Re: [c-nsp] Service agreement warning for EOL hardware
On 9/30/10 5:07 PM, Łukasz Bromirski wrote: Bear in mind that before the IOS license activation, there was no way to tie for 100% your hardware to specific set of licenses/ feature sets you could download, and no way to check if the device is still alive. So, the database that is used to display such warning may not be 100% in line with the real life. I don't think too many of Cisco's latest ideas on how the website should function (remember Java-only download cart introduction day) are in line with real life. However, I must give credit for keeping extensive documentation and references available. For the Cisco people listening: please don't ever take that away or require contracts to view. It's an awesome way to self research and one of the major reasons I keep buying Cisco. (All the expertise on this list is another reason.) ~Seth ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] Service agreement warning for EOL hardware
Re Seth, se...@rollernet.us (Seth Mattinen) wrote: I don't think too many of Cisco's latest ideas on how the website should function (remember Java-only download cart introduction day) are in line with real life. I have wondered for years now, why Cisco wouldn't enforce service contracts on software downloads, or rather, when they would start. Now we can also easily understand why FTP access was discontinued. Yes - that kind of checking is possible with FTP servers. No - Cisco only has marketing jocks and web-only programming garage-boys at their hand. Not a real communications department (including proper tool development) that would ask the users about their experience. I am quite happy that Cisco boxes do not give me as much trouble as e.g., F5, because I'd be screwed with their idea of support in case there's a software bug. I have experienced that kind of pain with a bug in XE (soft-reconfig inbound - ah, just disable the feature)... Btw - has the L2 Portchannel bug on ASR1ks been fixed? However, I must give credit for keeping extensive documentation and references available. For the Cisco people listening: please don't ever take that away or require contracts to view. It's an awesome way to self research and one of the major reasons I keep buying Cisco. (All the expertise on this list is another reason.) Are you begging for breadcrumbs here? Remember what you shelled out for those service contracts? As to this list - invaluable. Yours, Elmi. -- Machen Sie sich erst einmal unbeliebt. Dann werden Sie auch ernstgenommen. (Konrad Adenauer) --[ ELMI-RIPE ]--- pgpQcEMIe7oyW.pgp Description: PGP signature ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] Service agreement warning for EOL hardware
On Fri, 01 Oct 2010 01:42:22 +0200, you wrote: End of new service attachment - November 2006. You could buy a router in November 2002. Then, four years later you decided it was a last call for extending the life of your network. By either renewing yearly the service contract during the entire lifetime of your 3640, or calling in an inspection from Cisco to check if they can register the new service for gear that is currently not covered by any service, you could then in November 2006 go into 5-years contract to support the box just before the 'last date to order a new service-and-support' was hit. Last Date of Support for the 3640 was November 2007. It is correct that you could extend an existing contract or buy a new one November 2006... but you couldn't do that for 5 years, only 1 because EoL (LDoS) was November 2007. Ref: http://www.cisco.com/en/US/products/hw/routers/ps274/prod_eol_notice09186a008032d840.html However, it seems that your problem is not related to the way how Cisco treats it's customers, but to downloading the software from CCO with no valid contract to cover the specific hardware platform :) I agree with the OP that there's no way one could have a valid service contract on a 3640 today. -A ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
[c-nsp] High CPU caused by interupt on 7600 router
Hi group, I have a 7609 PE router with 2 TenGigabit interfaces uplink to other P routers and Gigabit interfaces downlink to access switch. Recently, I detect the CPU of that router is punted approximately every 35mins and result in below output: == PE-Router#sho proc cpu hist 4521313151 100 90 80 70 60 50 40 30 20 10 * * 051122334455 0505050505 CPU% per second (last 60 seconds) 88 699 5664764335455448544554465856444344555656540444344454357766 100 90 ** ** 80 ** ** 70 ** *** 60 ** *** 50 ** *** 40 #* *** 30 #* *#* 20 #* *#* 10 *## #* * ** ** ** * ***## * * 051122334455 0505050505 CPU% per minute (last 60 minutes) * = maximum CPU% # = average CPU% 9899689899798889898887299889 988989884889 7653706465425842251504506532186452964008644208308676970312489352156780 100 * * * ** ** * *** * 90 * ** * *** * ** * *** 80 * *** 70 ** * *** 60 ** * *** 50 ** * 40 ** * 30 ** * 20 10 ** 051122334455667. 0505050505050 CPU% per hour (last 72 hours) * = maximum CPU% # = average CPU% == I can confirm this caused by interrupt by configure ERM feature to detect the interrupt on the router and check CPU right after the interrupt happens. The following output display the logging: === *Sep 29 13:39:38.830: %SYS-4-CPURESRISING: System is seeing global cpu util 97% at total level more than the configured critical limit 80 % *Sep 29 13:39:38.830: %SYS-4-CPURESRISING: System is seeing global cpu util 97% at interrupt level more than the configured critical limit 70 % *Sep 29 13:39:48.830: %SYS-6-CPURESFALLING: System is no longer seeing global high cpu at total level for the configured critical limit 80%, current value 44% *Sep 29 13:39:48.830: %SYS-6-CPURESFALLING: System is no longer seeing global high cpu at interrupt level for the configured critical limit 70%, current value 44% *Sep 29 13:42:13.750: %SYS-5-CONFIG_I: Configured from console by admin on vty0 (172.16.252.251) *Sep 29 14:14:11.122: %SYS-5-CONFIG_I: Configured from console by admin on vty0 (172.16.252.251) *Sep 29 14:16:58.862: %SYS-4-CPURESRISING: System is seeing global cpu util 90% at total level more than the configured critical limit 80 % *Sep 29 14:16:58.862: %SYS-4-CPURESRISING: System is seeing global cpu util 90% at interrupt level more than the configured critical limit 70 % *Sep 29 14:17:08.862: %SYS-6-CPURESFALLING: System is no longer seeing global high
Re: [c-nsp] High CPU caused by interupt on 7600 router
Try ELAM capture... TAC can help with the ELAM or CPU profiling. -Ozgur - Original Message From: Rin rint...@gmail.com To: cisco-nsp@puck.nether.net Sent: Fri, 1 October, 2010 10:34:08 Subject: [c-nsp] High CPU caused by interupt on 7600 router Hi group, I have a 7609 PE router with 2 TenGigabit interfaces uplink to other P routers and Gigabit interfaces downlink to access switch. Recently, I detect the CPU of that router is punted approximately every 35mins and result in below output: == PE-Router#sho proc cpu hist 4521313151 100 90 80 70 60 50 40 30 20 10 * * 051122334455 0505050505 CPU% per second (last 60 seconds) 88 699 5664764335455448544554465856444344555656540444344454357766 100 90 ** ** 80 ** ** 70 ** *** 60 ** *** 50 ** *** 40 #* *** 30 #* *#* 20 #* *#* 10 *## #* * ** ** ** * ***## * * 051122334455 0505050505 CPU% per minute (last 60 minutes) * = maximum CPU% # = average CPU% 9899689899798889898887299889 988989884889 7653706465425842251504506532186452964008644208308676970312489352156780 100 * * * ** ** * *** * 90 * ** * *** * ** * *** 80 * *** 70 ** * *** 60 ** * *** 50 ** * 40 ** * 30 ** * 20 10 ** 051122334455667. 0505050505050 CPU% per hour (last 72 hours) * = maximum CPU% # = average CPU% == I can confirm this caused by interrupt by configure ERM feature to detect the interrupt on the router and check CPU right after the interrupt happens. The following output display the logging: === *Sep 29 13:39:38.830: %SYS-4-CPURESRISING: System is seeing global cpu util 97% at total level more than the configured critical limit 80 % *Sep 29 13:39:38.830: %SYS-4-CPURESRISING: System is seeing global cpu util 97% at interrupt level more than the configured critical limit 70 % *Sep 29 13:39:48.830: %SYS-6-CPURESFALLING: System is no longer seeing global high cpu at total level for the configured critical limit 80%, current value 44% *Sep 29 13:39:48.830: %SYS-6-CPURESFALLING: System is no longer seeing global high cpu at interrupt level for the configured critical limit 70%, current value 44% *Sep 29 13:42:13.750: %SYS-5-CONFIG_I: Configured from console by admin on vty0 (172.16.252.251) *Sep 29 14:14:11.122: %SYS-5-CONFIG_I: Configured from console by admin on vty0 (172.16.252.251) *Sep 29 14:16:58.862: %SYS-4-CPURESRISING: System is seeing global cpu util 90% at total level more than the configured critical limit 80 % *Sep 29
Re: [c-nsp] traffic policing on 7600
Thomas, Cory,
thats exactly function I was looking for!
Thank you for hint, service-policy with aggregated policer is now set on all
vlans a traffic is policed as I needed.
Kind regards,
Jiri Prochazka
- Original Message -
From: Thomas Habets tho...@habets.pp.se
To: Jiří Procházka jiri.procha...@superhosting.cz
Sent: Friday, October 01, 2010 9:53 AM
Subject: Re: [c-nsp] traffic policing on 7600
On Thu, 30 Sep 2010, Jiří Procházka wrote:
What am I trying to accomplish is an option to limit exact source IPs to
certain bandwidth to _all_ transit lines togehter.
I don't know if it requires fancier cards than a 6708, but have you tried
an aggregate policer?
mls qos aggregate-policer FOO 10
policy-map TLINK1
class class-default
policy aggregate FOO
policy-map TLINK2
class class-default
policy aggregate FOO
Don't forget mls qos vlan-based if you need it.
class class_shape_funpower
police cir 500
A class called shape that actually polices? Uh, strange choice.
-
typedef struct me_s {
char name[] = { Thomas Habets };
char email[] = { tho...@habets.pp.se };
char kernel[]= { Linux };
char *pgpKey[] = { http://www.habets.pp.se/pubkey.txt; };
char pgp[] = { A8A3 D1DD 4AE0 8467 7FDE 0945 286A E90A AD48 E854 };
char coolcmd[] = { echo '. ./_. ./_'_;. ./_ };
} me_t;
___
cisco-nsp mailing list cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/
[c-nsp] Is GLC-FE-100LX= really unsupported?
Hello people, Cisco lists the GLC-FE-100LX= SFP as unsupported for several switches like most Catalyst 3560. However, they say it is supported in small 8PC and 12PC boxes. Does anyone know for sure that it is not working in e.g. Cat 3560-24TS switches? I am surprised that Cisco lists the GLC-FE-100FX (Multimode fiber) as supported but not the LX (Singlemode) module. Thanks Sascha ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] can I use | pipe line such as | inc xxx and regexp such as regexp ^$ both , when I execute show bgp
Hi Mark. features when using show bgp There's a number of things they don't have, and this is to be expected for a box that is still fairly new on the scene. The CRS-1 isn't *that* new any more. And someone else already mentioned, 3.8 brought with it some BGP switches that can do the stuff you're looking for. Later releases will simply make it more elegant. In this case it weren't about switches, but a plain and dirty bug. It just didn't work with quotes. Haven't used 3.6.anything, but it sounds a little dated unless TAC are recommending it (which I'd find curious, but...). We did an upgrade from 3.5 to 3.6 on our CRS-1's last winter (northern hemisphere). At that time Cisco Advanced Services didn't recommend using any newer than 3.6. Neither 3.8 nor 3.9 didn't add any must have features, and 3.6 had significantly more exposures in the wild (read: used in production). All-in-all, not a bad box. Definitely worth considering if you're looking to beef up your core, particularly for the interesting deals Cisco can offer when compared to the competition, including in-house, i.e., XR 12000. It became a lot better when Cisco pulled the plug on ASR14k, and instead ships the LC's to the CRS. -- Pelle RFC1925, truth 11: Every old idea will be proposed again with a different name and a different presentation, regardless of whether it works. ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] Service agreement warning for EOL hardware
On 2010-10-01 11:06, Asbjorn Hojmark - Lists wrote: Last Date of Support for the 3640 was November 2007. It is correct that you could extend an existing contract or buy a new one November 2006... but you couldn't do that for 5 years, only 1 because EoL (LDoS) was November 2007. I can't go into details, but yes, in this particular case it seems that nobody required a extended service contract terms for the 3640, so the EoL date was set to November 2007. In case when EoS notes are published and then extended in terms of service contract renewal above typical terms, it's because there are customers with multiyear contracts on the boxes. -- Everything will be okay in the end. | Łukasz Bromirski If it's not okay, it's not the end. | http://lukasz.bromirski.net ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] High CPU caused by interupt on 7600 router
Hi Phil, Thanks for your email. Below is my answer: Do you have any CoPP or MLS limiters enabled? I am thinking particularly the TTL and MTU ones. The CPU only spikes in less than a minute show I cannot catch it when it high. I had CoPP applied as below == ip access-list standard CoreIP permit 172.16.x.x 0.0.0.255 permit 172.16.x.x 0.0.0.255 ! class-map match-all CoreIP match access-group name CoreIP ! policy-map CoPP class CoreIP police 2000 conform-action transmit exceed-action drop class class-default police 600 conform-action transmit exceed-action drop ! control-plane service-policy input CoPP == The output shows more than 12Mbps of traffic (matched by class-default) is sending to CPU. I believe this is value is high but I could not determine what type of traffic is sending to CPU === PE-Router#sho policy-map control-plane Control Plane Service-policy input: CoPP Hardware Counters: class-map: CoreIP (match-all) Match: access-group name CoreIP police : 2000 bps 625000 limit 625000 extended limit Earl in slot 1 : 1684255 bytes 5 minute offered rate 2808 bps aggregate-forwarded 1684255 bytes action: transmit exceeded 0 bytes action: drop aggregate-forward 3760 bps exceed 0 bps Earl in slot 4 : 0 bytes 5 minute offered rate 0 bps aggregate-forwarded 0 bytes action: transmit exceeded 0 bytes action: drop aggregate-forward 0 bps exceed 0 bps Earl in slot 6 : 0 bytes 5 minute offered rate 0 bps aggregate-forwarded 0 bytes action: transmit exceeded 0 bytes action: drop aggregate-forward 0 bps exceed 0 bps Earl in slot 7 : 0 bytes 5 minute offered rate 0 bps aggregate-forwarded 0 bytes action: transmit exceeded 0 bytes action: drop aggregate-forward 0 bps exceed 0 bps Earl in slot 9 : 0 bytes 5 minute offered rate 0 bps aggregate-forwarded 0 bytes action: transmit exceeded 0 bytes action: drop aggregate-forward 0 bps exceed 0 bps Software Counters: Class-map: CoreIP (match-all) 27872 packets, 2226445 bytes 5 minute offered rate 4000 bps, drop rate bps Match: access-group name CoreIP police: cir 2000 bps, bc 625000 bytes conformed 27915 packets, 2229727 bytes; actions: transmit exceeded 0 packets, 0 bytes; actions: drop conformed 4000 bps, exceed bps Hardware Counters: class-map: class-default (match-any) Match: any police : 600 bps 187000 limit 187000 extended limit Earl in slot 1 : 7697842499 bytes 5 minute offered rate 12430840 bps aggregate-forwarded 3726798935 bytes action: transmit exceeded 3971043564 bytes action: drop aggregate-forward 6016104 bps exceed 6414120 bps Earl in slot 4 : 0 bytes 5 minute offered rate 0 bps aggregate-forwarded 0 bytes action: transmit exceeded 0 bytes action: drop aggregate-forward 0 bps exceed 0 bps Earl in slot 6 : 0 bytes 5 minute offered rate 0 bps aggregate-forwarded 0 bytes action: transmit exceeded 0 bytes action: drop aggregate-forward 0 bps exceed 0 bps Earl in slot 7 : 908447 bytes 5 minute offered rate 880 bps aggregate-forwarded 908447 bytes action: transmit exceeded 0 bytes action: drop aggregate-forward 624 bps exceed 0 bps Earl in slot 9 : 304 bytes 5 minute offered rate 0 bps aggregate-forwarded 304 bytes action: transmit exceeded 0 bytes action: drop aggregate-forward 0 bps exceed 0 bps Software Counters: Class-map: class-default (match-any) 7093 packets, 1164410 bytes 5 minute offered rate 2000 bps, drop rate bps Match: any 7093 packets, 1164410 bytes 5 minute rate 2000 bps police: cir 600 bps, bc 187500 bytes conformed 7101 packets, 1165380 bytes; actions: transmit exceeded 0 packets, 0 bytes; actions: drop conformed 3000 bps, exceed bps === You could ERSPAN the RP/SP CPU to a remote machine, then correlate CPU spikes with the captured traffic. How can I do this? Do you have any guideline? How many BGP routes and peers do you have? What is the churn rate on the BGP table? Is there any IGP stability? Is there any possibility of a loop? We only run MP-BGP for MPLS VPN on this router. The BGP table contains
Re: [c-nsp] High CPU caused by interupt on 7600 router
Hi Ozgur, I saw TAC engineer do ELAM capture once but not understand much. Is there any documentation about ELAM capture? For CPU Profiling, do you mean this documentation? http://www.cisco.com/en/US/products/hw/routers/ps359/products_tech_note09186a00801c2af0.shtml#cd It seems that CPU Profiling is not supported on 7609 with 12.2(33)SRD. Thanks, -Original Message- From: Ozgur Guler [mailto:guleroz...@yahoo.co.uk] Sent: Friday, October 01, 2010 6:36 PM To: Rin; cisco-nsp@puck.nether.net Subject: Re: [c-nsp] High CPU caused by interupt on 7600 router Try ELAM capture... TAC can help with the ELAM or CPU profiling. -Ozgur ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] can I use | pipe line such as | inc xxx and regexp such as regexp ^$ both , when I execute show bgp
On Friday, October 01, 2010 10:48:57 pm Per Carlson wrote: The CRS-1 isn't *that* new any more. I know, I meant in terms of its evolution from a core to a peering to an edge platform. Not just the CRS, but also IOS XR. It's been around a while, but still making in-roads and still developing. I've always had concerns about earlier versions of IOS XR being appropriate (or not) for edge applications. I will say 3.9 is much better than earlier versions, but we still think this is overkill for a CRS. Perhaps an ASR9000. But hey, YMMV :-). We did an upgrade from 3.5 to 3.6 on our CRS-1's last winter (northern hemisphere). At that time Cisco Advanced Services didn't recommend using any newer than 3.6. Neither 3.8 nor 3.9 didn't add any must have features, and 3.6 had significantly more exposures in the wild (read: used in production). There's a bunch of features we've been accustomed to in JUNOS and IOS that we needed in IOS XR. It's probably a good thing we boarded the CRS bandwagon late, which made transitioning that much less difficult, e.g., the ability to ignore an IS-IS ATT bit, e.t.c. It became a lot better when Cisco pulled the plug on ASR14k, and instead ships the LC's to the CRS. Yes, those FP40 forwarding boards offer great value. Mark. signature.asc Description: This is a digitally signed message part. ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] High CPU caused by interupt on 7600 router
On 01/10/10 16:24, Rin wrote: Hi Phil, Thanks for your email. Below is my answer: Do you have any CoPP or MLS limiters enabled? I am thinking particularly the TTL and MTU ones. The CPU only spikes in less than a minute show I cannot catch it when it high. I had CoPP applied as below Since the system logs, you could use an EEM applet to trigger a sh proc cpu and direct output to a file? The output shows more than 12Mbps of traffic (matched by class-default) is sending to CPU. I believe this is value is high but I could not determine what type of traffic is sending to CPU In which case I would SPAN the CPU. You could ERSPAN the RP/SP CPU to a remote machine, then correlate CPU spikes with the captured traffic. How can I do this? Do you have any guideline? conf t mon sess 1 type erspan-source source cpu rp source cpu sp destination ip address your monitoring box # various other options exit no shut ...then on your monitoring box, run gulp | tcpdump or wireshark ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] High CPU caused by interupt on 7600 router
ELAM captures only one packet at a time so it's not as useful for figuring out what packets are causing high CPU. An RP-inand SPAN will be much better. Once you find out which packets are going to the CPU and you think that maybe those packets should not have hit the CPU then ELAM could be useful. BTW - there is no customer facing docs about ELAM as they are engineering level commands. That said it's pretty easy to capture an IP packet in ELAM. Reading all the fields in the DBUS and RBUS headers is another matter. -Ben On Oct 1, 2010, at 11:31 AM, Rin wrote: Hi Ozgur, I saw TAC engineer do ELAM capture once but not understand much. Is there any documentation about ELAM capture? For CPU Profiling, do you mean this documentation? http://www.cisco.com/en/US/products/hw/routers/ps359/products_tech_note09186a00801c2af0.shtml#cd It seems that CPU Profiling is not supported on 7609 with 12.2(33)SRD. Thanks, -Original Message- From: Ozgur Guler [mailto:guleroz...@yahoo.co.uk] Sent: Friday, October 01, 2010 6:36 PM To: Rin; cisco-nsp@puck.nether.net Subject: Re: [c-nsp] High CPU caused by interupt on 7600 router Try ELAM capture... TAC can help with the ELAM or CPU profiling. -Ozgur ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/ ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
