On Thu, May 17, 2007 at 10:49:40AM -0500, Janet Plato wrote:
On 5/16/07, Chris Woodfield [EMAIL PROTECTED] wrote:
show platform hardware capacity gives you some pretty good data
that may be useful in this situation. I think SXD was the first minor
rev to support it, but I could be wrong.
On Tue, Nov 06, 2007 at 02:30:10PM -0500, Aaron Daubman wrote:
This is going to sound weird, but I am looking for a utility that will
let me tracroute on a specific port to see if and where a port is
being blocked on a network...
Check out the man page for traceroute:
On Tue, Nov 06, 2007 at 01:02:52PM -0600, Jonathan Charles wrote:
This is going to sound weird, but I am looking for a utility that will
let me tracroute on a specific port to see if and where a port is
being blocked on a network...
http://michael.toren.net/code/tcptraceroute/
I run into
suits the situation.
--
- bill fumerola / [EMAIL PROTECTED]
___
cisco-nsp mailing list cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/
On Mon, Jan 14, 2008 at 03:56:40PM -0500, Adam Powers wrote:
I can attest to this. nProbe is your best bet for a ?virtual NetFlow
exporter?. It performs well and has tons of export formats and features. We
use it extensively for QA and testing. You do, however, have to pay a bit
for it whereas
On Fri, Jan 25, 2008 at 12:19:20PM +0200, Tassos Chatzithomaoglou wrote:
Has anyone real world experience of using these 2 features (Reflexive
ACLs or CBAC) on 6500 with MSFC2 (SUP2) or MSFC3 (SUP720)?
depends on your environment.
if you can limit the traffic that that would trigger the
to generate them from a readable source, be the
only one who is reading/writing the resulting acls, or use comments
and/or remarks to explain the math.
--
- bill fumerola / [EMAIL PROTECTED]
___
cisco-nsp mailing list cisco-nsp@puck.nether.net
https
On Thu, Mar 13, 2008 at 04:39:24PM -0400, Matthew Crocker wrote:
Isn't Cisco doing away with all the routers based off the FPGA code?
NSE-100, 7301, NSE-1 *very* fast when the packets can be handled in
PXF, not so good when they can't.
i'd be interested in any documentation or
On Thu, Apr 17, 2008 at 01:32:25PM -0700, virendra rode // wrote:
The PFC3xxx/DFC3xxx do not support egress netflow. If you enable
egress netflow, only the software switched packets are going to get counted.
- -
Is this specific to 6500 platform?
absolutely, the
.
what i'm looking for from the list is a plethora of commands to investigate
what forwarding path is causing this. i've reached the end of my knowledge
on this platform.
plenty more output after my .sig
-- bill fumerola
interface Tunnel1004
description ASH - PAO
bandwidth 1048576
ip
On Fri, Jun 06, 2008 at 08:33:13AM +0200, Elmar K. Bins wrote:
My gut feeling is go with a 7301 or 7200/NPE-G1.
Why? Because it can deliver the 200 Mbit/s bandwidth, and it's a
simple architecture - everything is software, and there is lots less
hidden surprises than with the 6500/7600
On Thu, Jun 05, 2008 at 10:32:30AM -0400, Rodney Dunn wrote:
#1 issue with tunnels is usuall a fragmentation reassembley problem.
(damn, i'm usually smarter than this.. :-)
Watch 'sh ip traffic' outputs for large jumps.
Clear the counters and capture snapshots of 'sh ip traffic'.
we were
On Fri, Jun 06, 2008 at 09:04:05PM +0400, Alexandre Snarskii wrote:
I suppose, You've heard not about Cisco, but about Juniper.
no, i know what i said and it's accurate.
They ported FreeBSD to MIPS and then donated MIPS code back to FreeBSD:
http://www.freebsd.org/news/newsflash.html
25
On Wed, Jun 18, 2008 at 11:47:14AM -0500, Justin Shore wrote:
Has anyone run into any problems with the BGP TTL security check? I've
tried to configure it a couple of times on our eBGP peers with no luck.
The BGP session is eventually dropped after the hold time expires. It
should be
[ i deleted some of this thread already am too lazy to search archives
to see if you posted tcpdumps, i'll go off what's in my mailbox. ]
On Thu, Jun 19, 2008 at 02:22:39PM -0700, Christopher Hunt wrote:
Thanks for the reply. I understand that those values are not
recommended and in fact
On Thu, Jun 19, 2008 at 03:07:27PM -0700, Christopher Hunt wrote:
I am familiar with TCP's concept of Slow Start, but my understanding
is that it is the RWIN that is slow to start. The packet does show the
first packet as 24 Byte payload, but even then the client RWIN is 5888
(scaled
On Thu, Jun 19, 2008 at 04:16:19PM -0700, Christopher Hunt wrote:
It would appear from the sender's counters and from the snmp checks
on the router interface that the interface never hits 10mbps even for a
second, but the rate-limiting counters do show tail drops. I guess it is
difficult
On Sat, Jun 21, 2008 at 07:41:18PM +0300, almog ohayon wrote:
Q : when i have couple of address that i need to know their common wildcard,
i XOR them and i get excellent result but
how can i know that i'm not overlapping any other addresses ??
a wildcard will match 2^x addresses where x=
On Thu, Jul 17, 2008 at 08:32:34AM +0800, Wilkinson, Alex wrote:
Half-duplex, 10Mb/s
You will note that it is Half-duplex, 10Mb/s. That is no mistake since the
device that is connected to this switch-port is only capable of 10Mb/s.
10Mb/s doesn't infer half-duplex though. are you sure the
to permit the things you know about and log the
things you don't may be useful combined w/ sniffing
also, i've only used cat6.5k (hybrid native) and not the 4948.. i dunno
the exact capabilities of some of the features i mentioned (PVLAN, VACL).
--
- bill fumerola / [EMAIL PROTECTED
anyone seeing these messages?
Aug 1 02:35:58.924 UTC:
%BGP_MPLS-3-GEN_ERROR: BGP: MPLS outlabel changed, MPLS forw not updated,
prefix not in routing table
-Traceback= 61061318 610616E4 61042C28 61042CD0 610A3544 610A3904 61048EF4
6105053C 610516A8
Aug 3 15:38:32.708 UTC:
poison.
--
- bill fumerola / [EMAIL PROTECTED]
___
cisco-nsp mailing list cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/
anyone see anything like this. i assume only a reload will fix this:
rtr1#sh proc cpu | e 0.0
CPU utilization for five seconds: 33%/8%; one minute: 37%; five minutes:
35%
PID Runtime(ms) Invoked uSecs 5Sec 1Min 5Min TTY Process
3528125122320274973 22 23.35% 20.79%
On Tue, Aug 19, 2008 at 10:41:05AM -0400, Rodney Dunn wrote:
How are you getting this output?
ssh rtr1
en
sh stacks
If you ssh/telnet to it and run the command do you get th esame output?
it is not signal noise (serial spew, ip corruption, etc).
That's not stack corruption to me.
i'll try
[ reading through quickly, just some ACL pointers.. ]
On Mon, Sep 08, 2008 at 09:15:31PM +0100, Mateusz B?aszczyk wrote:
! deny rogue IPs (it is interesting how many catches are here)
deny ip 10.0.0.0 any
deny ip 192... any
deny ip host 0.0.0.0 any
this breaks PMTUD. icmp messages from
On Tue, Sep 23, 2008 at 09:23:16AM -0500, James Slepicka wrote:
they both wish to use us as a backup provider and wish to ONLY use
our network if their primary provider (Cogent) is down.
I'm currently doing this with Cogent and another provider. I get
default routes from both and simply
On Thu, Oct 16, 2008 at 10:55:29AM +, Borg Tinderne wrote:
Raw netflow is a box centric view of network traffic,the few netflow
display products I have played with over the last decade or so continue
with this box-centric view , can't comment on nfsen. As interesting
as a
On Tue, Oct 21, 2008 at 10:36:04PM +, Marko Milivojevic wrote:
Here, I had a few minutes to play in the lab:
router bgp 100
address-family ipv4
redistribute connected route-map rc
no auto-summary
no synchronization
exit-address-family
!
ip prefix-list AAA seq 5 permit
On Thu, Oct 23, 2008 at 08:42:16PM +0800, Daniel Hooper wrote:
The only good NMS is the one you write yourself.
also the most expensive.
ome of the things you'd expect from an NMS for a service
provider:
[...]
* ACL's and permissions to manage who can change / see what.
[...]
On Thu, Nov 13, 2008 at 11:52:29AM +0100, Magnus Eriksson wrote:
The setup currently uses 2 Juniper M5 but those are in dire need of refresh.
i realize this is a cisco list, but the reason i make this suggestion
is that it'd be easier to copy your configuration to what's already junos
than port
On Fri, Nov 14, 2008 at 04:02:40PM -0200, Everton da Silva Marques wrote:
Two routing protocols, Same administrative distance?
http://www.internetworkexpert.org/2007/12/31/two-routing-protocols-same-administrative-distance/
I am wondering: any hint on how to work-around such
a behavior (if
On Sat, Nov 15, 2008 at 10:09:53AM +0100, Christian Meutes wrote:
redistribute routes from one protocol into another and use route-maps
to change the metrics and route 'type' (protocol dependent) such that
the protocol considers them equal cost.
the usual warnings about route redistribution
N.B. it's been a half-decade since i've touched a cisco 12k.
On Tue, Dec 09, 2008 at 06:15:49PM -, David Freedman wrote:
ra#sh ipv6 int tun0
Tunnel0 is up, line protocol is up
IPv6 is enabled, link-local address is FE80::C316:9EE
rb#sh ipv6 int tun0
Tunnel0 is up, line protocol is up
i don't run any MPLS or anything like that, so i decided to steal the
SoO ext community for use as a generic which colo was this route
originated from/learned in community. the fact that it pretty printed
it on one line in the CLI had something to do with it.
anyways, after adding it on one of my
config:
bgp bestpath as-path multipath-relax
bgp dmzlink-bw
neighbor aa.bb.cc.73 dmzlink-bw
neighbor xxx.yyy.zzz.77 dmzlink-bw
interface bandwidth settings:
rtr1#show ip route aa.bb.cc.73 | i direct
* directly connected, via GigabitEthernet0/0.5
rtr1#show int gi0/0.5 | i BW
MTU 1500
On Wed, Jun 03, 2009 at 07:23:47PM +0200, Gert Doering wrote:
On Wed, Jun 03, 2009 at 11:10:47AM -0430, Juan C. Crespo R. wrote:
That's great but the IO7200GE could help with the cpu load?
*NO*.
There is no intelligence on the IO board. Packets go to the CPU. If
the CPU is loaded, it
36 matches
Mail list logo