Re: [c-nsp] IPv6 Transition - IP/MPLS Backbone
The core bgp sessions from pe to pe don't look right. router bgp 6501 neighbor 10.10.10.2 remote-as 6500 neighbor 10.10.10.2 update-source GigabitEthernet1/18 it seems like you don't have any core pe-to-pe neighbors. Also, I don't think you need ipv6 neighbors in the core pe-to-pe in order to support 6vpe. I think you only really need ipv4 bgp sessions to FIRST support vpnv4 then on top of that, turn on the vpnv6 address family, and that's all I think you need in core pe-p-pe to prep the mpls cloud. THEN, you focus on the pe-ce stuff. Which is the native ipv6 stuff, and pe-ce routing protocols which are all vrf specific on the PE. And then on the CE you really don't need vrf specific configs, but rather, vanilla routing configurations. That's how I understand it Aaron From: Ahmed Hilmy [mailto:hilmy...@gmail.com] Sent: Sunday, May 19, 2013 3:49 PM To: Aaron Cc: Harold 'Buz' Dale; cisco-nsp@puck.nether.net; aaron.go...@gvtc.net Subject: Re: [c-nsp] IPv6 Transition - IP/MPLS Backbone Hello Aaron, I hope you are doing great. I am working on IPv6 deployment. i am trying to configure my PE as a dual-stack toward CE, i have already establish EBGPv4 session with my customer.both PE end CE are dual-stack I have set ipv4 and ipv6 address on the interface( directly connected to CE ). i enabled ipv6 unicast-routing i enabled mls ipv6 vrf I enabled vrf and upgrade to vrf-cli i have tried with 6PE and 6VPE but i was failed. So, here are my questions: 1- if PE and CE are dual-stack, so i have to use 6VPE, right ? at CE side what is the required configuration ? 2- IOS version is 12.2(33) SRD3 - 7606- SUP720 , is it supported for Dual-Stack ? 3- at PE toward CE, shall i configure address-family ipv6 or vpn ipv6 or ipv6 vrf ? at CE only ipv6 ? 4- my Topology is like this CE---PE-IGW .Would you please guide me in that .. = At PE: === vrf definition IPv6 rd 6500:1 ! address-family ipv4 route-target export 6500:1 route-target import 6500:1 exit-address-family ! address-family ipv6 route-target export 6500:1 route-target import 6500:1 exit-address-family = interface GigabitEthernet1/18 description IPv6-test vrf forwarding IPv6 ip address 10.10.10.1 255.255.255.0 ipv6 address 2A03:4700:::0:1/64 == router bgp 6501 neighbor 10.10.10.2 remote-as 6500 neighbor 10.10.10.2 update-source GigabitEthernet1/18 neighbor 2A03:4700:::0:2 remote-as 6500 neighbor 2A03:4700:::0:2 update-source GigabitEthernet1/18 address-family ipv4 vrf IPv6 no synchronization neighbor 10.10.10.2 remote-as 6500 neighbor 10.10.10.2 activate exit-address-family ! address-family ipv6 vrf IPv6 no synchronization neighbor 2A03:4700:::0:2 remote-as 6500 neighbor 2A03:4700:::0:2 activate exit-address-family == Thanks On Tue, Apr 16, 2013 at 9:58 PM, Aaron aar...@gvtc.com wrote: It was in my live network, later I removed it for preferring L3VPN vice L2VPN. I think on the route reflector the thing(s) you need to do is add vpnv6 to global bgp and to the neighbor session..neighbor session will bounce when you activate another address family to a pre-existing neighbor..it's quick as I recall, loose a couple pings and that's it Aaron From: Ahmed Hilmy [mailto:hilmy...@gmail.com] Sent: Tuesday, April 16, 2013 1:47 PM To: Aaron Cc: Harold 'Buz' Dale; cisco-nsp@puck.nether.net; aaron.go...@gvtc.net Subject: Re: [c-nsp] IPv6 Transition - IP/MPLS Backbone Hello Aaron, That is great and so happy to hear that, is it real deployment at your live network ? MP-BGP between PE- Route Reflector, shall i modify it to allow IPv6 packet to carry ? or only at PE to work as dual stack ? On Tue, Apr 16, 2013 at 12:19 AM, Aaron aar...@gvtc.com wrote: Sounds like a good use for 6VPE...as I understand it, I've had to do the following in my network to get 6vpe working... - enable local vrf ipv6 data structure which may include you upgrading the vrf cli to the vrf definition to support ipv6 - enable/activate vpnv6 neighbors within the MP-iBGP core...PE bgp neighbors or PE to Route Refelctor(s) - enable the ipv6 vrf within bgp - enable the pe-ce routing to be ipv6 capable - enable the ipv6 protocol stack in the interfaces facing CE ...i had to do nothing ipv6-related to my mpls/igp core routing environment. Nothing. I think that's nice thing about 6vpe is that providers don't have to do anything to the core in order to enable ipv6 over pre-existing ipv4 (vpvn4) mpls l3vpn's... When you are done, a traceroute from a client transiting the 6vpe mpls l3vpn will look like this... notice hops 2 and 3i think they are ipv6 compatible ipv6 addresses (but unsure about what they are called)...anyway, it shows the loopback router id of the mpls
Re: [c-nsp] copy config
ctrl+c, ctrl-v I only know copy and paste. I don't believe there is a command to do what you are asking. On Wed, May 8, 2013 at 4:47 AM, amir agha monito...@yahoo.com wrote: Hi list Is there any command/ command syntax to copy running configuration of one interface e.g interface serial1/0 onto another Interface e.g interface serial1/3. In switching we have an option of HSRP VRRP etc. Any help ?? ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/ ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] converting cmts from pure ip routing to mpls pe - uBR7246VXR
Mike/JF/et al, Thanks so much for the feedback regarding thisas a few of y'all mentioned, it seemed that it was an MTU issue. I was able to see a problem in the lab. using (2) pc's , one windows XP and one centos Linux, I was able to see that the Linux machine would not be able to surf the internet after moving the lab cmts from my legacy 10 gig switched network to me new mpls asr9k 10 gig network. it seems that default MTU 1514 (9k) was the problem, during the browsing problem from the Linux machine I was running wireshark sniffer and seeing a lot of icmp type 3 code 4 destination unreachable/fragmentation needed. I changed it from 1514 on asr9k to 1518 and then the Linux web browsing problem goes away and I see no more icmp fragmentation needed messages. (well, actually I had to tell ospf to ignore mtu since I only change physical interface mtu on one side) I then changed it to our more standard jumbo frame setting in our network to 9216 and is still good. (I then did this on both ends of link cmts (vanilla ios 9202 and asr9k ios xr 9216 and then removed ospf ignore mtu) I then proceeded to throw operational cmts during maintenance window and it went great! We've been running good for 5 days now. A question is why didn't this present a problem with a cmts connected to an me3600x ? I didn't have to do any mtu changes on that one and it worked fine. I left me3600 interface at 1500 and I've heard of no customer complaints on that cmts Aaron -Original Message- From: jean-francois.d...@videotron.com [mailto:jean-francois.d...@videotron.com] Sent: Monday, April 01, 2013 5:20 PM To: aar...@gvtc.com Cc: cisco-nsp@puck.nether.net Subject: Re: [c-nsp] converting cmts from pure ip routing to mpls pe - uBR7246VXR Hi Aaron, If you were already using MTU above 1508 for your CMTS to ME3600 links than you would not need to change anything. The issue with CMTS to ASR9K only exist if you have configured the very same MTU on both sides. You need to check that your IOS-XR MTU is equal to your IOS MTU + 14 bytes. (You need two 4-bytes labels for MPLS VPN so if you are using Ethernet your IOS MTU should be 1508 at least) Cheers, JF De :aar...@gvtc.com A : Jean-Francois Dube jean-francois.d...@videotron.com, Cc :cisco-nsp@puck.nether.net Date : 2013-03-29 15:21 Objet : Re: [c-nsp] converting cmts from pure ip routing to mpls pe - uBR7246VXR Thanks JF, is there a reason why this would be required for CMTS to asr9k, but not required for CMTS to me3600x ? My CMTS PE to me3600 p is running fine, I didn't make any Mtu changes there. Aaron - Original Message - From: Jean-Francois Dube jean-francois.d...@videotron.com To: cisco-nsp@puck.nether.net Sent: Fri, 29 Mar 2013 09:18:33 -0400 (EDT) Subject: Re: [c-nsp] converting cmts from pure ip routing to mpls pe - uBR7246VXR Hi Aaron, It sounds like you may be having MTU issue. At least that is my experience when you can ping and only browse some websites. Your CMTS is running IOS and your ASR9K is running IOS-XR. In IOS-XR you need to account for the L2 header of 14 bytes so the default MTU is 1514. If you are running MPLS you'll need to increase the MTU even higher to account for the extra headers/labels. That means your CMTS interfaces should be using something like 1516 and your ASR9K would be 1530. Cheers, JF Jean-François Dubé Technicien, Opérations Réseau IP Ingénierie Exploitation des Réseaux Vidéotron cisco-nsp-boun...@puck.nether.net a écrit sur 2013-03-28 15:24:42 : De : Aaron aar...@gvtc.com A : cisco-nsp@puck.nether.net, Date : 2013-03-28 15:31 Objet : [c-nsp] converting cmts from pure ip routing to mpls pe - uBR7246VXR Envoyé par : cisco-nsp-boun...@puck.nether.net I have (5) cmts's (uBR7246VXR) ..4 operational and 1 in lab for testing. We have a new mpls network comprised of asr901's, me3600's and asr9k's functioning as p's and pe's. I wanted to move my cmts's off my traditional routed/switched network to my new mpls network. I wanted to have cmts's function as pe's so as to potentially take advantage of the mpls LxVPN's I successfully converted one of my cmts's to pe and it's running nicely, uplinked into p box (me3600). What I did was basically convert wan uplink to mpls, remove igp and replace with core mpls network igp process, and then bring up the expected mp-ibgp and vrf stuff, and then convert all those traditional routing interfaces and services (ntp, logging, aaa and tacacs) to be vrf based..works. Now for the second cmts that I wanted to convert to pe, I've tried twice now and have seen similar strange behavior. wan uplink utilization drops to about 50% of what was previously seen before change..cpu utilization drops from 30-40% utilization to about 0-10%given those observations on the first attempt last week, I left it that way, thinking not too much of it as it was 2:30 a.m. in the morning and was thinking that low
Re: [c-nsp] ipsla - latency - related to cellular backhaul
Thanks Adam, sh lpts pifib hardware police location 0/0/cpu0 shows all 0's in the drop column, but at the bottom it shows... RP/0/RSP0/CPU0:9k#sh lpts pifib hardware police location 0/0/cpu0 | in drop Mon Apr 29 08:22:55.180 CDT Packets dropped by deleted entries: 71429 ...any idea what that is ? Aaron -Original Message- From: Adam Vitkovsky [mailto:adam.vitkov...@swan.sk] Sent: Monday, April 29, 2013 3:31 AM To: 'Aaron'; cisco-nsp@puck.nether.net Subject: RE: [c-nsp] ipsla - latency - related to cellular backhaul Hi Aron, Well I believe that any type of active probe that has a responder at the other end is a valid (not necessarily dead accurate though) delay/jitter measurement approach. By a responder I mean a process that will time-stamp the probe-packet before and after processing allowing for processing delay elimination. And assuming the routers are well time-synced you can get accurate delay/jitter measurements. So this includes IP SLA as well as Y.1731 for CFM. So while you can use IP SLA between two (PE routers) PW endpoints you can use CFM between two of yours customer demarcation switches for L2VPNs. LPTS (Local Packet transport Service) it's like a routing process for the router itself directing which packet needs to go to which RSP or Line Card and can be used for per-line-card CoPP like functionality. As there's a default set of flows and their respectful policers specified you may need to adjust the value for let's say MPLS OAM in order to avoid drops in your PW pings. You can check for the drops using cmd: sh lpts pifib hardware police location 0/0/cpu0 you can adjust the values with: lpts pifib hardware police location 0/0/CPU0 flow mpls oam rate 500 -don't forget to do it per line-card adam -Original Message- From: cisco-nsp [mailto:cisco-nsp-boun...@puck.nether.net] On Behalf Of Aaron Sent: Thursday, April 25, 2013 7:02 PM To: cisco-nsp@puck.nether.net Subject: [c-nsp] ipsla - latency - related to cellular backhaul I have seen some latency (measured using ipsla icmp/udp/mpls pw pings) beyond my agreements with some of our cellular backhaul customers.. We are concerned that if/when they ask to see their sla measurements for their cell towers that we won't be looking very good Cisco Tac is telling me that pings of any type (icmp/udp/mpls pw) are not the way to truly measure the network and that I should be using CFM/OAM type stuff. I showed cisco tac a mpls pw ping test I did and it shows drops/time-outs occasionally (!!..!!!.! etc) Tac says that this drop and the latency seen using various ipsla pings is expected since all pings are treated less than everything else and could be getting policed by LPTS (I don't know what LPTS is) What do y'all think about all this? Aaron ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/ ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
[c-nsp] ipsla - latency - related to cellular backhaul
I have seen some latency (measured using ipsla icmp/udp/mpls pw pings) beyond my agreements with some of our cellular backhaul customers.. We are concerned that if/when they ask to see their sla measurements for their cell towers that we won't be looking very good Cisco Tac is telling me that pings of any type (icmp/udp/mpls pw) are not the way to truly measure the network and that I should be using CFM/OAM type stuff. I showed cisco tac a mpls pw ping test I did and it shows drops/time-outs occasionally (!!..!!!.! etc) Tac says that this drop and the latency seen using various ipsla pings is expected since all pings are treated less than everything else and could be getting policed by LPTS (I don't know what LPTS is) What do y'all think about all this? Aaron ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] BGP Signalled VPLS
Thanks Nick, Yeah I recall using no rd and no route targets with a vpls w/bd ad and ldp sig must have all worked with some automagic rd and rt thingy's Also my version of me3600 ios doesn't have bgp signaling possible, only ldp. I think a previous poster (waris maybe) mentioned that 15.3(2)S or something like that was required for bgp sig and that cisco is making a move towards more support for bgp sig. I was just exploring some of this in my me3600 with 15.2(4)S1 What is the difference in the 2 following things... ? l2 vfi and l2vpn context vfi ? Switch(config)#l2 vfi ? WORD VFI name Switch(config)#l2vpn vfi context vfi ? cr Why would I use one over the other? Aaron -Original Message- From: cisco-nsp [mailto:cisco-nsp-boun...@puck.nether.net] On Behalf Of Nick Ryce Sent: Thursday, April 25, 2013 3:15 PM To: cisco-nsp@puck.nether.net Subject: Re: [c-nsp] BGP Signalled VPLS Had a call with cisco tac and they managed to get it working by removing the RD. No idea why this resolved it. Now to try and get it to working with a juniper PE. Nick -- Nick Ryce Fluency Communications Ltd. e. n...@fluency.net.uk w. http://fluency.net.uk/ t. 0845 874 7000 On 16/04/2013 13:37, Nick Ryce n...@fluency.net.uk wrote: Hi, I have 2 x ME3600x running me360x-universalk9-mz.153-2.S and am looking to use the new VPLS BGP signalling functionality. I am using RSVP with the topology attached but I cannot get traffic to pass. Any ideas? Configs as below. Any help with debug commands would also be greatly appreciated. hostname PE1 ! ! ! no aaa new-model ip routing ! ! ! ! ip name-server 8.8.8.8 ! ! mpls traffic-eng tunnels l2vpn vfi context lab vpn id 512 autodiscovery bgp signaling bgp ve id 1 ve range 11 rd 172.16.1.1:512 route-target export 56595:512 route-target import 56595:512 ! vlan 512 name lab ! l2 router-id 172.16.1.1 ! ! ! interface Loopback0 ip address 172.16.1.1 255.255.255.255 ip ospf 1 area 0.0.0.0 ! interface Tunnel0 description PE1-to-PE2 ip unnumbered Loopback0 tunnel mode mpls traffic-eng tunnel destination 172.16.2.2 tunnel mpls traffic-eng priority 1 1 tunnel mpls traffic-eng path-option 1 dynamic ! interface Tunnel1 description PE1-toPE3 ip unnumbered Loopback0 tunnel mode mpls traffic-eng tunnel destination 172.16.3.3 tunnel mpls traffic-eng priority 1 1 tunnel mpls traffic-eng path-option 1 dynamic ! interface GigabitEthernet0/1 no switchport ip address 10.0.0.1 255.255.255.252 mpls traffic-eng tunnels ip rsvp bandwidth percent 100 ! interface GigabitEthernet0/2 switchport access vlan 512 ! router ospf 1 router-id 172.16.1.1 network 10.0.0.0 0.0.0.3 area 0.0.0.0 mpls traffic-eng router-id Loopback0 mpls traffic-eng area 0.0.0.0 ! router bgp 56595 bgp log-neighbor-changes bgp graceful-restart restart-time 120 bgp graceful-restart stalepath-time 360 bgp graceful-restart no bgp default ipv4-unicast neighbor 172.16.2.2 remote-as 56595 neighbor 172.16.2.2 update-source Loopback0 neighbor 172.16.3.3 remote-as 56595 neighbor 172.16.3.3 update-source Loopback0 ! address-family ipv4 neighbor 172.16.2.2 activate neighbor 172.16.2.2 send-community extended neighbor 172.16.3.3 activate neighbor 172.16.3.3 send-community extended exit-address-family ! address-family vpnv4 neighbor 172.16.2.2 activate neighbor 172.16.2.2 send-community extended neighbor 172.16.3.3 activate neighbor 172.16.3.3 send-community extended exit-address-family ! address-family l2vpn vpls neighbor 172.16.2.2 activate neighbor 172.16.2.2 send-community extended neighbor 172.16.2.2 prefix-length-size 2 neighbor 172.16.2.2 suppress-signaling-protocol ldp neighbor 172.16.3.3 activate neighbor 172.16.3.3 send-community extended neighbor 172.16.3.3 suppress-signaling-protocol ldp exit-address-family hostname PE3 ! ! ! no aaa new-model ip routing ! ! ! ! ip name-server 8.8.8.8 ipv6 multicast rpf use-bgp ! ! mpls traffic-eng tunnels l2vpn vfi context lab vpn id 512 autodiscovery bgp signaling bgp ve id 3 ve range 11 rd 172.16.3.3:512 route-target export 56595:512 route-target import 56595:512 vlan 512 name test ! ! ! ! interface Loopback0 ip address 172.16.3.3 255.255.255.255 ip ospf 1 area 0.0.0.0 ! interface Tunnel0 description PE3-to-PE2 ip unnumbered Loopback0 tunnel mode mpls traffic-eng tunnel destination 172.16.2.2 tunnel mpls traffic-eng priority 1 1 tunnel mpls traffic-eng path-option 1 dynamic ! interface Tunnel1 description PE3-to-PE1 ip unnumbered Loopback0 tunnel mode mpls traffic-eng tunnel destination 172.16.1.1 tunnel mpls traffic-eng priority 1 1 tunnel mpls traffic-eng path-option 1 dynamic ! interface GigabitEthernet0 ip address 46.226.1.178 255.255.255.248 speed auto duplex auto negotiation auto ! interface GigabitEthernet0/1 no switchport ip address 10.0.0.6 255.255.255.252 mpls traffic-eng tunnels ip rsvp bandwidth percent 100 ! interface GigabitEthernet0/2
Re: [c-nsp] BGP Signalled VPLS
How does bgp-vpls save the need for xstp when dual-homing a customer to multiple pe's ? ( I assume you mean vpls w/bgp ad w/bgp sig) How does ldp-vpls *not* save the need for xstp when dual-homing a customer to multiple pe's ? (based on previous assumption, this means vpls w/bgp ad w/ldp sig) Aaron -Original Message- From: Caillin Bathern [mailto:caill...@commtelns.com] Sent: Monday, April 22, 2013 7:57 PM To: Adam Vitkovsky; Nick Ryce; Aaron; Waris Sagheer (waris); cisco-nsp@puck.nether.net Subject: RE: [c-nsp] BGP Signalled VPLS VPLS multihoming is the major up-shot of BGP-VPLS in my opinion. Saves the need for xSTP within your network when dual-homing a customer to multiple PEs which makes everybody happy. Caillin -Original Message- From: cisco-nsp [mailto:cisco-nsp-boun...@puck.nether.net] On Behalf Of Adam Vitkovsky Sent: Tuesday, 23 April 2013 12:36 AM To: 'Nick Ryce'; 'Aaron'; 'Waris Sagheer (waris)'; cisco-nsp@puck.nether.net Subject: Re: [c-nsp] BGP Signalled VPLS While we are on the topic what do you folks think about BGP signaled VPLS please? While I would prefer BGP in favor of LDP signaling as I believe it saves control plane overhead (1 BGP session VS n-1 LDP sessions), I have heard a valid objection as to why to run yet another functionality/feature (not tested by majority of operators) when the reliable and stable LDP functionality is enabled already anyways (for p2p PWs and base MPLS). adam -Original Message- From: cisco-nsp [mailto:cisco-nsp-boun...@puck.nether.net] On Behalf Of Nick Ryce Sent: Monday, April 22, 2013 3:48 PM To: Aaron; 'Waris Sagheer (waris)'; cisco-nsp@puck.nether.net Subject: Re: [c-nsp] BGP Signalled VPLS Hi Aaron, The VE ID etc is for BGP signalling. Nick -- Nick Ryce Fluency Communications Ltd. e. n...@fluency.net.uk w. http://fluency.net.uk/ t. 0845 874 7000 From: Aaron aar...@gvtc.commailto:aar...@gvtc.com Date: Monday, 22 April 2013 14:28 To: 'Waris Sagheer (waris)' wa...@cisco.commailto:wa...@cisco.com, Nick Ryce n...@fluency.net.ukmailto:n...@fluency.net.uk, cisco-nsp@puck.nether.netmailto:cisco-nsp@puck.nether.net cisco-nsp@puck.nether.netmailto:cisco-nsp@puck.nether.net Subject: RE: [c-nsp] BGP Signalled VPLS I ran vpls w/bgp ad w/ldg sig between (2) asr9k's and (4) me3600's and I didn't have to use ve id nor ve range.. Is there something I would miss out on without using ve id or ve range? Also, is there a default value associated with ve id or ve range that was enacted in the absence of my not explicitly configuring it ? Waris, if the VE ID is for unique PE VPLS Edge ID assignment, would that mean that my configuration without the ve id configured would have duplicate VE ID's per PE? Or maybe there is a autoassignment thing that occurs. Perhaps I'll set it up again and see what happens, as I mentioned previously I had removed my vpls architecture for l3vpn preference. Aaron From: Waris Sagheer (waris) [mailto:wa...@cisco.com] Sent: Sunday, April 21, 2013 10:10 PM To: Nick Ryce; Aaron; cisco-nsp@puck.nether.netmailto:cisco-nsp@puck.nether.net Subject: Re: [c-nsp] BGP Signalled VPLS All PEs within a given VPLS are assigned a unique VPLS Edge device ID (VE ID). Nick is right about BGP NLRI, VPLS BGP NLRI (RFC 4761) AFI = 25 (L2VPN) SAFI = 65 (VPLS) VE ID VE Block Offset (VBO) VE Block Size (VBS) Label Base (LB) Best Regards, [http://www.cisco.com/web/europe/images/email/signature/horizontal06.jpg ] Waris Sagheer Technical Marketing Manager Service Provider Access Group wa...@cisco.commailto:wa...@cisco.com Phone: +1 408 853 6682 Mobile: +1 408 835 1389 CCIE - 19901 [Think before you print.] Think before you print. This email may contain confidential and privileged material for the sole use of the intended recipient. Any review, use, distribution or disclosure by others is strictly prohibited. If you are not the intended recipient (or authorized to receive for the recipient), please contact the sender by reply email and delete all copies of this message. For corporate legal information go to: http://www.cisco.com/web/about/doing_business/legal/cri/index.html . From: Nick Ryce n...@fluency.net.ukmailto:n...@fluency.net.uk Date: Tuesday, April 16, 2013 7:52 AM To: aar...@gvtc.commailto:aar...@gvtc.com aar...@gvtc.commailto:aar...@gvtc.com, cisco-nsp@puck.nether.netmailto:cisco-nsp@puck.nether.net cisco-nsp@puck.nether.netmailto:cisco-nsp@puck.nether.net Subject: Re: [c-nsp] BGP Signalled VPLS Its part for the BGP L2VPN NLRI as far as I'm aware. -- Nick Ryce Fluency Communications Ltd. e. n...@fluency.net.ukmailto:n...@fluency.net.uk w. http://fluency.net.uk/ t. 0845 874 7000 On 16/04/2013 15:50, Aaron aar...@gvtc.commailto:aar...@gvtc.com wrote: Anyone know what and why to use this ve stuff? I didn't use it during my vpls (ios-ioxr) trial run in my network and never understood what it was for... ve id 1 ve range 11 Aaron -Original Message- From: cisco-nsp [mailto:cisco-nsp
Re: [c-nsp] BGP Signalled VPLS
Since Adam brought it up (PBB EVPN), incase y'all didn't know and are interested, I rcv'd this free webinar invite and thought I'd pass it on... I don't know much about evpn and pbb... ** http://tools.cisco.com/gems/cust/customerSite.do?METHOD=ELANGUAGE_ID=ESEMI NAR_CODE=S17931PRIORITY_CODE=000156077 This webinar presents a technical overview of Ethernet VPN (E-VPN) and Provider Backbone Bridging E-VPN (PBB-EVPN). These emerging solutions address the requirements of Carrier Ethernet and Data Center Interconnect market segments. Currently under standardization in the IETF, these technologies introduce advanced multi-homing options, support for multi-pathing and user-defined BGP policy capabilities to Ethernet L2VPNs.They also provide enhanced auto-discovery capabilities with low-touch provisioning and support for optimal unicast and multicast delivery. The webinar is intended for service providers or enterprises looking to deploy next generation L2VPN solutions for Carrier Ethernet or Data Center Interconnect services. This is a session that assumes familiarity with MPLS-based L2VPNs and BGP. Wednesday, April 24, 2013 11:00 a.m.-12:00 p.m. Eastern Time (GMT-5) 8:00 a.m.-9:00 a.m. Pacific Time (GMT-8) ** Aaron -Original Message- From: Adam Vitkovsky [mailto:adam.vitkov...@swan.sk] Sent: Tuesday, April 23, 2013 2:35 AM To: 'Caillin Bathern'; 'Nick Ryce'; 'Aaron'; 'Waris Sagheer (waris)'; cisco-nsp@puck.nether.net Subject: RE: [c-nsp] BGP Signalled VPLS Yes EVPN and especially PBB frontend to EVPN is a major leap in how we'll provide the L2VPN services. Hopefully it's going to support PIC Edge and Core soon. Though this setup is pretty new and I'm afraid I cannot afford to enable it for our production services yet. Anyways my question was regarding the old school VPLS as we all do it right now and LDP vs BGP signaling in particular. I'd like to find out which one do you folks prefer and why. adam -Original Message- From: Caillin Bathern [mailto:caill...@commtelns.com] Sent: Tuesday, April 23, 2013 2:57 AM To: Adam Vitkovsky; Nick Ryce; Aaron; Waris Sagheer (waris); cisco-nsp@puck.nether.net Subject: RE: [c-nsp] BGP Signalled VPLS VPLS multihoming is the major up-shot of BGP-VPLS in my opinion. Saves the need for xSTP within your network when dual-homing a customer to multiple PEs which makes everybody happy. Caillin ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] BGP Signalled VPLS
Well why didn't you just say so! Haha, Seriously, thanks a bunch bep. I'll begin reading up on this. Aaron -Original Message- From: Bruce Pinsky [mailto:b...@whack.org] Sent: Tuesday, April 23, 2013 12:19 PM To: Aaron Cc: 'Caillin Bathern'; cisco-nsp@puck.nether.net; adam.vitkov...@swan.sk; Saku Ytti Subject: Re: [c-nsp] BGP Signalled VPLS -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Aaron wrote: Thanks Caillin/Saku/Adam, this differentiation of VPLS LDP Sig compared to BGP Sig as it relates to loop prevention during redundant pe/ce at edge is of interest to me...(I actually had a l2 forwarding loop scare me to death and had to shut down backside c-to-c during maintenance window a few months ago)i walked away from that with a big question in my head as to how does customer spanning tree feed into the loop prevention of split horizon groups within a vpls as how pw forwarding treatment occurs...and I thought to myself , it probably doesn't... which has had me wondering about this for a few months BUT, now y'all mention that bgp signaled vpls as it relates to redundant pe/ce avoids this correct? I have adam's link, thanks adam, but does anyone have more links related to understanding all that? Adam's implementation link http://www.cisco.com/en/US/docs/routers/asr9000/software/asr9k_r4.3/lx vpn/co nfiguration/guide/lesc43pbb.html#wp1183684 By the selection of a Designated Forwarder via the Ethernet AD route advertisement and the use of a split-horizon label appended to multi-destination packets. - -- = bep -BEGIN PGP SIGNATURE- Version: GnuPG v2.0.17 (MingW32) Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/ iEYEARECAAYFAlF2wpMACgkQE1XcgMgrtybrjQCePMQp1veqynrm8qcWlfqcz325 vZcAoJRF1aOQb7Iz/1qsMN4fyMRm+G9u =IsdS -END PGP SIGNATURE- ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] BGP Signalled VPLS
I ran vpls w/bgp ad w/ldg sig between (2) asr9k's and (4) me3600's and I didn't have to use ve id nor ve range.. Is there something I would miss out on without using ve id or ve range? Also, is there a default value associated with ve id or ve range that was enacted in the absence of my not explicitly configuring it ? Waris, if the VE ID is for unique PE VPLS Edge ID assignment, would that mean that my configuration without the ve id configured would have duplicate VE ID's per PE? Or maybe there is a autoassignment thing that occurs. Perhaps I'll set it up again and see what happens, as I mentioned previously I had removed my vpls architecture for l3vpn preference. Aaron From: Waris Sagheer (waris) [mailto:wa...@cisco.com] Sent: Sunday, April 21, 2013 10:10 PM To: Nick Ryce; Aaron; cisco-nsp@puck.nether.net Subject: Re: [c-nsp] BGP Signalled VPLS All PEs within a given VPLS are assigned a unique VPLS Edge device ID (VE ID). Nick is right about BGP NLRI, VPLS BGP NLRI (RFC 4761) AFI = 25 (L2VPN) SAFI = 65 (VPLS) VE ID VE Block Offset (VBO) VE Block Size (VBS) Label Base (LB) Best Regards, http://www.cisco.com/web/europe/images/email/signature/horizontal06.jpg Waris Sagheer Technical Marketing Manager Service Provider Access Group mailto:wa...@cisco.com wa...@cisco.com Phone: +1 408 853 6682 Mobile: +1 408 835 1389 CCIE - 19901 Think before you print. http://www.cisco.com/global/EMEA/brand/signature/capital/green.gif Think before you print. This email may contain confidential and privileged material for the sole use of the intended recipient. Any review, use, distribution or disclosure by others is strictly prohibited. If you are not the intended recipient (or authorized to receive for the recipient), please contact the sender by reply email and delete all copies of this message. For corporate legal information go to: http://www.cisco.com/web/about/doing_business/legal/cri/index.html http://www.cisco.com/web/about/doing_business/legal/cri/index.html . From: Nick Ryce n...@fluency.net.uk Date: Tuesday, April 16, 2013 7:52 AM To: aar...@gvtc.com aar...@gvtc.com, cisco-nsp@puck.nether.net cisco-nsp@puck.nether.net Subject: Re: [c-nsp] BGP Signalled VPLS Its part for the BGP L2VPN NLRI as far as I'm aware. -- Nick Ryce Fluency Communications Ltd. e. n...@fluency.net.uk w. http://fluency.net.uk/ t. 0845 874 7000 On 16/04/2013 15:50, Aaron aar...@gvtc.com wrote: Anyone know what and why to use this ve stuff? I didn't use it during my vpls (ios-ioxr) trial run in my network and never understood what it was for... ve id 1 ve range 11 Aaron -Original Message- From: cisco-nsp [mailto:cisco-nsp-boun...@puck.nether.net] On Behalf Of Nick Ryce Sent: Tuesday, April 16, 2013 7:41 AM To: Nick Ryce; cisco-nsp@puck.nether.net Subject: Re: [c-nsp] BGP Signalled VPLS Apologies the attachment has went through. ASCII art as below PE1---PE2PE3 PE1 and PE3 are ME3600's and PE2 is a Juniper SRX. From PE2 labels are being pushed/popped correctly. Nick On 16/04/2013 13:37, Nick Ryce n...@fluency.net.uk wrote: Hi, I have 2 x ME3600x running me360x-universalk9-mz.153-2.S and am looking to use the new VPLS BGP signalling functionality. I am using RSVP with the topology attached but I cannot get traffic to pass. Any ideas? Configs as below. Any help with debug commands would also be greatly appreciated. hostname PE1 ! ! ! no aaa new-model ip routing ! ! ! ! ip name-server 8.8.8.8 ! ! mpls traffic-eng tunnels l2vpn vfi context lab vpn id 512 autodiscovery bgp signaling bgp ve id 1 ve range 11 rd 172.16.1.1:512 route-target export 56595:512 route-target import 56595:512 ! vlan 512 name lab ! l2 router-id 172.16.1.1 ! ! ! interface Loopback0 ip address 172.16.1.1 255.255.255.255 ip ospf 1 area 0.0.0.0 ! interface Tunnel0 description PE1-to-PE2 ip unnumbered Loopback0 tunnel mode mpls traffic-eng tunnel destination 172.16.2.2 tunnel mpls traffic-eng priority 1 1 tunnel mpls traffic-eng path-option 1 dynamic ! interface Tunnel1 description PE1-toPE3 ip unnumbered Loopback0 tunnel mode mpls traffic-eng tunnel destination 172.16.3.3 tunnel mpls traffic-eng priority 1 1 tunnel mpls traffic-eng path-option 1 dynamic ! interface GigabitEthernet0/1 no switchport ip address 10.0.0.1 255.255.255.252 mpls traffic-eng tunnels ip rsvp bandwidth percent 100 ! interface GigabitEthernet0/2 switchport access vlan 512 ! router ospf 1 router-id 172.16.1.1 network 10.0.0.0 0.0.0.3 area 0.0.0.0 mpls traffic-eng router-id Loopback0 mpls traffic-eng area 0.0.0.0 ! router bgp 56595 bgp log-neighbor-changes bgp graceful-restart restart-time 120 bgp graceful-restart stalepath-time 360 bgp graceful-restart no bgp default ipv4-unicast neighbor
Re: [c-nsp] BGP Signalled VPLS
Ahhh, thanks Nick, hence why my scenario using LDP Signaling didn't need it huh. Thanks for the clarification Aaron From: Nick Ryce [mailto:n...@fluency.net.uk] Sent: Monday, April 22, 2013 8:48 AM To: Aaron; 'Waris Sagheer (waris)'; cisco-nsp@puck.nether.net Subject: Re: [c-nsp] BGP Signalled VPLS Hi Aaron, The VE ID etc is for BGP signalling. Nick -- Nick Ryce Fluency Communications Ltd. e. n...@fluency.net.uk w. http://fluency.net.uk/ t. 0845 874 7000 ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] VPLS IOS IOS-XR
This is for VPLS w/BGP AD w/LDP Sig ME3600 and ASR9006... Aaron -- IOS (ME3600 I don't recall if it was 15.2 or 15.3) interface GigabitEthernet0/2 switchport trunk allowed vlan none switchport mode trunk service instance 1 ethernet encapsulation (whatever you wanna do) bridge-domain 100 interface Vlan100 no ip address xconnect vfi vpls1 l2 vfi vpls1 autodiscovery vpn id 100 router bgp 123 bgp router-id 1.1.1.1 bgp log-neighbor-changes no bgp default ipv4-unicast neighbor 1.1.1.2 remote-as 64512 neighbor 1.1.1.2 update-source Loopback0 address-family l2vpn vpls neighbor 1.1.1.2 activate neighbor 1.1.1.2 prefix-length-size 2 * I recall that the l2 vfi has some automatic route target imports/exports and some automatic rd behavior, perhaps taken from the bgp AS number and VPN ID... * I think I found that without this in IOS neighbor 1.1.1.2 prefix-length-size 2 you have issues with bgp session towards ios xr box... RP/0/RSP0/CPU0:9k#sh bgp l2 vpls neighbors 1.1.1.1 | be mal Mon Jan 7 15:54:00.672 CST Total malformed UPDATE 1206 Last malformed UPDATE 00:00:03 Error subcode 10, attribute code 0, action reset session Malformed UPDATE: 88 bytes (much more hex code here, intentionally removed) -- IOS XR (ASR9006 4.1.2) interface GigabitEthernet0/0/0/10.1 l2transport encapsulation (whatever you want) l2vpn bridge group gr1 bridge-domain bd1 interface GigabitEthernet0/0/0/10.1 ! vfi vf1 vpn-id 100 autodiscovery bgp rd auto route-target 64512:100 signaling-protocol ldp router bgp 64512 bgp router-id 1.1.1.2 address-family l2vpn vpls-vpws ! neighbor 1.1.1.1 remote-as 64512 update-source Loopback0 address-family l2vpn vpls-vpws -Original Message- From: cisco-nsp [mailto:cisco-nsp-boun...@puck.nether.net] On Behalf Of Mohammad Khalil Sent: Tuesday, April 16, 2013 1:44 AM To: Blake Dunlap Cc: cisco-nsp@puck.nether.net Subject: Re: [c-nsp] VPLS IOS IOS-XR Can you please share your experience ? Thanks From: iki...@gmail.com Date: Mon, 15 Apr 2013 19:37:25 -0500 Subject: Re: [c-nsp] VPLS IOS IOS-XR To: eng_m...@hotmail.com CC: cisco-nsp@puck.nether.net Yes. -Blake On Mon, Apr 15, 2013 at 7:04 PM, Mohammad Khalil eng_m...@hotmail.com wrote: Hi Have anyone tried VPLS between IOS and IOS-XR? Thanks ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/ ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/ ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] VPLS IOS IOS-XR
Trying to hide configs, I probably shouldn't have change this in my previous email regarding me3600 ios... router bgp 123 should be... router bgp 64512 Aaron -Original Message- From: Aaron [mailto:aar...@gvtc.com] Sent: Tuesday, April 16, 2013 9:33 AM To: 'Mohammad Khalil'; 'Blake Dunlap' Cc: 'cisco-nsp@puck.nether.net' Subject: RE: [c-nsp] VPLS IOS IOS-XR This is for VPLS w/BGP AD w/LDP Sig ME3600 and ASR9006... Aaron -- IOS (ME3600 I don't recall if it was 15.2 or 15.3) interface GigabitEthernet0/2 switchport trunk allowed vlan none switchport mode trunk service instance 1 ethernet encapsulation (whatever you wanna do) bridge-domain 100 interface Vlan100 no ip address xconnect vfi vpls1 l2 vfi vpls1 autodiscovery vpn id 100 router bgp 123 bgp router-id 1.1.1.1 bgp log-neighbor-changes no bgp default ipv4-unicast neighbor 1.1.1.2 remote-as 64512 neighbor 1.1.1.2 update-source Loopback0 address-family l2vpn vpls neighbor 1.1.1.2 activate neighbor 1.1.1.2 prefix-length-size 2 * I recall that the l2 vfi has some automatic route target imports/exports and some automatic rd behavior, perhaps taken from the bgp AS number and VPN ID... * I think I found that without this in IOS neighbor 1.1.1.2 prefix-length-size 2 you have issues with bgp session towards ios xr box... RP/0/RSP0/CPU0:9k#sh bgp l2 vpls neighbors 1.1.1.1 | be mal Mon Jan 7 15:54:00.672 CST Total malformed UPDATE 1206 Last malformed UPDATE 00:00:03 Error subcode 10, attribute code 0, action reset session Malformed UPDATE: 88 bytes (much more hex code here, intentionally removed) -- IOS XR (ASR9006 4.1.2) interface GigabitEthernet0/0/0/10.1 l2transport encapsulation (whatever you want) l2vpn bridge group gr1 bridge-domain bd1 interface GigabitEthernet0/0/0/10.1 ! vfi vf1 vpn-id 100 autodiscovery bgp rd auto route-target 64512:100 signaling-protocol ldp router bgp 64512 bgp router-id 1.1.1.2 address-family l2vpn vpls-vpws ! neighbor 1.1.1.1 remote-as 64512 update-source Loopback0 address-family l2vpn vpls-vpws -Original Message- From: cisco-nsp [mailto:cisco-nsp-boun...@puck.nether.net] On Behalf Of Mohammad Khalil Sent: Tuesday, April 16, 2013 1:44 AM To: Blake Dunlap Cc: cisco-nsp@puck.nether.net Subject: Re: [c-nsp] VPLS IOS IOS-XR Can you please share your experience ? Thanks From: iki...@gmail.com Date: Mon, 15 Apr 2013 19:37:25 -0500 Subject: Re: [c-nsp] VPLS IOS IOS-XR To: eng_m...@hotmail.com CC: cisco-nsp@puck.nether.net Yes. -Blake On Mon, Apr 15, 2013 at 7:04 PM, Mohammad Khalil eng_m...@hotmail.com wrote: Hi Have anyone tried VPLS between IOS and IOS-XR? Thanks ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/ ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/ ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] data center/mpls/vpls
Thanks for the warning on the 9000v We have thought about using it but aren't going to for the DC deployment. (it doesn't have the (11) 10gig interfaces we need to begin with) It always seemed attractive that it was advertised as a linecard in an asr9k with all the features that an asr9k/ios xr has to offer, but your commentary doesn't make me feel very good about it Jared, why do you say it's IOS ? If it's a linecard in an ASR9k wouldn't that make it IOS XR? Not sure what you mean by ios Also, off the top of your heard, are there problems with IOS XR 4.3.1 in ASR9k that I should be aware of ? Aaron p.s. hope y'all don't mind, I'm adding the list back to cc's, since this seems like good info for the community to benefit from. -Original Message- From: Jared Mauch [mailto:ja...@puck.nether.net] Sent: Tuesday, April 16, 2013 6:41 AM To: Gabor Szabo (gabszabo) Cc: Aaron; Oliver Garraux; Jeff Kell Subject: Re: [c-nsp] data center/mpls/vpls You might want to be careful with the 9000V. There are a number of interesting side-effects of it. It basically won't work right until you get to at least 4.3.1. They are missing a lot of things. It is also an IOS box, which means you get none of the benefits of IOS-XR. They hacked it together using TFTP and a VLAN tag. The inventory doesn't work right after 3 releases (4.2.2, 4.2.3, 4.3.0) and the software management on it is not under the ADMIN plane. Basically, another cisco half-solution, so use with caution. - Jared From: Mick O'Rourke [mailto:mkorou...@gmail.com] Sent: Tuesday, April 16, 2013 6:36 AM To: Gabor Szabo (gabszabo) Cc: Aaron; Oliver Garraux; Jeff Kell; cisco-nsp@puck.nether.net Subject: Re: [c-nsp] data center/mpls/vpls Wouldn't go near a 9000v it for a data centre deployment on AC power - no dual AC option. On Apr 16, 2013, at 7:14 AM, Gabor Szabo (gabszabo) gabsz...@cisco.com wrote: Hi Aaron, Have you checked the ASR9K nV Satellite feature with 9000v which can be placed physically as TOR device but works as a remote linecard for the ASR9K? You can have every service on satellite ports what you have on local interface of the ASR9K... It is generally not recommended / preferred architecture for hosting / complex DC (where the Nexus family is our strong preference) but can fit for collocation type of services... Regards, Gabor -Original Message- From: cisco-nsp [mailto:cisco-nsp-boun...@puck.nether.net] On Behalf Of Aaron Sent: Monday, April 15, 2013 10:27 PM To: 'Oliver Garraux'; 'Jeff Kell' Cc: cisco-nsp@puck.nether.net Subject: Re: [c-nsp] data center/mpls/vpls Thanks Oliver for the input, I'm planning on not doing L3 on whichever DC ToR switch I go with and simply doing the L3 on the uplinked ASR9006 Aaron -Original Message- From: cisco-nsp [mailto:cisco-nsp-boun...@puck.nether.net] On Behalf Of Oliver Garraux Sent: Monday, April 15, 2013 3:51 PM To: Jeff Kell Cc: cisco-nsp@puck.nether.net Subject: Re: [c-nsp] data center/mpls/vpls At a large enterprise, we're using them for L2 only. For a smallish virtualized hosting environment we're doing L3 with them. I think the people working on the hosting environment are happy with them. My concerns about L3 on the N5k are mostly about some of the limitations. Off the top of my head: - you can't do ISSU with L3 - it doesn't support PBR - since a port-channel is used internally to connect to the L3 module, you may not be able to effectively use 160 gbps for L3 - more limited # of FEX's supported when L3 is being used. I think they increased it though in some version of code, so this might be less of an issue today If you can live with the limitations, I think L3 on the N5K is probably OK. Not sure that its the best choice for L3 stuff though. Oliver - Oliver Garraux Check out my blog: blog.garraux.net Follow me on Twitter: twitter.com/olivergarraux On Mon, Apr 15, 2013 at 2:56 PM, Jeff Kell jeff-k...@utc.edu wrote: On 4/15/2013 2:07 AM, Andrew Miehs wrote: I would like a pair of top-of-rack devices that can mirror one another if possible too, like cisco's 6509-vss thing.or at least like nexus vpc (multichassis link aggregation/bundling) The Nexus 5Ks are pretty cheap and good if you only need L2. I'm still a Nexus virgin... so excuse my naive question... but... :) I've heard more than once that Nexus 5K is not quite ready for Layer-3 prime time, but I have also heard others swear by at (as opposed to swearing AT it). So what's the real scoop? Are you deploying N5K just for L2 and front-ending it with some other L3 device? Jeff ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/ ___ cisco-nsp mailing list
Re: [c-nsp] BGP Signalled VPLS
Anyone know what and why to use this ve stuff? I didn't use it during my vpls (ios-ioxr) trial run in my network and never understood what it was for... ve id 1 ve range 11 Aaron -Original Message- From: cisco-nsp [mailto:cisco-nsp-boun...@puck.nether.net] On Behalf Of Nick Ryce Sent: Tuesday, April 16, 2013 7:41 AM To: Nick Ryce; cisco-nsp@puck.nether.net Subject: Re: [c-nsp] BGP Signalled VPLS Apologies the attachment has went through. ASCII art as below PE1---PE2PE3 PE1 and PE3 are ME3600's and PE2 is a Juniper SRX. From PE2 labels are being pushed/popped correctly. Nick On 16/04/2013 13:37, Nick Ryce n...@fluency.net.uk wrote: Hi, I have 2 x ME3600x running me360x-universalk9-mz.153-2.S and am looking to use the new VPLS BGP signalling functionality. I am using RSVP with the topology attached but I cannot get traffic to pass. Any ideas? Configs as below. Any help with debug commands would also be greatly appreciated. hostname PE1 ! ! ! no aaa new-model ip routing ! ! ! ! ip name-server 8.8.8.8 ! ! mpls traffic-eng tunnels l2vpn vfi context lab vpn id 512 autodiscovery bgp signaling bgp ve id 1 ve range 11 rd 172.16.1.1:512 route-target export 56595:512 route-target import 56595:512 ! vlan 512 name lab ! l2 router-id 172.16.1.1 ! ! ! interface Loopback0 ip address 172.16.1.1 255.255.255.255 ip ospf 1 area 0.0.0.0 ! interface Tunnel0 description PE1-to-PE2 ip unnumbered Loopback0 tunnel mode mpls traffic-eng tunnel destination 172.16.2.2 tunnel mpls traffic-eng priority 1 1 tunnel mpls traffic-eng path-option 1 dynamic ! interface Tunnel1 description PE1-toPE3 ip unnumbered Loopback0 tunnel mode mpls traffic-eng tunnel destination 172.16.3.3 tunnel mpls traffic-eng priority 1 1 tunnel mpls traffic-eng path-option 1 dynamic ! interface GigabitEthernet0/1 no switchport ip address 10.0.0.1 255.255.255.252 mpls traffic-eng tunnels ip rsvp bandwidth percent 100 ! interface GigabitEthernet0/2 switchport access vlan 512 ! router ospf 1 router-id 172.16.1.1 network 10.0.0.0 0.0.0.3 area 0.0.0.0 mpls traffic-eng router-id Loopback0 mpls traffic-eng area 0.0.0.0 ! router bgp 56595 bgp log-neighbor-changes bgp graceful-restart restart-time 120 bgp graceful-restart stalepath-time 360 bgp graceful-restart no bgp default ipv4-unicast neighbor 172.16.2.2 remote-as 56595 neighbor 172.16.2.2 update-source Loopback0 neighbor 172.16.3.3 remote-as 56595 neighbor 172.16.3.3 update-source Loopback0 ! address-family ipv4 neighbor 172.16.2.2 activate neighbor 172.16.2.2 send-community extended neighbor 172.16.3.3 activate neighbor 172.16.3.3 send-community extended exit-address-family ! address-family vpnv4 neighbor 172.16.2.2 activate neighbor 172.16.2.2 send-community extended neighbor 172.16.3.3 activate neighbor 172.16.3.3 send-community extended exit-address-family ! address-family l2vpn vpls neighbor 172.16.2.2 activate neighbor 172.16.2.2 send-community extended neighbor 172.16.2.2 prefix-length-size 2 neighbor 172.16.2.2 suppress-signaling-protocol ldp neighbor 172.16.3.3 activate neighbor 172.16.3.3 send-community extended neighbor 172.16.3.3 suppress-signaling-protocol ldp exit-address-family hostname PE3 ! ! ! no aaa new-model ip routing ! ! ! ! ip name-server 8.8.8.8 ipv6 multicast rpf use-bgp ! ! mpls traffic-eng tunnels l2vpn vfi context lab vpn id 512 autodiscovery bgp signaling bgp ve id 3 ve range 11 rd 172.16.3.3:512 route-target export 56595:512 route-target import 56595:512 vlan 512 name test ! ! ! ! interface Loopback0 ip address 172.16.3.3 255.255.255.255 ip ospf 1 area 0.0.0.0 ! interface Tunnel0 description PE3-to-PE2 ip unnumbered Loopback0 tunnel mode mpls traffic-eng tunnel destination 172.16.2.2 tunnel mpls traffic-eng priority 1 1 tunnel mpls traffic-eng path-option 1 dynamic ! interface Tunnel1 description PE3-to-PE1 ip unnumbered Loopback0 tunnel mode mpls traffic-eng tunnel destination 172.16.1.1 tunnel mpls traffic-eng priority 1 1 tunnel mpls traffic-eng path-option 1 dynamic ! interface GigabitEthernet0 ip address 46.226.1.178 255.255.255.248 speed auto duplex auto negotiation auto ! interface GigabitEthernet0/1 no switchport ip address 10.0.0.6 255.255.255.252 mpls traffic-eng tunnels ip rsvp bandwidth percent 100 ! interface GigabitEthernet0/2 switchport access vlan 512 ! interface Vlan512 no ip address member vfi lab ! router ospf 1 router-id 172.16.3.3 network 10.0.0.4 0.0.0.3 area 0.0.0.0 mpls traffic-eng router-id Loopback0 mpls traffic-eng area 0.0.0.0 ! router bgp 56595 bgp log-neighbor-changes bgp graceful-restart restart-time 120 bgp graceful-restart stalepath-time 360 bgp graceful-restart no bgp default ipv4-unicast neighbor 172.16.1.1 remote-as 56595 neighbor 172.16.1.1 update-source Loopback0 neighbor 172.16.2.2 remote-as 56595 neighbor 172.16.2.2 update-source Loopback0 ! address
[c-nsp] ios xr - asr9k - object tracking route reachability
why do I get a failure on the config BUT it still allows me to exit the config as if it was commited, and sh run proves it's there. I thought a failure upon commit caused configuration to NOT be committed. RP/0/RSP0/CPU0:9k#sh run track track-default-route Tue Apr 16 11:41:18.821 CDT % No such configuration item(s) RP/0/RSP0/CPU0:9k# RP/0/RSP0/CPU0:9k#conf Tue Apr 16 11:41:28.966 CDT RP/0/RSP0/CPU0:9k(config)#track track-default-route RP/0/RSP0/CPU0:9k(config-track)# type route reachability RP/0/RSP0/CPU0:9k(config-track-route)# vrf oneone RP/0/RSP0/CPU0:9k(config-track-route)# route ipv4 0.0.0.0/0 RP/0/RSP0/CPU0:9k(config-track-route)#exit RP/0/RSP0/CPU0:9k(config-track)#delay up 10 RP/0/RSP0/CPU0:9k(config-track)#commit Tue Apr 16 11:41:32.446 CDT % Failed to commit one or more configuration items. Please issue 'show configuration failed' from this session to view the errors RP/0/RSP0/CPU0:9k(config-track)# RP/0/RSP0/CPU0:9k#sh run track track-default-route Tue Apr 16 11:41:42.273 CDT track track-default-route type route reachability vrf oneone route ipv4 0.0.0.0/0 ! delay up 10 ! Aaron ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
[c-nsp] FW: ios xr - asr9k - object tracking route reachability
i'm trying to track the existence of a route in the vrf oneone routing table why is the show track showing that it is looking for it in the vrf default ? RP/0/RSP0/CPU0:9k#sh run track mylist1 Tue Apr 16 12:33:21.328 CDT track mylist1 type list boolean and object track-a-route ! delay up 10 ! RP/0/RSP0/CPU0:9k#sh run track track-a-route Tue Apr 16 12:33:27.775 CDT track track-a-route type route reachability vrf oneone route ipv4 10.101.14.20/30 ! delay up 10 ! RP/0/RSP0/CPU0:9k#sh track Tue Apr 16 12:33:33.285 CDT Track mylist1 List boolean and is DOWN 1 change, last change 11:56:10 CDT Tue Apr 16 2013 object track-a-route DOWN Track track-a-route Ip route 10.101.14.20 255.255.255.252 reachability ip vrf default Reachability is DOWN 2 changes, last change 12:33:01 CDT Tue Apr 16 2013 RP/0/RSP0/CPU0:9k# RP/0/RSP0/CPU0:9k#sh route vrf oneone Tue Apr 16 12:31:55.194 CDT Codes: C - connected, S - static, R - RIP, B - BGP D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2 E1 - OSPF external type 1, E2 - OSPF external type 2, E - EGP i - ISIS, L1 - IS-IS level-1, L2 - IS-IS level-2 ia - IS-IS inter area, su - IS-IS summary null, * - candidate default U - per-user static route, o - ODR, L - local, G - DAGR A - access/subscriber, (!) - FRR Backup path Gateway of last resort is not set C10.101.14.20/30 is directly connected, 01:19:40, GigabitEthernet0/0/0/10 L10.101.14.21/32 is directly connected, 01:19:40, GigabitEthernet0/0/0/10 RP/0/RSP0/CPU0:9k# From: Aaron [mailto:aar...@gvtc.com] Sent: Tuesday, April 16, 2013 11:46 AM To: cisco-nsp@puck.nether.net Subject: ios xr - asr9k - object tracking route reachability why do I get a failure on the config BUT it still allows me to exit the config as if it was commited, and sh run proves it's there. I thought a failure upon commit caused configuration to NOT be committed. RP/0/RSP0/CPU0:9k#sh run track track-default-route Tue Apr 16 11:41:18.821 CDT % No such configuration item(s) RP/0/RSP0/CPU0:9k# RP/0/RSP0/CPU0:9k#conf Tue Apr 16 11:41:28.966 CDT RP/0/RSP0/CPU0:9k(config)#track track-default-route RP/0/RSP0/CPU0:9k(config-track)# type route reachability RP/0/RSP0/CPU0:9k(config-track-route)# vrf oneone RP/0/RSP0/CPU0:9k(config-track-route)# route ipv4 0.0.0.0/0 RP/0/RSP0/CPU0:9k(config-track-route)#exit RP/0/RSP0/CPU0:9k(config-track)#delay up 10 RP/0/RSP0/CPU0:9k(config-track)#commit Tue Apr 16 11:41:32.446 CDT % Failed to commit one or more configuration items. Please issue 'show configuration failed' from this session to view the errors RP/0/RSP0/CPU0:9k(config-track)# RP/0/RSP0/CPU0:9k#sh run track track-default-route Tue Apr 16 11:41:42.273 CDT track track-default-route type route reachability vrf oneone route ipv4 0.0.0.0/0 ! delay up 10 ! Aaron ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] IPv6 Transition - IP/MPLS Backbone
It was in my live network, later I removed it for preferring L3VPN vice L2VPN. I think on the route reflector the thing(s) you need to do is add vpnv6 to global bgp and to the neighbor session..neighbor session will bounce when you activate another address family to a pre-existing neighbor..it's quick as I recall, loose a couple pings and that's it Aaron From: Ahmed Hilmy [mailto:hilmy...@gmail.com] Sent: Tuesday, April 16, 2013 1:47 PM To: Aaron Cc: Harold 'Buz' Dale; cisco-nsp@puck.nether.net; aaron.go...@gvtc.net Subject: Re: [c-nsp] IPv6 Transition - IP/MPLS Backbone Hello Aaron, That is great and so happy to hear that, is it real deployment at your live network ? MP-BGP between PE- Route Reflector, shall i modify it to allow IPv6 packet to carry ? or only at PE to work as dual stack ? On Tue, Apr 16, 2013 at 12:19 AM, Aaron aar...@gvtc.com wrote: Sounds like a good use for 6VPE...as I understand it, I've had to do the following in my network to get 6vpe working... - enable local vrf ipv6 data structure which may include you upgrading the vrf cli to the vrf definition to support ipv6 - enable/activate vpnv6 neighbors within the MP-iBGP core...PE bgp neighbors or PE to Route Refelctor(s) - enable the ipv6 vrf within bgp - enable the pe-ce routing to be ipv6 capable - enable the ipv6 protocol stack in the interfaces facing CE ...i had to do nothing ipv6-related to my mpls/igp core routing environment. Nothing. I think that's nice thing about 6vpe is that providers don't have to do anything to the core in order to enable ipv6 over pre-existing ipv4 (vpvn4) mpls l3vpn's... When you are done, a traceroute from a client transiting the 6vpe mpls l3vpn will look like this... notice hops 2 and 3i think they are ipv6 compatible ipv6 addresses (but unsure about what they are called)...anyway, it shows the loopback router id of the mpls transit hop via the 6vpe (the mpls l3vpn that is ipv6 enabled) C:\tracert -d www.cisco.com Tracing route to e144.dscb.akamaiedge.net [2600:1404:8:1:9200::90] over a maximum of 30 hops: 11 ms1 ms1 ms 1234:5678:::1 2 1 ms 1 ms1 ms :::12.34.0.3 3 1 ms 1 ms1 ms :::123.123108.3 4 1 ms1 ms1 ms 2468:1234:0:8::f:8001 51 ms1 ms1 ms 2468:1234:0:8::f:8000 611 ms 7 ms 7 ms 2468:1234:0:4::f:bb56 7 9 ms 7 ms 7 ms 2468:1234:0:4::3:0 815 ms15 ms15 ms 2468:1234:0:4::22 910 ms15 ms15 ms 1369:2468:0:8::e 10 8 ms 8 ms 8 ms 1369:2468:0:4::83 11 9 ms 8 ms 8 ms 2610:18:10e::45 1277 ms * 104 ms 2610:18:17:3000::2e 1332 ms32 ms32 ms 2400:8800:7f04:6::2 1432 ms32 ms32 ms 2600:1404:8:1:9200::90 Trace complete. C:\ Aaron -Original Message- From: cisco-nsp [mailto:cisco-nsp-boun...@puck.nether.net] On Behalf Of Ahmed Hilmy Sent: Monday, April 15, 2013 2:28 PM To: Harold 'Buz' Dale Cc: cisco-nsp@puck.nether.net Subject: Re: [c-nsp] IPv6 Transition - IP/MPLS Backbone I have IPv4/ MPLS Backbone, i want to deploy IPv6 by using exist Backbone. Yes, dual stack at PE only which it is facing to CE, but PE will face my core as IPv4. Please let me know if it is not clear yet ? Regards, Ahmed On Mon, Apr 15, 2013 at 8:00 PM, Harold 'Buz' Dale buz.d...@usg.edu wrote: Are you planning on providing native v6 via dual stack at the edges and then using 6PE to traverse your core? Maybe I am a little slow but it isn't clear to me exactly what you are trying to do. Thanks, Buz -Original Message- From: cisco-nsp [mailto:cisco-nsp-boun...@puck.nether.net] On Behalf Of Ahmed Hilmy Sent: Sunday, April 14, 2013 15:56 To: cisco-nsp@puck.nether.net Subject: [c-nsp] IPv6 Transition - IP/MPLS Backbone Hello Expert, We are planning to deploy IPv6 at our IPv4 Backbone, our PE to as Dual Stack and carry IPv6 packet through MPLS label. There are different scenarios, one of them is 6PE. Would you please guide me from where can i start ? Thanks, Ahmed ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/ ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/ ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] data center/mpls/vpls
Thanks Andrew Q1 - Why do you want MPLS on the top of rack switch? A1 - L2VPN's...L3VPN's... Yes, 10 feet away is my Cisco ASR9006 MPLS PE edge box, so yes I could simply do 802.1q from tor switch to that 9k and then jump into mpls LxVPN's there.perhaps this would be a way for me to keep the cost down on the TOR switch. Q2 - Do you need 1G, or 10G interfaces, and how many of them? Why do you need 5? Would something like a pair of 5Ks and FEXs not do what you are after? A2 - 10G and about 5 of them per switch. (2) Data Centers, with (2) cabinets each. So (4) TOR switchesand we spare one of everything we have for quick disaster recovery incase of outage so 5 Q3 - IIRC, the HP 5900s only support 16K routes - which could be a problem on an MPLS network. A3 - My MPLS network is just that, mine. I am a small ISP. I own the whole mpls networkcurrently 209 routesit will grow, but not to thousands. And if I do ospf area's and route summarization at area boundaries down the road, I could probably still keep route table small. 3600#sh ip route summ | in Route|Total Route SourceNetworksSubnets Replicates OverheadMemory (bytes) Total 4 209 0 12900 47784 Q3.1 - Can't you just trunk the various VLANs back to a PE/ pair of PEs? A3.1 - yes, I could should I? Would you/you all prefer mpls to the ToR edge to jump into and out of mpls LxVPN's right there? Or is it not worth paying for? Seems reminiscent of ATMand the powers realized by getting atm closer and closer to the edge...but then always wondering, perhaps I could simply just vlan into the atm lane elan/pvc/pvp and be done with it. H Q4 - I think the QFX will be too expensive for your budget. IIRC, the EX4500s also have the not enough routes supported issue A4 - 209 routes currently. I see EX4550 does mpls. Don't know how much it costs though...gonna talk to Juniper this morning in webex. Is ex4550 a good box? Aaron -Original Message- From: Andrew Miehs [mailto:and...@2sheds.de] Sent: Monday, April 15, 2013 1:08 AM To: Aaron Cc: cisco-nsp@puck.nether.net Subject: Re: [c-nsp] data center/mpls/vpls On 13/04/2013, at 12:57 AM, Aaron aar...@gvtc.com wrote: I would like mpls capability in it. Does anyone say that mpls/vpls/l3vpn/l2vpn is good to top of rack data center level? Seems like more flexibility and strength to me with using all those nice mpls features. Why do you want MPLS on the top of rack switch? I would like a pair of top-of-rack devices that can mirror one another if possible too, like cisco's 6509-vss thing.or at least like nexus vpc (multichassis link aggregation/bundling) The Nexus 5Ks are pretty cheap and good if you only need L2. What vendor has something that can do all that? Oh, I'm trying to stay around $75K for 5 of them. Do you need 1G, or 10G interfaces, and how many of them? Why do you need 5? Would something like a pair of 5Ks and FEXs not do what you are after? HP tells me their 5900/5920 can do most of this and mpls is on roadmap for end of year.l3vpn, maybe l2vpn beyond that. IIRC, the HP 5900s only support 16K routes - which could be a problem on an MPLS network. Can't you just trunk the various VLANs back to a PE/ pair of PEs? Juniper ? don't know.but I see on their web site something about QFX3500, EX4500, EX4550 but haven't look at them yet. I think the QFX will be too expensive for your budget. IIRC, the EX4500s also have the not enough routes supported issue Regards Andrew ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] data center/mpls/vpls
Thanks again Andrew I would imagine that this number would sky-rocket if you ever started providing VPNs for your corporate customer, as many of these will not summarise routes. As I understand multi-area ospf, the abr/ip route summary function has nothing to do with the customer or edge or ospf area member router, but rather the abr straddling the multiple areas..so not sure what that customer router has to do with route summary My experience is Campus MPLS networks so my experience will be different to that of ISPs. Also don't forget to double this number to include IPv6 eventually. I'm testing 6VPE (mpls l3vpn ipv6 capable) now..as I see/understand it, there are zero ipv6 routes in my ipv4 mpls global core. Adding ipv6 to the pre-existing customer mpls l3vpn's doesn't add any routes at all to the igp core. Aaron From: Andrew Miehs [mailto:and...@2sheds.de] Sent: Monday, April 15, 2013 9:42 AM To: Aaron Cc: cisco-nsp@puck.nether.net Subject: Re: [c-nsp] data center/mpls/vpls On Tue, Apr 16, 2013 at 12:19 AM, Aaron aar...@gvtc.com wrote: Q1 - Why do you want MPLS on the top of rack switch? A1 - L2VPN's...L3VPN's... Yes, 10 feet away is my Cisco ASR9006 MPLS PE edge box, so yes I could simply do 802.1q from tor switch to that 9k and then jump into mpls LxVPN's there.perhaps this would be a way for me to keep the cost down on the TOR switch. Cost will be your biggest issue - 5 with fully capable L3/ MPLS switches - with 5x 10G interfaces. The cheapest Cisco that can do this would be a 6500. Not too sure about the HP or Juniper boxes as they didn't have large enough routing tables for use to keep looking at them. And at $75K you will just be able to afford one of these. Q2 - Do you need 1G, or 10G interfaces, and how many of them? Why do you need 5? Would something like a pair of 5Ks and FEXs not do what you are after? A2 - 10G and about 5 of them per switch. (2) Data Centers, with (2) cabinets each. So (4) TOR switchesand we spare one of everything we have for quick disaster recovery incase of outage so 5 You should be able to get close to 5 x Nexus 5K with only the basic L2 licenses for that money. Q3 - IIRC, the HP 5900s only support 16K routes - which could be a problem on an MPLS network. A3 - My MPLS network is just that, mine. I am a small ISP. I own the whole mpls networkcurrently 209 routesit will grow, but not to thousands. And if I do ospf area's and route summarization at area boundaries down the road, I could probably still keep route table small. 3600#sh ip route summ | in Route|Total Route SourceNetworksSubnets Replicates OverheadMemory (bytes) Total 4 209 0 12900 47784 I would imagine that this number would sky-rocket if you ever started providing VPNs for your corporate customer, as many of these will not summarise routes. My experience is Campus MPLS networks so my experience will be different to that of ISPs. Also don't forget to double this number to include IPv6 eventually. Q3.1 - Can't you just trunk the various VLANs back to a PE/ pair of PEs? A3.1 - yes, I could should I? Would you/you all prefer mpls to the ToR edge to jump into and out of mpls LxVPN's right there? Or is it not worth paying for? Seems reminiscent of ATMand the powers realized by getting atm closer and closer to the edge...but then always wondering, perhaps I could simply just vlan into the atm lane elan/pvc/pvp and be done with it. H I don't know of any box capable of 5x 10G with MPLS which costs $75K / 5 ... I would rather trunk back to your ASR9000 and home directly into the correct MPLS VPN compared to VRF lite on a L3 switch, and THEN back to the AS9000... Saves you a L3 hop, and a lot of mucking about with VRF lite - for no gain that I can see Q4 - I think the QFX will be too expensive for your budget. IIRC, the EX4500s also have the not enough routes supported issue A4 - 209 routes currently. I see EX4550 does mpls. Don't know how much it costs though...gonna talk to Juniper this morning in webex. Is ex4550 a good box? I haven't played with any of the Juniper kit so I don't know how reliable it now is. Good luck. Andrew ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] IPv6 Transition - IP/MPLS Backbone
Sounds like a good use for 6VPE...as I understand it, I've had to do the following in my network to get 6vpe working... - enable local vrf ipv6 data structure which may include you upgrading the vrf cli to the vrf definition to support ipv6 - enable/activate vpnv6 neighbors within the MP-iBGP core...PE bgp neighbors or PE to Route Refelctor(s) - enable the ipv6 vrf within bgp - enable the pe-ce routing to be ipv6 capable - enable the ipv6 protocol stack in the interfaces facing CE ...i had to do nothing ipv6-related to my mpls/igp core routing environment. Nothing. I think that's nice thing about 6vpe is that providers don't have to do anything to the core in order to enable ipv6 over pre-existing ipv4 (vpvn4) mpls l3vpn's... When you are done, a traceroute from a client transiting the 6vpe mpls l3vpn will look like this... notice hops 2 and 3i think they are ipv6 compatible ipv6 addresses (but unsure about what they are called)...anyway, it shows the loopback router id of the mpls transit hop via the 6vpe (the mpls l3vpn that is ipv6 enabled) C:\tracert -d www.cisco.com Tracing route to e144.dscb.akamaiedge.net [2600:1404:8:1:9200::90] over a maximum of 30 hops: 11 ms1 ms1 ms 1234:5678:::1 2 1 ms 1 ms1 ms :::12.34.0.3 3 1 ms 1 ms1 ms :::123.123108.3 4 1 ms1 ms1 ms 2468:1234:0:8::f:8001 51 ms1 ms1 ms 2468:1234:0:8::f:8000 611 ms 7 ms 7 ms 2468:1234:0:4::f:bb56 7 9 ms 7 ms 7 ms 2468:1234:0:4::3:0 815 ms15 ms15 ms 2468:1234:0:4::22 910 ms15 ms15 ms 1369:2468:0:8::e 10 8 ms 8 ms 8 ms 1369:2468:0:4::83 11 9 ms 8 ms 8 ms 2610:18:10e::45 1277 ms * 104 ms 2610:18:17:3000::2e 1332 ms32 ms32 ms 2400:8800:7f04:6::2 1432 ms32 ms32 ms 2600:1404:8:1:9200::90 Trace complete. C:\ Aaron -Original Message- From: cisco-nsp [mailto:cisco-nsp-boun...@puck.nether.net] On Behalf Of Ahmed Hilmy Sent: Monday, April 15, 2013 2:28 PM To: Harold 'Buz' Dale Cc: cisco-nsp@puck.nether.net Subject: Re: [c-nsp] IPv6 Transition - IP/MPLS Backbone I have IPv4/ MPLS Backbone, i want to deploy IPv6 by using exist Backbone. Yes, dual stack at PE only which it is facing to CE, but PE will face my core as IPv4. Please let me know if it is not clear yet ? Regards, Ahmed On Mon, Apr 15, 2013 at 8:00 PM, Harold 'Buz' Dale buz.d...@usg.edu wrote: Are you planning on providing native v6 via dual stack at the edges and then using 6PE to traverse your core? Maybe I am a little slow but it isn't clear to me exactly what you are trying to do. Thanks, Buz -Original Message- From: cisco-nsp [mailto:cisco-nsp-boun...@puck.nether.net] On Behalf Of Ahmed Hilmy Sent: Sunday, April 14, 2013 15:56 To: cisco-nsp@puck.nether.net Subject: [c-nsp] IPv6 Transition - IP/MPLS Backbone Hello Expert, We are planning to deploy IPv6 at our IPv4 Backbone, our PE to as Dual Stack and carry IPv6 packet through MPLS label. There are different scenarios, one of them is 6PE. Would you please guide me from where can i start ? Thanks, Ahmed ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/ ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/ ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] data center/mpls/vpls
Thanks Oliver for the input, I'm planning on not doing L3 on whichever DC ToR switch I go with and simply doing the L3 on the uplinked ASR9006 Aaron -Original Message- From: cisco-nsp [mailto:cisco-nsp-boun...@puck.nether.net] On Behalf Of Oliver Garraux Sent: Monday, April 15, 2013 3:51 PM To: Jeff Kell Cc: cisco-nsp@puck.nether.net Subject: Re: [c-nsp] data center/mpls/vpls At a large enterprise, we're using them for L2 only. For a smallish virtualized hosting environment we're doing L3 with them. I think the people working on the hosting environment are happy with them. My concerns about L3 on the N5k are mostly about some of the limitations. Off the top of my head: - you can't do ISSU with L3 - it doesn't support PBR - since a port-channel is used internally to connect to the L3 module, you may not be able to effectively use 160 gbps for L3 - more limited # of FEX's supported when L3 is being used. I think they increased it though in some version of code, so this might be less of an issue today If you can live with the limitations, I think L3 on the N5K is probably OK. Not sure that its the best choice for L3 stuff though. Oliver - Oliver Garraux Check out my blog: blog.garraux.net Follow me on Twitter: twitter.com/olivergarraux On Mon, Apr 15, 2013 at 2:56 PM, Jeff Kell jeff-k...@utc.edu wrote: On 4/15/2013 2:07 AM, Andrew Miehs wrote: I would like a pair of top-of-rack devices that can mirror one another if possible too, like cisco's 6509-vss thing.or at least like nexus vpc (multichassis link aggregation/bundling) The Nexus 5Ks are pretty cheap and good if you only need L2. I'm still a Nexus virgin... so excuse my naive question... but... :) I've heard more than once that Nexus 5K is not quite ready for Layer-3 prime time, but I have also heard others swear by at (as opposed to swearing AT it). So what's the real scoop? Are you deploying N5K just for L2 and front-ending it with some other L3 device? Jeff ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/ ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/ ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
[c-nsp] data center/mpls/vpls
I'm working with the resident linux/server/systems engineer on his new dc project. I'm looking for data center type switches/routers. does anyone recommend anything? I would like mpls capability in it. Does anyone say that mpls/vpls/l3vpn/l2vpn is good to top of rack data center level? Seems like more flexibility and strength to me with using all those nice mpls features. I would like a pair of top-of-rack devices that can mirror one another if possible too, like cisco's 6509-vss thing.or at least like nexus vpc (multichassis link aggregation/bundling) What vendor has something that can do all that? Oh, I'm trying to stay around $75K for 5 of them. HP tells me their 5900/5920 can do most of this and mpls is on roadmap for end of year.l3vpn, maybe l2vpn beyond that. Cisco tells me their nexus 5548UP can do most of this, but no mpls at all, no roadmap either. Juniper ? don't know.but I see on their web site something about QFX3500, EX4500, EX4550 but haven't look at them yet. Other vendor ? Aaron ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] Way to get 3rd party optics to work in UCS/FEX?
Are you talking about sfp/xfp 3rd party support in NXOS? If so, would this limitation apply to Cisco 5548UP as well ? Asking since I'm considering buying some of those and want to know what I'm getting myself into. Aaron -Original Message- From: cisco-nsp-boun...@puck.nether.net [mailto:cisco-nsp-boun...@puck.nether.net] On Behalf Of David Hubbard Sent: Friday, April 12, 2013 10:28 AM To: Cisco Network Service Providers Subject: Re: [c-nsp] Way to get 3rd party optics to work in UCS/FEX? Unfortunately NXOS on the UCS fabric interconnects is apparently limited to read only mode (according to TAC); any changes have to go through the web interface and they've intentionally disabled any option of using unsupported transceivers. Back to the drawing board, David -Original Message- From: cisco-nsp-boun...@puck.nether.net [mailto:cisco-nsp-boun...@puck.nether.net] On Behalf Of Maarten Carels Sent: Friday, April 12, 2013 10:21 AM To: Cisco Network Service Providers Subject: Re: [c-nsp] Way to get 3rd party optics to work in UCS/FEX? On 12 Apr 2013, at 16:09 , David Hubbard wrote: Ah, that got me close but unfortunately the command isn't there: fab1-A(nxos)# service unsupported-transceiver ^ % Invalid command at '^' marker. Maybe it would show up if I upgrade? It's been about a year; currently running 2.02q: In configuration mode? --maarten ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/ ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/ ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] Cisco 7609-S - ME3600 / xconnect up - ac down
Loc ac err on 7609.. ? I'm thinking g1/18 on 7609 is L3 int, and in order for vpws l2vpn pw to come up, ac (g1/18) must be converted to L2 interface perhaps try on 7609... Conf t Default interface GigabitEthernet1/18 interface GigabitEthernet1/18 switchport description TEST_MPLS_PSEUDOWIRE load-interval 30 speed 1000 no keepalive no cdp enable service instance 20 ethernet encapsulation untagged bridge-domain 20 7609-S# Apr 8 12:24:24.681: XC VPWS[391A:172.18.0.17:20]: Alarm: 0x0 Apr 8 12:24:24.681: XC: MPLS peer 172.18.0.17 vcid 20, VC state DOWN, Loc AC Err -Original Message- From: cisco-nsp-boun...@puck.nether.net [mailto:cisco-nsp-boun...@puck.nether.net] On Behalf Of Antonis Vosdoganis Sent: Monday, April 08, 2013 8:51 AM To: cisco-nsp@puck.nether.net Subject: [c-nsp] Cisco 7609-S - ME3600 / xconnect up - ac down Hello We are trying to set up a pseudowire connection between a Cisco 7609-S and ME3600. When xconnect is applied on physical interface or service instance there is no problem. When we are moving to interface vlan xconnect is up but ac is down. Cisco 7609 is using a 7600-ES+20G3CXL gigabit port NOT RSP720 and IOS version c7600rsp72043-advipservicesk9-mz.153-1.S.bin ME3600 is using IOS version me360x-universalk9-mz.153-1.S1.bin We have successfully set up the same scenario with 2 ME3600. Please check attached files for sample configurations and show - debugs commands. Regards Antonis. ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] ipodwdm - asr 9000
Yes, lots of times -Original Message- From: Adam Vitkovsky [mailto:adam.vitkov...@swan.sk] Sent: Wednesday, April 03, 2013 3:01 AM To: 'Aaron'; cisco-nsp@puck.nether.net Subject: RE: [c-nsp] ipodwdm - asr 9000 Hi Aaron, Have you tried to turn it on and off again? :) controller dwdm x/x/x/x admin-state out-of-service commit ! admin-state in-service commit ! adam -Original Message- From: cisco-nsp-boun...@puck.nether.net [mailto:cisco-nsp-boun...@puck.nether.net] On Behalf Of Aaron Sent: Tuesday, April 02, 2013 6:04 PM To: cisco-nsp@puck.nether.net Subject: [c-nsp] ipodwdm - asr 9000 http://www.cisco.com/en/US/docs/routers/asr9000/software/asr9k_r3.9/interfac es/configuration/guide/hc39dwdm.pdf I haven't got this working and this is my first attempt.in that document it shows under the controller config that network port id and network connection id are different . is that true? I'm looking for a basic config for making (2) asr9000's talk to each other over a ten gige interface using dwdm tuneable/colored optics. using wavelength 53 Any assistance is appreciated Here's what I have currently.. Strangely I'm seeing one-way arp. Any ideas? RP/0/RSP0/CPU0:9k-1# sh run controll dwdm 0/0/0/0 Tue Apr 2 10:51:02.659 CDT controller dwdm0/0/0/0 wavelength 53 network connection id 0/0/0/0 network port id 0/0/0/0 admin-state in-service ! RP/0/RSP0/CPU0:9k-1#sh run int ten 0/0/0/0 Tue Apr 2 10:51:06.537 CDT interface TenGigE0/0/0/0 description testing colored dwdm optics to 9k-2 Te0/1/0/1 ipv4 address 1.1.1.1 255.255.255.252 ! RP/0/RSP0/CPU0:9k-1# RP/0/RSP0/CPU0:9k-1#sh arp ten 0/0/0/0 Tue Apr 2 10:51:17.416 CDT --- 0/0/CPU0 --- Address AgeHardware Addr State Type Interface 1.1.1.1 - 6c9c.ed18.1c68 Interface ARPA TenGigE0/0/0/0 1.1.1.2 00:09:15 04c5.a4e2.2e2d DynamicARPA TenGigE0/0/0/0 RP/0/RSP0/CPU0:9k-1# * RP/0/RSP0/CPU0:9k-2#sh run controller dwdm 0/1/0/1 Tue Apr 2 10:48:38.691 CDT controller dwdm0/1/0/1 wavelength 53 network connection id 0/1/0/1 network port id 0/1/0/1 admin-state in-service ! RP/0/RSP0/CPU0:9k-2#sh run int ten 0/1/0/1 Tue Apr 2 10:48:43.742 CDT interface TenGigE0/1/0/1 description testing colored dwdm optics to 9k-1 Te0/0/0/0 ipv4 address 1.1.1.2 255.255.255.252 ! RP/0/RSP0/CPU0:9k-2#ping 1.1.1.1 Tue Apr 2 10:50:01.234 CDT Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to 1.1.1.1, timeout is 2 seconds: ..U.. Success rate is 0 percent (0/5) RP/0/RSP0/CPU0:9k-2#sh arp ten 0/1/0/1 Tue Apr 2 10:50:11.962 CDT --- 0/1/CPU0 --- Address AgeHardware Addr State Type Interface 1.1.1.1 - .. DeletedARPA TenGigE0/1/0/1 1.1.1.2 - 04c5.a4e2.2e2d Interface ARPA TenGigE0/1/0/1 RP/0/RSP0/CPU0:9k-2# Aaron ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/ ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] ipodwdm - asr 9000
I tried, still same one-way arp. Also removed the dwdm equipment this morningnow it's direct fiber and still same one-way arp seen Does this look weird that one says 10G-TUNABLE-by-WAVELENGTH and the other one does not? RP/0/RSP0/CPU0:9k-1#sh controller dwdm 0/0/0/0 | in Optics Optics Type: 10G-TUNABLE-by-CHANNEL, 10G-TUNABLE-by-WAVELENGTH, RP/0/RSP0/CPU0:9k-2#sh controller dwdm 0/1/0/1 | in Optics Optics Type: 10G-TUNABLE-by-CHANNEL, Also saw something in a cisco document that showed the network port id number was different then the network connection id ...is it supposed to be different ? RP/0/RSP0/CPU0:9k-1#sh run controller dwdm 0/0/0/0 controller dwdm0/0/0/0 wavelength frequency 19350 network connection id 0/0/0/0 network port id 0/0/0/0 admin-state in-service RP/0/RSP0/CPU0:9k-2#sh run controller dwdm 0/1/0/1 controller dwdm0/1/0/1 wavelength frequency 19350 network connection id 0/1/0/1 network port id 0/1/0/1 admin-state in-service Aaron -Original Message- From: Mohacsi Janos [mailto:moha...@niif.hu] Sent: Wednesday, April 03, 2013 4:20 AM To: Aaron Cc: 'Pshem Kowalczyk'; 'cisco-nsp@puck.nether.net' Subject: Re: [c-nsp] ipodwdm - asr 9000 Hi Aaron, Can you try configuring the DWDM channel with frequency, instead of channel. We run into a similar problem a while ago. Solution was to configure with frequency. Best Regards, Janos Mohacsi Head of HBONE+ project Network Engineer, Director Network and Multimedia NIIF/HUNGARNET, HUNGARY Co-chair of Hungarian IPv6 Forum Key 70EF9882: DEC2 C685 1ED4 C95A 145F 4300 6F64 7B00 70EF 9882 On Tue, 2 Apr 2013, Aaron wrote: Running ios xr 4.1.2 -Original Message- From: Pshem Kowalczyk [mailto:pshe...@gmail.com] Sent: Tuesday, April 02, 2013 3:58 PM To: Aaron Cc: cisco-nsp@puck.nether.net Subject: Re: [c-nsp] ipodwdm - asr 9000 If the filters only allow channel 35 that's what the optics should be tuned to. I'm not sure how to verify that, since clearly you set the channel and yet the show commands do not confirm that. All that comes to mind is to confirm the actual frequencies of those channels on the DWDM filters (we've encountered some incompatibilities with Ericsson OTN equipment - their bands didn't always exactly aligned with ITU channels). What software version are you running on those ASR9k? kind regards Pshem On 3 April 2013 09:50, Aaron aar...@gvtc.com wrote: I just checked this with my collegue... The link from 9k to 9k passes through dwdm filters which filter on channel 35 We pad that link and get around -12 to -15 What do you think about all this ? Aaron -Original Message- From: Pshem Kowalczyk [mailto:pshe...@gmail.com] Sent: Tuesday, April 02, 2013 3:16 PM To: Aaron Cc: cisco-nsp@puck.nether.net Subject: Re: [c-nsp] ipodwdm - asr 9000 Hi, I'm not sure if this is relevant, but channel 53 is 194.55THz and 1540.95nm (see here: http://www.cisco.com/en/US/prod/collateral/modules/ps5455/data_sheet_78-4585 30.html). 193 THz is channel 22 and 1549.315nm is in fact channel 32. Output on both routers shows the same values, so perhaps they do tune the optics the same way. Is this a direct fibre, or does it go through some other equipment? Also - what's the light budget of the link? kind regards Pshem On 3 April 2013 07:24, Aaron aar...@gvtc.com wrote: Opps, I added those dots ... It looks like this... 9k-1 - Optics Status Optics Type: 10G-TUNABLE-by-CHANNEL, 10G-TUNABLE-by-WAVELENGTH, 9k-2 - Optics Status Optics Type: 10G-TUNABLE-by-CHANNEL, -Original Message- From: cisco-nsp-boun...@puck.nether.net [mailto:cisco-nsp-boun...@puck.nether.net] On Behalf Of Aaron Sent: Tuesday, April 02, 2013 1:12 PM To: 'Mikael Abrahamsson' Cc: cisco-nsp@puck.nether.net Subject: Re: [c-nsp] ipodwdm - asr 9000 Interesting, look what I just saw while comparing is this significant? 9k-1... Optics Status Optics Type: 10G-TUNABLE-by-CHANNEL, 10G-TUNABLE-by-WAVELENGTH, ... 9k-2... Optics Status Optics Type: 10G-TUNABLE-by-CHANNEL, ... -Original Message- From: cisco-nsp-boun...@puck.nether.net [mailto:cisco-nsp-boun...@puck.nether.net] On Behalf Of Aaron Sent: Tuesday, April 02, 2013 12:57 PM To: 'Mikael Abrahamsson' Cc: cisco-nsp@puck.nether.net Subject: Re: [c-nsp] ipodwdm - asr 9000 RP/0/RSP0/CPU0:9k-1#show controller dwdm 0/0/0/0 Tue Apr 2 12:57:25.697 CDT Port dwdm0/0/0/0 Controller State: up Transport Admin State: In Service Loopback: None G709 Status G709 Disabled Connectivity Info Network Port ID: 0/0/0/0 Network Connection ID: 0/0/0/0 Optics Status Optics Type: 10G-TUNABLE-by-CHANNEL, 10G-TUNABLE-by-WAVELENGTH, Wavelength Info: C-Band, MSA ITU Channel=53, Frequency=193.00THz, Wavelength=1549.315nm TX Power = 0.47 dBm
Re: [c-nsp] ipodwdm - asr 9000
Have you opened up a case with TAC? On Wed, Apr 3, 2013 at 10:59 AM, Aaron aar...@gvtc.com wrote: I tried, still same one-way arp. Also removed the dwdm equipment this morningnow it's direct fiber and still same one-way arp seen Does this look weird that one says 10G-TUNABLE-by-WAVELENGTH and the other one does not? RP/0/RSP0/CPU0:9k-1#sh controller dwdm 0/0/0/0 | in Optics Optics Type: 10G-TUNABLE-by-CHANNEL, 10G-TUNABLE-by-WAVELENGTH, RP/0/RSP0/CPU0:9k-2#sh controller dwdm 0/1/0/1 | in Optics Optics Type: 10G-TUNABLE-by-CHANNEL, Also saw something in a cisco document that showed the network port id number was different then the network connection id ...is it supposed to be different ? RP/0/RSP0/CPU0:9k-1#sh run controller dwdm 0/0/0/0 controller dwdm0/0/0/0 wavelength frequency 19350 network connection id 0/0/0/0 network port id 0/0/0/0 admin-state in-service RP/0/RSP0/CPU0:9k-2#sh run controller dwdm 0/1/0/1 controller dwdm0/1/0/1 wavelength frequency 19350 network connection id 0/1/0/1 network port id 0/1/0/1 admin-state in-service Aaron -Original Message- From: Mohacsi Janos [mailto:moha...@niif.hu] Sent: Wednesday, April 03, 2013 4:20 AM To: Aaron Cc: 'Pshem Kowalczyk'; 'cisco-nsp@puck.nether.net' Subject: Re: [c-nsp] ipodwdm - asr 9000 Hi Aaron, Can you try configuring the DWDM channel with frequency, instead of channel. We run into a similar problem a while ago. Solution was to configure with frequency. Best Regards, Janos Mohacsi Head of HBONE+ project Network Engineer, Director Network and Multimedia NIIF/HUNGARNET, HUNGARY Co-chair of Hungarian IPv6 Forum Key 70EF9882: DEC2 C685 1ED4 C95A 145F 4300 6F64 7B00 70EF 9882 On Tue, 2 Apr 2013, Aaron wrote: Running ios xr 4.1.2 -Original Message- From: Pshem Kowalczyk [mailto:pshe...@gmail.com] Sent: Tuesday, April 02, 2013 3:58 PM To: Aaron Cc: cisco-nsp@puck.nether.net Subject: Re: [c-nsp] ipodwdm - asr 9000 If the filters only allow channel 35 that's what the optics should be tuned to. I'm not sure how to verify that, since clearly you set the channel and yet the show commands do not confirm that. All that comes to mind is to confirm the actual frequencies of those channels on the DWDM filters (we've encountered some incompatibilities with Ericsson OTN equipment - their bands didn't always exactly aligned with ITU channels). What software version are you running on those ASR9k? kind regards Pshem On 3 April 2013 09:50, Aaron aar...@gvtc.com wrote: I just checked this with my collegue... The link from 9k to 9k passes through dwdm filters which filter on channel 35 We pad that link and get around -12 to -15 What do you think about all this ? Aaron -Original Message- From: Pshem Kowalczyk [mailto:pshe...@gmail.com] Sent: Tuesday, April 02, 2013 3:16 PM To: Aaron Cc: cisco-nsp@puck.nether.net Subject: Re: [c-nsp] ipodwdm - asr 9000 Hi, I'm not sure if this is relevant, but channel 53 is 194.55THz and 1540.95nm (see here: http://www.cisco.com/en/US/prod/collateral/modules/ps5455/data_sheet_78-4585 30.html). 193 THz is channel 22 and 1549.315nm is in fact channel 32. Output on both routers shows the same values, so perhaps they do tune the optics the same way. Is this a direct fibre, or does it go through some other equipment? Also - what's the light budget of the link? kind regards Pshem On 3 April 2013 07:24, Aaron aar...@gvtc.com wrote: Opps, I added those dots ... It looks like this... 9k-1 - Optics Status Optics Type: 10G-TUNABLE-by-CHANNEL, 10G-TUNABLE-by-WAVELENGTH, 9k-2 - Optics Status Optics Type: 10G-TUNABLE-by-CHANNEL, -Original Message- From: cisco-nsp-boun...@puck.nether.net [mailto:cisco-nsp-boun...@puck.nether.net] On Behalf Of Aaron Sent: Tuesday, April 02, 2013 1:12 PM To: 'Mikael Abrahamsson' Cc: cisco-nsp@puck.nether.net Subject: Re: [c-nsp] ipodwdm - asr 9000 Interesting, look what I just saw while comparing is this significant? 9k-1... Optics Status Optics Type: 10G-TUNABLE-by-CHANNEL, 10G-TUNABLE-by-WAVELENGTH, ... 9k-2... Optics Status Optics Type: 10G-TUNABLE-by-CHANNEL, ... -Original Message- From: cisco-nsp-boun...@puck.nether.net [mailto:cisco-nsp-boun...@puck.nether.net] On Behalf Of Aaron Sent: Tuesday, April 02, 2013 12:57 PM To: 'Mikael Abrahamsson' Cc: cisco-nsp@puck.nether.net Subject: Re: [c-nsp] ipodwdm - asr 9000 RP/0/RSP0/CPU0:9k-1#show controller dwdm 0/0/0/0 Tue Apr 2 12:57:25.697 CDT Port dwdm0/0/0/0 Controller State: up Transport Admin State: In Service Loopback: None G709 Status G709 Disabled Connectivity Info Network Port ID: 0/0/0
Re: [c-nsp] ipodwdm - asr 9000
Yes I'm feel like up'ing to sev2 and getting live hand-off the tac eng recommended trying a different port on asr9k. you think that's what it is ? Aaron From: Aaron [mailto:dudep...@gmail.com] Sent: Wednesday, April 03, 2013 11:16 AM To: Aaron Cc: Mohacsi Janos; cisco-nsp Subject: Re: [c-nsp] ipodwdm - asr 9000 Have you opened up a case with TAC? On Wed, Apr 3, 2013 at 10:59 AM, Aaron aar...@gvtc.com wrote: I tried, still same one-way arp. Also removed the dwdm equipment this morningnow it's direct fiber and still same one-way arp seen Does this look weird that one says 10G-TUNABLE-by-WAVELENGTH and the other one does not? RP/0/RSP0/CPU0:9k-1#sh controller dwdm 0/0/0/0 | in Optics Optics Type: 10G-TUNABLE-by-CHANNEL, 10G-TUNABLE-by-WAVELENGTH, RP/0/RSP0/CPU0:9k-2#sh controller dwdm 0/1/0/1 | in Optics Optics Type: 10G-TUNABLE-by-CHANNEL, Also saw something in a cisco document that showed the network port id number was different then the network connection id ...is it supposed to be different ? RP/0/RSP0/CPU0:9k-1#sh run controller dwdm 0/0/0/0 controller dwdm0/0/0/0 wavelength frequency 19350 network connection id 0/0/0/0 network port id 0/0/0/0 admin-state in-service RP/0/RSP0/CPU0:9k-2#sh run controller dwdm 0/1/0/1 controller dwdm0/1/0/1 wavelength frequency 19350 network connection id 0/1/0/1 network port id 0/1/0/1 admin-state in-service Aaron -Original Message- From: Mohacsi Janos [mailto:moha...@niif.hu] Sent: Wednesday, April 03, 2013 4:20 AM To: Aaron Cc: 'Pshem Kowalczyk'; 'cisco-nsp@puck.nether.net' Subject: Re: [c-nsp] ipodwdm - asr 9000 Hi Aaron, Can you try configuring the DWDM channel with frequency, instead of channel. We run into a similar problem a while ago. Solution was to configure with frequency. Best Regards, Janos Mohacsi Head of HBONE+ project Network Engineer, Director Network and Multimedia NIIF/HUNGARNET, HUNGARY Co-chair of Hungarian IPv6 Forum Key 70EF9882: DEC2 C685 1ED4 C95A 145F 4300 6F64 7B00 70EF 9882 On Tue, 2 Apr 2013, Aaron wrote: Running ios xr 4.1.2 -Original Message- From: Pshem Kowalczyk [mailto:pshe...@gmail.com] Sent: Tuesday, April 02, 2013 3:58 PM To: Aaron Cc: cisco-nsp@puck.nether.net Subject: Re: [c-nsp] ipodwdm - asr 9000 If the filters only allow channel 35 that's what the optics should be tuned to. I'm not sure how to verify that, since clearly you set the channel and yet the show commands do not confirm that. All that comes to mind is to confirm the actual frequencies of those channels on the DWDM filters (we've encountered some incompatibilities with Ericsson OTN equipment - their bands didn't always exactly aligned with ITU channels). What software version are you running on those ASR9k? kind regards Pshem On 3 April 2013 09:50, Aaron aar...@gvtc.com wrote: I just checked this with my collegue... The link from 9k to 9k passes through dwdm filters which filter on channel 35 We pad that link and get around -12 to -15 What do you think about all this ? Aaron -Original Message- From: Pshem Kowalczyk [mailto:pshe...@gmail.com] Sent: Tuesday, April 02, 2013 3:16 PM To: Aaron Cc: cisco-nsp@puck.nether.net Subject: Re: [c-nsp] ipodwdm - asr 9000 Hi, I'm not sure if this is relevant, but channel 53 is 194.55THz and 1540.95nm (see here: http://www.cisco.com/en/US/prod/collateral/modules/ps5455/data_sheet_78-4585 http://www.cisco.com/en/US/prod/collateral/modules/ps5455/data_sheet_78-458 530.html 30.html). 193 THz is channel 22 and 1549.315nm is in fact channel 32. Output on both routers shows the same values, so perhaps they do tune the optics the same way. Is this a direct fibre, or does it go through some other equipment? Also - what's the light budget of the link? kind regards Pshem On 3 April 2013 07:24, Aaron aar...@gvtc.com wrote: Opps, I added those dots ... It looks like this... 9k-1 - Optics Status Optics Type: 10G-TUNABLE-by-CHANNEL, 10G-TUNABLE-by-WAVELENGTH, 9k-2 - Optics Status Optics Type: 10G-TUNABLE-by-CHANNEL, -Original Message- From: cisco-nsp-boun...@puck.nether.net [mailto:cisco-nsp-boun...@puck.nether.net] On Behalf Of Aaron Sent: Tuesday, April 02, 2013 1:12 PM To: 'Mikael Abrahamsson' Cc: cisco-nsp@puck.nether.net Subject: Re: [c-nsp] ipodwdm - asr 9000 Interesting, look what I just saw while comparing is this significant? 9k-1... Optics Status Optics Type: 10G-TUNABLE-by-CHANNEL, 10G-TUNABLE-by-WAVELENGTH, ... 9k-2... Optics Status Optics Type: 10G-TUNABLE-by-CHANNEL, ... -Original Message- From: cisco-nsp-boun...@puck.nether.net [mailto:cisco-nsp-boun...@puck.nether.net] On Behalf Of Aaron Sent: Tuesday, April 02, 2013 12:57 PM To: 'Mikael Abrahamsson' Cc: cisco-nsp@puck.nether.net Subject: Re: [c-nsp] ipodwdm - asr 9000 RP/0/RSP0/CPU0:9k-1#show
[c-nsp] ipodwdm - asr 9000
http://www.cisco.com/en/US/docs/routers/asr9000/software/asr9k_r3.9/interfac es/configuration/guide/hc39dwdm.pdf I haven't got this working and this is my first attempt.in that document it shows under the controller config that network port id and network connection id are different . is that true? I'm looking for a basic config for making (2) asr9000's talk to each other over a ten gige interface using dwdm tuneable/colored optics. using wavelength 53 Any assistance is appreciated Here's what I have currently.. Strangely I'm seeing one-way arp. Any ideas? RP/0/RSP0/CPU0:9k-1# sh run controll dwdm 0/0/0/0 Tue Apr 2 10:51:02.659 CDT controller dwdm0/0/0/0 wavelength 53 network connection id 0/0/0/0 network port id 0/0/0/0 admin-state in-service ! RP/0/RSP0/CPU0:9k-1#sh run int ten 0/0/0/0 Tue Apr 2 10:51:06.537 CDT interface TenGigE0/0/0/0 description testing colored dwdm optics to 9k-2 Te0/1/0/1 ipv4 address 1.1.1.1 255.255.255.252 ! RP/0/RSP0/CPU0:9k-1# RP/0/RSP0/CPU0:9k-1#sh arp ten 0/0/0/0 Tue Apr 2 10:51:17.416 CDT --- 0/0/CPU0 --- Address AgeHardware Addr State Type Interface 1.1.1.1 - 6c9c.ed18.1c68 Interface ARPA TenGigE0/0/0/0 1.1.1.2 00:09:15 04c5.a4e2.2e2d DynamicARPA TenGigE0/0/0/0 RP/0/RSP0/CPU0:9k-1# * RP/0/RSP0/CPU0:9k-2#sh run controller dwdm 0/1/0/1 Tue Apr 2 10:48:38.691 CDT controller dwdm0/1/0/1 wavelength 53 network connection id 0/1/0/1 network port id 0/1/0/1 admin-state in-service ! RP/0/RSP0/CPU0:9k-2#sh run int ten 0/1/0/1 Tue Apr 2 10:48:43.742 CDT interface TenGigE0/1/0/1 description testing colored dwdm optics to 9k-1 Te0/0/0/0 ipv4 address 1.1.1.2 255.255.255.252 ! RP/0/RSP0/CPU0:9k-2#ping 1.1.1.1 Tue Apr 2 10:50:01.234 CDT Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to 1.1.1.1, timeout is 2 seconds: ..U.. Success rate is 0 percent (0/5) RP/0/RSP0/CPU0:9k-2#sh arp ten 0/1/0/1 Tue Apr 2 10:50:11.962 CDT --- 0/1/CPU0 --- Address AgeHardware Addr State Type Interface 1.1.1.1 - .. DeletedARPA TenGigE0/1/0/1 1.1.1.2 - 04c5.a4e2.2e2d Interface ARPA TenGigE0/1/0/1 RP/0/RSP0/CPU0:9k-2# Aaron ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] ipodwdm - asr 9000
RP/0/RSP0/CPU0:9k-1#show controller dwdm 0/0/0/0 Tue Apr 2 12:57:25.697 CDT Port dwdm0/0/0/0 Controller State: up Transport Admin State: In Service Loopback: None G709 Status G709 Disabled Connectivity Info Network Port ID: 0/0/0/0 Network Connection ID: 0/0/0/0 Optics Status Optics Type: 10G-TUNABLE-by-CHANNEL, 10G-TUNABLE-by-WAVELENGTH, Wavelength Info: C-Band, MSA ITU Channel=53, Frequency=193.00THz, Wavelength=1549.315nm TX Power = 0.47 dBm RX Power = -16.81 dBm TDC Info TDC Not Supported on the Plim Network SRLG values: Not Configured RP/0/RSP0/CPU0:9k-1# *** RP/0/RSP0/CPU0:9k-2#show controller dwdm 0/1/0/1 Tue Apr 2 12:55:29.783 CDT Port dwdm0/1/0/1 Controller State: up Transport Admin State: In Service Loopback: None G709 Status G709 Disabled Connectivity Info Network Port ID: 0/1/0/1 Network Connection ID: 0/1/0/1 Optics Status Optics Type: 10G-TUNABLE-by-CHANNEL, Wavelength Info: C-Band, MSA ITU Channel=53, Frequency=193.00THz, Wavelength=1549.315nm TX Power = 0.41 dBm RX Power = -16.02 dBm TDC Info TDC Not Supported on the Plim Network SRLG values: Not Configured RP/0/RSP0/CPU0:9k-2# -Original Message- From: Mikael Abrahamsson [mailto:swm...@swm.pp.se] Sent: Tuesday, April 02, 2013 11:38 AM To: Aaron Cc: cisco-nsp@puck.nether.net Subject: Re: [c-nsp] ipodwdm - asr 9000 On Tue, 2 Apr 2013, Aaron wrote: Any assistance is appreciated show controller dwdm 0/0/0/0 both ends. -- Mikael Abrahamssonemail: swm...@swm.pp.se ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] ipodwdm - asr 9000
Interesting, look what I just saw while comparing is this significant? 9k-1... Optics Status Optics Type: 10G-TUNABLE-by-CHANNEL, 10G-TUNABLE-by-WAVELENGTH, ... 9k-2... Optics Status Optics Type: 10G-TUNABLE-by-CHANNEL, ... -Original Message- From: cisco-nsp-boun...@puck.nether.net [mailto:cisco-nsp-boun...@puck.nether.net] On Behalf Of Aaron Sent: Tuesday, April 02, 2013 12:57 PM To: 'Mikael Abrahamsson' Cc: cisco-nsp@puck.nether.net Subject: Re: [c-nsp] ipodwdm - asr 9000 RP/0/RSP0/CPU0:9k-1#show controller dwdm 0/0/0/0 Tue Apr 2 12:57:25.697 CDT Port dwdm0/0/0/0 Controller State: up Transport Admin State: In Service Loopback: None G709 Status G709 Disabled Connectivity Info Network Port ID: 0/0/0/0 Network Connection ID: 0/0/0/0 Optics Status Optics Type: 10G-TUNABLE-by-CHANNEL, 10G-TUNABLE-by-WAVELENGTH, Wavelength Info: C-Band, MSA ITU Channel=53, Frequency=193.00THz, Wavelength=1549.315nm TX Power = 0.47 dBm RX Power = -16.81 dBm TDC Info TDC Not Supported on the Plim Network SRLG values: Not Configured RP/0/RSP0/CPU0:9k-1# *** RP/0/RSP0/CPU0:9k-2#show controller dwdm 0/1/0/1 Tue Apr 2 12:55:29.783 CDT Port dwdm0/1/0/1 Controller State: up Transport Admin State: In Service Loopback: None G709 Status G709 Disabled Connectivity Info Network Port ID: 0/1/0/1 Network Connection ID: 0/1/0/1 Optics Status Optics Type: 10G-TUNABLE-by-CHANNEL, Wavelength Info: C-Band, MSA ITU Channel=53, Frequency=193.00THz, Wavelength=1549.315nm TX Power = 0.41 dBm RX Power = -16.02 dBm TDC Info TDC Not Supported on the Plim Network SRLG values: Not Configured RP/0/RSP0/CPU0:9k-2# -Original Message- From: Mikael Abrahamsson [mailto:swm...@swm.pp.se] Sent: Tuesday, April 02, 2013 11:38 AM To: Aaron Cc: cisco-nsp@puck.nether.net Subject: Re: [c-nsp] ipodwdm - asr 9000 On Tue, 2 Apr 2013, Aaron wrote: Any assistance is appreciated show controller dwdm 0/0/0/0 both ends. -- Mikael Abrahamssonemail: swm...@swm.pp.se ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/ ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] ipodwdm - asr 9000
Opps, I added those dots ... It looks like this... 9k-1 - Optics Status Optics Type: 10G-TUNABLE-by-CHANNEL, 10G-TUNABLE-by-WAVELENGTH, 9k-2 - Optics Status Optics Type: 10G-TUNABLE-by-CHANNEL, -Original Message- From: cisco-nsp-boun...@puck.nether.net [mailto:cisco-nsp-boun...@puck.nether.net] On Behalf Of Aaron Sent: Tuesday, April 02, 2013 1:12 PM To: 'Mikael Abrahamsson' Cc: cisco-nsp@puck.nether.net Subject: Re: [c-nsp] ipodwdm - asr 9000 Interesting, look what I just saw while comparing is this significant? 9k-1... Optics Status Optics Type: 10G-TUNABLE-by-CHANNEL, 10G-TUNABLE-by-WAVELENGTH, ... 9k-2... Optics Status Optics Type: 10G-TUNABLE-by-CHANNEL, ... -Original Message- From: cisco-nsp-boun...@puck.nether.net [mailto:cisco-nsp-boun...@puck.nether.net] On Behalf Of Aaron Sent: Tuesday, April 02, 2013 12:57 PM To: 'Mikael Abrahamsson' Cc: cisco-nsp@puck.nether.net Subject: Re: [c-nsp] ipodwdm - asr 9000 RP/0/RSP0/CPU0:9k-1#show controller dwdm 0/0/0/0 Tue Apr 2 12:57:25.697 CDT Port dwdm0/0/0/0 Controller State: up Transport Admin State: In Service Loopback: None G709 Status G709 Disabled Connectivity Info Network Port ID: 0/0/0/0 Network Connection ID: 0/0/0/0 Optics Status Optics Type: 10G-TUNABLE-by-CHANNEL, 10G-TUNABLE-by-WAVELENGTH, Wavelength Info: C-Band, MSA ITU Channel=53, Frequency=193.00THz, Wavelength=1549.315nm TX Power = 0.47 dBm RX Power = -16.81 dBm TDC Info TDC Not Supported on the Plim Network SRLG values: Not Configured RP/0/RSP0/CPU0:9k-1# *** RP/0/RSP0/CPU0:9k-2#show controller dwdm 0/1/0/1 Tue Apr 2 12:55:29.783 CDT Port dwdm0/1/0/1 Controller State: up Transport Admin State: In Service Loopback: None G709 Status G709 Disabled Connectivity Info Network Port ID: 0/1/0/1 Network Connection ID: 0/1/0/1 Optics Status Optics Type: 10G-TUNABLE-by-CHANNEL, Wavelength Info: C-Band, MSA ITU Channel=53, Frequency=193.00THz, Wavelength=1549.315nm TX Power = 0.41 dBm RX Power = -16.02 dBm TDC Info TDC Not Supported on the Plim Network SRLG values: Not Configured RP/0/RSP0/CPU0:9k-2# -Original Message- From: Mikael Abrahamsson [mailto:swm...@swm.pp.se] Sent: Tuesday, April 02, 2013 11:38 AM To: Aaron Cc: cisco-nsp@puck.nether.net Subject: Re: [c-nsp] ipodwdm - asr 9000 On Tue, 2 Apr 2013, Aaron wrote: Any assistance is appreciated show controller dwdm 0/0/0/0 both ends. -- Mikael Abrahamssonemail: swm...@swm.pp.se ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/ ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/ ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] ipodwdm - asr 9000
I just checked this with my collegue... The link from 9k to 9k passes through dwdm filters which filter on channel 35 We pad that link and get around -12 to -15 What do you think about all this ? Aaron -Original Message- From: Pshem Kowalczyk [mailto:pshe...@gmail.com] Sent: Tuesday, April 02, 2013 3:16 PM To: Aaron Cc: cisco-nsp@puck.nether.net Subject: Re: [c-nsp] ipodwdm - asr 9000 Hi, I'm not sure if this is relevant, but channel 53 is 194.55THz and 1540.95nm (see here: http://www.cisco.com/en/US/prod/collateral/modules/ps5455/data_sheet_78-458530.html). 193 THz is channel 22 and 1549.315nm is in fact channel 32. Output on both routers shows the same values, so perhaps they do tune the optics the same way. Is this a direct fibre, or does it go through some other equipment? Also - what's the light budget of the link? kind regards Pshem On 3 April 2013 07:24, Aaron aar...@gvtc.com wrote: Opps, I added those dots ... It looks like this... 9k-1 - Optics Status Optics Type: 10G-TUNABLE-by-CHANNEL, 10G-TUNABLE-by-WAVELENGTH, 9k-2 - Optics Status Optics Type: 10G-TUNABLE-by-CHANNEL, -Original Message- From: cisco-nsp-boun...@puck.nether.net [mailto:cisco-nsp-boun...@puck.nether.net] On Behalf Of Aaron Sent: Tuesday, April 02, 2013 1:12 PM To: 'Mikael Abrahamsson' Cc: cisco-nsp@puck.nether.net Subject: Re: [c-nsp] ipodwdm - asr 9000 Interesting, look what I just saw while comparing is this significant? 9k-1... Optics Status Optics Type: 10G-TUNABLE-by-CHANNEL, 10G-TUNABLE-by-WAVELENGTH, ... 9k-2... Optics Status Optics Type: 10G-TUNABLE-by-CHANNEL, ... -Original Message- From: cisco-nsp-boun...@puck.nether.net [mailto:cisco-nsp-boun...@puck.nether.net] On Behalf Of Aaron Sent: Tuesday, April 02, 2013 12:57 PM To: 'Mikael Abrahamsson' Cc: cisco-nsp@puck.nether.net Subject: Re: [c-nsp] ipodwdm - asr 9000 RP/0/RSP0/CPU0:9k-1#show controller dwdm 0/0/0/0 Tue Apr 2 12:57:25.697 CDT Port dwdm0/0/0/0 Controller State: up Transport Admin State: In Service Loopback: None G709 Status G709 Disabled Connectivity Info Network Port ID: 0/0/0/0 Network Connection ID: 0/0/0/0 Optics Status Optics Type: 10G-TUNABLE-by-CHANNEL, 10G-TUNABLE-by-WAVELENGTH, Wavelength Info: C-Band, MSA ITU Channel=53, Frequency=193.00THz, Wavelength=1549.315nm TX Power = 0.47 dBm RX Power = -16.81 dBm TDC Info TDC Not Supported on the Plim Network SRLG values: Not Configured RP/0/RSP0/CPU0:9k-1# ** * RP/0/RSP0/CPU0:9k-2#show controller dwdm 0/1/0/1 Tue Apr 2 12:55:29.783 CDT Port dwdm0/1/0/1 Controller State: up Transport Admin State: In Service Loopback: None G709 Status G709 Disabled Connectivity Info Network Port ID: 0/1/0/1 Network Connection ID: 0/1/0/1 Optics Status Optics Type: 10G-TUNABLE-by-CHANNEL, Wavelength Info: C-Band, MSA ITU Channel=53, Frequency=193.00THz, Wavelength=1549.315nm TX Power = 0.41 dBm RX Power = -16.02 dBm TDC Info TDC Not Supported on the Plim Network SRLG values: Not Configured RP/0/RSP0/CPU0:9k-2# -Original Message- From: Mikael Abrahamsson [mailto:swm...@swm.pp.se] Sent: Tuesday, April 02, 2013 11:38 AM To: Aaron Cc: cisco-nsp@puck.nether.net Subject: Re: [c-nsp] ipodwdm - asr 9000 On Tue, 2 Apr 2013, Aaron wrote: Any assistance is appreciated show controller dwdm 0/0/0/0 both ends. -- Mikael Abrahamssonemail: swm...@swm.pp.se ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/ ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/ ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/ ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] ipodwdm - asr 9000
Running ios xr 4.1.2 -Original Message- From: Pshem Kowalczyk [mailto:pshe...@gmail.com] Sent: Tuesday, April 02, 2013 3:58 PM To: Aaron Cc: cisco-nsp@puck.nether.net Subject: Re: [c-nsp] ipodwdm - asr 9000 If the filters only allow channel 35 that's what the optics should be tuned to. I'm not sure how to verify that, since clearly you set the channel and yet the show commands do not confirm that. All that comes to mind is to confirm the actual frequencies of those channels on the DWDM filters (we've encountered some incompatibilities with Ericsson OTN equipment - their bands didn't always exactly aligned with ITU channels). What software version are you running on those ASR9k? kind regards Pshem On 3 April 2013 09:50, Aaron aar...@gvtc.com wrote: I just checked this with my collegue... The link from 9k to 9k passes through dwdm filters which filter on channel 35 We pad that link and get around -12 to -15 What do you think about all this ? Aaron -Original Message- From: Pshem Kowalczyk [mailto:pshe...@gmail.com] Sent: Tuesday, April 02, 2013 3:16 PM To: Aaron Cc: cisco-nsp@puck.nether.net Subject: Re: [c-nsp] ipodwdm - asr 9000 Hi, I'm not sure if this is relevant, but channel 53 is 194.55THz and 1540.95nm (see here: http://www.cisco.com/en/US/prod/collateral/modules/ps5455/data_sheet_78-458530.html). 193 THz is channel 22 and 1549.315nm is in fact channel 32. Output on both routers shows the same values, so perhaps they do tune the optics the same way. Is this a direct fibre, or does it go through some other equipment? Also - what's the light budget of the link? kind regards Pshem On 3 April 2013 07:24, Aaron aar...@gvtc.com wrote: Opps, I added those dots ... It looks like this... 9k-1 - Optics Status Optics Type: 10G-TUNABLE-by-CHANNEL, 10G-TUNABLE-by-WAVELENGTH, 9k-2 - Optics Status Optics Type: 10G-TUNABLE-by-CHANNEL, -Original Message- From: cisco-nsp-boun...@puck.nether.net [mailto:cisco-nsp-boun...@puck.nether.net] On Behalf Of Aaron Sent: Tuesday, April 02, 2013 1:12 PM To: 'Mikael Abrahamsson' Cc: cisco-nsp@puck.nether.net Subject: Re: [c-nsp] ipodwdm - asr 9000 Interesting, look what I just saw while comparing is this significant? 9k-1... Optics Status Optics Type: 10G-TUNABLE-by-CHANNEL, 10G-TUNABLE-by-WAVELENGTH, ... 9k-2... Optics Status Optics Type: 10G-TUNABLE-by-CHANNEL, ... -Original Message- From: cisco-nsp-boun...@puck.nether.net [mailto:cisco-nsp-boun...@puck.nether.net] On Behalf Of Aaron Sent: Tuesday, April 02, 2013 12:57 PM To: 'Mikael Abrahamsson' Cc: cisco-nsp@puck.nether.net Subject: Re: [c-nsp] ipodwdm - asr 9000 RP/0/RSP0/CPU0:9k-1#show controller dwdm 0/0/0/0 Tue Apr 2 12:57:25.697 CDT Port dwdm0/0/0/0 Controller State: up Transport Admin State: In Service Loopback: None G709 Status G709 Disabled Connectivity Info Network Port ID: 0/0/0/0 Network Connection ID: 0/0/0/0 Optics Status Optics Type: 10G-TUNABLE-by-CHANNEL, 10G-TUNABLE-by-WAVELENGTH, Wavelength Info: C-Band, MSA ITU Channel=53, Frequency=193.00THz, Wavelength=1549.315nm TX Power = 0.47 dBm RX Power = -16.81 dBm TDC Info TDC Not Supported on the Plim Network SRLG values: Not Configured RP/0/RSP0/CPU0:9k-1# * * * RP/0/RSP0/CPU0:9k-2#show controller dwdm 0/1/0/1 Tue Apr 2 12:55:29.783 CDT Port dwdm0/1/0/1 Controller State: up Transport Admin State: In Service Loopback: None G709 Status G709 Disabled Connectivity Info Network Port ID: 0/1/0/1 Network Connection ID: 0/1/0/1 Optics Status Optics Type: 10G-TUNABLE-by-CHANNEL, Wavelength Info: C-Band, MSA ITU Channel=53, Frequency=193.00THz, Wavelength=1549.315nm TX Power = 0.41 dBm RX Power = -16.02 dBm TDC Info TDC Not Supported on the Plim Network SRLG values: Not Configured RP/0/RSP0/CPU0:9k-2# -Original Message- From: Mikael Abrahamsson [mailto:swm...@swm.pp.se] Sent: Tuesday, April 02, 2013 11:38 AM To: Aaron Cc: cisco-nsp@puck.nether.net Subject: Re: [c-nsp] ipodwdm - asr 9000 On Tue, 2 Apr 2013, Aaron wrote: Any assistance is appreciated show controller dwdm 0/0/0/0 both ends. -- Mikael Abrahamssonemail: swm...@swm.pp.se ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/ ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net
[c-nsp] Is this list not active anymore ? Gossamer - Cisco - uBR
I posted a question on the Gossamer - Cisco - uBR list but that list seems to show very little activity (previous post on december 2012).is the NSP list a better place to ask questions regarding the uBR7246vxr ? .and the nature of my question is related to more the ip side then it is the rf side. I had issues with converting from pure ip to mpls pe and wanted to share with y'all. Aaron ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
[c-nsp] converting cmts from pure ip routing to mpls pe - uBR7246VXR
I have (5) cmts's (uBR7246VXR) ..4 operational and 1 in lab for testing. We have a new mpls network comprised of asr901's, me3600's and asr9k's functioning as p's and pe's. I wanted to move my cmts's off my traditional routed/switched network to my new mpls network. I wanted to have cmts's function as pe's so as to potentially take advantage of the mpls LxVPN's I successfully converted one of my cmts's to pe and it's running nicely, uplinked into p box (me3600). What I did was basically convert wan uplink to mpls, remove igp and replace with core mpls network igp process, and then bring up the expected mp-ibgp and vrf stuff, and then convert all those traditional routing interfaces and services (ntp, logging, aaa and tacacs) to be vrf based..works. Now for the second cmts that I wanted to convert to pe, I've tried twice now and have seen similar strange behavior. wan uplink utilization drops to about 50% of what was previously seen before change..cpu utilization drops from 30-40% utilization to about 0-10%given those observations on the first attempt last week, I left it that way, thinking not too much of it as it was 2:30 a.m. in the morning and was thinking that low utilization at that hour is conceivable. later I got woken up with a phone call from one of my front-line noc network analysts at 7:15 a.m. saying that we had several subs calling in saying that they could not get to most internet web pages but only some were reachable.. (I think the web pages they could get to were our local company web site hosted on-net, and some of our local Akamai and other cached pages)..strangely I could ping and trace to and from those subnets on that cmts to and from internet route server (looking glass) test locations.. I didn't know what to make of this..i couldn't find a problem, so was forced to hurry up and throw the cmts back to old switched/routed network. ..i tried again a few nights ago and saw similar drop in wan utilization and cpu load..not knowing what to make of it, and concerned that subs would be unable to get to web sites that following morning, I moved it back. I don't have a test modem off of this cmts to test with but will need to get one out there if I try again. .I have a tac case open, and I am going to try to reproduce this in the test cmts. (but all previous tests on the lab cmts show good results.and as I mentioned, the other cmts is running fine in mpls net) Difference between the one that worked and the one that doesn't is one is uplinked into me3600 (working one) and the one that didn't work is uplinked into asr9k Interestingly, the module in the asr9k that I uplink that second cmts into, crashed a couple weeks ago..it took a double ecc error and ios xr showed a forced reset on that module..strange.. tac ios xr team said that it's probably an isolated (transient) error and shouldn't happen again, but if it does, they will RMA that 2/20 module in that asr9k. ..several connections are still working on that asr9k linecard and so I didn't think that this second cmts being mpls uplinked through there would be an issue..but I had to mention it since I'm seeing weirdness.. Any thoughts or input would be appreciated. Aaron ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] whoa - asr9k wierd message AND 13 me3600's all rebooted at once!!
requested by: Process ID: 155724 (prm_server) : Thu Mar 14 19:24:00 2013 Configuration : Power is enabled Bootup enabled. Monitoring enabled Rommon Ver : Version 1.03(20100212:011148) IOS SW Ver : 4.1.2 Main Power : Power state Enabled. Estimate power 350 Watts of power required. Faults : N/A --- RP/0/RSP0/CPU0:9k#sh instal summ Fri Mar 15 08:17:44.055 CDT Active Packages: disk0:asr9k-mini-p-4.1.2 disk0:asr9k-doc-p-4.1.2 disk0:asr9k-k9sec-p-4.1.2 disk0:asr9k-mpls-p-4.1.2 disk0:asr9k-mgbl-p-4.1.2 disk0:asr9k-mcast-p-4.1.2 aaron -Original Message- From: cisco-nsp-boun...@puck.nether.net [mailto:cisco-nsp-boun...@puck.nether.net] On Behalf Of Jason Lixfeld Sent: Thursday, March 14, 2013 5:09 PM To: cisco-nsp@puck.nether.net NSP Subject: Re: [c-nsp] whoa - asr9k wierd message AND 13 me3600's all rebooted at once!! What XR version are you running? Trident or Typhoon cards? ME3600s all rebooted at the exact moment the LC crashed? ME3600 crashes with errors/crashinfo? OSPF is your IGP or IGP is something else and OSPF was inside a VRF facing the CE? Is BFD for IGP and/or BFD for BGP enabled? BGP is straight BGP or MP-BPG to the ME3600s? LDP between ASR and ME3600s? I don't have an answer for you, but there are some common elements on my network based on the description you have provided here about your network, so I'm asking probing questions to determine any other similarities. -- Sent from my mobile device On 2013-03-14, at 5:35 PM, Aaron aar...@gvtc.com wrote: Y'all know anything about this? Something bad just happened in my network I have an asr9010 that just showed a 2/20 module fail and come back up. the pe-ce link on that card also showed ospf neighbor state bounce at that moment.AND that asr9010 is a route reflector for several of my pe's throughout my network.. Of those pe's (13) ME3600's running 15.3(1)S ALL REBOOTED!!! ..i have another me3600 running 15.3(1)S that is not running bgp that did not reboot ..i have several other me3600's running pre 15.3 (so 15.2.something) that are running similar config as the rebooted me's, which did NOT reboot Aaron ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/ ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/ ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] whoa - asr9k wierd message AND 13 me3600's all rebooted at once!!
Another commonality the tac pointed out to me amongst my me's that crashed is that they are all running the l2vpn vpls address family. What's 16T? ...16 Ten gig ? Aaron -Original Message- From: Jason Lixfeld [mailto:ja...@lixfeld.ca] Sent: Friday, March 15, 2013 10:01 AM To: Aaron Cc: cisco-nsp@puck.nether.net Subject: Re: [c-nsp] whoa - asr9k wierd message AND 13 me3600's all rebooted at once!! Interesting. I just checked my archives and I have had two instances where LCs have rebooted due to that same error. XR versions spanned 4.2.0 - 4.2.3. You are running older code than I am. Both instances of my LCs f**king off were on two separate ASR9Ks and actually the first time was a 2/20 (on 4.2.0) the second time was a 16T (on 4.2.3) on Jan. 1 (Happy New Year to me! :|) SRs 622594207 and 624325505. Cards were RMAd both times. 15.3(1)S has been out since November and at the time of the LC crash on January 1, I only had 1 ME3600 deployed running 15.3(1)S. It has been up for 100 days, so it lasted beyond the LC crash. At this point, I'm more interested in the theory TAC has about the 15.3(1)S bug that they think might have triggered the reboots. If you can pass me the SR or drop me a note when you find out one way or the other, I'd be grateful. Also, if 15.3(1)S1 fixes that bug, that would be good information as well. On 2013-03-15, at 10:06 AM, Aaron aar...@gvtc.com wrote: 2 tac cases opened...one with ios team for me3600's and one opened with ios xr team Ios Cisco tac is still investigating (they want more crashinfo's and running configs from me) but thus far I have been told that my 2/20 linecard in my asr9010 reloaded due to a double bit error (double ecc (I believe is error correcting code)). Syslogs and cli output below. Ios xr cisco tac team says that he recommends replacing linecard if/when it happens a second time Ios Tac eng said that when a bit changes in memory, it's correctable, but when two bits change then it's uncorrectable and a reload on that linecard occurs. Ios Tac eng said that the lincecard in the asr9k seems to have crashed prior to the me3600's reloading. This seems to be seen also in that the syslog messages regarding the bgp down messages with those me3600's started happening a few minutes after 14:22:38 (when the asr9k linecard crashed)i think bgp keepalives default to 60 seconds and a bgp neighbor session doesn't time out until 180 seconds ( I think 3*keepalives) Here is the cli output for that card ...Last Reset : pfm_dev_sm_perform_recovery_action, Card reset requested by: Process ID: 155724 (prm_server) : Thu Mar 14 19:24:00 2013 Did you see that process id number ? 155724.you will also see that pid in the syslog messages. That's when the asr9k linecard reloaded and seems to have caused (13) of my me3600's to reboot! These 13 me3600's are as follows All run 15.3(1)S. they are scattered throughout my network...sparsely located here and thereno real physical commonality among them. All of these 13 me3600's run Mp-iBGP with dual RouteReflectorsone of the RR's is on that asr9010. This mpibgp is for mpls l3vpn's. the pe-ce on the me3600's is directly connected routing...that's it. The pe-ce in my core to connect to my legacy ip net is ospf from dual pe-ce feeds for redundancy. The pe-ce dual links are between dual asr9k/7609-s pairs.the asr9k's are in fact the dual rr's also. One of them is that asr9010 that had a lincecard crash. Speculation I heard from ios tac yesterday reqarding the me3600 crash was maybe related to a cef route change bug in 15.3(1)S. seems that perhaps when the asr9010 linecard crashed, the several hundred routes learned via that pe-ce connection to the legacy 7609 propogated over the l3vpn and into the me3600's, thus causing them to do cef/fib convergence and possible converge over to the other asr9k/7609 locationBUT this is only speculation about that being the cause of the me3600 reloads for now more on that to come later hopefully from ios tac when I give them more crashinfo's and running configs... Bare in mind, I have (4) more me3600's config'd same way as the crashed ones and the DID NOT rebootthose (4) run 15.2.2S or 15.2.4.S1 Syslog messages... 2013-03-14 14:22:38 Local7.Emerg9k 16328: LC/0/1/CPU0:Mar 14 14:24:00.733 : pfm_node_lc[267]: %PLATFORM-NP-0-HW_DOUBLE_ECC_ERROR : Set|prm_server[155724]|Network Processor Unit(0x1007001)|NP DOUBLE ECC ERROR, NP=1, memId=18, subMemId=0x1 2013-03-14 14:22:38 Local7.Emerg9k 16329: LC/0/1/CPU0:Mar 14 14:24:00.736 : pfm_node_lc[267]: %PLATFORM-PFM-0-CARD_RESET_REQ : pfm_dev_sm_perform_recovery_action, Card reset requested by: Process ID: 155724 (prm_server), Fault Sev: 0, Target node: 0/1/CPU0, CompId: 0x1f, Device Handle: 0x1007001, CondID: 1001, Fault Reason: NP DOUBLE ECC ERROR
Re: [c-nsp] timezone setting in networking gear; local, HQ, or UTC?
Most large networks usually use UTC. It makes it easy to collaborate network events across the whole network. Of course, as long as the network is all set to the same TZ then you that shouldn't be a issue. On Thu, Mar 14, 2013 at 11:18 AM, Deny IP Any Any denyipany...@gmail.comwrote: my company is east-coast US, but now we're expanding West; for the first time we'll have routers/switches/etc in a different time zone. How does everyone else handle time zone settings on a network that spans multiple time zones? We've discussed internally about the pros/cons of setting them to their local timezone, or to match the timezone of HQ, or to just set everything as UTC. -- deny ip any any (4393649193 matches) ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/ ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
[c-nsp] whoa - asr9k wierd message AND 13 me3600's all rebooted at once!!
Y'all know anything about this? Something bad just happened in my network I have an asr9010 that just showed a 2/20 module fail and come back up. the pe-ce link on that card also showed ospf neighbor state bounce at that moment.AND that asr9010 is a route reflector for several of my pe's throughout my network.. Of those pe's (13) ME3600's running 15.3(1)S ALL REBOOTED!!! ..i have another me3600 running 15.3(1)S that is not running bgp that did not reboot ..i have several other me3600's running pre 15.3 (so 15.2.something) that are running similar config as the rebooted me's, which did NOT reboot Aaron ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
[c-nsp] summary, but leak a couple
In ios xr how would I summarize all more specific's within this range, BUT leak a more specifics ? router bgp 64512 vrf one rd 1.1.1.1:1 address-family ipv4 unicast aggregate-address 10.0.0.0/8 summary-only but I want to leak, 10.10.10.0/24 how would I do that ? Aaron ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] Upgrading 12K IOS XR from 3.6 to 4.2
Have you looked to see if you download the rommon separately? On Tue, Mar 5, 2013 at 10:48 AM, ibogzipper iboge ibogzip...@gmail.comwrote: Thanks Grzegorz, down time window is the problem to go for 2 steps . rommon upgrades are in the FPD package but if i want to do the turboboot there is no way that i can install the new pie c12k-fpd.pie-4.2.4 on 3.6.2 and upgrade the rommon . is there any package that i can copy and upgrade the rommon like CRS .Cisco document mention about 3.x to 4.x with c12k-upgrade.pie-4.2.4 package but still confusing about direct 4.2 upgrade. On Tue, Mar 5, 2013 at 4:44 PM, Grzegorz Janoszka grzeg...@janoszka.pl wrote: On 05-03-13 14:01, ibogzipper iboge wrote: Hi, I'm in the process of upgrading 12K IOS XR from 3.6 to 4.2. But according to cisco upgrade path its seems to be from 3.6 - 3.9 , 3.9 - 4.2 ( http://www.cisco.com/web/Cisco_IOS_XR_Software/index.html#XR12000) . therefore i'm wondering that whether i can do turboboot . but there is no reference regarding the minimum rommon required to load the 4.2 IOS XR in turboboot ( min required is 1.24) . Also to upgrade the rommon there is no package available on the download section ( archive also doesn't have package) . Anyone having previous experience on 3.6 - 4.2 upgrade ? As far as I remember you may need to repartition in order to the the upgrade and/or upgrade your flash. We didn't do as big step as you plan to do, and indeed the intermediate upgrade to 3.9 may be necessary. Please check the Cisco upgrade procedure, they are very good in describing what you can and what you can't. The rommon upgrades are in the fpd package, it is also very well described in Cisco docs. Please note some important SMU's for 4.2, some of them are reboot SMU's. -- Grzegorz Janoszka ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/ ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/ ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
[c-nsp] bgp aggregate address
vrf oneone rd 10.0.0.55:11 address-family ipv4 unicast aggregate-address 12.12.12.0/24 summary-only it seems that if I have a loopback interface with ipv4 addr 12.12.12.1 255.255.255.0 that it will not kickoff that bgp aggregate advertisement, BUT, if I delete the loopback interface and from another router elsewhere, inject via igp (ospf) that route for 12.12.12.0/24 then bgp will aggregate and send out the aggregate address summary. Is it true that a member subnet of an aggregate address LOCALLY configured on a loopback WILL NOT be enough to cause bgp aggregate address to kick in ? Aaron ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] bgp aggregate address
No. loopback connected network showed up in rib but not in bgp table. -Original Message- From: Adam Vitkovsky [mailto:adam.vitkov...@swan.sk] Sent: Thursday, February 28, 2013 7:29 AM To: 'Aaron'; cisco-nsp@puck.nether.net Subject: RE: [c-nsp] bgp aggregate address Did you get the prefix of the locally configured loopback into bgp table please? adam -Original Message- From: cisco-nsp-boun...@puck.nether.net [mailto:cisco-nsp-boun...@puck.nether.net] On Behalf Of Aaron Sent: Thursday, February 28, 2013 2:14 PM To: cisco-nsp@puck.nether.net Subject: [c-nsp] bgp aggregate address vrf oneone rd 10.0.0.55:11 address-family ipv4 unicast aggregate-address 12.12.12.0/24 summary-only it seems that if I have a loopback interface with ipv4 addr 12.12.12.1 255.255.255.0 that it will not kickoff that bgp aggregate advertisement, BUT, if I delete the loopback interface and from another router elsewhere, inject via igp (ospf) that route for 12.12.12.0/24 then bgp will aggregate and send out the aggregate address summary. Is it true that a member subnet of an aggregate address LOCALLY configured on a loopback WILL NOT be enough to cause bgp aggregate address to kick in ? Aaron ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/ ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] bgp aggregate address
Opps, misspoke about the injected via igp (ospf) statement. Remote router (R1) Router trying to do aggregate route on (R2) R1 --- mpls l3vpn --- R2 So this is how R1 sends the route to R2 R1 has redis connected within the vrf context under bgp. -Original Message- From: cisco-nsp-boun...@puck.nether.net [mailto:cisco-nsp-boun...@puck.nether.net] On Behalf Of Phil Mayers Sent: Thursday, February 28, 2013 7:55 AM To: cisco-nsp@puck.nether.net Subject: Re: [c-nsp] bgp aggregate address On 28/02/13 13:38, Aaron wrote: No. loopback connected network showed up in rib but not in bgp table. Well.. then this is expected behaviour. BGP won't aggregate things unless they're in BGP. Presumably you are doing redis ospf (shudder) which is why the 2nd case worked. ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/ ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] me3600x tengig sfp problem
Fixed. we got 2 other sfp's from another ME3600 in our network and put them in the (2) me3600's that were showing problems with those previous sfps, and they work fine. apparently those other (3) SFP's we had were from a bad batch or something. Aaron -Original Message- From: Pshem Kowalczyk [mailto:pshe...@gmail.com] Sent: Friday, February 22, 2013 5:53 PM To: Aaron Cc: cisco-nsp@puck.nether.net Subject: Re: [c-nsp] me3600x tengig sfp problem Hi, On 23 February 2013 06:08, Aaron aar...@gvtc.com wrote: weird, look what happens... Feb 22 09:05:04: %PHY-4-SFP_NOT_SUPPORTED: The SFP in Te0/1 is not supported Feb 22 09:05:04: %PM-4-ERR_DISABLE: gbic-invalid error detected on Te0/1, putting Te0/1 in err-disable state Feb 22 09:05:04: local_port_disable for: Te0/1 xcvr-disable failed The fact that is has Cisco logo on it doesn't mean much these days, every platform and software version might have its own compatibility problems. Please check the list at the bottom of this document: http://www.cisco.com/en/US/prod/collateral/switches/ps6568/ps10956/data_sheet_c78-601946.html for the list of compatible optics. kind regards Pshem ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] ASR901 to ME3600X xconnect
Looks like the attachment circuit is down on the me3600 (int g0/11 not up up ?). That will cause the pw to not come up as I recall Aaron -Original Message- From: cisco-nsp-boun...@puck.nether.net [mailto:cisco-nsp-boun...@puck.nether.net] On Behalf Of Pshem Kowalczyk Sent: Thursday, February 28, 2013 3:35 PM To: cisco-nsp@puck.nether.net Subject: [c-nsp] ASR901 to ME3600X xconnect Hi, I'm testing an asr901. We're looking at using for l2vpn termination. For some reason the xconnect refuses to stand up between asr901 and me3600x. Similar setup between two 3600x works fine. Relevant config on the asr901: ! hostname asr901A ! boot system flash:/asr901-universalk9-mz.152-2.SNH1.bin mpls label protocol ldp mpls ldp discovery targeted-hello accept mpls traffic-eng tunnels bridge-domain 2 l2 router-id 10.123.129.3 ! interface Loopback0 ip address 10.123.129.3 255.255.255.255 ! interface Tunnel3000 ip unnumbered Loopback0 mpls ip tunnel mode mpls traffic-eng tunnel destination 10.123.129.1 tunnel mpls traffic-eng autoroute announce tunnel mpls traffic-eng path-option 1 dynamic tunnel mpls traffic-eng record-route tunnel mpls traffic-eng fast-reroute ! interface GigabitEthernet0/0 duplex full no negotiation auto service instance 1 ethernet encapsulation dot1q 17 rewrite ingress tag pop 1 symmetric xconnect 10.123.29.1 4321 encapsulation mpls mtu 1500 ! ! interface Vlan2 mtu 9216 description to me3600x ip address 10.123.29.6 255.255.255.252 ip router isis vc-core mpls traffic-eng tunnels clns mtu 9083 isis network point-to-point isis metric 10 ! router isis vc-core net 49.0001.0101.2312.9003.00 is-type level-2-only ispf level-2 metric-style wide set-overload-bit on-startup wait-for-bgp spf-interval 5 50 200 prc-interval 5 50 200 lsp-gen-interval 5 50 200 log-adjacency-changes passive-interface default no passive-interface Vlan2 mpls traffic-eng router-id Loopback0 mpls traffic-eng level-2 on the ME3600X the xconnect looks like this: interface GigabitEthernet0/11 description not in use switchport trunk allowed vlan none switchport mode trunk mtu 9100 service-policy output PM-INT-1G-OUT service instance 17 ethernet encapsulation dot1q 4094 rewrite ingress tag pop 1 symmetric xconnect 10.123.29.3 4321 encapsulation mpls mtu 1500 I can see the ISIS and LDP up between asr901 and me3600x: asr901A#sh mpls ldp neighbor Peer LDP Ident: 10.123.129.1:0; Local LDP Ident 10.123.129.3:0 TCP connection: 10.123.129.1.646 - 10.123.129.3.26629 State: Oper; Msgs sent/rcvd: 1207/1201; Downstream Up time: 17:22:15 LDP discovery sources: Targeted Hello 10.123.129.3 - 10.123.129.1, active, passive Targeted Hello 10.123.129.3 - 10.123.29.1, active Addresses bound to peer LDP Ident: 10.123.129.110.123.29.5 10.123.29.1 asr901A#sh isis neighbors Tag vc-core: System Id Type Interface IP Address State Holdtime Circuit Id accr01cgr L2 Vl2 10.123.29.5 UP24 01 Yet the actual vc doesn't come up: asr901A#sh mpls l2transport vc detail Local interface: Gi0/0 up, line protocol up, Eth VLAN 17 up Destination address: 10.123.29.1, VC ID: 4321, VC status: down Last error: Local peer access circuit is down Output interface: none, imposed label stack {} Preferred path: not configured Default path: no route No adjacency Create time: 00:17:34, last status change time: 00:13:54 Signaling protocol: LDP, peer 10.123.129.1:0 up Targeted Hello: 10.123.129.3(LDP Id) - 10.123.29.1, LDP is DOWN, no binding Status TLV support (local/remote) : enabled/None (no remote binding) LDP route watch : disabled Label/status state machine: local ready, LruRnd Last local dataplane status rcvd: No fault Last BFD dataplane status rcvd: Not sent Last BFD peer monitor status rcvd: No fault Last local AC circuit status rcvd: No fault Last local AC circuit status sent: Not sent Last local LDP TLV status sent: No fault Last remote LDP TLVstatus rcvd: None (no remote binding) Last remote LDP ADJstatus rcvd: None (no remote binding) MPLS VC labels: local 16, remote unassigned Group ID: local 0, remote unknown MTU: local 1500, remote unknown Remote interface description: Sequencing: receive disabled, send disabled Control Word: On (configured: autosense) Dataplane: SSM segment/switch IDs: 0/0 (used), PWID: 2 VC statistics: transit packet totals: receive 0, send 0 transit byte totals: receive 0, send 0 transit packet drops: receive 0, seq error 0, send 0 The error 'Local peer access circuit is down' is all I get on the 901, on the me3600x I get: accr01cgr#sh mpls l2transport vc 4321 detail Local interface: Gi0/11 up, line protocol up, Eth VLAN 4094 down Destination address: 10.123.29.3, VC ID: 4321
[c-nsp] me3600x tengig sfp problem
weird, look what happens... Feb 22 09:05:04: %PHY-4-SFP_NOT_SUPPORTED: The SFP in Te0/1 is not supported Feb 22 09:05:04: %PM-4-ERR_DISABLE: gbic-invalid error detected on Te0/1, putting Te0/1 in err-disable state Feb 22 09:05:04: local_port_disable for: Te0/1 xcvr-disable failed it doesn't show up in show inventory i bounce port and it comes out of err-dsbld but it still doesn't come up Feb 22 09:06:53: %LINK-5-CHANGED: Interface TenGigabitEthernet0/1, changed state to administratively down Feb 22 09:06:54: %SYS-5-CONFIG_I: Configured from console by vty0 (192.168.150.91) Feb 22 09:06:55: %LINK-3-UPDOWN: Interface TenGigabitEthernet0/1, changed state to down comparing the working tengig int in 0/2... only difference is SFP-ER is not seen on problematic one 3600#sh int ten0/2 | in Trans Transport mode LAN (10GBASE-R, 10.3125Gb/s), media type is SFP-ER 3600#sh int ten0/1 | in Trans Transport mode LAN (10GBASE-R, 10.3125Gb/s), media type is my field tech tells me that the sfp does have the cisco logo on it. (cisco tac on the phone looking up serial number right now) look what my collegue found on the internet... undoc command service unsupported-transceiver no errdisable detect cause gbic-invalid but this still doesn't make it work. i tried 2 different me3600 chassis and 2 different sfp's. same result. field tech using light meter sees NO LIGHT coming right off sfp me3600x running 15.3(1)S Aaron ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
[c-nsp] netflow
Anyone know of a good, free, netflow collector ? I would like to be able to send netflow data from my routers to this collector and be able to look for usage statistics of my customers, bandwidth heavy users, strange spikes I see on mrtg I would like to be able to see where and who is doing that or where an attack is coming from. Aaron ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] Trace-route change path by changing the DNS.
The IPs shouldn't change. Do you have an example? On Thu, Feb 14, 2013 at 7:07 AM, zaid zaidoo...@yahoo.com wrote: Hi Why is the trace-route results give you different path and hops when changing the DNS server for the same source/destination. any informative notes ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/ ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] ip tcp adjust-mss
Must a difference in worlds. I'm coming from Tier 1 ISP. Enterprise, yes I see your point. On Mon, Feb 11, 2013 at 4:51 PM, Mack McBride mack.mcbr...@viawest.comwrote: It is common practice because people do not control all of the MTU sizes** ** on all of the links in their network. If you control all of the links you raise the MTU. Sometimes that isn’t an option due to providers or legacy equipment (sometimes equals more often than not). I never said it was good, I said it was common. In a follow up response I compared it to smoking and drinking. Lots of people do it but it doesn’t make it healthy. I am suffering in the fourth year of trying to get such a link replaced.** ** Thankfully it is the last one. At least till we make another acquisition.* *** ** ** LR Mack McBride Network Architect ** ** *From:* Aaron [mailto:dudep...@gmail.com] *Sent:* Monday, February 11, 2013 2:44 PM *To:* Mack McBride *Cc:* Eric A Louie; Cisco NSP *Subject:* Re: [c-nsp] ip tcp adjust-mss ** ** Disagree, it is not a common practice. You should make your MTU large enough. ** ** On Mon, Feb 11, 2013 at 3:54 PM, Mack McBride mack.mcbr...@viawest.com wrote: This is very common practice and practically everyone does it. Usually if you have your own backbone you enlarge the backbone packet size though. Sometimes that isn't an option due to provider switches in the path. LR Mack McBride Network Architect -Original Message- From: cisco-nsp-boun...@puck.nether.net [mailto: cisco-nsp-boun...@puck.nether.net] On Behalf Of Eric A Louie Sent: Monday, February 11, 2013 12:56 PM To: Cisco NSP Subject: [c-nsp] ip tcp adjust-mss I just put in this command on my upstream interfaces to help my mpls network pass traffic - that is, my effort to eliminate fragmentation in my backbone. Is anyone else using this method of mtu control? I need some support - my CEO is asking why I have to do this, and who else does it, and is it a common practice, etc, so I'm looking for evidence, more than just The Cisco TAC told me to do it. thanks Much appreciated, Eric ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/ ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/ ** ** ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] ip tcp adjust-mss
At the interface level. On Mon, Feb 11, 2013 at 3:58 PM, Eric A Louie elo...@yahoo.com wrote: Ok, maybe I'm missing the obvious, but within my backbone, I can't just increase the MTU across the Ethernet links. router (config-if)#ip mtu ? 68-1500 MTU (bytes) Unless this is the mtu you refer to router (config-if)#mtu ? 1500-9800 MTU size in bytes Much appreciated, Eric From: Saku Ytti s...@ytti.fi To: cisco-nsp@puck.nether.net Sent: Mon, February 11, 2013 12:33:53 PM Subject: Re: [c-nsp] ip tcp adjust-mss On (2013-02-11 11:56 -0800), Eric A Louie wrote: Is anyone else using this method of mtu control? I need some support - my CEO is asking why I have to do this, and who else does it, and is it a common practice, etc, so I'm looking for evidence, more than just The Cisco TAC told me to do it. Very common hack to deal when tunneling is involved in middle of the network, and reducing client MTU is not practical. But I'm really surprised you'd need it in this situation, usually you can increase your core MTU to carry MPLS labels while still delivering customers 1500B. Mostly while quite ugly hack, it just works. Sometimes you run into some poor application which send MTU size UDP frames and expect them to be delivered, those customers would not be happy. -- ++ytti ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/ ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/ ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] ip tcp adjust-mss
Disagree, it is not a common practice. You should make your MTU large enough. On Mon, Feb 11, 2013 at 3:54 PM, Mack McBride mack.mcbr...@viawest.comwrote: This is very common practice and practically everyone does it. Usually if you have your own backbone you enlarge the backbone packet size though. Sometimes that isn't an option due to provider switches in the path. LR Mack McBride Network Architect -Original Message- From: cisco-nsp-boun...@puck.nether.net [mailto: cisco-nsp-boun...@puck.nether.net] On Behalf Of Eric A Louie Sent: Monday, February 11, 2013 12:56 PM To: Cisco NSP Subject: [c-nsp] ip tcp adjust-mss I just put in this command on my upstream interfaces to help my mpls network pass traffic - that is, my effort to eliminate fragmentation in my backbone. Is anyone else using this method of mtu control? I need some support - my CEO is asking why I have to do this, and who else does it, and is it a common practice, etc, so I'm looking for evidence, more than just The Cisco TAC told me to do it. thanks Much appreciated, Eric ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/ ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/ ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] Switch lights rapid blinking
Sh int | in 5 min Look for high numbers Or clear counters then do Sh int | in 5 min see if you have rapidly increasing numbers could indicate forwarding loop or jabbering device perhaps look for lots of one direction in or out but not opposite direction. If you find a strange port shut it down and perhaps see what lights do Sh proc cpu his --- is it high? Sh log - mac flapping? Perhaps enable mac-move aaron -Original Message- From: cisco-nsp-boun...@puck.nether.net [mailto:cisco-nsp-boun...@puck.nether.net] On Behalf Of Jeffrey G. Fitzwater Sent: Monday, January 28, 2013 2:09 PM To: a.l.m.bu...@lboro.ac.uk Cc: cisco-nsp@puck.nether.net Subject: Re: [c-nsp] Switch lights rapid blinking Alan, there are many normal things that can cause this, like ARP broadcast, unknown unicast especially in a large flat nets. I would start there, but remember it might be normal. Jeff Fitzwater OIT Network Systems Princeton University wrote: Hi, Can someone please point me in the right direction to correct this issue. I came into a network that is using the default vlan and for about 2 weeks now, every switch and port is rapidly blinking. I looked at wireshark and don't seen anything out of the ordinary. I also checked for loops in the network and don't see any. Is there some tool I can use to track down what is causing this? I'm running cisco 2960's all over. if all the usual things are okay - ie spanning-tree is stable, there are no links going up/down, you have eg portfast for edge devices etc etc then perhaps all you are seeing are the usual busy lights for cisco LEDs - what sort of rapid blinking? all blinking at same time? have you done a port-mirror of the uplink to see what is really going on? alan ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/ ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/ ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] stp on me3600 on efp's with locally connected older switch
This is an option. Thanks Adam, and it works with efp (si) command l2protocol tunnel stpi tested it out good. However, here's another challenge I'm up against... the fact that I have Occam Networks DSLAMS (now Calixincluding Ross as he deals with this gear and perhaps has suggestions) directly connecting (dual uplinks for redundancy acorss dslam blades) to the ME3600 and the occam blc's DO NOT run spanning tree, as a matter of fact they look like a wire to a spanning tree speaker (cisco switch, me3600, etc). In which case I've typically used the cisco switch stp as the flow throw the dslams and back into the cisco switch and then the cisco switch sees the loop and blocks one of it's interfaces. so I need to deal with that LOCALLY to that ME3600 don't I. ? So from what Christian and Reuben mentioned also, I either need to - figure out how to run 802.1s (MSTP) on the EFP in ME3600 and interact with the neighboring 4500 (which stp, 802.1d, pvst+) OR - forget the efp deal on ME3600 and go back to the vanilla switchport trunking way of doing business and run pvst+ (rstp) on me3600 and stp neighbor with 4500 normally with pv(r)stp+ Any other thoughts/ideas gents? BTW, here's what I'm doing Network has been for years like thisso basically flat collapsed ip core whereas same vlan from customer and default gw is on dual 7609's Dslams4500--(1q vlans)--dual 7609's routed svi's w/hsrp Now I'm moving this to Dslams4500--(1q vlans)me3600/pe---(mpls core of 9k p's, vlans from previous design migrated into vpls)-dual 9k's bvi's w/hsrp Aaron -Original Message- From: Adam Vitkovsky [mailto:adam.vitkov...@swan.sk] Sent: Friday, January 25, 2013 2:30 AM To: 'Aaron'; cisco-nsp@puck.nether.net Subject: RE: [c-nsp] stp on me3600 on efp's with locally connected older switch Hi Aaron, Wouldn't the tunneling of STP and letting CE switches to block out the redundant paths an option? adam ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
[c-nsp] stp on me3600 on efp's with locally connected older switch
Need to run stp on me3600 on efp and peer out that interface with older cisco 4500. Here's what I did.. ME3600 #sh run in g0/22 interface GigabitEthernet0/22 switchport trunk allowed vlan none switchport mode trunk service instance 675 ethernet encapsulation dot1q 675 rewrite ingress tag pop 1 symmetric l2protocol peer stp bridge-domain 675 ME3600 #sh span vl 675 Spanning tree instance(s) for vlan 675 does not exist. .4500 that this me3600 is connected to is showing. (no rcv'd bpdu's) 4506#sh span in g6/22 Vlan Role Sts Cost Prio.Nbr Type --- - VLAN0675 Desg FWD 4 128.342 P2p 4506#sh span in g6/22 de | in BPDU BPDU: sent 218, received 0 4506#sh run in g6/22 interface GigabitEthernet6/22 switchport trunk encapsulation dot1q switchport trunk allowed vlan 675 switchport mode trunk And if anyone has any suggestions about designing loop prevention via me3600's when I'm connecting legacy vlans over vpls via my mpls cloud then fire away. Aaron ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] stp on me3600 on efp's with locally connected older switch
Ugh, I asked this question like a month ago! I knew it seemed familiar :) thanks folks for putting up with me :) Hey! Did y'all know that efp's only support MSTP !! lol http://www.mail-archive.com/cisco-nsp@puck.nether.net/msg48863.html Aaron ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] stp on me3600 on efp's with locally connected older switch
http://www.cisco.com/en/US/docs/switches/metro/me3600x_3800x/software/release/15.3_1_S/configuration/guide/swevc.html#wp1002521 I think this is what I was looking for efp's only support mstp. Thanks Pshem Aaron -Original Message- From: Aaron [mailto:aar...@gvtc.com] Sent: Thursday, January 24, 2013 2:26 PM To: 'Pshem Kowalczyk' Cc: 'cisco-nsp@puck.nether.net' Subject: RE: [c-nsp] stp on me3600 on efp's with locally connected older switch Why does l2protocol peer stp show up as an option if it's not supported? Is that one of those things with ios that commands are there but don't work type of thing? ...anyway, is MST (802.1s) supported on efp's? Aaron sv-b-ME3600-test# sv-b-ME3600-test#conf t Enter configuration commands, one per line. End with CNTL/Z. sv-b-ME3600-test(config)#int g0/22 sv-b-ME3600-test(config-if)#service instance 675 ethernet sv-b-ME3600-test(config-if-srv)#l2protocol peer ? cdp Cisco Discovery Protocol dtp Dynamic Trunking Protocol lacp LACP Protocol lldp Link Layer Discovery Protocol pagp Port Aggregation Protocol stp Spanning Tree Protocol udld UDLD Protocol vtp Vlan Trunking Protocol cr -Original Message- From: Pshem Kowalczyk [mailto:pshe...@gmail.com] Sent: Thursday, January 24, 2013 1:43 PM To: Aaron Cc: cisco-nsp@puck.nether.net Subject: Re: [c-nsp] stp on me3600 on efp's with locally connected older switch Hi, On 25 January 2013 06:17, Aaron aar...@gvtc.com wrote: Need to run stp on me3600 on efp and peer out that interface with older cisco 4500. Here's what I did.. {cut} And if anyone has any suggestions about designing loop prevention via me3600's when I'm connecting legacy vlans over vpls via my mpls cloud then fire away. EFPs don't support STP. You should be able to configure the interface as a regular trunk and then run STP across it. Peering only applies to CDP, UDLD, LLDP, MSTP, LACP, PAgP, VTP, and DTP: http://www.cisco.com/en/US/docs/switches/metro/me3600x_3800x/software/release/15.3_1_S/configuration/guide/swevc.html#wp1056594 kind regards Pshem ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
[c-nsp] unknown unicast flooding - particularly regarding fhrp's
What do y'all know about the effects of implementing fhrp's (glbp, hsrp, vrrp) WITH route diversity from the distribution (fhrp router) to the internet. (which I'd imagine is a pretty typical scenario in HA nets) I mean as packets arrive from the internet to the non-active fhrp router, then this router probably won't have arp entries (perhaps at 4 hour timeouts it will) but it more than likely won't have bridge table entries, nor will the L2 distribution / access devices have bridge table entries (at 300 secs aging probably not) How does constant unknown unicast flooding affect networks? Better yet, how to design in mitigation ? is it all about lower arp timeouts below 300 secs so to artificially prop-up bridge tables and keep them fresh? My goodness that's making arp very busy. This is also being asked since I'm suspecting this behavior on my asr9k's via their bvi's (hsrp'd) since they have separate internet uplinks and I'm suspecting unknown unicast flooding from the non-active hsrp asr9k over the vpls domain towards customers. (but ugh, my dual 7609's over my legacy net have been running like this forever!) Aaron ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] unknown unicast flooding - particularly regarding fhrp's
Arp timers are central, bridge timers are more distributed Arp timers I believe are specific to svi/bvi/routed interfaces, bridge timers I believe are more global and may not be vlan specific Those 2 items would lead me to think arp timers would be the best place to adjust Thanks -Original Message- From: Mikael Abrahamsson [mailto:swm...@swm.pp.se] Sent: Monday, January 21, 2013 11:18 AM To: Aaron Cc: cisco-nsp@puck.nether.net Subject: Re: [c-nsp] unknown unicast flooding - particularly regarding fhrp's On Mon, 21 Jan 2013, Aaron wrote: How does constant unknown unicast flooding affect networks? Better yet, how to design in mitigation ? is it all about lower arp timeouts below 300 secs so to artificially prop-up bridge tables and keep them fresh? My goodness that's making arp very busy. Make sure your arp timeouts are aligned with your bridge timeouts (keep arp timers lower than bridge timeouts). Easiest way to do it is (as you say) lower arp timers. Another way is of course to raise bridge timeouts. -- Mikael Abrahamssonemail: swm...@swm.pp.se ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] unknown unicast flooding - particularly regarding fhrp's
Ha love it. Thanks Nick What is the definition of large L2 domain please. ? Aaron -Original Message- From: Nick Hilliard [mailto:n...@foobar.org] Sent: Monday, January 21, 2013 11:12 AM To: Aaron Cc: cisco-nsp@puck.nether.net Subject: Re: [c-nsp] unknown unicast flooding - particularly regarding fhrp's On 21/01/2013 16:56, Aaron wrote: is it all about lower arp timeouts below 300 secs so to artificially prop-up bridge tables and keep them fresh? My goodness that's making arp very busy. It's all about keeping the cam timeout on your switch higher than the arp timeout on your routers and servers. ARP won't be particularly busy because you're not going to have large L2 domains, right? Right? Nick ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] unknown unicast flooding - particularly regarding fhrp's
No arp entry, means router arps out to resolve l2 mac address of course No answer to first ping is common and I recently read that it has something to do with CEF throttling while it builds adjacency table entry about the 5 minute arp timeout scenarioi believe that there is something within cisco ios that when the arp timeout period elapses, (and I believe it might be at half-life of timeout perios or something like that) that the router itself actually proactively arp's out even before real traffic is coming for that destinationin other words I think the router tries to reach out to the pre-existing arp entries to see if they still exist at arp timer halflife or something like that. I think I saw that while doing debug arp or something like that one day a while back aaron -Original Message- From: cisco-nsp-boun...@puck.nether.net [mailto:cisco-nsp-boun...@puck.nether.net] On Behalf Of Lee Sent: Monday, January 21, 2013 12:23 PM To: cisco-nsp@puck.nether.net Subject: Re: [c-nsp] unknown unicast flooding - particularly regarding fhrp's On 1/21/13, Aaron aar...@gvtc.com wrote: Arp timers are central, bridge timers are more distributed Arp timers I believe are specific to svi/bvi/routed interfaces, bridge timers I believe are more global and may not be vlan specific Those 2 items would lead me to think arp timers would be the best place to adjust What happens when the router doesn't have an arp entry? When I ping an idle host I don't get an answer to the first ping. So if you set the arp timeout to 5 minutes does that mean the 1st packet to a host that's been idle = 5 minutes is dropped? Thanks, Lee ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/ ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] list wisdom please, Cisco switches
I was thinking me3600x as that is what I use in a similar fashion, am currently testing 6 VPE nicely too. (ipv6 over mpls l3vpn) and they have a couple 10 gig interfaces. Aaron -Original Message- From: cisco-nsp-boun...@puck.nether.net [mailto:cisco-nsp-boun...@puck.nether.net] On Behalf Of Blake Dunlap Sent: Monday, January 14, 2013 8:44 PM To: Andrew Miehs Cc: cisco-nsp@puck.nether.net Subject: Re: [c-nsp] list wisdom please, Cisco switches i dont know if i'd do 2960s here. Perhaps the me series maybe a 3600? On Mon, Jan 14, 2013 at 7:33 PM, Andrew Miehs and...@2sheds.de wrote: How long is a piece of string? You need to work out your architecture first - then you can find your switches. Are you sure you want L3 functionality in the common room, or would it not be enough to run the SVIs from the PoP? I would probably use a 2960S in the common rooms, and run VSS 6500s in the PoP. I would have all the L3 functionality done on the 6500. You should also think about how you want to stop Tenant A seeing Tenant B's traffic - private vlans, etc? Regards Andrew On Tue, Jan 15, 2013 at 11:29 AM, John Brown j...@citylinkfiber.com wrote: Hi, We are looking to install cisco switches to feed an apartment complex with internet. Each unit has a Cat5e cable back to a common room. We have our own fiber into the common room that goes back to our pop. We want to provide 10/100/1000 service options to the tenants. The backhaul today will be 2 GigE ports, but would like in future to push 10Gig ports by replacing SFP with SFP+'s Don't need PoE. Do need to keep tenant A from being able to see tenant B's network. Each switch needs to be no more than 24 ports (1 switch per Telco room per floor) Need IPv4 and IPv6 (v6 is a must), Layer 3 and other goodies Thoughts on which models ?? Thanks ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/ ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/ ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/ ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] list wisdom please, Cisco switches
I wonder if it isn't the not ping local to bcast domain aspects of private vlans that make them attractive as much as it's the layer 2 protection you get to mitigate attacks on arp, mac table corruption/flooding, etc. Aaron -Original Message- From: cisco-nsp-boun...@puck.nether.net [mailto:cisco-nsp-boun...@puck.nether.net] On Behalf Of Nick Hilliard Sent: Tuesday, January 15, 2013 9:58 AM To: Alex Pressé Cc: cisco-nsp@puck.nether.net Subject: Re: [c-nsp] list wisdom please, Cisco switches On 15/01/2013 15:30, Alex Pressé wrote: Using private VLANs should make quick work of keeping traffic separate. I don't get why people shouldn't be able to ping each other / etc. Isn't this traffic functionally equivalent to any other Internet traffic? What's different about it? Nick ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/ ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] show command for active multicast kbps rate
Sh mfib route rate Thanks! Aaron From: Erçin TORUN [mailto:ercinto...@gmail.com] Sent: Monday, January 14, 2013 6:18 AM To: John Neiberger Cc: Aaron; Adam Vitkovsky; cisco-nsp@puck.nether.net Subject: Re: [c-nsp] show command for active multicast kbps rate the command is show mrib route rate. I've forgot to add rate to the end tp# show mfib route rate 233.88.168.176 IP Multicast Forwarding Rates Source Address, Group Address HW Forwarding Rates: bps In/pps In/bps Out/pps Out (x.x.x.x 233.88.168.176) bps_in /pps_in /bps_out /pps_out 1898751 / 175 / N/A / N/A 2013/1/12 John Neiberger jneiber...@gmail.com I do recall opening a TAC case on something like this about a year ago. We also were not seeing rates in our multicast traffic. As I recall, they said it was a bug, but I don't have any details. I'll see if I can find the case notes. We were running 4.0.1 at the time. On Fri, Jan 11, 2013 at 12:03 PM, Aaron aar...@gvtc.com wrote: I think I enabled that too on my asr9k's and recall not seeing any rates either. Wondering if there is a known issue with this. Anyone know anything about that ? Aaron -Original Message- From: cisco-nsp-boun...@puck.nether.net [mailto:cisco-nsp-boun...@puck.nether.net] On Behalf Of Erçin TORUN Sent: Friday, January 11, 2013 12:07 PM To: Adam Vitkovsky Cc: cisco-nsp@puck.nether.net Subject: Re: [c-nsp] show command for active multicast kbps rate Hi again, I've enabled the rate-per-route command but still cant see the per flow rates. Have any idea ? I'm sure that there is a flow cause i'm watching it and it passes throughout the backbone. #show mfib route 233.88.168.176 detail IP Multicast Forwarding Information Base Entry flags: C - Directly-Connected Check, S - Signal, D - Drop, IA - Inherit Accept, IF - Inherit From, MA - MDT Address, ME - MDT Encap, MD - MDT Decap, MT - MDT Threshold Crossed, MH - MDT interface handle, CD - Conditional Decap, DT - MDT Decap True, EX - Extranet MoFE - MoFRR Enabled, MoFS - MoFRR State Interface flags: F - Forward, A - Accept, IC - Internal Copy, NS - Negate Signal, DP - Don't Preserve, SP - Signal Present, EG - Egress, EI - Encapsulation Interface, MI - MDT Interface, EX - Extranet, A2 - Secondary Accept Forwarding/Replication Counts: Packets in/Packets out/Bytes out Failure Counts: RPF / TTL / Empty Olist / Encap RL / Other (x.x.x.x,233.88.168.176), Flags: Up: 00:02:02 Last Used: never SW Forwarding Counts: 0/0/0 SW Replication Counts: 0/0/0 SW Failure Counts: 0/0/0/0/0 Route ver: 0x2f34 MVPN Info :- MDT Handle: 0x0, MDT Probe:N [N], Rate:Y, Acc:N MDT SW Ingress Encap V4/V6, Egress decap: 0 / 0, 0 Encap ID: 0 RPF ID: 0 Local Receiver: True Turnaround: False TenGigE0/0/0/0 Flags: NS, Up:00:02:02 GigabitEthernet0/1/0/4.112 Flags: A, Up:00:02:02 #show mrib route 233.88.168.176 detail IP Multicast Routing Information Base Entry flags: L - Domain-Local Source, E - External Source to the Domain, C - Directly-Connected Check, S - Signal, IA - Inherit Accept, IF - Inherit From, D - Drop, MA - MDT Address, ME - MDT Encap, MD - MDT Decap, MT - MDT Threshold Crossed, MH - MDT interface handle CD - Conditional Decap, MPLS - MPLS Decap, MF - MPLS Encap, EX - Extranet MoFE - MoFRR Enabled, MoFS - MoFRR State Interface flags: F - Forward, A - Accept, IC - Internal Copy, NS - Negate Signal, DP - Don't Preserve, SP - Signal Present, II - Internal Interest, ID - Internal Disinterest, LI - Local Interest, LD - Local Disinterest, DI - Decapsulation Interface EI - Encapsulation Interface, MI - MDT Interface, LVIF - MPLS Encap, EX - Extranet, A2 - Secondary Accept (x.x.x.x ,233.88.168.176) Ver: 0x2f34 RPF nbr: x.x.x.x Flags:, FMA: 0x501bfba0 FGID: 0x4 MGID: 0x9a2c Up: 00:02:19 Incoming Interface List GigabitEthernet0/1/0/4.112 Flags: A, Up: 00:02:19 Outgoing Interface List TenGigE0/0/0/0 Flags: F NS, Up: 00:02:19 # show ip route x.x.x.x Fri Jan 11 20:00:24.076 Turkiye Routing entry for x.x.x.x/28 Known via connected, distance 0, metric 0 (connected) Installed Dec 20 00:12:02.128 for 3w1d Routing Descriptor Blocks directly connected, via GigabitEthernet0/1/0/4.112 Route metric is 0 Redist Advertisers: ospf 1 nsf multipath hash source-nexthop ssm range abcde rate-per-route ssm allow-override 2013/1/8 Erçin TORUN ercinto...@gmail.com Hi Adam, Thanks for quick response. I used the sh mrib route before but without rate-per-route config, will check asap. 2013/1/8 Adam Vitkovsky adam.vitkov...@swan.sk In XR its sh mrib route/sh mfib route but in order to get the bw rate you have to have the following cmd enabled: multicast-routing rate-per-route adam -- ERCIN TORUN -- ERCIN TORUN ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive
Re: [c-nsp] default policing interval in ms on cisco devices
Isn't that the tc value? I don't believe tc (time interval) is able to be directly configured but rather indirectly configured via bc and/or cir values within the mqc contracts and such. tc=bc/cir something about a policing/shaping value of 10 ms or 125 ms rings a bell but I don't know for sure where I got that number(s)... I vaguely recall things like FRTS or GTS being a 1 second interval and not having the granularity of the faster mqc toolset again, having trouble finding notes on that. Aaron -Original Message- From: cisco-nsp-boun...@puck.nether.net [mailto:cisco-nsp-boun...@puck.nether.net] On Behalf Of Adam Vitkovsky Sent: Monday, January 14, 2013 9:38 AM To: cisco-nsp@puck.nether.net Subject: [c-nsp] default policing interval in ms on cisco devices My google foo let me down on this one, so I thought maybe someone here would know the answer I'm specifically interested in integrated services routers and me3600x/cx Appreciate any pointers Thanks upfront adam ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/ ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
[c-nsp] ios xr upgrade from 4.1.2 to 4.3.0
Is it ok to do that ? Aaron ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] ios xr upgrade from 4.1.2 to 4.3.0
I see the following. can I run 4.3.0 on this A9K-RSP-4G ? ** RP/0/RSP0/CPU0:sv-b-9k-test1#sh redundancy Fri Jan 11 09:47:28.997 CST Redundancy information for node 0/RSP0/CPU0: == Node 0/RSP0/CPU0 is in ACTIVE role Node 0/RSP0/CPU0 has no valid partner Reload and boot info -- A9K-RSP-4G reloaded Mon Nov 19 15:49:29 2012: 7 weeks, 3 days, 17 hours, 58 minutes ago Active node booted Mon Nov 19 15:49:29 2012: 7 weeks, 3 days, 17 hours, 58 minutes ago Active node reload Cause: User Initiated reload ** Aaron From: chip [mailto:chip.g...@gmail.com] Sent: Friday, January 11, 2013 9:15 AM To: Jason Lixfeld Cc: Aaron; cisco-nsp@puck.nether.net NSP Subject: Re: [c-nsp] ios xr upgrade from 4.1.2 to 4.3.0 4.3 merged the two. Should be able to run the same version in the 4g/440 and the rsp used in asr9001 --chip On Friday, January 11, 2013, Jason Lixfeld wrote: While we're on the subject of 4.3.0, I notice that it's a px release only - that means that support for RSP4/RSP8 has to wait until the p release, correct? -- Sent from my mobile device On 2013-01-11, at 10:03 AM, Aaron aar...@gvtc.com javascript:; wrote: Is it ok to do that ? Aaron ___ cisco-nsp mailing list cisco-nsp@puck.nether.net javascript:; https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/ ___ cisco-nsp mailing list cisco-nsp@puck.nether.net javascript:; https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/ -- Just my $.02, your mileage may vary, batteries not included, etc ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] show command for active multicast kbps rate
I think I enabled that too on my asr9k's and recall not seeing any rates either. Wondering if there is a known issue with this. Anyone know anything about that ? Aaron -Original Message- From: cisco-nsp-boun...@puck.nether.net [mailto:cisco-nsp-boun...@puck.nether.net] On Behalf Of Erçin TORUN Sent: Friday, January 11, 2013 12:07 PM To: Adam Vitkovsky Cc: cisco-nsp@puck.nether.net Subject: Re: [c-nsp] show command for active multicast kbps rate Hi again, I've enabled the rate-per-route command but still cant see the per flow rates. Have any idea ? I'm sure that there is a flow cause i'm watching it and it passes throughout the backbone. #show mfib route 233.88.168.176 detail IP Multicast Forwarding Information Base Entry flags: C - Directly-Connected Check, S - Signal, D - Drop, IA - Inherit Accept, IF - Inherit From, MA - MDT Address, ME - MDT Encap, MD - MDT Decap, MT - MDT Threshold Crossed, MH - MDT interface handle, CD - Conditional Decap, DT - MDT Decap True, EX - Extranet MoFE - MoFRR Enabled, MoFS - MoFRR State Interface flags: F - Forward, A - Accept, IC - Internal Copy, NS - Negate Signal, DP - Don't Preserve, SP - Signal Present, EG - Egress, EI - Encapsulation Interface, MI - MDT Interface, EX - Extranet, A2 - Secondary Accept Forwarding/Replication Counts: Packets in/Packets out/Bytes out Failure Counts: RPF / TTL / Empty Olist / Encap RL / Other (x.x.x.x,233.88.168.176), Flags: Up: 00:02:02 Last Used: never SW Forwarding Counts: 0/0/0 SW Replication Counts: 0/0/0 SW Failure Counts: 0/0/0/0/0 Route ver: 0x2f34 MVPN Info :- MDT Handle: 0x0, MDT Probe:N [N], Rate:Y, Acc:N MDT SW Ingress Encap V4/V6, Egress decap: 0 / 0, 0 Encap ID: 0 RPF ID: 0 Local Receiver: True Turnaround: False TenGigE0/0/0/0 Flags: NS, Up:00:02:02 GigabitEthernet0/1/0/4.112 Flags: A, Up:00:02:02 #show mrib route 233.88.168.176 detail IP Multicast Routing Information Base Entry flags: L - Domain-Local Source, E - External Source to the Domain, C - Directly-Connected Check, S - Signal, IA - Inherit Accept, IF - Inherit From, D - Drop, MA - MDT Address, ME - MDT Encap, MD - MDT Decap, MT - MDT Threshold Crossed, MH - MDT interface handle CD - Conditional Decap, MPLS - MPLS Decap, MF - MPLS Encap, EX - Extranet MoFE - MoFRR Enabled, MoFS - MoFRR State Interface flags: F - Forward, A - Accept, IC - Internal Copy, NS - Negate Signal, DP - Don't Preserve, SP - Signal Present, II - Internal Interest, ID - Internal Disinterest, LI - Local Interest, LD - Local Disinterest, DI - Decapsulation Interface EI - Encapsulation Interface, MI - MDT Interface, LVIF - MPLS Encap, EX - Extranet, A2 - Secondary Accept (x.x.x.x ,233.88.168.176) Ver: 0x2f34 RPF nbr: x.x.x.x Flags:, FMA: 0x501bfba0 FGID: 0x4 MGID: 0x9a2c Up: 00:02:19 Incoming Interface List GigabitEthernet0/1/0/4.112 Flags: A, Up: 00:02:19 Outgoing Interface List TenGigE0/0/0/0 Flags: F NS, Up: 00:02:19 # show ip route x.x.x.x Fri Jan 11 20:00:24.076 Turkiye Routing entry for x.x.x.x/28 Known via connected, distance 0, metric 0 (connected) Installed Dec 20 00:12:02.128 for 3w1d Routing Descriptor Blocks directly connected, via GigabitEthernet0/1/0/4.112 Route metric is 0 Redist Advertisers: ospf 1 nsf multipath hash source-nexthop ssm range abcde rate-per-route ssm allow-override 2013/1/8 Erçin TORUN ercinto...@gmail.com Hi Adam, Thanks for quick response. I used the sh mrib route before but without rate-per-route config, will check asap. 2013/1/8 Adam Vitkovsky adam.vitkov...@swan.sk In XR its sh mrib route/sh mfib route but in order to get the bw rate you have to have the following cmd enabled: multicast-routing rate-per-route adam -- ERCIN TORUN -- ERCIN TORUN ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/ ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] l2vpn vpls w/bgp autodiscovery - me3600x to asr9k
Thank Matt, I haven't read rfc's 4761/2 (started reading 4761 the other day)... I'm using me3600x 15.2(2)S... I wonder if this would've told me that this me3600 used ldp... ? sv-b-ME3600-test#sh vfi Legend: RT=Route-target, S=Split-horizon, Y=Yes, N=No VFI name: vpls1, state: up, type: multipoint signaling: LDP -- ...also, the idea for bgp OR ldp for the signaling portiondoes the targeted ldp neighbor session mean that these devices are using ldp for signaling within the vpls w/bgp autodiscovery architecture OR does the ldp targeted neighbor session exists *regardless* ? Thanks, I'm trying to learn hereappreciate it. As usually, this list is a wonderful resource and thanks to Matt and Pete for assisting thus far with the vpls ad thing...appreciate all y'all Aaron -Original Message- From: cisco-nsp-boun...@puck.nether.net [mailto:cisco-nsp-boun...@puck.nether.net] On Behalf Of Matthew Melbourne Sent: Sunday, January 06, 2013 7:04 AM To: cisco-nsp@puck.nether.net Subject: [c-nsp] l2vpn vpls w/bgp autodiscovery - me3600x to asr9k Yes, I understand there are two standards which define VPLS PE Discovery and Pseudowire signalling: RFC4761 - BGP Auto-discovery and BGP signalling RFC4762 - BGP Auto-discovery and LDP signalling Both are supported on the ASR9k, but IOS tends to support only LDP signalling (e.g. 7600 from 12.2(33)SRB). Cheers, Matt -Original Message- Message: 2 Date: Sat, 5 Jan 2013 22:15:14 -0600 From: Aaron aar...@gvtc.com To: 'Pete Lumbis' alum...@gmail.com Cc: cisco-nsp@puck.nether.net Subject: Re: [c-nsp] l2vpn vpls w/bgp autodiscovery - me3600x to asr9k Message-ID: 001201cdebc4$6d703540$48509fc0$@gvtc.com Content-Type: text/plain; charset=us-ascii Yahoo! I had to change asr9k to signaling-protocol ldp (as tshooting goes, I may had superfluous stuff in here by now, so I'll pear back some later and see what was really needed) l2vpn bridge group gr1 bridge-domain bd1 interface GigabitEthernet0/0/0/10.1 ! vfi vf1 vpn-id 100 autodiscovery bgp rd auto route-target 64512:100 signaling-protocol ldp ! ! Me3600 has l2 vfi vpls1 autodiscovery vpn id 100 rd 10.101.12.251:32768 route-target export 64512:100 route-target import 64512:100 Aaron ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/ ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
[c-nsp] l2vpn vpls w/bgp autodiscovery - me3600x to asr9k
This is my first time trying to get l2vpn vpls w/bgp autodiscovery to work.please help if you know a simply scenario config that you could share to make it work with ios xr on one side and me3600x ios vanilla on the other side. Trying to get it up between 3 PE nodes where I will run vpls between all 3. 2 are me3600's and 1 is asr9k. I would like the asr9k to be route-reflector. I tried and tried first just to get it up between asr9k and one me3600 first..initially l2vpn address family bgp neighbor session came up and stayed up.this was ONLY after putting in the bgp neighbor and AF configs under bgp. BUT, once I added some l2vpn, vfi stuff on asr9k OR l2 vfi xyz auto, vpn-id stuff on me3600, it all fell apart. It went through a few iterations of trying various things..during that time I saw several errors on either side.. Here are some of them incase they look familiar to you. Thanks, Aaron Config. Asr9k. router bgp 64512 bgp router-id 10.101.0.254 bgp cluster-id 10 address-family l2vpn vpls-vpws ! neighbor-group my-rr-clients remote-as 64512 update-source Loopback0 address-family l2vpn vpls-vpws route-reflector-client ! ! neighbor 10.101.12.251 use neighbor-group my-rr-clients ! neighbor 10.101.12.253 use neighbor-group my-rr-clients ! l2vpn bridge group mytestvpls bridge-domain mytestvpls vfi mytestvpls vpn-id 99 autodiscovery bgp rd 64512:99 route-target 88:99 signaling-protocol bgp ve-id 10 me3600.. router bgp 64512 bgp router-id 10.101.12.251 bgp log-neighbor-changes no bgp default ipv4-unicast neighbor 10.101.0.254 remote-as 64512 neighbor 10.101.0.254 update-source Loopback0 ! address-family ipv4 exit-address-family ! address-family l2vpn vpls neighbor 10.101.0.254 activate neighbor 10.101.0.254 send-community extended exit-address-family -ME3600-test# RP/0/RSP0/CPU0:-9k-test1#sh bgp l2vpn vpls neighbors 10.101.12.251 | be malform Sat Jan 5 15:50:02.948 CST Total malformed UPDATE 490 Last malformed UPDATE 00:00:11 Error subcode 10, attribute code 0, action reset session Malformed UPDATE: 88 bytes 00580200 4140 01010240 02008004 0400 00400504 0064 C0101000 02FC 6300 0AFC 6380 0E160019 41040A65 0CFB0060 FC00 0063 0A650CFB RP/0/RSP0/CPU0:Jan 5 15:12:49.069 : bgp[1047]: [iord]: Received OPEN from 10.101.12.251, version 4, holdtime 180 secs RP/0/RSP0/CPU0:Jan 5 15:12:49.069 : bgp[1047]: [iord]: OPEN from 10.101.12.251 has optional parameter type: 2 (Capability) len: 6 RP/0/RSP0/CPU0:Jan 5 15:12:49.069 : bgp[1047]: [iord]: OPEN from 10.101.12.251 has MULTIPROTOCOL_EXTENSION capability for afi/safi: 25/65 RP/0/RSP0/CPU0:Jan 5 15:12:49.069 : bgp[1047]: [iord]: OPEN from 10.101.12.251 has optional parameter type: 2 (Capability) len: 2 RP/0/RSP0/CPU0:Jan 5 15:12:49.070 : bgp[1047]: [iord]: OPEN from 10.101.12.251 has ROUTE-REFRESH capability(old) for all address-families RP/0/RSP0/CPU0:Jan 5 15:12:49.070 : bgp[1047]: [iord]: OPEN from 10.101.12.251 has optional parameter type: 2 (Capability) len: 2 RP/0/RSP0/CPU0:Jan 5 15:12:49.070 : bgp[1047]: [iord]: OPEN from 10.101.12.251 has ROUTE-REFRESH capability for all address-families RP/0/RSP0/CPU0:Jan 5 15:12:49.070 : bgp[1047]: [iord]: OPEN from 10.101.12.251 has optional parameter type: 2 (Capability) len: 2 RP/0/RSP0/CPU0:Jan 5 15:12:49.070 : bgp[1047]: [iord]: OPEN from 10.101.12.251 has unrecognized capability code: 70, length 0 (ignored) RP/0/RSP0/CPU0:Jan 5 15:12:49.070 : bgp[1047]: [iord]: OPEN from 10.101.12.251 has optional parameter type: 2 (Capability) len: 6 RP/0/RSP0/CPU0:Jan 5 15:12:49.070 : bgp[1047]: [iord]: OPEN from 10.101.12.251 has 4-byte AS capability with AS 64512 RP/0/RSP0/CPU0:Jan 5 15:12:49.071 : bgp[1047]: [iord]: bgp_io_read_schedule_updgrp: NO updgrp scheduled after Open processing: nbr=10.101.12.251, nbrfl=0x08314000 RP/0/RSP0/CPU0:Jan 5 15:12:49.071 : bgp[1047]: [iord]: 10.101.12.251 went from Connect to OpenSent RP/0/RSP0/CPU0:Jan 5 15:12:49.071 : bgp[1047]: [iord]: Sending OPEN to 10.101.12.251, version 4, my as: 64512, holdtime 180 seconds RP/0/RSP0/CPU0:Jan 5 15:12:49.071 : bgp[1047]: [iord]: 10.101.12.251 went from OpenSent to OpenConfirm RP/0/RSP0/CPU0:Jan 5 15:12:49.072 : bgp[1047]: [iowt]: 10.101.12.251 send message type 1, length (incl. header) 53 RP/0/RSP0/CPU0:Jan 5 15:12:49.072 : bgp[1047]: [iowt]: Send message dump for 10.101.12.251: RP/0/RSP0/CPU0:Jan 5 15:12:49.072 : bgp[1047]: [iowt]: RP/0/RSP0/CPU0:Jan 5 15:12:49.072 : bgp[1047]: [iowt]: 0035 0104 fc00 00b4 0a65 00fe 1802 0601 RP/0/RSP0/CPU0:Jan 5 15:12:49.072 : bgp[1047]: [iowt]: 0400 1900 4102 0280 0002 0202 0002 0641 RP/0/RSP0/CPU0:Jan 5 15:12:49.072 : bgp[1047]: [iowt]: 0400 00fc 00 RP/0/RSP0/CPU0:Jan 5 15:12:49.073
Re: [c-nsp] l2vpn vpls w/bgp autodiscovery - me3600x to asr9k
You're right on that Pete. Thanks, I just got that seconds before you told me from a link I was reading. That stabilized neighbor session, now I'm trying to get ce's to see each other. They aren't currently. On me3600 I'm seeing. unkn Invalid Segment sv-b-ME3600-test#sh xcon all Legend:XC ST=Xconnect State S1=Segment1 State S2=Segment2 State UP=Up DN=DownAD=Admin Down IA=Inactive SB=Standby HS=Hot Standby RV=Recovering NH=No Hardware XC ST Segment 1 S1 Segment 2 S2 --+-+--+ -+-- UP pri ac Vl100:100(Eth VLAN) UP vfi vpls1 UP -- pri vfi vpls1UP unkn Invalid Segment -- UP pri bd 100 UP vfi vpls1 UP .and no prefix rcv'd. sv-b-ME3600-test#sh bgp l2v vpl al su | be Neighb NeighborV AS MsgRcvd MsgSent TblVer InQ OutQ Up/Down State/PfxRcd 10.101.0.254464512 33 37200 00:29:00 0 ..on 9k I see prefix rcv'd. RP/0/RSP0/CPU0:sv-b-9k-test1#sh bgp l2 vpls su | be Nei Sat Jan 5 21:59:20.848 CST NeighborSpkAS MsgRcvd MsgSent TblVer InQ OutQ Up/Down St/PfxRcd 10.101.12.251 0 6451223821793600 00:29:30 1 RP/0/RSP0/CPU0:sv-b-9k-test1#sh bgp l2 vpls Sat Jan 5 21:59:42.536 CST BGP router identifier 10.101.0.254, local AS number 64512 BGP generic scan interval 60 secs BGP table state: Active Table ID: 0x0 RD version: 3889240856 BGP main routing table version 6 BGP scan interval 60 secs Status codes: s suppressed, d damped, h history, * valid, best i - internal, r RIB-failure, S stale Origin codes: i - IGP, e - EGP, ? - incomplete NetworkNext HopRcvd Label Local Label Route Distinguisher: 64512:100 *i10.101.12.251/32 10.101.12.251 nolabel nolabel Route Distinguisher: 10.101.0.254:32768 (default for vrf gr1:bd1) * 10:10/32 0.0.0.0 nolabel 16180 Aaron From: Pete Lumbis [mailto:alum...@gmail.com] Sent: Saturday, January 05, 2013 9:38 PM To: Aaron Cc: cisco-nsp@puck.nether.net Subject: Re: [c-nsp] l2vpn vpls w/bgp autodiscovery - me3600x to asr9k I think you need to add the prefix-length-size 2 command when doing VPLS Autodiscovery between IOS and XR boxes. http://www.cisco.com/en/US/docs/ios/iproute_bgp/command/reference/irg_bgp4.h tml#wp1154099 Try that and see if it help. On Sat, Jan 5, 2013 at 5:50 PM, Aaron aar...@gvtc.com wrote: This is my first time trying to get l2vpn vpls w/bgp autodiscovery to work.please help if you know a simply scenario config that you could share to make it work with ios xr on one side and me3600x ios vanilla on the other side. Trying to get it up between 3 PE nodes where I will run vpls between all 3. 2 are me3600's and 1 is asr9k. I would like the asr9k to be route-reflector. I tried and tried first just to get it up between asr9k and one me3600 first..initially l2vpn address family bgp neighbor session came up and stayed up.this was ONLY after putting in the bgp neighbor and AF configs under bgp. BUT, once I added some l2vpn, vfi stuff on asr9k OR l2 vfi xyz auto, vpn-id stuff on me3600, it all fell apart. It went through a few iterations of trying various things..during that time I saw several errors on either side.. Here are some of them incase they look familiar to you. Thanks, Aaron Config. Asr9k. router bgp 64512 bgp router-id 10.101.0.254 bgp cluster-id 10 address-family l2vpn vpls-vpws ! neighbor-group my-rr-clients remote-as 64512 update-source Loopback0 address-family l2vpn vpls-vpws route-reflector-client ! ! neighbor 10.101.12.251 use neighbor-group my-rr-clients ! neighbor 10.101.12.253 use neighbor-group my-rr-clients ! l2vpn bridge group mytestvpls bridge-domain mytestvpls vfi mytestvpls vpn-id 99 autodiscovery bgp rd 64512:99 route-target 88:99 signaling-protocol bgp ve-id 10 me3600.. router bgp 64512 bgp router-id 10.101.12.251 bgp log-neighbor-changes no bgp default ipv4-unicast neighbor 10.101.0.254 remote-as 64512 neighbor 10.101.0.254 update-source Loopback0 ! address-family ipv4 exit-address-family ! address-family l2vpn vpls neighbor 10.101.0.254 activate neighbor 10.101.0.254 send-community extended exit-address-family -ME3600-test# RP/0/RSP0/CPU0:-9k-test1#sh bgp l2vpn vpls neighbors 10.101.12.251 | be malform Sat Jan 5 15:50:02.948 CST Total malformed UPDATE 490 Last malformed UPDATE 00:00:11 Error subcode 10, attribute code 0, action reset session Malformed UPDATE: 88 bytes 00580200 4140 01010240 02008004 0400 00400504 0064 C0101000 02FC 6300 0AFC
Re: [c-nsp] l2vpn vpls w/bgp autodiscovery - me3600x to asr9k
Yahoo! I had to change asr9k to signaling-protocol ldp (as tshooting goes, I may had superfluous stuff in here by now, so I'll pear back some later and see what was really needed) l2vpn bridge group gr1 bridge-domain bd1 interface GigabitEthernet0/0/0/10.1 ! vfi vf1 vpn-id 100 autodiscovery bgp rd auto route-target 64512:100 signaling-protocol ldp ! ! Me3600 has l2 vfi vpls1 autodiscovery vpn id 100 rd 10.101.12.251:32768 route-target export 64512:100 route-target import 64512:100 Aaron -Original Message- From: cisco-nsp-boun...@puck.nether.net [mailto:cisco-nsp-boun...@puck.nether.net] On Behalf Of Aaron Sent: Saturday, January 05, 2013 9:59 PM To: 'Pete Lumbis' Cc: cisco-nsp@puck.nether.net Subject: Re: [c-nsp] l2vpn vpls w/bgp autodiscovery - me3600x to asr9k You're right on that Pete. Thanks, I just got that seconds before you told me from a link I was reading. That stabilized neighbor session, now I'm trying to get ce's to see each other. They aren't currently. On me3600 I'm seeing. unkn Invalid Segment sv-b-ME3600-test#sh xcon all Legend:XC ST=Xconnect State S1=Segment1 State S2=Segment2 State UP=Up DN=DownAD=Admin Down IA=Inactive SB=Standby HS=Hot Standby RV=Recovering NH=No Hardware XC ST Segment 1 S1 Segment 2 S2 --+-+--+ --+-+--+ -+-- UP pri ac Vl100:100(Eth VLAN) UP vfi vpls1 UP -- pri vfi vpls1UP unkn Invalid Segment -- UP pri bd 100 UP vfi vpls1 UP .and no prefix rcv'd. sv-b-ME3600-test#sh bgp l2v vpl al su | be Neighb NeighborV AS MsgRcvd MsgSent TblVer InQ OutQ Up/Down State/PfxRcd 10.101.0.254464512 33 37200 00:29:00 0 ..on 9k I see prefix rcv'd. RP/0/RSP0/CPU0:sv-b-9k-test1#sh bgp l2 vpls su | be Nei Sat Jan 5 21:59:20.848 CST NeighborSpkAS MsgRcvd MsgSent TblVer InQ OutQ Up/Down St/PfxRcd 10.101.12.251 0 6451223821793600 00:29:30 1 RP/0/RSP0/CPU0:sv-b-9k-test1#sh bgp l2 vpls Sat Jan 5 21:59:42.536 CST BGP router identifier 10.101.0.254, local AS number 64512 BGP generic scan interval 60 secs BGP table state: Active Table ID: 0x0 RD version: 3889240856 BGP main routing table version 6 BGP scan interval 60 secs Status codes: s suppressed, d damped, h history, * valid, best i - internal, r RIB-failure, S stale Origin codes: i - IGP, e - EGP, ? - incomplete NetworkNext HopRcvd Label Local Label Route Distinguisher: 64512:100 *i10.101.12.251/32 10.101.12.251 nolabel nolabel Route Distinguisher: 10.101.0.254:32768 (default for vrf gr1:bd1) * 10:10/32 0.0.0.0 nolabel 16180 Aaron From: Pete Lumbis [mailto:alum...@gmail.com] Sent: Saturday, January 05, 2013 9:38 PM To: Aaron Cc: cisco-nsp@puck.nether.net Subject: Re: [c-nsp] l2vpn vpls w/bgp autodiscovery - me3600x to asr9k I think you need to add the prefix-length-size 2 command when doing VPLS Autodiscovery between IOS and XR boxes. http://www.cisco.com/en/US/docs/ios/iproute_bgp/command/reference/irg_bgp4.h tml#wp1154099 Try that and see if it help. On Sat, Jan 5, 2013 at 5:50 PM, Aaron aar...@gvtc.com wrote: This is my first time trying to get l2vpn vpls w/bgp autodiscovery to work.please help if you know a simply scenario config that you could share to make it work with ios xr on one side and me3600x ios vanilla on the other side. Trying to get it up between 3 PE nodes where I will run vpls between all 3. 2 are me3600's and 1 is asr9k. I would like the asr9k to be route-reflector. I tried and tried first just to get it up between asr9k and one me3600 first..initially l2vpn address family bgp neighbor session came up and stayed up.this was ONLY after putting in the bgp neighbor and AF configs under bgp. BUT, once I added some l2vpn, vfi stuff on asr9k OR l2 vfi xyz auto, vpn-id stuff on me3600, it all fell apart. It went through a few iterations of trying various things..during that time I saw several errors on either side.. Here are some of them incase they look familiar to you. Thanks, Aaron Config. Asr9k. router bgp 64512 bgp router-id 10.101.0.254 bgp cluster-id 10 address-family l2vpn vpls-vpws ! neighbor-group my-rr-clients remote-as 64512 update-source Loopback0 address-family l2vpn vpls-vpws route-reflector-client ! ! neighbor 10.101.12.251 use neighbor-group my-rr-clients ! neighbor 10.101.12.253 use neighbor-group my-rr-clients ! l2vpn bridge group mytestvpls bridge-domain mytestvpls vfi mytestvpls vpn-id 99 autodiscovery bgp rd 64512:99
[c-nsp] bridge table entry for mac reachable over vpws pw
Is there some sort of sensible meaning to those numbers located under the ports column ? that mac address is reachable via the xconnect pw on vlan 100 svi Aaron 3600#sh mac- address 203a.07c3.cf40 Mac Address Table --- VlanMac Address TypePorts --- - 100203a.07c3.cf40DYNAMIC 1.163.50.36, 260428400 ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] bridge table entry for mac reachable over vpws pw
Interestingly, converted to vpls (manual) and now I see something sensible for that... noc-3600#sh mac- address 203a.07c3.cf40 Mac Address Table --- VlanMac Address TypePorts --- - 100203a.07c3.cf40DYNAMIC 10.101.12.251, 1 Aaron -Original Message- From: cisco-nsp-boun...@puck.nether.net [mailto:cisco-nsp-boun...@puck.nether.net] On Behalf Of Aaron Sent: Thursday, January 03, 2013 11:36 AM To: cisco-nsp@puck.nether.net Subject: [c-nsp] bridge table entry for mac reachable over vpws pw Is there some sort of sensible meaning to those numbers located under the ports column ? that mac address is reachable via the xconnect pw on vlan 100 svi Aaron 3600#sh mac- address 203a.07c3.cf40 Mac Address Table --- VlanMac Address TypePorts --- - 100203a.07c3.cf40DYNAMIC 1.163.50.36, 260428400 ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/ ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
[c-nsp] spanning tree on me3600x
I don't see any instances of spanning tree running for various efp's I've created in my ME3600. Is there something different with spanning tree and the Me3600x that is much different than older cisco switches ? voice-3600#sh spanning-tree interface g0/4 efp 336 no spanning tree info available for GigabitEthernet0/4 voice-3600#sh run | in span spanning-tree mode rapid-pvst spanning-tree extend system-id spanning-tree vlan 336 priority 24576 voice-3600#sh spann vl 336 Spanning tree instance(s) for vlan 336 does not exist. voice-3600#sh run in g0/4 interface GigabitEthernet0/4 description ring 3 - 3y6 vlans switchport trunk allowed vlan none switchport mode trunk load-interval 30 service instance 316 ethernet encapsulation dot1q 316 rewrite ingress tag pop 1 symmetric bridge-domain 316 ! service instance 336 ethernet encapsulation dot1q 336 rewrite ingress tag pop 1 symmetric l2protocol peer stp bridge-domain 336 ! End ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] me3600x - g0/25 ?!
Doesn't seem to get rid of it. Here's what I just now did... - Rebooted.still there. - Tried to conf tno int g0/25got message that I can't remove hardware int - Downloaded nvram:startup-configremoved g0/25 from ascii fileuploaded startup-config to nvram...verified g0/25 wasn't in therereloadedguess what, g0/25 is not in startup config even after reload, but g0/25 is in running config. Also... conf t, int g0/? Shows options 1-25 Funny and weird Aaron -Original Message- From: Christian Meutes [mailto:christ...@errxtx.net] Sent: Wednesday, December 19, 2012 7:39 PM To: Aaron Cc: cisco-nsp@puck.nether.net Subject: Re: [c-nsp] me3600x - g0/25 ?! Happens when you insert SFPs in the SFP+ interfaces. Only way to get rid of them is a reboot. -- Christian On 20.12.2012, at 03:29, Aaron aar...@gvtc.com wrote: Any idea why I see an interface g0/25 on my me3600x? this may be following the ios upgrade to 15.3(1)S There are only 24 physical sfp interfaces on this box Aaron ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/ ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
[c-nsp] me3600x - g0/25 ?!
Any idea why I see an interface g0/25 on my me3600x? this may be following the ios upgrade to 15.3(1)S There are only 24 physical sfp interfaces on this box Aaron ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] me3600x - g0/25 ?!
If it did, then there is a strange/orphaned gig0 still showing And Andrew K says he still knows about g0 so I'm assuming he's using it... Aaron -Original Message- From: cisco-nsp-boun...@puck.nether.net [mailto:cisco-nsp-boun...@puck.nether.net] On Behalf Of Steve Dodd Sent: Wednesday, December 19, 2012 2:44 PM To: cisco-nsp@puck.nether.net Subject: Re: [c-nsp] me3600x - g0/25 ?! Did the management port get renumbered? -Steve -Original Message- From: cisco-nsp-boun...@puck.nether.net [mailto:cisco-nsp-boun...@puck.nether.net] On Behalf Of Andrew K. Sent: Wednesday, December 19, 2012 1:36 PM To: cisco-nsp@puck.nether.net Subject: Re: [c-nsp] me3600x - g0/25 ?! I am able to confirm I see the same thing on my ME3600x running the same code 15.3(1)S. On 12/19/2012 3:29 PM, Aaron wrote: Any idea why I see an interface g0/25 on my me3600x? this may be following the ios upgrade to 15.3(1)S There are only 24 physical sfp interfaces on this box Aaron ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/ ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/ ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/ ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
[c-nsp] OT - looking for job in san antonio texas ? (actually 25 minutes north, Bulverde)
GVTC is at an ISP/CATV/Telephone provider, if you apply online you can send me your resume too. Job would be for Network Engineer - IP http://gvtc.com/careers/ https://home.eease.adp.com/recruit2/?id=523461 https://home.eease.adp.com/recruit2/?id=523461t=1 t=1 Aaron ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] CRC errors on fastethernet interface
The FE on the 7200 is a FE, not 10/100 switchable, hence no speed. Have you tried a different port on both sides? That would narrow down where the issue is since you tried swapping the cable. Is the cable passing near power cable or over power cables at not 90degs? On Thu, Nov 22, 2012 at 1:33 AM, Joe Mays m...@win.net wrote: Have a 7206 connected to a Catalyst 2900XL switch port. The 2900XL is getting CRC errors on the port at the rate of about one every one or two seconds. I've tried replacing the cable, no effect. core-sw1.noc#show int fastethernet0/1 FastEthernet0/1 is up, line protocol is up Hardware is Fast Ethernet, address is 0002.7d2f.bc41 (bia 0002.7d2f.bc41) Description: 802.1q trunk to core-gw1.noc.win.net port FastEthernet0/0 MTU 1500 bytes, BW 10 Kbit, DLY 100 usec, reliability 255/255, txload 51/255, rxload 37/255 Encapsulation ARPA, loopback not set Keepalive not set Full-duplex, 100Mb/s, 100BaseTX/FX ARP type: ARPA, ARP Timeout 04:00:00 Last input never, output 00:00:00, output hang never Last clearing of show interface counters 00:05:49 Queueing strategy: fifo Output queue 0/40, 0 drops; input queue 0/75, 0 drops 30 second input rate 14547000 bits/sec, 2327 packets/sec 30 second output rate 20099000 bits/sec, 3507 packets/sec 862330 packets input, 682108246 bytes Received 398 broadcasts, 0 runts, 0 giants, 0 throttles 63 input errors, 63 CRC, 0 frame, 64 overrun, 64 ignored 0 watchdog, 257 multicast 0 input packets with dribble condition detected 1262698 packets output, 899402766 bytes, 0 underruns 0 output errors, 0 collisions, 0 interface resets 0 babbles, 0 late collision, 0 deferred 0 lost carrier, 0 no carrier 0 output buffer failures, 0 output buffers swapped out Since changing the cable made no difference, it's either a port problem on the 7206 or 2900XL, or a config problem. Here are the configs for the interfaces on each end. (Since the 7206 does not specify 100mbps, I had thought maybe it was occasionally trying to renegotiate the speed, which might screw up the switch end, which is hardwired 100-full, while the 7206 is set to full-duplex, the speed command to force 100mbps speed does not seem to exist on the 7206.) Cisco 7206 -- interface FastEthernet0/0 description Win.net NOC gateway LAN, 911 Heyburn Bldg (via core-sw1.noc.win.net) ip address nnn.nnn.nnn.nnn 255.255.255.192 ip access-group block-out-to-dot30 out no ip proxy-arp ip route-cache same-interface ip route-cache flow ip ospf message-digest-key 1 md5 7 xxx ip ospf cost 2 ip ospf priority 200 no ip mroute-cache load-interval 60 duplex full no keepalive no cdp enable standby 1 ip 216.24.30.65 standby 1 timers 5 15 standby 1 priority 105 standby 1 preempt delay minimum 60 standby 1 authentication dfwmhsrp standby 1 track Serial6/0 crypto map KYtoINvpn service-policy output queue-on-dscp 2900XL interface FastEthernet0/1 description 802.1q trunk to core-gw1.noc.win.net port FastEthernet0/0 load-interval 30 duplex full speed 100 switchport trunk encapsulation dot1q switchport mode trunk no cdp enable ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/ ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
[c-nsp] Monitoring 3750x power supplies
Hey guys, We are having issues monitoring our 3750x power supplies via the cisco envmon MIB that hopefully someone out there has experienced. When one of the power supplies loses power the OID will change state to 6:notFunctioning but once power is reset the state does not change back to normal. This is causing issues for our monitoring application. See below for the OID: Object ciscoEnvMonSupplyState OID 1.3.6.1.4.1.9.9.13.1.5.1.3 Type CiscoEnvMonState 1:normal 2:warning 3:critical 4:shutdown 5:notPresent 6:notFunctioning Permission read-only Status current MIB Description The current state of the power supply being instrumented. snmpwalk result: SNMPv2-SMI::enterprises.9.9.13.1.5.1.3.1058 = INTEGER: 1 SNMPv2-SMI::enterprises.9.9.13.1.5.1.3.1086 = INTEGER: 6 switch#show env power SW PID Serial# Status Sys Pwr PoE Pwr Watts --- -- -- --- --- --- - 1A C3KX-PWR-1100WAC OK Good Good 1100/0 1B C3KX-PWR-1100WAC OK Good Good 1100/0 Any ideas? I believe a reload of the switch will resolve but we can't do this for every switch that loses power to one of the supplies. Thanks, Aaron. ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] leaking only a couple routes between 2 vrf's
thanks, per the config guidance below, I have that route replicated into the vrf that I wanted it into on the local pe where I did that replicate trick from one vrf to another but how would I get that replicated route sent to other neighboring pe's in that L3VPN ? Aaron -Original Message- From: Paul Wells [mailto:p...@lituya.com] Sent: Friday, November 02, 2012 11:51 AM To: Aaron; cisco-nsp@puck.nether.net Subject: Re: [c-nsp] leaking only a couple routes between 2 vrf's Hi Aaron, If you have a recent IOS release you can use the route-replicate command to do this directly without requiring BGP. For example: vrf definition blue ! address-family ipv4 route-replicate from vrf red unicast all route-map red2blue exit-address-family ! vrf definition red ! address-family ipv4 exit-address-family ! ip prefix-list red2blue seq 5 permit 90.0.0.0/8 le 32 ip prefix-list red2blue seq 10 permit 91.0.0.0/8 le 32 ! route-map red2blue permit 10 match ip address prefix-list red2blue ! R1#sh ip ro vrf red Routing Table: red Codes: L - local, C - connected, S - static, R - RIP, M - mobile, B - BGP ... + - replicated route, % - next hop override Gateway of last resort is not set 10.0.0.0/8 is variably subnetted, 2 subnets, 2 masks C10.1.0.0/24 is directly connected, Ethernet0/0 L10.1.0.180/32 is directly connected, Ethernet0/0 90.0.0.0/24 is subnetted, 2 subnets O90.1.0.0 [110/11] via 10.1.0.181, 00:30:26, Ethernet0/0 i L1 90.2.0.0 [115/20] via 10.1.0.181, 00:00:05, Ethernet0/0 91.0.0.0/24 is subnetted, 1 subnets O91.1.0.0 [110/11] via 10.1.0.181, 00:30:16, Ethernet0/0 92.0.0.0/24 is subnetted, 1 subnets O92.1.0.0 [110/11] via 10.1.0.181, 00:30:16, Ethernet0/0 R1#sh ip ro vrf blue Routing Table: blue Codes: L - local, C - connected, S - static, R - RIP, M - mobile, B - BGP ... + - replicated route, % - next hop override Gateway of last resort is not set 90.0.0.0/24 is subnetted, 2 subnets O +90.1.0.0 [110/11] via 10.1.0.181 (red), 00:30:38, Ethernet0/0 i L1+90.2.0.0 [115/20] via 10.1.0.181 (red), 00:00:17, Ethernet0/0 91.0.0.0/24 is subnetted, 1 subnets O +91.1.0.0 [110/11] via 10.1.0.181 (red), 00:30:28, Ethernet0/0 This is documented as part of the Easy Virtual Network feature, but can be used by itself. See, for example: http://www.cisco.com/en/US/docs/ios-xml/ios/evn/configuration/xe-3s/Configur ing_Easy_Virtual_Network_Shared_Services.html Regards, Paul On 11/01/2012 04:28 PM, Aaron wrote: What is a clean/easy way to leak a couple routes between two vrf's ? if you have links to docs or sites that explain this or you know how , lemme know please. Aaron ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/ ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] Show mac adresses connected to ports
Yep. Sh mac address-table | inc mod/port Have a good day, Aaron Aaron Childs, CCNA Associate Director, Networking Information Technology www.westfield.ma.edu/it Please Note: new e-mail address - aa...@westfield.ma.edu -Original Message- From: cisco-nsp-boun...@puck.nether.net [mailto:cisco-nsp-boun...@puck.nether.net] On Behalf Of Harry Hambi Sent: Friday, November 02, 2012 11:19 AM To: 'cisco-nsp@puck.nether.net' Subject: [c-nsp] Show mac adresses connected to ports Hi all, Is there a command that will show me the list mac addresses connected to a port. I suspect more than one device connected to a port. Thanks Rgds Harry Harry Hambi BEng(Hons) MIET Rsgb http://www.bbc.co.uk This e-mail (and any attachments) is confidential and may contain personal views which are not the views of the BBC unless specifically stated. If you have received it in error, please delete it from your system. Do not use, copy or disclose the information in any way nor act in reliance on it and notify the sender immediately. Please note that the BBC monitors e-mails sent or received. Further communication will signify your consent to this. ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/ ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
[c-nsp] leaking only a couple routes between 2 vrf's
What is a clean/easy way to leak a couple routes between two vrf's ? if you have links to docs or sites that explain this or you know how , lemme know please. Aaron ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] ME3600x sub-interfaces
Haven't y'all had to use this command often ? I have. Doesn't seem to work without it in many scenarios... rewrite ingress tag pop 1 symmetric ...seems that for basic, single dot1q tag trunking, I've found that this command is required. Lemme know what you think. However, in scenarios where I've plumed that service instance into an eompls pw (vpws) and not a bridge domain, I have NOT had to use the rewrite ingress tag pop trick ...me3600x... interface GigabitEthernet0/6 switchport trunk allowed vlan none switchport mode trunk service instance 491 ethernet encapsulation dot1q 491 rewrite ingress tag pop 1 symmetric bridge-domain 491 interface Vlan491 ip vrf forwarding two ip address 10.80.2.2 255.255.255.0 standby 1 ip 10.80.2.1 standby 1 priority 120 standby 1 preempt delay minimum 60 ...asr901... interface GigabitEthernet0/5 load-interval 30 media-type sfp negotiation auto service-policy input pm service instance 1 ethernet encapsulation dot1q 3290 xconnect 10.101.0.13 17 encapsulation mpls mtu 9206 -Original Message- From: cisco-nsp-boun...@puck.nether.net [mailto:cisco-nsp-boun...@puck.nether.net] On Behalf Of Pete Lumbis Sent: Saturday, October 27, 2012 3:47 PM To: Eric A Louie Cc: Cisco NSP Subject: Re: [c-nsp] ME3600x sub-interfaces Eric, To provide routing on a service instance, Jason is correct, you need to tie it to a bridge-domain. service instance 1 ethernet encapsulation dot1q 101 bridge-domain 100 service instance 2 ethernet encapsulation dot1q 201 bridge-domain 100 int vlan 100 ip add 192.168.1.1 255.255.255.0 If you are new to service instances take a look at a doc I wrote on Cisco's support forums to help explain how they work. https://supportforums.cisco.com/docs/DOC-21299 -Pete On Fri, Oct 26, 2012 at 2:04 PM, Eric A Louie elo...@yahoo.com wrote: Thanks Thomas. That's definitely an option - it was my 2nd one. The plain old subinterfaces, like on a router, don't work on this platform, apparently. Much appreciated, Eric From: t...@flashstudy.de t...@flashstudy.de To: Eric A Louie elo...@yahoo.com; Cisco NSP cisco-nsp@puck.nether.net Sent: Fri, October 26, 2012 10:53:09 AM Subject: Re: [c-nsp] ME3600x sub-interfaces Hi Eric, this is a switch. You have to configure a SVI Interface. conf t vlan 55 int vlan 55 ip add X.X.x.X if you want to use more vlans on a port you have to use switchport mode trunk and you should remobe the comannd switchport access vlan 55. Regards Thomas Are sub-interfaces supported on the ME3600x? Or is there some special formula that I need to enable them? Cisco IOS Software, ME360x Software (ME360x-UNIVERSALK9-M), Version 15.2(4)S, RELEASE SOFTWARE (fc1) License Level: AdvancedMetroIPAccess License Type: Permanent interface GigabitEthernet0/1 no switchport ip address 192.168.111.2 255.255.255.0 ! interface GigabitEthernet0/2 description test interface switchport access vlan 55 switchport mode trunk me3600-2(config)#int g0/1.1 ^ % Invalid input detected at '^' marker. me3600-2(config)#int g0/2.1 ^ % Invalid input detected at '^' marker. Much appreciated, Eric ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/ ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/ ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/ ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] ME3600x sub-interfaces
I was also told that with service instances you get the ability to monitor per vlan flows across an interface, which I don't think was possible in previous, legacy trunk configurations 3600#sh sn m i i | in 0/6 GigabitEthernet0/6.ServiceInstance.491: Ifindex = 20509 GigabitEthernet0/6: Ifindex = 10106 ...new port level snmp monitor point for say for instance layer 2 entity, vlan 491 flows on g0/6 Also, I was told and I saw something weird with the overarching l3 svi for say for instance vlan 491 erroneously (or by design, I dunno) does NOT show actually traffic that is passing via that efp 491 svc instance on g0/6i mean even when I knew that I should be seeing hits on counters for svi vlan 491 and I wasn't, someone in this forum (sorry I forget the name of the person) told me that this is probably caused by the new design of the 3600 and mef-type efp interface configs, and that I should be using svc instances to see per L2 flows via a interface. Aaron -Original Message- From: cisco-nsp-boun...@puck.nether.net [mailto:cisco-nsp-boun...@puck.nether.net] On Behalf Of Saku Ytti Sent: Saturday, October 27, 2012 2:35 AM To: cisco-nsp@puck.nether.net Subject: Re: [c-nsp] ME3600x sub-interfaces On (2012-10-26 13:50 -0400), Jason Lixfeld wrote: Service instances are Cisco's 2012 way of doing subinterfaces: Which is utterly inexcusable, just because you support some new things in the backend, does not mean you should expose completely new abstraction model to the frontend. What you configure in EVC should be configurable just as well in subinterface. With the difference that your existing config parsers would work and your existing SNMP graphing would work etc. I'm not even proponent of backward compatibility, if some benefits can be gained by making things in a new way, I'm all for breaking stuff. But if there is some benefit at all in EVC, I've not yet seen it, and I'd love to be corrected. -- ++ytti ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/ ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] ME3600x sub-interfaces
Oh, btw, since I brought up asr901 (off topic in this thread, please forgive) if anyone knows how to perform per-flow-point (per service instance) policing by matching on vlan id rcv'd from customer , please advise on how to config... Aaron ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
[c-nsp] asr9006 ios xr 4.1.2
Can I do nat on this platform ? I wanted to nat a bvi interface's subnet. The bvi is in a mpls l3vpn..vrf. Aaron ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] forced up/up on a fiber link
On Tue, Oct 23, 2012 at 6:59 AM, Phil Mayers p.may...@imperial.ac.uk wrote: On 23/10/12 10:20, Damian Holdcroft wrote: I remember reading something, somewhere, about the lasers sending pulses for link detection. I don't seem to be able to find anything on fibre link detection at the moment though. Does anybody know anything about it? I don't think this happens on normal links. As has been said, SX and LX optics do indeed fire into the air. Link up is a different matter; this usually is based on light detection and autoneg. Some high-power equipment has eye protection. I've never entirely figured out how this works, but it cuts off the laser when the fibre goes down. The ones that I have seen have a sensor that can tell if the fiber is plugged in, if there is no fiber in the TX, it shuts off the laser. I've also seen some WDM equipment which only engages TX if RX is receiving light. That's a pain, because if you forget about it and set this at both ends, links will never recover ;o) It would be interesting to see if the hw-module command actually engaged the optics. I wouldn't have thought so. Bit of a bugger you can only simulate entire linecards! no shut engages the optics. I'll be trying the mobile phone camera next opportunity. Thanks! Handy hint: if you have a phone with both back- and front-facing cameras, the back-facing camera may have an infrared filter so can't see LX, but the front-facing cameras tend to be cheaper and lack the filter (true on my HTC, for example). This can be useful. ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/ ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] forced up/up on a fiber link
no keepalive? On Mon, Oct 22, 2012 at 3:19 PM, Tóth András diosbej...@gmail.com wrote: Hi, The hw-module module x simulate link-up command will probably help you. It causes all ports on a specified module to be up/up. It might require service internal too. http://www.cisco.com/en/US/products/ps6017/products_command_reference_chapter09186a0080882963.html#wp1011675 Best regards, Andras On Mon, Oct 22, 2012 at 12:35 PM, LM asturlui...@gmail.com wrote: Hi all, For copper ethernet port I know there is an option to force up/up with no keepalive But, what about a fiber link? I have here a 7606 with... Cisco 7600 Series SPA Interface Processor-400 Rev. 2.5 5-port Gigabit Ethernet Shared Port Adapter no keepalive command available under gi3/2/2, which it is a fiber port on the related cards I wrote before. Now, I need to test a config, and I need to force up/up to one port without a fiber connected, is it possible? how? I am still doing research but, not success so far. ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/ ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/ ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] ipv6 from windows pc
this seems to work. Thanks Gert/David/Florin (thanks for entertaining the off topic) and I realized that the other nic (ipv4 only) in my laptop was interfering with the nic that I was using for this testing (ipv6 only) but I can seem to get to cisco.com, google.com through my ipv6 only nic by forcing with -6 C:\ping ipv6.google.com -6 Pinging ipv6.l.google.com [2607:f8b0:4000:801::1013] with 32 bytes of data: Reply from 2607:f8b0:4000:801::1013: time=128ms Reply from 2607:f8b0:4000:801::1013: time=146ms Reply from 2607:f8b0:4000:801::1013: time=132ms Ping statistics for 2607:f8b0:4000:801::1013: Packets: Sent = 3, Received = 3, Lost = 0 (0% loss), Approximate round trip times in milli-seconds: Minimum = 128ms, Maximum = 146ms, Average = 135ms Control-C ^C C:\ping ipv6chicken.com -6 Pinging ipv6chicken.com [2607:f4b8:2600:1:28a3:aeff:fedc:adda] with 32 bytes of data: Control-C ^C C:\ after unplugging my ipv4 only nic, I don't have to specify -6 C:\ping ipv6.google.com Pinging ipv6.l.google.com [2607:f8b0:400a:801::1011] with 32 bytes of data: Reply from 2607:f8b0:400a:801::1011: time=82ms Reply from 2607:f8b0:400a:801::1011: time=83ms Reply from 2607:f8b0:400a:801::1011: time=83ms Ping statistics for 2607:f8b0:400a:801::1011: Packets: Sent = 3, Received = 3, Lost = 0 (0% loss), Approximate round trip times in milli-seconds: Minimum = 82ms, Maximum = 83ms, Average = 82ms Control-C ^C C:\ Aaron It ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] 6vpe - me3600x
this seemed funny to mei've never seen this before, but then again I've never done 6vpe before either...sowhat is meant by this indirectly connected ? Aaron noc-3600#sh ipv ro vrf one IPv6 Routing Table - one - 5 entries Codes: C - Connected, L - Local, S - Static, U - Per-user Static route B - BGP, R - RIP, I1 - ISIS L1, I2 - ISIS L2 IA - ISIS interarea, IS - ISIS summary, ND - ND Default, NDp - ND Prefix DCE - Destination, NDr - Redirect, O - OSPF Intra, OI - OSPF Inter OE1 - OSPF ext 1, OE2 - OSPF ext 2, ON1 - OSPF NSSA ext 1 ON2 - OSPF NSSA ext 2 B ::/0 [200/0] via 10.101.0.254%default, indirectly connected B 2121:2121::/32 [200/0] via 10.101.0.254%default, indirectly connected C 2121:2121:::/64 [0/0] via GigabitEthernet0/23, directly connected L 2121:2121:::1/128 [0/0] via GigabitEthernet0/23, receive L FF00::/8 [0/0] via Null0, receive ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
[c-nsp] ipv6 from windows pc
I can ping google's ipv6 dns address but I can't seem to actually browse to any websites..nor can I resolve names using ipv6 C:\ping 2001:4860:4860::8844 Pinging 2001:4860:4860::8844 with 32 bytes of data: Reply from 2001:4860:4860::8844: time=34ms Reply from 2001:4860:4860::8844: time=35ms Ping statistics for 2001:4860:4860::8844: Packets: Sent = 2, Received = 2, Lost = 0 (0% loss), Approximate round trip times in milli-seconds: Minimum = 34ms, Maximum = 35ms, Average = 34ms Control-C ^C C:\tracert -d 2001:4860:4860::8844 Tracing route to 2001:4860:4860::8844 over a maximum of 30 hops 11 ms1 ms1 ms 2121:2121::0:66a0:e7ff:fe1c:50d8 2 2 ms 1 ms 1 ms :::10.101.0.3 3 2 ms 1 ms 1 ms :::10.101.0.2 4 2 ms 2 ms 1 ms 2323:2323:2:3d::4:2 5 1 ms 1 ms 1 ms 2323:2323:2:3d::4:1 6 *** Request timed out. 7 *** Request timed out. 8 *** Request timed out. 9 *** Request timed out. 1036 ms36 ms39 ms 2323:2323:2:2f::d:2 1134 ms34 ms34 ms 2001:4860::1:0:9ff 1234 ms33 ms34 ms 2001:4860::8:0:3cd9 1334 ms35 ms42 ms 2001:4860::2:0:b3 1439 ms42 ms35 ms 2001:4860:0:1::2db 1535 ms34 ms41 ms 2001:4860:4860::8844 Trace complete. C:\ C:\ping www.ipv6chicken.com Pinging www.ipv6chicken.com [208.83.69.51] with 32 bytes of data: Control-C ^C C:\ping ipv6.google.com Ping request could not find host ipv6.google.com. Please check the name and try again. C:\ Aaron ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] 6vpe - me3600x
When I enabled vpnv6 on my pre-existing vpnv4 neighbor session I saw it bounceIs there any way around this ? ...i'm concerned about the interruption (for operational environment) on the underlying vpnv4 l3vpn. Would be only momentary though right?... looks like 10 seconds from nbr_reset to Up If no way to avoid this, how do y'all do it ? maint window? Aaron noc-3600(config)#router bgp 64512 noc-3600(config-router)#address-family vpnv6 unicast % IPv6 routing not enabled noc-3600(config)#ipv unicast-routing noc-3600(config)#router bgp 64512 noc-3600(config-router)#address-family vpnv6 unicast noc-3600(config-router-af)#neighbor 10.101.0.254 activate *Oct 1 21:01:46: %BGP-5-NBR_RESET: Neighbor 10.101.0.254 reset (Capability changed) *Oct 1 21:01:46: %BGP-5-ADJCHANGE: neighbor 10.101.0.254 Down Capability changed *Oct 1 21:01:46: %BGP_SESSION-5-ADJCHANGE: neighbor 10.101.0.254 VPNv4 Unicast topology base removed from session Capability changed *Oct 1 21:01:47: %BGP-5-NBR_RESET: Neighbor 10.101.0.254 active reset (Peer closed the session) *Oct 1 21:01:47: %BGP_SESSION-5-ADJCHANGE: neighbor 10.101.0.254 VPNv6 Unicast topology base removed from session Peer closed the session *Oct 1 21:01:47: %BGP_SESSION-5-ADJCHANGE: neighbor 10.101.0.254 VPNv4 Unicast topology base removed from session Peer closed the session *Oct 1 21:01:56: %BGP-5-ADJCHANGE: neighbor 10.101.0.254 Up ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] 6vpe - me3600x
(resending due to ugly formatting) When I enabled vpnv6 on my pre-existing vpnv4 neighbor session I saw it bounceIs there any way around this ? ...i'm concerned about the interruption (for operational environment) on the underlying vpnv4 l3vpn. Would be only momentary though right?... looks like 10 seconds from nbr_reset to Up If no way to avoid this, how do y'all do it ? maint window? Aaron noc-3600(config)#router bgp 64512 noc-3600(config-router)#address-family vpnv6 unicast % IPv6 routing not enabled noc-3600(config)#ipv unicast-routing noc-3600(config)#router bgp 64512 noc-3600(config-router)#address-family vpnv6 unicast noc-3600(config-router-af)#neighbor 10.101.0.254 activate *Oct 1 21:01:46: %BGP-5-NBR_RESET: Neighbor 10.101.0.254 reset (Capabilitychanged) *Oct 1 21:01:46: %BGP-5-ADJCHANGE: neighbor 10.101.0.254 Down Capability changed *Oct 1 21:01:46: %BGP_SESSION-5-ADJCHANGE: neighbor 10.101.0.254 VPNv4 Unicast topology base removed from session Capability changed *Oct 1 21:01:47: %BGP-5-NBR_RESET: Neighbor 10.101.0.254 active reset (Peer closed the session) *Oct 1 21:01:47: %BGP_SESSION-5-ADJCHANGE: neighbor 10.101.0.254 VPNv6 Unicast topology base removed from session Peer closed the session *Oct 1 21:01:47: %BGP_SESSION-5-ADJCHANGE: neighbor 10.101.0.254 VPNv4 Unicast topology base removed from session Peer closed the session *Oct 1 21:01:56: %BGP-5-ADJCHANGE: neighbor 10.101.0.254 Up ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] 6vpe - me3600x
Thanks all. Also, since ipv6 seems inevitable, it would seem like a nice way to future proof your network by simply enabling v6 af in the vrf definition (also on me's create vrf using the definition mode for v6), the vpnv6 af under bgp and the v6 af within the vrf specific bgp contextthat way, it's done. Saying this since we seem to be looking for ipv6 capabilities to be supported in must things we do these daysso would seem logical to setup router configs to be v6-ready then... Aaron -Original Message- From: Nick Hilliard [mailto:n...@inex.ie] Sent: Tuesday, October 02, 2012 10:00 AM To: Adam Vitkovsky Cc: Aaron; cisco-nsp@puck.nether.net Subject: Re: [c-nsp] 6vpe - me3600x In general you don't want to enable multisession bgp unless you know why you need it and you understand all the consequences of doing so. I really wouldn't recommend this as a means of avoiding session flaps due to capabilities renegotiation. Nick Sent from my iWotsit. On 2 Oct 2012, at 15:22, Adam Vitkovsky adam.vitkov...@swan.sk wrote: I thought this is on by default but apparently it's not Try neighbor x.x.x.x transport multi-session adam -Original Message- From: cisco-nsp-boun...@puck.nether.net [mailto:cisco-nsp-boun...@puck.nether.net] On Behalf Of Aaron Sent: Tuesday, October 02, 2012 4:02 PM To: cisco-nsp@puck.nether.net Subject: Re: [c-nsp] 6vpe - me3600x (resending due to ugly formatting) When I enabled vpnv6 on my pre-existing vpnv4 neighbor session I saw it bounceIs there any way around this ? ...i'm concerned about the interruption (for operational environment) on the underlying vpnv4 l3vpn. Would be only momentary though right?... looks like 10 seconds from nbr_reset to Up If no way to avoid this, how do y'all do it ? maint window? Aaron noc-3600(config)#router bgp 64512 noc-3600(config-router)#address-family vpnv6 unicast % IPv6 routing not enabled noc-3600(config)#ipv unicast-routing noc-3600(config)#router bgp 64512 noc-3600(config-router)#address-family vpnv6 unicast noc-3600(config-router-af)#neighbor 10.101.0.254 activate *Oct 1 21:01:46: %BGP-5-NBR_RESET: Neighbor 10.101.0.254 reset (Capabilitychanged) *Oct 1 21:01:46: %BGP-5-ADJCHANGE: neighbor 10.101.0.254 Down Capability changed *Oct 1 21:01:46: %BGP_SESSION-5-ADJCHANGE: neighbor 10.101.0.254 VPNv4 Unicast topology base removed from session Capability changed *Oct 1 21:01:47: %BGP-5-NBR_RESET: Neighbor 10.101.0.254 active reset (Peer closed the session) *Oct 1 21:01:47: %BGP_SESSION-5-ADJCHANGE: neighbor 10.101.0.254 VPNv6 Unicast topology base removed from session Peer closed the session *Oct 1 21:01:47: %BGP_SESSION-5-ADJCHANGE: neighbor 10.101.0.254 VPNv4 Unicast topology base removed from session Peer closed the session *Oct 1 21:01:56: %BGP-5-ADJCHANGE: neighbor 10.101.0.254 Up ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/ ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/ ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] Advanced Metro license, ME-3600
I get some with and some without... the ones without I send system serial number to my cisco account se and she sends me a license file Aaron -Original Message- From: cisco-nsp-boun...@puck.nether.net [mailto:cisco-nsp-boun...@puck.nether.net] On Behalf Of Mattias Gyllenvarg Sent: Thursday, September 27, 2012 1:40 AM To: Eric A Louie Cc: cisco-nsp@puck.nether.net Subject: Re: [c-nsp] Advanced Metro license, ME-3600 Have had both ways. Always get them preinstalled now. Licencing process is a pain. On 27 September 2012 00:35, Eric A Louie elo...@yahoo.com wrote: Hey folks, I'm trying to get the straight scoop on the licensing issue I received an ME 3600x from my reseller, without the Advanced Metro license. I did order the license from them. Is there a normal wait for getting it, or is the reseller trying to smokescreen me? Or, should I have received the license on shipment of the switch? Much appreciated, Eric Louie ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/ -- *Med Vänliga Hälsningar - Best Regards* *Mattias Gyllenvarg* *Nätutveckling* Bredband2 - bara hårda paket Tel: +46 406219712 ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/ ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
[c-nsp] asr9k forwarding between pw's in a bridge-domain
i'm seeing devices downstream on these 2 pw's seeing each others' stp conf bpdus'ssince one of the devices is locking in on the other as root bridge. I thought pw's didn't allow for certain types of forwarding between them by defaultrecall something related to shg's (split horizon groups default behavious on pw's) please explain. Aaron RP/0/RSP0/CPU0:sabn-9k#sh run l2vpn br gr local Wed Sep 26 09:19:36.520 CDT l2vpn bridge group local bridge-domain local neighbor 10.101.36.2 pw-id 1 ! neighbor 10.101.36.3 pw-id 1 ! routed interface BVI5 ! ! ! RP/0/RSP0/CPU0:sabn-9k#sh ver | in IOS Wed Sep 26 09:19:44.007 CDT Cisco IOS XR Software, Version 4.1.2[Default] RP/0/RSP0/CPU0:sabn-9k#sh inst summ Wed Sep 26 09:19:50.151 CDT Active Packages: disk0:asr9k-mini-p-4.1.2 disk0:asr9k-doc-p-4.1.2 disk0:asr9k-k9sec-p-4.1.2 disk0:asr9k-mpls-p-4.1.2 disk0:asr9k-mgbl-p-4.1.2 ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/