[c-nsp] IOS ip-base to advanced-ip-services upgrade

[james list]

Dear experts,
I am wondering if anybody has clear the process to upgrade an ASR1001X from
ip base to advanced ip.

I need to enable BFD on BGP and seems that an upgrade is needed.

I'd like to know if it's right to use or we need to buy a new license.

Thanks for a feedback

Cheers
James
___
cisco-nsp mailing list  cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/

Re: [c-nsp] IP SLA tracking, static routes and OSPF announcements

[Scott Harvanek]

Ok, got it, that works unfortunately the data has rolled so if I’ll keep it up 
my sleeve to do this if it happens again…

Scott H
Login, LLC



> On Apr 22, 2018, at 7:57 PM, Khan Muddassir  wrote:
> 
> Hi Scott,
> the command looks to be "sho ip ospf statis", I wrongly typed the database.
> https://www.cisco.com/c/en/us/td/docs/ios-xml/ios/iproute_ospf/command/iro-cr-book/ospf-s1.html#wp3494003981
>  
> 
> 
> -muddassir
> 
> On Sun, Apr 22, 2018 at 11:23 PM, Scott Harvanek  > wrote:
> Muddasir;
> 
> Unfortunately I do not, the statistics command does not seem to exist;
> 
> sh ip ospf database statistics 
>^
> % Invalid input detected at '^' marker.
> 
> sh ip ospf database ?
>   adv-routerAdvertising Router link states
>   asbr-summary  ASBR summary link states
>   database-summary  Summary of database
>   external  External link states
>   internal  Internal LSA information
>   multicast Multicast Topology
>   network   Network link states
>   nssa-external NSSA External link states
>   opaque-area   Opaque Area link states
>   opaque-as Opaque AS link states
>   opaque-link   Opaque Link-Local link states
>   routerRouter link states
>   self-originateSelf-originated link states
>   summary   Network summary link states
>   topology  Unicast Topology
> 
> Scott H
> 
> 
> 
>> On Apr 21, 2018, at 12:01 PM, Khan Muddassir > > wrote:
>> 
>>   Redistributing via ospf x
>> 
>> do you have the output of the OSPF db from the 6500's? specifically "sho ip 
>> ospf data self-originate"? did the 6500's themselves update their db after 
>> track 5 went down? "sho ip ospf data statistics" should also help track if 
>> there was a change in lsdb which would ideally match the outage time.
>> 
>> On Fri, Apr 20, 2018 at 10:52 PM, Scott Harvanek > > wrote:
>> I’ve encountered an odd routing issue and I’m hoping it’s a simple 
>> configuration issue and not a Bug, looking for input on this please :)
>> 
>> Equipment: Cisco 6500E series w/ SUP720 MSFC3/PFC3
>> Software: 15.1(2)SY10, RELEASE SOFTWARE (fc4) ADV IP Services
>> 
>> Scenario;
>> We have a pair of the above software/hardware combinations, providing HSRP 
>> to another device.  A /29 is used as the link network/HSRP and there are 
>> subnets then routed to the far side in each 6509E.  We are using IP SLA 
>> reachability tracking to activate/deactivate routes;
>> 
>> Tracking configuration;
>> track 5 ip sla 5 reachability
>> ip sla 5
>>  icmp-echo  source-ip 
>>  threshold 2
>>  timeout 1000
>>  frequency 3
>> ip sla schedule 5 life forever start-time now
>> 
>> ip route x.x.x.x 255.255.255.224  track 5
>> ip route x.x.x.x 255.255.255.248  track 5
>> 
>> This is all works fine however, the far side router briefly stopped 
>> responding or a reachability issue occurred;
>> 
>> Apr 19 21:45:13.771: %TRACKING-5-STATE: 5 ip sla 5 reachability Up->Down
>> Apr 19 21:45:18.771: %TRACKING-5-STATE: 5 ip sla 5 reachability Down->Up
>> 
>> When this occurred, the routes were no longer being announced even after 
>> recover HOWEVER the router (6509E) thought they were;
>> 
>> TUSLDC2.C6509E.1#sh ip route x.x.x.x
>> Routing entry for x.x.x.x/27
>>   Known via "static", distance 1, metric 0
>>   Redistributing via ospf x
>>   Advertised by ospf x subnets
>>   Routing Descriptor Blocks:
>>   * 
>>   Route metric is 0, traffic share count is 1 
>> 
>> However, none of the other OSPF neighbors saw this route announcement, upon 
>> removing the static routes and re-applying them the announcement was then 
>> visible again… no other changes were made;
>> 
>> no ip route x.x.x.x 255.255.255.224  track 5
>> no ip route x.x.x.x 255.255.255.248  track 5
>> ip route x.x.x.x 255.255.255.224  track 5
>> ip route x.x.x.x 255.255.255.248  track 5
>> 
>> What am I doing wrong or, is this a bug/known behavior?
>> 
>> -Scott H
>> 
>> 
>> 
>> ___
>> cisco-nsp mailing list  cisco-nsp@puck.nether.net 
>> 
>> https://puck.nether.net/mailman/listinfo/cisco-nsp 
>> 
>> archive at http://puck.nether.net/pipermail/cisco-nsp/ 
>> 
>> 
>> 
>> 
>> -- 
>> Thanks & Regards,
>> Muddasir Khan
> 
> 
> 
> 
> -- 
> Thanks & Regards,
> Muddasir Khan

___
cisco-nsp mailing list  cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/

Re: [c-nsp] MACSec Stages

[Antoine Monnier]

Hi Graham,

Kind of OT, but what is the title of your book on IPsec VPN?

thanks

On Fri, Apr 20, 2018 at 7:55 AM, Graham Bartlett (grbartle) <
grbar...@cisco.com> wrote:

> Hi
>
> A few of us in Cisco were thinking of writing a CiscoPress book on MACsec,
> which would include details of the inner workings, including protocol flows
> and how the various key material is derived etc.
>
> If this was available would there be interest in this ?
>
> The reason I ask is, I spent a lot of time and effort developing a book on
> IPsec VPNs and it’s got a very narrow audience. I would imagine that
> there’s even less interest in MACsec. But if we could produce something
> that meets your needs and there is interest we could reconsider.
>
> cheers
>
> On 17/04/2018, 14:18, "cisco-nsp on behalf of Nick Cutting" <
> cisco-nsp-boun...@puck.nether.net on behalf of ncutt...@edgetg.com> wrote:
>
> I agree - I spent weeks with TAC cases open etc. and Cisco has no idea
> how this works either.
>
> I gave up and built a L3 routed VPN.
>
> I am waiting for the How-to article by Jeremey Stretch!
> -Original Message-
> From: cisco-nsp  On Behalf Of Alex
> K.
> Sent: Tuesday, April 17, 2018 4:13 AM
> To: Alan Buxey 
> Cc: cisco-nsp 
> Subject: Re: [c-nsp] MACSec Stages
>
> This message originates from outside of your organisation.
>
> Hello Alan and thank you for answering.
>
> That's the point - all one can find by searching the standard ID, is a
> bunch of unrelated documents, some from IEEE, some from independent sources
> - none display any coherent picture whatsoever.
>
> Not to mention none provide any overview of the protocol. Just some
> not connected points.
>
> Such lack of the documentation by all major vendors (white paper
> stating MACSEC is an encryption protocol, doesn't count as a documentation)
> hit the hardest when it comes to troubleshooting. No explanation for
> debugs, no known steps for endpoints to pass through, you're pretty much on
> your own trying to figure out what's going on.
>
> Alex.
>
> בתאריך יום ג׳, 10 באפר' 2018, 16:06, מאת Alan Buxey ‏<
> alan.bu...@gmail.com>:
>
> > 802.1AE
> >
> > Look that up for how it works
> >
> > alan
> >
> > On Wed, 4 Apr 2018, 00:32 Alex K.,  wrote:
> >
> >> Hello everyone,
> >>
> >> After a few implementations of MACSec, I began wondering is there a
> >> complete documentation of that technology out there?
> >>
> >> For example, I have quite an experience with L2TP. Now, SCCRP may
> >> sound like a bad language to some, but as we all know, it's an
> >> important step in tunnel setup. The internet is literally brimming
> >> with information about L2TP. As for MACSec, maybe it's only me -
> but
> >> I'm having a hard time finding information on MACSec internal
> >> workings (beyond packets formats) especially - when it comes to
> protocols stages and related cisco debugs.
> >>
> >> All I was able to find this far, are some really general sketches
> of
> >> MACSec exchanges and seemingly unrelated debug commands.
> >>
> >> Am I missing something? Any help, such as linking to proper
> >> documentation, successful and unsuccessful debug outputs and such,
> on
> >> and off-list, will be gladly appreciated.
> >>
> >>
> >> Thank you,
> >> Alex.
> >> ___
> >> cisco-nsp mailing list  cisco-nsp@puck.nether.net
> >> https://puck.nether.net/mailman/listinfo/cisco-nsp
> >> archive at http://puck.nether.net/pipermail/cisco-nsp/
> >>
> >
> ___
> cisco-nsp mailing list  cisco-nsp@puck.nether.net
> https://puck.nether.net/mailman/listinfo/cisco-nsp
> archive at http://puck.nether.net/pipermail/cisco-nsp/
>
> ___
> cisco-nsp mailing list  cisco-nsp@puck.nether.net
> https://puck.nether.net/mailman/listinfo/cisco-nsp
> archive at http://puck.nether.net/pipermail/cisco-nsp/
>
>
> ___
> cisco-nsp mailing list  cisco-nsp@puck.nether.net
> https://puck.nether.net/mailman/listinfo/cisco-nsp
> archive at http://puck.nether.net/pipermail/cisco-nsp/
>
>
___
cisco-nsp mailing list  cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/