Re: [c-nsp] Setting relay agent IP on 4500
Nope. That's how it's configured already. No Dice. Sent from my iPhone > On Jul 28, 2017, at 9:34 PM, Nathan Lanninewrote: > > > > On Jul 28, 2017 5:12 PM, "Jason Lixfeld" wrote: > Hi all, > > I’ve got a 4500 Sup7L-E running 15.2(2) acting as a DHCP relay with clients > directly connected to it. The client interfaces on this relay are in VRFs, > and the helper is in the global table. > > The issue is the 4500 stamps the relay agent IP in the DISCOVER as being the > incoming interface IP where the DISCOVER was received, which is in a VRF. As > such, the DHCP server tries to send the OFFER to that IP, but it’s not > reachable due to it being in a VRF, and is subsequently dropped upstream. > > Does the "global" argument not accomplish this? > > I.e. "ip helper-address global " > > That's how I read this: > http://www.cisco.com/c/en/us/td/docs/ios-xml/ios/ipapp/command/iap-cr-book/iap-i1.html#wp1413119578 > > Of course the above is more clear in it's description of using the "vrf" > argument. > > - Nathan ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] Setting relay agent IP on 4500
On Jul 28, 2017 5:12 PM, "Jason Lixfeld"wrote: Hi all, I’ve got a 4500 Sup7L-E running 15.2(2) acting as a DHCP relay with clients directly connected to it. The client interfaces on this relay are in VRFs, and the helper is in the global table. The issue is the 4500 stamps the relay agent IP in the DISCOVER as being the incoming interface IP where the DISCOVER was received, which is in a VRF. As such, the DHCP server tries to send the OFFER to that IP, but it’s not reachable due to it being in a VRF, and is subsequently dropped upstream. Does the "global" argument not accomplish this? I.e. "ip helper-address global " That's how I read this: http://www.cisco.com/c/en/us/td/docs/ios-xml/ios/ipapp/command/iap-cr-book/iap-i1.html#wp1413119578 Of course the above is more clear in it's description of using the "vrf" argument. - Nathan ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
[c-nsp] Setting relay agent IP on 4500
Hi all, I’ve got a 4500 Sup7L-E running 15.2(2) acting as a DHCP relay with clients directly connected to it. The client interfaces on this relay are in VRFs, and the helper is in the global table. The issue is the 4500 stamps the relay agent IP in the DISCOVER as being the incoming interface IP where the DISCOVER was received, which is in a VRF. As such, the DHCP server tries to send the OFFER to that IP, but it’s not reachable due to it being in a VRF, and is subsequently dropped upstream. On ME3600s for example, ip dhcp-relay information option server-override resolves this, but I can’t seem to find this command on the 4500 leading me to believe that the same command isn’t supported. I’m hoping there’s something similar that I just haven’t been able to find, but the command reference guides are pretty useless and I’ve come up empty so far. Thanks! ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] Nexus 7707 as Internet Edge Router?
Coming from the MSP (managed service provider) world where I am - EIGRP is great - I can summarize anywhere - and our cheap clients will only ever buy IP base licensed 3xxx switches. Even though they are on the 42nd floor of a 10 million dollar office with a giant leather rhinoceros... So my choices are, if I want to summarize, multi area OSPF limited to 200 routes or EIGRP which is simple and clean. -Original Message- From: cisco-nsp [mailto:cisco-nsp-boun...@puck.nether.net] On Behalf Of Nick Hilliard Sent: Friday, July 28, 2017 5:39 AM To: Gert DoeringCc: cisco-nsp@puck.nether.net Subject: Re: [c-nsp] Nexus 7707 as Internet Edge Router? Gert Doering wrote: > And then, what features it gets - the first list on cisco.com was > amazingly thin on details, but one of the interesting bits was "no > support for EIGRP", which I find highly astonishing - you have a > vendor that has a nice customer-lock-in feature, purely control-plane > (so, no need to do hardware-specific coding), and they... forget to enable it? But no-one in the SP world uses EIGRP anyway so this is a moot point, right? Right?? Nick ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/ ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] OT Solarwinds Alternatives
> - AKIPS - Sooo expensive AKIPS gives deep discounts for the public sector. Although the product has a few more features than our primary use cases, we use it for fault monitoring/alerting (ping up/down, SNMP status change, trap+syslog pattern matching), metric tracking, and CAM/ARP history and tracking. It works great for us, is super easy to get running, and has really responsive support. ATM, I actually can't imagine using anything else for the same functions. Now I'm in a similar boat of having to decide on change management/config backup. - Nathan ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] OT Solarwinds Alternatives
+1 for check_mk here, we use it for distributed monitoring of pretty much everything. On 27 July 2017 at 19:56, Nick Griffinwrote: > Sorry for the off-topic post. I'm looking for input on network management > solutions other than solarwinds, unbiased opinions. We will need all things > network related, monitoring, alerts, reporting, configuration management, > and other tools that might be handy for a NOC. If this takes multiple tools > then that is fine. Just looking for some ideas from the guys in the > trenches. Thanks! > ___ > cisco-nsp mailing list cisco-nsp@puck.nether.net > https://puck.nether.net/mailman/listinfo/cisco-nsp > archive at http://puck.nether.net/pipermail/cisco-nsp/ > ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] Nexus 7707 as Internet Edge Router?
Hi, > > "Anything detailed" you have on the NCS5* would be welcome - the material > on www.cisco.com is a bit sparse. > Check out the cisco live session for some good info. https://www.ciscolive.com/online/connect/sessionDetail.ww?SESSION_ID=94040 =popup > Since we're considering to either go for QFX5100 or NCS5* for bandwidth > expansion in our "core" (= no customer connections, no external > connections, all 10G links, not much demand for QoS due to DWDM underlay > where we can just add more bandwidth if needed), understanding how Cisco > positions the > NCS5001 series and whether this is a one-off thing that will be end-of-life > next year ("remember the ME3600?") or something which is going to receive > proper love and caring is one of the most important questions here... > >From what we've been told it will continue to evolve and receive new features There is also going to be a smaller chassis based system coming out soon. > And then, what features it gets - the first list on cisco.com was amazingly thin > on details, but one of the interesting bits was "no support for EIGRP", which I > find highly astonishing - you have a vendor that has a nice customer-lock-in > feature, purely control-plane (so, no need to do hardware-specific coding), > and they... forget to enable it? It is available but needs to installed as an add on package.. http://www.cisco.com/c/en/us/td/docs/iosxr/ncs5500/system-setup/60x/b-ncs5 500-system-setup-guide-60x/b-system-setup-ncs5k_chapter_0110.html Best Regards Brian ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] OT Solarwinds Alternatives
netbox from digital ocean https://github.com/digitalocean/netbox as a source of truth rancid for backup and then NAV (Network Administration Visualized) https://nav.uninett.no/ NAV is is a very old project from 1999. It is in its 4. generation, so it is mature and stable. It has the backing of Norwegian universities, so there is sponsorship. It is postcardware. Check it out! -- Rikard On Thu, 27 Jul 2017, Catalin Dominte wrote: Been looking into that for quite a while now. You don't have a lot of options: - Observium - Fires a lot of SNMP stuff to the devices, but looks pretty, not distributed. - Icinga - Hard to get up and running and needs lots of work to operate. (I found that). Hard to find clear docs on multi tenancy. Liked it though. - LibreNMS - Fork of Observium - PRTG - Commercial. Easy to use. Runs on Windows. Multitenant, Netflow, etc. No Config manager or IPAM though. - OpenNMS - I looked at it as well, but I need multi tenancy and it does not have that. - Nagios - Can go for the paid version of it, and get some pretty-ish interfaces, netflow and multi tenancy. - OP5, OPS View, Zabbix, etc. Might as well go Nagios. - Amon. New one out here. Looks quite good and since it was open sourced could be useful. No network monitoring capabilities though. - Ninja - too commercial for my liking - Netcrunch - Looks like windows, but it does not do multi tenant and no distributed monitoring either. - Manage engine - Too clunky and too many things on the same page, very crowded - Auvik, Datadog and the likes... erm pass. Tooo pricy - Iris Networks (South African company) - looks rather nice. Testing it at the moment. Runs on FreeBSD, so that sounds even better. - Mindarray - Not there yet. Nice interface (bootstrap) but not very intuitive at all. Lots of buttons to click and lots of stuff to look at. Sort of like manage engine. - AKIPS - Sooo expensive - Thousand Eyes - Good marketing. I give them that. If you run a business though price will kill you quite fast. I am actually using this now - Stablenet from Infosim. Very complex, but easy to use as well. Lot of scripting, automation, config management, asset management, asset management, EoL, SNMP, alerting, distributed agents, runs on linux. I am tempted to get something together in the form of: NMS (Open source) + ELK + Netbox in an appliance to get everything sorted for what I need. Have I missed anything? *Catalin Dominte | Senior Network Consultant* Nocsult Ltd | 11 Castle Hill | Maidenhead | Berkshire | SL6 4AA | Phone: +44 (0)1628 302 007 VAT registration number: GB 180957674 | Company registration number: 08886349 P Please consider the environment - Do you really need to print this email? THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY MATERIAL and is thus for use only by the intended recipient. If you received this in error, please contact the sender and delete the email and its attachments from all computers. On 27 July 2017 at 20:08:58, Scott Granados (sc...@granados-llc.net) wrote: Hi Nick, In my opinion anything is better than Solar Winds but that’s me. I don’t understand how any serious network monitoring company only offers their products for the windows environment and has no Unix variants. That’s just goofy to me but that aside here are some alternatives I have had good success with. Open NMs http://www.opennms.org is a comprehensive open source network management toolkit. Open groundwork http://www.opengroundwork.com Can be pricing depending on licensing but easy to set up and pretty feature packed, based on NAGIOS if memory serves. NagIOS, the gold standard, Nagios is a good framework with lots of plug in functionality and ability to customize / expand. It’s a very complex but powerful tool. In many environment it requires a full-time admin but it doesn’t have to. If you’re looking for netflow capture and analysis I’m a pretty big fan of nfdump and nfcapd. Easy to get up and running and can generate powerful reports, also includes plugin add ons like mapping functions and anomaly detection. Cacti, good prober for port stats and has the ability to take rapid probes in for looking at bursty traffic. RANCID, great network archiving tool for version control and archival of network device configs. Written in expect / TCL so can be modified to suit your needs. THere’s a few for starters. Thanks On Jul 27, 2017, at 2:56 PM, Nick Griffin> wrote: Sorry for the off-topic post. I'm looking for input on network management solutions other than solarwinds, unbiased opinions. We will need all things network related, monitoring, alerts, reporting, configuration management, and other tools that might be handy for a NOC. If this takes multiple tools then that is fine. Just looking for some ideas from the guys in the trenches. Thanks! ___ cisco-nsp mailing list
Re: [c-nsp] Nexus 7707 as Internet Edge Router?
Hi, On Fri, Jul 28, 2017 at 10:39:02AM +0100, Nick Hilliard wrote: > Gert Doering wrote: > > And then, what features it gets - the first list on cisco.com was > > amazingly thin on details, but one of the interesting bits was "no > > support for EIGRP", which I find highly astonishing - you have a vendor > > that has a nice customer-lock-in feature, purely control-plane (so, > > no need to do hardware-specific coding), and they... forget to enable it? > > But no-one in the SP world uses EIGRP anyway so this is a moot point, right? > > Right?? That's one of the problems with Cisco as of the last few years, that they do not understand that there is no hard distinction between "Enterprise", "SP" and "Datacenter" anymore. So having dedicated product lines that always miss something crucial because "no, that feature is only for the other market" really stinks. (Now, why wouldn't an enterprise customer use an NCS5001? "Can we please give Cisco the money, instead of buying a QFX5100 for 20% less money, and then having to change our IGP"?) gert -- USENET is *not* the non-clickable part of WWW! //www.muc.de/~gert/ Gert Doering - Munich, Germany g...@greenie.muc.de fax: +49-89-35655025g...@net.informatik.tu-muenchen.de signature.asc Description: PGP signature ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] Nexus 7707 as Internet Edge Router?
Gert Doering wrote: > And then, what features it gets - the first list on cisco.com was > amazingly thin on details, but one of the interesting bits was "no > support for EIGRP", which I find highly astonishing - you have a vendor > that has a nice customer-lock-in feature, purely control-plane (so, > no need to do hardware-specific coding), and they... forget to enable it? But no-one in the SP world uses EIGRP anyway so this is a moot point, right? Right?? Nick ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] OT Solarwinds Alternatives
On 27/Jul/17 20:56, Nick Griffin wrote: > Sorry for the off-topic post. I'm looking for input on network management > solutions other than solarwinds, unbiased opinions. We will need all things > network related, monitoring, alerts, reporting, configuration management, > and other tools that might be handy for a NOC. If this takes multiple tools > then that is fine. Just looking for some ideas from the guys in the > trenches. Thanks! Look at Iris: https://www.irisns.com/ Mark. ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] OT Solarwinds Alternatives
We undertook a year long evaluation of NMS's and are now moving to NetXMS from PRTG, we found like Jerry that PRTG was more suited to enterprise than to SP's. Why we chose NetXMS: - Desktop client that runs on Linux, Windows, OSX - Desktop client and Web UI have the same layout - Uses standard SQL databases, e.g. PostgreSQL, MySQL - High performance polling engine - Agent/Proxy/Server model - Has the ability to set up teamplates, and then when devices are added NetXMS only polls the OID's in the template, rather than walking the entire tree on the device. - Has the ability to disable polling the routing table on a per device basis The other thing we liked is that even though it is opensource you can get paid support. The learning curve is steep, but it is worth it to have a clean NMS that performs well. Check out www.netxms.org or Tomas's excellent tutorials at https://www.youtube.com/watch?v=6-u-UDM7vBU=PLt3aE2eGS5P9L72H82S83MrKx2uz5x8gv Regards, Andrew On Fri, Jul 28, 2017 at 7:45 AM, Jerry Baconwrote: > Definitely agree that Solarwinds and, to a lesser extent, PRTG are much more > oriented to the enterprise than service providers. > > -- > > Jerry Bacon > Senior Network Engineer > StarTouch, Inc. > http://www.startouch.com > 360-543-5679 ext. 111 > Microwave - Fiber Optics - Internet Services > > On 7/27/2017 12:23 PM, Paul Stewart wrote: >> >> We run a bunch of different systems today including Solarwinds. For many >> years I have dealt with Solarwinds in various companies and found their >> system to be “not bad” but when it comes to features, especially for service >> providers, they are less than responsive. They are driven purely by numbers >> - and those numbers come from Enterprise customers and not service providers >> unfortunately in their case. > > > ___ > cisco-nsp mailing list cisco-nsp@puck.nether.net > https://puck.nether.net/mailman/listinfo/cisco-nsp > archive at http://puck.nether.net/pipermail/cisco-nsp/ ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] Nexus 7707 as Internet Edge Router?
Hi, On Thu, Jul 27, 2017 at 09:27:36PM -0400, Phil Bedard wrote: > Do you require something with redundant RPs? The fixed NCS5001/NCS5501 would > probably fit what you need well if you don???t. The chassis based NCS > systems are a bit overkill for your needs. The NCS5XXX were mainly pitched > to larger providers originally with their own account teams so I don???t > think much info on them has trickled down to VARs yet. If you have any > questions let me know. "Anything detailed" you have on the NCS5* would be welcome - the material on www.cisco.com is a bit sparse. Since we're considering to either go for QFX5100 or NCS5* for bandwidth expansion in our "core" (= no customer connections, no external connections, all 10G links, not much demand for QoS due to DWDM underlay where we can just add more bandwidth if needed), understanding how Cisco positions the NCS5001 series and whether this is a one-off thing that will be end-of-life next year ("remember the ME3600?") or something which is going to receive proper love and caring is one of the most important questions here... And then, what features it gets - the first list on cisco.com was amazingly thin on details, but one of the interesting bits was "no support for EIGRP", which I find highly astonishing - you have a vendor that has a nice customer-lock-in feature, purely control-plane (so, no need to do hardware-specific coding), and they... forget to enable it? gert -- USENET is *not* the non-clickable part of WWW! //www.muc.de/~gert/ Gert Doering - Munich, Germany g...@greenie.muc.de fax: +49-89-35655025g...@net.informatik.tu-muenchen.de signature.asc Description: PGP signature ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/