Hi, we currently have an ftth deployment with Cisco4506 switches with 80 port linecards in the larger pops.
We are evaluating the ME2600X for scenarios where we cannot justify a large chassis like in house fttth, curb side deployment or even temporary setups for small pops that will grow later. We have a vlan per service architectur with one vlan for each of management, voip, iptv and dual stacked internet. The customers are in s ahred vlan which means we also need the full array of first hop security features that are available on the 4506. I have succeeded in mapping our classic vlan trunk interfaces on the 4506 to service instances and bridge groups on the me2600x platform. We also have basic ipv4 dhcp snooping and dhcp based source guard setup and running. 1. DHCP Snooping ----------------- The first thing that we found missing compared to the 4506 was the override option for dhcp option 82 circuit-id. On the 4506 we configure dhcp option 82 circuit-id for vlans as follows: ip dhcp snooping vlan 601 information option format-type circuit-id override string CUST-999999-50009999 On the ME2600X we do following on the service instance: ip dhcp relay information option subscriber-id CUST-999999-50009999 There is no override which means that the switch prepends binary port/vlan/service instances/bridge group information to the subscriber id string. We could to work around this with python code on our ACS to detect the format and extract the string. Although it worked this time this is annoying as the binary option82 information varies wildly between platforms, is not exactly documented and we already have too many workarounds for various devices. First question woulbe be if the override option is in the works for the ME2600X platform. 2. Per service speed profiles ----------------------------- The second issue I am currently struggling with is how to properly implement our products with varying internet access speeds. We have both symmertric and asymmetric access speeds for residential and business customers. With speed profiles 100/10, 100/5, 50/5, 25/2.5 up/downstrom in mbits/s. All this is on gigabit fibre ports. We would like to police/shape the internet service on vlan510/610 only. On the 4506 we have per vlan ingress and egress policing on trunk ports as follows: policy-map police-2dot5 class class-default police cir 2750000 policy-map police-50 class class-default police cir 55000000 ! interface GigabitEthernet2/3 switchport mode private-vlan trunk vlan-range 510 service-policy output police-50 vlan-range 610 service-policy input police-2dot5
From what I can make of the only documentation I could find at:
http://www.cisco.com/c/en/us/td/docs/switches/metro/me2600x/config/guide/b_ME2600X-scg/b_ME2600X-scg_chapter_010.html The platform seems to be able to do ingress policing and egress shaping. Ingress it seems we should be able put a policer on the internet service instance. Egress it seems we are limited to per inteface shaping. policy-map shape-100 class class-default shape average 100000000 ! policy-map police-10 class class-default police cir 10000000 ! interface GigabitEthernet0/1 service-policy output shape-100 ! service instance 610 ethernet encapsulation dot1q 610 rewrite ingress tag pop 1 symmetric service-policy input police-10 bridge-domain 610 split-horizon To get the egress policer to focus on vlan 610 only we have tried: class-map match-any class-inet match vlan 610 policy-map shape-inet-100 class class-inet shape average 100000000 ! interface GigabitEthernet0/1 service-policy output shape-inet-100 ! I am not through testing all of this but would like to know if we are on the right track. I see there is also interface based rate limiting available with an acl that we might be able to use. How are we supposed to implement per service instance speed profiles on this platform ? 3. IPv6 FHS roadmap ------------------- Third questions is on the roadmap of IPv6 FHS features like dhcp prefix snooping, and dhcpv6 prefix-guard features already available on the 4506. 4. Fibre port speed/duplex negotiation -------------------------------------- Finally we also have recently migrated all our Fibre ports to full duplex and no speed negotiation as Cisco has removed duplex and speed negotiation from all other known switching platforms. After consultation with TAC we have "speed nonegotiate" configured on all the 4506 ports which is supposed to force the port to up. What would be the correct magic word for the ME2600X to force a port not only to speed 1000 and duplex full but also to force it up. We need the ports to be always on so the dumb FTU units we have deployed see gigabit frames and bring their link up. I would be happy to hear from others using or evaluatiing the ME2600X for their experiences. Greetings Christian -- Christian Kratzer CK Software GmbH Email: c...@cksoft.de Wildberger Weg 24/2 Phone: +49 7032 893 997 - 0 D-71126 Gaeufelden Fax: +49 7032 893 997 - 9 HRB 245288, Amtsgericht Stuttgart Mobile: +49 171 1947 843 Geschaeftsfuehrer: Christian Kratzer Web: http://www.cksoft.de/ _______________________________________________ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/