Re: [c-nsp] Bundle member issue
Take a look at UDLD. If router A and router B have a fiber cable between them, and one strand, but not the other gets cut. Lets say the strand that router A is using for TX (and therefore router B is using it for RX) Router B should realize the link is down (likely in a UP/DOWN state), however router A is still receiving a signal from router B on the unaffected strand of fiber, so it thinks it is up. If you are doing layer 2 switching, this can really have a big impact on spanning tree states, I've had it cause a large switching loop even with rapid-pvst running. UDLD, when enabled on both ends in aggressive mode, negotiates a heartbeat-like communciations, and if that stops on either end, it is assumed you have a unidirectional link (exactly what happened to you) and shuts down the port in an err-disabled state. Or, you could look at bidirectional optics, where they place tx and rx on two different wavelength's of a single strand. Typically this makes stocking spares a little harder though, since you have to match them up in pairs (for example one tx=1310nm, rx=1490nm, the other is tx 1490nm, rx=1310nm) If this is a platform that does not support UDLD, and you are using a routing protocol on this link, I would look into whether or not BFD is applicable. - Original Message - From: Alejandro Aristizabal aaristiza...@mediacommerce.net.co To: cisco-nsp@puck.nether.net Sent: Thursday, April 10, 2014 1:11:38 PM Subject: [c-nsp] Bundle member issue Good, I got an interface Bundle with 2 memebers, interfaces Gi0/0/0/18 and Gi0/0/0/19 (each one has two fiber cords, rx and tx), one fiber cord (tx) got damaged on interface Gi0/0/0/19 but this interface was still in UP UP state, the bundle still used this interface for traffic sending. ¿if one cord got damaged why the interface was still in UP UP state... How can I make if this happen again, the interface Gi0/0/0/19 goes down ? thanks for read this message, and Id like some one help me solving this issue. -- Alejandro Aristizabal Analista de Interconexión Email: aaristiza...@mediacommerce.net.co Móvil: 3206777514 ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/ ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] transparent lan via asr9k and calix c7 (ftth olt)
On the Calix E7 solution with GPON ONT's, which is a little different than the
C7, we have to enable TLS or transparent LAN ('PON TLAN' in the CMS gui) for
the vlan that gets transported.
this is the feature, at least in the E7 GPON, that is required for CDP, and
multicast traffic (most notably OSPF) to not be dropped.
All of our Calix GPON use is strictly providing layer 2 transport and not using
their layer 3 features.
I would guess that Calix would use the same terminology in the C7 as in the E7.
Walter Keen
Network Engineer
RAINIER CONNECT
C 253.302.0194
P 360.832.4024
- Original Message -
From: Lukas Tribus luky...@hotmail.com
To: Aaron aar...@gvtc.com, cisco-nsp@puck.nether.net
Sent: Thursday, February 13, 2014 2:31:07 PM
Subject: Re: [c-nsp] transparent lan via asr9k and calix c7 (ftth olt)
Hi,
Perhaps someone out there can help.
I have a FTTH scenario where I have asr9k as core box and Calix C7 and (2)
subscriber sites wanting to be in the same transparent lan. Cisco 3750 at
both customer prem. Both subscriber sites are on same c7, but I put one
site in vlan 101 and other site in vlan 102 and flow them up northbound out
of c7 gige uplinks into asr9k and l2vpn them together into a single
bridge-domain.
Connectivity.
3750-1 g1/0/1- ont - c7 -- g0/0/0/14.101 asr9k g0/0/0/4.102
--- (same c7 different gige link) -- ont -- g1/0/1 3750-2
Just to clarify: The 3750 switches need to see each other via STP, not
the customer behind the 3750?
If you just need STP transparency for your customer behind the 3750, you
can just enable l2protocol-tunnel stp on the customer facing ports of
the 3750 [1].
But I think you want the 3750 to see the other 3750 in CDP/VTP/STP.
In that case, you need to work on the c7/ont clearly.
Really bad workaround on the 3750?
- move the fiber link from g1/0/1 to g1/0/3
- connect g1/0/1 to g1/0/2
- configure g1/0/2 in a QinQ VLAN localQinQVlanid with l2protocol-tunnel stp
- configure g1/0/3 as trunk and allow only vlan localQinQVlanid
- you may want to disable mac learning on vlan localQinQVlanid
[this is basically what the reverse-tunnel on the ASR9k does [2], but
the 3750 can only forward-tunnel, which is why we need a local
loop here]
Do the same thing on the other 3750. This way your 3750 will tunnel
the STP BPDUs across the network, masked with the gbpt mac, and you
will see them on the g1/0/1 link correctly.
So I guess I/we could figure out how to make the vanilla stp bdpu's get
through the c7/ont OR get the 3750 to recognize gbpt stp bpdu's.
Don't use the ASR9k to do the L2PT'ing. Do it on the 3750 if you really
can't get the c7/ont device to pass this trough.
This is a bad and crappy solution. YMMV.
Regards,
Lukas
[1]
http://www.cisco.com/c/en/us/td/docs/switches/lan/catalyst3750x_3560x/software/release/12-2_55_se/configuration/guide/3750xscg/swtunnel.html#wp1005050
[2]
http://www.cisco.com/c/en/us/td/docs/routers/asr9000/software/asr9k_r4-2/lxvpn/command/reference/b_vpn_cr42asr9k/b_lxvpn_cr42asr9k_chapter_01.html#wp3160783664
___
cisco-nsp mailing list cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/
___
cisco-nsp mailing list cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/
[c-nsp] C7600/ES+ double tagged termination issue
Having some problems with TAC troubleshooting this one. Wondering if anyone has run into this before It's a 7606 with an RSP720-3cxl and ES+20g card terminating double tagged traffic as well as pppoe users. double tagged traffic is terminated using 'access' subinterfaces referencing a unnumbered loopback setup with helper addresses pointing to an external dhcp cluster. I keep having issues with the double tagged connections, almost like it stops receiving the data, however pppoe users haven't noted any impact yet. once this message appears in the logs, it appears to start working again. TAC seems to be having trouble finding what this message might indicate Log Buffer (8192 bytes): FCC8, name: AVLDup list), having 1 elements -Process= SSM connection manager, ipl= 0, pid= 190 -Traceback= 817B420 832CD28 9718290 9264350 92657F8 9265CE4 9265DFC 96BAE20 8A6AD4C 9725880 972592C 8A6B8C4 8A6BAA8 8A5B694 8A5B7DC 9725880 *Sep 20 12:01:10.191: %SYS-DFC2-3-BADLIST_DESTROY: Removed a non-empty list(19A4FB60, name: AVLDup list), having 1 elements -Process= SSM connection manager, ipl= 0, pid= 190 -Traceback= 817B420 832CD28 9718290 9264350 92657F8 9265CE4 9265DFC 96BAE20 8A6AD4C 9725880 972592C 8A6B8C4 8A6BAA8 8A5B694 8A5B7DC 9725880 *Sep 20 12:01:10.771: %SYS-DFC2-3-BADLIST_DESTROY: Removed a non-empty list(2D487D60, name: AVLDup list), having 1 elements -Process= SSM connection manager, ipl= 0, pid= 190 Walter Keen Network Engineer Rainier Connect ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] WS-SUP720-3B and DOM/DDM enabled SFPs
I can verify a generic one works on SUP720-3b running 12.2(33)SRE But not on any of the linecards we have, like 6724-sfp. This one's not in use. core-1#sh int gi8/1 transceiver Transceiver monitoring is disabled for all interfaces. ITU Channel not available (Wavelength not available), Transceiver is externally calibrated. If device is externally calibrated, only calibrated values are printed. ++ : high alarm, + : high warning, - : low warning, -- : low alarm. NA or N/A: not applicable, Tx: transmit, Rx: receive. mA: milliamperes, dBm: decibels (milliwatts). Optical Optical Temperature Voltage Current Tx Power Rx Power Port (Celsius) (Volts) (mA) (dBm) (dBm) - --- --- Gi8/1 15.9 3.34 0.0 N/A N/A -- core-1# - Original Message - From: Phil Mayers p.may...@imperial.ac.uk To: Tóth András diosbej...@gmail.com Cc: cisco-nsp cisco-nsp@puck.nether.net Sent: Thursday, January 10, 2013 3:28:21 AM Subject: Re: [c-nsp] WS-SUP720-3B and DOM/DDM enabled SFPs On 01/10/2013 11:15 AM, Tóth András wrote: According to Gigabit Transceiver Matrix, DOM is not supported for SX/LH/ZX modules on 6500, neither Sup720 nor Sup2T nor 6824/6848 linecards. I guess that's not terribly surprising given the 6848 is just a 6748 with a DFC4; I doubt they rev'd the linecard hw, so any I2C bugs probably persist. ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/ ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] Best Ipam software?
We're currently using IPPlan without any major issues. newer versions support v6, and has a multi-customer model supporting the idea of the same ip space being used across multiple customers - Original Message - From: Gustav Ulander gustav.ulan...@steria.se To: cisco-nsp@puck.nether.net Sent: Wednesday, September 12, 2012 11:42:51 AM Subject: [c-nsp] Best Ipam software? Hello everyone. I was a little bit curious as to what people are using to handle and manage their ip address spaces? I’m primarily looking for a system that can handle multiple instances of the same subnet existing. We are doing Outsourcing so we have a bunch of customers with overlapping Ip address spaces. Not a problem technically but a lot of the available ipam solutions seems to have a problem with this. Would be great to hear how other people have solved this problem. /Best regards Gustav ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/ ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] GNS3 Multiple Instances
The example Jeffery had should work, just like this example: http://www.cciezone.com/?p=111 However your files have the same port number for both hypervisors. You MUST give them different port numbers. (ie: localhost:7202 for the first one,and localhost:7203 for the second perhaps) you also have to change the udp command. It is the beginning of where it will allocate ports for each hypervisor, they have to differ as well. For example udp = 10201 for the first one, and udp = 10501 for the second one should give them good enough separation that you likely won't have to worry about overlap. - Original Message - From: Mohammad Khalil eng_m...@hotmail.com To: jeff...@gmail.com Cc: cisco-nsp@puck.nether.net Sent: Saturday, August 4, 2012 11:10:10 AM Subject: Re: [c-nsp] GNS3 Multiple Instances No , I have tried that before , even with determining the UDP port numbers , please check my files autostart = False [localhost:7202] workingdir = working udp = 10201 [[3725]] disk0 = 64 image = /root/Desktop/INE/c3725-adventerprisek9-mz.124-18.bin ram = 128 ghostios = True sparsemem = True [[ROUTER R3]] model = 3725 console = 2003 cnfg = R3.cfg f0/0 = R4 f0/0 [[ROUTER R4]] model = 3725 console = 2004 cnfg = R4.cfg f0/0 = R3 f0/0 [GNS3-DATA] configs = initial.configs workdir = working autostart = False [localhost:7202] workingdir = working udp = 10201 [[3725]] disk0 = 64 image = /root/Desktop/INE/c3725-adventerprisek9-mz.124-18.bin ram = 128 ghostios = True sparsemem = True [[ROUTER R3]] model = 3725 console = 2003 cnfg = R3.cfg f0/0 = R4 f0/0 [[ROUTER R4]] model = 3725 console = 2004 cnfg = R4.cfg f0/0 = R3 f0/0 [GNS3-DATA] configs = initial.configs workdir = working BR, Mohammad From: jeff...@gmail.com Date: Fri, 3 Aug 2012 22:54:47 -0500 Subject: Re: [c-nsp] GNS3 Multiple Instances To: eng_m...@hotmail.com CC: cisco-nsp@puck.nether.net Sure, just run multiple instances of the hypervisor... Example is running 3; 7200, 7201, 7202. [ec2-50-16-114-152.compute-1.amazonaws.com:7200] [[ROUTER R1]] console = 2001 aux = 2501 slot0 = C7200-IO-FE f0/0 = SW1 1 slot1 = PA-2FE-TX f1/0 = SW2 1 slot2 = PA-4T+ s2/0 = R7 s2/0 x = -109.828233696 y = -426.765438603 z = 1.0 [[ROUTER R2]] console = 2002 aux = 2502 slot0 = C7200-IO-FE f0/0 = SW1 2 slot1 = PA-2FE-TX f1/0 = SW2 2 slot2 = PA-4T+ s2/0 = R8 s2/0 x = -358.12969685 y = -378.325537855 z = 1.0 [ec2-50-16-114-152.compute-1.amazonaws.com:7201] [[ROUTER R4]] console = 2004 aux = 2504 slot0 = C7200-IO-FE f0/0 = SW1 4 slot1 = PA-2FE-TX f1/0 = SW2 4 x = 205.0 y = -23.0 z = 1.0 [[ROUTER R3]] console = 2003 aux = 2503 slot0 = C7200-IO-FE f0/0 = SW1 3 slot1 = PA-2FE-TX f1/0 = SW2 3 x = 168.0 y = -166.0 z = 1.0 [ec2-50-16-114-152.compute-1.amazonaws.com:7202] [[ROUTER R5]] console = 2005 aux = 2505 slot0 = C7200-IO-FE f0/0 = SW1 5 slot1 = PA-2FE-TX f1/0 = SW2 5 x = -102.0 y = 12.0 z = 1.0 [[ROUTER R6]] console = 2006 aux = 2506 slot0 = C7200-IO-FE f0/0 = SW1 6 slot1 = PA-2FE-TX f1/0 = SW2 6 x = -381.960372945 y = -33.0 z = 1.0 On Fri, Aug 3, 2012 at 4:59 PM, Mohammad Khalil eng_m...@hotmail.com wrote: Hi all , I know this is a Cisco forums but GNS3 is the simulation we mostly work on , I asked on GNS3 forums but did not find an answer I want to run multiple instances of GNS3 on the same server , is that doable? BR, Mohammad ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/ ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/ ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] GNS3 Multiple Instances
I have not tried this, but I would imagine you could run multiple hypervisors (dynamips) on the same server or computer. If you goal is to have different seperated lab topologies not interacting with each other, my best guess would be 'maybe' but you would have to make sure you had no UDP port overlap in the settings of each one. You might also have to run each instance as a different user on the server. - Original Message - From: Mohammad Khalil eng_m...@hotmail.com To: cisco-nsp@puck.nether.net Sent: Friday, August 3, 2012 2:59:17 PM Subject: [c-nsp] GNS3 Multiple Instances Hi all , I know this is a Cisco forums but GNS3 is the simulation we mostly work on , I asked on GNS3 forums but did not find an answer I want to run multiple instances of GNS3 on the same server , is that doable? BR, Mohammad ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/ ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] CT3 Timing issue
In most cases, a topology like this will have the ONS's synced to GPS time, or some accurate clock (or line clocking if your ONS connects to another provider, but GPS is typically preferred) and then I would DEFINITELY use line clocking on the PA-MC-T3, unless you have the capability through a clock card to connect the 7204 to the same timing source as the ONS uses (ie: GPS derived clock) Whenever possible, keep all devices in sync with a common clock - Original Message - From: Natambu Obleton noble...@fasttrackcomm.net To: cisco-nsp@puck.nether.net Sent: Tuesday, June 5, 2012 2:17:54 PM Subject: [c-nsp] CT3 Timing issue Hello, I have a customer with a 2xT1 MPPP link to my 7204. The T1 come in to the 7204 on different PA-MC-T3 cards. The PA-MC-T3 cards plug into my ONS 15454 SONET network. When I have timing set on the CPE to one of the T1s the other T1 gets slips and vice versa. Both of the PA-MC-T3 are set for internal timing. Shouldn't their timing be the same or should I have these setup for line timing? Thanks. -- Natambu Obleton, CISSP CCNA Senior Network Engineer FastTrack Communications, Inc. 970.828.1009 ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/ ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] CT3 Timing issue
Typically on TDM line cards, more notably on Cisco equipment, there seems to be a clock per interface (sometimes not per card). With carrier TDM equipment (sonet switches, etc) it's typically a clock per chassis. - Original Message - From: Natambu Obleton noble...@fasttrackcomm.net To: Walter Keen walter.k...@rainierconnect.net Cc: cisco-nsp@puck.nether.net Sent: Tuesday, June 5, 2012 3:41:57 PM Subject: RE: [c-nsp] CT3 Timing issue Yeah. We have external BITS clocks, and secondary timing from the local exchange carrier. I will try line timing after hours tonight. If I terminate the T1's the same PA-MC-T3 I don't have slips, so the PA-MC-T3 must have a clock on the card -- Natambu Obleton, CISSP CCNA Senior Network Engineer FastTrack Communications, Inc. 970.828.1009 -Original Message- From: Walter Keen [mailto:walter.k...@rainierconnect.net] Sent: Tuesday, June 05, 2012 3:59 PM To: Natambu Obleton Cc: cisco-nsp@puck.nether.net Subject: Re: [c-nsp] CT3 Timing issue In most cases, a topology like this will have the ONS's synced to GPS time, or some accurate clock (or line clocking if your ONS connects to another provider, but GPS is typically preferred) and then I would DEFINITELY use line clocking on the PA-MC-T3, unless you have the capability through a clock card to connect the 7204 to the same timing source as the ONS uses (ie: GPS derived clock) Whenever possible, keep all devices in sync with a common clock - Original Message - From: Natambu Obleton noble...@fasttrackcomm.net To: cisco-nsp@puck.nether.net Sent: Tuesday, June 5, 2012 2:17:54 PM Subject: [c-nsp] CT3 Timing issue Hello, I have a customer with a 2xT1 MPPP link to my 7204. The T1 come in to the 7204 on different PA-MC-T3 cards. The PA-MC-T3 cards plug into my ONS 15454 SONET network. When I have timing set on the CPE to one of the T1s the other T1 gets slips and vice versa. Both of the PA-MC-T3 are set for internal timing. Shouldn't their timing be the same or should I have these setup for line timing? Thanks. -- Natambu Obleton, CISSP CCNA Senior Network Engineer FastTrack Communications, Inc. 970.828.1009 ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/ ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] Adding a SUP720-3BXL standby SUP question
If budgets allow for it, a 6509 chassis can be had very cheaply through grey market resellers, and you'd end up with a spare. - Original Message - From: Lee Starnes lee.t.star...@gmail.com To: cisco-nsp@puck.nether.net Sent: Wednesday, April 4, 2012 1:14:27 PM Subject: [c-nsp] Adding a SUP720-3BXL standby SUP question Hi, I have a question about the 6509 and the SUP720-3BXL standby sup. If a chassis only has 1 SUP installed and you install a second one, will that disrupt the currently installed and working SUP? I ask this because we have our standby SUPs and I would like to install them, but I know they don't have the same version of IOS running. I don't want to blow away the config or cause the chassis to go down when installing these. Does anyone have any experience with this? Thanks, Lee ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/ ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
[c-nsp] SNMP monitoring routing table over time
Trying to work on an interesting project, where it would be nice to monitor the routing table of a collection of routers, store it, and look at it later, as a snapshot of what the routing table for a particular router looked at a particular time. All the information I'm wanting (route entry, nexthop, etc) is available via snmp on the ip-route mib I believe, and needs to stay fairly generic, or equipment-agnostic. Does anyone know of an existing project to do this before I start trying to make one? Walter Keen ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
[c-nsp] Problem with 7200 and 12.2(33)SRE upgrade
Hi, I have a router I'm trying to move to a SR train, or more specifically 12.2(33)SRE from 12.3(15a) but I have a reports from DSL users of being unable to get to most places after that upgrade, which we reverted. We've even setup a test router, and tried to duplicate it, with no luck so far. We do have one production router with that IOS (SRE) that works fine. About the only difference I can find is hardware (CPU/midplane) revisions and bootloader versions. I'm starting to wonder if anyone else on this list has encountered similar issues. All are NPE-G1, some with 512m ram, others with 1G ram C7200-1 uses NAT(I know), PPP, radius, tacacs, ospf, bgp. C7200-2 and -3 use the same without NAT. We've tried replicating the config of -1 onto -4 (the lab system) without being able to reproduce the issue. unfortunately these are all out of a support contract C7200-1 (with the issue): current IOS 12.3(15a) ROM: 12.3(4r)T3 SB-1 CPU at 700MHz, Implementation 1, Rev 0.2, 512KB L2 Cache 4 slot VXR midplane, Version 2.0 Bootloader: 12.3(9), RELEASE SOFTWARE (fc2) Exhibited packet loss to ATM sub-interfaces (DSL customers) when moving to 12.2(33)SRE C7200-2 (another with the issue): current IOS 12.4(25b) ROM: 12.3(4r)T3 SB-1 CPU at 700MHz, Implementation 1025, Rev 0.2, 512KB L2 Cache 4 slot VXR midplane, Version 2.6 Bootloader: 12.4(12), RELEASE SOFTWARE (fc1) Exhibited packet loss to ATM sub-interfaces (DSL customers) when moving to 12.2(33)SRE C7200-3 (working in production on SRE): current IOS 12.2(33)SRE ROM: 12.2(20030826:190624) [BLD-npeg1_rommon_r11 102], DEVELOPMENT SOFTWARE SB-1 CPU at 700MHz, Implementation 1025, Rev 0.2, 512KB L2 Cache 4 slot VXR midplane, Version 2.11 Bootloader: 12.4(12), RELEASE SOFTWARE (fc1) C7200-4 (lab system, trying to replicate problem -- working on SRE): current IOS 12.2(33)SRE ROM: 12.3(4r)T1 fc1 SB-1 CPU at 700MHz, Implementation 1025, Rev 0.2, 512KB L2 Cache 4 slot VXR midplane, Version 2.6 Bootloader: none listed in 'sh ver' output -- Walter Keen Network Engineer Rainier Connect (cell) 253-302-0194 (desk) 360-832-4024 ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] best way to terminate channelized oc-3?
If memory serves correctly, an Adran OPTI may be a good choice, if you're looking to split a OC-3 out into DS-3's or some smaller tdm denomination. You'd then have to plug those DS3's into a relevant module for your router. I'm not sure if these have a CLI that is rancid-friendly if that happens to be a concern. -- Walter Keen Network Engineer Rainier Connect Office: 360-832-4024 Cell: 253-302-0194 On 10/18/2011 01:38 PM, randal k wrote: Hive Mind, We're terminating an army of T1s in various locations on multiple DS3s, and are looking at consolidating a couple key points into OC3s. However, it seems like there is no channelized PA for 7206s, which are our preferred platform for this kind of thing. It also seems that there isn't a suitable NM for th 38xx or 39xx, either. Recommendations on a way to terminate these Ts? Thinking Adtran OPTI-3, but we're an all Cisco shop with very little Adtran experience. If I missed something, please let me know - all input is appreciated. Thanks! Randal ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/ ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] zx sfp with DOM
It's on a 6724-SFP... Thanks On 10/14/2011 12:25 AM, Phil Mayers wrote: On 10/14/2011 12:43 AM, Walter Keen wrote: Anyone have recommendations for 3rd party DOM ZX singlemode sfp for 7600 series routers running 12.2(33)SRE* code? Have a non-DOM optic and have issues with that link, looking for reporting that a DOM optic would give such as light levels, etc. Which linecards? Are you certain they do DOM? At least on the 6500 (which is closely related to 7600) LAN cards, DOM is absent - for example on 6748-SFP. No convincing explanation has ever been given AFAIK; it just doesn't do it, with ANY transceiver. ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/ ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
[c-nsp] zx sfp with DOM
Anyone have recommendations for 3rd party DOM ZX singlemode sfp for 7600 series routers running 12.2(33)SRE* code? Have a non-DOM optic and have issues with that link, looking for reporting that a DOM optic would give such as light levels, etc. Found this, but wanted to know if anyone had experience (good/bad) with any brand. http://www.cdw.com/shop/products/Proline-Cisco-SFP-GE-Z-Compatible-1000Base-ZX-SMF-w-DOM-SFP-module/2227733.aspx?cm_mmc=ShoppingFeeds-_-GoogleBase-_-NetComm%20Products-_-2227733_Proline%20Cisco%20SFP-GE-Z%20Compatible%201000Base-ZX%20SMF%20w/DOM%20SFP_PC5-SFP-GE-Z-CDW ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] Cisco 7206 overloading every four hours
What are the npe/mem specs of this box, and how many bgp peers are you getting partial or full routes from? Walter Keen Network Engineer Rainier Connect (P) 360-832-4024 (C) 253-302-0194 On 09/19/2011 11:40 AM, Joseph Mays wrote: Recently started receiving a full BGP table on a cisco 7206. Since doing that, the router will run fine for a few yours, and then periodically the CPU load goes over the top. Is there some periodic process running to do some route aggregation or something that causes this? ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/ ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] Inter router BGP network tuning pointer?
You can buy Cisco Press eBooks from http://www.ciscopress.com/bookstore/index.asp, in PDF format I think, or there's always the Kindle versions, for some of them, if you have a kindle. It appears that the eBook format is not available for all books however the one you list below is available from the link above. On 08/23/2011 01:36 PM, Scott Granados wrote: Are the Cisco books (I believe this is a Cisco press book if memory serves) available in electronic form or different formats for we who can't use standard print? -Original Message- From: Vitkovsky, Adam Sent: Tuesday, August 23, 2011 5:22 AM To: Scott Granados ; cisco-nsp@puck.nether.net Subject: RE: [c-nsp] Inter router BGP network tuning pointer? Hi Scott, Looks like you are looking for this one: BGP Design and Implementation Randy Zhang, CCIE No. 5659 Micah Bartell, CCIE No. 5069 Specifically: Chapter 3 Tuning BGP Performance adam -Original Message- From: cisco-nsp-boun...@puck.nether.net [mailto:cisco-nsp-boun...@puck.nether.net] On Behalf Of Scott Granados Sent: Monday, August 22, 2011 5:30 PM To: cisco-nsp@puck.nether.net Subject: [c-nsp] Inter router BGP network tuning pointer? Hi, The topic of tuning the network for BGP route exchange has been on the list lately and I've been doing some googling but not finding anything that really seems to fit what was discussed here. Does anyone have any pointers (either 7200 NPE-G1 specificor non router specific) that they can suggest? I have found some documentation on the cisco site suggesting increasing the hold queues to 1500 but not much else. I'm especially interested in things like TCP-MSS and the like. Does anyone have a good document that could set me on the right path? Thank you Scott ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/ ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/ ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] Cable modems that support ipsec
You might want to look at putting the relevant modems in a vrf, if that design model works for you. Walter Keen Network Engineer Rainier Connect (P) 360-832-4024 (C) 253-302-0194 On 07/27/2011 03:15 PM, Jason Ellison wrote: All, Does anyone know of any cable modems that support IPSEC (not passthru). I'm trying to build a secure network over a private HFC cable network. But we went really low end on the CMTS DOCSIS 1.1... While I could just use cheap modems with a IPSEC device behind it, I would like to reduce the complexity and number of devices at each location. Thanks for any suggestions. Jason Ellison info...@gmail.com ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/ ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] improving last-mile VDSL2 circuit between two Cisco routers
Because you are essential increasing the gauge of wire, and therefore decreasing the resistance, you *should* have less loss. Telco's have used this in the past to extend DSL beyond the distance limitations before, (although not common, each pair in the ground is not a cheap commodity) If they're in the same cable, or cable group, it's worth a try. If they take different physical paths it may still work, but the capacitance of the overall link will have some odd effects. In theory, it should work, and raise your SNR, (and therefore some more potential speed, if it becomes good enough) -Original Message- From: cisco-nsp-boun...@puck.nether.net on behalf of Martin T Sent: Thu 6/16/2011 3:43 PM To: cisco-nsp@puck.nether.net Subject: [c-nsp] improving last-mile VDSL2 circuit between two Cisco routers I have connected two Cisco 1841 routers over poor quality POTS cabling using the Ethernet over VDSL2(profile 17a) converters. SNR is rather low and distance is long. Currently I have two POTS wires in use, but I could use another pair as well if this would help. I was wondering maybe it would help somehow if I use two pairs instead of one pair like illustrated here: http://img98.imageshack.us/img98/4020/vdsl2w.png I would for example solder the additional wires to main ones just before the RJ14 connecto. I know the VDSL2 converters link this way, but would it give some additional improvement? If yes, then why? regards, martin ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/ ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] Cacti graph on same interface
It's been my experience that if you exceed the rate of a 32-bit counter, it rolls over, usually resulting in what appears to be a sharp decline on the graph, but on a 64-bit counter based graph it looks correct. On Wed, 2011-06-08 at 12:04 +0100, Phil Mayers wrote: On 06/08/2011 11:35 AM, Nick Hilliard wrote: On 08/06/2011 10:15, Phil Mayers wrote: The first will never read 100mbit/sec. The second will read correctly, so if you're doing 100mbit/sec they'll look different. about 112mbit/sec. So if you see graphs pegged at ~112mbit/sec, you know you're running into a 32-bit counter limitation. snmpv1+32 bit counters are pretty useless these days. I wish Cacti would print up a large warning when people attempted to use these oids because they cause lots of breakage. Indeed. Frankly, it's damn annoying Cacti doesn't just figure it out, at least for standard counters where the 64-bit alternatives are well known. But that's really the least of it's warts! ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/ -- Walter Keen Network Engineer Rainier Connect Office: 360-832-4024 Cell: 253-302-0194 ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] IS-IS on L3 vlan interfaces
That makes sense. The links between these 3 routers are through a ethernet switched lan provider, who provides us a vlan on their network (with pretty large mtu sizes), and after sniffing traffic at the various locations, I decided to just create vlans in order to have a mesh of point to point circuits. Works great. On Tue, 2011-05-31 at 16:25 +0200, Vitkovsky, Adam wrote: That makes sense as ISIS p2p adjacency is initialized by rx of a ISHs through the ES-IS protocol followed by the exchange of the IIH I was trying to figure out the mac layer mechanism difference between the p2p and lan and your post helped me to fill in the gaps Thanks a bunch Olga adam -Original Message- From: cisco-nsp-boun...@puck.nether.net [mailto:cisco-nsp-boun...@puck.nether.net] On Behalf Of Olga Sent: Tuesday, May 31, 2011 3:03 PM To: cisco-nsp Subject: Re: [c-nsp] IS-IS on L3 vlan interfaces One time we had the same issue -first wth p2p command configured (removed this command and adjacency came up), and second -we added p2p command to broadcast link and adjacency came up. Both times the problem was with juniper filtering -we used transit provider. the point is that MAC addreses for Serial and LAN hello are different The MAC-level broadcast addresses are: 01-80-C2-00-00-15 for Level 2 adjacencies (AllL2ISs) 01-80-C2-00-00-14 for Level 1 adjacencies (AllL1ISs) The MAC-level point-to-point addresses are: 09-00-2B-00-00-04 (AllEndSystems) 09-00-2B-00-00-05 (AllIntermediateSystems) ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/ ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/ -- Walter Keen Network Engineer Rainier Connect Office: 360-832-4024 Cell: 253-302-0194 ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] IS-IS on L3 vlan interfaces
NET addresses for all of these are net 49.0001...0081.00 replace .0081. with 0081 - cent-core 0083 - sea-core 0083 - of-core I'm sure it's something simple I'm overlooking. If I set isis network point-to-point on two of these 3, then I instantly get a L1L2 adjacency on those two. I want a L1L2 adjancency on all 3 (preferably without creating point to point vlans) sea-core-1#sh run int vlan700 Building configuration... Current configuration : 218 bytes ! interface Vlan700 description MPLS-Qmoe mtu 1900 ip address xx.yy.203.209 255.255.255.248 ip router isis mpls ip mpls label protocol ldp mpls traffic-eng tunnels mpls bgp forwarding isis password test end sea-core-1# cent-core-1#sh run int vlan700 Building configuration... Current configuration : 195 bytes ! interface Vlan700 mtu 1900 ip address xx.yy.203.211 255.255.255.248 ip router isis mpls ip mpls label protocol ldp mpls traffic-eng tunnels mpls bgp forwarding isis password test end of-core-1#sh run int vlan700 Building configuration... Current configuration : 218 bytes ! interface Vlan700 description MPLS-Qmoe mtu 1900 ip address xx.yy.203.210 255.255.255.248 ip router isis mpls traffic-eng tunnels mpls bgp forwarding mpls label protocol ldp mpls ip isis password test end of-core-1# of-core-1#sh ip protocols | b isis Routing Protocol is isis Outgoing update filter list for all interfaces is not set Incoming update filter list for all interfaces is not set Redistributing: isis Address Summarization: None Maximum path: 4 Routing for Networks: Vlan700 Passive Interface(s): Loopback99 Routing Information Sources: Gateway Distance Last Update Distance: (default is 115) of-core-1# of-core-1#sh clns nei Tag null: System Id Interface SNPAState Holdtime Type Protocol of-core-1#sh isis nei Tag null: System Id Type Interface IP Address State Holdtime Circuit Id of-core-1# cent-core-1#sh ip protocols | b isis Routing Protocol is isis Outgoing update filter list for all interfaces is not set Incoming update filter list for all interfaces is not set Redistributing: isis Address Summarization: None Maximum path: 4 Routing for Networks: Vlan700 Routing Information Sources: Gateway Distance Last Update Distance: (default is 115) cent-core-1#sh clns nei Tag null: System Id Interface SNPAState Holdtime Type Protocol ..0083 Vl700 0023.3368.ea80 Init 28L2 IS-IS cent-core-1#sh isis nei Tag null: System Id Type Interface IP Address State Holdtime Circuit Id ..0083 L2 Vl700 74.50.203.209 INIT 24 ..0083.01 cent-core-1# sea-core-1#sh ip protocols | b isis Routing Protocol is isis Outgoing update filter list for all interfaces is not set Incoming update filter list for all interfaces is not set Redistributing: isis Address Summarization: None Maximum path: 4 Routing for Networks: Vlan700 Passive Interface(s): Loopback99 Routing Information Sources: Gateway Distance Last Update Distance: (default is 115) sea-core-1#sh clns nei Tag null: System Id Interface SNPAState Holdtime Type Protocol sea-core-1#sh isis nei Tag null: System Id Type Interface IP Address State Holdtime Circuit Id sea-core-1# -Original Message- From: Mark Tinka [mailto:mti...@globaltransit.net] Sent: Sat 5/28/2011 3:53 AM To: cisco-nsp@puck.nether.net Cc: Walter Keen Subject: Re: [c-nsp] IS-IS on L3 vlan interfaces On Saturday, May 28, 2011 08:38:48 AM Walter Keen wrote: Does anyone have experience with this sort of issue? I get as far as, with debug isis adj, I can see router A send packets, and B/C (all in the same ethernet segment/broadcast domain) receive it and transmit packets, presumabely in response, but A 's debug never indicates receiving an isis packet. isis and clns neighbor state on B and C get stuck in INIT Do you have some configurations you can share of the three devices? Cheers, Mark. ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
[c-nsp] Fw: IS-IS on L3 vlan interfaces
Forgot to cc the list, sorry Connected by DROID on Verizon Wireless -Original message- From: Walter Keen walter.k...@rainierconnect.net To: mti...@globaltransit.net Sent: Sun, May 29, 2011 18:29:12 GMT+00:00 Subject: Re: [c-nsp] IS-IS on L3 vlan interfaces ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
[c-nsp] IS-IS on L3 vlan interfaces
I'm having some trouble getting (integraded) IS-IS to form an adjacency over a L3 vlan that has 3 routers in it. It's on a Cisco 7600 series with 12.2(33)SRE code, however if I configure the vlan interface with the network type point-to-point, it comes up as expected. Since they all have dot1q trunks to a metro ethernet provider, I could certainly make vlans to form point to point connections to all of them, but I don't really want to unless I have to. Does anyone have experience with this sort of issue? I get as far as, with debug isis adj, I can see router A send packets, and B/C (all in the same ethernet segment/broadcast domain) receive it and transmit packets, presumabely in response, but A 's debug never indicates receiving an isis packet. isis and clns neighbor state on B and C get stuck in INIT ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] Multihoming
Not many options for you I'm afraid. Some people filter out routes smaller than a /24. Even if you had a /24 from ISP1, you would then have to get their permission to have ISP2 advertise it. Most aren't willing to do this. Is a micro (/24) allocation from ARIN (if in the US) a possibility? If so, you could then run BGP to multiple providers and make this a very simple configuration. If not, you'll likely have to rely on application-layer redundancy. You can prioritize MX records if you are hosting your mail on-site through ISP1's ip addressing (what you stated seemed a bit unclear), and you could probably do some round-robin DNS entries for web hosting, but it won't be perfect. On 09/15/2010 02:00 AM, Rocker Feller wrote: Hi, I am pretty new to this concept and would appreciate any guidance on how as a customer I can achieve redundacy with autofailover between 2 ISPs. Can I achieve this when I have a /29 from ISP1 and do not have my own PI ips? All my services dns, email, wan are hosted by the ISP1. Any assistance on this will be appreciated. Rocker ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/ ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] cisco simulators
GNS/Dynamips works great, until you get to switching, where options are limited (to the 16-ESW card provided you have an IOS capable of using it) On 09/03/2010 03:47 PM, snort bsd wrote: Hi, all: What is the best simulator for ccie lab? thanks ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/ ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
[c-nsp] Radius and choosing ip-local pool on 7600, PPP termination
): cursor init: 1CA28A6C 1C9C32C8 none none *Sep 2 20:15:47.823: AAA/ATTR(): find next matching service=none, protocol=none *Sep 2 20:15:47.823: AAA/ATTR(): not found *Sep 2 20:15:47.823: AAA/ATTR(): cursor init: 1CA28A6C 1C9C32C8 none none *Sep 2 20:15:47.823: AAA/ATTR(): find next matching service=none, protocol=none *Sep 2 20:15:47.823: AAA/ATTR(): not found *Sep 2 20:15:47.823: AAA/ATTR(): cursor init: 1CA28A6C 1C9C30AC none none *Sep 2 20:15:47.823: AAA/ATTR(): find next matching service=none, protocol=none *Sep 2 20:15:47.823: AAA/ATTR(): authen-status ok *Sep 2 20:15:47.823: AAA/ATTR(): cursor init: 19B2A958 1C9C3184 none none *Sep 2 20:15:47.823: AAA/ATTR(): find: 1C9C3198 0 0002 authen-status(17) 4 unauthen *Sep 2 20:15:47.823: AAA/ATTR(): delete attr: 1C9C3184 0 0 *Sep 2 20:15:47.823: AAA/ATTR(): del attr: 1C9C3198 0 0002 authen-status(17) 4 unauthen *Sep 2 20:15:47.823: AAA/ATTR(): add attr: 1C9C31B8 0 0002 authen-status(17) 4 authen *Sep 2 20:15:47.823: AAA/ATTR(): find next matching service=none, protocol=none *Sep 2 20:15:47.823: AAA/ATTR(): username ok *Sep 2 20:15:47.823: AAA/ATTR(): cursor init: 19B2A958 1C9C3184 none none *Sep 2 20:15:47.823: AAA/ATTR(): find: username(422): not found *Sep 2 20:15:47.823: AAA/ATTR(): add attr: 1C9C31C8 0 000A username(422) 12 provisioning *Sep 2 20:15:47.827: AAA/ATTR(): find next matching service=none, protocol=none *Sep 2 20:15:47.827: AAA/ATTR(): not found *Sep 2 20:15:47.827: AAA/ATTR(): free all lists: 0x1C9C32C8 *Sep 2 20:15:47.827: AAA/ATTR(): free all lists: 0x1C9C30AC *Sep 2 20:15:47.827: AAA/ATTR(): del attr: 1C9C30C0 0 0002 authen-status(17) 4 authen *Sep 2 20:15:47.827: AAA/ATTR(): del attr: 1C9C30D0 0 000A username(422) 12 provisioning *Sep 2 20:15:47.827: AAA/BIND(1403): Bind i/f Virtual-Access2.1 *Sep 2 20:15:47.827: AAA/ATTR(): new list: 0x1C9C30AC *Sep 2 20:15:47.827: AAA/ATTR(): add attr: 1C9C30C0 0 0009 username(422) 12 provisioning *Sep 2 20:15:47.827: AAA/ATTR(): add attr: 1C9C30D0 0 0001 Framed-Protocol(110) 4 PPP *Sep 2 20:15:47.827: AAA/ATTR(1403): cursor init: 1BF64980 1C9C30AC none none *Sep 2 20:15:47.827: AAA/ATTR(1403): find next matching service=none, protocol=none *Sep 2 20:15:47.827: AAA/ATTR(1403): username ok *Sep 2 20:15:47.827: AAA/ATTR(1403): find next matching service=none, protocol=none *Sep 2 20:15:47.827: AAA/ATTR(1403): Framed-Protocol ok *Sep 2 20:15:47.827: AAA/ATTR(): add attr: 1C9C38D4 0 0001 Framed-Protocol(110) 4 PPP *Sep 2 20:15:47.827: AAA/ATTR(1403): find next matching service=none, protocol=none *Sep 2 20:15:47.827: AAA/ATTR(1403): not found *Sep 2 20:15:47.827: AAA/ATTR(1403): copy lists *Sep 2 20:15:47.827: AAA/ATTR(1403): new list: 0x1C9C32C8 old list: 1C9C38B0 *Sep 2 20:15:47.827: AAA/ATTR(1403): cursor init: 1BF64960 1C9C32C8 none none -- Walter Keen Network Technician RAINIER CONNECT P 360.832.4024 F 360.832.4713 C 253.302.0194 ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] OpenSource Cisco Monitoring Tool
We use opennms and love it's trap handling capabilities. On 08/03/2010 09:55 PM, Jimmy Stewpot wrote: Check out zenoss http://www.zenoss.com/ - Original Message - From: arar_...@yahoo.com To: cisco-nsp@puck.nether.net Sent: Wednesday, 4 August, 2010 1:01:05 PM Subject: [c-nsp] OpenSource Cisco Monitoring Tool Hi. Aside from Nagios, any other opensource monitoring tool you are using that greatly works for cisco especially 7600 series? thanks ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/ ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/ ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] Forwarding bandwidth vs. Switching bandwidth
Yes, like a 2GB circuit, in reality is 1Gb bidirectional. That funny marketing math. if (marketing=true) then (throughput=unidirectional-rate*2) On 08/04/2010 01:39 PM, Asbjorn Hojmark - Lists wrote: It's really quite simple: 48x1G downlinks + 2x10G uplinks + 2x10G stacking = 88G non-blocking 88G x marketing = 176G -A ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/ ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] 10GBase-LX4 and OM2 fibre -- MCP?
Based on the following, you might have too much light. From : http://www.cisco.com/en/US/prod/collateral/modules/ps5455/product_bulletin_c25-530836.html Notes for LX4: 1. In some cases, customers might experience that a link would be operating properly over OM2 fiber type without MCP. 2. Some customers may be tempted to connect 10GBASE-LX4 devices over MMF jumper cables without MCP cables. This includes the case of links over OM3 cable for which the MCP should not be used. There is a risk to overload and saturate the adjacent receiver causing high bit error rate, link flaps and eventually irreversible damage. In such cases, a 5-dB attenuator for 1300nm should be used and plugged at the transmitter of the optical module on each side of the link. 3. Another alternative for short reaches within the same location is to use a single-mode patch cable. There will be no saturation over single-mode fiber. Please note the 10GBASE-LX4 devices can reach up to 10km over single-mode fiber as per compliance to IEEE. On 08/04/2010 02:11 PM, Cisco NSP wrote: Thanks for all the responses. Unfortunately there is no single-mode fiber between the buildings. I'm much more familiar with 10GBase-SR and 10GBase-LR and I would have liked to use it instead. But we have to work with the current cabling. I've checked the orientation of the TX/RX both ways and both didn't work. I can try to clean the faces again, but the 1.9dB attenuation seems a good indication to me that the fibre itself is ok. Mack, I'm not aware that the X2-LX4 interface was not supported on the 6500. Do you have an url confirming this? FWIW, the optic is placed in a VS-S720-10G-3C supervisor (port Te5/4). Regards, Dirk-Jan van Helmond On Wed, Aug 4, 2010 at 6:40 PM, Justin M. Streiner strei...@cluebyfour.orgwrote: On Wed, 4 Aug 2010, Cisco NSP wrote: Hi all, I'm not very fibre-savvy, so if anybody could help me, I'd very much appreciate it! I have two Cisco 6500s about 250 meters apart in two separate buildings. Between those two buildings I have OM2 grade fibre. and both Cisco have an 10GBase-LX4 X2 interface. From what I recall, the recommended maximum distance on 10GBASE-LX4 on OM3 fiber is 300 meters. When I measure the fibre end-to-end it has about 1,9dB attenuation in the 1300nm spectrum but when I connect the fibre to the interface, I don't get link-up. That is well within the published link budget for the LX4 spec. Are you sure that 1. both X2 modules are functional and 2. all of your jumpers and connectors are in good shape (clean end faces, no kinks/micro-bends), etc? A little troubleshooting pointed me to mode conditioning patches (a piece of SM and MM welded together) but I find it very hard to believe that this patch will solve my problem. A mode-conditioning patch can extend the distance and reduce the dispersion penalty you pay on multimode fiber by admitting only one mode of light into the fiber from the transmit side of the optics at each end. Do you have any singlemode fiber between the buildings, or do you just have OM2 grade multimode? jms Before I invest 800$ for 2 patch-fibers, Is this the way I should go, or am I overlooking anything? Thanks in advance, Dirk-Jan van Helmond ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/ ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/ ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/ ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] Logging Server
Logging as in Syslog (ksyslogd), netflow (nfsen), or authentication/authorization for configuration (tacacs+ from shrubbery.net) If anyone has suggestions other than the above, especially for netflow, I'd love to hear them. -Original Message- From: cisco-nsp-boun...@puck.nether.net on behalf of Mohammad Khalil Sent: Tue 7/13/2010 6:55 AM To: cisco-nsp@puck.nether.net Subject: [c-nsp] Logging Server Dears what is the best free logging server to implement ? _ Hotmail: Trusted email with powerful SPAM protection. https://signup.live.com/signup.aspx?id=60969 ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/ ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
[c-nsp] PPPoE termination on ES+20/12.2(33)SRE1
I'm trying to terminate 802.1q tagged PPPoE sessions on a 7600 with a ES+20G card. PPPoE works fine, but large packets (ie: 1500 bytes) fail. All MTU's are 9216 throughout the path until it hits the ES+20 card. I did some initial work with this as a test on a 7200, hit the same problem, and the resolution was the use of ip tcp adjust-mss, however that does not seem to be working here. I've tried it under gi2/1 as well, with no luck. Doesn't seem to be an option under 'bba-group' for it Of course adjusting the mtu on the client pc to something small, like 1400 resolves it, but I'm looking at a mass migration of dsl customers, so that's not a feasible solution. Has anyone run into this, before I open a tac case on it? bba-group pppoe TEST-BBA virtual-template 1 vendor-tag circuit-id service vendor-tag remote-id service vendor-tag dsl-sync-rate service mac-address autoselect sessions auto cleanup ! interface GigabitEthernet2/1 mtu 9216 no ip address speed 1000 ! interface GigabitEthernet2/1.460 access description Tnwx-E5111-001 encapsulation dot1Q 460 ip tcp adjust-mss 1400 pppoe enable group TEST-BBA ip subscriber l2-connected initiator unclassified mac-address ! ! interface Virtual-Template1 ip unnumbered Loopback0 no ip proxy-arp peer default ip address pool BRAS-DSL ppp authentication chap ! ! interface Loopback0 ip address xx.xx.xx.1 255.255.255.0 ! --- -- Walter Keen ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] Nagios config frontends
I started looking into this, as I'm in a similar situation as Eric, and found that newer versions of OpenNMS does 99% of what I'm doing with Nagios and Cacti now, so I'm in a slow migration to that. Might be worth checking out the 1.7.x releases, a lot of new features have been added. I'll have to recreate some custom check scripts, but I'm seeing a huge performance increase so I think it's worth it. On 04/13/2010 02:32 PM, Jeremy Parr wrote: On 13 April 2010 16:58, Eric Cablesecab...@gmail.com wrote: Sorry if this is a bit OT, but I was wondering what configuration frontend people have settled on for Nagios. I have been running Nagios for years now just with a flat configuration file, but I'd like to extend the configuration tasks to others besides myself, and a web based GUI frontend seems like the best way to do that. Lilac (previously Fruity) seems like a pretty solid choice, and I've also heard good things about Monarch. Any suggestions, or confirmations of the above, would be appreciated. I'm happy with Lilac here. ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/ ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] Question - VLAN tagging Catalyst 6500 to Linux Host
Bonded interfaces aside (I haven't done it with bonded interfaces, so I'm not sure) You'll want to use the vconfig command in linux to create your vlan sub-interfaces. Different distributions package it under different names. I think it's vlan under debian. Basic syntax will be something like vconfig add device vlan Then you can use that interface as device.vlan-id (ie: eth0.4002, is eth0, vlan 4002) $ vconfig Expecting argc to be 3-5, inclusive. Was: 1 Usage: add [interface-name] [vlan_id] rem [vlan-name] set_flag[interface-name] [flag-num] [0 | 1] set_egress_map [vlan-name] [skb_priority] [vlan_qos] set_ingress_map [vlan-name] [skb_priority] [vlan_qos] set_name_type [name-type] * The [interface-name] is the name of the ethernet card that hosts the VLAN you are talking about. * The vlan_id is the identifier (0-4095) of the VLAN you are operating on. * skb_priority is the priority in the socket buffer (sk_buff). * vlan_qos is the 3 bit priority in the VLAN header * name-type: VLAN_PLUS_VID (vlan0005), VLAN_PLUS_VID_NO_PAD (vlan5), DEV_PLUS_VID (eth0.0005), DEV_PLUS_VID_NO_PAD (eth0.5) * bind-type: PER_DEVICE # Allows vlan 5 on eth0 and eth1 to be unique. PER_KERNEL # Forces vlan 5 to be unique across all devices. * FLAGS: 1 REORDER_HDR When this is set, the VLAN device will move the ethernet header around to make it look exactly like a real ethernet device. This may help programs such as DHCPd which read the raw ethernet packet and make assumptions about the location of bytes. If you don't need it, don't turn it on, because there will be at least a small performance degradation. Default is OFF. On 04/05/2010 09:10 AM, Security Team wrote: I haven't ever tried to make this work before so this is a new application. I want to use VLAN tagging so that I can create VLANs with numbers like 999, 1000, 1001 and send those VLANs (in different non-overlapping subnets) all to a Linux machine over a bonded LACP link. Here's a config snippet I am constructing, do any of you gurus see any problems with this general approach? I create 3 GigE interfaces wrapped into a single bonded interface Port-channel32--LACP group id 32 (I'll call it bond0 on the Linux host). My VLAN tagged subnets will be VLAN 999192.168.101.0/24 VLAN 1000 192.168.102.0/24 VLAN 1001 192.168.103.0/24 And the Linux Host will be at 10.1.1.2/24 in VLAN 309 Thanks for anyt criticism of my approach, tagged VLANs are new to me I've always just done routed L3 ones. I know that the LACP bonding works to the Linux bond0 interface, I think the weak part here is the VLAN tagging I am using in the Catalyst. Regards, CJ interface Vlan309 description Linux Host ip address 10.1.1.1 255.255.255.0 ! interface Port-channel32 desc LACP bonded 3 GigE interfaces switchport switchport access vlan 309 switchport trunk encapsulation dot1q switchport trunk allowed vlan 309,999,1000,1001 ! interface GigabitEthernet4/30 description GigE 1 load-interval 30 speed 1000 duplex full switchport switchport access vlan 309 switchport trunk allowed vlan 309,999,1000,1001 channel-group 32 mode active channel-protocol lacp ! interface GigabitEthernet4/32 description GigE 2 load-interval 30 speed 1000 duplex full switchport switchport access vlan 309 switchport trunk allowed vlan 309,999,1000,1001 channel-group 32 mode active channel-protocol lacp ! interface GigabitEthernet5/32 description GigE 3 load-interval 30 speed 1000 duplex full switchport switchport access vlan 309 switchport trunk allowed vlan 309,999,1000,1001 channel-group 32 mode active channel-protocol lacp ! interface Vlan999 description tagged vlan ip address 192.168.101.1 255.255.255.0 ! interface Vlan1000 description tagged vlan ip address 192.168.102.1 255.255.255.0 ! interface Vlan1001 description tagged vlan ip address 192.168.103.1 255.255.255.0 ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/ ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
[c-nsp] 7600 redistribution on 12.2SRD
I'm running into some issues where the 7600's I have in place don't want to redistribute connected subnets into ospf, only seems to happen on the SUP720-3b image, and have the issue with 12.2(33)SRD(2a|3) Anyone else run into this issue?, So far, TAC can't reproduce it. I'm considering going back to something within SRC as I'm not sure about trying SRE yet. ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] 7606 RSP720
We had a similar situation with rsp720's and sup720's, and under each l3 vlan interface, had to add 'mls qos bridged' for the rate-limiting to work as expected, as well as the other mls commands you have configured on the trunk port in your example below On 03/03/2010 01:43 PM, Sharlon Carty wrote: Hello, I have a police-map applied to a vlan interface set to 10mbit. Works fine, as long as traffic is routed on the CEF720 48 port module. But the moment traffic is routed on the RSP720, traffic is above the 10mbit. Is there something on the RSP720 that needs to enabled? Here is my config: policy-map 10Mbs class class-default police 1000 1875000 375 conform-action transmit exceed-action drop violate-action drop interface Vlan123 bandwidth 1 ip address x.x.x.x x.x.x.x load-interval 30 service-policy input 10Mbs service-policy output 10Mbs interface GigabitEthernet1/0/0 switchport switchport trunk allowed vlan 123 switchport mode trunk mls qos vlan-based mls qos trust dscp Trunk port is on a SIP-600. ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/ ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] Currently recommended Stable IOS for 760x?
SRD2a and SRD3 on the sup720-3b has a bug where you can't check ospf neighbor relationships via snmp, if that's a consideration. -Original Message- From: cisco-nsp-boun...@puck.nether.net on behalf of Mikael Abrahamsson Sent: Wed 3/3/2010 10:53 PM To: Lasher, Donn Cc: cisco-nsp@puck.nether.net Subject: Re: [c-nsp] Currently recommended Stable IOS for 760x? On Wed, 3 Mar 2010, Lasher, Donn wrote: What's the currently recommended stable IOS for the 7600 (sup720-3bxl) with Service Provider (IP/MPLS/QoS/etc) intent? I see a reply from Rodney back in April'09 recommended SRB, but I'm curious what it is today.. SRD4 looks very promising, don't know if anyone has experience with it? SRB5 has a bug with default-route over BGP and intermittent arp related problems, so I wouldn't recommend it. -- Mikael Abrahamssonemail: swm...@swm.pp.se ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/ ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] Self rebooting pix?
We had a similar problem with a PIX-525 (or was it the 520) with 6.3, We assumed it was hardware issues and replaced it, but if you have a computer you can stick on the console port, and have it's terminal program log everything to a file, it may provide more information. Scott Granados wrote: Hi All, I'm having a strange problem and not much diagnostic output so maybe I can get some pointers as to what to look at next. I have a Pix 501 with a non restrictive license that I'm using as a general firewall and nat device. There's a 10 megabit ethernet connection handing a statically routed Internet feed on the WAN side and a 100 megabit fast E which connects to a core switch. We nat probably about 50 - 100 users at a time and the throughput over the public pathway is less than 8 megabits for the most part and generally stays around 3 - 5. The output of show cpu usage shows a usage of between 10 and 20 percent with lows of 4% and highs around 25. Randomly through out the day the connection / device will hang, the switch it's attached to shows the ethernet port go down and come back up a few times then packets start to flow again. After the most recent event I did a show ver on the Pix and saw that the uptime was less than 2 minutes. After each drop this counter returns to 0 which tells me the Pix is rebooting for some reason. Show log doesn't yield anything interesting and the syslog server that captures the log output doesn't have any messages around the time of the outages either. Total traffic disruption lasts for approximately 30 seconds. The time of day is random and it does not seem to increase in frequency with bursts in traffic. I've obviously checked and insure that the power cables are firmly attached and the network cables are securely attached as well. What other things should I try? Are there any other show commands that might yield some more clues? Has anyone else experienced this. The software rev is 6.3. Thanks Scott ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/ -- Walter Keen Network Technician Rainier Connect (o) 360-832-4024 (c) 253-302-0194 ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
[c-nsp] Cisco 7600 BGP route-map processing
I was curious if route-map processing in BGP neighbor statements is done in software or hardware on the 7600/rsp7203cxl and 7600/sup7203b. Mostly looking at route-maps to define blocks to advertise, and set communities, as well as perform actions based on communities (control level of prepending to certain upstream peers(prepend 3x to provider A, but 1x to provider C), or the exit point to upstream peers based on the set communities(likely by setting next-hop ip for egress traffic)) and wondering if this will have a significant impact on the CPU. Total bgp routes are probably 50, and bandwidth through any one link is typically 100mbit (each router has 3 links) -- Walter Keen Network Technician Rainier Connect ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
[c-nsp] customizing snmp-traps (interface description as well as physical name)
Is customizing snmp-traps possible through rmon or some other means so that the delivered message not only has the physical name (gi0/1, etc) but also the description of that port as named in the interface config? Dealing mostly with 2960's and 7600's, and trying to figure out if this is possible. Even if I have to specify an rmon entry per physical interface, I'm dealing with small enough numbers that would work. Something like 'int-name int-descr is down/up' or similar would be ideal. Going to want to have this for link up/down initially, and then also setup some traps for taking on interface errors, etc. -- Walter Keen Network Technician Rainier Connect ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
[c-nsp] SNMP check of ospf neighbors in SRD2a?
It looks like we lost the ability to check OSPF neighbors via snmp in SRD? See below Host xx.xx.222.194 is running 12.2(33r)SRC3 Host xx.xx.208.1 was just upgraded to 12.2(33)SRD2a (and both checks below really are checking neighbors that ARE in a full state, verified from the CLI) r...@tnwx-mntr-1:/usr/lib/nagios/plugins# ./check_ospf.0.1.pl -H xx.xx.222.194 -C cacti -p xx.xx.205.3 OK - xx.xx.205.3 (Router ID 74.50.207.81) state is full(8) r...@tnwx-mntr-1:/usr/lib/nagios/plugins# ./check_ospf.0.1.pl -H xx.xx.208.1 -C cacti -p xx.xx.221.98 CRITICAL - xx.xx.221.98 is not in neighbor table. r...@tnwx-mntr-1:/usr/lib/nagios/plugins# I've asked the TAC about this, does anyone here know if this is a known issue with SRD2a? (Hardware is a 7600 with a SUP720-3b) Worst case I'll schedule another day to downgrade to SRC3, but curious if anyone here knows about this. ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
[c-nsp] CompactFlash card compatibility
Wondering if anyone has any insight on CF card compatibility on sup720-3b's. Getting parts from Cisco can sometimes have a significant lead time, but I need to install a larger image very soon. -- ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] 802.1w vs EoMPLS failover time
Sorry, our current situation is that during a spanning tree switchover, it encounters a buffer underrun error on the RAD box, and we are looking to see if perhaps a mpls TE tunnel with explicit paths (2 explicit paths plus a dynamic path) would help matters any as opposed to just layer 2 vlans. I'll look into FRR. Phil Bedard wrote: The part where you said what the RSTP convergence time was got lost somewhere. Just using a tunnel primary/secondary paths may not be quicker than RSTP. If you use FRR protection as well it may result in less traffic loss than RSTP. Some vendors have different behavior when the failure is on the actual ingress node than a transit node, so you may want to investigate that if you are using FRR. Phil On Oct 29, 2009, at 7:09 PM, Walter Keen wrote: I've got a jitter-sensitive application (voice DS3 over some RAD equipment) that we are testing, and I've got a rapid spanning tree ring through the below network. We have it down to during a spanning tree switchover (tested by adjusting the rapid-pvst cost on the trunk interface), and curious if people feel if EoMPLS with a mpls-TE tunnel would provide faster convergence in case of a failure, given a fairly vanilla OSPF as the IGP, and 2 explicit paths defined (A-D, then A-B-D), as the endpoints of this application are at A and D. I think I'm going to start testing this tomorrow or next week, but curious if anyone had any thoughts or suggestions. HW is 7600/RSP720 at A and B, 7600/SUP720 at D and C, all with 6724sfp cards for core-facing interfaces, and 6148 card (10/100) for RAD-facing interfaces. Network looks like A---D \--B---/ \--C-/ Or, A has a connection to D, A has a connection to B and C, B has a connection to D, C has a connection to D. ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/ -- Walter Keen Network Technician Rainier Connect (o) 360-832-4024 (c) 253-302-0194 ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] ubr npe-g2 vs 7200 npe-g2
I've used a npe-g2 card in a ubr before, but haven't tried the other way around. Joe Pruett wrote: Cisco UBR routers are used as cable CMTS devices... http://www.cisco.com/en/US/products/hw/cable/ps2217/index.html i understand the difference between the ubr and the regular 7200 series. i'm wondering about just the npe-g2 card. is there any difference between the npe version for ubr and the version for 7200? is it just a part number difference? or is there a physical difference of some sort? ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/ -- Walter Keen Network Technician Rainier Connect (o) 360-832-4024 (c) 253-302-0194 ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] 802.1w vs EoMPLS failover time
Sorry, yes. There is a jitter buffer however only configurable between 3 and 29 ms. When we tested it a 29ms, we noted a severe failure of all modem and most fax calls through this box. Phil Bedard wrote: Is there a jitter buffer on the RAD boxes you can adjust? Generally plain voice can deal with a decent amount of latency. If you can do a 50ms or higher jitter buffer, FRR may allow you to not underrun. Phil On Oct 30, 2009, at 10:55 AM, Walter Keen wrote: Sorry, our current situation is that during a spanning tree switchover, it encounters a buffer underrun error on the RAD box, and we are looking to see if perhaps a mpls TE tunnel with explicit paths (2 explicit paths plus a dynamic path) would help matters any as opposed to just layer 2 vlans. I'll look into FRR. Phil Bedard wrote: The part where you said what the RSTP convergence time was got lost somewhere. Just using a tunnel primary/secondary paths may not be quicker than RSTP. If you use FRR protection as well it may result in less traffic loss than RSTP. Some vendors have different behavior when the failure is on the actual ingress node than a transit node, so you may want to investigate that if you are using FRR. Phil On Oct 29, 2009, at 7:09 PM, Walter Keen wrote: I've got a jitter-sensitive application (voice DS3 over some RAD equipment) that we are testing, and I've got a rapid spanning tree ring through the below network. We have it down to during a spanning tree switchover (tested by adjusting the rapid-pvst cost on the trunk interface), and curious if people feel if EoMPLS with a mpls-TE tunnel would provide faster convergence in case of a failure, given a fairly vanilla OSPF as the IGP, and 2 explicit paths defined (A-D, then A-B-D), as the endpoints of this application are at A and D. I think I'm going to start testing this tomorrow or next week, but curious if anyone had any thoughts or suggestions. HW is 7600/RSP720 at A and B, 7600/SUP720 at D and C, all with 6724sfp cards for core-facing interfaces, and 6148 card (10/100) for RAD-facing interfaces. Network looks like A---D \--B---/ \--C-/ Or, A has a connection to D, A has a connection to B and C, B has a connection to D, C has a connection to D. ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/ -- Walter Keen Network Technician Rainier Connect (o) 360-832-4024 (c) 253-302-0194 -- Walter Keen Network Technician Rainier Connect (o) 360-832-4024 (c) 253-302-0194 ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
[c-nsp] 802.1w vs EoMPLS failover time
I've got a jitter-sensitive application (voice DS3 over some RAD equipment) that we are testing, and I've got a rapid spanning tree ring through the below network. We have it down to during a spanning tree switchover (tested by adjusting the rapid-pvst cost on the trunk interface), and curious if people feel if EoMPLS with a mpls-TE tunnel would provide faster convergence in case of a failure, given a fairly vanilla OSPF as the IGP, and 2 explicit paths defined (A-D, then A-B-D), as the endpoints of this application are at A and D. I think I'm going to start testing this tomorrow or next week, but curious if anyone had any thoughts or suggestions. HW is 7600/RSP720 at A and B, 7600/SUP720 at D and C, all with 6724sfp cards for core-facing interfaces, and 6148 card (10/100) for RAD-facing interfaces. Network looks like A---D \--B---/ \--C-/ Or, A has a connection to D, A has a connection to B and C, B has a connection to D, C has a connection to D. ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
[c-nsp] Router reccomendation
I'm looking for a box that can take in a gigabit connection, which will have 6 sites remotely connected each at 100mbit. It's likely that near full rate will be desired on the remote sites in this hub/spoke design. The customer has some 3750's and 2800 series routers, but I am looking to see if anyone has a recommendation on the 3750's passing 100mbit (routed) and something for a main site router that could aggregate 600mbit or more. ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] TACACs access filtered by device
We take it another step, using the linux tac-plus, specifying a acl for each user, and commands they can or cannot run The only problem we've run into is one user who needs higher access on one router but still limited access on another, we've gotten around that a little bit by setting privilege levels in the routers, and making tacacs send the privilege level data to router, but we still had one or two cases where one user had to have 2 usernames for different routers (and acl's to make sure they didn't use the wrong one on the wrong router) If anyone's interested, i can send an example offline. luismi wrote: Yes! seems to be pretty simple I will try it today :-D ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/ -- Walter Keen Network Technician Rainier Connect (o) 360-832-4024 (c) 253-302-0194 ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
[c-nsp] soft-disco/redirection
We're trying to formulate a plan to do a soft-disconnect or redirect users to a site where they can pay their bill online to get reconnected when they get disconnected for billing. Mostly we're talking about either bridged or pppoa dsl customers, or cablemodem customers. Using 7204's and 7246vxr respectively. Our intial thoughts included using some route-maps, but I was wondering if anyone had experience in doing this, and if there are any more graceful ways of doing this (including using snmp to trigger this instead of a scripted telnet session) -- Walter Keen Network Technician Rainier Connect ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
[c-nsp] 7500 for DSL aggregation - RSP memory error?
I've got a 7507 with dual RSP8's attempting to use rsp-jsv-mz.124-8.bin configured for rpr-plus, but keep getting this around every 10 minutes or so. It results in a loss of connectivity for end-users of course, until the system recovers. My initial guess is something is wrong with the standby processor (slot 3) or perhaps the memory in it. I've had the tech pull it out to see if the system stabalizes and will bring it back to the lab if it does. Anyone else ran into this in the past? sea-agg-1# 2w5d: %TBRIDGE-4-NOVCFLOOD: No VC's configured for bridging on ATM4/1/0.669 2w5d: %RSP-3-ERROR: MD error 0081 -Traceback= 0x40588B14 0x405891CC 0x405892F0 0x4058A978 0x404CFA54 2w5d: %RSP-3-ERROR: Cybus1 parity error (bytes 0:7) 04 -Traceback= 0x40588CDC 0x405891CC 0x405892F0 0x4058A978 0x404CFA54 2w5d: %RSP-3-ERROR: bus command write 8bytes (0x7) -Traceback= 0x40588930 0x40588CF8 0x405891CC 0x405892F0 0x4058A978 0x404CFA54 2w5d: %RSP-3-ERROR: physical address (bits 20:12) 0E2000 -Traceback= 0x40588A50 0x40588CF8 0x405891CC 0x405892F0 0x4058A978 0x404CFA54 2w5d: %RSP-3-ERROR: virtual address (bits 23:17) 6E -Traceback= 0x40588A74 0x40588CF8 0x405891CC 0x405892F0 0x4058A978 0x404CFA54 2w5d: %VIP4-80 RM7000-3-MSG: slot5 VIP-3-MVIP_CYBUSERROR_INTERRUPT: A Cybus Error occured. 2w5d: %VIP4-80 RM7000-1-MSG: slot5 CYASIC Error Interrupt register 0xB 2w5d: %VIP4-80 RM7000-1-MSG: slot5 Parity Error internal to CYA 2w5d: %VIP4-80 RM7000-1-MSG: slot5 Missing ACK on CyBus access 2w5d: %VIP4-80 RM7000-1-MSG: slot5 NACK present on CyBus access 2w5d: %VIP4-80 RM7000-1-MSG: slot5 CYASIC Other Interrupt register 0x100 2w5d: %VIP4-80 RM7000-1-MSG: slot5 QE HIGH Priority Interrupt 2w5d: %VIP4-80 RM7000-1-MSG: slot5 QE RX HIGH Priority Interrupt 2w5d: %VIP4-80 RM7000-1-MSG: slot5 CYBUS Error Cmd/Addr 0x8001A80, CYBUS Error Data 0x0 2w5d: %VIP4-80 RM7000-1-MSG: slot5 MPUIntfc/PacketBus Error register 0x0 2w5d: %VIP4-80 RM7000-1-MSG: slot5 IOBUS Error Interrupt Status register 0x4 2w5d: %VIP4-80 RM7000-1-MSG: slot5 Address/Command Strobe Timeout 2w5d: %VIP4-80 RM7000-1-MSG: slot5 IOBUS Error Address High 0x1C01 2w5d: %VIP4-80 RM7000-1-MSG: slot5 IOBUS Error Address Low 0xC 2w5d: %VIP4-80 RM7000-3-MSG: slot5 VIP-3-SVIP_RELOAD: SVIP Reload is called. 2w5d: %VIP4-80 RM7000-3-MSG: slot5 VIP-3-SYSTEM_EXCEPTION: VIP System Exception occurred sig=22, code=0x0, context=0x6199A8A8 2w5d: %RSP-3-ERROR: End of MEMD error interrupt processing -Traceback= 0x40589298 0x405892F0 0x4058A978 0x404CFA54 2w5d: %DBUS-3-CXBUSERR: Slot 5, CBus Error 2w5d: %DBUS-3-DBUSINTERRSWSET: Slot 5, Internal Error due to VIP crash 2w5d: %OSPF-5-ADJCHG: Process 10, Nbr 74.50.207.83 on FastEthernet5/1/0 from FULL to DOWN, Neighbor Down: Interface down or detached 2w5d: %RSP-3-ERROR: CyBus1 error 10 -Traceback= 0x40588DA8 0x405891F0 0x405892F0 0x4058A978 0x404CFA54 2w5d: %RSP-3-ERROR: command/address mismatch -Traceback= 0x40588E64 0x405891F0 0x405892F0 0x4058A978 0x404CFA54 2w5d: %RSP-3-ERROR: bus command read 8bytes (0x1) -Traceback= 0x40588930 0x40588F68 0x405891F0 0x405892F0 0x4058A978 0x404CFA54 2w5d: %RSP-3-ERROR: address offset (bits 3:1) 8 -Traceback= 0x40588A18 0x40588F68 0x405891F0 0x405892F0 0x4058A978 0x404CFA54 2w5d: %RSP-3-ERROR: virtual address (bits 23:17) 00 -Traceback= 0x40588A74 0x40588F68 0x405891F0 0x405892F0 0x4058A978 0x404CFA54 2w5d: %VIP4-80 RM7000-3-MSG: slot4 VIP-3-MVIP_CYBUSERROR_INTERRUPT: A Cybus Error occured. 2w5d: %VIP4-80 RM7000-1-MSG: slot4
Re: [c-nsp] 7500 for DSL aggregation - RSP memory error?
Yes, I believe it was you. We are trying to migrate from a 7200 to a 7500 to gain route processor redundancy. Our traffic is typically 20mbit peak from this site between 2 atm ds3's. Using radius, pppoa, and some dsl subs are behind NAT, but we're slowly weeding them out into having a typical dsl connection with a public ip. Probably about 1k subscribers, and in the next year or two we'll probably be moving them to an ethernet-based handoff from the carriers to us. Rodney Dunn wrote: Probably me. ;) There were some issues around DSL termination in to a VRF that would not work. The platform was never targeted for that market space so I wouldn't use it. 72xx, 10k, or ASR would be the pick. The ISR's on really really low end side. Rodney Buhrmaster, Gary wrote: I've never been brave enough to try a 7500 for dsl aggregation:) And while a memory parity error is probably hardware, I have this vague recollection that someone from Cisco (Rodney Dunn?) has on a couple of occasions recommended against using a 7500 for broadband aggregation, since the platform was simply not targeted or tested to that role. One *would* encounter things that do not work, and they would end up being won't fix on that platform. ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/ -- Walter Keen Network Technician Rainier Connect (o) 360-832-4024 (c) 253-302-0194 ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] Policing on a 3560
While it may not be ideal, I've run into some cases where match any was not available and matching an access list(that matched anything) was my only viable option. Justin Shore wrote: I'm having a little trouble doing something that should be simple. I'm using a 3560 as a CPE to break up multiple services and bind them to unique switchports. I don't normally use 3560s for this. The port in question is for a 10Mbp PtP with no SLA across our backbone. What I currently have is apparently not doing anything and I fail to see the flaw in my logic: class-map match-all ALL ! ! policy-map Re-color-BE description Police to 10Mbps CIR - Re-color ALL to BE class ALL police 1000 8000 exceed-action drop set ip dscp default This is my QoS trust boundary so I'm re-coloring to 0 and setting muy CIR to 10Mbps. The switch wouldn't let me define 'match any' in the class-map. I suspect that I'm not matching anything because of that. I want to match anything coming in that interface and police it to the CIR and drop everything else. I must be missing something but I'm not sure what it is. Is there something unique about this platform? The IOS is 12.2(50)SE1. Thanks Justin ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/ -- Walter Keen Network Technician Rainier Connect (o) 360-832-4024 (c) 253-302-0194 ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] BFD + BGP on 7600 SRC or SRD
I am looking to use it on vlan interfaces, I have one with 12.2(33)SRC2 and it appears to support the option in the config, but I wanted to know if there were known bugs before I deployed it. We have a situation where a peer currently connected via bgp at two locations has traffic routed to our voice softswitch, and are trying to provide an almost-realtime cutover between our two links to them in the event of a fiber cut. example topology CM | /\ A B || C--D---SS Forgive the bad ascii drawing. CM is the partner's CMTS, running eigrp between CM and A/B, all within their AS. Details of how many routers are between CM and A/B is unclear. C and D are our 7600 series routers, with a BGP link to A/B repsectively. C is connected via an electrical 100mbit connection, where the D portion of C-D and B-D is a Gig-E metro-ethernet connection, with the BGP session in a vlan (hence, if the fiber to D gets cut, B is unaware that the link is down until the bgp hold timers expire) SS is our softswitch, and there are voip cablemodems on the partners cmts (CM). In the event of a fiber cut to D, we want as fast of failover to the link through C as possible. There is also another route from C to D through another network, routing across it is not a problem, OSPF seems to do a decent job of that. The partner also is set on doing either static routing or BGP, and not wanting to introduce any other protocols into their edge routers for peering. What is the best option for this scenario? In the interim I've lowered the BGP timers so we have a hold time of 15sec, but that still means dropped calls. Justin Shore wrote: Walter Keen wrote: Hi, I'm looking at using BFD with BGP on 7600's (rsp720's and sup720-3b) and was wondering if there were any known issues with certain IOS's in the SRC or SRD train. BFD support for SVIs was removed with SRB2 if that's something that you think you'll need. Justin -- Walter Keen Network Technician Rainier Connect (o) 360-832-4024 (c) 253-302-0194 ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
[c-nsp] BFD + BGP on 7600 SRC or SRD
Hi, I'm looking at using BFD with BGP on 7600's (rsp720's and sup720-3b) and was wondering if there were any known issues with certain IOS's in the SRC or SRD train. -- Walter Keen Network Technician Rainier Connect ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
[c-nsp] Cisco 7600 rate limiting
Any suggestions on this? I'm trying to rate-limit a vlan at X mbit (4 in this case) and seeing rate-limiting working downstream to the customer but not when traffic is originating from the customer. Customer access is via a dot1q trunk (with a switch at the cust. site handing off untagged traffic for that vlan) 7600 hardware is a 7606-s, rsp720-3cxl, running 12.2(33)SRC2, with a single ws-6724sfp card. Both the dot1q trunk bringing in customer connections and the routed port it's destined for exist on the same card. class-map match-any RATELIMIT-4mbit match any policy-map TEST-4mbit description TESTING-ONLY class RATELIMIT-4mbit police cir 400 conform-action transmit exceed-action drop violate-action drop interface Vlan1060 ip address 69.10.218.9 255.255.255.248 service-policy input TEST-4mbit service-policy output TEST-4mbit ! ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] OSPF NSSA question
Are you sure you want to use NSSA areas instead of totally stubby areas? http://packetlife.net/blog/2008/jun/24/ospf-area-types/ Ruben Alvarez wrote: Hello, I have a question. I have recently setup a second OSPF area. The ABR has three routers connected to it (area 1) in a hub and spoke configuration. The routers get a default route to the ABR via default information originate. Now the ABR has all the N2 routes for the three routers. But so do all three routers, which isn't needed. They only have one interface and a default route. Is there a way I can ignore all routes in the area except the default route coming from the ABR? ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/ -- Walter Keen Network Technician Rainier Connect (o) 360-832-4024 (c) 253-302-0194 ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] Extended demarc
You're supposed to be able to go 100meters(roughly 330ft) with ethernet over Cat5e, but the longest run we've had to date is approximately 260ft with no issues going through a shared vault space very close to power lines and have not yet seen any poor performance due to the length or interference from power cabling. james edwards wrote: What is a real word limit on how far you can extend the demarc ? This is on Cat5e cable. I get wildly different figures from Google. Thanks, -- Walter Keen Network Technician Rainier Connect (o) 360-832-4024 (c) 253-302-0194 ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
[c-nsp] 7500 performance (was: Re: IO 7200 GE Improve Performance and help with the CPU Load?)
Speaking of CPU performance, does anyone have any feedback on the Cisco 7500 series, I'm considering using it instead of multiple 7204's to aggregate/terminate atm (9 oc3, 1 ds3) and T1 (channelized ds3) traffic, I'm looking at the RSP8, with vip4-80's and the appropriate PA's, and planning on doing etherchannel on (2) pa-fe's back to our core (7613) router. ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] network simulator
GNS is meant for router simulations, not switch simulations. Although, you can do some stuff with the 3600 series with 16ESW cards. Last time I checked there were some issues testing with spanning tree. Holemans Wim wrote: Just found out through google, will give it a try tomorrow. Thanks, Wim Holemans From: Michal Prazenka [mailto:michal.praze...@gtsce.com] Sent: maandag 18 mei 2009 19:35 To: Holemans Wim Cc: cisco-nsp@puck.nether.net Subject: Re: [c-nsp] network simulator Have you tried GNS3? Michal Holemans Wim wrote / napísal(a): I'm looking for a (free) network simulator that allows me to simulate a small network (20 switches) with different vlans on it. I want to test different scenario's : what happens if this switch goes down or that link goes down, how do the packets flow in each scenario for the different vlans... Anyone has a good reference to such a product ? Free would be nice but is no absolute condition. Thanks, Wim Holemans Netwerkdienst Universiteit Antwerpen ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/ ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/ ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
[c-nsp] OSPF fast convergence
When redesigning an OSPF service provider network, (default values, with many gig-e links). Aside from fixing link cost issues (100mbit is treated the same as gig-e at the moment) should I look at sub-second timers in OSPF 'ip ospf dead-timers minimal .' Or BFD. It looks like either would require an IOS upgrade, but I have seen lots of discussion about bugs in BFD. This is only for core interfaces (all cisco 7600 series). We'll be adding MPLS and iBGP on top of this after it's completed. ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
[c-nsp] DHCP server support for mysql configuration
Greetings, I've searched the archive, but I couldn't quite find what I was looking for. Does anyone know if it's possible to use SQL for the DHCP config? (defining address ranges, all the way to configuring dhcp reservations). Where I work, we use dhcp reservations for cablemodem provisioning, and occasionally we have a problem with the dhcp server (not) reloading after a provisioning change. ideally we'd like it to read from some type of sql db, and not have to reload on every modem add. We're using an older version (3.01?) of ISC DHCP now, but I wanted to know if anyone else had suggestions around this. ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] Classify geographical traffic with BGP
If you are not advertising any space, I would imagine an AS path filter on ISP-1 (limited to 1 or 2 hops, if that works for you) and no AS path filter on ISP-2 would do the trick. You would want a floating static default route(s) for outbound traffic redundancy. Now, if you are advertising space, as path prepending may be one way to go as far as inbound traffic goes, but it gets messy in a situation like this one. If you prepend your AS number too many times out ISP1, then traffic you may have wanted to come in ISP1 may see ISP2 as a closer route (less AS hops). Burak Dikici wrote: Hello , I have got one internet router running BGP , and this router has got connections with two different ISPs. One of the ISP is local for my country and the other ISP's location is outside of my country. I want to classify geographical traffic with BGP. For example , local traffic to my country will go through ISP-1 (local ISP) , outside traffic to my country will go through ISP-2 (outside of my country ISP). What i have to do to achieve that kind of configuration ? If i have to use AS path filter , how can i find the local ISP AS path numbers and how can i configure AS path filter for this request ? Is that enough using the as-path filter just for the national ISP or should i use it for international ISP also ? If i use AS-path filter for both ISP connections , what will happen to redundancy ? I mean , for example i filter national AS numbers at the international ISP connection and deny them. Secondly , i filter national AS numbers at the national ISP connection , permit them and the other AS numbers will be denied. In this situation , what will happen if the local ISP connection goes down ? Because of filtering of the national AS numbers at the international ISP connection , the BGP table doesn't take any updates from the local AS numbers. I hope , i could explain the situation correctly. Kind Regards... Burak Dikici ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/ ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] carrier router models comparison
Backplane speed per slot I would imagine. Imagine the 7600 and it's 10-port 10Ge card. If it only has 40gb on the backplane or fabric for that slot... well... lets hope all 10 ports aren't utilized to 100% at all times, It's a little over 2:1 over-subscription for the example I gave. Mateusz Blaszczyk wrote: What's the difference between 40g/slot and 100g/slot ready ? Is it like vista ready? I would assume (wrongly?) that this is a hw limit? Best Regards, -mat ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] DNS Tool
Could you elaborate a little? We use Nagios to monitor other things, and use a DNS check plugin that simply does a dns query and reports if it successfully got an answer. I think there are other ones that will compare the answer to a known good answer you supply (wouldn't work well with something like Google.com or yahoo.com that does a lot of round robin entries) Mohammad Khalil wrote: Hey all is there any tool that can monitor the DNS behavior ?? for example , the resolving process and if there are any errors ?? Thanks _ Drag n’ drop—Get easy photo sharing with Windows Live™ Photos. http://www.microsoft.com/windows/windowslive/products/photos.aspx ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/ ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] Freeware management software
Try nagios or opennms, each are a little different. Nagios is a bit more customizable in service checks, but perhaps that has changed in the last few releases Walter Keen NETWORK TECHNICIAN RAINIER CONNECT -Original Message- From: Arne Larsen / Region Nordjylland a...@rn.dk Sent: Saturday, March 21, 2009 8:47 AM To: cisco-nsp@puck.nether.net cisco-nsp@puck.nether.net Subject: [c-nsp] Freeware management software Hi Folks. Can someone give me a hint, I'm looking for freeware management software like NMIS. Software that can provide reachability, availablility an health scores. NMIS Dashboard doesn't seem to scale in large network. I like the dashboard off NMIS, it's easy for anyone to understand the red green function.. But it can't discover devices, it's a static configuration imnplementing NMIS. Does anyone know off freeware software ala HP Openview. /Arne ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/ ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] Exceeding the bandwidth points on a 7200
I think there was a supportable way of adding another module via the IO slot using a special card in the IO slot that provides you with a PA slot that doesn't count towards the BW points of the other busses if I remember correctly. Justin Shore wrote: I have a situation on a 7206VXR w/ a NPE-G1 where I need to add a MC DS3 module. The box already has 4 PA-A3-OC3SMI PAs. I'd like to add a PA-MC-T3 to the box as well. I know that the OC3 PAs max the bandwidth points out for each PCI bus. However the OC3s are very lightly loaded. Looking back at the graphs I don't see any of the 4 peaking over 5Mbps. That may seem surprising considering that there are nearly 1000 PVCs configured on those 4 OCs for DSL customers; the DSLAMs are very low-end, can only do basic ADSL, and the uplinks restrictthe average access speeds to extremely low levels. So my question is what happens when I exceed the bandwidth points on a 7200 where I know that bandwidth from the existing PAs won't ever be a problem? The box as a whole peaks at around 12-15Mbps on its uplinks. That G1 is truly bored, averaging below 10% utilization. I know that IOS will bitch about it on boot but it will still continue to work won't it? Any other side effects (other than TAC not liking it if they see it until I demonstrate with the graphs that it's not a problem)? Thanks Justin ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/ ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] 7206 NON VXR
NPE-225, I believe Samantha (Regional Connect) wrote: Hey Guys What is the max processor board I can use with a non vxr chasis? Thanks Samantha ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/ ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
[c-nsp] (off-topic) IP Management
This may be off-topic, but I'm not sure what lists to ask this in. We are looking for an IP management system, and are considering ipplan. Has anyone using this integrated it into ARIN's rwhois server, or what system do you use (preferably that ties into rwhois or has it built-in) to manage IP's. ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
[c-nsp] Cisco 7600 WS6724-SFP link doesn't come up without intervention
Greetings, has anyone seen the following condition? WS-6724SFP with multiple LH , SX, and T connections, that operate normally when a link fails and is restored (meaning, either through far-end failure or shutdown command on that interface, then failure-resolution or 'no shut'), but one ZX-connected link that will not come back up if there is a loss of sync, until you physically unplug the fiber jumper, and plug it back in. We've tried many ZX gbics with no change, and the distance is approximately 38km. Other ZX connected devices (at a distance of about 22km) do not show this behavior. The far end of this troubled link is a metro-ethernet provider who indicates there is no configuration problems on their end, nor any errors they can detect. ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] VRF and BGP ?
I use VRF's quite a bit on 7600 and other platforms with internal OSPF neighbors. So long as the interfaces you are connecting with (dot1q vlan's in my case most of the time) are associated with that vrf, you should be able to do so, although, I've never tried to leak routes from the global routing table into a VRF, or use BGP (in OSPF there is a vrf tag you must use if I remember correctly). Using VRF's will give you a seperate routing table isolated from your global routing table however. I'm not an expert on this subject so if anyone has corrections, please chime in. Jeff Fitzwater wrote: I am running 12.2.SXI on a 6500 with sup-720 I currently have 3 full BGP peers with two on I1 and one on I2. I now need a fourth peer with ESNet (gov ISP) but only allow two /22 net from Princeton U. access to ESNet. My dilemma is how to only let the two nets see the additional ESNet routes so that no other host on campus will try and use the ESNET routes and fail. I have not used the VRF feature yet, but it appears that it might do the trick if I can create a separate routing domain with just ESNet routes, and then point only the two nets to the VRF so they check the ESNet table first and if not present fall thru to the global table. I should be able to use a ROUTE-MAP to accomplish this. From the doc it states that I can create a VRF and import routes from the global table but that means everybody will still see the routes to ESNet ( I would guess anyway). Can I peer directly with the VRF without doing an import from the global table so only it has the ESNet routes? Does anybody have any suggestions on this issue? Thanks for any help. Jeff Fitzwater OIT Network Systems Princeton University ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/ ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] learned routes disappear
I would turn on debugging and see if 1:15m corresponds to one of the BGP nexthop scanning or other events. Don't leave debugging on any longer than needed on production systems. If you can replicate in a lab scenario, that would be ideal. One thing that looks odd, is that you have 2 different update-source interfaces listed on RouterA's neighbor configuration for RouterB Paul A wrote: Hi, I'm having a bgp issue I can't figure out and hoping someone has ran into this. I have two routers, router A and router B doing bgp. Router A is advertising 5 routes to router B, when the session 1st comes up, router B has 5 routes received from router A. After 1:15 min the learned routes on router B disappear. Router A Learns the routes from one of my bgp customers. neighbor 2xx.xx.xx.xx description xxx neighbor 2xx.xx.xx.xx update-source FastEthernet1/43 neighbor 2xx.xx.xx.xx default-originate neighbor 2xx.xx.xx.xx prefix-list PxxPL-IN in neighbor 2xx.xx.xx.xx route-map PLIN in neighbor 2xx.xx.xx.xx filter-list 109 in neighbor 2xx.xx.xx.xx filter-list 2 out neighbor 2xx.xx.xx.xx remote-as xxx neighbor 2xx.xx.xx.xx update-source Loopback0 neighbor 2xx.xx.xx.xx next-hop-self it advertises them to the configured neighbor on router A neighbor 216.xxx update-source Loopback0 neighbor 216.xxx next-hop-self neighbor 216.xxx filter-list 1 in neighbor 216.xxx filter-list 1 out If I clear the bpg session or when the session 1st comes up on router B, I see the routes but then they disappear after 1:15 min. Thanks PA ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/ ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
