Re: [c-nsp] Cisco 6k no power enable module

[Matt Addison]

The bus stall is due to the physical pins in the LC making contact,
disabling power to the slot will not avoid this.

http://inetpro.org/wiki/Catalyst_6500#Online_Insertion_.26_Removal

Sent from my iPad

On Dec 1, 2011, at 16:53, Mark Mason  wrote:

We also just labbed a VS-S720-10G running 122-33.SXJ1 and were able to shut
a slot down without a module installed. Unfortunately we ALSO were able to
incorrectly install a WS-X6748-GE-TX and cause the 3 second bus disruption.
Anyone else run into this?

6509-v-e-test(config)#no power enable module 6
%FRU Absent. Power admin state updated
6509-v-e-test(config)#no power enable module 6
% slot is already disabled and not yet enabled
6509-v-e-test(config)#no power enable module 7
%FRU Absent. Power admin state updated
6509-v-e-test(config)#no power enable module 7
% slot is already disabled and not yet enabled
6509-v-e-test(config)#no power enable module 8
%FRU Absent. Power admin state updated
6509-v-e-test(config)#no power enable module 8
% slot is already disabled and not yet enabled
6509-v-e-test(config)#no power enable module 9
%FRU Absent. Power admin state updated
6509-v-e-test(config)#
6509-v-e-test(config)#no power enable module 9
% slot is already disabled and not yet enabled
6509-v-e-test(config)#
*Dec  1 21:14:36.304: %C6KPWR-SP-4-DISABLED: power to module in slot 8 set
off (admin request)
6509-v-e-test(config)#
*Dec  1 21:15:07.123: %OIR-SP-6-REMCARD: Card removed from slot 8,
interfaces disabled
*Dec  1 21:15:11.027: %C6KERRDETECT-SP-2-SWBUSSTALL: The switching bus is
experiencing stall for 3 seconds
*Dec  1 21:15:16.063: %C6KERRDETECT-SP-2-SWBUSSTALL_RECOVERED: The
switching bus stall is recovered and data traffic switching continues
*Dec  1 21:15:18.283: %C6KPWR-SP-4-DISABLED: power to module in slot 8 set
off (admin request)


Mark

From: Mark Mason
Sent: Thursday, December 01, 2011 2:38 PM
To: 'cisco-nsp@puck.nether.net'
Subject: Cisco 6k no power enable module

Anyone know why Cisco doesn't allow for you to shut power down to a
slot/module unless a FRU is installed in it? We can reproduce 100% multiple
times in the lab WS-X6748-GE-TX installation's that causes the bus to stall
3 seconds. It has to do with the force you apply to the card during
installation.

%C6KERRDETECT-SP-2-SWBUSSTALL: The switching bus is experiencing stall for
3 seconds
%C6KERRDETECT-SP-2-SWBUSSTALL_RECOVERED: The switching bus stall is
recovered and data traffic switching continues


Router(config)#no power enable module 8
%FRU Absent. Power admin state updated


Mark

NOTICE: This electronic mail message and any files transmitted with it are
intended
exclusively for the individual or entity to which it is addressed. The
message,
together with any attachment, may contain confidential and/or privileged
information.
Any unauthorized review, use, printing, saving, copying, disclosure or
distribution
is strictly prohibited. If you have received this message in error, please
immediately advise the sender by reply email and delete all copies.
___
cisco-nsp mailing list  cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/
___
cisco-nsp mailing list  cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/

Re: [c-nsp] LAC/LNS Routers - 7200 EOL

[Phil Mayers]

On 12/01/2011 10:48 PM, Phil Mayers wrote:

On 12/01/2011 09:10 PM, Chris Adams wrote:

Once upon a time, sth...@nethelp.no said:

While I agree that it's not optimal, but is it atypical? Isn't
JunOS the
same? All the important things running in single flat process,
which has
its own scheduling and memory management. Unix in the background
being just
an afterthought, really a way to bootstrap it all up.


No, there are a bunch of separate Unix processes on JUNOS handling
different things.


rpd. 'Nuff said.


That's one process that handles a bunch of stuff (but far from
everything); that's hardly a "single flat process, which has its own
scheduling and memory management".


http://www.juniper.net/us/en/local/pdf/whitepapers/2000264-en.pdf

"""
The routing protocol process daemon (RPD) is the most complex process in
a Junos OS system. It not only contains
much of the actual code for routing protocols, but also has its own
scheduler and memory manager.
"""



Grumble Ctrl+Enter Grumble...

To continue: certainly rpd doesn't contain everything, and the JunOS 
architecture is an improvement on classic IOS (in so, so many ways) but 
it is fair to say that rpd does operate to a very large extent as a 
micro-OS, and does indeed have its own scheduler/memory management - as 
above, Juniper describe it this way.


The paper is worth reading, along with the Junpier argument in favour of 
this model (tl;dr - performance). In my (fairly limited) experience it 
works pretty well, better than classic IOS. But I've never had an "rpd" 
crash, and I imagine claims of "modularity" ring hollow for those who 
have, and have suffered outages as a result.

___
cisco-nsp mailing list  cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/

Re: [c-nsp] LAC/LNS Routers - 7200 EOL

[Phil Mayers]

On 12/01/2011 09:10 PM, Chris Adams wrote:

Once upon a time, sth...@nethelp.no  said:

While I agree that it's not optimal, but is it atypical? Isn't JunOS the
same? All the important things running in single flat process, which has
its own scheduling and memory management. Unix in the background being just
an afterthought, really a way to bootstrap it all up.


No, there are a bunch of separate Unix processes on JUNOS handling
different things.


rpd. 'Nuff said.


That's one process that handles a bunch of stuff (but far from
everything); that's hardly a "single flat process, which has its own
scheduling and memory management".


http://www.juniper.net/us/en/local/pdf/whitepapers/2000264-en.pdf

"""
The routing protocol process daemon (RPD) is the most complex process in 
a Junos OS system. It not only contains
much of the actual code for routing protocols, but also has its own 
scheduler and memory manager.

"""
___
cisco-nsp mailing list  cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/

[c-nsp] Cisco 6k no power enable module

[Mark Mason]

Anyone know why Cisco doesn't allow for you to shut power down to a slot/module 
unless a FRU is installed in it? We can reproduce 100% multiple times in the 
lab WS-X6748-GE-TX installation's that causes the bus to stall 3 seconds. It 
has to do with the force you apply to the card during installation.

%C6KERRDETECT-SP-2-SWBUSSTALL: The switching bus is experiencing stall for 3 
seconds
%C6KERRDETECT-SP-2-SWBUSSTALL_RECOVERED: The switching bus stall is recovered 
and data traffic switching continues


Router(config)#no power enable module 8
%FRU Absent. Power admin state updated


Mark

NOTICE: This electronic mail message and any files transmitted with it are 
intended
exclusively for the individual or entity to which it is addressed. The message, 
together with any attachment, may contain confidential and/or privileged 
information.
Any unauthorized review, use, printing, saving, copying, disclosure or 
distribution 
is strictly prohibited. If you have received this message in error, please 
immediately advise the sender by reply email and delete all copies.
___
cisco-nsp mailing list  cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/

Re: [c-nsp] Nexus enabling pathcost method long - documentation

[Tim Stevenson]

Ok thanks. Not sure who owns that document, it's 
definitely not part of the "offical" user 
documentation, but we'll track it down.


Tim


At 01:48 PM 12/1/2011, Mark Mason murmered:


Tim-

Below is the reference. Google has some other 
folks tying to that same page. Fix that one, and fix all I guess.


http://www.cisco.com/en/US/prod/collateral/switches/ps9441/ps9670/C07-572834-00_STDG_NX-OS_vPC_DG.pdf 
- this has the incorrect data


Mark Mason | Network Engineer, Adv | JHA Communications Infrastructure
Jack Henry & Associates, Inc.® | 417.235.6652 x1520 | mma...@jackhenry.com

"Decisions without actions are pointless. 
Actions without decisions are reckless."



-Original Message-
From: Tim Stevenson [mailto:tstev...@cisco.com]
Sent: Thursday, December 01, 2011 3:26 PM
To: Mark Mason; cisco-nsp@puck.nether.net
Subject: Re: [c-nsp] Nexus enabling pathcost method long - documentation

Mark,

What documents are you referring to? In the N7K 
L2 config guide, the default port costs are 
shown & appear to be correct. Please provide 
pointers to any incorrect docs and we can have them checked/fixed.


http://www.cisco.com/en/US/docs/switches/datacenter/sw/5_x/nx-os/layer2/configuration/guide/Cisco_Nexus_7000_Series_NX-OS_Layer_2_Switching_Configuration_Guide_Release_5.x_chapter7.html

http://www.cisco.com/en/US/docs/switches/datacenter/sw/5_x/nx-os/layer2/configuration/guide/Cisco_Nexus_7000_Series_NX-OS_Layer_2_Switching_Configuration_Guide_Release_5.x_chapter8.html#con_1706125

Tim

At 11:24 AM 12/1/2011, Mark Mason murmered:

>In all the Nexus doc's for method long, I am seeing 20,000 as the
>1x10Gb (10Gb total) cost and it should be 2,000. Furthermore, 2x10Gb
>(20Gb total) is 1,000 and in the doc's it shows as 10,000. Can someone
>from Cisco please clear up the design and configuration guides sooner
>than later?
>
>Documents should be corrected with the following for long:
>
>10Gb - 2000
>
>20Gb - 1000
>
>40Gb - 500
>
>Anyone else see this in the doc's and have questions about it?
>
>Mark
>
>NOTICE: This electronic mail message and any files transmitted with it
>are intended exclusively for the individual or entity to which it is
>addressed.
>The message,
>together with any attachment, may contain confidential and/or
>privileged information.
>Any unauthorized review, use, printing, saving, copying, disclosure or
>distribution is strictly prohibited. If you have received this message
>in error, please immediately advise the sender by reply email and
>delete all copies.
>___
>cisco-nsp mailing list  cisco-nsp@puck.nether.net
><https://puck.nether.net/mailman/listinfo/cisco-nsp>https://puck.nether

>.net/mailman/listinfo/cisco-nsp
>archive at
><h 
ttp://puck.nether.net/pipermail/cisco-nsp/>http://puck.nether.net/pip

>ermail/cisco-nsp/




Tim Stevenson, tstev...@cisco.com
Routing & Switching CCIE #5561
Distinguished Technical Marketing Engineer, 
Cisco Nexus 7000 Cisco - 
http://www.cisco.com IP Phone: 408-526-6759


The contents of this message may be *Cisco 
Confidential* and are intended for the specified recipients only.



NOTICE: This electronic mail message and any 
files transmitted with it are intended
exclusively for the individual or entity to 
which it is addressed. The message,
together with any attachment, may contain 
confidential and/or privileged information.
Any unauthorized review, use, printing, saving, 
copying, disclosure or distribution

is strictly prohibited. If you have received this message in error, please
immediately advise the sender by reply email and delete all copies.





Tim Stevenson, tstev...@cisco.com
Routing & Switching CCIE #5561
Distinguished Technical Marketing Engineer, Cisco Nexus 7000
Cisco - http://www.cisco.com
IP Phone: 408-526-6759

The contents of this message may be *Cisco Confidential*
and are intended for the specified recipients only.



___
cisco-nsp mailing list  cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/

Re: [c-nsp] Cisco 6k no power enable module

[Mark Mason]

We also just labbed a VS-S720-10G running 122-33.SXJ1 and were able to shut a 
slot down without a module installed. Unfortunately we ALSO were able to 
incorrectly install a WS-X6748-GE-TX and cause the 3 second bus disruption. 
Anyone else run into this?

6509-v-e-test(config)#no power enable module 6
%FRU Absent. Power admin state updated
6509-v-e-test(config)#no power enable module 6
% slot is already disabled and not yet enabled
6509-v-e-test(config)#no power enable module 7
%FRU Absent. Power admin state updated
6509-v-e-test(config)#no power enable module 7
% slot is already disabled and not yet enabled
6509-v-e-test(config)#no power enable module 8
%FRU Absent. Power admin state updated
6509-v-e-test(config)#no power enable module 8
% slot is already disabled and not yet enabled
6509-v-e-test(config)#no power enable module 9
%FRU Absent. Power admin state updated
6509-v-e-test(config)#
6509-v-e-test(config)#no power enable module 9
% slot is already disabled and not yet enabled
6509-v-e-test(config)#
*Dec  1 21:14:36.304: %C6KPWR-SP-4-DISABLED: power to module in slot 8 set off 
(admin request)
6509-v-e-test(config)#
*Dec  1 21:15:07.123: %OIR-SP-6-REMCARD: Card removed from slot 8, interfaces 
disabled
*Dec  1 21:15:11.027: %C6KERRDETECT-SP-2-SWBUSSTALL: The switching bus is 
experiencing stall for 3 seconds
*Dec  1 21:15:16.063: %C6KERRDETECT-SP-2-SWBUSSTALL_RECOVERED: The switching 
bus stall is recovered and data traffic switching continues
*Dec  1 21:15:18.283: %C6KPWR-SP-4-DISABLED: power to module in slot 8 set off 
(admin request)


Mark

From: Mark Mason
Sent: Thursday, December 01, 2011 2:38 PM
To: 'cisco-nsp@puck.nether.net'
Subject: Cisco 6k no power enable module

Anyone know why Cisco doesn't allow for you to shut power down to a slot/module 
unless a FRU is installed in it? We can reproduce 100% multiple times in the 
lab WS-X6748-GE-TX installation's that causes the bus to stall 3 seconds. It 
has to do with the force you apply to the card during installation.

%C6KERRDETECT-SP-2-SWBUSSTALL: The switching bus is experiencing stall for 3 
seconds
%C6KERRDETECT-SP-2-SWBUSSTALL_RECOVERED: The switching bus stall is recovered 
and data traffic switching continues


Router(config)#no power enable module 8
%FRU Absent. Power admin state updated


Mark

NOTICE: This electronic mail message and any files transmitted with it are 
intended
exclusively for the individual or entity to which it is addressed. The message, 
together with any attachment, may contain confidential and/or privileged 
information.
Any unauthorized review, use, printing, saving, copying, disclosure or 
distribution 
is strictly prohibited. If you have received this message in error, please 
immediately advise the sender by reply email and delete all copies.
___
cisco-nsp mailing list  cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/

Re: [c-nsp] Nexus enabling pathcost method long - documentation

[Mark Mason]

Tim-

Below is the reference. Google has some other folks tying to that same page. 
Fix that one, and fix all I guess.

http://www.cisco.com/en/US/prod/collateral/switches/ps9441/ps9670/C07-572834-00_STDG_NX-OS_vPC_DG.pdf
 - this has the incorrect data
 
Mark Mason | Network Engineer, Adv | JHA Communications Infrastructure
Jack Henry & Associates, Inc.® | 417.235.6652 x1520 | mma...@jackhenry.com

"Decisions without actions are pointless. Actions without decisions are 
reckless."


-Original Message-
From: Tim Stevenson [mailto:tstev...@cisco.com] 
Sent: Thursday, December 01, 2011 3:26 PM
To: Mark Mason; cisco-nsp@puck.nether.net
Subject: Re: [c-nsp] Nexus enabling pathcost method long - documentation

Mark,

What documents are you referring to? In the N7K L2 config guide, the default 
port costs are shown & appear to be correct. Please provide pointers to any 
incorrect docs and we can have them checked/fixed.

http://www.cisco.com/en/US/docs/switches/datacenter/sw/5_x/nx-os/layer2/configuration/guide/Cisco_Nexus_7000_Series_NX-OS_Layer_2_Switching_Configuration_Guide_Release_5.x_chapter7.html

http://www.cisco.com/en/US/docs/switches/datacenter/sw/5_x/nx-os/layer2/configuration/guide/Cisco_Nexus_7000_Series_NX-OS_Layer_2_Switching_Configuration_Guide_Release_5.x_chapter8.html#con_1706125

Tim

At 11:24 AM 12/1/2011, Mark Mason murmered:

>In all the Nexus doc's for method long, I am seeing 20,000 as the 
>1x10Gb (10Gb total) cost and it should be 2,000. Furthermore, 2x10Gb 
>(20Gb total) is 1,000 and in the doc's it shows as 10,000. Can someone 
>from Cisco please clear up the design and configuration guides sooner 
>than later?
>
>Documents should be corrected with the following for long:
>
>10Gb - 2000
>
>20Gb - 1000
>
>40Gb - 500
>
>Anyone else see this in the doc's and have questions about it?
>
>Mark
>
>NOTICE: This electronic mail message and any files transmitted with it 
>are intended exclusively for the individual or entity to which it is 
>addressed.
>The message,
>together with any attachment, may contain confidential and/or 
>privileged information.
>Any unauthorized review, use, printing, saving, copying, disclosure or 
>distribution is strictly prohibited. If you have received this message 
>in error, please immediately advise the sender by reply email and 
>delete all copies.
>___
>cisco-nsp mailing list  cisco-nsp@puck.nether.net 
>https://puck.nether
>.net/mailman/listinfo/cisco-nsp
>archive at
>http://puck.nether.net/pip
>ermail/cisco-nsp/




Tim Stevenson, tstev...@cisco.com
Routing & Switching CCIE #5561
Distinguished Technical Marketing Engineer, Cisco Nexus 7000 Cisco - 
http://www.cisco.com IP Phone: 408-526-6759

The contents of this message may be *Cisco Confidential* and are intended for 
the specified recipients only.


NOTICE: This electronic mail message and any files transmitted with it are 
intended
exclusively for the individual or entity to which it is addressed. The message, 
together with any attachment, may contain confidential and/or privileged 
information.
Any unauthorized review, use, printing, saving, copying, disclosure or 
distribution 
is strictly prohibited. If you have received this message in error, please 
immediately advise the sender by reply email and delete all copies.


___
cisco-nsp mailing list  cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/

Re: [c-nsp] Nexus enabling pathcost method long - documentation

[Tim Stevenson]

Mark,

What documents are you referring to? In the N7K L2 config guide, the 
default port costs are shown & appear to be correct. Please provide 
pointers to any incorrect docs and we can have them checked/fixed.


http://www.cisco.com/en/US/docs/switches/datacenter/sw/5_x/nx-os/layer2/configuration/guide/Cisco_Nexus_7000_Series_NX-OS_Layer_2_Switching_Configuration_Guide_Release_5.x_chapter7.html

http://www.cisco.com/en/US/docs/switches/datacenter/sw/5_x/nx-os/layer2/configuration/guide/Cisco_Nexus_7000_Series_NX-OS_Layer_2_Switching_Configuration_Guide_Release_5.x_chapter8.html#con_1706125

Tim

At 11:24 AM 12/1/2011, Mark Mason murmered:

In all the Nexus doc's for method long, I am seeing 20,000 as the 
1x10Gb (10Gb total) cost and it should be 2,000. Furthermore, 2x10Gb 
(20Gb total) is 1,000 and in the doc's it shows as 10,000. Can 
someone from Cisco please clear up the design and configuration 
guides sooner than later?


Documents should be corrected with the following for long:

10Gb - 2000

20Gb - 1000

40Gb - 500

Anyone else see this in the doc's and have questions about it?

Mark

NOTICE: This electronic mail message and any files transmitted with 
it are intended
exclusively for the individual or entity to which it is addressed. 
The message,
together with any attachment, may contain confidential and/or 
privileged information.
Any unauthorized review, use, printing, saving, copying, disclosure 
or distribution

is strictly prohibited. If you have received this message in error, please
immediately advise the sender by reply email and delete all copies.
___
cisco-nsp mailing list  cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at 
http://puck.nether.net/pipermail/cisco-nsp/





Tim Stevenson, tstev...@cisco.com
Routing & Switching CCIE #5561
Distinguished Technical Marketing Engineer, Cisco Nexus 7000
Cisco - http://www.cisco.com
IP Phone: 408-526-6759

The contents of this message may be *Cisco Confidential*
and are intended for the specified recipients only.


___
cisco-nsp mailing list  cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/

Re: [c-nsp] LAC/LNS Routers - 7200 EOL

[Chris Adams]

Once upon a time, sth...@nethelp.no  said:
> > > While I agree that it's not optimal, but is it atypical? Isn't JunOS the
> > > same? All the important things running in single flat process, which has
> > > its own scheduling and memory management. Unix in the background being 
> > > just
> > > an afterthought, really a way to bootstrap it all up.
> > 
> > No, there are a bunch of separate Unix processes on JUNOS handling
> > different things.
> 
> rpd. 'Nuff said.

That's one process that handles a bunch of stuff (but far from
everything); that's hardly a "single flat process, which has its own
scheduling and memory management".
-- 
Chris Adams 
Systems and Network Administrator - HiWAAY Internet Services
I don't speak for anybody but myself - that's enough trouble.
___
cisco-nsp mailing list  cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/

[c-nsp] Nexus enabling pathcost method long - documentation

[Mark Mason]

In all the Nexus doc's for method long, I am seeing 20,000 as the 1x10Gb (10Gb 
total) cost and it should be 2,000. Furthermore, 2x10Gb (20Gb total) is 1,000 
and in the doc's it shows as 10,000. Can someone from Cisco please clear up the 
design and configuration guides sooner than later?

Documents should be corrected with the following for long:

10Gb - 2000

20Gb - 1000

40Gb - 500

Anyone else see this in the doc's and have questions about it?

Mark

NOTICE: This electronic mail message and any files transmitted with it are 
intended
exclusively for the individual or entity to which it is addressed. The message, 
together with any attachment, may contain confidential and/or privileged 
information.
Any unauthorized review, use, printing, saving, copying, disclosure or 
distribution 
is strictly prohibited. If you have received this message in error, please 
immediately advise the sender by reply email and delete all copies.
___
cisco-nsp mailing list  cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/

Re: [c-nsp] Oversubscription + port groups on WS-X6548-GE-TX

[Jim Getker (getker)]

Hi Rolf,

There is actually 6G of bandwith, 1G for each group of eight ports.  I have 
pasted some information from the 12.2SX release notes about this card.  

Regards,

Jim


Product ID
(append "=" for spares) Product Description
Minimum
Software
Versions
WS-X6548-GE-TX
WS-X6548V-GE-TX
WS-X6548-GE-45AF
48-port 10/100/1000 Mbps
* RJ-45
* CEF256
* WS-X6548-GE-TX supports:
- WS-F6K-VPWR-GE
- WS-F6K-GE48-AF
- WS-F6K-48-AF
* WS-X6548V-GE-TX has WS-F6K-VPWR-GE
* WS-X6548-GE-45AF has WS-F6K-GE48-AF or WS-F6K-48-AF
* With WS-F6K-GE48-AF, supports up to 45 ports of ePoE (16.8W).
* QoS port architecture (Rx/Tx): 1q2t/1p2q2t
* Number of ports: 48
Number of port groups: 2
Port ranges per port group: 1-24, 25-48
* The aggregate bandwidth of each set of 8 ports (1-8, 9-16, 17-24, 25-32, 
33-40, and 41-48)
is 1 Gbps.
With Supervisor Engine 720-10GE 12.2(33)SXH
With Supervisor Engine 720
(except WS-F6K-GE48-AF or WS-F6K-48-AF)
12.2(17a)SX
WS-F6K-GE48-AF or WS-F6K-48-AF
with Supervisor Engine 720
12.2(17d)SXB
With Supervisor Engine 32 12.2(18)SXF
WS-F6K-GE48-AF or WS-F6K-48-AF
with Supervisor Engine 32
12.2(18)SXF

-Original Message-
From: cisco-nsp-boun...@puck.nether.net 
[mailto:cisco-nsp-boun...@puck.nether.net] On Behalf Of "Rolf Hanßen"
Sent: Thursday, December 01, 2011 1:52 PM
To: cisco-nsp@puck.nether.net
Subject: [c-nsp] Oversubscription + port groups on WS-X6548-GE-TX

Hi,

I know that WS-X6548-GE-TX has only 8GBit fdx towards the chassis/bus and
I was told recently that this bandwidth is maybe divided into some kind of
port groups.

Unfortunatelly I found nothing except some old documents that describe
some ASIC limiation in old CatOS versions while using port channels.

I now would like to know if there is another limitation beside the 8GBit
total for any kind of configuration (with our without channels) with
present IOS releases and Sup720 I need to take care of with these cards.

kind regards
Rolf

___
cisco-nsp mailing list  cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/

___
cisco-nsp mailing list  cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/

Re: [c-nsp] Oversubscription + port groups on WS-X6548-GE-TX

[Andrew Miehs]

On 01/12/2011, at 7:52 PM, Rolf Hanßen wrote:

> Hi,
> 
> I know that WS-X6548-GE-TX has only 8GBit fdx towards the chassis/bus and
> I was told recently that this bandwidth is maybe divided into some kind of
> port groups.


http://www.cisco.com/en/US/prod/collateral/switches/ps5718/ps708/prod_white_paper0900aecd80673385.html

I couldn't find anything about the 6548 but the above link is great reading.


Regards

Andrew
___
cisco-nsp mailing list  cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/

[c-nsp] Oversubscription + port groups on WS-X6548-GE-TX

[Rolf Hanßen]

Hi,

I know that WS-X6548-GE-TX has only 8GBit fdx towards the chassis/bus and
I was told recently that this bandwidth is maybe divided into some kind of
port groups.

Unfortunatelly I found nothing except some old documents that describe
some ASIC limiation in old CatOS versions while using port channels.

I now would like to know if there is another limitation beside the 8GBit
total for any kind of configuration (with our without channels) with
present IOS releases and Sup720 I need to take care of with these cards.

kind regards
Rolf

___
cisco-nsp mailing list  cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/

Re: [c-nsp] LAC/LNS Routers - 7200 EOL

[sthaug]

> > While I agree that it's not optimal, but is it atypical? Isn't JunOS the
> > same? All the important things running in single flat process, which has
> > its own scheduling and memory management. Unix in the background being just
> > an afterthought, really a way to bootstrap it all up.
> 
> No, there are a bunch of separate Unix processes on JUNOS handling
> different things.

rpd. 'Nuff said.

Steinar Haug, Nethelp consulting, sth...@nethelp.no
___
cisco-nsp mailing list  cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/

Re: [c-nsp] LAC/LNS Routers - 7200 EOL

[Chris Adams]

Once upon a time, Saku Ytti  said:
> While I agree that it's not optimal, but is it atypical? Isn't JunOS the
> same? All the important things running in single flat process, which has
> its own scheduling and memory management. Unix in the background being just
> an afterthought, really a way to bootstrap it all up.

No, there are a bunch of separate Unix processes on JUNOS handling
different things.

-- 
Chris Adams 
Systems and Network Administrator - HiWAAY Internet Services
I don't speak for anybody but myself - that's enough trouble.
___
cisco-nsp mailing list  cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/

Re: [c-nsp] question about natting ipsec traffic on pix 506E

[Dave Weis]

Check the list archives, I configured basically the same thing 6-12 months ago, 
probably for the same telco. If you don't find it I'll see if I can track down 
my functional config.

Dave

 

> -Original Message-
> From: cisco-nsp-boun...@puck.nether.net 
> [mailto:cisco-nsp-boun...@puck.nether.net] On Behalf Of Peter Rathlev
> Sent: Thursday, December 01, 2011 2:29 AM
> To: dalton
> Cc: cisco-nsp@puck.nether.net
> Subject: Re: [c-nsp] question about natting ipsec traffic on pix 506E
> 
> On Wed, 2011-11-30 at 20:01 -0500, dalton wrote:
> > access-list client1 permit ip host 209.1.1.157 host 200.1.1.2 
> > access-list client1 permit ip host 209.1.1.158 host 200.1.1.2 
> > access-list EXCLUDE-NAT permit ip host 209.1.1.157 host 200.1.1.2 
> > access-list EXCLUDE-NAT permit ip host 209.1.1.158 host 200.1.1.2
> > 
> > nat (inside) 0 access-list EXCLUDE-NAT
> 
> Here you're saying that traffic coming in on the "inside" 
> interface with a source address of 209.1.1.{157,158} destined 
> to 200.1.1.2 should not be translated.
> 
> Those source addresses are globally routable addresses. Are 
> you sure you would expect to see those coming in on the 
> inside interface? If so, the next "static" statements don't 
> make sense to me:
> 
> > static (inside,outside) 209.1.1.157 10.0.0.129 dns netmask 
> > 255.255.255.255 0 0 static (inside,outside) 209.1.1.158 
> 10.0.0.130 dns 
> > netmask 255.255.255.255 0 0
> 
> These statics translate traffic coming in on the "inside" 
> interface with source addresses 10.0.0.{129,130} to 
> 209.1.1.{157,158}. And vice versa.
> This configuration isn't impossible, but it's not highly 
> intuitive either.
> 
> > crypto map statmap 120 ipsec-isakmp
> > crypto map statmap 120 match address client1 crypto map statmap 120 
> > set peer 200.1.1.1 crypto map statmap 120 set pfs group2 crypto map 
> > statmap 120 set transform-set strong
> >
> > I want to nat the 10.0.0.129 and 130 traffic to 
> 209.1.1.157/158 before 
> > it goes through the tunnel.
> > 
> > In the acl for interesting traffic do i want he real (private ips -
> > 10.0.0.129) here? or the natted ips (209.1.1.157)?
> 
> Assuming the crypto map is applied to the "outside" 
> interface, you would use the translated IP addresses 
> (209.1.1.{157,158}). The crypto stuff happens after the NAT 
> stuff (both static and global).
> 
> > Also, for my nat 0 list, do i want the that natted ip in 
> there? or the 
> > real ips.
> 
> Why do you need the NAT-0 at all?
> 
> If you can accept that the hosts 10.0.0.{129,130} always have 
> the 209.1.1.{157,158} addresses when trying to reach things 
> on your outside
> (Internet?) you just delete the policy-NAT related lines.
> 
> Or do these globally routable addresses belong to the other 
> end of the tunnel, so you need to only ever use them for 
> traffic traversing the tunnel?
> 
> By the way: Are these addresses the real ones? Or examples? 
> If the latter, you should generally try to use 192.0.2.0/24 
> (there are a few others too) for examples. Otherwise the 
> holders of 209.1.0.0/16 or
> 200.1.0.0/22 might find it strange to see their addresses 
> used here. :-)
> 
> --
> Peter
> 
> 
> ___
> cisco-nsp mailing list  cisco-nsp@puck.nether.net
> https://puck.nether.net/mailman/listinfo/cisco-nsp
> archive at http://puck.nether.net/pipermail/cisco-nsp/
> 
___
cisco-nsp mailing list  cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/

[c-nsp] MPLS-Aware (Flexible) NetFlow

[Ivan]

Hi,

I am trying to get Netflow going on some ASR1004s running 
asr1000rp2-advipservicesk9.03.04.01.S.151-3.S1.bin.  I started off 
simple and did regular Netflow for IPv4 something like


ip flow-export version 9
ip flow-export destination x.x.x.x 5000

interface x
 ip flow ingress

This worked for IPv4 but gave me no stats for MPLS labelled traffic so I 
tried


ip flow-cache mpls label-positions 1 2

That didn't help at all.

I also wanted IPv6 Netflow and it seems that regular Netflow is not an 
option so I have now moved to "Flexible Netflow" - something like the 
following


flow exporter FE
 destination x.x.x.x
 transport udp 5000

flow monitor FM_IPv4
 record netflow ipv4 original-input
 exporter FE

flow monitor FM_IPv6
 record netflow ipv6 original-input
 exporter FE

interface x
 no ip flow ingress
 ip flow monitor FM_IPv4 input
 ipv6 flow monitor FM_IPv6 input

So far I seem to be good for IPv4 and IPv6 but still am missing stats 
for MPLS labelled packets.  Does anyone know if MPLS-Aware ingress 
Netflow is available in ASR1004/IOS-XE in either regular or Flexible 
flavour?  If anyone has a working example or can point to some doco that 
would be great.  From what I have seen I am suspecting that MPLS-Aware 
Netflow may only be available in egress using standard no flexible 
version???


Also an anyone confirm Flexible Netflow is the only way to get IPv6 flows?

Thanks

Ivan
___
cisco-nsp mailing list  cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/

Re: [c-nsp] question about natting ipsec traffic on pix 506E

[Peter Rathlev]

On Wed, 2011-11-30 at 20:01 -0500, dalton wrote:
> access-list client1 permit ip host 209.1.1.157 host 200.1.1.2  
> access-list client1 permit ip host 209.1.1.158 host 200.1.1.2  
> access-list EXCLUDE-NAT permit ip host 209.1.1.157 host 200.1.1.2
> access-list EXCLUDE-NAT permit ip host 209.1.1.158 host 200.1.1.2
> 
> nat (inside) 0 access-list EXCLUDE-NAT

Here you're saying that traffic coming in on the "inside" interface with
a source address of 209.1.1.{157,158} destined to 200.1.1.2 should not
be translated.

Those source addresses are globally routable addresses. Are you sure you
would expect to see those coming in on the inside interface? If so, the
next "static" statements don't make sense to me:

> static (inside,outside) 209.1.1.157 10.0.0.129 dns netmask 255.255.255.255 0 0
> static (inside,outside) 209.1.1.158 10.0.0.130 dns netmask 255.255.255.255 0 0

These statics translate traffic coming in on the "inside" interface with
source addresses 10.0.0.{129,130} to 209.1.1.{157,158}. And vice versa.
This configuration isn't impossible, but it's not highly intuitive
either.

> crypto map statmap 120 ipsec-isakmp
> crypto map statmap 120 match address client1
> crypto map statmap 120 set peer 200.1.1.1
> crypto map statmap 120 set pfs group2
> crypto map statmap 120 set transform-set strong
>
> I want to nat the 10.0.0.129 and 130 traffic to 209.1.1.157/158 before
> it goes through the tunnel.
> 
> In the acl for interesting traffic do i want he real (private ips -
> 10.0.0.129) here? or the natted ips (209.1.1.157)?

Assuming the crypto map is applied to the "outside" interface, you would
use the translated IP addresses (209.1.1.{157,158}). The crypto stuff
happens after the NAT stuff (both static and global).

> Also, for my nat 0 list, do i want the that natted ip in there? or the
> real ips.

Why do you need the NAT-0 at all?

If you can accept that the hosts 10.0.0.{129,130} always have the
209.1.1.{157,158} addresses when trying to reach things on your outside
(Internet?) you just delete the policy-NAT related lines.

Or do these globally routable addresses belong to the other end of the
tunnel, so you need to only ever use them for traffic traversing the
tunnel?

By the way: Are these addresses the real ones? Or examples? If the
latter, you should generally try to use 192.0.2.0/24 (there are a few
others too) for examples. Otherwise the holders of 209.1.0.0/16 or
200.1.0.0/22 might find it strange to see their addresses used here. :-)

-- 
Peter


___
cisco-nsp mailing list  cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/

Re: [c-nsp] LAC/LNS Routers - 7200 EOL

[Tassos Chatzithomaoglou]

Saku Ytti wrote on 1/12/2011 09:56:
NXOS and IOX-XR seem to be step to the correct direction architecturally, but even they 
don't separate BGP speakers to own processes. 



Distributed BGP seems to be one extra step (although i don't have any actual experience 
with it until now).


http://www.cisco.com/en/US/docs/routers/crs/software/crs_r4.1/routing/configuration/guide/routing_cg41crs_chapter1.html#con_1721889




--
Tassos

___
cisco-nsp mailing list  cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/

Re: [c-nsp] LAC/LNS Routers - 7200 EOL

[Saku Ytti]

On (2011-11-30 23:10 +0100), Gert Doering wrote:
 
> I'm still not convinced that the concept of "one big IOS daemon on
> top of Linux and calling this 'modular'" isn't a train wreck in its
> own.

While I agree that it's not optimal, but is it atypical? Isn't JunOS the
same? All the important things running in single flat process, which has
its own scheduling and memory management. Unix in the background being just
an afterthought, really a way to bootstrap it all up.

I would personally love to have everything as separate process, every BGP
neighbour new process, so crashing would be highly isolated. 
I think there is page to be taken from BEAM/erlang, give up on idea that we
are able to produce quality software and assume when building it, that the
code isn't that good, and treat crashing as expected situation and deal
with gracefully.
Sure there is performance overhead, but at least it would trivially take
use of as many cores as you have.

NXOS and IOX-XR seem to be step to the correct direction architecturally,
but even they don't separate BGP speakers to own processes.

-- 
  ++ytti
___
cisco-nsp mailing list  cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/