[c-nsp] ASR1000 Series PPPoA
Hi all, Anyone heard anything on PPPoA on the ASR 1000 series yet? As far as i know it isn't supported (yet?) but i might be wrong :) PPPoA would make it a superb replacement for our 720X series Kind regards, Erik Versaevel ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] QoS Options for PPPoE over Ethernet
Use Radius to send an avpair of the bandwidth of the session back to the router then have a service-policy applied to your virtual-template(or you can send the service-policy back through radius too if you need to differentiate them between sessions) with a parent shaper that shapes bandwidth percent 100 or whatever you like(it will be the bandwidth returned via Radius that it references) and then your child QoS policy below that, you then have per session QoS based on the bandwidth of that unique session. Ben On Wed, Jul 21, 2010 at 9:02 AM, Dave Weis djw...@internetsolver.comwrote: I'm not finding a lot of good options to do QoS for PPPoE over Ethernet (as opposed to ATM) subscribers. We have varying speeds for the subscribers ranging from 256k to 40m so I can't use a hard coded amount to reserve for voice. In addition, some customers have a single port ATA and some will have 6-10 lines on an IAD. The setup has a single VLAN per DSLAM as a subinterface on a gig-E port in a 7200 VXR. Some of the newer equipment will obey 802.1p but the majority of our equipment does not. The authentication comes out of freeradius and the approximate downstream rate of each subscriber is recorded in the same table as the username/password so if I had to make static definitions for each speed tier I could do that. I don't need to do anything elaborate other than move any traffic to or from a specific subnet to the front of the queue. Thanks for any help Dave -- Dave Weis 515-224-9229 djw...@internetsolver.com http://www.internetsolver.com/ Please check out our Complete Support Service http://www.internetsolver.com/completesupport/ ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/ ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] ASR1000 Series PPPoA
Anyone heard anything on PPPoA on the ASR 1000 series yet? As far as i know it isn't supported (yet?) but i might be wrong :) PPPoA would make it a superb replacement for our 720X series We've been told it won't happen at least any time soon and to go with 10k as an upgrade path... Not really in the same price range though!!! Brian ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
[c-nsp] ISG: redirecting customers DNS to internal DNS Cache servers (L4 redirect)
According with Cisco (http://cisco.biz/en/US/docs/routers/1/10008/configuration/guides/ancp/isbl4rdt.html#wp1043711) I create the next configuration: !-- ip access-list extended DNS-Traffic 10 permit tcp any eq 53 any eq 53 20 permit udp any eq 53 any eq 53 30 permit tcp any gt 1024 any eq 53 40 permit udp any gt 1024 any eq 53 service-policy type control DNS-redirection policy-map type control DNS-redirection class type control event session-start 1 service-policy type service name DNS-redirection-profile policy-map type service DNS-redirection-profile class type traffic DNS-Traffic ! maybe could be possible to use match protocol dns pending to test it match access-group DNS-Traffic redirect to group DNS-servers redirect server-group DNS-servers ! are they going to do load balance? is it possible? server ip 10.53.0.235 port 53 server ip 10.53.0.236 port 53 !-- Questions: - should I do modify the default timers (frequency and concurrent sessions) - how is considered the value sessions? by ip? by request? - what about the CPU? too much impact? any experience? Alternatives with less impact to redirect DNS traffic? :] Thanks in advance to all the list. Luis ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] NX-OS - Fabric Path
Hey, Is it just me or did others also receive a duplicate of the message below? Not only this one, but also others that had mr LTD as recipient and the list in CC... The duplicate comes later and has several Cisco hops in the path, including a couple of Ironport devices. If it's not just me, mayby someone at Cisco can have a look... I'd be happy to provide more details, eg headers. Regards, Jeroen van Ingen ICT Service Centre University of Twente, P.O.Box 217, 7500 AE Enschede, The Netherlands Original Message From: cisco-nsp-boun...@puck.nether.net [mailto:cisco-nsp-boun...@puck.nether.net] On Behalf Of Manu Chao Sent: dinsdag 20 juli 2010 13:28 To: Lincoln Dale (ltd) Cc: Church, Charles; cisco-nsp@puck.nether.net Subject: Re: [c-nsp] NX-OS - Fabric Path ;) On Tue, Jul 20, 2010 at 5:51 AM, Lincoln Dale l...@cisco.com wrote: i'm guessing whoever upgraded the NX-OS on these did so using scp/ftp/tftp and thus needed to assign an ip-address to do so. you could verify either way by looking at the output from show accounting log which saves all config commands and is persistent across power-loss and based on the date/time recorded there or order-of-events will likely give you an indication of whether it was your guys or the partner. the only reason i replied is that i've never heard of us ever doing such a thing, because it would be an incredibly dumb thing to do. setting a default ip-address might work for a home gateway router / switch, but for something in the data center - no. :) cheers, lincoln. On 20/07/2010, at 1:19 PM, Church, Charles wrote: Lincoln, I did leave out one detail. These were originally 4.1(3)N2(1), but our installation guys did bump them up to 4.2 individually prior to installing them. They tell me they used that pre-configured address, not knowing any better. But the attached file is a 5020 I took out of a box personally, and fired up. I guess it's possible our reseller put that on there. I've seen that same IP address on three other 5020s, and a half dozen 5010s, all bought about the same time from the same reseller. I'll bounce it off them, sorry about the finger pointing. Chuck -Original Message- From: Lincoln Dale [mailto:l...@cisco.com] Sent: Monday, July 19, 2010 11:06 PM To: Church, Charles Cc: Manu Chao; Peter Rathlev; cisco-nsp@puck.nether.net Subject: Re: [c-nsp] NX-OS - Fabric Path there is no default configuration or pre-coded 10.1.1.50 ip-address on mgmt0. first time you boot a switch it starts the setup dialog with a serial console port. http://www.cisco.com/en/US/docs/switches/datacenter/nexus5000/sw/fundame ntals/421_n1_1/Cisco_Nexus_5000_Series_NX-OS_Fundamentals_Configuration_ Guide_Release_4_2_1_N1_1_chapter3.html#con_1073243 if you had a switch with a configuration then either they were shipped from manufacturing incorrectly (i guess its a possibility), or your installation guys thought it was a good idea to configure it that way. as i can find no examples of the former listed in bug searches internal to cisco, i'd say it points at the latter. cheers, lincoln. On 20/07/2010, at 12:36 PM, Church, Charles wrote: Just be careful about connecting the mgmt0 interfaces to anything prior to configuring them. The default IP address of 10.1.1.50 on them (at least on the 4.2 5000s) will cause a spectacular ARP storm when they conflict with each other, like when you attach several unconfigured ones to the same network. Several thousand PPS, eventual reloads, etc. Our installation guys got ahead of the config guys in our new DC, nice little mess it made. Not sure why they put a default address on them, hope it's something they correct in the future. Chuck -Original Message- From: cisco-nsp-boun...@puck.nether.net [mailto:cisco-nsp-boun...@puck.nether.net] On Behalf Of Manu Chao Sent: Monday, July 19, 2010 7:17 PM To: Peter Rathlev Cc: Lincoln Dale; cisco-nsp@puck.nether.net Subject: Re: [c-nsp] NX-OS - Fabric Path Yes, but Nexus hardware is the right platform if you don't want to loose any packet in your DC ;) On Tue, Jul 20, 2010 at 12:56 AM, Peter Rathlev pe...@rathlev.dk wrote: On Tue, 2010-07-20 at 08:29 +1000, Lincoln Dale wrote: right now the hardware is using a frame format that is not that of what TRILL uses (and as such we're using a Cisco-defined ethertype), however the hardware is capable of supporting standards-based TRILL as and when the standard is finalised ratified. Would that hardware happen be the EARL8? And would there be any chance that us old skool Cat6500 guys get to share to thrill of TRILL (or similar)? :-) -- Peter ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] IP SLA measurement against USA
On Jul 15, 2010, at 6:02 AM, LM wrote: Hi, I want to control the SLA gave by our internet provider against USA and Europe. The issue is that I would like to configure SLA code in our border routers to have some visibility of it. So, is there anyone in the mailing list who can give me a fixed points -IPs- to verify this?, I don't know if could find a website with some destinations as a reference to configure my routers. Without doing your own collocation of IOS boxen in the US to use as 'sla test points' it's unlikely that you'll have more than icmp echo at your disposal. Additionally, if one did have collocated routers to bang on, IOS RTR/SLA-based throughput testing will not scale anywhere close to gige, nor 10 gige. If your goal is to know about 'headroom' on circuits, and if you're operating at sufficient link rates, this method will only reveal the worst-case congested states in the provider upstreams (i.e. when DDoS is flowing over the same network/isp, etc). If you're looking for well-known IP's to ping...don't. Using active probes to check SLA is an exercise in futility. With the advent of high speed ports, short queues, and the uptake and deployment of router CoPP over the years, active-probe based measurements will almost assuredly be 'wrong.' Worse still, they will be misleading, and will not expose anything of use to you. This has even been studied in detail, and I recommend reading http://www.cs.wisc.edu/~pb/intcomp_final.pdf before you continue to explore this area. The 'take home' is, you will certainly not be detecting the real/actual loss, and if you do detect any, it will most certainly be an incorrect rate. -Tk ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] IP SLA measurement against USA
Thanks for your answer, I will take a look to it. El 21/07/10 14:11, Anton Kapela escribió: On Jul 15, 2010, at 6:02 AM, LM wrote: Hi, I want to control the SLA gave by our internet provider against USA and Europe. The issue is that I would like to configure SLA code in our border routers to have some visibility of it. So, is there anyone in the mailing list who can give me a fixed points -IPs- to verify this?, I don't know if could find a website with some destinations as a reference to configure my routers. Without doing your own collocation of IOS boxen in the US to use as 'sla test points' it's unlikely that you'll have more than icmp echo at your disposal. Additionally, if one did have collocated routers to bang on, IOS RTR/SLA-based throughput testing will not scale anywhere close to gige, nor 10 gige. If your goal is to know about 'headroom' on circuits, and if you're operating at sufficient link rates, this method will only reveal the worst-case congested states in the provider upstreams (i.e. when DDoS is flowing over the same network/isp, etc). If you're looking for well-known IP's to ping...don't. Using active probes to check SLA is an exercise in futility. With the advent of high speed ports, short queues, and the uptake and deployment of router CoPP over the years, active-probe based measurements will almost assuredly be 'wrong.' Worse still, they will be misleading, and will not expose anything of use to you. This has even been studied in detail, and I recommend reading http://www.cs.wisc.edu/~pb/intcomp_final.pdf before you continue to explore this area. The 'take home' is, you will certainly not be detecting the real/actual loss, and if you do detect any, it will most certainly be an incorrect rate. -Tk ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
[c-nsp] Slightly OT: Network Mapping Tools
I used to used HP Network Node Manager at a previous employer and thought it did a really good job of automatically mapping the network, especially since it handled L3 and L2 discovery well after a bit of tweaking. I'm at a new place now and I'm wondering if there are any good automated mapping tools out there. I want to focus on Cisco routers and switches. I don't need something to map every other device on the network, so I'd need to have a good way to filter out extraneous stuff. Any thoughts? Thanks! John ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] Slightly OT: Network Mapping Tools
On 7/21/2010 9:27 AM, John Neiberger wrote: I used to used HP Network Node Manager at a previous employer and thought it did a really good job of automatically mapping the network, especially since it handled L3 and L2 discovery well after a bit of tweaking. I'm at a new place now and I'm wondering if there are any good automated mapping tools out there. I want to focus on Cisco routers and switches. I don't need something to map every other device on the network, so I'd need to have a good way to filter out extraneous stuff. Any thoughts? Thanks! John ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/ http://netdisco.org/ Netdisco will discover the devices, and put together a rudimentary map of the connections. Be warned, if you have a large network (500 devices), the map may not be very usable and will take a while to generate. The main uses for Netdisco are inventory/discovery rather than mapping. It does support CDP/FDP/LLDP discovery, as well as being able to manually add devices via SNMP polling. It also queries the routers and switches for their MAC and ARP tables, making it very easy to find where a particular IP or MAC address lives from a quick search. And the price tag is right whether it does everything you need or not. (Free!) Jeremy ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] Slightly OT: Network Mapping Tools
-Original Message- From: cisco-nsp-boun...@puck.nether.net [mailto:cisco-nsp- boun...@puck.nether.net] On Behalf Of Jeremy Bresley http://netdisco.org/ Netdisco will discover the devices, and put together a rudimentary map of the connections. Be warned, if you have a large network (500 devices), the map may not be very usable and will take a while to generate. The main uses for Netdisco are inventory/discovery rather than mapping. It does support CDP/FDP/LLDP discovery, as well as being able to manually add devices via SNMP polling. It also queries the routers and switches for their MAC and ARP tables, making it very easy to find where a particular IP or MAC address lives from a quick search. And the price tag is right whether it does everything you need or not. (Free!) Netdot is another option. https://netdot.uoregon.edu/trac/ -ryan ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] Hughes v iDirect
iDirect is a good technology, agred with Terry. Besides, they offer great courses to give training for the staff in US - Virginia. Rgs, 2010/7/18 Ziv Leyes z...@gilat.net I second Terry, we have good experience with iDirect too. Can't tell much about Hughes, don't know their products at all. -Original Message- From: cisco-nsp-boun...@puck.nether.net [mailto: cisco-nsp-boun...@puck.nether.net] On Behalf Of Terry Rupeni (ITS-USP) Sent: Thursday, July 15, 2010 11:18 PM To: cisco-nsp@puck.nether.net Subject: Re: [c-nsp] Hughes v iDirect Hi Felix, I can't speak for Hughes as I've never had the experience of wuking with the gear but we are currently evaluating iDirect for our Distance Learning Network(USPNET) of which a heavy component is VOIP, Video Conferencing, Video Multicast streaming. Our setup is a typical hub/spoke topology covering 12 Pacific Countries. Now Compare to our current satellite platform we use, I really like iDirect for two reasons: 1.) QOS provisioning mechanisms (Simple Methodology and configuration, don't have to worry about Satellite TimeSlots correlation etc) 2.) iDirect Monitoring/System Visibility (Gives us real time info of what is happening at the IP layer plus its correation to RF) There are many more reasons i can name but these two I see as a trump card compared to other systems I've worked on. Terry On 15/07/2010 10:16 PM, Felix Nkansah wrote: Hi, I am evaluating which of these satellite offerings provide the best IPoVSAT technology. The network would heavily use IP Voice and IP Video conferencing among the VSAT connected locations in a hub/spoke fashion. My client (a government agency) intends on installing/managing their own VSAT hub based on either Hughes or iDirect. I wanted to know which of these providers ensure the best performance of IP? Felix ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/ ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/ This footnote confirms that this email message has been scanned by PineApp Mail-SeCure for the presence of malicious code, vandals computer viruses. This footnote confirms that this email message has been scanned by PineApp Mail-SeCure for the presence of malicious code, vandals computer viruses. ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/ ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] Slightly OT: Network Mapping Tools
On 21/07/2010 15:27, John Neiberger wrote: I used to used HP Network Node Manager at a previous employer and thought it did a really good job of automatically mapping the network, especially since it handled L3 and L2 discovery well after a bit of tweaking. I'm at a new place now and I'm wondering if there are any good automated mapping tools out there. I want to focus on Cisco routers and switches. I don't need something to map every other device on the network, so I'd need to have a good way to filter out extraneous stuff. Any thoughts? We (Observium - http://www.observium.org) do some mapping based on cdp/fdp/lldp discovery protocols, but whole network maps tend to be messy because graphviz isn't ideal. Originally it was a major feature, but it's less important now because the open source mapping tools don't seem to scale or handle networks very well. adam. ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
[c-nsp] Cisco Security Advisory: CDS Internet Streamer: Web Server Directory Traversal Vulnerability
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Cisco Security Advisory: CDS Internet Streamer: Web Server Directory Traversal Vulnerability Advisory ID: cisco-sa-20100721-spcdn http://www.cisco.com/warp/public/707/cisco-sa-20100721-spcdn.shtml Revision 1.0 For Public Release 2010 July 21 1600 UTC (GMT) +- Summary === The Cisco Internet Streamer application, part of the Cisco Content Delivery System, contains a directory traversal vulnerability on its web server component that allows for arbitrary file access. By exploiting this vulnerability, an attacker may be able to read arbitrary files on the device, outside of the web server document directory, by using a specially crafted URL. An unauthenticated attacker may be able to exploit this issue to access sensitive information, including the password files and system logs, which could be leveraged to launch subsequent attacks. Cisco has released free software updates that address this vulnerability. Workarounds that mitigate this vulnerability are available. This advisory is posted at: http://www.cisco.com/warp/public/707/cisco-sa-20100721-spcdn.shtml. Affected Products = All versions of system software on the Cisco Internet Streamer application are vulnerable prior to the first fixed release. Vulnerable Products +-- To determine the software version running on a Cisco Content Delivery Engine, log in to the device and issue the show version command line interface (CLI) command to display the system banner. Cisco CDS Internet Streamer software will identify itself as Content Delivery System Software Release. On the same line of output, the version number will be provided. This example identifies a Cisco Content Delivery Engine that is running Cisco Content Delivery System software release 2.5.3: cdn-cde#show version Content Delivery System Software (CDS) Copyright ) 1999-2010 by Cisco Systems, Inc. Content Delivery System Software Release 2.5.3 (build b8 Jan 21 2010) Version: cde200-2.5.3.8 Compiled 16:07:11 Jan 21 2010 by ipvbuild Compile Time Options: KQ SS System was restarted on Thu Jun 3 04:09:25 2010. The system has been up for 2 hours, 11 minutes, 27 seconds. cdn-cde# Alternatively the Content Delivery System Manager home page gives a brief summary of the software versions in use on all the devices in the content delivery system network. To view the software version running on a particular device, choose Devices Devices. The Devices Table page displays the software version for each device listed. For further information on finding the software version, refer to the Maintaining the Internet Streamer CDS at the following link: http://www.cisco.com/en/US/docs/video/cds/cda/is/2_5/configuration_guide/maint.html#wp1198510. Products Confirmed Not Vulnerable + Cisco Content Delivery Engines running TV streaming content delivery applications and the Video Navigator Application are not affected. No other Cisco products are currently known to be affected by this vulnerability. Details === The Cisco Internet Streamer application provides edge caching, content streaming, and downloads to subscriber IP devices such as PCs. The Cisco Internet Streamer application, part of the Cisco Content Delivery System, contains a directory traversal vulnerability on its web server component that allows for arbitrary file access. It is possible to read arbitrary files on the Cisco Content Delivery Engine running the internet streamer application outside the web server's document directory using a specially-crafted URL. This includes the password files used to hold admin account details and system logs. An unauthenticated attacker may be able to exploit this issue to access sensitive information that could be leveraged to launch subsequent attacks. This vulnerability can be exploited over all open HTTP ports; TCP ports 80 (Default HTTP port), 443 (Default HTTPS port) and 8090 (Alternate HTTP and HTTPS port), as well as those that are configured as part of the HTTP proxy. In Cisco content delivery system software 2.5.3 and earlier, it is possible to configure Enable Incoming Proxy, which when enabled, accepts incoming requests on configured ports, in addition to TCP port 80. The additional ports that the device will listen on for HTTP requests is defined in the List of Incoming HTTP Ports field, within Devices Devices Application Control Web HTTP HTTP Connections of the content delivery system manager menu. For further information on HTTP settings, refer to the Cisco Internet Streamer CDS 2.5 Software Configuration Guide - Configuring Devices at the following link: http://www.cisco.com/en/US/docs/video/cds/cda/is/2_5/configuration_guide/configdevice.html. This vulnerability is documented in the Cisco Bug ID CSCtd68063 and has been assigned Common
Re: [c-nsp] RADIUS-assigned IPv6 inside VRF
On Wed, 2010-07-21 at 14:46 +0200, Daniel Verlouw wrote: This is all on c7200-advipservicesk9-mz.124-24.T3.bin. Any clue appreciated. to answer my own question: this seems to work well on SRD4. --Daniel. ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
[c-nsp] 6509 input queue drops
All, I have a 48 port 10/100/1000mb EtherModule WS-X6148-GE-TX on a 6509 running s72033-advipservicesk9_wan-mz.122-33.SXH7.bin Interface built as layer3 with a p2p site to site experiencing tons of Input queue drops but no other errors on port. cr.nyc1.ny#sh int g3/2 GigabitEthernet3/2 is up, line protocol is up (connected) Hardware is C6k 1000Mb 802.3, address is Description: x Internet address is MTU 1500 bytes, BW 100 Kbit, DLY 10 usec, reliability 255/255, txload 4/255, rxload 1/255 Encapsulation ARPA, loopback not set Keepalive set (10 sec) Full-duplex, 1000Mb/s, media type is 10/100/1000BaseT input flow-control is off, output flow-control is off Clock mode is auto ARP type: ARPA, ARP Timeout 04:00:00 Last input 00:00:04, output 00:00:05, output hang never Last clearing of show interface counters 00:07:15 * Input queue: 0/75/45605/0 (size/max/drops/flushes); Total output drops: 0 * Queueing strategy: fifo Output queue: 0/40 (size/max) 5 minute input rate 5511000 bits/sec, 3615 packets/sec 5 minute output rate 1924 bits/sec, 5080 packets/sec L2 Switched: ucast: 68 pkt, 4484 bytes - mcast: 79854 pkt, 5112676 bytes L3 in Switched: ucast: 1116996 pkt, 233979838 bytes - mcast: 0 pkt, 0 bytes mcast L3 out Switched: ucast: 2138144 pkt, 982224161 bytes mcast: 0 pkt, 0 bytes 1496205 packets input, 261671862 bytes, 0 no buffer Received 358394 broadcasts (0 IP multicasts) 0 runts, 0 giants, 2606 throttles * 0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored* 0 watchdog, 0 multicast, 0 pause input 0 input packets with dribble condition detected 2158283 packets output, 988796454 bytes, 0 underruns *0 output errors, 0 collisions, 0 interface resets* 0 babbles, 0 late collision, 0 deferred 0 lost carrier, 0 no carrier, 0 PAUSE output 0 output buffer failures, 0 output buffers swapped out Anybody experience such an odd error? -- //CL ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] Slightly OT: Network Mapping Tools
- Original Message - From: John Neiberger jneiber...@gmail.com I used to used HP Network Node Manager at a previous employer and thought it did a really good job of automatically mapping the network, especially since it handled L3 and L2 discovery well after a bit of tweaking. I'm at a new place now and I'm wondering if there are any good automated mapping tools out there. I want to focus on Cisco routers and switches. I don't need something to map every other device on the network, so I'd need to have a good way to filter out extraneous stuff. Any thoughts? For Cisco switches, the Cisco Network Assistant does a pretty good job. Also free. -- Jerry B. ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] Slightly OT: Network Mapping Tools
On Wed, Jul 21, 2010 at 10:28 AM, Adam Armstrong li...@memetic.org wrote: On 21/07/2010 15:27, John Neiberger wrote: I used to used HP Network Node Manager at a previous employer and thought it did a really good job of automatically mapping the network, especially since it handled L3 and L2 discovery well after a bit of tweaking. I'm at a new place now and I'm wondering if there are any good automated mapping tools out there. I want to focus on Cisco routers and switches. I don't need something to map every other device on the network, so I'd need to have a good way to filter out extraneous stuff. Any thoughts? We (Observium - http://www.observium.org) do some mapping based on cdp/fdp/lldp discovery protocols, but whole network maps tend to be messy because graphviz isn't ideal. Originally it was a major feature, but it's less important now because the open source mapping tools don't seem to scale or handle networks very well. hypergraph is pretty good at scaling. http://hypergraph.sourceforge.net/ -matt ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
[c-nsp] Access point traffic
hi all i have an access point connected to a Cisco switch i want to be able to monitor the traffic for each client connects to this access point , is there any way for doing this ?? Thanks _ Hotmail: Free, trusted and rich email service. https://signup.live.com/signup.aspx?id=60969 ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] Hughes v iDirect
I maintain an iDirect hub for one of our customers, and while it runs pretty well I have one beef that I wish they'd fix. The only dynamic routing protocol they provide is RIP. I've asked about OSPF support and was told that they'd never support it. Otherwise, it has its quirks just like any other system. No real show stoppers though for our use. Our customer makes extensive use of VoIP (capable of 115 simultaneous calls at G.729) and also makes extensive use of both sending and receiving live streaming video. Be careful of how much traffic you want to run through each remote, though. The remotes, and hub line cards for that matter, are ARMv5 powered so they're not packet pushing power houses. I think the hub line cards can push anywhere from 11 to 22 Mbps depending on software version and other options. The remotes can push traffic back to the hub at significantly less though. We had an event a couple years ago where the customer was trying to push 5-6 Mbps worth of voice and video out of the remote location to the hub and had the CPU pegged at 100% around 4.2 Mbps as I recall with V7 software. V8 software supposedly increases the bandwidth limit by double. If you want to make use of a lot of VoIP on the system with small packets, you run the risk of killing your available horsepower quickly. I've never seen a published packet per second figure for the 7350 remotes that we use but unofficially that answer is somewhere around 1800 PPS as stated by a senior member of the iDirect engineering team. To support the large call volume and still have processing power left over, we had to employ packet aggregators from DTech Labs. To touch on training, they offer training the US as well as some other popular locations worldwide. London and Dubai come to mind. Overall, I think the iDirect solution is pretty solid. Ryan Wilkins On 15/07/2010 10:16 PM, Felix Nkansah wrote: Hi, I am evaluating which of these satellite offerings provide the best IPoVSAT technology. The network would heavily use IP Voice and IP Video conferencing among the VSAT connected locations in a hub/spoke fashion. My client (a government agency) intends on installing/managing their own VSAT hub based on either Hughes or iDirect. I wanted to know which of these providers ensure the best performance of IP? Felix ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] 6509 input queue drops
check: Router#show plat hard cap interface Interface Resources Interface drops: ModuleTotal drops:TxRx Highest drop port: Tx Rx 1 1261502177 367 7 7 You may be having higher-level buffering drops depending on traffic patterns that will be seen here. You may also want to check the output of 'show fabric'.. - Jared On Jul 21, 2010, at 11:58 AM, Chris Lane wrote: All, I have a 48 port 10/100/1000mb EtherModule WS-X6148-GE-TX on a 6509 running s72033-advipservicesk9_wan-mz.122-33.SXH7.bin Interface built as layer3 with a p2p site to site experiencing tons of Input queue drops but no other errors on port. cr.nyc1.ny#sh int g3/2 GigabitEthernet3/2 is up, line protocol is up (connected) Hardware is C6k 1000Mb 802.3, address is Description: x Internet address is MTU 1500 bytes, BW 100 Kbit, DLY 10 usec, reliability 255/255, txload 4/255, rxload 1/255 Encapsulation ARPA, loopback not set Keepalive set (10 sec) Full-duplex, 1000Mb/s, media type is 10/100/1000BaseT input flow-control is off, output flow-control is off Clock mode is auto ARP type: ARPA, ARP Timeout 04:00:00 Last input 00:00:04, output 00:00:05, output hang never Last clearing of show interface counters 00:07:15 * Input queue: 0/75/45605/0 (size/max/drops/flushes); Total output drops: 0 * Queueing strategy: fifo Output queue: 0/40 (size/max) 5 minute input rate 5511000 bits/sec, 3615 packets/sec 5 minute output rate 1924 bits/sec, 5080 packets/sec L2 Switched: ucast: 68 pkt, 4484 bytes - mcast: 79854 pkt, 5112676 bytes L3 in Switched: ucast: 1116996 pkt, 233979838 bytes - mcast: 0 pkt, 0 bytes mcast L3 out Switched: ucast: 2138144 pkt, 982224161 bytes mcast: 0 pkt, 0 bytes 1496205 packets input, 261671862 bytes, 0 no buffer Received 358394 broadcasts (0 IP multicasts) 0 runts, 0 giants, 2606 throttles * 0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored* 0 watchdog, 0 multicast, 0 pause input 0 input packets with dribble condition detected 2158283 packets output, 988796454 bytes, 0 underruns *0 output errors, 0 collisions, 0 interface resets* 0 babbles, 0 late collision, 0 deferred 0 lost carrier, 0 no carrier, 0 PAUSE output 0 output buffer failures, 0 output buffers swapped out Anybody experience such an odd error? -- //CL ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/ ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
[c-nsp] 7304 NSE-150 Interface issue
All, I have a 7304 with Redundant NSE-150s in slots 0 and 2. The documentation states that Slot0 SFPs should be G0-3 while slot2's SFPs should be G2/0-3. I am not able to see, configure or even status the ports on the NSE in Slot2. Can someone shed some light on this confusing design of a box? Please chassis info below. Thanks //db sho c7300 Slot Card Type Status Insertion time - -- -- 0,1 NSE150 (Active) Up 02:51:16 ago 2,3 NSE150 (Standby)Up 02:51:16 ago 4 1PA Carrier CardActive 02:51:16 ago FPGA information: HardwareFPGA version Slot Card Type Version BundledFlashCurrent - --- --- --- 0 NSE150 01.00 00.08 00.08 00.08 4 1PA Carrier Card 02.01 01.40 01.40 01.40 * - Card needs an FPGA update # - Card needs to be reloaded for the new FPGA to take effect Port Adapter Information Slot PA Type Status Insertion time - -- -- 4 PA-T3+ Active 02:51:16 ago System is compliant with hardware configuration guidelines. Network IO Interrupt Throttling: throttle count=0, timer count=0 active=0, configured=1 netint usec=4000, netint mask usec=200 sho ip int br: FastEthernet0 GigabitEthernet0 GigabitEthernet1 GigabitEthernet2 GigabitEthernet3 Serial4/0 ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] 6509 input queue drops
module 3 is the slot in question: cr.nyc1.ny# sh platform hardware capacity interface Interface Resources Interface drops: ModuleTotal drops:TxRx Highest drop port: Tx Rx 19024698 97525200 11 39 2172 401 2 2 3264 64828533 9 5 Interface buffer sizes: ModuleBytes: Tx buffer Rx buffer 1 112640 6144 2 442368 81920 3 1081344 147456 8 442368 81920 On Wed, Jul 21, 2010 at 1:56 PM, Jared Mauch ja...@puck.nether.net wrote: check: Router#show plat hard cap interface Interface Resources Interface drops: ModuleTotal drops:TxRx Highest drop port: Tx Rx 1 1261502177 367 7 7 You may be having higher-level buffering drops depending on traffic patterns that will be seen here. You may also want to check the output of 'show fabric'.. - Jared On Jul 21, 2010, at 11:58 AM, Chris Lane wrote: All, I have a 48 port 10/100/1000mb EtherModule WS-X6148-GE-TX on a 6509 running s72033-advipservicesk9_wan-mz.122-33.SXH7.bin Interface built as layer3 with a p2p site to site experiencing tons of Input queue drops but no other errors on port. cr.nyc1.ny#sh int g3/2 GigabitEthernet3/2 is up, line protocol is up (connected) Hardware is C6k 1000Mb 802.3, address is Description: x Internet address is MTU 1500 bytes, BW 100 Kbit, DLY 10 usec, reliability 255/255, txload 4/255, rxload 1/255 Encapsulation ARPA, loopback not set Keepalive set (10 sec) Full-duplex, 1000Mb/s, media type is 10/100/1000BaseT input flow-control is off, output flow-control is off Clock mode is auto ARP type: ARPA, ARP Timeout 04:00:00 Last input 00:00:04, output 00:00:05, output hang never Last clearing of show interface counters 00:07:15 * Input queue: 0/75/45605/0 (size/max/drops/flushes); Total output drops: 0 * Queueing strategy: fifo Output queue: 0/40 (size/max) 5 minute input rate 5511000 bits/sec, 3615 packets/sec 5 minute output rate 1924 bits/sec, 5080 packets/sec L2 Switched: ucast: 68 pkt, 4484 bytes - mcast: 79854 pkt, 5112676 bytes L3 in Switched: ucast: 1116996 pkt, 233979838 bytes - mcast: 0 pkt, 0 bytes mcast L3 out Switched: ucast: 2138144 pkt, 982224161 bytes mcast: 0 pkt, 0 bytes 1496205 packets input, 261671862 bytes, 0 no buffer Received 358394 broadcasts (0 IP multicasts) 0 runts, 0 giants, 2606 throttles * 0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored* 0 watchdog, 0 multicast, 0 pause input 0 input packets with dribble condition detected 2158283 packets output, 988796454 bytes, 0 underruns *0 output errors, 0 collisions, 0 interface resets* 0 babbles, 0 late collision, 0 deferred 0 lost carrier, 0 no carrier, 0 PAUSE output 0 output buffer failures, 0 output buffers swapped out Anybody experience such an odd error? -- //CL ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/ -- //CL ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
[c-nsp] RES: 6509 input queue drops
Check if the 32 Gbps bus is overwhelmed: #show cat all -Mensagem original- De: cisco-nsp-boun...@puck.nether.net [mailto:cisco-nsp-boun...@puck.nether.net] Em nome de Chris Lane Enviada em: quarta-feira, 21 de julho de 2010 12:59 Para: cisco-nsp@puck.nether.net Assunto: [c-nsp] 6509 input queue drops All, I have a 48 port 10/100/1000mb EtherModule WS-X6148-GE-TX on a 6509 running s72033-advipservicesk9_wan-mz.122-33.SXH7.bin Interface built as layer3 with a p2p site to site experiencing tons of Input queue drops but no other errors on port. cr.nyc1.ny#sh int g3/2 GigabitEthernet3/2 is up, line protocol is up (connected) Hardware is C6k 1000Mb 802.3, address is Description: x Internet address is MTU 1500 bytes, BW 100 Kbit, DLY 10 usec, reliability 255/255, txload 4/255, rxload 1/255 Encapsulation ARPA, loopback not set Keepalive set (10 sec) Full-duplex, 1000Mb/s, media type is 10/100/1000BaseT input flow-control is off, output flow-control is off Clock mode is auto ARP type: ARPA, ARP Timeout 04:00:00 Last input 00:00:04, output 00:00:05, output hang never Last clearing of show interface counters 00:07:15 * Input queue: 0/75/45605/0 (size/max/drops/flushes); Total output drops: 0 * Queueing strategy: fifo Output queue: 0/40 (size/max) 5 minute input rate 5511000 bits/sec, 3615 packets/sec 5 minute output rate 1924 bits/sec, 5080 packets/sec L2 Switched: ucast: 68 pkt, 4484 bytes - mcast: 79854 pkt, 5112676 bytes L3 in Switched: ucast: 1116996 pkt, 233979838 bytes - mcast: 0 pkt, 0 bytes mcast L3 out Switched: ucast: 2138144 pkt, 982224161 bytes mcast: 0 pkt, 0 bytes 1496205 packets input, 261671862 bytes, 0 no buffer Received 358394 broadcasts (0 IP multicasts) 0 runts, 0 giants, 2606 throttles * 0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored* 0 watchdog, 0 multicast, 0 pause input 0 input packets with dribble condition detected 2158283 packets output, 988796454 bytes, 0 underruns *0 output errors, 0 collisions, 0 interface resets* 0 babbles, 0 late collision, 0 deferred 0 lost carrier, 0 no carrier, 0 PAUSE output 0 output buffer failures, 0 output buffers swapped out Anybody experience such an odd error? -- //CL ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/ ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
[c-nsp] Mysterious GRE tunnel flap
Ok, I have a problem that I'm hoping someone can help out with. I have two 1841s seperated by a Metro-E WAN. Over this is a GRE tunnel to route multicast. Every morning at 8AM EST, give or take 3 minutes, the tunnel will go down for about 30 seconds. This happens every morning at this time, there are no errors in EIGRP, nor on the WAN side (plenty of tickets opened and we were watching the circuit when the flap happened, no dice) and we're at a real loss. Maybe a bug in the IOS? An angry voodoo priest somewhere? Ideas? Thanks in advance! Q ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] 6509 input queue drops
The 6148 isn't a fabric enabled blade. You are probably running into microburst (short lived high packet count bursts of traffic) which overflow the hardware buffers on the linecard. You probably need to upgrade to a fabric enabled card such as 6548 or 6748. you can also do: show counters interface gi3/2 To get an idea of what packets it's dropping. Matthew Huff | One Manhattanville Rd OTA Management LLC | Purchase, NY 10577 http://www.ox.com | Phone: 914-460-4039 aim: matthewbhuff | Fax: 914-460-4139 -Original Message- From: cisco-nsp-boun...@puck.nether.net [mailto:cisco-nsp-boun...@puck.nether.net] On Behalf Of Jared Mauch Sent: Wednesday, July 21, 2010 1:56 PM To: Chris Lane Cc: cisco-nsp@puck.nether.net Subject: Re: [c-nsp] 6509 input queue drops check: Router#show plat hard cap interface Interface Resources Interface drops: ModuleTotal drops:TxRx Highest drop port: Tx Rx 1 1261502177 367 7 7 You may be having higher-level buffering drops depending on traffic patterns that will be seen here. You may also want to check the output of 'show fabric'.. - Jared On Jul 21, 2010, at 11:58 AM, Chris Lane wrote: All, I have a 48 port 10/100/1000mb EtherModule WS-X6148-GE-TX on a 6509 running s72033-advipservicesk9_wan-mz.122-33.SXH7.bin Interface built as layer3 with a p2p site to site experiencing tons of Input queue drops but no other errors on port. cr.nyc1.ny#sh int g3/2 GigabitEthernet3/2 is up, line protocol is up (connected) Hardware is C6k 1000Mb 802.3, address is Description: x Internet address is MTU 1500 bytes, BW 100 Kbit, DLY 10 usec, reliability 255/255, txload 4/255, rxload 1/255 Encapsulation ARPA, loopback not set Keepalive set (10 sec) Full-duplex, 1000Mb/s, media type is 10/100/1000BaseT input flow-control is off, output flow-control is off Clock mode is auto ARP type: ARPA, ARP Timeout 04:00:00 Last input 00:00:04, output 00:00:05, output hang never Last clearing of show interface counters 00:07:15 * Input queue: 0/75/45605/0 (size/max/drops/flushes); Total output drops: 0 * Queueing strategy: fifo Output queue: 0/40 (size/max) 5 minute input rate 5511000 bits/sec, 3615 packets/sec 5 minute output rate 1924 bits/sec, 5080 packets/sec L2 Switched: ucast: 68 pkt, 4484 bytes - mcast: 79854 pkt, 5112676 bytes L3 in Switched: ucast: 1116996 pkt, 233979838 bytes - mcast: 0 pkt, 0 bytes mcast L3 out Switched: ucast: 2138144 pkt, 982224161 bytes mcast: 0 pkt, 0 bytes 1496205 packets input, 261671862 bytes, 0 no buffer Received 358394 broadcasts (0 IP multicasts) 0 runts, 0 giants, 2606 throttles * 0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored* 0 watchdog, 0 multicast, 0 pause input 0 input packets with dribble condition detected 2158283 packets output, 988796454 bytes, 0 underruns *0 output errors, 0 collisions, 0 interface resets* 0 babbles, 0 late collision, 0 deferred 0 lost carrier, 0 no carrier, 0 PAUSE output 0 output buffer failures, 0 output buffers swapped out Anybody experience such an odd error? -- //CL ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/ ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/ ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] Hughes v iDirect
We host around 10 iDirect hubs for several customers, after quite a lot of issues with previous sw versions I don't hear a lot of complaints from the customers on stability, as far as I know the iDirect product has matured. An issue with bigger hubs could be the large number of servers needed for Protocol processors and NMS producing a lot of heat and consuming a lot of power. We run ourselves a Viasat Linkstar hub, this could also be good candidate for the needs of th OP. We are very happy with the performance of this hub. No experience with Hughes. Martin -Original Message- From: cisco-nsp-boun...@puck.nether.net [mailto:cisco-nsp-boun...@puck.nether.net] On Behalf Of Ryan Wilkins Sent: 21/07/2010 19:12 To: Cisco Mailing list Subject: Re: [c-nsp] Hughes v iDirect I maintain an iDirect hub for one of our customers, and while it runs pretty well I have one beef that I wish they'd fix. The only dynamic routing protocol they provide is RIP. I've asked about OSPF support and was told that they'd never support it. Otherwise, it has its quirks just like any other system. No real show stoppers though for our use. Our customer makes extensive use of VoIP (capable of 115 simultaneous calls at G.729) and also makes extensive use of both sending and receiving live streaming video. Be careful of how much traffic you want to run through each remote, though. The remotes, and hub line cards for that matter, are ARMv5 powered so they're not packet pushing power houses. I think the hub line cards can push anywhere from 11 to 22 Mbps depending on software version and other options. The remotes can push traffic back to the hub at significantly less though. We had an event a couple years ago where the customer was trying to push 5-6 Mbps worth of voice and video out of the remote location to the hub and had the CPU pegged at 100% around 4.2 Mbps as I recall with V7 software. V8 software supposedly increases the bandwidth limit by double. If you want to make use of a lot of VoIP on the system with small packets, you run the risk of killing your available horsepower quickly. I've never seen a published packet per second figure for the 7350 remotes that we use but unofficially that answer is somewhere around 1800 PPS as stated by a senior member of the iDirect engineering team. To support the large call volume and still have processing power left over, we had to employ packet aggregators from DTech Labs. To touch on training, they offer training the US as well as some other popular locations worldwide. London and Dubai come to mind. Overall, I think the iDirect solution is pretty solid. Ryan Wilkins On 15/07/2010 10:16 PM, Felix Nkansah wrote: Hi, I am evaluating which of these satellite offerings provide the best IPoVSAT technology. The network would heavily use IP Voice and IP Video conferencing among the VSAT connected locations in a hub/spoke fashion. My client (a government agency) intends on installing/managing their own VSAT hub based on either Hughes or iDirect. I wanted to know which of these providers ensure the best performance of IP? Felix ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/ ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] 6509 input queue drops
Is the port the traffic is going to egress running at a lower rate or congested? On 7/21/2010 10:58 AM, Chris Lane wrote: All, I have a 48 port 10/100/1000mb EtherModule WS-X6148-GE-TX on a 6509 running s72033-advipservicesk9_wan-mz.122-33.SXH7.bin Interface built as layer3 with a p2p site to site experiencing tons of Input queue drops but no other errors on port. cr.nyc1.ny#sh int g3/2 GigabitEthernet3/2 is up, line protocol is up (connected) Hardware is C6k 1000Mb 802.3, address is Description: x Internet address is MTU 1500 bytes, BW 100 Kbit, DLY 10 usec, reliability 255/255, txload 4/255, rxload 1/255 Encapsulation ARPA, loopback not set Keepalive set (10 sec) Full-duplex, 1000Mb/s, media type is 10/100/1000BaseT input flow-control is off, output flow-control is off Clock mode is auto ARP type: ARPA, ARP Timeout 04:00:00 Last input 00:00:04, output 00:00:05, output hang never Last clearing of show interface counters 00:07:15 * Input queue: 0/75/45605/0 (size/max/drops/flushes); Total output drops: 0 * Queueing strategy: fifo Output queue: 0/40 (size/max) 5 minute input rate 5511000 bits/sec, 3615 packets/sec 5 minute output rate 1924 bits/sec, 5080 packets/sec L2 Switched: ucast: 68 pkt, 4484 bytes - mcast: 79854 pkt, 5112676 bytes L3 in Switched: ucast: 1116996 pkt, 233979838 bytes - mcast: 0 pkt, 0 bytes mcast L3 out Switched: ucast: 2138144 pkt, 982224161 bytes mcast: 0 pkt, 0 bytes 1496205 packets input, 261671862 bytes, 0 no buffer Received 358394 broadcasts (0 IP multicasts) 0 runts, 0 giants, 2606 throttles * 0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored* 0 watchdog, 0 multicast, 0 pause input 0 input packets with dribble condition detected 2158283 packets output, 988796454 bytes, 0 underruns *0 output errors, 0 collisions, 0 interface resets* 0 babbles, 0 late collision, 0 deferred 0 lost carrier, 0 no carrier, 0 PAUSE output 0 output buffer failures, 0 output buffers swapped out Anybody experience such an odd error? ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] 6509 input queue drops
The 6148 has 1.4MB buffers per 8 ports. Is there another port free that maybe the group of 8 ports are less busy? Matthew Huff | One Manhattanville Rd OTA Management LLC | Purchase, NY 10577 http://www.ox.com | Phone: 914-460-4039 aim: matthewbhuff | Fax: 914-460-4139 -Original Message- From: cisco-nsp-boun...@puck.nether.net [mailto:cisco-nsp-boun...@puck.nether.net] On Behalf Of Lee Riemer Sent: Wednesday, July 21, 2010 3:13 PM To: cisco-nsp@puck.nether.net Subject: Re: [c-nsp] 6509 input queue drops Is the port the traffic is going to egress running at a lower rate or congested? On 7/21/2010 10:58 AM, Chris Lane wrote: All, I have a 48 port 10/100/1000mb EtherModule WS-X6148-GE-TX on a 6509 running s72033-advipservicesk9_wan-mz.122-33.SXH7.bin Interface built as layer3 with a p2p site to site experiencing tons of Input queue drops but no other errors on port. cr.nyc1.ny#sh int g3/2 GigabitEthernet3/2 is up, line protocol is up (connected) Hardware is C6k 1000Mb 802.3, address is Description: x Internet address is MTU 1500 bytes, BW 100 Kbit, DLY 10 usec, reliability 255/255, txload 4/255, rxload 1/255 Encapsulation ARPA, loopback not set Keepalive set (10 sec) Full-duplex, 1000Mb/s, media type is 10/100/1000BaseT input flow-control is off, output flow-control is off Clock mode is auto ARP type: ARPA, ARP Timeout 04:00:00 Last input 00:00:04, output 00:00:05, output hang never Last clearing of show interface counters 00:07:15 * Input queue: 0/75/45605/0 (size/max/drops/flushes); Total output drops: 0 * Queueing strategy: fifo Output queue: 0/40 (size/max) 5 minute input rate 5511000 bits/sec, 3615 packets/sec 5 minute output rate 1924 bits/sec, 5080 packets/sec L2 Switched: ucast: 68 pkt, 4484 bytes - mcast: 79854 pkt, 5112676 bytes L3 in Switched: ucast: 1116996 pkt, 233979838 bytes - mcast: 0 pkt, 0 bytes mcast L3 out Switched: ucast: 2138144 pkt, 982224161 bytes mcast: 0 pkt, 0 bytes 1496205 packets input, 261671862 bytes, 0 no buffer Received 358394 broadcasts (0 IP multicasts) 0 runts, 0 giants, 2606 throttles * 0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored* 0 watchdog, 0 multicast, 0 pause input 0 input packets with dribble condition detected 2158283 packets output, 988796454 bytes, 0 underruns *0 output errors, 0 collisions, 0 interface resets* 0 babbles, 0 late collision, 0 deferred 0 lost carrier, 0 no carrier, 0 PAUSE output 0 output buffer failures, 0 output buffers swapped out Anybody experience such an odd error? ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/ ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] 6509 input queue drops
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 You may want to consider bumping up the size of your queues. Read: http://fasterdata.es.net/cisco.html It has a pretty good explanation of how to tune your queue sizes. On 07/21/2010 02:12 PM, Lee Riemer wrote: GigabitEthernet3/2 is up, line protocol is up (connected) Hardware is C6k 1000Mb 802.3, address is Description: x Internet address is MTU 1500 bytes, BW 100 Kbit, DLY 10 usec, reliability 255/255, txload 4/255, rxload 1/255 Encapsulation ARPA, loopback not set Keepalive set (10 sec) Full-duplex, 1000Mb/s, media type is 10/100/1000BaseT input flow-control is off, output flow-control is off Clock mode is auto ARP type: ARPA, ARP Timeout 04:00:00 Last input 00:00:04, output 00:00:05, output hang never Last clearing of show interface counters 00:07:15 * Input queue: 0/75/45605/0 (size/max/drops/flushes); Total output drops: 0 * Queueing strategy: fifo Output queue: 0/40 (size/max) 5 minute input rate 5511000 bits/sec, 3615 packets/sec 5 minute output rate 1924 bits/sec, 5080 packets/sec L2 Switched: ucast: 68 pkt, 4484 bytes - mcast: 79854 pkt, 5112676 bytes L3 in Switched: ucast: 1116996 pkt, 233979838 bytes - mcast: 0 pkt, 0 bytes mcast L3 out Switched: ucast: 2138144 pkt, 982224161 bytes mcast: 0 pkt, 0 bytes 1496205 packets input, 261671862 bytes, 0 no buffer Received 358394 broadcasts (0 IP multicasts) 0 runts, 0 giants, 2606 throttles * 0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored* 0 watchdog, 0 multicast, 0 pause input 0 input packets with dribble condition detected 2158283 packets output, 988796454 bytes, 0 underruns *0 output errors, 0 collisions, 0 interface resets* 0 babbles, 0 late collision, 0 deferred 0 lost carrier, 0 no carrier, 0 PAUSE output 0 output buffer failures, 0 output buffers swapped out Anybody experience such an odd error? ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/ - -- Byron L. Hicks Office of Telecommunication Services The University of Texas System tel: 512-377-9857 aim/skype: byronhicks -BEGIN PGP SIGNATURE- Version: GnuPG v2.0.14 (GNU/Linux) Comment: Using GnuPG with Remi - http://enigmail.mozdev.org/ iEYEARECAAYFAkxHU7EACgkQ4V/igxvposaETwCghQ5BFdse33GTf7gAZhYKQfgq XDsAmwe+9vk9d8TL1n3xOuPWz1xuNvRr =/Ft5 -END PGP SIGNATURE- ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] 6509 input queue drops
That works with software routers/switches, but hold-queue has no positive effect on hardware switches such as the 6500. The hold-queue will only effect software switched packets. Matthew Huff | One Manhattanville Rd OTA Management LLC | Purchase, NY 10577 http://www.ox.com | Phone: 914-460-4039 aim: matthewbhuff | Fax: 914-460-4139 -Original Message- From: cisco-nsp-boun...@puck.nether.net [mailto:cisco-nsp-boun...@puck.nether.net] On Behalf Of Byron L. Hicks Sent: Wednesday, July 21, 2010 4:08 PM To: cisco-nsp@puck.nether.net Subject: Re: [c-nsp] 6509 input queue drops -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 You may want to consider bumping up the size of your queues. Read: http://fasterdata.es.net/cisco.html It has a pretty good explanation of how to tune your queue sizes. On 07/21/2010 02:12 PM, Lee Riemer wrote: GigabitEthernet3/2 is up, line protocol is up (connected) Hardware is C6k 1000Mb 802.3, address is Description: x Internet address is MTU 1500 bytes, BW 100 Kbit, DLY 10 usec, reliability 255/255, txload 4/255, rxload 1/255 Encapsulation ARPA, loopback not set Keepalive set (10 sec) Full-duplex, 1000Mb/s, media type is 10/100/1000BaseT input flow-control is off, output flow-control is off Clock mode is auto ARP type: ARPA, ARP Timeout 04:00:00 Last input 00:00:04, output 00:00:05, output hang never Last clearing of show interface counters 00:07:15 * Input queue: 0/75/45605/0 (size/max/drops/flushes); Total output drops: 0 * Queueing strategy: fifo Output queue: 0/40 (size/max) 5 minute input rate 5511000 bits/sec, 3615 packets/sec 5 minute output rate 1924 bits/sec, 5080 packets/sec L2 Switched: ucast: 68 pkt, 4484 bytes - mcast: 79854 pkt, 5112676 bytes L3 in Switched: ucast: 1116996 pkt, 233979838 bytes - mcast: 0 pkt, 0 bytes mcast L3 out Switched: ucast: 2138144 pkt, 982224161 bytes mcast: 0 pkt, 0 bytes 1496205 packets input, 261671862 bytes, 0 no buffer Received 358394 broadcasts (0 IP multicasts) 0 runts, 0 giants, 2606 throttles * 0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored* 0 watchdog, 0 multicast, 0 pause input 0 input packets with dribble condition detected 2158283 packets output, 988796454 bytes, 0 underruns *0 output errors, 0 collisions, 0 interface resets* 0 babbles, 0 late collision, 0 deferred 0 lost carrier, 0 no carrier, 0 PAUSE output 0 output buffer failures, 0 output buffers swapped out Anybody experience such an odd error? ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/ - -- Byron L. Hicks Office of Telecommunication Services The University of Texas System tel: 512-377-9857 aim/skype: byronhicks -BEGIN PGP SIGNATURE- Version: GnuPG v2.0.14 (GNU/Linux) Comment: Using GnuPG with Remi - http://enigmail.mozdev.org/ iEYEARECAAYFAkxHU7EACgkQ4V/igxvposaETwCghQ5BFdse33GTf7gAZhYKQfgq XDsAmwe+9vk9d8TL1n3xOuPWz1xuNvRr =/Ft5 -END PGP SIGNATURE- ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/ ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] 6509 input queue drops
Actually, I take some of that back. There are some circumstances where increasing the hold queue will help, but not for buffer overruns in hardware where microbursting is causing the overflow. Matthew Huff | One Manhattanville Rd OTA Management LLC | Purchase, NY 10577 http://www.ox.com | Phone: 914-460-4039 aim: matthewbhuff | Fax: 914-460-4139 -Original Message- From: cisco-nsp-boun...@puck.nether.net [mailto:cisco-nsp-boun...@puck.nether.net] On Behalf Of Byron L. Hicks Sent: Wednesday, July 21, 2010 4:08 PM To: cisco-nsp@puck.nether.net Subject: Re: [c-nsp] 6509 input queue drops -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 You may want to consider bumping up the size of your queues. Read: http://fasterdata.es.net/cisco.html It has a pretty good explanation of how to tune your queue sizes. On 07/21/2010 02:12 PM, Lee Riemer wrote: GigabitEthernet3/2 is up, line protocol is up (connected) Hardware is C6k 1000Mb 802.3, address is Description: x Internet address is MTU 1500 bytes, BW 100 Kbit, DLY 10 usec, reliability 255/255, txload 4/255, rxload 1/255 Encapsulation ARPA, loopback not set Keepalive set (10 sec) Full-duplex, 1000Mb/s, media type is 10/100/1000BaseT input flow-control is off, output flow-control is off Clock mode is auto ARP type: ARPA, ARP Timeout 04:00:00 Last input 00:00:04, output 00:00:05, output hang never Last clearing of show interface counters 00:07:15 * Input queue: 0/75/45605/0 (size/max/drops/flushes); Total output drops: 0 * Queueing strategy: fifo Output queue: 0/40 (size/max) 5 minute input rate 5511000 bits/sec, 3615 packets/sec 5 minute output rate 1924 bits/sec, 5080 packets/sec L2 Switched: ucast: 68 pkt, 4484 bytes - mcast: 79854 pkt, 5112676 bytes L3 in Switched: ucast: 1116996 pkt, 233979838 bytes - mcast: 0 pkt, 0 bytes mcast L3 out Switched: ucast: 2138144 pkt, 982224161 bytes mcast: 0 pkt, 0 bytes 1496205 packets input, 261671862 bytes, 0 no buffer Received 358394 broadcasts (0 IP multicasts) 0 runts, 0 giants, 2606 throttles * 0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored* 0 watchdog, 0 multicast, 0 pause input 0 input packets with dribble condition detected 2158283 packets output, 988796454 bytes, 0 underruns *0 output errors, 0 collisions, 0 interface resets* 0 babbles, 0 late collision, 0 deferred 0 lost carrier, 0 no carrier, 0 PAUSE output 0 output buffer failures, 0 output buffers swapped out Anybody experience such an odd error? ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/ - -- Byron L. Hicks Office of Telecommunication Services The University of Texas System tel: 512-377-9857 aim/skype: byronhicks -BEGIN PGP SIGNATURE- Version: GnuPG v2.0.14 (GNU/Linux) Comment: Using GnuPG with Remi - http://enigmail.mozdev.org/ iEYEARECAAYFAkxHU7EACgkQ4V/igxvposaETwCghQ5BFdse33GTf7gAZhYKQfgq XDsAmwe+9vk9d8TL1n3xOuPWz1xuNvRr =/Ft5 -END PGP SIGNATURE- ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/ ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] A few very Quick IP SLA questions
It is not supported in 12.2SX. Current documentation mentions otherwise. I am getting it updated. Shimol On 7/19/10 8:50 AM, Drew Weaver wrote: Does that Syntax work on 6500s (SXI3) it doesn't seem to in my case? thanks, -Drew -Original Message- From: cisco-nsp-boun...@puck.nether.net [mailto:cisco-nsp-boun...@puck.nether.net] On Behalf Of Ziv Leyes Sent: Sunday, July 18, 2010 4:32 AM To: cisco-nsp@puck.nether.net Subject: Re: [c-nsp] A few very Quick IP SLA questions Wouldn't the source issue be solved if you use type echo protocol ipicmpEcho x.x.25.97 source-interface Giga0/1 instead of source-ip? -Original Message- From: cisco-nsp-boun...@puck.nether.net [mailto:cisco-nsp-boun...@puck.nether.net] On Behalf Of Drew Weaver Sent: Friday, July 16, 2010 6:15 PM To: cisco-nsp@puck.nether.net Subject: [c-nsp] A few very Quick IP SLA questions Hi all, happy Friday. A few questions regarding configuring IP SLA. I've configured two IP SLA probes as such: ip sla 1 icmp-echo x.x.25.97 source-ip x.x.25.98 frequency 10 ip sla schedule 1 life forever start-time now ip sla 2 icmp-echo x.x.25.101 source-ip x.x.25.102 frequency 10 ip sla schedule 2 life forever start-time now 1) If I want this probe to run forever, is it best to configure it as a recurring probe or have the lifetime be 'forever'? 2) If the router has multiple paths to the destination does specifying the source-address mean that 100% of the time it will use the Interface that the indicated source address is assigned to? 3) When using the 'track command' (for example: track 100 ip sla 1 reachability | state) What is the functional difference between reachability and state? Wouldn't they be the same thing? Also the main reason for implementing this is because we had an instance where a interface didn't go down, but no traffic would pass through it (routing protocols failed, etc) and we have our default routes setup as such: ip route 0.0.0.0 0.0.0.0 Vlan4091 x.x.25.97 ip route 0.0.0.0 0.0.0.0 Vlan4092 x.x.25.101 So return traffic was still being sent down the 'dead but up/up' interface which caused obvious heartache. Would using a track on each of these routes (combined with aforementioned IP SLA probes) be a good way to prevent this from occurring in the future? I basically want to ensure that both the interface is up and that traffic can pass from this router to its gateway before the route will be used. Sorry this is so long, hopefully it makes at least some sense. I thought about using BFD, but it seems like they have removed support for BFD on VLANs in recent code. Thanks, -Drew ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/ This footnote confirms that this email message has been scanned by PineApp Mail-SeCure for the presence of malicious code, vandals computer viruses. This footnote confirms that this email message has been scanned by PineApp Mail-SeCure for the presence of malicious code, vandals computer viruses. ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/ ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/ ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] NX-OS - Fabric Path
On 21/07/2010, at 9:13 PM, j.vaningensche...@utwente.nl j.vaningensche...@utwente.nl wrote: Is it just me or did others also receive a duplicate of the message below? Not only this one, but also others that had mr LTD as recipient and the list in CC... The duplicate comes later and has several Cisco hops in the path, including a couple of Ironport devices. If it's not just me, mayby someone at Cisco can have a look... there have been some email server (exchange) issues internal to cisco in the last day or so. be thankful you're not inside Cisco and received the level of duplicate emails i did. :) hopefully its not still happening. cheers, lincoln. ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] Mysterious GRE tunnel flap
I appreciate the reply - the tunne source locall is actually an HSRP virtual interface, and it never goes down according to what I'm seeing. And as far as I can recall, we get no errors on the interface that is acting as the active router. Q On Wed, Jul 21, 2010 at 6:00 PM, Graham Wooden gra...@g-rock.net wrote: I'll take a stab at this ... I think it's something physical at one of the sites. Does any of the two interfaces has their line protocol go down? Can you access down the link, outside the tunnel, ie. Ping your next hop during this? I had something similar happen with some collocated gear at a remote site. Around the same time everynight, err counters on an interface would go nuts for about 2 minutes. Lots of finger pointing between LEC and us. Well, come to find out that the building's emergency lighting would be tested at this time, and it's cable run ran next to our T1s for a short distance before going into our room. Long story short here is check the physical layer first! -graham On 7/21/10 1:17 PM, Quinn Kuzmich lostinmos...@gmail.com wrote: Ok, I have a problem that I'm hoping someone can help out with. I have two 1841s seperated by a Metro-E WAN. Over this is a GRE tunnel to route multicast. Every morning at 8AM EST, give or take 3 minutes, the tunnel will go down for about 30 seconds. This happens every morning at this time, there are no errors in EIGRP, nor on the WAN side (plenty of tickets opened and we were watching the circuit when the flap happened, no dice) and we're at a real loss. Maybe a bug in the IOS? An angry voodoo priest somewhere? Ideas? Thanks in advance! Q ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/ ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] Mysterious GRE tunnel flap
I'll take a stab at this ... I think it's something physical at one of the sites. Does any of the two interfaces has their line protocol go down? Can you access down the link, outside the tunnel, ie. Ping your next hop during this? I had something similar happen with some collocated gear at a remote site. Around the same time everynight, err counters on an interface would go nuts for about 2 minutes. Lots of finger pointing between LEC and us. Well, come to find out that the building's emergency lighting would be tested at this time, and it's cable run ran next to our T1s for a short distance before going into our room. Long story short here is check the physical layer first! -graham On 7/21/10 1:17 PM, Quinn Kuzmich lostinmos...@gmail.com wrote: Ok, I have a problem that I'm hoping someone can help out with. I have two 1841s seperated by a Metro-E WAN. Over this is a GRE tunnel to route multicast. Every morning at 8AM EST, give or take 3 minutes, the tunnel will go down for about 30 seconds. This happens every morning at this time, there are no errors in EIGRP, nor on the WAN side (plenty of tickets opened and we were watching the circuit when the flap happened, no dice) and we're at a real loss. Maybe a bug in the IOS? An angry voodoo priest somewhere? Ideas? Thanks in advance! Q ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/ ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] Mysterious GRE tunnel flap
I would take a box you can log outputs on (like a linux host). From site A set up a script that every 5 seconds prints the time then pings (say 10 packets): the local LAN interface, the local WAN interface, local the GRE IP, the remote WAN interface, remote LAN interface, remote GRE IP and if possible a host on the far side. Set up the same thing from side B. See if there are any drops anywhere along the path. I've seen issues like this where the carrier refreshes the IP but the lease always stays the same, or a batch job runs and congests the interface or anything else that would run on that kind of timer. Do you see any drops or anything on the physical interfaces from either side? Good luck, these kinds of problems can be hard to nail down. -Pete On Wed, Jul 21, 2010 at 8:10 PM, Quinn Kuzmich lostinmos...@gmail.comwrote: I appreciate the reply - the tunne source locall is actually an HSRP virtual interface, and it never goes down according to what I'm seeing. And as far as I can recall, we get no errors on the interface that is acting as the active router. Q On Wed, Jul 21, 2010 at 6:00 PM, Graham Wooden gra...@g-rock.net wrote: I'll take a stab at this ... I think it's something physical at one of the sites. Does any of the two interfaces has their line protocol go down? Can you access down the link, outside the tunnel, ie. Ping your next hop during this? I had something similar happen with some collocated gear at a remote site. Around the same time everynight, err counters on an interface would go nuts for about 2 minutes. Lots of finger pointing between LEC and us. Well, come to find out that the building's emergency lighting would be tested at this time, and it's cable run ran next to our T1s for a short distance before going into our room. Long story short here is check the physical layer first! -graham On 7/21/10 1:17 PM, Quinn Kuzmich lostinmos...@gmail.com wrote: Ok, I have a problem that I'm hoping someone can help out with. I have two 1841s seperated by a Metro-E WAN. Over this is a GRE tunnel to route multicast. Every morning at 8AM EST, give or take 3 minutes, the tunnel will go down for about 30 seconds. This happens every morning at this time, there are no errors in EIGRP, nor on the WAN side (plenty of tickets opened and we were watching the circuit when the flap happened, no dice) and we're at a real loss. Maybe a bug in the IOS? An angry voodoo priest somewhere? Ideas? Thanks in advance! Q ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/ ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/ ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] Mysterious GRE tunnel flap
No drops of any kinds on the interfaces. Any of the usual culprits (carrier resets, IPs reassigned, routing bugaboos etc) do not seem to match this. We aren't seeing any hits with EIGRP at ths time this happens, and the interfaces do not see any hits on the counters. To make this stranger, it's only ONE end of the tunnel going down. The other side stays up. Q On Wed, Jul 21, 2010 at 7:24 PM, Pete Lumbis alum...@gmail.com wrote: I would take a box you can log outputs on (like a linux host). From site A set up a script that every 5 seconds prints the time then pings (say 10 packets): the local LAN interface, the local WAN interface, local the GRE IP, the remote WAN interface, remote LAN interface, remote GRE IP and if possible a host on the far side. Set up the same thing from side B. See if there are any drops anywhere along the path. I've seen issues like this where the carrier refreshes the IP but the lease always stays the same, or a batch job runs and congests the interface or anything else that would run on that kind of timer. Do you see any drops or anything on the physical interfaces from either side? Good luck, these kinds of problems can be hard to nail down. -Pete On Wed, Jul 21, 2010 at 8:10 PM, Quinn Kuzmich lostinmos...@gmail.comwrote: I appreciate the reply - the tunne source locall is actually an HSRP virtual interface, and it never goes down according to what I'm seeing. And as far as I can recall, we get no errors on the interface that is acting as the active router. Q On Wed, Jul 21, 2010 at 6:00 PM, Graham Wooden gra...@g-rock.net wrote: I'll take a stab at this ... I think it's something physical at one of the sites. Does any of the two interfaces has their line protocol go down? Can you access down the link, outside the tunnel, ie. Ping your next hop during this? I had something similar happen with some collocated gear at a remote site. Around the same time everynight, err counters on an interface would go nuts for about 2 minutes. Lots of finger pointing between LEC and us. Well, come to find out that the building's emergency lighting would be tested at this time, and it's cable run ran next to our T1s for a short distance before going into our room. Long story short here is check the physical layer first! -graham On 7/21/10 1:17 PM, Quinn Kuzmich lostinmos...@gmail.com wrote: Ok, I have a problem that I'm hoping someone can help out with. I have two 1841s seperated by a Metro-E WAN. Over this is a GRE tunnel to route multicast. Every morning at 8AM EST, give or take 3 minutes, the tunnel will go down for about 30 seconds. This happens every morning at this time, there are no errors in EIGRP, nor on the WAN side (plenty of tickets opened and we were watching the circuit when the flap happened, no dice) and we're at a real loss. Maybe a bug in the IOS? An angry voodoo priest somewhere? Ideas? Thanks in advance! Q ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/ ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/ ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
[c-nsp] Swap of startup-config with TCAM(CEF MAX) size change
Hi all, When startup-config is swapped with TCAM(CEF MAX) size change, RELOAD of two times is needed. It is automatically generated once of RELOAD of two times. Can this behavior be evaded? (I am looking for Method of reflecting all changes with RELOAD of one time. ) -- Catalyst6503E SUP720-3BXL s72033-ipservicesk9_wan-vz.122-33.SXI3 (1)Before startup-config = AAA.txt #show run mls cef maximum-routes ip 1000 #show conf mls cef maximum-routes ip 1000 #show mls cef maximum-routes FIB TCAM maximum routes : === Current :- --- IPv4- 1000k MPLS- 8k (default) IPv6 + IP Multicast - 8k (default) (2)SWAP startup-config startup-config = AAA.txt - BBB.txt #copy disk0:BBB.txt startup-config #show run mls cef maximum-routes ip 1000 #show conf mls cef maximum-routes ip 800 mls cef maximum-routes ipv6 100 (3)1st RELOAD(manual) #reload System configuration has been modified. Save? [yes/no]: no Proceed with reload? [confirm] yes(enter) startup-config = BBB.txt #show run mls cef maximum-routes ip 800 mls cef maximum-routes ipv6 100 #show conf mls cef maximum-routes ip 800 mls cef maximum-routes ipv6 100 #show mls cef maximum-routes FIB TCAM maximum routes : === Current :- --- IPv4- 1000k MPLS- 8k (default) IPv6 + IP Multicast - 8k (default) (4)2nd RELOAD(automatic) Card inserted in slot x, interfaces are now online is displayed in the log, and RELOAD auto starts again after a few minutes. Of course, I am not operating anything... (5)After startup-config = BBB.txt #show run mls cef maximum-routes ip 800 mls cef maximum-routes ipv6 100 #show conf mls cef maximum-routes ip 800 mls cef maximum-routes ipv6 100 #show mls cef maximum-routes FIB TCAM maximum routes : === Current :- --- IPv4- 800k MPLS- 8k (default) IPv6- 100k IP multicast- 8k (default) note_1 The above-mentioned value of TCAM size is an example, and is not accurate. note_2 The following procedures... - NG (It results similarly) a) TCAM size change by command (ip 1000 - ip 800 / ipv6 100) b) startup-config swap (AAA.txt - BBB.txt) c) reload -- Cheers, nakayama daigo ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] ASR1000 Series PPPoA
I think it's supposed to appear later this year in the new 3.x (15.x) release. Probably your account team can help you more. Regards, Tassos Brian Turnbow wrote on 21/07/2010 11:37: Anyone heard anything on PPPoA on the ASR 1000 series yet? As far as i know it isn't supported (yet?) but i might be wrong :) PPPoA would make it a superb replacement for our 720X series We've been told it won't happen at least any time soon and to go with 10k as an upgrade path... Not really in the same price range though!!! Brian ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/ ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/