date:20121107

Re: [c-nsp] 6506-E vs 7606-S

2012-11-07 Thread Tassos Chatzithomaoglou

I heard that coming too.
Cisco must be joking with these two platforms...
We are already looking at alternatives on the J side.

--
Tassos

Brian Turnbow wrote on 7/11/2012 23:51:
> Besides which way the slots go? :)
> Is the sup 2t officilly suported in the 7600 now?
> I know there have been rumors and promises, but has it been announced?
> I must have missd it
> Full circle from split to reconvergence, what a waste.
>
> Brian
>
> Inviato da iPad
>
> Il giorno 07/nov/2012, alle ore 22:12, "Peter Kranz"  
> ha scritto:
>
>> Other than the form factor difference between these two chassis, is there
>> any particular reason to select one over the other?
>>
>> Planning on running 2 VS-S2T-10G-XL sups, and 2 WS-6908-10G-2T 8 port 10G
>> cards.. Full BGP routes to two peers..
>>
>> Peter Kranz
>> Founder/CEO - Unwired Ltd
>> www.UnwiredLtd.com
>> Desk: 510-868-1614 x100
>> Mobile: 510-207-
>> pkr...@unwiredltd.com
>>
>>
>>
>> ___
>> cisco-nsp mailing list  cisco-nsp@puck.nether.net
>> https://puck.nether.net/mailman/listinfo/cisco-nsp
>> archive at http://puck.nether.net/pipermail/cisco-nsp/
>
> ---
> This e-mail is intended only for the addressee named above. 
> As this e-mail may contain confidential or privileged information, 
> if you are not the named addressee, you are not authorized to retain, read, 
> copy or disseminate this message or any part of it.   
>  
> Please consider your environmental responsibility before printing this e-mail.
>
>
> ___
> cisco-nsp mailing list  cisco-nsp@puck.nether.net
> https://puck.nether.net/mailman/listinfo/cisco-nsp
> archive at http://puck.nether.net/pipermail/cisco-nsp/
>

___
cisco-nsp mailing list  cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/

Re: [c-nsp] 7200VXR G2 performance

2012-11-07 Thread Ali Sumsam

Hi Andrew,
I think i have used the wrong term "power" over here.

 The whole idea is how to use the router's resources well. What can i do to
bring cpu and memory utilization of router down?


*Ali Sumsam CCIE*
*Network Engineer - Level 3*
eintellego Pty Ltd
a...@eintellego.net ; www.eintellego.net

Phone: 1300 753 383 ; Fax: (+612) 8572 9954

Cell +61 (0)410 603 531

facebook.com/eintellego
PO Box 7726, Baulkham Hills, NSW 1755 Australia

The Experts Who The Experts Call
Juniper - Cisco – Brocade - IBM



On Thu, Nov 8, 2012 at 5:27 PM, Andrew Miehs  wrote:

> You could plug it into 3 phase power - that may help.
>
> Alternatively try show process cpu.
> How much bandwidth is it pushing?
>
>
> Sent from a mobile device
>
> On 08/11/2012, at 17:13, Ali Sumsam  wrote:
>
> > Hi All,
> > One of our customer's border router which is G2 is having a lot of load
> on
> > it. We observe packet loss when throughput reaches to maximum.
> >
> > Any suggestion how can we lower the load or increase the power of the
> > router. We need a temporary solution for a couple of weeks.
> >
> > Besides, I think removing ACLs and limiting the traffic coming from
> > Aggregation(3560G) can help. Comments plz
> >
> >
> > Regards,
> >
> >
> >
> > *Ali Sumsam CCIE*
> > *Network Engineer - Level 3*
> > eintellego Pty Ltd
> > a...@eintellego.net ; www.eintellego.net
> >
> > Phone: 1300 753 383 ; Fax: (+612) 8572 9954
> >
> > Cell +61 (0)410 603 531
> >
> > facebook.com/eintellego
> > PO Box 7726, Baulkham Hills, NSW 1755 Australia
> >
> > The Experts Who The Experts Call
> > Juniper - Cisco – Brocade - IBM
> > ___
> > cisco-nsp mailing list  cisco-nsp@puck.nether.net
> > https://puck.nether.net/mailman/listinfo/cisco-nsp
> > archive at http://puck.nether.net/pipermail/cisco-nsp/
>
___
cisco-nsp mailing list  cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/

[c-nsp] 7200VXR G2 performance

2012-11-07 Thread Ali Sumsam

Hi All,
One of our customer's border router which is G2 is having a lot of load on
it. We observe packet loss when throughput reaches to maximum.

Any suggestion how can we lower the load or increase the power of the
router. We need a temporary solution for a couple of weeks.

Besides, I think removing ACLs and limiting the traffic coming from
Aggregation(3560G) can help. Comments plz


Regards,



*Ali Sumsam CCIE*
*Network Engineer - Level 3*
eintellego Pty Ltd
a...@eintellego.net ; www.eintellego.net

Phone: 1300 753 383 ; Fax: (+612) 8572 9954

Cell +61 (0)410 603 531

facebook.com/eintellego
PO Box 7726, Baulkham Hills, NSW 1755 Australia

The Experts Who The Experts Call
Juniper - Cisco – Brocade - IBM
___
cisco-nsp mailing list  cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/

Re: [c-nsp] Nexus 7K NX-OS Upgrade

2012-11-07 Thread Alexander Lim

Hi Charles,

I thought redundant sup is required for ISSU?

Regards,
Alexander Lim

On 8 Nov, 2012, at 8:50 AM, Charles Spurgeon  
wrote:

> While doing some more testing this aft I also removed the sup from
> slot 5 and did a "disruptive" single sup ISSU upgrade from 5.1(5) to
> 5.2(7) on the slot 6 sup without issues.
> 
> -Charles
> 
> On Tue, Nov 06, 2012 at 11:48:35PM +, Antonio Soares wrote:
>> Great, I must confess that I searched a lot and I didn't find this bug. So I
>> suppose the install all script will work well this time. I will come back to
>> the list next week with the good news. I hope :)
>> 
>> 
>> Thanks.
>> 
>> Regards,
>> 
>> Antonio Soares, CCIE #18473 (R&S/SP)
>> amsoa...@netcabo.pt
>> http://www.ccie18473.net
>> 
>> 
>> 
>> -Original Message-
>> From: Tóth András [mailto:diosbej...@gmail.com] 
>> Sent: terça-feira, 6 de Novembro de 2012 23:35
>> To: Antonio Soares
>> Cc: cisco-nsp
>> Subject: Re: [c-nsp] Nexus 7K NX-OS Upgrade
>> 
>> Hi Antonio,
>> 
>> In general, doing a traditional upgrade (changing boot variables) will not
>> update the BIOS for example, while an ISSU does and it's non-disruptive with
>> dual-supervisors.
>> 
>> There's a defect which caused the behavior you were seeing, CSCtn61286 which
>> affects 5.1(3). Since you were upgrading from that version, it was still
>> impacting the upgrade process. It has been fixed in 5.1(4) and 5.2(1)
>> already, so upgrading from 5.2(3a) to 5.2(7) will not have the same issue.
>> 
>> http://tools.cisco.com/Support/BugToolKit/search/getBugDetails.do?method=fet
>> chBugDetails&bugId=CSCtn61286
>> 
>> 
>> If the boot variables are incorrect, you can edit them as you'd do on an IOS
>> device, make sure you update the kickstart and system as well.
>> 
>> Upgrading from 5.2(3a) to 5.2(7) can be done using the install all
>> (ISSU) method.
>> 
>> Best regards
>> 
>> On Tue, Nov 6, 2012 at 11:38 AM, Antonio Soares  wrote:
>>> Hello group,
>>> 
>>> 
>>> 
>>> Anyone knows the difference between using the install all script or 
>>> just update the boot system flash command when upgrading NX-OS on a Nexus
>> 7K ?
>>> 
>>> 
>>> 
>>> The question applies to a single supervisor setup.
>>> 
>>> 
>>> 
>>> The official documentation mentions the two ways of doing it:
>>> 
>>> 
>>> 
>>> - using the install all script:
>>> 
>>> 
>>> 
>>> http://www.cisco.com/en/US/docs/switches/datacenter/sw/5_x/nx-os/upgra
>>> de/gui 
>>> de/b_Cisco_Nexus_7000_Series_NX-OS_Software_Upgrade_and_Downgrade_Guid
>>> e__Rel
>>> ease_5.x_chapter_00.html#con_314241
>>> 
>>> 
>>> 
>>> - using the traditional procedure:
>>> 
>>> 
>>> 
>>> http://www.cisco.com/en/US/docs/switches/datacenter/sw/5_x/nx-os/upgra
>>> de/gui 
>>> de/b_Cisco_Nexus_7000_Series_NX-OS_Software_Upgrade_and_Downgrade_Guid
>>> e__Rel
>>> ease_5.x_chapter_00.html#task_39E26688E1204F8CAAE876450A575E73
>>> 
>>> 
>>> 
>>> I had a bad experience in the past with the install all script. I was 
>>> doing an upgrade to a 7010 with only 1 supervisor that was installed in
>> slot 6.
>>> The install all script has a problem, may a bug, it only correctly 
>>> updates the boot variables for slot 5:
>>> 
>>> 
>>> 
>>> boot kickstart bootflash:/n7000-s1-kickstart.5.2.3a.bin sup-1
>>> 
>>> boot system bootflash:/n7000-s1-dk9.5.2.3a.bin sup-1
>>> 
>>> boot kickstart bootflash:/n7000-s1-kickstart.5.1.3.bin sup-2
>>> 
>>> 
>>> 
>>> The install all script assumes that if there is only one supervisor, 
>>> it should be on slot 5. Above we can see that the boot system is 
>>> missing for sup-2.
>>> 
>>> 
>>> 
>>> In summary, is there any problem if I simply update the boot variables 
>>> and reload ? May I end up with the supervisor running the new NX-OS 
>>> release and the modules the old NX-OS release ?
>>> 
>>> 
>>> 
>>> 
>>> 
>>> Regards,
>>> 
>>> 
>>> 
>>> Antonio Soares, CCIE #18473 (R&S/SP)
>>> amsoa...@netcabo.pt
>>> 
>>> http://www.ccie18473.net 
>>> 
>>> ___
>>> cisco-nsp mailing list  cisco-nsp@puck.nether.net 
>>> https://puck.nether.net/mailman/listinfo/cisco-nsp
>>> archive at http://puck.nether.net/pipermail/cisco-nsp/
>> 
>> 
>> ___
>> cisco-nsp mailing list  cisco-nsp@puck.nether.net
>> https://puck.nether.net/mailman/listinfo/cisco-nsp
>> archive at http://puck.nether.net/pipermail/cisco-nsp/
> ___
> cisco-nsp mailing list  cisco-nsp@puck.nether.net
> https://puck.nether.net/mailman/listinfo/cisco-nsp
> archive at http://puck.nether.net/pipermail/cisco-nsp/

___
cisco-nsp mailing list  cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/

Re: [c-nsp] Nexus 7K NX-OS Upgrade

2012-11-07 Thread Charles Spurgeon

While doing some more testing this aft I also removed the sup from
slot 5 and did a "disruptive" single sup ISSU upgrade from 5.1(5) to
5.2(7) on the slot 6 sup without issues.

-Charles

On Tue, Nov 06, 2012 at 11:48:35PM +, Antonio Soares wrote:
> Great, I must confess that I searched a lot and I didn't find this bug. So I
> suppose the install all script will work well this time. I will come back to
> the list next week with the good news. I hope :)
> 
> 
> Thanks.
> 
> Regards,
> 
> Antonio Soares, CCIE #18473 (R&S/SP)
> amsoa...@netcabo.pt
> http://www.ccie18473.net
> 
> 
> 
> -Original Message-
> From: Tóth András [mailto:diosbej...@gmail.com] 
> Sent: terça-feira, 6 de Novembro de 2012 23:35
> To: Antonio Soares
> Cc: cisco-nsp
> Subject: Re: [c-nsp] Nexus 7K NX-OS Upgrade
> 
> Hi Antonio,
> 
> In general, doing a traditional upgrade (changing boot variables) will not
> update the BIOS for example, while an ISSU does and it's non-disruptive with
> dual-supervisors.
> 
> There's a defect which caused the behavior you were seeing, CSCtn61286 which
> affects 5.1(3). Since you were upgrading from that version, it was still
> impacting the upgrade process. It has been fixed in 5.1(4) and 5.2(1)
> already, so upgrading from 5.2(3a) to 5.2(7) will not have the same issue.
> 
> http://tools.cisco.com/Support/BugToolKit/search/getBugDetails.do?method=fet
> chBugDetails&bugId=CSCtn61286
> 
> 
> If the boot variables are incorrect, you can edit them as you'd do on an IOS
> device, make sure you update the kickstart and system as well.
> 
> Upgrading from 5.2(3a) to 5.2(7) can be done using the install all
> (ISSU) method.
> 
> Best regards
> 
> On Tue, Nov 6, 2012 at 11:38 AM, Antonio Soares  wrote:
> > Hello group,
> >
> >
> >
> > Anyone knows the difference between using the install all script or 
> > just update the boot system flash command when upgrading NX-OS on a Nexus
> 7K ?
> >
> >
> >
> > The question applies to a single supervisor setup.
> >
> >
> >
> > The official documentation mentions the two ways of doing it:
> >
> >
> >
> > - using the install all script:
> >
> >
> >
> > http://www.cisco.com/en/US/docs/switches/datacenter/sw/5_x/nx-os/upgra
> > de/gui 
> > de/b_Cisco_Nexus_7000_Series_NX-OS_Software_Upgrade_and_Downgrade_Guid
> > e__Rel
> > ease_5.x_chapter_00.html#con_314241
> >
> >
> >
> > - using the traditional procedure:
> >
> >
> >
> > http://www.cisco.com/en/US/docs/switches/datacenter/sw/5_x/nx-os/upgra
> > de/gui 
> > de/b_Cisco_Nexus_7000_Series_NX-OS_Software_Upgrade_and_Downgrade_Guid
> > e__Rel
> > ease_5.x_chapter_00.html#task_39E26688E1204F8CAAE876450A575E73
> >
> >
> >
> > I had a bad experience in the past with the install all script. I was 
> > doing an upgrade to a 7010 with only 1 supervisor that was installed in
> slot 6.
> > The install all script has a problem, may a bug, it only correctly 
> > updates the boot variables for slot 5:
> >
> >
> >
> > boot kickstart bootflash:/n7000-s1-kickstart.5.2.3a.bin sup-1
> >
> > boot system bootflash:/n7000-s1-dk9.5.2.3a.bin sup-1
> >
> > boot kickstart bootflash:/n7000-s1-kickstart.5.1.3.bin sup-2
> >
> >
> >
> > The install all script assumes that if there is only one supervisor, 
> > it should be on slot 5. Above we can see that the boot system is 
> > missing for sup-2.
> >
> >
> >
> > In summary, is there any problem if I simply update the boot variables 
> > and reload ? May I end up with the supervisor running the new NX-OS 
> > release and the modules the old NX-OS release ?
> >
> >
> >
> >
> >
> > Regards,
> >
> >
> >
> > Antonio Soares, CCIE #18473 (R&S/SP)
> > amsoa...@netcabo.pt
> >
> > http://www.ccie18473.net 
> >
> > ___
> > cisco-nsp mailing list  cisco-nsp@puck.nether.net 
> > https://puck.nether.net/mailman/listinfo/cisco-nsp
> > archive at http://puck.nether.net/pipermail/cisco-nsp/
> 
> 
> ___
> cisco-nsp mailing list  cisco-nsp@puck.nether.net
> https://puck.nether.net/mailman/listinfo/cisco-nsp
> archive at http://puck.nether.net/pipermail/cisco-nsp/
___
cisco-nsp mailing list  cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/

Re: [c-nsp] 6506-E vs 7606-S

2012-11-07 Thread Brian Turnbow

Besides which way the slots go? :)
Is the sup 2t officilly suported in the 7600 now?
I know there have been rumors and promises, but has it been announced?
I must have missd it
Full circle from split to reconvergence, what a waste.

Brian

Inviato da iPad

Il giorno 07/nov/2012, alle ore 22:12, "Peter Kranz"  ha 
scritto:

> Other than the form factor difference between these two chassis, is there
> any particular reason to select one over the other?
> 
> Planning on running 2 VS-S2T-10G-XL sups, and 2 WS-6908-10G-2T 8 port 10G
> cards.. Full BGP routes to two peers..
> 
> Peter Kranz
> Founder/CEO - Unwired Ltd
> www.UnwiredLtd.com
> Desk: 510-868-1614 x100
> Mobile: 510-207-
> pkr...@unwiredltd.com
> 
> 
> 
> ___
> cisco-nsp mailing list  cisco-nsp@puck.nether.net
> https://puck.nether.net/mailman/listinfo/cisco-nsp
> archive at http://puck.nether.net/pipermail/cisco-nsp/


---
This e-mail is intended only for the addressee named above. 
As this e-mail may contain confidential or privileged information, 
if you are not the named addressee, you are not authorized to retain, read, 
copy or disseminate this message or any part of it.   
 
Please consider your environmental responsibility before printing this e-mail.


___
cisco-nsp mailing list  cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/

[c-nsp] 4500 Sup 6/6e/7/7e

2012-11-07 Thread Adam Zinser

Anyone have experience with this model in a voice (non-cisco) deployment?
With the IOS MQC style QoS config, I'm expecting I'll have to define an LLQ
egress on every uplink and shared data/voice port where I might have
otherwise configured "priority queue out" and put my voice traffic into the
priority queue.  Is there any configuration set or default behaviours I'm
overlooking?

-- 

Thank you,

Adam J. Zinser, CCIE #36304 (R&S)
___
cisco-nsp mailing list  cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/

Re: [c-nsp] Nexus 7K NX-OS Upgrade

2012-11-07 Thread Dirk Woellhaf

Hi,

I've seen ISSU disrupting data-forwarding during a CPoC in 2011 but
this was all related to a bug. I have recently updated 4 N7k's from
5.2(3) to 5.2(5) without any problem!

Regards dirk

On Wed, Nov 7, 2012 at 4:20 PM, Tim Stevenson  wrote:

> At 06:05 AM 11/7/2012, Pete Templin mused:
>
>  On 11/7/12 6:02 AM, Alexander Lim wrote:
>>
>>  Do you know what caused the 3 secs blip? How can Cisco claims that it is
>>> non-disruptive then?
>>> Thanks for sharing.
>>>
>>
>> From what I've learned from others, the 'install all' unpacks the new
>> files which run the processes, and then the processes are stopped/started.
>>  The blip aligns with the card that's actively being upgraded, as shown by
>> the 'install all' or 'show install all status' if run on another login
>> session/console.
>>
>
>
> There are no software processes that affect hardware/data plane
> forwarding, any process can be statefully restarted without impacting data
> flow (in theory, ignoring bugs). We do claim it is non-disruptive and we
> can easily demonstrate that and have many times.
>
> It is unexpected and not per design to lose data traffic during an ISSU,
> provided you are ISSU'ing to/from supported releases (as per the ISSU
> matrix in the user documentation), all your data traffic is being hardware
> switched, and assuming no software defects (such as the specific one cited
> earlier in the thread).
>
> 2 cents,
> Tim
>
>
>
>
>
>  pt
>>
>>
>> __**_
>> cisco-nsp mailing list  cisco-nsp@puck.nether.net
>> https://puck.nether.net/**mailman/listinfo/cisco-nsp
>> archive at 
>> http://puck.nether.net/**pipermail/cisco-nsp/
>>
>
>
>
>
> Tim Stevenson, tstev...@cisco.com
> Routing & Switching CCIE #5561
> Distinguished Technical Marketing Engineer, Cisco Nexus 7000
> Cisco - http://www.cisco.com
> IP Phone: 408-526-6759
> **
> The contents of this message may be *Cisco Confidential*
> and are intended for the specified recipients only.
>
> __**_
> cisco-nsp mailing list  cisco-nsp@puck.nether.net
> https://puck.nether.net/**mailman/listinfo/cisco-nsp
> archive at 
> http://puck.nether.net/**pipermail/cisco-nsp/
>
___
cisco-nsp mailing list  cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/

Re: [c-nsp] 6506-E vs 7606-S

2012-11-07 Thread Nick Hilliard

On 07/11/2012 20:09, Peter Kranz wrote:
> Other than the form factor difference between these two chassis, is there
> any particular reason to select one over the other?
> 
> Planning on running 2 VS-S2T-10G-XL sups, and 2 WS-6908-10G-2T 8 port 10G
> cards.. Full BGP routes to two peers..

if this is a new purchase, and depending on your needs, you may want to
consider an ASR9k instead.  Also, you will gain much more redundancy and
reliability by running a single SUP in two chassis rather than dual SUP in
a single chassis..

Otherwise, the 7600 chassis will take SR code, which is aimed at
smart/expensive routing, while the 6500 chassis will take SX code, which is
aimed at less smart/ less expensive routing+switching.  I'm not really
convinced that the SUP2t is the best choice for a plain old transit router
these days.  ASR9k looks like a much better bet, and if you don't need that
many ports, the ASR9001 is very favourably priced when compared to the
6500/7600.

Nick

___
cisco-nsp mailing list  cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/

Re: [c-nsp] Could you remove me from the mailing list?

2012-11-07 Thread Chad Giulini

On Wed, Nov 7, 2012 at 4:28 PM, Chris Wiggins
 wrote:
>
> Sorry, having a hard time finding the link to remove. Messages are too
> frequent.
>

Many list servers will include instructions to unsubscribe in the
email headers.  Example for this list:

List-Unsubscribe: ,

Hope this is helpful.
___
cisco-nsp mailing list  cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/

Re: [c-nsp] Could you remove me from the mailing list?

2012-11-07 Thread Mike Hale

It's at the bottom of every email sent from this list...

https://puck.nether.net/mailman/listinfo/cisco-nsp

On Wed, Nov 7, 2012 at 1:28 PM, Chris Wiggins
 wrote:
> Sorry, having a hard time finding the link to remove. Messages are too
> frequent.
>
> --
> *Chris Wiggins
>
> *
> ___
> cisco-nsp mailing list  cisco-nsp@puck.nether.net
> https://puck.nether.net/mailman/listinfo/cisco-nsp
> archive at http://puck.nether.net/pipermail/cisco-nsp/



-- 
09 F9 11 02 9D 74 E3 5B D8 41 56 C5 63 56 88 C0
___
cisco-nsp mailing list  cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/

[c-nsp] Could you remove me from the mailing list?

2012-11-07 Thread Chris Wiggins

Sorry, having a hard time finding the link to remove. Messages are too
frequent.

-- 
*Chris Wiggins

*
___
cisco-nsp mailing list  cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/

[c-nsp] 6506-E vs 7606-S

2012-11-07 Thread Peter Kranz

Other than the form factor difference between these two chassis, is there
any particular reason to select one over the other?

Planning on running 2 VS-S2T-10G-XL sups, and 2 WS-6908-10G-2T 8 port 10G
cards.. Full BGP routes to two peers..

Peter Kranz
Founder/CEO - Unwired Ltd
www.UnwiredLtd.com
Desk: 510-868-1614 x100
Mobile: 510-207-
pkr...@unwiredltd.com



___
cisco-nsp mailing list  cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/

Re: [c-nsp] IPv6 SLAAC on P2P or QinQ subints

2012-11-07 Thread Brian Turnbow


> -Original Message-
> From: cisco-nsp-boun...@puck.nether.net [mailto:cisco-nsp-
> boun...@puck.nether.net] On Behalf Of Tim Densmore
> Sent: mercoledì 7 novembre 2012 17:12
> To: Cisco NSP
> Subject: Re: [c-nsp] IPv6 SLAAC on P2P or QinQ subints
> 
> On 11/7/2012 12:51 AM, Mikael Abrahamsson wrote:
> > I think you need to elaborate what "this" is.
> 
> Sorry.  Considering the number of "use /126 or /127 on P2P links"
> responses I got, I obviously didn't explain myself very well.
> 
> My aim here is to allow CPE, or CPE-connected devices to "pull" IPs via
> SLAAC, with DHCP-PD being a possible end-goal, but one that will require
> forklifting thousands of DSL modems and/or NAT routers.
> 
> Currently for most v4 DSL subscribers, we use "ip unnumbered" pointing
> towards a loopback that functions as the gateway and use DHCP or host
> routes or radius to assign IPs.  This config appears impossible using v6,
> since loopbacks don't send RAs, and DAD wouldn't work with multiple
> isolated P2P links all IPd from the same /64 in any case.  Basically, I'm
> looking for a way to send non-link-local RAs down ATM P2P subints, and
> dot1q qinq subints.

We assign from Radius using
framed-ipv6-prefix
framed-interface-id

prefix assigns the /64 for the link, and id tells the CPE what address to use 
from the prefix. 
So you know easily the address which makes it easier on the techs when 
troubleshooting.

Brian

> 
> What's BCP for this scenario?
> 
> Thanks!
> 
> TD
> ___
> cisco-nsp mailing list  cisco-nsp@puck.nether.net
> https://puck.nether.net/mailman/listinfo/cisco-nsp
> archive at http://puck.nether.net/pipermail/cisco-nsp/


---
This e-mail is intended only for the addressee named above. 
As this e-mail may contain confidential or privileged information, 
if you are not the named addressee, you are not authorized to retain, read, 
copy or disseminate this message or any part of it.   
 
Please consider your environmental responsibility before printing this e-mail.


___
cisco-nsp mailing list  cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/

Re: [c-nsp] Preserving CoS with xconnect on ME3600X

2012-11-07 Thread Lobo

Thanks everyone for the suggestions. I've gone ahead and created some 
policy-maps on the 3600X that will set the correct qos-group and 
imposition exp values so that I'm able to preserve the original CoS 
markings in both directions.


Jose

On 11/6/2012 4:39 PM, Pshem Kowalczyk wrote:

Hi,

On 7 November 2012 09:47, Lobo > wrote:


I was under the impression that the "rewrite ingress tag pop 1
symmetric" was required in order for the xconnect to work?
 Removing it seems to break the xconnect as traffic no longer goes
across it.


It's required if the other end doesn't use service-instance-like setup 
(with flexible matching of tags).  65xx automatically strips the VLAN 
tag when it sees encapsulation command, 3600x does not.


So is MQC with qos-groups is the only way to preserve the markings
with this platform?

That's my understanding. On the upside - the same setup should work on 
65xx as well.


kind regards
Pshem


___
cisco-nsp mailing list  cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/

Re: [c-nsp] IPv6 SLAAC on P2P or QinQ subints

2012-11-07 Thread Tim Densmore


On 11/7/2012 10:49 AM, Mikael Abrahamsson wrote:

Is this point to point ATM, or is it ethernet over ATM? I'd say if it's
EoATM and you're doing bridging in the CPE, your only choice is to put a
/64 on the interface (one per customer), and try to limit the number of
nd entries you allow per customer. Customer devices will use RA to get
addresses, and use DHCPv6-stateless to hand out DNS resolvers etc.
Optional DHCPv6-PD support in case the customer has a CPE to put behind
the modem.


Yes, this is P2P ATM and per-customer-vlan "P2P" metro-e QinQ links. 
The number of bridged CPE is probably minimal, and this is really just 
sort of a test to see how many devices would "do v6" on or current 
network, natively.  I guess I could tell that with LL addys, though, by 
slapping "ipv6 enable" on interfaces and seeing how many neighbors I end 
up with.


What I think I'm discovering is that v6 in the core is easy, and static 
assignments and/or tunneling is easy, but delivering v6 automatically to 
customers is probably going to be expensive or difficult or both.  I 
knew that from the start, at least intellectually, but I keep 
discovering new scenarios I hadn't considered.




The better and future proof way is to run LL only on the p-t-p ATM link
(regardless if it's EoATM or just routed IP over ATM), and do DHCPv6-PD
with a /56 to the CPE which then handles all scaling aspects.


Yeah, maybe LL is the way to go.  I have to admit that I'm still sort of 
fuzzy on where LL-only makes sense and where it will cause issues, so I 
tend to use GUAs in all scenarios.


Deterministic DHCP-PD is where I'd like to end up, though how that's 
eventually done both provisioning-wise and equipment-wise is TBD.  I'd 
like to have *some* control over provisioning, but I'm not crazy about 
having to maintain a database of client ID's, either.  Obviously still 
lots of work to do on that front.


Thanks for the very useful input!

TD



___
cisco-nsp mailing list  cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/

Re: [c-nsp] IPv6 SLAAC on P2P or QinQ subints

2012-11-07 Thread Gert Doering

Hi,

On Wed, Nov 07, 2012 at 09:11:46AM -0700, Tim Densmore wrote:
> Currently for most v4 DSL subscribers, we use "ip unnumbered" pointing 
> towards a loopback that functions as the gateway and use DHCP or host 
> routes or radius to assign IPs.  This config appears impossible using 
> v6, since loopbacks don't send RAs, and DAD wouldn't work with multiple 
> isolated P2P links all IPd from the same /64 in any case.  Basically, 
> I'm looking for a way to send non-link-local RAs down ATM P2P subints, 
> and dot1q qinq subints.
> 
> What's BCP for this scenario?

As far as I know, if it's static interfaces (as in "not dynamically
created virtual-access stuff that can be filled from Radius") all you
can do on IOS is 

  interface 
ipv6 address 2001:db8:this:customer::1/64

but since you mention "radius to assign IPs" - in that case it might
be possible just have radius send IPv6 prefix config as well
(cisco-avpair = "ipv6:prefix#1=2001:db8:this:customer::/64", plus
"ipv6 unnumbered lo0" on the actual interface)

gert
-- 
USENET is *not* the non-clickable part of WWW!
   //www.muc.de/~gert/
Gert Doering - Munich, Germany g...@greenie.muc.de
fax: +49-89-35655025g...@net.informatik.tu-muenchen.de


pgpeKTJNRsD6Z.pgp
Description: PGP signature
___
cisco-nsp mailing list  cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/

Re: [c-nsp] IPv6 SLAAC on P2P or QinQ subints

2012-11-07 Thread Mikael Abrahamsson


On Wed, 7 Nov 2012, Tim Densmore wrote:

My aim here is to allow CPE, or CPE-connected devices to "pull" IPs via 
SLAAC, with DHCP-PD being a possible end-goal, but one that will require 
forklifting thousands of DSL modems and/or NAT routers.


Check.

Currently for most v4 DSL subscribers, we use "ip unnumbered" pointing 
towards a loopback that functions as the gateway and use DHCP or host routes 
or radius to assign IPs.  This config appears impossible using v6, since 
loopbacks don't send RAs, and DAD wouldn't work with multiple isolated P2P 
links all IPd from the same /64 in any case.  Basically, I'm looking for a 
way to send non-link-local RAs down ATM P2P subints, and dot1q qinq subints.


Is this point to point ATM, or is it ethernet over ATM? I'd say if it's 
EoATM and you're doing bridging in the CPE, your only choice is to put a 
/64 on the interface (one per customer), and try to limit the number of nd 
entries you allow per customer. Customer devices will use RA to get 
addresses, and use DHCPv6-stateless to hand out DNS resolvers etc. 
Optional DHCPv6-PD support in case the customer has a CPE to put behind 
the modem.


The better and future proof way is to run LL only on the p-t-p ATM link 
(regardless if it's EoATM or just routed IP over ATM), and do DHCPv6-PD 
with a /56 to the CPE which then handles all scaling aspects.


For the ETTH scenario, use a /64 per customer, do L2 isolation, do 
antispoofing, and support DHCPv6-PD in case the customer has a capable 
CPE. This means the customer can hook up a PC or a CPE, and both will 
work.


I prefer to do this all statically so the customer has the same prefix 
(both /64 and what he gets via PD) all the time, but that's a marketing 
decision more than a technical one.


--
Mikael Abrahamssonemail: swm...@swm.pp.se
___
cisco-nsp mailing list  cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/

Re: [c-nsp] Cisco Security Advisory: Cisco Nexus 1000V Series Switch Software Release 4.2(1)SV1(5.2) Virtual Security Gateway Bypass Issue

2012-11-07 Thread Nick Hilliard

On 07/11/2012 16:11, Cisco Systems Product Security Incident Response Team
> After the software upgrade, a bug in Software Release 4.2(1)SV1(5.2)
> could cause all the virtual Ethernet ports on the Virtual Ethernet
> Modules (VEM) of the Cisco Nexus 1000V Series Switch to stay in
> No-Policy pass-through mode because a valid VSG license is not
> actively installed. As a result, the VEMs no longer use a configured
> Cisco VSG; therefore, the virtual machines (VM) are not firewalled and
> traffic is not inspected by the VSG.

And once again, licensing mechanisms demonstrate catastrophic failure modes
due to ill-thought-out license expiry mechanisms.

Nick,
not a fan of licenses with built-in expiry dates

___
cisco-nsp mailing list  cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/

[c-nsp] Cisco Security Advisory: Cisco Secure Access Control System TACACS+ Authentication Bypass Vulnerability

2012-11-07 Thread Cisco Systems Product Security Incident Response Team

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256

Cisco Secure Access Control System TACACS+ Authentication Bypass
Vulnerability

Advisory ID: cisco-sa-20121107-acs

Revision 1.0

For Public Release 2012 November 7 16:00  UTC (GMT)
- --

Summary
===

Cisco Secure Access Control System (ACS) contains a vulnerability that
could allow an unauthenticated, remote attacker to bypass TACACS+
based authentication service offered by the affected product. The
vulnerability is due to improper validation of the user-supplied
password when TACACS+ is the authentication protocol and Cisco Secure
ACS is configured with a Lightweight Directory Access Protocol (LDAP)
external identity store.

An attacker may exploit this vulnerability by sending a special
sequence of characters when prompted for the user password. The
attacker would need to know a valid username stored in the LDAP
external identity store to exploit this vulnerability, and the
exploitation is limited to impersonate only that user. An exploit
could allow the attacker to successfully authenticate to any system
using TACACS+ in combination with an affected Cisco Secure ACS.

Cisco has released free software updates that address this
vulnerability. 

There are no workarounds for this vulnerability. 

This advisory is available at the following link:
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20121107-acs

-BEGIN PGP SIGNATURE-
Version: GnuPG/MacGPG2 v2.0.18 (Darwin)
Comment: GPGTools - http://gpgtools.org

iF4EAREIAAYFAlCahBgACgkQUddfH3/BbTry0gD+ODX/mW0lFysJb+ga9d8hSJib
y3Nt7PWArjcjgBBfV6cA/3xq5kIJ57XxuNw63zIaTpay5N+sUNLDJ37bdjxu+hTf
=GL1C
-END PGP SIGNATURE-
___
cisco-nsp mailing list  cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/

[c-nsp] Cisco Security Advisory: Cisco Nexus 1000V Series Switch Software Release 4.2(1)SV1(5.2) Virtual Security Gateway Bypass Issue

2012-11-07 Thread Cisco Systems Product Security Incident Response Team

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256

Cisco Nexus 1000V Series Switch Software Release 4.2(1)SV1(5.2)
Virtual Security Gateway Bypass Issue

Document ID: cisco-sr-20121107-n1k

Revision 1.0

For Public Release 2012 November 7 16:00  UTC (GMT)
- --

Cisco Response
==

The Cisco Product Security Incident Response Team (PSIRT) would like
to notify customers of an issue that may impact their network security
posture when upgrading the Cisco Nexus 1000V Series Switches to
Software Release 4.2(1)SV1(5.2) with deployments that have Cisco
Virtual Security Gateway (VSG) integration. This issue will manifest
itself when administrators perform an in-service software upgrade to
Software Release 4.2(1)SV1(5.2) from Software Release 4.2(1)SV1(5.1a)
or earlier.

After the software upgrade, a bug in Software Release 4.2(1)SV1(5.2)
could cause all the virtual Ethernet ports on the Virtual Ethernet
Modules (VEM) of the Cisco Nexus 1000V Series Switch to stay in
No-Policy pass-through mode because a valid VSG license is not
actively installed. As a result, the VEMs no longer use a configured
Cisco VSG; therefore, the virtual machines (VM) are not firewalled and
traffic is not inspected by the VSG.

This software bug is documented in Cisco Bug ID CSCud01427 and a
software bulletin for Software Release 4.2(1)SV1(5.2) is in the
process of being published. Additional Information

This response is available at the following link:
http://tools.cisco.com/security/center/content/CiscoSecurityResponse/cisco-sr-20121107-n1k
-BEGIN PGP SIGNATURE-
Version: GnuPG/MacGPG2 v2.0.18 (Darwin)
Comment: GPGTools - http://gpgtools.org

iF4EAREIAAYFAlCahB0ACgkQUddfH3/BbTocEgD/ZAzdVLQZCcaLo41tATesEH9J
0O/Ijdnc8Fw7B3pBgrgBAI/6M8mWC/CJWGF6b6OkDhxu8aiNUUmZX645hWms9h8c
=MMfv
-END PGP SIGNATURE-
___
cisco-nsp mailing list  cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/

Re: [c-nsp] IPv6 SLAAC on P2P or QinQ subints

2012-11-07 Thread Tim Densmore


On 11/7/2012 12:51 AM, Mikael Abrahamsson wrote:

I think you need to elaborate what "this" is.


Sorry.  Considering the number of "use /126 or /127 on P2P links" 
responses I got, I obviously didn't explain myself very well.


My aim here is to allow CPE, or CPE-connected devices to "pull" IPs via 
SLAAC, with DHCP-PD being a possible end-goal, but one that will require 
forklifting thousands of DSL modems and/or NAT routers.


Currently for most v4 DSL subscribers, we use "ip unnumbered" pointing 
towards a loopback that functions as the gateway and use DHCP or host 
routes or radius to assign IPs.  This config appears impossible using 
v6, since loopbacks don't send RAs, and DAD wouldn't work with multiple 
isolated P2P links all IPd from the same /64 in any case.  Basically, 
I'm looking for a way to send non-link-local RAs down ATM P2P subints, 
and dot1q qinq subints.


What's BCP for this scenario?

Thanks!

TD
___
cisco-nsp mailing list  cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/

Re: [c-nsp] BGP NSR without SSO

2012-11-07 Thread Adam Vitkovsky

Hi Zaid,

> decrease the packet loss when link flapped without BGP sessions reset
You can use BFD with eBGP peers

Than you can use 

either:
address-family ipv4 vrf 1
  maximum-paths eibgp 8
  bgp advertise-best-external

or:
address-family ipv4 vrf 1
  bgp advertise-best-external
  bgp additional-paths install
  maximum-paths 8
  maximum-paths ibgp 8


adam
-Original Message-
From: cisco-nsp-boun...@puck.nether.net
[mailto:cisco-nsp-boun...@puck.nether.net] On Behalf Of zaid
Sent: Wednesday, November 07, 2012 1:22 PM
To: cisco-nsp@puck.nether.net
Subject: [c-nsp] BGP NSR without SSO

Hi all 

How can deploy BGP NSR without SSO on 12000 XR or such mechanism to decrease
the packet loss when link flapped without BGP sessions reset ( ex: XR Router
multi homed with different ISP )

the packet loss happens on the other during the recalculation of the best
path.



thanks 

ZH
___
cisco-nsp mailing list  cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/

___
cisco-nsp mailing list  cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/

Re: [c-nsp] Nexus 7K NX-OS Upgrade

2012-11-07 Thread Tim Stevenson


At 06:05 AM 11/7/2012, Pete Templin mused:

On 11/7/12 6:02 AM, Alexander Lim wrote:

Do you know what caused the 3 secs blip? How can Cisco claims that 
it is non-disruptive then?

Thanks for sharing.


From what I've learned from others, the 'install all' unpacks the 
new files which run the processes, and then the processes are 
stopped/started.  The blip aligns with the card that's actively 
being upgraded, as shown by the 'install all' or 'show install all 
status' if run on another login session/console.



There are no software processes that affect hardware/data plane 
forwarding, any process can be statefully restarted without impacting 
data flow (in theory, ignoring bugs). We do claim it is 
non-disruptive and we can easily demonstrate that and have many times.


It is unexpected and not per design to lose data traffic during an 
ISSU, provided you are ISSU'ing to/from supported releases (as per 
the ISSU matrix in the user documentation), all your data traffic is 
being hardware switched, and assuming no software defects (such as 
the specific one cited earlier in the thread).


2 cents,
Tim





pt


___
cisco-nsp mailing list  cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/





Tim Stevenson, tstev...@cisco.com
Routing & Switching CCIE #5561
Distinguished Technical Marketing Engineer, Cisco Nexus 7000
Cisco - http://www.cisco.com
IP Phone: 408-526-6759

The contents of this message may be *Cisco Confidential*
and are intended for the specified recipients only.

___
cisco-nsp mailing list  cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/

Re: [c-nsp] PPPOE GIG SUB-INTEREFACE - 15.2S 7606-S

2012-11-07 Thread Christophe Lucas

Le 06/11/2012 10:22, Jake Jake a écrit :
> We have an environment where we terminate our DSL customers over PPPoE on a
> 7606-S MPLS PE router with RSP720. The PPPoE sessions are terminated on a
> GIG V2 interface of a SIP-400. Currently the IOS running on the device is
> c7600rsp72043_rp-ADVIPSERVICESK9-M, Version 12.2(33)SRD. The following is
> the current configuration used.
> 
> bba-group pppoe 7
> virtual-template 7
> 
> interface GigabitEthernet2/1/3.142647 access
> encapsulation dot1Q 14 second-dot1q 2647
> pppoe enable group 7
> 
> interface Virtual-Template7
> ip vrf forwarding TEST
> ip address 10.10.10.1 255.255.255.252
> 
> In the  above scenario everything works well.
> 
> However we had to upgrade the router IOS to15.2(4)S Advance
> IPServicesk9 to support 4-byte ASN. After the upgrading we observed certain
> commands used to terminate PPPoE on the sub-interfaces not available on
> 15.2(4)S , although  PPPoE on Gig and Ethernet with QinQ support is listed
> under 15.2S feature set.
> 
> Command not available on 15.2S   pppoe enable group 7
> 
> Any suggestion on how to get this working on 15.2S IOS?

Hello,

Perhaps it is a mistake : which feature set ? universal ? Feature
navigator seems to say it is supported on 15.2(4)S.

Best regards,
-- 
Christophe Lucas
http://www.clucas.fr/blog/
___
cisco-nsp mailing list  cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/

Re: [c-nsp] FWSM INT 0 configure

2012-11-07 Thread Peter Rathlev

On Tue, 2012-11-06 at 10:49 +0800, zhangyongshun wrote:
> but is found out that always a private ip address in "show xlate state
> identity 's output".
> like this:
...
> *Global 10.11.1.21 Local 10.11.1.21*
...
> 10.11.1.21 this user isn't able to access outside through NAT.
> Have anybody know such problem or any suggestion.

Take a look at "show xlate local 10.11.1.21 debug". You might see an
identity NAT hairpin on the outside, something not totally unlike this:

  NAT from inside:10.11.1.21 to outside:10.11.1.21 flags Ii idle 1:40:54 
timeout 2:04:00 connections 0

This can result from the FWSM and whatever router is on the outside not
agreeing on what to route where. If the FWSM sends it toward outside but
the router sends it back to the FWSM it might create a new (wrong)
xlate. We've seen this a few times with inconsistent routing.

Otherwise take a good look at the logfiles at "informational" (or above)
level, especially the FWSM-6-305009 and possibly FWSM-3-305006 messages.
It might hint at what happens.

-- 
Peter

___
cisco-nsp mailing list  cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/

Re: [c-nsp] Nexus 7K NX-OS Upgrade

2012-11-07 Thread Pete Templin


On 11/7/12 6:02 AM, Alexander Lim wrote:


Do you know what caused the 3 secs blip? How can Cisco claims that it is 
non-disruptive then?
Thanks for sharing.


From what I've learned from others, the 'install all' unpacks the new 
files which run the processes, and then the processes are 
stopped/started.  The blip aligns with the card that's actively being 
upgraded, as shown by the 'install all' or 'show install all status' if 
run on another login session/console.


pt


___
cisco-nsp mailing list  cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/

Re: [c-nsp] Nexus 7K NX-OS Upgrade

2012-11-07 Thread Alexander Lim

Hi Pete,

Do you know what caused the 3 secs blip? How can Cisco claims that it is 
non-disruptive then?
Thanks for sharing. 

Regards,
Alexander Lim

On 7 Nov, 2012, at 12:12 PM, Pete Templin  wrote:

> On 11/6/12 3:35 PM, Tóth András wrote:
>> Hi Antonio,
>> 
>> In general, doing a traditional upgrade (changing boot variables) will
>> not update the BIOS for example, while an ISSU does and it's
>> non-disruptive with dual-supervisors.
> 
> Just to add a data point, it's almost non-disruptive.  There's a noticeable 
> blink on a per-linecard basis, probably <3 seconds, but I've had to deal with 
> explaining the blip during a "non-disruptive" upgrade.
> 
> pt
> 
> 
> ___
> cisco-nsp mailing list  cisco-nsp@puck.nether.net
> https://puck.nether.net/mailman/listinfo/cisco-nsp
> archive at http://puck.nether.net/pipermail/cisco-nsp/

___
cisco-nsp mailing list  cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/

Re: [c-nsp] ASR903 - firmware versions

2012-11-07 Thread Chuck Church

It looks like the ROMMON version.  They're upgradable if need be.  This
looks like what you're looking for:

http://www.cisco.com/cisco/software/release.html?mdfid=283780951&flowid=3020
1&softwareid=282046486&release=15.3%282r%29S&relind=AVAILABLE&rellifecycle=&
reltype=latest

Obviously, read all the release notes, etc.

Chuck

-Original Message-
From: cisco-nsp-boun...@puck.nether.net
[mailto:cisco-nsp-boun...@puck.nether.net] On Behalf Of Pshem Kowalczyk
Sent: Tuesday, November 06, 2012 7:14 PM
To: cisco-nsp@puck.nether.net
Subject: [c-nsp] ASR903 - firmware versions

Hi,

We had a problem with one of the RSPs in an ASR903. The card got RMA'ed
(R0/F0) and after getting it replaced and software upgraded to 3.7.1 it all
works fine (including active-standby switchover). I'm not sure if it's an
issue or not, but the show platform shows different firmware (older)  for
the newly added card. The CPLD versions are the same. I haven't been able to
find any specific information about the 'firmware' on Cisco website. Any
idea what this firmware number actually represents?

Chassis type: ASR-903

Slot  TypeState Insert time (ago)
- --- - -
 0/0  A900-IMA1X  ok00:45:16
 0/1  A900-IMA1X  ok00:45:11
 0/2  A900-IMA1X  ok00:45:06
 0/3  A900-IMA1X  ok00:45:01
 0/4  A900-IMA8S  ok00:44:57
 0/5  A900-IMA8S  ok00:44:57
R0A903-RSP1B-55   ok, standby   00:48:49
R1A903-RSP1B-55   ok, active00:48:49
F0ok, standby   00:48:49
F1ok, active00:48:49
P0A900-PWR550-D   ok00:46:58
P1A900-PWR550-D   ok00:46:57
P2A903-FANok00:46:55

Slot  CPLD VersionFirmware Version
- --- ---
R01110213315.2(1r)S1
R11110213315.3(1r)S1
F01110213315.2(1r)S1
F11110213315.3(1r)S1

kind regards
Pshem
___
cisco-nsp mailing list  cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/

___
cisco-nsp mailing list  cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/

[c-nsp] BGP NSR without SSO

2012-11-07 Thread zaid

Hi all 

How can deploy BGP NSR without SSO on 12000 XR or
such mechanism to decrease the packet loss when link flapped without BGP
sessions reset ( ex: XR Router multi homed with different ISP )

the packet loss happens on the other during the recalculation of the best path.



thanks 

ZH
___
cisco-nsp mailing list  cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/

Re: [c-nsp] Linux BGP tool

2012-11-07 Thread Tobias Heister

Hi,

Am 07.11.2012 00:10, schrieb CiscoNSP_list CiscoNSP_list:
> Thanks very much for the suggestions - Just tested bgpsimple (full table), 
> and it is VERY slow to send the full table (Peering session has been up for 
> 18minutes, and the ASR has only received ~185,000 prefixes?)

I currenlty have only a small table setup in our lab because most of the 
hardware is kind of old. The table has a size of about 70k routes. A juniper 
MX80 (unfortunately i currently have no
ciscos in the lab) takes under a minute to receive this table.
If i find time i will try it with a full table later this day.

regards
Tobias
___
cisco-nsp mailing list  cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/

Re: [c-nsp] 6506-E vs 7606-S

Re: [c-nsp] 7200VXR G2 performance

[c-nsp] 7200VXR G2 performance

Re: [c-nsp] Nexus 7K NX-OS Upgrade

Re: [c-nsp] Nexus 7K NX-OS Upgrade

Re: [c-nsp] 6506-E vs 7606-S

[c-nsp] 4500 Sup 6/6e/7/7e

Re: [c-nsp] Nexus 7K NX-OS Upgrade

Re: [c-nsp] 6506-E vs 7606-S

Re: [c-nsp] Could you remove me from the mailing list?

Re: [c-nsp] Could you remove me from the mailing list?

[c-nsp] Could you remove me from the mailing list?

[c-nsp] 6506-E vs 7606-S

Re: [c-nsp] IPv6 SLAAC on P2P or QinQ subints

Re: [c-nsp] Preserving CoS with xconnect on ME3600X

Re: [c-nsp] IPv6 SLAAC on P2P or QinQ subints

Re: [c-nsp] IPv6 SLAAC on P2P or QinQ subints

Re: [c-nsp] IPv6 SLAAC on P2P or QinQ subints

Re: [c-nsp] Cisco Security Advisory: Cisco Nexus 1000V Series Switch Software Release 4.2(1)SV1(5.2) Virtual Security Gateway Bypass Issue

[c-nsp] Cisco Security Advisory: Cisco Secure Access Control System TACACS+ Authentication Bypass Vulnerability

[c-nsp] Cisco Security Advisory: Cisco Nexus 1000V Series Switch Software Release 4.2(1)SV1(5.2) Virtual Security Gateway Bypass Issue

Re: [c-nsp] IPv6 SLAAC on P2P or QinQ subints

Re: [c-nsp] BGP NSR without SSO

Re: [c-nsp] Nexus 7K NX-OS Upgrade

Re: [c-nsp] PPPOE GIG SUB-INTEREFACE - 15.2S 7606-S

Re: [c-nsp] FWSM INT 0 configure

Re: [c-nsp] Nexus 7K NX-OS Upgrade

Re: [c-nsp] Nexus 7K NX-OS Upgrade

Re: [c-nsp] ASR903 - firmware versions

[c-nsp] BGP NSR without SSO

Re: [c-nsp] Linux BGP tool

31 matches

Site Navigation

Mail list logo

Footer information