Re: [c-nsp] C6500 IPv6 redistribute with route-map?
Morning, Am 09.12.2013 um 16:26 schrieb Mark Tinka mark.ti...@seacom.mu: On Monday, December 09, 2013 03:05:17 PM Patrick M. Hausen wrote: Just to make sure i would not accidentally inject anything not belonging to my AS into my IGP. Why would you, if you're running IS-IS only on your internal links? I do. You asked quite a few questions so instead of answering every single one I will try to summarize where I come from (OSPF) and what I intended to do with IS-IS. OK, picture two or more routers connected by some link (Ethernet) and each of them with some number of external links to customers (DSL/ATM in my case): int fa0 description internal link to neighbor router ip address 192.168.0.1 255.255.255.252 router ospf 1 passive-interface default no passive interface fa0 network 192.168.0.1 0.0.0.0 area 0 This enables OSPF on the link to my other router *only*. OSPF does not by default redistribute connected or static routes. The 0.0.0.0 looks insane but keep in mind that it’s an inverted (wildcard) mask so essentially it says /32. Now we add a link to a customer: int ATM2/0.100 point-to-point description customer’s DSL ip unnumbered fa0 pvc 1/100 In reality I use a loopback interface for the unnumbered interfaces, of course. No we only need to route the customer’s /29. ip route 192.168.1.64 255.255.255.248 ATM2/0.100 Because of the very narrow configuration of the OSPF process I never need to worry about accidentaly running my IGP on a customer’s link. All I need to distribute that prefix across my network is: router ospf 1 redistribute static subnets Now a different layer 2 carrier and slightly different configuration for essentially the same effect but with bridged instead of routed PVCs: int ATM1/0.100 point-to-point description different DSL ip address 192.168.1.73 255.255.255.248 atm route-bridged ip pvc 1/100 encapsulation aal5snap To distribute this I need router ospf 1 redistribute connected subnets because OSPF does not by default redistribute connected passive interfaces. But possibly this router runs an external BGP link with an adress belonging to a different AS on *some* interface. Or an RFC 1918 address somewhere for out of band management [1]. So in reality it is: router ospf 1 redistribute connected subnets route-map redistribute-ospf With the route map restricting routes to my own /20 as I tried to do with IS-IS. I’ve been doing OSPF for quite some years and IMHO this is a perfectly valid and sane way to run an ISP with subscriber lines. And I know more than one competitor (friendly competition ;-) doing exactly the same. Now … as far as I found out yesterday … IS-IS *does* by default redistribute connected subnets even if they are on passive interfaces. Unless you use no isis advertise-prefix on the interface level. For static subnets it’s the same as with OSPF. I can perfectly live with that, now that I know. I’m just wondering what the „redistribute connected“ command is for in the context of IS-IS, anyway ;-) Kind regards Patrick [1] getting rid of them currently in favor of official adresses and tight access-lists -- punkt.de GmbH * Kaiserallee 13a * 76133 Karlsruhe Tel. 0721 9109 0 * Fax 0721 9109 100 i...@punkt.de http://www.punkt.de Gf: Jürgen Egeling AG Mannheim 108285 signature.asc Description: Message signed with OpenPGP using GPGMail ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] C6500 IPv6 redistribute with route-map?
On Tuesday, December 10, 2013 10:42:34 AM Patrick M. Hausen wrote: This enables OSPF on the link to my other router *only*. OSPF does not by default redistribute connected or static routes. The 0.0.0.0 looks insane but keep in mind that it’s an inverted (wildcard) mask so essentially it says /32. I have ran OSPF (and sometimes still teach it, although I teach and run IS-IS more, nowadays), I just haven't ran it on Junos or IOS XR platforms :-). I’ve been doing OSPF for quite some years and IMHO this is a perfectly valid and sane way to run an ISP with subscriber lines. And I know more than one competitor (friendly competition ;-) doing exactly the same. Now … as far as I found out yesterday … IS-IS *does* by default redistribute connected subnets even if they are on passive interfaces. Unless you use no isis advertise-prefix on the interface level. I don't do much with IS-IS (keep it really simple), but yes, passive-interface in IS-IS and OSPF behave differently in IOS, as I mentioned before. I'm not sure whether this is the spec. or something specific to Cisco, as I've only experienced this on IOS. passive-interface in IS-IS basically means: - If an interface is defined as passive. - Advertise whatever IP address is on it. - But don't run IS-IS on it. For static subnets it’s the same as with OSPF. I can perfectly live with that, now that I know. I’m just wondering what the „redistribute connected“ command is for in the context of IS-IS, anyway ;-) In essence, you're right, redistribute connected in IS-IS is the same as doing passive-interface :-). What I would do, if it were my network, is carry the customer's /29 in iBGP, rather than the IGP. This scales better, and any volatility on the customer's link is handled better by your network since BGP oscillates in much more controlled manner than an link state IGP would. Cheers, Mark. signature.asc Description: This is a digitally signed message part. ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] C6500 IPv6 redistribute with route-map?
On 10/12/2013 08:42, Patrick M. Hausen wrote: I’ve been doing OSPF for quite some years and IMHO this is a perfectly valid and sane way to run an ISP with subscriber lines. And I know more than one competitor (friendly competition ;-) doing exactly the same. Why don't you use ibgp for this instead of filling your igp up with stuff it doesn't need? Keep your IGP small - all the bloat belongs in bgp. Nick ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] C6500 IPv6 redistribute with route-map?
Hi, looks like I opened quite a can of worms, here … :-) Thanks to everybody for the valuable input. Am 10.12.2013 um 10:19 schrieb Nick Hilliard n...@foobar.org: On 10/12/2013 08:42, Patrick M. Hausen wrote: I’ve been doing OSPF for quite some years and IMHO this is a perfectly valid and sane way to run an ISP with subscriber lines. And I know more than one competitor (friendly competition ;-) doing exactly the same. Why don't you use ibgp for this instead of filling your igp up with stuff it doesn't need? Keep your IGP small - all the bloat belongs in bgp. I must admit, the thought never occured to me up until now. That’s what I thought IGPs were for. Use BGP to talk to your upstream, use a suitable link state IGP for your own network. Any hints/documents/links for starters? For example one question that immediately springs up: I have two redundant systems capable of running full tables. Both have links to upstreams plus an iBGP connection. I have additional routers with less memory and CPU that run subscriber lines and (currently) OSPF, later IS-IS as far as my planning goes. How can I connect them to the iBGP without them carrying full tables? Route-maps for the neighbor definitions? Is that really all it takes? And OTOH again - why would I not want to carry 100 LSAs in my IGP? Kind regards Patrick -- punkt.de GmbH * Kaiserallee 13a * 76133 Karlsruhe Tel. 0721 9109 0 * Fax 0721 9109 100 i...@punkt.de http://www.punkt.de Gf: Jürgen Egeling AG Mannheim 108285 signature.asc Description: Message signed with OpenPGP using GPGMail ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] C6500 IPv6 redistribute with route-map?
Hi! Am 10.12.2013 um 10:14 schrieb Mark Tinka mark.ti...@seacom.mu: passive-interface in IS-IS basically means: - If an interface is defined as passive. - Advertise whatever IP address is on it. - But don't run IS-IS on it. Yep. That sums it up quite nicely, which is why I’m citing it just this once more. In OSPF it is the same *if* the connected prefix is part of the „network“ statement in your OSPF process. Which is the „traditional“ way of setting up an OSPF domain if you follow Moy et al. Most ISPs I know who run OSPF configure it the way I described with very narrow „network“ statements and explicit redistribution. Essentially my subscriber lines are from the IGP’s point of view not part of my AS and every router running subscriber lines is an ASBR. The prefixes are consecutively injected as AS external LSAs. BTW: this is the only way (as far as I know) how you *can* filter what goes in your link state database and what doesn’t. Despite the „traditional“ literature claiming that you cannot do that with OSPF at all. Which is of course correct but for AS external LSAs ;-) Thanks Patrick -- punkt.de GmbH * Kaiserallee 13a * 76133 Karlsruhe Tel. 0721 9109 0 * Fax 0721 9109 100 i...@punkt.de http://www.punkt.de Gf: Jürgen Egeling AG Mannheim 108285 signature.asc Description: Message signed with OpenPGP using GPGMail ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] C6500 IPv6 redistribute with route-map?
On 10/12/2013 09:31, Patrick M. Hausen wrote: How can I connect them to the iBGP without them carrying full tables? Route-maps for the neighbor definitions? Is that really all it takes? And OTOH again - why would I not want to carry 100 LSAs in my IGP? if it's 100 LSAs, there's not going to be much practical difference between the two. If you want to do it with BGP, I'd recommend setting up a couple of VMs to act as route reflectors (with e.g. bird or quagga or something) and creating a very simple BGP community policy: tag your transit prefixes, your peering prefixes and your internal prefixes using different community values. Then you can use the route reflectors to control how the prefixes are distributed around your network. It's a small amount of work, but it's an approach that scales well in practice. Nick ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] C6500 IPv6 redistribute with route-map?
On 10/12/2013 8:43 PM, Nick Hilliard wrote: If you want to do it with BGP, I'd recommend setting up a couple of VMs to act as route reflectors (with e.g. bird or quagga or something) and creating a very simple BGP community policy: tag your transit prefixes, your peering prefixes and your internal prefixes using different community values. Then you can use the route reflectors to control how the prefixes are distributed around your network. It's a small amount of work, but it's an approach that scales well in practice. ...and it's a LOT, LOT easier to migrate to this sort of design while the network is small, than when it grows. Start small, start simple, only set a couple of communities till you are comfortable with how it works, take some time and work out how you want to plan your community setting and matching, and like a work of art develop both the network and your BGP operational skills over time. It may seem a bit counter-intuitive to start implementing this before you need it, but it's a lot easier to grow into this design than to grow out of a non iBGP core and have the change forced upon you. Been there done that, and once there's lots of live paying customers with expectations around uptime, this stuff gets more and more tricky to retrofit and learn. Reuben ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] C6500 IPv6 redistribute with route-map?
Hi, Nick, Am 10.12.2013 um 10:43 schrieb Nick Hilliard n...@foobar.org: On 10/12/2013 09:31, Patrick M. Hausen wrote: How can I connect them to the iBGP without them carrying full tables? Route-maps for the neighbor definitions? Is that really all it takes? And OTOH again - why would I not want to carry 100 LSAs in my IGP? if it's 100 LSAs, there's not going to be much practical difference between the two. If you want to do it with BGP, I'd recommend setting up a couple of VMs to act as route reflectors (with e.g. bird or quagga or something) and creating a very simple BGP community policy: tag your transit prefixes, your peering prefixes and your internal prefixes using different community values. Then you can use the route reflectors to control how the prefixes are distributed around your network. It's a small amount of work, but it's an approach that scales well in practice. OK … later :-) I’ll stick to an IGP right now. Our network really is that small. And the choice of OSPF was just a historical accident. In 1996 we started with PA address space from our single upstream, two LANs, a handful of dialin customers and one leased line customer. Everything was configured manually with static routes and the dialin links used a part of the LAN and proxy arp. Livingston Portmaster, anyone? ;-) In 1997 I successfully rolled out OSPF exactly the way I described. Had to connect Cisco and Livingston, so it was essentially the only choice. In 2000/2001 we became LIR, AS16188 and I introduced BGP into the mix. we had a maximum of about 2-300 LSAs in OSPF. I never thought of redesigning the IGP. It just worked. Today internet access as a product is mostly gone, it’s hosting instead, and so the number of prefixes continues to decrease. Kind regards, Patrick -- punkt.de GmbH * Kaiserallee 13a * 76133 Karlsruhe Tel. 0721 9109 0 * Fax 0721 9109 100 i...@punkt.de http://www.punkt.de Gf: Jürgen Egeling AG Mannheim 108285 signature.asc Description: Message signed with OpenPGP using GPGMail ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] C6500 IPv6 redistribute with route-map?
On Tuesday, December 10, 2013 11:31:55 AM Patrick M. Hausen wrote: I must admit, the thought never occured to me up until now. That’s what I thought IGPs were for. Use BGP to talk to your upstream, use a suitable link state IGP for your own network. Any hints/documents/links for starters? For example one question that immediately springs up: Search Google for BGP Best Current Practices from myself and Philip Smith. We teach these workshops and APRICOT, AfNOG and MyNOG together. How can I connect them to the iBGP without them carrying full tables? Route-maps for the neighbor definitions? Is that really all it takes? Unlike IGP's, BGP supports excellent filtering, so you can manage what you need to advertise where, much more easily and predictably than with an IGP. And OTOH again - why would I not want to carry 100 LSAs in my IGP? Because you should always assume you will grow. Having to re-design the network in the future (or worse, leaving that to someone else) should be avoid whenever possible. Cheers, Mark. signature.asc Description: This is a digitally signed message part. ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] C6500 IPv6 redistribute with route-map?
On Tuesday, December 10, 2013 11:41:10 AM Patrick M. Hausen wrote: Most ISPs I know who run OSPF configure it the way I described with very narrow „network“ statements and explicit redistribution. Essentially my subscriber lines are from the IGP’s point of view not part of my AS and every router running subscriber lines is an ASBR. The prefixes are consecutively injected as AS external LSAs. I find all these knobs relatively complicated for an IGP. But, I can see how enterprise network would need them, although such networks have also started migrating to the service provider way of doing things. BTW: this is the only way (as far as I know) how you *can* filter what goes in your link state database and what doesn’t. Despite the „traditional“ literature claiming that you cannot do that with OSPF at all. Which is of course correct but for AS external LSAs ;-) BGP just gives you more control, and as your network grows, BGP scales better than an IGP. Look at the state of the Internet routing table :-). Mark. signature.asc Description: This is a digitally signed message part. ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] Nexus compatible optics
Hi, Can't help you with the N7K, have no experience with them. But we deployed a couple Nexus 6001 recently, running NX-OS 6.0(2)N2(2). We use exclusively third party SFP and SFP+, from a local supplier, in these without any problem. The SFPs are coded as Cisco in the EPROM, we don't need to use service transceiver unsupported. Regards, /Ulrik -Original Message- From: cisco-nsp [mailto:cisco-nsp-boun...@puck.nether.net] On Behalf Of Orr, Jeff B. Sent: den 9 december 2013 14:53 To: cisco-nsp@puck.nether.net Subject: [c-nsp] Nexus compatible optics Hello All, I am getting ready to purchase a few Nexus 7k chassis for a refresh and I wondered if anyone ever found out the answer on the compatibility of aftermarket optics? I remember reading on this list awhile back that there was question if the newest 6.x code would allow for non-genuine Cisco optics. I have used a company, FluxLight, for years to supplement our Cisco optics for SFP, SFP+, X2, Twinax, etc. I have never had problems in our 6500s, Nexus 5k, etc, including never needing to use the service transceiver unsupported command. They are all private labeled optics by the major manufactures with the correct Cisco SN burned in the EPROM. Thanks! Jeff ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/ ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] C6500 IPv6 redistribute with route-map?
Hi, all, Am 10.12.2013 um 14:10 schrieb Mark Tinka mark.ti...@seacom.mu: On Tuesday, December 10, 2013 11:31:55 AM Patrick M. Hausen wrote: And OTOH again - why would I not want to carry 100 LSAs in my IGP? Because you should always assume you will grow. Having to re-design the network in the future (or worse, leaving that to someone else) should be avoid whenever possible. I do have the knowledge and capacity to implement iBGP as my IGP *now*, except for the route reflectors suggested. Would you recommend that approach? I.e. going without the route reflectors and the communities first? It’s only 4-5 machines in total, after all, all Cisco. And no customers with BGP currently. Thanks Patrick -- punkt.de GmbH * Kaiserallee 13a * 76133 Karlsruhe Tel. 0721 9109 0 * Fax 0721 9109 100 i...@punkt.de http://www.punkt.de Gf: Jürgen Egeling AG Mannheim 108285 signature.asc Description: Message signed with OpenPGP using GPGMail ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] C6500 IPv6 redistribute with route-map?
On 10/12/2013 14:22, Patrick M. Hausen wrote: I do have the knowledge and capacity to implement iBGP as my IGP *now*, except for the route reflectors suggested. Would you recommend that approach? I.e. going without the route reflectors and the communities first? It’s only 4-5 machines in total, after all, all Cisco. And no customers with BGP currently. It would be less work overall to install the RRs first. It's not that difficult either. Just remember to use next-hop self for all ibgp sessions. Otherwise see Phil Smith's BGP 101 presentation that Mark mentioned. Nick ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] C6500 IPv6 redistribute with route-map?
On Tuesday, December 10, 2013 04:27:48 PM Nick Hilliard wrote: It would be less work overall to install the RRs first. It's not that difficult either. Just remember to use next-hop self for all ibgp sessions. Otherwise see Phil Smith's BGP 101 presentation that Mark mentioned. What Nick said :-). As with everything else, do it now and future-proof it so you're not re-designing later on. The workshops we teach also talk to migrating from a full iBGP mesh to route reflectors, without losing traffic. It's possible, but if you have the chance to do it now, do it so you're not worrying about it later. Mark. signature.asc Description: This is a digitally signed message part. ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
[c-nsp] L3VPN - redistribute into OSPF, default metric
Hi, I have a question regarding redistributing routes from BGP to OSPF in a L3VPN setup. I've got limited experience in this area, so please excuse if the question is incorrectly formulated. The topology is like this P -- PE1 -- CE1 | | PE2 - PE3 |\ /| | \ / | | X | | / \ | CE2 - CE3 A subnet is directly connected to PE1 from CE1, no OSPF. PE1 is doing address-family ipv4 vrf CUST-A redistribute connected exit-address-family PE2 and PE3 (ASR9K) are doing OSPF with CE2 and CE3. PE2 and PE3 are redistributing from BGP into OSPF, today no route-maps etc. Now to the question. The subnet from CE1 is redistributed to CE2 and CE3 from both PE2 and PE3 with the same metric (metric 1, default for BGP into OSPF) . The result is that CE2 and CE3 have to equal cost routes to the subnet to both PE2 and PE3. Wouldn't it better if the route to PE2 had a higher metric so that when all links are up the traffic goes via only PE3? Can we accomplish this in some automatic way (we have several VRFs set up in the same way)? Getting PE2 and PE3 to take into account the IGP cost to reach PE1 when redistributing? Or do we need to manually create route-maps in PE2 to set a higher cost for the subnet from CE1 when redistributing into OSPF? Regards, /Ulrik Ivers ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] C6500 IPv6 redistribute with route-map?
On 10/Dec/2013 at 09:22:01 AM, Patrick M. Hausen wrote: I do have the knowledge and capacity to implement iBGP as my IGP *now*, except for the route reflectors suggested. Would you recommend that approach? I.e. going without the route reflectors and the communities first? It~Rs only 4-5 machines in total, after all, all Cisco. And no customers with BGP currently. Starting out with route reflectors is a good idea. It makes the network easier to scale as needed. Doing a full IBGP mesh gets messy very quickly. Even if you use peer-groups to simplify things, you're still dealing with a lot of IBGP sessions ((n * (n - 1)) / 2 sessions). With 5 routers, that would mean 10 sessions. With 10 routers, that would mean 45 sessions. Additionally, managing all of those sessions can chew up a lot of resources on your routers. Anything you can simplify will serve you well over time. jms ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] C6500 IPv6 redistribute with route-map?
Hi, all, Am 10.12.2013 um 13:43 schrieb Justin M. Streiner strei...@cluebyfour.org: On 10/Dec/2013 at 09:22:01 AM, Patrick M. Hausen wrote: I do have the knowledge and capacity to implement iBGP as my IGP *now*, except for the route reflectors suggested. Would you recommend that approach? I.e. going without the route reflectors and the communities first? It~Rs only 4-5 machines in total, after all, all Cisco. And no customers with BGP currently. Starting out with route reflectors is a good idea. It makes the network easier to scale as needed. Doing a full IBGP mesh gets messy very quickly. Even if you use peer-groups to simplify things, you're still dealing with a lot of IBGP sessions ((n * (n - 1)) / 2 sessions). With 5 routers, that would mean 10 sessions. With 10 routers, that would mean 45 sessions. Additionally, managing all of those sessions can chew up a lot of resources on your routers. Anything you can simplify will serve you well over time. I see. I’m starting with 4 routers and I simply do not have the hardware at hand *now* to implement something that critical to my network. Of course a VM will do, but I do not have free virtual ressources with sufficient redundancy, either. Of the 4 routers only 2 connect to different ASes via BGP, the other two 2961s are only there to provide a cheaper platform for ATM and G.703 links. (I reuse my old 3600 series OC3-Modules and some VWICs with these) The job of the IGP is to anounce the customer's subnets of those lines to the two big boxes and give the small ones a hand via default-information originate. It really is that simple. For now - you do have a point here ;-) But I don’t see our subscriber line business expanding. And the plan is to have IS-IS, external BGP and v6 up and running before Christmas. So it’s either full mesh or IS-IS - I will come to a decision tomorrow after toying with the not-yet-productive systems some more. Sorry if I seem resistant to sound advice, but I have to stick to my priorities and put learning even more great things beside IS-IS up for a little later. I will definitely set up a route reflector before putting another $BIGBOX with full tables into service. Or add another location. Or anything that actually extends our small single rack backbone. That much I see now … Thanks again for all help. Patrick -- punkt.de GmbH * Kaiserallee 13a * 76133 Karlsruhe Tel. 0721 9109 0 * Fax 0721 9109 100 i...@punkt.de http://www.punkt.de Gf: Jürgen Egeling AG Mannheim 108285 signature.asc Description: Message signed with OpenPGP using GPGMail ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] C6500 IPv6 redistribute with route-map?
Are there any good resources that detail best current practice for route reflector design? Google doesn't bring up much real-world experience, i.e. detailing caveats, redundancy options etc.. SteveH -Original Message- From: cisco-nsp [mailto:cisco-nsp-boun...@puck.nether.net] On Behalf Of Justin M. Streiner Sent: 10 December 2013 12:44 To: cisco-nsp@puck.nether.net Subject: Re: [c-nsp] C6500 IPv6 redistribute with route-map? On 10/Dec/2013 at 09:22:01 AM, Patrick M. Hausen wrote: I do have the knowledge and capacity to implement iBGP as my IGP *now*, except for the route reflectors suggested. Would you recommend that approach? I.e. going without the route reflectors and the communities first? It~Rs only 4-5 machines in total, after all, all Cisco. And no customers with BGP currently. Starting out with route reflectors is a good idea. It makes the network easier to scale as needed. Doing a full IBGP mesh gets messy very quickly. Even if you use peer-groups to simplify things, you're still dealing with a lot of IBGP sessions ((n * (n - 1)) / 2 sessions). With 5 routers, that would mean 10 sessions. With 10 routers, that would mean 45 sessions. Additionally, managing all of those sessions can chew up a lot of resources on your routers. Anything you can simplify will serve you well over time. jms ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/ [http://www.it-ps.com/emailimages/itpsmail_r2_c1.gif] Helping Your ICT Budget Deliver to its Maximum Potential Steve Housego Principal Consultant IT Professional Services Axwell House Waterside Drive Metrocentre East Business Park Gateshead Tyne Wear NE11 9HU T. 0191 442 8300 D. 3037 M. F. 0191 442 8301 steve.hous...@itps.co.ukmailto:steve.hous...@itps.co.uk Check out ITPS's website www.it-ps.comhttp://www.it-ps.com/ Keep up to date with all the latest Technology News [http://itpswebhost01.it-ps.com/customer_images/itps/twitter.gif]http://twitter.com/#!/itpsltd [http://itpswebhost01.it-ps.com/customer_images/itps/facebook.gif] http://www.facebook.com/pages/ITPS/180607505381380 [http://itpswebhost01.it-ps.com/customer_images/itps/linkin.gif] http://www.linkedin.com/profile/edit?trk=hb_tab_pro_top Company No. 3930001 registered in England VAT No. 734 1935 33 ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] C6500 IPv6 redistribute with route-map?
Am 10.12.2013 um 18:45 schrieb Patrick M. Hausen hau...@punkt.de: I see. I’m starting with 4 routers and I simply do not have the hardware at hand *now* to implement something that critical to my network. Of course a VM will do, but I do not have free virtual ressources with sufficient redundancy, either. ... I will definitely set up a route reflector before putting another $BIGBOX with full tables into service. Or add another location. Or anything that actually extends our small single rack backbone. That much I see now … Can an IOS router serve as a route reflector? Once I have the C6500 in production I have two spare 3825 that feature 1 GB of RAM each and should thus have suficcient resources, specifically when they are not busy routing traffic, anymore. Thanks Patrick -- punkt.de GmbH * Kaiserallee 13a * 76133 Karlsruhe Tel. 0721 9109 0 * Fax 0721 9109 100 i...@punkt.de http://www.punkt.de Gf: Jürgen Egeling AG Mannheim 108285 signature.asc Description: Message signed with OpenPGP using GPGMail ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] C6500 IPv6 redistribute with route-map?
On 10/12/2013 18:28, Patrick M. Hausen wrote: Can an IOS router serve as a route reflector? Once I have the C6500 in production I have two spare 3825 that feature 1 GB of RAM each and should thus have suficcient resources, specifically when they are not busy routing traffic, anymore. they would probably be very good for the job on a small network, yes. Nick ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] C6500 IPv6 redistribute with route-map?
Hi, Am 10.12.2013 um 20:13 schrieb Nick Hilliard n...@foobar.org: On 10/12/2013 18:28, Patrick M. Hausen wrote: Can an IOS router serve as a route reflector? Once I have the C6500 in production I have two spare 3825 that feature 1 GB of RAM each and should thus have suficcient resources, specifically when they are not busy routing traffic, anymore. they would probably be very good for the job on a small network, yes. So my final plan is simple: - use IS-IS and eBGP now just as it is today (one single iBGP link between the two big boxes) - get new systems and v6 up and running - when all old systems and OSPF are retired, add route-reflector and iBGP (with a conveniently larger administrative distance than IS-IS by default) - narrow IS-IS to just the backbone links one external link at a time while watching the routes Doesn’t look like too much additional work to me given the size of my network. Thanks a lot - where are you located? I’d buy you and Mark a beer or two should we ever meet ;-) Patrick -- punkt.de GmbH * Kaiserallee 13a * 76133 Karlsruhe Tel. 0721 9109 0 * Fax 0721 9109 100 i...@punkt.de http://www.punkt.de Gf: Jürgen Egeling AG Mannheim 108285 signature.asc Description: Message signed with OpenPGP using GPGMail ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] C6500 IPv6 redistribute with route-map?
On Tuesday, December 10, 2013 07:25:27 PM Steve Housego wrote: Are there any good resources that detail best current practice for route reflector design? Google doesn't bring up much real-world experience, i.e. detailing caveats, redundancy options etc.. I only teach the slides; Philip writes them. If he is alright for them to become public outside of the workshop setting, I'll let the list know. Mark. signature.asc Description: This is a digitally signed message part. ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] C6500 IPv6 redistribute with route-map?
On Tuesday, December 10, 2013 09:27:26 PM Patrick M. Hausen wrote: - when all old systems and OSPF are retired, add route-reflector and iBGP (with a conveniently larger administrative distance than IS-IS by default) - narrow IS-IS to just the backbone links one external link at a time while watching the routes Just remember that once you have next-hop-self enabled in iBGP, you don't need to run the external links in IS-IS, either as passive or directly. If you don't really need to carry external prefixes in your IGP, don't. Thanks a lot - where are you located? I’d buy you and Mark a beer or two should we ever meet ;-) I'm staying off planes and out of hotels for the whole of December; so if you find yourself in southern Africa in the coming weeks, I'll be happy to drink with you :-). Mark. signature.asc Description: This is a digitally signed message part. ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] C6500 IPv6 redistribute with route-map?
On Tuesday, December 10, 2013 09:13:14 PM Nick Hilliard wrote: they would probably be very good for the job on a small network, yes. The 3825 should be good. With 1GB RAM, it could skate by with two full tables and decent CPU utilization. I'm not sure it will handle more than that. If you're not carrying a full table in your iBGP, then they can work and will last a very long time. Mark. signature.asc Description: This is a digitally signed message part. ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] cheap core switch for a hacker space (nonprofit association)
Thanks for the input so far. I have found a Cisco Catalyst 4948-S to be less expensive on ebay than two 3750G-24 (and both options are far cheaper than any Juniper EX on ebay). So the benefit of a 4948 would be bigger buffers (and therefore less problems from microbursts), the benefit of a pair of 3750Gs would be that I don't have to buy them at once and I have some redundancy. So I think I would prefer the 4948 at the moment. On Mon, Dec 9, 2013 at 5:32 PM, Scott Granados sc...@granados-llc.netwrote: +1 on the EX 4200. Good, configurable with VC cables or optics for bundling in to a chassis over a larger physical area, decent horse power and decent features. On Dec 9, 2013, at 11:19 AM, Doug McIntyre mer...@geeks.org wrote: On Mon, Dec 09, 2013 at 05:17:58PM +0200, Mark Tinka wrote: On the Juniper side, the EX4200 and EX3200 might be all you need. You can get them pretty cheap on the used market now. Ditto on the Juniper EX. The EX4200 is current, and is even cheap on gray market (ie. Amazon), although not quite as cheap as used. The EX4200 in particular comes with the VC ports VC stack cables already. (as opposed to the EX4550 which you have to buy both, but that is beyond what the OP is looking for). At used EX4200 pricing, I'd go for them over the EX2200, since there are a lot more out there, more bang for the buck. The EX3200 is fine too, just be careful that you can only VC stack the same family (ie. only all EX4xxx). ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/ ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/ ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] cheap core switch for a hacker space (nonprofit association)
On Tuesday, December 10, 2013 10:19:53 PM Markus H wrote: So the benefit of a 4948 would be bigger buffers (and therefore less problems from microbursts), the benefit of a pair of 3750Gs would be that I don't have to buy them at once and I have some redundancy. So I think I would prefer the 4948 at the moment. The 4948 is better in terms of buffers, certainly. If you are getting it on the cheap, take it. Mark. signature.asc Description: This is a digitally signed message part. ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] cheap core switch for a hacker space (nonprofit association)
Hi, all, Am 10.12.2013 um 21:19 schrieb Markus H hauschild.mar...@gmail.com: I have found a Cisco Catalyst 4948-S to be less expensive on ebay than two 3750G-24 (and both options are far cheaper than any Juniper EX on ebay). If you can get one cheap, go for it. My used gear supplier swears by them and I just bought three to finally start the first rack with 10G as a backbone interconnection and 1G to each server. Our current setup is 1G to the backbone and 100M to each server. (backbone links redundant, of course) One drawback - this thing is huge ;-) You will need 60cm or something deep of rackspace. Not a problem in a commercial environment with racks but could be a limiting factor in a private setup. More than twice as big as a 29xx or 37xx ... Kind regards Patrick -- punkt.de GmbH * Kaiserallee 13a * 76133 Karlsruhe Tel. 0721 9109 0 * Fax 0721 9109 100 i...@punkt.de http://www.punkt.de Gf: Jürgen Egeling AG Mannheim 108285 signature.asc Description: Message signed with OpenPGP using GPGMail ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] cheap core switch for a hacker space (nonprofit association)
The generated hot air is good for drying the laundry in my cellar. I was first unsure wether the air-humidity would harm, but my home-servers still survive. The depth of my rack is ok (HP/Compaq) but it was hard to find one less than 1,8 m . Boing...Ouch my head...allways duck when going thru doors. Just my 0.01$ Juergen. Am 10.12.2013 um 21:19 schrieb Markus H hauschild.mar...@gmail.com: I have found a Cisco Catalyst 4948-S to be less expensive on ebay than two 3750G-24 (and both options are far cheaper than any Juniper EX on ebay). [...] One drawback - this thing is huge ;-) You will need 60cm or something deep of rackspace. Not a problem in a commercial environment with racks but could be a limiting factor in a private setup. More than twice as big as a 29xx or 37xx ... ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] cheap core switch for a hacker space (nonprofit association)
Markus, On 10 Dec 2013, at 21:19, Markus H hauschild.mar...@gmail.com wrote: I have found a Cisco Catalyst 4948-S to be less expensive on ebay than two 3750G-24 (and both options are far cheaper than any Juniper EX on ebay). 4948 without letter ‘E’ at the end signifies a version based on the older Supervisor design without hardware forwarding of IPv6. You should definitely look at 4948E or newest 3650. Also, being non-profit organization, you should work with the local Cisco account team. They should be able to work on something special in terms of discounts for that kind of organization. If you fail, please write to me at lbromirski (@cisco.com), I’ll try to connect you with proper people. -- There's no sense in being precise when | Łukasz Bromirski you don't know what you're talking | jid:lbromir...@jabber.org about. John von Neumann |http://lukasz.bromirski.net ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
[c-nsp] Nexus 2232PP FEX Switch Question
Hi Everyone, I knew I should have come here first but I went with the word of a CCXX something or another (Director of IT) from a vendor and a couple links he sent me. After I explained the setup I was putting together and how everything needed to work together, he told me that the Nexus 2232PP Switch could do what I wanted and needed. I have a pair of 2232PP FEX switches that we just got to extend our 5000 series switches from one cage to another (I have never worked with the FEX Switches before, so I should have done better homework). We were going to use the pair of FEX switches to provide redundant links to additional switches from which I was going to connect to customer switches or firewalls. Which going through the initial config today on setting up the VPC port on say Eth100/1/1 for my first test switch, I got an error saying that the VPC could not be added that there was one already applied. I reached out to the TAC Contact I have that has helped me out this week, and he told me that the FEX Switches were never meant to connect to other switches and the BPDUGuard would shut down the ports to the switch shortly after the ports come up. And it was not just this model but any FEX Switch. So my question to you guys is, (drum roll please): Does anyone have a Nexus 2000 FEX Switch Pair doing VPC Port Channel to another switch instead of a host/server? And if you do how did you make it work. I am considering returning these switches as I can't use them right now and I really need a usable pair of switches for the 10G+ cage to cage connectivity and then 1 or 10G to either my switches or customer switches. Which my switches then step it down to either 100M or 10M if needed. Is there a FEX switch that will do this? (imagine the full mesh setup) routers - 5000Switch - FEX Switch - 2960G or 3560G (for example) switch - Possible other switching/firewall gear - end system Can you recommend any other switch that can do what I want, or should I just get another pair of 5000 series switches? Thanks, Any thoughts or suggestions would be helpful. Joe ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
[c-nsp] NX-OS 6.0(2) N2(1b) Nexus 5596UP password issues...
OK, So I am wondering if anyone else has tested this upgrade... Just got in a new pair of 5596UP switches, each configured with 2x 16 port UP expansion modules. Went through the basic config of username, password, and decline to do anything further like I always do right out of the box. Enter username and password. Out of box, Switch was loaded with 5.2 (1) N1(2). Insert usb thumb drive. copy usb1:nexus5596/n5000-uk9.6.0.2.N2.1b.bin bootflash: copy usb1:nexus5596/n5000-uk9-kickstart.6.0.2.N2.1b.bin bootflash: install all kickstart bootflash:n5000-uk9-kickstart.6.0.2.N2.1b.bin system bootflash:n5000-uk9.6.0.2.N2.1b.bin when it prompted me to reboot to continue with installation I hit y and enter. Fast forward 10 minutes. Switch has rebooted and prompting for a login. Type admin. Enter password which was set and worked previously. Password Incorrect. At this point I thought I might have mangled the password. OK that's not hard, password reset time. Reboot (cord pull) Ctrl+Shft+r boot n5000-uk9.6.0.2.N2.1b.bin boot into kickstart. Conf t Admin-password password For this I have tried 2 ways, copy paste password and manual retype. Then load the full image. Load bootflash: n5000-uk9.6.0.2.N2.1b.bin Switch boots. No passwords work for login. At this point I am thinking it might be a bug. So I roll back the image manually. Reboot (cord pull) Ctrl+Shft+r Boot n5000-uk9.5.2.1.N1.2.bin boot into kickstart. Conf t Admin-password password Then load the full image. Load bootflash: n5000-uk9.6.0.2.N2.1b.bin Switch boots. No passwords work for login again. So at this point I am totally stumped... I have a TAC case open currently and the engineer is trying to duplicate the issue in the Lab on a 5548UP. I am wondering if anyone else has seen this? More importantly did you recover from it and how? I would be happy to share the open SR number with any lurking Cisco staff who would be interested in the results or anything going on internally. Thanks! Blake ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] 4500X weird issue...
Follow-up... the secondary booted up OK. We're looking at a possible RMA on the failing one (TAC case open) rather than cracking the case on a virgin switch to mess with flash :). Jeff On 12/6/2013 11:25 PM, Jeff Kell wrote: We received our first pair of 4500X switches, and proceeded to try to prepare them for deployment. They came up OK on console access, we got a very basic configuration setup, linked them together, and did an initial VSS pairing. With that successful, we put in a management IP address for the management port, saved everything, and proceeded to move them to the server room. Upon power-up at the new location, they won't boot... * * * Rom Monitor NVRAM configuration is being initialized to * * default values. This may be because it was never initialized.* * * Writing to Primary Region failed Writing to Backup Region failed ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] Nexus 2232PP FEX Switch Question
Hi Everyone, Thanks for the responses, I appreciate it. Stephen, I will probably stick with the 5000 series, maybe just use 5010's since I have a pair at a facility I am shutting down, I will simply move them over. Ray, The TAC guy I was speaking with, said there might be a way to trick them, but I don't want to do something janky. Phil, Your correct I shouldn't be calling them switches. Thanks again everyone. Joe On Tue, Dec 10, 2013 at 9:00 PM, Phil Bedard phil...@gmail.com wrote: So the first issue, and probably the root of it, is you are calling the FEX a switch, and it's not a switch. It doesn't do any local switching itself and the FEX ports do not support running STP, so it really is meant to connect to L3 devices. There is no way to disable BPDUGuard. If the switches are just homed to the FEX you could run a VPC and just turn off STP on the downstream switch. But if you had say multiple switches connected to eachother which then connected to the FEX that's not going to work. The only alternative is use some other method to block links like Flex links. Phil On 12/10/13, 7:56 PM, Joseph Hardeman jwharde...@gmail.com wrote: Hi Everyone, I knew I should have come here first but I went with the word of a CCXX something or another (Director of IT) from a vendor and a couple links he sent me. After I explained the setup I was putting together and how everything needed to work together, he told me that the Nexus 2232PP Switch could do what I wanted and needed. I have a pair of 2232PP FEX switches that we just got to extend our 5000 series switches from one cage to another (I have never worked with the FEX Switches before, so I should have done better homework). We were going to use the pair of FEX switches to provide redundant links to additional switches from which I was going to connect to customer switches or firewalls. Which going through the initial config today on setting up the VPC port on say Eth100/1/1 for my first test switch, I got an error saying that the VPC could not be added that there was one already applied. I reached out to the TAC Contact I have that has helped me out this week, and he told me that the FEX Switches were never meant to connect to other switches and the BPDUGuard would shut down the ports to the switch shortly after the ports come up. And it was not just this model but any FEX Switch. So my question to you guys is, (drum roll please): Does anyone have a Nexus 2000 FEX Switch Pair doing VPC Port Channel to another switch instead of a host/server? And if you do how did you make it work. I am considering returning these switches as I can't use them right now and I really need a usable pair of switches for the 10G+ cage to cage connectivity and then 1 or 10G to either my switches or customer switches. Which my switches then step it down to either 100M or 10M if needed. Is there a FEX switch that will do this? (imagine the full mesh setup) routers - 5000Switch - FEX Switch - 2960G or 3560G (for example) switch - Possible other switching/firewall gear - end system Can you recommend any other switch that can do what I want, or should I just get another pair of 5000 series switches? Thanks, Any thoughts or suggestions would be helpful. Joe ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/ ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] Nexus 2232PP FEX Switch Question
FEXs arent switches. Think of them as cheap line cards for host connections. If you are staying in the cisco world buy multiple layer 2 n5500s or a 4510 with the appropriate line cards. You could get this to work by disabling spanning tree on the downstream switches, or just ensuring they dont send bpdus ( bpdu filter do this ?) - would i do it - no! Sent from a mobile device On 11 Dec 2013, at 11:56, Joseph Hardeman jwharde...@gmail.com wrote: Hi Everyone, I knew I should have come here first but I went with the word of a CCXX something or another (Director of IT) from a vendor and a couple links he sent me. After I explained the setup I was putting together and how everything needed to work together, he told me that the Nexus 2232PP Switch could do what I wanted and needed. I have a pair of 2232PP FEX switches that we just got to extend our 5000 series switches from one cage to another (I have never worked with the FEX Switches before, so I should have done better homework). We were going to use the pair of FEX switches to provide redundant links to additional switches from which I was going to connect to customer switches or firewalls. Which going through the initial config today on setting up the VPC port on say Eth100/1/1 for my first test switch, I got an error saying that the VPC could not be added that there was one already applied. I reached out to the TAC Contact I have that has helped me out this week, and he told me that the FEX Switches were never meant to connect to other switches and the BPDUGuard would shut down the ports to the switch shortly after the ports come up. And it was not just this model but any FEX Switch. So my question to you guys is, (drum roll please): Does anyone have a Nexus 2000 FEX Switch Pair doing VPC Port Channel to another switch instead of a host/server? And if you do how did you make it work. I am considering returning these switches as I can't use them right now and I really need a usable pair of switches for the 10G+ cage to cage connectivity and then 1 or 10G to either my switches or customer switches. Which my switches then step it down to either 100M or 10M if needed. Is there a FEX switch that will do this? (imagine the full mesh setup) routers - 5000Switch - FEX Switch - 2960G or 3560G (for example) switch - Possible other switching/firewall gear - end system Can you recommend any other switch that can do what I want, or should I just get another pair of 5000 series switches? Thanks, Any thoughts or suggestions would be helpful. Joe ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/ ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] Nexus 2232PP FEX Switch Question
So the first issue, and probably the root of it, is you are calling the FEX a switch, and it's not a switch. It doesn't do any local switching itself and the FEX ports do not support running STP, so it really is meant to connect to L3 devices. There is no way to disable BPDUGuard. If the switches are just homed to the FEX you could run a VPC and just turn off STP on the downstream switch. But if you had say multiple switches connected to eachother which then connected to the FEX that's not going to work. The only alternative is use some other method to block links like Flex links. Phil On 12/10/13, 7:56 PM, Joseph Hardeman jwharde...@gmail.com wrote: Hi Everyone, I knew I should have come here first but I went with the word of a CCXX something or another (Director of IT) from a vendor and a couple links he sent me. After I explained the setup I was putting together and how everything needed to work together, he told me that the Nexus 2232PP Switch could do what I wanted and needed. I have a pair of 2232PP FEX switches that we just got to extend our 5000 series switches from one cage to another (I have never worked with the FEX Switches before, so I should have done better homework). We were going to use the pair of FEX switches to provide redundant links to additional switches from which I was going to connect to customer switches or firewalls. Which going through the initial config today on setting up the VPC port on say Eth100/1/1 for my first test switch, I got an error saying that the VPC could not be added that there was one already applied. I reached out to the TAC Contact I have that has helped me out this week, and he told me that the FEX Switches were never meant to connect to other switches and the BPDUGuard would shut down the ports to the switch shortly after the ports come up. And it was not just this model but any FEX Switch. So my question to you guys is, (drum roll please): Does anyone have a Nexus 2000 FEX Switch Pair doing VPC Port Channel to another switch instead of a host/server? And if you do how did you make it work. I am considering returning these switches as I can't use them right now and I really need a usable pair of switches for the 10G+ cage to cage connectivity and then 1 or 10G to either my switches or customer switches. Which my switches then step it down to either 100M or 10M if needed. Is there a FEX switch that will do this? (imagine the full mesh setup) routers - 5000Switch - FEX Switch - 2960G or 3560G (for example) switch - Possible other switching/firewall gear - end system Can you recommend any other switch that can do what I want, or should I just get another pair of 5000 series switches? Thanks, Any thoughts or suggestions would be helpful. Joe ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/ ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] C6500 IPv6 redistribute with route-map?
So I spoke to Philip and he is happy to share his slides with the public. His FTP site is here: http://thyme.apnic.net/ftp/isp-workshops The slides you are interested in for IS-IS are under: - Routing Presentations For BGP, that would be under: - BGP Presentations Good luck. Mark. signature.asc Description: This is a digitally signed message part. ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/