Re: [c-nsp] ospf database size - affects that underlying transport mtu might have
Aaron Gould wrote: > Anyone ever experienced anything strange with underlying transport network > mtu possibly causing ospf neighbor adjacency to be broken ? yes, it happens and it's ugly. Nick ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] 3850 / 3650 storm control
On 22 November 2017 at 20:56, Charles Sprickmanwrote: > If you did have some multicast traffic, like a basic 720p or 1080p video > stream, what’s a good rule of thumb for that? Assume 5-8 Mb/s. > Just watch a port with an active viewer and go 10-20% above what > you see as a limit for multicast? I probably wouldn't limit it then. Because you're likely running IGMP snooping in L2 then and doing other multicast related due diligence. Or more generally I'd apply same logic then as for unicast. -- ++ytti ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] 3850 / 3650 storm control
--- Begin Message --- Just chiming in with a quick question... > On Nov 22, 2017, at 1:25 PM, Saku Yttiwrote: > > Hey Scott, > > In edge links, you can limit multicast and broadcast very severely. > There is very little point to limit unicast even in edge links, unless > you want to protect firewall from some owned host sending 1.48M SYN > pps. […] > Assuming you don't actually run multicast applications and that you > don't have any esoteric LAN distribution application using broadcast. > I'd limit edge ports 10pps for mcast and bcast each, and drop excess > (not put port down or anything). In core ports I'd limit mcast and > bcast to maybe 2000pps. If you did have some multicast traffic, like a basic 720p or 1080p video stream, what’s a good rule of thumb for that? Assume 5-8 Mb/s. Just watch a port with an active viewer and go 10-20% above what you see as a limit for multicast? Thanks, Charles > > > I find that often when people configure these, they configure the > limit in bps and slightly below line rate, which is non-sensical. > > On 22 November 2017 at 18:13, Scott Voll wrote: >> So I'm green field with 3850 at the distribution layer and 3650 at the >> access layer. >> >> Since I don't have anything to start with, what would be save storm control >> limits to start with on each platform for Broadcast, multicast,and >> Unicast? >> >> Mgig to the edge, 20gig to the distribution, and 160 gig to the core. >> >> TIA >> >> Scott >> ___ >> cisco-nsp mailing list cisco-nsp@puck.nether.net >> https://puck.nether.net/mailman/listinfo/cisco-nsp >> archive at http://puck.nether.net/pipermail/cisco-nsp/ > > > > -- > ++ytti > ___ > cisco-nsp mailing list cisco-nsp@puck.nether.net > https://puck.nether.net/mailman/listinfo/cisco-nsp > archive at http://puck.nether.net/pipermail/cisco-nsp/ --- End Message --- ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] 3850 / 3650 storm control
Hey Scott, In edge links, you can limit multicast and broadcast very severely. There is very little point to limit unicast even in edge links, unless you want to protect firewall from some owned host sending 1.48M SYN pps. In core links you may not need/want to limit at all, but if you must, it needs to be many times the edge limit, so that edge ports can't cause DoS vector and stop ARP from working by congesting the core broadcast limiter. Assuming you don't actually run multicast applications and that you don't have any esoteric LAN distribution application using broadcast. I'd limit edge ports 10pps for mcast and bcast each, and drop excess (not put port down or anything). In core ports I'd limit mcast and bcast to maybe 2000pps. I find that often when people configure these, they configure the limit in bps and slightly below line rate, which is non-sensical. On 22 November 2017 at 18:13, Scott Vollwrote: > So I'm green field with 3850 at the distribution layer and 3650 at the > access layer. > > Since I don't have anything to start with, what would be save storm control > limits to start with on each platform for Broadcast, multicast,and > Unicast? > > Mgig to the edge, 20gig to the distribution, and 160 gig to the core. > > TIA > > Scott > ___ > cisco-nsp mailing list cisco-nsp@puck.nether.net > https://puck.nether.net/mailman/listinfo/cisco-nsp > archive at http://puck.nether.net/pipermail/cisco-nsp/ -- ++ytti ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] ospf database size - affects that underlying transport mtu might have
Hi, On Wed, Nov 22, 2017 at 11:50:51AM -0600, Aaron Gould wrote: > This is a *single area* ospf environment, that has been stable for years.. > But now suddenly is having issues with new ospf neightbor adjacencies , > which are riding a 3rd party transport network Which is pretty standard if you configure a larger MTU than the provider is giving you. OSPF is filling up handshake packets to the configured MTU (always) so if max-MTU packets are lost, no OSPF adjacencies. gert -- now what should I write here... Gert Doering - Munich, Germany g...@greenie.muc.de signature.asc Description: PGP signature ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
[c-nsp] ospf database size - affects that underlying transport mtu might have
This is a *single area* ospf environment, that has been stable for years.. But now suddenly is having issues with new ospf neightbor adjacencies , which are riding a 3rd party transport network Anyone ever experienced anything strange with underlying transport network mtu possibly causing ospf neighbor adjacency to be broken ? I'm asking if the underlying 3rd party transport layer 2 network has a smaller mtu than the endpoint ospf ip interface have, could this cause those ospf neighbors to not fully establish ? .and I'm also asking this if the single ospf area has grown large enough to cause some sort of initial database packet to be larger than that underlying 3rd party mtu is providing -Aaron ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
[c-nsp] 3850 / 3650 storm control
So I'm green field with 3850 at the distribution layer and 3650 at the access layer. Since I don't have anything to start with, what would be save storm control limits to start with on each platform for Broadcast, multicast,and Unicast? Mgig to the edge, 20gig to the distribution, and 160 gig to the core. TIA Scott ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] memory issue asr1002-x
--- Begin Message --- Ya, but i think the critical is the IOSd memory. Wondering the IOSd has the features of using based linux swap memory? On 22 November 2017 at 09:17, Christian Kratzerwrote: On Wed, 22 Nov 2017, James Bensley wrote: I believe that the IOSd process is a 32-bit process so it can't use more than 4GBs of RAM. does not look like it on this box: Router#show version | i mem cisco ASR1001 (1RU) processor with 6848986K/6147K bytes of memory. 32768K bytes of non-volatile configuration memory. 16777216K bytes of physical memory. Router# Looks like you are right. I OP has an ASR1002-X, check one here: #show ver | inc mem cisco ASR1002-X (2RU-X) processor (revision 2KP) with 3729028K/6147K bytes of memory. ... 8388608K bytes of physical memory. ^ This only has 8GB of RAM and it is using roughly half as expected. Although not using half isn't exactly a bad sign in its self, the Linux virtual memory manager allows for memory overcommit: #show platform software status control-processor Memory (kb): healthy Total: 8091848 Used: 3885636 (48%) Free: 4206212 (52%) Committed: 5328504 (66%), status: healthy, under 95% So it maybe that IOSd on OP's system would simply grow more when needed? Cheers, James. ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/ On Wednesday, November 22, 2017, 6:23:41 PM GMT+8, caroyy wrote: Hi Guys, Thanks for replying. The iosd i checked is a 64bits IOSd. i suspect is my license issue. possible? cisco ASR1002-X (2RU-X) processor (revision 2KP) with 3553107K/6147K bytes of memory. 32768K bytes of non-volatile configuration memory. 16777216K bytes of physical memory. #show redundancy Redundant System Information : -- Available system uptime = 2 hours, 28 minutes Switchovers system experienced = 0 Standby failures = 0 Last switchover reason = none Hardware Mode = Simplex Configured Redundancy Mode = Non-redundant Operating Redundancy Mode = Non-redundant Maintenance Mode = Disabled Communications = Down Reason: Failure Current Processor Information : --- Active Location = slot 6 Current Software state = ACTIVE Uptime in current state = 2 hours, 28 minutes Image Version = Cisco IOS Software [Fuji], ASR1000 Software (X86_64_LINUX_IOSD-UNIVERSALK9-M), Version 16.7.1, RELEASE SOFTWARE (fc5) Technical Support: http://www.cisco.com/techsupport Copyright (c) 1986-2017 by Cisco Systems, Inc. Compiled Wed 15-Nov-17 19:34 by mcpre BOOT = bootflash:asr1002x-universalk9.16.07.01.SPA.bin,1; CONFIG_FILE = Configuration register = 0x2102 Peer (slot: 7) information is not available because it is in 'DISABLED' state Regards,caroyy Hi, On Wed, 22 Nov 2017, James Bensley wrote: On 22 November 2017 at 03:32, caroyy via cisco-nsp wrote: Hi David, Thank you for replying.Ya the memory allocated 3.5gb to IOSD from the platform is unusually strange. It should be 6.5gb based on 16gb memory router. Just asking the community if anyone has solve/encounter the same problem.Unfortunately, this router i took over from someone and there is no smartnet available. Regards,caroyy Hi Caroyy, I believe that the IOSd process is a 32-bit process so it can't use more than 4GBs of RAM. does not look like it on this box: Router#show version | i mem cisco ASR1001 (1RU) processor with 6848986K/6147K bytes of memory. 32768K bytes of non-volatile configuration memory. 16777216K bytes of physical memory. Router# Try looking at the output of "show redundancy". The ASR1000 had some kind of IOS redundancy feature to run two IOS processes on a box splitting up memory between them. Greetings Christian -- Christian Kratzer CK Software GmbH Email: c...@cksoft.de Wildberger Weg 24/2 Phone: +49 7032 893 997 - 0 D-71126 Gaeufelden Fax: +49 7032 893 997 - 9 HRB 245288, Amtsgericht Stuttgart Mobile: +49 171 1947 843 Geschaeftsfuehrer: Christian Kratzer Web: http://www.cksoft.de/ ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/ On Wednesday, November 22, 2017, 11:32:16 AM GMT+8, caroyy wrote: Hi David, Thank you for replying.Ya the memory allocated 3.5gb to IOSD from the platform is unusually strange. It should be 6.5gb based on 16gb memory router. Just asking the community if anyone has solve/encounter the same
Re: [c-nsp] memory issue asr1002-x
On 22 November 2017 at 09:17, Christian Kratzerwrote: > On Wed, 22 Nov 2017, James Bensley wrote: >> I believe that the IOSd process is a 32-bit process so it can't use >> more than 4GBs of RAM. > > > does not look like it on this box: > > Router#show version | i mem > cisco ASR1001 (1RU) processor with 6848986K/6147K bytes of memory. > 32768K bytes of non-volatile configuration memory. > 16777216K bytes of physical memory. > Router# Looks like you are right. I OP has an ASR1002-X, check one here: #show ver | inc mem cisco ASR1002-X (2RU-X) processor (revision 2KP) with 3729028K/6147K bytes of memory. ... 8388608K bytes of physical memory. ^ This only has 8GB of RAM and it is using roughly half as expected. Although not using half isn't exactly a bad sign in its self, the Linux virtual memory manager allows for memory overcommit: #show platform software status control-processor Memory (kb): healthy Total: 8091848 Used: 3885636 (48%) Free: 4206212 (52%) Committed: 5328504 (66%), status: healthy, under 95% So it maybe that IOSd on OP's system would simply grow more when needed? Cheers, James. ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] memory issue asr1002-x
--- Begin Message --- Hi Guys, Thanks for replying. The iosd i checked is a 64bits IOSd. i suspect is my license issue. possible? cisco ASR1002-X (2RU-X) processor (revision 2KP) with 3553107K/6147K bytes of memory. 32768K bytes of non-volatile configuration memory. 16777216K bytes of physical memory. #show redundancy Redundant System Information : -- Available system uptime = 2 hours, 28 minutes Switchovers system experienced = 0 Standby failures = 0 Last switchover reason = none Hardware Mode = Simplex Configured Redundancy Mode = Non-redundant Operating Redundancy Mode = Non-redundant Maintenance Mode = Disabled Communications = Down Reason: Failure Current Processor Information : --- Active Location = slot 6 Current Software state = ACTIVE Uptime in current state = 2 hours, 28 minutes Image Version = Cisco IOS Software [Fuji], ASR1000 Software (X86_64_LINUX_IOSD-UNIVERSALK9-M), Version 16.7.1, RELEASE SOFTWARE (fc5) Technical Support: http://www.cisco.com/techsupport Copyright (c) 1986-2017 by Cisco Systems, Inc. Compiled Wed 15-Nov-17 19:34 by mcpre BOOT = bootflash:asr1002x-universalk9.16.07.01.SPA.bin,1; CONFIG_FILE = Configuration register = 0x2102 Peer (slot: 7) information is not available because it is in 'DISABLED' state Regards,caroyy Hi, On Wed, 22 Nov 2017, James Bensley wrote: On 22 November 2017 at 03:32, caroyy via cisco-nspwrote: Hi David, Thank you for replying.Ya the memory allocated 3.5gb to IOSD from the platform is unusually strange. It should be 6.5gb based on 16gb memory router. Just asking the community if anyone has solve/encounter the same problem.Unfortunately, this router i took over from someone and there is no smartnet available. Regards,caroyy Hi Caroyy, I believe that the IOSd process is a 32-bit process so it can't use more than 4GBs of RAM. does not look like it on this box: Router#show version | i mem cisco ASR1001 (1RU) processor with 6848986K/6147K bytes of memory. 32768K bytes of non-volatile configuration memory. 16777216K bytes of physical memory. Router# Try looking at the output of "show redundancy". The ASR1000 had some kind of IOS redundancy feature to run two IOS processes on a box splitting up memory between them. Greetings Christian -- Christian Kratzer CK Software GmbH Email: c...@cksoft.de Wildberger Weg 24/2 Phone: +49 7032 893 997 - 0 D-71126 Gaeufelden Fax: +49 7032 893 997 - 9 HRB 245288, Amtsgericht Stuttgart Mobile: +49 171 1947 843 Geschaeftsfuehrer: Christian Kratzer Web: http://www.cksoft.de/ ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/ On Wednesday, November 22, 2017, 11:32:16 AM GMT+8, caroyy wrote: Hi David, Thank you for replying.Ya the memory allocated 3.5gb to IOSD from the platform is unusually strange. It should be 6.5gb based on 16gb memory router. Just asking the community if anyone has solve/encounter the same problem.Unfortunately, this router i took over from someone and there is no smartnet available. Regards,caroyy On Wednesday, November 22, 2017, 10:06:33 AM GMT+8, David Prall wrote: This is how much memory has been assigned to iosd. Show version will display memory allocated to iosd and the total memory installed. David -- http://dcp.dcptech.com On 11/21/17, 5:56 AM, "cisco-nsp on behalf of caroyy via cisco-nsp" wrote: ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/ --- End Message --- ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] memory issue asr1002-x
Hi, On Wed, 22 Nov 2017, James Bensley wrote: On 22 November 2017 at 03:32, caroyy via cisco-nspwrote: Hi David, Thank you for replying.Ya the memory allocated 3.5gb to IOSD from the platform is unusually strange. It should be 6.5gb based on 16gb memory router. Just asking the community if anyone has solve/encounter the same problem.Unfortunately, this router i took over from someone and there is no smartnet available. Regards,caroyy Hi Caroyy, I believe that the IOSd process is a 32-bit process so it can't use more than 4GBs of RAM. does not look like it on this box: Router#show version | i mem cisco ASR1001 (1RU) processor with 6848986K/6147K bytes of memory. 32768K bytes of non-volatile configuration memory. 16777216K bytes of physical memory. Router# Try looking at the output of "show redundancy". The ASR1000 had some kind of IOS redundancy feature to run two IOS processes on a box splitting up memory between them. Greetings Christian -- Christian Kratzer CK Software GmbH Email: c...@cksoft.de Wildberger Weg 24/2 Phone: +49 7032 893 997 - 0 D-71126 Gaeufelden Fax: +49 7032 893 997 - 9 HRB 245288, Amtsgericht Stuttgart Mobile: +49 171 1947 843 Geschaeftsfuehrer: Christian Kratzer Web: http://www.cksoft.de/ ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] memory issue asr1002-x
On 22 November 2017 at 03:32, caroyy via cisco-nspwrote: > Hi David, > Thank you for replying.Ya the memory allocated 3.5gb to IOSD from the > platform is unusually strange. It should be 6.5gb based on 16gb memory router. > Just asking the community if anyone has solve/encounter the same > problem.Unfortunately, this router i took over from someone and there is no > smartnet available. > Regards,caroyy Hi Caroyy, I believe that the IOSd process is a 32-bit process so it can't use more than 4GBs of RAM. Cheers, James. ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/