Dinesh Dutt, the co-author of VxLAN wrote two books you can get for free*
They are both focused on the datacenter, but the principals are the same
for both DC and non-DC use cases.
BGP in the datacenter: http://cumulusnetworks.com/bgp
EVPN in the datacenter:
My memory on this is old and fuzzy, but I worked on some issues when I was
in TAC where the TCAM on sup2t isn't fixed like the old sup720. It's not a
guaranteed number of entries, and is dependent on the space the fib data
structure takes up. The data structure is entirely dependent on the
The TCAM on Sup2t isn't the same as Sup720. The Sup2t stores routes as a
data structure in a memory pool, which means that it isn't a fixed number
of route entries, but is based more on the prefix distribution and how
routes are added/deleted. I don't remember the specifics but it is possible
to
The way ISSU works with routing protocols is by just not responding and
coming back online before dead time expires. The warning is saying that
ISSU isn't guaranteed to come back within the deadtime you've configured.
With a smaller deadtime ISSU may not have finished and BGP will timeout and
the
handles the concept of node removal without causing a
> re-calculation. How well does it handle the scenario where you are adding a
> new node, or where a failed node returns?
>
>
>
> -Peter
>
>
>
> *From:* Pete Lumbis [mailto:alum...@gmail.com]
> *Sent:*
What you need is resilient hashing, which is supported on the Broadcom
Trident 2 chipset by all the vendors that use it (Nexus 3k, Arista
platforms, Dell S4048/S6000 with Cumulus Linux). I'm not aware of Cisco
custom chips that do this.
The way resilient hashing works is that it pre-populates a
(DISCLAIMER: I work for Cumulus Networks)
On Tue, May 19, 2015 at 6:32 AM, Phil Mayers p.may...@imperial.ac.uk
wrote:
On 15/05/15 19:24, Mark Tinka wrote:
On 15/May/15 18:36, Christian Kratzer wrote:
this is the time for:
favourite-rant-about-the-virtues-of-open-source-hardware/
On Tue, Dec 2, 2014 at 7:45 AM, Phil Mayers p.may...@imperial.ac.uk wrote:
What I find most frustrating is that you can't clear [mls|hardware] ...
when these occur. There seem to be no way of resetting it to known-good
state and reprogramming from scratch short of a reload; I would rather a
and it was
just bad timing for the one update.
On Thu, Dec 4, 2014 at 3:49 PM, Phil Mayers p.may...@imperial.ac.uk wrote:
On 04/12/2014 18:51, Pete Lumbis wrote:
On Tue, Dec 2, 2014 at 7:45 AM, Phil Mayers p.may...@imperial.ac.uk
mailto:p.may...@imperial.ac.uk wrote:
What I find most frustrating
no hello padding always. The Always keyword has been hidden for a long
time and was unhidden somewhat recently (I can't remember where). With
always none of the hellos are padded.
On Tue, Nov 25, 2014 at 12:51 AM, Alex K. nsp.li...@gmail.com wrote:
Hello everybody,
Although I have “no hello
If you don't need segmentation I don't see the benefit of moving to mVPN.
Only consider if you think there will be segmentation needs in the future.
On Mon, Nov 24, 2014 at 4:08 PM, Jason Lixfeld ja...@lixfeld.ca wrote:
Hi all,
We’ve got an A9K MPLS core that we do all sorts of fun stuff on,
Existing connections skip the ACL check.
Take a look at Jay Johnston's Cisco Live presentation from this year
https://www.ciscolive.com/online/connect/sessionDetail.ww?SESSION_ID=78697backBtn=true
On Thu, Oct 9, 2014 at 3:42 PM, Christopher Werny cwe...@ernw.de wrote:
Good Evening,
I know
Perhaps you are thinking of standard IOS ACL rules, specifically reflexive
ACLs? Or maybe the established keyword on standard ACLs that looks for an
ACK flag?
On Thu, Oct 9, 2014 at 4:23 PM, Roland Dobbins rdobb...@arbor.net wrote:
On Oct 10, 2014, at 2:56 AM, Pete Lumbis alum...@gmail.com
(assuming sufficient ESP capacity)?
Many thanks,
Simon
On Sat Oct 04, 2014 at 11:56:45AM -0400, Pete Lumbis wrote:
It would be a single pass through the QFP. The SIP could also be a
limiting
factor, but since you are split between SIPs that shouldn't be an issue.
The SIP 40 has 2x 40Gig
It would be a single pass through the QFP. The SIP could also be a limiting
factor, but since you are split between SIPs that shouldn't be an issue.
The SIP 40 has 2x 40Gig lanes on the backplane. Are you doing crypto or
anything like that which would impact performance?
There is a great Cisco
This won't work, it won't let you put two IPs in the same subnet on the
router. What's a better solution would be an EEM script tied to an IP SLA
so when a failure is detected on g1/1 the EEM script shuts it down, removes
the IP, configures g1/1, and pings out, forcing an ARP.
As you mentioned
BVI on modern* code will be CEF switched, so not anymore CPU intensive than
any other packet.
*for some definition of modern being = 12.4.24Tsomething
On Wed, Aug 13, 2014 at 7:17 PM, Sam Stickland s...@spacething.org wrote:
Hi,
On Wed, Aug 13, 2014 at 6:14 PM, Gert Doering
Go to Cisco Live 365 and watch my talk called IOS Routing Internals from
San Francisco this year. I address exactly this (spoiler: it's what Darren
said)
-Pete
On Thu, Jul 31, 2014 at 1:10 AM, Samol molas...@gmail.com wrote:
Hi All,
Just experienced spike when doing the continuous ping as
MFIB was added in 12.4.24T (or maybe 15.0M) and...I want to say SRD code.
You can think of it like multicast CEF. Just like the RIB builds FIB,
mroute builds mfib. It's also the code where you see the pim tunnel
interfaces for encap (on the FHR) and decap (on the RP).
This might be helpful.
If you have a Sup720 pulling a full BGP feed you've probably seen error
messages like this:
*%MLSCEF-SP-4-FIB_EXCEPTION_THRESHOLD: Hardware CEF entry usage is at
95% capacity for IPv4 unicast protocol*
A document was just published on Cisco.com describing the issue and how to
correct it.
Sup2t is working on (implemented?) something along these lines.
On Wed, Jun 4, 2014 at 11:35 AM, Gert Doering g...@greenie.muc.de wrote:
Hi,
On Wed, Jun 04, 2014 at 05:21:13PM +0100, Nick Hilliard wrote:
On 04/06/2014 16:39, Antonio Soares wrote:
Usually it doesn't recover by itself
Just to add a little more, XDR is the component used to send routes from
the supervisor to DFCs across the fabric of a 6500/7600. Generally you'll
need to engage TAC for assistance on this kind of problem.
-Pete
On Mon, May 19, 2014 at 5:18 AM, David beckett david.beck...@ch.ibm.comwrote:
GRE is not supported on the ASR901.
On Mon, May 12, 2014 at 5:59 AM, Ivan cisco-...@itpro.co.nz wrote:
I have some Cisco ASR901s and would like to have a layer 2 or layer 3
tunnel between them over a layer 3 network.
I have configured GRE and tunnel is up and it is possible to ping the
I can't find info that says they are supported, but I'd assume not.
On Mon, May 12, 2014 at 5:38 PM, Ivan cisco-...@itpro.co.nz wrote:
Thanks Pete. Do you know if any of the other tunnelling modes are
supported?
ipipIP over IP encapsulation
ipsec IPSec tunnel encapsulation
Hierarchical FIB is not enabled by default on 7600 and you must enable cef
table output-chain build favor convergence-speed like you mention.
Turning it on should have no impact. Turning it off could see a route
reprogram event and could cause packet loss while it happens. As with
everything, use
On Fri, Apr 25, 2014 at 12:12 PM, Gert Doering g...@greenie.muc.de wrote:
Hi,
On Fri, Apr 25, 2014 at 10:56:47AM -0400, Pete Lumbis wrote:
Hierarchical FIB is not enabled by default on 7600 and you must enable
cef
table output-chain build favor convergence-speed like you mention.
I'm truly
Gotcha. My apologize for misunderstanding. Living in TAC makes me assume
nothing works the way people want it to :)
On Fri, Apr 25, 2014 at 12:59 PM, Gert Doering g...@greenie.muc.de wrote:
Hi,
On Fri, Apr 25, 2014 at 12:45:22PM -0400, Pete Lumbis wrote:
Leave default behavior, don't get
for PIC Core
IP2IP hacks it using loadbalance adjacencies.
VPNv4 requires recirc.
PIC Edge is a different story since we are pre-installing the backup path
like FRR
On Fri, Apr 25, 2014 at 1:03 PM, Saku Ytti s...@ytti.fi wrote:
On (2014-04-25 10:56 -0400), Pete Lumbis wrote
Just to follow up on this, I've updated this bug, and it should be visible
in the next day or so.
In short it only happens on the me3600-cx when running ISIS. If you aren't
running ISIS or you don't have a me3600-cx you can't encounter this. The
me3600-x and me3800-x don't have this problem,
Probably not, but I'd ask why? EVC does the same thing as subs but with
more flexibility?
On Tue, Apr 22, 2014 at 4:28 AM, Raheel Muhammad
raheel.muham...@gmail.comwrote:
Hi,
Might be a stupid question but have never done it, can we mix up service
instance and sub interface configuration
as sub interfaces and this interface is the only option to
configure service instance and i was getting error on sub interface when i
was configuring xconnect on a QinQ sub interface.
Thanks
On Tue, Apr 22, 2014 at 3:37 PM, Pete Lumbis alum...@gmail.com wrote:
Probably not, but I'd ask why? EVC
Peter,
CPU span on sup2t is unfortunately not implemented. It sounds like there
are both software and hardware limitations to making it happen so it may
never show up. There's an internal but I'll work on pushing external
(meaning currently it's pretty useless but give it 24-48 hours),
/lan/catalyst6500/ios/15-1SY/config_guide/sup2T/15_1_sy_swcg_2T/mini_protocol_analyzer.html)
for now.
-Pete
On Tue, Apr 22, 2014 at 10:32 AM, Phil Mayers p.may...@imperial.ac.ukwrote:
On 22/04/2014 13:58, Pete Lumbis wrote:
Peter,
CPU span on sup2t is unfortunately not implemented. It sounds
I think the next line after authentication keychain is
cryptographic-algorithm MD5
On Tue, Apr 22, 2014 at 10:55 AM, M K gunner_...@live.com wrote:
Hi all
I am facing an issue when configuring EIGRP authentication between IOS and
IOS XR
R1#sh run | sec key chain
key chain KEY
key 1
Apr 2014 16:10, Pete Lumbis alum...@gmail.com wrote:
It's possible that Q-inQ mapping isn't supported but EVC style is. If you
move it to EVC for the xconnect does it work?
On Tue, Apr 22, 2014 at 8:42 AM, Raheel Muhammad
raheel.muham...@gmail.com wrote:
Hi,
It works and why i wanted
Although it doesn't really help with Rancid, you can manually clean up (or
configure an EEM script to do it for you)
http://www.cisco.com/c/en/us/td/docs/routers/asr1000/operations/guide/asr1000ops/performing_file_system_cleanups.html
The caveat with cleaning up the tracelogs aggressively would
Be aware that the command is not just ARP to the CPU, it's transit ARP
traffic as well.
http://www.cisco.com/c/en/us/products/collateral/switches/catalyst-6500-series-switches/prod_white_paper0900aecd802ca5d6.html
(ctrl + f, arp police)
On Thu, Mar 20, 2014 at 8:48 AM, Raymond Lucas (AP)
an hour or so.
Right now it is running smoothly for nearly 23 hours.
adam
*From:* Pete Lumbis [mailto:alum...@gmail.com]
*Sent:* Tuesday, March 18, 2014 12:41 AM
*To:* Vitkovský Adam
*Cc:* cisco-nsp@puck.nether.net
*Subject:* Re: [c-nsp] BFD CPU hog and traceback on me3600 and isis
Tinka mark.ti...@seacom.mu wrote:
On Wednesday, March 19, 2014 02:56:02 PM Pete Lumbis wrote:
Just to close the loop on the thread, I spoke to OP
off-list and this matches CSCug77067. When an FRR event
(either TE FRR or IP FRR) occurs the processes
prioritization for BFD and the FRR event
How soon after the upgrade to 15.4.1 did you see the issue again?
What was that time difference compared to when you re-enabled BFD to show
TAC and now (assuming it's still stable)?
On Mon, Mar 17, 2014 at 11:36 AM, Vitkovský Adam adam.vitkov...@swan.skwrote:
Hi folks,
Anyone ran into
http://www.cisco.com/c/en/us/support/docs/routers/asr-1000-series-aggregation-services-routers/110531-asr-packet-drop.htm
show plat hard qfp active stat drop | e _0_ to show any internal drops
and a reason
show plat hard qfp active datapath utilization will show the total QFP
load
On Sun, Mar
This is a problem with any value greater than 4294966.
I don't have any peers to actually check signaling, but it looks like this
only impact the show run output (which would impact startup if written
and reloaded).
===
R11.3800.Bottom(config)#int g0/8
What version of code are you running?
On Sun, Mar 9, 2014 at 6:00 PM, st...@itps.uk.net wrote:
Hi NSP,
Is anyone familiar with the 3800X and why we are unable to configure EIGRP
for IPv6 even though its clearly stated in the configuration guide as
available?
Yeah, what you're looking for is PfR
On Thu, Mar 6, 2014 at 12:53 AM, quinn snyder snyd...@gmail.com wrote:
something like pfr[0] may be useful in this instance, assuming the kit can
run it.
on newer kit, pfr-v2 is much less sucky than the pfr of old.
q.
[0]
Yep, requires routing SDM template.
On Fri, Feb 28, 2014 at 9:10 AM, Phil Mayers p.may...@imperial.ac.ukwrote:
On 28/02/14 13:41, Michael Robson wrote:
However, now when I apply a created route-map to an interface, it take the
'ip policy route-map' command but nothing appears on
Documentation implies that Sup2T can match length in an ACL
http://www.cisco.com/c/en/us/td/docs/switches/lan/catalyst6500/ios/15-0SY/configuration/guide/15_0_sy_swcg/qos_class_mark_police.html
===
Match criteria
Access control list (ACL).
*Note *Use ACLs to match the
You are talking about the PIM encap/decap tunnel. This can't be removed.
On Wed, Feb 12, 2014 at 1:41 PM, Panocisco77 panocisc...@gmail.com wrote:
How do I delete a Tunnel automatically generated by PIM ? We are running
automatic RP..
Renelson
The bug you mentioned has a code fix written and is going through dev test.
It looks like it could be in the 15.3.3S3 and 15.4.1.S1 rebuilds, but don't
quote me on that.
With regards to tcp-adjust mss, this command isn't supported on the
me3600/3800 boxes
On Tue, Feb 4, 2014 at 5:14 AM, Adam
The ASR901s might work a little better for you. Same guts as an asr901, but
a hardened version.
http://www.cisco.com/en/US/prod/collateral/routers/ps10912/ps12890/data_sheet_c78-726628.html
I don't have any experience with these in the field, with regards to
environmental conditions.
On Tue,
I've never tried it, but you might be able to create a MLS rate
limiter/CoPP policy to drop all the FIB Miss packets from being punted and
try to reset the HW CEF table and see if that works. I doubt it will, but
in a pinch it could be worth a try.
On Mon, Feb 3, 2014 at 9:09 AM, Rolf Hanßen
Outside of the QoS things other have mentioned is to keep in mind that
ASR1k monitoring is different. Now forwarding is done on the QFP and so
high utilization won't be reflected in show proc cpu. Also be aware that
show proc cpu is showing the IOSd process information, not total platform
CPU
though they were in the same VRF) allowed my nat to overload.
Is this expected behavior?
All is working now.
Thanks all for your help.
db
On Nov 26, 2013, at 6:18 PM, Pete Lumbis alum...@gmail.com wrote:
The question is will basic NAT overload work without VRFs on SX code?
Yes, given
The question is will basic NAT overload work without VRFs on SX code? Yes,
given the endless list of 6k NAT limitations.
On Fri, Nov 22, 2013 at 10:37 AM, Dan Benson dben...@swingpad.com wrote:
All,
From reading it seems the 7600 does not support NAT in vrf (without an
FWSM) but I thought I
Take a look at the NANOG best common practices for IPv6 addressing
http://bcop.nanog.org/images/6/62/BCOP-IPv6_Subnetting.pdf
The suggestion is to carve out the first /64 for loopbacks and then assign
them all as /128s
On Thu, Nov 21, 2013 at 3:38 AM, CiscoNSP List
You're right on the software part (901 = IOS classic, 903 = XE) but the
hardware part isn't correct.
The asr903 is based on the same forwarding asic as the me3600 and me3800
The asr901 is based on a different forwarding asic than the 903/3600/3800
The asr1k is based on the Cisco QFP network
Before XE 3.11 (15.3.4S) the behavior is:
1) On EVC-BD, if no L2CP configuration is done, then tagged BPDUs are
dropped and untagged BPDUs are peered
2) On EVC-Xconnect, by default, the tagged BPDUs are dropped and
untagged BPDUs are forwarded
3) On Port-Xconnect, the tagged
I can't comment on the state of the new bug toolkit (vomit) but to Mikaels
point:
Yes, there are crappy bugs. I see them every day. They are written by
humans with the information available at the time. TAC needs to do a better
job of following up on bugs after they are resolved to ensure the
Generally these kinds of problems are triggered by routing changes. The
software that owns the routing table (show ip route/ show ip cef) needs to
update the hardware TCAM (show mls cef). This is true of both IP prefixes
and MPLS labels.
When you issue clear ip route you for the software to
I can confirm that CSCuh05321 is 100% fixed in 15.3.3S1a. If you are seeing
problems similar to this it is a different issue.
On Tue, Nov 19, 2013 at 7:33 AM, Adam Vitkovsky adam.vitkov...@swan.skwrote:
That's what I was about to ask as the CSCuh05321 is actually listed under
15.3(3)S caveats
Any idea why Switch 3 has remote label 28 instead of 48?
Do you know if the issue is unidirectional or bidirectional? That is, can
Sw2 send to Sw3 but Sw3 can't send back?
On Mon, Nov 18, 2013 at 3:05 PM, Nick Ryce n...@fluency.net.uk wrote:
Hi,
I’m tearing my hair out with this one and
Syslogs to see when someone exited from config mode.
On Fri, Nov 15, 2013 at 10:44 AM, Methsri Wickramarathna
mmethw2...@gmail.com wrote:
Jon yes it's only the ip route command was missing , if configurations
was rolled back is there a way to identify it ???
On Fri, Nov 15, 2013 at 9:11
There is a match protocol mpls to match labeled traffic.
http://puck.nether.net/pipermail/cisco-nsp/2013-March/089936.html
On Fri, Nov 15, 2013 at 4:48 AM, Phil Mayers p.may...@imperial.ac.ukwrote:
Has anyone else seen this? Our N7k CoPP policy seems to be letting packets
through which are
to
match mpls traffic that is not actually matching?
On Fri, Nov 15, 2013 at 11:20 AM, Phil Mayers p.may...@imperial.ac.ukwrote:
On 15/11/13 16:08, Pete Lumbis wrote:
There is a match protocol mpls to match labeled traffic.
Not sure what use that is in the context of selectively
dropping
This is similar, but not the right bug. This bug is fixed in the 15.3.3S
train and it is specific to class-map ACLs that are matching on L4 ports.
In Adam's case we are on later code and there are no ACLs matching L4 ports.
I've updated the release note to indicate the requirement of L4
What version of code?
On Tue, Nov 12, 2013 at 8:39 AM, Adam Vitkovsky adam.vitkov...@swan.skwrote:
Hi Folks,
Is anyone using MPLS QOS on ME3600 platform please or I am the only one
hitting the issue?
As seen below all traffic is matched into the first class defined in the
policy-map no
Good catch! Looks like this was done through the work of CSCuc36988 and is
on track for 15.4.1S still
On Tue, Nov 5, 2013 at 8:24 AM, jean-francois.tremblay...@videotron.comwrote:
On ASR1k the MSS adjustment is done on the QFP (the ESP or in
hardware).
Again, this behavior varies from
sure
before doing it
On Sat, Nov 2, 2013 at 1:53 AM, Pete Lumbis alum...@gmail.com wrote:
Most platforms can't do this in hardware and have to punt the SYN and/or
SYN/ACK packets. Use caution at scale
On Fri, Nov 1, 2013 at 7:15 AM, Methsri Wickramarathna
mmethw2...@gmail.com wrote:
Hi
I don't know what the numbers are but when it comes to the ISRG2 scale +
features + crypto does not end in a lot of happy network engineers
If you are looking at future growth as well I'd seriously consider ASR1k
with RP1, but talk to your SE to see if RP2 would be necessary.
On Fri, Nov 1,
Most platforms can't do this in hardware and have to punt the SYN and/or
SYN/ACK packets. Use caution at scale
On Fri, Nov 1, 2013 at 7:15 AM, Methsri Wickramarathna mmethw2...@gmail.com
wrote:
Hi all ,
Is it wise to use ip tcp adjust-mss on a ISP gateway router ???
--
--
I /think/ (not 100% sure) that the 5k only supports 256 statistic entries,
so it sounds like when you add the other ACL, with stats per-entry enabled
we run out of space for the stats. I think you'll have to disable the stats
to add the second ACL.
On Tue, Oct 22, 2013 at 6:13 AM, Oswald, Thomas
15.2.4S4 is considered a Safe Harbor release for 15S, but you might want
to wait a week or two for 15.24S4a to come out (roughly scheduled)
On Wed, Oct 9, 2013 at 7:48 AM, Mark Tinka mark.ti...@seacom.mu wrote:
On Wednesday, October 09, 2013 08:52:04 AM Rob Timmermans
wrote:
I'm looking
The other options besides in include LINE or what should we put in the
syslog as to why the reload is occurring. This means it will pick up
anything that isn't already a keyword (for example in provides an option,
int is a reason).
If we fix the behavior what does the fix look like? Do we not
with reload? [confirm]
===
On Mon, Oct 7, 2013 at 11:46 AM, Octavio Alvarez
alvar...@alvarezp.ods.orgwrote:
On 10/07/2013 05:30 AM, Pete Lumbis wrote:
If we fix the behavior what does the fix look like? Do we not allow any
reason that starts with i(in) c (cancel
I can't explain why it works for some (sub) interfaces but it sounds like
shapers on port channels, on software routers (ISR/ISR-G2/7200s) isn't
fully implemented/supported. See CSCtx75955. From what I can dig up some of
the code is there and some isn't, so features are/will be hit or miss.
Sorry
Configs and CE facing and core facing line cards?
On Fri, Sep 6, 2013 at 9:43 AM, Bernhard Schmidt be...@birkenwald.dewrote:
Hoi,
I have started testing VPLS on N7k 6.2(2) with VLAN-based VFI membership
and I have some problem with IPv6 in the VLAN due to some/most multicast
frames getting
On Thu, Aug 29, 2013 at 1:52 AM, Mark Tinka mark.ti...@seacom.mu wrote:
Traditionally, aggressive IGP timers in conjunction with
BFD have been such that convergence happens as soon as BFD
signals its client (the IGP, in this case) of an issue on
the link.
Mark.
I don't want to confuse
wrote:
On Thursday, August 29, 2013 03:54:47 PM Pete Lumbis wrote:
I don't want to confuse aggressive IGP hellos with
aggressive IGP protocol tuning. I'm all for tuning SPF,
et al. timers under the protocol. It's the only way you
get fast convergence. My beef is with sub-second hellos
of is how you were simulating failure. Lost of carrier will always beat
BFD.
On Thu, Aug 29, 2013 at 10:41 PM, Mark Tinka mark.ti...@seacom.mu wrote:
On Thursday, August 29, 2013 06:00:05 PM Pete Lumbis wrote:
I don't see it as an either/or question. You still need
BFD for failure detection
. I'd suggest 1sec hold /3sec dead
protocol timers at the lowest.
On Wed, Aug 28, 2013 at 5:06 AM, Peter Rathlev pe...@rathlev.dk wrote:
On Wed, 2013-08-21 at 23:29 -0400, Pete Lumbis wrote:
Was the traffic from a connected source? The rate limiter you
mentioned only applies for local sources
Classic redistribution race condition. Notice in the failed state that the
BGP table shows two routes, one from the ISP and one that is locally
sourced ( from 0.0.0.0weight 32768).
What happens is that BGP is picking a best route and only presenting that
single route up to the routing table.
Is your concern drops or counter? On hardware based platforms like the 6k
accurate counters can be a tricky thing.
On Fri, Aug 23, 2013 at 2:08 PM, gal.9...@googlemail.com
gal.9...@googlemail.com wrote:
Hi there,
I've some problems on a Cat6k plattform with SUP720-3BXL running
15.1(1)SY1.
Was the traffic from a connected source? The rate limiter you mentioned
only applies for local sources
http://www.cisco.com/en/US/docs/ios-xml/ios/security/m1/sec-cr-m2.html#wp1716645027
The key would be to understand the punt reason for that traffic, most
likely through a NetDR capture.
As a
Another 7600 quirk.
CSCsg20022 - ACL counters for BFD packets don't increment with CoPP
Sounds like CoPP applies the QoS policy in hardware and the counters you
see in CoPP are based on packets seen outside of CEF in software. Since BFD
is in the CEF path, not the process path, these packets end
VPLS is not supported on the asr901. It's on the roadmap, but I'm not sure
when.
ASR903 does support VPLS
On Fri, Aug 16, 2013 at 12:48 AM, Andrew K. and...@vianet.ca wrote:
Anyone know if this feature is supported on the ASR901? I believe it is
on the 903, but I am not finding anything to
Copy/paste a bunch of null0 routes?
deny any acls on interfaces?
On Wed, Aug 14, 2013 at 10:54 AM, John Neiberger jneiber...@gmail.comwrote:
We need to upgrade some ASR9Ks that have a lot of connected devices with
complex interrelationships and we have to do a lot of work to make sure all
if we copy a empty config ??? and rollback the config ? i didn't test
this anyway .
On Wed, Aug 14, 2013 at 10:13 PM, Pete Lumbis alum...@gmail.com wrote:
Copy/paste a bunch of null0 routes?
deny any acls on interfaces?
On Wed, Aug 14, 2013 at 10:54 AM, John Neiberger jneiber...@gmail.com
If by closest you mean lowest latency you probably want to look at
something like PfR to do this dynamically for you.
On Tue, Jul 23, 2013 at 1:48 AM, vasu varma ypk...@gmail.com wrote:
Hi Team,
I have a requirement in such a way that there are two HUB's, one in Newyork
and other in LOS
IOSd runs as a process on top of Linux. It's basically IOS with the kernel
ripped out of it. The only other processes from the Linux point of view are
for chassis (interface/module) management, and some shim layer programs
that handle taking software CEF (show ip cef) and programming it down to
What processor do you have. 1000v only supports Intel Nehalem based chips
https://www.cisco.com/en/US/docs/routers/csr1000/release/notes/csr1000v_3Srn.html#wp3017606
On Tue, Jul 9, 2013 at 7:53 AM, M K gunner_...@live.com wrote:
Hi/I am trying to upload the Cisco CSR 1000 ova image , have
The Cisco Live facebook page says they posted most of the sessions and
everything that isn't up already should be up in the next few weeks.
https://www.facebook.com/photo.php?fbid=10151522611582807l=e9f78010e3
On Fri, Jul 5, 2013 at 2:37 PM, Andrew K. and...@vianet.ca wrote:
Will all these
is RMA.
Regards,
Pete Lumbis
TAC Routing Protocols Technical Leader
On Thu, Jul 4, 2013 at 7:44 PM, Robert Williams rob...@custodiandc.comwrote:
Hi,
Got a weird persistent issue which I'd like to know if anyone else has
seen. We have a site with a 6503-E chassis, with a 720-3bxl in slot 1
It sounds like NTP may be stuck in broadcast mode for some reason. I'd
suggest either calling TAC or issuing no ntp to completely disable the
service then reconfigure the ntp server commands.
-Pete
On Tue, Jul 2, 2013 at 12:30 PM, Victor Sudakov v...@mpeks.tomsk.su wrote:
Aaron wrote:
Have
2x CPUs. One for control plane, one for data plane. The CPUs have different
architecture so you can't cross the streams. Since IOS-XE does packet
processing so much differently than classic IOS multiple cores are actually
useful now for moving packets. This is what the 4451 does.
On Fri, Jun 28,
In my experience this would be good. I would never suggest anyone run
anything lower than 1/3 (and even that makes me squirm in my chair). If you
want something faster look at BFD.
-Pete
On Thu, Jun 6, 2013 at 8:17 AM, Chuck Church chuckchu...@gmail.com wrote:
Anyone,
Looking at
Since this is hardware based* you'll also need to look at how the FIB fit
down into TCAM with show plat hard qfp act tcam resource-manager usage
*CPP is a network processor not an ASIC like 6k, but it does rely on
similar TCAM
On Tue, May 28, 2013 at 5:45 AM, Beck, Andre cisco-...@ibh.net
According to my research so far, the ASR1k does use TCAM but *not*
for the actual FIB. It's used for ACLs and QoS stuff, though.
You are 100% correct. TCAM for features, QFP memory for FIB.
It would mean we utilize just 40% of the QFP DRAM for that kind of FIB and
the box is apparently more
Was it only LDP that dropped? Did you see any other control plane impact?
Were the timers the same? If multiple protocols had issues I'd think about
high CPU or a punt-path problem. If it's only LDP, I'd look at
interface/forwarding engine/fabric congestion for where the failed peers
are.
On
EVCs might do the trick for you. On the 6k/7600 it requires ES/ES+ modules
I believe. ASR1k and me3600/3800 can do it out of the box.
http://www.cisco.com/en/US/docs/ios-xml/ios/cether/configuration/xe-3s/ce-ether-vc-infra-xe.html
On Thu, May 23, 2013 at 9:25 AM, Simon Lockhart
It's an internal interface for monitoring. CSCuc74439 which is fixed in
15.3.2S1 I believe.
On Thu, May 2, 2013 at 9:46 AM, Eric Van Tol e...@atlantech.net wrote:
Hi all,
Upon upgrading some ME3600s to 15.3(2)S, we noticed that there is now a
GigabitEthernet0/25 interface in the
I meant to say the bug mentioned hides the g0/25 interface
On Thu, May 2, 2013 at 10:42 AM, Pete Lumbis alum...@gmail.com wrote:
It's an internal interface for monitoring. CSCuc74439 which is fixed in
15.3.2S1 I believe.
On Thu, May 2, 2013 at 9:46 AM, Eric Van Tol e...@atlantech.net wrote
1 - 100 of 218 matches
Mail list logo
