Hi,
at least for Sup720-3B(XL) and Sup-2T it results in number 1 for the
family that hit the limit.
So in most cases it will look that way:
#show mls cef exception status
Current IPv4 FIB exception state = TRUE
Current IPv6 FIB exception state = FALSE
Current MPLS FIB exception state = FALSE
Hi,
maybe you need to add the non-link-local address.
I did not separate OSPF and BGP, but this works:
ipv6 access-list acl-copp-transfer-ipv6
permit 89 FE80::/10 any
permit ipv6 2001:DB8::/48 any
2001:DB8::/48 contains all transfer networks and loopback adresses in my
case.
kind regards
Hello,
on router #1 it happened again.
We then updated it to 15.2(1)SY5 (put luck) on Dec 6th and configured
prefix limits on all sessions allowing less tha 100k above current count.
On router #2 we did nothing.
Router #3 was false positive, issue did not occur at all (human error).
Nothing
Hello,
had a "chance" today to check this.
Interesting ist that the ressources are even lower than normal (approx.
100k IPv4 routes less)
L3 Forwarding Resources
FIB TCAM usage: TotalUsed
%Used
72 bits (IPv4, MPLS, EoM)
Hello,
I had 3 incidents within a week in which Sup2T-XL routers switched to
software forwarding.
I.e. log says:
%MLSCEF-4-FIB_TCAM_INSERT_FAIL: FIB entry insertion into tcam failed, one
IPv4 route may be absent from hardware table
Was fixed by a reboot in each case.
Uptime differs (several
Hi,
RE-S-X6-64G requires SCBE2.
SCBE2 does not work with DPCs.
So you cannot upgrade to newest RE with old linecards.
kind regards
Rolf
> Hi,
>
> it is strange, because RE doesn't do much with line cards, maybe it
> depends what kind SCB you have ...
>
> Best regards,
> Misak Khachatryan,
Hello Aaron,
that's not a Cisco-only "feature".
You could also move from MX to new ASR boxes because Juniper told you that
your old DPC cards do not work if you replace your RE-S-2000 with the
newest RE (RE-S-X6-64G + SCBE2). ;)
kind regards
Rolf
> The thing that caused me to evaluate replacing
Hello,
In the meantime the system is was turned off.
Neither removing cards or turning off/on changed situation.
So I guess the chassis is just broken in some kind.
At least the scrap dealer will be happy. ;)
kind regards
Rolf
> Late to the thread, but some of the chassis models (non-E,
Hello,
I read your mail twice and still don't know which direction is affected
(4500X tp ASR or ASR to 4500X or both).
Please be aware that the balancing hash method only affects outbound
traffic, so changing the method on the 4500X only affects traffic towards
the ASR.
Using mac adresses for
Hi Nick,
yes, that's it.
Comes up now, thanks for the hint.
kind regards
Rolf
> Rolf Hanßen wrote:
>> I just tried to get VRRP + IPv6 running on a Sup2T with 15.1(2)SY1.
>> I enabled VRRPv3 and it works at least for IPv4.
>
> Yeah, this caught me too. The primary ipv6
Hello,
I just tried to get VRRP + IPv6 running on a Sup2T with 15.1(2)SY1.
I enabled VRRPv3 and it works at least for IPv4.
But for IPv6 the status stays on status INIT:
sh vrrp brief:
Interface Grp A-F Pri Time Own Pre State Master addr/Group
addr
Vl2000 6 IPv6
Hello,
I have an issue with a C6509 shortly before it will be replaced. ;)
PS2 shows OUTPUT FAIL (both inputs ok), I already replaced it, no change.
sh power shows 3780 Watt for PS2, what is that value?
system power redundancy mode = redundant
system power redundancy operationally =
Hi Curtis,
that combination does not sound good to me.
I think you will run into memory issues.
kind regards
Rolf
> Does anyone have any suggested 15.x Versions for the 720-3BXL Cards? I
> have a couple of 7606 routers that have a need to run BFD + BGP within a
> VRF Instance. The current
Hi,
sorry, but 88% used does not mean you really have 12% you can use.
3 years ago we were at similar situation, one of our 3BXL had 92 or 93%
usage and restarted the bgp process because it was unable to allocate more
memory.
We thought to have a few more months and waited to long to replace it.
_policy
> class inspection_default
> inspect icmp
> inspect icmp error
>
>
> -Original Message-
> From: cisco-nsp [mailto:cisco-nsp-boun...@puck.nether.net] On Behalf Of
> "Rolf Hanßen"
> Sent: 16 March 2016 10:58
> To: cisco-nsp@puck.nether.net
>
Hi,
I am new to ASA and wondering about the traceroute (and ping) behaviour.
I wanted to trace/ping with the IP address of the internal interface, but
anything I try results in stars:
ASA# traceroute 8.8.8.8 source inside
Type escape sequence to abort.
Tracing the route to 8.8.8.8
1 * * *
Hi,
you forgot do some interface-ACL-magic that drops peer-traffic that does
not have a destination IP in my cool-networks-whitelist.
kind regards
Rolf
Question: What is the preferred practice for separating peering and
transit
circuits?
1. Terminate peering and transit on separate
Hello,
I need a hint regarding a OSPF/BGP setup on some C6500.
I have BGP configured between the loopback IPs of several routers.
Lets say router a and router b advertise x.x.x.x/24 (connected network) to
router c (and d, e...).
Router c now has 2 BGP routes with same attributes (except the
Hello,
I look for a small switch that can do vlan translation.
Should have 1000T ports and port channel support.
I want to connect one port channel with several tagged vlans that are
mapped to other vlan ids on another port channel.
Do you have any cheap suggestion?
kind regards
Rolf
Hi Mack,
I am wondering about including sup 2T?
As far as I see Sup2T has no static CAM partition anymore and therefore
needs no specific maximums set.
kind regards
Rolf
As many readers on this list know the routing table is approaching 512K
routes.
For some it has already passed this
Hi,
nobody an idea?
Tried Mini Protocol Analyzer but as far as I see I cannot combine with a
MAC address ACL.
In the meantime I got a server connected to the router and could export
the traffic via SPAN but still see no unusal broad-/multicast-spikes.
Can anybody confirm that the physical
Hello,
I have a switchport interface (6704 card, Sup2T, IOS 15.1(2)SY1) with a
few vlans (L2 + L3 mixed) on it that drops packets caused by storm
control.
sh interfaces counters storm-control:
Port UcastSupp % McastSupp % BcastSupp %
TotalSuppDiscards
Te9/3
Slot 2,3 and 4 are not in use, I could remove the cover-cards and access
the front part of slot 5 easily.
The battery is right on the board behind the faceplate. I don't see how
you could replace it without removing the sup at least part way.
I will say I've seen failures on this particular
Hello,
I just saw that here on a 6509-E + Sup2T:
router#show diagnostic result module 5
...
51) TestNVRAMBatteryMonitor - F
...
From my understanding this means battery is empty and I need to replace
the button cell.
Correct?
Afair replacing it means nvram is lost and needs to be
Hello,
currently we use C6509 + Sup720 for IP access (routing + switching, ISP
environment).
Means BGP + OSPF + HSRP, dual stack, no MPLS, no full table (a few hundred
routes only).
Now I am looking for a small equivalent like a stackable 1HU Layer3 switch.
Should have 40/48x 1GBit + 4/8x 10Gbit.
Hello Mark,
If you want reasonably functional QoS ingress and egress,
the ME3600X/3800X is your friend.
As far as see no stacking and only 2x 10GBit.
If you don't care about that (or other fancy features), and
if your application is purely closet/LAN and not Metro, then
there are lots of
Hi,
I just saw that strict filtering with CoPP (only allow peers and some
management servers) breaks the ip tcp adjust-mss functionaliy.
The window size is manipulated to be able to redirect traffic via a tunnel
from a anti-ddos provider.
Is there a smart way to bypass CoPP for exactly those
Hi,
today I saw 2x Sup720-3B (default 192K IPv4 routes) that received a full
table.
After FIB was filled IOS gave a warning that it now may forward in
software (and resetted all BGP sessions because of memory issues). I don't
have the exact messages.
The real problem occured after that. I shut
it that the only
way to fix it was to completely reload the box.
Jose
On 2/3/2014 9:09 AM, Rolf Hanßen wrote:
Hi,
today I saw 2x Sup720-3B (default 192K IPv4 routes) that received a full
table.
After FIB was filled IOS gave a warning that it now may forward in
software (and resetted all BGP sessions
Hello Stuart,
looks like you are right, I will try to reboot in the next maintenance
window and check if it works now.
#remote command switch show bootvar
BOOT variable = bootdisk:s72033-advipservicesk9_wan-mz.122-33.SXJ6.bin,1;
CONFIG_FILE variable does not exist
BOOTLDR variable does not
Hi,
I am wondering why this sup720 ignores my boot variable and always boots
the first image it finds.
dir shows:
--
Directory of sup-bootdisk:/
1 -rw-78212100 Jul 6 2010 17:27:04 +00:00
s72033-advipservicesk9_wan-mz.122-33.SXH2.bin
2 -rw-33554432 Jul
recommend something that I can use as a small (1 or 2 HU) + cheap
1:1 replacement?
kind regards
Rolf Hanßen
___
cisco-nsp mailing list cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail
to that plattform ?
kind regards
Rolf
On 20/01/2014 10:37, Rolf Hanßen wrote:
Can you recommend something that I can use as a small (1 or 2 HU) +
cheap
1:1 replacement?
Easiest thing would be to get a C7200 + ATM card from ebay. You don't
need
a fancy IO card. An NPE200 or NPE300 would
, 20 Jan 2014, Gert Doering wrote:
Hi,
On Mon, Jan 20, 2014 at 12:06:22PM +0100, Rolf Hanßen wrote:
I found on Ebay:
CISCO7204VXR + NPE400 + PWR7200-AC + C7200-I/O-2FE - 160 Euro
PA-A3-OC3SMI ATM Port Adapter (73-2427-04 / PA-A3-OC3SMI) - 40 Euro
Would that combination be sufficient?
It's
Hi,
yes, none of the 6 lines has more than 2 MBit, so 100MBit upstream is ok.
kind regards
Rolf
On 20/01/2014 16:20, Aled Morris wrote:
Bear in mind this is dual Fast Ethernet not Gigabit Ethernet, compared
to
your current GSR.
Traffic levels were ~10Mbit, afair?
Nick
Hi,
what kind of optics is that ?
The readings rely on the optics used.
Here an output of a system with some OEM LR optics and China DWDM:
Optical Optical
Temperature Voltage Current Tx Power Rx Power
Port (Celsius)(Volts)
any caveat with certain hardware ?
My systems are Sup2T XL in CFC-only mode, 67xx linecards.
kind regards
Rolf Hanßen
___
cisco-nsp mailing list cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http
Hi Phil,
On 16/12/13 12:25, Rolf Hanßen wrote:
no hints or experiences ?
No other providers using ACLs on the network borders ?
These are all pretty basic questions; you might want to re-read the docs
a few times to get a better understanding.
Unfortunatelly the docs only describe
Hello Roland,
I am thinking about dropping some (mainly ddos) traffic on the outside
network borders with ACLs.
ACLs don't work well as a DDoS reaction mechanism. They're good for
protecting your network infrastructure:
https://app.box.com/s/osk4po8ietn1zrjjmn8b
S/RTBH is much better as a
Module Ttlent QoSent RBLent Lbl LOU TCP Dstbl Ethcam ACTtbl V6ext
5 1% 2% 0% 1%2% 0% 2%0% 0% 0%
Is there maybe any caveat with certain hardware ?
My systems are Sup2T XL in CFC-only mode, 67xx linecards.
kind regards
Rolf Hanßen
Hello Rod,
don't know if there is something special with RSP720 (or I do not
understand the question), but this sounds to me like simple switching + a
SVI:
int Gi1/x
switchport
switchport trunk encapsulation dot1q
switchport mode trunk
switchport trunk allowed vlan add the vlans on that
Hi,
that could work: Add the Arin ASN to your RIPE AS-set.
Tell Level3 to use the object from RADB instead of RIPE and should have
all networks then.
You can check what their prefixgen creates:
whois -h filtergen.level3.net RIPE::AS123
kind regards
Rolf
Hi Gert
I´d love to see my unicast
Hello,
no, you will only receive customer and own routes of those ISPs that also
peer with the route servers.
Not all members also peer with the route servers.
That results in only a small part of the full table, we learn 73k of about
462k prefixes at AMS-IX for example:
edge1-ams3#sh ip bg
Hello,
we use a few noname China DWDM Xenpaks as well as SFP+ optics with Xenpak
adapter since about 2 years now in 6704 cards.
No outages or issues yet.
But no idea if there is a difference to the Smartoptics or if DWDM/CWDM
support differs.
You should think about using SFP+ + adapter, I think
Hello,
Sampling is the normal mode of flow telemetry generation used by large
network operators, so it's utility is pretty well-established.
I know, that is why I asked for a known to work config, we use netflow for
the first time, others may have some years of experience and also use it
on a
.
It's a 7609-S with CFC only and WS-X67xx linecards.
kind regards
Rolf
On Oct 17, 2013, at 7:06 PM, Rolf Hanßen n...@rhanssen.de wrote:
For example a box exporting something to a Peakflow SP for dos
recognition.
I recognized that starting a random-source-ip flood over my box even
could
make
than everything else was not recognized by the
collector software).
Any other ideas ?
kind regards
Rolf
On Oct 18, 2013, at 12:13 PM, Rolf Hanßen n...@rhanssen.de wrote:
ip flow monitor monitorname input
ip flow monitor monitorname output
If you're collecting both ingress and egress NetFlow
Hello,
the discussion got a bit off-topic.
I have the same issue (cpu-usage explodes after enabling netflow).
@Jiri:
Were you able to solve that problem ? There was no follow-up.
@Roland:
Do you have a sample config / IOS version combination known to work with
high amount of
guess at least anybody who upgraded from Sup720 to Sup2T bought
Supervisor and license separately and not bundled as part of a filled
chassis.
kind regards
Rolf
On 08/29/2013 11:12 PM, Rolf Hanßen wrote:
Hi,
so there is no key or certificate or reference number at all
of
the
software licensing, so treat that as you may as far as any enforcement vs
just buying one license and installing it on many devices.
-Blake
On Thu, Aug 29, 2013 at 5:12 PM, Rolf Hanßen n...@rhanssen.de wrote:
Hi,
so there is no key or certificate or reference number at all ?
What
Hello,
just for my interest: what amount of routes are we discussing ?
show platform hardware capacity:
L3 Forwarding Resources
FIB TCAM usage: TotalUsed
%Used
72 bits (IPv4, MPLS, EoM) 1048576 460874
44%
or 256 IPv6, every IPv6 entry takes 4x IPv4 Slots) ?
kind regards
Rolf
On Fri, 30 Aug 2013, Rolf Hanßen wrote:
Hello,
just for my interest: what amount of routes are we discussing ?
show platform hardware capacity:
L3 Forwarding Resources
FIB TCAM usage
Hello,
I just wanted to install a IOS license for the first time (advipservicek9
on Sup2T with IOS 15).
Unfortunatelly I have no clue about that topic and my dealer and Cisco
support do not seam to have either.
I got no license number or anything else from my dealer, just a CD with
the image.
Hi,
so there is no key or certificate or reference number at all ?
What prevents customers to buy one alibi license for all devices if
there is no link to the device?
Does it have any effect at all if you configure/install such a pseudo
license or not ?
regards
Rolf
On 29/08/13 17:45, Rolf
normally,
The only conclusion is that it is a software issue.
Keep in mind that TAC may not have it listed as a known bug even though it
was fixed.
LR Mack McBride
Network Architect
-Original Message-
From: cisco-nsp [mailto:cisco-nsp-boun...@puck.nether.net] On Behalf Of
Rolf Hanßen
Hello,
Following Setup:
I created a User with no privileges and want to allow some commands. I
configured:
privilege exec level 0 show bgp ipv6 unicast
privilege exec level 0 show bgp ipv4 unicast
privilege exec level 0 show ip bgp
privilege exec level 0 show ip route
All commands were accepted
Hi,
If I had a support contract for that box I would open a tac case now. ;)
kind regards
Rolf
On 28/06/2013 17:55, Rolf Hanßen wrote:
does not look like this is a general hardware version issue.
mmm, ok. I would:
- run a context diff on the configuration on each of these machines
in software instead of hardware. ;)
kind regards
Rolf
On 27/06/2013 17:36, Rolf Hanßen wrote:
Is there a way to match that destination IP = connected IP without
entry
in arp table traffic ? I found no such option in the syntax.
that is a glean packet, and is handled using rate limiters, not CoPP
Hi,
no egress ACL.
On the box I tested there is no ACL bound to any interface at all, only
some in copp classes and one for the line vty.
regards
Rolf
On 28/06/13 13:14, Rolf Hanßen wrote:
Hello,
thanks for the info but that does not help in my case, just tried out.
The link confirms
#3 (version 12.2(33)SXH2): it also works with mls rate-limit
unicast cef glean configured
Any further ideas except hardware failure, buggy software or try
rebooting it ?
regards
Rolf
On (2013-06-28 15:05 +0200), Rolf Hanßen wrote:
no egress ACL.
On the box I tested there is no ACL bound
Hi Nick,
does not look like this is a general hardware version issue.
the bad box:
Mod Port Model Serial #Versions
-- ---
-
52 WS-SUP720-3B ### Hw : 5.3
Hi,
we recently installed CoPP on several boxes (Sup720, Sup2T).
We have a lot of allow ... whitelist rules and end with a
class dropping everything:
class class-copp-any-ip
police cir 128000 bc 1000 conform-action drop exceed-action drop
violate-action drop
class-map match-any
Hi,
now got another annoying card, this one does not boot from bootdisk:
--
System Bootstrap, Version 8.5(4)
Copyright (c) 1994-2009 by cisco Systems, Inc.
Cat6k-Sup720/SP processor with 1048576 Kbytes of main memory
Autoboot executing command: boot
, Rolf Hanßen wrote:
R2(config-if)#ip verify unicast source reachable-via rx ?
...
allow-self-ping Allow router to ping itself (opens vulnerability in
verification)
l2-src Check packets arrive with correct L2 source address
What kind of vulnerability is that ? Just for my interest
packet incoming.
I tested and could send packets with changed source IPs without an entry
in the MAC table at all for that source IP and also with another MAC
(configured statically) in the arp table.
kind regards
Rolf Hanßen
Hi,
On Sun, Mar 17, 2013 at 05:46:21PM +0100, Rolf Hanßen wrote
(0011.5d9b.a180) has
next header 0x59, which is 89 / OSPF.
kind regards
Rolf
On 07/05/2013 13:05, Rolf Hanßen wrote:
So as far as I testet Sup2T only needs:
permit 89 FE80::/10 any
Sup720 needs:
permit 89 FE80::/10 any
permit ipv6 FE80::/10 FE80::/10
ok, odd.
Some minutes later:
1w5d: %OSPFv3-5
Hello Nick,
that does not help if I cannot filter using the protocoll number.
Maybe I described not exactly.
Whatever OSPF sends, it is not protocol number 89 or CoPP is not able to
filter the protocoll number.
I did further testing and chnaged everything to a Sup2T compatible way
(only one ACL
Hello list,
I am trying to configure IPv6 CoPP and could use some help with several
issues.
First of all I need to know how to allow/filter OSPFv3 sessions.
I am filtering with those rules (reduced them to the minimum for testing):
Hello,
I used no authentication for testing, but thanks for the hint, need to put
that on the checklist before implementing. ;)
kind regards
Rolf
If I apply the policy-map after OSPF changes to FULL, it stays in that
status.
If I apply the map and clear OSPF process it flaps the whole time
AM, Rolf Hanßen n...@rhanssen.de wrote:
Hello,
I used no authentication for testing, but thanks for the hint, need to
put
that on the checklist before implementing. ;)
kind regards
Rolf
If I apply the policy-map after OSPF changes to FULL, it stays in
that
status.
If I apply
Hello,
is there a way to see the age of a BGP route learned from peer xyz in IOS ?
sh ip route contains information for the last route change but not
peer-related.
I am looking for something like sh ip bg routes detail on a Brocade that
also lists the last change of a route for each peer
Hello,
after 2 afternoons of trial and error I now got it running.
I replaced the memory modules (RP and SP Ram, not the flash) and could
boot from the 64MB flash modules then.
The CF card was still not accepted.
I needed to boot into some older image, format the CF card in disk0 of the
Sup720.
Hello,
I have an issue with a (refurbished) Sup720-2B. It does not load the IOS.
Chassis is a 6509, also tried a 6509-E and tried Slot 5 + 6 to make sure
the chassis is ok.
Few seconds after telling me to load the IOS it hangs:
System Bootstrap, Version 8.5(3)
Hello,
Just wanted to drop some UDP flooding with an interface ACL.
I configured:
interface Vlan1373
ip access-group block-flood in
exit
Access-list is very simple:
edge1-ams3#sh ip access-lists block-flood
Extended IP access list block-flood
10 deny udp any host 1.2.3.4 (589878 matches)
Hello,
I now see it works.
Not as nice as tcpdump, but at least something to work with. ;)
Thanks for your help
Rolf
On Fri, 2013-03-15 at 14:20 +0100, Rolf HanÃen wrote:
just tried out, all ends with:
%SPAN-5-PKTCAP_STOP: Packet capture session 1 ended after the
specified time, 0 packets
Hello,
is there some guide that covers the this will go to the RP on Sup... and
the this will also affect ... and this is limited to xy
interfaces/vlans/routes stuff ?
We thought about implementing strict mode on some customer interfaces
(those special customers who always get attacked and
Hello Peter,
just tried out, all ends with:
%SPAN-5-PKTCAP_STOP: Packet capture session 1 ended after the specified
time, 0 packets captured
edge1-dus1#sh monitor session 1 detail
Session 1
-
Type : Capture Session
Description: -
Source Ports :
to overload CPU (live environment).
Hardware in my case are several Sup720-3B, Sup720-3BXL or Sup2T with 67xx
linecards.
If there are special software revisions needed, please let me know.
kind regards
Rolf Hanßen
___
cisco-nsp mailing list cisco-nsp
Hi,
we try to use UTC as far as possible (to avoid summer/winter time
confusion), no big problem imho.
But that's POV of a European, we just need to add 1 or 2 hours, not
subtract 6-9. ;).
kind regards
Rolf
my company is east-coast US, but now we're expanding West; for the first
time we'll
VLAN 1 no longer on that port.
Chuck
-Original Message-
From: cisco-nsp-boun...@puck.nether.net
[mailto:cisco-nsp-boun...@puck.nether.net] On Behalf Of Rolf Hanßen
Sent: Tuesday, March 12, 2013 1:34 PM
To: cisco-nsp@puck.nether.net
Subject: [c-nsp] STP active/listed on wrong port
)
Hardware is Cisco 7609-S, Sub720-3BXL, Slot 7 is a WS-X6724-SFP
kind regards
Rolf Hanßen
___
cisco-nsp mailing list cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/
it on both sides, or wacky/painful things can happen), you should
see VLAN 1 no longer on that port.
Chuck
-Original Message-
From: cisco-nsp-boun...@puck.nether.net
[mailto:cisco-nsp-boun...@puck.nether.net] On Behalf Of Rolf Hanßen
Sent: Tuesday, March 12, 2013 1:34 PM
To: cisco
of packet buffer memory.
65536K bytes of Flash internal SIMM (Sector size 512K).
Configuration register is 0x2102
edge1-dus3#
Hi,
On Tue, Mar 12, 2013 at 06:34:14PM +0100, Rolf Hanßen wrote:
do you have an explanation why STP thinks Gi7/16 belongs to vlan 1 ?
Some of the more stupid
Hello list,
is there any book you can recommend ?
I am also interested in the VPN/transport feature mainly and want to run
it on a C6500/Brocade mixed network.
I see MPLS and VPN Architectures widely available, but im wondering it
was already released in year 2000, which sounds a bit outdated to
Hello,
I think we got a flooding with ARP packets towards a SUP720-3B, I saw that
here with sh buffers input-interface vlan xy header:
Buffer information for Small buffer at 0x4634BF8C
data_area 0x802E5E4, refcount 1, next 0x4639A6A0, flags 0x200
linktype 1 (ARP), enctype 1 (ARPA), encsize
Hello,
this week we had an attack directly against one of our XMR (UDP packets to
a transfer network IP).
I was looking for an CoPP-equivalant and found the IP Receive ACLs feature.
In sample case of I block all UDP and allow everthing else I would use
that config here according to the manual:
Sorry, wrong list, should go to foundry-nsp ;)
Hello,
this week we had an attack directly against one of our XMR (UDP packets to
a transfer network IP).
I was looking for an CoPP-equivalant and found the IP Receive ACLs
feature.
In sample case of I block all UDP and allow everthing else I
Hi,
any idea how other providers offer such redundancy to end customers (if
they do at all) ?
We have a mass of customers with /29 or /28 networks and losing IPs isn't
an option in such cases imo.
Using bigger networks would require giving up vlan separation each
customer, no option either.
Hello,
we have a few setups that do gateway failover with Linux + CARP and are
thinking if we can replace them with HRSP (or VRRP).
The CARP setups are configured that way now:
-a small non-public network (something like 192.168.0.0/30) is configured
on the interfaces and used to run CARP to
+0100, Rolf Hanßen wrote:
What about a NSE-100 ? Looks cheap on Ebay.
There's a reason for that. End-of-life, and abandoned architecture (PXF).
gert
--
USENET is *not* the non-clickable part of WWW!
//www.muc.de/~gert/
Gert Doering
/preparing/configuring.
regards
Rolf
On 16 December 2011 10:53, Phil Mayers p.may...@imperial.ac.uk wrote:
On 12/16/2011 01:09 AM, Rolf Hanßen wrote:
Hi Andrew,
just pure forwarding of a few public networks towards each other and
internet with default route.
No tunnels, no NAT, no DHCP, no VPN
a suggestion to take a refurbished 7206VXR + NPE-G1 but it still
looks expensive to me for such old piece of hardware.
Can you suggest a better/cheaper solution ?
kind regards
Rolf Hanßen
___
cisco-nsp mailing list cisco-nsp@puck.nether.net
https
, Rolf Hanßen wrote:
I am looking for a stable, reliable router / Layer3 switch that can do
the
following:
-forward at least 1GBit / 1Mpps
-full support of IPv6
-provide NetFlow data or similar for several hundred connected hosts in
a
way that can be used for IP-based accounting (including
Hi,
I know that WS-X6548-GE-TX has only 8GBit fdx towards the chassis/bus and
I was told recently that this bandwidth is maybe divided into some kind of
port groups.
Unfortunatelly I found nothing except some old documents that describe
some ASIC limiation in old CatOS versions while using port
it is not in a
mode which requires same sizes as active card) ? attach the slot and sh
mem ?
kind regards
Rolf Hanßen
___
cisco-nsp mailing list cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http
to its i-bgp peer/s?
2) All peers(E an I on same broadcast segment OR part of an NBMA-cloud)-
the behavior is the same!
./Randy
Ok, forget the next-hop-self part, I thought it would have impact on
outgoing routes also.
regards
Rolf
--- On Sat, 10/8/11, Rolf Hanßen n...@rhanssen.de wrote
Hi,
I was just wondering about the output of:
sh bgp ipv6 unicast neighbors x advertised-routes
sh ip bgp neighbors x advertised-routes
I have configured next-hop-self and think that the Next Hop column
should show the IP of my side of the (e)BGP session.
Quagga and Foundry XMR behave
not shown here but calculated and forwarded correctly.
kind regards
Rolf
-Original Message-
From: cisco-nsp-boun...@puck.nether.net
[mailto:cisco-nsp-boun...@puck.nether.net] On Behalf Of Rolf Hanßen
Sent: Friday, September 09, 2011 3:51 PM
To: cisco-nsp@puck.nether.net
Subject: [c-nsp
:
6500: 12.2(33)SXJ
7600: 15.1(2)S
kind regards
Rolf Hanßen
___
cisco-nsp mailing list cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/
Hi,
I just thought about how to add an interface to a running channel and I am
wondering about the config after adding a port.
If you have an existing channel and use channel-group ... on a clean
interface to add it the config of the physical interface is not extendet
with the config of the
1 - 100 of 104 matches
Mail list logo