Re: [c-nsp] 3750G Switch
On Fri Dec 07, 2018 at 03:40:45PM +, Harry Hambi - Atos wrote: > Trying to upgrade a 3750G from IOS c3750e-universalk9-mz.150-2.SE10.bin to > a latest version c3750e-universalk9-mz.152-4.E7.bin, and I am getting the > following error: > Error loading "flash: c3750e-universalk9-mz.152-4.E7.bin Is it definitely a 3750G? If so you're using the wrong image. 3750G images start c3750-, and come in ipbase/ipservices variants. Simon ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] NCS-5501/NCS-5502 as border/core routers
David, On Wed Aug 23, 2017 at 08:19:11AM +, David Hubbard wrote: > The pricing & licensing almost killed the deal before I executed it. It's the licensing that I'm most worried about - particularly as it doesn't appear to be public documented. > but on > the 5501se, the base price only includes eight of the forty 10gig ports > active, and none (!) of the 100gig. You have to buy license enable kits for > each block of additional eight 10gig ports (part NC5501-80G-SE-LIC=, $14k > list), and a license enabler for each single 100gig port (not sure of part, > same list price as the 8x10gig, but on a single port, yikes). This is worrying, but equally odd. There is no mention of this on the data sheet that I can see, and those part numbers don't appear either on the Cisco website, or on Cisco's Commerce web tool. The only references that Google throws up are 3rd party sites listing them from Cisco's GPL. > > If it were not for the difference between 1.3M and 2M FIB, I???d have gone > Arista 7280R2A series (part 7280SR2A-48YC6) which is their Jericho+ platform > and will do 1.3M routes, (48) 1/10/25gig ports, (6) 100gig that can also do > breakout, all ports active, much lower cost. I had an order for a bunch of > other Cisco stuff going out and was able to get the overall numbers where I > wanted them to be to execute the 5501???s, but had that not been the case, > I???d likely have been buying more Arista (already use the 7280SE for > non-edge roles) and seeing how long the 1.3M routes would last. Arista is definitely a competitor I'd consider - in the "Internet Scale" L2 switch market, they seem to be becoming a strong contender. > If you???re considering the 5502se, which is significantly more expensive > than 5501se of course, you may want to look at Arista???s 7280CR2K (the K is > important). I believe that 30 or 60-port 100gig device can do 2M and I???d > be shocked if it were not much more cost effective than the 5502se. Sounds good - would be hard to be more expensive than the list price for the 5502SE - although I'm told by my Cisco AM that there are some 'amazing' deals to be had on the NCS-5500 range. I'll have to talk to my friendly Arista reseller again. Many thanks for the insight, Simon ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
[c-nsp] NCS-5501/NCS-5502 as border/core routers
All, I'm currently trying to plan some upgrades for one of my networks where we currently use Cat6500/Sup2T as both 'core' and 'border' routers, but are very rapidly outgrowing them. I've recently split off the L2 transport aspects from the 6500's onto 100G capable switches (I ended up using Extreme X690/X870 here) which has freed up some capacity, but now looking at what to do about the L3 routing aspects, working with full Internet routing tables. I'd always planned to move up to the ASR9k for this, but the price of 100G ports for them is eyewateringly expensive when compared to switching boxes. I then stumbled across the NCS-5501-SE and NCS-5502-SE boxes. These, on paper, look ideal - the 5501's as border routers with 100G uplinks to the core, and the 5502's as core routers in our main datacentres. In particular, the 5502 appears to give me 48 x 100G ports for way less than the cost of ASR9k with just 4 x 100G ports. I fully recognise the difference between L3 switches (which I see the NCS boxes as) and true routers - I've been using the Cat6500 in this role for 7+ years! Are there people on this list who are actively using these boxes like this? Any gotchas, recommendations, scare stories? Does anyone understand the licensing on them? I've struggled to find any Cisco published information about what is/isn't included in each of the license options... Many thanks, Simon ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] 4x10G Etherchannel overruns
On Fri Mar 03, 2017 at 09:04:28AM -0800, Peter Kranz wrote: > On a WS-X6908-10G DCEF2T line card with SUP2T's, I ran into overruns > yesterday on a 4x10G etherchannel that I am at a loss to resolve: Are you seeing any fabric drops? "show fabric drop" We're just troubleshooting a similar(ish) issue with a couple of WS-X6908-10G cards in a 6504 chassis with SUP2T where we're seeing fabric drops now we're pushing about 50Gbps over a 6x10G etherchannel split over the two cards. Simon ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] Tabo Topic? Third party Maintenance
On Tue Jan 24, 2017 at 09:02:18AM +0100, Gert Doering wrote: > On Mon, Jan 23, 2017 at 07:33:08PM -0500, Charles Sprickman via cisco-nsp > wrote: > > I have to say, I haven???t been impressed with their support in a long > > time. We have smartnet really just for hardware, and recently I figured > > that since we have support, I???d actually try and offload a task that I > > hate - picking a stable version of IOS that has all the security issues > > resolved. > > Bwahahaha. Sorry. Quite :) Recommending software versions is one thing TAC cannot do - either by policy, or by demonstrated skillset. We did a big upgrade programme on some Cisco devices over the Christmas period to fix a number of bugs that had been raised to TAC. We upgraded to the version that TAC recommended to fix these bugs. We hit other bugs after the upgrade. We spoke to our Cisco SE about this, and he instantly responded to say that TAC should never have recommended that particular version, and that it's documented on CCO which version we should have used. We were also told that if we wanted Cisco to do a 'bug scrub', to see if we would be affected by any known bugs, then they offer this as a seperately chargeable service. Yes, really, they want us to pay them more money to find out how buggy their code releases are... Simon ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] Catalyst 6504-E memory reallocation
On Sun Jan 08, 2017 at 11:46:59AM -0500, Curtis Piehler wrote: > I would like to replace one of the DIA providers with > another by shutting it down then enabling the new DIA provider. If I do > this process will the device reclaim the unused memory once the old DIA > provider is shut down, then reallocate memory to the new copy of the > Internet routing table from the new ISP? Yes, it will. Simon ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] Wierd MPLS/VPLS issue
On Fri Dec 02, 2016 at 03:40:03PM +0200, Mark Tinka wrote: > Good to know. > > We are currently considering the 9508 for a particular role (Layer 2 > only), and I know they are based on the Broadcom chip. I'm guessing this > is where the limitation is coming from, yes? The 92160 is based on Cisco silicon (ASE3, I think). So they can't even blame Broadcom :) Simon ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] Wierd MPLS/VPLS issue
On Fri Dec 02, 2016 at 01:15:01PM +, Nick Hilliard wrote: > so just to confirm, what you're saying is that if the N9k switch is in > standard L2 mode, no L3 or mpls configured, that it cannot forward VPLS > frames with MAC addresses starting with either 4 or 6? Where the inner Destination MAC (i.e. after the two MPLS labels) starts with 4 or 6, yes. The Nexus 92160 is being used as purely a L2 switch. It doesn't even support MPLS... Simon ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] Wierd MPLS/VPLS issue
On Fri Dec 02, 2016 at 03:16:17PM +0200, Mark Tinka wrote: > Remind me - are you running the Nexus 9000 as a PE router, or as a basic > Layer 2 Ethernet switch? Basic Layer 2 Ethernet switch, sat between two of my MPLS P routers. The Nexus 9000 does not support MPLS. Simon ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] Wierd MPLS/VPLS issue
On Wed Nov 23, 2016 at 12:01:20PM +, Simon Lockhart wrote: > On Fri Nov 04, 2016 at 03:40:05PM +0000, Simon Lockhart wrote: > > To me, everything *looks* right, it's just that some VPLS traffic traversing > > the new link gets lost. > > For those who are interested... > > Well, I finally got to the bottom of this, and have pushed it to Cisco TAC > for a fix... Cisco TAC finally accepted the issue. Bug CSCvc33783 has been logged. Nexus BU has investigated. Response is... "[...] unfortunately this is an ASIC limitation on the Nexus 9000 switches and is therefore not fixable." If you want a Layer 2 switch that will forward all valid Ethernet frames, I'd suggest avoiding the Nexus 9000 range... Simon ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] Wierd MPLS/VPLS issue
On Wed Nov 23, 2016 at 12:07:26PM +, James Bensley wrote: > Yep. This is why I always use the control word. Turn it on and your > problem will probably go away. If only. Extreme EXOS doesn't support control word :( (Or, at least, I've not found the right knob to turn yet) Simon ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] Wierd MPLS/VPLS issue
On Fri Nov 04, 2016 at 03:40:05PM +, Simon Lockhart wrote: > To me, everything *looks* right, it's just that some VPLS traffic traversing > the new link gets lost. For those who are interested... Well, I finally got to the bottom of this, and have pushed it to Cisco TAC for a fix... This packet gets forwarded: Frame 1: 140 bytes on wire (1120 bits), 140 bytes captured (1120 bits) Ethernet II, Src: (00:1f:9e:08:a5:c0), Dst: (00:1a:30:0d:c8:00) 802.1Q Virtual LAN, PRI: 0, CFI: 0, ID: 101 MultiProtocol Label Switching Header, Label: 95, Exp: 0, S: 0, TTL: 254 MultiProtocol Label Switching Header, Label: 1240, Exp: 0, S: 1, TTL: 4 Ethernet II, Src: (ec:c8:82:d1:aa:ce), Dst: (88:f0:31:55:8a:50) Internet Protocol Version 4, Src: 5.151.211.131, Dst: 5.151.211.130 Internet Control Message Protocol This packet doesn't: Frame 1: 140 bytes on wire (1120 bits), 140 bytes captured (1120 bits) Ethernet II, Src: (00:1f:9e:08:a5:c0), Dst: (00:1a:30:0d:c8:00) 802.1Q Virtual LAN, PRI: 0, CFI: 0, ID: 101 MultiProtocol Label Switching Header, Label: 95, Exp: 0, S: 0, TTL: 254 MultiProtocol Label Switching Header, Label: 1240, Exp: 0, S: 1, TTL: 4 Ethernet II, Src: (ec:c8:82:d1:aa:ce), Dst: (4c:4e:35:d6:e4:50) Internet Protocol Version 4, Src: 5.151.211.131, Dst: 5.151.211.129 Internet Control Message Protocol The important difference is the Dst MAC address in the inner Ethernet II header. If the first nibble of the Dst MAC address is 4 or 6, the packet doesn't get forwarded. If it starts with anything else, it does get forwarded. It looks like the Nexus 92160YC-X is spotting the 4 or 6 there, assuming it's an IPv4 or IPv6 header next (Wireshark makes exactly the same incorrect assumption!), trying to decode it, and failing (because it's actually an Ethernet II header), and then fails to forward the packet. I can only assume the Nexus is looking this deep in the packet to get some entropy for load-balancing hashing. Trying to persuade Cisco TAC that this is a real problem with the Nexus, and not a problem with the packet has been a real challenge. Fingers crossed I've finally persuaded them to accept that it's their problem. Simon -- Simon Lockhart | * Server Co-location * ADSL * Domain Registration * Director| * Domain & Web Hosting * Connectivity * Consultancy * Bogons Ltd | * http://www.bogons.net/ * Email: i...@bogons.net * ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] Wierd MPLS/VPLS issue
On Fri Nov 04, 2016 at 03:40:05PM +, Simon Lockhart wrote: > Anyone got any suggestions on what I should look for whilst troubleshooting > this? Well, having got myself to a point where I could reliably reproduce the problem, I think I've narrowed down the issue... On the 100G on the Nexus 92160, I'm seeing output errors... nexus-01# show int e1/49 counters errors Port Align-ErrFCS-Err Xmit-ErrRcv-Err UnderSize OutDiscards Eth1/49 0 0 10003 0 0 0 Port Single-Col Multi-Col Late-Col Exces-Col Carri-Sen Runts Eth1/49 0 0 0 0 0 0 Port Giants SQETest-Err Deferred-Tx IntMacTx-Er IntMacRx-Er Symbol-Err Eth1/490 -- 0 10003 0 0 Does anyone know what "IntMacTx-Er" is? Google hasn't thrown up anything useful. At the other end of the 100G link, the receiving port showing Rcv-Err and FCS-Err, although it still tries to forward the packets on. The 10G port on a Cisco 6500 (which is the next hop) shows the packets as CRC errors, and finally drops them. Simon ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
[c-nsp] Wierd MPLS/VPLS issue
All, Having banged my head against a brick wall all day today trying to work out what's going on, and not having got anywhere, I thought I'd ask this list for some suggestions... I've got a Cisco MPLS core network, with Extreme boxes running as VPLS endpoints. Over the last couple of days I've tried turning up additional capacity between two core nodes, and each time I try, I end up with packet loss over VPLS links (either full or partial loss), but only on a subset of VPLS instances. Simplified network diagram: +--+ | vpls-m | | | +---+--+---+ | | | | 2 x 10G LAG | | +---+--+---+ +--+ | core-m | 10G | sw-m | | +---+ | | | +-++ +--+-+-+---+ | | | | | | | | 3x10G | 100G VLAN Trunk | | | ECMP| | | | | +--+-+-+---+ +--+ | core-l | 10G | sw-l | | +---+ | | | +--+ +---+--+---+ | | | | 2 x 10G LAG | | +---+--+---+ | vpls-l | | | +--+ vpls-m and vpls-l are Extreme X670-G2's (running EXOS 16.1.3.6) core-m and core-l are Cisco 6500's with Sup2T (running IOS 15.2(1)SY2) sw-m and sw-l are Cisco Nexus 92160YC's (running NXOS 7.0(3)I4(3)) The three existing 10G links directly between core-m and core-l are live now, over carrier 10G EoMPLS links. Typical config for the 10G link is: interface TenGigabitEthernet1/1 description to core-l:Te1/2 mtu 9000 ip address xx.yy.zz.234 255.255.255.252 ip pim sparse-mode logging event link-status load-interval 30 ipv6 enable mpls traffic-eng tunnels mpls ip ipv6 ospf 1 area 0.0.0.0 hold-queue 4096 in end The new 10G link I'm trying to add is going via sw-m and sw-l, over a 100G wavelength from a carrier. All the ports on sw-m and sw-l have an MTU of 9216 configured, with the port facing core-* as a "switchport access" port, and the 100G link configured as a "switchport trunk". Config on the core-* ports towards the sw-*'s is the same as above (except I'm using /31 for the IPv4 addresses). IPv4 and IPv6 reachability is fine. OSPF, OSPFv3 and PIM come up over the link. As soon as I configure "mpls ip", I start getting the packet loss over some VPLS links. Remove "mpls ip", and the packet loss goes away. To me, everything *looks* right, it's just that some VPLS traffic traversing the new link gets lost. Anyone got any suggestions on what I should look for whilst troubleshooting this? Unfortunately, due to the impact to traffic, I have to make any changes within a maintenance window, but I've run out of ideas of things to try or look for. Many thanks, Simon ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] Router 6504E - SUP 720 3B XL
On Mon Jul 18, 2016 at 08:24:55PM -0300, Estagiario wrote: > used Cisco 6505+SUP720-3BXL+WS-X6704-10GE = (R $ 40,000) To give you a feel, in the UK I would expect to pay about 20% of that price, maybe even 10%, or less. I don't know what the used market is like in Brazil, but you may do better to import. If you're doing full BGP, you will find the SUP720-3BXL slow, but if you can cope with that, and are careful with your RAM usage, then it'll work. Simon ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] Can you upgrade WS-X6908-10G-2T to -2TXL?
On Wed May 04, 2016 at 02:27:13PM +0100, Phil Mayers wrote: > Right up until you RMA it and the *next* TAC engineer says it's a fake and > you can't have a replacement, and the previous engineer is nowhere to be > found. My thoughts exactly. Just to confuse matters a bit, we don't buy these cards direct from Cisco, so don't have direct TAC support for them. We use a 3rd party support partner. The card with the warning was actually supplied by them as a replacement for a failing card that's currently in live service. Whilst I'd probably accept a written assurance from Cisco that it's fine, I'd not accept the same from the 3rd party partner, as when we move onto another support partner in the future, they'd be under no obligation to honour the agreement. Simon ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
[c-nsp] Can you upgrade WS-X6908-10G-2T to -2TXL?
All, We've recently received a WS-X6908-10G-2T which has been 'upgraded' to a -2TXL by replacing the DFC-4 with a DFC4-EXL. When we install the card in our 6500, we get the following warning: May 3 05:49:10.566 UTC: %SMC-DFC4-2-BAD_ID_HW: Failed Identification Test in 4/0/1 [5/0] The module in 4/0/1 in this router may not be a genuine Cisco product. Cisco warranties and support programs only apply to genuine Cisco products. If Cisco determines that your insertion of non-Cisco memory, WIC cards, AIM cards, Network Modules, SPA cards, GBICs or other modules into a Cisco product is the cause of a support issue, Cisco may deny support under your warranty or under a Cisco support program such as SmartNet. The module also shows as Status "Warning" in "show modules". The Vendor is saying that this is just cosmetic and because the DFC4-EXL isn't what was shipped with the original card, but I'm not happy, so pushing for them to supply a card which doesn't have this warning. Has anyone done this before? Anyone seen this before? Simon ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] C6509 Fabric Switch Capacity
On Wed Jan 13, 2016 at 07:10:09AM -0800, Azher Mughal wrote: > For WS 6704 (with DFC3B), I was able to go close to 9Gbps per port > across the bus when using Iperf and jumbo frames. Single port on each of > the bus gives you line rate of 9.9Gbps. Sounds like you come from the Cisco camp of performance testing :) Yes, under ideal conditions you can probably get close to linerate on them, but stick general Internet traffic through them, and you won't. I believe it's a limitation on PPS, so jumbo frames are what let you fill the ports. Simon ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] C6509 Fabric Switch Capacity
On Wed Jan 13, 2016 at 04:25:48PM +0200, Chris Knipe wrote: > Whilst I can understand over subscription (and subsequent drops) on the > WS-X6708, would the same hold true for the WS-X7604? The WS-X6704 has woefully underpowered ASICs on it. It has the dual 20G bus connections, with two 10G ports on each, so on paper it's not oversubscribed. However, you'll be lucky to get more than about 25Gbps aggregate throughput through the blade. Simon ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] Cisco 10G gear
On Sat Jan 17, 2015 at 10:53:01AM +0200, Chris Knipe wrote: I'm still confused :-( Sorry. The only other line card in the chassis would be one WS-X6748-GE-TX which is a 48 Port 10/100/1000 card. With 6704 and 6748-GE-TX you'll be in CEF720 switching mode, not classic. This will give you the full 30Mpps switching with CFC's. Yes, the SUP720 comes with MSFC3/PFC3 standard (we will be upgrading memory on the SUP as well as the MFC to 1G, the max supported), and it states it can deliver up to 40Gbps per slot. But from what you've mentioned, we will thus now be limited to 15Mpps which is clearly not going to be enough. If you're only doing layer 2 switching and no routing, then you shouldn't need to upgrade the RAM - this is used more for route storage (RIB). The SUP720-3B is perhaps also an option, but if I have to start looking at the 720-3BXL then it's becoming very expensive, yet again. Consider looking at refurb / 2nd-user - either official Cisco refurb or 3rd party. You'll probably be pleasantly surprised by the pricing. Do I then also understand correctly that in the case of a SUP720-3B I need to purchase a WS-X6708-10G-3C and in the case of a SUP720-3BXL we are talking about a WS-X6708-10G-3CXL (there are no 4-port line card available with a DFC daughter card), or are these special versions with the daughter cards only required to lower the impact of the contention on the 8-port cards? The 6708 is an odd card - it has the DFC 'soldered in', so it's not field replaceable/upgradeable. The difference between 3B and 3BXL is purely the number of layer 3 routes it can hold in the FIB. If you're only doing L2, then this won't give you any benefits. Would the same also hold true then on a SUP720-3B or SUP720-3BXL in the case of a WS-X6704-10GE, or would the bigger (better) SUP have no problem with smashing the 15/30Mpps to pieces and deliver true 10Gbps per port? I'm not after 100% guaranteed 10Gbps per port on the line card, but I most certainly don't want to spend all this money and only get like ~3Gbps per port either. You won't get true line rate on all 4 ports on a 6704. They're well known as having performance issues due to underpowered ASICs. We've been seeing about 25-30Gbps of aggregate traffic (general internet traffic, adding in+out on all ports) before they run out of steam. What other options (except Nexus) would there be that can deliver ~8 x 10GE (fiber) and 48 x 1GE at an affordable rate? Depends on your total traffic requirements. SUP720 + 6704 + 6748-GE-TX (+ 6724-SFP if I need fibre) is still my work-horse of choice for a Cisco switch offering both 10G and 1G ports. On the used market, these blades are available very cheaply. Nexus is WAY over my budget (and the reason why we're looking at the 6500 instead), and it would seem (to me at least) I am stuck between a rock and a hard place in terms of acquiring a low port density 10G switch at an affordable price. Although I don't use it myself (as I use Extreme X460 switches for this purpose), you may find something in the Nexus 3000 range which fits your requirements. Sorry for all the questions, in my 15 odd years of networking, this is the first time that I will be entering the 10GE arena, so I really want to just make sure that I get the correct kit from the start. These toys aren't cheap :-( Wait until you want 40G or 100G - then you'll realise that 10G stuff is cheap :) Simon -- Simon Lockhart | * Server Co-location * ADSL * Domain Registration * Director| * Domain Web Hosting * Connectivity * Consultancy * Bogons Ltd | * http://www.bogons.net/ * Email: i...@bogons.net * ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] Cisco 10G gear
On Sat Jan 17, 2015 at 11:57:21AM +0200, Chris Knipe wrote: Depends on your total traffic requirements. SUP720 + 6704 + 6748-GE-TX (+ 6724-SFP if I need fibre) is still my work-horse of choice for a Cisco switch offering both 10G and 1G ports. On the used market, these blades are available very cheaply. This is what I really like (and hoped) to hear. Considering we're currently peaking at 1.2Gbps / 1.5Gbps, a ~10X increase in capacity/throughput seems like a winner then. Granted (as I understand it), from a layer III point of view this configuration would be significantly under spec'ed to provide what it is supposed to, but on a layer II level it seems (to me at least) that it would be able to deliver a -significant- upgrade to what we currently can deliver on our infrastructure... I'm doing L3 on my 6500's, so I do use the 3BXL to be able to hold a full Internet routing table. There's little difference between L2 and L3 performance on the 6500. We're now upgrading to the Sup2T and 69xx cards to give us higher 10G port density. The 25-30Gbps you are seeing - is this across one line card, or across the entire chassis? Just trying to get an idea of what two or three 4-Port 10GE cards would do. That's per 6704 card. In aggregate, we were probably doing close to 100Gbps of traffic through a 6509 chassis, but only because traffic was flowing over it several times. Simon ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] ASR vs 6807
In simple terms (and I apologise if this is fixed in Sup2T, as most of my experience has been on the Sup720), with the 6500/6800 platform, you can only do port-to-port or subint-to-subint VPWS, but not port-to-subint (which you can on the more capable boxes, or with the ES cards on the 6500/6800). Simon On Thu Nov 27, 2014 at 11:05:18AM +, R LAS wrote: Hi Simon can you detail more ASR9k can be more flexible on EoMPLS (VPLS) than 6807 ? Regards Date: Thu, 27 Nov 2014 10:26:55 + From: si...@slimey.org To: dim0...@hotmail.com CC: cisco-nsp@puck.nether.net Subject: Re: [c-nsp] ASR vs 6807 On Thu Nov 27, 2014 at 10:18:41AM +, R LAS wrote: Discussing a new architecture of DCI (Data Center Interconnection), Cisco raccomends both ASR9k and 6807. The architecture requested by the customer forecast MPLS/VPLS supported by DCI. From pricing point of view there is a quite big difference (win 6807), from feature point of view Cisco says the difference is only the number of mac-addresses supported and the sw modularity. Can anybody help in digging more the technical difference ? I'm going through much the same at the moment, and settling on 6807, largely from a price perspective. ASR9k is (today) a more capable box for routing - particularly if you want higher bandwidths. ASR9k has 100G ports today. 6807 only has 40G. ASR9k can be more flexible on EoMPLS (VPLS) than 6807. 6807 has a lot of potential (880G per slot), but it's not supported by either Supervisors or Linecards that are available today (current limit is 80G/slot). Simon -- Simon Lockhart | * Server Co-location * ADSL * Domain Registration * Director| * Domain Web Hosting * Connectivity * Consultancy * Bogons Ltd | * http://www.bogons.net/ * Email: i...@bogons.net * ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] ASR vs 6807
On Thu Nov 27, 2014 at 10:18:41AM +, R LAS wrote: Discussing a new architecture of DCI (Data Center Interconnection), Cisco raccomends both ASR9k and 6807. The architecture requested by the customer forecast MPLS/VPLS supported by DCI. From pricing point of view there is a quite big difference (win 6807), from feature point of view Cisco says the difference is only the number of mac-addresses supported and the sw modularity. Can anybody help in digging more the technical difference ? I'm going through much the same at the moment, and settling on 6807, largely from a price perspective. ASR9k is (today) a more capable box for routing - particularly if you want higher bandwidths. ASR9k has 100G ports today. 6807 only has 40G. ASR9k can be more flexible on EoMPLS (VPLS) than 6807. 6807 has a lot of potential (880G per slot), but it's not supported by either Supervisors or Linecards that are available today (current limit is 80G/slot). Simon ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
[c-nsp] Exactly how bad is the 6704-10GE?
All, (This is vaguely related to my question earlier in the week about ASR capacity) We use quite a few 6704-10GE blades on our network, and I'm seeing some random congestion type issues. In some cases, I've made the problem go away by shuffling ports between blades to spread the load, but I'm left wondering exactly where the problems lie. From talking to people on IRC, etc, I'm told that the 6704 runs out of steam around 24-26Gbps of throughput when handling imix traffic. I'm also told that this is largely driven by pps, rather than bps. If we take, for example, a 6504 on our network. It has a Sup2T in slot 1, 6704-10GE(CFC) in slot 2, 6724-SFP(CFC) in slot 3, and 6904-40G(DFC4) in slot 4. I've got a 4*10G portchannel towards our core consisting of Te2/1, Te4/5, Te4/6 Te4/8 Te2/3 and Te4/9 form a 2*10G portchannel towards an IXP Te2/2 is a 10G link towards a transit provider. The traffic profile on the 4*10G portchannel seems to max out at about 24Gbps. I don't see any obvious packet drops or latency increase, just that the traffic doesn't go any higher than that. I suspect I'm hitting a limit on the 6704 which is causing this, but I can't figure out what that limit is. If I take a snapshot of the 3 active ports on the 6704 at peak time, I see: Te2/1: In = 2.7Gbps/580kpps, Out = 5.7Gbps/613kpps Te2/2: In = 7.0Gbps/865kpps, Out = 1.8Gbps/520kpps Te2/3: In = 7.3Gbps/789kpps, Out = 2.5Gbps/666kpps Summing that all up, I've got ~27Gbps of traffic flowing through the card, and just over 4Mpps. I also see this: rtr#show fabric drop Polling interval for drop counters and timestamp is 1 in seconds Packets dropped by fabric for different queues: Counters last cleared time: 22:54 08 Oct 14 slotchannelLow-Q-drops High-Q-drops 1 0 0 0 1 1 0 0 2 0 35759 @00:57 09Oct14 0 2 1 76766 @00:57 09Oct14 0 3 0 0 0 4 0169 @00:56 09Oct14 0 4 1 0 0 So I seem to be seeing fabric drops on the 6704 slot, on both channels (but more on channel 1, which has ports Te2/1 and Te2/2 on it). If I look at fabric utilisation, it doesn't say it's maxing out: rtr#show fabric utilization detail Fabric utilization: IngressEgress Module Chanl Speed rate peak rate peak 1 020G0%0% 0%0% 1 120G0%3% @19:53 08Oct140%3% @19:53 08Oct14 2 020G 27% 50% @22:14 08Oct145% 13% @22:13 08Oct14 2 120G 33% 47% @00:33 09Oct14 23% 33% @23:09 08Oct14 3 020G0%0% 0%0% 4 040G 11% 17% @22:30 08Oct14 26% 40% @00:02 09Oct14 4 140G0%0% 0%0% So my questions... 1) For other people using the 6704-10GE blade, what sort of maximum throughput are you seeing? Have you managed to pinpoint what the limiting factor is? 2) What do the fabric drops really mean. My google-fu isn't helping a lot, and the command doesn't seem to be documented. Is there anything I can do to reduce the fabric drops? Why am I also seeing some on the 6904-40G slot, which should be a much more capable card. Many thanks in advance, Simon ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] Understanding ASR1k / ESP40 capacity
Pete, Thanks for this - I'll watch that preso and see if it adds anything useful. You seem to be supporting my viewpoint, and I've also had an off-list reply supporting TAC's viewpoint - so I'm not sure I'm any further forwards. I'm currently working on a plan to replace the ESP40 with an ESP100 - but as the ESP100 isn't supported in the ASR1004, I'll also have to do a chassis swap to an ASR1006. My only remaining concern with this plan is whether the SIP40 can really do 40Gbps. If I stick 4 * 10G SPA's into a SIP40, can I run those 10G ports at line-rate (assuming sufficient ESP capacity)? Many thanks, Simon On Sat Oct 04, 2014 at 11:56:45AM -0400, Pete Lumbis wrote: It would be a single pass through the QFP. The SIP could also be a limiting factor, but since you are split between SIPs that shouldn't be an issue. The SIP 40 has 2x 40Gig lanes on the backplane. Are you doing crypto or anything like that which would impact performance? There is a great Cisco Live preso on the ASR1k architecture that might help you get some ammo to go back to TAC with. http://d2zmdbbm9feqrf.cloudfront.net/2014/usa/pdf/BRKARC-2001.pdf -Pete On Sat, Oct 4, 2014 at 4:56 AM, Simon Lockhart si...@slimey.org wrote: All, I'm banging my head against a brick wall trying to get sensible answers from Cisco TAC, so thought I'd ask the educated masses who may have come across this before... I've got a Cisco ASR1004 with RP2, ESP40, 2 * SIP40's, and 8 * 10GE ports. A snapshot of usage on these ports at peak is: Interface RxBps RxPps TxBps TxPps Te0/0/0 4,385,563,000 515,508906,118,000 339,997 Te0/1/0 3,942,338,000 419,696984,150,000 358,436 Te0/2/0 3,949,993,000 425,192933,257,000 349,145 Te0/3/0 4,375,526,000 512,858873,284,000 334,751 Te1/0/0 1,186,440,000 454,714 5,474,029,000 630,916 Te1/1/0 622,154,000 244,056 3,181,689,000 338,190 Te1/2/0 711,493,000 253,275 3,211,560,000 340,950 Te1/3/0 1,218,873,000 437,195 4,831,708,000 568,488 TOTAL20,392,380,000 3,262,494 20,395,795,000 3,260,873 I'm seeing throughput issues on a portchannel consisting of Te0/0/0 and Te0/3/0 (it won't go over 10Gbps aggregate) Cisco TAC are telling me if I add TxBps and RxBps totals together, I get 40Gbps, so I've reached capacity of the QFP (i.e. ESP40). My arguement against this is that a packet which enters the router on Te0/0/0, goes through the SIP40 in slot 0, through the ESP40, through the SIP40 in slot 1, and out through Te1/0/0 is still just one packet, so should only need to be counted once through the ESP, and once for each SIP. Hence, the throughput on the ESP is only 20.3Gbps on those numbers above. If I poll ceqfpUtilProcessingLoad by SNMP, I see peaks of around 65%, which would correlate with this level of throughput. I'm assuming there are others of you using this platform. What sort of throughput are you seeing? Am I right, or is the Cisco TAC engineer? TIA, Simon ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/ ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
[c-nsp] Understanding ASR1k / ESP40 capacity
All, I'm banging my head against a brick wall trying to get sensible answers from Cisco TAC, so thought I'd ask the educated masses who may have come across this before... I've got a Cisco ASR1004 with RP2, ESP40, 2 * SIP40's, and 8 * 10GE ports. A snapshot of usage on these ports at peak is: Interface RxBps RxPps TxBps TxPps Te0/0/0 4,385,563,000 515,508906,118,000 339,997 Te0/1/0 3,942,338,000 419,696984,150,000 358,436 Te0/2/0 3,949,993,000 425,192933,257,000 349,145 Te0/3/0 4,375,526,000 512,858873,284,000 334,751 Te1/0/0 1,186,440,000 454,714 5,474,029,000 630,916 Te1/1/0 622,154,000 244,056 3,181,689,000 338,190 Te1/2/0 711,493,000 253,275 3,211,560,000 340,950 Te1/3/0 1,218,873,000 437,195 4,831,708,000 568,488 TOTAL20,392,380,000 3,262,494 20,395,795,000 3,260,873 I'm seeing throughput issues on a portchannel consisting of Te0/0/0 and Te0/3/0 (it won't go over 10Gbps aggregate) Cisco TAC are telling me if I add TxBps and RxBps totals together, I get 40Gbps, so I've reached capacity of the QFP (i.e. ESP40). My arguement against this is that a packet which enters the router on Te0/0/0, goes through the SIP40 in slot 0, through the ESP40, through the SIP40 in slot 1, and out through Te1/0/0 is still just one packet, so should only need to be counted once through the ESP, and once for each SIP. Hence, the throughput on the ESP is only 20.3Gbps on those numbers above. If I poll ceqfpUtilProcessingLoad by SNMP, I see peaks of around 65%, which would correlate with this level of throughput. I'm assuming there are others of you using this platform. What sort of throughput are you seeing? Am I right, or is the Cisco TAC engineer? TIA, Simon ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] Determining ASR1k ESP/SIP utilisation
On Sun Mar 16, 2014 at 08:17:07PM -0400, Pete Lumbis wrote: http://www.cisco.com/c/en/us/support/docs/routers/asr-1000-series-aggregation-services-routers/110531-asr-packet-drop.htm Thanks - I've looked at that page a few times, but it seems to focus on how to find out what's gone wrong when you've already hit the limit, rather than determining how close to the limit you are. show plat hard qfp active datapath utilization will show the total QFP load This one is one I'd not tried before and looks very useful. I assume this is reporting the ESP utilisation, and thus in the case of my ESP-40, how close I am to the 40Gbps aggregate switching limit. Do you know if this information is obtainable by SNMP? Can I find similar information for the SIPs? Simon ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
[c-nsp] Determining ASR1k ESP/SIP utilisation
All, I have a number of ASR1004's on my network, each with an identical configuration, consisting of: ASR1000-RP2 ASR1000-ESP40 2 * ASR1000-SIP40 4 * SPA-1X10GE-L-V2 (Te0/0/0, Te0/1/0, Te1/0/0, Te1/1/0) Two of the 10G ports are customer facing, the other two are core facing. All the 10G ports are running at at least 80% line speed at peak time. Is there any way to determine the utilisation levels of the SIP's and the ESP? Could I put more 10G ports in these ASR's, or will I just be oversubscribing the SIP or ESP? Many thanks, Simon ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] ASR9k/IOS-XR BNG for IPoE (DHCP) help
On Fri Jun 07, 2013 at 06:56:31AM -0500, Bradley Williamson wrote: What version of code are you running. There is a bug in DHCP after 4.1. I have been working with Cisco on this and they finally acknowledged it is a bug. We have no date for a patch yet. I'm running 4.3.1 on ASR9001. What's the nature of the bug? Is it related to DHCP Option 82 information or something like that? Are you using the BNG functionality, or just ipv4 helper-address on the interface? I cannot get any cpe routers to pull IP addresses, but if I just plug a laptop in it works. I'll give it a try, just to see. Simon ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
[c-nsp] ASR9k/IOS-XR BNG for IPoE (DHCP) help
All, I'm currently evaluating the ASR9001 as a BNG for IPoE traffic (Double VLAN tagged traffic, doing DHCP) - but I'm having difficulties getting the DHCP proxy bit working. Has anyone done this before, or can anyone help point me in the direction of why my config isn't working? I've been working through the example at https://supportforums.cisco.com/docs/DOC-19702 and have come up with the following config: -- 8 8 - dhcp ipv4 profile IP_DEFAULT proxy helper-address vrf default 192.168.130.20 giaddr 100.64.248.129 relay information check relay information option relay information policy keep relay information option allow-untrusted ! interface Bundle-Ether1.3121 proxy profile IP_DEFAULT ! interface Bundle-Ether1.3121 ipv4 address 100.64.248.129 255.255.255.192 service-policy type control subscriber IP_PM ipsubscriber ipv4 l2-connected initiator dhcp ! encapsulation ambiguous dot1q 3121 second-dot1q any ! interface TenGigE0/0/2/1 bundle id 1 mode on ! dynamic-template type ipsubscriber IPSUB_TPL ! ! class-map type control subscriber match-any DHCP match protocol dhcpv4 end-class-map ! policy-map type control subscriber IP_PM event session-start match-first class type control subscriber DHCP do-until-failure 5 activate dynamic-template IPSUB_TPL ! ! end-policy-map ! end -- 8 8 - Now, if I do debug dhcp ipv4, I can see my DHCP requests coming in, and it starts to process them, but the requests are never forwarded to my DHCP server. If I do show dhcp ipv4 proxy binding detail, it sees the client ok, but doesn't show the server address: -- 8 8 - RP/0/RSP0/CPU0:test-asr9k.lab.cc#show dhcp ipv4 proxy binding detail Thu Jun 6 22:08:00.070 UTC MAC Address: 100d.7f4d.1cda VRF: default Server VRF: - IP Address: 0.0.0.0 Giaddr from client: 0.0.0.0 Giaddr to server:0.0.0.0 Server IP Address: 0.0.0.0 Server IP Address to client: 0.0.0.0 ReceivedCircuit ID: Xxx-21 eth 3/1/2/1/1:102 InsertedCircuit ID: Xxx-21 eth 3/1/2/1/1:102 ReceivedRemote ID: SimonsHouse InsertedRemote ID: SimonsHouse ReceivedVSISO: - InsertedVSISO: - Auth. on received relay info:FALSE Profile: IP_DEFAULT State: INIT Proxy lease: 60 secs (00:01:00) Proxy lease remaining: 22 secs (00:00:22) Client ID: 0x01-0x10-0x0D-0x7F-0x4D-0x1C-0xDA Access Interface:Bundle-Ether1.3121 Access VRF: default VLAN Id: outer 3121, inner 102 Subscriber Label:0x0 * * Next renew request from this client will be NAK'd in order to recreate subscriber session -- 8 8 - Any ideas why it might not be forwarding on the DHCP requests? Many thanks in advance, Simon ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] Terminating lots of double-tagged vlans
On Wed May 29, 2013 at 04:36:12PM +0100, Tom Storey wrote: Is there a reason you couldnt do something like the following? encapsulation dot1q 100 second-dot1q 1-4095 Maybe not as elegant as the any keyword, but it would let you do routing while covering all of the inner VLAN IDs? Depending on the platform/feature, any seems to just map to 1-4095 anyway. I've tried doing this with EVC's on ASR1k, and it doesn't seem to work. I've tried doing this with ambiguous subinterfaces on the ASR1k, and it partially works, but not well enough to be usable. Talking to a Cisco SE, the ASR9k is apparently the first platform which properly supports termination of broadband users, using DHCP, as IPoEoQinQ. I'm just waiting for the loan box to arrive to prove it in the lab. Simon ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
[c-nsp] Terminating lots of double-tagged vlans
All, I'm working on a project which uses GPON to connect tens of thousands of properties in a fibre-to-the-home environment. Each property will be handed off to me as a double-tagged vlan, one per property. Obviously I don't want to manually create tens of thousands of subinterfaces on a router, and I'm sure there's a better way of doing this. What I'd come up with is that I'd ignore the inner tags, and just use the outer S-Tag to put the properties into subnets (one per S-Tag), and then just do DHCP. However, I'm not quite sure how I'd achieve this. This is obviously a common problem for people to solve, so how do others sort it out? The devices I'd typically use include Cisco 6500/SUP720, ME3600, ASR1k, and smaller stuff like the 3750/3560. Any suggestions? Many thanks, Simon ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] Terminating lots of double-tagged vlans
On Wed Apr 17, 2013 at 12:57:05PM -0700, Bruce Pinsky wrote: Simon Lockhart wrote: What I'd come up with is that I'd ignore the inner tags, and just use the outer S-Tag to put the properties into subnets (one per S-Tag), and then just do DHCP. However, I'm not quite sure how I'd achieve this. The devices I'd typically use include Cisco 6500/SUP720, ME3600, ASR1k, and smaller stuff like the 3750/3560. http://www.cisco.com/en/US/docs/ios/lanswitch/configuration/guide/lsw_ieee_802.1q.html#wp1027258 Oh, great, that makes things easy :) I didn't realise you could do that. Looks like what would work then is to plug the GPON handoff into an ME3600 and use the flexible vlan rewriting on that to ensure that the outer tag is unique for my network, then aggregate it through our existing L2 access switches into an ASR1k doing access routing. I think I must have been over-thinking the problem. Many thanks, Simon ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] High CPU utilization on sup720 with GRE
On Sun Mar 24, 2013 at 02:06:09PM +0300, Samir Abidali wrote: Can you somebody help me in understanding whey GRE tunnel Cisco WS-SUP720-3BXL , with two GRE tunnel configured will spike the cpur to 99% when the traffic goes beyond 30mbps. According to documentation, the GRE is hardware accelerated, please note that the two tunnel interface has two different source interface ( SVI source ip address ) It's important to use a different source interface for each Tunnel (we use loopback interfaces per tunnel). I'm doing over 1Gbps of GRE spread over multiple tunnels, and my CPU is running at around 30%. I'd probably start by looking at MTU - is this box having to do a lot of fragmentation? That will kill the CPU very quickly. Simon ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
[c-nsp] Linecard issue after upgrading Sup720 to 15.1(1)SY
All, Is anyone running 15.1(1)SY (or an earlier 15.x release) on a 6500/Sup720? I tried to upgrade a box this morning from 12.2(33)SXJ3 to 15.1(1)SY, and all worked okay except one line card (a WS-X6748-SFP): router#show mod 2 Mod Ports Card Type Model Serial No. --- - -- -- --- 2 24 CEF720 24 port 1000mb SFP WS-X6724-SFP SAD082x Mod MAC addresses HwFw Sw Status --- -- -- --- 2 000e.83xx.xxb8 to 000e.83xx.xxcf 2.1 Unknown Unknown Other Mod Sub-Module Model Serial Hw Status --- -- --- --- --- 2 Distributed Forwarding Card WS-F6700-DFC3B SAL105x 4.5Other Mod Online Diag Status --- 2 Unknown After a while, it logged: Mar 23 07:16:51.876 UTC: %ONLINE-SP-6-REGN_TIMER: Module 2, Proc. 0. Failed to bring online because of registration timer eve sm(cygnus_oir_bay slot2), running yes, state wait_til_online Last transition recorded: (power_on_ok)- wait_til_online (reset_timer_online)- wait_til_online (powered_off)- shutdown_pc (pc_powered_off)- powered_off (operator_power_on)- can_power_on (yes_power)- powered_on (real_power_on)- check_power_on (timer)- check_power_on (power_on_ok)- wait_til_online (reset_timer_online)- wait_til_online Mar 23 07:16:51.876 UTC: %C6KPWR-SP-4-DISABLED: power to module in slot 2 set off (Module Failed SCP dnld) Downgrading the Sup720 back to 12.2(33)SXJ3 caused the card to boot and run fine again. I can't seem to find anything about this in the release notes, or via google. Given that it works fine on 12.2, I don't think it's failing hardware. Could it be a hardware revision issue? (Other cards in this chassis are 2.4+) Thanks in advance, Simon ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] Linecard issue after upgrading Sup720 to 15.1(1)SY
On Sat Mar 23, 2013 at 04:29:10AM -0700, Erik Nelson wrote: I have a 6509-E with SUP720-10G running 15.1(1)SY with a 6748-SFP/DFC3A. The chassis also has two 6748-GE-TX one with DFC3B and one with DFC3CXL. The 6748-SFP is HW 1.3. Many thanks for the confirmation that it can work. Looks like this one is going to have to go for a potential RMA on the card. Simon ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
[c-nsp] ASR1004 and NAT limitation?
All, I'm running an ASR1004 as a centralised CGNAT router. I've got various pools defined for different customers, and use a NAT route-map to stop private IPs being NAT'd when trying to reach our internal services (where we'd want to see the private IPs still). Typical config per customer is: ip nat pool cust1-pool-1 xxx.yyy.153.64 xxx.yyy.153.95 prefix-length 27 ip nat inside source route-map cust1-nat pool cust1-pool-1 overload ! ip access-list extended on-net permit ip any aaa.xxx.128.0 0.0.15.255 permit ip any bbb.yyy.128.0 0.0.31.255 permit ip any ccc.zzz.128.0 0.0.127.255 !| ip access-list extended cust1 permit ip 100.65.162.0 0.0.0.255 any permit ip 100.65.160.0 0.0.1.255 any ! route-map cust1-nat deny 10 match ip address on-net route-map cust1-nat permit 20 match ip address cust1 After adding another set of this config, I've hit this log message: *Mar 22 06:37:54.476 UTC: %CPP_FM-3-CPP_FM_TCAM_ERROR: F0: cpp_sp: TCAM limit exceeded: Class group nat-cg:1001 could not be successfully attached. Please remove the class group from the interface. On this page http://www.cisco.com/en/US/docs/routers/asr1000/release/notes/asr1k_caveats_38s.html It says: - CSCtz71208 Symptom: On a Cisco ASR1000 series router, once the error, CPP_FM-3-CPP_FM_TCAM_ERROR is seen, the only way to recover TCAM is to reload the ASR. Removing the config leading to the TCAM exhaustion is not enough. Conditions: This is seen after something leads to the TCAM being exhausted. This bug only relates to the recovery from the exhaustion, not the exhaustion itself. For that, please see bug: CSCtz33305 Deny Statements could exhaust the TCAM entries. Workaround: Reload the device. Looks like this is what I'm hitting, but does anyone know more about this bug? I can't seem to see CSCtz33305, but it'd be good to know if there's any workaround to avoid hitting this issue... Many thanks, Simon ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] ASR1004 and NAT limitation?
Pete, Many thanks for taking the time to respond. On Fri Mar 22, 2013 at 06:26:14PM +0100, Pete Lumbis wrote: My guess is the NAT configuration is actually exceeding TCAM on the ESP that is installed. You can take a look at show platform hardware qfp active tcam resource-manager to see the TCAM utilization. Well, the interesting thing is that this doesn't show anything getting near to full: router#show platform hardware qfp active tcam resource-manager usage QFP TCAM Usage Information 80 Bit Region Information -- Name: Leaf Region #0 Number of cells per entry : 1 Current 80 bit entries used : 0 Current used cell entries : 0 Current free cell entries : 0 160 Bit Region Information -- Name: Leaf Region #1 Number of cells per entry : 2 Current 160 bits entries used : 37 Current used cell entries : 74 Current free cell entries : 4022 320 Bit Region Information -- Name: Leaf Region #2 Number of cells per entry : 4 Current 320 bits entries used : 0 Current used cell entries : 0 Current free cell entries : 0 Total TCAM Cell Usage Information -- Name: TCAM #0 on CPP #0 Total number of regions : 3 Total tcam used cell entries: 74 Total tcam free cell entries: 524214 Threshold status: below critical limit If you have a lab box I would expect your configuration could be copy/pasted into it to see the same problem and you could try to test config changes there. I would start by seeing if removing the deny in the NAT route-map makes a difference. I guess the thing to do is to try adding back in some additional NAT rules and see which of the TCAM regions increases rapidly towards full. I don't currently have a spare ASR1k for the lab, but as a result of this issue I'm trying to source one to be able to carry out some further testing. Many thanks, Simon ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
[c-nsp] Making SUP720 cope better under BGP load
All, I'm currently using SUP720-3BXL's in my BGP border devices. Obviously the SUP720 is not a particularly fast CPU, so it is pretty slow at bringing up a lot of BGP sessions. On one particular box, I've got 250 BGP neighbours - 1 full table transit, 2 IGP to route-reflectors, and the rest are peering sessions at an IXP. Recently, the IXP did maintenance causing the interface to drop, and it bought the box to its knees. The BGP Router process takes all the available CPU while it tries to re-establish the BGP sessions. While this is happening, the SUP720 seems to give up processing other stuff in a timely manner - and I see MPLS LDP drop, OSPF neighbours drop, and then BGP sessions drop due to hold timer expires. With all these drops, it causes even more CPU load, and the cycle continues. I've been talking to other SUP720 using ISPs, and it seems that some see this same effect, and others don't. Currently running 12.2(33)SXJ3 Are there any tweaks that I can apply to the IOS config to make the SUP720 cope better in this sort of situation? I'd be happy for the BGP sessions to take a lot longer to re-establish, if it didn't kill everything else in the process... And, as a follow-on question, given that the SUP720 is so under-powered for BGP, what other options do I have which would cope better? SUP-2T? Or, if I need to move away from the 6500, what's good for BGP routing with about 20-40G of throughput (i.e. 4-8 * 10GE ports)? How does the ASR9k or ASR1k range fair for BGP performance? Many thanks in advance, Simon ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] Making SUP720 cope better under BGP load
On Fri Dec 07, 2012 at 09:54:08AM -0500, Randy wrote: Have you considered a CoPP policy to limit the rate of BGP convergence? Not sure if it would help with so many peers but it might lessen the pain on your 3 full tables. No - I'm not doing any CoPP at the moment - but probably should. Are there any cookbooks / cribsheets for using CoPP to rate limit BGP? Simon ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
[c-nsp] Understanding ASR1k variants
Cisco-NSP'ers, Due to a requirement to deploy CGN, I'm looking at the Cisco ASR1k range for the first time, and I'm a little confused about the different variants of RP, ESP, SIP, etc - and I'm hoping someone can clarify things a bit. I'm looking for a box which can route 10GE to 10GE at linerate. What's the difference between the RP1 and RP2? The only obvious difference from reading the datasheets is the amount of memory? With the ESP, because I want to route 10GE to 10GE, is it right that I need the ESP20, as I'm looking at 2 * 10GBps of traffic (ingres + egress)? Likewise with the SIP, the SIP10 won't be fast enough for full 10GE to 10GE, so I need the SIP40? Bringing this all together, if I'm looking for a box that can do 10GE to 10GE, then the smallest ASR1k that will do this is the ASR1002-X? As well as the chassis, I'd need to buy the 20Gbps license, the IP Base license for the RP, and 2 * 10GE SPAs? Many thanks, Simon ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] Cisco's new 4500-X 10G Aggregation Switches
Did you read the datasheet? http://www.cisco.com/en/US/prod/collateral/switches/ps10902/ps12332/data_sheet_c78-696791.html - IPv6 support in hardware, providing wired-network-rate forwarding for IPv6 networks and support for dual stack with innovative resource utilization - Dynamic hardware forwarding-table allocations for ease of IPv4-to-IPv6 migration 122 Mpps routing for IPv6 compared to double that for IPv4. Simon On Fri Feb 10, 2012 at 03:07:43PM -0500, harbor235 wrote: I am sure it will do V6, but is the hardware optimized for V6? V6 hardware forwarding and TCAMs able to handle the tens of millions of routes expected. Perhaps there will be incremental updates so they can soak us thoroughly So, will it do V6 well is the real question? Mike 2012/2/10 ?ukasz Bromirski luk...@bromirski.net On 2012-02-10 19:58, Gert Doering wrote: What about IPv6? It's a Sup7E in a box. Expect the same features and caveats. -- There's no sense in being precise when | ?ukasz Bromirski you don't know what you're talking | jid:lbromir...@jabber.org about. John von Neumann |http://lukasz.bromirski.net __**_ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/**mailman/listinfo/cisco-nsphttps://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/**pipermail/cisco-nsp/http://puck.nether.net/pipermail/cisco-nsp/ ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/ -- Simon Lockhart | * Server Co-location * ADSL * Domain Registration * Director| * Domain Web Hosting * Connectivity * Consultancy * Bogons Ltd | * http://www.bogons.net/ * Email: i...@bogons.net * ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] Cisco's new 4500-X 10G Aggregation Switches
On Fri Feb 10, 2012 at 01:31:12PM -0800, Sachin Gupta (sagupta) wrote: Full IPv6 support at FCS. What I mean by full is feature parity with Supervisor Engine 7-E on Catalyst 4500 platform. [SNIP] Sachin, Can I just publicly thank you (and the other Cisco employees who post to cisco-nsp) for your openness and willingness to answer questions on this list. I find it very helpful and greatly appreciate it. Simon ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] New Joiner - ME3600X and tools
On Tue Mar 29, 2011 at 10:35:41AM -0700, Waris Sagheer (waris) wrote: VPLS and H-VPLS will be supported in the next release coming out in June 2011. On the ME3600X as well, or just the ME3800X? Simon ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] New Joiner - ME3600X and tools
On Mon Mar 28, 2011 at 02:22:55PM -0700, Seth Mattinen wrote: The only thing any of us can really do about that is decline to buy it. Otherwise there is no perceivable effect in sales to its lack of IPv6 support, and no driving force to get it there. Depends what you want to use it for. I've got one (so far) which I'm going to be using as an EoMPLS endpoint. It has all the features I need for that. If I wanted an ethernet access box that did L3 with IPv4 and IPv6, then I would (and do) use a 3560G (or 3560E if I need 10G). Simon ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] QinQ on 3550 not working?
On Fri Jan 21, 2011 at 11:51:26PM +0100, Tth Andrs wrote: Did you enable the extended routing SDM template on the 3550 switch? Note that while on the 3560 it's only called routing, the 3550 has an extended routing version, which has to be enabled for VRF to work. Yes - I did that (as the switch complained at me when I hadn't done it). I also tried it without a VRF, which didn't help either. Simon ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
[c-nsp] QinQ on 3550 not working?
All, I've got a requirement for one of our customers to run two seperate networks over the same ethernet based WAN. The WAN is provided by the carrier as single VLAN per site, dot1q tagged at each end (both the customer site and our central PoP). The customer sites are all live currently with a single network to each site, and have either a 3560 or a 3550 running ipservices software images as the layer 3 device for the site. It would appear that QinQ is a good solution to this problem, and I've got it working in the lab where the edge router is a 3560, but if I put the same config onto a 3550, then it doesn't work - and I'm stumped as to why. ASCII Network diagram: +---+ | Customer Site | | switch (3560)| +---+ Fa0/24 | | -- dot1q trunk allowing only Vlan 310 Carrier WAN | Fa0/1 | +---+ | Central PoP | | Aggregation Switch| +---+ Fa0/24 || Fa0/2 || | +---+ | | Central PoP | | | Network 2 Router | | +---+ | +---+ | Central PoP | | Network 1 Router | +---+ Customer site switch config (relevant bits): ip vrf network2 ! vlan 310 name CarrierUplink ! vlan 500 name Network2Uplink ! interface GigabitEthernet0/1 description Network 2 QinQ port (looped to Gig0/2) switchport access vlan 310 switchport mode dot1q-tunnel ! interface GigabitEthernet0/2 description Network 2 Uplink (looped to Gig0/1) switchport trunk encapsulation dot1q switchport trunk allowed vlan 500 switchport mode trunk ! interface GigabitEthernet0/24 description Carrier Uplink switchport trunk encapsulation dot1q switchport trunk allowed vlan 310 switchport mode trunk ! interface Vlan310 description Network1 P2P ip address 172.30.1.2 255.255.255.252 ! interface Vlan500 description Network2 P2P ip vrf forwarding network2 ip address 172.40.1.2 255.255.255.252 ! Central PoP Aggregation Switch config: vlan 310 name cust.site ! interface FastEthernet0/1 description link to Carrier switchport trunk encapsulation dot1q switchport mode trunk ! interface FastEthernet0/2 description link to Network2 Router switchport trunk encapsulation dot1q switchport mode trunk ! interface FastEthernet0/48 description link to Network1 Router switchport trunk encapsulation dot1q switchport mode trunk ! Central PoP Network1 Router config: vlan 310 name cust.site ! interface GigabitEthernet0/1 description link to Aggregation Switch switchport trunk encapsulation dot1q switchport mode trunk ! interface Vlan310 description cust.site ip address 172.30.1.1 255.255.255.252
[c-nsp] Wierd C3560 config changes
All, I've got a bunch of Cisco 3560-xxTS's deployed as edge switches. Of the most recent batch, I've got just one switch which is showing odd behaviour, and I'm wondering if anyone has seen this before. The switch is running c3560-ipbasek9-mz.122-53.SE2 I'm monitoring the switch with rancid, and periodically, extra lines keep appearing in the config. I'm not putting them there, and there's nothing in the log around the time they appear... Excerpts from what rancid spots: interface FastEthernet0/15 - switchport trunk pruning vlan 2-960,969-1001 + no mac address-table learning vlan 4064-4067,4069 - no mac address-table learning vlan 4064-4067,4069 interface FastEthernet0/16 + switchport trunk pruning vlan 2-960,969-1001 interface FastEthernet0/16 - switchport trunk pruning vlan 2-960,969-1001 interface FastEthernet0/16 + switchport trunk pruning vlan 2-960,969-1001 interface FastEthernet0/16 - switchport trunk pruning vlan 2-960,969-1001 Occasionally, it's also crashing and rebooting... System returned to ROM by address error at PC 0x1B6599C, address 0x0 System restarted at 06:31:09 BST Fri Jun 4 2010 I'd say it was a software bug, but it's only affecting one switch (out of about 20 running that specific IOS). Then again, I'm not convinced that it's a hardware issue (why would hardware make likes appear/vanish from config?) Any ideas? Simon ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] SNMP irregularities.
On Fri Mar 12, 2010 at 05:40:56PM +0100, Peter Rathlev wrote: SNMPv2-SMI::mib-2.17.4.3.1.1.164.186.219.22.153.81 = Hex-STRING: A4 BA DB 16 99 51 This MAC address is strange though. :-) Plenty of strange MAC addresses around these days... From http://standards.ieee.org/regauth/oui/oui.txt : A4-BA-DB (hex)Dell Inc. A4BADB (base 16)Dell Inc. One Dell Way, MS RR5-45 Round Rock Texas 78682 UNITED STATES Simon ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] Syslog Platform for a Telco Environment
A telco (fixed line/mobile carrier) is looking to deploy a centralized syslog solution for their environment for storing, viewing and analyzing logs. A linux-based platform / commercial offering is preferred. Do you have any such product in mind? Thanks. Isn't Splunk the defacto answer to that question? Simon -- Simon Lockhart | * Sun Server Colocation * ADSL * Domain Registration * Director|* Domain Web Hosting * Internet Consultancy * Bogons Ltd | * http://www.bogons.net/ * Email: i...@bogons.net * ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] Coax E1 over IP
On Thu Nov 19, 2009 at 01:35:29PM +0100, Peter Rathlev wrote: What can one do to take an E1 circuit from coax? Put it through an RJ45 to Coax balun? The difference between RJ45 and Coax is purely electrical, and baluns to convert are easily available and at low cost. Simon -- Simon Lockhart | * Sun Server Colocation * ADSL * Domain Registration * Director|* Domain Web Hosting * Internet Consultancy * Bogons Ltd | * http://www.bogons.net/ * Email: i...@bogons.net * ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] IOS 15.0 - why the numbering jump?
On Sun Oct 04, 2009 at 11:10:07PM +0100, Peter Hicks wrote: Just noticed IOS 15.0 is out... but why the sudden jump in image naming?! Looks like they've jumped from 12.4 to 15.0. Sounds a bit like the jump from Solaris 2.6 to Solaris 7. Took a look at 15.0 for my 877... ADVANCED IP SERVICES c870-advipservicesk9-mz.150-1.M.bin Release Date: 01/Oct/2009 Size: 23554.10 KB (24119396 bytes) Minimum Memory: DRAM:192 MB Flash:36 MB My 877 is fairly new (couple of months old), and only has 128M of RAM and 24M of flash. Gah, bloat. Simon -- Simon Lockhart | * Sun Server Colocation * ADSL * Domain Registration * Director|* Domain Web Hosting * Internet Consultancy * Bogons Ltd | * http://www.bogons.net/ * Email: i...@bogons.net * ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] EoMPLS v L2TPv3
On Fri Sep 25, 2009 at 10:44:14AM +0100, Michael Robson wrote: What is the added benefit of running an EoMPLS pseudowire across an MPLS cloud over an L2TPv3 tunnel over the same cloud? In my experience, a difference in which feature is supported on the hardware you've got. My gut feel is that EoMPLS has more hardware support than L2TPv3. Simon -- Simon Lockhart | * Sun Server Colocation * ADSL * Domain Registration * Director|* Domain Web Hosting * Internet Consultancy * Bogons Ltd | * http://www.bogons.net/ * Email: i...@bogons.net * ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] HWIC-1ADSL-M
On Thu Sep 03, 2009 at 07:16:27PM +0100, Alex Pimperton wrote: Reading through the specs for the above card Cisco mentions not supporting UK Mask. Does this mean the card doesn't work for ADSL-M (Seemingly often branded as SDSL-M) in the UK? ADSL and SDSL are two very different things. HWIC-1ADSL-M will do ADSL2+, but probably not SDSL. We're looking at getting some SDSL-M circuits to see what they're like, from Spitfire and Nildram (Tiscali), anybody using either HWIC-1ADSL-M or C877-M with those providers Annex M services? We sell ADSL2+ services in the UK using Be/O2 LLU tails, and they have approved bother the HWIC-1ADSL-M and the C877-M for their service. I'm using a C877-M right now. Simon -- Simon Lockhart | * Sun Server Colocation * ADSL * Domain Registration * Director|* Domain Web Hosting * Internet Consultancy * Bogons Ltd | * http://www.bogons.net/ * Email: i...@bogons.net * ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] Humor: Cisco announces end of BGP
On Wed Jul 29, 2009 at 12:11:59PM -0400, Eric Van Tol wrote: This is true, but they are the only provider that we have run up against that actually charges *extra* for v6, at outrageous per-meg rates. Last quote I got was two years ago, so perhaps things have changed. We've been running IPv6 with Level3 and NTT/Verio for a while now, and neither charged any extra for the privilege. Simon -- Simon Lockhart | * Sun Server Colocation * ADSL * Domain Registration * Director|* Domain Web Hosting * Internet Consultancy * Bogons Ltd | * http://www.bogons.net/ * Email: i...@bogons.net * ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] Cisco's New Software Download Experience
On Thu Jul 09, 2009 at 11:41:16AM +0300, Tassos Chatzithomaoglou wrote: Has anyone seen the new download experience? http://www.cisco.com/web/tsweb/flash/swc/cisco_support_swc.html Multiple downloads Download cart added Cisco's downloader is (must be?) used I had it foisted on me a week or so back when trying to download an image. Shortly before CCO just broke, totally. The download manager is a java applet. No java, no downloads (I tried this when I was getting frustrated with it). After waiting a couple of hours for an image to download over a slow connection (as I now couldn't download it straight to the datacentre), their applet said the download was complete. Except... I couldn't find it. Tried downloading again. Still no sign of it. I eventually found it... On my linux box, it was a hidden file, called: .\filename.foo - yup, it had assumed that I was running windows and had used \ as a directory seperator. Next time I tried downloading an image, I wasn't presented with the download manager, and everything worked smoothly. Simon -- Simon Lockhart | * Sun Server Colocation * ADSL * Domain Registration * Director|* Domain Web Hosting * Internet Consultancy * Bogons Ltd | * http://www.bogons.net/ * Email: i...@bogons.net * ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] DHCP server suited for option 82
On Mon Apr 27, 2009 at 02:08:59PM -0700, Charles Wyble wrote: http://www.thtech.net/article/10 for ISC example That appears to be the canonical example that's trotted out everytime Option 82 is mentioned. Fine if all you want to do is log the Option 82 information, but less than useful if you want to do anything intelligent based on it. I've ended up developing my own simple DHCP server - I don't need the complexities that ISC offers, but I do need to do clever stuff with Option 82, and I also need to trigger external actions whenever IPs are leased, renewed, released, etc. I didn't really want to rely on watching a logfile to achieve this. SImon ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] Lab setup
On Mon Feb 09, 2009 at 10:27:25AM -0700, Clinton Work wrote: a) Set both POS interfaces to clock source internal because there is no network clock in a back to back configuration. Surely if you're connecting back to back you want clock source internal on one end, and clock source network on the other end - otherwise you've got two free running clocks which might be in sync, or might not... Simon ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] 3560, 3560E, 3750E and Adv IP code EoLed?
On Fri Jan 30, 2009 at 01:27:23PM -0600, Justin Shore wrote: Does anyone know the story on the end-of-life announcement I just got for the 3560, 3560E and 3750E switches for their Adv IP code? EoL was 5 days ago, last date for selling is 4/29 and that's also the last day for support. The announcement says that there aren't any replacement options for the code either. WTF? Did I miss something? Is Cisco taking away the L3 features from these switches? I heard that Cisco was planning to roll IPv6 into IP Services. Did AdvIP give you anything more than IPv6? Simon -- Simon Lockhart | * Sun Server Colocation * ADSL * Domain Registration * Director|* Domain Web Hosting * Internet Consultancy * Bogons Ltd | * http://www.bogons.net/ * Email: i...@bogons.net * ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] Client DHCP Server
On Sun Nov 02, 2008 at 11:26:10AM +, Mohammed Dado wrote: I have a customer facing a problem that his end-user WiFi router's are issuing IP addresses ! I'm under the impression that this could be stopped by the DHCP snooping binding configurations in the ISP end. Any ideas ? Before anyone can try to speculate on how to solve such a problem, you'll need to provide more information, such as what the access network technology is, what Cisco hardware you have at the ISP end. Simon -- Simon Lockhart | * Sun Server Colocation * ADSL * Domain Registration * Director|* Domain Web Hosting * Internet Consultancy * Bogons Ltd | * http://www.bogons.net/ * Email: [EMAIL PROTECTED] * ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] 12.2SXH 'archive' / Configuration Management
On Sun Jun 08, 2008 at 04:14:33PM +0100, Alex Howells wrote: That template makes fairly extensive use of the 'archive' command but some older IOS doesn't include that functionality; I've also seen/heard RANCID being deployed and would like something which Just works. RANCID just works. Won't catch *every* change, as it's a polling based system, but I've never had a problem with it. If you want to capture every change that's made, consider TACACS - you'll probably want that anyway for individual logins to routers... Simon -- Simon Lockhart | * Sun Server Colocation * ADSL * Domain Registration * Director|* Domain Web Hosting * Internet Consultancy * Bogons Ltd | * http://www.bogons.net/ * Email: [EMAIL PROTECTED] * ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] CVR-X2-SFP
On Wed May 14, 2008 at 01:56:20PM +0200, [EMAIL PROTECTED] wrote: Who can tell me whether the Twingig CVR-X2-SFP are supported in 6500 module WS-X6708-10G-3C ? No - they depend on an additional connector at the back of the slot which is only in the 3750E etc boxes. Simon -- Simon Lockhart | * Sun Server Colocation * ADSL * Domain Registration * Director|* Domain Web Hosting * Internet Consultancy * Bogons Ltd | * http://www.bogons.net/ * Email: [EMAIL PROTECTED] * ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] CVR-X2-SFP
Does anyone try to use CVR-X2-SFP (Cisco TwinGig Converter Module) with cat6500 WS-X6708-10GE module. I try to insert it but have bad EEPROM. I would not expect them to work anywhere but on the 3750E, at least for now. Given that (as far as I can work out) they work by having both X2 and SFP connectors at the back of the slot in the switch, then I'm not surprised that they don't work in the 6708 module. We use them successfully in 3750E's. Simon -- Simon Lockhart | * Sun Server Colocation * ADSL * Domain Registration * Director|* Domain Web Hosting * Internet Consultancy * Bogons Ltd | * http://www.bogons.net/ * Email: [EMAIL PROTECTED] * ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] IPv6 on C3550, finally? (12.2(44)SE)
On Fri Feb 01, 2008 at 01:02:51PM +1030, Tom Storey wrote: Did you turn on ipv6 unicast-routing? Though one would expect for a connected subnet this should not matter. Yes - that's turned on (otherwise you don't get an IPv6 routing table at all). ipv6 cef might also be available. It is on my 2620 (non XM). I didn't find it. Simon -- Simon Lockhart | * Sun Server Colocation * ADSL * Domain Registration * Director|* Domain Web Hosting * Internet Consultancy * Bogons Ltd | * http://www.bogons.net/ * Email: [EMAIL PROTECTED] * ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] IPv6 on C3550, finally? (12.2(44)SE)
On Fri Feb 01, 2008 at 08:56:59AM +0100, [EMAIL PROTECTED] wrote: And what's the point, anyway? As far as I know the 3550 *hardware* can't do IPv6 routing. As long as you're talking about *software* IPv6 routing, a suitable 2800 router would probably give you better performance... The point is that I've got a whole load of 3550's providing customer-edge for colo'd servers, and customers are starting to ask for IPv6. Given the volume of IPv6 traffic I'll see in the short term, I'm happy enough with process switched. Simon -- Simon Lockhart | * Sun Server Colocation * ADSL * Domain Registration * Director|* Domain Web Hosting * Internet Consultancy * Bogons Ltd | * http://www.bogons.net/ * Email: [EMAIL PROTECTED] * ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
[c-nsp] IPv6 on C3550, finally? (12.2(44)SE)
Noticed that 12.2(44)SE was recently released for the Cat3550 switch, and feature navigator lists a whole load of IPv6 support. Yay! However, it doesn't seem to work very well... interface Loopback0 no ip address ipv6 address 2001:4B10::100/128 ipv6 enable end lab-sw.rbsov#ping 2001:4b10::100 Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to 2001:4B10::100, timeout is 2 seconds: ! Success rate is 100 percent (5/5), round-trip min/avg/max = 0/2/4 ms However, if I try to do IPv6 over an ethernet port, it's less successful... interface Vlan515 no ip address ipv6 address 2001:4B10:0:2::2/64 ipv6 enable end lab-sw.rbsov#ping 2001:4b10:0:2::1 Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to 2001:4B10:0:2::1, timeout is 2 seconds: . Success rate is 0 percent (0/5) Running debug ipv6 packet on both ends of the link shows packets being sent by lab-sw, and replies being sent by the upstream switch (a 3560), but the 3550 never learns any neighbours, and pings don't work... lab-sw.rbsov#show ipv6 nei lab-sw.rbsov# Have I missed something needed to make this work, or is it just a work in progress, released prematurely? Simon -- Simon Lockhart | * Sun Server Colocation * ADSL * Domain Registration * Director|* Domain Web Hosting * Internet Consultancy * Bogons Ltd | * http://www.bogons.net/ * Email: [EMAIL PROTECTED] * ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] What is this part number?
On Wed Jan 16, 2008 at 11:22:00AM -0500, Sridhar Ayengar wrote: Right now, I need to find out what a 73-2570-01 is. Did you try google? Looks like it's a PA-FE-TX Simon -- Simon Lockhart | * Sun Server Colocation * ADSL * Domain Registration * Director|* Domain Web Hosting * Internet Consultancy * Bogons Ltd | * http://www.bogons.net/ * Email: [EMAIL PROTECTED] * ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] Non-cisco product integration into CISCO
On Fri Jan 04, 2008 at 03:38:14PM +0800, Dracul wrote: I am trying to integrate an AMINO STB (used for iptv) to a cisco dot1.qtrunk. any thoughts on this? I'm not aware that the Amino STB supports dot1q. Simon -- Simon Lockhart | * Sun Server Colocation * ADSL * Domain Registration * Director|* Domain Web Hosting * Internet Consultancy * Bogons Ltd | * http://www.bogons.net/ * Email: [EMAIL PROTECTED] * ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] Input errors between PE - P
On Wed Nov 07, 2007 at 09:56:32AM +0100, Kike wrote: In the sh ip int output both routers have 1500 in the MTU... So they'll use 1500 for IP packets - but you also need to allow for MPLS tags. Your interfaces are set in 9216 with the command mtu 9216 or ip mtu 9216? mtu 9216 Simon ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] Input errors between PE - P
On Wed Nov 07, 2007 at 09:38:19AM +0100, Kike wrote: Well... I'm a little lost with the MTU concept here... because I configured two different MTUs, but I don't understand which exactly is the function of the following commands: tag-switching mtu 1508 -- P Router mtu 1508 -- PE Router ip mtu 1500 -- PE Router I can't remember the exact details of which is which, but the underlying one which affects what can be sent out onto the wire is mtu 1508. I suggest you set this the same on all routers on the same LAN (On my 10G MPLS interfaces, I set it right up to 9216). Simon ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] Input errors between PE - P
On Wed Nov 07, 2007 at 09:00:19AM +0100, Kike wrote: PE#sh int gi0/0 GigabitEthernet0/0 is up, line protocol is up MTU 1508 bytes, BW 100 Kbit, DLY 10 usec, PE#sh int gi2/0 GigabitEthernet2/0 is up, line protocol is up MTU 1508 bytes, BW 100 Kbit, DLY 10 usec, P#sh int gi1/1 GigabitEthernet1/1 is up, line protocol is up (connected) MTU 1500 bytes, BW 100 Kbit, DLY 10 usec, P#sh int gi2/1 GigabitEthernet2/1 is up, line protocol is up (connected) MTU 1500 bytes, BW 100 Kbit, DLY 10 usec, The errors are occuring on the interfaces with the smaller MTU - could this be the problem? Simon -- Simon Lockhart | * Sun Server Colocation * ADSL * Domain Registration * Director|* Domain Web Hosting * Internet Consultancy * Bogons Ltd | * http://www.bogons.net/ * Email: [EMAIL PROTECTED] * ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] Cisco noob -- design guidance request
On Sat Sep 01, 2007 at 10:12:07PM -0600, David L. West wrote:
I'm setting up a new LAN in an office building with multiple tenants who
will be sharing internet access, DNS/DHCP but have individual VLANS to keep
them seperate from the other tenants. I think that the key here is having
each VLAN have a helper address that serves as a DHCP Relay Agent , which
in turn is how the DHCP server knows which range to hand the client.
Yup - this is a standard design for multi-subnet DHCP.
After a lot of googling, I came up with a configuration that I think will
allow all the VLANs to share a DNS/DHCP server, and am detailing it here in
the hopes of getting some indication of whether I'm on the right track.
You're almost there...
The server has a NIC configured with multiple IPs, like so:
172.16.0.1 / 255.255.255.254 ; Subnet 0 -- Reserved for switches routers
172.16.2.0 / 255.255.255.254 ; Subnet 1 -- Reserved for network servers
172.16.4.0 / 255.255.255.254 ; Subnet 2 -- First tenant subnet (VLAN 102)
172.16.6.0 / 255.255.255.254 ; Subnet 3 -- First tenant subnet (VLAN 103)
...
172.16.0.255 / 255.255.255.254 Subnet 127 (VLAN 227)
You don't need to do this. Assuming you're only doing this for DHCP, then the
server does not need to be in every subnet. By configuring ip helper address
the switch will do DHCP relay, and turns the DHCP request into a unicast
request to the server, and adds something to the request to tell the DHCP
server which subnet it should allocate the address from.
This NIC is connected to a switch port configured like so:
interface GigabitEthernet0/12
switchport trunk allowed vlan 30,102-227
switchport mode trunk
spanning-tree portfast
No need - just configure the server as a access port on the switch in the
vlan for 172.16.2.0/23 and give it an IP in that subnet (e.g. 172.16.2.1)
The Vlans 102-227 are derived by adding 100 to the subnets above, so VLAN102
is:
interface Vlan102
ip address 172.16.5.254 255.255.254.0
ip helper-address 172.16.4.1
no ip route-cache
Configure ip helper-address 172.16.2.1 rather than what you have.
DHCP is running on the server with a dhcpd.conf like so:
Sorry, I can't remember the exact syntax for the dhcpd.conf for this, but
you just need to add a subnet {} section for each of the subnets, and it'll
work out what you mean...
Hope that helps,
Simon
--
Simon Lockhart | * Sun Server Colocation * ADSL * Domain Registration *
Director|* Domain Web Hosting * Internet Consultancy *
Bogons Ltd | * http://www.bogons.net/ * Email: [EMAIL PROTECTED] *
___
cisco-nsp mailing list cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] Cisco noob -- design guidance request
On Sun Sep 02, 2007 at 08:16:14AM -0600, David L. West wrote: Thanks. I think I screwed up buying the hardware though. I have a 2960G-24TC as the core switch in the server room, a 2960-48TT for the first floor, and a 3548XL for the 3rd. Only the last is Layer 3. Reading your message and doing further research I begin to suspect I have to have Layer 3 switches throughout for this all to work. No - you just need one Layer 3 device, with an interface in each subnet. Neither the 2960G nor the 3548XL is a Layer 3 device, so you'll need to find a router from somewhere, and trunk all the vlans into that to do the routing between them, and to the outside world. Simon -- Simon Lockhart | * Sun Server Colocation * ADSL * Domain Registration * Director|* Domain Web Hosting * Internet Consultancy * Bogons Ltd | * http://www.bogons.net/ * Email: [EMAIL PROTECTED] * ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] NM-2CE1B pinout
On Tue May 22, 2007 at 04:15:00PM +0200, Vincent De Keyzer wrote: I can't find the pinout of the DB-15 connector on the NM-2CE1B. I'm fairly certain it's this one... http://www.cisco.com/univercd/cc/td/doc/product/access/acs_serv/as5400/hw_inst/mig/54crdcbl.pdf Simon -- Simon Lockhart | * Sun Server Colocation * ADSL * Domain Registration * Director|* Domain Web Hosting * Internet Consultancy * Bogons Ltd | * http://www.bogons.net/ * Email: [EMAIL PROTECTED] * ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] GRE router recommendations
On Fri Apr 20, 2007 at 11:14:16PM +0200, Asbjorn Hojmark - Lists wrote: At the sites where I need to tunnel from are currently 3550 switches (and a few 3750's). What sort of GRE performance should I see from those? GRE is not supported on the small Catalyst switches. It does work (in some versions?) but only at low performance and with high CPU utilization... And, again, it's not supported. Yeah - I've since found that on the Cisco website. But, what about GRE performance on true routers? Simon -- Simon Lockhart | * Sun Server Colocation * ADSL * Domain Registration * Director|* Domain Web Hosting * Internet Consultancy * Bogons Ltd | * http://www.bogons.net/ * Email: [EMAIL PROTECTED] * ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
