Re: [c-nsp] "show ip cache flow" is slow
Hank, I think it is related to CSCtc38611 "need performance enhancements to 'show ip cache flow' on ASR1k" Symptom: "show ip cache flow" and "show ip cache flow | include WORD" may take a very long time to run Conditions: Several thousand flows being learned Workaround: Use "show ip cache x.x.x.x flow" to see specific flows Basically, ASR1000 is a distributed platform, and the cache info is stored on ESP (forwarding path). It means that every time you issue this command it would have to transfer the whole table to the RP... If you use the "| include" option, it still has to transfer the whole file, and then apply the regexp on the text... If you want to do multiple searches on a large table, the best solution would most likely be to copy the output to a file, and then use that file... If you want to monitor a specific flow, using the specific command above works faster, as it does not transfer the whole file... Arie -Original Message- From: cisco-nsp-boun...@puck.nether.net [mailto:cisco-nsp-boun...@puck.nether.net] On Behalf Of Hank Nussbacher Sent: Sunday, July 01, 2012 07:47 To: cisco-nsp@puck.nether.net Subject: [c-nsp] "show ip cache flow" is slow Ever since we switched to ASR1004 running XE15.1(2)S1, we have seen that the output of "show ip cache flow" stalls and is super slow to complete. We have a few interfaces with "ip flow ingress" defined. What can be causing this slowness? Any recommendations of commands to speed up the output? Thanks! -Hank ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/ ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] WLC Active users / SNMP
Try this: https://supportforums.cisco.com/thread/330308 Frank -Original Message- From: cisco-nsp-boun...@puck.nether.net [mailto:cisco-nsp-boun...@puck.nether.net] On Behalf Of Andrew Miehs Sent: Sunday, July 01, 2012 7:52 PM To: cisco-nsp@puck.nether.net Subject: [c-nsp] WLC Active users / SNMP Hi Guys, Anyone using SNMP with the Cisco Wireless Controllers? I would like to find out every five minutes how many users I have associated per access point, and was hoping to find this information on the WLCs... It seems as if the WLCs don't have everything exported via SNMP... Thoughts? Andrew ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/ ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] WLC Active users / SNMP
On Mon, Jul 2, 2012 at 11:53 AM, Frank Bulk wrote: > Try this: > https://supportforums.cisco.com/thread/330308 > > Frank > > Hi Frank, Thank you very much! exactly what I needed. Regards Andrew ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] WLC Active users / SNMP
Hi all, Just answered my own question s- man snmpwalk -Cc Do not check whether the returned OIDs are increasing. Just found out that my output didn't contain the entire tree. Adding -Cc fixed the problem. Regards Andrew On Mon, Jul 2, 2012 at 10:51 AM, Andrew Miehs wrote: > Hi Guys, > > Anyone using SNMP with the Cisco Wireless Controllers? > > I would like to find out every five minutes how many users I have > associated per access point, and was hoping to find this information on the > WLCs... It seems as if the WLCs don't have everything exported via SNMP... > > Thoughts? > > Andrew > ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
[c-nsp] WLC Active users / SNMP
Hi Guys, Anyone using SNMP with the Cisco Wireless Controllers? I would like to find out every five minutes how many users I have associated per access point, and was hoping to find this information on the WLCs... It seems as if the WLCs don't have everything exported via SNMP... Thoughts? Andrew ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] Rosen mVPN and NG-nVPN together?
On Tuesday, June 12, 2012 06:37:04 PM Peter Rathlev wrote: > Ah, actually I wasn't! That does make the scenario much > easier to handle. Thanks for pointing that out. > > A bit of googling points at most vendors supporting > Rosen/RFC6037 so I guess it's really a no brainer. One > day when maybe all of our routers support NG-mVPN we can > make the switch. Unfortunately, I can't get into the details as it's still in development, but one of the major vendors implementing NG- MVPN already have numerous options of inter-working NG-MVPN with Rosen MVPN's. They aren't necessarily pretty, but they'd get you limping until your network is fully migrated. Mark. signature.asc Description: This is a digitally signed message part. ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] m-vpn
On Monday, June 11, 2012 09:23:22 AM adam vitkovsky wrote: > I didn't came across any limitations/scalability issues > running PIM to distribute customer m-cast state did any > of you please? PIM in the global table may not be an issue, but mVPN-based PIM is a different story. > I'm a fan of the idea to let BGP carry > everything,... Well, I'm not (which is why I still prefer LDP-based EoMPLS over BGP-based EoMPLS), but it makes sense for Multicast. I always said, with the way the IETF are going, we shall soon see BGP carrying DNS. That's the point I'll hand in my RJ-45 jacks and crimping tool :-). > but I fail to see an added value here (maybe > PIC-Edge for m-cast?) And yet I'd still have to run PIM > at the edge You only need PIM at the edge where you're picking up the Source. Receiver PE routers only require IGMP (although in operation, most folk would enable PIM anyway, as it automatically turns on IGMP). BGP is needed because the core doesn't run PIM. Without PIM in the core, you need a method to distribute Multicast state from Source to Receiver. > Also all this requires the upgrade of all the Intra/Inter > AS RRs to support the new SAFI One of the reasons we maintained Juniper route reflectors even though the Cisco's made sense. With IOS XE planning to support NG-MVPN soon, expect the ASR1001 (a favorite for route reflection, in my books), support for the MCAST-NLRI SAFI won't be an issue. > As far as the core signaling protocol is concerned > MPLS-TE requires much more state in the core than MLDP > and I believe the trend now is to go the IP FRR/LFA way > instead of the complex MPLS-TE FRR leaving TE only for > exceptional cases where we really need to engineer > traffic paths and protect BW or temporary solutions > till core link upgrades Juniper already support mLDP for BGP-MVPN's, but like I said before, it's the same old VPLS BGP vs. LDP war. Eventually, Cisco will cave, especially since Juniper support both. Mark. signature.asc Description: This is a digitally signed message part. ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] m-vpn
On Friday, June 08, 2012 05:11:00 PM Christian wrote: > Juniper implements the most complicated way in my > opinion. NG means running BGP for auto-discovery, BGP > for c-state advertisements *and* pruning, and then > RSVP-TE for LSP setup. > > What to do now? Both RFCs are from Juniper and Cisco, but > both implement totally different concepts, one bloated, > the other a bit proprietary (or not?). > > Is it now Cisco's fault that we don't have > interoperability, because they didn't want to implement > the tainted BGP-way? There are so many options and > possibilities in the RFC to implement mVPN so that > interoperability is in either case very unlikely to > happen for the next years. > > How difficult can Multicast be? Should we wait another 10 > years for good solution? Cisco may huff and puff, but they will add support for BGP- MVPN's much like they did with BGP-based VPLS signaling on the ASR9000. Yes, adding PIM into BGP is awkward, but not having to run PIM in the core is a huge advantage (well, it was for us anyway - when the core was mostly old Juniper routers that needed Tunnel PIC's to run PIM, and even after the core was migrated to either Juniper MX or Cisco CRS routers, which don't need Tunnel PIC's to run PIM, it was still simpler not having to worry about PIM in the core). Mark. signature.asc Description: This is a digitally signed message part. ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] m-vpn
On Friday, June 08, 2012 07:42:55 PM Phil Bedard wrote: > Coming from a large provider with a BGP and LDP free > core, and utilizing TE, we much prefer the BGP signaled > method with P2MP RSVP-TE than native PIM or even using > MLDP. Providers have been asking Cisco for this stuff > for a long time now. IOS-XR has MVPN with static routed > P2MP RSVP-TE in 4.2.1, I doubt NG-MVPN is far behind > although they will be kicking and screaming the whole > way. Coming to IOS XR Q1'13, and on the roadmap for IOS XE. Cisco really have no choice here. We've dropped several ASR9000's from the proposal list simply because of lack of this, which is what happened when customers were looking for VPLS back then. > The Cisco methodology of using the mdt-safi is completely > outdated at this point and if you are already using BGP > to signal this why not use it to signal customer state > instead of having a secondary complicated method to do > so... Agree. Mark. signature.asc Description: This is a digitally signed message part. ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] 7600 w/ WS-SUP720-3B IOS 15.x
Just back catching up to this thread > Well, thanks for clarifying. The VSS720-10G-3C is not yet EOX (at least as far as I have noticed) so maybe there is still hope... We are in the same boat Gert. We recently purchased a few 3C SUP's as a hardware refresh and found out that 15.0SY will not be supported (at least at the moment, probably never based on what I've been told). I have some 2T's on order and will start testing as soon as they arrive, so at the moment, we've stopped ordering 3C's as part of the refresh. We currently have ~400 6500's that are all 3B's . so we're probably going to hold off on the refresh untill I can get further clarification from our SE about the matter. I think I have this slide from the ones I saved presented at Live this year that Lukasz is referring to, but I don't think I'm allowed to post them to a public list being that they are Cisco confidential and part of NDA if i'm not mistaken. If someone from Cisco wants to correct me on this, i'd be happy to post it for others to have if I can find it. Regards, Max ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] 7600 w/ WS-SUP720-3B IOS 15.x
On 1-7-2012 19:47, Gert Doering wrote: Hi, On Sun, Jul 01, 2012 at 06:42:07PM +0200, ?ukasz Bromirski wrote: Yep, Asbjorn has it right. 15.0SY is the current line, and 12.2SX is going out. The roadmap for 15.0SY, and where things converge is still lurking somewhere in the dark. The 6500 architecture session on the recent Cisco Live covered this in some detail. Thanks for the pointer. Reading up on recent innovations now... gert Anybody a link to this document ? Does any of you already heard about the successor of the RSP720 for the 7600 ? I heard some rumours that the SUP2T (named RSP-2T) will be released for the 7600 platform also. Rinse ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] 7600 w/ WS-SUP720-3B IOS 15.x
Hi, On Sun, Jul 01, 2012 at 06:42:07PM +0200, ?ukasz Bromirski wrote: > Yep, Asbjorn has it right. 15.0SY is the current line, and 12.2SX is > going out. The roadmap for 15.0SY, and where things converge is still > lurking somewhere in the dark. The 6500 architecture session on the > recent Cisco Live covered this in some detail. Thanks for the pointer. Reading up on recent innovations now... gert -- USENET is *not* the non-clickable part of WWW! //www.muc.de/~gert/ Gert Doering - Munich, Germany g...@greenie.muc.de fax: +49-89-35655025g...@net.informatik.tu-muenchen.de pgpecNNuHqZzV.pgp Description: PGP signature ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] 7600 w/ WS-SUP720-3B IOS 15.x
Hi, On Sun, Jul 01, 2012 at 03:25:20PM +0200, Asbjorn Hojmark - Lists wrote: > > Well, I was asking for SX-for-6500 (SXI, SXJ), not whatever else > > might be using an IOS called 12.2SX. > > 15.0 SY *is* for the 6500. Oh, Sup2T. The 3rd product line for 6500/7600 hardware, effectively, given its line card requirements... > Now, wether it'll also be there for the Sup32 or '720 (both of which > are End-of-X) is another story, and maybe the jury is still out on > that. But, again, 15.0 SY *is* the 15.0 train for the 6500 family. > > http://www.cisco.com/en/US/products/ps11845/ > http://www.cisco.com/en/US/docs/switches/lan/catalyst6500/ios/15.0SY/release_notes.html Well, thanks for clarifying. The VSS720-10G-3C is not yet EOX (at least as far as I have noticed) so maybe there is still hope... gert -- USENET is *not* the non-clickable part of WWW! //www.muc.de/~gert/ Gert Doering - Munich, Germany g...@greenie.muc.de fax: +49-89-35655025g...@net.informatik.tu-muenchen.de pgpljhHlGotcx.pgp Description: PGP signature ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] 7600 w/ WS-SUP720-3B IOS 15.x
On 7/1/12 3:25 PM, Asbjorn Hojmark - Lists wrote: On Sun, 1 Jul 2012 11:00:40 +0200, you wrote: Numer of trains is limited, development is more focused, and the code reuse is progressing. 12.2SX next, please :-) That's 15.0 SY Well, I was asking for SX-for-6500 (SXI, SXJ), not whatever else might be using an IOS called 12.2SX. 15.0 SY *is* for the 6500. Yep, Asbjorn has it right. 15.0SY is the current line, and 12.2SX is going out. The roadmap for 15.0SY, and where things converge is still lurking somewhere in the dark. The 6500 architecture session on the recent Cisco Live covered this in some detail. -- "There's no sense in being precise when | Łukasz Bromirski you don't know what you're talking | jid:lbromir...@jabber.org about." John von Neumann |http://lukasz.bromirski.net ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
[c-nsp] "show ip cache flow" is slow
Ever since we switched to ASR1004 running XE15.1(2)S1, we have seen that the output of "show ip cache flow" stalls and is super slow to complete. We have a few interfaces with "ip flow ingress" defined. What can be causing this slowness? Any recommendations of commands to speed up the output? Thanks! -Hank ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] 7600 w/ WS-SUP720-3B IOS 15.x
On Sun, 1 Jul 2012 11:00:40 +0200, you wrote: Numer of trains is limited, development is more focused, and the code reuse is progressing. >>> 12.2SX next, please :-) >> That's 15.0 SY > Well, I was asking for SX-for-6500 (SXI, SXJ), not whatever else > might be using an IOS called 12.2SX. 15.0 SY *is* for the 6500. Now, wether it'll also be there for the Sup32 or '720 (both of which are End-of-X) is another story, and maybe the jury is still out on that. But, again, 15.0 SY *is* the 15.0 train for the 6500 family. http://www.cisco.com/en/US/products/ps11845/ http://www.cisco.com/en/US/docs/switches/lan/catalyst6500/ios/15.0SY/release_notes.html -A ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] nexus 5010 error %STP-2-VLAN_PORT_LIMIT_EXCEEDED:
Hi Arne, The error message itself is pretty self-explanatory, you are having too many active STP instances (vlans) on ethernet interfaces. Try pruning the vlans by modifying the allowed vlan list on your trunk ports and remove unnecessary vlans. You can see the limitations for 4.1(3) release here: http://www.cisco.com/en/US/docs/switches/datacenter/nexus5000/sw/configuration_limits/limits_413/Cisco_Nexus_5000_Series_Configuration_Limits_for_Cisco_NX_OS_Release_413_chapter1.html Release 4.1(3) is pretty old and you can increase the scalability and configuration limits by upgrading to a newer release such as 5.0(3) or 5.1(3). I've included the configuration limits for these versions below: http://www.cisco.com/en/US/docs/switches/datacenter/nexus5000/sw/configuration_limits/limits_503/nexus_5000_config_limits_503_n2_1.html http://www.cisco.com/en/US/docs/switches/datacenter/nexus5000/sw/configuration_limits/limits_513/nexus_5000_config_limits_513.html Upgrading from 4.1(3) to 5.1(3) will be disruptive, unless you go through some interim versions. More information is in the Release Notes in the "Supported Upgrade and Downgrade Paths" section. Best regards, Andras On Sat, Jun 30, 2012 at 7:56 AM, Arne Larsen / Region Nordjylland wrote: > Hi all. > > Can someone give me a hint about what I might be looking for, or how can I > track this. > %STP-2-VLAN_PORT_LIMIT_EXCEEDED: The number of vlan-port instances (3300) > exceeded [MST mode] recommended limit of 3140. > We use nexus 5010 with vpc and the Nexus2K are dualhomed. The Nexus5010 are > connected to a vss6500 also with vpc. > > spanning-tree mst configuration > name xx-yy > instance 1 vlan 1-999 > instance 2 vlan 3000-3899 > > System version: 4.1(3)N2(1a) > > > /Arne > > ___ > cisco-nsp mailing list cisco-nsp@puck.nether.net > https://puck.nether.net/mailman/listinfo/cisco-nsp > archive at http://puck.nether.net/pipermail/cisco-nsp/ ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] 7600 w/ WS-SUP720-3B IOS 15.x
Hi, On Sat, Jun 30, 2012 at 11:40:58PM +0200, Asbjorn Hojmark - Lists wrote: > On Sat, Jun 30, 2012 at 11:10:26PM +0200, ?ukasz Bromirski wrote: > >> Numer of trains is limited, development is more focused, and the code > >> reuse is progressing. > > > 12.2SX next, please :-) > > That's 15.0 SY Well, I was asking for SX-for-6500 (SXI, SXJ), not whatever else might be using an IOS called 12.2SX. gert -- USENET is *not* the non-clickable part of WWW! //www.muc.de/~gert/ Gert Doering - Munich, Germany g...@greenie.muc.de fax: +49-89-35655025g...@net.informatik.tu-muenchen.de pgpr6AkHjzZPR.pgp Description: PGP signature ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/