Re: [c-nsp] ISR4431-AX/K9

2016-07-13 Thread Adam Greene 
Thanks, Chuck, for the helpful response.

My further research corroborates what you say.

Miercom has an interesting study showing enabling QoS on 4431 does not
affect total throughput: http://miercom.com/pdf/reports/20150817.pdf.
However, enabling FnF & NBAR2 might ... 

It looks like getting the base 4431 and adding the AX license is less
expensive than ordering the AX bundle, which also comes with a SEC license.

Currently not sure if AX license is required on 4431 to support FnF. It
looks like it's required for NBAR2, though.

Adam

-Original Message-
From: Chuck Church [mailto:chuckchu...@gmail.com] 
Sent: Wednesday, July 13, 2016 2:41 PM
To: 'Adam Greene' ; cisco-nsp@puck.nether.net
Subject: RE: [c-nsp] ISR4431-AX/K9

Isn't WAAS their WAN acceleration product?  I don't think NBAR has any
reliance on that.  You just use NBAR to identify the traffic, then normal
QOS policy to do something with it.  I haven't done it on an ASR or ISR 4K,
but that's how it's worked on all previous devices.

Chuck

-Original Message-
From: cisco-nsp [mailto:cisco-nsp-boun...@puck.nether.net] On Behalf Of Adam
Greene
Sent: Wednesday, July 13, 2016 1:04 AM
To: cisco-nsp@puck.nether.net
Subject: Re: [c-nsp] ISR4431-AX/K9

Kind of worried based on
http://www.cisco.com/c/en/us/products/collateral/routers/3900-series-integra
ted-services-routers-isr/guide_c07-726864.html that I'm also going to have
to buy: 

 

ISR4430U-MEM-SSD

DRAM upgrade to 16GB, Flash Memory upgrade to 16GB, NIM Carrier and 200GB
SSD Bundle

 

Not sure if WAAS is required for NBAR2, though, or even if not, if I should
use WAAS instead, or if they are synonymous.

 

And 1300 WAAS Optimized TCP Connections seems tiny, considering the ASA 5520
in line with it reports high water marks of up to 187,000 connections,
though averages about half that probably. Maybe WAAS connections are not the
same, though .

 

From: Adam Greene [mailto:maill...@webjogger.net]
Sent: Wednesday, July 13, 2016 12:50 AM
To: 'cisco-nsp@puck.nether.net' 
Subject: ISR4431-AX/K9

 

Hey guys,

 

If I need a router that can do application based bandwidth throttling
(NBAR2) at 500M-1G aggregate throughput, ISR4431-AX/K9 should do the trick,
right? It seems to provide the features and throughput. Please tell me if
I'm wrong (other services enabled on the router will be limited to BGP and
OSPF).

 

Thanks,

Adam

___
cisco-nsp mailing list  cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/

___
cisco-nsp mailing list  cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/

Re: [c-nsp] ASR 9000 Upgrade Expectations

2016-07-13 Thread Tom Hill 
On 13/07/16 15:13, Jared Mauch wrote:
> There were improvements that went in 533+ which should improve your
> experience. I haven't checked if 602 hit CCO but you may want to look
> at that, or wait for 534.

Neither 6.0.2 or 5.3.4 has hit GA yet. 6.0.1 is (oddly) marked as MD
rather than ED, too.

-- 
Tom
___
cisco-nsp mailing list  cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/

Re: [c-nsp] ASR 9000 Upgrade Expectations

2016-07-13 Thread Tom Hill 
On 13/07/16 22:52, Mark Tinka wrote:
> 
> On 13/Jul/16 23:46, Curtis Piehler wrote:
> 
>> > So going from 5.1.X to 6.X.X will likely involve fpd upgrades?
> I've, pretty much, found an FPD update in every major release.

That has been my expectation - usually at least one component has a new
FW version.

Saying that, unless you're making quite a large version jump, it doesn't
take too long to complete. :)

-- 
Tom
___
cisco-nsp mailing list  cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/

Re: [c-nsp] ASR 9000 Upgrade Expectations

2016-07-13 Thread Mark Tinka 


On 13/Jul/16 23:46, Curtis Piehler wrote:

> So going from 5.1.X to 6.X.X will likely involve fpd upgrades?

I've, pretty much, found an FPD update in every major release.

Mark.
___
cisco-nsp mailing list  cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/

Re: [c-nsp] ASR 9000 Upgrade Expectations

2016-07-13 Thread Curtis Piehler 
So going from 5.1.X to 6.X.X will likely involve fpd upgrades?   I've been
hit by the SNMP OID bug that consumes memory over time but I can hold out
by restarting the SNMP process every once in a while.
On Jul 13, 2016 4:39 PM, "Gert Doering"  wrote:

> Hi,
>
> On Wed, Jul 13, 2016 at 10:30:11PM +0200, Juergen Marenda wrote:
> > Because of
> >
> https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-
> > sa-20160525-ipv6
> > asr9k: https://bst.cloudapps.cisco.com/bugsearch/bug/CSCuz66542
> >
> > it should be 5.3.4.1 or for the brave 6.1.1.16
> > but I cannt see it for download (but 5.3.3 two times ! )
> >
> > ... waiting for a fix of severity-2 BUG for more than 6 weeks ...
>
> The SMU for that bug fix was available fairly quickly for 5.3.3 - unlike
> for 4.3.4 (still supported, but that bug did not get an SMU) or IOS (no
> word whatsoever)...  so you can't really complain here :-)
>
> > ... nice to read that for oldstyle IOS, it may be fixed in IOS XVI.IV
> (will
> > arrive A.D. MMXX ?)
> >
> > Workaround with ACLs reduces the Number of Layer3 (boteh ipv4 and IPv6)
> SVI
> > interfaces on my cat4900M
> > to less than 300 (out of TCAM resources...) just for the basics.
> >
> > I am desperately disappointed .
>
> Yay :(
>
> (We have deployed fairly extensive border ACLs for this, so the "soft
> core" is protected against fake & evil ND packets crossing the borders -
> and as long as your 4900Ms are not border routers, you could do similar...)
>
> gert
>
> --
> USENET is *not* the non-clickable part of WWW!
>//
> www.muc.de/~gert/
> Gert Doering - Munich, Germany
> g...@greenie.muc.de
> fax: +49-89-35655025
> g...@net.informatik.tu-muenchen.de
>
> ___
> cisco-nsp mailing list  cisco-nsp@puck.nether.net
> https://puck.nether.net/mailman/listinfo/cisco-nsp
> archive at http://puck.nether.net/pipermail/cisco-nsp/
>
___
cisco-nsp mailing list  cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/

Re: [c-nsp] 40G options for 6807

2016-07-13 Thread Tom Hill 
On 13/07/16 20:24, Peter Kranz wrote:
> For instance, the C6800-32P10G is labelled as an 8 Port 40GE/32 Port 10GE
> module, but there is no software release yet that supports the 40G
> operational mode, nor have I seen the required CVR-4SFP-QSFP adaptor
> available.

I would expect Nick meant 40G options to take advantage of the new
440G/slot SUP6T & PFC4-E hardware (or even, the full 220G/slot of SUP2T
in the 6807).

At the moment, none of the known cards can exceed 160G to the fabric,
and most don't exceed 80G.

Ref: http://d2zmdbbm9feqrf.cloudfront.net/2016/usa/pdf/BRKARC-3465.pdf

Couple that with uncertainty on >1M FIB scale, and it's a pretty poor
show; I'm quite glad to be far and away from Cat6k! :)

-- 
Tom
___
cisco-nsp mailing list  cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/

Re: [c-nsp] ISR4431-AX/K9

2016-07-13 Thread Emille Blanc 
I happen to be staring at an ISR4431/K9 with the APPX license (purchased for 
the L2 features), and it allows nbar configuration for ipv4 and ipv6.  I have 
none without said license pre-loaded, so cannot confirm if it's required or not.
It doesn't seem to complain or spam the license EULA if I enable any NBAR2 
pieces.

Hope this helps shed some light;

Running 15.4(3)S5
router#sh ip nbar version

NBAR software version:  20
NBAR minimum backward compatible version:  20

Loaded Protocol Pack(s):

Name:Advanced Protocol Pack
Version: 12.0
Publisher:   Cisco Systems Inc.
NBAR Engine Version: 20
State:   Active

ABCPGRGBC-57-DAO-R01# sh license | inc ^Index|Permanent|Activated
Index 1 Feature: appxk9
License Type: Permanent
Index 2 Feature: uck9
Period left: Not Activated
Index 3 Feature: securityk9
Period left: Not Activated
Index 4 Feature: ipbasek9
License Type: Permanent
Index 5 Feature: cme-srst
Period left: Not Activated
Index 6 Feature: hseck9
Index 7 Feature: throughput
License Type: Permanent
Index 8 Feature: internal_service


-Original Message-
From: cisco-nsp [mailto:cisco-nsp-boun...@puck.nether.net] On Behalf Of Steve 
Mikulasik
Sent: July-13-16 12:00 PM
To: Adam Greene; cisco-nsp@puck.nether.net
Subject: Re: [c-nsp] ISR4431-AX/K9

I believe NBAR 2 is in the AVX bundle, but there is normal NBAR support in the 
other bundles.


-Original Message-
From: cisco-nsp [mailto:cisco-nsp-boun...@puck.nether.net] On Behalf Of Adam 
Greene
Sent: Tuesday, July 12, 2016 10:50 PM
To: cisco-nsp@puck.nether.net
Subject: [c-nsp] ISR4431-AX/K9

Hey guys,

 

If I need a router that can do application based bandwidth throttling
(NBAR2) at 500M-1G aggregate throughput, ISR4431-AX/K9 should do the trick, 
right? It seems to provide the features and throughput. Please tell me if I'm 
wrong (other services enabled on the router will be limited to BGP and OSPF).

 

Thanks,

Adam

___
cisco-nsp mailing list  cisco-nsp@puck.nether.net 
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/

___
cisco-nsp mailing list  cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/

___
cisco-nsp mailing list  cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/

Re: [c-nsp] ASR 9000 Upgrade Expectations

2016-07-13 Thread Gert Doering 
Hi,

On Wed, Jul 13, 2016 at 10:30:11PM +0200, Juergen Marenda wrote:
> Because of 
> https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-
> sa-20160525-ipv6
> asr9k: https://bst.cloudapps.cisco.com/bugsearch/bug/CSCuz66542
> 
> it should be 5.3.4.1 or for the brave 6.1.1.16 
> but I cannt see it for download (but 5.3.3 two times ! )
> 
> ... waiting for a fix of severity-2 BUG for more than 6 weeks ...

The SMU for that bug fix was available fairly quickly for 5.3.3 - unlike
for 4.3.4 (still supported, but that bug did not get an SMU) or IOS (no
word whatsoever)...  so you can't really complain here :-)

> ... nice to read that for oldstyle IOS, it may be fixed in IOS XVI.IV (will
> arrive A.D. MMXX ?)
> 
> Workaround with ACLs reduces the Number of Layer3 (boteh ipv4 and IPv6) SVI
> interfaces on my cat4900M
> to less than 300 (out of TCAM resources...) just for the basics.
> 
> I am desperately disappointed .

Yay :(

(We have deployed fairly extensive border ACLs for this, so the "soft
core" is protected against fake & evil ND packets crossing the borders -
and as long as your 4900Ms are not border routers, you could do similar...)

gert

-- 
USENET is *not* the non-clickable part of WWW!
   //www.muc.de/~gert/
Gert Doering - Munich, Germany g...@greenie.muc.de
fax: +49-89-35655025g...@net.informatik.tu-muenchen.de


signature.asc
Description: PGP signature
___
cisco-nsp mailing list  cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/

Re: [c-nsp] ASR 9000 Upgrade Expectations

2016-07-13 Thread Juergen Marenda 
Because of 
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-
sa-20160525-ipv6
asr9k: https://bst.cloudapps.cisco.com/bugsearch/bug/CSCuz66542

it should be 5.3.4.1 or for the brave 6.1.1.16 
but I cannt see it for download (but 5.3.3 two times ! )

... waiting for a fix of severity-2 BUG for more than 6 weeks ...
... nice to read that for oldstyle IOS, it may be fixed in IOS XVI.IV (will
arrive A.D. MMXX ?)

Workaround with ACLs reduces the Number of Layer3 (boteh ipv4 and IPv6) SVI
interfaces on my cat4900M
to less than 300 (out of TCAM resources...) just for the basics.

I am desperately disappointed .

Just my 0.01 $,

Juergen.


___
cisco-nsp mailing list  cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/

Re: [c-nsp] 40G options for 6807

2016-07-13 Thread Peter Kranz 
There is the newish high-density 10-G modules that will support 40G as well
http://www.cisco.com/c/en/us/products/collateral/switches/catalyst-6800-seri
es-switches/datasheet-c78-733662.html

For instance, the C6800-32P10G is labelled as an 8 Port 40GE/32 Port 10GE
module, but there is no software release yet that supports the 40G
operational mode, nor have I seen the required CVR-4SFP-QSFP adaptor
available.

Peter Kranz
www.UnwiredLtd.com
Desk: 510-868-1614 x100
Mobile: 510-207-
pkr...@unwiredltd.com

-Original Message-
From: cisco-nsp [mailto:cisco-nsp-boun...@puck.nether.net] On Behalf Of Nick
Cutting
Sent: Wednesday, July 13, 2016 5:30 AM
To: cisco-nsp@puck.nether.net
Subject: [c-nsp] 40G options for 6807

Any new 40g modules coming out/been released for the 6807?

Or still just 

WS-X6904-40G-2T

Where is the love for this golden chassis monster
___
cisco-nsp mailing list  cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/

___
cisco-nsp mailing list  cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/

Re: [c-nsp] ISR4431-AX/K9

2016-07-13 Thread Steve Mikulasik 
I believe NBAR 2 is in the AVX bundle, but there is normal NBAR support in the 
other bundles.


-Original Message-
From: cisco-nsp [mailto:cisco-nsp-boun...@puck.nether.net] On Behalf Of Adam 
Greene
Sent: Tuesday, July 12, 2016 10:50 PM
To: cisco-nsp@puck.nether.net
Subject: [c-nsp] ISR4431-AX/K9

Hey guys,

 

If I need a router that can do application based bandwidth throttling
(NBAR2) at 500M-1G aggregate throughput, ISR4431-AX/K9 should do the trick, 
right? It seems to provide the features and throughput. Please tell me if I'm 
wrong (other services enabled on the router will be limited to BGP and OSPF).

 

Thanks,

Adam

___
cisco-nsp mailing list  cisco-nsp@puck.nether.net 
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/

___
cisco-nsp mailing list  cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/

Re: [c-nsp] ISR4431-AX/K9

2016-07-13 Thread Chuck Church 
Isn't WAAS their WAN acceleration product?  I don't think NBAR has any
reliance on that.  You just use NBAR to identify the traffic, then normal
QOS policy to do something with it.  I haven't done it on an ASR or ISR 4K,
but that's how it's worked on all previous devices.

Chuck

-Original Message-
From: cisco-nsp [mailto:cisco-nsp-boun...@puck.nether.net] On Behalf Of Adam
Greene
Sent: Wednesday, July 13, 2016 1:04 AM
To: cisco-nsp@puck.nether.net
Subject: Re: [c-nsp] ISR4431-AX/K9

Kind of worried based on
http://www.cisco.com/c/en/us/products/collateral/routers/3900-series-integra
ted-services-routers-isr/guide_c07-726864.html that I'm also going to have
to buy: 

 

ISR4430U-MEM-SSD

DRAM upgrade to 16GB, Flash Memory upgrade to 16GB, NIM Carrier and 200GB
SSD Bundle

 

Not sure if WAAS is required for NBAR2, though, or even if not, if I should
use WAAS instead, or if they are synonymous.

 

And 1300 WAAS Optimized TCP Connections seems tiny, considering the ASA 5520
in line with it reports high water marks of up to 187,000 connections,
though averages about half that probably. Maybe WAAS connections are not the
same, though .

 

From: Adam Greene [mailto:maill...@webjogger.net]
Sent: Wednesday, July 13, 2016 12:50 AM
To: 'cisco-nsp@puck.nether.net' 
Subject: ISR4431-AX/K9

 

Hey guys,

 

If I need a router that can do application based bandwidth throttling
(NBAR2) at 500M-1G aggregate throughput, ISR4431-AX/K9 should do the trick,
right? It seems to provide the features and throughput. Please tell me if
I'm wrong (other services enabled on the router will be limited to BGP and
OSPF).

 

Thanks,

Adam

___
cisco-nsp mailing list  cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/

___
cisco-nsp mailing list  cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/

[c-nsp] Nexus 56xx switch-profile problem after upgrade

2016-07-13 Thread Christophe Fillot 
Hello,

We have upgraded a pair of Nexus 5672 from 7.2(1)N1(1) to 7.3(0)N1(1).
We now have a switch-profile commit error related to spanning-tree.

In the running configuration (sh run) we have:

  spanning-tree pseudo-information
vlan 1-3967, 4048-4093 root priority 0

In the switch-profile configuration (sh run switch-profile) we have:

  spanning-tree pseudo-information
vlan 1-3967, 4050-4093 root priority 0

The problem is that VLANs 4048-4049 now seem to be reserved and the
parser does not accept them:

n5k-bf-b(config-sync-sp)# spanning-tree pseudo-information
n5k-bf-b(config-sync-sp-pseudo)# no vlan ?
  <1-3967,4050-4093>  Vlan range, Example: 1,3-5,7,9-11

n5k-bf-b(config-sync-sp-pseudo)# no vlan 4048 root priority 0
 ^
invalid vlans (reserved values) at '^' marker.

It won't accept a commit even with an empty buffer:

Status: Verify Failure
Error(s):
Following commands failed parsing: If the error is 'Command Parsing
Failed', please check if some conditional feature(s) needs to be enabled
vlan 4048 root priority 0 (Command Parsing Failed)
vlan 4049 root priority 0 (Command Parsing Failed)

I cannot modify the local configuration (conf t) because of the
Exclusive Mutual error message.

Is there a way to fix this without breaking anything ?

Thanks,

Christophe


___
cisco-nsp mailing list  cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/

[c-nsp] Cisco Security Advisory: Cisco IOS XR for NCS 6000 Packet Timer Leak Denial of Service Vulnerability

2016-07-13 Thread Cisco Systems Product Security Incident Response Team 
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

Cisco Security Advisory: Cisco IOS XR for NCS 6000 Packet Timer Leak Denial of 
Service Vulnerability

Advisory ID: cisco-sa-20160713-ncs6k

Revision 1.0

For Public Release 2016 July 13 16:00 UTC (GMT)

+-

Summary
===

A vulnerability in the management of system timer resources in Cisco IOS XR for 
Cisco Network Convergence System 6000 (NCS 6000) Series Routers could allow an 
unauthenticated, remote attacker to cause a leak of system timer resources, 
leading to a nonoperational state and an eventual reload of the Route Processor 
(RP) on the affected platform.

The vulnerability is due to improper management of system timer resources. An 
attacker could exploit this vulnerability by sending a number of Secure Shell 
(SSH), Secure Copy Protocol (SCP), and Secure FTP (SFTP) management connections 
to an affected device. An exploit could allow the attacker to cause a leak of 
system timer resources, leading to a nonoperational state and an eventual 
reload of the RP on the affected platform.

Cisco has released software updates that address this vulnerability. There are 
no workarounds that mitigate this vulnerability.

This advisory is available at the following link: 
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160713-ncs6k

-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.5 (SunOS)

iQIVAwUBV4ZMB689gD3EAJB5AQLaIxAAueOBvhPrQxwX5VNKSB3CHnMH/BoXY4pH
+EHT7C1kGY/0tJAiA2JlnsVpUwxNmu5guCT3H+kaqF6VXoSZYEVBRNb1yt8wvfo0
1+PKPeNIUrrOaCu16++U3c+bUuDst1DBeAi+xYjkfsTR23haiQblstb49JgolaQH
FQiufDqU3roXzIua76lOtLmd/Nq4vrcafVprFKEl2UWT1eizu57JnKh8nTAHoxC3
xdkfXXfuilvDhppHShYACiEG4sPGfDEV+ExS5Nt96Vs6wCGNXJ6+9cVq3peZPCWT
VgzIVDHmvntBXCR4q/xvCDuw0D+AcYeDhuG+qmgmZWMf0AJNQfJiiVf56CRL62zT
ePtX6JLXb1eogikdcitxq5Y+vbMmYwlF0+H+/ISTG85IkprZc/XYiYIa8RRn5hmK
5UfQw+St/DMtGBrKjGL+HOOa7lk9JrHbKqvoOikjZpMD/KdnEMv7tPJTC3RWXhAh
7Vi/mUTVBjyWDC+JE5O0E2GSpS6X+bwCji16TlNpFoBmMvqYn7I6O5SSWMTUanQ+
oQ9qL3iF3imVkEGMB/TfbLQWFsIQt2h+7c6sToh1tpso3A7JpHLtou5pAtxy7xSt
1VKXDcNBBJ2GJ/SimLfbMKDfPGqph2d49RCyEQRBxp8bFw4vNRCxDFn24e/vVDW0
AnbSOWb7rRs=
=8GIQ
-END PGP SIGNATURE-
___
cisco-nsp mailing list  cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/

Re: [c-nsp] ASR 9000 Upgrade Expectations

2016-07-13 Thread Mark Tinka 


On 13/Jul/16 16:13, Jared Mauch wrote:

> We see around 1 hour of traffic loss due to upgrade times before adding in 
> FPD and others, which can extend to more like 3 hours. 

Yep, I'd say budget a 3hr window per router for the upgrade.

Mark.
___
cisco-nsp mailing list  cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/

Re: [c-nsp] ASR 9000 Upgrade Expectations

2016-07-13 Thread Jared Mauch 
We see around 1 hour of traffic loss due to upgrade times before adding in FPD 
and others, which can extend to more like 3 hours. 

There were improvements that went in 533+ which should improve your experience. 
I haven't checked if 602 hit CCO but you may want to look at that, or wait for 
534. 

Jared Mauch

> On Jul 13, 2016, at 6:31 AM, Nick Griffin  wrote:
> 
> Hello, looking for some details in regards to an ASR9000 code upgrade.
> Currently running software version 5.1.1 with the following packages:
> 
> Committed Packages:
> 
> disk0:asr9k-mini-px-5.1.1
> 
> disk0:asr9k-k9sec-px-5.1.1
> 
> disk0:asr9k-mpls-px-5.1.1
> 
> disk0:asr9k-mgbl-px-5.1.1
> 
> disk0:asr9k-optic-px-5.1.1
> 
> disk0:asr9k-fpd-px-5.1.1
> 
> disk0:asr9k-li-px-5.1.1
> 
> 
> Installed are RSP-440TR's. We are currently looking to upgrade to version
> 5.3.3, or perhaps another version if one is recommended, looking for input
> here as well, in addition to an estimate as to how long this process is
> expected to take, along with perceived customer impact. If further details
> are necessary please let me know. I've referenced the following
> documentation for installation instructions. If there is something better
> or any best practices not covered, please feel free to advise!
> 
> 
> http://www.cisco.com/web/Cisco_IOS_XR_Software/pdf/ASR9K_Upgrade_Downgrade_Procedure_IOSXR_Rel_533.pdf
> 
> 
> Thanks in advance!
> ___
> cisco-nsp mailing list  cisco-nsp@puck.nether.net
> https://puck.nether.net/mailman/listinfo/cisco-nsp
> archive at http://puck.nether.net/pipermail/cisco-nsp/

___
cisco-nsp mailing list  cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/

[c-nsp] ASR 9000 Upgrade Expectations

2016-07-13 Thread Nick Griffin 
Hello, looking for some details in regards to an ASR9000 code upgrade.
Currently running software version 5.1.1 with the following packages:

Committed Packages:

disk0:asr9k-mini-px-5.1.1

disk0:asr9k-k9sec-px-5.1.1

disk0:asr9k-mpls-px-5.1.1

disk0:asr9k-mgbl-px-5.1.1

disk0:asr9k-optic-px-5.1.1

disk0:asr9k-fpd-px-5.1.1

disk0:asr9k-li-px-5.1.1


Installed are RSP-440TR's. We are currently looking to upgrade to version
5.3.3, or perhaps another version if one is recommended, looking for input
here as well, in addition to an estimate as to how long this process is
expected to take, along with perceived customer impact. If further details
are necessary please let me know. I've referenced the following
documentation for installation instructions. If there is something better
or any best practices not covered, please feel free to advise!


http://www.cisco.com/web/Cisco_IOS_XR_Software/pdf/ASR9K_Upgrade_Downgrade_Procedure_IOSXR_Rel_533.pdf


Thanks in advance!
___
cisco-nsp mailing list  cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/

Re: [c-nsp] 40G options for 6807

2016-07-13 Thread Pavel Skovajsa 
Supposedly there will be new 40G, 10G and 100G modules in the coming
months. See Sales Connect.

-pavel

On Wed, Jul 13, 2016 at 2:29 PM, Nick Cutting  wrote:

> Any new 40g modules coming out/been released for the 6807?
>
> Or still just
>
> WS-X6904-40G-2T
>
> Where is the love for this golden chassis monster
> ___
> cisco-nsp mailing list  cisco-nsp@puck.nether.net
> https://puck.nether.net/mailman/listinfo/cisco-nsp
> archive at http://puck.nether.net/pipermail/cisco-nsp/
>
___
cisco-nsp mailing list  cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/

[c-nsp] 40G options for 6807

2016-07-13 Thread Nick Cutting 
Any new 40g modules coming out/been released for the 6807?

Or still just 

WS-X6904-40G-2T

Where is the love for this golden chassis monster
___
cisco-nsp mailing list  cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/

Re: [c-nsp] err-disable state on a cisco 3750 catalyst

2016-07-13 Thread James Bensley 
On 12 July 2016 at 19:41, Olivier CALVANO  wrote:
> Hi
>
> i have a big problems with one cisco 3750 :
>
>
> Jul 12 17:30:36.218: %PM-4-ERR_DISABLE: channel-misconfig error detected on
> Gi1/0/1, putting Gi1/0/1 in err-disable state
> Jul 12 17:30:36.856: %PM-4-ERR_DISABLE: channel-misconfig error detected on
> Po1, putting Gi1/0/1 in err-disable state
> Jul 12 17:30:36.856: %PM-4-ERR_DISABLE: channel-misconfig error detected on
> Po1, putting Po1 in err-disable state


Dude, share the interface and port-channel configured from the devices
at each end.


Cheers,
James.
___
cisco-nsp mailing list  cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/