are
about [more than you].
----------
Jon Lewis, MCP :) | I route
Senior Network Engineer | therefore you are
Atlantic Net|
_ http://www.lewis.org/~jlewis/pgp for PGP public key_
_
wire?
------
Jon Lewis, MCP :) | I route
Senior Network Engineer | therefore you are
Atlantic Net|
_ http://www.lewis.org/~jlewis/pgp for PGP public key_
___
cisco-nsp mailing list cisc
t
assuming v6 growth continues slowly.
----------
Jon Lewis, MCP :) | I route
Senior Network Engineer | therefore you are
Atlantic Net|
_ http://www.lewis.org/~jlewis/pgp for PGP public key_
___
t;mls cef maximum-routes ip 600" on 122-33.SXI.
------
Jon Lewis, MCP :) | I route
Senior Network Engineer | therefore you are
Atlantic Net|
_ http://www.lewis.org
d eventually upgrade to a
better dual-stack capable network.
------
Jon Lewis, MCP :) | I route
Senior Network Engineer | therefore you are
Atlantic Net|
_
dding
mls netflow sampling to the interfaces where it was missing got the
netflow data exporting as expected.
------
Jon Lewis, MCP :) | I route
Senior Network Engineer | therefore you are
At
made for ethernet and comparitively cheap to keep
adding ports to.
------
Jon Lewis, MCP :) | I route
Senior Network Engineer | therefore you are
Atlantic Net|
_ http://www.lewis.org/~jle
oth Sup2t and RSP720 (to a lesser extent but still much better than
Sup720) can handle the churn of full feeds.
On Tue, Feb 19, 2013 at 5:10 PM, Tony Varriale wrote:
On 2/19/2013 2:57 PM, Jon Lewis wrote:
On Tue, 19 Feb 2013, Eric A Louie wrote:
I've run out of port capacity on my 7206V
x27;ve seen says the FIB TCAM space has not been
improved.
------
Jon Lewis, MCP :) | I route
Senior Network Engineer | therefore you are
Atlantic Net|
_ http://www.lewis.org/~jlewi
y things are there.
----------
Jon Lewis, MCP :) | I route
Senior Network Engineer | therefore you are
Atlantic Net|
_ http://www.lewis.org/~jlewis/pgp for PGP p
On Thu, 28 Feb 2013, Jerry Bacon wrote:
On 2/27/2013 7:45 PM, Jon Lewis wrote:
On Wed, 27 Feb 2013, Jay Hennigan wrote:
You could simplify that to:
ip as-path access-list 10 deny _11xx1_
ip as-path access-list 10 permit .* <- Dangerous outbound to transit
connections.
Or simplify thi
rs to have v6 capable HSRP and
GLBP. VRRP doesn't appear to have any v6 support.
------
Jon Lewis, MCP :) | I route
Senior Network Engineer | therefore you are
Atlantic Net|
e of spoofed IP packets leaving your
network.
----------
Jon Lewis, MCP :) | I route
| therefore you are
_ http://www.lewis.org/~jlewis/pgp for PGP public key_
___
cisco-nsp
k.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/
------
Jon Lewis, MCP :) | I route
| therefore you are
_ http://www.lewis.org/~jlewi
x27;re dropped by QoS...so all
those dropped packets still "count" if you're billing by the byte.
----------
Jon Lewis, MCP :) | I route
| therefore you are
_ http://www.lewi
On Mon, 18 Mar 2013, Phil Mayers wrote:
On 03/18/2013 02:25 AM, Dobbins, Roland wrote:
On Mar 18, 2013, at 1:40 AM, Jon Lewis wrote:
Cisco SNMP counters count packets before they're dropped by
QoS...so all those dropped packets still "count" if you're billing
by the byte
.
--
Jon Lewis, MCP :) | I route
| therefore you are
_ http://www.lewis.org/~jlewis/pgp for PGP public key_
___
cisco-nsp mailing list cisco-nsp@puck.nether.net
https
t neighbor needs for RTBH.
----------
Jon Lewis, MCP :) | I route
| therefore you are
_ http://www.lewis.org/~jlewis/pgp for PGP public key_
___
cisco-nsp mailing list cisco-
/cisco-nsp/
------
Jon Lewis, MCP :) | I route
| therefore you are
_ http://www.lewis.org/~jlewis/pgp for PGP public key_
___
cisco-nsp ma
mnigraffle.
------
Jon Lewis, MCP :) | I route
| therefore you are
_ http://www.lewis.org/~jlewis/pgp for PGP public key_
___
cisco-nsp mailing list cisco-nsp@puck.nether
line card ports.
------
Jon Lewis, MCP :) | I route
| therefore you are
_ http://www.lewis.org/~jlewis/pgp for PGP public key_
___
cisco-nsp mailing list cisco-nsp@puck.n
iguration works
as a single extended switch with a single management domain."
That must be pissing off the Nexus unit.
----------
Jon Lewis, MCP :) | I route
| therefore you are
_ http://
e formatted and used to
boot a Sup720-3bxl?
------
Jon Lewis, MCP :) | I route
| therefore you are
_ http://www.lewis.org/~jlewis/pgp for PGP public key_
__
ng
time.
I haven't followed the thread closely enough to know if "netflow" was ever
elaborated. The 6500 does netflow. Whether the netflow it does is
sufficient for the OPs needs is the question.
---------
an be increased through
configuration control to support up to 1 M entries if required.
------
Jon Lewis, MCP :) | I route
| therefore you are
_ http://www.lewis.org/~jlewis/pgp for PGP publ
want to greatly increase these from the defaults.
--
Jon Lewis, MCP :) | I route
| therefore you are
_ http://www.lewis.org/~jlewis/pgp for PGP public key_
mbit/s), but it can certainly tell you
which IP or IPs are the source or destination of unusual traffic volumes,
which is the first step in mitigating inbound or outbound DoS traffic.
------
Jon Lewis, MCP :)
On Mon, 2 Sep 2013, Dobbins, Roland wrote:
On Sep 3, 2013, at 4:34 AM, Jon Lewis wrote:
Having used it exactly for that, I disagree and am curious why you say
it's useless.
Because in any Internet-facing environment with any kind of traffic
diversity, it's non-deterministica
you looked for it, you'd find that file somewhere online.
------
Jon Lewis, MCP :) | I route
| therefore you are
_ http://www.lewis.org/~jlewis/pgp for PGP publ
http://www.fibercables.com/products/0-2m-0-66ft-multimode-duplex-fiber-optic-cable-62-5-125-lc-to-sc.html
http://www.fibercables.com/products/fiber-optic-adapter-sc-to-sc-multimode-duplex.html
------
Jon Lewis, MCP :) | I
type fibre.
Sent from a mobile device
On 15 Oct 2013, at 10:01, Jon Lewis wrote:
On Mon, 14 Oct 2013, Kenny Kant wrote:
I have an older multi-mode fiber connection coming into our 7206VXR /
NPE-G1 with a SC end. We are moving this fiber to a new router which
requires a LC/SFP. Due to
?
--
Jon Lewis, MCP :) | I route
| therefore you are
_ http://www.lewis.org/~jlewis/pgp for PGP public key_
___
cisco-nsp mailing list cisco-nsp
p
archive at http://puck.nether.net/pipermail/cisco-nsp/
------
Jon Lewis, MCP :) | I route
| therefore you are
_ http://www.lewis.org/~jlewis/pgp for PGP public key_
___
cisco-nsp mailing list ci
fuses. Just keep in mind when installing cards later that you don't
really have all the power capacity the chassis thinks you have.
----------
Jon Lewis, MCP :) | I route
Senior Network Engineer | theref
Our cards have 512k per port. WS-X6516A has 1MB.
The WS-X67xx cards have 1.17MB TX/166KB RX buffers.
Would swapping out the WS-X64xx cards for WS-X6516A's (with or without
DFC3BXL) likely make much difference?
------
Jon
e at http://puck.nether.net/pipermail/cisco-nsp/
------
Jon Lewis, MCP :) | I route
Senior Network Engineer | therefore you are
Atlantic Net|
_ http://www.lewis.
.c3550-ipbasek9-tar.122-44.SE6.tar:
permission denied
Booting a tar file? Those are supposed to be unpacked by the switch using
the archive download-sw ... command.
----------
Jon Lewis, MCP :) | I route
Senior Network Eng
sleading.
Received another WS-X6516-GBIC but with a DFC3A. Powers up, but
switches everything to "PFC3A" mode:
If you're not doing that much traffic, is removing the DFC from the
WS-X6516-GBIC an option?
------
Jon
to a page listing those details.
Some of what you're looking for is probably here:
http://www.cisco.com/en/US/prod/collateral/switches/ps5718/ps708/product_data_sheet0900aecd8017376e.html
There's no mention of the 6248 there though.
---------
here will be switch
processor load issues if you do more than some form of sampled netflow,
and then you really can't bill based on it, because at most you'll be
seeing like 1.5% of the traffic volume.
----------
Jon Lewis
DDoS traffic isn't congesting your transit pipes.
------
Jon Lewis, MCP :) | I route
Senior Network Engineer | therefore you are
Atlantic Net|
_ http://www.lewis.org/~jlewis/pgp for
gineer
Logged into reality and abusing my sudo privileges.
___
cisco-nsp mailing list cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/
--------
ld contact the customer first,
explain why you're unhappy with their routing policy, see if it's
intentional, and then decide what (if anything) to do about it.
------
Jon Lewis, MCP :) | I route
Sen
other.
------
Jon Lewis, MCP :) | I route
Senior Network Engineer | therefore you are
Atlantic Net|
_ http://www.lewis.org/~jlewis/pgp for PGP public key_
___
cisco-nsp mailing list cisco-nsp@puck.nether.net
ether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/
--
Jon Lewis, MCP :) | I route
Senior Network Engineer | therefore you are
Atlantic N
witch packets at line rate...lots of them, lots more than a
VXR can do. BGP convergence may go a little slower, but the platform will
forward more traffic (PPS or Mbps) than the VXR.
------
Jon Lewis, MCP :) | I route
S
. We've always used the 19-23" spacers for the 7206's when
going into 23" racks.
------
Jon Lewis, MCP :) | I route
Senior Network Engineer | therefore you are
Atlantic Net
t;announce to internet" string last.
------
Jon Lewis, MCP :) | I route
Senior Network Engineer | therefore you are
Atlantic Net|
_ http://www.lewis.org/~jlewis/pgp for PGP public key_
_
connections up and usable simultaneously.
------
Jon Lewis, MCP :) | I route
Senior Network Engineer | therefore you are
Atlantic Net|
_ http://www.lewis.org/~jlewis/pgp for PGP public key_
_
ing a maintenance window and
they weren't allowed to schedule any maintenance windows because a
tropical storm was threatening to impact the SE US.
------
Jon Lewis, MCP :) | I route
Senior Network Engineer | the
none on routes you receive
after you've looked at the community strings (if you were interested), and
before sending routes to another AS unless you meant for them to go out
with a certain community string.
--
------
Jon Lewis
/moving to
ISIS?...or just doing OSPFv3 without authentication?
------
Jon Lewis, MCP :) | I route
Senior Network Engineer | therefore you are
Atlantic Net|
_ http://www.lewis.org/~jlewis/p
7;d assume it would do [it didn't actually do anything].
----------
Jon Lewis, MCP :) | I route
Senior Network Engineer | therefore you are
Atlantic Net|
_ http://www
platform as a full BGP router and sell more ASRs or something.
------
Jon Lewis, MCP :) | I route
Senior Network Engineer | therefore you are
Atlantic Net|
_ http://www.lewis.org/~jlewi
ght handle 768k IPv4 routes.
------
Jon Lewis, MCP :) | I route
Senior Network Engineer | therefore you are
Atlantic Net|
_ http://www.lewis.org/~jlewis/pgp for PGP publ
IPv4], or some
compromise of smaller numbers of each, such as the 622592 IPv4 and 212992
IPv6 I posted.
If they haven't increased the max routes capability of the next generation
Sup vs the 3BXL, then that's very disappointing.
--------
ease/notes/ol_20679.html#wp2561330
I couldn't find that the last time I looked for Sup2T specs. So it seems
they haven't increased the route capacity...just the traffic forwarding
capacity.
------
Jon Lewis, MCP :)
e. if the number
suddenly goes up or down much, there's probably something wrong.
I'd like to do the same with IPv6 routes, but I haven't found the OID.
------
Jon Lewis, MCP :) | I route
Sen
:/32 (if I did the math correctly)?
The odd thing is, that's more or less the same OID I use for v4 peer info,
but on 12.2(33)SXI, all it shows me is the ipv4 peers.
------
Jon Lewis, MCP :) | I route
Senior N
and /19's on our session with provider 4?
That'd work too. Doing it with communities is just a whole lot more
flexible and easier to manage down the road.
------
Jon Lewis, MCP :) | I route
Se
those physical ports.
------
Jon Lewis, MCP :) | I route
Senior Network Engineer | therefore you are
Atlantic Net|
_ http://www.lewis.org/~jlewis/pgp for PGP public key
I suspect if most of the ports are used as 100baseT, and you
have the occasional 1000baseT port that might carry just a little more
than 100mbit/s, it should do fine.
------
Jon Lewis, MCP :) | I route
Senior Networ
ps708/prod_white_paper09186a0080131086.html
------
Jon Lewis, MCP :) | I route
Senior Network Engineer | therefore you are
Atlantic Net|
_ http://www.lewis.org/~jlewis/pgp for PGP public key
On Thu, 8 Dec 2011, Seth Mattinen wrote:
On 12/8/11 9:38 AM, Jon Lewis wrote:
On Thu, 8 Dec 2011, Seth Mattinen wrote:
And the 6148A supports jumbo frames, if that matters. But yeah, it has
2.6MB per port buffers instead of 1MB shared across 8 ports.
It's supposed to have more than
this doesn't mean what it appears to.
------
Jon Lewis, MCP :) | I route
Senior Network Engineer | therefore you are
Atlantic Net|
_ http://www.lewis.org/~jlewis/pgp for PGP public ke
irely forgotten.
------
Jon Lewis, MCP :) | I route
Senior Network Engineer | therefore you are
Atlantic Net|
_ http://www.lewis.org/~jlewis/pgp for PGP public key
ci
e whatever platforms you're using can handle and export that
volume of netflow?
------
Jon Lewis, MCP :) | I route
Senior Network Engineer | therefore you are
Atlantic Net|
_ http://www.lewis.
ic, etc. Sampled netflow is
certainly more operationally useful than no netflow.
----------
Jon Lewis, MCP :) | I route
Senior Network Engineer | therefore you are
Atlantic Net|
_ http://www.
to each chassis.
------
Jon Lewis, MCP :) | I route
Senior Network Engineer | therefore you are
Atlantic Net|
_ http://www.lewis.org/~jlewis/pgp for PGP public key_
__
conservative IP assignment gets flipped around 180*, and
watch out for things like needing IPv6 ACLs on things like
router/switch vty lines, and RA / SLAAC automatically enabling IPv6 on
hosts before they've been configured for it (ACLs).
---
x27;s receiving your
traffic but not sending any back.
------
Jon Lewis, MCP :) | I route
Senior Network Engineer | therefore you are
Atlantic Net|
_ http://www.lewis.org/~jlewis/pgp for PGP
ether.net/pipermail/cisco-nsp/
----------
Jon Lewis, MCP :) | I route
Senior Network Engineer | therefore you are
Atlantic Net|
_ http://www.lewis.org/~jlewis/pgp fo
y to monitor the circuits...they lose a point of
failure.
----------
Jon Lewis, MCP :) | I route
Senior Network Engineer | therefore you are
Atlantic Net|
_ http://www.lewis.org/~jlewis/pgp fo
://puck.nether.net/pipermail/cisco-nsp/
--
Jon Lewis, MCP :) | I route
Senior Network Engineer | therefore you are
Atlantic Net|
_ http://www.lewis.org/~jlewis/pgp for PGP public key_
What kind of "support" are you looking for?
------
Jon Lewis, MCP :) | I route
Senior Network Engineer | therefore you are
Atlantic Net|
_ http://www.lewis.org/~jlewis/pgp for PGP publ
6509E chassis.
But in the other hand, the Service Contract Center shows me the date of
31-Dec-2015. Here's an example:
Maybe you can keep renewing an existing contract until 2015?
------
Jon Lewis, MCP :) | I rou
vlans allowed on that port
(other than 1) aren't going to work until/unless the 2960 knows those
vlans exist. This info was probably hidden in the vlan database (not
present in the running/startup config) on the 2900.
------
I only just
looked up and saw how expensive the tool kit is (Corning UniCam Pretium
Tool Kit).
------
Jon Lewis, MCP :) | I route
Senior Network Engineer | therefore you are
Atlantic Net|
_ http:
by
allow-default and that Gert doesn't have full routes on this device, which
is a given since it's a non-XL 3B.
--
Jon Lewis, MCP :) | I route
Senior Network Engineer | therefore you are
Atlantic Net
able to do anything to troubleshoot other
than start physically unplugging things until you "make it stop".
------
Jon Lewis, MCP :) | I route
Senior Network Engineer | therefore y
at least a /29, create an otherwise
unnecessary VRRP IP in the /29, and then configure the customer's VRRP
gateway as a secondary.
------
Jon Lewis, MCP :) | I route
Senior Network Enginee
Does anyone know if this affects the 6708 10gb cards for the 6500 series?
--
Jon Lewis, MCP :) | I route
| therefore you are
_ http://www.lewis.org/~jlewis/pgp for PGP public
v4/v6 routing
split, and after seeing a 6708 fail in each of the last two 6500s I've
reloaded, I'm not feeling really good about proceeding.
------
Jon Lewis, MCP :) | I route
st / are still worth some $, I figured if cisco
is willing to replace defective ones, doing so, and getting some reliable
spares in exchange for the dead ones, beats the heck out of scrapping
them.
----------
Jon Lewi
ce IPs? Done carefully, there should be no downtime.
----------
Jon Lewis, MCP :) | I route
| therefore you are
_ http://www.lewis.org/~jlewis/p
applied other policy that forces a
different best path selection.
----------
Jon Lewis, MCP :) | I route
| therefore you are
_ http://www.lewis.org/~jlewis/pgp for PGP public key_
__
s and line cards...you could just buy a couple
of spare 1gb memory modules for them (if you have hands on-site you trust
to do surgery on a card). Unfortunately, on a card like the 6708, getting
to that memory module is a PITA as it's under the DFC.
---------
On Fri, 31 Oct 2014, Gert Doering wrote:
Hi,
On Fri, Oct 31, 2014 at 08:51:33AM -0400, Jon Lewis wrote:
AFAIK, the problem is with the removable 1gb DIMMs on the cards...so you
don't have to get spare Sups and line cards...you could just buy a couple
of spare 1gb memory modules for the
cisco-nsp mailing list cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/
----------
Jon Lewis, MCP :) | I
security posture this may not be allowed.
On Sun, Mar 1, 2015 at 11:22 AM, Jon Lewis wrote:
Flip the "local" "group radius" order and it'll do what you're looking
for. i.e. check the local db first (allowing non-radius users in) and if
not found in the local db, rad
end value for the max-prefixes.
----------
Jon Lewis, MCP :) | I route
| therefore you are
_ http://www.lewis.org/~jlewis/pgp for PGP public key_
___
cisco-nsp mailing list cisco-nsp@puck.nether.net
h
ry is
46mb. I wouldn't add any more full views to that router. It's time to
start thinking about what's going to replace the 7600.
------
Jon Lewis, MCP :) | I route
redundancy.
------
Jon Lewis, MCP :) | I route
| therefore you are
_ http://www.lewis.org/~jlewis/pgp for PGP public key_
___
cisco-nsp mailing list cisco-nsp@puck.nether.net
https://puck.nether.n
h traffic links).
------
Jon Lewis, MCP :) | I route
| therefore you are
_ http://www.lewis.org/~jlewis/pgp for PGP public key_
___
cisco-nsp mailing list cisco-nsp@puck.nether.net
https://
ware of the "bad memory" issue you
might run into causing cards working today to not make it through a
reload?
------
Jon Lewis, MCP :) | I route
| therefore you are
_
though...not try jumping to a much later version that
might be even more memory hungry.
------
Jon Lewis, MCP :) | I route
| therefore you are
_ http://www.lewis.org
ng that route advertisement
decision on their end.
----------
Jon Lewis, MCP :) | I route
| therefore you are
_ http://www.lewis.org/~jlewis/pgp for PGP public key_
___
ut not that the system should crash from that.
It's owner called SCO support, explained what happened, and was told it
was a known bug...and "would you like to buy the update that fixes it?"
WTF?!?
-------
gin though...you may need to look at
setting origin on all routes received from transits/peers to the same
value to keep individual drains from winning due to their setting origin
igp.
------
Jon Lewis, MCP :)
x27;t see why using a spare
7513 for this would be a bad idea. We've tended to have less issues /
better reliability from our 7206's than from the 7500s we used to run.
------
Jon Lewis | I route
Se
1 - 100 of 328 matches
Mail list logo