[c-nsp] Need some advice on ISP failover for an enterprise
Hi, We have servers at two of our large locations in a single country that need to be reached from the Internet. Both locations each have a single 45 M ISP link, and also have internal connectivity with each other through multiple private links. The private WAN connecting the two locations has plenty of bandwidth and the latency is less than 40 ms between the two sites. We have our own registered ASN and public IP ranges. We have multi-homed ISP links at several other locations but not at these two locations. Also, both locations are partly ready for multi-homing in that they already use our own IP range and run BGP to the provider using our ASN. We have been asked to implement failover, for both the locations. The options we are considering are: 1. Traditional multi-homing by adding a second ISP at each location. 2. Buying a leased line to connect the CER at both locations and letting the incoming traffic for either location transit over that line to provide failover when one site's ISP goes down. This link would terminate on the 'dirty' side of our firewall and not have anything to do with the internal WAN. 3. Setting up a VPN-type tunnel between the ISP routers at both sites that would be routed over our internal WAN. This is similar to option 2 but doesn't involve any extra cost. Obviously we would prefer option 1 as it is simplest and safest to set up, and we already have experience with that type of setup, however we have been asked to look at cheaper options due to budget constaints, hence wanted some advice on the other options, do you think they could work well, any potential issues we should look out for, or should we even be considering them? Regards, Andrew Gabriel. Network Engineer, Enterprise Data Services. +91 44 42 22 88 75 (Direct) +91 98 41 41 40 19 (Mobile) www.sanmina-sci.com Sanmina-SCI India Pvt. Ltd. A51, 2nd Avenue, Anna Nagar, Chennai - 600 102, INDIA. CONFIDENTIALITY This e-mail message and any attachments thereto, is intended only for use by the addressee(s) named herein and may contain legally privileged and/or confidential information. If you are not the intended recipient of this e-mail message, you are hereby notified that any dissemination, distribution or copying of this e-mail message, and any attachments thereto, is strictly prohibited. If you have received this e-mail message in error, please immediately notify the sender and permanently delete the original and any copies of this email and any prints thereof. ABSENT AN EXPRESS STATEMENT TO THE CONTRARY HEREINABOVE, THIS E-MAIL IS NOT INTENDED AS A SUBSTITUTE FOR A WRITING. Notwithstanding the Uniform Electronic Transactions Act or the applicability of any other law of similar substance and effect, absent an express statement to the contrary hereinabove, this e-mail message its contents, and any attachments hereto are not intended to represent an offer or acceptance to enter into a contract and are not otherwise intended to bind the sender, Sanmina-SCI Corporation (or any of its subsidiaries), or any other person or entity. ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] Data Center cooling
$quoted_author = Scott Granados ; Well, in the rest of the world outside the US definitely, remember there is a larger world out there. We're the last (I think) not to go metric. Not the last, but for company you only have Burma (Myanmar) and Liberia! http://en.wikipedia.org/wiki/Metric_system cheers Marty ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] Need some advice on ISP failover for an enterprise
Andrew, You should also look at another option where you can use your IPS's addresses, and collocate a GSLB device (look at Cisco GSS, but not the only one on the market), which would allow you to do some intelligent selection for client/server connections. Actually with BGP you would have issues with granularity, as BGP usually can propagate only /24 routes (longer subnets usually get filtered by upstreams). Arie -Original Message- From: cisco-nsp-boun...@puck.nether.net [mailto:cisco-nsp-boun...@puck.nether.net] On Behalf Of Andrew Gabriel Sent: Friday, January 08, 2010 10:55 To: Cisco-nsp Subject: [c-nsp] Need some advice on ISP failover for an enterprise Hi, We have servers at two of our large locations in a single country that need to be reached from the Internet. Both locations each have a single 45 M ISP link, and also have internal connectivity with each other through multiple private links. The private WAN connecting the two locations has plenty of bandwidth and the latency is less than 40 ms between the two sites. We have our own registered ASN and public IP ranges. We have multi-homed ISP links at several other locations but not at these two locations. Also, both locations are partly ready for multi-homing in that they already use our own IP range and run BGP to the provider using our ASN. We have been asked to implement failover, for both the locations. The options we are considering are: 1. Traditional multi-homing by adding a second ISP at each location. 2. Buying a leased line to connect the CER at both locations and letting the incoming traffic for either location transit over that line to provide failover when one site's ISP goes down. This link would terminate on the 'dirty' side of our firewall and not have anything to do with the internal WAN. 3. Setting up a VPN-type tunnel between the ISP routers at both sites that would be routed over our internal WAN. This is similar to option 2 but doesn't involve any extra cost. Obviously we would prefer option 1 as it is simplest and safest to set up, and we already have experience with that type of setup, however we have been asked to look at cheaper options due to budget constaints, hence wanted some advice on the other options, do you think they could work well, any potential issues we should look out for, or should we even be considering them? Regards, Andrew Gabriel. Network Engineer, Enterprise Data Services. +91 44 42 22 88 75 (Direct) +91 98 41 41 40 19 (Mobile) www.sanmina-sci.com Sanmina-SCI India Pvt. Ltd. A51, 2nd Avenue, Anna Nagar, Chennai - 600 102, INDIA. CONFIDENTIALITY This e-mail message and any attachments thereto, is intended only for use by the addressee(s) named herein and may contain legally privileged and/or confidential information. If you are not the intended recipient of this e-mail message, you are hereby notified that any dissemination, distribution or copying of this e-mail message, and any attachments thereto, is strictly prohibited. If you have received this e-mail message in error, please immediately notify the sender and permanently delete the original and any copies of this email and any prints thereof. ABSENT AN EXPRESS STATEMENT TO THE CONTRARY HEREINABOVE, THIS E-MAIL IS NOT INTENDED AS A SUBSTITUTE FOR A WRITING. Notwithstanding the Uniform Electronic Transactions Act or the applicability of any other law of similar substance and effect, absent an express statement to the contrary hereinabove, this e-mail message its contents, and any attachments hereto are not intended to represent an offer or acceptance to enter into a contract and are not otherwise intended to bind the sender, Sanmina-SCI Corporation (or any of its subsidiaries), or any other person or entity. ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/ ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
[c-nsp] SA 520 - Virus filter?
Hi, we just picked up an SA520 box for a customer, seems like a nice SOHO box ... anyway, while I got most everything working easily (after going through all kinds of hassle with the TrendMicro website registration for the filtering license), including web site filtering based on classification, but somehow filtering of virus files doesn't seem to be working - I've enabled all Content Filter options on the firewall page, but can still download the EICAR test signature without any intervention by the SA ... Any idea what I might be missing here? Tnx, Garry ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] ACLs and 2948G-L3
Hm thanks, I think I'm going to need two GBICs then. Jens Neu Health Services Network Administration Phone: +49 (0) 30 68905-2412 Mail: jens@biotronik.de Asbjorn Hojmark - Lists li...@hojmark.org 01/07/2010 05:44 PM To Jens Neu jens@biotronik.com cc cisco-nsp@puck.nether.net Subject Re: [c-nsp] ACLs and 2948G-L3 On Thu, 7 Jan 2010 16:37:29 +0100, you wrote: I've come across a lot of people complaining about the 2948G-L3 and access-lists. I defined two extended access-lists which are bound to FastEthernet35 (in and out). The switch complains nowhere, but when the ACLs should trigger, this appears in the log: ACLs are only supported on the GE interfaces, not FE. -A www.biotronik.com BIOTRONIK SE Co. KG Woermannkehre 1, 12359 Berlin, Germany Sitz der Gesellschaft: Berlin, Registergericht: Berlin HRA 6501 Vertreten durch ihre Komplementärin: BIOTRONIK MT SE Sitz der Gesellschaft: Berlin, Registergericht: Berlin HRB 118866 B Vorsitzender des Verwaltungsrats: Dr. Max Schaldach Geschäftsführende Direktoren: Christoph Böhmer, Dr. Werner Braun, Dr. Lothar Krings BIOTRONIK - A global manufacturer of advanced Cardiac Rhythm Management systems and Vascular Intervention devices. Quality, innovation, and reliability define BIOTRONIK and our growing success. We are innovators of technologies like the first wireless remote monitoring system - Home Monitoring®, Closed Loop Stimulation and coveted lead solutions as well as state-of-the-art stents, balloons and guide wires for coronary and peripheral indications. We highly invest in the development of drug eluting devices and are leading the industry with our bioabsorbable metal stent program. This e-mail and the information it contains including attachments are confidential and meant only for use by the intended recipient(s); disclosure or copying is strictly prohibited. If you are not addressed, but in the possession of this e-mail, please notify the sender immediately and delete the document. ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
[c-nsp] Subnetting Issue --- help
Dear All, i have one question regarding subneting, in my network i have given ip for FastEthernet1 192.168.9.65/27 this interface is connected to local LAN - in the local machine ip i have given 192.168.9.66 TO 192.168.9.75 using subnet /24 my question is that if there is any problem in using /24 subneting in LOCAL LAN, i mean problem link speed issue or any bandwidth issue will happen ?? please help. ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
[c-nsp] QOS - Multilink Question
Hey folks... I haven't run across this before so hoping someone can suggest a quick fix..;) Cisco 6500 - off this box feeding three T1's out to customer prem using multilink PPP. These are full rate T1: dis1-rtr-pt#sh interfaces Serial 5/0/2:21 Serial5/0/2:21 is up, line protocol is up Hardware is Multichannel T1 Description: MTU 1500 bytes, BW 1536 Kbit, DLY 2 usec, reliability 255/255, txload 1/255, rxload 1/255 Encapsulation PPP, crc 16, Data non-inverted Keepalive set (10 sec) LCP Open, multilink Open Last input 00:00:05, output 00:00:05, output hang never Last clearing of show interface counters 00:00:01 Input queue: 0/75/0/0 (size/max/drops/flushes); Total output drops: 0 Queueing strategy: fifo Output queue: 0/40 (size/max) 5 minute input rate 0 bits/sec, 0 packets/sec 5 minute output rate 0 bits/sec, 0 packets/sec 8 packets input, 630 bytes, 0 no buffer Received 0 broadcasts (0 IP multicasts) 0 runts, 0 giants, 0 throttles 0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored, 0 abort 7 packets output, 594 bytes, 0 underruns 0 output errors, 0 collisions, 0 interface resets 0 output buffer failures, 0 output buffers swapped out 0 carrier transitions no alarm present Timeslot(s) Used:1-24, subrate: 64Kb/s, transmit delay is 0 flags I have a very basis QOS profile to apply on the multilink interface but it keeps telling me there isn't enough bandwidth available - the QOS config does a match on DSCP=EF and then strict priority of 2000. Can you not exceed a strict priority higher than one of the physical interfaces in a multilink bundle?? class-map match-any KCU-Mapleridge-MAP match dscp ef policy-map KCU-Mapleridge class KCU-Mapleridge-MAP priority 2000 interface Multilink21 description xx bandwidth 4608 ip address xx.xx.xx.217 255.255.255.248 ppp multilink ppp multilink interleave multilink-group 21 end dis1-rtr-pt#conf t dis1-rtr-pt(config)#interface Multilink 21 dis1-rtr-pt(config-if)#service-policy output KCU-Mapleridge bandwidth of 2000 kbps is not available (1536). Appreciate any input... Paul ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
[c-nsp] PXE not working on Cat2948
Der all, I have a Catalyst 2948G which seems to keep PXE boot from working properly. This one Cat2948 is the only Layer 2 device between the DHCP/PXE boot server and the PXE client - both are directly connected and share a /24. PXE boot is not working at all, and DHCP is unbearably slow, for no apparent reason. Both PXE Server and Client(s) are various IBM xSeries using the onboard GBit interfaces. Now the fun stuff: when I put a second Layer 2 device between the Cat 2948 and the PXE client, it is magically working. Means: PXE Server - Cat 2948 - some cheap Netgear Office switch - PXE Client == works. In fact, any additional Layer 2 device that appears between PXE Client and the Cat 2948 scares the problem away. Anyone seen this before? Any hints where to start looking? The switch looks as follows: WS-C2948 Software, Version NmpSW: 8.4(11)GLX Copyright (c) 1995-2006 by Cisco Systems, Inc. NMP S/W compiled on Apr 27 2006, 12:46:44 GSP S/W compiled on Apr 27 2006, 11:47:52 System Bootstrap Version: 6.1(4) Hardware Version: 2.5 Model: WS-C2948 Serial #: JAE061500JB Mod Port Model Serial # Versions --- -- - 1 0WS-X2948 JAE061500JB Hw : 2.5 Gsp: 8.4(11.0) Nmp: 8.4(11)GLX 2 50 WS-C2948G JAE061500JB Hw : 2.5 DRAMFLASH NVRAM Module Total UsedFreeTotal UsedFreeTotal Used Free -- --- --- --- --- --- --- - - - 1 65536K 37349K 28187K 12288K 10648K 1640K 480K 85K 395K best regards! Jens Neu Phone: +49 (0) 30 68905-2412 Mail: jens@biotronik.de www.biotronik.com BIOTRONIK SE Co. KG Woermannkehre 1, 12359 Berlin, Germany Sitz der Gesellschaft: Berlin, Registergericht: Berlin HRA 6501 Vertreten durch ihre Komplementärin: BIOTRONIK MT SE Sitz der Gesellschaft: Berlin, Registergericht: Berlin HRB 118866 B Vorsitzender des Verwaltungsrats: Dr. Max Schaldach Geschäftsführende Direktoren: Christoph Böhmer, Dr. Werner Braun, Dr. Lothar Krings BIOTRONIK - A global manufacturer of advanced Cardiac Rhythm Management systems and Vascular Intervention devices. Quality, innovation, and reliability define BIOTRONIK and our growing success. We are innovators of technologies like the first wireless remote monitoring system - Home Monitoring®, Closed Loop Stimulation and coveted lead solutions as well as state-of-the-art stents, balloons and guide wires for coronary and peripheral indications. We highly invest in the development of drug eluting devices and are leading the industry with our bioabsorbable metal stent program. This e-mail and the information it contains including attachments are confidential and meant only for use by the intended recipient(s); disclosure or copying is strictly prohibited. If you are not addressed, but in the possession of this e-mail, please notify the sender immediately and delete the document. ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] PXE not working on Cat2948
On Fri, 8 Jan 2010, Jens Neu wrote: Anyone seen this before? Any hints where to start looking? The switch looks as follows: Sounds like you need to enable spanning-tree portfast on the interfaces towards the PXE clients. This reduces the link up delay from 50 seconds to about 3. If the switch doesn't forward traffic quickly enough, the NIC may time out and decide PXE is unavailable. Rgds, - I. ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] PXE not working on Cat2948
Hi, On Fri, Jan 08, 2010 at 02:04:05PM +0100, Jens Neu wrote: Anyone seen this before? Any hints where to start looking? spanning-tree portfast gert -- USENET is *not* the non-clickable part of WWW! //www.muc.de/~gert/ Gert Doering - Munich, Germany g...@greenie.muc.de fax: +49-89-35655025g...@net.informatik.tu-muenchen.de pgp5DVL3HcAIX.pgp Description: PGP signature ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] Subnetting Issue --- help
vijay gore wrote: Dear All, i have one question regarding subneting, in my network i have given ip for FastEthernet1 192.168.9.65/27 this interface is connected to local LAN - in the local machine ip i have given 192.168.9.66 TO 192.168.9.75 using subnet /24 my question is that if there is any problem in using /24 subneting in LOCAL LAN, i mean problem link speed issue or any bandwidth issue will happen ?? No link speed or bandwidth issues, but your network will not be able to see anything within the 192.168.9/24 prefix (other than what is within your /27). All devices within your network will never go to the default gateway to route externally like they should, as all devices will think that the rest of the /24 is internal, rendering the subnet unreachable. Either render a /24 prefix on the router's fast Ethernet interface, or change the internal hosts to /27 as well. Steve ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] Need some advice on ISP failover for an enterprise
Given that the majority of your failures will be in the last mile, if you do not have physical link diversity, adding a second link will typically only provide a small improvement in availability. Beyond that, your key concerns are complexity, cost and future growth. If you pick option 3 and you need to tunnel for security purposes, think through how you plan to deal with the reduced MTU of the tunnel. Depending on your server requirements, the cleanest approach is often to just reduce the MTU used by the server to match the tunnel, even though it is smaller than what you could use under normal circumstances. Also keep track of traffic so that when the backup link is put to use, you don't discover the hard way that traffic has grown to the point where it won't fit! Good luck and have fun! -- Vincent C. Jones Networking Unlimited, Inc. Phone: +1 201 568-7810 v.jo...@networkingunlimited.com On Fri, 2010-01-08 at 14:25 +0530, Andrew Gabriel wrote: Hi, We have servers at two of our large locations in a single country that need to be reached from the Internet. Both locations each have a single 45 M ISP link, and also have internal connectivity with each other through multiple private links. The private WAN connecting the two locations has plenty of bandwidth and the latency is less than 40 ms between the two sites. We have our own registered ASN and public IP ranges. We have multi-homed ISP links at several other locations but not at these two locations. Also, both locations are partly ready for multi-homing in that they already use our own IP range and run BGP to the provider using our ASN. We have been asked to implement failover, for both the locations. The options we are considering are: 1. Traditional multi-homing by adding a second ISP at each location. 2. Buying a leased line to connect the CER at both locations and letting the incoming traffic for either location transit over that line to provide failover when one site's ISP goes down. This link would terminate on the 'dirty' side of our firewall and not have anything to do with the internal WAN. 3. Setting up a VPN-type tunnel between the ISP routers at both sites that would be routed over our internal WAN. This is similar to option 2 but doesn't involve any extra cost. Obviously we would prefer option 1 as it is simplest and safest to set up, and we already have experience with that type of setup, however we have been asked to look at cheaper options due to budget constaints, hence wanted some advice on the other options, do you think they could work well, any potential issues we should look out for, or should we even be considering them? Regards, Andrew Gabriel. Network Engineer, Enterprise Data Services. +91 44 42 22 88 75 (Direct) +91 98 41 41 40 19 (Mobile) www.sanmina-sci.com Sanmina-SCI India Pvt. Ltd. A51, 2nd Avenue, Anna Nagar, Chennai - 600 102, INDIA. CONFIDENTIALITY This e-mail message and any attachments thereto, is intended only for use by the addressee(s) named herein and may contain legally privileged and/or confidential information. If you are not the intended recipient of this e-mail message, you are hereby notified that any dissemination, distribution or copying of this e-mail message, and any attachments thereto, is strictly prohibited. If you have received this e-mail message in error, please immediately notify the sender and permanently delete the original and any copies of this email and any prints thereof. ABSENT AN EXPRESS STATEMENT TO THE CONTRARY HEREINABOVE, THIS E-MAIL IS NOT INTENDED AS A SUBSTITUTE FOR A WRITING. Notwithstanding the Uniform Electronic Transactions Act or the applicability of any other law of similar substance and effect, absent an express statement to the contrary hereinabove, this e-mail message its contents, and any attachments hereto are not intended to represent an offer or acceptance to enter into a contract and are not otherwise intended to bind the sender, Sanmina-SCI Corporation (or any of its subsidiaries), or any other person or entity. ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/ ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] Subnetting Issue --- help
This reads like a homework assignment. Look up the use of the all zeroes and all ones subnets. On Fri, 2010-01-08 at 17:15 +0530, vijay gore wrote: Dear All, i have one question regarding subneting, in my network i have given ip for FastEthernet1 192.168.9.65/27 this interface is connected to local LAN - in the local machine ip i have given 192.168.9.66 TO 192.168.9.75 using subnet /24 my question is that if there is any problem in using /24 subneting in LOCAL LAN, i mean problem link speed issue or any bandwidth issue will happen ?? please help. ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/ ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] PXE not working on Cat2948
spanning-tree portfast Thank you all, I'm going to update my STP knowledge :) regards Jens Neu Phone: +49 (0) 30 68905-2412 Mail: jens@biotronik.de Gert Doering g...@greenie.muc.de 01/08/2010 02:26 PM To Jens Neu jens@biotronik.com cc cisco-nsp@puck.nether.net Subject Re: [c-nsp] PXE not working on Cat2948 Hi, On Fri, Jan 08, 2010 at 02:04:05PM +0100, Jens Neu wrote: Anyone seen this before? Any hints where to start looking? spanning-tree portfast gert -- USENET is *not* the non-clickable part of WWW! //www.muc.de/~gert/ Gert Doering - Munich, Germany g...@greenie.muc.de fax: +49-89-35655025 g...@net.informatik.tu-muenchen.de www.biotronik.com BIOTRONIK SE Co. KG Woermannkehre 1, 12359 Berlin, Germany Sitz der Gesellschaft: Berlin, Registergericht: Berlin HRA 6501 Vertreten durch ihre Komplementärin: BIOTRONIK MT SE Sitz der Gesellschaft: Berlin, Registergericht: Berlin HRB 118866 B Vorsitzender des Verwaltungsrats: Dr. Max Schaldach Geschäftsführende Direktoren: Christoph Böhmer, Dr. Werner Braun, Dr. Lothar Krings BIOTRONIK - A global manufacturer of advanced Cardiac Rhythm Management systems and Vascular Intervention devices. Quality, innovation, and reliability define BIOTRONIK and our growing success. We are innovators of technologies like the first wireless remote monitoring system - Home Monitoring®, Closed Loop Stimulation and coveted lead solutions as well as state-of-the-art stents, balloons and guide wires for coronary and peripheral indications. We highly invest in the development of drug eluting devices and are leading the industry with our bioabsorbable metal stent program. This e-mail and the information it contains including attachments are confidential and meant only for use by the intended recipient(s); disclosure or copying is strictly prohibited. If you are not addressed, but in the possession of this e-mail, please notify the sender immediately and delete the document. ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] PXE not working on Cat2948
Sounds like spanning-tree port enable delay, issue try using spanning-tree portfast on the PXE client port Op 8-1-2010 14:04, Jens Neu schreef: Der all, I have a Catalyst 2948G which seems to keep PXE boot from working properly. This one Cat2948 is the only Layer 2 device between the DHCP/PXE boot server and the PXE client - both are directly connected and share a /24. PXE boot is not working at all, and DHCP is unbearably slow, for no apparent reason. Both PXE Server and Client(s) are various IBM xSeries using the onboard GBit interfaces. Now the fun stuff: when I put a second Layer 2 device between the Cat 2948 and the PXE client, it is magically working. Means: PXE Server - Cat 2948 - some cheap Netgear Office switch - PXE Client == works. In fact, any additional Layer 2 device that appears between PXE Client and the Cat 2948 scares the problem away. Anyone seen this before? Any hints where to start looking? The switch looks as follows: WS-C2948 Software, Version NmpSW: 8.4(11)GLX Copyright (c) 1995-2006 by Cisco Systems, Inc. NMP S/W compiled on Apr 27 2006, 12:46:44 GSP S/W compiled on Apr 27 2006, 11:47:52 System Bootstrap Version: 6.1(4) Hardware Version: 2.5 Model: WS-C2948 Serial #: JAE061500JB Mod Port Model Serial # Versions --- -- - 1 0WS-X2948 JAE061500JB Hw : 2.5 Gsp: 8.4(11.0) Nmp: 8.4(11)GLX 2 50 WS-C2948G JAE061500JB Hw : 2.5 DRAMFLASH NVRAM Module Total UsedFreeTotal UsedFreeTotal Used Free -- --- --- --- --- --- --- - - - 1 65536K 37349K 28187K 12288K 10648K 1640K 480K 85K 395K best regards! Jens Neu Phone: +49 (0) 30 68905-2412 Mail: jens@biotronik.de www.biotronik.com BIOTRONIK SE Co. KG Woermannkehre 1, 12359 Berlin, Germany Sitz der Gesellschaft: Berlin, Registergericht: Berlin HRA 6501 Vertreten durch ihre Komplementärin: BIOTRONIK MT SE Sitz der Gesellschaft: Berlin, Registergericht: Berlin HRB 118866 B Vorsitzender des Verwaltungsrats: Dr. Max Schaldach Geschäftsführende Direktoren: Christoph Böhmer, Dr. Werner Braun, Dr. Lothar Krings BIOTRONIK - A global manufacturer of advanced Cardiac Rhythm Management systems and Vascular Intervention devices. Quality, innovation, and reliability define BIOTRONIK and our growing success. We are innovators of technologies like the first wireless remote monitoring system - Home Monitoring®, Closed Loop Stimulation and coveted lead solutions as well as state-of-the-art stents, balloons and guide wires for coronary and peripheral indications. We highly invest in the development of drug eluting devices and are leading the industry with our bioabsorbable metal stent program. This e-mail and the information it contains including attachments are confidential and meant only for use by the intended recipient(s); disclosure or copying is strictly prohibited. If you are not addressed, but in the possession of this e-mail, please notify the sender immediately and delete the document. ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/ Erik Versaevel ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] PXE not working on Cat2948
Jens Neu jens@biotronik.com wrote: I have a Catalyst 2948G which seems to keep PXE boot from working properly. This one Cat2948 is the only Layer 2 device between the DHCP/PXE boot server and the PXE client - both are directly connected and share a /24. PXE boot is not working at all, and DHCP is unbearably slow, for no apparent reason. Both PXE Server and Client(s) are various IBM xSeries using the onboard GBit interfaces. Now the fun stuff: when I put a second Layer 2 device between the Cat 2948 and the PXE client, it is magically working. Means: PXE Server - Cat 2948 - some cheap Netgear Office switch - PXE Client == works. In fact, any additional Layer 2 device that appears between PXE Client and the Cat 2948 scares the problem away. Anyone seen this before? Any hints where to start looking? The switch looks as follows: .'spanning-tree portfast default'? The PXE times out before the STP action has finished and the port is in blocking mode for the duration. You should also consider 'spanning-tree portfast bpduguard/filter default' too. Cheers -- Alexander Clouter .sigmonster says: That's what she said. ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] NPE-G1 cant read Compact Flash
Cisco on the older boxes used a non-FAT flash file system the key is whether the flash is referred to as slotX or diskX. if the nomenclature is slotX it uses a proprietary disk format which cannot be read by an external reader. to format CF card for use with older system format slot0: Joe Maimon wrote: ML wrote: Are the alternate CF cards formatted correctly for your platform? Probably. However, IOS doesnt seem to think there is any card there or worse, it hangs upon insert. The original CF card may have gone bad but if you're sure the other CF cards are OK then they may be formatted wrong. The card is fine, tested in external reader. They are all fine. Thanks. ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/ ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] NPE-G1 cant read Compact Flash
http://en.wikipedia.org/wiki/Linear_Flash To workaround the original issue, an IO Controller was installed, which works very nicely. Only downside is having different serial/aux ports. nvram stays the same. bootflash stays the same. slot[01]/disk[01] become available more ethernet ports become available No bandwidth points are consumed so nothing needs to change slots. Not a bad arrangement. Interestingly enough, we did see an issue with a variant of CF flash that caused the boothelper, an older 12.3 image, to crash while booting with that CF in the IO controller, even as a fully booted IOS had no issue reading,writing,formatting it. A slightly older CF worked fine. An upgraded boothelper probably would have also solved the issue. The CF slot on the NPE-G1 (disk2:) seems to be toast. Joe Scott McGrath wrote: Cisco on the older boxes used a non-FAT flash file system the key is whether the flash is referred to as slotX or diskX. if the nomenclature is slotX it uses a proprietary disk format which cannot be read by an external reader. to format CF card for use with older system format slot0: Joe Maimon wrote: ML wrote: Are the alternate CF cards formatted correctly for your platform? Probably. However, IOS doesnt seem to think there is any card there or worse, it hangs upon insert. The original CF card may have gone bad but if you're sure the other CF cards are OK then they may be formatted wrong. The card is fine, tested in external reader. They are all fine. Thanks. ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/ ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] Adding vlan to port-channel trunk causes port-channel to flap
I've run into flapping issues when adding a vlan if the vlan wasn't present upstream. I don't know if this is your case, but in my case, I had two 6500 cores each attached to the same 3750. port channels and spanning tree in place. When I added a vlan to an interface on one core, the spanning tree went nuts because the vlan wasn't present everywhere it should have been. My suggestion, then, is be sure the vlan you're adding is everywhere it needs to me. I would have sworn I had my vlan everywhere, but I didn't, I'd missed in 1 place, so give it a look.. -Rick Jared Gillis wrote: Hi all, I just ran into a strange problem on a 3750ME. I've got two gig ports in an active LACP port-channel looking like this: interface GigabitEthernet1/0/1 switchport trunk encapsulation dot1q switchport trunk allowed vlan 101,102,400,664,1000-2999 switchport mode trunk speed 1000 duplex full channel-group 1 mode active end interface GigabitEthernet1/0/2 switchport trunk encapsulation dot1q switchport trunk allowed vlan 101,102,400,664,1000-2999 switchport mode trunk speed 1000 duplex full channel-group 1 mode active end interface Port-channel1 switchport trunk encapsulation dot1q switchport trunk allowed vlan 101,102,400,664,1000-2999 switchport mode trunk end When I added vlan 400 to the trunk allowed vlan list, one of the underlying gig ports flapped, which caused the port-channel to flap as well. Jan 7 12:09:27.647 PST: %LINEPROTO-5-UPDOWN: Line protocol on Interface GigabitEthernet1/0/1, changed state to down Jan 7 12:09:27.656 PST: %LINEPROTO-5-UPDOWN: Line protocol on Interface Port-channel1, changed state to down Jan 7 12:09:28.654 PST: %LINK-3-UPDOWN: Interface Port-channel1, changed state to down Jan 7 12:09:31.464 PST: %LINEPROTO-5-UPDOWN: Line protocol on Interface GigabitEthernet1/0/1, changed state to up Jan 7 12:09:32.454 PST: %LINK-3-UPDOWN: Interface Port-channel1, changed state to up Jan 7 12:09:33.461 PST: %LINEPROTO-5-UPDOWN: Line protocol on Interface Port-channel1, changed state to up Jan 7 12:09:48.745 PST: %LINEPROTO-5-UPDOWN: Line protocol on Interface Vlan400, changed state to up This definitely seems like something that should not happen. I'm running Cisco IOS Software, C3750ME Software (C3750ME-I5K91-M), Version 12.2(46)SE, RELEASE SOFTWARE (fc2). Any thoughts on what I should be checking? --Jared ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/ -- Rick Coloccia, Jr. Network Manager State University of NY College at Geneseo 1 College Circle, 119 South Hall Geneseo, NY 14454 V: 585-245-5577 F: 585-245-5579 CIT will never ask for your password or other confidential information via email. ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] Data Center cooling
Michael K. Smith - Adhost wrote: We are in Seattle and use an air-exchanger system that relies on outside air as much as possible, and then blends in chilled water as necessary up to 100% chilled. It's fairly common here because of the nature of our climate, and the psychrometric scale (http://en.wikipedia.org/wiki/Psychrometrics) is favorable for us. We've also looked at increasing our data center temps from 68F/20C to closer to 78F/25.56C (hi Gert), but our marketing folks have been the most resistant because of the prevailing expectation that colder is better. There is some good research and testing being done by Microsoft, Intel and Google in this arena, but I don't think enough has been published yet to give that calming feeling to the marketing folks. I would imagine, however, that we will see increasing data center temperatures more and more in the coming years. This also depends on how well you're circulating the air within your data centre - having air at 25°C is fine as long as all that air actually reaches the things it needs to cool. If it's been mixed in with enough hot air by the time it's got to the top of the rack at the far end of each row however, you're going to run into trouble. Closer to the original topic, I do recall seeing a TV programme some time in the last few years that mentioned cooling the computer room at some Antarctic science base and they did still have to use compressors etc as it was easier than trying to make the outside air suitable, although I forget the details. (I suppose, at least, you could dump the warm air into the rest of the base but I seem to recall the computers were in a separate hut/building) ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] spanning-tree bpdufilter leaks
Marko Milivojevic wrote: On Fri, Jan 8, 2010 at 04:00, Joe Maimonjmai...@ttec.com wrote: Apparently, bpdufilter leaks sometimes on some switches, and I have the packet traces to prove it. The switches are probably not supported, so replacements are likely in order. Did you have it enabled globally for portfast enabled interfaces or No individually on each interface? Yes If it was the first option, did you have portfast enabled globally, No or again, per interface? Yes, but not on the same interfaces. Thanks for the reply. Joe ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] spanning-tree bpdufilter leaks
Bill Blackford wrote: Do you have any details? Models? Code vers? -b 3524XL, 12.0(5)WC17 ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] Adding vlan to port-channel trunk causes port-channel to flap
On 1/7/2010 7:06 PM, Tom Lanyon wrote: I've run into the same problem on our 3750Gs and 3750Es (running 12.2(46)SE) with no solution so far. The log on our switches indicates that it's due to the config for the Port-Channel being different than the underlying Gix/y/z interfaces, which is not allowed, so it shuts the etherchannel down. I tried to work around this by adding the VLAN to all ports at once, eg: conf t int ran gi1/0/1, gi1/0/2, po1 sw trunk allowed vlan add 400 For vlan changes on port channels, I've always used just the port-channel configuration (e.g., int portch1) and applying vlan adjustments there, which IOS appears to propagate to the active member configurations, provided of course the port channel is up. We do this a lot across a broad range of Catalysts (no MEs though) with no issues. If you change an individual member characteristic, it will indeed break the interfaces out of the port-channel and bounce. Jeff ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] Adding vlan to port-channel trunk causes port-channel to flap
It does this on cat6.5k/sup720 for sure. I don't recollect if the propagation occurs the same on 3560/3750's. -b -Original Message- From: cisco-nsp-boun...@puck.nether.net [mailto:cisco-nsp-boun...@puck.nether.net] On Behalf Of Jeff Kell Sent: Friday, January 08, 2010 9:19 AM To: Tom Lanyon Cc: cisco-nsp@puck.nether.net Subject: Re: [c-nsp] Adding vlan to port-channel trunk causes port-channel to flap On 1/7/2010 7:06 PM, Tom Lanyon wrote: I've run into the same problem on our 3750Gs and 3750Es (running 12.2(46)SE) with no solution so far. The log on our switches indicates that it's due to the config for the Port-Channel being different than the underlying Gix/y/z interfaces, which is not allowed, so it shuts the etherchannel down. I tried to work around this by adding the VLAN to all ports at once, eg: conf t int ran gi1/0/1, gi1/0/2, po1 sw trunk allowed vlan add 400 For vlan changes on port channels, I've always used just the port-channel configuration (e.g., int portch1) and applying vlan adjustments there, which IOS appears to propagate to the active member configurations, provided of course the port channel is up. We do this a lot across a broad range of Catalysts (no MEs though) with no issues. If you change an individual member characteristic, it will indeed break the interfaces out of the port-channel and bounce. Jeff ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/ ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] spanning-tree bpdufilter leaks
Marko Milivojevic wrote: On Fri, Jan 8, 2010 at 04:00, Joe Maimonjmai...@ttec.com wrote: Apparently, bpdufilter leaks sometimes on some switches, and I have the packet traces to prove it. The switches are probably not supported, so replacements are likely in order. To clarify, it only leaks occasionally, the capture suggests once per reload or otherwise perhaps every couple days. ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] Adding vlan to port-channel trunk causes port-channel to flap
On 1/8/2010 12:35 PM, Bill Blackford wrote: It does this on cat6.5k/sup720 for sure. I don't recollect if the propagation occurs the same on 3560/3750's. I can verify that 3550, 3560, 3750, 3750E, 4500 SupIV, 6500 Sup2/Sup720 all propagate to the members when the associated port-channel is changed. Interface specific characteristics (e.g., channel-group x mode) are not and can't be used in the port-channel configuration context. Jeff ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] customizing snmp-traps (interface description as well as physical name)
Solution#1 (ugly): syslog messages can be sent as SNMP traps. You'll get the whole syslog message on your NMS. Solution#2: use EEM to match syslog UP/DOWN messages, extract interface description and generate a custom SNMP trap. You can do it with EEM applets if your IOS supports EEM 3.0 (12.4(late)T, 12.5, 12.2SRE), otherwise you have to use a Tcl EEM policy (pre-EEM 3.0 applets are too dumb). These posts could be useful: http://blog.ioshints.info/2009/12/send-snmp-trap-from-eem-applet.html http://blog.ioshints.info/2009/10/report-interface-loss-based-on-ospf.html You can generate custom SNMP trap from an EEM applet with action snmp-trap command (I haven't covered that one yet in my blog). Hope it helps Ivan Pepelnjak blog.ioshints.info / www.ioshints.info -Original Message- From: Walter Keen [mailto:walter.k...@rainierconnect.net] Sent: Friday, January 08, 2010 1:43 AM To: 'Cisco-nsp' Subject: [c-nsp] customizing snmp-traps (interface description as well as physical name) Is customizing snmp-traps possible through rmon or some other means so that the delivered message not only has the physical name (gi0/1, etc) but also the description of that port as named in the interface config? Dealing mostly with 2960's and 7600's, and trying to figure out if this is possible. Even if I have to specify an rmon entry per physical interface, I'm dealing with small enough numbers that would work. Something like 'int-name int-descr is down/up' or similar would be ideal. Going to want to have this for link up/down initially, and then also setup some traps for taking on interface errors, etc. -- Walter Keen Network Technician Rainier Connect ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] Need some advice on ISP failover for an enterprise
Good points, thanks for sharing. Regards, Andrew Gabriel. On Fri, Jan 8, 2010 at 7:02 PM, Vincent C Jones v.jo...@networkingunlimited.com wrote: Given that the majority of your failures will be in the last mile, if you do not have physical link diversity, adding a second link will typically only provide a small improvement in availability. Beyond that, your key concerns are complexity, cost and future growth. If you pick option 3 and you need to tunnel for security purposes, think through how you plan to deal with the reduced MTU of the tunnel. Depending on your server requirements, the cleanest approach is often to just reduce the MTU used by the server to match the tunnel, even though it is smaller than what you could use under normal circumstances. Also keep track of traffic so that when the backup link is put to use, you don't discover the hard way that traffic has grown to the point where it won't fit! Good luck and have fun! -- Vincent C. Jones Networking Unlimited, Inc. Phone: +1 201 568-7810 v.jo...@networkingunlimited.com On Fri, 2010-01-08 at 14:25 +0530, Andrew Gabriel wrote: Hi, We have servers at two of our large locations in a single country that need to be reached from the Internet. Both locations each have a single 45 M ISP link, and also have internal connectivity with each other through multiple private links. The private WAN connecting the two locations has plenty of bandwidth and the latency is less than 40 ms between the two sites. We have our own registered ASN and public IP ranges. We have multi-homed ISP links at several other locations but not at these two locations. Also, both locations are partly ready for multi-homing in that they already use our own IP range and run BGP to the provider using our ASN. We have been asked to implement failover, for both the locations. The options we are considering are: 1. Traditional multi-homing by adding a second ISP at each location. 2. Buying a leased line to connect the CER at both locations and letting the incoming traffic for either location transit over that line to provide failover when one site's ISP goes down. This link would terminate on the 'dirty' side of our firewall and not have anything to do with the internal WAN. 3. Setting up a VPN-type tunnel between the ISP routers at both sites that would be routed over our internal WAN. This is similar to option 2 but doesn't involve any extra cost. Obviously we would prefer option 1 as it is simplest and safest to set up, and we already have experience with that type of setup, however we have been asked to look at cheaper options due to budget constaints, hence wanted some advice on the other options, do you think they could work well, any potential issues we should look out for, or should we even be considering them? Regards, Andrew Gabriel. Network Engineer, Enterprise Data Services. +91 44 42 22 88 75 (Direct) +91 98 41 41 40 19 (Mobile) www.sanmina-sci.com Sanmina-SCI India Pvt. Ltd. A51, 2nd Avenue, Anna Nagar, Chennai - 600 102, INDIA. CONFIDENTIALITY This e-mail message and any attachments thereto, is intended only for use by the addressee(s) named herein and may contain legally privileged and/or confidential information. If you are not the intended recipient of this e-mail message, you are hereby notified that any dissemination, distribution or copying of this e-mail message, and any attachments thereto, is strictly prohibited. If you have received this e-mail message in error, please immediately notify the sender and permanently delete the original and any copies of this email and any prints thereof. ABSENT AN EXPRESS STATEMENT TO THE CONTRARY HEREINABOVE, THIS E-MAIL IS NOT INTENDED AS A SUBSTITUTE FOR A WRITING. Notwithstanding the Uniform Electronic Transactions Act or the applicability of any other law of similar substance and effect, absent an express statement to the contrary hereinabove, this e-mail message its contents, and any attachments hereto are not intended to represent an offer or acceptance to enter into a contract and are not otherwise intended to bind the sender, Sanmina-SCI Corporation (or any of its subsidiaries), or any other person or entity. ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/ CONFIDENTIALITY This e-mail message and any attachments thereto, is intended only for use by the addressee(s) named herein and may contain legally privileged and/or confidential information. If you are not the intended recipient of this e-mail message, you are hereby notified that any dissemination, distribution or copying of this e-mail message, and any attachments thereto, is strictly prohibited. If you have received this
Re: [c-nsp] Data Center cooling
On Thu, Jan 07, 2010 at 09:33:13AM -0700, Joel Snyder wrote: Has anyone looked at using outside air to provide data center cooling during the winter season ? I am aware of Google and Intel research into this area but how about on a smaller scale ? How about raising ambient temperatures as well - do you keep your data centers at 65 or 80 ? We do this and we have had mixed success. We have Liebert A/C units which have something they call an economizer. Essentially, when the outside temperature falls below a certain point as measured by a simple thermostat, the A/C unit moves a damper and instead of sucking hot air from the room to cool, it sucks cold air from the outside, filters it, and blows it in. At the same time, it turns off the compressor (because the air is, in theory, already cold). That's a good description of it. The compressor goes off so it will not ice up. If the coils are compressor-cooled AND taking in fresh damp air, it can ice up really good. We had the damper get stuck once and cause that. We have more than one A/C unit, so one damper failing and messing up the A/C isn't the end of the world. We have 2 A/C systems. The addition of the economizers meant two good sized insulated ducts going from the air handlers to vent grates on the end of the building about 10' off the ground. There is also an exit louver in the hot section to allow efficient pumping of air without over-pressurization. We use an economizer. 44N latitude in Maine. Saves us good cooling money from mid november till april by not running the compressors. We see it looking at the power bills year round. Your climate description doesn't sound like an ideal place to really see the benefits of it. If you adjust the switchover temperature conservatively for the low side, you don't really have to worry about fiddling with it. It will of course vary for different locations, loads, building insulation, etc.. We have ours to switch at 48f, but could switch at a higher temp if we had a lesser load. We keep the space at 72f. We use 1-wire sensors to monitor temperature. In the sales presentations and talking to A/C gurus, it all sounded very smart and economical, but we've found that the actual management of the damper and the temperature that it shifts are very delicate settings. Depending on the time of the day (i.e., is there sunlight on that side of the building or not?) and the season of the year (i.e., is this just a little cold snap or an extended period?), as well as the outside humidity level (is it very different from the humidity in the room or not?), the temperature has to be adjusted a bit in each direction. Our units don't have a computer control for that, so that means someone goes out every few weeks with a screwdriver and manually fiddles the economizer thermostat settings. We can compensate a bit on the computer control side by changing the the system thermostat around a few degrees, but there is no direct linkage between the economizer part of the system--it's completely independent, essentially an add-on--and the rest of the cooling system. I honestly can't tell whether we are saving any money on this or not, but for our latitude and climate, I would not recommend it to anyone else. We have had to replace the thermostats and damper controllers, and that eats up $300 to $500 for every service call. Plus, while we were learning about it, we had some midnight room-got-too-hot moments, which also cost us. I think that if you lived someplace where it was in the 5C/40F range or below day-round for weeks at a time, this would probably work (assuming that you have physical ability to install this kind of unit). In our climate, where it is 5C/40F for 8 hours at night and 20C/70F the rest of the day, for our 3 month winter, it was probably not the right decision. jms -- Joel M Snyder, 1404 East Lind Road, Tucson, AZ, 85719 Senior Partner, Opus One Phone: +1 520 324 0494 j...@opus1.comhttp://www.opus1.com/jms ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/ -- /* Jason Philbrook | Midcoast Internet Solutions - Wireless and DSL KB1IOJ| Broadband Internet Access, Dialup, and Hosting http://f64.nu/ | for Midcoast Mainehttp://www.midcoast.com/ */ ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
[c-nsp] Difference in OSPF maximum-paths - operational problem?
I have several generations of Cisco equipment in my network, and am in the middle of a rolling upgrade. There are currently 3 core routers and all routers in the network use OSPF maximum-paths 6. With an A/B network and 3 cores, this works fine. Some of the equipment is limited to 6 paths, some can handle 8. If I add the 4th router, I'll have 7 paths (the new cores will be either A or B, not both). Will OSPF just pick 6 of the 7 possible paths, or is something horrible going to happen? Thanks, Rick ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] VRF-Global route leaking in multi-VRF CE installation
On Wed, Jan 06, 2010 at 10:04:37AM -0800, Kenny Sallee wrote: My .02 is that you should put everything in VRF's (even the global table) and use route-target import/export and import maps (if required) to control routing domains. Question - can you use 'neighbor allowas-in' instead of as-override? I'm not sure why your BGP AS-PATH was wrong in scenario #3 above - but I'm using that in a very similar scenario in my lab to solve the problem of having the same eBGP AS used at 2 different sites connected to 2 different PE routers. BGP won't advertise a path it receives w/ it's own ASN in the path http://www.cisco.com/en/US/docs/ios/12_3t/mpls/command/reference/mp_n5gt.html#wp1007547 I don't see how allowas-in would help - my ASN doesn't even appear in those routes yet. They come out the other side as eBGP routes with whatever private ASN I used to make the session to eBGP. -- Ross Vandegrift r...@kallisti.us If the fight gets hot, the songs get hotter. If the going gets tough, the songs get tougher. --Woody Guthrie signature.asc Description: Digital signature ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] Data Center cooling
Nice set of youtube videos! I like 4 generator startup Test de groupes and the hard drive dominoes. On Thu, Jan 07, 2010 at 07:59:28PM +0100, o...@ovh.net wrote: I would imagine, however, that we will see increasing data center temperatures more and more in the coming years. In 2004 2007 we developped the EcoDatacenter. 12 months per year, we use only the water outside air for the cooling on our 70 000 dedicated servers that we host. We are #1 in Europe. Our PUE = 1.12. it means we don't waste the power for the cooling. That is why our prices are cheaper and our customers love it. It's our marketing. Some videos: http://www.youtube.com/user/OvhComOnVousHeberge ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/ -- /* Jason Philbrook | Midcoast Internet Solutions - Wireless and DSL KB1IOJ| Broadband Internet Access, Dialup, and Hosting http://f64.nu/ | for Midcoast Mainehttp://www.midcoast.com/ */ ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
[c-nsp] Using Advanced IP vs Advanced Enterprise IOS Image
All: I am looking at upgrading our Cat6500s (Sup720/MSFC3) and we currently run an Advanced Enterprise image. Since we are an IP-only shop, I am looking at using Advanced IP instead, but I didn't know if it brought any advantages or disadvantages. Does it offer any savings in memory or other resources? We have 512MB of flash space, so that is not a concern. Thanks for any input! -- Devon ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] Difference in OSPF maximum-paths - operational problem?
It is my experience that 6 of the 7 will randomly be chosen, each time an SPF run is done a different 6th could be installed. With enough CPU power it shouldn't cause issues, but in the past I've seen routers running close to the limit that cause traffic loss. This was with the default configuration of 4 and having the possibility of 8 though, so we may have been removing all 4 active and replacing them at times. We upped the maximum to 8 and never had the issue again. David -- http://dcp.dcptech.com -Original Message- From: cisco-nsp-boun...@puck.nether.net [mailto:cisco-nsp- boun...@puck.nether.net] On Behalf Of Rick Ernst Sent: Friday, January 08, 2010 3:45 PM To: cisco-nsp@puck.nether.net Subject: [c-nsp] Difference in OSPF maximum-paths - operational problem? I have several generations of Cisco equipment in my network, and am in the middle of a rolling upgrade. There are currently 3 core routers and all routers in the network use OSPF maximum-paths 6. With an A/B network and 3 cores, this works fine. Some of the equipment is limited to 6 paths, some can handle 8. If I add the 4th router, I'll have 7 paths (the new cores will be either A or B, not both). Will OSPF just pick 6 of the 7 possible paths, or is something horrible going to happen? Thanks, Rick ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/ ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
[c-nsp] MPLS TTL exceeded problems
Hi, We have a (probably common) cosmetic problem regarding MPLS LSRs sending ICMP TTL exceeded along the LSP that carries the traffic. The problem is that when the exit PE receives the packet it doesn't do a RIB lookup (to send the traffic back to the correct recipient) but instead it just uses the adjacency from the MPLS forwarding table to send it to the next (non MPLS) device. Is there any (easy-ish) way to force the exit PE to do a RIB lookup (e.g. using the allocated aggregate label) and send the packet the right way by itself? If so, would there be any significant performance penalty from this on a Sup720/PFC3B? The reason why it doesn't work now is that the device after the exit PE is a firewall. Specifically FWSM v3.1. It denies the ICMP TTL Exceeded, stating no matching session as the reason. When the trace probes have got to the point (TTL wise) where they pass the firewall, all TTL expired replies are accepted and in the end received by the originating client. If there's a way to make a FWSM accept TTL expired like this I'd love to know. (I tried same-security-traffic permit intra-interface to defeat the no xlate but then the reverse path check fails. I even tested with no reverse path checking, but still couldn't make it pass (=return) the ICMP TTL expired packets.) An example: ++ | Host X | ++ | | IP +---+ +---++---++---+ | A |--| B || C || D | +---+ IP +---+ MPLS +---+ MPLS +---+ | | IP +--+ | Firewall | +--+ | IP | +---+ IP +---+ MPLS +---+ MPLS +---+ | H |--| G || F || E | +---+ +---++---++---+ | IP | ++ | Host Y | ++ A is a regular IP router (CPE). B is a PE/LER doing tag imposition C is a P/LSR doing tag switching D is a PE/LER doing tag disposition The firewall is a FWSM v3.1 E is a PE/LER doing tag imposition F is a P/LSR doing tag switching G is a PE/LER doing tag disposition H is a regular IP router (CPE) An example traceroute gives: 1 [A] 2 [B] 3 * 4 [D] 5 [E] 6 [F] 7 [G] 8 [H] 9 [Y] Done Since the the path A - D is often many hops some people tend to get confused and report this as an error. Or even worse: Use this as proof of the network being the cause of some badly configured server. :-| -- Peter ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] Data Center cooling
Hi, On Thu, Jan 7, 2010 at 7:59 PM, o...@ovh.net wrote: In 2004 2007 we developped the EcoDatacenter. 12 months per year, we use only the water outside air for the cooling on our 70 000 dedicated servers that we host. But aren't those airco compressors I see in this movie? http://www.youtube.com/user/OvhComOnVousHeberge#p/u/6/xtmkS1-4WTY ( at approx 2:03) Bas ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] MPLS TTL exceeded problems
Hi, You're right, it's quite common. We hit it on the sup720 (3bxl). The simple answer is what you're asking for can't be done. According to some Cisco guys we spoke to the hardware is not capable of doing that lookup if there is a forwarding adjacency. We tried various tricks (creating aggregates, pseudo-aggregates (like 0.0.0.0/1 ;-) ) none of that worked - in the best case scenario the control plane showed the correct information, but the packet wasn't processed correctly. kind regards Pshem 2010/1/9 Peter Rathlev pe...@rathlev.dk: Hi, We have a (probably common) cosmetic problem regarding MPLS LSRs sending ICMP TTL exceeded along the LSP that carries the traffic. The problem is that when the exit PE receives the packet it doesn't do a RIB lookup (to send the traffic back to the correct recipient) but instead it just uses the adjacency from the MPLS forwarding table to send it to the next (non MPLS) device. Is there any (easy-ish) way to force the exit PE to do a RIB lookup (e.g. using the allocated aggregate label) and send the packet the right way by itself? If so, would there be any significant performance penalty from this on a Sup720/PFC3B? The reason why it doesn't work now is that the device after the exit PE is a firewall. Specifically FWSM v3.1. It denies the ICMP TTL Exceeded, stating no matching session as the reason. When the trace probes have got to the point (TTL wise) where they pass the firewall, all TTL expired replies are accepted and in the end received by the originating client. If there's a way to make a FWSM accept TTL expired like this I'd love to know. (I tried same-security-traffic permit intra-interface to defeat the no xlate but then the reverse path check fails. I even tested with no reverse path checking, but still couldn't make it pass (=return) the ICMP TTL expired packets.) An example: ++ | Host X | ++ | | IP +---+ +---+ +---+ +---+ | A |--| B || C || D | +---+ IP +---+ MPLS +---+ MPLS +---+ | | IP +--+ | Firewall | +--+ | IP | +---+ IP +---+ MPLS +---+ MPLS +---+ | H |--| G || F || E | +---+ +---+ +---+ +---+ | IP | ++ | Host Y | ++ A is a regular IP router (CPE). B is a PE/LER doing tag imposition C is a P/LSR doing tag switching D is a PE/LER doing tag disposition The firewall is a FWSM v3.1 E is a PE/LER doing tag imposition F is a P/LSR doing tag switching G is a PE/LER doing tag disposition H is a regular IP router (CPE) An example traceroute gives: 1 [A] 2 [B] 3 * 4 [D] 5 [E] 6 [F] 7 [G] 8 [H] 9 [Y] Done Since the the path A - D is often many hops some people tend to get confused and report this as an error. Or even worse: Use this as proof of the network being the cause of some badly configured server. :-| -- Peter ___ cisco-nsp mailing list cisco-...@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/ ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] Using Advanced IP vs Advanced Enterprise IOS Image
On Fri, Jan 8, 2010 at 3:01 PM, Devon True de...@noved.org wrote: All: I am looking at upgrading our Cat6500s (Sup720/MSFC3) and we currently run an Advanced Enterprise image. Since we are an IP-only shop, I am looking at using Advanced IP instead, but I didn't know if it brought any advantages or disadvantages. Does it offer any savings in memory or other resources? We have 512MB of flash space, so that is not a concern. I used feature navigator to compare the enterprise version to the advanced ip version. I didn't see anything we wanted that was only in Enterprise, so went with advanced IP. I don't know if it has any savings in memory or other resources, but not having all those features that aren't going to be used seems a plus. As well as not having to put a no mop ena on every interface :) It just occurred to me that 'ttcp' used to be only in the Enterprise version.. no idea if it's in advanced IP now [not being at work] or if there's any other goodies that are only in Enterprise. Regards, Lee ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] spanning-tree bpdufilter leaks
On Fri, Jan 8, 2010 at 18:16, Joe Maimon jmai...@ttec.com wrote: Bill Blackford wrote: Do you have any details? Models? Code vers? -b 3524XL, 12.0(5)WC17 Oh. You should perhaps look for something newer... This model has been end-of-life since 2002. I am curious though - when do leaks occur? -- Marko Milivojevic - CCIE #18427 Senior Technical Instructor - IPexpert Mailto: mar...@ipexpert.com Telephone: +1.810.326.1444 Fax: +1.810.454.0130 Community: http://www.ipexpert.com/communities ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
