Re: [c-nsp] How can I increase Ethernet MTU?
If you switch is running any L3 interfaces, and as long as you keep your system MTU routing to 1500, there are no problems. From a host perspective, if they are sending frames across the network, they won't care if a switch in the middle can take a larger frame, they only care if a switch can't take a smaller frame. ThanksDarren Date: Sat, 24 Jan 2015 23:50:01 +0600 From: v...@mpeks.tomsk.su To: n...@foobar.org CC: cisco-nsp@puck.nether.net Subject: Re: [c-nsp] How can I increase Ethernet MTU? Nick Hilliard wrote: What if I set system mtu jumbo 9198 on a random switch in the middle of the network, would it disrupt connectivity (STP or OSPF in the management VLAN or anything else)? system mtu jumbo is only activated on a switch reboot. You can safely issue the command on a switch, and it won't have any affect on running traffic. But after a reboot with a new system mtu jumbo, what adverse effects can I expect if there is a jumbo MTU switch among switches with the default MTU? -- Victor Sudakov, VAS4-RIPE, VAS47-RIPN sip:suda...@sibptus.tomsk.ru ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/ ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] How can I increase Ethernet MTU?
Or just set your routing MTU to 1500 while your ethernet MTU goes up to 9k+ Date: Sat, 24 Jan 2015 10:28:24 -0600 From: mer...@geeks.org To: v...@mpeks.tomsk.su CC: cisco-nsp@puck.nether.net Subject: Re: [c-nsp] How can I increase Ethernet MTU? On Sat, Jan 24, 2015 at 09:15:38PM +0600, Victor Sudakov wrote: Switch(config)#system mtu jumbo 9198 Should I do that on all switches in the network simultaneously ? What if I set system mtu jumbo 9198 on a random switch in the middle of the network, would it disrupt connectivity (STP or OSPF in the management VLAN or anything else)? OSPF will be affected by an MTU mismatch, so if you have OSPF setup on everything, expect a downtime until all switches are done. ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/ ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] command that can display the dropped routes containing AS loops
Yes there is, and it was already posted:show ip bgp neighbor 192.0.2.10 received-routes | incl _64512_ Date: Tue, 13 Jan 2015 09:48:49 +0800 From: refresh.ls...@gmail.com To: b.turn...@twt.it; pe...@rathlev.dk CC: cisco-nsp@puck.nether.net Subject: Re: [c-nsp] command that can display the dropped routes containing AS loops Hi, Thanks! on juniper router, I know a command can do that: show route hidden aspath-regex .*Target-AS.* It seems that there is no similar command on a cisco router. Song 在 2015/1/13 1:30, b.turn...@twt.it 写道: Hi, On Mon, 2015-01-12 at 22:17 +0800, Song Li wrote: I am curious about the AS loops in the AS-path. I think there should be a very, very few received BGP routes that contain the local AS#. But because such routes will be dropped and not installed in Loc-RIB, I want to know if there is a command that can display the dropped routes containing AS loops on cisco. Does anybody know? If you have soft-reconfiguration inbound configured on the neighbor you could probably use: show ip bgp neighbor 192.0.2.10 received-routes | incl _64512_ where 65412 is you own AS. You would need soft-reconfiguration since it would otherwise not make it into the BGP table. Keep in mind the risks regarding memory when enabling it. And the above command might be rather slow since it has to process the whole table as text. I don't know of any other way though. Or you could accept them in with allow as in /accept own being very very careful not to create havoc on your network... :-) Try and see about debugging bgp , be careful about resources , I seem to remember that debugging bgp events having an error message being logged when own as is found in updates. Brian -- Song Li Room 4-204, FIT Building, Network Security, Department of Electronic Engineering, Tsinghua University, Beijing 100084, China Tel:( +86) 010-62446440 E-mail: refresh.ls...@gmail.com ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/ ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] ME3600 config help, Q in Q
What exactly are you trying to do? Looks like you're trying to L3 terminate one of the cvlans, but what are you going to do with the others? what's your end goal? Thanks Darren http://www.mellowd.co.uk/ccie Date: Fri, 8 Aug 2014 10:17:11 -0600 From: lists.james.edwa...@gmail.com To: cisco-nsp@puck.nether.net Subject: [c-nsp] ME3600 config help, Q in Q I am trying to configure an interface on a ME3600 to accept Q in Q from a provider. The p-vlan the provider is using is 1048 and they are carrying customer vlans (c-vlan) 1058-1098, one from each site. I'm new to the 3600 and have not done Q in Q on it yet. I've worked up this much of the config but it does not seem right. Can anyone give me some pointers or links to help me along ? I've only got one customer site configed, there will be 14. ! vlan 1048 name WINDSTREAM ! vlan 1058 name WINDSTREAM-HOBBS ! interface GigabitEthernet0/6 description Windstream VLS IP.LVXX.xx..WCI.001 port-type nni switchport trunk allowed vlan none switchport mode trunk service instance 10 ethernet encapsulation dot1q 1048 rewrite ingress tag pop 1 symmetric bridge-domain 10 ! ! interface Vlan1048 description Windstream VLS no ip address ! interface Vlan1058 description WINDSTREAM-HOBBS ip address xxx.xx.xx.1 255.255.255.0 Thanks, James ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/ ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] Global vs. VRF
Those routes should be in different VRFs. i.e. each RIB will therefore have a different routes received. Are you exporting routes between global and vrf? If not, then if a router receives two routes, those routes go into different RIBs and as such there is no problem. Thanks Darren http://www.mellowd.co.uk/ccie From: gunner_...@live.com To: cisco-nsp@puck.nether.net Date: Tue, 5 Aug 2014 11:35:18 +0300 Subject: [c-nsp] Global vs. VRF In MPLS network if a router receives the same route from global and at the same time through a VRF , will there be a problem ? it will prefer one over the other ? we are using the same routing protocol Thanks ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/ ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] OSPFv3 Multiple Address Families Support in IOS
No TE extensions for OSPFv3 is the biggest issue. Thanks Darren http://www.mellowd.co.uk/ccie From: cwe...@ernw.de To: cisco-nsp@puck.nether.net Date: Tue, 5 Aug 2014 17:48:22 + Subject: [c-nsp] OSPFv3 Multiple Address Families Support in IOS Dear list, I noticed that support for multiple address families in OSPFv3 was added in recent IOS versions. I am currently thinking about updating the IOS version on my routers and subsequently consolidating OSPFv2 and OSPFv3 into OSPFv3 for both IPv4 and IPv6. Has anyone done this before and can share some experience with it? What are (in your opinion) the pros and cons of the aforementioned consolidation of OSPFv2/v3 into only OSPFv3? Thanks in advance for your time and feedback. Best, Christopher ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/ ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] OSPFv3 Multiple Address Families Support in IOS
There was an issue, at least a year or two ago, when it came to authentication on ospfv3. Ospfv3 doesn't have built in authentication, rather it relies on ipv6 IPSec. That's all fine and good until you realise you need the security license on ios in order to use IPSec. So you cannot authenticate your peers with v3 out the box on unlicensed ios. I would need to check if this has changed though On 5 Aug 2014, at 19:29, Christopher Werny cwe...@ernw.de wrote: Hi, thanks to both of you for the feedback. As we are a typical enterprise environment, TE isn't much of a concern for us. Best Christopher -Original Message- From: sth...@nethelp.no [mailto:sth...@nethelp.no] Sent: Dienstag, 5. August 2014 20:25 To: darre...@outlook.com Cc: Christopher Werny; cisco-nsp@puck.nether.net Subject: Re: [c-nsp] OSPFv3 Multiple Address Families Support in IOS No TE extensions for OSPFv3 is the biggest issue. And for those who aren't married to OSPF, IS-IS is still an excellent alternative. Steinar Haug, Nethelp consulting, sth...@nethelp.no Thanks Darren http://www.mellowd.co.uk/ccie From: cwe...@ernw.de To: cisco-nsp@puck.nether.net Date: Tue, 5 Aug 2014 17:48:22 + Subject: [c-nsp] OSPFv3 Multiple Address Families Support in IOS Dear list, I noticed that support for multiple address families in OSPFv3 was added in recent IOS versions. I am currently thinking about updating the IOS version on my routers and subsequently consolidating OSPFv2 and OSPFv3 into OSPFv3 for both IPv4 and IPv6. Has anyone done this before and can share some experience with it? What are (in your opinion) the pros and cons of the aforementioned consolidation of OSPFv2/v3 into only OSPFv3? Thanks in advance for your time and feedback. Best, Christopher ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/ ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/ ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] OSPFv3 Multiple Address Families Support in IOS
Good to hear. Thanks for that Sent from my iPhone On 5 Aug 2014, at 19:45, Christopher Werny cwe...@ernw.de wrote: Hi Darren, Cisco implemented finally the OSPFv3 Authentication Trailer (RFC 7166) beginning with 15.4S/T/M. I was able to configure it without a problem on a 2921 running 15.4(3)M with ipbase license in our lab. Best, Christopher -Original Message- From: Darren O'Connor [mailto:darre...@outlook.com] Sent: Dienstag, 5. August 2014 20:40 To: Christopher Werny Cc: sth...@nethelp.no; cisco-nsp@puck.nether.net Subject: Re: [c-nsp] OSPFv3 Multiple Address Families Support in IOS There was an issue, at least a year or two ago, when it came to authentication on ospfv3. Ospfv3 doesn't have built in authentication, rather it relies on ipv6 IPSec. That's all fine and good until you realise you need the security license on ios in order to use IPSec. So you cannot authenticate your peers with v3 out the box on unlicensed ios. I would need to check if this has changed though On 5 Aug 2014, at 19:29, Christopher Werny cwe...@ernw.de wrote: Hi, thanks to both of you for the feedback. As we are a typical enterprise environment, TE isn't much of a concern for us. Best Christopher -Original Message- From: sth...@nethelp.no [mailto:sth...@nethelp.no] Sent: Dienstag, 5. August 2014 20:25 To: darre...@outlook.com Cc: Christopher Werny; cisco-nsp@puck.nether.net Subject: Re: [c-nsp] OSPFv3 Multiple Address Families Support in IOS No TE extensions for OSPFv3 is the biggest issue. And for those who aren't married to OSPF, IS-IS is still an excellent alternative. Steinar Haug, Nethelp consulting, sth...@nethelp.no Thanks Darren http://www.mellowd.co.uk/ccie From: cwe...@ernw.de To: cisco-nsp@puck.nether.net Date: Tue, 5 Aug 2014 17:48:22 + Subject: [c-nsp] OSPFv3 Multiple Address Families Support in IOS Dear list, I noticed that support for multiple address families in OSPFv3 was added in recent IOS versions. I am currently thinking about updating the IOS version on my routers and subsequently consolidating OSPFv2 and OSPFv3 into OSPFv3 for both IPv4 and IPv6. Has anyone done this before and can share some experience with it? What are (in your opinion) the pros and cons of the aforementioned consolidation of OSPFv2/v3 into only OSPFv3? Thanks in advance for your time and feedback. Best, Christopher ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/ ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/ ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] Latency Spike
An ICMP echo-request requires the CPU on the other side to respond with an ICMP echo-reply. It's quite low priority on the CPU so if it's busy doing something else that reply will be delayed. ICMP is not a great test for latency through a router. Thanks Darren http://www.mellowd.co.uk/ccie From: molas...@gmail.com Date: Thu, 31 Jul 2014 12:10:55 +0700 To: cisco-nsp@puck.nether.net Subject: [c-nsp] Latency Spike Hi All, Just experienced spike when doing the continuous ping as the result below: 64 bytes from x.x.152.3: icmp_seq=421 ttl=255 time=3.53 ms 64 bytes from x.x.152.3: icmp_seq=422 ttl=255 time=2.40 ms 64 bytes from x.x.160.152.3: icmp_seq=423 ttl=255 time=1.49 ms 64 bytes from x.x.152.3: icmp_seq=424 ttl=255 time=3.15 ms 64 bytes from x.x.152.3: icmp_seq=425 ttl=255 time=2.05 ms *64 bytes from x.x.152.3: icmp_seq=426 ttl=255 time=107 ms* 64 bytes from x.x.152.3: icmp_seq=427 ttl=255 time=47.4 ms 64 bytes from x.x.152.3: icmp_seq=428 ttl=255 time=3.77 ms 64 bytes from x.x.152.3: icmp_seq=429 ttl=255 time=1.12 ms 64 bytes from x.x.152.3: icmp_seq=430 ttl=255 time=1.35 ms --- x.x.152.3.152.3 ping statistics --- 500 packets transmitted, 500 received, 0% packet loss, time 25285ms *rtt min/avg/max/mdev = 0.634/4.021/107.242/9.067 ms, pipe 2* I tested this segment by segment (point to point) between the two devices, and I still see this latency spike. I assume this is normal in the network as router/switch needs time to calculate and send back to source. Is There anyone experienced this or anything can cause this ? Regards, -- Samol Khoeurn (855) 077 55 64 02 / (855) 067 41 88 66 Network Engineer Cisco: CCNA/CCNP SP/CCIP/ Juniper: JNCIA/JNCIS-ENT,SP,SEC/JNCIP-ENT www.linkedin.com/in/samolkhoeurn ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/ ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] Configure 802.1Q on HWIC-4SHDSL-E
You don't need a vlan tag on the dsl interface in order to bridge to a lan interface that is tagged Thanks Darren http://www.mellowd.co.uk/ccie From: ruddy.ramo...@mediaserv.com To: cisco-nsp@puck.nether.net Date: Mon, 7 Jul 2014 12:44:30 + Subject: [c-nsp] Configure 802.1Q on HWIC-4SHDSL-E Hi I would like to know how to configure 802.1Q on the interface HWIC-4SHDSL-E, Is it mandatory to bridge with an LAN Interface ? The Card is on a Cisco1841 platform. Regards. Ruddy ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/ ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] Cisco IP nat question
You can use an ACL to let IOS know which addresses to translate. So an ACL which reads ANY to 172.16.144.0/20 - Then source NAT to the interface Thanks Darren http://www.mellowd.co.uk/ccie Date: Tue, 1 Jul 2014 14:48:26 -0700 From: mike-cisconspl...@tiedyenetworks.com To: cisco-nsp@puck.nether.net Subject: [c-nsp] Cisco IP nat question I have a 7201 connected to network 172.16.144.0/20, and it's interface is 172.16.144.1 (gi0/1. for example). I was wondering how I might arrange things so that any source address - inbound to 172.16.144.0/20 is natted with a source address of 172.16.144.1? The clients are dumb and default route doesn't work for them (they have multiple and can't pick the right one), so sourcing all traffic FROM 172.16.144.1 would let me talk to them all. I do not care about the other direction, just inbound. Thank you. Mike- ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/ ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] Need suggestion on cisco 3560 sw IOS
I've stuck with (55) and it's never given me trouble Thanks Darren http://www.mellowd.co.uk/ccie Date: Thu, 26 Jun 2014 20:24:33 +0530 From: bn.thiyagara...@gmail.com To: cisco-nsp@puck.nether.net Subject: [c-nsp] Need suggestion on cisco 3560 sw IOS Hello, Request to suggest whether 12.2(58)SE or 12.2(55)SE , a stable IOS for Cisco 3560-24TS switch since the switch got a software crash installed with 12.2(52)SE. Warm Regards, Thiyagarajan B. ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/ ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] Brocade/Foundry Gbic
service unsupported-transceiver Thanks Darren http://www.mellowd.co.uk/ccie From: harry.ha...@bbc.co.uk To: cisco-nsp@puck.nether.net Date: Wed, 18 Jun 2014 08:34:09 + Subject: [c-nsp] Brocade/Foundry Gbic Hi All, I have some LX SX brocade/foundry Gbics . I'me told there is a command that will enable these Gbics to work in a Cisco chassis, is this this the case ?, If so does anyone know the commands?. Thanks in advance Rgds Harry Harry Hambi BEng(Hons) MIET Rsgb ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/ ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] ME3600X - tunning the output queues
I've been using queue limit 100% on our policies for four months with no ill affects at all on our me3600x's Thanks Darren http://www.mellowd.co.uk/ccie From: wa...@cisco.com To: pshe...@gmail.com; ggian...@gmail.com Date: Sun, 18 May 2014 07:39:13 + CC: cisco-nsp@puck.nether.net Subject: Re: [c-nsp] ME3600X - tunning the output queues Hi Pshem and George, There are two ASICs in the system and each has the buffer of 22 MB. 2x10Gig are one ASIC and 24x1Gig are on the other ASIC so 10 Gig buffers are separate from 1 Gig buffer. You are experiencing microburst in your network and it happens due to speed mismatch between ingress and egress interface. Higher the speed mismatch, the probability of microburst happening is more. Microburst causes sudden burst traffic in traffic resulting in packet drops due to lack of buffers. I would recommend using queue-limit percent and you can use 100% since the configuration allows oversubrcription assuming not all queues are oversubscribed at the same time. You can refer to my following Cisco Live deck for more information, https://docs.google.com/viewer?a=vpid=sitessrcid=ZGVmYXVsdGRvbWFpbnxtd2FyaXN8Z3g6NzI1MTc2YzdjNGI2YmQ1NA Best Regards, [http://www.cisco.com/web/europe/images/email/signature/horizontal06.jpg] Waris Sagheer Technical Marketing Manager Service Provider Access Group (SPAG) wa...@cisco.commailto:wa...@cisco.com Phone: +1 408 853 6682 Mobile: +1 408 835 1389 CCIE - 19901 http://www.cisco.com/ This email may contain confidential and privileged material for the sole use of the intended recipient. Any review, use, distribution or disclosure by others is strictly prohibited. If you are not the intended recipient (or authorized to receive for the recipient), please contact the sender by reply email and delete all copies of this message. For corporate legal information go to:http://www.cisco.com/web/about/doing_business/legal/cri/index.html From: Pshem Kowalczyk pshe...@gmail.commailto:pshe...@gmail.com Date: Tuesday, March 26, 2013 at 2:05 PM To: 'George Giannousopoulos' ggian...@gmail.commailto:ggian...@gmail.com Cc: cisco-nsp@puck.nether.netmailto:cisco-nsp@puck.nether.net cisco-nsp@puck.nether.netmailto:cisco-nsp@puck.nether.net Subject: Re: [c-nsp] ME3600X - tunning the output queues Hi, We're running 15.3 already. We got the buffers to 2MB per service, but still see occasional tail drop. kind regards Pshem On 27 March 2013 02:26, George Giannousopoulos ggian...@gmail.commailto:ggian...@gmail.com wrote: Hi Pshem, We have seen the same issue with the 3800x In our case we use the maximum allowed packet number queue-limit 2457 packets If I'm not mistaken, there are improvements coming to the default queue sizes with the 15.3 train George On Mon, Mar 25, 2013 at 4:25 AM, Pshem Kowalczyk pshe...@gmail.commailto:pshe...@gmail.com wrote: Hi, We have a couple of ME3600X (24cx) providing MPLS-based L2 services to anywhere between 20 and 80 customers per chassis. For the last few weeks we've been chasing a packet loss issue with some of those customers. It looks like the issue is more likely to happen on interfaces with multiple service instances then those with just a few. In most extreme cases we have customers doing 700Mb/s on a single port with the default queue depth (~ 50KB) and not a single dropped packet one one hand and a bunch of 10Mb/s on another dropping packets all the time. Initially we used the following QoS (per service instance): policy-map PM-CUST-DEFAULT-100M-OUT class class-default shape average 1 This was causing massive drops even for services that were only transmitting 5-15Mb/s. Since queue-depth couldn't be applied with just the default class, we ended up with something like this: policy-map PM-CUST-DEFAULT-100M-OUT class CM-DUMMY class class-default shape average 1 queue-limit 1536000 bytes (where CM-DUMMY matches non-existing qos-group). This made things significantly better, but I feel that the queue of 1.5MB per service is quite excessive (bearing in mind that the device has only 22MB in total for shared queues on 1G ports). I was told by the TAC engineer that the memory is allocated dynamically, so it's save to oversubscribe it. At this stage I'm still waiting to learn if its possible to monitor the utilisation of that RAM. But the other question still lingers - what do you use as the queue-limit? I know it's traffic-dependant but with only 3 profiles available there is not much room to move (we use one profile for the core-facing classes, this is the second one) and a fairly universal depth has to be used. On top of that we don't really know what our customers use the service for, so the visibility is very limited. So if you use the platform - what's your magic number? kind regards Pshem
Re: [c-nsp] Replacing 3750X stack
True, but check for feature parity beforehand. If you're just doing basic l2 then more than likely it's already there. But always check first Thanks Darren http://www.mellowd.co.uk/ccie From: i...@st-andrews.ac.uk To: darre...@outlook.com Subject: RE: [c-nsp] Replacing 3750X stack Date: Sun, 11 May 2014 20:53:18 + But don't have all the features (yet). Thanks -- ian Sent from my phone, please excuse brevity and misspelling. From: Darren O'Connor Sent: 11/05/2014 21:51 To: CiscoNSP List; cisco-nsp@puck.nether.net Subject: Re: [c-nsp] Replacing 3750X stack 3850 also makes a good replacement for 3750s as they also stack and have bigger, but still smallish, buffers Thanks Darren http://www.mellowd.co.uk/ccie From: darre...@outlook.com To: cisconsp_l...@hotmail.com; cisco-nsp@puck.nether.net Subject: RE: [c-nsp] Replacing 3750X stack Date: Sun, 11 May 2014 21:43:46 +0100 Cisco me3600x/me3800x have great buffers, although lower port count. Thanks Darren http://www.mellowd.co.uk/ccie From: cisconsp_l...@hotmail.com To: cisco-nsp@puck.nether.net Date: Fri, 2 May 2014 10:50:09 +1030 Subject: [c-nsp] Replacing 3750X stack Hi, We have a 3750X stack (2 switches) doing pure L2 at a small POP (Acting as a core switch) - The small buffers are causing a lot of performance issues, so we are looking to upgrade them. We run pairs of 4500X's (In VSS) at some other POPs, and are quite happy with them, but Cisco dont appear to see this platform as having any longevity? Hoping for some recommendations on replacement switch(es) for the 3750 - The 6800's look very nice, but Ive got no idea on price? We are a small Service Provider, and primarily provide private networks(VRF's) to customers - All L3 is currently done on 7200's and ASR1K's Cheers. ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/ ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/ ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] Replacing 3750X stack
Cisco me3600x/me3800x have great buffers, although lower port count. Thanks Darren http://www.mellowd.co.uk/ccie From: cisconsp_l...@hotmail.com To: cisco-nsp@puck.nether.net Date: Fri, 2 May 2014 10:50:09 +1030 Subject: [c-nsp] Replacing 3750X stack Hi, We have a 3750X stack (2 switches) doing pure L2 at a small POP (Acting as a core switch) - The small buffers are causing a lot of performance issues, so we are looking to upgrade them. We run pairs of 4500X's (In VSS) at some other POPs, and are quite happy with them, but Cisco dont appear to see this platform as having any longevity? Hoping for some recommendations on replacement switch(es) for the 3750 - The 6800's look very nice, but Ive got no idea on price? We are a small Service Provider, and primarily provide private networks(VRF's) to customers - All L3 is currently done on 7200's and ASR1K's Cheers. ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/ ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] Replacing 3750X stack
3850 also makes a good replacement for 3750s as they also stack and have bigger, but still smallish, buffers Thanks Darren http://www.mellowd.co.uk/ccie From: darre...@outlook.com To: cisconsp_l...@hotmail.com; cisco-nsp@puck.nether.net Subject: RE: [c-nsp] Replacing 3750X stack Date: Sun, 11 May 2014 21:43:46 +0100 Cisco me3600x/me3800x have great buffers, although lower port count. Thanks Darren http://www.mellowd.co.uk/ccie From: cisconsp_l...@hotmail.com To: cisco-nsp@puck.nether.net Date: Fri, 2 May 2014 10:50:09 +1030 Subject: [c-nsp] Replacing 3750X stack Hi, We have a 3750X stack (2 switches) doing pure L2 at a small POP (Acting as a core switch) - The small buffers are causing a lot of performance issues, so we are looking to upgrade them. We run pairs of 4500X's (In VSS) at some other POPs, and are quite happy with them, but Cisco dont appear to see this platform as having any longevity? Hoping for some recommendations on replacement switch(es) for the 3750 - The 6800's look very nice, but Ive got no idea on price? We are a small Service Provider, and primarily provide private networks(VRF's) to customers - All L3 is currently done on 7200's and ASR1K's Cheers. ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/ ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] CsC IOS XR
What does your MPLS config look like? You need /32 static routes on XR for labelled next-hops in certain cases as it's not automatic. In your topology, what is the customer PE and provider PEs? Does the XR box have a valid labelled next-hop to the correct PE? Thanks Darren http://www.mellowd.co.uk/ccie From: gunner_...@live.com To: cisco-nsp@puck.nether.net Date: Mon, 5 May 2014 16:53:04 +0300 Subject: [c-nsp] CsC IOS XR Hi all I am simulating CsC using Cisco IOS XR (on GNS3) The topology looks like below R5 -- R1 -- XR1 -- R2 -- R3 -- R4 -- R6 I am using BGP as the PE-CE routing protocol in order to achieve connectivity between R1 lo0 and R4 lo0 and it's done Now , I have configured OSPF as the routing protocol between R5 - R1 and R6 - R4 and I did all the redistribution RP/0/0/CPU0:XR1#sh run router bgp Mon May 5 14:48:47.261 UTC router bgp 1 address-family ipv4 unicast ! address-family vpnv4 unicast ! neighbor 3.3.3.3 remote-as 1 update-source Loopback0 address-family vpnv4 unicast ! ! vrf MSSK rd 100:1 address-family ipv4 unicast allocate-label all ! neighbor 192.168.102.1 remote-as 14 address-family ipv4 unicast route-policy PASS_CE in route-policy PASS_CE out as-override What am facing now is I even lost connectivity between R1 lo0 and R4 lo0 networks Am i missing something ? Thanks ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/ ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] 3750: SNMP-3-INPUT_QFULL_ERR, ssh session dies, show tech support fails, switch stack crashes on reload
Never seen it myself, but googling around brings up a few things. Did this recently start? Any other switch on the same code having the same issues or not? Generally if five different devices all start having the same issue an external issue is to blame. Maybe your SNMP server is sending a particular packet that this IOS code doesn't like? Have you tried restarting SNMP itself on the switch? Thanks Darren http://www.mellowd.co.uk/ccie Date: Mon, 5 May 2014 16:47:02 +0200 From: sebastian.beu...@rus.uni-stuttgart.de To: cisco-nsp@puck.nether.net Subject: [c-nsp] 3750: SNMP-3-INPUT_QFULL_ERR, ssh session dies, show tech support fails, switch stack crashes on reload Hi List, we are running a lot of (three-digit) 3750 stacks that are showing a strange phenomenon by and by. Meanwhile we have five affected switches that had an uptime of almost two years and an old IOS 12.2(44)SE in common. The first indication so far is, that we see %SNMP-3-INPUT_QFULL_ERR in the syslog for no reason (the affected switch receives as much snmp request as any other switch on our network). If we ssh to the affected switch and do a show interfaces status it shows a couple of interfaces of the first switch, then the ssh session crashes. The same with show etherchannel summary. If we reconnect again a show users lists the broken connection but a clear line vty does not reset it. If we do a show tech-support | redirect tftp:... the ssh session also crashes. The file on the tftserver ends with the interface at which sho int statu breaks. At this stage the stack still seems to forward traffic but if we do a reload in a maintenance window things get worse: The switch that has been the stack master instantly crashes and does not recover. Forwarding stops and the management interface does not come back. Even the console is unusable. The only thing to remedy the situation is to unplug the mains cables. After that the switch comes back as though nothing had happened. We understand that we need to update the IOS (and we did on some of them). The problem though is that the reload that is associated with the update may also cause outages. We suspect that stacks are unstable long before they attract attention due do the snmp error messages. It would be a great help to predict whether a switch will survive an update or otherwise would need it's mains supply interrupted. Thanks in advance, Sebastian. -- Dipl.-Ing. Sebastian Beutel tel: +49-711-685-64538 Rechenzentrum Universitaet Stuttgart http://www.rus.uni-stuttgart.de/nks Netze und Kommunikationssysteme Allmandring 30A, D-70550 Stuttgart ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/ ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] ERSPAN
No Thanks Darren http://www.mellowd.co.uk/ccie From: gunner_...@live.com To: cisco-nsp@puck.nether.net Date: Wed, 2 Apr 2014 16:39:03 +0300 Subject: Re: [c-nsp] ERSPAN Can ERSPAN be simulated on GNS3 with virtual machines ?is there any router model like 7200 that can support ? Thanks From: gunner_...@live.com To: cisco-nsp@puck.nether.net Subject: ERSPAN Date: Sat, 29 Mar 2014 01:09:10 +0300 Hi AllI was looking into the Cisco software advisor looking for the ERSPAN on the 3560 model , but did not find the keywordis the feature supported ? what is the minimum ? Thanks ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/ ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] vpls - vlan-id
This question is better asked on the juniper mailing list. Saying that, an MX has no issue running VPLS extending whatever vlans you want Thanks Darren http://www.mellowd.co.uk/ccie On 22 Mar 2014, at 13:23, Ranjith R ranjithrn...@gmail.com wrote: Hi All, We have a requirement of extending few vlans from the data center to the a new office , the Juniper MX is on either end running MPLS , RSVP. The vlan id include 10 , Is there a limitation in extending vlan id 10 via VPLS ? Thanks, Ranjith ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/ ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] NPE-G1s don't want to talk to each other over copper?
No auto-mdix on npe-g1 so use a crossover Thanks Darren http://www.mellowd.co.uk/ccie To: cisco-nsp@puck.nether.net From: r...@seastrom.com Date: Wed, 19 Mar 2014 09:39:29 -0400 CC: r...@seastrom.com Subject: [c-nsp] NPE-G1s don't want to talk to each other over copper? Hi folks, I have a small pile of NPE-G1s here, about to upgrade the routing engines in the VXRs in $BROCOLO in an effort to eke out a couple of more years from them. So, I'm staging and made an interesting discovery: over the built-in rj45 connectors they will talk to a switch (ex3200) but when cabled to each other link will not come up. Haven't tried a crossover cable to see if they'll come up at 100m rather than gigabit, but this is puzzling to me. Tried 12.4 mainline and 15.x. Upgraded the bootloader. No joy. Anyone have any ideas or is this a known shortcoming? Thanks, -r ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/ ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] how do i track my cisco certification ,
https://cisco.pearsoncred.com/durango/do/login?ownername=ciscochannel=ciscobasechannel=integral7 Thanks Darren http://www.mellowd.co.uk/ccie Date: Fri, 14 Mar 2014 12:07:33 +0530 From: vijaygor...@gmail.com To: cisco-nsp@puck.nether.net Subject: [c-nsp] how do i track my cisco certification , Hi, I need to find my cisco certification validity date. Please let me know. ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/ ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] 3750E to stack of 2960x.....
If you think its spanning-tree you really need to check that it is. If it happens again make sure you console on and check the spanning-tree state before you reboot it. Are you actually running VTP? Did you turn VTP to transparent or off? Thanks Darren http://www.mellowd.co.uk/ccie Date: Tue, 4 Mar 2014 12:41:13 -0800 From: svoll.v...@gmail.com To: blake.mailingl...@pfankuch.me CC: cisco-nsp@puck.nether.net Subject: Re: [c-nsp] 3750E to stack of 2960x. uplinks are Copper SFP's 1 gig. all cisco branded GLC-T. IOS on the 2960x is latest 15 ex4 code. I think it might be a spanning tree issue. we found that the legacy devices were still using pvst rather than rapid pvst. we are going to update everything to Rapid pvst and see if we have any more issues. Unfortunately I was not able to see the console before someone rebooted them. Looks like the switches were up and working. just the uplinks were not. No CDP from the 3750E. TIA Scott On Tue, Mar 4, 2014 at 11:44 AM, Blake Pfankuch - Mailing List blake.mailingl...@pfankuch.me wrote: What kind of uplinks? Fiber or Copper? SFP? 1gig or 10gig? Cisco Branded SFP? IOS Versions on all affected devices? Thanks, Blake -Original Message- From: cisco-nsp [mailto:cisco-nsp-boun...@puck.nether.net] On Behalf Of Scott Voll Sent: Tuesday, March 4, 2014 8:19 AM To: cisco-nsp@puck.nether.net Subject: [c-nsp] 3750E to stack of 2960x. I have a building that has a 3750E at the core and access layer with some new 2960X's I have both a stack of two and a single. Both have a port channel up to the 3750E. Both have now lost there uplinks to the 3750E within two days of being installed. Anyone have any ideas as to what to look for? I see nothing in the syslogs of either the 2960x or the 3750E. I'm thinking Spanning tree? or VTP? or ?? Areas you would look at? TIA Scott ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/ ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/ ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] 3750G memory leak?
Not hardware issue. We've got loads of 3750Gs running for years without problems. Most on 12.2(55) http://www.mellowd.co.uk/ccie On 25 Jan 2014, at 04:26, Jeff Kell jeff-k...@utc.edu wrote: Just curious... has anyone had issues with memory leaks on 3750Gs? We have had nightmares from a 4-switch stack of 3750G-48TS's (IP Services). Runs for months, then you try to write mem and get memory allocation errors and it fails. It progresses a bit further and you can no longer get serial console, telnet, or SSH either. Have had several suggested workarounds and software upgrades; we're on almost bleeding edge (15.something SE4, while SE5 is latest). I'd tell you what version it is if I could get into it :) Used to just reload and it would work another few months, but tonight's reload we immediately couldn't get into the serial console (%%Low on memory - Try again later). Starting to think this is a hardware issue as we haven't seen it on any other 3750s, wondering if anyone else has seen this. Jeff ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/ ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] Is this possible with OSPF?
Thanks Darren http://www.mellowd.co.uk/ccie Date: Sat, 14 Dec 2013 23:36:08 +0100 From: g...@gmx.de To: cisco-nsp@puck.nether.net Subject: [c-nsp] Is this possible with OSPF? Hi, I have a remote site connected via two links at separate places in our network. One link (stm1) is the primary route, the second (50M) is mostly backup link. So far it's rather easy, using OSPF cost entries in the interfaces will take care of that. Anyway, the backup link also has a couple of other sites connected in a /27 broadcast net (via a virtual switch in the WAN). Those sites (which only have that one uplink) announce local addresses (e.g. loopback interfaces) that are used for VPN tunnels. Those IPs should be routed via this vswitch link instead of the primary link. Which of course means that by setting the OSPF cost on the interface, the priority would be lowered, and the routing via the regular link would be used ... Is there any way (route maps?) to alter the OSPF cost just for certain prefixes? I could probably use some tracking and stuff to use static routes with lower admin cost to get similar results, but that would lower convergence times in case of link failures (I'm using 3 hellos per second for quick failover of the links) Tnx, Garry ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/ ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] Is this possible with OSPF?
I would use a static route in the core to get to that other subnets you're talking about. If you had two routers it could be a much more elegant solution by getting each router to originate their primary prefixes via a type 1 LSA, while redistributing the other subnets as type 5s. This way the rest of the network would prefer the type 1 over the type 5 and have each of them backup the other Thanks Darren http://www.mellowd.co.uk/ccie Date: Sat, 14 Dec 2013 23:36:08 +0100 From: g...@gmx.de To: cisco-nsp@puck.nether.net Subject: [c-nsp] Is this possible with OSPF? Hi, I have a remote site connected via two links at separate places in our network. One link (stm1) is the primary route, the second (50M) is mostly backup link. So far it's rather easy, using OSPF cost entries in the interfaces will take care of that. Anyway, the backup link also has a couple of other sites connected in a /27 broadcast net (via a virtual switch in the WAN). Those sites (which only have that one uplink) announce local addresses (e.g. loopback interfaces) that are used for VPN tunnels. Those IPs should be routed via this vswitch link instead of the primary link. Which of course means that by setting the OSPF cost on the interface, the priority would be lowered, and the routing via the regular link would be used ... Is there any way (route maps?) to alter the OSPF cost just for certain prefixes? I could probably use some tracking and stuff to use static routes with lower admin cost to get similar results, but that would lower convergence times in case of link failures (I'm using 3 hellos per second for quick failover of the links) Tnx, Garry ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/ ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] Vlan ?
Cant you just route between the two? What are you trying to do? Thanks Darren http://www.mellowd.co.uk/ccie Date: Fri, 29 Nov 2013 16:41:56 +0100 From: o.calv...@gmail.com To: cisco-nsp@puck.nether.net Subject: [c-nsp] Vlan ? Hi a small question : i have a cisco 6503 with sup720, on this 6503, i have a interface: interface GigabitEthernet3/1.500 encapsulation dot1q 500 interface GigabitEthernet3/1.501 encapsulation dot1q 501 i want a ethernet link between vlan 500 and 501 it's possible ? thanks Olivier ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/ ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] raspberry pi
Planning to put a few around the network running smoke ping Thanks Darren http://www.mellowd.co.uk/ccie From: ja...@jgbaker.co.nz To: pchil...@cisco.com; cisco-nsp@puck.nether.net Date: Thu, 21 Nov 2013 00:12:24 + Subject: Re: [c-nsp] raspberry pi About to build 2 as NTP servers using GPS modules http://www.satsignal.eu/ntp/Raspberry-Pi-NTP.html -Original Message- From: cisco-nsp [mailto:cisco-nsp-boun...@puck.nether.net] On Behalf Of Preston Chilcote (pchilcot) Sent: Wednesday, 20 November 2013 7:23 p.m. To: cisco-nsp@puck.nether.net Subject: [c-nsp] raspberry pi Hi Everyone, I'm curious: Does anyone use one or more raspberry pis in their network (for networking related stuff)? What kinds of things are they used for? Thanks, Preston Chilcote ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/ ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/ ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] vlan shaping
me3600x/me3800x Thanks Darren http://www.mellowd.co.uk/ccie From: cisconsp_l...@hotmail.com To: cisco-nsp@puck.nether.net Date: Wed, 9 Oct 2013 15:43:20 +1100 Subject: [c-nsp] vlan shaping Hi Everyone - ME3400's appear to not support (easily) per vlan shaping - What (switch) platform does have this functionality? Thanks. ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/ ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] ME3600 QoS
I was using 15.2 but now got 15.3 installed on my lab box Thanks Darren http://www.mellowd.co.uk/ccie From: wa...@cisco.com To: adam.vitkov...@swan.sk; darre...@outlook.com; n...@fluency.net.uk; cisco-nsp@puck.nether.net Subject: Re: [c-nsp] ME3600 QoS Date: Wed, 2 Oct 2013 16:59:03 + Hi Adam and Darren, Which software release you are using? EFP Link Bundling QOS is on the roadmap. I'll get back to you on the exact release. Best Regards, Waris Sagheer Technical Marketing Manager Service Provider Access Group wa...@cisco.com Phone: +1 408 853 6682 Mobile: +1 408 835 1389 CCIE - 19901 Think before you print. This email may contain confidential and privileged material for the sole use of the intended recipient. Any review, use, distribution or disclosure by others is strictly prohibited. If you are not the intended recipient (or authorized to receive for the recipient), please contact the sender by reply email and delete all copies of this message. For corporate legal information go to: http://www.cisco.com/web/about/doing_business/legal/cri/index.html From: adam vitkovsky adam.vitkov...@swan.sk Date: Wednesday, August 7, 2013 6:29 AM To: 'Darren O'Connor' darre...@outlook.com, 'Nick Ryce' n...@fluency.net.uk, cisco-nsp@puck.nether.net cisco-nsp@puck.nether.net Subject: Re: [c-nsp] ME3600 QoS Interesting we've had some 100% CPU until reload ourselves. It was related to Port-channel and mcast. adam From: Darren O'Connor [mailto:darre...@outlook.com] Sent: Wednesday, August 07, 2013 3:16 PM To: Adam Vitkovsky; 'Nick Ryce'; cisco-nsp@puck.nether.net Subject: RE: [c-nsp] ME3600 QoS On that same vein of port channels. This morning my LACP ports bounced between my me3600x test box and a Brocade XMR and for some odd reason it caused my LSP tunnel interfaces to push the CPU up to 99% for a few hours. Makes me weary about using a PO at all on this box From: adam.vitkov...@swan.sk To: n...@fluency.net.uk; cisco-nsp@puck.nether.net Date: Wed, 7 Aug 2013 14:52:17 +0200 Subject: Re: [c-nsp] ME3600 QoS Can be applied to the member ports of the channel. Also you can't apply service policies to EFP's on a port channel either. Thus my conclusion that port-channel interfaces on ME3600 are useless so far No incoming multicast No BFD with ASR9k No QOS Though I'm not sure whether some of this has been fixed in the most recent codes for X and CX adam ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/ ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/ ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] Ethernet interface QoS
You really need to have QoS running from the sp core back to your premises to have proper QoS Thanks Darren http://www.mellowd.co.uk/ccie On 27 Sep 2013, at 22:45, Steven Saner st...@saner.net wrote: On 09/27/2013 04:26 PM, Bruce Pinsky wrote: You need to shape the overall traffic to the bandwidth capacity you have purchased on the link. So, in your case, you have a 100Mbps ethernet presentation that needs to be shaped to 5Mbps. Then, within that 5Mbps, you need to shape/police your various traffic classes. Basically, Hierarchical Queuing. http://www.cisco.com/en/US/docs/ios/qos/configuration/guide/qos_frhqf_support.html Okay, thanks. I believe that makes sense. Steve -- -- Steven Saner st...@saner.net KD0IJP Andover, Kansas USA ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/ ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] VRF Export-map
The counters of a route-map only go up if it's being used to policy route. Which you are not doing. Thanks Darren http://www.mellowd.co.uk/ccie From: gunner_...@live.com To: cisco-nsp@puck.nether.net Date: Sun, 22 Sep 2013 15:47:06 +0300 Subject: [c-nsp] VRF Export-map Hi all I have established MPLS L3VPN and export-maps on both PEs Everything is working good but my question is why the route-map is not counting?R2#sh route-map route-map EXPORT_MAP, permit, sequence 10 Match clauses:ip address prefix-lists: R4LOOP Set clauses:extended community RT:2.2.2.2:4 Policy routing matches: 0 packets, 0 bytes Thanks BR, ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/ ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] Help with Q-in-Q Tunneling Hardware
Do they mean 'terminate' a QinQ link or you tunnelling QinQ from one port of your device to another? The 3745 with 12.4T can terminate a double-tagged packet on an interface like so: in gi0/0.10 encap dot1q 10 second-dot1q 20 ip address x.x.x.x x.x.x.x Thanks Darren http://www.mellowd.co.uk/ccie From: jason-garr...@cdolinc.net To: cisco-nsp@puck.nether.net Date: Thu, 29 Aug 2013 19:09:36 + Subject: [c-nsp] Help with Q-in-Q Tunneling Hardware We are a service provider and just recently installed our first Ethernet uplink (we were all ATM previously). The ISP say that we need to terminate this connection to a router that supports Q-in-Q tunneling. We currently have a Cisco 3745 (running IP Services Version 12.4(15)T14) with a NME-16ES-1G service module. Should this be sufficient? Thanks! Jason ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/ ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] separate two directly connected networks on a Cisco 1800 series ISR?
Do you want to be able to ping from both networks to both all the time or do you only want to ever be able to ping from 192.168.1.0/24 to 192.168.2.0/24 ? If you simply want to allow ping you can set icmp traffic to 'pass' but you will need to allow both ways as no session data is created. If you only want it one way, you could add an ACL that allows echo from one side and echo-reply from the other. Thanks Darren http://www.mellowd.co.uk/ccie Date: Fri, 30 Aug 2013 19:09:53 +0300 Subject: Re: [c-nsp] separate two directly connected networks on a Cisco 1800 series ISR? From: m4rtn...@gmail.com To: darre...@outlook.com; c...@marenda.net CC: cisco-nsp@puck.nether.net Darren, thanks for this suggestion! I can't use this solution on live equipment as this particular Cisco 1841 in remote location has only 128 MiB of RAM while according to Zone-Based Policy Firewall Design and Application Guide document and Cisco feature navigator, the ZBFW feature was introduced in 12.4(6)T which requires at least 192MiB of RAM on Cisco 1841. However, I was able to add additional 128MiB memory module to test router which is also Cisco 1841 and installed c1841-advipservicesk9-mz.151-4.M1.bin SW image. This zone-based setup works, with some exceptions. For example at the time I send ICMP echo request messages with 1s interval from 192.168.1.2 to 192.168.2.2, I'm also able to send ICMP echo request messages(and receive replies) from 192.168.2.2 to 192.168.1.2. Once I stop the ping in 192.168.1.2 machine, after few seconds(probably the session between zones times out), I can not ping from 192.168.2.2 to 192.168.1.2. When I open a TCP session from 192.168.1.2 to 192.168.2.2 port 22, then at the same time, I'm not able to open a TCP session from 192.168.2.2 to 192.168.1.2 port 22. In a nutshell, it looks that ICMP session statefull inspection does not work very well? Or is my configuration faulty? Configuration is following: ! class-map type inspect match-all 192.168.1.0/24-192.168.2.0/24 match access-group 102 ! policy-map type inspect 192.168.1.0/24-192.168.2.0/24 class type inspect 192.168.1.0/24-192.168.2.0/24 inspect class class-default drop ! zone security LAN description hosts in LAN network zone security Wi-Fi description hosts in Wi-Fi network ! zone-pair security LAN-Wi-Fi source LAN destination Wi-Fi description all traffic from LAN zone to Wi-Fi zone is allowed service-policy type inspect 192.168.1.0/24-192.168.2.0/24 ! interface Vlan5 description - T42 eth0 ip address 192.168.1.1 255.255.255.0 ip nat inside ip virtual-reassembly in zone-member security LAN ! interface Vlan10 description - T60 ip address 192.168.2.1 255.255.255.0 zone-member security Wi-Fi ! access-list 102 permit ip 192.168.1.0 0.0.0.255 192.168.2.0 0.0.0.255 ! Other odd behavior I encountered is that if I executed dig @192.168.2.2 www.google.com in 192.168.1.2 machine, the ICMP port unreachable messages sent by 192.168.2.2 to 192.168.1.2 did not reach 192.168.1.2. In other words, looks like router is not able to associate those ICMP error messages with DNS queries using UDP.. Juergen, reflective ACL seems to work great. I configured R3 in a way that ingress packets to interface Vlan5(facing 192.168.1.0/24 LAN), which have src IP 192.168.1.* AND dst IP 192.168.2.*, will have reflection enabled. Now if host from 192.168.2.0/24 network replies, the Wi-Fi-LAN ACL will check if the packet was reflected. If it was, then it's allowed, and if not, then ACL proceeds as usual: ! interface Vlan5 description - T42 eth0 ip address 192.168.1.1 255.255.255.0 ip access-group LAN-Wi-Fi in ip access-group Wi-Fi-LAN out ip nat inside ip virtual-reassembly in ! ! ip access-list extended LAN-Wi-Fi permit ip 192.168.1.0 0.0.0.255 192.168.2.0 0.0.0.255 reflect ALL-IP-TRAFFIC timeout 300 permit ip any any ip access-list extended Wi-Fi-LAN evaluate ALL-IP-TRAFFIC deny ip 192.168.2.0 0.0.0.255 192.168.1.0 0.0.0.255 permit ip any any ! While I have not jet done extensive testing, based on those configurations, the reflective ACL seems to understand the statefulness better than ZBFW.. regards, Martin On 8/28/13, Darren O'Connor darre...@outlook.com wrote: You could use ZBF on the firewall. Create two zones. One zone is allowed access to another, including return traffic. Traffic originated from the other side is denied. Thanks Darren http://www.mellowd.co.uk/ccie Date: Wed, 28 Aug 2013 14:20:33 +0300 From: m4rtn...@gmail.com To: cisco-nsp@puck.nether.net Subject: [c-nsp] separate two directly connected networks on a Cisco 1800 series ISR? Hi, I have a network setup where networks 192.168.1.0/24 and 192.168.2.0/24 are served by same router(Cisco 1841, c1841-spservicesk9-mz.124-7a.bin) and while addresses in 192.168.1.0/24 are NAT -ed to inside global
Re: [c-nsp] separate two directly connected networks on a Cisco 1800 series ISR?
You could use ZBF on the firewall. Create two zones. One zone is allowed access to another, including return traffic. Traffic originated from the other side is denied. Thanks Darren http://www.mellowd.co.uk/ccie Date: Wed, 28 Aug 2013 14:20:33 +0300 From: m4rtn...@gmail.com To: cisco-nsp@puck.nether.net Subject: [c-nsp] separate two directly connected networks on a Cisco 1800 series ISR? Hi, I have a network setup where networks 192.168.1.0/24 and 192.168.2.0/24 are served by same router(Cisco 1841, c1841-spservicesk9-mz.124-7a.bin) and while addresses in 192.168.1.0/24 are NAT -ed to inside global address 10.10.10.1, the 192.168.2.0/24 network is not NAT-ed: http://s10.postimg.org/dsn73dzm1/test.png I would like to deny access from 192.168.2.0/24 network to 192.168.1.0/24. For this reason I have deny ip 192.168.2.0 0.0.0.255 192.168.1.0 0.0.0.255 ACL in inbound direction on interface facing the 192.168.2.0/24 network: R3#sh ip access-lists 100 Extended IP access list 100 10 deny ip 192.168.2.0 0.0.0.255 192.168.1.0 0.0.0.255 (456 matches) 20 permit ip any any (90 matches) R3# However, at the same time, one should have access from 192.168.1.0/24 network to 192.168.2.0/24 network. Because of the ACL described above, this obviously does not work as returning packages from 192.168.2.0/24 network will have src IP from 192.168.2.0/24 network and dst IP from 192.168.1.0/24 network and will be dropped by ACL. What are the options here? I tried to add second NAT setup which should change the src address of those packets which are from 192.168.1.0/24 AND destined to 192.168.2.0/24. Configuration for this was following: interface Vlan5 description - T42 eth0 ip address 192.168.1.1 255.255.255.0 ip nat inside end ! interface Vlan10 description - T60 ip address 192.168.2.1 255.255.255.0 ip access-group 100 in ip nat outside end ! ip nat inside source list 102 interface Vlan10 overload ! access-list 102 permit ip 192.168.1.0 0.0.0.255 192.168.2.0 0.0.0.255 ! Such approach seems to work. If I send an ICMP echo request package from 192.168.1.2 to 192.168.2.2, then it's NAT -ed and for 192.168.2.2 host this ICMP echo request appears to be from 192.168.2.1. In addition, I tried few setups with policy based routing, but eventually none of those worked. What is the best approach here? Stick with this NAT solution described above? Something completely different to separate two networks behind the same router? regards, Martin ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/ ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] redistribute bgp subnet
You can run BGP with your customer. Set aside some of your address space for p2p customer links and the range you assign to the customer sits behind their router. Make your customers use private AS numbers and you ensure that those AS numbers are stripped outbound to your ISP. Of course you need to advertise an aggregate to your ISP. So something like this: /29 - [Customer Router]BGP /30 [Your router] --BGP-- [Your ISP] Darren http://www.mellowd.co.uk/ccie Date: Wed, 14 Aug 2013 21:25:48 -0500 From: danletke...@gmail.com To: cisco-nsp@puck.nether.net Subject: [c-nsp] redistribute bgp subnet Hello, Excuse my ignorance, as this is my first time working with BGP outside of a lab. I am working on an ASR that is in use as a BGP peer to an ISP and also an EIGRP neighbor to an internal network. I have setup this router for NAT/PAT and all is working well for the internal private subnets. These network are routed to the main public subnet based on the source ip range. Now there is also a separate public IP subnet that is set aside for customer use and is being advertised via BGP to the ISP. What I would like to do is route that subnet through the ASR to the customers site for use by them. I'm sure this is very simple for most, but I'm not sure where to start. Thanks for now. Dan. ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/ ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
[c-nsp] ME3600X H-QoS - SNMP
All. Am I able to get some H-QoS information out through SNMP to present to customers? Things like queue levels, minimum bandwidths or so? ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] ME3600 QoS
On that same vein of port channels. This morning my LACP ports bounced between my me3600x test box and a Brocade XMR and for some odd reason it caused my LSP tunnel interfaces to push the CPU up to 99% for a few hours. Makes me weary about using a PO at all on this box From: adam.vitkov...@swan.sk To: n...@fluency.net.uk; cisco-nsp@puck.nether.net Date: Wed, 7 Aug 2013 14:52:17 +0200 Subject: Re: [c-nsp] ME3600 QoS Can be applied to the member ports of the channel. Also you can't apply service policies to EFP's on a port channel either. Thus my conclusion that port-channel interfaces on ME3600 are useless so far No incoming multicast No BFD with ASR9k No QOS Though I'm not sure whether some of this has been fixed in the most recent codes for X and CX adam ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/ ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] VPLS between ME3600X and Brocade XMR
Hi all. I've tried a number of things and the problem still exists. I've tried moving the L3 config off an SVI directly on the point to point interface: interface GigabitEthernet0/22 description MPLS INTERFACE no switchport mtu 3200 ip address 192.168.31.23 255.255.255.254 ip ospf network point-to-point ip ospf 1 area 0 mpls traffic-eng tunnels end I've tried creating an L3VPN link to the Brocade PE I've tried enabling LDP over the TE tunnel. All of the above give me the same error: ME3600X#sh mpls l2transport vc detail Local interface: VFI DARREN-TESTING vfi up Interworking type is Ethernet Destination address: 192.168.224.61, VC ID: 3200, VC status: down Last error: MPLS dataplane reported a fault to the nexthop The LSP itself is up on both sides. The Brocade also assumes that the VPLS to the ME3600X is up: SSH@par2.lem1#sh mpls vpls id 3200 | include 192.168.224.1 Peer address: 192.168.224.1, State: Operational, Uptime: 3 min LSPs from the ME3600X side: ME3600X#sh mpls traffic-eng tunnels brief Signalling Summary: LSP Tunnels Process:running Passive LSP Listener: running RSVP Process: running Forwarding: enabled Periodic reoptimization:every 3600 seconds, next in 3436 seconds Periodic FRR Promotion: Not Running Periodic auto-bw collection:every 300 seconds, next in 137 seconds P2P TUNNELS/LSPs: TUNNEL NAME DESTINATION UP IF DOWN IF STATE/PROT par2.lem1192.168.224.61 - Gi0/22up/up TO-ME3600X 192.168.224.1Gi0/22- up/up LSP ping works over both from both sides. I really don't know what I'm missing here From: adam.vitkov...@swan.sk To: darre...@outlook.com; cisco-nsp@puck.nether.net Subject: RE: [c-nsp] VPLS between ME3600X and Brocade XMR Date: Fri, 2 Aug 2013 10:31:05 +0200 Hi Darren, Maybe it has something to do with the te-tunnel. Do you get the same error without the te-tunnel? Or when you enable 'mpls ip' on the te-tunnel please? Is there a tunnel in the opposite direction as well? adam ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
[c-nsp] VPLS between ME3600X and Brocade XMR
Hi all. I'm trying to get a working VPLS between a ME3600X and a Brocade Netiron. I've gone through a load of different configs but I keep winding up in the same error at the end: ME3600X#sh mpls l2transport vc detail Local interface: VFI DARREN-TESTING vfi up Interworking type is Ethernet Destination address: 217.196.224.61, VC ID: 3200, VC status: down Last error: MPLS dataplane reported a fault to the nexthop I've checked the dataplane to ensure my MTUs/labels/etc are all fine and I can't see anything standing out. This is my IOS config: l2 vfi DARREN-TESTING manual TESTLAB vpn id 3200 bridge-domain 150 neighbor 192.168.224.61 encapsulation mpls ! interface Tunnel0 description par2.lem1 ip unnumbered Loopback0 tunnel mode mpls traffic-eng tunnel destination 192.168.224.61 tunnel mpls traffic-eng path-option 5 explicit name TO-PAR2.LEM1 verbatim ! interface GigabitEthernet0/1 description Link to Switch switchport trunk allowed vlan none switchport mode trunk mtu 9800 service instance 1 ethernet TESTLAB description SRX1 encapsulation dot1q 2000 rewrite ingress tag pop 1 symmetric bridge-domain 150 ! interface GigabitEthernet0/22 switchport trunk allowed vlan 2 switchport mode trunk mtu 9800 ! interface Vlan2 description MPLS INTERFACE mtu 3200 ip address 192.168.31.23 255.255.255.254 ip ospf network point-to-point ip ospf 1 area 0 mpls traffic-eng tunnels ! interface Vlan150 mtu 3000 no ip address xconnect vfi DARREN-TESTING The Netiron config is like so: vpls DARREN-TESTING 3200 vpls-peer 192.168.224.1 vpls-mtu 3000 vlan 150 tagged ethe 2/20 I've not shown the actual LSP config but the LSPs are up on both. Has anyone managed to get martini VPLS working between these two boxes? Thanks Darren ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
[c-nsp] ME3600X buffer calculations
Hi all. I've seen that the ME3600X has 44MB of buffer space for packets. I'm trying to work out how many virtual circuits I can push through the box before my buffers run empty. I know this is a difficult question, as a lot depends on how much traffic is going through each EVC at any one time. I need to know how to work it out though. As an example, let's say I'm using 12 ports each at a gig. Each port carries multiple point to point links separated by vlan tag. Certain customers would be paying for QoS and hence I'll shape to the needed speed and give priority to certain frames in a child class. If a customer were not paying for QoS I could simply police that customers frames going through the ME3600X. What maximum figures am I looking at in regards to maximum shaped traffic at any particular time? Or at least, how can I work this out? Thanks Darren ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] OSPF question
The interface-level ospf command was not available in older releases. A bit odd to enable OSPf on an interface under both router ospf and the interface itself. I would stick to just one or the other Date: Sat, 27 Jul 2013 15:43:52 +0200 From: gal.9...@googlemail.com To: cisco-nsp@puck.nether.net Subject: [c-nsp] OSPF question Hi, I'm a little bit confused while configuring a CAT6509 switch with OSPF. So far, I used on the c7206-VXR platform the following config: ! router ospf 12345 router-id 192.168.100.232 redistribute connected subnets redistribute static passive-interface default no passive-interface GigabitEthernet0/1.50 network 192.168.100.0 0.0.15.255 area 0 ! ... ... ! interface GigabitEthernet0/1.50 encapsulation dot1Q 556 ip address 192.168.100.197 255.255.255.252 no ip redirects no ip proxy-arp ip ospf 12345 area 0 ipv6 address 2001:5DD:50::1/126 ipv6 nd ra suppress ipv6 ospf 12345 area 0 ! Now, with IOS s72033-advipservicesk9_wan-mz.122-33.SXJ3 the statement ip ospf process-ID area 0 is missing. ! interface GigabitEthernet4/21 switchport switchport trunk encapsulation dot1q switchport mode trunk switchport trunk allowed vlan 50 no cdp enable ! ... ... ! interface Vlan50 ip address 192.168.100.197 255.255.255.252 no ip redirects no ip proxy-arp ipv6 address x:x:x:x::y/126 ipv6 nd ra suppress ipv6 ospf 12345 area 0 ! The ip ospf area 0 command is unrecognized :-( Any ideas? Regards, Robert ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/ ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] OSPF question
Yes. In your first config you are enabling ospf under the interface, under the process, and you're also redistributing that same interface subnet under ospf by using redistribute connected. You don't need both the interface config and the process config. It doesn't break anything using both, but it makes it difficult for others to troubleshoot later. If you did use both, the most specific will 'win' And yes, while your release is 'new', the train itself is old. Check here: http://www.cisco.com/en/US/docs/ios-xml/ios/iproute_ospf/command/ospf-a1.html#wp1148191700 It shows which releases have this command enabled and when. The SX train is not on that list Thanks Darren http://www.mellowd.co.uk/ On 27 Jul 2013, at 16:41, Robert gal.9...@googlemail.com wrote: Hi, older release? Just take a look, 12.2(33) was compiled in April 2012. Until now I've had no problems to enable OSPF on the interface _and_ in router ospf section of the config. (12.4 and 12.5 train for VXR chassis) Do you mean this config is enough: ! router ospf 12345 router-id 192.168.100.232 redistribute connected subnets redistribute static passive-interface default no passive-interface Vlan50 network 192.168.100.0 0.0.15.255 area 0 ! ipv6 router ospf 12345 router-id 192.168.100.232 log-adjacency-changes passive-interface default no passive-interface Vlan50 redistribute connected ! ... ... ! interface Vlan50 ip address 192.168.100.197 255.255.255.252 no ip redirects no ip proxy-arp ipv6 address x:x:x:x::y/126 ipv6 nd ra suppress ! Without enabling OSPF on interface side? Thanks, Robert On 27.07.2013 17:25, Darren O'Connor wrote: The interface-level ospf command was not available in older releases. A bit odd to enable OSPf on an interface under both router ospf and the interface itself. I would stick to just one or the other Date: Sat, 27 Jul 2013 15:43:52 +0200 From: gal.9...@googlemail.com To: cisco-nsp@puck.nether.net Subject: [c-nsp] OSPF question Hi, I'm a little bit confused while configuring a CAT6509 switch with OSPF. So far, I used on the c7206-VXR platform the following config: ! router ospf 12345 router-id 192.168.100.232 redistribute connected subnets redistribute static passive-interface default no passive-interface GigabitEthernet0/1.50 network 192.168.100.0 0.0.15.255 area 0 ! ... ... ! interface GigabitEthernet0/1.50 encapsulation dot1Q 556 ip address 192.168.100.197 255.255.255.252 no ip redirects no ip proxy-arp ip ospf 12345 area 0 ipv6 address 2001:5DD:50::1/126 ipv6 nd ra suppress ipv6 ospf 12345 area 0 ! Now, with IOS s72033-advipservicesk9_wan-mz.122-33.SXJ3 the statement ip ospf process-ID area 0 is missing. ! interface GigabitEthernet4/21 switchport switchport trunk encapsulation dot1q switchport mode trunk switchport trunk allowed vlan 50 no cdp enable ! ... ... ! interface Vlan50 ip address 192.168.100.197 255.255.255.252 no ip redirects no ip proxy-arp ipv6 address x:x:x:x::y/126 ipv6 nd ra suppress ipv6 ospf 12345 area 0 ! The ip ospf area 0 command is unrecognized :-( Any ideas? Regards, Robert ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/ ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/ ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] ME3600X buffer calculations
Hi Waris. 15.3(2)S Mainly as reading through previous threads it was suggested to use this as it now has the queue-limit available Thanks Darren http://www.mellowd.co.uk/ccie On 27 Jul 2013, at 21:30, Waris Sagheer (waris) wa...@cisco.com wrote: Darren, Which image you are using? Based on that I can send you the write up. Regards, -Waris On Jul 27, 2013, at 8:27 AM, Darren O'Connor darre...@outlook.com wrote: Hi all. I've seen that the ME3600X has 44MB of buffer space for packets. I'm trying to work out how many virtual circuits I can push through the box before my buffers run empty. I know this is a difficult question, as a lot depends on how much traffic is going through each EVC at any one time. I need to know how to work it out though. As an example, let's say I'm using 12 ports each at a gig. Each port carries multiple point to point links separated by vlan tag. Certain customers would be paying for QoS and hence I'll shape to the needed speed and give priority to certain frames in a child class. If a customer were not paying for QoS I could simply police that customers frames going through the ME3600X. What maximum figures am I looking at in regards to maximum shaped traffic at any particular time? Or at least, how can I work this out? Thanks Darren ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/ ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] MPLS TE
Yes you loose-hop to your ABR. OF course you lose proper TE capabilities but it works From: gunner_...@live.com To: cisco-nsp@puck.nether.net Date: Mon, 15 Jul 2013 01:38:19 +0300 Subject: [c-nsp] MPLS TE Hi allI have 5 routers running ISIS level-2 and level-1I want to configure MPLS TE with explicit path , now when i configure the explicit paths should i combine next-address with next-address loose ? Thanks ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/ ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
[c-nsp] Chane subinterface MTU
All. Is it possible to change the subinterface MTU to be different than another subinterface on the same physical port? I've got no problem doing this on my Brocade XMR kit. The Cisco always pulls the MTU form the physical interface and I've found no way to have a different one. Thanks Darren ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] Chane subinterface MTU
Phil, this is a 7200 NPE-G2 running 12.2 SRE (33) I'm going to try Gary's suggestion earlier in the thread tomorrow. Should work! Thanks Subject: Re: [c-nsp] Chane subinterface MTU From: p.may...@imperial.ac.uk Date: Mon, 5 Nov 2012 19:32:13 + To: darre...@outlook.com; cisco-nsp@puck.nether.net Platform and ios? Interface type? And which mtu - layer 2 or layer 3? Darren O'Connor darre...@outlook.com wrote: All. Is it possible to change the subinterface MTU to be different than another subinterface on the same physical port? I've got no problem doing this on my Brocade XMR kit. The Cisco always pulls the MTU form the physical interface and I've found no way to have a different one. Thanks Darren -- Sent from my mobile device, please excuse brevity and typos. ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
[c-nsp] 7200 npe-g2 lacp
I can see this platform supports etherchannel, but does it support lacp? I think now, but wanted to check Thanks Darren ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
[c-nsp] Possible to trunk over Serial or DSL?
Hi all. I'm trying to find a possible way to run dot1q tags over serial and/or dsl interfaces. I could trunk over E1's on my old Riverstone kit without a problem, but I can't find a way to do it with a Cisco box. Is this possible? Thanks Darren O'Connor _ This e-mail and all attachments have been scanned by the hSo virus scanning service and no known viruses were detected. ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] Possible to trunk over Serial or DSL?
Hi Gert. Thanks. Basically what I'm trying to do is run subinterfaces, with each of those subinterfaces in a separate vrf. So while I can have fa0/1.10 and fa0/1.20 in different vrfs on the same box, I would like to be able to do the same over Serial and/or ADSL. I have been able to do this with an old Riverstone so technically it should be possible. Thanks -Original Message- From: Gert Doering [mailto:g...@greenie.muc.de] Sent: 09 May 2012 12:47 To: Darren O'Connor Cc: cisco-nsp@puck.nether.net Subject: Re: [c-nsp] Possible to trunk over Serial or DSL? Hi, On Wed, May 09, 2012 at 12:28:59PM +0100, Darren O'Connor wrote: I'm trying to find a possible way to run dot1q tags over serial and/or dsl interfaces. I could trunk over E1's on my old Riverstone kit without a problem, but I can't find a way to do it with a Cisco box. Is this possible? Cisco can do *bridging* over E1, which might or might not do dot1q if tagged packets are coming in via the to-be-bridged LAN interface. Might be worth a try :-) If you want to do routing via those E1s, and have separate virtual routers (what is dot1q to switches), take a look at either FrameRelay encapsulation on the E1, or MPLS with VRF/Layer3 VPNs. Or MPLS with Layer2 VPNs. It's a bit unclear what you are trying to achieve... gert -- USENET is *not* the non-clickable part of WWW! //www.muc.de/~gert/ Gert Doering - Munich, Germany g...@greenie.muc.de fax: +49-89-35655025 g...@net.informatik.tu-muenchen.de _ This e-mail and all attachments have been scanned by the hSo virus scanning service and no known viruses were detected. ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
[c-nsp] Increase distance of static route created through Freeradius
Hi all. We currently use Freeraidus which has been configured to add routes to customers networks into a VRF on our core Cisco boxes. This all works perfectly, however I'd like to increase the distance of the static route created. I need it to be higher than OSPF so maybe 125. As an example, this is a radius account: test.account Password = testing Framed-IP-Address += 10.1.3.65, Framed-IP-Netmask += 255.255.255.252, Cisco-Avpair += lcp:interface-config=ip vrf forwarding Test\nip unnumbered lo1500, Cisco-Avpair += ip:route=10.1.3.64 255.255.255.252, Cisco-Avpair += ip:route=10.1.75.0 255.255.255.0 This is the route created on the core Cisco: xxx.xxx#sh ip route vrf Test 10.1.75.0 Routing entry for 10.1.75.0/24 Known via static, distance 1, metric 0 Redistributing via ospf 421 Advertised by ospf 421 subnets route-map Permit_Test Routing Descriptor Blocks: * 10.1.3.65 Route metric is 0, traffic share count is 1 Can the Cisco Avpair be changed to give a higher distance instead of the Cisco using the default of 1? Kind Regards Darren O'Connor Senior Network Engineer hSo _ This e-mail and all attachments have been scanned by the hSo virus scanning service powered by Webroot and no known viruses were detected. ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] Increase distance of static route created through Freeradius
Hi all. After speaking with Oliver Boehmer at Cisco I managed to get this sorted. This is how it works for those of you interested. The radius account was originally like this: test.account Password = testing Framed-IP-Address += 10.1.3.65, Framed-IP-Netmask += 255.255.255.252, Cisco-Avpair += lcp:interface-config=ip vrf forwarding Test\nip unnumbered lo1500, Cisco-Avpair += ip:route=10.1.3.64 255.255.255.252, Cisco-Avpair += ip:route=10.1.75.0 255.255.255.0 When this connects to a cisco router, it creates a static route to 10.1.75.0/24 with a next hop of 10.1.3.65. Essentially the framed IP address becomes the variable. After each ip:route, Avpair it adds a static route with a next hop of the variable (10.1.3.65 in my case) If you want to create a static route with a distance value, you add the value after the variable, the next hop. Unfortunately it seems that it only adds the variable at the end of the statement. So to get this to work, I simply added the next-hop and distance to the Avpair command. So this is what the radius account looks like: metric.test Password = testing Framed-IP-Address = 10.100.0.45, Framed-IP-Netmask = 255.255.255.252, Cisco-Avpair += lcp:interface-config=ip vrf forwarding MetricT\nip unnumbered lo999, Cisco-Avpair += ip:route=10.100.0.45 255.255.255.252, Cisco-Avpair += ip:route=10.100.3.0 255.255.255.0 10.100.0.45 200 This is the router added to my Cisco box when the user dials in: xxx.#sh ip route vrf MetricT 10.100.3.0 Routing entry for 10.100.3.0/24 Known via static, distance 200, metric 0 Redistributing via ospf 999 Routing Descriptor Blocks: * 10.100.0.45 Route metric is 0, traffic share count is 1 This works as the example above shows. Thanks Darren -Original Message- From: cisco-nsp-boun...@puck.nether.net [mailto:cisco-nsp-boun...@puck.nether.net] On Behalf Of Darren O'Connor Sent: 24 June 2011 10:04 To: cisco-nsp@puck.nether.net Subject: [c-nsp] Increase distance of static route created through Freeradius Hi all. We currently use Freeraidus which has been configured to add routes to customers networks into a VRF on our core Cisco boxes. This all works perfectly, however I'd like to increase the distance of the static route created. I need it to be higher than OSPF so maybe 125. As an example, this is a radius account: test.account Password = testing Framed-IP-Address += 10.1.3.65, Framed-IP-Netmask += 255.255.255.252, Cisco-Avpair += lcp:interface-config=ip vrf forwarding Test\nip unnumbered lo1500, Cisco-Avpair += ip:route=10.1.3.64 255.255.255.252, Cisco-Avpair += ip:route=10.1.75.0 255.255.255.0 This is the route created on the core Cisco: xxx.xxx#sh ip route vrf Test 10.1.75.0 Routing entry for 10.1.75.0/24 Known via static, distance 1, metric 0 Redistributing via ospf 421 Advertised by ospf 421 subnets route-map Permit_Test Routing Descriptor Blocks: * 10.1.3.65 Route metric is 0, traffic share count is 1 Can the Cisco Avpair be changed to give a higher distance instead of the Cisco using the default of 1? Kind Regards Darren O'Connor Senior Network Engineer hSo _ This e-mail and all attachments have been scanned by the hSo virus scanning service powered by Webroot and no known viruses were detected. ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/ _ This e-mail and all attachments have been scanned by the hSo virus scanning service powered by Webroot and no known viruses were detected. ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/