Re: [c-nsp] IOS reliability
Peter Rathlev wrote: We're mostly running C6k with 12.2SXF and 7200 with 12.4 main, and I know it's very complicated to give some figures, but do any of you know of any studies regarding IOS stability in general? Its a lot like the reliability of hard drives. If it runs for three weeks it will probably run for three years. - Kevin ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] BGP outbound loadsharing
If you are taking full routes you can do manual traffic engineering (localpref certain as-paths higher/lower between the two links). There are also commercial products that will do this automatically for you (Avaya CNA, Internap FCP etc). If you have connections to differnt ISPs and cannot take full routes then requesting partial routes and/or filtering received routes may enable you to do some path based TE. If you have multiple links to the same ISP you can set maximum-paths for bgp to install multiple next-hops for the same path in the fib. - Kevin Dracul wrote: Hi List, Does anyone have a recommended design (configuration) for BGP to utilize/loadshare all outbound traffic? usually the behaviour i'm getting is that my BGP only utilizes one link for outbound. is OER ( Performance Routing ) recommended? regards, chris ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/ ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] BGP outbound loadsharing
Alasdair McWilliam wrote: Hello, Apologies if this is a duplicate post, the original message went wrong and unsure if the list actually forwarded it on or not! This is a bit of an extension from the original post, but what would be considered best practice for outbound routing, if you had one link to two ISPs? For example, if you were downloading a full BGP table from both ISPs and assigned local preference to some routes, traffic from a customer could arrive on ISP1 and return traffic be sent via ISP2. Is this generally considered to be acceptable or is it preferential for return traffic to be routed the same ISP from which it came into your network? It is completely normal and common for traffic to take different paths in and out especially when both endpoints have different paths available. There is no reason to be concerned about this from a technical perspective. - Kevin ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] SXI1 is out
Peter Rathlev wrote: On Wed, 2009-04-01 at 14:01 -0400, Jared Mauch wrote: netflow on the 65xx is broken enough i'm surprised it gave you any data of value. Hm, I thought it worked okay. Out of curiosity, what should one be careful about with it, if one's network was dominated by 6500s? We only use it for troubleshooting though, so precision is less important for us if that's the problem. I wouldn't use it for accounting but with the right sampling it can be used to see how much traffic you are sending to/from other ASN's. I use: mls sampling packet-based 1024 8192 Which gives a convenient ~1000 conversion factor from indicated bandwidth to actual. - Kevin ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] ebgp load balancing using maxiumu-paths TCAM impact onSup720-3BXL?
I am doing 8 parallel full tables to the same provider on an rsp720 with no issues. You can barely do 6 full tables on a sup720-3bxl. The limitation is processor memory not tcam. Here is what 6 looks like with 12.2SXF16: HeadTotal(b) Used(b) Free(b) Lowest(b) Largest(b) Processor 44B0D4B0 927902544 815304080 11259846488132216 77785200 FIB TCAM usage: TotalUsed %Used 72 bits (IPv4, MPLS, EoM) 524288 281823 54% As you can see memory is very tight with 6 parallel full tables but tcam usage is normal. I would not expect any problems with 2 however. - Kevin Brad Hedlund (brhedlun) wrote: Better to use 'ebgp multihop' and peer to provider router's loopback. Then have equal cost static routes to provider's loopback via the two physical interface next hop IP addresses. Cheers, Brad Hedlund bhedl...@cisco.com http://www.internetworkexpert.org On May 20, 2009, at 9:47 PM, Peter Kranz pkr...@unwiredltd.com wrote: Setup is as follows; 2 edge routers, each with a BGP session receiving full routes to the same provider router. The provider is load balancing inbound traffic to our AS nicely, 50/50 between the edge routers.. I would also like to load balance the outbound traffic.. I've considered adding 'maximum-paths 2' to install the two equal paths, but an concerned about FIB TCAM impacts. Will adding this command cause each equal cost route to take one additional TCAM entry, i.e. full routing table x 2 524k TCAM limit = EPIC meltdown? Current FIB TCAM: L3 Forwarding Resources FIB TCAM usage: TotalUsed %Used 72 bits (IPv4, MPLS, EoM) 524288 285506 54% 144 bits (IP mcast, IPv6) 262144 5 1% Peter Kranz http://www.UnwiredLtd.com www.UnwiredLtd.com Desk: 510-868-1614 x100 Mobile: 510-207- mailto:pkr...@unwiredltd.com pkr...@unwiredltd.com ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/ ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/ ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] full routing table / provider-class chassis
Jo Rhett wrote: I've been trying to spec Cisco for an upgrade of our Force10 backbone for nearly 2 months now. I'm just trying to clarify which platform Cisco recommends for full routing table/hardware forwarding/provider-class environments. Unfortunately every time I get through to the supposed right group, I mention our requirements and Cisco never follows up. It's almost like they realize they have nothing on Juniper and they don't even bother. They are about to be eliminated from the choices for lack of having an answer. Until they decide to care, is there anyone on here willing to propose a basic platform for provider-class environment? By which I mean * Full IPv4 v6 routing table (Cisco has 760k v4/260k v6 I know with SUP720/3CXL) * ASIC-based line-rate forwarding (SUP720-3CXL and DFC-3CXL on each line card, right?) * 196 ports copper 10/100/1000 * 40 ports SFP 1g (on two line cards, not one) * 96+ BGP peers, 8-10 full routing table peers Unfortunately, Cisco's partners are useless. They propose 6509s without the DFCs, which we know will fall over. Well that depends... The DFC's only do next-hop (tcam) lookups and netflow. All packets are switched on the centralized PFC. Each line card has two 20Gbit/s fabric channels (2x 40Gbit/s full duplex) to the PFC. The PFC also has tcam for lookups and netflow to service any cards that do not have a DFC. The PFC is rated at something like 30Mpps so if you are doing less than that and you don't need the extra netflow tcam you don't need any DFC's and can still theoretically do 640Gbit/s (320Gbit/s for those of us to have highly unbalanced traffic flows). Netflow is subsampled on this platform. I have been able to get pretty good estimates of traffic flow (checked against SNMP counters) but I would not use that for any kind of accounting. The SNMP counters are fairly noisy due to the several second update intervals. SNMP counters on vlans are even worse and loop over after a few gbit/s even though the coutners themselves are 64bit. You may find using smaller switches (like 3560) for most customer ports and using 10Gig uplinks is better than using copper ports on the 6500/7600. I would avoid the sup720, the rsp720 has 2x the ram and more than 2x the cpu power. cpu on the sup720 is by far it's biggest limitation. And as I understand it, the 6509 even with the 3CXL cards can't handle 5 full peers, nevermind 96 total peers. Most people suggest the 7600 platform, but at least two comments on the mailing list indicate it isn't much better. What are people using today for this kind of environment? Does it work? ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] full routing table / provider-class chassis
Phil Mayers wrote: Kevin Loch wrote: Unfortunately, Cisco's partners are useless. They propose 6509s without the DFCs, which we know will fall over. Well that depends... The DFC's only do next-hop (tcam) lookups and netflow. All packets are switched on the centralized PFC. Each line card has two 20Gbit/s Łukasz has already addressed this; suffice to say he's right, and the above is not correct. A TCAM lookup *is* the forwarding operation, and the DFC has all information required locally to switch the packet (via the fabric) to the output linecard, and does so. After re-reading this: http://www.cisco.com/en/US/prod/collateral/switches/ps5718/ps708/prod_white_paper0900aecd80673385.html I shouldn't have said PFC. The fabric is on the supervisor card itself not the PFC. What I meant was the packet is always sent to the centralized switch fabric on the active supervisor card regardless of where the lookups/acl are done. The important point is that the lookup limitations (mpps) are different than the fabric bandwidth limitations (gbps) because of how these functions are separated on the cef720/dcef720 platform. A 6509 should not fall over without DFC's unless you are doing more than 30mpps. That is 15gbit/s of 64 byte packets or 360gbit/s of 1500 byte packets. - Kevin ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] Freezing counters at 6500
Grzegorz Janoszka wrote: Hi, We have several 6500's, some of them heavily loaded. We use snmp to graph traffic on all interfaces - just the simplest solution. Since some time we have had an issue with the interface counters. When the CPU box is really loaded (usually synchronization of BGP sessions), the counters just freeze. The important thing is that only the displaying freezes, the counters are still counting. Both snmp and 'show interface' data is frozen and does not update for various time - from 30 seconds to 3-4 minutes. As the result we have spikes on graphs - there is always spike down, when snmp gives frozen data from the past, and after that spike up, when the counters unlock and start displaying correct data. Try adjusting 'service counters max age' to zero if you haven't already. As others have pointed out a delay of 3-4 minutes is not normal What does your SP (not RP) cpu usage look like? Try disabling netflow if your SP cpu usage is maxing out. - Kevin ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] Humor: Cisco announces end of BGP
TJ wrote: -Original Message- From: cisco-nsp-boun...@puck.nether.net [mailto:cisco-nsp- boun...@puck.nether.net] On Behalf Of David Freedman And what, prey tell is wrong with /126 on point to point links, you want to use SLAAC between routers? Nothing is wrong, per se. It certainly works. Oh, and I don't believe I said anything about SLAAC. However, there have been numerous conversations back and forth, on many sides of this. My feeling is based on two things: I don't like the idea of vendors/providers ignoring an RFC just because. And note the RFC in question leaves no wiggle room here. If a different solution is better, codify it in a draft, get community consensus and get it ratified in a RFC. Not saying the IETF is always right, but I'd prefer any such disagreement gets vetted by as many eyes as possible. In this case there are lots of things that assume 64bits of host space - most aren't relevant to PtP links, but still ... Aggregation IMHO the most efficient solution is to burn one of the client's /64s on the client-facing link ... one covering prefix for entire client, including CPE. IIRC there was some chatter about using /127s (again), dumping the subnet router anycast address (for security reasons, I believe). I'd have the same thing to say to that conversation - get some loose consensus pre-implementation. Lots of folks, myself included use /112 for point to point links, server only subnets and just about anything that doesn't require RA's (which is almost everything in a hosting environment). /112 is a convenient bit boundary to work with and one size fits all (p-p and multipoint) applications. In closing, I guess I would turn it around and say provide me a really good reason to not use /64s as dictated ... Making it difficult for autoconf to work on certain subnets is a big plus. - Kevin ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] VSS 1440 issues
C and C Dominte wrote: Thank you for your advice, however, increasing the timers did not work. I powered down the active linecards from switch 2 yesterday to see if it stopped the unicast flood, which it did. Today I increased the mac address syncronisation activity time to 640 and the mac address aging time to 1920 (3x640) as below: While I have not run 6500's in VSS mode I have run into similar unicast flooding with certain non-VSS configurations of 6500's. The most reliable fix I have found is arp timeout 120 in the affected vlan interfaces. - Kevin ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] multipath BGP not balancing equally.
This sounds like the unequal multipath is a quirk (feature?) of sup720 default load sharing behavior. It happens to any multipath routes (static, ospf, bgp) installed in the FIB: http://cisco.cluepon.net/index.php/Sup720_load_balancing shows a different ratios than OP but that might be due to different behavior in different IOS versions or hardware revisions. mls ip cef load-sharing simple works well for me but mls ip cef load-sharing full simple should also work if you also want layer4 hashes involved. - Kevin David Hughes wrote: Hi But seeing as the OP indicated that one of the circuits was 2GB *underutilised* you'd be looking for 3 src/dst pairs that were all doing 2GB to get this situation. It's looking pretty unlikely that this is a hashing issue. David ... On 06/08/2009, at 6:23 AM, Rodney Dunn wrote: Ah...good one. If the sources were not random enough and it's NAT'ed to one external ip you could really be multiplexing flows with NAT. ;) Dean Smith wrote: Would agree that volume is rare between 2xIP addresses but we have something similair although on not quite the scale. We NAT a very large organisation to the Internet. They have a large number of disparate sites that all do their own AV updates. All the PCs download at the same time in the evening and we generate about .75 Gb/s of traffic between our external PAT address and the AV download site for a good couple of hours. If we had a bigger internet pipe it would be a higher figure. (for less time of course). Dean - Original Message - From: Rodney Dunn rod...@cisco.com To: Mikael Abrahamsson swm...@swm.pp.se Cc: Cisco cisco-nsp@puck.nether.net Sent: Wednesday, August 05, 2009 2:19 PM Subject: Re: [c-nsp] multipath BGP not balancing equally. For small flow combinations you are right. btw, it would be just L3 src/dst flows by default unless the L4 port option is enabled. I thought about there being a single flow causing the difference that would be hashing down one of the paths. But 2G, while not impossible, typically isn't used between two ip addresses. It's something to check though for sure. Rodney Mikael Abrahamsson wrote: On Tue, 4 Aug 2009, Rodney Dunn wrote: That's usually caused by routes not being the same on the paths. It was my understanding that this usually was caused by not having enough L4 flows to loadshare on...? Ie if you have 100 TCP flows and 4 paths, then it's not enough flows to get good load share on, but if you instead have 10k flows and all of them are low-speed, then the odds of them being equally load shared is much better? ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/ __ NOD32 4306 (20090804) Information __ This message was checked by NOD32 antivirus system. http://www.eset.com ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/ ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/ ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] Enhanced download procedure
Jay Hennigan wrote: What the #$^$...@# is going on with Cisco's download site? It completely hangs Firefox with some shopping cart java thing. And this is downright scary: http://www.west.net/~jay/images/cisco-wants-root.png Enhanced downloads, brought to you by the same people who brought us enhanced interrogation? Actually this is like feature terrorism with lots of collateral damage. - Kevin ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] 12.2(18)SXD to 12.2(33)SRB|C|D
Jason Lixfeld wrote: 3- There is one device on the network (an ASR1002 running 2.4.0) that is unable to see the loopback address via OSPF from this 7600 we just upgraded. It's built an adjacency with the 7600, so it's not an MTU thing, it just doesnt see the route for it's loopback interface. Make sure the ospf network mode on the interface (ip ospf network broadcast/point-to-point etc) is set correctly and to match the neighbor settings. - Kevin ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
[c-nsp] fabric bandwidth on A9K-8T/4
The data sheet for the ASR9K-RSP-4G claims 180 gig/slot fabric. The data sheet for the A9K-8T/4 does not say what it's fabric bandwidth is. The /4 in the part number looks suspiciously like it is 2:1 over subscription. Does anyone know the fabric bandwidth on that card? The ASR9K data sheets are horribly lacking. - Kevin ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
[c-nsp] unknown ethertype 0x200e
Does anyone know what this might be, from a routed interface on SRD3: 15:00:18.774808 00:02:fc:c1:0d:b2 00:00:00:00:02:02, ethertype Unknown (0x200e), length 78: 0x: 0001 0203 0405 0607 0809 0a0b 0c0d 0e0f 0x0010: 1011 1213 1415 1617 1819 1a1b 1c1d 1e1f 0x0020: 2021 2223 2425 2627 2829 2a2b 2c2d 2e2f .!#$%'()*+,-./ 0x0030: 3031 3233 3435 3637 3839 3a3b 3c3d 3e3f 0123456789:;=? I'd like to know what knob to use to turn it off. Google didn't turn up anything helpful. - Kevin ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] ASR1004 vs 7606(RSP720-CXL)
Asbjorn Hojmark - Lists wrote: On Mon, 30 Nov 2009 20:18:13 +0100, you wrote: Best to ask these questions of your Cisco account team. Exactly :) They say: We don't know. We can't get a definite answer from the BU. Hopefully they won't screw everyone (again) who forklifted their 6500's to 7600's to support the rsp720... - Kevin ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] Rmon checksum failed on WS-C4006
I had this problem recently on a sup720, the lithium battery was dead. Fortunately it was socketed unlike on many of the sup2's. - Kevin Sony Scaria wrote: Thanks Clinton. My Cisco TAC rep also recommends the same. Sony. -Original Message- From: Clinton Work [mailto:clin...@scripty.com] Sent: 06 December 2009 00:15 To: Sony Scaria Cc: cisco-nsp@puck.nether.net Subject: Re: [c-nsp] Rmon checksum failed on WS-C4006 I have seen this problem many times on Catalyst 5000 and 6500 boxes. The cause is NVRAM corruption which can often be resolved by rebooting the Supervisor in order to clear the issue. During reboot some of the NVRAM configuration can be lost so make sure you have a proper backup to compare with. The other cause could be a faulty NVRAM chip on the Supervisor so having a spare handy during the reboot would be a good idea as well. Clinton. Sony Scaria wrote: Hi All, I've observed Rmon checksum failed when I run sh ver on one of my catos switch. The system is stable for a long time and I did not observe any related logs. I had done some research , but couldn't gather any info on Rmon checksum. ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] cisco 6509 rommon mode
Have you tried replacing the lithium battery on the sup2? Hopefully you have a newer board with a socket. - Kevin ambedkar wrote: Hi, i cleaned the modules of 6509 and reinstalled, it shows inband gmac link did not come up: reseting the system System Bootstrap, Version 7.1(1) Copyright (c) 1994-2001 by cisco Systems, Inc. c6k_sup2 processor with 262144 Kbytes of main memory Autoboot executing command: boot bootflash: Self decompressing the image : ##] System Power On Diagnostics DRAM Size ..256 MB Testing DRAM ...Passed Verifying Text Segment .Passed NVRAM Size .512 KB Level2 Cache ...Present Level3 Cache ...Present System Power On Diagnostics Complete Currently running ROMMON from S (Gold) region Boot image: bootflash:cat6000-sup2cvk9.8-3-2.bin System Bootstrap, Version 7.1(1) Copyright (c) 1994-2001 by cisco Systems, Inc. Warning: Rommon NVRAM area is corrupted. Initialize the area to default values c6k_sup2 processor with 262144 Kbytes of main memory Autoboot: failed, BOOT string is empty rommon 1 rommon 1 After this, if i execute the command BOOT, once again it is showing old log as below. thanks, bye. Hi, i am using cisco 6509 switch. This switch is not power ON for last one year, now after switch ON,It is going to ROMMON mode. The following is the log: Currently running ROMMON from S (Gold) region Boot image: bootflash:cat6000-sup2cvk9.8-3-2.bin Module 1 port ASIC 0 failed: Pinnacle Packet Buffer Error Module 1 reported following ports unusable port 1 bad port 2 bad port 3 bad port 4 bad inband gmac link did not come up: reseting the system System Bootstrap, Version 7.1(1) Copyright (c) 1994-2001 by cisco Systems, Inc. c6k_sup2 processor with 262144 Kbytes of main memory Autoboot executing command: boot bootflash:cat6000-sup2cvk9.8-3-2.bin Self decompressing the image : ##] System Power On Diagnostics DRAM Size ..256 MB Testing DRAM ...Passed Verifying Text Segment .Passed NVRAM Size .512 KB Level2 Cache ...Present Level3 Cache ...Present System Power On Diagnostics Complete. - I tried the following commands: 1.boot 2.boot bootflash:cat6000-sup2cvk9.8-3-2.bin 3.I thought ios may be damaged, so i used XMODEM to upload IOS image, but after some time, it is also failing. please help me, Thanks.bye ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/ ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] Netflow problem ...In Cisco 7606 Router
mdjahangir hossain wrote: Dear concern: I faced a problem in cisco SAR-7606 router about netflow.when i enable netflow , access to this router so slow.it would be nice for me can any one help how can i enable netflow in cisco 7606 router without this type of problem. Here the router IOS information: BOOTLDR: Cisco IOS Software, c7600s3223_rp Software (c7600s3223_rp-ADVENTERPRISEK9-M), Version 12.2(33)SRD2a, RELEASE SOFTWARE (fc2) System image file is sup-bootdisk:c7600s3223-adventerprisek9-mz.122-33.SRD2a.bin As badly as netflow is broken on the 7600's (and more so than usual in SRD*) It shouldn't affect your RP cpu to the point of being so slow. It sounds like you have enabled something that can only be done in software on the RP. A quick search found: http://www.cisco.com/en/US/prod/collateral/modules/ps2797/ps5972/prod_qas0900aecd80350bfc.html table 3: Bridged NetFlow, Multicast NetFlow with v9 export Cisco IOS Software only I don't have any sup32's so I don't know if it's any netflow v9 or just the specific types listed. You might try a different type than v9 and/or try increasing the sub-sampling level. I use: mls nde sender version 5 mls sampling packet-based 1024 8192 I also recommend avoiding SRD for netflow, SRC seems to be much less buggy. - Kevin ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] Load-sharing with two links to the same ISP
Matthew Melbourne wrote: On looking at this again, it appears that BGP Multipath only works when the eBGP sessions are terminated on the same box. The scenario here is two eBGP session to the same ISP, but terminating on two different customer edge routers (with an iBGP session between them). In the lab tests I've done, I can see the two entries in the BGP table (one learned via the directly connected eBGP neighbour and one learned through iBGP (from the other eBGP session on the other router), but only the best path (via the eBGP link) gets entered into the RIB. That is done to prevent loops. If you can aggregate the traffic on other routers first, then ibgp multipath could work for you. Another option is if the uplinks are ethernet and you are able to extend vlans between your two routers. Then there are several ways to implement a full mesh (four eBGP sessions) so each of your routers would see an equal cost path over each uplink. - Kevin ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] 7606 RSP720
Sharlon Carty wrote: Hello, I have a police-map applied to a vlan interface set to 10mbit. Works fine, as long as traffic is routed on the CEF720 48 port module. But the moment traffic is routed on the RSP720, traffic is above the 10mbit. Is there something on the RSP720 that needs to enabled? The SIP-600 includes a DFC. Unfortunately on this platform each forwarding engine makes policing decisions independently. In addition all policing decisions are made on the ingress forwarding engine, even for egress policers. Ingress traffic on the SIP-600 may be rate limited to 10mbps, but you could get another 10mbps of ingress traffic from line cards that use the PFC on the rsp720. If you have other DFC's in the system they would also add to the total if there is ingress traffic for that vlan on them. - Kevin ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] 12.2SRC6 available
Mark Tinka wrote: On Monday 15 March 2010 03:35:32 am luismi wrote: I just see it. Anyone here testing it? :D I'd stopped tracking any developments in SRC as I thought that line had met its end. Just read the release notes... a couple of bug fixes but nothing that solves my biggest issue with this train. Which issues did you have with SRC? SRC5 has been very stable for me. - Kevin ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] combing 7600 power supplies
I migrated from a 2500w AC power supplies (running at 120v/1250w) to 2500w DC power supplies without any reboots or problems so you can mix and match AC/DC supplies of the same rating. - Kevin Jason Lixfeld wrote: As long as the power supply you are installing is exactly the same as the power supply that is in there currently, you should be able to insert it, power it up and configure combined mode (if it's not that by default already) without an issue. If you try to install and power up a higher output supply, it will shut down the lower output supply and your box will reboot as power is shifted from the lower output supply to the higher output supply. On 2010-05-05, at 8:06 AM, Ibrahim Abo Zaid wrote: hi group i have a problem and will need to combine the power supplies of 7609 router (changing the mode from redundant to combine) based on your experience , is this step can take the router down if one power supply is enough now but i need to insert new modules so i need to combine the other one ? thanks --ibrahim ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/ ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/ ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] 4-byte ASN Support on 7600 SRE2
Gary T. Giesen wrote: Is anyone running SRE2 (or 1) in production on their Cisco 7600s? Any significant gotchas? Currently running SRD4 and I would like to gain 4-byte ASN support.. I might try the SRE train when the latest resolved cveats do not contain things like router will collapse into a black hole when an interface is shut and then unshut. - Kevin ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] Cisco 3750s - Stackwise Plus
Sean Granger wrote: The product listing on this page ( http://www.cisco.com/en/US/products/hw/switches/ps5023/prod_models_comparison.html ) shows WS-C3750G-12S as being StackWise+ compatible. This is an older product and even the literature on the other 3750v2s just references the original StackWise technology. I like the 12S for fiber aggregation in these stacks but maintaining a 64Gb interconnect would be nice between the copper access layer switches. Does anyone have this sort of combo in a stack with products that clearly support StackWise Plus (3750E, 3750X) and can confirm/deny compatibility? The G models can link with stackwise plus (E,X models) but the entire stack will operate in regular stackwise (suck) mode. - Kevin ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] OIR on 7600s: Pretty much evil?
Mikael Abrahamsson wrote: The bus is stalled all the time during the insertion. There is a few millimeters of insertion length where the bus is stalled. If you're rapid and firm in the insertion, you get a few tens of milliseconds of stall. If you do it wrong and the car gets stuck in that position of the stall, the bus will be stalled until the linecard is removed. It also helps if you talk dirty to it before attempting insertion. - Kevin ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] BGP peer/customer routes
vince anton wrote: So what happens now is that for this more specific customer prefix, I have a specific route saying some AS5 nets are preferable via the peering link than via the direct customer link, and if I want to deliver transit traffic to my customer, my router would choose the peering link. This is not desirable behaviour. Instead of trying to figure out how to break your customer's routing policy, you might ask them why they prefer the other transit provider. Is it because of cost? Capacity issues? Do they send you some more specific and others to AS11?. Or perhaps there were too many packet loss/routing issues and things just run more smoothly through AS11. - Kevin ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] BGP peer/customer routes
vince anton wrote: it surprises me that some people seem to be ok with passing transit traffic over a peering link. I dont understand why you would want to do this, as to me this seems abuse or misconfiguration (possibly not intentional), and potentially very expensive, or loss of revenue. The example you gave should not result in passing transit traffic over a peering link unless the more specifics are filtered somewhere. The only traffic you should be sending to the more specifics learned from your peer is from your own customers. In that case it is legitimate peering traffic and also the best path based on the information you have available (bgp). You aren't re-advertising the more specifics learned from your peers to non-customers right? - Kevin ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] Troubleshoot UDP out-of-sequence
Persio Pucci wrote: Hi folks, I am having some problems trying to figure out what could be causing UDP packets get out-of-sequence on some multicast streams (market data) between Sao Paulo and New York. Are there any Juniper M160's in the path of the packets? Those were notorious for re-ordering packets when using FPC-2 and multiple fabric modules. - Kevin ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] RSP720 dropping ipsec packets
Cassidy Larson wrote: Kevin, I had the exact same problem. We actually swapped out our RSP720 for a replacement. Unfortunately, the second one exhibited the same problems. Our third RSP720 did not, however. My vendor said he got both of the original two from the same dealer. I wonder if there was a bad batch of RSP720's or something. Currently, we're running dual RSP720's on two 7600s without the issue. It was a nightmare to troubleshoot. What IOS version are you running and what hardware/firmware versions were the RSP720's? - Kevin ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] Huawei NE40E-X3 vs Cisco AS9K
70% seems *really* high an for rsp720. Are you sure it's not a sup720? The two have vastly different cpu performance (about 10x it seems). I have several rsp720 with many full bgp transit feeds + peer routes and my typical cpu usage is only 10%. What IOS image are you running and what else are you doing on this box besides bgp that could be eating cpu? I had one rsp720 recently (curiously the only one I have seen with 4g ram instead of 2g) that had 70% cpu usage after a few bgp sessions came up. The 'show ibc' output indicated several hundred thousand pps to and from the RP so something was obviously wrong. Swapped out with a different rsp720 and everything was fine (10% cpu, 100pps on IBC). - Kevin Manuel Marín wrote: We are using the RSP720 and 3CXLs. Both have performance issues when dealing with multiple BGP sessions, When one of the full bgp peer flaps or when there is a link flap the other routing protocols start to flap as well. I'll try to tweak the timers in the mean time. Usually the CPU usage is around 70%. On Wed, Sep 28, 2011 at 1:16 PM, Waseem waseem_alir...@yahoo.com wrote: Hi Manuel, What are the supervisor engines that you are using on the 7600 routers. Regards, Waseem On Wed, Sep 28, 2011 at 6:47 AM, Waseem waseem_alir...@yahoo.com wrote: Hi, We've been in the same situation, a small note: per slot capacity of the ASR9K is 320G it takes 40G and 100G SPAs while for NE40E-X3 is 40G, almost the same as Cisco's 7600. Regards, Waseem -- *From:* Manuel Marín m...@transtelco.net *To:* cisco-nsp@puck.nether.net *Sent:* Wednesday, September 28, 2011 9:56 AM *Subject:* [c-nsp] Huawei NE40E-X3 vs Cisco AS9K Hi We are currently looking for alternatives to upgrade cisco 76XX routers and we are comparing Huawei NE40E-X3 vs Cisco ASR9K. I was wondering if someone can share their experience with Huawey routers as Core MPLS routers. Any advice would be greatly appreciated Thanks ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/ -- Manuel Marín Transtelco Inc. 1.9152172232 ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] No Link between SFP-10G-LRM and X2-10GB-LX4?
ci...@entrap.de wrote: Greetings, I have a 6509 with an X6716-10GE Card equipped with Cisco X2-10GB-LX4 10GE modules and a Cisco 2960S-48TD-L Switch with two Cisco SFP-10G-LRM modules. LX4 and LRM are not compatible. LRM uses a single 1310nm laser, LX4 uses four lasers around 1310nm and wdm optics. Right now I am not able to get an active link between these X2 and SFP modules, it stays down/down (notconnected). I instantly get a link when connecting X2 to X2 or SFP+ to SFP+ Module. I tried nonegotiate but this didn't help.. The 6509 runs IOS 12.2(33)SXI7, the 2960 IOS 12.2(55)SE3. Cisco says these modules are compatible to each other.. Has anyone seen this before? Any hints or ideas? Use 10GBase-LR and SMF whenever possible, even for short distances. It works great, It's what everyone uses so parts are cheap and plentiful, and you have a single type of optics and cables for sparing. - Kevin ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] Three ISPs - Three Edge Routers - iBGP Mesh
Mark Mason wrote: Two of our DC's are about to get their 3rd internet drop. Each ISP connection has its own edge router. HSRP is running facing on the LAN side. Please see https://supportforums.cisco.com/message/3496562#3496562 for topology and further discussions. I expect that packets leaving the DC will hit the HSRP active, perform the route lookup and exit via the best path BGP has selected (and/or the best path my PfR setup has installed). Does anyone see any gotcha's with just letting BGP do its thing; no local-pref changing, no path prepending? Given the flatt-ish topology of the Internet these days you will see most of your traffic use the local transit on the active hsrp node. This is because for the same route with equal as-path length and local-preference the router will prefer the ebgp (local) route over the ibgp routes. If you want to roughly balance outbound traffic across all three transit links, you will need to use local-pref to prefer some routes/as-paths over others regardless of whether they are on the local router or not. The common way to do this is to make a short list of large ISP/backbone AS's, prefer some of them on each link and adjust until you get the preferred traffic distribution. - Kevin ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/