Re: [c-nsp] ASR920 "console" port....ugh

[Erik Sundberg]

Mine is all green

show facility-alarm status
System Totals  Critical: 0  Major: 0  Minor: 0


-Original Message-
From: cisco-nsp [mailto:cisco-nsp-boun...@puck.nether.net] On Behalf Of Adrian 
Minta
Sent: Tuesday, February 02, 2016 12:30 PM
To: cisco-nsp@puck.nether.net
Subject: Re: [c-nsp] ASR920 "console" portugh

Since is ASR920 bashing time ... anyone else noticed the red led ?
Apparently red is the new green.

--
Best regards,
Adrian Minta


___
cisco-nsp mailing list  cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/



CONFIDENTIALITY NOTICE: This e-mail transmission, and any documents, files or 
previous e-mail messages attached to it may contain confidential information 
that is legally privileged. If you are not the intended recipient, or a person 
responsible for delivering it to the intended recipient, you are hereby 
notified that any disclosure, copying, distribution or use of any of the 
information contained in or attached to this transmission is STRICTLY 
PROHIBITED. If you have received this transmission in error please notify the 
sender immediately by replying to this e-mail. You must destroy the original 
transmission and its attachments without reading or saving in any manner. Thank 
you.
___
cisco-nsp mailing list  cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/

Re: [c-nsp] QinQ 4500X -> ME3600 and access(pop) multiple inner vlans

[Erik Sundberg]

http://supportforums.cisco.com/sites/default/files/legacy/8/2/1/96128-ASR%209000%20Multiple%20Services%20onthe%20same%20port%20example.jpg

Look at the Routed VPLS/EoMPLS section

http://www.cisco.com/c/en/us/td/docs/switches/metro/me3600x_3800x/software/release/15-1_2_ey/configuration/guide/3800x3600xscg/swmpls.html#pgfId-1260366

What you are looking for a is a VPLS Routed Interface Configuration, just 
association the VPLS instance with the bridge group. I have never tried this, 
so I could be wrong, but it's worth a shot.

Try adding this. This creates' a VPLS Instance and associates it to the Bridge 
Group 941.
l2 vfi TESTING manual
 vpn id 941
 bridge-domain 941

Then under your VLAN Interface associate the VLAN Interface with the VPLS 
Instanace.
interface Vlan941
 xconnect vfi TESTING    ADD THIS
 description INNER_OUTER_TAG_TEST
 mtu 9100
 ip address xxx.xxx.xxx.xxx 255.255.255.252  no ip proxy-arp


Also watch your MTU Size's a mismatch can cause the VPLS instance to be down. 
You can check it with
"show mpls l2transport vc vcid 941 detail"

This looks good

interface GigabitEthernet0/24   <- Connects to 4500X
service instance 940 ethernet
  description description Inner_outer_tag_test_Outer_940_Inner_941
  encapsulation dot1q 940 second-dot1q 941
  rewrite ingress tag pop 2 symmetric
  bridge-domain 941





-Original Message-
From: CiscoNSP List [mailto:cisconsp_l...@hotmail.com]
Sent: Wednesday, February 03, 2016 12:06 AM
To: Erik Sundberg ; cisco-nsp@puck.nether.net
Subject: Re: QinQ 4500X -> ME3600 and access(pop) multiple inner vlans

Thanks Eric,

We have no visibility into the remote end, but I have setup the following on 
one of our ME's (Test service, that has supposedly been configured by carrier, 
and remote end)

Vlans are:

940 (outer)
941 (Inner)

Both vlans have been created on the ME, and only vlan 940 on the 4500X that 
connects to carrier:

ME3600 conf

interface GigabitEthernet0/24   <- Connects to 4500X
service instance 940 ethernet
  description description Inner_outer_tag_test_Outer_940_Inner_941
  encapsulation dot1q 940 second-dot1q 941
  rewrite ingress tag pop 2 symmetric
  bridge-domain 941

interface Vlan941
 description INNER_OUTER_TAG_TEST
 mtu 9100
 ip address xxx.xxx.xxx.xxx 255.255.255.252  no ip proxy-arp


Im unable to ping remote end, nor am I seeing any dynamic Macs for bridge 
domain 941 - Is there any additional commands I can run to "see" if we are 
indeed receiving the Outer and Inner Tags on the ME?

The only MAC I am learning on the 4500X is from the ME3600

#sh mac address-table dynamic vlan 940
Unicast Entries
 vlan mac address typeprotocols   port
-+---++-+---
-+---++-+--
 940  3462.882a.4640   dynamic ip,ipx,assigned,other TenGigabitEthernet1/1/3


cheers


From: Erik Sundberg 
Sent: Tuesday, 2 February 2016 10:10 PM
To: CiscoNSP List; cisco-nsp@puck.nether.net
Subject: RE: QinQ 4500X -> ME3600 and access(pop) multiple inner vlans

You are probably better using a service instance for each vlan. Then you can 
send each VLAN where ever.

service instance 800 ethernet
  description description LINK_TO_CARRIER_X_VIA_4500X
  encapsulation dot1q 800 second-dot1q 10
  rewrite ingress tag pop 2 symmetric
  bridge-domain 10

service instance 801 ethernet
  description description LINK_TO_CARRIER_X_VIA_4500X
  encapsulation dot1q 800 second-dot1q 20
  rewrite ingress tag pop 2 symmetric
  bridge-domain 20


--

Another way of doing it is the following

If you have two tag come in, only POP 1 Tag. Then your CTag are put in to the 
Bridge Domain.

Int G0/1
service instance 800 ethernet
  description LINK_TO_CARRIER_X_VIA_4500X
  encapsulation dot1q 800
  rewrite ingress tag pop 1 symmetric
  bridge-domain 800


Then on your Egress port you can set it as untagged, C Tags of 10,20, 30 will 
be in the bridge domain and will be passed on egress.

 Int G0/2
Description to 4500x
service instance 400 ethernet
  description 4500X
  encapsulation dot1q untagged
  bridge-domain 800


If you need to pull one CTag out for something else you can do that like so.

Int G0/1
service instance 804 ethernet
  description Go Somewhere else
  encapsulation dot1q 800 second-dot1q 40
  rewrite ingress tag pop 1 symmetric
  bridge-domain 40


-Original Message-
From: CiscoNSP List [mailto:cisconsp_l...@hotmail.com]
Sent: Tuesday, February 02, 2016 4:01 AM
To: Erik Sundberg ; cisco-nsp@puck.nether.net
Subject: Re: QinQ 4500X -> ME3600 and access(pop) multiple inner vlans


Thanks for the quick reply - We use service instances quite a bit, but only 
popping first tag, then creating vlan int (for vrf), or PWso fairly basic 
stuff :)

In this circumstance, where we would receive vlan 800 as outer tag, 

Re: [c-nsp] ASR1001 vs 1001-X PPP

[Nick Cutting]

The last 1001X I bought, I accidently ordered the 1001 - when I changed my 
order, I think the price was the same or almost minimal difference. Cisco 
doesn't want people buying the old kit either.

-Original Message-
From: cisco-nsp [mailto:cisco-nsp-boun...@puck.nether.net] On Behalf Of Feedly 
Reader
Sent: 02 February 2016 22:38
To: Nicolas KARP; Ian Goodall
Cc: cisco-nsp@puck.nether.net
Subject: Re: [c-nsp] ASR1001 vs 1001-X PPP

Hi Ian,

Based on my understanding, the CPU on 1001-X is more powerful and can handle 
more concurrent session establishments. It also has 2 10G interfaces which can 
come in handy. However, the queue-count is considerably lower in the 1001s 
which makes QoS difficult, depending on your policies. I would recommend a 
1002-X if you are looking at ASR 1K.  

Have a look at this document here for more details:

http://www.cisco.com/c/en/us/products/collateral/routers/asr-1000-series-aggregation-services-routers/datasheet-c78-731640.html

Vaibhav


From: cisco-nsp  on behalf of Nicolas KARP 

Sent: Tuesday, February 2, 2016 10:27 PM
To: Ian Goodall
Cc: cisco-nsp@puck.nether.net
Subject: Re: [c-nsp] ASR1001 vs 1001-X PPP

Hello Ian,

ASR 1001 is going to be EOS on April  :
http://www.cisco.com/c/en/us/products/collateral/routers/asr-1000-series-aggregation-services-routers/eos-eol-notice-c51-734572.html

Replacement : 1001-X


And it's the same price...


# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
- - - - - - - - - - - - - - - - - - -
# - -   Nicolas KARP
# - -   Network and Security Engineer
# - -Email : li...@karp.fr 
# - -Linkedin :  http://www.linkedin.com/in/nicolaskarp
# - -Viadeo : http://www.viadeo.com/fr/profile/nicolas.karp

# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
- - - - - - - - - - - - - - - - - - -



2016-02-02 19:48 GMT+01:00 Ian Goodall :

> We have a number of older 7206 routers used in a LNS role (PPP/L2TP).
>
> As part of a network refresh we are looking to move towards the 
> ASR1001 or 1001-X. The datasheet shows both support up to 5Gbps 
> throughput and 8k subs.
>
> Is anyone able to confirm if 8k subs on a ASR1001 realistic in the 
> real world, or should we be looking at the higher CPU on the X version?
>
> Also on the throughput restriction is this in+out on all ports combined?
> For example we have L2TP/PPP on one interface and upstream traffic on 
> another port. If we have 1Mbps of traffic coming in and then route out 
> on the L2TP/PPP interface is this counted as 1Mbps or 2Mbps?
>
> Thanks in advance.
>
> Ian
> ___
> cisco-nsp mailing list  cisco-nsp@puck.nether.net 
> https://puck.nether.net/mailman/listinfo/cisco-nsp
> archive at http://puck.nether.net/pipermail/cisco-nsp/
>
___
cisco-nsp mailing list  cisco-nsp@puck.nether.net 
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/
___
cisco-nsp mailing list  cisco-nsp@puck.nether.net 
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/

___
cisco-nsp mailing list  cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/

Re: [c-nsp] QinQ 4500X -> ME3600 and access(pop) multiple inner vlans

[CiscoNSP List]

Thanks Eric,

We have no visibility into the remote end, but I have setup the following on 
one of our ME's (Test service, that has supposedly been configured by carrier, 
and remote end)

Vlans are:

940 (outer)
941 (Inner)

Both vlans have been created on the ME, and only vlan 940 on the 4500X that 
connects to carrier:

ME3600 conf

interface GigabitEthernet0/24   <- Connects to 4500X
service instance 940 ethernet
  description description Inner_outer_tag_test_Outer_940_Inner_941
  encapsulation dot1q 940 second-dot1q 941
  rewrite ingress tag pop 2 symmetric
  bridge-domain 941

interface Vlan941
 description INNER_OUTER_TAG_TEST
 mtu 9100
 ip address xxx.xxx.xxx.xxx 255.255.255.252
 no ip proxy-arp


Im unable to ping remote end, nor am I seeing any dynamic Macs for bridge 
domain 941 - Is there any additional commands I can run to "see" if we are 
indeed receiving the Outer and Inner Tags on the ME?

The only MAC I am learning on the 4500X is from the ME3600

#sh mac address-table dynamic vlan 940
Unicast Entries
 vlan mac address typeprotocols   port
-+---++-+-
 940  3462.882a.4640   dynamic ip,ipx,assigned,other 
TenGigabitEthernet1/1/3


cheers


From: Erik Sundberg 
Sent: Tuesday, 2 February 2016 10:10 PM
To: CiscoNSP List; cisco-nsp@puck.nether.net
Subject: RE: QinQ 4500X -> ME3600 and access(pop) multiple inner vlans

You are probably better using a service instance for each vlan. Then you can 
send each VLAN where ever.

service instance 800 ethernet
  description description LINK_TO_CARRIER_X_VIA_4500X
  encapsulation dot1q 800 second-dot1q 10
  rewrite ingress tag pop 2 symmetric
  bridge-domain 10

service instance 801 ethernet
  description description LINK_TO_CARRIER_X_VIA_4500X
  encapsulation dot1q 800 second-dot1q 20
  rewrite ingress tag pop 2 symmetric
  bridge-domain 20


--

Another way of doing it is the following

If you have two tag come in, only POP 1 Tag. Then your CTag are put in to the 
Bridge Domain.

Int G0/1
service instance 800 ethernet
  description LINK_TO_CARRIER_X_VIA_4500X
  encapsulation dot1q 800
  rewrite ingress tag pop 1 symmetric
  bridge-domain 800


Then on your Egress port you can set it as untagged, C Tags of 10,20, 30 will 
be in the bridge domain and will be passed on egress.

 Int G0/2
Description to 4500x
service instance 400 ethernet
  description 4500X
  encapsulation dot1q untagged
  bridge-domain 800


If you need to pull one CTag out for something else you can do that like so.

Int G0/1
service instance 804 ethernet
  description Go Somewhere else
  encapsulation dot1q 800 second-dot1q 40
  rewrite ingress tag pop 1 symmetric
  bridge-domain 40


-Original Message-
From: CiscoNSP List [mailto:cisconsp_l...@hotmail.com]
Sent: Tuesday, February 02, 2016 4:01 AM
To: Erik Sundberg ; cisco-nsp@puck.nether.net
Subject: Re: QinQ 4500X -> ME3600 and access(pop) multiple inner vlans


Thanks for the quick reply - We use service instances quite a bit, but only 
popping first tag, then creating vlan int (for vrf), or PWso fairly basic 
stuff :)

In this circumstance, where we would receive vlan 800 as outer tag, and we want 
to access inner vlans 10,20,30 how would this look under a service instance?

ie.  Something like?

 service instance 800 ethernet
  description description LINK_TO_CARRIER_X_VIA_4500X
  encapsulation dot1q 800 second-dot1q 10,20,30
  rewrite ingress tag pop 2 symmetric
  bridge-domain ?


or a separate service instance and pop inner vlans on each one?

 service instance 800 ethernet
  description description LINK_TO_CARRIER_X_VIA_4500X
  encapsulation dot1q 800 second-dot1q 10
  rewrite ingress tag pop 2 symmetric
  bridge-domain 10

service instance 801 ethernet
  description description LINK_TO_CARRIER_X_VIA_4500X
  encapsulation dot1q 800 second-dot1q 20
  rewrite ingress tag pop 2 symmetric
  bridge-domain 20

Cheers



From: Erik Sundberg 
Sent: Tuesday, 2 February 2016 8:40 PM
To: CiscoNSP List; cisco-nsp@puck.nether.net
Subject: RE: QinQ 4500X -> ME3600 and access(pop) multiple inner vlans

http://www.cisco.com/c/dam/en/us/td/docs/switches/metro/me3600x_3800x/software/design/guide/ME3600x_Design_Guide.pdf

http://www.cisco.com/c/dam/en/us/td/docs/switches/metro/me3600x_3800x/software/design/guide/CE2-0_certification_v1.pdf

http://d2zmdbbm9feqrf.cloudfront.net/2012/usa/pdf/BRKSPG-2209.pdf


You must do switchport commands
Services Instance is just a number, we keep it the same as the VLAN Id Under 
the Service Instance you specify the VLAN ID with endcapsulation dot1q x 
Rewrite ingress Tag POP 1 symmetric  -- This removes the first VLAN Tag on in 
incoming frame, if you do pop 2, it removes the 2 VLAN Tags.

First Example is VPLS with Bridge Domains. Bridge doma

Re: [c-nsp] C6708-10GE-3CXL Local Switching

[Paul]

It does not matter for the 6908 because it is not oversubscribed so you 
get 80G regardless.



On 2/1/2016 5:50 AM, Alireza Soltanian wrote:

Thanks in advance

Now what is the case for  WS-6908-10G-2TXL ? I searched the Internet but I
could not find any information about Local Switching of this card.
The only available information is Fabric Switch Capacity which is 80Gbps.

Thank you again

-Original Message-
From: Paul [mailto:p...@gtcomm.net]
Sent: Sunday, January 31, 2016 8:34 PM
To: Alireza Soltanian ; cisco-nsp@puck.nether.net
Subject: Re: [c-nsp] C6708-10GE-3CXL Local Switching

Short answer is yes and full duplex, functionally but you never want to hit
that mark IMO This document will help with most 6500 architecture questions:
http://www.cisco.com/c/en/us/products/collateral/switches/catalyst-6500-seri
es-switches/prod_white_paper0900aecd80673385.html

Only the ports connected to the same asic can send traffic between each
other without using the fabric (i've tested this) that's where they get the
64gbps local switching (port pairs have 16g each, 2 port pairs on each fpga,
4 one each asic, 16g from each fpga to fabric asic so 32gbps per 'side', so
64 total even though only 40g to backplane fabric)


On 1/31/2016 9:42 AM, Alireza Soltanian wrote:

Hi everybody
I cisco documentations it was mentioned C6708-10GE-3CXL supports
64Gbps of Local Switching. Is this Half-Duplex or Full Duplex Can
Anyone help?

Thank you
Alireza
___
cisco-nsp mailing list  cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/


--
GloboTech Communications
Phone: 1-514-907-0050 x 215
Toll Free: 1-(888)-GTCOMM1
Fax: 1-(514)-907-0750
p...@gtcomm.net
http://www.gtcomm.net




--
GloboTech Communications
Phone: 1-514-907-0050 x 215
Toll Free: 1-(888)-GTCOMM1
Fax: 1-(514)-907-0750
p...@gtcomm.net
http://www.gtcomm.net

___
cisco-nsp mailing list  cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/

Re: [c-nsp] ASR1001 vs 1001-X PPP

[Feedly Reader]

Hi Ian,

Based on my understanding, the CPU on 1001-X is more powerful and can handle 
more concurrent session establishments. It also has 2 10G interfaces which can 
come in handy. However, the queue-count is considerably lower in the 1001s 
which makes QoS difficult, depending on your policies. I would recommend a 
1002-X if you are looking at ASR 1K.  

Have a look at this document here for more details:

http://www.cisco.com/c/en/us/products/collateral/routers/asr-1000-series-aggregation-services-routers/datasheet-c78-731640.html

Vaibhav


From: cisco-nsp  on behalf of Nicolas KARP 

Sent: Tuesday, February 2, 2016 10:27 PM
To: Ian Goodall
Cc: cisco-nsp@puck.nether.net
Subject: Re: [c-nsp] ASR1001 vs 1001-X PPP

Hello Ian,

ASR 1001 is going to be EOS on April  :
http://www.cisco.com/c/en/us/products/collateral/routers/asr-1000-series-aggregation-services-routers/eos-eol-notice-c51-734572.html

Replacement : 1001-X


And it's the same price...


# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
- - - - - - - - - - - - - - - - - - -
# - -   Nicolas KARP
# - -   Network and Security Engineer
# - -Email : li...@karp.fr 
# - -Linkedin :  http://www.linkedin.com/in/nicolaskarp
# - -Viadeo : http://www.viadeo.com/fr/profile/nicolas.karp

# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
- - - - - - - - - - - - - - - - - - -



2016-02-02 19:48 GMT+01:00 Ian Goodall :

> We have a number of older 7206 routers used in a LNS role (PPP/L2TP).
>
> As part of a network refresh we are looking to move towards the ASR1001 or
> 1001-X. The datasheet shows both support up to 5Gbps throughput and 8k
> subs.
>
> Is anyone able to confirm if 8k subs on a ASR1001 realistic in the real
> world, or should we be looking at the higher CPU on the X version?
>
> Also on the throughput restriction is this in+out on all ports combined?
> For example we have L2TP/PPP on one interface and upstream traffic on
> another port. If we have 1Mbps of traffic coming in and then route out on
> the L2TP/PPP interface is this counted as 1Mbps or 2Mbps?
>
> Thanks in advance.
>
> Ian
> ___
> cisco-nsp mailing list  cisco-nsp@puck.nether.net
> https://puck.nether.net/mailman/listinfo/cisco-nsp
> archive at http://puck.nether.net/pipermail/cisco-nsp/
>
___
cisco-nsp mailing list  cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/
___
cisco-nsp mailing list  cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/

Re: [c-nsp] ASR1001 vs 1001-X PPP

[Nicolas KARP]

Hello Ian,

ASR 1001 is going to be EOS on April  :
http://www.cisco.com/c/en/us/products/collateral/routers/asr-1000-series-aggregation-services-routers/eos-eol-notice-c51-734572.html

Replacement : 1001-X


And it's the same price...


# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
- - - - - - - - - - - - - - - - - - -
# - -   Nicolas KARP
# - -   Network and Security Engineer
# - -Email : li...@karp.fr 
# - -Linkedin :  http://www.linkedin.com/in/nicolaskarp
# - -Viadeo : http://www.viadeo.com/fr/profile/nicolas.karp

# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
- - - - - - - - - - - - - - - - - - -



2016-02-02 19:48 GMT+01:00 Ian Goodall :

> We have a number of older 7206 routers used in a LNS role (PPP/L2TP).
>
> As part of a network refresh we are looking to move towards the ASR1001 or
> 1001-X. The datasheet shows both support up to 5Gbps throughput and 8k
> subs.
>
> Is anyone able to confirm if 8k subs on a ASR1001 realistic in the real
> world, or should we be looking at the higher CPU on the X version?
>
> Also on the throughput restriction is this in+out on all ports combined?
> For example we have L2TP/PPP on one interface and upstream traffic on
> another port. If we have 1Mbps of traffic coming in and then route out on
> the L2TP/PPP interface is this counted as 1Mbps or 2Mbps?
>
> Thanks in advance.
>
> Ian
> ___
> cisco-nsp mailing list  cisco-nsp@puck.nether.net
> https://puck.nether.net/mailman/listinfo/cisco-nsp
> archive at http://puck.nether.net/pipermail/cisco-nsp/
>
___
cisco-nsp mailing list  cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/

Re: [c-nsp] RSPAN over WAN/MAN

[Nick Hilliard]

Steven Pfister wrote:
> At first, I thought RSPAN. I've never done an RSPAN session, but I got
> it working in a test setup at the central site. I tried the same thing
> with the remote site, but can't get anything but broadcasts. 

rspan works by transmitting traffic across vlans which have mac learning
disabled, so therefore they unicast-flood all traffic across all ports
in the vlan.  If you're transmitting this traffic across multiple
switches, you need to make sure that the intermediate switches have mac
learning disabled on the rspan vlan, or else that they're configured as
rspan-specific vlans.

Nick

___
cisco-nsp mailing list  cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/

[c-nsp] RSPAN over WAN/MAN

[Steven Pfister]

I have an application where I need to copy traffic at a remote site and
record it at a central site. At the remote site, all devices are in
their own VLAN and are all connected to a single WS-C2960X-48FPD-L
switch. At the central site, there are several switches I can use for
the recording server (until the server is set up, using a laptop and
Wireshark to test).
 
At first, I thought RSPAN. I've never done an RSPAN session, but I got
it working in a test setup at the central site. I tried the same thing
with the remote site, but can't get anything but broadcasts. 
 
The central site and all remote sites are connected to each other over
AT&T's Opt-E-MAN switched Ethernet service. Will RSPAN work over
Opt-E-MAN? I'm starting to think maybe not. Should I try RSPAN over a
GRE tunnel? Can I use VACL capture? I haven't tried to set up either
before.
 
___
cisco-nsp mailing list  cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/

[c-nsp] ASR1001 vs 1001-X PPP

[Ian Goodall]

We have a number of older 7206 routers used in a LNS role (PPP/L2TP).

As part of a network refresh we are looking to move towards the ASR1001 or
1001-X. The datasheet shows both support up to 5Gbps throughput and 8k subs.

Is anyone able to confirm if 8k subs on a ASR1001 realistic in the real
world, or should we be looking at the higher CPU on the X version?

Also on the throughput restriction is this in+out on all ports combined?
For example we have L2TP/PPP on one interface and upstream traffic on
another port. If we have 1Mbps of traffic coming in and then route out on
the L2TP/PPP interface is this counted as 1Mbps or 2Mbps?

Thanks in advance.

Ian
___
cisco-nsp mailing list  cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/

Re: [c-nsp] ASR920 "console" port....ugh

[Adrian Minta]

Since is ASR920 bashing time ... anyone else noticed the red led ?
Apparently red is the new green.

--
Best regards,
Adrian Minta


___
cisco-nsp mailing list  cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/

Re: [c-nsp] CoPP on 7600s

[James Bensley]

Thanks for all the input everyone.

I have spoken with TAC over concerns that the "Software Counters" were
increasing in the output of "show policy-amp control-plane" however it
turns out they should be (this wasn't clear to me from the Cisco docs
so wanted to confirm). Since packets (such as BGP) are destined for
the CPU the software counter should increment.

We need to watch for things like the rate at which they are
increasing, if the violations on the hardware counters are increasing
etc. That the hardware counters increase at a similar rate to
software, so the packets are being matched in software.

My initial concern that simply "the software counters are
incrementing" is not actually a problem.

Cheers,
James.
___
cisco-nsp mailing list  cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/

Re: [c-nsp] DSCP and Queue counters on 7600s

[James Bensley]

For list consistency,

I spoke to TAC and there is no command to see packet hit counters per
queue to see how many packets are matching into each queue (the
equivilent of "show policy-map interface x/x" on a device using HQF).

The best commands I found where:

show mls qos ip Gi2/17
show mls qos queuing int Gi2/17
show mls qos queuing interface Gi2/17 | b dropped
show counters interface Gi2/17
remote command switch show qm port 2 17
show interfaces | i Ethernet|output drop


Cheers,
James.
___
cisco-nsp mailing list  cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/

Re: [c-nsp] NCS-5001 - sweet...got one in the lab

[Gert Doering]

Hi,

On Tue, Feb 02, 2016 at 04:07:46PM +, Tom Marcoen wrote:
> What is is "12.2SX vs. 12.2SR bullshit" all about? I never really 
> understood the myriad of letters in the version numbers. I only know 
> about the first letter being an S, T, or M.

Please don't full-quote-and-top-post.

Besides that, you don't really want to know - but if you do, go back in
the list archives and search for rants by a certain Gert Doering about
the 6500 / 7600 split ("same hardware, different colour, different code
in the backplane EEprom, non-interchangeable software, with disjunct 
feature set").

gert

-- 
USENET is *not* the non-clickable part of WWW!
   //www.muc.de/~gert/
Gert Doering - Munich, Germany g...@greenie.muc.de
fax: +49-89-35655025g...@net.informatik.tu-muenchen.de


signature.asc
Description: PGP signature
___
cisco-nsp mailing list  cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/

Re: [c-nsp] NCS-5001 - sweet...got one in the lab

[Tom Marcoen]

What is is "12.2SX vs. 12.2SR bullshit" all about? I never really understood 
the myriad of letters in the version numbers. I only know about the first 
letter being an S, T, or M.

Met vriendelijke groet,

Tom Marcoen
Technisch consultant
 

Valid
Wilhelminasingel 107
6221 BH Maastricht
T +31 (0)88 900 95 00
M +31 (0)6 525 026 50
www.valid.nl
   

 
 
Dit bericht inclusief attachments is vertrouwelijk en uitsluitend bedoeld voor 
de geadresseerde(n). Indien dit bericht niet voor u bestemd is, verzoeken wij u 
vriendelijk dit bericht aan de afzender te retourneren en vervolgens te wissen.
This message, including attachments, is confidential and intended for the 
addressee(s) only.  If this message is not intended for you, please notify the 
sender by returning this e-mail immediately and delete this message.



-Original Message-
From: cisco-nsp [mailto:cisco-nsp-boun...@puck.nether.net] On Behalf Of Gert 
Doering
Sent: dinsdag 2 februari 2016 17:04
To: Nick Hilliard
Cc: Gert Doering; cisco-nsp@puck.nether.net
Subject: Re: [c-nsp] NCS-5001 - sweet...got one in the lab

Hi,

On Tue, Feb 02, 2016 at 03:53:25PM +, Nick Hilliard wrote:
> Gert Doering wrote:
> > And yes, I'm fully aware that using EIGRP has lots of drawbacks, 
> > like, "vendor lock in"
> 
> you mean "BU lock-in"?  Vendor lock-in is old and busted.

Is there a list of Cisco BUs and which product is messed up by whom?

I would have expected that most of the "it is fast and has XR" stuff comes from 
the same BU (since every BU has to have their own OS anyway[*]), but seemingly 
that was naive.

[*] now, one could argue that XR 6 qualifies for the "12.2SX vs. 12.2SR 
bullshit award 2016"...  so it might well be a different BU, with different 
features, and more inter-BU bullshit.

[**] BU-llshit???

gert

--
USENET is *not* the non-clickable part of WWW!
   //www.muc.de/~gert/
Gert Doering - Munich, Germany g...@greenie.muc.de
fax: +49-89-35655025g...@net.informatik.tu-muenchen.de
___
cisco-nsp mailing list  cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/

Re: [c-nsp] NCS-5001 - sweet...got one in the lab

[Nick Cutting]

I love EIGRP, albeit in the enterprise.  I think I use almost every feature it 
has.

But I guess I would not be buying one of these new 5001 high-speedfire-dogs 
anyway.

-Original Message-
From: cisco-nsp [mailto:cisco-nsp-boun...@puck.nether.net] On Behalf Of Nick 
Hilliard
Sent: 02 February 2016 15:53
To: Gert Doering
Cc: cisco-nsp@puck.nether.net
Subject: Re: [c-nsp] NCS-5001 - sweet...got one in the lab

Gert Doering wrote:
> And yes, I'm fully aware that using EIGRP has lots of drawbacks, like, 
> "vendor lock in"

you mean "BU lock-in"?  Vendor lock-in is old and busted.

Nick
___
cisco-nsp mailing list  cisco-nsp@puck.nether.net 
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/

___
cisco-nsp mailing list  cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/

Re: [c-nsp] NCS-5001 - sweet...got one in the lab

[Gert Doering]

Hi,

On Tue, Feb 02, 2016 at 03:53:25PM +, Nick Hilliard wrote:
> Gert Doering wrote:
> > And yes, I'm fully aware that using EIGRP has lots of drawbacks, like,
> > "vendor lock in"
> 
> you mean "BU lock-in"?  Vendor lock-in is old and busted.

Is there a list of Cisco BUs and which product is messed up by whom?

I would have expected that most of the "it is fast and has XR" stuff 
comes from the same BU (since every BU has to have their own OS anyway[*]), 
but seemingly that was naive.

[*] now, one could argue that XR 6 qualifies for the "12.2SX vs. 12.2SR
bullshit award 2016"...  so it might well be a different BU, with different
features, and more inter-BU bullshit.

[**] BU-llshit???

gert

-- 
USENET is *not* the non-clickable part of WWW!
   //www.muc.de/~gert/
Gert Doering - Munich, Germany g...@greenie.muc.de
fax: +49-89-35655025g...@net.informatik.tu-muenchen.de


signature.asc
Description: PGP signature
___
cisco-nsp mailing list  cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/

Re: [c-nsp] NCS-5001 - sweet...got one in the lab

[Lukas Tribus]

> NCS 5001 contains the following ports:
>
> 40 x 10G SFP+ Ports:
> --- 16 x Regular 10G SFP+ Ports
> --- 24 x DWDM & ZR Capable 10G SFP+ Ports
>
> 4 x 100G QSFP28 Ports
>
> Hmmm, I was wondering what the strange colors were over top
> of ports 0-15 (silver) and a different color over top of 16-39 (violet)...

The purple ports are those that are DWDM/ZR capable (I guess this
because of heat emission of the transceiver).

http://www.cisco.com/c/en/us/td/docs/iosxr/ncs5000/hardware-install/b-ncs5000-hardware-installation-guide-60x/b-ncs5500-hardware-install-guide_chapter_00.html#concept_4A65D4D6F0F9436FB8B930E9A32C15F9



Lukas

  
___
cisco-nsp mailing list  cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/

Re: [c-nsp] NCS-5001 - sweet...got one in the lab

[Nick Hilliard]

Gert Doering wrote:
> And yes, I'm fully aware that using EIGRP has lots of drawbacks, like,
> "vendor lock in"

you mean "BU lock-in"?  Vendor lock-in is old and busted.

Nick
___
cisco-nsp mailing list  cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/

Re: [c-nsp] NCS-5001 - sweet...got one in the lab

[Aaron]

Robert, yes QSFP28...   
http://www.cisco.com/c/en/us/td/docs/iosxr/ncs5000/system-setup/60x/b-ncs5000-system-setup-guide-60x/b-system-setup-ncs5500_chapter_01.html

NCS 5001 contains the following ports:

40 x 10G SFP+ Ports:
--- 16 x Regular 10G SFP+ Ports 
--- 24 x DWDM & ZR Capable 10G SFP+ Ports 

4 x 100G QSFP28 Ports 

Hmmm, I was wondering what the strange colors were over top of ports 0-15 
(silver) and a different color over top of 16-39 (violet)... and the (4) 100's 
are obvious... and colored light green.  I have a pic of mine if you want it I 
email it to you unicast.

More ncs5k info... 
http://www.cisco.com/c/en/us/support/routers/network-convergence-system-5000-series/products-installation-and-configuration-guides-list.html

Aaron

-Original Message-
From: Robert Blayzor [mailto:rblayzor.b...@inoc.net] 
Sent: Tuesday, February 2, 2016 9:02 AM
To: Aaron 
Cc: cisco-nsp@puck.nether.net
Subject: Re: [c-nsp] NCS-5001 - sweet...got one in the lab

On Feb 1, 2016, at 4:52 PM, Aaron  wrote:
> 
> wow, check out the interface names at the bottom of the list, yeah the 
> names that start with "H" !!
> 
> RP/0/RP0/CPU0:eng-lab-5001-1#sh ip int br Mon Feb 1 15:37:16.489 CST


Been looking at these for a while and the price point seems pretty good. I’m 
wondering how they stack up vs a ASR9001 in terms of # of routes, general 
features. I know with the NCS all the native features in the ASR line are 
“extra”. So L2VPN, L3VPN, etc are separate license options.

When it comes to the 100Gig ports, I’m assuming those are active in base? Those 
are QSFP28 ?

--
Robert
inoc.net!rblayzor
XMPP: rblayzor.AT.inoc.net
PGP Key: 78BEDCE1 @ pgp.mit.edu


___
cisco-nsp mailing list  cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/

Re: [c-nsp] NCS-5001 - sweet...got one in the lab

[Aaron]

Asking right now Lukas... I'll let you know something when I get something
from him

Aaron

-Original Message-
From: Lukas Tribus [mailto:luky...@hotmail.com] 
Sent: Tuesday, February 2, 2016 8:47 AM
To: Aaron 
Cc: cisco-nsp@puck.nether.net
Subject: RE: [c-nsp] NCS-5001 - sweet...got one in the lab


> James, I just got info from my account SE that the NCS-5001/2 on 
> Release XR
> 6.0.0 does not have RSVP-TE support.

Did the SE imply that this will come (roadmap) or that it won't be supported
on this platform?


thx   

___
cisco-nsp mailing list  cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/

[c-nsp] Nexus Switches Performance...

[Alireza Soltanian]

Hi everybody
I asked a lot of questions about C6500 and you provide the answers to me. I
will be honored if you provide answer to these question regarding NEXUS
switches:
In Nexus 56128P:The data sheet says it Supports 2.56 Tbps of bandwidth
across 48 fixed. If I install two Expansion modules with 24x1/10GE ports
then will I have this capacity all across the Chassis?
In Nexus 5592UP also this question is applicable.
Another question is will Nexus switches have C6500 limitations for Fabric
and Local Switching? Or I will have 10GE line rate all over the chassis in
the term of Local Switching and Fabric Switching. What about Nexus 3064P?

Thank you in advanced
Alireza
___
cisco-nsp mailing list  cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/

Re: [c-nsp] NCS-5001 - sweet...got one in the lab

[Aaron]

Yeah, I just cut a PO for (6) Juniper ACX5048 boxes

I gotta have options... I can't just be cisco only.

Aaron

-Original Message-
From: Gert Doering [mailto:g...@greenie.muc.de] 
Sent: Tuesday, February 2, 2016 8:31 AM
To: Aaron 
Cc: 'Gert Doering' ; cisco-nsp@puck.nether.net
Subject: Re: [c-nsp] NCS-5001 - sweet...got one in the lab

Hi,

On Tue, Feb 02, 2016 at 08:22:58AM -0600, Aaron wrote:
> I don't see eigrp.

Thanks for checking - saw this in the product announcement, couldn't believe
it.  Especially as this is just control-plane stuff which is already in XR
4+XR 5, so it was consciously taken *out*... (or "we didn't think it's
worthwile to port the eigrp process to Linux").

(And yes, I'm fully aware that using EIGRP has lots of drawbacks, like,
"vendor lock in" - but I still like the protocol as such, given that it has
had fast convergence, LFA, and all that nice stuff since 15+ years now... -
but finding out that EIGRP will even lock me out of *Cisco* products now is
just a tad annoying...  well... so I can just go and buy some other vendors
nice-and-fast 1RU box, right?)

gert
--
USENET is *not* the non-clickable part of WWW!
 
//www.muc.de/~gert/
Gert Doering - Munich, Germany
g...@greenie.muc.de
fax: +49-89-35655025
g...@net.informatik.tu-muenchen.de

___
cisco-nsp mailing list  cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/

Re: [c-nsp] NCS-5001 - MPLS L3VPN Issue

[Aaron]

Sorry about off topic, regarding the complaints about Cisco listed below, 
Please let me know whether or not Juniper is better about ensuring features 
work in their new products... and also, is Juniper better in handling things 
like this when you bring it their attention ?  how do y'all like JTAC over 
Cisco TAC ?

Just looking for your experience since I'm about to embark on that path.

Aaron

-Original Message-
From: cisco-nsp [mailto:cisco-nsp-boun...@puck.nether.net] On Behalf Of James 
Bensley
Sent: Tuesday, February 2, 2016 7:16 AM
To: cisco-nsp@puck.nether.net
Subject: Re: [c-nsp] NCS-5001 - MPLS L3VPN Issue

On 2 February 2016 at 12:47, Mikael Abrahamsson  wrote:
> On Tue, 2 Feb 2016, James Bensley wrote:
>
>> IOS-XR is much needed but jesus christ its been buggy as hell for us 
>> on the 9000 series routers.
>
>
> Stable, cheap, fast. Pick any two.
>
> I am not aware of any product the past 10-15 years that didn't have 
> serious bugs at first customer shipment. If you want something that 
> works, wait 1-2 years after first customer shipment and try it, then 
> it usually works. Now, at that time it's not fast and cheap anymore...


This paradigm only goes so far, Cisco have missed some very basic testing 
indeed. I mean, it looks to us like they've barely tested the code and just 
shipped it. We've got a nice race condition at the minute an amature programmer 
could spot. Processes getting stuck in an infinite loop and locking up the CPU.

It’s been years since IOS-XR was released on ASR9000's, no excuse now for basic 
features still not working. The TAC responses aren’t helpful either; things 
like "running an Inter-AS MPLS Option B and BGP-LU at the same time is not 
supported" - So we can have labelled VPN routes, or labelled GRT routes but not 
both? In this day and age! Someone once said to us “Inter-AS MPLS Opt C isn’t 
supported at all” - which we were running on the PE/ASBR under investigation. 
We’ve had bucket loads of issues/TAC cases (we are still opening TAC cases at a 
decent rate).

My mind is pretty set on this, their testing has been appalling (I’m obviously 
moaning at Cisco about this) – I’d like to know what others think.

Cheers,
James.
___
cisco-nsp mailing list  cisco-nsp@puck.nether.net 
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/

___
cisco-nsp mailing list  cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/

Re: [c-nsp] NCS-5001 - MPLS L3VPN Issue

[James Bensley]

On 2 February 2016 at 15:09, Adam Vitkovsky  wrote:
> Are you running 5+ by any chance?
>
>> It’s been years since IOS-XR was released on ASR9000's, no excuse now for
>> basic features still not working. The TAC responses aren’t helpful either;
>
> I'm sorry to hear that as I have very positive experiences solving cases with 
> XR team in Europe.
> And if the guy on the line did not know how to solve some hardcore problem he 
> would get me the SME, a gentleman who designed the particular technology on 
> XR so we could have a private techtorial for couple of hours to get it solved.

So TAC responses for "something is broken we need help" is good,
config issues great, XR TAC is way better than "regular" TAC IMO. I'm
talking about fresh new bugs. TAC look, agree its a bug, it has to get
punted to the BU, now the pace of help slows way down because even if
the TAC case is a P1 whatever BU has been roped in seems ignorant of
any sense of priority.

>> things like "running an Inter-AS MPLS Option B and BGP-LU at the same time
>> is not supported" - So we can have labelled VPN routes, or labelled GRT
>> routes but not both? In this day and age! Someone once said to us “Inter-AS
>> MPLS Opt C isn’t supported at all” - which we were running on the PE/ASBR
>> under investigation. We’ve had bucket loads of issues/TAC cases (we are still
>> opening TAC cases at a decent rate).

> That's striking.

It's ridiculous is what it is.

> I don't know about that as I have been running labelled-unicast and vpnv4 AFs 
> in the lab just fine.
> So which part of the Inter-AS MPLS OptC is not supposed to work according to 
> TAC please?

I think actually the problelm was we were running OptC and Opt B (so
LU path between RRs and VPNv4 between ASBRs, basically migrating from
one option to the other in a stagged approach). During this period we
had some issues that are still present after the migration I believe
(most label recycling issues).

Label recycling issues, lets talk about that. Jesus christ I've seen
alot of those.TAC don't seem to be able to replicate it however we've
had it on two seperate networks both times as soon as we lifted the
boxes off 4.3.4 default to 4.3.4 + latest SP and the boxes are running
Inter-AS OptB. I'm now building a lab to try and reliably replicate it
for me self so I can kick TAC's arse into fixing it.

Any routers running 4.3.4 default, as soon as they were lifted off
default to SP4/6/8/10 they have all encountered some form of bug,
every time (BGP processes stuck at 50% CPU, label recycling errors,
line cards rebooting etc).

5.1.3 + latest SP is most stable we have found. Once some routers came
with 5.1.2 out of the box which we would 5.1.3 once they were deployed
in the DC (once they were racked etc, whereas we would normally
upgrade pre-shipping to DC) we had some PHY bugs with a WDWM mux. Not
to mention we hit that famous SSH bug on those too with SSH crashing.

> My stance on this is that I'd beaten the kit to death in the lab anyways 
> before deployment so even if Cisco would swear there are no bug I'd do my own 
> scrutiny.
> On the other hand having to report elemental bugs sucks. But is it the case 
> on x.x.3 or x.x.4 version of the code please or was I just lucky or ignorant?

What we often hear from TAC is "$this feature is supported and so is
$that feature, but $this and $that together is not" - they are good in
that they will and look into the problem anyway however telling us
that $this + $that is not support on the same box makes them not
usable for their intended market?!

James.
___
cisco-nsp mailing list  cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/

Re: [c-nsp] NCS-5001 - sweet...got one in the lab

[James Bensley]

On 2 February 2016 at 14:22, Aaron  wrote:
> XR 6.0.0 ?  I'm just getting to know this box a little... lldp freezes
> console and/or telnet when enabled globally

Sounds like when the ASR920 first come out. We got some demo units,
the loopback interface would go down and only a reboot would fix it.
Ridiculous.


James.
___
cisco-nsp mailing list  cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/

Re: [c-nsp] NCS-5001 - MPLS L3VPN Issue

[Adam Vitkovsky]

> James Bensley
> Sent: Tuesday, February 02, 2016 1:16 PM
>
> On 2 February 2016 at 12:47, Mikael Abrahamsson 
> wrote:
> > On Tue, 2 Feb 2016, James Bensley wrote:
> >
> >> IOS-XR is much needed but jesus christ its been buggy as hell for us
> >> on the 9000 series routers.
> >
> >
> > Stable, cheap, fast. Pick any two.
> >
> > I am not aware of any product the past 10-15 years that didn't have
> > serious bugs at first customer shipment. If you want something that
> > works, wait 1-2 years after first customer shipment and try it, then
> > it usually works. Now, at that time it's not fast and cheap anymore...
>
>
> This paradigm only goes so far, Cisco have missed some very basic testing
> indeed. I mean, it looks to us like they've barely tested the code and just
> shipped it. We've got a nice race condition at the minute an amature
> programmer could spot. Processes getting stuck in an infinite loop and
> locking up the CPU.
>
Are you running 5+ by any chance?

> It’s been years since IOS-XR was released on ASR9000's, no excuse now for
> basic features still not working. The TAC responses aren’t helpful either;

I'm sorry to hear that as I have very positive experiences solving cases with 
XR team in Europe.
And if the guy on the line did not know how to solve some hardcore problem he 
would get me the SME, a gentleman who designed the particular technology on XR 
so we could have a private techtorial for couple of hours to get it solved.

> things like "running an Inter-AS MPLS Option B and BGP-LU at the same time
> is not supported" - So we can have labelled VPN routes, or labelled GRT
> routes but not both? In this day and age! Someone once said to us “Inter-AS
> MPLS Opt C isn’t supported at all” - which we were running on the PE/ASBR
> under investigation. We’ve had bucket loads of issues/TAC cases (we are still
> opening TAC cases at a decent rate).
That's striking.
I don't know about that as I have been running labelled-unicast and vpnv4 AFs 
in the lab just fine.
So which part of the Inter-AS MPLS OptC is not supposed to work according to 
TAC please?

My stance on this is that I'd beaten the kit to death in the lab anyways before 
deployment so even if Cisco would swear there are no bug I'd do my own scrutiny.
On the other hand having to report elemental bugs sucks. But is it the case on 
x.x.3 or x.x.4 version of the code please or was I just lucky or ignorant?

adam


Adam Vitkovsky
IP Engineer

T:  0333 006 5936
E:  adam.vitkov...@gamma.co.uk
W:  www.gamma.co.uk

This is an email from Gamma Telecom Ltd, trading as “Gamma”. The contents of 
this email are confidential to the ordinary user of the email address to which 
it was addressed. This email is not intended to create any legal relationship. 
No one else may place any reliance upon it, or copy or forward all or any of it 
in any form (unless otherwise notified). If you receive this email in error, 
please accept our apologies, we would be obliged if you would telephone our 
postmaster on +44 (0) 808 178 9652 or email postmas...@gamma.co.uk

Gamma Telecom Limited, a company incorporated in England and Wales, with 
limited liability, with registered number 04340834, and whose registered office 
is at 5 Fleet Place London EC4M 7RD and whose principal place of business is at 
Kings House, Kings Road West, Newbury, Berkshire, RG14 5BY.


___
cisco-nsp mailing list  cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/

Re: [c-nsp] NCS-5001 - sweet...got one in the lab

[Robert Blayzor via cisco-nsp]

--- Begin Message ---
On Feb 1, 2016, at 4:52 PM, Aaron  wrote:
> 
> wow, check out the interface names at the bottom of the list, yeah the names
> that start with "H" !!
> 
> RP/0/RP0/CPU0:eng-lab-5001-1#sh ip int br
> Mon Feb 1 15:37:16.489 CST


Been looking at these for a while and the price point seems pretty good. I’m 
wondering how they stack up vs a ASR9001 in terms of # of routes, general 
features. I know with the NCS all the native features in the ASR line are 
“extra”. So L2VPN, L3VPN, etc are separate license options.

When it comes to the 100Gig ports, I’m assuming those are active in base? Those 
are QSFP28 ?

--
Robert
inoc.net!rblayzor
XMPP: rblayzor.AT.inoc.net
PGP Key: 78BEDCE1 @ pgp.mit.edu

--- End Message ---
___
cisco-nsp mailing list  cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/

Re: [c-nsp] NCS-5001 - sweet...got one in the lab

[Jerry Bacon]

There isn't EIGRP but there _IS_ RIP? Really? I thought this was 2016.

--
Jerry Bacon
Senior Network Engineer
StarTouch, Inc.
http://www.startouch.com
360-543-5679 ext. 111
Microwave - Fiber Optics - Internet Services

-Original Message-
From: cisco-nsp [mailto:cisco-nsp-boun...@puck.nether.net] On Behalf Of
Aaron

...

I don't see eigrp.

RP/0/RP0/CPU0:eng-lab-5001-1#conf
Tue Feb  2 08:16:26.487 CST
roRP/0/RP0/CPU0:eng-lab-5001-1(config)#router
router  router-convergence
RP/0/RP0/CPU0:eng-lab-5001-1(config)#router ?
  bgp BGP configuration subcommands
  hsrpHSRP configuration subcommands
  isisISO IS-IS
  lispLISP configuration subcommands
  ospfOSPF configuration subcommands
  ospfv3  IPv6 Open Shortest Path First protocol (OSPFv3)
  rib RIB configuration subcommands
  rip RIP configuration subcommands
  rpl IPv6 Routing Protocol for Low-Power and Lossy Networks (RPL)
  static  Static route configuration subcommands
  vrrpVRRP configuration subcommands
RP/0/RP0/CPU0:eng-lab-5001-1(config)#router eigrp 1
^ % Invalid input detected at
'^' marker.
...
RP/0/RP0/CPU0:eng-lab-5001-1#sh protocols ?
  afi-all  IPv4 and IPv6 commands
  all  All protocols
  bgp  Border Gateway Protocol (BGP)
  ipv4 IPv4 commands
  ipv6 IPv6 commands
  isis IS-IS protocol
  ospf IPv4 OSPF protocol
  rip  RIP protocol
  |Output Modifiers
  


___
cisco-nsp mailing list  cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/

Re: [c-nsp] NCS-5001 - sweet...got one in the lab

[Lukas Tribus]

> James, I just got info from my account SE that the NCS-5001/2 on Release XR
> 6.0.0 does not have RSVP-TE support.

Did the SE imply that this will come (roadmap) or that it won't be supported
on this platform?


thx   
___
cisco-nsp mailing list  cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/

Re: [c-nsp] NCS-5001 - sweet...got one in the lab

[Aaron]

James, I just got info from my account SE that the NCS-5001/2 on Release XR
6.0.0 does not have RSVP-TE support.  I asked him previously about something
else that isn't supported at the moment (MPLS L3VPN) and he said it's coming
at the end of the month.  So we will see how that goes.

Aaron

-Original Message-
From: cisco-nsp [mailto:cisco-nsp-boun...@puck.nether.net] On Behalf Of
James Jun
Sent: Monday, February 1, 2016 11:12 PM
To: Justin M. Streiner 
Cc: cisco-nsp@puck.nether.net
Subject: Re: [c-nsp] NCS-5001 - sweet...got one in the lab

On Mon, Feb 01, 2016 at 12:12:12PM -0500, Justin M. Streiner wrote:
> 
> Kind of surprising.  Thinking of the Nexus world, all Ethernet 
> interfaces are named "Ethernet." regardless of speed.

Yea, that's one thing I really despise about Nexus. Seeing EthX/Y is really
boring (must be a cheap data center port thing).

There's just something appealing about seeing spelled out interface names
for different speeds, especially when they get more expensive (HundredGigE
on ASR9K) :-o 


> It seems like other
> vendors are moving in this direction as well, such as Juniper with 
> 100G interfaces on MX platforms.

I don't particularly have issues with Juniper's "et-" naming, because it's
only used for high-capacity links (25/40/50/100GE) so there's
differenciation there.
It's pretty much given that most networks that rolling et- in the core is
pretty much running 100GE.


BTW, can anybody confirm if NCS 5001 can do RSVP-TE (as a P router) well?
I'd presume it shouldn't have any issues with it, but the datasheet only
lists LDP.
I'm thinking this could be a good replacement for QFX 5k to do lightweight
LSR in the metro/dc access.

James
___
cisco-nsp mailing list  cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/

___
cisco-nsp mailing list  cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/

Re: [c-nsp] NCS-5001 - sweet...got one in the lab

[Gert Doering]

Hi,

On Tue, Feb 02, 2016 at 08:22:58AM -0600, Aaron wrote:
> I don't see eigrp.

Thanks for checking - saw this in the product announcement, couldn't
believe it.  Especially as this is just control-plane stuff which is
already in XR 4+XR 5, so it was consciously taken *out*... (or "we didn't
think it's worthwile to port the eigrp process to Linux").

(And yes, I'm fully aware that using EIGRP has lots of drawbacks, like,
"vendor lock in" - but I still like the protocol as such, given that it
has had fast convergence, LFA, and all that nice stuff since 15+ years
now... - but finding out that EIGRP will even lock me out of *Cisco*
products now is just a tad annoying...  well... so I can just go and
buy some other vendors nice-and-fast 1RU box, right?)

gert
-- 
USENET is *not* the non-clickable part of WWW!
   //www.muc.de/~gert/
Gert Doering - Munich, Germany g...@greenie.muc.de
fax: +49-89-35655025g...@net.informatik.tu-muenchen.de


signature.asc
Description: PGP signature
___
cisco-nsp mailing list  cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/

[c-nsp] Nexus 3048 bootvar log

[Kevin M Warwashana]

Our Nexus 3048 has a debug partition with two files that change hourly
causing Rancid to send a diff email.  Any way to disable the logs?



Here are the two files:

Nexus3k.100.13.1# dir debug:

 254712Feb 02 13:34:17 2016  bootvar_debug.log

  6Feb 02 13:34:17 2016  bootvar_debug.meta



Contents of bootvar_debug.log is full of this hourly:

 bootvar_pss_ascii_gen: RUNNING CONFIG

 bootvar_pss_ascii_gen: rec1: KS = , NXOS =
bootflash:/nxos.7.0.3.I2.2.bin | rec2: KS = , NXOS =

 bootvar_pss_ascii_gen: RUNNING CONFIG

 bootvar_pss_ascii_gen: rec1: KS = , NXOS =
bootflash:/nxos.7.0.3.I2.2.bin | rec2: KS = , NXOS =



As far as I can tell all debugging is disabled.  I’ve tried ‘no debug all’,
and ‘no debug-filter all’ with no luck.



Thanks,

Kevin
___
cisco-nsp mailing list  cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/

Re: [c-nsp] NCS-5001 - sweet...got one in the lab

[Aaron]

XR 6.0.0 ?  I'm just getting to know this box a little... lldp freezes
console and/or telnet when enabled globally, SE says it's not in BASE
release yet... mpls l3vpn isn't in base release either...  so I don't want
to judge XR 6.0.0 yet since as I understand it, I'm dealing a few new
things... at this point and I don't know if my issues are new xr, new xr
redesign on underlying linux vice qnx, new hardware in the ncs-5001

I don't see eigrp.

RP/0/RP0/CPU0:eng-lab-5001-1#conf
Tue Feb  2 08:16:26.487 CST
roRP/0/RP0/CPU0:eng-lab-5001-1(config)#router
router  router-convergence
RP/0/RP0/CPU0:eng-lab-5001-1(config)#router ?
  bgp BGP configuration subcommands
  hsrpHSRP configuration subcommands
  isisISO IS-IS
  lispLISP configuration subcommands
  ospfOSPF configuration subcommands
  ospfv3  IPv6 Open Shortest Path First protocol (OSPFv3)
  rib RIB configuration subcommands
  rip RIP configuration subcommands
  rpl IPv6 Routing Protocol for Low-Power and Lossy Networks (RPL)
  static  Static route configuration subcommands
  vrrpVRRP configuration subcommands
RP/0/RP0/CPU0:eng-lab-5001-1(config)#router eigrp 1
^
% Invalid input detected at '^' marker.
RP/0/RP0/CPU0:eng-lab-5001-1(config)#int ten0/0/0/16
RP/0/RP0/CPU0:eng-lab-5001-1(config-if)#ip eig?
^
% Invalid input detected at '^' marker.
RP/0/RP0/CPU0:eng-lab-5001-1(config-if)#eig?
 ^
% Invalid input detected at '^' marker.
RP/0/RP0/CPU0:eng-lab-5001-1(config-if)#
Uncommitted changes found, commit them before exiting(yes/no/cancel)?
[cancel]:no
RP/0/RP0/CPU0:eng-lab-5001-1#sh pro
processes  protection-notif  protocols
RP/0/RP0/CPU0:eng-lab-5001-1#sh protocols ?
  afi-all  IPv4 and IPv6 commands
  all  All protocols
  bgp  Border Gateway Protocol (BGP)
  ipv4 IPv4 commands
  ipv6 IPv6 commands
  isis IS-IS protocol
  ospf IPv4 OSPF protocol
  rip  RIP protocol
  |Output Modifiers
  
RP/0/RP0/CPU0:eng-lab-5001-1#sh protocols



-Original Message-
From: Gert Doering [mailto:g...@greenie.muc.de] 
Sent: Tuesday, February 2, 2016 1:02 AM
To: Aaron 
Cc: cisco-nsp@puck.nether.net
Subject: Re: [c-nsp] NCS-5001 - sweet...got one in the lab

Hi,

On Mon, Feb 01, 2016 at 03:52:00PM -0600, Aaron wrote:
> wow, check out the interface names at the bottom of the list, yeah the 
> names that start with "H" !!

So, how's XR 6.0 like?  Is it true that it does no longer support EIGRP?

(The NCS5k feature list lists OSPF, ISIS etc., but EIGRP is suspiciously
missing...)

gert
--
USENET is *not* the non-clickable part of WWW!
 
//www.muc.de/~gert/
Gert Doering - Munich, Germany
g...@greenie.muc.de
fax: +49-89-35655025
g...@net.informatik.tu-muenchen.de

___
cisco-nsp mailing list  cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/

Re: [c-nsp] NCS-5001 - MPLS L3VPN Issue

[Jason Lixfeld]

Yup.

Their SW quality and has gone completely down the shitter (don't even get me 
started on their 'Applications' i.e.: Prime).  They are spreading themselves 
too thin, trying to do too much, getting BUs to compete with one another, and 
we're all stuck paying the price.  Their only innovation is to rip features and 
function out of hardware to keep costs down.  TAC sucks.  My sales guy and my 
SE never call to say Hi.  They don't follow up unless I send a few nasties 
their way.  It has all added up to leaving a really bad taste in my mouth, so 
I've ditched them everywhere that I can, and will continue to do so until every 
last piece of it is off every network I run.

I'm so grateful I have a few really good friends who work at Cisco who are able 
to bail me out when the rest of Cisco seems to be just as happy to see me rot.

Support the small guy writing good code.  Support the small guy building really 
good hardware in-country.  Support the small guy who is doing a really good job 
at the one or two things they do.  They're hungry.  They listen. They actually 
get it.  The massive machine is a sinking ship that can't seem to get it right 
anymore.

Sent from my iPhone

> On Feb 2, 2016, at 8:16 AM, James Bensley  wrote:
> 
>> On 2 February 2016 at 12:47, Mikael Abrahamsson  wrote:
>>> On Tue, 2 Feb 2016, James Bensley wrote:
>>> 
>>> IOS-XR is much needed but jesus christ its been buggy as hell for us on
>>> the 9000 series routers.
>> 
>> 
>> Stable, cheap, fast. Pick any two.
>> 
>> I am not aware of any product the past 10-15 years that didn't have serious
>> bugs at first customer shipment. If you want something that works, wait 1-2
>> years after first customer shipment and try it, then it usually works. Now,
>> at that time it's not fast and cheap anymore...
> 
> 
> This paradigm only goes so far, Cisco have missed some very basic
> testing indeed. I mean, it looks to us like they've barely tested the
> code and just shipped it. We've got a nice race condition at the
> minute an amature programmer could spot. Processes getting stuck in an
> infinite loop and locking up the CPU.
> 
> It’s been years since IOS-XR was released on ASR9000's, no excuse now
> for basic features still not working. The TAC responses aren’t helpful
> either; things like "running an Inter-AS MPLS Option B and BGP-LU at
> the same time is not supported" - So we can have labelled VPN routes,
> or labelled GRT routes but not both? In this day and age! Someone once
> said to us “Inter-AS MPLS Opt C isn’t supported at all” - which we
> were running on the PE/ASBR under investigation. We’ve had bucket
> loads of issues/TAC cases (we are still opening TAC cases at a decent
> rate).
> 
> My mind is pretty set on this, their testing has been appalling (I’m
> obviously moaning at Cisco about this) – I’d like to know what others
> think.
> 
> Cheers,
> James.
> ___
> cisco-nsp mailing list  cisco-nsp@puck.nether.net
> https://puck.nether.net/mailman/listinfo/cisco-nsp
> archive at http://puck.nether.net/pipermail/cisco-nsp/
___
cisco-nsp mailing list  cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/

Re: [c-nsp] NCS-5001 - MPLS L3VPN Issue

[Mikael Abrahamsson]

On Tue, 2 Feb 2016, James Bensley wrote:

My mind is pretty set on this, their testing has been appalling (I’m 
obviously moaning at Cisco about this) – I’d like to know what others 
think.


Back in the late 00:s XR for the CRS was rock solid (as long as you 
managed to get the thing up and running), especially if you ran without a 
lot of new features. Basic LDP+MPLS+ISIS+BGP just worked for years without 
issue. I believe this was a factor of fairly low number of features and 
fairly high price for the platform, so Cisco could pay for proper testing 
of the features they offered.


Now, everybody wants all kinds of features, the feature velocity has been 
extremely high for the past 5-8 years, and at the same time people don't 
really want to pay much. Thus, you get more features that are less tested, 
because testing them is complex, and yet I'm sure there is less money for 
testing.


Of course Cisco could do a better job here, but one also has to recognise 
the market condition our vendors are acting in.


At least it's my experience that even though there was a shared code-base 
between ASR9k and CRS, XR worked a lot better on CRS. My guess is that 
this was due to level of testing and that they were in different BUs back 
then.


--
Mikael Abrahamssonemail: swm...@swm.pp.se
___
cisco-nsp mailing list  cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/

Re: [c-nsp] NCS-5001 - MPLS L3VPN Issue

[James Bensley]

On 2 February 2016 at 12:47, Mikael Abrahamsson  wrote:
> On Tue, 2 Feb 2016, James Bensley wrote:
>
>> IOS-XR is much needed but jesus christ its been buggy as hell for us on
>> the 9000 series routers.
>
>
> Stable, cheap, fast. Pick any two.
>
> I am not aware of any product the past 10-15 years that didn't have serious
> bugs at first customer shipment. If you want something that works, wait 1-2
> years after first customer shipment and try it, then it usually works. Now,
> at that time it's not fast and cheap anymore...


This paradigm only goes so far, Cisco have missed some very basic
testing indeed. I mean, it looks to us like they've barely tested the
code and just shipped it. We've got a nice race condition at the
minute an amature programmer could spot. Processes getting stuck in an
infinite loop and locking up the CPU.

It’s been years since IOS-XR was released on ASR9000's, no excuse now
for basic features still not working. The TAC responses aren’t helpful
either; things like "running an Inter-AS MPLS Option B and BGP-LU at
the same time is not supported" - So we can have labelled VPN routes,
or labelled GRT routes but not both? In this day and age! Someone once
said to us “Inter-AS MPLS Opt C isn’t supported at all” - which we
were running on the PE/ASBR under investigation. We’ve had bucket
loads of issues/TAC cases (we are still opening TAC cases at a decent
rate).

My mind is pretty set on this, their testing has been appalling (I’m
obviously moaning at Cisco about this) – I’d like to know what others
think.

Cheers,
James.
___
cisco-nsp mailing list  cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/

Re: [c-nsp] NCS-5001 - MPLS L3VPN Issue

[Mikael Abrahamsson]

On Tue, 2 Feb 2016, James Bensley wrote:

IOS-XR is much needed but jesus christ its been buggy as hell for us on 
the 9000 series routers.


Stable, cheap, fast. Pick any two.

I am not aware of any product the past 10-15 years that didn't have 
serious bugs at first customer shipment. If you want something that works, 
wait 1-2 years after first customer shipment and try it, then it usually 
works. Now, at that time it's not fast and cheap anymore...


--
Mikael Abrahamssonemail: swm...@swm.pp.se
___
cisco-nsp mailing list  cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/

Re: [c-nsp] QinQ 4500X -> ME3600 and access(pop) multiple inner vlans

[Erik Sundberg]

You are probably better using a service instance for each vlan. Then you can 
send each VLAN where ever.

service instance 800 ethernet
  description description LINK_TO_CARRIER_X_VIA_4500X
  encapsulation dot1q 800 second-dot1q 10
  rewrite ingress tag pop 2 symmetric
  bridge-domain 10

service instance 801 ethernet
  description description LINK_TO_CARRIER_X_VIA_4500X
  encapsulation dot1q 800 second-dot1q 20
  rewrite ingress tag pop 2 symmetric
  bridge-domain 20


--

Another way of doing it is the following

If you have two tag come in, only POP 1 Tag. Then your CTag are put in to the 
Bridge Domain.

Int G0/1
service instance 800 ethernet
  description LINK_TO_CARRIER_X_VIA_4500X
  encapsulation dot1q 800
  rewrite ingress tag pop 1 symmetric
  bridge-domain 800


Then on your Egress port you can set it as untagged, C Tags of 10,20, 30 will 
be in the bridge domain and will be passed on egress.

 Int G0/2
Description to 4500x
service instance 400 ethernet
  description 4500X
  encapsulation dot1q untagged
  bridge-domain 800


If you need to pull one CTag out for something else you can do that like so.

Int G0/1
service instance 804 ethernet
  description Go Somewhere else
  encapsulation dot1q 800 second-dot1q 40
  rewrite ingress tag pop 1 symmetric
  bridge-domain 40


-Original Message-
From: CiscoNSP List [mailto:cisconsp_l...@hotmail.com]
Sent: Tuesday, February 02, 2016 4:01 AM
To: Erik Sundberg ; cisco-nsp@puck.nether.net
Subject: Re: QinQ 4500X -> ME3600 and access(pop) multiple inner vlans


Thanks for the quick reply - We use service instances quite a bit, but only 
popping first tag, then creating vlan int (for vrf), or PWso fairly basic 
stuff :)

In this circumstance, where we would receive vlan 800 as outer tag, and we want 
to access inner vlans 10,20,30 how would this look under a service instance?

ie.  Something like?

 service instance 800 ethernet
  description description LINK_TO_CARRIER_X_VIA_4500X
  encapsulation dot1q 800 second-dot1q 10,20,30
  rewrite ingress tag pop 2 symmetric
  bridge-domain ?


or a separate service instance and pop inner vlans on each one?

 service instance 800 ethernet
  description description LINK_TO_CARRIER_X_VIA_4500X
  encapsulation dot1q 800 second-dot1q 10
  rewrite ingress tag pop 2 symmetric
  bridge-domain 10

service instance 801 ethernet
  description description LINK_TO_CARRIER_X_VIA_4500X
  encapsulation dot1q 800 second-dot1q 20
  rewrite ingress tag pop 2 symmetric
  bridge-domain 20

Cheers



From: Erik Sundberg 
Sent: Tuesday, 2 February 2016 8:40 PM
To: CiscoNSP List; cisco-nsp@puck.nether.net
Subject: RE: QinQ 4500X -> ME3600 and access(pop) multiple inner vlans

http://www.cisco.com/c/dam/en/us/td/docs/switches/metro/me3600x_3800x/software/design/guide/ME3600x_Design_Guide.pdf

http://www.cisco.com/c/dam/en/us/td/docs/switches/metro/me3600x_3800x/software/design/guide/CE2-0_certification_v1.pdf

http://d2zmdbbm9feqrf.cloudfront.net/2012/usa/pdf/BRKSPG-2209.pdf


You must do switchport commands
Services Instance is just a number, we keep it the same as the VLAN Id Under 
the Service Instance you specify the VLAN ID with endcapsulation dot1q x 
Rewrite ingress Tag POP 1 symmetric  -- This removes the first VLAN Tag on in 
incoming frame, if you do pop 2, it removes the 2 VLAN Tags.

First Example is VPLS with Bridge Domains. Bridge domain ID does not have to 
the same as the VLAN Id Second Example is EoMPLS XConnect

VPLS
--
l2 vfi  VPLS1 manual
 vpn id 41
 bridge-domain 41
 neighbor 1.2.3.4 encapsulation mpls

interface GigabitEthernet0/19
 switchport trunk allowed vlan none
 switchport mode trunk
 mtu 9180

!VPLS Example
 service instance 41 ethernet
  encapsulation dot1q 41
  rewrite ingress tag pop 1 symmetric
  bridge-domain 41

!EoMPLS Example
service instance 117 ethernet
  encapsulation dot1q 117
  rewrite ingress tag pop 1 symmetric
  xconnect 3.4.5.6 275 encapsulation mpls pw-class L2VPN
  xconnect  



I hope this helps.


-Original Message-
From: cisco-nsp [mailto:cisco-nsp-boun...@puck.nether.net] On Behalf Of 
CiscoNSP List
Sent: Tuesday, February 02, 2016 3:28 AM
To: cisco-nsp@puck.nether.net
Subject: [c-nsp] QinQ 4500X -> ME3600 and access(pop) multiple inner vlans

Hi Everyone,


We have an AGG port(Standard trunk port) to a carrier on a 4500X - Port has 
multiple customer vlans for p-t-p eth services.

A service they have released will allow us to connect to azure/office 365 via 
QinQ(Carrier doing QinQ, not us) - i.e. We agree to an outer vlan tag with the 
carrier, and they create QinQ tunnel to azure/office 365...then multiple inner 
vlan tags are agreed to between us/azure for various services over this QinQ 
tunnel.

My question is this:

With our current setup (i.e. 4500X, standard dot1q trunk), we would just tag 
the outer vlan for the carrier to use for the QinQ tunnel 

Re: [c-nsp] NCS-5001 - MPLS L3VPN Issue

[James Bensley]

On 2 February 2016 at 01:46, Aaron  wrote:
> Y'all are a hoot...
>
> My Cisco SE just told me that the base release of this NCS-5001 that I have 
> doesn't support L3VPN until the end of this month.  I'll move on to testing 
> L2VPN til then...
>
> Thanks gents
>
> Aaron


Classic Cisco, they've released something before (what I would
consider to be in this day and age) the most basic/standard features
are working.

IOS-XR is much needed but jesus christ its been buggy as hell for us
on the 9000 series routers.

James.
___
cisco-nsp mailing list  cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/

Re: [c-nsp] QinQ 4500X -> ME3600 and access(pop) multiple inner vlans

[CiscoNSP List]

Thanks for the quick reply - We use service instances quite a bit, but only 
popping first tag, then creating vlan int (for vrf), or PWso fairly basic 
stuff :)

In this circumstance, where we would receive vlan 800 as outer tag, and we want 
to access inner vlans 10,20,30 how would this look under a service instance?

ie.  Something like?

 service instance 800 ethernet
  description description LINK_TO_CARRIER_X_VIA_4500X
  encapsulation dot1q 800 second-dot1q 10,20,30
  rewrite ingress tag pop 2 symmetric
  bridge-domain ?


or a separate service instance and pop inner vlans on each one?

 service instance 800 ethernet
  description description LINK_TO_CARRIER_X_VIA_4500X
  encapsulation dot1q 800 second-dot1q 10
  rewrite ingress tag pop 2 symmetric
  bridge-domain 10

service instance 801 ethernet
  description description LINK_TO_CARRIER_X_VIA_4500X
  encapsulation dot1q 800 second-dot1q 20
  rewrite ingress tag pop 2 symmetric
  bridge-domain 20

Cheers



From: Erik Sundberg 
Sent: Tuesday, 2 February 2016 8:40 PM
To: CiscoNSP List; cisco-nsp@puck.nether.net
Subject: RE: QinQ 4500X -> ME3600 and access(pop) multiple inner vlans

http://www.cisco.com/c/dam/en/us/td/docs/switches/metro/me3600x_3800x/software/design/guide/ME3600x_Design_Guide.pdf

http://www.cisco.com/c/dam/en/us/td/docs/switches/metro/me3600x_3800x/software/design/guide/CE2-0_certification_v1.pdf

http://d2zmdbbm9feqrf.cloudfront.net/2012/usa/pdf/BRKSPG-2209.pdf


You must do switchport commands
Services Instance is just a number, we keep it the same as the VLAN Id
Under the Service Instance you specify the VLAN ID with endcapsulation dot1q x
Rewrite ingress Tag POP 1 symmetric  -- This removes the first VLAN Tag on in 
incoming frame, if you do pop 2, it removes the 2 VLAN Tags.

First Example is VPLS with Bridge Domains. Bridge domain ID does not have to 
the same as the VLAN Id
Second Example is EoMPLS XConnect

VPLS
--
l2 vfi  VPLS1 manual
 vpn id 41
 bridge-domain 41
 neighbor 1.2.3.4 encapsulation mpls

interface GigabitEthernet0/19
 switchport trunk allowed vlan none
 switchport mode trunk
 mtu 9180

!VPLS Example
 service instance 41 ethernet
  encapsulation dot1q 41
  rewrite ingress tag pop 1 symmetric
  bridge-domain 41

!EoMPLS Example
service instance 117 ethernet
  encapsulation dot1q 117
  rewrite ingress tag pop 1 symmetric
  xconnect 3.4.5.6 275 encapsulation mpls pw-class L2VPN
  xconnect  



I hope this helps.


-Original Message-
From: cisco-nsp [mailto:cisco-nsp-boun...@puck.nether.net] On Behalf Of 
CiscoNSP List
Sent: Tuesday, February 02, 2016 3:28 AM
To: cisco-nsp@puck.nether.net
Subject: [c-nsp] QinQ 4500X -> ME3600 and access(pop) multiple inner vlans

Hi Everyone,


We have an AGG port(Standard trunk port) to a carrier on a 4500X - Port has 
multiple customer vlans for p-t-p eth services.

A service they have released will allow us to connect to azure/office 365 via 
QinQ(Carrier doing QinQ, not us) - i.e. We agree to an outer vlan tag with the 
carrier, and they create QinQ tunnel to azure/office 365...then multiple inner 
vlan tags are agreed to between us/azure for various services over this QinQ 
tunnel.

My question is this:

With our current setup (i.e. 4500X, standard dot1q trunk), we would just tag 
the outer vlan for the carrier to use for the QinQ tunnel to azure...this is 
fine, but for us to be able to "access" the inner vlans, Im hoping we can trunk 
this outer vlan to an ME3600, and then pop each inner vlan, and use them as 
needed.Is this possible? ie will the "inner" tags be maintained going 
through the 4500X, and if so, if someone could point me in the direction of 
ME3600 docco that details how to pop the individual inner vlans, it would be 
greatly appreciated.

Eg.

Carriers outer vlan is 800
Inner tags from azure are 10,20,30

Cheers


___
cisco-nsp mailing list  cisco-nsp@puck.nether.net 
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/



CONFIDENTIALITY NOTICE: This e-mail transmission, and any documents, files or 
previous e-mail messages attached to it may contain confidential information 
that is legally privileged. If you are not the intended recipient, or a person 
responsible for delivering it to the intended recipient, you are hereby 
notified that any disclosure, copying, distribution or use of any of the 
information contained in or attached to this transmission is STRICTLY 
PROHIBITED. If you have received this transmission in error please notify the 
sender immediately by replying to this e-mail. You must destroy the original 
transmission and its attachments without reading or saving in any manner. Thank 
you.
___
cisco-nsp mailing list  cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck

Re: [c-nsp] QinQ 4500X -> ME3600 and access(pop) multiple inner vlans

[Erik Sundberg]

http://www.cisco.com/c/dam/en/us/td/docs/switches/metro/me3600x_3800x/software/design/guide/ME3600x_Design_Guide.pdf

http://www.cisco.com/c/dam/en/us/td/docs/switches/metro/me3600x_3800x/software/design/guide/CE2-0_certification_v1.pdf

http://d2zmdbbm9feqrf.cloudfront.net/2012/usa/pdf/BRKSPG-2209.pdf


You must do switchport commands
Services Instance is just a number, we keep it the same as the VLAN Id
Under the Service Instance you specify the VLAN ID with endcapsulation dot1q x
Rewrite ingress Tag POP 1 symmetric  -- This removes the first VLAN Tag on in 
incoming frame, if you do pop 2, it removes the 2 VLAN Tags.

First Example is VPLS with Bridge Domains. Bridge domain ID does not have to 
the same as the VLAN Id
Second Example is EoMPLS XConnect

VPLS
--
l2 vfi  VPLS1 manual
 vpn id 41
 bridge-domain 41
 neighbor 1.2.3.4 encapsulation mpls

interface GigabitEthernet0/19
 switchport trunk allowed vlan none
 switchport mode trunk
 mtu 9180

!VPLS Example
 service instance 41 ethernet
  encapsulation dot1q 41
  rewrite ingress tag pop 1 symmetric
  bridge-domain 41

!EoMPLS Example
service instance 117 ethernet
  encapsulation dot1q 117
  rewrite ingress tag pop 1 symmetric
  xconnect 3.4.5.6 275 encapsulation mpls pw-class L2VPN
  xconnect  



I hope this helps.


-Original Message-
From: cisco-nsp [mailto:cisco-nsp-boun...@puck.nether.net] On Behalf Of 
CiscoNSP List
Sent: Tuesday, February 02, 2016 3:28 AM
To: cisco-nsp@puck.nether.net
Subject: [c-nsp] QinQ 4500X -> ME3600 and access(pop) multiple inner vlans

Hi Everyone,


We have an AGG port(Standard trunk port) to a carrier on a 4500X - Port has 
multiple customer vlans for p-t-p eth services.

A service they have released will allow us to connect to azure/office 365 via 
QinQ(Carrier doing QinQ, not us) - i.e. We agree to an outer vlan tag with the 
carrier, and they create QinQ tunnel to azure/office 365...then multiple inner 
vlan tags are agreed to between us/azure for various services over this QinQ 
tunnel.

My question is this:

With our current setup (i.e. 4500X, standard dot1q trunk), we would just tag 
the outer vlan for the carrier to use for the QinQ tunnel to azure...this is 
fine, but for us to be able to "access" the inner vlans, Im hoping we can trunk 
this outer vlan to an ME3600, and then pop each inner vlan, and use them as 
needed.Is this possible? ie will the "inner" tags be maintained going 
through the 4500X, and if so, if someone could point me in the direction of 
ME3600 docco that details how to pop the individual inner vlans, it would be 
greatly appreciated.

Eg.

Carriers outer vlan is 800
Inner tags from azure are 10,20,30

Cheers


___
cisco-nsp mailing list  cisco-nsp@puck.nether.net 
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/



CONFIDENTIALITY NOTICE: This e-mail transmission, and any documents, files or 
previous e-mail messages attached to it may contain confidential information 
that is legally privileged. If you are not the intended recipient, or a person 
responsible for delivering it to the intended recipient, you are hereby 
notified that any disclosure, copying, distribution or use of any of the 
information contained in or attached to this transmission is STRICTLY 
PROHIBITED. If you have received this transmission in error please notify the 
sender immediately by replying to this e-mail. You must destroy the original 
transmission and its attachments without reading or saving in any manner. Thank 
you.
___
cisco-nsp mailing list  cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/

[c-nsp] QinQ 4500X -> ME3600 and access(pop) multiple inner vlans

[CiscoNSP List]

Hi Everyone,


We have an AGG port(Standard trunk port) to a carrier on a 4500X - Port has 
multiple customer vlans for p-t-p eth services.

A service they have released will allow us to connect to azure/office 365 via 
QinQ(Carrier doing QinQ, not us) - i.e. We agree to an outer vlan tag with the 
carrier, and they create QinQ tunnel to azure/office 365...then multiple inner 
vlan tags are agreed to between us/azure for various services over this QinQ 
tunnel.

My question is this:

With our current setup (i.e. 4500X, standard dot1q trunk), we would just tag 
the outer vlan for the carrier to use for the QinQ tunnel to azure...this is 
fine, but for us to be able to "access" the inner vlans, Im hoping we can trunk 
this outer vlan to an ME3600, and then pop each inner vlan, and use them as 
needed.Is this possible? ie will the "inner" tags be maintained going 
through the 4500X, and if so, if someone could point me in the direction of 
ME3600 docco that details how to pop the individual inner vlans, it would be 
greatly appreciated.

Eg.

Carriers outer vlan is 800
Inner tags from azure are 10,20,30

Cheers


___
cisco-nsp mailing list  cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/

[c-nsp] csr1k as Internet Edge

[Pasquino Andrea]

Hello,

is anybody using Cisco CSV 1K as an Internet router with partial of full route 
? We have a contingency and would like to set up quickly a VM for a single eBGP 
peering with no more than 500M.

Best Regards

Andrea
___
cisco-nsp mailing list  cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/

Re: [c-nsp] NCS-5001 - sweet...got one in the lab

[Gustav Ulander]

Hello Aaron. 

That sounds nice could you give any feedback when you have done some more tests 
with it? 
We are looking at it as a replacement for our 6.5k P boxes. The spec sheet says 
that it would be a good fit but it would be interesting to get your opinion on 
them. :)

//Gustav

-Original Message-
From: cisco-nsp [mailto:cisco-nsp-boun...@puck.nether.net] On Behalf Of Gert 
Doering
Sent: den 2 februari 2016 08:02
To: Aaron
Cc: cisco-nsp@puck.nether.net
Subject: Re: [c-nsp] NCS-5001 - sweet...got one in the lab

Hi,

On Mon, Feb 01, 2016 at 03:52:00PM -0600, Aaron wrote:
> wow, check out the interface names at the bottom of the list, yeah the 
> names that start with "H" !!

So, how's XR 6.0 like?  Is it true that it does no longer support EIGRP?

(The NCS5k feature list lists OSPF, ISIS etc., but EIGRP is suspiciously
missing...)

gert
--
USENET is *not* the non-clickable part of WWW!
   //www.muc.de/~gert/
Gert Doering - Munich, Germany g...@greenie.muc.de
fax: +49-89-35655025g...@net.informatik.tu-muenchen.de
___
cisco-nsp mailing list  cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/

[c-nsp] mplsqos

[samaneh ebrahimi]

Hi
what is difference between topmost exp and exp  on mplsqos ?

 when i want change exp on P1 to P2 (from 5 to 3 ) ,i should use what
command ?

R3(config-pmap-c)#set mpls experimental ?
  <0-7>   Experimental value
  imposition  Set Experimental value at tag imposition
  topmost Set Experimental value on topmost label

CE1PE1P1P2P3PE2CE2

icmp packets from ce1 to ce2 on pe1 marked by ef . packets capture between
PE1 ,P1 that have exp 5 .
I want change exp to 3 from P1 to P2 .then i config policy-map on P1 and
set mpls experimental topmost 3 on it and config on ingress interface.
When capture traffic ,i see pachets have exp 5 .
please have a sulotion for this problem .
Thanks.
___
cisco-nsp mailing list  cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/