Re: [c-nsp] ASR1009x and 10G thruput
> We recently upgraded our network from ASR1004s to ASR1009xs. > > We are encountering thruput limits on 10G interfaces and were > wondering whether others have seen that as well. > > Hard limits seems to be 2.4G or 4G and we are not able to reach line > rate of 10G. Have tried iperf which hits the wall as well. We had a client recently who couldn't get more than around 2.5 Gbps through their ASR1k. Turned out they were missing a required "performance upgrade" license. Could that be your problem? Steinar Haug, Nethelp consulting, sth...@nethelp.no ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] [External] SDx open standard?
>>> I spent 10 min browsing MEF web site and still do not know what "MEF" >>> stands for ... Looks to me like yet one more commercial entity to drain a >>> little bit of cash out of the vendors while perhaps help with marketing and >>> sales a bit. >> >> Metro Ethernet Forum. They've been around for a while. >> > > In fairness, that term is almost entirely absent from the web site, as far as > I can see. > > Is it an expansion that's been deliberately dropped in the face of expanding > to work on SDN, NDV, et al beyond their original Metro Ethernet scope? And > now MEF is just MEF? No idea. But it sure *sounds* like rather significant scope creep. Steinar Haug, Nethelp consulting, sth...@nethelp.no ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] [External] SDx open standard?
>> The standardization is coming, check out > https://www.mef.net/mef-3-0-sd-wan > > I spent 10 min browsing MEF web site and still do not know what "MEF" > stands for ... Looks to me like yet one more commercial entity to drain a > little bit of cash out of the vendors while perhaps help with marketing and > sales a bit. > > Is this the same as Microsoft's MEF: > > "The Managed Extensibility Framework (MEF) is a library in .NET that > enables greater reuse of applications and components." Metro Ethernet Forum. They've been around for a while. Steinar Haug, Nethelp consulting, sth...@nethelp.no ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] [External Email] Re: big uptime - what you got ?
>> cisco LS1010 (R4600) processor with 65536K bytes of memory. > > It was just matter of time until someone shows up with LS1010 :) > > (Un)fortunately our LS1010s are long gone but the uptimes were 12+ > years on many of them. Darn, I had done my best to try to forget everything related to the number 53 :-) But yeah, we had LS1010 too, at a previous employer. Steinar Haug, Nethelp consulting, sth...@nethelp.no ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] show isis neighbors - system id shown
>> is there a reason why ? > > Looks to me like you are pretty fast in repetitive show commands :) > > What actually may be happening here is that adj. comes up fast and at this > point your router does not yet have the dynamic name. After some time it > receives it from the neighbor via flooding in TLV 137 and then creates a > mapping hence in subsequent commands you see the name. > > Works as designed :) Flooding that TLV may take a bit of time as well as > your local system may not treat it as top important info. I've seen the same thing multiple times on Juniper and Huawei routers. I agree, this is working as intended. Steinar Haug, Nethelp consulting, sth...@nethelp.no ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] QinQ termination on a Catalyst 6800
> Cat6K and 6880 support QinQ. > We use it to connect some L3 vlans between our DC. > I’m not at my desk, but from memory, .. > 1) on the access port facing the ‘client’ …. > Switchport mode dot1q-tunnel > switchport access vlan xxx.Where xxx is the transport/service provider > side vlan assigned to this client. > 2) add the above ‘xxx’ transport vlan to any dot1q trunks used between client > sites. Note well the difference between - QinQ: An extra (outer) VLAN tag is added to ingress Ethernet frames which already contain one or more VLAN tags. Example configuration is "switchport mode dot1q-tunnel" + "switchport access vlan X". - Double VLAN tag termination: An Ethernet service (e.g. IP based) is terminated on the Catalyst switch based on both outer (SVLAN) and inner (CVLAN) tags. Example config is "encapsulation dot1Q X second-dot1q Y". As far as I know, Cat 6500 supports the former but not the latter. I have no experience with the 6880. Steinar Haug, Nethelp consulting, sth...@nethelp.no ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] [j-nsp] L3VPN/RR/PE on Same router
> PS. Have not been reading -nsp aliases for a while, but now I see that I > missed a lot ! Btw do we really need per vendor aliases here ? Wouldn't it > be much easier to just have single nsp list ? After all we all most likely > have all of the vendors in our networks (including Nokia !) and we are all > likely reading all the lists :) Or maybe there is one already ? Disagree. I follow several of the -nsp lists, but some of them much more closely than others. Having them all mixed up would definitely make this more difficult. Steinar Haug, Nethelp consulting, sth...@nethelp.no ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] Juniper MX240 & MX480
> Am I only one puzzled about MX204 port choice, 4xQSFP28 + 8xSFP+. > Seems like it's positioned to datacenters facing upstream? I'd want > 2xQSFP28 and maybe 36xSFP+ (oversub is fine), with attractive > licensing using SFP+ as SFP only, to add L3 DFZ 1GE aggregation box to > JNPR portfolio. > I can't imagine rolling this would be expensive, call it MX202 o > something. JNPR do me a solid. We discussed this with Juniper. We're hearing a lot about space available on the faceplate versus number of ports desired. However, the MX204 feels mostly irrelevant for us because splitter cables for 10G are not usable (since we have quite a bit CWDM/DWDM optics directly in our routers). If faceplate space is the issue we would actually be much happier with a 2RU box - especially if they could reduce depth to 30 cm or thereabouts. Steinar Haug, Nethelp consulting, sth...@nethelp.no ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] CEF issues this weekend
> Anyone seeing CEF issues since 6:19 PM EST on 9/29? Saw a report that > someone announced a 2200+ byte AS path around the same time. See https://mailman.nanog.org/pipermail/nanog/2017-September/092528.html Steinar Haug, Nethelp consulting, sth...@nethelp.no ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] ASR920 vs ASR1001-x
> > ASR920 is more like a switch. > > Not really - it's actually a router. > > It just looks like a switch. Interesting - one of our local Cisco distributors, in a meeting with us and with Cisco people present, repeatedly called ASR920 a Layer 3 switch. With no protest from the Cisco representatives. Steinar Haug, Nethelp consulting, sth...@nethelp.no ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] Strange X2 Temperature Flaps
> Within 48 hours we have had three very strange issues with three different X2 > modules, installed in 2 different chassis (both in 6708-10G/Sup720/6509E). In > each case, the module's temperature reading has jumped and then oscillated > from +127C to -127C over the course of the next 5 hours. > > Each time it completes a loop it jumps from -127 to +127 - at _that_ moment > we get a short burst of CRC errors in the ASR9k which is connected to the > other end of the link. In two of the cases so far, the errors were enough to > trip OAM on the ASR9k into err-disable on the port due to >3 seconds of > symbol errors. This problem (temp looping through all values) has also been observed on third party 10G XFPs for Juniper routers. We got the XFP vendor to replace the XFPs. Problem solved. Steinar Haug, Nethelp consulting, sth...@nethelp.no ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] Newbie traceroute question
> On hop 2, 6, 7 & 8 suddenly the traceroute output *includes *MPLS data > (label & exp). I understand how traceroute works (am very familiar with > Richard's excellent preso), but I still haven't seen an answer to my > question. Gert's was possibly the closest with "Nothing special in IOS > traceroute, but more "stupidity in general unix traceroute" - when > sending a TTL exceed ICMP packet, the LSR copies the label stack into > the ICMP packet, and traceroute *could* handle this." And Cisco routers by default decodes the MPLS label stack that has been copied into the ICMP packet - *even if the router itself is not configured for MPLS*. There's really no magic here. Steinar Haug, Nethelp consulting, sth...@nethelp.no ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] Cache DNS servers
> > I have little question about DNS servers that you use in your environment? > > We use bind on freebsd servers now. I did some benchmarks and found that > > google public DNS is 8 - 10 time faster than my own. So I decide change BIND > > for something more faster. I'm in MNO market. Any suggestions? > > > just caching resolver? might want to look at unbound but google 10x > faster than you even though > theirs are remote etc? > > 1) tune your server (MANY things can be done) > 2) their caches are probably ready-populated with loads of stuff as they are > operational..whereas your server > will have to go out to make queries. Ayup, this is mostly about "hot caches". You need a significant amount of DNS query traffic to get a good cache that will answer most queries quickly, out of the cache. FreeBSD or Linux, BIND, Unbound or PowerDNS recursor - use what you know best, they will all work well for normal loads. If you're getting into more than 10k queries/second territory you may want to actually do some testing/measurement. Given a nice hot cache, a nearby resolver is likely to beat a remote Google resolver, simply due to the lower latency to reach the cache. Yes, I have measurements that show this :-) But simply replacing BIND with something else is *not* likely to solve your problem. Steinar Haug, Nethelp consulting, sth...@nethelp.no ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] Cisco Nexus as MetroE switch?
> Well speaking of BUs understanding of IX needs or BGP for that matter, > Juniper and ALU both have same route preference(Cisco AD) for iBGP and eBGP > routes -now how stupid is that right!?!?! Juniper has has the same route preference for iBGP and eBGP routes for many years. Note that this has also been promoted as best practice at multiple Cisco Networkers events :-) Steinar Haug, Nethelp consulting, sth...@nethelp.no ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] Peering Router/Switch
> I have been asked to evalute this Juniper QFX3500-48S4Q > as a peering device to be installed in Sofia-Connect Internet exchange > point. > > I have no prior experience in peering nor with Juniper, can someone please > share some light on this subject and whether this device is a good > candidate for the job. You need to specify the details. Are you talking about a box to be used as 1. an L2 interconnect (typically some form of switch), or 2. a peering router (used for BGP peering towards other providers) According to Juniper, http://www.juniper.net/us/en/products-services/switching/qfx-series/qfx3500/ "The QFX3500 is a high-performance 10GbE top-of-rack or end-of-row data center switch that can also be deployed in Virtual Chassis, Virtual Chassis Fabric, or QFabric System architectures." Thus it may be suitable for the first task, but not obviously suitable for the second (looks like a maximum of 16K IPv4 routes, for instance). I would suggest the juniper-nsp list (juniper-...@puck.nether.net) as a more suitable place for a discussion about Juniper equipment. Steinar Haug, Nethelp consulting, sth...@nethelp.no ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] L2VPN between ASR920 and Juniper
> If EoMPLS over GRE is not supported so why EoMPLS without GRE is supported? Presumably because you can run EoMPLS over MPLS (which you would then run over Ethernet). This is pretty standard for many operators. > Anyway If we use GRE just for routing the traffic (MPLS/IP) does it work > properly? In my tests I did not have any issue with routing MPLS/IP traffic > over GRE between two 920 or 920 with other routers(M320,7200VXR,2821,..) but > it was in the lab with a little amount of traffic. I am talking about 4 or 5 > Gbps traffic. If somebody from Cisco says that it is not supported I would listen very carefully. Steinar Haug, Nethelp consulting, sth...@nethelp.no ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] L2VPN between ASR920 and Juniper
> I ran into the same thing below. 920 by default negotiates vc type 5. > Please configure vc type 5 on Juniper and check if the l2vpn establishes. JunOS by default uses VC type 5 for a physical port, and VC type 4 for a VLAN-based subinterface. Seems quite logical to me. JunOS can be configured to explicitly set the VC type, and also to *ignore* VC type mismatch. We have lots of pseudowires between Juniper and Cisco equipment (though no ASR920). Works just fine. Steinar Haug, Nethelp consulting, sth...@nethelp.no ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] Cisco ME3600X MPLS OSPF balanced LSP, non LSP drop packets
> > The ME3600X should not be dropping the packets, it should be dropping > > the mpls tag and then forwarding the packets as a normal routed packet > > according to the FIB. > > Yes, but in you case, you have an ECMP destination, where one path is > MPLS-capable and the other isn't. I've never ran such a topology, but > something tells me "weird and strange" things will happen when you have > ECMP paths with different forwarding paradigms. Agreed - such a topology is really just asking for trouble. Steinar Haug, Nethelp consulting, sth...@nethelp.no ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] ASR920 - ISR4431
No more ?in-fight BUs? :) Now all SP products in one organization. Good start, but: Unfortunately, that only works in so far as customers agree with Cisco about what are SP products. I have seen plenty of cases of products being used, rather successfully, in a different segment/function than what Cisco targeted with the product. Steinar Haug, Nethelp consulting, sth...@nethelp.no ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
[c-nsp] SHDSL.bis access in Europe?
Not directly Cisco related: I'm trying to find out which European countries offer SHDSL.bis (G.991.2) with access speeds of 4.6 or 5.7 Mbps for a single copper pair. Steinar Haug, Nethelp consulting, sth...@nethelp.no ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] ISR 4451-X route table size
Interesting your distinction because Cisco says that the 4451: The product???s innovative hardware design splits the control and data planes between two multi-core CPUs??? Indeed, that's where my definition would not trivially apply either way :-) (And given how fast multipurpose CPUs have become, we see this in other areas as well - like SSL offloading PCI boards that you could add to a web server for decent HTTPS performance... most of that has just plain disappeared with modern CPUs...) For me the relevant question is often: Can the box handle line rate, or close to it, with minimum sized packets (and any access lists, services, QoS etc that you need)? If it can, great - otherwise you're opening yourself to a DoS attack at some point. Steinar Haug, Nethelp consulting, sth...@nethelp.no ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] L2 security features on ME3600
DHCP snooping seems to be supported just fine, however I$,1ry(Bm running up against some issues with DIA and ISG. We've had significant issues with DHCP snooping on ME3600 (DHCP traffic being dropped). Bad enough that we're not deploying any new ME3600s at this point. Steinar Haug, Nethelp consulting, sth...@nethelp.no ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] Prioritize PING traffic to control plane
I found out that PING to control plane of the router/switch can result with spike Latency and this is normal since ICMP packet is low priority in the CPU processing. I'm wondering if there is any way that we can prioritize it so that I can get no spike latency when pinging to control Plane, I know it's not necessary to do so, somehow want to see if this can be done. Sounds like a bad idea. You probably want the control plane to give high priority to *important* control plane stuff, like keepalives and other protocol processing. Prioritizing ICMP, especially if others are able to trigger ICMP, would be an excellent way to DoS yourself... Steinar Haug, Nethelp consulting, sth...@nethelp.no ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] OSPFv3 Multiple Address Families Support in IOS
No TE extensions for OSPFv3 is the biggest issue. And for those who aren't married to OSPF, IS-IS is still an excellent alternative. Steinar Haug, Nethelp consulting, sth...@nethelp.no Thanks Darren http://www.mellowd.co.uk/ccie From: cwe...@ernw.de To: cisco-nsp@puck.nether.net Date: Tue, 5 Aug 2014 17:48:22 + Subject: [c-nsp] OSPFv3 Multiple Address Families Support in IOS Dear list, I noticed that support for multiple address families in OSPFv3 was added in recent IOS versions. I am currently thinking about updating the IOS version on my routers and subsequently consolidating OSPFv2 and OSPFv3 into OSPFv3 for both IPv4 and IPv6. Has anyone done this before and can share some experience with it? What are (in your opinion) the pros and cons of the aforementioned consolidation of OSPFv2/v3 into only OSPFv3? Thanks in advance for your time and feedback. Best, Christopher ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/ ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/ ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] why there are no plans for A903-RSP2B-240 please?????
Really to get over 20K prefixes in HW with Metro-E+MPLS features we all are willing to install huge 10RU boxes almost as thick as high all around the place? That just doesn't sound right. Or does it? Juniper MX240, 5U. But definitely more expensive than metro/switch class equipment. I think Cisco, Juniper and others are afraid of destroying the nice profit margins on their higher end boxes. But maybe that's just me... Steinar Haug, Nethelp consulting, sth...@nethelp.no ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] why there are no plans for A903-RSP2B-240 please?????
MX240 is too big however MX104 is exactly what I was talking about. MX104 is a very nice box, as long as you can live with its limited CPU horsepower. We'll be installing several of them soon. Steinar Haug, Nethelp consulting, sth...@nethelp.no ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] why there are no plans for A903-RSP2B-240 please?????
Well I'm pretty annoyed by the asr903 limited CPU horsepower. Reloading the box takes ages also saving config introduces a very 90's style delay. Does MX104 support LFA or rLFA please? LFA yes. No rLFA support as far as I know. Steinar Haug, Nethelp consulting, sth...@nethelp.no ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] IOS: catch 22 when enabling new bgp neighbors
[neighbor 192.0.2.100 remote-as 64511 shutdown] Wow, you can do that? I feel really really dumb now... so do I ;-) So maybe this feature needs better documentation? Steinar Haug, Nethelp consulting, sth...@nethelp.no ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] RSPAN 3750X (IP BASE) - Received Only Broadcast/Multicast - No Unicast :(
I received only broadcast/multicast traffic from remote RSPAN 3750X switch (L3, IP SERVICE) on my local 3750X switch (L2, IP BASE). Sounds like your RSPAN VLAN has not been configured as remote-span on all necessary switches. This is necessary in order to turn off MAC address learning. Steinar Haug, Nethelp consulting, sth...@nethelp.no ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] Difference between Cisco Q-in-Q and IEEE 802.1ad
I made a simple setup where Cisco Q-in-Q port(switchport mode dot1q-tunnel) was facing a laptop. Laptop was sending out frames with 802.1q tag(VID was 10) and Cisco Q-in-Q port pushed another 802.1q field. Final frame can be seen here: http://www.cloudshark.org/captures/ae485b68e9ed Based on this Cisco Q-in-Q frame, the only difference between IEEE 802.1ad frame and Cisco Q-in-Q frame is that former has 0x88a8 as an TPID value for S-tag? I made a small illustration for this: Correct, it's 0x88a8 vs 0x8100 for the S-tag. In addition, are there Cisco switches out there which use 0x88a8 as a TPID value of S-tag by default? Don't know of any. Last but not least, which devices use 0x9100 as a TPID value for S-tags? According to drawing in Wikipedia IEEE 802.1ad article, some do: Juniper E-series (ERX) routers use 0x9100 by default. Steinar Haug, Nethelp consulting, sth...@nethelp.no ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] ASR 901 EoMPLS
Do you still need to do that when it's a port-based pw? If you do, I'd say this is a bug. A port-based pseudowire shouldn't care about L2 protocols or similar. It should just forward anything it receives on the port into the pseudowire, and vice versa. With a possible exception for Ethernet flow-control frames. Steinar Haug, Nethelp consulting, sth...@nethelp.no Sent from my iPhone On Nov 18, 2013, at 8:19 AM, Dimitris Befas dimitris.be...@gmail.com wrote: Hi Fredrik, Please check the command l2protocol ? under interface config. 2013/11/18 Fredrik Vöcks fredrik.vo...@bredband2.se Hi all, We are having a customer who says he can't forward BPDU packets over an portbased EoMPLS using an ASR 901. Is this something known or am I missing something? Relevant configuration; interface TenGigabitEthernet0/1 description c_customer433231 no keepalive xconnect x.x.x.x 1730 encapsulation mpls /F ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/ ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/ ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/ ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] VTP problem between remote PoP
We observed problem with VTP. VTP updates does not advertise between two switches in the same vtp domain It seems to me that happened because the distance between switches is too long, approximately 40km I strongly suspect you have a different problem. Who ever observed the same problem? Could distance affect on convergance of VTP? 40 km = 200 microseconds in a fiberoptic cable. This is not relevant for NTP at all. You need to look somewhere else. Steinar Haug, Nethelp consulting, sth...@nethelp.no ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] ME3800X/ME3600X/ME3600X-24CX/ASR903/ASR901 Deployment Simplification Feedback
Regarding the lack of 10GigE ports + 1GigE ports density, my first question when I saw this platform was: Is it stackable? It would be great if the new version of X(CX) is stackable. Yes so far we use 2x CX to redundantly connect a 10GE ring to the city POP. However we don't really need CES everywhere so stacking two X-es together would be a better solution with a lot more GigE ports. Amen. Number of 1G ports, number of 10G ports, stackability: Cisco has a pretty significant hole in their metro portfolio there. Chassis based 6500/7600 is *not* the answer. Steinar Haug, AS 2116 ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] subnet mask confusion?
I meant 255.0.255.255 If that's really what you intend, you need to turn off CIDR first. Good luck. Steinar Haug, Nethelp consulting, sth...@nethelp.no sky On 04/18/2013 10:40 PM, Gordon Smith wrote: You sure you didn't intend 255.255.255.0? i.e. a /24 range? On Thu, 18 Apr 2013 22:21:17 -0700, sky vader wrote: Hello, when using the following mask errors out as bad mask when used on an interface. labasa(config-if)# ip address 10.0.10.100 255.0.255.255 ERROR: Bad mask 255.0.255.255 for address 10.0.1.100 works on an access-list, labasa(config-if)#access-list 101 extended permit ip any 10.0.10.150 255.0.255.255 Just wondering what am I missing? sky ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/ ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/ ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/ ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] Way to get 3rd party optics to work in UCS/FEX?
We're not using a Nexus. The error is occurring within the UCS Management interface for the fabric interconnects if I look at the ports where the new SFP's have been installed. Pretty dumb that Avago makes Cisco's SFP's but since it says Avago for manufacturer instead of Cisco-Avago they're 'not validated'. Nothing new here. This has basically nothing to do with the features of the optics parts, and everything to do with Cisco's bottom line. There are plenty of vendors which will sell you Cisco coded optics. Steinar Haug, Nethelp consulting, sth...@nethelp.no ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] Nexus LR SR over VPC
Does anyone see any problems with that? Would it be supported? The LR will work fine; the SR is unlikely to work at all: http://goo.gl/gf3nG For 10G, MMF is fine if you stay within the same cabinet. Once you leave a cabinet, you're better off with SMF. And of course, if he needs 2 x 10G he can use a simple 1310/1550 splitter, or a proper 4 or 8 channel CWDM system. Lots of possibilites here. Steinar Haug, Nethelp consulting, sth...@nethelp.no ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] 3560g switch - tagged vlans and untagged frames
I would like to be able to accept both tagged and untagged frames on my 3560g. For the untagged frames, I'd like to be able to say these are a member of some vlan - say 100 - otherwise I want to be able to allow tagged frames from some list. In testing, it doesn't appear that switchport trunk native vlan is doing the job; anything I send untagged is dropped and doesn't show up in the switch mac address tables. Here is my config: Similar configs work for us. interface GigabitEthernet0/45 description testing cisco vlans switchport trunk encapsulation dot1q switchport trunk native vlan 6 switchport trunk allowed vlan 306 switchport mode trunk It it helps. I do also have dot1q native vlan tagging enabled. I believe you need to drop that - it tells the switch that the native VLAN should be tagged. Also, add the native VLAN to the list of allowed VLANs (so you'd get switchport trunk allowed vlan 6,306 here). Steinar Haug, Nethelp consulting, sth...@nethelp.no ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] pros and cons for IPTV multicast in rosen-mvpn vs GRT
If you running on a 7600 I'd stay as far away from Draft-Rosen for this deployment model as possible Could you say anything about why? Steinar Haug, Nethelp consulting, sth...@nethelp.no ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] MPLS TE explicit-path: secondary ip as next-address
New ip addresses was configured as secondary on interfaces in question. These new subnets (/30) appear in routing table, cef, etc. Network statement also was added to ospf configuration. Note that it at least *used* to be the case that OSPF wouldn't form adjacencies over secondary addresses. I don't know if this limitation still holds, but it could be relevant to your case. Steinar Haug, Nethelp consulting, sth...@nethelp.no ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] High CPU ME3600-X
Both are relatively new platforms. 9K a little more mature than the ME3600, although terminating a bunch of customers on an ASR9K is probably not a wise idea yet, given the fact that ISSU is still not there :( Given that people have been terminating large numbers of customers for years boxes which don't offer ISSU, I disagree about the wise idea. We find that a planned outage, with advance customer warning, works just fine. YMMV. Steinar Haug, Nethelp consulting, sth...@nethelp.no ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] Link State Periodic SPF
I would like to know about Link state Periodic SPF's , I have seen in Cisco IOS-XR and Juniper M/T -Series ( Junos) by default Periodic SPF runs every 15 minutes. Going to concept of SPF whenever there is change in topology router runs SPF based on SPF interval configured. Also when LSP/LSA refreshes after certain period then during that time also router executes SPF's.Then what is the purpose of periodic SPF's . Can we disable the same , What kind of impact will be there ?? Why do you want to disable them? Also, I presume you are aware that SPF already runs when there is a change in the topology. Steinar Haug, Nethelp consulting, sth...@nethelp.no ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] ME3400 roadmap for IPv6 first hop redundany
we use me3400 for ftth customers with redundant connections and hsrp v2 as a first hop redundancy solution. Sadly only glbp seems to be supported for ipv6 currently. We would like to have hsrp to be able to track the upstream interface, reachability of default route etc... Does anybody know if hsrp for ipv6 (perhaps even with a global address) is anywhere on the roadmaps for the me3400 ? We asked about the same, and we were told that HSRPv6 was not planned for ME3400. GLBP is it. Steinar Haug, Nethelp consulting, sth...@nethelp.no ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] ISIS routing
Today ISIS actually is typically less secure than OSPF as in most platforms OSPF can be protected by control-plane protection while ISIS cannot. Even if all of your interfaces towards customers/transit/peering block IS-IS traffic? Steinar Haug, Nethelp consulting, sth...@nethelp.no ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] EoMpls MTU size
I have packet loss on PW port based and can't estaplish FTP session between to PCs, the mtu on CE attached interface 1600, the core facing interface 4472 and 1524,any pointers ? If the customer is actually *using* the 1600 byte MTU of the CE attached interface you're obviously going to have problems with a core facing MTU 1524 interface. But maybe that wasn't what you meant? Steinar Haug, Nethelp consulting, sth...@nethelp.no ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] MTU monitoring
We have a contractual MTU, which is low. We would like to use a higher one, as it's most of the time available on the provider network. As the MTU changes don't happen that often, i was wondering if there was a way to use the highest possible value, but get an alarm as soon as this MTU value is not honored anymore by the service provider. If the MTU change happens in the underlying L2 network, your only option is to perform continuous monitoring yourself (using maximum sized packets with DF set). Personally I would absolutely not use a higher MTU than what your contract guarantees - IMHO doing so is simply asking for trouble. Steinar Haug, Nethelp consulting, sth...@nethelp.no ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] [j-nsp] Cisco and Juniper learning IPv6 neighbor different behavior
Any idea about the difference between Cisco and Juniper equipment? In the Juniper box, by default can learn the ULA, GUA and Link-local IPv6 neighbor, In the Cisco box, by default just can learn the GUA and Link-local IPv6 neighbor, I can't reproduce your results. In our lab the Cisco IOS and IOS XR boxes learn ULA just fine. Steinar Haug, Nethelp consulting, sth...@nethelp.no ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] [j-nsp] Cisco and Juniper learning IPv6 neighbor different behavior
Can share your configuration? Nothing special about it. IOS XR box: interface GigabitEthernet0/5/0/2 mtu 4484 ipv4 address 172.17.9.1 255.255.255.0 ipv6 address fd00:8c0:3::31/124 negotiation auto dampening #show ipv6 nei IPv6 Address Age Link-layer Addr State Interface fe80::207:84ff:fe23:38 24 0007.8423.0038 REACH Gi0/5/0/0 fe80::207:84ff:fe22:fc1b 17 0007.8422.fc1b REACH Gi0/5/0/1 fd00:8c0:3::32 75 0013.c33a.f200 REACH Gi0/5/0/2 fe80::213:c3ff:fe3a:f200 22 0013.c33a.f200 REACH Gi0/5/0/2 IOS box: interface GigabitEthernet1/0/0 dampening mtu 4470 ip address 172.17.9.10 255.255.255.0 no ip directed-broadcast negotiation auto ipv6 address FD00:8C0:3::32/124 #show ipv6 nei IPv6 Address Age Link-layer Addr State Interface FE80::5E5E:ABFF:FE08:CF79 6 5c5e.ab08.cf79 STALE Gi1/0/3 FE80::21B:90FF:FECD:9D3B0 001b.90cd.9d3b REACH Gi1/0/1 FE80::204:6DFF:FE98:E93D0 0004.6d98.e93d REACH Gi1/0/0 FD00:8C0:3::31 0 0004.6d98.e93d REACH Gi1/0/0 Steinar Haug, Nethelp consulting, sth...@nethelp.no ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] Cisco and Juniper learning IPv6 neighbor different behavior
If I generate the traffic once a while, then stop, the neighbour will disappear sometime later or not? The IPv6 neighbor cache entry will indeed disappear. That's how it's supposed to work... If I configure the GUA and ULA address for the same interface, then generate the traffic, the router will learn both of the neighbours or just one of them? If it receives traffic from a GUA neighbor address, it will learn that GUA neighbor. If it receives traffic from a ULA neighbor address, it will learn that ULA neighbor. No magic involved. Steinar Haug, Nethelp consulting, sth...@nethelp.no ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] ME3600X - Bridge Domain Routing with SVI
2. You may need to set the q-in-q outer tag on the 3524 with the following commands on the Fa0/1 port: switchport mode dot1q-tunnel switchport access vlan 200 I don't believe the old 3500XL series (including the 3524) support QinQ. It may *work* :-) Steinar Haug, Nethelp consulting, sth...@nethelp.no ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] traceroute shows mpls labels...how?
Also this depends on vendor too. IIRC junos uses udp for its trace routing and ios uses icmp.Meaning that if you did traceroute from a cisco box going over a juniper network the labels wouldn't show and vice versa. Works just fine, labels are shown, both ways in our mixed Cisco - Juniper network. Steinar Haug, Nethelp consulting, sth...@nethelp.no ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] traceroute shows mpls labels...how?
That's what I was looking for. So is it a part of the mpls lsr's icmp implementation that would allow those icmp extensions to carry and send that info or the traceing device (windows) or both? In other words, I wonder if the windows device actually is rcv'ing the icmp extended packets carrying that mpls label info BUT the tracert windows application just isn't smart enough to render it on the cli output.. Since I get MPLS labels shown using ntraceroute (Nanog traceroute) on my FreeBSD box, it's pretty clear that other hosts also receive the MPLS label info (assuming it is transmitted by routers on the way). Whether they can *use* the label info is another question. Steinar Haug, Nethelp consulting, sth...@nethelp.no ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] ASR9000/RSP440 Console Issue
IMHO no switch or router should have management access enabled on an interface which can be configured to pass non-management traffic. Some customers actually dropped Cisco offering and went with the competition, when they've learnt, that the management traffic is for MANAGEMENT only. It can't pass the user traffic. I saw customer dropping our 4900M after learning the FE0 management can't be used to route it's default route to the internet for the rest of multi-10GE customers. True story as they say. No amount of education at this point can make him change his mind. It may be interesting to compare with Juniper which has had an Ethernet port from day 1 for management traffic only - and still does today for the M/MX/T series. They seem to have survived. And yes, I'm firmly in the camp of wanting this type of functionality. Steinar Haug, Nethelp consulting, sth...@nethelp.no ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] ASR9000/RSP440 Console Issue
I think they have: Cloud Services Router 1000v... I do wonder if that's just the Nexus 1000v with all the Procket code... no, it's a virtualised asr1k software image - i.e. it runs XE not NX/OS. Very confusing that ASR1k and ASR9k share virtually nothing except the name, but that the CSR1v is the same software as the ASR1k (but in no way related to the CRS1, argh). Ah, you mean somewhat like 3550 vs 3560 (nothing in common except being a switch), or 7301 vs 7304? Someone please send the naming police to Cisco product management and tell them to start making arrests. They've been at the 'maximally confuse your customers' a *long* time. Steinar Haug, Nethelp consulting, sth...@nethelp.no ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] MSTP between Cisco / Brocade
Is it common expected for swouters to tx BPDUs when the port is in layer-3-only mode? Or am I just not getting the idea behind route-only in Brocade? I would definitely not expect a routed interface to transmit BPDUs by default. Steinar Haug, Nethelp consulting, sth...@nethelp.no ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] Feedback on terminal exec prompt timestamp
No thanks. When I want that info I'll ask for it or I'll turn this feature on. Plus it could break or confuse scripts and programs that interact with Cisco routers. +1. Configurable is fine. Default on is not. Steinar Haug, Nethelp consulting, sth...@nethelp.no ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] Feedback on terminal exec prompt timestamp
BTW, terminal timestamps are enabled by default on IOS-XR since 3.8, so this change has already happened. And it's intensely irritating... Steinar Haug, Nethelp consulting, sth...@nethelp.no ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] Cisco's new 4500-X 10G Aggregation Switches
I am sure it will do V6, but is the hardware optimized for V6? V6 hardware forwarding and TCAMs able to handle the tens of millions of routes expected. Perhaps there will be incremental updates so they can soak us thoroughly So, will it do V6 well is the real question? It's advertised as a *switch*. Expecting something advertised as a switch to handle tens of millions of routes is hardly realistic. Can your *router* handle tens of millions of IPv6 prefixes? I'll be happy if it does IPv4 and IPv6 in hardware with a reasonable number of prefixes. Steinar Haug, Nethelp consulting, sth...@nethelp.no ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] ASR9K P router
In the US.. We'd like to have full netflow. We're rest of the world :-) Good luck. You'll find the data volumes get impractically large when you have a decent amount of traffic. Sampled netflow is widely used outside the US too... Steinar Haug, Nethelp consulting, sth...@nethelp.no On Wed, 8 Feb 2012, Dobbins, Roland wrote: AFAIK, ASR9K doesn't support full netflow (without sampling) even with new cards. FYI, sampled NetFlow is routinely utilized by ISPs. -- Dmitry Valdov CCIE #15379 (RS and SP) ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/ ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] Vlans on an ASR9000
At Cisco, the SFP-* modules tend to be for routers while thhe GLC-* tend to be for switches. Although that's a bit funny if you have a WS-X6724-SFP running in a 6500 (switch) and then a 7600 (router) :-). For some of us it's just as important that the SFP-* modules generally support DOM / DDM while the GLC-* modules don't. Steinar Haug, Nethelp consulting, sth...@nethelp.no ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] RSPAN through intermediate switch...
Possible if your intermediate switch can do Q-in-Q ;) No. You need to be able to turn off MAC address learning. Steinar Haug, Nethelp consulting, sth...@nethelp.no On Sat, Dec 3, 2011 at 4:15 AM, Jeff Kell jeff-k...@utc.edu wrote: Is it possible to run an RSPAN vlan through (not an endpoint, just transport) an intermediate switch (specifically Foundry/Brocade FCX switch)? I would suspect that mac address learning on the switch would interfere with RSPAN, and I can't find a Brocade equivalent of the mac-learn interface disable. Jeff ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/ ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/ ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] Recommendation for small GBit router
The NSE-* have hardware forwarding that never really worked, so the whole product line was abandoned. Short summary. Don't Go There. Not really. It's true for 7200 and NSE-1. But not true for 7304 and NSE-100 and NSE-150. We're still using around 7 of 7304/NSE-100 and NSE-150 based as access-routers at happy with them. Experiences evidently vary. We phased out our last 7304 in February this year - and we were happy to see the end of it. Steinar Haug, Nethelp consulting, sth...@nethelp.no ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] Recommendation for small GBit router
At the moment there is a GSR 12008 used for it but it has no IPv6 support (apart from senseless size and power wasting). I am a little curious about what IPv6 support/feature is missing on your GSR 12008... For instance 6VPE, in IOS. Yes, this is supported in IOS XR for the GSR, but that has its own challenges... Steinar Haug, Nethelp consulting, sth...@nethelp.no ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] LAC/LNS Routers - 7200 EOL
While I agree that it's not optimal, but is it atypical? Isn't JunOS the same? All the important things running in single flat process, which has its own scheduling and memory management. Unix in the background being just an afterthought, really a way to bootstrap it all up. No, there are a bunch of separate Unix processes on JUNOS handling different things. rpd. 'Nuff said. Steinar Haug, Nethelp consulting, sth...@nethelp.no ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] Cisco ME3600X and Bridge-Domain Routing config question
Hrm, it's going to be fun to retrospectively restrict trunk ports on both ends all through the network to get around this. Maybe EVC's just isn't going to work for me afterall. Having explicit allowed vlan lists on trunk port is a good idea in any case. Open trunks which is the Cisco default is IMHO a recipe for disaster in the long run... Steinar Haug, Nethelp consulting, sth...@nethelp.no ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] Cisco and third party transceivers
Last but not least, any ideas why do different switch models display transceiver EEPROM information(show idprom interface X) differently? Because Cisco has lots of different Business Units and they don't have any reason to coordinate the display format? Steinar Haug, Nethelp consulting, sth...@nethelp.no ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] Downsides of combining P and PE functions into a single box
The core will have been there long before you customers start ordering 10Gbps circuits. Provided you have the right platform in the core, scaling up will neither be an issue nor a problem when you have downstreams buying dozens of 10Gbps circuits from you. This is where we disagree somewhat. What we see here is that customers have started ordering 10G circuits before we have cost-effective 10G circuits in the core. Steinar Haug, Nethelp consulting, sth...@nethelp.no ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] ASR9k CWDM Optics
The only thing that speaks in favour of Cisco these days is that Juniper is sucking big time, too. Hooray. Yeah, and they don't have FEC. Menara tunable XFPs (http://www.menaranet.com/products_tunable_xfp.htm) work quite well in Juniper MX routers, and they have FEC integrated on the XFP. We did a test this summer on a 500 km (approx) DWDM system with optical amplifiers only, no electronic regeneration, and are very happy with the results. Wavelength configured by CLI. Rerouting based on BER is *not* integrated with JunOS, though. Steinar Haug, Nethelp consulting, sth...@nethelp.no ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] No Link between SFP-10G-LRM and X2-10GB-LX4?
Much better to stick to standard transceivers (SR, LR, ER, ZR or DWDM). That's easier said than done; if you need 10 Gbps but you only have old MMF available, your only choices for 30 meters are LX4 and LRM. As we get to capacities higher than 10 Gbps you should not expect old MMF to be usable... SMF is well worth the extra expense, IMHO. Steinar Haug, Nethelp consulting, sth...@nethelp.no ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] OSPFv3 authentication
Am I missing something, or is OSPFv3 authentication (provided by ipsec, since auth was removed from the protocol) not supported in any release for any of cisco's switching platforms? i.e. 3560, 4900, 6500 Depending on how you search in feature navigator (the same feature appears to be there under two different names): IPv6 Security: IPv6 IPSec to Authenticate OSPFv3 IPv6 Routing: OSPF for IPv6 (OSPFv3) Authentication Support with IPsec One of the ideas of IPv6 which doesn't work in practice - everything IPv6 must support IPsec. In any case, I believe the lack of IPsec authentication for OSPFv3 is fairly widespread. See this draft for an attempt at something more lightweight than full IPsec: http://tools.ietf.org/html/draft-ietf-ospf-auth-trailer-ospfv3-06 you get different lists of supported platforms, but both are pretty small and lack any of the gear I'm interested in. Is everyone using/moving to ISIS?...or just doing OSPFv3 without authentication? ISIS here. Steinar Haug, Nethelp consulting, sth...@nethelp.no ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] reliability of ping to router physical-, sub- or loopback interface
Very often customers or NMS send ICMP echo request packages to a router physical interface, subinterface or loopback interface and expect ICMP echo reply as a response in order to test packet loss on the connection. How reliable are Cisco routers in terms of replying to ICMP echo request packages? I have heard, that for example to Juniper backbone routers, it's not at all the highest priority task. Cisco is the same. The router's job is to forward packets, not to generate ICMP replies (whether this is due to explicit ping, or for instance traceroute through the router). You should *expect* that a modern router will have limitations on how much control plane traffic (bps, pps) it will accept/generate. Steinar Haug, Nethelp consulting, sth...@nethelp.no ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] reliability of ping to router physical-, sub- or loopback interface
Ideal world yes, ping is a useful tool for latency testing, but it is unfortunately abused...hardly ideal to give icmp a priority for packets destined TO router...far more important roles for a router to do than prioritize an icmp flood to a local int. I am not saying that they should be prioritized higher than packets passing through the router. I just want to avoid having them handled by the routing engine; ICMP ECHO is simple enough to do in hardware. This also prevents ICMP ECHO-based DoS-attacks on the router. If you also include MPLS etc in the picture it's no longer so clearcut, I'm afraid. Steinar Haug, Nethelp consulting, sth...@nethelp.no ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] MTU - issue while doing VPLS over VPLS!
we are deploying Cisco metro Switch to create VPLS network as below. PC-Cisco Switch + Cisco switch E1 Link [ service provider] -Cisco Switch + Cisco Switch -internet For E1 link , we are using protocol converter that its Ethernet port only support MTU 1500. That means we have MTU 1500 for backhaul link. Now when we do VPLS or VPLS over VPLS , There are some application not working properly. This is expected. I want to know , does Cisco Switch fragment the packet at its outer interface of the switch that is connect to E1 link. No, why should it? You're doing VPLS which is an L2 technology. Or shall we ask Service provider to increase the MTU [ or place protocol converter that support higher MTU] If you want 1500 bytes plus VPLS, you need a higher MTU through your protocol converters *and* the E1 service provider link. Steinar Haug, Nethelp consulting, sth...@nethelp.no ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] [j-nsp] L3VPN between Cisco and Juniper
Question is a bit vague, what considerations for your VPN tunnel are you looking for? Do you need route based VPN, or policy based VPN? Do you need routing protocols to traverse the VPN? Will traffic IPs be private or public? NAT? Maybe it is MPLS L3VPN that is being requested? If so - no specific problems. Works fine, with either LDP or RSVP as the protocol. Steinar Haug, Nethelp consulting, sth...@nethelp.no ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] Open Source netflow recommendations
Difficult to understand why an MS-DPC is required for jflow v9. The additional overhead of netflowv9 is very low, and the actual cost of running an MS-DPC can be quite high (i.e. extra slot which would otherwise be used for a traffic blade). Money? :-) Steinar Haug, Nethelp consulting, sth...@nethelp.no ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] Open Source netflow recommendations
If vendors start playing games with license fees per feature (to pad their revenues), then one either conform or work-around them. If this pertains to netflow, I've done something like the following in the past: * span traffic to pkt collector * on pkt collector, run something like fprobe to convert raw pkt to flow format * export flow to said flow collector You then have the problems of packet rates (unless you can get sampling before spanning to the traffic collector) plus you lose ifIndex, which for some of us is rather important. In other words, not a solution for all of us. Steinar Haug, Nethelp consulting, sth...@nethelp.no ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] Cisco ME 3400 Switch + dot1.Q Tunneling
Just wondering if anyone here uses the Cisco ME 3400E Switch, and any comments on performance? Key feature needed would be Layer2 dot1.Q tunneling, and the other option is using the 3560G series. We use the ME-3400EG-12CS-M, mostly for the DC power supply and the possibility of using REP. Performance is fine (line rate) - but note that the ME3400E, like the 3560, has fairly small buffers. Steinar Haug, Nethelp consulting, sth...@nethelp.no ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] general questions regarding MTU
If I have a following setup: http://img203.imageshack.us/img203/4485/mtuj.png ..and I would like to have connection between server1 and server2 over Ethernet v2 using MTU 9000 bytes. I have few general questions regarding MTU: 1) as I understand, frames larger than MTU are automatically fragmented by switch. No. If the switch functions as an L2 device (bridge), frames larger than the MTU will be dropped. Steinar Haug, Nethelp consulting, sth...@nethelp.no ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] What is the lowest latency switch?
I would love to see a fully functional shell cli on network devices that would allow us to gather information more effectively using grep,awk,sed,etc... It already exists on some platforms. Lightly edited to hide som details: sthaug@xxx start shell % pwd /var/home/core-remote % grep 'BGP.*Established to Idle' /var/log/messages | awk '{print $9}' x.y.4.170 x.y.120.77 sed is there too. Steinar Haug, Nethelp consulting, sth...@nethelp.no ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] RSPAN question...
Can you pass an RSPAN vlan through a vanilla switch that isn't RSPAN aware? I know the source and destination switches for an RSPAN session must obviously be RSPAN-aware, but can you pass the RSPAN vlan through a non-participating switch? No. RSPAN depends on flooding of the VLAN traffic, with MAC address learning turned off. Steinar Haug, Nethelp consulting, sth...@nethelp.no ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] IOS - ipv6 uppercase in config - why ?
Have you read the Errata for RFC5952? I'm fairly certain it now says that the digits a-f must be uppercase, except where user derived, though I think this is a fairly recent correction. That's an absolutely terrible errata: old-skool assemblers didn't accept lower-case hex digits, neither should we, stop being lazy and hit the shift key. I seriously hope it doesn't make it in on those grounds (I am agnostic on the upper/lower issue per-se, but that's a terrible rationale). That errata was discussed on IPv6 lists, with agreement that this was *not* acceptable as an errata. Steinar Haug, Nethelp consulting, sth...@nethelp.no ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] Alternatives to 3750 w/ Stackwise?
Also worth a look are the Extreme SummitStack (x450, x460, x480) series devices. We use these and are very happy with them. They're fast, cheap, and pretty full featured. Features and functionality is fine. Unfortunately we've had way too high hardware failure rates for our X450s. Steinar Haug, Nethelp consulting, sth...@nethelp.no ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] GLC-LH-SM vs SFP-GE-L
For the next round of purchases, I'm not sure what we'll end up at. All real routers from $C tend to be a bit on the expensive side of things, so we might go for just a switch from $J - the MXes really look promising... and less politics there. A significant difference from 6500/7600 is that Juniper MX is a router with added switch functionality, not the other way around. We use our MX boxes purely as routers and are very happy with them in that role. On the same note, this message from Richard Steenbergen goes into more detail: https://puck.nether.net/pipermail/juniper-nsp/2008-November/011885.html Steinar Haug, Nethelp consulting, sth...@nethelp.no ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] GLC-LH-SM vs SFP-GE-L
I have some (though not much) sympathy for Cisco's not wanting to support 3rd party transceivers. Hey, they have to feed their kids and all that. But I fail to see why they won't support their own transceivers. That's just plain stupid. Support takes testing Testing takes time Time costs money Also, Cisco makes significant amounts of money on this, so why should they give it up? ... plus, given a finite amount of time, there'll always be prioritization on what to do when. We may not always agree with the priorities, but you shouldn't doubt that they're done. Oh well, we're in talks with a 3rd party provider that deliver optics that work without service unsupported-transceiver at a much lower price and 3 year warranty. The problem with using Cisco-coded transceivers is that it makes it much harder to figure out what's going on. (And yes, lots of those pluggables that appear to work, frequently fails. Been there, seen it many times on support cases). We have also been using Cisco-coded transceivers for years, and haven't had significantly worse failure rate on those than on optics purchased from Cisco. YMMV. Steinar Haug, Nethelp consulting, sth...@nethelp.no ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] mpls on RR ?
I believed that mpls is not needed on ipv4 RR and vpnv4 RR. (as RR should not be in the forwarding path) Now, I came across some examples with mpls enabled on RR and want to verify if there are reasons for enabling MPLS in network offering Internet-accees and L3VPNs ? There may be reasons to have the RR in the forwarding path, especially for ipv4. Less so for vpnv4. So RR should not be in the forwarding path is not universally applicable. Steinar Haug, Nethelp consulting, sth...@nethelp.no ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] 3560 SVI
I have a odd situation. I created a SVI on a 3560 switch, assigned an IP address(public) without enabling ip routing and I was able to remotely access the switch. No default route added or anything like that. So how is it that I am able to access the switch? switch is connected to another switch which has a trunk connection to a cisco 7206. I believe proxy ARP is still turned on by default on Cisco IP router interfaces. Steinar Haug, Nethelp consulting, sth...@nethelp.no ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] TACACS emergency password management
Interesting. I was under the impression that a common use-case for TACACS was command authorization; letting 2nd line engineers do things like provision new gig ports, but needing a 3rd line engineer to change IP routing etc. Oh not at all. That's one of things that's available but no one remembers or needs. I can't comment on how common it is, but we use it. We block commands like switchport trunk allowed vlan digits, while allowing none, add and remove forms of the same. It's a way of preventing a too common case of shooting yourself in the foot. Steinar Haug, Nethelp consulting, sth...@nethelp.no ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] BGP support on the new ASA5585-X
At this moment we know that ASA5585-X does not support BGP. I'm sure it doesn't. Routers are routers, firewalls are firewalls. There are several firewall platforms that support BGP - and this can actually be quite useful. Fortigate is one of them. Steinar Haug, Nethelp consulting, sth...@nethelp.no ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] vs mac table in 3750 switches
L3sw --trunk--- L2sw1 --trunk--- L2sw2 It it possible that the L2sw2 switch won't send mac address table updates to the others switches if src and des mac is located on it self. Switches don't send mac address table updates to one another. Switches send Ethernet frames, and *learn* MAC addresses based on which port/VLAN a frame is received on. Steinar Haug, Nethelp consulting, sth...@nethelp.no ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] Juniper Channelised STM-1
I'm facing a issue where I have configured 3E1's on channelised STM-1 card of juniper between M320 (P router ) and M120 (PE router ) Is there any limitations that we can't use Channelised Stm-1 and configure E1 on MPLS core links ( P-P or PE-P) Should work just fine. The capacity will, of course, be limited. Steinar Haug, Nethelp consulting, sth...@nethelp.no ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] DS3 Nubie
There are other downsides [to metro ethernet] to consider. Using ethernet for long haul, your devices at each end are no longer directly connected, but will have a network (the provider's ethernet switches) between them. Failures in the network will cause your ends to lose contact with each other, while their interfaces remain up/up. Some providers offer WDM services with an Ethernet interface, and ensure that a failure in the network results in link down. Your point is still valid for many Ethernet service offerings, though. Steinar Haug, Nethelp consulting, sth...@nethelp.no ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] ASIC to switch port mapping
Ugh, ugly. I was hoping to find a box that could do 10Gb/s uplink and breakout as far down as 100Mb/s. Back to hunting again. Have a look at the new ME 3600X / 3800X series. Steinar Haug, Nethelp consulting, sth...@nethelp.no ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] PA-FE-TX, PA-FE-TX/ISL, PA-2FE-TX, PA-2FE-TX/ISL
The NPE-G2 is better if you want to forward some 1Gbps through the box (configuration-dependent). Bottom line, the NPE-G1/G2 gives you great value with those on-board Gig-E ports. Still not great if you want to handle a line rate DDoS attack with minimum size packets... Steinar Haug, Nethelp consulting, sth...@nethelp.no ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] PA-FE-TX, PA-FE-TX/ISL, PA-2FE-TX, PA-2FE-TX/ISL
Still not great if you want to handle a line rate DDoS attack with minimum size packets... Agree - but if the budget is tight, some pain might not be avoidable. My take is if you want to handle 1Gbps (or better) on a sustained basis (as opposed to a couple of hundred-Mbps at peak), you really should be looking beyond the 7200. Absolutely agreed. Steinar Haug, Nethelp consulting, sth...@nethelp.no ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] full duplex mismatch speed - dynamips
Verify duplex and speed configurations on interface, the rule is: autoXauto, forcedXforced. If problem not solve, disable cdp. Also, while auto speed/duplex negotiation is fine for user workstation/PC ports in most cases, I recommend against using it on your network infrastructure if you can help it. I would have agreed five to ten years ago. However, nowadays we use autoneg everywhere with a few well known exceptions (e.g. Cisco 7200 with Fast Ethernet PAs). Autoneg simply gives us less problems. Steinar Haug, Nethelp consulting, sth...@nethelp.no ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] Preferring OSPF over BGP
Well now. Cisco has for many years recommended having the *same* administrative distance for iBGP and eBGP, as in distance bgp 200 200 200 Wouldn't this accomplish what you need? Steinar, Could you point me to any link with such recommendations? And if they, as you say, have recommended it for many years, why IOS XR still has the same unchanged default values of administrative distance, while it has many other IOS defaults updated? See for instance - PDF page 41 (slide 82) from Networkers 2001 session Deploying BGP for Enterprises and ISPs, http://www.cisco.com/networkers/nw01/pres/pr/ps_presos/PS_545_TURNER_C2.pdf - PDF page 27 and 28 (slide 54 and 55) from Networkers 2004 session Deployment and analysis of BGP, http://www.cisco.com/networkers/nw04/presos/docs/RST-2303.pdf I have no idea why they haven't changed the IOS XR defaults. I know all *our* IOS XR speaking routers are using a distance of 200 for both iBGP and eBGP, on Cisco's recommendations. Steinar Haug, Nethelp consulting, sth...@nethelp.no ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] Preferring OSPF over BGP
The problem in short: there is a pretty big network with many routers, Cisco only. One of them has a network connected which it redistributes to OSPF. All other routers see the route via OSPF and via eBGP. Because of default administrative distance values, eBGP route always wins, so the traffic to that network from all routers but the one connected, always chooses external carriers, not the internal network. One of the solutions is to change globally administrative distance for OSPF or BGP. However it is pretty dangerous to do it for all the routes on the core routers and Cisco even advices: Well now. Cisco has for many years recommended having the *same* administrative distance for iBGP and eBGP, as in distance bgp 200 200 200 Wouldn't this accomplish what you need? Steinar Haug, Nethelp consulting, sth...@nethelp.no ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] 10Gig DWDM fluctuating
I am trying to find out what is causing my link to go down either the transmit power or a receive power. Below are the parameters of link having a connectivity issue of DWDM transmission. The problem is sometimes it works and sometime it does not and transmission guys keep insisting that your transmit power is low. Now the question is if the transmit power is low, can you increase it for a particular link. Physical interface: xe-4/2/0Laser bias current: 33.111 mALaser output power : 0.4410 mW / -3.56 dBmModule temperature : 30 degrees C / 86 degrees FLaser rx power : 0.2516 mW / -5.99 dBmI have another link over same DWDM transmission which is working quite fine for days. The following are the parameters for that link.Physical interface: xe-4/3/0Laser bias current : 32.748 mALaser output power: 0.5060 ! mW! / -2.96 dBmModule temperature: 31 degrees C / 88 degrees FLaser rx power: 0.2538 mW / -5.96 dBmI would appreciate it if someone can describe it in detail that what could be the reason causing this link to fluctuate randomly. ThanksAndrew Why are you asking about what appears to be Juniper equipment on a Cisco list? Btw, your transmit and receive signal levels seem completely normal. Steinar Haug, Nethelp consulting, sth...@nethelp.no ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] Juniper M320 vs. 7600/SUP320-3BXL and WS-X6148A-GE-TX
Looking for options to our next upgrade from our 7200VXR platform. Someone suggested 7600 and the WS-X6148A-GE-TX cards with a SUP720-3BXL. We're doing BGP (4-5 full iBGP peers, 13 external peers (3 upstream, 10 downstream), all full routes), dot1q trunks, EoMPLS with L2VPNs. We will most likely do dot1q trunks to our agg switches at our other POPs with MPLS and L2VPNs being started/terminated on dot1q trunks. We're also looking to roll out IPv6 services in the next few months. Our options we're looking at are a Juniper M320 w/RE-1600 and SFP PIC (PB-4GE-SFP). If you're doing Ethernet only you should be looking at the Juniper MX series (e.g. MX480) instead of M320. Much nicer port pricing. Steinar Haug, Nethelp consulting, sth...@nethelp.no ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] Cheapest Cisco desktop switch that supports Q-in-Q/802.1Q VLAN encapsulation/double-tagged VLANs/Stacked VLANs
Thanks for explaining the semantical differences. What I'm looking to do is the termination -- wouldn't the ME3400 do the trick? No, the ME3400 cannot terminate dual tagged VLANs (encapsulation dot1q x second-dot1q y). Steinar Haug, Nethelp consulting, sth...@nethelp.no ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] Cheapest Cisco desktop switch that supports Q-in-Q/802.1Q VLAN encapsulation/double-tagged VLANs/Stacked VLANs
What is the cheapest Cisco desktop switch that supports Q-in-Q? Is it the ME-3400G-2CS-A? We prefer the encapsulation dot1q x second-dot1q y approach. Your last sentence doesn't make sense here. Q-in-Q generally refers to *tunneling* one VLAN trunk through an L2 network by adding an extra VLAN tag in front of the existing VLAN tag. encapsulation dot1q x second-dot1q y is used to *terminate* a dual tagged VLAN connection (typically an IP termination). This is very different from *tunneling*. So - do you want tunneling or termination? I don't believe there are any Cisco desktop switches which can IP terminate a dual tagged VLAN connection. There are, of course, plenty of desktop switches which will do 802.1Q tunneling. Steinar Haug, Nethelp consulting, sth...@nethelp.no ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/