Re: [c-nsp] ASR 1000 series replacement
hey, We have a somewhat unusual scenario with thousands of CPE devices each using cellular interface and gre tunnel to connect to hub router, currently ASR 1001x. The hub router deploys NHRP map multicast with GRE tunnels and bgp session to each cpe device, each tunnel different customer vrf connected to mpls core network. There are hundreds of GRE tunnels. Not really so unusual in SP environment. What would be logical replacement for hub router considering expansion and redundancy. We tried a pair of stacked Cisco 9500, and it performed worse than expected. cat8500 family (non-L models). Forget the stupid naming, this is actually next-gen QFP and should be called asr1k+ One solution we have is another router with same addressing scheme, and to rely on routing to migrate tunnels to this new router in the event of failure of original hub. Anycast works and this is what we did for exactly the scenario your described earlier. But we found that we'd like it to be more hitless so we are now deploying dual tunnels from every CPE to C8500-12X headends. -- tarko ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] NCS IOS-XR rant (was:Re: Internet border router recommendations and experiences)
hey, "ztp initiate dataport" We were discussing iPXE and not normal ZTP. iPXE is only possible via OOB management port and allows software install via DHCP options, normal ZTP will work inband but does not allow software install via DHCP options. -- tarko ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] NCS IOS-XR rant (was:Re: Internet border router recommendations and experiences)
hey, With XR7 the idea was to mimic how things are done with Linux repos by having a specific RPM repo for the routers and the patches which is managed similar to Linux and that’s how all software is packaged now. I'd argue you'd want your devices to be cattle and not pets. When doing upgrades you want all your devices end up in same state and GISO provides that. When doing investigation you don't have to go and compare specific RPM versions that someone might have installed etc. -- tarko ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] NCS IOS-XR rant (was:Re: Internet border router recommendations and experiences)
hey, You can, at least in later versions use install replace with http, at least with GISO. You also do not need the apply command, and you can include “commit” in the replace command so it’s not required after the device reboots. Not sure all those improvements have been delivered for NCS540 for example. But thats not the point. The problem is, when doing deployment, you need to work with whatever software is on the devices from factory. You might have hundreds of devices in stock with XR 7.2 so you have to work with that. Unfortunately XR ZTP doesn't allow for automatic GISO upgrades either (before anyone mentions, yes it's possible with iPXE via OOB management but thats unusable on the field). Some other vendors allow sending device config *and* software images in the ZTP process so you don't have to automate that part yourself, only the upgrades that follow and these you can then baseline from whatever version you are deploying. ZTP is such a low hanging fruit and vendors constantly get it wrong (little details matter). Sure, they deliver fixes and improvements but this may be after you already have thousand devices delivered that don't behave. -- tarko ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] NCS IOS-XR rant (was:Re: Internet border router recommendations and experiences)
hey, My long-term solution to this problem is to install with iPXE. That lets you do it via HTTP and without all the nonsense :) Unfortunately this is only possible via OOB ethernet management port. So this cannot be used for thousands of devices on the field where you only have inband management. -- tarko ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
[c-nsp] NCS IOS-XR rant (was:Re: Internet border router recommendations and experiences)
hey, XR for a number of years now has had the concept of a “golden ISO”. It’s a single image either built by Cisco or customers can build their own that include the base software and the SMUs in a single image. You just issue a single “install replace myiso.iso” and that’s it. Well, not so in practice. You can't issue install from http:// or any other remote URL. You have to sit around and issue "install apply" after "install replace" is finished. Replace is async so you have to sit around and poll the process. After reboot you have to reconnect to device and issue "install commit". In some cases direct upgrades from version X to Y fail so you have to go through this whole process twice (X to Z to Y) that takes around 2 hours on NCS540. In some other X to Y cases there is not sufficient diskspace to complete "install replace". We personally have automated the whole install process via netconf and can workaround the quirks relevant for our platforms and versions. Many people can't do that or can't justify the expense (when they have small number of devices). Some other issues have been solved by Cisco in latest releases, I belive install replace can now be sync operation, maybe not on NCS540 but on larger platforms (IOS-XR consistency between platforms is an issue itself). So I totally get what Mark and Gert are saying. IOS-XR is currently worst NOS operational experience from all large NOSes out there. -- tarko ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/