[c-nsp] Central services VPNs
So I have a MPLS vpn question for the masterminds on this list;) I have two central services VRFs, A and B and I need route leaking (same import/export) between them to optimize traffic flow. The reason I need two VRFs is that I have to specifiy a different default gw for each VRF. But the problem is that this setup eats up tcam space in the 6500 we use, and doesn't scale then adding the third or forth VRF, then the vrfs contain 10k routes. Can this be done in a scaleale way (tcam) but still be able to optimize traffic flow and support different default GWs Regards MKS ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] Recommendation for small GBit router
On Sat, Dec 17, 2011 at 4:53 PM, Gert Doering g...@greenie.muc.de wrote: What throughput can bigger/newer plattform like Sup32/ASR provide with netflow ? Sup32 is PFC3B so same as Sup720/PFC3B. PFC3B supports 128K NetFlow entries. For us it was OK for ~2Gbps traffic with smalls customers traffic from BRAS (a lot of flows). If you have Sup720/PFC3B then do the POC. The NSE-* have hardware forwarding that never really worked, so the whole product line was abandoned. Short summary. Don't Go There. Not really. It's true for 7200 and NSE-1. But not true for 7304 and NSE-100 and NSE-150. We're still using around 7 of 7304/NSE-100 and NSE-150 based as access-routers at happy with them. ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] Recommendation for small GBit router
The NSE-* have hardware forwarding that never really worked, so the whole product line was abandoned. Short summary. Don't Go There. Not really. It's true for 7200 and NSE-1. But not true for 7304 and NSE-100 and NSE-150. We're still using around 7 of 7304/NSE-100 and NSE-150 based as access-routers at happy with them. Experiences evidently vary. We phased out our last 7304 in February this year - and we were happy to see the end of it. Steinar Haug, Nethelp consulting, sth...@nethelp.no ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] Recommendation for small GBit router
7300 series will also never have 4 byte ASN support ? Last I heard, admittedly over a year ago, but likely a side issue to the topic. On 18 December 2011 11:45, sth...@nethelp.no wrote: The NSE-* have hardware forwarding that never really worked, so the whole product line was abandoned. Short summary. Don't Go There. Not really. It's true for 7200 and NSE-1. But not true for 7304 and NSE-100 and NSE-150. We're still using around 7 of 7304/NSE-100 and NSE-150 based as access-routers at happy with them. Experiences evidently vary. We phased out our last 7304 in February this year - and we were happy to see the end of it. Steinar Haug, Nethelp consulting, sth...@nethelp.no ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/ ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
[c-nsp] Does 7609 have problems with time-range in QoS?
7609 with 12.2(33)SRD6, ADVENTERPRISEK9. 7600-ES+20G3C in slot 8. The configuration below works fine in 3945, but not in 7609. Of the two BULK classes, the one that is written first in the policy-map is matched with no consideration to the time-range. The other never gets any matches. The time-range and access-list says active or inactive at the right times, so it seems fine but doesn't work in the policy-map. Right now for example: #sh time-range OFFICEHOURS time-range entry: OFFICEHOURS (inactive) periodic weekdays 7:00 to 18:00 used in: IP ACL entry used in: IP ACL entry #sh access-lists 111 Extended IP access list 111 10 permit ip host xxx any time-range OFFICEHOURS (inactive) But still: #sh policy-map interface gi8/4.400 Class-map: BULK_OFFICEHOURS (match-all) 131357 packets, 124333424 bytes 5 minute offered rate 93000 bps, drop rate bps Class-map: BULK (match-all) 0 packets, 0 bytes 5 minute offered rate bps, drop rate bps Is this a bug in 7609? Should I do the configuration in another way in 7609? class-map match-all BULK match access-group 112 class-map match-all BULK_OFFICEHOURS match access-group 111 match access-group 112 class-map match-all VOICE match ip dscp ef policy-map CORE-WAN-EDGE_child class VOICE police 500 priority class BULK_OFFICEHOURS police 500 class BULK police 4000 class class-default random-detect dscp-based aggregate policy-map CORE-WAN-EDGE_parent_100Mbps class class-default shape average 1 service-policy CORE-WAN-EDGE_child policy-map CORE-WAN-EDGE_parent_50Mbps class class-default shape average 5000 service-policy CORE-WAN-EDGE_child interface GigabitEthernet8/4.400 bandwidth 10 encapsulation dot1Q 400 ip address 10.40.0.1 255.255.255.0 ip flow ingress service-policy output CORE-WAN-EDGE_parent_100Mbps access-list 111 permit ip any any time-range OFFICEHOURS access-list 112 permit ip host xxx any time-range OFFICEHOURS periodic weekdays 7:00 to 18:00 I also tried these changes to get rid of the dual match in the BULK_OFFICEHOURS class-map, but it had the same problem: class-map match-all BULK match access-group 112 class-map match-all BULK_OFFICEHOURS match access-group 111 access-list 111 permit ip host xxx any time-range OFFICEHOURS access-list 112 permit ip host xxx any time-range OTHER_HOURS time-range OFFICEHOURS periodic weekdays 7:00 to 18:00 time-range OTHER_HOURS periodic weekdays 0:00 to 6:59 periodic weekdays 18:01 to 23:59 periodic weekend 0:00 to 23:59 Thanks! -- Peter Olssonp...@leissner.se ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
[c-nsp] ASR 901 fib size
Hi What size of FIB for IPv4/IPv6 has ASR 901 ? I cannot find this information in documentation and datasheets. Rob ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] Recommendation for small GBit router
On Sunday, December 18, 2011 03:06:18 AM Andrew Miehs wrote: Apart from running something like running lots of E1s, x21 interfaces I would no longer purchase a new 7200. As for second hand boxes - if you can get a service contract for them, ok. Same. If we're buying for small-to-medium Ethernet requirements, the ASR1000's are the platform to pick on the Cisco side of things. If we need low-speed non-Ethernet, the 7200 is hard to beat, even today. I still remember a friend of mine buying 4x 7500s filled with VIPs and ?Supervisors?… Every card, and even the chassis all had problems! But it was not that the cards didn't work - they booted, came on line, and then crashed after 2 days, etc. He spent 6 months debugging the issues with these boxes due to that and EVERY single piece needed replacing. Needless to say, it ended up costing the company more than it would have to buy new. I don't think it would be fair to compare the 7500 to the 7200. They may share port adapters, but that's about it. The NPE-G1 and NPE-G2 on SRE are pretty modern if you're not looking at pushing lots of bandwidth. It's a shame the platform has been discontinued in the long-term, but it's still has miles to run in the short-to-medium term. Mark. signature.asc Description: This is a digitally signed message part. ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] ASR 901 fib size
On 2011-12-18 14:03, Robert Hass wrote: Hi What size of FIB for IPv4/IPv6 has ASR 901 ? I cannot find this information in documentation and datasheets. It's 12k for IPv4 + 8k ARP entries (local hosts). IPv6 is not supported yet. -- There's no sense in being precise when | Łukasz Bromirski you don't know what you're talking | jid:lbromir...@jabber.org about. John von Neumann |http://lukasz.bromirski.net ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] Configure MPLS on Cisco 3945
Welcome to cisco's new licensing model. It will drive you insane if you don't engage your sales rep before placing an order, or at least reading through their site... Sent from my iPad On 18 Dec 2011, at 01:21, Andriy Bilous andriy.bil...@gmail.com wrote: You gonna need DATA license to enable MPLS capabilities. http://www.cisco.com/en/US/prod/collateral/routers/ps10616/white_paper_c11_556985.html#wp9000809 On Sat, Dec 17, 2011 at 10:57 PM, Righa Shake righa.sh...@gmail.com wrote: Hi, Am trying to configure MPLS on a cisco 3945 with the below features however the command mpls ip, or tag-switching are not accessible. System image file is flash0:c3900e-universalk9-mz.SPA.151-2.T1.bin Technology Package License Information for Module:'c3900e' TechnologyTechnology-package Technology-package Current Type Next reboot - ipbaseipbasek9 Permanent ipbasek9 security securityk9Permanent securityk9 ucNone None None data None None None I have managed to configure vrf instances withouth any problem. Any assistance in enabling MPLS (MPBGP) on the router will be highly appreciated. Regards, Righa Shake ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/ ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/ ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] Configure MPLS on Cisco 3945
On 2011-12-17 22:57, Righa Shake wrote: Hi, Am trying to configure MPLS on a cisco 3945 with the below features however the command mpls ip, or tag-switching are not accessible. You need 'data' license for MPLS. You should have trial option if that's newly shipped 3900, as it's now shipped with grace period of 600+ weeks. -- There's no sense in being precise when | Łukasz Bromirski you don't know what you're talking | jid:lbromir...@jabber.org about. John von Neumann |http://lukasz.bromirski.net ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] ASR 901 fib size
Hi, On Sun, Dec 18, 2011 at 02:48:36PM +0100, ?ukasz Bromirski wrote: On 2011-12-18 14:03, Robert Hass wrote: What size of FIB for IPv4/IPv6 has ASR 901 ? I cannot find this information in documentation and datasheets. It's 12k for IPv4 + 8k ARP entries (local hosts). IPv6 is not supported yet. Is it just me, or is someone inside Cisco not really listening very closely to what John Chambers said about IPv6 being committed to IPv6 all across the board, all our devices, all our services, roughly a year ago...? (http://www.youtube.com/watch?v=VCCgVh8wFdA, at about 0:50) gert -- USENET is *not* the non-clickable part of WWW! //www.muc.de/~gert/ Gert Doering - Munich, Germany g...@greenie.muc.de fax: +49-89-35655025g...@net.informatik.tu-muenchen.de pgpzf6rk5WPet.pgp Description: PGP signature ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] Recommendation for small GBit router
On 18/12/2011, at 2:28 PM, Mark Tinka wrote: I still remember a friend of mine buying 4x 7500s filled with VIPs and ?Supervisors?… Every card, and even the chassis all had problems! But it was not that the cards didn't work - they booted, came on line, and then crashed after 2 days, etc. He spent 6 months debugging the issues with these boxes due to that and EVERY single piece needed replacing. Needless to say, it ended up costing the company more than it would have to buy new. I don't think it would be fair to compare the 7500 to the 7200. They may share port adapters, but that's about it. Hi Mark, this wasn't meant a s speed comparison, but rather what can go wrong if you buy second hand without service. Andrew ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] ASR 901 fib size
On 2011-12-18 21:03, Gert Doering wrote: Hi, On Sun, Dec 18, 2011 at 02:48:36PM +0100, ?ukasz Bromirski wrote: On 2011-12-18 14:03, Robert Hass wrote: What size of FIB for IPv4/IPv6 has ASR 901 ? I cannot find this information in documentation and datasheets. It's 12k for IPv4 + 8k ARP entries (local hosts). IPv6 is not supported yet. Is it just me, or is someone inside Cisco not really listening very closely to what John Chambers said about IPv6 being committed to IPv6 all across the board, all our devices, all our services, roughly a year ago...? :) IPv6 will be supported in second software release. I know... but that's the way it is. -- There's no sense in being precise when | Łukasz Bromirski you don't know what you're talking | jid:lbromir...@jabber.org about. John von Neumann |http://lukasz.bromirski.net ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] Configure MPLS on Cisco 3945
You need 'data' license for MPLS. You should have trial option if that's newly shipped 3900, as it's now shipped with grace period of 600+ weeks. 600+ *weeks*!? A 10 year trial period is nice :-) If that's the default, I might be less negative about the licensing system. -- Pelle RFC1925, truth 11: Every old idea will be proposed again with a different name and a different presentation, regardless of whether it works. ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] Configure MPLS on Cisco 3945
On 2011-12-18 23:19, Per Carlson wrote: You need 'data' license for MPLS. You should have trial option if that's newly shipped 3900, as it's now shipped with grace period of 600+ weeks. 600+ *weeks*!? A 10 year trial period is nice :-) If that's the default, I might be less negative about the licensing system. Yep. Policy change. Not directly, but documented here: http://www.cisco.com/en/US/docs/routers/access/sw_activation/SA_on_ISR.html Also, search google for people with 624/623 weeks of trial period in their 'show license [...]' output. -- There's no sense in being precise when | Łukasz Bromirski you don't know what you're talking | jid:lbromir...@jabber.org about. John von Neumann |http://lukasz.bromirski.net ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] Configure MPLS on Cisco 3945
That came in 15.0(4)M iirc, called 'right-to-use' license and basically reverts to the old licensing model. The juggling with PAKs was a nightmare. On Sun, Dec 18, 2011 at 11:19 PM, Per Carlson pe...@hemmop.com wrote: You need 'data' license for MPLS. You should have trial option if that's newly shipped 3900, as it's now shipped with grace period of 600+ weeks. 600+ *weeks*!? A 10 year trial period is nice :-) If that's the default, I might be less negative about the licensing system. -- Pelle RFC1925, truth 11: Every old idea will be proposed again with a different name and a different presentation, regardless of whether it works. ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/ ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] Recommendation for small GBit router
On Monday, December 19, 2011 04:26:37 AM Andrew Miehs wrote: Hi Mark, this wasn't meant a s speed comparison, but rather what can go wrong if you buy second hand without service. Agree. We've had 7200's fail on us, both new and refurbished. Either way, getting a yearly renewable support contract can't hurt, yes. Mark. signature.asc Description: This is a digitally signed message part. ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] HEADS UP: vlan_mgr crashing in NX-OS 5.2(3)
Looks like 5.2.3 has been deferred, 5.2.3a has been posted because of this bug identified last week: http://www.cisco.com/en/US/docs/switches/datacenter/sw/5_x/nx-os/deferral/Deferral_Notice_N7K_523.html Reason for Deferral: DDTS No(s): CSCtw89936http://tools.cisco.com/Support/BugToolKit/search/getBugDetails.do?method=fetchBugDetailsbugId=CSCtw89936 Headline: vlan_mgr may crash when ISSU to 5.2(3) when running 'show vlan' RSH On Wed, Dec 14, 2011 at 3:19 PM, Bernhard Schmidt be...@birkenwald.dewrote: Bernhard Schmidt be...@birkenwald.de wrote: Now show vlan works fine, so if someone wants to reproduce I guess you should ISSU from 5.2(1) to 5.2(3), then execute show vlan. Update, according to TAC it could be related to having the default reserved VLAN range moved with the command (and reload of course) # system vlan 3300 reserve then doing ISSU. By default VLANs in the 39something to 4094 are reserved, but we moved the reservation due to our test-plan using VLANs in the 40xx range. Bernhard ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/ ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] Recommendation for small GBit router
It's too bad that they don't have a release that supports both IPv6 PBR and DHCPv6-PD with static route insertion. Frank -Original Message- From: cisco-nsp-boun...@puck.nether.net [mailto:cisco-nsp-boun...@puck.nether.net] On Behalf Of Mark Tinka Sent: Sunday, December 18, 2011 7:28 AM To: cisco-nsp@puck.nether.net Subject: Re: [c-nsp] Recommendation for small GBit router On Sunday, December 18, 2011 03:06:18 AM Andrew Miehs wrote: Apart from running something like running lots of E1s, x21 interfaces I would no longer purchase a new 7200. As for second hand boxes - if you can get a service contract for them, ok. Same. If we're buying for small-to-medium Ethernet requirements, the ASR1000's are the platform to pick on the Cisco side of things. If we need low-speed non-Ethernet, the 7200 is hard to beat, even today. I still remember a friend of mine buying 4x 7500s filled with VIPs and ?Supervisors?… Every card, and even the chassis all had problems! But it was not that the cards didn't work - they booted, came on line, and then crashed after 2 days, etc. He spent 6 months debugging the issues with these boxes due to that and EVERY single piece needed replacing. Needless to say, it ended up costing the company more than it would have to buy new. I don't think it would be fair to compare the 7500 to the 7200. They may share port adapters, but that's about it. The NPE-G1 and NPE-G2 on SRE are pretty modern if you're not looking at pushing lots of bandwidth. It's a shame the platform has been discontinued in the long-term, but it's still has miles to run in the short-to-medium term. Mark. ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
[c-nsp] Invitation to connect on LinkedIn
LinkedIn Kashif Shafeeq requested to add you as a connection on LinkedIn: -- Vishal, I'd like to add you to my professional network on LinkedIn. - Kashif Accept invitation from Kashif Shafeeq http://www.linkedin.com/e/-bfctb5-gwd3ob6a-5i/vyPV953ymgwhJZim_QSTkIEJ407GCYbmqcvZFAK/blk/I45941851_50/pmpxnSRJrSdvj4R5fnhv9ClRsDgZp6lQs6lzoQ5AomZIpn8_c3lvcjkUcjgVdjh9bPhgjCtokz5kbP8VcP4ScPkTc38LrCBxbOYWrSlI/EML_comm_afe/?hs=falsetok=0sb3_gwnrwNR01 View invitation from Kashif Shafeeq http://www.linkedin.com/e/-bfctb5-gwd3ob6a-5i/vyPV953ymgwhJZim_QSTkIEJ407GCYbmqcvZFAK/blk/I45941851_50/0MdlYNdjwNd3ARd4ALqnpPbOYWrSlI/svi/?hs=falsetok=1Z6idVgsnwNR01 -- Why might connecting with Kashif Shafeeq be a good idea? Kashif Shafeeq's connections could be useful to you: After accepting Kashif Shafeeq's invitation, check Kashif Shafeeq's connections to see who else you may know and who you might want an introduction to. Building these connections can create opportunities in the future. -- (c) 2011, LinkedIn Corporation ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/