Re: [c-nsp] Issue with port-channel hashing

2016-07-22 Thread Mack McBride 
With some traffic patterns there isn't much you can do.
If there are very few source and destination addresses then you may not be able 
to
Distribute the traffic.  Especially for long lived flows.

Try 'port-channel load-balance src-dst-mixed-ip-port' if you are on code that 
supports it.
Also ensure you have 'port-channel load-balance per-module'.
You already found the adaptive knob.
Adaptive is more difficult to troubleshoot when there are issues.

You may also want to set 'mls ip cef load-sharing full'.

Mack McBride | Senior Network Architect | ViaWest, Inc.
O: 720.891.2502 | C: 303.720.2711 | mack.mcbr...@viawest.com | www.viawest.com


-Original Message-
From: cisco-nsp [mailto:cisco-nsp-boun...@puck.nether.net] On Behalf Of james 
list
Sent: Friday, July 22, 2016 1:45 AM
To: cisco-nsp@puck.nether.net
Subject: [c-nsp] Issue with port-channel hashing

Dear experts,

I need help.


On my C6500 sup720 (12.2(33)SXI5) I’ve a port channel 4 x 1Gbs with 1 Gbs full 
and hashing fixed.

On the port-channel I’m trunking with few L2 vlans and on top of one of those 
I’ve L3 (with OSPF).


Since hashing is fixed all the traffic that 6500 Asic has decided to send on 
that link is experiencing problems.


My questions:


1)  Which is the faster and safer way to detect the “guilty” (src/des
tip) ? I see accounting seems not working

2)  What if I would change hashing from fixed to adaptive ? any detail
on that ? I'm not able to find how it works in detail on cisco.com


An help is appreciated,


Cheers

James
___
cisco-nsp mailing list  cisco-nsp@puck.nether.net 
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/
This message contains information that may be confidential, privileged or 
otherwise protected by law from disclosure. It is intended for the exclusive 
use of the addressee(s). Unless you are the addressee or authorized agent of 
the addressee, you may not review, copy, distribute or disclose to anyone the 
message or any information contained within. If you have received this message 
in error, please contact the sender by electronic reply and immediately delete 
all copies of the message.
___
cisco-nsp mailing list  cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/

Re: [c-nsp] Router ASR1k ACL count question

2016-07-22 Thread Mack McBride 
On the older 3550 and 3560 there were no hardware counters for ACLs.
I am assuming that is true with the 3850 as well.
On the ASR1006, you have a massively parallel software processor that handles 
all forwarding (the Cisco FP).
So technically it is software but it acts more like reprogrammable hardware.
Each FP has a large number of multi threaded cores.
The ESP 200 has around 248 cores, which can each handle multiple (four each) 
threads.
This means that you effectively handle 992 threads simultaneously.
That translates to 5+ CPU cycles per bit at 64 byte packets.
Meaning even with minimum sized packets the processors get about 2500 cycles 
for each packet.


Mack McBride | Senior Network Architect | ViaWest, Inc.
O: 720.891.2502 | C: 303.720.2711 | mack.mcbr...@viawest.com | www.viawest.com


-Original Message-
From: cisco-nsp [mailto:cisco-nsp-boun...@puck.nether.net] On Behalf Of Satish 
Patel
Sent: Thursday, July 21, 2016 8:37 AM
To: Cisco Network Service Providers
Subject: Re: [c-nsp] Router ASR1k ACL count question

Any input?

On Wed, Jul 20, 2016 at 11:52 AM, Satish Patel  wrote:
> I have C3850 (L3) switch and Cisco ASR1006 Router, I am running ACL on
> both device but if i rung "show ip access-lists" on both then i can
> see c3850 hit counter not increasing but on ASR1006 router it is
> increasing.
>
> What does that mean? I heard from people C3850 using hardware ACL
> because of that its counter doesn't increase. Does that means ASR1006
> using software ACL because its counter increasing every single hit.
___
cisco-nsp mailing list  cisco-nsp@puck.nether.net 
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/
This message contains information that may be confidential, privileged or 
otherwise protected by law from disclosure. It is intended for the exclusive 
use of the addressee(s). Unless you are the addressee or authorized agent of 
the addressee, you may not review, copy, distribute or disclose to anyone the 
message or any information contained within. If you have received this message 
in error, please contact the sender by electronic reply and immediately delete 
all copies of the message.
___
cisco-nsp mailing list  cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/

Re: [c-nsp] Virtual CPE / NFV

2016-07-22 Thread Nick Cutting 
Well the CSRv has probably most of the features you need - but folks here only 
use it as a Route Reflector.
I don't know of anyone using it for data - so have no idea of performance.  
I use them mostly in labs - then buy physical ISR/ASR to match my lab design in 
production.

-Original Message-
From: cisco-nsp [mailto:cisco-nsp-boun...@puck.nether.net] On Behalf Of 
CiscoNSP List
Sent: Thursday, July 21, 2016 7:42 PM
To: cisco-nsp@puck.nether.net
Subject: [c-nsp] Virtual CPE / NFV

Hi Everyone - Slightly off topic, but am hoping some of the brains trust on the 
list can provide some feedback/experience in the vCPE/NFV area.

We predominantly provide L3VPNs to customers, supply the CE (TYpically over 
spec'd to allow for future growth), and as this model "works", it is quite 
resource intensive (Provisioning CE, deploying), and makes the value add 
proposition a little more challenging (i.e. providing cloud-based services, 
firewall, IPS etc)vCPE (theoretically, anyway!), looks like a much "better" 
model...i.e. CE lives on our "core" infrastructure, allowing for more 
dynamic(Simple/Fast/flexible), deployment of value add services(i.e. Its done 
all on the Core), and it also provides better scale to customer tails (L2 to 
customer(Instead of L3, scale/bandwidth growth is "easier"?))

Ive spent a little time reading up on Cisco's offerrings in this area, and who 
in the market place is using this type of model (successfully), but would 
appreciate any feedback from anyone who is currently using this type of a 
model, or is considering moving in this direction...and also any feedback from 
anyone who thinks its not a mature enough model (yet) to be considering...It 
seems a logical path forward from our current way of doing things, but devils 
always in the detail, and I imagine there are a number of 
complexities/challenges to overcome to deploy successfully.

Thanks in advance for all replies :)


___
cisco-nsp mailing list  cisco-nsp@puck.nether.net 
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/

___
cisco-nsp mailing list  cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/

Re: [c-nsp] Issue with port-channel hashing

2016-07-22 Thread james list 
That is not unfortunately so adaptive to understand that a link is full and
change for other sessions... :-(

2016-07-22 13:18 GMT+02:00 James Ventre :

>
> On Fri, Jul 22, 2016 at 3:45 AM, james list  wrote:
>
>> 2)  What if I would change hashing from fixed to adaptive ? any detail
>> on that ? I'm not able to find how it works in detail on cisco.com
>>
>>
> Whenever a port is added or removed from a fixed bundle, there's a brief
> moment of packet loss because the hash result buckets are being
> (re)assigned to the member ASICs.  Adaptive bundles don't disrupt
> existing/working members.
>
>
___
cisco-nsp mailing list  cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/

Re: [c-nsp] Issue with port-channel hashing

2016-07-22 Thread James Ventre via cisco-nsp 
--- Begin Message ---
On Fri, Jul 22, 2016 at 3:45 AM, james list  wrote:

> 2)  What if I would change hashing from fixed to adaptive ? any detail
> on that ? I'm not able to find how it works in detail on cisco.com
>
>
Whenever a port is added or removed from a fixed bundle, there's a brief
moment of packet loss because the hash result buckets are being
(re)assigned to the member ASICs.  Adaptive bundles don't disrupt
existing/working members.
--- End Message ---
___
cisco-nsp mailing list  cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/

[c-nsp] Issue with port-channel hashing

2016-07-22 Thread james list 
Dear experts,

I need help.


On my C6500 sup720 (12.2(33)SXI5) I’ve a port channel 4 x 1Gbs with 1 Gbs
full and hashing fixed.

On the port-channel I’m trunking with few L2 vlans and on top of one of
those I’ve L3 (with OSPF).


Since hashing is fixed all the traffic that 6500 Asic has decided to send
on that link is experiencing problems.


My questions:


1)  Which is the faster and safer way to detect the “guilty” (src/des
tip) ? I see accounting seems not working

2)  What if I would change hashing from fixed to adaptive ? any detail
on that ? I'm not able to find how it works in detail on cisco.com


An help is appreciated,


Cheers

James
___
cisco-nsp mailing list  cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/