Re: [c-nsp] BGP blackhole community config

2016-06-19 Thread Rich Davies 
config term
!
ip bgp-community new-format
!
router bgp 100
 neighbor xx.xx.xx.xx remote-as 200 send-community
!
end


Try that and clear your BGP session.   Based on fact you have no "network"
statements to announce directly in BGP you are instead redistributing
static routes into BGP to be announced.   I believe you need to add the "ip
bgp-community new-format" to your global configuration and in addition tell
your neighbor statement to "send-community".

BGP community is an optional transitive attribute its only sent to external
ASN if you tell it to.


More on communities indicating they are (optional) transitive attributes:
http://www.cisco.com/c/en/us/about/press/internet-protocol-journal/back-issues/table-contents-24/bgp-communities.html

On Sun, Jun 19, 2016 at 7:37 PM, Satish Patel  wrote:

> We have setup new BGP configuration with ISP and ISP has been told
> send community "64682:0" for blackholing. I am new in BGP.
>
> I was reading BGP community format is ASN:NN but my ISP ASN number
> isn't 64682 so i am assuming they gave me example (64682:0)
>
> This is what i configure in my router.
>
> router bgp 100
>  bgp log-neighbor-changes
>  redistribute static route-map RTBH
>  neighbor xx.xx.xx.xx remote-as 200
>
>
> route-map RTBH permit 10
>  match tag 666
>  set community :666
>
> route-map RTBH permit 20
>
>
> I have send following null route but it didn't work :(
>
> ip route xx.x.x.xx 255.255.255.255 Null0 tag 666
>
>
> what i am doing wrong? how do i use community to send blackhole route?
> ___
> cisco-nsp mailing list  cisco-nsp@puck.nether.net
> https://puck.nether.net/mailman/listinfo/cisco-nsp
> archive at http://puck.nether.net/pipermail/cisco-nsp/
>
___
cisco-nsp mailing list  cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/

Re: [c-nsp] Cisco and ATM VC => Limit PCR

2016-02-04 Thread Rich Davies 
Typo on my part :

  vbr-nrt 4835 4835 1


On Thu, Feb 4, 2016 at 12:00 PM, Rich Davies <rich.dav...@gmail.com> wrote:

>
> Olivier,
>
> Based on your configuration it appears you are doing an ATM service type
> of VBR-NRT (Variable Bit Rate, Non Real Time).Based on VBR-NRT you can
> use the following ATM traffic parameters:
>
> PCR, CDVT, SCR, MBS
>
>
> http://www.cisco.com/c/en/us/td/docs/routers/7200/design/ATM-traffic_management_guide/atmtrafc_1/atmtovw.html#wp1080353
>
>
> So looks like you can set the PCR to 4830 as your operator has requested:
>
> interface ATM1/0.937 point-to-point
>  pvc LINKONE 1/937 l2transport
>   vbr-nrt 4835 48735 1
>
> You currently have a peak cell rate and average cell rate set to 2048 and
> burst cell size set to 1.   I do not think you can set the CDV/MCR based on
> VBR-NRT service type (those are CBR I believe).   You may want to increase
> your burst rate from 1 to a higher value based on your bandwidth on the
> link/PVC.
>
>
> Rich
>
>
>
> On Thu, Feb 4, 2016 at 3:51 AM, Olivier CALVANO <o.calv...@gmail.com>
> wrote:
>
>> Hi
>>
>> i request a small help on a Cisco with ATM cards.
>>
>> we have a interface:
>>
>> interface ATM1/0.937 point-to-point
>>  mtu 1600
>>  atm route-bridged ip
>>  no atm enable-ilmi-trap
>>  pvc LINKONE 1/937 l2transport
>>   vbr-nrt 2048 2048 1
>>   encapsulation aal5snap
>>   xconnect 192.168.1.1 2043 pw-class Ethernet
>>
>> My problems, this link is satured.
>>
>> My Operator said:
>>  actually PCR 4835 cel/s and CDV 223 us
>>
>> please limite at PCR 4830 cel/s and CDV 224us and MCR at 170 cel/s
>>
>> anyone know where i can create a "class" and put into my interface a
>> limitation ?
>> (a sample of configuration)
>>
>> regards
>> Olivier
>> ___
>> cisco-nsp mailing list  cisco-nsp@puck.nether.net
>> https://puck.nether.net/mailman/listinfo/cisco-nsp
>> archive at http://puck.nether.net/pipermail/cisco-nsp/
>>
>
>
___
cisco-nsp mailing list  cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/

Re: [c-nsp] Cisco and ATM VC => Limit PCR

2016-02-04 Thread Rich Davies 
Olivier,

Based on your configuration it appears you are doing an ATM service type of
VBR-NRT (Variable Bit Rate, Non Real Time).Based on VBR-NRT you can use
the following ATM traffic parameters:

PCR, CDVT, SCR, MBS

http://www.cisco.com/c/en/us/td/docs/routers/7200/design/ATM-traffic_management_guide/atmtrafc_1/atmtovw.html#wp1080353


So looks like you can set the PCR to 4830 as your operator has requested:

interface ATM1/0.937 point-to-point
 pvc LINKONE 1/937 l2transport
  vbr-nrt 4835 48735 1

You currently have a peak cell rate and average cell rate set to 2048 and
burst cell size set to 1.   I do not think you can set the CDV/MCR based on
VBR-NRT service type (those are CBR I believe).   You may want to increase
your burst rate from 1 to a higher value based on your bandwidth on the
link/PVC.


Rich



On Thu, Feb 4, 2016 at 3:51 AM, Olivier CALVANO  wrote:

> Hi
>
> i request a small help on a Cisco with ATM cards.
>
> we have a interface:
>
> interface ATM1/0.937 point-to-point
>  mtu 1600
>  atm route-bridged ip
>  no atm enable-ilmi-trap
>  pvc LINKONE 1/937 l2transport
>   vbr-nrt 2048 2048 1
>   encapsulation aal5snap
>   xconnect 192.168.1.1 2043 pw-class Ethernet
>
> My problems, this link is satured.
>
> My Operator said:
>  actually PCR 4835 cel/s and CDV 223 us
>
> please limite at PCR 4830 cel/s and CDV 224us and MCR at 170 cel/s
>
> anyone know where i can create a "class" and put into my interface a
> limitation ?
> (a sample of configuration)
>
> regards
> Olivier
> ___
> cisco-nsp mailing list  cisco-nsp@puck.nether.net
> https://puck.nether.net/mailman/listinfo/cisco-nsp
> archive at http://puck.nether.net/pipermail/cisco-nsp/
>
___
cisco-nsp mailing list  cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/

Re: [c-nsp] Fw: new message

2015-10-24 Thread Rich Davies 
People who allow themselves to get a virus malware or infected shouldn't be on 
this list.

Sent from my iPhone

> On Oct 24, 2015, at 9:36 PM, Edward avanti  wrote:
> 
> Hey!
> 
> 
> 
> New message, please read 
> 
> 
> 
> Edward avanti
> 
> ___
> cisco-nsp mailing list  cisco-nsp@puck.nether.net
> https://puck.nether.net/mailman/listinfo/cisco-nsp
> archive at http://puck.nether.net/pipermail/cisco-nsp/
___
cisco-nsp mailing list  cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/

Re: [c-nsp] Remote management console servers?

2015-07-15 Thread Rich Davies 
All,

We have been using WTI console servers for many years and so far I have no
issue with them.   The older models had DB9 serial connections and newer
models have RJ-45.   You can pin them out to any serial based console
device.   WTI has been very helpful with assistance on custom pinouts even
when the device is out of warranty.   Also WTI was one of the few remote
console servers which have NEBS compliancy (on their -48 vdc powered
models).One note I will say with these is firewall them otherwise I've
seen a few go unreachable.   After proper firewalling they are stable.


Rich


On Tue, Jul 14, 2015 at 1:03 PM, Scott Granados sc...@granados-llc.net
wrote:

 Hi,

 Wondering what people are doing / best practices for remote management
 generally in datacenter environments.  We have several datacenter with a
 mix of Cisco, F5, Juniper and Palo Alto equipment in each.  All have a
 similar RJ45 type console port and all are pretty much your garden variety
 devices.  Looking for a good solution to gain access when primary
 connectivity is disrupted.  I know back in the day we used 2610XM routers
 with the octopus cables but I’m wondering if there is better available now
 or is this still a good solution?  Do you all use out of band loops for
 remote management like DS1 / DS3 circuits from diverse providers, dial in,
 what’s the standard for remote management?  Do you also have your
 management networks isolated on their own (could be the same) management
 network or do you do some sort of VPN / VRF deal for normal non emergency
 management connectivity?  Any thoughts on the subject would be most
 appreciated.  The last time I built one of these was with 2610XM routers in
 the pops and 7206 routers as aggregation points in each geographic region
 linked together with different T1s and multiplexed to the 7206 regional
 routers with backhaul loops to the NOC.  Seems like a bit of overkill for
 my application now but if this is still the best practice then it might be
 worth while.  Any pointers or other suggestions would be most appreciated.

 Thank you
 Scott

 ___
 cisco-nsp mailing list  cisco-nsp@puck.nether.net
 https://puck.nether.net/mailman/listinfo/cisco-nsp
 archive at http://puck.nether.net/pipermail/cisco-nsp/
___
cisco-nsp mailing list  cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/

Re: [c-nsp] Network monitoring / NMS software

2015-07-13 Thread Rich Davies 
We've transitioned from Nagios/Cacti to check_mk and OMD:

https://mathias-kettner.de/checkmk_omd.html


So far I must say the monitoring is better than Nagios, provides much more
data from servers (has its own process that runs to monitor servers), is
able to parse syslog data but we do not have SNMP traps working with it
yet.Also it has built in graphing (to RRD files) which helps it provide
for a solid MRTG/Cacti replacement.

I would check this out so far it seems quite useful (and opensource/free).


Rich


On Thu, Jul 9, 2015 at 12:51 PM, Scott Granados sc...@granados-llc.net
wrote:

 I know this question comes up from time to time and I’ve myself asked it
 before but it was a while ago and some recent googling seems to indicate
 the landscape has changed a lot.

 I’m looking for recommendations for monitoring software.  Basic alerting,
 SNMP polling, trap handling, reporting, auto discovery and the other
 general features.  Server monitoring would be a nice plus or at least a
 method of adding on that functionality.
 Open NMS is grabbing my interest so far but I’m wondering about commercial
 packages and the advantages of having a vendor to call on especially
 considering we’re a small startup operation so far.  Wonder what people are
 using, what open source or commercial platforms have you tried?  The only
 real requirement I have in terms of environment is that the platform runs
 under Linux and not windows only.  We’re a non windows shop so can’t and
 won’t install a single instance of Windows server just to run monitoring.
 Any pointers and advice folks have would be greatly appreciated. Also
 anyone using open NMS specifically who has any real world experience and
 comments would be appreciated but I’m interested in anything being used and
 your opinions.

 Thanks
 Scott




 ___
 cisco-nsp mailing list  cisco-nsp@puck.nether.net
 https://puck.nether.net/mailman/listinfo/cisco-nsp
 archive at http://puck.nether.net/pipermail/cisco-nsp/
___
cisco-nsp mailing list  cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/

Re: [c-nsp] Cisco 7206VXR with NPE-G1

2015-07-08 Thread Rich Davies 
All,

This is what I am seeing on 7206's with NPE-G1's running IOS 12.4(12b).
Also I might add that I have quite a few of these in service (all with same
rev of IOS, and all are variable traffic throughout a 24 hour timespan
(50-300Mbps):

6#show int gig 0/1
GigabitEthernet0/1 is up, line protocol is up
  Hardware is BCM1250 Internal MAC, address is 0002.fcb7.f01b (bia
0002.fcb7.f01b)
  MTU 1500 bytes, BW 10 Kbit, DLY 100 usec,
 reliability 255/255, txload 158/255, rxload 163/255
  Encapsulation ARPA, loopback not set
  Keepalive set (10 sec)
  Full-duplex, 100Mb/s, media type is RJ45
  output flow-control is XON, input flow-control is XON
  ARP type: ARPA, ARP Timeout 04:00:00
  Last input 00:00:00, output 00:00:00, output hang never
  Last clearing of show interface counters 17w6d
  Input queue: 0/75/1386/38826 (size/max/drops/flushes); Total output
drops: 3120926
  Queueing strategy: fifo
  Output queue: 0/1000 (size/max)
  30 second input rate 64012000 bits/sec, 34831 packets/sec
  30 second output rate 62212000 bits/sec, 36408 packets/sec
 186758885336 packets input, 46288188866751 bytes, 0 no buffer
 Received 0 broadcasts, 0 runts, 0 giants, 0 throttles
 8288 input errors, 0 CRC, 0 frame, 8288 overrun, 0 ignored
 0 watchdog, 5778334 multicast, 0 pause input
 0 input packets with dribble condition detected
 206213751240 packets output, 49186222484144 bytes, 0 underruns
 3 output errors, 0 collisions, 0 interface resets
 0 babbles, 0 late collision, 0 deferred
 3 lost carrier, 0 no carrier, 0 pause output
 0 output buffer failures, 0 output buffers swapped out


I've already swapped out GBICs, fiber, and had the Z-side of these
interfaces troubleshooted and nothing indicates hardware issue, yet the
input errors and overruns occur.

Also when I do a show buffers this is what I am seeing:

Buffer elements:
 1851 in free list (1119 max allowed)
 3838947704 hits, 0 misses, 619 created

Public buffer pools:
Small buffers, 104 bytes (total 69, permanent 50, peak 190 @ 7w0d):
 58 in free list (20 min, 150 max allowed)
 236662807 hits, 150799 misses, 119546 trims, 119565 created
 31355 failures (0 no memory)
Middle buffers, 600 bytes (total 34, permanent 25, peak 265 @ 7w0d):
 32 in free list (10 min, 150 max allowed)
 99477866 hits, 130600 misses, 75340 trims, 75349 created
 34516 failures (0 no memory)
Big buffers, 1536 bytes (total 50, permanent 50, peak 56 @ 7w0d):
 50 in free list (5 min, 150 max allowed)
 56218156 hits, 60 misses, 60 trims, 60 created
 7 failures (0 no memory)
VeryBig buffers, 4520 bytes (total 10, permanent 10):
 10 in free list (0 min, 100 max allowed)
 7 hits, 0 misses, 0 trims, 0 created
 0 failures (0 no memory)
Large buffers, 5024 bytes (total 0, permanent 0):
 0 in free list (0 min, 10 max allowed)
 0 hits, 0 misses, 0 trims, 0 created
 0 failures (0 no memory)
Huge buffers, 18024 bytes (total 1, permanent 0, peak 11 @ 7w0d):
 1 in free list (0 min, 4 max allowed)
 97561 hits, 334 misses, 2460 trims, 2461 created
 0 failures (0 no memory)

Interface buffer pools:
Syslog ED Pool buffers, 600 bytes (total 150, permanent 150):
 118 in free list (150 min, 150 max allowed)
 679286 hits, 0 misses
IPC buffers, 4096 bytes (total 2, permanent 2):
 2 in free list (1 min, 8 max allowed)
 0 hits, 0 fallbacks, 0 trims, 0 created
 0 failures (0 no memory)

Header pools:
Header buffers, 0 bytes (total 1256, permanent 256, peak 1256 @ 7w0d):
 1000 in free list (256 min, 1024 max allowed)
 20360150 hits, 675 misses, 0 trims, 1000 created
 0 failures (0 no memory)
 256 max cache size, 256 in cache
 3913285762 hits in cache, 20359979 misses in cache

Particle Clones:
 1024 clones, 780885 hits, 0 misses

Public particle pools:
F/S buffers, 128 bytes (total 512, permanent 512):
 0 in free list (0 min, 512 max allowed)
 512 hits, 0 misses, 0 trims, 0 created
 0 failures (0 no memory)
 512 max cache size, 512 in cache
 780885 hits in cache, 0 misses in cache
Normal buffers, 512 bytes (total 2048, permanent 2048):
 2048 in free list (1024 min, 4096 max allowed)
 215320690 hits, 96662 misses, 98827 trims, 98827 created
 0 failures (0 no memory)

Private particle pools:
GigabitEthernet0/1 buffers, 512 bytes (total 1000, permanent 1000):
 0 in free list (0 min, 1000 max allowed)
 1000 hits, 0 fallbacks
 1000 max cache size, 872 in cache
 838175508 hits in cache, 0 misses in cache
 14 buffer threshold, 0 threshold transitions
GigabitEthernet0/2 buffers, 512 bytes (total 1000, permanent 1000):
 0 in free list (0 min, 1000 max allowed)
 1000 hits, 64151594 fallbacks
 1000 max cache size, 870 in cache
 662670440 hits in cache, 64151594 misses in cache
 14 buffer threshold, 15169777 threshold transitions
GigabitEthernet0/3 buffers, 512 bytes (total 1000, permanent 1000):

[c-nsp] Cisco 7206VXR with NPE-G1

2015-07-07 Thread Rich Davies 
Hello,

I wanted to reach out to the list to see what is the current and
trusted version of IOS for Cisco 7206VXR with NPE-G1?   I know this
hardware is EOL but we have a few still in use and wanted to get them up to
a newer version of IOS.   We are currently running 12.4(12b) which I think
we are hitting a bug with this IOS (bug ID CSCsz97091) in relation to input
errors and overruns when a show run is done.   I am seeing on our error
trend graphs every hour we take a burst of input errors, and they are timed
exactly to 1 hour interval.  It just so happens our RANCID implementation
is fetching configs every hour, so I have strong suspicion we are hitting
that bug on 12.4(12b).Was wondering what is the best IOS to run on this
NPE-G1?We do OSPF/BGP and minor static routing.   IPSEC would be nice
but not necessary in our situation.


Thanks for any IOS recommendations.


Rich
___
cisco-nsp mailing list  cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/

Re: [c-nsp] Upgrade NPE-400 to NPE-G1

2014-09-03 Thread Rich Davies 
Joseph,

Some things to consider here:

- The NPE-G1 you plan on using, I would boot this up in a spare 7206
chassis and confirm that it boots up normally without any abnormal errors.
 Test it out if you have a spare 7206 chassis and a power supply.

- The NPE-G1 has an integrated IO (input output) - meaning the old IO board
on the front of the 7206 (with the DB25 console and aux ports and 10/100
eth port) you remove that and rely on controlling (configuring) the NPE-G1
via its integrated IO (the NPE-G1 has RJ-45 console right on it...  so you
just take the old IO board out of the front, swap the NPE 400 and NPE-G1
and boot it up.

- The GIGE ports on the NPE-G1 have higher bandwidth capacity than the PCI
bus on the 7200.   Try to use the 10/100/1000 gige connections directly on
the NPE-G1 versus using a Gige or FastE port adapter will save CPU.

- This is not hot swappable you will have downtime during this swap.

- As long as the IOS that is on the NPE-G1 has the same feature sets that
you currently rely on with the NPE-400 your configuration should be able to
move over.   Your NPE-400 configuration is stored on NVRAM so again best
thing to do is get copy of current config (either via TFTP or copy/paste),
boot up the NPE-G1 in spare chassis, and configure it.   Then when its time
to do the swap now you are just swapping the NPE's (and pulling out the IO
board) and wont have to worry about trying to config it on the fly during
your maintenance using a new route processor.


I hope this helps.


Rich



On Wed, Sep 3, 2014 at 4:14 PM, Joseph Mays m...@win.net wrote:

 I have a cisco 7206 VXR with NPE-400 running c7200-ik9su2-mz.123-23.bin. I
 have an NPE-G1 card now that I would like to put in the router instead. Can
 I just swap the NPE-400 for the G1 card and expect it to work? I’m
 attaching the show ver on the NPE-400 system showing the bootloader, IOS,
 etc.

 core-gw1.noc#show ver
 Cisco Internetwork Operating System Software
 IOS (tm) 7200 Software (C7200-IK9SU2-M), Version 12.3(23), RELEASE
 SOFTWARE (fc5)
 Technical Support: http://www.cisco.com/techsupport
 Copyright (c) 1986-2007 by cisco Systems, Inc.
 Compiled Tue 24-Jul-07 21:42 by stshen
 Image text-base: 0x60008AF4, data-base: 0x61F61720

 ROM: System Bootstrap, Version 12.2(4r)B, RELEASE SOFTWARE (fc1)
 BOOTLDR: 7200 Software (C7200-BOOT-M), Version 12.0(24)S, EARLY DEPLOYMENT
 RELEASE SOFTWARE (fc1)

 core-gw1.noc uptime is 1 year, 14 weeks, 6 days, 22 hours, 58 minutes
 System returned to ROM by power-on
 System restarted at 16:57:27 EDT Tue May 21 2013
 System image file is disk0:c7200-ik9su2-mz.123-23.bin


 This product contains cryptographic features and is subject to United
 States and local country laws governing import, export, transfer and
 use. Delivery of Cisco cryptographic products does not imply
 third-party authority to import, export, distribute or use encryption.
 Importers, exporters, distributors and users are responsible for
 compliance with U.S. and local country laws. By using this product you
 agree to comply with applicable laws and regulations. If you are unable
 to comply with U.S. and local laws, return this product immediately.

 A summary of U.S. laws governing Cisco cryptographic products may be found
 at:
 http://www.cisco.com/wwl/export/crypto/tool/stqrg.html

 If you require further assistance please contact us by sending email to
 exp...@cisco.com.

 cisco 7206VXR (NPE400) processor (revision A) with 491520K/32768K bytes of
 memory.
 Processor board ID 20399590
 R7000 CPU at 350MHz, Implementation 39, Rev 3.3, 256KB L2 Cache
 6 slot VXR midplane, Version 2.0

 Last reset from power-on
 Bridging software.
 X.25 software, Version 3.0.0.

 PCI bus mb0_mb1 (Slots 0, 1, 3 and 5) has a capacity of 600 bandwidth
 points.
 Current configuration on bus mb0_mb1 has a total of 800 bandwidth points.
 The set of PA-2FE, PA-POS-2OC3, and I/O-2FE qualify for half
 bandwidth points consideration, when full bandwidth point counting
 results in oversubscription, under the condition that only one of the
 two ports is used. With this adjustment, current configuration on bus
 mb0_mb1 has a total of 800 bandwidth points.
 This configuration has oversubscripted the PCI bus and is not a
 supported configuration.

 PCI bus mb2 (Slots 2, 4, 6) has a capacity of 600 bandwidth points.
 Current configuration on bus mb2 has a total of 380 bandwidth points
 This configuration is within the PCI bus capacity and is supported.

 Please refer to the following document Cisco 7200 Series Port Adaptor
 Hardware Configuration Guidelines on Cisco.com http://www.cisco.com
 for c7200 bandwidth points oversubscription and usage guidelines.

 WARNING: PCI bus mb0_mb1 Exceeds 600 bandwidth points

 3 FastEthernet/IEEE 802.3 interface(s)
 1 Gigabit Ethernet/IEEE 802.3 interface(s)
 2 Serial network interface(s)
 125K bytes of non-volatile configuration memory.

 46976K bytes of ATA PCMCIA card at slot 0 (Sector size 512 bytes).
 4096K bytes of Flash

[c-nsp] Cisco 2811 functioning as an ITP - required hardware

2014-08-13 Thread Rich Davies 
Hello,

Was wondering if anyone on this list is using a Cisco 2811 as an ITP (for
SS7 STP functions) and if so is this module required to do T1 TDM:

VWIC-2T1/E1-RAN

The following documentation states that is required however the more I read
up on the VWIC-2T1/E1-RAN has additional features that I do not think I
require (such as RAN transport over IP, or 2G/3G):

http://www.cisco.com/c/en/us/products/collateral/wireless/ip-transfer-point/product_data_sheet09186a00800925b1.html

I am looking to potentially use a 2811 as an ITP and it has a TDM side that
will face a LEC for SS7 signalling.Trying to determine if the
VWIC-2T1/E1-RAN is the only module that would work in this application, or
can I use one of the older (and less expensive) T1 controller WICS (such as
VWIC2-2MFT-T1/E1)?

Would rather buy a few of a cheaper linecard/module than only have 1 or 2
of the more expensive one.

On another note - I would personally rather use a 7206VXR with NPE-G1 to do
this however Cisco does not have any IOS images for the NPE-G1 anymore
(even though it is a quite capable RP if used in the proper environment).
Can not locate an ITP/SS7 image for the NPE-G1, let alone any for that RP :(

Any input would be greatly appreciated.



Thanks,

Rich
___
cisco-nsp mailing list  cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/

[c-nsp] Recommendations on Cisco TDM SS7 to IP (Sigtran) box

2014-06-23 Thread Rich Davies 
Hello,

Looking for any Cisco hardware recommendations regarding converting TDM SS7
to Sigtran.   Seems their older ITP's can do this, along with SS7 IOS
feature sets on some of their older routers (I noticed they even reference
2651XM, 7507, etc).

Looking for small form factor, NEBS compliancy (DC power supplies), and a
handful of SS7 over T1 which would perform the interworking to Sigtran.
Not looking for brand new trying to make this happen on a low budget and I
know alot of this stuff is EOL with Cisco (and thats fine, as long as it
does the job).


Thanks for any input.


Rich
___
cisco-nsp mailing list  cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/

[c-nsp] High CPU on Cisco 7606 (SUP2/MSFC2/PFC2) w GRE tunnels

2014-06-11 Thread Rich Davies 
Hello,

I am doing some troubleshooting on a Cisco 7606 in regards to high CPU
(between 50 and 75%).   When I do a show proc cpu I do not show any
processes that are using up the CPU.  The one thing we are doing
differently on this router is terminating about 4 GRE tunnels.  In addition
when I do a show mls stats I am showing the router is currently
processing about 500,000 PPS:

#show mls statistics

Statistics for Earl in Module 1

L2 Forwarding Engine
  Total packets Switched: 943744507055

L3 Forwarding Engine
  Total Packets L3 Switched : 943744507055 @ 520113 pps

  Total Packets Bridged : 159661113984
  Total Packets FIB Switched: 783029776276
  Total Packets ACL Routed  : 0
  Total Packets Netflow Switched: 0
  Total Mcast Packets Switched/Routed   : 884048717
  Total ip packets with TOS changed : 0
  Total ip packets with COS changed : 0
  Total non ip packets COS changed  : 0
  Total packets dropped by ACL  : 779576
  Total packets dropped by Policing : 0
  Total Unicast RPF failed packets  : 0

Errors
  MAC/IP length inconsistencies : 1
  Short IP packets received : 0
  IP header checksum errors : 0
  MAC/IPX length inconsistencies: 0
  Short IPX packets received: 0

Total packets L3 Switched by all Modules: 943744507055 @ 520113 PPS



I recently read a Cisco forum document that stated GRE tunnels can push up
CPU if they share the same source interface and suggestion was to use 1
loopback interface per GRE tunnel:

https://supportforums.cisco.com/discussion/10920621/high-cpu-utilization-7600-rsp720-and-gre-tunnel


I have performed re-configuration of our GRE tunnels to use a Loopback
interface as source however I am still seeing CPU in range of 50-75%.

Should GRE tunnels cause this much of a CPU increase?

I guess my other question is in relation to software switched versus
hardware switched.   I am showing that my GRE interfaces are using FastCEF
so I would expect performance not to be an issue however the GRE tunnel
(and Loopback) are indeed software interfaces so does CEF even come into
play regarding GRE tunnel interfaces?


#show mod
Mod Ports Card Type  Model  Serial
No.
--- - -- --
---
  12  Catalyst 6000 supervisor 2 (Active)WS-X6K-SUP2-2GE
 SAL08486LSL
  38  8 port 1000mb GBIC Enhanced QoSWS-X6408A-GBIC
SAL050630Y0

Mod MAC addresses   HwFw   Sw
Status
--- -- --  
---
  1  0012.0150.4ad0 to 0012.0150.4ad1   5.1   7.1(1)   12.1(27b)E1  Ok
  3  0001.9724.0e54 to 0001.9724.0e5b   1.3   5.4(2)   8.5(0.23)COS Ok

Mod Sub-Module  Model   Serial   Hw
Status
--- --- --- --- ---
---
  1 Policy Feature Card 2   WS-F6K-PFC2 SAL084764AX  3.5Ok
  1 Cat6k MSFC 2 daughterboard  WS-F6K-MSFC2SAL08517DM7  2.8Ok

Mod Online Diag Status
--- ---
  1 Pass
  3 Pass


I have been referring to this document quite a bit to reference PPS:

http://www.cisco.com/web/partners/downloads/765/tools/quickreference/routerperformance.pdf

With the MSFC2/PFC2 I would expect to have a capacity of 15/30 million PPS
on this 7606 however I suspicion I am hitting bottleneck of a software
switched interface (500,000 for software-switched CEF).


Anyone have any pointers or tips?I know many will be laughing that
MSFC2/PFC2 is still in play but it is what it is.  Should I consider
offloading these tunnels to another device?

The nature of the high PPS traffic is RTP/VOIP (so many PPS of smaller
packets).



Thanks,

Rich
___
cisco-nsp mailing list  cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/

[c-nsp] Utilize 7600 to backhaul TDM-based channelized DS3's

2013-04-02 Thread Rich Davies 
Hello,

We currently have 7609's deployed at both sides of this dark fiber and
running IP layer 3 in between with OSPF/BGP.  Due to some network changes I
am tasked with backhaul of channelized DS3 (TDM) circuits over this
existing scenario.We are used to using optical transport/DWDM gear to
perform this DS3 backhaul function but in this situation we already have
two 7609's and was considering possibility of performing pseudowire AToM
for the TDM DS3's to keep the 7609 in place.

Does anyone have any suggestions in regards to required IOS versions, route
processors, or DS3 linecards that are capable of MPLS pseudowire that are
applicable for the Cisco 7609?


Thanks,

Rich
___
cisco-nsp mailing list  cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/

Re: [c-nsp] LX GBIC at half duplex?

2012-10-23 Thread Rich Davies 
If you have an fiber coupler (SC) you can loop TX to RX and verify that
link comes up on the 3550 side on your section of fiber.   Also if media
converter has ability to do any internal loop tests (in either direction)
that would be good too.You may be able to plug an ethernet RJ45
loopback into the media converter and in turn loop it thru media converter
and across the fiber.

Based on what you told me it sounds like media converter is bad  but
try any looping you can with the circuit to determine where its failing.
 You should be able to at least verify if your GBIC and fiber is good.


Rich


On Tue, Oct 23, 2012 at 2:40 PM, Jason Lixfeld ja...@lixfeld.ca wrote:

 Hi all,

 Running up against an odd issue where we have a 3550 with an LX GBIC
 trying to talk to a copper port on an ME3600 with a media converter in the
 middle.  The ME3600 side always shows as up; we disabled fault passthrough
 on the MC.  The LX GBIC on the 3550 side shows down/down with negotiation
 enabled, so with negotiation disabled, it shows up/up, but at half
 duplex(?!).  Anyone seen this before?  I didn't think an LX GBIC at half
 duplex was possible, even with negotiation disabled as there is still no
 way to force the duplex in that state.  Bad GBIC?  Media converter borked?
  Gremlins?

 I'd be grateful for any insight gleaned from prior experiences..

 Thanks in advance.

 For completeness:

 Model number: WS-C3550-24-SMI
 System image file is flash:c3550-ipservicesk9-mz.122-35.SE5.bin

 TOYF-1.10-1.A920#show int g0/1
 GigabitEthernet0/1 is up, line protocol is up (connected)
   Hardware is Gigabit Ethernet, address is 0014.6aa4.0c00 (bia
 0014.6aa4.0c00)
   Description: Facing gi0-24.pe01.171EastLibertySt01.YYZ
   Internet address is 1.1.1.1/30
   MTU 1500 bytes, BW 100 Kbit, DLY 10 usec,
  reliability 255/255, txload 1/255, rxload 1/255
   Encapsulation ARPA, loopback not set
   Keepalive not set
   Half-duplex, 1000Mb/s, link type is force-up, media type is 1000BaseLX
   input flow-control is off, output flow-control is on
   ARP type: ARPA, ARP Timeout 04:00:00
   Last input 23:14:46, output 00:00:02, output hang never
   Last clearing of show interface counters 06:02:06
   Input queue: 0/75/0/0 (size/max/drops/flushes); Total output drops: 0
   Queueing strategy: fifo
   Output queue: 0/40 (size/max)
   5 minute input rate 0 bits/sec, 0 packets/sec
   5 minute output rate 0 bits/sec, 0 packets/sec
  0 packets input, 144492 bytes, 0 no buffer
  Received 0 broadcasts (0 IP multicasts)
  0 runts, 0 giants, 0 throttles
  0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored
  0 watchdog, 0 multicast, 0 pause input
  0 input packets with dribble condition detected
  326 packets output, 122306 bytes, 0 underruns
  0 output errors, 0 collisions, 0 interface resets
  0 babbles, 0 late collision, 0 deferred
  0 lost carrier, 0 no carrier, 0 PAUSE output
  0 output buffer failures, 0 output buffers swapped out
 TOYF-1.10-1.A920#sh run int g0/1
 Building configuration...

 Current configuration : 167 bytes
 !
 interface GigabitEthernet0/1
  no switchport
  ip address 1.1.1.1 255.255.255.252
  speed nonegotiate
 end

 TOYF-1.10-1.A920#show mac address-table int g0/1
   Mac Address Table
 ---

 VlanMac Address   TypePorts
 ---   -
 TOYF-1.10-1.A920#

 .


 TOYF-1.10-1.A920#sh int g0/1
 GigabitEthernet0/1 is down, line protocol is down (notconnect)
   Hardware is Gigabit Ethernet, address is 0014.6aa4.0c00 (bia
 0014.6aa4.0c00)
   Description: Facing gi0-24.pe01.171EastLibertySt01.YYZ
   Internet address is 1.1.1.1/30
   MTU 1500 bytes, BW 100 Kbit, DLY 10 usec,
  reliability 255/255, txload 1/255, rxload 1/255
   Encapsulation ARPA, loopback not set
   Keepalive not set
   Auto-duplex, Auto-speed, link type is auto, media type is 1000BaseLX
   input flow-control is off, output flow-control is on
   ARP type: ARPA, ARP Timeout 04:00:00
   Last input 23:18:01, output 00:00:18, output hang never
   Last clearing of show interface counters 00:00:32
   Input queue: 0/75/0/0 (size/max/drops/flushes); Total output drops: 0
   Queueing strategy: fifo
   Output queue: 0/40 (size/max)
   5 minute input rate 0 bits/sec, 0 packets/sec
   5 minute output rate 0 bits/sec, 0 packets/sec
  0 packets input, 0 bytes, 0 no buffer
  Received 0 broadcasts (0 IP multicasts)
  0 runts, 0 giants, 0 throttles
  0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored
  0 watchdog, 0 multicast, 0 pause input
  0 input packets with dribble condition detected
  4 packets output, 1210 bytes, 0 underruns
  0 output errors, 0 collisions, 0 interface resets
  0 babbles, 0 late collision, 0 deferred
  0 lost carrier, 0 no carrier, 0 PAUSE output
  0 output buffer failures, 0 output buffers swapped out
 TOYF-1.10-1.A920#sh run int g0/1
 Building

[c-nsp] TDMOP solution

2012-07-03 Thread Rich Davies 
Hello Cisco-NSP community:

I am looking into product selection for a TDM over IP solution
(specifically channelized DS3 M23 framed).   Does anyone have any
recommends on the Cisco side (or even non-Cisco) for performing TDM circuit
transportation over IP ?  I did some research and came across a non-Cisco
product RAD Data Communications GMUX-2000 which can supposedly perform
the TDMOP functions but I have never worked
with their gear before so have no previous experience w/ this company and
their product.

Also I am curious if anyone has any recommendations from the Cisco side (as
that is where my experience lies).   I would think an MPLS enabled core
would be prerequisite in order to tunnel TDM traffic across an IP
infrastructure with appropriate translation devices.


Thanks,

Rich
___
cisco-nsp mailing list  cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/

Re: [c-nsp] Nexus 7k BGP Redistribute into EIGRP

2012-04-21 Thread Rich Davies 

Yes run default-information originate on you're core/border router's 
ospf/eigrp process.  That should be your IGP def route separate from the EBGP 
learned default route.  Can run this on more than one core/border router to get 
traffic back to core.

Rich


Sent from my iPhone

On Apr 21, 2012, at 9:33 AM, Skeeve Stevens skeeve+cisco...@eintellego.net 
wrote:

 Hey all,
 
 Got an odd problem with a Nexus 7010.
 
 We're taking in a default route from an upstream and we're wanting to
 redistribute the default route into EIGRP.
 
 The route is getting in just fine, but for some reason it isn't
 redistributing into EIGRP.  We've tried OSFP as well, but no go.
 
 We're running Image version:   6.0(1) [build 6.0(0.66)]
 
 The TAC has been looking into it, but they've gone off to with a confused
 look on their face.
 
 If anyone has experienced anything like this and had a resolution, please
 let me know.
 
 
 *Skeeve Stevens, CEO*
 eintellego Pty Ltd
 ske...@eintellego.net ; www.eintellego.net http://www.eintellego.net.au
 
 Phone: 1300 753 383 ; Fax: (+612) 8572 9954
 
 Cell +61 (0)414 753 383 ; skype://skeeve
 
 facebook.com/eintellego
 
 twitter.com/networkceoau ; www.linkedin.com/in/skeeve
 
 PO Box 7726, Baulkham Hills, NSW 1755 Australia
 
 The Experts Who The Experts Call
 Juniper - Cisco – Brocade - IBM
 ___
 cisco-nsp mailing list  cisco-nsp@puck.nether.net
 https://puck.nether.net/mailman/listinfo/cisco-nsp
 archive at http://puck.nether.net/pipermail/cisco-nsp/

___
cisco-nsp mailing list  cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/

Re: [c-nsp] Design question for 7206VXR Port Adapters

2011-01-31 Thread Rich Davies 
stumbled on 7500/7200 port adapter which does 8 T1/E1 IMA:

Product Number
 Description
PA-A3-8T1IMA

Eight-port T1 ATM port adapter with IMA
PA-A3-8E1IMA

Eight-port E1 ATM port adapter with IMA


taken from:
http://www.cisco.com/en/US/products/hw/modules/ps2033/products_data_sheet09186a0080091d6c.html


-Rich



On Mon, Jan 31, 2011 at 9:55 AM, Gert Doering g...@greenie.muc.de wrote:

 Hi,

 On Sun, Jan 30, 2011 at 06:39:36PM +, Michael Sokolov wrote:
  I have no idea if Cisco ever made anything like this - can someone else
  on this list (someone from Cisco maybe) clue us in on this?

 There's a NM for the 2600 series that will do IMA - AFAIR it's called
 something like NM-A1-4E1IMA or such.

 I haven't seen ATM E1/T1 interfaces for the 7200 at all, with or without
 IMA.  T3, OC3, yes.  E1, no.

 gert
 --
 USENET is *not* the non-clickable part of WWW!
   //
 www.muc.de/~gert/ http://www.muc.de/%7Egert/
 Gert Doering - Munich, Germany
 g...@greenie.muc.de
 fax: +49-89-35655025
 g...@net.informatik.tu-muenchen.de

 ___
 cisco-nsp mailing list  cisco-nsp@puck.nether.net
 https://puck.nether.net/mailman/listinfo/cisco-nsp
 archive at http://puck.nether.net/pipermail/cisco-nsp/

___
cisco-nsp mailing list  cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/

[c-nsp] Cisco AS5814 - maximum T3 modules?

2011-01-15 Thread Rich Davies 
Hello,

Can anyone tell me if they have ran more than 2 or 4 T3 modules in a Cisco
AS5814 dial shelf?   Cisco's documentation states that only two T3 modules
per chassis however I have seen configurations that have either 3 or 4
wanted to know if more is possible.


Thanks,

Rich
___
cisco-nsp mailing list  cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/

[c-nsp] Seeking input on VPN throughput on Cisco 7206 w/ NPE-G1

2011-01-13 Thread Rich Davies 
Hello,

I am looking to potentially terminate a site-to-site IPSEC VPN on a Cisco
7206VXR with NPE-G1 route processor.   Can anyone tell me what the VPN
throughput is of this hardware setup?  Also is there an official Cisco
document with this information?   I tried a few searches and it seems most
of the throughput comparisons are based on the 7206 having the SA-VAM2+ VPN
accelerator module installed which I do not have.


Thanks,

Rich
___
cisco-nsp mailing list  cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/

Re: [c-nsp] link flaps

2010-12-06 Thread Rich Davies 
How big is the circuit that is in between your MUXes?   GRE tunnel adds 24
bytes of packet overhead (GRE packet tax) so if you have a small circuit you
may have bandwidth issues.   You need to think about how many packets you
will be pushing across this circuit x 24 bytes/packet it all adds up
compared to an event driven solution (Cisco EEM).


-Rich



On Mon, Dec 6, 2010 at 10:17 AM, jack daniels jckdaniel...@gmail.comwrote:

 can I make GRE with KEEPALIVE
 and configure dampening on GRE

 On Mon, Nov 29, 2010 at 5:00 PM, Oliver Boehmer (oboehmer)
 oboeh...@cisco.com wrote:
 
  but my local mux to router ethernet will nveer go down...so how will
  dampening help in this case..
 
  it won't help then, but I sort of inferred as you mentioned if links
  flaps 3 or 4 times in say 1 min.. sorry, my bad.
 
  in that case, object or route tracking (tracking remote IP reachability)
  with some EEM magic could do the trick.. Not an expert in this domain..
 
 oli
 

 ___
 cisco-nsp mailing list  cisco-nsp@puck.nether.net
 https://puck.nether.net/mailman/listinfo/cisco-nsp
 archive at http://puck.nether.net/pipermail/cisco-nsp/

___
cisco-nsp mailing list  cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/

[c-nsp] Recommend router for ATM OC-12

2010-06-25 Thread Rich Davies 
Hello,

Someone has asked me a question regarding what Cisco router platform can
handle an ATM OC-12.   I did some digging and it seems the 7200 platform
(with NPE-G1/G2) is unable to handle this.   If a 7600 (7603 actually) was
used what type of SUP/RP is needed to do ATM OC-12?  (will SUP2/SUP32 work
or is RSP/SUP 720 needed)?


Thanks for any input.


-Rich
___
cisco-nsp mailing list  cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/

Re: [c-nsp] Recommend router for ATM OC-12

2010-06-25 Thread Rich Davies 
What if I went with the SUP2 and the Cisco OC-12/STM-4 ATM Enhanced Optical
Services Module (OSM) on a 7603?   I realize the OC-12 ATM OSM is EOL but if
unsupported/cheap is the goal will it work with the Supervisor 2 with MSFC2?

Thanks again,

-Rich


On Fri, Jun 25, 2010 at 1:38 PM, Benjamin Lovell belov...@cisco.com wrote:

 SUP2 will not work as I do not believe the SIP modules needed for ATM
 interfaces are supported.

 SUP32 should work as long as the SIP needed is supported(not 100% sure
 about SIP support on SUP32) but SUP32 can easily move this much traffic.

 SUP720/RSP720 will defiantly work.

 -Ben


 On Jun 25, 2010, at 10:50 AM, Rich Davies wrote:

  Hello,
 
  Someone has asked me a question regarding what Cisco router platform can
  handle an ATM OC-12.   I did some digging and it seems the 7200 platform
  (with NPE-G1/G2) is unable to handle this.   If a 7600 (7603 actually)
 was
  used what type of SUP/RP is needed to do ATM OC-12?  (will SUP2/SUP32
 work
  or is RSP/SUP 720 needed)?
 
 
  Thanks for any input.
 
 
  -Rich
  ___
  cisco-nsp mailing list  cisco-nsp@puck.nether.net
  https://puck.nether.net/mailman/listinfo/cisco-nsp
  archive at http://puck.nether.net/pipermail/cisco-nsp/


___
cisco-nsp mailing list  cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/

[c-nsp] Request suggestions on Network Monitoring / NOC service

2010-05-17 Thread Rich Davies 
Hello,

I am working with a customer (ISP/CLEC) who is interested in migrating their
first level NOC-type functions (on-call, pager monitoring, 1st level
response) to a 3rd party.  Has anyone on this list went through the process
before and also any suggestions regarding affordable monitoring
service/companies?


Thanks,

Rich

rich.dav...@gmail.com
___
cisco-nsp mailing list  cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/

[c-nsp] Need recommendation for Cisco layer 3 GIG switch

2010-04-05 Thread Rich Davies 
Hello,

I was looking at picking up a Cisco 3550-12G for an upcoming project (to use
as a layer 3 distribution switch with 3550's hanging off it) however my
application requires DC power and the 3550-12G is only AC.   Can anyone
recommend an equivalent/better switch?


Thanks so much!


-Rich
___
cisco-nsp mailing list  cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/

Re: [c-nsp] Need input for router purchas

2010-03-31 Thread Rich Davies 
Thank you all for the input on router selection.

Even though the power supplies are on the rear of the 7200 it seems it is on
the allowed equipment listing for the carrier we are going to be co-locating
with.

It turns out that the OC-12 requirement was changed to OC-3.  This is making
us lean towards 7200's (we have 7200 spares already from left over dial
shelves).   Can anyone tell me what is the performance (Mb/s, PPS) I would
expect to get out of a NPE-G1 and also can it handle full internet routing
table (with max memory)?   Also what is the most stable/trusted ver of IOS
for 7200 with NPE-G1 (BGP internet router... no MPLS).

Thanks again for all your input!


-Rich


On Tue, Mar 30, 2010 at 9:25 PM, scott owens scottowen...@gmail.com wrote:

 You know that NEBs has different levels of compliance ?
 http://www.nebs-faq.com/what_is_nebs_level_3.htm

 If this is for a short term ( 1 month or 6 ? )
 do you REALLY need a super duper studly box ?
 Are you going to have to do the conversion from an OC circuit or can you
 get
 this in a gigE ?
 Carriers have adopted over the last few years and optical is not always the
 only choice
 If you could get away with gigE you could buy a 3845 w/gig of ram for under
 5K - I have a 3845 in test lab w/2 1GB and some optical.

 7201s can go to 2 gb ram and have a PA slot

 Are you going to be doing POS, ATM, .  Is your rendundancy requirements
 2 holes in one box ? 2 boxes ?
 Is the interface OC12 but with a lower pps requirements ?
 If you could get away with a 7206 shoot me an email  I may have one or two
 I
 could lend if they would work
 http://www.nebs-faq.com/what_is_nebs_level_3.htm

  Message: 4
  Date: Tue, 30 Mar 2010 15:34:56 -0400
  From: Rich Davies rich.dav...@gmail.com
  To: cisco-nsp@puck.nether.net
  Subject: [c-nsp] Need input for router purchase
  Message-ID:
 3e4b8fe11003301234h47e62748p7c0820ec45f81...@mail.gmail.com
  Content-Type: text/plain; charset=ISO-8859-1
 
  Hello,
 
  I am involved with a short-term project involving the
 purchase/installation
  of a Cisco router which is capable of the following:
 
  - OC-12 WAN interface
  - High throughout (PPS)
  - Redundancy
  - Full routing table
 
  I have looked at the 7600 and it is a viable option however we are also
  looking at anything that will help cut costs down (i.e., 7206 VXR with
 NPE
  G1/G2 and so on).  One key thing we need is this equipment will be
  installed with a carrier that has high demands (NEBS compliancy etc).
  What would be the best router to investigate for such needs?  (ASR?)
 
 
  -Rich
 
 ___
 cisco-nsp mailing list  cisco-nsp@puck.nether.net
 https://puck.nether.net/mailman/listinfo/cisco-nsp
 archive at http://puck.nether.net/pipermail/cisco-nsp/

___
cisco-nsp mailing list  cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/

[c-nsp] Need input for router purchase

2010-03-30 Thread Rich Davies 
Hello,

I am involved with a short-term project involving the purchase/installation
of a Cisco router which is capable of the following:

- OC-12 WAN interface
- High throughout (PPS)
- Redundancy
- Full routing table

I have looked at the 7600 and it is a viable option however we are also
looking at anything that will help cut costs down (i.e., 7206 VXR with NPE
G1/G2 and so on).  One key thing we need is this equipment will be
installed with a carrier that has high demands (NEBS compliancy etc).
What would be the best router to investigate for such needs?  (ASR?)


-Rich
___
cisco-nsp mailing list  cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/

Re: [c-nsp] Tracking bandwidth hogs ... any recommendations ?

2009-03-26 Thread Rich Davies 
You can turn up a NetFlow server which is at times complex or time
consuming.   A quick/dirty way to find out who is causing your issue may be
just to enable ip route-cache flow on a L3 interface that his traffic is
flowing through, then doing show ip cache flow - if he's sending out a ton
of packets you may be able to catch it w/ this versus going the NetFlow
route (NetFlow is much much better but unless you have a ton of unix/linux
background getting the netflow collector/analyzer active may be a complex
chore in itself..)

FYI I saw that SolarWinds just put out a free/30 day demo NetFlow
collector/analyzer in the past few months you can try that for a quick Win32
NetFlow software solution to isolate this quick...

http://www.solarwinds.com/products/orion/nta/


Best of luck!


-Rich


On Thu, Mar 26, 2009 at 8:15 AM, Wilkinson, Alex 
alex.wilkin...@dsto.defence.gov.au wrote:

 Hi all,

 I would like to put in place measures to be able to pin point the
 particular
 user(s) who are thrashing out our WAN connection. I am thinking ...

  Mirror all ports (SPAN) to a spare port and use trafshow to pinpoint the
 culprit.

 However, i am curious how others deal with this situation ?

  -aW

 IMPORTANT: This email remains the property of the Australian Defence
 Organisation and is subject to the jurisdiction of section 70 of the CRIMES
 ACT 1914.  If you have received this email in error, you are requested to
 contact the sender and delete the email.


 ___
 cisco-nsp mailing list  cisco-nsp@puck.nether.net
 https://puck.nether.net/mailman/listinfo/cisco-nsp
 archive at http://puck.nether.net/pipermail/cisco-nsp/

___
cisco-nsp mailing list  cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/

Re: [c-nsp] Alternatives to Cisco's TACACS server?

2008-11-24 Thread Rich Davies 
Here is an example CatOS config for TACACS auth.  It's been awhile since I
used a CatOS device however if I remember correctly this config was
structured so that if the device can't talk to the TACACS server it would
fail back to a local userid (by using if-authenticated in the
#authorization section).


#tacacs+
set tacacs server 1.1.1.1 primary
set tacacs server 2.2.2.2
set tacacs key [tacacs key]

#authentication
set authentication login tacacs enable console primary
set authentication login tacacs enable telnet primary
set authentication enable tacacs enable console primary
set authentication enable tacacs enable telnet primary

#accounting
set accounting exec enable stop-only tacacs+
set accounting connect enable stop-only tacacs+
set accounting system enable stop-only tacacs+
set accounting commands enable all stop-only tacacs+

#authorization
set authorization exec enable tacacs+ if-authenticated console
set authorization exec enable tacacs+ if-authenticated telnet
set authorization enable enable if-authenticated none console
set authorization enable enable if-authenticated none telnet
set authorization commands enable all if-authenticated none console
set authorization commands enable all if-authenticated none telnet


Hope it helps.

-Rich


On Mon, Nov 24, 2008 at 10:48 AM, Christian Koch
[EMAIL PROTECTED]wrote:

 on a side note -

 has anyone had any success getting older catos switches and enable
 mode to work with the newer versions of tacplus?

 christian

 On Mon, Nov 24, 2008 at 10:41 AM,  [EMAIL PROTECTED] wrote:
  Hi,
 
  The fork based on Cisco's code over at shrubbery has worked out well for
 me.
 
 
  http://www.shrubbery.net/tac_plus/
 
  agreed. also note, theres been hints of TACACS+ being part of
  future FreeRADIUS capability for some time too.
 
  alan
  ___
  cisco-nsp mailing list  cisco-nsp@puck.nether.net
  https://puck.nether.net/mailman/listinfo/cisco-nsp
  archive at http://puck.nether.net/pipermail/cisco-nsp/
 
 ___
 cisco-nsp mailing list  cisco-nsp@puck.nether.net
 https://puck.nether.net/mailman/listinfo/cisco-nsp
 archive at http://puck.nether.net/pipermail/cisco-nsp/

___
cisco-nsp mailing list  cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/

Re: [c-nsp] can I know what is this command issue and want to learn about cisco best practice

2008-10-17 Thread Rich Davies 
kcc,

Best practice would be to setup an authentication server (TACACS/RADIUS) and
point your gear to that for your AAA, then setup a failsafe userid for when
the device can not talk to the authentication server you still have a backup
account.   Having an auth server is great because you can manage users in 1
place (much easier for long-term administration).  In addition to managing
the user accounts you can get accounting logs which will provide you
tracking for what commands/config changes that user makes).

Also you should consider using level 5 encryption on your userids versus
level 7.   Level 5 password encryption uses an MD5 hash (stronger) whereas
level 7 passwords can be easily broken.

Example:

username test secret mypassword

Using the secret option versus password will cause it to use the
stronger encryption (MD5).

Another thing regarding best practices - your privilege level in your
example is 15:

 cisco6513(config)#username peter privilege 15 password 7 peterpassword

Do you want that userid to have level 15 access immediately?  You could skip
specifying a privilege level and have an enable secret setup which would
require the user to enter a second password (enable) before being granted
FULL level 15 access.  Having multiple levels of passwords is stronger
security versus 1 password then full access (depends on your security needs
really).

Also regarding best practices you should setup a syslog server to start
logging your devices to it.  Makes it much easier to track/troubleshoot an
issue (and be able to pull that data long term i.e., a year or so after the
event happened...)


-Rich




On Fri, Oct 17, 2008 at 3:15 PM, kcc [EMAIL PROTECTED] wrote:

 Thank you so much. Good learning for me
 ls there any best practice tip also?
 I heard some AAA model. but I don't know exactly

 Thank you


 On Fri, Oct 17, 2008 at 2:30 PM, Stephen Kratzer [EMAIL PROTECTED] wrote:

  On Friday 17 October 2008 13:28:35 kcc wrote:
Hi all
   
I am new in cisco
   
1/ Can I know what is this command issue?
   
cisco6513(config)#username peter privilege 15 password 7
 peterpassword
Invalid encrypted password: peterpassword
 
  This command is invalid because the string 'peterpassword' is plaintext.
  Change the 7 to 0.
 
2/ I want to learn about best practice when doing the cisco config?
eg:
I heard it is better to issue command eg: shutdown xx sec when
 doing
the remote configure critical routes
it can avoid the lost connection. the router can reload the startup
config even though loss the connection
 
  If you are making changes that could potentially cause loss of remote
  connectivity, and you do not have physical access to the box, it is best
  practice to issue 'reload in x' where x is the minutes until reload. You
  want
  to ensure that x is long enough to make and verify your changes but short
  enough not to cause extended downtime if you make a mistake. Five to ten
  minutes is usually good for us. And remember to issue 'reload cancel' if
  your
  changes are made successfully.
 
Thank you for your help
 
 
 ___
 cisco-nsp mailing list  cisco-nsp@puck.nether.net
 https://puck.nether.net/mailman/listinfo/cisco-nsp
 archive at http://puck.nether.net/pipermail/cisco-nsp/

___
cisco-nsp mailing list  cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/

Re: [c-nsp] Dreaded FIB Exception on Sup2

2008-09-04 Thread Rich Davies 
Has anyone ever utilized Unicast RPF (reverse path forwarding) to help
mitigate this limitation on the SUP2's?   I have also ran into the same
limitation with our SUP2's (full BGP routing table, multiple peering
sessions) and I have read that enabling Unicast RPF would help temporarily
alleviate the TCAM memory being exhausted but in the long run a SUP7203BXL
would be the best solution (unfortunately very pricy).   Has anyone ever
used uRPF to help correct this (for short term) or is the SUP7203BXL the
only solution?


-Rich


Rich Davies
[EMAIL PROTECTED]


On Thu, Sep 4, 2008 at 8:18 AM, Gert Doering [EMAIL PROTECTED] wrote:

 Hi,

 On Thu, Sep 04, 2008 at 02:05:54PM +0200, Florian Weimer wrote:
  Do you mean the filters based on RIR minimum allocations?  From time
  to time, someone who should now better announces something smaller
  without the covering aggregate,

 So what?  They do not want your traffic, obviously...

 gert
 --
 USENET is *not* the non-clickable part of WWW!
   //
 www.muc.de/~gert/ http://www.muc.de/%7Egert/
 Gert Doering - Munich, Germany
 [EMAIL PROTECTED]
 fax: +49-89-35655025
 [EMAIL PROTECTED]

 ___
 cisco-nsp mailing list  cisco-nsp@puck.nether.net
 https://puck.nether.net/mailman/listinfo/cisco-nsp
 archive at http://puck.nether.net/pipermail/cisco-nsp/

___
cisco-nsp mailing list  cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/

[c-nsp] Cisco 5814 / 7206 dial shelf interconnect question

2008-07-25 Thread Rich Davies 
Hello

I have a question regarding the Cisco 5814/7206 NAS.   The 5814 dial-shelf
controller (DSC) is connected to the 7206 via a dial-shelf interface
(DSI).  This connection is ethernet-based even though Cisco calls it a
proprietary DSI connection.  When you do a show dsi to look at the status
of the DSI interface it shows UP/UP and has various info that you'd expect
an ethernet 
http://www.tek-tips.com/viewthread.cfm?qid=1488866page=1#interface
to have (plus the physical connector IS ethernet-based).   This
being the case, I am trying to determine if the DSI is a generic ethernet
connection (running layer 2 between the 5814 and 7206 for dial shelf to dial
shelf controller communication).

If this is the case and its just an ethernet conn running layer 2, is it
possible to put a switch in between of the 5814 and 7206?  (put the DSI link
in it's own VLAN).  Reason I ask is I have seen a moderate failure rate of
7206's acting as a dial shelf for a 5814, and it usually requires an onsite
visit (trying to get away from that).   If i can put a switch in between and
use VLAN's I could create a layer of redundancy for 5814's (have the ability
to map the port to another VLAN in the event of a 7206 dial shelf outage).

Any thoughts on this?   The DSI interface does indeed seem to be layer 2 and
MAC based was hoping someone else out there has tried this?


Thanks,

Rich Davies
[EMAIL PROTECTED]
___
cisco-nsp mailing list  cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/