[c-nsp] ASR1000 IOS XE / ISG L2 DHCP subscribers
Hi listers, I was wondering if anyone out there has an example config of ISG L2 DHCP subscribers with AAA controlled VRF membership. Happy to pay for it. My next step is TAC. I have a basic setup working with a dynamic VLAN interface and IP pool working with auth to RADIUS. What hasn't worked is getting ISG to listen to Framed-IP or AAA VRF config. I would like to be able to use AAA/RADIUS to direct sessions into a VRF for CGN versus global IP access. Thanks, Mark ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] ACI vs Segment Routing in DC
> Harivishnu Abhilash > Sent: Friday, November 1, 2019 11:45 AM > > Classification:Public > > Hi Guys, > > Anybody has experience of deploying Segment Routing in DC. Have seen its > deployment in WAN. But just couldn't understand its future in DC as ACI is > already an established product in DC... > > Amy thoughts would be great > Well ACI is Cisco specific, Juniper has Contrail, Arista has ..whatever, as you can see each one of these vendor has its own proprietary, DC only, solution along with the whole ecosystem for automation. Now SR in DC is no different to SR in any other MPLS core/WAN. Same as VXLAN or MPLSoUDP/GRE is going to look and feel the same wherever it's deployed. -the difference is only in the vendor's proprietary complete vertical automation stack you'll get with the vendor's solution. (and currently none of the DC automation vertical stacks out there can then be extended to manage your MPLS core or any other parts of your infrastructure.) Comparison of SR vs ACI(VXLAN) on a technical level, VXLAN does not support Traffic-Engineering (TE) (note: service chaining is traffic engineering) VXLAN does not have any solution for mice vs elephant flows (no support for TE) VXLAN does not have any solution for micro-segmentation (the answer is use lengthy access-lists like in 90's -but this time around ACLs are automated so don't worry ) VXLAN to MPLS interface is clumsy to say at least. - In MPLS networks all the above is solved with the use of MPLS labels. adam ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] Cisco 4000 series (4461) as a BGP router?
On Wed, Nov 06, 2019 at 01:45:55PM -, adamv0...@netconsultings.com wrote: > I find that the 9901 being entry level is quite high. There is the 120Gbps > license but the device itself is quite heavy and large and the power > consumption more than the 9001. I think the success of the ASR920 shows that > small size and low power usage are highly valued. Agreed. This is our biggest gripe also. At least we've found that power consumption in practice is not as bad as datasheet says (practical usage in most scenario seems to be between 450 to 600 W), but it is also DEEP as if it is some data center box (I guess it is..). Field guys used to working in telco environments hate it (where as 9001 was more in line with traditional telco style field deployment). Other than the big footprint requirement, definitely loving the ASR9901s so far out in the field. It's quite a big hammer, but so far has been a very stable workhorse. > > NCS540 is your XR answer then, as a successor of ASR920, but it's Broadcom > inside. > Alternatively MX204. NCS540 definitely ain't it for us. Oh and with NCS 540, you are required to buy subscription license to deploy the box -- last I checked, there is no option to deploy NCS 540 with a perpetual license. Not a big fan of recurring subscription schemes for access network elements, so that's another reason NCS540 will never see the light of day in our setup. James ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] Cisco 4000 series (4461) as a BGP router?
From: Ivan Walker Sent: Thursday, October 31, 2019 6:17 PM > That’s true of course. 9901 would be better entry-level choice with > years in front of it. I find that the 9901 being entry level is quite high. There is the 120Gbps license but the device itself is quite heavy and large and the power consumption more than the 9001. I think the success of the ASR920 shows that small size and low power usage are highly valued. I would love to see a smaller option - just a single NPU, maybe 1RU, and half the power usage. This would give a much more fitting entry level model and allow users to push out the ASR99xx 64bit xr model to smaller sites where the ASR9901 is just too big . NCS540 is your XR answer then, as a successor of ASR920, but it's Broadcom inside. Alternatively MX204. adam ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] new ASR9901 ios update problem
On 6/Nov/19 10:34, Gert Doering wrote: > Even if IOS XR were absolutely perfect and Cisco pricing and trade > negotiations would have less of a turkish bazaar, there'd still be the > zillion other sources of amusement in-house, like Nexus, Meraki, annual > license fees, etc. :-) Oh hell yeah :-)... Mark. signature.asc Description: OpenPGP digital signature ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] new ASR9901 ios update problem
Hi, On Wed, Nov 06, 2019 at 10:29:00AM +0200, Mark Tinka wrote: > On 6/Nov/19 10:16, Erik Sundberg wrote: > > I have hope that one day the Cisco gods will discover "apt update; apt > > upgrade" and all this sorcery that we need for an upgrade will become a > > thing of the past. > > And having nothing to moan about? c-nsp would whither into oblivion :-). Even if IOS XR were absolutely perfect and Cisco pricing and trade negotiations would have less of a turkish bazaar, there'd still be the zillion other sources of amusement in-house, like Nexus, Meraki, annual license fees, etc. :-) gert -- "If was one thing all people took for granted, was conviction that if you feed honest figures into a computer, honest figures come out. Never doubted it myself till I met a computer with a sense of humor." Robert A. Heinlein, The Moon is a Harsh Mistress Gert Doering - Munich, Germany g...@greenie.muc.de signature.asc Description: PGP signature ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] new ASR9901 ios update problem
On 6/Nov/19 10:16, Erik Sundberg wrote: > I have hope that one day the Cisco gods will discover "apt update; apt > upgrade" and all this sorcery that we need for an upgrade will become a thing > of the past. And having nothing to moan about? c-nsp would whither into oblivion :-). Mark. ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] new ASR9901 ios update problem
Hi, On Wed, Nov 06, 2019 at 08:16:23AM +, Erik Sundberg wrote: > I have hope that one day the Cisco gods will discover "apt update; apt > upgrade" and all this sorcery that we need for an upgrade will become a thing > of the past. Even that is way too complicated and error-prone if you want to do large upgrades. Give me a "copy http://$image flash:" any day... It's not even overly hard to do that with a proper filesystem underneath *and* per-component upgrades - mount the image read-only, mount a read-write section of the flash on top of it (overlay), install all the hotfixes to the overlay, and if the underlay is upgraded, wipe the overlay at the next reboot. Done. Yes, there are scenarios where this is not as flexible as what XR offers today... but hey, I trade a bit of flexibility against extensive nightmares every day. gert -- "If was one thing all people took for granted, was conviction that if you feed honest figures into a computer, honest figures come out. Never doubted it myself till I met a computer with a sense of humor." Robert A. Heinlein, The Moon is a Harsh Mistress Gert Doering - Munich, Germany g...@greenie.muc.de signature.asc Description: PGP signature ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] new ASR9901 ios update problem
I have hope that one day the Cisco gods will discover "apt update; apt upgrade" and all this sorcery that we need for an upgrade will become a thing of the past. From: cisco-nsp on behalf of c...@marenda.net Sent: Saturday, November 2, 2019 10:58 AM To: 'Aaron Gould' ; c...@marenda.net ; cisco-nsp@puck.nether.net Subject: Re: [c-nsp] new ASR9901 ios update problem Thanks fort he flowers, Aaron! Now i got stuck in those patches called SMU. Not only the mentioned time-consuming (each reload takes 15..20 minutes) is boring, But after installing most of the SMUs and ony 5..7 remaining from the bunch of 80+-5 SMUs, the X device tells me on its console port, that the root filesystem is over 80% or more full. LC/0/0/CPU0:Nov 2 12:47:56.505 CET: resmon[290]: %HA-HA_WD-3-DISK_ALARM_ALERT : A monitored device / ( rootfs:/ ) is above 80% utilization. Current utilization = 80. Please remove unwanted user files and configuration rollback points. Googling for this i found https://www.cisco.com/c/en/us/support/docs/ios-nx-os-software/ios-xr-software/116332-maintain-ios-xr-smu-00.html [...] Bootflash is above 80% utilization The following message may appear after SMU installation. RP/0/RSP0/CPU0:Jul 9 17:40:37.959 : wdsysmon[447]: %HA-HA_WD-4-DISK_WARN : A monitored device /bootflash: is above 80% utilization. Current utilization = 89. Please remove unwanted user files and configuration rollback points. This message can be safely ignored. As per design it is expected that IOS-XR will keep up to two MBIs on the bootflash following SMU install(s). At subsequent SMU install(s), if the bootflash space required by the new package(s) is not available, IOS-XR will clean up automatically old MBIs to make space for the new MBI package. [...] So i did continue and no it is 99-100% full, "install add source ..." works but "install activate ..." aborts. I do not have "userfiles" on it, i did but the ios,tar,smu's onto "harddisk:" . I did not find any hint how to make space there, i tried "clear configuration commits oldest 100" "install remove inactive all synchronous" But this did not help. #show install log 250 detail Sat Nov 2 12:56:50.744 CET Nov 02 09:56:57 Install operation 250 started by jm: install activate id 249 Nov 02 09:56:57 Package list: Nov 02 09:56:57 asr9k-mgbl-x64-2.0.0.4-r653.CSCvr46090.x86_64 Nov 02 09:57:01 Action 1: install prepare action started Nov 02 09:57:03 Install operation will continue in the background Nov 02 09:57:03 The prepared software is set to be activated with process restart Nov 02 09:57:47 Start preparing software for local installation Nov 02 09:57:59 Action 1: install prepare action completed successfully Nov 02 09:58:00 Action 2: install activate action started Nov 02 09:58:00 The software will be activated with process restart Nov 02 09:58:01 Activating XR packages Nov 02 09:59:12 Node 0/RSP0/CPU0 encountered error(s) during operation. Please check 'show install log 250 detail' for error details Nov 02 09:59:12 Error stack for location 0/RSP0/CPU0 1# Available disk space(including additional buffer 104857600) 215699456 is not sufficient for rpm installation of archive size 110199132 2# failed to load files from ldpath (new) Please collect 'show tech-support install one-showtech' from XR and 'show tech-support ctrace' from Admin and pass this information to your TAC representative for support. Nov 02 09:59:12 Agent on the lead has err'ed during SWC_BEGIN Aborting the operation Nov 02 09:59:12 Action 2: install activate action aborted Nov 02 10:00:21 Install operation 250 aborted Nov 02 10:00:21 Ending operation 250 I submitted the output from 'show tech-support install one-showtech' to my TAC case But i have not found out how to move the "admin'show tech-support ctrace'" output out of the box. Looks like admin-harddisk: is not the same as harddisk: and also admin copy does not know ftp as destination (and i believe it will not work with my mgmt-vrf, ip information is a stange 192.168.0.4 not my mgmt-ip, ) Very very strange ☹ BTW, When i was at the approx. 80% SMU installation point, i got the hint from tac that i can untar the SMUs, and bundle them (without the .txt files) in one tape-archive to get it installed faster. Way too late after 3 days of work Looks that the documentation on how to upgrade the box has never been tested (and in/output captured) and also, no-one had ever tried to add all recommended patches. Any idea on what is blocking space on / and can be removed ? Repartiion and install from scratch ? RMA it and get a refurbished device with scratches instead of this expensive brand new garbage ? I am also a little bit afraid on using such a thing for production., Thought version 6.5 would be