Re: [c-nsp] IP SLA
On (2011-10-19 18:01 +0200), Andrew Miehs wrote: I have been looking at IP SLA and was wondering whether there are any appliances around which emulate Ciscos IP SLA so that you can use it as a responder, or even better, the transmitter end? Have you found any? I'd be very interested in commercial solution also. Preferably one which does hardware timestamping. IP SLA is proprietary protocol, so technically if you want to do commercial solution, you'd need to buy permission for it from Cisco. And I know many people buying dedicated Cisco CPE for IP SLA responders, so it might be that companies have tried to build IP SLA responders but Cisco has said no. In the mean time, co-worker just released[0] alpha version of Cisco IP SLA/Juniper RPM responder for Linux. It supports IP SLA Control packets and few tests, IP SLA UDP Jitter millisecond, IP SLA UDP Jitter microsecond, RPM ICMP Ping Timestamp and RPM UDP Ping Timestamp, but it wouldn't be exactly complicated to add support for further tests. It has some novel features, which makes it 0-touch. So if you need responder for L3 MPLS VPNs, you will never touch the responder. You just add VLAN+VRF+IP to neighbouring PE box. The responder code is MAC, VLAN and IP address agnostic and handles them statelessly. Accuracy to SRX or ISR responder is 1-2 magnitudes better, in terms of jitter, so you should see your tests 50% better as you can mostly exclude any inaccuracies incurred by responder. Only way to make it more convenient would be to add support for BGP VPN RR peering, and look for some magic RT in routes, if found, advertise your prefix and copy label to use for egress. Then provisioning of test would be 'route-target both ASN:magic' in VRF definition. [0] https://github.com/cmouse/ip-sla-responder -- ++ytti ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
[c-nsp] rate-limit rspan (6500/sup-720)
Hi, I often use rspan sessions to analyse traffic at remote locations but the capacity between the analyser and the source is less than the 'potential' traffic I could select for analysis. In these cases, I may be sourcing from a 10GB port and bringing that traffic to a remote location over another 10GB trunk port. However, there was other (real) traffic on that trunk port before I enabled the rspan session, so my additional traffic could now exceed the 10GB available in total. Causing drops in the non-rspan traffic as it tries to egress the port along with the mirrored rpsan traffic. Thus my question is, how do you rate-limit traffic before it is placed onto the rspan vlan? Or at least reduce its priority such that it has no impact at all on all other traffic egressing that port. The platform in question is the 6500 / Sup-720 Cheers! Robert Williams Backline / Operations Team Custodian DataCentre tel: +44 (0)1622 230382 email: rob...@custodiandc.com http://www.custodiandc.com/disclaimer.txt ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] rate-limit rspan (6500/sup-720)
On Nov 12, 2012, at 3:55 PM, Robert Williams wrote: Thus my question is, how do you rate-limit traffic before it is placed onto the rspan vlan? Or at least reduce its priority such that it has no impact at all on all other traffic egressing that port. 1. You send it over your DCN/OOB network, not your production network. 2. You selectively capture traffic via copy/capture VACLs. 3. You consider moving away from SPAN/RSPAN to taps, keeping in mind #1 and #2, given the performance impact of SPAN/RSPAN. 4. You upgrade to Sup2Ts and DFC4 linecards, and use sampled NetFlow, instead. --- Roland Dobbins rdobb...@arbor.net // http://www.arbornetworks.com Luck is the residue of opportunity and design. -- John Milton ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] rate-limit rspan (6500/sup-720)
On 12/11/12 08:55, Robert Williams wrote: Hi, I often use rspan sessions to analyse traffic at remote locations but the capacity between the analyser and the source is less than the 'potential' traffic I could select for analysis. In these cases, I may be sourcing from a 10GB port and bringing that traffic to a remote location over another 10GB trunk port. However, there was other (real) traffic on that trunk port before I enabled the rspan session, so my additional traffic could now exceed the 10GB available in total. Causing drops in the non-rspan traffic as it tries to egress the port along with the mirrored rpsan traffic. Thus my question is, how do you rate-limit traffic before it is placed onto the rspan vlan? Or at least reduce its priority such that it has no impact at all on all other traffic egressing that port. I don't know about RSPAN, but ERSPAN lets you set the DSCP. This might help, but I don't know how the originating device behaves w.r.t. output congestion. Presumably it does the right thing... As Roland has suggested, the best solution is don't do that i.e. don't move 10G of SPAN traffic over a 10G production link. Either VACL filter, use separate links or do something cleverer (local analyser box, one of those fancy sampling tap thingies, pipe SPAN traffic into a switch with filtering layer2 ACLs learning disabled before piping it back to you, etc.). ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] custom fiber cables
We've had good luck with fi Sent from my iPad On Nov 10, 2012, at 8:55, harbor235 harbor...@gmail.com wrote: I have a couple runs of 150 and 350 feet, I assume they need to be made custom? Mike On Sat, Nov 10, 2012 at 8:48 AM, Gerry Boudreaux ge...@tape.net wrote: We have had great service and fast turn-around from http://www.fiberall.com/ Hope this helps. G On Nov 10, 2012, at 07:23 , harbor235 harbor...@gmail.com wrote: Can anyone point me to a reputable custom fiber patch supplier, looking for an Internet based company with quick response times. thanks, Mike ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/ ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/ ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] custom fiber cables
Sorry about last, we've had good luck with fiber instrument sales, decent turnaround time and we haven't had a bad jumper from them yet. Doing it yourself with unicams is a decent option too, but like Jon mentioned the kit is expensive, and so are the connectors. And the cleaver which comes with the kit is kinda iffy at times which will make you want to go out and get a real cleaver pretty quickly. Sent from my iPad On Nov 10, 2012, at 8:55, harbor235 harbor...@gmail.com wrote: I have a couple runs of 150 and 350 feet, I assume they need to be made custom? Mike On Sat, Nov 10, 2012 at 8:48 AM, Gerry Boudreaux ge...@tape.net wrote: We have had great service and fast turn-around from http://www.fiberall.com/ Hope this helps. G On Nov 10, 2012, at 07:23 , harbor235 harbor...@gmail.com wrote: Can anyone point me to a reputable custom fiber patch supplier, looking for an Internet based company with quick response times. thanks, Mike ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/ ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/ ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] rate-limit rspan (6500/sup-720)
Hi all, Unfortunately the scenario doesn't permit for additional bandwidth / circuits between the locations as we are talking about very long (read: expensive) circuits. We may have to look at outputting to a 1G port, physically-looped to another 1G port which is then going off down the 10G. I'll look at the options for setting DSCP but I can't say I've seen it in there for RSPAN unfortunately. I was hoping there was a way of policing the RSPAN vlan at the source, as a whole, but it's sounding like it isn't possible. Thanks anyway! Robert Williams Backline / Operations Team Custodian DataCentre tel: +44 (0)1622 230382 email: rob...@custodiandc.com http://www.custodiandc.com/disclaimer.txt -Original Message- From: cisco-nsp-boun...@puck.nether.net [mailto:cisco-nsp-boun...@puck.nether.net] On Behalf Of Phil Mayers Sent: 12 November 2012 12:41 To: cisco-nsp@puck.nether.net Subject: Re: [c-nsp] rate-limit rspan (6500/sup-720) On 12/11/12 08:55, Robert Williams wrote: Hi, I often use rspan sessions to analyse traffic at remote locations but the capacity between the analyser and the source is less than the 'potential' traffic I could select for analysis. In these cases, I may be sourcing from a 10GB port and bringing that traffic to a remote location over another 10GB trunk port. However, there was other (real) traffic on that trunk port before I enabled the rspan session, so my additional traffic could now exceed the 10GB available in total. Causing drops in the non-rspan traffic as it tries to egress the port along with the mirrored rpsan traffic. Thus my question is, how do you rate-limit traffic before it is placed onto the rspan vlan? Or at least reduce its priority such that it has no impact at all on all other traffic egressing that port. I don't know about RSPAN, but ERSPAN lets you set the DSCP. This might help, but I don't know how the originating device behaves w.r.t. output congestion. Presumably it does the right thing... As Roland has suggested, the best solution is don't do that i.e. don't move 10G of SPAN traffic over a 10G production link. Either VACL filter, use separate links or do something cleverer (local analyser box, one of those fancy sampling tap thingies, pipe SPAN traffic into a switch with filtering layer2 ACLs learning disabled before piping it back to you, etc.). ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/ ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] custom fiber cables
http://www.connectionconceptsinc.com/ All these guys do is telco assembles and fiber jumps... Used them for years. Email me for the contact name and number. -Original Message- From: cisco-nsp-boun...@puck.nether.net [mailto:cisco-nsp-boun...@puck.nether.net] On Behalf Of Matt Addison Sent: Monday, November 12, 2012 9:15 AM To: harbor235 Cc: Gerry Boudreaux; cisco-nsp@puck.nether.net Subject: Re: [c-nsp] custom fiber cables Sorry about last, we've had good luck with fiber instrument sales, decent turnaround time and we haven't had a bad jumper from them yet. Doing it yourself with unicams is a decent option too, but like Jon mentioned the kit is expensive, and so are the connectors. And the cleaver which comes with the kit is kinda iffy at times which will make you want to go out and get a real cleaver pretty quickly. Sent from my iPad On Nov 10, 2012, at 8:55, harbor235 harbor...@gmail.com wrote: I have a couple runs of 150 and 350 feet, I assume they need to be made custom? Mike On Sat, Nov 10, 2012 at 8:48 AM, Gerry Boudreaux ge...@tape.net wrote: We have had great service and fast turn-around from http://www.fiberall.com/ Hope this helps. G On Nov 10, 2012, at 07:23 , harbor235 harbor...@gmail.com wrote: Can anyone point me to a reputable custom fiber patch supplier, looking for an Internet based company with quick response times. thanks, Mike ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/ ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/ ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/ CONFIDENTIALITY NOTICE: This e-mail transmission, and any documents, files or previous e-mail messages attached to it may contain confidential information that is legally privileged. If you are not the intended recipient, or a person responsible for delivering it to the intended recipient, you are hereby notified that any disclosure, copying, distribution or use of any of the information contained in or attached to this transmission is STRICTLY PROHIBITED. If you have received this transmission in error please notify the sender immediately by replying to this e-mail. You must destroy the original transmission and its attachments without reading or saving in any manner. Thank you. ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
[c-nsp] Monitoring 3750x power supplies
Hey guys, We are having issues monitoring our 3750x power supplies via the cisco envmon MIB that hopefully someone out there has experienced. When one of the power supplies loses power the OID will change state to 6:notFunctioning but once power is reset the state does not change back to normal. This is causing issues for our monitoring application. See below for the OID: Object ciscoEnvMonSupplyState OID 1.3.6.1.4.1.9.9.13.1.5.1.3 Type CiscoEnvMonState 1:normal 2:warning 3:critical 4:shutdown 5:notPresent 6:notFunctioning Permission read-only Status current MIB Description The current state of the power supply being instrumented. snmpwalk result: SNMPv2-SMI::enterprises.9.9.13.1.5.1.3.1058 = INTEGER: 1 SNMPv2-SMI::enterprises.9.9.13.1.5.1.3.1086 = INTEGER: 6 switch#show env power SW PID Serial# Status Sys Pwr PoE Pwr Watts --- -- -- --- --- --- - 1A C3KX-PWR-1100WAC OK Good Good 1100/0 1B C3KX-PWR-1100WAC OK Good Good 1100/0 Any ideas? I believe a reload of the switch will resolve but we can't do this for every switch that loses power to one of the supplies. Thanks, Aaron. ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
[c-nsp] OSPF redist customer routes
Hi Guys, We currently run OSPF across our POPs - redistributing connected + static subnets. So, provision a customer tail, and all POPs know about the new subnetand also if we statically route an additional subnet to a customer, all other POP's are updated. Our issue is if we need to run OSPF to the customer(eg if they have redundant connections), and they require an additional subnet(So they advertise the additional subnet back to us via OSPF), the only POP that is aware of the advertised additional subnet is the one that has the OSPF session to the customer - All our other POP's dont see this advertisement as it is within a different OSPF process to our Internal OSPF process - Solution is to redistribute ospf process(customer) in our Internal OSPF...but we also have to use route-map/acl to ensure they dont potentially blackhole us(by advertising something back to us that they shouldnt)Is there a better way to be doing this? As having to redistribute customer ospf/controlling that redist with route-map/acl just doesnt seem like a good solution?(At the very least, it's terrible to manage) Thanks in advance for any suggestions. ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] OSPF redist customer routes
On 11/12/12 8:48 PM, CiscoNSP_list CiscoNSP_list wrote: Hi Guys, We currently run OSPF across our POPs - redistributing connected + static subnets. So, provision a customer tail, and all POPs know about the new subnetand also if we statically route an additional subnet to a customer, all other POP's are updated. Our issue is if we need to run OSPF to the customer(eg if they have redundant connections), and they require an additional subnet(So they advertise the additional subnet back to us via OSPF), the only POP that is aware of the advertised additional subnet is the one that has the OSPF session to the customer - All our other POP's dont see this advertisement as it is within a different OSPF process to our Internal OSPF process - Solution is to redistribute ospf process(customer) in our Internal OSPF...but we also have to use route-map/acl to ensure they dont potentially blackhole us(by advertising something back to us that they shouldnt)Is there a better way to be doing this? As having to redistribute customer ospf/controlling that redist with route-map/acl just doesnt seem like a good solution?(At the very least, it's terrible to manage) I would suggest migrating to iBGP for customer routes, redistributing connected and static into iBGP much like you do now for OSPF. You are going to run in to scalability problems with OSPF for customer routes. Keep OSPF for your infrastructure but not for customer routes. You really don't want your infrastructure routing process recalculating every time a customer serial link flaps or a customer has a power blip. Customers with redundant connections can use a private AS into iBGP or tracked floating statics redistributed. -- Jay Hennigan - CCIE #7880 - Network Engineering - j...@impulse.net Impulse Internet Service - http://www.impulse.net/ Your local telephone and internet company - 805 884-6323 - WB6RDV ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] OSPF redist customer routes
I would suggest migrating to iBGP for customer routes, redistributing connected and static into iBGP much like you do now for OSPF. You are going to run in to scalability problems with OSPF for customer routes. Keep OSPF for your infrastructure but not for customer routes. You really don't want your infrastructure routing process recalculating every time a customer serial link flaps or a customer has a power blip. Thanks Jay - We already run iBGP(Full mesh under VPNv4) across our POPs for vrf solutionshow best to migrate our customer routes from ospf-iBGP? (And how to separate our infrastructure IPs(Keep in OSPF)) Customers with redundant connections can use a private AS into iBGP or tracked floating statics redistributed. A lot of our customers CE's dont support BGP (Or require a license upgrade)...so we are stuck(to a degree) with having to support OSPF? Thanks for your suggestions ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/