Re: [c-nsp] ASR9902 experiences?

[Mattias Gyllenvarg]

So far there is one feature that is missing but it is the same to all IOS
XRs.
No AUTO-RP in a VRF.

On Thu, Feb 24, 2022 at 5:13 PM Gert Doering  wrote:

> Hi,
>
> On Thu, Feb 24, 2022 at 05:50:39PM +0200, Hank Nussbacher wrote:
> > We ordered 2x 9906s last month w/ delivery in August.
> > Will let you know how that turns out.
>
> Not sure the 9902/9903 are actually comparable to 9906... 2RU/3RU
> "mostly fixed" chassis with special-cased RPs vs. regular modular
> ASR990x chassis.
>
> (Also, I do not think the 9906 falls under the new license regime,
> where you need to buy one license per 100G throughput, per feature
> that you want to use)
>
> gert
>
> --
> "If was one thing all people took for granted, was conviction that if you
>  feed honest figures into a computer, honest figures come out. Never
> doubted
>  it myself till I met a computer with a sense of humor."
>  Robert A. Heinlein, The Moon is a Harsh
> Mistress
>
> Gert Doering - Munich, Germany
> g...@greenie.muc.de
> ___
> cisco-nsp mailing list  cisco-nsp@puck.nether.net
> https://puck.nether.net/mailman/listinfo/cisco-nsp
> archive at http://puck.nether.net/pipermail/cisco-nsp/
>


-- 
*Med Vänliga Hälsningar / Best Regards*
*Mattias Gyllenvarg*
___
cisco-nsp mailing list  cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/

Re: [c-nsp] [External Email] Re: big uptime - what you got ?

[Mattias Gyllenvarg]

SE-LIN-UTSIKT-DR01 uptime is 9 years, 29 weeks, 4 days, 8 hours, 28 minutes
Was a c3560 routing internet taken down 3 years ago, so only one PSU and
was internet facing the whole time.

On Mon, Feb 10, 2020 at 10:03 PM Alex D.  wrote:

> Am 10.02.2020 20:34, schrieb Aaron Gould:
> > You gotta tell me for reals if you still have cells going through that
> > box ?
>
> Of course, but i'm not really proud of it...
> We still have some legacy ATM-based DSLAMs which at last will be
> migrated in the near future.
>
> atm-03#sh atm vp traffic | exclude _0_
>
> Interface VPI  Type   rx-cell-cntstx-cell-cnts
> ATM0/0/0  155   PVP 1617074216170742
> ATM0/0/1  56PVP   3821416440  1616175059
> ATM0/0/3  55PVP   2284738845  3258701319
> ATM0/0/3  67PVP   1485515268  3223706467
> ATM0/1/0  60PVP   4275386120  2464155772
> ATM0/1/0  160   PVP   2959974087  1832732006
> ATM1/0/0  57PVP242123401  1760822153
> ATM1/0/0  58PVP785803508  3195153964
> ATM1/0/0  59PVP480804395   802898023
> ATM1/0/0  64PVP   3718629757  1127881370
> ATM1/0/0  68PVP130085993   130046761
> ATM1/0/0  82PVP   1573546560  1474080793
> ATM1/0/1  56PVP   1616175059  3821416440
> ATM1/0/1  57PVP   1760822153   236202714
> ATM1/0/1  58PVP   3195153964   740660575
> ATM1/0/1  59PVP802898023   480765701
> ATM1/0/1  64PVP   1127884215  3718547821
> ATM1/0/1  66PVP   156172  1150227936
> ATM1/0/1  68PVP130046761   130080344
> ATM1/0/1  82PVP   1474080793  1573546221
> ATM1/0/3  60PVP   2464150498  4275391370
> ATM1/0/3  160   PVP   1832731988  2959974105
> ATM1/1/0  67PVP   3223706538  1485515594
> ATM1/1/1  66PVP   1150227974  1562000721
> ATM3/1/3  55PVP   3258701461  2284739876
> ATM3/1/3  155   PVP 1617074216170742
>
>
> Regards,
> Alex
> ___
> cisco-nsp mailing list  cisco-nsp@puck.nether.net
> https://puck.nether.net/mailman/listinfo/cisco-nsp
> archive at http://puck.nether.net/pipermail/cisco-nsp/
>


-- 
*Med Vänliga Hälsningar / Best Regards*
*Mattias Gyllenvarg*
___
cisco-nsp mailing list  cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/

Re: [c-nsp] mVPN mroute flags

[Mattias Gyllenvarg]

So, this is a feature and not an error flag, that indicates that
superfluous PIM messages are not sent.

tis 29 maj 2018 kl 14:36 skrev :

> > Mattias Gyllenvarg
> > Sent: Tuesday, May 29, 2018 1:05 PM
> >
> > Dear All
> >
> > Does anyone know the function of the "n - BGP C-Mroute suppressed  " flag
> > as seen below?
> >
> > IP Multicast Routing Table
> > Flags: D - Dense, S - Sparse, B - Bidir Group, s - SSM Group, C -
> Connected,
> >L - Local, P - Pruned, R - RP-bit set, F - Register flag,
> >T - SPT-bit set, J - Join SPT, M - MSDP created entry, E -
> Extranet,
> >X - Proxy Join Timer Running, A - Candidate for MSDP
> Advertisement,
> >U - URD, I - Received Source Specific Host Report,
> >Z - Multicast Tunnel, z - MDT-data group sender,
> >Y - Joined MDT-data group, y - Sending to MDT-data group,
> >G - Received BGP C-Mroute, g - Sent BGP C-Mroute,
> >N - Received BGP Shared-Tree Prune, n - BGP C-Mroute suppressed,
> >Q - Received BGP S-A Route, q - Sent BGP S-A Route,
> >V - RD & Vector, v - Vector, p - PIM Joins on route,
> >x - VxLAN group
> >
> >
> > (Cust-SOURCE, Cust-MROUTE), 00:00:04/00:02:55, flags: Tn   <-
> >   Incoming interface: Lspvif22, RPF nbr , Mbgp
> >   Outgoing interface list:
> > BDI-CUST, Forward/Sparse, 00:00:04/00:03:25
> >
> >
> Well with BGP c-mcast you're basically translating the customer PIM
> messages
> received from attached CE into a BGP routes on PEs -so that you don't need
> to run c-PIM full mesh between all PEs participating in a given mVPN (and
> for each mVPN) -which is simply not practical.
> And same as PIM messages can be supressed in various scenarios (PIM Join
> suppression/PIM register suppression) -the resulting BGP updates (PIM msgs
> translated into BGP routes) can be suppressed too, to reduce the
> unnecessary
> messaging churn.
>
> adam
>
> netconsultings.com
> ::carrier-class solutions for the telecommunications industry::
>
>
> --
Mvh
Mattias Gyllenvarg
___
cisco-nsp mailing list  cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/

[c-nsp] mVPN mroute flags

[Mattias Gyllenvarg]

Dear All

Does anyone know the function of the "n - BGP C-Mroute suppressed  " flag
as seen below?

IP Multicast Routing Table
Flags: D - Dense, S - Sparse, B - Bidir Group, s - SSM Group, C - Connected,
   L - Local, P - Pruned, R - RP-bit set, F - Register flag,
   T - SPT-bit set, J - Join SPT, M - MSDP created entry, E - Extranet,
   X - Proxy Join Timer Running, A - Candidate for MSDP Advertisement,
   U - URD, I - Received Source Specific Host Report,
   Z - Multicast Tunnel, z - MDT-data group sender,
   Y - Joined MDT-data group, y - Sending to MDT-data group,
   G - Received BGP C-Mroute, g - Sent BGP C-Mroute,
   N - Received BGP Shared-Tree Prune, n - BGP C-Mroute suppressed,
   Q - Received BGP S-A Route, q - Sent BGP S-A Route,
   V - RD & Vector, v - Vector, p - PIM Joins on route,
   x - VxLAN group


(Cust-SOURCE, Cust-MROUTE), 00:00:04/00:02:55, flags: Tn   <-
  Incoming interface: Lspvif22, RPF nbr , Mbgp
  Outgoing interface list:
BDI-CUST, Forward/Sparse, 00:00:04/00:03:25


-- 
Mvh
Mattias Gyllenvarg
___
cisco-nsp mailing list  cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/

Re: [c-nsp] BGP not advertising supernet to RR's

[Mattias Gyllenvarg]

You can test the hits in the route-map with "sh ip bgp route-map G_RANGES"
and see if it hits correctly.

If the redist statements are new then they will take time to be
implemented, 20min I think for a full BGP rerun. If you are in a hurry,
remove and re add the route.

Do you receive this route via BGP aswell? Perhaps this is not the best
route as BGP sees it.

tis 26 sep. 2017 kl 08:10 skrev CiscoNSP List <cisconsp_l...@hotmail.com>:

> Hi Everyone,
>
>
> Have a problem with supernet being advertised from an ASR1006 to our RR's
> - Prefix is in the routing table, and in bgp, but the router is only
> advertising smaller prefixes to the RR's (/30,/29, 28 etc)...I
>
> dont *think* its due to the PL (As it should be allowing anything less
> that /32...which it appears to be doing as /30,/29 etc are being
> advertised?)
>
>
> Appreciate any assistance.
>
>
> ** Ah - Update, just noticed as I was about to hit send that the supernet
> is not being tagged with any community.smaller prefixes are though? So
> route-map is tagging "some" prefixes within the
>
> supernet?
>
>
> router bgp 1***6
>  address-family ipv4
>   redistribute connected route-map G_RANGES
>   redistribute static route-map G_RANGES
>
>
> neighbor xxx.xxx.76.204 route-map TO_ME1_RR out
>
>
> route-map TO_ME1_RR permit 10
>  match community CL_G_RANGES
> route-map TO_ME1_RR permit 20
>  match community CL_G_CUST_BGP_RANGES
> route-map TO_ME1_RR permit 30
>  match community CL_DEFAULT_ROUTE
>
>
> ip community-list standard CL_G_RANGES permit 1***6:1301
> ip community-list standard CL_G_RANGES permit 1***6:1302
>
>
> route-map G_RANGES permit 10
>  match ip address prefix-list PL_G_PREFIXES
>  set community 1***6:1000 1***6:1301 1***6:11000
> route-map G_RANGES permit 20
>  match ip address prefix-list PL_N***S_PREFIXES
>  set community 1***6:1400
>
>
> ip prefix-list PL_G_PREFIXES description G _PREFIXES
> ip prefix-list PL_G_PREFIXES seq 5 permit xxx.xxx.xxx.xxx.0/20 le 32
> ip prefix-list PL_G_PREFIXES seq 10 permit yyy.yyy.yyy.yyy/21 le 32
>
>
>
> #sh ip prefix-list PL_G_PREFIXES seq 5
>seq 5 permit xxx.xxx.xxx.xxx.0/20 le 32 (hit count: 4833, refcount: 1)
>
>
> #sh ip route xxx.xxx.xxx.xxx.0 255.255.240.0
> Routing entry for xxx.xxx.xxx.xxx.0/20, supernet
>   Known via "static", distance 1, metric 0 (connected)
>   Redistributing via bgp 1***6, ospf 100
>   Advertised by bgp 1***6 route-map G_RANGES
>   Routing Descriptor Blocks:
>   * directly connected, via Null0
>   Route metric is 0, traffic share count is 1
>
>
> #sh ip bgp xxx.xxx.xxx.xxx.0 255.255.240.0
> BGP routing table entry for xxx.xxx.xxx.xxx.0/20, version 311740657
> Paths: (1 available, best #1, table default)
>   Advertised to update-groups:
>  544552555591
>   Refresh Epoch 1
>   Local
> 0.0.0.0 from 0.0.0.0 (xxx.xxx.76.253)
>   Origin IGP, metric 0, localpref 100, weight 32768, valid, sourced,
> local, best
>   rx pathid: 0, tx pathid: 0x0
>
>
> #sh ip bgp neighbors xxx.xxx.76.204 advertised-routes
>
>  *>  xxx.xxx.xxx.xxx.32/30 0.0.0.0  0 32768 ?
>  *>  xxx.xxx.xxx.xxx.40/30 0.0.0.0  0 32768 ?
>  *>  xxx.xxx.xxx.xxx.72/29 xxx.xxx.xxx.xxx.900 32768 ?
>  *>  xxx.xxx.xxx.xxx.88/30 0.0.0.0  0 32768 ?
>  *>  xxx.xxx.xxx.xxx.100/30
>0.0.0.0  0 32768 ?
>  Network  Next HopMetric LocPrf Weight Path
>  *>  xxx.xxx.xxx.xxx.112/28
>xxx.xxx.78.230   0 32768 ?
>  *>  xxx.xxx.xxx.xxx.136/30
>xxx.xxx.78.230   0 32768 ?
>  *>  xxx.xxx.xxx.xxx.164/30
>xxx.xxx.xxx.xxx.102   0 32768 ?
>
>
> Thanks
>
>
> ___
> cisco-nsp mailing list  cisco-nsp@puck.nether.net
> https://puck.nether.net/mailman/listinfo/cisco-nsp
> archive at http://puck.nether.net/pipermail/cisco-nsp/
>
-- 
Mvh
Mattias Gyllenvarg
___
cisco-nsp mailing list  cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/

Re: [c-nsp] PVLAN Edge on 4500 Sup8E

[Mattias Gyllenvarg]

There is a need to do vlan mapping and regular trunks on the customer
interfaces.
Was this in Sup8E, we know all other Sups can not do this.

ons 5 juli 2017 kl 14:15 skrev Lukas Tribus <luky...@hotmail.com>:

> > Does anyone have experience with PVLAN Edge / Switchport Protect on the
> > 4500 Sup8E?
> >
> > Documentation is sparse and there is confusion about the feature as the
> box
> > is meant to run private vlans. This will not be possible in this case.
> >
> > We are getting some resistance from a third party that claims this is
> not a
> > permanent feature in the box. That he can not guarantee will be in future
> > releases.
>
> Last I looked at I came to the same conclusion as your third party; you can
> only go full-blown PVLAN on this box, you do not have a "simple" pvlan edge
> aka switchport proteceted feature.
>
> And that is what I did, going full PVLAN.
>
> What's the reason PVLAN is not possible?
>
>
>
> Lukas
>
-- 
Mvh
Mattias Gyllenvarg
___
cisco-nsp mailing list  cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/

[c-nsp] PVLAN Edge on 4500 Sup8E

[Mattias Gyllenvarg]

Dear All

Does anyone have experience with PVLAN Edge / Switchport Protect on the
4500 Sup8E?

Documentation is sparse and there is confusion about the feature as the box
is meant to run private vlans. This will not be possible in this case.

We are getting some resistance from a third party that claims this is not a
permanent feature in the box. That he can not guarantee will be in future
releases.
-- 
Mvh
Mattias Gyllenvarg
___
cisco-nsp mailing list  cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/

Re: [c-nsp] NCS4200 - re-badged ASR920 / ASR900 ?

[Mattias Gyllenvarg]

Perhaps it will take the place of the ME3800X?

tis 25 apr. 2017 kl 08:08 skrev Ted Johansson <ted.johans...@tele2.com>:

> The ASR900 series will not be replaced by NCS4200, both series will
> co-exist.
>
> Best Regards
> Ted
>
> -Original Message-
> From: cisco-nsp [mailto:cisco-nsp-boun...@puck.nether.net] On Behalf Of
> CiscoNSP List
> Sent: den 25 april 2017 06:05
> To: cisco-nsp@puck.nether.net
> Subject: [c-nsp] NCS4200 - re-badged ASR920 / ASR900 ?
>
> Just noticed these on Cisco's site - They appear to be just re-badged
> ASR920/ASR900's? (They even use ASR920 power supplies etc)
>
> Anyone have any info on them?  Is this Cisco discretely releasing a "new"
> ASR920/900 that supports Laeba-based chips perhaps, and ASR900/920 will be
> "replaced"?
>
> Cant find much info on them re hardware specsbut only had a quick
> google/search on Cisco's Site.
>
> Links on both -
>
> ie.   NCS4201 = ASR920-24SZ-M
> NCS4202 = ASR920-12SZ-IM
>
> They look identical anyway :)
>
>
> http://www.cisco.com/c/en/us/products/collateral/optical-networking/network-convergence-system-4200-series/datasheet-c78-736910.html
>
>
> http://www.cisco.com/c/en/us/products/collateral/routers/asr-920-series-aggregation-services-router/datasheet-c78-733397.html
>
>
> http://www.cisco.com/c/en/us/td/docs/routers/asr920/hardware/installation/guide-12sz-im/b-asr-920-12-SZ-IM/b-asr-920-crete_chapter_00.html
>
>
> http://www.cisco.com/c/en/us/products/routers/asr-920-series-aggregation-services-router/models-comparison.html
>
>
> http://www.cisco.com/c/en/us/products/collateral/optical-networking/network-convergence-system-4200-series/datasheet-c78-738102.html
>
>
> http://www.cisco.com/c/en/us/products/collateral/routers/asr-903-series-aggregation-services-routers/datasheet-c78-738339.html
>
>
> Cheers
>
> ___
> cisco-nsp mailing list  cisco-nsp@puck.nether.net
> https://puck.nether.net/mailman/listinfo/cisco-nsp
> archive at http://puck.nether.net/pipermail/cisco-nsp/
>
>  IMPORTANT NOTICE 
> The content of this e-mail is intended for the addressee(s) only and may
> contain information that is confidential and/or otherwise protected from
> disclosure. If you are not the intended recipient, please note that any
> copying, distribution or any other use or dissemination of the information
> contained in this e-mail (and its attachments) is strictly prohibited. If
> you have received this e-mail in error, kindly notify the sender
> immediately by replying to this e-mail and delete the e-mail and any copies
> thereof.
>
> Tele2 AB (publ) and its subsidiaries (“Tele2 Group”) accepts no
> responsibility for the consequences of any viruses, corruption or other
> interference transmitted by e-mail.
> ___
> cisco-nsp mailing list  cisco-nsp@puck.nether.net
> https://puck.nether.net/mailman/listinfo/cisco-nsp
> archive at http://puck.nether.net/pipermail/cisco-nsp/

-- 
Mvh
Mattias Gyllenvarg
___
cisco-nsp mailing list  cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/

[c-nsp] Ode to the old days

[Mattias Gyllenvarg]

Dear All

10year 4weeks 6days and about 11hours ago I was working for my first ISP
(ispA).

On that day I put a 3560-24TS into production as a device to terminate to a
Metronet running OSPF/BGP och public IP space.

A few years later I started consulting for ispB who later split into and
became ispC for whom I worked for several years.

After this I ventured into a smaller ISP (ispD) that was acquiring ispA.

During that time that 3560 has been working without issue or power
interruptions.
Today, that it was replaced to add MPLS capabilities to the node boasting
an up-time of 10 years 4 weeks 6 days and 11 hours.

I fear I will never beat this record in my career.

To the old gear!
___
cisco-nsp mailing list  cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/

Re: [c-nsp] BGP with MPLS

[Mattias Gyllenvarg]

Well L2 is hard and ugly, L3 is fine. :p

ons 5 okt. 2016 kl 14:35 skrev Mattias Gyllenvarg <matt...@gyllenvarg.se>:

> L3 redundancy is hard and ugly without MPLS. L3 is fine without.
>
> tis 4 okt. 2016 kl 21:59 skrev Maile Halatuituia <maile.halatuit...@tcc.to
> >:
>
> ​Mattias
>
> Thanks for your reply now i have more clear of what it is i am trying to
> do on my lab. What i need is to be able to setup the network now that in
> the future it would support L3 MPLS VPN, and L2 VPN.
>
> Moreover i have this two L3 switch which i confirm do not support MPLS
> commands , with several L2 ones which i want to setup that it is Redundan
> as well. If one PE goes down every thing will still be working 
>
> I hope i am not add confusion to my question.
>
> Cheers.
>
> Maile.
> --
> *From:* Mattias Gyllenvarg <matt...@gyllenvarg.se>
> *Sent:* Wednesday, October 5, 2016 3:04 AM
> *To:* Maile Halatuituia
>
> *Subject:* Re: [c-nsp] BGP with MPLS
> You do not need MPLS to carry the traffic.
>
> But you will offcourse loose all the features MPLS adds to regular
> data-link capabilites.
>
> tis 4 okt. 2016 kl 05:00 skrev Maile Halatuituia <maile.halatuit...@tcc.to
> >:
>
> Hi
>
> Can i do BGP without MPLS between my two PE routers.
>
> My question is to my understabd that BGP carry the means of reachability
> between the two PE but it is the mpls actually carry the traffic. Can
> someone correct me if i am wrong or suggest any best approach to this.
>
> The reason is that my PE router does not support MPLS .
>
> Hope to hear you soon.
>
>
> Confidentiality Notice: This email (including any attachment) is intended
> for internal use only. Any unauthorized use, dissemination or copying of
> the content is prohibited. If you are not the intended recipient and have
> received this e-mail in error, please notify the sender by email and delete
> this email and any attachment.
> ___
> cisco-nsp mailing list  cisco-nsp@puck.nether.net
> https://puck.nether.net/mailman/listinfo/cisco-nsp
> archive at http://puck.nether.net/pipermail/cisco-nsp/
>
> Confidentiality Notice: This email (including any attachment) is intended
> for internal use only. Any unauthorized use, dissemination or copying of
> the content is prohibited. If you are not the intended recipient and have
> received this e-mail in error, please notify the sender by email and delete
> this email and any attachment.
> Confidentiality Notice: This email (including any attachment) is intended
> for internal use only. Any unauthorized use, dissemination or copying of
> the content is prohibited. If you are not the intended recipient and have
> received this e-mail in error, please notify the sender by email and delete
> this email and any attachment.
>
>
___
cisco-nsp mailing list  cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/

Re: [c-nsp] BGP with MPLS

[Mattias Gyllenvarg]

L3 redundancy is hard and ugly without MPLS. L3 is fine without.

tis 4 okt. 2016 kl 21:59 skrev Maile Halatuituia <maile.halatuit...@tcc.to>:

> ​Mattias
>
> Thanks for your reply now i have more clear of what it is i am trying to
> do on my lab. What i need is to be able to setup the network now that in
> the future it would support L3 MPLS VPN, and L2 VPN.
>
> Moreover i have this two L3 switch which i confirm do not support MPLS
> commands , with several L2 ones which i want to setup that it is Redundan
> as well. If one PE goes down every thing will still be working 
>
> I hope i am not add confusion to my question.
>
> Cheers.
>
> Maile.
> --
> *From:* Mattias Gyllenvarg <matt...@gyllenvarg.se>
> *Sent:* Wednesday, October 5, 2016 3:04 AM
> *To:* Maile Halatuituia
>
> *Subject:* Re: [c-nsp] BGP with MPLS
> You do not need MPLS to carry the traffic.
>
> But you will offcourse loose all the features MPLS adds to regular
> data-link capabilites.
>
> tis 4 okt. 2016 kl 05:00 skrev Maile Halatuituia <maile.halatuit...@tcc.to
> >:
>
> Hi
>
> Can i do BGP without MPLS between my two PE routers.
>
> My question is to my understabd that BGP carry the means of reachability
> between the two PE but it is the mpls actually carry the traffic. Can
> someone correct me if i am wrong or suggest any best approach to this.
>
> The reason is that my PE router does not support MPLS .
>
> Hope to hear you soon.
>
>
> Confidentiality Notice: This email (including any attachment) is intended
> for internal use only. Any unauthorized use, dissemination or copying of
> the content is prohibited. If you are not the intended recipient and have
> received this e-mail in error, please notify the sender by email and delete
> this email and any attachment.
> ___
> cisco-nsp mailing list  cisco-nsp@puck.nether.net
> https://puck.nether.net/mailman/listinfo/cisco-nsp
> archive at http://puck.nether.net/pipermail/cisco-nsp/
>
> Confidentiality Notice: This email (including any attachment) is intended
> for internal use only. Any unauthorized use, dissemination or copying of
> the content is prohibited. If you are not the intended recipient and have
> received this e-mail in error, please notify the sender by email and delete
> this email and any attachment.
> Confidentiality Notice: This email (including any attachment) is intended
> for internal use only. Any unauthorized use, dissemination or copying of
> the content is prohibited. If you are not the intended recipient and have
> received this e-mail in error, please notify the sender by email and delete
> this email and any attachment.
>
___
cisco-nsp mailing list  cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/

Re: [c-nsp] ASR-901 EoMPLS qinq

[Mattias Gyllenvarg]

We have moved to 920-4 for these situations.
901 has been a let down.

tis 5 juli 2016 kl 17:48 skrev Divo Zito :

>  Hello,
>
> I need to transport some double-tagged customers from SiteA to SiteB
> through a GbE link and to rewrite S-VLANs so that those I use on the
> aggregation-side interface are different from those I receive on the
> customer facing port.
>
> customers  aggregation
> (S-VLAN, C-VLAN)  (S-VLAN, C-VLAN)
>
> (10,100-199)\/(20,100-199)
> (11,100-199) -- [ A901-siteA ]  [ A901-siteB ] -- (21,100-199)
> (12,100-199)/\(22,100-199)
>
> I was considering to use ASR-901s with EVC xconnect, something similar
> to the following config...
>
> Site-A:
>
> interface GigabitEthernet0/1
>  description Customer facing port
>  service instance 10 ethernet
>   encapsulation dot1q 10
>   rewrite ingress tag pop 1 symmetric
>   xconnect 10.0.0.1 1 encapsulation mpls
>  service instance 11 ethernet
>   encapsulation dot1q 11
>   rewrite ingress tag pop 1 symmetric
>   xconnect 10.0.0.1 2 encapsulation mpls
>  ...
>
> Site-B:
>
> interface GigabitEthernet0/1
>  description Aggregation facing port
>  service instance 10 ethernet
>   encapsulation dot1q 20
>   rewrite ingress tag pop 1 symmetric
>   xconnect 10.0.0.2 1 encapsulation mpls
>  service instance 11 ethernet
>   encapsulation dot1q 21
>   rewrite ingress tag pop 1 symmetric
>   xconnect 10.0.0.2 2 encapsulation mpls
>  ...
>
> ... but on the "Configuring EoMPLS" guide [1] I found this:
>
> Restrictions for EoMPLS
> - EoMPLS xconnect port with double-tagged encapsulation is not supported
>
> Now I'm wondering whether my idea is really feasible with ASR-901 or not.
> If it's not, any hint on which low budget platform can I use? ASR-920?
>
> 1]
>
> http://www.cisco.com/c/en/us/td/docs/wireless/asr_901/Configuration/Guide/b_asr901-scg/b_asr901-scg_chapter_010100.html
> ___
> cisco-nsp mailing list  cisco-nsp@puck.nether.net
> https://puck.nether.net/mailman/listinfo/cisco-nsp
> archive at http://puck.nether.net/pipermail/cisco-nsp/
>
___
cisco-nsp mailing list  cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/

Re: [c-nsp] Etherchannel load-balacing change on live network

[Mattias Gyllenvarg]

I have done this many times with no noticeable effect. At least on modern
IOS versions.
There was a bug that caused all traffic to go over one interface which
required a reload to fix, but that was ages ago.

ons 6 juli 2016 kl 23:14 skrev Satish Patel :

> We have C3750 running src-mac etherchannel load-balancing, I want to
> change that to src-dst-ip base because its now routed switch (L3).
>
> Does it impact or affect any current traffic in order to change
> load-balancing? I believe its hardware base logic so doesn't impact on
> current traffic.
>
> In google i came across with this post
>
> https://supportforums.cisco.com/discussion/10264116/3750-etherchannel-load-balance-algorythm-changed-and-loss-connectivity
>
> what do you suggest anyone has any experience?
> ___
> cisco-nsp mailing list  cisco-nsp@puck.nether.net
> https://puck.nether.net/mailman/listinfo/cisco-nsp
> archive at http://puck.nether.net/pipermail/cisco-nsp/
>
___
cisco-nsp mailing list  cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/

Re: [c-nsp] mVPN Rosen - S,G is not refreshed but *,G is

[Mattias Gyllenvarg]

Puzzling indeed, they are also the same channels after reload and even IOS
upgrade.

tors 26 maj 2016 kl 10:13 skrev Adam Vitkovsky <adam.vitkov...@gamma.co.uk>:

> > Mattias Gyllenvarg [mailto:matt...@gyllenvarg.se]
> > Sent: Wednesday, May 25, 2016 1:20 PM
> >
> > Adam,
> >
> > Thank you for replying.
> >
> > There is no Data MDT at this point. Correct me if I am wrong but i
> gather that
> > it is not necessary so we are working on having basic functionality
> right now.
> >
> I see, yes the Data MDTs are not necessary.
> Ok so you can start by debugging the PIM in the VRF to see why the (S,G)
> is not being refreshed by the designated forwarder.
> What is puzzling though is that you have problems only with some streams.
>
> adam
>
>
>
> Adam Vitkovsky
> IP Engineer
>
> T:  0333 006 5936
> E:  adam.vitkov...@gamma.co.uk
> W:  www.gamma.co.uk
>
> This is an email from Gamma Telecom Ltd, trading as “Gamma”. The contents
> of this email are confidential to the ordinary user of the email address to
> which it was addressed. This email is not intended to create any legal
> relationship. No one else may place any reliance upon it, or copy or
> forward all or any of it in any form (unless otherwise notified). If you
> receive this email in error, please accept our apologies, we would be
> obliged if you would telephone our postmaster on +44 (0) 808 178 9652 or
> email postmas...@gamma.co.uk
>
> Gamma Telecom Limited, a company incorporated in England and Wales, with
> limited liability, with registered number 04340834, and whose registered
> office is at 5 Fleet Place London EC4M 7RD and whose principal place of
> business is at Kings House, Kings Road West, Newbury, Berkshire, RG14 5BY.
>
>
>
___
cisco-nsp mailing list  cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/

Re: [c-nsp] mVPN Rosen - S,G is not refreshed but *,G is

[Mattias Gyllenvarg]

Adam,

Thank you for replying.

There is no Data MDT at this point. Correct me if I am wrong but i gather
that it is not necessary so we are working on having basic functionality
right now.




ons 25 maj 2016 kl 13:45 skrev Adam Vitkovsky <adam.vitkov...@gamma.co.uk>:

> > Mattias Gyllenvarg
> > Sent: Tuesday, May 24, 2016 2:52 PM
> >
> > Dear All
> >
> > Any input is greatly appreciated!
> >
> > I have two PE ME3600X where one is RP (North) and one is has the customer
> > link (South).
> >
> > North receives a set of TV streams that work perfect locally. But over
> the
> > tunnel interface down to South SOME mroutes on North are not refreshed
> > properly.
> > The *,G is refreshed every minute or so but the S,G is not so it
> times-out and
> > is recreated 3min later.
> >
> > Source [NORTH] ---  --- [South] --- pim --- [vanilla 6500] -
> > Users
> >
> > From North:
> >
> > sh ip mroute vrf Foo-Barf 
> >
> > (*, M.C.S.T), 02:00:47/00:03:10, RP , flags: S
> >   Incoming interface: Null, RPF nbr 0.0.0.0
> >   Outgoing interface list:
> > Vlan3713, Forward/Sparse, 02:00:47/00:02:47
> > Tunnel2, Forward/Sparse, 00:47:09/00:03:10
> >
> > (U.C.S.T, M.C.S.T), 02:00:36/00:10:53, flags: MT
> >   Incoming interface: Vlan1112, RPF nbr , Mroute
> >   Outgoing interface list:
> > Vlan3713, Forward/Sparse, 02:00:36/00:02:47
> > Tunnel2, Forward/Sparse, 00:02:19/00:01:12
> >
> >
> > 
> >
> > Both boxes are running 15.3-3.S3 and are freshly rebooted.
> >
> > I have not found any bug to match the behavior.
> >
> Hmmm, since the (*,G) state is being refreshed the IGMP membership report
> to PIM Join translation should be fine I think.
> -is the south router the only one on the subnet to customer (is it the
> designated forwarder for all groups)?
> -but you can test with static IGMP join on the interface towards the
> receiver, if it helps
>
> Ok so let's assume the PIM Join is generated just fine and hits the RP,
> then RP forwards the join up the tree towards source.
> Source will start sending the stream down via shared tree so receivers on
> south will receive it.
> All this happens via the Default MDT that both routers are part of.
>
> At this point though the m-cast stream triggers the max kbps threshold for
> Default MDT on the north router.
> So the north router should signal to south router which Data MDT it should
> join to keep receiving this stream.
> So in global routing table the south router will join Data MDT m-cast
> group (as designated by north router in BGP update) with source on north
> router.
> -not sure how you have the Data MDT config done (if just one MDT is
> allowed or if other north to south streams sharing a common Default/Data
> MDT with the failed stream are fine, then it's probably not a problem with
> MDTs).
> -there might be some problems with Data MDTs.
> -maybe reaching max number and tunnel reuse is not working
> properly.
> -maybe reaching HW limits of the box with regards to Data MDT
> states or any of the HW limits associated with multicast states.
>
> While this switchover from Default to Data MDT is happening or even before
> it happens the designated forwarder (north router) will get the first
> packet and learns the source of the m-cast stream.
> At that moment it will join the source tree sending PIM join towards the
> source (not RP) creating (S,G) states along the path.
> This though happens in the VRF mcast RIB/FIB.
> So depending on which state the MDT trees are in, the (S,G) on south
> router might point to Default or Data MDT tunnel (which hopefully is in the
> same VRF as receiver and you're not doing extranet with tail-end
> replication).
> On north router the resulting (S,G) state should point to the interface
> where source is connected to. (which hopefully is in the same VRF as
> receiver and you're not doing extranet with head-end replication).
> - So I assume on south router the (S,G) states are being refreshed
> correctly by local receivers right?
> - And it's just the north router that doesn't seem to be getting the PIM
> (S,G) joins?
> - You can debug the S,G joins to see if south router is sending them via
> MDT tunnel to north router.
> - And on north router you can verify whether the (S,G) Joins are actually
> received and if yes whether they are accepted.
>
> As you can see there might be two things happening at the same time north
> PE initiating switchover from Default to Data MDT in global routing table
> and south PE (as designated forwarder) switching from share

[c-nsp] mVPN Rosen - S,G is not refreshed but *,G is

[Mattias Gyllenvarg]

Dear All

Any input is greatly appreciated!

I have two PE ME3600X where one is RP (North) and one is has the customer
link (South).

North receives a set of TV streams that work perfect locally. But over the
tunnel interface down to South SOME mroutes on North are not refreshed
properly.
The *,G is refreshed every minute or so but the S,G is not so it times-out
and is recreated 3min later.

Source [NORTH] ---  --- [South] --- pim --- [vanilla 6500] -
Users

>From North:

sh ip mroute vrf Foo-Barf 

(*, M.C.S.T), 02:00:47/00:03:10, RP , flags: S
  Incoming interface: Null, RPF nbr 0.0.0.0
  Outgoing interface list:
Vlan3713, Forward/Sparse, 02:00:47/00:02:47
Tunnel2, Forward/Sparse, 00:47:09/00:03:10

(U.C.S.T, M.C.S.T), 02:00:36/00:10:53, flags: MT
  Incoming interface: Vlan1112, RPF nbr , Mroute
  Outgoing interface list:
Vlan3713, Forward/Sparse, 02:00:36/00:02:47
Tunnel2, Forward/Sparse, 00:02:19/00:01:12




Both boxes are running 15.3-3.S3 and are freshly rebooted.

I have not found any bug to match the behavior.
___
cisco-nsp mailing list  cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/

Re: [c-nsp] what the heck is "ip forward-protocol nd" good for

[Mattias Gyllenvarg]

Yeah, This was discussed some time ago when they where planning on IOS 15
and checked what we wanted here on the list.

I asked for a global "modern standards/defaults" but no go.
Or legacy-default-off.
Nothing fancy, just like the above. No proxy-arp etc etc, stuff left behind
the last millenia.

ons 6 apr. 2016 kl 18:51 skrev Saku Ytti :

> On 6 April 2016 at 19:16, Sebastian Beutel
>  wrote:
>
> Hey,
>
> > So i asked wisdom of the search engines and found out, that there
> once
> > was a protocol with the name "sun-nd" and the ip protocol number 77,
> used in
> > suns diskless sun 2 stations. The line "ip forward-protocol nd" seems to
> be
> > the equivalent for sun-nd what ip-helper is for dhcp. Could this be? A
> > workaround for a 30 year old proprietary legacy protocol is in the
> default
> > configuration of a modern router? This is what i found:
>
> Helper is for any number of protocols iterated by 'ip
> forward-protocol'. Usually as you say DHCP (BOOTP).
>
> Cisco (and other vendors) are in difficult position when it comes to
> default settings. You ship with some config, and no matter how crazy
> they are, changing them will break something from someone.
>
> I think one solution to this would be to support multiple
> standard/default settings, and your config would have line about which
> standard you are using. If there is nothing, it's using the latest
> available in that image. This way people could choose when they adopt
> more modern standards and as vendors and customers learn how things
> should be configured, it would be lower barrier to introduce new
> standard.
> Basically this standard release would be just be config over which
> user config is merged on, likely very simple concept for ios-xr,
> junos, but perhaps not so simple for classic ios.
> --
>   ++ytti
> ___
> cisco-nsp mailing list  cisco-nsp@puck.nether.net
> https://puck.nether.net/mailman/listinfo/cisco-nsp
> archive at http://puck.nether.net/pipermail/cisco-nsp/
>
___
cisco-nsp mailing list  cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/

Re: [c-nsp] ME3800X/ME3600X/ME3600X-24CX/ASR903/ASR901 Deployment Simplification Feedback

[Mattias Gyllenvarg]

Even not considering vendor-lock you will have less options from said
supplier if you expect to use this as a universal solution.

The ASR920 series has many variants, I am capitalizing on this for our
topology.

There will always, I find, be the Odd ball requirement that makes these
kind of things impossible. Staying flexible is always a good approach.

tis 17 nov. 2015 kl 12:06 skrev Mark Tinka :

>
>
> On 17/Nov/15 13:00, Tom Marcoen wrote:
>
> > Mark
> >
> > That is a valid point but the company I work for already only uses Cisco
> for its routing/switching devices. So it's also a non-issue.
>
> Fair enough, then.
>
> The other point, for me, is making sure easy ring topologies you would
> build on the ME3600X/ASR920 using IP/MPLS can be replicated using
> satellites. There will be a temptation not to build satellites as
> point-to-point, but rather, as rings, and you don't want to find
> yourself caught out.
>
> Make sure you test and verify your ultimate Access topology before you
> buy, as satellites do not typically run IP/MPLS.
>
> Mark.
> ___
> cisco-nsp mailing list  cisco-nsp@puck.nether.net
> https://puck.nether.net/mailman/listinfo/cisco-nsp
> archive at http://puck.nether.net/pipermail/cisco-nsp/
>
___
cisco-nsp mailing list  cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/

Re: [c-nsp] dai / dhcp snooping bug

[Mattias Gyllenvarg]

Mike

I recently solved an issue a client had with a very similar setup and the
same symptoms.

They had a very complex PBR setup and the unicasts in the renew process got
misplaced .

tis 11 aug. 2015 kl 00:40 skrev Mike mike-cisconspl...@tiedyenetworks.com:

 On 08/10/2015 12:37 PM, Gert Doering wrote:
  Hi,
 
  On Mon, Aug 10, 2015 at 06:31:16AM -0700, Mike wrote:
  I've loaded SE7 and - suprise -  same problem, so it's not fixed. I have
  a directly connected device I can cause to refresh it's dhcp lease, and
  sure enough, a refresh doesn't do it, but a reboot of that device which
  casues a new round of dhcp discovery, does in fact work. A packet
  capture seems to confirm the unicast case failing - a client with an
  existing lease renewing will use unicast to the dhcp server, whereas a
  client starting up will use broadcast to find servers, and both the
  'discover' and 'request' phases in that case are broadcast destination.
  That was painful.
  Wild idea... put an ACL into place that will block the unicast renewal?
 
  gert


 I had that idea too. Another idea was to see if there might be some way
 to work with it... My dhcp model is one where the server is directly
 connected to the vlans being served, but I recently made changes in the
 direction of going to a full-on dhcp relay model instead where all
 switches are doing that instead. The open question then is, does it work
 correctly if the switch is acting as a dhcp relay? I unfortunately don't
 have the equipment on standby to set up a lab and test this out (story
 of my life), but if it worked then my problem would mostly be solved.
 Another idea would be to see if I could configure the dhcp server to
 just ignore unicast requests (easier than putting ACL's on the the
 switches).

 Mike-
 ___
 cisco-nsp mailing list  cisco-nsp@puck.nether.net
 https://puck.nether.net/mailman/listinfo/cisco-nsp
 archive at http://puck.nether.net/pipermail/cisco-nsp/

___
cisco-nsp mailing list  cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/

Re: [c-nsp] ASR920 Microbursts

[Mattias Gyllenvarg]

From what I have understood it is a 12MB global buffer pool.
On 4 Aug 2015 4:47 pm, Jordi Magrané Roig jordimagr...@hotmail.com
wrote:

 Dear Colleagues,



 Recently I have installed one ASR920 and I have configured on 1G interface
 one service instance with an outbound policy-map shaping to 30 Mbps. The
 problem is that I noticed that the ASR920 has the same microburst issue
 than
 the ME3600. I have tried to adjust the queue-limit in order to avoid drops
 but then the latency increments. I have configured:



 policy-map POLICY_CUSTOMER_EGRESS_30Mbps

 class class-default

   shape average 3000



 I have tried also with different classes of service but the issue still
 persist.



 I would like to know the recommendation about the queue-limit size, the
 relation with the values of burst committed and then what should be the
 recommended configuration of shaping, recommendations about fine tunning
 the
 shaping. I have noticed that there Cisco platforms that shape better, for
 example the ASR9001 or 7600 with ES+ shape better than ASR1000 with
 SPA-5X1GE-V2 or ME3600.



 Another problem is that I didn’t find enough information about QoS on
 ASR920
 platform. Somebody knows the default queue size of 1G port? How the packet
 buffer works? Is it like ME3600 (shared queue buffer per ASIC)?



 Thanks!





 ___
 cisco-nsp mailing list  cisco-nsp@puck.nether.net
 https://puck.nether.net/mailman/listinfo/cisco-nsp
 archive at http://puck.nether.net/pipermail/cisco-nsp/

___
cisco-nsp mailing list  cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/

Re: [c-nsp] ASR902 vs ME3800X

[Mattias Gyllenvarg]

I will not claim to be a expert on this platform.
But, from the CCW it looks like some cards can only be placed in slot 1-3
and others in 4-6.
So port density gets harder to calculate. Also, older cards are not
compatible with the new RSP. At least they can not be ordered in chassis
this way.

It seems a little early for this platform to be deeming things incompatible.

On Thu, Apr 23, 2015 at 3:49 PM, Adam Vitkovsky adam.vitkov...@gamma.co.uk
wrote:

  Mattias Gyllenvarg
  Sent: 23 April 2015 08:56
 
  Regarding what replaces the ME3800
 
  Was looking around the Cisco labyrinth and saw that the big RSP for the
  ASR 903 has 144Mb buffers and relatively interesting possibilities
  regarding interfaces.
  Assuming feature parity this would be a nice upgrade. Not to bad price,
 but
  some wierd limitation on card positions.
 

 Yeah the big RSP looks good, but it exists only for RSP1 which has only
 10Gbps per slot.
 What do you mean by the card position limitations please?


 adam


 --
 This email has been scanned for email related threats and delivered safely
 by Mimecast.
 For more information please visit http://www.mimecast.com
 --




-- 
*Med Vänliga Hälsningar / Best Regards*
*Mattias Gyllenvarg*
___
cisco-nsp mailing list  cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/

Re: [c-nsp] ASR902 vs ME3800X

[Mattias Gyllenvarg]

Regarding what replaces the ME3800

Was looking around the Cisco labyrinth and saw that the big RSP for the
ASR 903 has 144Mb buffers and relatively interesting possibilities
regarding interfaces.
Assuming feature parity this would be a nice upgrade. Not to bad price, but
some wierd limitation on card positions.

On Fri, Mar 27, 2015 at 9:16 PM, CiscoNSP List cisconsp_l...@hotmail.com
wrote:

 
  I've just resigned to the fact that there are some thing which will
  never make it to the ME3600X/3800X, for reasons unknown. On the back of
  the ASR920, I doubt much effort is going to be expended on the
  ME3600X/3800X any longer.
 
  We'd all do well to start deploying ASR920 in the coming few years.
 


 Hi Mark - Given Cisco's push(Well recommendation) on the ASR920 vs
 ME3600...have you heard any rumours on a new ASR900 that will be
 replacing the ME3800?

 The buffer space disparity(ASR920 v ME3600) still really confuses me...why
 would Cisco do this? If they increase the number of supported VPLS/PW/QOS
 etc instances on the ASR920, and recommend it as a replacement to the
 ME3600, why would they reduce the buffer on the ASR920(And significantly
 so)?

 I really want to get my hands on one and test the buffers out...see if
 there are drops v's ME3600..

 Cheers for all the imput...it's been extremely valuable.



 ___
 cisco-nsp mailing list  cisco-nsp@puck.nether.net
 https://puck.nether.net/mailman/listinfo/cisco-nsp
 archive at http://puck.nether.net/pipermail/cisco-nsp/




-- 
*Med Vänliga Hälsningar / Best Regards*
*Mattias Gyllenvarg*
___
cisco-nsp mailing list  cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/

Re: [c-nsp] ASR902 vs ME3800X

[Mattias Gyllenvarg]

Except for the T1/E1 cards the IM model will get you into realm of the
oversubscribed, so for us it is a no go.

+1 Mark Ts hornyness for clean MPLS 10Ge Metro-E rings.

On Tue, Mar 24, 2015 at 11:05 AM, Adam Vitkovsky adam.vitkov...@gamma.co.uk
 wrote:

 It would be great if Waris could chime in to shed some light on what are
 the plans with ME platform.

 Have you folks quoted the low density models or the high density models
 (ASR-920-24SZ-M/ASR-920-24SZ-IM) please?
 As I can see how the low density models can be dirty cheap as they remind
 me of the ASR901.

 So the ASR-920-24SZ-M 1RU fixed unit has 24GE and 4x10GE.
 And the ASR-920-24SZ-IM 1.5RU modular unit has the expansion slot where
 one can put single xfp card or 2 port xfp/sfp+ card or T1/E1 card.
 But since the switching capacity of the box is 64Gbps I don't see how the
 expansion slot would bring me any benefit.

 Looks like a nice replacement for ME3600X-CX -i.e. reduction to 1RU + 16
 more GE ports.
 Let's just hope folks got the HW programing right this time around.


 adam
  -Original Message-
  From: cisco-nsp [mailto:cisco-nsp-boun...@puck.nether.net] On Behalf Of
  CiscoNSP List
  Sent: 24 March 2015 03:54
  To: mark.ti...@seacom.mu; cisco-nsp@puck.nether.net
  Subject: Re: [c-nsp] ASR902 vs ME3800X
 
  Ok - This really sparked my interest, as I have some POP's I need to get
 some
  ME's forspoke to our Cisco AM, got pricing(No haggling yet) on 3
 options
 
  ME3600
  ME3800
  ASR920
 
  ME3600+3800 came back nearly identical pricing...actually ME3800 was
  cheaper! (With 10Gb ports enabled on ME3600)...so I would go ME3800
  every day of the week based of thisbut, the ASR920 was 1/4 of the
 price of
  the ME's, and Cisco even recommended I go with them vs the ME's??
 
  Im really not following what Cisco are doing here?  Are they not wanting
 to
  sell ME's anymore?
 
  Based on what I have received so far, it will be ASR920 purchases for
  certainassuming of course, feature parity, stability etc is the same
 as the
  ME3600's we have.
 
  Would really like other people thoughts on the ASR920, and why Cisco are
  now anti-ME (Well they certainly arent making them an attractive option
  v's the ASR920) ??
 
  Cheers.
 
  Subject: Re: [c-nsp] ASR902 vs ME3800X
  To: cisconsp_l...@hotmail.com; cisco-nsp@puck.nether.net
  From: mark.ti...@seacom.mu
  Date: Tue, 24 Mar 2015 00:11:55 +0200
 
 
 
 
 
 
 
 
 
 
  On 23/Mar/15 23:59, CiscoNSP List
wrote:
 
 
 
 
 
 
 
 
 
 
 
 
  Thanks Mark - but Im still confused by this...why would
Cisco release an upgrade to the ME3600/ME3800 that is far
cheaper? Devils always in the detail, so what is the ASR920
missing vs the ME3800?
 
 
 
 
 
 
  I'm going to get a few to test, but from what I can initially see,
  nothing besides software parity.
 
 
 
  Others who have deployed ASR920's can provide their feedback.
 
 
 
  Mark.
 
  ___
  cisco-nsp mailing list  cisco-nsp@puck.nether.net
  https://puck.nether.net/mailman/listinfo/cisco-nsp
  archive at http://puck.nether.net/pipermail/cisco-nsp/

 ---
  This email has been scanned for email related threats and delivered
 safely by Mimecast.
  For more information please visit http://www.mimecast.com

 ---

 ___
 cisco-nsp mailing list  cisco-nsp@puck.nether.net
 https://puck.nether.net/mailman/listinfo/cisco-nsp
 archive at http://puck.nether.net/pipermail/cisco-nsp/




-- 
*Med Vänliga Hälsningar / Best Regards*
*Mattias Gyllenvarg*
___
cisco-nsp mailing list  cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/

Re: [c-nsp] ASR902 vs ME3800X

[Mattias Gyllenvarg]

What are we hoping for / expecting from Cisco here?

I would like to see an ASR920 with extendend bufferspace to replace the
ME3600X. Mostly because the formfactor is superior.

Also, I am missing an 8xTe version of the ASR900.

Generally, I am pretty happy about the ASR900 line so far. It lacks
software maturity, but that is in the nature of new things.

On Tue, Mar 24, 2015 at 9:50 AM, Mark Tinka mark.ti...@seacom.mu wrote:



 On 24/Mar/15 10:37, Mattias Gyllenvarg wrote:

 I have no machine in production yet so this is speculation.
 But the ASR920 has less bufferspace then the ME3600x, this may be handled
 by design if you utilize the extra Te interfaces in a clever way. Thought
 it makes it hard to make a case for the ASR920 to replace the ME3800x,
 Unless cisco invents a license for more bufferspace.
 I think that the ME3800X will be sneaking into the ASR9000 realm.


 The ASR920 only replaces the ME3600X, as they are of reasonably similar
 scale.

 The ME3800X still scales better than the ASR920, so it's not being
 replaced by this unit for the time being.

 Mark.




-- 
*Med Vänliga Hälsningar / Best Regards*
*Mattias Gyllenvarg*
___
cisco-nsp mailing list  cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/

Re: [c-nsp] ASR902 vs ME3800X

[Mattias Gyllenvarg]

I have no machine in production yet so this is speculation.
But the ASR920 has less bufferspace then the ME3600x, this may be handled
by design if you utilize the extra Te interfaces in a clever way. Thought
it makes it hard to make a case for the ASR920 to replace the ME3800x,
Unless cisco invents a license for more bufferspace.
I think that the ME3800X will be sneaking into the ASR9000 realm.



On Tue, Mar 24, 2015 at 9:23 AM, Mark Tinka mark.ti...@seacom.mu wrote:



 On 24/Mar/15 10:01, Gert Doering wrote:

 Well, I can only guess, but I wouldn't be surprised if actually *making*
 the MEs is way more expensive (due to 3rd party chipsets being used) than
 the ASR920s (Cisco's own new and shiny ASIC)...


 I could be mis-remembering, but I think the ME3600X/3800X ASIC is an
 in-house unit (Nile, if memory serves).

 It was the ME2600X which was based on a Broadcom chipset. Suffice it to
 say, that box was promptly discontinued and replaced with the ASR920.


 Mark.
 ___
 cisco-nsp mailing list  cisco-nsp@puck.nether.net
 https://puck.nether.net/mailman/listinfo/cisco-nsp
 archive at http://puck.nether.net/pipermail/cisco-nsp/




-- 
*Med Vänliga Hälsningar / Best Regards*
*Mattias Gyllenvarg*
___
cisco-nsp mailing list  cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/

Re: [c-nsp] ASR902 vs ME3800X

[Mattias Gyllenvarg]

I have from my AMs CCIE that the chassie has a 12Mb shared buffer.

I am also pleased with the pricing, at least for MPLS purposes. Less
pleased with the SEK-USD exchange rate...

On Tue, Mar 24, 2015 at 7:01 PM, CiscoNSP List cisconsp_l...@hotmail.com
wrote:


 
  I got this link back from the folks who quoted the asr920 for me. Looks
  like Gert was correct - the pay as you grow model is in full effect.
  I was expecting to have to turn on 10ge ports, but I'm surprised that in
  many cases you have to grow into your 1ge ports as well.
 
 
 http://www.cisco.com/c/en/us/td/docs/routers/asr920/configuration/guide/csa/b_port_licensing_asr920.html
 
  Still, what we've been given for pricing, assuming the pay as you grow
  doesn't double the cost, is very attractive for customer facing edge
  gear.  The project scope hasn't been defined, and may never be, but
  assuming we're just looking at l2/l3vpn and non-BGP DIA I'm going to
  give these serious consideration.
 
  Thanks for all of the info folks!
 


 Quote I got on the ASR-920-24SZ-M, upgrade license to go from 12 x 1Gb -
 24  x 1Gb was negligible (i.e ~15%)...again, no haggling.

 Someone also mentioned that the ASR920 had smaller buffers than the
 ME3600anyone got the actual numbers(Or links...Ive googled(Ive also
 asked our AM)), but can only find references stating deep buffers on the
 ASR920 
 http://www.cisco.com/c/en/us/products/collateral/routers/asr-920-series-aggregation-services-router/datasheet-c78-732079.html

 Cheers


 ___
 cisco-nsp mailing list  cisco-nsp@puck.nether.net
 https://puck.nether.net/mailman/listinfo/cisco-nsp
 archive at http://puck.nether.net/pipermail/cisco-nsp/




-- 
*Med Vänliga Hälsningar / Best Regards*
*Mattias Gyllenvarg*
___
cisco-nsp mailing list  cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/

Re: [c-nsp] ASR vs 6807

[Mattias Gyllenvarg]

Disregarding price, the only real issue with the ASR9k platform is the
software upgrade procedure. *shudder*

On Thu, Nov 27, 2014 at 1:37 PM, R LAS dim0...@hotmail.com wrote:

 DCs are 40 km away...

 QFX5100 is the competitor, but on the DC-LAN, not on the DCI

  Subject: Re: [c-nsp] ASR vs 6807
  From: and...@2sheds.de
  Date: Thu, 27 Nov 2014 22:39:03 +1100
  CC: si...@slimey.org; cisco-nsp@puck.nether.net
  To: dim0...@hotmail.com
 
  The 6800 is a l3 switch. The ASR9k is a full blown router.
 
  If you need to connect to non Ethernet circuits you will need a router.
 If you want real qos you will need a router.
 
  How far are the DCs apart?
 
  Inter dc l2 is never a great idea if it can be avoided.
 
  You may also want to look at the qfx51000
 
  Sent from a mobile device
 
   On 27 Nov 2014, at 22:05, R LAS dim0...@hotmail.com wrote:
  
   Hi Simon
   can you detail more ASR9k can be more flexible on EoMPLS (VPLS) than
 6807 ?
  
   Regards
  
   Date: Thu, 27 Nov 2014 10:26:55 +
   From: si...@slimey.org
   To: dim0...@hotmail.com
   CC: cisco-nsp@puck.nether.net
   Subject: Re: [c-nsp] ASR vs 6807
  
   On Thu Nov 27, 2014 at 10:18:41AM +, R LAS wrote:
   Discussing a new architecture of DCI (Data Center Interconnection),
 Cisco
   raccomends both ASR9k and 6807.  The architecture requested by the
 customer
   forecast MPLS/VPLS supported by DCI.
  
   From pricing point of view there is a quite big difference (win
 6807), from
   feature point of view Cisco says the difference is only the number
 of
   mac-addresses supported and the sw modularity.
  
   Can anybody help in digging more the technical difference ?
  
   I'm going through much the same at the moment, and settling on 6807,
 largely
   from a price perspective.
  
   ASR9k is (today) a more capable box for routing - particularly if you
 want
   higher bandwidths. ASR9k has 100G ports today. 6807 only has 40G.
 ASR9k can
   be more flexible on EoMPLS (VPLS) than 6807.
  
   6807 has a lot of potential (880G per slot), but it's not supported
 by either
   Supervisors or Linecards that are available today (current limit is
 80G/slot).
  
   Simon
  
   ___
   cisco-nsp mailing list  cisco-nsp@puck.nether.net
   https://puck.nether.net/mailman/listinfo/cisco-nsp
   archive at http://puck.nether.net/pipermail/cisco-nsp/

 ___
 cisco-nsp mailing list  cisco-nsp@puck.nether.net
 https://puck.nether.net/mailman/listinfo/cisco-nsp
 archive at http://puck.nether.net/pipermail/cisco-nsp/




-- 
*Med Vänliga Hälsningar / Best Regards*
*Mattias Gyllenvarg*
___
cisco-nsp mailing list  cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/

[c-nsp] Experience on ASR9k XR 5.1.2

[Mattias Gyllenvarg]

Dear List

I would love to hear some feed back on the 5.1.2 Train of IOS XR.

This was preloaded in a few boxes (9010) and I am looking for the most
stable train without downgrading (fingers crossed).

Will be running:
MP-BGP
VRF
OSPF

-- 
*Med Vänliga Hälsningar / Best Regards*
*Mattias Gyllenvarg*
___
cisco-nsp mailing list  cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/

Re: [c-nsp] Experience on ASR9k XR 5.1.2

[Mattias Gyllenvarg]

Thanks for all your input!

Machines came with 5.1.2.
As I am not in production with these machines I can, if it is better,
turbo boot to 4.3.4.

Is this the wisest path?

//Mattias


On Thu, Aug 21, 2014 at 4:15 PM, Aleksandr Gurbo gu...@golas.ru wrote:

 Hello list,

 I had negative experience with 5.1.2 especially in cluster configuration.
 Release 5.1.1 is awful. I had so many bugs on it. Nick, do you have
 problems on 5.1.1 with telnet access to ip address which is on Loopback
 interface in vpnv4 table?
 Also I had problems with MPLS, where remote PE routers have two links to P
 routers.
 All of this should be fixed in 5.1.3. They promised :) I wait 5.1.3
 release.


 On Thu, 21 Aug 2014 11:24:19 +0100
 Nick Hilliard n...@foobar.org wrote:

  On 21/08/2014 10:43, Mattias Gyllenvarg wrote:
   I would love to hear some feed back on the 5.1.2 Train of IOS XR.
  
   This was preloaded in a few boxes (9010) and I am looking for the most
   stable train without downgrading (fingers crossed).
 
  Hi Mattias,
 
  I've had no problems so far on a relatively small deployment of 5.1.1
 with
  mp-bgp / isis / mpls-pw / l3vpn / v4/v6.  Has worked without incident.
 
  Nick
 
 
  ___
  cisco-nsp mailing list  cisco-nsp@puck.nether.net
  https://puck.nether.net/mailman/listinfo/cisco-nsp
  archive at http://puck.nether.net/pipermail/cisco-nsp/


 --
 Aleksandr Gurbo




-- 
*Med Vänliga Hälsningar / Best Regards*
*Mattias Gyllenvarg*
___
cisco-nsp mailing list  cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/

Re: [c-nsp] Cisco ME3x00 Egress Policie - Denied by Cisco/IOS!

[Mattias Gyllenvarg]

It no just that 11 x 10  100 ?

Perhaps you could show us the conf?

//Mattias


On Mon, May 12, 2014 at 3:10 PM, James Bensley jwbens...@gmail.com wrote:

 Hi All,

 Has anyone encountered this issue on the ME3600/ME3800s;

 Cisco 2960 - Layer 2 device terminating Layer 2 connections
 |
 | Layer 2 Trunk on 100Mbps port
 |
 Cisco ME3800 - Various layer 2 connections trunked up in VLANs for
 termination on ME3800

 We are trying to apply some policers on the ME3800 for multiple 10Mbps
 circuits being delivered on the 2960 because some of them are on
 faster bearers. The problem is that when you try to apply a policy on
 the ME3x00 series and you add in an 11th policer for 10Mbps it throws
 up an error saying the port is oversubscribed and the config isn't
 allowed. You can't police 11+ VLANs for example to 10Mbps on a 100Mbps
 port.

 These devices are meant to go near/on the access layer where
 oversubscription lives :)

 Has anyone encountered this and has anyone overcome it?

 We have a TAC case open, they are almost definately going to say
 that's what is supposed to happen.

 Cheers,
 James.
 ___
 cisco-nsp mailing list  cisco-nsp@puck.nether.net
 https://puck.nether.net/mailman/listinfo/cisco-nsp
 archive at http://puck.nether.net/pipermail/cisco-nsp/




-- 
*Med Vänliga Hälsningar / Best Regards*
*Mattias Gyllenvarg*
___
cisco-nsp mailing list  cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/

Re: [c-nsp] EVC/EFP - Longest match VLAN stack length

[Mattias Gyllenvarg]

Hi

I have not verified but the more specific one should be before the general
rule.
So you should switch them around.

interface TenGigabitEthernet0/1
 service instance 10 ethernet
  encapsulation dot1q 10 second-dot1q 555
  rewrite ingress tag pop 1 symmetric
  bridge-domain 10555

 service instance 20 ethernet
  encapsulation dot1q 10 second-dot1q any
  rewrite ingress tag pop 1 symmetric
  bridge-domain 1

 service instance 30 ethernet
  encapsulation dot1q 10
  rewrite ingress tag pop 1 symmetric
  bridge-domain 10

In this case, though not tested, a packet tagged 10+555 would be sent too
bd10555 and 10+any to bd1 and then 10+non to bd10.

//Mattias Gyllenvarg
Obduro Network AB



On Wed, Dec 11, 2013 at 3:51 PM, Arash Alizadeh aras...@hotmail.se wrote:

 Hi,

 I wonder if anyone knows if you in two seperate EFP's could match the same
 outermost tag where one matches a single-tagged frame and the other one
 matches it when it's stacked .

 I.e:

 interface TenGigabitEthernet0/1
  service instance 1 ethernet
   encapsulation dot1q 10
   rewrite ingress tag pop 1 symmetric
   bridge-domain 10
  !
  service instance 2 ethernet
   encapsulation dot1q 10 second-dot1q any
   rewrite ingress tag pop 1 symmetric
   bridge-domain 20
 !

 Unfortunately I'm not able to try this myself and I havn't found anything
 on the web covering this scenario.

 Thanks in advance.

 Arash

 ___
 cisco-nsp mailing list  cisco-nsp@puck.nether.net
 https://puck.nether.net/mailman/listinfo/cisco-nsp
 archive at http://puck.nether.net/pipermail/cisco-nsp/




-- 
*Med Vänliga Hälsningar*
*Mattias Gyllenvarg*
___
cisco-nsp mailing list  cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/

Re: [c-nsp] Simultaneous drops - 2 upstream providers

[Mattias Gyllenvarg]

A and B uses A or Bs infrastructure at eighter end of the link? Or a common
third party somewhere in the signal path.
Den 20 aug 2013 05:23 skrev CiscoNSP List cisconsp_l...@hotmail.com:

 Thanks Blake -

 Both links (that drop) are doing minimal traffic (One is only a backup
 link, so isnt used) - the link that is not affected is doing
 ~100-150Mb/sec, Carrier A link is doing 5-10Mb/sec and Carrier B virtually
 zero(As it's a backup link as mentioned)seeing minimal output drops on
 each port

 All links are Gb (physical), and carrier rate limits (Carrier A 50M,
 Carrier B 200M and carrier C 1Gb)



 From: iki...@gmail.com
 Date: Mon, 19 Aug 2013 21:51:10 -0500
 Subject: Re: [c-nsp] Simultaneous drops - 2 upstream providers
 To: cisconsp_l...@hotmail.com
 CC: cisco-nsp@puck.nether.net

 You don't give too much information here, so its hard to speculate.

 My guess as to the first thing to check would be out of buffer drops on
 the 37x, but like I said above, it's only really a wild guess, since you
 don't specify port layout or link speeds. You can verify by looking at the
 ASIC stats, as the interface stats can be unreliable for that type of drop.



 -Blake


 On Mon, Aug 19, 2013 at 9:11 PM, CiscoNSP List cisconsp_l...@hotmail.com
 wrote:


 Hi - bit of a strange one - We have 3 interpop links (3 different
 carriers) terminating on a 3750X+ASR at one of our POPs, and are seeing
 intermittent drops on 2 of the links(And ospf loses adjancency) at the same
 time



 Carrier A - POPA - POPB - We see drops/ospf adjancency issues once/twice
 a dayCarrier B - POPA - POPC - We see drops/ospf adjancency issues
 once/twice a dayCarrier C - POPA - POPB - No issues at all

 All links terminate on the same 3750, and then are trunked to an ASR1006
 for L3 - There are no errors/physical link issues on the 3750, and both
 carriers also do not see any errors/link drops.

 It would be improbable that both carriers have issues on there networks at
 precisely the same time, so it is either our switch(3750), or something
 weird happening with the x-connects that doesnt cause the links to drop,
 doesnt cause any errors etc, but causes ospf to lose adjacency (but only
 for 2 providers, not the third?)



 Any suggestions/assistance is greatly appreciated



 ___

 cisco-nsp mailing list  cisco-nsp@puck.nether.net

 https://puck.nether.net/mailman/listinfo/cisco-nsp

 archive at http://puck.nether.net/pipermail/cisco-nsp/



 ___
 cisco-nsp mailing list  cisco-nsp@puck.nether.net
 https://puck.nether.net/mailman/listinfo/cisco-nsp
 archive at http://puck.nether.net/pipermail/cisco-nsp/

___
cisco-nsp mailing list  cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/

Re: [c-nsp] Temporarily disable all forwarding on ASR9K

[Mattias Gyllenvarg]

This whole protecting/verifying redundant customer functionality is a
difficult problem.

I have found it difficult to implement mechanisms that detect all possible
faults on the main connection without making things very complicated.
Mostly for remote areas where there is only one local POP that in itself is
not redundant.

The worst gotcha I have found is that you test the redundancy (real event
or simulated) and you get management and smnp etc etc. But the customer is
still down because of some error in forwarding. Like default pointing
toward primary link that is broken behind next-hop.

So, I just want to say that you should verify traffic patterns on the
customer port(s) when testing this.

Regrading disabling forwarding, why not shutdown links from the adjacent
devices. Recovery time would be linkstate+igp+bgp sync. Not too slow on
ASR9k right?

//Mattias Gyllenvarg




On Thu, Aug 15, 2013 at 4:55 AM, John Neiberger jneiber...@gmail.comwrote:

 In my case, the best result would be to simulate taking the entire device
 offline, but I don't know if that's possible to reverse quickly. Taking the
 interfaces down would be great. Really, the simplest thing to do is just
 spend a minute to create a SMOP that shuts down the interfaces and be done
 with it. I'm just curious if there are other interesting ways to accomplish
 something similar. I wonder if there are some processes that can be killed
 to take the router offline and then restarted to bring it back online. Even
 if that were possible, I'm sure it would be a fairly bad idea. lol

 Another thought was to shutdown the linecards but leave them powered up. I
 haven't tried it but I wondered if maybe bringing them back up from a
 shutdown state would be faster than doing it from a fully powered down
 state. If so, that might be another option. Not even close to as fast as
 just shutting them down and rolling back, if necessary. That's going to be
 tough to beat.


 On Wed, Aug 14, 2013 at 7:43 PM, Pete Lumbis alum...@gmail.com wrote:

  This raises a good point.
 
  Is the goal to simulate a black-hole that could be seen with an incorrect
  adjacency, where control plane is healthy but data plane is broken, or is
  the goal to simulate taking this device offline?
 
  Do we care about carrier on the interfaces?
 
 
  On Wed, Aug 14, 2013 at 6:19 PM, arulgobinath emmanuel 
 arulg...@gmail.com
   wrote:
 
  null0 doesn't cause the NHRP to trigger IMHO  this will be a disaster  .
  shut / no shut is the easiest but it doesn't simulate the whole part.
  real test comes when the modules crash when reloading specially after
  couple of years... :)
  what if we copy a empty config ??? and rollback the config ? i didn't
  test this anyway .
 
 
  On Wed, Aug 14, 2013 at 10:13 PM, Pete Lumbis alum...@gmail.com
 wrote:
 
  Copy/paste a bunch of null0 routes?
 
  deny any acls on interfaces?
 
 
  On Wed, Aug 14, 2013 at 10:54 AM, John Neiberger jneiber...@gmail.com
  wrote:
 
   We need to upgrade some ASR9Ks that have a lot of connected devices
  with
   complex interrelationships and we have to do a lot of work to make
  sure all
   the correct redundancy is in place prior to the upgrade. Since the
  router
   takes so long to reload, I'd like to find a way to essentially
  simulate the
   loss of forwarding for a minute or so to verify that our redundancy
   preparations were thorough, but I need to be able to back out of it
   quickly. I thought about shutting down the linecards but that's
 still a
   fairly long restart. I'm hoping to find some method much faster than
  that.
  
   The simplest and most straightforward way is to shut down all the
   interfaces manually and then rollback if necessary. We can take it
 out
  of
   routing by setting the overload bit in ISIS, but that still leaves
  routing
   and forwarding in place for locally connected interfaces, which is
  what we
   want to stop. We were tossing around some ideas and wondered,
 probably
  just
   academically, if there were a way to completely stop forwarding
   temporarily.
  
   Is there a way to disable forwarding through an ASR9K that is easily
  and
   quickly reversible? We'll probably do the interface shutdown method
  since
   it's so simple, but now I'm curious what other options might be
  available.
   ___
   cisco-nsp mailing list  cisco-nsp@puck.nether.net
   https://puck.nether.net/mailman/listinfo/cisco-nsp
   archive at http://puck.nether.net/pipermail/cisco-nsp/
  
  ___
  cisco-nsp mailing list  cisco-nsp@puck.nether.net
  https://puck.nether.net/mailman/listinfo/cisco-nsp
  archive at http://puck.nether.net/pipermail/cisco-nsp/
 
 
 
 
 ___
 cisco-nsp mailing list  cisco-nsp@puck.nether.net
 https://puck.nether.net/mailman/listinfo/cisco-nsp
 archive at http://puck.nether.net/pipermail/cisco-nsp/




-- 
*Med Vänliga Hälsningar*
*Mattias

Re: [c-nsp] why are packets not following the more specific route - xr 4.1.2 (asr9k)

[Mattias Gyllenvarg]

It can't and it won't.

This is a nice gotcha for MPLS, we where pulling our hair for a while until
we got it in our heads that MPLS packets are not processed at every L3-hop.


On Thu, Aug 15, 2013 at 8:16 PM, Aaron dudep...@gmail.com wrote:

 No label to the blackhole?
 If LER1 isn't getting the routes how is it going to build the LSP to the
 blackhole?


 On Thu, Aug 15, 2013 at 2:05 PM, Aaron aar...@gvtc.com wrote:

  Yes mpls core.
 
  Traceroute on pc- LER1 mpls core-LER2- internet
  |
  Blackhole
 
  Yes LER1 doesn't not have those /32 blackhole routes it does have the
  def rt towards internet via LER2.
 
  Aaron
 
 
  -Original Message-
  From: LavoJM [mailto:lav...@secureobscure.com]
  Sent: Thursday, August 15, 2013 12:41 PM
  To: 'Aaron'
  Subject: RE: [c-nsp] why are packets not following the more specific
 route
  -
  xr 4.1.2 (asr9k)
 
  Are you running MPLS in the core, and the first LER does not have a FEC
 for
  the /32, but it does have one for default/other-internet routes?
 
  3
 
 
  -Original Message-
  From: cisco-nsp [mailto:cisco-nsp-boun...@puck.nether.net] On Behalf Of
  Aaron
  Sent: Thursday, August 15, 2013 11:57 AM
  To: cisco-nsp@puck.nether.net
  Subject: Re: [c-nsp] why are packets not following the more specific
 route
  -
  xr 4.1.2 (asr9k)
 
  (x.x.x.x is one of the /32 blackhole routes)
 
  Oh and when I do this on that boundary 9k traceroute x.x.x.x vrf xyz
  source
  y.y.y.y it appears to NOT follow the default route out to the internet
 and
  it seems that it does follow the more specific blackhole route.  why
 would
  mpls l3vpn located computers deeper into my internal network NOT follow
  this
  more specific route as the packets flow across the forwarding plane of
 this
  boundary 9k ??
 
  Aaron
 
  -Original Message-
  From: cisco-nsp [mailto:cisco-nsp-boun...@puck.nether.net] On Behalf Of
  Aaron
  Sent: Thursday, August 15, 2013 11:49 AM
  To: cisco-nsp@puck.nether.net
  Subject: [c-nsp] why are packets not following the more specific route -
 xr
  4.1.2 (asr9k)
 
  I have a blackhole security device injecting routes into my internet
  boundary asr9k.. I see that the bgp prefixes are rcv'd on my 9k and the
 are
  installed in the per-vrf rib.  The next hop for those routes are via a
  directly connected interface towards the blackhole.. But for some reason
 I
  continue to see on traceroutes from a computer that's deeper into my
  internal network via mpls l3vpn, that this computer's traceroutes flow
  right
  passed that 9k's more specific routes and follows the default route out
 to
  the internet.  Any idea why ?
 
 
 
  Aaron
 
  ___
  cisco-nsp mailing list  cisco-nsp@puck.nether.net
  https://puck.nether.net/mailman/listinfo/cisco-nsp
  archive at http://puck.nether.net/pipermail/cisco-nsp/
 
  ___
  cisco-nsp mailing list  cisco-nsp@puck.nether.net
  https://puck.nether.net/mailman/listinfo/cisco-nsp
  archive at http://puck.nether.net/pipermail/cisco-nsp/
 
  ___
  cisco-nsp mailing list  cisco-nsp@puck.nether.net
  https://puck.nether.net/mailman/listinfo/cisco-nsp
  archive at http://puck.nether.net/pipermail/cisco-nsp/
 
 ___
 cisco-nsp mailing list  cisco-nsp@puck.nether.net
 https://puck.nether.net/mailman/listinfo/cisco-nsp
 archive at http://puck.nether.net/pipermail/cisco-nsp/




-- 
*Med Vänliga Hälsningar*
*Mattias Gyllenvarg*
___
cisco-nsp mailing list  cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/

Re: [c-nsp] why are packets not following the more specific route - xr 4.1.2 (asr9k)

[Mattias Gyllenvarg]

I'm 100% on this but.

Are they destined for the remote end of the link they might not get
processed.
But if they are destined for the loopback of LER2 then they should.


On Thu, Aug 15, 2013 at 8:24 PM, Aaron aar...@gvtc.com wrote:

 If ler1 flows everything via 0/0 lsp towards ler2, doesn't ler2 pop all
 mpls
 tags prior to routing out towards internet via def rt ?. if so couldn't
 a more specific routing decision be made at that point towards blackhole
 /32
 routes ?



 Aaron



 p.s. Why was vanilla ip forwarding more straightforward and easier than
 this
 ? J





 From: Aaron [mailto:dudep...@gmail.com]
 Sent: Thursday, August 15, 2013 1:16 PM
 To: Aaron
 Cc: LavoJM; cisco-nsp
 Subject: Re: [c-nsp] why are packets not following the more specific route
 -
 xr 4.1.2 (asr9k)



 No label to the blackhole?

 If LER1 isn't getting the routes how is it going to build the LSP to the
 blackhole?



 On Thu, Aug 15, 2013 at 2:05 PM, Aaron aar...@gvtc.com wrote:

 Yes mpls core.

 Traceroute on pc- LER1 mpls core-LER2- internet
 |
 Blackhole

 Yes LER1 doesn't not have those /32 blackhole routes it does have the
 def rt towards internet via LER2.

 Aaron



 -Original Message-
 From: LavoJM [mailto:lav...@secureobscure.com]
 Sent: Thursday, August 15, 2013 12:41 PM
 To: 'Aaron'
 Subject: RE: [c-nsp] why are packets not following the more specific route
 -
 xr 4.1.2 (asr9k)

 Are you running MPLS in the core, and the first LER does not have a FEC for
 the /32, but it does have one for default/other-internet routes?


 3


 -Original Message-
 From: cisco-nsp [mailto:cisco-nsp-boun...@puck.nether.net] On Behalf Of
 Aaron

 Sent: Thursday, August 15, 2013 11:57 AM
 To: cisco-nsp@puck.nether.net
 Subject: Re: [c-nsp] why are packets not following the more specific route
 -
 xr 4.1.2 (asr9k)

 (x.x.x.x is one of the /32 blackhole routes)

 Oh and when I do this on that boundary 9k traceroute x.x.x.x vrf xyz
 source
 y.y.y.y it appears to NOT follow the default route out to the internet and
 it seems that it does follow the more specific blackhole route.  why would
 mpls l3vpn located computers deeper into my internal network NOT follow
 this
 more specific route as the packets flow across the forwarding plane of this
 boundary 9k ??

 Aaron

 -Original Message-
 From: cisco-nsp [mailto:cisco-nsp-boun...@puck.nether.net] On Behalf Of
 Aaron
 Sent: Thursday, August 15, 2013 11:49 AM
 To: cisco-nsp@puck.nether.net
 Subject: [c-nsp] why are packets not following the more specific route - xr
 4.1.2 (asr9k)

 I have a blackhole security device injecting routes into my internet
 boundary asr9k.. I see that the bgp prefixes are rcv'd on my 9k and the are
 installed in the per-vrf rib.  The next hop for those routes are via a
 directly connected interface towards the blackhole.. But for some reason I
 continue to see on traceroutes from a computer that's deeper into my
 internal network via mpls l3vpn, that this computer's traceroutes flow
 right
 passed that 9k's more specific routes and follows the default route out to
 the internet.  Any idea why ?



 Aaron

 ___
 cisco-nsp mailing list  cisco-nsp@puck.nether.net
 https://puck.nether.net/mailman/listinfo/cisco-nsp
 archive at http://puck.nether.net/pipermail/cisco-nsp/

 ___
 cisco-nsp mailing list  cisco-nsp@puck.nether.net
 https://puck.nether.net/mailman/listinfo/cisco-nsp
 archive at http://puck.nether.net/pipermail/cisco-nsp/

 ___
 cisco-nsp mailing list  cisco-nsp@puck.nether.net
 https://puck.nether.net/mailman/listinfo/cisco-nsp
 archive at http://puck.nether.net/pipermail/cisco-nsp/



 ___
 cisco-nsp mailing list  cisco-nsp@puck.nether.net
 https://puck.nether.net/mailman/listinfo/cisco-nsp
 archive at http://puck.nether.net/pipermail/cisco-nsp/




-- 
*Med Vänliga Hälsningar*
*Mattias Gyllenvarg*
___
cisco-nsp mailing list  cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/

Re: [c-nsp] why are packets not following the more specific route - xr 4.1.2 (asr9k)

[Mattias Gyllenvarg]

The internet routes are the relevant ones. Do they point too lo0 or remote
end?

 Im sure one of the knights of the round table (Gert, Oliver, Adam etc)
could answer about L3 processing at the end point.


On Thu, Aug 15, 2013 at 9:35 PM, Aaron aar...@gvtc.com wrote:

 The next hop of those bh routes is an ip address on the distant end of a
 layer 2 segment which is connected to that border asr9k

 ** **

 Aaron

 ** **

 *From:* Mattias Gyllenvarg [mailto:matt...@gyllenvarg.se]
 *Sent:* Thursday, August 15, 2013 2:27 PM
 *To:* Aaron
 *Cc:* Aaron; cisco-nsp; LavoJM

 *Subject:* Re: [c-nsp] why are packets not following the more specific
 route - xr 4.1.2 (asr9k)

 ** **

 I'm 100% on this but.

 ** **

 Are they destined for the remote end of the link they might not get
 processed.

 But if they are destined for the loopback of LER2 then they should.

 ** **

 On Thu, Aug 15, 2013 at 8:24 PM, Aaron aar...@gvtc.com wrote:

 If ler1 flows everything via 0/0 lsp towards ler2, doesn't ler2 pop all
 mpls
 tags prior to routing out towards internet via def rt ?. if so couldn't
 a more specific routing decision be made at that point towards blackhole
 /32
 routes ?



 Aaron



 p.s. Why was vanilla ip forwarding more straightforward and easier than
 this
 ? J





 From: Aaron [mailto:dudep...@gmail.com]
 Sent: Thursday, August 15, 2013 1:16 PM
 To: Aaron
 Cc: LavoJM; cisco-nsp

 Subject: Re: [c-nsp] why are packets not following the more specific route
 -
 xr 4.1.2 (asr9k)



 No label to the blackhole?

 If LER1 isn't getting the routes how is it going to build the LSP to the
 blackhole?



 On Thu, Aug 15, 2013 at 2:05 PM, Aaron aar...@gvtc.com wrote:

 Yes mpls core.

 Traceroute on pc- LER1 mpls core-LER2- internet
 |
 Blackhole

 Yes LER1 doesn't not have those /32 blackhole routes it does have the
 def rt towards internet via LER2.

 Aaron



 -Original Message-
 From: LavoJM [mailto:lav...@secureobscure.com]
 Sent: Thursday, August 15, 2013 12:41 PM
 To: 'Aaron'
 Subject: RE: [c-nsp] why are packets not following the more specific route
 -
 xr 4.1.2 (asr9k)

 Are you running MPLS in the core, and the first LER does not have a FEC for
 the /32, but it does have one for default/other-internet routes?


 3


 -Original Message-
 From: cisco-nsp [mailto:cisco-nsp-boun...@puck.nether.net] On Behalf Of
 Aaron

 Sent: Thursday, August 15, 2013 11:57 AM
 To: cisco-nsp@puck.nether.net
 Subject: Re: [c-nsp] why are packets not following the more specific route
 -
 xr 4.1.2 (asr9k)

 (x.x.x.x is one of the /32 blackhole routes)

 Oh and when I do this on that boundary 9k traceroute x.x.x.x vrf xyz
 source
 y.y.y.y it appears to NOT follow the default route out to the internet and
 it seems that it does follow the more specific blackhole route.  why would
 mpls l3vpn located computers deeper into my internal network NOT follow
 this
 more specific route as the packets flow across the forwarding plane of this
 boundary 9k ??

 Aaron

 -Original Message-
 From: cisco-nsp [mailto:cisco-nsp-boun...@puck.nether.net] On Behalf Of
 Aaron
 Sent: Thursday, August 15, 2013 11:49 AM
 To: cisco-nsp@puck.nether.net
 Subject: [c-nsp] why are packets not following the more specific route - xr
 4.1.2 (asr9k)

 I have a blackhole security device injecting routes into my internet
 boundary asr9k.. I see that the bgp prefixes are rcv'd on my 9k and the are
 installed in the per-vrf rib.  The next hop for those routes are via a
 directly connected interface towards the blackhole.. But for some reason I
 continue to see on traceroutes from a computer that's deeper into my
 internal network via mpls l3vpn, that this computer's traceroutes flow
 right
 passed that 9k's more specific routes and follows the default route out to
 the internet.  Any idea why ?



 Aaron

 ___
 cisco-nsp mailing list  cisco-nsp@puck.nether.net
 https://puck.nether.net/mailman/listinfo/cisco-nsp
 archive at http://puck.nether.net/pipermail/cisco-nsp/

 ___
 cisco-nsp mailing list  cisco-nsp@puck.nether.net
 https://puck.nether.net/mailman/listinfo/cisco-nsp
 archive at http://puck.nether.net/pipermail/cisco-nsp/

 ___
 cisco-nsp mailing list  cisco-nsp@puck.nether.net
 https://puck.nether.net/mailman/listinfo/cisco-nsp
 archive at http://puck.nether.net/pipermail/cisco-nsp/



 ___
 cisco-nsp mailing list  cisco-nsp@puck.nether.net
 https://puck.nether.net/mailman/listinfo/cisco-nsp
 archive at http://puck.nether.net/pipermail/cisco-nsp/



 

 ** **

 --
 *Med Vänliga Hälsningar*
 *Mattias Gyllenvarg*




-- 
*Med Vänliga Hälsningar*
*Mattias Gyllenvarg

Re: [c-nsp] why are packets not following the more specific route - xr 4.1.2 (asr9k)

[Mattias Gyllenvarg]

Yeah, then its the next hop of the 0/0 thats relevant.

How many routes do you have in ibgp then? Sounds like very few...


On Thu, Aug 15, 2013 at 10:25 PM, Aaron aar...@gvtc.com wrote:

 Internet routes?  I have only one…. Yours truly 0/0  ….I learn one route
 via ebgp from my upstream provider… 0/0

 ** **

 I learn 1,000+ other routes via ebgp (multiphop serveral hops away) from
 another neighbor….this is the blackhole appliance injecting bgp routes into
 my same internet border asr9k….all those bh routes have a next hop of a
 private ip subnet that this same asr9k is directly connected to…so those
 routes have next hop of the bh interface of the appliance….

 ** **

 Aaron

 ** **

 ** **

 *From:* Mattias Gyllenvarg [mailto:matt...@gyllenvarg.se]
 *Sent:* Thursday, August 15, 2013 3:02 PM

 *To:* Aaron
 *Cc:* Aaron; cisco-nsp; LavoJM
 *Subject:* Re: [c-nsp] why are packets not following the more specific
 route - xr 4.1.2 (asr9k)

 ** **

 The internet routes are the relevant ones. Do they point too lo0 or remote
 end?

 ** **

  Im sure one of the knights of the round table (Gert, Oliver, Adam etc)
 could answer about L3 processing at the end point.

 ** **

 On Thu, Aug 15, 2013 at 9:35 PM, Aaron aar...@gvtc.com wrote:

 The next hop of those bh routes is an ip address on the distant end of a
 layer 2 segment which is connected to that border asr9k

  

 Aaron

  

 *From:* Mattias Gyllenvarg [mailto:matt...@gyllenvarg.se]
 *Sent:* Thursday, August 15, 2013 2:27 PM
 *To:* Aaron
 *Cc:* Aaron; cisco-nsp; LavoJM


 *Subject:* Re: [c-nsp] why are packets not following the more specific
 route - xr 4.1.2 (asr9k)

  

 I'm 100% on this but.

  

 Are they destined for the remote end of the link they might not get
 processed.

 But if they are destined for the loopback of LER2 then they should.

  

 On Thu, Aug 15, 2013 at 8:24 PM, Aaron aar...@gvtc.com wrote:

 If ler1 flows everything via 0/0 lsp towards ler2, doesn't ler2 pop all
 mpls
 tags prior to routing out towards internet via def rt ?. if so couldn't
 a more specific routing decision be made at that point towards blackhole
 /32
 routes ?



 Aaron



 p.s. Why was vanilla ip forwarding more straightforward and easier than
 this
 ? J





 From: Aaron [mailto:dudep...@gmail.com]
 Sent: Thursday, August 15, 2013 1:16 PM
 To: Aaron
 Cc: LavoJM; cisco-nsp

 Subject: Re: [c-nsp] why are packets not following the more specific route
 -
 xr 4.1.2 (asr9k)



 No label to the blackhole?

 If LER1 isn't getting the routes how is it going to build the LSP to the
 blackhole?



 On Thu, Aug 15, 2013 at 2:05 PM, Aaron aar...@gvtc.com wrote:

 Yes mpls core.

 Traceroute on pc- LER1 mpls core-LER2- internet
 |
 Blackhole

 Yes LER1 doesn't not have those /32 blackhole routes it does have the
 def rt towards internet via LER2.

 Aaron



 -Original Message-
 From: LavoJM [mailto:lav...@secureobscure.com]
 Sent: Thursday, August 15, 2013 12:41 PM
 To: 'Aaron'
 Subject: RE: [c-nsp] why are packets not following the more specific route
 -
 xr 4.1.2 (asr9k)

 Are you running MPLS in the core, and the first LER does not have a FEC for
 the /32, but it does have one for default/other-internet routes?


 3


 -Original Message-
 From: cisco-nsp [mailto:cisco-nsp-boun...@puck.nether.net] On Behalf Of
 Aaron

 Sent: Thursday, August 15, 2013 11:57 AM
 To: cisco-nsp@puck.nether.net
 Subject: Re: [c-nsp] why are packets not following the more specific route
 -
 xr 4.1.2 (asr9k)

 (x.x.x.x is one of the /32 blackhole routes)

 Oh and when I do this on that boundary 9k traceroute x.x.x.x vrf xyz
 source
 y.y.y.y it appears to NOT follow the default route out to the internet and
 it seems that it does follow the more specific blackhole route.  why would
 mpls l3vpn located computers deeper into my internal network NOT follow
 this
 more specific route as the packets flow across the forwarding plane of this
 boundary 9k ??

 Aaron

 -Original Message-
 From: cisco-nsp [mailto:cisco-nsp-boun...@puck.nether.net] On Behalf Of
 Aaron
 Sent: Thursday, August 15, 2013 11:49 AM
 To: cisco-nsp@puck.nether.net
 Subject: [c-nsp] why are packets not following the more specific route - xr
 4.1.2 (asr9k)

 I have a blackhole security device injecting routes into my internet
 boundary asr9k.. I see that the bgp prefixes are rcv'd on my 9k and the are
 installed in the per-vrf rib.  The next hop for those routes are via a
 directly connected interface towards the blackhole.. But for some reason I
 continue to see on traceroutes from a computer that's deeper into my
 internal network via mpls l3vpn, that this computer's traceroutes flow
 right
 passed that 9k's more specific routes and follows the default route out to
 the internet.  Any idea why ?



 Aaron

Re: [c-nsp] ME3800X/ME3600X/ME3600X-24CX/ASR903/ASR901 Deployment Simplification Feedback

[Mattias Gyllenvarg]

Good point, SDM is just another gotcha. Allocate according to use and
complain in the log when your getting close to max.

ME3600x + ASR9k FTW! Just make more physical variants of the ME and lower
the price on ASR9k.


On Thu, Jul 25, 2013 at 12:56 PM, Leigh Harrison 
lharri...@convergencegroup.co.uk wrote:

 Hi there Waris,

 We've got quite a few of the ME3600's deployed now, which we migrated to
 over and above a legacy 3750ME estate.  The big point for us was to migrate
 to MPLS access rather than have any spanning tree knocking about in the
 Core.

 Favoured points from my team involves the ease of configuration and their
 raw speed.  Down sides are port capacity and buggy software.

 A denser system of 48 Gig ports and more 10Gb ports would assist greatly
 as we can fill up 24 1Gb ports quite quickly depending on which PoP the
 system has been built for.  We tend to ring the 3600's into ASR9K's and the
 more rings we buy, the more 9K 10Gb ports have to be taken up.  Additional
 10Gb ports would be of great benefit to increase the capacity of each ring
 we build, rather than build new rings.  Our provider connections are also
 moving from 1Gb up to 10Gb and I need to be able to cater for this towards
 the Access, rather than the Core.

 I would also like to see more horsepower in the systems.  We recently went
 to implement multicasting in VRF and ran into some odd challenges.   We
 have the 3600's set up for routing and are about to push 24,000 IPv4
 routes.   In our busier boxes we have around 9,000 routes, so I'm more than
 happy with the capacity there.  However, in order to turn on 250 MDT
 routes, we have to drop the IPv4 routes down to 12,000.  A sliding scale
 would be nice for memory allocation, but in the face of having 3600's move
 from 30% full to 60% full in the routing table to add in a new feature, we
 went for a redesign of how we delivered the multicasting.

 Leigh


  Hi Everyone,
  I have seen lot of good inputs on this mailer. I am collecting
  feedback for the existing deployment challenges on the following
  platforms so that we can address them.
 
  -ME3800X
  -ME3600X
  -ME3600X-24CX
  -ASR903
  -ASR901
  -ME3400E

 __
 This email has been scanned by the Symantec Email Security Cloud System,
 Managed and Supported by TekNet Solutions (http://www.teknet.co.uk)
 __

 ___
 cisco-nsp mailing list  cisco-nsp@puck.nether.net
 https://puck.nether.net/mailman/listinfo/cisco-nsp
 archive at http://puck.nether.net/pipermail/cisco-nsp/




-- 
*Med Vänliga Hälsningar*
*Mattias Gyllenvarg*
___
cisco-nsp mailing list  cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/

Re: [c-nsp] Do you have command auto reoptimize Traffic Engineering by the router?

[Mattias Gyllenvarg]

Though I have no actual experience

I asked the same question at cisco live. And yes, it is supposed to
reevaluate at certain intervals.

.

Best regards
Mattias Gyllenvarg
On Jul 22, 2013 12:15 PM, PlaWanSai RMUTT CPE IX pws_ad...@thaicpe.com
wrote:

 Hi all,

 Do you have command for auto reoptimize Traffic Engineering
 by the router? When option 10 down and then up it can reoptimize by itself
 to option 10.



 Thank you very much



 Mr. Nattawat Kaewmanee

 ___
 cisco-nsp mailing list  cisco-nsp@puck.nether.net
 https://puck.nether.net/mailman/listinfo/cisco-nsp
 archive at http://puck.nether.net/pipermail/cisco-nsp/

___
cisco-nsp mailing list  cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/

Re: [c-nsp] ME3800X/ME3600X/ME3600X-24CX/ASR903/ASR901 Deployment Simplification Feedback

[Mattias Gyllenvarg]

+1 and I add a me3600x chassie to the mix of wet dreams.
On 21 Jul 2013 08:01, Mark Tinka mark.ti...@seacom.mu wrote:

 On Tuesday, March 19, 2013 09:27:45 AM Waris Sagheer (waris)
 wrote:

  Hi Everyone,
  I have seen lot of good inputs on this mailer. I am
  collecting feedback for the existing deployment
  challenges on the following platforms so that we can
  address them.
 
  -ME3800X
  -ME3600X
  -ME3600X-24CX
  -ASR903
  -ASR901
  -ME3400E

 - I would like to see a variant of the ME3600X/3800X
   that provides for at least 4x 10Gbps SFP+ uplink
   ports.

 - I would like to see a variant of the ME3600X/3800X
   that provided for 48x Gig-E copper or fibre ports
   in a 1U chassis (I'll also take a 1.5U chassis if
   times are really hard). Yes, all at line rate :-).

 - I would like to see a solution that allows for PoP
   growth. We've had scenarios where the number of
   ME3600X/3800X chassis has grown to a level to
   justify looking at a chassis (ASR9000 or
   MX480/960), but the line card costs alone still
   make stacking yet another ME3600X/3800X a
   commercially better idea, but lousy for
   operations. What can the team do to allow
   operators to grow ports and scale on a per-PoP
   basis while simplifying operations and keeping
   port costs down? I've never been drawn to
   virtual/multi-chassis systems, but... :-).

 - I'm not very heavy on growing the FIB on the
   ME3600X/3800X systems, but any thought Cisco can
   put into this that doesn't make the cost of
   building the units outrageous would be much
   appreciated. This isn't critical for me; just a
   very nice-to-have.

 In addition to what Nick and the others have already
 mentioned, those are the things I'd like to see addressed,
 Waris.

 For me, one of the things that pleases me most about the
 ME3600X/3800X (apart from the fact that we can drop STP and
 extend IP/MPLS into the Access) is that QoS is normal,
 simple and behaves like a regular Cisco router. Additional
 work and simplification in this area (particularly coming as
 close to the flexibility of what software routers like the
 7200 can do) would be much appreciated. You have no idea how
 much it sucked running the 3750ME as a Metro-E IP/MPLS
 Access platform and trying to do simple or complex QoS
 strategies for customers and the core :-).

 Many thanks for reaching out to the community about this,
 Waris. It makes all the difference for us operators, and is
 more of what we would like to see from our preferred
 vendors.

 Cheers,

 Mark.

 ___
 cisco-nsp mailing list  cisco-nsp@puck.nether.net
 https://puck.nether.net/mailman/listinfo/cisco-nsp
 archive at http://puck.nether.net/pipermail/cisco-nsp/

___
cisco-nsp mailing list  cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/

Re: [c-nsp] vrf-lite routing

[Mattias Gyllenvarg]

You will still need a vlan for every vrf between the relevant machines with
vrf-lite. Only MPLS or tunnels solve that.

If it is internet traffic you dont need more then Layer2 separation, you
have that with a vlan/customer. So building VRFs will separate Layer3 and
the you have too short circuit manually. Makes no sense. If you dont
whant the customer routes in EIGRP then you should setup iBGP.

Mostly, you should be careful when building something that you cannot
troubleshoot for a friend. There is alot of gotchas in VRF and MPLS and
you may end up with less features and more work when provitioning then the
old network.




On Thu, Jul 18, 2013 at 3:02 AM, Dan Letkeman danletke...@gmail.com wrote:

 I think it makes more sense to do this based on the equipment they have.

 http://packetlife.net/blog/2009/apr/30/intro-vrf-lite/

 Get the performance of routing on the 3k switches but the segregation of
 VRF-lite if they want it.

 Dan.


 On Wed, Jul 17, 2013 at 7:45 PM, Dan Letkeman danletke...@gmail.com
 wrote:

  The current network is routed via EIGRP, but also has a lot of vlan's
  trunked everywhere...its an STP nightmare with various ISP's providing
  service via fiber, and a host of wireless bridges, that are any where
 from
  10-40 miles  My though was to use tunnel's and vrf-lite instead of
  trunking vlan's everywhere, but from what I am hearing, GRE tunnels are
 not
  going to perform.  I have this working in a test network and it's working
  well.  Other than I have not tried a performance test.
 
  They do want separation on some of the networks, but not all.  I have
 done
  this in the past with access lists and vlan's but its a pain.  Is there
 any
  other way to segregate the traffic on routed network?
 
  Ideally they should have a router at each location and not a switch.
 
  Dan.
 
 
  On Wed, Jul 17, 2013 at 1:28 AM, Mattias Gyllenvarg 
 matt...@gyllenvarg.se
   wrote:
 
  Hi Dan
 
  Sounds like your getting of on the wrong foot.
 
  The 3560 can't do much more then routing and switching. No GRE or MPLS
 so
  you are pretty much stuck with trunking.
 
  VRFs will only be helpfull with MPLS unless you want VRF-lite (thats VRF
  that is local to one machine only). Then you still need the trunks and
  vlans.
  You can setup the VRFs to talk fairly easily, but why have the
 separation
  if you want them to talk?
 
  Sound like you should just replace the old machine with the new one.
 
  If you should do anything then setup the 3k boxes for dynamic routing so
  that they simply route the traffic instead of switching it. Then you
 wont
  have to add vlans for every new internet customer. But shaping may be
  harder to do as you dont have the customers interface in your core.
 
  //Mattias
 
 
  On Wed, Jul 17, 2013 at 4:12 AM, Dan Letkeman danletke...@gmail.com
 wrote:
 
  Hello,
 
  Just wondering if anyone can direct me down the correct path.   I have
  been
  asked by a friend to help replace an ISR2851 with a new ASR1001.   The
  2851
  currently does some route-maps for different networks and a few
 customers
  as well as some shaping.  They want to use the ASR to peer with an ISP
  and
  I suggested to use tunnel's and VRF's instead of trunking vlan's
 through
  there network to the customers, like they are doing now.
 
  The network currently consists of mostly 3k switches and either fiber
 or
  wireless trunks to about 45 different locations.  The main goal is to
  provide internet to each of the 45 locations each having there own
 public
  ip/range.
 
  My thought was to create tunnels from the ASR to each of the locations
  (each have a 3560 switch) and then to create VRF's on each tunnel and
  assign a public IP to each VRF and then advertise those networks into
 the
  global BGP table.
 
  First time I have done anything like this...Any thoughts?
 
  Dan.
  ___
  cisco-nsp mailing list  cisco-nsp@puck.nether.net
  https://puck.nether.net/mailman/listinfo/cisco-nsp
  archive at http://puck.nether.net/pipermail/cisco-nsp/
 
 
 
 
  --
  *Med Vänliga Hälsningar*
  *Mattias Gyllenvarg*
 
 
 
 ___
 cisco-nsp mailing list  cisco-nsp@puck.nether.net
 https://puck.nether.net/mailman/listinfo/cisco-nsp
 archive at http://puck.nether.net/pipermail/cisco-nsp/




-- 
*Med Vänliga Hälsningar*
*Mattias Gyllenvarg*
___
cisco-nsp mailing list  cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/

Re: [c-nsp] vrf-lite routing

[Mattias Gyllenvarg]

Hi Dan

Sounds like your getting of on the wrong foot.

The 3560 can't do much more then routing and switching. No GRE or MPLS so
you are pretty much stuck with trunking.

VRFs will only be helpfull with MPLS unless you want VRF-lite (thats VRF
that is local to one machine only). Then you still need the trunks and
vlans.
You can setup the VRFs to talk fairly easily, but why have the separation
if you want them to talk?

Sound like you should just replace the old machine with the new one.

If you should do anything then setup the 3k boxes for dynamic routing so
that they simply route the traffic instead of switching it. Then you wont
have to add vlans for every new internet customer. But shaping may be
harder to do as you dont have the customers interface in your core.

//Mattias


On Wed, Jul 17, 2013 at 4:12 AM, Dan Letkeman danletke...@gmail.com wrote:

 Hello,

 Just wondering if anyone can direct me down the correct path.   I have been
 asked by a friend to help replace an ISR2851 with a new ASR1001.   The 2851
 currently does some route-maps for different networks and a few customers
 as well as some shaping.  They want to use the ASR to peer with an ISP and
 I suggested to use tunnel's and VRF's instead of trunking vlan's through
 there network to the customers, like they are doing now.

 The network currently consists of mostly 3k switches and either fiber or
 wireless trunks to about 45 different locations.  The main goal is to
 provide internet to each of the 45 locations each having there own public
 ip/range.

 My thought was to create tunnels from the ASR to each of the locations
 (each have a 3560 switch) and then to create VRF's on each tunnel and
 assign a public IP to each VRF and then advertise those networks into the
 global BGP table.

 First time I have done anything like this...Any thoughts?

 Dan.
 ___
 cisco-nsp mailing list  cisco-nsp@puck.nether.net
 https://puck.nether.net/mailman/listinfo/cisco-nsp
 archive at http://puck.nether.net/pipermail/cisco-nsp/




-- 
*Med Vänliga Hälsningar*
*Mattias Gyllenvarg*
___
cisco-nsp mailing list  cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/

Re: [c-nsp] Carrier Aggregation advice

[Mattias Gyllenvarg]

If you don't need full Bgp me3600x has all the bells and whistles.

If you do need a full table then you will need to go with something from
the asr range.

The only issues I have with the me3600x is the depth of the machine, only 2
sfp+ ports and the ios is not completely mature yet. Though that may have
got a lot better in the past half year.

Best regards
Mattias Gyllenvarg
On Jul 17, 2013 3:55 PM, Chris Gibbs chris.gi...@gosford.nsw.gov.au
wrote:

 Gday all,

 I'm currently investigating terminating a NNI from NBN Co and aggregating
 services before dumping into our core. Consider it a green-field ISP build
 :) Really go wild!

 So would like the PE to support the following:


 * Migrating parts of our current WAN from licensed microwave to
 NBN Co, will likely be around 60 initial sites/'customers'. Ability to
 scale to 1000+ sites/'customers'.

 * Planning on CVC of 600Mbps initially for testing. Building with
 a NNI of 1 Gbps to suit, so need at least 1Gbps with SFP options. Prefer
 ability for 10Gbps with SFP+.

 * 10 port minimum.

 * 1 or 2 RU preferred.

 * Dot1ad, q-in-q, double tagged. Pick your buzz word preference.

 * Pop/Push ability for c/s tags.

 * MPLS, bgp, OSPF, SP QoS, multicast etc.

 * DHCP option 82.

 * LACP

 * Dual power. AC.

 * All the mgmt. niceties. SNMP, SSH, traps, etc

 Having a Cisco background I have been looking at the Cisco ME 3800X-24FS.
 All off spec so far and haven't played with one in lab environments.
 Haven't had a chat to our cisco account team yep either.

 My background is only Cisco IOS, happy to learn new tricks though.

 Would appreciate thoughts on the selection and should I be considering
 alternatives?

 Cheers,

 Chris


 The information contained in this email may be confidential.
 You should only disclose, re-transmit, copy, distribute,
 act in reliance on or commercialise the information if you
 are authorised to do so. Gosford City Council does not
 represent, warrant or guarantee that the communication is
 free of errors, virus or interference.

 Gosford City Council complies with the Privacy and
 Personal Information Protection Act (1998).
 See Council's Privacy Statement at
 http://www.gosford.nsw.gov.au/council/privacy.html
 ___
 cisco-nsp mailing list  cisco-nsp@puck.nether.net
 https://puck.nether.net/mailman/listinfo/cisco-nsp
 archive at http://puck.nether.net/pipermail/cisco-nsp/

___
cisco-nsp mailing list  cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/

Re: [c-nsp] Carrier Aggregation advice

[Mattias Gyllenvarg]

Xe is the same syntax as ios classic. Just modular. Asr9000 uses xr and is
all new syntax.

Best regards
Mattias Gyllenvarg
On Jul 17, 2013 10:16 PM, Chris Gibbs chris.gi...@gosford.nsw.gov.au
wrote:

  Thanks Mattias.

  We have dual upstream providers so probably don't need full bgp to
 start, however it may be a requirement in the future to peer.

  Ill have to check out the ASR range, was a little uncomfortable with
 using IOS XE having had no experience but will have to overcome this issue.

 Kind regards,

  Chris Gibbs
 Network and security engineer
 02 4325 

 On 18/07/2013, at 4:54 AM, Mattias Gyllenvarg matt...@gyllenvarg.se
 wrote:

   If you don't need full Bgp me3600x has all the bells and whistles.

 If you do need a full table then you will need to go with something from
 the asr range.

 The only issues I have with the me3600x is the depth of the machine, only
 2 sfp+ ports and the ios is not completely mature yet. Though that may have
 got a lot better in the past half year.

 Best regards
 Mattias Gyllenvarg
 On Jul 17, 2013 3:55 PM, Chris Gibbs chris.gi...@gosford.nsw.gov.au
 wrote:

 Gday all,

 I'm currently investigating terminating a NNI from NBN Co and aggregating
 services before dumping into our core. Consider it a green-field ISP build
 :) Really go wild!

 So would like the PE to support the following:


 * Migrating parts of our current WAN from licensed microwave to
 NBN Co, will likely be around 60 initial sites/'customers'. Ability to
 scale to 1000+ sites/'customers'.

 * Planning on CVC of 600Mbps initially for testing. Building with
 a NNI of 1 Gbps to suit, so need at least 1Gbps with SFP options. Prefer
 ability for 10Gbps with SFP+.

 * 10 port minimum.

 * 1 or 2 RU preferred.

 * Dot1ad, q-in-q, double tagged. Pick your buzz word preference.

 * Pop/Push ability for c/s tags.

 * MPLS, bgp, OSPF, SP QoS, multicast etc.

 * DHCP option 82.

 * LACP

 * Dual power. AC.

 * All the mgmt. niceties. SNMP, SSH, traps, etc

 Having a Cisco background I have been looking at the Cisco ME 3800X-24FS.
 All off spec so far and haven't played with one in lab environments.
 Haven't had a chat to our cisco account team yep either.

 My background is only Cisco IOS, happy to learn new tricks though.

 Would appreciate thoughts on the selection and should I be considering
 alternatives?

 Cheers,

 Chris


 The information contained in this email may be confidential.
 You should only disclose, re-transmit, copy, distribute,
 act in reliance on or commercialise the information if you
 are authorised to do so. Gosford City Council does not
 represent, warrant or guarantee that the communication is
 free of errors, virus or interference.

 Gosford City Council complies with the Privacy and
 Personal Information Protection Act (1998).
 See Council's Privacy Statement at
 http://www.gosford.nsw.gov.au/council/privacy.html
 ___
 cisco-nsp mailing list  cisco-nsp@puck.nether.net
 https://puck.nether.net/mailman/listinfo/cisco-nsp
 archive at http://puck.nether.net/pipermail/cisco-nsp/

   --
 The information contained in this email may be confidential.
 You should only disclose, re-transmit, copy, distribute, act in reliance
 on or commercialise the information if you are authorised to do so. Gosford
 City Council does not represent, warrant or guarantee that the
 communication is free of errors, virus or interference.

 Gosford City Council complies with the Privacy and
 Personal Information Protection Act (1998). See Council's Privacy
 Statement http://www.gosford.nsw.gov.au/council/privacy.html

 --

___
cisco-nsp mailing list  cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/

[c-nsp] ASR-9010-AC vs ASR-9010-AC-V2

[Mattias Gyllenvarg]

Dear List

What is the difference between the chassie versions?

Is the V2 just a hardware revision?

-- 
*Best Regards*
*Mattias Gyllenvarg*
Senior Network Architect
Obduro Network AB
___
cisco-nsp mailing list  cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/

Re: [c-nsp] ASR-9010-AC vs ASR-9010-AC-V2

[Mattias Gyllenvarg]

One more round with google and it seems that it is the PEM that is upgraded.

• Power Entry Module and Power Supply Version 2: The new Power Entry Module
Version 2 (PEMv2) and Power Supply Version 2 for the Cisco ASR 9010 and ASR
9006 routers provide investment protection by offering increased power
efficiency and power density per Cisco ASR 9006 and ASR 9010 chassis. Cisco
PEMv2 is capable of holding up to four v2 power supplies. PEMv2 is field
upgradeable or may be configured with the Cisco ASR 9010 or ASR 9006
chassis.

As it is included in the chassie, I guess the chassie inherits the V2 from
the PEM.


On Thu, Jun 20, 2013 at 10:12 AM, Mikael Abrahamsson swm...@swm.pp.sewrote:

 On Thu, 20 Jun 2013, Mattias Gyllenvarg wrote:

  Dear List

 What is the difference between the chassie versions?

 Is the V2 just a hardware revision?


 V2 is probably the uprated FAN array, which means you can have DWDM optics
 in all slots in a 24x10GE card.

 --
 Mikael Abrahamssonemail: swm...@swm.pp.se




-- 
*Med Vänliga Hälsningar*
*Mattias Gyllenvarg*
___
cisco-nsp mailing list  cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/

Re: [c-nsp] Terminating lots of double-tagged vlans

[Mattias Gyllenvarg]

+1 ME3600X


On 23 May 2013 19:40, Pete Lumbis alum...@gmail.com wrote:

 EVCs might do the trick for you. On the 6k/7600 it requires ES/ES+ modules
 I believe. ASR1k and me3600/3800 can do it out of the box.


 http://www.cisco.com/en/US/docs/ios-xml/ios/cether/configuration/xe-3s/ce-ether-vc-infra-xe.html




 On Thu, May 23, 2013 at 9:25 AM, Simon Lockhart si...@slimey.org wrote:

  On Wed Apr 17, 2013 at 12:57:05PM -0700, Bruce Pinsky wrote:
   Simon Lockhart wrote:
I'm working on a project which uses GPON to connect tens of thousands
of properties in a fibre-to-the-home environment. Each property will
be handed off to me as a double-tagged vlan, one per property.
Obviously I don't want to manually create tens of thousands of
subinterfaces on a router, and I'm sure there's a better way of doing
this.
  
  
 
 http://www.cisco.com/en/US/docs/ios/lanswitch/configuration/guide/lsw_ieee_802.1q.html#wp1027258
  
 
  Well, I started down this route in the lab, and all was looking promising
  for
  the first ONT, running IPv4, and terminating onto an ASR1k IPv6
 didn't
  work, and a 2nd ONT wouldn't work.
 
  Then I found the caveat in the documentation - Only PPPoE is supported
 on
  ambiguous subinterfaces. Standard IP routing is not supported on
 ambiguous
  subinterfaces.
 
  PPPoE isn't going to work in our environment, as the ONT won't do it, and
  we're not mandating the use of a CPE router beyond the ONT (the user
 could
  plug their PC direct into the ONT).
 
  Is there any other way to make Standard IP routing work on ambiguous
  subinterfaces - i.e. using the encapsulation dot1q 101 second-dot1q any
  configuration syntax?
 
  Thanks in advance,
 
  Simon
  --
  Simon Lockhart |   * Server Co-location * ADSL * Domain Registration *
 Director|  * Domain  Web Hosting * Connectivity * Consultancy *
Bogons Ltd   | *  http://www.bogons.net/  *  Email: i...@bogons.net  *
  ___
  cisco-nsp mailing list  cisco-nsp@puck.nether.net
  https://puck.nether.net/mailman/listinfo/cisco-nsp
  archive at http://puck.nether.net/pipermail/cisco-nsp/
 
 ___
 cisco-nsp mailing list  cisco-nsp@puck.nether.net
 https://puck.nether.net/mailman/listinfo/cisco-nsp
 archive at http://puck.nether.net/pipermail/cisco-nsp/




-- 
*Med Vänliga Hälsningar - Best Regards*

*Mattias Gyllenvarg*
*Nätutveckling*
Bredband2

Tel: +46 406219712
___
cisco-nsp mailing list  cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/

Re: [c-nsp] Metro Ethernet nightmares (L2PT, PBB-VPLS, Load Balancing, EVPN)

[Mattias Gyllenvarg]

Hey Holger

EVPN is basiclly in beta and still a pipe dream on any realworld network as
far as I can see it.

Completely transparent, we react to nothing the customers sends above
ethernet switcing.

Any loadbalancing is done in IGP or in a few cases MPLS-TE manipulating IGP.

I have a feeling that your failing too separate the layers here. And also
perhaps, you may be fixing problems that you dont have yet.

We are aware of the semi-unfixable issues of AoMPLS clouds and are
awaiting EVPN too fix it as there is no real sollution to fix all this.
Except IP-VPN :)




On 6 May 2013 11:56, Holger L ci...@entrap.de wrote:

 Hi Mattias,

 On Mon, May 6, 2013 03:13, Mattias Gyllenvarg wrote:
  From what I gathered about this.
 
  EVPN (BGP signaled Ethernet VPN) will solve this as there are to many
  variants of Spanning tree that your clients can use that you today need
 to
  implement individually toward your customers.

 Right, do you know any commands to implement this? All I can find about
 this is just sales foo and does not include any commands or examples.

  We run QinQ in eighter ME3400 or ME3600x CPE and asr9k cores for VPLS
  (H-VPLS) customers.

 Are your lines transparent for customers STP, CDP, PVST+, etc.? Which
 technology do you use, L2PT, PBB or something different?
 How do you do load balancing in your core network? By Label?

  Though often not possible we try too get the customer too switch too
  IP-VPN
  as it is much more resilient in nature. More setup Less maintence.

 That's definitely true but most of the time not possible for our customers.

 Thanks and Best regards,
 Holger




-- 
*Med Vänliga Hälsningar - Best Regards*

*Mattias Gyllenvarg*
*Nätutveckling*
Bredband2

Tel: +46 406219712
___
cisco-nsp mailing list  cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/

Re: [c-nsp] Ang: Making SUP720 cope better under BGP load

[Mattias Gyllenvarg]

I can vouch for the asr9k in regards too performance. But the software
still is not as stable as you might want.
On May 2, 2013 9:52 AM, gustav.ulan...@steria.se wrote:

 Hello Simon.
 We are using asr1k for peering purposes and Sup2T in the core. We also
 have some sup 720 as PE routers.
 We find that the ASR1001 is alot faster at establishing our BGP sessions
 than both sup 720 and 2T. I would look into the ASR9001. Seems to be much
 better box than an ASR 1k box when you spec it to be able to push around
 40G. Often turns out cheaper than ASR1k boxes also.

 Gustav Uhlander
 Communication  Infrastructure Engineer

 Steria AB
 Kungsbron 13
 Box 169
 SE-101 23 Stockholm
 Sweden

 Tel: +46 8 622 42 15
 Fax: +46 8 622 42 23
 Mobile: +46 70 962 71 03
 gustav.ulan...@steria.se
 www.steria.se


 -cisco-nsp-boun...@puck.nether.net skrev: -
 Till: cisco-nsp@puck.nether.net
 Från: Simon Lockhart **
 Sänt av: cisco-nsp-boun...@puck.nether.net
 Datum: 2012-12-07 14:29
 Ärende: [c-nsp] Making SUP720 cope better under BGP load

 All,

 I'm currently using SUP720-3BXL's in my BGP border devices.  Obviously the
 SUP720 is not a particularly fast CPU, so it is pretty slow at bringing up
 a
 lot of BGP sessions.

 On one particular box, I've got 250 BGP neighbours - 1 full table transit,
 2
 IGP to route-reflectors, and the rest are peering sessions at an IXP.
 Recently,
 the IXP did maintenance causing the interface to drop, and it bought the
 box to
 its knees. The BGP Router process takes all the available CPU while it
 tries
 to re-establish the BGP sessions. While this is happening, the SUP720
 seems to
 give up processing other stuff in a timely manner - and I see MPLS LDP
 drop,
 OSPF neighbours drop, and then BGP sessions drop due to hold timer expires.
 With all these drops, it causes even more CPU load, and the cycle
 continues.

 I've been talking to other SUP720 using ISPs, and it seems that some see
 this
 same effect, and others don't.

 Currently running 12.2(33)SXJ3

 Are there any tweaks that I can apply to the IOS config to make the SUP720
 cope better in this sort of situation? I'd be happy for the BGP sessions to
 take a lot longer to re-establish, if it didn't kill everything else in the
 process...

 And, as a follow-on question, given that the SUP720 is so under-powered for
 BGP, what other options do I have which would cope better? SUP-2T? Or, if
 I need to move away from the 6500, what's good for BGP routing with about
 20-40G of throughput (i.e. 4-8 * 10GE ports)? How does the ASR9k or ASR1k
 range fair for BGP performance?

 Many thanks in advance,

 Simon
 ___
 cisco-nsp mailing list  cisco-nsp@puck.nether.net
 https://puck.nether.net/mailman/listinfo/cisco-nsp
 archive at http://puck.nether.net/pipermail/cisco-nsp/
 **

 ___
 cisco-nsp mailing list  cisco-nsp@puck.nether.net
 https://puck.nether.net/mailman/listinfo/cisco-nsp
 archive at http://puck.nether.net/pipermail/cisco-nsp/

___
cisco-nsp mailing list  cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/

Re: [c-nsp] IPv6 Transition - IP/MPLS Backbone

[Mattias Gyllenvarg]

Beware of one thing 6PE can not do.

BGPv6 over multi-hop will not work as there is no recursive lookup from v6
too v4 in your BGP speaker.
This is a feature, not a bug... so it will not be fixed.

Otherwise 6PE is a breeze.


On 14 April 2013 21:56, Ahmed Hilmy hilmy...@gmail.com wrote:

 Hello Expert,

 We are planning to deploy IPv6 at our IPv4 Backbone, our PE to as Dual
 Stack and carry IPv6 packet through MPLS label.
 There are different scenarios, one of them is 6PE.
 Would you please guide me from where can i start ?

 Thanks,

 Ahmed
 ___
 cisco-nsp mailing list  cisco-nsp@puck.nether.net
 https://puck.nether.net/mailman/listinfo/cisco-nsp
 archive at http://puck.nether.net/pipermail/cisco-nsp/




-- 
*Med Vänliga Hälsningar - Best Regards*

*Mattias Gyllenvarg*
*Nätutveckling*
Bredband2

Tel: +46 406219712
___
cisco-nsp mailing list  cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/

Re: [c-nsp] Using EoMPLS instead of end to end VLAN

[Mattias Gyllenvarg]

Multihop BGP would give you the benefit of any redundancy you have along
the path.


On 10 April 2013 19:14, Antonis Vosdoganis avo...@gmail.com wrote:

 We have a BGP session with a carrier delivered on ME3600-A. Because ME3600
 is not able to carry bgp table we have create vlan 100 and we and made the
 gigabit port access to vlan 100.

 7609 -- ME3600-B - ME3600-A --- BGP SESSION

  ME3600-A
 vlan 100
 name BGP_PEERING

  interface GigabitEthernet0/1
 description BGP_PEERING
 switchport access vlan 100

  ME3600-A and ME3600-B are interconnected with a trunk port.

  ME3600-B
 vlan 100
 name BGP_PEERING

  ME3600-B and 7609 are also interconnected with a trunk port

  CISCO 7609-S
 vlan 100
 name BGP_PEERING

  interface Vlan100
 description BGP_PEERING
 ip address XXX.XXX.XXX.XXX 255.255.255.248

 In all trunk ports we are using mpls enabled SVIs.

  So the vlan 100 travels all the way from ME3600-A to 7609 and the bgp
 session is running on 7609.


 I am trying to say is it possible to replace the vlan with EoMPLS and how?

  Best Regards

  Antonis.
 ___
 cisco-nsp mailing list  cisco-nsp@puck.nether.net
 https://puck.nether.net/mailman/listinfo/cisco-nsp
 archive at http://puck.nether.net/pipermail/cisco-nsp/




-- 
*Med Vänliga Hälsningar - Best Regards*

*Mattias Gyllenvarg*
*Nätutveckling*
Bredband2

Tel: +46 406219712
___
cisco-nsp mailing list  cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/

Re: [c-nsp] Sup2T - poor netflow performance

[Mattias Gyllenvarg]

Agreed!

Very nice platform, we got hit by the MPLS payload begins with 0x6 bug.
Couldn't believe it was true.

Also, not only is there no redundant RSP it is not replaceable either.


On 26 March 2013 22:19, Dumitru Ciobarcianu cisco-...@lnx.ro wrote:

 On 26-Mar-13 18:33 PM, Gert Doering wrote:
  Ugh.  I can't answer this - we have no Sup2T yet - but I would be very
  much interested in whether you can get this solved.  We're currently
  planning our next gen hardware, and it will either be ASR9001 or Sup2T
 -
  and we're leaning towards Sup2T because that's 6500, we know the
  platform... (famous last words).

 A bit offtopic:

 You're sure you didn't mean 9006 or 9010 ? You can't have redundant RSPs
 in ASR9001, and the chassis is maxed at 12 10G ports...

 ASR9001 is a really nice small machine but a bit immature imho.

 I have opened tickets for silly bugs like igmp snooping breaks ospf or
 show ip route command chrashed with SIGSEGV. (XR 4.3.0)

 Oh, and they finnaly released an SMU for onboard ports shutd down for
 no reason but only for 4.2.3, not 4.3.0 ...


 Dumitru it compiles? ship it! C.

 ___
 cisco-nsp mailing list  cisco-nsp@puck.nether.net
 https://puck.nether.net/mailman/listinfo/cisco-nsp
 archive at http://puck.nether.net/pipermail/cisco-nsp/




-- 
*Med Vänliga Hälsningar - Best Regards*

*Mattias Gyllenvarg*
*Nätutveckling*
Bredband2

Tel: +46 406219712
___
cisco-nsp mailing list  cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/

[c-nsp] Inga mer ds switchar

[Mattias Gyllenvarg]

Hej allihop

Vi kommer inte deplya några nya DS switchar, dessa kommer i framtiden vara
AS switchar.

De befinliga kommer endast döpas om om de samtidigt märks om på plats.

-- 
*Med Vänliga Hälsningar - Best Regards*

*Mattias Gyllenvarg*
*Nätutveckling*
Bredband2

Tel: +46 406219712
___
cisco-nsp mailing list  cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/

Re: [c-nsp] IOS XR and router rib rump always-replicate

[Mattias Gyllenvarg]

Sorry for the weak context.

I was just refering too removing PIM from within Core/Dist not inter-AS.




On 6 March 2013 08:26, Mikael Abrahamsson swm...@swm.pp.se wrote:

 On Wed, 6 Mar 2013, Mattias Gyllenvarg wrote:

  About that, Oliver, is multicast-BGP production ready in IOS ans IOS XR.
 Specifically ASR9k, 7606 Sup720, ME3600X and 3560/3750?


 People have been running multicast on XR (ASR9K) and 7600 since forever.
 I'd be more worried about ME3600X and 3560/3750, but at least on the
 3560/3750 they're mature platforms so I'd imagine it works there as well.


  Whould be nice too remove PIM from the core, just as Gert says limited use
 = limited support.


 How is multicast supposed to work without PIM?

 What Gert was talking about was Internet multicast, ie multicast between
 ISPs. Watching NASA multicast streams for instance (I did this at my
 university in ~1995). Very few commercial ISPs support this.


 --
 Mikael Abrahamssonemail: swm...@swm.pp.se




-- 
*Med Vänliga Hälsningar - Best Regards*

*Mattias Gyllenvarg*
*Nätutveckling*
Bredband2

Tel: +46 406219712
___
cisco-nsp mailing list  cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/

Re: [c-nsp] IOS XR and router rib rump always-replicate

[Mattias Gyllenvarg]

That is why I addressed Oliver directly. I had a discussion with him at
Cisco Live and this came up.

The idea is too use MPLS/BGP for transport/signaling. So, no PIM on
core/dist links. Only toward Customers and Peers.

I do'nt have the details as we have not yet looked into implementing but,
as Gert pointed out, we some times experience the same issue. That PIM is
forgotten because it is the odd protocol that no one uses except on the
node that your doing disaster recovery on. So, where as always looking for
the Keep it simple, stupid version.




On 6 March 2013 09:26, Mikael Abrahamsson swm...@swm.pp.se wrote:

 On Wed, 6 Mar 2013, Mattias Gyllenvarg wrote:

  I was just refering too removing PIM from within Core/Dist not inter-AS.


 How is multicast supposed to work at all whereever for L3 routing without
 PIM?

 I'll admit I'm a bit rusty and only know about PIM-SM and PIM-SSM, what
 other methods are there for controlling routed multicast?


 --
 Mikael Abrahamssonemail: swm...@swm.pp.se




-- 
*Med Vänliga Hälsningar - Best Regards*

*Mattias Gyllenvarg*
*Nätutveckling*
Bredband2

Tel: +46 406219712
___
cisco-nsp mailing list  cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/

Re: [c-nsp] IOS XR and router rib rump always-replicate

[Mattias Gyllenvarg]

That's it, seems too have alot of caveats on the ME3600X though.


On 6 March 2013 10:43, Christian Meutes christ...@errxtx.net wrote:

 On 06.03.2013, at 09:26, Mikael Abrahamsson swm...@swm.pp.se wrote:.

  How is multicast supposed to work at all whereever for L3 routing
 without PIM?
 
  I'll admit I'm a bit rusty and only know about PIM-SM and PIM-SSM, what
 other methods are there for controlling routed multicast?

 You need mLDP or RSVP for that, Label-Switched-Multicast. Cisco currently
 goes the mLDP course, while others go NG-Multicast.




-- 
*Med Vänliga Hälsningar - Best Regards*

*Mattias Gyllenvarg*
*Nätutveckling*
Bredband2

Tel: +46 406219712
___
cisco-nsp mailing list  cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/

Re: [c-nsp] BGP route won't advertise

[Mattias Gyllenvarg]

Just too add...

With communities you make your own rules. As in Petes example you make up
what numbers you want and how they look.

In Petes example he uses the most common way of implementing this. Which is
a single large community number with several purposes.

In our design, which I have not seen anyone else do, we have many
communities per prefix that has an individual purpose each.

Plus side is no complex regexp that can be hard too design and troubleshoot.
Minus is more communities.

Our cheat sheet looks something like.

100-199 What ISP originated?
200-299 POP
600-650 How too announce
etc etc

I think and the guys here (at work, not the list) agree that this is easier
too work with.

Don't fall into the make it complex because you can trap. Its hard too
get out...


On 6 March 2013 15:16, Pete Templin peteli...@templin.org wrote:

 On 2/28/13 10:35 AM, Jerry Bacon wrote:

  It's complicated. I am doing transit for this customer, be we have
 common upstream peers, and I need to disallow his other advertisements.
 I'm sure there are better ways to do this, but my real problem is that I
 can't get one of my routers to advertise his routes, while the other one
 does.


 Jon is right, deny or allow+tag is the way to go.

 Simple example: ASN in this case is your ASN.  Make a cheat sheet like
 this: ASN:ABCDE.  The right side breaks out to:

 A (route category) = 1 for customer, 2 for yours, 3 for upstream
 BC = pop number, set to 01 for now if you want a starting point.
 DE = future expansion, set to 00 for now as a starting point.

 This customer's routes would get tagged ASN:10100, your own aggregates
 would get tagged ASN:20100, and upstream routes would get tagged ASN:30100.

 ip community-list 101 permit ASN:1
 ip community-list 102 permit ASN:2
 ip community-list 103 permit ASN:3

 route-map transit-out p 10
  match commu 101
 route-map transit-out p 20
  match commu 102
 route-map transit-out d 30
  match commu 103

 Bingo, this prefix goes out, but other routes from that customer's AS
 (learned from one transit) don't flow to the other transit.

 pt
 __**_
 cisco-nsp mailing list  cisco-nsp@puck.nether.net
 https://puck.nether.net/**mailman/listinfo/cisco-nsphttps://puck.nether.net/mailman/listinfo/cisco-nsp
 archive at 
 http://puck.nether.net/**pipermail/cisco-nsp/http://puck.nether.net/pipermail/cisco-nsp/




-- 
*Med Vänliga Hälsningar - Best Regards*

*Mattias Gyllenvarg*
*Nätutveckling*
Bredband2

Tel: +46 406219712
___
cisco-nsp mailing list  cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/

Re: [c-nsp] IOS XR and router rib rump always-replicate

[Mattias Gyllenvarg]

About that, Oliver, is multicast-BGP production ready in IOS ans IOS XR.
Specifically ASR9k, 7606 Sup720, ME3600X and 3560/3750?

Whould be nice too remove PIM from the core, just as Gert says limited use
= limited support.


On 1 March 2013 19:23, Gert Doering g...@greenie.muc.de wrote:

 Hi,

 On Fri, Mar 01, 2013 at 02:56:07PM +0100, Mikael Abrahamsson wrote:
  I haven't tried to get Internet multicast working for a few years,
  basically because nobody used it. We had it working via transit and a few
  peers a few years back, I have no idea if it works now or not.

 Our experience: it doesn't.  We turned it off with our upstreams a few
 years back, because every time someone wanted to use it for real
 (every few months) we found that some upstream changes had broken
 it again, like turning up new links but forgetting PIM on them and
 such.

 And debugging this is a major nightmare, as you need clueful people
 to look at every single step.  Which, unfortunately, neither of our
 then-upstreams were able to provide (we do not see a problem, can
 we close the case?).

 gert

 --
 USENET is *not* the non-clickable part of WWW!
//
 www.muc.de/~gert/
 Gert Doering - Munich, Germany
 g...@greenie.muc.de
 fax: +49-89-35655025
 g...@net.informatik.tu-muenchen.de

 ___
 cisco-nsp mailing list  cisco-nsp@puck.nether.net
 https://puck.nether.net/mailman/listinfo/cisco-nsp
 archive at http://puck.nether.net/pipermail/cisco-nsp/




-- 
*Med Vänliga Hälsningar - Best Regards*

*Mattias Gyllenvarg*
*Nätutveckling*
Bredband2

Tel: +46 406219712
___
cisco-nsp mailing list  cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/

Re: [c-nsp] 802.1Q-in-Q VLAN Tag Termination on 7600/6500 OSN modules

[Mattias Gyllenvarg]

Yes and No

You can do better.

But you need to learn about EVC and EFP.

They can basically do whatever you can think of with tags and the attach
that too a SVI (evc in nextgeneration gear).

So, say you want too do a ip unnumbered setup. you just point individual
tags on individial interfaces too a common EVC. Your gonna love it when you
get your head around it.


On 28 February 2013 10:41, Davide Ambrosi davide.ambr...@trivenet.itwrote:

 Hello Mattias,
 but in the ME3600X (or ME3800X) is it possible to apply a
 configuration like this ?

 interface gigabitethernet0/1.10100
 no switchport
 encapsulation dot1q 10 second-dotq 100
 ip address 10.0.0.1 255.255.255.0


 with the ES+ (and I think also with 7600-SIP-400 + SPA-5X1GE-V2) is
 possible.

 Thanks,
 Davide

 2013/2/28 Mattias Gyllenvarg mattias.gyllenv...@bredband2.se:
  Do it in the 3600X, thats what there good at.
 
 
  On 28 February 2013 09:55, Davide Ambrosi davide.ambr...@trivenet.it
  wrote:
 
  Thanks Mack,
  so I have to change all the 7603 boxes and move to 7603-S to support
  the ES+ cards and upgrade all the supervisors to SUP720-3B minimum.
  Moving to ASR's series (like the ASR1002) could be a good alternative
  choice because of the limited GE ports I need on the small POP's (5
  GE) ?
 
  Davide
 
 
  2013/2/27 Mack McBride mack.mcbr...@viawest.com:
   The ES+ cards are the way to go.
   The OSM modules aren't going to do what you want.
   In addition they aren't properly supported in newer code.
  
   LR Mack McBride
   Network Architect
  
   -Original Message-
   From: cisco-nsp-boun...@puck.nether.net
   [mailto:cisco-nsp-boun...@puck.nether.net] On Behalf Of Davide
 Ambrosi
   Sent: Wednesday, February 27, 2013 9:32 AM
   To: cisco-nsp@puck.nether.net
   Subject: [c-nsp] 802.1Q-in-Q VLAN Tag Termination on 7600/6500 OSN
   modules
  
   Hello,
  
   We have some 7603 boxes with SUP720/SUP2 installed as main supervisor
 in
   our MPLS Edge sites.
  
   Now we need to terminate QinQ VLAN directly on one or more GE
 interfaces
   of the 7603 routers because we are planning to introduce metro
 ethernet
   tecnologies (ME3400E/ME3600X) in our fiber and microwave access
 network for
   reducing the VLAN configured between the switches located in the
 access
   network (now we have 1 VLAN = 1 Customer).
  
   I see that 7600 catalyst modules doesn't support QinQ VLAN termination
   (the command encapsulation dot1q outer-vlan second-dot1q inner-vlan)
   because they are LAN modules.
  
   Is there anyone who tested QinQ termination on old 7600 OSN GE modules
   like the OSM-2+4GE-WAN+ ? If not supported the only way to support
 QinQ is
   to buy new (expensive) 7600-S chassis + ES cards or SIP-400 and SPAs
 V2 ?
  
   In out network environment we have also some 7609-S(RSP720) with ES+
   card located into the core an large aggregation sites and with this
   equipment we don't have problems because the QinQ Termination is
 supported
   on ES+ card.
  
  
   Davide
   ___
   cisco-nsp mailing list  cisco-nsp@puck.nether.net
   https://puck.nether.net/mailman/listinfo/cisco-nsp
   archive at http://puck.nether.net/pipermail/cisco-nsp/
 
  ___
  cisco-nsp mailing list  cisco-nsp@puck.nether.net
  https://puck.nether.net/mailman/listinfo/cisco-nsp
  archive at http://puck.nether.net/pipermail/cisco-nsp/
 
 
 
 
  --
  *Med Vänliga Hälsningar - Best Regards*
 
  *Mattias Gyllenvarg*
  *Nätutveckling*
  Bredband2
 
  Tel: +46 406219712
 




-- 
*Med Vänliga Hälsningar - Best Regards*

*Mattias Gyllenvarg*
*Nätutveckling*
Bredband2

Tel: +46 406219712
___
cisco-nsp mailing list  cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/

Re: [c-nsp] list wisdom please, Cisco switches

[Mattias Gyllenvarg]

Added arp inspection too your list.

- dhcp option 82 support
- dhcp snooping
- DAI
- port security
- urpf on first hop
- RA guard / dhcpv6 snooping / ND guard if you're providing ipv6
- broadcast / multicast storm control
- lan broadcast segmentation for session hijack protection
- common L2 domain for public IP address assignment efficiency

- ip arp inspection vlan vlan-id


On 15 January 2013 23:09, Nick Hilliard n...@foobar.org wrote:

 On 15/01/2013 19:43, Blake Dunlap wrote:
  Yeah that's the reason. Its not about talking to one another, its about
  protecting from attacks that could allow snooping on traffic flows, to
  hijacking.

 This is mildly troublesome.  What you really want in your switch is:

 - dhcp option 82 support
 - dhcp snooping
 - DAI
 - port security
 - urpf on first hop
 - RA guard / dhcpv6 snooping / ND guard if you're providing ipv6
 - broadcast / multicast storm control
 - lan broadcast segmentation for session hijack protection
 - common L2 domain for public IP address assignment efficiency

 note that the last two cannot easily be achieved without per-port dhcp
 filtering.

 Nick

 ___
 cisco-nsp mailing list  cisco-nsp@puck.nether.net
 https://puck.nether.net/mailman/listinfo/cisco-nsp
 archive at http://puck.nether.net/pipermail/cisco-nsp/




-- 
*Med Vänliga Hälsningar - Best Regards*

*Mattias Gyllenvarg*
*Nätutveckling*
Bredband2

Tel: +46 406219712
___
cisco-nsp mailing list  cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/

Re: [c-nsp] Advanced Metro license, ME-3600

[Mattias Gyllenvarg]

Have had both ways. Always get them preinstalled now.

Licencing process is a pain.

On 27 September 2012 00:35, Eric A Louie elo...@yahoo.com wrote:

 Hey folks, I'm trying to get the straight scoop on the licensing issue

 I received an ME 3600x from my reseller, without the Advanced Metro
 license.  I
 did order the license from them.  Is there a normal wait for getting it,
 or is
 the reseller trying to smokescreen me?  Or, should I have received the
 license
 on shipment of the switch?

  Much appreciated,
 Eric Louie
 ___
 cisco-nsp mailing list  cisco-nsp@puck.nether.net
 https://puck.nether.net/mailman/listinfo/cisco-nsp
 archive at http://puck.nether.net/pipermail/cisco-nsp/




-- 
*Med Vänliga Hälsningar - Best Regards*

*Mattias Gyllenvarg*
*Nätutveckling*
Bredband2 - bara hårda paket

Tel: +46 406219712
___
cisco-nsp mailing list  cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/

Re: [c-nsp] IOS XR

[Wyatt Mattias Gyllenvarg]

Dear Mohamed/List

If you go with 4.1.0 do not miss the appropriate SMUs or you will have
nasty surpises.

//Mattias

2011/9/5 mohamed Osama Saad Abo sree mohamed.abos...@gmail.com:
 Hello,

 I'm wondering if any one had upgraded to IOS XR release Version 4.1.1 and
 face any Bugs or issues that came out after using it?

 Thanks,
 Mohamed Osama
 ___
 cisco-nsp mailing list  cisco-nsp@puck.nether.net
 https://puck.nether.net/mailman/listinfo/cisco-nsp
 archive at http://puck.nether.net/pipermail/cisco-nsp/


___
cisco-nsp mailing list  cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/

Re: [c-nsp] ASR9k A9K-8T-L LC crash and reload

[Wyatt Mattias Gyllenvarg]

Hi Piotr

IOS is 4.1.0 and all fpd:s are updated.

We agree that this is unlikely a hw-problem, and that is why I am
looking too the community for hints.

We have had the PIM process crash in the 7606 a few times, right now
Im looking into SRD6 as a cause of the punts on the ASRs causing the
reload.

Best Regards
Mattias Gyllenvarg
Bredband2

2011/6/16 Piotr Wojciechowski pe...@peper.eu.org:
 On 6/16/11 14:25 , Wyatt Mattias Gyllenvarg wrote:
 Hi All

 We are having an issue with a ring of 3 ASR9010 and one 7606
 Sup7203BXL with 6704-DFC3BLX.


 Hi,

 Because problem occurs on multiple chassis I would guess hardware
 problems are unlikely.

 Have you performed software upgrade after you got them from factory? If
 yes did you perform upgrade of FPD too?

 Regards,

 --
 Piotr Wojciechowski  (CCIE #25543)  | The trouble with being a god is
 http://ccieplayground.wordpress.com | that you've got no one to pray to
 JID: pe...@jabber.org               |   -- (Terry Pratchett, Small Gods)


 ___
 cisco-nsp mailing list  cisco-nsp@puck.nether.net
 https://puck.nether.net/mailman/listinfo/cisco-nsp
 archive at http://puck.nether.net/pipermail/cisco-nsp/


___
cisco-nsp mailing list  cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/

[c-nsp] ASR9k A9K-8T-L LC crash and reload

[Wyatt Mattias Gyllenvarg]

Hi All

We are having an issue with a ring of 3 ASR9010 and one 7606
Sup7203BXL with 6704-DFC3BLX.

The LCs facing the 7606 crash and reload randomly (once they have
reloaded at the same time).

Both cards are in slot 0/2 and have if Te0/2/0/0 facing the 7606.

All the ASR machines have the same physical configuration.
0/0 A9K-40GE-L
0/1 A9K-8T-L LC
0/2 A9K-8T-L LC

Dual RSPs 4G Running 4.1.0 all fpd are updated

Very little traffic is being forwarded as we have not yet migrated
fully too this new setup.

Running Protocolls are:
OSPF
MPLS LDP
PIM
BGP
IPv6 PE
CDP

All interfaces are routed.

Log shows:


LC/0/2/CPU0:Jun 16 11:27:54.502 : pfm_node_lc[267]:
%PLATFORM-DIAGS-0-LC_NP_LOOPBACK_FAILED :
Set|online_diag_lc[163921]|Line card NPU loopback Test(0x206)|
LC/0/2/CPU0:Jun 16 11:27:54.509 : pfm_node_lc[267]:
prm_fast_reset_subset fast reset api succeeded for chan 4
LC/0/2/CPU0:Jun 16 11:27:54.510 : pfm_node_lc[267]: NP loopback
recovery action: Succeded (NP bitmask:0x10)
LC/0/2/CPU0:Jun 16 11:27:57.975 : prm_server[278]:
%PLATFORM-NP-0-INIT_ERR : *** Error 0xA0003F03 : prm_np_fast_reset :
Channel 4 Config Start Fast Reset failed, line
LC/0/2/CPU0:Jun 16 11:27:57.976 : prm_server[278]: Line card needs to
be reloaded, a reboot is being requested
RP/0/RSP0/CPU0:Jun 16 11:27:58.031 : shelfmgr[352]:
%PLATFORM-SHELFMGR-3-NODE_CPU_RESET : Node 0/2/CPU0 CPU reset
detected.
RP/0/RSP0/CPU0:Jun 16 11:27:58.032 : shelfmgr[352]:
%PLATFORM-SHELFMGR-6-NODE_STATE_CHANGE : 0/2/CPU0 A9K-8T-L
state:BRINGDOWN
RP/0/RSP0/CPU0:Jun 16 11:27:58.075 : invmgr[234]:
%PLATFORM-INV-6-NODE_STATE_CHANGE : Node: 0/2/CPU0, state: BRINGDOWN
RP/0/RSP0/CPU0:Jun 16 11:28:04.026 : shelfmgr[352]:
%PLATFORM-SHELFMGR-6-NODE_STATE_CHANGE : 0/2/CPU0 A9K-8T-L
state:ROMMON
RP/0/RSP0/CPU0:Jun 16 11:28:26.636 : shelfmgr[352]:
%PLATFORM-SHELFMGR_HAL-6-BOOT_REQ_RECEIVED : Boot Request from
0/2/CPU0, RomMon Version: 1.3
RP/0/RSP0/CPU0:Jun 16 11:28:26.639 : shelfmgr[352]:
%PLATFORM-MBIMGR-7-IMAGE_VALIDATED : Remote location 0/2/CPU0: : MBI
tftp:/disk0/asr9k-os-mbi-4.1.0/lc/mbiasr9k-lc
RP/0/RSP0/CPU0:Jun 16 11:28:26.639 : shelfmgr[352]:
%PLATFORM-SHELFMGR-6-NODE_STATE_CHANGE : 0/2/CPU0 A9K-8T-L
state:MBI-BOOTING
RP/0/RSP0/CPU0:Jun 16 11:29:26.295 : shelfmgr[352]:
%PLATFORM-SHELFMGR-6-NODE_STATE_CHANGE : 0/2/CPU0 A9K-8T-L
state:MBI-RUNNING
LC/0/2/CPU0:16: init[65540]: %OS-INIT-7-MBI_STARTED : total time 10.058 seconds
LC/0/2/CPU0:Jun 16 11:29:29.619 : insthelper[61]:
%INSTALL-INSTHELPER-7-PKG_DOWNLOAD : MBI running; starting software
download
LC/0/2/CPU0:Jun 16 11:29:47.569 : sysmgr[89]: %OS-SYSMGR-5-NOTICE :
Card is COLD started
LC/0/2/CPU0:Jun 16 11:29:47.833 : init[65540]:
%OS-INIT-7-INSTALL_READY : total time 32.328 seconds
LC/0/2/CPU0:Jun 16 11:29:49.240 : sysmgr[320]: %OS-SYSMGR-6-INFO :
Backup system manager is ready
LC/0/2/CPU0:Jun 16 11:29:50.345 : syslog_dev[87]: dumper_config[148]:
LC/0/2/CPU0:Jun 16 11:29:50.356 : syslog_dev[87]: dumper_config[148]:
The node id is 2081

And the normal reload of the LC and everything goes back to normal.

TAC case has been created but no awnser so far.

We have not found any relevant SMU or know bugs.

I found the following in one of the ASRs.


RP/0/RSP0/CPU0:core-foo-bar-1#sh asic-errors fia 0 all location 0/RSP0/CPU0


*  Generic Errors  *

Name: OC_INTERNAL_LOG_RF_UNEXP_SEG-GENERIC
Node Key: 0x1050015
Thresh/period(s): 10/2   Alarm state: OFF
Error count : 2
Last clearing   : Sat Jun 11 08:04:44 2011
Last N errors   : 2
--
First N errors.
@Time, Error-Data
--
Jun 11 08:04:44.498: RF unexp seg log
oc 0, addr 0x0, src 2
fa00 fafafafa 0ffafafa 0f020f02 - 020e0f02 020e020e 0f020f0e 0f020f02
00020202

Jun 16 11:27:58.019: RF unexp seg log
oc 0, addr 0x0, src 2
e15b5b5b e1e1e1e1 0fe1e1e1 0f020f02 - 020e0f02 020e020e 0e020e0e 0e020e02
00020202

--
Name: OC_RF1_INT_LO_UNEXP_SEG-GENERIC
Node Key: 0x10501c7
Thresh/period(s): 10/2   Alarm state: OFF
Error count : 2
Last clearing   : Sat Jun 11 08:04:44 2011
Last N errors   : 2
--
First N errors.
@Time, Error-Data
--
Jun 11 08:04:44.498: OC_RF1_INT_MSK
Jun 16 11:27:58.019: OC_RF1_INT_MSK
--

*ASIC Reset Errors *


Any opinions or comments appreciated!

Best Regards
Mattias Gyllenvarg
Bredband2
Sweden
___
cisco-nsp mailing list  cisco-nsp

Re: [c-nsp] Recieving Dying Gasp notifications

[Wyatt Mattias Gyllenvarg]

Heir heir

This is a feature I would like too see. But via syslog, I dont know if
there is enough running time for the switch too create a packet and
send it before the psu is drained.

Otherwise I guess a regular DG that could be logged if enabled would
work aswell.

This would save alot of time when trying to narrow down a link down
due too powerloss.

//Wyatt Gyllenvarg
Bredband2
Sweden


2010/6/17 Atif Sid guru6...@gmail.com:
 http://www.cisco.com/en/US/products/ps9637/index.html

 ME3400 series support the feature.

 On Tue, Jun 15, 2010 at 12:27 PM, Kaegler, Mike kaegl...@tessco.com wrote:

 I have a few remote sites which can be prone to power failures. For
 various reasons, implementing UPSs with management cards is not suitable
 and/or desirable.

 The remote equipment all supports Dying Gasp, however, but I cannot seem
 to find a way to make my 7200s, 3800s, or 2600s to receive the DG
 notifications. Google seems to indicate that only the CRS-1 will do it.

 This seems a pretty simple  low-cost feature... is there truly no Cisco
 support for receiving DG on sub-million-dollar routers?
 -porkchop

 ___
 cisco-nsp mailing list  cisco-...@puck.nether.net
 https://puck.nether.net/mailman/listinfo/cisco-nsp
 archive at http://puck.nether.net/pipermail/cisco-nsp/

 ___
 cisco-nsp mailing list  cisco-...@puck.nether.net
 https://puck.nether.net/mailman/listinfo/cisco-nsp
 archive at http://puck.nether.net/pipermail/cisco-nsp/


___
cisco-nsp mailing list  cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/

Re: [c-nsp] Multicast trickery

[Wyatt Mattias Gyllenvarg]

Dear All

Paul, thank you for your reply!

I will test some of this today.

What I am missing in my understanding of this is 2 major things.

How would I get the SVI toward the flooding multicast provider to know
what floods it is receiving? ip mroute? or does it learn when a
certain packet is recieved? Perhaps I have not waited long enough?
What would a static multicast route look like, all my attempts
indicate that I don not understand how it works :p

Best regards
Mattias Gyllenvarg
Omnitron

2009/10/20 Paul Cosgrove paul.cosgrove@gmail.com:
 Hi Mattias

 If I understand your topology correctly, the configuration should be very
 similar to what you would use for any other internal source.  The difference
 in this case that the source in this case is the provider network, and being
 untrusted requires additional precautions on the input interface (only).

 Considering a conventional Anycast RP multicast topology for a moment, when
 the multicast packets are received by the DR, the DR encapsulates the
 packets as unicast register messages and sends them to the nearest RP for
 that group.  The RP effectively converts the first register messages to a
 source active message, and then sends the SA to each configured MSDP peer.
 In this example the SA is originated because a register messages has been
 received for a new source.  The register message is sent to that router
 because it is a active RP for the group.

 Since you are using BSR you have only one active RP for each group, and is
 may be important which that is in this case.  Is your second C-RP is the
 active RP for the group you are having problems with?  Tested a topology
 with a combined DR and RP, some years ago.   It may work if you run PIM-SM
 and the RP is the DR for the subnet, but if I recall correctly, behaviour
 differed between different routers/software versions and it did not work
 well/often.  You should be able to test this easily enough by debugging msdp
 and pinging an unused multicast group from a router connected to your RP.
 With pim-sm enabled on the RP's input interface, and the RP elected as DR,
 you may still find that no SA is originated.

 You could try to persuade your second provider to provide MSDP and BGP
 information, but I guess you have already tried that approach.
 Alternatively attach another router to your RP and have the provider present
 the multicast stream on that.  As well as the bsr boundary, and acls to stop
 pim (inc unicast pim), make sure you have pim register rate-limit applied.
 You must also make sure that traffic to the auto rp groups is not permitted
 into your network.  IP multicast boundary is useful.

 The method in the link that Hans provided should also work, though I would
 think it wise to test in a lab first if you are thinking of applying it to
 one of your main C-RP routers; or apply it on another router entirely.  The
 acl you mentioned will not stop multicast packets sent by the router on
 which it is applied, and that is likely to be why multicast traffic is still
 leaking through.  If this router is the RP for a particular multicast group,
 when one of your sources begins sending to a group, the first packet the RP
 router receives is as a unicast register message, which it decapsulates
 before transmission. The path of the packet through the router is not the
 same as for native multicast, since it is unicast to the RP and has to be
 punted to the CPU; it may be that these decapsulated packets are not being
 filtered.  If you have static RP definitions anywhere in your network,
 traffic to groups without a configured RP might also be leaking out.  IP
 multicast boundary may help.

 You mentioned Anycast-RP, and using that with static RP definitions is quite
 straightforward to configure and maintain, perhaps easier than you think.

 Paul.

 On Tue, Oct 20, 2009 at 6:03 PM, Wyatt Mattias Gyllenvarg
 wyatt.elias...@gmail.com wrote:

 Hi Hans

 I have set BSR-BORDER on the interface, so that should not be it.

 I want too run PIM-DM but as long as I send PIM-packets I can not.

 Anyone have a theory about the filter not biting?
 Im not at work now but it looks something like.
 Deny ip pim any any
 Deny ip any multicast
 Permit any any

 Best regards
 Mattias Gyllenvarg

 2009/10/20 Hans Verkerk hverk...@winitu.com:
  Hi,
 
   If I run PIM-DM they call me in a hurry and tell me that my PIM
  packets are disturbing the network. Maybe your BSR packets are
  interfering with SP2's network, so include ip pim bsr-border on
  interface facing SP2.
 
  PIM DM sources can be distributed as follows into MSDP:
 
  http://www.cisco.com/en/US/docs/ios/ipmulti/configuration/guide/imc_msdp
  _im_pim_sm_ps6350_TSD_Products_Configuration_Guide_Chapter.html#wp105549
  3
 
 
  HTH,
  Hans
 
  -Original Message-
  From: cisco-nsp-boun...@puck.nether.net
  [mailto:cisco-nsp-boun...@puck.nether.net] On Behalf Of Wyatt Mattias
  Gyllenvarg
  Sent: Tuesday, October 20, 2009 6:23 PM
  To: cisco-nsp

[c-nsp] Multicast trickery

[Wyatt Mattias Gyllenvarg]

Hi All

I am in need of pointers regarding a multicast configuration that does
not fit the models found online or in the literature I have at hand.

The network is built on PIM-SM with 2 BSR-RP routers (core1 and core2).

At Core1 we receive a set of Multicast streams from IPTV-Provider 1
via PIM-SM and MSDP, this works fine.
The mroutes are announced to Core2 via MSDP, works fine.
At Core2 we receive a set of Multicasts that are flooded too us, this
is the problem source.

I can't distribute this in MSDP if I run PIM-SM.
If I run PIM-DM they call me in a hurry and tell me that my PIM
packets are disturbing the network.
 - So long I have not been able to filter out PIM packets with
outbound acls on the SVI.
I have used IP IGMP unidirectional...  but that broke MSDP between the cores.
Trying ip mroute gave me invalid source address

How should I proceed too accept the multicast streams and inject them into MDSP.

My hope is that I will get to a point where I can use MSDP between
cores and ANYCAST my RPs.

Best regards
Mattias Gyllenvarg
Omnitron
Sweden
___
cisco-nsp mailing list  cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/

Re: [c-nsp] Multicast trickery

[Wyatt Mattias Gyllenvarg]

Hi Hans

I have set BSR-BORDER on the interface, so that should not be it.

I want too run PIM-DM but as long as I send PIM-packets I can not.

Anyone have a theory about the filter not biting?
Im not at work now but it looks something like.
Deny ip pim any any
Deny ip any multicast
Permit any any

Best regards
Mattias Gyllenvarg

2009/10/20 Hans Verkerk hverk...@winitu.com:
 Hi,

  If I run PIM-DM they call me in a hurry and tell me that my PIM
 packets are disturbing the network. Maybe your BSR packets are
 interfering with SP2's network, so include ip pim bsr-border on
 interface facing SP2.

 PIM DM sources can be distributed as follows into MSDP:

 http://www.cisco.com/en/US/docs/ios/ipmulti/configuration/guide/imc_msdp
 _im_pim_sm_ps6350_TSD_Products_Configuration_Guide_Chapter.html#wp105549
 3


 HTH,
 Hans

 -Original Message-
 From: cisco-nsp-boun...@puck.nether.net
 [mailto:cisco-nsp-boun...@puck.nether.net] On Behalf Of Wyatt Mattias
 Gyllenvarg
 Sent: Tuesday, October 20, 2009 6:23 PM
 To: cisco-nsp@puck.nether.net
 Subject: [c-nsp] Multicast trickery

 Hi All

 I am in need of pointers regarding a multicast configuration that does
 not fit the models found online or in the literature I have at hand.

 The network is built on PIM-SM with 2 BSR-RP routers (core1 and core2).

 At Core1 we receive a set of Multicast streams from IPTV-Provider 1
 via PIM-SM and MSDP, this works fine.
 The mroutes are announced to Core2 via MSDP, works fine.
 At Core2 we receive a set of Multicasts that are flooded too us, this
 is the problem source.

 I can't distribute this in MSDP if I run PIM-SM.
 If I run PIM-DM they call me in a hurry and tell me that my PIM
 packets are disturbing the network.
  - So long I have not been able to filter out PIM packets with
 outbound acls on the SVI.
 I have used IP IGMP unidirectional...  but that broke MSDP between the
 cores.
 Trying ip mroute gave me invalid source address

 How should I proceed too accept the multicast streams and inject them
 into MDSP.

 My hope is that I will get to a point where I can use MSDP between
 cores and ANYCAST my RPs.

 Best regards
 Mattias Gyllenvarg
 Omnitron
 Sweden
 ___
 cisco-nsp mailing list  cisco-...@puck.nether.net
 https://puck.nether.net/mailman/listinfo/cisco-nsp
 archive at http://puck.nether.net/pipermail/cisco-nsp/

___
cisco-nsp mailing list  cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/

[c-nsp] ME3400-24FS 12.2(46)SE METROIPACCESS with no MLS QOS commands

[Wyatt Mattias Gyllenvarg]

Hi all!

I've been racking my brain over this for a day now.

I have a multicast stream that I have marked with a DSCP value close
at the core of my net.
I subscribe too it in an ME3400-24FS (12.2(46)SE METROIPACCESS).

The problem is that the switch, contrary too documentation, has no
mls qos commands.
Neither global nor interface commands. I haven't found any reference
too this change anywhere.

So, how do I get it too trust the DSCP values it on the uplink port so
I can reserve bandwidth for it on the outgoing port.

Best regards
Mattias Gyllenvarg
___
cisco-nsp mailing list  cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/

Re: [c-nsp] ME3400-24FS 12.2(46)SE METROIPACCESS with no MLS QOS commands

[Wyatt Mattias Gyllenvarg]

Hi Claes

I figured that something like that would work, but it seems a like a
stretch compared too mls qos trust.
I will run a version of your config for the time being.

Thanks
Mattias Gyllenvarg

2009/4/15 Claes Jansson cl...@gastabud.com:
 Hi Mattias!

 I've been in the same position as you are now :-) But I finally solved it 
 with the following config... The key is the input service-policy on the 
 uplink interface it seems...

 !
 class-map match-any video
  match ip dscp af41
 class-map match-any voice
  match ip dscp ef
 !
 policy-map uplink-in
  class video
  set dscp af41
  class voice
  set dscp ef
 !
 interface GigabitEthernet0/1
  port-type nni
  switchport mode trunk
  service-policy input uplink-in
 !

 And then for the customer interfaces i attach a policy-map that looks like 
 this...

 // Shaping customer internet trafic at 10Mbit/s
 !
 policy-map 10out
  class voice
priority
police cir 300
  class video
shape average 5000
  class class-default
shape average 1000
 !

 Best regards.

//Claes Jansson

 At 08:47 2009-04-15, you wrote:
Hi all!

I've been racking my brain over this for a day now.

I have a multicast stream that I have marked with a DSCP value close
at the core of my net.
I subscribe too it in an ME3400-24FS (12.2(46)SE METROIPACCESS).

The problem is that the switch, contrary too documentation, has no
mls qos commands.
Neither global nor interface commands. I haven't found any reference
too this change anywhere.

So, how do I get it too trust the DSCP values it on the uplink port so
I can reserve bandwidth for it on the outgoing port.

Best regards
Mattias Gyllenvarg
___
cisco-nsp mailing list  cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/


___
cisco-nsp mailing list  cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/

Re: [c-nsp] ME3400-24FS 12.2(46)SE METROIPACCESS with no MLS QOS commands

[Wyatt Mattias Gyllenvarg]

Hey All

Thanks for your answers.

Here is the end result.

The equivalent config for mls qos trust dscp on a physical interface
on a ME3400 is.

policy-map uplink
 class class-default
  set dscp dscp

interface gix/y
 service-policy input uplink

User friendly clue was:

me3400(config-pmap-c)#set dscp ?
  snip
  dscpSet packet dscp from dscp


Enjoy
Mattias Gyllenvarg


2009/4/15 Tassos Chatzithomaoglou ach...@forthnet.gr:
 Mattias,

 I believe the default mode is to not change the CoS/DSCP of packets, so you
 shouldn't have any problem.
 Also, you can use a policy-map under the interface if you want to modify the
 above.


 --
 Tassos


 Wyatt Mattias Gyllenvarg wrote on 15/04/2009 09:47:

 Hi all!

 I've been racking my brain over this for a day now.

 I have a multicast stream that I have marked with a DSCP value close
 at the core of my net.
 I subscribe too it in an ME3400-24FS (12.2(46)SE METROIPACCESS).

 The problem is that the switch, contrary too documentation, has no
 mls qos commands.
 Neither global nor interface commands. I haven't found any reference
 too this change anywhere.

 So, how do I get it too trust the DSCP values it on the uplink port so
 I can reserve bandwidth for it on the outgoing port.

 Best regards
 Mattias Gyllenvarg
 ___
 cisco-nsp mailing list  cisco-nsp@puck.nether.net
 https://puck.nether.net/mailman/listinfo/cisco-nsp
 archive at http://puck.nether.net/pipermail/cisco-nsp/

 ___
 cisco-nsp mailing list  cisco-nsp@puck.nether.net
 https://puck.nether.net/mailman/listinfo/cisco-nsp
 archive at http://puck.nether.net/pipermail/cisco-nsp/

___
cisco-nsp mailing list  cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/

[c-nsp] Right IOS for 7600

[Wyatt Mattias Gyllenvarg]

Hi All

Asking you real IOS gurus out there for the production options on IOS upgrades.

Where running 7600 Sup720PFC3BLX
OSPF
BGP
and wish too add
microFlow policing
Netflow
Currently on 12.2(18)SXF7

I understand that are several trains too choose from.

Best Regards
Mattias Gyllenvarg
Omnitron
___
cisco-nsp mailing list  cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/

[c-nsp] Ip unnumbered on 3750

[Wyatt Mattias Gyllenvarg]

Hi All

I was playing around with an ip unnumbered config for our Dist-layer.

I got a working config on a 3560 ie

int loopback 10
ip address x.x.x.x y.y.y.y

Vlan x
ip unnumbered loopback 10

Vlan x1
ip unnumbered loopback 10

Vlan x2
ip unnumbered loopback 10

The same wont work on 3750 which gives the following when inputing the
ip unnumbered command.

Point-to-point (non-multi-access) interfaces only

My question is, is there a work around for this or will 3750 never
support ip unnumbered on multi-access interfaces?

Best regards
Mattias Gyllenvarg
Omnitron
___
cisco-nsp mailing list  cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/

Re: [c-nsp] %SW_MATM-4-MACFLAP_NOTIF

[Wyatt Mattias Gyllenvarg]

Hi all

We have seen 3 instances of this the last days where a host (probably
infected with a virus) has been broadcasting the mac of the local GW.

Effectivly switching alla outbound traffic too his port.

Fix has been too shutdown the offending port.

So far this has only effected older setups.

//Mattias Gyllenvarg



2008/10/16 Ozgur Guler [EMAIL PROTECTED]:

 no mac address-table notification mac-move might help.



 --- On Thu, 16/10/08, Jimmy Halim [EMAIL PROTECTED] wrote:
 From: Jimmy Halim [EMAIL PROTECTED]
 Subject: [c-nsp] %SW_MATM-4-MACFLAP_NOTIF
 To: cisco-nsp@puck.nether.net
 Date: Thursday, 16 October, 2008, 7:51 AM

 Hi guys,

 Recently I am getting the following log messages every 2 mins on the 3750
 switch.

 Oct 16 06:45:50 UTC: %SW_MATM-4-MACFLAP_NOTIF: Host 0017.cbb3.08fc in vlan
 403 is flapping between port Fa1/0/3 and port Gi1/0/1
 Oct 16 06:45:50 UTC: %SW_MATM-4-MACFLAP_NOTIF: Host 0017.cbb3.08fc in vlan
 402 is flapping between port Fa1/0/2 and port Gi1/0/1
 Oct 16 06:46:43 UTC: %SW_MATM-4-MACFLAP_NOTIF: Host 0017.cbb3.08fc in vlan
 402 is flapping between port Fa1/0/2 and port Gi1/0/1

 This is non service impacting so far. However, I would like to know whether
 we can disable this logging or not. Anyone has any suggestions?

 Many Thanks,
 Jimmy

 ___
 cisco-nsp mailing list  cisco-nsp@puck.nether.net
 https://puck.nether.net/mailman/listinfo/cisco-nsp
 archive at http://puck.nether.net/pipermail/cisco-nsp/




 ___
 cisco-nsp mailing list  cisco-nsp@puck.nether.net
 https://puck.nether.net/mailman/listinfo/cisco-nsp
 archive at http://puck.nether.net/pipermail/cisco-nsp/

___
cisco-nsp mailing list  cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/