Re: [c-nsp] BGP and HSRP
hey, We get a new location with 2 internet upstreams and I'd like to run HSRP for fail-over. There is a bit of a strange topology though... My carriers gave me 2x2 /30 for two BGP sessions so I can run on both routers a full table BGP session to each of them. The problem(?) is that behind those two routers, there is one router who wants to announce some iBGP stuff to them. If I run HSRP on the LAN side, is it possible to make a peering to the virtual HSRP IP? How would BGP handle this or wouldn't this work at all? Don't peer with HSRP virtual address. Just use loopbacks and make 2 iBGP sessions from the 3rd router into first two. -- tarko ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] Port-Channel Problem
For the records - we use 3750 cross- stack even with 12.2.25SEC (yeah, dusty by now, but the first version that supported that) and they just work, and they absolutely work fine. -ako On Wed, 9 May 2007 16:52:00 -0700, Mike Lydick wrote: I had a similar issue when trying to turn up port channels that span across stack 3750. TAC recommends not using PAGP or LACP. Have not gotten it work since. Is this similar to your scenerio? Any resolution? - Original Message From: Dan Armstrong [EMAIL PROTECTED] To: Collins, Richard (SNL US) [EMAIL PROTECTED] Cc: cisco-nsp@puck.nether.net Sent: Tuesday, May 8, 2007 7:31:17 PM Subject: Re: [c-nsp] Port-Channel Problem I did exactly that, and managed to get it to go into LACP mode. The Etherchannel ran for about 3 hours without a problem, then all of a sudden started losing pings all over the place. I took one channel out of service, and it was fine. I tested both physical links separately, and they're both perfect. I'm scared to put them back into the Etherchannel now for fear that they'll fail again. I am using the single fibre SFPs (the GLC-BX-Us and GLC-BX-Ds) for both of these links. Anybody seen an Etherchannel lose it when the two underlying physical links are seemingly perfect on their own? Collins, Richard (SNL US) wrote: So I suppose the opposite side was set at the same time to either channel-group 10 mode [active or passive] for LACP? What about additionally setting.. metro2.tor-Front[760(config-if)#channel-protocol lacp I can't test this myself but saw the configuration option. -Rich Date: Sat, 05 May 2007 02:39:04 -0400 From: Dan Armstrong [EMAIL PROTECTED] Subject: [c-nsp] Port-Channel Problem To: cisco-nsp@puck.nether.net Message-ID: [EMAIL PROTECTED] Content-Type: text/plain; charset=ISO-8859-1; format=flowed Riddle me this. I have 1 physical link, and a port-channel interface operating in PAgP mode. interface GigabitEthernet1/21 no ip address switchport switchport trunk encapsulation dot1q switchport trunk allowed vlan 50,80,119,300-304,349,412,420,440,444,446,447 switchport trunk allowed vlan add 449,500,503,616,620,900 switchport mode trunk channel-group 10 mode desirable end interface Port-channel10 no ip address switchport switchport trunk encapsulation dot1q switchport trunk allowed vlan 50,80,119,300-304,349,412,420,440,444,446,447 switchport trunk allowed vlan add 449,500,503,616,620,900 switchport mode trunk metro2.tor-Front[7609]#sh int po10 Port-channel10 is up, line protocol is up (connected) Hardware is EtherChannel, address is 0015.f91d.5c8e (bia 0015.f91d.5c8e) Description: GEC to metro1.tor-Mowat [Port-channel10] MTU 9216 bytes, BW 100 Kbit, DLY 10 usec, reliability 255/255, txload 104/255, rxload 202/255 Life was good, then: 2 problems. I first tried to change to LACP: metro2.tor-Front[760(config-if)#channel-group 10 mode ? active Enable LACP unconditionally auto Enable PAgP only if a PAgP device is detected desirable Enable PAgP unconditionally on Enable Etherchannel only passiveEnable LACP only if a LACP device is detected metro2.tor-Front[760(config-if)#channel-group 10 mode active The interface bounced, and went straight back into PAgP mode. I tried it several times. [EMAIL PROTECTED], always back to PAgP. channel-group 10 mode desirable Second problem: I tried a second link anyway, and when I added a second link into the PAgP group, the rely on the port-channel interface started dropping like a stone, packets were dropping all over the place and even though everything seemed to be up, speed, duplex, vlans, configuration perfectly matched between the underlying physical interfaces the port-channel interface the po interface was a mess. The new physical link on it's own is clean as a whistle when I setup a test vlan, or set both sides up as routed interfaces Anybody have any light to shed? ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
[c-nsp] radius attributes and L2TP
fHello list We are running several LACs and LNSs using PPPoX in a vdpn setup. Currently we are using the vendor-tag circuit-id service command to get the location (DSLAM box,card,line) of xDSL users into the radius requests and log get request with the login information. This is working used fine for our customers that we terminate. The problem is that this information is not forwarded to the LNS, (if we are no terminating the user). If I do sh aaa user xxx where xxx is the unique id or a user terminated on LNS (L2TP forwarded) On the LAC I get: ---skip--- Authen: service=PPP type=PAP method=RADIUS Kerb: No data available Meth: No data available Preauth: No Preauth data. General: Unique Id = 0200 Session Id = 0386 Attribute List: 2392F160 0 0001 port-type(189) 4 PPPoE over ATM 2392F170 0 0009 interface(185) 14 2/0/0/127.1100 2392F180 0 0009 nas-connect-info(31) 15 1024_AutoDetect 2392F190 0 0009 client-mac-address(56) 14 00a0.. ---skip--- On the LNS I get: ---skip--- General: Unique Id = 00558B0B Session Id = 00AA7484 Attribute List: 21AAE384 0 0001 port-type(157) 4 Virtual Terminal 21AAE398 0 0009 interface(153) 16 Uniq-Sess-ID2149 21AAE3AC 0 0009 nas-connect-info(22) 17 company_BRAS ---skip--- The question is: Is this feature that I'm asking for available in some software for the Cisco 7200 platform? Any documentation regarding this would be appreciated Is it possible to somehow send VSA attributes via L2TP sessions? I have tried both 12.2-31.SB and 12.4-4 software and no luck. Regards MKS ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] L3 switch with MPLS support
Primoz Jeroncic wrote: Hi everyone I'm sorry since this post is not Cisco related, but I hope someone might still have some usefull suggestions. I'm trying to find l3 switch capable of MPLS. Unfortunately for some of our PE locations switches like cat6500 or c3750 metro our way way too much. So I'm trying to find something in range of Cisco 3560 but of course with MPLS support. Does anyone have any suggestions for any other then Cisco product, which would fit into such range? Buy a small CPU-based router (cisco 2800 or juniper J-series) and cheap L2 switch. ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] L3 switch with MPLS support
On Thu, 10 May 2007, Phil Mayers wrote: Primoz Jeroncic wrote: Hi everyone I'm sorry since this post is not Cisco related, but I hope someone might still have some usefull suggestions. I'm trying to find l3 switch capable of MPLS. Unfortunately for some of our PE locations switches like cat6500 or c3750 metro our way way too much. So I'm trying to find something in range of Cisco 3560 but of course with MPLS support. Does anyone have any suggestions for any other then Cisco product, which would fit into such range? Buy a small CPU-based router (cisco 2800 or juniper J-series) and cheap L2 switch. Thanks for this suggestion. Currently I use exactly this config (with c2800 not Juniper), but I'm somehow still hoping for cheap 1 or 2u l3 switch solution, even if not from Cisco. PS: c6500 is out of question for two reason... one it's too expensive and even if not (refurbished), it's too big sometimes. In small pops where we have let's say 10 clients, c6500 is really overkill. Have fun, Primoz Jeroncic Support - IP Connectivity Routing --- Softnet d.o.o. tel: +386 1 562 31 40 | Borovec 2 fax: +386 1 562 18 55 | 1 + 1 = 3 1236 Trzin primoz(at)softnet.si | for larger values of 1 Slovenija http://flea.softnet.si/ --- ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] Stable NPE-G2 IOS for SP?
We've decided to go with multiple 7206VXR/NPE-G2's for our edge routing (replacing older NPE-300/400 devices). We have simple needs -- BGP, OSPF, NetFlow, and some small ACLs on the WAN interfaces. Since the IOS selection for the G2 is somewhat limited, if others can share what IOS release has been stable for them, it would be appreciated. We're running 12.2SB for similar usage and don't have any problems (actual image is 12.2(31)SB3x) From what I recall there isn't a 12.3 image for the NPE-G2. 12.4T is out there with the new style of feature set, but we haven't used it in service. Mark. ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] L3 switch with MPLS support
Hi, Look at Cisco Catalyst 3750 Metro Series Switches ME-C3750-24TE-M Arunas -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of Primoz Jeroncic Sent: Thursday, May 10, 2007 10:36 AM To: Cisco Mailing list Subject: [c-nsp] L3 switch with MPLS support Hi everyone I'm sorry since this post is not Cisco related, but I hope someone might still have some usefull suggestions. I'm trying to find l3 switch capable of MPLS. Unfortunately for some of our PE locations switches like cat6500 or c3750 metro our way way too much. So I'm trying to find something in range of Cisco 3560 but of course with MPLS support. Does anyone have any suggestions for any other then Cisco product, which would fit into such range? Thanks in advance for all your suggestions, and sorry again for non-Cisco related question. Have fun, Primoz Jeroncic Support - IP Connectivity Routing --- Softnet d.o.o. tel: +386 1 562 31 40 | Borovec 2 fax: +386 1 562 18 55 | 1 + 1 = 3 1236 Trzin primoz(at)softnet.si | for larger values of 1 Slovenija http://flea.softnet.si/ --- ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/ - This message has been sent by e-mail system of BITE Group. This e-mail message is intended solely to the person to whom it is addressed and it may contain confidential or legally privileged information. If you have received it in error, please notify sender immediately and destroy this e-mail and any attachments. Opinions, conclusions and other information in this message that do not relate to the official business of BITE Group shall be understood as neither given nor endorsed by it. - ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] L3 switch with MPLS support
PS: c6500 is out of question for two reason... one it's too expensive and even if not (refurbished), it's too big sometimes. In small pops where we have let's say 10 clients, c6500 is really overkill. There is a smaller ME6500 version that would fit your needs size-wise. It's probably too expensive still. ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
[c-nsp] Cat 6500 SUP720 environment problems..
Hello all We have some questions in relation to our environment, we basically have a pair of 6509 chassis with sup720-3b`s connecting to lots ( over 300 ) cisco 3020 blade switches, with each 3020 attached to both 6509`s, there are no DFC`s on the linecards. The 6500`s have 8 x Gig-E connections as a portchannel between them The environment runs unicast and multicast but there is no really high traffic levels, we have some questions relating to below, any comments would be most welcome. 6500 --- 8 gig-e portchannel --- 6500 \ / \/ \ 300+ 3020 blades / Cat6509`s are running both running 12.2.18SXF5 - ipservicesk9-mz.122-18.SXF5.bin CAT6KSUP720-3B#sh cat chassis MAC addresses: 1024 addresses from 0018.7433.3400 to 0018.7433.37ff traffic meter = 1% Last cleared at 13:22:27 GMT Thu Nov 9 2006 peak = 96%reached at 01:12:36 BST Thu May 10 2007 switching-clock: clock switchover and system reset is allowed Q - Is this peak only for the shared bus ? ## CAT6KSUP720-3B#sh pla ha cap for L2 Forwarding Resources MAC Table usage: Module Collisions Total Used %Used 50 65536 2905 4% VPN CAM usage: Total Used %Used 512 0 0% L3 Forwarding Resources FIB TCAM usage: TotalUsed %Used 72 bits (IPv4, MPLS, EoM) 1966084232 2% 144 bits (IP mcast, IPv6) 327681483 5% detail: ProtocolUsed %Used IPv44232 2% MPLS 0 0% EoM0 0% IPv6 2 1% IPv4 mcast 1481 5% IPv6 mcast 0 0% Adjacency usage: TotalUsed %Used 10485764194 1% Forwarding engine load: Module pps peak-pps peak-time 5 6163919068315 15:29:21 GMT Mon Dec 18 2006 Q - Is the peak-pps the largest peak seen by the PFC Q - If it is, is this not well short of the 30mpps that the box should be able to support ## CAT6KSUP720-3B#sh ibc brief Interface information: Interface IBC0/0(idb 0x51E4F010) Hardware is Mistral IBC (revision 5) 5 minute rx rate 134000 bits/sec, 60 packets/sec 5 minute tx rate 76000 bits/sec, 48 packets/sec 801981457 packets input, 158150852481 bytes 571784929 broadcasts received 615169009 packets output, 150564832578 bytes 65392127 broadcasts sent 1 Inband input packet drops 0 Bridge Packet loopback drops 50002482 Packets CEF Switched, 118971932 Packets Fast Switched 0 Packets SLB Switched, 0 Packets CWAN Switched IBC resets = 1; last at 14:25:38.107 gmt Sat Oct 28 2006 MISTRAL ERROR COUNTERS System address timeouts = 0 BUS errors = 0 IBC Address timeouts = 0 (addr 0x0) Page CRC errors = 0 IBL CRC errors = 0 ECC Correctable errors = 0 Packets with padding removed (0/0/0) = 0 Packets expanded (0/0) = 0 Packets attempted tail end expansion 1 page and were dropped = 0 IP packets dropped with frag offset of 1 = 0 1696 packets (aggregate) dropped on throttled interfaces Hazard Illegal packet length = 0 Illegal Offset = 0 Hazard Packet underflow = 0 Packet Overflow = 0 IBL fill hang count = 0 Unencapsed packets = 0 LBIC RXQ Drop pkt count = 0LBIC drop pkt count = 0 LBIC Drop pkt stick = 0 The CEF counter is not clocking in this instance, whereas the fast switch counter is, our understanding is that the IBC is the bus between the SP and RP? Q - Why do we see so many fast switches packets Q - Should the CEF counter not increment ## CAT6KSUP720-3B#sh ip mroute count ters IP Multicast Statistics 730 routes using 681034 bytes of memory 21 groups, 33.76 average sources per group Q - The above is the avergae mcast count for the box, this to us doesn't seem high ? Q - With lots of multicast boundary commands
Re: [c-nsp] SNMP quering of queue-stats etc. / CBWFQ / cbqos from C7200
On Thu, May 10, 2007 at 12:04:42PM +0200, Dennis Breithaupt wrote: Hello people, It seems, that I've either misunderstood the concepts of getting qos-stats out of a c7200 :) or that there're some other problems with that. Anyway, I kindly request any hints, that may help here :) http://www.acktomic.com/cricket/cricket.htm Download genRtrConfig or one of its friends and run it against your router. Be sure to use the --vendor-int or whatever option it is that digs out all the Cisco-specific stats like the queue-stats. Even if you're not using Cricket, the Cricket configuration that this script generates will show you how to get the queue-stats, filtered packets, and other fun stuff. ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] BGP and HSRP
On Wednesday 09 May 2007, myNET NOC - Bernd Ueberbacher wrote: Hi everyone! I'm reading this list for a couple of months now and tonight I got my first question :-) [snip details] It is a really good list, isn't it? I certainly have found it to be. In any case, maybe this will help you think it through: Ok, you have two upstreams, and three routers. Let's call the first upstream's router 'U1', the second upstream's router 'U2', and the internal third router 'I3'. Now, U1 will need to BGP peer with its upstream router. U2 will need to BGP peer with its upstream router. U1 and U2 need an iBGP neighbor relationship between them. (meaning you need an AS number; you can probably get your upstreams to filter a private ASN for you if you don't have your own ASN). I3 would ideally run an interior gateway routing protocol to get to U1 and U2 (and the rest of your network) rather than HSRP, which is designed to provide failover for workstations that only have a default route (well, any device with only a default route). BGP itself will provide all the automatic failover from your upstream routers back to U1 and U2; you neither need nor really want HSRP on the upstream side of things. And given that the upstreams are not on the same subnet, HSRP won't even work (HSRP won't work on a /30 anyway, as there aren't enough IP addresses: you need an absolute minimum of 3 usable addresses for the gateway side of HSRP, not counting the stations/routers with their default gateway pointing to the HSRP virtual IP, and your /30's have only two usable addresses; a /29 is the smallest subnet on which HSRP will work). Now, if you REALLY want HSRP on the LAN side, it will work, but you then don't run iBGP on that side; I3 would have a simple default route to the HSRP virtual address, and U1 and U2 would have LAN interfaces on the same subnet as I3's interface. I'm doing something similar to this here with a pair of 7401's at the provider end of an OC3, using a Catalyst 5505 as a 'port expander' for the 7401's, and talking through what I'm doing might help you see how to use HSRP and BGP appropriately in your instance. The 7401's and the 5505 are at the co-location and upstream PoP facility; the OC3 is a non-Internet WAN link from the co-lo/PoP to my site, and the Internet connection is over Fast Ethernet. The OC3 is configured with APS redundancy; each 7401 has a PA-POS-OC3-SMI in it, but only one is active at any given time, with the other as a hot standby (the APS terminology is 'working' and 'protect' with only one of them being 'active' at a time). Each 7401 has two GigE interfaces, one of which is set up as an 802.1Q trunk to the 5505 (the second port on each 7401 is being connected to another Catalyst for layer 2 redundancy, but that's not finished yet). On the GigE trunk, I have a VLAN for the internet connections going to a port on the 5505 that connect to my upstream's 7609 (yes, I'm upstreaming with a /29 and two BGP sessions over it; a second /29 is going to be implemented for a second upstream a little later); I also have a VLAN for the co-lo servers connected to the 5505. There are other VLAN's configured, but they aren't important for this discussion. The Internet VLAN subinterfaces on the 7401's run BGP to my upstream (in this case, redundancy to the single upstream due to SONET APS). The two 7401's have an iBGP connection between them, and I'm not redistributing the BGP routing into the OSPF. The VLAN for the co-lo servers runs HSRP tied to the OC3 interface status, so that an APS 'working-protect' transition event also switches the HSRP active. I'm running OSPF between the two 7401's and the routers on the local side of the APS protected OC3, and failover is pretty quick. (Oh, and NAT is in play here, too, with Stateful NAT failover and HSRP NAT groups, but that muddies the waters). Oh, and in case anyone is curious, the two POS interfaces are configured with the same IP address for least confusion in the routing. But the HSRP on the co-lo side from the servers works well, and the BGP routing out works well too, but they solve different problems. Dual BGP sessions to upstreams don't need HSRP, and it would be more trouble than it's really worth to try to get working. I hope this helps you think through the problem you're really trying to solve here, which, unless I misunderstand, is getting failover between your two upstreams. There are several Ciscopress as well as other publisher's books that address this topic; also, you might want to read the Cisco whitepaper that talks about enterprise multihoming with NAT, as it gives a good diagram of part of what I've implemented here (although I'm not doing the type of NAT they describe). If you'd like pointers to some good books, let me know and I'll reply offlist. -- Lamar Owen Chief Information Officer Pisgah Astronomical Research Institute 1 PARI Drive Rosman, NC 28772
[c-nsp] netflow monitoring
Just out of curiosity, what sorts of freeware/open source tools are people using to provide some level of alerting based on netflow data? Most of the open source tools I've seen do visualization and/or data collection, but the alert capabilities were lacking, at least the last time I looked. I also realize that the alerting capabilities are a bit of a moving target. Rule-based alert systems, i.e. if incoming tcp/445 traffic to network X reaches Y pps, do action Z, or more automated baseline/delta systems are both options. As much as I'd like to go with a known-solid commercial solution like Arbor Networks, the $$ isn't in the budget for that right now. Any thoughts are appreciated. jms ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] Port-Channel Problem
These were just 2 ports on the same blade of a WS-X6724 blade at both sides... nothing at all strange. I never thought of not using PAgP or LACP - perhaps I should try it. I am too nervous to bring the GEC back up - both links out of the Etherchannel have been testing fine for days... maybe I should just suck it up and try it to see if it fails again. Mike Lydick wrote: I had a similar issue when trying to turn up port channels that span across stack 3750. TAC recommends not using PAGP or LACP. Have not gotten it work since. Is this similar to your scenerio? Any resolution? - Original Message From: Dan Armstrong [EMAIL PROTECTED] To: Collins, Richard (SNL US) [EMAIL PROTECTED] Cc: cisco-nsp@puck.nether.net Sent: Tuesday, May 8, 2007 7:31:17 PM Subject: Re: [c-nsp] Port-Channel Problem I did exactly that, and managed to get it to go into LACP mode. The Etherchannel ran for about 3 hours without a problem, then all of a sudden started losing pings all over the place. I took one channel out of service, and it was fine. I tested both physical links separately, and they're both perfect. I'm scared to put them back into the Etherchannel now for fear that they'll fail again. I am using the single fibre SFPs (the GLC-BX-Us and GLC-BX-Ds) for both of these links. Anybody seen an Etherchannel lose it when the two underlying physical links are seemingly perfect on their own? Collins, Richard (SNL US) wrote: So I suppose the opposite side was set at the same time to either channel-group 10 mode [active or passive] for LACP? What about additionally setting.. metro2.tor-Front[760(config-if)#channel-protocol lacp I can't test this myself but saw the configuration option. -Rich Date: Sat, 05 May 2007 02:39:04 -0400 From: Dan Armstrong [EMAIL PROTECTED] Subject: [c-nsp] Port-Channel Problem To: cisco-nsp@puck.nether.net Message-ID: [EMAIL PROTECTED] Content-Type: text/plain; charset=ISO-8859-1; format=flowed Riddle me this. I have 1 physical link, and a port-channel interface operating in PAgP mode. interface GigabitEthernet1/21 no ip address switchport switchport trunk encapsulation dot1q switchport trunk allowed vlan 50,80,119,300-304,349,412,420,440,444,446,447 switchport trunk allowed vlan add 449,500,503,616,620,900 switchport mode trunk channel-group 10 mode desirable end interface Port-channel10 no ip address switchport switchport trunk encapsulation dot1q switchport trunk allowed vlan 50,80,119,300-304,349,412,420,440,444,446,447 switchport trunk allowed vlan add 449,500,503,616,620,900 switchport mode trunk metro2.tor-Front[7609]#sh int po10 Port-channel10 is up, line protocol is up (connected) Hardware is EtherChannel, address is 0015.f91d.5c8e (bia 0015.f91d.5c8e) Description: GEC to metro1.tor-Mowat [Port-channel10] MTU 9216 bytes, BW 100 Kbit, DLY 10 usec, reliability 255/255, txload 104/255, rxload 202/255 Life was good, then: 2 problems. I first tried to change to LACP: metro2.tor-Front[760(config-if)#channel-group 10 mode ? active Enable LACP unconditionally auto Enable PAgP only if a PAgP device is detected desirable Enable PAgP unconditionally on Enable Etherchannel only passiveEnable LACP only if a LACP device is detected metro2.tor-Front[760(config-if)#channel-group 10 mode active The interface bounced, and went straight back into PAgP mode. I tried it several times. [EMAIL PROTECTED], always back to PAgP. channel-group 10 mode desirable Second problem: I tried a second link anyway, and when I added a second link into the PAgP group, the rely on the port-channel interface started dropping like a stone, packets were dropping all over the place and even though everything seemed to be up, speed, duplex, vlans, configuration perfectly matched between the underlying physical interfaces the port-channel interface the po interface was a mess. The new physical link on it's own is clean as a whistle when I setup a test vlan, or set both sides up as routed interfaces Anybody have any light to shed? ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/ ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/ ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
[c-nsp] Snmp monitoring of 10GigE Interfaces
Hi all: I am having rather erratic and inconsistent results for bandwidth usage reports from different SNMP software packages (MRTG, Cacti, Solarwinds etc) when monitoring 10GigE interfaces on Cisco 7609 Routers. For example there is discripency in what the snmp software says what the 5 min bps output rate is, and what the show int te1/1 shows on the router itself. Software is lower always. Any suggestions on how I can fix this? Thanks. Kumar ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] Snmp monitoring of 10GigE Interfaces
On Thu, 10 May 2007, Kumar Dasari wrote: I am having rather erratic and inconsistent results for bandwidth usage reports from different SNMP software packages (MRTG, Cacti, Solarwinds etc) when monitoring 10GigE interfaces on Cisco 7609 Routers. For example there is discripency in what the snmp software says what the 5 min bps output rate is, and what the show int te1/1 shows on the router itself. Software is lower always. Any suggestions on how I can fix this? On average, how far off are the SNMP counters from the output of a 'show interface TenGigXXX'? A few thoughts off the bat... 1. Are you running a version of software on these routers that has an SNMP bug? 2. Are you polling the 64-bit counters for your 10 gig interfaces? 3. What is the load-interval set to on the interfaces? If you don't see a load-interval XX under specific interface configs, then it's set to the default value, which I believe is 5 minutes. 4. Are the graphs always lower, even in the 5-minute/daily traffic views? MRTG will wash some of the traffic peaks out of the graphs over time, unless you specifically tell it to preserve them, but you wouldn't see this until you get into the longer-term views. jms ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] Snmp monitoring of 10GigE Interfaces
Kumar Dasari wrote: I am having rather erratic and inconsistent results for bandwidth usage reports from different SNMP software packages (MRTG, Cacti, Solarwinds etc) when monitoring 10GigE interfaces on Cisco 7609 Routers. For example there is discripency in what the snmp software says what the 5 min bps output rate is, and what the show int te1/1 shows on the router itself. Software is lower always. Any suggestions on how I can fix this? Increase your sample rate - you're probably hitting the SNMP counter rollover. Quoth the Cricket manual (http://cricket.sourceforge.net/support/doc/reference.html): an SNMP Counter32 can wrap in under 5 minutes at bandwidths above 100 Mbits, it's critical to fetch the data more often, or else RRD will not be able to correctly detect and process the counter wrap. -- Rhett Bassett Research and Development Lead Hunter Communications 541.734.2800 x2117 http://www.coreds.net ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] Snmp monitoring of 10GigE Interfaces
Alternatively, make sure you're using the 64 bit counters (ifHCInOctets ifHCOutOctets). See the ifXtable in ftp://ftp.cisco.com/pub/mibs/v2/IF-MIB.my - billn On Thu, 10 May 2007, Rhett Bassett wrote: Kumar Dasari wrote: I am having rather erratic and inconsistent results for bandwidth usage reports from different SNMP software packages (MRTG, Cacti, Solarwinds etc) when monitoring 10GigE interfaces on Cisco 7609 Routers. For example there is discripency in what the snmp software says what the 5 min bps output rate is, and what the show int te1/1 shows on the router itself. Software is lower always. Any suggestions on how I can fix this? Increase your sample rate - you're probably hitting the SNMP counter rollover. Quoth the Cricket manual (http://cricket.sourceforge.net/support/doc/reference.html): an SNMP Counter32 can wrap in under 5 minutes at bandwidths above 100 Mbits, it's critical to fetch the data more often, or else RRD will not be able to correctly detect and process the counter wrap. ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] Snmp monitoring of 10GigE Interfaces
Looks like a 64-bit vs 32-bit counter problem. You have to configure the software to seek the 64-bit OID. Kumar Dasari [EMAIL PROTECTED] Sent by: [EMAIL PROTECTED] 05/10/2007 10:36 AM Please respond to Kumar Dasari [EMAIL PROTECTED] To cisco-nsp@puck.nether.net cc Subject [c-nsp] Snmp monitoring of 10GigE Interfaces Hi all: I am having rather erratic and inconsistent results for bandwidth usage reports from different SNMP software packages (MRTG, Cacti, Solarwinds etc) when monitoring 10GigE interfaces on Cisco 7609 Routers. For example there is discripency in what the snmp software says what the 5 min bps output rate is, and what the show int te1/1 shows on the router itself. Software is lower always. Any suggestions on how I can fix this? Thanks. Kumar ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/ ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] Snmp monitoring of 10GigE Interfaces
According to Cisco: If the bandwidth of the interface is greater than the maximum value reportable by this object then this object should report its maximum value (4,294,967,295) and ifHighSpeed must be used to report the interace's speed. -- Tassos Bill Nash wrote on 10/5/2007 8:05 μμ: Alternatively, make sure you're using the 64 bit counters (ifHCInOctets ifHCOutOctets). See the ifXtable in ftp://ftp.cisco.com/pub/mibs/v2/IF-MIB.my - billn On Thu, 10 May 2007, Rhett Bassett wrote: Kumar Dasari wrote: I am having rather erratic and inconsistent results for bandwidth usage reports from different SNMP software packages (MRTG, Cacti, Solarwinds etc) when monitoring 10GigE interfaces on Cisco 7609 Routers. For example there is discripency in what the snmp software says what the 5 min bps output rate is, and what the show int te1/1 shows on the router itself. Software is lower always. Any suggestions on how I can fix this? Increase your sample rate - you're probably hitting the SNMP counter rollover. Quoth the Cricket manual (http://cricket.sourceforge.net/support/doc/reference.html): an SNMP Counter32 can wrap in under 5 minutes at bandwidths above 100 Mbits, it's critical to fetch the data more often, or else RRD will not be able to correctly detect and process the counter wrap. ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/ ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] SNMP quering of queue-stats etc. / CBWFQ / cbqos from C7200 [solved]
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Dennis Breithaupt schrieb: Hello people, It seems, that I've either misunderstood the concepts of getting qos-stats out of a c7200 :) or that there're some other problems with that. Anyway, I kindly request any hints, that may help here :) Re all, thank you all for your hints. As it turned out, we did everything correct. After looking through all the documents we got even more confident, that everything was configured the way it should. :) After a reboot(!) of the router, all snmp-counters were available as expected. The reboot was not possible over the day, though, and earlier we had not seen a reason for rebooting... - Maybe it would have been enough to stop/start the snmp-server... I'll try that on another system later. Regards - -Dennis -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.5 (MingW32) iD8DBQFGQ28dT+6It6VVS5kRAvWQAJ9GfPvIhlUcILJ3altc18uhYmHNgACgh86C aHymUAo1OIgwXCXTIaNq/18= =ZHmX -END PGP SIGNATURE- ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] BGP and HSRP
2007/5/10, Lamar Owen [EMAIL PROTECTED]: If you'd like pointers to some good books, let me know and I'll reply offlist. You seem to understand well the networking principles, so I'm also interested in the reference of the books that taught you so well :) Thanks, -- Vassili Tchersky Réseau Koumbit Network VTC1-ARIN ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
