Re: [c-nsp] NAT logging ASR1k
T, We are having around 200-300k non-CGNAT translations on ASR1001-X and using Netflow Event Logging. The CPU on average is less than 20%. Regards, Patrick Sun, Jul 08, 2018 at 05:12:29PM +0200, ring...@mail.com wrote: > Hi everybody, > > Have an ASR 1006 doing NAT translations, it is having around 300k+ and > wanted to ask for a recommendation about logging those NAT translations. > > Tried it with a collector via Netflow v9 with the export command "ip nat log > translationsflow-export v9 udp destination" command the CPU spiked to 100%. > > Is there a recommendation as a workaround or have alternative solution which > is easy on resources to those massive NAT translations? > > Thanks, > T. > ___ > cisco-nsp mailing list cisco-nsp@puck.nether.net > https://puck.nether.net/mailman/listinfo/cisco-nsp > archive at http://puck.nether.net/pipermail/cisco-nsp/ ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] Leaked Video or Not (Linux and Cisco for internal Sales folks)
> From: Marcus Leske [mailto:marcusles...@gmail.com] > Sent: Saturday, July 07, 2018 3:58 PM > > open APIs tops that funny abuse list IMHO : > https://github.com/OAI/OpenAPI-Specification/issues/568 > > can we change the topic of the thread to an informative one, instead of a > leaked video or not, to why exactly do network engineers are often > confused by the abusive marketing all over the place of what is open and > what is not and other computing terms. > > I guess this is happening in networking more often than other domains > because networking people didnt get a chance in their career to learn about > the world of computing, their heads were somewhere else, learning about > complex networking protocols and not the common computing interfaces, > the open source world, existing frameworks and paradigms, this video helps > a bit on how did this happen: > https://vimeo.com/262190505https://vimeo.com/262190505 > > has anyone here seen list of topics that network engineers usually miss on > their journey ? i know they never get exposed to software development > and engineering in general, databases, web technologies, operating system > fundamentals. > Well I guess if you stick around in networking for long time you kind of get exposed to some of these to a certain level on a day job, some of it was covered in school in various levels of detail, and to some of these concepts we (networkers) get a specific very narrow filed exposure I'd say, like in your example of databases -well various protocol tables are good examples of decentralized distributed databases, then some Network OS-es are good examples of distributed operating systems. So I guess it then just boils down to the willingness of and individual to understand these concepts on an ever more fundamental level -with every next interaction with these. Maybe it draws one more towards the software development side or perhaps more towards the somewhat holistic understanding of the networking discipline through graph theory and complex adaptive systems. adam netconsultings.com ::carrier-class solutions for the telecommunications industry:: ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] NAT logging ASR1k
Bulk logging and port block allocation (PBA)? https://www.cisco.com/c/en/us/td/docs/ios-xml/ios/ipaddr_nat/configuration/xe-3s/nat-xe-3s-book/iadnat-bpa.html I do PBA in groups of 100 ports on my CGNAT deployment (juniper) and use syslog to log. Using port block allocation caused the syslogging to slow down significantly Aaron > On Jul 8, 2018, at 10:12 AM, ring...@mail.com wrote: > > Hi everybody, > > Have an ASR 1006 doing NAT translations, it is having around 300k+ and > wanted to ask for a recommendation about logging those NAT translations. > > Tried it with a collector via Netflow v9 with the export command "ip nat log > translationsflow-export v9 udp destination" command the CPU spiked to 100%. > > Is there a recommendation as a workaround or have alternative solution which > is easy on resources to those massive NAT translations? > > Thanks, > T. > ___ > cisco-nsp mailing list cisco-nsp@puck.nether.net > https://puck.nether.net/mailman/listinfo/cisco-nsp > archive at http://puck.nether.net/pipermail/cisco-nsp/ ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] choosing a switch.... cat6500 vs cat6800
On 8/Jul/18 00:51, Eli Kagan via cisco-nsp wrote: > 1. Cat6807, sup6T -- would be my first choice but other techies have > no experience with it and are reluctant to agree. > > 2. Cat6506-E. sup2T -- 7 years old, perhaps will be EoL shortly > otherwise will do. > 3. Cat4507R+E, sup9 -- good on paper but I had too manyhardware and > software issues with the existing cat4500 for me to be comfortablewith this > option. On top of that, Cisco is “encouraging” to go to Cat9400instead > 4. Cat9400 7-slot -- I know nothing about that thing. Does it support > quad sup VSS or similar? Is it too cutting edge for a financial client? Is > the code stable enough? > > > 5. Nexus 7700 6-slot or Nexus 9504 -- both are expensive ashell. > Any insight would be highlyappreciated. We've been running the 6880-X as core switch since 2014. No major issues to report of in all of that time, but again, these just do simple Layer 2 Ethernet switching in the core. We've ran them in smaller PoP's that have been happy with N x 10Gbps links in the core. For larger core PoP's, we've deployed 100Gbps on Arista's 7508E's. If you are looking for something nice and simple, the 6880-X is reasonably priced. Just watch for those 16x 10Gbps line cards; they are actually oversubscribed 2:1; so like us, you'd do well to run each of them at 80Gbps maximum so you don't have to worry about this. The Nexus switches are too costly. If you aren't looking for anything fancy, I'd stay away from them. I'd also advise you to look at the Arista switches. CLI-wise, it is essentially IOS, so not much for you to learn apart from Arista-specific things which, IMHO for such a use-case, is only about 20% of the CLI. Price-wise, you can do a good deal with them. Mark. ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
[c-nsp] NAT logging ASR1k
Hi everybody, Have an ASR 1006 doing NAT translations, it is having around 300k+ and wanted to ask for a recommendation about logging those NAT translations. Tried it with a collector via Netflow v9 with the export command "ip nat log translationsflow-export v9 udp destination" command the CPU spiked to 100%. Is there a recommendation as a workaround or have alternative solution which is easy on resources to those massive NAT translations? Thanks, T. ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
