you *ARE* ASN 100, you will not see _100_ in your BGP
RIB, as your ASN is only prepended when advertising the route to an external
ASN. In that case, you can just match for client ASNs:
"_((55|56)(_)?)+$"
--
Brandon Ewing
what? Is XR 6.0.1 not supported on the ASR9001? All the release
notes contradict that.
Or did you mean the non-X 1K routers?
--
Brandon Ewing (nicot...@warningg.com)
pgpKD8QtT4pEd.pgp
Description: PGP signature
_
we are doing is L3VPN.
--
Brandon Ewing (nicot...@warningg.com)
pgpiNTpKpYoMV.pgp
Description: PGP signature
___
cisco-nsp mailing list cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
Sup2T, if anyone
else ever stumbles across this thread. Expands the usefulness of the
6840-X-LE switches, or other Sup2T platforms without XL TCAM.
--
Brandon Ewing (nicot...@warningg.com)
pgp3iZ1kbDuB5.pgp
Description: PGP signature
_
-indent at all on following new-lines, and the default tab settings
insert a tab instead of spaces.
I did a little investigation of the underlying OS -- has anyone tried
editing/creating /pkg/etc/vim/vimrc to have some more sane settings? Does
it persist with system upgrades/reboots?
--
Brandon
.
You can override inbound policy on a per-neighbor basis, but outbound policy
will be in lockstep for multiple neighbors in the same peer-group.
The above is why we prefer templates instead of groups, but that does
nothing to solve the original problem.
--
Brandon Ewing
observed in the
history of the VSS concept, I can also highly recommend keeping the brains
separate and running a NHRP to handle your redundancy.
--
Brandon Ewing(nicot...@warningg.com)
pgpYQQMRtjhl5.pgp
Description: PGP signature
UTC (GMT)
Has anyone had any luck finding the fixed 8.3(2.40) images? The latest
interims I can find are 2.39. Emailed TAC, but no response yet.
--
Brandon Ewing(nicot...@warningg.com)
pgprRSnkMrcu4.pgp
Description: PGP signature
, and MSTP on the other? How can we
ensure that the MST0 BPDU is replicated into each PVST instance when we are
doing the mapping?
--
Brandon Ewing(nicot...@warningg.com)
pgp9Kz9Mx2dAo.pgp
Description: PGP signature
version or licensing preventing it from showing.
me01#sdm prefer ?
default default template
ip ip template
--
Brandon Ewing(nicot...@warningg.com)
pgpRjrs58cD7T.pgp
Description: PGP signature
, localpref 100, valid, external, best
--
Brandon Ewing(nicot...@warningg.com)
pgpu3AE0cjgO9.pgp
Description: PGP signature
___
cisco-nsp mailing list cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo
approaches would be appreciated.
--
Brandon Ewing(nicot...@warningg.com)
pgpVnbp1iQm8F.pgp
Description: PGP signature
___
cisco-nsp mailing list cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo
did crashed the Powerconnect as it attempted to create 4000+ vLANs at once.
--
Brandon Ewing(nicot...@warningg.com)
pgpylZs81Xeyw.pgp
Description: PGP signature
___
cisco-nsp mailing list cisco-nsp@puck.nether.net
experience
about this case.
We successfully converted a pair of VSS switches into two standalone
switches without issue, but continuing to use the supervisor 10GE ports as a
20GE port channel between the two switches. We have had no issues with
performance on the ports.
--
Brandon Ewing
at this, mapping vLANS to an MST instance on a
Powerconnect created that vLAN on the switch. Since we were pre-mapping the
entire 4K vlan range on our Cisco devices, this blew up the first
Powerconnect we tried it on.
Note: This was 2+ years ago, on a 53xx-class device.
--
Brandon Ewing
file.
https://www.cisco.com/cgi-bin/Support/OutputInterpreter/home.pl?locale=en
--
Brandon Ewing(nicot...@warningg.com)
pgpnzZok0zZFI.pgp
Description: PGP signature
___
cisco-nsp mailing list cisco-nsp
of my head, but you
should be able to get one from your local electronics store.
--
Brandon Ewing(nicot...@warningg.com)
pgptVCoc5DFNM.pgp
Description: PGP signature
___
cisco-nsp mailing list cisco-nsp
#wp1015775
--
Brandon Ewing(nicot...@warningg.com)
pgp8saKGIiBVF.pgp
Description: PGP signature
___
cisco-nsp mailing list cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive
using packet-tracer to debug, but you can't really simulate
incoming encrypted traffic using it. :/
--
Brandon Ewing(nicot...@warningg.com)
pgp3QJcLPsXrD.pgp
Description: PGP signature
___
cisco-nsp mailing list
processor supporting two chassis.
--
Brandon Ewing(nicot...@warningg.com)
pgpibd78Y41YA.pgp
Description: PGP signature
___
cisco-nsp mailing list cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo
IPSEC session, like
rooting their phones and compiling vpnc themselves.
jms
There's an app in the market now, if you have a firmware/kernel with tun.ko
pre-installed. I tested it last night, and was able to connect to ipsec on
3G.
http://code.google.com/p/get-a-robot-vpnc/
--
Brandon Ewing
SXI4 or SXI5
--
Brandon Ewing(nicot...@warningg.com)
pgpCd2VDGADYx.pgp
Description: PGP signature
___
cisco-nsp mailing list cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive
with a src AS or dst AS 0 represent
your own AS. Not sure if this is true on the ASR platform.
--
Brandon Ewing(nicot...@warningg.com)
pgpPI3a8Uol9A.pgp
Description: PGP signature
___
cisco-nsp mailing list cisco-nsp
try adding a
deny ip any host 208.71.159.144 fragments
line?
It's possible the router is trying to reassemble the fragments to compare
them to the ACL -- someone with more experience on the 6500 platform's ACL
quirks could comment.
--
Brandon Ewing(nicot
.
--
Brandon Ewing(nicot...@warningg.com)
pgpRdOMGPZFrz.pgp
Description: PGP signature
___
cisco-nsp mailing list cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http
it to
2 hops instead of disabling it will not do any check at all?
I would imagine that the disable-connected-check is more useful, as
egp-multihop anything implies disabling the connected check completely.
The number just specifies what TTL will be used by the BGP packets.
--
Brandon Ewing
in Netflow when
control plane traffic is passed to the route processor? I tried the ones
listed as Control Plane Interface, SPAN RP Interface, and SPAN SP
Interface, but none of my exported flows have any of their iface #s listed
as the outgoing interface.
--
Brandon Ewing
-connected routes: 2048/2048 1365/1365
IPv4 unicast indirectly-connected routes:1024/1024190/190
I believe direct-connected routes also includes IP-ARP entries in TCAM.
--
Brandon Ewing(nicot...@warningg.com)
pgpgHGKzkCeDW.pgp
.
Another case would be an incorrect netmask, with proxy-arp enabled on
another ip-routing device in the broadcast network.
--
Brandon Ewing(nicot...@warningg.com)
pgp47B1M3uzWB.pgp
Description: PGP signature
Receive Utilization Transmit Utilization
Gi0/51 10
And I've confirmed via NetFlow that a non-trivial amount of data is exchanged
between those two IPs.
--
Brandon Ewing(nicot...@warningg.com)
pgpYmdzl2I8Fm.pgp
On Fri, Nov 12, 2010 at 11:40:37AM -0600, Brandon Ewing wrote:
Unfotunately, I don't know if the layer-2 hashing method on src-dst-ip is
independent of whichever CEF algorithm I choose, or if both load balancing
levels always use the same algorithm.
As a follow-up, I tried switching
on multiple switches, and all switches
are running 12.2(50)SE1 ip services
--
Brandon Ewing(nicot...@warningg.com)
pgpP7i41pd3Zt.pgp
Description: PGP signature
___
cisco-nsp mailing list cisco-nsp@puck.nether.net
fell swoop.
--
Brandon Ewing(nicot...@warningg.com)
pgpAStzghilaK.pgp
Description: PGP signature
___
cisco-nsp mailing list cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive
exist. They had lost our business by then.
Dell is the same way. In lab tests on their Powerconnect switches, attempting
to
map uncreated vLANs to an MST instance creates them. This was bad when
attempting to map all vlans to MST01, switch went nuts and had to be
power-cycled.
--
Brandon Ewing
tested with UDP, and got the same results as before.
If anyone has any additional ideas as to what to check, it would be
appreciated.
--
Brandon Ewing(nicot...@warningg.com)
pgpt2OBdBnRIa.pgp
Description: PGP signature
not result in a net increase of
overall speed. It appears that any flow in between two ports can only reach
100mb/s.
Anyone have any idea where I can look to find the root cause?
--
Brandon Ewing(nicot...@warningg.com)
pgpxxUBJInuQ0.pgp
Description: PGP
--
does anyone know if the feature is coming in the next release? It'd be very
desirable to be able to do simple OSPF without upgrading to the IP Services
license.
--
Brandon Ewing(nicot...@warningg.com)
pgpxPrNBt7cGn.pgp
Description: PGP signature
RANCID) to collect the new
revision and mail out the diffs.
(see snmp-server enable traps config)
Dave.
This does not work correctly on all platforms. See my previous post
http://markmail.org/message/4envqn5aepv6nbci and test prior to production.
--
Brandon Ewing
0082
--
Brandon Ewing(nicot...@warningg.com)
pgpDu2TPH3oaR.pgp
Description: PGP signature
___
cisco-nsp mailing list cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo
switches
maintain a different layer 2 forwarding database for each vLAN, so the same
MAC in multiple vLANs is handled appropriately. If it's aliases, it still
isn't an issue, as the layer 3 device will gladly store the same MAC address
in the ARP table for multiple IPs.
--
Brandon Ewing
will always prefer to egress on a
locally connected link over traversing the VSL.
--
Brandon Ewing(nicot...@warningg.com)
pgp1ZnmtToXjD.pgp
Description: PGP signature
___
cisco-nsp mailing list cisco-nsp
a vlan. You can see this with:
show vlan internal usage
Mack
This is actually controlled by vlan internal allocation policy
(ascending|descending). If set to ascending, it starts at 1005 and starts
counting up -- if descending, starts at 4094 and counts down.
--
Brandon Ewing
issues if you drop exceeded traffic.
--
Brandon Ewing(nicot...@warningg.com)
pgpNxDasFVO3n.pgp
Description: PGP signature
___
cisco-nsp mailing list cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo
action in your default, or you risk rate-limiting/dropping
ARP gleans?
--
Brandon Ewing(nicot...@warningg.com)
pgpVcykkedJHw.pgp
Description: PGP signature
___
cisco-nsp mailing list cisco-nsp@puck.nether.net
,
-Drew
Linux-based route server using iBGP. Our IPs get our nullroute community
and our upstreams' nullroute communities, external IPs get our nullroute
community and no-export for source-based RTBH.
--
Brandon Ewing(nicot...@warningg.com)
pgp986dClKq1m.pgp
On Tue, Feb 23, 2010 at 06:35:11AM -0500, Devon True wrote:
The 4948 does support input and output service policies.
--
Devon
But does not support IPv6 in hardware, IIRC. Something to keep in mind.
--
Brandon Ewing(nicot...@warningg.com
qos protocol arp still seems to indicate
that ARP traffic is being dropped somewhere, even though software and
hardware counters for the ARP class show 0 drops.
--
Brandon Ewing(nicot...@warningg.com)
pgpPS0J2fNFEa.pgp
Description: PGP signature
with source routing header options
unicast-routing Enable unicast routing
IPv6 on 3550 is software-switched, as the ASICs on the platform aren't big
enough for v6 addressing.
--
Brandon Ewing(nicot...@warningg.com)
pgpapi2BeuTij.pgp
Description: PGP
the traffic to be dropped at the ingress edge instead of crossing your
network from ingress to where the annoucement is sourced.
--
Brandon Ewing(nicot...@warningg.com)
pgpW1MtSYXItB.pgp
Description: PGP signature
.
--
Brandon Ewing(nicot...@warningg.com)
pgpEXlA0dt6YC.pgp
Description: PGP signature
___
cisco-nsp mailing list cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http
www
service-object icmp echo
!
Then utilize it in an ACL:
access-list TEST-ACL permit object-group TEST any host 1.2.3.4
--
Brandon Ewing(nicot...@warningg.com)
pgpwFHlupYFHR.pgp
Description: PGP signature
--
Brandon Ewing(nicot...@warningg.com)
pgpXqkXpHHcVN.pgp
Description: PGP signature
___
cisco-nsp mailing list cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http
the NSF message, the adjacency will already have been
dropped.
--
Brandon Ewing(nicot...@warningg.com)
pgpnCovm8J1YT.pgp
Description: PGP signature
___
cisco-nsp mailing list cisco-nsp@puck.nether.net
https
/technologies_tech_note09186a0080094a94.shtml
ENTITY-MIB::entPhysicalTable will map a processor to an entity ID
CISCO-PROCESS-MIB::cpmCPUTotalPhysicalIndex maps the entity ID to a
processor index.
CISCO-PROCESS-MIB::cpmCPUTotalTable lists processor utilization by procesor
index.
--
Brandon Ewing
to only do show version, show vlan,
and show running-config.
--
Brandon Ewing(nicot...@warningg.com)
pgpAhc5BeevwK.pgp
Description: PGP signature
___
cisco-nsp mailing list cisco-nsp@puck.nether.net
https
of information regarding BGP SNMP
http://tools.cisco.com/Support/SNMP/do/BrowseMIB.do?local=enstep=2mibName=BGP4-MIB
--
Brandon Ewing(nicot...@warningg.com)
pgp6sPG2LVuDS.pgp
Description: PGP signature
___
cisco-nsp
on it, allowing one to see when/how/why changes were made to the
configurations.
Maintaining a working directory locally on the server where you can check
out revisions and perform svn diff on is also useful.
--
Brandon Ewing(nicot...@warningg.com)
pgpK1ObcOWWOC.pgp
Looks like in the new browser, they're filed as 12000 Performance Route
Processor Engine images. Filename is still gsr-p-mz, which runs on the
GRP.
Note that 12.0(32)S12 contains the 4-byte ASN problems discussed here and on
NANOG, so 12.0(32)S11 is your best bet.
--
Brandon Ewing
-attached section, and each IP - ARP address is an
adjacency in the directly-attached section, so it's really more a
limitation on the amount of ARP entries the switch can store.
--
Brandon Ewing(nicot...@warningg.com)
pgpmU1fmntwyC.pgp
Description: PGP
-authentication none to the RA
tunnel-group to disable XAUTH.
--
Brandon Ewing(nicot...@warningg.com)
pgpDmlfoo7VVJ.pgp
Description: PGP signature
___
cisco-nsp mailing list cisco-nsp@puck.nether.net
https
::cRFCfgRedundancyMode.0 = INTEGER: hotStandbyRedundant(8)
CISCO-RF-MIB::cRFCfgRedundancyModeDescr.0 = STRING: SSO (Stateful Switchover)
--
Brandon Ewing(nicot...@warningg.com)
pgpFJLK1V1vu0.pgp
Description: PGP signature
___
cisco
/docs/ios/12_0s/release/ntes/120SNEWF.html#wp3521658
I loaded it on a test router yesterday -- I immediately ran into the
issue discussed last week on NANOG:
http://markmail.org/message/3ofvjyggayfxezna
--
Brandon Ewing(nicot...@warningg.com)
pgpFPx02JXeH5
Can anyone here provide thoughts / suggestions regarding the version of IOS
for the 3750 platform that has the least problems, and offers the most
stability? Featureset is not an issue, as layer 3 functions are not
required, just QoS/LACP.
--
Brandon Ewing
63 matches
Mail list logo