date:20151119

[c-nsp] ASA-V vs ASA contexts

2015-11-19 Thread Nick Cutting

We run multi-tenant Cloud infrastructure for many small clients.

We are using ASA firewall contexts to protect inter-client hosted 
communications.

Was thinking of using ASA-V instead of multiple contexts to keep costs down - 
and I would more easily be able to automate the provisioning of the Client 
Firewalls.

Does anyone have any experience do this ?
It is generally cheaper or more expensive that multiple contexts?

We have some quotes in with our supplier - but It looks ludicrously expensive 
compared to Contexts licensing at a first glance.

I'm not interested in a chat about throughput, just in ease of rollout and 
costs.
Specifically the ASA-V10 (not the 30) and the standard license.

Any insightful hindsight would be greatly appreeaciated.

Thanks,
Nick
___
cisco-nsp mailing list  cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/

Re: [c-nsp] Nexus / VPC - Management port "needed" in VPC?

2015-11-19 Thread CiscoNSP List

Thanks for clarifying Quinn - So on a pair of 3Ks, a "typical" VPC setup would 
be 2 x 10Gb links + "a" link(i.e. Management ports) for the keepalives?

And on a pair of 9Ks, 2 x 40Gb links, plus management port link?

Cheers

From: quinn snyder 
Sent: Friday, 20 November 2015 8:13 AM
To: CiscoNSP List
Cc: cisco-nsp
Subject: Re: [c-nsp] Nexus / VPC - Management port "needed" in VPC?

> On Nov 19, 2015, at 14:07, CiscoNSP List  wrote:
>
> We have a customer that is wanting to do VPC on some N9Ks and also N3Ks - I 
> "thought" VPC would be similar to VSS...i.e. dual link between the 
> switches...but my (brief) reading up on the setup, I see some setup guides 
> where there are dual links(2 x 10Gb, or 2 x 40Gb), plus the use of the 
> management port for vPC peer keepalives?
>
>
> http://www.cisco.com/c/en/us/products/collateral/switches/nexus-3000-series-switches/white_paper_c11-685753.html
>
> Any info on the "correct"  method to setup VPC on the Nexus would be greatly 
> appreciated

the above is correct.

vpc requires the “data plane” (vpc peer-link) that performs synchronization 
using cfsoe between vpc domain peers.  it also *can* be used to forward actual 
data-plane traffic under failure scenarios.  its important to understand the 
baked-in vpc drop conditions that exist to provide loop prevention under 
steady-state.

the management (or some other set of layer-3 adjacencies within an isolated 
vrf) are used for simple heartbeats between the devices.  failure of this link 
does not mean catastrophic failure of the domain.  this is similar to something 
like ‘fast-hellos’ using an oob link when dealing with vss.

q.

--
quinn snyder | snyd...@gmail.com

___
cisco-nsp mailing list  cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/

Re: [c-nsp] Nexus / VPC - Management port "needed" in VPC?

2015-11-19 Thread Ryan Rawdon

> On Nov 19, 2015, at 7:14 PM, CiscoNSP List  wrote:
> 
> 
> Thanks for clarifying Quinn - So on a pair of 3Ks, a "typical" VPC setup 
> would be 2 x 10Gb links + "a" link(i.e. Management ports) for the keepalives?
> 
> And on a pair of 9Ks, 2 x 40Gb links, plus management port link?
> 
> Cheers

Correct.  Note that the management port does not have to be the one used as the 
peer-keepalive.  You could just as easily use another copper or fiber port 
configured with a /31 or similar, if you really wanted to use the management 
port for your OOB network only (or whatever other design criteria you may have).

We use the management port for some of these deployments from a certain legacy 
acquisition, while others in another part of our network use a dedicated link 
due to fiber being more readily available to connect between cabinets.
___
cisco-nsp mailing list  cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/

Re: [c-nsp] TFTP/SCP

2015-11-19 Thread Gert Doering

Hi,

On Thu, Nov 19, 2015 at 06:55:46PM +0200, Nick Hilliard wrote:
> On 19/11/2015 18:15, Jeremy Bresley wrote:
> > With the exception of NX-OS, pretty much anything on code released in the
> > last 3-4 years supports HTTP downloads
> 
> XR supports only ftp and tftp.

It does sftp, but maybe not "from the XR box" but "pushing towards the XR
box" (and that one actually works, unless the file is bigger than 2G *sigh*)

gert
-- 
USENET is *not* the non-clickable part of WWW!
   //www.muc.de/~gert/
Gert Doering - Munich, Germany g...@greenie.muc.de
fax: +49-89-35655025g...@net.informatik.tu-muenchen.de


signature.asc
Description: PGP signature
___
cisco-nsp mailing list  cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/

Re: [c-nsp] Nexus / VPC - Management port "needed" in VPC?

2015-11-19 Thread quinn snyder

> On Nov 19, 2015, at 18:14, CiscoNSP List  wrote:
> 
> 
> Thanks for clarifying Quinn - So on a pair of 3Ks, a "typical" VPC setup 
> would be 2 x 10Gb links + "a" link(i.e. Management ports) for the keepalives?
> 
> And on a pair of 9Ks, 2 x 40Gb links, plus management port link?

not so much typical as 'sized for your use case'.
during failure scenarios, it is possible to have traffic transit the peer-link. 
 however -- it comes down to understanding your environment, sla, redundancy, 
etc.  while the minimum recommended links is (2) for the peer-link, this can 
scale and you'll need to dial this in for your situation.

playing in the lab and running through a reflective set of test cases is your 
best bet here.  obviously -- you'll need to extrapolate this to being under 
load as well. 

q. 

--
quinn snyder | snyd...@gmail.com

-= sent via iphone. please excuse spelling, grammar, and brevity =-
___
cisco-nsp mailing list  cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/

[c-nsp] Nexus / VPC - Management port "needed" in VPC?

2015-11-19 Thread CiscoNSP List

Hi Everyone(Sent this yesterday, but it seems to have not made it to the list?),


We have a customer that is wanting to do VPC on some N9Ks and also N3Ks - I 
"thought" VPC would be similar to VSS...i.e. dual link between the 
switches...but my (brief) reading up on the setup, I see some setup guides 
where there are dual links(2 x 10Gb, or 2 x 40Gb), plus the use of the 
management port for vPC peer keepalives?


http://www.cisco.com/c/en/us/products/collateral/switches/nexus-3000-series-switches/white_paper_c11-685753.html

Any info on the "correct"  method to setup VPC on the Nexus would be greatly 
appreciated



Thanks.
___
cisco-nsp mailing list  cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/

Re: [c-nsp] Nexus / VPC - Management port "needed" in VPC?

2015-11-19 Thread quinn snyder

> On Nov 19, 2015, at 14:07, CiscoNSP List  wrote:
> 
> We have a customer that is wanting to do VPC on some N9Ks and also N3Ks - I 
> "thought" VPC would be similar to VSS...i.e. dual link between the 
> switches...but my (brief) reading up on the setup, I see some setup guides 
> where there are dual links(2 x 10Gb, or 2 x 40Gb), plus the use of the 
> management port for vPC peer keepalives?
> 
> 
> http://www.cisco.com/c/en/us/products/collateral/switches/nexus-3000-series-switches/white_paper_c11-685753.html
> 
> Any info on the "correct"  method to setup VPC on the Nexus would be greatly 
> appreciated

the above is correct.

vpc requires the “data plane” (vpc peer-link) that performs synchronization 
using cfsoe between vpc domain peers.  it also *can* be used to forward actual 
data-plane traffic under failure scenarios.  its important to understand the 
baked-in vpc drop conditions that exist to provide loop prevention under 
steady-state.

the management (or some other set of layer-3 adjacencies within an isolated 
vrf) are used for simple heartbeats between the devices.  failure of this link 
does not mean catastrophic failure of the domain.  this is similar to something 
like ‘fast-hellos’ using an oob link when dealing with vss.

q.

--
quinn snyder | snyd...@gmail.com

signature.asc
Description: Message signed with OpenPGP using GPGMail
___
cisco-nsp mailing list  cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/

[c-nsp] Nexus 7K - Routing over vPC Peer-link between chassis

2015-11-19 Thread Yham

Hi All,

Could you please tell me what is the disadvantage of running routing
protocols e.g. iBGP between SVIs of two chassis over vPC peer-link? I heard
a lot that cisco recommend to use a separate link for layer-3 but why?

logically peer-link should be more reliable as generally it bundle with
multiple physical links.

Thanks in advance.

Regards
YH
___
cisco-nsp mailing list  cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/

Re: [c-nsp] Nexus 7K - Routing over vPC Peer-link between chassis

2015-11-19 Thread Nick Cutting

I ran into this a few years back - and we did end up doing it.  It's basically 
because it peer link is totally different to a trunk between two chassis. i.e 
don't use it ever unless a downstream VPC link is down.


I can't remember the details, however this post by Brad Hedlund explains 
everything you need to know.

http://bradhedlund.com/2010/12/16/routing-over-nexus-7000-vpc-peer-link-yes-and-no/

-Original Message-
From: cisco-nsp [mailto:cisco-nsp-boun...@puck.nether.net] On Behalf Of Yham
Sent: 19 November 2015 11:49
To: cisco-nsp@puck.nether.net NSP
Subject: [c-nsp] Nexus 7K - Routing over vPC Peer-link between chassis

Hi All,

Could you please tell me what is the disadvantage of running routing protocols 
e.g. iBGP between SVIs of two chassis over vPC peer-link? I heard a lot that 
cisco recommend to use a separate link for layer-3 but why?

logically peer-link should be more reliable as generally it bundle with 
multiple physical links.

Thanks in advance.

Regards
YH
___
cisco-nsp mailing list  cisco-nsp@puck.nether.net 
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/

___
cisco-nsp mailing list  cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/

Re: [c-nsp] TFTP/SCP

2015-11-19 Thread Mark Tinka



On 19/Nov/15 12:25, Harry Hambi - Atos wrote:

> Hi All,
> Uploading IOS 15.2.SE7 to a number of 3750 switches using tftp. This proved 
> very slow, so I decided to use SCP which was a lot quicker. However, SCP 
> caused a cpu spike on the switch which caused snmp drops. Has anyone ever 
> experience this?, the switch was passing data traffic normally.

Might make sense.

SCP is exception traffic, as is SNMP traffic to the switch.

Mark.

___
cisco-nsp mailing list  cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/

[c-nsp] TFTP/SCP

2015-11-19 Thread Harry Hambi - Atos

Hi All,
Uploading IOS 15.2.SE7 to a number of 3750 switches using tftp. This proved 
very slow, so I decided to use SCP which was a lot quicker. However, SCP caused 
a cpu spike on the switch which caused snmp drops. Has anyone ever experience 
this?, the switch was passing data traffic normally.



Rgds
Harry

Harry Hambi BEng(Hons)  MIET  Rsgb

___
cisco-nsp mailing list  cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/

Re: [c-nsp] TFTP/SCP

2015-11-19 Thread Jared Mauch

I've suggested removing TFTP as its a crutch and has many shortcomings, more so 
when any latency is involved. 

People used a custom RCPD in the past to solve this as well. 

Beware as the CIsco FTP clients behave strangely across all versions and may 
request the file multiple times. They don't seem to test it often so if you 
report a bug, it takes quite some time to find the code caretaker. 

Jared Mauch

> On Nov 19, 2015, at 8:14 AM, Mark Tinka  wrote:
> 
> 
> 
>> On 19/Nov/15 15:54, Jared Mauch wrote:
>> 
>> We use FTP as the image isn't something that needs to be protected from 
>> eavesdroppers.
> 
> We use FTP also, as SCP support was non-uniform across various versions
> of IOS for a while.
> 
> Mark.
___
cisco-nsp mailing list  cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/

Re: [c-nsp] TFTP/SCP

2015-11-19 Thread Jared Mauch

Yup. You can filter by IP address and check image checksum after if it's 
something without a crypto signature. 

Jared Mauch

> On Nov 19, 2015, at 8:54 AM, Daniel Brisson  wrote:
> 
> What about protecting credentials?  Do you use a service account that has 0 
> access other than FTP'ing images?
> 
> -dan
> 
> 
> -Original Message-
> From: cisco-nsp [mailto:cisco-nsp-boun...@puck.nether.net] On Behalf Of Jared 
> Mauch
> Sent: Thursday, November 19, 2015 8:54 AM
> To: Mark Tinka 
> Cc: cisco-nsp@puck.nether.net
> Subject: Re: [c-nsp] TFTP/SCP
> 
> We use FTP as the image isn't something that needs to be protected from 
> eavesdroppers. 
> 
> Jared Mauch
> 
>> On Nov 19, 2015, at 6:46 AM, Mark Tinka  wrote:
>> 
>> 
>> 
>>> On 19/Nov/15 12:25, Harry Hambi - Atos wrote:
>>> 
>>> Hi All,
>>> Uploading IOS 15.2.SE7 to a number of 3750 switches using tftp. This proved 
>>> very slow, so I decided to use SCP which was a lot quicker. However, SCP 
>>> caused a cpu spike on the switch which caused snmp drops. Has anyone ever 
>>> experience this?, the switch was passing data traffic normally.
>> 
>> Might make sense.
>> 
>> SCP is exception traffic, as is SNMP traffic to the switch.
>> 
>> Mark.
>> 
>> ___
>> cisco-nsp mailing list  cisco-nsp@puck.nether.net 
>> https://puck.nether.net/mailman/listinfo/cisco-nsp
>> archive at http://puck.nether.net/pipermail/cisco-nsp/
> ___
> cisco-nsp mailing list  cisco-nsp@puck.nether.net 
> https://puck.nether.net/mailman/listinfo/cisco-nsp
> archive at http://puck.nether.net/pipermail/cisco-nsp/
___
cisco-nsp mailing list  cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/

Re: [c-nsp] TFTP/SCP

2015-11-19 Thread Juergen Marenda

The crypto-work gets done on the CPU in software,
and the CPUs on those switches are not very strong.

(data traffic is forwarded by the hardware,
 only some special pakets (STP, CDP, ...) disturb the CPU;
while management traffic must be handled by the CPU)

Juergen.

___
cisco-nsp mailing list  cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/

Re: [c-nsp] TFTP/SCP

2015-11-19 Thread Harry Hambi - Atos

It was using SCP that caused the switch CPU to spike. Sorry if I have miss read 
your comments. Are you saying there's a setting in the SCP server to limit 
bandwidth?, I 'me using solar winds SFTP & SCP server

Rgds
Harry

Harry Hambi BEng(Hons)  MIET  Rsgb

-Original Message-
From: cisco-nsp [mailto:cisco-nsp-boun...@puck.nether.net] On Behalf Of Alex 
Pressé
Sent: 19 November 2015 15:01
To: Daniel Brisson
Cc: cisco-nsp@puck.nether.net; Jared Mauch
Subject: Re: [c-nsp] TFTP/SCP

I've dumped images in a place available via HTTP.

The nice thing about SCP is being able to push the image directly to the
switches instead of having the switches pull. When pushing the image, SCP
also offers the ability to limit bandwidth (thus preventing your CPU spike).

On Thu, Nov 19, 2015 at 7:54 AM, Daniel Brisson  wrote:

> What about protecting credentials?  Do you use a service account that has
> 0 access other than FTP'ing images?
>
> -dan
>
>
> -Original Message-
> From: cisco-nsp [mailto:cisco-nsp-boun...@puck.nether.net] On Behalf Of
> Jared Mauch
> Sent: Thursday, November 19, 2015 8:54 AM
> To: Mark Tinka 
> Cc: cisco-nsp@puck.nether.net
> Subject: Re: [c-nsp] TFTP/SCP
>
> We use FTP as the image isn't something that needs to be protected from
> eavesdroppers.
>
> Jared Mauch
>
> > On Nov 19, 2015, at 6:46 AM, Mark Tinka  wrote:
> >
> >
> >
> >> On 19/Nov/15 12:25, Harry Hambi - Atos wrote:
> >>
> >> Hi All,
> >> Uploading IOS 15.2.SE7 to a number of 3750 switches using tftp. This
> proved very slow, so I decided to use SCP which was a lot quicker. However,
> SCP caused a cpu spike on the switch which caused snmp drops. Has anyone
> ever experience this?, the switch was passing data traffic normally.
> >
> > Might make sense.
> >
> > SCP is exception traffic, as is SNMP traffic to the switch.
> >
> > Mark.
> >
> > ___
> > cisco-nsp mailing list  cisco-nsp@puck.nether.net
> > https://puck.nether.net/mailman/listinfo/cisco-nsp
> > archive at http://puck.nether.net/pipermail/cisco-nsp/
> ___
> cisco-nsp mailing list  cisco-nsp@puck.nether.net
> https://puck.nether.net/mailman/listinfo/cisco-nsp
> archive at http://puck.nether.net/pipermail/cisco-nsp/
> ___
> cisco-nsp mailing list  cisco-nsp@puck.nether.net
> https://puck.nether.net/mailman/listinfo/cisco-nsp
> archive at http://puck.nether.net/pipermail/cisco-nsp/
>

--
Alex Presse
"How much net work could a network work if a network could net work?"
___
cisco-nsp mailing list  cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/

-
http://www.bbc.co.uk
This e-mail (and any attachments) is confidential and
may contain personal views which are not the views of the BBC unless 
specifically stated.
If you have received it in
error, please delete it from your system.
Do not use, copy or disclose the
information in any way nor act in reliance on it and notify the sender
immediately.
Please note that the BBC monitors e-mails
sent or received.
Further communication will signify your consent to
this.
-
___
cisco-nsp mailing list  cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/

Re: [c-nsp] TFTP/SCP

2015-11-19 Thread Jeremy Bresley

With the exception of NX-OS, pretty much anything on code released in 
the last 3-4 years supports HTTP downloads.  Just put the images on a 
web server reachable by the client (can put them in a directory and 
specify the path as well).  I did this with a Linux host with Apache and 
did an alias for /code pointed to a directory that the network team can 
update with new images as needed.  To upgrade a 3560X they just have to do:
archive download-sw /overwrite 
http://serverip/code/c3560e-universalk9-tar.152-4.E.tar


As a plus, it's easy for the junior engineers to just click on a link 
and see what images are available for that platform if we update to a 
newer version and they have an older doc with what our standard image is 
(we remove all but the current standard and sometimes the immediate 
previous one in case we need to roll a device back.)  This makes it easy 
to keep people from loading old non-standard code whenever they replace 
a device.


Jeremy "TheBrez" Bresley
b...@brezworks.com

On 11/19/2015 7:54 AM, Jared Mauch wrote:

We use FTP as the image isn't something that needs to be protected from 
eavesdroppers.

Jared Mauch


On Nov 19, 2015, at 6:46 AM, Mark Tinka  wrote:




On 19/Nov/15 12:25, Harry Hambi - Atos wrote:

Hi All,
Uploading IOS 15.2.SE7 to a number of 3750 switches using tftp. This proved 
very slow, so I decided to use SCP which was a lot quicker. However, SCP caused 
a cpu spike on the switch which caused snmp drops. Has anyone ever experience 
this?, the switch was passing data traffic normally.

Might make sense.

SCP is exception traffic, as is SNMP traffic to the switch.

Mark.

___
cisco-nsp mailing list  cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/

___
cisco-nsp mailing list  cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/


___
cisco-nsp mailing list  cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/

Re: [c-nsp] TFTP/SCP

2015-11-19 Thread Alex Pressé

In Linux SSH you can use the -l flag. http://linux.die.net/man/1/scp

No idea if Solarwinds implemented SSH with any features.

 scp -l 2000 c3750e-universalk9-mz.150-2.SE8.bin admin@myswitch
:flash:/c3750e-universalk9-mz.150-2.SE8.bin

On Thu, Nov 19, 2015 at 8:12 AM, Harry Hambi - Atos 
wrote:

> It was using SCP that caused the switch CPU to spike. Sorry if I have miss
> read your comments. Are you saying there's a setting in the SCP server to
> limit bandwidth?, I 'me using solar winds SFTP & SCP server
>
>
> Rgds
> Harry
>
> Harry Hambi BEng(Hons)  MIET  Rsgb
>
>
> -Original Message-
> From: cisco-nsp [mailto:cisco-nsp-boun...@puck.nether.net] On Behalf Of
> Alex Pressé
> Sent: 19 November 2015 15:01
> To: Daniel Brisson
> Cc: cisco-nsp@puck.nether.net; Jared Mauch
> Subject: Re: [c-nsp] TFTP/SCP
>
> I've dumped images in a place available via HTTP.
>
> The nice thing about SCP is being able to push the image directly to the
> switches instead of having the switches pull. When pushing the image, SCP
> also offers the ability to limit bandwidth (thus preventing your CPU
> spike).
>
>
>
> On Thu, Nov 19, 2015 at 7:54 AM, Daniel Brisson  wrote:
>
> > What about protecting credentials?  Do you use a service account that has
> > 0 access other than FTP'ing images?
> >
> > -dan
> >
> >
> > -Original Message-
> > From: cisco-nsp [mailto:cisco-nsp-boun...@puck.nether.net] On Behalf Of
> > Jared Mauch
> > Sent: Thursday, November 19, 2015 8:54 AM
> > To: Mark Tinka 
> > Cc: cisco-nsp@puck.nether.net
> > Subject: Re: [c-nsp] TFTP/SCP
> >
> > We use FTP as the image isn't something that needs to be protected from
> > eavesdroppers.
> >
> > Jared Mauch
> >
> > > On Nov 19, 2015, at 6:46 AM, Mark Tinka  wrote:
> > >
> > >
> > >
> > >> On 19/Nov/15 12:25, Harry Hambi - Atos wrote:
> > >>
> > >> Hi All,
> > >> Uploading IOS 15.2.SE7 to a number of 3750 switches using tftp. This
> > proved very slow, so I decided to use SCP which was a lot quicker.
> However,
> > SCP caused a cpu spike on the switch which caused snmp drops. Has anyone
> > ever experience this?, the switch was passing data traffic normally.
> > >
> > > Might make sense.
> > >
> > > SCP is exception traffic, as is SNMP traffic to the switch.
> > >
> > > Mark.
> > >
> > > ___
> > > cisco-nsp mailing list  cisco-nsp@puck.nether.net
> > > https://puck.nether.net/mailman/listinfo/cisco-nsp
> > > archive at http://puck.nether.net/pipermail/cisco-nsp/
> > ___
> > cisco-nsp mailing list  cisco-nsp@puck.nether.net
> > https://puck.nether.net/mailman/listinfo/cisco-nsp
> > archive at http://puck.nether.net/pipermail/cisco-nsp/
> > ___
> > cisco-nsp mailing list  cisco-nsp@puck.nether.net
> > https://puck.nether.net/mailman/listinfo/cisco-nsp
> > archive at http://puck.nether.net/pipermail/cisco-nsp/
> >
>
>
>
> --
> Alex Presse
> "How much net work could a network work if a network could net work?"
> ___
> cisco-nsp mailing list  cisco-nsp@puck.nether.net
> https://puck.nether.net/mailman/listinfo/cisco-nsp
> archive at http://puck.nether.net/pipermail/cisco-nsp/
>
>
> -
> http://www.bbc.co.uk
> This e-mail (and any attachments) is confidential and
> may contain personal views which are not the views of the BBC unless
> specifically stated.
> If you have received it in
> error, please delete it from your system.
> Do not use, copy or disclose the
> information in any way nor act in reliance on it and notify the sender
> immediately.
> Please note that the BBC monitors e-mails
> sent or received.
> Further communication will signify your consent to
> this.
> -
>



-- 
Alex Presse
"How much net work could a network work if a network could net work?"
___
cisco-nsp mailing list  cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/

Re: [c-nsp] TFTP/SCP

2015-11-19 Thread Jared Mauch

We use FTP as the image isn't something that needs to be protected from 
eavesdroppers. 

Jared Mauch

> On Nov 19, 2015, at 6:46 AM, Mark Tinka  wrote:
> 
> 
> 
>> On 19/Nov/15 12:25, Harry Hambi - Atos wrote:
>> 
>> Hi All,
>> Uploading IOS 15.2.SE7 to a number of 3750 switches using tftp. This proved 
>> very slow, so I decided to use SCP which was a lot quicker. However, SCP 
>> caused a cpu spike on the switch which caused snmp drops. Has anyone ever 
>> experience this?, the switch was passing data traffic normally.
> 
> Might make sense.
> 
> SCP is exception traffic, as is SNMP traffic to the switch.
> 
> Mark.
> 
> ___
> cisco-nsp mailing list  cisco-nsp@puck.nether.net
> https://puck.nether.net/mailman/listinfo/cisco-nsp
> archive at http://puck.nether.net/pipermail/cisco-nsp/
___
cisco-nsp mailing list  cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/

Re: [c-nsp] TFTP/SCP

2015-11-19 Thread Daniel Brisson

What about protecting credentials?  Do you use a service account that has 0 
access other than FTP'ing images?

-dan


-Original Message-
From: cisco-nsp [mailto:cisco-nsp-boun...@puck.nether.net] On Behalf Of Jared 
Mauch
Sent: Thursday, November 19, 2015 8:54 AM
To: Mark Tinka 
Cc: cisco-nsp@puck.nether.net
Subject: Re: [c-nsp] TFTP/SCP

We use FTP as the image isn't something that needs to be protected from 
eavesdroppers. 

Jared Mauch

> On Nov 19, 2015, at 6:46 AM, Mark Tinka  wrote:
> 
> 
> 
>> On 19/Nov/15 12:25, Harry Hambi - Atos wrote:
>> 
>> Hi All,
>> Uploading IOS 15.2.SE7 to a number of 3750 switches using tftp. This proved 
>> very slow, so I decided to use SCP which was a lot quicker. However, SCP 
>> caused a cpu spike on the switch which caused snmp drops. Has anyone ever 
>> experience this?, the switch was passing data traffic normally.
> 
> Might make sense.
> 
> SCP is exception traffic, as is SNMP traffic to the switch.
> 
> Mark.
> 
> ___
> cisco-nsp mailing list  cisco-nsp@puck.nether.net 
> https://puck.nether.net/mailman/listinfo/cisco-nsp
> archive at http://puck.nether.net/pipermail/cisco-nsp/
___
cisco-nsp mailing list  cisco-nsp@puck.nether.net 
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/
___
cisco-nsp mailing list  cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/

Re: [c-nsp] TFTP/SCP

2015-11-19 Thread Alex Pressé

I've dumped images in a place available via HTTP.

The nice thing about SCP is being able to push the image directly to the
switches instead of having the switches pull. When pushing the image, SCP
also offers the ability to limit bandwidth (thus preventing your CPU spike).



On Thu, Nov 19, 2015 at 7:54 AM, Daniel Brisson  wrote:

> What about protecting credentials?  Do you use a service account that has
> 0 access other than FTP'ing images?
>
> -dan
>
>
> -Original Message-
> From: cisco-nsp [mailto:cisco-nsp-boun...@puck.nether.net] On Behalf Of
> Jared Mauch
> Sent: Thursday, November 19, 2015 8:54 AM
> To: Mark Tinka 
> Cc: cisco-nsp@puck.nether.net
> Subject: Re: [c-nsp] TFTP/SCP
>
> We use FTP as the image isn't something that needs to be protected from
> eavesdroppers.
>
> Jared Mauch
>
> > On Nov 19, 2015, at 6:46 AM, Mark Tinka  wrote:
> >
> >
> >
> >> On 19/Nov/15 12:25, Harry Hambi - Atos wrote:
> >>
> >> Hi All,
> >> Uploading IOS 15.2.SE7 to a number of 3750 switches using tftp. This
> proved very slow, so I decided to use SCP which was a lot quicker. However,
> SCP caused a cpu spike on the switch which caused snmp drops. Has anyone
> ever experience this?, the switch was passing data traffic normally.
> >
> > Might make sense.
> >
> > SCP is exception traffic, as is SNMP traffic to the switch.
> >
> > Mark.
> >
> > ___
> > cisco-nsp mailing list  cisco-nsp@puck.nether.net
> > https://puck.nether.net/mailman/listinfo/cisco-nsp
> > archive at http://puck.nether.net/pipermail/cisco-nsp/
> ___
> cisco-nsp mailing list  cisco-nsp@puck.nether.net
> https://puck.nether.net/mailman/listinfo/cisco-nsp
> archive at http://puck.nether.net/pipermail/cisco-nsp/
> ___
> cisco-nsp mailing list  cisco-nsp@puck.nether.net
> https://puck.nether.net/mailman/listinfo/cisco-nsp
> archive at http://puck.nether.net/pipermail/cisco-nsp/
>



-- 
Alex Presse
"How much net work could a network work if a network could net work?"
___
cisco-nsp mailing list  cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/

Re: [c-nsp] TFTP/SCP

2015-11-19 Thread Nick Hilliard

On 19/11/2015 18:15, Jeremy Bresley wrote:
> With the exception of NX-OS, pretty much anything on code released in the
> last 3-4 years supports HTTP downloads

XR supports only ftp and tftp.

Nick

___
cisco-nsp mailing list  cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/

Re: [c-nsp] TFTP/SCP

2015-11-19 Thread Lukas Tribus

> On 19/11/2015 18:15, Jeremy Bresley wrote:
>> With the exception of NX-OS, pretty much anything on code released in the
>> last 3-4 years supports HTTP downloads
>
> XR supports only ftp and tftp.

SCP is in XR 05.01.01 (but not via the "filesystem" like wrapper so you can
actually use it in all IO based commands, but via the new, pretty limited
scp keyword).

HTTP(S) is "prototyped" for 5.3.3, not sure if they are gonna make it.


More about this here:
https://supportforums.cisco.com/blog/12244311/xr-usability-and-debugability-got-wish-comment
https://supportforums.cisco.com/blog/12602981/usability-functionality-read-out-status-so-far



Regards,

Lukas

  
___
cisco-nsp mailing list  cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/

Re: [c-nsp] TFTP/SCP

2015-11-19 Thread Mark Tinka

On 19/Nov/15 15:54, Jared Mauch wrote:

> We use FTP as the image isn't something that needs to be protected from 
> eavesdroppers. 

We use FTP also, as SCP support was non-uniform across various versions
of IOS for a while.

Mark.
___
cisco-nsp mailing list  cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/

[c-nsp] ASA-V vs ASA contexts

Re: [c-nsp] Nexus / VPC - Management port "needed" in VPC?

Re: [c-nsp] Nexus / VPC - Management port "needed" in VPC?

Re: [c-nsp] TFTP/SCP

Re: [c-nsp] Nexus / VPC - Management port "needed" in VPC?

[c-nsp] Nexus / VPC - Management port "needed" in VPC?

Re: [c-nsp] Nexus / VPC - Management port "needed" in VPC?

[c-nsp] Nexus 7K - Routing over vPC Peer-link between chassis

Re: [c-nsp] Nexus 7K - Routing over vPC Peer-link between chassis

Re: [c-nsp] TFTP/SCP

[c-nsp] TFTP/SCP

Re: [c-nsp] TFTP/SCP

Re: [c-nsp] TFTP/SCP

Re: [c-nsp] TFTP/SCP

Re: [c-nsp] TFTP/SCP

Re: [c-nsp] TFTP/SCP

Re: [c-nsp] TFTP/SCP

Re: [c-nsp] TFTP/SCP

Re: [c-nsp] TFTP/SCP

Re: [c-nsp] TFTP/SCP

Re: [c-nsp] TFTP/SCP

Re: [c-nsp] TFTP/SCP

Re: [c-nsp] TFTP/SCP

23 matches

Site Navigation

Mail list logo

Footer information