from:"Aaron Gould"

Re: [c-nsp] Internet border router recommendations and experiences

2023-02-24 Thread Aaron Gould via cisco-nsp

https://apps.juniper.net/home/port-checker/index.html

nice website to check port mix capabilities.

-Aaron

On 2/22/2023 5:06 PM, Thomas Scott via cisco-nsp wrote:

Yes - 400 Gbps throughput total If I recall correctly.

The MX204 has four rate-selectable ports that can be configured as

100-Gigabit Ethernet ports or 40-Gigabit Ethernet ports, or each port can
be configured as four 10-Gigabit Ethernet ports (by using a breakout
cable). The MX204 also has eight 10-Gigabit Ethernet ports. The four
rate-selectable ports support QSFP28 and QSFP+ transceivers, whereas the
eight 10-Gigabit Ethernet ports support SFP+ transceivers

https://www.juniper.net/documentation/us/en/hardware/mx204/topics/concept/mx204-description.html

Best Regards,
-Thomas Scott

On Wed, Feb 22, 2023 at 5:19 PM Eric Louie via cisco-nsp <
cisco-nsp@puck.nether.net> wrote:

Oh geez, I just realized I left a zero off the interface - we need 100G
interfaces both upstream (x1) and downstream (x2)
That probably changes the product choices a little bit.
Anyone with 100G Internet feeds want to let me know what you're using for
a border router? I saw one reply for Arista already.
Does the MX204 have 100GE interfaces and throughput?
-e-

Eric Louie
619-743-5375 Cell/text
Stay in this moment, it's the only one you really have
Take the time to be compassionate today

On Wednesday, February 22, 2023 at 12:43:52 PM PST, Mark Tinka
wrote:

On 2/22/23 20:29, Eric Louie wrote:

Mark, thanks. We were quoted a MX304 for the Internet edge from
Juniper. How has your experience been with it? are you 10G upstream and
downstream? Any IPS on the 10G connection?

The MX304 is not worth the money, for as long as the MX204 exists.

We tried an NCS-5501 and it was a disaster, in a word. The 10G
interface, uRPF, source-based blackholing, and routing table depth with
Cisco is a limiting factor in their product line.

Broadcom-based systems should always be looked at with one eye open,
i.e., test test test before you commit. This applies to any vendor, not
just Cisco.

Mark.

___
cisco-nsp mailing list cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/

--
-Aaron

___
cisco-nsp mailing list cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/

Re: [c-nsp] RSVP-TE (MPLS-TE) and LDP question

2020-05-11 Thread Aaron Gould

Thanks James for the confirmation as that's precisely what I'm seeing.
Would be nice to see a link to a cisco document or someone out there online
that speaks to this 

-Aaron

-Original Message-
From: James Jun [mailto:ja...@towardex.com] 
Sent: Monday, May 11, 2020 3:26 PM
To: Aaron Gould
Cc: cisco-nsp@puck.nether.net
Subject: Re: [c-nsp] RSVP-TE (MPLS-TE) and LDP question

On Mon, May 11, 2020 at 01:02:23PM -0500, Aaron Gould wrote:
> Seems that when I try to use RSVP in place of LDP for label distribution,
I
> cannot completely remove mpls ldp configs from IOS XR, but I can from IOS
XE

It's an implementation 'bug' on IOS XR.

If you have L3VPN type service (also affects labeled-ucast, including 6PE),
you *must*
have 'mpls ldp' and router-id configured at minimum, even if you are not
using any LDP
adjacency whatsoever.  I believe ldp process needs to run to allocate labels
for l3vpn,
even if you do not use LDP transport.

So, just leave 'mpls ldp' and router-id configured below it.  As long as you
don't 
have LDP adjacencies defined, and there are no LDP tunnels configured, you
won't have
any LDP in use.

P routers are not affected, as they do not need to allocate labels for VPN
services.

James

___
cisco-nsp mailing list  cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/

[c-nsp] RSVP-TE (MPLS-TE) and LDP question

2020-05-11 Thread Aaron Gould

Seems that when I try to use RSVP in place of LDP for label distribution, I
cannot completely remove mpls ldp configs from IOS XR, but I can from IOS XE

 

On an RSVP-TE Tunnel headend, I have .

 

IOS XR (XRv9000)

 

mpls ldp

router-id 10.0.0.11

 

.and if I remove that with "no mpls ldp" I loose connectivity to the MPLS
L3VPN that is also on that PE

 

But.in IOS XE (csr1000v) I have.

 

mpls ldp router-id lo0 force

 

.and if I remove that with "no mpls ldp router-id Loopback0" (and also
remove "mpls ip" from the pe---p uplink) I am still good to the MPLS L3VPN
that is also on that PE

 

I don't understand what is going on with this minimal ldp config in IOS XR
that causes L3VPN to no longer work after I remove that small config shown
above.

 

As a side note, I can remove that ldp config from XR p core nodes.. Just not
XR pe nodes

.furthermore, I think since I have that ldp config in my PE's, I have LFIB
"Unlabelled" entries in my PE, I guess since I have no LDP config in the
transit P nodes.  But in XE since I can remove that ldp config I no longer
have Unlabelled lfib entries and a nice clean lfib with only the L3vpn
aggregate label

 

 

-Aaron

 

 

 

 

___
cisco-nsp mailing list  cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/

[c-nsp] virtual routers - L2-type vpn's

2020-05-08 Thread Aaron Gould

Using csr1000v in EVE-NG, yesterday I was able to do mp2mp vpls (rfc4761 bgp
ad, bgp sig) using (3) csr1000v routers and it all worked, control plane
*and* data plane, all CE's behind the csr1000v pe's could ping each other.
(i test rfc4762 bgp ad, ldp sig, but only with 2 csr1000v and it worked... i
may go back and at in a third csr1000v later).  

 

but, my question and problem was.  XRv would not pass traffic in those vpls
tests.  control plane would work, configs would commit, and neighbor
pseudowires would even go UP and establish to the other pe's (csr1000v's)
BUT, i got nasty traceback errors on XRv and data plane would not pass
traffic.

 

Has anyone been successful in getting VPLS to work in XRv ?

 

What about EVPN in XRv?  .does EVPN/MPLS forwarding work in XRv?  

 

 

Tracebacks errors I got on XRv following the commit of the VPLS config..

 

RP/0/RP0/CPU0:May  7 22:03:47.917 : fib_mgr[224]: %MGBL-DPC-2-SW_ERR :
Failed to configure l2vpn_ldi (Invalid DPA id 17)  : fib_mgr : (PID=4352) :
-Traceback= 7f60faf970ca 7f60fafb5582 7f6105a1a270 7f6105a27740 7f6105a28a70
7f61186492f5 7f6118486919 7f6118484064 7f61244fcec8 7f61244fefe9 5ebe3a
5f9054 5fb5d8 605062 6fe214 538d69

 

 

RP/0/RP0/CPU0:May  7 22:03:47.917 : fib_mgr[224]:
%ROUTING-FIB-3-PLATF_UPD_FAIL : FIB platform update failed:
Obj=DATA_TYPE_LOADINFO[ptr=0x114a949f8,refc=0x1,flags=0x80c441]
Action=MODIFY Proto=ipv4. Cerr='dpc_rm_svr' detected the 'warning' condition
'Internal invalid parameter found.'  : fib_mgr : (PID=4352) :  -Traceback=
7f61244fefe9 5ebe3a 5f9054 5fb5d8 605062 6fe214 538d69 565efc 567d65 688000
68a9fc 68adf8 43c59a 7f61229daa21 7f61229ebb6e 42376e

 

 

RP/0/RP0/CPU0:May  7 22:03:47.918 : fib_mgr[224]: %ROUTING-FIB-3-PD_FAIL :
FIB platform error: fib_ldi_platform_update 2077: PD action MODIFY failed
for passed_ldi 0x114a949f8 type DATA_TYPE_LOADINFO flags 0x80c441. Shared
LDI 0x114a949f8 num_slots 1 num_buckets 1 depth 2 ldi type 1 ldi protocol
mpls flags 0x80c441  : 0x4b88b400 'dpc_rm_svr' detected the 'warning'
condition 'Internal invalid parameter found.'   : fib_mgr : (PID=4352) :
-Traceback= 5f9054 5fb5d8 605062 6fe214 538d69 565efc 567d65 688000 68a

9fc 68adf8 43c59a 7f6122(TRUNCATED)

 

 

-Aaron

 

___
cisco-nsp mailing list  cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/

Re: [c-nsp] [External] SDx open standard?

2020-03-26 Thread Aaron Gould

Yeah, while certifying for mef-cecp, you gain an appreciation for their
purpose in that space at least.  (they do have other certifications).  Lots
of focus on functions and standards that exists at UNI's, ENNI's, services
in between, etc.

MEF has 3 scopes of certifications...
-Services - you as a SP can actually work with MEF (IOMETRIX) and get your
network actually stamped and certified by MEF
-Gear - vendors submit their equipment to MEF for testing (possibly onsite
at vendor location) for proving out standard MEF-type service (ELINE, ELAN,
ETREE, EACCESS, etc) and gain MEF stamp of approval
-Professional - like MEF-CECP, etc, people can get career certifications

I recall they started with MEF, then MEF 2.0, now MEF 3.0

https://www.mef.net/certification/mef-certification-programs


-Aaron

-Original Message-
From: cisco-nsp [mailto:cisco-nsp-boun...@puck.nether.net] On Behalf Of
adamv0...@netconsultings.com
Sent: Thursday, March 26, 2020 12:00 PM
To: sth...@nethelp.no; t...@pelican.org
Cc: cisco-nsp@puck.nether.net
Subject: Re: [c-nsp] [External] SDx open standard?



> sth...@nethelp.no
> Sent: Thursday, March 26, 2020 3:42 PM
> 
> >>> I spent 10 min browsing MEF web site and still do not know what "MEF"
> >>> stands for ... Looks to me like yet one more  commercial entity to
> >>> drain a little bit of cash out of the vendors while perhaps help
> >>> with marketing and sales a bit.
> >>
> >> Metro Ethernet Forum. They've been around for a while.
> >>
> >
> > In fairness, that term is almost entirely absent from the web site, as
far as I
> can see.
> >
> > Is it an expansion that's been deliberately dropped in the face of
expanding
> to work on SDN, NDV, et al beyond their original Metro Ethernet scope?
And
> now MEF is just MEF?
> 
> No idea. But it sure *sounds* like rather significant scope creep.
> 
How I view MEF is in their role of facilitator/mediator for inter-operator
standards. 
Their original work on Metro Ethernet standards and network certification
was very helpful for the industry (certainly some ~8 years back when ME was
blooming and everyone was jumping the bandwagon).
Now with the hype around SDN NFV and automation of service provisioning they
seem like a natural choice of existing body for mediating
inter-operator/provider standards (work on LSO...) they have stellar
materials on NFV and SDN I recommend everyone to read in order to fill in
the gaps and unite our dictionary (same like for the ME dictionary)
And recently they are doing similar thing for SD-WAN...

adam

___
cisco-nsp mailing list  cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/

___
cisco-nsp mailing list  cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/

Re: [c-nsp] [External] SDx open standard?

2020-03-26 Thread Aaron Gould

Perhaps that, and also, I think they may be substituting that term "mef" for
"ce" more recently.  perhaps to imply that its capabilities are now
beyond the "metro" and extend into "carrier" space and beyond.  Trying to
make some educated guesses/recollections.

-Aaron

-Original Message-
From: cisco-nsp [mailto:cisco-nsp-boun...@puck.nether.net] On Behalf Of
t...@pelican.org
Sent: Thursday, March 26, 2020 10:25 AM
To: cisco-nsp@puck.nether.net
Subject: Re: [c-nsp] [External] SDx open standard?

On Thursday, 26 March, 2020 15:15, sth...@nethelp.no said:

>> I spent 10 min browsing MEF web site and still do not know what "MEF"
>> stands for ... Looks to me like yet one more  commercial entity to drain
a
>> little bit of cash out of the vendors while perhaps help with marketing
and
>> sales a bit.
> 
> Metro Ethernet Forum. They've been around for a while.
> 

In fairness, that term is almost entirely absent from the web site, as far
as I can see.

Is it an expansion that's been deliberately dropped in the face of expanding
to work on SDN, NDV, et al beyond their original Metro Ethernet scope?  And
now MEF is just MEF?

Regards,
Tim.

___
cisco-nsp mailing list  cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/

___
cisco-nsp mailing list  cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/

Re: [c-nsp] [External Email] Re: big uptime - what you got ?

2020-02-10 Thread Aaron Gould

Oh my gosh a friggin lightstream 1010 up almost 17 years!  That's about as
long as atm has been dead.  Lol

You gotta tell me for reals if you still have cells going through that box ?

-Aaron

-Original Message-
From: cisco-nsp [mailto:cisco-nsp-boun...@puck.nether.net] On Behalf Of Alex
D.
Sent: Monday, February 10, 2020 1:15 PM
To: cisco-nsp@puck.nether.net
Subject: Re: [c-nsp] [External Email] Re: big uptime - what you got ?

Cisco Internetwork Operating System Software
IOS (tm) LS1010 WA4-5 Software (LS1010-WPK2-M), Version 12.1(12c)EY,
EARLY DEPLOYMENT RELEASE SOFTWARE (fc1)
TAC Support: http://www.cisco.com/tac
Copyright (c) 1986-2002 by cisco Systems, Inc.
Compiled Fri 02-Aug-02 09:13 by eaarmas
Image text-base: 0x60010958, data-base: 0x60F9A000

ROM: System Bootstrap, Version 11.2(1.4.WA3.0) [integ 1.4.WA3.0],
RELEASE SOFTWARE
ROM: LS1010 WA4-5 Software (LS1010-WPK2-M), Version 12.1(12c)EY, EARLY
DEPLOYMENT RELEASE SOFTWARE (fc1)

atm-03 uptime is 16 years, 43 weeks, 3 days, 8 hours, 34 minutes
System returned to ROM by power-on
System restarted at 12:11:39 MEZ Wed Apr 16 2003
System image file is "bootflash:ls1010-wpk2-mz.121-12c.EY.bin"

cisco LS1010 (R4600) processor with 65536K bytes of memory.

___
cisco-nsp mailing list  cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/

___
cisco-nsp mailing list  cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/

Re: [c-nsp] big uptime - what you got ?

2020-02-10 Thread Aaron Gould

Ha, wow, Sascha holds first place !

...uptime is 14 years, 48 weeks, 4 days, 22 hours, 18 minutes

My gosh, up since 2005 !

-Aaron



___
cisco-nsp mailing list  cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/

Re: [c-nsp] big uptime - what you got ?

2020-02-10 Thread Aaron Gould

Non-believers I say, non-believers, lol

Jk, thanks, hey could be a bug, doubt it though

-Aaron


___
cisco-nsp mailing list  cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/

Re: [c-nsp] big uptime - what you got ?

2020-02-10 Thread Aaron Gould

What, and have to reset that uptime counter, never!  Lol

Dude it's bridging eth frames just fine, why would i

-Aaron


___
cisco-nsp mailing list  cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/

[c-nsp] big uptime - what you got ?

2020-02-10 Thread Aaron Gould

Holy cow!  Beat that 

 

dsw2-4503#sh ver | in uptime

dsw2-4503 uptime is 11 years, 2 weeks, 1 day, 23 hours, 3 minutes

 

dsw2-4503#sh ver | in IOS

Cisco IOS Software, Catalyst 4500 L3 Switch Software (cat4500-IPBASEK9-M),
Version 12.2(31)SGA1, RELEASE SOFTWARE (fc3)

 

-Aaron

___
cisco-nsp mailing list  cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/

[c-nsp] question with adj-rib-out and policy engine order and show commands

2020-02-09 Thread Aaron Gould

Question with adj-rib-out and policy engines.  I've look at bassam halabi's
explanation in inet routing archs, googles, etc, etc.

 

Is "show ip bpg neighbor 1.2.3.2 advertised-routes" PRE-outbound-policy or
POST-outbound-policy?

 

someone please explain why I see r1 "show ip bpg neighbor 1.2.3.2
advertised-routes" showing metric 2, but I see on r2 that it rcv's it change
as planned to metric 17.

 

My question is really just about why I see metric 2 on advertise-route route
of r1, when I know it's getting set to metric 17.  Why don't I see what the
policy is changing it to on the sending router, r1 ?

 

I tried to only include pertinent info to keep this short and to the point.

 

*** R1. Sending an advertisement..

 

r1#sh ip bgp neighbors 1.2.3.2 advertised-routes | be Network

   Network  Next HopMetric LocPrf Weight Path

*> 10.0.2.1/32  10.0.1.1 2 32768 ?

 

r1#sh run | sec router bgp

router bgp 123

...

neighbor 1.2.3.2 route-map my-routemap-xmit out

 

route-map my-routemap-xmit, permit, sequence 10

ip address prefix-lists: my-prefixlist-out

  Set clauses:

metric 17

 

r1#sh ip prefix-list

   seq 1 permit 10.0.2.1/32

 

*** R2... Receiving that advertisement correctly as altered Metric 17

 

r2#sh ip bgp neighbors 1.2.3.1 routes | be Network

   Network  Next HopMetric LocPrf Weight Path

*> 10.0.2.1/32  1.2.3.1 17 0 123 ?

 

Total number of prefixes 1

r2#

r2#sh ip ro bgp

 10.0.0.0/32 is subnetted, 1 subnets

B   10.0.2.1 [20/17] via 1.2.3.1, 09:40:38

 

-Aaron

 

___
cisco-nsp mailing list  cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/

Re: [c-nsp] show isis neighbors - system id shown

2020-02-02 Thread Aaron Gould

Thanks y'all

-Aaron


___
cisco-nsp mailing list  cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/

[c-nsp] show isis neighbors - system id shown

2020-02-02 Thread Aaron Gould

funny, for a moment there it actually displayed the sys id of r1 instead of
the word "r1"

 

is there a reason why ?

 

r2#sh isis neighbors

 

System Id  Type Interface IP Address  State Holdtime Circuit Id

.. L1   Fa0/0 1.2.3.1 UP23   r2.01

.. L2   Fa0/0 1.2.3.1 UP24   r2.01

 

r2#sh isis neighbors

 

System Id  Type Interface IP Address  State Holdtime Circuit Id

r1 L1   Fa0/0 1.2.3.1 UP27   r2.01

r1 L2   Fa0/0 1.2.3.1 UP28   r2.01

r2#sh isis neighbors

 

System Id  Type Interface IP Address  State Holdtime Circuit Id

r1 L1   Fa0/0 1.2.3.1 UP23   r2.01

r1 L2   Fa0/0 1.2.3.1 UP24   r2.01

r2#sh isis neighbors

 

System Id  Type Interface IP Address  State Holdtime Circuit Id

r1 L1   Fa0/0 1.2.3.1 UP22   r2.01

r1 L2   Fa0/0 1.2.3.1 UP23   r2.01

r2#sh isis neighbors

 

System Id  Type Interface IP Address  State Holdtime Circuit Id

r1 L1   Fa0/0 1.2.3.1 UP21   r2.01

r1 L2   Fa0/0 1.2.3.1 UP22   r2.01

r2#

 

-Aaron

 

___
cisco-nsp mailing list  cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/

Re: [c-nsp] Central Services Topology - Design question

2020-01-13 Thread Aaron Gould

Ah, and don't forget "additive" as it was crucial in not removing an rt, but
rather, adding another rt to the already present rt.

A nice way of having multiple extend community attributes (rt's) to be able
to match on.

-Aaron


___
cisco-nsp mailing list  cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/

Re: [c-nsp] Central Services Topology - Design question

2020-01-13 Thread Aaron Gould

When I started sharing some routes from one vrf to another vrf during my
deployment of cgnat, I came to understand that a vrf in my mind seemed to be
less about the name you give it, and more about the RT's you import and
export to accomplished the desired routing.

Further to that point, one day I typo'd a vrf name, and was stunned to
realize that everything was still working!  ...came to realize that the vrf
name doesn't matter, since mp-ibgp doesn't advertised anything of the
name... simply the rd, rt stuff matters.

To Saku's point, if you have local and separate vrf's, I'm pretty sure I had
to use an auto-export command in juniper to allow that local route sharing.

-Aaron

___
cisco-nsp mailing list  cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/

Re: [c-nsp] new ASR9901 ios update problem

2019-10-29 Thread Aaron Gould

Btw, good job, and thanks Jürgen for the informative and detailed
instruction on XR upgrade.

-Aaron

-Original Message-
From: cisco-nsp [mailto:cisco-nsp-boun...@puck.nether.net] On Behalf Of
Aaron Gould
Sent: Tuesday, October 29, 2019 10:23 AM
To: c...@marenda.net; cisco-nsp@puck.nether.net
Subject: Re: [c-nsp] new ASR9901 ios update problem

You just gave me another reason to like Juniper   :|

-Aaron


___
cisco-nsp mailing list  cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/

___
cisco-nsp mailing list  cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/

Re: [c-nsp] new ASR9901 ios update problem

2019-10-29 Thread Aaron Gould

You just gave me another reason to like Juniper   :|

-Aaron


___
cisco-nsp mailing list  cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/

Re: [c-nsp] new ASR9901 ios update problem

2019-10-23 Thread Aaron Gould

It got jumbled ... I'll try again...


admin install add disk1:asr9k-mgbl-px.pie-4.3.4
disk1:asr9k-mpls-px.pie-4.3.4 disk1:asr9k-mini-px.pie-4.3.4
disk1:asr9k-fpd-px.pie-4.3.4 synchronous

admin install activate disk0:asr9k-mgbl-px-4.3.4 disk0:asr9k-mpls-px-4.3.4
disk0:asr9k-mini-px-4.3.4 disk0:asr9k-fpd-px-4.3.4 synchronous

(after reboot occurs)

admin install commit



___
cisco-nsp mailing list  cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/

Re: [c-nsp] new ASR9901 ios update problem

2019-10-23 Thread Aaron Gould

Unsure about ASR9901 running 6.5.2... but I just now upgraded ASR9006 from
4.1.2 to 4.3.4

The process is pretty much...

admin install add ...
admin install activate ...
admin install commit

...that's pretty much it in simplest terms... (I'll say I don't fully
understand all the caveats and nuances with bridge smu's, time expiry issue,
bug fix smu packages, bundle all pie's into a tar ball, etc,etc)...

But in its simplest form, that's it.

admin install add disk1:asr9k-mgbl-px.pie-4.3.4
disk1:asr9k-mpls-px.pie-4.3.4 disk1:asr9k-mini-px.pie-4.3.4
disk1:asr9k-fpd-px.pie-4.3.4 synchronous
admin install activate disk0:asr9k-mgbl-px-4.3.4 disk0:asr9k-mpls-px-4.3.4
disk0:asr9k-mini-px-4.3.4 disk0:asr9k-fpd-px-4.3.4 synchronous
(after reboot occurs)
admin install commit

You have may other pies you require, just add this into the list above.
I had issues with tftp, so I simply ftp the files into disk1 and executed
install from that location
I had issues with a clock and also fpd, simply set the clock to something
like 2009 and add that fpd pie.  That's what I did, worked.


- Aaron



___
cisco-nsp mailing list  cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/

Re: [c-nsp] Inter-VRF with NAT

2019-08-19 Thread Aaron Gould

We have lots of zyxel's and manage all them with their public address.  Why 
don't you just do that? 

-Aaron

-Original Message-
From: cisco-nsp [mailto:cisco-nsp-boun...@puck.nether.net] On Behalf Of Mike
Sent: Sunday, August 18, 2019 3:14 PM
To: cisco-nsp@puck.nether.net
Subject: Re: [c-nsp] Inter-VRF with NAT

> Hi Mike,
>
> I'm not sure I've understood your network topology to be honest. Are you 
> saying that you have Cisco devices with a single WAN link that doesn't 
> support logical separation such as VLANs, e.g. ADSL [1] to run multiple VRFs 
> over different VLANs, e.g. internet in global routing table over VLAN 10, 
> management VRF over VLAN 20 etc? And you basically want multiple VRFs between 
> the CPE and it's gateway (BNG/LNS/PE) do that you don't have to NAT your 
> management traffic or need layer 2 connectivity to every CPE?

My cpe devices are typically zyxel. On the wan interface of these
devices, we usually have one service which is customer internet access
(pppoe or dhcp), and then another service which is mapped at either a
different vlan or a different vci/vpl, which is for management (and it's
always dhcp). So, from the perspective of the device, it only has one
routing table - the global table - and the 'default route' will normally
be the internet service gateway.  A common short-sightedness in these is
that they can't do policy routing, and they can't have a seperate
routing table where management network traffic uses a gateway different
than the internet service gateway.

The broadband aggregation router will have layer 2 to the subscriber.
So, vlan 10 would service pppoe/dhcp to the internet, while vlan 20
would be management traffic. I would like to have vlan 20 in a seperate
vrf, and I would like to be able to assign it an ip address
(172.16.1.1), and I want to hand out addresses to the cpe in the range
of 172.16.1.x. But, because the CPE are braindead, I need to arrange
things so management access to the cpe all appear to come from
172.16.1.1. That way, the devices won't need to consult the routing
table for a gateway and will instead simply arp for the  172.16.1.1 as
it's on the same l3 network segment. This is the only way to deal with
devices that don't know the correct gateway back. The only way I know
how to accomplish this is with nat, unless there was some other socks
type proxy on my asr1000 I don't know about.

Mike-

___
cisco-nsp mailing list  cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/

___
cisco-nsp mailing list  cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/

Re: [c-nsp] ASR 920 Replacement

2019-06-27 Thread Aaron Gould

Why are we worried about XR boot times ?

RP/0/RSP0/CPU0:g-9k#sh ver | in "uptime|IOS"
Thu Jun 27 14:20:49.013 CDT
Cisco IOS XR Software, Version 4.1.2[Default]
g-9k uptime is 5 years, 14 weeks, 3 days, 12 hours, 10 minutes

RP/0/RSP0/CPU0:c-9k#sh ver | in "uptime|IOS"
Thu Jun 27 14:20:55.287 CDT
Cisco IOS XR Software, Version 4.1.2[Default]
c-9k uptime is 5 years, 21 weeks, 4 days, 44 minutes

-Aaron


___
cisco-nsp mailing list  cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/

Re: [c-nsp] XRv (eve-ng)

2019-06-05 Thread Aaron Gould

XRv9k

 

-aaron

___
cisco-nsp mailing list  cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/

Re: [c-nsp] XRv (eve-ng)

2019-06-05 Thread Aaron Gould

Have you all been able to use EVE-NG ?  My gosh, what an awesome emulator.

 

I have eve-ng running…

 

XRv

vMX

vQFX

 

(this might end up being a much larger topic)  BTW, Why does Juniper do what 
appears to be such a better job with CP/FP (control plane/forwarding plane) 
separation ?  I’m speaking about XR and Junos and also how clean Junos vMX 
seems to be done as I work with it in EVE-NG when compared to XRv.

 

XRv is still one node.

 

vMX is 2 nodes… VCP and VFP.

 

Also, in XRv I can’t add martini-type access pw’s into an l2vpn nor can I add 
routing on a BVI….. but, conversely I can do all those things in vMX

 

As nice as XR(v) is, it still seems to be playing catch-up to (v)MX.  Is this 
true in your mind ?

 

Stepping away from the eve-ng emulator for a moment, over the years of working 
with XR I was so pleased with how it improved upon classic IOS…. But then I 
began working with Junos a few years ago, and wow, it seemed to take routing os 
to a whole other level than XR did… again, this could be in my head, but 
curious what others think, IF, you have actually done enough work on both 
platforms to know enough to speak to it.

 

-Aaron

 

 

___
cisco-nsp mailing list  cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/

Re: [c-nsp] A9K-VSM-500

2019-05-08 Thread Aaron Gould

my personal notes from testing vsm-500 from a few years ago...

*** my testing showed good with pings, BUT TERRIBLE and NON-existent web 
surfing until changing MTU of vnics from 1514 to 9216

interface TenGigE0/3/1/0
 description vsm
 mtu 9216
!
interface TenGigE0/3/1/1
 description vsm
 mtu 9216
!
interface TenGigE0/3/1/2
 description vsm
 mtu 9216
!
interface TenGigE0/3/1/3
 description vsm
 mtu 9216
!
interface TenGigE0/3/1/4
 description vsm
 mtu 9216
!
interface TenGigE0/3/1/5
 description vsm
 mtu 9216
!
interface TenGigE0/3/1/6
 description vsm
 mtu 9216
!
interface TenGigE0/3/1/7
 description vsm
 mtu 9216
!
interface TenGigE0/3/1/8
 description vsm
 mtu 9216
!
interface TenGigE0/3/1/9
 description vsm
 mtu 9216
!
interface TenGigE0/3/1/10
 description vsm
 mtu 9216
!
interface TenGigE0/3/1/11
 description vsm
 mtu 9216

--

also i have a document but i can't find it online anywhere... it's titled 
"ASR9K CGv6 on VSM troubleshooting guide"

there is a section subtitled..."3. VSM packet flow troubleshooting"

NOTE 1 : Be aware about CSCuo63064 which explain the packet drops for packet 
which supposed to be  fragmented on VSM

Symptom: Packets requiring fragmentation are silently dropped with 
DROP_FRM_FRM_ERR_XAUI9 error count 

Conditions: Observed with NAT44 on VSM with packet sizes above 1514 bytes.

Workaround: Increase the interface MTU on the VSM physical interfaces to match 
the ingress interface 

More Info: For better NAT44 performance, Cisco recommends keeping the default 
physical interface MTU 

This one is targetted to be fixed in 5.2.2 XR release

NOTE 2: Be aware about default MTU for ServiceApp interfaces

in 5.1.3 and 5.2.0: MTU is 1514 (not configurable) in 5.2.2: ServiceApp 
interface will be set by default to Jumbo frame size (not configurable)

CSCuo63064

https://bst.cloudapps.cisco.com/bugsearch/bug/CSCuo63064 

-Aaron

___
cisco-nsp mailing list  cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/

[c-nsp] ME3600 - ping drop seen

2019-04-24 Thread Aaron Gould

I have an ME3600 running 15.4(3)S3. and I saw a systematic drop on pings,
making me think there was some sort of built-in control plane protection.

 

(pinging the ME3600 from a remote device)

!!!.!.!!!.!!!.!!!.!!!.

!!!.!!!.!!!.!!!.!!!.

 

I downgraded it to 15.2(4)S5 and no longer see the drops.

 

(pinging the ME3600 from a remote device)

!!

!!

!!

 

Is there somewhere I could've seen these drops in a counter somewhere?  Or a
way to enable/disable that behavior?

 

-Aaron

___
cisco-nsp mailing list  cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/

Re: [c-nsp] IS-IS as PE-CE protocol

2019-03-21 Thread Aaron Gould

The only place I run bgp on pe-ce is for internet uplinks… (junos)

I use a few options to make it work…
- peer-as 123
- local-as 456
- local-as private
- local-as no-prepend-global-as

That works for me.

 

-Aaron

 

From: Nathan Lannine [mailto:nathan.lann...@gmail.com] 
Sent: Thursday, March 21, 2019 8:11 AM
To: Aaron Gould
Cc: Michael Hallgren; Mark Tinka; Cisco-nsp
Subject: Re: [c-nsp] IS-IS as PE-CE protocol

 

On Thu, Mar 21, 2019 at 9:02 AM Aaron Gould  wrote:

Which reminds me... I recall if pe-ce is bgp, then redis into l3vpn is natural 
and automatic true ?

-Aaron

 

As an implementer of MPLS/L3VPN in the enterprise, this is very interesting to 
me because I am all IGP internally.  I sort of assumed that in the provider 
space that L3VPNs would be accomplished the same way, with an IGP as PE-CE 
protocol for L3VPN, but here we are.  So, in the case of BGP as PE-CE protocol 
and a small client AS, do you all in the provider space require multiple 
private ASNs per VPN?  I mean (blatant free training request here) how does 
this get handled by the VPN customer?

 

Just navel gazing here, but I am wondering if there would be any benefit to me 
running BGP as my own PE-CE protocol.

 

Thank you,

Nathan 

___
cisco-nsp mailing list  cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/

Re: [c-nsp] IS-IS as PE-CE protocol

2019-03-21 Thread Aaron Gould

Which reminds me... I recall if pe-ce is bgp, then redis into l3vpn is natural 
and automatic true ?

-Aaron


___
cisco-nsp mailing list  cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/

Re: [c-nsp] UDP/0 ACL IOSXR issue?

2019-02-08 Thread Aaron Gould

Unsure about xr and be-specific acl treatment... however I do recall
BVI-related acl's having issues either in or out... don't recall, been a
while...

...in my newer juniper platform, I'm blocking the heck out of udp/0... geez,
there's a lot of volumetric attacks coming on that port.and 389 and
53 and 123

- Aaron

-Original Message-
From: cisco-nsp [mailto:cisco-nsp-boun...@puck.nether.net] On Behalf Of
Bryan Holloway
Sent: Friday, February 8, 2019 1:38 PM
To: cisco-nsp@puck.nether.net
Subject: [c-nsp] UDP/0 ACL IOSXR issue?

Anyone aware of any issues with filtering destination UDP/0 at ingress 
points on IOS XR?

We're running 5.3.4 SP8 and have telemetries to help us RTBH when the 
need arises.

UDP/0 is a well-known vector for this sort of attack. However, what I'm 
seeing is that packets seem to be getting past our ACLs even though we 
are explicitly denying them.

"hardware counters" seem to corroborate that we're getting matches.

... and yet we're still seeing the traffic beyond the ingress.

Curious if anyone else has seen this.

Our egress-facing interface is a BE, if it matters ...


___
cisco-nsp mailing list  cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/

___
cisco-nsp mailing list  cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/

Re: [c-nsp] segment routing/evpn on ASR920

2019-01-30 Thread Aaron Gould

Ummm, that too.  LOL

-Aaron

-Original Message-
From: cisco-nsp [mailto:cisco-nsp-boun...@puck.nether.net] On Behalf Of
James Bensley
Sent: Wednesday, January 30, 2019 9:05 AM
To: Tom Ammon; Cisco-nsp List
Subject: Re: [c-nsp] segment routing/evpn on ASR920

On Wed, 30 Jan 2019 at 02:36, Tom Ammon  wrote:
>
> Has anybody tried running segment routing on ASR920? If so, did you run in
> to any caveats? What about EVPN over segment routing on that platform? The
> SR configuration guide for this platform lists segment routing, but
doesn't
> call out EVPN specifically - it only lists VPLS and L2VPN.
>
> Tom

Hi Tom,

Last I spoke to the ASR920 BU (Q4 last year) EVPN was still a roadmap
feature and SR was only just being released so I assume it's bug
central at this point in time.

Cheers,
James.
___
cisco-nsp mailing list  cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/

___
cisco-nsp mailing list  cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/

Re: [c-nsp] segment routing/evpn on ASR920

2019-01-30 Thread Aaron Gould

I read that SR/SPRING is an alternative to LDP or RSVP... seems that
SR/SPRING is a label distribution protocol.  Meaning, in my mind, it's a way
to learn labels...mpls labels I guess.  If so, would we refer to EVPN as
EVPN-SR?  If so, would it follow that a non-sr network, one that has
employed ldp for label learning, with evpn, would be referred to as EVPN-LDP
?  I'm not thinking so.

Further, I recall reading that EVPN is Control Plane, and has a few
different options for Fwd'ing plane...

EVPN-VXLAN
EVPN-PBB
EVPN-MPLS
...perhaps others...

Tom, I wonder if we/you should look for ASR920 docs/support for EVPN-MPLS in
your desire to see if EVPN will work over SR?

I could be way off.  

-Aaron


___
cisco-nsp mailing list  cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/

Re: [c-nsp] Telemetry real life use cases

2018-08-06 Thread Aaron Gould

What are you all using for a telemetry collector ?

-Aaron


___
cisco-nsp mailing list  cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/

Re: [c-nsp] CMs security

2018-07-29 Thread Aaron Gould

My cable modem mgmt and mta (voice) ip's are on different subnet than CPE. 
And we have an ACL on the CMTS to not allow customer ip's to communicate with 
those cm ip's

Aaron

> On Jul 29, 2018, at 5:38 PM, ring...@mail.com wrote:
> 
> Hi all,
> 
> Wondering what do you guys prefer as best practice to block connectivity like 
> ping, http and everything else between CMs (docsis plant)?
> 
> How do you do and manage it?
> 
> ton
> ___
> cisco-nsp mailing list  cisco-nsp@puck.nether.net
> https://puck.nether.net/mailman/listinfo/cisco-nsp
> archive at http://puck.nether.net/pipermail/cisco-nsp/

___
cisco-nsp mailing list  cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/

Re: [c-nsp] XRv (eve-ng)

2018-07-27 Thread Aaron Gould

Just to circle back with all of you my problem with not being able to
login to XRv was just a terminal emulator issue. Windows Telnet window was
messing up the root account creation at the beginning when XR boots up and i
guess adding a special character and messing it up. On the eve-ng community
chat, a guy named Rusty was able to figure it out be just having me use a
different terminal ... putty and mtputty work fine...

 NO root-system username is configured. Need to
configure root-system username. Configuration lock is
held by another agent. Please wait. [.OK]

--- Administrative User Dialog ---

Enter root-system username: RP/0/RP0/CPU0:Jul 27 15:59:25.628 :
smartlicserver[373]: %LICENSE-SMART_LIC-3-COMM_FAILED : Communications
failure with Cisco licensing cloud: Communications init failure

% Entry must not be null.

Enter root-system username: xrv
Enter secret:
Use the 'configure' command to modify this configuration.
User Access Verification

Username: xrv
Password:


RP/0/RP0/CPU0:ios#

I'm in now !!

-Aaron

___
cisco-nsp mailing list  cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/

Re: [c-nsp] XRv (eve-ng)

2018-07-26 Thread Aaron Gould

Anyone seen this issue before and know how to fix ?

same problem even with XRv Full asr9000 version 6.3.2 i can't login ,
for some reason it thinks i'm an "unknown" user or something like that.
please note that it does not ask me for a password... as soon as i type the
username, it comes back and says "Failed authentication attempt by user
'' from 'console'..."

so i see this with xrv versions...

5.1.1
5.3.0
6.3.2

- Aaron

Thu Jul 26 13:35:26 UTC 2018 (/proc/self/fd/9): XR control plane: 5120MB RAM
Thu Jul 26 13:35:26 UTC 2018 (/proc/self/fd/9): XR packet memory: 128MB RAM
Thu Jul 26 13:35:26 UTC 2018 (/proc/self/fd/9): Centralized LC: 9216MB RAM
Thu Jul 26 13:35:26 UTC 2018 (/proc/self/fd/9): Data plane core assignment:
2-3
Thu Jul 26 13:35:26 UTC 2018 (/proc/self/fd/9): Control plane core
assignment: 0-1



#
#
#  Welcome to the Cisco IOS XRv9k platform
#
#
#
#Please wait for Cisco IOS XR to start.
#
#
#
#Copyright (c) 2014-2017 by Cisco Systems, Inc.
#
#
#



Cisco IOS XR console will start on the 1st serial port
Cisco IOS XR aux console will start on the 2nd serial port
Cisco Calvados console   will start on the 3rd serial port
Cisco Calvados aux   will start on the 4th serial port
Telnet escape character is '^Q'.
Trying 127.0.0.1...
Connected to localhost.
Escape character is '^Q'.
init: Unable to create device: /dev/kmsg
mount: can't find /dev in /etc/fstab
mkdir: cannot create directory '/run': File exists
bootlogd: ioctl(/dev/pts/2, TIOCCONS): Device or resource busy
Running postinst /etc/rpm-postinsts/100-dnsmasq...
update-rc.d: /etc/init.d/run-postinsts exists during rc.d purge (continuing)
 Removing any system startup links for run-postinsts ...
  /etc/rcS.d/S99run-postinsts
Configuring network interfaces... done.
Starting system message bus: dbus.
Starting OpenBSD Secure Shell server: sshd
  generating ssh RSA key...
  generating ssh ECDSA key...
  generating ssh DSA key...
  generating ssh ED25519 key...
sshd start/running, process 2150
Starting rpcbind daemon...done.
Starting random number generator daemonUnable to open file: /dev/tpm0
can't open any entropy source
Maybe RNG device modules are not loaded

.
Starting system log daemon...0
tftpd-hpa disabled in /etc/default/tftpd-hpa
Starting internet superserver: xinetd.
Libvirt not initialized for container instance
Starting crond: OK
SIOCSIFTXQLEN: No such device
SIOCSIFTXQLEN: No such device


ios con0/RP0/CPU0 is now available
.
0/RP0/ADMIN0:Jul 26 13:44:19.747 : wd_memmon[3051]:
%INFRA-WD_MEMMON-4-MEM_WARN :  Memory usage %: 80, Total memory: 1048576kb,
Free memory: 219200kb, State: MI
NOR, Minor Threshold %: 80


 NO root-system username is configured. Need to
configure root-system username. 

 --- Administrative User Dialog ---


  Enter root-system username: admin

  Enter secret:


  % Entry must not be null.
  Enter secret:
  % Entry must not be null.
  Enter secret:
  % Entry must not be null.
  Enter secret:
  Enter secret again:
  % Entry must not be null.

Use the 'configure' command to modify this configuration.
User Access Verification

Username:
Username: admin
Password: RP/0/RP0/CPU0:Jul 26 13:46:02.536 : exec[66886]:
%SECURITY-LOGIN-4-AUTHEN_FAILED : Failed authentication attempt by user
'' from 'console' on
 'con0_RP0_CPU0'

User Access Verification

Username: root
Password: RP/0/RP0/CPU0:Jul 26 13:46:05.708 : exec[66886]:
%SECURITY-LOGIN-4-AUTHEN_FAILED : Failed authentication attempt by user
'' from 'console' on
 'con0_RP0_CPU0'

User Access Verification

Username: cisco
Password: RP/0/RP0/CPU0:Jul 26 13:46:09.619 : exec[66886]:
%SECURITY-LOGIN-4-AUTHEN_FAILED : Failed authentication attempt by user
'' from 'console' on
 'con0_RP0_CPU0'

RP/0/RP0/CPU0:Jul 26 13:46:10.120 : exec[66886]: %MGBL-exec-3-LOGIN_AUTHEN :
Login Authentication failed. Exiting...

% Authentication failed



___
cisco-nsp mailing list  cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/

[c-nsp] XRv (eve-ng)

2018-07-25 Thread Aaron Gould

Any idea why this is happening?  I can boot XRv just fine (5.3.0) but i get
a few errors and can't login with default username (admin) and no password..
i get some SAM errors and nvram errors.. then logging in with admin, no
password, or an account that it *forces* me to create, but are failed

 

-Aaron

 

..

Section:idt offset:0x006c
base:fed185bc
Section:pgdir offset:0x0070
Page Directory d000: PAE

System page at phys:00017000 user:fed15000 kern:fed17000
Starting next program at vfe0419f8
Unable to access "/dev/ser1" (2)
Restricted Rights Legend

cisco Systems, Inc.
170 West Tasman Drive
San Jose, California 95134-1706

Cisco IOS XR Software for the Cisco XR IOSXRv, Version 5.3.0
Copyright (c) 2015 by Cisco Systems, Inc.
Jul 25 12:19:04.167: Install Setup: Booting with committed software

SAM detects CA certificate(Code Signing Server Certificate
Authority,O=Cisco,C=US) has expired. The validity period is Oct 17, 2000
01:46:24 UTC - Oct 17, 2015
01:51:47 UTC. Continue at risk? (Y/N) [Default: N w/in 10]: RP/0/0/CPU0:Jul
25 12:19:23.786 : sam_server[352]: %SECURITY-SAM-3-ERROR_2_PARAM : Failed
setting I_
BIT on backup file, /disk0/sam_certdb
RP/0/0/CPU0:Jul 25 12:19:38.085 : sam_server[352]: %SECURITY-SAM-4-WARNING :
Failed to initialize nvram digest
RP/0/0/CPU0:Jul 25 12:20:24.202 : cfgmgr-rp[152]: %MGBL-CONFIG-3-STARTUP :
Configuration Manager could not find any admin configuration to apply from
'/disk0:/c
onfig/admin/admin.cfg'.


ios con0/0/CPU0 is now available

 

 NO root-system username is configured. Need to
configure root-system username. 

--- Administrative User Dialog ---

Enter root-system username: admin

Username "admin" is locked, please choose another.

Enter root-system username:

% Entry must not be null.

Enter root-system username: rusty
Enter secret:
% Entry must not be null.
Enter secret:
Enter secret again:
% Entry must not be null.

Use the 'admin' mode 'configure' command to modify this configuration.

Please login with any configured user/password, or cisco/cisco

User Access Verification

Username:
Username: rusty
Password:
RP/0/0/CPU0:Jul 25 12:23:44.338 : exec[65692]:
%SECURITY-login-4-AUTHEN_FAILED : Failed authentication attempt by user
'' from 'console' on 'con0_0_CPU
0'

User Access Verification

Username:

User Access Verification

Username:
Username: admin
Password:
RP/0/0/CPU0:Jul 25 12:23:48.008 : exec[65692]:
%SECURITY-login-4-AUTHEN_FAILED : Failed authentication attempt by user
'' from 'console' on 'con0_0_CPU
0'

% Authentication failed
RP/0/0/CPU0:Jul 25 12:23:48.528 : exec[65692]: %MGBL-exec-3-LOGIN_AUTHEN :
Login Authentication failed. Exiting..

 

 

___
cisco-nsp mailing list  cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/

Re: [c-nsp] OSPF+BGP and MPLS Q's

2018-07-19 Thread Aaron Gould

I was waiting for that, lol

Sort of a long story, as everyone knows, networks usually have a story to tell 
in order to understand why they are the way they are If many of us sat back 
and designed a new network from the ground up, it would be pretty for a day or 
two, and then eventually grow into something else  If you leave the company 
and a new guy comes in, he would probably say , "what idiot designed this 
network ":/

 Then when he left the company, someone else would come in and say the same 
thing about him, lol

originally I did have a backbone area 0 and a very small MPLS network with core 
IGP area 1, ...well, area 1 continued to grow, and area 0 was eventually 
decommissioned, and know area 1 remains :)

I guess I could work through maintenance windows and convert everything to 
area 0, but I don't feel motivated to do so

Works fine

Aaron

> On Jul 19, 2018, at 5:34 PM, Nick Cutting  wrote:
> 
> Quick question as I am clueless on large SP networks (I'm a MSP guy not an 
> ISP guy )- why not area 0.0.0.0 ?
> 
> 
> -Original Message-
> From: cisco-nsp  On Behalf Of Aaron Gould
> Sent: Thursday, July 19, 2018 6:08 PM
> To: ring...@mail.com
> Cc: cisco-nsp@puck.nether.net
> Subject: Re: [c-nsp] OSPF+BGP and MPLS Q's
> 
> This message originates from outside of your organisation.
> 
> If you think your network is going to continue to grow , dual route reflector 
> cluster is a huge must have in my mind, I love how you can add address 
> families to one neighbor and let it bounce while the other neighbor stays up 
> with all your routes still there
> 
> I have ran a 100 node single area OSPF (area 0.0.0.1) MPLS/LDP network for 
> several years, I believe simplicity and only as much complexity as is 
> required for the job
> 
> 
> Aaron
> 
>> On Jul 19, 2018, at 2:32 PM, ring...@mail.com wrote:
>> 
>> Hi all,
>> 
>> I have some practical design questions.
>> 
>> 1. Is there a better way of doing the HA than having adjacencies to the 
>> router (can be 3 hops away) over two different VLANs and different OSPF cost 
>> over trunk links with BFD enabled? 
>> 2. Do you find less practical a MPLS network on a multi-area design vs a 
>> single-area design?
>> 4. At what point would you introduce RouteReflectors in the network 
>> (e.g. when 5, 10, 20 IBGP connections?)
>> 
>> Can come up with some more in the meantime ;)
>> 
>> Thanks!
>> Ton
>> ___
>> cisco-nsp mailing list  cisco-nsp@puck.nether.net 
>> https://puck.nether.net/mailman/listinfo/cisco-nsp
>> archive at http://puck.nether.net/pipermail/cisco-nsp/
> 
> ___
> cisco-nsp mailing list  cisco-nsp@puck.nether.net 
> https://puck.nether.net/mailman/listinfo/cisco-nsp
> archive at http://puck.nether.net/pipermail/cisco-nsp/
> 

___
cisco-nsp mailing list  cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/

Re: [c-nsp] OSPF+BGP and MPLS Q's

2018-07-19 Thread Aaron Gould

If you think your network is going to continue to grow , dual route reflector 
cluster is a huge must have in my mind, I love how you can add address families 
to one neighbor and let it bounce while the other neighbor stays up with all 
your routes still there

I have ran a 100 node single area OSPF (area 0.0.0.1) MPLS/LDP network for 
several years, I believe simplicity and only as much complexity as is required 
for the job


Aaron

> On Jul 19, 2018, at 2:32 PM, ring...@mail.com wrote:
> 
> Hi all,
> 
> I have some practical design questions.
> 
> 1. Is there a better way of doing the HA than having adjacencies to the 
> router (can be 3 hops away) over two different VLANs and different OSPF cost 
> over trunk links with BFD enabled? 
> 2. Do you find less practical a MPLS network on a multi-area design vs a 
> single-area design?
> 4. At what point would you introduce RouteReflectors in the network (e.g. 
> when 5, 10, 20 IBGP connections?)
> 
> Can come up with some more in the meantime ;)
> 
> Thanks!
> Ton
> ___
> cisco-nsp mailing list  cisco-nsp@puck.nether.net
> https://puck.nether.net/mailman/listinfo/cisco-nsp
> archive at http://puck.nether.net/pipermail/cisco-nsp/

___
cisco-nsp mailing list  cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/

Re: [c-nsp] EVPN Book/paper recommendation

2018-07-13 Thread Aaron Gould

Maybe something here

https://forums.juniper.net/t5/Tech-Cafe-Ask-the-Author-MPLS-in/EVPN-advantag
e-over-L2VPN-VPLS/td-p/291810

http://shop.oreilly.com/product/0636920033905.do

https://www.safaribooksonline.com/library/view/mpls-in-the/9781491905449/ch0
8.html

-Aaron

-Original Message-
From: cisco-nsp [mailto:cisco-nsp-boun...@puck.nether.net] On Behalf Of
Tails Pipes
Sent: Friday, July 13, 2018 7:02 PM
To: Kasper Adel
Cc: Cisco-nsp
Subject: Re: [c-nsp] EVPN Book/paper recommendation

Hi

This is about using EVPN for IXPs, a bit closer.

https://www.trex.fi/2017/Ralf-Korschner-VXLAN-EVPN-in-a-Nuttshell.pdf

Ciao
Rich



On Fri, Jul 13, 2018 at 4:55 PM, Kasper Adel  wrote:

> good stuff here, maybe not on the L2VPN part.
>
> https://www.reddit.com/r/networking/comments/8ubqmc/evpn_is_confusing/?st=
> JIYNSFZA=ba954c8b
>
>
>
>
> On Fri, Jul 13, 2018 at 4:42 PM, Sami Joseph 
> wrote:
>
> > Heya
> >
> > I'm looking for book/paper recommendation on EVPN, specially for
> use-cases
> > in Carrier Ethernet deployments, replacing IETF L2VPN implementation and
> > deployments?
> >
> > I found this book by Ivan Pepen., but it doesnt cover that.
> > https://blog.ipspace.net/2018/06/book-evpn-in-data-center.html
> >
> > THX
> > Sam
> > ___
> > cisco-nsp mailing list  cisco-nsp@puck.nether.net
> > https://puck.nether.net/mailman/listinfo/cisco-nsp
> > archive at http://puck.nether.net/pipermail/cisco-nsp/
> >
> ___
> cisco-nsp mailing list  cisco-nsp@puck.nether.net
> https://puck.nether.net/mailman/listinfo/cisco-nsp
> archive at http://puck.nether.net/pipermail/cisco-nsp/
>
___
cisco-nsp mailing list  cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/

___
cisco-nsp mailing list  cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/

Re: [c-nsp] NAT logging ASR1k

2018-07-09 Thread Aaron Gould

You wanna see the juniper configs for your ASR1006?

Not sure why we didn't use netflow.  I guess because syslog worked and that's 
where the docs led me

Aaron

> On Jul 9, 2018, at 2:52 AM, Ring Bit  wrote:
> 
> Hi Aaron,
> 
> Could you post the nat configs? 
> 
> Why not use Netflow? 
> 
> Thanks.
> T.
> 
>> Sent: Sunday, July 08, 2018 at 10:14 PM
>> From: "Aaron Gould" 
>> To: ring...@mail.com
>> Cc: cisco-nsp@puck.nether.net
>> Subject: Re: [c-nsp] NAT logging ASR1k
>> 
>> Bulk logging and port block allocation (PBA)?  
>> 
>> https://www.cisco.com/c/en/us/td/docs/ios-xml/ios/ipaddr_nat/configuration/xe-3s/nat-xe-3s-book/iadnat-bpa.html
>> 
>> I do PBA in groups of 100 ports on my CGNAT deployment (juniper) and use 
>> syslog to log.  Using port block allocation caused the syslogging to slow 
>> down significantly 
>> 
>> Aaron
>> 
>>> On Jul 8, 2018, at 10:12 AM, ring...@mail.com wrote:
>>> 
>>> Hi everybody,
>>> 
>>> Have an ASR 1006 doing NAT translations, it is having  around 300k+ and 
>>> wanted to ask for a recommendation about logging those NAT translations. 
>>> 
>>> Tried it with a collector via Netflow v9 with the export command "ip nat 
>>> log translationsflow-export v9 udp destination"  command the CPU spiked to 
>>> 100%. 
>>> 
>>> Is there a recommendation as a workaround or have alternative solution 
>>> which is easy on resources to those massive NAT translations?
>>> 
>>> Thanks,
>>> T.
>>> ___
>>> cisco-nsp mailing list  cisco-nsp@puck.nether.net
>>> https://puck.nether.net/mailman/listinfo/cisco-nsp
>>> archive at http://puck.nether.net/pipermail/cisco-nsp/
>> 
>> 

___
cisco-nsp mailing list  cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/

Re: [c-nsp] NAT logging ASR1k

2018-07-08 Thread Aaron Gould

Bulk logging and port block allocation (PBA)?  

https://www.cisco.com/c/en/us/td/docs/ios-xml/ios/ipaddr_nat/configuration/xe-3s/nat-xe-3s-book/iadnat-bpa.html

I do PBA in groups of 100 ports on my CGNAT deployment (juniper) and use syslog 
to log.  Using port block allocation caused the syslogging to slow down 
significantly 

Aaron

> On Jul 8, 2018, at 10:12 AM, ring...@mail.com wrote:
> 
> Hi everybody,
> 
> Have an ASR 1006 doing NAT translations, it is having  around 300k+ and 
> wanted to ask for a recommendation about logging those NAT translations. 
> 
> Tried it with a collector via Netflow v9 with the export command "ip nat log 
> translationsflow-export v9 udp destination"  command the CPU spiked to 100%. 
> 
> Is there a recommendation as a workaround or have alternative solution which 
> is easy on resources to those massive NAT translations?
> 
> Thanks,
> T.
> ___
> cisco-nsp mailing list  cisco-nsp@puck.nether.net
> https://puck.nether.net/mailman/listinfo/cisco-nsp
> archive at http://puck.nether.net/pipermail/cisco-nsp/

___
cisco-nsp mailing list  cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/

Re: [c-nsp] XR on GNS3

2018-05-31 Thread Aaron Gould

I used XRv in GNS3 I think I used both 5.1.1 and 5.3.0 ... I recall getting
some good use out of it.

I'm not a systems guy, so climbing the learning curve and asking for help
from the communities online was what I had to do in order to figure out how
to get it show up inside the GNS3 app (used virtual box, and recall ova,
vmdk, qemu, etc, etc)  then it was useable and working.  I also did
Juniper Olive/vMX.

A couple things

I don't think I ever got the Layer 2 forwarding to work.  L3 routing worked
and packets would flow... but L2 bridging and MPLS Layer 2 type things I
don't think I ever got to properly flow.

I also would have to bounce interfaces using a batch file anytime I
restarted gns3 or even if I added a new instance of XRv... so because of
that, I would never reboot my windows vm that it was all contained inside
and tried not to close gns3 app

-Aaron


___
cisco-nsp mailing list  cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/

Re: [c-nsp] line con 0 as terminal server on Cat6500?

2018-05-18 Thread Aaron Gould

I've actually taken out a little 2600 just to act as a 1-port terminal server 
for this exact purpose 

(maybe you can even use an old 2500) 

Aaron

> On May 18, 2018, at 6:00 AM, Aaron Gould <aar...@gvtc.com> wrote:
> 
> I'm not sure if you can use a console port for connecting to another router's 
> console port , but you can use the auxiliary (aux) port to do that.  I've 
> done it many times
> 
> Aaron
> 
>> On May 18, 2018, at 1:55 AM, Patrick M. Hausen <hau...@punkt.de> wrote:
>> 
>> Hi all,
>> 
>> last weekend one switch in our VSS pair failed. Redundancy/VSS
>> did work and we kept our connectivity besides a couple of hosts
>> that only have a single uplink and were connected to that particular
>> chassis.
>> 
>> When I came to the data centre I found the failed chassis in rommon.
>> A simple "boot" command restored everything to working order.
>> 
>> Now to spare me that drive in case that happens again - is it possible
>> to use the console port of a working Catalyst 6500 to act as a terminal
>> server for the other one? We have quite a lot of spare rollover cables ;-)
>> 
>> I found these instructions but I think I'm missing something:
>> https://www.cisco.com/c/en/us/support/docs/dial-access/asynchronous-connections/5466-comm-server.html
>> 
>> ip host other 2000 1.2.3.4
>> 
>> Core2#telnet 1.2.3.4 2000
>> Trying 1.2.3.4, 2000 ... 
>> % Connection refused by remote host
>> 
>> I used the real IP address of looppback0, of course.
>> 
>> 
>> Side note/question: any idea what could cause a Cat6500 VS-S720-10G
>> to fail, reset (I can understand *that*) and then not boot into IOS and stay
>> in rommon?
>> 
>> Standby BOOT variable = 
>> sup-bootdisk:s72033-adventerprisek9_wan-mz.122-33.SXJ10.bin,1;disk0:s72033-adventerprisek9_wan-mz.122-33.SXJ10.bin,1;
>> Standby Configuration register is 0x2102 
>> 
>> Core2#dir slavesup-bootdisk:
>> ...
>> s72033-adventerprisek9_wan-mz.122-33.SXJ10.bin
>> 
>> 
>> Thanks!
>> Patrick
>> -- 
>> punkt.de GmbHInternet - Dienstleistungen - Beratung
>> Kaiserallee 13aTel.: 0721 9109-0 Fax: -100
>> 76133 Karlsruhei...@punkt.dehttp://punkt.de
>> AG Mannheim 108285Gf: Juergen Egeling
>> 
>> ___
>> cisco-nsp mailing list  cisco-nsp@puck.nether.net
>> https://puck.nether.net/mailman/listinfo/cisco-nsp
>> archive at http://puck.nether.net/pipermail/cisco-nsp/
> 
> ___
> cisco-nsp mailing list  cisco-nsp@puck.nether.net
> https://puck.nether.net/mailman/listinfo/cisco-nsp
> archive at http://puck.nether.net/pipermail/cisco-nsp/

___
cisco-nsp mailing list  cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/

Re: [c-nsp] line con 0 as terminal server on Cat6500?

2018-05-18 Thread Aaron Gould

I'm not sure if you can use a console port for connecting to another router's 
console port , but you can use the auxiliary (aux) port to do that.  I've done 
it many times

Aaron

> On May 18, 2018, at 1:55 AM, Patrick M. Hausen  wrote:
> 
> Hi all,
> 
> last weekend one switch in our VSS pair failed. Redundancy/VSS
> did work and we kept our connectivity besides a couple of hosts
> that only have a single uplink and were connected to that particular
> chassis.
> 
> When I came to the data centre I found the failed chassis in rommon.
> A simple "boot" command restored everything to working order.
> 
> Now to spare me that drive in case that happens again - is it possible
> to use the console port of a working Catalyst 6500 to act as a terminal
> server for the other one? We have quite a lot of spare rollover cables ;-)
> 
> I found these instructions but I think I'm missing something:
> https://www.cisco.com/c/en/us/support/docs/dial-access/asynchronous-connections/5466-comm-server.html
> 
> ip host other 2000 1.2.3.4
> 
> Core2#telnet 1.2.3.4 2000
> Trying 1.2.3.4, 2000 ... 
> % Connection refused by remote host
> 
> I used the real IP address of looppback0, of course.
> 
> 
> Side note/question: any idea what could cause a Cat6500 VS-S720-10G
> to fail, reset (I can understand *that*) and then not boot into IOS and stay
> in rommon?
> 
> Standby BOOT variable = 
> sup-bootdisk:s72033-adventerprisek9_wan-mz.122-33.SXJ10.bin,1;disk0:s72033-adventerprisek9_wan-mz.122-33.SXJ10.bin,1;
> Standby Configuration register is 0x2102 
> 
> Core2#dir slavesup-bootdisk:
> ...
> s72033-adventerprisek9_wan-mz.122-33.SXJ10.bin
> 
> 
> Thanks!
> Patrick
> -- 
> punkt.de GmbHInternet - Dienstleistungen - Beratung
> Kaiserallee 13aTel.: 0721 9109-0 Fax: -100
> 76133 Karlsruhei...@punkt.dehttp://punkt.de
> AG Mannheim 108285Gf: Juergen Egeling
> 
> ___
> cisco-nsp mailing list  cisco-nsp@puck.nether.net
> https://puck.nether.net/mailman/listinfo/cisco-nsp
> archive at http://puck.nether.net/pipermail/cisco-nsp/

___
cisco-nsp mailing list  cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/

Re: [c-nsp] Multicast in VRF

2018-03-21 Thread Aaron Gould

I wonder if it gets pruned right after the first packet maybe you have to 
do some igmp config for the underlying vlan804 receiver segment's L2 interfaces

I'm guessing as it's been a while since I did much with mcast

-Aaron

-Original Message-
From: cisco-nsp [mailto:cisco-nsp-boun...@puck.nether.net] On Behalf Of Jan 
Gregor
Sent: Monday, March 19, 2018 2:23 PM
To: cisco-nsp@puck.nether.net
Subject: [c-nsp] Multicast in VRF

Hi guys,

I am stumped by a multicast issue on one of my 6500 switches running 
s72033-adventerprisek9-mz.151-2.SY11.bin code. Actually it is two 6500s in VSS, 
but it should not matter, correct me if I am wrong.

The topology is fairly simple, a source is connected to one VLAN on 6500, then 
the receiver is on another VLAN on the same 6500. Both VLANs are in the same 
VRF. Both VLANs are configured for PIM Sparse mode. 
Multicast routing is enabled for the VRF. Relevant config:
vrf definition TEST
  rd 65000:803
  !
  address-family ipv4
  exit-address-family
!
ip multicast-routing
ip multicast-routing vrf TEST
!
ip pim vrf TEST rp-address 10.0.0.1
!
interface Vlan803
  description SOURCE
  vrf forwarding TEST
  ip address 10.0.0.1 255.255.255.0
  ip pim sparse-mode
  arp timeout 300
!
interface Vlan804
  description RECEIVER
  vrf forwarding TEST
  ip address 192.168.2.1 255.255.255.0
  ip pim sparse-mode
  load-interval 30
  arp timeout 300

I see multicast routing entries in the mroute table for the VRF increasing:
sh ip mroute vrf TEST
...
Outgoing interface flags: H - Hardware switched, A - Assert winner
  Timers: Uptime/Expires
  Interface state: Interface, Next-Hop or VCD, State/Mode

(*, 239.192.2.196), 00:24:57/stopped, RP 10.0.0.1, flags: SJC
   Incoming interface: Null, RPF nbr 0.0.0.0
   Outgoing interface list:
 Vlan804, Forward/Sparse, 00:24:57/00:02:40

(10.0.0.11, 239.192.2.196), 00:24:57/00:02:57, flags: T
   Incoming interface: Vlan803, RPF nbr 0.0.0.0, RPF-MFD
   Outgoing interface list:
 Vlan804, Forward/Sparse, 00:24:57/00:02:40, H

sh ip mroute vrf TEST count
IP Multicast Statistics
2 routes using 1102 bytes of memory
1 groups, 1.00 average sources per group Forwarding Counts: Pkt Count/Pkts per 
second/Avg Pkt Size/Kilobits per second Other counts: Total/RPF failed/Other 
drops(OIF-null, rate-limit etc)

Group: 239.192.2.196, Source count: 1, Packets forwarded: 1503, Packets
received: 1503
   RP-tree: Forwarding: 0/0/0/0, Other: 0/0/0
   Source: 10.0.0.11/32, Forwarding: 1503/1/84/0, Other: 1503/0/0

sh ip mroute vrf TEST count
IP Multicast Statistics
2 routes using 1102 bytes of memory
1 groups, 1.00 average sources per group Forwarding Counts: Pkt Count/Pkts per 
second/Avg Pkt Size/Kilobits per second Other counts: Total/RPF failed/Other 
drops(OIF-null, rate-limit etc)

Group: 239.192.2.196, Source count: 1, Packets forwarded: 1510, Packets
received: 1510
   RP-tree: Forwarding: 0/0/0/0, Other: 0/0/0
   Source: 10.0.0.11/32, Forwarding: 1510/1/84/0, Other: 1510/0/0

I am testing it by running ping on the source "ping -t 64 239.192.2.196". I see 
packets leaving the source as verified by tcpdump. 
However packets are not making it to the receiver as verified by tcpdump.

Funny thing is that when I clear the mroute table on the switch by issuing 
"clear ip mroute vrf TEST *" I receive EXACTLY ONE ping packet on the receiver, 
then again nothing:
20:17:02.576050 IP 10.0.0.11 > 239.192.2.196: ICMP echo request, id 11724, seq 
625, length 64

Any pointers would be greatly appreciated.

Best regards,

Jan Gregor



___
cisco-nsp mailing list  cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/

Re: [c-nsp] Multihomed OTV on CSR Lab - Mac Address Issue

2018-02-05 Thread Aaron Gould

Thanks y’all, to be clear, are you saying “…VPLS. Segment Routing…”  you view 
those as fad technologies ?  …or the opposite?

 

Yeah, I remember working for the US Navy in San Diego in 1999 and sitting in a 
class taught be a vendor-provided SE, FORE Systems.  The class was about, yep 
you guessed it with the mention of the vendor (FORE)…class was on ATM… LANE…. 
Etc.  You may recall that in the late 90’s, early 2000’s, ATM was going to save 
the world.  At one point in the class, the instructor paused and made a 
seemingly prophetic statement… he said, all this ATM stuff is new and great and 
all that, but he then erased the board and said this will all be superseded by 
this technology in the next several years… and he wrote 4 letters on the 
board…. M-P-L-S…. then we all stared at him and didn’t know what he was talking 
about, because ATM was new and awesome and we were completely taken up in the 
latest 20 million dollar US Navy atm-to-the-desktop project…. And also , we had 
no idea what he was talking about with mpls…. Then he erased those 4 letters 
and went back to talking about LECS, LES, BUS, LEC operations in LANE ELAN’s….  
K   LOL….

 

-Aaron

 

___
cisco-nsp mailing list  cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/

Re: [c-nsp] Multihomed OTV on CSR Lab - Mac Address Issue

2018-02-01 Thread Aaron Gould

As my teenage son would say. "bet" !

-Aaron

--

Heck yeah, pair of cheapest asr920 at each end and PWs between the DCs and 
you're done.

adam

___
cisco-nsp mailing list  cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/

Re: [c-nsp] Multihomed OTV on CSR Lab - Mac Address Issue

2018-02-01 Thread Aaron Gould

So I think (I could be wrong as I'm not a server guy) that all this L2
network emulation is because of server virtualization and moving vm's or
vmotion or something like that, and that they need to be in same ip subnet
(aka bcast domain) correct ?

*if* that's true, and *if* all this layer 2 networking madness is because of
that point stated above, I would think that someone (vendors/standards
bodies/companies) would/should be working really hard to make that server
stuff work in different bcast domains (different subnets)...so we wouldn't
have to do all that L2 stuff

-Aaron


___
cisco-nsp mailing list  cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/

Re: [c-nsp] Multihomed OTV on CSR Lab - Mac Address Issue

2018-01-30 Thread Aaron Gould

Ha, thanks Justin, I just read the answer to my question I just posted...
OTV is cisco proprietary.  Is OTV gaining steam in the industry as a
potential ietf standard ?

Interesting things you mention about assigning asics, and linecard
dependancies...

-Aaron


___
cisco-nsp mailing list  cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/

Re: [c-nsp] Multihomed OTV on CSR Lab - Mac Address Issue

2018-01-30 Thread Aaron Gould

Thanks, so is OTV cisco proprietary ? 

-Aaron 


___
cisco-nsp mailing list  cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/

Re: [c-nsp] Multihomed OTV on CSR Lab - Mac Address Issue

2018-01-30 Thread Aaron Gould

Thanks

"With regards to the load-sharing in L2
 -problem is you'll never get IP like load-sharing in L2 since Ethernet is
fundamentally flawed in this regard as it just can't associate same mac
address with two ports."

I thought with bgp-mac-routes in evpn, you could engineer traffic with same
knobs used in bgp-ip-routes. ?

I thought with evpn, you could have active-active multi-homed forwarding
across 2 ports, 2 CE's. ?

-Aaron 
  


___
cisco-nsp mailing list  cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/

Re: [c-nsp] Multihomed OTV on CSR Lab - Mac Address Issue

2018-01-29 Thread Aaron Gould

I'm just trying to learn about OTV as I haven't heard much about it...  is
OTV an IETF standard ?

Also, I wonder why I would use one of these (EVPN, VX-LAN, OTV) over the
other ?  let me know if those 3 don't belong in the same comparison family.


I just watched a cisco video and see that the OVT AED (authoritative edge
device is only one, so I guess multi-active-active forwarders which EVPN
brags about can't be done in OTV ?)

Also, I see OTV is gre encaped, and I hear that vxlan is udp encaped, and
evpn, I forget, but I think is just eompls, so I guess vxlan or otv can be
done over non-mpls clouds ?...maybe these are things that would push
me/others in one direction or the other when choosing a l2-emulation
mechanism for DC or whatever we need it for.

- Aaron


___
cisco-nsp mailing list  cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/

Re: [c-nsp] ip vrf autoclassify source - loss of connectivity to hosts

2018-01-25 Thread Aaron Gould

What is this syntax ?  Is this an IOS command ?  "Cisco-AVpair =
"ip:vrf-id=VRF1"

- Aaron


___
cisco-nsp mailing list  cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/

Re: [c-nsp] me3600 ospf %100 cpu blowup

2018-01-15 Thread Aaron Gould

ospf neighbors won't come up either with different mtu's

-Original Message-
From: cisco-nsp [mailto:cisco-nsp-boun...@puck.nether.net] On Behalf Of Mark
Tinka
Sent: Monday, January 15, 2018 8:00 AM
To: Aaron
Cc: cisco-nsp@puck.nether.net
Subject: Re: [c-nsp] me3600 ospf %100 cpu blowup

On 14/Jan/18 17:36, Aaron wrote:

> Size of the ospf table

Been a long while since I ran OSPF in production - but I know IS-IS tests
the MTU as adjacencies are built, and won't work unless PDU's are sent
unfragmented across the wire.

Mark.
___
cisco-nsp mailing list  cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/

___
cisco-nsp mailing list  cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/

Re: [c-nsp] me3600 ospf %100 cpu blowup

2018-01-15 Thread Aaron Gould

I had something similar happen to me a couple months ago, and posted it
here...

[c-nsp] ospf database size - affects that underlying transport mtu might
have

https://www.mail-archive.com/cisco-nsp@puck.nether.net/msg65794.html


- Aaron


___
cisco-nsp mailing list  cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/

Re: [c-nsp] ip vrf autoclassify source - loss of connectivity to hosts

2018-01-12 Thread Aaron Gould

This "ip vrf autoclassify source" feature looks to be a very nice auto-pbr
solution for allowing multiple vrf's on one interface!

I'd like to know if anyone has used it, particularly in the cable modem
world...on Cisco uBR7246VXR, uBR10k, cbr8 

-Aaron


___
cisco-nsp mailing list  cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/

Re: [c-nsp] me3600 ospf %100 cpu blowup

2018-01-12 Thread Aaron Gould

I'll take a stab at it...

Show log... (prior to reboot, so you may need to look at syslog...)

If you see NILE ASIC errors of some sort, I recall TAC telling me there isn't a 
fix and reboot is required.  :|

I recall the nile asic thing being l2vpn related so I dunno about the ospf 
thing

-Aaron


___
cisco-nsp mailing list  cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/

[c-nsp] ip vrf autoclassify source - loss of connectivity to hosts

2018-01-11 Thread Aaron Gould

On occasion I'm seeing loss of connectivity to test hosts that are part of a
subnet belonging to a vrf autoclassify subnet

 

Below I show the interface and the vrf autoclassify commands.
10.145.255.0/24 is source classified into vrf "three"

 

I couple times over the last few weeks I've seen loss of connectivity to a
host.  I looked closer today and saw 2 hosts with this problem, and noticed
that the cef vrf three entry for those 2 broken hosts, were missing from the
cef vrf three table.  

 

What might be causing this?  

 

Has anyone had a problem like this at all, or more particularly with using
vrf autoclassify feature?

 

I tried to recreate the problem by simple deleting the cef entry. this
causes loss of connectivity to the host, but 10-25 seconds later, the entry
is back into the cef vrf table and connectivity is good again.  However,
during the time of the actual observed problem, connectivity was only
restored when I removed dhcp config from the host and reapplied it, which
I'm guessing generated enough of traffic or certain traffic type, to cause
cef table repopulate and connectivity was good again.

 

 

interface Bundle1

 

vrf forwarding one

 

ip vrf autoclassify source

 

ip dhcp relay information trusted

 

ip address 111.222.111.225 255.255.255.248 secondary

 

ip address 10.13.254.1 255.255.255.0 secondary

 

ip address 10.255.2.1 255.255.255.0 secondary

 

ip address 10.145.255.1 255.255.255.0 secondary vrf three

 

.

 

cmts0.test#sh ip cef vrf three | in 10.145.

10.145.254.1/32  receive  Loopback100

10.145.255.0/24  attached Bundle1

10.145.255.0/32  receive  Bundle1

10.145.255.1/32  receive  Bundle1

10.145.255.2/32  attached Bundle1

10.145.255.220/32attached Bundle1

10.145.255.255/32receive  Bundle1

 

cmts0.test#cle arp vrf three 10.145.255.2

cmts0.test#cle arp vrf three 10.145.255.2

cmts0.test#cle arp vrf three 10.145.255.2

cmts0.test#cle arp vrf three 10.145.255.2

cmts0.test#cle arp vrf three 10.145.255.2

cmts0.test#cle arp vrf three 10.145.255.2

cmts0.test#cle arp vrf three 10.145.255.2

cmts0.test#cle arp vrf three 10.145.255.2

cmts0.test#cle arp vrf three 10.145.255.2

cmts0.test#cle arp vrf three 10.145.255.2

 

cmts0.test#sh ip cef vrf three | in 10.145.

10.145.254.1/32  receive  Loopback100

10.145.255.0/24  attached Bundle1

10.145.255.0/32  receive  Bundle1

10.145.255.1/32  receive  Bundle1

10.145.255.220/32attached Bundle1

10.145.255.255/32receive  Bundle1

 

(about 10-25 seconds later, 10.145.244.2 is back in cef table and is once
again pingable)

 

cmts0.test#sh ip cef vrf three | in 10.145.

10.145.254.1/32  receive  Loopback100

10.145.255.0/24  attached Bundle1

10.145.255.0/32  receive  Bundle1

10.145.255.1/32  receive  Bundle1

10.145.255.2/32  attached Bundle1

10.145.255.220/32attached Bundle1

10.145.255.255/32receive  Bundle1

 

 

 

- Aaron

___
cisco-nsp mailing list  cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/

Re: [c-nsp] Cisco Supply Chain issues in Amsterdam?

2018-01-03 Thread Aaron Gould

We had a supply chain issue a while back with Cisco we use more Juniper
gear now.:|

...options are good

- Aaron


___
cisco-nsp mailing list  cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/

Re: [c-nsp] Cisco 3750G backplane throughput

2017-12-15 Thread Aaron Gould

but while I'm thinking about it...

What in the heck are you doing using a 3750 for uplink to provider!!  LOL
(Just kidding, I couldn't resist)

- Aaron


___
cisco-nsp mailing list  cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/

Re: [c-nsp] ospf database size - affects that underlying transport mtu might have

2017-12-01 Thread Aaron Gould

Cisco tac didn't want to do ignore-mtu because I think they said there was 
something else further in the neighborship process that must have a sufficient 
transport mtu to make work... so we had to shrink the end point mtu's where the 
neighbors were located (my cisco asr901 at the cell tower site, and my cisco 
asr9006 at my core...  everything in the middle was 3 different 3rd parties 
transporting my 901 and 9k via layer 2 )

-Aaron


___
cisco-nsp mailing list  cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/

[c-nsp] ospf database size - affects that underlying transport mtu might have

2017-11-22 Thread Aaron Gould

This is a *single area* ospf environment, that has been stable for years..
But now suddenly is having issues with new ospf neightbor adjacencies ,
which are riding a 3rd party transport network 

 

Anyone ever experienced anything strange with underlying transport network
mtu possibly causing ospf neighbor adjacency to be broken ?  I'm asking if
the underlying 3rd party transport layer 2 network has a smaller mtu than
the endpoint ospf ip interface have, could this cause those ospf neighbors
to not fully establish ? .and I'm also asking this if the single ospf area
has grown large enough to cause some sort of initial database packet to be
larger than that underlying 3rd party mtu is providing

 

-Aaron

 

___
cisco-nsp mailing list  cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/

Re: [c-nsp] cisco ip nat question

2017-11-09 Thread Aaron Gould

You may be able to accomplish it with proxy arp and not have to nat

I recall proxy arp will allow hosts to arp for everything, and the router to 
arp reply to any and all arps on the subnet with its own mac address 

-Aaron


___
cisco-nsp mailing list  cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/

Re: [c-nsp] Juniper MX240 & MX480

2017-10-26 Thread Aaron Gould

The thing that caused me to evaluate replacing my ASR9k 15-node network was
when Cisco told me if I replaced my RSP-4G routing engine with newest one,
all my 1st gen Trident linecards would stop working.  :|  

So since I had to fork-lift everything , I thought it was time to re-eval
what is out there.

We needed CGNAT also.

We decided to go with MXX960's with MS-MPC's in them.  MPC-7E linecards with
QSFP28 interfaces for building a 100 gig mpls core

I liked the Juniper CGNAT better than the Cisco ASR9000 VSM-500

- Aaron



___
cisco-nsp mailing list  cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/

Re: [c-nsp] Juniper MX240 & MX480

2017-10-26 Thread Aaron Gould

Dang, MX204 has possible (4) 100 gig interfaces ... 1RU !  (I heard
something about juniper summit or vale a while back...maybe that's these 150
and 204)

https://www.juniper.net/us/en/products-services/routing/mx-series/compare?p=
MX204

Someone is already using them, guessing a facebook fna caching site...
http://new.commverge.com/Announcements/tabid/83/EntryId/176/CommVerge-Hong-K
ong-deploys-Juniper-MX-204-Routing-Switch-in-Facebook-Hong-Kong-Site.aspx

I read something about MPLSoUDP , VXLAN , EVPN, SR-MPLS and SR-V6... seems
like it does newer stuff.

Yeah, this is the wrong list... hey, y'all started it , lol

-Aaron



___
cisco-nsp mailing list  cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/

Re: [c-nsp] config example xconnent between ASR9K and 6500

2017-09-20 Thread Aaron Gould

Please send this output...

show run l2vpn bridge group BG_MST_VALLE bridge-domain BD_MST-VALLE-VLAN-70

- Aaron


___
cisco-nsp mailing list  cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/

Re: [c-nsp] config example xconnent between ASR9K and 6500

2017-09-19 Thread Aaron Gould

An the ASR9k, send the error during commit and then also the "show
configuration failed" output.

That looks like a manual ldp-based vpls config

Are you trying to do manual ldp vpls on a 6500 ?  

-Aaron


___
cisco-nsp mailing list  cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/

Re: [c-nsp] config example xconnent between ASR9K and 6500

2017-09-16 Thread Aaron Gould

What is Smart Edge ?

-Aaron
___
cisco-nsp mailing list  cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/

Re: [c-nsp] config example xconnent between ASR9K and 6500

2017-09-15 Thread Aaron Gould

Oh ok I think I see what you mean.  So if you configure a PW with a static 
label, then does that mean you have to handle the pw on the next hop device or 
otherwise statically map the lsp at every hop along the way ?

 

I’ve always done end to end dynamic pw’s… so I’m very familiar with mtu drama, 
soft (control plane) and hard (fwd’ing plane).

 

-Aaron

 

___
cisco-nsp mailing list  cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/

Re: [c-nsp] config example xconnent between ASR9K and 6500

2017-09-15 Thread Aaron Gould

Thanks Curtis, Are you saying that mtu’s only matter if you force a static mpls 
label ?

 

-Aaron

___
cisco-nsp mailing list  cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/

Re: [c-nsp] config example xconnent between ASR9K and 6500

2017-09-15 Thread Aaron Gould


I put the MTU show command below, because we all know how much MTU is a
gotcha in MPLS L2VPN's...

**

9k...

interface Loopback0
 ipv4 address 10.101.0.15 255.255.255.255

interface TenGigE0/0/0/1.103 l2transport
 description eline - company-a
 encapsulation dot1q 2995
 rewrite ingress tag pop 1 symmetric
 mtu 1518
 l2protocol cpsv tunnel

l2vpn
 xconnect group eline
  p2p company-a
   interface TenGigE0/0/0/1.103
   neighbor ipv4 10.101.44.2 pw-id 2995

verify

sh l2v xcon group eline xc-name company-a
sh l2v xcon group eline xc-name company-a detail
sh l2v xcon group eline xc-name company-a detail | in MTU

**

Sorry I don't have a 6500, but if 6500 is like a IOS-based ME3600
then

interface Loopback0
 ip address 10.101.44.2 255.255.255.255

interface GigabitEthernet0/5
 description eline - company-a
 switchport trunk allowed vlan none
 switchport mode trunk
 load-interval 30
 service instance 1 ethernet
  encapsulation default
  l2protocol tunnel
  xconnect 10.101.0.15 2995 encapsulation mpls
   mtu 1500

verify...

sh xcon int g0/5
sh mpls l2 vc interface g0/5
sh mpls l2 vc interface g0/5 detail
sh mpls l2 vc interface g0/5 detail | in MTU


- Aaron Gould

___
cisco-nsp mailing list  cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/

Re: [c-nsp] ISIS/BFD Monitoring

2017-09-15 Thread Aaron Gould

Kiwi syslogd or maybe splunk

-Aaron

___
cisco-nsp mailing list  cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/

Re: [c-nsp] OSPF equal cost load balancing

2017-08-31 Thread Aaron Gould

In my mpls cloud I usually would lag dual gige's together to feed my PE
boxes with more bandwidth.  Worked well for me

-Aaron

___
cisco-nsp mailing list  cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/

Re: [c-nsp] OSPF equal cost load balancing

2017-08-31 Thread Aaron Gould

I just read this.  I wonder if it applies.

https://www.cisco.com/en/US/products/hw/modules/ps2033/prod_technical_reference09186a00800afeb7.html

How CEF load balancing works 

….

If the destination is on a remote network reachable via a next hop router, the 
entry in the route cache is consisting of the destination network. If parallel 
paths exist this does not provide load balancing, as only one path would be 
used.

….

 

-Aaron

___
cisco-nsp mailing list  cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/

Re: [c-nsp] OSPF equal cost load balancing

2017-08-30 Thread Aaron Gould

Are you doing a 2-port etherchannel between the 920 and 3600 ?  Asking since 
you seem to be asking question about etherchannel load balancing and hashing

...or...

Are you doing 2 separate layer 3 subnets between the 920 and 3600 ?  asking 
since your subject heading implies so. (ospf equal cost LB)

...you might be confusing/mixing 2 different subjects and how-to's in the same 
explanation.

I think you mentioned the 920 is network side and 3600 is closer to customer... 
if so, please go to 920 and show a customer route on the 3600 that you wish you 
would load balance please... sanitize your output to protect the innocent...

Show ip route a.b.c.d

Show ip arp of next hop

If it goes via L2

Show mac-address-table address ..


-Aaron


___
cisco-nsp mailing list  cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/

Re: [c-nsp] cisco 3850 eigrp - sending goodbye - can't ping any 224.0.0.10

2017-08-24 Thread Aaron Gould

Thanks Nick, to begin with please keep in mind, this was fine for a year or
more, until last night when they replaced a 3750, with a 3850.

They have 6840's, 6509's, 3750's, and 3850's... they are all eigrp neighbors
fully meshed.

I'm the SP.  I provide this customer a mpls vpls rfc4762 (bgp ad w/ldp sig).
(I have a mix of cisco me3600's and juniper acx5048's providing that vpls
elan) All those cisco devices mentioned above are the customer edge.

On all those ce's is an untagged L3 interface.  All those ce interfaces
eigrp neighbor with all others.

I tried on 2 other ce devices and COULD ping 224.0.0.10 and get responses
from all other ce's.

BUT, on that one 3850-24 port, when I pinged 224.0.0.10, it died immediately
with "." one failure, and that's it.  Strange.

Yes, I did do a static eigrp neighbor between the 3850-48port and the
3850-24port and the neighbor stayed stable for over 3 minutes (previously,
the goodbye eigrp teardown was happening every 80 seconds)

I don't have access at the moment, it's the customer gear and they allow me
remote access only when they need my help.  I told them to take my findings
and call the cisco tac

-Aaron


___
cisco-nsp mailing list  cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/

[c-nsp] cisco 3850 eigrp - sending goodbye - can't ping any 224.0.0.10

2017-08-24 Thread Aaron Gould

I was just working with a customer that has a 3850 - 24 port that
continually sends goodbye tlv every 80 seconds

 

He also has a 3850 48 port that works fine

 

The 3850 24 port can NOT ping 224.0.0.10 at all

The 3850 48 port can ping 224.0.0.10 and gets responses from all the eigrp
neighbors on the vlan

 

Router eigrp 1 configs are same

 

- Aaron Gould

 

___
cisco-nsp mailing list  cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/

Re: [c-nsp] nfSen / nfDump

2017-08-05 Thread Aaron Gould

netflow

-Original Message-
From: cisco-nsp [mailto:cisco-nsp-boun...@puck.nether.net] On Behalf Of Phil
Mayers
Sent: Friday, August 4, 2017 3:08 AM
To: cisco-nsp@puck.nether.net
Subject: Re: [c-nsp] nfSen / nfDump

On 03/08/17 22:53, Aaron Gould wrote:
> I do 1/512 sample rate on my asr9k's and usually multiple numbers 
> gathered in nfsen by 512 to normalize

sflow? Or netflow?
___
cisco-nsp mailing list  cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/

___
cisco-nsp mailing list  cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/

Re: [c-nsp] nfSen / nfDump

2017-08-03 Thread Aaron Gould

We run Nfsen 1.3.6

- Aaron

-Original Message-
From: cisco-nsp [mailto:cisco-nsp-boun...@puck.nether.net] On Behalf Of Nick
Cutting
Sent: Tuesday, August 1, 2017 4:00 PM
To: cisco-nsp@puck.nether.net
Subject: [c-nsp] nfSen / nfDump

Slightly off topic, however related to the solarwinds talks of last week.

Just wondering what versions of nfSen and nfdump you fine people are running
- and on what operating system, e.g debian / red hat etc.

I understand Nfsen has not been updated since 2011 - is this a problem - or
is it just that rocksteady?

How comprehensive is the sFlow support - this is one reason we are moving
away from solarwinds. (and we got rid of all our CaatOS gear - solarwinds
was great at CatoS!)

Any input greatly appreciated

Nick Cutting
___
cisco-nsp mailing list  cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/

___
cisco-nsp mailing list  cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/

Re: [c-nsp] nfSen / nfDump

2017-08-03 Thread Aaron Gould

I do 1/512 sample rate on my asr9k's and usually multiple numbers gathered
in nfsen by 512 to normalize

-Aaron

-Original Message-
From: cisco-nsp [mailto:cisco-nsp-boun...@puck.nether.net] On Behalf Of
Patrick Cole
Sent: Tuesday, August 1, 2017 6:17 PM
To: Nick Cutting 
Cc: cisco-nsp@puck.nether.net
Subject: Re: [c-nsp] nfSen / nfDump

Nick,

Nfsen/nfdump is pretty rock solid.  I've been running it for many years
without too many dramas.  I use a combination of sflow / netflow within our
network.   The only issue I have is it seems to incorrectly show packet
rate for sflow but is fine with netflow (due to the 1 in 1024 sample rate
with sflow more than likely - there may be a fix I havn't spent a lot of
time on it)

PC

Tue, Aug 01, 2017 at 08:59:54PM +, Nick Cutting wrote:

> Slightly off topic, however related to the solarwinds talks of last week.
> 
> Just wondering what versions of nfSen and nfdump you fine people are
running - and on what operating system, e.g debian / red hat etc.
> 
> I understand Nfsen has not been updated since 2011 - is this a problem -
or is it just that rocksteady?
> 
> How comprehensive is the sFlow support - this is one reason we are 
> moving away from solarwinds. (and we got rid of all our CaatOS gear - 
> solarwinds was great at CatoS!)
> 
> Any input greatly appreciated
> 
> Nick Cutting
> ___
> cisco-nsp mailing list  cisco-nsp@puck.nether.net 
> https://puck.nether.net/mailman/listinfo/cisco-nsp
> archive at http://puck.nether.net/pipermail/cisco-nsp/
> 

--
Patrick Cole 
Senior Network Specialist
World Without Wires
PO Box 869. Palm Beach, QLD, 4221
Ph:  0410 626 630
___
cisco-nsp mailing list  cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/

___
cisco-nsp mailing list  cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/

Re: [c-nsp] Basic IP to Port finding question on Cisco 3850

2017-07-27 Thread Aaron Gould

Yes

3750#sh ip arp 10.101.15.21
Protocol  Address  Age (min)  Hardware Addr   Type   Interface
Internet  10.101.15.21  147   001c.5779.d841  ARPA   Vlan4000

-Aaron


___
cisco-nsp mailing list  cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/

Re: [c-nsp] Nexus 7707 as Internet Edge Router?

2017-07-26 Thread Aaron Gould

Please let me know what y'all mean by this comment regarding *policing on
LAG's*.

I'm thinking about doing this and would like to know what you mean by that.

-Aaron Gould


"We have refused to use the ASR9000 as an edge router because of how Cisco
implement policing on LAG's, in general. However, we use them quite
extensively as border and peering routers."



___
cisco-nsp mailing list  cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/

Re: [c-nsp] Basic IP to Port finding question on Cisco 3850

2017-07-26 Thread Aaron Gould

Are you talking about like this ?


3750#sh ip arp vlan 4000
Protocol  Address  Age (min)  Hardware Addr   Type   Interface
Internet  10.101.15.1   171   4055.3970.f265  ARPA   Vlan4000
Internet  10.101.15.7   171   0cd5.02c0.cd4c  ARPA   Vlan4000
Internet  10.101.15.16-   0013.8039.eac1  ARPA   Vlan4000
Internet  10.101.15.21  185   001c.5779.d841  ARPA   Vlan4000

3750#sh mac address-table dynamic | in 4055.3970.f265
40004055.3970.f265DYNAMIC Gi1/0/26

-Aaron


-Original Message-
From: cisco-nsp [mailto:cisco-nsp-boun...@puck.nether.net] On Behalf Of Scott 
Granados
Sent: Wednesday, July 26, 2017 11:16 AM
To: cisco-nsp 
Subject: [c-nsp] Basic IP to Port finding question on Cisco 3850

I think this is a basic question but Googling has not helped me much so I’m 
hopeful someone can shed the clue light on me a bit.

I’m trying to find the specific port an IP address is attached to on a 3850 in 
L3 mode with SVI interfaces.  SO for example if I do a show arp a.b.c.d I’ll 
get the MAC and the SVI attached.  If I do a show VLAN ID X I see the port 
members but there are many, let’s say 10 or more per VLAN.  Is there an easy 
way to detect which port either the IP is received on or the MAC address that 
is displayed in the show arp?  Everything I’m doing seems to show the SVI 
that’s in play but not the specific gig port that the device is attached to and 
mapped to the VLAN as a member.  This seems like the sort of thing that would 
be easy to figure out but I’m stumped.  Any pointers would be most appreciated. 
 

Thanks and sorry for such a rudimentary question.

Scott

___
cisco-nsp mailing list  cisco-nsp@puck.nether.net 
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/

___
cisco-nsp mailing list  cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/

Re: [c-nsp] ASR9k LC fib programming problem

2017-07-13 Thread Aaron Gould

Very interesting (concerning)

I had a stuck ACL entry the other day on an ASR9006...

Blocking outbound traffic in an ipv4 acl on an interface... removed the /24
I was blocking still couldn't pass traffic to it...

Removed the outbound acl completely from the interface...commit...reapplied
the outbound acl to the interfacecommit

Fixed.  Yeah, seemed like a stuck entry somewhere.  I hope you find your
stuck routing issue

-Aaron Gould


___
cisco-nsp mailing list  cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/

Re: [c-nsp] ASR9K - 6PE packets punted to RP

2017-07-12 Thread Aaron Gould

Thanks James...they mention it's the changing of the v6 next-hop from
recursive to non-recursive or vice versa that causes an issue

https://bst.cloudapps.cisco.com/bugsearch/bug/CSCuo20651

I see 6VPE is also mentioned as possibly affected.  Seems like I'm not
completely safe since I run 6VPE   :|

-Aaron


___
cisco-nsp mailing list  cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/

Re: [c-nsp] ASR9K - 6PE packets punted to RP

2017-07-12 Thread Aaron Gould

I've tested and running in some places dual-stacked over MPLS L3VPN
(6*V*PE)... I haven't seen any problems with 6VPE via my ASR9k's as of
yet... just thought I'd let you know in case you could go with 6VPE rather
than 6PE and avoid your issues.  Just a thought.  Sorry I don't have info
about 6PE and punting issues.

-Aaron


___
cisco-nsp mailing list  cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/

Re: [c-nsp] STM-1 over MPLS using ASR920

2017-07-11 Thread Aaron Gould

This it ?

http://www.cisco.com/c/en/us/td/docs/routers/asr920/configuration/guide/mpls
/mp-basic-xe-3s-asr920-book/mp-basic-xe-3s-asr920-book_chapter_0111.html#GUI
D-BF893529-A91C-499C-AE8F-7B13A4AA9A3F

- Aaron

-Original Message-
From: cisco-nsp [mailto:cisco-nsp-boun...@puck.nether.net] On Behalf Of
Lukas Tribus
Sent: Tuesday, July 11, 2017 10:10 AM
To: George Giannousopoulos ; cisco-nsp

Subject: Re: [c-nsp] STM-1 over MPLS using ASR920

Hello Georg,


> Has anyone ever tried to transport transparently STM-1 over MPLS using 
> ASR920?
> Can you share your experiences and any issues you have possibly faced?
> 
> Consider the following topology
> 
> SDH #1 <=> ASR920 #1 <==MPLS==> ASR920 #2 <=> SDH #2
> 
> ASR920 supports the A900-IMA4OS which could be one solution.
> It also supports the TSoP Smart SFP


Wondering the same exact thing, did you came to any conclusion about this?



Thanks,
Lukas
___
cisco-nsp mailing list  cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/

___
cisco-nsp mailing list  cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/

[c-nsp] timers on ipv6 routes in IOS

2017-06-22 Thread Aaron Gould

Something I've always liked is seeing the timer on a route. but I'm not
seeing this in ipv6 on IOS.  IOS XR has timers though. 

 

Anyone know an easy way to see the update timer on a v6 route in IOS ?

 

.this is an ME3600 running IOS 15.2(4)S5.

 

eng-lab-3600-1#sh ip ro vrf one

...

B*0.0.0.0/0 [200/0] via 10.101.0.2, 1d22h

  10.0.0.0/8 is variably subnetted, 177 subnets, 12 masks

B10.10.0.0/16 [200/0] via 10.101.4.103, 1d22h

B10.12.0.0/16 [200/0] via 10.101.8.100, 1d22h

B10.13.0.0/21 [200/0] via 10.101.4.103, 1d22h

B10.13.12.0/22 [200/0] via 10.101.8.100, 1d22h

B10.13.254.0/24 [200/0] via 10.101.12.100, 1d22h

B10.15.0.0/16 [200/0] via 10.101.4.103, 1d22h

B10.16.0.0/21 [200/0] via 10.101.16.101, 1d22h

B10.16.8.0/21 [200/0] via 10.101.16.101, 1d22h

B10.16.16.0/21 [200/0] via 10.101.16.101, 1d22h

B10.16.24.0/21 [200/0] via 10.101.16.102, 1d22h

B10.16.32.0/21 [200/0] via 10.101.16.102, 1d22h

B10.16.40.0/21 [200/0] via 10.101.16.102, 1d22h

B10.16.48.0/21 [200/0] via 10.101.8.100, 1d22h

B10.21.0.0/19 [200/0] via 10.101.0.1, 1d22h

B10.21.32.0/19 [200/0] via 10.101.0.1, 1d22h

B10.21.64.0/19 [200/0] via 10.101.0.1, 1d22h

B10.22.0.0/19 [200/0] via 10.101.0.1, 1d22h

B10.22.32.0/19 [200/0] via 10.101.0.1, 1d22h

B10.22.64.0/19 [200/0] via 10.101.0.1, 1d22h

B10.23.0.0/19 [200/0] via 10.101.0.1, 1d22h

B10.23.32.0/19 [200/0] via 10.101.0.1, 1d22h

B10.23.64.0/19 [200/0] via 10.101.0.1, 1d22h

B10.24.0.0/19 [200/0] via 10.101.0.8, 1d22h

B10.24.32.0/19 [200/0] via 10.101.0.8, 1d22h

 

eng-lab-3600-1#sh ipv6 ro vrf one

...

B   ::/0 [200/0]

 via 10.101.0.2%default, indirectly connected

B   1234:1234::/32 [200/0]

 via 10.101.0.7%default, indirectly connected

 via 10.101.0.5%default, indirectly connected

 via 10.101.0.2%default, indirectly connected

B   1234:1234:0:5::/64 [200/0]

 via 10.101.0.254%default, indirectly connected

B   1234:1234:0:50::/64 [200/0]

 via 10.101.0.5%default, indirectly connected

B   1234:1234:0:90::/64 [200/0]

 via 10.101.0.9%default, indirectly connected

B   1234:1234:0:91::/64 [200/0]

 via 10.101.0.9%default, indirectly connected

B   1234:1234:0:92::/64 [200/0]

 via 10.101.0.9%default, indirectly connected

B   2605:6000:0:8::F:8000/127 [200/0]

 via 10.101.0.5%default, indirectly connected

L   FF00::/8 [0/0]

 via Null0, receive

 

 

 

 xr shows timers for v6 routes.

 

 

RP/0/RSP0/CPU0:9k#sh route vrf one ipv6 unicast

Thu Jun 22 10:27:26.793 CDT



 

B*   ::/0

  [20/41] via fe80::aad0:e5ff:fede:c295, 2d04h, TenGigE0/1/0/1

B1234:1234::/32

  [200/0] via ::, 14w2d, Null0

B1234:1234:0:5::/64

  [200/0] via :::10.101.0.254 (nexthop in vrf default), 8w1d

C1234:1234:0:50::/64 is directly connected,

  12w0d, BVI4

L1234:1234:0:50::1/128 is directly connected,

  12w0d, BVI4

B1234:1234:0:90::/64

  [200/0] via :::10.101.0.9 (nexthop in vrf default), 13w1d

B1234:1234:0:91::/64

  [200/0] via :::10.101.0.9 (nexthop in vrf default), 00:08:09

B1234:1234:0:92::/64

  [200/0] via :::10.101.0.9 (nexthop in vrf default), 00:09:49

C2468:2468:0:8::f:8000/127 is directly connected,

  2y42w, TenGigE0/1/0/1

L2468:2468:0:8::f:8001/128 is directly connected,

  2y42w, TenGigE0/1/0/1

RP/0/RSP0/CPU0:stlr-9k#

 

 

 

 

-Aaron Gould

 

___
cisco-nsp mailing list  cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/

Re: [c-nsp] Matching EXP bits in ME3600

2017-06-16 Thread Aaron Gould

You might be able to 

"show ip access-list EF-CLASS-ACL" and see which line is taking hits

Also, would be curious to see what this shows also...

sh policy-map interface g0/24


-Aaron



___
cisco-nsp mailing list  cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/

Re: [c-nsp] ASR9010 problem - CRC ERROR - DATA PATH FAILED

2017-06-05 Thread Aaron Gould

ASR9010 - 4.1.2 - RSP-4G

I think this has happened before, about a year or so ago.  Maybe has
happened 3 times... but strangely, about a year apart in occurrence.  I have
XR TAC researching previous cases I've created regarding this asr9010 and
issues like this to find out if I have in fact created multiple cases about
this same problem, I'm pretty sure I have.

- Aaron

Details

RP/0/RSP0/CPU0:blcn-9k#sh ver | in Chassis
Mon Jun  5 07:00:18.129 CDT
ASR-9010 DC Chassis

RP/0/RSP0/CPU0:blcn-9k#show platform
Mon Jun  5 06:58:03.807 CDT
NodeType  StateConfig State

-
0/RSP0/CPU0 A9K-RSP-4G(Active)IOS XR RUN   PWR,NSHUT,MON
0/RSP1/CPU0 A9K-RSP-4G(Standby)   IOS XR RUN   PWR,NSHUT,MON
0/0/CPU0A9K-2T20GE-L  IOS XR RUN   PWR,NSHUT,MON
0/1/CPU0A9K-2T20GE-L  IOS XR RUN   PWR,NSHUT,MON
0/2/CPU0A9K-4T-L  IOS XR RUN   PWR,NSHUT,MON
0/3/CPU0A9K-8T-L  IOS XR RUN   PWR,NSHUT,MON


RP/0/RSP0/CPU0:blcn-9k#show install committed summary
Mon Jun  5 06:58:51.716 CDT
  Committed Packages:
disk0:asr9k-p-4.1.2.CSCtx74305-1.0.0
disk0:asr9k-mini-p-4.1.2
disk0:asr9k-doc-p-4.1.2
disk0:asr9k-k9sec-p-4.1.2
disk0:asr9k-mpls-p-4.1.2
disk0:asr9k-mgbl-p-4.1.2
disk0:asr9k-mcast-p-4.1.2


___
cisco-nsp mailing list  cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/

[c-nsp] ASR9010 problem - CRC ERROR - DATA PATH FAILED

2017-06-03 Thread Aaron Gould

Any idea why this happened?

 

Serious problems.. Rebooted module, problems stopped.

 

RP/0/RSP0/CPU0:blcn-9k#sh log | in "FABRIC|reset"

Sat Jun  3 18:28:12.835 CDT

LC/0/0/CPU0:Jun  3 16:11:12.936 : pfm_node_lc[267]:
%FABRIC-FIA-1-SUSTAINED_CRC_ERR : Set|fia_lc[151622]|Crossbar
Interface(0x1013000)|Fabric interface ASIC-0 has sustained CRC errors

RP/0/RSP1/CPU0:Jun  3 16:13:47.759 : pfm_node_rp[327]:
%PLATFORM-DIAGS-3-PUNT_FABRIC_DATA_PATH_FAILED :
Set|online_diag_rsp[233590]|System Punt/Fabric/data Path
Test(0x204)|failure threshold is 3, (slot, NP) failed: (0, 0) (0, 1)

RP/0/RSP0/CPU0:Jun  3 16:14:07.963 : pfm_node_rp[327]:
%PLATFORM-DIAGS-3-PUNT_FABRIC_DATA_PATH_FAILED :
Set|online_diag_rsp[233590]|System Punt/Fabric/data Path
Test(0x204)|failure threshold is 3, (slot, NP) failed: (0, 0) (0, 1)

 

RP/0/RSP0/CPU0:blcn-9k#hw-module location 0/0/CPU0 reload

Sat Jun  3 18:00:44.542 CDT

WARNING: This will take the requested node out of service.

Do you wish to continue?[confirm(y/n)]y

 

sh log | in "FABRIC|reset"

...

RP/0/RSP0/CPU0:Jun  3 18:00:49.706 : shelfmgr[362]:
%PLATFORM-SHELFMGR-6-USER_RESET : Node 0/0/CPU0 is reset due to user reload
request

RP/0/RSP1/CPU0:Jun  3 18:00:58.565 : pfm_node_rp[327]:
%PLATFORM-DIAGS-3-PUNT_FABRIC_DATA_PATH_FAILED :
Clear|online_diag_rsp[233590]|System Punt/Fabric/data Path
Test(0x204)|failure threshold is 3, (slot, NP) failed: (0, 0) (0, 1)

RP/0/RSP0/CPU0:Jun  3 18:01:18.847 : pfm_node_rp[327]:
%PLATFORM-DIAGS-3-PUNT_FABRIC_DATA_PATH_FAILED :
Clear|online_diag_rsp[233590]|System Punt/Fabric/data Path
Test(0x204)|failure threshold is 3, (slot, NP) failed: (0, 0) (0, 1)

 

- Aaron

 

 

___
cisco-nsp mailing list  cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/

Re: [c-nsp] RSP failover vs Chassis failover for switch/router clusters

2017-05-25 Thread Aaron Gould

I really like my data center Juniper EX4550's.  I'm using these as Virtual
Chassis using a vcm/vcp 128 gig card and 10' cable to make possible the
virtual chassis.  They have been solid performers for me for a few years.
I'm not using them for mpls.  I understand they don't do mpls l2vpn's.  I
recall testing mpls l3vpn's successfully in my eval period, but most folks
want/need l2vpn in the dc.  I create a bunch of lag (ae) interfaces up and
down towards servers and core network... at the core network mpls pe ingress
I do my mpls l2vpn tricks.

{master:1}
root@stlr-dcvc-4550> show chassis routing-engine | grep "uptime|model"
Model  EX4550-32F
Uptime 1441 days, 17 hours, 54 minutes, 48
seconds
Model  EX4550-32F
Uptime 1441 days, 18 hours, 15 minutes, 40
seconds


- Aaron


___
cisco-nsp mailing list  cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/

Re: [c-nsp] Cisco ASR vs Juniper

2017-05-24 Thread Aaron Gould

...i re-read some of your criteria... ummm, so I use MX104's and ACX5048's
with MP-iBGP for just learning my internal core routes, not big table for
world routes... so for what I use those boxes for, they are nice.

-Aaron

-Original Message-
From: cisco-nsp [mailto:cisco-nsp-boun...@puck.nether.net] On Behalf Of
Aaron Gould
Sent: Wednesday, May 24, 2017 9:36 AM
To: 'Mark Tinka' <mark.ti...@seacom.mu>; 'Mark Mason'
<mma...@jackhenry.com>; cisco-nsp@puck.nether.net
Subject: Re: [c-nsp] Cisco ASR vs Juniper

About the MX104 and ACX5000

I have ~7,000 dsl customers being nat'd behind /24 of address space on a
pair of MX104's... they run nicely on two mpls l3vpn's... nat inside vrf
(ri) and nat outside vrf (ri)

I have deployed (~30) ACX5048's as mpls p's and pe's and they are running
well.  I have hit a bug with VPLS that requires a vpls routing-instance
bounce to revive, but JTAC just told me the PR is hitting D20 software and
fixed in D25 still need to test that.  But all in all, I like the
ACX5048's.

-Aaron

-Original Message-
From: cisco-nsp [mailto:cisco-nsp-boun...@puck.nether.net] On Behalf Of Mark
Tinka
Sent: Wednesday, May 24, 2017 2:16 AM
To: Mark Mason <mma...@jackhenry.com>; cisco-nsp@puck.nether.net
Subject: Re: [c-nsp] Cisco ASR vs Juniper



On 5/9/17 7:29 PM, Mark Mason wrote:

> Alright crowd...Ready the rifles and prepare for battle...Cisco ASR or
Juniper. Cost, operability, chassis lifespan new vs. old, memory
requirements, etc. So many details. Feel free to take the post anywhere
you'd like.

I'm really liking the new ASR1000 family of routers.

But we did the month since December last year, and any way we cut it, the
MX480 works out cheaper.

Stay away from the MX104 or ACX5000.

Mark.
___
cisco-nsp mailing list  cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/

___
cisco-nsp mailing list  cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/

___
cisco-nsp mailing list  cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/

Re: [c-nsp] Cisco ASR vs Juniper

2017-05-24 Thread Aaron Gould

About the MX104 and ACX5000

I have ~7,000 dsl customers being nat'd behind /24 of address space on a
pair of MX104's... they run nicely on two mpls l3vpn's... nat inside vrf
(ri) and nat outside vrf (ri)

I have deployed (~30) ACX5048's as mpls p's and pe's and they are running
well.  I have hit a bug with VPLS that requires a vpls routing-instance
bounce to revive, but JTAC just told me the PR is hitting D20 software and
fixed in D25 still need to test that.  But all in all, I like the
ACX5048's.

-Aaron

-Original Message-
From: cisco-nsp [mailto:cisco-nsp-boun...@puck.nether.net] On Behalf Of Mark
Tinka
Sent: Wednesday, May 24, 2017 2:16 AM
To: Mark Mason ; cisco-nsp@puck.nether.net
Subject: Re: [c-nsp] Cisco ASR vs Juniper



On 5/9/17 7:29 PM, Mark Mason wrote:

> Alright crowd...Ready the rifles and prepare for battle...Cisco ASR or
Juniper. Cost, operability, chassis lifespan new vs. old, memory
requirements, etc. So many details. Feel free to take the post anywhere
you'd like.

I'm really liking the new ASR1000 family of routers.

But we did the month since December last year, and any way we cut it, the
MX480 works out cheaper.

Stay away from the MX104 or ACX5000.

Mark.
___
cisco-nsp mailing list  cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/

___
cisco-nsp mailing list  cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/

Re: [c-nsp] Cisco ASR vs Juniper

2017-05-12 Thread Aaron Gould

Hi James, I haven't done much with QoS on the ACX5048 yet.  When I do, I don't 
think we will be doing as much as you described with the ME3600.  I hardly did 
any QoS with my ME3600's occasional policer or shaper on efp here and there.

-Aaron

___
cisco-nsp mailing list  cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/

Re: [c-nsp] Cisco ASR vs Juniper

2017-05-10 Thread Aaron Gould

A few things come to mind...

I enjoy my Cisco ASR9000 network running for ~5 years now... it's solid.  

I also like what I've seen recently in the Juniper ACX5048 (48/72 - 10 gig
ports, or (6) 40 gig ports), which replaced lots of my older Cisco ME3600
boxes (only two 10 gig ports).  I run MPLS L3VPN for my ISP customers.
Interestingly Juniper will automatically redistribute static routes and
connected networks into MPLS L3VPN.  Cisco requires a redistribute command.
Cisco is able to combine multiple vlan tags from same physical port into the
same bridge-domain I haven't found a way to accomplish this in Juniper
ACX5048, but I understand this is doable in Juniper MX platform.

I'm also liking what I'm seeing with my dual node CGNat boundary of Juniper
MX104's.  During testing, the MS-MIC-16G CGNat capability of Juniper seemed
nicer than the VSM-500 ASR9000 option.  There was a /27 public scope
limitation on Cisco.  Not so on Juniperyou can add public-pool /32's if
you so desire.  Also, changing public pool crashed Cisco.  Also, showing nat
translations and viewing the outside public addresses of internet hosts
wasn't nice in IOS XR you had to hunt and ask for specifics Junos
shows it easily.

In planning/discussing upgrading our existing ASR9000 ring to 100 gig, we
found that we needed to upgrade to higher CPU... I think RSP440.  But I
recall that a short life on the RSP440 meant that we were being guided to go
with the RSP880... but I think the RSP880 would cause all my trident
linecards to no longer be useable.  So we figured with that much impact me
might as well look at other vendor options too.  With that said, I'm
planning a (5) node 100 gig "super"core and have been considering both the
Cisco ASR9908 and Juniper MX960.  They both seem like solid options.

I've learned/tested a Juniper feature which is, the nicely contained logical
systems (lsys) feature of turning up pretty isolated and separate router
functions.  I understand this capability is only available on Cisco GSR/CRS
sized platforms but Juniper has it on many of its boxestesting it on
MX104 now.

- Aaron

___
cisco-nsp mailing list  cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/

Re: [c-nsp] NCS4200 - re-badged ASR920 / ASR900 ?

2017-04-25 Thread Aaron Gould

NCS code ?

Going off what I know of the NCS5x00 it runs IOS XR 6.x

So I guess that would be different from the 920 since I recall it ran XE

-Aaron


___
cisco-nsp mailing list  cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/

Re: [c-nsp] NCS4200 - re-badged ASR920 / ASR900 ?

2017-04-25 Thread Aaron Gould

Maybe it's to generate more sales... 

Like the reese's peanut butter cup was good, but wait til you try the
reese's peanut butter egg.  ... LOL

-Aaron


___
cisco-nsp mailing list  cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/

Re: [c-nsp] NCS4200 - re-badged ASR920 / ASR900 ?

2017-04-25 Thread Aaron Gould

Perhaps similar to what juniper does with the following...

juniper acx5048
https://www.juniper.net/techpubs/en_US/release-independent/junos/information
-products/pathway-pages/acx-series/acx5000/ 

juniper qfx5100
https://www.juniper.net/techpubs/en_US/release-independent/junos/information
-products/pathway-pages/hardware/qfx-series/qfx5100.html

-Aaron


___
cisco-nsp mailing list  cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/

Re: [c-nsp] Broadband Aggregation/Termination

2017-04-20 Thread Aaron Gould

Thanks Andrew, yes we have logs (dhcp/cgnat) for subpoena/law enforcement stuff.

We use hsrp for first hop redundancyand I think v6 RA's have first-hop 
redundancy built-in... however for faster failover times, I may opt for 
v6-hsrp... we'll see..

- Aaron


___
cisco-nsp mailing list  cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/

1 2 >

1 - 100 of 107 matches

Mail list logo