Re: [c-nsp] ASR1009x and 10G thruput

2021-05-07 Thread sthaug 
> We recently upgraded our network from ASR1004s to ASR1009xs.
> 
> We are encountering thruput limits on 10G interfaces and were
> wondering whether others have seen that as well.
> 
> Hard limits seems to be 2.4G or 4G and we are not able to reach line
> rate of 10G.  Have tried iperf which hits the wall as well.

We had a client recently who couldn't get more than around 2.5 Gbps
through their ASR1k. Turned out they were missing a required
"performance upgrade" license. Could that be your problem?

Steinar Haug, Nethelp consulting, sth...@nethelp.no
___
cisco-nsp mailing list  cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/

Re: [c-nsp] [External] SDx open standard?

2020-03-26 Thread sthaug 
>>> I spent 10 min browsing MEF web site and still do not know what "MEF"
>>> stands for ... Looks to me like yet one more  commercial entity to drain a
>>> little bit of cash out of the vendors while perhaps help with marketing and
>>> sales a bit.
>> 
>> Metro Ethernet Forum. They've been around for a while.
>> 
> 
> In fairness, that term is almost entirely absent from the web site, as far as 
> I can see.
> 
> Is it an expansion that's been deliberately dropped in the face of expanding 
> to work on SDN, NDV, et al beyond their original Metro Ethernet scope?  And 
> now MEF is just MEF?

No idea. But it sure *sounds* like rather significant scope creep.

Steinar Haug, Nethelp consulting, sth...@nethelp.no
___
cisco-nsp mailing list  cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/

Re: [c-nsp] [External] SDx open standard?

2020-03-26 Thread sthaug 
>> The standardization is coming, check out
> https://www.mef.net/mef-3-0-sd-wan
> 
> I spent 10 min browsing MEF web site and still do not know what "MEF"
> stands for ... Looks to me like yet one more  commercial entity to drain a
> little bit of cash out of the vendors while perhaps help with marketing and
> sales a bit.
> 
> Is this the same as Microsoft's MEF:
> 
> "The Managed Extensibility Framework (MEF) is a library in .NET that
> enables greater reuse of applications and components."

Metro Ethernet Forum. They've been around for a while.

Steinar Haug, Nethelp consulting, sth...@nethelp.no
___
cisco-nsp mailing list  cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/

Re: [c-nsp] [External Email] Re: big uptime - what you got ?

2020-02-10 Thread sthaug 
>> cisco LS1010 (R4600) processor with 65536K bytes of memory.
> 
> It was just matter of time until someone shows up with LS1010 :)
> 
> (Un)fortunately our LS1010s are long gone but the uptimes were 12+
> years on many of them.

Darn, I had done my best to try to forget everything related to the
number 53 :-)

But yeah, we had LS1010 too, at a previous employer.

Steinar Haug, Nethelp consulting, sth...@nethelp.no
___
cisco-nsp mailing list  cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/

Re: [c-nsp] show isis neighbors - system id shown

2020-02-02 Thread sthaug 
>>   is there a reason why ?
> 
> Looks to me like you are pretty fast in repetitive show commands :)
> 
> What actually may be happening here is that adj. comes up fast and at this
> point your router does not yet have the dynamic name. After some time it
> receives it from the neighbor via flooding in TLV 137 and then creates a
> mapping hence in subsequent commands you see the name.
> 
> Works as designed :)  Flooding that TLV may take a bit of time as well as
> your local system may not treat it as top important info.

I've seen the same thing multiple times on Juniper and Huawei routers.
I agree, this is working as intended.

Steinar Haug, Nethelp consulting, sth...@nethelp.no
___
cisco-nsp mailing list  cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/

Re: [c-nsp] QinQ termination on a Catalyst 6800

2019-02-18 Thread sthaug 
> Cat6K and 6880 support QinQ.
> We use it to connect  some L3 vlans between our DC.
> I’m not at my desk, but from memory, ..
> 1) on the access port facing the ‘client’ ….
> Switchport mode dot1q-tunnel
> switchport access vlan xxx.Where xxx is the transport/service provider 
> side vlan assigned to this client.
> 2) add the above ‘xxx’ transport vlan to any dot1q trunks used between client 
> sites.

Note well the difference between

- QinQ: An extra (outer) VLAN tag is added to ingress Ethernet frames
which already contain one or more VLAN tags. Example configuration is
"switchport mode dot1q-tunnel" + "switchport access vlan X".

- Double VLAN tag termination: An Ethernet service (e.g. IP based) is
terminated on the Catalyst switch based on both outer (SVLAN) and inner
(CVLAN) tags. Example config is "encapsulation dot1Q X second-dot1q Y".

As far as I know, Cat 6500 supports the former but not the latter. I
have no experience with the 6880.

Steinar Haug, Nethelp consulting, sth...@nethelp.no
___
cisco-nsp mailing list  cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/

Re: [c-nsp] [j-nsp] L3VPN/RR/PE on Same router

2018-08-17 Thread sthaug 
> PS.  Have not been reading -nsp aliases for a while, but now I see that I
> missed a lot !  Btw do we really need per vendor aliases here ? Wouldn't it
> be much easier to just have single nsp list ? After all we all most likely
> have all of the vendors in our networks (including Nokia !) and we are all
> likely reading all the lists :) Or maybe there is one already ?

Disagree. I follow several of the -nsp lists, but some of them much
more closely than others. Having them all mixed up would definitely
make this more difficult.

Steinar Haug, Nethelp consulting, sth...@nethelp.no
___
cisco-nsp mailing list  cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/

Re: [c-nsp] Juniper MX240 & MX480

2017-10-31 Thread sthaug 
> Am I only one puzzled about MX204 port choice, 4xQSFP28 + 8xSFP+.
> Seems like it's positioned to datacenters facing upstream? I'd want
> 2xQSFP28 and maybe 36xSFP+ (oversub is fine), with attractive
> licensing using SFP+ as SFP only, to add L3 DFZ 1GE aggregation box to
> JNPR portfolio.
> I can't imagine rolling this would be expensive, call it MX202 o
> something. JNPR do me a solid.

We discussed this with Juniper. We're hearing a lot about space available
on the faceplate versus number of ports desired. However, the MX204 feels
mostly irrelevant for us because splitter cables for 10G are not usable
(since we have quite a bit CWDM/DWDM optics directly in our routers).

If faceplate space is the issue we would actually be much happier with a
2RU box - especially if they could reduce depth to 30 cm or thereabouts.

Steinar Haug, Nethelp consulting, sth...@nethelp.no
___
cisco-nsp mailing list  cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/

Re: [c-nsp] CEF issues this weekend

2017-10-01 Thread sthaug 
> Anyone seeing CEF issues since 6:19 PM EST on 9/29?  Saw a report that
> someone announced a 2200+ byte AS path around the same time.

See https://mailman.nanog.org/pipermail/nanog/2017-September/092528.html

Steinar Haug, Nethelp consulting, sth...@nethelp.no
___
cisco-nsp mailing list  cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/

Re: [c-nsp] ASR920 vs ASR1001-x

2016-04-29 Thread sthaug 
> > ASR920 is more like a switch.
> 
> Not really - it's actually a router.
> 
> It just looks like a switch.

Interesting - one of our local Cisco distributors, in a meeting with us
and with Cisco people present, repeatedly called ASR920 a Layer 3 switch.
With no protest from the Cisco representatives.


Steinar Haug, Nethelp consulting, sth...@nethelp.no
___
cisco-nsp mailing list  cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/

Re: [c-nsp] Strange X2 Temperature Flaps

2016-03-19 Thread sthaug 
> Within 48 hours we have had three very strange issues with three different X2 
> modules, installed in 2 different chassis (both in 6708-10G/Sup720/6509E). In 
> each case, the module's temperature reading has jumped and then oscillated 
> from +127C to -127C over the course of the next 5 hours.
> 
> Each time it completes a loop it jumps from -127 to +127 - at _that_ moment 
> we get a short burst of CRC errors in the ASR9k which is connected to the 
> other end of the link. In two of the cases so far, the errors were enough to 
> trip OAM on the ASR9k into err-disable on the port due to >3 seconds of 
> symbol errors.

This problem (temp looping through all values) has also been observed
on third party 10G XFPs for Juniper routers. We got the XFP vendor to
replace the XFPs. Problem solved.

Steinar Haug, Nethelp consulting, sth...@nethelp.no
___
cisco-nsp mailing list  cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/

Re: [c-nsp] Newbie traceroute question

2016-02-09 Thread sthaug 
> On hop 2, 6, 7 & 8 suddenly the traceroute output *includes *MPLS data
> (label & exp).  I understand how traceroute works (am very familiar with
> Richard's excellent preso), but I still haven't seen an answer to my
> question.  Gert's was possibly the closest with "Nothing special in IOS
> traceroute, but more "stupidity in general unix traceroute" - when
> sending a TTL exceed ICMP packet, the LSR copies the label stack into
> the ICMP packet, and traceroute *could* handle this."

And Cisco routers by default decodes the MPLS label stack that has
been copied into the ICMP packet - *even if the router itself is not
configured for MPLS*.

There's really no magic here.

Steinar Haug, Nethelp consulting, sth...@nethelp.no
___
cisco-nsp mailing list  cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/

Re: [c-nsp] Cache DNS servers

2015-12-01 Thread sthaug 
> > I have little question about DNS servers that you use in your environment?
> > We use bind on freebsd servers now. I did some benchmarks and found that
> > google public DNS is 8 - 10 time faster than my own. So I decide change BIND
> > for something more faster. I'm in MNO market.  Any suggestions?
> 
> 
> just caching resolver? might want to look at unbound but google 10x 
> faster than you even though
> theirs are remote etc?  
> 
> 1) tune your server (MANY things can be done)
> 2) their caches are probably ready-populated with loads of stuff as they are 
> operational..whereas your server
> will have to go out to make queries.

Ayup, this is mostly about "hot caches". You need a significant amount
of DNS query traffic to get a good cache that will answer most queries
quickly, out of the cache.

FreeBSD or Linux, BIND, Unbound or PowerDNS recursor - use what you
know best, they will all work well for normal loads. If you're getting
into more than 10k queries/second territory you may want to actually
do some testing/measurement.

Given a nice hot cache, a nearby resolver is likely to beat a remote
Google resolver, simply due to the lower latency to reach the cache.
Yes, I have measurements that show this :-) 

But simply replacing BIND with something else is *not* likely to solve
your problem.

Steinar Haug, Nethelp consulting, sth...@nethelp.no
___
cisco-nsp mailing list  cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/

Re: [c-nsp] Cisco Nexus as MetroE switch?

2015-10-17 Thread sthaug 
> Well speaking of BUs understanding of IX needs or BGP for that matter, 
> Juniper and ALU both have same route preference(Cisco AD) for iBGP and eBGP 
> routes -now how stupid is that right!?!?!

Juniper has has the same route preference for iBGP and eBGP routes for
many years.

Note that this has also been promoted as best practice at multiple
Cisco Networkers events :-)

Steinar Haug, Nethelp consulting, sth...@nethelp.no
___
cisco-nsp mailing list  cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/

Re: [c-nsp] Peering Router/Switch

2015-10-04 Thread sthaug 
> I have been asked to evalute this Juniper QFX3500-48S4Q
> as a peering device to be installed in Sofia-Connect Internet exchange
> point.
> 
> I have no prior experience in peering nor with Juniper, can someone please
> share some light on this subject and whether this device is a good
> candidate for the job.

You need to specify the details. Are you talking about a box to be
used as

1. an L2 interconnect (typically some form of switch), or
2. a peering router (used for BGP peering towards other providers)

According to Juniper,

http://www.juniper.net/us/en/products-services/switching/qfx-series/qfx3500/

"The QFX3500 is a high-performance 10GbE top-of-rack or end-of-row
data center switch that can also be deployed in Virtual Chassis,
Virtual Chassis Fabric, or QFabric System architectures."

Thus it may be suitable for the first task, but not obviously suitable
for the second (looks like a maximum of 16K IPv4 routes, for instance).

I would suggest the juniper-nsp list (juniper-...@puck.nether.net) as
a more suitable place for a discussion about Juniper equipment.

Steinar Haug, Nethelp consulting, sth...@nethelp.no
___
cisco-nsp mailing list  cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/

Re: [c-nsp] L2VPN between ASR920 and Juniper

2015-09-23 Thread sthaug 
> If EoMPLS over GRE is not supported so why EoMPLS without GRE is supported?

Presumably because you can run EoMPLS over MPLS (which you would then
run over Ethernet). This is pretty standard for many operators.

> Anyway If we use GRE just for routing the traffic (MPLS/IP) does it work
> properly? In my tests I did not have any issue with routing MPLS/IP traffic
> over GRE between two 920 or 920 with other routers(M320,7200VXR,2821,..) but
> it was in the lab with a little amount of traffic. I am talking about 4 or 5
> Gbps traffic.

If somebody from Cisco says that it is not supported I would listen
very carefully.

Steinar Haug, Nethelp consulting, sth...@nethelp.no
___
cisco-nsp mailing list  cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/

Re: [c-nsp] L2VPN between ASR920 and Juniper

2015-09-22 Thread sthaug 
> I ran into the same thing below. 920 by default negotiates vc type 5.
> Please configure vc type 5 on Juniper and check if the l2vpn establishes.

JunOS by default uses VC type 5 for a physical port, and VC type 4 for
a VLAN-based subinterface. Seems quite logical to me.

JunOS can be configured to explicitly set the VC type, and also to
*ignore* VC type mismatch. 

We have lots of pseudowires between Juniper and Cisco equipment (though
no ASR920). Works just fine.

Steinar Haug, Nethelp consulting, sth...@nethelp.no
___
cisco-nsp mailing list  cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/

Re: [c-nsp] Cisco ME3600X MPLS OSPF balanced LSP, non LSP drop packets

2015-09-15 Thread sthaug 
> > The ME3600X should not be dropping the packets, it should be dropping
> > the mpls tag and then forwarding the packets as a normal routed packet
> > according to the FIB.
> 
> Yes, but in you case, you have an ECMP destination, where one path is
> MPLS-capable and the other isn't. I've never ran such a topology, but
> something tells me "weird and strange" things will happen when you have
> ECMP paths with different forwarding paradigms.

Agreed - such a topology is really just asking for trouble.

Steinar Haug, Nethelp consulting, sth...@nethelp.no
___
cisco-nsp mailing list  cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/

Re: [c-nsp] ASR920 - ISR4431

2015-06-04 Thread sthaug 
 No more ?in-fight  BUs? :) Now all SP products in one organization.

Good start, but:

Unfortunately, that only works in so far as customers agree with Cisco
about what are SP products. I have seen plenty of cases of products
being used, rather successfully, in a different segment/function than
what Cisco targeted with the product.

Steinar Haug, Nethelp consulting, sth...@nethelp.no

___
cisco-nsp mailing list  cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/

[c-nsp] SHDSL.bis access in Europe?

2015-01-19 Thread sthaug 
Not directly Cisco related: I'm trying to find out which European
countries offer SHDSL.bis (G.991.2) with access speeds of 4.6 or
5.7 Mbps for a single copper pair.

Steinar Haug, Nethelp consulting, sth...@nethelp.no
___
cisco-nsp mailing list  cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/

Re: [c-nsp] ISR 4451-X route table size

2015-01-15 Thread sthaug 
  Interesting your distinction because Cisco says that the 4451:
  The product???s innovative hardware design splits the control and data 
  planes between two multi-core CPUs???
 
 Indeed, that's where my definition would not trivially apply either way :-)
 
 (And given how fast multipurpose CPUs have become, we see this in other
 areas as well - like SSL offloading PCI boards that you could add to
 a web server for decent HTTPS performance... most of that has just plain
 disappeared with modern CPUs...)

For me the relevant question is often: Can the box handle line rate,
or close to it, with minimum sized packets (and any access lists,
services, QoS etc that you need)? If it can, great - otherwise you're
opening yourself to a DoS attack at some point.

Steinar Haug, Nethelp consulting, sth...@nethelp.no
___
cisco-nsp mailing list  cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/

Re: [c-nsp] L2 security features on ME3600

2014-12-06 Thread sthaug 
 DHCP snooping seems to be supported just fine, however I$,1ry(Bm running up 
 against some issues with DIA and ISG.

We've had significant issues with DHCP snooping on ME3600 (DHCP traffic
being dropped). Bad enough that we're not deploying any new ME3600s at
this point.

Steinar Haug, Nethelp consulting, sth...@nethelp.no
___
cisco-nsp mailing list  cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/

Re: [c-nsp] Prioritize PING traffic to control plane

2014-08-07 Thread sthaug 
 I found out that PING to control plane of the router/switch can result with
 spike Latency and this is normal since ICMP packet is low priority in the
 CPU processing. I'm wondering if there is any way that we can prioritize it
 so that I can get no spike latency when pinging to control Plane, I know
 it's not necessary to do so, somehow want to see if this can be done.

Sounds like a bad idea. You probably want the control plane to give
high priority to *important* control plane stuff, like keepalives and
other protocol processing. Prioritizing ICMP, especially if others are
able to trigger ICMP, would be an excellent way to DoS yourself...

Steinar Haug, Nethelp consulting, sth...@nethelp.no
___
cisco-nsp mailing list  cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/

Re: [c-nsp] OSPFv3 Multiple Address Families Support in IOS

2014-08-05 Thread sthaug 
 No TE extensions for OSPFv3 is the biggest issue.

And for those who aren't married to OSPF, IS-IS is still an excellent
alternative.

Steinar Haug, Nethelp consulting, sth...@nethelp.no

 
 Thanks
 Darren
 http://www.mellowd.co.uk/ccie
 
 
 
  From: cwe...@ernw.de
  To: cisco-nsp@puck.nether.net
  Date: Tue, 5 Aug 2014 17:48:22 +
  Subject: [c-nsp] OSPFv3 Multiple Address Families Support in IOS
  
  Dear list,
  
  I noticed that support for multiple address families in OSPFv3 was added in 
  recent IOS versions.  I am currently thinking about updating the IOS 
  version on my routers and subsequently consolidating OSPFv2 and OSPFv3 into 
  OSPFv3 for both IPv4 and IPv6.
  
  Has anyone done this before and can share some experience with it? What are 
  (in your opinion) the pros and cons of the aforementioned consolidation of 
  OSPFv2/v3 into only OSPFv3?
  
  Thanks in advance for your time and feedback.
  
  Best,
  Christopher
  
  
  
  
  ___
  cisco-nsp mailing list  cisco-nsp@puck.nether.net
  https://puck.nether.net/mailman/listinfo/cisco-nsp
  archive at http://puck.nether.net/pipermail/cisco-nsp/
 
 ___
 cisco-nsp mailing list  cisco-nsp@puck.nether.net
 https://puck.nether.net/mailman/listinfo/cisco-nsp
 archive at http://puck.nether.net/pipermail/cisco-nsp/
 
___
cisco-nsp mailing list  cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/

Re: [c-nsp] why there are no plans for A903-RSP2B-240 please?????

2014-07-22 Thread sthaug 
 Really to get over 20K prefixes in HW with Metro-E+MPLS features we all are 
 willing to install huge 10RU boxes almost as thick as high all around the 
 place?
 That just doesn't sound right. 
 Or does it? 

Juniper MX240, 5U. But definitely more expensive than metro/switch
class equipment.

I think Cisco, Juniper and others are afraid of destroying the nice
profit margins on their higher end boxes. But maybe that's just me...

Steinar Haug, Nethelp consulting, sth...@nethelp.no
___
cisco-nsp mailing list  cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/

Re: [c-nsp] why there are no plans for A903-RSP2B-240 please?????

2014-07-22 Thread sthaug 
 MX240 is too big however MX104 is exactly what I was talking about.

MX104 is a very nice box, as long as you can live with its limited
CPU horsepower. We'll be installing several of them soon.

Steinar Haug, Nethelp consulting, sth...@nethelp.no
___
cisco-nsp mailing list  cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/

Re: [c-nsp] why there are no plans for A903-RSP2B-240 please?????

2014-07-22 Thread sthaug 
 Well I'm pretty annoyed by the asr903 limited CPU horsepower. 
 Reloading the box takes ages also saving config introduces a very 90's style 
 delay. 
 
 Does MX104 support LFA or rLFA please?

LFA yes. No rLFA support as far as I know.

Steinar Haug, Nethelp consulting, sth...@nethelp.no
___
cisco-nsp mailing list  cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/

Re: [c-nsp] IOS: catch 22 when enabling new bgp neighbors

2014-06-21 Thread sthaug 
 [neighbor 192.0.2.100 remote-as 64511 shutdown]
 
 Wow, you can do that? I feel really really dumb now...
 
 so do I ;-)

So maybe this feature needs better documentation?

Steinar Haug, Nethelp consulting, sth...@nethelp.no
___
cisco-nsp mailing list  cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/

Re: [c-nsp] RSPAN 3750X (IP BASE) - Received Only Broadcast/Multicast - No Unicast :(

2014-04-06 Thread sthaug 
 I received only broadcast/multicast traffic from remote RSPAN 3750X switch
 (L3, IP SERVICE) on my local 3750X switch (L2, IP BASE).

Sounds like your RSPAN VLAN has not been configured as remote-span
on all necessary switches. This is necessary in order to turn off MAC
address learning.

Steinar Haug, Nethelp consulting, sth...@nethelp.no
___
cisco-nsp mailing list  cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/

Re: [c-nsp] Difference between Cisco Q-in-Q and IEEE 802.1ad

2014-01-01 Thread sthaug 
 I made a simple setup where Cisco Q-in-Q port(switchport mode
 dot1q-tunnel) was facing a laptop. Laptop was sending out frames with
 802.1q tag(VID was 10) and Cisco Q-in-Q port pushed another 802.1q field.
 Final frame can be seen here:
 http://www.cloudshark.org/captures/ae485b68e9ed
 
 Based on this Cisco Q-in-Q frame, the only difference between IEEE 802.1ad
 frame and Cisco Q-in-Q frame is that former has 0x88a8 as an TPID value for
 S-tag? I made a small illustration for this:

Correct, it's 0x88a8 vs 0x8100 for the S-tag.

 In addition, are there Cisco switches out there which use 0x88a8 as a TPID
 value of S-tag by default?

Don't know of any.

 Last but not least, which devices use 0x9100 as
 a TPID value for S-tags? According to drawing in Wikipedia IEEE 802.1ad
 article, some do:

Juniper E-series (ERX) routers use 0x9100 by default.

Steinar Haug, Nethelp consulting, sth...@nethelp.no
___
cisco-nsp mailing list  cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/

Re: [c-nsp] ASR 901 EoMPLS

2013-11-18 Thread sthaug 
 Do you still need to do that when it's a port-based pw?

If you do, I'd say this is a bug. A port-based pseudowire shouldn't
care about L2 protocols or similar. It should just forward anything
it receives on the port into the pseudowire, and vice versa. With a
possible exception for Ethernet flow-control frames.

Steinar Haug, Nethelp consulting, sth...@nethelp.no
 
 Sent from my iPhone
 
  On Nov 18, 2013, at 8:19 AM, Dimitris Befas dimitris.be...@gmail.com 
  wrote:
  
  Hi Fredrik,
  
  Please check the command l2protocol ? under interface config.
  
  
  2013/11/18 Fredrik Vöcks fredrik.vo...@bredband2.se
  
  Hi all,
  
  We are having a customer who says he can't forward BPDU packets over an
  portbased EoMPLS using an ASR 901.
  
  Is this something known or am I missing something? Relevant configuration;
  
  interface TenGigabitEthernet0/1
  description c_customer433231
  no keepalive
  xconnect x.x.x.x 1730 encapsulation mpls
  
  /F
  ___
  cisco-nsp mailing list  cisco-nsp@puck.nether.net
  https://puck.nether.net/mailman/listinfo/cisco-nsp
  archive at http://puck.nether.net/pipermail/cisco-nsp/
  ___
  cisco-nsp mailing list  cisco-nsp@puck.nether.net
  https://puck.nether.net/mailman/listinfo/cisco-nsp
  archive at http://puck.nether.net/pipermail/cisco-nsp/
 
 ___
 cisco-nsp mailing list  cisco-nsp@puck.nether.net
 https://puck.nether.net/mailman/listinfo/cisco-nsp
 archive at http://puck.nether.net/pipermail/cisco-nsp/

___
cisco-nsp mailing list  cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/

Re: [c-nsp] VTP problem between remote PoP

2013-10-31 Thread sthaug 
 We  observed problem with VTP. VTP updates does not advertise between two
 switches in the same vtp domain
 
 It seems to me that happened because the distance between switches is too
 long, approximately 40km

I strongly suspect you have a different problem.

 Who ever observed the same problem?
 Could distance affect on convergance of VTP?

40 km = 200 microseconds in a fiberoptic cable. This is not relevant
for NTP at all. You need to look somewhere else.

Steinar Haug, Nethelp consulting, sth...@nethelp.no
___
cisco-nsp mailing list  cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/

Re: [c-nsp] ME3800X/ME3600X/ME3600X-24CX/ASR903/ASR901 Deployment Simplification Feedback

2013-07-26 Thread sthaug 
 Regarding the lack of 10GigE ports + 1GigE ports density, my first question
 when I saw this platform was: Is it stackable? 
 It would be great if the new version of X(CX) is stackable. 
 Yes so far we use 2x CX to redundantly connect a 10GE ring to the city POP. 
 However we don't really need CES everywhere so stacking two X-es together
 would be a better solution with a lot more GigE ports. 

Amen. Number of 1G ports, number of 10G ports, stackability: Cisco has
a pretty significant hole in their metro portfolio there. Chassis
based 6500/7600 is *not* the answer.

Steinar Haug, AS 2116
___
cisco-nsp mailing list  cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/

Re: [c-nsp] subnet mask confusion?

2013-04-19 Thread sthaug 
 I meant 255.0.255.255

If that's really what you intend, you need to turn off CIDR first.
Good luck.

Steinar Haug, Nethelp consulting, sth...@nethelp.no


 
 
 sky
 
 On 04/18/2013 10:40 PM, Gordon Smith wrote:
  You sure you didn't intend 255.255.255.0?
  i.e. a /24 range?
 
 
  On Thu, 18 Apr 2013 22:21:17 -0700, sky vader wrote:
  Hello,
 
  when using the following mask errors out as bad mask when used on an
  interface.
 
  labasa(config-if)# ip address 10.0.10.100 255.0.255.255
  ERROR: Bad mask 255.0.255.255 for address 10.0.1.100
 
 
  works on an access-list,
 
  labasa(config-if)#access-list 101 extended permit ip any 10.0.10.150
  255.0.255.255
 
  Just wondering what am I missing?
 
 
  sky
  ___
  cisco-nsp mailing list  cisco-nsp@puck.nether.net
  https://puck.nether.net/mailman/listinfo/cisco-nsp
  archive at http://puck.nether.net/pipermail/cisco-nsp/
 
  ___
  cisco-nsp mailing list  cisco-nsp@puck.nether.net
  https://puck.nether.net/mailman/listinfo/cisco-nsp
  archive at http://puck.nether.net/pipermail/cisco-nsp/
 
 ___
 cisco-nsp mailing list  cisco-nsp@puck.nether.net
 https://puck.nether.net/mailman/listinfo/cisco-nsp
 archive at http://puck.nether.net/pipermail/cisco-nsp/
 
___
cisco-nsp mailing list  cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/

Re: [c-nsp] Way to get 3rd party optics to work in UCS/FEX?

2013-04-12 Thread sthaug 
 We're not using a Nexus.  The error is occurring within the UCS
 Management interface for the fabric interconnects if I look at
 the ports where the new SFP's have been installed.  Pretty dumb
 that Avago makes Cisco's SFP's but since it says Avago for
 manufacturer instead of Cisco-Avago they're 'not validated'.   

Nothing new here. This has basically nothing to do with the features
of the optics parts, and everything to do with Cisco's bottom line.

There are plenty of vendors which will sell you Cisco coded optics.

Steinar Haug, Nethelp consulting, sth...@nethelp.no
___
cisco-nsp mailing list  cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/

Re: [c-nsp] Nexus LR SR over VPC

2013-04-12 Thread sthaug 
   Does anyone see any problems with that?  Would it be supported?
 
 The LR will work fine; the SR is unlikely to work at all:
 
 http://goo.gl/gf3nG
 
 For 10G, MMF is fine if you stay within the same cabinet.  Once you leave a
 cabinet, you're better off with SMF.

And of course, if he needs 2 x 10G he can use a simple 1310/1550 splitter,
or a proper 4 or 8 channel CWDM system. Lots of possibilites here.

Steinar Haug, Nethelp consulting, sth...@nethelp.no
___
cisco-nsp mailing list  cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/

Re: [c-nsp] 3560g switch - tagged vlans and untagged frames

2013-04-08 Thread sthaug 
   I would like to be able to accept both tagged and untagged frames on my 
 3560g. For the untagged frames, I'd like to be able to say these are a 
 member of some vlan - say 100 - otherwise I want to be able to allow 
 tagged frames from some list.
 
   In testing, it doesn't appear that switchport trunk native vlan  
 is doing the job; anything I send untagged is dropped and doesn't show 
 up in the switch mac address tables.  Here is my config:

Similar configs work for us.

 interface GigabitEthernet0/45
   description testing cisco vlans
   switchport trunk encapsulation dot1q
   switchport trunk native vlan 6
   switchport trunk allowed vlan 306
   switchport mode trunk
 
 
 It it helps. I do also have dot1q native vlan tagging enabled.

I believe you need to drop that - it tells the switch that the native
VLAN should be tagged.

Also, add the native VLAN to the list of allowed VLANs (so you'd get
switchport trunk allowed vlan 6,306 here).

Steinar Haug, Nethelp consulting, sth...@nethelp.no
___
cisco-nsp mailing list  cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/

Re: [c-nsp] pros and cons for IPTV multicast in rosen-mvpn vs GRT

2013-02-18 Thread sthaug 
 If you running on a 7600 I'd stay as far away from Draft-Rosen for this
 deployment model as possible

Could you say anything about why?

Steinar Haug, Nethelp consulting, sth...@nethelp.no
___
cisco-nsp mailing list  cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/

Re: [c-nsp] MPLS TE explicit-path: secondary ip as next-address

2013-02-05 Thread sthaug 
 New ip addresses was configured as secondary on interfaces in question.
 These new subnets (/30) appear in routing table, cef, etc. Network
 statement also was added to ospf configuration.

Note that it at least *used* to be the case that OSPF wouldn't form
adjacencies over secondary addresses. I don't know if this limitation
still holds, but it could be relevant to your case.

Steinar Haug, Nethelp consulting, sth...@nethelp.no
___
cisco-nsp mailing list  cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/

Re: [c-nsp] High CPU ME3600-X

2013-01-28 Thread sthaug 
 Both are relatively new platforms.  9K a little more mature than the ME3600, 
 although terminating a bunch of customers on an ASR9K is probably not a wise 
 idea yet, given the fact that ISSU is still not there :(

Given that people have been terminating large numbers of customers for
years boxes which don't offer ISSU, I disagree about the wise idea.

We find that a planned outage, with advance customer warning, works
just fine. YMMV.

Steinar Haug, Nethelp consulting, sth...@nethelp.no
___
cisco-nsp mailing list  cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/

Re: [c-nsp] Link State Periodic SPF

2013-01-10 Thread sthaug 
 I would like to know about Link state Periodic SPF's , I have seen in Cisco 
 IOS-XR and Juniper M/T -Series ( Junos) by default Periodic SPF runs every 15 
 minutes.
 
 Going to concept of SPF whenever there is change in topology router runs SPF 
 based on SPF interval configured. Also when LSP/LSA refreshes after certain 
 period then during that time also router executes SPF's.Then what is the 
 purpose of periodic SPF's . Can we disable the same , What kind of impact 
 will be there ??

Why do you want to disable them? Also, I presume you are aware that SPF
already runs when there is a change in the topology.

Steinar Haug, Nethelp consulting, sth...@nethelp.no
___
cisco-nsp mailing list  cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/

Re: [c-nsp] ME3400 roadmap for IPv6 first hop redundany

2012-11-28 Thread sthaug 
 we use me3400 for ftth customers with redundant connections and hsrp v2 as a 
 first hop redundancy solution.
 
 Sadly only glbp seems to be supported for ipv6 currently.  We would like to 
 have hsrp to be able to track the upstream interface, reachability of default 
 route etc...
 
 Does anybody know if hsrp for ipv6 (perhaps even with a global address) is 
 anywhere on the roadmaps for the me3400 ?

We asked about the same, and we were told that HSRPv6 was not planned
for ME3400. GLBP is it.

Steinar Haug, Nethelp consulting, sth...@nethelp.no
___
cisco-nsp mailing list  cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/

Re: [c-nsp] ISIS routing

2012-11-26 Thread sthaug 
 Today ISIS actually is typically less secure than OSPF as in most platforms
 OSPF can be protected by control-plane protection while ISIS cannot.

Even if all of your interfaces towards customers/transit/peering block
IS-IS traffic?

Steinar Haug, Nethelp consulting, sth...@nethelp.no
___
cisco-nsp mailing list  cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/

Re: [c-nsp] EoMpls MTU size

2012-11-03 Thread sthaug 
 I have packet loss  on PW port based and can't estaplish FTP session between 
 to PCs, the mtu on CE attached interface 1600, the core facing interface 4472 
 and 1524,any pointers ?

If the customer is actually *using* the 1600 byte MTU of the CE attached
interface you're obviously going to have problems with a core facing MTU
1524 interface. But maybe that wasn't what you meant?

Steinar Haug, Nethelp consulting, sth...@nethelp.no

___
cisco-nsp mailing list  cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/

Re: [c-nsp] MTU monitoring

2012-10-24 Thread sthaug 
 We have a contractual MTU, which is low. We would like to use a higher one, 
 as it's
 most of the time available on the provider network.
 
 As the MTU changes don't happen that often, i was wondering if there was a way
 to use the highest possible value, but get an alarm as soon as this MTU value
 is not honored anymore by the service provider.

If the MTU change happens in the underlying L2 network, your only
option is to perform continuous monitoring yourself (using maximum
sized packets with DF set).

Personally I would absolutely not use a higher MTU than what your
contract guarantees - IMHO doing so is simply asking for trouble.

Steinar Haug, Nethelp consulting, sth...@nethelp.no
___
cisco-nsp mailing list  cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/

Re: [c-nsp] [j-nsp] Cisco and Juniper learning IPv6 neighbor different behavior

2012-09-11 Thread sthaug 
 Any idea about the difference between Cisco and Juniper equipment?
 In the Juniper box, by default can learn the ULA, GUA and Link-local IPv6
 neighbor,
 In the Cisco box, by default just can learn the GUA and Link-local IPv6
 neighbor,

I can't reproduce your results. In our lab the Cisco IOS and IOS XR 
boxes learn ULA just fine.

Steinar Haug, Nethelp consulting, sth...@nethelp.no
___
cisco-nsp mailing list  cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/

Re: [c-nsp] [j-nsp] Cisco and Juniper learning IPv6 neighbor different behavior

2012-09-11 Thread sthaug 
 Can share your configuration? 

Nothing special about it. IOS XR box:

interface GigabitEthernet0/5/0/2
 mtu 4484
 ipv4 address 172.17.9.1 255.255.255.0
 ipv6 address fd00:8c0:3::31/124
 negotiation auto
 dampening

#show ipv6 nei
IPv6 Address  Age Link-layer Addr State Interface
fe80::207:84ff:fe23:38   24   0007.8423.0038 REACH Gi0/5/0/0
fe80::207:84ff:fe22:fc1b 17   0007.8422.fc1b REACH Gi0/5/0/1
fd00:8c0:3::32   75   0013.c33a.f200 REACH Gi0/5/0/2
fe80::213:c3ff:fe3a:f200 22   0013.c33a.f200 REACH Gi0/5/0/2

IOS box:

interface GigabitEthernet1/0/0
 dampening
 mtu 4470
 ip address 172.17.9.10 255.255.255.0
 no ip directed-broadcast
 negotiation auto
 ipv6 address FD00:8C0:3::32/124

#show ipv6 nei
IPv6 Address  Age Link-layer Addr State Interface
FE80::5E5E:ABFF:FE08:CF79   6 5c5e.ab08.cf79  STALE Gi1/0/3
FE80::21B:90FF:FECD:9D3B0 001b.90cd.9d3b  REACH Gi1/0/1
FE80::204:6DFF:FE98:E93D0 0004.6d98.e93d  REACH Gi1/0/0
FD00:8C0:3::31  0 0004.6d98.e93d  REACH Gi1/0/0

Steinar Haug, Nethelp consulting, sth...@nethelp.no
___
cisco-nsp mailing list  cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/

Re: [c-nsp] Cisco and Juniper learning IPv6 neighbor different behavior

2012-09-11 Thread sthaug 
 If I generate the traffic once a while, then stop, the neighbour will 
 disappear sometime later or not?

The IPv6 neighbor cache entry will indeed disappear. That's how it's
supposed to work...

 If I configure the GUA and ULA address for the same interface, then generate 
 the traffic, the router will learn both of the neighbours or just one of them?

If it receives traffic from a GUA neighbor address, it will learn that
GUA neighbor.

If it receives traffic from a ULA neighbor address, it will learn that
ULA neighbor.

No magic involved.

Steinar Haug, Nethelp consulting, sth...@nethelp.no
___
cisco-nsp mailing list  cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/

Re: [c-nsp] ME3600X - Bridge Domain Routing with SVI

2012-09-04 Thread sthaug 
 2. You may need to set the q-in-q outer tag on the 3524 with the 
 following commands on the Fa0/1 port:
 
 switchport mode dot1q-tunnel
 switchport access vlan 200

I don't believe the old 3500XL series (including the 3524) support
QinQ. It may *work* :-)

Steinar Haug, Nethelp consulting, sth...@nethelp.no
___
cisco-nsp mailing list  cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/

Re: [c-nsp] traceroute shows mpls labels...how?

2012-08-22 Thread sthaug 
 Also this depends on vendor too.  IIRC junos uses udp for its trace routing
 and ios uses icmp.Meaning that if you did traceroute from a cisco box
 going over a juniper network the labels wouldn't show and vice
 versa.

Works just fine, labels are shown, both ways in our mixed Cisco - Juniper
network.

Steinar Haug, Nethelp consulting, sth...@nethelp.no
___
cisco-nsp mailing list  cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/

Re: [c-nsp] traceroute shows mpls labels...how?

2012-08-22 Thread sthaug 
 That's what I was looking for.  So is it a part of the mpls lsr's icmp
 implementation that would allow those icmp extensions to carry and send that
 info or the traceing device (windows) or both?  In other words, I wonder if
 the windows device actually is rcv'ing the icmp extended packets carrying
 that mpls label info BUT the tracert windows application just isn't smart
 enough to render it on the cli output..

Since I get MPLS labels shown using ntraceroute (Nanog traceroute)
on my FreeBSD box, it's pretty clear that other hosts also receive
the MPLS label info (assuming it is transmitted by routers on the
way). Whether they can *use* the label info is another question.

Steinar Haug, Nethelp consulting, sth...@nethelp.no
___
cisco-nsp mailing list  cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/

Re: [c-nsp] ASR9000/RSP440 Console Issue

2012-06-15 Thread sthaug 
  IMHO no switch or router should have management access enabled on an
  interface which can be configured to pass non-management traffic.
 
 Some customers actually dropped Cisco offering and went with the
 competition, when they've learnt, that the management traffic is for
 MANAGEMENT only. It can't pass the user traffic.
 
 I saw customer dropping our 4900M after learning the FE0 management
 can't be used to route it's default route to the internet for the
 rest of multi-10GE customers. True story as they say. No amount
 of education at this point can make him change his mind.

It may be interesting to compare with Juniper which has had an Ethernet
port from day 1 for management traffic only - and still does today for
the M/MX/T series. They seem to have survived.

And yes, I'm firmly in the camp of wanting this type of functionality.

Steinar Haug, Nethelp consulting, sth...@nethelp.no
___
cisco-nsp mailing list  cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/

Re: [c-nsp] ASR9000/RSP440 Console Issue

2012-06-15 Thread sthaug 
  I think they have: Cloud Services Router 1000v...
  I do wonder if that's just the Nexus 1000v with all the Procket code...
 
 no, it's a virtualised asr1k software image - i.e. it runs XE not NX/OS.
 
 Very confusing that ASR1k and ASR9k share virtually nothing except the
 name, but that the CSR1v is the same software as the ASR1k (but in no way
 related to the CRS1, argh).

Ah, you mean somewhat like 3550 vs 3560 (nothing in common except
being a switch), or 7301 vs 7304?

 Someone please send the naming police to Cisco product management and tell
 them to start making arrests.

They've been at the 'maximally confuse your customers' a *long* time.

Steinar Haug, Nethelp consulting, sth...@nethelp.no
___
cisco-nsp mailing list  cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/

Re: [c-nsp] MSTP between Cisco / Brocade

2012-04-26 Thread sthaug 
 Is it common  expected for swouters to tx BPDUs when the port is in 
 layer-3-only mode?  Or am I just not getting the idea behind route-only in 
 Brocade?

I would definitely not expect a routed interface to transmit BPDUs
by default.

Steinar Haug, Nethelp consulting, sth...@nethelp.no
___
cisco-nsp mailing list  cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/

Re: [c-nsp] Feedback on terminal exec prompt timestamp

2012-02-15 Thread sthaug 
 No thanks. When I want that info I'll ask for it or I'll turn this feature 
 on. Plus it could break or confuse scripts and programs that interact with 
 Cisco routers.

+1.

Configurable is fine. Default on is not.

Steinar Haug, Nethelp consulting, sth...@nethelp.no
___
cisco-nsp mailing list  cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/

Re: [c-nsp] Feedback on terminal exec prompt timestamp

2012-02-15 Thread sthaug 
 BTW, terminal timestamps are enabled by default on IOS-XR since 3.8,
 so this change has already happened.

And it's intensely irritating...

Steinar Haug, Nethelp consulting, sth...@nethelp.no
___
cisco-nsp mailing list  cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/

Re: [c-nsp] Cisco's new 4500-X 10G Aggregation Switches

2012-02-10 Thread sthaug 
 I am sure it will do V6, but is the hardware optimized for V6?
 V6 hardware forwarding and TCAMs able to handle the tens of millions of
 routes
 expected. Perhaps there will be incremental updates so they can soak us
 thoroughly
 
 So, will it do V6 well is the real question?

It's advertised as a *switch*. Expecting something advertised as a 
switch to handle tens of millions of routes is hardly realistic.
Can your *router* handle tens of millions of IPv6 prefixes?

I'll be happy if it does IPv4 and IPv6 in hardware with a reasonable
number of prefixes.

Steinar Haug, Nethelp consulting, sth...@nethelp.no
___
cisco-nsp mailing list  cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/

Re: [c-nsp] ASR9K P router

2012-02-08 Thread sthaug 
 In the US..
 We'd like to have full netflow. We're rest of the world :-)

Good luck. You'll find the data volumes get impractically large when
you have a decent amount of traffic.

Sampled netflow is widely used outside the US too...

Steinar Haug, Nethelp consulting, sth...@nethelp.no

 
 
 On Wed, 8 Feb 2012, Dobbins, Roland wrote:
 
  AFAIK, ASR9K doesn't support full netflow (without sampling) even with new 
  cards.
 
  FYI, sampled NetFlow is routinely utilized by ISPs.
 
 
 -- 
 Dmitry Valdov
 CCIE #15379 (RS and SP)
 ___
 cisco-nsp mailing list  cisco-nsp@puck.nether.net
 https://puck.nether.net/mailman/listinfo/cisco-nsp
 archive at http://puck.nether.net/pipermail/cisco-nsp/
 
___
cisco-nsp mailing list  cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/

Re: [c-nsp] Vlans on an ASR9000

2012-01-05 Thread sthaug 
 At Cisco, the SFP-* modules tend to be for routers while 
 thhe GLC-* tend to be for switches. Although that's a bit 
 funny if you have a WS-X6724-SFP running in a 6500 (switch) 
 and then a 7600 (router) :-).

For some of us it's just as important that the SFP-* modules generally
support DOM / DDM while the GLC-* modules don't.

Steinar Haug, Nethelp consulting, sth...@nethelp.no
___
cisco-nsp mailing list  cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/

Re: [c-nsp] RSPAN through intermediate switch...

2011-12-28 Thread sthaug 
 Possible if your intermediate switch can do Q-in-Q ;)

No. You need to be able to turn off MAC address learning.

Steinar Haug, Nethelp consulting, sth...@nethelp.no

 On Sat, Dec 3, 2011 at 4:15 AM, Jeff Kell jeff-k...@utc.edu wrote:
 
  Is it possible to run an RSPAN vlan through (not an endpoint, just
  transport) an intermediate switch (specifically Foundry/Brocade FCX
  switch)?
 
  I would suspect that mac address learning on the switch would
  interfere with RSPAN, and I can't find a Brocade equivalent of the
  mac-learn interface disable.
 
  Jeff
  ___
  cisco-nsp mailing list  cisco-nsp@puck.nether.net
  https://puck.nether.net/mailman/listinfo/cisco-nsp
  archive at http://puck.nether.net/pipermail/cisco-nsp/
 
 ___
 cisco-nsp mailing list  cisco-nsp@puck.nether.net
 https://puck.nether.net/mailman/listinfo/cisco-nsp
 archive at http://puck.nether.net/pipermail/cisco-nsp/
 
___
cisco-nsp mailing list  cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/

Re: [c-nsp] Recommendation for small GBit router

2011-12-18 Thread sthaug 
  The NSE-* have hardware forwarding that never really worked, so the
  whole product line was abandoned.  Short summary.  Don't Go There.
 
 Not really. It's true for 7200 and NSE-1. But not true for 7304 and
 NSE-100 and NSE-150. We're still using around 7 of 7304/NSE-100 and
 NSE-150 based as access-routers at happy with them.

Experiences evidently vary. We phased out our last 7304 in February
this year - and we were happy to see the end of it.

Steinar Haug, Nethelp consulting, sth...@nethelp.no

___
cisco-nsp mailing list  cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/

Re: [c-nsp] Recommendation for small GBit router

2011-12-16 Thread sthaug 
  At the moment there is a GSR 12008 used for it but it has no IPv6 support
  (apart from senseless size and power wasting).
 
 I am a little curious about what IPv6 support/feature is missing on your 
 GSR 12008...

For instance 6VPE, in IOS. Yes, this is supported in IOS XR for the
GSR, but that has its own challenges...

Steinar Haug, Nethelp consulting, sth...@nethelp.no
___
cisco-nsp mailing list  cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/

Re: [c-nsp] LAC/LNS Routers - 7200 EOL

2011-12-01 Thread sthaug 
  While I agree that it's not optimal, but is it atypical? Isn't JunOS the
  same? All the important things running in single flat process, which has
  its own scheduling and memory management. Unix in the background being just
  an afterthought, really a way to bootstrap it all up.
 
 No, there are a bunch of separate Unix processes on JUNOS handling
 different things.

rpd. 'Nuff said.

Steinar Haug, Nethelp consulting, sth...@nethelp.no
___
cisco-nsp mailing list  cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/

Re: [c-nsp] Cisco ME3600X and Bridge-Domain Routing config question

2011-11-14 Thread sthaug 
 Hrm, it's going to be fun to retrospectively restrict trunk ports on 
 both ends all through the network to get around this.  Maybe EVC's just 
 isn't going to work for me afterall.

Having explicit allowed vlan lists on trunk port is a good idea in
any case. Open trunks which is the Cisco default is IMHO a recipe
for disaster in the long run...

Steinar Haug, Nethelp consulting, sth...@nethelp.no
___
cisco-nsp mailing list  cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/

Re: [c-nsp] Cisco and third party transceivers

2011-11-09 Thread sthaug 
 Last but not least, any ideas why do different switch models display
 transceiver EEPROM information(show idprom interface X) differently?

Because Cisco has lots of different Business Units and they don't have
any reason to coordinate the display format?

Steinar Haug, Nethelp consulting, sth...@nethelp.no
___
cisco-nsp mailing list  cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/

Re: [c-nsp] Downsides of combining P and PE functions into a single box

2011-10-20 Thread sthaug 
 The core will have been there long before you customers 
 start ordering 10Gbps circuits. Provided you have the right 
 platform in the core, scaling up will neither be an issue 
 nor a problem when you have downstreams buying dozens of 
 10Gbps circuits from you.

This is where we disagree somewhat. What we see here is that 
customers have started ordering 10G circuits before we have
cost-effective 10G circuits in the core.

Steinar Haug, Nethelp consulting, sth...@nethelp.no
___
cisco-nsp mailing list  cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/

Re: [c-nsp] ASR9k CWDM Optics

2011-10-16 Thread sthaug 
  The only thing that speaks in favour of Cisco these days is that Juniper
  is sucking big time, too.  Hooray.
 
 Yeah, and they don't have FEC.

Menara tunable XFPs (http://www.menaranet.com/products_tunable_xfp.htm)
work quite well in Juniper MX routers, and they have FEC integrated on
the XFP. We did a test this summer on a 500 km (approx) DWDM system with
optical amplifiers only, no electronic regeneration, and are very happy
with the results. Wavelength configured by CLI. Rerouting based on BER
is *not* integrated with JunOS, though.

Steinar Haug, Nethelp consulting, sth...@nethelp.no
___
cisco-nsp mailing list  cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/

Re: [c-nsp] No Link between SFP-10G-LRM and X2-10GB-LX4?

2011-10-07 Thread sthaug 
  Much better to stick to standard transceivers (SR, LR, ER, ZR or DWDM).
 
 That's easier said than done; if you need 10 Gbps but you only have old
 MMF available, your only choices for 30 meters are LX4 and LRM.

As we get to capacities higher than 10 Gbps you should not expect old
MMF to be usable...

SMF is well worth the extra expense, IMHO.

Steinar Haug, Nethelp consulting, sth...@nethelp.no
___
cisco-nsp mailing list  cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/

Re: [c-nsp] OSPFv3 authentication

2011-08-25 Thread sthaug 
 Am I missing something, or is OSPFv3 authentication (provided by ipsec, 
 since auth was removed from the protocol) not supported in any release for 
 any of cisco's switching platforms?  i.e. 3560, 4900, 6500
 
 Depending on how you search in feature navigator (the same feature appears 
 to be there under two different names):
 
 IPv6 Security: IPv6 IPSec to Authenticate OSPFv3 
 IPv6 Routing: OSPF for IPv6 (OSPFv3) Authentication Support with IPsec

One of the ideas of IPv6 which doesn't work in practice - everything
IPv6 must support IPsec.

In any case, I believe the lack of IPsec authentication for OSPFv3 is
fairly widespread. See this draft for an attempt at something more
lightweight than full IPsec:

http://tools.ietf.org/html/draft-ietf-ospf-auth-trailer-ospfv3-06

 you get different lists of supported platforms, but both are pretty small 
 and lack any of the gear I'm interested in.  Is everyone using/moving to 
 ISIS?...or just doing OSPFv3 without authentication?

ISIS here.

Steinar Haug, Nethelp consulting, sth...@nethelp.no
___
cisco-nsp mailing list  cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/

Re: [c-nsp] reliability of ping to router physical-, sub- or loopback interface

2011-08-24 Thread sthaug 
 Very often customers or NMS send ICMP echo request packages to a
 router physical interface, subinterface or loopback interface and
 expect ICMP echo reply as a response in order to test packet loss on
 the connection. How reliable are Cisco routers in terms of replying to
 ICMP echo request packages? I have heard, that for example to
 Juniper backbone routers, it's not at all the highest priority task.

Cisco is the same. The router's job is to forward packets, not to
generate ICMP replies (whether this is due to explicit ping, or for
instance traceroute through the router).

You should *expect* that a modern router will have limitations on
how much control plane traffic (bps, pps) it will accept/generate.

Steinar Haug, Nethelp consulting, sth...@nethelp.no
___
cisco-nsp mailing list  cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/

Re: [c-nsp] reliability of ping to router physical-, sub- or loopback interface

2011-08-24 Thread sthaug 
  Ideal world yes, ping is a useful tool for latency testing, but it is
  unfortunately abused...hardly ideal to give icmp a priority for
  packets destined TO router...far more important roles for a router to
  do than prioritize an icmp flood to a local int.
 
 I am not saying that they should be prioritized higher than packets
 passing through the router. I just want to avoid having them handled by
 the routing engine; ICMP ECHO is simple enough to do in hardware. This
 also prevents ICMP ECHO-based DoS-attacks on the router.

If you also include MPLS etc in the picture it's no longer so clearcut,
I'm afraid.

Steinar Haug, Nethelp consulting, sth...@nethelp.no
___
cisco-nsp mailing list  cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/

Re: [c-nsp] MTU - issue while doing VPLS over VPLS!

2011-08-02 Thread sthaug 
 we are deploying Cisco metro Switch to create VPLS network as below.
 
 PC-Cisco Switch + Cisco switch E1 Link [ service provider]
 -Cisco Switch + Cisco Switch -internet 
 
 For E1 link , we are using protocol converter that its Ethernet port only
 support MTU 1500. That means we have MTU 1500 for backhaul link.
 
 Now when we do VPLS or  VPLS over VPLS ,  There are some application not
 working properly. 

This is expected.

 I want to know ,  does Cisco Switch fragment the packet at its outer
 interface of the switch that is connect to E1 link.

No, why should it? You're doing VPLS which is an L2 technology.

 Or shall we ask Service
 provider to increase the MTU [ or place protocol converter that support
 higher MTU]

If you want 1500 bytes plus VPLS, you need a higher MTU through your
protocol converters *and* the E1 service provider link.

Steinar Haug, Nethelp consulting, sth...@nethelp.no
___
cisco-nsp mailing list  cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/

Re: [c-nsp] [j-nsp] L3VPN between Cisco and Juniper

2011-08-01 Thread sthaug 
 Question is a bit vague, what considerations for your VPN tunnel are
 you looking for?
 Do you need route based VPN, or policy based VPN?
 Do you need routing protocols to traverse the VPN?
 Will traffic IPs be private or public? NAT?

Maybe it is MPLS L3VPN that is being requested?

If so - no specific problems. Works fine, with either LDP or RSVP as
the protocol.

Steinar Haug, Nethelp consulting, sth...@nethelp.no
___
cisco-nsp mailing list  cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/

Re: [c-nsp] Open Source netflow recommendations

2011-05-20 Thread sthaug 
 Difficult to understand why an MS-DPC is required for jflow v9.  The 
 additional overhead of netflowv9 is very low, and the actual cost of 
 running an MS-DPC can be quite high (i.e. extra slot which would otherwise 
 be used for a traffic blade).

Money? :-)

Steinar Haug, Nethelp consulting, sth...@nethelp.no
___
cisco-nsp mailing list  cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/

Re: [c-nsp] Open Source netflow recommendations

2011-05-18 Thread sthaug 
 If vendors start playing games with license fees per feature (to pad their
 revenues), then one either conform or work-around them.  If this pertains to
 netflow, I've done something like the following in the past:
 * span traffic to pkt collector
 * on pkt collector, run something like fprobe to convert raw pkt to flow
 format
 * export flow to said flow collector

You then have the problems of packet rates (unless you can get sampling
before spanning to the traffic collector) plus you lose ifIndex, which
for some of us is rather important.

In other words, not a solution for all of us.

Steinar Haug, Nethelp consulting, sth...@nethelp.no
___
cisco-nsp mailing list  cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/

Re: [c-nsp] Cisco ME 3400 Switch + dot1.Q Tunneling

2011-05-02 Thread sthaug 
 Just wondering if anyone here uses the Cisco ME 3400E Switch, and any
 comments on performance? Key feature needed would be Layer2 dot1.Q
 tunneling, and the other option is using the 3560G series.

We use the ME-3400EG-12CS-M, mostly for the DC power supply and the
possibility of using REP. Performance is fine (line rate) - but note
that the ME3400E, like the 3560, has fairly small buffers.

Steinar Haug, Nethelp consulting, sth...@nethelp.no
___
cisco-nsp mailing list  cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/

Re: [c-nsp] general questions regarding MTU

2011-04-05 Thread sthaug 
 If I have a following setup:
 http://img203.imageshack.us/img203/4485/mtuj.png ..and I would like to
 have connection between server1 and server2 over Ethernet v2 using
 MTU 9000 bytes. I have few general questions regarding MTU:
 
 1) as I understand, frames larger than MTU are automatically
 fragmented by switch.

No. If the switch functions as an L2 device (bridge), frames larger
than the MTU will be dropped.

Steinar Haug, Nethelp consulting, sth...@nethelp.no
___
cisco-nsp mailing list  cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/

Re: [c-nsp] What is the lowest latency switch?

2011-03-20 Thread sthaug 
 I would love to see a fully functional shell cli on network devices that 
 would allow us to gather information more effectively  using 
 grep,awk,sed,etc...

It already exists on some platforms. Lightly edited to hide som details:

sthaug@xxx start shell
% pwd
/var/home/core-remote
% grep 'BGP.*Established to Idle' /var/log/messages | awk '{print $9}'
x.y.4.170
x.y.120.77

sed is there too.

Steinar Haug, Nethelp consulting, sth...@nethelp.no
___
cisco-nsp mailing list  cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/

Re: [c-nsp] RSPAN question...

2011-03-01 Thread sthaug 
 Can you pass an RSPAN vlan through a vanilla switch that isn't RSPAN aware?
 
 I know the source and destination switches for an RSPAN session must 
 obviously be
 RSPAN-aware, but can you pass the RSPAN vlan through a non-participating 
 switch?

No. RSPAN depends on flooding of the VLAN traffic, with MAC address
learning turned off.

Steinar Haug, Nethelp consulting, sth...@nethelp.no
___
cisco-nsp mailing list  cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/

Re: [c-nsp] IOS - ipv6 uppercase in config - why ?

2011-01-06 Thread sthaug 
  Have you read the Errata for RFC5952?  I'm fairly certain it now says that
  the digits a-f must be uppercase, except where user derived, though I think
  this is a fairly recent correction.
 
 That's an absolutely terrible errata: old-skool assemblers didn't 
 accept lower-case hex digits, neither should we, stop being lazy and hit 
 the shift key. I seriously hope it doesn't make it in on those grounds 
 (I am agnostic on the upper/lower issue per-se, but that's a terrible 
 rationale).

That errata was discussed on IPv6 lists, with agreement that this 
was *not* acceptable as an errata.

Steinar Haug, Nethelp consulting, sth...@nethelp.no
___
cisco-nsp mailing list  cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/

Re: [c-nsp] Alternatives to 3750 w/ Stackwise?

2010-11-26 Thread sthaug 
 Also worth a look are the Extreme SummitStack (x450, x460, x480) series 
 devices. We use these and are very happy with them. They're fast, cheap, 
 and pretty full featured.

Features and functionality is fine. Unfortunately we've had way too
high hardware failure rates for our X450s.

Steinar Haug, Nethelp consulting, sth...@nethelp.no
___
cisco-nsp mailing list  cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/

Re: [c-nsp] GLC-LH-SM vs SFP-GE-L

2010-11-19 Thread sthaug 
  For the next round of purchases, I'm not sure what we'll end up at.  All
  real routers from $C tend to be a bit on the expensive side of things,
  so we might go for just a switch from $J - the MXes really look 
  promising... and less politics there.
 
 A significant difference from 6500/7600 is that Juniper MX is a router
 with added switch functionality, not the other way around.
 
 We use our MX boxes purely as routers and are very happy with them in
 that role.

On the same note, this message from Richard Steenbergen goes into more
detail:

https://puck.nether.net/pipermail/juniper-nsp/2008-November/011885.html

Steinar Haug, Nethelp consulting, sth...@nethelp.no
___
cisco-nsp mailing list  cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/

Re: [c-nsp] GLC-LH-SM vs SFP-GE-L

2010-11-17 Thread sthaug 
  I have some (though not much) sympathy for Cisco's not wanting to
  support 3rd party transceivers. Hey, they have to feed their kids and
  all that. But I fail to see why they won't support their own
  transceivers. That's just plain stupid.
 
 Support takes testing
 Testing takes time
 Time costs money 

Also, Cisco makes significant amounts of money on this, so why should
they give it up?

 ... plus, given a finite amount of time, there'll always be
 prioritization on what to do when. We may not always agree with the
 priorities, but you shouldn't doubt that they're done.
 
  Oh well, we're in talks with a 3rd party provider that deliver optics
  that work without service unsupported-transceiver at a much lower
  price and 3 year warranty.
 
 The problem with using Cisco-coded transceivers is that it makes it
 much harder to figure out what's going on. (And yes, lots of those
 pluggables that appear to work, frequently fails. Been there, seen it
 many times on support cases).

We have also been using Cisco-coded transceivers for years, and haven't
had significantly worse failure rate on those than on optics purchased
from Cisco. YMMV.

Steinar Haug, Nethelp consulting, sth...@nethelp.no
___
cisco-nsp mailing list  cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/

Re: [c-nsp] mpls on RR ?

2010-11-16 Thread sthaug 
 I believed that mpls is not needed on ipv4 RR and vpnv4 RR.
 (as RR should not be in the forwarding path)
 
 Now, I came across some examples with mpls enabled on RR and want to verify
 if there are
 reasons for enabling MPLS in network offering Internet-accees and L3VPNs ?

There may be reasons to have the RR in the forwarding path, especially
for ipv4. Less so for vpnv4. So RR should not be in the forwarding
path is not universally applicable.

Steinar Haug, Nethelp consulting, sth...@nethelp.no
___
cisco-nsp mailing list  cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/

Re: [c-nsp] 3560 SVI

2010-11-16 Thread sthaug 
 I have a odd situation. I created a SVI on a 3560 switch, assigned an IP
 address(public) without enabling ip routing and I was able to remotely
 access the switch.
 No default route added or anything like that. So how is it that I am able to
 access the switch?
  switch is connected to another switch which has a trunk connection to a
 cisco 7206.

I believe proxy ARP is still turned on by default on Cisco IP router
interfaces.

Steinar Haug, Nethelp consulting, sth...@nethelp.no
___
cisco-nsp mailing list  cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/

Re: [c-nsp] TACACS emergency password management

2010-11-02 Thread sthaug 
  Interesting. I was under the impression that a common use-case for TACACS
  was command authorization; letting 2nd line engineers do things like
  provision new gig ports, but needing a 3rd line engineer to change IP
  routing etc.
 
 
 Oh not at all.  That's one of things that's available but no one remembers
 or needs.

I can't comment on how common it is, but we use it. We block commands
like switchport trunk allowed vlan digits, while allowing none,
add and remove forms of the same. It's a way of preventing a too
common case of shooting yourself in the foot.

Steinar Haug, Nethelp consulting, sth...@nethelp.no
___
cisco-nsp mailing list  cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/

Re: [c-nsp] BGP support on the new ASA5585-X

2010-10-29 Thread sthaug 
  At this moment we know that ASA5585-X does not support BGP.
 
 I'm sure it doesn't.  Routers are routers, firewalls are firewalls.

There are several firewall platforms that support BGP - and this can
actually be quite useful. Fortigate is one of them.

Steinar Haug, Nethelp consulting, sth...@nethelp.no
___
cisco-nsp mailing list  cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/

Re: [c-nsp] vs mac table in 3750 switches

2010-10-19 Thread sthaug 
 L3sw --trunk--- L2sw1 --trunk--- L2sw2
 
 It it possible that the L2sw2 switch won't send mac address table updates to 
 the others switches if src and des mac is located on it self.

Switches don't send mac address table updates to one another. Switches
send Ethernet frames, and *learn* MAC addresses based on which port/VLAN
a frame is received on.

Steinar Haug, Nethelp consulting, sth...@nethelp.no
___
cisco-nsp mailing list  cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/

Re: [c-nsp] Juniper Channelised STM-1

2010-10-13 Thread sthaug 
 I'm facing a issue where I have configured 3E1's on  channelised STM-1
 card of juniper between M320 (P router ) and M120 (PE router )
 
 Is there any limitations that we can't use Channelised Stm-1 and
 configure E1 on MPLS core links ( P-P or PE-P)

Should work just fine. The capacity will, of course, be limited.

Steinar Haug, Nethelp consulting, sth...@nethelp.no
___
cisco-nsp mailing list  cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/

Re: [c-nsp] DS3 Nubie

2010-09-26 Thread sthaug 
 There are other downsides [to metro ethernet] to consider.  Using ethernet 
 for long haul, your devices at each end are no longer directly connected, 
 but will have a network (the provider's ethernet switches) between them. 
 Failures in the network will cause your ends to lose contact with each 
 other, while their interfaces remain up/up.

Some providers offer WDM services with an Ethernet interface, and ensure
that a failure in the network results in link down. Your point is still
valid for many Ethernet service offerings, though.

Steinar Haug, Nethelp consulting, sth...@nethelp.no
___
cisco-nsp mailing list  cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/

Re: [c-nsp] ASIC to switch port mapping

2010-09-13 Thread sthaug 
 Ugh, ugly.  I was hoping to find a box that could do 10Gb/s uplink and 
 breakout as far down as 100Mb/s.  Back to hunting again.

Have a look at the new ME 3600X / 3800X series.

Steinar Haug, Nethelp consulting, sth...@nethelp.no
___
cisco-nsp mailing list  cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/

Re: [c-nsp] PA-FE-TX, PA-FE-TX/ISL, PA-2FE-TX, PA-2FE-TX/ISL

2010-09-01 Thread sthaug 
 The NPE-G2 is better if you want to forward some 1Gbps 
 through the box (configuration-dependent).
 
 Bottom line, the NPE-G1/G2 gives you great value with those 
 on-board Gig-E ports.

Still not great if you want to handle a line rate DDoS attack with
minimum size packets...

Steinar Haug, Nethelp consulting, sth...@nethelp.no
___
cisco-nsp mailing list  cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/

Re: [c-nsp] PA-FE-TX, PA-FE-TX/ISL, PA-2FE-TX, PA-2FE-TX/ISL

2010-09-01 Thread sthaug 
  Still not great if you want to handle a line rate DDoS
  attack with minimum size packets...
 
 Agree - but if the budget is tight, some pain might not be 
 avoidable.
 
 My take is if you want to handle 1Gbps (or better) on a 
 sustained basis (as opposed to a couple of hundred-Mbps at 
 peak), you really should be looking beyond the 7200.

Absolutely agreed.

Steinar Haug, Nethelp consulting, sth...@nethelp.no
___
cisco-nsp mailing list  cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/

Re: [c-nsp] full duplex mismatch speed - dynamips

2010-08-17 Thread sthaug 
  Verify duplex and speed configurations on interface, the rule is:
  autoXauto, forcedXforced. If problem not solve, disable cdp.
 
 Also, while auto speed/duplex negotiation is fine for user workstation/PC 
 ports in most cases, I recommend against using it on your network 
 infrastructure if you can help it.

I would have agreed five to ten years ago. However, nowadays we use
autoneg everywhere with a few well known exceptions (e.g. Cisco 7200
with Fast Ethernet PAs). Autoneg simply gives us less problems.

Steinar Haug, Nethelp consulting, sth...@nethelp.no


___
cisco-nsp mailing list  cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/

Re: [c-nsp] Preferring OSPF over BGP

2010-08-14 Thread sthaug 
  Well now. Cisco has for many years recommended having the *same*
  administrative distance for iBGP and eBGP, as in
 
  distance bgp 200 200 200
 
  Wouldn't this accomplish what you need?
 
 Steinar,
 
 Could you point me to any link with such recommendations? And if they, 
 as you say, have recommended it for many years, why IOS XR still has the 
 same unchanged default values of administrative distance, while it has 
 many other IOS defaults updated?

See for instance

- PDF page 41 (slide 82) from Networkers 2001 session Deploying BGP for
Enterprises and ISPs,

http://www.cisco.com/networkers/nw01/pres/pr/ps_presos/PS_545_TURNER_C2.pdf

- PDF page 27 and 28 (slide 54 and 55) from Networkers 2004 session
Deployment and analysis of BGP,

http://www.cisco.com/networkers/nw04/presos/docs/RST-2303.pdf

I have no idea why they haven't changed the IOS XR defaults. I know all
*our* IOS XR speaking routers are using a distance of 200 for both
iBGP and eBGP, on Cisco's recommendations.

Steinar Haug, Nethelp consulting, sth...@nethelp.no
___
cisco-nsp mailing list  cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/

Re: [c-nsp] Preferring OSPF over BGP

2010-08-13 Thread sthaug 
 The problem in short: there is a pretty big network with many routers, 
 Cisco only. One of them has a network connected which it redistributes 
 to OSPF. All other routers see the route via OSPF and via eBGP. Because 
 of default administrative distance values, eBGP route always wins, so 
 the traffic to that network from all routers but the one connected, 
 always chooses external carriers, not the internal network.
 
 One of the solutions is to change globally administrative distance for 
 OSPF or BGP. However it is pretty dangerous to do it for all the routes 
 on the core routers and Cisco even advices:

Well now. Cisco has for many years recommended having the *same*
administrative distance for iBGP and eBGP, as in 

distance bgp 200 200 200

Wouldn't this accomplish what you need?

Steinar Haug, Nethelp consulting, sth...@nethelp.no
___
cisco-nsp mailing list  cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/

Re: [c-nsp] 10Gig DWDM fluctuating

2010-08-04 Thread sthaug 
 I am trying to find out what is causing my link to go down either the 
 transmit power or a receive power. Below are the parameters of link having a 
 connectivity issue of DWDM transmission. The problem is sometimes it works 
 and sometime it does not and transmission guys keep insisting that your 
 transmit power is low. Now the question is if the transmit power is low, can 
 you increase it for a particular link. Physical interface: xe-4/2/0Laser 
 bias current:  33.111 mALaser output power
 :  0.4410 mW / -3.56 dBmModule temperature
 :  30 degrees C / 86 degrees FLaser rx power  
   :  0.2516 mW / -5.99 dBmI have another link over same DWDM transmission 
 which is working quite fine for days. The following are the parameters for 
 that link.Physical interface: xe-4/3/0Laser bias current  
   :  32.748 mALaser output power:  0.5060 !
 mW!
   / -2.96 dBmModule temperature:  31 degrees C / 
 88 degrees FLaser rx power:  0.2538 mW / 
 -5.96 dBmI would appreciate it if someone can describe it in detail that what 
 could be the reason causing this link to fluctuate randomly. ThanksAndrew 
   
Why are you asking about what appears to be Juniper equipment on a 
Cisco list?

Btw, your transmit and receive signal levels seem completely normal.

Steinar Haug, Nethelp consulting, sth...@nethelp.no
___
cisco-nsp mailing list  cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/

Re: [c-nsp] Juniper M320 vs. 7600/SUP320-3BXL and WS-X6148A-GE-TX

2010-07-28 Thread sthaug 
 Looking for options to our next upgrade from our 7200VXR platform.
 Someone suggested 7600 and the WS-X6148A-GE-TX cards with a
 SUP720-3BXL.  We're doing BGP (4-5 full iBGP peers, 13 external peers
 (3 upstream, 10 downstream), all full routes), dot1q trunks, EoMPLS
 with L2VPNs.  We will most likely do dot1q trunks to our agg switches
 at our other POPs with MPLS and L2VPNs being started/terminated on
 dot1q trunks. We're also looking to roll out IPv6 services in the next
 few months.
 
 Our options we're looking at are a Juniper M320 w/RE-1600 and SFP PIC
 (PB-4GE-SFP).

If you're doing Ethernet only you should be looking at the Juniper
MX series (e.g. MX480) instead of M320. Much nicer port pricing.

Steinar Haug, Nethelp consulting, sth...@nethelp.no
___
cisco-nsp mailing list  cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/

Re: [c-nsp] Cheapest Cisco desktop switch that supports Q-in-Q/802.1Q VLAN encapsulation/double-tagged VLANs/Stacked VLANs

2010-07-09 Thread sthaug 
 Thanks for explaining the semantical differences.  What I'm looking to do is
 the termination -- wouldn't the ME3400 do the trick?

No, the ME3400 cannot terminate dual tagged VLANs (encapsulation dot1q
x second-dot1q y).

Steinar Haug, Nethelp consulting, sth...@nethelp.no
___
cisco-nsp mailing list  cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/

Re: [c-nsp] Cheapest Cisco desktop switch that supports Q-in-Q/802.1Q VLAN encapsulation/double-tagged VLANs/Stacked VLANs

2010-07-08 Thread sthaug 
 What is the cheapest Cisco desktop switch that supports Q-in-Q?  Is it the
 ME-3400G-2CS-A?  We prefer the encapsulation dot1q x second-dot1q y
 approach.

Your last sentence doesn't make sense here. 

Q-in-Q generally refers to *tunneling* one VLAN trunk through an L2
network by adding an extra VLAN tag in front of the existing VLAN tag.

encapsulation dot1q x second-dot1q y is used to *terminate* a dual
tagged VLAN connection (typically an IP termination). This is very
different from *tunneling*.

So - do you want tunneling or termination? I don't believe there are
any Cisco desktop switches which can IP terminate a dual tagged VLAN
connection. There are, of course, plenty of desktop switches which
will do 802.1Q tunneling.

Steinar Haug, Nethelp consulting, sth...@nethelp.no
___
cisco-nsp mailing list  cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/

  1   2   3   >