Re: [c-nsp] cisco interface shutdown detection, how is possible?
Hi, I was wondering how Cisco routers could detect the directly connected interface at the other end is shutdown! there are two general possibility on my point of view: 1- the other device is sending special information before shutting down the interface. 2- there are some method of polling which is done periodically and based on the answer, the router detect the interface is up or no! Neither. The router just sees the power or light disappear on the interface... Sander ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] cisco interface shutdown detection, how is possible?
On (2013-01-05 15:14 +0330), h bagade wrote: I was wondering how Cisco routers could detect the directly connected interface at the other end is shutdown! If it is truly directly connected, it should go down in both ends at RTT/2 delay. Maybe you've disabled autonegotiation which may break this? Interestingly enough, ethernet standard allows autonegotiation to send type of 'dying gasp' when operationally shutdown. I.e. far-end device could differentiate link-loss due to link-cut/HW issue and link-loss due to intentional shutdown of remote end. Someone I know checked specs of particular common broadcom chip and this feature is supported in HW. For some reason router vendors are not supporting it in software. I personally would love to see in syslog special line if we detected linkdown due to remote end shutdown. -- ++ytti ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] ASR-100x intro
On Sat, Jan 5, 2013 at 1:32 PM, Charles Sprickman sp...@bway.net wrote: We're doing lots of ethernet aggregation - both metro-e services and DSL/EoC (delivered over GigE, one vlan per customer, no PPPoe - straight bridging). The people on the other end of these circuits are all customers, we're not an enterprise with branch offices, so many features like IPSEC are totally useless at this point. We migrated to MX80 for IP/BGP customers aggregation. Main reason : Pricing and capability to handle 10-20G of customer without issue which costs a lot more in case of ASR 1K. MX80 sucks in terms of routing-engine performance, but for customers BGP sessions we simply are using bird route-servers to off load poor MX80 RE. You can probably also look at ASR 9001 - it's will be very very good box for ethernet aggregation and can handle a lot of traffic - much more than small ASR 1K. Do anyone have experiences with performance of ASR 9001 CPU (BGP convergence etc) as it's PPC based not Intel Xeon like big ASR 9K. Rob ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] ASR-100x intro
On Sat, 5 Jan 2013, Charles Sprickman wrote: We're tentatively shopping around, and I'm looking for that sort of information on the ASR lineup. The 1002 and 1002-X look very interesting on paper, but I'm not finding much about what folks in a small service provider role have to say about them. We're at the point where everything is ethernet now, so our 7206 with an NPE-G2 is feeling pretty silly. Some of the ASR stuff seems to be in the used channel already, which is nice (I'd rather have two used than one new, FWIW). For an ethernet-only operation, the 6500/sup720-3bxl delivers considerable packet forwarding/$ (lots of parts in the used channel). Its biggest weaknesses would likely be netflow (having to do sampled if you're doing hundreds of mbit/s or more) and the question of what cisco chooses to do hardware-wise with tcam on future supervisors. The 3bxl is limited to 1M ipv4 routes or (N ipv4 + (1M-N)/2 ipv6) N100 routes. Even the Sup2T-XL hasn't increased this limitation. If they choose not to address this in the next couple of years, the 6500 will become unsuitable for use where full BGP routing is necessary. They might choose to do this to force orgs using the 6500 as routers to buy ASRs (or Juniper gear)...or maybe the next Sup will support a few million FIB TCAM slots. L3 Forwarding Resources FIB TCAM usage: TotalUsed %Used 72 bits (IPv4, MPLS, EoM) 622592 434995 70% 144 bits (IP mcast, IPv6) 212992 11744 6% I may have to adjust the ipv4/ipv6 split [again] (which unfortunately requires a reboot), to squeeze a little more IPv4 capacity out of it assuming v6 growth continues slowly. -- Jon Lewis, MCP :) | I route Senior Network Engineer | therefore you are Atlantic Net| _ http://www.lewis.org/~jlewis/pgp for PGP public key_ ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] ASR-100x intro
On Jan 5, 2013, at 6:54 AM, Robert Hass wrote: On Sat, Jan 5, 2013 at 12:09 PM, Charles Sprickman sp...@bway.net wrote: We're tentatively shopping around, and I'm looking for that sort of information on the ASR lineup. The 1002 and 1002-X look very interesting on paper, but I'm not finding much about what folks in a small service provider role have to say about them. We're at the point where everything is ethernet now, so our 7206 with an NPE-G2 is feeling pretty silly. Some of the ASR stuff seems to be in the used channel already, which is nice (I'd rather have two used than one new, FWIW). Look also at ASR 1001 not only 1002/1002-X. ASR 1k is very good platform but quite expensive if you need to pass a lot of traffic. What features you're using ? BRAS ? IPESC ? MPLS PE ? ISP PE ? NHRP ? Right now and for the foreseeable future we don't need anything fancy, with one exception, which I'll save for last. We're doing lots of ethernet aggregation - both metro-e services and DSL/EoC (delivered over GigE, one vlan per customer, no PPPoe - straight bridging). The people on the other end of these circuits are all customers, we're not an enterprise with branch offices, so many features like IPSEC are totally useless at this point. On the core side (we are really too small to think about having core vs. edge gear) we will likely never go beyond 3 transit providers with full BGP feeds, and as our traffic ramps up some more, there are probably a handful of private peering opportunities. IPv6 support is a necessity. The one area where I would like to be more high touch is in traffic shaping and QoS. Often times we'll have a metro-ethernet customer who wants 50Mb/s and our metro-e provider can only provide an unthrottled 100Mb/s connection. The brute-force shaping I can do on the NPE-G2 is not very nice, and it tends to kill VoIP. Customers tend to balk at installing any substantial CPE that could do shaping on their end. Any gear that offered a drop-dead easy way of saying cap traffic on this vlan to X Mb/s but reserve and prioritize Y Mb/s for VoIP would add serious value. How exactly one would accomplish that for customer-bound traffic where you don't know if DSCP values have been stripped upstream, well that's tough, although our VoIP provider has offered to setup a private peering connection, so being able to prioritize anything headed to or from their port would be nice. All I know is that every time we've lurched towards just being a dumb pipe, there's always one or two customers where we'd have a sale if we could accommodate their scenario where they need a more high-touch solution. Thanks, Charles Rob ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] ASR-100x intro
On Sat, Jan 5, 2013 at 2:17 PM, Jon Lewis jle...@lewis.org wrote: For an ethernet-only operation, the 6500/sup720-3bxl delivers considerable packet forwarding/$ (lots of parts in the used channel). Its biggest weaknesses would likely be netflow (having to do sampled if you're doing You can add weaknesses in QoS area. No HQoS on LAN cards. Rob ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] ASR-100x intro
On 05/01/2013 13:17, Jon Lewis wrote: Even the Sup2T-XL hasn't increased this limitation. arguably, it's exacerbated the problem of upgrading - the sup2t native line cards use distributed forwarding while the older cards use centralised forwarding. So when it comes time to upgrade due to tcam limitations, you need to upgrade components on all the line cards too = much more expensive. I'm not complaining about this - it's just the cost of higher performance networking. But it is an issue that needs to be understood. Nick ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] ASR-100x intro
On Jan 5, 2013, at 3:38 PM, Robert Hass robh...@gmail.com wrote: On Sat, Jan 5, 2013 at 2:17 PM, Jon Lewis jle...@lewis.org wrote: For an ethernet-only operation, the 6500/sup720-3bxl delivers considerable packet forwarding/$ (lots of parts in the used channel). Its biggest weaknesses would likely be netflow (having to do sampled if you're doing You can add weaknesses in QoS area. No HQoS on LAN cards. 6500 is LAN/DC services switch, there's no need for HQoS in that scenario usually. MX80 is a router and doesn't offer HQoS, which is a worse problem. With Sup2T in 6500 you can pack a pretty good QoS capabilities, it lifts the uRPF restrictions of previous generations, and adds Flexible NetFlow along with good scalability for ACLs and NetFlow cache to the portfolio of tools you can use. It also offers truly routed approach to dealing with VLANs, as you have BDs and LFIs to flexibly map/remap VLANs, and terminate L3 where do you want. For scenarios where ASR1k doesn't scale for price/performance reasons, use ASR9001. -- There's no sense in being precise when | Łukasz Bromirski you don't know what you're talking | jid:lbromir...@jabber.org about. John von Neumann |http://lukasz.bromirski.net ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] ASR-100x intro
Lukasz, Modular MX80 (and smaller brothersX5/10/40) does offer 3 levels of hqos with full shaping, priority propagation, CIR/PIR (only PIR at IF level) and a lot of other features. Also ingress shaping si supported. As I work for Juniper, I have no direct experience with ASRs just wanted to point out MX 80 does supporto hqos. My 2 cents. Max Il giorno 05/gen/2013 19:15, Lukasz Bromirski luk...@bromirski.net ha scritto: On Jan 5, 2013, at 3:38 PM, Robert Hass robh...@gmail.com wrote: On Sat, Jan 5, 2013 at 2:17 PM, Jon Lewis jle...@lewis.org wrote: For an ethernet-only operation, the 6500/sup720-3bxl delivers considerable packet forwarding/$ (lots of parts in the used channel). Its biggest weaknesses would likely be netflow (having to do sampled if you're doing You can add weaknesses in QoS area. No HQoS on LAN cards. 6500 is LAN/DC services switch, there's no need for HQoS in that scenario usually. MX80 is a router and doesn't offer HQoS, which is a worse problem. With Sup2T in 6500 you can pack a pretty good QoS capabilities, it lifts the uRPF restrictions of previous generations, and adds Flexible NetFlow along with good scalability for ACLs and NetFlow cache to the portfolio of tools you can use. It also offers truly routed approach to dealing with VLANs, as you have BDs and LFIs to flexibly map/remap VLANs, and terminate L3 where do you want. For scenarios where ASR1k doesn't scale for price/performance reasons, use ASR9001. -- There's no sense in being precise when | Łukasz Bromirski you don't know what you're talking | jid:lbromir...@jabber.org about. John von Neumann |http://lukasz.bromirski.net ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/ ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] Power Supply 2 ouput has dropped
On Sat, 5 Jan 2013, Farooq Razzaque wrote: As you can see from the errors that it is showing 'AC low' (sh environment switch 1 status power-supply 2) when the power is dropped to 26721.20W and after sometime the power is adjusting back to desired Watts (5771.64W) and showing 'AC High'. I m getting these errors very frequently with the time differene of seconds. As per your below comments, you mean to say that one input of power supply 2 is being affected when the below error (Power supply 2 input has changed. Power capacity adjusted to 2671.20W) is generated and when this input gets the desired power then the system shows the messages (Power supply 2 input has changed. Power capacity adjusted to 5771.64W). Am i write.. There are three possibilities that I see: 1. A software bug could cause the error condition you mentioned. I haven't looked through Cisco's bug search tool to find a matching bug, but it is possible. 2. The power supply is malfunctioning and needs to be replaced. 3. There is an electrical problem that is affecting one of the circuits that is feeding power to your switch. If you have a spare power supply, try replacing the power supply that is reporting the errors, since that would be the least impact to your users. If the errors go away, you know you have a bad power supply. If you have a support contract with Cisco that allows for hardware replacement, you can open a case with the TAC and have them send you a replacement power supply. If Cisco doesn't feel the power supply itself is bad, then a software bug could be the culprit. The TAC could recommend a new IOS version if there is a bug, and the bug has been fixed. If so, it's also possible, but probably less likely that you lost one of the two hot legs on the affected input Can you please re-explain the below as i could not understand . A leg is a conductor (wire, etc) that carries electrical current. In the United States and Canada, a 3-wire circuit capable of carrying the 208 or 240 volts needed to energize a 6,000 watt AC power supply would have two legs, and a ground connection. I made the statement above assuming that you are located in the the United States or Canada. If you are in another country, their power delivery could operate differently (different frequency, voltages for 'end user' equipment, maximum allowed current draw, how and where systems are grounded (or earthed) etc), and my original statement might not apply. In any event, you would be best advised to refer any electrical testing to a qualified electrician, for safety reasons. What does hot legs means. Is it the power cords that plugs into the two input connections of power supply. Do we need to turn off the power supply 2 and take out the two power cords from the power supply for the below testing. See above for my definition of a 'leg'. You would need to unplug the power cords to do this testing. The purpose of the testing would be to verify that both of the circuits that feeding the inputs on the power supply are providing the correct voltage on each leg. If they are not, your power supply will not be able to operate at its maximum capacity. If you have a voltage tester (or an electrician who has one) you can test if you're getting ~120V from each of the hot legs to ground, and ~208/240V from leg to leg. If you are, and you're testing from the inlet at the end of the cord that plugs into the power supply, then the circuit and cord are good, and you'll likely need to replace the power supply. Also please can you let me know what does (It turned out that one input on the power supply had gone bad) means ... In the case I mentioned in my original post (see below), I had a 6000 watt power supply with a configuration similar to yours. I tested both of the circuits that provided power to the unit, and they were operating correctly. I then replaced the power supply with another one that I had on hand, and the problem went away, so in my case, the power supply was bad. I've seen this before, with a 6000 watt AC power supply in a 6509. It turned out that one input on the power supply had gone bad. Can we check with the command that which input out of the 2 input of power supply is having issue .. I don't think any of the CLI commands will tell you which input is having the problem, but the lights on the front of the power supply will. If an INPUT light is brightly lit, it should be receiving power at the right voltage. If the light is dimly lit, it is receiving less power than is needed. jms ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] cisco interface shutdown detection, how is possible?
On 1/5/13 3:44 AM, h bagade wrote: Hi all, I was wondering how Cisco routers could detect the directly connected interface at the other end is shutdown! there are two general possibility on my point of view: 1- the other device is sending special information before shutting down the interface. 2- there are some method of polling which is done periodically and based on the answer, the router detect the interface is up or no! Some of this depends on the layer 2 protocol (Ethernet vs. DS-3 for example) but in most cases there isn't any detectable difference between the remote end being administratively shut down and a failure of the interconnecting medium. The exception is that in some metro ethernet scenarios you can use OAM to capture dying-gasp, error disable, or shutdown events. It isn't a periodic poll, but rather like a one-time Going down now!, your scenario 1. As Cisco router is not able to detect the interface shutdown on the other side when connected to some other device, not Cisco like unix systems, it seems, it has some sort of protocol for detection which is number 2 of above guesses! The router will absolutely detect the lack of line protocol and carrier and flag the link as down but this would be the case whether the remote side is administratively shut down or the cable is just unplugged. could you please help me on this? Or provide me a scenario witch I could find out if any packet is transmitted between Cisco routers to inform the interface shutdown! See: http://www.cisco.com/en/US/docs/switches/metro/me3400/software/release/12.2_46_se/configuration/guide/swoam.pdf -- Jay Hennigan - CCIE #7880 - Network Engineering - j...@impulse.net Impulse Internet Service - http://www.impulse.net/ Your local telephone and internet company - 805 884-6323 - WB6RDV ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] ASR-100x intro
6500 is LAN/DC services switch, there's no need for HQoS in that scenario usually. MX80 is a router and doesn't offer HQoS, which is a worse problem. With Sup2T in 6500 you can pack a pretty good QoS capabilities, it lifts the uRPF restrictions of previous generations, Lukasz, MX80 has HQoS but on MIC ports (not on chassis ports). I don't know how much MX80 you deployed but we have 10+ running and don't regret switching to multivendor network (6500+7600+MX80+MX240). Rob ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] ASR-100x intro
You sound like a similar situation to us. We purchased an ASR1001 in August 2012 and have been extremely happy with it. Advice from my experience: * You can buy them in bundles which are considerably cheaper than buying a base ASR1001 and adding all the licensing, so we purchased the broadband bundle which included a 4000 subscriber license (for ISG/BRAS features). We upgraded it from the base 4GB to 8GB of RAM as we needed to be able to hold a couple of BGP feeds. The ASR1001 ships with 2.5G throughput and you can upgrade it to 5G throughput if/when required. * Re your question about the new IOS - it's essentially identical to the standard IOS. The only difference is the ASR runs linux and IOS runs as a daemon on linux. All the functions are the same except a few features for service providers that exclusively run on IOS XE as opposed to standard IOS. I have learnt not to bother with implementing IOS redundancy on the ASR1001 - it is possible to configure it so two copies of IOS are running at once and you can upgrade your standby IOS to a newer version, reload that then cutover to the upgraded IOS with a few milliseconds interruption. The downside is it gulps up half your RAM which you need for multiple BGP tables. Further on the above point, we've had IOS crash once due to an SSH bug, it reboots very quickly as it's a daemon so there is no waiting for normal hardware boot up. All we noticed was a 30 second interruption and by the time I was looking into what was going on, everything was back again. Needless to say that bug has been logged. * Re total cost, for our bundle we paid approx. $25k USD, plus approx. $8k per annum USD for 24x7x2 on-site. We spent a lot of time thinking about whether to buy two ASR's and 8x5xNBD support or a single ASR with 24x7x2. Knowing where the Cisco parts in our city are, we decided we could afford to wait 2 hours in a worst case scenario. * Your query on QoS/shaping - it's pretty easy using either rate-limit directly on the sub interface pointing towards the customer, or via policy maps. You can do exactly what you describe for cap traffic on this vlan to X Mb/s but reserve and prioritize Y Mb/s for VoIP with a policy map. You'd create two class maps, one that classifies the VoIP traffic (by ACL, listing the IP's of your SIP SBC's), priority xMbit, then dump the rest in a non-prioritised queue. * IPv6 all works fine, our customers are all dual stacked. * If you aren't using PPPoE, the ASR can authenticate based on VLAN, so even your MetroE customers can still be authenticated. I know lots of providers just configure the a /30 and a rate-limit and leave the customer to it - we authenticate still based on the port so that we can hook in with our billing platform easily. One scenario we've implemented with our ASR (using ISG) is when a customer's account goes overdue, they get an email giving them 5 days notice. After 5 days their HTTP/HTTPS traffic is automatically redirected to a payment page and upon processing a credit card payment their internet access is back on immediately. We went with this scenario as it doesn't break their VoIP (which bad debtors use as an excuse - If I can't call emergency services, you can't cut me off!). * Having the ISG (on ASR) has been invaluable to us. Another solution we've implemented is DNS redirection for IPv4 and IPv6. Customers configuring Open DNS/Google DNS started to become a real headache as it completely ruins the performance of anything on CDN e.g. We'd see someone configure Open DNS then call us complaining that Apple Update/Windows Update is slow because their Akamai traffic was now coming out of Japan (we're in New Zealand). So using ISG we transparently redirect all DNS queries to our DNS resolvers. Customers can still use Open DNS/Google DNS and it works, but all the responses come from our DNS servers. We haven't had a single support call regarding CDN issues since. Bottom line for us is the ASR is a swiss army knife that I haven't gotten close to digesting all the documentation to see what else we can do with it. Thanks, -Scott -- On 6/01/13 1:32 AM, Charles Sprickman sp...@bway.net wrote: On Jan 5, 2013, at 6:54 AM, Robert Hass wrote: On Sat, Jan 5, 2013 at 12:09 PM, Charles Sprickman sp...@bway.net wrote: We're tentatively shopping around, and I'm looking for that sort of information on the ASR lineup. The 1002 and 1002-X look very interesting on paper, but I'm not finding much about what folks in a small service provider role have to say about them. We're at the point where everything is ethernet now, so our 7206 with an NPE-G2 is feeling pretty silly. Some of the ASR stuff seems to be in the used channel already, which is nice (I'd rather have two used than one new, FWIW). Right now and for the foreseeable future we don't need anything fancy, with one exception, which I'll save for last. We're doing lots of ethernet aggregation - both metro-e services and DSL/EoC
Re: [c-nsp] ASR-100x intro
* You can buy them in bundles which are considerably cheaper than buying a base ASR1001 and adding all the licensing, so we purchased the broadband bundle which included a 4000 subscriber license (for ISG/BRAS features). We upgraded it from the base 4GB to 8GB of RAM as we needed to be able to hold a couple of BGP feeds. The ASR1001 ships with 2.5G throughput and you can upgrade it to 5G throughput if/when required. Do I need to upgrade throughput to 5G to have 1M FIB instead of 512K ? Docs says: ESP2.5 - FIB 512K ESP5 - FIB 1M Rob ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
[c-nsp] l2vpn vpls w/bgp autodiscovery - me3600x to asr9k
This is my first time trying to get l2vpn vpls w/bgp autodiscovery to work.please help if you know a simply scenario config that you could share to make it work with ios xr on one side and me3600x ios vanilla on the other side. Trying to get it up between 3 PE nodes where I will run vpls between all 3. 2 are me3600's and 1 is asr9k. I would like the asr9k to be route-reflector. I tried and tried first just to get it up between asr9k and one me3600 first..initially l2vpn address family bgp neighbor session came up and stayed up.this was ONLY after putting in the bgp neighbor and AF configs under bgp. BUT, once I added some l2vpn, vfi stuff on asr9k OR l2 vfi xyz auto, vpn-id stuff on me3600, it all fell apart. It went through a few iterations of trying various things..during that time I saw several errors on either side.. Here are some of them incase they look familiar to you. Thanks, Aaron Config. Asr9k. router bgp 64512 bgp router-id 10.101.0.254 bgp cluster-id 10 address-family l2vpn vpls-vpws ! neighbor-group my-rr-clients remote-as 64512 update-source Loopback0 address-family l2vpn vpls-vpws route-reflector-client ! ! neighbor 10.101.12.251 use neighbor-group my-rr-clients ! neighbor 10.101.12.253 use neighbor-group my-rr-clients ! l2vpn bridge group mytestvpls bridge-domain mytestvpls vfi mytestvpls vpn-id 99 autodiscovery bgp rd 64512:99 route-target 88:99 signaling-protocol bgp ve-id 10 me3600.. router bgp 64512 bgp router-id 10.101.12.251 bgp log-neighbor-changes no bgp default ipv4-unicast neighbor 10.101.0.254 remote-as 64512 neighbor 10.101.0.254 update-source Loopback0 ! address-family ipv4 exit-address-family ! address-family l2vpn vpls neighbor 10.101.0.254 activate neighbor 10.101.0.254 send-community extended exit-address-family -ME3600-test# RP/0/RSP0/CPU0:-9k-test1#sh bgp l2vpn vpls neighbors 10.101.12.251 | be malform Sat Jan 5 15:50:02.948 CST Total malformed UPDATE 490 Last malformed UPDATE 00:00:11 Error subcode 10, attribute code 0, action reset session Malformed UPDATE: 88 bytes 00580200 4140 01010240 02008004 0400 00400504 0064 C0101000 02FC 6300 0AFC 6380 0E160019 41040A65 0CFB0060 FC00 0063 0A650CFB RP/0/RSP0/CPU0:Jan 5 15:12:49.069 : bgp[1047]: [iord]: Received OPEN from 10.101.12.251, version 4, holdtime 180 secs RP/0/RSP0/CPU0:Jan 5 15:12:49.069 : bgp[1047]: [iord]: OPEN from 10.101.12.251 has optional parameter type: 2 (Capability) len: 6 RP/0/RSP0/CPU0:Jan 5 15:12:49.069 : bgp[1047]: [iord]: OPEN from 10.101.12.251 has MULTIPROTOCOL_EXTENSION capability for afi/safi: 25/65 RP/0/RSP0/CPU0:Jan 5 15:12:49.069 : bgp[1047]: [iord]: OPEN from 10.101.12.251 has optional parameter type: 2 (Capability) len: 2 RP/0/RSP0/CPU0:Jan 5 15:12:49.070 : bgp[1047]: [iord]: OPEN from 10.101.12.251 has ROUTE-REFRESH capability(old) for all address-families RP/0/RSP0/CPU0:Jan 5 15:12:49.070 : bgp[1047]: [iord]: OPEN from 10.101.12.251 has optional parameter type: 2 (Capability) len: 2 RP/0/RSP0/CPU0:Jan 5 15:12:49.070 : bgp[1047]: [iord]: OPEN from 10.101.12.251 has ROUTE-REFRESH capability for all address-families RP/0/RSP0/CPU0:Jan 5 15:12:49.070 : bgp[1047]: [iord]: OPEN from 10.101.12.251 has optional parameter type: 2 (Capability) len: 2 RP/0/RSP0/CPU0:Jan 5 15:12:49.070 : bgp[1047]: [iord]: OPEN from 10.101.12.251 has unrecognized capability code: 70, length 0 (ignored) RP/0/RSP0/CPU0:Jan 5 15:12:49.070 : bgp[1047]: [iord]: OPEN from 10.101.12.251 has optional parameter type: 2 (Capability) len: 6 RP/0/RSP0/CPU0:Jan 5 15:12:49.070 : bgp[1047]: [iord]: OPEN from 10.101.12.251 has 4-byte AS capability with AS 64512 RP/0/RSP0/CPU0:Jan 5 15:12:49.071 : bgp[1047]: [iord]: bgp_io_read_schedule_updgrp: NO updgrp scheduled after Open processing: nbr=10.101.12.251, nbrfl=0x08314000 RP/0/RSP0/CPU0:Jan 5 15:12:49.071 : bgp[1047]: [iord]: 10.101.12.251 went from Connect to OpenSent RP/0/RSP0/CPU0:Jan 5 15:12:49.071 : bgp[1047]: [iord]: Sending OPEN to 10.101.12.251, version 4, my as: 64512, holdtime 180 seconds RP/0/RSP0/CPU0:Jan 5 15:12:49.071 : bgp[1047]: [iord]: 10.101.12.251 went from OpenSent to OpenConfirm RP/0/RSP0/CPU0:Jan 5 15:12:49.072 : bgp[1047]: [iowt]: 10.101.12.251 send message type 1, length (incl. header) 53 RP/0/RSP0/CPU0:Jan 5 15:12:49.072 : bgp[1047]: [iowt]: Send message dump for 10.101.12.251: RP/0/RSP0/CPU0:Jan 5 15:12:49.072 : bgp[1047]: [iowt]: RP/0/RSP0/CPU0:Jan 5 15:12:49.072 : bgp[1047]: [iowt]: 0035 0104 fc00 00b4 0a65 00fe 1802 0601 RP/0/RSP0/CPU0:Jan 5 15:12:49.072 : bgp[1047]: [iowt]: 0400 1900 4102 0280 0002 0202 0002 0641 RP/0/RSP0/CPU0:Jan 5 15:12:49.072 : bgp[1047]: [iowt]: 0400 00fc 00 RP/0/RSP0/CPU0:Jan 5 15:12:49.073
[c-nsp] Memory upgrade for ASR1001 - 3rd party
I want extend ASR1001 memory to 8GB or best 16GB but at low possible cost - so 3rd party modules ;) I'm looking for tested part-numbers/vendors for memory chips in ASR 1001. Thanks Rob ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] ASR-100x intro
Hmm, perhaps I was incorrect - the old ESP2.5 appears to have been made End of Sale since July 2012. I just checked our ASR and it's showing 5G throughput. #show platform hardware throughput level The current throughput level is 500 kb/s We ordered in June but it didn't ship until August so that'd make sense. -Scott On 6/01/13 11:05 AM, Robert Hass robh...@gmail.com wrote: The ASR1001 ships with 2.5G throughput and you can upgrade it to 5G throughput if/when required. Do I need to upgrade throughput to 5G to have 1M FIB instead of 512K ? Docs says: ESP2.5 - FIB 512K ESP5 - FIB 1M ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] l2vpn vpls w/bgp autodiscovery - me3600x to asr9k
I think you need to add the prefix-length-size 2 command when doing VPLS
Autodiscovery between IOS and XR boxes.
http://www.cisco.com/en/US/docs/ios/iproute_bgp/command/reference/irg_bgp4.html#wp1154099
Try that and see if it help.
On Sat, Jan 5, 2013 at 5:50 PM, Aaron aar...@gvtc.com wrote:
This is my first time trying to get l2vpn vpls w/bgp autodiscovery to
work.please help if you know a simply scenario config that you could share
to make it work with ios xr on one side and me3600x ios vanilla on the
other
side.
Trying to get it up between 3 PE nodes where I will run vpls between all 3.
2 are me3600's and 1 is asr9k. I would like the asr9k to be
route-reflector.
I tried and tried first just to get it up between asr9k and one me3600
first..initially l2vpn address family bgp neighbor session came up and
stayed up.this was ONLY after putting in the bgp neighbor and AF configs
under bgp.
BUT, once I added some l2vpn, vfi stuff on asr9k OR l2 vfi xyz auto, vpn-id
stuff on me3600, it all fell apart.
It went through a few iterations of trying various things..during that time
I saw several errors on either side.. Here are some of them incase they
look
familiar to you.
Thanks, Aaron
Config.
Asr9k.
router bgp 64512
bgp router-id 10.101.0.254
bgp cluster-id 10
address-family l2vpn vpls-vpws
!
neighbor-group my-rr-clients
remote-as 64512
update-source Loopback0
address-family l2vpn vpls-vpws
route-reflector-client
!
!
neighbor 10.101.12.251
use neighbor-group my-rr-clients
!
neighbor 10.101.12.253
use neighbor-group my-rr-clients
!
l2vpn
bridge group mytestvpls
bridge-domain mytestvpls
vfi mytestvpls
vpn-id 99
autodiscovery bgp
rd 64512:99
route-target 88:99
signaling-protocol bgp
ve-id 10
me3600..
router bgp 64512
bgp router-id 10.101.12.251
bgp log-neighbor-changes
no bgp default ipv4-unicast
neighbor 10.101.0.254 remote-as 64512
neighbor 10.101.0.254 update-source Loopback0
!
address-family ipv4
exit-address-family
!
address-family l2vpn vpls
neighbor 10.101.0.254 activate
neighbor 10.101.0.254 send-community extended
exit-address-family
-ME3600-test#
RP/0/RSP0/CPU0:-9k-test1#sh bgp l2vpn vpls neighbors 10.101.12.251 | be
malform
Sat Jan 5 15:50:02.948 CST
Total malformed UPDATE 490
Last malformed UPDATE 00:00:11
Error subcode 10, attribute code 0, action reset session
Malformed UPDATE: 88 bytes
00580200 4140 01010240 02008004
0400 00400504 0064 C0101000
02FC 6300 0AFC 6380
0E160019 41040A65 0CFB0060 FC00
0063 0A650CFB
RP/0/RSP0/CPU0:Jan 5 15:12:49.069 : bgp[1047]: [iord]: Received OPEN from
10.101.12.251, version 4, holdtime 180 secs
RP/0/RSP0/CPU0:Jan 5 15:12:49.069 : bgp[1047]: [iord]: OPEN from
10.101.12.251 has optional parameter type: 2 (Capability) len: 6
RP/0/RSP0/CPU0:Jan 5 15:12:49.069 : bgp[1047]: [iord]: OPEN from
10.101.12.251 has MULTIPROTOCOL_EXTENSION capability for afi/safi: 25/65
RP/0/RSP0/CPU0:Jan 5 15:12:49.069 : bgp[1047]: [iord]: OPEN from
10.101.12.251 has optional parameter type: 2 (Capability) len: 2
RP/0/RSP0/CPU0:Jan 5 15:12:49.070 : bgp[1047]: [iord]: OPEN from
10.101.12.251 has ROUTE-REFRESH capability(old) for all address-families
RP/0/RSP0/CPU0:Jan 5 15:12:49.070 : bgp[1047]: [iord]: OPEN from
10.101.12.251 has optional parameter type: 2 (Capability) len: 2
RP/0/RSP0/CPU0:Jan 5 15:12:49.070 : bgp[1047]: [iord]: OPEN from
10.101.12.251 has ROUTE-REFRESH capability for all address-families
RP/0/RSP0/CPU0:Jan 5 15:12:49.070 : bgp[1047]: [iord]: OPEN from
10.101.12.251 has optional parameter type: 2 (Capability) len: 2
RP/0/RSP0/CPU0:Jan 5 15:12:49.070 : bgp[1047]: [iord]: OPEN from
10.101.12.251 has unrecognized capability code: 70, length 0 (ignored)
RP/0/RSP0/CPU0:Jan 5 15:12:49.070 : bgp[1047]: [iord]: OPEN from
10.101.12.251 has optional parameter type: 2 (Capability) len: 6
RP/0/RSP0/CPU0:Jan 5 15:12:49.070 : bgp[1047]: [iord]: OPEN from
10.101.12.251 has 4-byte AS capability with AS 64512
RP/0/RSP0/CPU0:Jan 5 15:12:49.071 : bgp[1047]: [iord]:
bgp_io_read_schedule_updgrp: NO updgrp scheduled after Open processing:
nbr=10.101.12.251, nbrfl=0x08314000
RP/0/RSP0/CPU0:Jan 5 15:12:49.071 : bgp[1047]: [iord]: 10.101.12.251 went
from Connect to OpenSent
RP/0/RSP0/CPU0:Jan 5 15:12:49.071 : bgp[1047]: [iord]: Sending OPEN to
10.101.12.251, version 4, my as: 64512, holdtime 180 seconds
RP/0/RSP0/CPU0:Jan 5 15:12:49.071 : bgp[1047]: [iord]: 10.101.12.251 went
from OpenSent to OpenConfirm
RP/0/RSP0/CPU0:Jan 5 15:12:49.072 : bgp[1047]: [iowt]: 10.101.12.251 send
message type 1, length (incl. header) 53
RP/0/RSP0/CPU0:Jan 5 15:12:49.072 : bgp[1047]: [iowt]: Send message dump
for 10.101.12.251:
Re: [c-nsp] l2vpn vpls w/bgp autodiscovery - me3600x to asr9k
You're right on that Pete. Thanks, I just got that seconds before you told me from a link I was reading. That stabilized neighbor session, now I'm trying to get ce's to see each other. They aren't currently. On me3600 I'm seeing. unkn Invalid Segment sv-b-ME3600-test#sh xcon all Legend:XC ST=Xconnect State S1=Segment1 State S2=Segment2 State UP=Up DN=DownAD=Admin Down IA=Inactive SB=Standby HS=Hot Standby RV=Recovering NH=No Hardware XC ST Segment 1 S1 Segment 2 S2 --+-+--+ -+-- UP pri ac Vl100:100(Eth VLAN) UP vfi vpls1 UP -- pri vfi vpls1UP unkn Invalid Segment -- UP pri bd 100 UP vfi vpls1 UP .and no prefix rcv'd. sv-b-ME3600-test#sh bgp l2v vpl al su | be Neighb NeighborV AS MsgRcvd MsgSent TblVer InQ OutQ Up/Down State/PfxRcd 10.101.0.254464512 33 37200 00:29:00 0 ..on 9k I see prefix rcv'd. RP/0/RSP0/CPU0:sv-b-9k-test1#sh bgp l2 vpls su | be Nei Sat Jan 5 21:59:20.848 CST NeighborSpkAS MsgRcvd MsgSent TblVer InQ OutQ Up/Down St/PfxRcd 10.101.12.251 0 6451223821793600 00:29:30 1 RP/0/RSP0/CPU0:sv-b-9k-test1#sh bgp l2 vpls Sat Jan 5 21:59:42.536 CST BGP router identifier 10.101.0.254, local AS number 64512 BGP generic scan interval 60 secs BGP table state: Active Table ID: 0x0 RD version: 3889240856 BGP main routing table version 6 BGP scan interval 60 secs Status codes: s suppressed, d damped, h history, * valid, best i - internal, r RIB-failure, S stale Origin codes: i - IGP, e - EGP, ? - incomplete NetworkNext HopRcvd Label Local Label Route Distinguisher: 64512:100 *i10.101.12.251/32 10.101.12.251 nolabel nolabel Route Distinguisher: 10.101.0.254:32768 (default for vrf gr1:bd1) * 10:10/32 0.0.0.0 nolabel 16180 Aaron From: Pete Lumbis [mailto:alum...@gmail.com] Sent: Saturday, January 05, 2013 9:38 PM To: Aaron Cc: cisco-nsp@puck.nether.net Subject: Re: [c-nsp] l2vpn vpls w/bgp autodiscovery - me3600x to asr9k I think you need to add the prefix-length-size 2 command when doing VPLS Autodiscovery between IOS and XR boxes. http://www.cisco.com/en/US/docs/ios/iproute_bgp/command/reference/irg_bgp4.h tml#wp1154099 Try that and see if it help. On Sat, Jan 5, 2013 at 5:50 PM, Aaron aar...@gvtc.com wrote: This is my first time trying to get l2vpn vpls w/bgp autodiscovery to work.please help if you know a simply scenario config that you could share to make it work with ios xr on one side and me3600x ios vanilla on the other side. Trying to get it up between 3 PE nodes where I will run vpls between all 3. 2 are me3600's and 1 is asr9k. I would like the asr9k to be route-reflector. I tried and tried first just to get it up between asr9k and one me3600 first..initially l2vpn address family bgp neighbor session came up and stayed up.this was ONLY after putting in the bgp neighbor and AF configs under bgp. BUT, once I added some l2vpn, vfi stuff on asr9k OR l2 vfi xyz auto, vpn-id stuff on me3600, it all fell apart. It went through a few iterations of trying various things..during that time I saw several errors on either side.. Here are some of them incase they look familiar to you. Thanks, Aaron Config. Asr9k. router bgp 64512 bgp router-id 10.101.0.254 bgp cluster-id 10 address-family l2vpn vpls-vpws ! neighbor-group my-rr-clients remote-as 64512 update-source Loopback0 address-family l2vpn vpls-vpws route-reflector-client ! ! neighbor 10.101.12.251 use neighbor-group my-rr-clients ! neighbor 10.101.12.253 use neighbor-group my-rr-clients ! l2vpn bridge group mytestvpls bridge-domain mytestvpls vfi mytestvpls vpn-id 99 autodiscovery bgp rd 64512:99 route-target 88:99 signaling-protocol bgp ve-id 10 me3600.. router bgp 64512 bgp router-id 10.101.12.251 bgp log-neighbor-changes no bgp default ipv4-unicast neighbor 10.101.0.254 remote-as 64512 neighbor 10.101.0.254 update-source Loopback0 ! address-family ipv4 exit-address-family ! address-family l2vpn vpls neighbor 10.101.0.254 activate neighbor 10.101.0.254 send-community extended exit-address-family -ME3600-test# RP/0/RSP0/CPU0:-9k-test1#sh bgp l2vpn vpls neighbors 10.101.12.251 | be malform Sat Jan 5 15:50:02.948 CST Total malformed UPDATE 490 Last malformed UPDATE 00:00:11 Error subcode 10, attribute code 0, action reset session Malformed UPDATE: 88 bytes 00580200 4140 01010240 02008004 0400 00400504 0064 C0101000 02FC 6300 0AFC
Re: [c-nsp] l2vpn vpls w/bgp autodiscovery - me3600x to asr9k
Yahoo! I had to change asr9k to signaling-protocol ldp (as tshooting goes, I may had superfluous stuff in here by now, so I'll pear back some later and see what was really needed) l2vpn bridge group gr1 bridge-domain bd1 interface GigabitEthernet0/0/0/10.1 ! vfi vf1 vpn-id 100 autodiscovery bgp rd auto route-target 64512:100 signaling-protocol ldp ! ! Me3600 has l2 vfi vpls1 autodiscovery vpn id 100 rd 10.101.12.251:32768 route-target export 64512:100 route-target import 64512:100 Aaron -Original Message- From: cisco-nsp-boun...@puck.nether.net [mailto:cisco-nsp-boun...@puck.nether.net] On Behalf Of Aaron Sent: Saturday, January 05, 2013 9:59 PM To: 'Pete Lumbis' Cc: cisco-nsp@puck.nether.net Subject: Re: [c-nsp] l2vpn vpls w/bgp autodiscovery - me3600x to asr9k You're right on that Pete. Thanks, I just got that seconds before you told me from a link I was reading. That stabilized neighbor session, now I'm trying to get ce's to see each other. They aren't currently. On me3600 I'm seeing. unkn Invalid Segment sv-b-ME3600-test#sh xcon all Legend:XC ST=Xconnect State S1=Segment1 State S2=Segment2 State UP=Up DN=DownAD=Admin Down IA=Inactive SB=Standby HS=Hot Standby RV=Recovering NH=No Hardware XC ST Segment 1 S1 Segment 2 S2 --+-+--+ --+-+--+ -+-- UP pri ac Vl100:100(Eth VLAN) UP vfi vpls1 UP -- pri vfi vpls1UP unkn Invalid Segment -- UP pri bd 100 UP vfi vpls1 UP .and no prefix rcv'd. sv-b-ME3600-test#sh bgp l2v vpl al su | be Neighb NeighborV AS MsgRcvd MsgSent TblVer InQ OutQ Up/Down State/PfxRcd 10.101.0.254464512 33 37200 00:29:00 0 ..on 9k I see prefix rcv'd. RP/0/RSP0/CPU0:sv-b-9k-test1#sh bgp l2 vpls su | be Nei Sat Jan 5 21:59:20.848 CST NeighborSpkAS MsgRcvd MsgSent TblVer InQ OutQ Up/Down St/PfxRcd 10.101.12.251 0 6451223821793600 00:29:30 1 RP/0/RSP0/CPU0:sv-b-9k-test1#sh bgp l2 vpls Sat Jan 5 21:59:42.536 CST BGP router identifier 10.101.0.254, local AS number 64512 BGP generic scan interval 60 secs BGP table state: Active Table ID: 0x0 RD version: 3889240856 BGP main routing table version 6 BGP scan interval 60 secs Status codes: s suppressed, d damped, h history, * valid, best i - internal, r RIB-failure, S stale Origin codes: i - IGP, e - EGP, ? - incomplete NetworkNext HopRcvd Label Local Label Route Distinguisher: 64512:100 *i10.101.12.251/32 10.101.12.251 nolabel nolabel Route Distinguisher: 10.101.0.254:32768 (default for vrf gr1:bd1) * 10:10/32 0.0.0.0 nolabel 16180 Aaron From: Pete Lumbis [mailto:alum...@gmail.com] Sent: Saturday, January 05, 2013 9:38 PM To: Aaron Cc: cisco-nsp@puck.nether.net Subject: Re: [c-nsp] l2vpn vpls w/bgp autodiscovery - me3600x to asr9k I think you need to add the prefix-length-size 2 command when doing VPLS Autodiscovery between IOS and XR boxes. http://www.cisco.com/en/US/docs/ios/iproute_bgp/command/reference/irg_bgp4.h tml#wp1154099 Try that and see if it help. On Sat, Jan 5, 2013 at 5:50 PM, Aaron aar...@gvtc.com wrote: This is my first time trying to get l2vpn vpls w/bgp autodiscovery to work.please help if you know a simply scenario config that you could share to make it work with ios xr on one side and me3600x ios vanilla on the other side. Trying to get it up between 3 PE nodes where I will run vpls between all 3. 2 are me3600's and 1 is asr9k. I would like the asr9k to be route-reflector. I tried and tried first just to get it up between asr9k and one me3600 first..initially l2vpn address family bgp neighbor session came up and stayed up.this was ONLY after putting in the bgp neighbor and AF configs under bgp. BUT, once I added some l2vpn, vfi stuff on asr9k OR l2 vfi xyz auto, vpn-id stuff on me3600, it all fell apart. It went through a few iterations of trying various things..during that time I saw several errors on either side.. Here are some of them incase they look familiar to you. Thanks, Aaron Config. Asr9k. router bgp 64512 bgp router-id 10.101.0.254 bgp cluster-id 10 address-family l2vpn vpls-vpws ! neighbor-group my-rr-clients remote-as 64512 update-source Loopback0 address-family l2vpn vpls-vpws route-reflector-client ! ! neighbor 10.101.12.251 use neighbor-group my-rr-clients ! neighbor 10.101.12.253 use neighbor-group my-rr-clients ! l2vpn bridge group mytestvpls bridge-domain mytestvpls vfi mytestvpls vpn-id 99 autodiscovery bgp rd 64512:99
