[c-nsp] PA-2T3+ vs PA-MC-2T3
Hello, I'm looking at setting up a 7206vxr/NPEG1 with two DS3 BGP peers and I'm wondering if there's any substantial difference between the PA-2T3+ and the PA-MC-2T3. Thanks in advance. ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] L2 Ethernet bridging over GRE issues
And L2TPv3 is supported. Recent code doesn't allow a bridge-group to be defined on a tunnel. While this is possible, its ten times easier and more reliable to use L2TPv3. Thanks, I've never tested L2TP, but I'm familiar with GRE. Is L2TP server-client or can it be used as always up back-to-back between two routers? Do you have any nice sample config of back-to-back L2TP on Ethernet with and without VLANs. Thanks! ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] PA-2T3+ vs PA-MC-2T3
On 1/28/11 12:11 AM, Christopher Wolff wrote: Hello, I'm looking at setting up a 7206vxr/NPEG1 with two DS3 BGP peers and I'm wondering if there's any substantial difference between the PA-2T3+ and the PA-MC-2T3. Thanks in advance. Yes, very much difference. The PA-2T3+ is used for clear-channel DS3. The PA-MC-2T3 is used with a mux to split each DS3 into 28 individual T1s. For your purpose you want the PA-2T3+. -- Jay Hennigan - CCIE #7880 - Network Engineering - j...@impulse.net Impulse Internet Service - http://www.impulse.net/ Your local telephone and internet company - 805 884-6323 - WB6RDV ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] Router/switch recommendations for colocation
On 28.01.2011 07:18, Jim Berwick wrote: Hello, Hoping someone can offer advice on hardware. We're going to be offering bandwidth to our colo customers. Initially we're bringing in a single 100mbit connection (Level3) but planning to add a Verizon circuit in the near future and do BGP (full routes from both providers). We're looking for something to terminate the internet as well as the customer connections. Looking for a switch that can do ingress and egress rate shaping (or thinking of a 3750 stack and handling rate shaping on the router upstream), and a router/switch that can handle full BGP tables from at least two providers. We need something either fully redundant (dual SUP, power supply, etc), or two units with HSRP. The idea that was put on the table already is a 3750 stack (two switches, feeding each customer two connections) uplinked to two 3845s to handle layer 3 routing of the customer VLANs and the BGP sessions. My concern with that setup is the 3845 being able to handle two full BGP tables. With a decent ram upgrade, that shouldn't be the problem .. forwarding though might be the important issue with the 3845. What bandwidths do you expect to handle? Check out Cisco's router performance sheet for a rough estimate of how much throughput you can get out of the routers ... According to it, the 3845 is rated at 500kpps, which ought to be enough to handle two 100mbit uplinks ... you might want to look into maybe a 7301, which can handle twice the throughput (~1mpps) and is only 1RU ... price-wise it's not that much difference (List price of 18k$ for the 7301, 13k$ for the 3845). Or even better, look into an ASR1002F, which is 20k$, but is rated at 4.4mpps and has 4xGE ... (and has more memory and flash on board) -garry ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] L2 Ethernet bridging over GRE issues
Do you have any nice sample config of back-to-back L2TP on Ethernet with and without VLANs. Nevermind, I got it working. Sample config is someone else is interrested: Router A: pseudowire-class test encapsulation l2tpv3 protocol none ip local interface Loopback0 ! interface Loopback0 ip address 1.1.1.1 255.255.255.255 ! interface FastEthernet0/1 description LAN no ip address speed 100 full-duplex xconnect 2.2.2.2 1 encapsulation l2tpv3 manual pw-class test l2tp id 1 2 Router B: pseudowire-class test encapsulation l2tpv3 protocol none ip local interface Loopback0 ! interface Loopback0 ip address 2.2.2.2 255.255.255.255 !interface FastEthernet0/1 no ip address duplex auto speed auto xconnect 1.1.1.1 1 encapsulation l2tpv3 manual pw-class test l2tp id 2 1 Works like a charm. But only layer 2. As I cannot put an IP LAN interface, no usable default gateway for HOST A and B. It seems like you have to create 2 subinterfaces with the same VLAN ID. And then put the IP on the first sub-if, and the xconnection on the second subinterface without the IP, and then connected them to the switch as a trunk. /Roger ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
[c-nsp] 6500 to nexus internal vlans
We are looking upgrading one of our 6500 to a nexus 7000, but I see that the nexus uses the following internal vlans that cannot be used or changed as stated in the doc -- Found in... Cisco Nexus 5000 Series NX-OS Software Configuration Guide NVLANs 3968 to 4047 and 4094 are reserved for internal use; these VLANs cannot be changed or used. Cisco NX-OS allocates a group of 80 VLAN numbers for those features, such as multicast and diagnostics, that need to use internal VLANs for their operation. By default, the system allocates VLANs numbered 3968 to 4047 for internal use. VLAN 4094 is also reserved for internal use by the switch. You cannot use, modify, or delete any of the VLANs in the reserved group. You can display the VLANs that are allocated internally and their associated use. - We are currently using some of these vlans and it would be very difficult to change 100s of switches. Is there some way around this issue ? Thanks for any help. Jeff Fitzwater OIT Network Systems Princeton University ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] 6500 to nexus internal vlans
I believe the plan is to add this feature in the 5.2 release. CSCsh79698 is tracking this capability. Rob On 1/28/2011 9:51 AM, Jeff Fitzwater wrote: We are looking upgrading one of our 6500 to a nexus 7000, but I see that the nexus uses the following internal vlans that cannot be used or changed as stated in the doc -- Found in... Cisco Nexus 5000 Series NX-OS Software Configuration Guide NVLANs 3968 to 4047 and 4094 are reserved for internal use; these VLANs cannot be changed or used. Cisco NX-OS allocates a group of 80 VLAN numbers for those features, such as multicast and diagnostics, that need to use internal VLANs for their operation. By default, the system allocates VLANs numbered 3968 to 4047 for internal use. VLAN 4094 is also reserved for internal use by the switch. You cannot use, modify, or delete any of the VLANs in the reserved group. You can display the VLANs that are allocated internally and their associated use. - We are currently using some of these vlans and it would be very difficult to change 100s of switches. Is there some way around this issue ? Thanks for any help. Jeff Fitzwater OIT Network Systems Princeton University ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/ ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] Router/switch recommendations for colocation
Hoping someone can offer advice on hardware. We're going to be offering bandwidth to our colo customers. Initially we're bringing in a single 100mbit connection (Level3) but planning to add a Verizon circuit in the near future and do BGP (full routes from both providers). We're looking for something to terminate the internet as well as the customer connections. Think of growth. According to it, the 3845 is rated at 500kpps, which ought to be enough to handle two 100mbit uplinks ... you might want to look into maybe a 7301, which can handle twice the throughput (~1mpps) and is only 1RU I've never been able to get more than 100kpps out of a 7301. That's with no ACLs, limited policies, etc. CPU goes wonky at about 60kpps. I would highly recommend the ASRs. I have some ASR1002's deployed and haven't been able to even wake them up let alone kill them. If you have bursty traffic at all, go with silicon, not software. YMMV, -b ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] Router/switch recommendations for colocation
Re Bill bblackf...@nwresd.k12.or.us (Bill Blackford) wrote: According to it, the 3845 is rated at 500kpps, which ought to be enough to handle two 100mbit uplinks ... you might want to look into maybe a 7301, which can handle twice the throughput (~1mpps) and is only 1RU I've never been able to get more than 100kpps out of a 7301. That's with no ACLs, limited policies, etc. CPU goes wonky at about 60kpps. I would highly recommend the ASRs. I have some ASR1002's deployed and haven't been able to even wake them up let alone kill them. If you have bursty traffic at all, go with silicon, not software. I have no idea what you did wrong with your 7301; I managed a bit more than 350 kpps - with small packets of course. Once you add enough bandwidth for that packet rate at large packet sizes, you need port channels, and those eat up CPU too... ASRs are a good choice if you need full features (albeit not all of them work) and hardware forwarding. If you need no features, or only a few, try one of the switches (3560/3750) Elmar. ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] Router/switch recommendations for colocation
I have no idea what you did wrong with your 7301; I managed a bit more than 350 kpps - with small packets of course. Wow. I certainly don't claim to know everything. I should re-state this. I saw 60-100kpps on each interface and yes small packets so I guess we're talking about the same kind of numbers. My apologies for not making this clear. If you need no features, or only a few, try one of the switches (3560/3750) I believe the OP talked about a full table, but I might be wrong. I've used LAN switches in this role as well but only taking in default. And if he needs no features, then the ones reportedly not properly implemented in the ASRs don't really matter. I tend to purchase based on what I think I'll need in 5 years then I add 25%. That said, I would never recommend a router to someone that will only meet their current needs. -b -Original Message- From: Elmar K. Bins [mailto:e...@4ever.de] Sent: Friday, January 28, 2011 7:35 AM To: Bill Blackford Cc: cisco-nsp@puck.nether.net Subject: Re: [c-nsp] Router/switch recommendations for colocation Re Bill bblackf...@nwresd.k12.or.us (Bill Blackford) wrote: According to it, the 3845 is rated at 500kpps, which ought to be enough to handle two 100mbit uplinks ... you might want to look into maybe a 7301, which can handle twice the throughput (~1mpps) and is only 1RU I've never been able to get more than 100kpps out of a 7301. That's with no ACLs, limited policies, etc. CPU goes wonky at about 60kpps. I would highly recommend the ASRs. I have some ASR1002's deployed and haven't been able to even wake them up let alone kill them. If you have bursty traffic at all, go with silicon, not software. I have no idea what you did wrong with your 7301; I managed a bit more than 350 kpps - with small packets of course. Once you add enough bandwidth for that packet rate at large packet sizes, you need port channels, and those eat up CPU too... ASRs are a good choice if you need full features (albeit not all of them work) and hardware forwarding. If you need no features, or only a few, try one of the switches (3560/3750) Elmar. ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] Router/switch recommendations for colocation
On 1/27/2011 22:18, Jim Berwick wrote: The idea that was put on the table already is a 3750 stack (two switches, feeding each customer two connections) uplinked to two 3845s to handle layer 3 routing of the customer VLANs and the BGP sessions. My concern with that setup is the 3845 being able to handle two full BGP tables. Don't do this. While it will handle the BGP tables fine and probably work for a while, as you enable more features (you mentioned shaping) making it do more stuff you're going to lose out on CPU until one day it falls over. ~Seth ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] Advice: Which routers to purchase ?
Łukasz Bromirski luk...@bromirski.net writes: The ASR 1001 is hardware-based router that has 4 GE interfaces and is priced at 17k$ with dual PSUs. The ASR 1001 can with proper license do 5Gbit/s line-rate, while the 7201 is 1Mpps engine that will slow down with every feature turned on. Does the 1001 have the limitation of 512000 routes in its FIB, like the 1002-F? /Benny ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] Advice: Which routers to purchase ?
On 2011-01-28 17:33, Benny Amorsen wrote: The ASR 1001 is hardware-based router that has 4 GE interfaces and is priced at 17k$ with dual PSUs. The ASR 1001 can with proper license do 5Gbit/s line-rate, while the 7201 is 1Mpps engine that will slow down with every feature turned on. Does the 1001 have the limitation of 512000 routes in its FIB, like the 1002-F? Right - for IPv4. It was mentioned on this alias already a couple of times with regards to 1002-F. The 1001 has a ESP5 on-board. -- There's no sense in being precise when | Łukasz Bromirski you don't know what you're talking | jid:lbromir...@jabber.org about. John von Neumann |http://lukasz.bromirski.net ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
[c-nsp] active/standy failover
Hi In cisco url, it introduces PIX active/standy failover http://www.cisco.com/en/US/products/hw/vpndevc/ps2030/products_configuration_example09186a00807dac5f.shtml#acti 1/ ls it same as ASA? 2/ How about the physical connection? using Hub or switch. eg: router --- hub A then one is active --- hub B hub A --- one is standy hub B 3/ I know it needs same ios and licence, Do it have special requirement? 4/ Where is port for cross over cable between active and standy? Thank you ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] active/standy failover
On 28/01/2011 20:21, Deric Kwok wrote: 1/ ls it same as ASA? yes 2/ How about the physical connection? using Hub or switch. eg: router --- hub A then one is active --- hub B hub A --- one is standy hub B Yes, this configuration will work. The connection should be a layer 2 link. You can't use a routed link with a L3 gateway in the middle. 3/ I know it needs same ios and licence, Do it have special requirement? no. 4/ Where is port for cross over cable between active and standy? you need two ports, one to signal failover, and the other to transmit the firewall state. Nick ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] active/standy failover
On 28/01/2011 20:21, Deric Kwok wrote: 4/ Where is port for cross over cable between active and standy? you need two ports, one to signal failover, and the other to transmit the firewall state. You can combine them onto a single cable as well. -ryan ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] active/standy failover
On 1/28/2011 3:40 PM, Nick Hilliard wrote: you need two ports, one to signal failover, and the other to transmit the firewall state. You can run ASA LAN failover over one (or configure them separately). I remember reading (or think I did) somewhere that it was preferable to run this failover link through a switch as opposed to a crossover cable, but I can't cite a reference. Old PIX used to have this serial-cable heartbeat and LAN-connection-state combination. We're running ASAs active/active over a common failover link. Jeff ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] L2 Ethernet bridging over GRE issues
This goes over the majority of L2TPv3 configuration http://www.cisco.com/en/US/docs/ios/12_3t/12_3t2/feature/guide/gtl2tpv3.html -- http://dcp.dcptech.com -Original Message- From: roger.wikl...@gmail.com [mailto:roger.wikl...@gmail.com] On Behalf Of Roger Wiklund Sent: Friday, January 28, 2011 3:15 AM To: Cisco-nsp Cc: i...@ianh.net.au; d...@dcptech.com Subject: Re: [c-nsp] L2 Ethernet bridging over GRE issues And L2TPv3 is supported. Recent code doesn't allow a bridge-group to be defined on a tunnel. While this is possible, its ten times easier and more reliable to use L2TPv3. Thanks, I've never tested L2TP, but I'm familiar with GRE. Is L2TP server-client or can it be used as always up back-to-back between two routers? Do you have any nice sample config of back-to-back L2TP on Ethernet with and without VLANs. Thanks! ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] active/standy failover
On 28/01/2011 20:48, Ryan West wrote: You can combine them onto a single cable as well. yes, you can certainly do that on subinterfaces. I usually use dedicated cables, though - makes things more obvious for other people, and you don't really lose anything in terms of throughput on most devices either. Nick ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] active/standy failover
As mentioned below, the ASA does not have a dedicated serial failover port as does the PIX. You use the Ethernet port(s) on the ASA for LAN-based failover/stateful duties. Ensure that your failover/stateful port(s) is/are at least the same capacity/speed as that of any production interfaces. The reference about running the failover link over a switch is mentioned in the link below but to the best of my knowledge, connecting the ports directly together works fine as well. For more information: http://www.cisco.com/en/US/products/hw/vpndevc/ps2030/products_configura tion_example09186a00807dac5f.shtml Vijay Ramcharan -Original Message- From: cisco-nsp-boun...@puck.nether.net [mailto:cisco-nsp- boun...@puck.nether.net] On Behalf Of Jeff Kell Sent: Friday, January 28, 2011 3:56 PM To: Nick Hilliard Cc: Cisco Network Service Providers Subject: Re: [c-nsp] active/standy failover On 1/28/2011 3:40 PM, Nick Hilliard wrote: you need two ports, one to signal failover, and the other to transmit the firewall state. You can run ASA LAN failover over one (or configure them separately). I remember reading (or think I did) somewhere that it was preferable to run this failover link through a switch as opposed to a crossover cable, but I can't cite a reference. Old PIX used to have this serial-cable heartbeat and LAN-connection-state combination. We're running ASAs active/active over a common failover link. Jeff ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/ ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] active/standy failover
Jeff Kell said: You can run ASA LAN failover over one (or configure them separately). I remember reading (or think I did) somewhere that it was preferable to run this failover link through a switch as opposed to a crossover cable, but I can't cite a reference. For what its worth: We had 2 clusters that we set up some months apart - the first set a straight thru cable worked OK and for the 2nd set a straight thru didn't. No clue why. (Same models, same version of code, same failover interface). Took us a few hours to figure out to use a crossover on the 2nd pair. Definitely one of those head scratching moments. -Jeff Wojciechowski This electronic mail (including any attachments) may contain information that is privileged, confidential, or otherwise protected from disclosure to anyone other than its intended recipient(s). Any dissemination or use of this electronic mail or its contents (including any attachments) by persons other than the intended recipient(s) is strictly prohibited. If you have received this message in error, please delete the original message in its entirety (including any attachments) and notify us immediately by reply email so that we may correct our internal records. Midland Paper Company accepts no responsibility for any loss or damage from use of this electronic mail, including any damage resulting from a computer virus. ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] Advice: Which routers to purchase ?
Hi, On Fri, Jan 28, 2011 at 08:14:25PM +0100, ?ukasz Bromirski wrote: Does the 1001 have the limitation of 512000 routes in its FIB, like the 1002-F? Right - for IPv4. It was mentioned on this alias already a couple of times with regards to 1002-F. The 1001 has a ESP5 on-board. Might be a good edge box, but certainly not something I'd buy for a full BGP setup today. My bet is that we'll hit 512k (IPv4+IPv6) in less than two years from now. (Side note: 7201 is based on NPE-G2, not NPE-G1) gert -- USENET is *not* the non-clickable part of WWW! //www.muc.de/~gert/ Gert Doering - Munich, Germany g...@greenie.muc.de fax: +49-89-35655025g...@net.informatik.tu-muenchen.de pgpFchr5Crjr9.pgp Description: PGP signature ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] Advice: Which routers to purchase ?
On 2011-01-29 00:21, Gert Doering wrote: Might be a good edge box, but certainly not something I'd buy for a full BGP setup today. My bet is that we'll hit 512k (IPv4+IPv6) in less than two years from now. We may. (Side note: 7201 is based on NPE-G2, not NPE-G1) Right, 7301 was based on a NPE-G1. That was before morning coffee :P -- There's no sense in being precise when | Łukasz Bromirski you don't know what you're talking | jid:lbromir...@jabber.org about. John von Neumann |http://lukasz.bromirski.net ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
[c-nsp] Cisco 7401 - Buy/Get a specific IOS ?
Hi i am search a specific version of IOS for Cisco 7401: 12.2(14)Sxx (xx= 1 to 16) sample file name: 12.2(14)S16 ENTERPRISE c7400-js-mz.122-14.S16.bin 12.2(14)S16 SERVICE PROVIDERc7400-p-mz.122-14.S16.bin I don't have cisco contract on this equipment, anyone know the procedure for buy/get this ios ? thanks Stephane ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
