning the connection started flapping. With the following error message: Jun 16 07:40:03 CEST: %BGP-5-ADJCHANGE: neighbor W.X.Y.Z vpn vrf XX Up Jun 16 07:42:36 CEST: %BGP-5-ADJCHANGE: neighbor W.X.Y.Z vpn vrf XX Down BGP Notification sent Jun 16 07:42:36 CEST: %BGP-3-NOTIFICATION: sent to neighbor W.X.Y.Z 3/4 (invalid flags for attribute) 3 bytes 00 15w6d: BGP: 217.15.96.9 Bad attributes Jun 16 07:42:36 CEST: %BGP-4-MSGDUMP: unsupported or mal-formatted message received from W.X.Y.Z: 012B 0200 0001 1040 0101 02C0 119A 0226 3D77 22E0 04F9 3065 0003 0065 0003 0065 C288 22E4 22E4 22E4 22E4 22E4 22E4 22E4 22E4 22E4 22E4 22E4 22E4 22E4 22E4 22E4 22E4 22E4 22E4 22E4 22E4 22E4 22E4 22E4 22E4 22E4 22E4 22E4 22E4 22E4 22E4 22E4 4002 4E02 263D 7722 E004 F930 655B A05B A0C2 8822 E422 E422 E422 E422 E422 E422 E422 E422 E422 E422 Jun 16 07:42:42 CEST: %BGP_SESSION-5-ADJCHANGE: neighbor W.X.Y.Z IPv4 Unicast vpn vrf XX topology base removed from session BGP Notification sent The sequence is as follows: It basically goes up, starts getting the feed, then at around 290K routes it logs this error and resets the session. It will Then start over again. Note that this does not seem to be the route dampening issue - I do not even have dampening enabled on my router. Also mls cef is set at 350K for IPv4 and free RAM is over 1G Any ideas? Thanks/Regards Gordon ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/ ___ cisco-nsp mailing list cisco-nsp@puck.nether.net
Re: [c-nsp] Weird ACL behaviour
The code path for MLS netflow versus software netflow is not the same. For MLS netflow the export records are created by the DFC/PFC so it's not surprising that they act differently than locally generated traffic. Just as an example that shows the code path is different. Export to VRF destination is supported for software netflow but not for MLS netflow. -Ben On Jun 17, 2010, at 9:17 AM, Marco Matarazzo wrote: Hi all, I'm facing a strange behaviour on an ACL just wanted to know if someone has encountered a similar issue? Here're the facts: I'm using a Cisco 6509 on SXI2, I've setup Netflow to collect and send traffic to a collector. The collector is on my management network. The relevant configs: [...snip...] mls netflow interface mls flow ip interface-full mls nde sender [... some interfaces has ip flow ingress configured...] interface FastEthernet3/48 description Management Network ip address 10.16.x.y 255.255.255.0 ip access-group Management out no ip proxy-arp ip flow-export source FastEthernet3/48 ip flow-export version 9 origin-as ip flow-export destination 10.16.x.z 9995 ip access-list extended Management deny ip any any with this configuration in place the collector only receives flows generated by CPU switch traffic. All the traffic generated by the mls nde sender command does get blocked by the ACL. As soon as I remove the ACL the traffic flows fine. I was under the assumption that traffic generated by the router was not affected by the ACLs, and in fact all the rest of the traffic is fine... Maybe I'm catching a bug here, or is that written somewhere that packets created by the mls gets blocked by ACLs? Cheers, ]\/[arco -- I'm Winston Wolf, I solve problems. ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/ ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] Alert: Correction
On Jun 17, 2010, at 10:03 AM, Matt Zagrabelny wrote: On Thu, 2010-06-17 at 09:28 -0400, Jared Mauch wrote: Interesting. If it were an official statement, I'm sure it would come from a university of toledo account vs gmail :) Are you saying that Junk Email^H^H^H. I mean Jun Kemail is NOT a University of Toledo employee!? :) Fear the astroturf. Either way it sounds like the guys at Bluecat Networks likely have at minimum some issues corresponding with their customer regarding their deployment, and at worst.. some hardware that is due for recycling. - Jared (Who has no clue what Bluecat Networks even offers). ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] Weird ACL behaviour
On Thu, Jun 17, 2010 at 4:29 PM, Benjamin Lovell belov...@cisco.com wrote: The code path for MLS netflow versus software netflow is not the same. For MLS netflow the export records are created by the DFC/PFC so it's not surprising that they act differently than locally generated traffic. I'm not surprised that the flows are created by different 'entities' inside the 6500. Another evidence is the fact that mls record are created with a source port different than the software created records. I just found it unexpected that this 'entity' was considered external by the point of view of the ACL. Once you know it, I can punch an hole in the ACL, but wanted to be sure this is expected and not actually a bug of some sort (in the software or in the documentation! ;) Thanks! ]\/[arco -- I'm Winston Wolf, I solve problems. ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] Specification of RA that responds to RS (applied RA suppress I/F)
Thus spake daigo nakayama (nky...@gmail.com) on Thu, Jun 17, 2010 at 07:57:51AM +0900: Hi, Cat65 interface(GigabitEthernet) sent out RA, when RS was received in the interface that applied ipv6 nd ra suppress. Is this behavior within specification ? If you're looking to stop the responses to solicitation as well, put in both of these: ipv6 nd ra suppress ipv6 nd prefix default no-advertise This has turned out to be a great way to introduce to server hosting subnets, as you can then go machines/applications one by one to staticly configure v6 without worring about unintended machines lighting up their v6 stacks. Dale ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] Weird ACL behaviour
If it is an inconsistency in implementation between the software and hardware generated records it should be clearly articulated as a gotcha in the configuration guide. Ben is checking on both parts for us. Rodney On 6/17/10 11:15 AM, Marco Matarazzo wrote: On Thu, Jun 17, 2010 at 4:29 PM, Benjamin Lovellbelov...@cisco.com wrote: The code path for MLS netflow versus software netflow is not the same. For MLS netflow the export records are created by the DFC/PFC so it's not surprising that they act differently than locally generated traffic. I'm not surprised that the flows are created by different 'entities' inside the 6500. Another evidence is the fact that mls record are created with a source port different than the software created records. I just found it unexpected that this 'entity' was considered external by the point of view of the ACL. Once you know it, I can punch an hole in the ACL, but wanted to be sure this is expected and not actually a bug of some sort (in the software or in the documentation! ;) Thanks! ]\/[arco ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] Weird ACL behaviour
Marco, This looks like CSCtc54878NDE direct export packets are checked by egress ACL When the packets are exported by the SP(MLS netflow) the flag for hardware to ignore ACL checks is not set. Fixed in SXI4. -Ben On Jun 17, 2010, at 11:52 AM, Rodney Dunn wrote: If it is an inconsistency in implementation between the software and hardware generated records it should be clearly articulated as a gotcha in the configuration guide. Ben is checking on both parts for us. Rodney On 6/17/10 11:15 AM, Marco Matarazzo wrote: On Thu, Jun 17, 2010 at 4:29 PM, Benjamin Lovellbelov...@cisco.com wrote: The code path for MLS netflow versus software netflow is not the same. For MLS netflow the export records are created by the DFC/PFC so it's not surprising that they act differently than locally generated traffic. I'm not surprised that the flows are created by different 'entities' inside the 6500. Another evidence is the fact that mls record are created with a source port different than the software created records. I just found it unexpected that this 'entity' was considered external by the point of view of the ACL. Once you know it, I can punch an hole in the ACL, but wanted to be sure this is expected and not actually a bug of some sort (in the software or in the documentation! ;) Thanks! ]\/[arco ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/ ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] Weird ACL behaviour
Fantastic Ben, looks like you catched it! Will punch an hole in the ACL, waiting for the next software upgrade cycle then! Cheers, ]\/[arco On Thu, Jun 17, 2010 at 6:38 PM, Benjamin Lovell belov...@cisco.com wrote: Marco, This looks like CSCtc54878NDE direct export packets are checked by egress ACL When the packets are exported by the SP(MLS netflow) the flag for hardware to ignore ACL checks is not set. Fixed in SXI4. -Ben On Jun 17, 2010, at 11:52 AM, Rodney Dunn wrote: If it is an inconsistency in implementation between the software and hardware generated records it should be clearly articulated as a gotcha in the configuration guide. Ben is checking on both parts for us. Rodney On 6/17/10 11:15 AM, Marco Matarazzo wrote: On Thu, Jun 17, 2010 at 4:29 PM, Benjamin Lovellbelov...@cisco.com wrote: The code path for MLS netflow versus software netflow is not the same. For MLS netflow the export records are created by the DFC/PFC so it's not surprising that they act differently than locally generated traffic. I'm not surprised that the flows are created by different 'entities' inside the 6500. Another evidence is the fact that mls record are created with a source port different than the software created records. I just found it unexpected that this 'entity' was considered external by the point of view of the ACL. Once you know it, I can punch an hole in the ACL, but wanted to be sure this is expected and not actually a bug of some sort (in the software or in the documentation! ;) Thanks! ]\/[arco ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/ -- I'm Winston Wolf, I solve problems. ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] Recieving Dying Gasp notifications
http://www.cisco.com/en/US/products/ps9637/index.html ME3400 series support the feature. On Tue, Jun 15, 2010 at 12:27 PM, Kaegler, Mike kaegl...@tessco.com wrote: I have a few remote sites which can be prone to power failures. For various reasons, implementing UPSs with management cards is not suitable and/or desirable. The remote equipment all supports Dying Gasp, however, but I cannot seem to find a way to make my 7200s, 3800s, or 2600s to receive the DG notifications. Google seems to indicate that only the CRS-1 will do it. This seems a pretty simple low-cost feature... is there truly no Cisco support for receiving DG on sub-million-dollar routers? -porkchop ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/ ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
[c-nsp] HSRP forwarding question
Having a discussion with a colleague about forwarding on HSRP. I seem to remember seeing datagrams that were addressed to the virtual IP address, but were delivered to the standby router getting forwarded from the standby to the active for routing. It's been a while since I looked at HSRP in the lab, and I'm about to hop on a plane, so I appeal to the net.wisdom :-) Thanks, -Chris ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] HSRP forwarding question
This can happen if your spanning-tree root is the HSRP standby and the L2 access switch uplink to the active is in blocking. The packet will be bridged through the standby to then be routed by the active. To prevent this it makes sense to have the STP root for a vlan be the same as the active router. Same idea applies to the PIM DR for mcast. -Ben On Jun 17, 2010, at 2:24 PM, Chris Boyd wrote: Having a discussion with a colleague about forwarding on HSRP. I seem to remember seeing datagrams that were addressed to the virtual IP address, but were delivered to the standby router getting forwarded from the standby to the active for routing. It's been a while since I looked at HSRP in the lab, and I'm about to hop on a plane, so I appeal to the net.wisdom :-) Thanks, -Chris ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/ ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] HSRP forwarding question
So what is the question ? HSRP speakers choose a ACTIVE and a STANDBY. ACTIVE is the *only* one who does the forwarding. They pick a HSRP VIP which is the DG of the users. ACTIVE one repliesto ARP/own's MAC for it. Users forward to ACTIVE. STANDBY is not used for traffic from users-network until ACTIVE is down. GLBP has a more ACTIVE/ACTIVE implementation by choosing a AVG and multiple AVFs Shimol On 6/17/10 2:24 PM, Chris Boyd wrote: Having a discussion with a colleague about forwarding on HSRP. I seem to remember seeing datagrams that were addressed to the virtual IP address, but were delivered to the standby router getting forwarded from the standby to the active for routing. It's been a while since I looked at HSRP in the lab, and I'm about to hop on a plane, so I appeal to the net.wisdom :-) Thanks, -Chris ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/ ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] OT - Cisco QoS - FIFO
Not really off topic. Very relevant to cisco performance. Generally control traffic winds up in a different queue if QoS is used. By default on the 6500 with a 6708 line card for example: Queue 3 handles COS 6 7 traffic. Queue 3 gets 15% of the buffers Cisco also implements a feature called SPD Headroom and SPD extended Headroom. BGP traffic winds up in headroom and IGP traffic in extended headroom. This is probably more like what your friend is referring to. https://www9.cisco.com/en/US/products/hw/routers/ps167/products_tech_note09186a008012fb87.shtml Mack McBride Network Architect -Original Message- From: cisco-nsp-boun...@puck.nether.net [mailto:cisco-nsp-boun...@puck.nether.net] On Behalf Of Christopher O'Shea Sent: Wednesday, June 16, 2010 10:21 PM To: Cisco certification; cisco-nsp@puck.nether.net Subject: [c-nsp] OT - Cisco QoS - FIFO Had a question about QoS with a co-worker asking does Cisco devices give priority to Network Control (CS6) traffic traffic? He show/told me that in Juniper that always have 5% for Network control traffic even on FIFO Chris O'Shea ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/ ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] Alert: Correction
Completely off topic but this seems to be IP address management. Bluecat's product page doesn't mention NAT and overlapping 1918 space support. Both are key features in today's internat, I mean internet. Mack McBride Network Architect -Original Message- From: cisco-nsp-boun...@puck.nether.net [mailto:cisco-nsp-boun...@puck.nether.net] On Behalf Of Jared Mauch Sent: Thursday, June 17, 2010 8:36 AM To: Matt Zagrabelny Cc: cisco-nsp@puck.nether.net Subject: Re: [c-nsp] Alert: Correction On Jun 17, 2010, at 10:03 AM, Matt Zagrabelny wrote: On Thu, 2010-06-17 at 09:28 -0400, Jared Mauch wrote: Interesting. If it were an official statement, I'm sure it would come from a university of toledo account vs gmail :) Are you saying that Junk Email^H^H^H. I mean Jun Kemail is NOT a University of Toledo employee!? :) Fear the astroturf. Either way it sounds like the guys at Bluecat Networks likely have at minimum some issues corresponding with their customer regarding their deployment, and at worst.. some hardware that is due for recycling. - Jared (Who has no clue what Bluecat Networks even offers). ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/ ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] HSRP forwarding question
The exception for this is on Nexus vPC and 6500 VSS. Both nodes would be forwarding in these cases. Arie -Original Message- From: cisco-nsp-boun...@puck.nether.net [mailto:cisco-nsp-boun...@puck.nether.net] On Behalf Of Shimol Shah (shimshah) Sent: Thursday, June 17, 2010 22:38 To: cisco-nsp@puck.nether.net Subject: Re: [c-nsp] HSRP forwarding question So what is the question ? HSRP speakers choose a ACTIVE and a STANDBY. ACTIVE is the *only* one who does the forwarding. They pick a HSRP VIP which is the DG of the users. ACTIVE one repliesto ARP/own's MAC for it. Users forward to ACTIVE. STANDBY is not used for traffic from users-network until ACTIVE is down. GLBP has a more ACTIVE/ACTIVE implementation by choosing a AVG and multiple AVFs Shimol On 6/17/10 2:24 PM, Chris Boyd wrote: Having a discussion with a colleague about forwarding on HSRP. I seem to remember seeing datagrams that were addressed to the virtual IP address, but were delivered to the standby router getting forwarded from the standby to the active for routing. It's been a while since I looked at HSRP in the lab, and I'm about to hop on a plane, so I appeal to the net.wisdom :-) Thanks, -Chris ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/ ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/ ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] HSRP forwarding question
On 18/06/2010, at 4:24 AM, Chris Boyd wrote: Having a discussion with a colleague about forwarding on HSRP. I seem to remember seeing datagrams that were addressed to the virtual IP address, but were delivered to the standby router getting forwarded from the standby to the active for routing. the virtual mac for the FHRP exists on the active only. i.e. if you look at the mac table on the switch you'll see that the mac exists on the FHRP active. an exception to the above is where you have cisco switches that support virtual Port Channel (vPC) where the vPC pair still runs a FHRP like HSRP but the 'standby' actually forwards too because vPC is about running your infrastructure active/active. cheers, lincoln. ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] Continous BGP session resets on SRD3
Rodney Dunn wrote: We are working to get some clarification on this. In the interim... Can anyone prove they saw this when either: a) The upstream speaker did not have the AS Path limit configured to something lower (say less than 200)? b) The upstream speaker was running with code *newer* than one of these: 15.1(01.07.01)PIA14 15.1(01.05.01)PIA13 15.1(01)XB 15.0(01.01)SID 15.0(01)M 12.4(24.06.06)PIL12 12.4(24.06.05)PIB12 12.4(24.06)PI11l 12.2(33.01.21)MCP05 12.2(33)ZI 12.2(33)XNE 12.2(33)SXI02 12.2(32.08.17)REC186 12.2(32.08.15)YCA273.10 12.2(32.08.11)XJC273.11 12.2(32.08.11)SX277 12.2(32.08.06)YCA246.10 12.2(32.08.01)YCA273.15 12.0(32)SY10 We observed problem only on 2 GSRs as upstream. Both affected gsrs has bgp maxas-limit 100 and runs 12.0(33)s4 We have several GSRs, which runs different versions - S5, S6, even couple with S2 and (32)SY6 From what Shimol and I appear to have gleaned so far it's an issue between a 4byte AS (new) speaker and and non 4 byte (old) speaker *and* the 4byte AS (new) upstream speaker is on a version of code older than one of the ones above. Can folks confirm/deny if their deployment where they saw this either did or did not match those conditions above? Read it carefully as it can be tricky. Thanks, Rodney ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/