Re: [c-nsp] Setting relay agent IP on 4500

[Jason Lixfeld]

Nope.  That's how it's configured already.  No Dice.

Sent from my iPhone

> On Jul 28, 2017, at 9:34 PM, Nathan Lannine  wrote:
> 
> 
> 
> On Jul 28, 2017 5:12 PM, "Jason Lixfeld"  wrote:
> Hi all,
> 
> I’ve got a 4500 Sup7L-E running 15.2(2) acting as a DHCP relay with clients 
> directly connected to it.  The client interfaces on this relay are in VRFs, 
> and the helper is in the global table.
> 
> The issue is the 4500 stamps the relay agent IP in the DISCOVER as being the 
> incoming interface IP where the DISCOVER was received, which is in a VRF.  As 
> such, the DHCP server tries to send the OFFER to that IP, but it’s not 
> reachable due to it being in a VRF, and is subsequently dropped upstream.
> 
> Does the "global" argument not accomplish this?
> 
> I.e. "ip helper-address global "
> 
> That's how I read this:
> http://www.cisco.com/c/en/us/td/docs/ios-xml/ios/ipapp/command/iap-cr-book/iap-i1.html#wp1413119578
> 
> Of course the above is more clear in it's description of using the "vrf" 
> argument.
> 
> - Nathan
___
cisco-nsp mailing list  cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/

Re: [c-nsp] Setting relay agent IP on 4500

[Nathan Lannine]

On Jul 28, 2017 5:12 PM, "Jason Lixfeld"  wrote:

Hi all,

I’ve got a 4500 Sup7L-E running 15.2(2) acting as a DHCP relay with clients
directly connected to it.  The client interfaces on this relay are in VRFs,
and the helper is in the global table.

The issue is the 4500 stamps the relay agent IP in the DISCOVER as being
the incoming interface IP where the DISCOVER was received, which is in a
VRF.  As such, the DHCP server tries to send the OFFER to that IP, but it’s
not reachable due to it being in a VRF, and is subsequently dropped
upstream.


Does the "global" argument not accomplish this?

I.e. "ip helper-address global "

That's how I read this:
http://www.cisco.com/c/en/us/td/docs/ios-xml/ios/ipapp/command/iap-cr-book/iap-i1.html#wp1413119578

Of course the above is more clear in it's description of using the "vrf"
argument.

- Nathan
___
cisco-nsp mailing list  cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/

[c-nsp] Setting relay agent IP on 4500

[Jason Lixfeld]

Hi all,

I’ve got a 4500 Sup7L-E running 15.2(2) acting as a DHCP relay with clients 
directly connected to it.  The client interfaces on this relay are in VRFs, and 
the helper is in the global table.

The issue is the 4500 stamps the relay agent IP in the DISCOVER as being the 
incoming interface IP where the DISCOVER was received, which is in a VRF.  As 
such, the DHCP server tries to send the OFFER to that IP, but it’s not 
reachable due to it being in a VRF, and is subsequently dropped upstream.

On ME3600s for example, ip dhcp-relay information option server-override 
resolves this, but I can’t seem to find this command on the 4500 leading me to 
believe that the same command isn’t supported.  I’m hoping there’s something 
similar that I just haven’t been able to find, but the command reference guides 
are pretty useless and I’ve come up empty so far.

Thanks!
___
cisco-nsp mailing list  cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/

Re: [c-nsp] Nexus 7707 as Internet Edge Router?

[Nick Cutting]

Coming from the MSP (managed service provider)  world where I am - EIGRP is 
great - I can summarize anywhere - and our cheap clients will only ever buy IP 
base licensed 3xxx switches.  

Even though they are on the 42nd floor of a 10 million dollar office with a 
giant  leather rhinoceros...

 So my choices are, if I want to summarize, multi area OSPF limited to 200 
routes or EIGRP which is simple and clean.



-Original Message-
From: cisco-nsp [mailto:cisco-nsp-boun...@puck.nether.net] On Behalf Of Nick 
Hilliard
Sent: Friday, July 28, 2017 5:39 AM
To: Gert Doering 
Cc: cisco-nsp@puck.nether.net
Subject: Re: [c-nsp] Nexus 7707 as Internet Edge Router?

Gert Doering wrote:
> And then, what features it gets - the first list on cisco.com was 
> amazingly thin on details, but one of the interesting bits was "no 
> support for EIGRP", which I find highly astonishing - you have a 
> vendor that has a nice customer-lock-in feature, purely control-plane 
> (so, no need to do hardware-specific coding), and they... forget to enable it?

But no-one in the SP world uses EIGRP anyway so this is a moot point, right?

Right??

Nick

___
cisco-nsp mailing list  cisco-nsp@puck.nether.net 
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/

___
cisco-nsp mailing list  cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/

Re: [c-nsp] OT Solarwinds Alternatives

[Nathan Lannine]

> - AKIPS - Sooo expensive

AKIPS gives deep discounts for the public sector.  Although the
product has a few more features than our primary use cases, we use it
for fault monitoring/alerting (ping up/down, SNMP status change,
trap+syslog pattern matching), metric tracking, and CAM/ARP history
and tracking.  It works great for us, is super easy to get running,
and has really responsive support.  ATM, I actually can't imagine
using anything else for the same functions.

Now I'm in a similar boat of having to decide on change
management/config backup.

- Nathan
___
cisco-nsp mailing list  cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/

Re: [c-nsp] OT Solarwinds Alternatives

[William]

+1 for check_mk here, we use it for distributed monitoring of pretty much
everything.

On 27 July 2017 at 19:56, Nick Griffin  wrote:

> Sorry for the off-topic post. I'm looking for input on network management
> solutions other than solarwinds, unbiased opinions. We will need all things
> network related, monitoring, alerts, reporting, configuration management,
> and other tools that might be handy for a NOC. If this takes multiple tools
> then that is fine. Just looking for some ideas from the guys in the
> trenches. Thanks!
> ___
> cisco-nsp mailing list  cisco-nsp@puck.nether.net
> https://puck.nether.net/mailman/listinfo/cisco-nsp
> archive at http://puck.nether.net/pipermail/cisco-nsp/
>
___
cisco-nsp mailing list  cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/

Re: [c-nsp] Nexus 7707 as Internet Edge Router?

[Brian Turnbow]

Hi,



> 
> "Anything detailed" you have on the NCS5* would be welcome - the
material
> on www.cisco.com is a bit sparse.
> 

Check out the cisco live session for some good info.
https://www.ciscolive.com/online/connect/sessionDetail.ww?SESSION_ID=94040
=popup


> Since we're considering to either go for QFX5100 or NCS5* for bandwidth
> expansion in our "core" (= no customer connections, no external
> connections, all 10G links, not much demand for QoS due to DWDM underlay
> where we can just add more bandwidth if needed), understanding how Cisco
> positions the
> NCS5001 series and whether this is a one-off thing that will be
end-of-life
> next year ("remember the ME3600?") or something which is going to
receive
> proper love and caring is one of the most important questions here...
> 

>From what we've been told it will continue to evolve and receive new
features 
There is also going to be a smaller chassis based system coming out soon.

> And then, what features it gets - the first list on cisco.com was
amazingly thin
> on details, but one of the interesting bits was "no support for EIGRP",
which I
> find highly astonishing - you have a vendor that has a nice
customer-lock-in
> feature, purely control-plane (so, no need to do hardware-specific
coding),
> and they... forget to enable it?

It is available  but needs to installed as an add on package..
http://www.cisco.com/c/en/us/td/docs/iosxr/ncs5500/system-setup/60x/b-ncs5
500-system-setup-guide-60x/b-system-setup-ncs5k_chapter_0110.html

Best Regards

Brian
___
cisco-nsp mailing list  cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/

Re: [c-nsp] OT Solarwinds Alternatives

[Rikard Stemland Skjelsvik]

netbox from digital ocean https://github.com/digitalocean/netbox as a 
source of truth


rancid for backup

and then NAV (Network Administration Visualized)  https://nav.uninett.no/

NAV is is a very old project from 1999. It is in its 4. generation, so it 
is mature and stable. It has the backing of Norwegian universities, so 
there is sponsorship. It is postcardware. Check it out!





--
Rikard

On Thu, 27 Jul 2017, Catalin Dominte wrote:


Been looking into that for quite a while now.

You don't have a lot of options:

- Observium - Fires a lot of SNMP stuff to the devices, but looks pretty,
not distributed.
- Icinga - Hard to get up and running and needs lots of work to operate. (I
found that). Hard to find clear docs on multi tenancy. Liked it though.
- LibreNMS - Fork of Observium
- PRTG - Commercial. Easy to use. Runs on Windows. Multitenant, Netflow,
etc. No Config manager or IPAM though.
- OpenNMS - I looked at it as well, but I need multi tenancy and it does
not have that.
- Nagios - Can go for the paid version of it, and get some pretty-ish
interfaces, netflow and multi tenancy.
- OP5, OPS View, Zabbix, etc. Might as well go Nagios.
- Amon. New one out here. Looks quite good and since it was open sourced
could be useful. No network monitoring capabilities though.
- Ninja - too commercial for my liking
- Netcrunch - Looks like windows, but it does not do multi tenant and no
distributed monitoring either.
- Manage engine - Too clunky and too many things on the same page, very
crowded
- Auvik, Datadog and the likes... erm pass. Tooo pricy
- Iris Networks (South African company) - looks rather nice. Testing it at
the moment. Runs on FreeBSD, so that sounds even better.
- Mindarray - Not there yet. Nice interface (bootstrap) but not very
intuitive at all. Lots of buttons to click and lots of stuff to look at.
Sort of like manage engine.
- AKIPS - Sooo expensive
- Thousand Eyes - Good marketing. I give them that. If you run a business
though price will kill you quite fast.

I am actually using this now - Stablenet from Infosim. Very complex, but
easy to use as well. Lot of scripting, automation, config management, asset
management, asset management, EoL, SNMP, alerting, distributed agents, runs
on linux.

I am tempted to get something together in the form of:

NMS (Open source) + ELK + Netbox in an appliance to get everything sorted
for what I need.

Have I missed anything?

*Catalin Dominte | Senior Network Consultant*

Nocsult Ltd  | 11 Castle Hill  |  Maidenhead  |  Berkshire  |  SL6 4AA  |
Phone:  +44 (0)1628 302 007

VAT registration number: GB 180957674  |  Company registration number:
08886349
P Please consider the environment - Do you really need to print this email?

THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY
MATERIAL and is thus for use only by the intended recipient. If you
received this in error, please contact the sender and delete the email and
its attachments from all computers.

On 27 July 2017 at 20:08:58, Scott Granados (sc...@granados-llc.net) wrote:

Hi Nick,

In my opinion anything is better than Solar Winds but that’s me. I don’t
understand how any serious network monitoring company only offers their
products for the windows environment and has no Unix variants. That’s just
goofy to me but that aside here are some alternatives I have had good
success with.

Open NMs http://www.opennms.org is a comprehensive open source network
management toolkit.
Open groundwork http://www.opengroundwork.com Can be pricing depending on
licensing but easy to set up and pretty feature packed, based on NAGIOS if
memory serves.
NagIOS, the gold standard, Nagios is a good framework with lots of plug in
functionality and ability to customize / expand. It’s a very complex but
powerful tool. In many environment it requires a full-time admin but it
doesn’t have to.
If you’re looking for netflow capture and analysis I’m a pretty big fan of
nfdump and nfcapd. Easy to get up and running and can generate powerful
reports, also includes plugin add ons like mapping functions and anomaly
detection.
Cacti, good prober for port stats and has the ability to take rapid probes
in for looking at bursty traffic.
RANCID, great network archiving tool for version control and archival of
network device configs. Written in expect / TCL so can be modified to suit
your needs.

THere’s a few for starters.

Thanks


On Jul 27, 2017, at 2:56 PM, Nick Griffin > wrote:

Sorry for the off-topic post. I'm looking for input on network management
solutions other than solarwinds, unbiased opinions. We will need all things
network related, monitoring, alerts, reporting, configuration management,
and other tools that might be handy for a NOC. If this takes multiple tools
then that is fine. Just looking for some ideas from the guys in the
trenches. Thanks!
___
cisco-nsp mailing list 

Re: [c-nsp] Nexus 7707 as Internet Edge Router?

[Gert Doering]

Hi,

On Fri, Jul 28, 2017 at 10:39:02AM +0100, Nick Hilliard wrote:
> Gert Doering wrote:
> > And then, what features it gets - the first list on cisco.com was 
> > amazingly thin on details, but one of the interesting bits was "no 
> > support for EIGRP", which I find highly astonishing - you have a vendor
> > that has a nice customer-lock-in feature, purely control-plane (so, 
> > no need to do hardware-specific coding), and they... forget to enable it?
> 
> But no-one in the SP world uses EIGRP anyway so this is a moot point, right?
> 
> Right??

That's one of the problems with Cisco as of the last few years, that they
do not understand that there is no hard distinction between "Enterprise",
"SP" and "Datacenter" anymore.

So having dedicated product lines that always miss something crucial because
"no, that feature is only for the other market" really stinks.

(Now, why wouldn't an enterprise customer use an NCS5001?  "Can we please
give Cisco the money, instead of buying a QFX5100 for 20% less money, 
and then having to change our IGP"?)

gert

-- 
USENET is *not* the non-clickable part of WWW!
   //www.muc.de/~gert/
Gert Doering - Munich, Germany g...@greenie.muc.de
fax: +49-89-35655025g...@net.informatik.tu-muenchen.de


signature.asc
Description: PGP signature
___
cisco-nsp mailing list  cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/

Re: [c-nsp] Nexus 7707 as Internet Edge Router?

[Nick Hilliard]

Gert Doering wrote:
> And then, what features it gets - the first list on cisco.com was 
> amazingly thin on details, but one of the interesting bits was "no 
> support for EIGRP", which I find highly astonishing - you have a vendor
> that has a nice customer-lock-in feature, purely control-plane (so, 
> no need to do hardware-specific coding), and they... forget to enable it?

But no-one in the SP world uses EIGRP anyway so this is a moot point, right?

Right??

Nick

___
cisco-nsp mailing list  cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/

Re: [c-nsp] OT Solarwinds Alternatives

[Mark Tinka]

On 27/Jul/17 20:56, Nick Griffin wrote:
> Sorry for the off-topic post. I'm looking for input on network management
> solutions other than solarwinds, unbiased opinions. We will need all things
> network related, monitoring, alerts, reporting, configuration management,
> and other tools that might be handy for a NOC. If this takes multiple tools
> then that is fine. Just looking for some ideas from the guys in the
> trenches. Thanks!

Look at Iris:

    https://www.irisns.com/

Mark.
___
cisco-nsp mailing list  cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/

Re: [c-nsp] OT Solarwinds Alternatives

[Andrew Thrift]

We undertook a year long evaluation of NMS's and are now moving to
NetXMS from PRTG, we found like Jerry that PRTG was more suited to
enterprise than to SP's.

Why we chose NetXMS:
- Desktop client that runs on Linux, Windows, OSX
- Desktop client and Web UI have the same layout
- Uses standard SQL databases, e.g. PostgreSQL, MySQL
- High performance polling engine
- Agent/Proxy/Server model
- Has the ability to set up teamplates, and then when devices are
added NetXMS only polls the OID's in the template, rather than walking
the entire tree on the device.
- Has the ability to disable polling the routing table on a per device basis

The other thing we liked is that even though it is opensource you can
get paid support.

The learning curve is steep, but it is worth it to have a clean NMS
that performs well.

Check out www.netxms.org or Tomas's excellent tutorials at
https://www.youtube.com/watch?v=6-u-UDM7vBU=PLt3aE2eGS5P9L72H82S83MrKx2uz5x8gv



Regards,



Andrew


On Fri, Jul 28, 2017 at 7:45 AM, Jerry Bacon  wrote:
> Definitely agree that Solarwinds and, to a lesser extent, PRTG are much more
> oriented to the enterprise than service providers.
>
> --
>
> Jerry Bacon
> Senior Network Engineer
> StarTouch, Inc.
> http://www.startouch.com
> 360-543-5679 ext. 111
> Microwave - Fiber Optics - Internet Services
>
> On 7/27/2017 12:23 PM, Paul Stewart wrote:
>>
>> We run a bunch of different systems today including Solarwinds.  For many
>> years I have dealt with Solarwinds in various companies and found their
>> system to be “not bad” but when it comes to features, especially for service
>> providers, they are less than responsive.  They are driven purely by numbers
>> - and those numbers come from Enterprise customers and not service providers
>> unfortunately in their case.
>
>
> ___
> cisco-nsp mailing list  cisco-nsp@puck.nether.net
> https://puck.nether.net/mailman/listinfo/cisco-nsp
> archive at http://puck.nether.net/pipermail/cisco-nsp/
___
cisco-nsp mailing list  cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/

Re: [c-nsp] Nexus 7707 as Internet Edge Router?

[Gert Doering]

Hi,

On Thu, Jul 27, 2017 at 09:27:36PM -0400, Phil Bedard wrote:
> Do you require something with redundant RPs?  The fixed NCS5001/NCS5501 would 
> probably fit what you need well if you don???t.  The chassis based NCS 
> systems are a bit overkill for your needs.  The NCS5XXX were mainly pitched 
> to larger providers originally with their own account teams so I don???t 
> think much info on them has trickled down to VARs yet.  If you have any 
> questions let me know.  

"Anything detailed" you have on the NCS5* would be welcome - the material
on www.cisco.com is a bit sparse.

Since we're considering to either go for QFX5100 or NCS5* for bandwidth
expansion in our "core" (= no customer connections, no external connections,
all 10G links, not much demand for QoS due to DWDM underlay where we can
just add more bandwidth if needed), understanding how Cisco positions the
NCS5001 series and whether this is a one-off thing that will be end-of-life
next year ("remember the ME3600?") or something which is going to receive
proper love and caring is one of the most important questions here...

And then, what features it gets - the first list on cisco.com was 
amazingly thin on details, but one of the interesting bits was "no 
support for EIGRP", which I find highly astonishing - you have a vendor
that has a nice customer-lock-in feature, purely control-plane (so, 
no need to do hardware-specific coding), and they... forget to enable it?

gert
-- 
USENET is *not* the non-clickable part of WWW!
   //www.muc.de/~gert/
Gert Doering - Munich, Germany g...@greenie.muc.de
fax: +49-89-35655025g...@net.informatik.tu-muenchen.de


signature.asc
Description: PGP signature
___
cisco-nsp mailing list  cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/