Re: [c-nsp] route leak from main to vrf
Possibly consider using VASI interfaces — https://www.cisco.com/c/en/us/support/docs/ip/network-address-translation-nat/200255-Configure-VRF-Aware-Software-Infrastruct.html <https://www.cisco.com/c/en/us/support/docs/ip/network-address-translation-nat/200255-Configure-VRF-Aware-Software-Infrastruct.html> I’ve used them successfully to leak routes between VRF and GRT without physical loopback cable, etc. q. -- Quinn Snyder | snyd...@gmail.com <mailto:snyd...@gmail.com> | +1 480 619 2749 > On Jan 8, 2021, at 03:38, BASSAGET Cédric > wrote: > > Hello, > I'm trying to leak routes from my main routing table to a VRF. > > Using Cisco IOS XE Software, Version 16.09.05 on a ASR1001-X > > I've done this config : > > ip prefix-list BT_LNS-out seq 5 permit x.x.x.3/32 > ip prefix-list BT_LNS-out seq 10 permit x.x.x.4/32 > > ip prefix-list BT_radius-out seq 5 permit x.x.x.5/32 > ip prefix-list BT_radius-out seq 10 permit x.x.x.6/32 > > route-map BT_bgp-out permit 10 > match ip address prefix-list BT_LNS-out BT_radius-out > > ip vrf interco_BT > rd 12844:1 > import ipv4 unicast map BT_bgp-out > > ip route x.x.x.3 255.255.255.255 Loopback0 > ip route x.x.x.4 255.255.255.255 > ip route x.x.x.5 255.255.255.255 > ip route x.x.x.6 255.255.255.255 > > so my main routing table has routes to x.x.x.[3-6]/32 but I'm unable to see > the routes in the VRF "interco_BT". > > Tried to add route in the vrf : > ip route vrf interco_BT x.x.x.3 255.255.255.255 loopback 0 > % For VPN or topology routes, must specify a next hop IP address if not a > point-to-point interface > > I guess I'm missing something. > Can somebody tell my where I am wrong please ? > > Thank you. > Regards, > Cédric > ___ > cisco-nsp mailing list cisco-nsp@puck.nether.net > https://puck.nether.net/mailman/listinfo/cisco-nsp > archive at http://puck.nether.net/pipermail/cisco-nsp/ ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] 3800 layer 2 Switch
> On Nov 12, 2019, at 01:39, Mark Tinka wrote: > Doesn't seem like a big jump if it is based on the old mapping, where > IOS XE 3.x was actually IOS 15.x. IIRC, it was a way to bring the old > IOS numbering convention into the new IOS XE numbering convention. > > So technically speaking, if they were still going to be keeping that, > 16.x would translate to IOS XE 4.x. > > Someone correct me if I'm mis-remembering. > > Mark. > Mark — You’re right in the mapping between IOS-XE and IOSd blobs. Based on the older architecture of XE — there was a direct correlation between XE and the IOSd blob that was running for most of the control-plane bits. Now that IOS-XE has moved towards “open” IOS-XE — with a drastic difference in architecture — 16.6+ is quite different “under the covers” than 3.x versions; not that you’ll see much over the top. Either way — the upgrade won’t be bigly different. q. ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] Nexus 5k ISSU
On n5k — when designed appropriately — I’ve not had an issue with ISSU. The process is actually pretty stable. This means adhering to design guides for things like bridge-assurance, STP, etc. N7K was a rockier experience (when I was in the field). 5.0 -> 5.1 -> 5.2 transitions were rough — due to scheduler rebuilds with each release. Many things broke. I can’t think of any of my customers today running vPC on n7k — as most of them have moved to either ACI or VXLAN-EVPN — so I don’t have any anecdotes from the field. q. — Quinn Snyder | snyd...@gmail.com -= Sent via iPad. Please excuse grammar, spelling, and brevity =- > On Nov 1, 2019, at 17:39, Bradley Ordner wrote: > > I have done this on the 7K and I don’t trust it anymore. I had OSPF > adjacencies go down when the supervisor failed over. > > We plan for outage now, we only have one per DC :( and do it manually. > > Even running the ISSU commands to see If the device was ready failed > sometimes. > > What I would suggest, which we tried as well to no effect is to reboot the > supervisors or what ever the 5k brains are called one by one before trying > ISSU. That way it’s fresh. > > Brad Ordner > > > > Sent from my iPhone > >> On 2 Nov 2019, at 9:19 am, harbor235 wrote: >> >> Hi everyone, >> >> What are your experiences with Nexus5K ISSU and VPCs. Do you see service >> interruptions? ISSU is never quite ISSU. During role changes and/or VPCs >> reforming I see short duration losses. Is this standard? >> >> >> Mike >> ___ >> cisco-nsp mailing list cisco-nsp@puck.nether.net >> https://puck.nether.net/mailman/listinfo/cisco-nsp >> archive at http://puck.nether.net/pipermail/cisco-nsp/ > ___ > cisco-nsp mailing list cisco-nsp@puck.nether.net > https://puck.nether.net/mailman/listinfo/cisco-nsp > archive at http://puck.nether.net/pipermail/cisco-nsp/ ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] XR on GNS3
XRv is simple control-plane of XR in a VM. This is why L2 forwarding isnt supported (though is configured). XRv9000 is full control- and data-plane and much tighter coupling of the two. L2 forwarding should work, but L2VPNs and such will fail miserably. q. -- quinn snyder | snyd...@gmail.com -= sent via iphone. please excuse spelling, grammar, and brevity =- > On May 31, 2018, at 14:25, Aaron Gould wrote: > > I used XRv in GNS3 I think I used both 5.1.1 and 5.3.0 ... I recall getting > some good use out of it. > > I'm not a systems guy, so climbing the learning curve and asking for help > from the communities online was what I had to do in order to figure out how > to get it show up inside the GNS3 app (used virtual box, and recall ova, > vmdk, qemu, etc, etc) then it was useable and working. I also did > Juniper Olive/vMX. > > A couple things > > I don't think I ever got the Layer 2 forwarding to work. L3 routing worked > and packets would flow... but L2 bridging and MPLS Layer 2 type things I > don't think I ever got to properly flow. > > I also would have to bounce interfaces using a batch file anytime I > restarted gns3 or even if I added a new instance of XRv... so because of > that, I would never reboot my windows vm that it was all contained inside > and tried not to close gns3 app > > -Aaron > > > ___ > cisco-nsp mailing list cisco-nsp@puck.nether.net > https://puck.nether.net/mailman/listinfo/cisco-nsp > archive at http://puck.nether.net/pipermail/cisco-nsp/ ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] Nexus 7k Upgrade Path
N7K ISSU “a long time ago” has evolved drastically. I vaguely remember that 5.0, 5.1, and 5.2 code each had a scheduler re-write because things would get bungled up under load. I’m sure some of the TMEs on this list can comment. I myself had a few issues moving from 5.1 to 5.2 — causing several outages from process interrupts allowing heartbeats to fail (loopguard, UDLD, etc). Since moving all of my customers to 6.2+ — I’ve not seen ISSU oddities. YMMV, of course. q. -- quinn snyder | snyd...@gmail.com -= sent via iphone. please excuse spelling, grammar, and brevity =- > On May 28, 2018, at 12:50, Ahmed Elnagar wrote: > > Actually ISSU is not that stable, I tried it a couple of times "long time > ago" with no luck so I stopped using it at all. > > Best Regards, > Ahmed Elnagar | CCIE#24697, CCNP R/DC > > -Original Message- > From: cisco-nsp [mailto:cisco-nsp-boun...@puck.nether.net] On Behalf Of > Bradley Ordner > Sent: Friday, February 23, 2018 2:41 AM > To: cisco-nsp@puck.nether.net > Subject: [c-nsp] Nexus 7k Upgrade Path > > Hi, > > > Only been on the list for a few months but found it very informative. I had a > question regarding the Nexus 7K ISSU upgrades. > > > We have a Nexus 7K with two SUP2Es. We need to get to software version > 8.1(2). It says that you can't double hop to a software version without an > outage. Although I have found the following - > > > ISSU from 7.2(0)D1(1) to 7.3(1)D1(1) then to 8.1(2). > > > > We currently are on 7.2(0)D1(1) according to the doco I should be able to > upgrade as each version can ISSU to the next? > > > > Has anyone performed this before? > > > I have posted this on Cisco Support Community, with no response so either it > is a stupid question or no one has done it before. > > > Thanks > > > Brad Ordner > > ___ > cisco-nsp mailing list cisco-nsp@puck.nether.net > https://puck.nether.net/mailman/listinfo/cisco-nsp > archive at http://puck.nether.net/pipermail/cisco-nsp/ > ___ > cisco-nsp mailing list cisco-nsp@puck.nether.net > https://puck.nether.net/mailman/listinfo/cisco-nsp > archive at http://puck.nether.net/pipermail/cisco-nsp/ ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] Multihomed OTV on CSR Lab - Mac Address Issue
the challenge is that when you tout your vm mobility play as “zero touch” after move (i.e. you don’t have to re-ip your vm/application/etc to ensure 100% business continuity) — you need to have stretched layer-2 between locations to ensure proper functionality. things like bgp host-route injection or dns-gslb can remove the dependence on application == ip address — but the organization has to be mature enough to handle such things — especially in an automated way. hence the evolution of things like lisp and vxlan within the enterprise/dc — to help alleviate some of these problems (i.e. we can do a layer-2 overlay on a layer-3 network). while mpls does such things as well — for a long time — the requirements for dc have diverged from service provider. this is slowly changing. q. -- quinn snyder | snyd...@gmail.com > On 1 Feb, 2018, at 10:04, Aaron Gould <aar...@gvtc.com> wrote: > > So I think (I could be wrong as I'm not a server guy) that all this L2 > network emulation is because of server virtualization and moving vm's or > vmotion or something like that, and that they need to be in same ip subnet > (aka bcast domain) correct ? > > *if* that's true, and *if* all this layer 2 networking madness is because of > that point stated above, I would think that someone (vendors/standards > bodies/companies) would/should be working really hard to make that server > stuff work in different bcast domains (different subnets)...so we wouldn't > have to do all that L2 stuff > > -Aaron > > > ___ > cisco-nsp mailing list cisco-nsp@puck.nether.net > https://puck.nether.net/mailman/listinfo/cisco-nsp > archive at http://puck.nether.net/pipermail/cisco-nsp/ signature.asc Description: Message signed with OpenPGP ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] Multihomed OTV on CSR Lab - Mac Address Issue
This has been standard n7k operations since the platform supported contexts. Much like ASA — interfaces need to be dedicated to a context from the management-plane perspective. OTV requires a separate context due to inability to have SVI and OTV in same context. OTV essentially becomes a part of the L2 domain on the inside — and L3 domain on the outside sending encap’d traffic. q. -- quinn snyder | snyd...@gmail.com -= sent via iphone. please excuse spelling, grammar, and brevity =- > On Jan 30, 2018, at 11:33, Aaron Gould <aar...@gvtc.com> wrote: > > Ha, thanks Justin, I just read the answer to my question I just posted... > OTV is cisco proprietary. Is OTV gaining steam in the industry as a > potential ietf standard ? > > Interesting things you mention about assigning asics, and linecard > dependancies... > > -Aaron > > > ___ > cisco-nsp mailing list cisco-nsp@puck.nether.net > https://puck.nether.net/mailman/listinfo/cisco-nsp > archive at http://puck.nether.net/pipermail/cisco-nsp/ ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] ASR 1k vs 9k as a non-transit BGP router with full tables?
> On 2Aug, 2017, at 03:24, Mark Tinka <mark.ti...@seacom.mu> wrote: > > On 2/Aug/17 12:10, Patrick M. Hausen wrote: > >> So, any remarks about the 1002? > > It depends; there are different ASR1002's. > > The ASR1002-X and the ASR1002-HX. > > The ASR1002-X is older, and runs the RP1, which is the slower one. We > use them for a bit of peering, and it's not bad - certainly better than > the MX80 and MX104's RE’s. as a point of correction — iirc — asr1002x is running closer to an rp2. i don’t have one available to me at the moment, but i believe the code indicates as such. comparing the ram, route, etc numbers leads me to believe this is true. > The ASR1002-HX is on RP2. based on what i’m reading — the asr1002hx is closer to an rp3-based platform, again — comparing the numbers. i could be wrong on this. > > Stay away from the ASR1002 or ASR1002-F. Those are too old for life. > > In general, I'd say focus on the RP2 and RP3 chassis. agreed. q. -- quinn snyder | snyd...@gmail.com ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] NCS4200 - re-badged ASR920 / ASR900 ?
> On Apr 25, 2017, at 12:36 PM, Gert Doering <g...@greenie.muc.de> wrote: > > Now the interesting question is, of course, *which* NCS code... as there > seem to be a number of different "NCS*" families. > > An ASR920-style device with IOS XR on it, and actually doing all the > nice XR things, I'd love to see that. Even if software upgrades would > suck. digging through my notes from the service provider partner vt meeting from last summer: (*) ncs4200 positioned as tdm-to-ethernet conversion box to ease the movement from legacy networks to ethernet (*) not considered a replacement for legacy dacs —- cost per port too high (*) initial market meant to be larger carriers — “ncs” moniker helps with positioning in transport teams (*) initial release will have parity with asr900-series (903/907/920) — including running ios-xe (*) movement towards ios-xr expected sometime within 18 months of platform release; not in “ec” yet (*) module parity between ncs4200 and asr900s at fcs (*) modules may be developed in either platform that may not necessarily be absorbed into the other (think b/u split here) thats all i could find. we’re taking specific interest in this platform — as we’re deploying within several customer networks. q. -- quinn snyder | snyd...@gmail.com signature.asc Description: Message signed with OpenPGP ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] IOS-XRv 9000 v6.0.0 and high cpu
> On May 18, 2016, at 16:19, Tim Warnock <tim...@timoid.org> wrote: > > Has anyone had an opportunity to play with the IOS-XRv 9K version 6.0.0 > image? Are you seeing high CPU usage (even with all ports shut down?) yes. xrv9k has eaten cpu in every version (6.0.0, 6.0.1) that i have played with. (6) running concurrent have swallowed the b200-m3 blade i was testing on. given my test cases -- i saw cpu as a concern, but i was more interested in feature support, but i saw upwards of 9ghz cpu being used per vm. it is not lightweight by any means in current state. q. -- quinn snyder | snyd...@gmail.com -= sent via iphone. please excuse spelling, grammar, and brevity =- ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] IOS-XR 5.3.3 add Yang Models
> make sure you got the “May 10th” version vs the one last week that was > deferred and won’t be supported. > > - Jared yes. in my original testing with 6.0.1 — there were some ssh-related issues with the platform (at least the version that i was working with $vendor on). i applied a patch that brought me to the appropriate revision level. i’ve not contacted the b/u for exact differences — but this is just a sandbox for me to play in. obviously — the vetting process for baked in code will occur with the releases from cco. q. -- quinn snyder | snyd...@gmail.com signature.asc Description: Message signed with OpenPGP using GPGMail ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] IOS-XR 5.3.3 add Yang Models
> On May 11, 2016, at 08:43, Jared Mauch <ja...@puck.nether.net> wrote: > > FYI: you may want to look at 6.0.1 which was just (re)-posted to CCO as well. > For us it fixes a number of critical issues which are not in the 5.3.3 EMR. +1 for 6.0.1. working with it in the lab now using both nso as well as some home grown apps. the support is much larger and the github posted earlier has a lot of solid models to build from. q. -- quinn snyder | snyd...@gmail.com -= sent via iphone. please excuse spelling, grammar, and brevity =- ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] necessity of nowadays
> On 23 Mar 2016, at 06:22, Phil Mayers <p.may...@imperial.ac.uk> wrote: > > Agreed. UDLD was a net problem for us - I can't think of a single time it > performed it's function, but can recall a handful of outages from > false-positives. in my case, as an (earlier) adopter of nexus 7000 and running 4.x, 5.0, and 5.1 code — i saw numerous cases where a supervisor switchover (during issu, for example) would cause the scheduler to eat itself, and in turn, cause control-plane protocols to drop. most often, this was not a huge issue (more than some logs and small “blips”), but in the case of udld aggressive, i lost connectivity to the rest of the network, because udld was only showing down on the n7k side (not the far end). lots of testing later — udld is only enabled in normal mode — if at all. i agree that udld is more trouble than its worth unless specific corner cases are encountered. q. -- quinn snyder | snyd...@gmail.com signature.asc Description: Message signed with OpenPGP using GPGMail ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] Nexus / VPC - Management port "needed" in VPC?
> On Nov 19, 2015, at 18:14, CiscoNSP List <cisconsp_l...@hotmail.com> wrote: > > > Thanks for clarifying Quinn - So on a pair of 3Ks, a "typical" VPC setup > would be 2 x 10Gb links + "a" link(i.e. Management ports) for the keepalives? > > And on a pair of 9Ks, 2 x 40Gb links, plus management port link? not so much typical as 'sized for your use case'. during failure scenarios, it is possible to have traffic transit the peer-link. however -- it comes down to understanding your environment, sla, redundancy, etc. while the minimum recommended links is (2) for the peer-link, this can scale and you'll need to dial this in for your situation. playing in the lab and running through a reflective set of test cases is your best bet here. obviously -- you'll need to extrapolate this to being under load as well. q. -- quinn snyder | snyd...@gmail.com -= sent via iphone. please excuse spelling, grammar, and brevity =- ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] Nexus / VPC - Management port "needed" in VPC?
> On Nov 19, 2015, at 14:07, CiscoNSP List <cisconsp_l...@hotmail.com> wrote: > > We have a customer that is wanting to do VPC on some N9Ks and also N3Ks - I > "thought" VPC would be similar to VSS...i.e. dual link between the > switches...but my (brief) reading up on the setup, I see some setup guides > where there are dual links(2 x 10Gb, or 2 x 40Gb), plus the use of the > management port for vPC peer keepalives? > > > http://www.cisco.com/c/en/us/products/collateral/switches/nexus-3000-series-switches/white_paper_c11-685753.html > > Any info on the "correct" method to setup VPC on the Nexus would be greatly > appreciated the above is correct. vpc requires the “data plane” (vpc peer-link) that performs synchronization using cfsoe between vpc domain peers. it also *can* be used to forward actual data-plane traffic under failure scenarios. its important to understand the baked-in vpc drop conditions that exist to provide loop prevention under steady-state. the management (or some other set of layer-3 adjacencies within an isolated vrf) are used for simple heartbeats between the devices. failure of this link does not mean catastrophic failure of the domain. this is similar to something like ‘fast-hellos’ using an oob link when dealing with vss. q. -- quinn snyder | snyd...@gmail.com signature.asc Description: Message signed with OpenPGP using GPGMail ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] Cisco Nexus as MetroE switch?
> On Oct 14, 2015, at 14:52, Gavin McBride <gavmcb.li...@gmail.com> wrote: > > Also, how do people feel about using NX-OS and VXLAN vs. IOS and IP/MPLS? > in this case — are you referring to using pure vxlan, or has cisco talked with you regarding bgp with vxlan extensions for layer-2 reachability between disparate locations? i’ve not been involved directly with vxlan w/ bgp within the dc-space — but have some colleagues that have. its a lot of config, and there is “still a ways to go” (their words). purely looking at the platforms and what they offer — n9k wasn’t designed for anything other than cheap, dense 10/40gbe switching inside of the d/c. i’d hesitate to use those platforms anywhere outside of this role. q. — quinn snyder | snyd...@gmail.com signature.asc Description: Message signed with OpenPGP using GPGMail ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] PE NAT / VRF Aware NAT on PE
> On Sep 30, 2015, at 02:06, Nick Hilliard <n...@foobar.org> wrote: > > the advantage - as with switch stacking - is with administration. You end > up with O(1) admin interfaces to lots of boxes instead of O(n). This can > be important if there's too much overhead associated with maintaining > parallel installations of IOS and XR. > > Personally, I'd be more concerned with the loss of path redundancy and loss > of service in the case of upgrades. > > Nick absolutely. however -- as with any control-plane sharing feature -- there are also some tradeoffs, namely around upgrades and sometimes erractic behaviour of a chassis because of its peer. knowing and understanding the pros and cons of moving to nv is important (although its the same for any feature) -- and not just looking at nv as a panacea is critical for success in the network. i tend to be of the mindset of 'separate boxes have separate control-planes' -- so i carry that prejudice in to this conversation. i do think that touchpoint minimization is "a good thing"(tm) and welcome the use of automation/provisioning systems that interact with the control-plane of $device, especially if administration is already ornerous within the network. however -- i just tend to be wary of control-plane unification technologies, as i have been bitten and burned by things not working as expected due to said technology. q. -- quinn snyder | snyd...@gmail.com -= sent via ipad. please excuse brevity, spelling, and grammar =- ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] PE NAT / VRF Aware NAT on PE
> On Sep 29, 2015, at 07:06, Aaron <aar...@gvtc.com> wrote: > > So I could potentially cluster a couple asr9006's together and include cgnat > as one of the things to do on that cluster. by cluster -- are you referring to nv-edge? i'd take a long look at nv (read: not do it) as you really add a lot of control-plane overhead with not as much benefit -- especially as it pertains to any upgrades. you'd also need to look at specific caveats with vsm blades running cgn in nv-edge. q. -- quinn snyder | snyd...@gmail.com -= sent via iphone. please excuse spelling, grammar, and brevity =- ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] VPLS BGP Signaling
On Jul 27, 2015, at 05:18, Adam Vitkovsky adam.vitkov...@gamma.co.uk wrote: Ooh and forgot to mention very good introductory material is from Cisco live -on demand library: BRKMPL-2333 - E-VPN PBB-EVPN for what its worth — this is a very solid class to help your understanding of evpn, and most importantly pbb-evpn. i’ve told several people who have little understanding of it to watch the on-demand class — and they have come away with a solid “intro” understanding of “why its a good thing”™ and “what does this do”. EVPN is supported only on A9ks as far as I know (on A1k only as AF in BGP for RR functionality). also — adam — evpn is also supported on nexus 9000-series, but the use-case is different. evpn is used for vxlan within the datacenter to provide layer-2 over layer-3 fabric. still a few bugs, but it works. q. -- quinn snyder | snyd...@gmail.com signature.asc Description: Message signed with OpenPGP using GPGMail ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] Serial Terminal Servers
i’ve done this with non-cisco gear. currently have a 2821 connecting to the console of an older alterpath pdu’s console port. nm32a with console cable, coupled to a “hacked” cable i put together. pay attention to the pins. and have some trial and error. its also helpful to have the “crossover” and “rollover” adapters for your ethernet cables to aid in testing (e.g. it doesn’t work with your hacked cable, toss a rollover or crossover adapter in between and see if it fixes it, then remake the cable). q. -- quinn snyder | snyd...@gmail.com On Jun 30, 2015, at 11:43, chris tknch...@gmail.com wrote: Yeah thats how I have it setup also. From what you are describing you are only interfacing cisco gear same as we are. I never tried connecting a computer though. The part im unsure of is connecting a standard db9/rs232 device. I think its irrelevant whether the octal cable is rj45 or db25 as long as the pins patch up, but obviously we will need some kind of adapter I think either cisco console rj45 - db9 female or cisco db25 - db9 female? I am looking to see if people have been able to connect standard serial / non cisco devices and if so how they are adapting it chris On Tue, Jun 30, 2015 at 2:32 PM, Chris Marget ch...@marget.com wrote: All of my CAB-OCTAL-ASYNC cables land in a panel like this: http://www.amazon.com/dp/B000HZI348/ From there, I connect to Cisco router consoles (and things wired like them) with regular UTP patch cords. Connecting to the DE-9 port on a server can be accomplished with: - a modern Cisco console cable plus a rollover adapter - a modern Cisco console cable with the end chopped off and re-crimped upside-down (rollover) - an old-school Cisco DE-9F -- 8P8C adapter plus a UTP patch cord I'm sure that the DB-25 cable can be adapted to whatever you want, but it's big and clunky. I wouldn't buy it if I was attaching to anything other than 8-packs of external modems. ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/ signature.asc Description: Message signed with OpenPGP using GPGMail ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] Black hole routing dynamically
On May 9, 2015, at 03:13, Adam Vitkovsky adam.vitkov...@gamma.co.uk wrote: Also IOS XE has support for flowspec safi for RR functionality. How do you find the match and set options so far? Reading through the docs the match options seem pretty limited on XR -compared to Junos. But at least XR seems to support NSR for flowspec. adam i’ve admittedly not as much juniper experience as i would like, especially with flowspec. this was driven out of another alternative for ddos mitigation for customer networks (all cisco shops, generally). comparisons of things like arbor on vsm, srtbh, and flowspec generally come up in conversations. we wanted to be ready for those. overall it works. it is pretty rudimentary — but not having any juniper experience — it was pure speculation on my part. q. signature.asc Description: Message signed with OpenPGP using GPGMail ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] Black hole routing dynamically
On May 8, 2015, at 10:59, Mark Tinka mark.ti...@seacom.mu wrote: I was reading some release notes the other day (like IOS XR) where I see FlowSpec now within the Cisco hinterland. Mark. bgp flowspec was introduced in xr 5.2.0. i'm currently toying with it in the lab as cycles permit. q. ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] ASR902 vs ME3800X
On Mar 18, 2015, at 12:50, Mark Tinka mark.ti...@seacom.mu wrote: I guess these boxes make sense in legacy RAN networks, where you may need a mix-and-match of old interfaces that you can uplink into your MPLS core. I suppose one could use them as an edge router where low-speed non-Ethernet interfaces are needed. For that, I'd typically go with an ASR1000 or MX104. we’re seeing a larger uptake of these boxen in locations/customer environments were migration from tdm/serial to ethernet is occurring. think legacy monitoring systems wherein sonet/scada was used and there is a requirement/desire to replace gear and move towards converged ip infrastructure. the issue is that some sensors/interfaces aren’t natively ethernet and require some low-speed interface to bring it into the ip domain. however — this falls in line with what you’ve talked about with low-speed “mix-n-match” flexibility. i think cisco’s market (initially) was cell-site/ran backhaul. i’ve not done a price/module comparison between asr1k and asr902/903 — but would assume it comes down to requirements. both types of kit have been solid (with their oddities, of course) in my experience. q. ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] DR location
On 22-Feb-15, at 08:47 , Roland Dobbins rdobb...@arbor.net wrote: He should be looking for redundant active/active, instead. DNS, not an IP address, should be used to reach each active instance of the service in question. i think true active/active becomes a nirvana that we all would like to achieve from a technical perspective — however there are strong business implications that prevent achievement of said state. the discussion that should be happening is around the business continuity requirements of each of the services/applications in question. when the cost of an outage far exceeds even the fewest of moments of downtime, active/active should be the goal. however — through a detailed discussion from all of the different business units — it may be determined that active/active may be overkill for the service/application provided. things like “warm standby” or “cold standby” may be more tolerable from a capex standpoint — let alone the operational challenges in ensuring that all operations teams are ready to support a truly “active/active” design. while the ability to implement “things” provided by mpls technologies for transparent layer-2 connections (or through the use of $vendor technology) — coupled with storage federation and inbound routing correction through dns gslb or lisp is definitely doable — it may be determined that the cost is too great for everything — thus creating a tiering of redundancy services based on criticality to the business. otherwise — we’re all just being asked “how long is a piece of string?” q. ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] bgp scalability C7600
i'd not look at nexus as edge/peering to replace c6k/7600. c6k replacement needs to look at role and requirements, not point product placement. asr1k with rp2 control-plane or asr9k, depending on density/cost models (although to gert's earlier point, asr9001 fits small edge/pop, especially if more than a handful of 10gbe is needed, which gets expensive in asr1k quickly). q. -= sent via iphone. please excuse spelling, grammar, and brevity =- On Feb 6, 2015, at 12:56, james list jameslis...@gmail.com wrote: Hi gert Good info. From customer requirements and pricing point of view the idea is to replace with a nexus. Regards Il 06/feb/2015 19:45 Gert Doering g...@greenie.muc.de ha scritto: Hi, On Fri, Feb 06, 2015 at 03:16:26PM +0100, james list wrote: do anybody have numbers in terms of BGP sessions scalability oin C7600 SUP-720 ? not that great... Ours at DE-CIX has a handful of iBGP sessions and about 150 eBGP sessions to IXP participants, and if that interface flaps, it will hickup for about *1 hour* until everything is stable again. Effectively it depends on - number of sessions - number of prefixes on each session (10 each or 50.000) - how complicated your inbound and outbout policy is (our policy is slightly too complicated, with as-path matches which are not exactly performance efficient) - whether peers can be grouped into update-groups (= same export policy) - keepalive timers your peers have configured (the main issue is CPU busy - keepalives not answered in time - session bouncing - more CPU busy, which is made worse by short keepalive timers) We're not deploying Sup720s for anything with lots of BGP anymore, and the box in question will be replaced with an ASR9001 any day now, which is just laughing its NPUs off on that BGP load... (BGP convergence in 30 seconds. done. anything more interesting to do? Any slow peer I could nuke with outgoing updates sent over too fast for it?). gert -- USENET is *not* the non-clickable part of WWW! // www.muc.de/~gert/ Gert Doering - Munich, Germany g...@greenie.muc.de fax: +49-89-35655025 g...@net.informatik.tu-muenchen.de ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/ ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] Is the Nexus 3064PQ usable ?
i’ve been involved quite extensively in n7k as campus distribution. this was pre-c6k/s2t during initial deployment and we’ve continued on same path for all sites, just with refreshed hardware on n7k (sup2/fab2/f2e instead of sup1/fab1/m1). the platform is robust, though nothing better than the catalyst line at this point. vpc is used to dual-home to each access idf. vdc used to split out chassis into multiple aggregation zones. aside from random bugs cropping up in the scheduler between 5.0 — 5.1 — 5.2 — 6.x; everything has been solid. q. -- quinn snyder snyd...@gmail.com On Jun 12, 2014, at 4:59, Antoine Monnier mrantoinemonn...@gmail.com wrote: Thanks Michele for sharing the feedback you received on this. Our cisco sales rep is telling us that he has never heard of Nexus used as a campus distribution-layer and is trying to convince us that that Catalyst 6807 is the right choice (instead of Nexus 56128P), even though we would get less 10Gig port-density, 1:2 oversubscription, 5x more RU used, at least twice the power consumption, etc... and all of this for twice the price! Are there other people out there using Nexus (3x00 ? 5x00? 6x00 7x00?) at the distribution-layer of medium-sized campus? Medium-sized being about 60 access-layer closets with dual 10 Gig uplink each and a small server-farm. On the downside I hear that the orphan port scenario with vPC may be a pain in the back side? I still need to read the details of this. Is anyone running vPC at the distribution-layer of a campus environment? Thanks On Mon, Apr 28, 2014 at 12:43 PM, Michele Bergonzoni berg...@labs.it wrote: Does anybody have success/horror stories about the [Nexus] 3064 or 3048 to share? If you email me in private, I can post an anonimized summary. I received two very helpful replies. One person told me about some new 3172PQ: I am loving them to death. This person is using them as L2, with vPC. One person is using the 3064X with OSPF, BGP VRRP and is happy with it. This is very similar to what I am trying to do. I still feel a bit uneasy, but I think we will end up trusting the datasheet. Cheers to all, Bergonz -- Ing. Michele Bergonzoni - Laboratori Guglielmo Marconi S.p.a. Phone:+39-051-6781926 e-mail: berg...@labs.it alt.advanced.networks.design.configure.operate ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/ ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/ ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] ASR-1K and 3rd party sfps
On Apr 22, 2014, at 21:39, Mike Hale eyeronic.des...@gmail.com wrote: Actually...check this out. https://supportforums.cisco.com/discussion/11445646/advice-needed-cisco-asr-1002-routers-sfps The GLC-T don't appear to be supported on first glance. The GE-T are. Since your vendor calls them GLC-T (even though they claim to be GE-T), that might be your issue? completely from the 'for what its worth' department -- i've successfully seen a link-up on asr1002 (non-x) and asr1006/rp1 with 'glc' part numbered pluggables up through about xe3.3 at 100/1000 (-t) and 1000 (-sx-mm). this was done on cisco-branded optics without 'service unsupported-transceiver'. q. -= sent via ipad. please excuse brevity, spelling, and grammar =- ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] EIGRP potentially silly question...
something like pfr[0] may be useful in this instance, assuming the kit can run it. on newer kit, pfr-v2 is much less sucky than the pfr of old. q. [0] http://docwiki.cisco.com/wiki/PfR:Solutions:BasicLoadBalancing#PfR_Features_that_Enable_Load_Balancing -= sent via ipad. please excuse brevity, spelling, and grammar =- On Mar 5, 2014, at 22:14, Alex Pressé alex.pre...@gmail.com wrote: You could create a second EIGRP process with a value for K2 router eigrp 2 metric weights 0 1 1 1 0 0 Any identical routes in this second new instance of EIGRP will have a higher metric than the original EIGRP process. And thusly will NOT be installed in the routing table - provided they are *identical*. This would allow you to build out the entire second EIGRP process without it coming live uncontrolled. Then you could selectively remove networks from the original EIGRP (or manually increase them via offset lists). As they get removed from old EIGRP the new EIGRP routes would automatically take over. You're still left with the unfortunate part about the metric never actually changing unless DUAL is triggered. And in my little bit of labbing this past hour it appears that just because one side updated the metric; the other side will *not* under certain circumstances So you can have two routers having different loading values for the same link(s). Resulting in asymmetric flows. I bet somebody has made an EEM script to do clear ip eigrp neighbors soft on an interval or interface loading thresholds. This would at least get it to work as intended. All in all; fucking ugly. I just use default K values and a variance value of 2 with some simple offset lists or bandwidth statements. Much easier to support and troubleshoot at 03:15 during a vacation. On Wed, Mar 5, 2014 at 8:22 PM, Jeff Kell jeff-k...@utc.edu wrote: After a deployment of EIGRP with the intent of providing link utilization based load-sharing as opposed to round robin, I get the rude awakening that the default k-values for EIGRP do NOT include link utilization. Any shortcuts / workarounds / etc to resetting k-values site-wide without breaking each individual peering as the values are changed? (EIGRP won't peer with mismatched k-values...) Jeff ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/ -- Alex Presse How much net work could a network work if a network could net work? ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/ ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] fabricpath and vPC+
http://www.cisco.com/en/US/prod/collateral/switches/ps9441/ps9402/white_paper_c07-728188.pdf take it with a grain of salt — as some of it is very marketecture related. q. -- quinn snyder snyd...@gmail.com On 13-Nov-13, at 10:23 , Arne Larsen / Region Nordjylland a...@rn.dk wrote: Hi all What is the correct setup when one is using fabricpath and vPC+ If 2 5k are direct connected with 2 10G fabricpath interfaces, should these 2 be a channel group or doesn't it really matter, because of the equal cost routing in isis /Arne ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/ ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] Meraki...information
meraki switches create pseduo-out-of-band management tunnels to (2) geographically remote datacenters. this is how the changes are pushed from the cloud dashboard to the devices themselves. if the connectivity is lost, the devices should continue to push bits as previously configured. limited local management is possible, but not anywhere near the level provided by the dashboard. from a packet perspective -- no packets are pushed from the switch to the cloud. only management frames do this. it is possible perform a span session on the switch. i'd suggest looking at a wireshark capture to see if there is a fundamental change somewhere along the line. it may also be helpful to have the customer walk you through the configuration via webex or so. the level of config isn't much different from the catalyst express switches of yesteryear. q. On 10/10/2013 05:31 PM, Eric Van Tol wrote: Blake, I'm well aware of how switching and buffering works, but I appreciate the derisive suggestion - it was a big help. However, for clarity: no errors (including input/output drops) on the transport circuit (or the customer's directly-attached circuit). Let me ask a more pointed question: Besides simple management, do the Meraki switches perform any other functions in the cloud, or more specifically, rely on non-local upstream connectivity? I'm well aware that it makes absolutely zero sense that a change in our transport network would cause a local issue within the customer's network. However, the customer mentioned that they have had odd problems with these Meraki switches before when changes occurred outside our network. Thus, I felt it necessary to try and ask the list if anyone has ever heard of anything remotely like this before. -evt From: Blake Dunlap [mailto:iki...@gmail.com] Sent: Thursday, October 10, 2013 1:31 PM To: Eric Van Tol Subject: Re: [c-nsp] Meraki...information Not enough relevant information to assist. Due to what you have and haven't stated in this report I suspect you don't understand the fundamentals of how this change affects switching and buffering, and suggest reading about it and learning how the technology works at that fundamental level before proceeding. Specifically, you never mention if there are asic or input drops, or even an indication that you looked for them or understand what these symptoms lean twords or what troubleshooting steps should be taken. -Blake On Thu, Oct 10, 2013 at 12:04 PM, Eric Van Tol e...@atlantech.netmailto:e...@atlantech.net wrote: Hi all, We ran into a very strange problem last night with a customer who utilizes Meraki switches. I'd like to ask anyone on the list who is familiar with this model of switch whether there is *any* possibility that an upstream modification would cause issues with traffic traversing these switches. A little background: we attempted to perform a migration of a transport circuit in our network from 1G to 10G last night, but the single customer attached to the ME3600 where the transport circuit was changed, started to have issues. There are no errors being reported on either end of the circuit, light levels are good, and we get consistent 1500-byte df-bit pings to their firewall from both inside and outside our borders. The transport circuit is not even a circuit that touches the customer's network. However, they report slow browsing from within their LAN (but not from their DMZ on the same ASA). When switching the transport circuit back to 1G, everything works fine. There is absolutely no difference in the routing, path, or IP addresses on this transport circuit - the only difference is link speed. Customer now believes the problem is with their Meraki switches, but we are both confused about how a change two physical hops upstream from their LAN would cause such issues. The slow browsing issue is definitely contained within their network, as they are not even able to browse their own website which is located entirely on their infrastructure and doesn't pass through the 10G link, or even through the CPE we provide. I know nothing about the Meraki product, besides the fact that it's a cloud managed solution. Has anyone ever heard of a problem like this before with this model of switch? Thanks, evt ___ cisco-nsp mailing list cisco-nsp@puck.nether.netmailto:cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/ ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/ -- quinn snyder snyd...@gmail.com ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco
Re: [c-nsp] Meraki...information
iirc the 'wireshark' is a 30s .pcap file that is dumped into your web browser for download. i am trying to recall if you can span off the switch. its been a month (and many beverages) since my meraki training. q. -= sent via iphone. please excuse spelling, grammar, and brevity =- On Oct 10, 2013, at 18:47, Eric Van Tol e...@atlantech.net wrote: Thanks, Quinn, for not being a condescending prick - your answer was actually helpful and to the point. The customer is not entirely knowledgable about these switches, doesn't like them one bit, and had mentioned that they had a problem before where the switches changed the MTUs dynamically on the ports. It sounded far-fetched to me, but who knows what the cloud is doing these days. Do these switches support ERSPAN or just local SPAN/RSPAN? We are trying to set up a remote device for RDP/Webex access so we can actually troubleshoot from the customer side, as well as see if we can get some Wireshark traces. The Meraki may well be a red herring, but I wanted to explore all obvious (albeit strange) avenues, especially after being told about some weird MTU-changing-switch jackassery. I really am at a loss as to why the customer would even have trouble browsing his own locally-hosted website because of a simple circuit migration we've made on our side, of which we've been through over two dozen times this year alone. Obviously, more troubleshooting info from the customer is needed. Thanks again, evt -Original Message- From: cisco-nsp [mailto:cisco-nsp-boun...@puck.nether.net] On Behalf Of quinn snyder Sent: Thursday, October 10, 2013 9:06 PM To: cisco-nsp@puck.nether.net Subject: Re: [c-nsp] Meraki...information meraki switches create pseduo-out-of-band management tunnels to (2) geographically remote datacenters. this is how the changes are pushed from the cloud dashboard to the devices themselves. if the connectivity is lost, the devices should continue to push bits as previously configured. limited local management is possible, but not anywhere near the level provided by the dashboard. from a packet perspective -- no packets are pushed from the switch to the cloud. only management frames do this. it is possible perform a span session on the switch. i'd suggest looking at a wireshark capture to see if there is a fundamental change somewhere along the line. it may also be helpful to have the customer walk you through the configuration via webex or so. the level of config isn't much different from the catalyst express switches of yesteryear. q. On 10/10/2013 05:31 PM, Eric Van Tol wrote: Blake, I'm well aware of how switching and buffering works, but I appreciate the derisive suggestion - it was a big help. However, for clarity: no errors (including input/output drops) on the transport circuit (or the customer's directly-attached circuit). Let me ask a more pointed question: Besides simple management, do the Meraki switches perform any other functions in the cloud, or more specifically, rely on non-local upstream connectivity? I'm well aware that it makes absolutely zero sense that a change in our transport network would cause a local issue within the customer's network. However, the customer mentioned that they have had odd problems with these Meraki switches before when changes occurred outside our network. Thus, I felt it necessary to try and ask the list if anyone has ever heard of anything remotely like this before. -evt From: Blake Dunlap [mailto:iki...@gmail.com] Sent: Thursday, October 10, 2013 1:31 PM To: Eric Van Tol Subject: Re: [c-nsp] Meraki...information Not enough relevant information to assist. Due to what you have and haven't stated in this report I suspect you don't understand the fundamentals of how this change affects switching and buffering, and suggest reading about it and learning how the technology works at that fundamental level before proceeding. Specifically, you never mention if there are asic or input drops, or even an indication that you looked for them or understand what these symptoms lean twords or what troubleshooting steps should be taken. -Blake On Thu, Oct 10, 2013 at 12:04 PM, Eric Van Tol e...@atlantech.netmailto:e...@atlantech.net wrote: Hi all, We ran into a very strange problem last night with a customer who utilizes Meraki switches. I'd like to ask anyone on the list who is familiar with this model of switch whether there is *any* possibility that an upstream modification would cause issues with traffic traversing these switches. A little background: we attempted to perform a migration of a transport circuit in our network from 1G to 10G last night, but the single customer attached to the ME3600 where the transport circuit was changed, started to have issues. There are no errors being reported on either end of the circuit, light levels are good, and we get
Re: [c-nsp] XRv (xr on a server)
on a side note -- it requires a lot of compute to run successfully (ram and proc). large scale networks will require large pools of resources. the software may be free -- but running it may not be if you're short on servers. q. -= sent via iphone. please excuse spelling, grammar, and brevity =- On Oct 3, 2013, at 8:08, Jason Lixfeld ja...@lixfeld.ca wrote: It should be.. We pay enough for Software and licenses and SmartNet on this stuff. The least they can do is give us something to help us test our networks... On 2013-10-03, at 11:05 AM, Luan Nguyen luan20...@gmail.com wrote: Seriously doubt that it would be free. On Thu, Oct 3, 2013 at 11:02 AM, Jason Lixfeld ja...@lixfeld.ca wrote: This should be free. On 2013-10-03, at 10:55 AM, Oliver Garraux oli...@g.garraux.net wrote: I will be really really interested to see what they do pricing wise on VIRL. Hope its nothing crazy, I would love to be able to mess around with XR and NX-OS in the lab. Oliver - Oliver Garraux Check out my blog: blog.garraux.net Follow me on Twitter: twitter.com/olivergarraux On Thu, Oct 3, 2013 at 10:18 AM, Lane Wigley (lwigley) lwig...@cisco.comwrote: I think this is what you're looking for - VIRL http://www.cisco.com/web/solutions/netsys/CiscoLive/virl/index.html http://www.youtube.com/watch?v=nsbzHmwUz6I Targeted for Dec/Jan I think. - Lane -Original Message- From: cisco-nsp [mailto:cisco-nsp-boun...@puck.nether.net] On Behalf Of Aaron Sent: Thursday, October 03, 2013 10:08 AM To: cisco-nsp@puck.nether.net Subject: [c-nsp] XRv (xr on a server) What do y'all know about this ? I understand this is IOS XR on a nix server virtual machine or something like that. I'd like to get it on a few servers in my lab. Where do I get/download it ? Aaron ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/ ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/ ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/ ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/ ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/ ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] XRv (xr on a server)
On Oct 3, 2013, at 8:12, Aaron aar...@gvtc.com wrote: I saw in Cisco TAC Case Open Tool, under IOS XR... XRv (XR on a server). XRv same as VIRL ? xrvr == xr within virl. doesn't ncs run virtualized xr (xrv)? q. -= sent via iphone. please excuse spelling, grammar, and brevity =- ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] XRv (xr on a server)
On 3-Oct-13, at 11:00 , Nick Hilliard n...@foobar.org wrote: On 03/10/2013 16:16, quinn snyder wrote: on a side note -- it requires a lot of compute to run successfully (ram and proc). It shouldn't need that much (although the csr1000v's insane compute requirements are a complete mystery to me) - anyway, ram and cpu are both cheap resources these days. yes. in comparison to outright purchase and installation of kit, this is *much* cheaper. i'm just adding a point that it won't be able to run in a small footprint, which was the vibe that i received when it was released at live! this year. the front-end management tools are light and run happily on modest resources -- but the actual orchestration on the backend requires more resources, especially as the instances are building and running. large scale networks will require large pools of resources. This may or may not be true, depending on the scale of what you're trying to model. A hypervisor with 8 cores and 128 gigs of ram costs a small amount of money, and would be enough to run a relatively large model deployment. i think the higher ceiling to hit will be in regards to (virtual) processors -- not the ram (as ram has scaled much faster than cores per box). there are some pretty finicky requirements and while its possible to kind of load share around them -- if resource contention is felt -- the software doesn't exactly fail gracefully. the software may be free -- but running it may not be if you're short on servers. The software costs money to develop but there is no cost associated with making another copy of it. The most important thing for Cisco to remember is that it's trivial to build virtualised test labs with Junos Olive. This approach allows people to learn enough about the operating system that they feel comfortable about switching to or buying more Juniper kit. I know a good many people who started out with Olive and who liked it so much they started buying Juniper kit in volume. Cisco really missed the boat on this - to their cost. I don't particularly expect Cisco to provide this sort of facility for free, but unless they refrain from their usual policy of premium pricing, I'll shrug my shoulders, then move on and spend my budgets on other vendors. and i see this being a cisco-centric answer to an olive or even junosphere (though there are usage costs to junonsphere that i'm not well versed in). i'm not exactly sure how this will be marketed or where it will be positioned. i just know what my experience in using the software has been. i see a lot of potential use cases with the software -- even though it has a *long* way to go in terms of features and software support. i know that we're internally looking at ways that we can tie this in with different aspects of our labs and demos in an effort to help augment our physical demo's and proof-of-concepts. it has a ways to go -- but it has promise and we're providing feedback to the dev teams on what we're seeing. as you say -- for most customers -- it will come down to price vs. reward. everyone has their own sweet spot. it just all depends on if cisco hits that mark. q. -- quinn snyder snyd...@gmail.com ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] Vlan Mapping
mike -- the vlan mapping configuration will exist on all ports in the port group -- much like port-based qos bits on a per linecard basis. pseudocode int gi 1/1 vlan 1 map 11 vlan 2 map 12 int gi 1/2 vlan 1 map 11 vlan 2 map 12 /pseudocode if you activate vlan mapping on an interface, it inherits all maps on the port group. in my experience (for what its worth) -- this is really to be used as a one-off, temporary fix type of solution. its not permanent -- especially as each linecard on c6k has a varied experience (i.e. number of port groups and translations per port group). q. -- quinn snyder snyd...@gmail.com On 12-Sep-13, at 06:16 , harbor235 harbor...@gmail.com wrote: Thank you for the reply Quinn, can I perform unique vlan mappings per interface as well? e.g. port 1 --- map vlan 1 to 11, port 2 --- map vlan 2 to vlan 12 both ports are on the same port group ASIC. Mike On Wed, Sep 11, 2013 at 3:05 PM, quinn snyder snyd...@gmail.com wrote: configuration is applied per port group on each linecard. however -- each interface (and subsequent 'show' commands) have an enable/disable knob so that mapping can occur on some (but not all) interfaces. q. -= sent via iphone. please excuse spelling, grammar, and brevity =- On Sep 11, 2013, at 11:02, harbor235 harbor...@gmail.com wrote: I am trying to understand the VLAN mapping feature specifically on the 7600. I read a bit but would like confirmation on how it works once implemented. When the feature is enabled it effects all ports on the linecard port ASIC, so it is linecard dependent. My Question: 1) Do all ports have to be engaged in VLAN mapping in the port ASIC group once enabled? or only trunk ports perform the actual VLAN mapping, access ports would not and the configuration for vlan mapping is hidden/disabled? 2) In a port ASIC group can I perform VLAN mapping from/to unique VLANS or am i confined to the same vlans per port ASIC group? Mike ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/ ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] Cisco Switch Portfolio Miss
isn't most of that a by-product of using trident/trident+? i know that trident ii fixes some of that -- but i think that comes down to the (some say unwise) decision of using ots components, no? q. -- quinn snyder snyd...@gmail.com On 12-Sep-13, at 20:15 , Pete Templin peteli...@templin.org wrote: On 9/12/13 11:30 AM, Gert Doering wrote: To be fair, one would need to compare software features - so what does the N3K do? L2 only? L3, with how many routes? IPv6, MPLS? Gert, you don't want to explore the N3K, you'll have 6500 heartburn all over again. URPF halves the route table size, max 16k routes (but v6 routes count double), a separate memory space for host routes, very limited ACL TCAM and it has to be carved up for v4/v6 at boot time. NXOS for this platform seems very buggy, so one might end up doing endless code upgrades to get past showstopper bugs, only to encounter more bugs in the next build. pt ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/ ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] Vlan Mapping
configuration is applied per port group on each linecard. however -- each interface (and subsequent 'show' commands) have an enable/disable knob so that mapping can occur on some (but not all) interfaces. q. -= sent via iphone. please excuse spelling, grammar, and brevity =- On Sep 11, 2013, at 11:02, harbor235 harbor...@gmail.com wrote: I am trying to understand the VLAN mapping feature specifically on the 7600. I read a bit but would like confirmation on how it works once implemented. When the feature is enabled it effects all ports on the linecard port ASIC, so it is linecard dependent. My Question: 1) Do all ports have to be engaged in VLAN mapping in the port ASIC group once enabled? or only trunk ports perform the actual VLAN mapping, access ports would not and the configuration for vlan mapping is hidden/disabled? 2) In a port ASIC group can I perform VLAN mapping from/to unique VLANS or am i confined to the same vlans per port ASIC group? Mike ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/ ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] Meraki? is anyone there testing it?
i've sat in on several technical trainings and webinars -- and i'm currently using in my home right now. there are some drawbacks and, like with every other product line, there are use cases and places where you won't use it. the best way to get familiar with it is to view some of the technical webinars and then speak to an account exec. demo gear is readily available -- and if you sit in the right training -- you receive a bunch of free kit. its not for the large enterprise office -- but for a large distributed enterprise with small userbase per location -- it can make sense -- especially with limited ability for provisioning onsite at each location. this slide underneath something like glue networks -- which has a similar concept -- but on cisco kit. q. -- quinn snyder snyd...@gmail.com On 10-Sep-13, at 11:58 , Luis Miguel Cruz Miranda luis...@imasd.net wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 I just saw a service/product line from Cisco called Meraki. Looks promising but... considering how everything is getting mad with Snowden revelations... does it make sense to manage the network with a cloud app? further more, Meraki availability is just based on link to internet, no link, no management, I think it is highly risky but who knows. Anyone there testing it? I am curious. - -- Luis Miguel Cruz Miranda PGP 0x6C08F418 -BEGIN PGP SIGNATURE- iQEcBAEBAgAGBQJSL2vvAAoJEBosOHBsCPQYkBkH/jQw/GIP7U5pxUxaETozkdL4 6voPQys5Mp8lTHE6I7ncacZZnLaFXqcSnOaPWVvEL1FRgARtbHtk0mivxiYSqqdk YcZZ6aILOIiyR2UhMbN/Me4kr53XTyUxTdH5rX4lNGCx4/ouhFsmeqc9GPxyDZVW HF8heVrbM9RV/cvdzoHghqPbMLJhPu6WbArJn3EYluWs5HdoANkr9ITD02JmTfRr RqGe+CKTrWL/rBK2ZcXXhsBUw4By+X2GkBDBV/IEr4d6L5sQq2ZX3wK22AG5rB1e EXo2XEfByVnJ8Vrj9Phg3n+sljiVGCo7s2RAeSr7vhz+7aCivcmP2DMTXIwCwWI= =ODEN -END PGP SIGNATURE- ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/ ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] Cisco 6500 mounting with cables
On Jul 21, 2013, at 13:00, Justin M. Streiner strei...@cluebyfour.org wrote: On Sun, 21 Jul 2013, Jon Lewis wrote: This solution connects Cisco Catalyst 6800ia access switches to Cisco Catalyst 6500 or 6800 Series core switches. The entire configuration works as a single extended switch with a single management domain. That must be pissing off the Nexus unit. I thought the same thing when Cisco rolled out the 6800s about a month ago. I saw a lot of features that looked like they were put in specifically to poach prospective Nexus customers. i think its just a natural evolution of where cisco is trending. yes -- some of the ia features resemble the n2k functionality -- but there are additional enhancements that make ia more of a campus tool -- rather than the d/c. i think you'll being to see futher enhancements to the platforms (c6k, nexus) that will start to draw clear lines between the positioning or 'general use case'. catalyst will continue to be the campus platform, while nexus will be for the d/c. there may be similar products from each line (ia vs. fex; c4k-x vs. n5k, etc). this will continue to grow as new nexus linecards/platforms/architectures are put out in the wild. q. -= sent via ipad. please excuse brevity, spelling, and grammar =- ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] SDR//Logical Routers
if i recall -- the asr9k only supports a single sdr (default sdr) anyway. asr1k only supports ios-xe -- so only the typical routing isolation is supported (vrf, etc). the only device that will provide 'sdr-like' emulation is a vdc on n7k -- though this is not a direct comparison. q. -= sent via ipad. please excuse brevity, spelling, and grammar =- On Jun 29, 2013, at 13:45, Tony td_mi...@yahoo.com wrote: Hi Could you please let me know if ASR - 1K Supports the concept of Logical Routers or SDR ?? Or else is there any seprate mechanism to isolate the routings between two domains on ASR 1K . Thanks Amit Dhamija ___ ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] New Catalyst 6k chassis
per earlier emails -- this provides emulated qfp-like behaviour. i believe they use commodity silicon to provide this emulation, but exact make/manufacture escapes me. while this is based on bu slicks -- the 4451 loses nothing with services enablement (nat, h-qos, etc). i believe that all possible services have been enabled on the box and it will still kick packets at rate. the forwarding plane will exceed the max '2gbps' license -- but the entire box has been clamped to ensure that the licensed throughput isnt exceeded. q. -= sent via iphone. please excuse spelling, grammar, and brevity =- On Jun 28, 2013, at 2:04, Antoine Monnier mrantoinemonn...@gmail.com wrote: but does that new 4400 have hardware-based forwarding like the ASR1K or software-based/generic-CPU forwarding like the ISR G2 ? if it is the latter, like for the G2 I would expect the actual performance to vary greatly depending on features used, packet size, etc. So I am hoping it's the former... On Thu, Jun 27, 2013 at 7:52 PM, quinn snyder snyd...@gmail.com wrote: actual performance on the 4451 (this is the only isr4400 model) -- will be up to 2gbps with the license upgrade. according to the bu -- this is with services enabled. q. -= sent via iphone. please excuse spelling, grammar, and brevity =- On Jun 27, 2013, at 9:16, Scott Voll svoll.v...@gmail.com wrote: As for the 4xxx I had this conversation before cisco live It fits between the isrg2 and the asr Do to bandwidth requirements and added features it fits well in the 500mb to gig with services.. Ymmv Scott On Wednesday, June 26, 2013, Dobbins, Roland wrote: On Jun 27, 2013, at 10:10 AM, Justin M. Streiner wrote: It just seems like the new 6k is positioned to poach prospective customers from the (arguably) higher-margin Nexus 7k product line. Not 'just seems' - 'is'. Just as the new fixed-config one is positioned to poach prospective customers from the 4xxx-series. ; --- Roland Dobbins rdobb...@arbor.net javascript:; // http://www.arbornetworks.com Luck is the residue of opportunity and design. -- John Milton ___ cisco-nsp mailing list cisco-nsp@puck.nether.net javascript:; https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/ ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/ ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/ ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] New Catalyst 6k chassis
actual performance on the 4451 (this is the only isr4400 model) -- will be up to 2gbps with the license upgrade. according to the bu -- this is with services enabled. q. -= sent via iphone. please excuse spelling, grammar, and brevity =- On Jun 27, 2013, at 9:16, Scott Voll svoll.v...@gmail.com wrote: As for the 4xxx I had this conversation before cisco live It fits between the isrg2 and the asr Do to bandwidth requirements and added features it fits well in the 500mb to gig with services.. Ymmv Scott On Wednesday, June 26, 2013, Dobbins, Roland wrote: On Jun 27, 2013, at 10:10 AM, Justin M. Streiner wrote: It just seems like the new 6k is positioned to poach prospective customers from the (arguably) higher-margin Nexus 7k product line. Not 'just seems' - 'is'. Just as the new fixed-config one is positioned to poach prospective customers from the 4xxx-series. ; --- Roland Dobbins rdobb...@arbor.net javascript:; // http://www.arbornetworks.com Luck is the residue of opportunity and design. -- John Milton ___ cisco-nsp mailing list cisco-nsp@puck.nether.net javascript:; https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/ ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/ ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] Nexus 5k dual sup design
On 26-May-13, at 8:13 AM, JP Velders j...@veldersjes.net wrote: However, a dual-homed FEX does _not_ allow for LAGs downstream (to dual home a server in active/active mode), at least on the 1st gen FEXes we have, and that stupidity (together with all the STP limitations) has steered me away from N2/5K for real datacenters. enhanced vpc is supported as of 5.1(3)n1(1) on n5k. this allows for multihomed fex as well as a vpc down to the actual host. its supported across all n2k platforms. http://www.cisco.com/en/US/docs/switches/datacenter/nexus5000/sw/layer2/513_n1_1/b_Cisco_n5k_layer2_config_gd_rel_513_N1_1_chapter_01010.html Do make sure to look at any vPC setup with an almost pessimistic view to work out all the failure scenarios and design accordingly. as long as you plan for the major cases of vpc-link failure (peer-link, peer-keepalive, and keepalive followed by peer-link) and understand the traffic impact (if any), you're in good shape. from there -- as long as you understand the limitations of the topology and ensure your code supports it (things like single-homed fex with single-homed or network fault tolerant teams with 'vpc orphan-port suspend') you're golden. Also remember that in a dual-homed FEX setup you need to duplicate everything on both N5K's, and inconsistencies can be impacting. config-synch is your friend here. it provides a knob to duplicate certain configs (namely vpc related bits) across n5k chassis to reduce the number of touchpoints for the access-layer configuration. its pretty handy at times, though its worth playing with in the lab to understand how the pieces fit together, how to troubleshoot it, and how to remove/add config snippets in case something goes pear shaped. while i've seen may people use it, i'm still used to having to duplicate configs across chassis and thats how i've stuck with it. i don't do much in terms of operations though. in terms of the inconsistencies, each n2k access-port config is given a vpc number (when you dual-home the n2k). as such, its possible to grep the normal vpc inconsistency commands to find an issue. q. -- quinn snyder snyd...@gmail.com ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] Nexus 5k dual sup design
scale is important, but it depends on your server environment. mostly legacy kit -- dual-home the n2k. servers with teamed nic -- single home the n2k and team on the server. it is possible as of 5.1(3)n2(1) or so to run 'enhanced vpc' (basically vpc on either side of the n2k) -- but i feel its overkill, unless you need a transitory state for single- to multi-homed compute. you pay for it on scale, though. q. -= sent via iphone. please excuse spelling, grammar, and brevity =- On May 25, 2013, at 9:07, manderson chief...@gmail.com wrote: I thought this was a limitation on the 7k, but it makes sense that it would apply to the 5k as well. Good argument, thanks! On Thu, May 23, 2013 at 2:51 PM, LavoJM lav...@secureobscure.com wrote: There is a major scalability consequence of dual-homing a 2k to multiple 5k's with VPC's. You can use basically half as many 2k's hanging off each 5k. 3 -Original Message- From: cisco-nsp [mailto:cisco-nsp-boun...@puck.nether.net] On Behalf Of manderson Sent: Thursday, May 23, 2013 4:33 PM To: Mike Hale Cc: cisco-nsp NSP Subject: Re: [c-nsp] Nexus 5k dual sup design S orry, dual sup meaning each 2k is dual homed to each 5k. On Thu, May 23, 2013 at 9:36 AM, Mike Hale eyeronic.des...@gmail.com wrote: Can you clarify by what you mean by dual-sup? The 5k is single sup only isn't it? On Thu, May 23, 2013 at 8:44 AM, manderson chief...@gmail.com wrote: Hello, we currently use a single sup design in one of our DC's and we're playing w/a dual sup design for single homed servers in our other DC. Cisco A/S, our SE, and myself are not particularly fond of the dual sup design. However, the lead engineer appears to be set on going this route. Other than having two different architectures at two different DC's, and designing a network to support single homed servers, I'm looking for additional pros/cons as points of discussion. TIA, ChiefWFB ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/ -- 09 F9 11 02 9D 74 E3 5B D8 41 56 C5 63 56 88 C0 ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/ ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/ ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] EIGRP as industry standard ?
i guess the bigger picture (and one that i've said on a few occassions to people both inside and outside of cisco) is what does this change? i do work with several large enterprise customers who are entirely eigrp shops, but (and possibly because of) the use of eigrp has made them primarily cisco shops, with only special exceptions granted for other vendors because of a unique reason -- and with that exception comes consulting services because the configuration is foreign to them. these customers won't be jumping to another vendor anytime soon -- because its what they know. i'd assume many of these types of customers aren't going to be changing soon -- they are comfortable with what they know and the lifecycle to change would be many years down the road. on the other hand -- sp's won't be changing because of the lack of mpls support within eigrp. sure -- you can run it as an igp to carry your transit routes, but without hooks for things like mpls-te -- its not going to be implemented in the near future. additionally -- many of *these* customers are 'best-of-breed' and will often look at vendor-c and vendor-j (as well as vendor-b) based on price and performance numbers -- not on who makes it. this won't change anytime soon. while i'm all for opening up of protocol stacks -- i feel like this is just goodwill to the community -- and won't really change the status quo -- at least for another refresh cycle or two. it just feels like a 'look at what we're doing' sort of thing. i could be wrong, though (i am every now and then). q. On 03/15/2013 09:17 AM, Andrew Clark wrote: Might find this document useful, Ge. http://www.cisco.com/en/US/prod/collateral/iosswrel/ps6537/ps6554/ps6599/ps6630/qa_C67-726299.html Andrew Clark Message: 5 Date: Thu, 14 Mar 2013 09:47:42 -0500 From: Ge Moua moua0...@umn.edu To: cisco-nsp@puck.nether.net Subject: [c-nsp] EIGRP as industry standard ? Message-ID: 5141e30e.4020...@umn.edu Content-Type: text/plain; charset=windows-1252; format=flowed It was interesting to see an IETF doc about EIGRP: http://tools.ietf.org/html/draft-savage-eigrp-00 I?m wondering if Cisco may be releasing this to the wider Internet community for possible industry standards consideration. While technically classified by Cisco as a distance-vector protocol, there are hybrid features of EIGRP that makes it attractive over traditional link-state IGPs like OSPF IS-IS (which I'm a big fan of). However, what?s not so attractive is the proprietary nature (tied to Cisco) and lack of support on other big name vendor equipment. Maybe Cisco is looking to change this in the horizon. I'd be interested to know what other ppl way smarter than me thinks. Thanks for your feedback. -- Regards, Ge Moua Univ of Minn Alumnus -- ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/ ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] Power Supply 2 ouput has dropped
what version of code are you running? i ran into something similar with c6509 running sxj. something to do with an invalid pointer or something during the sharing of values between the peers. power supplies were 3kw powered by 240v pdu's off a 415v buss. even during proper operation of the pdu -- confirmed with a multimeter for current and voltage -- the p/s would show ~ ½ available power. eventually upgrading to a later sxj release fixed the issue. cisco has a posted ddts -- internally at last check -- for this. hit up your account team for details. regards, q. -- quinn snyder snyd...@gmail.com On Friday, 4 January 2013 at 12:23 PM, Farooq Razzaque wrote: Hi I m getting the following power supply error frequently on 6513 switches operating in VSS mode. It seems to be the issue with the input of power supply 2. Below are the ouput of the show environment and show power . Anyone has experience this before 83559233: Dec 12 09:37:55.985 UAE: vs_raised_alarm_to_cardstate(): NULL threshold info for switch 1 power-supply 2 power-output-mode violation 83559234: Dec 12 09:37:55.949 UAE: %C6KPWR-SW1_SP-4-PSOUTPUTDROP: Power supply 2 output has dropped 83559235: Dec 12 09:37:55.949 UAE: %C6KPWR-SW1_SP-4-INPUTCHANGE: Power supply 2 input has changed. Power capacity adjusted to 2671.20W 83559236: Dec 12 09:37:55.989 UAE: %C6KPWR-SW1_SP-4-PSREDUNDANTMISMATCH: power supplies rated outputs do not match. 83559237: Dec 12 09:37:55.989 UAE: %C6KPWR-SW1_SP-4-PSNOREDUNDANCY: Power supplies are not in full redundancy, power usage exceeds lower capacity supply 83559238: Dec 12 09:37:57.997 UAE: %C6KPWR-SW1_SP-4-INPUTCHANGE: Power supply 2 input has changed. Power capacity adjusted to 5771.64W 83559239: Dec 12 09:37:58.001 UAE: %C6KPWR-SW1_SP-4-PSREDUNDANTBOTHSUPPLY: in power-redundancy mode, system is operating on both power supplies . 83559240: Dec 12 09:38:02.084 UAE: vs_raised_alarm_to_cardstate(): NULL threshold info for switch 1 power-supply 2 power-output-mode violation 83559241: Dec 12 09:38:02.045 UAE: %C6KPWR-SW1_SP-4-PSOUTPUTDROP: Power supply 2 output has dropped 83559242: Dec 12 09:38:02.045 UAE: %C6KPWR-SW1_SP-4-INPUTCHANGE: Power supply 2 input has changed. Power capacity adjusted to 2671.20W 83559243: Dec 12 09:38:02.089 UAE: %C6KPWR-SW1_SP-4-PSREDUNDANTMISMATCH: power supplies rated outputs do not match. 83559244: Dec 12 09:38:02.093 UAE: %C6KPWR-SW1_SP-4-PSNOREDUNDANCY: Power supplies are not in full redundancy, power usage exceeds lower capacity supply 83559245: Dec 12 09:38:04.112 UAE: %C6KPWR-SW1_SP-4-INPUTCHANGE: Power supply 2 input has changed. Power capacity adjusted to 5771.64W 83559246: Dec 12 09:38:04.112 UAE: %C6KPWR-SW1_SP-4-PSREDUNDANTBOTHSUPPLY: in power-redundancy mode, system is operating on both power supplies. SW01# sh environment switch 1 status power-supply 2 switch 1 power-supply 2: switch 1 power-supply 2 fan-fail: OK switch 1 power-supply 2 power-input: AC low switch 1 power-supply 2 power-output-mode: low switch 1 power-supply 2 power-output-fail: OK SW01#sh power system power redundancy mode = redundant system power redundancy operationally = non-redundant system power total = 5771.64 Watts (137.42 Amps @ 42V) system power used = 3451.56 Watts (82.18 Amps @ 42V) system power available = 2320.08 Watts (55.24 Amps @ 42V) Power-Capacity PS-Fan Output Oper PS Type Watts A @42V Status Status State -- --- -- -- -- - 1 WS-CAC-6000W 5771.64 137.42 OK OK on 2 WS-CAC-6000W 2671.20 63.60 OK OK on SW01# sh environment switch 1 status power-supply 2 switch 1 power-supply 2 fan-fail: OKswitch 1 power-supply 2: fan-fail: OK switch 1 power-supply 2 power-input: AC high switch 1 power-supply 2 power-output-mode: high switch 1 power-supply 2 power-output-fail: OK SW01#sh power system power redundancy mode = redundant system power total = 5771.64 Watts (137.42 Amps @ 42V) system power used = 3451.56 Watts (82.18 Amps @ 42V) system power available = 2320.08 Watts (55.24 Amps @ 42V) Power-Capacity PS-Fan Output Oper PS Type Watts A @42V Status Status State -- --- -- -- -- - 1 WS-CAC-6000W 5771.64 137.42 OK OK on 2 WS-CAC-6000W 5771.64 137.42 OK OK on ___ cisco-nsp mailing list cisco-nsp@puck.nether.net (mailto:cisco-nsp@puck.nether.net) https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/ ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] ASR1006 ISSU upgrade fail
issu from 2.x train to 3.x train is unsupported. this is outlined in issu notes for asr1k platform. google 'asr1k issu compatibility tables' for info. regards, q. -= sent via iphone. please excuse spelling, grammar, and brevity =- On May 2, 2012, at 20:42, CiscoNSP_list CiscoNSP_list cisconsp_l...@hotmail.com wrote: Hi Guys, ASR1006 dual RP/Dual ESP - Followed this guide: http://www.cisco.com/en/US/docs/routers/asr1000/configuration/guide/chassis/issu.html (Using ISSU to Perform a Consolidated Package Upgrade in a Dual Route Processor Configuration) Current XE version: asr1000rp1-adventerprisek9.02.01.01.122-33.XNA1 and upgrading to: asr1000rp1-adventerprisek9.03.05.02.S.152-1.S2 I got to step 5 (issu load version rp 1 file stby-bootflash:asr1000rp1-adventerprisek9.03.05.02.S.152-1.S2.bin), but received the following error: *May 2 18:01:50.246: %ASR1000_SPA-3-INVALID_SLOT_NUM: slot= 15, max slot = 14 -Traceback= 1#3c0e9c526e153a8453b1a7f7d5b8cf1f :1000+61C3B8 :1000+61A51C :1000+61A8A0 :1000+25D7028 :1000+2433E5C :1000+2433E98 iosd_unix:C25F000+13F60 iosd_unix:C25F000+11690 pthread:BF56000+5DA0 *May 2 18:01:50.248: %ASR1000_SPA-3-INVALID_SUBSLOT_NUM: subslot= 15, max subslot = 4 -Traceback= 1#3c0e9c526e153a8453b1a7f7d5b8cf1f :1000+61C3B8 :1000+61A51C :1000+61A8A0 :1000+25D7030 :1000+2433E5C :1000+2433E98 iosd_unix:C25F000+13F60 iosd_unix:C25F000+11690 pthread:BF56000+5DA0 And the standby RP just continues to reload (loop), and the above error is printed, then reloads again Any suggestions are greatly appreciated. ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/ ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] No Link between SFP-10G-LRM and X2-10GB-LX4?
are you sure that its supported? lx4 == wwdm optic == 4x2.5gbps channels using wideband muxing. additionally, when looking at datasheets for x2 and sfp+ modules, one will see that lx4 optic mentions 4 lanes, launching in the 1300nm space and a separate pluggable for x2-10gb-lrm. sfp+ only mentions single lane in 1310nm space. i dont believe the two are compatible. would suggest looking at x2-10gb-lrm= for compatibility. regards, q. -= sent via ipad. please excuse brevity, spelling, and grammar =- On Oct 5, 2011, at 11:21, ci...@entrap.de ci...@entrap.de wrote: Greetings, I have a 6509 with an X6716-10GE Card equipped with Cisco X2-10GB-LX4 10GE modules and a Cisco 2960S-48TD-L Switch with two Cisco SFP-10G-LRM modules. Right now I am not able to get an active link between these X2 and SFP modules, it stays down/down (notconnected). I instantly get a link when connecting X2 to X2 or SFP+ to SFP+ Module. I tried nonegotiate but this didn't help.. The 6509 runs IOS 12.2(33)SXI7, the 2960 IOS 12.2(55)SE3. Cisco says these modules are compatible to each other.. Has anyone seen this before? Any hints or ideas? Thanks, Holger ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/ ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] GBIC requires restart after link loss
check into the following bug bug id: CSCti80308 i have hit this in other c4k chassis with different cards, but the result is the same. regards, q. -= sent via ipad. please excuse brevity, spelling, and grammar =- On Oct 3, 2011, at 17:55, Martin T m4rtn...@gmail.com wrote: I have a following setup: WS-C2960G-24TC-L[Gi0/22] - [Gi3/4]WS-C4506 SFP in WS-C2960G-24TC-L is a noname 1000BASE-LX10 transceiver working thanks to service unsupported-transceiver. GBIC in WS-C4506 is an Avago AFCT-5611Z 1000BASE-LX10. Linecard model in WS-C4506 is WS-X4306-GB. I had a situation where WS-C2960G-24TC-L reloaded, but link between WS-C2960G-24TC-L and WS-C4506 did not came up until I did shutdown and no shutdown to port Gi3/4 in WS-C4506. I have seen similar behaviour with GBIC transceivers on WS-X4306 linecard as well(in another WS-C4506) and for example in case there is a fibre cut between the switches, once the cable is repaired, sometimes one needs to make shutdown and no shutdow to GBIC port in order for line protocol to come up. As I understand, in case there is no Rx signal to the GBIC, the Tx is still operational(tested this with light meter and in case of 1000BASE-SX one is even able to see the red light constantly on) and both ends should see each other. Anybody else seen something like this? What might be the reason behind this behaviour? How common is this with SFP's? Are there GBIC's with chip set design preventing such problems? regards, martin ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/ ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] N7k as Enterprise core MPLS P/PE
On Sep 29, 2011, at 13:29, Phil Mayers p.may...@imperial.ac.uk wrote: Tim Durack tdur...@gmail.com wrote: We are currently using the C6K in this role. The N7K is looking like the logical replacement. Likwise. Hence my asking! I'm a bit disappointed that the current 10g cards on the n7k are only 8 (non-blocking) ports per slot though. Anyone know if there's a higher density non-blocking option coming down the pipe? -- Sent from my phone. Please excuse brevity and typos. i'd assume that with fab2 shipping in n7009, new m2 linecards cant be far away -- as i have heard 'soon' as an eta for fab2 in n7010/7018 chassis. q. -= sent via iphone. please excuse spelling, grammar, and brevity =- ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/ ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] Funny problem w/ SFP link on Nexus 5548
n5548/n5596 support 1/10gbe on all ports in chassis, as well as converged ethernet (assuming appropriate licensing is installed, of course). [0] regards, q. [0] http://www.cisco.com/en/US/prod/collateral/switches/ps9441/ps9670/data_sheet_c78-618603.html -= sent via ipad. please excuse brevity, spelling, and grammar =- On Sep 21, 2011, at 18:32, Chuck Church chuckchu...@gmail.com wrote: Anything showing up in the Cisco log? I'm not sure about the 5548, but on the 5010/5020s, only certain ports will do both 1 gig and 10 gig. Not sure if a non-1 gig capable port would accept the speed 1000 command. Those symptoms sound like the speed 1000 is actually missing. Do the SPFs on each side have matching wavelength? Thanks, Chuck -Original Message- From: cisco-nsp-boun...@puck.nether.net [mailto:cisco-nsp-boun...@puck.nether.net] On Behalf Of vinny_abe...@dell.com Sent: Wednesday, September 21, 2011 5:28 PM To: g...@gmx.de; cisco-nsp@puck.nether.net Subject: Re: [c-nsp] Funny problem w/ SFP link on Nexus 5548 Is Gig-E auto negotiation set the same on both devices? It sounds kind of like the Nortel has Gig-E auto negotiation disabled, so it will show link as soon as it sees light. Your NX might be trying to auto negotiate which won't work if the other side isn't doing it as well. Maybe try disabling auto neg on the NX. -Vinny -Original Message- From: cisco-nsp-boun...@puck.nether.net [mailto:cisco-nsp-boun...@puck.nether.net] On Behalf Of Garry Sent: Wednesday, September 21, 2011 3:43 PM To: cisco-nsp@puck.nether.net Subject: [c-nsp] Funny problem w/ SFP link on Nexus 5548 Hi, I'm currently at a customer who got a 5548 with 2248 FEX and several 2960S connected to the 5548, everything working fine. Anyway, in order to migrate from the old switch infrastructure, we tried to interconnect them to the 5548, which is where my problem started - the link just won't go up on the NX ... The other side is a Nortel core switch, with 8616SXE card for fiber links. On the Nortel, the link light goes on when I connect the switches, but the Nexus doesn't do anything. SFPs are the same as for the links to the 2960S, OEM/compatible 1G optics. Ports are configured for 1G (speed 1000), same as for the 2960S. When I put the same SFP in a 2960S, the link comes up at once. What am I missing here? Thanks, Garry ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/ ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/ ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/ ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] nexus material and coloured CWDM 10G SFP+
holemans -- via 'sh int ex/y trans det' one can scrape the dom information from the pluggable, assuming the pluggable supports dom. regards, q. -= sent via iphone. please excuse spelling, grammar, and brevity =- On Sep 9, 2011, at 2:24, Holemans Wim wim.holem...@ua.ac.be wrote: Recently we started using CWDM coloured 10G SFP+ interfaces (smartoptics) on our campus network (in 4900M with OneX convertors). This works just fine although Cisco probably will tell us that is not supported... I'm wondering if someone already did the same thing on nexus 5xxx switches, especially 5010 and 5548. We are planning to build a new backbone between different datacenters based on nexus material (5010 in 2 remote datacenters, 5548 in the central datacenter). We could use the transponders of our CWDM vendor and use local SR SFP+ interfaces but these transponders cost about 3x times more than coloured SFP+ interfaces (and these don't com cheap). Using coloured SFP+ interfaces moves control/monitoring of the fiber losses to the end device but we can live with that. Second question : can you read out fiber losses on a nexus ? (cfr show int transc in IOS) Greetings, Wim Holemans Netwerkdienst Universiteit Antwerpen Network Services University of Antwerp ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/ ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] A bit of 6513-E confusion
c6513-e behaves same as non-e chassis without sup2t[0] [0] http://www.cisco.com/en/US/prod/collateral/switches/ps5718/ps708/qa_c67-6214 10.pdf regards, q. -Original Message- From: cisco-nsp-boun...@puck.nether.net [mailto:cisco-nsp-boun...@puck.nether.net] On Behalf Of Drew Weaver Sent: 17 August, 2011 11:28 To: cisco-nsp Subject: [c-nsp] A bit of 6513-E confusion With a 6513-E would you be able run it with: 2xSUP720-3BXLs 10xWS-6748(/w DFCs) 1x WS-6708? I don't need the 10/100/1000 ports to be line rate either. I know in the regular 6513 you can only put the higher-end cards in the last few slots, but I can't really find out if that is still true on the 6513-E. Has anyone been brave enough to try it and could you share your results? thanks, -Drew ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/ ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] sup2T software release notes have hit
dfc-based linecards will require dfc4 to function in sup2t chassis (if supported by software). any 6700-series cards supported in sup2t will need this upgrade. 6708 linecard cleverly omitted from upgrade path -- this, as stated, will need to be replaced with 6908 line-rate card -- or used in sup720-based chassis only. regards, q. -= sent via ipad. please excuse brevity, spelling, and grammar =- On Jul 11, 2011, at 14:54, Peter Rathlev pe...@rathlev.dk wrote: On Mon, 2011-07-11 at 23:19 +0200, Simon Leinen wrote: Thanks for the heads-up! There's some more technical information about the Supervisor 2T in the White Papers section: http://www.cisco.com/en/US/customer/products/hw/switches/ps708/prod_white_papers_list.html Yeah...: The Supervisor 2T provides backward compatibility with the existing WS-X6700 Series Linecards (with the exception of the WS-X6708-10G, which will be replaced by the new WS-X6908-10G, discussed later), as well as select WS-X6100 Series Linecards only. ... Note: Due to compatibility issues, the WS-X6708-10GE-3C/3CXL cannot be inserted in a Supervisor 2T system, and must be upgraded to the new WS-X6908-10GE-2T/2TXL. The 6708 card isn't mentioned elsewhere on the page. Specifically not in Table 6. DFC4 Field Upgradable Linecard. Anybody know what that means? Do we have to buy new 6908 cards instead? Or will there be a field upgrade? -- Peter ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/ ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] Nexus 7010 SVI issues
depending on code version, i've seen the n7k not create the layer-2 vlan associated with the svi, even allowing you to place it on a trunk. can you confirm that the layer-2 vlan is in place and created? regards, q. -= sent via ipad. please excuse brevity, spelling, and grammar =- On Jul 9, 2011, at 8:52, Renelson Panosky panocisc...@gmail.com wrote: I have a couple nexus pod up and running so i just created two more SVI in my Nexus 7010 with the following configuratons. All my other SVIs are configured exactly the same way and all of them are UP UP but the two new one i just add. They are all added to all my trunks and all my trunks are UP UP. I do know on some devices in the IOS platform the SVI will not come up until you put a node on it (plug something in oe of the ports assign to that vlan.) but int he same token some the other SVIs have no nodes on them and they are UP UP and i can ping them. Any input would be greatly apprecisted interface Vlan2 no shutdown description XXX no ip redirects ip address 10.100.XX.XX/25 ip router eigrp 100 ip passive-interface eigrp 100 hsrp 2 preempt delay minimum 30 priority 110 ip 10.XXX.XX.XX ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/ ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] multichassis lacp
2960-s. stacking was afflicted with serious bugs up until a few months ago. seems to be stable with current code. q. -= sent via iphone. please excuse spelling, grammar, and brevity =- On Jul 5, 2011, at 18:10, chris stand cstand...@gmail.com wrote: Yes, The nature of the 3750 with its stacking cables does allow mlacp. I also think there is a new stackable 2900 S switch that can do it as well. Have you actually done it with the 3750? I cannot find anything on cco about 3750 mlacp. --Tim Riendeau On 7/5/11 4:55 PM, Nick Hilliard n...@foobar.org wrote: On 05/07/2011 19:27, Timothy Riendeau wrote: Anyone know where to find a list of switches that support MLACP particularly metro ethernet switches? Catalyst 3750 Catalyst 6500 with VSS supervisor Nexus 7000 Nick -- ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp End of cisco-nsp Digest, Vol 104, Issue 6 * ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/ ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] Nexus 7018 spanning tree and unicast flooding
prashanth -- i see that you have all ports as 'network' ports. i assume this is done by invoking spanning-trew port type network under the interface configuration stanza or so. in n7k land, this invokes a feature called 'bridge-assurance' and it must be explicitly enabled on the other end. it is a feature that can only be enabled globally on n7k and is enabled by default if you run any vpc services on n7k. that being said -- your issue may be caused by this configuration statement. bridge-assurance is only supported on certain versions of c6k, so i'd say that you have to change this. [0] please set all ports that dont have bridge-assurance on both ends to the following spanning-tree port type normal and see if this solves your problem. regards, q. [0] https://supportforums.cisco.com/thread/2000819 -= sent via ipad. please excuse brevity, spelling, and grammar =- On Jun 27, 2011, at 11:05, Prashanth kumar smarni7...@gmail.com wrote: I am trying to troubleshoot a issue with spanning tree topology change and unicast flooding during the topology change which I have not seen in 6500. I am new to nexus series. +--++-+ | | || | Root | | Secondry | | SW1 || Root| | || SW2 | +--+++ | / | / | / | span blocked +---/---+ | Access Switch | || +--+ We have a simple topology of two Nexus 7018 aggregation routers in DC and access-switches connected to two of them as shown above. There are multiple VLAN's trunked to the access switches. All vlans are trunked between Nexus switch as well. The Access swtich connection to second 7018 is blocked. We run PRSTP+ and all ports on core switch are type network. The issue we have is when ever we bring up a new port or port state changes on 7018 there is TCN generated and both the switch flush the cam table and it takes about 15 to 30 second to re-learn the new mac. during this time we see lot of unicast flooding on all the switches/load balancer which are connected. Is this a limitation on Nexus 7000 or is this normal behavior. I have not seen this on 6500. Thanks you in advance PK ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/ ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] Nexus 7018 spanning tree and unicast flooding
am i to assume that your prior statement is incorrect then, wherein you stated that all ports on the core switch are set to type network? regardless of whether they are up, down, or lateral -- if the far end device doesn't support 'bridge-assurance', then the port should be of 'normal' type. additionally, are you running any vpc services on the n7k? have you ensured that by bringing up the new interface you're not causing the spf recalculation by some spanning-tree vlan priority command misconfig? i can safely say that i've done exactly what you are doing on n7018 running vpc (nx-os 5.0(2a) and 5.1(3)), with no packet loss or spf reconvergence. this was run in a vdc environment with that particular vdc running eigrp, hsrpv2, vpc, lacp, udld, and rpvst+. configs and nx-os versions would be helpful here. regards, q. -= sent via ipad. please excuse brevity, spelling, and grammar =- On Jun 27, 2011, at 12:12, Prashanth kumar smarni7...@gmail.com wrote: Quimm, Spanning tree type is normal for all the ports connected to downstream switched. spanning-tree port type normal -Thanks Prashanth On Mon, Jun 27, 2011 at 11:28 AM, Quinn Snyder snyd...@gmail.com wrote: prashanth -- i see that you have all ports as 'network' ports. i assume this is done by invoking spanning-trew port type network under the interface configuration stanza or so. in n7k land, this invokes a feature called 'bridge-assurance' and it must be explicitly enabled on the other end. it is a feature that can only be enabled globally on n7k and is enabled by default if you run any vpc services on n7k. that being said -- your issue may be caused by this configuration statement. bridge-assurance is only supported on certain versions of c6k, so i'd say that you have to change this. [0] please set all ports that dont have bridge-assurance on both ends to the following spanning-tree port type normal and see if this solves your problem. regards, q. [0] https://supportforums.cisco.com/thread/2000819 -= sent via ipad. please excuse brevity, spelling, and grammar =- On Jun 27, 2011, at 11:05, Prashanth kumar smarni7...@gmail.com wrote: I am trying to troubleshoot a issue with spanning tree topology change and unicast flooding during the topology change which I have not seen in 6500. I am new to nexus series. +--++-+ | | || | Root | | Secondry | | SW1 || Root| | || SW2 | +--+++ | / | / | / | span blocked +---/---+ | Access Switch | || +--+ We have a simple topology of two Nexus 7018 aggregation routers in DC and access-switches connected to two of them as shown above. There are multiple VLAN's trunked to the access switches. All vlans are trunked between Nexus switch as well. The Access swtich connection to second 7018 is blocked. We run PRSTP+ and all ports on core switch are type network. The issue we have is when ever we bring up a new port or port state changes on 7018 there is TCN generated and both the switch flush the cam table and it takes about 15 to 30 second to re-learn the new mac. during this time we see lot of unicast flooding on all the switches/load balancer which are connected. Is this a limitation on Nexus 7000 or is this normal behavior. I have not seen this on 6500. Thanks you in advance PK ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/ ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] Cisco N5548P with N2248TP Fex not found
not seeing the vpc peer-link in th config, nor a layer-3 address for the keepalive link to communicate across. if you are planning to use vpc -- there are a number of things wrong. i guess a deeper understanding of your topology and what you are attempting to accomplish is in order. q. -= sent via ipad. please excuse brevity, spelling, and grammar =- On Jun 3, 2011, at 12:09, Renelson Panosky panocisc...@gmail.com wrote: First I want to thank everyone for their help yesterday but i am still having some issues with some of them. Some of my fex are not showing up even though all my configs are similar. I've posted the config below please any help would be appreciated. sho run !Command: show running-config !Time: Fri Jun 3 18:58:29 2011 version 5.0(2)N2(1) feature fcoe feature telnet cfs eth distribute feature interface-vlan feature lacp feature vpc feature lldp feature fex username admin password 5 $1$S9NNLG/i$NkudlhPrwchGiwJlvZMWW0 role network-admin no password strength-check ip domain-lookup ip domain-lookup hostname N5K-Ashswd03 class-map type qos class-fcoe class-map type queuing class-fcoe match qos-group 1 class-map type queuing class-all-flood match qos-group 2 class-map type queuing class-ip-multicast match qos-group 2 class-map type network-qos class-fcoe match qos-group 1 class-map type network-qos class-all-flood match qos-group 2 class-map type network-qos class-ip-multicast match qos-group 2 fex 101 pinning max-links 1 description FEX0101 type N2248T fex 103 pinning max-links 1 description FEX0103 type N2248T fex 105 pinning max-links 1 description FEX0105 fex 107 pinning max-links 1 description FEX0108 fex 109 pinning max-links 2 description FeX0110 snmp-server user admin network-admin auth md5 0xd9147e119e1d5594801dd5fb5a7ce51a priv 0xd9147e119e1d5594801dd5fb5a7ce51a localizedkey snmp-server enable traps entity fru vrf context management vlan 1 vpc domain 1 peer-keepalive destination 10.10.10.3 interface Vlan1 interface port-channel1 description to Nexus7k-coresw1 switchport mode trunk speed 1 interface port-channel2 description to Nexus7k-coresw2 switchport mode trunk speed 1 interface port-channel11 description vc to HP-Blade-1 switchport mode trunk vpc 12 interface port-channel12 description vc to HP-Blade-2 switchport mode trunk vpc 13 interface port-channel101 description connected N2248TP 101 switchport mode fex-fabric fex associate 101 interface port-channel103 description Connected N2248TP 103 switchport mode fex-fabric fex associate 103 interface port-channel105 description connected N2248TP 105 switchport mode fex-fabric fex associate 105 interface port-channel107 description connected N2248TP 107 switchport mode fex-fabric fex associate 107 interface fc2/1 interface fc2/2 interface fc2/3 interface fc2/4 interface fc2/5 interface fc2/6 interface fc2/7 interface fc2/8 interface Ethernet1/1 interface Ethernet1/2 interface Ethernet1/3 interface Ethernet1/4 interface Ethernet1/5 interface Ethernet1/6 interface Ethernet1/7 interface Ethernet1/8 interface Ethernet1/9 interface Ethernet1/10 interface Ethernet1/11 interface Ethernet1/12 interface Ethernet1/13 interface Ethernet1/14 interface Ethernet1/15 interface Ethernet1/16 interface Ethernet1/17 interface Ethernet1/18 interface Ethernet1/19 interface Ethernet1/20 interface Ethernet1/21 interface Ethernet1/22 interface Ethernet1/23 interface Ethernet1/24 interface Ethernet1/25 interface Ethernet1/26 interface Ethernet1/27 interface Ethernet1/28 interface Ethernet1/29 interface Ethernet1/30 interface Ethernet1/31 interface Ethernet1/32 interface Ethernet2/1 description Connected N2248TP 101 fex associate 101 switchport mode fex-fabric channel-group 101 interface Ethernet2/2 description Connected 2248TP 103 fex associate 103 switchport mode fex-fabric channel-group 103 interface Ethernet2/3 description connected N2248TP 105 fex associate 105 switchport mode fex-fabric channel-group 105 interface Ethernet2/4 fex associate 107 switchport mode fex-fabric channel-group 107 interface Ethernet2/5 interface Ethernet2/6 interface Ethernet2/7 interface Ethernet2/8 interface mgmt0 interface Ethernet103/1/1 interface Ethernet103/1/2 interface Ethernet103/1/3 interface Ethernet103/1/4 interface Ethernet103/1/5 interface Ethernet103/1/6 interface Ethernet103/1/7 interface Ethernet103/1/8 interface Ethernet103/1/9 interface Ethernet103/1/10 interface Ethernet103/1/11 interface Ethernet103/1/12 interface Ethernet103/1/13 interface Ethernet103/1/14 interface Ethernet103/1/15 interface Ethernet103/1/16 interface Ethernet103/1/17 interface Ethernet103/1/18 interface Ethernet103/1/19 interface Ethernet103/1/20 interface
Re: [c-nsp] disabling GigE negotiation on NX-OS
testing in my lab now -- simple back to back copper over glc-t between n5020 running 4.2(1)n2(1) and asr1002 running 3.1.0s = asr1002-1#sh run int gig 0/0/3 Building configuration... Current configuration : 74 bytes ! interface GigabitEthernet0/0/3 no ip address no negotiation auto end asr1002-1#sh int gig 0/0/3 GigabitEthernet0/0/3 is up, line protocol is up Hardware is 4XGE-BUILT-IN, address is 588d.09ef.5103 (bia 588d.09ef.5103) MTU 1500 bytes, BW 100 Kbit/sec, DLY 10 usec, reliability 255/255, txload 1/255, rxload 1/255 Encapsulation ARPA, loopback not set Keepalive not supported Full Duplex, 1000Mbps, link type is force-up, media type is T output flow-control is on, input flow-control is on ARP type: ARPA, ARP Timeout 04:00:00 Last input 00:00:00, output never, output hang never Last clearing of show interface counters never Input queue: 0/375/0/0 (size/max/drops/flushes); Total output drops: 0 Queueing strategy: fifo Output queue: 0/40 (size/max) 5 minute input rate 0 bits/sec, 0 packets/sec 5 minute output rate 0 bits/sec, 0 packets/sec 37 packets input, 5077 bytes, 0 no buffer Received 0 broadcasts (0 IP multicasts) 0 runts, 0 giants, 0 throttles 0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored 0 watchdog, 37 multicast, 0 pause input 0 packets output, 0 bytes, 0 underruns 0 output errors, 0 collisions, 4 interface resets 0 unknown protocol drops 0 babbles, 0 late collision, 0 deferred 0 lost carrier, 0 no carrier, 0 pause output 0 output buffer failures, 0 output buffers swapped out n5020-1# sh run int e1/1 !Command: show running-config interface Ethernet1/1 !Time: Fri Apr 15 20:46:47 2011 version 4.2(1)N2(1) interface Ethernet1/1 speed 1000 n5020-1# sh int e1/1 Ethernet1/1 is up Hardware: 1000/1 Ethernet, address: 0005.73a1.6508 (bia 0005.73a1.6508) MTU 1500 bytes, BW 100 Kbit, DLY 10 usec, reliability 255/255, txload 1/255, rxload 1/255 Encapsulation ARPA Port mode is access full-duplex, 1000 Mb/s, media type is 1/10g Beacon is turned off Input flow-control is off, output flow-control is off Rate mode is dedicated Switchport monitor is off Last link flapped 00:01:54 Last clearing of show interface counters 00:03:58 30 seconds input rate 0 bits/sec, 0 packets/sec 30 seconds output rate 232 bits/sec, 0 packets/sec Load-Interval #2: 5 minute (300 seconds) input rate 0 bps, 0 pps; output rate 32 bps, 0 pps RX 0 unicast packets 0 multicast packets 0 broadcast packets 0 input packets 0 bytes 0 jumbo packets 0 storm suppression packets 0 runts 0 giants 0 CRC 0 no buffer 0 input error 0 short frame 0 overrun 0 underrun 0 ignored 0 watchdog 0 bad etype drop 0 bad proto drop 0 if down drop 0 input with dribble 0 input discard 0 Rx pause TX 0 unicast packets 46 multicast packets 0 broadcast packets 46 output packets 6528 bytes 0 jumbo packets 0 output errors 0 collision 0 deferred 0 late collision 0 lost carrier 0 no carrier 0 babble 0 Tx pause 1 interface resets = the asr is as carrier as i get -- and i don't have a 5548 to dink with, so take this for what its worth, but i think that tony is spot on. q. == () ascii ribbon campaign - against html e-mail /\ www.asciiribbon.org - against proprietary attachments On 04/15/2011 12:28 PM, Tony Varriale wrote: On 4/15/2011 1:07 PM, Gert Doering wrote: Hi, yesterday, one of our customers tried to move two GigE-on-fiber circuits from a Catalyst 4507 to a new Nexus 5548. The other end terminates on some carrier gear (and is then multiplexed in whatever ways across the city). After moving the circuit, the link didn't come up on the Nexus, but the carrier gear *did* show link. I wasn't on-site, so I couldn't investigate myself, but it smells very much like GigE link negotiation being disabled on the carrier gear - carriers love that. Of course we do not have access to either the Catalyst nor the Nexus, but it's our duty to make it work (after all, we provide the fiber patches!). So I'd like him to test disabling link negotiation on the Nexus, but don't know how to do that - no access to any NX-OS gear yet. On CatOS, this is set port negotiation x/y disable. On IOS, it's int giga x/y / speed nonegotiate. -- How to do it on NX-OS? http://www.cisco.com/en/US/docs/switches/datacenter/nexus5000/sw/configuration/guide/cli_rel_4_0_1a/BasicEthernet.html refers to Layer 1 autonegotiation, but no word on turning it off... gert ___ cisco-nsp mailing list cisco-nsp@puck.nether.net
Re: [c-nsp] disabling GigE negotiation on NX-OS
dug through some kit -- found sfp-ge-s and a 62.5um cable. same interfaces being used. link came up for me. again -- this is with n5000, not n5500, but i wouldn't think too great of a difference? === asr1002-1(config)#do sh run int gig 0/0/3 Building configuration... Current configuration : 74 bytes ! interface GigabitEthernet0/0/3 no ip address no negotiation auto end asr1002-1(config)#do sh int gig 0/0/3 GigabitEthernet0/0/3 is up, line protocol is up Hardware is 4XGE-BUILT-IN, address is 588d.09ef.5103 (bia 588d.09ef.5103) MTU 1500 bytes, BW 100 Kbit/sec, DLY 10 usec, reliability 255/255, txload 1/255, rxload 1/255 Encapsulation ARPA, loopback not set Keepalive not supported Full Duplex, 1000Mbps, link type is force-up, media type is SX output flow-control is on, input flow-control is on ARP type: ARPA, ARP Timeout 04:00:00 Last input 00:00:01, output never, output hang never Last clearing of show interface counters never Input queue: 0/375/0/0 (size/max/drops/flushes); Total output drops: 0 Queueing strategy: fifo Output queue: 0/40 (size/max) 5 minute input rate 0 bits/sec, 0 packets/sec 5 minute output rate 0 bits/sec, 0 packets/sec 36 packets input, 4800 bytes, 0 no buffer Received 0 broadcasts (0 IP multicasts) 0 runts, 0 giants, 0 throttles 0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored 0 watchdog, 36 multicast, 0 pause input 0 packets output, 0 bytes, 0 underruns 0 output errors, 0 collisions, 5 interface resets 0 unknown protocol drops 0 babbles, 0 late collision, 0 deferred 0 lost carrier, 0 no carrier, 0 pause output 0 output buffer failures, 0 output buffers swapped out - n5020-1# sh run int e1/1 !Command: show running-config interface Ethernet1/1 !Time: Fri Apr 15 21:16:15 2011 version 4.2(1)N2(1) interface Ethernet1/1 speed 1000 n5020-1# sh int e 1/1 Ethernet1/1 is up Hardware: 1000/1 Ethernet, address: 0005.73a1.6508 (bia 0005.73a1.6508) MTU 1500 bytes, BW 100 Kbit, DLY 10 usec, reliability 255/255, txload 1/255, rxload 1/255 Encapsulation ARPA Port mode is access full-duplex, 1000 Mb/s, media type is 1/10g Beacon is turned off Input flow-control is off, output flow-control is off Rate mode is dedicated Switchport monitor is off Last link flapped 00:03:47 Last clearing of show interface counters 00:33:26 30 seconds input rate 0 bits/sec, 0 packets/sec 30 seconds output rate 184 bits/sec, 0 packets/sec Load-Interval #2: 5 minute (300 seconds) input rate 0 bps, 0 pps; output rate 96 bps, 0 pps RX 0 unicast packets 1 multicast packets 0 broadcast packets 1 input packets 81 bytes 0 jumbo packets 0 storm suppression packets 0 runts 0 giants 0 CRC 0 no buffer 0 input error 0 short frame 0 overrun 0 underrun 0 ignored 0 watchdog 0 bad etype drop 0 bad proto drop 0 if down drop 0 input with dribble 0 input discard 0 Rx pause TX 0 unicast packets 218 multicast packets 0 broadcast packets 218 output packets 32576 bytes 0 jumbo packets 0 output errors 0 collision 0 deferred 0 late collision 0 lost carrier 0 no carrier 0 babble 0 Tx pause 2 interface resets === i've used this article in the past[0]. while dated -- it seems to have some good information. it doesn't appear that speed nonegotiate is accepted under the 4.2 code on n7k -- so i'd assume similar parity in 4.2 on n5k platform. i tried to pull of the optic information from my n5k -- but its not coming out clean. however, when i use this transceiver in n7k, i get the following output n7k-1# sh int e 1/25 trans Ethernet1/25 transceiver is present type is 1000base-SX name is CISCO-FINISAR part number is FTLF8519P2BNL-C6 revision is B serial number is FNS143907J7 nominal bitrate is 1300 MBit/sec cisco id is -- cisco extended id number is 4 == when i try to configure speed on n7k running 5.1(3) code, i get the following options (which may lend more insight into why this works === n7k-1(config)# int e 1/25 n7k-1(config-if)# speed ? 10 10Mb/s 100100Mb/s 1000 1Gb/s 1 10Gb/s auto Auto negotiate speed not sure if hard-setting the speed and negotiation are mutually exclusive -- but i'm just passing along what i'm seeing. q. [0]http://www.netcraftsmen.net/component/content/article/69-data-center/807-migrating-to-nexus-7000-from-catalyst-6500-and-4500-switches.html == () ascii ribbon campaign - against html e-mail /\ www.asciiribbon.org - against proprietary attachments On 04/15/2011 02:01 PM, Gert Doering wrote: Hi, On Fri, Apr 15, 2011 at 01:44:03PM -0700, quinn snyder wrote: testing in my lab now
Re: [c-nsp] Non-disruptive ISSU for Nexus 5000
from the release notes -- i see the following[0] STP can not be enabled on switches under the parent Cisco Nexus 5000 Series switch. it seems that since you've got your n5010 underneath the n5020, you've got stp processes running and designated ports being assigned to the upstream interfaces. this has bitten me in the past when doing an in-band keepalive, rather than using mgmt0. in my case, since the keepalives were simply sent between the n5k pair using a vlan that wasn't extended an an svi using a /31, i disabled stp on that vlan and restored my issu ability. now -- it seems that this command is valid under 4.2(1)n2(1) n5k-1(config-if)# spanning-tree port type edge ? CR trunk Consider the interface as edge port (enable portfast) even in trunk mode you may be able to put something together through the use of this command and disabling spanning-tree -- since this is meant to combat the trunks required for virtualised hosts. it also should be noted that issu wasn't possible on n5k platform until 4.2(1)n1(1). anything prior and you'll only be able to perform the upgrade with disruptive behaviour. q. -- () ascii ribbon campaign - against html e-mail /\ www.asciiribbon.org - against proprietary attachments On 03/13/2011 06:02 PM, Church, Charles wrote: All, I'm having a hard time getting a non-disruptive upgrade to happen on my Nexus 5010s and 5020s. I'd really like to have non-disruptive, as we've got SAN attached Windows servers which tend to blue screen if they're unable to reach their iSCSI disks across the Nexus devices for more than a couple seconds. The topology has a pair of 5020s peered together, with a downstream 5010 pair peered together. The NetApp SAN is a VPC off the 5020s, and the servers are multiple VPCs (one for each enclosure) off the 5010s. There are no redundant links, all VPCs. All ports on the 5010s and 5020s are designated forwarding. The connections into the SAN and servers are trunks, thus not really able to fall into the 'edge' category needed for a non-disruptive ISSU. It seems a trunk can't be an edge port, even if it should be. Since I've got no redundant links, should I consider disabling spanning tree all together until the upgrade is complete? I've got redundancy into all chassis, so the loss of one switch doing a 'disruptive' upgrade is ok, but my concern is the peer switch will drop the VPCs as well (like when you've got temporarily-mismatching things like QoS, etc). Any other way to consider? Thanks, Chuck Church Network Planning Engineer, CCIE #8776 Southcom Harris IT Services 1210 N. Parker Rd. Greenville, SC 29609 Office: 864-335-9473 Cell: 864-266-3978 E-mail: charles.chu...@harris.com Southcom E-mail: charles.church@hq.southcom.mil ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/ ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] Nexus equipment in corporate networks
been using n7k deployed with vdc to have a physical collapsed core in a logical two-tier (distribution, core) model. we've used this to keep used features to a minimum within each context (i.e. i'm not going to run vpc within my core context). also deployed vdc to create isolation between production and test/dev server environments. my pitch/reasoning is anytime you want consolidation of airgapped chassis into a single device -- you can use vdc. q. -- () ascii ribbon campaign - against html e-mail /\ www.asciiribbon.org - against proprietary attachments On 03/12/2011 12:26 PM, Chris Evans wrote: Can anyone provide their reasoning for using VDC? Everytime we review it there is no compelling reason for us to use it over a vrf. Interested in seeing others opinions. Thanks On Mar 12, 2011 1:14 PM, Federico Cossufederico.co...@gmail.com wrote: 1) yes we do 2) no management vdc, but yes we do that as well. bye 2011/3/12 chris standcstand...@gmail.com: Hello, Is anyone here using Nexus 7Ks in their corporate networks ? Other than the management vDC are you breaking up your networks into multiple vDCs ? thank you. Chris ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/ -- Lo hai detto hermano. No se escherza con Jesus! (Jesus Quintana) ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/ ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/ ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] Nexus OTV Question
there are a couple of nasty bugs in 5.1(2) with regards to peer-gateway. peer-gateway will blackhole traffic for ipv4 and v6 if enabled in your domain. not sure of your storage scenario -- but it sounds like your slowly building out and may need this command in your toolbox for a later day. CSCtl10832 and CSCtl11424 are what you're looking for[0] this has kept us off the upgrade path for this code and we're keeping our fingers crossed for 5.1(3). [0]http://www.cisco.com/en/US/docs/switches/datacenter/sw/5_x/nx-os/release/notes/51_nx-os_release_note.html#wp263416 q. On 03/01/2011 11:00 PM, Martin Clifton wrote: This problem occurred with the 7K NX-OS 5.1.1a. Upgrading to 5.1.2 resolved the problem. Regards, Martin - Martin Clifton ITS - Networks and Computing Victoria University Melbourne, Australia Phone: 03 9919 4579 - On 28/02/11 10:16 AM, Martin Cliftonmartin.clif...@vu.edu.au wrote: Hello all, We have a pair of Nexus 7Ks at each of our two datacentres, separated by about 10K. There is a 40G L3 connection between the cores at each site and we run OTV over this core to provide L2 connectivity betweens the DCs. As well as setting up new vlans on the Nexus kit (5Ks and 2Ks) we are also using the OTV connection to transport vlans from our legacy datacentre which is based on Cat6509s and 3750s. I have a concern about the table that is displayed when you enter the command sh otv route. This table shows entries for site (ie local) and overlay (ie other DC) mac addresses.The issue is with the Uptime data. For the overlay addresses this will randomly reset to zero and all addresses will reset to zero at the one time. The frequency of this reset seems to be a function of the number of vlans ie the more vlans I add to the overlay, the more often the value resets. With 100 or more vlans the value may build up to a minute or two but will often only get to a few seconds before resetting. This doesn't appear to impact the functionality of OTV. But does it indicate I have a problem ? What is it that causes the reset and why are all the (overlay) mac addresses reset at the same time ?The symptoms occur whether or not otv suppress-arp-nd is enabled or not. Regards, Martin - Martin Clifton ITS - Networks and Computing Victoria University Melbourne, Australia Phone: 03 9919 4579 - This email, including any attachment, is intended solely for the use of the intended recipient. It is confidential and may contain personal information or be subject to legal professional privilege. If you are not the intended recipient any use, disclosure, reproduction or storage of it is unauthorised. If you have received this email in error, please advise the sender via return email and delete it from your system immediately. Victoria University does not warrant that this email is free from viruses or defects and accepts no liability for any damage caused by such viruses or defects. ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/ This email, including any attachment, is intended solely for the use of the intended recipient. It is confidential and may contain personal information or be subject to legal professional privilege. If you are not the intended recipient any use, disclosure, reproduction or storage of it is unauthorised. If you have received this email in error, please advise the sender via return email and delete it from your system immediately. Victoria University does not warrant that this email is free from viruses or defects and accepts no liability for any damage caused by such viruses or defects. ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/ ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] Cisco switches and unique MAC on SVI/L3 port
i cannot speak to anything else on your list -- but a fresh c4507r-e with sup6e is sitting in my lab right now. code lab4507re(config)#int vlan 250 lab4507re(config-if)#mac-add lab4507re(config-if)#mac-add ^ % Invalid input detected at '^' marker. lab4507re(config-if)#mac? macro lab4507re(config-if)#do sh ver Cisco IOS Software, Catalyst 4500 L3 Switch Software (cat4500e-ENTSERVICESK9-M), Version 12.2(54)SG, RELEASE SOFTWARE (fc3) Technical Support: http://www.cisco.com/techsupport Copyright (c) 1986-2010 by Cisco Systems, Inc. Compiled Sun 27-Jun-10 09:28 by prod_rel_team Image text-base: 0x1000, data-base: 0x12E09514 ROM: 12.2(44r)SG5 Darkside Revision 4, Jawa Revision 18, Tatooine Revision 141, Forerunner Revision 1.78 lab4507re uptime is 2 days, 2 hours, 24 minutes Uptime for this control processor is 2 days, 2 hours, 24 minutes System returned to ROM by power-on System image file is bootflash:cat4500e-entservicesk9-mz.122-54.SG.bin /code looks like i don't have that ability. q. -= sent via gmail using alpine. keeping it old school =- On Sun, 21 Nov 2010, Robert Hass wrote: On Sun, Nov 21, 2010 at 12:05 PM, Phil Mayers p.may...@imperial.ac.uk wrote: Can you be more specific? Which are you interested in - SVIs or routed ports? They behave differently. My question was regarding ability to change MAC on SVI, eg.: int vlan1666 mac-address babe.0001.0002 Sup720 can do this. On small Cat3560 I cannot. But what about latest Supervisors for Cat4500 (5,6E,7), Cat4900M, Cat4948E and new smaller ones (3560-X, ME3400E, ME3600X,ME3800X) ? Robert ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/ ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] Books for Nexus Arch
having used this book -- its of some value. its a great tool for configuration of the device -- quite lacking on architecture and the little one offs of the device. if you need to get the device configured, its a good reference. q. -= sent via gmail using alpine. keeping it old school =- On Wed, 13 Oct 2010, christopher.mar...@usc-bt.com wrote: Nikhil said: Take a look: NX-OS Book: http://www.ciscopress.com/bookstore/product.asp?isbn=1587058928 do you mention this book because it has Nexus in the title, or because you read it and found it valuable? /chris ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/ ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] Nexus evolution
we are deploying them in ~50 sites (mix of 7010, 7018). smattering of 5k/2248 when needed. using them in a collapsed core (agg, core vdc model) to replace existing 650x/sup720 cores. running light services (eigrp, qos, multicast) but using vpc to provide full redundancy between 45xx/65xx closets. seemed like a decent choice based on lifecycle and the release of 5.0 for the 7k. does what we need it to do and redundancy is there. still feels rough, but nowhere like it used to be. q. -= sent via iphone. please excuse spelling, grammar, and brevity =- On Sep 27, 2010, at 9:32, Seth Mattinen se...@rollernet.us wrote: About a year ago there were some large-ish threads on the Nexus and a couple people that had them in production had commented that there were bugs that made them feel like test subjects, plus a various assortment of unexpected limitations. How much has this changed over the last year? I do notice that the 2248TP fabric extender supports direct to 7k, and the 22xxTP datasheet lists 100/1000 as supported speeds. I've been researching a 7k as a candidate for a small colo datacenter, and to me it seems like it's matured quite a bit (on paper, anyway). ~Seth ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/ ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] linux vpn client
network-manager-vpnc in the ubuntu repos. little buggy. in my experience, no one client works for all profiles or vpn endpoints. shrewsoft, kvpnc, and nm-vpnc all are used on my system. ynmv. q. -= sent via iphone. please excuse spelling, grammar, and brevity =- On Aug 10, 2010, at 9:57, Jan Gregor jan.gre...@chronix.org wrote: Hi, there exists network-manager plugin for vpnc. Never used it though. Best regards, Jan On 08/10/2010 02:54 PM, Deric Kwok wrote: yes. it works, thank you but I have to type every time. How can I save configure? ls it possible I can use the GUI to connect? Thank you On Mon, Aug 9, 2010 at 2:10 PM, Gabriel jarod...@gmail.com wrote: vpnc On Aug 9, 2010 9:07 PM, Deric Kwok deric.kwok2...@gmail.com wrote: Hi all Can you suggest the linux vpn client? eg: fedora, suse I also try the anyconnect. but don't know how to put the configure file When I use it in xwindow, it asks me to provide connect to vpn gui But I type the ip address, it won't work Thank you ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/ ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/ ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/ ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] QoS and the Catalyst 4506e
what version of supervisor are you running in the chassis? if you are running a sup6, is it a sup6 or a sup6e? the latter has bitten us several times in the past. q. On Mon, Jun 7, 2010 at 12:56 PM, Steven Pfister spfis...@dps.k12.oh.us wrote: I'm trying to set up a new switch, a 4506e, for a remote site. Most of our newer remote sites are using a 4506 and this is the first time I'm working with a 4506e. Our standard configuration, which was in use before I started here, has QoS settings. I'm not that familiar with QoS, but I've read some about it and I have some idea as to what most of it does. Most of the QoS commands in our standard config aren't working in the 4506e. Does the 4506e have QoS? Is there some guide as to setting it up? Below are excerpts from the config we're using that are QoS related: -- qos dbl qos map dscp 32 33 34 35 36 37 38 39 to tx-queue 2 qos map cos 3 to dscp 26 qos map cos 5 to dscp 46 qos aggregate-policer XYZ_AGG 64 mbps 8 mbyte conform-action transmit exceed-action drop qos ! class-map match-all match_XYZ match access-group 142 ! policy-map police_XYZ class match_XYZ police aggregate XYZ_AGG ! interface GigabitEthernet4/1 description server qos dscp 48 ! interface GigabitEthernet4/30 description server service-policy input police_XYZ ! interface GigabitEthernet4/48 description upstream connection qos trust dscp tx-queue 1 shape 98 mbps tx-queue 2 shape 1 mbps tx-queue 3 priority high Steve Pfister Technical Coordinator, The Office of Information Technology Dayton Public Schools 115 S. Ludlow St. Dayton, OH 45402 Office (937) 542-3149 Cell (937) 673-6779 Direct Connect: 137*131747*8 Email spfis...@dps.k12.oh.us ___ cisco-nsp mailing list cisco-...@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/ ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] Good way of finding unauthorized network elements/
inline comments On Friday, October 30, 2009, Marcelo Zilio ziliomarc...@gmail.com wrote: A third option (if your switches support it) is enable port security and maximum mac address numbers on each switchport. depending on if the device is being used as layer3 and how his topology is set up, a single mac address will only be presented to the switchport, since the linksys is nat'ing packets. if it is in the budget, the cisco wlc's will handle this task nicely, however, i am unsure of the technical licensing on upgrading from autonomous ap's to lwaps. q. On Fri, Oct 30, 2009 at 4:08 PM, Scott Granados gsgrana...@comcast.netwrote: Hi all I have a general question. I have a network consisting of about 20 access switches and 2 core switches. We have 3 access points that we manage but think someone might have brought in a linksys or DLink consumer device and plugged in. (users, can't live with em, can't shoot em) Is there a tool or good method that could scan the arp table and look for Manufacturor ID bits so I could see roughly what's attached where? Are there better tools in general or better methods of finding rogue elements that people may attach? Any pointers would be appreciated. Thanks Scott ___ cisco-nsp mailing list cisco-...@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/ ___ cisco-nsp mailing list cisco-...@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/ ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/