Re: [c-nsp] Cisco ASR1000 Info..
On 31/Oct/19 21:13, Howard Leadmon wrote: > > > I also mentioned looking at Juniper on their list, and man did many > come back telling me that JunOS could be a nightmare with commands > changing from release to release, and that if I wasn't used to JunOS > already (which I am not) that it would drive me batty. I wouldn't let the opinions of others dent your hopes. I mean, there is a reason j-nsp is a busy list, and that Juniper are selling gear. Junos is just different from IOS, not impossible. Mark. ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] Cisco 4000 series (4461) as a BGP router?
Patrick, > On 28 Oct 2019, at 09:30, Patrick M. Hausen wrote: > > Hi all, > >> Am 27.10.2019 um 01:36 schrieb Łukasz Bromirski : >> >>> On 23 Oct 2019, at 13:50, Patrick M. Hausen wrote: >>> >>> Hi all, >>> >>> would you recommend the 4461 to run a handful of >>> full feeds for v4 and v6? The model seems to be quite >>> affordable compared to ASR 9000 series routers and >>> throughput is not our main concern for upstream. >> >> It will do fine. Memory and performance shouldn’t be an issue until you >> reach around 7Gbps (with BOOST license, if you’re not running virtual >> containers). >> >> If that’s not enough, consider ASR 1001X/1001HX. > > Our supplier recommended refurbished 9001 or 9006 to get the best > bang for the buck. Would you agree with that? It will depend on your requirements. 9001 is small, deep, but powerful, capable of pushing 120Gbps. ISR 4461 and ASR 1001X/1001HX can’t match that (1001HX is 60Gbps) and for example can do VPN crypto which 9001/9901 can’t (if you’re willing at some point in future to terminate S2S/RA VPNs). > Could someone kindly clue me in about the 32bit vs 64bit platform > „issue“ if there is one? I would not want to invest into a platform > with EOL already on the horizon. Those 6500 have been running way > too long. As I already responded to James, 9001 is not going EOL anytime soon - at least not until June 2020. 32 bit is still an valid option and will be for years to come - we have hundreds of thousands of systems deployed with it. *If* however you want to go for full-scale/future-proof design, either go with ASR 1k or ASR 9901 (both of which run 64b code, IOS-XE and IOS XR now). And refurbished is only good if you don’t need official service & support. -- Łukasz Bromirski CCIE R&S/SP #15929, CCDE #2012::17, PGP Key ID: 0xFD077F6A ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] Cisco ASR1000 Info..
On 10/31/2019 2:04 PM, Gert Doering wrote: Hi, Actually I'm amazed at all the newfangled gear which promises to do everything and then fails at essentials that *my 6500s* have been doing well from day 1... I have really loved my 65xx's and 7600's that I have had, and my 7606 is running to this very day, passing many bits very happily. OTOH, my 6500s are really falling apart, and we're fairly busy getting rid of them (replacing the switch layer with Arista Trident2+/3 MLAG pairs, routing for "things without ACLs" on there as well, routing for "things with ACLs" yet undecided)... BGP currently goes to ASR9001s, but the lack of ports and the price insanity of ASR9901 make me look at MX204 and Arista Jericho gear... I had a few tell me to look at the 9901, but agree it's far to rich for my blood, we are just small fry's running in a handful of racks, so I have a hard time justifying a 100K for a router. So do you feel that the ASR9001 would be a good choice for the next 5 years or so, and if I am correct on the 9001 I think the licensing is all there from the start, so it should just play? I think the only thing that made me blink at the unit, is I only saw dual power supplies, granted it's a rare day you see the processors drop over. I really like my ASR9001s, but the Cisco BU and OS confusion does not really make me confident that this is the company I want to trust for the next 15+ years... (unlike the 6500s that really *really* served us well for a lng time). As I mentioned in my prior message to Mark, I even brought up the option of a Juniper, the MX240's seem to be reasonable, but a great many on the Juniper list no less warned me to be cautious and said if I wanted to consider JunOS I best have a unit to lab with for a while first. That and list with so many other vendors, the licensing looked every bit as much of a pain in the backside. So after all that I went back to looking at the ASR1006 and ASR9001 for my task. As I also mentioned in my prior message back to the list, I really just need a good BGP speaker with capacity for a few million IPv4/IPv6 routes, so I am not fork-lifting it out in a years time. I also need say 8 10GE ports to connect to my upstreams, peers, and the rest of my internal network.. gert --- Howard Leadmon PBW Communications, LLC http://www.pbwcomm.com ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] Cisco ASR1000 Info..
On 10/31/2019 12:39 PM, Mark Tinka wrote: If I'm honest, the ASR1000 is not a platform I'd spend money on, going forward. Especially if you are not looking to run any non-Ethernet line cards. Focus on the MX and ASR9000, I'd say. Mark. Understood, and if my poor 7606 wasn't running out of TCAM I could continue to run with it for years to come. I looked at the ASR9001, but I see all the grumblings about it being only 32bit, and the 9901 is just way to damn expensive for my blood, that much I know. I was debating between the 1006/RP2 and the 9001 units, and it looked like the 1006 would be good old IOS like I am used to, not that I couldn't adjust, and had lots of redundancy available with redundant RP's and ESP's. I also mentioned looking at Juniper on their list, and man did many come back telling me that JunOS could be a nightmare with commands changing from release to release, and that if I wasn't used to JunOS already (which I am not) that it would drive me batty. I guess in short I need a unit that can handle 2-3 full BGP feeds, and also a bunch of peers at Equinix, and on top of that I need like 6-8 10GE interfaces on the router, as I can pass off most traffic to another access switch to all of the local hardware in the racks. Outside of that I need some VLAN trunks and life in general is good.. --- Howard Leadmon - PBW Communications, LLC http://www.pbwcomm.com ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] Cisco 4000 series (4461) as a BGP router?
Lukasz, > That’s true of course. 9901 would be better entry-level choice with > years in front of it. I find that the 9901 being entry level is quite high. There is the 120Gbps license but the device itself is quite heavy and large and the power consumption more than the 9001. I think the success of the ASR920 shows that small size and low power usage are highly valued. I would love to see a smaller option - just a single NPU, maybe 1RU, and half the power usage. This would give a much more fitting entry level model and allow users to push out the ASR99xx 64bit xr model to smaller sites where the ASR9901 is just too big . Thanks Ivan ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] Cisco ASR1000 Info..
Hi, On Thu, Oct 31, 2019 at 06:39:32PM +0200, Mark Tinka wrote: > On 31/Oct/19 15:20, Howard Leadmon wrote: > > OK, maybe I am just losing my mind, but the more I look at > > information on the ASR's the more confusing it gets, what happened to > > the good old 6500/7600 days.. > > Oh gosh, now you're going to set Gert off. He has been a happy camper > these past few years, even Oliver took a break :-). Hear hear :-) Actually I'm amazed at all the newfangled gear which promises to do everything and then fails at essentials that *my 6500s* have been doing well from day 1... Like, Aristas Jericho boxes that have no egress counters on SVIs. Like, insanely small amount of ACL TCAM in Broadcom Trident: Like, ASR9001s that have only limited support for ACLs on SVIs. OTOH, my 6500s are really falling apart, and we're fairly busy getting rid of them (replacing the switch layer with Arista Trident2+/3 MLAG pairs, routing for "things without ACLs" on there as well, routing for "things with ACLs" yet undecided)... BGP currently goes to ASR9001s, but the lack of ports and the price insanity of ASR9901 make me look at MX204 and Arista Jericho gear... I really like my ASR9001s, but the Cisco BU and OS confusion does not really make me confident that this is the company I want to trust for the next 15+ years... (unlike the 6500s that really *really* served us well for a lng time). gert -- "If was one thing all people took for granted, was conviction that if you feed honest figures into a computer, honest figures come out. Never doubted it myself till I met a computer with a sense of humor." Robert A. Heinlein, The Moon is a Harsh Mistress Gert Doering - Munich, Germany g...@greenie.muc.de signature.asc Description: PGP signature ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] Cisco ASR1000 Info..
On 31/Oct/19 15:20, Howard Leadmon wrote: > > OK, maybe I am just losing my mind, but the more I look at > information on the ASR's the more confusing it gets, what happened to > the good old 6500/7600 days.. Oh gosh, now you're going to set Gert off. He has been a happy camper these past few years, even Oliver took a break :-). > Now here is where it gets confusing for me, and I don't want to spend > a pile of money on a new router just to find out it was wasted and > won't work. I see talk of perpetual licenses, flex licenses, honor > licenses, and the latest I found was something about macsec licenses > per port. I am really looking for simple, I want to configure the > box, put it in service, and just have it work, without having to worry > about phone home's, renewal fees and anything else that can sneak up > and bite me. The last time I spent any mental resources on figuring our licenses on the ASR1000 was when the only one at the time was whether the forwarding plane is doing 2.5Gbps, 5Gbps or 10Gbps. When Cisco refreshed the line, it became too costly compared to the Juniper MX options. So what we bought in 2014 is what we still have today (ASR1002-X, ASR1006). No major traffic running through any of these, so the only relevant ASR platform in our network is the 920, which is different from what you need. What I'm trying to say is, you might want to call your SE. You'll get good feedback from this group, but to avoid anything else sneaking up on and biting you, talk to your SE. > > I did want redundancy like we had in our old 7600's, so why I figured > the ASR1006 might be a good fit, with hardware redundancy, and > supporting a lot more routes, plus it seems from what I have read that > IOS-XE is very much like IOS which I am quite used to at this time. > If anyone has any suggestions, or can share any experiences, so I > don't waste good money on something useless it would sure be > appreciated.. If I'm honest, the ASR1000 is not a platform I'd spend money on, going forward. Especially if you are not looking to run any non-Ethernet line cards. Focus on the MX and ASR9000, I'd say. Mark. ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] Granularity for BFD in CoPP policy
If "echo" is used, I think you might need something like the following, replicating the ACEs exactly on each side. // permit udp eq 3784 permit udp eq 3785 permit udp eq 3784 permit udp eq 3785 permit udp eq 3784 permit udp eq 3785 permit udp eq 3784 permit udp eq 3785 // On Thu, Oct 31, 2019 at 11:42 AM Drew Weaver wrote: > Howdy! > > I have noticed that if I put: > > permit udp any any eq 3784 > permit udp any any eq 3785 > > Into a CoPP policy, this makes BFD function between two systems. > > If I try to get specific and use the source and destination addresses of > the two systems BFD flaps wildly. > > I would assume, most likely foolishly that the NeighAddr listed in 'sh bfd > nei' would be the source IP of the BFD packets but it appears that I am > mistaken. > > Any ideas? > ___ > cisco-nsp mailing list cisco-nsp@puck.nether.net > https://puck.nether.net/mailman/listinfo/cisco-nsp > archive at http://puck.nether.net/pipermail/cisco-nsp/ > ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] Cisco 4000 series (4461) as a BGP router?
On 31/Oct/19 17:05, Tom Hill wrote: > > > Notably I was buying <10 devices. My buying power was invariably a lot > lower than that of many others at the time. Even then. We started off with Arista buying 4x core switches. We've since upped that to a much larger order in recent years. Little has changed in how they price support, but they are coming around. Mark. ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
[c-nsp] Granularity for BFD in CoPP policy
Howdy! I have noticed that if I put: permit udp any any eq 3784 permit udp any any eq 3785 Into a CoPP policy, this makes BFD function between two systems. If I try to get specific and use the source and destination addresses of the two systems BFD flaps wildly. I would assume, most likely foolishly that the NeighAddr listed in 'sh bfd nei' would be the source IP of the BFD packets but it appears that I am mistaken. Any ideas? ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] Cisco 4000 series (4461) as a BGP router?
On 31/10/2019 11:40, Mark Tinka wrote: > Might have been a case of the times. We don't see this as an issue today. Notably I was buying <10 devices. My buying power was invariably a lot lower than that of many others at the time. -- Tom ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
[c-nsp] Cisco ASR1000 Info..
OK, maybe I am just losing my mind, but the more I look at information on the ASR's the more confusing it gets, what happened to the good old 6500/7600 days.. We are a small shop, but have multiple transit points as well as peerings at Equinix, so need a router that will happily talk BGP all day. I was looking at picking up an ASR1006/RP2 from someone, but wanted to make sure it would all work, and the more I look at the licensing, the more confused I get, and no I can't honestly afford to run out and buy a new one. I was going to pick up a handful of SIP40's and 10GE ports to tie it to our upstream's and internal network. Now here is where it gets confusing for me, and I don't want to spend a pile of money on a new router just to find out it was wasted and won't work. I see talk of perpetual licenses, flex licenses, honor licenses, and the latest I found was something about macsec licenses per port. I am really looking for simple, I want to configure the box, put it in service, and just have it work, without having to worry about phone home's, renewal fees and anything else that can sneak up and bite me. I did want redundancy like we had in our old 7600's, so why I figured the ASR1006 might be a good fit, with hardware redundancy, and supporting a lot more routes, plus it seems from what I have read that IOS-XE is very much like IOS which I am quite used to at this time. If anyone has any suggestions, or can share any experiences, so I don't waste good money on something useless it would sure be appreciated.. --- Howard Leadmon PBW Communications, LLC http://www.pbwcomm.com ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] Cisco 4000 series (4461) as a BGP router?
On 31/Oct/19 13:30, Tom Hill wrote: > > When I last looked at this, several years ago, the cost of support for > the Juniper MX (in this case, MX480) was ridiculous next to the cost of > the hardware. It amounted to paying a lunatic amount for the hardware, > but with a deposit and three instalments. Might have been a case of the times. We don't see this as an issue today. We are, however, seeing these from Arista. Mark. ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] Cisco 4000 series (4461) as a BGP router?
On Thu, 31 Oct 2019 at 13:31, Tom Hill wrote: > When I last looked at this, several years ago, the cost of support for > the Juniper MX (in this case, MX480) was ridiculous next to the cost of > the hardware. It amounted to paying a lunatic amount for the hardware, > but with a deposit and three instalments. This seems quite random, market/timing dependent what kind of OPEX vendors are offering. But yes, sometimes it feels we're leasing the equipment. -- ++ytti ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] Cisco 4000 series (4461) as a BGP router?
On 29/10/2019 11:41, Saku Ytti wrote: > I hear a lot of people buying MX204 for 15k and less, when they buy a > single unit, unsure if loss leader to get people to try JNPR. When I last looked at this, several years ago, the cost of support for the Juniper MX (in this case, MX480) was ridiculous next to the cost of the hardware. It amounted to paying a lunatic amount for the hardware, but with a deposit and three instalments. Hence, I bought ASR9k instead. Overall it was cheaper. The TCO of the 204 might be better; that wasn't available at the time. -- Tom ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/