date:20171122

Re: [c-nsp] ospf database size - affects that underlying transport mtu might have

2017-11-22 Thread Nick Hilliard

Aaron Gould wrote:
> Anyone ever experienced anything strange with underlying transport network
> mtu possibly causing ospf neighbor adjacency to be broken ?

yes, it happens and it's ugly.

Nick

___
cisco-nsp mailing list  cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/

Re: [c-nsp] 3850 / 3650 storm control

2017-11-22 Thread Saku Ytti

On 22 November 2017 at 20:56, Charles Sprickman  wrote:

> If you did have some multicast traffic, like a basic 720p or 1080p video
> stream, what’s a good rule of thumb for that?  Assume 5-8 Mb/s.
> Just watch a port with an active viewer and go 10-20% above what
> you see as a limit for multicast?

I probably wouldn't limit it then. Because you're likely running IGMP
snooping in L2 then and doing other multicast related due diligence.

Or more generally I'd apply same logic then as for unicast.

-- 
  ++ytti
___
cisco-nsp mailing list  cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/

Re: [c-nsp] 3850 / 3650 storm control

2017-11-22 Thread Charles Sprickman via cisco-nsp

--- Begin Message ---
Just chiming in with a quick question...

> On Nov 22, 2017, at 1:25 PM, Saku Ytti  wrote:
> 
> Hey Scott,
> 
> In edge links, you can limit multicast and broadcast very severely.
> There is very little point to limit unicast even in edge links, unless
> you want to protect firewall from some owned host sending 1.48M SYN
> pps.

[…]

> Assuming you don't actually run multicast applications and that you
> don't have any esoteric LAN distribution application using broadcast.
> I'd limit edge ports 10pps for mcast and bcast each, and drop excess
> (not put port down or anything). In core ports I'd limit mcast and
> bcast to maybe 2000pps.

If you did have some multicast traffic, like a basic 720p or 1080p video
stream, what’s a good rule of thumb for that?  Assume 5-8 Mb/s.
Just watch a port with an active viewer and go 10-20% above what
you see as a limit for multicast?

Thanks,

Charles

> 
> 
> I find that often when people configure these, they configure the
> limit in bps and slightly below line rate, which is non-sensical.
> 
> On 22 November 2017 at 18:13, Scott Voll  wrote:
>> So I'm green field with 3850 at the distribution layer and 3650 at the
>> access layer.
>> 
>> Since I don't have anything to start with, what would be save storm control
>> limits to start with on each platform for Broadcast, multicast,and
>> Unicast?
>> 
>> Mgig to the edge, 20gig to the distribution, and 160 gig to the core.
>> 
>> TIA
>> 
>> Scott
>> ___
>> cisco-nsp mailing list  cisco-nsp@puck.nether.net
>> https://puck.nether.net/mailman/listinfo/cisco-nsp
>> archive at http://puck.nether.net/pipermail/cisco-nsp/
> 
> 
> 
> -- 
>  ++ytti
> ___
> cisco-nsp mailing list  cisco-nsp@puck.nether.net
> https://puck.nether.net/mailman/listinfo/cisco-nsp
> archive at http://puck.nether.net/pipermail/cisco-nsp/

--- End Message ---
___
cisco-nsp mailing list  cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/

Re: [c-nsp] 3850 / 3650 storm control

2017-11-22 Thread Saku Ytti

Hey Scott,

In edge links, you can limit multicast and broadcast very severely.
There is very little point to limit unicast even in edge links, unless
you want to protect firewall from some owned host sending 1.48M SYN
pps.

In core links you may not need/want to limit at all, but if you must,
it needs to be many times the edge limit, so that edge ports can't
cause DoS vector and stop ARP from working by congesting the core
broadcast limiter.

Assuming you don't actually run multicast applications and that you
don't have any esoteric LAN distribution application using broadcast.
I'd limit edge ports 10pps for mcast and bcast each, and drop excess
(not put port down or anything). In core ports I'd limit mcast and
bcast to maybe 2000pps.

I find that often when people configure these, they configure the
limit in bps and slightly below line rate, which is non-sensical.

On 22 November 2017 at 18:13, Scott Voll  wrote:
> So I'm green field with 3850 at the distribution layer and 3650 at the
> access layer.
>
> Since I don't have anything to start with, what would be save storm control
> limits to start with on each platform for Broadcast, multicast,and
> Unicast?
>
> Mgig to the edge, 20gig to the distribution, and 160 gig to the core.
>
> TIA
>
> Scott
> ___
> cisco-nsp mailing list  cisco-nsp@puck.nether.net
> https://puck.nether.net/mailman/listinfo/cisco-nsp
> archive at http://puck.nether.net/pipermail/cisco-nsp/

-- 
  ++ytti
___
cisco-nsp mailing list  cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/

Re: [c-nsp] ospf database size - affects that underlying transport mtu might have

2017-11-22 Thread Gert Doering

Hi,

On Wed, Nov 22, 2017 at 11:50:51AM -0600, Aaron Gould wrote:
> This is a *single area* ospf environment, that has been stable for years..
> But now suddenly is having issues with new ospf neightbor adjacencies ,
> which are riding a 3rd party transport network 

Which is pretty standard if you configure a larger MTU than the provider
is giving you.  OSPF is filling up handshake packets to the configured MTU
(always) so if max-MTU packets are lost, no OSPF adjacencies.

gert
-- 
now what should I write here...

Gert Doering - Munich, Germany g...@greenie.muc.de


signature.asc
Description: PGP signature
___
cisco-nsp mailing list  cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/

[c-nsp] ospf database size - affects that underlying transport mtu might have

2017-11-22 Thread Aaron Gould

This is a *single area* ospf environment, that has been stable for years..
But now suddenly is having issues with new ospf neightbor adjacencies ,
which are riding a 3rd party transport network 

 

Anyone ever experienced anything strange with underlying transport network
mtu possibly causing ospf neighbor adjacency to be broken ?  I'm asking if
the underlying 3rd party transport layer 2 network has a smaller mtu than
the endpoint ospf ip interface have, could this cause those ospf neighbors
to not fully establish ? .and I'm also asking this if the single ospf area
has grown large enough to cause some sort of initial database packet to be
larger than that underlying 3rd party mtu is providing

 

-Aaron

 

___
cisco-nsp mailing list  cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/

[c-nsp] 3850 / 3650 storm control

2017-11-22 Thread Scott Voll

So I'm green field with 3850 at the distribution layer and 3650 at the
access layer.

Since I don't have anything to start with, what would be save storm control
limits to start with on each platform for Broadcast, multicast,and
Unicast?

Mgig to the edge, 20gig to the distribution, and 160 gig to the core.

TIA

Scott
___
cisco-nsp mailing list  cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/

Re: [c-nsp] memory issue asr1002-x

2017-11-22 Thread caroyy via cisco-nsp

--- Begin Message ---
 Ya, but i think the critical is the IOSd memory. Wondering the IOSd has the 
features of using based linux swap memory?
On 22 November 2017 at 09:17, Christian Kratzer  wrote:

On Wed, 22 Nov 2017, James Bensley wrote:

I believe that the IOSd process is a 32-bit process so it can't use
more than 4GBs of RAM.

does not look like it on this box:

Router#show version | i mem
cisco ASR1001 (1RU) processor with 6848986K/6147K bytes of memory.
32768K bytes of non-volatile configuration memory.
16777216K bytes of physical memory.
Router#

Looks like you are right.

I OP has an ASR1002-X, check one here:

#show ver | inc mem
cisco ASR1002-X (2RU-X) processor (revision 2KP) with 3729028K/6147K
bytes of memory.
...
8388608K bytes of physical memory.


^ This only has 8GB of RAM and it is using roughly half as expected.


Although not using half isn't exactly a bad sign in its self, the
Linux virtual memory manager allows for memory overcommit:

#show platform software status control-processor
Memory (kb): healthy
  Total: 8091848
  Used: 3885636 (48%)
  Free: 4206212 (52%)
  Committed: 5328504 (66%), status: healthy, under 95%

So it maybe that IOSd on OP's system would simply grow more when needed?

Cheers,
James.
___
cisco-nsp mailing list  cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/




On Wednesday, November 22, 2017, 6:23:41 PM GMT+8, caroyy 
 wrote:  
 
  Hi Guys,
Thanks for replying. The iosd i checked is a 64bits IOSd. 
i suspect is my license issue. possible?

cisco ASR1002-X (2RU-X) processor (revision 2KP) with 3553107K/6147K bytes of 
memory.

32768K bytes of non-volatile configuration memory.

16777216K bytes of physical memory.




#show redundancy

Redundant System Information :

--

       Available system uptime = 2 hours, 28 minutes

Switchovers system experienced = 0

              Standby failures = 0

        Last switchover reason = none




                 Hardware Mode = Simplex

    Configured Redundancy Mode = Non-redundant

     Operating Redundancy Mode = Non-redundant

              Maintenance Mode = Disabled

                Communications = Down      Reason: Failure




Current Processor Information :

---

               Active Location = slot 6

        Current Software state = ACTIVE

       Uptime in current state = 2 hours, 28 minutes

                 Image Version = Cisco IOS Software [Fuji], ASR1000 Software 
(X86_64_LINUX_IOSD-UNIVERSALK9-M), Version 16.7.1, RELEASE SOFTWARE (fc5)

Technical Support: http://www.cisco.com/techsupport

Copyright (c) 1986-2017 by Cisco Systems, Inc.

Compiled Wed 15-Nov-17 19:34 by mcpre

                          BOOT = 
bootflash:asr1002x-universalk9.16.07.01.SPA.bin,1;

                   CONFIG_FILE = 

        Configuration register = 0x2102




Peer (slot: 7) information is not available because it is in 'DISABLED' state


Regards,caroyy

Hi,

On Wed, 22 Nov 2017, James Bensley wrote:


On 22 November 2017 at 03:32, caroyy via cisco-nsp
 wrote:

 Hi David,
Thank you for replying.Ya the memory allocated 3.5gb to IOSD from the platform 
is unusually strange. It should be 6.5gb based on 16gb memory router.
Just asking the community if anyone has solve/encounter the same 
problem.Unfortunately, this router i took over from someone and there is no 
smartnet available.
Regards,caroyy


Hi Caroyy,

I believe that the IOSd process is a 32-bit process so it can't use
more than 4GBs of RAM.


does not look like it on this box:

Router#show version | i mem
cisco ASR1001 (1RU) processor with 6848986K/6147K bytes of memory.
32768K bytes of non-volatile configuration memory.
16777216K bytes of physical memory.
Router#

Try looking at the output of "show redundancy".  The ASR1000 had some kind of 
IOS redundancy feature to run two IOS processes on a box splitting up memory 
between them.


Greetings
Christian


-- 
Christian Kratzer   CK Software GmbH
Email:   c...@cksoft.de   Wildberger Weg 24/2
Phone:   +49 7032 893 997 - 0   D-71126 Gaeufelden
Fax: +49 7032 893 997 - 9   HRB 245288, Amtsgericht Stuttgart
Mobile:  +49 171 1947 843   Geschaeftsfuehrer: Christian Kratzer
Web: http://www.cksoft.de/
___
cisco-nsp mailing list  cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/


On Wednesday, November 22, 2017, 11:32:16 AM GMT+8, caroyy 
 wrote:  
 
  Hi David,
Thank you for replying.Ya the memory allocated 3.5gb to IOSD from the platform 
is unusually strange. It should be 6.5gb based on 16gb memory router.
Just asking the community if anyone has solve/encounter the same

Re: [c-nsp] memory issue asr1002-x

2017-11-22 Thread James Bensley

On 22 November 2017 at 09:17, Christian Kratzer  wrote:
> On Wed, 22 Nov 2017, James Bensley wrote:
>> I believe that the IOSd process is a 32-bit process so it can't use
>> more than 4GBs of RAM.
>
>
> does not look like it on this box:
>
> Router#show version | i mem
> cisco ASR1001 (1RU) processor with 6848986K/6147K bytes of memory.
> 32768K bytes of non-volatile configuration memory.
> 16777216K bytes of physical memory.
> Router#

Looks like you are right.

I OP has an ASR1002-X, check one here:

#show ver | inc mem
cisco ASR1002-X (2RU-X) processor (revision 2KP) with 3729028K/6147K
bytes of memory.
...
8388608K bytes of physical memory.

^ This only has 8GB of RAM and it is using roughly half as expected.

Although not using half isn't exactly a bad sign in its self, the
Linux virtual memory manager allows for memory overcommit:

#show platform software status control-processor
Memory (kb): healthy
  Total: 8091848
  Used: 3885636 (48%)
  Free: 4206212 (52%)
  Committed: 5328504 (66%), status: healthy, under 95%

So it maybe that IOSd on OP's system would simply grow more when needed?

Cheers,
James.
___
cisco-nsp mailing list  cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/

Re: [c-nsp] memory issue asr1002-x

2017-11-22 Thread caroyy via cisco-nsp

--- Begin Message ---
 Hi Guys,
Thanks for replying. The iosd i checked is a 64bits IOSd. 
i suspect is my license issue. possible?

cisco ASR1002-X (2RU-X) processor (revision 2KP) with 3553107K/6147K bytes of 
memory.

32768K bytes of non-volatile configuration memory.

16777216K bytes of physical memory.




#show redundancy

Redundant System Information :

--

       Available system uptime = 2 hours, 28 minutes

Switchovers system experienced = 0

              Standby failures = 0

        Last switchover reason = none




                 Hardware Mode = Simplex

    Configured Redundancy Mode = Non-redundant

     Operating Redundancy Mode = Non-redundant

              Maintenance Mode = Disabled

                Communications = Down      Reason: Failure




Current Processor Information :

---

               Active Location = slot 6

        Current Software state = ACTIVE

       Uptime in current state = 2 hours, 28 minutes

                 Image Version = Cisco IOS Software [Fuji], ASR1000 Software 
(X86_64_LINUX_IOSD-UNIVERSALK9-M), Version 16.7.1, RELEASE SOFTWARE (fc5)

Technical Support: http://www.cisco.com/techsupport

Copyright (c) 1986-2017 by Cisco Systems, Inc.

Compiled Wed 15-Nov-17 19:34 by mcpre

                          BOOT = 
bootflash:asr1002x-universalk9.16.07.01.SPA.bin,1;

                   CONFIG_FILE = 

        Configuration register = 0x2102




Peer (slot: 7) information is not available because it is in 'DISABLED' state


Regards,caroyy

Hi,

On Wed, 22 Nov 2017, James Bensley wrote:


On 22 November 2017 at 03:32, caroyy via cisco-nsp
 wrote:

 Hi David,
Thank you for replying.Ya the memory allocated 3.5gb to IOSD from the platform 
is unusually strange. It should be 6.5gb based on 16gb memory router.
Just asking the community if anyone has solve/encounter the same 
problem.Unfortunately, this router i took over from someone and there is no 
smartnet available.
Regards,caroyy


Hi Caroyy,

I believe that the IOSd process is a 32-bit process so it can't use
more than 4GBs of RAM.


does not look like it on this box:

Router#show version | i mem
cisco ASR1001 (1RU) processor with 6848986K/6147K bytes of memory.
32768K bytes of non-volatile configuration memory.
16777216K bytes of physical memory.
Router#

Try looking at the output of "show redundancy".  The ASR1000 had some kind of 
IOS redundancy feature to run two IOS processes on a box splitting up memory 
between them.


Greetings
Christian


-- 
Christian Kratzer   CK Software GmbH
Email:   c...@cksoft.de   Wildberger Weg 24/2
Phone:   +49 7032 893 997 - 0   D-71126 Gaeufelden
Fax: +49 7032 893 997 - 9   HRB 245288, Amtsgericht Stuttgart
Mobile:  +49 171 1947 843   Geschaeftsfuehrer: Christian Kratzer
Web: http://www.cksoft.de/
___
cisco-nsp mailing list  cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/


On Wednesday, November 22, 2017, 11:32:16 AM GMT+8, caroyy 
 wrote:  
 
  Hi David,
Thank you for replying.Ya the memory allocated 3.5gb to IOSD from the platform 
is unusually strange. It should be 6.5gb based on 16gb memory router.
Just asking the community if anyone has solve/encounter the same 
problem.Unfortunately, this router i took over from someone and there is no 
smartnet available.
Regards,caroyy
On Wednesday, November 22, 2017, 10:06:33 AM GMT+8, David Prall 
 wrote:  
 
 This is how much memory has been assigned to iosd. Show version will display 
memory allocated to iosd and the total memory installed. 

David
--
http://dcp.dcptech.com
On 11/21/17, 5:56 AM, "cisco-nsp on behalf of caroyy via cisco-nsp" 
 
wrote:

    ___
    cisco-nsp mailing list  cisco-nsp@puck.nether.net
    https://puck.nether.net/mailman/listinfo/cisco-nsp
    archive at http://puck.nether.net/pipermail/cisco-nsp/

--- End Message ---
___
cisco-nsp mailing list  cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/

Re: [c-nsp] memory issue asr1002-x

2017-11-22 Thread Christian Kratzer


Hi,

On Wed, 22 Nov 2017, James Bensley wrote:


On 22 November 2017 at 03:32, caroyy via cisco-nsp
 wrote:

 Hi David,
Thank you for replying.Ya the memory allocated 3.5gb to IOSD from the platform 
is unusually strange. It should be 6.5gb based on 16gb memory router.
Just asking the community if anyone has solve/encounter the same 
problem.Unfortunately, this router i took over from someone and there is no 
smartnet available.
Regards,caroyy


Hi Caroyy,

I believe that the IOSd process is a 32-bit process so it can't use
more than 4GBs of RAM.


does not look like it on this box:

Router#show version | i mem
cisco ASR1001 (1RU) processor with 6848986K/6147K bytes of memory.
32768K bytes of non-volatile configuration memory.
16777216K bytes of physical memory.
Router#

Try looking at the output of "show redundancy".  The ASR1000 had some kind of 
IOS redundancy feature to run two IOS processes on a box splitting up memory between them.


Greetings
Christian


--
Christian Kratzer   CK Software GmbH
Email:   c...@cksoft.de   Wildberger Weg 24/2
Phone:   +49 7032 893 997 - 0   D-71126 Gaeufelden
Fax: +49 7032 893 997 - 9   HRB 245288, Amtsgericht Stuttgart
Mobile:  +49 171 1947 843   Geschaeftsfuehrer: Christian Kratzer
Web: http://www.cksoft.de/
___
cisco-nsp mailing list  cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/

Re: [c-nsp] memory issue asr1002-x

2017-11-22 Thread James Bensley

On 22 November 2017 at 03:32, caroyy via cisco-nsp
 wrote:
>  Hi David,
> Thank you for replying.Ya the memory allocated 3.5gb to IOSD from the 
> platform is unusually strange. It should be 6.5gb based on 16gb memory router.
> Just asking the community if anyone has solve/encounter the same 
> problem.Unfortunately, this router i took over from someone and there is no 
> smartnet available.
> Regards,caroyy

Hi Caroyy,

I believe that the IOSd process is a 32-bit process so it can't use
more than 4GBs of RAM.

Cheers,
James.
___
cisco-nsp mailing list  cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/

Re: [c-nsp] ospf database size - affects that underlying transport mtu might have

Re: [c-nsp] 3850 / 3650 storm control

Re: [c-nsp] 3850 / 3650 storm control

Re: [c-nsp] 3850 / 3650 storm control

Re: [c-nsp] ospf database size - affects that underlying transport mtu might have

[c-nsp] ospf database size - affects that underlying transport mtu might have

[c-nsp] 3850 / 3650 storm control

Re: [c-nsp] memory issue asr1002-x

Re: [c-nsp] memory issue asr1002-x

Re: [c-nsp] memory issue asr1002-x

Re: [c-nsp] memory issue asr1002-x

Re: [c-nsp] memory issue asr1002-x

12 matches

Site Navigation

Mail list logo

Footer information