from:"Mohammad Khalil"

[c-nsp] CFM Configuration

2024-04-01 Thread Mohammad Khalil via cisco-nsp

Greetings all
I am trying to configure CFM using simple topology with xconnect as L2VPN 
service.
CE1 - PE2 - PE3 - CE7

ethernet cfm ieee
ethernet cfm global
ethernet cfm traceroute cache
ethernet cfm alarm notification all
ethernet cfm domain SPCOR_DOMAIN level 7
 service EVC_SRVC evc EVC1
  mep mpid 170
  mip auto-create
!
ethernet evc EVC1
 oam protocol cfm domain SPCOR_DOMAIN

interface GigabitEthernet1
 no ip address
 negotiation auto
 no mop enabled
 no mop sysid
 service instance 10 ethernet EVC1
  encapsulation dot1q 17
  xconnect 10.1.100.3 17 encapsulation mpls
  cfm mep domain SPCOR_DOMAIN mpid 170

For local learning , am able to get the information.

PE2#show ethernet cfm maintenance-points local
Local MEPs:

MPID Domain Name Lvl   MacAddress Type  CC
Ofld Domain Id   Dir   Port   Id
 MA Name   SrvcInst   Source
 EVC name

170  SPCOR_DOMAIN7 001e.f636.e6bf XCON  I
No   SPCOR_DOMAINUpGi1N/A
 EVC_SRVC  10 Static
 EVC1

Total Local MEPs: 1

Local MIPs: None

But am not able to get any remote information.

PE2#show ethernet cfm maintenance-points remote
PE2#

PE2#ping ethernet mpid 170 domain SPCOR_DOMAIN service EVC_SRVC
% No RMEP entry found in for mpid 170 at domain SPCOR_DOMAIN service EVC_SRVC, 
evc EVC1.

Any lights would be appreciated.
___
cisco-nsp mailing list  cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/

[c-nsp] Login Alarms

2024-02-27 Thread Mohammad Khalil via cisco-nsp

Greetings
Do Cisco has similar feature to 
:https://www.juniper.net/documentation/en_US/junos/topics/reference/configuration-statement/login-alarms-edit-system.html

Appreciated.
___
cisco-nsp mailing list  cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/

Re: [c-nsp] IOS-XR unsuppressed map BGP

2024-01-21 Thread Mohammad Khalil via cisco-nsp

Hello TP
is the below what you are looking for?

P4-P5 (IOS-IOSXR).

route-policy BGP
  unsuppress-route
end-policy

router bgp 5
 address-family ipv4 unicast
  network 192.168.64.0/24
  network 192.168.65.0/24
  aggregate-address 192.168.64.0/23 summary-only
 !
 neighbor 10.1.45.4
  remote-as 4
  address-family ipv4 unicast
   route-policy ALLOW in
   route-policy BGP out

P4#show ip bgp
BGP table version is 8, local router ID is 10.1.100.4
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,
  r RIB-failure, S Stale, m multipath, b backup-path, f RT-Filter,
  x best-external, a additional-path, c RIB-compressed,
  t secondary path,
Origin codes: i - IGP, e - EGP, ? - incomplete
RPKI validation codes: V valid, I invalid, N Not found

 Network  Next HopMetric LocPrf Weight Path
 *>   192.168.64.0 10.1.45.50 0 5 i
 *>   192.168.64.0/23  10.1.45.5  0 5 i
 *>   192.168.65.0 10.1.45.50 0 5 i

From: cisco-nsp  on behalf of Harold Ritter 
(hritter) via cisco-nsp 
Sent: Sunday, January 21, 2024 8:31 PM
To: Toje TJ ; cisco-nsp@puck.nether.net 

Subject: Re: [c-nsp] IOS-XR unsuppressed map BGP

Hi TP,

In XR, this would be done through RPL. Please refer to the “unsuppress-route” 
attribute in the following configuration guide:

https://www.cisco.com/c/en/us/td/docs/routers/asr9000/software/asr9k-r7-7/configuration/guide/b-routing-cg-asr9000-77x/implementing-routing-policy.html

Regards,

Harold

De : cisco-nsp  de la part de Toje TJ via 
cisco-nsp 
Date : samedi, 20 janvier 2024 à 08:28
À : cisco-nsp@puck.nether.net 
Objet : [c-nsp] IOS-XR unsuppressed map BGP
Good day,.

Apologize if  I ask the wrong question or anything, I just wondering how to
configure an unsuppressed map in iox-xr for BGP aggregate with
summary-only, hence I tried to google but was unable to find any good
sample. I am doing this for my lab, thank you so much for answering this
question.

Regards.
TP
___
cisco-nsp mailing list  cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/
___
cisco-nsp mailing list  cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/
___
cisco-nsp mailing list  cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/

Re: [c-nsp] C2C ASR9K

2024-01-19 Thread Mohammad Khalil via cisco-nsp

Thanks, Harold, for the great insight , actually I missed configuring the /32 
route : ) My bad.

From: Harold Ritter (hritter) 
Sent: Friday, January 19, 2024 6:51 PM
To: Mohammad Khalil ; cisco-nsp@puck.nether.net 

Subject: Re: C2C ASR9K

Hi Mohammad,

XR requires the PE to have a /32 route towards the directly connected CE. This 
will enable MPLS on the interface.

PE3:

router static

vrf CORE

  address-family ipv4 unicast

   172.16.23.2/32 

The same thing needs to be done on PE6 towards CE7.

One more thing.

You should specify the update-source on both CE2 and CE7. For instance on CE2:

neighbor 10.1.100.7 update-source lo0

Regards,

Harold

De : cisco-nsp  de la part de Mohammad 
Khalil via cisco-nsp 
Date : vendredi, 19 janvier 2024 à 06:00
À : cisco-nsp@puck.nether.net 
Objet : [c-nsp] C2C ASR9K

Greetings
I am trying to configure C2C with BGP as the PE-CE routing protocol and Static 
as the C to CE routing protocol.
The main issue am running now is the eBGP session (VPNv4) between the CEs , 
routes are delivered but there is no connectivity and hence the eBGP session is 
not coming up.
Per my understanding , the BGP should be labelled unicast between the PE (XRV 
6.6.2) and the respective CE. Before i changed the BGP session from IPv4 
unicast to labeled unicast it was working (CE to CE traffic) , when I moved to 
the C traffic , I had to change the BGP to labeled unicast.

C1 – CE2 – PE3 – P4 – P5 – PE6 – CE7 – C8

PE3:
router bgp 100
 address-family ipv4 unicast
 !
 address-family vpnv4 unicast
 !
 neighbor 10.1.100.6
  remote-as 100
  update-source Loopback0
  address-family vpnv4 unicast

 vrf CORE
  rd 100:1
  address-family ipv4 unicast
   allocate-label all
  !
  neighbor 172.16.23.2
   remote-as 10
   address-family ipv4 labeled-unicast
route-policy ALLOW in
route-policy ALLOW out

CE2:
router bgp 10
 bgp log-neighbor-changes
 no bgp default ipv4-unicast
 neighbor 10.1.100.7 remote-as 7
 neighbor 10.1.100.7 ebgp-multihop 5
 neighbor 172.16.23.3 remote-as 100
 !
 address-family ipv4
  network 10.1.100.2 mask 255.255.255.255
  neighbor 172.16.23.3 activate
  neighbor 172.16.23.3 send-label
 exit-address-family
 !
 address-family vpnv4
  neighbor 10.1.100.7 activate
  neighbor 10.1.100.7 send-community extended
 exit-address-family
 !
 address-family ipv4 vrf CUST
  redistribute static
 exit-address-family

Nothing on the C except for a default route , is there anything I am missing? 
LDP is functioning well along the path.

Appreciated.

___
cisco-nsp mailing list  cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/
___
cisco-nsp mailing list  cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/

[c-nsp] C2C ASR9K

2024-01-19 Thread Mohammad Khalil via cisco-nsp

Greetings
I am trying to configure C2C with BGP as the PE-CE routing protocol and Static 
as the C to CE routing protocol.
The main issue am running now is the eBGP session (VPNv4) between the CEs , 
routes are delivered but there is no connectivity and hence the eBGP session is 
not coming up.
Per my understanding , the BGP should be labelled unicast between the PE (XRV 
6.6.2) and the respective CE. Before i changed the BGP session from IPv4 
unicast to labeled unicast it was working (CE to CE traffic) , when I moved to 
the C traffic , I had to change the BGP to labeled unicast.

C1 – CE2 – PE3 – P4 – P5 – PE6 – CE7 – C8

PE3:
router bgp 100
 address-family ipv4 unicast
 !
 address-family vpnv4 unicast
 !
 neighbor 10.1.100.6
  remote-as 100
  update-source Loopback0
  address-family vpnv4 unicast

 vrf CORE
  rd 100:1
  address-family ipv4 unicast
   allocate-label all
  !
  neighbor 172.16.23.2
   remote-as 10
   address-family ipv4 labeled-unicast
route-policy ALLOW in
route-policy ALLOW out

CE2:
router bgp 10
 bgp log-neighbor-changes
 no bgp default ipv4-unicast
 neighbor 10.1.100.7 remote-as 7
 neighbor 10.1.100.7 ebgp-multihop 5
 neighbor 172.16.23.3 remote-as 100
 !
 address-family ipv4
  network 10.1.100.2 mask 255.255.255.255
  neighbor 172.16.23.3 activate
  neighbor 172.16.23.3 send-label
 exit-address-family
 !
 address-family vpnv4
  neighbor 10.1.100.7 activate
  neighbor 10.1.100.7 send-community extended
 exit-address-family
 !
 address-family ipv4 vrf CUST
  redistribute static
 exit-address-family

Nothing on the C except for a default route , is there anything I am missing? 
LDP is functioning well along the path.

Appreciated.


___
cisco-nsp mailing list  cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/

Re: [c-nsp] Pnet XRV 6.6.2

2023-12-27 Thread Mohammad Khalil via cisco-nsp

It was interface mapping issue , G0/0/0/0 is actually G0/0/0/2
Thanks everyone.

From: cisco-nsp  on behalf of Mohammad 
Khalil via cisco-nsp 
Sent: Wednesday, December 27, 2023 3:42 PM
To: cisco-nsp@puck.nether.net 
Subject: [c-nsp] Pnet XRV 6.6.2

Greetings
I have uploaded image xrv 6.2.2 on pnet for a lab environment and the image 
booted successfuly.
However , I am not able to ping any connected neighbor on any interface though 
all interfaces are up/up.
Interface  IP-Address  Status  Protocol Vrf-Name
Loopback0  10.1.100.3  Up  Up   default
MgmtEth0/0/CPU0/0  unassigned  ShutdownDown default
GigabitEthernet0/0/0/0 10.1.13.3   Up  Up   default
GigabitEthernet0/0/0/1 10.1.35.3   Up  Up   default
GigabitEthernet0/0/0/2 10.1.23.3   Up  Up   default
GigabitEthernet0/0/0/3 unassigned  ShutdownDown default
GigabitEthernet0/0/0/4 unassigned  ShutdownDown default
GigabitEthernet0/0/0/5 unassigned  ShutdownDown default
Is there anything I should do to resolve this?

Appreciated.
___
cisco-nsp mailing list  cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/
___
cisco-nsp mailing list  cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/

[c-nsp] Pnet XRV 6.6.2

2023-12-27 Thread Mohammad Khalil via cisco-nsp

Greetings
I have uploaded image xrv 6.2.2 on pnet for a lab environment and the image 
booted successfuly.
However , I am not able to ping any connected neighbor on any interface though 
all interfaces are up/up.
Interface  IP-Address  Status  Protocol Vrf-Name
Loopback0  10.1.100.3  Up  Up   default
MgmtEth0/0/CPU0/0  unassigned  ShutdownDown default
GigabitEthernet0/0/0/0 10.1.13.3   Up  Up   default
GigabitEthernet0/0/0/1 10.1.35.3   Up  Up   default
GigabitEthernet0/0/0/2 10.1.23.3   Up  Up   default
GigabitEthernet0/0/0/3 unassigned  ShutdownDown default
GigabitEthernet0/0/0/4 unassigned  ShutdownDown default
GigabitEthernet0/0/0/5 unassigned  ShutdownDown default
Is there anything I should do to resolve this?

Appreciated.
___
cisco-nsp mailing list  cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/

[c-nsp] Midpoint RSVP LSP stats

2023-09-28 Thread Mohammad Khalil via cisco-nsp

Greetings
I am looking for similar command to obtain forwarding information at the 
midpoint (no te interfaces)

https://www.juniper.net/documentation/us/en/software/junos/mpls/topics/ref/command/show-mpls-lsp.html

This is on NCS5500 therefore “traffic collector” is not supported.

___
cisco-nsp mailing list  cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/

[c-nsp] BGP Extended Communities

2023-09-10 Thread Mohammad Khalil via cisco-nsp

Greetings
Hope all is well.

I need to check if Juniper's BGP extended community settings are compatible 
with Cisco's BGP extended community settings.
Is it possible to intercommunicate Juniper's BGP extended community with Cisco 
BGP extended community ?
Defining BGP Extended Communities for Use in Routing Policy Match Conditions
https://www.juniper.net/documentation/us/en/software/junos/routing-policy/topics/concept/policy-defining-bgp-communities-and-extended-communities-for-use-in-routing-policy-match-conditions.html#understanding-how-to-define-bgp-communities-and-extended-communities__d53003e589

Am using C8500
___
cisco-nsp mailing list  cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/

Re: [c-nsp] BGP Routes

2023-03-14 Thread Mohammad Khalil via cisco-nsp

Thanks Saku and Gert for the kind replies , well received.

From: cisco-nsp  on behalf of Gert Doering 
via cisco-nsp 
Sent: Sunday, March 12, 2023 9:58 PM
To: Saku Ytti 
Cc: cisco-nsp@puck.nether.net 
Subject: Re: [c-nsp] BGP Routes

Hi,

On Sun, Mar 12, 2023 at 08:51:36PM +0200, Saku Ytti via cisco-nsp wrote:
> You might want add-path or best-external for predictability and
> improved convergence time.

Last time we did best-external with ASR9k it only worked in a useful
way if you are using labeled-unicast.  That was many years ago, so
it might have been fixed, but "test and expect surprises".

In our case, the effect was that the local router that exported
best-external to its peers was also installing the best-external
path into its local FIB, as a load-shared path(!).

So we had packets come in from uplink, the "good" path was "send
internal over our network", but half the packets got balanced
via the "best-external" path.  Intereresting isseus ensued.

To me this never made sense but TAC claimed "this is the way it is,
we're not considering this a bug, use labeled-unicast, then it will
work fine".  As we didn't use LU, I could not verify this.

gert
--
"If was one thing all people took for granted, was conviction that if you
 feed honest figures into a computer, honest figures come out. Never doubted
 it myself till I met a computer with a sense of humor."
 Robert A. Heinlein, The Moon is a Harsh Mistress

Gert Doering - Munich, Germany g...@greenie.muc.de
___
cisco-nsp mailing list  cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/

Re: [c-nsp] BGP Routes

2023-03-12 Thread Mohammad Khalil via cisco-nsp

Thanks for the hint , actually this is what I have been thinking of but was 
wondering how can I get more details or samples about that as a matter of proof.

From: cisco-nsp  on behalf of Mark Tinka via 
cisco-nsp 
Sent: Sunday, March 12, 2023 9:49 PM
To: cisco-nsp@puck.nether.net 
Subject: Re: [c-nsp] BGP Routes

On 3/12/23 20:21, Mohammad Khalil via cisco-nsp wrote:

> Greetings
> I have two ASR9K connected to different providers (Uplinks).
> I am receiving around 90K routes from each provider , as well , I have iBGP 
> between the ASR9K.
> What am noticing is that ASR9K1 is advertising around 87K to ASR9K2 where 
> ASR9Ks is advertising around 7K routes.
> Any hints?

A case of active routes being announced to neighbors, where active
routes = best routes/paths as seen from each router's point of view.

ASR9K1 has more routes with better paths toward destinations via its
upstream than ASR9K2 does.

Mark.
___
cisco-nsp mailing list  cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/
___
cisco-nsp mailing list  cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/

[c-nsp] BGP Routes

2023-03-12 Thread Mohammad Khalil via cisco-nsp

Greetings
I have two ASR9K connected to different providers (Uplinks).
I am receiving around 90K routes from each provider , as well , I have iBGP 
between the ASR9K.
What am noticing is that ASR9K1 is advertising around 87K to ASR9K2 where 
ASR9Ks is advertising around 7K routes.
Any hints?
___
cisco-nsp mailing list  cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/

[c-nsp] ASR9K HSRP Configuration

2020-08-28 Thread Mohammad Khalil

Greetings all
I am trying to bring up HSRP between ASR9Ks who are connected through bundle 
ether to N5K

RP/0/RSP0/CPU0:New9K1A#  sh run int Gi0/0/1/14
Fri Aug 28 01:38:25.742 CST
interface GigabitEthernet0/0/1/14
 description 5k1 - Eth1/1
 bundle id 405 mode active
 cdp
 speed 1000
 carrier-delay up 0 down 0
 transceiver permit pid all
!

RP/0/RSP0/CPU0:New9K1A#  sh run int Gi0/0/1/15
Fri Aug 28 01:38:27.157 CST
interface GigabitEthernet0/0/1/15
 description 5k2 - Eth1/1
 bundle id 405 mode active
 cdp
 speed 1000
 carrier-delay up 0 down 0
 transceiver permit pid all

I have established bundle ether 405 in between:

interface Bundle-Ether405
 description Bundle to NEW-NEXUS5k-1 & 2 - Eth1/1-2 (To use 10G later)
 lacp switchover suppress-flaps 300
 mlacp iccp-group 1
 mlacp switchover recovery-delay 60
 mac-address 5.5.5
 bundle wait-while 100
 bundle maximum-active links 4 hot-standby
 load-interval 30

RP/0/RSP0/CPU0:New9K1A#sh bundle bundle-ether 405
Fri Aug 28 01:39:16.413 CST

Bundle-Ether405
  Status:Up

ICCP is up and running:

RP/0/RSP0/CPU0:New9K1A#sh iccp group 1
Fri Aug 28 01:39:45.368 CST
Redundancy Group 1
  member ip:10.255.255.250 (New9K1B), up (connected)
monitor: route-watch (up)
  backbone interface Te0/0/2/0: up
  backbone interface Te0/0/2/1: up
  backbone interface Te0/0/2/2.15: down
  enabled applications: mLACP
  isolation recovery delay timer: 30 s, not running

I have established sub interface on the bundle ether:

interface Bundle-Ether405.3106
 vrf sme
 ipv4 address 10.95.10.125 255.255.255.224
 encapsulation dot1q 3106

On the 2nd ASR9K:
interface Bundle-Ether405.3106
 vrf sme
 ipv4 address 10.95.10.126 255.255.255.224
 encapsulation dot1q 3106

HSRP is not coming up:

BE405.3106 3359 110 P Active  local   unknown10.95.10.97

BE405.3106 3359 100   Initunknown unknown10.95.10.97

Am I missing something?

Thanks
___
cisco-nsp mailing list  cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/

[c-nsp] ASR9K Log Message

2020-07-14 Thread Mohammad Khalil

Greetings all
I have purchased new ASR9K and upgraded the software version to 6.7.1
I see the message of RP/0/RSP0/CPU0:Jul  2 14:05:23.286 CST: fib_mgr[228]: 
%ROUTING-FIB-4-RETRYDB_NONEMPTY : One or more FIB object(s) have been in IPv4 
retry queue for at least 120 seconds filling in the log file even though that 
the router is still not in the production.

RP/0/RSP0/CPU0:New9K1A#sh ver
Mon Jul 13 00:55:32.902 CST

Cisco IOS XR Software, Version 6.7.1[Default]
Copyright (c) 2020 by Cisco Systems, Inc.

ROM: System Bootstrap, Version 2.04(20140424:063844) [ASR9K ROMMON],

New9K1A uptime is 4 weeks, 2 days, 20 hours, 5 minutes
System image file is 
"bootflash:disk0/asr9k-os-mbi-6.7.1/0x10/mbiasr9k-rp.vm"

cisco ASR9K Series (P4040) processor with 8388608K bytes of memory.
P4040 processor at 1500MHz, Revision 3.0
ASR-9001 Chassis

Anyone faced something similar?

Thanks

BR,
Mohammad
___
cisco-nsp mailing list  cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/

[c-nsp] Csr1000v multicast deployment

2019-09-14 Thread Mohammad Khalil

Greetings
I am planning to conduct a POC at a customer side with gre over multicast 
deployment with the assistance of service provider.
Did anyone have any use case for such in order to highlight anything to be 
aware of as there are other competitors conducting as well.
Thanks

Get Outlook for Android
___
cisco-nsp mailing list  cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/

[c-nsp] ASA FPR Out-of-band Mgmt

2019-07-02 Thread Mohammad Khalil

Greetings All
I have Cisco ASA 5506-X w/ FirePOWER Services and am looking for an out-of-band 
management solution.
What options do I have?
I have found some documents talking about setting up a modem and connecting it 
to the RJ45 console port and am looking for other ways if doable.

Thanks
___
cisco-nsp mailing list  cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/

[c-nsp] Route installation/deletion time

2019-05-22 Thread Mohammad Khalil

Hello all
Is there a specific platform values for route installation and deletion time or 
formula?
Thanks

Get Outlook for Android

___
cisco-nsp mailing list  cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/

Re: [c-nsp] Log message / Memory Value

2018-11-18 Thread Mohammad Khalil

Dears
I can see the message disappearing on some switches and shows on others

Anyone faced something like this?

BR,
Mohammad

From: cisco-nsp  on behalf of Mohammad 
Khalil 
Sent: Wednesday, November 14, 2018 3:12 PM
To: cisco-nsp@puck.nether.net
Subject: [c-nsp] Log message / Memory Value

Dears
I have the below message eating my switches buffers
%PLATFORM-4-ELEMENT_WARNING:Switch 1 R0/0: smand:  1/RP/0: Used Memory value 
91% exceeds warning level 90%

cisco WS-C3650-48TD

Any hint?

BR,
Mohammad
___
cisco-nsp mailing list  cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/
___
cisco-nsp mailing list  cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/

[c-nsp] Log message / Memory Value

2018-11-14 Thread Mohammad Khalil

Dears
I have the below message eating my switches buffers
%PLATFORM-4-ELEMENT_WARNING:Switch 1 R0/0: smand:  1/RP/0: Used Memory value 
91% exceeds warning level 90%

cisco WS-C3650-48TD

Any hint?

BR,
Mohammad
___
cisco-nsp mailing list  cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/

[c-nsp] IOS Menu

2018-07-01 Thread Mohammad Khalil

Hello all

I was trying to configure the IOS menu on my WS-C3650-48TD switch but the menu 
command is not available , is it restricted to routers?


BR,

Mohammad
___
cisco-nsp mailing list  cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/

[c-nsp] Nexus Enhanced vPC

2017-07-27 Thread Mohammad Khalil

Hi all

I have installed version 7.3(0)DX(1) on my N7K and am facing issues with ports 
coming offline after 10-12 seconds during fallback


Anyone faced this issue?


Thanks in advance


BR,

Mohammad
___
cisco-nsp mailing list  cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/

[c-nsp] IT Assest/Inventory Management

2017-06-06 Thread Mohammad Khalil

Hi all and sorry for posting here regarding such a stuff , but am sure most of 
you experienced this

I am looking for a software for IT asset/inventory management , I am looking 
for a simple to manage and light to use even if it's paid!


Thanks


BR,

Mohammad
___
cisco-nsp mailing list  cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/

[c-nsp] ASR9K Software Recovery

2017-05-08 Thread Mohammad Khalil

Hi all

I have upgraded my router from 5.3.4 to 6.1.2 , and I have stuck at

Processor family/kernel mismatch (2/4)
Crash[0,0] at init_cpu line 220


Becuase I have discovered that RSP-8G is not supported on the 6.1.x train


I have 5.3.4 mini already , I just want to roll back to it


Any help?


Thanks


BR,

Mohammad
___
cisco-nsp mailing list  cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/

[c-nsp] Diagnostics Untested

2017-04-19 Thread Mohammad Khalil

Hi all

I have Cisco 3650 switch with Denali 16.03.03 software version , am trying to 
run diagnostics tests (all , memory , PoE) but in the output result I can see 
the code U which refers to Untested

diagnostic start switch 1 test all (which caused the switch to reload)

switch 1:   SerialNo : FDO2021E126

  Overall Diagnostic Result for switch 1 : PASS
  Diagnostic level at card bootup: minimal

  Test results: (. = Pass, F = Fail, U = Untested)

  ___

1) DiagGoldPktTest:

   Port  1  2  3  4  5  6  7  8  9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24
   
 U  U  U  U  U  U  U  U  U  U  U  U  U  U  U  U  U  U  U  U  U  U  U  U

   Port 25 26 27 28
   
 U  U  U  U


  Error code --> 3 (DIAG_SKIPPED)
  Total run count -> 0
  Last test testing type --> n/a
  Last test execution time > n/a
  First test failure time -> n/a
  Last test failure time --> n/a
  Last test pass time -> n/a
  Total failure count -> 0
  Consecutive failure count ---> 0
  ___

2) DiagThermalTest -> .

  Error code --> 0 (DIAG_SUCCESS)
  Total run count -> 53
  Last test testing type --> Health Monitoring
  Last test execution time > Apr 16 2017 13:10:21
  First test failure time -> n/a
  Last test failure time --> n/a
  Last test pass time -> Apr 16 2017 13:10:21
  Total failure count -> 0
  Consecutive failure count ---> 0
  ___

3) DiagFanTest -> .

  Error code --> 0 (DIAG_SUCCESS)
  Total run count -> 53
  Last test testing type --> Health Monitoring
  Last test execution time > Apr 16 2017 13:10:21
  First test failure time -> n/a
  Last test failure time --> n/a
  Last test pass time -> Apr 16 2017 13:10:21
  Total failure count -> 0
  Consecutive failure count ---> 0
  ___

4) DiagPhyLoopbackTest:

   Port  1  2  3  4  5  6  7  8  9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24
   
 U  U  U  U  U  U  U  U  U  U  U  U  U  U  U  U  U  U  U  U  U  U  U  U

   Port 25 26 27 28
   
 U  U  U  U


  Error code --> 3 (DIAG_SKIPPED)
  Total run count -> 0
  Last test testing type --> n/a
  Last test execution time > n/a
  First test failure time -> n/a
  Last test failure time --> n/a
  Last test pass time -> n/a
  Total failure count -> 0
  Consecutive failure count ---> 0
  ___

5) DiagScratchRegisterTest -> .

  Error code --> 0 (DIAG_SUCCESS)
  Total run count -> 53
  Last test testing type --> Health Monitoring
  Last test execution time > Apr 16 2017 13:10:25
  First test failure time -> n/a
  Last test failure time --> n/a
  Last test pass time -> Apr 16 2017 13:10:25
  Total failure count -> 0
  Consecutive failure count ---> 0
  ___

6) DiagPoETest -> U

  Error code --> 3 (DIAG_SKIPPED)
  Total run count -> 0
  Last test testing type --> n/a
  Last test execution time > n/a
  First test failure time -> n/a
  Last test failure time --> n/a
  Last test pass time -> n/a
  Total failure count -> 0
  Consecutive failure count ---> 0
  ___

7) DiagStackCableTest --> U

  Error code --> 3 (DIAG_SKIPPED)
  Total run count -> 0
  Last test testing type --> n/a
  Last test execution time > n/a
  First test failure time -> n/a
  Last test failure time --> n/a
  Last test pass time -> n/a
  Total failure count -> 0
  Consecutive failure count ---> 0

Re: [c-nsp] TCAM Utilization

2017-04-19 Thread Mohammad Khalil

Hi Peter , thanks for your mail

Actually my customer wants to use the latest release in the train

We found a command :

show platform hardware fed switch 1 fwd-asic resource tcam utilization

BR,

Mohammad

From: Peter Rathlev <pe...@rathlev.dk>
Sent: Wednesday, April 19, 2017 11:49 AM
To: Mohammad Khalil
Cc: cisco-nsp@puck.nether.net
Subject: Re: [c-nsp] TCAM Utilization

On Mon, 2017-04-17 at 11:43 +, Mohammad Khalil wrote:
> I have Cisco 3650 switch with Denali version 16.03.03
>
> I cannot find the command show platform tcam utilization asic all ,
> anyone aware of the equivalent ?

I tried "upgrading" a 3650 to 16.3.3 and I can also not find any
equivalent command concerning TCAM utilization.

I seems like Denali isn't yet really "ready" for the C3K-switches. I
see many commands relevant to ASR 920/1k but very few relevant to C3K.

I there any special reason you want to use 16.3.3? Some feature that
earlier (more C3K friendly) images do no have?

--
Peter

___
cisco-nsp mailing list  cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/

[c-nsp] TCAM Utilization

2017-04-17 Thread Mohammad Khalil

Hi all

I have Cisco 3650 switch with Denali version 16.03.03

I cannot find the command show platform tcam utilization asic all , anyone 
aware of the equivalent ?


Thanks in advance


BR,

Mohammad
___
cisco-nsp mailing list  cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/

Re: [c-nsp] Understanding A9K Power Status

2017-02-02 Thread Mohammad Khalil

Hi Jason

I have some old outputs from a ASR9010 box that is running code 4.2.3 , it 
might help:

RP/0/RSP0/CPU0:UM_HQ1_P_01#admin show install active summary

Mon Apr 18 20:10:32.696 AST
Default Profile:
  SDRs:
Owner
  Active Packages:
disk0:asr9k-p-4.2.3.CSCud37351-1.0.0
disk0:asr9k-p-4.2.3.CSCuc84257-1.0.0
disk0:asr9k-mini-p-4.2.3
disk0:asr9k-k9sec-p-4.2.3
disk0:asr9k-mpls-p-4.2.3
disk0:asr9k-p-4.2.3.CSCuh52959-1.0.0

RP/0/RSP0/CPU0:UM_HQ1_P_01#admin show platform

Mon Apr 18 20:10:34.655 AST
NodeType  State   Config State
-
0/RSP0/CPU0 A9K-RSP-4G(Active)IOS XR RUN   PWR,NSHUT,MON
0/RSP1/CPU0 A9K-RSP-4G(Standby)   IOS XR RUN   PWR,NSHUT,MON
0/FT0/SPFAN TRAY  READY
0/FT1/SPFAN TRAY  READY
0/0/CPU0A9K-2T20GE-B  IOS XR RUN   PWR,NSHUT,MON
0/4/CPU0A9K-MOD80-TR  IOS XR RUN   PWR,NSHUT,MON
0/4/0   A9K-MPA-20X1GEOK   PWR,NSHUT,MON
0/4/1   A9K-MPA-2X10GEOK   PWR,NSHUT,MON
0/PM0/SPA9K-3KW-ACREADYPWR,NSHUT,MON
0/PM1/SPA9K-3KW-ACREADYPWR,NSHUT,MON
0/PM3/SPA9K-3KW-ACREADYPWR,NSHUT,MON
0/PM4/SPA9K-3KW-ACREADYPWR,NSHUT,MON
RP/0/RSP0/CPU0:UM_HQ1_P_01#admin show inventory

Mon Apr 18 20:10:35.060 AST
NAME: "module 0/RSP0/CPU0", DESCR: "ASR9K Fabric, Controller, 4G memory"
PID: A9K-RSP-4G, VID: V03, SN: FOC15078EVW

NAME: "module compact-flash 0/RSP0/CPU0", DESCR: " CompactFlash "
PID: cFLASH, VID: N/A, SN: 0301

NAME: "module 0/RSP1/CPU0", DESCR: "ASR9K Fabric, Controller, 4G memory"
PID: A9K-RSP-4G, VID: V03, SN: FOC152284D7

NAME: "module compact-flash 0/RSP1/CPU0", DESCR: " CompactFlash"
PID: cFLASH, VID: N/A, SN: 0301

NAME: "fantray 0/FT0/SP", DESCR: "ASR-9010 Fan Tray"
PID: ASR-9010-FAN, VID: V02, SN: FOX1519XHM4

NAME: "fan0 0/FT0/SP", DESCR: "ASR9K Generic Fan"
PID:, VID: N/A, SN:

NAME: "fan1 0/FT0/SP", DESCR: "ASR9K Generic Fan"
PID:, VID: N/A, SN:

NAME: "fan2 0/FT0/SP", DESCR: "ASR9K Generic Fan"
PID:, VID: N/A, SN:

NAME: "fan3 0/FT0/SP", DESCR: "ASR9K Generic Fan"
PID:, VID: N/A, SN:

NAME: "fan4 0/FT0/SP", DESCR: "ASR9K Generic Fan"
PID:, VID: N/A, SN:

NAME: "fan5 0/FT0/SP", DESCR: "ASR9K Generic Fan"
PID:, VID: N/A, SN:

NAME: "fan6 0/FT0/SP", DESCR: "ASR9K Generic Fan"
PID:, VID: N/A, SN:

NAME: "fan7 0/FT0/SP", DESCR: "ASR9K Generic Fan"
PID:, VID: N/A, SN:

NAME: "fan8 0/FT0/SP", DESCR: "ASR9K Generic Fan"
PID:, VID: N/A, SN:

NAME: "fan9 0/FT0/SP", DESCR: "ASR9K Generic Fan"
PID:, VID: N/A, SN:

NAME: "fan10 0/FT0/SP", DESCR: "ASR9K Generic Fan"
PID:, VID: N/A, SN:

NAME: "fan11 0/FT0/SP", DESCR: "ASR9K Generic Fan"
PID:, VID: N/A, SN:

NAME: "fantray 0/FT1/SP", DESCR: "ASR-9010 Fan Tray"
PID: ASR-9010-FAN, VID: V02, SN: FOX1519XHM9

NAME: "fan0 0/FT1/SP", DESCR: "ASR9K Generic Fan"
PID:, VID: N/A, SN:

NAME: "fan1 0/FT1/SP", DESCR: "ASR9K Generic Fan"
PID:, VID: N/A, SN:

NAME: "fan2 0/FT1/SP", DESCR: "ASR9K Generic Fan"
PID:, VID: N/A, SN:

NAME: "fan3 0/FT1/SP", DESCR: "ASR9K Generic Fan"
PID:, VID: N/A, SN:

NAME: "fan4 0/FT1/SP", DESCR: "ASR9K Generic Fan"
PID:, VID: N/A, SN:

NAME: "fan5 0/FT1/SP", DESCR: "ASR9K Generic Fan"
PID:, VID: N/A, SN:

NAME: "fan6 0/FT1/SP", DESCR: "ASR9K Generic Fan"
PID:, VID: N/A, SN:

NAME: "fan7 0/FT1/SP", DESCR: "ASR9K Generic Fan"
PID:, VID: N/A, SN:

NAME: "fan8 0/FT1/SP", DESCR: "ASR9K Generic Fan"
PID:, VID: N/A, SN:

NAME: "fan9 0/FT1/SP", DESCR: "ASR9K Generic Fan"
PID:, VID: N/A, SN:

NAME: "fan10 0/FT1/SP", DESCR: "ASR9K Generic Fan"
PID:, VID: N/A, SN:

NAME: "fan11 0/FT1/SP", DESCR: "ASR9K Generic Fan"
PID:, VID: N/A, SN:

NAME: "module 0/0/CPU0", DESCR: "2-Port 10GE, 20-Port GE Line Card, Requires 
XFPs and SFPs"
PID: A9K-2T20GE-B, VID: V03, SN: FOC1509836M

NAME: "module mau TenGigE0/0/CPU0/0", DESCR: "Multirate 10GBASE-ER and 
OC-192/STM-64 IR-2 XFP, SMF"
PID: XFP-10GER-192IR+   , VID: V02 , SN: ONT174904JE

NAME: "module mau TenGigE0/0/CPU0/1", DESCR: "Multirate 10GBASE-LR and 
OC-192/STM-64 SR-1 XFP, SMF"
PID: XFP-10GLR-OC192SR  , VID: V04 , SN: SPC191801RR

NAME: "module mau GigabitEthernet0/0/CPU0/0", DESCR: "1000BASE-ZX SFP 
transceiver module, SMF, 1550nm, DOM"
PID: GLC-ZX-SMD , VID: V01 , SN: SPC1730039Y

NAME: "module mau GigabitEthernet0/0/CPU0/1", DESCR: "Unknown pluggable optics"
PID:, VID: N/A, SN: FNS160508RJ

NAME: "module mau GigabitEthernet0/0/CPU0/2", DESCR: "GE T"
PID:, VID: N/A, SN: MTC172404V4

NAME: "module mau GigabitEthernet0/0/CPU0/3", DESCR: "GE T"
PID:, VID: N/A, SN: MTC161002BE

NAME: "module mau GigabitEthernet0/0/CPU0/4", DESCR:

Re: [c-nsp] ospf mtr

2017-01-13 Thread Mohammad Khalil

Hi Lukasz

Am trying to configure OSPF MTR and examine functionality

I have used two different images:

c7200-adventerprisek9-mz.152-4.S2 and c7200-advipservicesk9-mz.152-4.S7

R1(config)#policy-map type class-routing ipv4 unicast MAP
% Can't provision policies of type 2


BR,

Mohammad



From: Łukasz Bromirski <luk...@bromirski.net>
Sent: Friday, December 12, 2014 11:21 PM
To: Mohammad Khalil
Cc: cisco-nsp@puck.nether.net
Subject: Re: [c-nsp] ospf mtr


> On 12 Dec 2014, at 21:56, Mohammad Khalil <eng_m...@hotmail.com> wrote:
>
> Hi all i am trying to configure osp mtr (multi-topology routing)
> When configuring the policy-map i get the error cant provision policies of 
> type 2 any ideas

What's the exact thing you're trying to achieve and what's
the exact error message you're getting?

For QoS with MTR enabled take a look here:
http://www.cisco.com/c/en/us/td/docs/ios-xml/ios/mtr/configuration/15-s/mtr-15-s-book/qos-mqc-support-mtr.html
[http://www.cisco.com/web/fw/i/logo-open-graph.gif]<http://www.cisco.com/c/en/us/td/docs/ios-xml/ios/mtr/configuration/15-s/mtr-15-s-book/qos-mqc-support-mtr.html>

Multitopology Routing Configuration Guide, Cisco IOS 
...<http://www.cisco.com/c/en/us/td/docs/ios-xml/ios/mtr/configuration/15-s/mtr-15-s-book/qos-mqc-support-mtr.html>
www.cisco.com
Multitopology Routing Configuration Guide, Cisco IOS Release 15S -QoS-MQC 
Support for MTR



--
"There's no sense in being precise when |   Łukasz Bromirski
 you don't know what you're talking |  jid:lbromir...@jabber.org
 about."   John von Neumann |http://lukasz.bromirski.net

___
cisco-nsp mailing list  cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/

Re: [c-nsp] Segment Routing

2017-01-07 Thread Mohammad Khalil

Hi Patrick

Thanks for your mail

What confuses me is that it's mentioned that the segment routing is supported 
with ISIS in Cisco IOS XE Everest 16.4.1 , the version I have I already used it 
for that as I pasted the configurations but regarding TE it's not


BR,

Mohammad Khalil


From: Patrick Cole <z...@amused.net>
Sent: Thursday, January 5, 2017 11:16 PM
To: Mohammad Khalil; cisco-nsp@puck.nether.net
Subject: Re: [c-nsp] Segment Routing

Mohammad,

If you look at the bottom of the document you will see that SR-TE is
requiring IOS XE Everest 16.4.1.

I had not seen this document, thanks - this answers my previous question
about the same thing.

Patrick

Thu, Jan 05, 2017 at 02:34:19PM +, Mohammad Khalil wrote:


>I am using the version csr1000v-universalk9.03.17.00.S.156-1.S-std to
>simulate the traffic engineering using segment routing as per the below
>link:
>
>
> http://www.cisco.com/c/en/us/td/docs/ios-xml/ios/seg_routing/configuration/xe-16/segrt-xe-16-book.pdf
Segment Routing Configuration Guide - Cisco 
Systems<http://www.cisco.com/c/en/us/td/docs/ios-xml/ios/seg_routing/configuration/xe-16/segrt-xe-16-book.pdf>
www.cisco.com
Segment Routing Configuration Guide Americas Headquarters Cisco Systems, Inc. 
170 West Tasman Drive San Jose, CA 95134-1706 USA http://www.cisco.com


>
>Segment Routing Configuration Guide - Cisco Systems
>www.cisco.com<http://www.cisco.com>
[http://upload.wikimedia.org/wikipedia/commons/thumb/6/64/Cisco_logo.svg/225px-Cisco_logo.svg.png]<http://www.cisco.com/>

Cisco Systems, Inc<http://www.cisco.com/>
www.cisco.com
Cisco (NASDAQ: CSCO) is the worldwide leader in IT that helps companies seize 
the opportunities of tomorrow by proving that amazing things can happen when 
you connect ...


>Segment Routing Configuration Guide Americas Headquarters Cisco Systems,
>Inc. 170 West Tasman Drive San Jose, CA 95134-1706 USA
>http://www.cisco.com
[http://upload.wikimedia.org/wikipedia/commons/thumb/6/64/Cisco_logo.svg/225px-Cisco_logo.svg.png]<http://www.cisco.com/>

Cisco Systems, Inc<http://www.cisco.com/>
www.cisco.com
Cisco (NASDAQ: CSCO) is the worldwide leader in IT that helps companies seize 
the opportunities of tomorrow by proving that amazing things can happen when 
you connect ...


>
>But am not able to find the needed commands under the tunnel interfaces
>configuration mode
>
>BR,
>
>Mohammad Khalil
>
>  --
>
>From: CiscoNSP List <cisconsp_l...@hotmail.com>
>Sent: Wednesday, January 4, 2017 12:35 PM
>To: Mark Tees; Aaron
>Cc: Mohammad Khalil; Patrick Cole; cisco-nsp@puck.nether.net
>Subject: Re: [c-nsp] Segment Routing
>
>
>I've yet to even test it, but am very keen to, and to hear from others who
>are testing/using it in production(If anyone is??)...but, the basic
>advantages of it - No LDP, No RSVP...just MPLS +IGP (ISIS/OSPF)...less
>protocols(Reduced complexity/Simpler).No LDP/IGP sync,
>automated/native FRR(Sub 50m/sec convergence) basically built for
>SDN/NVF
>
>LDP was created as a separate protocol to run alongside IGP simply to
>provide MPLS label distribution/bindingthey did this rather than
>modify IGPs to support MPLS natively...its basically gaffer tape  -
>Networks would be much simpler if IGP could accommodate label
>advertisementNo TE with LDP...LDP just follows IGPs best pathyou
>can play with metrics...but it's painful, and becomes extremely difficult
>to get granular control over how traffic flows...only option is to use
>RSVP-TE...yes, some use it, and it works well (auto-bandwidth etc)...but,
>it becomes extremely complex, and really only "course" levels of control
>and doesn't scale wellwith SR one could use "sdn" to steer certain
>traffic over different paths...eg voice over low latency path, web traffic
>over high latency path...or proactively make automatic changes based on
>the current state of the network(eg congestion, DDOS etc)lots of
>potentialbut still very very newlol, I wouldnt be deploying it
>into a production network just yet with sdn that automatically makes
>changes to how traffic paths...Maybe in a year or 2...Ill wait and see how
>it goes in the lab first 
>
>  --
>
>From: Mark Tees <markt...@gmail.com>
>Sent: Wednesday, 4 January 2017 5:52 PM
>To: Aaron
>Cc: Mohammad Khalil; Patrick Cole; CiscoNSP List;
>cisco-nsp@puck.nether.net
>Subject: Re: [c-nsp] Segment Routin

Re: [c-nsp] Segment Routing

2017-01-03 Thread Mohammad Khalil

Hi all

I have simulated (let us call it basic segment routing) using the below simple 
topology:


R1 -- CSR1 -- CSR2 -- CSR3 -- R2


Ping from R1 to R2 (CE to CE connectivity):


R1#ping 192.168.203.20
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 192.168.203.20, timeout is 2 seconds:
.
Success rate is 0 percent (0/5)


CSR1#show mpls forwarding-table
Local  Outgoing   Prefix   Bytes Label   Outgoing   Next Hop
Label  Label  or Tunnel Id Switched  interface
16 No Label   192.168.101.0/24[V]   \
   0 aggregate/MSSK
CSR2#show mpls forwarding-table
no MPLS apps enabled or MPLS not enabled on any interfaces

CSR3#show mpls forwarding-table
Local  Outgoing   Prefix   Bytes Label   Outgoing   Next Hop
Label  Label  or Tunnel Id Switched  interface
16 No Label   192.168.203.0/24[V]   \
   0 aggregate/MSSK

CSR1:
segment-routing mpls
 connected-prefix-sid-map
  address-family ipv4
   1.1.1.1/32 index 100
  exit-address-family

router isis 1
segment-routing mpls

CSR2:
segment-routing mpls
 connected-prefix-sid-map
  address-family ipv4
   2.2.2.2/32 index 200
  exit-address-family

router isis 1
segment-routing mpls

CSR3:
segment-routing mpls
 connected-prefix-sid-map
  address-family ipv4
   3.3.3.3/32 index 300
  exit-address-family

router isis 1
segment-routing mpls


CSR1#show mpls forwarding-table
Local  Outgoing   Prefix   Bytes Label   Outgoing   Next Hop
Label  Label  or Tunnel Id Switched  interface
16 No Label   192.168.101.0/24[V]   \
   570   aggregate/MSSK
17 Pop Label  ..0002-Gi1-192.168.12.2   \
   0 Gi1192.168.12.2
16200  Pop Label  2.2.2.2/32   0 Gi1192.168.12.2
16300  16300  3.3.3.3/32   0 Gi1192.168.12.2


CSR2#show mpls forwarding-table
Local  Outgoing   Prefix   Bytes Label   Outgoing   Next Hop
Label  Label  or Tunnel Id Switched  interface
16 Pop Label  ..0001-Gi1-192.168.12.1   \
   0 Gi1192.168.12.1
17 Pop Label  ..0003-Gi2-192.168.23.3   \
   0 Gi2192.168.23.3
16100  Pop Label  1.1.1.1/32   1098  Gi1192.168.12.1
16300  Pop Label  3.3.3.3/32   1098  Gi2192.168.23.3


CSR3#show mpls forwarding-table
Local  Outgoing   Prefix   Bytes Label   Outgoing   Next Hop
Label  Label  or Tunnel Id Switched  interface
16 No Label   192.168.203.0/24[V]   \
   570   aggregate/MSSK
17 Pop Label  ..0002-Gi1-192.168.23.2   \
   0 Gi1192.168.23.2
16100  16100  1.1.1.1/32   0 Gi1192.168.23.2
16200  Pop Label  2.2.2.2/32   0 Gi1192.168.23.2


CSR1#show ip cef 3.3.3.3/32
3.3.3.3/32
  nexthop 192.168.12.2 GigabitEthernet1 label 16300()

CSR3#show ip cef 1.1.1.1/32
1.1.1.1/32
  nexthop 192.168.23.2 GigabitEthernet1 label 16100()


R1#ping 192.168.203.20
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 192.168.203.20, timeout is 2 seconds:
!
Success rate is 100 percent (5/5), round-trip min/avg/max = 28/56/72 ms


CSR1#show isis segment-routing
 ISIS protocol is registered with MFI
 ISIS MFI Client ID:0x63
 Tag 1 - Segment-Routing:
   SR State:SR_ENABLED
   Number of SRGB:1
   SRGB Start:16000, Range:8000, srgb_handle:0x7F25A007F490, srgb_state: created
   Address-family IPv4 unicast SR is configured
 Operational state:Enabled
 Receive is enabled
 Advertise local is disabled
 Explicit null is disabled
 SR label preferred is disabled

CSR3#show isis segment-routing
 ISIS protocol is registered with MFI
 ISIS MFI Client ID:0x63
 Tag 1 - Segment-Routing:
   SR State:SR_ENABLED
   Number of SRGB:1
   SRGB Start:16000, Range:8000, srgb_handle:0x7FBE8DB056F8, srgb_state: created
   Address-family IPv4 unicast SR is configured
 Operational state:Enabled
 Receive is enabled
 Advertise local is disabled
 Explicit null is disabled
 SR label preferred is disabled

CSR1#show segment-routing mpls state
 Segment Routing MPLS State : ENABLED

CSR3#show segment-routing mpls state
 Segment Routing MPLS State : ENABLED


I will try to search for traffic engineering using SR


BR,

Mohammad



From: cisco-nsp  on behalf of Patrick Cole 

Sent: Sunday, January 1, 2017 5:56 AM
To: CiscoNSP List
Cc: cisco-nsp@puck.nether.net
Subject: Re: [c-nsp] Segment Routing

Hijacking

Re: [c-nsp] VPLS Autodiscovery Redundant CE

2016-12-28 Thread Mohammad Khalil

Thanks a lot Nick for your comments

My customer is heavily deploying VPLS with autodiscovery , if I want to suggest 
replacement what will be the best options?

Most of the PEs are ASR903 and ASR920 with few ASR9K

BR,

Mohammad

From: Nick Hilliard <n...@foobar.org>
Sent: Wednesday, December 28, 2016 2:33 PM
To: Mohammad Khalil
Cc: cisco-nsp@puck.nether.net
Subject: Re: [c-nsp] VPLS Autodiscovery Redundant CE

Mohammad Khalil wrote:
>  Hi Nick and thanks for the kind reply
>
> You mean something such as below (I tested it yesterday):
>
> l2vpn xconnect context MSSK
>  interworking ethernet
>  member 1.1.1.1 100 encapsulation mpls group GRP priority 9
>  member 3.3.3.3 100 encapsulation mpls group GRP priority 10
>  member GigabitEthernet3 service-instance 100

yes, something like that would be necessary.  I haven't used vpls PE
redundancy myself, so can't confirm whether this configuration will
actually work correctly, but bgp autodiscovery will definitely not work.
 Also, you should think long and hard about whether vpls (with or
without redundancy) is a feature that you want to use in production. It
has a lot of failure modes which can lead to catastrophic network failure.

Also, asciiflow.com is really useful for creating diagrams.

Nick
___
cisco-nsp mailing list  cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/

Re: [c-nsp] VPLS Autodiscovery Redundant CE

2016-12-28 Thread Mohammad Khalil

 Hi Nick and thanks for the kind reply

You mean something such as below (I tested it yesterday):


l2vpn xconnect context MSSK
 interworking ethernet
 member 1.1.1.1 100 encapsulation mpls group GRP priority 9
 member 3.3.3.3 100 encapsulation mpls group GRP priority 10
 member GigabitEthernet3 service-instance 100


BR,

Mohammad


From: Nick Hilliard <n...@foobar.org>
Sent: Wednesday, December 28, 2016 1:51 PM
To: Mohammad Khalil
Cc: cisco-nsp@puck.nether.net
Subject: Re: [c-nsp] VPLS Autodiscovery Redundant CE

Mohammad Khalil wrote:
> l2vpn vfi context MSSK
>  vpn id 100
>  autodiscovery bgp signaling ldp

vpls autodiscovery doesn't support PE redundancy. You'll need to
statically configure your l2vpn members:

> http://www.cisco.com/c/en/us/td/docs/ios-xml/ios/mp_l2_vpns/configuration/xe-3s/mp-l2-vpns-xe-3s-book/mp-hvpls-npe-red-mpls-access.html#GUID-62D62424-1571-4883-9917-20BC610D6A1D

Nick
___
cisco-nsp mailing list  cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/

[c-nsp] VPLS Autodiscovery Redundant CE

2016-12-28 Thread Mohammad Khalil

Hi all

I have the below topology:

CE1 -- CSR1 -- CSR2 -- CE2

|    \  CSR3  /


I have configured full mesh iBGP between the CSR routers under the l2vpn vpls 
address-family

Below is the respective VPN configuration:


CSRs:

l2vpn vfi context MSSK
 vpn id 100
 autodiscovery bgp signaling ldp


bridge-domain 100
 member GigabitEthernet3 service-instance 100
 member vfi MSSK


interface GigabitEthernet3

service instance 100 ethernet

encapsulation dot1q 100


CEs:

interface FastEthernet1/1

switchport trunk encapsulation dot1q

switchport mode trunk

interface vlan 100

ip address 10.10.100.1 255.255.255.0 (CE2 is configured with 10.10.100.2)


Now , the issue is that when I shutdown CSR3 G3 interface (Connected to CE1) , 
I lose connectivity between the CEs even though the L2VPN is established among 
all PEs , as well , when I check the show bgp l2vpn vpls all I cannot figure 
out which one is preferred

Thanks


BR,

Mohammad

___
cisco-nsp mailing list  cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/

[c-nsp] ISR4331 QoS

2016-11-24 Thread Mohammad Khalil

Am trying to deploy a simple QoS template on my ISR 4331 (which was working 
fine on my 2900 router) , but seems am missing something?

class-map match-any VIDEO-Traffic
 match access-group 101
class-map match-any VOICE-Traffic
 match access-group 103
!
policy-map JCB-QOS-POLICY
 class VIDEO-Traffic
  police cir  100
 class VOICE-Traffic
  police  cir  512000
 class class-default
  shape average 2488000

access-list 101 permit ip 200.80.2.200 0.0.0.7 any
access-list 101 permit ip 200.80.2.208 0.0.0.7 any
access-list 101 permit ip 200.80.2.216 0.0.0.7 any
access-list 101 permit ip 200.80.2.224 0.0.0.7 any
access-list 101 deny   ip any any
access-list 103 permit ip host 200.80.2.137 any
access-list 103 permit ip host 200.80.2.125 any
access-list 103 permit ip host 200.80.2.126 any
access-list 103 permit ip host 200.80.2.120 any
access-list 103 permit ip host 200.80.2.124 any
access-list 103 permit ip host 200.80.2.129 any
access-list 103 permit ip host 200.80.2.128 any
access-list 103 permit ip host 200.80.2.122 any
access-list 103 deny   ip any any

interface GigabitEthernet0/0/1.808
 bandwidth 4096
 encapsulation dot1Q 808
 ip address 10.80.2.2 255.255.255.252
 delay 100
 no cdp enable
 service-policy output JCB-QOS-POLICY


I have also tried to configure nested (parent/child) without any luck


Could it possible that something changed regarding QoS on sub-interface ? it 
might work if the service-policy applied directly under the physical interface?


BR,

Mohammad
___
cisco-nsp mailing list  cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/

[c-nsp] ASR9K ABF

2016-09-18 Thread Mohammad Khalil

Hi all

I have a question regarding ABF setup on ASR9K

Should the ACL applied on an interface defines an IP range different than the 
IP address configured on the input interface?

For example:

ipv4 access-list ABF
10 permit ipv4 192.168.199.0/24 any nexthop1 vrf INSIDE-1 ipv4 9.9.9.2 nexthop2 
vrf INSIDE-1-BACKUP ipv4 19.19.19.2
20 permit ipv4 any any

Now , the ingress interface is configured as below:

interface GigabitEthernet0/0/0/9
description Inside_Traffic
ipv4 address 192.168.199.1 255.255.255.0
ipv4 access-group ISM_ABF ingress


The ACL is not working , the IP address configured under the interface matches 
the IP address inside the ACL , could that be the reason for this not to work?


Thanks


BR,

Mohammad
___
cisco-nsp mailing list  cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/

Re: [c-nsp] CGN ISM N:1 ABF-Based Redundancy

2016-08-22 Thread Mohammad Khalil

Regarding the ABF redundancy , I have tested the configuration below yesterday 
, please find my comments and appreciate your help:

vrf INSIDE-1
 address-family ipv4 unicast

vrf INSIDE-1-BACKUP
 address-family ipv4 unicast

hw-module service cgn location 0/1/CPU0
hw-module service cgn location 0/2/CPU0

ipv4 access-list ISM_ABF
 10 permit ipv4 192.168.199.0/24 any nexthop1 vrf INSIDE-1 ipv4 9.9.9.2 
nexthop2 vrf INSIDE-1-BACKUP ipv4 19.19.19.2
 20 permit ipv4 any any

interface GigabitEthernet0/0/0/9
 description Inside_Traffic
 ipv4 address 192.168.199.1 255.255.255.0
 ipv4 access-group ISM_ABF ingress

interface ServiceApp1
 vrf INSIDE-1
 ipv4 address 9.9.9.1 255.255.255.252
 service cgn cgn1 service-type nat44

interface ServiceApp2
 ipv4 address 10.10.10.1 255.255.255.252
 service cgn cgn1 service-type nat44

interface ServiceApp3
 vrf INSIDE-1-BACKUP
 ipv4 address 19.19.19.1 255.255.255.252
 service cgn cgn2 service-type nat44

interface ServiceApp4
 ipv4 address 20.20.20.1 255.255.255.252
 service cgn cgn2 service-type nat44

interface ServiceInfra1
 ipv4 address 10.89.89.1 255.255.255.0
 service-location 0/1/CPU0

interface ServiceInfra2
 ipv4 address 10.93.93.1 255.255.255.0
 service-location 0/2/CPU0

router static
 address-family ipv4 unicast
  0.0.0.0/0 172.66.66.65
  85.159.218.160/27 ServiceApp4
  85.159.218.192/27 ServiceApp2

 vrf INSIDE-1
  address-family ipv4 unicast
   0.0.0.0/0 ServiceApp1

 vrf INSIDE-1-BACKUP
  address-family ipv4 unicast
   0.0.0.0/0 ServiceApp3

service cgn cgn1
 service-location preferred-active 0/1/CPU0
 service-type nat44 nat1
  portlimit 4096
  alg ActiveFTP
  inside-vrf INSIDE-1
   map outsideServiceApp ServiceApp2 address-pool 85.159.218.192/27

  protocol udp
   session initial timeout 240
   session active timeout 600

  protocol tcp
   session initial timeout 240
   session active timeout 600

  protocol icmp
   timeout 60

  refresh-direction Outbound

service cgn cgn2
 service-location preferred-active 0/2/CPU0
 service-type nat44 nat2
  portlimit 4096
  alg ActiveFTP

  inside-vrf INSIDE-1-BACKUP
   map outsideServiceApp ServiceApp4 address-pool 85.159.218.160/27

  protocol udp
   session initial timeout 240
   session active timeout 600

  protocol tcp
   session initial timeout 240
   session active timeout 600

  protocol icmp
   timeout 60

  refresh-direction Outbound

The G0/0/0/9 interface is where the host is connected (incoming traffic) , I 
have removed the VRF binding from it and kept it in the global routing table 
but it did not work
When I bind the interface to VRF INSIDE-1 , it works with ABF applied
When I bind the interface to VRF INSIDE-1-BACKUP with ABF applied , it do not 
work , when I remove the ABF it works
As well , when the ABF applied , I can access the Internet , but there is no 
output in the show cgn nat44 nat1 statistics or show cgn nat44 nat2 statistics
What is wrong with the configuration I have done ? by the way , I have removed 
the VRF OUTSIDE because am using the outside serviceapp interface and the pool 
mapping under the service cgn configuration as you can see above




From: Richard <rgolod...@infratection.com>
Sent: Wednesday, August 3, 2016 1:49 AM
To: Mohammad Khalil
Subject: Re: [c-nsp] CGN ISM N:1 ABF-Based Redundancy


Mohammad, just curious if your 3-G ACL statement is working as that was the 
only issue I saw in the forum. If the ASK-9 is the gateway, the ACL should be 
applied to the interface that TX's the 3-G.

Have you tested warm stand-by with moderate amounts of traffic and it was good? 
I would say you are ready to put it into production.

Let me ask though, is there one specific issue that you want looked at? I don't 
have any full configs as i give them to the customer and they give me a copy me 
if i need them.

If I can be of help, please let me know.

Sincerely, Richard

On 08/02/2016 02:27 AM, Mohammad Khalil wrote:
https://supportforums.cisco.com/document/11939006/cgv6-ism-cgnnat44-deployment-guide#comment-11519566

Thanks Richard

> Subject: Re: [c-nsp] CGN ISM N:1 ABF-Based Redundancy
> To: eng_m...@hotmail.com<mailto:eng_m...@hotmail.com>
> From: rgolod...@infratection.com<mailto:rgolod...@infratection.com>
> Date: Sun, 31 Jul 2016 15:46:26 -0500
>
> On 07/31/2016 03:26 AM, Mohammad Khalil wrote:
>
> > Hi Dears
> >
> > I am the process of deploying N:1 ABF-Based Redundancy for two ISM 
> > installed on the same chassis
> >
> > I have read the configuration notes in the below link:
> >
> > https://supportforums.cisco.com/document/11939006/cgv6-ism-cgnnat44-depl...
> >
> > I just want to know if anyone can share full configuration
> >
> > I have tested warm stand-by redundancy and it worked like a charm
> >
> > Thanks in advance
> >
> >
> > BR,
> >
> > Mohammad
> >
> > _

Re: [c-nsp] Design Case

2016-08-15 Thread Mohammad Khalil

Thanks Mark for the feedback
So , applying a routing protocol (I think RIP will be find in such an 
implementation?) and enable MPLS on the point to point interfaces?

BR,
Mohammad

Subject: Re: [c-nsp] Design Case
To: eng_m...@hotmail.com; cisco-nsp@puck.nether.net
From: mark.ti...@seacom.mu
Date: Mon, 15 Aug 2016 13:11:09 +0200

On 15/Aug/16 12:54, Mohammad Khalil
  wrote:

  Hi all
I have 7 switches that will be connected as Ring topology
In the coming future , each one of these switches will be connected to other 
switches to form sub-rings 
Number of Vlans in use are within 3 - 5 Vlans
One of these switches will be connected to a firewall (each Vlan GW is a 
sub-interface on the FW)
Now , what I was thinking of , should I use REP ? will that cause a problem 
with the sub-rings ? 
Or
 should I implement routing on the main ring and keep Layer 2 active on 
the sub-rings ? or should I keep default STP running inside the network ?

If these are IP-capable switches, go IP (if MPLS is possible, even
better). Stay away from Layer 2 core rings if you can help it.

Mark.

___
cisco-nsp mailing list  cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/

[c-nsp] Design Case

2016-08-15 Thread Mohammad Khalil

Hi all
I have 7 switches that will be connected as Ring topology
In the coming future , each one of these switches will be connected to other 
switches to form sub-rings 
Number of Vlans in use are within 3 - 5 Vlans
One of these switches will be connected to a firewall (each Vlan GW is a 
sub-interface on the FW)
Now , what I was thinking of , should I use REP ? will that cause a problem 
with the sub-rings ? 
Or
 should I implement routing on the main ring and keep Layer 2 active on 
the sub-rings ? or should I keep default STP running inside the network ?

Thanks

BR,
Mohammad
  
___
cisco-nsp mailing list  cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/

[c-nsp] CGN ISM N:1 ABF-Based Redundancy

2016-07-31 Thread Mohammad Khalil

Hi Dears

I am the process of deploying N:1 ABF-Based Redundancy for two ISM installed on 
the same chassis

I have read the configuration notes in the below link:

https://supportforums.cisco.com/document/11939006/cgv6-ism-cgnnat44-depl...

I just want to know if anyone can share full configuration

I have tested warm stand-by redundancy and it worked like a charm

Thanks in advance


BR,

Mohammad
  
___
cisco-nsp mailing list  cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/

Re: [c-nsp] Modify access list via SNMP

2016-07-12 Thread Mohammad Khalil

Check the below link , it might help you
https://supportforums.cisco.com/discussion/10732136/snmp-modify-or-add-acl

BR,
Mohammad

> Date: Tue, 12 Jul 2016 15:37:37 +0300
> From: ro...@kharkov.org.ua
> To: cisco-nsp@puck.nether.net
> Subject: [c-nsp] Modify access list via SNMP
> 
> Hi,
> 
> We  have  ASR 1002 and i want modify access list (add\remove entries)
> via  SNMP, this is possible yet? Can someone show me links where i can
> get  info  about  this. If you have some examples this will be good also.
> Thanks.
> 
> Regards,
> 
> ___
> cisco-nsp mailing list  cisco-nsp@puck.nether.net
> https://puck.nether.net/mailman/listinfo/cisco-nsp
> archive at http://puck.nether.net/pipermail/cisco-nsp/
  
___
cisco-nsp mailing list  cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/

Re: [c-nsp] MPLS route reflectors

2016-05-24 Thread Mohammad Khalil

Thanks Gert :)

BR,

> Date: Tue, 24 May 2016 10:20:08 +0200
> From: g...@greenie.muc.de
> To: san...@steffann.nl
> CC: eng_m...@hotmail.com; g...@greenie.muc.de; cisco-nsp@puck.nether.net
> Subject: Re: [c-nsp] MPLS route reflectors
> 
> Hi,
> 
> On Tue, May 24, 2016 at 10:14:31AM +0200, Sander Steffann wrote:
> > > AS well , will Cisco VXR7206 NPE-2G will be of good choice?
> > 
> > Please read the "fast CPU and lots of memory" bit again...
> 
> The G2 isn't *that* bad... :-) - but an ASR1k would indeed run circles
> around it, as would a CSR1000v on a decent current server.
> 
> gert
> -- 
> USENET is *not* the non-clickable part of WWW!
>//www.muc.de/~gert/
> Gert Doering - Munich, Germany g...@greenie.muc.de
> fax: +49-89-35655025g...@net.informatik.tu-muenchen.de
  
___
cisco-nsp mailing list  cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/

Re: [c-nsp] MPLS route reflectors

2016-05-24 Thread Mohammad Khalil

Got you Sander :)
But I think CSR1000V will do what I need because it looks like a PC right ? :)

BR,

> Subject: Re: [c-nsp] MPLS route reflectors
> From: san...@steffann.nl
> Date: Tue, 24 May 2016 10:18:05 +0200
> CC: g...@greenie.muc.de; cisco-nsp@puck.nether.net
> To: eng_m...@hotmail.com
> 
> > Sorry Sander , I did but am just trying to evaluate what my customer 
> > already have in stock
> 
> They don't have a PC with a decent amount of CPU and memory? Look further 
> than router hardware :-)  Router hardware is good at forwarding packets, 
> which is the opposite of what you need.
> 
> Cheers,
> Sander
> 
  
___
cisco-nsp mailing list  cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/

Re: [c-nsp] MPLS route reflectors

2016-05-24 Thread Mohammad Khalil

Sorry Sander , I did but am just trying to evaluate what my customer already 
have in stock

> Subject: Re: [c-nsp] MPLS route reflectors
> From: san...@steffann.nl
> Date: Tue, 24 May 2016 10:14:31 +0200
> CC: g...@greenie.muc.de; cisco-nsp@puck.nether.net
> To: eng_m...@hotmail.com
> 
> > Thanks all , so the best option to follow is either ASR1001-X or CSR1000v 
> > right?
> > AS well , will Cisco VXR7206 NPE-2G will be of good choice?
> 
> Please read the "fast CPU and lots of memory" bit again...
> 
  
___
cisco-nsp mailing list  cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/

Re: [c-nsp] MPLS route reflectors

2016-05-24 Thread Mohammad Khalil

Thanks all , so the best option to follow is either ASR1001-X or CSR1000v right?
AS well , will Cisco VXR7206 NPE-2G will be of good choice?

> Subject: Re: [c-nsp] MPLS route reflectors
> From: san...@steffann.nl
> Date: Tue, 24 May 2016 10:03:20 +0200
> CC: eng_m...@hotmail.com; cisco-nsp@puck.nether.net
> To: g...@greenie.muc.de
> 
> > On Tue, May 24, 2016 at 10:53:50AM +0300, Mohammad Khalil wrote:
> >> I am limited to the below choices:
> >> ASR920 and ASR903 , what to choose?
> > 
> > Neither one is a particular BGP-RR-oriented platform.
> > 
> > What you want is something with a fast CPU and lots of memory, and you
> > don't care about interfaces, forwarding hardware, etc.
> 
> A.k.a. a PC :)
> Sander
> 
  
___
cisco-nsp mailing list  cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/

Re: [c-nsp] MPLS route reflectors

2016-05-24 Thread Mohammad Khalil

I am limited to the below choices:
ASR920 and ASR903 , what to choose?

BR,
Mohammad

> From: soltan...@gmail.com
> To: mkkai...@gmail.com; eng_m...@hotmail.com; cisco-nsp@puck.nether.net
> Subject: RE: [c-nsp] MPLS route reflectors
> Date: Mon, 25 Apr 2016 13:51:49 +0430
> 
> Hi
> In addition of CSR1000v, Router C7200 Series are a good choice if 
> Route-Reflector is not in the path of traffic. We even used some lower 
> platforms such as C2800. 
> Another consideration is which AFI/SAFI you are going to use. Some of these 
> devices may not support some Address families for example pbb-evpn is only 
> supported on XR series. Pbb-evpn route-reflector is only supported on CSR1000v
> 
> Regards
> Alireza
> 
> -Original Message-
> From: cisco-nsp [mailto:cisco-nsp-boun...@puck.nether.net] On Behalf Of ? 
> ??????
> Sent: Monday, April 25, 2016 1:08 PM
> To: Mohammad Khalil <eng_m...@hotmail.com>; cisco-nsp@puck.nether.net
> Subject: Re: [c-nsp] MPLS route reflectors
> 
> Hello Muhammad!
> If you use Cisco and can use Virtual Routers on network Cisco CSR1000v will 
> your best choise. Many guys from list will recomend it for you.
> 
> 2016-04-25 11:33 GMT+03:00 Mohammad Khalil <eng_m...@hotmail.com>:
> 
> > Hi all
> > I have MPLS network with OSPF as the underlying IGP , my current two 
> > route reflectors are ASR9010 The  current design is in-band route 
> > reflection , what am trying to implement is to pull out these two 
> > routers and use them as MPLS PE and change the route reflection model 
> > to out-of-band So , I want to use lower series (as am going with 
> > out-of-band) what are the most appropriate model/series to use/deploy?
> > Thanks
> > BR,
> > Mohammad
> > ___
> > cisco-nsp mailing list  cisco-nsp@puck.nether.net 
> > https://puck.nether.net/mailman/listinfo/cisco-nsp
> > archive at http://puck.nether.net/pipermail/cisco-nsp/
> >
> 
> 
> 
> --
> *__*
> *С Уважением*
> *Каипов Мурат*
> 
> *тел: +7(940)9910142*
> 
> *e-mail: mkkai...@gmail.com <mkkai...@gmail.com>*Человек, который придумает, 
> как бить людей в лицо через интернет, заработает миллионы.(с) 
> ___
> cisco-nsp mailing list  cisco-nsp@puck.nether.net 
> https://puck.nether.net/mailman/listinfo/cisco-nsp
> archive at http://puck.nether.net/pipermail/cisco-nsp/
> 
  
___
cisco-nsp mailing list  cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/

Re: [c-nsp] ASR920 vs ASR1001-x

2016-05-17 Thread Mohammad Khalil

Hi all
I am trying to change the design of my MPLS network from in-band RR to 
out-of-band RR 
Will the ASR920 be a good option ?

Thanks

BR,
Mohammad

> From: c...@marenda.net
> To: sth...@nethelp.no; mark.ti...@seacom.mu
> Date: Sat, 30 Apr 2016 13:39:25 +0200
> Subject: Re: [c-nsp] ASR920 vs ASR1001-x
> CC: cisco-nsp@puck.nether.net
> 
> 
> Even a 3COM 4200G is called a "layer 3 switch"
> (but it's very limited : 
>  " 32 static routes
> 8 IP  interfaces
>   Hardware based routing" 
>  (from an ancient datasheet)
> 
> That's just marketing clouds ... tons of features, often mutex;
> so they will not fly as a cloud should.
> 
> (The mentioned device and it's successors work quite well
> for their target market as "full manageable" L2 device .)
> 
> Today, a bridge with some hardware-speed-up is called a "switch" even if it
> does only store-and-forward;
> "switch" was the name for such a device with "cut through" and minimal
> Number of Ethernet-frame bits delay (6 Octets for the destination-MAC plus
> some bits for setup up the path to the output port).
> 
> A L3 Switch would be a similar device, looking into L3 info 
>  which is "later" in the paket (and sometimes on variable place to
> complicate this)
> so the minimum delay ( with real switching - not store-and-forward ) must be
> higher.
> 
> Everything else forwarding on L3 (per "store and forward") should be just
> called "router" 
> even when it's quite fast due to high CPU or hardware-based acceleration.
> 
> just my 0.01 $
> 
> Juergen.
> 
> -Ursprüngliche Nachricht-
> Von: cisco-nsp [mailto:cisco-nsp-boun...@puck.nether.net] Im Auftrag von
> sth...@nethelp.no
> Gesendet: Freitag, 29. April 2016 12:36
> An: mark.ti...@seacom.mu
> Cc: cisco-nsp@puck.nether.net
> Betreff: Re: [c-nsp] ASR920 vs ASR1001-x
> 
> > > ASR920 is more like a switch.
> > Not really - it's actually a router.
> > It just looks like a switch.
> 
> Interesting - one of our local Cisco distributors, in a meeting with us and
> with Cisco people present, repeatedly called ASR920 a Layer 3 switch.
> With no protest from the Cisco representatives.
> 
> 
> 
> ___
> cisco-nsp mailing list  cisco-nsp@puck.nether.net
> https://puck.nether.net/mailman/listinfo/cisco-nsp
> archive at http://puck.nether.net/pipermail/cisco-nsp/
  
___
cisco-nsp mailing list  cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/

[c-nsp] MPLS route reflectors

2016-04-25 Thread Mohammad Khalil

Hi all
I have MPLS network with OSPF as the underlying IGP , my current two route 
reflectors are ASR9010
The
 current design is in-band route reflection , what am trying to 
implement is to pull out these two routers and use them as MPLS PE and 
change the route reflection model to out-of-band
So , I want to use lower series (as am going with out-of-band)
what are the most appropriate model/series to use/deploy?
Thanks
BR,
Mohammad  
___
cisco-nsp mailing list  cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/

Re: [c-nsp] Cisco Juniper Xconnect

2016-04-24 Thread Mohammad Khalil

Thanks a lot dear for support and the explanation

BR,

Date: Sun, 24 Apr 2016 16:37:13 +0430
Subject: Re: [c-nsp] Cisco Juniper Xconnect
From: soltan...@gmail.com
To: eng_m...@hotmail.com
CC: cisco-nsp@puck.nether.net

No unfortunately but CSR1000v use same configuration as IOS.For Juniper I did 
not use Olive for this. I use M320 series. I must mention L2VPN is really 
hardware dependent in Juniper and features is very different with different 
types of modules and Chassis.Normally this issue of your happens when PE wants 
to remove VPN label and add VLAN TAG

On Sunday, April 24, 2016, Mohammad Khalil <eng_m...@hotmail.com> wrote:

U mean this line : set interfaces em1 unit 23 family ccc ?
I have removed it 
The VLAN-ID already match on both ends which is 23 the same as the VCID , I 
have changed to 520 

I will try to use CSR1000v and check what will happen
Can you please post the template you are following?

Thanks a lot

Date: Sun, 24 Apr 2016 16:26:52 +0430
Subject: Re: [c-nsp] Cisco Juniper Xconnect
From: soltan...@gmail.com
To: eng_m...@hotmail.com
CC: cisco-nsp@puck.nether.net

HiI am not sure but the last line is not required. Also please try same VLAN-ID 
on both side. Also choose VLAN-ID higher than 512. If this does not work then 
Olive does not support L2VPN. At least with GNS3.If you can please do the test 
with CSR1000v and JunOS olive and over VMWare instead of VirtualBOX
RegardsAlireza

On Sunday, April 24, 2016, Mohammad Khalil <eng_m...@hotmail.com> wrote:

root# show interfaces em0 | display set
set interfaces em0 mtu 1514
set interfaces em0 unit 0 family inet address 192.168.101.10/24
set interfaces em0 unit 0 family mpls

[edit]
root# show interfaces em1 | display set
set interfaces em1 vlan-tagging
set interfaces em1 unit 23 encapsulation vlan-ccc
set interfaces em1 unit 23 vlan-id 23
set interfaces em1 unit 23 family ccc

No not at all. If there is an MTU issue then your L2VPN will be down. Would you 
please resend interface configuration on JunOs?

On Sunday, April 24, 2016, Mohammad Khalil <eng_m...@hotmail.com> wrote:

Thanks dear
I have removed the below lines

R2 (CE connected to Cisco)
R2#sh ip arp
Protocol  Address  Age (min)  Hardware Addr   Type   Interface
Internet  192.168.23.2-   c202.1a7c.  ARPA   FastEthernet0/0.23
Internet  192.168.23.30   Incomplete  ARPA

R3#sh ip arp
Protocol  Address  Age (min)  Hardware Addr   Type   Interface
Internet  192.168.23.20   c202.1a7c.  ARPA   FastEthernet0/0.23
Internet  192.168.23.3-   c203.247c.  ARPA   FastEthernet0/0.23

Could that be MTU related?

From: soltan...@gmail.com
To: eng_m...@hotmail.com; cisco-nsp@puck.nether.net
Subject: RE: [c-nsp] Cisco Juniper Xconnect
Date: Sun, 24 Apr 2016 16:05:50 +0430

I did this for about 1200 Nodes and had no issue But on an actual box(M20). 
Anyway this may be related to GNS3 and emulation. Also we don’t use following 
line:

 set protocols l2circuit neighbor 1.1.1.1 interface em1.23 encapsulation-type 
ethernet-vlan
set protocols l2circuit neighbor 1.1.1.1 interface em1.23 
ignore-encapsulation-mismatch
set protocols l2circuit neighbor 1.1.1.1 interface em1.23 ignore-mtu-mismatch

The first three line is enough. 
This also can be related to VLAN rewrite section. Do you have traffic in one 
direction? I mean for example do you have ARP entry from Source IP address on 
destination device?
Getting a PCAP file is also useful.

From: Mohammad Khalil [mailto:eng_m...@hotmail.com] 
Sent: Sunday, April 24, 2016 3:59 PM
To: Alireza Soltanian <soltan...@gmail.com>; cisco-nsp@puck.nether.net
Subject: RE: [c-nsp] Cisco Juniper Xconnect

set protocols l2circuit neighbor 1.1.1.1 interface em1.23 virtual-circuit-id 23
set protocols l2circuit neighbor 1.1.1.1 interface em1.23 no-control-word
set protocols l2circuit neighbor 1.1.1.1 interface em1.23 mtu 1500
set protocols l2circuit neighbor 1.1.1.1 interface em1.23 encapsulation-type 
ethernet-vlan
set protocols l2circuit neighbor 1.1.1.1 interface em1.23 
ignore-encapsulation-mismatch
set protocols l2circuit neighbor 1.1.1.1 interface em1.23 ignore-mtu-mismatch

I have added the no-control-word on Juniper and changed the xconnect on Cisco 
(i was already doing that , but I made the pseduwire to manipulate the 
parameters)

Still no luck 
> From: soltan...@gmail.com
> To: eng_m...@hotmail.com; cisco-nsp@puck.nether.net
> Subject: RE: [c-nsp] Cisco Juniper Xconnect
> Date: Sun, 24 Apr 2016 15:41:17 +0430
> 
> Hi
> I cannot read JunOS configuration part properly, But it seems you did not
> disable Control-word on Juniper side. Did you check this?
> 
> 
> 
> -Original Message-
> From: cisco-nsp [mailto:cisco-nsp-boun...@puck.nether.net] On Behalf Of
> Mohammad Khalil
> Sent: Sunday, April 24, 2016 3:22 PM
> To: cisco-nsp@puck.nether.net
> Subject: [c-nsp] Cisco Juniper Xconnect
&

Re: [c-nsp] Cisco Juniper Xconnect

2016-04-24 Thread Mohammad Khalil

U mean this line : set interfaces em1 unit 23 family ccc ?
I have removed it 
The VLAN-ID already match on both ends which is 23 the same as the VCID , I 
have changed to 520 

I will try to use CSR1000v and check what will happen
Can you please post the template you are following?

Thanks a lot

Date: Sun, 24 Apr 2016 16:26:52 +0430
Subject: Re: [c-nsp] Cisco Juniper Xconnect
From: soltan...@gmail.com
To: eng_m...@hotmail.com
CC: cisco-nsp@puck.nether.net

HiI am not sure but the last line is not required. Also please try same VLAN-ID 
on both side. Also choose VLAN-ID higher than 512. If this does not work then 
Olive does not support L2VPN. At least with GNS3.If you can please do the test 
with CSR1000v and JunOS olive and over VMWare instead of VirtualBOX
RegardsAlireza

On Sunday, April 24, 2016, Mohammad Khalil <eng_m...@hotmail.com> wrote:

root# show interfaces em0 | display set
set interfaces em0 mtu 1514
set interfaces em0 unit 0 family inet address 192.168.101.10/24
set interfaces em0 unit 0 family mpls

[edit]
root# show interfaces em1 | display set
set interfaces em1 vlan-tagging
set interfaces em1 unit 23 encapsulation vlan-ccc
set interfaces em1 unit 23 vlan-id 23
set interfaces em1 unit 23 family ccc

No not at all. If there is an MTU issue then your L2VPN will be down. Would you 
please resend interface configuration on JunOs?

On Sunday, April 24, 2016, Mohammad Khalil <eng_m...@hotmail.com> wrote:

Thanks dear
I have removed the below lines

R2 (CE connected to Cisco)
R2#sh ip arp
Protocol  Address  Age (min)  Hardware Addr   Type   Interface
Internet  192.168.23.2-   c202.1a7c.  ARPA   FastEthernet0/0.23
Internet  192.168.23.30   Incomplete  ARPA

R3#sh ip arp
Protocol  Address  Age (min)  Hardware Addr   Type   Interface
Internet  192.168.23.20   c202.1a7c.  ARPA   FastEthernet0/0.23
Internet  192.168.23.3-   c203.247c.  ARPA   FastEthernet0/0.23

Could that be MTU related?

From: soltan...@gmail.com
To: eng_m...@hotmail.com; cisco-nsp@puck.nether.net
Subject: RE: [c-nsp] Cisco Juniper Xconnect
Date: Sun, 24 Apr 2016 16:05:50 +0430

I did this for about 1200 Nodes and had no issue But on an actual box(M20). 
Anyway this may be related to GNS3 and emulation. Also we don’t use following 
line:

 set protocols l2circuit neighbor 1.1.1.1 interface em1.23 encapsulation-type 
ethernet-vlan
set protocols l2circuit neighbor 1.1.1.1 interface em1.23 
ignore-encapsulation-mismatch
set protocols l2circuit neighbor 1.1.1.1 interface em1.23 ignore-mtu-mismatch

The first three line is enough. 
This also can be related to VLAN rewrite section. Do you have traffic in one 
direction? I mean for example do you have ARP entry from Source IP address on 
destination device?
Getting a PCAP file is also useful.

From: Mohammad Khalil [mailto:eng_m...@hotmail.com] 
Sent: Sunday, April 24, 2016 3:59 PM
To: Alireza Soltanian <soltan...@gmail.com>; cisco-nsp@puck.nether.net
Subject: RE: [c-nsp] Cisco Juniper Xconnect

set protocols l2circuit neighbor 1.1.1.1 interface em1.23 virtual-circuit-id 23
set protocols l2circuit neighbor 1.1.1.1 interface em1.23 no-control-word
set protocols l2circuit neighbor 1.1.1.1 interface em1.23 mtu 1500
set protocols l2circuit neighbor 1.1.1.1 interface em1.23 encapsulation-type 
ethernet-vlan
set protocols l2circuit neighbor 1.1.1.1 interface em1.23 
ignore-encapsulation-mismatch
set protocols l2circuit neighbor 1.1.1.1 interface em1.23 ignore-mtu-mismatch

I have added the no-control-word on Juniper and changed the xconnect on Cisco 
(i was already doing that , but I made the pseduwire to manipulate the 
parameters)

Still no luck 
> From: soltan...@gmail.com
> To: eng_m...@hotmail.com; cisco-nsp@puck.nether.net
> Subject: RE: [c-nsp] Cisco Juniper Xconnect
> Date: Sun, 24 Apr 2016 15:41:17 +0430
> 
> Hi
> I cannot read JunOS configuration part properly, But it seems you did not
> disable Control-word on Juniper side. Did you check this?
> 
> 
> 
> -Original Message-
> From: cisco-nsp [mailto:cisco-nsp-boun...@puck.nether.net] On Behalf Of
> Mohammad Khalil
> Sent: Sunday, April 24, 2016 3:22 PM
> To: cisco-nsp@puck.nether.net
> Subject: [c-nsp] Cisco Juniper Xconnect
> 
> Hi all
> Am trying to simulate xconnect between Cisco and Juniper using GNS3 will it
> work in the first manner on GNS3? if so , please check my conf below
> 
> R2 - R1 - J1 - R3
> 
> R2
> interface FastEthernet0/0
> no ip address
> speed 100
> full-duplex
> 
> interface FastEthernet0/0.23
> encapsulation dot1Q 23
> ip address 192.168.23.2 255.255.255.0
> 
> R3
> interface FastEthernet0/0
> no ip address
> speed 100
> full-duplex
> 
> interface FastEthernet0/0.23
> encapsulation dot1Q 23
> ip address 192.168.23.3 255.255.255.0
> 
> R1
> router

Re: [c-nsp] Cisco Juniper Xconnect

2016-04-24 Thread Mohammad Khalil

root# show interfaces em0 | display set
set interfaces em0 mtu 1514
set interfaces em0 unit 0 family inet address 192.168.101.10/24
set interfaces em0 unit 0 family mpls

[edit]
root# show interfaces em1 | display set
set interfaces em1 vlan-tagging
set interfaces em1 unit 23 encapsulation vlan-ccc
set interfaces em1 unit 23 vlan-id 23
set interfaces em1 unit 23 family ccc


Date: Sun, 24 Apr 2016 16:20:49 +0430
Subject: Re: [c-nsp] Cisco Juniper Xconnect
From: soltan...@gmail.com
To: eng_m...@hotmail.com
CC: cisco-nsp@puck.nether.net

No not at all. If there is an MTU issue then your L2VPN will be down. Would you 
please resend interface configuration on JunOs?

On Sunday, April 24, 2016, Mohammad Khalil <eng_m...@hotmail.com> wrote:



Thanks dear
I have removed the below lines

R2 (CE connected to Cisco)
R2#sh ip arp
Protocol  Address  Age (min)  Hardware Addr   Type   Interface
Internet  192.168.23.2-   c202.1a7c.  ARPA   FastEthernet0/0.23
Internet  192.168.23.30   Incomplete  ARPA

R3#sh ip arp
Protocol  Address  Age (min)  Hardware Addr   Type   Interface
Internet  192.168.23.20   c202.1a7c.  ARPA   FastEthernet0/0.23
Internet  192.168.23.3-   c203.247c.  ARPA   FastEthernet0/0.23

Could that be MTU related?

From: soltan...@gmail.com
To: eng_m...@hotmail.com; cisco-nsp@puck.nether.net
Subject: RE: [c-nsp] Cisco Juniper Xconnect
Date: Sun, 24 Apr 2016 16:05:50 +0430

I did this for about 1200 Nodes and had no issue But on an actual box(M20). 
Anyway this may be related to GNS3 and emulation. Also we don’t use following 
line:
 
 set protocols l2circuit neighbor 1.1.1.1 interface em1.23 encapsulation-type 
ethernet-vlan
set protocols l2circuit neighbor 1.1.1.1 interface em1.23 
ignore-encapsulation-mismatch
set protocols l2circuit neighbor 1.1.1.1 interface em1.23 ignore-mtu-mismatch


The first three line is enough. 
This also can be related to VLAN rewrite section. Do you have traffic in one 
direction? I mean for example do you have ARP entry from Source IP address on 
destination device?
Getting a PCAP file is also useful.
 
 
 
From: Mohammad Khalil [mailto:eng_m...@hotmail.com] 
Sent: Sunday, April 24, 2016 3:59 PM
To: Alireza Soltanian <soltan...@gmail.com>; cisco-nsp@puck.nether.net
Subject: RE: [c-nsp] Cisco Juniper Xconnect
 
set protocols l2circuit neighbor 1.1.1.1 interface em1.23 virtual-circuit-id 23
set protocols l2circuit neighbor 1.1.1.1 interface em1.23 no-control-word
set protocols l2circuit neighbor 1.1.1.1 interface em1.23 mtu 1500
set protocols l2circuit neighbor 1.1.1.1 interface em1.23 encapsulation-type 
ethernet-vlan
set protocols l2circuit neighbor 1.1.1.1 interface em1.23 
ignore-encapsulation-mismatch
set protocols l2circuit neighbor 1.1.1.1 interface em1.23 ignore-mtu-mismatch

I have added the no-control-word on Juniper and changed the xconnect on Cisco 
(i was already doing that , but I made the pseduwire to manipulate the 
parameters)

Still no luck 
> From: soltan...@gmail.com
> To: eng_m...@hotmail.com; cisco-nsp@puck.nether.net
> Subject: RE: [c-nsp] Cisco Juniper Xconnect
> Date: Sun, 24 Apr 2016 15:41:17 +0430
> 
> Hi
> I cannot read JunOS configuration part properly, But it seems you did not
> disable Control-word on Juniper side. Did you check this?
> 
> 
> 
> -Original Message-
> From: cisco-nsp [mailto:cisco-nsp-boun...@puck.nether.net] On Behalf Of
> Mohammad Khalil
> Sent: Sunday, April 24, 2016 3:22 PM
> To: cisco-nsp@puck.nether.net
> Subject: [c-nsp] Cisco Juniper Xconnect
> 
> Hi all
> Am trying to simulate xconnect between Cisco and Juniper using GNS3 will it
> work in the first manner on GNS3? if so , please check my conf below
> 
> R2 - R1 - J1 - R3
> 
> R2
> interface FastEthernet0/0
> no ip address
> speed 100
> full-duplex
> 
> interface FastEthernet0/0.23
> encapsulation dot1Q 23
> ip address 192.168.23.2 255.255.255.0
> 
> R3
> interface FastEthernet0/0
> no ip address
> speed 100
> full-duplex
> 
> interface FastEthernet0/0.23
> encapsulation dot1Q 23
> ip address 192.168.23.3 255.255.255.0
> 
> R1
> router ospf 1
> router-id 1.1.1.1
> network 1.1.1.1 0.0.0.0 area 0
> network 192.168.101.1 0.0.0.0 area 0
> 
> interface FastEthernet1/0
> ip address 192.168.101.1 255.255.255.0
> speed 100
> duplex full
> mpls ip
> mpls mtu 1514
> 
> interface FastEthernet1/1
> no ip address
> speed 100
> duplex full
> 
> interface FastEthernet1/1.23
> encapsulation dot1Q 23
> xconnect 10.10.10.10 23 encapsulation mpls pw-class MSSK
> 
> pseudowire-class MSSK
> encapsulation mpls
> interworking vlan
> no control-word
> 
> J1
> set version 12.1R1.9
> set system root-authentication encrypted-password cisco123 set system syslog
> user * any em

Re: [c-nsp] ASR9K VSM

2016-04-24 Thread Mohammad Khalil

Hi
I have increased the portlimit to 6144 , but still the drops in place
The drops are not the same as before , but increasing

BR,

From: eng_m...@hotmail.com
To: pshe...@gmail.com; cisco-nsp@puck.nether.net
Subject: RE: [c-nsp] ASR9K VSM
Date: Wed, 13 Apr 2016 14:24:28 +0300




Hi
The last suggestion I got from Cisco TAC is to increase the portlimit value and 
do a comparison to check the behavior

BR,
Mohammad

From: pshe...@gmail.com
Date: Mon, 28 Mar 2016 09:32:25 +
Subject: Re: [c-nsp] ASR9K VSM
To: eng_m...@hotmail.com; cisco-nsp@puck.nether.net

Looking at the number of subscribers you have there (~300k) and the fact that 
you have 2 x /21 allocated for public space - that means about 70 subscribers 
per public IP address. This feels a little bit on the high side, even for 
mobile traffic. Since all sessions belonging to a given private IP address must 
be mapped to a the same public IP address it's likely that you're running out 
of ports on public IP addresses (as there are only ~65k ports x 2 (UDP+TCP)). 
I'd suggest increasing the public pool sizes and checking the stats again. 
kind regardsPshem

On Mon, 28 Mar 2016 at 22:11 Mohammad Khalil <eng_m...@hotmail.com> wrote:

RP/0/RSP0/CPU0:NAT1#show cgn nat44 nat1 statistics 

Statistics summary of NAT44 instance: 'nat1'
Number of active translations: 3993473
Number of sessions: 100482
Translations create rate: 18464
Translations delete rate: 16367
Inside to outside forward rate: 523403
Outside to inside forward rate: 755919
Inside to outside drops port limit exceeded: 481732
Inside to outside drops system limit reached: 0
Inside to outside drops resource depletion: 0
No translation entry drops: 28976704
PPTP active tunnels: 2
PPTP active channels: 2
PPTP ctrl message drops: 2
Number of subscribers: 309101
Drops due to session db limit exceeded: 0
Drops due to source ip not configured: 0

Pool address totally free: 0
Pool address used: 4096
Pool address usage:

From: pshe...@gmail.com
Date: Mon, 28 Mar 2016 09:06:19 +
Subject: Re: [c-nsp] ASR9K VSM
To: eng_m...@hotmail.com; cisco-nsp@puck.nether.net

How many active subscribers (inside IPs) do you have per one outside IP?
For example in one of the installations I worked on we used 16 active 
subscribers per outside IP (4096 ports per subscriber).
kind regardsPshem

On Mon, 28 Mar 2016 at 22:03 Mohammad Khalil <eng_m...@hotmail.com> wrote:




Hi
Can you clarify me more in order to be precise 
From: pshe...@gmail.com
Date: Mon, 28 Mar 2016 09:00:30 +
Subject: Re: [c-nsp] ASR9K VSM
To: eng_m...@hotmail.com; cisco-nsp@puck.nether.net

Hi,
What's your inside IP/outside IP ratio? 
kind regardsPshem

On Mon, 28 Mar 2016 at 21:44 Mohammad Khalil <eng_m...@hotmail.com> wrote:



Hi Pshem
Thanks for the reply , please check my configuration below

vrf OUTSIDE
 address-family ipv4 unicast

vrf INSIDE-1
 address-family ipv4 unicast

vrf INSIDE-2
 address-family ipv4 unicast

hw-module service cgn location 0/1/CPU0

interface TenGigE0/0/1/1
 mtu 9216
 load-interval 30

interface TenGigE0/0/1/1.900
 description ## VLAN 900 SUBINTERFACE ##
 vrf INSIDE-1
 ipv4 address 172.20.60.130 255.255.255.248
 load-interval 30
 encapsulation dot1q 900

interface TenGigE0/0/1/1.902
 description ## VLAN 902 SUBINTERFACE ##
 vrf INSIDE-2
 ipv4 address 172.20.60.146 255.255.255.248
 load-interval 30
 encapsulation dot1q 902

interface TenGigE0/0/1/2
 mtu 9216
 load-interval 30

interface TenGigE0/0/1/2.901
 description ## VLAN 901 SUBINTERFACE ##
 vrf INSIDE-1
 ipv4 address 172.20.60.138 255.255.255.248
 load-interval 30
 encapsulation dot1q 901

interface TenGigE0/0/1/2.903
 description ## VLAN 903 SUBINTERFACE ##
 vrf INSIDE-2
 ipv4 address 172.20.60.154 255.255.255.248
 load-interval 30
 encapsulation dot1q 903

interface ServiceApp1
 vrf INSIDE-1
 ipv4 address 1.1.1.1 255.255.255.252
 load-interval 30
 service cgn cgn1 service-type nat44

interface ServiceApp2
 ipv4 address 2.2.2.2 255.255.255.252
 load-interval 30
 service cgn cgn1 service-type nat44

interface ServiceApp3
 vrf INSIDE-2
 ipv4 address 30.30.30.30 255.255.255.252
 load-interval 30
 service cgn cgn1 service-type nat44

interface ServiceApp4
 ipv4 address 4.4.4.2 255.255.255.252
 load-interval 30
 service cgn cgn1 service-type nat44

interface ServiceInfra1
 ipv4 address 10.99.99.2 255.255.255.0
 service-location 0/1/CPU0

router static
 address-family ipv4 unicast
  x.x.x.x/21 ServiceApp2
  y.y.y.y/21 ServiceApp4

 vrf INSIDE-1
  address-family ipv4 unicast
   0.0.0.0/0 172.20.60.131 50
   0.0.0.0/0 ServiceApp1
   10.4.160.0/28 172.20.60.132
   10.5.0.0/17 172.20.60.132
   10.5.128.0/17 172.20.60.132
   10.13.0.0/17 172.20.60.132
   10.13.128.0/17 172.20.60.132
   10.14.0.0/17 172.20.60.132
   10.14.128.0/17 172.20.60.132
   10.16.0.0/17 172.20.60.132
   10.16.128.0/17 172.20.60.132
   10.21.0.0/17 172.20.60.132
   10.21.128.0/17 172.20.60.132
   10.23.0.0/17 172.20.60.132
   10.23.128.0/17 172.20.60.132
   10.25.0.

Re: [c-nsp] Cisco Juniper Xconnect

2016-04-24 Thread Mohammad Khalil

Thanks dear
I have removed the below lines

R2 (CE connected to Cisco)
R2#sh ip arp
Protocol  Address  Age (min)  Hardware Addr   Type   Interface
Internet  192.168.23.2-   c202.1a7c.  ARPA   FastEthernet0/0.23
Internet  192.168.23.30   Incomplete  ARPA

R3#sh ip arp
Protocol  Address  Age (min)  Hardware Addr   Type   Interface
Internet  192.168.23.20   c202.1a7c.  ARPA   FastEthernet0/0.23
Internet  192.168.23.3-   c203.247c.  ARPA   FastEthernet0/0.23

Could that be MTU related?

From: soltan...@gmail.com
To: eng_m...@hotmail.com; cisco-nsp@puck.nether.net
Subject: RE: [c-nsp] Cisco Juniper Xconnect
Date: Sun, 24 Apr 2016 16:05:50 +0430

I did this for about 1200 Nodes and had no issue But on an actual box(M20). 
Anyway this may be related to GNS3 and emulation. Also we don’t use following 
line:  set protocols l2circuit neighbor 1.1.1.1 interface em1.23 
encapsulation-type ethernet-vlan
set protocols l2circuit neighbor 1.1.1.1 interface em1.23 
ignore-encapsulation-mismatch
set protocols l2circuit neighbor 1.1.1.1 interface em1.23 ignore-mtu-mismatch

The first three line is enough. This also can be related to VLAN rewrite 
section. Do you have traffic in one direction? I mean for example do you have 
ARP entry from Source IP address on destination device?Getting a PCAP file is 
also useful.   From: Mohammad Khalil [mailto:eng_m...@hotmail.com] 
Sent: Sunday, April 24, 2016 3:59 PM
To: Alireza Soltanian <soltan...@gmail.com>; cisco-nsp@puck.nether.net
Subject: RE: [c-nsp] Cisco Juniper Xconnect set protocols l2circuit neighbor 
1.1.1.1 interface em1.23 virtual-circuit-id 23
set protocols l2circuit neighbor 1.1.1.1 interface em1.23 no-control-word
set protocols l2circuit neighbor 1.1.1.1 interface em1.23 mtu 1500
set protocols l2circuit neighbor 1.1.1.1 interface em1.23 encapsulation-type 
ethernet-vlan
set protocols l2circuit neighbor 1.1.1.1 interface em1.23 
ignore-encapsulation-mismatch
set protocols l2circuit neighbor 1.1.1.1 interface em1.23 ignore-mtu-mismatch

I have added the no-control-word on Juniper and changed the xconnect on Cisco 
(i was already doing that , but I made the pseduwire to manipulate the 
parameters)

Still no luck > From: soltan...@gmail.com
> To: eng_m...@hotmail.com; cisco-nsp@puck.nether.net
> Subject: RE: [c-nsp] Cisco Juniper Xconnect
> Date: Sun, 24 Apr 2016 15:41:17 +0430
> 
> Hi
> I cannot read JunOS configuration part properly, But it seems you did not
> disable Control-word on Juniper side. Did you check this?
> 
> 
> 
> -Original Message-
> From: cisco-nsp [mailto:cisco-nsp-boun...@puck.nether.net] On Behalf Of
> Mohammad Khalil
> Sent: Sunday, April 24, 2016 3:22 PM
> To: cisco-nsp@puck.nether.net
> Subject: [c-nsp] Cisco Juniper Xconnect
> 
> Hi all
> Am trying to simulate xconnect between Cisco and Juniper using GNS3 will it
> work in the first manner on GNS3? if so , please check my conf below
> 
> R2 - R1 - J1 - R3
> 
> R2
> interface FastEthernet0/0
> no ip address
> speed 100
> full-duplex
> 
> interface FastEthernet0/0.23
> encapsulation dot1Q 23
> ip address 192.168.23.2 255.255.255.0
> 
> R3
> interface FastEthernet0/0
> no ip address
> speed 100
> full-duplex
> 
> interface FastEthernet0/0.23
> encapsulation dot1Q 23
> ip address 192.168.23.3 255.255.255.0
> 
> R1
> router ospf 1
> router-id 1.1.1.1
> network 1.1.1.1 0.0.0.0 area 0
> network 192.168.101.1 0.0.0.0 area 0
> 
> interface FastEthernet1/0
> ip address 192.168.101.1 255.255.255.0
> speed 100
> duplex full
> mpls ip
> mpls mtu 1514
> 
> interface FastEthernet1/1
> no ip address
> speed 100
> duplex full
> 
> interface FastEthernet1/1.23
> encapsulation dot1Q 23
> xconnect 10.10.10.10 23 encapsulation mpls pw-class MSSK
> 
> pseudowire-class MSSK
> encapsulation mpls
> interworking vlan
> no control-word
> 
> J1
> set version 12.1R1.9
> set system root-authentication encrypted-password cisco123 set system syslog
> user * any emergency set system syslog file messages any notice set system
> syslog file messages authorization info set system syslog file
> interactive-commands interactive-commands any set interfaces em0 mtu 1514
> set interfaces em0 unit 0 family inet address 192.168.101.10/24 set
> interfaces em0 unit 0 family mpls mtu 1500 set interfaces em1 vlan-tagging
> set interfaces em1 unit 23 encapsulation vlan-ccc set interfaces em1 unit 23
> vlan-id 23 set interfaces em1 unit 23 family ccc set interfaces lo0 unit 0
> family inet address 10.10.10.10/32 set protocols mpls interface em0.0 set
> protocols mpls interface lo0.0 set protocols ospf area 0.0.0.0 interface
> em0.0 set protocols ospf area 0.0.0.0 interface lo0.0 set protocols ldp
>

Re: [c-nsp] Cisco Juniper Xconnect

2016-04-24 Thread Mohammad Khalil

set protocols l2circuit neighbor 1.1.1.1 interface em1.23 virtual-circuit-id 23
set protocols l2circuit neighbor 1.1.1.1 interface em1.23 no-control-word
set protocols l2circuit neighbor 1.1.1.1 interface em1.23 mtu 1500
set protocols l2circuit neighbor 1.1.1.1 interface em1.23 encapsulation-type 
ethernet-vlan
set protocols l2circuit neighbor 1.1.1.1 interface em1.23 
ignore-encapsulation-mismatch
set protocols l2circuit neighbor 1.1.1.1 interface em1.23 ignore-mtu-mismatch

I have added the no-control-word on Juniper and changed the xconnect on Cisco 
(i was already doing that , but I made the pseduwire to manipulate the 
parameters)

Still no luck 

> From: soltan...@gmail.com
> To: eng_m...@hotmail.com; cisco-nsp@puck.nether.net
> Subject: RE: [c-nsp] Cisco Juniper Xconnect
> Date: Sun, 24 Apr 2016 15:41:17 +0430
> 
> Hi
> I cannot read JunOS configuration part properly, But it seems you did not
> disable Control-word on Juniper side. Did you check this?
> 
> 
> 
> -Original Message-
> From: cisco-nsp [mailto:cisco-nsp-boun...@puck.nether.net] On Behalf Of
> Mohammad Khalil
> Sent: Sunday, April 24, 2016 3:22 PM
> To: cisco-nsp@puck.nether.net
> Subject: [c-nsp] Cisco Juniper Xconnect
> 
> Hi all
> Am trying to simulate xconnect between Cisco and Juniper using GNS3 will it
> work in the first manner on GNS3? if so , please check my conf below
> 
> R2 - R1 - J1 - R3
> 
> R2
> interface FastEthernet0/0
>  no ip address
>  speed 100
>  full-duplex
> 
> interface FastEthernet0/0.23
>  encapsulation dot1Q 23
>  ip address 192.168.23.2 255.255.255.0
> 
> R3
> interface FastEthernet0/0
>  no ip address
>  speed 100
>  full-duplex
> 
> interface FastEthernet0/0.23
>  encapsulation dot1Q 23
>  ip address 192.168.23.3 255.255.255.0
> 
> R1
> router ospf 1
>  router-id 1.1.1.1
>  network 1.1.1.1 0.0.0.0 area 0
>  network 192.168.101.1 0.0.0.0 area 0
> 
> interface FastEthernet1/0
>  ip address 192.168.101.1 255.255.255.0
>  speed 100
>  duplex full
>  mpls ip
>  mpls mtu 1514
> 
> interface FastEthernet1/1
>  no ip address
>  speed 100
>  duplex full
> 
> interface FastEthernet1/1.23
>  encapsulation dot1Q 23
>  xconnect 10.10.10.10 23 encapsulation mpls pw-class MSSK
> 
> pseudowire-class MSSK
>  encapsulation mpls
>  interworking vlan
>  no control-word
> 
> J1
> set version 12.1R1.9
> set system root-authentication encrypted-password cisco123 set system syslog
> user * any emergency set system syslog file messages any notice set system
> syslog file messages authorization info set system syslog file
> interactive-commands interactive-commands any set interfaces em0 mtu 1514
> set interfaces em0 unit 0 family inet address 192.168.101.10/24 set
> interfaces em0 unit 0 family mpls mtu 1500 set interfaces em1 vlan-tagging
> set interfaces em1 unit 23 encapsulation vlan-ccc set interfaces em1 unit 23
> vlan-id 23 set interfaces em1 unit 23 family ccc set interfaces lo0 unit 0
> family inet address 10.10.10.10/32 set protocols mpls interface em0.0 set
> protocols mpls interface lo0.0 set protocols ospf area 0.0.0.0 interface
> em0.0 set protocols ospf area 0.0.0.0 interface lo0.0 set protocols ldp
> interface em0.0 set protocols ldp interface lo0.0 set protocols l2circuit
> neighbor 1.1.1.1 interface em1.23 virtual-circuit-id 23 set protocols
> l2circuit neighbor 1.1.1.1 interface em1.23 mtu 1500 set protocols l2circuit
> neighbor 1.1.1.1 interface em1.23 encapsulation-type ethernet-vlan set
> protocols l2circuit neighbor 1.1.1.1 interface em1.23
> ignore-encapsulation-mismatch set protocols l2circuit neighbor 1.1.1.1
> interface em1.23 ignore-mtu-mismatch
> 
> R1#sh xconnect all
> Legend:XC ST=Xconnect State  S1=Segment1 State  S2=Segment2 State
>   UP=Up   DN=DownAD=Admin Down  IA=Inactive
>   SB=Standby  HS=Hot Standby RV=Recovering  NH=No Hardware
> 
> XC ST  Segment 1 S1 Segment 2
> S2
> --+-+--+
> -+--
> UP pri   ac Fa1/1.23:23(Eth VLAN)UP mpls 10.10.10.10:23
> UP
> 
> R1#sh mpls l2transport vc 23 detail
> Local interface: Fa1/1.23 up, line protocol up, Eth VLAN 23 up
>   Destination address: 10.10.10.10, VC ID: 23, VC status: up
> Output interface: Fa1/0, imposed label stack {299776}
> Preferred path: not configured
> Default path: active
> Next hop: 192.168.101.10
>   Create time: 00:09:08, last status change time: 00:09:08
> Last label FSM state change time: 00:09:08
>   Signaling protocol: LDP, peer 10.10.10.10:0 up
> Targeted Hello: 1.1.1.1(LDP Id) -> 10.10.10.10, LDP is UP
> Status TLV sup

[c-nsp] Cisco Juniper Xconnect

2016-04-24 Thread Mohammad Khalil

Hi all 
Am trying to simulate xconnect between Cisco and Juniper using GNS3
will it work in the first manner on GNS3? if so , please check my conf below

R2 - R1 - J1 - R3

R2
interface FastEthernet0/0
 no ip address
 speed 100
 full-duplex

interface FastEthernet0/0.23
 encapsulation dot1Q 23
 ip address 192.168.23.2 255.255.255.0

R3
interface FastEthernet0/0
 no ip address
 speed 100
 full-duplex

interface FastEthernet0/0.23
 encapsulation dot1Q 23
 ip address 192.168.23.3 255.255.255.0

R1
router ospf 1
 router-id 1.1.1.1
 network 1.1.1.1 0.0.0.0 area 0
 network 192.168.101.1 0.0.0.0 area 0

interface FastEthernet1/0
 ip address 192.168.101.1 255.255.255.0
 speed 100
 duplex full
 mpls ip
 mpls mtu 1514

interface FastEthernet1/1
 no ip address
 speed 100
 duplex full

interface FastEthernet1/1.23
 encapsulation dot1Q 23
 xconnect 10.10.10.10 23 encapsulation mpls pw-class MSSK

pseudowire-class MSSK
 encapsulation mpls
 interworking vlan
 no control-word

J1
set version 12.1R1.9
set system root-authentication encrypted-password cisco123
set system syslog user * any emergency
set system syslog file messages any notice
set system syslog file messages authorization info
set system syslog file interactive-commands interactive-commands any
set interfaces em0 mtu 1514
set interfaces em0 unit 0 family inet address 192.168.101.10/24
set interfaces em0 unit 0 family mpls mtu 1500
set interfaces em1 vlan-tagging
set interfaces em1 unit 23 encapsulation vlan-ccc
set interfaces em1 unit 23 vlan-id 23
set interfaces em1 unit 23 family ccc
set interfaces lo0 unit 0 family inet address 10.10.10.10/32
set protocols mpls interface em0.0
set protocols mpls interface lo0.0
set protocols ospf area 0.0.0.0 interface em0.0
set protocols ospf area 0.0.0.0 interface lo0.0
set protocols ldp interface em0.0
set protocols ldp interface lo0.0
set protocols l2circuit neighbor 1.1.1.1 interface em1.23 virtual-circuit-id 23
set protocols l2circuit neighbor 1.1.1.1 interface em1.23 mtu 1500
set protocols l2circuit neighbor 1.1.1.1 interface em1.23 encapsulation-type 
ethernet-vlan
set protocols l2circuit neighbor 1.1.1.1 interface em1.23 
ignore-encapsulation-mismatch
set protocols l2circuit neighbor 1.1.1.1 interface em1.23 ignore-mtu-mismatch

R1#sh xconnect all
Legend:XC ST=Xconnect State  S1=Segment1 State  S2=Segment2 State
  UP=Up   DN=DownAD=Admin Down  IA=Inactive
  SB=Standby  HS=Hot Standby RV=Recovering  NH=No Hardware

XC ST  Segment 1 S1 Segment 2 S2
--+-+--+-+--
UP pri   ac Fa1/1.23:23(Eth VLAN)UP mpls 10.10.10.10:23   UP

R1#sh mpls l2transport vc 23 detail
Local interface: Fa1/1.23 up, line protocol up, Eth VLAN 23 up
  Destination address: 10.10.10.10, VC ID: 23, VC status: up
Output interface: Fa1/0, imposed label stack {299776}
Preferred path: not configured
Default path: active
Next hop: 192.168.101.10
  Create time: 00:09:08, last status change time: 00:09:08
Last label FSM state change time: 00:09:08
  Signaling protocol: LDP, peer 10.10.10.10:0 up
Targeted Hello: 1.1.1.1(LDP Id) -> 10.10.10.10, LDP is UP
Status TLV support (local/remote)   : enabled/not supported
  LDP route watch   : enabled
  Label/status state machine: established, LruRru
  Last local dataplane   status rcvd: No fault
  Last BFD dataplane status rcvd: Not sent
  Last BFD peer monitor  status rcvd: No fault
  Last local AC  circuit status rcvd: No fault
  Last local AC  circuit status sent: No fault
  Last local PW i/f circ status rcvd: No fault
  Last local LDP TLV status sent: No fault
  Last remote LDP TLVstatus rcvd: Not sent
  Last remote LDP ADJstatus rcvd: No fault
MPLS VC labels: local 19, remote 299776
Group ID: local 0, remote 0
MTU: local 1500, remote 1500
Remote interface description:
Remote VLAN id: 23
  Sequencing: receive disabled, send disabled
  Control Word: Off
  Dataplane:
SSM segment/switch IDs: 4112/4109 (used), PWID: 1
  VC statistics:
transit packet totals: receive 0, send 5
transit byte totals:   receive 0, send 410
transit packet drops:  receive 0, seq error 0, send 0

R2#ping 192.168.23.3

Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 192.168.23.3, timeout is 2 seconds:
.
Success rate is 0 percent (0/5)

Thanks

BR,
Mohammad


  
___
cisco-nsp mailing list  cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/

Re: [c-nsp] csr1000v - GNS3 - i only see aux port console

2016-04-21 Thread Mohammad Khalil

Hi Aaron
My advice is to use VMware workstation instead of virtualbox for this image

BR,

> From: aar...@gvtc.com
> To: cisco-nsp@puck.nether.net
> Date: Wed, 20 Apr 2016 19:44:31 -0500
> Subject: [c-nsp] csr1000v - GNS3 - i only see aux port console
> 
> I seem to almost have csr1000v working in GNS3. but I only have aux port on
> console. any idea how to get the serial port console working ?
> 
>  
> 
> I'm using..
> 
> Windows 7
> 
> virtual box
> 
> gns3
> 
> csr1000v-universalk9.03.17.01.S.156-1.S1-std.iso
> 
>  
> 
> 
> ---
> 
>  
> 
> csr-01 console is now available... Press RETURN to get started.
> 
>  
> 
> Router aux port is now available
> 
>  
> 
> Press RETURN to get started.
> 
>  
> 
> RP_0(diag)>
> 
>   disable   Turn off privileged commands
> 
>   enableTurn on privileged commands
> 
>   exit  Exit
> 
>   help  Description of the interactive help system
> 
>   terminal  Set terminal line parameters
> 
>  
> 
>  
> 
> - Aaron
> 
> ___
> cisco-nsp mailing list  cisco-nsp@puck.nether.net
> https://puck.nether.net/mailman/listinfo/cisco-nsp
> archive at http://puck.nether.net/pipermail/cisco-nsp/
  
___
cisco-nsp mailing list  cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/

Re: [c-nsp] ASR9K VSM

2016-04-13 Thread Mohammad Khalil

Hi
The last suggestion I got from Cisco TAC is to increase the portlimit value and 
do a comparison to check the behavior

BR,
Mohammad

From: pshe...@gmail.com
Date: Mon, 28 Mar 2016 09:32:25 +
Subject: Re: [c-nsp] ASR9K VSM
To: eng_m...@hotmail.com; cisco-nsp@puck.nether.net

Looking at the number of subscribers you have there (~300k) and the fact that 
you have 2 x /21 allocated for public space - that means about 70 subscribers 
per public IP address. This feels a little bit on the high side, even for 
mobile traffic. Since all sessions belonging to a given private IP address must 
be mapped to a the same public IP address it's likely that you're running out 
of ports on public IP addresses (as there are only ~65k ports x 2 (UDP+TCP)). 
I'd suggest increasing the public pool sizes and checking the stats again. 
kind regardsPshem

On Mon, 28 Mar 2016 at 22:11 Mohammad Khalil <eng_m...@hotmail.com> wrote:

RP/0/RSP0/CPU0:NAT1#show cgn nat44 nat1 statistics 

Statistics summary of NAT44 instance: 'nat1'
Number of active translations: 3993473
Number of sessions: 100482
Translations create rate: 18464
Translations delete rate: 16367
Inside to outside forward rate: 523403
Outside to inside forward rate: 755919
Inside to outside drops port limit exceeded: 481732
Inside to outside drops system limit reached: 0
Inside to outside drops resource depletion: 0
No translation entry drops: 28976704
PPTP active tunnels: 2
PPTP active channels: 2
PPTP ctrl message drops: 2
Number of subscribers: 309101
Drops due to session db limit exceeded: 0
Drops due to source ip not configured: 0

Pool address totally free: 0
Pool address used: 4096
Pool address usage:

From: pshe...@gmail.com
Date: Mon, 28 Mar 2016 09:06:19 +
Subject: Re: [c-nsp] ASR9K VSM
To: eng_m...@hotmail.com; cisco-nsp@puck.nether.net

How many active subscribers (inside IPs) do you have per one outside IP?
For example in one of the installations I worked on we used 16 active 
subscribers per outside IP (4096 ports per subscriber).
kind regardsPshem

On Mon, 28 Mar 2016 at 22:03 Mohammad Khalil <eng_m...@hotmail.com> wrote:




Hi
Can you clarify me more in order to be precise 
From: pshe...@gmail.com
Date: Mon, 28 Mar 2016 09:00:30 +
Subject: Re: [c-nsp] ASR9K VSM
To: eng_m...@hotmail.com; cisco-nsp@puck.nether.net

Hi,
What's your inside IP/outside IP ratio? 
kind regardsPshem

On Mon, 28 Mar 2016 at 21:44 Mohammad Khalil <eng_m...@hotmail.com> wrote:



Hi Pshem
Thanks for the reply , please check my configuration below

vrf OUTSIDE
 address-family ipv4 unicast

vrf INSIDE-1
 address-family ipv4 unicast

vrf INSIDE-2
 address-family ipv4 unicast

hw-module service cgn location 0/1/CPU0

interface TenGigE0/0/1/1
 mtu 9216
 load-interval 30

interface TenGigE0/0/1/1.900
 description ## VLAN 900 SUBINTERFACE ##
 vrf INSIDE-1
 ipv4 address 172.20.60.130 255.255.255.248
 load-interval 30
 encapsulation dot1q 900

interface TenGigE0/0/1/1.902
 description ## VLAN 902 SUBINTERFACE ##
 vrf INSIDE-2
 ipv4 address 172.20.60.146 255.255.255.248
 load-interval 30
 encapsulation dot1q 902

interface TenGigE0/0/1/2
 mtu 9216
 load-interval 30

interface TenGigE0/0/1/2.901
 description ## VLAN 901 SUBINTERFACE ##
 vrf INSIDE-1
 ipv4 address 172.20.60.138 255.255.255.248
 load-interval 30
 encapsulation dot1q 901

interface TenGigE0/0/1/2.903
 description ## VLAN 903 SUBINTERFACE ##
 vrf INSIDE-2
 ipv4 address 172.20.60.154 255.255.255.248
 load-interval 30
 encapsulation dot1q 903

interface ServiceApp1
 vrf INSIDE-1
 ipv4 address 1.1.1.1 255.255.255.252
 load-interval 30
 service cgn cgn1 service-type nat44

interface ServiceApp2
 ipv4 address 2.2.2.2 255.255.255.252
 load-interval 30
 service cgn cgn1 service-type nat44

interface ServiceApp3
 vrf INSIDE-2
 ipv4 address 30.30.30.30 255.255.255.252
 load-interval 30
 service cgn cgn1 service-type nat44

interface ServiceApp4
 ipv4 address 4.4.4.2 255.255.255.252
 load-interval 30
 service cgn cgn1 service-type nat44

interface ServiceInfra1
 ipv4 address 10.99.99.2 255.255.255.0
 service-location 0/1/CPU0

router static
 address-family ipv4 unicast
  x.x.x.x/21 ServiceApp2
  y.y.y.y/21 ServiceApp4

 vrf INSIDE-1
  address-family ipv4 unicast
   0.0.0.0/0 172.20.60.131 50
   0.0.0.0/0 ServiceApp1
   10.4.160.0/28 172.20.60.132
   10.5.0.0/17 172.20.60.132
   10.5.128.0/17 172.20.60.132
   10.13.0.0/17 172.20.60.132
   10.13.128.0/17 172.20.60.132
   10.14.0.0/17 172.20.60.132
   10.14.128.0/17 172.20.60.132
   10.16.0.0/17 172.20.60.132
   10.16.128.0/17 172.20.60.132
   10.21.0.0/17 172.20.60.132
   10.21.128.0/17 172.20.60.132
   10.23.0.0/17 172.20.60.132
   10.23.128.0/17 172.20.60.132
   10.25.0.0/17 172.20.60.132
   10.25.128.0/17 172.20.60.132
   10.55.0.0/27 172.20.60.132
   10.128.0.0/16 172.20.60.132
   10.129.0.0/16 172.20.60.132
   10.130.0.0/16 172.20.60.132
   10.131.0.0/16 172.20.60.132
   10.132.0.0/16 172.20.60.132
   10.133.0.0/16 172.20.60.132
   10.134.0.0/16 172.20.60

Re: [c-nsp] ASR9K VSM

2016-03-29 Thread Mohammad Khalil

Dear Pshem
I think I got confused :)
I have around 4M or 4000K active sessions not 300K if I got you right
And then 400/4096=976
Am I right ?

BR,

From: pshe...@gmail.com
Date: Mon, 28 Mar 2016 09:32:25 +
Subject: Re: [c-nsp] ASR9K VSM
To: eng_m...@hotmail.com; cisco-nsp@puck.nether.net

Looking at the number of subscribers you have there (~300k) and the fact that 
you have 2 x /21 allocated for public space - that means about 70 subscribers 
per public IP address. This feels a little bit on the high side, even for 
mobile traffic. Since all sessions belonging to a given private IP address must 
be mapped to a the same public IP address it's likely that you're running out 
of ports on public IP addresses (as there are only ~65k ports x 2 (UDP+TCP)). 
I'd suggest increasing the public pool sizes and checking the stats again. 
kind regardsPshem

On Mon, 28 Mar 2016 at 22:11 Mohammad Khalil <eng_m...@hotmail.com> wrote:

RP/0/RSP0/CPU0:NAT1#show cgn nat44 nat1 statistics 

Statistics summary of NAT44 instance: 'nat1'
Number of active translations: 3993473
Number of sessions: 100482
Translations create rate: 18464
Translations delete rate: 16367
Inside to outside forward rate: 523403
Outside to inside forward rate: 755919
Inside to outside drops port limit exceeded: 481732
Inside to outside drops system limit reached: 0
Inside to outside drops resource depletion: 0
No translation entry drops: 28976704
PPTP active tunnels: 2
PPTP active channels: 2
PPTP ctrl message drops: 2
Number of subscribers: 309101
Drops due to session db limit exceeded: 0
Drops due to source ip not configured: 0

Pool address totally free: 0
Pool address used: 4096
Pool address usage:

From: pshe...@gmail.com
Date: Mon, 28 Mar 2016 09:06:19 +
Subject: Re: [c-nsp] ASR9K VSM
To: eng_m...@hotmail.com; cisco-nsp@puck.nether.net

How many active subscribers (inside IPs) do you have per one outside IP?
For example in one of the installations I worked on we used 16 active 
subscribers per outside IP (4096 ports per subscriber).
kind regardsPshem

On Mon, 28 Mar 2016 at 22:03 Mohammad Khalil <eng_m...@hotmail.com> wrote:




Hi
Can you clarify me more in order to be precise 
From: pshe...@gmail.com
Date: Mon, 28 Mar 2016 09:00:30 +
Subject: Re: [c-nsp] ASR9K VSM
To: eng_m...@hotmail.com; cisco-nsp@puck.nether.net

Hi,
What's your inside IP/outside IP ratio? 
kind regardsPshem

On Mon, 28 Mar 2016 at 21:44 Mohammad Khalil <eng_m...@hotmail.com> wrote:



Hi Pshem
Thanks for the reply , please check my configuration below

vrf OUTSIDE
 address-family ipv4 unicast

vrf INSIDE-1
 address-family ipv4 unicast

vrf INSIDE-2
 address-family ipv4 unicast

hw-module service cgn location 0/1/CPU0

interface TenGigE0/0/1/1
 mtu 9216
 load-interval 30

interface TenGigE0/0/1/1.900
 description ## VLAN 900 SUBINTERFACE ##
 vrf INSIDE-1
 ipv4 address 172.20.60.130 255.255.255.248
 load-interval 30
 encapsulation dot1q 900

interface TenGigE0/0/1/1.902
 description ## VLAN 902 SUBINTERFACE ##
 vrf INSIDE-2
 ipv4 address 172.20.60.146 255.255.255.248
 load-interval 30
 encapsulation dot1q 902

interface TenGigE0/0/1/2
 mtu 9216
 load-interval 30

interface TenGigE0/0/1/2.901
 description ## VLAN 901 SUBINTERFACE ##
 vrf INSIDE-1
 ipv4 address 172.20.60.138 255.255.255.248
 load-interval 30
 encapsulation dot1q 901

interface TenGigE0/0/1/2.903
 description ## VLAN 903 SUBINTERFACE ##
 vrf INSIDE-2
 ipv4 address 172.20.60.154 255.255.255.248
 load-interval 30
 encapsulation dot1q 903

interface ServiceApp1
 vrf INSIDE-1
 ipv4 address 1.1.1.1 255.255.255.252
 load-interval 30
 service cgn cgn1 service-type nat44

interface ServiceApp2
 ipv4 address 2.2.2.2 255.255.255.252
 load-interval 30
 service cgn cgn1 service-type nat44

interface ServiceApp3
 vrf INSIDE-2
 ipv4 address 30.30.30.30 255.255.255.252
 load-interval 30
 service cgn cgn1 service-type nat44

interface ServiceApp4
 ipv4 address 4.4.4.2 255.255.255.252
 load-interval 30
 service cgn cgn1 service-type nat44

interface ServiceInfra1
 ipv4 address 10.99.99.2 255.255.255.0
 service-location 0/1/CPU0

router static
 address-family ipv4 unicast
  x.x.x.x/21 ServiceApp2
  y.y.y.y/21 ServiceApp4

 vrf INSIDE-1
  address-family ipv4 unicast
   0.0.0.0/0 172.20.60.131 50
   0.0.0.0/0 ServiceApp1
   10.4.160.0/28 172.20.60.132
   10.5.0.0/17 172.20.60.132
   10.5.128.0/17 172.20.60.132
   10.13.0.0/17 172.20.60.132
   10.13.128.0/17 172.20.60.132
   10.14.0.0/17 172.20.60.132
   10.14.128.0/17 172.20.60.132
   10.16.0.0/17 172.20.60.132
   10.16.128.0/17 172.20.60.132
   10.21.0.0/17 172.20.60.132
   10.21.128.0/17 172.20.60.132
   10.23.0.0/17 172.20.60.132
   10.23.128.0/17 172.20.60.132
   10.25.0.0/17 172.20.60.132
   10.25.128.0/17 172.20.60.132
   10.55.0.0/27 172.20.60.132
   10.128.0.0/16 172.20.60.132
   10.129.0.0/16 172.20.60.132
   10.130.0.0/16 172.20.60.132
   10.131.0.0/16 172.20.60.132
   10.132.0.0/16 172.20.60.132
   10.133.0.0/16 172.20.60.132
   10.134.0.

Re: [c-nsp] ASR9K VSM

2016-03-28 Thread Mohammad Khalil


RP/0/RSP0/CPU0:NAT1#show cgn nat44 nat1 statistics 

Statistics summary of NAT44 instance: 'nat1'
Number of active translations: 3993473
Number of sessions: 100482
Translations create rate: 18464
Translations delete rate: 16367
Inside to outside forward rate: 523403
Outside to inside forward rate: 755919
Inside to outside drops port limit exceeded: 481732
Inside to outside drops system limit reached: 0
Inside to outside drops resource depletion: 0
No translation entry drops: 28976704
PPTP active tunnels: 2
PPTP active channels: 2
PPTP ctrl message drops: 2
Number of subscribers: 309101
Drops due to session db limit exceeded: 0
Drops due to source ip not configured: 0

Pool address totally free: 0
Pool address used: 4096
Pool address usage:

From: pshe...@gmail.com
Date: Mon, 28 Mar 2016 09:06:19 +
Subject: Re: [c-nsp] ASR9K VSM
To: eng_m...@hotmail.com; cisco-nsp@puck.nether.net

How many active subscribers (inside IPs) do you have per one outside IP?
For example in one of the installations I worked on we used 16 active 
subscribers per outside IP (4096 ports per subscriber).
kind regardsPshem

On Mon, 28 Mar 2016 at 22:03 Mohammad Khalil <eng_m...@hotmail.com> wrote:




Hi
Can you clarify me more in order to be precise 
From: pshe...@gmail.com
Date: Mon, 28 Mar 2016 09:00:30 +
Subject: Re: [c-nsp] ASR9K VSM
To: eng_m...@hotmail.com; cisco-nsp@puck.nether.net

Hi,
What's your inside IP/outside IP ratio? 
kind regardsPshem

On Mon, 28 Mar 2016 at 21:44 Mohammad Khalil <eng_m...@hotmail.com> wrote:



Hi Pshem
Thanks for the reply , please check my configuration below

vrf OUTSIDE
 address-family ipv4 unicast

vrf INSIDE-1
 address-family ipv4 unicast

vrf INSIDE-2
 address-family ipv4 unicast

hw-module service cgn location 0/1/CPU0

interface TenGigE0/0/1/1
 mtu 9216
 load-interval 30

interface TenGigE0/0/1/1.900
 description ## VLAN 900 SUBINTERFACE ##
 vrf INSIDE-1
 ipv4 address 172.20.60.130 255.255.255.248
 load-interval 30
 encapsulation dot1q 900

interface TenGigE0/0/1/1.902
 description ## VLAN 902 SUBINTERFACE ##
 vrf INSIDE-2
 ipv4 address 172.20.60.146 255.255.255.248
 load-interval 30
 encapsulation dot1q 902

interface TenGigE0/0/1/2
 mtu 9216
 load-interval 30

interface TenGigE0/0/1/2.901
 description ## VLAN 901 SUBINTERFACE ##
 vrf INSIDE-1
 ipv4 address 172.20.60.138 255.255.255.248
 load-interval 30
 encapsulation dot1q 901

interface TenGigE0/0/1/2.903
 description ## VLAN 903 SUBINTERFACE ##
 vrf INSIDE-2
 ipv4 address 172.20.60.154 255.255.255.248
 load-interval 30
 encapsulation dot1q 903

interface ServiceApp1
 vrf INSIDE-1
 ipv4 address 1.1.1.1 255.255.255.252
 load-interval 30
 service cgn cgn1 service-type nat44

interface ServiceApp2
 ipv4 address 2.2.2.2 255.255.255.252
 load-interval 30
 service cgn cgn1 service-type nat44

interface ServiceApp3
 vrf INSIDE-2
 ipv4 address 30.30.30.30 255.255.255.252
 load-interval 30
 service cgn cgn1 service-type nat44

interface ServiceApp4
 ipv4 address 4.4.4.2 255.255.255.252
 load-interval 30
 service cgn cgn1 service-type nat44

interface ServiceInfra1
 ipv4 address 10.99.99.2 255.255.255.0
 service-location 0/1/CPU0

router static
 address-family ipv4 unicast
  x.x.x.x/21 ServiceApp2
  y.y.y.y/21 ServiceApp4

 vrf INSIDE-1
  address-family ipv4 unicast
   0.0.0.0/0 172.20.60.131 50
   0.0.0.0/0 ServiceApp1
   10.4.160.0/28 172.20.60.132
   10.5.0.0/17 172.20.60.132
   10.5.128.0/17 172.20.60.132
   10.13.0.0/17 172.20.60.132
   10.13.128.0/17 172.20.60.132
   10.14.0.0/17 172.20.60.132
   10.14.128.0/17 172.20.60.132
   10.16.0.0/17 172.20.60.132
   10.16.128.0/17 172.20.60.132
   10.21.0.0/17 172.20.60.132
   10.21.128.0/17 172.20.60.132
   10.23.0.0/17 172.20.60.132
   10.23.128.0/17 172.20.60.132
   10.25.0.0/17 172.20.60.132
   10.25.128.0/17 172.20.60.132
   10.55.0.0/27 172.20.60.132
   10.128.0.0/16 172.20.60.132
   10.129.0.0/16 172.20.60.132
   10.130.0.0/16 172.20.60.132
   10.131.0.0/16 172.20.60.132
   10.132.0.0/16 172.20.60.132
   10.133.0.0/16 172.20.60.132
   10.134.0.0/16 172.20.60.132
   10.135.0.0/16 172.20.60.132
   10.136.0.0/16 172.20.60.132
   10.137.0.0/16 172.20.60.132
   10.138.0.0/17 172.20.60.132
   172.17.56.0/29 172.20.60.132

 vrf INSIDE-2
  address-family ipv4 unicast
   0.0.0.0/0 172.20.60.147 50
   0.0.0.0/0 ServiceApp3
   10.11.0.0/18 172.20.60.148
   10.11.64.0/20 172.20.60.148
   10.11.80.0/20 172.20.60.148
   10.11.96.0/19 172.20.60.148
   10.11.128.0/17 172.20.60.148
   10.138.128.0/17 172.20.60.148
   10.140.0.0/16 172.20.60.148
   10.141.0.0/16 172.20.60.148
   10.142.0.0/16 172.20.60.148
   10.143.0.0/16 172.20.60.148
   10.144.0.0/16 172.20.60.148
   10.145.0.0/16 172.20.60.148
   10.146.0.0/16 172.20.60.148
   10.147.0.0/16 172.20.60.148
   10.152.0.0/16 172.20.60.148

service cgn cgn1
 service-location preferred-active 0/1/CPU0
 service-type nat44 nat1
  portlimit 2048
  alg ActiveFTP
  alg rtsp server-port 1
  alg pptpAlg
  inside-vrf INSIDE-1
   map outsi

Re: [c-nsp] ASR9K VSM

2016-03-28 Thread Mohammad Khalil

Actually I do not have this particular information as all the customers are 3G 
customers , is there any command that I can use to get into this information ?

From: pshe...@gmail.com
Date: Mon, 28 Mar 2016 09:06:19 +
Subject: Re: [c-nsp] ASR9K VSM
To: eng_m...@hotmail.com; cisco-nsp@puck.nether.net

How many active subscribers (inside IPs) do you have per one outside IP?
For example in one of the installations I worked on we used 16 active 
subscribers per outside IP (4096 ports per subscriber).
kind regardsPshem

On Mon, 28 Mar 2016 at 22:03 Mohammad Khalil <eng_m...@hotmail.com> wrote:




Hi
Can you clarify me more in order to be precise 
From: pshe...@gmail.com
Date: Mon, 28 Mar 2016 09:00:30 +
Subject: Re: [c-nsp] ASR9K VSM
To: eng_m...@hotmail.com; cisco-nsp@puck.nether.net

Hi,
What's your inside IP/outside IP ratio? 
kind regardsPshem

On Mon, 28 Mar 2016 at 21:44 Mohammad Khalil <eng_m...@hotmail.com> wrote:



Hi Pshem
Thanks for the reply , please check my configuration below

vrf OUTSIDE
 address-family ipv4 unicast

vrf INSIDE-1
 address-family ipv4 unicast

vrf INSIDE-2
 address-family ipv4 unicast

hw-module service cgn location 0/1/CPU0

interface TenGigE0/0/1/1
 mtu 9216
 load-interval 30

interface TenGigE0/0/1/1.900
 description ## VLAN 900 SUBINTERFACE ##
 vrf INSIDE-1
 ipv4 address 172.20.60.130 255.255.255.248
 load-interval 30
 encapsulation dot1q 900

interface TenGigE0/0/1/1.902
 description ## VLAN 902 SUBINTERFACE ##
 vrf INSIDE-2
 ipv4 address 172.20.60.146 255.255.255.248
 load-interval 30
 encapsulation dot1q 902

interface TenGigE0/0/1/2
 mtu 9216
 load-interval 30

interface TenGigE0/0/1/2.901
 description ## VLAN 901 SUBINTERFACE ##
 vrf INSIDE-1
 ipv4 address 172.20.60.138 255.255.255.248
 load-interval 30
 encapsulation dot1q 901

interface TenGigE0/0/1/2.903
 description ## VLAN 903 SUBINTERFACE ##
 vrf INSIDE-2
 ipv4 address 172.20.60.154 255.255.255.248
 load-interval 30
 encapsulation dot1q 903

interface ServiceApp1
 vrf INSIDE-1
 ipv4 address 1.1.1.1 255.255.255.252
 load-interval 30
 service cgn cgn1 service-type nat44

interface ServiceApp2
 ipv4 address 2.2.2.2 255.255.255.252
 load-interval 30
 service cgn cgn1 service-type nat44

interface ServiceApp3
 vrf INSIDE-2
 ipv4 address 30.30.30.30 255.255.255.252
 load-interval 30
 service cgn cgn1 service-type nat44

interface ServiceApp4
 ipv4 address 4.4.4.2 255.255.255.252
 load-interval 30
 service cgn cgn1 service-type nat44

interface ServiceInfra1
 ipv4 address 10.99.99.2 255.255.255.0
 service-location 0/1/CPU0

router static
 address-family ipv4 unicast
  x.x.x.x/21 ServiceApp2
  y.y.y.y/21 ServiceApp4

 vrf INSIDE-1
  address-family ipv4 unicast
   0.0.0.0/0 172.20.60.131 50
   0.0.0.0/0 ServiceApp1
   10.4.160.0/28 172.20.60.132
   10.5.0.0/17 172.20.60.132
   10.5.128.0/17 172.20.60.132
   10.13.0.0/17 172.20.60.132
   10.13.128.0/17 172.20.60.132
   10.14.0.0/17 172.20.60.132
   10.14.128.0/17 172.20.60.132
   10.16.0.0/17 172.20.60.132
   10.16.128.0/17 172.20.60.132
   10.21.0.0/17 172.20.60.132
   10.21.128.0/17 172.20.60.132
   10.23.0.0/17 172.20.60.132
   10.23.128.0/17 172.20.60.132
   10.25.0.0/17 172.20.60.132
   10.25.128.0/17 172.20.60.132
   10.55.0.0/27 172.20.60.132
   10.128.0.0/16 172.20.60.132
   10.129.0.0/16 172.20.60.132
   10.130.0.0/16 172.20.60.132
   10.131.0.0/16 172.20.60.132
   10.132.0.0/16 172.20.60.132
   10.133.0.0/16 172.20.60.132
   10.134.0.0/16 172.20.60.132
   10.135.0.0/16 172.20.60.132
   10.136.0.0/16 172.20.60.132
   10.137.0.0/16 172.20.60.132
   10.138.0.0/17 172.20.60.132
   172.17.56.0/29 172.20.60.132

 vrf INSIDE-2
  address-family ipv4 unicast
   0.0.0.0/0 172.20.60.147 50
   0.0.0.0/0 ServiceApp3
   10.11.0.0/18 172.20.60.148
   10.11.64.0/20 172.20.60.148
   10.11.80.0/20 172.20.60.148
   10.11.96.0/19 172.20.60.148
   10.11.128.0/17 172.20.60.148
   10.138.128.0/17 172.20.60.148
   10.140.0.0/16 172.20.60.148
   10.141.0.0/16 172.20.60.148
   10.142.0.0/16 172.20.60.148
   10.143.0.0/16 172.20.60.148
   10.144.0.0/16 172.20.60.148
   10.145.0.0/16 172.20.60.148
   10.146.0.0/16 172.20.60.148
   10.147.0.0/16 172.20.60.148
   10.152.0.0/16 172.20.60.148

service cgn cgn1
 service-location preferred-active 0/1/CPU0
 service-type nat44 nat1
  portlimit 2048
  alg ActiveFTP
  alg rtsp server-port 1
  alg pptpAlg
  inside-vrf INSIDE-1
   map outsideServiceApp ServiceApp2 address-pool x.x.x.x/21

  inside-vrf INSIDE-2
   map outsideServiceApp ServiceApp4 address-pool y.y.y.y/21

  protocol udp
   session initial timeout 30
   session active timeout 100

  protocol tcp
   session initial timeout 120
   session active timeout 900

  protocol icmp
   timeout 60

  refresh-direction Outbound

BR,
Mohammad
From: pshe...@gmail.com
Date: Mon, 28 Mar 2016 08:28:46 +
Subject: Re: [c-nsp] ASR9K VSM
To: eng_m...@hotmail.com; cisco-nsp@puck.nether.net

Hi,
The card is capable of 60mil translations, but you have to 'partition' your 
traffic int

Re: [c-nsp] ASR9K VSM

2016-03-28 Thread Mohammad Khalil


Hi
Can you clarify me more in order to be precise 
From: pshe...@gmail.com
Date: Mon, 28 Mar 2016 09:00:30 +
Subject: Re: [c-nsp] ASR9K VSM
To: eng_m...@hotmail.com; cisco-nsp@puck.nether.net

Hi,
What's your inside IP/outside IP ratio? 
kind regardsPshem

On Mon, 28 Mar 2016 at 21:44 Mohammad Khalil <eng_m...@hotmail.com> wrote:



Hi Pshem
Thanks for the reply , please check my configuration below

vrf OUTSIDE
 address-family ipv4 unicast

vrf INSIDE-1
 address-family ipv4 unicast

vrf INSIDE-2
 address-family ipv4 unicast

hw-module service cgn location 0/1/CPU0

interface TenGigE0/0/1/1
 mtu 9216
 load-interval 30

interface TenGigE0/0/1/1.900
 description ## VLAN 900 SUBINTERFACE ##
 vrf INSIDE-1
 ipv4 address 172.20.60.130 255.255.255.248
 load-interval 30
 encapsulation dot1q 900

interface TenGigE0/0/1/1.902
 description ## VLAN 902 SUBINTERFACE ##
 vrf INSIDE-2
 ipv4 address 172.20.60.146 255.255.255.248
 load-interval 30
 encapsulation dot1q 902

interface TenGigE0/0/1/2
 mtu 9216
 load-interval 30

interface TenGigE0/0/1/2.901
 description ## VLAN 901 SUBINTERFACE ##
 vrf INSIDE-1
 ipv4 address 172.20.60.138 255.255.255.248
 load-interval 30
 encapsulation dot1q 901

interface TenGigE0/0/1/2.903
 description ## VLAN 903 SUBINTERFACE ##
 vrf INSIDE-2
 ipv4 address 172.20.60.154 255.255.255.248
 load-interval 30
 encapsulation dot1q 903

interface ServiceApp1
 vrf INSIDE-1
 ipv4 address 1.1.1.1 255.255.255.252
 load-interval 30
 service cgn cgn1 service-type nat44

interface ServiceApp2
 ipv4 address 2.2.2.2 255.255.255.252
 load-interval 30
 service cgn cgn1 service-type nat44

interface ServiceApp3
 vrf INSIDE-2
 ipv4 address 30.30.30.30 255.255.255.252
 load-interval 30
 service cgn cgn1 service-type nat44

interface ServiceApp4
 ipv4 address 4.4.4.2 255.255.255.252
 load-interval 30
 service cgn cgn1 service-type nat44

interface ServiceInfra1
 ipv4 address 10.99.99.2 255.255.255.0
 service-location 0/1/CPU0

router static
 address-family ipv4 unicast
  x.x.x.x/21 ServiceApp2
  y.y.y.y/21 ServiceApp4

 vrf INSIDE-1
  address-family ipv4 unicast
   0.0.0.0/0 172.20.60.131 50
   0.0.0.0/0 ServiceApp1
   10.4.160.0/28 172.20.60.132
   10.5.0.0/17 172.20.60.132
   10.5.128.0/17 172.20.60.132
   10.13.0.0/17 172.20.60.132
   10.13.128.0/17 172.20.60.132
   10.14.0.0/17 172.20.60.132
   10.14.128.0/17 172.20.60.132
   10.16.0.0/17 172.20.60.132
   10.16.128.0/17 172.20.60.132
   10.21.0.0/17 172.20.60.132
   10.21.128.0/17 172.20.60.132
   10.23.0.0/17 172.20.60.132
   10.23.128.0/17 172.20.60.132
   10.25.0.0/17 172.20.60.132
   10.25.128.0/17 172.20.60.132
   10.55.0.0/27 172.20.60.132
   10.128.0.0/16 172.20.60.132
   10.129.0.0/16 172.20.60.132
   10.130.0.0/16 172.20.60.132
   10.131.0.0/16 172.20.60.132
   10.132.0.0/16 172.20.60.132
   10.133.0.0/16 172.20.60.132
   10.134.0.0/16 172.20.60.132
   10.135.0.0/16 172.20.60.132
   10.136.0.0/16 172.20.60.132
   10.137.0.0/16 172.20.60.132
   10.138.0.0/17 172.20.60.132
   172.17.56.0/29 172.20.60.132

 vrf INSIDE-2
  address-family ipv4 unicast
   0.0.0.0/0 172.20.60.147 50
   0.0.0.0/0 ServiceApp3
   10.11.0.0/18 172.20.60.148
   10.11.64.0/20 172.20.60.148
   10.11.80.0/20 172.20.60.148
   10.11.96.0/19 172.20.60.148
   10.11.128.0/17 172.20.60.148
   10.138.128.0/17 172.20.60.148
   10.140.0.0/16 172.20.60.148
   10.141.0.0/16 172.20.60.148
   10.142.0.0/16 172.20.60.148
   10.143.0.0/16 172.20.60.148
   10.144.0.0/16 172.20.60.148
   10.145.0.0/16 172.20.60.148
   10.146.0.0/16 172.20.60.148
   10.147.0.0/16 172.20.60.148
   10.152.0.0/16 172.20.60.148

service cgn cgn1
 service-location preferred-active 0/1/CPU0
 service-type nat44 nat1
  portlimit 2048
  alg ActiveFTP
  alg rtsp server-port 1
  alg pptpAlg
  inside-vrf INSIDE-1
   map outsideServiceApp ServiceApp2 address-pool x.x.x.x/21

  inside-vrf INSIDE-2
   map outsideServiceApp ServiceApp4 address-pool y.y.y.y/21

  protocol udp
   session initial timeout 30
   session active timeout 100

  protocol tcp
   session initial timeout 120
   session active timeout 900

  protocol icmp
   timeout 60

  refresh-direction Outbound

BR,
Mohammad
From: pshe...@gmail.com
Date: Mon, 28 Mar 2016 08:28:46 +
Subject: Re: [c-nsp] ASR9K VSM
To: eng_m...@hotmail.com; cisco-nsp@puck.nether.net

Hi,
The card is capable of 60mil translations, but you have to 'partition' your 
traffic into at least 2 ServiceApp interface pairs (4 ServiceApp interfaces 
total). 

The port drops mean that the 'inside' IP/ports couldn't be mapped because there 
is not enough ports left on give public IP. Do you do block allocations? How 
many inside IPs per one outside IP? If these drops are increasing quickly it 
means that your customers are most likely having issues accessing the internet. 
The number of ports will be generally specific to your customer base (for 
example setup for mobile tends to be able to get away with less ports then 
customers on fibre access).
No translation drops are gen

Re: [c-nsp] ASR9K VSM

2016-03-28 Thread Mohammad Khalil

Hi Pshem
Thanks for the reply , please check my configuration below

vrf OUTSIDE
 address-family ipv4 unicast

vrf INSIDE-1
 address-family ipv4 unicast

vrf INSIDE-2
 address-family ipv4 unicast

hw-module service cgn location 0/1/CPU0

interface TenGigE0/0/1/1
 mtu 9216
 load-interval 30

interface TenGigE0/0/1/1.900
 description ## VLAN 900 SUBINTERFACE ##
 vrf INSIDE-1
 ipv4 address 172.20.60.130 255.255.255.248
 load-interval 30
 encapsulation dot1q 900

interface TenGigE0/0/1/1.902
 description ## VLAN 902 SUBINTERFACE ##
 vrf INSIDE-2
 ipv4 address 172.20.60.146 255.255.255.248
 load-interval 30
 encapsulation dot1q 902

interface TenGigE0/0/1/2
 mtu 9216
 load-interval 30

interface TenGigE0/0/1/2.901
 description ## VLAN 901 SUBINTERFACE ##
 vrf INSIDE-1
 ipv4 address 172.20.60.138 255.255.255.248
 load-interval 30
 encapsulation dot1q 901

interface TenGigE0/0/1/2.903
 description ## VLAN 903 SUBINTERFACE ##
 vrf INSIDE-2
 ipv4 address 172.20.60.154 255.255.255.248
 load-interval 30
 encapsulation dot1q 903

interface ServiceApp1
 vrf INSIDE-1
 ipv4 address 1.1.1.1 255.255.255.252
 load-interval 30
 service cgn cgn1 service-type nat44

interface ServiceApp2
 ipv4 address 2.2.2.2 255.255.255.252
 load-interval 30
 service cgn cgn1 service-type nat44

interface ServiceApp3
 vrf INSIDE-2
 ipv4 address 30.30.30.30 255.255.255.252
 load-interval 30
 service cgn cgn1 service-type nat44

interface ServiceApp4
 ipv4 address 4.4.4.2 255.255.255.252
 load-interval 30
 service cgn cgn1 service-type nat44

interface ServiceInfra1
 ipv4 address 10.99.99.2 255.255.255.0
 service-location 0/1/CPU0

router static
 address-family ipv4 unicast
  x.x.x.x/21 ServiceApp2
  y.y.y.y/21 ServiceApp4

 vrf INSIDE-1
  address-family ipv4 unicast
   0.0.0.0/0 172.20.60.131 50
   0.0.0.0/0 ServiceApp1
   10.4.160.0/28 172.20.60.132
   10.5.0.0/17 172.20.60.132
   10.5.128.0/17 172.20.60.132
   10.13.0.0/17 172.20.60.132
   10.13.128.0/17 172.20.60.132
   10.14.0.0/17 172.20.60.132
   10.14.128.0/17 172.20.60.132
   10.16.0.0/17 172.20.60.132
   10.16.128.0/17 172.20.60.132
   10.21.0.0/17 172.20.60.132
   10.21.128.0/17 172.20.60.132
   10.23.0.0/17 172.20.60.132
   10.23.128.0/17 172.20.60.132
   10.25.0.0/17 172.20.60.132
   10.25.128.0/17 172.20.60.132
   10.55.0.0/27 172.20.60.132
   10.128.0.0/16 172.20.60.132
   10.129.0.0/16 172.20.60.132
   10.130.0.0/16 172.20.60.132
   10.131.0.0/16 172.20.60.132
   10.132.0.0/16 172.20.60.132
   10.133.0.0/16 172.20.60.132
   10.134.0.0/16 172.20.60.132
   10.135.0.0/16 172.20.60.132
   10.136.0.0/16 172.20.60.132
   10.137.0.0/16 172.20.60.132
   10.138.0.0/17 172.20.60.132
   172.17.56.0/29 172.20.60.132

 vrf INSIDE-2
  address-family ipv4 unicast
   0.0.0.0/0 172.20.60.147 50
   0.0.0.0/0 ServiceApp3
   10.11.0.0/18 172.20.60.148
   10.11.64.0/20 172.20.60.148
   10.11.80.0/20 172.20.60.148
   10.11.96.0/19 172.20.60.148
   10.11.128.0/17 172.20.60.148
   10.138.128.0/17 172.20.60.148
   10.140.0.0/16 172.20.60.148
   10.141.0.0/16 172.20.60.148
   10.142.0.0/16 172.20.60.148
   10.143.0.0/16 172.20.60.148
   10.144.0.0/16 172.20.60.148
   10.145.0.0/16 172.20.60.148
   10.146.0.0/16 172.20.60.148
   10.147.0.0/16 172.20.60.148
   10.152.0.0/16 172.20.60.148

service cgn cgn1
 service-location preferred-active 0/1/CPU0
 service-type nat44 nat1
  portlimit 2048
  alg ActiveFTP
  alg rtsp server-port 1
  alg pptpAlg
  inside-vrf INSIDE-1
   map outsideServiceApp ServiceApp2 address-pool x.x.x.x/21

  inside-vrf INSIDE-2
   map outsideServiceApp ServiceApp4 address-pool y.y.y.y/21

  protocol udp
   session initial timeout 30
   session active timeout 100

  protocol tcp
   session initial timeout 120
   session active timeout 900

  protocol icmp
   timeout 60

  refresh-direction Outbound

BR,
Mohammad

From: pshe...@gmail.com
Date: Mon, 28 Mar 2016 08:28:46 +
Subject: Re: [c-nsp] ASR9K VSM
To: eng_m...@hotmail.com; cisco-nsp@puck.nether.net

Hi,
The card is capable of 60mil translations, but you have to 'partition' your 
traffic into at least 2 ServiceApp interface pairs (4 ServiceApp interfaces 
total). 

The port drops mean that the 'inside' IP/ports couldn't be mapped because there 
is not enough ports left on give public IP. Do you do block allocations? How 
many inside IPs per one outside IP? If these drops are increasing quickly it 
means that your customers are most likely having issues accessing the internet. 
The number of ports will be generally specific to your customer base (for 
example setup for mobile tends to be able to get away with less ports then 
customers on fibre access).
No translation drops are generally harmless - these are things like port scans 
across your ranges, packets received past time-outs for give protocols, etc.
kind regardsPshem

On Sun, 27 Mar 2016 at 20:45 Mohammad Khalil <eng_m...@hotmail.com> wrote:
Dears

I have installed VSM on ASR9K for NAT44 CGN

I can see a lot of drops in the output of show cgn nat44 nat1 statistics

[c-nsp] ASR9K VSM

2016-03-27 Thread Mohammad Khalil

Dears
I have installed VSM on ASR9K for NAT44 CGN
I can see a lot of drops in the output of show cgn nat44 nat1 statistics 
RP/0/RSP0/CPU0:NAT1#show cgn nat44 nat1 statistics



Statistics summary of NAT44 instance: 'nat1'

Number of active translations: 4079397

Inside to outside drops port limit exceeded: 155093

No translation entry drops: 1617189

I have some questions regarding this if you can assist 

One of the experts told me that number of active translations are 4M (it can be 
shown from the above output that the number is like that) , is this number per 
module ? per service ? can I configure extra to isolate this?
inside to outside drops ?
portlimit drops ? I have configured it to be 2048 , should I increase it ? 2048 
means for each private IP address there is 2048 available ?

Thanks in advance

BR,
Mohammad
  
___
cisco-nsp mailing list  cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/

Re: [c-nsp] ASR9K Upgrade

2016-03-22 Thread Mohammad Khalil

I reloaded the module and it worked

Thanks

> Date: Mon, 14 Mar 2016 18:33:56 -0400
> From: ja...@puck.nether.net
> To: n...@foobar.org
> CC: eng_m...@hotmail.com; cisco-nsp@puck.nether.net
> Subject: Re: [c-nsp] ASR9K Upgrade
> 
> On Sun, Mar 13, 2016 at 02:10:58PM +, Nick Hilliard wrote:
> > Mohammad Khalil wrote:
> > > admin install add tftp://x.x.x.x/asr9k-mini-px.pie-5.3.2 synchronous
> > 
> > if you can, you should use ftp instead of tftp for XR upgrades.  It's
> > much faster.
> 
>   I asked Cisco to remove TFTP support for this reason.  You should
> make sure you do all the right things to make TCP faster, including 
> selective-ack
> amongst other options.
> 
>   - Jared
> 
> -- 
> Jared Mauch  | pgp key available via finger from ja...@puck.nether.net
> clue++;  | http://puck.nether.net/~jared/  My statements are only mine.
  
___
cisco-nsp mailing list  cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/

Re: [c-nsp] ASR9K Upgrade

2016-03-22 Thread Mohammad Khalil

Hi all
I have managed to do the upgrade , but am facing an issue with only one fpd 
related to VSM module

RP/0/RSP0/CPU0:ios#admin upgrade hw-module fpd cbc force location 0/1/CPU0
Tue Mar 22 22:56:05.792 UTC

   CBC UPGRADE TAKES APPROX. 3 - 5 MINUTES TO COMPLETE
   AFTER THE IMAGE IS WRITTEN, THE CBC IS RESET AUTOMATICALLY TO
   ACTIVATE THE NEW IMAGE. NO ACTION IS REQUIRED TO ACTIVATE THE NEW
   CBC IMAGE. PROGRESS STATUS WILL BE PRINTED APPROX. ONCE EVERY 60 SECONDS.
Continue? [confirm]

FPD upgrade started.

FPD upgrade in progress on some hardware, reload/configuration change
on those is not recommended as it might cause HW programming failure
and result in RMA of the hardware.



Starting the upgrade/download of following FPD:

===  === === === =
   CurrentUpg/Dng
LocationType Subtype Upg/Dng   VersionVersion
===  === === === =
0/1/CPU0lc   cbc upg33.233.5
--

FPD upgrade sent to location node0_1_CPU0

FPD upgrade completed for location node0_1_CPU0
% Failed to upgrade 1 FPD for A9K-VSM-500 on location 0/1/CPU0


FPD upgrade has ended

> Date: Mon, 14 Mar 2016 18:33:56 -0400
> From: ja...@puck.nether.net
> To: n...@foobar.org
> CC: eng_m...@hotmail.com; cisco-nsp@puck.nether.net
> Subject: Re: [c-nsp] ASR9K Upgrade
> 
> On Sun, Mar 13, 2016 at 02:10:58PM +, Nick Hilliard wrote:
> > Mohammad Khalil wrote:
> > > admin install add tftp://x.x.x.x/asr9k-mini-px.pie-5.3.2 synchronous
> > 
> > if you can, you should use ftp instead of tftp for XR upgrades.  It's
> > much faster.
> 
>   I asked Cisco to remove TFTP support for this reason.  You should
> make sure you do all the right things to make TCP faster, including 
> selective-ack
> amongst other options.
> 
>   - Jared
> 
> -- 
> Jared Mauch  | pgp key available via finger from ja...@puck.nether.net
> clue++;  | http://puck.nether.net/~jared/  My statements are only mine.
  
___
cisco-nsp mailing list  cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/

[c-nsp] MPLS L3VPN Hub and Spoke

2016-03-19 Thread Mohammad Khalil

Dears
I have 100 branch and 1 HQ for a customer
The proposed MPLS L3VPN 
What am seeking is to control spoke to spoke communication 
i.e. no communication for the spoke except with the hub , even if I wanted the 
spoke to communicate with another spoke it should be through the hub site
I have one VRF configured

Thanks
  
___
cisco-nsp mailing list  cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/

[c-nsp] N7K VPC

2016-03-14 Thread Mohammad Khalil

Hi All

I have a weird setup , I have N7K with F2 module and another N7K with F2e module

Will the VPC between those be functional?

Thanks

BR,

Mohammad
  
___
cisco-nsp mailing list  cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/

Re: [c-nsp] ASR9K Upgrade

2016-03-14 Thread Mohammad Khalil

Thanks all

BR,
Mohammad

> From: rob.st...@kpn.com
> To: n...@foobar.org; eng_m...@hotmail.com
> CC: cisco-nsp@puck.nether.net
> Subject: RE: [c-nsp] ASR9K Upgrade
> Date: Mon, 14 Mar 2016 07:40:43 +
> 
> It's also possible to re-partitioning the disk to get some extra space(300M). 
> Executing the re-partitioning is not service impacting.
> https://tools.cisco.com/bugsearch/bug/CSCub41271
> https://supportforums.cisco.com/document/145991/managing-disk-space-rsp-4grsp-8g-aka-rsp2
> 
> Regards,
> Rob
> 
> -Original Message-
> From: cisco-nsp [mailto:cisco-nsp-boun...@puck.nether.net] On Behalf Of Nick 
> Hilliard
> Sent: zondag 13 maart 2016 15:11
> To: Mohammad Khalil
> Cc: cisco-nsp@puck.nether.net
> Subject: Re: [c-nsp] ASR9K Upgrade
> 
> Mohammad Khalil wrote:
> > admin install add tftp://x.x.x.x/asr9k-mini-px.pie-5.3.2 synchronous
> 
> if you can, you should use ftp instead of tftp for XR upgrades.  It's much 
> faster.
> 
> Nick
> 
> ___
> cisco-nsp mailing list  cisco-nsp@puck.nether.net 
> https://puck.nether.net/mailman/listinfo/cisco-nsp
> archive at http://puck.nether.net/pipermail/cisco-nsp/
  
___
cisco-nsp mailing list  cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/

Re: [c-nsp] ASR9K Upgrade

2016-03-13 Thread Mohammad Khalil

Thanks a lot
So , all I have to do is :

admin install add tftp://x.x.x.x/asr9k-mini-px.pie-5.3.2 synchronous
admin install activate disk0:asr9k-mini-px.pie-5.3.2 synchronous
admin install commit
admin install remove inactive

Do I need to issue the command reload or the box will automatically reload?

Thanks again

BR,
Mohammad

From: aftab.siddi...@gmail.com
Date: Sun, 13 Mar 2016 08:14:58 +
Subject: Re: [c-nsp] ASR9K Upgrade
To: eng_m...@hotmail.com; cisco-nsp@puck.nether.net

Hi,Like IOS , if I deleted the existing OS while the system is running , well 
the system keeps functioning?Yes 
What the packages do I need to install (minimum) for the system to boot up 
successfully with no problemsasr9k-mini.pie  and then I can remove the old OS 
packages?
Yes did this a month back [5.2.1 to 5.3.3]. 


Thanks



BR,

Mohammad





___

cisco-nsp mailing list  cisco-nsp@puck.nether.net

https://puck.nether.net/mailman/listinfo/cisco-nsp

archive at http://puck.nether.net/pipermail/cisco-nsp/

-- 
Best Wishes,
Aftab A. Siddiqui 
___
cisco-nsp mailing list  cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/

[c-nsp] ASR9K Upgrade

2016-03-12 Thread Mohammad Khalil

Dears
I am trying to upgrade my ASR9K router from 4.3.2 to 5.3.2
The issue am facing is the space , am running out of space
My questions are:
Like IOS , if I deleted the existing OS while the system is running , well the 
system keeps functioning?
What the packages do I need to install (minimum) for the system to boot up 
successfully with no problems and then I can remove the old OS packages?

Thanks

BR,
Mohammad

  
___
cisco-nsp mailing list  cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/

Re: [c-nsp] MPLS EXP QOS

2016-01-24 Thread Mohammad Khalil

Hi Adam
Yes interface vlan 1700 is the MPLS link
I tried to test using a loopback that is part of my VRF , i will manage to test 
it using CE

> From: adam.vitkov...@gamma.co.uk
> To: eng_m...@hotmail.com; cisconsp_l...@hotmail.com; cisco-nsp@puck.nether.net
> Subject: RE: [c-nsp] MPLS EXP QOS
> Date: Fri, 22 Jan 2016 10:03:19 +
> 
> Hi Mohammad,
> 
> Your configuration suggests that  VLAN 1700 is an MPLS link, is that right?
> 
> Are you using any service-policy on the interface facing CE?
> Even with no QOS policy facing CE I think the TOS values  should be 
> automatically reflected in MPLS EXP values by default.
> But maybe on the CE facing interface you need to have "mls qos trust dscp" 
> for that to happen.
> 
> 
> adam
> > From: Mohammad Khalil [mailto:eng_m...@hotmail.com]
> > Sent: Thursday, January 21, 2016 2:49 PM
> >
> > Hi Adam
> > I have configured the below
> > class match-all GOLD
> > match mpls experimental topmost 3
> >
> > class match-all PLATINUM
> > match mpls experimental topmost 5
> >
> > class match-all SILVER
> > match mpls experimental topmost 1
> >
> > policy-map MAP
> > class GOLD
> > class SILVER
> > class PLATINUM
> > class class-default
> >
> > Interface te0/1
> > service instance 1 ethernet
> > encapsulation dot1q 1700
> > bridge-domain 1700
> > rewrite ingree tag pop 1 symmetric
> > service-policy output MAP
> >
> > And tried to ping from the CE using different TOS values , but still the 
> > packets
> > do not account in the GOLD , SILVER and PLATINUM classes
> >
> > BR,
> > Mohammad
> >
> 
> 
> Adam Vitkovsky
> IP Engineer
> 
> T:  0333 006 5936
> E:  adam.vitkov...@gamma.co.uk
> W:  www.gamma.co.uk
> 
> This is an email from Gamma Telecom Ltd, trading as “Gamma”. The contents of 
> this email are confidential to the ordinary user of the email address to 
> which it was addressed. This email is not intended to create any legal 
> relationship. No one else may place any reliance upon it, or copy or forward 
> all or any of it in any form (unless otherwise notified). If you receive this 
> email in error, please accept our apologies, we would be obliged if you would 
> telephone our postmaster on +44 (0) 808 178 9652 or email 
> postmas...@gamma.co.uk
> 
> Gamma Telecom Limited, a company incorporated in England and Wales, with 
> limited liability, with registered number 04340834, and whose registered 
> office is at 5 Fleet Place London EC4M 7RD and whose principal place of 
> business is at Kings House, Kings Road West, Newbury, Berkshire, RG14 5BY.
> 
> 
  
___
cisco-nsp mailing list  cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/

Re: [c-nsp] MPLS EXP QOS

2016-01-21 Thread Mohammad Khalil

Hi all
What I have done is like below (on 7606-S)

class-map match-all PLATINUM
match mpls experimental topmost 5
class-map match-all GOLD
match mpls experimental topmost 3
class-map match-all SILVER
match mpls experimental topmost 1

policy-map EXPMAP
class PLATINUM
class GOLD
class SILVER
class class-default

interface vlan 1700
service-policy output EXPMAP

Now , when I check using ping with a tos , the packets are not counting (show 
policy-map interface vlan 1700)

I tried to use the command mls qos mpls trust experimental with no luck , what 
should I do in order to be able to match?

I have used GNS3 and it worked 

BR,
Mohammad
> From: adam.vitkov...@gamma.co.uk
> To: eng_m...@hotmail.com; cisconsp_l...@hotmail.com; cisco-nsp@puck.nether.net
> Subject: RE: [c-nsp] MPLS EXP QOS
> Date: Thu, 21 Jan 2016 09:38:41 +
> 
> > Mohammad Khalil
> > Sent: Thursday, January 21, 2016 9:25 AM
> > Hi
> > Am not using service-instances on my ME3600X , it's normal SVI
> >
> Well than the only option is to apply the service-policy to a physical trunk 
> port and try to match for VLAN tag if it is supported.
> Or redo it properly with service instances.
> 
> adam
> 
> 
> 
> Adam Vitkovsky
> IP Engineer
> 
> T:  0333 006 5936
> E:  adam.vitkov...@gamma.co.uk
> W:  www.gamma.co.uk
> 
> This is an email from Gamma Telecom Ltd, trading as “Gamma”. The contents of 
> this email are confidential to the ordinary user of the email address to 
> which it was addressed. This email is not intended to create any legal 
> relationship. No one else may place any reliance upon it, or copy or forward 
> all or any of it in any form (unless otherwise notified). If you receive this 
> email in error, please accept our apologies, we would be obliged if you would 
> telephone our postmaster on +44 (0) 808 178 9652 or email 
> postmas...@gamma.co.uk
> 
> Gamma Telecom Limited, a company incorporated in England and Wales, with 
> limited liability, with registered number 04340834, and whose registered 
> office is at 5 Fleet Place London EC4M 7RD and whose principal place of 
> business is at Kings House, Kings Road West, Newbury, Berkshire, RG14 5BY.
> 
> 
  
___
cisco-nsp mailing list  cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/

Re: [c-nsp] MPLS EXP QOS

2016-01-21 Thread Mohammad Khalil

Thanks Adam
This is in regards to ME3600X , but regarding the 7606-S , would it be doable ?

> From: adam.vitkov...@gamma.co.uk
> To: eng_m...@hotmail.com; cisconsp_l...@hotmail.com; cisco-nsp@puck.nether.net
> Subject: RE: [c-nsp] MPLS EXP QOS
> Date: Thu, 21 Jan 2016 09:38:41 +
> 
> > Mohammad Khalil
> > Sent: Thursday, January 21, 2016 9:25 AM
> > Hi
> > Am not using service-instances on my ME3600X , it's normal SVI
> >
> Well than the only option is to apply the service-policy to a physical trunk 
> port and try to match for VLAN tag if it is supported.
> Or redo it properly with service instances.
> 
> adam
> 
> 
> 
> Adam Vitkovsky
> IP Engineer
> 
> T:  0333 006 5936
> E:  adam.vitkov...@gamma.co.uk
> W:  www.gamma.co.uk
> 
> This is an email from Gamma Telecom Ltd, trading as “Gamma”. The contents of 
> this email are confidential to the ordinary user of the email address to 
> which it was addressed. This email is not intended to create any legal 
> relationship. No one else may place any reliance upon it, or copy or forward 
> all or any of it in any form (unless otherwise notified). If you receive this 
> email in error, please accept our apologies, we would be obliged if you would 
> telephone our postmaster on +44 (0) 808 178 9652 or email 
> postmas...@gamma.co.uk
> 
> Gamma Telecom Limited, a company incorporated in England and Wales, with 
> limited liability, with registered number 04340834, and whose registered 
> office is at 5 Fleet Place London EC4M 7RD and whose principal place of 
> business is at Kings House, Kings Road West, Newbury, Berkshire, RG14 5BY.
> 
> 
  
___
cisco-nsp mailing list  cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/

Re: [c-nsp] MPLS EXP QOS

2016-01-21 Thread Mohammad Khalil

I got multiple errors , error in applying service-policy , bandwidth is not 
supported in the outbound direction (which am aware of)

> From: cisconsp_l...@hotmail.com
> To: eng_m...@hotmail.com; cisco-nsp@puck.nether.net
> Subject: Re: [c-nsp] MPLS EXP QOS
> Date: Thu, 21 Jan 2016 08:28:27 +
> 
> >and the other one is ME3600X , my termination with my neighbor is interface 
> >Vlan (SVI) , when I tried to apply the configuration on the ME3600X box
> >interface Vlan x
> >service-policy output POLICY
> >I got prompted with error in applying QoS
> 
> 
> Are you using service instances under physical Int?  If so, Apply the service 
> policy to the service instance...i.e.
> 
> 
> service instance 1007 ethernet
> 
>   encapsulation dot1q 1007
> 
>   rewrite ingress tag pop 1 symmetric
> 
>   service-policy output FOO_BAR_20MB
> 
> 
> then vlan int just has vrf (If using one) and L3 conf etc
> 
> 
> HTH
  
___
cisco-nsp mailing list  cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/

Re: [c-nsp] MPLS EXP QOS

2016-01-21 Thread Mohammad Khalil

Hi
Am not using service-instances on my ME3600X , it's normal SVI

From: cisconsp_l...@hotmail.com
To: eng_m...@hotmail.com; cisco-nsp@puck.nether.net
Subject: Re: [c-nsp] MPLS EXP QOS
Date: Thu, 21 Jan 2016 09:21:23 +












We apply outbound bandwidth shaping to nearly all our service instances on 
ME3600's without issue...perhaps sharing the error you are getting would help? 
(And full qos policy)









Cheers







From: Mohammad Khalil <eng_m...@hotmail.com>

Sent: Thursday, 21 January 2016 8:17 PM

To: CiscoNSP List; cisco-nsp@puck.nether.net

Subject: RE: [c-nsp] MPLS EXP QOS
 


I got multiple errors , error in applying service-policy , bandwidth is not 
supported in the outbound direction (which am aware of)



> From: cisconsp_l...@hotmail.com

> To: eng_m...@hotmail.com; cisco-nsp@puck.nether.net

> Subject: Re: [c-nsp] MPLS EXP QOS

> Date: Thu, 21 Jan 2016 08:28:27 +

> 

> >and the other one is ME3600X , my termination with my neighbor is interface 
> >Vlan (SVI) , when I tried to apply the configuration on the ME3600X box

> >interface Vlan x

> >service-policy output POLICY

> >I got prompted with error in applying QoS

> 

> 

> Are you using service instances under physical Int? If so, Apply the service 
> policy to the service instance...i.e.

> 

> 

> service instance 1007 ethernet

> 

> encapsulation dot1q 1007

> 

> rewrite ingress tag pop 1 symmetric

> 

> service-policy output FOO_BAR_20MB

> 

> 

> then vlan int just has vrf (If using one) and L3 conf etc

> 

> 

> HTH





  
___
cisco-nsp mailing list  cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/

Re: [c-nsp] MPLS EXP QOS

2016-01-21 Thread Mohammad Khalil

Hi Adam
I have configured the below 
class match-all GOLD
match mpls experimental topmost 3

class match-all PLATINUM
match mpls experimental topmost 5

class match-all SILVER
match mpls experimental topmost 1

policy-map MAP
class GOLD
class SILVER
class PLATINUM
class class-default

Interface te0/1
service instance 1 ethernet
encapsulation dot1q 1700
bridge-domain 1700
rewrite ingree tag pop 1 symmetric 
service-policy output MAP

And tried to ping from the CE using different TOS values , but still the 
packets do not account in the GOLD , SILVER and PLATINUM classes

BR,
Mohammad


> From: adam.vitkov...@gamma.co.uk
> To: eng_m...@hotmail.com; cisconsp_l...@hotmail.com; cisco-nsp@puck.nether.net
> Subject: RE: [c-nsp] MPLS EXP QOS
> Date: Thu, 21 Jan 2016 09:38:41 +
> 
> > Mohammad Khalil
> > Sent: Thursday, January 21, 2016 9:25 AM
> > Hi
> > Am not using service-instances on my ME3600X , it's normal SVI
> >
> Well than the only option is to apply the service-policy to a physical trunk 
> port and try to match for VLAN tag if it is supported.
> Or redo it properly with service instances.
> 
> adam
> 
> 
> 
> Adam Vitkovsky
> IP Engineer
> 
> T:  0333 006 5936
> E:  adam.vitkov...@gamma.co.uk
> W:  www.gamma.co.uk
> 
> This is an email from Gamma Telecom Ltd, trading as “Gamma”. The contents of 
> this email are confidential to the ordinary user of the email address to 
> which it was addressed. This email is not intended to create any legal 
> relationship. No one else may place any reliance upon it, or copy or forward 
> all or any of it in any form (unless otherwise notified). If you receive this 
> email in error, please accept our apologies, we would be obliged if you would 
> telephone our postmaster on +44 (0) 808 178 9652 or email 
> postmas...@gamma.co.uk
> 
> Gamma Telecom Limited, a company incorporated in England and Wales, with 
> limited liability, with registered number 04340834, and whose registered 
> office is at 5 Fleet Place London EC4M 7RD and whose principal place of 
> business is at Kings House, Kings Road West, Newbury, Berkshire, RG14 5BY.
> 
> 
  
___
cisco-nsp mailing list  cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/

[c-nsp] MPLS EXP QOS

2016-01-20 Thread Mohammad Khalil

Hi all
I have two eBGP peerings that am running VPNv4 sessions on (Inter-AS option-C)
What am trying to achieve is to make sure that packets going out from my CE is 
matched and placed on the ASBR in the appropriate hardware queue
What I have is 4-class QoS model (Gold , silver , platinum and default or 
best-effort)
My configuration looks like below (just samples)

class-map match-all GOLD
match mpls experimental topmost 3
match ip precedence 3

policy-map POLICY
class GOLD
Now , here I have to take action in order for the policy to work? I only need 
to check the match (I can use the set bandwidth remaining x option to complete 
the configuration)

Now the other issue I am facing is one of the PEs is 7606-S and the other one 
is ME3600X , my termination with my neighbor is interface Vlan (SVI) , when I 
tried to apply the configuration on the ME3600X box 
interface Vlan x 
service-policy output POLICY
I got prompted with error in applying QoS

And on the 7606-S , I get I cannot apply bandwidth shaping in the outbound 
direction 

When I replace the set bandwidth remaining x with set mpls experimental topmost 
x , I can see that work on 7606-S but not on ME3600X 

I only care for matching precedence values (MPLS exp)

Thanks for your inputs

BR,
Mohammad
  
___
cisco-nsp mailing list  cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/

[c-nsp] PPPoE session load balancing

2016-01-14 Thread Mohammad Khalil

Hi Dears

I have two VXRs functioning as PPPoE aggregation servers

What am trying to do is to load balance the sessions to be distributed among 
the two boxes?

Is that doable?
  
___
cisco-nsp mailing list  cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/

Re: [c-nsp] PPPoE session load balancing

2016-01-14 Thread Mohammad Khalil

You mean hiding one of them for a group of the clients ?

> From: luky...@hotmail.com
> To: eng_m...@hotmail.com; cisco-nsp@puck.nether.net
> Subject: RE: [c-nsp] PPPoE session load balancing
> Date: Thu, 14 Jan 2016 12:24:17 +0100
> 
> Hello,
> 
> > Hi Dears
> >
> > I have two VXRs functioning as PPPoE aggregation servers
> >
> > What am trying to do is to load balance the sessions to be
> > distributed among the two boxes?
> >
> > Is that doable?
> 
> Sure, just let the client pick between the two AC's.
> 
> 
> 
> Lukas
> 
> 
  
___
cisco-nsp mailing list  cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/

Re: [c-nsp] PPPoE session load balancing

2016-01-14 Thread Mohammad Khalil

Hi all and thanks for the replies
I am providing the service and yes the clients have visibility to both 

> From: jwbens...@gmail.com
> Date: Thu, 14 Jan 2016 12:05:29 +
> To: cisco-nsp@puck.nether.net
> Subject: Re: [c-nsp] PPPoE session load balancing
> 
> On 14 January 2016 at 11:20, Mohammad Khalil <eng_m...@hotmail.com> wrote:
> > Hi Dears
> >
> > I have two VXRs functioning as PPPoE aggregation servers
> >
> > What am trying to do is to load balance the sessions to be distributed 
> > among the two boxes?
> >
> > Is that doable?
> 
> 
> 
> How are you doing PPPoE, are you taking a wholesale service or
> providing it your self? Are you using LACs for aggregation? Do the
> PPPoE clients have direct visibility of both PPPoE servers?
> 
> 
> Cheers,
> James.
> ___
> cisco-nsp mailing list  cisco-nsp@puck.nether.net
> https://puck.nether.net/mailman/listinfo/cisco-nsp
> archive at http://puck.nether.net/pipermail/cisco-nsp/
  
___
cisco-nsp mailing list  cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/

[c-nsp] ME3400 Spanning-tree

2016-01-04 Thread Mohammad Khalil

Dears
I have Cisco ME3400 switch which is limited to 4 ports NNI
I discovered that I cannot apply any spanning-tree commands on any interface 
unless it's nni port
So , what can I do to protect myself from loops and mac flapping issues (expect 
for doing the upgrade to increase the nni ports)
Will the spanning-tree loopguard default global command be of help?

  
___
cisco-nsp mailing list  cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/

[c-nsp] ME3600X DSCP/COS

2015-12-22 Thread Mohammad Khalil

Hi all
I have read that the ME3600X trust by default the DSCP/CoS values , just wanted 
to make sure of that or should I build a QoS model ? Should I play with the set 
for precedence values?

Thanks in advance
  
___
cisco-nsp mailing list  cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/

[c-nsp] spanning-tree P2P self-looped

2015-12-14 Thread Mohammad Khalil

Hi All
I have 7606 with ES20+ module
I have two active connections on this module , one is layer 3 (point to point) 
link and the other one is the link of concern 
I have configured this link as a trunk with only Vlan 1700 is allowed , and SVI 
is configured for that Vlan
interface G4/19
switchport
switchport mode trunk
switchport trunk allowed vlan 1700
speed nonegotiate

interface vlan 1700
ip address x.x.x.x x.x.x.x

What am facing now when I check the show spanning-tree blocked-ports I can see 
that port is blocked for Vlan 1700
When I issue the show spanning-tree interface g4/19 details , I can see the 
counter for both sent and received increases equally (which explains the 
self-looped) 
When I change to switchport mode access , I can see the port is Up and the SVI 
is UP 

What could be the issue and how can I solve it from my side?

Thanks in advance

BR,
Mohammad
  
___
cisco-nsp mailing list  cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/

Re: [c-nsp] Cisco and Juniper - BGP MPLS L2VPN VPLS interoperability

2015-11-20 Thread Mohammad Khalil

Hi did u try neighbor x.x.x.x prefix-length-size 2 from me3400 side

Sent from my Samsung device

 Original message 
From: Aaron 
Date: 20/11/2015  20:08  (GMT+02:00)
To: cisco-nsp@puck.nether.net
Subject: [c-nsp] Cisco and Juniper - BGP MPLS L2VPN VPLS interoperability

Can anyone share any experiences with interoperating Cisco and Juniper BGP
MPLS L2VPN's ?

Yesterday I fired up L2VPN configs in my ACX5048 and MX104 in my lab and
brought up BGP L2VPN address family and got some bad results

It caused all of my Cisco ME3600's in my network to send BGP Notifications
and drop their MP-BGP neighbor sessions to the Route Reflector core and
purge all their vpnv4, vpnv6 and l2vpn topology tables !

Bad customer impact. lots of trouble.

"Rollback 1" on ACX and MX and all is well

Anyway have trouble in this area ?

Aaron

P.S. for a couple weeks those same ACX and MX were running just fine with my
route reflector core (dual asr9k's) and running fine with BGP MPLS L3VPN's
(layer 3) routing-instances. able to talk to the rest of the routing
domains, etc.  all that seemed fine.  It was just this L2VPN stuff yesterday
was bad.

___
cisco-nsp mailing list  cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/
___
cisco-nsp mailing list  cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/

Re: [c-nsp] ASR903 Service instance MTU

2015-11-13 Thread Mohammad Khalil

So I have to raise the MTU on the physical interface that holds the service 
instances and then raise it on the pseudwire interfaces?

> From: s.kakarou...@connecticore.com
> To: eng_m...@hotmail.com; luky...@hotmail.com; sigurbjo...@vodafone.is; 
> ggian...@gmail.com
> CC: cisco-nsp@puck.nether.net
> Subject: RE: [c-nsp] ASR903 Service instance MTU
> Date: Tue, 10 Nov 2015 10:12:21 +
> 
> Hi,
> 
> You are correct. IIRC, changing the MTU on the pseudowire, changes just what
> you report as the MTU of the AC. Usually the parser will prevent you from
> doing something that won't work, or fix it for you, but I don't like to
> depend on that. Either way, you will have to at least increase the MTU on
> the ACs.
> 
> My thoughts and words are my own.
> 
> Kind Regards,
> 
> Spyros
> 
> 
> -Original Message-
> From: cisco-nsp [mailto:cisco-nsp-boun...@puck.nether.net] On Behalf Of
> Mohammad Khalil
> Sent: Tuesday, November 10, 2015 9:17 AM
> To: Lukas Tribus <luky...@hotmail.com>; Sigurbjörn Birkir Lárusson
> <sigurbjo...@vodafone.is>; George Giannousopoulos <ggian...@gmail.com>
> Cc: cisco-nsp@puck.nether.net
> Subject: Re: [c-nsp] ASR903 Service instance MTU
> 
> Thanks Lukas
> What am facing actually is that I got a request from my customer to raise
> the MTU for all his L2VPN connections (VFI,XCONNECT) AM afraid if I raised
> the MTU on the pseudowire interface while the physical interface MTU is
> still 1500 to cause an issue
> 
> > From: luky...@hotmail.com
> > To: eng_m...@hotmail.com; sigurbjo...@vodafone.is; ggian...@gmail.com
> > CC: cisco-nsp@puck.nether.net
> > Subject: RE: [c-nsp] ASR903 Service instance MTU
> > Date: Sun, 8 Nov 2015 19:00:14 +0100
> > 
> > Hi Mohammad,
> > 
> > 
> > > Hi all
> > > I have discovered that I can change the MTU as the below syntax 
> > > interface GigabitEthernet0/0/1 no ip address
> > >
> > > service instance 100 ethernet
> > > xconnect x.x.x.x {VC_ID} encapsulation mpls mtu {}
> > >
> > > But If I configured the below
> > > l2vpn xconnect context {NAME}
> > >
> > > There is no option for the MTU under it
> > 
> > 
> > You have to configure it on the pseudowire interface:
> > http://www.cisco.com/c/en/us/td/docs/ios-xml/ios/mp_l2_vpns/configurat
> > ion/xe-3s/mp-l2-vpns-xe-3s-book/mp-any-transport-xe.html#concept_B3B08
> > 5AFF0384B5C867E3EF9A4C58564
> > 
> > 
> > 
> > Lukas
> >   
> 
> ___
> cisco-nsp mailing list  cisco-nsp@puck.nether.net
> https://puck.nether.net/mailman/listinfo/cisco-nsp
> archive at http://puck.nether.net/pipermail/cisco-nsp/
  
___
cisco-nsp mailing list  cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/

Re: [c-nsp] ASR903 Service instance MTU

2015-11-09 Thread Mohammad Khalil

Thanks Lukas
What am facing actually is that I got a request from my customer to raise the 
MTU for all his L2VPN connections (VFI,XCONNECT) 
AM afraid if I raised the MTU on the pseudowire interface while the physical 
interface MTU is still 1500 to cause an issue

> From: luky...@hotmail.com
> To: eng_m...@hotmail.com; sigurbjo...@vodafone.is; ggian...@gmail.com
> CC: cisco-nsp@puck.nether.net
> Subject: RE: [c-nsp] ASR903 Service instance MTU
> Date: Sun, 8 Nov 2015 19:00:14 +0100
> 
> Hi Mohammad,
> 
> 
> > Hi all
> > I have discovered that I can change the MTU as the below syntax
> > interface GigabitEthernet0/0/1
> > no ip address
> >
> > service instance 100 ethernet
> > xconnect x.x.x.x {VC_ID} encapsulation mpls
> > mtu {}
> >
> > But If I configured the below
> > l2vpn xconnect context {NAME}
> >
> > There is no option for the MTU under it
> 
> 
> You have to configure it on the pseudowire interface:
> http://www.cisco.com/c/en/us/td/docs/ios-xml/ios/mp_l2_vpns/configuration/xe-3s/mp-l2-vpns-xe-3s-book/mp-any-transport-xe.html#concept_B3B085AFF0384B5C867E3EF9A4C58564
> 
> 
> 
> Lukas
> 
  
___
cisco-nsp mailing list  cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/

Re: [c-nsp] ASR903 Service instance MTU

2015-11-08 Thread Mohammad Khalil

Hi all
I have discovered that I can change the MTU as the below syntax
interface GigabitEthernet0/0/1
 no ip address

 service instance 100 ethernet
xconnect x.x.x.x {VC_ID} encapsulation mpls
mtu {}

But If I configured the below
l2vpn xconnect context {NAME}

There is no option for the MTU under it 

> From: sigurbjo...@vodafone.is
> To: ggian...@gmail.com; eng_m...@hotmail.com
> CC: cisco-nsp@puck.nether.net
> Subject: Re: [c-nsp] ASR903 Service instance MTU
> Date: Sat, 7 Nov 2015 07:12:35 +
> 
> Yes, you can, providing the MTU you are setting for the xconnect is lower 
> than the interface MTU, if it is not, the command will (at least in XE 3.13) 
> change the MTU of the interface that has the service instance
> 
> Kind regards,
> Sibbi
> 
> 
> 
> On 07/11/15 05:59, "cisco-nsp on behalf of George Giannousopoulos" 
> <cisco-nsp-boun...@puck.nether.net on behalf of ggian...@gmail.com> wrote:
> 
> >Hi,
> >
> >I can't really test it right now, but you should be able to adjust MTU as a
> >sub-command of xconnect, under the service instance.
> >
> >--
> >George
> >
> >On Sat, Nov 7, 2015 at 12:03 AM, Mohammad Khalil <eng_m...@hotmail.com>
> >wrote:
> >
> >> Hi all
> >> I was wondering on ASR903 , can I adjust MTU under the service instance ?
> >> I can do that under the BDI interface , but that will do it for me ?
> >>
> >> BR,
> >> Mohammad
> >>
> >> ___
> >> cisco-nsp mailing list  cisco-nsp@puck.nether.net
> >> https://puck.nether.net/mailman/listinfo/cisco-nsp
> >> archive at http://puck.nether.net/pipermail/cisco-nsp/
> >>
> >___
> >cisco-nsp mailing list  cisco-nsp@puck.nether.net
> >https://puck.nether.net/mailman/listinfo/cisco-nsp
> >archive at http://puck.nether.net/pipermail/cisco-nsp/
  
___
cisco-nsp mailing list  cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/

[c-nsp] ASR903 Service instance MTU

2015-11-06 Thread Mohammad Khalil

Hi all
I was wondering on ASR903 , can I adjust MTU under the service instance ?
I can do that under the BDI interface , but that will do it for me ?

BR,
Mohammad
  
___
cisco-nsp mailing list  cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/

Re: [c-nsp] N5K Auto Qos

2015-10-26 Thread Mohammad Khalil

Thanks Lee for the reply
My only concern is the VOIP traffic , so I will configure auto qos voip trust 
from IOS side and will leave NX-OS as it is 

BR,
Mohammad

> Date: Sun, 25 Oct 2015 17:49:56 -0400
> Subject: Re: [c-nsp] N5K Auto Qos
> From: ler...@gmail.com
> To: eng_m...@hotmail.com
> CC: cisco-nsp@puck.nether.net
> 
> On 10/25/15, Mohammad Khalil <eng_m...@hotmail.com> wrote:
> > Hi all
> > I am looking for configuring auto qos voip trust on my switched network
> > My issue is that I have several uplinks (trunks) connected to my N5K box
> > According to what I know the command does not exist on the NX-OS , and by
> > default Nexus will trust Cos and DSCP values
> > So , if I have configured auto qos voip trust from my IOS switch and left
> > the Nexus uplink as it is , the QoS will work ?
> 
> For various definitions of "work"
> 
> Traffic will be treated differently on the IOS boxes with QOS enabled,
> there will be no change on the NX-OS boxes but at least the cos/dscp
> markings won't be changed so that if/when the traffic gets to another
> IOS box your QOS settings will also work there.
> 
> Regards,
> Lee
  
___
cisco-nsp mailing list  cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/

[c-nsp] N5K Auto Qos

2015-10-25 Thread Mohammad Khalil

Hi all
I am looking for configuring auto qos voip trust on my switched network 
My issue is that I have several uplinks (trunks) connected to my N5K box
According to what I know the command does not exist on the NX-OS , and by 
default Nexus will trust Cos and DSCP values
So , if I have configured auto qos voip trust from my IOS switch and left the 
Nexus uplink as it is , the QoS will work ?

Thanks

BR,
Mohammad 
  
___
cisco-nsp mailing list  cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/

[c-nsp] ASR1006 VPDN sessions

2015-10-12 Thread Mohammad Khalil

Hi all

I have ASR1006 with the image 
bootflash:asr1000rp1-advipservicesk9.02.06.01.122-33.XNF1.bin

WHen I wanted to check for the rate of a specific session (user) , I used the 
command 

sh vpdn session packets rate
interface virtual-access x
When I upgradeed the router to the IOS image 
asr1000rp1-advipservices.03.13.03.S.154-3.S3-ext.bin
Do not seem to find it , any ideas?
BR,Mohammad




  
___
cisco-nsp mailing list  cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/

[c-nsp] MPLS LSP Failure

2015-10-05 Thread Mohammad Khalil

Hi all
I have established an xconnect between two PE routers
Now checking the show mpls l2transport vc detail output , everything is showing 
normal 
When trying to ping mpls pseudowire , it's successful from one side and the 
other is failed 
I have checked if there is an alternative (non MPLS enabled path) between the 
CEs and there is not
As well , I have checked the mpls forwarding-table on both PEs for the loopback 
interface of each other and it's there (labels assigned) 
The only think I have noticed is that label switched bytes on one of the PEs is 
zero

Any ideas?

Thanks

BR,
Mohammad
  
___
cisco-nsp mailing list  cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/

[c-nsp] ME3600 QoS

2015-10-01 Thread Mohammad Khalil




Kindly I’m trying to configure QoS for traffic policing on
one of our PEs (ME3600), but I’m receiving an error when I try to apply it on
an SVI, I tried to figure out the problem but I found the following on one of
Cisco’s documents :
 
“You can attach service policies to switchports, routed ports, or EFPs.
However, you cannot attach a service policy to a physical port that is
configured with service instances (EFPs) and you cannot attach service policies 
to switch virtual
interfaces (SVIs). “

Thanks in advance


  
___
cisco-nsp mailing list  cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/

Re: [c-nsp] ME3600 QoS

2015-10-01 Thread Mohammad Khalil

Thanks guys for the kind replies
Nick , you mean like a hierarchical QoS ? as the physical interface has a lot 
of service-instances configured for multiple Vlans

Thanks

> To: cisco-nsp@puck.nether.net
> From: n...@foobar.org
> Date: Thu, 1 Oct 2015 09:29:52 +0100
> Subject: Re: [c-nsp] ME3600 QoS
> 
> On 01/10/2015 09:20, Mohammad Khalil wrote:
> > “You can attach service policies to switchports, routed ports, or EFPs.
> > However, you cannot attach a service policy to a physical port that is
> > configured with service instances (EFPs) and you cannot attach service 
> > policies to switch virtual
> > interfaces (SVIs). “
> 
> yep, that's correct.  If you want to use qos on an SVI, you need to attach
> the service policy to the service policy on the physical interface(s).
> Better still, don't use SVIs on this platform if you can get away with
> using physical ports.
> 
> Nick
> 
> 
> ___
> cisco-nsp mailing list  cisco-nsp@puck.nether.net
> https://puck.nether.net/mailman/listinfo/cisco-nsp
> archive at http://puck.nether.net/pipermail/cisco-nsp/
  
___
cisco-nsp mailing list  cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/

Re: [c-nsp] CSRv & VXLAN

2015-09-24 Thread Mohammad Khalil

Hi
I have simulated this on gns3
http://eng-mssk.blogspot.com/2015/09/otv-example.html?m=1

It might give you a hint

BR,
Mohammad


Sent from Samsung Mobile

 Original message From: Steve Mikulasik 
 Date:24/09/2015  20:45  (GMT+02:00) 
To: Luis Anzola  Cc: 
cisco-nsp@puck.nether.net Subject: Re: [c-nsp] CSRv & VXLAN 


Yeah after some further reading I think you are right. I'll extend the question 
to include OTV on the CSRv platform. Any experiences would be greatly 
appreciated.


-Original Message-
From: Luis Anzola [mailto:anzo...@gmail.com]
Sent: Thursday, September 24, 2015 11:22 AM
To: Steve Mikulasik 
Cc: cisco-nsp@puck.nether.net
Subject: Re: [c-nsp] CSRv & VXLAN

I would look at OTV instead. It's a technology developed specifically for DCI 
implementations and brings very important benefits with it.

Luis

Sent from my iPhone

> On Sep 24, 2015, at 12:56 PM, Steve Mikulasik  
> wrote:
>
> Anyone have any experience with VXLAN on the CSRv? I need to span L2 traffic 
> across hosted datacetners (can't use a physical device unless it installs on 
> x86 hardware) and was wondering if this is the way to go on this platform.
>
>
>
> ___
> cisco-nsp mailing list  cisco-nsp@puck.nether.net
> https://puck.nether.net/mailman/listinfo/cisco-nsp
> archive at http://puck.nether.net/pipermail/cisco-nsp/

___
cisco-nsp mailing list  cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/
___
cisco-nsp mailing list  cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/

Re: [c-nsp] Xconnect Precednce

2015-09-21 Thread Mohammad Khalil

Thanks Arie
Would configuring the below commands under the interface level do the trick ?



mls qos
trust cos

mls qos
trust dscp


BR,
Mohammad

From: ar...@vayner.net
Date: Sun, 20 Sep 2015 17:31:47 +
Subject: Re: [c-nsp] Xconnect Precednce
To: eng_m...@hotmail.com; cisco-nsp@puck.nether.net

By default the 7600 and 6500 (assuming mls qos is enabled) would not trust 
incoming marked traffic, and classify it as BE. On egress they would overwrite 
the DHCP value according to the ingress classification. 
So you need to look into the specific qos implementation of 6500/7600, which is 
not trivial. 
The other thing you need to look into are the qos models for MPLS (uniform and 
pipe) and how they apply on the 7600.
Tnx, Arie 

On Sun, Sep 20, 2015, 08:23 Mohammad Khalil <eng_m...@hotmail.com> wrote:



Hi arie , thanks for the reply

My CE is 6509



access-list 105 permit ip any any precedence routine log

access-list 105 permit ip any any precedence priority log

access-list 105 permit ip any any precedence immediate log

access-list 105 permit ip any any precedence flash log

access-list 105 permit ip any any precedence flash-override
log

access-list 105 permit ip any any precedence critical log

access-list 105 permit ip any any precedence internet log

access-list 105 permit ip any any precedence network log

access-list 105 permit ip any any

 

interface GigabitEthernet0/1.56



encapsulation dot1Q 56

ip address 10.3.3.1 255.255.255.0

ip access-group 105 in

ip access-group 105 out
My PE configuration
interface vlan 56xconnect x.x.x.x 56 encapsulation mpls
Thanks
BR,Mohammad
From: ar...@vayner.net
Date: Sun, 20 Sep 2015 14:58:28 +
Subject: Re: [c-nsp] Xconnect Precednce
To: eng_m...@hotmail.com; cisco-nsp@puck.nether.net

Mohammed, 
Can you please provide the complete interface configuration? Is this the PE or 
the CE? Which platform is it? 
Generally speaking, layer 2 pseudowires should use layer 2 COS for traffic 
classification. 
Tnx, Arie 

On Sat, Sep 19, 2015, 03:21 Mohammad Khalil <eng_m...@hotmail.com> wrote:
Hi all

I am trying to test different tos values between CEs

What am trying to test is default traffic which will fall into the routine 
traffic and another flow which should fall in the critical traffic (tos=160)



My access-list looks as below





access-list 105 permit ip any any precedence routine log



access-list 105 permit ip any any precedence priority log



access-list 105 permit ip any any precedence immediate log



access-list 105 permit ip any any precedence flash log



access-list 105 permit ip any any precedence flash-override

log



access-list 105 permit ip any any precedence critical log



access-list 105 permit ip any any precedence internet log



access-list 105 permit ip any any precedence network log



access-list 105 permit ip any any









interface GigabitEthernet0/1.56ip access-group 105 in



ip access-group 105 out





ping 10.3.3.1 repeat 19 tos 160



ping 10.3.3.1 repeat 15







Probe#sh ip access-lists

105



Extended IP access list 105



10 permit ip any any precedence routine log (34 matches)





20 permit ip any any precedence priority

log



30 permit ip any any precedence immediate

log



40 permit ip any any precedence flash log



50 permit ip any any precedence

flash-override log



60 permit ip any any precedence critical log





70 permit ip any any precedence internet

log



80 permit ip any any precedence network

log



90 permit ip any any

The 19 ICMP packets should fall into the critical

I have tested this on GNS3 and it worked fine !

Is there something global should be enabled on the PE which is 7606?



BR,Mohammad











___

cisco-nsp mailing list  cisco-nsp@puck.nether.net

https://puck.nether.net/mailman/listinfo/cisco-nsp

archive at http://puck.nether.net/pipermail/cisco-nsp/

  
___
cisco-nsp mailing list  cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/

Re: [c-nsp] Segment Routing

2015-09-20 Thread Mohammad Khalil

Hi all and thanks for the kind reply
Will it work if I configured the command mpls ldp explicit-null ?

BR,
Mohammad

> Date: Sun, 13 Sep 2015 11:51:07 -0400
> Subject: Re: [c-nsp] Segment Routing
> From: mohan.nand...@gmail.com
> To: eng_m...@hotmail.com
> CC: cisco-nsp@puck.nether.net
> 
> PHP will happen as they are back to back in your topology. The range
> on XR is between 16000-23999. Anything above the range will not be
> installed (16000+15001 = 31001).
> 
> Cheers,
> -Mohan
> 
> 
> On Sun, Sep 13, 2015 at 4:44 AM, Mohammad Khalil <eng_m...@hotmail.com> wrote:
> > Hi all
> > I came across segment routing and tried to simulate it using the below 
> > topology
> > CE1 -- XR1 -- XR2 -- CE2
> >
> > ISIS is the running IGP between the XR boxes and below is the relevant 
> > configuration
> >
> > XR1
> > router isis 1
> >  is-type level-2-only
> >  net 49.0001...0010.00
> >  address-family ipv4 unicast
> >   metric-style wide
> >   segment-routing mpls
> >  !
> >  interface Loopback0
> >   address-family ipv4 unicast
> >prefix-sid index 1001
> >   !
> >  !
> >  interface GigabitEthernet0/0/0/0
> >   address-family ipv4 unicast
> >
> > XR2
> > router isis 1
> >  is-type level-2-only
> >  net 49.0001...0020.00
> >  address-family ipv4 unicast
> >   metric-style wide
> >   segment-routing mpls
> >  !
> >  interface Loopback0
> >   address-family ipv4 unicast
> >prefix-sid index 1002
> >   !
> >  !
> >  interface GigabitEthernet0/0/0/0
> >   address-family ipv4 unicast
> >
> > XR1
> > router bgp 1
> >  address-family vpnv4 unicast
> >  !
> >  neighbor 20.20.20.20
> >   remote-as 1
> >   update-source Loopback0
> >   address-family vpnv4 unicast
> >   !
> >  !
> >  vrf MSSK
> >   rd 1:1
> >   address-family ipv4 unicast
> >redistribute connected
> >
> > XR2
> > RP/0/0/CPU0:Clone#sh run router bgp
> > Sun Sep 13 11:37:16.085 UTC
> > router bgp 1
> >  address-family vpnv4 unicast
> >  !
> >  neighbor 10.10.10.10
> >   remote-as 1
> >   update-source Loopback0
> >   address-family vpnv4 unicast
> >   !
> >  !
> >  vrf MSSK
> >   rd 1:1
> >   address-family ipv4 unicast
> >redistribute connected
> >
> > The issue is that I cannot any labels imposed :
> > RP/0/0/CPU0:XRnew#sh cef 20.20.20.20/32 | inc labels
> > Sun Sep 13 11:37:37.416 UTC
> >  local label 17002  labels imposed {ImplNull}
> >
> > RP/0/0/CPU0:Clone#sh cef 10.10.10.10/32 | inc labels
> > Sun Sep 13 11:37:54.372 UTC
> >  local label 17001  labels imposed {ImplNull}
> >
> > Another weird issue am facing is that when I change the prefix-sid index on 
> > both XR boxes to (15001 , 15002 respectively) , no labels are shown at all
> >
> > RP/0/0/CPU0:XRnew#sh cef 20.20.20.20/32 | inc labels
> > Sun Sep 13 11:38:47.211 UTC
> >
> > Any ideas guys?
> >
> > Thanks
> >
> > BR,
> > Mohammad
> >
> > ___
> > cisco-nsp mailing list  cisco-nsp@puck.nether.net
> > https://puck.nether.net/mailman/listinfo/cisco-nsp
> > archive at http://puck.nether.net/pipermail/cisco-nsp/
  
___
cisco-nsp mailing list  cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/

Re: [c-nsp] Xconnect Precednce

2015-09-20 Thread Mohammad Khalil

Hi arie , thanks for the reply

My CE is 6509



access-list 105 permit ip any any precedence routine log

access-list 105 permit ip any any precedence priority log

access-list 105 permit ip any any precedence immediate log

access-list 105 permit ip any any precedence flash log

access-list 105 permit ip any any precedence flash-override
log

access-list 105 permit ip any any precedence critical log

access-list 105 permit ip any any precedence internet log

access-list 105 permit ip any any precedence network log

access-list 105 permit ip any any

 

interface GigabitEthernet0/1.56



encapsulation dot1Q 56

ip address 10.3.3.1 255.255.255.0

ip access-group 105 in

ip access-group 105 out
My PE configuration
interface vlan 56xconnect x.x.x.x 56 encapsulation mpls
Thanks
BR,Mohammad




From: ar...@vayner.net
Date: Sun, 20 Sep 2015 14:58:28 +
Subject: Re: [c-nsp] Xconnect Precednce
To: eng_m...@hotmail.com; cisco-nsp@puck.nether.net

Mohammed, 
Can you please provide the complete interface configuration? Is this the PE or 
the CE? Which platform is it? 
Generally speaking, layer 2 pseudowires should use layer 2 COS for traffic 
classification. 
Tnx, Arie 

On Sat, Sep 19, 2015, 03:21 Mohammad Khalil <eng_m...@hotmail.com> wrote:
Hi all

I am trying to test different tos values between CEs

What am trying to test is default traffic which will fall into the routine 
traffic and another flow which should fall in the critical traffic (tos=160)



My access-list looks as below





access-list 105 permit ip any any precedence routine log



access-list 105 permit ip any any precedence priority log



access-list 105 permit ip any any precedence immediate log



access-list 105 permit ip any any precedence flash log



access-list 105 permit ip any any precedence flash-override

log



access-list 105 permit ip any any precedence critical log



access-list 105 permit ip any any precedence internet log



access-list 105 permit ip any any precedence network log



access-list 105 permit ip any any









interface GigabitEthernet0/1.56ip access-group 105 in



ip access-group 105 out





ping 10.3.3.1 repeat 19 tos 160



ping 10.3.3.1 repeat 15







Probe#sh ip access-lists

105



Extended IP access list 105



10 permit ip any any precedence routine log (34 matches)





20 permit ip any any precedence priority

log



30 permit ip any any precedence immediate

log



40 permit ip any any precedence flash log



50 permit ip any any precedence

flash-override log



60 permit ip any any precedence critical log





70 permit ip any any precedence internet

log



80 permit ip any any precedence network

log



90 permit ip any any

The 19 ICMP packets should fall into the critical

I have tested this on GNS3 and it worked fine !

Is there something global should be enabled on the PE which is 7606?



BR,Mohammad











___

cisco-nsp mailing list  cisco-nsp@puck.nether.net

https://puck.nether.net/mailman/listinfo/cisco-nsp

archive at http://puck.nether.net/pipermail/cisco-nsp/

  
___
cisco-nsp mailing list  cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/

[c-nsp] Xconnect Precednce

2015-09-19 Thread Mohammad Khalil

Hi all
I am trying to test different tos values between CEs 
What am trying to test is default traffic which will fall into the routine 
traffic and another flow which should fall in the critical traffic (tos=160) 

My access-list looks as below


access-list 105 permit ip any any precedence routine log

access-list 105 permit ip any any precedence priority log

access-list 105 permit ip any any precedence immediate log

access-list 105 permit ip any any precedence flash log

access-list 105 permit ip any any precedence flash-override
log

access-list 105 permit ip any any precedence critical log

access-list 105 permit ip any any precedence internet log

access-list 105 permit ip any any precedence network log

access-list 105 permit ip any any




interface GigabitEthernet0/1.56ip access-group 105 in

ip access-group 105 out


ping 10.3.3.1 repeat 19 tos 160 

ping 10.3.3.1 repeat 15

 

Probe#sh ip access-lists
105   

Extended IP access list 105

10 permit ip any any precedence routine log (34 matches) 


20 permit ip any any precedence priority
log

30 permit ip any any precedence immediate
log

40 permit ip any any precedence flash log

50 permit ip any any precedence
flash-override log

60 permit ip any any precedence critical log


70 permit ip any any precedence internet
log

80 permit ip any any precedence network
log

90 permit ip any any
The 19 ICMP packets should fall into the critical 
I have tested this on GNS3 and it worked fine !
Is there something global should be enabled on the PE which is 7606? 

BR,Mohammad




  
___
cisco-nsp mailing list  cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/

[c-nsp] Segment Routing

2015-09-13 Thread Mohammad Khalil

Hi all
I came across segment routing and tried to simulate it using the below topology
CE1 -- XR1 -- XR2 -- CE2

ISIS is the running IGP between the XR boxes and below is the relevant 
configuration

XR1
router isis 1
 is-type level-2-only
 net 49.0001...0010.00
 address-family ipv4 unicast
  metric-style wide
  segment-routing mpls
 !
 interface Loopback0
  address-family ipv4 unicast
   prefix-sid index 1001
  !
 !
 interface GigabitEthernet0/0/0/0
  address-family ipv4 unicast

XR2
router isis 1
 is-type level-2-only
 net 49.0001...0020.00
 address-family ipv4 unicast
  metric-style wide
  segment-routing mpls
 !
 interface Loopback0
  address-family ipv4 unicast
   prefix-sid index 1002
  !
 !
 interface GigabitEthernet0/0/0/0
  address-family ipv4 unicast

XR1
router bgp 1
 address-family vpnv4 unicast
 !
 neighbor 20.20.20.20
  remote-as 1
  update-source Loopback0
  address-family vpnv4 unicast
  !
 !
 vrf MSSK
  rd 1:1
  address-family ipv4 unicast
   redistribute connected

XR2
RP/0/0/CPU0:Clone#sh run router bgp
Sun Sep 13 11:37:16.085 UTC
router bgp 1
 address-family vpnv4 unicast
 !
 neighbor 10.10.10.10
  remote-as 1
  update-source Loopback0
  address-family vpnv4 unicast
  !
 !
 vrf MSSK
  rd 1:1
  address-family ipv4 unicast
   redistribute connected

The issue is that I cannot any labels imposed :
RP/0/0/CPU0:XRnew#sh cef 20.20.20.20/32 | inc labels
Sun Sep 13 11:37:37.416 UTC
 local label 17002  labels imposed {ImplNull}

RP/0/0/CPU0:Clone#sh cef 10.10.10.10/32 | inc labels
Sun Sep 13 11:37:54.372 UTC
 local label 17001  labels imposed {ImplNull}

Another weird issue am facing is that when I change the prefix-sid index on 
both XR boxes to (15001 , 15002 respectively) , no labels are shown at all 

RP/0/0/CPU0:XRnew#sh cef 20.20.20.20/32 | inc labels
Sun Sep 13 11:38:47.211 UTC

Any ideas guys?

Thanks

BR,
Mohammad
  
___
cisco-nsp mailing list  cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/

[c-nsp] SFP/Transceiver Issue

2015-09-08 Thread Mohammad Khalil

Hi all

I am trying to connect a link between my 6509 box and N5K box

The link was functioning well , but now it is never up

I have tried to change the SFP with no luck

Please check below

HQ-UM-CORE-VSS#show int Te2/8/1 transceiver
Transceiver monitoring is disabled for all interfaces.
 
ITU Channel not available (Wavelength not available),
Transceiver is internally calibrated.
If device is externally calibrated, only calibrated values are printed.
++ : high alarm, +  : high warning, -  : low warning, -- : low alarm.
NA or N/A: not applicable, Tx: transmit, Rx: receive.
mA: milliamperes, dBm: decibels (milliwatts).
 
 Optical   Optical
Temperature  Voltage  Current   Tx Power  Rx Power
Port(Celsius)(Volts)  (mA)  (dBm) (dBm)
--  ---  ---      
Te2/8/1   28.8   0.00  69.2 --1.6   2.6 ++
  
HQ-UM-N5K-B# show int ethernet 1/1 transceiver
Ethernet1/1
transceiver is present
type is 10Gbase-(unknown)
name is CISCO-FUJITSU
part number is FIM35050/203
revision is 0001
serial number is FLJ1708K03G
nominal bitrate is 11100 MBit/sec
Link length supported for 9/125um fiber is 80 km
cisco id is --
cisco extended id number is 4

HQ-UM-CORE-VSS#show int tenGigabitEthernet 2/8/1 transceiver detail
Transceiver monitoring is disabled for all interfaces.

ITU Channel not available (Wavelength not available),
Transceiver is internally calibrated.
mA: milliamperes, dBm: decibels (milliwatts), NA or N/A: not applicable.
++ : high alarm, +  : high warning, -  : low warning, -- : low alarm.
A2D readouts (if they differ), are reported in parentheses.
The threshold values are calibrated.

High Alarm  High Warn  Low Warn   Low Alarm
   Temperature Threshold   Threshold  Threshold  Threshold
Port   (Celsius)  (Celsius)   (Celsius)  (Celsius)  (Celsius)
-- --  --  -  -  -
Te2/8/1  33.274.070.0 0.0   -4.0

High Alarm  High Warn  Low Warn   Low Alarm
VoltageThreshold   Threshold  Threshold  Threshold
Port(Volts)(Volts) (Volts)(Volts)(Volts)
--  -----  -  -  -
Te2/8/1 0.00   N/A N/A N/AN/A

High Alarm  High Warn  Low Warn   Low Alarm
CurrentThreshold   Threshold  Threshold  Threshold
Port(milliamperes) (mA)(mA)   (mA)   (mA)
--  -  --  -  -  -
Te2/8/1  69.3 -- N/AN/AN/A   N/A

OpticalHigh Alarm  High Warn  Low Warn   Low Alarm
Transmit Power Threshold   Threshold  Threshold  Threshold
Port(dBm)  (dBm)   (dBm)  (dBm)  (dBm)
--  -  --  -  -  -
Te2/8/1   1.6 7.9 3.9 0.0   -4.0

OpticalHigh Alarm  High Warn  Low Warn   Low Alarm
Receive Power  Threshold   Threshold  Threshold  Threshold
Port(dBm)  (dBm)   (dBm)  (dBm)  (dBm)
--  -  --  -  -  -
Te2/8/1   2.7 ++ -3.0-7.0   -24.0  -28.2


==


HQ-UM-N5K-B# show int eth1/1 transceiver details
Ethernet1/1
transceiver is present
type is 10Gbase-(unknown)
name is CISCO-FUJITSU
part number is FIM35050/203
revision is 0001
serial number is FLJ1708K03G
nominal bitrate is 11100 MBit/sec
Link length supported for 9/125um fiber is 80 km
cisco id is --
cisco extended id number is 4

   SFP Detail Diagnostics Information (internal calibration)
  
Current  Alarms  Warnings
Measurement HighLow High  Low
  
  Temperature   59.88 C75.00 C -5.00 C 70.00 C0.00 C
  Voltage3.24 V 3.63 V  2.97 V  3.46 V3.13 V
  Current   78.10 mA  105.00 mA35.00 mA98.00 mA  42.00 mA
  Tx Power1.70 dBm   6.99 dBm   -4.00 dBm3.99 dBm  0.00 dBm
  Rx PowerN/A --   -3.00 dBm N/A   -7.01 dBm-26.98 dBm
  
  Note: ++  high-alarm; +  high-warning; --  low-alarm; -  low-warning

  *** SFP

1 2 3 4 5 >

1 - 100 of 471 matches

Mail list logo