Re: [c-nsp] ISR4431-AX/K9

2016-07-13 Thread Adam Greene
Thanks, Chuck, for the helpful response. My further research corroborates what you say. Miercom has an interesting study showing enabling QoS on 4431 does not affect total throughput: http://miercom.com/pdf/reports/20150817.pdf. However, enabling FnF & NBAR2 might ... It looks like getting the

Re: [c-nsp] ASR 9000 Upgrade Expectations

2016-07-13 Thread Tom Hill
On 13/07/16 15:13, Jared Mauch wrote: > There were improvements that went in 533+ which should improve your > experience. I haven't checked if 602 hit CCO but you may want to look > at that, or wait for 534. Neither 6.0.2 or 5.3.4 has hit GA yet. 6.0.1 is (oddly) marked as MD rather than ED, too.

Re: [c-nsp] ASR 9000 Upgrade Expectations

2016-07-13 Thread Tom Hill
On 13/07/16 22:52, Mark Tinka wrote: > > On 13/Jul/16 23:46, Curtis Piehler wrote: > >> > So going from 5.1.X to 6.X.X will likely involve fpd upgrades? > I've, pretty much, found an FPD update in every major release. That has been my expectation - usually at least one component has a new FW

Re: [c-nsp] ASR 9000 Upgrade Expectations

2016-07-13 Thread Mark Tinka
On 13/Jul/16 23:46, Curtis Piehler wrote: > So going from 5.1.X to 6.X.X will likely involve fpd upgrades? I've, pretty much, found an FPD update in every major release. Mark. ___ cisco-nsp mailing list cisco-nsp@puck.nether.net

Re: [c-nsp] ASR 9000 Upgrade Expectations

2016-07-13 Thread Curtis Piehler
So going from 5.1.X to 6.X.X will likely involve fpd upgrades? I've been hit by the SNMP OID bug that consumes memory over time but I can hold out by restarting the SNMP process every once in a while. On Jul 13, 2016 4:39 PM, "Gert Doering" wrote: > Hi, > > On Wed, Jul 13,

Re: [c-nsp] 40G options for 6807

2016-07-13 Thread Tom Hill
On 13/07/16 20:24, Peter Kranz wrote: > For instance, the C6800-32P10G is labelled as an 8 Port 40GE/32 Port 10GE > module, but there is no software release yet that supports the 40G > operational mode, nor have I seen the required CVR-4SFP-QSFP adaptor > available. I would expect Nick meant 40G

Re: [c-nsp] ISR4431-AX/K9

2016-07-13 Thread Emille Blanc
I happen to be staring at an ISR4431/K9 with the APPX license (purchased for the L2 features), and it allows nbar configuration for ipv4 and ipv6. I have none without said license pre-loaded, so cannot confirm if it's required or not. It doesn't seem to complain or spam the license EULA if I

Re: [c-nsp] ASR 9000 Upgrade Expectations

2016-07-13 Thread Gert Doering
Hi, On Wed, Jul 13, 2016 at 10:30:11PM +0200, Juergen Marenda wrote: > Because of > https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco- > sa-20160525-ipv6 > asr9k: https://bst.cloudapps.cisco.com/bugsearch/bug/CSCuz66542 > > it should be 5.3.4.1 or for the brave

Re: [c-nsp] ASR 9000 Upgrade Expectations

2016-07-13 Thread Juergen Marenda
Because of https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco- sa-20160525-ipv6 asr9k: https://bst.cloudapps.cisco.com/bugsearch/bug/CSCuz66542 it should be 5.3.4.1 or for the brave 6.1.1.16 but I cannt see it for download (but 5.3.3 two times ! ) ... waiting for a fix

Re: [c-nsp] 40G options for 6807

2016-07-13 Thread Peter Kranz
There is the newish high-density 10-G modules that will support 40G as well http://www.cisco.com/c/en/us/products/collateral/switches/catalyst-6800-seri es-switches/datasheet-c78-733662.html For instance, the C6800-32P10G is labelled as an 8 Port 40GE/32 Port 10GE module, but there is no software

Re: [c-nsp] ISR4431-AX/K9

2016-07-13 Thread Steve Mikulasik
I believe NBAR 2 is in the AVX bundle, but there is normal NBAR support in the other bundles. -Original Message- From: cisco-nsp [mailto:cisco-nsp-boun...@puck.nether.net] On Behalf Of Adam Greene Sent: Tuesday, July 12, 2016 10:50 PM To: cisco-nsp@puck.nether.net Subject: [c-nsp]

Re: [c-nsp] ISR4431-AX/K9

2016-07-13 Thread Chuck Church
Isn't WAAS their WAN acceleration product? I don't think NBAR has any reliance on that. You just use NBAR to identify the traffic, then normal QOS policy to do something with it. I haven't done it on an ASR or ISR 4K, but that's how it's worked on all previous devices. Chuck -Original

[c-nsp] Nexus 56xx switch-profile problem after upgrade

2016-07-13 Thread Christophe Fillot
Hello, We have upgraded a pair of Nexus 5672 from 7.2(1)N1(1) to 7.3(0)N1(1). We now have a switch-profile commit error related to spanning-tree. In the running configuration (sh run) we have: spanning-tree pseudo-information vlan 1-3967, 4048-4093 root priority 0 In the switch-profile

[c-nsp] Cisco Security Advisory: Cisco IOS XR for NCS 6000 Packet Timer Leak Denial of Service Vulnerability

2016-07-13 Thread Cisco Systems Product Security Incident Response Team
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Cisco Security Advisory: Cisco IOS XR for NCS 6000 Packet Timer Leak Denial of Service Vulnerability Advisory ID: cisco-sa-20160713-ncs6k Revision 1.0 For Public Release 2016 July 13 16:00 UTC (GMT

Re: [c-nsp] ASR 9000 Upgrade Expectations

2016-07-13 Thread Mark Tinka
On 13/Jul/16 16:13, Jared Mauch wrote: > We see around 1 hour of traffic loss due to upgrade times before adding in > FPD and others, which can extend to more like 3 hours. Yep, I'd say budget a 3hr window per router for the upgrade. Mark. ___

Re: [c-nsp] ASR 9000 Upgrade Expectations

2016-07-13 Thread Jared Mauch
We see around 1 hour of traffic loss due to upgrade times before adding in FPD and others, which can extend to more like 3 hours. There were improvements that went in 533+ which should improve your experience. I haven't checked if 602 hit CCO but you may want to look at that, or wait for 534.

[c-nsp] ASR 9000 Upgrade Expectations

2016-07-13 Thread Nick Griffin
Hello, looking for some details in regards to an ASR9000 code upgrade. Currently running software version 5.1.1 with the following packages: Committed Packages: disk0:asr9k-mini-px-5.1.1 disk0:asr9k-k9sec-px-5.1.1 disk0:asr9k-mpls-px-5.1.1 disk0:asr9k-mgbl-px-5.1.1 disk0:asr9k-optic-px-5.1.1

Re: [c-nsp] 40G options for 6807

2016-07-13 Thread Pavel Skovajsa
Supposedly there will be new 40G, 10G and 100G modules in the coming months. See Sales Connect. -pavel On Wed, Jul 13, 2016 at 2:29 PM, Nick Cutting wrote: > Any new 40g modules coming out/been released for the 6807? > > Or still just > > WS-X6904-40G-2T > > Where is the

[c-nsp] 40G options for 6807

2016-07-13 Thread Nick Cutting
Any new 40g modules coming out/been released for the 6807? Or still just WS-X6904-40G-2T Where is the love for this golden chassis monster ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp

Re: [c-nsp] err-disable state on a cisco 3750 catalyst

2016-07-13 Thread James Bensley
On 12 July 2016 at 19:41, Olivier CALVANO wrote: > Hi > > i have a big problems with one cisco 3750 : > > > Jul 12 17:30:36.218: %PM-4-ERR_DISABLE: channel-misconfig error detected on > Gi1/0/1, putting Gi1/0/1 in err-disable state > Jul 12 17:30:36.856: %PM-4-ERR_DISABLE: