Hi,
we currently have an ftth deployment with Cisco4506 switches with 80 port
linecards in the larger pops.
We are evaluating the ME2600X for scenarios where we cannot justify a large
chassis like in house fttth, curb side deployment or even temporary setups for
small pops that will grow later.
We have a vlan per service architectur with one vlan for each of management,
voip, iptv and dual stacked internet. The customers are in s ahred vlan which
means we also need the full array of first hop security features that are
available on the 4506.
I have succeeded in mapping our classic vlan trunk interfaces on the 4506 to
service instances and bridge groups on the me2600x platform. We also have
basic ipv4 dhcp snooping and dhcp based source guard setup and running.
1. DHCP Snooping
-----------------
The first thing that we found missing compared to the 4506 was the override
option for dhcp option 82 circuit-id.
On the 4506 we configure dhcp option 82 circuit-id for vlans as follows:
ip dhcp snooping vlan 601 information option format-type circuit-id override
string CUST-999999-50009999
On the ME2600X we do following on the service instance:
ip dhcp relay information option subscriber-id CUST-999999-50009999
There is no override which means that the switch prepends binary
port/vlan/service instances/bridge group information to the subscriber id
string. We could to work around this with python code on our ACS to detect the
format and extract the string. Although it worked this time this is annoying
as the binary option82 information varies wildly between platforms, is not
exactly documented and we already have too many workarounds for various
devices. First question woulbe be if the override option is in the works for
the ME2600X platform.
2. Per service speed profiles
-----------------------------
The second issue I am currently struggling with is how to properly implement
our products with varying internet access speeds. We have both symmertric and
asymmetric access speeds for residential and business customers. With speed
profiles 100/10, 100/5, 50/5, 25/2.5 up/downstrom in mbits/s. All this is on
gigabit fibre ports.
We would like to police/shape the internet service on vlan510/610 only.
On the 4506 we have per vlan ingress and egress policing on trunk ports as
follows:
policy-map police-2dot5
class class-default
police cir 2750000
policy-map police-50
class class-default
police cir 55000000
!
interface GigabitEthernet2/3
switchport mode private-vlan trunk
vlan-range 510
service-policy output police-50
vlan-range 610
service-policy input police-2dot5
From what I can make of the only documentation I could find at:
http://www.cisco.com/c/en/us/td/docs/switches/metro/me2600x/config/guide/b_ME2600X-scg/b_ME2600X-scg_chapter_010.html
The platform seems to be able to do ingress policing and egress shaping.
Ingress it seems we should be able put a policer on the internet service
instance.
Egress it seems we are limited to per inteface shaping.
policy-map shape-100
class class-default
shape average 100000000
!
policy-map police-10
class class-default
police cir 10000000
!
interface GigabitEthernet0/1
service-policy output shape-100
!
service instance 610 ethernet
encapsulation dot1q 610
rewrite ingress tag pop 1 symmetric
service-policy input police-10
bridge-domain 610 split-horizon
To get the egress policer to focus on vlan 610 only we have tried:
class-map match-any class-inet
match vlan 610
policy-map shape-inet-100
class class-inet
shape average 100000000
!
interface GigabitEthernet0/1
service-policy output shape-inet-100
!
I am not through testing all of this but would like to know if we are on the
right track. I see there is also interface based rate limiting available with
an acl that we might be able to use.
How are we supposed to implement per service instance speed profiles on this
platform ?
3. IPv6 FHS roadmap
-------------------
Third questions is on the roadmap of IPv6 FHS features like dhcp prefix
snooping, and dhcpv6 prefix-guard features already available on the 4506.
4. Fibre port speed/duplex negotiation
--------------------------------------
Finally we also have recently migrated all our Fibre ports to full duplex and no speed
negotiation as Cisco has removed duplex and speed negotiation from all other known
switching platforms. After consultation with TAC we have "speed nonegotiate"
configured on all the 4506 ports which is supposed to force the port to up.
What would be the correct magic word for the ME2600X to force a port not only
to speed 1000 and duplex full but also to force it up.
We need the ports to be always on so the dumb FTU units we have deployed see
gigabit frames and bring their link up.
I would be happy to hear from others using or evaluatiing the ME2600X for their
experiences.
Greetings
Christian
--
Christian Kratzer CK Software GmbH
Email: c...@cksoft.de Wildberger Weg 24/2
Phone: +49 7032 893 997 - 0 D-71126 Gaeufelden
Fax: +49 7032 893 997 - 9 HRB 245288, Amtsgericht Stuttgart
Mobile: +49 171 1947 843 Geschaeftsfuehrer: Christian Kratzer
Web: http://www.cksoft.de/
_______________________________________________
cisco-nsp mailing list cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/
