Hello,
I'm trying to do profiling on cpu process that's occasionally 100% (PDU
DISPATCHER).
This is what I'm using:
process cpu threshold type total rising 50 interval 5 falling 30 interval 5
!
event manager applet profile_snmp_start
event syslog pattern .*SYS-1-CPURISINGTHRESHOLD.*
action 0
On Mon, 2014-02-03 at 09:44 +0100, Cydon Satyr wrote:
event manager applet profile_snmp_start
[...]
When I do it from cli myself, it works. Whan I wait for EEM to do it,
it never does. I see it matches syslog event, but when I log in and
try show profile terse, nothing is there.
Are you using
Ah, that was it! I had a feeling it had to do with authorization.
Thanks!
Kind Regards
On Mon, Feb 3, 2014 at 11:14 AM, Peter Rathlev pe...@rathlev.dk wrote:
On Mon, 2014-02-03 at 09:44 +0100, Cydon Satyr wrote:
event manager applet profile_snmp_start
[...]
When I do it from cli myself,
Thank you to all for your replies and advice over the weekend. We are
treating the situation as a DoS originating from within our network and are
locking things down accordingly. You may be hearing from me again soon
depending on how things go!
Adam
From: John Kougoulos
Hi,
today I saw 2x Sup720-3B (default 192K IPv4 routes) that received a full
table.
After FIB was filled IOS gave a warning that it now may forward in
software (and resetted all BGP sessions because of memory issues). I don't
have the exact messages.
The real problem occured after that. I shut
Hi,
On Mon, Feb 03, 2014 at 03:09:07PM +0100, Rolf Hanßen wrote:
today I saw 2x Sup720-3B (default 192K IPv4 routes) that received a full
table.
After FIB was filled IOS gave a warning that it now may forward in
software (and resetted all BGP sessions because of memory issues). I don't
have
I've never tried it, but you might be able to create a MLS rate
limiter/CoPP policy to drop all the FIB Miss packets from being punted and
try to reset the HW CEF table and see if that works. I doubt it will, but
in a pinch it could be worth a try.
On Mon, Feb 3, 2014 at 9:09 AM, Rolf Hanßen
Simple answer: No.
One of the major design errors of the FIB in the Sup720.
Unfortunately, once the FIB is full, the only way to get it back to normal is
to restart the whole box.
CFIB-SP-STBY-7-CFIB_EXCEPTION : FIB TCAM exception, Some entries will be
software switched
Is there a way to avoid those issues by let it just ignoring routes not
matching into the FIB?
Hi Rolf,
Unfortunately the only option is to reset the bgp neighbor after the number
of received routes crosses a certain threshold.
neighbor x.x.x.x maximum-prefix 1 75 restart 5
But still
On Sat, Feb 1, 2014 at 12:41 PM, Chris Marget ch...@marget.com wrote:
I tried two operating systems and four browsers yesterday. I couldn't
upload files that were just a few hundred KB.
That was on Friday. Nothing has changed on my end
(hardware/software/network), but I'm able to upload files
Hi list,
I am trying to manipulate the next-hop for community-tagged routes, inbound
on a 6PE router. Routes are received from route-reflectors, and should be
treated inbound. In this specific scenario I am trying to change a
next-hop. The configuration is based on what we have in production on
Hi Chris / All,
Thanks for alerting us to this problem. The Support Case Manager team
put a fix (we hope) in this weekend.
Glad it is now working for you.
Sincerely,
David.
On 2/3/2014 10:12 AM, Chris Marget wrote:
On Sat, Feb 1, 2014 at 12:41 PM, Chris Marget ch...@marget.com wrote:
I
One other thing I noticed from your email and something that we've
experienced in the past as well. I think it may also be related to
hitting the TCAM limit but check to see if you have this command enabled:
mls rate-limit unicast cef receive 1 255
According to Cisco, that command will
Hey,
I don't think you can actually recover from that. What you might be able to do,
depending on your design, is use selective route download
(http://www.cisco.com/en/US/docs/ios-xml/ios/iproute_bgp/configuration/15-s/irg-selective-download.html
) to prevent routes from overflowing your FIB
I don't have time at the moment to look up the details, but I seem to
recall that beginning in XR 4.2, there are limitations (or maybe flat
out restrictions) on setting the next-hop on an ingress route policy.
I do know that we had to change several of our route policies to get
around this when
Hi,
indeed, the limiter was installed.
kind regards
Rolf
One other thing I noticed from your email and something that we've
experienced in the past as well. I think it may also be related to
hitting the TCAM limit but check to see if you have this command enabled:
mls rate-limit unicast
Hi Adam,
So, the symptoms are high latency from internal network to Inside of
ASA's interface?
And during this problem, the switch appears to be re-establishing the
OSPF neighbor?
It wasn't clear to me if you were also seeing packet loss or not.
A suggestion to narrow down some things:
If the
On 2/3/14 7:03 AM, Adam Vitkovsky wrote:
Is there a way to avoid those issues by let it just ignoring routes not
matching into the FIB?
Hi Rolf,
Unfortunately the only option is to reset the bgp neighbor after the number
of received routes crosses a certain threshold.
neighbor x.x.x.x
There is a field upgrade available from Cisco for the 3B to convert it
to a 3BXL that as I recall was fairly cheap, and was pretty simple to
install.
--
Don
On 2/3/2014 9:09 AM, Rolf Hanßen wrote:
Hi,
today I saw 2x Sup720-3B (default 192K IPv4 routes) that received a full
table.
After FIB
On 02/03/2014 06:09 AM, Rolf Hanßen wrote:
But it started to drop packets, I saw no pattern, it looked nearly random.
I needed to reboot both boxes to resolve that issue.
That pretty much sums it up.
You can set up some inbound filtering to prevent a lot of routes to go
into the routing table
Hi,
On Mon, Feb 03, 2014 at 10:24:56AM -0500, Lobo wrote:
Thanks to the other replies about having to reload the switch to clear
the TCAM exception. I didn't know that once you hit it that the only
way to fix it was to completely reload the box.
Been there, done that. Affected only very
Nick: We are not using Jumbo Frames or QoS yet, but we haven't seen
any indication of packet drops caused by saturation of the links. The
hosts and storage are primarily plugged into the 2ks, and we are
seeing the issue across multiple ones. It does span multiple LUNs,
and I believe they're
No, but that's exactly the tool I would have suggested looking at to start
with.
-Blake
On Mon, Feb 3, 2014 at 11:57 AM, Mike Hale eyeronic.des...@gmail.comwrote:
Nick: We are not using Jumbo Frames or QoS yet, but we haven't seen
any indication of packet drops caused by saturation of the
On Feb 2, 2014, at 9:35 PM, Jeff Kell jeff-k...@utc.edu wrote:
Still somewhat of a mystery, as there is no proper twinax standard
like there is with 10G-SR, LR, LRM, ER, etc.
Just picking one at random from google..
Hi list,
FYI, Support Case Manager now shows this message:
UPDATE:Sharing Files with TAC via FTP
Please be aware that using Support Case Manager's 'Attach Files' feature is
the
preferred method to share files with TAC by uploading files directly to your
support case. However, if you use
You can also e-mail stuff to att...@cisco.com as long as the case (C3) number
is in the subject line.
- Jared
On Feb 3, 2014, at 10:30 AM, David White, Jr. (dwhitejr) dwhit...@cisco.com
wrote:
Hi Chris / All,
Thanks for alerting us to this problem. The Support Case Manager team
put a
Hi
I have project where network looks like this:
IPTV source
|
7600_1
| |
| |
7600_2|
| |
| |
7600_3-
|
IPTV distribution switches (~20 VLANs)
I'm currently using PIM static
Hi Rob,
Did you mean to say you have IGMP static-groups on the 7600_3 to attract
multicast traffic toward your distribution switches?
If you meant 7600_1 then I'm not sure what your topology is but the
redundancy issue made me think of a similar issue I faced in the past.
Are you using any
Hi,
For IPv4 we ended up manipulating the next hops on the outbound policy
from the RRs (in XR). There is one magic switch under the bgp config
that you have to enable for the outbound manipulations to work:
bgp
ibgp policy out enforce-modifications
kind regards
Pshem
On 4 February 2014
On 4 Feb 2014, at 10:30 am, Benny Amorsen benny+use...@amorsen.dk wrote:
Does that actually work over WAN links that are not just plain optical
paths? I have been wondering if you can get MacSec to work over EoMPLS.
It ‘just worked’ in the lab over EoMPLS, but I haven’t experienced it in
Ian Henderson i...@ianh.net.au writes:
What about MacSec? Works between 3560X/4500/4500X/Sup2T/etc for wire rate L2
encryption.
http://www.cisco.com/en/US/docs/switches/lan/catalyst4500/15.1/XE_330SG/configuration/guide/swmacsec.html#wp1334072
says:
Does that actually work over WAN links
Hi everyone,
Quick question(s) on the above switches.
Is the 4500X just an improved version of the 4900M, or does the 4900M have
other metro-e features over the 4500X?
For mpls support, the only option would be the ME3600? (i.e. If wanting to do
L3VPN's+VPLS at the access)
Cheers.
On Monday, February 3, 2014, Jared Mauch ja...@puck.nether.net wrote:
On Feb 2, 2014, at 9:35 PM, Jeff Kell jeff-k...@utc.edu javascript:;
wrote:
Still somewhat of a mystery, as there is no proper twinax standard
like there is with 10G-SR, LR, LRM, ER, etc.
Just picking one at random
I've been working with MACsec over the last two weeks as a cheaper way to
get some encryption in place over some lit paths. In our case I also manage
the transport gear.
I had to change a frame disposition setting on our transport gear because,
by default, the Ethertype for the initial EAPOL
34 matches
Mail list logo
