Re: [c-nsp] Issue with port-channel hashing
With some traffic patterns there isn't much you can do. If there are very few source and destination addresses then you may not be able to Distribute the traffic. Especially for long lived flows. Try 'port-channel load-balance src-dst-mixed-ip-port' if you are on code that supports it. Also ensure you have 'port-channel load-balance per-module'. You already found the adaptive knob. Adaptive is more difficult to troubleshoot when there are issues. You may also want to set 'mls ip cef load-sharing full'. Mack McBride | Senior Network Architect | ViaWest, Inc. O: 720.891.2502 | C: 303.720.2711 | mack.mcbr...@viawest.com | www.viawest.com -Original Message- From: cisco-nsp [mailto:cisco-nsp-boun...@puck.nether.net] On Behalf Of james list Sent: Friday, July 22, 2016 1:45 AM To: cisco-nsp@puck.nether.net Subject: [c-nsp] Issue with port-channel hashing Dear experts, I need help. On my C6500 sup720 (12.2(33)SXI5) I’ve a port channel 4 x 1Gbs with 1 Gbs full and hashing fixed. On the port-channel I’m trunking with few L2 vlans and on top of one of those I’ve L3 (with OSPF). Since hashing is fixed all the traffic that 6500 Asic has decided to send on that link is experiencing problems. My questions: 1) Which is the faster and safer way to detect the “guilty” (src/des tip) ? I see accounting seems not working 2) What if I would change hashing from fixed to adaptive ? any detail on that ? I'm not able to find how it works in detail on cisco.com An help is appreciated, Cheers James ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/ This message contains information that may be confidential, privileged or otherwise protected by law from disclosure. It is intended for the exclusive use of the addressee(s). Unless you are the addressee or authorized agent of the addressee, you may not review, copy, distribute or disclose to anyone the message or any information contained within. If you have received this message in error, please contact the sender by electronic reply and immediately delete all copies of the message. ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] Router ASR1k ACL count question
On the older 3550 and 3560 there were no hardware counters for ACLs. I am assuming that is true with the 3850 as well. On the ASR1006, you have a massively parallel software processor that handles all forwarding (the Cisco FP). So technically it is software but it acts more like reprogrammable hardware. Each FP has a large number of multi threaded cores. The ESP 200 has around 248 cores, which can each handle multiple (four each) threads. This means that you effectively handle 992 threads simultaneously. That translates to 5+ CPU cycles per bit at 64 byte packets. Meaning even with minimum sized packets the processors get about 2500 cycles for each packet. Mack McBride | Senior Network Architect | ViaWest, Inc. O: 720.891.2502 | C: 303.720.2711 | mack.mcbr...@viawest.com | www.viawest.com -Original Message- From: cisco-nsp [mailto:cisco-nsp-boun...@puck.nether.net] On Behalf Of Satish Patel Sent: Thursday, July 21, 2016 8:37 AM To: Cisco Network Service Providers Subject: Re: [c-nsp] Router ASR1k ACL count question Any input? On Wed, Jul 20, 2016 at 11:52 AM, Satish Patelwrote: > I have C3850 (L3) switch and Cisco ASR1006 Router, I am running ACL on > both device but if i rung "show ip access-lists" on both then i can > see c3850 hit counter not increasing but on ASR1006 router it is > increasing. > > What does that mean? I heard from people C3850 using hardware ACL > because of that its counter doesn't increase. Does that means ASR1006 > using software ACL because its counter increasing every single hit. ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/ This message contains information that may be confidential, privileged or otherwise protected by law from disclosure. It is intended for the exclusive use of the addressee(s). Unless you are the addressee or authorized agent of the addressee, you may not review, copy, distribute or disclose to anyone the message or any information contained within. If you have received this message in error, please contact the sender by electronic reply and immediately delete all copies of the message. ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] Virtual CPE / NFV
Well the CSRv has probably most of the features you need - but folks here only use it as a Route Reflector. I don't know of anyone using it for data - so have no idea of performance. I use them mostly in labs - then buy physical ISR/ASR to match my lab design in production. -Original Message- From: cisco-nsp [mailto:cisco-nsp-boun...@puck.nether.net] On Behalf Of CiscoNSP List Sent: Thursday, July 21, 2016 7:42 PM To: cisco-nsp@puck.nether.net Subject: [c-nsp] Virtual CPE / NFV Hi Everyone - Slightly off topic, but am hoping some of the brains trust on the list can provide some feedback/experience in the vCPE/NFV area. We predominantly provide L3VPNs to customers, supply the CE (TYpically over spec'd to allow for future growth), and as this model "works", it is quite resource intensive (Provisioning CE, deploying), and makes the value add proposition a little more challenging (i.e. providing cloud-based services, firewall, IPS etc)vCPE (theoretically, anyway!), looks like a much "better" model...i.e. CE lives on our "core" infrastructure, allowing for more dynamic(Simple/Fast/flexible), deployment of value add services(i.e. Its done all on the Core), and it also provides better scale to customer tails (L2 to customer(Instead of L3, scale/bandwidth growth is "easier"?)) Ive spent a little time reading up on Cisco's offerrings in this area, and who in the market place is using this type of model (successfully), but would appreciate any feedback from anyone who is currently using this type of a model, or is considering moving in this direction...and also any feedback from anyone who thinks its not a mature enough model (yet) to be considering...It seems a logical path forward from our current way of doing things, but devils always in the detail, and I imagine there are a number of complexities/challenges to overcome to deploy successfully. Thanks in advance for all replies :) ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/ ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] Issue with port-channel hashing
That is not unfortunately so adaptive to understand that a link is full and change for other sessions... :-( 2016-07-22 13:18 GMT+02:00 James Ventre: > > On Fri, Jul 22, 2016 at 3:45 AM, james list wrote: > >> 2) What if I would change hashing from fixed to adaptive ? any detail >> on that ? I'm not able to find how it works in detail on cisco.com >> >> > Whenever a port is added or removed from a fixed bundle, there's a brief > moment of packet loss because the hash result buckets are being > (re)assigned to the member ASICs. Adaptive bundles don't disrupt > existing/working members. > > ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] Issue with port-channel hashing
--- Begin Message --- On Fri, Jul 22, 2016 at 3:45 AM, james listwrote: > 2) What if I would change hashing from fixed to adaptive ? any detail > on that ? I'm not able to find how it works in detail on cisco.com > > Whenever a port is added or removed from a fixed bundle, there's a brief moment of packet loss because the hash result buckets are being (re)assigned to the member ASICs. Adaptive bundles don't disrupt existing/working members. --- End Message --- ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
[c-nsp] Issue with port-channel hashing
Dear experts, I need help. On my C6500 sup720 (12.2(33)SXI5) I’ve a port channel 4 x 1Gbs with 1 Gbs full and hashing fixed. On the port-channel I’m trunking with few L2 vlans and on top of one of those I’ve L3 (with OSPF). Since hashing is fixed all the traffic that 6500 Asic has decided to send on that link is experiencing problems. My questions: 1) Which is the faster and safer way to detect the “guilty” (src/des tip) ? I see accounting seems not working 2) What if I would change hashing from fixed to adaptive ? any detail on that ? I'm not able to find how it works in detail on cisco.com An help is appreciated, Cheers James ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/