[c-nsp] Loadbalancing on ACE4710
Hi all I'll appreciate if someone could give me a hint how to setup a ACE4710. I have a problem regarding RMI calls. The vendor would like to install 4 serveres with 4 incarnations of the same application. Say fram tcp port 8001 to 8004. The client software calls port 8003, so the balancer has to translate the destination port when balancing. Beyond that the client also calls a rmi portrange. Setting up the port src nat is straight forward I guess. But how to I control the rmi calls, will stikiness be able to do this based on the scr addr ? Do I need an entry more class map pointing out the tcp protocol ?. Config .: rserver host TEST1 ip address 10.1.1.1 inservice rserver host TEST1 ip address 10.1.1.2 inservice rserver host TEST1 ip address 10.1.1.3 inservice rserver host TEST1 ip address 10.1.1.4 inservice serverfarm host TEST_FARM rserver TEST1 8001 probe TCP-8001 inservice rserver TEST1 8002 probe TCP-8002 inservice rserver TEST1 8004 probe TCP-8004 inservice rserver TEST2 8001 probe TCP-8001 inservice rserver TEST2 8002 probe TCP-8002 inservice rserver TEST2 8004 probe TCP-8004 inservice rserver TEST3 8001 probe TCP-8001 inservice rserver TEST3 8002 probe TCP-8002 inservice rserver TEST3 8004 probe TCP-8004 inservice rserver TEST4 8001 probe TCP-8001 inservice rserver TEST4 8002 probe TCP-8002 inservice rserver TEST4 8004 probe TCP-8004 inservice sticky ip-netmask 255.255.255.255 address both TEST1_STIKY replicate sticky serverfarm TEST1_FARM class-map match-any VIP_TEST_1 10 match virtual-address 10.1.1.1 tcp eq 8003 ## 20 match virtual-address 10.1.1.1 tcp ## policy-map type loadbalance first-match TEST1_POLICY class class-default serverfarm TEST1_FARM ! policy-map multi-match VIP_ORACLE_POLICY class VIP_TEST_1 loadbalance vip inservice loadbalance policy TEST1_POLICY loadbalance vip icmp-reply /Arne ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] best way to get around IPSEC subnet Conflicts.
Brent Roberts brent...@wirezsound.com wrote: I am looking for the best way to get around IP conflicts (On the Far Side) in fully redundant Hardware solution. I am working in a large Scale Hosted application environment and every 5th or so customer has the same RFC1918 Address that every other small shop has. Depends on how involved you are at the client end, but if this occurs regularly and is a pain, maybe getting some IPv6 in there might help? Unique address space is afterall one of it's biggest selling points and at the client end you do not even have to make it Internet routable; just an internal LAN/VPN deployment. As you have not mentioned what the application is (developed inhouse?) then I have no idea if this is a silly option, but if you are considering a pile of 6500's and what-not...the IPv6 route might actually be cheaper and cause a lot less damage to your brain being forced to think about VRF + IPSEC + NAT + OSPF + pile-of-likely-hacks-needed. Just putting it out there... :) Cheers -- Alexander Clouter .sigmonster says: Serfs up! -- Spartacus ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
[c-nsp] Performace - IP DHCP Snooping
Hi all, Does anyone know whether/ and how much of a performance issue DHCP Snooping can cause to layer 2 switches such as the 3560s, 2960Ss and 3750s? I have about 400 access switches that I want to reconfigure, but am a little worried about nasty side effects which take 2 weeks to get noticed. I would also like to use ip dhcp snooping vlan 1 4096 so that I don't need to check each switch individually as to which vlans are actually in use. Thankfully we only have 6 DHCP servers, and none of them are on these access switches, so I only need work out which for each of these switches which port is the uplink. Am planning on using ruby/ ssh and show run | i default gateway show mac address-table | i %ip of gateway% and use the interface listed as the trusted uplink/ port-channel, or gigabit… Thanks for any tips. Regards ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] Brocade Vs Cisco
Engineer to your requirements. Cisco and Juniper are good vendors to have for variety. Derick Winkworth CCIE #15672 (RS, SP), JNCIE-M #721 http://blinking-network.blogspot.com From: Gert Doering g...@greenie.muc.de To: Ryan Finnesey rfinne...@gmail.com Cc: cisco-nsp@puck.nether.net Sent: Fri, August 12, 2011 2:52:44 AM Subject: Re: [c-nsp] Brocade Vs Cisco Hi, On Thu, Aug 11, 2011 at 09:00:32PM -0400, Ryan Finnesey wrote: What would be your preference between just Cisco or Juniper depends on what you want to do with it Recently, OS and TAC support quality at Juniper seriously went down the drain, so the original reason to want Juniper high quality operating system and very motivated company to iron out the remaining wrinkles seems to have been lost... OTOH, Cisco is still stuck in we have too many operating systems and we spend half our resources with BU in-fighting mode - which, I guess, will now be fixed by firing 10.000 folks from engineering so they won't get in the way of the in-fighting anymore... Right now, I'm not sure I'm trusting either company enough. gert -- USENET is *not* the non-clickable part of WWW! //www.muc.de/~gert/ Gert Doering - Munich, Germanyg...@greenie.muc.de fax: +49-89-35655025g...@net.informatik.tu-muenchen.de ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] BGP router upgrade
The Sup720 on a 6k/7600 won't be what you are looking for in a large peering environment. I'd suggest an NPE-G2 if the 7200 is still suiting you needs and only needs a small upgrade. You could also look at moving to an ASR1k platform which I think can do 10GE and still provides the investment protection to upgrade the forwarding engine (ESP) and control plane (RP) in the future. On Fri, Aug 12, 2011 at 9:31 AM, Lars Eidsheim l...@intellit.no wrote: Hi all, I am looking for a thoughts about a BGP edge router upgrade. I am planning to upgrade our BGP edge from a Cisco 7200/NPE-G1. The NPE-G1 suits our needs at the moment, but as we are looking to interconnect with more services, do more localpeerings and implement IPv6 in near future this might a good timing to upgrade. As we are running a few 6500s in our network already I was thinking to install a 6500 with SUP720-3BXL and a 6724-SFP linecard to replace our existing 7200 platform. The 3BXL will keep-up with full BGP feed and the platform can easily be upgraded to 10 gbit/s with a new line card (in example 6704-10GE). I know others are using the 6500/SUP720-3BXL for this purpose, but as the 6500 is designed a switch platform i would like hear others opinion on the subject? Maybe I should be looking to other platforms as well, like Huawei or Juniper? Rgrds Lars Eidsheim This email has been scanned and secured by Intellit This communication is for use by the intended recipient and contains information that may be privileged, confidential and exempt from disclosure or copyrighted under applicable law. If you are not the intended recipient, you are hereby formally notified that any dissemination, use, copying or distribution of this e-mail, in whole or in part, is strictly prohibited. Please notify the sender by return e-mail and delete this e-mail from your system. ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/ ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] Performace - IP DHCP Snooping
hi, havent noticed any issues with having DHCP snooping enabled - performance wise the access layer seemed to be the same with or without it (its very quick and easy for these switches to see particular bits of packets). just ensure that your trunks are trusted (we too do the whole vlan range rather than only particular ones that a switch may actually handle - makes deployment easier and stops nasty gotchas like an edge port being put onto a vlan that has no snooping protection because the person who added it didnt then update the switch config...) alan ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] BGP router upgrade
On (2011-08-13 10:27 -0400), Pete Lumbis wrote: The Sup720 on a 6k/7600 won't be what you are looking for in a large peering environment. I'd suggest an NPE-G2 if the 7200 is still suiting you needs and only needs a small upgrade. Majority of Internet traffic is still being pushed by 6500 routers today, because it's ghetto fabolous (it's cheap, it's fast, it's easily available from gray market, it works) You can choke NPE-G2 at maybe 300Mbps if you're doing QoS, and Internet it aggressive place to be. Some other posts suggesting NPE-G1 is better than RSP720, is bit streching it, considering RSP720 runs PowerQUICC III MPC8548E and NPE-G2 (marketed as twice the performance of NPE-G1) runs MPC7448 they are roughly in same performance range, while obviously RSP720 will only do control-plane there. NPE-G[12] will load full table considerably faster than SUP720-3BXL or RSP720, but this is not due to control-plane congestion, but rather timing issue in IOS, which I've been told would be large change to fix. Bottom line, I would under no situation ever consider NPE-G[12] for forwarding Internet peering traffic (wording chosen carefully:). And I have lot of love for them. -- ++ytti ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
[c-nsp] BVI MTU Question
Hi. I'm running a bridge group between a Gig E interface and a Fast E interface. I'd like to use jumbo frames on the Gig E interface and have it translate the MTU for packets headed to the Fast E interface, but not translate the MTU for packets headed to a jumbo-frames enabled Gig E interface that's not part of the bridge group. Is this doable? Peace... Sridhar ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] 802.1q , tag and untag
Wow, gettem! heh -Original Message- From: Randy Sent: Friday, August 12, 2011 11:30 PM To: Cisco Network Service Providers ; Deric Kwok Subject: Re: [c-nsp] 802.1q , tag and untag Deric - How about you engage in some RTFM (Read-The-Fucking-Manual) and Use-Goolge! You have tried it here before, tried it on NANOG last week: lo ping, spamming-tree, connection-disappearing...! enough said! Deric *wants-to-know* and *NOW* but Deric doesn't know what he wants to know. ./Randy --- On Fri, 8/12/11, Deric Kwok deric.kwok2...@gmail.com wrote: From: Deric Kwok deric.kwok2...@gmail.com Subject: [c-nsp] 802.1q , tag and untag To: Cisco Network Service Providers cisco-nsp@puck.nether.net Date: Friday, August 12, 2011, 5:51 PM Hi all How can I create the 802.1q vlan in cisco switch? How can I put the tag and untag on the port. ls it same as native vlan? Thank you so much ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/ ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/ ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] Brocade Vs Cisco
If I have the option to engineer to our requirements I would use cisco at the edge and Juniper at the core. Cheers Ryan From: Derick Winkworth [mailto:dwinkwo...@att.net] Sent: Saturday, August 13, 2011 9:08 AM To: Gert Doering; Ryan Finnesey Cc: cisco-nsp@puck.nether.net Subject: Re: [c-nsp] Brocade Vs Cisco Engineer to your requirements. Cisco and Juniper are good vendors to have for variety. Derick Winkworth CCIE #15672 (RS, SP), JNCIE-M #721 http://blinking-network.blogspot.com _ From: Gert Doering g...@greenie.muc.de To: Ryan Finnesey rfinne...@gmail.com Cc: cisco-nsp@puck.nether.net Sent: Fri, August 12, 2011 2:52:44 AM Subject: Re: [c-nsp] Brocade Vs Cisco Hi, On Thu, Aug 11, 2011 at 09:00:32PM -0400, Ryan Finnesey wrote: What would be your preference between just Cisco or Juniper depends on what you want to do with it Recently, OS and TAC support quality at Juniper seriously went down the drain, so the original reason to want Juniper high quality operating system and very motivated company to iron out the remaining wrinkles seems to have been lost... OTOH, Cisco is still stuck in we have too many operating systems and we spend half our resources with BU in-fighting mode - which, I guess, will now be fixed by firing 10.000 folks from engineering so they won't get in the way of the in-fighting anymore... Right now, I'm not sure I'm trusting either company enough. gert -- USENET is *not* the non-clickable part of WWW! //www.muc.de/~gert/ Gert Doering - Munich, Germany g...@greenie.muc.de fax: +49-89-35655025 g...@net.informatik.tu-muenchen.de ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] BVI MTU Question
...at L2 no! the BVI itself is l3 so as long as you have your mtu set to the lowest-common-denominator it will work(while your L2 interfaces are set to a higher mtu) From your email, it appears you are trying to do this *mtu-translation* at L2-conditionally. That will not work. ./Randy --- On Sat, 8/13/11, Sridhar Ayengar ploops...@gmail.com wrote: From: Sridhar Ayengar ploops...@gmail.com Subject: [c-nsp] BVI MTU Question To: Cisco NSPs cisco-nsp@puck.nether.net Date: Saturday, August 13, 2011, 8:15 AM Hi. I'm running a bridge group between a Gig E interface and a Fast E interface. I'd like to use jumbo frames on the Gig E interface and have it translate the MTU for packets headed to the Fast E interface, but not translate the MTU for packets headed to a jumbo-frames enabled Gig E interface that's not part of the bridge group. Is this doable? Peace... Sridhar ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/ ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/