Re: [c-nsp] Mixing PFC3B and DFC3A with 10G linecards / 6500
On Fri, 02 Apr 2010 21:48:00 -0600, you wrote: > And the linecard I want to put in it uses a DFC3A. From the docs it > seems that this arrangement will work, but A) I have to reboot the box, > and B) PFC will fall back to operating as a PFC3A. That is correct. Can you live without 3B features? MPLS is only supported on the 3B, for example (the prime example, actually). > What is the performance difference between the PFC3A and PFC3B? None. > Are there any gotchas with running the 10G linecards in this box in this > condition? There's MPLS, as mentioned, but there are other minor differences as well. -A ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
[c-nsp] Mixing PFC3B and DFC3A with 10G linecards / 6500
Hi all, I'm trying to put a 48-port 1G linecard in a C6500, and there's a mismatch that I wonder if someone could explain to me. The sup in the 6506 is a 720 PFC3B: And the linecard I want to put in it uses a DFC3A. From the docs it seems that this arrangement will work, but A) I have to reboot the box, and B) PFC will fall back to operating as a PFC3A. Also, I have two 10G line cards in this same box. So my questions are: What is the performance difference between the PFC3A and PFC3B? Are there any gotchas with running the 10G linecards in this box in this condition? Thanks, Tom -- Tom Ammon Network Engineer Office: 801.587.0976 Mobile: 801.674.9273 Center for High Performance Computing University of Utah http://www.chpc.utah.edu ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] www.cisco.com Login Woes
On Friday 02 April 2010 11:16:06 pm Jeff Wojciechowski wrote: > I'd be curious to know what Cisco takes in for SmartNet > coverage, but could someone divert 0.001% of that to > look into cisco.com website issues? +1. Access to the web site has markedly improved since yesterday (not perfect, but back to where we were before last week's madness). I guess I can see why; the gates got a face lift. Like you, all was running fine until it came time for me to download the file (non-Java option), and then blank! Nothing doing, Page Not Found! Switched to the Java option, but I only gave it 60 seconds before leaving it alone. As it stands, no files yet, but I've done enough complaining for 7 days :-). Mark. signature.asc Description: This is a digitally signed message part. ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] RIPE Request Form
On 02/04/2010 16:01, Samir Alkadhumi wrote: > and for that I have two question; do I have to have a legal document with > my future peers, or just a verbal contact, At least until recently, all they requested was a verbal contact from a peer ASN. > and can anyone give me example > for the policy I should send , is this the correct form > > from AS2 accept { 128.9.0.0/16 } you probably want: import: from AS2 accept ANY export: to AS2 announce ASNEW "ASNEW" is RIPE short-hand for the ASN that you're applying for. Nick ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
[c-nsp] RIPE Request Form
Dear All First of all, thank you for taking the time and reading my mail: I am at the stage to request a AS from ripe, and in the request form, it is asking for two things: 1. Peer contacts 2. Route policy in the form of import: from accept export: to announce import: from accept export: to announce and for that I have two question; do I have to have a legal document with my future peers, or just a verbal contact, and can anyone give me example for the policy I should send , is this the correct form from AS2 accept { 128.9.0.0/16 } Thank You ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] 3560-E fan modules
•The switch supports hot swapping of the fan module. You can remove and replace the module without interrupting normal switch operation. •When replacing the fan module, complete the replacement procedure within 2 minutes to avoid overheating the switch. •Make sure that all fan module captive screws are tightened before moving the switch. http://www.cisco.com/en/US/docs/switches/lan/catalyst3750e_3560e/hardware/install/notes/1757101.html#wp40415 HTH, Andrew On Apr 2, 2010, at 7:51 AM, Justin M. Streiner wrote: > Quick question for the peanut gallery. I have a Cat3560E-12D with a fan > module that's failing. A review of the various docs and data sheets on CCO > says that the fan modules are field replaceable, but not if they are > hot-swappable. In other words, do I have to plan for an outage to replace > the fan, assuming I would replace the old module immediately? > > jms > ___ > cisco-nsp mailing list cisco-nsp@puck.nether.net > https://puck.nether.net/mailman/listinfo/cisco-nsp > archive at http://puck.nether.net/pipermail/cisco-nsp/ > ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] 12012 systems
yOn Fri, 2 Apr 2010, Drew Weaver wrote: As we have migrated several 12012 routers to 12810s we have several of these beastly creations sitting around our facility. Awhile back someone mentioned to me offlist that they were able to upgrade these so that they could use PRP-2s, that may only apply to the 12010s but I am wondering if anyone has found a use for these old beasts? 12008 can take PRP-2, I don't see why 12012 won't? Otoh a 2.5G-per-slot router isn't hugely useful nowadays Resale value is kind of low so I guess most people won't use them anymore. -- Mikael Abrahamssonemail: swm...@swm.pp.se ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] www.cisco.com Login Woes
Not sure if this is related but tried to download latest ASDM and IOS files for ASA 5505 today added both to cart in Firefox 3.6.2 and then the popup window after proceed to download page took 4 minutes before I was presented with page to actually download files. Then immediately tried IE8 : Added same 2 files to cart - hit 'proceed to download' button and was around 4 minutes before being presented with the EULA Accept/Deny prompt. I'd be curious to know what Cisco takes in for SmartNet coverage, but could someone divert 0.001% of that to look into cisco.com website issues? -Jeff -Original Message- From: cisco-nsp-boun...@puck.nether.net [mailto:cisco-nsp-boun...@puck.nether.net] On Behalf Of Jay Nakamura Sent: Thursday, April 01, 2010 11:23 PM To: cisco-nsp Subject: Re: [c-nsp] www.cisco.com Login Woes > I've had a lot of this happening lately too. Are people having problems > using Firefox or IE or other browsers? > > (I'm asking because I seem to have a lot of problems with Firefox and > cisco.com, and I haven't been able to work out why, the same pages that give > a gateway timeout work fine at the same with IE, so maybe it's an encoding > problem or something...?) I had strange problems with FF today on cisco.com but loaded fine with Chrome. I thought it was FF being flaky but now I am not too sure. ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/ ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
[c-nsp] ISP Compression
Anyone has an idea how to compress local loop traffic for ADSL users and so what is the device or feature needed at ISP network @ BRAS for decompress such traffic again to optimize and reserve more B.W?? _ The New Busy is not the old busy. Search, chat and e-mail from your inbox. http://www.windowslive.com/campaign/thenewbusy?ocid=PID28326::T:WLMTAGL:ON:WL:en-US:WM_HMP:042010_3 ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
[c-nsp] BTK Feedback Forum..
https://supportforums.cisco.com/community/netpro/idea-center/onlinesupporttools/btk ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] match-in-vrf with NVI
Derek, this is strange... Have you done it on an ASR1000 with XND or later? If yes, can you please send me some outputs of the config before/after and the show ver? Tnx Arie From: Derick Winkworth [mailto:dwinkwo...@att.net] Sent: Friday, April 02, 2010 17:10 To: Arie Vayner (avayner); cisco-nsp@puck.nether.net Subject: Re: [c-nsp] match-in-vrf with NVI I did this last night, and while it took the config without complaining, the second one overwrote the first one in running-config. What I am really looking for is this functionality in NVI.. ip nat source static 10.1.1.9 205.141.232.13 vrf SUB001-VRF match-in-vrf ip nat source static 10.1.1.4 205.141.232.13 vrf SUB002-VRF match-in-vrf That would be outstanding. From: Arie Vayner (avayner) To: Derick Winkworth ; cisco-nsp@puck.nether.net Sent: Fri, April 2, 2010 1:44:08 AM Subject: RE: [c-nsp] match-in-vrf with NVI Derick, >From what I can see, since 12.2(33)XND you can configure duplicate outside NAT mapping with different VRFs without the need for the "match-in-vrf" keyword. It would just use the VRF names in the NAT statements: So this config should work: router(config)#ip nat outside source static network 172.1.1.0 16.1.1.0 /24 vrf Cust_A router(config)#ip nat outside source static network 172.1.1.0 16.1.1.0 /24 vrf Cust_B Arie -Original Message- From: cisco-nsp-boun...@puck.nether.net [mailto:cisco-nsp-boun...@puck.nether.net] On Behalf Of Derick Winkworth Sent: Thursday, April 01, 2010 22:33 To: cisco-nsp@puck.nether.net Subject: [c-nsp] match-in-vrf with NVI All: Anyone know when the "match-in-vrf" keyword will be supported with NAT NVI? I really would like to see this! Derick ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/ ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] match-in-vrf with NVI
I did this last night, and while it took the config without complaining, the second one overwrote the first one in running-config. What I am really looking for is this functionality in NVI.. ip nat source static 10.1.1.9 205.141.232.13 vrf SUB001-VRF match-in-vrf ip nat source static 10.1.1.4 205.141.232.13 vrf SUB002-VRF match-in-vrf That would be outstanding. From: Arie Vayner (avayner) To: Derick Winkworth ; cisco-nsp@puck.nether.net Sent: Fri, April 2, 2010 1:44:08 AM Subject: RE: [c-nsp] match-in-vrf with NVI Derick, >From what I can see, since 12.2(33)XND you can configure duplicate outside NAT >mapping with different VRFs without the need for the "match-in-vrf" keyword. >It would just use the VRF names in the NAT statements: So this config should work: router(config)#ip nat outside source static network 172.1.1.0 16.1.1.0 /24 vrf Cust_A router(config)#ip nat outside source static network 172.1.1.0 16.1.1.0 /24 vrf Cust_B Arie -Original Message- From: cisco-nsp-boun...@puck.nether.net [mailto:cisco-nsp-boun...@puck.nether.net] On Behalf Of Derick Winkworth Sent: Thursday, April 01, 2010 22:33 To: cisco-nsp@puck.nether.net Subject: [c-nsp] match-in-vrf with NVI All: Anyone know when the "match-in-vrf" keyword will be supported with NAT NVI? I really would like to see this! Derick ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/ ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] maximum configurable static NATs on a 7200/NPE-G2...
You're right... I ran a script last night that configured 58000 static NATs. Of course, "service compress-config" was necessary :-) but it took it with no problems... From: Rodney Dunn To: Derick Winkworth Cc: cisco-nsp@puck.nether.net Sent: Fri, April 2, 2010 7:34:35 AM Subject: Re: [c-nsp] maximum configurable static NATs on a 7200/NPE-G2... Memory from what I recall. Rodney On 4/1/10 4:47 PM, Derick Winkworth wrote: > All: > > Anyone know what the maximum number of configurable static NATs is on a > 7200/NPE-G2? Is it just a function of memory or is there a hard limit > somewhere? > > Derick > ___ > cisco-nsp mailing list cisco-nsp@puck.nether.net > https://puck.nether.net/mailman/listinfo/cisco-nsp > archive at http://puck.nether.net/pipermail/cisco-nsp/ ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] BGP Load Sharing
On Apr 2, 2010, at 8:08 AM, Bunny Singh wrote: > I am using multihoming for my BGP with two ISP's. I have 10 mbps from one and > 4 mbps from other ISP connecting to my single 3660 router. I am getting > default route from my both of the ISP's Default only? Not enough routes! I'd recommend spicing it up by asking for default + peer routes, or default + peer + customer routes. Or, heck, if these upstream "providers" support communities, request "full feed + default" -- and then simply match & filter based on community tags upon reception. Even if they don't support communities, you could still request a full view & hack up input filters to your liking. Also, the 3660 'cpu' is roughly an npe-225 equivalent (if not identical parts, even), thus, no slouch and will not be terribly bothered crunching some semi-involved route-map policies. Also, it can hold 256 megs of dram. If you've not already done so, upgrade this box to its max (it will likely be the cheapest upgrade you ever get this much out of), and have it hold more routes. Moving on -- it may not be obvious, but you needn't hold the "full" table of routes for your endpoint on the net to make better decisions about which upstream to install a route for a particular destination--even holding 60 to 70% of the table can prove useful. Here's one policy which has been working on 256m or other low-fib/low-mem boxes for my clients, which permits /23 and longer out to 3 AS hops away, and permits only /22 and shorter for everything else. ip prefix-list hackslash seq 10 permit 0.0.0.0/0 le 22 ip prefix-list longs seq 5 permit 0.0.0.0/0 ge 23 ip as-path access-list 10 permit (^_[0-9]+$|^_[0-9]+_[0-9]+$|^_[0-9]+_[0-9]+_[0-9]+$) route-map transit-in permit 5 match ip address prefix-list longs match as-path 10 route-map transit-in permit 10 match ip address prefix-list hackslash You should also search this list (and nanog) for "prefix filter low memory" and other posts from ~2006/2007 era, when folks were crossing the 239k/256k tcam exhaustion thresholds and/or their 256m dram threshold. For example, one way to hack-slash a RIB/FIB is via the ISP-strict /8 boundary RIR allocation based filter ruleset: ftp://ftp-eng.cisco.com/cons/isp/security/Ingress-Prefix-Filter-Templates Perhaps the only downside to per-/8 filtering (plus exceptions) is the need for semi-frequent udpates to the list, as /8's are allocated by IANA and/or when RIR's change their policies. > and advertising /24 Public pool towards both of the ISP's. For load sharing i > am doing path prepending and put a weight for outbound traffic but not > getting loadshare as i want. To get "ecmp" from two 0/0 routes, which is about all I can think would work in this scenario, you will need to enable "max-paths" in your bgp config, like so: (config)#router bgp 64512 (config-router)#maximum-paths 2 ...then the 0/0's from your upstreams, all other things being equal (i.e. set the same metric + lp upon receiving them from your providers), will be placed into your FIB as to ECMP-able 0/0 routes. The routers normal CEF forwarding logic will then do a src+dst IP address hash, and determine a next-hop IP address based upon the results. This isn't 'optimal' in the sense that a customer of upstream provider A would be sent via a (potentially worse) path via provider B, but it'd sure guarantee your upstream traffic distribution would be fairly equal, assuming your userbase was not fixated on a subnet of the possible internet destination addresses. If you are running a 12.4T image, you can also enable cef load-sharing full, which uses src+dst IP addresses, as well as src+dest port numbers of TCP and UDP packets to aid in making a more uniform distribution of next-hop selection. This may confound your users, however, as things like TCP and UDP traceroutes will expose 'both' paths from probe to probe packet. In my experience, customers don't mind/notice l4 ecmp on intra-network paths, but on inter-network paths, it seems to generate complaints. > Now i want to do the loadsharing and want to use near to 14 mbps. So is it > anyway to do the loadsharing for outbound as well as inbound traffic. I have > searched in google but didnot get perfect answer. CEF ecmp will only get a statistically 50/50 split based on src+dst hash, so you'd never see a perfect 10+4; instead, you'd see the 4mbit link pushed to the ceiling and the 10 megabit link would be unlikely filled. The best solution here is to specifically ask for "full table + default," use route maps to filter and express different import policies, and tweak said policies to obtain a reasonable upstream split. -Tk ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
[c-nsp] 12012 systems
Hi, As we have migrated several 12012 routers to 12810s we have several of these beastly creations sitting around our facility. Awhile back someone mentioned to me offlist that they were able to upgrade these so that they could use PRP-2s, that may only apply to the 12010s but I am wondering if anyone has found a use for these old beasts? thanks, -Drew ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] BGP Load Sharing
On Fri, Apr 2, 2010 at 6:58 AM, Chris Wopat wrote: > ! sprint (1239), level3(3356), AT&T (4181) > ip as-path access-list 7 permit ^1234 1239_ > ip as-path access-list 7 permit ^1234 3356_ > ip as-path access-list 7 permit ^1234 4181_ Whoops, 7018 is ATT, 4181 is TDS. You would still just pick whatever you want, possibly starting with Tier 1''s per my example. --Chris ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
[c-nsp] BGP Load Sharing
On Fri, Apr 2, 2010 at 6:33 AM, wrote: > Message: 8 > Date: Fri, 2 Apr 2010 05:08:04 -0700 (PDT) > From: Bunny Singh > To: cisco-nsp@puck.nether.net > Subject: [c-nsp] BGP Load Sharing > Message-ID: <291700.32887...@web45009.mail.sp1.yahoo.com> > > Hi , > > I am using multihoming for my BGP with two ISP's. I have 10 mbps from one and > 4 mbps from > other ISP connecting to my single 3660 router. I am getting default route > from my both of the > ISP's and advertising /24 Public pool towards bothof the ISP's. For load > sharing i am doing path > prepending and put a weight for outbound traffic but not getting loadshare as > i want. > > Now i want to do the loadsharing and want to use near to 14 mbps. So is it > anyway to do the > loadsharing for outbound as well as inbound traffic. I have searched in > google but didnot > get perfect answer. One (sort of ugly) way to do this is to is to make some larger AS's prefer one path outbound. You would create a route-map inbound so you can make this happen. This example shows a few ways, matching AS's or matching communities that your ISP sends you (check with them to see what communites they send and what they mean. ! your bgp router bgp neighbor 1.2.3.4 route-map ROUTEMAP-1234-IN in ! sprint (1239), level3(3356), AT&T (4181) ip as-path access-list 7 permit ^1234 1239_ ip as-path access-list 7 permit ^1234 3356_ ip as-path access-list 7 permit ^1234 4181_ ! match community 321 from your 1234 neighbor ip community-list 60 permit 1234:321 ! anything access-list 20 permit any ! set metric of 3 for anything in as-path acl 7 route-map ROUTEMAP-1234-IN permit 10 match as-path 7 set metric 3 ! match community 321 as sent from AS 1234 route-map ROUTEMAP-1234-IN permit 20 match community 60 set metric 7 ! set metric 10 for the rest route-map ROUTEMAP-1234-IN permit 30 match ip address 20 set metric 10 You would want to set up something similar for each of your bgp peers even if one of them only does the 'permit ip' to keep the metric of 10 as default for both. --Chris ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
[c-nsp] 3560-E fan modules
Quick question for the peanut gallery. I have a Cat3560E-12D with a fan module that's failing. A review of the various docs and data sheets on CCO says that the fan modules are field replaceable, but not if they are hot-swappable. In other words, do I have to plan for an outage to replace the fan, assuming I would replace the old module immediately? jms ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] maximum configurable static NATs on a 7200/NPE-G2...
Memory from what I recall. Rodney On 4/1/10 4:47 PM, Derick Winkworth wrote: All: Anyone know what the maximum number of configurable static NATs is on a 7200/NPE-G2? Is it just a function of memory or is there a hard limit somewhere? Derick ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/ ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
[c-nsp] BGP Load Sharing
Hi , I am using multihoming for my BGP with two ISP's. I have 10 mbps from one and 4 mbps from other ISP connecting to my single 3660 router. I am getting default route from my both of the ISP's and advertising /24 Public pool towards both of the ISP's. For load sharing i am doing path prepending and put a weight for outbound traffic but not getting loadshare as i want. Now i want to do the loadsharing and want to use near to 14 mbps. So is it anyway to do the loadsharing for outbound as well as inbound traffic. I have searched in google but didnot get perfect answer. Always thanks. Regards Bunny ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/