Re: [c-nsp] Storm-control Issue
Thanks all > From: luky...@hotmail.com > To: mack.mcbr...@viawest.com; n...@foobar.org; gunner_...@live.com; > chuckchu...@gmail.com; cisco-nsp@puck.nether.net > Subject: RE: [c-nsp] Storm-control Issue > Date: Wed, 15 Apr 2015 19:16:59 +0200 > > > > A link to the article/web page would be helpful because the current first > > hit on page three really doesn't relate to the issue. > > Remember the order can change based on someone's search history as well as > > the number of people visiting a link > > And additional links being added. > > http://www.cisco.com/c/en/us/td/docs/routers/7600/ios/12-2SR/configuration/guide/swcg/storm.pdf > > ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
[c-nsp] ASR903 AToM
Hi all I have the below setup I have ASR903 connected to ME3600 (both are acting as PEs) The ASR903 is part of REP ring consisting of other 3400 switches with ASR903 being the primary I have two CEs , one is directly connected to the ME3600 box , and the other CE is connected to one of the 3400 switches which are part of the REP ring What am trying to do is to establish AToM (Xconnect) between the two CEs The Vlan used for testing is 100 (there are other Vlans passing through the trunks that are not for MPLS service) ASR903 interface GigabitEthernet0/0/0 description Connected-To-AS1-G0/2 no ip address negotiation auto rep segment 20 edge primary rep preempt delay 30 rep block port 3 vlan 1-4094 service instance trunk 1 ethernet encapsulation dot1q 100,200,300 rewrite ingress tag pop 1 symmetric bridge-domain from-encapsulation interface GigabitEthernet0/1/0 description Connected-To-AS2-G0/2 no ip address negotiation auto rep segment 20 edge preferred rep preempt delay 30 service instance trunk 1 ethernet encapsulation dot1q 100,200,300 rewrite ingress tag pop 1 symmetric bridge-domain from-encapsulation interface pseudowire 20 encapsulation mpls neighbor 2.2.2.2 20 l2vpn xconnect context L2VPN member GigabitEthernet0/0/0 --> When I tried to put service-instance , it did not accept the command member pseudowire 20 ME3600 interface vlan 100 no ip address xconnect 1.1.1.1 20 encapsulation mpls Now , the xconnect came up as shown in the output below ME3600X#show mpls l2transport vc 20 Local intf Local circuit Dest addressVC ID Status - -- --- -- -- Vl100 Eth VLAN 100 1.1.1.1 20 UP ASR903#sh xconnect all Legend:XC ST=Xconnect State S1=Segment1 State S2=Segment2 State UP=Up DN=DownAD=Admin Down IA=Inactive SB=Standby HS=Hot Standby RV=Recovering NH=No Hardware XC ST Segment 1 S1 Segment 2 S2 --+-+--+-+-- UP pri mpls 2.2.2.2:20 UP ac Gi0/0/0:6(Ethernet) UP No ping between the two sites , I tried to modify the MTU vlaue on the interfaces going to the CE side , and the xconnect is down directly I have tested L3VPN using the exact same setup (without modifying the MTU values on any interface) and it worked fine Any ideas? Thanks in advance BR, Mohammad ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] One Cat6k/Sup2T is software switching, its identical partner is not
Hi Jeroen, > On 17 Apr 2015, at 13:16, Jeroen van Ingen wrote: > > We have two Cat6k's with Sup2T in our network, both running IOS 15.1(1)SY3. Are they really identical, down to Sw/Hw revisions and ROMMON versions? It seems that something on the device side either interprets the configuration in different order and this hits some rare bug, or there’s something other at the software/hardware border that you’re hitting. -- "There's no sense in being precise when | Łukasz Bromirski you don't know what you're talking | jid:lbromir...@jabber.org about." John von Neumann |http://lukasz.bromirski.net ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] One Cat6k/Sup2T is software switching, its identical partner is not
On 04/17/2015 03:03 PM, Roland Dobbins wrote: On 17 Apr 2015, at 18:16, Jeroen van Ingen wrote: Anyone with ideas how to dig deeper? sh fm sum That's pretty similar to other "show fm" commands; "sh fm fea" says these interfaces are partially reduced on ingress and "sh fm sum" says "non-reducible features are ACTIVE inbound". Still no pointer at all why these features would be non-reducible, since same config runs fine in hardware on its partner. Reseat the linecard in question? Haven't tried that, but I doubt that it would help. Issue is seen on both 6904 linecards in the chassis... and I forgot to mention that the sup has already been replaced, which didn't make a difference. Thanks for thinking with me though! Regards, Jeroen van Ingen ICT Service Centre University of Twente, P.O.Box 217, 7500 AE Enschede, The Netherlands ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] Ping getting IPv6 address, though IPv6 is not enabled.
Looks like your ping and nslookup commands are ipv6 aware. DNS gives both records and ping takes the v6 one. Specify ³ping ipv4 address² Like here: RP/0/RSP0/CPU0:TELX1.BB#ping www.google.com Fri Apr 17 12:41:27.530 EDT Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to 2607:f8b0:4002:c06::63, timeout is 2 seconds: . Success rate is 0 percent (0/5) RP/0/RSP0/CPU0:TELX1.BB#ping ipv4 www.google.com Fri Apr 17 12:41:44.674 EDT Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to 74.125.21.103, timeout is 2 seconds: ! Success rate is 100 percent (5/5), round-trip min/avg/max = 1/1/1 ms Luck, Buz -- buz.d...@usg.edu Network Support Specialist University System of GA -IT Services. 706-583-2052 or (Toll Free in GA) 888-875-3697 On 4/16/15, 3:29 PM, "Joseph Mays" wrote: >Got something going on on a router that seems strange. To me, anyway. > >I have a router that does not have IPv6 enabled, nor is IPv6 being used >in the network it¹s on. ³ipv6² does not even occur anywhere in the config. > >On any addresses it looks up the IPv4 address fine, and can route to that >address. But when I ping something like www.yahoo.com it grabs the IPv6 >address and tries to ping that. And fails, of course. How do I get it to >stop preferring IPv6 addresses? > >core-gw1.noc#show ip route www.yahoo.com >Translating "www.yahoo.com"...domain server (216.24.27.4) [OK] > >Routing entry for 98.139.128.0/17 > Known via "bgp 7333", distance 20, metric 126041 > Tag 174, type external > Last update from 38.122.142.5 1w0d ago > Routing Descriptor Blocks: > * 38.122.142.5, from 38.122.142.5, 1w0d ago > Route metric is 126041, traffic share count is 1 > AS Hops 3 > >core-gw1.noc#show run | include ping >core-gw1.noc#show run | include icmp >permit icmp any host 216.24.27.41 >core-gw1.noc#ping www.yahoo.com >Translating "www.yahoo.com"...domain server (216.24.27.4) [OK] > >Type escape sequence to abort. >Sending 5, 100-byte ICMP Echos to 2001:4998:58:C02::A9, timeout is 2 >seconds: >. >Success rate is 0 percent (0/5) >___ >cisco-nsp mailing list cisco-nsp@puck.nether.net >https://puck.nether.net/mailman/listinfo/cisco-nsp >archive at http://puck.nether.net/pipermail/cisco-nsp/ ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] Ping getting IPv6 address, though IPv6 is not enabled.
Hi > > Got something going on on a router that seems strange. To me, anyway. > > I have a router that does not have IPv6 enabled, nor is IPv6 being used in the > network it’s on. “ipv6” does not even occur anywhere in the config. > > On any addresses it looks up the IPv4 address fine, and can route to that > address. But when I ping something like www.yahoo.com it grabs the IPv6 > address and tries to ping that. And fails, of course. How do I get it to stop > preferring IPv6 addresses? Ping ip www.yahoo.com Or better yet set up ipv6 on your network. Brian ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] One Cat6k/Sup2T is software switching, its identical partner is not
On 17 Apr 2015, at 18:16, Jeroen van Ingen wrote: > Anyone with ideas how to dig deeper? sh fm sum Reseat the linecard in question? --- Roland Dobbins ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
[c-nsp] One Cat6k/Sup2T is software switching, its identical partner is not
Calling on your collective knowledge here, because our TAC case is
progressing quite slowly. I hope someone is around who has in-depth
knowledge of "feature manager" on Cat6k/Sup2T.
We have two Cat6k's with Sup2T in our network, both running IOS
15.1(1)SY3. They function as distribution switches for several buildings
and the configs are virtually identical, aside from IP addresses. Each
building is connected to both boxes on a 10 GE interface on a 6904
linecard; interfaces are in routed mode with a subinterface for each
VLAN that we want to route and we run HSRP for gateway redundancy. I'll
call them "router A" and "router B" from here.
During a maintenance window we rebooted router A. When it came back, it
logged a few %FMCORE-4-RACL-REDUCED messages for subinterfaces and it
was obviously forwarding part of the incoming traffic in software.
The thing is: on router B, all interfaces and subinterfaces are hardware
switching ("not reduced" state) while on router A there's a clear
pattern in subinterfaces in "partially reduced" state and subinterfaces
in "not reduced" state. Again, identical config on both routers,
verified by checking a vimdiff of "show running-config" and "show
running-config all" between the routers.
We were able to create an extra subinterface on both routers that we can
manipulate without affecting user traffic; on router A we can "toggle"
that subinterface between "partially reduced" by removing PBR config and
"not reduced" by adding PBR config. On router B, again, both with and
without PBR on the subint it always switches in hardware.
With "debug fm features" and "debug fm core all" I checked the logging
and on router A I see something interesting:
fm_core_notify_feat_exception_event() called for label: 51 i/f:
TenGigabitEthernet2/15.1799 exception event: 0
-Traceback= 455BA44z 455CFE4z 45550D8z 4550E30z 45512B8z 45526B0z
5250AE0z 524A374z
...and that's where I have no idea how to continue. Router A has these
errors, router B doesn't. My gut feeling is that this would be the
underlying cause for the "partially reduced" state and software
switching of part of the traffic.
Anyone with ideas how to dig deeper?
Regards,
Jeroen van Ingen
ICT Service Centre
University of Twente, P.O.Box 217, 7500 AE Enschede, The Netherlands
___
cisco-nsp mailing list cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/
