Re: [c-nsp] BFD not working on ASR920
On 4/5/22 20:00, Bryan Holloway wrote: Curious to hear what other options you are considering? We're also looking for alternatives ... ACX7k... Mark. ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] BFD not working on ASR920
On 4/3/22 9:04 PM, Mark Tinka wrote: On 4/3/22 20:30, Gert Doering wrote: Netflow is sort of semi-supported, if I remember right - by using the SPAN feature of the chip to siphon traffic off to the CPU, and do netflow there, capped to 1GE of traffic. Or something like that. Did not try NAT or PPPoE on that box... but I'm sure there is excitement. (Speaking of SPAN - trying to debug BGP using a local SPAM is a real adventure, as packets sent by the local CPU are not seen on a RX/TX mirror session... only the RSTs coming in from the other end gave a clue what happened) We are finding the ASR920 has reached its usefulness for us. We are looking at other options now; and yes, from me, that also includes boxes shipping with Broadcom :-\... Curious to hear what other options you are considering? We're also looking for alternatives ... - bryan ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] BFD not working on ASR920
On 4/3/22 21:25, Shawn L wrote: That's a big no on NAT. We're still deploying them on the edge, feeding customer facing FTTH and DSL customers. At least they support EIGRP (yes we still use that) and MPLS. I really wish they would do some more development for the platform, or at least fix all the 'wierd-ness' on them. They won't. If you want a better ASR920, Cisco will force you on to the NCS540 train. Mark. ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] BFD not working on ASR920
That's a big no on NAT. We're still deploying them on the edge, feeding customer facing FTTH and DSL customers. At least they support EIGRP (yes we still use that) and MPLS. I really wish they would do some more development for the platform, or at least fix all the 'wierd-ness' on them. On Sun, Apr 3, 2022 at 3:09 PM Mark Tinka wrote: > > > On 4/3/22 20:30, Gert Doering wrote: > > > Netflow is sort of semi-supported, if I remember right - by using > > the SPAN feature of the chip to siphon traffic off to the CPU, and > > do netflow there, capped to 1GE of traffic. Or something like that. > > > > Did not try NAT or PPPoE on that box... but I'm sure there is excitement. > > > > (Speaking of SPAN - trying to debug BGP using a local SPAM is a real > > adventure, as packets sent by the local CPU are not seen on a RX/TX > > mirror session... only the RSTs coming in from the other end gave a > > clue what happened) > > We are finding the ASR920 has reached its usefulness for us. > > We are looking at other options now; and yes, from me, that also > includes boxes shipping with Broadcom :-\... > > Mark. > ___ > cisco-nsp mailing list cisco-nsp@puck.nether.net > https://puck.nether.net/mailman/listinfo/cisco-nsp > archive at http://puck.nether.net/pipermail/cisco-nsp/ > ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] BFD not working on ASR920
On 4/3/22 20:30, Gert Doering wrote: Netflow is sort of semi-supported, if I remember right - by using the SPAN feature of the chip to siphon traffic off to the CPU, and do netflow there, capped to 1GE of traffic. Or something like that. Did not try NAT or PPPoE on that box... but I'm sure there is excitement. (Speaking of SPAN - trying to debug BGP using a local SPAM is a real adventure, as packets sent by the local CPU are not seen on a RX/TX mirror session... only the RSTs coming in from the other end gave a clue what happened) We are finding the ASR920 has reached its usefulness for us. We are looking at other options now; and yes, from me, that also includes boxes shipping with Broadcom :-\... Mark. ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] BFD not working on ASR920
Hi, On Sun, Apr 03, 2022 at 07:58:22PM +0200, Mark Tinka wrote: > On 4/3/22 12:01, Gert Doering wrote: > > ... all the "down and we cannot find a reason" BFD sessions came up the > > moment I removed the "ip flow ingress" from the interface config. > > IIRC, isn't Netflow support on the ASR920 somewhere between suspect to > non-existent? Or was that NAT? Or was that PPPoE? Netflow is sort of semi-supported, if I remember right - by using the SPAN feature of the chip to siphon traffic off to the CPU, and do netflow there, capped to 1GE of traffic. Or something like that. Did not try NAT or PPPoE on that box... but I'm sure there is excitement. (Speaking of SPAN - trying to debug BGP using a local SPAM is a real adventure, as packets sent by the local CPU are not seen on a RX/TX mirror session... only the RSTs coming in from the other end gave a clue what happened) > Thanks for the tip. I'm sure it will be helpful for many! That was the idea :-) gert -- "If was one thing all people took for granted, was conviction that if you feed honest figures into a computer, honest figures come out. Never doubted it myself till I met a computer with a sense of humor." Robert A. Heinlein, The Moon is a Harsh Mistress Gert Doering - Munich, Germany g...@greenie.muc.de signature.asc Description: PGP signature ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] BFD not working on ASR920
On 4/3/22 12:01, Gert Doering wrote: ... all the "down and we cannot find a reason" BFD sessions came up the moment I removed the "ip flow ingress" from the interface config. IIRC, isn't Netflow support on the ASR920 somewhere between suspect to non-existent? Or was that NAT? Or was that PPPoE? Thanks for the tip. I'm sure it will be helpful for many! Mark. ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
[c-nsp] BFD not working on ASR920
Hi, this is no question (except "why oh why?") but for the sake of google and to help the next one that runs into this... We have a number of ASR920-12 on 16.06.05a - because we cannot be bothered to go to "the new licensing scheme" - and we have customer lines on them, "because SFP handoff". All the interfaces follow a standard scheme interface GigabitEthernet0/0/2 description /lid=nnn (primary) ip address 195.xx.xx.12 255.255.255.252 ip flow ingress negotiation auto cdp enable ipv6 address 2001:608:xxx:xxx::1234/64 bfd interval 200 min_rx 200 multiplier 10 (really nothing special here) and then there's BGP config to the customer's router, with BFD neighbor 195.xx.xx.13 fall-over bfd neighbor 2001:608:xxx:xxx::1235 fall-over bfd ... this used to work fine on our 6500s, but BFD just did not want to come up on the ASR920s, no matter what I tested and debugged. Today I found the culprit - the configs were copied over from the 6500, including an "ip flow ingress" line - we do not have netflow active on the ASR920 (and from my understanding of "how it works", this is not something we actually want) so I considered this more of a no-op / config wart than a problem. Today I went cleaning up... and lo and behold ar21(config)#interface GigabitEthernet0/0/2 ar21(config-if)#no ip flow ing ar21(config-if)#^Z Apr 3 11:41:11: %SYS-5-CONFIG_I: Configured from console by gert on vty0 (2001:608:0:736::18) Apr 3 11:41:18: %BFDFSM-6-BFD_SESS_UP: BFD-SYSLOG: BFD session ld:37 handle:9 is going UP ... all the "down and we cannot find a reason" BFD sessions came up the moment I removed the "ip flow ingress" from the interface config. long story short: "ip flow ingress" kills BFD on ASR920, both for IPv4 and for IPv6. (and no, I'm not going to bother spending another month of my life explaining this to TAC - documenting this on c-nsp is more helpful to other victims than trying to get things fixed on this platform) gert -- "If was one thing all people took for granted, was conviction that if you feed honest figures into a computer, honest figures come out. Never doubted it myself till I met a computer with a sense of humor." Robert A. Heinlein, The Moon is a Harsh Mistress Gert Doering - Munich, Germany g...@greenie.muc.de signature.asc Description: PGP signature ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/