...
not the throughput.
Derick Winkworth
CCIE #15672 (RS, SP), JNCIE-M #721
http://packetpushers.net/author/dwinkworth/
From: Jose Madrid jmadr...@gmail.com
To: Dan Armstrong d...@beanfield.com
Cc: cisco-nsp@puck.nether.net cisco-nsp@puck.nether.net
Sent
Derick Winkworth
CCIE #15672 (RS, SP), JNCIE-M #721
http://packetpushers.net/author/dwinkworth/
From: Matthew Melbourne m...@melbourne.org.uk
To: cisco-nsp@puck.nether.net
Sent: Monday, March 12, 2012 11:14 AM
Subject: [c-nsp] VASI interface and NAT on ASR1k
Hi
All:
Short article on improving DLSw+ performance/scalability...
http://packetpushers.net/dlsw-performance/
No, I'm not kidding. Yes I know its 2012. :-)
Derick Winkworth
CCIE #15672 (RS, SP), JNCIE-M #721
http://packetpushers.net/author/dwinkworth
Look at the rest of the ports on your box for xmit errors...
Derick Winkworth
CCIE #15672 (RS, SP), JNCIE-M #721
http://blinking-network.blogspot.com
From: Gert Doering g...@greenie.muc.de
To: Andrew Miehs and...@2sheds.de
Cc: Gert Doering g...@greenie.muc.de
the right
people generally lurk...
Derick Winkworth
CCIE #15672 (RS, SP), JNCIE-M #721
http://packetpushers.net/author/dwinkworth
From: Robert Raszuk rob...@raszuk.net
To: Gert Doering g...@greenie.muc.de
Cc: Derick Winkworth dwinkwo...@att.net; juniper
testing IOS-XE in lab. versions 3.1.4a and 3.4.0a.
we're seeing each VPNv4 route consume about 3.75mb of memory.on the RP.
please tell me this is a joke.
___
cisco-nsp mailing list cisco-nsp@puck.nether.net
.
Derick Winkworth
CCIE #15672 (RS, SP), JNCIE-M #721
http://blinking-network.blogspot.com
From: Derick Winkworth dwinkwo...@att.net
To: cisco-nsp@puck.nether.net cisco-nsp@puck.nether.net
Sent: Wed, August 31, 2011 6:06:51 PM
Subject: [c-nsp] (no subject)
testing IOS
Engineer to your requirements. Cisco and Juniper are good vendors to have for
variety.
Derick Winkworth
CCIE #15672 (RS, SP), JNCIE-M #721
http://blinking-network.blogspot.com
From: Gert Doering g...@greenie.muc.de
To: Ryan Finnesey rfinne...@gmail.com
Cc
it egresses...
Derick Winkworth
CCIE #15672 (RS, SP), JNCIE-M #721
http://blinking-network.blogspot.com
--- On Thu, 7/28/11, Muhammad Atif Jauhar atif.jau...@gmail.com wrote:
From: Muhammad Atif Jauhar atif.jau...@gmail.com
Subject: [c-nsp] QoS question
To: cisco-nsp@puck.nether.net
Date: Thursday, July
http://news.yahoo.com/obama-east-africa-famine-needs-world-respond-211611984.html
Derick Winkworth
CCIE #15672 (RS, SP), JNCIE-M #721
http://blinking-network.blogspot.com
___
cisco-nsp mailing list cisco-nsp@puck.nether.net
https://puck.nether.net
doh! wrong list SORRY
Derick Winkworth
CCIE #15672 (RS, SP), JNCIE-M #721
http://blinking-network.blogspot.com
From: Randy randy_94...@yahoo.com
To: cisco-nsp@puck.nether.net; Derick Winkworth dwinkwo...@att.net
Sent: Fri, July 29, 2011 6:45:06
if it or vSwitch did support it, it probably wouldn't work the right way.
VLAN differentiation in a multi-tenant environment should not have physical
dependencies on the ESX host.
Derick Winkworth
CCIE #15672 (RS, SP), JNCIE-M #721
http://blinking-network.blogspot.com
...
The ASA I think can support up to 500 contexts now, but with contexts enabled
I'm hearing there is no crypto support. I'm not sure this is an impediment for
us but I can see it being an issue for folks.
Derick Winkworth
CCIE #15672 (RS, SP), JNCIE-M #721
http://blinking
Thoughts on this blog entry?
I wonder if Cisco will support BGP on ASA soon.. I know people have been asking
for it. It would be nice if it had something Netconf on it too...
The new ASA blade is coming out for Nexus I hear, anyone know how many
virtual-firewalls it will support? Juniper's SRX
If you are not already running MPLS, then I would rule VPLS out... though there
are some benefits to biting the bullet and learning MPLS and virtualizing your
network with it.
L2TPv3 is a better option than GRE, in my opinion. Also having dark fiber
means large MTUs yes? I think that would be
or
pseudowire.
Isn't the ASR supposed to be getting some VPLS support here soon?
Derick Winkworth
CCIE #15672 (RS, SP), JNCIE-M #721
http://blinking-network.blogspot.com
--- On Wed, 7/6/11, Gert Doering g...@greenie.muc.de wrote:
From: Gert Doering g...@greenie.muc.de
Subject: Re: [c-nsp] GRE
New blog post I hope others find helpful...
http://blinking-network.blogspot.com/2011/06/sqlnet-aka-oracle-tns-and-firewalls.html
___
cisco-nsp mailing list cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at
1. Yes there are studies and comparisons. They are usually skewed/biased
favorably towards the company that is paying to have the study/comparison done.
2. Juniper/Alcatel-Lucent I think today are the primary competing vendors you
want to look at.
3. Tackling the service-provider problem is
For those interested, see new blog entry:
http://blinking-network.blogspot.com/
___
cisco-nsp mailing list cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/
Best viewed with a fixed width font... Bottom line if you intend to use the
ASR in this fashion then by all means start harassing your account team to have
match-in-vrf type functionality implemented on the ASR. Still the solution
below works (as far as we have tested it), its just not
That came out all jacked up, obviously. Will attempt to fix.
--- On Wed, 5/11/11, Derick Winkworth dwinkwo...@att.net wrote:
From: Derick Winkworth dwinkwo...@att.net
Subject: [c-nsp] VASI NAT on ASR/IOS-XE solved... I hope.
To: cisco-nsp@puck.nether.net
Date: Wednesday, May 11, 2011, 9:49 AM
Best viewed with a fixed width font... Bottom line if you intend to use the
ASR in this fashion then by all means start harassing your account team to have
match-in-vrf type functionality implemented on the ASR. Still the solution
below works (as far as we have tested it), its just not as
All:
Is anyone using VASI and NAT together on the ASR?
The VASI documentation that is publicly available (plus some other
documentation
you can through your SE) seems to indicate that VASI can enable services like
NAT between VRFs.
However, the NAT part just isn't true. As of right now, no
I have a hqos setup with a parent and child policy. You can set the
queue-limit
at both the parent and child levels. I am wondering if anyone had any insight
other thoughts and what to set the queue-limit to at the parent and child
level? Lets say on a 150mbps shaper that is pushing
There are virtual-switches on Juniper MXs which do precisely what you are
asking
for. Each virtual-switch has the entire VLAN space and their own spanning-tree
configuration.
From: Garry g...@gmx.de
To: randal k cisco...@data102.com
Cc: cisco-nsp
This could lead to some frustration when connecting to devices with auto-mdi...
as auto-neg is required for auto-mdi to work...
From: Tassos Chatzithomaoglou ach...@forthnet.gr
To: cisco-nsp@puck.nether.net
Sent: Fri, August 20, 2010 11:38:34 AM
Subject: Re:
Its an ASIC thing.
What you can configure the port to do is only negotiate at a subset of speeds
it
is capable of. I think this is actually a feature of the ASIC, not software
per
se.
I'm guessing.
From: Peter Rathlev pe...@rathlev.dk
To: Jim Getker
I believe the limit is 500 *pairs* of interfaces...
We are using the ASR too for this exact thing.
From: Matthew Melbourne m...@melbourne.org.uk
To: Neil Fenemor neil.fene...@fx.net.nz
Cc: cisco-nsp@puck.nether.net
Sent: Sat, August 7, 2010 9:04:37 AM
Subject:
and below that is 128k I believe...
From: Matthew Melbourne m...@melbourne.org.uk
To: Derick Winkworth dwinkwo...@att.net; Neil Fenemor neil.fene...@fx.net.nz
Cc: cisco-nsp@puck.nether.net
Sent: Sat, August 7, 2010 10:22:07 AM
Subject: RE: [c-nsp] VRF-Aware
This limits the scope of a NAT rule/translation to the VRF specified in the NAT
rule. The most common issue is that outside NATs were always global, even if
you specified a VRF. You could not re-use the same translated address (pool)
for another VRF / different real address...
Essentially
Does it have to be a switch?
As of 12.4(24)T3 you can do this on ISRs and 7200s...
From: Frank Bulk - iName.com frnk...@iname.com
To: sth...@nethelp.no
Cc: cisco-nsp@puck.nether.net
Sent: Thu, July 8, 2010 10:09:59 PM
Subject: Re: [c-nsp] Cheapest Cisco desktop
Does anyone know if there are any Cisco platforms that support IVL with Q-in-Q
so the mac lookup is a 72-bit field essentially (both VLANs and MAC address).
Just curious...
___
cisco-nsp mailing list cisco-nsp@puck.nether.net
I'm
curious about what MPLS-TP will turn out to be. Its still somewhat
nebulous I think. I have been following the FCoMPLS updates and saw
where they said they would leverage MPLS-TP for the 'reliable' portion of
MPLS... Yet I haven't exactly seen where there is anything like
You're right... I ran a script last night that configured 58000 static NATs.
Of course, service compress-config was necessary :-) but it took it with no
problems...
From: Rodney Dunn rod...@cisco.com
To: Derick Winkworth dwinkwo...@att.net
Cc: cisco-nsp
205.141.232.13 vrf SUB002-VRF match-in-vrf
That would be outstanding.
From: Arie Vayner (avayner) avay...@cisco.com
To: Derick Winkworth dwinkwo...@att.net; cisco-nsp@puck.nether.net
Sent: Fri, April 2, 2010 1:44:08 AM
Subject: RE: [c-nsp] match-in-vrf with NVI
All:
Anyone know when the match-in-vrf keyword will be supported with NAT NVI? I
really would like to see this!
Derick
___
cisco-nsp mailing list cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at
All:
Anyone know what the maximum number of configurable static NATs is on a
7200/NPE-G2? Is it just a function of memory or is there a hard limit
somewhere?
Derick
___
cisco-nsp mailing list cisco-nsp@puck.nether.net
Come to think of it, does anyone know when match-in-vrf will be supported at
all on the ASR? It might have made it into the 2.5 release... Can anyone
verify that?
From: Derick Winkworth dwinkwo...@att.net
To: cisco-nsp@puck.nether.net
Sent: Thu, April 1
Agreed on the 12.4(15)T train. Pick the latest release of this.
No new features have been introduced in this train since T7 or T8 I believe.
Going forward, all releases will be bug-fix only. As I understand it.
From: Dale Shaw
..and now you have a sh*tpile of boxes in your environment running different
versions of software with varying features for management and so forth. And if
your like most IT companies, some mgmt turd will eventually let maintenance go
on some of these boxes are not stick with the architectural
Its not like we can run Cisco IOS on any other vendor's equipment. If I buy an
ISR from Cisco, I have to pay them additional money to use the software that
only Cisco can create.. for that box? Its an arbitrary blood-rock scheme.
You pay twice to use the equipment you buy from them.
Its an
I am trying to configure something like this:
A primary LSP with 5g bandwidth... and lower priority..
A secondary LSP with 500m bandwidth and higher priority..
Essentially, if all links are up, then the primary paths will be used and we
will have maximum bandwidth utilization...
If we loose a
###
The MX-FPC swallows two whole DPC slots. In an MX240, that's
just a waste of time. You're better of getting an M120 or
M40e (M40e if you don't need STM-64/OC-192).
This makes the MX480 or MX960 more appealing when used with
the MX-FPC. But then, that's not in the same space as the
http://networkliberationmovement.net/
15 hours some big announcement? Anyone know what this is?
___
cisco-nsp mailing list cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at
You are mistaken. They use the ez-chip in non Q cards as well for the MX.
I think you only need to look at what the Q card does and you will see it does
not marry up very well to the traffic management feature of the ez-chip... I
think the previous poster was correct. Ethernet framing and MAC
Anyone else try doing this? I'm on 12.2(33)SRC4 on a 7200 w/NPE-G2 and for
some reason the vrf option in ip route static bfd is not showing up... I
don't see anything in the release notes about this or in bug toolkit...
Anyone thoughts?
___
cisco-nsp
12.4(15)T10
Its the third or fourth bug-fix only release in the 12.4(15)T line of code...
You have a lot of features you want to enable... I would try this one first..
From: luismi asturlui...@gmail.com
To: Gert Doering g...@greenie.muc.de
Cc:
site), this attribute tells BGP to compare the EIGRP cost
embedded in the attribute directly to an EIGRP route learned from the CE. This
attribute is compared before any other BGP attribute.
So I guess why do we need both (a) and (b)?
The documentation for this is shoddy.
Derick Winkworth
What Cisco devices are in the path? We had to configure an ACL on a
7200 denying inbound TCP RSTs, because of a bug where there there 7200
(if it was doing PAT) was erroneously sending the RST to the wrong
connection.
Long story short, NAT session #1 would properly terminate on the 7200,
but
say that some CCIE, or multiple CCIEs, didn't remember
fact x and therefore you call into question the value of the CCIE as a
certification... I guess that demonstrates how badly you are missing the
point.
Derick Winkworth
CCIE #15672
Peter Rathlev wrote:
On Mon, 2009-05-11 at 16:16 -0500
We have deployed several networks now with GET, and now that we are used
to it.. there is no looking back at DMVPN. When it comes to
troubleshooting on the CE device, I feel GET is much easier. There is
no overlay network with GET.
Mike Louis wrote:
Dear list,
I am working with a customer
All:
We went to production with a solution that we labbed, but now we are
seeing some odd behavior.
We added VRFs to our configuration and the EIGRP router-id for routes
redistributing into EIGRP from BGP was always the highest IP address in
the *VRF*, not the loopback interface in the global
7200vxr
Pete Barnwell wrote:
Hi,
Wonder if anybody can help me with selecting the right router for CPE?
It needs to be able to handle 100Mb/s delivered over FE, doing a bit of
QoS and a few ACLs but no dynamic routing protocols.
Thanks
Pete
You should subscribe to the CCIE groupstudy list. See
http://www.groupstudy.com/
Studying. Practice. Lots of practice. I purchased the
InternetworkExpert end-to-end program and I completed all 30 of the
practice labs plus a couple of mock labs (Brian and Brian were great!).
I did the live
You need to reduce the number of features you are actively using in the switch,
pick an IOS, put in the lab, fully regression-test it with load-testing (and
test all possible functions and failures of all protocols and features) then
deploy.
Oh wait... thats not possible is it? You need to do
Juniper supports it well. The EX series 1U switches are pretty decent
actually.
But, again... he might be able to get this done without VRFs...
Brad Hedlund (brhedlun) wrote:
The term VRF-Lite comes from when Cisco started delivering VRF
capabilities across all Catalyst L3 platforms, even the
You might be able to do this without vrf-lite, with something like PBR...
You only have two domains and each domain only has two logical
interfaces. So you could create four policies, one for each interface
that sets the egress interface that you want all traffic coming into
that interface to
RHI is multi-context, BGP stub is not... last I recall. Also I don't
think RHI is a licensed feature, its just available with the IOS... BGP
stub is licensed for some reason.
Vikas Sharma wrote:
Hi,
In FWSM inplementation, which one is preffered BGP stub or RHI. My low
confidecnce in RHI
If security is an issue, put any old router in that will do VRFs and configure
it with IOS FW or ACLs... You can put an IOS FW on a stick with VLAN's going
to it...
Or put an actual firewall in place...
From: Ramcharan, Vijay A
Or Vyatta maybe...
Masood Ahmad Shah wrote:
You can also use JUNOS olive.
http://juniper.cluepon.net/index.php/Olive
Regards,
Masood
-Original Message-
From: cisco-nsp-boun...@puck.nether.net
[mailto:cisco-nsp-boun...@puck.nether.net] On Behalf Of Cory Ayers
Sent: Sunday,
(1) We've had good experience with this. Decent throughput, but high
amount of jitter/latency. Its just another internet access method at
this point... it works fine.
Really its about the carrier...
(2) Cables and antennas as needed for getting the signal required can be
expensive if you go
some corruption of fragments with GET in 12.4(15)T5. Thats what
this is about. So we upgraded to T7 and jacked up the MTUs wherever possible.
- Original Message
From: [EMAIL PROTECTED] [EMAIL PROTECTED]
To: Luan Nguyen [EMAIL PROTECTED]
Cc: Derick Winkworth [EMAIL PROTECTED]; Rodney
If you apply the ip tcp adjust-mss command on an interface that has a crypto
statement on it...
Does it perform the MSS adjustment on outbound packets before they are
encrypted?
Does it perform the MSS adjustment on inbound packets after they are decrypted?
I know that this is typically
: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Derick
Winkworth
Sent: 19 October 2008 15:29
Cc: cisco-nsp@puck.nether.net
Subject: Re: [c-nsp] EIGRP routing failure
Do you see giants incrementing on either interface?
Mohammed Dado wrote:
Dears,
We're configuring EIGRP
Do you see giants incrementing on either interface?
Mohammed Dado wrote:
Dears,
We're configuring EIGRP on both sides, customer and ISP. The customer router
are dumping the following logs. Here's an example of some logs ..
128326: Oct 6 02:48:05.387 CDT: %DUAL-5-NBRCHANGE: IP-EIGRP(1)
PROTECTED]
[mailto:[EMAIL PROTECTED] Namens Derick Winkworth
Verzonden: vrijdag 10 oktober 2008 14:09
Aan: cisco-nsp@puck.nether.net Cisco NSP
Onderwerp: Re: [c-nsp] Fwd: NAT in VRF
http://www.cisco.com/en/US/docs/ios/12_3t/12_3t14/feature/guide/gtnatvi.html
http://www.cisco.com/en/US/docs
Don't these interfaces share a controller? So they are 3-to-1
oversubscribed on the NPE???
Mark Tinka wrote:
On Wednesday 15 October 2008 02:20:03 Adam Armstrong wrote:
...and 4 Cu/SFP and
2Mpps
The NPE-G2, like the NPE-G1, has only 3x copper/SFP transit
interfaces.
It's the
http://www.cisco.com/en/US/docs/ios/12_3t/12_3t14/feature/guide/gtnatvi.html
http://www.cisco.com/en/US/docs/ios/12_2t/12_2t13/feature/guide/ftnatvpn.html
Here are two different ways to do what you are asking for, I hope!
Gary Roberton wrote:
Thanks Luan
Can anyone else confirm this also?
We've been having good luck with 12.4(15)T6 and T7.
I wouldn't recommend any other 12.4 release.
Howard Jones wrote:
Peter Nyamukusa wrote:
Hi Howard,
Why do you have a look at the Software Advisor tool
http://tools.cisco.com/Support/Fusion/FusionHome.do
Because that doesn't
Q-in-Q
Johnny Ramirez wrote:
We have layer 2 connectivity from our main office to an offsite facility
where our servers reside. We are connected via fiber but is not a dedicated
circuit.
Recently I created a VLAN with same ID on both switches (main office and
Offsite facility) . I
All:
I believe I may need to tune down the tx-ring on a 3845 with ATM-AIM
module. I'm looking at this, and it doesn't look like it uses the same
system that the 7200 uses (i.e., with particles/576 bytes per particle
calculation).
from show controller atm0/ima0 I see the following:
Security Lab, CCIE Service Provider Lab , CCIE Voice Lab and CCIE Storage
Lab Certifications.
-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of
Derick Winkworth
Sent: Friday, July 18, 2008 8:45 AM
To: Cisco NSP; Groupstudy RS
Subject: tx-ring-limit on ISR
All:
Anyone heard from Boson on when they are going to update their practice
exams? We try calling to talk to them and they are just plain rude
about it.
They are still selling the old CCNP exams. Their information page on
the CCNP looks like it was written two years ago. We are a volume
73 matches
Mail list logo