Re: [c-nsp] ASR9902 experiences?
So far there is one feature that is missing but it is the same to all IOS XRs. No AUTO-RP in a VRF. On Thu, Feb 24, 2022 at 5:13 PM Gert Doering wrote: > Hi, > > On Thu, Feb 24, 2022 at 05:50:39PM +0200, Hank Nussbacher wrote: > > We ordered 2x 9906s last month w/ delivery in August. > > Will let you know how that turns out. > > Not sure the 9902/9903 are actually comparable to 9906... 2RU/3RU > "mostly fixed" chassis with special-cased RPs vs. regular modular > ASR990x chassis. > > (Also, I do not think the 9906 falls under the new license regime, > where you need to buy one license per 100G throughput, per feature > that you want to use) > > gert > > -- > "If was one thing all people took for granted, was conviction that if you > feed honest figures into a computer, honest figures come out. Never > doubted > it myself till I met a computer with a sense of humor." > Robert A. Heinlein, The Moon is a Harsh > Mistress > > Gert Doering - Munich, Germany > g...@greenie.muc.de > ___ > cisco-nsp mailing list cisco-nsp@puck.nether.net > https://puck.nether.net/mailman/listinfo/cisco-nsp > archive at http://puck.nether.net/pipermail/cisco-nsp/ > -- *Med Vänliga Hälsningar / Best Regards* *Mattias Gyllenvarg* ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] [External Email] Re: big uptime - what you got ?
SE-LIN-UTSIKT-DR01 uptime is 9 years, 29 weeks, 4 days, 8 hours, 28 minutes Was a c3560 routing internet taken down 3 years ago, so only one PSU and was internet facing the whole time. On Mon, Feb 10, 2020 at 10:03 PM Alex D. wrote: > Am 10.02.2020 20:34, schrieb Aaron Gould: > > You gotta tell me for reals if you still have cells going through that > > box ? > > Of course, but i'm not really proud of it... > We still have some legacy ATM-based DSLAMs which at last will be > migrated in the near future. > > atm-03#sh atm vp traffic | exclude _0_ > > Interface VPI Type rx-cell-cntstx-cell-cnts > ATM0/0/0 155 PVP 1617074216170742 > ATM0/0/1 56PVP 3821416440 1616175059 > ATM0/0/3 55PVP 2284738845 3258701319 > ATM0/0/3 67PVP 1485515268 3223706467 > ATM0/1/0 60PVP 4275386120 2464155772 > ATM0/1/0 160 PVP 2959974087 1832732006 > ATM1/0/0 57PVP242123401 1760822153 > ATM1/0/0 58PVP785803508 3195153964 > ATM1/0/0 59PVP480804395 802898023 > ATM1/0/0 64PVP 3718629757 1127881370 > ATM1/0/0 68PVP130085993 130046761 > ATM1/0/0 82PVP 1573546560 1474080793 > ATM1/0/1 56PVP 1616175059 3821416440 > ATM1/0/1 57PVP 1760822153 236202714 > ATM1/0/1 58PVP 3195153964 740660575 > ATM1/0/1 59PVP802898023 480765701 > ATM1/0/1 64PVP 1127884215 3718547821 > ATM1/0/1 66PVP 156172 1150227936 > ATM1/0/1 68PVP130046761 130080344 > ATM1/0/1 82PVP 1474080793 1573546221 > ATM1/0/3 60PVP 2464150498 4275391370 > ATM1/0/3 160 PVP 1832731988 2959974105 > ATM1/1/0 67PVP 3223706538 1485515594 > ATM1/1/1 66PVP 1150227974 1562000721 > ATM3/1/3 55PVP 3258701461 2284739876 > ATM3/1/3 155 PVP 1617074216170742 > > > Regards, > Alex > ___ > cisco-nsp mailing list cisco-nsp@puck.nether.net > https://puck.nether.net/mailman/listinfo/cisco-nsp > archive at http://puck.nether.net/pipermail/cisco-nsp/ > -- *Med Vänliga Hälsningar / Best Regards* *Mattias Gyllenvarg* ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] mVPN mroute flags
So, this is a feature and not an error flag, that indicates that superfluous PIM messages are not sent. tis 29 maj 2018 kl 14:36 skrev : > > Mattias Gyllenvarg > > Sent: Tuesday, May 29, 2018 1:05 PM > > > > Dear All > > > > Does anyone know the function of the "n - BGP C-Mroute suppressed " flag > > as seen below? > > > > IP Multicast Routing Table > > Flags: D - Dense, S - Sparse, B - Bidir Group, s - SSM Group, C - > Connected, > >L - Local, P - Pruned, R - RP-bit set, F - Register flag, > >T - SPT-bit set, J - Join SPT, M - MSDP created entry, E - > Extranet, > >X - Proxy Join Timer Running, A - Candidate for MSDP > Advertisement, > >U - URD, I - Received Source Specific Host Report, > >Z - Multicast Tunnel, z - MDT-data group sender, > >Y - Joined MDT-data group, y - Sending to MDT-data group, > >G - Received BGP C-Mroute, g - Sent BGP C-Mroute, > >N - Received BGP Shared-Tree Prune, n - BGP C-Mroute suppressed, > >Q - Received BGP S-A Route, q - Sent BGP S-A Route, > >V - RD & Vector, v - Vector, p - PIM Joins on route, > >x - VxLAN group > > > > > > (Cust-SOURCE, Cust-MROUTE), 00:00:04/00:02:55, flags: Tn <- > > Incoming interface: Lspvif22, RPF nbr , Mbgp > > Outgoing interface list: > > BDI-CUST, Forward/Sparse, 00:00:04/00:03:25 > > > > > Well with BGP c-mcast you're basically translating the customer PIM > messages > received from attached CE into a BGP routes on PEs -so that you don't need > to run c-PIM full mesh between all PEs participating in a given mVPN (and > for each mVPN) -which is simply not practical. > And same as PIM messages can be supressed in various scenarios (PIM Join > suppression/PIM register suppression) -the resulting BGP updates (PIM msgs > translated into BGP routes) can be suppressed too, to reduce the > unnecessary > messaging churn. > > adam > > netconsultings.com > ::carrier-class solutions for the telecommunications industry:: > > > -- Mvh Mattias Gyllenvarg ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
[c-nsp] mVPN mroute flags
Dear All Does anyone know the function of the "n - BGP C-Mroute suppressed " flag as seen below? IP Multicast Routing Table Flags: D - Dense, S - Sparse, B - Bidir Group, s - SSM Group, C - Connected, L - Local, P - Pruned, R - RP-bit set, F - Register flag, T - SPT-bit set, J - Join SPT, M - MSDP created entry, E - Extranet, X - Proxy Join Timer Running, A - Candidate for MSDP Advertisement, U - URD, I - Received Source Specific Host Report, Z - Multicast Tunnel, z - MDT-data group sender, Y - Joined MDT-data group, y - Sending to MDT-data group, G - Received BGP C-Mroute, g - Sent BGP C-Mroute, N - Received BGP Shared-Tree Prune, n - BGP C-Mroute suppressed, Q - Received BGP S-A Route, q - Sent BGP S-A Route, V - RD & Vector, v - Vector, p - PIM Joins on route, x - VxLAN group (Cust-SOURCE, Cust-MROUTE), 00:00:04/00:02:55, flags: Tn <- Incoming interface: Lspvif22, RPF nbr , Mbgp Outgoing interface list: BDI-CUST, Forward/Sparse, 00:00:04/00:03:25 -- Mvh Mattias Gyllenvarg ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] BGP not advertising supernet to RR's
You can test the hits in the route-map with "sh ip bgp route-map G_RANGES" and see if it hits correctly. If the redist statements are new then they will take time to be implemented, 20min I think for a full BGP rerun. If you are in a hurry, remove and re add the route. Do you receive this route via BGP aswell? Perhaps this is not the best route as BGP sees it. tis 26 sep. 2017 kl 08:10 skrev CiscoNSP List <cisconsp_l...@hotmail.com>: > Hi Everyone, > > > Have a problem with supernet being advertised from an ASR1006 to our RR's > - Prefix is in the routing table, and in bgp, but the router is only > advertising smaller prefixes to the RR's (/30,/29, 28 etc)...I > > dont *think* its due to the PL (As it should be allowing anything less > that /32...which it appears to be doing as /30,/29 etc are being > advertised?) > > > Appreciate any assistance. > > > ** Ah - Update, just noticed as I was about to hit send that the supernet > is not being tagged with any community.smaller prefixes are though? So > route-map is tagging "some" prefixes within the > > supernet? > > > router bgp 1***6 > address-family ipv4 > redistribute connected route-map G_RANGES > redistribute static route-map G_RANGES > > > neighbor xxx.xxx.76.204 route-map TO_ME1_RR out > > > route-map TO_ME1_RR permit 10 > match community CL_G_RANGES > route-map TO_ME1_RR permit 20 > match community CL_G_CUST_BGP_RANGES > route-map TO_ME1_RR permit 30 > match community CL_DEFAULT_ROUTE > > > ip community-list standard CL_G_RANGES permit 1***6:1301 > ip community-list standard CL_G_RANGES permit 1***6:1302 > > > route-map G_RANGES permit 10 > match ip address prefix-list PL_G_PREFIXES > set community 1***6:1000 1***6:1301 1***6:11000 > route-map G_RANGES permit 20 > match ip address prefix-list PL_N***S_PREFIXES > set community 1***6:1400 > > > ip prefix-list PL_G_PREFIXES description G _PREFIXES > ip prefix-list PL_G_PREFIXES seq 5 permit xxx.xxx.xxx.xxx.0/20 le 32 > ip prefix-list PL_G_PREFIXES seq 10 permit yyy.yyy.yyy.yyy/21 le 32 > > > > #sh ip prefix-list PL_G_PREFIXES seq 5 >seq 5 permit xxx.xxx.xxx.xxx.0/20 le 32 (hit count: 4833, refcount: 1) > > > #sh ip route xxx.xxx.xxx.xxx.0 255.255.240.0 > Routing entry for xxx.xxx.xxx.xxx.0/20, supernet > Known via "static", distance 1, metric 0 (connected) > Redistributing via bgp 1***6, ospf 100 > Advertised by bgp 1***6 route-map G_RANGES > Routing Descriptor Blocks: > * directly connected, via Null0 > Route metric is 0, traffic share count is 1 > > > #sh ip bgp xxx.xxx.xxx.xxx.0 255.255.240.0 > BGP routing table entry for xxx.xxx.xxx.xxx.0/20, version 311740657 > Paths: (1 available, best #1, table default) > Advertised to update-groups: > 544552555591 > Refresh Epoch 1 > Local > 0.0.0.0 from 0.0.0.0 (xxx.xxx.76.253) > Origin IGP, metric 0, localpref 100, weight 32768, valid, sourced, > local, best > rx pathid: 0, tx pathid: 0x0 > > > #sh ip bgp neighbors xxx.xxx.76.204 advertised-routes > > *> xxx.xxx.xxx.xxx.32/30 0.0.0.0 0 32768 ? > *> xxx.xxx.xxx.xxx.40/30 0.0.0.0 0 32768 ? > *> xxx.xxx.xxx.xxx.72/29 xxx.xxx.xxx.xxx.900 32768 ? > *> xxx.xxx.xxx.xxx.88/30 0.0.0.0 0 32768 ? > *> xxx.xxx.xxx.xxx.100/30 >0.0.0.0 0 32768 ? > Network Next HopMetric LocPrf Weight Path > *> xxx.xxx.xxx.xxx.112/28 >xxx.xxx.78.230 0 32768 ? > *> xxx.xxx.xxx.xxx.136/30 >xxx.xxx.78.230 0 32768 ? > *> xxx.xxx.xxx.xxx.164/30 >xxx.xxx.xxx.xxx.102 0 32768 ? > > > Thanks > > > ___ > cisco-nsp mailing list cisco-nsp@puck.nether.net > https://puck.nether.net/mailman/listinfo/cisco-nsp > archive at http://puck.nether.net/pipermail/cisco-nsp/ > -- Mvh Mattias Gyllenvarg ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] PVLAN Edge on 4500 Sup8E
There is a need to do vlan mapping and regular trunks on the customer interfaces. Was this in Sup8E, we know all other Sups can not do this. ons 5 juli 2017 kl 14:15 skrev Lukas Tribus <luky...@hotmail.com>: > > Does anyone have experience with PVLAN Edge / Switchport Protect on the > > 4500 Sup8E? > > > > Documentation is sparse and there is confusion about the feature as the > box > > is meant to run private vlans. This will not be possible in this case. > > > > We are getting some resistance from a third party that claims this is > not a > > permanent feature in the box. That he can not guarantee will be in future > > releases. > > Last I looked at I came to the same conclusion as your third party; you can > only go full-blown PVLAN on this box, you do not have a "simple" pvlan edge > aka switchport proteceted feature. > > And that is what I did, going full PVLAN. > > What's the reason PVLAN is not possible? > > > > Lukas > -- Mvh Mattias Gyllenvarg ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
[c-nsp] PVLAN Edge on 4500 Sup8E
Dear All Does anyone have experience with PVLAN Edge / Switchport Protect on the 4500 Sup8E? Documentation is sparse and there is confusion about the feature as the box is meant to run private vlans. This will not be possible in this case. We are getting some resistance from a third party that claims this is not a permanent feature in the box. That he can not guarantee will be in future releases. -- Mvh Mattias Gyllenvarg ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] NCS4200 - re-badged ASR920 / ASR900 ?
Perhaps it will take the place of the ME3800X? tis 25 apr. 2017 kl 08:08 skrev Ted Johansson <ted.johans...@tele2.com>: > The ASR900 series will not be replaced by NCS4200, both series will > co-exist. > > Best Regards > Ted > > -Original Message- > From: cisco-nsp [mailto:cisco-nsp-boun...@puck.nether.net] On Behalf Of > CiscoNSP List > Sent: den 25 april 2017 06:05 > To: cisco-nsp@puck.nether.net > Subject: [c-nsp] NCS4200 - re-badged ASR920 / ASR900 ? > > Just noticed these on Cisco's site - They appear to be just re-badged > ASR920/ASR900's? (They even use ASR920 power supplies etc) > > Anyone have any info on them? Is this Cisco discretely releasing a "new" > ASR920/900 that supports Laeba-based chips perhaps, and ASR900/920 will be > "replaced"? > > Cant find much info on them re hardware specsbut only had a quick > google/search on Cisco's Site. > > Links on both - > > ie. NCS4201 = ASR920-24SZ-M > NCS4202 = ASR920-12SZ-IM > > They look identical anyway :) > > > http://www.cisco.com/c/en/us/products/collateral/optical-networking/network-convergence-system-4200-series/datasheet-c78-736910.html > > > http://www.cisco.com/c/en/us/products/collateral/routers/asr-920-series-aggregation-services-router/datasheet-c78-733397.html > > > http://www.cisco.com/c/en/us/td/docs/routers/asr920/hardware/installation/guide-12sz-im/b-asr-920-12-SZ-IM/b-asr-920-crete_chapter_00.html > > > http://www.cisco.com/c/en/us/products/routers/asr-920-series-aggregation-services-router/models-comparison.html > > > http://www.cisco.com/c/en/us/products/collateral/optical-networking/network-convergence-system-4200-series/datasheet-c78-738102.html > > > http://www.cisco.com/c/en/us/products/collateral/routers/asr-903-series-aggregation-services-routers/datasheet-c78-738339.html > > > Cheers > > ___ > cisco-nsp mailing list cisco-nsp@puck.nether.net > https://puck.nether.net/mailman/listinfo/cisco-nsp > archive at http://puck.nether.net/pipermail/cisco-nsp/ > > IMPORTANT NOTICE > The content of this e-mail is intended for the addressee(s) only and may > contain information that is confidential and/or otherwise protected from > disclosure. If you are not the intended recipient, please note that any > copying, distribution or any other use or dissemination of the information > contained in this e-mail (and its attachments) is strictly prohibited. If > you have received this e-mail in error, kindly notify the sender > immediately by replying to this e-mail and delete the e-mail and any copies > thereof. > > Tele2 AB (publ) and its subsidiaries (“Tele2 Group”) accepts no > responsibility for the consequences of any viruses, corruption or other > interference transmitted by e-mail. > ___ > cisco-nsp mailing list cisco-nsp@puck.nether.net > https://puck.nether.net/mailman/listinfo/cisco-nsp > archive at http://puck.nether.net/pipermail/cisco-nsp/ -- Mvh Mattias Gyllenvarg ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
[c-nsp] Ode to the old days
Dear All 10year 4weeks 6days and about 11hours ago I was working for my first ISP (ispA). On that day I put a 3560-24TS into production as a device to terminate to a Metronet running OSPF/BGP och public IP space. A few years later I started consulting for ispB who later split into and became ispC for whom I worked for several years. After this I ventured into a smaller ISP (ispD) that was acquiring ispA. During that time that 3560 has been working without issue or power interruptions. Today, that it was replaced to add MPLS capabilities to the node boasting an up-time of 10 years 4 weeks 6 days and 11 hours. I fear I will never beat this record in my career. To the old gear! ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] BGP with MPLS
Well L2 is hard and ugly, L3 is fine. :p ons 5 okt. 2016 kl 14:35 skrev Mattias Gyllenvarg <matt...@gyllenvarg.se>: > L3 redundancy is hard and ugly without MPLS. L3 is fine without. > > tis 4 okt. 2016 kl 21:59 skrev Maile Halatuituia <maile.halatuit...@tcc.to > >: > > Mattias > > Thanks for your reply now i have more clear of what it is i am trying to > do on my lab. What i need is to be able to setup the network now that in > the future it would support L3 MPLS VPN, and L2 VPN. > > Moreover i have this two L3 switch which i confirm do not support MPLS > commands , with several L2 ones which i want to setup that it is Redundan > as well. If one PE goes down every thing will still be working > > I hope i am not add confusion to my question. > > Cheers. > > Maile. > -- > *From:* Mattias Gyllenvarg <matt...@gyllenvarg.se> > *Sent:* Wednesday, October 5, 2016 3:04 AM > *To:* Maile Halatuituia > > *Subject:* Re: [c-nsp] BGP with MPLS > You do not need MPLS to carry the traffic. > > But you will offcourse loose all the features MPLS adds to regular > data-link capabilites. > > tis 4 okt. 2016 kl 05:00 skrev Maile Halatuituia <maile.halatuit...@tcc.to > >: > > Hi > > Can i do BGP without MPLS between my two PE routers. > > My question is to my understabd that BGP carry the means of reachability > between the two PE but it is the mpls actually carry the traffic. Can > someone correct me if i am wrong or suggest any best approach to this. > > The reason is that my PE router does not support MPLS . > > Hope to hear you soon. > > > Confidentiality Notice: This email (including any attachment) is intended > for internal use only. Any unauthorized use, dissemination or copying of > the content is prohibited. If you are not the intended recipient and have > received this e-mail in error, please notify the sender by email and delete > this email and any attachment. > ___ > cisco-nsp mailing list cisco-nsp@puck.nether.net > https://puck.nether.net/mailman/listinfo/cisco-nsp > archive at http://puck.nether.net/pipermail/cisco-nsp/ > > Confidentiality Notice: This email (including any attachment) is intended > for internal use only. Any unauthorized use, dissemination or copying of > the content is prohibited. If you are not the intended recipient and have > received this e-mail in error, please notify the sender by email and delete > this email and any attachment. > Confidentiality Notice: This email (including any attachment) is intended > for internal use only. Any unauthorized use, dissemination or copying of > the content is prohibited. If you are not the intended recipient and have > received this e-mail in error, please notify the sender by email and delete > this email and any attachment. > > ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] BGP with MPLS
L3 redundancy is hard and ugly without MPLS. L3 is fine without. tis 4 okt. 2016 kl 21:59 skrev Maile Halatuituia <maile.halatuit...@tcc.to>: > Mattias > > Thanks for your reply now i have more clear of what it is i am trying to > do on my lab. What i need is to be able to setup the network now that in > the future it would support L3 MPLS VPN, and L2 VPN. > > Moreover i have this two L3 switch which i confirm do not support MPLS > commands , with several L2 ones which i want to setup that it is Redundan > as well. If one PE goes down every thing will still be working > > I hope i am not add confusion to my question. > > Cheers. > > Maile. > -- > *From:* Mattias Gyllenvarg <matt...@gyllenvarg.se> > *Sent:* Wednesday, October 5, 2016 3:04 AM > *To:* Maile Halatuituia > > *Subject:* Re: [c-nsp] BGP with MPLS > You do not need MPLS to carry the traffic. > > But you will offcourse loose all the features MPLS adds to regular > data-link capabilites. > > tis 4 okt. 2016 kl 05:00 skrev Maile Halatuituia <maile.halatuit...@tcc.to > >: > > Hi > > Can i do BGP without MPLS between my two PE routers. > > My question is to my understabd that BGP carry the means of reachability > between the two PE but it is the mpls actually carry the traffic. Can > someone correct me if i am wrong or suggest any best approach to this. > > The reason is that my PE router does not support MPLS . > > Hope to hear you soon. > > > Confidentiality Notice: This email (including any attachment) is intended > for internal use only. Any unauthorized use, dissemination or copying of > the content is prohibited. If you are not the intended recipient and have > received this e-mail in error, please notify the sender by email and delete > this email and any attachment. > ___ > cisco-nsp mailing list cisco-nsp@puck.nether.net > https://puck.nether.net/mailman/listinfo/cisco-nsp > archive at http://puck.nether.net/pipermail/cisco-nsp/ > > Confidentiality Notice: This email (including any attachment) is intended > for internal use only. Any unauthorized use, dissemination or copying of > the content is prohibited. If you are not the intended recipient and have > received this e-mail in error, please notify the sender by email and delete > this email and any attachment. > Confidentiality Notice: This email (including any attachment) is intended > for internal use only. Any unauthorized use, dissemination or copying of > the content is prohibited. If you are not the intended recipient and have > received this e-mail in error, please notify the sender by email and delete > this email and any attachment. > ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] ASR-901 EoMPLS qinq
We have moved to 920-4 for these situations. 901 has been a let down. tis 5 juli 2016 kl 17:48 skrev Divo Zito: > Hello, > > I need to transport some double-tagged customers from SiteA to SiteB > through a GbE link and to rewrite S-VLANs so that those I use on the > aggregation-side interface are different from those I receive on the > customer facing port. > > customers aggregation > (S-VLAN, C-VLAN) (S-VLAN, C-VLAN) > > (10,100-199)\/(20,100-199) > (11,100-199) -- [ A901-siteA ] [ A901-siteB ] -- (21,100-199) > (12,100-199)/\(22,100-199) > > I was considering to use ASR-901s with EVC xconnect, something similar > to the following config... > > Site-A: > > interface GigabitEthernet0/1 > description Customer facing port > service instance 10 ethernet > encapsulation dot1q 10 > rewrite ingress tag pop 1 symmetric > xconnect 10.0.0.1 1 encapsulation mpls > service instance 11 ethernet > encapsulation dot1q 11 > rewrite ingress tag pop 1 symmetric > xconnect 10.0.0.1 2 encapsulation mpls > ... > > Site-B: > > interface GigabitEthernet0/1 > description Aggregation facing port > service instance 10 ethernet > encapsulation dot1q 20 > rewrite ingress tag pop 1 symmetric > xconnect 10.0.0.2 1 encapsulation mpls > service instance 11 ethernet > encapsulation dot1q 21 > rewrite ingress tag pop 1 symmetric > xconnect 10.0.0.2 2 encapsulation mpls > ... > > ... but on the "Configuring EoMPLS" guide [1] I found this: > > Restrictions for EoMPLS > - EoMPLS xconnect port with double-tagged encapsulation is not supported > > Now I'm wondering whether my idea is really feasible with ASR-901 or not. > If it's not, any hint on which low budget platform can I use? ASR-920? > > 1] > > http://www.cisco.com/c/en/us/td/docs/wireless/asr_901/Configuration/Guide/b_asr901-scg/b_asr901-scg_chapter_010100.html > ___ > cisco-nsp mailing list cisco-nsp@puck.nether.net > https://puck.nether.net/mailman/listinfo/cisco-nsp > archive at http://puck.nether.net/pipermail/cisco-nsp/ > ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] Etherchannel load-balacing change on live network
I have done this many times with no noticeable effect. At least on modern IOS versions. There was a bug that caused all traffic to go over one interface which required a reload to fix, but that was ages ago. ons 6 juli 2016 kl 23:14 skrev Satish Patel: > We have C3750 running src-mac etherchannel load-balancing, I want to > change that to src-dst-ip base because its now routed switch (L3). > > Does it impact or affect any current traffic in order to change > load-balancing? I believe its hardware base logic so doesn't impact on > current traffic. > > In google i came across with this post > > https://supportforums.cisco.com/discussion/10264116/3750-etherchannel-load-balance-algorythm-changed-and-loss-connectivity > > what do you suggest anyone has any experience? > ___ > cisco-nsp mailing list cisco-nsp@puck.nether.net > https://puck.nether.net/mailman/listinfo/cisco-nsp > archive at http://puck.nether.net/pipermail/cisco-nsp/ > ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] mVPN Rosen - S,G is not refreshed but *,G is
Puzzling indeed, they are also the same channels after reload and even IOS upgrade. tors 26 maj 2016 kl 10:13 skrev Adam Vitkovsky <adam.vitkov...@gamma.co.uk>: > > Mattias Gyllenvarg [mailto:matt...@gyllenvarg.se] > > Sent: Wednesday, May 25, 2016 1:20 PM > > > > Adam, > > > > Thank you for replying. > > > > There is no Data MDT at this point. Correct me if I am wrong but i > gather that > > it is not necessary so we are working on having basic functionality > right now. > > > I see, yes the Data MDTs are not necessary. > Ok so you can start by debugging the PIM in the VRF to see why the (S,G) > is not being refreshed by the designated forwarder. > What is puzzling though is that you have problems only with some streams. > > adam > > > > Adam Vitkovsky > IP Engineer > > T: 0333 006 5936 > E: adam.vitkov...@gamma.co.uk > W: www.gamma.co.uk > > This is an email from Gamma Telecom Ltd, trading as “Gamma”. The contents > of this email are confidential to the ordinary user of the email address to > which it was addressed. This email is not intended to create any legal > relationship. No one else may place any reliance upon it, or copy or > forward all or any of it in any form (unless otherwise notified). If you > receive this email in error, please accept our apologies, we would be > obliged if you would telephone our postmaster on +44 (0) 808 178 9652 or > email postmas...@gamma.co.uk > > Gamma Telecom Limited, a company incorporated in England and Wales, with > limited liability, with registered number 04340834, and whose registered > office is at 5 Fleet Place London EC4M 7RD and whose principal place of > business is at Kings House, Kings Road West, Newbury, Berkshire, RG14 5BY. > > > ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] mVPN Rosen - S,G is not refreshed but *,G is
Adam, Thank you for replying. There is no Data MDT at this point. Correct me if I am wrong but i gather that it is not necessary so we are working on having basic functionality right now. ons 25 maj 2016 kl 13:45 skrev Adam Vitkovsky <adam.vitkov...@gamma.co.uk>: > > Mattias Gyllenvarg > > Sent: Tuesday, May 24, 2016 2:52 PM > > > > Dear All > > > > Any input is greatly appreciated! > > > > I have two PE ME3600X where one is RP (North) and one is has the customer > > link (South). > > > > North receives a set of TV streams that work perfect locally. But over > the > > tunnel interface down to South SOME mroutes on North are not refreshed > > properly. > > The *,G is refreshed every minute or so but the S,G is not so it > times-out and > > is recreated 3min later. > > > > Source [NORTH] --- --- [South] --- pim --- [vanilla 6500] - > > Users > > > > From North: > > > > sh ip mroute vrf Foo-Barf > > > > (*, M.C.S.T), 02:00:47/00:03:10, RP , flags: S > > Incoming interface: Null, RPF nbr 0.0.0.0 > > Outgoing interface list: > > Vlan3713, Forward/Sparse, 02:00:47/00:02:47 > > Tunnel2, Forward/Sparse, 00:47:09/00:03:10 > > > > (U.C.S.T, M.C.S.T), 02:00:36/00:10:53, flags: MT > > Incoming interface: Vlan1112, RPF nbr , Mroute > > Outgoing interface list: > > Vlan3713, Forward/Sparse, 02:00:36/00:02:47 > > Tunnel2, Forward/Sparse, 00:02:19/00:01:12 > > > > > > > > > > Both boxes are running 15.3-3.S3 and are freshly rebooted. > > > > I have not found any bug to match the behavior. > > > Hmmm, since the (*,G) state is being refreshed the IGMP membership report > to PIM Join translation should be fine I think. > -is the south router the only one on the subnet to customer (is it the > designated forwarder for all groups)? > -but you can test with static IGMP join on the interface towards the > receiver, if it helps > > Ok so let's assume the PIM Join is generated just fine and hits the RP, > then RP forwards the join up the tree towards source. > Source will start sending the stream down via shared tree so receivers on > south will receive it. > All this happens via the Default MDT that both routers are part of. > > At this point though the m-cast stream triggers the max kbps threshold for > Default MDT on the north router. > So the north router should signal to south router which Data MDT it should > join to keep receiving this stream. > So in global routing table the south router will join Data MDT m-cast > group (as designated by north router in BGP update) with source on north > router. > -not sure how you have the Data MDT config done (if just one MDT is > allowed or if other north to south streams sharing a common Default/Data > MDT with the failed stream are fine, then it's probably not a problem with > MDTs). > -there might be some problems with Data MDTs. > -maybe reaching max number and tunnel reuse is not working > properly. > -maybe reaching HW limits of the box with regards to Data MDT > states or any of the HW limits associated with multicast states. > > While this switchover from Default to Data MDT is happening or even before > it happens the designated forwarder (north router) will get the first > packet and learns the source of the m-cast stream. > At that moment it will join the source tree sending PIM join towards the > source (not RP) creating (S,G) states along the path. > This though happens in the VRF mcast RIB/FIB. > So depending on which state the MDT trees are in, the (S,G) on south > router might point to Default or Data MDT tunnel (which hopefully is in the > same VRF as receiver and you're not doing extranet with tail-end > replication). > On north router the resulting (S,G) state should point to the interface > where source is connected to. (which hopefully is in the same VRF as > receiver and you're not doing extranet with head-end replication). > - So I assume on south router the (S,G) states are being refreshed > correctly by local receivers right? > - And it's just the north router that doesn't seem to be getting the PIM > (S,G) joins? > - You can debug the S,G joins to see if south router is sending them via > MDT tunnel to north router. > - And on north router you can verify whether the (S,G) Joins are actually > received and if yes whether they are accepted. > > As you can see there might be two things happening at the same time north > PE initiating switchover from Default to Data MDT in global routing table > and south PE (as designated forwarder) switching from share
[c-nsp] mVPN Rosen - S,G is not refreshed but *,G is
Dear All Any input is greatly appreciated! I have two PE ME3600X where one is RP (North) and one is has the customer link (South). North receives a set of TV streams that work perfect locally. But over the tunnel interface down to South SOME mroutes on North are not refreshed properly. The *,G is refreshed every minute or so but the S,G is not so it times-out and is recreated 3min later. Source [NORTH] --- --- [South] --- pim --- [vanilla 6500] - Users >From North: sh ip mroute vrf Foo-Barf (*, M.C.S.T), 02:00:47/00:03:10, RP , flags: S Incoming interface: Null, RPF nbr 0.0.0.0 Outgoing interface list: Vlan3713, Forward/Sparse, 02:00:47/00:02:47 Tunnel2, Forward/Sparse, 00:47:09/00:03:10 (U.C.S.T, M.C.S.T), 02:00:36/00:10:53, flags: MT Incoming interface: Vlan1112, RPF nbr , Mroute Outgoing interface list: Vlan3713, Forward/Sparse, 02:00:36/00:02:47 Tunnel2, Forward/Sparse, 00:02:19/00:01:12 Both boxes are running 15.3-3.S3 and are freshly rebooted. I have not found any bug to match the behavior. ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] what the heck is "ip forward-protocol nd" good for
Yeah, This was discussed some time ago when they where planning on IOS 15 and checked what we wanted here on the list. I asked for a global "modern standards/defaults" but no go. Or legacy-default-off. Nothing fancy, just like the above. No proxy-arp etc etc, stuff left behind the last millenia. ons 6 apr. 2016 kl 18:51 skrev Saku Ytti: > On 6 April 2016 at 19:16, Sebastian Beutel > wrote: > > Hey, > > > So i asked wisdom of the search engines and found out, that there > once > > was a protocol with the name "sun-nd" and the ip protocol number 77, > used in > > suns diskless sun 2 stations. The line "ip forward-protocol nd" seems to > be > > the equivalent for sun-nd what ip-helper is for dhcp. Could this be? A > > workaround for a 30 year old proprietary legacy protocol is in the > default > > configuration of a modern router? This is what i found: > > Helper is for any number of protocols iterated by 'ip > forward-protocol'. Usually as you say DHCP (BOOTP). > > Cisco (and other vendors) are in difficult position when it comes to > default settings. You ship with some config, and no matter how crazy > they are, changing them will break something from someone. > > I think one solution to this would be to support multiple > standard/default settings, and your config would have line about which > standard you are using. If there is nothing, it's using the latest > available in that image. This way people could choose when they adopt > more modern standards and as vendors and customers learn how things > should be configured, it would be lower barrier to introduce new > standard. > Basically this standard release would be just be config over which > user config is merged on, likely very simple concept for ios-xr, > junos, but perhaps not so simple for classic ios. > -- > ++ytti > ___ > cisco-nsp mailing list cisco-nsp@puck.nether.net > https://puck.nether.net/mailman/listinfo/cisco-nsp > archive at http://puck.nether.net/pipermail/cisco-nsp/ > ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] ME3800X/ME3600X/ME3600X-24CX/ASR903/ASR901 Deployment Simplification Feedback
Even not considering vendor-lock you will have less options from said supplier if you expect to use this as a universal solution. The ASR920 series has many variants, I am capitalizing on this for our topology. There will always, I find, be the Odd ball requirement that makes these kind of things impossible. Staying flexible is always a good approach. tis 17 nov. 2015 kl 12:06 skrev Mark Tinka: > > > On 17/Nov/15 13:00, Tom Marcoen wrote: > > > Mark > > > > That is a valid point but the company I work for already only uses Cisco > for its routing/switching devices. So it's also a non-issue. > > Fair enough, then. > > The other point, for me, is making sure easy ring topologies you would > build on the ME3600X/ASR920 using IP/MPLS can be replicated using > satellites. There will be a temptation not to build satellites as > point-to-point, but rather, as rings, and you don't want to find > yourself caught out. > > Make sure you test and verify your ultimate Access topology before you > buy, as satellites do not typically run IP/MPLS. > > Mark. > ___ > cisco-nsp mailing list cisco-nsp@puck.nether.net > https://puck.nether.net/mailman/listinfo/cisco-nsp > archive at http://puck.nether.net/pipermail/cisco-nsp/ > ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] dai / dhcp snooping bug
Mike I recently solved an issue a client had with a very similar setup and the same symptoms. They had a very complex PBR setup and the unicasts in the renew process got misplaced . tis 11 aug. 2015 kl 00:40 skrev Mike mike-cisconspl...@tiedyenetworks.com: On 08/10/2015 12:37 PM, Gert Doering wrote: Hi, On Mon, Aug 10, 2015 at 06:31:16AM -0700, Mike wrote: I've loaded SE7 and - suprise - same problem, so it's not fixed. I have a directly connected device I can cause to refresh it's dhcp lease, and sure enough, a refresh doesn't do it, but a reboot of that device which casues a new round of dhcp discovery, does in fact work. A packet capture seems to confirm the unicast case failing - a client with an existing lease renewing will use unicast to the dhcp server, whereas a client starting up will use broadcast to find servers, and both the 'discover' and 'request' phases in that case are broadcast destination. That was painful. Wild idea... put an ACL into place that will block the unicast renewal? gert I had that idea too. Another idea was to see if there might be some way to work with it... My dhcp model is one where the server is directly connected to the vlans being served, but I recently made changes in the direction of going to a full-on dhcp relay model instead where all switches are doing that instead. The open question then is, does it work correctly if the switch is acting as a dhcp relay? I unfortunately don't have the equipment on standby to set up a lab and test this out (story of my life), but if it worked then my problem would mostly be solved. Another idea would be to see if I could configure the dhcp server to just ignore unicast requests (easier than putting ACL's on the the switches). Mike- ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/ ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] ASR920 Microbursts
From what I have understood it is a 12MB global buffer pool. On 4 Aug 2015 4:47 pm, Jordi Magrané Roig jordimagr...@hotmail.com wrote: Dear Colleagues, Recently I have installed one ASR920 and I have configured on 1G interface one service instance with an outbound policy-map shaping to 30 Mbps. The problem is that I noticed that the ASR920 has the same microburst issue than the ME3600. I have tried to adjust the queue-limit in order to avoid drops but then the latency increments. I have configured: policy-map POLICY_CUSTOMER_EGRESS_30Mbps class class-default shape average 3000 I have tried also with different classes of service but the issue still persist. I would like to know the recommendation about the queue-limit size, the relation with the values of burst committed and then what should be the recommended configuration of shaping, recommendations about fine tunning the shaping. I have noticed that there Cisco platforms that shape better, for example the ASR9001 or 7600 with ES+ shape better than ASR1000 with SPA-5X1GE-V2 or ME3600. Another problem is that I didn’t find enough information about QoS on ASR920 platform. Somebody knows the default queue size of 1G port? How the packet buffer works? Is it like ME3600 (shared queue buffer per ASIC)? Thanks! ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/ ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] ASR902 vs ME3800X
I will not claim to be a expert on this platform. But, from the CCW it looks like some cards can only be placed in slot 1-3 and others in 4-6. So port density gets harder to calculate. Also, older cards are not compatible with the new RSP. At least they can not be ordered in chassis this way. It seems a little early for this platform to be deeming things incompatible. On Thu, Apr 23, 2015 at 3:49 PM, Adam Vitkovsky adam.vitkov...@gamma.co.uk wrote: Mattias Gyllenvarg Sent: 23 April 2015 08:56 Regarding what replaces the ME3800 Was looking around the Cisco labyrinth and saw that the big RSP for the ASR 903 has 144Mb buffers and relatively interesting possibilities regarding interfaces. Assuming feature parity this would be a nice upgrade. Not to bad price, but some wierd limitation on card positions. Yeah the big RSP looks good, but it exists only for RSP1 which has only 10Gbps per slot. What do you mean by the card position limitations please? adam -- This email has been scanned for email related threats and delivered safely by Mimecast. For more information please visit http://www.mimecast.com -- -- *Med Vänliga Hälsningar / Best Regards* *Mattias Gyllenvarg* ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] ASR902 vs ME3800X
Regarding what replaces the ME3800 Was looking around the Cisco labyrinth and saw that the big RSP for the ASR 903 has 144Mb buffers and relatively interesting possibilities regarding interfaces. Assuming feature parity this would be a nice upgrade. Not to bad price, but some wierd limitation on card positions. On Fri, Mar 27, 2015 at 9:16 PM, CiscoNSP List cisconsp_l...@hotmail.com wrote: I've just resigned to the fact that there are some thing which will never make it to the ME3600X/3800X, for reasons unknown. On the back of the ASR920, I doubt much effort is going to be expended on the ME3600X/3800X any longer. We'd all do well to start deploying ASR920 in the coming few years. Hi Mark - Given Cisco's push(Well recommendation) on the ASR920 vs ME3600...have you heard any rumours on a new ASR900 that will be replacing the ME3800? The buffer space disparity(ASR920 v ME3600) still really confuses me...why would Cisco do this? If they increase the number of supported VPLS/PW/QOS etc instances on the ASR920, and recommend it as a replacement to the ME3600, why would they reduce the buffer on the ASR920(And significantly so)? I really want to get my hands on one and test the buffers out...see if there are drops v's ME3600.. Cheers for all the imput...it's been extremely valuable. ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/ -- *Med Vänliga Hälsningar / Best Regards* *Mattias Gyllenvarg* ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] ASR902 vs ME3800X
Except for the T1/E1 cards the IM model will get you into realm of the oversubscribed, so for us it is a no go. +1 Mark Ts hornyness for clean MPLS 10Ge Metro-E rings. On Tue, Mar 24, 2015 at 11:05 AM, Adam Vitkovsky adam.vitkov...@gamma.co.uk wrote: It would be great if Waris could chime in to shed some light on what are the plans with ME platform. Have you folks quoted the low density models or the high density models (ASR-920-24SZ-M/ASR-920-24SZ-IM) please? As I can see how the low density models can be dirty cheap as they remind me of the ASR901. So the ASR-920-24SZ-M 1RU fixed unit has 24GE and 4x10GE. And the ASR-920-24SZ-IM 1.5RU modular unit has the expansion slot where one can put single xfp card or 2 port xfp/sfp+ card or T1/E1 card. But since the switching capacity of the box is 64Gbps I don't see how the expansion slot would bring me any benefit. Looks like a nice replacement for ME3600X-CX -i.e. reduction to 1RU + 16 more GE ports. Let's just hope folks got the HW programing right this time around. adam -Original Message- From: cisco-nsp [mailto:cisco-nsp-boun...@puck.nether.net] On Behalf Of CiscoNSP List Sent: 24 March 2015 03:54 To: mark.ti...@seacom.mu; cisco-nsp@puck.nether.net Subject: Re: [c-nsp] ASR902 vs ME3800X Ok - This really sparked my interest, as I have some POP's I need to get some ME's forspoke to our Cisco AM, got pricing(No haggling yet) on 3 options ME3600 ME3800 ASR920 ME3600+3800 came back nearly identical pricing...actually ME3800 was cheaper! (With 10Gb ports enabled on ME3600)...so I would go ME3800 every day of the week based of thisbut, the ASR920 was 1/4 of the price of the ME's, and Cisco even recommended I go with them vs the ME's?? Im really not following what Cisco are doing here? Are they not wanting to sell ME's anymore? Based on what I have received so far, it will be ASR920 purchases for certainassuming of course, feature parity, stability etc is the same as the ME3600's we have. Would really like other people thoughts on the ASR920, and why Cisco are now anti-ME (Well they certainly arent making them an attractive option v's the ASR920) ?? Cheers. Subject: Re: [c-nsp] ASR902 vs ME3800X To: cisconsp_l...@hotmail.com; cisco-nsp@puck.nether.net From: mark.ti...@seacom.mu Date: Tue, 24 Mar 2015 00:11:55 +0200 On 23/Mar/15 23:59, CiscoNSP List wrote: Thanks Mark - but Im still confused by this...why would Cisco release an upgrade to the ME3600/ME3800 that is far cheaper? Devils always in the detail, so what is the ASR920 missing vs the ME3800? I'm going to get a few to test, but from what I can initially see, nothing besides software parity. Others who have deployed ASR920's can provide their feedback. Mark. ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/ --- This email has been scanned for email related threats and delivered safely by Mimecast. For more information please visit http://www.mimecast.com --- ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/ -- *Med Vänliga Hälsningar / Best Regards* *Mattias Gyllenvarg* ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] ASR902 vs ME3800X
What are we hoping for / expecting from Cisco here? I would like to see an ASR920 with extendend bufferspace to replace the ME3600X. Mostly because the formfactor is superior. Also, I am missing an 8xTe version of the ASR900. Generally, I am pretty happy about the ASR900 line so far. It lacks software maturity, but that is in the nature of new things. On Tue, Mar 24, 2015 at 9:50 AM, Mark Tinka mark.ti...@seacom.mu wrote: On 24/Mar/15 10:37, Mattias Gyllenvarg wrote: I have no machine in production yet so this is speculation. But the ASR920 has less bufferspace then the ME3600x, this may be handled by design if you utilize the extra Te interfaces in a clever way. Thought it makes it hard to make a case for the ASR920 to replace the ME3800x, Unless cisco invents a license for more bufferspace. I think that the ME3800X will be sneaking into the ASR9000 realm. The ASR920 only replaces the ME3600X, as they are of reasonably similar scale. The ME3800X still scales better than the ASR920, so it's not being replaced by this unit for the time being. Mark. -- *Med Vänliga Hälsningar / Best Regards* *Mattias Gyllenvarg* ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] ASR902 vs ME3800X
I have no machine in production yet so this is speculation. But the ASR920 has less bufferspace then the ME3600x, this may be handled by design if you utilize the extra Te interfaces in a clever way. Thought it makes it hard to make a case for the ASR920 to replace the ME3800x, Unless cisco invents a license for more bufferspace. I think that the ME3800X will be sneaking into the ASR9000 realm. On Tue, Mar 24, 2015 at 9:23 AM, Mark Tinka mark.ti...@seacom.mu wrote: On 24/Mar/15 10:01, Gert Doering wrote: Well, I can only guess, but I wouldn't be surprised if actually *making* the MEs is way more expensive (due to 3rd party chipsets being used) than the ASR920s (Cisco's own new and shiny ASIC)... I could be mis-remembering, but I think the ME3600X/3800X ASIC is an in-house unit (Nile, if memory serves). It was the ME2600X which was based on a Broadcom chipset. Suffice it to say, that box was promptly discontinued and replaced with the ASR920. Mark. ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/ -- *Med Vänliga Hälsningar / Best Regards* *Mattias Gyllenvarg* ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] ASR902 vs ME3800X
I have from my AMs CCIE that the chassie has a 12Mb shared buffer. I am also pleased with the pricing, at least for MPLS purposes. Less pleased with the SEK-USD exchange rate... On Tue, Mar 24, 2015 at 7:01 PM, CiscoNSP List cisconsp_l...@hotmail.com wrote: I got this link back from the folks who quoted the asr920 for me. Looks like Gert was correct - the pay as you grow model is in full effect. I was expecting to have to turn on 10ge ports, but I'm surprised that in many cases you have to grow into your 1ge ports as well. http://www.cisco.com/c/en/us/td/docs/routers/asr920/configuration/guide/csa/b_port_licensing_asr920.html Still, what we've been given for pricing, assuming the pay as you grow doesn't double the cost, is very attractive for customer facing edge gear. The project scope hasn't been defined, and may never be, but assuming we're just looking at l2/l3vpn and non-BGP DIA I'm going to give these serious consideration. Thanks for all of the info folks! Quote I got on the ASR-920-24SZ-M, upgrade license to go from 12 x 1Gb - 24 x 1Gb was negligible (i.e ~15%)...again, no haggling. Someone also mentioned that the ASR920 had smaller buffers than the ME3600anyone got the actual numbers(Or links...Ive googled(Ive also asked our AM)), but can only find references stating deep buffers on the ASR920 http://www.cisco.com/c/en/us/products/collateral/routers/asr-920-series-aggregation-services-router/datasheet-c78-732079.html Cheers ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/ -- *Med Vänliga Hälsningar / Best Regards* *Mattias Gyllenvarg* ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] ASR vs 6807
Disregarding price, the only real issue with the ASR9k platform is the software upgrade procedure. *shudder* On Thu, Nov 27, 2014 at 1:37 PM, R LAS dim0...@hotmail.com wrote: DCs are 40 km away... QFX5100 is the competitor, but on the DC-LAN, not on the DCI Subject: Re: [c-nsp] ASR vs 6807 From: and...@2sheds.de Date: Thu, 27 Nov 2014 22:39:03 +1100 CC: si...@slimey.org; cisco-nsp@puck.nether.net To: dim0...@hotmail.com The 6800 is a l3 switch. The ASR9k is a full blown router. If you need to connect to non Ethernet circuits you will need a router. If you want real qos you will need a router. How far are the DCs apart? Inter dc l2 is never a great idea if it can be avoided. You may also want to look at the qfx51000 Sent from a mobile device On 27 Nov 2014, at 22:05, R LAS dim0...@hotmail.com wrote: Hi Simon can you detail more ASR9k can be more flexible on EoMPLS (VPLS) than 6807 ? Regards Date: Thu, 27 Nov 2014 10:26:55 + From: si...@slimey.org To: dim0...@hotmail.com CC: cisco-nsp@puck.nether.net Subject: Re: [c-nsp] ASR vs 6807 On Thu Nov 27, 2014 at 10:18:41AM +, R LAS wrote: Discussing a new architecture of DCI (Data Center Interconnection), Cisco raccomends both ASR9k and 6807. The architecture requested by the customer forecast MPLS/VPLS supported by DCI. From pricing point of view there is a quite big difference (win 6807), from feature point of view Cisco says the difference is only the number of mac-addresses supported and the sw modularity. Can anybody help in digging more the technical difference ? I'm going through much the same at the moment, and settling on 6807, largely from a price perspective. ASR9k is (today) a more capable box for routing - particularly if you want higher bandwidths. ASR9k has 100G ports today. 6807 only has 40G. ASR9k can be more flexible on EoMPLS (VPLS) than 6807. 6807 has a lot of potential (880G per slot), but it's not supported by either Supervisors or Linecards that are available today (current limit is 80G/slot). Simon ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/ ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/ -- *Med Vänliga Hälsningar / Best Regards* *Mattias Gyllenvarg* ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
[c-nsp] Experience on ASR9k XR 5.1.2
Dear List I would love to hear some feed back on the 5.1.2 Train of IOS XR. This was preloaded in a few boxes (9010) and I am looking for the most stable train without downgrading (fingers crossed). Will be running: MP-BGP VRF OSPF -- *Med Vänliga Hälsningar / Best Regards* *Mattias Gyllenvarg* ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] Experience on ASR9k XR 5.1.2
Thanks for all your input! Machines came with 5.1.2. As I am not in production with these machines I can, if it is better, turbo boot to 4.3.4. Is this the wisest path? //Mattias On Thu, Aug 21, 2014 at 4:15 PM, Aleksandr Gurbo gu...@golas.ru wrote: Hello list, I had negative experience with 5.1.2 especially in cluster configuration. Release 5.1.1 is awful. I had so many bugs on it. Nick, do you have problems on 5.1.1 with telnet access to ip address which is on Loopback interface in vpnv4 table? Also I had problems with MPLS, where remote PE routers have two links to P routers. All of this should be fixed in 5.1.3. They promised :) I wait 5.1.3 release. On Thu, 21 Aug 2014 11:24:19 +0100 Nick Hilliard n...@foobar.org wrote: On 21/08/2014 10:43, Mattias Gyllenvarg wrote: I would love to hear some feed back on the 5.1.2 Train of IOS XR. This was preloaded in a few boxes (9010) and I am looking for the most stable train without downgrading (fingers crossed). Hi Mattias, I've had no problems so far on a relatively small deployment of 5.1.1 with mp-bgp / isis / mpls-pw / l3vpn / v4/v6. Has worked without incident. Nick ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/ -- Aleksandr Gurbo -- *Med Vänliga Hälsningar / Best Regards* *Mattias Gyllenvarg* ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] Cisco ME3x00 Egress Policie - Denied by Cisco/IOS!
It no just that 11 x 10 100 ? Perhaps you could show us the conf? //Mattias On Mon, May 12, 2014 at 3:10 PM, James Bensley jwbens...@gmail.com wrote: Hi All, Has anyone encountered this issue on the ME3600/ME3800s; Cisco 2960 - Layer 2 device terminating Layer 2 connections | | Layer 2 Trunk on 100Mbps port | Cisco ME3800 - Various layer 2 connections trunked up in VLANs for termination on ME3800 We are trying to apply some policers on the ME3800 for multiple 10Mbps circuits being delivered on the 2960 because some of them are on faster bearers. The problem is that when you try to apply a policy on the ME3x00 series and you add in an 11th policer for 10Mbps it throws up an error saying the port is oversubscribed and the config isn't allowed. You can't police 11+ VLANs for example to 10Mbps on a 100Mbps port. These devices are meant to go near/on the access layer where oversubscription lives :) Has anyone encountered this and has anyone overcome it? We have a TAC case open, they are almost definately going to say that's what is supposed to happen. Cheers, James. ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/ -- *Med Vänliga Hälsningar / Best Regards* *Mattias Gyllenvarg* ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] EVC/EFP - Longest match VLAN stack length
Hi I have not verified but the more specific one should be before the general rule. So you should switch them around. interface TenGigabitEthernet0/1 service instance 10 ethernet encapsulation dot1q 10 second-dot1q 555 rewrite ingress tag pop 1 symmetric bridge-domain 10555 service instance 20 ethernet encapsulation dot1q 10 second-dot1q any rewrite ingress tag pop 1 symmetric bridge-domain 1 service instance 30 ethernet encapsulation dot1q 10 rewrite ingress tag pop 1 symmetric bridge-domain 10 In this case, though not tested, a packet tagged 10+555 would be sent too bd10555 and 10+any to bd1 and then 10+non to bd10. //Mattias Gyllenvarg Obduro Network AB On Wed, Dec 11, 2013 at 3:51 PM, Arash Alizadeh aras...@hotmail.se wrote: Hi, I wonder if anyone knows if you in two seperate EFP's could match the same outermost tag where one matches a single-tagged frame and the other one matches it when it's stacked . I.e: interface TenGigabitEthernet0/1 service instance 1 ethernet encapsulation dot1q 10 rewrite ingress tag pop 1 symmetric bridge-domain 10 ! service instance 2 ethernet encapsulation dot1q 10 second-dot1q any rewrite ingress tag pop 1 symmetric bridge-domain 20 ! Unfortunately I'm not able to try this myself and I havn't found anything on the web covering this scenario. Thanks in advance. Arash ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/ -- *Med Vänliga Hälsningar* *Mattias Gyllenvarg* ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] Simultaneous drops - 2 upstream providers
A and B uses A or Bs infrastructure at eighter end of the link? Or a common third party somewhere in the signal path. Den 20 aug 2013 05:23 skrev CiscoNSP List cisconsp_l...@hotmail.com: Thanks Blake - Both links (that drop) are doing minimal traffic (One is only a backup link, so isnt used) - the link that is not affected is doing ~100-150Mb/sec, Carrier A link is doing 5-10Mb/sec and Carrier B virtually zero(As it's a backup link as mentioned)seeing minimal output drops on each port All links are Gb (physical), and carrier rate limits (Carrier A 50M, Carrier B 200M and carrier C 1Gb) From: iki...@gmail.com Date: Mon, 19 Aug 2013 21:51:10 -0500 Subject: Re: [c-nsp] Simultaneous drops - 2 upstream providers To: cisconsp_l...@hotmail.com CC: cisco-nsp@puck.nether.net You don't give too much information here, so its hard to speculate. My guess as to the first thing to check would be out of buffer drops on the 37x, but like I said above, it's only really a wild guess, since you don't specify port layout or link speeds. You can verify by looking at the ASIC stats, as the interface stats can be unreliable for that type of drop. -Blake On Mon, Aug 19, 2013 at 9:11 PM, CiscoNSP List cisconsp_l...@hotmail.com wrote: Hi - bit of a strange one - We have 3 interpop links (3 different carriers) terminating on a 3750X+ASR at one of our POPs, and are seeing intermittent drops on 2 of the links(And ospf loses adjancency) at the same time Carrier A - POPA - POPB - We see drops/ospf adjancency issues once/twice a dayCarrier B - POPA - POPC - We see drops/ospf adjancency issues once/twice a dayCarrier C - POPA - POPB - No issues at all All links terminate on the same 3750, and then are trunked to an ASR1006 for L3 - There are no errors/physical link issues on the 3750, and both carriers also do not see any errors/link drops. It would be improbable that both carriers have issues on there networks at precisely the same time, so it is either our switch(3750), or something weird happening with the x-connects that doesnt cause the links to drop, doesnt cause any errors etc, but causes ospf to lose adjacency (but only for 2 providers, not the third?) Any suggestions/assistance is greatly appreciated ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/ ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/ ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] Temporarily disable all forwarding on ASR9K
This whole protecting/verifying redundant customer functionality is a difficult problem. I have found it difficult to implement mechanisms that detect all possible faults on the main connection without making things very complicated. Mostly for remote areas where there is only one local POP that in itself is not redundant. The worst gotcha I have found is that you test the redundancy (real event or simulated) and you get management and smnp etc etc. But the customer is still down because of some error in forwarding. Like default pointing toward primary link that is broken behind next-hop. So, I just want to say that you should verify traffic patterns on the customer port(s) when testing this. Regrading disabling forwarding, why not shutdown links from the adjacent devices. Recovery time would be linkstate+igp+bgp sync. Not too slow on ASR9k right? //Mattias Gyllenvarg On Thu, Aug 15, 2013 at 4:55 AM, John Neiberger jneiber...@gmail.comwrote: In my case, the best result would be to simulate taking the entire device offline, but I don't know if that's possible to reverse quickly. Taking the interfaces down would be great. Really, the simplest thing to do is just spend a minute to create a SMOP that shuts down the interfaces and be done with it. I'm just curious if there are other interesting ways to accomplish something similar. I wonder if there are some processes that can be killed to take the router offline and then restarted to bring it back online. Even if that were possible, I'm sure it would be a fairly bad idea. lol Another thought was to shutdown the linecards but leave them powered up. I haven't tried it but I wondered if maybe bringing them back up from a shutdown state would be faster than doing it from a fully powered down state. If so, that might be another option. Not even close to as fast as just shutting them down and rolling back, if necessary. That's going to be tough to beat. On Wed, Aug 14, 2013 at 7:43 PM, Pete Lumbis alum...@gmail.com wrote: This raises a good point. Is the goal to simulate a black-hole that could be seen with an incorrect adjacency, where control plane is healthy but data plane is broken, or is the goal to simulate taking this device offline? Do we care about carrier on the interfaces? On Wed, Aug 14, 2013 at 6:19 PM, arulgobinath emmanuel arulg...@gmail.com wrote: null0 doesn't cause the NHRP to trigger IMHO this will be a disaster . shut / no shut is the easiest but it doesn't simulate the whole part. real test comes when the modules crash when reloading specially after couple of years... :) what if we copy a empty config ??? and rollback the config ? i didn't test this anyway . On Wed, Aug 14, 2013 at 10:13 PM, Pete Lumbis alum...@gmail.com wrote: Copy/paste a bunch of null0 routes? deny any acls on interfaces? On Wed, Aug 14, 2013 at 10:54 AM, John Neiberger jneiber...@gmail.com wrote: We need to upgrade some ASR9Ks that have a lot of connected devices with complex interrelationships and we have to do a lot of work to make sure all the correct redundancy is in place prior to the upgrade. Since the router takes so long to reload, I'd like to find a way to essentially simulate the loss of forwarding for a minute or so to verify that our redundancy preparations were thorough, but I need to be able to back out of it quickly. I thought about shutting down the linecards but that's still a fairly long restart. I'm hoping to find some method much faster than that. The simplest and most straightforward way is to shut down all the interfaces manually and then rollback if necessary. We can take it out of routing by setting the overload bit in ISIS, but that still leaves routing and forwarding in place for locally connected interfaces, which is what we want to stop. We were tossing around some ideas and wondered, probably just academically, if there were a way to completely stop forwarding temporarily. Is there a way to disable forwarding through an ASR9K that is easily and quickly reversible? We'll probably do the interface shutdown method since it's so simple, but now I'm curious what other options might be available. ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/ ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/ ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/ -- *Med Vänliga Hälsningar* *Mattias
Re: [c-nsp] why are packets not following the more specific route - xr 4.1.2 (asr9k)
It can't and it won't. This is a nice gotcha for MPLS, we where pulling our hair for a while until we got it in our heads that MPLS packets are not processed at every L3-hop. On Thu, Aug 15, 2013 at 8:16 PM, Aaron dudep...@gmail.com wrote: No label to the blackhole? If LER1 isn't getting the routes how is it going to build the LSP to the blackhole? On Thu, Aug 15, 2013 at 2:05 PM, Aaron aar...@gvtc.com wrote: Yes mpls core. Traceroute on pc- LER1 mpls core-LER2- internet | Blackhole Yes LER1 doesn't not have those /32 blackhole routes it does have the def rt towards internet via LER2. Aaron -Original Message- From: LavoJM [mailto:lav...@secureobscure.com] Sent: Thursday, August 15, 2013 12:41 PM To: 'Aaron' Subject: RE: [c-nsp] why are packets not following the more specific route - xr 4.1.2 (asr9k) Are you running MPLS in the core, and the first LER does not have a FEC for the /32, but it does have one for default/other-internet routes? 3 -Original Message- From: cisco-nsp [mailto:cisco-nsp-boun...@puck.nether.net] On Behalf Of Aaron Sent: Thursday, August 15, 2013 11:57 AM To: cisco-nsp@puck.nether.net Subject: Re: [c-nsp] why are packets not following the more specific route - xr 4.1.2 (asr9k) (x.x.x.x is one of the /32 blackhole routes) Oh and when I do this on that boundary 9k traceroute x.x.x.x vrf xyz source y.y.y.y it appears to NOT follow the default route out to the internet and it seems that it does follow the more specific blackhole route. why would mpls l3vpn located computers deeper into my internal network NOT follow this more specific route as the packets flow across the forwarding plane of this boundary 9k ?? Aaron -Original Message- From: cisco-nsp [mailto:cisco-nsp-boun...@puck.nether.net] On Behalf Of Aaron Sent: Thursday, August 15, 2013 11:49 AM To: cisco-nsp@puck.nether.net Subject: [c-nsp] why are packets not following the more specific route - xr 4.1.2 (asr9k) I have a blackhole security device injecting routes into my internet boundary asr9k.. I see that the bgp prefixes are rcv'd on my 9k and the are installed in the per-vrf rib. The next hop for those routes are via a directly connected interface towards the blackhole.. But for some reason I continue to see on traceroutes from a computer that's deeper into my internal network via mpls l3vpn, that this computer's traceroutes flow right passed that 9k's more specific routes and follows the default route out to the internet. Any idea why ? Aaron ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/ ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/ ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/ ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/ -- *Med Vänliga Hälsningar* *Mattias Gyllenvarg* ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] why are packets not following the more specific route - xr 4.1.2 (asr9k)
I'm 100% on this but. Are they destined for the remote end of the link they might not get processed. But if they are destined for the loopback of LER2 then they should. On Thu, Aug 15, 2013 at 8:24 PM, Aaron aar...@gvtc.com wrote: If ler1 flows everything via 0/0 lsp towards ler2, doesn't ler2 pop all mpls tags prior to routing out towards internet via def rt ?. if so couldn't a more specific routing decision be made at that point towards blackhole /32 routes ? Aaron p.s. Why was vanilla ip forwarding more straightforward and easier than this ? J From: Aaron [mailto:dudep...@gmail.com] Sent: Thursday, August 15, 2013 1:16 PM To: Aaron Cc: LavoJM; cisco-nsp Subject: Re: [c-nsp] why are packets not following the more specific route - xr 4.1.2 (asr9k) No label to the blackhole? If LER1 isn't getting the routes how is it going to build the LSP to the blackhole? On Thu, Aug 15, 2013 at 2:05 PM, Aaron aar...@gvtc.com wrote: Yes mpls core. Traceroute on pc- LER1 mpls core-LER2- internet | Blackhole Yes LER1 doesn't not have those /32 blackhole routes it does have the def rt towards internet via LER2. Aaron -Original Message- From: LavoJM [mailto:lav...@secureobscure.com] Sent: Thursday, August 15, 2013 12:41 PM To: 'Aaron' Subject: RE: [c-nsp] why are packets not following the more specific route - xr 4.1.2 (asr9k) Are you running MPLS in the core, and the first LER does not have a FEC for the /32, but it does have one for default/other-internet routes? 3 -Original Message- From: cisco-nsp [mailto:cisco-nsp-boun...@puck.nether.net] On Behalf Of Aaron Sent: Thursday, August 15, 2013 11:57 AM To: cisco-nsp@puck.nether.net Subject: Re: [c-nsp] why are packets not following the more specific route - xr 4.1.2 (asr9k) (x.x.x.x is one of the /32 blackhole routes) Oh and when I do this on that boundary 9k traceroute x.x.x.x vrf xyz source y.y.y.y it appears to NOT follow the default route out to the internet and it seems that it does follow the more specific blackhole route. why would mpls l3vpn located computers deeper into my internal network NOT follow this more specific route as the packets flow across the forwarding plane of this boundary 9k ?? Aaron -Original Message- From: cisco-nsp [mailto:cisco-nsp-boun...@puck.nether.net] On Behalf Of Aaron Sent: Thursday, August 15, 2013 11:49 AM To: cisco-nsp@puck.nether.net Subject: [c-nsp] why are packets not following the more specific route - xr 4.1.2 (asr9k) I have a blackhole security device injecting routes into my internet boundary asr9k.. I see that the bgp prefixes are rcv'd on my 9k and the are installed in the per-vrf rib. The next hop for those routes are via a directly connected interface towards the blackhole.. But for some reason I continue to see on traceroutes from a computer that's deeper into my internal network via mpls l3vpn, that this computer's traceroutes flow right passed that 9k's more specific routes and follows the default route out to the internet. Any idea why ? Aaron ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/ ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/ ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/ ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/ -- *Med Vänliga Hälsningar* *Mattias Gyllenvarg* ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] why are packets not following the more specific route - xr 4.1.2 (asr9k)
The internet routes are the relevant ones. Do they point too lo0 or remote end? Im sure one of the knights of the round table (Gert, Oliver, Adam etc) could answer about L3 processing at the end point. On Thu, Aug 15, 2013 at 9:35 PM, Aaron aar...@gvtc.com wrote: The next hop of those bh routes is an ip address on the distant end of a layer 2 segment which is connected to that border asr9k ** ** Aaron ** ** *From:* Mattias Gyllenvarg [mailto:matt...@gyllenvarg.se] *Sent:* Thursday, August 15, 2013 2:27 PM *To:* Aaron *Cc:* Aaron; cisco-nsp; LavoJM *Subject:* Re: [c-nsp] why are packets not following the more specific route - xr 4.1.2 (asr9k) ** ** I'm 100% on this but. ** ** Are they destined for the remote end of the link they might not get processed. But if they are destined for the loopback of LER2 then they should. ** ** On Thu, Aug 15, 2013 at 8:24 PM, Aaron aar...@gvtc.com wrote: If ler1 flows everything via 0/0 lsp towards ler2, doesn't ler2 pop all mpls tags prior to routing out towards internet via def rt ?. if so couldn't a more specific routing decision be made at that point towards blackhole /32 routes ? Aaron p.s. Why was vanilla ip forwarding more straightforward and easier than this ? J From: Aaron [mailto:dudep...@gmail.com] Sent: Thursday, August 15, 2013 1:16 PM To: Aaron Cc: LavoJM; cisco-nsp Subject: Re: [c-nsp] why are packets not following the more specific route - xr 4.1.2 (asr9k) No label to the blackhole? If LER1 isn't getting the routes how is it going to build the LSP to the blackhole? On Thu, Aug 15, 2013 at 2:05 PM, Aaron aar...@gvtc.com wrote: Yes mpls core. Traceroute on pc- LER1 mpls core-LER2- internet | Blackhole Yes LER1 doesn't not have those /32 blackhole routes it does have the def rt towards internet via LER2. Aaron -Original Message- From: LavoJM [mailto:lav...@secureobscure.com] Sent: Thursday, August 15, 2013 12:41 PM To: 'Aaron' Subject: RE: [c-nsp] why are packets not following the more specific route - xr 4.1.2 (asr9k) Are you running MPLS in the core, and the first LER does not have a FEC for the /32, but it does have one for default/other-internet routes? 3 -Original Message- From: cisco-nsp [mailto:cisco-nsp-boun...@puck.nether.net] On Behalf Of Aaron Sent: Thursday, August 15, 2013 11:57 AM To: cisco-nsp@puck.nether.net Subject: Re: [c-nsp] why are packets not following the more specific route - xr 4.1.2 (asr9k) (x.x.x.x is one of the /32 blackhole routes) Oh and when I do this on that boundary 9k traceroute x.x.x.x vrf xyz source y.y.y.y it appears to NOT follow the default route out to the internet and it seems that it does follow the more specific blackhole route. why would mpls l3vpn located computers deeper into my internal network NOT follow this more specific route as the packets flow across the forwarding plane of this boundary 9k ?? Aaron -Original Message- From: cisco-nsp [mailto:cisco-nsp-boun...@puck.nether.net] On Behalf Of Aaron Sent: Thursday, August 15, 2013 11:49 AM To: cisco-nsp@puck.nether.net Subject: [c-nsp] why are packets not following the more specific route - xr 4.1.2 (asr9k) I have a blackhole security device injecting routes into my internet boundary asr9k.. I see that the bgp prefixes are rcv'd on my 9k and the are installed in the per-vrf rib. The next hop for those routes are via a directly connected interface towards the blackhole.. But for some reason I continue to see on traceroutes from a computer that's deeper into my internal network via mpls l3vpn, that this computer's traceroutes flow right passed that 9k's more specific routes and follows the default route out to the internet. Any idea why ? Aaron ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/ ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/ ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/ ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/ ** ** -- *Med Vänliga Hälsningar* *Mattias Gyllenvarg* -- *Med Vänliga Hälsningar* *Mattias Gyllenvarg
Re: [c-nsp] why are packets not following the more specific route - xr 4.1.2 (asr9k)
Yeah, then its the next hop of the 0/0 thats relevant. How many routes do you have in ibgp then? Sounds like very few... On Thu, Aug 15, 2013 at 10:25 PM, Aaron aar...@gvtc.com wrote: Internet routes? I have only one…. Yours truly 0/0 ….I learn one route via ebgp from my upstream provider… 0/0 ** ** I learn 1,000+ other routes via ebgp (multiphop serveral hops away) from another neighbor….this is the blackhole appliance injecting bgp routes into my same internet border asr9k….all those bh routes have a next hop of a private ip subnet that this same asr9k is directly connected to…so those routes have next hop of the bh interface of the appliance…. ** ** Aaron ** ** ** ** *From:* Mattias Gyllenvarg [mailto:matt...@gyllenvarg.se] *Sent:* Thursday, August 15, 2013 3:02 PM *To:* Aaron *Cc:* Aaron; cisco-nsp; LavoJM *Subject:* Re: [c-nsp] why are packets not following the more specific route - xr 4.1.2 (asr9k) ** ** The internet routes are the relevant ones. Do they point too lo0 or remote end? ** ** Im sure one of the knights of the round table (Gert, Oliver, Adam etc) could answer about L3 processing at the end point. ** ** On Thu, Aug 15, 2013 at 9:35 PM, Aaron aar...@gvtc.com wrote: The next hop of those bh routes is an ip address on the distant end of a layer 2 segment which is connected to that border asr9k Aaron *From:* Mattias Gyllenvarg [mailto:matt...@gyllenvarg.se] *Sent:* Thursday, August 15, 2013 2:27 PM *To:* Aaron *Cc:* Aaron; cisco-nsp; LavoJM *Subject:* Re: [c-nsp] why are packets not following the more specific route - xr 4.1.2 (asr9k) I'm 100% on this but. Are they destined for the remote end of the link they might not get processed. But if they are destined for the loopback of LER2 then they should. On Thu, Aug 15, 2013 at 8:24 PM, Aaron aar...@gvtc.com wrote: If ler1 flows everything via 0/0 lsp towards ler2, doesn't ler2 pop all mpls tags prior to routing out towards internet via def rt ?. if so couldn't a more specific routing decision be made at that point towards blackhole /32 routes ? Aaron p.s. Why was vanilla ip forwarding more straightforward and easier than this ? J From: Aaron [mailto:dudep...@gmail.com] Sent: Thursday, August 15, 2013 1:16 PM To: Aaron Cc: LavoJM; cisco-nsp Subject: Re: [c-nsp] why are packets not following the more specific route - xr 4.1.2 (asr9k) No label to the blackhole? If LER1 isn't getting the routes how is it going to build the LSP to the blackhole? On Thu, Aug 15, 2013 at 2:05 PM, Aaron aar...@gvtc.com wrote: Yes mpls core. Traceroute on pc- LER1 mpls core-LER2- internet | Blackhole Yes LER1 doesn't not have those /32 blackhole routes it does have the def rt towards internet via LER2. Aaron -Original Message- From: LavoJM [mailto:lav...@secureobscure.com] Sent: Thursday, August 15, 2013 12:41 PM To: 'Aaron' Subject: RE: [c-nsp] why are packets not following the more specific route - xr 4.1.2 (asr9k) Are you running MPLS in the core, and the first LER does not have a FEC for the /32, but it does have one for default/other-internet routes? 3 -Original Message- From: cisco-nsp [mailto:cisco-nsp-boun...@puck.nether.net] On Behalf Of Aaron Sent: Thursday, August 15, 2013 11:57 AM To: cisco-nsp@puck.nether.net Subject: Re: [c-nsp] why are packets not following the more specific route - xr 4.1.2 (asr9k) (x.x.x.x is one of the /32 blackhole routes) Oh and when I do this on that boundary 9k traceroute x.x.x.x vrf xyz source y.y.y.y it appears to NOT follow the default route out to the internet and it seems that it does follow the more specific blackhole route. why would mpls l3vpn located computers deeper into my internal network NOT follow this more specific route as the packets flow across the forwarding plane of this boundary 9k ?? Aaron -Original Message- From: cisco-nsp [mailto:cisco-nsp-boun...@puck.nether.net] On Behalf Of Aaron Sent: Thursday, August 15, 2013 11:49 AM To: cisco-nsp@puck.nether.net Subject: [c-nsp] why are packets not following the more specific route - xr 4.1.2 (asr9k) I have a blackhole security device injecting routes into my internet boundary asr9k.. I see that the bgp prefixes are rcv'd on my 9k and the are installed in the per-vrf rib. The next hop for those routes are via a directly connected interface towards the blackhole.. But for some reason I continue to see on traceroutes from a computer that's deeper into my internal network via mpls l3vpn, that this computer's traceroutes flow right passed that 9k's more specific routes and follows the default route out to the internet. Any idea why ? Aaron
Re: [c-nsp] ME3800X/ME3600X/ME3600X-24CX/ASR903/ASR901 Deployment Simplification Feedback
Good point, SDM is just another gotcha. Allocate according to use and complain in the log when your getting close to max. ME3600x + ASR9k FTW! Just make more physical variants of the ME and lower the price on ASR9k. On Thu, Jul 25, 2013 at 12:56 PM, Leigh Harrison lharri...@convergencegroup.co.uk wrote: Hi there Waris, We've got quite a few of the ME3600's deployed now, which we migrated to over and above a legacy 3750ME estate. The big point for us was to migrate to MPLS access rather than have any spanning tree knocking about in the Core. Favoured points from my team involves the ease of configuration and their raw speed. Down sides are port capacity and buggy software. A denser system of 48 Gig ports and more 10Gb ports would assist greatly as we can fill up 24 1Gb ports quite quickly depending on which PoP the system has been built for. We tend to ring the 3600's into ASR9K's and the more rings we buy, the more 9K 10Gb ports have to be taken up. Additional 10Gb ports would be of great benefit to increase the capacity of each ring we build, rather than build new rings. Our provider connections are also moving from 1Gb up to 10Gb and I need to be able to cater for this towards the Access, rather than the Core. I would also like to see more horsepower in the systems. We recently went to implement multicasting in VRF and ran into some odd challenges. We have the 3600's set up for routing and are about to push 24,000 IPv4 routes. In our busier boxes we have around 9,000 routes, so I'm more than happy with the capacity there. However, in order to turn on 250 MDT routes, we have to drop the IPv4 routes down to 12,000. A sliding scale would be nice for memory allocation, but in the face of having 3600's move from 30% full to 60% full in the routing table to add in a new feature, we went for a redesign of how we delivered the multicasting. Leigh Hi Everyone, I have seen lot of good inputs on this mailer. I am collecting feedback for the existing deployment challenges on the following platforms so that we can address them. -ME3800X -ME3600X -ME3600X-24CX -ASR903 -ASR901 -ME3400E __ This email has been scanned by the Symantec Email Security Cloud System, Managed and Supported by TekNet Solutions (http://www.teknet.co.uk) __ ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/ -- *Med Vänliga Hälsningar* *Mattias Gyllenvarg* ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] Do you have command auto reoptimize Traffic Engineering by the router?
Though I have no actual experience I asked the same question at cisco live. And yes, it is supposed to reevaluate at certain intervals. . Best regards Mattias Gyllenvarg On Jul 22, 2013 12:15 PM, PlaWanSai RMUTT CPE IX pws_ad...@thaicpe.com wrote: Hi all, Do you have command for auto reoptimize Traffic Engineering by the router? When option 10 down and then up it can reoptimize by itself to option 10. Thank you very much Mr. Nattawat Kaewmanee ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/ ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] ME3800X/ME3600X/ME3600X-24CX/ASR903/ASR901 Deployment Simplification Feedback
+1 and I add a me3600x chassie to the mix of wet dreams. On 21 Jul 2013 08:01, Mark Tinka mark.ti...@seacom.mu wrote: On Tuesday, March 19, 2013 09:27:45 AM Waris Sagheer (waris) wrote: Hi Everyone, I have seen lot of good inputs on this mailer. I am collecting feedback for the existing deployment challenges on the following platforms so that we can address them. -ME3800X -ME3600X -ME3600X-24CX -ASR903 -ASR901 -ME3400E - I would like to see a variant of the ME3600X/3800X that provides for at least 4x 10Gbps SFP+ uplink ports. - I would like to see a variant of the ME3600X/3800X that provided for 48x Gig-E copper or fibre ports in a 1U chassis (I'll also take a 1.5U chassis if times are really hard). Yes, all at line rate :-). - I would like to see a solution that allows for PoP growth. We've had scenarios where the number of ME3600X/3800X chassis has grown to a level to justify looking at a chassis (ASR9000 or MX480/960), but the line card costs alone still make stacking yet another ME3600X/3800X a commercially better idea, but lousy for operations. What can the team do to allow operators to grow ports and scale on a per-PoP basis while simplifying operations and keeping port costs down? I've never been drawn to virtual/multi-chassis systems, but... :-). - I'm not very heavy on growing the FIB on the ME3600X/3800X systems, but any thought Cisco can put into this that doesn't make the cost of building the units outrageous would be much appreciated. This isn't critical for me; just a very nice-to-have. In addition to what Nick and the others have already mentioned, those are the things I'd like to see addressed, Waris. For me, one of the things that pleases me most about the ME3600X/3800X (apart from the fact that we can drop STP and extend IP/MPLS into the Access) is that QoS is normal, simple and behaves like a regular Cisco router. Additional work and simplification in this area (particularly coming as close to the flexibility of what software routers like the 7200 can do) would be much appreciated. You have no idea how much it sucked running the 3750ME as a Metro-E IP/MPLS Access platform and trying to do simple or complex QoS strategies for customers and the core :-). Many thanks for reaching out to the community about this, Waris. It makes all the difference for us operators, and is more of what we would like to see from our preferred vendors. Cheers, Mark. ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/ ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] vrf-lite routing
You will still need a vlan for every vrf between the relevant machines with vrf-lite. Only MPLS or tunnels solve that. If it is internet traffic you dont need more then Layer2 separation, you have that with a vlan/customer. So building VRFs will separate Layer3 and the you have too short circuit manually. Makes no sense. If you dont whant the customer routes in EIGRP then you should setup iBGP. Mostly, you should be careful when building something that you cannot troubleshoot for a friend. There is alot of gotchas in VRF and MPLS and you may end up with less features and more work when provitioning then the old network. On Thu, Jul 18, 2013 at 3:02 AM, Dan Letkeman danletke...@gmail.com wrote: I think it makes more sense to do this based on the equipment they have. http://packetlife.net/blog/2009/apr/30/intro-vrf-lite/ Get the performance of routing on the 3k switches but the segregation of VRF-lite if they want it. Dan. On Wed, Jul 17, 2013 at 7:45 PM, Dan Letkeman danletke...@gmail.com wrote: The current network is routed via EIGRP, but also has a lot of vlan's trunked everywhere...its an STP nightmare with various ISP's providing service via fiber, and a host of wireless bridges, that are any where from 10-40 miles My though was to use tunnel's and vrf-lite instead of trunking vlan's everywhere, but from what I am hearing, GRE tunnels are not going to perform. I have this working in a test network and it's working well. Other than I have not tried a performance test. They do want separation on some of the networks, but not all. I have done this in the past with access lists and vlan's but its a pain. Is there any other way to segregate the traffic on routed network? Ideally they should have a router at each location and not a switch. Dan. On Wed, Jul 17, 2013 at 1:28 AM, Mattias Gyllenvarg matt...@gyllenvarg.se wrote: Hi Dan Sounds like your getting of on the wrong foot. The 3560 can't do much more then routing and switching. No GRE or MPLS so you are pretty much stuck with trunking. VRFs will only be helpfull with MPLS unless you want VRF-lite (thats VRF that is local to one machine only). Then you still need the trunks and vlans. You can setup the VRFs to talk fairly easily, but why have the separation if you want them to talk? Sound like you should just replace the old machine with the new one. If you should do anything then setup the 3k boxes for dynamic routing so that they simply route the traffic instead of switching it. Then you wont have to add vlans for every new internet customer. But shaping may be harder to do as you dont have the customers interface in your core. //Mattias On Wed, Jul 17, 2013 at 4:12 AM, Dan Letkeman danletke...@gmail.com wrote: Hello, Just wondering if anyone can direct me down the correct path. I have been asked by a friend to help replace an ISR2851 with a new ASR1001. The 2851 currently does some route-maps for different networks and a few customers as well as some shaping. They want to use the ASR to peer with an ISP and I suggested to use tunnel's and VRF's instead of trunking vlan's through there network to the customers, like they are doing now. The network currently consists of mostly 3k switches and either fiber or wireless trunks to about 45 different locations. The main goal is to provide internet to each of the 45 locations each having there own public ip/range. My thought was to create tunnels from the ASR to each of the locations (each have a 3560 switch) and then to create VRF's on each tunnel and assign a public IP to each VRF and then advertise those networks into the global BGP table. First time I have done anything like this...Any thoughts? Dan. ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/ -- *Med Vänliga Hälsningar* *Mattias Gyllenvarg* ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/ -- *Med Vänliga Hälsningar* *Mattias Gyllenvarg* ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] vrf-lite routing
Hi Dan Sounds like your getting of on the wrong foot. The 3560 can't do much more then routing and switching. No GRE or MPLS so you are pretty much stuck with trunking. VRFs will only be helpfull with MPLS unless you want VRF-lite (thats VRF that is local to one machine only). Then you still need the trunks and vlans. You can setup the VRFs to talk fairly easily, but why have the separation if you want them to talk? Sound like you should just replace the old machine with the new one. If you should do anything then setup the 3k boxes for dynamic routing so that they simply route the traffic instead of switching it. Then you wont have to add vlans for every new internet customer. But shaping may be harder to do as you dont have the customers interface in your core. //Mattias On Wed, Jul 17, 2013 at 4:12 AM, Dan Letkeman danletke...@gmail.com wrote: Hello, Just wondering if anyone can direct me down the correct path. I have been asked by a friend to help replace an ISR2851 with a new ASR1001. The 2851 currently does some route-maps for different networks and a few customers as well as some shaping. They want to use the ASR to peer with an ISP and I suggested to use tunnel's and VRF's instead of trunking vlan's through there network to the customers, like they are doing now. The network currently consists of mostly 3k switches and either fiber or wireless trunks to about 45 different locations. The main goal is to provide internet to each of the 45 locations each having there own public ip/range. My thought was to create tunnels from the ASR to each of the locations (each have a 3560 switch) and then to create VRF's on each tunnel and assign a public IP to each VRF and then advertise those networks into the global BGP table. First time I have done anything like this...Any thoughts? Dan. ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/ -- *Med Vänliga Hälsningar* *Mattias Gyllenvarg* ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] Carrier Aggregation advice
If you don't need full Bgp me3600x has all the bells and whistles. If you do need a full table then you will need to go with something from the asr range. The only issues I have with the me3600x is the depth of the machine, only 2 sfp+ ports and the ios is not completely mature yet. Though that may have got a lot better in the past half year. Best regards Mattias Gyllenvarg On Jul 17, 2013 3:55 PM, Chris Gibbs chris.gi...@gosford.nsw.gov.au wrote: Gday all, I'm currently investigating terminating a NNI from NBN Co and aggregating services before dumping into our core. Consider it a green-field ISP build :) Really go wild! So would like the PE to support the following: * Migrating parts of our current WAN from licensed microwave to NBN Co, will likely be around 60 initial sites/'customers'. Ability to scale to 1000+ sites/'customers'. * Planning on CVC of 600Mbps initially for testing. Building with a NNI of 1 Gbps to suit, so need at least 1Gbps with SFP options. Prefer ability for 10Gbps with SFP+. * 10 port minimum. * 1 or 2 RU preferred. * Dot1ad, q-in-q, double tagged. Pick your buzz word preference. * Pop/Push ability for c/s tags. * MPLS, bgp, OSPF, SP QoS, multicast etc. * DHCP option 82. * LACP * Dual power. AC. * All the mgmt. niceties. SNMP, SSH, traps, etc Having a Cisco background I have been looking at the Cisco ME 3800X-24FS. All off spec so far and haven't played with one in lab environments. Haven't had a chat to our cisco account team yep either. My background is only Cisco IOS, happy to learn new tricks though. Would appreciate thoughts on the selection and should I be considering alternatives? Cheers, Chris The information contained in this email may be confidential. You should only disclose, re-transmit, copy, distribute, act in reliance on or commercialise the information if you are authorised to do so. Gosford City Council does not represent, warrant or guarantee that the communication is free of errors, virus or interference. Gosford City Council complies with the Privacy and Personal Information Protection Act (1998). See Council's Privacy Statement at http://www.gosford.nsw.gov.au/council/privacy.html ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/ ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] Carrier Aggregation advice
Xe is the same syntax as ios classic. Just modular. Asr9000 uses xr and is all new syntax. Best regards Mattias Gyllenvarg On Jul 17, 2013 10:16 PM, Chris Gibbs chris.gi...@gosford.nsw.gov.au wrote: Thanks Mattias. We have dual upstream providers so probably don't need full bgp to start, however it may be a requirement in the future to peer. Ill have to check out the ASR range, was a little uncomfortable with using IOS XE having had no experience but will have to overcome this issue. Kind regards, Chris Gibbs Network and security engineer 02 4325 On 18/07/2013, at 4:54 AM, Mattias Gyllenvarg matt...@gyllenvarg.se wrote: If you don't need full Bgp me3600x has all the bells and whistles. If you do need a full table then you will need to go with something from the asr range. The only issues I have with the me3600x is the depth of the machine, only 2 sfp+ ports and the ios is not completely mature yet. Though that may have got a lot better in the past half year. Best regards Mattias Gyllenvarg On Jul 17, 2013 3:55 PM, Chris Gibbs chris.gi...@gosford.nsw.gov.au wrote: Gday all, I'm currently investigating terminating a NNI from NBN Co and aggregating services before dumping into our core. Consider it a green-field ISP build :) Really go wild! So would like the PE to support the following: * Migrating parts of our current WAN from licensed microwave to NBN Co, will likely be around 60 initial sites/'customers'. Ability to scale to 1000+ sites/'customers'. * Planning on CVC of 600Mbps initially for testing. Building with a NNI of 1 Gbps to suit, so need at least 1Gbps with SFP options. Prefer ability for 10Gbps with SFP+. * 10 port minimum. * 1 or 2 RU preferred. * Dot1ad, q-in-q, double tagged. Pick your buzz word preference. * Pop/Push ability for c/s tags. * MPLS, bgp, OSPF, SP QoS, multicast etc. * DHCP option 82. * LACP * Dual power. AC. * All the mgmt. niceties. SNMP, SSH, traps, etc Having a Cisco background I have been looking at the Cisco ME 3800X-24FS. All off spec so far and haven't played with one in lab environments. Haven't had a chat to our cisco account team yep either. My background is only Cisco IOS, happy to learn new tricks though. Would appreciate thoughts on the selection and should I be considering alternatives? Cheers, Chris The information contained in this email may be confidential. You should only disclose, re-transmit, copy, distribute, act in reliance on or commercialise the information if you are authorised to do so. Gosford City Council does not represent, warrant or guarantee that the communication is free of errors, virus or interference. Gosford City Council complies with the Privacy and Personal Information Protection Act (1998). See Council's Privacy Statement at http://www.gosford.nsw.gov.au/council/privacy.html ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/ -- The information contained in this email may be confidential. You should only disclose, re-transmit, copy, distribute, act in reliance on or commercialise the information if you are authorised to do so. Gosford City Council does not represent, warrant or guarantee that the communication is free of errors, virus or interference. Gosford City Council complies with the Privacy and Personal Information Protection Act (1998). See Council's Privacy Statement http://www.gosford.nsw.gov.au/council/privacy.html -- ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
[c-nsp] ASR-9010-AC vs ASR-9010-AC-V2
Dear List What is the difference between the chassie versions? Is the V2 just a hardware revision? -- *Best Regards* *Mattias Gyllenvarg* Senior Network Architect Obduro Network AB ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] ASR-9010-AC vs ASR-9010-AC-V2
One more round with google and it seems that it is the PEM that is upgraded. • Power Entry Module and Power Supply Version 2: The new Power Entry Module Version 2 (PEMv2) and Power Supply Version 2 for the Cisco ASR 9010 and ASR 9006 routers provide investment protection by offering increased power efficiency and power density per Cisco ASR 9006 and ASR 9010 chassis. Cisco PEMv2 is capable of holding up to four v2 power supplies. PEMv2 is field upgradeable or may be configured with the Cisco ASR 9010 or ASR 9006 chassis. As it is included in the chassie, I guess the chassie inherits the V2 from the PEM. On Thu, Jun 20, 2013 at 10:12 AM, Mikael Abrahamsson swm...@swm.pp.sewrote: On Thu, 20 Jun 2013, Mattias Gyllenvarg wrote: Dear List What is the difference between the chassie versions? Is the V2 just a hardware revision? V2 is probably the uprated FAN array, which means you can have DWDM optics in all slots in a 24x10GE card. -- Mikael Abrahamssonemail: swm...@swm.pp.se -- *Med Vänliga Hälsningar* *Mattias Gyllenvarg* ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] Terminating lots of double-tagged vlans
+1 ME3600X On 23 May 2013 19:40, Pete Lumbis alum...@gmail.com wrote: EVCs might do the trick for you. On the 6k/7600 it requires ES/ES+ modules I believe. ASR1k and me3600/3800 can do it out of the box. http://www.cisco.com/en/US/docs/ios-xml/ios/cether/configuration/xe-3s/ce-ether-vc-infra-xe.html On Thu, May 23, 2013 at 9:25 AM, Simon Lockhart si...@slimey.org wrote: On Wed Apr 17, 2013 at 12:57:05PM -0700, Bruce Pinsky wrote: Simon Lockhart wrote: I'm working on a project which uses GPON to connect tens of thousands of properties in a fibre-to-the-home environment. Each property will be handed off to me as a double-tagged vlan, one per property. Obviously I don't want to manually create tens of thousands of subinterfaces on a router, and I'm sure there's a better way of doing this. http://www.cisco.com/en/US/docs/ios/lanswitch/configuration/guide/lsw_ieee_802.1q.html#wp1027258 Well, I started down this route in the lab, and all was looking promising for the first ONT, running IPv4, and terminating onto an ASR1k IPv6 didn't work, and a 2nd ONT wouldn't work. Then I found the caveat in the documentation - Only PPPoE is supported on ambiguous subinterfaces. Standard IP routing is not supported on ambiguous subinterfaces. PPPoE isn't going to work in our environment, as the ONT won't do it, and we're not mandating the use of a CPE router beyond the ONT (the user could plug their PC direct into the ONT). Is there any other way to make Standard IP routing work on ambiguous subinterfaces - i.e. using the encapsulation dot1q 101 second-dot1q any configuration syntax? Thanks in advance, Simon -- Simon Lockhart | * Server Co-location * ADSL * Domain Registration * Director| * Domain Web Hosting * Connectivity * Consultancy * Bogons Ltd | * http://www.bogons.net/ * Email: i...@bogons.net * ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/ ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/ -- *Med Vänliga Hälsningar - Best Regards* *Mattias Gyllenvarg* *Nätutveckling* Bredband2 Tel: +46 406219712 ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] Metro Ethernet nightmares (L2PT, PBB-VPLS, Load Balancing, EVPN)
Hey Holger EVPN is basiclly in beta and still a pipe dream on any realworld network as far as I can see it. Completely transparent, we react to nothing the customers sends above ethernet switcing. Any loadbalancing is done in IGP or in a few cases MPLS-TE manipulating IGP. I have a feeling that your failing too separate the layers here. And also perhaps, you may be fixing problems that you dont have yet. We are aware of the semi-unfixable issues of AoMPLS clouds and are awaiting EVPN too fix it as there is no real sollution to fix all this. Except IP-VPN :) On 6 May 2013 11:56, Holger L ci...@entrap.de wrote: Hi Mattias, On Mon, May 6, 2013 03:13, Mattias Gyllenvarg wrote: From what I gathered about this. EVPN (BGP signaled Ethernet VPN) will solve this as there are to many variants of Spanning tree that your clients can use that you today need to implement individually toward your customers. Right, do you know any commands to implement this? All I can find about this is just sales foo and does not include any commands or examples. We run QinQ in eighter ME3400 or ME3600x CPE and asr9k cores for VPLS (H-VPLS) customers. Are your lines transparent for customers STP, CDP, PVST+, etc.? Which technology do you use, L2PT, PBB or something different? How do you do load balancing in your core network? By Label? Though often not possible we try too get the customer too switch too IP-VPN as it is much more resilient in nature. More setup Less maintence. That's definitely true but most of the time not possible for our customers. Thanks and Best regards, Holger -- *Med Vänliga Hälsningar - Best Regards* *Mattias Gyllenvarg* *Nätutveckling* Bredband2 Tel: +46 406219712 ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] Ang: Making SUP720 cope better under BGP load
I can vouch for the asr9k in regards too performance. But the software still is not as stable as you might want. On May 2, 2013 9:52 AM, gustav.ulan...@steria.se wrote: Hello Simon. We are using asr1k for peering purposes and Sup2T in the core. We also have some sup 720 as PE routers. We find that the ASR1001 is alot faster at establishing our BGP sessions than both sup 720 and 2T. I would look into the ASR9001. Seems to be much better box than an ASR 1k box when you spec it to be able to push around 40G. Often turns out cheaper than ASR1k boxes also. Gustav Uhlander Communication Infrastructure Engineer Steria AB Kungsbron 13 Box 169 SE-101 23 Stockholm Sweden Tel: +46 8 622 42 15 Fax: +46 8 622 42 23 Mobile: +46 70 962 71 03 gustav.ulan...@steria.se www.steria.se -cisco-nsp-boun...@puck.nether.net skrev: - Till: cisco-nsp@puck.nether.net Från: Simon Lockhart ** Sänt av: cisco-nsp-boun...@puck.nether.net Datum: 2012-12-07 14:29 Ärende: [c-nsp] Making SUP720 cope better under BGP load All, I'm currently using SUP720-3BXL's in my BGP border devices. Obviously the SUP720 is not a particularly fast CPU, so it is pretty slow at bringing up a lot of BGP sessions. On one particular box, I've got 250 BGP neighbours - 1 full table transit, 2 IGP to route-reflectors, and the rest are peering sessions at an IXP. Recently, the IXP did maintenance causing the interface to drop, and it bought the box to its knees. The BGP Router process takes all the available CPU while it tries to re-establish the BGP sessions. While this is happening, the SUP720 seems to give up processing other stuff in a timely manner - and I see MPLS LDP drop, OSPF neighbours drop, and then BGP sessions drop due to hold timer expires. With all these drops, it causes even more CPU load, and the cycle continues. I've been talking to other SUP720 using ISPs, and it seems that some see this same effect, and others don't. Currently running 12.2(33)SXJ3 Are there any tweaks that I can apply to the IOS config to make the SUP720 cope better in this sort of situation? I'd be happy for the BGP sessions to take a lot longer to re-establish, if it didn't kill everything else in the process... And, as a follow-on question, given that the SUP720 is so under-powered for BGP, what other options do I have which would cope better? SUP-2T? Or, if I need to move away from the 6500, what's good for BGP routing with about 20-40G of throughput (i.e. 4-8 * 10GE ports)? How does the ASR9k or ASR1k range fair for BGP performance? Many thanks in advance, Simon ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/ ** ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/ ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] IPv6 Transition - IP/MPLS Backbone
Beware of one thing 6PE can not do. BGPv6 over multi-hop will not work as there is no recursive lookup from v6 too v4 in your BGP speaker. This is a feature, not a bug... so it will not be fixed. Otherwise 6PE is a breeze. On 14 April 2013 21:56, Ahmed Hilmy hilmy...@gmail.com wrote: Hello Expert, We are planning to deploy IPv6 at our IPv4 Backbone, our PE to as Dual Stack and carry IPv6 packet through MPLS label. There are different scenarios, one of them is 6PE. Would you please guide me from where can i start ? Thanks, Ahmed ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/ -- *Med Vänliga Hälsningar - Best Regards* *Mattias Gyllenvarg* *Nätutveckling* Bredband2 Tel: +46 406219712 ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] Using EoMPLS instead of end to end VLAN
Multihop BGP would give you the benefit of any redundancy you have along the path. On 10 April 2013 19:14, Antonis Vosdoganis avo...@gmail.com wrote: We have a BGP session with a carrier delivered on ME3600-A. Because ME3600 is not able to carry bgp table we have create vlan 100 and we and made the gigabit port access to vlan 100. 7609 -- ME3600-B - ME3600-A --- BGP SESSION ME3600-A vlan 100 name BGP_PEERING interface GigabitEthernet0/1 description BGP_PEERING switchport access vlan 100 ME3600-A and ME3600-B are interconnected with a trunk port. ME3600-B vlan 100 name BGP_PEERING ME3600-B and 7609 are also interconnected with a trunk port CISCO 7609-S vlan 100 name BGP_PEERING interface Vlan100 description BGP_PEERING ip address XXX.XXX.XXX.XXX 255.255.255.248 In all trunk ports we are using mpls enabled SVIs. So the vlan 100 travels all the way from ME3600-A to 7609 and the bgp session is running on 7609. I am trying to say is it possible to replace the vlan with EoMPLS and how? Best Regards Antonis. ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/ -- *Med Vänliga Hälsningar - Best Regards* *Mattias Gyllenvarg* *Nätutveckling* Bredband2 Tel: +46 406219712 ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] Sup2T - poor netflow performance
Agreed! Very nice platform, we got hit by the MPLS payload begins with 0x6 bug. Couldn't believe it was true. Also, not only is there no redundant RSP it is not replaceable either. On 26 March 2013 22:19, Dumitru Ciobarcianu cisco-...@lnx.ro wrote: On 26-Mar-13 18:33 PM, Gert Doering wrote: Ugh. I can't answer this - we have no Sup2T yet - but I would be very much interested in whether you can get this solved. We're currently planning our next gen hardware, and it will either be ASR9001 or Sup2T - and we're leaning towards Sup2T because that's 6500, we know the platform... (famous last words). A bit offtopic: You're sure you didn't mean 9006 or 9010 ? You can't have redundant RSPs in ASR9001, and the chassis is maxed at 12 10G ports... ASR9001 is a really nice small machine but a bit immature imho. I have opened tickets for silly bugs like igmp snooping breaks ospf or show ip route command chrashed with SIGSEGV. (XR 4.3.0) Oh, and they finnaly released an SMU for onboard ports shutd down for no reason but only for 4.2.3, not 4.3.0 ... Dumitru it compiles? ship it! C. ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/ -- *Med Vänliga Hälsningar - Best Regards* *Mattias Gyllenvarg* *Nätutveckling* Bredband2 Tel: +46 406219712 ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
[c-nsp] Inga mer ds switchar
Hej allihop Vi kommer inte deplya några nya DS switchar, dessa kommer i framtiden vara AS switchar. De befinliga kommer endast döpas om om de samtidigt märks om på plats. -- *Med Vänliga Hälsningar - Best Regards* *Mattias Gyllenvarg* *Nätutveckling* Bredband2 Tel: +46 406219712 ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] IOS XR and router rib rump always-replicate
Sorry for the weak context. I was just refering too removing PIM from within Core/Dist not inter-AS. On 6 March 2013 08:26, Mikael Abrahamsson swm...@swm.pp.se wrote: On Wed, 6 Mar 2013, Mattias Gyllenvarg wrote: About that, Oliver, is multicast-BGP production ready in IOS ans IOS XR. Specifically ASR9k, 7606 Sup720, ME3600X and 3560/3750? People have been running multicast on XR (ASR9K) and 7600 since forever. I'd be more worried about ME3600X and 3560/3750, but at least on the 3560/3750 they're mature platforms so I'd imagine it works there as well. Whould be nice too remove PIM from the core, just as Gert says limited use = limited support. How is multicast supposed to work without PIM? What Gert was talking about was Internet multicast, ie multicast between ISPs. Watching NASA multicast streams for instance (I did this at my university in ~1995). Very few commercial ISPs support this. -- Mikael Abrahamssonemail: swm...@swm.pp.se -- *Med Vänliga Hälsningar - Best Regards* *Mattias Gyllenvarg* *Nätutveckling* Bredband2 Tel: +46 406219712 ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] IOS XR and router rib rump always-replicate
That is why I addressed Oliver directly. I had a discussion with him at Cisco Live and this came up. The idea is too use MPLS/BGP for transport/signaling. So, no PIM on core/dist links. Only toward Customers and Peers. I do'nt have the details as we have not yet looked into implementing but, as Gert pointed out, we some times experience the same issue. That PIM is forgotten because it is the odd protocol that no one uses except on the node that your doing disaster recovery on. So, where as always looking for the Keep it simple, stupid version. On 6 March 2013 09:26, Mikael Abrahamsson swm...@swm.pp.se wrote: On Wed, 6 Mar 2013, Mattias Gyllenvarg wrote: I was just refering too removing PIM from within Core/Dist not inter-AS. How is multicast supposed to work at all whereever for L3 routing without PIM? I'll admit I'm a bit rusty and only know about PIM-SM and PIM-SSM, what other methods are there for controlling routed multicast? -- Mikael Abrahamssonemail: swm...@swm.pp.se -- *Med Vänliga Hälsningar - Best Regards* *Mattias Gyllenvarg* *Nätutveckling* Bredband2 Tel: +46 406219712 ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] IOS XR and router rib rump always-replicate
That's it, seems too have alot of caveats on the ME3600X though. On 6 March 2013 10:43, Christian Meutes christ...@errxtx.net wrote: On 06.03.2013, at 09:26, Mikael Abrahamsson swm...@swm.pp.se wrote:. How is multicast supposed to work at all whereever for L3 routing without PIM? I'll admit I'm a bit rusty and only know about PIM-SM and PIM-SSM, what other methods are there for controlling routed multicast? You need mLDP or RSVP for that, Label-Switched-Multicast. Cisco currently goes the mLDP course, while others go NG-Multicast. -- *Med Vänliga Hälsningar - Best Regards* *Mattias Gyllenvarg* *Nätutveckling* Bredband2 Tel: +46 406219712 ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] BGP route won't advertise
Just too add... With communities you make your own rules. As in Petes example you make up what numbers you want and how they look. In Petes example he uses the most common way of implementing this. Which is a single large community number with several purposes. In our design, which I have not seen anyone else do, we have many communities per prefix that has an individual purpose each. Plus side is no complex regexp that can be hard too design and troubleshoot. Minus is more communities. Our cheat sheet looks something like. 100-199 What ISP originated? 200-299 POP 600-650 How too announce etc etc I think and the guys here (at work, not the list) agree that this is easier too work with. Don't fall into the make it complex because you can trap. Its hard too get out... On 6 March 2013 15:16, Pete Templin peteli...@templin.org wrote: On 2/28/13 10:35 AM, Jerry Bacon wrote: It's complicated. I am doing transit for this customer, be we have common upstream peers, and I need to disallow his other advertisements. I'm sure there are better ways to do this, but my real problem is that I can't get one of my routers to advertise his routes, while the other one does. Jon is right, deny or allow+tag is the way to go. Simple example: ASN in this case is your ASN. Make a cheat sheet like this: ASN:ABCDE. The right side breaks out to: A (route category) = 1 for customer, 2 for yours, 3 for upstream BC = pop number, set to 01 for now if you want a starting point. DE = future expansion, set to 00 for now as a starting point. This customer's routes would get tagged ASN:10100, your own aggregates would get tagged ASN:20100, and upstream routes would get tagged ASN:30100. ip community-list 101 permit ASN:1 ip community-list 102 permit ASN:2 ip community-list 103 permit ASN:3 route-map transit-out p 10 match commu 101 route-map transit-out p 20 match commu 102 route-map transit-out d 30 match commu 103 Bingo, this prefix goes out, but other routes from that customer's AS (learned from one transit) don't flow to the other transit. pt __**_ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/**mailman/listinfo/cisco-nsphttps://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/**pipermail/cisco-nsp/http://puck.nether.net/pipermail/cisco-nsp/ -- *Med Vänliga Hälsningar - Best Regards* *Mattias Gyllenvarg* *Nätutveckling* Bredband2 Tel: +46 406219712 ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] IOS XR and router rib rump always-replicate
About that, Oliver, is multicast-BGP production ready in IOS ans IOS XR. Specifically ASR9k, 7606 Sup720, ME3600X and 3560/3750? Whould be nice too remove PIM from the core, just as Gert says limited use = limited support. On 1 March 2013 19:23, Gert Doering g...@greenie.muc.de wrote: Hi, On Fri, Mar 01, 2013 at 02:56:07PM +0100, Mikael Abrahamsson wrote: I haven't tried to get Internet multicast working for a few years, basically because nobody used it. We had it working via transit and a few peers a few years back, I have no idea if it works now or not. Our experience: it doesn't. We turned it off with our upstreams a few years back, because every time someone wanted to use it for real (every few months) we found that some upstream changes had broken it again, like turning up new links but forgetting PIM on them and such. And debugging this is a major nightmare, as you need clueful people to look at every single step. Which, unfortunately, neither of our then-upstreams were able to provide (we do not see a problem, can we close the case?). gert -- USENET is *not* the non-clickable part of WWW! // www.muc.de/~gert/ Gert Doering - Munich, Germany g...@greenie.muc.de fax: +49-89-35655025 g...@net.informatik.tu-muenchen.de ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/ -- *Med Vänliga Hälsningar - Best Regards* *Mattias Gyllenvarg* *Nätutveckling* Bredband2 Tel: +46 406219712 ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] 802.1Q-in-Q VLAN Tag Termination on 7600/6500 OSN modules
Yes and No You can do better. But you need to learn about EVC and EFP. They can basically do whatever you can think of with tags and the attach that too a SVI (evc in nextgeneration gear). So, say you want too do a ip unnumbered setup. you just point individual tags on individial interfaces too a common EVC. Your gonna love it when you get your head around it. On 28 February 2013 10:41, Davide Ambrosi davide.ambr...@trivenet.itwrote: Hello Mattias, but in the ME3600X (or ME3800X) is it possible to apply a configuration like this ? interface gigabitethernet0/1.10100 no switchport encapsulation dot1q 10 second-dotq 100 ip address 10.0.0.1 255.255.255.0 with the ES+ (and I think also with 7600-SIP-400 + SPA-5X1GE-V2) is possible. Thanks, Davide 2013/2/28 Mattias Gyllenvarg mattias.gyllenv...@bredband2.se: Do it in the 3600X, thats what there good at. On 28 February 2013 09:55, Davide Ambrosi davide.ambr...@trivenet.it wrote: Thanks Mack, so I have to change all the 7603 boxes and move to 7603-S to support the ES+ cards and upgrade all the supervisors to SUP720-3B minimum. Moving to ASR's series (like the ASR1002) could be a good alternative choice because of the limited GE ports I need on the small POP's (5 GE) ? Davide 2013/2/27 Mack McBride mack.mcbr...@viawest.com: The ES+ cards are the way to go. The OSM modules aren't going to do what you want. In addition they aren't properly supported in newer code. LR Mack McBride Network Architect -Original Message- From: cisco-nsp-boun...@puck.nether.net [mailto:cisco-nsp-boun...@puck.nether.net] On Behalf Of Davide Ambrosi Sent: Wednesday, February 27, 2013 9:32 AM To: cisco-nsp@puck.nether.net Subject: [c-nsp] 802.1Q-in-Q VLAN Tag Termination on 7600/6500 OSN modules Hello, We have some 7603 boxes with SUP720/SUP2 installed as main supervisor in our MPLS Edge sites. Now we need to terminate QinQ VLAN directly on one or more GE interfaces of the 7603 routers because we are planning to introduce metro ethernet tecnologies (ME3400E/ME3600X) in our fiber and microwave access network for reducing the VLAN configured between the switches located in the access network (now we have 1 VLAN = 1 Customer). I see that 7600 catalyst modules doesn't support QinQ VLAN termination (the command encapsulation dot1q outer-vlan second-dot1q inner-vlan) because they are LAN modules. Is there anyone who tested QinQ termination on old 7600 OSN GE modules like the OSM-2+4GE-WAN+ ? If not supported the only way to support QinQ is to buy new (expensive) 7600-S chassis + ES cards or SIP-400 and SPAs V2 ? In out network environment we have also some 7609-S(RSP720) with ES+ card located into the core an large aggregation sites and with this equipment we don't have problems because the QinQ Termination is supported on ES+ card. Davide ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/ ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/ -- *Med Vänliga Hälsningar - Best Regards* *Mattias Gyllenvarg* *Nätutveckling* Bredband2 Tel: +46 406219712 -- *Med Vänliga Hälsningar - Best Regards* *Mattias Gyllenvarg* *Nätutveckling* Bredband2 Tel: +46 406219712 ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] list wisdom please, Cisco switches
Added arp inspection too your list. - dhcp option 82 support - dhcp snooping - DAI - port security - urpf on first hop - RA guard / dhcpv6 snooping / ND guard if you're providing ipv6 - broadcast / multicast storm control - lan broadcast segmentation for session hijack protection - common L2 domain for public IP address assignment efficiency - ip arp inspection vlan vlan-id On 15 January 2013 23:09, Nick Hilliard n...@foobar.org wrote: On 15/01/2013 19:43, Blake Dunlap wrote: Yeah that's the reason. Its not about talking to one another, its about protecting from attacks that could allow snooping on traffic flows, to hijacking. This is mildly troublesome. What you really want in your switch is: - dhcp option 82 support - dhcp snooping - DAI - port security - urpf on first hop - RA guard / dhcpv6 snooping / ND guard if you're providing ipv6 - broadcast / multicast storm control - lan broadcast segmentation for session hijack protection - common L2 domain for public IP address assignment efficiency note that the last two cannot easily be achieved without per-port dhcp filtering. Nick ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/ -- *Med Vänliga Hälsningar - Best Regards* *Mattias Gyllenvarg* *Nätutveckling* Bredband2 Tel: +46 406219712 ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] Advanced Metro license, ME-3600
Have had both ways. Always get them preinstalled now. Licencing process is a pain. On 27 September 2012 00:35, Eric A Louie elo...@yahoo.com wrote: Hey folks, I'm trying to get the straight scoop on the licensing issue I received an ME 3600x from my reseller, without the Advanced Metro license. I did order the license from them. Is there a normal wait for getting it, or is the reseller trying to smokescreen me? Or, should I have received the license on shipment of the switch? Much appreciated, Eric Louie ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/ -- *Med Vänliga Hälsningar - Best Regards* *Mattias Gyllenvarg* *Nätutveckling* Bredband2 - bara hårda paket Tel: +46 406219712 ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] IOS XR
Dear Mohamed/List If you go with 4.1.0 do not miss the appropriate SMUs or you will have nasty surpises. //Mattias 2011/9/5 mohamed Osama Saad Abo sree mohamed.abos...@gmail.com: Hello, I'm wondering if any one had upgraded to IOS XR release Version 4.1.1 and face any Bugs or issues that came out after using it? Thanks, Mohamed Osama ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/ ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] ASR9k A9K-8T-L LC crash and reload
Hi Piotr IOS is 4.1.0 and all fpd:s are updated. We agree that this is unlikely a hw-problem, and that is why I am looking too the community for hints. We have had the PIM process crash in the 7606 a few times, right now Im looking into SRD6 as a cause of the punts on the ASRs causing the reload. Best Regards Mattias Gyllenvarg Bredband2 2011/6/16 Piotr Wojciechowski pe...@peper.eu.org: On 6/16/11 14:25 , Wyatt Mattias Gyllenvarg wrote: Hi All We are having an issue with a ring of 3 ASR9010 and one 7606 Sup7203BXL with 6704-DFC3BLX. Hi, Because problem occurs on multiple chassis I would guess hardware problems are unlikely. Have you performed software upgrade after you got them from factory? If yes did you perform upgrade of FPD too? Regards, -- Piotr Wojciechowski (CCIE #25543) | The trouble with being a god is http://ccieplayground.wordpress.com | that you've got no one to pray to JID: pe...@jabber.org | -- (Terry Pratchett, Small Gods) ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/ ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
[c-nsp] ASR9k A9K-8T-L LC crash and reload
Hi All We are having an issue with a ring of 3 ASR9010 and one 7606 Sup7203BXL with 6704-DFC3BLX. The LCs facing the 7606 crash and reload randomly (once they have reloaded at the same time). Both cards are in slot 0/2 and have if Te0/2/0/0 facing the 7606. All the ASR machines have the same physical configuration. 0/0 A9K-40GE-L 0/1 A9K-8T-L LC 0/2 A9K-8T-L LC Dual RSPs 4G Running 4.1.0 all fpd are updated Very little traffic is being forwarded as we have not yet migrated fully too this new setup. Running Protocolls are: OSPF MPLS LDP PIM BGP IPv6 PE CDP All interfaces are routed. Log shows: LC/0/2/CPU0:Jun 16 11:27:54.502 : pfm_node_lc[267]: %PLATFORM-DIAGS-0-LC_NP_LOOPBACK_FAILED : Set|online_diag_lc[163921]|Line card NPU loopback Test(0x206)| LC/0/2/CPU0:Jun 16 11:27:54.509 : pfm_node_lc[267]: prm_fast_reset_subset fast reset api succeeded for chan 4 LC/0/2/CPU0:Jun 16 11:27:54.510 : pfm_node_lc[267]: NP loopback recovery action: Succeded (NP bitmask:0x10) LC/0/2/CPU0:Jun 16 11:27:57.975 : prm_server[278]: %PLATFORM-NP-0-INIT_ERR : *** Error 0xA0003F03 : prm_np_fast_reset : Channel 4 Config Start Fast Reset failed, line LC/0/2/CPU0:Jun 16 11:27:57.976 : prm_server[278]: Line card needs to be reloaded, a reboot is being requested RP/0/RSP0/CPU0:Jun 16 11:27:58.031 : shelfmgr[352]: %PLATFORM-SHELFMGR-3-NODE_CPU_RESET : Node 0/2/CPU0 CPU reset detected. RP/0/RSP0/CPU0:Jun 16 11:27:58.032 : shelfmgr[352]: %PLATFORM-SHELFMGR-6-NODE_STATE_CHANGE : 0/2/CPU0 A9K-8T-L state:BRINGDOWN RP/0/RSP0/CPU0:Jun 16 11:27:58.075 : invmgr[234]: %PLATFORM-INV-6-NODE_STATE_CHANGE : Node: 0/2/CPU0, state: BRINGDOWN RP/0/RSP0/CPU0:Jun 16 11:28:04.026 : shelfmgr[352]: %PLATFORM-SHELFMGR-6-NODE_STATE_CHANGE : 0/2/CPU0 A9K-8T-L state:ROMMON RP/0/RSP0/CPU0:Jun 16 11:28:26.636 : shelfmgr[352]: %PLATFORM-SHELFMGR_HAL-6-BOOT_REQ_RECEIVED : Boot Request from 0/2/CPU0, RomMon Version: 1.3 RP/0/RSP0/CPU0:Jun 16 11:28:26.639 : shelfmgr[352]: %PLATFORM-MBIMGR-7-IMAGE_VALIDATED : Remote location 0/2/CPU0: : MBI tftp:/disk0/asr9k-os-mbi-4.1.0/lc/mbiasr9k-lc RP/0/RSP0/CPU0:Jun 16 11:28:26.639 : shelfmgr[352]: %PLATFORM-SHELFMGR-6-NODE_STATE_CHANGE : 0/2/CPU0 A9K-8T-L state:MBI-BOOTING RP/0/RSP0/CPU0:Jun 16 11:29:26.295 : shelfmgr[352]: %PLATFORM-SHELFMGR-6-NODE_STATE_CHANGE : 0/2/CPU0 A9K-8T-L state:MBI-RUNNING LC/0/2/CPU0:16: init[65540]: %OS-INIT-7-MBI_STARTED : total time 10.058 seconds LC/0/2/CPU0:Jun 16 11:29:29.619 : insthelper[61]: %INSTALL-INSTHELPER-7-PKG_DOWNLOAD : MBI running; starting software download LC/0/2/CPU0:Jun 16 11:29:47.569 : sysmgr[89]: %OS-SYSMGR-5-NOTICE : Card is COLD started LC/0/2/CPU0:Jun 16 11:29:47.833 : init[65540]: %OS-INIT-7-INSTALL_READY : total time 32.328 seconds LC/0/2/CPU0:Jun 16 11:29:49.240 : sysmgr[320]: %OS-SYSMGR-6-INFO : Backup system manager is ready LC/0/2/CPU0:Jun 16 11:29:50.345 : syslog_dev[87]: dumper_config[148]: LC/0/2/CPU0:Jun 16 11:29:50.356 : syslog_dev[87]: dumper_config[148]: The node id is 2081 And the normal reload of the LC and everything goes back to normal. TAC case has been created but no awnser so far. We have not found any relevant SMU or know bugs. I found the following in one of the ASRs. RP/0/RSP0/CPU0:core-foo-bar-1#sh asic-errors fia 0 all location 0/RSP0/CPU0 * Generic Errors * Name: OC_INTERNAL_LOG_RF_UNEXP_SEG-GENERIC Node Key: 0x1050015 Thresh/period(s): 10/2 Alarm state: OFF Error count : 2 Last clearing : Sat Jun 11 08:04:44 2011 Last N errors : 2 -- First N errors. @Time, Error-Data -- Jun 11 08:04:44.498: RF unexp seg log oc 0, addr 0x0, src 2 fa00 fafafafa 0ffafafa 0f020f02 - 020e0f02 020e020e 0f020f0e 0f020f02 00020202 Jun 16 11:27:58.019: RF unexp seg log oc 0, addr 0x0, src 2 e15b5b5b e1e1e1e1 0fe1e1e1 0f020f02 - 020e0f02 020e020e 0e020e0e 0e020e02 00020202 -- Name: OC_RF1_INT_LO_UNEXP_SEG-GENERIC Node Key: 0x10501c7 Thresh/period(s): 10/2 Alarm state: OFF Error count : 2 Last clearing : Sat Jun 11 08:04:44 2011 Last N errors : 2 -- First N errors. @Time, Error-Data -- Jun 11 08:04:44.498: OC_RF1_INT_MSK Jun 16 11:27:58.019: OC_RF1_INT_MSK -- *ASIC Reset Errors * Any opinions or comments appreciated! Best Regards Mattias Gyllenvarg Bredband2 Sweden ___ cisco-nsp mailing list cisco-nsp
Re: [c-nsp] Recieving Dying Gasp notifications
Heir heir This is a feature I would like too see. But via syslog, I dont know if there is enough running time for the switch too create a packet and send it before the psu is drained. Otherwise I guess a regular DG that could be logged if enabled would work aswell. This would save alot of time when trying to narrow down a link down due too powerloss. //Wyatt Gyllenvarg Bredband2 Sweden 2010/6/17 Atif Sid guru6...@gmail.com: http://www.cisco.com/en/US/products/ps9637/index.html ME3400 series support the feature. On Tue, Jun 15, 2010 at 12:27 PM, Kaegler, Mike kaegl...@tessco.com wrote: I have a few remote sites which can be prone to power failures. For various reasons, implementing UPSs with management cards is not suitable and/or desirable. The remote equipment all supports Dying Gasp, however, but I cannot seem to find a way to make my 7200s, 3800s, or 2600s to receive the DG notifications. Google seems to indicate that only the CRS-1 will do it. This seems a pretty simple low-cost feature... is there truly no Cisco support for receiving DG on sub-million-dollar routers? -porkchop ___ cisco-nsp mailing list cisco-...@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/ ___ cisco-nsp mailing list cisco-...@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/ ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] Multicast trickery
Dear All Paul, thank you for your reply! I will test some of this today. What I am missing in my understanding of this is 2 major things. How would I get the SVI toward the flooding multicast provider to know what floods it is receiving? ip mroute? or does it learn when a certain packet is recieved? Perhaps I have not waited long enough? What would a static multicast route look like, all my attempts indicate that I don not understand how it works :p Best regards Mattias Gyllenvarg Omnitron 2009/10/20 Paul Cosgrove paul.cosgrove@gmail.com: Hi Mattias If I understand your topology correctly, the configuration should be very similar to what you would use for any other internal source. The difference in this case that the source in this case is the provider network, and being untrusted requires additional precautions on the input interface (only). Considering a conventional Anycast RP multicast topology for a moment, when the multicast packets are received by the DR, the DR encapsulates the packets as unicast register messages and sends them to the nearest RP for that group. The RP effectively converts the first register messages to a source active message, and then sends the SA to each configured MSDP peer. In this example the SA is originated because a register messages has been received for a new source. The register message is sent to that router because it is a active RP for the group. Since you are using BSR you have only one active RP for each group, and is may be important which that is in this case. Is your second C-RP is the active RP for the group you are having problems with? Tested a topology with a combined DR and RP, some years ago. It may work if you run PIM-SM and the RP is the DR for the subnet, but if I recall correctly, behaviour differed between different routers/software versions and it did not work well/often. You should be able to test this easily enough by debugging msdp and pinging an unused multicast group from a router connected to your RP. With pim-sm enabled on the RP's input interface, and the RP elected as DR, you may still find that no SA is originated. You could try to persuade your second provider to provide MSDP and BGP information, but I guess you have already tried that approach. Alternatively attach another router to your RP and have the provider present the multicast stream on that. As well as the bsr boundary, and acls to stop pim (inc unicast pim), make sure you have pim register rate-limit applied. You must also make sure that traffic to the auto rp groups is not permitted into your network. IP multicast boundary is useful. The method in the link that Hans provided should also work, though I would think it wise to test in a lab first if you are thinking of applying it to one of your main C-RP routers; or apply it on another router entirely. The acl you mentioned will not stop multicast packets sent by the router on which it is applied, and that is likely to be why multicast traffic is still leaking through. If this router is the RP for a particular multicast group, when one of your sources begins sending to a group, the first packet the RP router receives is as a unicast register message, which it decapsulates before transmission. The path of the packet through the router is not the same as for native multicast, since it is unicast to the RP and has to be punted to the CPU; it may be that these decapsulated packets are not being filtered. If you have static RP definitions anywhere in your network, traffic to groups without a configured RP might also be leaking out. IP multicast boundary may help. You mentioned Anycast-RP, and using that with static RP definitions is quite straightforward to configure and maintain, perhaps easier than you think. Paul. On Tue, Oct 20, 2009 at 6:03 PM, Wyatt Mattias Gyllenvarg wyatt.elias...@gmail.com wrote: Hi Hans I have set BSR-BORDER on the interface, so that should not be it. I want too run PIM-DM but as long as I send PIM-packets I can not. Anyone have a theory about the filter not biting? Im not at work now but it looks something like. Deny ip pim any any Deny ip any multicast Permit any any Best regards Mattias Gyllenvarg 2009/10/20 Hans Verkerk hverk...@winitu.com: Hi, If I run PIM-DM they call me in a hurry and tell me that my PIM packets are disturbing the network. Maybe your BSR packets are interfering with SP2's network, so include ip pim bsr-border on interface facing SP2. PIM DM sources can be distributed as follows into MSDP: http://www.cisco.com/en/US/docs/ios/ipmulti/configuration/guide/imc_msdp _im_pim_sm_ps6350_TSD_Products_Configuration_Guide_Chapter.html#wp105549 3 HTH, Hans -Original Message- From: cisco-nsp-boun...@puck.nether.net [mailto:cisco-nsp-boun...@puck.nether.net] On Behalf Of Wyatt Mattias Gyllenvarg Sent: Tuesday, October 20, 2009 6:23 PM To: cisco-nsp
[c-nsp] Multicast trickery
Hi All I am in need of pointers regarding a multicast configuration that does not fit the models found online or in the literature I have at hand. The network is built on PIM-SM with 2 BSR-RP routers (core1 and core2). At Core1 we receive a set of Multicast streams from IPTV-Provider 1 via PIM-SM and MSDP, this works fine. The mroutes are announced to Core2 via MSDP, works fine. At Core2 we receive a set of Multicasts that are flooded too us, this is the problem source. I can't distribute this in MSDP if I run PIM-SM. If I run PIM-DM they call me in a hurry and tell me that my PIM packets are disturbing the network. - So long I have not been able to filter out PIM packets with outbound acls on the SVI. I have used IP IGMP unidirectional... but that broke MSDP between the cores. Trying ip mroute gave me invalid source address How should I proceed too accept the multicast streams and inject them into MDSP. My hope is that I will get to a point where I can use MSDP between cores and ANYCAST my RPs. Best regards Mattias Gyllenvarg Omnitron Sweden ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] Multicast trickery
Hi Hans I have set BSR-BORDER on the interface, so that should not be it. I want too run PIM-DM but as long as I send PIM-packets I can not. Anyone have a theory about the filter not biting? Im not at work now but it looks something like. Deny ip pim any any Deny ip any multicast Permit any any Best regards Mattias Gyllenvarg 2009/10/20 Hans Verkerk hverk...@winitu.com: Hi, If I run PIM-DM they call me in a hurry and tell me that my PIM packets are disturbing the network. Maybe your BSR packets are interfering with SP2's network, so include ip pim bsr-border on interface facing SP2. PIM DM sources can be distributed as follows into MSDP: http://www.cisco.com/en/US/docs/ios/ipmulti/configuration/guide/imc_msdp _im_pim_sm_ps6350_TSD_Products_Configuration_Guide_Chapter.html#wp105549 3 HTH, Hans -Original Message- From: cisco-nsp-boun...@puck.nether.net [mailto:cisco-nsp-boun...@puck.nether.net] On Behalf Of Wyatt Mattias Gyllenvarg Sent: Tuesday, October 20, 2009 6:23 PM To: cisco-nsp@puck.nether.net Subject: [c-nsp] Multicast trickery Hi All I am in need of pointers regarding a multicast configuration that does not fit the models found online or in the literature I have at hand. The network is built on PIM-SM with 2 BSR-RP routers (core1 and core2). At Core1 we receive a set of Multicast streams from IPTV-Provider 1 via PIM-SM and MSDP, this works fine. The mroutes are announced to Core2 via MSDP, works fine. At Core2 we receive a set of Multicasts that are flooded too us, this is the problem source. I can't distribute this in MSDP if I run PIM-SM. If I run PIM-DM they call me in a hurry and tell me that my PIM packets are disturbing the network. - So long I have not been able to filter out PIM packets with outbound acls on the SVI. I have used IP IGMP unidirectional... but that broke MSDP between the cores. Trying ip mroute gave me invalid source address How should I proceed too accept the multicast streams and inject them into MDSP. My hope is that I will get to a point where I can use MSDP between cores and ANYCAST my RPs. Best regards Mattias Gyllenvarg Omnitron Sweden ___ cisco-nsp mailing list cisco-...@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/ ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
[c-nsp] ME3400-24FS 12.2(46)SE METROIPACCESS with no MLS QOS commands
Hi all! I've been racking my brain over this for a day now. I have a multicast stream that I have marked with a DSCP value close at the core of my net. I subscribe too it in an ME3400-24FS (12.2(46)SE METROIPACCESS). The problem is that the switch, contrary too documentation, has no mls qos commands. Neither global nor interface commands. I haven't found any reference too this change anywhere. So, how do I get it too trust the DSCP values it on the uplink port so I can reserve bandwidth for it on the outgoing port. Best regards Mattias Gyllenvarg ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] ME3400-24FS 12.2(46)SE METROIPACCESS with no MLS QOS commands
Hi Claes I figured that something like that would work, but it seems a like a stretch compared too mls qos trust. I will run a version of your config for the time being. Thanks Mattias Gyllenvarg 2009/4/15 Claes Jansson cl...@gastabud.com: Hi Mattias! I've been in the same position as you are now :-) But I finally solved it with the following config... The key is the input service-policy on the uplink interface it seems... ! class-map match-any video match ip dscp af41 class-map match-any voice match ip dscp ef ! policy-map uplink-in class video set dscp af41 class voice set dscp ef ! interface GigabitEthernet0/1 port-type nni switchport mode trunk service-policy input uplink-in ! And then for the customer interfaces i attach a policy-map that looks like this... // Shaping customer internet trafic at 10Mbit/s ! policy-map 10out class voice priority police cir 300 class video shape average 5000 class class-default shape average 1000 ! Best regards. //Claes Jansson At 08:47 2009-04-15, you wrote: Hi all! I've been racking my brain over this for a day now. I have a multicast stream that I have marked with a DSCP value close at the core of my net. I subscribe too it in an ME3400-24FS (12.2(46)SE METROIPACCESS). The problem is that the switch, contrary too documentation, has no mls qos commands. Neither global nor interface commands. I haven't found any reference too this change anywhere. So, how do I get it too trust the DSCP values it on the uplink port so I can reserve bandwidth for it on the outgoing port. Best regards Mattias Gyllenvarg ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/ ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] ME3400-24FS 12.2(46)SE METROIPACCESS with no MLS QOS commands
Hey All Thanks for your answers. Here is the end result. The equivalent config for mls qos trust dscp on a physical interface on a ME3400 is. policy-map uplink class class-default set dscp dscp interface gix/y service-policy input uplink User friendly clue was: me3400(config-pmap-c)#set dscp ? snip dscpSet packet dscp from dscp Enjoy Mattias Gyllenvarg 2009/4/15 Tassos Chatzithomaoglou ach...@forthnet.gr: Mattias, I believe the default mode is to not change the CoS/DSCP of packets, so you shouldn't have any problem. Also, you can use a policy-map under the interface if you want to modify the above. -- Tassos Wyatt Mattias Gyllenvarg wrote on 15/04/2009 09:47: Hi all! I've been racking my brain over this for a day now. I have a multicast stream that I have marked with a DSCP value close at the core of my net. I subscribe too it in an ME3400-24FS (12.2(46)SE METROIPACCESS). The problem is that the switch, contrary too documentation, has no mls qos commands. Neither global nor interface commands. I haven't found any reference too this change anywhere. So, how do I get it too trust the DSCP values it on the uplink port so I can reserve bandwidth for it on the outgoing port. Best regards Mattias Gyllenvarg ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/ ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/ ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
[c-nsp] Right IOS for 7600
Hi All Asking you real IOS gurus out there for the production options on IOS upgrades. Where running 7600 Sup720PFC3BLX OSPF BGP and wish too add microFlow policing Netflow Currently on 12.2(18)SXF7 I understand that are several trains too choose from. Best Regards Mattias Gyllenvarg Omnitron ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
[c-nsp] Ip unnumbered on 3750
Hi All I was playing around with an ip unnumbered config for our Dist-layer. I got a working config on a 3560 ie int loopback 10 ip address x.x.x.x y.y.y.y Vlan x ip unnumbered loopback 10 Vlan x1 ip unnumbered loopback 10 Vlan x2 ip unnumbered loopback 10 The same wont work on 3750 which gives the following when inputing the ip unnumbered command. Point-to-point (non-multi-access) interfaces only My question is, is there a work around for this or will 3750 never support ip unnumbered on multi-access interfaces? Best regards Mattias Gyllenvarg Omnitron ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] %SW_MATM-4-MACFLAP_NOTIF
Hi all We have seen 3 instances of this the last days where a host (probably infected with a virus) has been broadcasting the mac of the local GW. Effectivly switching alla outbound traffic too his port. Fix has been too shutdown the offending port. So far this has only effected older setups. //Mattias Gyllenvarg 2008/10/16 Ozgur Guler [EMAIL PROTECTED]: no mac address-table notification mac-move might help. --- On Thu, 16/10/08, Jimmy Halim [EMAIL PROTECTED] wrote: From: Jimmy Halim [EMAIL PROTECTED] Subject: [c-nsp] %SW_MATM-4-MACFLAP_NOTIF To: cisco-nsp@puck.nether.net Date: Thursday, 16 October, 2008, 7:51 AM Hi guys, Recently I am getting the following log messages every 2 mins on the 3750 switch. Oct 16 06:45:50 UTC: %SW_MATM-4-MACFLAP_NOTIF: Host 0017.cbb3.08fc in vlan 403 is flapping between port Fa1/0/3 and port Gi1/0/1 Oct 16 06:45:50 UTC: %SW_MATM-4-MACFLAP_NOTIF: Host 0017.cbb3.08fc in vlan 402 is flapping between port Fa1/0/2 and port Gi1/0/1 Oct 16 06:46:43 UTC: %SW_MATM-4-MACFLAP_NOTIF: Host 0017.cbb3.08fc in vlan 402 is flapping between port Fa1/0/2 and port Gi1/0/1 This is non service impacting so far. However, I would like to know whether we can disable this logging or not. Anyone has any suggestions? Many Thanks, Jimmy ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/ ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/ ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/