Re: [c-nsp] Cisco 6506E 4Byte ASN IOS Support
On Thu, 7 Apr 2016, Jason Berenson wrote: Greetings, We're currently running a handful of 6506E's in our network for edge routers. We're running this IOS: s72033-advipservicesk9_wan-mz.122-18.SXF6.bin I need to upgrade it to support 4Byte ASN's. We're running some basic BGP/OSPF with 10G interfaces and full tables. If anyone has any recommendations on which IOS to upgrade to I'd greatly appreciate it. Looking for stability over everything and 4Byte ASN support. s72033-advipservicesk9_wan-mz.122-33.SXI8.bin Good luck with the reboots. You are aware of the "bad memory" issue you might run into causing cards working today to not make it through a reload? -- Jon Lewis, MCP :) | I route | therefore you are _ http://www.lewis.org/~jlewis/pgp for PGP public key_ ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] blackholed traffic on ether-channel
Look out for SY2!! We were on that release when we rolled out our Cat6807s in 2014 but there was a gross bug where a malformed mDNS packet could crash the sup! We had a quad-sup VSS at this time and it crashed all four within a minute! I'm unsure if this was VSS specific but I did get confirmation that it wasn't quad-sup specific. We are now on 15.1(2)SY4 and life is good... for now... -- Hunter Fuller Network Engineer VBRH Annex B-1 +1 256 824 5331 Office of Information Technology The University of Alabama in Huntsville Systems and Infrastructure On Thu, Apr 7, 2016 at 3:29 AM, Mark Tinkawrote: > > > On 7/Apr/16 10:14, Holemans Wim wrote: > >> >> As an solution the page points to 3 new software releases : >> Known Fixed Releases: (3) >> 15.2(1)SY1.118 >> 15.3(1)IE101.312 >> 15.4(1)IA1.22 >> Of these 3 releases none is available for download ? There is even no >> 15.3 of 15.4 train available in the download software page... > > Cisco normally publish future releases as being fixed before the > releases become physically available. It is just a commitment from the > BU to say in which release a bug is going to get fixed. When the release > actually becomes available is orthogonal to the bug details. > >> Anyone has an idea where I can find a software release in which this problem >> is fixed so I can install this before activating these switches on our >> network ? > > We started using this platform back in 2014. > > We are using the code that was the only one available back then - > 15.1(2)SY2 - without any issue. > > We were actually just about to start a round of upgrades to the latest > stable release, but after seeing this thread, best to wait. > > In all fairness, we are running the switches as pure Layer 2 core > devices, but with lots of 10Gbps LACP links. No issues with that since 2014. > > If you don't have any features that require anything beyond 15.1(2)SY2, > I'd suggest trying this if there aren't any defects in it worth noting > for your environment. > > Mark. > ___ > cisco-nsp mailing list cisco-nsp@puck.nether.net > https://puck.nether.net/mailman/listinfo/cisco-nsp > archive at http://puck.nether.net/pipermail/cisco-nsp/ ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] Cisco 6506E 4Byte ASN IOS Support
Hi, On Thu, Apr 07, 2016 at 12:15:16PM -0700, Jason Berenson wrote: > We're currently running a handful of 6506E's in our network for edge > routers. We're running this IOS: > > s72033-advipservicesk9_wan-mz.122-18.SXF6.bin This is slightly prehistoric... We're fairly happy with 15.1(2)SY4 and with 12.2(33)SXI14. Both support 4byte-ASNs and the usual 6500 stuff (Sup720-10G here). Caveat: there's a couple of Cisco PSIRT advisories that both versions *are* affected - so if you upgrade anyway, go for 15.1(2)SY7 or see if the issues in SXI affect you. There seems to be no SXI release that has everything fixed, so you could give SXJ a try - but I have no personal experience with recent SXJ versions (early ones were not very stable). gert -- USENET is *not* the non-clickable part of WWW! //www.muc.de/~gert/ Gert Doering - Munich, Germany g...@greenie.muc.de fax: +49-89-35655025g...@net.informatik.tu-muenchen.de signature.asc Description: PGP signature ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
[c-nsp] Cisco 6506E 4Byte ASN IOS Support
Greetings, We're currently running a handful of 6506E's in our network for edge routers. We're running this IOS: s72033-advipservicesk9_wan-mz.122-18.SXF6.bin I need to upgrade it to support 4Byte ASN's. We're running some basic BGP/OSPF with 10G interfaces and full tables. If anyone has any recommendations on which IOS to upgrade to I'd greatly appreciate it. Looking for stability over everything and 4Byte ASN support. Thanks! Jason. ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] what the heck is "ip forward-protocol nd" good for
Hi Phil, hi List, On Thu, Apr 07, 2016 at 01:03:24PM +0100, Phil Mayers wrote: > On 06/04/16 17:16, Sebastian Beutel wrote: > > >What do you think: Is this a bug? > > As others have said: IOS defaults are, largely, insane for 2016. > > We have: > > no ip forward-protocol nd > no ip forward-protocol udp tftp > no ip forward-protocol udp nameserver > no ip forward-protocol udp domain > no ip forward-protocol udp time > no ip forward-protocol udp netbios-ns > no ip forward-protocol udp netbios-dgm > no ip forward-protocol udp tacacs > > ...amongst other things in our standard IOS config. > > It's one more tedious part of modern IT - reaping the "benefits" of > compatibility with the very best the 1980s had to offer. > To me the "Cisco IOS IP Application Services Command Reference" is a little blurry: http://www.cisco.com/c/en/us/td/docs/ios-xml/ios/ipapp/command/iap-cr-book/iap-i1.html#wp1776761080 If i get it right, enabling an ip helper on an interfaces enables forwarding of a list of stuff. Furthermore the global "ip forward-protocol udp" (without any protocol name) enables forwarding all of this on any interface. I suppose, that it's very naive to assume, that the lines you wrote could be replaced by this: no ip forward-protocol udp ip forward-protocol udp bootpc ip forward-protocol udp bootps But the thing that keeps me puzzled is, that only "ip forward-protocol nd" appears in a "sho run" of a default virgin configuration and none of the above does. Not even in a "sho run {all|full}. Why exactly this and none of the others? Best, Sebastian. ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] what the heck is "ip forward-protocol nd" good for
> On 07/04/16 13:06, Nick Cutting wrote: > > The whizzkids often used a connection to the super-unprotected LAN to > > get themselves out of a locked room while they were being held > > captive by white collar criminals. Those 80's protocols got them out > > of numerous Jams. > > "How do you make it play itself?" > "Number of players: zero" > "SIGSEGV: halting" > "...ah" Clearly leaving an unsecured console running when your code has a zero-day exploit over not sanitizing inputs is also a risk. Stephen ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] what the heck is "ip forward-protocol nd" good for
On 07/04/16 13:06, Nick Cutting wrote: The whizzkids often used a connection to the super-unprotected LAN to get themselves out of a locked room while they were being held captive by white collar criminals. Those 80's protocols got them out of numerous Jams. "How do you make it play itself?" "Number of players: zero" "SIGSEGV: halting" "...ah" ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] what the heck is "ip forward-protocol nd" good for
The whizzkids often used a connection to the super-unprotected LAN to get themselves out of a locked room while they were being held captive by white collar criminals. Those 80's protocols got them out of numerous Jams. -Original Message- From: cisco-nsp [mailto:cisco-nsp-boun...@puck.nether.net] On Behalf Of Phil Mayers Sent: 07 April 2016 13:03 To: cisco-nsp@puck.nether.net Subject: Re: [c-nsp] what the heck is "ip forward-protocol nd" good for On 06/04/16 17:16, Sebastian Beutel wrote: > What do you think: Is this a bug? As others have said: IOS defaults are, largely, insane for 2016. We have: no ip forward-protocol nd no ip forward-protocol udp tftp no ip forward-protocol udp nameserver no ip forward-protocol udp domain no ip forward-protocol udp time no ip forward-protocol udp netbios-ns no ip forward-protocol udp netbios-dgm no ip forward-protocol udp tacacs ...amongst other things in our standard IOS config. It's one more tedious part of modern IT - reaping the "benefits" of compatibility with the very best the 1980s had to offer. :o( ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/ ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] what the heck is "ip forward-protocol nd" good for
On 06/04/16 17:16, Sebastian Beutel wrote: What do you think: Is this a bug? As others have said: IOS defaults are, largely, insane for 2016. We have: no ip forward-protocol nd no ip forward-protocol udp tftp no ip forward-protocol udp nameserver no ip forward-protocol udp domain no ip forward-protocol udp time no ip forward-protocol udp netbios-ns no ip forward-protocol udp netbios-dgm no ip forward-protocol udp tacacs ...amongst other things in our standard IOS config. It's one more tedious part of modern IT - reaping the "benefits" of compatibility with the very best the 1980s had to offer. :o( ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] what the heck is "ip forward-protocol nd" good for
On 7/Apr/16 13:36, Gert Doering wrote: > Which really shouldn't be default nowadays, while "ipv6 unicast-routing" > *should* be... :-) IOS 22.5(SE6) :-). If anyone remembers, when the ME3600X/3800X first launched in 2010, you needed explicitly "ip routing" to enable IP/MPLS capability. 12.2(EY) greatness! Mark. signature.asc Description: OpenPGP digital signature ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] what the heck is "ip forward-protocol nd" good for
Hi, On Thu, Apr 07, 2016 at 01:31:23PM +0200, Mark Tinka wrote: > > Be grateful we do not need to explicitly configure > > > > ip classless > > ip subnet-zero > > Or "ip routing" :-). Which really shouldn't be default nowadays, while "ipv6 unicast-routing" *should* be... :-) gert -- USENET is *not* the non-clickable part of WWW! //www.muc.de/~gert/ Gert Doering - Munich, Germany g...@greenie.muc.de fax: +49-89-35655025g...@net.informatik.tu-muenchen.de signature.asc Description: PGP signature ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] what the heck is "ip forward-protocol nd" good for
On 7/Apr/16 13:14, Patrick M. Hausen wrote: > Be grateful we do not need to explicitly configure > > ip classless > ip subnet-zero Or "ip routing" :-). Mark. ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] what the heck is "ip forward-protocol nd" good for
Hi, all, > Am 07.04.2016 um 13:03 schrieb Mattias Gyllenvarg: > > Yeah, This was discussed some time ago when they where planning on IOS 15 > and checked what we wanted here on the list. > > I asked for a global "modern standards/defaults" but no go. > Or legacy-default-off. > Nothing fancy, just like the above. No proxy-arp etc etc, stuff left behind > the last millenia. Be grateful we do not need to explicitly configure ip classless ip subnet-zero ;-) Patrick -- punkt.de GmbH * Kaiserallee 13a * 76133 Karlsruhe Tel. 0721 9109 0 * Fax 0721 9109 100 i...@punkt.de http://www.punkt.de Gf: Jürgen Egeling AG Mannheim 108285 ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] what the heck is "ip forward-protocol nd" good for
Yeah, This was discussed some time ago when they where planning on IOS 15 and checked what we wanted here on the list. I asked for a global "modern standards/defaults" but no go. Or legacy-default-off. Nothing fancy, just like the above. No proxy-arp etc etc, stuff left behind the last millenia. ons 6 apr. 2016 kl 18:51 skrev Saku Ytti: > On 6 April 2016 at 19:16, Sebastian Beutel > wrote: > > Hey, > > > So i asked wisdom of the search engines and found out, that there > once > > was a protocol with the name "sun-nd" and the ip protocol number 77, > used in > > suns diskless sun 2 stations. The line "ip forward-protocol nd" seems to > be > > the equivalent for sun-nd what ip-helper is for dhcp. Could this be? A > > workaround for a 30 year old proprietary legacy protocol is in the > default > > configuration of a modern router? This is what i found: > > Helper is for any number of protocols iterated by 'ip > forward-protocol'. Usually as you say DHCP (BOOTP). > > Cisco (and other vendors) are in difficult position when it comes to > default settings. You ship with some config, and no matter how crazy > they are, changing them will break something from someone. > > I think one solution to this would be to support multiple > standard/default settings, and your config would have line about which > standard you are using. If there is nothing, it's using the latest > available in that image. This way people could choose when they adopt > more modern standards and as vendors and customers learn how things > should be configured, it would be lower barrier to introduce new > standard. > Basically this standard release would be just be config over which > user config is merged on, likely very simple concept for ios-xr, > junos, but perhaps not so simple for classic ios. > -- > ++ytti > ___ > cisco-nsp mailing list cisco-nsp@puck.nether.net > https://puck.nether.net/mailman/listinfo/cisco-nsp > archive at http://puck.nether.net/pipermail/cisco-nsp/ > ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] Output Drops Due to QoS and threshold size
On 7 April 2016 at 07:26, Victor Sudakovwrote: > If Thres1 in Q1 is set to 1000%, this would mean 500 buffers. Where > are the 500-200=300 additional buffers borrowed? From the common pool? >From the document --- Anything over 100% means the tx queue can use common buffers to queue packets. The default value for this field is 400%. --- I've not worked with small cats in several years and I'm not ready to refresh my memory on them, as I don't expect needing to work on their QoS in future, sorry. -- ++ytti ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] blackholed traffic on ether-channel
On 7/Apr/16 10:14, Holemans Wim wrote: > > As an solution the page points to 3 new software releases : > Known Fixed Releases: (3) > 15.2(1)SY1.118 > 15.3(1)IE101.312 > 15.4(1)IA1.22 > Of these 3 releases none is available for download ? There is even no > 15.3 of 15.4 train available in the download software page... Cisco normally publish future releases as being fixed before the releases become physically available. It is just a commitment from the BU to say in which release a bug is going to get fixed. When the release actually becomes available is orthogonal to the bug details. > Anyone has an idea where I can find a software release in which this problem > is fixed so I can install this before activating these switches on our > network ? We started using this platform back in 2014. We are using the code that was the only one available back then - 15.1(2)SY2 - without any issue. We were actually just about to start a round of upgrades to the latest stable release, but after seeing this thread, best to wait. In all fairness, we are running the switches as pure Layer 2 core devices, but with lots of 10Gbps LACP links. No issues with that since 2014. If you don't have any features that require anything beyond 15.1(2)SY2, I'd suggest trying this if there aren't any defects in it worth noting for your environment. Mark. ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] blackholed traffic on ether-channel
Just bought several C6880-X to replace some 6500 with Sup32. They will have a lot of LACP channels... Tried to search for the bug numbers mentioned below, the first one came back as not cisco inside only, the second one comes with an information page with the title : https://bst.cloudapps.cisco.com/bugsearch/bug/CSCuy25743 C6880-X-LE: Contiguous 4 10G ports goes down and cannot be brought up As an solution the page points to 3 new software releases : Known Fixed Releases: (3) 15.2(1)SY1.118 15.3(1)IE101.312 15.4(1)IA1.22 Of these 3 releases none is available for download ? There is even no 15.3 of 15.4 train available in the download software page... Anyone has an idea where I can find a software release in which this problem is fixed so I can install this before activating these switches on our network ? Wim Holemans Netwerkdienst Universiteit Antwerpen Network Services University of Antwerp -Oorspronkelijk bericht- Van: cisco-nsp [mailto:cisco-nsp-boun...@puck.nether.net] Namens Aaron DuShey Verzonden: woensdag 6 april 2016 20:40 Aan: selamat pagiCC: cisco-nsp Onderwerp: Re: [c-nsp] blackholed traffic on ether-channel Sorry for the earlier misfire. On Wed, Apr 6, 2016 at 10:55 AM, selamat pagi wrote: > Setup: > 4 port LACP channel, C6880 <-> Nexus 7k > > Recently we had the issue that most (not all) traffic was black-holed > on a C6880. > No interface counters, nor the port-channel status, nor an NMS pointed > to any abnormal behavior. > > Finally, the problem was resolved by shutting down a specific > interface on C6880. > It seems that one defect port affected the function of the entire > port-channel !! > FWIW We recently ran into a somewhat similar port-channel issue on 6880 15.2(1)SY1a. BU told us symptoms were possibly related to CSCuw08272/CSCuy25743. That issue is slated to be fixed in 15.2(1)SY2. -Aaron ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/ ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/