On Thu, 11 Sep 2008, Richey wrote:
I've got a 7206VXR with an NPE 300. It does not run BGP. The majority of
the traffic on this router will be is streaming media. The only ACLs on
this router are there to protect the router it's self. We are talking
about switching the full DS3 that is in
On Fri, Sep 12, 2008, Garry wrote:
Only thing I could suggest for now is using three squids (could be done
on that single machine) with three different outgoing IPs, which in turn
can be routed statically to one line each through route maps ... then
use a fourth squid instance (towards the
Hello!
On Thu, Sep 11, 2008 at 10:29:55PM +0100, [EMAIL PROTECTED] wrote:
my initial (and, i guess, current) IPv6 deployment plan
was based on /64 subnets. yes, thats a ridiculous amount
of hosts per subnet...nasty software coded in 'the old style'
might make these very big collision
* Bob Snyder:
One issue we ran into was that not all the networking gear we had
could support /126. The vendor's (not Cisco) immature support for
IPv6 could only understand the concept of /128 loopbacks and /64
subnets.
Subnets smaller than /64 containing (conceptually) global unicast
Dear rootnet,
Not a direct solution to what you want, but did you consider using IP
SLA for constant performance monitoring?
You can setup a few IP SLA HTTP probes to well known sites and monitor
the performance trend. This would give you a real indication of the
quality of experience.
Arie
Yeah, and be aware that the more things you put on a device, the more
likely it is to die.
I've heard some scary things about the NAT-PT implementation on cisco
kit, it's apparently very very slow and a bit unstable.
Make sure you don't mind if all of the services on that device go down
I will be out of the office starting 05/09/2008 and will not return until
18/09/2008.
I will respond to your message when I return.
Kind Regards
*
Disclaimer: This electronic mail, together with any attachments,
Hi,
I blocked BGP bogons announces[1] like many other admins (I hope).
I want to know if it's common that ISP add an ACL to the wan port to block
at least rfc1918 IP addresses.
And in the contrary ACL to prevent outgoing spoofing.
[1] http://www.cymru.com/Documents/secure-bgp-template.html
Hi Julien,
This topic may actually be more suited to other mailing lists such as
NANOG rather than a Cisco specific list.
Anyway, I believe it is more common that ISPs deploy the use of uRPF
(unicast reverse path forwarding) rather than ACLs.
At the very least, the use of loose mode RPF ensures
Yep...typo.
On Fri, Sep 12, 2008 at 12:22:19PM +0800, Mark Tinka wrote:
On Thursday 11 September 2008 21:06:26 Rodney Dunn wrote:
That's wrong.
The 7301 is basically a 1RU 72xx/G2 combo.
I thought that's the 72xx/NPE-G1 combo; the 7201 would be
the -G2 combo, right?
Mark.
I can second the good results with the Keyspan ...
- Original Message -
From: Patrick Muldoon [EMAIL PROTECTED]
To: adrian kok [EMAIL PROTECTED]
Cc: cisco-nsp@puck.nether.net
Sent: Friday, September 12, 2008 8:27 AM
Subject: Re: [c-nsp] console port
On Sep 12, 2008, at 7:14 AM,
Thanks Frank. This looks almost exactly what I was looking for, but
the VLANs would be switched around: VID 10 would come through tagged
(i.e. equipment mgmt VID) and VID 100/101 (i.e. customer VID) would
come through untagged.
Is this only on the newer switches? I seem to remember I had to
Hi,
since we're in a situation where we may have to implement BFD soon on
a number of links, I did a test with 12.2(33)SRA4 in a half-test environment.
The result was that after max. 5 min the router (SUP720-3BXL) crashed
without memory (small buffers) left. This was easily reproducible
by just
IP SLA seems to be the best option at present. Although we monitor with
some open source tools. I would like to have a way to check that I am
getting what (bandwidth) I am paying for if this makes sense.
It seems to me that these programs only monitor the circuits not test
throughput. I want to
Hi All
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] Behalf Of Ang Kah Yik
Sent: 12 September 2008 12:39
To: julien leroiso
Cc: cisco-nsp@puck.nether.net
Subject: Re: [c-nsp] do I need acl on wan bgp port ?
Hi Julien,
This topic may actually be more
Hi all,
Does anyone know if the ME3750 can do egress shaping of a particular queue to a
limit of 40Mb/s? If so, any examples anyone can share? The goal is to not
only police on ingress at a certain limit (25M, 50M, 75M), but also to egress
shape at the same limit. I've got the inbound
I use ATEN brand RS232/USB adapter and windows update was able to get the
driver for itFYI :)
Try googling brand of your adapter, you might find something
On Fri, Sep 12, 2008 at 7:14 PM, adrian kok [EMAIL PROTECTED]wrote:
Great. but my winxp is showing ? in the usb of the
system. It needs
You can use netperf to test bandwidth, cron it to run daily for 10
seconds and it will report the bandwidth on your circuits.
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of root net
Sent: Friday, 12 September 2008 9:53 PM
To: Arie Vayner (avayner)
Cc:
My vote for Keyspan aswell, though I have seen some very strange
things happen with them.
Personally, mine is working flawless, and it gets a good workout...
I use a Mac with Minicom, doesnt matter which USB port I have it
plugged into, it always works.
Tom
On 12/09/2008, at 10:47 PM,
On Sep 12, 2008, at 10:46 AM, Tom Storey wrote:
My vote for Keyspan aswell, though I have seen some very strange
things happen with them.
Personally, mine is working flawless, and it gets a good workout...
I use a Mac with Minicom, doesnt matter which USB port I have it
plugged into, it
Hi,
On Fri, Sep 12, 2008 at 09:50:33AM +0200, Florian Weimer wrote:
Subnets smaller than /64 containing (conceptually) global unicast
addresses are not allowed per the IPv6 addressing architecture RFC.
So it's just another case of vendors got bitten by RFCs that don't
match customer
I'd strongly encourage anyone to go for SRB3 and later. We had a huge
bug fix push on the SRB throttle after SRB2 and it's been extremely
stable and that is where we are enouraging customers to go.
There were a lot of changes to BFD in the SRB timeframe for a lot of bugs.
Rodney
On Fri, Sep
On Thursday 11 September 2008, [EMAIL PROTECTED] wrote:
You can enable sampling if it is not enabled. It should help
some.
Highly unlikely. Sampling on the 6500 is performed interely in
software, *after* the full set of flows has been received.
You have to distinguish between the cpu load
Florian Weimer [EMAIL PROTECTED] writes:
* Bob Snyder:
One issue we ran into was that not all the networking gear we had
could support /126. The vendor's (not Cisco) immature support for
IPv6 could only understand the concept of /128 loopbacks and /64
subnets.
Subnets smaller than /64
I'm running a Cisco 7206/VXR with an NPE G2, Version 12.4(4)XD4
acting as an LNS.
I'm getting input errors consistently incrementing on the Gig
interface (ignored errors)
Any way to fix this? I saw some discussion a while back about this,
and it seemed to have to do with buffers - but I
Hi...
Does anyone know if it's feasible to use ELAM capture on SRB throttle?
I haven't been able to find it.
I'd appreciate if someone can share additional information about it.
Thanks much!
___
cisco-nsp mailing list cisco-nsp@puck.nether.net
Highly unlikely. Sampling on the 6500 is performed interely in
software, *after* the full set of flows has been received.
You have to distinguish between the cpu load seen as interrupt load
(caused mostly by walking through the TCAM, collecting statistics and
storing them in netflow
Richey wrote:
I've got a 7206VXR with an NPE 300. It does not run BGP. The majority of
the traffic on this router will be is streaming media. The only ACLs on
this router are there to protect the router it's self. We are talking
about switching the full DS3 that is in this router out for a
Can you bump up your input queue depth:
hold-queue 4096 in
and see if they stop.
I don't suspect that is going to help because the ignores
are not increasing that would point to:
CSCse05447
Externally found moderate defect: Resolved (R)
7200 ethernet interfaces should not throttle on input
Yes. We use it all the time to match on ingress ip/mpls frames and see
what the rewrites are.
The complexity comes when you have to understand all the internal
dst_indx and internal VLAN allocation details.
Rodney
On Fri, Sep 12, 2008 at 01:51:50PM -0300, Leonardo Gama Souza wrote:
Hi...
Actually, you can use IP SLA for bandwidth testing too. You just need to
find some file which can be pulled off the internet via HTTP/FTP, and
use IP SLA to get it.
The only thing is that you would be killing your user's access to the
net at the time of the test, so testing during peak hours would
Eric,
This should be possible.
Take a look here:
http://www.cisco.com/en/US/docs/switches/metro/catalyst3750m/software/re
lease/12.2_46_se/configuration/guide/swqos.html
Arie
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Eric Van Tol
Sent: Friday,
No luck... didn't fix it. Is it fixed in a subsequent release? Are
there any other parameters I can tune?
GigabitEthernet0/1 is up, line protocol is up
Hardware is MV64460 Internal MAC, address is 001a.6d30.091b (bia
001a.6d30.091b)
Description: to gig-fastiron Ethernet11
MTU 1500
On Fri, Sep 12, 2008 at 02:40:04PM -0400, Clayton Zekelman wrote:
No luck... didn't fix it. Is it fixed in a subsequent release? Are
there any other parameters I can tune?
Not really because you can't tune the rx ring depth.
Check 'sh controller'.
What does 'sh proc cpu sort | excl 0.00'
The ELAM syntax that worked on SXF doesn't work on SRB though... Mind
sharing how to do captures in SRB?
--
Tim
On Fri, Sep 12, 2008 at 1:17 PM, Rodney Dunn [EMAIL PROTECTED] wrote:
Yes. We use it all the time to match on ingress ip/mpls frames and see
what the rewrites are.
The complexity
ring sizes: RX = 128, TX = 256
rx_particle_size: 512
rx_pak = 0x0444F908
rx_head = 122
Here are the sh controller and sh proc results.
I'll send the config directly - too much to sanitize ...
Thanks!
Hardware is MV64460 Internal MAC (Revision MV64460-Ethernet)
network link is up
Config is 1Gbps, Full Duplex
Selected media-type is RJ45
GBIC is not present
Ethernet Unit
From: Arie Vayner (avayner) [mailto:[EMAIL PROTECTED]
Eric,
This should be possible.
Take a look here:
http://www.cisco.com/en/US/docs/switches/metro/catalyst3750m/software/re
lease/12.2_46_se/configuration/guide/swqos.html
Arie
Hi Arie,
Thanks for the response. I've read this a bunch
It depends on the amount of traffic you are planning to analyze.
In my experience from ISP environment a 3BXL with 256000 netflow
entries can handle about 3Gb/s of average internet traffic
without overrunning the netflow cache. But you have to use really
aggressive timers to force flows time out
On Fri, Sep 12, 2008 at 09:32:02PM +0200, Ivan Gasparik wrote:
I plan to try the way mentioned by you - mirroring traffic to
some fprobe server. Is here somebody running external server for
netflow analysis? I would be interrested in your experiences,
especially what hardware is needed for
This may sound like a dumb question, but does anyone know where the
filter material can be acquired that is used on the 7500 and 12008
routers chassis?
Thanks,
-Troy
___
cisco-nsp mailing list cisco-nsp@puck.nether.net
On Fri, 12 Sep 2008, Ben Steele wrote:
It looks like the fix was to enable flow-sampling.
Out of curiosity what are you using your netflow for? I'm asking because
sampling obviously isn't ideal when you are trying to get completely
accurate data for accounting.
Mostly for abuse
Chris:
Your initial e-mail indicated the tagging opposite to what you said in this
latest e-mail. =)
I think these commands are supported in most switches/software releases.
Frank
-Original Message-
From: Chris Hale [mailto:[EMAIL PROTECTED]
Sent: Friday, September 12, 2008 8:36 AM
43 matches
Mail list logo