Re: [c-nsp] spanning-tree for local switching on ASR920

2017-10-19 Thread Mark Tinka 


On 19/Oct/17 10:08, James Bensley wrote:
> Open a TAC case, they'll probably tell you STP isn't supported and the
> documentation is infact wrong, that is what has happened for me
> recently with some ASR920s and ME3600s with a different feature than
> STP :D

I think the presence of any such commands could be from whatever was
left in ME3600X/3800X land, which has more old school Layer 2 habits
than the ASR920.

The ASR920 is a router, not a switch. So any Layer 2 commands are likely
to be present, but not work.

Mark.
___
cisco-nsp mailing list  cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/

Re: [c-nsp] spanning-tree for local switching on ASR920

2017-10-19 Thread Mark Tinka 


On 19/Oct/17 10:24, Gert Doering wrote:

> So, how do you bridge together two ports on an ASR1k, with STP? ;-)
>
> I do understand the bits about no global VLAN significance, etc., 
> and tieing bridge-groups to pseudowires, etc. - I just want the more
> basic stuff to be more explosion-robust when the customer plugs in
> things wrongly.  OTOH, the box is doing well, circulating 330.000 PPS
> in that STP loop, with barely any CPU load [these are IP/ARP broadcasts
> so the CPU is at risk of being told about them]...

Good question, couldn't possibly tell you that.

We typically don't support such topologies at Layer 2 in our network due
to the very problem you describe. We'd run both ports independently for
the same customer, as for such use-cases, they are either looking for
redundancy or additional bandwidth; or both.

Mark.


signature.asc
Description: OpenPGP digital signature
___
cisco-nsp mailing list  cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/

Re: [c-nsp] spanning-tree for local switching on ASR920

2017-10-19 Thread James Bensley 
On 19 October 2017 at 08:46, Gert Doering  wrote:
> Hi,
>
> On Thu, Oct 19, 2017 at 08:21:27AM +0100, James Bensley wrote:
>> >> Then configure STP for VLAN "10". It doesn't seem like there is any way
>> >> to map to an arbitrary PVST instance, VLAN ID and bridge domain ID has
>> >> to match.
>>
>> I don't know the answer to you question but Peter's suggestion sounds
>> like a probably answer to me.
>
> I wasn't particularily asking for suggestions, but for "I have this
> working, and this is how it looks like".
>
> This box is unlike any other Cisco "switch-like thing" I've had in my
> hands before, so it might very well be just not supported at all.
>
>> However, you didn't share you STP
>> config, or was "l2protocol peer stp" all of it? :)
>
> There isn't anything else you *can* configure (except changing the
> global STP mode from pvstp to mst and back, and setup mst instances,
> which does not have an effecit either).
>
> So indeed, that's all there is, and the ASR920 MST/PVST+ documentation
> claims "there is nothing else you can do".
>
> *If* you have a vlan, you can do "spanning-tree vlan 10", but that is
> default anyway (= not showing up in the config), but since there is no
> "vlan 10" in the system, there's no spanning-tree instance for it either
> ("show vlans" comes up empty).
>

Open a TAC case, they'll probably tell you STP isn't supported and the
documentation is infact wrong, that is what has happened for me
recently with some ASR920s and ME3600s with a different feature than
STP :D

Cheers,
James.
___
cisco-nsp mailing list  cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/

Re: [c-nsp] spanning-tree for local switching on ASR920

2017-10-19 Thread Gert Doering 
Hi,

On Thu, Oct 19, 2017 at 10:19:22AM +0200, Mark Tinka wrote:
> Treat more like an ASR1000 router, and you'll be just fine.

So, how do you bridge together two ports on an ASR1k, with STP? ;-)

I do understand the bits about no global VLAN significance, etc., 
and tieing bridge-groups to pseudowires, etc. - I just want the more
basic stuff to be more explosion-robust when the customer plugs in
things wrongly.  OTOH, the box is doing well, circulating 330.000 PPS
in that STP loop, with barely any CPU load [these are IP/ARP broadcasts
so the CPU is at risk of being told about them]...

gert
-- 
USENET is *not* the non-clickable part of WWW!
   //www.muc.de/~gert/
Gert Doering - Munich, Germany g...@greenie.muc.de
fax: +49-89-35655025g...@net.informatik.tu-muenchen.de


signature.asc
Description: PGP signature
___
cisco-nsp mailing list  cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/

Re: [c-nsp] spanning-tree for local switching on ASR920

2017-10-19 Thread James Bensley 
On 19 October 2017 at 09:38, Mark Tinka  wrote:
>
>
> On 19/Oct/17 10:24, Gert Doering wrote:
>
> So, how do you bridge together two ports on an ASR1k, with STP? ;-)
>
> I do understand the bits about no global VLAN significance, etc.,
> and tieing bridge-groups to pseudowires, etc. - I just want the more
> basic stuff to be more explosion-robust when the customer plugs in
> things wrongly.  OTOH, the box is doing well, circulating 330.000 PPS
> in that STP loop, with barely any CPU load [these are IP/ARP broadcasts
> so the CPU is at risk of being told about them]...
>
>
> Good question, couldn't possibly tell you that.
>
> We typically don't support such topologies at Layer 2 in our network due to
> the very problem you describe. We'd run both ports independently for the
> same customer, as for such use-cases, they are either looking for redundancy
> or additional bandwidth; or both.


Sometimes beggars can't be choosers but this basically ^

We wouldn't offer dual connections to the same layer 3 edge device as
a "resilient" service nor have it participate in layer 2 service if it
is layer 3 edge. I'd stick a switch in place, the FW could have two
links to the switch and the switch can participate in STP and have one
uplink to the ASR920/PE for layer 3 termination/upstream.

Cheers,
James.
___
cisco-nsp mailing list  cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/

Re: [c-nsp] spanning-tree for local switching on ASR920

2017-10-19 Thread James Bensley 
On 19 October 2017 at 07:46, Gert Doering  wrote:
> On Thu, Oct 19, 2017 at 06:05:47AM +0200, Peter Rathlev wrote:
>> On Wed, 2017-10-18 at 15:39 +0200, Gert Doering wrote:
>> > I have an ASR920 that is supposed to have gi0/0/10 and gi0/0/11 in
>> > the same bridge group, with a routed IP:
>> >
>> > interface GigabitEthernet0/0/10
>> >  no ip address
>> >  media-type auto-select
>> >  negotiation auto
>> >  cdp enable
>> >  service instance 10 ethernet
>> >   encapsulation untagged
>> >   l2protocol peer stp
>> >   bridge-domain 10
>> >  !
>>
...
>> Then configure STP for VLAN "10". It doesn't seem like there is any way
>> to map to an arbitrary PVST instance, VLAN ID and bridge domain ID has
>> to match.

I don't know the answer to you question but Peter's suggestion sounds
like a probably answer to me. However, you didn't share you STP
config, or was "l2protocol peer stp" all of it? :)

Cheers,
James.
___
cisco-nsp mailing list  cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/

Re: [c-nsp] spanning-tree for local switching on ASR920

2017-10-19 Thread Mark Tinka 


On 19/Oct/17 09:46, Gert Doering wrote:

> I wasn't particularily asking for suggestions, but for "I have this 
> working, and this is how it looks like".  
>
> This box is unlike any other Cisco "switch-like thing" I've had in my 
> hands before, so it might very well be just not supported at all.

The ASR920, technically, is not an Ethernet switch. It just looks like one.

Treat more like an ASR1000 router, and you'll be just fine.


> There isn't anything else you *can* configure (except changing the
> global STP mode from pvstp to mst and back, and setup mst instances,
> which does not have an effecit either).
>
> So indeed, that's all there is, and the ASR920 MST/PVST+ documentation
> claims "there is nothing else you can do".
>
> *If* you have a vlan, you can do "spanning-tree vlan 10", but that is
> default anyway (= not showing up in the config), but since there is no
> "vlan 10" in the system, there's no spanning-tree instance for it either
> ("show vlans" comes up empty).

So Cisco's EVC/EFP infrastructure is very different from classic 802.1Q
Ethernet switching.

As you've figured out, VLAN ID's are not globally-significant on the
ASR920. This allows you to use the same VLAN ID several times on the
same device, which does not impose classic network-wide VLAN
limitations. Of course, most of this assumes you are using MPLS as the
upstream transport protocol.

The use of VLAN ID's on an ASR920 is really to map incoming traffic from
a downstream customer to a specific EFP, where upon an action is
performed on the traffic, e.g., run through a BDI for IP routing, attach
it to an x-connect for onward EoMPLS transport, e.t.c. The VLAN ID is
not used to separate traffic at a global level of the device, as it
happens in classic Layer 2 switching.

Hope this helps.

Mark.


signature.asc
Description: OpenPGP digital signature
___
cisco-nsp mailing list  cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/

Re: [c-nsp] spanning-tree for local switching on ASR920

2017-10-19 Thread adamv0025 
Hmm and if you enable debug can you actually see the stp packets being
issued (or even received) on either of the ports?
The config looks good for catching and processing such PDUs. 

Btw I'm still not getting the setup, so you have FW1 in port 1 and FW2 in
port 2 and p1 and p2 are in BD1.
Now how are the FWs forming a loop here over the , can't that be addressed
somehow?
My memories on this setup are pretty rusty I remember there was some
active/active or active/passive.
And I think in active/active mode you could spray sessions onto either of
them and they would exchange the flows between each other over the sync-link
depending on which of them had the flow map. (there where actually two
inter-switch links right one for data and one for CP messages + you could
have some redundancy) Is that roughly your setup?
But still I'd not expect this to loop packets? 
 
adam


___
cisco-nsp mailing list  cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/

Re: [c-nsp] spanning-tree for local switching on ASR920

2017-10-19 Thread Mark Tinka 


On 19/Oct/17 10:48, James Bensley wrote:

> We wouldn't offer dual connections to the same layer 3 edge device as
> a "resilient" service nor have it participate in layer 2 service if it
> is layer 3 edge. I'd stick a switch in place, the FW could have two
> links to the switch and the switch can participate in STP and have one
> uplink to the ASR920/PE for layer 3 termination/upstream.

Yes, we do exactly the same.

We've had to reject a number of requests from customers that have
multiple firewalls and want our ASR920 edge router to participate in
their LAN.

We've always told them to present a router to us, and decide,
internally, whatever it is they want to do with their firewalls and
leave us out of that decision. We are not in the habit of sharing Layer
2 broadcast domains with customers.

Mark.
___
cisco-nsp mailing list  cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/

Re: [c-nsp] spanning-tree for local switching on ASR920

2017-10-19 Thread Gert Doering 
Hi,

On Thu, Oct 19, 2017 at 09:45:08AM +0100, adamv0...@netconsultings.com wrote:
> Hmm and if you enable debug can you actually see the stp packets being
> issued (or even received) on either of the ports?
> The config looks good for catching and processing such PDUs. 

It's not sending PDUs, so the receiving end has nothing to work with.

If I connect both links to a switch that has STP active, and change the 
l2proto to "l2proto forward stp", the *switch* will stp-disable one 
link, but the ASR920 never does anything with it (except eat the STP
packets if "l2proto peer stp" is set).

> Btw I'm still not getting the setup, so you have FW1 in port 1 and FW2 in
> port 2 and p1 and p2 are in BD1.

In that case, there won't be a loop.  But customers are creative in cabling,
so I want to ensure that if the customer connects p1-p2, or connects a
switch that loops things around, the setup will not start looping packets
(... it is a local loop, and the ASR920 can stand it, but it might break
stuff in the customer network, and then we get to fix it "because your
device did it!").


Of course, split-horizon would also achieve this, so I'm not desperate to
find a solution for this particular use case - I just want to find out
whether STP can be done or not.

Seems I need 16.6 fanciness for that, which we'll try.

gert

-- 
USENET is *not* the non-clickable part of WWW!
   //www.muc.de/~gert/
Gert Doering - Munich, Germany g...@greenie.muc.de
fax: +49-89-35655025g...@net.informatik.tu-muenchen.de


signature.asc
Description: PGP signature
___
cisco-nsp mailing list  cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/

Re: [c-nsp] Cisco Catalyst 9300

2017-10-19 Thread Gert Doering 
Hi,

On Mon, Oct 16, 2017 at 04:28:54PM +, Nick Cutting wrote:
> Given that these are running 16.5 (Everest) and it is very new - is anyone 
> running these in production yet?
> I feel the 3850/3650 will be EOL in the next year or so - and these are 
> reasonably priced.
> 
> I think if these are production ready we could begin to buy these for our 
> clients and be more competitive rather than quoting our standard 3850 for a 
> client office spec

I have mixed feelings there... the fact that the smart features need a
yearly recurring license fee is making me wary.

gert

-- 
USENET is *not* the non-clickable part of WWW!
   //www.muc.de/~gert/
Gert Doering - Munich, Germany g...@greenie.muc.de
fax: +49-89-35655025g...@net.informatik.tu-muenchen.de


signature.asc
Description: PGP signature
___
cisco-nsp mailing list  cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/

Re: [c-nsp] spanning-tree for local switching on ASR920

2017-10-19 Thread Gert Doering 
Hi,

On Thu, Oct 19, 2017 at 08:21:27AM +0100, James Bensley wrote:
> >> Then configure STP for VLAN "10". It doesn't seem like there is any way
> >> to map to an arbitrary PVST instance, VLAN ID and bridge domain ID has
> >> to match.
> 
> I don't know the answer to you question but Peter's suggestion sounds
> like a probably answer to me. 

I wasn't particularily asking for suggestions, but for "I have this 
working, and this is how it looks like".  

This box is unlike any other Cisco "switch-like thing" I've had in my 
hands before, so it might very well be just not supported at all.

> However, you didn't share you STP
> config, or was "l2protocol peer stp" all of it? :)

There isn't anything else you *can* configure (except changing the
global STP mode from pvstp to mst and back, and setup mst instances,
which does not have an effecit either).

So indeed, that's all there is, and the ASR920 MST/PVST+ documentation
claims "there is nothing else you can do".

*If* you have a vlan, you can do "spanning-tree vlan 10", but that is
default anyway (= not showing up in the config), but since there is no
"vlan 10" in the system, there's no spanning-tree instance for it either
("show vlans" comes up empty).

gert

-- 
USENET is *not* the non-clickable part of WWW!
   //www.muc.de/~gert/
Gert Doering - Munich, Germany g...@greenie.muc.de
fax: +49-89-35655025g...@net.informatik.tu-muenchen.de


signature.asc
Description: PGP signature
___
cisco-nsp mailing list  cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/

Re: [c-nsp] spanning-tree for local switching on ASR920

2017-10-19 Thread Gert Doering 
Hi,

On Thu, Oct 19, 2017 at 09:08:31AM +0100, James Bensley wrote:
> Open a TAC case, they'll probably tell you STP isn't supported and the
> documentation is infact wrong, that is what has happened for me
> recently with some ASR920s and ME3600s with a different feature than
> STP :D

That is probably what we're going to do next, but I wanted to ask the
all-knowing c-nsp oracle first :-)  (after all, ASR920 BU folks *did*
read and answer here)

gert
-- 
USENET is *not* the non-clickable part of WWW!
   //www.muc.de/~gert/
Gert Doering - Munich, Germany g...@greenie.muc.de
fax: +49-89-35655025g...@net.informatik.tu-muenchen.de


signature.asc
Description: PGP signature
___
cisco-nsp mailing list  cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/

Re: [c-nsp] spanning-tree for local switching on ASR920

2017-10-19 Thread Lukas Tribus 
Hello Gert,



2017-10-18 15:39 GMT+02:00 Gert Doering :
> IOS is asr920-universalk9_npe.03.18.03.S.156-2.S3-std.bin

Well PVST+/RPVST+ is a fancy feature on this platform, and for fancy
features you need fancy releases :)
16.6.1 in this case:
https://www.cisco.com/c/en/us/td/docs/routers/asr920/release/notes/16-6/b-rn-xe-16-6-asr920/new-features.html


Not sure about STP/MST. There is a note about STP in 3.13S release
notes. But I'm not sure if and how that is supposed to work. Also it
looks like they are removing documentation for releases older than
16.x, so ... that doesn't help.


cheers,
lukas
___
cisco-nsp mailing list  cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/

Re: [c-nsp] spanning-tree for local switching on ASR920

2017-10-19 Thread Gert Doering 
Hi,

On Thu, Oct 19, 2017 at 06:05:47AM +0200, Peter Rathlev wrote:
> On Wed, 2017-10-18 at 15:39 +0200, Gert Doering wrote:
> > I have an ASR920 that is supposed to have gi0/0/10 and gi0/0/11 in
> > the same bridge group, with a routed IP:
> > 
> > interface GigabitEthernet0/0/10
> >  no ip address
> >  media-type auto-select
> >  negotiation auto
> >  cdp enable
> >  service instance 10 ethernet
> >   encapsulation untagged
> >   l2protocol peer stp
> >   bridge-domain 10
> >  !
> 
> We don't use STP on ASR920, but my guess is that you need "bridge-
> domain from-encapsulation" in the service instance configuration.

So where would untagged packets land, then?  "tag 10 -> bridge 10" I 
could understand, but this is just plain untagged...

> https://www.cisco.com/c/en/us/td/docs/routers/asr920/configuration/guide/lanswitch/lanswitch-xe-3s-asr920-book/lanswitch-xe-3s-asr920-book_chapter_0101.html#task_130
> 
> Then configure STP for VLAN "10". It doesn't seem like there is any way
> to map to an arbitrary PVST instance, VLAN ID and bridge domain ID has
> to match.

I need to test this :-) - though it feels... weird.

gert


-- 
USENET is *not* the non-clickable part of WWW!
   //www.muc.de/~gert/
Gert Doering - Munich, Germany g...@greenie.muc.de
fax: +49-89-35655025g...@net.informatik.tu-muenchen.de


signature.asc
Description: PGP signature
___
cisco-nsp mailing list  cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/

Re: [c-nsp] spanning-tree for local switching on ASR920

2017-10-19 Thread adamv0025 
Hi,

> From: Gert Doering [mailto:g...@greenie.muc.de]
> Sent: Thursday, October 19, 2017 10:15 AM
> 
> Hi,
> On Thu, Oct 19, 2017 at 09:45:08AM +0100, adamv0...@netconsultings.com
> wrote:
> > Hmm and if you enable debug can you actually see the stp packets being
> > issued (or even received) on either of the ports?
> > The config looks good for catching and processing such PDUs.
> It's not sending PDUs, so the receiving end has nothing to work with.
> If I connect both links to a switch that has STP active, and change the
l2proto
> to "l2proto forward stp", the *switch* will stp-disable one link, but the
> ASR920 never does anything with it (except eat the STP packets if "l2proto
> peer stp" is set).
I guess that answers your question regarding STP support on this thing.
Anyways running STP on a PE, as others have already indicated, is a big faux
pas in the Carrier-Ethernet/MEF world. 
So I'd suggest the CE/MEF-friendly split-horizons :) 

adam


___
cisco-nsp mailing list  cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/

Re: [c-nsp] spanning-tree for local switching on ASR920

2017-10-19 Thread Tassos Chatzithomaoglou 
I believe you should use "l2protocol forward/tunnel stp" instead of
"l2protocol peer stp" under si 10, assuming FWs run STP (?) and it's
untagged.

But another questions comes to my mind: are the two FWs L2 connected by
some other media too, besides through the ASR920?


--
Tassos

Gert Doering wrote on 18/10/2017 4:39 μμ:
> Hi,
>
> apologies if I've overlooked the obvious, but my google fu is failing me,
> and my "read cli help and guess" fu is not better today.
>
> I have an ASR920 that is supposed to have gi0/0/10 and gi0/0/11 in
> the same bridge group, with a routed IP:
>
> interface GigabitEthernet0/0/10
>  no ip address
>  media-type auto-select
>  negotiation auto
>  cdp enable
>  service instance 10 ethernet
>   encapsulation untagged
>   l2protocol peer stp
>   bridge-domain 10
>  !
> interface GigabitEthernet0/0/11
>  no ip address
>  media-type auto-select
>  negotiation auto
>  cdp enable
>  service instance 10 ethernet
>   encapsulation untagged
>   l2protocol peer stp
>   bridge-domain 10
>  !
> interface BDI10
>  ip address  
> end
>
>
> (the goal is "customer wants to connect redundant firewalls to this box,
> and they need to see each other on L2, and see their routed interface
> on the ASR920").
>
> The basic part works, but now the interesting bit: spanning-tree.
>
> Connecting gi0/0/10 and gi0/0/11 shows how performant the hardware
> is...
>
>   5 minute input rate 945978000 bits/sec, 337840 packets/sec
>   5 minute output rate 945974000 bits/sec, 337840 packets/sec
>
> ... and how robust the control plane (no impact) - this is great news :-)
> - but I had *hoped* that spanning-tree would actually disable one of
> the ports, at least that's how I read the docs on CCO on "STP on ASR920".
>
> I have tried all variants with PVSTP and MST that I could think of, 
> but none lead to more than this:
>
> ASR920#show spanning-tree su
> Switch is in pvst mode
> Root bridge for: none
> EtherChannel misconfig guard is enabled
> Extended system ID   is enabled
> Portfast Default is disabled
> PortFast BPDU Guard Default  is disabled
> Portfast BPDU Filter Default is disabled
> Loopguard Defaultis disabled
> UplinkFast   is disabled
> BackboneFast is disabled
> Pathcost method used is short
>
> Name   Blocking Listening Learning Forwarding STP Active
> --  -  -- --
> Total0 00  0  0
> ASR920#show spanning-tree int g0/0/10
> no spanning tree info available for GigabitEthernet0/0/10
>
> ASR920#show spanning-tree int g0/0/11
> no spanning tree info available for GigabitEthernet0/0/11
>
> ... as in "there is no spanning tree running here", and I can't find a 
> way to make it.
>
> Before I open a TAC case here - has one of you a working example of
> this, that is
>
>   - ASR920
>   - two or more local ports (untagged or default) in the same bridge-group
> ("forming a switch")
>   - spanning-tree enabled and working
>
> we do not want tagged (customer gear).  We could go with split-horizon,
> but we also want to understand the capabilities of this box, and why it
> is not behaving.
>
> IOS is asr920-universalk9_npe.03.18.03.S.156-2.S3-std.bin
>
> thanks,
>
> gert
>
>
>
> ___
> cisco-nsp mailing list  cisco-nsp@puck.nether.net
> https://puck.nether.net/mailman/listinfo/cisco-nsp
> archive at http://puck.nether.net/pipermail/cisco-nsp/

___
cisco-nsp mailing list  cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/

Re: [c-nsp] Outdoor switch

2017-10-19 Thread Jared Mauch 


> On Oct 19, 2017, at 1:54 PM, Charles Sprickman  wrote:
> 
>> 
>> On Oct 19, 2017, at 1:49 PM, Jared Mauch  wrote:
>> 
>> Take a look at the UBNT Edgepoint gear as well.  Fairly cool, comes in 
>> 10G/1G speed varieties with both routed and switched options.
> 
> Just be very careful with fencing UBNT gear off from anything malicious, it’s 
> swiss cheese.

UBNT you save on capital costs and sometimes trade in operational costs.  This 
can cut in a few different ways if you’re not monitoring or automating tasks.

- jared
___
cisco-nsp mailing list  cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/

Re: [c-nsp] Outdoor switch

2017-10-19 Thread Charles Sprickman via cisco-nsp 
--- Begin Message ---

> On Oct 19, 2017, at 1:49 PM, Jared Mauch  wrote:
> 
> Take a look at the UBNT Edgepoint gear as well.  Fairly cool, comes in 10G/1G 
> speed varieties with both routed and switched options.

Just be very careful with fencing UBNT gear off from anything malicious, it’s 
swiss cheese.

Charles

> 
> I have one lying around that I need to poke at sooner rather than later..
> 
> - Jared
> 
>> On Oct 19, 2017, at 1:26 PM, Christina Klam  wrote:
>> 
>> Buz and Jared,
>> 
>> I will take a look.  
>> 
>> I realized in my initial list of requirements, I missed a key one, POE.  Do 
>> you have any experience with 
>> https://www.microsemi.com/products/poe-systems/pds-104go-4-1-outdoor-switch 
>> ?  My google-foo found them.
>> 
>> Thanks,
>> Christina
>> 
>> - Original Message -
>> From: "Harold 'Buz' Dale" 
>> To: "Jared Mauch" , "C. Klam" 
>> Cc: cisco-nsp@puck.nether.net
>> Sent: Thursday, October 19, 2017 12:11:00 PM
>> Subject: Re: [c-nsp] Outdoor switch
>> 
>> Might also look at 
>> https://www.balticnetworks.com/mikrotik-routerboard-rb-260gs-complete-with-enclosure-and-power-supply-fiber-enabled.html
>> 
>> I’ve had good luck with Mikrotik in the past but they are very different 
>> from IOS devices.
>> 
>> Buz
>> 
>> On 10/19/17, 12:03 PM, "cisco-nsp on behalf of Jared Mauch" 
>>  wrote:
>> 
>>   If you just need one port, there is this box that works quite well:
>> 
>>   https://www.balticnetworks.com/mikrotik-fiber-to-copper-converter.html
>> 
>>   It does not have an integrated splice tray though.
>> 
>>   - Jared
>> 
>>> On Oct 19, 2017, at 12:00 PM, Christina Klam  wrote:
>>> 
>>> All,
>>> 
>>> I am hoping for some ideas.   We are running fiber to an outdoor pole (for 
>>> cameras and wireless access-points) and need a switch that can be 
>>> configured remotely, does 802.1q, Qos, and has 3 - 5 ports.  We are in the 
>>> MidAtlantic so the temperatures range from well below freezing to 100 deg 
>>> F.  
>>> 
>>> What do people use in these situations?
>>> 
>>> Thank you,
>>> Christina
>>> ___
>>> cisco-nsp mailing list  cisco-nsp@puck.nether.net
>>> https://puck.nether.net/mailman/listinfo/cisco-nsp
>>> archive at http://puck.nether.net/pipermail/cisco-nsp/
>> 
>>   ___
>>   cisco-nsp mailing list  cisco-nsp@puck.nether.net
>>   https://puck.nether.net/mailman/listinfo/cisco-nsp
>>   archive at http://puck.nether.net/pipermail/cisco-nsp/
> 
> ___
> cisco-nsp mailing list  cisco-nsp@puck.nether.net
> https://puck.nether.net/mailman/listinfo/cisco-nsp
> archive at http://puck.nether.net/pipermail/cisco-nsp/

--- End Message ---
___
cisco-nsp mailing list  cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/

Re: [c-nsp] manually crafted bypass LSPs

2017-10-19 Thread James Bensley 
On 16 October 2017 at 09:42,   wrote:
> Hi folks,
>
> Anyone tried running crafted bypass LSPs?
> I can't get mine working in the lab on 15.1F6 and have no idea why,
>
> Example:
> To primary LSP tail-end IP:
> set protocols rsvp interface ge-0/0/0.0 link-protection bypass test-to-pe1
> to 10.0.0.21
> set protocols rsvp interface ge-0/0/0.0 link-protection bypass test-to-pe1
> bandwidth 1m
> set protocols rsvp interface ge-0/0/0.0 link-protection bypass test-to-pe1
> path 10.0.0.2 loose
> set protocols rsvp interface ge-0/0/0.0 link-protection bypass test-to-pe1
> path 10.0.0.14 loose
> set protocols rsvp interface ge-0/0/0.0 link-protection bypass test-to-pe1
> path 10.0.0.20 loose
> To node protecting MP IP:
> set protocols rsvp interface ge-0/0/0.0 link-protection bypass test-to-cr2
> to 10.0.0.13
> set protocols rsvp interface ge-0/0/0.0 link-protection bypass test-to-cr2
> bandwidth 0
> set protocols rsvp interface ge-0/0/0.0 link-protection bypass test-to-cr2
> path 10.0.0.2 loose
> set protocols rsvp interface ge-0/0/0.0 link-protection bypass test-to-cr2
> path 10.0.0.8 loose
>
> Even with BW=0,
> The LSPs or rsvp interface extensive output keeps on complaining there's no
> sufficient BW (but for the automatic bypass LSP) -however I want my primary
> LSPs to use these crafted bypasses instead of the automatically created
> ones.
> (the bypass test-to-cr2 is practically the same thing as what would have
> bene created automatically)
> show rsvp session name BE_POP1_TO_PE1POP4_RED_0 extensive
> Type: Protection down
>   1 Oct 16 09:10:05 No suitable bypass with sufficient bandwidth[23
> times]
> show rsvp interface ge-0/0/0.0 extensive
> Protection: On, Bypass: 0, LSP: 1, Protected LSP: 0, Unprotected LSP: 1
>  10 Oct 15 19:41:24 No suitable bypass with sufficient bandwidth
> Bypass->10.1.0.40->10.1.0.17[4 times]
>
> LSP is configured with node/link protection:
> set protocols mpls label-switched-path BE_POP1_TO_PE1POP4_RED_0
> node-link-protection
>
> adam

Wrong list dude :)

Cheers,
James.
___
cisco-nsp mailing list  cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/

[c-nsp] Outdoor switch

2017-10-19 Thread Christina Klam 
All,

I am hoping for some ideas.   We are running fiber to an outdoor pole (for 
cameras and wireless access-points) and need a switch that can be configured 
remotely, does 802.1q, Qos, and has 3 - 5 ports.  We are in the MidAtlantic so 
the temperatures range from well below freezing to 100 deg F.  

What do people use in these situations?

Thank you,
Christina
___
cisco-nsp mailing list  cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/

Re: [c-nsp] Outdoor switch

2017-10-19 Thread Mike 

On 10/19/2017 09:00 AM, Christina Klam wrote:

All,

I am hoping for some ideas.   We are running fiber to an outdoor pole (for 
cameras and wireless access-points) and need a switch that can be configured 
remotely, does 802.1q, Qos, and has 3 - 5 ports.  We are in the MidAtlantic so 
the temperatures range from well below freezing to 100 deg F.

What do people use in these situations?




Can I suggest the Ubiquity EP-S16? Cheap ( $<500), PoE on all ports, has 
2xSFP slots, and in my operational experience, pretty solid and reliable.



___
cisco-nsp mailing list  cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/

Re: [c-nsp] Outdoor switch

2017-10-19 Thread Jared Mauch 
If you just need one port, there is this box that works quite well:

https://www.balticnetworks.com/mikrotik-fiber-to-copper-converter.html

It does not have an integrated splice tray though.

- Jared

> On Oct 19, 2017, at 12:00 PM, Christina Klam  wrote:
> 
> All,
> 
> I am hoping for some ideas.   We are running fiber to an outdoor pole (for 
> cameras and wireless access-points) and need a switch that can be configured 
> remotely, does 802.1q, Qos, and has 3 - 5 ports.  We are in the MidAtlantic 
> so the temperatures range from well below freezing to 100 deg F.  
> 
> What do people use in these situations?
> 
> Thank you,
> Christina
> ___
> cisco-nsp mailing list  cisco-nsp@puck.nether.net
> https://puck.nether.net/mailman/listinfo/cisco-nsp
> archive at http://puck.nether.net/pipermail/cisco-nsp/

___
cisco-nsp mailing list  cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/

Re: [c-nsp] Outdoor switch

2017-10-19 Thread Harold 'Buz' Dale 
Might also look at 
https://www.balticnetworks.com/mikrotik-routerboard-rb-260gs-complete-with-enclosure-and-power-supply-fiber-enabled.html

I’ve had good luck with Mikrotik in the past but they are very different from 
IOS devices.

Buz

On 10/19/17, 12:03 PM, "cisco-nsp on behalf of Jared Mauch" 
 wrote:

If you just need one port, there is this box that works quite well:

https://www.balticnetworks.com/mikrotik-fiber-to-copper-converter.html

It does not have an integrated splice tray though.

- Jared

> On Oct 19, 2017, at 12:00 PM, Christina Klam  wrote:
> 
> All,
> 
> I am hoping for some ideas.   We are running fiber to an outdoor pole 
(for cameras and wireless access-points) and need a switch that can be 
configured remotely, does 802.1q, Qos, and has 3 - 5 ports.  We are in the 
MidAtlantic so the temperatures range from well below freezing to 100 deg F.  
> 
> What do people use in these situations?
> 
> Thank you,
> Christina
> ___
> cisco-nsp mailing list  cisco-nsp@puck.nether.net
> https://puck.nether.net/mailman/listinfo/cisco-nsp
> archive at http://puck.nether.net/pipermail/cisco-nsp/

___
cisco-nsp mailing list  cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/


___
cisco-nsp mailing list  cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/

Re: [c-nsp] Outdoor switch

2017-10-19 Thread Christina Klam 
Buz and Jared,

I will take a look.  

I realized in my initial list of requirements, I missed a key one, POE.  Do you 
have any experience with 
https://www.microsemi.com/products/poe-systems/pds-104go-4-1-outdoor-switch ?  
My google-foo found them.

Thanks,
Christina

- Original Message -
From: "Harold 'Buz' Dale" 
To: "Jared Mauch" , "C. Klam" 
Cc: cisco-nsp@puck.nether.net
Sent: Thursday, October 19, 2017 12:11:00 PM
Subject: Re: [c-nsp] Outdoor switch

Might also look at 
https://www.balticnetworks.com/mikrotik-routerboard-rb-260gs-complete-with-enclosure-and-power-supply-fiber-enabled.html

I’ve had good luck with Mikrotik in the past but they are very different from 
IOS devices.

Buz

On 10/19/17, 12:03 PM, "cisco-nsp on behalf of Jared Mauch" 
 wrote:

If you just need one port, there is this box that works quite well:

https://www.balticnetworks.com/mikrotik-fiber-to-copper-converter.html

It does not have an integrated splice tray though.

- Jared

> On Oct 19, 2017, at 12:00 PM, Christina Klam  wrote:
> 
> All,
> 
> I am hoping for some ideas.   We are running fiber to an outdoor pole 
(for cameras and wireless access-points) and need a switch that can be 
configured remotely, does 802.1q, Qos, and has 3 - 5 ports.  We are in the 
MidAtlantic so the temperatures range from well below freezing to 100 deg F.  
> 
> What do people use in these situations?
> 
> Thank you,
> Christina
> ___
> cisco-nsp mailing list  cisco-nsp@puck.nether.net
> https://puck.nether.net/mailman/listinfo/cisco-nsp
> archive at http://puck.nether.net/pipermail/cisco-nsp/

___
cisco-nsp mailing list  cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/
___
cisco-nsp mailing list  cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/

Re: [c-nsp] Outdoor switch

2017-10-19 Thread Charles Sprickman via cisco-nsp 
--- Begin Message ---
These guys dominate in the WISP market and make great hardware.  Support is 
excellent.

We have around 4 of them up on roofs in NYC, they take the weather quite well 
as long as you get the recommended enclosure.

They take PoE in and can provide PoE out - all “passive” PoE since that’s what 
most of the WISP and camera gear wants:

https://www.netonix.com/wisp-switch.html 


Browse the forums for opinions and such:

https://forum.netonix.com/ 

Thanks,

Charles
-- 
Charles Sprickman
NetEng/SysAdmin
Bway.net - New York's Best Internet www.bway.net
sp...@bway.net - 212.982.9800



> On Oct 19, 2017, at 12:00 PM, Christina Klam  wrote:
> 
> All,
> 
> I am hoping for some ideas.   We are running fiber to an outdoor pole (for 
> cameras and wireless access-points) and need a switch that can be configured 
> remotely, does 802.1q, Qos, and has 3 - 5 ports.  We are in the MidAtlantic 
> so the temperatures range from well below freezing to 100 deg F.  
> 
> What do people use in these situations?
> 
> Thank you,
> Christina
> ___
> cisco-nsp mailing list  cisco-nsp@puck.nether.net
> https://puck.nether.net/mailman/listinfo/cisco-nsp
> archive at http://puck.nether.net/pipermail/cisco-nsp/

--- End Message ---
___
cisco-nsp mailing list  cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/

Re: [c-nsp] Outdoor switch

2017-10-19 Thread Jared Mauch 
Take a look at the UBNT Edgepoint gear as well.  Fairly cool, comes in 10G/1G 
speed varieties with both routed and switched options.

I have one lying around that I need to poke at sooner rather than later..

- Jared

> On Oct 19, 2017, at 1:26 PM, Christina Klam  wrote:
> 
> Buz and Jared,
> 
> I will take a look.  
> 
> I realized in my initial list of requirements, I missed a key one, POE.  Do 
> you have any experience with 
> https://www.microsemi.com/products/poe-systems/pds-104go-4-1-outdoor-switch ? 
>  My google-foo found them.
> 
> Thanks,
> Christina
> 
> - Original Message -
> From: "Harold 'Buz' Dale" 
> To: "Jared Mauch" , "C. Klam" 
> Cc: cisco-nsp@puck.nether.net
> Sent: Thursday, October 19, 2017 12:11:00 PM
> Subject: Re: [c-nsp] Outdoor switch
> 
> Might also look at 
> https://www.balticnetworks.com/mikrotik-routerboard-rb-260gs-complete-with-enclosure-and-power-supply-fiber-enabled.html
> 
> I’ve had good luck with Mikrotik in the past but they are very different from 
> IOS devices.
> 
> Buz
> 
> On 10/19/17, 12:03 PM, "cisco-nsp on behalf of Jared Mauch" 
>  wrote:
> 
>If you just need one port, there is this box that works quite well:
> 
>https://www.balticnetworks.com/mikrotik-fiber-to-copper-converter.html
> 
>It does not have an integrated splice tray though.
> 
>- Jared
> 
>> On Oct 19, 2017, at 12:00 PM, Christina Klam  wrote:
>> 
>> All,
>> 
>> I am hoping for some ideas.   We are running fiber to an outdoor pole (for 
>> cameras and wireless access-points) and need a switch that can be configured 
>> remotely, does 802.1q, Qos, and has 3 - 5 ports.  We are in the MidAtlantic 
>> so the temperatures range from well below freezing to 100 deg F.  
>> 
>> What do people use in these situations?
>> 
>> Thank you,
>> Christina
>> ___
>> cisco-nsp mailing list  cisco-nsp@puck.nether.net
>> https://puck.nether.net/mailman/listinfo/cisco-nsp
>> archive at http://puck.nether.net/pipermail/cisco-nsp/
> 
>___
>cisco-nsp mailing list  cisco-nsp@puck.nether.net
>https://puck.nether.net/mailman/listinfo/cisco-nsp
>archive at http://puck.nether.net/pipermail/cisco-nsp/

___
cisco-nsp mailing list  cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/