Re: [c-nsp] QinQ termination on a Catalyst 6800
On 18/02/2019 23:11, Peter Rathlev wrote: On Mon, 2019-02-18 at 20:14 +, Tom Hill wrote: On 14/02/2019 09:01, Christophe Fillot wrote: Anyone knows if this platform supports QinQ termination ? The "encapsulation dot1q X second-dot1q Y" command is not present, but maybe there is another way to do it ? EVCs? I don't think it does double tagging even with EVCs. The following is from a Sup6T running 15.3, but I think 15.5 is the same. I would love to hear that it isn't, I don't have a 15.5 box to test right now. Unfortunately, it's the same in 15.5, the only option for rewrite is to push tags, and encapsulation supports only basic 802.1Q... Thanks, Christophe ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
[c-nsp] QinQ termination on a Catalyst 6800
Hello, Anyone knows if this platform supports QinQ termination ? The "encapsulation dot1q X second-dot1q Y" command is not present, but maybe there is another way to do it ? Thanks in advance, Christophe ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
[c-nsp] Nexus 56xx switch-profile problem after upgrade
Hello, We have upgraded a pair of Nexus 5672 from 7.2(1)N1(1) to 7.3(0)N1(1). We now have a switch-profile commit error related to spanning-tree. In the running configuration (sh run) we have: spanning-tree pseudo-information vlan 1-3967, 4048-4093 root priority 0 In the switch-profile configuration (sh run switch-profile) we have: spanning-tree pseudo-information vlan 1-3967, 4050-4093 root priority 0 The problem is that VLANs 4048-4049 now seem to be reserved and the parser does not accept them: n5k-bf-b(config-sync-sp)# spanning-tree pseudo-information n5k-bf-b(config-sync-sp-pseudo)# no vlan ? <1-3967,4050-4093> Vlan range, Example: 1,3-5,7,9-11 n5k-bf-b(config-sync-sp-pseudo)# no vlan 4048 root priority 0 ^ invalid vlans (reserved values) at '^' marker. It won't accept a commit even with an empty buffer: Status: Verify Failure Error(s): Following commands failed parsing: If the error is 'Command Parsing Failed', please check if some conditional feature(s) needs to be enabled vlan 4048 root priority 0 (Command Parsing Failed) vlan 4049 root priority 0 (Command Parsing Failed) I cannot modify the local configuration (conf t) because of the Exclusive Mutual error message. Is there a way to fix this without breaking anything ? Thanks, Christophe ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] Nex3K and MTU
On 03/03/2016 02:10 AM, CiscoNSP List wrote: > Yet "other" ports show 1500bytes: > > # sh int eth 1/1 > Ethernet1/1 is down (Link not connected) > Dedicated Interface > Hardware: 10/100/1000 Ethernet, address: 547f.ee7b.ff28 (bia 547f.ee7b.ff28) > MTU 1500 bytes, BW 100 Kbit, DLY 10 usec > reliability 255/255, txload 1/255, rxload 1/255 > Encapsulation ARPA > Port mode is access > To see the real MTU you have to use "show queuing interface ". For example: # sh int e1/45 Ethernet1/45 is up Dedicated Interface Hardware: 1000/1 Ethernet, address: 8c60.4f96.2cf4 (bia 8c60.4f96.2cf4) Description: storage2-01 *MTU 1500 bytes*, BW 1000 Kbit,, BW 1000 Kbit, DLY 10 usec [...] # sh queuing int e1/45 n5k-pg2-a# sh queuing int e1/45 Ethernet1/45 queuing information: TX Queuing qos-group sched-type oper-bandwidth 0 WRR100 RX Queuing qos-group 0 q-size: 100160, q-size-40g: 100160, *HW MTU: 9216 (9216 configured)* drop-type: drop, xon: 0, xoff: 0 [...] Hope this helps Christophe ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] vs ip device tracking on cisco3850
On 06/19/2015 05:46 PM, Tarko Tikan wrote: hey, I have been troubleshooting a similar problem with IP device tracking on a CAT4500 with SUP8. IDT was enabled by default and there was really no way to properly disable it. AFAIR it was possible to disable it per interface, and thats not really a solution. There was no global no ip device tracking knob. We got a problem here with our IP cameras here (3750E involved), they crashed because of the unicast ARP probes sent by the switches. We had to disable IPDT on each interface with ip device tracking maximum 0. ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] IP SLA
Saku Ytti wrote: I have been looking at IP SLA and was wondering whether there are any appliances around which emulate Ciscos IP SLA so that you can use it as a responder, or even better, the transmitter end? Have you found any? I'd be very interested in commercial solution also. Preferably one which does hardware timestamping. I've written a small responder that handles TCP connect, UDP echo and UDP jitter operations (for IPv4/IPv6), but unfortunately I don't know if I can publish it for the reasons you gave below. The protocol is easy to decode anyway. IP SLA is proprietary protocol, so technically if you want to do commercial solution, you'd need to buy permission for it from Cisco. And I know many people buying dedicated Cisco CPE for IP SLA responders, so it might be that companies have tried to build IP SLA responders but Cisco has said no. ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] IP SLA
Saku Ytti wrote: http://tools.ietf.org/html/draft-cisco-sla-protocol-04 http://www.juniper.net/us/en/local/pdf/app-notes/3500145-en.pdf I wonder if those implicitly mean that you are allowed to build responder or not. The Cisco draft is not really what we're seeing in real-life (real-life identifies itself as version 1, draft is for version 2). Indeed the packet format is very different... How does your responder compare to the one I gave link for? Does it support microsecond precision for UDP jitter? Tbh I didn't know there was a precision microsecond command. From what I can see in your co-worker's code, this is handled by a different message type (with code 0x03) whereas the probe with millisecond resolution has code 0x02. Adding support for it shouldn't be very complicated. About the packet handling, since I only support TCP/UDP probes, I use the classic socket API. Christophe ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] lsd
Aaron wrote: Is there something similar in IOS to lsd (label switch db) found in IOS XR ? does this function of lsd exist in ios? (lsd seems like what I used to understand as lib/tib but unsure at this point). if there is an lsd-type thing in IOS, is there a way to see client apps (l2vpn, bgp, etc) bound to it like in xr below. ? Aaron RP/0/RSP0/CPU0: 9k#sh mpls lsd applications Wed Apr 25 08:39:17.792 CST Application StateRecoveryTimeLocation --- LSD Active 0/0 (0) 0/RSP0/CPU0 L2VPNActive 0/0 (900) 0/RSP0/CPU0 LDP:Active Active 0/0 (15)0/RSP0/CPU0 LDP:Standby Active 0/0 (15)0/RSP1/CPU0 BGP-VPNv4:bgp-0 Active 0/0 (600) 0/RSP0/CPU0 RP/0/RSP0/CPU0: 9k# Something like that ? 7600#sh mpls infrastructure lsd apps Application Registration Status: Index Name Client Index Recovery(ms) Cutover(ms) Timer 1 INTERNAL 650 0INACTIVE 5 CONFIG690 0INACTIVE 6 IPRM 706 6INACTIVE 7 LDP 716060 INACTIVE 8 TE Tun I 726 6INACTIVE 9 TE Lsp I 736060 INACTIVE 10 SNMP 741010 INACTIVE 13 ATOM 771 1INACTIVE 15 BGP VPNV 796 6INACTIVE 17 BGP IPV6 811 1INACTIVE 18 MPLS CHK 826 6INACTIVE ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] ASR1000 - Software Redundancy
Antonio Soares wrote: Strange, I'm running 3.4.2S. Can you try after adding the service internal into the global configuration ? I already had it in the config. Same message if I remove it. I'm using 3.4.0aS: asr1001-universalk9.03.04.00a.S.151-3.S0a.bin Maybe newer releases don't have this limit. About the memory allocated to IOSd processes: iirc there are a bit similar to IOU and they are started by a script which specifies the amount of memory to use: # show platform software process environment ios rp active [...] PROCESS linux_iosd-image PROCESS_ARGUMENTS -n 32768 -m 1400 -c /config NETIO_NETMAP/usr/binos/bin/rp/NETMAP Maybe it would be possible to change the value for the -m parameter, but that would be unsupported. ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] ASR1000 - Software Redundancy
Antonio Soares wrote: Here's how to do it (asr1004): conf t platform shell end request platform software system shell rp active Then you have Linux :) Unfortunately not on the latest IOS-XE releases: ASR_x#request platform software system shell rp active Activity within this shell can jeopardize the functioning of the system. Are you sure you want to continue? [y/n] y Error acquiring an internal services license: Request failed due to no license I really wonder who took this stupid decision (and why). ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
[c-nsp] Enabling CFM globally on a 7600
Hello, I would like to run CFM on a Cisco 7600 (IOS 15.1(2)S), but when I use the command ethernet cfm global, I get the following message: Apr 21 11:00:56.519: %CFM_CONST-SP-3-MATCH_REG_GLOBAL_RESERVE_FAILED: Unable to program port ASIC MAC match register on one or more slots. Cannot run CFM On the CCO, the recommended action is To free MAC match registers, disable protocols that use the MAC match register. Protocols using port ASIC match registers can be viewed with the remote command switch show platform mrm info command. # remote command switch show platform mrm info Match Register Usage slot 1 has 3 mr and is online mr 1: bits 1 (prog) owner SSTP mr 2: bits 1 (prog) owner FREE mr 3: bits 1 (prog) owner FREE slot 2 has 0 mr and is offline slot 3 has 0 mr and is offline slot 4 has 2 mr and is online mr 1: bits 0 (48 ) owner SSTP mr 2: bits 2 (44 ) owner FREE slot 5 has 2 mr and is online mr 1: bits 0 (48 ) owner SSTP mr 2: bits 2 (44 ) owner FREE slot 6 has 2 mr and is online mr 1: bits 0 (48 ) owner SSTP mr 2: bits 2 (44 ) owner FREE I only want to enable CFM on a specific port of the linecard installed in slot 1 (WS-X6748-GE-TX). From what I can read of the previous output, it seems there are free registers available. I tried to disable CFM on all ports excepted the one I'm interested in, but no luck. Has someone any idea ? Thanks in advance, Christophe ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] 12.2.33.SRE Train and Dynamips
Shahid Shafi wrote: Hello, Is anyone able to run 12.2.33 SRE train with Dynamips? I am trying to run it on NPE-G2 and NPE-400 with no luck. My routers keep crashing without any rhyme or reason. I also tried to decompress the image and bumped up the memory to 1 Gig but still no success. Please let me know if you are able to make it work and share your Dynamips settings. I've just tried with 12.2(33)SRE2 on an NPE-400, it seems to work fine. Make sure that you are not trying to run a PowerPC image (c7200p) on a MIPS platform or vice-versa. BTW, 256 Mb of RAM is enough to run this image, and NPE-400 will not accept more than 512 Mb anyway. Hope this helps. thanks in advance, Shahid ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/ ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] Warm reload in Cisco 6500
Keegan Holley wrote: Is traffic still forwarded during the reload? It's not explicitly mentioned whether or not the reload is control plane only. The reload warm command is not available on 12.2(33)SXI4a for sure (I've just checked it). The warm reload feature works by loading and uncompressing the new image before rebooting. The current IOS image is still running and forwarding traffic during this phase. When the device reboots, it skips the flash reading step since the new IOS is already present in memory (of course, the device doesn't forward traffic during this). Note that you have to configure warm-reboot and reboot to enable the feature (it has to reserve some memory iirc). On Mon, Jan 3, 2011 at 5:44 PM, Phil Mayers p.may...@imperial.ac.uk wrote: On 01/03/2011 12:04 PM, Grzegorz Janoszka wrote: There is a nice feature in Cisco IOS: http://www.cisco.com/en/US/docs/ios/fundamentals/configuration/guide/warm_reload.html According to Cisco software advisor (Find software with the features I need), it is available in 12.2 for C6500/SUP720 in all releases of trains SXH and SXI. I think software advisor is incorrect (big surprise). Warm Reload is not available on this platform I'm pretty sure. If you have two supervisors you can emulate it with RPR+ mode. However when you force a switchover you still have 30-90 seconds of outage as your linecards reload, dependent on your linecard mix and configured features. There is also eFSU in later versions of IOS, giving 0-3 seconds outage if you have enough RAM on the linecards, but I'm not sure if you could (ab)use that to reload into the same IOS version; the argument to issu loadversion probably needs to be a different IOS than the running one? And of course both involve the expense of a 2nd SUP, which is why Cisco aren't incentivised to implement warm reload - their way, you spend more money! ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/ ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/ ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] BGP Cease - Connection collision resolution
Paul Stewart wrote: Thank you - but what is the solution to my problem or is there one? By the sounds of it I need to change out the IOS to a new version;) In theory this should resolve automatically, but it is abnormal if your session never establishes. If this began to happen with 12.2(18)SXF16 and if there was no config change, I guess it is a problem with this specific IOS release. What is the router on the remote side ? ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] BGP Cease - Connection collision resolution
Paul Stewart wrote: Hi, On a peering session we started getting the following: %BGP-3-NOTIFICATION: received from neighbor 198.32.XXX.XX 6/7 (cease) 0 bytes This all started when we upgraded to 12.2(18)SXF16 it seems or at least the timeline matches up.. So, I've discovered that 6/7 means Connection collision resolution - does anyone know what that means in English? ;) We have rebuilt our session and the peer has done the same thing. a Google search tells me what it means by definition but no real solution. From RFC 4271: 6.8. BGP Connection Collision Detection If a pair of BGP speakers try to establish a BGP connection with each other simultaneously, then two parallel connections well be formed. If the source IP address used by one of these connections is the same as the destination IP address used by the other, and the destination IP address used by the first connection is the same as the source IP address used by the other, connection collision has occurred. In the event of connection collision, one of the connections MUST be closed. [...] Closing the BGP connection (that results from the collision resolution procedure) is accomplished by sending the NOTIFICATION message with the Error Code Cease. ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] Does traffic routing through a PE get an MPLS label added/removed?
TiM a écrit : I'm sure that ingress traffic is assigned some internal you're in VRF x label, but our SE was clear in stating it would be an MPLS header added and removed, the same information as if it was egressing towards Site 2/3. IMHO, you're right. Just consider the VRF-lite feature (especially on low-end routers where there is no MPLS support), there is no LFIB built and no MPLS mechanism used. I don't see the purpose of adding/removing label on the same box whereas the routing decision done by CEF with the FIB is sufficient. Thanks! Tim ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/ ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] Cisco SAA
Jefri Abdullah a écrit : B#1(config)#rtr ? % Unrecognized command Is my 12.2(25)EWA10 doesn't support SAA measurement? The rtr command has been renamed. Does ip sla work instead ? ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] 3660 Hot Swap?
Justin Shore a écrit : I could be wrong but I don't think any NM modules are hot-swappable. Ditto for *(V|W)ICs. I could be wrong though. The 3660 supports OIR for the NM, but not the 3620/3640: http://www.cisco.com/en/US/products/hw/routers/ps359/products_tech_note09186a00800c8282.shtml As you said, OIR is not supported for WIC cards. Justin Richey wrote: I just wanted a second opinion, maybe a 3rd or 4th :) Is it safe to pull a NM-1FE-TX out of a running 3660? If I am reading correctly the cisco site says yes, but it would be nice to hear someone say they have done it before. ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/ ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] Extracting serial numbers from Show techs ?
kevin gannon a écrit : Does anyone know of or have a script that will take in a show tech and extract the part numbers and serial numbers ? I know Cisco works does this but I want an offline tool that can extract the information. That will handle things like seeing the chassis serial numbers and psu from 6500s. I would suggest to use the output of the sh inventory command, which can be easily parsed (the output of this command is included in sh tech). ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] cpu usage of a 7200 npe-g2: disapointed
Philippe Strauss a écrit : Hello, Hello, We replaced a 7200 NPE400 with a NPE-G2 recently and are disapointed by the CPU usage: this router switches ~80kPPS in+out (~180Mbps), it was peaking at 55% CPU, now 40%, while the CPU clock is more that 4 time higher on the G2. currently running: c7200p-p-mz.122-31.SB7.bin was running 12.2.16-is any comment on this? Rodney explained this in a previous thread: https://puck.nether.net/pipermail/cisco-nsp/2007-April/03.html https://puck.nether.net/pipermail/cisco-nsp/2007-April/040171.html Chris ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/