Thanks
good point on LACP Fast, we'll test it.
RSTP should be in any case slower than 3 seconds with LACP FAST.
Cheers
James
Il giorno lun 6 mag 2024 alle ore 15:22 Saku Ytti ha scritto:
> On Mon, 6 May 2024 at 15:53, james list via cisco-nsp
> wrote:
>
> > The questio
On Mon, 6 May 2024 at 15:53, james list via cisco-nsp
wrote:
> The question: since the PO remains up, why we see this behaviour ?
> are BDPU sent just over one link (ie the higher interfac e) ?
Correct.
> how can we solve this issue keeping this scenario ?
> moving to RSTP
dear experts
a customer of mine has a legacy environment with 4 x Cisco 9500 (IOS XE
17.09.03) connected in a square mode with 2 links (2 per each connection)
and each couple of links is considered a single virtual port (port-channel).
Loops are managed with PVSTP.
Two x C9500 are in DC1 while
nodes/roles.
You can implement this same configuration for Nexus following the
configuration documentation for VXLAN anycast gateway.
Thank you,
Nathan
On Sun, Apr 21, 2024 at 8:55 PM Chen Jiang via cisco-nsp <
cisco-nsp@puck.nether.net> wrote:
> Hi! Michael
>
> Thanks for your
Hi! Michael
Thanks for your advice, I mean could 2*cisco devices support just use only
one identical address?
...
interface Vlan100
vrf v101
ip address virtual 192.168.100.254/24
interface Vlan101
vrf v101
ip address virtual 192.168.101.254/24
On Sun, Apr 21, 2024 at 3:24 PM
Cisco support VRRP as well.
Sent from my iPhone
> On Apr 18, 2024, at 10:08 PM, Chen Jiang via cisco-nsp
> wrote:
>
> Hi! Experts
>
> I wonder if Cisco support vPC members use identical virtual addresses as
> host's layer 3 gateway?
>
> Just like Arista or Junip
Hi! Experts
I wonder if Cisco support vPC members use identical virtual addresses as
host's layer 3 gateway?
Just like Arista or Juniper,
Arista for example:
...
interface Vlan100
vrf v101
ip address virtual 192.168.100.254/24
interface Vlan101
vrf v101
ip address virtual
.
___
cisco-nsp mailing list cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/
hi,
On Tue, Apr 09, 2024 at 03:20:15PM +0200, Mark Tinka via cisco-nsp wrote:
> https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ios-dos-Hq4d3tZG
I'm so glad our single box with SUP-2T has been retired many years ago...
(We still do have one (1) Sup720-
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ios-dos-Hq4d3tZG
Mark.
___
cisco-nsp mailing list cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net
-points remote
PE2#
PE2#ping ethernet mpid 170 domain SPCOR_DOMAIN service EVC_SRVC
% No RMEP entry found in for mpid 170 at domain SPCOR_DOMAIN service EVC_SRVC,
evc EVC1.
Any lights would be appreciated.
___
cisco-nsp mailing list cisco-nsp
Also it doesn't hurt to otherwise advertise your 8805 geofeed as per:
https://datatracker.ietf.org/doc/html/rfc9092
-Original Message-
From: Hank Nussbacher via cisco-nsp
mailto:hank%20nussbacher%20via%20cisco-nsp%20%3ccisco-...@puck.nether.net%3e>>
Reply-To: Hank Nuss
On 26/03/2024 17:29, Jon Lewis via cisco-nsp wrote:
Find out from Cisco where you can publish your geo-location data as per:
https://www.rfc-editor.org/rfc/rfc8805.html
If it is Google related, report the issue here:
https://support.google.com/websearch/workflow/9308722?hl=en
or define your geo
I've been going back and forth with cisco support for 2 weeks on this and
gotten nowhere. Does anyone know of a way to verify (and update if
needed) Cisco's IP Geo data for the FTD platform? I've been trying to get
support to let me download the DB files from
https://software.cisco.com
Subject: Teo En Ming's Notes on Basic Configuration of Cisco ASA 5516-X
Firewall - Version 1
Good day from Singapore,
Author: Mr. Turritopsis Dohrnii Teo En Ming
Country: Singapore
Date of Publication: 20 March 2024 Wednesday
Document Version: 1
I have bought this refurbished/second hand/used
Subject: Cisco ASA 5516-X Firewall (Open Source) Console Bootup Messages and
Show Version
Good day from Singapore,
I have bought this refurbished/second hand/used Cisco ASA 5516-X firewall with
FirePOWER Services for SGD$100 at Bukit Panjang Ring Road on 17 Mar 2024 Sunday
at about 8.30 PM
Greetings
Do Cisco has similar feature to
:https://www.juniper.net/documentation/en_US/junos/topics/reference/configuration-statement/login-alarms-edit-system.html
Appreciated.
___
cisco-nsp mailing list cisco-nsp@puck.nether.net
https
at 3:24 AM Saku Ytti via cisco-nsp <
cisco-nsp@puck.nether.net> wrote:
> On Mon, 12 Feb 2024 at 09:44, james list wrote:
>
> > I'd like to test with LACP slow, then can see if physical interface
> still flaps...
>
> I don't think that's good idea, like what would we kn
e have confidence?
I would suggest
- turn on debugging, to see cisco emitting LACP PDU, and juniper
receiving LACP PDU
- do packet capture, if at all reasonable, ideally tap, but in
absence of tap mirror
- turn off LACP distributed handling on junos
- ping on the link, ideally 0.2-0.5s interval, to
ated to lacp ?
>
> 16:39:35.813 Juniper reports LACP timeout (so problem started at
> 16:39:32, (was traffic passing at 32, 33, 34 seconds?))
> 16:39:36.xxx Cisco reports interface down, long after problem has
> already started
>
> Why Cisco reports physical interface down, I'm no
On Sun, 11 Feb 2024 at 17:52, james list wrote:
> - why physical interface flaps in DC1 if it is related to lacp ?
16:39:35.813 Juniper reports LACP timeout (so problem started at
16:39:32, (was traffic passing at 32, 33, 34 seconds?))
16:39:36.xxx Cisco reports interface down, long af
tate: CURRENT
>
> Ok so problem always starts by Juniper seeing 3seconds without LACP
> PDU, i.e. missing 3 consecutive LACP PDU. It would be good to ping
> while this problem is happening, to see if ping stops at 3s before the
> syslog lines, or at the same time as syslog lines.
> I
ng
while this problem is happening, to see if ping stops at 3s before the
syslog lines, or at the same time as syslog lines.
If ping stops 3s before, it's link problem from cisco to juniper.
If ping stops at syslog time (my guess), it's software problem.
There is unfortunately log of bug surface
On Cisco I see physical goes down (initializing), what does that mean?
While on Juniper when the issue happens I always see:
show log messages | last 440 | match LACPD_TIMEOUT
Jan 25 21:32:27.948 2024 MX1 lacpd[31632]: LACPD_TIMEOUT: et-0/1/5: lacp
current while timer expired current Receive
of events here, due to no subsecond precision
enabled on Cisco end.
But if failure would start from interface down, it would take 3seconds
for Juniper to realise LACP failure. However we can see that it
happens in less than 1s, so we can determine the interface was not
down first, the first
Hi
1) cable has been replaced with a brand new one, they said that to check an
MPO 100 Gbs cable is not that easy
3) no errors reported on both side
2) here the output of cisco and juniper
NEXUS1# sh interface eth1/44 transceiver details
Ethernet1/44
transceiver is present
type is QSFP
Hi
there are no errors on both interfaces (Cisco and Juniper).
here following logs of one event on both side, config and LACP stats.
LOGS of one event time 16:39:
CISCO
2024 Feb 9 16:39:36 NEXUS1 %ETHPORT-5-IF_DOWN_PORT_CHANNEL_MEMBERS_DOWN:
Interface port-channel101 is down (No operational
> > juniper-nsp mailing list juniper-...@puck.nether.net
> > https://puck.nether.net/mailman/listinfo/juniper-nsp
>
>
>
> --
> ++ytti
--
++ytti
___
cisco-nsp mailing list cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/
o the
>same on the Nexus boxes.
>
> Regards,
>
> - Håvard
> ___
> juniper-nsp mailing list juniper-...@puck.nether.net
> https://puck.nether.net/mailman/listinfo/juniper-nsp
--
++ytti
___
cisco-nsp mailing list cisco-n
gards,
- Håvard
___
cisco-nsp mailing list cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/
On Sun, 11 Feb 2024 at 13:51, james list via juniper-nsp
wrote:
> One think I've omit to say is that BGP is over a LACP with currently just
> one interface 100 Gbs.
>
> I see that the issue is triggered on Cisco when eth interface seems to go
> in Initializing state:
Ok, so we
f your interfaces on DC1
> links do not go down
>
> On Sun, Feb 11, 2024, 21:16 Igor Sukhomlinov via cisco-nsp <
> cisco-nsp@puck.nether.net> wrote:
>
>> Hi James,
>>
>> Do you happen to run the same software on all nexuses and all MXes?
>> Do the DC1 and DC2 bgp
he DC1 and DC2 bgp session exchange the same amount of routing updates
> across the links?
>
>
> On Sun, Feb 11, 2024, 21:09 james list via cisco-nsp <
> cisco-nsp@puck.nether.net> wrote:
>
>> Dear experts
>> we have a couple of BGP peers over a 100 Gbs interconnec
Hi
One think I've omit to say is that BGP is over a LACP with currently just
one interface 100 Gbs.
I see that the issue is triggered on Cisco when eth interface seems to go
in Initializing state:
2024 Feb 9 16:39:36 NEXUS1 %ETHPORT-5-IF_DOWN_PORT_CHANNEL_MEMBERS_DOWN:
Interface port
Can it be DC1 is connecting links over an intermediary patch panel and you
face fibre disturbance? That may be eliminated if your interfaces on DC1
links do not go down
On Sun, Feb 11, 2024, 21:16 Igor Sukhomlinov via cisco-nsp <
cisco-nsp@puck.nether.net> wrote:
> Hi James,
>
>
dropping at reliable probability BGP packets from the wire.
On Sun, 11 Feb 2024 at 12:09, james list via juniper-nsp
wrote:
>
> Dear experts
> we have a couple of BGP peers over a 100 Gbs interconnection between
> Juniper (MX10003) and Cisco (Nexus N9K-C9364C) in two different datace
Hi James,
Do you happen to run the same software on all nexuses and all MXes?
Do the DC1 and DC2 bgp session exchange the same amount of routing updates
across the links?
On Sun, Feb 11, 2024, 21:09 james list via cisco-nsp <
cisco-nsp@puck.nether.net> wrote:
> Dear experts
> we h
Dear experts
we have a couple of BGP peers over a 100 Gbs interconnection between
Juniper (MX10003) and Cisco (Nexus N9K-C9364C) in two different datacenters
like this:
DC1
MX1 -- bgp -- NEXUS1
MX2 -- bgp -- NEXUS2
DC2
MX3 -- bgp -- NEXUS3
MX4 -- bgp -- NEXUS4
The issue we see
Hi Rob,
Sorry for the delay, yes, SO use Cisco Acacia QDD Bright 400ZR+ and DCP-404
also seems to support Cisco Acacia 100G QDD DWDM pluggable.
I'm unsure about the 100G QDD DWDM spec and price, but Bright 400ZR+ can
definitely cover that distance at 200G and 100G within 50 GHz.
Best Regards
Rob Evans via cisco-nsp wrote on 24/01/2024 23:27:
Yeah, as I mentioned, there may be alternatives. Noting that the OP wanted
a range of 800km+, do SO also offer a suitable pluggable for the
line-side? The ones I could see from a cursory glance appear to be
dispersion limited to 450km at 50GHz
*From:* cisco-nsp on behalf of Mihai
via cisco-nsp
*Sent:* Friday, February 2, 2024 1:05:12 PM
*To:* cisco-nsp@puck.nether.net
*Subject:* [c-nsp] Local switching on EVPN port
Hi,
On Cisco NCS I can configure local switching between two
subinterfaces
Are you trying to migrate to EVPN? What are you trying to achieve? :)
Catalin
From: cisco-nsp on behalf of Mihai via
cisco-nsp
Sent: Friday, February 2, 2024 1:05:12 PM
To: cisco-nsp@puck.nether.net
Subject: [c-nsp] Local switching on EVPN port
Hi,
On Cisco
Hi,
On Cisco NCS I can configure local switching between two
subinterfaces/vlans by adding them to a bridge domain as below:
l2vpn bridge group X bridge-domain X interface Bundle-Ether1.10
l2vpn bridge group X bridge-domain X interface Bundle-Ether1.20
Once I enable EVPN on the physical
the ASR 9902 is actually
doing - it's just an example of how gearbox implementations can lead to
unexpected outcomes.
Nick
___
cisco-nsp mailing list cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http
one port from each
slice for each 'service'.
That is just my opinion though.
Thanks,
-Drew
-Original Message-
From: Nick Hilliard
Sent: Wednesday, January 31, 2024 9:06 AM
To: Drew Weaver
Cc: 'cisco-nsp@puck.nether.net'
Subject: Re: [c-nsp] Acceptable port configurations for ASR
Drew Weaver via cisco-nsp wrote on 31/01/2024 14:00:
So having a 1x100GE,1x100GE,4x25GE,10x10GE option and not a
1x100GE,1x100GE,1x100GE,10x10GE option is just... laziness I guess is
how I would describe it.
4x25G is not the same as 1x100G - sounds like there's some weird gearbox
stuff going
up to me I would've made all of the ports on the ASR9902
available for use but bandwidth not to exceed 800Gbps total.
But that is just me.
-Original Message-
From: cisco-nsp On Behalf Of Hank
Nussbacher via cisco-nsp
Sent: Saturday, January 27, 2024 2:57 PM
To: cisco-nsp@puck.nether.net
On 26/01/2024 15:49, Drew Weaver via cisco-nsp wrote:
Hello,
I just have a general gripe that I want to share regarding the ASR9902 and
since there is nobody to talk to at Cisco about any of this anymore, I figured
I would just share it here.
This is an acceptable configuration:
1x100GE
Hello,
I just have a general gripe that I want to share regarding the ASR9902 and
since there is nobody to talk to at Cisco about any of this anymore, I figured
I would just share it here.
This is an acceptable configuration:
1x100GE, 1x100GE, 4x25GE, 10x10GE
But this is not:
1x100GE
lso offer a suitable pluggable for the
line-side? The ones I could see from a cursory glance appear to be
dispersion limited to 450km at 50GHz, or need 100GHz.
Cheers,
Rob
_______
cisco-nsp mailing list cisco-nsp@puck.nether.net
https://puck.nether.ne
e and power for the
> > DSPs, and it has been difficult to cram that into QSFP28s (coherent
> > optics requires a lot of signal processing). As you've already noted,
> > there are products in the pipeline, but I'm not aware of any that are
> > widely supported yet.
d,
> there are products in the pipeline, but I'm not aware of any that are
> widely supported yet. Cisco do seem to suggest there is a QSFP-DD
> using QPSK for 100G, but I've not looked too closely at it (and note
> that QSFP-DD is different to QSFP28, having about three times the
> ele
(coherent
optics requires a lot of signal processing). As you've already noted,
there are products in the pipeline, but I'm not aware of any that are
widely supported yet. Cisco do seem to suggest there is a QSFP-DD
using QPSK for 100G, but I've not looked too closely at it (and note
that QSFP-DD
Jockey
> VBH M-1C
> +1 256 824 5331
>
> Office of Information Technology
> The University of Alabama in Huntsville
> Network Engineering
>
> On Fri, Jan 19, 2024 at 9:07 AM Nick Hilliard via cisco-nsp
> wrote:
> >
> > Shawn L via cisco-nsp wrote on 19/01/2024 14:58:
8.64.0 10.1.45.50 0 5 i
*> 192.168.64.0/23 10.1.45.5 0 5 i
*> 192.168.65.0 10.1.45.50 0 5 i
____
From: cisco-nsp on behalf of Harold Ritter
(hritter) via cisco-nsp
,
Harold
De : cisco-nsp de la part de Toje TJ via
cisco-nsp
Date : samedi, 20 janvier 2024 à 08:28
À : cisco-nsp@puck.nether.net
Objet : [c-nsp] IOS-XR unsuppressed map BGP
Good day,.
Apologize if I ask the wrong question or anything, I just wondering how to
configure an unsuppressed map
raffic to drop during
fabric congestion.
--
++ytti
___
cisco-nsp mailing list cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/
Moving to qos-group for egress classes got me the result I was looking for.
Thank you very much!
Cheers
Ross
-Original Message-
From: cisco-nsp On Behalf Of Ross Halliday
via cisco-nsp
Sent: Saturday, January 20, 2024 4:44 PM
To: Saku Ytti
Cc: cisco-nsp@puck.nether.net
Subject: Re
estigate the use of "qos-group".
Thanks
Ross
___
cisco-nsp mailing list cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/
this
question.
Regards.
TP
___
cisco-nsp mailing list cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/
Thanks, Harold, for the great insight , actually I missed configuring the /32
route : ) My bad.
From: Harold Ritter (hritter)
Sent: Friday, January 19, 2024 6:51 PM
To: Mohammad Khalil ; cisco-nsp@puck.nether.net
Subject: Re: C2C ASR9K
Hi Mohammad,
XR
d then use a
transponder closer to the DWDM gear, as Nick suggested.
--
Hunter Fuller (they)
Router Jockey
VBH M-1C
+1 256 824 5331
Office of Information Technology
The University of Alabama in Huntsville
Network Engineering
On Fri, Jan 19, 2024 at 9:07 AM Nick Hilliard via cisco-nsp
wrote:
>
the update-source on both CE2 and CE7. For instance on CE2:
neighbor 10.1.100.7 update-source lo0
Regards,
Harold
De : cisco-nsp de la part de Mohammad
Khalil via cisco-nsp
Date : vendredi, 19 janvier 2024 à 06:00
À : cisco-nsp@puck.nether.net
Objet : [c-nsp] C2C ASR9K
Greetings
I am trying
Shawn L via cisco-nsp wrote on 19/01/2024 14:58:
The pluggable optic must be DWDM 1530 to 1563 nm with QPSK modulation that
fits 50Ghz (~31 to 35Gbaud) and a launch power of ZR+ 0dBm. The customer
channel should have Rx: Max <-10 dBm/Ch and Tx: Min: >–5 dBm/Ch to Max: <+
6.5dBm/Ch
Shawn L via cisco-nsp wrote on 19/01/2024 14:35:
At $dayjob we're working on turning up a 100G connection with a provider.
At this point, it looks like the only optic that's meets their criteria is
a CFP2.
sounds like metro 100G connectivity. What sort of distances are
involved
t; that QSFP-100G-ER4L-S may be compatible with what you are looking for.
>
> Regards,
> Nathan
>
_______
cisco-nsp mailing list cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/
In particular, the page I linked
(and I may just not be understanding correctly) seems to be saying
that QSFP-100G-ER4L-S may be compatible with what you are looking for.
Regards,
Nathan
___________
cisco-nsp mailing list cisco-nsp@puck.nether.net
https://puck.
can use to convert it somehow.
Thanks
Shawn
___
cisco-nsp mailing list cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/
ipv4 vrf CUST
redistribute static
exit-address-family
Nothing on the C except for a default route , is there anything I am missing?
LDP is functioning well along the path.
Appreciated.
___
cisco-nsp mailing list cisco-nsp@puck.nether.net
https
On Fri, 19 Jan 2024 at 05:10, Ross Halliday via cisco-nsp
wrote:
> We've inherited some older ASR9000 systems that we're trying to support
> in-place. The software version on this one router is fairly old at 6.1.4.
> Driving it are a pair of RSP440-SE. The line cards are A9K-
-action drop
!
!
class DSCP-Management
priority level 3
police rate 200 mbps
conform-action transmit
exceed-action drop
!
!
class class-default
!
end-policy-map
!
___
cisco-nsp mailing list cisco-nsp@puck.nether.net
https
It was interface mapping issue , G0/0/0/0 is actually G0/0/0/2
Thanks everyone.
From: cisco-nsp on behalf of Mohammad
Khalil via cisco-nsp
Sent: Wednesday, December 27, 2023 3:42 PM
To: cisco-nsp@puck.nether.net
Subject: [c-nsp] Pnet XRV 6.6.2
Greetings
I have
ShutdownDown default
Is there anything I should do to resolve this?
Appreciated.
___
cisco-nsp mailing list cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/
an interface / default
route (router isn't in production yet, need to get all the little things
resolved first) was the key.
I'm not sure if it was because it's slow at Cisco right before Christmas or
what, but I have to say this was one of the fastest tickets I've ever seen.
On Fri, Dec 22, 2023 at 11
Good luck is the right response.
They insist that our ASR9902 is an ASR9903 at TAC every time I open a ticket.
It's getting old.
-Original Message-
From: cisco-nsp On Behalf Of Hank
Nussbacher via cisco-nsp
Sent: Friday, December 22, 2023 2:11 AM
To: cisco-nsp@puck.nether.net
Subject
On 21/12/2023 22:35, Shawn L via cisco-nsp wrote:
Running on IOS-XR 7.5.2
I get:
RP/0/RSP0/CPU0:GP1#license smart ?
deregister De-register Device from Cisco Cloud
mfg Factory license reservation feature
registerRegister Device With Cisco Cloud
renew Renewal Message
I have a new ASR9901 and this is my first foray into Cisco's smart
licensing. Can anyone point me in the right direction? I've found
numerous cisco docs for configuring it, but the commands don't seem to be
present on my router.
For example, the ASR9k documentation (I cannot seem to find 9901
I might just be using the quirkiest products in their lineup but if you have to
upgrade fpd and reload line cards 8 times to get the firmware to upgrade it
seems like the support better be pristine.
-Original Message-
From: cisco-nsp On Behalf Of Aaron1 via
cisco-nsp
Sent: Thursday
Agreed, often I’ve started a TAC case and also started an email thread with
NANOG, juniper nsp or cisco nsp mail lists…. Often the community comes back
faster than TACs. …and without needing RSI or show tech… just a pointed
response to the issue. Love it
Aaron
> On Dec 21, 2023, at 1:21
On Thu, 21 Dec 2023 at 09:21, Hank Nussbacher via cisco-nsp
wrote:
> It used to be TAC was a main selling card of Cisco vs competitors. Not
> any longer :-(
Don't remember them ever being relatively or absolutely good.
Having one support channel for all requests doesn't work, becau
On 20/12/2023 17:31, Drew Weaver via cisco-nsp wrote:
Only a week? I have found this list far more helpful than TAC, which
usually takes 2-3 weeks to request all the necessary logs, with commands
that don't work.
It used to be TAC was a main selling card of Cisco vs competitors. Not
any
,
-Drew
-Original Message-
From: cisco-nsp On Behalf Of Drew Weaver
via cisco-nsp
Sent: Wednesday, December 20, 2023 11:02 AM
To: 'Mouniri Mdahoma'
Cc: 'cisco-nsp@puck.nether.net'
Subject: Re: [c-nsp] ASR9902 fpd upgrade
admin show alarms brief
Wed Dec 20 11:08:22.652 EST
% No entries
admin show alarms brief
Wed Dec 20 11:08:22.652 EST
% No entries found.
From: Mouniri Mdahoma
Sent: Wednesday, December 20, 2023 10:59 AM
To: Drew Weaver
Cc: cisco-nsp@puck.nether.net
Subject: Re: [c-nsp] ASR9902 fpd upgrade
Hello
What is the output of the following command
#admin show alarms
Hello
What is the output of the following command
#admin show alarms brief
Le mer. 20 déc. 2023, 16:32, Drew Weaver via cisco-nsp <
cisco-nsp@puck.nether.net> a écrit :
> Hello,
>
> I've had a TAC case open on this for more than a week but after we
> upgraded an ASR9902
at this point.
Does anyone know how to resolve RLOAD REQ on these?
___
cisco-nsp mailing list cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/
On Sat, 16 Dec 2023 at 18:38, Charles Sprickman via cisco-nsp
wrote:
> > There are hundreds of GRE tunnels.
>
> I have nothing to offer, and I'm mostly out of the ISP game, but I am so
> curious what the use-case is here, especially the "BGP to each CPE". I
> unde
> On Dec 16, 2023, at 4:16 AM, Dragan Jovicic via cisco-nsp
> wrote:
>
> Greeting,
> We have a somewhat unusual scenario with thousands of CPE devices each
> using cellular interface and gre tunnel to connect to hub router, currently
> ASR 1001x.
> The hub router de
Hi,
That's great, because we had the same chassis in mind.
The peculiarity comes from the way CPEs are configured, routing, NAT
between vrfs, one tunnel limit per CPE, and some other things.
Anyway, awesome - thank you.
BR
On Sat, Dec 16, 2023 at 10:35 AM Tarko Tikan via cisco-nsp <
cisco-
connected to mpls core network. There
are hundreds of GRE tunnels.
Not really so unusual in SP environment.
What would be logical replacement for hub router considering
expansion and redundancy. We tried a pair of stacked Cisco 9500, and
it performed worse than expected.
cat8500 family (non-L
connected to mpls
core network.
There are hundreds of GRE tunnels.
What would be logical replacement for hub router considering expansion and
redundancy.
We tried a pair of stacked Cisco 9500, and it performed worse than expected.
One solution we have is another router with same addressing scheme
nted. ;>
I know you know this, just stating it for the record. Concur 100% otherwise, of
course.
Roland Dobbins
___
cisco-nsp mailing list cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/l
Hi,
On Wed, Dec 06, 2023 at 09:00:58AM +, Dobbins, Roland wrote:
> On Dec 6, 2023, at 04:45, Gert Doering via cisco-nsp
> wrote:
>
> > deny ipv4 any any fragments
>
> This is approach is generally contraindicated, as it tends to break EDNS0, &
> DNSS
On Dec 6, 2023, at 04:45, Gert Doering via cisco-nsp
wrote:
deny ipv4 any any fragments
This is approach is generally contraindicated, as it tends to break EDNS0, &
DNSSEC along with it.
If the target is a broadband access network, you can use flow telemetry to
measure normal rates of
XR syntax for fragment blocking is
deny ipv4 any any fragments
gert
To both D'Wayne and Gert - thx!
Regards,
Hank
___
cisco-nsp mailing list cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.
Hi,
On Tue, Dec 05, 2023 at 11:27:21PM +0200, Hank Nussbacher via cisco-nsp wrote:
> We encountered something strange. We run IOS-XR 7.5.2 on ASR9K platform.
>
> Had a user under udp/0 attack. Tried to block it via standard ACL:
>
>
> ipv4 access-list block-zero
> 20
cs/ip/generic-routing-encapsulation-gre/8014-acl-wp.html>
D’Wayne Saunders
On 6 Dec 2023, at 08:27, Hank Nussbacher via cisco-nsp
wrote:
[External Email] This email was sent from outside the organisation – be
cautious, particularly with links and attachments.
We encountered something strange. We r
block-zero ingress
ipv4 access-group block-zero egress
Yet, based on Kentik, we had no effect and the udp/0 attack just
continued - as if the Cisco ACL is totally ignored. Or am I missing
something in the ACL listed above?
Thanks,
Hank
___
cisco-nsp
Are you running BFD on the link as well?
On Thu, Nov 30, 2023 at 8:33 AM Drew Weaver via cisco-nsp <
cisco-nsp@puck.nether.net> wrote:
> Can you point me towards a hint on how you implement import/export filters
> in OSPF on IOS XR?
>
> Are you referring to 'distribute lists'?
immediately.
It seems like it takes 15-20 seconds for the route to be removed entirely from
OSPF from when the transport goes down.
Thanks,
-Drew
-Original Message-
From: cisco-nsp On Behalf Of Mark Tinka via
cisco-nsp
Sent: Tuesday, November 28, 2023 10:34 AM
To: cisco-nsp
On 11/28/23 17:02, Nick Hilliard via cisco-nsp wrote:
prefix filtering is a defining feature of a policy routing protocol.
OSPF is a link-state protocol, and doesn't support the concept of
having different visibility of prefixes inside the same area. If you
want that with OSPF, you'll
1 - 100 of 1109 matches
Mail list logo