Only drawback on the ASR1k platform is the lack of PPPoA support, otherwise we
would
have happely migrated away from our 7200/1G's
We got 2 ASR1004's for ethernet aggregation and they're doing just fine for
that :)
If you *insist* on having route-processor redundancy (what about interface
Hi all,
I'm running 3x 3750G-24 in a stack. I'm seeing high CPU usage e.g.:
CPU utilization for five seconds: 69%/24%; one minute: 63%; five minutes: 74%
PID Runtime(ms) Invoked uSecs 5Sec 1Min 5Min TTY Process
20150885085 5144152 9891 17.41% 17.60% 16.68% 0 Spanning
2009/8/5 Carl Jones c...@outerloop.net
Hi all,
I'm running 3x 3750G-24 in a stack. I'm seeing high CPU usage e.g.:
CPU utilization for five seconds: 69%/24%; one minute: 63%; five minutes:
74%
PID Runtime(ms) Invoked uSecs 5Sec 1Min 5Min TTY Process
20150885085
Hi Peter,
On Tue, 4 Aug 2009, Peter Rathlev wrote:
I've been looking at tstat (http://tstat.tlc.polito.it/index.shtml) and
this looks very promising, but it doesn't seem to be able to analyze the
different flows seperately.
Have you taken a look at
Hi all,
Has anyone used wireshark successfully to decode ESP traffic?
The only material I can find online is people having the same problem
as me, or people using null encryption. I need to peek inside
esp-3des/esp-sha-hmac SAs
The wireshark wiki entry is:
Did you try looking at show interface null0?
I am not sure it works, but give it a try as I do not have quick access
to a lab where I can test this.
Arie
-Original Message-
From: cisco-nsp-boun...@puck.nether.net
[mailto:cisco-nsp-boun...@puck.nether.net] On Behalf Of luismi
Sent:
show interface null0 always works on Cisco boxes. You can see in/out
packets as well.
Regards,
Masood
Blog: http://weblogs.com.pk/jahil/
Did you try looking at show interface null0?
I am not sure it works, but give it a try as I do not have quick access
to a lab where I can test this.
Arie
On Wed, 5 Aug 2009, mas...@nexlinx.net.pk wrote:
Not always. Just do:
sho ip cache flow | incl Null
to see pkts that are null routed and that are not counted via the null0
interface.
-Hank
show interface null0 always works on Cisco boxes. You can see in/out
packets as well.
Regards,
Yes, but I just can see the output counters growing up. Quite strange
since null0 is not generating traffic and it has configured no ip
unreachables.
El mié, 05-08-2009 a las 12:47 +0200, Arie Vayner (avayner) escribió:
Did you try looking at show interface null0?
I am not sure it works, but
Hi,
I recently clustered 2 Catalysts 6509's into a VSS 1440
Virtual switch.
Details about the cluster:
- Software version:
s72033_rp Software (s72033_rp-IPSERVICESK9_WAN-M), Version 12.2(33)SXI1,
RELEASE SOFTWARE (fc3)
- Supervisor:
VS-S720-10G with one 10G port
used as VSL
I just configure a router here to use it but it is quite strange because
I can see correct traffic routed to null, and I didn't expect to see
that, I don't think it is correct.
#sho ip cache flow | incl Null
Fa0/1.1 10.55.0.32 Null 208.67.222.222 11 0A2A 0035
1
Fa0/1.1
luismi wrote:
I just configure a router here to use it but it is quite strange because
I can see correct traffic routed to null, and I didn't expect to see
that, I don't think it is correct.
#sho ip cache flow | incl Null
Fa0/1.1 10.55.0.32 Null 208.67.222.222 11 0A2A 0035
:- luismi == luismi asturlui...@gmail.com writes:
I just configure a router here to use it but it is quite strange because
I can see correct traffic routed to null, and I didn't expect to see
that, I don't think it is correct.
#sho ip cache flow | incl Null
Fa0/1.1
For small flow combinations you are right. btw, it would be just L3
src/dst flows by default unless the L4 port option is enabled.
I thought about there being a single flow causing the difference that
would be hashing down one of the paths. But 2G, while not impossible,
typically isn't used
There are scenarios (nat, acl drops, etc.) where the dst in the netflow
will show null.
For a transit packet that is forwarded out will not (should not) show Null.
Rodney
luismi wrote:
I just configure a router here to use it but it is quite strange because
I can see correct traffic routed
:- luismi == luismi asturlui...@gmail.com writes:
Yes, but I just can see the output counters growing up. Quite strange
since null0 is not generating traffic and it has configured no ip
unreachables.
yes, output counters are those that have a meaning. it's traffic
that's
I would suspect it's a timeout issue caused by it aging out of the arp cache
and not the tcam table.
Try adding mac-address-table aging-time 14400 to the config. This usually
happens when running HSPR/GLBP or other first-hop redudancy (VSS) where the
return path may be asymmetrical.
I tried any combination but same result.
Regards.At 13:24 31/07/2009, Marko Milivojevic wrote:
I use
1000BASE-LX/LH (GLC-LH-SM), on both Catalyst and 7206 NPE-G2, interface and
protocol are up but I cannot do anything, what am I missing?
How are your speed negotiation settings on both ends?
Dale Shaw dale.shaw+cisco-...@gmail.com writes:
It's been years since I was armpit deep in IPSec but I am assuming the
encryption key it wants is NOT the ISAKMP pre-shared key.
Nope, it wants the session key used for that particular session. This
can be hard to get, depending on which
I think it will also show Null when it is forwarded but goes through a
permit ACL with log keyword
John
On Wed, 5 Aug 2009, Rodney Dunn wrote:
There are scenarios (nat, acl drops, etc.) where the dst in the netflow will
show null.
For a transit packet that is forwarded out will not
Would agree that volume is rare between 2xIP addresses but we have something
similair although on not quite the scale.
We NAT a very large organisation to the Internet. They have a large number
of disparate sites that all do their own AV updates. All the PCs download at
the same time in the
Yes, this is a NAT scenario, maybe that is the reason.
So far the router is working ok, and the service is ok too.
So null value must be related with NAT or something similar.
___
cisco-nsp mailing list cisco-nsp@puck.nether.net
On Aug 5, 2009, at 9:01 PM, luismi wrote:
So null value must be related with NAT or something similar.
Most Cisco routers (the main exceptions being 6500/7600/4500 switches,
with their well-known NetFlow caveats regarding dropped traffic) show
the destination ifindex as 0 when the
We use a 7507 for about 800 DSL customers.
We've found it works more reliably and uses quite a bit less electricity
using DC power. We'd had some random crashes on AC power from little
power issues that weren't enough to activate UPSs. Then I got some DC
power supplies on Ebay for less than
Yes it is being translated by NAT for sure, I am 110% sure about that.
___
cisco-nsp mailing list cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/
Hi,
On Wed, Aug 05, 2009 at 08:49:50AM -0400, Julio Arruda wrote:
Isn't all process switched/punted traffic reported as ifout == Null in
Netflow ?
If a given IOS version does that, it's a bug.
ifout = NULL usually means traffic dropped due to ACL or no route.
gert
--
USENET is *not* the
Our DSLAM vendor supports PPPoA to PPPoE encapsulation/conversion (I'm not
sure how), so that's our migration plan if we need to move to a new BRAS
that doesn't have OC-3 interfaces.
Frank
-Original Message-
From: cisco-nsp-boun...@puck.nether.net
Gert Doering wrote:
Hi,
On Wed, Aug 05, 2009 at 08:49:50AM -0400, Julio Arruda wrote:
Isn't all process switched/punted traffic reported as ifout == Null in
Netflow ?
If a given IOS version does that, it's a bug.
ifout = NULL usually means traffic dropped due to ACL or no route.
gert
Gert Doering wrote:
Hi,
On Wed, Aug 05, 2009 at 08:49:50AM -0400, Julio Arruda wrote:
Isn't all process switched/punted traffic reported as ifout == Null in
Netflow ?
If a given IOS version does that, it's a bug.
ifout = NULL usually means traffic dropped due to ACL or no route.
gert
Hi,
On Wed, Aug 05, 2009 at 11:07:09AM -0400, Julio Arruda wrote:
On Wed, Aug 05, 2009 at 08:49:50AM -0400, Julio Arruda wrote:
Isn't all process switched/punted traffic reported as ifout == Null in
Netflow ?
If a given IOS version does that, it's a bug.
ifout = NULL usually means
Gert Doering wrote:
Hi,
On Wed, Aug 05, 2009 at 11:07:09AM -0400, Julio Arruda wrote:
On Wed, Aug 05, 2009 at 08:49:50AM -0400, Julio Arruda wrote:
Isn't all process switched/punted traffic reported as ifout == Null in
Netflow ?
If a given IOS version does that, it's a bug.
ifout = NULL
Hi,
On Wed, Aug 05, 2009 at 12:05:32PM -0400, Julio Arruda wrote:
BGP shows up on our 7200s as Local (addresses changed):
Cisco-7200sh ip cache flow | inc 00B3
Gi0/3.123 100.100.10.219 Local 100.100.10.200 06 8355 00B3
65 Gi0/1.11 100.100.10.46 Local
Take a look at this..
http://www.cisco.com/en/US/products/ps9336/products_tech_note09186a0080a7c837.shtml#oob_mac
Cisco also recommends that once you enable OOB Synchronization, that the MAC
aging timer be set to at least 3x the synchronization timer of 160:
Configure the MAC aging timer to
Hello all,
I'm trying to accomplish something with an IS-IS network, and I'm starting to
think it may not be possible, but I'm hoping someone here might have a
suggestion to help.
Basically, what I'm trying to accomplish is to have two routers subtended off an
aggregation router. So, say Router A
Ah...good one. If the sources were not random enough and it's NAT'ed to
one external ip you could really be multiplexing flows with NAT. ;)
Dean Smith wrote:
Would agree that volume is rare between 2xIP addresses but we have
something similair although on not quite the scale.
We NAT a very
On Wed, Aug 5, 2009 at 8:24 PM, Michael Schedrinmsched...@gmail.com wrote:
core-dal#sh platform tcam utilization
CAM Utilization for ASIC# 0 Max Used
Masks/Values Masks/values
Unicast mac addresses:
On Aug 5, 2009, at 9:57 PM, Jared Gillis wrote:
Basically I'm trying to replicate the concept of an OSPF
totally-stubby-not-so-stubby-area in IS-IS, and I'm starting to
question whether
it can be done. My network design is fairly flexible at this point
(the only
requirements are that it run
On Wednesday 05 August 2009 10:34:23 am jp wrote:
We use cold spares for parts. I've played with the redundant RSPs, but
its not a very clean cutover, and it takes a couple minutes before
everyting is happy. I've seen issues too where something breaks, but
things don't switch over.
I've got a
Daniel Verlouw wrote:
have a look at IS-IS mesh-groups. Although designed for a different
purpose, it might work. Stick router A and all of its stub routers into
the same L1 area. On router A, put all interfaces towards the stub
routers in the same mesh-group.
Hm, interesting though.
Exactly whats happening. On a couple of occasions when only 1 IP address at
the far end is active for downloads we see the traffic on just one of our
links because its all 1 IP to 1 IP (which was the point I was going to
make...and then forgot!) instead of all 3 links. In this case its 1 BGP
Hi
But seeing as the OP indicated that one of the circuits was 2GB
*underutilised* you'd be looking for 3 src/dst pairs that were all
doing 2GB to get this situation. It's looking pretty unlikely that
this is a hashing issue.
David
...
On 06/08/2009, at 6:23 AM, Rodney Dunn wrote:
Cisco VSS best practice document states
Recommendations
* Always run L2 or L3 MEC.
* Do not use on and off options with PAgP or LACP or Trunk
protocol negotiation.
oPAgP Run Desirable-Desirable with MEC links.
oLACP Run
Hi all,
I'm looking for something suitable to take the load from our 3750G
stack. But I'm not quite sure what the best solution would be.
Some details of the issues I'm seeing:
https://puck.nether.net/pipermail/cisco-nsp/2009-August/062932.html
I anticipate the new setup will eventually need to
I'm getting pushback from TAC on this. They're telling me that using
class-default is unsupported and they pointed me to the config guide for
the platform as proof:
44 matches
Mail list logo
