Re: [c-nsp] IS-IS as PE-CE protocol

> Victor Sudakov > Sent: Thursday, March 21, 2019 2:30 AM > > Dear Colleagues, > > OSPF as a PE-CE protocol has some useful features: the "DN bit" for loop > prevention and sham links for route optimization. > > Does IS-IS have similar features? > It does if the PE end is L2 and CE end is L1,

[c-nsp] IS-IS as PE-CE protocol

Dear Colleagues, OSPF as a PE-CE protocol has some useful features: the "DN bit" for loop prevention and sham links for route optimization. Does IS-IS have similar features? -- Victor Sudakov, VAS4-RIPE, VAS47-RIPN 2:5005/49@fidonet http://vas.tomsk.ru/

Re: [c-nsp] TCAM utilization on Nexus 9396

--- Begin Message --- Please check the config guide. I am not as familiar w/the 1st gen switches as 2nd gen, but there should be at least some level of reconfigurability of the regions in gen 1. So you may be able to size up the region you want by removing entries from some other region. Yes,

Re: [c-nsp] TCAM utilization on Nexus 9396

Thanks for clarification, i have noticed when i add 1 rules number bump +1 but i believe you can't go above 510 right? that is hard limit if i am not wrong. also changing in resource required reload. On Wed, Mar 20, 2019 at 2:07 PM Tim Stevenson (tstevens) wrote: > > Yes, ACL lines consume

Re: [c-nsp] TCAM utilization on Nexus 9396

--- Begin Message --- Yes, ACL lines consume space in the TCAM. TCAM can be recarved according to the features in use/required. As long as the policy fits in the available TCAM space for that feature (software will complain and fail your config if it won't), enforcement is at full rate, no

[c-nsp] TCAM utilization on Nexus 9396

Folks and ( Tim/Nick ) I have Cisco Nexus 9396 L3 switch and running bunch of ACL ( IPv4 Access-list to block certain traffic ) today i was reading about TCAM and when i look at switch i found following utilization, so trying to understand how ACL relationship with TCAM. - Does number of ACL

Re: [c-nsp] Nexus 9300 sflow performance

Thanks Nick & Tim, This is awesome! i will get back to you after my deployment. On Wed, Mar 20, 2019 at 1:34 PM Nick Cutting wrote: > > We use the below, and I measured the reported traffic a few times, sending > exactly 1g / 10g files between a known source and destination; it was pretty >

Re: [c-nsp] Nexus 9300 sflow performance

We use the below, and I measured the reported traffic a few times, sending exactly 1g / 10g files between a known source and destination; it was pretty accurate. You must use routed ports, SVI’s require netflow – which is not an option for you. feature sflow sflow counter-poll-interval 30

Re: [c-nsp] Nexus 9300 sflow performance

--- Begin Message --- -Original Message- From: Satish Patel Sent: Wednesday, March 20, 2019 10:23 AM To: Tim Stevenson (tstevens) Cc: Nick Cutting ; cisco-nsp@puck.nether.net Subject: Re: [c-nsp] Nexus 9300 sflow performance Thanks Tim, Here is the output of show hardware

Re: [c-nsp] Nexus 9300 sflow performance

Thanks Tim, Here is the output of show hardware rate-limiter. ( i believe it's 40k) This is my first time dealing with SFLOW, Can you share some configuration parameter i should use for best practice would be great, What is 1-in-N sample actually? I am planning to use mgmt0 interface for SFLOW

Re: [c-nsp] Nexus 9300 sflow performance

--- Begin Message --- Yes, this is 1st gen. The SFLOW/SPAN restriction should not apply there. Re: 60Gbps/24Mpps and SFLOW, SFLOW does not do aggregation of stats for flows in the switch like netflow does - it's just 1-in-n packet sampling. As such, the value of "n" should be high enough that

Re: [c-nsp] Nexus 9300 sflow performance

We have cisco Nexus9000 C9396PX 60 Gbs is data traffic, and 24Mpps ( packet per second ) not sure how to convert it into flows. Could you please share your sflow configuration if you don't mind? I had nfsen in past with 8CPU / 4GB memory but it was damn slow :( but it could be me.. i will set up

Re: [c-nsp] Nexus 9300 sflow performance

Good point. We waited for the second Gen Regarding 60 Gbs, isn’t that is the data traffic, not the flows or sampled flows levels? Our NFSEn box is centos 4 vCPU and 4 GBrams Collecting flows from maybe only 30 devices, about 20Gbs and 3k flows per sec. -Original Message- From: Tim

Re: [c-nsp] Nexus 9300 sflow performance

--- Begin Message --- Make sure you distinguish between N9300 (1st generation) and N9300-EX/FX/FX2 (2nd generation). The SFLOW + SPAN limitation applies only to the latter. It's also on the latter that Netflow is supported, which can run concurrently with SPAN sessions. Tim -Original

Re: [c-nsp] Nexus 9300 sflow performance

Thanks nick, Awesome! I used nfsen in past but it was kind of slow Do you think 60Gbps traffic nfsen can handle easily ? Could you provide your hardware spec where you running Nfsen ? Ntopng is one more tool but not sure about performance. Sent from my iPhone > On Mar 20, 2019, at 9:19

Re: [c-nsp] Nexus 9300 sflow performance

We use sflow on 9300's, no performance hit - but you cannot use span sessions at the same time. Newer code revisions support netflow, without the SPAN session limitation, although we have not tried netflow on the 9300 yet. For a collector We use NFSEN - opensource, and quite a big install

[c-nsp] Nexus 9300 sflow performance

Folks, I have L3 Nexus 9300 switch which is running 60Gbps traffic on ISP interface so I’m planning to run sflow on that specific interference to get flow. Does it going to create any performances issue on switch? Can I run sflow on Layer 3 LACP interface? Can anyone suggest free open