Re: [c-nsp] BGP re-announcement question

2013-08-01 Thread Pete Templin 

On 8/1/13 12:08 PM, Arie Vayner (avayner) wrote:


I wrote that I am not sure your customer would always want you to
send traffic down their link because there are scenarios where
customers would buy backup links which they expect not to get traffic
on unless some other primary link goes down...

So making the firm assumption might be wrong in all cases, and this
is why the ability to control it (via communities as the easiest
option or calls to the NOS as a worst case scenario) is critical.


I've been on both sides of the fence, and I'd say the biggest wrinkle 
here is the impact of changing how one operates their network from 
"everything's the same" to "customer routes preferred".  That said, I've 
been the customer or consulted for the customer of networks that either 
didn't offer a community to lower local-pref, didn't offer a mechanism 
to get lower local-pref in subsequent transit networks, or both.  So 
although the customer might not always want it, there are plenty of 
networks out there that require it.


pt

___
cisco-nsp mailing list  cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/

[c-nsp] Do you have command show led status on FC card on CRS-1 16-slot?

2013-08-01 Thread PlaWanSai RMUTT CPE IX 
Hi all,
I saw the LED status of FC is turn off. Do you have command show led
status on FC card? Or solution to test that the FC card is still running. I
hope this fail in LED only.

Thank you very much.

___
cisco-nsp mailing list  cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/

[c-nsp] Fwd: SWO - Active to Standby then reboot back to active RSP

2013-08-01 Thread Ahmed Hilmy 
DHKC-R76-01#sh redundancy states

   my state = 13 -ACTIVE

 peer state = 8  -STANDBY HOT

   Mode = Duplex

   Unit = Primary

Unit ID = 5





Redundancy Mode (Operational) = sso

Redundancy Mode (Configured)  = sso

Redundancy State  = sso

-- Forwarded message --
From: Ahmed Hilmy 
Date: Fri, Aug 2, 2013 at 12:58 AM
Subject: SWO - Active to Standby then reboot back to active RSP
To: "cisco-nsp@puck.nether.net" 


Dear Friends,

We have faced an Switchover in our 7606 router for unknown reason.
SWO to standby than reboot back to active one.
Based on crash file:

Aug  1 21:45:13 UTC: %PFREDUN-SP-STDBY-6-ACTIVE: Initializing as ACTIVE
processor

Aug  1 21:45:13 UTC: %FABRIC-SP-STDBY-5-FABRIC_MODULE_ACTIVE: The Switch
Fabric Module in slot 5 became active.
Aug  1 21:45:14 UTC: %SYS-SP-STDBY-3-LOGGER_FLUSHED: System was paused for
00:00:00 to ensure console debugging output.

Aug  1 21:45:14 UTC: %OIR-SP-3-PWRCYCLE: Card in module 6, is being
power-cycled (Switchover)


Aug  1 21:46:48 UTC: %PFREDUN-SP-6-ACTIVE: Standby initializing for SSO mode
Aug  1 21:46:49 UTC: %SYS-SP-3-LOGGER_FLUSHED: System was paused for
00:00:00 to ensure console debugging output.

Aug  1 21:46:52 UTC: %PFINIT-SP-5-CONFIG_SYNC: Sync'ing the startup
configuration to the standby Router.
Aug  1 21:47:15 UTC: %FABRIC-SP-5-CLEAR_BLOCK: Clear block option is off
for the fabric in slot 6.
Aug  1 21:47:15 UTC: %FABRIC-SP-5-FABRIC_MODULE_BACKUP: The Switch Fabric
Module in slot 6 became standby
Aug  1 21:47:16 UTC: %DIAG-SP-6-RUN_MINIMUM: Module 6: Running Minimal
Diagnostics...
Aug  1 21:47:20 UTC: %DIAG-SP-6-DIAG_OK: Module 6: Passed Online Diagnostics
Aug  1 21:47:20 UTC: %OIR-SP-6-INSCARD: Card inserted in slot 6, interfaces
are now online
Aug  1 18:47:27.333: SP: SP detected RP/Draco rebooting, resetting SP

DHKC-R76-01#sh module
Mod Ports Card Type  Model  Serial
No.
--- - -- --
---
  1   24  CEF720 24 port 1000mb SFP  WS-X6724-SFP
JAF1205BFJM
  20  4-subslot SPA Interface Processor-200  7600-SIP-200
JAE12088TA8
  52  Route Switch Processor 720 (Active)RSP720-3C-GE
JAE12088VUP
  62  Route Switch Processor 720 (Hot)   RSP720-3C-GE
SAL1551Z508

Your help is appreciated.

Regards,
Ahmed
___
cisco-nsp mailing list  cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/

[c-nsp] SWO - Active to Standby then reboot back to active RSP

2013-08-01 Thread Ahmed Hilmy 
Dear Friends,

We have faced an Switchover in our 7606 router for unknown reason.
SWO to standby than reboot back to active one.
Based on crash file:

Aug  1 21:45:13 UTC: %PFREDUN-SP-STDBY-6-ACTIVE: Initializing as ACTIVE
processor

Aug  1 21:45:13 UTC: %FABRIC-SP-STDBY-5-FABRIC_MODULE_ACTIVE: The Switch
Fabric Module in slot 5 became active.
Aug  1 21:45:14 UTC: %SYS-SP-STDBY-3-LOGGER_FLUSHED: System was paused for
00:00:00 to ensure console debugging output.

Aug  1 21:45:14 UTC: %OIR-SP-3-PWRCYCLE: Card in module 6, is being
power-cycled (Switchover)


Aug  1 21:46:48 UTC: %PFREDUN-SP-6-ACTIVE: Standby initializing for SSO mode
Aug  1 21:46:49 UTC: %SYS-SP-3-LOGGER_FLUSHED: System was paused for
00:00:00 to ensure console debugging output.

Aug  1 21:46:52 UTC: %PFINIT-SP-5-CONFIG_SYNC: Sync'ing the startup
configuration to the standby Router.
Aug  1 21:47:15 UTC: %FABRIC-SP-5-CLEAR_BLOCK: Clear block option is off
for the fabric in slot 6.
Aug  1 21:47:15 UTC: %FABRIC-SP-5-FABRIC_MODULE_BACKUP: The Switch Fabric
Module in slot 6 became standby
Aug  1 21:47:16 UTC: %DIAG-SP-6-RUN_MINIMUM: Module 6: Running Minimal
Diagnostics...
Aug  1 21:47:20 UTC: %DIAG-SP-6-DIAG_OK: Module 6: Passed Online Diagnostics
Aug  1 21:47:20 UTC: %OIR-SP-6-INSCARD: Card inserted in slot 6, interfaces
are now online
Aug  1 18:47:27.333: SP: SP detected RP/Draco rebooting, resetting SP

DHKC-R76-01#sh module
Mod Ports Card Type  Model  Serial
No.
--- - -- --
---
  1   24  CEF720 24 port 1000mb SFP  WS-X6724-SFP
JAF1205BFJM
  20  4-subslot SPA Interface Processor-200  7600-SIP-200
JAE12088TA8
  52  Route Switch Processor 720 (Active)RSP720-3C-GE
JAE12088VUP
  62  Route Switch Processor 720 (Hot)   RSP720-3C-GE
SAL1551Z508

Your help is appreciated.

Regards,
Ahmed
___
cisco-nsp mailing list  cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/

[c-nsp] Help with VPLS on CRS

2013-08-01 Thread Herro91 
Hi,

I'm having trouble with VPLS on CRS' in my lab using plain old LDP, no
autodiscovery. The pseudowires come up and I am able to perform a
pseudowire ping across them. All show commands show that everything looks
right, but nothing gets forwarded over the pseudowire, except perhaps the
first 4 out of 5 packets, but it is not consistent.

One thing I noticed was the VC-type showed up as Ethernet, even if the AC
was a dot1q interface. When I tried to change the transport-mode command to
vlan, the config would not commit despite the odd error message stating -
this command was only available for VPLS.

I am running XR 4.2.1

Has anyone had a similar problems?


Thanks!
___
cisco-nsp mailing list  cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/

Re: [c-nsp] BGP re-announcement question

2013-08-01 Thread Arie Vayner (avayner) 
Pete,

I wrote that I am not sure your customer would always want you to send traffic 
down their link because there are scenarios where customers would buy backup 
links which they expect not to get traffic on unless some other primary link 
goes down...

So making the firm assumption might be wrong in all cases, and this is why the 
ability to control it (via communities as the easiest option or calls to the 
NOS as a worst case scenario) is critical.

I do agree that setting the local-pref for customers to higher than default is 
a good practice and should be implemented.

Arie

-Original Message-
From: cisco-nsp [mailto:cisco-nsp-boun...@puck.nether.net] On Behalf Of Pete 
Templin
Sent: Thursday, August 1, 2013 6:02 AM
To: Adam Greene
Cc: cisco-nsp@puck.nether.net
Subject: Re: [c-nsp] BGP re-announcement question

On 7/29/13 4:06 PM, Arie Vayner (avayner) wrote:
> The best route is through your upstream (I guess), so you are not 
> advertising it back... You could increase the local-pref for routes 
> you receive from your customers as compared to routes you receive from 
> your upstreams. In this way you would always prefer the local path to 
> your customer (not sure they would like you to do that...)

+1 on this.  They are your customer, so it's safe to presume that
they want you to carry their traffic (they send you a check every month in 
exchange for this service), and in turn you (might) send a check elsewhere to 
continue the process.  It's not an easy thing to roll out en masse, but I'd 
argue that it needs to be done.

I normally use 400 for customer routes, 300 for routes from peers (I've been 
known to use transit providers as peers; accept only their routes and their 
customer routes, and advertise out with no-export or their own 'peer' 
community), 200 for routes from transits.  One benefit is that an 
"unconfigured" router with LP=100 won't get any traffic, so it'll make the lack 
of proper configuration obvious.

As others suggested, a community to override this might be appreciated by your 
customers, if they have enough clue to use it. Be warned that since "everyone 
else" (or at least everyone else upstream of you) does this same sort of 
preference, so if they request a low LP in your network, they're going to want 
a low LP in subsequent networks until they get to the peered-only networks.

pt


___
cisco-nsp mailing list  cisco-nsp@puck.nether.net 
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/

___
cisco-nsp mailing list  cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/

Re: [c-nsp] VPLS between ME3600X and Brocade XMR

2013-08-01 Thread Jason Lixfeld 
ME3600s don't have this limitation.  You can do a routed pseudowire without 
issue (MPLS license activation notwithstanding).

On 2013-08-01, at 12:57 PM, Phil Bedard  wrote:

> I'm not well versed on the 3600x but some if the other platforms do not
> allow using a SVI as an MPLS upstream interface and could explain your
> forwarding table issue. You would need to use a sub interface instead
> of a SVI. Which I would advise doing anyways if it is p2p between two
> devices.
> 
> Phil From: Darren O'Connor
> Sent: 8/1/2013 12:23
> To: cisco-nsp@puck.nether.net
> Subject: [c-nsp] VPLS between ME3600X and Brocade XMR
> Hi all.
> 
> I'm trying to get a working VPLS between a ME3600X and a Brocade
> Netiron. I've gone through a load of different configs but I keep
> winding up in the same error at the end:
> 
> ME3600X#sh mpls l2transport vc detail
> Local interface: VFI DARREN-TESTING vfi up
>  Interworking type is Ethernet
>  Destination address: 217.196.224.61, VC ID: 3200, VC status: down
>Last error: MPLS dataplane reported a fault to the nexthop
> 
> I've checked the dataplane to ensure my MTUs/labels/etc are all fine
> and I can't see anything standing out.
> 
> This is my IOS config:
> l2 vfi DARREN-TESTING manual TESTLAB
> vpn id 3200
> bridge-domain 150
> neighbor 192.168.224.61 encapsulation mpls
> !
> interface Tunnel0
> description par2.lem1
> ip unnumbered Loopback0
> tunnel mode mpls traffic-eng
> tunnel destination 192.168.224.61
> tunnel mpls traffic-eng path-option 5 explicit name TO-PAR2.LEM1 verbatim
> !
> interface GigabitEthernet0/1
> description Link to Switch
> switchport trunk allowed vlan none
> switchport mode trunk
> mtu 9800
> service instance 1 ethernet TESTLAB
>  description SRX1
>  encapsulation dot1q 2000
>  rewrite ingress tag pop 1 symmetric
>  bridge-domain 150
> !
> interface GigabitEthernet0/22
> switchport trunk allowed vlan 2
> switchport mode trunk
> mtu 9800
> !
> interface Vlan2
> description MPLS INTERFACE
> mtu 3200
> ip address 192.168.31.23 255.255.255.254
> ip ospf network point-to-point
> ip ospf 1 area 0
> mpls traffic-eng tunnels
> !
> interface Vlan150
> mtu 3000
> no ip address
> xconnect vfi DARREN-TESTING
> 
> 
> The Netiron config is like so:
> vpls DARREN-TESTING 3200
>  vpls-peer 192.168.224.1
>  vpls-mtu 3000
>  vlan 150
>   tagged ethe 2/20
> 
> I've not shown the actual LSP config but the LSPs are up on both.
> 
> Has anyone managed to get martini VPLS working between these two boxes?
> 
> Thanks
> 
> Darren
>   
> ___
> cisco-nsp mailing list  cisco-nsp@puck.nether.net
> https://puck.nether.net/mailman/listinfo/cisco-nsp
> archive at http://puck.nether.net/pipermail/cisco-nsp/
> ___
> cisco-nsp mailing list  cisco-nsp@puck.nether.net
> https://puck.nether.net/mailman/listinfo/cisco-nsp
> archive at http://puck.nether.net/pipermail/cisco-nsp/


___
cisco-nsp mailing list  cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/

Re: [c-nsp] Resetting (or not) a 6500/sup720 from the console/rommon

2013-08-01 Thread Lamar Owen 

On 07/30/2013 08:23 AM, Joe Maimon wrote:

All,

Having a similar situation here. Hoping to get more feedback then Phil 
ever did.


Is there a way through console only to worm back into the 
SP/rommon/reset?


I can boot an old msfc image on the RP (hybrid mode with both SP and 
RP running IOS), but havent figured out anything further yet.


The questions comes down to whether remote console is sufficient or if 
remote power is also required. 
Hmm, the only thing I could find is to press ctrl-C three times in a row 
at the RP rommon prompt ( 
http://wiki.nesevo.com/index.php/Conversion_on_Supervisor_Engine_720 at 
step 8; confirmed at the same step on 
http://www.cisco.com/en/US/products/hw/switches/ps708/products_tech_note09186a008015bfa6.shtml#conv_720). 
It would be interesting if that worked for you.


___
cisco-nsp mailing list  cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/

Re: [c-nsp] VPLS between ME3600X and Brocade XMR

2013-08-01 Thread Phil Bedard 
I'm not well versed on the 3600x but some if the other platforms do not
allow using a SVI as an MPLS upstream interface and could explain your
forwarding table issue. You would need to use a sub interface instead
of a SVI. Which I would advise doing anyways if it is p2p between two
devices.

Phil From: Darren O'Connor
Sent: 8/1/2013 12:23
To: cisco-nsp@puck.nether.net
Subject: [c-nsp] VPLS between ME3600X and Brocade XMR
Hi all.

I'm trying to get a working VPLS between a ME3600X and a Brocade
Netiron. I've gone through a load of different configs but I keep
winding up in the same error at the end:

ME3600X#sh mpls l2transport vc detail
Local interface: VFI DARREN-TESTING vfi up
  Interworking type is Ethernet
  Destination address: 217.196.224.61, VC ID: 3200, VC status: down
Last error: MPLS dataplane reported a fault to the nexthop

I've checked the dataplane to ensure my MTUs/labels/etc are all fine
and I can't see anything standing out.

This is my IOS config:
l2 vfi DARREN-TESTING manual TESTLAB
 vpn id 3200
 bridge-domain 150
 neighbor 192.168.224.61 encapsulation mpls
!
interface Tunnel0
 description par2.lem1
 ip unnumbered Loopback0
 tunnel mode mpls traffic-eng
 tunnel destination 192.168.224.61
 tunnel mpls traffic-eng path-option 5 explicit name TO-PAR2.LEM1 verbatim
!
interface GigabitEthernet0/1
 description Link to Switch
 switchport trunk allowed vlan none
 switchport mode trunk
 mtu 9800
 service instance 1 ethernet TESTLAB
  description SRX1
  encapsulation dot1q 2000
  rewrite ingress tag pop 1 symmetric
  bridge-domain 150
!
interface GigabitEthernet0/22
 switchport trunk allowed vlan 2
 switchport mode trunk
 mtu 9800
!
interface Vlan2
 description MPLS INTERFACE
 mtu 3200
 ip address 192.168.31.23 255.255.255.254
 ip ospf network point-to-point
 ip ospf 1 area 0
 mpls traffic-eng tunnels
!
interface Vlan150
 mtu 3000
 no ip address
 xconnect vfi DARREN-TESTING


The Netiron config is like so:
 vpls DARREN-TESTING 3200
  vpls-peer 192.168.224.1
  vpls-mtu 3000
  vlan 150
   tagged ethe 2/20

I've not shown the actual LSP config but the LSPs are up on both.

Has anyone managed to get martini VPLS working between these two boxes?

Thanks

Darren

___
cisco-nsp mailing list  cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/
___
cisco-nsp mailing list  cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/

[c-nsp] VPLS between ME3600X and Brocade XMR

2013-08-01 Thread Darren O'Connor 
Hi all.

I'm trying to get a working VPLS between a ME3600X and a Brocade Netiron. I've 
gone through a load of different configs but I keep winding up in the same 
error at the end:

ME3600X#sh mpls l2transport vc detail
Local interface: VFI DARREN-TESTING vfi up
  Interworking type is Ethernet
  Destination address: 217.196.224.61, VC ID: 3200, VC status: down
Last error: MPLS dataplane reported a fault to the nexthop

I've checked the dataplane to ensure my MTUs/labels/etc are all fine and I 
can't see anything standing out.

This is my IOS config:
l2 vfi DARREN-TESTING manual TESTLAB
 vpn id 3200
 bridge-domain 150
 neighbor 192.168.224.61 encapsulation mpls
!
interface Tunnel0
 description par2.lem1
 ip unnumbered Loopback0
 tunnel mode mpls traffic-eng
 tunnel destination 192.168.224.61
 tunnel mpls traffic-eng path-option 5 explicit name TO-PAR2.LEM1 verbatim
!
interface GigabitEthernet0/1
 description Link to Switch
 switchport trunk allowed vlan none
 switchport mode trunk
 mtu 9800
 service instance 1 ethernet TESTLAB
  description SRX1
  encapsulation dot1q 2000
  rewrite ingress tag pop 1 symmetric
  bridge-domain 150
!
interface GigabitEthernet0/22
 switchport trunk allowed vlan 2
 switchport mode trunk
 mtu 9800
!
interface Vlan2
 description MPLS INTERFACE
 mtu 3200
 ip address 192.168.31.23 255.255.255.254
 ip ospf network point-to-point
 ip ospf 1 area 0
 mpls traffic-eng tunnels
!
interface Vlan150
 mtu 3000
 no ip address
 xconnect vfi DARREN-TESTING


The Netiron config is like so:
 vpls DARREN-TESTING 3200
  vpls-peer 192.168.224.1
  vpls-mtu 3000
  vlan 150
   tagged ethe 2/20

I've not shown the actual LSP config but the LSPs are up on both.

Has anyone managed to get martini VPLS working between these two boxes?

Thanks

Darren
  
___
cisco-nsp mailing list  cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/

[c-nsp] Cisco Security Advisory: OSPF LSA Manipulation Vulnerability in Multiple Cisco Products

2013-08-01 Thread Cisco Systems Product Security Incident Response Team 
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512

Cisco Security Advisory: OSPF LSA Manipulation Vulnerability in Multiple Cisco 
Products

Advisory ID: cisco-sa-20130801-lsaospf

Revision 1.0

For Public Release 2013 August 1 16:00  UTC (GMT)

+-

Summary
===

Multiple Cisco products are affected by a vulnerability involving the Open 
Shortest Path First (OSPF) Routing Protocol Link State Advertisement (LSA) 
database. This vulnerability could allow an unauthenticated attacker to take 
full control of the OSPF Autonomous System (AS) domain routing table, blackhole 
traffic, and intercept traffic.

The attacker could trigger this vulnerability by injecting crafted OSPF 
packets. Successful exploitation could cause flushing of the routing table on a 
targeted router, as well as propagation of the crafted OSPF LSA type 1 update 
throughout the OSPF AS domain.

To exploit this vulnerability, an attacker must accurately determine certain 
parameters within the LSA database on the target router. This vulnerability can 
only be triggered by sending crafted unicast or multicast LSA type 1 packets. 
No other LSA type packets can trigger this vulnerability.

OSPFv3 is not affected by this vulnerability. Fabric Shortest Path First (FSPF) 
protocol is not affected by this vulnerability.

Cisco has released free software updates that address this vulnerability. 
Workarounds that mitigate this vulnerability are available. This advisory is 
available at the following link:
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20130801-lsaospf
-BEGIN PGP SIGNATURE-
Version: GnuPG/MacGPG2 v2.0.19 (Darwin)

iF4EAREKAAYFAlH6SCkACgkQUddfH3/BbTpGpgD+MsCo7uFqgGLIay4UOkjNFB13
QpWKflcEOL6WAJfNIzIA/jTODW/TkM9KSixhd/CewRqjwuJ4lPGnWAGV+AXxb1BQ
=Vnj7
-END PGP SIGNATURE-
___
cisco-nsp mailing list  cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/

Re: [c-nsp] BGP re-announcement question

2013-08-01 Thread Pete Templin 

On 7/29/13 4:06 PM, Arie Vayner (avayner) wrote:

The best route is through your upstream (I guess), so you are not
advertising it back... You could increase the local-pref for routes
you receive from your customers as compared to routes you receive
from your upstreams. In this way you would always prefer the local
path to your customer (not sure they would like you to do that...)


+1 on this.  They are your customer, so it's safe to presume that 
they want you to carry their traffic (they send you a check every month 
in exchange for this service), and in turn you (might) send a check 
elsewhere to continue the process.  It's not an easy thing to roll out 
en masse, but I'd argue that it needs to be done.


I normally use 400 for customer routes, 300 for routes from peers (I've 
been known to use transit providers as peers; accept only their routes 
and their customer routes, and advertise out with no-export or their own 
'peer' community), 200 for routes from transits.  One benefit is that an 
"unconfigured" router with LP=100 won't get any traffic, so it'll make 
the lack of proper configuration obvious.


As others suggested, a community to override this might be appreciated 
by your customers, if they have enough clue to use it. Be warned that 
since "everyone else" (or at least everyone else upstream of you) does 
this same sort of preference, so if they request a low LP in your 
network, they're going to want a low LP in subsequent networks until 
they get to the peered-only networks.


pt


___
cisco-nsp mailing list  cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/

Re: [c-nsp] asr1001 4 full bgp feed

2013-08-01 Thread Luan Nguyen 
Do you know if you can do IPSEC with that as well? Or you would need
additional $10K IPSEC license?
Can it also do limited NAT? If so, what is the number before you add the 2M
license?
Can you run 1 RP2 with XE while the other IOS? Assuming they do have IOS
for ASR and features compatible (bug crash resistance)
Can you have just one ESP with 2 RP, or need 2 ESP as well? If the RP
crashes, current ESP dies as well?
I am using 1013.

Thanks in advance.

Regards,

Luan
On Aug 1, 2013 4:19 AM, "Adam Vitkovsky"  wrote:

> > Given the relentless growth of the global v4 table,
> > I wouldn't feel comfortable with a FIB capability of 512K.
> > How long do you think that'll suffice?
>
> Well looking at the weekly GRT report for past few weeks it's roughly 41
> weeks.
> 456943,
> 457245,
> 458665,
> 459588,
> 460435,
>
>
> adam
>
> ___
> cisco-nsp mailing list  cisco-nsp@puck.nether.net
> https://puck.nether.net/mailman/listinfo/cisco-nsp
> archive at http://puck.nether.net/pipermail/cisco-nsp/
>
___
cisco-nsp mailing list  cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/

Re: [c-nsp] asr1001 4 full bgp feed

2013-08-01 Thread Hitesh Vinzoda 
Thanks all, Looks like we are sorted at the moment.

Cheers
Hitesh


On Thu, Aug 1, 2013 at 2:17 PM, Chris Balmain wrote:

> You will need advipservices for MPLS
>
> On 01/08/2013, at 6:18 PM, "Hitesh Vinzoda"  > wrote:
>
> I think its better to go for 1002-x instead of 1001 as we have to take
> IPv6 route table growth in calculation as well. any comments on licensing.
>
> Thanks
> Hitesh
>
>
> On Thu, Aug 1, 2013 at 1:44 PM, Adam Vitkovsky  > wrote:
> > Given the relentless growth of the global v4 table,
> > I wouldn't feel comfortable with a FIB capability of 512K.
> > How long do you think that'll suffice?
>
> Well looking at the weekly GRT report for past few weeks it's roughly 41
> weeks.
> 456943,
> 457245,
> 458665,
> 459588,
> 460435,
>
>
> adam
>
>
>
___
cisco-nsp mailing list  cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/

Re: [c-nsp] asr1001 4 full bgp feed

2013-08-01 Thread Chris Balmain 
You will need advipservices for MPLS

On 01/08/2013, at 6:18 PM, "Hitesh Vinzoda" 
mailto:vinzoda.hit...@gmail.com>> wrote:

I think its better to go for 1002-x instead of 1001 as we have to take IPv6 
route table growth in calculation as well. any comments on licensing.

Thanks
Hitesh


On Thu, Aug 1, 2013 at 1:44 PM, Adam Vitkovsky 
mailto:adam.vitkov...@swan.sk>> wrote:
> Given the relentless growth of the global v4 table,
> I wouldn't feel comfortable with a FIB capability of 512K.
> How long do you think that'll suffice?

Well looking at the weekly GRT report for past few weeks it's roughly 41
weeks.
456943,
457245,
458665,
459588,
460435,


adam



___
cisco-nsp mailing list  cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/

Re: [c-nsp] asr1001 4 full bgp feed

2013-08-01 Thread Hitesh Vinzoda 
I think its better to go for 1002-x instead of 1001 as we have to take IPv6
route table growth in calculation as well. any comments on licensing.

Thanks
Hitesh


On Thu, Aug 1, 2013 at 1:44 PM, Adam Vitkovsky wrote:

> > Given the relentless growth of the global v4 table,
> > I wouldn't feel comfortable with a FIB capability of 512K.
> > How long do you think that'll suffice?
>
> Well looking at the weekly GRT report for past few weeks it's roughly 41
> weeks.
> 456943,
> 457245,
> 458665,
> 459588,
> 460435,
>
>
> adam
>
>
___
cisco-nsp mailing list  cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/

Re: [c-nsp] asr1001 4 full bgp feed

2013-08-01 Thread Adam Vitkovsky 
> Given the relentless growth of the global v4 table, 
> I wouldn't feel comfortable with a FIB capability of 512K. 
> How long do you think that'll suffice?

Well looking at the weekly GRT report for past few weeks it's roughly 41
weeks. 
456943, 
457245, 
458665, 
459588, 
460435, 


adam

___
cisco-nsp mailing list  cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/

Re: [c-nsp] PfR Seminar

2013-08-01 Thread M K 
Hi all , please check the image 
belowhttp://www.mediafire.com/?ab6wckakaobbjcrDoes the videos for this seminar 
exist anywhere?
BR,

> Date: Wed, 26 Jun 2013 12:56:33 +0300
> Subject: Re: [c-nsp] PfR Seminar
> From: ko...@korio.org
> To: gunner_...@live.com
> CC: cisco-nsp@puck.nether.net
> 
> Hi,
> 
> 
> On Wed, June 26, 2013 12:36 pm, M K wrote:
> > Hi all Does anyone know where the video sessions for the below link
> > are?http://blog.ine.com/2013/04/20/pfr-vseminar-topology-and-initial-configurations/
> > Thanks
> > ___
> > cisco-nsp mailing list  cisco-nsp@puck.nether.net
> > https://puck.nether.net/mailman/listinfo/cisco-nsp
> > archive at http://puck.nether.net/pipermail/cisco-nsp/
> >
> 
> Is this the one?
> http://www.ine.com/all-access-pass/training/playlist/ccie-rs-pfr-vseminar/-pfr--vseminar-22200011.html
> ?
> 
> -- 
> Best Regards,
> Iassen Anadoliev
> 
> 
> 
> 
  
___
cisco-nsp mailing list  cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/

Re: [c-nsp] asr1001 4 full bgp feed

2013-08-01 Thread Hitesh Vinzoda 
Thanks guys,

What license do we need for BGP, MPLS? would Advanced IP services will
suffice as software advisor tool on Cisco is not much of help

Thanks
Hitesh


On Thu, Aug 1, 2013 at 12:45 PM, Łukasz Bromirski wrote:

> Yes, FIB only stores best paths (400k+), so you need to make sure you have
> at least 8GB of RAM and should be good to go.
>
> On the other hand, having better ESP would make sense in terms of future
> growth, so take a look at ASR 1002X.
>
> --
> ./
>
> Dnia 1 sie 2013 o godz. 08:09 Hitesh Vinzoda 
> napisał(a):
>
> > hi all,
> >
> > could anyone confirm if asr1001  can take 4 full bgp feed of 450k routes
> > each.
> >
> > i know that it has limitation of 512k for fib but not sure  if thats for
> > only forwarding table which i reckon would be all best routes around 450k
> > but assuming that we can hold 1.4 million routes that is 450k from each
> > peer in rib using more ram.
> >
> > please comment
> >
> > thanks
> > Hitesh
> > ___
> > cisco-nsp mailing list  cisco-nsp@puck.nether.net
> > https://puck.nether.net/mailman/listinfo/cisco-nsp
> > archive at http://puck.nether.net/pipermail/cisco-nsp/
>
___
cisco-nsp mailing list  cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/

Re: [c-nsp] asr1001 4 full bgp feed

2013-08-01 Thread Chris Balmain 

Hi,

ASR1001 can hold 1,000,000 routes in the FIB if you have 8GB memory. See 
table 4: 
http://www.cisco.com/en/US/prod/collateral/routers/ps9343/data_sheet_c78-441072.html


We have an 8GB unit taking two full feeds and a couple of IXes (another 
~10k prefixes), memory usage is approximately 1.2G of the 4G that is 
available to IOSd.


Given the relentless growth of the global v4 table, I wouldn't feel 
comfortable with a FIB capability of 512K. How long do you think that'll 
suffice?


Chris

On 01/08/13 16:09, Hitesh Vinzoda wrote:

hi all,

could anyone confirm if asr1001  can take 4 full bgp feed of 450k routes
each.

i know that it has limitation of 512k for fib but not sure  if thats for
only forwarding table which i reckon would be all best routes around 450k
but assuming that we can hold 1.4 million routes that is 450k from each
peer in rib using more ram.

please comment

thanks
Hitesh
___
cisco-nsp mailing list  cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/


___
cisco-nsp mailing list  cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/

Re: [c-nsp] asr1001 4 full bgp feed

2013-08-01 Thread Nikolay Shopik 
It can take 1M routes, you just need at least 8G memory. And if you need
4 full bgp you need 8G memory anyway.
You can fit 3 full bgp in 4G memory but it will be 98-99%.

On 01/08/13 10:09, Hitesh Vinzoda wrote:
> i know that it has limitation of 512k for fib
___
cisco-nsp mailing list  cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/

Re: [c-nsp] asr1001 4 full bgp feed

2013-08-01 Thread Łukasz Bromirski 
Yes, FIB only stores best paths (400k+), so you need to make sure you have at 
least 8GB of RAM and should be good to go.

On the other hand, having better ESP would make sense in terms of future 
growth, so take a look at ASR 1002X.

-- 
./

Dnia 1 sie 2013 o godz. 08:09 Hitesh Vinzoda  
napisał(a):

> hi all,
> 
> could anyone confirm if asr1001  can take 4 full bgp feed of 450k routes
> each.
> 
> i know that it has limitation of 512k for fib but not sure  if thats for
> only forwarding table which i reckon would be all best routes around 450k
> but assuming that we can hold 1.4 million routes that is 450k from each
> peer in rib using more ram.
> 
> please comment
> 
> thanks
> Hitesh
> ___
> cisco-nsp mailing list  cisco-nsp@puck.nether.net
> https://puck.nether.net/mailman/listinfo/cisco-nsp
> archive at http://puck.nether.net/pipermail/cisco-nsp/

___
cisco-nsp mailing list  cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/

[c-nsp] All Zero Mac Address

2013-08-01 Thread Harry Hambi 
Hi all,
I'me receiving an all Zero Mac Address on an uplink between two switches 
3750/6500. A pkt capture shows frames with zero data,
Port stats shows no errors or drops. Am I looking at a switch hardware problem/ 
optic problem?. Not causing operational issue, any ideas appreciated.

Rgds
Harry

Harry Hambi BEng(Hons)  MIET  Rsgb




http://www.bbc.co.uk
This e-mail (and any attachments) is confidential and
may contain personal views which are not the views of the BBC unless 
specifically stated.
If you have received it in
error, please delete it from your system.
Do not use, copy or disclose the
information in any way nor act in reliance on it and notify the sender
immediately.
Please note that the BBC monitors e-mails
sent or received.
Further communication will signify your consent to
this.


___
cisco-nsp mailing list  cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/