[c-nsp] quick spanning tree question

2010-03-26 Thread Cord MacLeod 
3 days ago traffic started showing up on the trunk port connecting my top of 
rack switches.  Each of these switches has it's own better trunk path to the 
root bridge.  I can't see why any traffic at all would traverse these links 
unless the other trunk on g0/45 was down, which it isn't.  Also, spanning tree 
doesn't claim any topology changes.

switch3#sh spanning-tree root port 
VLAN0001 GigabitEthernet0/45
VLAN0100 GigabitEthernet0/45
VLAN0101 GigabitEthernet0/45
VLAN0102 GigabitEthernet0/45
VLAN0120 GigabitEthernet0/45
VLAN0200 GigabitEthernet0/45
VLAN0231 GigabitEthernet0/45
VLAN0250 GigabitEthernet0/45
VLAN0321 GigabitEthernet0/45
VLAN0450 GigabitEthernet0/45
VLAN0777 GigabitEthernet0/45
VLAN0888 GigabitEthernet0/45
switch3#

All vlans read same the Root and Desg port.

VLAN0101
  Spanning tree enabled protocol ieee
  Root IDPriority24677
 Address 0017.e1d6.e111
 Cost4
 Port45 (GigabitEthernet0/45)
 Hello Time   2 sec  Max Age 20 sec  Forward Delay 15 sec

  Bridge ID  Priority32869  (priority 32768 sys-id-ext 101)
 Address 001e.1494.4000
 Hello Time   2 sec  Max Age 20 sec  Forward Delay 15 sec
 Aging Time 300

InterfaceRole Sts Cost  Prio.Nbr Type
  --- -  
Gi0/45   Root FWD 4 128.45   P2p 
Gi0/46   Desg FWD 4 128.46   P2p 

Any ideas?
___
cisco-nsp mailing list  cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/

Re: [c-nsp] Netflow on multilink

2010-03-26 Thread Rodney Dunn 
IIRC putting them on the members are useless because the switching 
vectors are invoked off the bundle interface so anything packet 
switching related on the members doesn't do anything.


Rodney


On 3/25/10 11:23 PM, Sony Scaria wrote:

Hi,

I've a ppp multilink configured recently, which I want to  monitor by a  
netflow tool. My doubt is whether I should enter the 'ip route-cache flow' 
command only on interface muiltilink or on member interface (physical 
interfaces) as well.

Thanks, sony
Sent via Blackberry®

___
cisco-nsp mailing list  cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/

___
cisco-nsp mailing list  cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/

Re: [c-nsp] PFR Question

2010-03-26 Thread jack daniels 
IN SCENARIO BOTH LINKS FROM SAME SERVICE PROVIDER -But how will this avoid
drops when PE1and CE1 link goes down as MPBGP bring secondary path as best
in BGP table ( MPLS domain )and then to routing table will take atleast 3
min.
Till secondry path not in routing table there will be pcket drops.So PE3
will converge so fast.



On 3/26/10, David Prall  wrote:
>
> This is where PfR is involved to route around the primary carrier to the
> secondary.
>
> --
> http://dcp.dcptech.com
>
> > -Original Message-
> > From: jack daniels [mailto:jckdaniel...@gmail.com]
> > Sent: Thursday, March 25, 2010 8:50 PM
> > To: David Prall
> > Cc: cisco-nsp@puck.nether.net
> > Subject: Re: [c-nsp] PFR Question
> >
> > Hi David,
> >
> > In a multipath instance PE1 will install the Equal Cost route with rd
> > 1:1
> > first, using 1:2 as a secondary path only. Opposite on PE2.???
> > whne both paths have equal cost the why route with rd1:1 will be
> > primary always
> > and rd 1:2 will be secondary on PE1.
> >
> > EVEN IF WE advertise X.X.X.X from PE1 and PE2 still PE3 will have two
> > routes in BGP table . But one in routing table.
> > But how will this avoid drops when PE1and CE1 link goes down as BGP
> > bring secondary path to Primary and then to routing table will take
> > atleast 3 min.
> >
> > Regards
> >
> >
> >
> > On Fri, Mar 26, 2010 at 12:29 AM, David Prall  wrote:
> >
> >
> >   1)
> >   On PE1
> >vrf description customer
> >rd 1:1
> >route-target both 1:1
> >route-target import 1:2
> >   On PE2
> >vrf description customer
> >rd 1:2
> >route-target both 1:2
> >route-target import 1:1
> >
> >   In a multipath instance PE1 will install the Equal Cost route
> > with rd 1:1
> >   first, using 1:2 as a secondary path only. Opposite on PE2.
> >
> >   2)
> >   Could use different VRF's. Just like dual carriers. A key concern
> > is a dual
> >   failure, site 1 on network 1 and site 2 on network 2. The
> > customer will need
> >   to provide a path between the two networks via one of their
> > sites.
> >
> >
> >   David
> >
> >   --
> >   http://dcp.dcptech.com 
> >
> >
> >   > -Original Message-
> >   > From: jack daniels [mailto:jckdaniel...@gmail.com]
> >
> >   > Sent: Thursday, March 25, 2010 2:41 PM
> >   > To: David Prall
> >   > Cc: cisco-nsp@puck.nether.net
> >   > Subject: Re: [c-nsp] PFR Question
> >   >
> >
> >   > Hi David ,
> >   >
> >   > thanks man I got the basic idea :)
> >   >
> >   > 1) but please explain in more detail this
> >   >
> >   > Single VRF, 2 distinct RD's. The VRF imports both, exports one.
> > The
> >   > RD's are
> >   > different so that multipath can be used within the core
> > typically. But
> >   > in
> >   > this case they wouldn't use multipath and the local RD would be
> > used as
> >   > the
> >   > determining factor on import of which route is installed
> > first.??
> >   >
> >   >
> >   > 2) Also if I use diffrent VRF for CE4---CE2 path that will also
> > work -
> >   > ??
> >   >
> >   >
> >   > On Thu, Mar 25, 2010 at 11:57 PM, David Prall 
> > wrote:
> >   >
> >   >
> >   >   If the link goes away, then the update should be pretty
> > quick.
> >   >
> >   >   Single VRF, 2 distinct RD's. The VRF imports both,
> > exports one.
> >   > The RD's are
> >   >   different so that multipath can be used within the core
> >   > typically. But in
> >   >   this case they wouldn't use multipath and the local RD
> > would be
> >   > used as the
> >   >   determining factor on import of which route is installed
> > first.
> >   >
> >   >   The local CE (CE3) is probing for the subnet at CE1. When
> > it is
> >   > no longer
> >   >   reachable by CE3 it will move the route to CE4. As long
> > as CE4 is
> >   > using CE2
> >   >   as the path via the cloud then no issue.
> >   >
> >   >
> >   >   David
> >   >
> >   >   --
> >
> >   >   http://dcp.dcptech.com 
> > 
> >
> >   >
> >   >
> >   >   > -Original Message-
> >   >   > From: jack daniels [mailto:jckdaniel...@gmail.com]
> >   >
> >   >   > Sent: Thursday, March 25, 2010 2:19 PM
> >   >   > To: David Prall
> >   >   > Cc: cisco-nsp@puck.nether.net
> >   >   > Subject: Re: [c-nsp] PFR Question
> >   >   >
> >   >
> >   >   > If a single carrier, then the CE4/CE2 path needs to be
> > via
> >   >   > a second RD so that the paths within the carrier are
> > preferred
> >   > and the
> >   >   > same
> >   >   > will happen.
> >   >   > DO YOU mean we need to have diifrent

Re: [c-nsp] SDSL Multilink PPP high latency / lost fragments / input errors on cisco 7200

2010-03-26 Thread Peter Rathlev 
On Fri, 2010-03-26 at 14:16 +0100, Johannes Jakob wrote:
> when using packet based multipath, will that be a problem for voice
> and/or UDP packets?

In short: It's possibly a problem for voice traffic.

If the traffic is distributed "per packet" across the multiple paths,
and not "per flow", you might introduce out-of-order packets and some
amount of jitter. This might or might not be a problem, depending on the
amount of jitter/OoO.

To avoid that, either make sure the members in the multilink are very
close in terms of latency or make sure all packets from a single flow
use the same member. The latter of course prevents you from having a
single flow taking up more than the bandwidth of a single member.

(It might be less a problem for "generic UDP" compared to TCP, since TCP
packets need to be reassembled in order, making OoO packets a problem.
UDP gives no such guarantees.)

-- 
Peter


___
cisco-nsp mailing list  cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/

Re: [c-nsp] Problem with Microsoft NLB on Server 2008 running in Multicast mode

2010-03-26 Thread Asbjorn Hojmark - Lists 
On Fri, 26 Mar 2010 09:49:38 -0700, you wrote:

> So, at this point I think we've decided to resolve the issue by
> backing out this patch, moving the cluster to its own separate vlan,
> leave the cluster in unicast mode, and call it a day.  

Just remember not to run it on VMware, then. (As I said, unicast mode
i (even more) br0ken with vSwitches in there)

-A

___
cisco-nsp mailing list  cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/

Re: [c-nsp] CRS-MSC Part-Numbers and Prices Question

2010-03-26 Thread Asbjorn Hojmark - Lists 
On Fri, 26 Mar 2010 19:25:01 -, you wrote:

> Can somebody explain me the logic behind this ?

If you're looking to buy a CRS, you really shouldn't have to bother
with that. You should have people crawling all over you ready to
explain everything and do all the work ;-)

But anyway... 

CRS-MSB-B is the actual module, and the CRS-MSB-40G-B item is more of
a configuration option (the other option is CRS-MSB-20G-B). What sets
the price of the module is the option, but the service is attached to
the module, not the option.

-A

___
cisco-nsp mailing list  cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/

[c-nsp] CRS-MSC Part-Numbers and Prices Question

2010-03-26 Thread Antonio Soares 
Hello group,

Can somebody explain me the logic behind this ?

+++
Product Price List:

Product Number  Product Description 
Service Category  Price
CRS-MSC-40G-B   Cisco CRS-1 Series Modular Services Card revision B 40G 
N/A USD 270,000.00  
CRS-MSC-B   Cisco CRS-1 Modular Services Card Rev B 
N/A USD
80,000.00
+++
Service Price List:

Product Number  Product Description 
Service P/N US (USD)
CRS-MSC-40G-B   Cisco CRS-1 Series Modular Services Card revision B 40G 
CON-SNT-CRS40GB 0
CRS-MSC-B   Cisco CRS-1 Modular Services Card Rev B 
CON-SNT-CRSMSCB 3200
+++

I don't get why the '0' value in the service for the CRS-MSC-40G-B.

Then i have a PO with these values:

+++
CRS-MSC-40G-B   USD 270,000.00
CRS-MSC-B   USD 0.00
XC-LC40GUSD 0.00

CON-SNT-CRS40GB USD 0.00
CON-SNT-CRSMSCB USD 3,200.00
+++

And here i don't understand the zero value for the CRS-MSC-B.




Thanks.

Regards,
 
Antonio Soares, CCIE #18473 (R&S/SP)
amsoa...@netcabo.pt

___
cisco-nsp mailing list  cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/

[c-nsp] Upgraded our Core -- 0.8 LoC/s and 85% PoC-SC

2010-03-26 Thread Judah Scott 
We just finished upgrading our core.  We are getting 0.8 LoC/s and
just slightly under 85% PoC-SC.  -Sigh- We even did the ultimate test
but the router locked up while only transferring all DVDs with region
code 1.  I thought the CRS-3 was going to reinvent the internet.  I
want more Library of Congress!  I want 110% of the People of China to
make Simultaneous Calls!  I want to watch every DVD known to man at
the same time, every second!

Thank you Cisco for the best joke of the year.  I just finally stopped
laughing.  12 Times faster than competitors?! All it takes is a
72-Chassis, multi-chassis system?!  Oh no, I just started laughing
again ...


And if you think that you're safe from the incredible innovation,
think again.  The film industry is shaking in their boots now that
everyone will be downloading DVDs in a matter of seconds:
http://www.time.com/time/business/article/0,8599,1972540,00.html

___
cisco-nsp mailing list  cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/

Re: [c-nsp] Problem with Microsoft NLB on Server 2008 running in Multicast mode

2010-03-26 Thread Bracey, John 
Youssef & Community:

No, the patch mentioned in KB960916 did NOT fix the issue for us (even though 
it's specifically supposed to).  In fact it has introduced some instability; 
now when our server admin switches between NLB clustering methods (unicast, 
multicast, igmp multicast) the server will bluescreen and reboot.  It's not 
consistent every time, but this behavior did not happen prior to the 
application of the patch.

We asked our tech support person this morning exactly what this patch does, 
because it certainly didn't fix the issue it was supposed to fix.  The only 
answer we could get was that it updated the nlb.sys file to a newer version.  

Microsoft's "solution" (we have a case open with them on this issue) is exactly 
the one mentioned in the techblog article, to create all the static ARP and MAC 
Address entries (which many of you have done).  They continue to place blame on 
the routing/switching even when the KB articles say that Microsoft is aware of 
this issue.  We're not comfortable with that solution as it no doubt will lead 
to confusion down the road that may be difficult to troubleshoot.

So, at this point I think we've decided to resolve the issue by backing out 
this patch, moving the cluster to its own separate vlan, leave the cluster in 
unicast mode, and call it a day.  

I thank you all for your feedback on this issue, it helped our decision process 
a bunch.

Thanks.

- John Bracey


-Original Message-
From: Asbjorn Hojmark - Lists [mailto:li...@hojmark.org] 
Sent: Thursday, March 25, 2010 1:12 PM
To: Peter Rathlev
Cc: Bracey, John; 'cisco-nsp@puck.nether.net'
Subject: Re: [c-nsp] Problem with Microsoft NLB on Server 2008 running in 
Multicast mode

On Thu, 25 Mar 2010 20:01:55 +0100, you wrote:

> C6k(config)# arp vrf X 10.0.0.1 03bf.0abc.def0 ARPA

If it is in fact a 6500, that alone is a pretty bad idea, as traffic
bound for the cluster will be process-switched. It is recommended to
add at static MAC entry as well.

 mac-address-table static 03bf.0abc.def0 vlan X int Y disable-snoop

-A

___
cisco-nsp mailing list  cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/

Re: [c-nsp] Spanning-Tree vs. EoMPLS links in SXI2?

2010-03-26 Thread Gert Doering 
Hi,

On Thu, Mar 25, 2010 at 08:26:12AM +1000, David Hughes wrote:
> Hi, and thanks for the update.
> 
> On 23/03/2010, at 8:47 PM, Gert Doering wrote:
> 
> > The problem could be reproduced with our combination of ingress/egress
> > modules in the TAC lab, and a bug ID has been assigned: CSCtf77954=
> 
> So TAC confirmed it's specific to the linecards in use as well as the 
> IOS version?  I don't want to trip over this problem.

TAC said it's specific to the *egress* line card (6708 with DFC-3CXL),
and they suggested, as a workaround, to use the 10G ports on the Supervisor 
engine instead (Sup720-10G-3CXL).  We didn't test this (used a workaround
via a different router).

They also said that the bug will be fixed in SXI4, to be released in July.

gert

-- 
USENET is *not* the non-clickable part of WWW!
   //www.muc.de/~gert/
Gert Doering - Munich, Germany g...@greenie.muc.de
fax: +49-89-35655025g...@net.informatik.tu-muenchen.de


pgpALiFcSLJhK.pgp
Description: PGP signature
___
cisco-nsp mailing list  cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/

Re: [c-nsp] Problem with Microsoft NLB on Server 2008 running in Multicast mode

2010-03-26 Thread Youssef Bengelloun-Zahr 
Hello Community,

I have client that suffers from the same symptoms. My config looks
approximatly the same :

I have two 6k5 configured with an SVI + HSRP, two static IP routes pointing
two the clients' equipments (a cluster of firewalls of some kind).

The client is hosting an IBM blade center and uses it to sell virtualized
work environnments on Windows.

I have been debuging this him for hours, each time, the symptoms (loss of
connectivity, delays, etc.) show up when we decide to ping a VM.

All the other pings respond well until we enter his LAN on the other side of
his boxes.

I over-heard him with his team saying that Microsoft NLB might be the
problem.

John, did KB960916 solve your problems ?

Thanks for the feedback.

Best regards.

Y.


2010/3/26 Tim Durack 

> On Thu, Mar 25, 2010 at 6:20 PM, Asbjorn Hojmark - Lists
>  wrote:
> > On Thu, 25 Mar 2010 22:52:07 +0100, you wrote:
> >
> >>
> http://www.cisco.com/en/US/customer/products/hw/switches/ps708/products_configuration_example09186a0080a07203.shtml
> >
> > Yeah, that's the one I was thinking off.
> >
> >> Together with the static ARP it tends to make the whole system (cluster
> >> + network) more fragile IMO. Too much manual configuration, too many
> >> normally independent parts of the solution that have to match.
> >
> > I agree, it isn't pretty.
> >
> > One could use the 'unicast' model instead, but that lives on unicast
> > flooding, so it requires very small and very controlled VLANs, and it
> > breaks with vSwitches in there.
> >
> > Or one could use a hardware loadbalancer...
>
> We've suffered through several MS-NLB clusters for the last couple of
> years. Nothing but trouble.
>
> Static arp plus disable dhcp-snooping is required. We've broken it
> several times, with vrf migrations and what not.
>
> I would strongly suggest staying away from MS-NLB.
>
> --
> Tim:>
> ___
> cisco-nsp mailing list  cisco-nsp@puck.nether.net
> https://puck.nether.net/mailman/listinfo/cisco-nsp
> archive at http://puck.nether.net/pipermail/cisco-nsp/
>



-- 
Youssef BENGELLOUN-ZAHR ……
Ingénieur Réseaux et Télécoms


Technopole de l'Aube  en Champagne - BP 601 - 10901 TROYES  Cedex 9
Agence Paris : 6, rue Charles Floquet - 92120 MONTROUGE
Tel +33 (0) 825 000 720
Tel. direct  +33 (0) 1 77 35 59 14
Tel. portable  +33 (0) 6 22 42 63 80
Emaily...@720.fr
…….www.720.fr
___
cisco-nsp mailing list  cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/

Re: [c-nsp] SDSL Multilink PPP high latency / lost fragments / input errors on cisco 7200

2010-03-26 Thread Johannes Jakob 

To follow up my own thread...

all of you might have seen it on first look - I didn't.

It's a problem on the linux side of course.
While the cisco isn't fragmenting, the linux pppd seems to be...

So I guess I'm looking for answers on the wrong list ;)

with multilink I'll propably get similar problems, because linux doesn't
support per packet multipath AFAIK.

BUT: one question that you guys might be able to answer:
when using packet based multipath, will that be a problem for voice and/or
UDP packets?


Thanks for reading,

  John

 


Am Mittwoch, den 24.03.2010, 15:57 +0100 schrieb Johannes Jakob
:
> [edited copy of email to cisco-bba yesterday]
> 
> Dear colleagues,
> 
> I've got some serious trouble debugging a problem with some of our
> multilink bundles.
> I already moved some of them to a separate LNS, to have a better
debugging
> chance.
> 
> I'm talking about L2TP encapsulated PPP bundles all coming from a large
> national carrier, originated by linux based CPEs.
> All of them are directly terminated on the LNS the carrier sends the
> tunnels to.
> No forwarding, no mmlp/sgbp on these bundles.
> 
> At this debugging level, there are only two bundles with two links each,
> but the problem is exactly the same when there are more bundles (same
> carrier).
> 
> Continuously pinging the CPEs at the other end of the bundle shows peaks
> of >1000ms (up to >9000ms) and sometimes single to few packets get lost.
> 
> debug ppp multilink events at these times says:
> 
> 
> Mar 23 13:56:54: Vi128 MLP: Lost fragment timeout, seq 7BEAD
> Mar 23 13:56:54: Vi128 MLP: Discard reassembled packet
> Mar 23 13:56:54: Vi148 MLP: Lost fragment timeout, seq 6A3CF
> Mar 23 13:56:54: Vi148 MLP: Discard reassembled packet
> Mar 23 13:57:04: Vi148 MLP: Lost fragment timeout, seq 6A41F
> Mar 23 13:57:04: Vi148 MLP: Discard reassembled packet
> Mar 23 13:57:10: Vi128 MLP: Lost fragment timeout, seq 7BFDF
> Mar 23 13:57:10: Vi128 MLP: Discard reassembled packet
> Mar 23 13:57:11: Vi128 MLP: Lost fragment timeout, seq 7BFE1
> Mar 23 13:57:11: Vi128 MLP: Discard reassembled packet
> Mar 23 13:57:12: Vi128 MLP: Lost fragment timeout, seq 7BFEA
> Mar 23 13:57:12: Vi128 MLP: Begin bit lost, discard fragment 7BFEB
> 
> 
> 
> lost fragment counters increase at these times, reordered counter
steadily
> increases all the time.
> 
> 
> 
> What drives me crazy is that it's not one single bundle that is having
the
> problem at a time, but it's *all* of the bundles on this LNS
> simultaneously.
> It's not a constant problem and happens from time to time. Completely
> unpredictable (duration and interval)!
> 
> 
> 
> 
> When forwarding those links to a linux LNS running rp-l2tpd, those links
> get bundled just fine, no such problem, everything seems to be ok.
> => neither the individual lines nor the carrier itself is the problem
> here.
> 
> 
> So I wonder whether there is a common buffer that all bundles share or
if
> you guys know of any other thing I could check?
> I already tried setting 
> 
> ppp multilink queue depth qos 3
> ppp multilink queue depth fifo 3 / 50 / 255
> and/or
> ppp multilink slippage mru 16
> 
> 
> without any luck or significant change.
> 
> 
> BTW: where can I check the status of these buffers?
> 
> 
> 
> 
> I already read most of the multilink related messages in the archive and
> considered switching to multipath with packet based forwarding, but
> because
> of the linux kernel on the CPEs only flow based forwarding can be
deployed
> cpe outbound, so the usage of the single links won't be equal enough...
> 
> 
> 
> Any hints, tips, tricks or criticism would be appreciated ;-)
> 
> 
> Thanks in advance,
> 
> 
>John
> 
> 
> 
> 
> P.S.: The individual links themselves are just fine, when using
multipath
> instead of multilink or just forwarding them to the linux box to let it
> bundle them, everything is fine. Just when the 7200 should do it...
> everything goes crazy...
> 
> Cisco IOS Software, 7200 Software (C7200-A3JK9S-M), Version 12.4(25b),
> RELEASE SOFTWARE (fc1)
> 
> Cisco 7204VXR (NPE300) processor (revision D) with 229376K/65536K bytes
of
> memory.
> Processor board ID 28711625
> R7000 CPU at 262MHz, Implementation 39, Rev 2.1, 256KB L2 Cache
> 4 slot VXR midplane, Version 2.7
> 
> 
> 
> 
> 
> 
> 
> 
> lns3#show int Vi128
> Virtual-Access128 is up, line protocol is up
>   Hardware is Virtual Access interface
>   Interface is unnumbered. Using address of Loopback11 (3.3.3.3)
>   MTU 1454 bytes, BW 200 Kbit/sec, DLY 10 usec,
>  reliability 255/255, txload 1/255, rxload 1/255
>   Encapsulation PPP, LCP Open, multilink Open
>   Listen: IPV6CP
>   Open: IPCP
>   MLP Bundle vaccess, cloned from AAA, Virtual-Template1
>   Vaccess status 0x40, loopback not set
>   Keepalive set (10 sec)
>   DTR is pulsed for 5 seconds on reset
>   Last input 00:00:42, output never, output hang never
>   Last clearing of "show interface" counters 02:52:23
>   Input queue: 0/75/0/0 (size/max/drops/flushes); Total

Re: [c-nsp] Replacing redundant Sup720 on Catalyst 6500

2010-03-26 Thread John Smith 
Greetings, 

Thank you to all the engineers who responded to my query. I really appreciate 
all your help. I will take/review your suggestions and recommendations and plan 
our maintenance accordingly. Thanks again for all your help. 

-John-

--- On Thu, 3/25/10, Peter Kranz  wrote:

From: Peter Kranz 
Subject: Re: [c-nsp] Replacing redundant Sup720 on Catalyst 6500
To: "'Youssef Bengelloun-Zahr'" , "'Stephen Cobb'" 

Cc: "'Cisco-nsp'" 
Date: Thursday, March 25, 2010, 8:17 PM

Also a chance of stalling the bus for too long if you insert the new
supervisor too slowly into the chassis.. so its possible you will reboot
even if you should not have to.

Peter Kranz
www.UnwiredLtd.com
Desk: 510-868-1614 x100
Mobile: 510-207-
pkr...@unwiredltd.com 


-Original Message-
From: cisco-nsp-boun...@puck.nether.net
[mailto:cisco-nsp-boun...@puck.nether.net] On Behalf Of Youssef
Bengelloun-Zahr
Sent: Thursday, March 25, 2010 5:01 PM
To: Stephen Cobb
Cc: Cisco-nsp
Subject: Re: [c-nsp] Replacing redundant Sup720 on Catalyst 6500

Same old same.

FYI, this kind of problem is solved using UBL (in 12.2(33)SXI IOS I think).

Basicaly, during this kind of maitainance, the new module will download the
same IOS, config, etc... from the active one. I read that a few days ago,
comes in handy when you stand in the place you are in right now.

Good luck.

Y.



2010/3/26 Stephen Cobb 

> John-
>
> You want it to boot the software you've already got up and running, so 
> make a copy of the IOS onto some compact flash. When you insert the 
> redundant Sup, have a console cable and terminal already connected so 
> that you can monitor its boot process. Once you see the Sup's memory 
> displayed,
> CTRL+BREAK and get to ROMMON. Then, tell it to boot that IOS you want 
> CTRL+from
> the compact flash disk. If it boots correctly, you'll see console 
> switch to its MSFC and then [once booted] it'll download the config 
> from the active Sup and you'll be up and running. At that point, 
> you'll want to move the console to your active Sup and make sure that 
> your standby Sup's bootflash or bootdisk contains the IOS 12.2(18)SXF7 
> that you want. If not, make the appropriate file copies from the active
Sup's bootflash or bootdisk. (i.e.
> copy sup-bootlfash:xxx.bin slavesup-bootflash:xxx.bin)
>
> That's the short...I'm sure those links would help as well.
>
> --
> Stephen F. Cobb • Senior Sales Engineer CCNA/CCDA/DCNID/CSE/ASP/ATSA 
> Telecoast Communications, LLC • Santa Barbara, CA o 877.677.1182 x272 
> • c 760.807.0570 • f 805.618.1610 aim/yahoo telecoaststephen
>
> On Thu, Mar 25, 2010 at 3:07 PM, John Smith  wrote:
>
> > Greetings,
> >
> > To all who responded to my query ...
> >
> > Thank you for your responses. I appreciate it. I have couple more 
> > questions.
> >
> > Do I need to do anything with the SSO or Redundancy config before I
> remove
> > the bad Sup module in Slot 5 and insert in the new module?
> >
> > The new module is coming from Cisco, so I have no idea what IOS it 
> > will have on it. We do not have a spare chassis to stage the new 
> > module coming from Cisco.
> >
> > Will the IOS and Config automatically sync with the Active module in 
> > slot
> 6
> > when I insert the new/replacement module in slot 5.
> >
> > Thanks again for all your help. I very much appreciate it.
> >
> > Thanks!
> > -John-
> >
> > --- On Thu, 3/25/10, Youssef Bengelloun-Zahr  wrote:
> >
> >
> > From: Youssef Bengelloun-Zahr 
> > Subject: Re: [c-nsp] Replacing redundant Sup720 on Catalyst 6500
> > To: "John Smith" 
> > Cc: cisco-nsp@puck.nether.net
> > Date: Thursday, March 25, 2010, 4:54 PM
> >
> >
> > P.S :
> >
> > As I said before, make sure you are replacing the STANDBY SUP, not 
> > the active one (unless NSF is configured for your IGPs, etc...).
> >
> > Y.
> >
> >
> >
> >
> > 2010/3/25 Youssef Bengelloun-Zahr 
> >
> > Also, check out this :
> >
> >
> >
> http://www.cisco.com/en/US/products/hw/switches/ps708/products_configu
> ration_example09186a008086ed2e.shtml
> >
> > Y.
> >
> >
> >
> >
> > 2010/3/25 Youssef Bengelloun-Zahr 
> >
> >
> >
> >
> > Hello John,
> >
> > Based on your posting, the sup in slot 5 is in STANDBY state, so no
> worries
> > to have :-)
> >
> > FYI :
> >
> >
> >
> https://supportforums.cisco.com/docs/DOC-4068/version/1;jsessionid=667
> B4E9940D21005AC46FD72F7A602B9.node0
> >
> > Good luck !
> >
> > Y.
> >
> >
> >
> >
> > 2010/3/25 John Smith 
> >
> >
> >
> >
> > We have a 6500 Switch in our network with two SUP720 engines running 
> > in
> SSO
> > mode; one engine is Active and the other is in  Standby Hot. The Sup
> engines
> > are in slot 5 and slot 6. We need to replace the card in Slot 5.
> >
> > Does anyone have a step by step procedure and/or web link on how to
> replace
> > the redundant supervisor card without rebooting the chassis.
> >
> > Any/all help is much appreciated. Thank you.
> >
> > We have the following config for the supervisors.
> >
> > !
> > redundancy
> > mode sso
> > main-cpu

Re: [c-nsp] OID that measures total traffic?

2010-03-26 Thread Per Carlson 
On Fri, Mar 26, 2010 at 12:11, Lincoln Dale  wrote:
> On 25/03/2010, at 7:40 PM, Gert Doering wrote:
>> Is that implemented in (common) Cisco gear?
>
> software-based forwarding platforms: yes.
> hardware-based forwarding platforms: no.

That's not that simple. For example do a 12k return data.

When sending 1000pps of data through an E5-LC I get:

pe...@mgmt:~$ snmpdelta martin -Cp 10 ipForwDatagrams.0
RFC1213-MIB::ipForwDatagrams.0 /10 sec: 137341
RFC1213-MIB::ipForwDatagrams.0 /10 sec: 90737
RFC1213-MIB::ipForwDatagrams.0 /10 sec: 95638
RFC1213-MIB::ipForwDatagrams.0 /10 sec: 89135
RFC1213-MIB::ipForwDatagrams.0 /10 sec: 88609
RFC1213-MIB::ipForwDatagrams.0 /10 sec: 135391
RFC1213-MIB::ipForwDatagrams.0 /10 sec: 94839
RFC1213-MIB::ipForwDatagrams.0 /10 sec: 92460
RFC1213-MIB::ipForwDatagrams.0 /10 sec: 87531

Looks ok to me.

One thing though, in and out are on the same LC (but different SPA's).

-- 
Pelle

A: Because it messes up the order in which people normally read text.
Q: Why is top-posting such a bad thing?
A: Top-posting.
Q: What is the most annoying thing in e-mail?
___
cisco-nsp mailing list  cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/

Re: [c-nsp] OID that measures total traffic?

2010-03-26 Thread Lincoln Dale 

On 25/03/2010, at 7:40 PM, Gert Doering wrote:

> Hi,
> 
> On Wed, Mar 24, 2010 at 02:01:01PM +0100, Per Carlson wrote:
>>> Is there an SNMP OID that reports total traffic that passes through a
>>> router?
>> 
>>> From RFC1213-MIB:
>> 
>> ipForwDatagrams OBJECT-TYPE
>>SYNTAX  Counter
> 
> Is that implemented in (common) Cisco gear?

software-based forwarding platforms: yes.
hardware-based forwarding platforms: no.

>  Is there a corresponding
> octet counter?  If yes, is there a 64bit counter?

there in lies the real issue: no 64 bit counter.
and on distributed h/w forwarding platforms, it'd be problematic to implement 
anyway.

then there is the case of whether one implements said counter with Cabletron 
logic or not.  i.e. count input and output. :)


cheers,

lincoln.


___
cisco-nsp mailing list  cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/

Re: [c-nsp] OID that measures total traffic?

2010-03-26 Thread Per Carlson 
Hi.

> Is that implemented in (common) Cisco gear?

At least all IOS-devices I've tried it on. Not sure how it works on
6500's, which I assume interests you Gert, because all my 6500's are
pure L2-switches.

In IOS-XR the counter is implemented but do return 0 all time (at
least until 3.9)

> Is there a corresponding octet counter?

Not that I'm aware of. It would though be handy :-)

-- 
Pelle

A: Because it messes up the order in which people normally read text.
Q: Why is top-posting such a bad thing?
A: Top-posting.
Q: What is the most annoying thing in e-mail?
___
cisco-nsp mailing list  cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/

Re: [c-nsp] WebVPN Issue

2010-03-26 Thread Antonio Soares 
For those interested, here's the bug i have for this issue:


CSCtf53013 Bug Details 

SSLVPN-VIF route deleted if new session attempted with same client IP  
Symptom:
If a user attempts to open a second AnyConnect SSLVPN session on the same IOS 
head-end and the AAA server assigns the same IP to
that user, the second session will fail as expected but it will also 
unexpectedly remove the route injected for the first session.

Conditions:
AnyConnect SSLVPN on IOS configured to use IP address assigned by AAA server.
AAA server assigning the same IP twice.

Workaround:
Allow only 1 session per-user on the AAA server or make sure that the AAA 
server never sends the same framed-ip-address for 2
concurrent sessions.



Regards,
 
Antonio Soares, CCIE #18473 (R&S/SP)
amsoa...@netcabo.pt

-Original Message-
From: nob...@groupstudy.com [mailto:nob...@groupstudy.com] On Behalf Of Antonio 
Soares
Sent: quinta-feira, 11 de Fevereiro de 2010 1:14
To: 'Tyson Scott'; 'Roman Rodichev'
Cc: 'Farrukh Haroon'; cisco-nsp@puck.nether.net; 'Cisco certification'
Subject: RE: WebVPN Issue

Tyson,

TAC SR in progress. I will let you know what they will call this :) 


Thanks.

Regards,
 
Antonio Soares, CCIE #18473 (R&S/SP)
amsoa...@netcabo.pt

-Original Message-
From: Tyson Scott [mailto:tsc...@ipexpert.com] 
Sent: quinta-feira, 11 de Fevereiro de 2010 0:11
To: 'Antonio Soares'; 'Roman Rodichev'
Cc: 'Farrukh Haroon'; cisco-nsp@puck.nether.net; 'Cisco certification'
Subject: RE: WebVPN Issue

Antonio,

It would be plausible that you could open a case with Cisco and call it a
bug, or a feature enhancement, that if there is an IP conflict that it
disconnects both sessions or refuses/ignores the radius attribute if it
conflicts with an existing session; or gives an error message, but I
wouldn't necessarily call that a bug.  Typically I would classify a bug as a
feature that does not operate as it should within normal conditions or
expected error states.  But that may be just me.

More it sounds like a basic rule is being broken (assigning duplicate IP's)
and adverse effects are happening from it.  Currently there may not be an
error check to handle the error state as you would hope.

Please don't take offense, I can see myself making the same mistake, but a
networking rule 101 is being broken and sometimes you will have strange
results from such.  Much like spanning-tree loops or duplicate IP's on the
network.  Sometimes it takes intervention to fix the basic problems.

Regards,

Tyson Scott - CCIE #13513 R&S, Security, and SP 
Technical Instructor - IPexpert, Inc.
Mailto: tsc...@ipexpert.com
Telephone: +1.810.326.1444, ext. 208
Live Assistance, Please visit: www.ipexpert.com/chat
eFax: +1.810.454.0130



-Original Message-
From: Antonio Soares [mailto:amsoa...@netcabo.pt] 
Sent: Wednesday, February 10, 2010 6:06 PM
To: 'Tyson Scott'; 'Roman Rodichev'
Cc: 'Farrukh Haroon'; cisco-nsp@puck.nether.net; 'Cisco certification'
Subject: RE: WebVPN Issue

The session of the 1st user remains up and the vpn routes are there. But in
the router the route back to the user is removed. So in
the user's perspective, connectivity is broken and he doesn't have an idea
why. Clearly a bug, don't you think ?

Thanks.

Regards,
 
Antonio Soares, CCIE #18473 (R&S/SP)
amsoa...@netcabo.pt

-Original Message-
From: Tyson Scott [mailto:tsc...@ipexpert.com] 
Sent: quarta-feira, 10 de Fevereiro de 2010 22:33
To: 'Roman Rodichev'; 'Antonio Soares'
Cc: 'Farrukh Haroon'; cisco-nsp@puck.nether.net; 'Cisco certification'
Subject: RE: WebVPN Issue

Actually it makes sense.  You have duplicate IP's and the router needs to
decide which one is valid, which often will cause a network interrupt.
Although it doesn't allow the second connection it is terminating the first
to process to make a decision about the conflict.  At least that is what I
interpret what you are seeing to be.

Regards,
 
Tyson Scott - CCIE #13513 R&S, Security, and SP
Technical Instructor - IPexpert, Inc.
Mailto: tsc...@ipexpert.com
Telephone: +1.810.326.1444, ext. 208
Live Assistance, Please visit: www.ipexpert.com/chat
eFax: +1.810.454.0130



-Original Message-
From: nob...@groupstudy.com [mailto:nob...@groupstudy.com] On Behalf Of
Roman Rodichev
Sent: Wednesday, February 10, 2010 12:28 PM
To: Antonio Soares
Cc: Farrukh Haroon; ; Cisco certification
Subject: Re: WebVPN Issue

Probably just a "feature" :)

Sent from my iPhone

On Feb 10, 2010, at 11:24 AM, "Antonio Soares"   
wrote:

> Yes, it works fine with local pool. In this case, the AC client gets  
> a message saying "no address assigned".
>
> I was able to reproduce the problem in the meanwhile. It makes sense  
> that the 2nd user is not able to establish the session but it
> doesn't make sense the 1st looses his connection.
>
> This seems a bug to me.
>
> Thanks.
>
> Regards,
>
> Antonio Soares, CCIE #18473 (R&S/SP)
> amsoa...@netcabo.pt
>
> ---