Re: [c-nsp] Pkt forwarding query

Hi Hank, I use ABF to take traffic out of a GRE tunnel and forward out a physical interface, so I would imagine the reverse may work. -- Devon Hank Nussbacher November 2, 2015 at 3:25 PM At 14:40 02/11/2015 -0500, Chuck Church wrote: Perhaps ABF:

[c-nsp] Inter-op with Juniper EX4200 Using LACP Link Protection

Hi Cisco-NSP, We have a pair of Cisco Nexus 7000s switches connecting into one Juniper EX4200 switch using a vPC port-channel. On the Juniper side they are using LACP Link Protection (http://www.juniper.net/techpubs/en_US/junos13.3/topics/task/configuration/lacp-link-protection-cli.html

Re: [c-nsp] Odd Network Issue (7600/Sup3BXL)

. Locally generated traffic (e.g. BGP) went through fine. Also, adding an IPv6 ACL would stop all IPv4 traffic. Needless to say, we have a TAC case opened. -- Devon Devon True mailto:de...@noved.org Friday, 14 March, 2014 12:07 PM Twice in the past two weeks, a Cisco 7600 router with a Sup3BXL

[c-nsp] Odd Network Issue (7600/Sup3BXL)

Twice in the past two weeks, a Cisco 7600 router with a Sup3BXL has stopped egress traffic from a port on a WS-X6708-10GE module to one of our Internet providers. All other circuits on the same WS-X6708-10GE module are fine. BGP with the provider never goes down, however bandwidth drops from

[c-nsp] Running OSPF Across VPLS Service

All: We are deploying VPLS within our network and a client is trying to run OSPF across it between two routers. Here is a simplified diagram: OSPF device 4948 6500 7600 WAN 7600 6500 4948 OSPF device Both locations are identical (4948, 6500, 7600), but the 4948 in location A

Re: [c-nsp] SYSTEM_CONTROLLER / Cisco 7606

Ahmed, Hello Devon My router is running out of warranty so i can't contact TAC, what do you think about IOS upgrade ? Jared's original advice is sound and he knows his stuff. =) We recently got hit by bug CSCtx31177, causing our Sup720-3BXLs to reboot in our 7600 routers. We were running

Re: [c-nsp] SYSTEM_CONTROLLER / Cisco 7606

Ahmed, Thanks for your quick reply. Actually IOS version is 12.2(33)SRD4, we will upgrade it soon. But the router didn't reload normally, we forced router to reload manually then it comes up and the ISO has been stored in sup-bootdisk. We had something similar and the config-register on

Re: [c-nsp] timezone setting in networking gear; local, HQ, or UTC?

On 14-Mar-13 11:18 AM, Deny IP Any Any wrote: my company is east-coast US, but now we're expanding West; for the first time we'll have routers/switches/etc in a different time zone. How does everyone else handle time zone settings on a network that spans multiple time zones? We've discussed

Re: [c-nsp] 7600/Sup3BXL CPU-MONITOR Issues

Kevin, We saw the same crash two weeks or so ago and are running (c7600rsp72043_rp-ADVIPSERVICESK9-M), Version 15.2(4)S1 on RSP720-3CXL's. Sure it's not related, but It did happened while rancid was querying the router. Thank you for responding. Cisco TAC did mention RANCID when reviewing

[c-nsp] 7600/Sup3BXL CPU-MONITOR Issues

All: Recently several of our Sup720-3BXL modules in 7600 routers have crashed with a %CPU_MONITOR-SP-6-NOT_HEARD error. In each crash, the RP is able to generate a crashfile, however the SP is not. We have several TAC cases open about these issues, but I did not know if the collective knowledge

Re: [c-nsp] Next step-up from 7206VXR

On 20-Feb-13 9:15 AM, Mikael Abrahamsson wrote: On Wed, 20 Feb 2013, Jon Lewis wrote: The Sup720 can do 1 million routes too. Can you point out where cisco says the implementation is any different between the Sup720, RSP720, and Sup2T that makes the latter capable of handling more v4/v6

Re: [c-nsp] Rcv-Err And Giants On 7600 WS-X6708-10GE

On 9/14/2012 11:37 AM, Devon True wrote: All: We are seeing increasing Rcv-Err and Giants on a WS-X6708-10GE in a 7600 running 12.2(33)SRE3. The interface itself have very low usage (~400 Mbps in and out) and I do not see any input drops. Input queue: 0/75/0/0 (size/max/drops/flushes

Re: [c-nsp] Port-to-Janus or Port-to-Metro mappings on 7600

John, I've been beating my head against my desk to remember the command that shows the port-to-Janus mappings and the port-to-Metro mappings. I thought for sure there was one. I can never remember how ports are mapped to the Metropolis asics. I just remember it's some oddball mapping. Do any of

Re: [c-nsp] IPv6 domain reply Cisco 6509 IPv4 address

On 16-Aug-12 9:41 AM, Chris Lane wrote: We do not run IPv6 currently from this site, ipv6 is not enabled on box. when i ping google.com i get the following response. ping google.com Translating google.com...domain server (64.17.248.2) [OK] Type escape sequence to abort. Sending 5, 100-byte

[c-nsp] 3750 Stop Passing Traffic When trust dscp Enabled

All: We are running a 3750 on 12.2(52)SE which terminates a 1G connection from a metro Ethernet provider so that we can aggregate customer Ethernet circuits based on vlan id and split them out on individual 100M connections. When we enable mls qos trust dscp on a customer-facing interface, the

Re: [c-nsp] BGP Local Preference Question

Nick, I have the need to move a good portion of our outbound traffic away from one of our carriers. I have done this by setting the local preference on certain ASNs in the past. My question is if there's a list of larger carrier ASNs out there so I can make fewer changes that effect larger

Re: [c-nsp] dumb BGP ipv6 peer group question

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 27-Dec-11 6:25 PM, John Brown wrote: I'm trying to turn up some IPv6 peers. Most of them are already IPv4 peers. I have a peer group defined in the IPv4 world. You can use the same peer session and peer policy templates with v4 and v6

Re: [c-nsp] Faster BGP Failover

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 10/11/2011 1:41 PM, Keegan Holley wrote: BGP timers are negotiated to the lowest value so even if your carrier doesn't like it they won't be able to stop you. This will also save you the trouble of opening a ticket or requesting that this

Re: [c-nsp] Placing an Interface into a VRF Causes it to Become no passive Underneath v6 OSPF

On 6/8/2011 11:49 AM, Devon True wrote: All: On our 6500s running SXI5, I have noticed that whenever a vlan interface is assigned to a vrf, the interface is inserted as no passive-interface underneath our ipv6 ospf process. Does anyone know of a knob to turn this feature off? Thanks

[c-nsp] Placing an Interface into a VRF Causes it to Become no passive Underneath v6 OSPF

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 All: On our 6500s running SXI5, I have noticed that whenever a vlan interface is assigned to a vrf, the interface is inserted as no passive-interface underneath our ipv6 ospf process. Does anyone know of a knob to turn this feature off? Thanks! -

Re: [c-nsp] Troubleshooting OSPFv3 Neighbor Down: Too many retransmits

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 3/3/2011 12:32 PM, Brian Spade wrote: You might be hitting bug CSCsx54082. Neighbors end up in an DBD exchange loop. Is CPU utilization increasing when the neighbors are in this condition? No issue with cpu utilization. While performing sh

[c-nsp] Troubleshooting OSPFv3 Neighbor Down: Too many retransmits

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 All: I am troubleshooting an issue between two 7600 routers running 12.2(33)SRE3. The ospfv3 session between these two routers keeps going down and up. Other ospfv2/v3 sessions on either router do not have this problem. Mar 1 18:44:22 ROUTER notice

[c-nsp] Combining v4 and v6 Route-Maps for BGP Peers

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 All: Any caveats with using the same route-map for v4 and v6 BGP peering sessions? What about statements with match statements that match either v4 and v6? e.g. route-map foo permit 10 match ip next-hop foo match ipv6 next-hop bar Would that

Re: [c-nsp] Combining v4 and v6 Route-Maps for BGP Peers

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Oliver, route-map foo permit 10 match ip next-hop foo match ipv6 next-hop bar Would that match v4 or v6, depending on the address type? haven't checked in the lab, but strictly speaking, the above map would require both conditions to be

[c-nsp] Securing OSPFv3 on 6500/7600 Routers?

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 All: Since OSPFv3 authentication is not supported on 6500/7600 series routers, I am curious to know how people are securing their deployments. We take the precautionary steps of passive-interface default and only turning up OSPF on network segments

Re: [c-nsp] Securing OSPFv3 on 6500/7600 Routers?

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Pete, You could use inbound ACLs or CoPP policies that restrict inbound OSPF traffic from only the neighbors you know about. We have CoPP deployed, but it is not that restrictive today (since our v4 OSPF uses authentication). You could also move

Re: [c-nsp] Securing OSPFv3 on 6500/7600 Routers?

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 1/5/2011 7:57 PM, Rubens Kuhl wrote: IPSEC ? http://packetlife.net/blog/2008/sep/3/ospfv3-authentication/ Does not work on the 6500/7600 unfortunately, but worked beautifully in my GNS3 lab. - -- Devon -BEGIN PGP SIGNATURE- Version:

Re: [c-nsp] Securing OSPFv3 on 6500/7600 Routers?

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 1/6/2011 12:50 AM, Dobbins, Roland wrote: Um, I thought multiple vendors supported MD5 for OSPFv3, do they not? That's what I was alluding to when I said that MD5 should suffice. If I'm wrong about this, thanks much for the schooling! If

Re: [c-nsp] ACL limitations on Sup720/PFC3BXL

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Isn't this about the third time in the past couple of weeks that I've posted this? We need a FAQ. What about updating http://cisco.cluepon.net/? I did a quick for rpf and earl7 but did not see any hits. - -- Devon -BEGIN PGP SIGNATURE-

Re: [c-nsp] Control-Plane Filters/ACLs

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Bill, Hello C-NSP members. I am looking for some good examples of router-protect ACLs or FW filters. On my J gear, I have several firewall filters designed to protect the control-plane that simply get applied to the loopback. Now only certain

[c-nsp] Mysterious VRF Interface on 6500

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 All: I noticed that when I created a VRF on a 6500 running 12.2(33)SXH6, it created another interface: #sho vrf ipv4 interfaces InterfaceVRFProtocol Address

Re: [c-nsp] Mysterious VRF Interface on 6500

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 9/17/2010 12:38 PM, Ovidiu Neghina wrote: This is how 6500/7600 works. Each logical interface has an internal vlan associated I did some more digging with the show vlan internal usage output and observed a vrf_0_vlan0 vlan reserved on a 6500

Re: [c-nsp] ASIC to switch port mapping

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 9/10/2010 12:16 PM, Murphy, William wrote: Is there also a command for the 6500 that does this? It's of interest to me because some features like VLAN translation work on groups of ports on a common ASIC... Check out

Re: [c-nsp] Troubleshooting Input Queue Drops on 7600 running 12.2(33)SRC5

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 6/30/2010 11:30 AM, Devon True wrote: All: I am seeing increasing input queue drops on a 7600 running 12.2(33)SRC5 on a SPA-2X1GE in a 7600-SIP-400. #sh int g1/1/1 GigabitEthernet1/1/1 is up, line protocol is up Hardware is GigEther SPA

Re: [c-nsp] A few very Quick IP SLA questions

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 7/16/2010 11:14 AM, Drew Weaver wrote: Also the main reason for implementing this is because we had an instance where a interface didn't go down, but no traffic would pass through it (routing protocols failed, etc) and we have our default

Re: [c-nsp] Troubleshooting Input Queue Drops on 7600 running 12.2(33)SRC5

=0, checksum=49523 Jul 1 13:42:05 ROUTER debug 3954: Jul 1 09:42:04.823 Eastern: TTL expired - -- Devon On 6/30/10 11:30 AM, Devon True wrote: All: I am seeing increasing input queue drops on a 7600 running 12.2(33)SRC5 on a SPA-2X1GE in a 7600-SIP-400. #sh int g1/1/1 GigabitEthernet1

Re: [c-nsp] Troubleshooting Input Queue Drops on 7600 running 12.2(33)SRC5

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 7/1/2010 3:54 AM, LM wrote: I see Input queue: 0/75/1707/0 (size/max/drops/flushes) Did you play with the command hold-queue XXX in? where XXX is a value over 75, which is the default value. I have not. I did watch the input queue size and it

Re: [c-nsp] Troubleshooting Input Queue Drops on 7600 running 12.2(33)SRC5

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 7/1/2010 10:29 AM, John Neiberger wrote: I missed the beginning of this thread. Have you determined what is causing the giants in the first place? I have not. I was hoping that the output from 'debug ip cef packet g1/1/1 input rate 5 detail'

[c-nsp] Troubleshooting Input Queue Drops on 7600 running 12.2(33)SRC5

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 All: I am seeing increasing input queue drops on a 7600 running 12.2(33)SRC5 on a SPA-2X1GE in a 7600-SIP-400. #sh int g1/1/1 GigabitEthernet1/1/1 is up, line protocol is up Hardware is GigEther SPA, address is 001d.7170.3500 (bia 001d.7170.3500)

Re: [c-nsp] IPv6

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 3/16/2010 9:19 AM, Drew Weaver wrote: Hi, I believe most people feel that a /126 should be used the same place you would use /30 FWIW, the recent NANOG meeting discussed numbering your IPv6 links.

Re: [c-nsp] Netflow - GSR engine 5

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 2/25/2010 7:28 PM, Dobbins, Roland wrote: Because that's how NetFlow is supposed to work on a real router, vs. the broken implementation on 6500/7600 with current hardware. I am running Netflow v5 on a 7600 with 12.2(33)SRC5 and I see packets

Re: [c-nsp] what is it with 3550s?

On Feb 22, 2010, at 17:14, Tom Lanyon t...@netspot.com.au wrote: On 23/02/2010, at 7:41 AM, Jeff Kell wrote: On 2/22/2010 3:45 PM, Seth Mattinen wrote: Exactly. Correct me if I'm wrong, but as far as I know the only way to get that functionality back is a 6500, and that's a *huge* step.

[c-nsp] Purposed of uRPF's allow-default Option?

All: I am curious what the purpose of uRPF's allow-default option is? Based on Cisco's page explaining the command, I interpret that it allows uRPF to match on a default route... but doesn't that defeat the purpose of uRPF? My best guess is that it allows you to set static routes for networks

Re: [c-nsp] Purposed of uRPF's allow-default Option?

On 1/29/2010 4:57 PM, Antonio Querubin wrote: On Fri, 29 Jan 2010, Antonio Querubin wrote: Yes but that's not the interface where you would apply it. You apply ^ necessarilly 'allow-default' on your upstream interface that you point your default route

[c-nsp] Using Advanced IP vs Advanced Enterprise IOS Image

All: I am looking at upgrading our Cat6500s (Sup720/MSFC3) and we currently run an Advanced Enterprise image. Since we are an IP-only shop, I am looking at using Advanced IP instead, but I didn't know if it brought any advantages or disadvantages. Does it offer any savings in memory or other

[c-nsp] Anyone Running SXI2a on 6500 Sup720-3BXL

All: Anyone running 12.2(33)SXI2a on a 6500 Sup720-3BXL? We are looking at installing it on our systems and wanted to see if it has any field exposure. Features include: OSPFv2 BGP HSRP 10G interfaces Rapid STP CoPP SVIs Monitor sessions We are also planning to implement IPv6 and related

[c-nsp] 6500 - SVI Showing ifInDiscards - Meaning?

All: What does an ifInDiscard mean on a SVI on a 6500? I did some searching and http://www.cisco.com/en/US/tech/tk648/tk362/technologies_q_and_a_item09186a00800b69ac.shtml said that ifInDiscards - These are counted as no buffers as reflected in the show interfaces command.. The example shows

[c-nsp] Cisco 3550 with WS-G5483 Link Always Up?

All: When I place a WS-G5483 1000BaseT gbic into a Cisco 3550 running 12.1(22)EA4, the link is up/up even though there is no Ethernet cable installed. Is this normal behavior? Is there some knob that I am missing? #sho int g0/1 GigabitEthernet0/1 is up, line protocol is up (connected) Hardware