Re: [c-nsp] automating iptables in the bash shell on Cisco NXOS
Not with ACL on mgmt0 port? Krunal On Wed, Aug 11, 2021 at 3:23 PM Drew Weaver wrote: > Hello, > > I have no idea why they did this but in NXOS the only way to control who > can connect to NXAPI is by dropping into the Linux shell and playing around > with iptables. > > How do you backup/restore those settings in an automated workflow? Like.. > copy tftp... etc. > > Thanks, > -Drew > > ___ > cisco-nsp mailing list cisco-nsp@puck.nether.net > https://puck.nether.net/mailman/listinfo/cisco-nsp > archive at http://puck.nether.net/pipermail/cisco-nsp/ > ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
[c-nsp] Cisco 7609 packet punted to CPU
We have issue that I have been dealing with TAC engineer from last 3 weeks now. Platform is Cisco 7609 with 15(3)S3 advipservice with all 6708 DFC3CXL line card running MPLS and full BGP table imported into a VRF. We are getting traffic punted to CPU from one specific line card. We replaced the line card and still getting same issue. Looking at some CLI remote command module 1 show mls cef mpls | ex drop shows all MPLS lables as punt but same lables from other line cards and SP are showing recirc #remote command module 1 show mls cef mpls | ex drop #remote command module 2 show mls cef mpls label 16 Codes: + - Push label, - - Pop Label * - Swap Label, E - exp1 Index LocalLabel Out i/f Label Op 2323 16 (EOS)(-)recirc #remote command module 1 show mls cef mpls label 16 Codes: + - Push label, - - Pop Label * - Swap Label, E - exp1 Index LocalLabel Out i/f Label Op 12264 16 (EOS) punt Has anyone run into this issue before and what could have trigger this and how to fix it? Krunal ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] 67xx cards and full tables
Thnx James, Basically I wanted to push management to enable IPv6 and get transit circuit. But it is hard to justify cost vs benefit. So I wanted to check if I can enable it with existing hardware. I am also running 15.3(3)S6 code for all internet facing routers. Krunal On Thu, Nov 24, 2016 at 9:55 AM, James Bensley <jwbens...@gmail.com> wrote: > On 23 November 2016 at 22:02, krunal shah <krun.s...@gmail.com> wrote: > > Hello, > > > > Is there anyone importing full table IPv4 and IPv6 in 6708 line cards? > > > > I am looking to see if any operational issues with installing full BGP > > table in a VRF both IPv4 and IPv6 in VRF from more than 2 BGP sources on > > 7600 router with RSP720-3CXL 4GB RP and 2GB SP memory. I also need some > > room for MPLS routes may be around 2000 IPv4 routes and lables. > > > > System has only one VRF and and allocating labels per VRF. > > > > #sh mls cef maximum-routes > > FIB TCAM maximum routes : > > === > > Current :- > > --- > > IPv4 + MPLS - 768k (default) > > IPv6- 127k > > IP Multicast- 1k > > > > Looking to see how much memory (show memory statistics) and processor > > utilization. > > > Hi Kruanl, > > You can run the full IPv4 and IPv6 tables on 6708 cards with > RS720-3CXL assuming DFC-3CXL on the line cards. This is an Internet > facing 7606 we have with such a configuration. Sadly this box has 2GB > of RP RAM not 4GBs, but not many of our 7600s have the full table. The > box is running 15.3(3)S6. Note that the full table is in the GRT not a > VPN for this box, we see the IPV4 BGL table as about 610k routes so we > have about 50k VPNv4 routes. If you are using per-VRF labels then I > wouldn't expect any more memory usage than we have below as we are > using a mixture of per-prefix and per-vrf so ours is probably higher > than what yours would be. > > Overall its "ok" with 2GBs of SP RAM but I wouldn't recommend > deploying this now, its time to move away from these 7600s. We have > some MX480s in the same racks and we are migrating stuff over. It > "will work" with what you have suggested but it won't have much > longevity. Also a BGP bounce on the transit bounce does NOT go > unnoticed. > > Cheers, > James. > > > > 7606-S-15.3(3)S6#show memory statistics > HeadTotal(b) Used(b) Free(b) Lowest(b) > Largest(b) > Processor 13FCECD8 1677923112 1191216368 486706744 474380240 > 479577996 > I/O 7800 134217728500413768417635283398176 > 83923804 > > > 7606-S-15.3(3)S6#show platform hardware capacity forwarding > L2 Forwarding Resources >MAC Table usage: Module Collisions Total Used > %Used > 50 98304879 > 1% > 60 98304897 > 1% > > L3 Forwarding Resources > Module FIB TCAM usage: Total > Used %Used >5 72 bits (IPv4, MPLS, EoM) 901120 > 797960 89% > 144 bits (IP mcast, IPv6) 73728 > 32647 44% > > detail: ProtocolUsed > %Used > IPv4 664911 > 74% > MPLS 133045 > 15% > EoM4 > 1% > > IPv6 32640 > 44% > IPv4 mcast 4 > 1% > IPv6 mcast 3 > 1% > > Adjacency usage: TotalUsed > %Used >1048576 210850 > 20% > L3 Forwarding Resources > Module FIB TCAM usage: Total > Used %Used >6 72 bits (IPv4, MPLS, EoM) 901120 > 797960 89% > 144 bits (IP mcast, IPv6) 73728 > 32647 44% > > detail: ProtocolUsed > %Used > IPv4 664911 > 74% > MPLS 133045 > 15% > EoM4 > 1% > > IPv6
[c-nsp] 67xx cards and full tables
Hello, Is there anyone importing full table IPv4 and IPv6 in 6708 line cards? I am looking to see if any operational issues with installing full BGP table in a VRF both IPv4 and IPv6 in VRF from more than 2 BGP sources on 7600 router with RSP720-3CXL 4GB RP and 2GB SP memory. I also need some room for MPLS routes may be around 2000 IPv4 routes and lables. System has only one VRF and and allocating labels per VRF. #sh mls cef maximum-routes FIB TCAM maximum routes : === Current :- --- IPv4 + MPLS - 768k (default) IPv6- 127k IP Multicast- 1k Looking to see how much memory (show memory statistics) and processor utilization. Krunal ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
[c-nsp] monitoring forwarding engine usage in N7K
hi all, Is there a SNMP OID to monitor Forwarding engine usage for M132 XL line card in N7K with 6.2 code # show hardware capacity forwarding | b Engine Forwarding Engine Usage --- Module inst pps peak pps 7 1 3776323 6000 @Sun Apr 12 05:26:51 2015 Krunal ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] 6VPE on 7600 RSP720 3CXL
We currently have 560163 routes in Internet VRF for IPv4, with 120K available for IPv6, My BGP process is taking ~456MB memory. Router is running fairly new IOS15.2(4)S4a. We only import default routes per VRF per PE for IPv4 and same plan for IPv6. any future scale limit? Krunal On Tue, Oct 20, 2015 at 11:42 AM, Pete Templin <peteli...@templin.org> wrote: > Just a tiny tidbit related to TCAM reallocation, make sure the SP > bootvar's config register matches the RP bootvar's config register. In > tech-speak, 'sh bootv | i eg' should match 'rem com sw sh bootv | i eg'. If > it doesn't, "conf t; config-register 0x2142; end; conf t; config-register > 0x2102; end; copy run start" and recheck. A mismatch in how the SP > pre-configures itself is immaterial for the basics of IOS configuration > stuff, but fatal with respect to TCAM; the box will forcibly reload after 5 > minutes endlessly until fixed. > > > On 10/20/2015 1:55 AM, James Bensley wrote: > >> On 14 October 2015 at 13:32, krunal shah <krun.s...@gmail.com> wrote: >> >>> hi NSPs, >>> >>> Is any one doing 6VPE and importing full IPv4 and IPv6 routes in same >>> VRF? >>> >>> I am planning to implement full IPv6 and IPv4 routes in same VRF that is >>> used for internet service and other PE routers would only get subset or >>> default routes. Suip has 4 GB of memory, My 1M TCAM space is carved with >>> >>> FIB TCAM maximum routes : >>> === >>> Current :- >>> --- >>> IPv4- 768k >>> MPLS- 16k (default) >>> IPv6 + IP Multicast - 120k (default) >>> >> >> We are not doing this on any 7600 's but will be shortly so we'll >> start testing soon. Our 7600's are being bumped up to 15.3(3)S6, all >> running with RSP720-3XCL-10GE's and the TCAMs will be repartitioned, >> this will then hopefully see them out until they are decomissioned. >> >> The TCAMs need reallocating as they are currently carrying a lot of >> VPNv4 routes as well as the full IPv4 table and 6VPE was not >> envisioned, however your partitioning of the TCAM seems a litte too >> favourable for IPv6 for our needs; >> >> FIB TCAM maximum routes : >> === >> Current :- >> --- >> IPv4 + MPLS - 960k (default) >> IPv6- 16k >> IP Multicast- 16k >> >> FIB TCAM usage: TotalUsed %Used >> 72 bits (IPv4, MPLS, EoM) 983040 658740 67% >> >> I will probably aim for 60k IPv6 routes, so it's enough to phase out >> the boxes and that's it. Be careful that these boxes will start to CPU >> switch packets before you run out of TACM. When you see these logs >> you're in trouble; >> >> %MLSCEF-SP-4-FIB_EXCEPTION_THRESHOLD: Hardware CEF entry >> usage is at 95% capacity for IPv4 unicast protocol >> >> %MLSCEF-DFC4-7-FIB_EXCEPTION: FIB TCAM exception, Some >> entries will be software switched >> >> %MLSCEF-SP-7-FIB_EXCEPTION: FIB TCAM exception, Some >> entries will be software switched >> >> >> Cheers, >> James. >> ___ >> cisco-nsp mailing list cisco-nsp@puck.nether.net >> https://puck.nether.net/mailman/listinfo/cisco-nsp >> archive at http://puck.nether.net/pipermail/cisco-nsp/ >> >> > ___ > cisco-nsp mailing list cisco-nsp@puck.nether.net > https://puck.nether.net/mailman/listinfo/cisco-nsp > archive at http://puck.nether.net/pipermail/cisco-nsp/ > ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
[c-nsp] 6VPE on 7600 RSP720 3CXL
hi NSPs, Is any one doing 6VPE and importing full IPv4 and IPv6 routes in same VRF? I am planning to implement full IPv6 and IPv4 routes in same VRF that is used for internet service and other PE routers would only get subset or default routes. Suip has 4 GB of memory, My 1M TCAM space is carved with FIB TCAM maximum routes : === Current :- --- IPv4- 768k MPLS- 16k (default) IPv6 + IP Multicast - 120k (default) Just want to make sure that this can be achieved. Krunal ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] NAT on Cisco ASA
Since server 1 and server 2 both are in same subnet the ARP entry for each server resolves to each server's MAC address so you cannot do this via going thru the firewall unless you put another ASA inline between server 1 and server 2 and make it in bridge mode. OR try statically put ARP entry on server 2 point to ASA MAC address for 10.10.10.1 and vise versa. Krunal On Thu, Apr 12, 2012 at 12:59 PM, Ryan West rw...@zyedge.com wrote: On Thu, Apr 12, 2012 at 12:49:47, Covalciuc Piotr wrote: Subject: [c-nsp] NAT on Cisco ASA I know, the servers can communicate through local network (10.10.10.x). I'd like just to know if the communication between local servers can be established through NATed IP. If so, how it should be configured on ASA? Are you connecting to the NAT'd IP because of a public DNS record? If so, you could do a DNS rewrite to provide the local IP address when you query for the public. Just add the 'dns' keyword to the end of the statement. -ryan ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/ ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] Huawei NE40E-X3 vs Cisco AS9K
Consider Brocade MLX or MLXe Krunal On Wed, Sep 28, 2011 at 2:56 AM, Manuel Marín m...@transtelco.net wrote: Hi We are currently looking for alternatives to upgrade cisco 76XX routers and we are comparing Huawei NE40E-X3 vs Cisco ASR9K. I was wondering if someone can share their experience with Huawey routers as Core MPLS routers. Any advice would be greatly appreciated Thanks ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/ ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] what is best data center vendor ?
QFabric from Juniper Its indeed an engineering masterpiece. Listen to best resource to learn about it. http://packetpushers.net/show-51-juniper-qfabric/ Krunal On Sat, Sep 24, 2011 at 7:27 AM, Mohamed A. Monsef m.abdelmon...@gmail.comwrote: Hello Experts I'm studying data center products of different vendors and i see Cisco is marketing Nexus family switches as the best switches can support virtualization and cloud computing applications in data center However i see Brocade has a large portfolio also with multiple success stories but no fabric solution is available for now what is the best vendor ? if anyone has experience with both vendors i need to hear your opinion ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/ ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] converting N5K to FI6100
Thank you for reply. UCSPE is good option for lab use but it has some limitation. Krunal On Fri, Jul 8, 2011 at 1:54 AM, Andrew Dorsett vtadors...@gmail.com wrote: Why not download and run the UCS Platform Emulator? Andrew On Thursday, July 7, 2011, krunal shah krun.s...@gmail.com wrote: Does anyone get any success to convert N5K to FI 6100?? As far as I know both uses same chassis. i tried install all it fails at image verification check. Then I broke in to kickstart mode and tried to load the FI system image it does not load. Then I broke into loader mode then tried to load FI's kickstart image it failed as well. I want to achieve this goal to save cost for lab purpose. We have already two 5010s and we do not want to spend more money in buying two extra 6100s for UCS cluster. So when some wants to practice on UCS cluster we can load UCS FI's image on 5010 chassis and convert into 6100 when UCS cluster is not being used we can load 5010 image and practice with N5Ks. Krunal ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/ ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] vs upgrading Nexus 5000 and 2000
Do not use 5.0.2 check following. http://www.cisco.com/en/US/docs/switches/datacenter/sw/5_x/nx-os/deferral/Deferral_Notice_N7K_502.html You can shut down the Fex portchannel interfaces on the switch upgrade the code on switch. This way you can save some traffic disruption. Krunal On Tue, Jun 7, 2011 at 10:19 AM, Arne Larsen / Region Nordjylland a...@rn.dk wrote: Hi all When upgrading a Nexus5K setup with dual homed extenders, is it possible to control the reboot of the extender. If I put the installation into pending mode, and upgrade one of the 5K's, can I then reboot them one by one. We are going from 4.1.3 to 5.0.2 /Arne ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/ ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] vs upgrading Nexus 5000 and 2000
My bad URL was for Nexus 7K. Not 5K. Krunal On Tue, Jun 7, 2011 at 1:15 PM, krunal shah krun.s...@gmail.com wrote: Do not use 5.0.2 check following. http://www.cisco.com/en/US/docs/switches/datacenter/sw/5_x/nx-os/deferral/Deferral_Notice_N7K_502.html You can shut down the Fex portchannel interfaces on the switch upgrade the code on switch. This way you can save some traffic disruption. Krunal On Tue, Jun 7, 2011 at 10:19 AM, Arne Larsen / Region Nordjylland a...@rn.dk wrote: Hi all When upgrading a Nexus5K setup with dual homed extenders, is it possible to control the reboot of the extender. If I put the installation into pending mode, and upgrade one of the 5K's, can I then reboot them one by one. We are going from 4.1.3 to 5.0.2 /Arne ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/ ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] cisco-nsp Digest, Vol 102, Issue 56
hi Duleep, Check this out Figure 1-2 http://www.cisco.com/en/US/docs/switches/datacenter/nexus2000/hw/installation/guide/overview.html#wp1269322 I have posted this question on support forum of Cisco, it is used mostly by manufacturer. I am interested to see if we boot N2K without configuring using any parent switch what would it show on this console port. https://supportforums.cisco.com/message/3367944#3367944 Krunal On Sat, May 28, 2011 at 4:27 PM, Duleep Pillai duleeppil...@yahoo.comwrote: I have used N2248, but haven't seen any HDMI on it. Totally managed by the 5K. ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
[c-nsp] HDMI port in Nexus 2000
All models of the nexus 2000 are having HDMI port?? Installation guide says it is for console connectivity. There was no special cable supplied with Nexus 2000. anyone tried to use that port? I want to what type of cable connector to use to console in to the FEX. I know FEX can be consoled in using attach fex 101 command but I want to try it using htis HDMI port. Krunal ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] SXJ - The good, the bad, the ugly?
From Release notes Release 12.2(33)SXJ and later releases do not support Cisco IOS Software Modularity. With redundant supervisor engines, eFSU upgrade from a Cisco IOS Software Modularity image to a Release 12.2(33)SXJ image might result in a significant delay before the switch becomes active; the switch will be in the RPR redundancy mode. Krunal On Mon, May 2, 2011 at 7:04 PM, ML m...@kenweb.org wrote: SXJ appears to have been in the wild for about month. Has anyone been playing with it? Seen any nasty bugs yet? ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/ ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
[c-nsp] Ignore counters on 2950 switch
hi I am troubleshooting increasing ignore counts on 2950 to 2950 switch to switch interface. This counter is increasing at same rate as no-buffer under show interface. When I did show interface fast 0/2 counter errors The counter rcv-error also increasing at same rate. There are 4 2950 switches connected in ring topology and all switch to switch ports has ignore errors with no-buffer and rcv-error. 2950#sho run int f0/2 Building configuration... Current configuration : 57 bytes ! interface FastEthernet0/2 speed 100 duplex full end 2950#sho int f0/2 counters error PortAlign-ErrFCS-Err Xmit-ErrRcv-Err UnderSize Fa0/2 0 0 0 1759 0 Port Single-Col Multi-Col Late-Col Excess-Col Carri-Sen Runts Giants Fa0/2 0 0 0 0 0 0 0 2950#sho int f0/2 FastEthernet0/2 is up, line protocol is up (connected) Hardware is Fast Ethernet, address is 0009.7c58.9482 (bia 0009.7c58.9482) MTU 1500 bytes, BW 10 Kbit, DLY 100 usec, reliability 255/255, txload 1/255, rxload 1/255 Encapsulation ARPA, loopback not set Keepalive set (10 sec) Full-duplex, 100Mb/s, media type is 100BaseTX input flow-control is unsupported output flow-control is unsupported ARP type: ARPA, ARP Timeout 04:00:00 Last input 00:00:03, output 00:00:01, output hang never Last clearing of show interface counters 2d01h Input queue: 0/75/0/0 (size/max/drops/flushes); Total output drops: 0 Queueing strategy: fifo Output queue: 0/40 (size/max) 5 minute input rate 34000 bits/sec, 4 packets/sec 5 minute output rate 39000 bits/sec, 5 packets/sec 3721996 packets input, 2706010843 bytes,* 1759 no buffer* Received 26164 broadcasts (18616 multicast) 0 runts, 0 giants, 0 throttles 0 input errors, 0 CRC, 0 frame, 0 overrun, *1759 ignored* 0 watchdog, 18616 multicast, 0 pause input 0 input packets with dribble condition detected 2977227 packets output, 1049227263 bytes, 0 underruns 0 output errors, 0 collisions, 0 interface resets 0 babbles, 0 late collision, 0 deferred 0 lost carrier, 0 no carrier, 0 PAUSE output 0 output buffer failures, 0 output buffers swapped out 2950#sho int tru PortMode Encapsulation StatusNative vlan Fa0/1 desirable802.1q trunking 1 Port Vlans allowed on trunk Fa0/1 1-4094 PortVlans allowed and active in management domain Fa0/1 1 PortVlans in spanning tree forwarding state and not pruned Fa0/1 1 From my research I have been able to find out following. Ignored:- Shows the number of received packets ignored by the interface because the interface hardware ran low on internal buffers. These buffers are different from the system buffers mentioned previously in the buffer description. Broadcast storms and bursts of noise can cause the ignored count to be increased. No buffers:- Gives the number of received packets discarded because there was no buffer space in the main system. Compare this with the ignored count. Broadcast storms on Ethernet networks are often responsible for no input buffer events. Rcv-err in show interface fast 0/1 counter error Receive error are seen on port Fa0/1.This indicates that the receive buffers are full and could lead to packet loss. This counter also increments when there is excessive traffic through the switch. All above 3 counters are increasing with exactly same rate. When I looked at the interface traffic its very low and in some kbps. There are no VLANs on any of the switch and all users connected to the switch are in same broadcast domain. Can anyone help in finding out reason for this counters and how to reduce it?? Krunal ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] ACE probes failing
Check the exit code at the time of probe failure in show probe probe_name detail (Last status code) Krunal On Mon, Nov 22, 2010 at 12:32 PM, Alex Wa awain...@yahoo.com wrote: Hi guys, I ran into a weird issue in one of our load balancers (ACE 4710) and i was wondering if you guys out there have found the same behavior. for a couple of minutes all TCP probes failed but HTTP didn't, logs still show open and closed connection to front end and back end servers. the issue self recovered after a couple of minutes. any clues, hint on where to look further. any help would be highly appreciated Alejandro ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/ ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] Sup 720 - a very high number SP - RP crash
I got a case opened for one of our issue and TAC provided following bug * CSCso87348- Corruption in subflow code Symptoms: A Catalyst 6500, Cisco 7600 or Cisco 7200 router may reload unexpectedly. Additionally, this single ddts can affect T train platforms on limited releases as detailed below. Conditions: Occurs when NetFlow is configured. Workaround: Disable NetFlow. This is done with the following commands: no ip flow ingress no ip flow egress no ip route-cache flow Enter the appropriate command for each subinterface for which NetFlow is currently configured. Other Notes: 12.4(23) is affected by this ddts. The fix is in releases thereafter for 12.4. The 12.2SRC and 12.2SXH code trains are affected. The specific versions affected are 12.2(33)SXH, 12.2(33)SXH1, 12.2(33)SXH2, 12.2(33)SXH2a, 12.2(33)SRC, and 12.2(33)SRC1 * The issue is fixed in the two affected code trains from the 12.2SXH3 and 12.2SRC2 releases onwards. Krunal On Sat, Jul 24, 2010 at 2:47 PM, Youssef Bengelloun-Zahr yous...@720.frwrote: Hello, That's fully beause I had the exact problem recently, late may / beginning of june. I even posted a thread about it here. One of my boxes (6k5 with 2 sup720-3bxl) running 12.2(33)SXH2a rebooted on it's own. Load average of the box was around 8-10% at the crash time. Crashfile showed a small number of errors on the EOBC. Funny because the EOBC is supposed to avoid this kind of things AFAIK !?! I'm interested in any feedbacks on this one. Thanks. Regards. Y. Le 23 juil. 2010 à 09:01, krunal shah krun.s...@gmail.com a écrit : IOS is normally 12.2(33) SXHxx and SXIxx series. Not sure about the CPU load at the time of switch crash but looks like EOBC channel reamins full from traffic. I dnt know if CoPP solves this problem. Krunal On Fri, Jul 23, 2010 at 9:38 AM, Phil Mayers p.may...@imperial.ac.uk wrote: On 23/07/10 14:25, krunal shah wrote: hi, I have been seeing a very high number of supervisor 720 (WS-SUP720) crashes in many customer's environment. Bassically the SP stops receiving the heart beats from RP. Which IOS version? What does the CPU load look like on the box? ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/ ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/ ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
[c-nsp] Sup 720 - a very high number SP - RP crash
hi, I have been seeing a very high number of supervisor 720 (WS-SUP720) crashes in many customer's environment. Bassically the SP stops receiving the heart beats from RP. Following error is very common reasons seen sometimes for SP and sometimes for RP. For SP %CPU_MONITOR-SP-6-NOT_HEARD: CPU_MONITOR messages have not been heard for 150 seconds [6/1] %CPU_MONITOR-SP-3-TIMED_OUT: CPU_MONITOR messages have failed, resetting system [6/1] For RP %CPU_MONITOR-6-NOT_HEARD: CPU_MONITOR messages have not been heard for %d seconds [%d/%d] CPU monitor messages have not been detected for a significant amount of time. [dec] is the number of seconds. A timeout is likely to occur soon, which will reset the system. This error can be caused by a badly seated module or by high traffic in the EOBC channel. *Recommended Action: *Verify that all modules are seated properly in the chassis. Pull out the module mentioned in the message and inspect the backplane and module for bent pins or hardware damage. If the message persists after reseating all the modules, a hardware problem may exist, such as a defective module or chassis. Is this common problem that anybody also seeing in their 6500s with sup720? Is this a common hard defect with EOBC channel that blocks the communication between RP and SP? If so what are the preventive actions ?? Krunal ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] Sup 720 - a very high number SP - RP crash
IOS is normally 12.2(33) SXHxx and SXIxx series. Not sure about the CPU load at the time of switch crash but looks like EOBC channel reamins full from traffic. I dnt know if CoPP solves this problem. Krunal On Fri, Jul 23, 2010 at 9:38 AM, Phil Mayers p.may...@imperial.ac.ukwrote: On 23/07/10 14:25, krunal shah wrote: hi, I have been seeing a very high number of supervisor 720 (WS-SUP720) crashes in many customer's environment. Bassically the SP stops receiving the heart beats from RP. Which IOS version? What does the CPU load look like on the box? ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/ ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] Cisco 6509 reboots on its own... again...
There must be two crashinfo files for SP and RP and show tech-support. You need to collect it when you contact tech support. TAC usually has decoders from their developer to decode hex values in traceback. -Traceback= 41183348 41180F04 40DADF40 40FFA1CC 40FFA4D8 40752F58 40752F44 Krunal On Mon, Jul 5, 2010 at 5:36 AM, Youssef Bengelloun-Zahr yous...@720.frwrote: Hello, I have a c6509 with redundant SUP720-3BXL (s72033-advipservicesk9_wan-mz.122-33.SXH2a.bin) that's rebooted on its own this morning. FYI, the same router reboot 3 weeks ago unexpectedly ! Here is a trunkated output of the crashfile info : Jun 11 06:48:29.377: %PFREDUN-SP-6-ACTIVE: Standby initializing for SSO mode Jun 11 06:48:29.377: %SYS-SP-3-LOGGER_FLUSHING: System pausing to ensure console debugging output. Jun 11 06:48:29.377: %PFREDUN-SP-6-ACTIVE: Standby initializing for SSO mode Jun 11 06:48:29.569: %SYS-SP-3-LOGGER_FLUSHED: System was paused for 00:00:00 to ensure console debugging output. Jun 11 06:48:41.952: %PFINIT-SP-5-CONFIG_SYNC: Sync'ing the startup configuration to the standby Router. Jun 11 06:49:39.434: %FABRIC-SP-5-CLEAR_BLOCK: Clear block option is off for the fabric in slot 5. Jun 11 06:49:39.530: %FABRIC-SP-5-FABRIC_MODULE_BACKUP: The Switch Fabric Module in slot 5 became standby Jun 11 06:49:42.850: %DIAG-SP-6-RUN_COMPLETE: Module 5: Running Complete Diagnostics... Jun 11 06:49:44.819: %DIAG-SP-6-DIAG_OK: Module 5: Passed Online Diagnostics Jun 11 06:49:48.673: %OIR-SP-6-INSCARD: Card inserted in slot 5, interfaces are now online Jun 11 09:53:37.178: %PFINIT-SP-5-CONFIG_SYNC: Sync'ing the startup configuration to the standby Router. Jun 11 13:02:59.715: %PFINIT-SP-5-CONFIG_SYNC: Sync'ing the startup configuration to the standby Router. Jun 11 13:04:16.254: %PFINIT-SP-5-CONFIG_SYNC: Sync'ing the startup configuration to the standby Router. Jun 14 09:00:28.800: %PFINIT-SP-5-CONFIG_SYNC: Sync'ing the startup configuration to the standby Router. Jun 14 09:05:08.864: %PFINIT-SP-5-CONFIG_SYNC: Sync'ing the startup configuration to the standby Router. Jun 17 08:35:59.058: %PFINIT-SP-5-CONFIG_SYNC: Sync'ing the startup configuration to the standby Router. Jun 17 08:39:58.941: %PFINIT-SP-5-CONFIG_SYNC: Sync'ing the startup configuration to the standby Router. CMD: 'sh mls cef summary ' 11:31:24 UTC Thu Jun 17 2010 CMD: 'exit' 11:31:25 UTC Thu Jun 17 2010 CMD: 'sh mls cef statistics ' 11:32:01 UTC Thu Jun 17 2010 CMD: 'sh mls cef maximum-routes ' 11:32:21 UTC Thu Jun 17 2010 CMD: 'sh mls cef rpf ' 11:33:07 UTC Thu Jun 17 2010 CMD: 'show mls acl inconsistency' 12:18:44 UTC Thu Jun 17 2010 Jun 21 08:14:58.161: %PFINIT-SP-5-CONFIG_SYNC: Sync'ing the startup configuration to the standby Router. Jun 22 08:15:53.784: %PFINIT-SP-5-CONFIG_SYNC: Sync'ing the startup configuration to the standby Router. Jun 22 11:56:07.044: %PFINIT-SP-5-CONFIG_SYNC: Sync'ing the startup configuration to the standby Router. Jun 22 11:58:40.637: %PFINIT-SP-5-CONFIG_SYNC: Sync'ing the startup configuration to the standby Router. Jun 23 11:01:20.484: %PFINIT-SP-5-CONFIG_SYNC: Sync'ing the startup configuration to the standby Router. Jun 23 12:31:21.556: %PFINIT-SP-5-CONFIG_SYNC: Sync'ing the startup configuration to the standby Router. CMD: 'sh mls cef ' 21:30:10 UTC Sun Jun 27 2010 CMD: 'sh mls cef tcam hit ' 21:31:52 UTC Sun Jun 27 2010 Jun 29 11:51:04.876: %PFINIT-SP-5-CONFIG_SYNC: Sync'ing the startup configuration to the standby Router. %Software-forced reload 06:23:49 UTC Mon Jul 5 2010: Breakpoint exception, CPU signal 23, PC = 0x41183348 Possible software fault. Upon reccurence, please collect crashinfo, show tech and contact Cisco Technical Support. -Traceback= 41183348 41180F04 40DADF40 40FFA1CC 40FFA4D8 40752F58 40752F44 $0 : , AT : 1E02, v0 : 4372, v1 : 0043 a0 : 447135B0, a1 : 0043, a2 : 0009, a3 : t0 : 44C7494C, t1 : 44C74948, t2 : 44C74944, t3 : 44C74940 t4 : 44C7493C, t5 : 44C74938, t6 : 44C74934, t7 : 44C74930 s0 : , s1 : 41DF, s2 : 08FA84B0, s3 : 44C74AC0 s4 : 44C74AB8, s5 : , s6 : , s7 : t8 : 44C7499C, t9 : , k0 : 470E1200, k1 : 40798CE0 gp : 41E591E0, sp : 44C74A20, s8 : , ra : 41180F04 EPC : 41183348, ErrorEPC : 40947F88, SREG : 3400FF03 MDLO : 33E8, MDHI : 02D3, BadVaddr : DATA_START : 0x41C420A0 Cause 0024 (Code 0x9): Breakpoint exception = Start of Crashinfo Collection (06:23:49 UTC Mon Jul 5 2010) == For image: Cisco IOS Software, s72033_sp Software (s72033_sp-ADVIPSERVICESK9_WAN-M), Version 12.2(33)SXH2a, RELEASE SOFTWARE (fc2) Technical Support: http://www.cisco.com/techsupport Copyright (c) 1986-2008 by Cisco Systems, Inc. Compiled Fri 25-Apr-08
[c-nsp] ASR 1002 with IOS 12.2(33)XNF1 Percentage based traffic shaping
hi, Does anyone have problem with ASR 1002 in configuring Percentage based traffic shaping I have following config? Somehow I am not able to attach the swrvice policy to tunnel interface. CLI throw following error. Traffic Shaping feature is not supported in user defined class of parent level policy CEF is enabled globally and I also tried applying service policy after configuring qos-preclassify. Is there anything special about ASR 1002 for traffic shapping configuration? On physical interface there is no issues in applying this policy-map. ! class-map match-all Bandwidth_Control_to_Store_CLASS match access-group name Bandwidth_Control_to_Store_ACL ! ! policy-map Bandwidth_Control_to_Store_POLICY class Bandwidth_Control_to_Store_CLASS shape average percent 50 ! interface Tunnel780 bandwidth 1500 ip address 10.56.63.245 255.255.255.252 ip tcp adjust-mss 1436 ip ospf cost 50 keepalive 2 3 cdp enable tunnel source FastEthernet0/0 tunnel destination 192.168.22.206 end ! ip access-list extended Bandwith_Control_to_Store_ACL permit ip host 172.18.128.242 any interface FastEthernet0/2/0 ip address 192.168.16.2 255.255.255.252 speed 100 no negotiation auto end Krunal ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
[c-nsp] setting up Banner in GSS
Any one knows how to set up a banner when users loggs int to the system via telnet in Csico Global site selector 4492 (GSS-4492-K9) with 3.1.0 code?? There was nothing found in config guide http://www.cisco.com/en/US/partner/products/hw/contnetw/ps4162/products_installation_and_configuration_guides_list.html Krunal ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
[c-nsp] Any one familiar with CSCsd22834
On 7609 router we had following errors 025774: SLOT 1: Mar 16 09:33:33.132: %SIP200_MP-4-PAUSE: Non-master CPU is suspended for too long, from 0x4022D0BC(5) to 0x4022D188 for 310671 CPU cycles. -Traceback= 4030DE7C 402E8620 402E86C8 4022C598 40133024 025775: SLOT 7: Mar 16 09:33:36.312: %SIP200_MP-4-PAUSE: Non-master CPU is suspended for too long, from 0x4022D0BC(5) to 0x4022D188 for 323651 CPU cycles. -Traceback= 4030DE7C 402E8620 402E86C8 4022C598 40133024 Slot 1 and 7 are loaded with 7600-SIP-200 cards. I found this issue is related to a bug CSCsd22834 . But Cisco website does not have a workaround and conditions of the bug mentioned. Any one has encountered this errors before?? Krunal ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
[c-nsp] Need process info MFI LFD Stats Pr
Does anyone know what MFI LFD Stats process of vs-s720-10g with SXI3 code do??One my client has high CPU on the 6500 switch doing MPLS VPN 6500sw#show proc cpu sort CPU utilization for five seconds: 99%/80%; one minute: 93%; five minutes: 92% PID Runtime(ms) Invoked uSecs 5Sec 1Min 5Min TTY Process 555 399550384 1184091 337458 18.23% 7.44% 7.05% 0 *MFI LFD Stats Pr* I know this is due to interrupt processing on RP. Does this process involved in any LDP packets processing?? Krunal ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] Need process info MFI LFD Stats Pr
Yes mls mpls tunnel-recir command is globally enabled. Supervisor and line cards are in PFC 3C/XL mode. I do not think routes are reaching over capacity of box. Mod Ports Card Type Model Serial No. --- - -- -- --- 15 Supervisor Engine 720 10GE (Active)VS-S720-10G 2 24 CEF720 24 port 1000mb SFP WS-X6724-SFP 38 CEF720 8 port 10GE with DFCWS-X6708-10GE 4 48 CEF720 48 port 10/100/1000mb Ethernet WS-X6748-GE-TX Mod MAC addresses HwFw Sw Status --- -- -- --- 1 0023.33ab.9b98 to 0023.33ab.9b9f 3.1 8.5(3) 12.2(33)SXI3 Ok 2 0026.cbb1.1c9c to 0026.cbb1.1cb3 4.1 12.2(18r)S1 12.2(33)SXI3 Ok 3 0025.84f0.dab8 to 0025.84f0.dabf 2.1 12.2(18r)S1 12.2(33)SXI3 Ok 4 0026.cbad.7d20 to 0026.cbad.7d4f 3.2 12.2(18r)S1 12.2(33)SXI3 Ok Mod Sub-Module Model Serial Hw Status --- -- --- --- --- 1 Policy Feature Card 3 VS-F6K-PFC3CXL 1.2Ok 1 MSFC3 Daughterboard VS-F6K-MSFC3 2.0Ok 2 Distributed Forwarding Card WS-F6700-DFC3CXL 1.6Ok 3 Distributed Forwarding Card WS-F6700-DFC3CXL 1.6Ok 4 Distributed Forwarding Card WS-F6700-DFC3CXL 1.6Ok Mod Online Diag Status --- 1 Pass 2 Pass 3 Pass 4 Pass Krunal On Mon, Mar 15, 2010 at 12:35 PM, Peter Rathlev pe...@rathlev.dk wrote: (I'm Cc:'ing the list again, since I'm sure many known this better than me.) On Mon, 2010-03-15 at 12:04 -0400, krunal shah wrote: Yes we do. Command show mls cef summary det shows 300K of MPLS routes. Do not have a clue were these come from. My customer has a campus MPLS network with very little MPLS routes (100, as displayed on all other MPLS nodes). Only this switch has some goofy thing 6500sw#show mls cef summary det Total routes:616654 IPv4 unicast routes: 308336 IPv4 non-vrf routes: 99 IPv4 non-vrf routes (internal): 0 IPv4 vrf routes: 308223 IPv4 vrf routes (internal): 14 IPv4 Multicast routes: 8 MPLS routes: 308046 IPv6 unicast routes: 260 IPv6 non-vrf routes: 5 IPv6 non-vrf routes (internal): 0 IPv6 vrf routes: 0 IPv6 vrf routes (internal): 255 IPv6 multicast routes: 3 EoM routes: 1 Are you absolutely positive that this switch only has ~100 routes? The above almost looks like it has a copy of the default-less routing table. What does show ip route summary say? And show ip bgp vpnv4 all summary? 6500sw#show mls cef mpls(output left out) Index LocalLabel Out i/f Label Op 30088 82658(EOS) (-)recirc 30089 140839(EOS) (-)recirc [...] - Does the switch have MPLS tunnel recirculation enabled? (mls mpls tunnel-recir global config) - Have you exceeded the capacity of the box somehow? (show platform hardware capacity forwarding) - Maybe it's a non-XL PFC (show module) with more than 192k/239k IPv4 routes (show mls cef maximum-routes)? -- Peter ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
