Re: [c-nsp] Route Leaking (GRT<-> VRF)

2018-04-30 Thread CiscoNSP List 
Thanks Phil - This is on XE - Yes, I did check with source int (Int that was in 
the VRF), and behaviour was the same...Im not missing anything obvious in the 
leaking config that you can see?  There's basically just the 2 import/export 
unicast lines needed (Plus route-map etc).one thing I have just noticed is 
that the GRT prefixes are in the VRF correctly(prefix length's, and states 
imported path from xx.xxx.xx.xx/xx (global), but the VRF prefixes are not in 
the global table - Just the supernet(s) is(And no reference to the 
VRF.Hmm...maybe import is working, but export isnt?




From: Phil Bedard <phil...@gmail.com>
Sent: Tuesday, 1 May 2018 6:15 AM
To: CiscoNSP List; cisco-nsp NSP
Subject: Re: [c-nsp] Route Leaking (GRT<-> VRF)

This is regular IOS?  Be careful where you are sourcing the pings from, since 
it's intermittent it could be sourcing them from somewhere you aren't expecting 
and doesn't have reachability between VRF/Global.

Phil
On 4/29/18, 6:30 AM, "cisco-nsp on behalf of CiscoNSP List" 
<cisco-nsp-boun...@puck.nether.net on behalf of cisconsp_l...@hotmail.com> 
wrote:

Hi,


(Apologies in advance, rather long post)

Have setup a peering vrf to test route leaking (GRT<->VRF)

For the route leaking, added the following to two PEs (Both having a vrf 
interface on them) vrf definition:

 address-family ipv4
  import ipv4 unicast 1 map RP_TEST_PREFIXES_GRT
  export ipv4 unicast 1 map RP_TEST_PEERING_PARTNERS_PREFIXES_VRF

#sh run | sec route-map RP_TEST_PREFIXES_GRT
route-map RP_TEST_PREFIXES_GRT permit 10
 match community CL_GRT_TEST_PREFIXES

#sh run | include CL_GRT_TEST_PREFIXES
ip community-list standard CL_GRT_TEST_PREFIXES permit N:1301

#sh run | sec route-map RP_TEST_PEERING_PARTNERS_PREFIXES_VRF
route-map RP_TEST_PEERING_PARTNERS_PREFIXES_VRF permit 10
 match community CL_TEST_PEERING_PARTNERS_PREFIXES_VRF

#sh run | include CL_TEST_PEERING_PARTNERS_PREFIXES_VRF
ip community-list standard CL_TEST_PEERING_PARTNERS_PREFIXES_VRF permit 
N:4000

Both PEs are able to reach VRF IPs on the remote PE (And themselves)
Both PEs are able to reach GRT IPs on themselves (From VRF), but are unable 
to reach "some" GRT IPs on the remote PE

(And in GRT)

I originally thought it was IGP in GRT(It carries our PEs loops) - Those 
Loops have RIB failure on our PEs as IGP(OSPF) is

preferred over BGP.So I thought the RIB failure was somehow being 
"copied" into the VRF when route leaking occurred, and

Next Hop for remote routes wasnt reachable...but the more prefixes in 
Global I tested, it became clear that next hop was

"ok"...well for some destinations anyway.The current situation is that 
if I test from both PEs to an IP in our GRT, some work,

some dont, some work on one PE, but not the other??

A sample of one remote IP that works on one of the PE's but not on the 
otherIve been staring at this for way too long, but I

cant see anything glaringly obvious(different) between what PE_A "sees" vs 
PE_Band what could eb causing one to fail to

reach the remote IPhopefully somebody has suggestions on where to go 
from here.

Cheers



### PE Test for remote GRT IP that works from one PE, but not the other:





Remote IP:  XXX.YYY.ZZ.186  (Loopback of another PE)


From PE "A" with Peering VRF setup

Ping fails:

VRF:

#ping vrf TEST_PEERING XXX.YYY.ZZ.186
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to XXX.YYY.ZZ.186, timeout is 2 seconds:
.
Success rate is 0 percent (0/5)

GRT:

#ping XXX.YYY.ZZ.186
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to XXX.YYY.ZZ.186, timeout is 2 seconds:
!
Success rate is 100 percent (5/5), round-trip min/avg/max = 24/24/28 ms

VRF BGP table:

#sh ip bgp vpnv4 vrf TEST_PEERING XXX.YYY.ZZ.186
BGP routing table entry for XXX.YYY.ZZ.130:4000:XXX.YYY.ZZ.186/32, version 
1460495
BGP Bestpath: compare-routerid
Paths: (4 available, best #4, table TEST_PEERING)
  Additional-path-install
  Not advertised to any peer
  Refresh Epoch 2
  Local, (received & used), imported path from XXX.YYY.ZZ.186/32 (global)
XXX.YYY.ZZ.186 (metric 7) (via default) from XXX.YYY.ZZ.213 
(XXX.YYY.ZZ.213)
  Origin incomplete, metric 0, localpref 100, valid, internal, 
no-import, no-import
  Community: N:1000 N:1301 N:12000
  Originator: XXX.YYY.ZZ.186, Cluster list: 0.0.0.1
  rx pathid: 0, tx pathid: 0
  Refresh Epoch 2
  Local, (received & used), imported path from XXX.YYY.ZZ.186/32 (global)
XXX.YYY.ZZ.186 (metric 7) (via default) from XXX.YYY.ZZ.212 
(XXX.YYY.ZZ.212)
  Origin incomplete, metric 0, loca

[c-nsp] Route Leaking (GRT<-> VRF)

2018-04-29 Thread CiscoNSP List 
Hi,


(Apologies in advance, rather long post)

Have setup a peering vrf to test route leaking (GRT<->VRF)

For the route leaking, added the following to two PEs (Both having a vrf 
interface on them) vrf definition:

 address-family ipv4
  import ipv4 unicast 1 map RP_TEST_PREFIXES_GRT
  export ipv4 unicast 1 map RP_TEST_PEERING_PARTNERS_PREFIXES_VRF

#sh run | sec route-map RP_TEST_PREFIXES_GRT
route-map RP_TEST_PREFIXES_GRT permit 10
 match community CL_GRT_TEST_PREFIXES

#sh run | include CL_GRT_TEST_PREFIXES
ip community-list standard CL_GRT_TEST_PREFIXES permit N:1301

#sh run | sec route-map RP_TEST_PEERING_PARTNERS_PREFIXES_VRF
route-map RP_TEST_PEERING_PARTNERS_PREFIXES_VRF permit 10
 match community CL_TEST_PEERING_PARTNERS_PREFIXES_VRF

#sh run | include CL_TEST_PEERING_PARTNERS_PREFIXES_VRF
ip community-list standard CL_TEST_PEERING_PARTNERS_PREFIXES_VRF permit 
N:4000

Both PEs are able to reach VRF IPs on the remote PE (And themselves)
Both PEs are able to reach GRT IPs on themselves (From VRF), but are unable to 
reach "some" GRT IPs on the remote PE

(And in GRT)

I originally thought it was IGP in GRT(It carries our PEs loops) - Those Loops 
have RIB failure on our PEs as IGP(OSPF) is

preferred over BGP.So I thought the RIB failure was somehow being "copied" 
into the VRF when route leaking occurred, and

Next Hop for remote routes wasnt reachable...but the more prefixes in Global I 
tested, it became clear that next hop was

"ok"...well for some destinations anyway.The current situation is that if I 
test from both PEs to an IP in our GRT, some work,

some dont, some work on one PE, but not the other??

A sample of one remote IP that works on one of the PE's but not on the 
otherIve been staring at this for way too long, but I

cant see anything glaringly obvious(different) between what PE_A "sees" vs 
PE_Band what could eb causing one to fail to

reach the remote IPhopefully somebody has suggestions on where to go from 
here.

Cheers



### PE Test for remote GRT IP that works from one PE, but not the other:





Remote IP:  XXX.YYY.ZZ.186  (Loopback of another PE)


>From PE "A" with Peering VRF setup

Ping fails:

VRF:

#ping vrf TEST_PEERING XXX.YYY.ZZ.186
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to XXX.YYY.ZZ.186, timeout is 2 seconds:
.
Success rate is 0 percent (0/5)

GRT:

#ping XXX.YYY.ZZ.186
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to XXX.YYY.ZZ.186, timeout is 2 seconds:
!
Success rate is 100 percent (5/5), round-trip min/avg/max = 24/24/28 ms

VRF BGP table:

#sh ip bgp vpnv4 vrf TEST_PEERING XXX.YYY.ZZ.186
BGP routing table entry for XXX.YYY.ZZ.130:4000:XXX.YYY.ZZ.186/32, version 
1460495
BGP Bestpath: compare-routerid
Paths: (4 available, best #4, table TEST_PEERING)
  Additional-path-install
  Not advertised to any peer
  Refresh Epoch 2
  Local, (received & used), imported path from XXX.YYY.ZZ.186/32 (global)
XXX.YYY.ZZ.186 (metric 7) (via default) from XXX.YYY.ZZ.213 (XXX.YYY.ZZ.213)
  Origin incomplete, metric 0, localpref 100, valid, internal, no-import, 
no-import
  Community: N:1000 N:1301 N:12000
  Originator: XXX.YYY.ZZ.186, Cluster list: 0.0.0.1
  rx pathid: 0, tx pathid: 0
  Refresh Epoch 2
  Local, (received & used), imported path from XXX.YYY.ZZ.186/32 (global)
XXX.YYY.ZZ.186 (metric 7) (via default) from XXX.YYY.ZZ.212 (XXX.YYY.ZZ.212)
  Origin incomplete, metric 0, localpref 100, valid, internal, no-import, 
no-import
  Community: N:1000 N:1301 N:12000
  Originator: XXX.YYY.ZZ.186, Cluster list: 0.0.0.1
  rx pathid: 0, tx pathid: 0
  Refresh Epoch 2
  Local, (received & used), imported path from XXX.YYY.ZZ.186/32 (global)
XXX.YYY.ZZ.186 (metric 7) (via default) from XXX.YYY.ZZ.205 (XXX.YYY.ZZ.205)
  Origin incomplete, metric 0, localpref 100, valid, internal, no-import, 
no-import
  Community: N:1000 N:1301 N:12000
  Originator: XXX.YYY.ZZ.186, Cluster list: 0.0.0.2
  rx pathid: 0, tx pathid: 0
  Refresh Epoch 2
  Local, (received & used), imported path from XXX.YYY.ZZ.186/32 (global)
XXX.YYY.ZZ.186 (metric 7) (via default) from XXX.YYY.ZZ.204 (XXX.YYY.ZZ.204)
  Origin incomplete, metric 0, localpref 100, valid, internal, no-import, 
no-import, best
  Community: N:1000 N:1301 N:12000
  Originator: XXX.YYY.ZZ.186, Cluster list: 0.0.0.2
  rx pathid: 0, tx pathid: 0x0

GRT BGP:

#sh ip bgp XXX.YYY.ZZ.186
BGP routing table entry for XXX.YYY.ZZ.186/32, version 493438
BGP Bestpath: compare-routerid
Paths: (4 available, best #1, table default, RIB-failure(17))
  Additional-path-install
  Not advertised to any peer
  Refresh Epoch 2
  Local, (received & used)
XXX.YYY.ZZ.186 (metric 7) from XXX.YYY.ZZ.204 (XXX.YYY.ZZ.204)
  Origin incomplete, metric 0, localpref 100, valid, internal, 
af-export(1), best
  Community: N:1000 N:1301

Re: [c-nsp] Redistributed connected / static prefixes to upstream and set as-path prepend

2017-12-01 Thread CiscoNSP List 

Apologies - I did resolve this, but neglected to post to listsoft bgp 
reset, I saw no as prepends on carriers looking glass, same with hard reset 
(Hence I thought it was caused by origin (grasping at straws  )) - I ended up 
shutting down the peering session, then activating it, and the AS Prepends 
miraculously showed up in carriers looking glassfun 



From: Florin Florian <florin.flor...@gmail.com>
Sent: Thursday, 2 November 2017 5:55 AM
To: CiscoNSP List
Cc: cisco-nsp@puck.nether.net
Subject: Re: [c-nsp] Redistributed connected / static prefixes to upstream and 
set as-path prepend


Hi,

You have to use the "ip bgp-community new-format" in order to see the community 
in the format.

You should try to configure "neighbor x.x.x.x send-community" for the community 
to be sent to the peer (upstream provider in this case).

Setting it in the route-map alone will not do it.

Regards

On Wed, Oct 25, 2017 at 1:24 AM, CiscoNSP List 
<cisconsp_l...@hotmail.com<mailto:cisconsp_l...@hotmail.com>> wrote:
Hi,

We are redistributing our own prefixes via iBGP with redist connected + static 
with route-map :

router bgp 
 address-family ipv4
  redistribute connected route-map OUR_RANGES
  redistribute static route-map OUR_RANGES

route-map OUR_RANGES permit 10
 match ip address prefix-list PL_OUR_RANGES
 set community :1000 :1301 :14000


ip prefix-list PL_OUR_RANGES seq 5 permit XXX.XXX.XXX.0/20 le 32


Which is working fine - but advertisement of the aggregate/supernet to our 
upstreams is not allowing prepending of as? (Have performed clear ip bgp nei_ip)


Is it because the prefixes are seen as Origin incomplete vs Origin IGP?


router bgp 
 address-family ipv4
  neighbor UPSTREAM_A_IPTRANSIT route-map UPSTREAM_A_OUT_OUT out


route-map UPSTREAM_A_OUT_OUT permit 30
 match ip address prefix-list PL_OUR_PREFIXES_OUT
 set as-path prepend 


#sh ip bgp neighbors  WWW.WWW.WWW. advertised-routes
 Network  Next HopMetric LocPrf Weight Path
 *>i XXX.XXX.XXX.0/20  YYY.YYY.YYY.218   0100  0 ?


#sh ip bgp route-map UPSTREAM_A_OUT_OUT
 Network  Next HopMetric LocPrf Weight Path
 * i XXX.XXX.XXX.0/20  YYY.YYY.YYY.217   0100  0 ?
 *bi  YYY.YYY.YYY.217   0100  0 ?
 * i  YYY.YYY.YYY.218   0100  0 ?
 *>i  YYY.YYY.YYY.218   0100  0 ?


Thanks in advance.



___
cisco-nsp mailing list  
cisco-nsp@puck.nether.net<mailto:cisco-nsp@puck.nether.net>
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/

___
cisco-nsp mailing list  cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/

Re: [c-nsp] CISCO-AVAGO CISCO-FINISAR etc SFPs

2017-10-31 Thread CiscoNSP List 
Thanks Nick - So they sell competing Optics? i.e They have a "cisco-avago" 
SFP-10G-AOC and "cisco" SFP-10G-AOC?-  The cisco-avago being cheap, and 
cisco being 000's? (They couldnt(wouldnt) be doing this?) - lol, No one in 
there right mind would purchase the "cisco" optics ever again?


Cheers



From: Nick Cutting <ncutt...@edgetg.com>
Sent: Wednesday, 1 November 2017 12:12 AM
To: CiscoNSP List; Doug McIntyre
Cc: cisco-nsp@puck.nether.net
Subject: RE: [c-nsp] CISCO-AVAGO CISCO-FINISAR etc SFPs

No, they still rip you off big time.
Just got quoted on a 10g SFP+ singlemode SFP for roughly 70 times more 
expensive than the equivalent component in fiberstore.
I gave the client the option for both -

$40

$2,847.76

And they went with the genuine cisco part, because of our scary disclaimer 
about TAC.

Imagine they needed 10 of these - that’s $400 vs 28,.

Do you chaps just keep a couple of "genuine parts" lying around to quickly 
shove in if you need TAC assistance for a bug?

No one in their right mind can be buying a lot of "genuine" optics in 2017?

-Original Message-
From: cisco-nsp [mailto:cisco-nsp-boun...@puck.nether.net] On Behalf Of 
CiscoNSP List
Sent: Tuesday, October 31, 2017 8:52 AM
To: Doug McIntyre <mer...@geeks.org>
Cc: cisco-nsp@puck.nether.net
Subject: Re: [c-nsp] CISCO-AVAGO CISCO-FINISAR etc SFPs

This Message originated outside your organization.

Thanks - Yes I realize Cisco dont manufacture their own optics (They use 
finisar etc), but all "genuine" Cisco optics Ive seen previously have never had 
the manufacturers name in bold writing on the optic? (Havent purchased genuine 
Cisco optics for a long time - Probably the reason why )


They still sell "cisco" only branded optics for 10 times the price of others?  
Or do they now sell (only) these cheaper co-branded ones to compete?

Thanks


From: Doug McIntyre <mer...@geeks.org>
Sent: Tuesday, 31 October 2017 11:38 PM
To: CiscoNSP List
Cc: cisco-nsp@puck.nether.net
Subject: Re: [c-nsp] CISCO-AVAGO CISCO-FINISAR etc SFPs

On Tue, Oct 31, 2017 at 11:05:10AM +, CiscoNSP List wrote:
> Are the cisco-avago, cisco-finisar "genuine" Cisco optics? i.e TAC
> will provide support if you are using them? Ours were purchased
> through a Cisco disty (As a Cisco part)We are hitting multiple
> issues with them (10G Optic will not initialize in ASR920, 100G give
> no light/power readings in NCS5500)

Cisco OEMs optics from everybody under the sun. If you can show that you bought 
them as Cisco parts, then TAC should be fine dealing with them.
They do use Avago/Finisar parts frequently, and they are labelled as you see 
them.

All hardware is finicky dealing with optics at some point in time. They may 
need to send you another "brand" to deal with your hardware, or they are bad.
TAC should be fine talking to you about it.


___
cisco-nsp mailing list  cisco-nsp@puck.nether.net 
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/
___
cisco-nsp mailing list  cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/

Re: [c-nsp] CISCO-AVAGO CISCO-FINISAR etc SFPs

2017-10-31 Thread CiscoNSP List 
Thanks - Yes I realize Cisco dont manufacture their own optics (They use 
finisar etc), but all "genuine" Cisco optics Ive seen previously have never had 
the manufacturers name in bold writing on the optic? (Havent purchased genuine 
Cisco optics for a long time - Probably the reason why )


They still sell "cisco" only branded optics for 10 times the price of others?  
Or do they now sell (only) these cheaper co-branded ones to compete?

Thanks


From: Doug McIntyre <mer...@geeks.org>
Sent: Tuesday, 31 October 2017 11:38 PM
To: CiscoNSP List
Cc: cisco-nsp@puck.nether.net
Subject: Re: [c-nsp] CISCO-AVAGO CISCO-FINISAR etc SFPs

On Tue, Oct 31, 2017 at 11:05:10AM +, CiscoNSP List wrote:
> Are the cisco-avago, cisco-finisar "genuine" Cisco optics? i.e TAC will 
> provide support if you are using them? Ours were purchased through a Cisco 
> disty (As a Cisco part)We are hitting multiple issues with them (10G 
> Optic will not initialize in ASR920, 100G give no light/power readings in 
> NCS5500)

Cisco OEMs optics from everybody under the sun. If you can show that
you bought them as Cisco parts, then TAC should be fine dealing with them.
They do use Avago/Finisar parts frequently, and they are labelled as you
see them.

All hardware is finicky dealing with optics at some point in time. They may
need to send you another "brand" to deal with your hardware, or they are bad.
TAC should be fine talking to you about it.


___
cisco-nsp mailing list  cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/

[c-nsp] CISCO-AVAGO CISCO-FINISAR etc SFPs

2017-10-31 Thread CiscoNSP List 
Are the cisco-avago, cisco-finisar "genuine" Cisco optics? i.e TAC will provide 
support if you are using them? Ours were purchased through a Cisco disty (As a 
Cisco part)We are hitting multiple issues with them (10G Optic will not 
initialize in ASR920, 100G give no light/power readings in NCS5500)


I had never encountered them before - They came in Cisco boxes, have Cisco 
sticker on the optics, but also finisar and avago?


Thanks
___
cisco-nsp mailing list  cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/

[c-nsp] Redistributed connected / static prefixes to upstream and set as-path prepend

2017-10-24 Thread CiscoNSP List 
Hi,

We are redistributing our own prefixes via iBGP with redist connected + static 
with route-map :

router bgp 
 address-family ipv4
  redistribute connected route-map OUR_RANGES
  redistribute static route-map OUR_RANGES

route-map OUR_RANGES permit 10
 match ip address prefix-list PL_OUR_RANGES
 set community :1000 :1301 :14000


ip prefix-list PL_OUR_RANGES seq 5 permit XXX.XXX.XXX.0/20 le 32


Which is working fine - but advertisement of the aggregate/supernet to our 
upstreams is not allowing prepending of as? (Have performed clear ip bgp nei_ip)


Is it because the prefixes are seen as Origin incomplete vs Origin IGP?


router bgp 
 address-family ipv4
  neighbor UPSTREAM_A_IPTRANSIT route-map UPSTREAM_A_OUT_OUT out


route-map UPSTREAM_A_OUT_OUT permit 30
 match ip address prefix-list PL_OUR_PREFIXES_OUT
 set as-path prepend 


#sh ip bgp neighbors  WWW.WWW.WWW. advertised-routes
 Network  Next HopMetric LocPrf Weight Path
 *>i XXX.XXX.XXX.0/20  YYY.YYY.YYY.218   0100  0 ?


#sh ip bgp route-map UPSTREAM_A_OUT_OUT
 Network  Next HopMetric LocPrf Weight Path
 * i XXX.XXX.XXX.0/20  YYY.YYY.YYY.217   0100  0 ?
 *bi  YYY.YYY.YYY.217   0100  0 ?
 * i  YYY.YYY.YYY.218   0100  0 ?
 *>i  YYY.YYY.YYY.218   0100  0 ?


Thanks in advance.



___
cisco-nsp mailing list  cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/

Re: [c-nsp] BGP not advertising supernet to RR's

2017-09-28 Thread CiscoNSP List 
Thanks James - Apologies for the top post.


I've tried static route to a loop, and it also matched successfully, but still 
no community tags


Yes - Ive tried clear ip bgp soft out  (And a hard clear also) - Still no luck


I dont see the /20 in sh ip bgp nei xxx adv-routes  (But as I am matching on 
community tags, I dont expect toall the other prefixes within the /20 are 
being advertised)

debug bgp ipv4 etc on RR, I do not see any mention of the /20 (Only smaller 
prefixes (/29,/28,/24 etc)

debugging updates on PE when removal / re-add of supernet:  logs seem to state 
that the prefix is good post re-adding:

Sep 29 2017 00:02:40.276 aest: BGP(0): route 2cc.ccc.ccc.0/20 down
Sep 29 2017 00:02:40.276 aest: BGP: no valid path for 2cc.ccc.ccc.0/20
Sep 29 2017 00:02:40.276 aest: BGP(0): nettable_walker 2cc.ccc.ccc.0/20 no best 
path
Sep 29 2017 00:04:03.860 aest: BGP(0): route 2cc.ccc.ccc.0/20 up
Sep 29 2017 00:04:03.860 aest: BGP(0): route 2cc.ccc.ccc.0/20 up
Sep 29 2017 00:04:03.860 aest: BGP(0): nettable_walker 2cc.ccc.ccc.0/20 route 
sourced locally

...but, still no community tags (And not advertised to any peer)

#sh ip bgp 2cc.ccc.ccc.0 255.255.240.0
BGP routing table entry for 2cc.ccc.ccc.0/20, version 782198
Paths: (1 available, best #1, table Default-IP-Routing-Table)
Flag: 0x820
  Not advertised to any peer
  Local
0.0.0.0 from 0.0.0.0 (2vv.vvv.vvv.vv8)
  Origin IGP, metric 0, localpref 100, weight 32768, valid, sourced, local, 
best


Thanks again for your assistance.




From: cisco-nsp <cisco-nsp-boun...@puck.nether.net> on behalf of James Bensley 
<jwbens...@gmail.com>
Sent: Thursday, 28 September 2017 6:22 PM
To: cisco-nsp@puck.nether.net
Subject: Re: [c-nsp] BGP not advertising supernet to RR's

On 27 September 2017 at 17:44, CiscoNSP List <cisconsp_l...@hotmail.com> wrote:
>
> To answer my own question, I tested this by trying a /22 within the supernet 
> statically routed to a next hop on the routercommunity tags applied 
> correctly, prefix advertised to RR's, so then I tried routing the /22 to 
> Null0 (Expecting it not to work - but it did? Community tags applied/RR 
> advertisement worked).so I tried the supernet again to null0, and again, 
> it didnt get tagged with the correct communities, and no RR 
> advertisement.Need to revisit this again tomorrow, but the route-map / PL 
> "looks" ok to me...matching the /20 le 32 - If the le 32 was the issue, you'd 
> think the /22 would be impacted? I cant see anything else that would be 
> causing the /20 to not get tagged though?
>
>
> Any suggestions are greatly appreciated.

What about when you set the static /20 route to a valid next-hopt IP,
not Null0? (e.g. a static route of a.fake.ip.addr which points to
Null0, and your /20 which points to a.fake.ip.addr).

Have you taken the usual action of performing a "soft clear out" on
the PE or "soft clear in" on the RR?

The /20 to Null0 route, do you see that on the PE in the output of
"show bgp ipv4 uni nei x.x.x.x advertised-routes" ?

If you see the /20 in the "advertised-routes" output, what do you see
on the RR when using "debug bgp ipv4 unicast updates pe.ip.addr.ess"
on the RR? (you will need to "flap" that static route).

If you don't see the /20 on in the "advertised-routes" output, what do
you see on the PE when using "debug bgp ipv4 unicast updates" [1] when
you remove and then re-add the static route, re-triggering the BGP
UPDATE?

Can you capture the BGP UPDATE message on the wire?

Can you replicate this in the lab, have you, what were the result?

Cheers,
James.

[1] Note that this could cause a lot of debugging output
___
cisco-nsp mailing list  cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
cisco-nsp Info Page - 
puck.nether.net<https://puck.nether.net/mailman/listinfo/cisco-nsp>
puck.nether.net
To see the collection of prior postings to the list, visit the cisco-nsp 
Archives. Using cisco-nsp: To post a message to all the list members, send ...



archive at http://puck.nether.net/pipermail/cisco-nsp/
___
cisco-nsp mailing list  cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/

Re: [c-nsp] BGP not advertising supernet to RR's

2017-09-27 Thread CiscoNSP List 

To answer my own question, I tested this by trying a /22 within the supernet 
statically routed to a next hop on the routercommunity tags applied 
correctly, prefix advertised to RR's, so then I tried routing the /22 to Null0 
(Expecting it not to work - but it did? Community tags applied/RR advertisement 
worked).so I tried the supernet again to null0, and again, it didnt get 
tagged with the correct communities, and no RR advertisement.Need to 
revisit this again tomorrow, but the route-map / PL "looks" ok to me...matching 
the /20 le 32 - If the le 32 was the issue, you'd think the /22 would be 
impacted? I cant see anything else that would be causing the /20 to not get 
tagged though?


Any suggestions are greatly appreciated.



From: cisco-nsp <cisco-nsp-boun...@puck.nether.net> on behalf of CiscoNSP List 
<cisconsp_l...@hotmail.com>
Sent: Thursday, 28 September 2017 1:53 AM
To: Mattias Gyllenvarg; cisco-nsp@puck.nether.net
Subject: Re: [c-nsp] BGP not advertising supernet to RR's

Hi,


Thanks for the reply - route-map show its  getting a hit for the supernet (And 
redist statements are not new unfortunately) - The route is in bgp table, and 
being advertised to upstreams.just not to our  RRsI did some further 
checking post identifying the "no community tag" issue - It seems all "other" 
static and connected routes are being tagged with the correct communities (And 
therefore, and being advertised to our RRs(route-map filters based on community 
tag).Ive had a bit of a google, but found nothing (yet)but is this 
"normal" behavior for a Cisco? To not tag static routes to Null0 with 
communities.seems very odd, but all other static routes/and connected are 
being tagged.just not the supernet?


Thanks in advance.



From: Mattias Gyllenvarg <matt...@gyllenvarg.se>
Sent: Tuesday, 26 September 2017 4:32 PM
To: CiscoNSP List; cisco-nsp@puck.nether.net
Subject: Re: [c-nsp] BGP not advertising supernet to RR's

You can test the hits in the route-map with "sh ip bgp route-map G_RANGES" 
and see if it hits correctly.

If the redist statements are new then they will take time to be implemented, 
20min I think for a full BGP rerun. If you are in a hurry, remove and re add 
the route.

Do you receive this route via BGP aswell? Perhaps this is not the best route as 
BGP sees it.

tis 26 sep. 2017 kl 08:10 skrev CiscoNSP List 
<cisconsp_l...@hotmail.com<mailto:cisconsp_l...@hotmail.com>>:
Hi Everyone,


Have a problem with supernet being advertised from an ASR1006 to our RR's - 
Prefix is in the routing table, and in bgp, but the router is only advertising 
smaller prefixes to the RR's (/30,/29, 28 etc)...I

dont *think* its due to the PL (As it should be allowing anything less that 
/32...which it appears to be doing as /30,/29 etc are being advertised?)


Appreciate any assistance.


** Ah - Update, just noticed as I was about to hit send that the supernet is 
not being tagged with any community.smaller prefixes are though? So 
route-map is tagging "some" prefixes within the

supernet?


router bgp 1***6
 address-family ipv4
  redistribute connected route-map G_RANGES
  redistribute static route-map G_RANGES


neighbor xxx.xxx.76.204 route-map TO_ME1_RR out


route-map TO_ME1_RR permit 10
 match community CL_G_RANGES
route-map TO_ME1_RR permit 20
 match community CL_G_CUST_BGP_RANGES
route-map TO_ME1_RR permit 30
 match community CL_DEFAULT_ROUTE


ip community-list standard CL_G_RANGES permit 1***6:1301
ip community-list standard CL_G_RANGES permit 1***6:1302


route-map G_RANGES permit 10
 match ip address prefix-list PL_G_PREFIXES
 set community 1***6:1000 1***6:1301 1***6:11000
route-map G_RANGES permit 20
 match ip address prefix-list PL_N***S_PREFIXES
 set community 1***6:1400


ip prefix-list PL_G_PREFIXES description G _PREFIXES
ip prefix-list PL_G_PREFIXES seq 5 permit xxx.xxx.xxx.xxx.0/20 le 32
ip prefix-list PL_G_PREFIXES seq 10 permit yyy.yyy.yyy.yyy/21 le 32



#sh ip prefix-list PL_G_PREFIXES seq 5
   seq 5 permit xxx.xxx.xxx.xxx.0/20 le 32 (hit count: 4833, refcount: 1)


#sh ip route xxx.xxx.xxx.xxx.0 255.255.240.0
Routing entry for xxx.xxx.xxx.xxx.0/20, supernet
  Known via "static", distance 1, metric 0 (connected)
  Redistributing via bgp 1***6, ospf 100
  Advertised by bgp 1***6 route-map G_RANGES
  Routing Descriptor Blocks:
  * directly connected, via Null0
  Route metric is 0, traffic share count is 1


#sh ip bgp xxx.xxx.xxx.xxx.0 255.255.240.0
BGP routing table entry for xxx.xxx.xxx.xxx.0/20, version 311740657
Paths: (1 available, best #1, table default)
  Advertised to update-groups:
 544552555591
  Refresh Epoch 1
  Local
0.0.0.0 from 0.0.0.0 (xxx.xxx.76.253)
  Origin IGP, me

Re: [c-nsp] BGP not advertising supernet to RR's

2017-09-27 Thread CiscoNSP List 
Hi,


Thanks for the reply - route-map show its  getting a hit for the supernet (And 
redist statements are not new unfortunately) - The route is in bgp table, and 
being advertised to upstreams.just not to our  RRsI did some further 
checking post identifying the "no community tag" issue - It seems all "other" 
static and connected routes are being tagged with the correct communities (And 
therefore, and being advertised to our RRs(route-map filters based on community 
tag).Ive had a bit of a google, but found nothing (yet)but is this 
"normal" behavior for a Cisco? To not tag static routes to Null0 with 
communities.seems very odd, but all other static routes/and connected are 
being tagged.just not the supernet?


Thanks in advance.



From: Mattias Gyllenvarg <matt...@gyllenvarg.se>
Sent: Tuesday, 26 September 2017 4:32 PM
To: CiscoNSP List; cisco-nsp@puck.nether.net
Subject: Re: [c-nsp] BGP not advertising supernet to RR's

You can test the hits in the route-map with "sh ip bgp route-map G_RANGES" 
and see if it hits correctly.

If the redist statements are new then they will take time to be implemented, 
20min I think for a full BGP rerun. If you are in a hurry, remove and re add 
the route.

Do you receive this route via BGP aswell? Perhaps this is not the best route as 
BGP sees it.

tis 26 sep. 2017 kl 08:10 skrev CiscoNSP List 
<cisconsp_l...@hotmail.com<mailto:cisconsp_l...@hotmail.com>>:
Hi Everyone,


Have a problem with supernet being advertised from an ASR1006 to our RR's - 
Prefix is in the routing table, and in bgp, but the router is only advertising 
smaller prefixes to the RR's (/30,/29, 28 etc)...I

dont *think* its due to the PL (As it should be allowing anything less that 
/32...which it appears to be doing as /30,/29 etc are being advertised?)


Appreciate any assistance.


** Ah - Update, just noticed as I was about to hit send that the supernet is 
not being tagged with any community.smaller prefixes are though? So 
route-map is tagging "some" prefixes within the

supernet?


router bgp 1***6
 address-family ipv4
  redistribute connected route-map G_RANGES
  redistribute static route-map G_RANGES


neighbor xxx.xxx.76.204 route-map TO_ME1_RR out


route-map TO_ME1_RR permit 10
 match community CL_G_RANGES
route-map TO_ME1_RR permit 20
 match community CL_G_CUST_BGP_RANGES
route-map TO_ME1_RR permit 30
 match community CL_DEFAULT_ROUTE


ip community-list standard CL_G_RANGES permit 1***6:1301
ip community-list standard CL_G_RANGES permit 1***6:1302


route-map G_RANGES permit 10
 match ip address prefix-list PL_G_PREFIXES
 set community 1***6:1000 1***6:1301 1***6:11000
route-map G_RANGES permit 20
 match ip address prefix-list PL_N***S_PREFIXES
 set community 1***6:1400


ip prefix-list PL_G_PREFIXES description G _PREFIXES
ip prefix-list PL_G_PREFIXES seq 5 permit xxx.xxx.xxx.xxx.0/20 le 32
ip prefix-list PL_G_PREFIXES seq 10 permit yyy.yyy.yyy.yyy/21 le 32



#sh ip prefix-list PL_G_PREFIXES seq 5
   seq 5 permit xxx.xxx.xxx.xxx.0/20 le 32 (hit count: 4833, refcount: 1)


#sh ip route xxx.xxx.xxx.xxx.0 255.255.240.0
Routing entry for xxx.xxx.xxx.xxx.0/20, supernet
  Known via "static", distance 1, metric 0 (connected)
  Redistributing via bgp 1***6, ospf 100
  Advertised by bgp 1***6 route-map G_RANGES
  Routing Descriptor Blocks:
  * directly connected, via Null0
  Route metric is 0, traffic share count is 1


#sh ip bgp xxx.xxx.xxx.xxx.0 255.255.240.0
BGP routing table entry for xxx.xxx.xxx.xxx.0/20, version 311740657
Paths: (1 available, best #1, table default)
  Advertised to update-groups:
 544552555591
  Refresh Epoch 1
  Local
0.0.0.0 from 0.0.0.0 (xxx.xxx.76.253)
  Origin IGP, metric 0, localpref 100, weight 32768, valid, sourced, local, 
best
  rx pathid: 0, tx pathid: 0x0


#sh ip bgp neighbors xxx.xxx.76.204 advertised-routes

 *>  xxx.xxx.xxx.xxx.32/30 0.0.0.0  0 32768 ?
 *>  xxx.xxx.xxx.xxx.40/30 0.0.0.0  0 32768 ?
 *>  xxx.xxx.xxx.xxx.72/29 xxx.xxx.xxx.xxx.900 32768 ?
 *>  xxx.xxx.xxx.xxx.88/30 0.0.0.0  0 32768 ?
 *>  xxx.xxx.xxx.xxx.100/30
   0.0.0.0  0 32768 ?
 Network  Next HopMetric LocPrf Weight Path
 *>  xxx.xxx.xxx.xxx.112/28
   xxx.xxx.78.230   0 32768 ?
 *>  xxx.xxx.xxx.xxx.136/30
   xxx.xxx.78.230   0 32768 ?
 *>  xxx.xxx.xxx.xxx.164/30
   xxx.xxx.xxx.xxx.102   0 32768 ?


Thanks


___
cisco-nsp mailing list  
cisco-nsp@puck.nether.net<mailto:cisco-nsp@puck.nether.net>
http

[c-nsp] BGP not advertising supernet to RR's

2017-09-26 Thread CiscoNSP List 
Hi Everyone,


Have a problem with supernet being advertised from an ASR1006 to our RR's - 
Prefix is in the routing table, and in bgp, but the router is only advertising 
smaller prefixes to the RR's (/30,/29, 28 etc)...I

dont *think* its due to the PL (As it should be allowing anything less that 
/32...which it appears to be doing as /30,/29 etc are being advertised?)


Appreciate any assistance.


** Ah - Update, just noticed as I was about to hit send that the supernet is 
not being tagged with any community.smaller prefixes are though? So 
route-map is tagging "some" prefixes within the

supernet?


router bgp 1***6
 address-family ipv4
  redistribute connected route-map G_RANGES
  redistribute static route-map G_RANGES


neighbor xxx.xxx.76.204 route-map TO_ME1_RR out


route-map TO_ME1_RR permit 10
 match community CL_G_RANGES
route-map TO_ME1_RR permit 20
 match community CL_G_CUST_BGP_RANGES
route-map TO_ME1_RR permit 30
 match community CL_DEFAULT_ROUTE


ip community-list standard CL_G_RANGES permit 1***6:1301
ip community-list standard CL_G_RANGES permit 1***6:1302


route-map G_RANGES permit 10
 match ip address prefix-list PL_G_PREFIXES
 set community 1***6:1000 1***6:1301 1***6:11000
route-map G_RANGES permit 20
 match ip address prefix-list PL_N***S_PREFIXES
 set community 1***6:1400


ip prefix-list PL_G_PREFIXES description G _PREFIXES
ip prefix-list PL_G_PREFIXES seq 5 permit xxx.xxx.xxx.xxx.0/20 le 32
ip prefix-list PL_G_PREFIXES seq 10 permit yyy.yyy.yyy.yyy/21 le 32



#sh ip prefix-list PL_G_PREFIXES seq 5
   seq 5 permit xxx.xxx.xxx.xxx.0/20 le 32 (hit count: 4833, refcount: 1)


#sh ip route xxx.xxx.xxx.xxx.0 255.255.240.0
Routing entry for xxx.xxx.xxx.xxx.0/20, supernet
  Known via "static", distance 1, metric 0 (connected)
  Redistributing via bgp 1***6, ospf 100
  Advertised by bgp 1***6 route-map G_RANGES
  Routing Descriptor Blocks:
  * directly connected, via Null0
  Route metric is 0, traffic share count is 1


#sh ip bgp xxx.xxx.xxx.xxx.0 255.255.240.0
BGP routing table entry for xxx.xxx.xxx.xxx.0/20, version 311740657
Paths: (1 available, best #1, table default)
  Advertised to update-groups:
 544552555591
  Refresh Epoch 1
  Local
0.0.0.0 from 0.0.0.0 (xxx.xxx.76.253)
  Origin IGP, metric 0, localpref 100, weight 32768, valid, sourced, local, 
best
  rx pathid: 0, tx pathid: 0x0


#sh ip bgp neighbors xxx.xxx.76.204 advertised-routes

 *>  xxx.xxx.xxx.xxx.32/30 0.0.0.0  0 32768 ?
 *>  xxx.xxx.xxx.xxx.40/30 0.0.0.0  0 32768 ?
 *>  xxx.xxx.xxx.xxx.72/29 xxx.xxx.xxx.xxx.900 32768 ?
 *>  xxx.xxx.xxx.xxx.88/30 0.0.0.0  0 32768 ?
 *>  xxx.xxx.xxx.xxx.100/30
   0.0.0.0  0 32768 ?
 Network  Next HopMetric LocPrf Weight Path
 *>  xxx.xxx.xxx.xxx.112/28
   xxx.xxx.78.230   0 32768 ?
 *>  xxx.xxx.xxx.xxx.136/30
   xxx.xxx.78.230   0 32768 ?
 *>  xxx.xxx.xxx.xxx.164/30
   xxx.xxx.xxx.xxx.102   0 32768 ?


Thanks


___
cisco-nsp mailing list  cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/

Re: [c-nsp] OSPF equal cost load balancing

2017-09-02 Thread CiscoNSP List 
Just a quick update to this - Was in the process of converting 2 of the links 
to a port-chan (Removed IP address from the  port taking majority of the 
traffic (gi0/0/20), and noticed it started lad-balancing over the now "3" ECMP 
links far better:


sh interfaces gigabitEthernet 0/0/21 | include 30 sec
  30 second input rate 33251000 bits/sec, 8355 packets/sec
  30 second output rate 265517000 bits/sec, 30692 packets/sec
#sh interfaces gigabitEthernet 0/0/22 | include 30 sec
  30 second input rate 26199000 bits/sec, 4643 packets/sec
  30 second output rate 84239000 bits/sec, 13864 packets/sec
#sh interfaces gigabitEthernet 0/0/23 | include 30 sec
  30 second input rate 12839000 bits/sec, 3794 packets/sec
  30 second output rate 56293000 bits/sec, 7668 packets/sec


As soon as I re-add the 4th port, balancing goes to crap again, and all is sent 
via gi0/0/20:


#sh interfaces gigabitEthernet 0/0/20 | include 30 sec
  30 second input rate 16863000 bits/sec, 5516 packets/sec
  30 second output rate 405225000 bits/sec, 52284 packets/sec
#sh interfaces gigabitEthernet 0/0/21 | include 30 sec
  30 second input rate 26944000 bits/sec, 4450 packets/sec
  30 second output rate 3366000 bits/sec, 417 packets/sec
#sh interfaces gigabitEthernet 0/0/22 | include 30 sec
  30 second input rate 17212000 bits/sec, 3911 packets/sec
  30 second output rate 6943000 bits/sec, 866 packets/sec
#sh interfaces gigabitEthernet 0/0/23 | include 30 sec
  30 second input rate 20943000 bits/sec, 4190 packets/sec
  30 second output rate 518000 bits/sec, 94 packets/sec


So, it does not like balancing over 4 links - 3 links is far better.

So, I also tried reducing it to 2 links - And balance is also much better (Not 
perfect, but much better than with 4 links)

sh interfaces gigabitEthernet 0/0/22 | include 30 sec
  30 second input rate 57711000 bits/sec, 8997 packets/sec
  30 second output rate 10994 bits/sec, 20114 packets/sec
sh interfaces gigabitEthernet 0/0/23 | include 30 sec
  30 second input rate 40999000 bits/sec, 9508 packets/sec
  30 second output rate 346398000 bits/sec, 35224 packets/sec

sh interfaces gigabitEthernet 0/0/22 | include 30 sec
  30 second input rate 52511000 bits/sec, 8699 packets/sec
  30 second output rate 126974000 bits/sec, 21239 packets/sec
sh interfaces gigabitEthernet 0/0/23 | include 30 sec
  30 second input rate 3791 bits/sec, 9901 packets/sec
  30 second output rate 334954000 bits/sec, 34687 packets/sec

If it can maintain those type of ratios, I can live with it.why it doesnt 
like 4 ports, and originally didnt like 2 ports, but now appears to balance 
over 2 "better", Id love to know 

Cheers.


From: cisco-nsp <cisco-nsp-boun...@puck.nether.net> on behalf of CiscoNSP List 
<cisconsp_l...@hotmail.com>
Sent: Friday, 1 September 2017 8:55 AM
To: Aaron Gould; 'James Bensley'; cisco-nsp@puck.nether.net
Subject: Re: [c-nsp] OSPF equal cost load balancing

Hmm - It cant be - Its not just to one nexthop that all the traffic is 
headingi.e there are 3 or 4 destination routers (2 ASR1001s, and the ME3600 
(2 of those)...so 4 next-hop addresseswe cant be that unlucky that every 
one of those addresses is being mapped to gi0/0/20...no, just checked, and it 
arbitrarily changes based on src ipbut, that could be just cef 
miss-reporting. very frustrating.



From: cisco-nsp <cisco-nsp-boun...@puck.nether.net> on behalf of CiscoNSP List 
<cisconsp_l...@hotmail.com>
Sent: Friday, 1 September 2017 8:45 AM
To: Aaron Gould; 'James Bensley'; cisco-nsp@puck.nether.net
Subject: Re: [c-nsp] OSPF equal cost load balancing

Thanks Aaronthats what Im going to try shortly.Very strange how cef 
exact route reports it as load sharing, but it obviously isnt.and the 
next-hop link you provided, I have to read, but I think that is what is 
happening...



From: Aaron Gould <aar...@gvtc.com>
Sent: Friday, 1 September 2017 6:37 AM
To: 'CiscoNSP List'; 'James Bensley'; cisco-nsp@puck.nether.net
Subject: RE: [c-nsp] OSPF equal cost load balancing

In my mpls cloud I usually would lag dual gige's together to feed my PE
boxes with more bandwidth.  Worked well for me

-Aaron

___
cisco-nsp mailing list  cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
cisco-nsp Info Page - 
puck.nether.net<https://puck.nether.net/mailman/listinfo/cisco-nsp>
puck.nether.net
To see the collection of prior postings to the list, visit the cisco-nsp 
Archives. Using cisco-nsp: To post a message to all the list members, send ...



cisco-nsp Info Page - 
puck.nether.net<https://puck.nether.net/mailman/listinfo/cisco-nsp>
cisco-nsp Info Page - 
puck.nether.net<https://puck.nether.net/mailman/listinfo/cisco-nsp>
puck.nether.net
To see the collection of prior postings to the list, visi

Re: [c-nsp] OSPF equal cost load balancing

2017-08-31 Thread CiscoNSP List 
Hmm - It cant be - Its not just to one nexthop that all the traffic is 
headingi.e there are 3 or 4 destination routers (2 ASR1001s, and the ME3600 
(2 of those)...so 4 next-hop addresseswe cant be that unlucky that every 
one of those addresses is being mapped to gi0/0/20...no, just checked, and it 
arbitrarily changes based on src ipbut, that could be just cef 
miss-reporting. very frustrating.



From: cisco-nsp <cisco-nsp-boun...@puck.nether.net> on behalf of CiscoNSP List 
<cisconsp_l...@hotmail.com>
Sent: Friday, 1 September 2017 8:45 AM
To: Aaron Gould; 'James Bensley'; cisco-nsp@puck.nether.net
Subject: Re: [c-nsp] OSPF equal cost load balancing

Thanks Aaronthats what Im going to try shortly.Very strange how cef 
exact route reports it as load sharing, but it obviously isnt.and the 
next-hop link you provided, I have to read, but I think that is what is 
happening...



From: Aaron Gould <aar...@gvtc.com>
Sent: Friday, 1 September 2017 6:37 AM
To: 'CiscoNSP List'; 'James Bensley'; cisco-nsp@puck.nether.net
Subject: RE: [c-nsp] OSPF equal cost load balancing

In my mpls cloud I usually would lag dual gige's together to feed my PE
boxes with more bandwidth.  Worked well for me

-Aaron

___
cisco-nsp mailing list  cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
cisco-nsp Info Page - 
puck.nether.net<https://puck.nether.net/mailman/listinfo/cisco-nsp>
puck.nether.net
To see the collection of prior postings to the list, visit the cisco-nsp 
Archives. Using cisco-nsp: To post a message to all the list members, send ...



archive at http://puck.nether.net/pipermail/cisco-nsp/
___
cisco-nsp mailing list  cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/

Re: [c-nsp] OSPF equal cost load balancing

2017-08-31 Thread CiscoNSP List 
Thanks Aaronthats what Im going to try shortly.Very strange how cef 
exact route reports it as load sharing, but it obviously isnt.and the 
next-hop link you provided, I have to read, but I think that is what is 
happening...



From: Aaron Gould <aar...@gvtc.com>
Sent: Friday, 1 September 2017 6:37 AM
To: 'CiscoNSP List'; 'James Bensley'; cisco-nsp@puck.nether.net
Subject: RE: [c-nsp] OSPF equal cost load balancing

In my mpls cloud I usually would lag dual gige's together to feed my PE
boxes with more bandwidth.  Worked well for me

-Aaron

___
cisco-nsp mailing list  cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/

Re: [c-nsp] OSPF equal cost load balancing

2017-08-31 Thread CiscoNSP List 
LETE(0)   Address: YYY.YYY.230.102
  Interface: GigabitEthernet0/0/23   Protocol: TAG
  mtu:9100, flags:0x0, fixups:0x0, encap_len:14
  Handles (adj_id:0x008f) (PI:0x10648c80) (PD:0x11b41688)
  Rewrite Str: 34:62:88:2a:49:d8:00:a6:ca:cf:2c:97:88:47

  HW Info:
FID index: 0x6063EL3 index: 0x1018EL2 index: 0x
El2RW: 0x010cMET index: 0x0003202aEAID : 0x1011
HW ADJ FLAGS: 0x40
Hardware MAC Rewrite Str: 00:00:00:00:00:00:00:00:00:00:00:00

=== Label OCE ===
  Label flags: 20
  Num Labels: 1
  Num Bk Labels: 1
  Out Labels: 30
  Out Backup Labels: 30
  Next OCE Type: Fast ReRoute OCE; Next OCE handle: 0x123cbd70

=== FRR OCE ===
  FRR type : IP FRR
  FRR state: Primary
  Primary IF's gid : 22 (DPIDX : 0) Backup IF's DPIDX : 0
  Primary FID  : 0x6856
  PPO handle   : 0x
  Next OCE : Adjacency (0x12105c58)
  Bkup OCE : Adjacency (0x123b4c68)
  Primary BDI  : 0 (Index : 0)
  Backup BDI   : 0 (Index : 0)
  FRR Intf info at Primary array index DPIDX 0, FRR count 0, MET 0x 
0x, EAID 0x
  FRR Intf info at Backup array index  DPIDX 0, FRR count 0, MET 0x 
0x, EAID 0x
  Primary HW Info:
 fi_handle FID index: 0xEAID index: 0x
 nh_handle MET index: 0xEAID index: 0x
 EL3ID 0x
  Backup HW Info:
 nh_handle MET index: 0xEAID index: 0x

=== Adjacency OCE ===
  Adj State: COMPLETE(0)   Address: XXX.XXX.67.154
  Interface: GigabitEthernet0/0/21   Protocol: TAG
  mtu:9100, flags:0x0, fixups:0x0, encap_len:14
  Handles (adj_id:0x07db) (PI:0x10729058) (PD:0x12105c58)
  Rewrite Str: 34:62:88:2a:49:d6:00:a6:ca:cf:2c:95:88:47

  HW Info:
FID index: 0x6597EL3 index: 0x1016EL2 index: 0x
El2RW: 0x0126MET index: 0x00032047EAID : 0x1013
HW ADJ FLAGS: 0x40
Hardware MAC Rewrite Str: 00:00:00:00:00:00:00:00:00:00:00:00

=== Adjacency OCE ===
  Adj State: COMPLETE(0)   Address: XXX.XXX.67.156
  Interface: GigabitEthernet0/0/20   Protocol: TAG
  mtu:9100, flags:0x0, fixups:0x0, encap_len:14
  Handles (adj_id:0x07df) (PI:0x107292d8) (PD:0x123b4c68)
  Rewrite Str: 34:62:88:2a:49:d5:00:a6:ca:cf:2c:94:88:47

  HW Info:
FID index: 0x65bcEL3 index: 0x1015EL2 index: 0x
El2RW: 0x0128MET index: 0x00032049EAID : 0x1012
HW ADJ FLAGS: 0x40
Hardware MAC Rewrite Str: 00:00:00:00:00:00:00:00:00:00:00:00



Thanks again for your assistance on this.










From: cisco-nsp <cisco-nsp-boun...@puck.nether.net> on behalf of James Bensley 
<jwbens...@gmail.com>
Sent: Thursday, 31 August 2017 6:12 PM
To: cisco-nsp@puck.nether.net
Subject: Re: [c-nsp] OSPF equal cost load balancing

On 31 August 2017 at 01:35, CiscoNSP List <cisconsp_l...@hotmail.com> wrote:
>
> AAh - Thank you James!  So the ASR920 will not ECMP over 2 links, it requires 
> 4...that would explain the difference between egress/ingress (and why the 920 
> is not working particularly well!)

I'm not 100% sure but that is what the doc's indicate (and as we know,
Cisco doc's aren't the best):
https://www.cisco.com/c/en/us/td/docs/routers/asr920/configuration/guide/mpls/mp-l3-vpns-xe-3s-asr920-book/mp-l3-vpns-xe-3s-asr920-book_chapter_0100.html#reference_EDE971A94BE6443995432BE8D9E82A25
[http://www.cisco.com/web/fw/i/logo-open-graph.gif]<https://www.cisco.com/c/en/us/td/docs/routers/asr920/configuration/guide/mpls/mp-l3-vpns-xe-3s-asr920-book/mp-l3-vpns-xe-3s-asr920-book_chapter_0100.html#reference_EDE971A94BE6443995432BE8D9E82A25>

MPLS: Layer 3 VPNs Configuration Guide (Cisco ASR 920 
...<https://www.cisco.com/c/en/us/td/docs/routers/asr920/configuration/guide/mpls/mp-l3-vpns-xe-3s-asr920-book/mp-l3-vpns-xe-3s-asr920-book_chapter_0100.html#reference_EDE971A94BE6443995432BE8D9E82A25>
www.cisco.com
MPLS: Layer 3 VPNs Configuration Guide (Cisco ASR 920 Series) -ECMP Load 
Balancing




Restrictions for ECMP Load Balancing
-Both 4 ECMP and 8 ECMP paths are supported.
-Load balancing is supported on global IPv4 and IPv6 traffic. For
global IPv4 and IPv6 traffic, the traffic distribution can be equal
among the available 8 links.
-Per packet load balancing is not supported.
-Label load balancing is supported.

> And yes, we are running MPLS over these links (But not a LAG as mentioned) - 
> So does your comment re MPLS hasting still apply to our setup, or only to a 
> LAG?

Hmm, OK well see above "Label load balancing is supported." - although
not clear I assume that means MPLS labels? So perhaps it seems ECMP
should supports MPLS labelled paths and recognise different labelled
paths with the same IGP cost as seperate "ECMP" paths.


> #sh ip cef YYY.YYY.229.193 internal
> YYY.YYY.229.192/30, epoch 2, fla

Re: [c-nsp] OSPF equal cost load balancing

2017-08-30 Thread CiscoNSP List 

Hmm - Well this is just not wanting to play nicely at all


Ive added another 2 links (Now 4 total), all equal cost - Egress load (From 
ASR920->ME3600) went from Gi0/0/22 doing 950M/sec,  Gi0/0/23 doing 5-10Mb/sec, 
to Gi0/0/20 now taking all the load...


So, we have gi0/0/20,21,22,23 connected to the "corresponding" ports on the 
ME3600 (gi0/20,21,22,23)


Now gi0/0/20 is doing 970Mb/s a sec.Ive tried every combination of 
load-sharing in global conf, and they initially make a bit of a difference 
(i.e. the other ports will do 5-10Mb/sec each), but then revert back to 
Gi0/0/20 being maxed out.


 #show int gigabitEthernet 0/0/20 | inc 30 sec
  30 second input rate 9019 bits/sec, 14882 packets/sec
  30 second output rate 969898000 bits/sec, 144872 packets/sec
 #show int gigabitEthernet 0/0/21 | inc 30 sec
  30 second input rate 74069000 bits/sec, 13780 packets/sec
  30 second output rate 1778000 bits/sec, 312 packets/sec
 #show int gigabitEthernet 0/0/22 | inc 30 sec
  30 second input rate 9676 bits/sec, 15992 packets/sec
  30 second output rate 3067000 bits/sec, 444 packets/sec
 #show int gigabitEthernet 0/0/23 | inc 30 sec
  30 second input rate 103174000 bits/sec, 16690 packets/sec
  30 second output rate 395000 bits/sec, 101 packets/sec


Help?  




From: CBL <alanda...@gmail.com>
Sent: Thursday, 31 August 2017 1:13 PM
To: CiscoNSP List
Cc: James Bensley; cisco-nsp@puck.nether.net
Subject: Re: [c-nsp] OSPF equal cost load balancing

What if you were to setup four BDIs running OSPF/MPLS across these two physical 
interfaces. Two BDIs per physical interface. Would that make ECMP work 
correctly using an ASR920?

We're going to be in the same boat soon too.. ASR920's on both sides with OSPF 
across two physical paths and worried about load sharing. Most of our traffic 
is MPLS xconnects traversing these links (licensed backhauls).


On Wed, Aug 30, 2017 at 6:35 PM, CiscoNSP List 
<cisconsp_l...@hotmail.com<mailto:cisconsp_l...@hotmail.com>> wrote:
AAh - Thank you James!  So the ASR920 will not ECMP over 2 links, it requires 
4...that would explain the difference between egress/ingress (and why the 920 
is not working particularly well!)


Yes, this is ECMP, not LAG - So changing the load sharing algorithm can only be 
done globally (As I tried to do it under the individual interfaces, and was 
only presented with per dst as an option)


(config-if)#ip load-sharing ?
  per-destination  Deterministic distribution


So, changing globally will potentially cause a service disruption? (May need to 
do this in maintenance window) - Do you suggest "include-ports" as a possible 
candidate?


#ip cef load-sharing algorithm ?
  include-ports  Algorithm that includes layer 4 ports
  original   Original algorithm
  tunnel Algorithm for use in tunnel only environments
  universal  Algorithm for use in most environments

And yes, we are running MPLS over these links (But not a LAG as mentioned) - So 
does your comment re MPLS hasting still apply to our setup, or only to a LAG?


Thanks again for your response - Extremely helpful!



From: cisco-nsp 
<cisco-nsp-boun...@puck.nether.net<mailto:cisco-nsp-boun...@puck.nether.net>> 
on behalf of James Bensley <jwbens...@gmail.com<mailto:jwbens...@gmail.com>>
Sent: Thursday, 31 August 2017 6:43 AM
To: cisco-nsp@puck.nether.net<mailto:cisco-nsp@puck.nether.net>
Subject: Re: [c-nsp] OSPF equal cost load balancing

I think two layer ECMP links are being used here, both of which are in
the IGP. Are you running MPLS over these links too?

The ME3600 is able to ECMP over any number of links as far as I know
(up to the max, which is 8 or 16) however I think the ASR920 will only
ECMP over 4 or 8 links (so not 2 as in your case). This could be the
problem here.

Could you also try to change the CEF load balancing algorithm
(assuming this is ECMP and not LAG, this won't affect a LAG):

ASR920(config)#ip cef load-sharing algorithm ?
  include-ports  Algorithm that includes layer 4 ports
  original   Original algorithm
  tunnel Algorithm for use in tunnel only environments
  universal  Algorithm for use in most environments

If it is a LAG then on the ASR920 try to adjust these options:

ASR920(config)#port-channel load-balance-hash-algo ?
  dst-ip Destination IP
  dst-macDestination MAC
  src-dst-ip Source XOR Destination IP Addr
  src-dst-macSource XOR Destination MAC
  src-dst-mixed-ip-port  Source XOR Destination Port, IP addr
  src-ip Source IP
  src-macSource MAC

If you're running MPLS over the LAG the ASR920 can hash MPLS over the
LAG and the ASR920 should hash over 2 links just fine.

Cheers,
James.
___
cisco-nsp mailing list  
cisco-nsp@puck.nether.net<mailto

Re: [c-nsp] OSPF equal cost load balancing

2017-08-30 Thread CiscoNSP List 

Hi Pshem - No, only L3VPN and "standard" Inet links


cheers



From: Pshem Kowalczyk <pshe...@gmail.com>
Sent: Thursday, 31 August 2017 6:51 AM
To: CiscoNSP List; cisco-nsp@puck.nether.net
Subject: Re: [c-nsp] OSPF equal cost load balancing

Are you running L2VPN traffic across those ECMP links?

kind regards
Pshem


On Wed, 30 Aug 2017 at 16:59 CiscoNSP List 
<cisconsp_l...@hotmail.com<mailto:cisconsp_l...@hotmail.com>> wrote:
Hi Everyone,


Have an ASR920 connected to an ME3600 with 2 x 1Gb links with same ospf cost 
(It was a single 1Gb, but secondary 1Gb was added as utilization was getting 
close to 1Gb) - Was hoping for at least a partial balance of traffic across the 
2 links, but egress from ASR920 to the ME3600(Ingress to customers), we are 
seeing one of the 1Gb links basically maxing out, and the other doing virtually 
nothing (10-15Mb/sec)...other direction we are seeing pretty much 50:50 balance 
across the 2 x 1Gb linksI know per-dest algorithm is used, and know that 
there are a only few big bandwidth users on the ME3600, but I cant understand 
why basically "all" of the traffic is going down one link?


Is there anyway to "tweak" the load-sharing of the equal cost paths (I can only 
see per-dst as an option)


Is a L3 etherchannel going to be any "better" with load-balancing than the 
current ospf equal cost?  (we have voip running over these links, so want to 
avoid packet delivery order issues)


Is TE a potential solution in this case?


We cant go 10G unfortunately, as the ME3600's dont have 10G ports unlocked, and 
they are earmarked for retirement - so stuck with multiple 1G links for a 
short-term fix 


Appreciate any feedback/suggestions.


Thanks
___
cisco-nsp mailing list  
cisco-nsp@puck.nether.net<mailto:cisco-nsp@puck.nether.net>
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/
___
cisco-nsp mailing list  cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/

Re: [c-nsp] OSPF equal cost load balancing

2017-08-30 Thread CiscoNSP List 
AAh - Thank you James!  So the ASR920 will not ECMP over 2 links, it requires 
4...that would explain the difference between egress/ingress (and why the 920 
is not working particularly well!)


Yes, this is ECMP, not LAG - So changing the load sharing algorithm can only be 
done globally (As I tried to do it under the individual interfaces, and was 
only presented with per dst as an option)


(config-if)#ip load-sharing ?
  per-destination  Deterministic distribution


So, changing globally will potentially cause a service disruption? (May need to 
do this in maintenance window) - Do you suggest "include-ports" as a possible 
candidate?


#ip cef load-sharing algorithm ?
  include-ports  Algorithm that includes layer 4 ports
  original   Original algorithm
  tunnel Algorithm for use in tunnel only environments
  universal  Algorithm for use in most environments

And yes, we are running MPLS over these links (But not a LAG as mentioned) - So 
does your comment re MPLS hasting still apply to our setup, or only to a LAG?


Thanks again for your response - Extremely helpful!



From: cisco-nsp  on behalf of James Bensley 

Sent: Thursday, 31 August 2017 6:43 AM
To: cisco-nsp@puck.nether.net
Subject: Re: [c-nsp] OSPF equal cost load balancing

I think two layer ECMP links are being used here, both of which are in
the IGP. Are you running MPLS over these links too?

The ME3600 is able to ECMP over any number of links as far as I know
(up to the max, which is 8 or 16) however I think the ASR920 will only
ECMP over 4 or 8 links (so not 2 as in your case). This could be the
problem here.

Could you also try to change the CEF load balancing algorithm
(assuming this is ECMP and not LAG, this won't affect a LAG):

ASR920(config)#ip cef load-sharing algorithm ?
  include-ports  Algorithm that includes layer 4 ports
  original   Original algorithm
  tunnel Algorithm for use in tunnel only environments
  universal  Algorithm for use in most environments

If it is a LAG then on the ASR920 try to adjust these options:

ASR920(config)#port-channel load-balance-hash-algo ?
  dst-ip Destination IP
  dst-macDestination MAC
  src-dst-ip Source XOR Destination IP Addr
  src-dst-macSource XOR Destination MAC
  src-dst-mixed-ip-port  Source XOR Destination Port, IP addr
  src-ip Source IP
  src-macSource MAC

If you're running MPLS over the LAG the ASR920 can hash MPLS over the
LAG and the ASR920 should hash over 2 links just fine.

Cheers,
James.
___
cisco-nsp mailing list  cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
cisco-nsp Info Page - 
puck.nether.net
puck.nether.net
To see the collection of prior postings to the list, visit the cisco-nsp 
Archives. Using cisco-nsp: To post a message to all the list members, send ...



archive at http://puck.nether.net/pipermail/cisco-nsp/
___
cisco-nsp mailing list  cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/

Re: [c-nsp] OSPF equal cost load balancing

2017-08-30 Thread CiscoNSP List 
ll|explicit-null]
  FRR Primary (0x3D51B980)


<15 > label [explicit-null|explicit-null]
  FRR Primary (0x3D51BA40)


  Subblocks:
None


So, all looks ok from a load sharing perspective, but majority of traffic still 
goes via gi0/0/22..so was wondering if a L3 Etherchannel may provide some 
"better" balance as it has more algorithm balancing options to choose from?   
(Or potentially setting up TE, but I think this may be overkill, and not 
provide more benefit?)

Cheers



____
From: Aaron Gould <aar...@gvtc.com>
Sent: Thursday, 31 August 2017 5:19 AM
To: 'CiscoNSP List'; cisco-nsp@puck.nether.net
Subject: RE: [c-nsp] OSPF equal cost load balancing

Are you doing a 2-port etherchannel between the 920 and 3600 ?  Asking since 
you seem to be asking question about etherchannel load balancing and hashing

...or...

Are you doing 2 separate layer 3 subnets between the 920 and 3600 ?  asking 
since your subject heading implies so. (ospf equal cost LB)

...you might be confusing/mixing 2 different subjects and how-to's in the same 
explanation.

I think you mentioned the 920 is network side and 3600 is closer to customer... 
if so, please go to 920 and show a customer route on the 3600 that you wish you 
would load balance please... sanitize your output to protect the innocent...

Show ip route a.b.c.d

Show ip arp of next hop

If it goes via L2

Show mac-address-table address ..


-Aaron


___
cisco-nsp mailing list  cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/

[c-nsp] OSPF equal cost load balancing

2017-08-29 Thread CiscoNSP List 
Hi Everyone,


Have an ASR920 connected to an ME3600 with 2 x 1Gb links with same ospf cost 
(It was a single 1Gb, but secondary 1Gb was added as utilization was getting 
close to 1Gb) - Was hoping for at least a partial balance of traffic across the 
2 links, but egress from ASR920 to the ME3600(Ingress to customers), we are 
seeing one of the 1Gb links basically maxing out, and the other doing virtually 
nothing (10-15Mb/sec)...other direction we are seeing pretty much 50:50 balance 
across the 2 x 1Gb linksI know per-dest algorithm is used, and know that 
there are a only few big bandwidth users on the ME3600, but I cant understand 
why basically "all" of the traffic is going down one link?


Is there anyway to "tweak" the load-sharing of the equal cost paths (I can only 
see per-dst as an option)


Is a L3 etherchannel going to be any "better" with load-balancing than the 
current ospf equal cost?  (we have voip running over these links, so want to 
avoid packet delivery order issues)


Is TE a potential solution in this case?


We cant go 10G unfortunately, as the ME3600's dont have 10G ports unlocked, and 
they are earmarked for retirement - so stuck with multiple 1G links for a 
short-term fix 


Appreciate any feedback/suggestions.


Thanks
___
cisco-nsp mailing list  cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/

Re: [c-nsp] IPerf alternative

2017-08-09 Thread CiscoNSP List 
Hi James - Yes I tested this alsoit still will not go above 50%...at first 
I though it may be the carriers link, but I also tested the 
bidirectional/simultaneous test, and it produced similar results (Single 
direction test were fine.)  Single direction tests are fine.


I think its a problem with IPerf, potentiallly the server nics...Or maybe IPerf 
is "limited" to the bandwith of the link (1G, but can only send/receive a 
"total" (50% in both directions)

There are a few reports of issues with the bidirectional tests, but I cant 
locate any "fixes".so Id prefer to spend time looking at a more robust 
(proven) testing tool.

Cheers


From: cisco-nsp <cisco-nsp-boun...@puck.nether.net> on behalf of James Bensley 
<jwbens...@gmail.com>
Sent: Wednesday, 9 August 2017 5:47 PM
To: cisco-nsp@puck.nether.net
Subject: Re: [c-nsp] IPerf alternative

On 9 August 2017 at 08:39, CiscoNSP List <cisconsp_l...@hotmail.com> wrote:
> Thanks Ryan - They did not include bidirectional simultaneous test in V3 I 
> dont think? (this is a test we definitely require, and one that is causing us 
> the most issues in v2 (It appears to be somewhat broken...perhaps that is 
> what they dint include it in v3 ?

Run two copies simultaneously? That way you can also tweak the two
unidirectional streams independently.

Cheers,
James.
___
cisco-nsp mailing list  cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
cisco-nsp Info Page - 
puck.nether.net<https://puck.nether.net/mailman/listinfo/cisco-nsp>
puck.nether.net
To see the collection of prior postings to the list, visit the cisco-nsp 
Archives. Using cisco-nsp: To post a message to all the list members, send ...



archive at http://puck.nether.net/pipermail/cisco-nsp/
___
cisco-nsp mailing list  cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/

Re: [c-nsp] IPerf alternative

2017-08-09 Thread CiscoNSP List 
Hi Raymond (Apologies re top post, Hotmail is a pain) - Reliability concerns 
primarily with bidirectional simultaneous test mode - Single direction test 
(UDP), we are able to achieve close to a links capacity (1Gb), bidirectional 
(-r) (Sends one direction first, then the other), also achieves links 
capacity...but simultaneous bidirectional (-d), we see 50% in both directions 
(i.e ~450-500Mb) - I dont know if this is a limitation of iperf, but have tried 
on multiple boxes, back-to-back, and can not get the bidirectional simultaneous 
test to achieve 1Gb synchronously - Its like IPERF sees the link as only 1Gb, 
and therefore only sends as a total (500Mb in both directons...Ive also tried 
multiple threads, but it refuses to go above 50% - If this is a limitation 
within the software, or theirs another flag I should be using, Id love to hear 
it :)

Thanks


From: Raymond Burkholder <r...@oneunified.net>
Sent: Monday, 7 August 2017 8:40 PM
To: CiscoNSP List
Cc: cisco-nsp@puck.nether.net
Subject: Re: [c-nsp] IPerf alternative


> On 7 Aug 2017, at 04:25, CiscoNSP List <cisconsp_l...@hotmail.com> wrote:
> Looking for an alternative to IPerf for link testing - Having some 
> "reliability" concerns with IPerf results (Primarily with

can you explain your ‘reliability’ concerns?

> simultaneous data transfers) - Any recommendations are greatly appreciated 
> (10G capabilities would be fantastic, but not

do you run a single iperf app, or several in parallel?  do you use the tcp mode 
or the udp mode?  in udp mode, you get some additional statistics.  on which 
platform do you run iperf?  on some platforms, like linux, you need to check 
‘ethtool -S’ to see if the  operating system is dropping packets (on tx or rx). 
 which may require some performance tuning of the network interfaces.

also, on a linux platform, the kernel guys use some trace tools, one of which 
will create one buffer, and copy it to the network interface, making a very 
effective high bandwidth tester, with some purporting to fill a 10g link.  I 
don’t have the name off the top of my head.

this being a cisco list, some cisco platforms have built in ttcp performance 
testers.

> 100% necessary) - Has anyone used/tried Ostinato ? Primarily after a tool 
> that can provide load testing results (simultaneous bidirectional, one 
> direction, and UDP/TCP are primary requirements...Happy to look at a 
> commercial product/appliance if it ticks all the boxes, but not wanting to 
> spend a fortune :)
>
>
> Thanks in advance
> ___
> cisco-nsp mailing list  cisco-nsp@puck.nether.net
> https://puck.nether.net/mailman/listinfo/cisco-nsp
cisco-nsp Info Page - 
puck.nether.net<https://puck.nether.net/mailman/listinfo/cisco-nsp>
puck.nether.net
To see the collection of prior postings to the list, visit the cisco-nsp 
Archives. Using cisco-nsp: To post a message to all the list members, send ...



> archive at http://puck.nether.net/pipermail/cisco-nsp/
>
> --
> This message has been scanned for viruses and
> dangerous content by MailScanner, and is
> believed to be clean.
>


--
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.

___
cisco-nsp mailing list  cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/

Re: [c-nsp] IPerf alternative

2017-08-09 Thread CiscoNSP List 
lll def check this out - Cheers - from a hardware perspective, pizza box 1RU 
servers work great, but we would also like a "smaller" option that we can send 
to various POPs for testinghas anyone got suggestions ?  I doubt the 
raspberry pi range would have the grunt to push 1G (or more?)...I maybe wrong 
though? perhaps one of the forks?


Cheers



From: Josh Galvez <j...@zevlag.com>
Sent: Tuesday, 8 August 2017 2:33 AM
To: CiscoNSP List
Cc: cisco-nsp@puck.nether.net
Subject: Re: [c-nsp] IPerf alternative

I'm not sure how stuck on Layer3 protocols you are, but this 
https://github.com/jwbensley/Etherate is a nice Layer2 testing tool.
[https://avatars2.githubusercontent.com/u/1025875?v=4=400]<https://github.com/jwbensley/Etherate>

GitHub - jwbensley/Etherate: Linux CLI Ethernet and MPLS 
...<https://github.com/jwbensley/Etherate>
github.com
Etherate - Linux CLI Ethernet and MPLS Testing Tool



Josh

On Mon, Aug 7, 2017 at 1:25 AM, CiscoNSP List 
<cisconsp_l...@hotmail.com<mailto:cisconsp_l...@hotmail.com>> wrote:
Hi everyone,


Looking for an alternative to IPerf for link testing - Having some 
"reliability" concerns with IPerf results (Primarily with simultaneous data 
transfers) - Any recommendations are greatly appreciated (10G capabilities 
would be fantastic, but not 100% necessary) - Has anyone used/tried Ostinato ? 
Primarily after a tool that can provide load testing results (simultaneous 
bidirectional, one direction, and UDP/TCP are primary requirements...Happy to 
look at a commercial product/appliance if it ticks all the boxes, but not 
wanting to spend a fortune :)


Thanks in advance
___
cisco-nsp mailing list  
cisco-nsp@puck.nether.net<mailto:cisco-nsp@puck.nether.net>
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/

___
cisco-nsp mailing list  cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/

Re: [c-nsp] IPerf alternative

2017-08-09 Thread CiscoNSP List 
Thanks Ryan - They did not include bidirectional simultaneous test in V3 I dont 
think? (this is a test we definitely require, and one that is causing us the 
most issues in v2 (It appears to be somewhat broken...perhaps that is what they 
dint include it in v3 ?



From: Ryan Harden <harde...@uchicago.edu>
Sent: Tuesday, 8 August 2017 7:14 AM
To: Josh Galvez
Cc: CiscoNSP List; cisco-nsp@puck.nether.net
Subject: Re: [c-nsp] IPerf alternative

iperf is dead. Use iperf3, maintained by the folks at the Energy Science 
Network.

http://software.es.net/iperf/
iperf3 — iperf3 3.2 documentation<http://software.es.net/iperf/>
software.es.net
iperf3¶ iperf is a tool for active measurements of the maximum achievable 
bandwidth on IP networks. It supports tuning of various parameters related to 
timing ...




It works very well…

Test between a host in Chicago and Los Angeles. (44ms RTT)
- - - - - - - - - - - - - - - - - - - - - - - - -
[ ID]   Interval  Transfer Bandwidth Retr
[SUM]   0.00-30.00  sec  96.3 GBytes  27563 Mbits/sec0 sender

/Ryan

Ryan Harden
Research and Advanced Networking Architect
University of Chicago - ASN160
P: 773.834.5441




> On Aug 7, 2017, at 11:33 AM, Josh Galvez <j...@zevlag.com> wrote:
>
> I'm not sure how stuck on Layer3 protocols you are, but this
> https://github.com/jwbensley/Etherate is a nice Layer2 testing tool.
[https://avatars2.githubusercontent.com/u/1025875?v=4=400]<https://github.com/jwbensley/Etherate>

GitHub - jwbensley/Etherate: Linux CLI Ethernet and MPLS 
...<https://github.com/jwbensley/Etherate>
github.com
Etherate - Linux CLI Ethernet and MPLS Testing Tool



>
> Josh
>
> On Mon, Aug 7, 2017 at 1:25 AM, CiscoNSP List <cisconsp_l...@hotmail.com>
> wrote:
>
>> Hi everyone,
>>
>>
>> Looking for an alternative to IPerf for link testing - Having some
>> "reliability" concerns with IPerf results (Primarily with simultaneous data
>> transfers) - Any recommendations are greatly appreciated (10G capabilities
>> would be fantastic, but not 100% necessary) - Has anyone used/tried
>> Ostinato ? Primarily after a tool that can provide load testing results
>> (simultaneous bidirectional, one direction, and UDP/TCP are primary
>> requirements...Happy to look at a commercial product/appliance if it ticks
>> all the boxes, but not wanting to spend a fortune :)
>>
>>
>> Thanks in advance
>> ___
>> cisco-nsp mailing list  cisco-nsp@puck.nether.net
>> https://puck.nether.net/mailman/listinfo/cisco-nsp
cisco-nsp Info Page - 
puck.nether.net<https://puck.nether.net/mailman/listinfo/cisco-nsp>
puck.nether.net
To see the collection of prior postings to the list, visit the cisco-nsp 
Archives. Using cisco-nsp: To post a message to all the list members, send ...



>> archive at http://puck.nether.net/pipermail/cisco-nsp/
>>
> ___
> cisco-nsp mailing list  cisco-nsp@puck.nether.net
> https://puck.nether.net/mailman/listinfo/cisco-nsp
cisco-nsp Info Page - 
puck.nether.net<https://puck.nether.net/mailman/listinfo/cisco-nsp>
puck.nether.net
To see the collection of prior postings to the list, visit the cisco-nsp 
Archives. Using cisco-nsp: To post a message to all the list members, send ...



> archive at http://puck.nether.net/pipermail/cisco-nsp/

___
cisco-nsp mailing list  cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/

Re: [c-nsp] IPerf alternative

2017-08-07 Thread CiscoNSP List 

Much appreciated Saku!


Thanks.



From: Saku Ytti <s...@ytti.fi>
Sent: Monday, 7 August 2017 5:37 PM
To: CiscoNSP List
Cc: cisco-nsp@puck.nether.net
Subject: Re: [c-nsp] IPerf alternative

On 7 August 2017 at 10:25, CiscoNSP List <cisconsp_l...@hotmail.com> wrote:

Hey,

> Looking for an alternative to IPerf for link testing - Having some 
> "reliability" concerns with IPerf results (Primarily with simultaneous data 
> transfers) - Any recommendations are greatly appreciated (10G capabilities 
> would be fantastic, but not 100% necessary) - Has anyone used/tried Ostinato 
> ? Primarily after a tool that can provide load testing results (simultaneous 
> bidirectional, one direction, and UDP/TCP are primary requirements...Happy to 
> look at a commercial product/appliance if it ticks all the boxes, but not 
> wanting to spend a fortune :)

I am not aware of not-broken-by-design UDP performance measurement
software. iperf,  Netperf at least are entirely broken as they use OS
UDPSocet, which does not perform. AF_PACKET might be able to reach 1GE
on small packets, which I currently view as absolutely minimum for
testing.
TCP makes very little sense, as I want to test the network, not TCP
settings of end-hosts. Friend of mine and I started writing AF_PACKET
based testing tool with rust, and initial results show that 1.5Mpps is
entirely reasonable on typical laptop, but 15Mpps is not. For 10GE
you'd need something like netmap or DPDK based solution, which also
means you'd need to have dedicated NIC for this, which to me is
entirely another class of software, these exists, you might want to
check out https://trex-tgn.cisco.com/.
TRex<https://trex-tgn.cisco.com/>
trex-tgn.cisco.com
TRex Realistic traffic generator . TRex is an open source, low cost, stateful 
traffic generator fuelled by DPDK. It generates L4-7 traffic based on 
pre-processing and ...




If you're looking for commercial kit, I'd say go with Spirent or Keysight.

--
  ++ytti
___
cisco-nsp mailing list  cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/

[c-nsp] IPerf alternative

2017-08-07 Thread CiscoNSP List 
Hi everyone,


Looking for an alternative to IPerf for link testing - Having some 
"reliability" concerns with IPerf results (Primarily with simultaneous data 
transfers) - Any recommendations are greatly appreciated (10G capabilities 
would be fantastic, but not 100% necessary) - Has anyone used/tried Ostinato ? 
Primarily after a tool that can provide load testing results (simultaneous 
bidirectional, one direction, and UDP/TCP are primary requirements...Happy to 
look at a commercial product/appliance if it ticks all the boxes, but not 
wanting to spend a fortune :)


Thanks in advance
___
cisco-nsp mailing list  cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/

Re: [c-nsp] Migrating multi 1Gb port-chan member ints to 10G .....possible withot having to create a new portchan?

2017-06-16 Thread CiscoNSP List 
Cheers, I labbed it up om ASR1001 -> 4948now the ASR1001 had SPA1x5G, it 
had 2 working GE-Tsadded the same SFP's (Copper/GE-T), the ASR logged the 
insertion, you could vie the details of the SFPs, but we could not get them to 
link to anything (and yes, we had enabled the ports :).SFPs worked fine in 
the 4948put some single mode fibre SFP's and worked instantly.job for 
another day to figure out)any way setup a 2 port portchan, with 5 subints 
on ASR1001, vlan int on 4948, all worked as exected.big test was removal of 
the 2 member ints on ASR1001 from portchan (Would it not allow it, or allow it, 
and delete the portchan/subintsthankfully, neither...It allowed the removal 
of all member ints, and just shutdown the portchan (Keeping al subints 
conf)..re-added the links, and all workedreplicated this on the 
ASR1006/4500X, and it also did the sameso a relatively painless change,, 
and we now have 2x10Gs in the portchan.


Thanks for all the suggestions - cheers.



From: Pete Templin <peteli...@templin.org>
Sent: Thursday, 15 June 2017 3:47 AM
To: CiscoNSP List; Cisco Network Service Providers
Subject: Re: [c-nsp] Migrating multi 1Gb port-chan member ints to 10G 
.possible withot having to create a new portchan?

Copy the config off-box, trim it down to just the subinterfaces, copy
that resulting file to bootflash. Delete the members, add the new
members, and if you have to restore the subinterfaces, copy
bootflash:subints-config-bits running-config

It's not hard, you can have your ducks all ready to go, and drop it
right back in.


On 6/13/17 9:04 PM, CiscoNSP List wrote:
> Well tried this last night, and the ASR1K did not cooperate.4500X, played 
> nice and behaved like the 2960 (Adding 10G ports to the portchan, rejected 
> them due to speed difference, but still adds them to the portchan, but in 
> suspended modeso all good there, but ASR1K, (As well as only allowing 4 
> member ints in a portchan.,,which was a tad inconvenient), when attempting to 
> add the 10G port, it simply rejects them due to bandwidth, ie, does not put 
> the port into suspended mode/add it to the member Ints config..so, if you 
> remove the 1G links, portchan would have no membersyou would have to add 
> 10G members after removing all 1G.but Im almost positive the ASR will not 
> allow me to remove all the 1G ints, due to the subinterfaces (I didnt want to 
> test this on the production ASR1K, maintenance window was only short).so, 
> going to test it on an asr1001, and see what the result isI really really 
> hope I can just shutdown the portchan, remove all the 1G ints, add the 10G;s 
> then re-enable the portchan...I hope I dont have to remove portchan, remove 
> 1G ints from it, re-create it, then add the 10G's.subints are referenced 
> in ospf/bgp etcwouldnt surprise me if they were dynamically 
> removed...other option is to change startup conf, save, reboot (Or 
> potentially save, then replace running with startup.but having done that 
> on previous  occasions, it doesnt always go smoothly )
>
>


___
cisco-nsp mailing list  cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/

Re: [c-nsp] Migrating multi 1Gb port-chan member ints to 10G .....possible withot having to create a new portchan?

2017-06-13 Thread CiscoNSP List 
Well tried this last night, and the ASR1K did not cooperate.4500X, played 
nice and behaved like the 2960 (Adding 10G ports to the portchan, rejected them 
due to speed difference, but still adds them to the portchan, but in suspended 
modeso all good there, but ASR1K, (As well as only allowing 4 member ints 
in a portchan.,,which was a tad inconvenient), when attempting to add the 10G 
port, it simply rejects them due to bandwidth, ie, does not put the port into 
suspended mode/add it to the member Ints config..so, if you remove the 1G 
links, portchan would have no membersyou would have to add 10G members 
after removing all 1G.but Im almost positive the ASR will not allow me to 
remove all the 1G ints, due to the subinterfaces (I didnt want to test this on 
the production ASR1K, maintenance window was only short).so, going to test 
it on an asr1001, and see what the result isI really really hope I can just 
shutdown the portchan, remove all the 1G ints, add the 10G;s then re-enable the 
portchan...I hope I dont have to remove portchan, remove 1G ints from it, 
re-create it, then add the 10G's.subints are referenced in ospf/bgp 
etcwouldnt surprise me if they were dynamically removed...other option is 
to change startup conf, save, reboot (Or potentially save, then replace running 
with startup.but having done that on previous  occasions, it doesnt always 
go smoothly )



From: cisco-nsp <cisco-nsp-boun...@puck.nether.net> on behalf of CiscoNSP List 
<cisconsp_l...@hotmail.com>
Sent: Tuesday, 13 June 2017 8:25 AM
To: Tom Hill; cisco-nsp@puck.nether.net; Nick Cutting
Subject: Re: [c-nsp] Migrating multi 1Gb port-chan member ints to 10G 
.possible withot having to create a new portchan?

I dont believe that you can remove all of a portcchan's member Ints (Ive not 
tested this, but read a forum post were someone was attempting something 
similar (1G->10G), and the router threw an error when attempting to remove the 
last 1G Int (Something along the lines of "portchan cannot be without physical 
interfaces due to sub-interfaces, at least one physical interface must be in 
the portchan")...I also had a quick look at the 1x10GSPA (SPA-1X10GE-L-V2 
(XFP)), and I dont believe they are dual rate...ie dont support manual setting 
of speed/duplexWe have tested with an older lab switch (2960), manually 
setting ports to 100M (that are Gb Ints)...with 2 "100M ports" in the portchan, 
if you try to add the "1G" ports, it complains:

 %EC-5-CANNOT_BUNDLE2: Gi1/0/25 is not compatible with Gi1/0/1 and will be 
suspended (speed of Gi1/0/25 is 1000M, Gi1/0/1 is 100M)
 %LINEPROTO-5-UPDOWN: Line protocol on Interface GigabitEthernet1/0/25, changed 
state to down

Then removing the 2 x "100M" ports from portchan, the 2 x "1G" ports 
automatically came up, and stayed up, and portchan remained upIm hoping we 
see similar behavior on the ASR1K/4500X (Under maintenance window, so small 
outage is ok).


Thanks

From: cisco-nsp <cisco-nsp-boun...@puck.nether.net> on behalf of Tom Hill 
<t...@ninjabadger.net>
Sent: Tuesday, 13 June 2017 5:21 AM
To: cisco-nsp@puck.nether.net
Subject: Re: [c-nsp] Migrating multi 1Gb port-chan member ints to 10G 
.possible withot having to create a new portchan?

On 12/06/17 19:28, Nick Cutting wrote:
> I think this is possible, but with a little bit of downtime when you change 
> the new links from 1000 to ten gig.
> You should be able to lab this up with 1000Mbit and 100Mbit on an old switch, 
> nothing laying around?

If this causes a little downtime, why not just remove all the 1GE
interfaces and add the 10GE interface(s)?

You can pre-prepare the config and just paste it in, to avoid it taking
too much time. :)

--
Tom
___
cisco-nsp mailing list  cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
cisco-nsp Info Page - 
puck.nether.net<https://puck.nether.net/mailman/listinfo/cisco-nsp>
puck.nether.net
To see the collection of prior postings to the list, visit the cisco-nsp 
Archives. Using cisco-nsp: To post a message to all the list members, send ...



cisco-nsp Info Page - 
puck.nether.net<https://puck.nether.net/mailman/listinfo/cisco-nsp>
cisco-nsp Info Page - 
puck.nether.net<https://puck.nether.net/mailman/listinfo/cisco-nsp>
puck.nether.net
To see the collection of prior postings to the list, visit the cisco-nsp 
Archives. Using cisco-nsp: To post a message to all the list members, send ...



puck.nether.net
To see the collection of prior postings to the list, visit the cisco-nsp 
Archives. Using cisco-nsp: To post a message to all the list members, send ...



archive at http://puck.nether.net/pipermail/cisco-nsp/
___
cisco-nsp mai

Re: [c-nsp] Migrating multi 1Gb port-chan member ints to 10G .....possible withot having to create a new portchan?

2017-06-12 Thread CiscoNSP List 
I dont believe that you can remove all of a portcchan's member Ints (Ive not 
tested this, but read a forum post were someone was attempting something 
similar (1G->10G), and the router threw an error when attempting to remove the 
last 1G Int (Something along the lines of "portchan cannot be without physical 
interfaces due to sub-interfaces, at least one physical interface must be in 
the portchan")...I also had a quick look at the 1x10GSPA (SPA-1X10GE-L-V2 
(XFP)), and I dont believe they are dual rate...ie dont support manual setting 
of speed/duplexWe have tested with an older lab switch (2960), manually 
setting ports to 100M (that are Gb Ints)...with 2 "100M ports" in the portchan, 
if you try to add the "1G" ports, it complains:

 %EC-5-CANNOT_BUNDLE2: Gi1/0/25 is not compatible with Gi1/0/1 and will be 
suspended (speed of Gi1/0/25 is 1000M, Gi1/0/1 is 100M)
 %LINEPROTO-5-UPDOWN: Line protocol on Interface GigabitEthernet1/0/25, changed 
state to down

Then removing the 2 x "100M" ports from portchan, the 2 x "1G" ports 
automatically came up, and stayed up, and portchan remained upIm hoping we 
see similar behavior on the ASR1K/4500X (Under maintenance window, so small 
outage is ok).


Thanks

From: cisco-nsp  on behalf of Tom Hill 

Sent: Tuesday, 13 June 2017 5:21 AM
To: cisco-nsp@puck.nether.net
Subject: Re: [c-nsp] Migrating multi 1Gb port-chan member ints to 10G 
.possible withot having to create a new portchan?

On 12/06/17 19:28, Nick Cutting wrote:
> I think this is possible, but with a little bit of downtime when you change 
> the new links from 1000 to ten gig.
> You should be able to lab this up with 1000Mbit and 100Mbit on an old switch, 
> nothing laying around?

If this causes a little downtime, why not just remove all the 1GE
interfaces and add the 10GE interface(s)?

You can pre-prepare the config and just paste it in, to avoid it taking
too much time. :)

--
Tom
___
cisco-nsp mailing list  cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
cisco-nsp Info Page - 
puck.nether.net
puck.nether.net
To see the collection of prior postings to the list, visit the cisco-nsp 
Archives. Using cisco-nsp: To post a message to all the list members, send ...



archive at http://puck.nether.net/pipermail/cisco-nsp/
___
cisco-nsp mailing list  cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/

[c-nsp] Migrating multi 1Gb port-chan member ints to 10G .....possible withot having to create a new portchan?

2017-06-11 Thread CiscoNSP List 
Hi Everyone,


Ive researched this, and the info Ive read s not entirely definitive (I dont 
have an opportunity to test  the migration in a lab unfortunately_


We have an existing port-chan on an asr1006, with 4 x 1Gb portsegress from 
ASR1006 on the member ports is very balanced, but unfortunately, ingress, we 
are always seeing 2 links basically maxing out (Other end of portchan is 
4500x(VSS stack, with "primary" switch, being the one with the 2 over active 
ports.) we've resigned to the fact that we will need to go 10G to fix the 
"issue"Now the problem is that the existing portchan has 100's of 
subunterfaces, so we dont want to have to create a "new" portchan with the 2 x 
10G links, and migrate all the subinterfacesfrom what Ive read, the member 
interfaces of the etherchan need to be of the same "Speed + Duplex"some go 
even further and say the same "physical" ty;e (i.e. 1Gb SM -> 1Gb SM)but I 
have also read where people have added a 10G int to an existing portchan (That 
only has 1Gb members), and it "worked".Can anyone please confirm if this is 
possible?  i.e. set the 10G interfaces to 1000/Full, then add them to
  the existing portchan, delete the "old" 1Gb member ints, then change the 10Gb 
interfaces to auto?  I really hope there is someway that this can be achieved 
without having to migrate all the subints to a new portchanant 
suggestions/experiences are greatly appreciated.


Cheers
___
cisco-nsp mailing list  cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/

Re: [c-nsp] Load balancing on portchan (4500X->ASR1006)

2017-06-04 Thread CiscoNSP List 
Hi mate - 4500X(Primary) it is egress usage on both ports, 4500X(Secondary), it 
is the opposite)ingressI only tried mac balancing for testinglol, it 
seems to get the best balance.cant use ip/porton src/dst ip, or src/dst 
port.4500X only does layer 2 (Trunking vlans up to ASR1000, which does L3 
(dot1q subints on portchan).an old legacy setup from many years ago, that 
is goign to be retirred adap 


Thanks



From: "Rolf Hanßen" <n...@rhanssen.de>
Sent: Sunday, 4 June 2017 12:49 AM
To: CiscoNSP List
Cc: cisco-nsp@puck.nether.net
Subject: Re: [c-nsp] Load balancing on portchan (4500X->ASR1006)

Hello,

I read your mail twice and still don't know which direction is affected
(4500X tp ASR or ASR to 4500X or both).
Please be aware that the balancing hash method only affects outbound
traffic, so changing the method on the 4500X only affects traffic towards
the ASR.
Using mac adresses for balancing is a bad idea. Years ago we had the great
idea to connect several servers with dual nic to a router with a 2 port
channel switching between.
MAC on the router was always the same, MACs on the servers were all even
because we used the same port on all servers.
Result: no balaning at all.

Is the switch able to use IP / Port for all frames or do you have packts
it maybe does not understand (like MPLS Packets)?

kind regards
Rolf

> Hi Everyone - Have a 4 port etherchan between ASR1006/4500X(In VSS) -
> Tried virtually all the load-balancing options on the 4500X, but port "1"
> in the portchan group always gets majority of traffic share.
>
>
> Links are:
>
>
> ASR1006  4500X (2)
>
> 0/0/31/1/4
>
> 1/0/01/1/16
>
> 1/0/32/1/4
>
> 2/0/02/1/16
>
>
> src/dst ip - I get both ports on "primary" 4500X being primarily used
> (1/1/4 getting the most)
>
> src/dst mac - I get a bit of a better load spread, but 2/1/4 gets very
> little traffic, and again 1/1/4 gets the most
>
> src/dst port - 1/1/4 gets the most, 2/1/16 gets a lot more (ingress),
> 2/1/4, very little
>
>
> The portchan peak usage is 2 to 2.5Gb/sec, but would do more, as it is
> being limited by the load-balancingi.e 1/1/4 will max out at 1G/sec
> (We have a very bursty traffic.SP - So mix of
> Inet/L3VPN/backup/replication etc)
>
>
> If anyone has some suggestions on how to achieve a better(more even)
> traffic spread, it would be greatly appreciatedMigrating to 10Gb is
> what we plan to do, but am interested in anyones comments on why 1/1/4 is
> used so heavily regardless of the load-balancing algorithm used (Assuming
> it is because it is the "first" portspanning tree  probably preferring
> this port?)the ASR1006 only has 2 load-balancing options flow-based or
> vlan-manual..lol and I dont have any interest in setting up manual
> vlan load-balancing 😉)
>
>
> Thanks
>
>
> ___
> cisco-nsp mailing list  cisco-nsp@puck.nether.net
> https://puck.nether.net/mailman/listinfo/cisco-nsp
cisco-nsp Info Page - 
puck.nether.net<https://puck.nether.net/mailman/listinfo/cisco-nsp>
puck.nether.net
To see the collection of prior postings to the list, visit the cisco-nsp 
Archives. Using cisco-nsp: To post a message to all the list members, send ...



> archive at http://puck.nether.net/pipermail/cisco-nsp/


___
cisco-nsp mailing list  cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/

[c-nsp] Load balancing on portchan (4500X->ASR1006)

2017-06-02 Thread CiscoNSP List 
Hi Everyone - Have a 4 port etherchan between ASR1006/4500X(In VSS) - Tried 
virtually all the load-balancing options on the 4500X, but port "1" in the 
portchan group always gets majority of traffic share.


Links are:


ASR1006  4500X (2)

0/0/31/1/4

1/0/01/1/16

1/0/32/1/4

2/0/02/1/16


src/dst ip - I get both ports on "primary" 4500X being primarily used (1/1/4 
getting the most)

src/dst mac - I get a bit of a better load spread, but 2/1/4 gets very little 
traffic, and again 1/1/4 gets the most

src/dst port - 1/1/4 gets the most, 2/1/16 gets a lot more (ingress), 2/1/4, 
very little


The portchan peak usage is 2 to 2.5Gb/sec, but would do more, as it is being 
limited by the load-balancingi.e 1/1/4 will max out at 1G/sec(We have a 
very bursty traffic.SP - So mix of Inet/L3VPN/backup/replication etc)


If anyone has some suggestions on how to achieve a better(more even) traffic 
spread, it would be greatly appreciatedMigrating to 10Gb is what we plan to 
do, but am interested in anyones comments on why 1/1/4 is used so heavily 
regardless of the load-balancing algorithm used (Assuming it is because it is 
the "first" portspanning tree  probably preferring this port?)the 
ASR1006 only has 2 load-balancing options flow-based or vlan-manual..lol 
and I dont have any interest in setting up manual vlan load-balancing )


Thanks


___
cisco-nsp mailing list  cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/

Re: [c-nsp] Best practise/security design for BGP and OSPF

2017-05-25 Thread CiscoNSP List 

Thanks very much Saku - Ive googled, but not found anything confirming...but 
ttl sec check under ospf, would it cause any issues with rLFA/FRR...i.e dynamic 
creation of tunnels?

Cheers.


From: Saku Ytti <s...@ytti.fi>
Sent: Thursday, 25 May 2017 7:23 PM
To: CiscoNSP List
Cc: adamv0...@netconsultings.com; cisco-nsp@puck.nether.net
Subject: Re: [c-nsp] Best practise/security design for BGP and OSPF

On 25 May 2017 at 05:25, CiscoNSP List <cisconsp_l...@hotmail.com> wrote:

Hey,

> but not XE?  Regarding TTL(In both OSPF and BGP)hop count can be
> arbitrary, if we encounter a link failure...do we just use worse case

In iBGP yes, in eBGP and OSPF usually no. Typical design guarantees
eBGP and OSPF to be on-link or down.

--
  ++ytti
___
cisco-nsp mailing list  cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/

Re: [c-nsp] Best practise/security design for BGP and OSPF

2017-05-24 Thread CiscoNSP List 
Cheers for the replies - Just to clarify, these templates were for purely 
PE->RR (Not for transit), we do run key-chain auth on OSPF, and I was hoping to 
do likewise for iBGP -> RR's, but I dont *think* key-chains are supported in XE 
(Yet?)...I need to do some more reading, but I believe XR supports it, but not 
XE?  Regarding TTL(In both OSPF and BGP)hop count can be arbitrary, if 
we encounter a link failure...do we just use worse case scenario hops ?  Is 
there anything you'd add/remove from the templates that Ive sent through?  
(Obviously soft-reconfig inbound chews memory, and can be removed, but things 
like max-prefix .have it currently set at warning only...recommend killing 
the session for x minutes if it's exceed?)any other suggestions are greatly 
appreciatedthanks.



From: Saku Ytti <s...@ytti.fi>
Sent: Tuesday, 23 May 2017 7:10 PM
To: adamv0...@netconsultings.com
Cc: CiscoNSP List; cisco-nsp@puck.nether.net
Subject: Re: [c-nsp] Best practise/security design for BGP and OSPF

On 23 May 2017 at 12:00,  <adamv0...@netconsultings.com> wrote:

Hey,

> Regarding OSPF,
> Best security is to use it solely for routing PE loopbacks (i.e. no
> connectivity outside the core).

But because it's IP, you might receive spooffed packet further down
the line and believe you received it from far-end. So OP's question
about TTL-security is valid one, and I'd support that. I'd also run
MD5 auth.
But of course if you have good iACL, stopping internet from sending
other than ICMP, UDP highports to links and loops, you should be
pretty safe.

ISIS and OSPF have quite interesting properties, ISIS is more secure
out-of-the-box, but in many cases you cannot stop box from punting
CLNS packets, so any edge-interface may reach control-plane by crafted
CLNS packets (without ISIS being configured on the interface).
Where-as OSPF out-of-the-box is less secure due to IP, but pretty much
every box supports ACLs, allowing you to consistently protect box.'

--
  ++ytti
___
cisco-nsp mailing list  cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/

[c-nsp] Best practise/security design for BGP and OSPF

2017-05-23 Thread CiscoNSP List 
Hi Everyone,

Just doing a bit of a refresh of our current bgp+ospf templates to ensure they 
are inline with todays "best pracitse"

(I have googled this, but majority of the exmaples are from circa 2012 or 
earlierso hoping someone can provide some feebdack :)

Current BGP (We use RR's with a bunch of PEs (primarily vrf solutions + 
standard Inet)

Current setup/template is:


router bgp 
 template peer-policy TO_RR
  prefix-length-size 2
  next-hop-self
  soft-reconfiguration inbound
  maximum-prefix 12000 85 warning-only
  send-community both
  advertise best-external
 exit-peer-policy
!
 template peer-policy TO_RR_2
  prefix-length-size 2
  next-hop-self
  soft-reconfiguration inbound
  maximum-prefix 12000 85 warning-only
  send-community both
  advertise best-external
 exit-peer-policy

 template peer-session IBGP
  remote-as 
  ttl-security hops 10   <-- This recommended
  version 4  <- still rquired?
  password foobar  <-- Add it here, or use a different pass for each neigh
  update-source Loopback0
  ha-mode graceful-restart
 exit-peer-session

bgp router-id XXX.YYY.76.131
 bgp log-neighbor-changes
 bgp graceful-restart restart-time 120
 bgp graceful-restart stalepath-time 360
 bgp graceful-restart
 bgp bestpath compare-routerid
 bgp maxas-limit 54
 no bgp default ipv4-unicast

Then a neigbour example:

 neighbor XXX.YYY.76.204 inherit peer-session IBGP
 neighbor XXX.YYY.76.204 transport path-mtu-discovery disable  <- MTU can 
occassionally rendomly change on carrir interppo links

Address family example

 address-family ipv4
  no bgp recursion host
  bgp additional-paths select best-external
  bgp additional-paths install
  bgp nexthop route-map BGP_NHT
  bgp nexthop trigger delay 0
  redistribute connected route-map TEST_RANGES
  redistribute static route-map TEST_RANGES
  neighbor XXX.YYY.76.212 activate
  neighbor XXX.YYY.76.212 inherit peer-policy TO_RR
  neighbor XXX.YYY.76.212 route-map FROM_TEST_RR in
  neighbor XXX.YYY.76.212 route-map TO_TEST_RR out
!



OSPF Example/template:


router ospf 100
 router-id xxx.xxx.xx.xxx
 log-adjacency-changes detail
 max-lsa 1 warning-only
 prefix-priority high route-map IP_FRR
 fast-reroute per-prefix enable area 0 prefix-priority high
 fast-reroute per-prefix remote-lfa area 0 tunnel mpls-ldp
 fast-reroute per-prefix tie-break linecard-disjoint index 10
 fast-reroute per-prefix tie-break interface-disjoint index 20
 fast-reroute per-prefix tie-break primary-path index 30
 fast-reroute per-prefix tie-break node-protecting index 40
 fast-reroute per-prefix tie-break lowest-metric index 50
 fast-reroute per-prefix tie-break downstream index 60
 timers throttle lsa 0 50 5000
 timers lsa arrival 10
 timers pacing flood 5
 passive-interface default
 no passive-interface GigabitEthernet0/0/3
 network xxx.xxx.xxx.xxx 0.0.0.1 area 0
 mpls ldp sync

interface GigabitEthernet0/0/3
 description
ip ospf ttl-security  x  <-- Recommended?
 dampening
 mtu 9100
 ip address  xxx.xxx.xxx.xxx 255.255.255.254
 no ip proxy-arp
 ip ospf authentication key-chain OSPF_HELLO
 ip ospf network point-to-point
 ip ospf flood-reduction
 ip ospf bfd
 ip ospf cost 240
 load-interval 30
 carrier-delay msec 0
 negotiation auto
 mpls ip
 mpls ldp igp sync delay 10
 bfd interval 50 min_rx 50 multiplier 3
 no bfd echo
end


Thanks in advance.



___
cisco-nsp mailing list  cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/

Re: [c-nsp] NCS4200 - re-badged ASR920 / ASR900 ?

2017-04-26 Thread CiscoNSP List 

Specific interest here alsowe are about to purchase a heap of 5501's, and 
ASR920's as PEsnow this NCS4200 has thrown a spanner in the works lolXR 
across the board would be much nicerbut if its BU split/politics, then it 
will be interesting times ahead.



From: cisco-nsp  on behalf of quinn snyder 

Sent: Wednesday, 26 April 2017 6:23 AM
To: Gert Doering
Cc: cisco-nsp
Subject: Re: [c-nsp] NCS4200 - re-badged ASR920 / ASR900 ?


> On Apr 25, 2017, at 12:36 PM, Gert Doering  wrote:
>
> Now the interesting question is, of course, *which* NCS code... as there
> seem to be a number of different "NCS*" families.
>
> An ASR920-style device with IOS XR on it, and actually doing all the
> nice XR things, I'd love to see that.  Even if software upgrades would
> suck.

digging through my notes from the service provider partner vt meeting from last 
summer:

(*) ncs4200 positioned as tdm-to-ethernet conversion box to ease the movement 
from legacy networks to ethernet
(*) not considered a replacement for legacy dacs —- cost per port too high
(*) initial market meant to be larger carriers — “ncs” moniker helps with 
positioning in transport teams
(*) initial release will have parity with asr900-series (903/907/920) — 
including running ios-xe
(*) movement towards ios-xr expected sometime within 18 months of platform 
release; not in “ec” yet
(*) module parity between ncs4200 and asr900s at fcs
(*) modules may be developed in either platform that may not necessarily be 
absorbed into the other (think b/u split here)

thats all i could find.
we’re taking specific interest in this platform — as we’re deploying within 
several customer networks.

q.

--
quinn snyder | snyd...@gmail.com


___
cisco-nsp mailing list  cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/

Re: [c-nsp] NCS4200 - re-badged ASR920 / ASR900 ?

2017-04-26 Thread CiscoNSP List 
Based on software roadmap, its running XE (Everest currently, then 
Polaris/unified stack(16.5.2))...they "appear" to be targeting sonet/sdh with 
it...Its an ASR920/ASR90x, so XE it has to be I guessunless they plan to 
transition it to XRall the other NCS platforms are XR (I believe..5xxx/6xxx 
are)...It would be like having the ASR9001 running XE, where all others run 
XR,just seems wrong lol.


Cheers



From: Gert Doering <g...@greenie.muc.de>
Sent: Wednesday, 26 April 2017 5:36 AM
To: Erik Sundberg
Cc: Pete Templin; Gert Doering; CiscoNSP List; cisco-nsp@puck.nether.net
Subject: Re: [c-nsp] NCS4200 - re-badged ASR920 / ASR900 ?

Hi,

On Tue, Apr 25, 2017 at 06:21:51PM +, Erik Sundberg wrote:
> I just had a presentation on this.
>
> Sounded like the ASR920 AKA Rebranded as the NCS4200 will be running the NCS 
> Code. Sounded like same hardware.
>
> Also thinking it's more of a product switch to fill out the NCS Product set.

Now the interesting question is, of course, *which* NCS code... as there
seem to be a number of different "NCS*" families.

An ASR920-style device with IOS XR on it, and actually doing all the
nice XR things, I'd love to see that.  Even if software upgrades would
suck.

gert
--
USENET is *not* the non-clickable part of WWW!
   //www.muc.de/~gert/
Gert Doering - Munich, Germany g...@greenie.muc.de
fax: +49-89-35655025g...@net.informatik.tu-muenchen.de
___
cisco-nsp mailing list  cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/

Re: [c-nsp] NCS4200 - re-badged ASR920 / ASR900 ?

2017-04-25 Thread CiscoNSP List 

Why? Why have an exact copy of the ASR92x/ASR90xI fail to see the logic, 
other than they are using a new chipset in the NCS42x that is not compatible 
with the architecture of the ASR9x?

If feature parity between the 2 are identicalIt makes no sense?

Thanks


From: Ted Johansson <ted.johans...@tele2.com>
Sent: Tuesday, 25 April 2017 4:07 PM
To: CiscoNSP List; cisco-nsp@puck.nether.net
Subject: RE: NCS4200 - re-badged ASR920 / ASR900 ?

The ASR900 series will not be replaced by NCS4200, both series will co-exist.

Best Regards
Ted

-Original Message-
From: cisco-nsp [mailto:cisco-nsp-boun...@puck.nether.net] On Behalf Of 
CiscoNSP List
Sent: den 25 april 2017 06:05
To: cisco-nsp@puck.nether.net
Subject: [c-nsp] NCS4200 - re-badged ASR920 / ASR900 ?

Just noticed these on Cisco's site - They appear to be just re-badged 
ASR920/ASR900's? (They even use ASR920 power supplies etc)

Anyone have any info on them?  Is this Cisco discretely releasing a "new" 
ASR920/900 that supports Laeba-based chips perhaps, and ASR900/920 will be 
"replaced"?

Cant find much info on them re hardware specsbut only had a quick 
google/search on Cisco's Site.

Links on both -

ie.   NCS4201 = ASR920-24SZ-M
NCS4202 = ASR920-12SZ-IM

They look identical anyway :)

http://www.cisco.com/c/en/us/products/collateral/optical-networking/network-convergence-system-4200-series/datasheet-c78-736910.html

http://www.cisco.com/c/en/us/products/collateral/routers/asr-920-series-aggregation-services-router/datasheet-c78-733397.html

http://www.cisco.com/c/en/us/td/docs/routers/asr920/hardware/installation/guide-12sz-im/b-asr-920-12-SZ-IM/b-asr-920-crete_chapter_00.html

http://www.cisco.com/c/en/us/products/routers/asr-920-series-aggregation-services-router/models-comparison.html

http://www.cisco.com/c/en/us/products/collateral/optical-networking/network-convergence-system-4200-series/datasheet-c78-738102.html

http://www.cisco.com/c/en/us/products/collateral/routers/asr-903-series-aggregation-services-routers/datasheet-c78-738339.html


Cheers

___
cisco-nsp mailing list  cisco-nsp@puck.nether.net 
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/

 IMPORTANT NOTICE 
The content of this e-mail is intended for the addressee(s) only and may 
contain information that is confidential and/or otherwise protected from 
disclosure. If you are not the intended recipient, please note that any 
copying, distribution or any other use or dissemination of the information 
contained in this e-mail (and its attachments) is strictly prohibited. If you 
have received this e-mail in error, kindly notify the sender immediately by 
replying to this e-mail and delete the e-mail and any copies thereof.

Tele2 AB (publ) and its subsidiaries (“Tele2 Group”) accepts no responsibility 
for the consequences of any viruses, corruption or other interference 
transmitted by e-mail.
___
cisco-nsp mailing list  cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/

[c-nsp] NCS4200 - re-badged ASR920 / ASR900 ?

2017-04-24 Thread CiscoNSP List 
Just noticed these on Cisco's site - They appear to be just re-badged 
ASR920/ASR900's? (They even use ASR920 power supplies etc)

Anyone have any info on them?  Is this Cisco discretely releasing a "new" 
ASR920/900 that supports Laeba-based chips perhaps, and ASR900/920 will be 
"replaced"?

Cant find much info on them re hardware specsbut only had a quick 
google/search on Cisco's Site.

Links on both -

ie.   NCS4201 = ASR920-24SZ-M
NCS4202 = ASR920-12SZ-IM

They look identical anyway :)

http://www.cisco.com/c/en/us/products/collateral/optical-networking/network-convergence-system-4200-series/datasheet-c78-736910.html

http://www.cisco.com/c/en/us/products/collateral/routers/asr-920-series-aggregation-services-router/datasheet-c78-733397.html

http://www.cisco.com/c/en/us/td/docs/routers/asr920/hardware/installation/guide-12sz-im/b-asr-920-12-SZ-IM/b-asr-920-crete_chapter_00.html

http://www.cisco.com/c/en/us/products/routers/asr-920-series-aggregation-services-router/models-comparison.html

http://www.cisco.com/c/en/us/products/collateral/optical-networking/network-convergence-system-4200-series/datasheet-c78-738102.html

http://www.cisco.com/c/en/us/products/collateral/routers/asr-903-series-aggregation-services-routers/datasheet-c78-738339.html


Cheers

___
cisco-nsp mailing list  cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/

Re: [c-nsp] (Off-Topic) HLD / LLD Network Documentation framework

2017-04-18 Thread CiscoNSP List 
Cheers Adam - much appreciated - I actually sourced some very nice HLD, LLD, 
and also Network testing (Scope/Business 
case/POC/Performance-Scaleability/Network read for use/reporting etc) 
templatesProvide an excellent framework to work from.and def. agree, 
Understanding and detailing the requirements, is paramount before even looking 
at HLD.


Thanks



From: adamv0...@netconsultings.com <adamv0...@netconsultings.com>
Sent: Tuesday, 18 April 2017 7:28 PM
To: 'CiscoNSP List'; cisco-nsp@puck.nether.net
Subject: RE: [c-nsp] (Off-Topic) HLD / LLD Network Documentation framework


> CiscoNSP List
> Sent: Thursday, April 13, 2017 2:23 PM
>
> Hi Everyone,
>
>
> Bit Off Topic, but hoping someone may have links/suggestions on the
> following:
>
>
> Looking for some example templates of HLD + LLD Network documentation -
> Had a bit of a google, but not having a lot of luck finding
templates/example
> docs that have appealed to meWant to document everything from HLD
> (POPS/Links) -> LLD (Nodes, type, IOS versions, links (With
IP/IGP/MPLS/BGP
> etc details)
>
>
> Static documents are acceptable, but interactive/live would be the optimum
> choice...hoping someone on the list has some suggestions
>
>
Hi,

Before you start work on these or basically before you start work on any
project, you have to have a very good understanding of all the requirements
that a given project is trying to address.
So I suggest you first get a very good grasp on requirements and have them
documented very well.
It's also a good way to assess whether you have achieved all your goals with
this project or whether subsequent projects are needed when the time is
right.

Requirements can be for example:
Scalability: -how can you extend all the network components while not
affecting existing traffic in the process.
Efficiency: how is the network efficient with all the network resources, NPU
pps/bps budgets, FIB/RIB, BGP sessions, VRFs, Labels, QOS, etc.. and of
course links BW -i.e. your traffic patterns.
Resiliency: how to reduce fallout after any network component failure.
Security: how to secure various network perimeters.

-once you have these set, the documents basically write themselves.

Most important when writing HLD/LLD is to document WHY not only WHAT, it'll
help the reader to understand your reasoning behind why you have selected a
particular option, and will also make you think in the process of making,


HLD is more about concepts.
It's good to document all the options you considered (e.g. during POC
testing) and again "why" have you selected a particular option.

LLD is more about the actual configuration.
So you got to get all your details together for this one.


adam

netconsultings.com
::carrier-class solutions for the telecommunications industry::

___
cisco-nsp mailing list  cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/

[c-nsp] (Off-Topic) HLD / LLD Network Documentation framework

2017-04-13 Thread CiscoNSP List 
Hi Everyone,


Bit Off Topic, but hoping someone may have links/suggestions on the following:


Looking for some example templates of HLD + LLD Network documentation - Had a 
bit of a google, but not having a lot of luck finding templates/example docs 
that have appealed to meWant to document everything from HLD (POPS/Links) 
-> LLD (Nodes, type, IOS versions, links (With IP/IGP/MPLS/BGP etc details)


Static documents are acceptable, but interactive/live would be the optimum 
choice...hoping someone on the list has some suggestions


Cheers
___
cisco-nsp mailing list  cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/

Re: [c-nsp] Design recommendation from Cisco

2017-03-11 Thread CiscoNSP List 

Just an update to this - I got to speak to (unfortunately) just the sales 
team(Cisco), and one SE...they wanted to build a POC for us (NCS 5500 vs ASR9K) 
to show how much "better" the 9K was(thanks, but no thanks)...told them it 
wasnt necessary, and wanted a full BOM with 5501's vs 9K (Compare 
price/features etc).


Ive now just learnt that they had another meeting 2 days ago, and have 
convinced our CEO that the NCS5508 would be the best solution...i.e. they could 
see that the 9K was getting blocked, but NCS5500 was liked as a potential 
option, so have gone for the bigger 5508 to get the bigger $.Ive got no 
idea what one of these cost (As chassis/line cards), but 13RU high, 8 
slots...and when RRP of a 5501-SE is  $120K and the 5502-SE is $720K...I can 
only imagine what the 5508 will costIve had a quick read up on them, and 
they appear to have 250K TCAM (IPv4)...but Ive read this also "Line cards for 
the 5508 come in regular and scale. Scale has TCAM for lots of routes external 
to the ASIC. The space required for the external TCAM reduces the number of 
ports that can be supported on each line card."


The only other details I received about the 5508 solution was "chassis in 
spine/leaf with additional wan cards"


No doubt it will be a replica of the 9K design (Single "redundant" 
router)just replacing the 9K with 5508.


For some reason my replies have not been appearing on the list...if this one 
doesnt, Ill start a new thread...

Cheers


From: cisco-nsp <cisco-nsp-boun...@puck.nether.net> on behalf of Tom Hill 
<t...@ninjabadger.net>
Sent: Tuesday, 7 March 2017 3:28 AM
To: cisco-nsp@puck.nether.net
Subject: Re: [c-nsp] Design recommendation from Cisco

On 06/03/17 14:23, CiscoNSP List wrote:
> either a single 9906 or 9010 (Fully redundant, dual RSP), with
> NCS5K's hanging of each on as satellites...theyve also proposed dual
> A9K-MOD200-SE's with 2 x A9K-48x10G-1G-SEthose with 9Ks will know
> how much those cost...insanely expensive.

I'm curious as to how that mix of cards gets in there. I'd have thought
a pair of 48x10G/1G cards would see off any requirement for MOD200s,
unless of course they're aiming to sell you small quantities of 100G as
well?

Further, try to avoid the 9010, and the 9006. The 9906 will be an
excellent choice (does away with the need for a baffle for front-to-back
cooling, has upgradable Fabric, etc.) and like the 9910, will be
supported for much longer.

As to their overall design, it does sound like they've got dollar signs
in their eyes... Probably as a result of the SDN requirement.

The A9k is a very capable edge device that can happily operate in a core
role, but the port density does not lend itself well to that. Their
suggestion even goes against the standard model for larger builds, that
use NCS6k in the core, and A9k on the edge.

The NCS55k isn't "cheap" (the L3VPN/L2VPN licensing alone is insane) but
using it as a purely P device is pretty much what it's been designed for
from the outset. For these Cisco bods to be suggesting NCSk on the edge
is pretty insane, and somewhat contradictory to what they've been saying
about the feature set of the NCS55k as a core device; it's not ready yet.

I'm not a Cisco SE, and I've not fully evaluated the 'SDN' features of
each platform in great detail, but I'm fairly sure your initial idea was
far better than the one Cisco have tried to sell you.

I'd see if you could try and get a second opinion internally, or perhaps
try and speak to a few more SEs without the salesmen watching. :)

Good luck.

--
Tom
___
cisco-nsp mailing list  cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
cisco-nsp Info Page - 
puck.nether.net<https://puck.nether.net/mailman/listinfo/cisco-nsp>
puck.nether.net
cisco-nsp -- list for people using cisco in a NSP (Network service provider) 
environment About cisco-nsp



archive at http://puck.nether.net/pipermail/cisco-nsp/
___
cisco-nsp mailing list  cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/

[c-nsp] Design recommendation from Cisco

2017-03-06 Thread CiscoNSP List 
Hi Everyone,


Received a draft proposal/bom from Cisco for a new "core"...we currently run a 
bunch of ASR920's/ME3600's/ASR1Ks, utilising the 10G ports on ASR920's for 
interpop...obviously these are limited, so more an more ASR920's are being 
purchased purely for 10G...not ideal, so proposed design was to have a true 
"core(P)", interconnected at 10+Gb, with ASR920's hanging of these as true 
PEs...The NCS5001/5501 was looking like a very good option for us...small 
footprint, good port densitybut very new.


Our CEO became very friendly with Cisco (As you'd expect, Cisco saw a 
significant sales opportunity), and believed we needed asr9Ks for SDN (That is 
his vision...full SDN, one touch provisioning type thing)...I informed him of 
the size of the 9Ks(Phyical), the price, the line cards, the licensing, and 
that the 9K would be beyond overkill for our use-case (We sell 70-80% L3VPN to 
business...no home usersprimarily vrf, managed firewall...vanilla 
stuff)...we are just reaching the point were 1G Interpops are not adequate.


I had one meeting with Cisco, and they were certainly pushing the 9K barrow, 
and hard...saying that we needed to run 9Ks at each pop, with ncs5Ks as 
satellites


I asked why we needed 9Ks over 5501's as a "P" box, and they stated that the 
9Ks are far more feature rich, and can hold massive number of routes - 
8million...I asked what features do the 9Ks have that the 5501's dont...we do 
not do anything exotic, we have no need for our P boxes to hold 8million routes 
in Fib...the 5501's can support 1-2 mill, which is more than enough for our use 
casewe would have transit edge routers holding the full table(s)I 
cannot see a compelling reason to spend 10 times the amount of money on a box 
for features we dont needbut they kept pushing the 9K (Its "SDN ready"), so 
I asked them how is the NCS not "SDN ready", which they responded...Its a very 
new device, and features from the 9K will take quite some time to be released 
on the NCSanyway, they have sent through a "proposal", which I found quite 
funny.there design is to run a collapsed core at each pop(So the ASR9K is 
P/PE)either a single 9906 or 9010 (Fully redundant, dual RSP),
  with NCS5K's hanging of each on as satellites...theyve also proposed dual 
A9K-MOD200-SE's with 2 x A9K-48x10G-1G-SEthose with 9Ks will know how much 
those cost...insanely expensive.


I get that Cisco are wanting to make as big a sale as possible, but the design 
they have proposed is just bada single(redundant RSP/power etc) 9K per 
popwe have typically one pop per "state"every customer in a given state 
would then reside on the 9K (As they are P/PE)...so any issue with them, and 
maintenance(XR upgrade etc), we would take down every customer in an entire 
state...I just am bemused at there design choiceIve never used a 9K, but 
how is this a "good" design, and more importantly a wise investment.lol, 
sure it will future proof our bandwdth needs for quite a few years...but it is 
a step backwards in my eyes from a design perspectivecollapsed cores are 
horrible to maintain.Im meeting with them at ciscolive, so cant wait to 
hear what they have to say.


Cheers
___
cisco-nsp mailing list  cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/

[c-nsp] ebgp - multihop - prefixes received are inaccessible (next hop)

2017-02-09 Thread CiscoNSP List 
Hi,

Have a customer with 2 multiop eBGP peering sessions to 2 x ASR1001 - Sessions 
establish (2 hops away), they receive default, and advertise a /24 - we receive 
the /24, but prefixes "were" inaccessible and not added to routing table.

Setup is not really ideal, but cust is peering to our ASRs loop, and we are 
peering to an IP that is in a /29 that we have assigned to them (So the /29 to 
there bgp router, has an IP on an Int in our network...i.e. there def gw))

I say were, as I "fixed" one sessionI knew the prefixes were inaccessible 
due to next hop, but next hop route was in bgp, and fib...from reading, bgp 
checks the int next-hop was learned from, and if the prefix was learned via a 
different Int (From peering Int), then you can get innaccessible?

What I found strange about this was that particular scenarion would be fairly 
common in ebgp multihop? i.e multiple redundant paths, the next hop could come 
from any of them if an outage occurred?

Anyway, even though the ASR was learning the next hop address via iBGP, and the 
address was in fib, it still complained with:

 BGP(0): xxx.xxx.xx.236 rcvd UPDATE w/ attr: nexthop xxx.xxx.xx.236, origin i, 
merged path xxx, AS_PATH
 BGP(0): xxx.xxx.xx.236 rcvd yyy.yyy.yyy.0/24
 BGP(0): no valid path for yyy.yyy.yyy.0/24

I thought ebg-multihop would accomodate for this, but obviously it doesnt...so, 
I tried setting a static route for the /29 on one of the ASR's, to the loop of 
the PE they connect to...this worked, and the prefix learned went from 
innacessible to being placed in fib.

So, thought it would be simply a matter of doing the same on the other asr, but 
unfortunately, not...

The only difference between the 2 ASR1000's is that one is an RR...this is the 
one that is not working, and Im not sure if it being an RR is the cause..

Tried adding static route on the ASR1000 (RR)...made no difference, prefix 
still innacessiblewhy it doesnt like the prefix that is already in bgp/fib. 
not entirely sure, but even more puzzling is why the static route work-around 
doesnt work on this AST1Kthe setup is identical ASR1k->PE(ASR920)->CUST in 
both locations...only difference is that the one that refuses to work is an RR

The one that doesnt work, I get this in debug:

BGP(0): xxx.xxx.xx.236 rcvd UPDATE w/ attr: nexthop xxx.xxx.xx.236, origin i, 
merged path xxx, AS_PATH
BGP(0): xxx.xxx.xx.236 rcvd yyy.yyy.yyy.0/24
BGP(0): no valid path for yyy.yyy.yyy.0/24

The one with static, that does work, I see this:

BGP(0): (base) xxx.xxx.xx.124 send UPDATE (format) 0.0.0.0/0, next 
zzz.zzz.zz.201, metric 0, path Local
BGP(0): xxx.xxx.xx.124 rcvd UPDATE w/ attr: nexthop xxx.xxx.xx.124, origin i, 
merged path xxx, AS_PATH
BGP(0): xxx.xxx.xx.124 rcvd yyy.yyy.yyy.0/24
BGP: nbr_topo global xxx.xxx.xx.124 IPv4 Unicast:base (0x7F9B7F521BE0:1) NSF 
rcvd End-of-fib
BGP: nbr_topo global xxx.xxx.xx.124 IPv4 Unicast:base (0x7F9B7F521BE0:1) NSF 
Receiving router rcvd End-of-fib
BGP(0): Revise route installing 1 of 1 routes for yyy.yyy.yyy.0/24 -> 
xxx.xxx.xx.124(global) to main IP table


Config (Basically identical on both ASR1K's)

 neighbor xx peer-group
 neighbor xx remote-as xxx
 neighbor xx CUST_MULTIHOP_TEST
 neighbor xx update-source Loopback0
 neighbor xxx.xxx.xx.236 peer-group xx
 neighbor xxx.xxx.xx.236 ebgp-multihop 2
 address-family ipv4
 neighbor xx next-hop-self
 neighbor xx default-originate
 neighbor xx soft-reconfiguration inbound
 neighbor xx route-map CUST-BGP-IN in
 neighbor xx route-map CUST-BGP-ADV out
 neighbor xx maximum-prefix 10 50
 neighbor xx filter-list 50 in


Any help is greatly appreciated :)


Thanks.

___
cisco-nsp mailing list  cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/

Re: [c-nsp] PE "Sprawl" - P/Core Router suggestions.

2016-12-31 Thread CiscoNSP List 

Cheers Tim - Yes, I'm liking them a lot...Just tossing up whether the 5000 will 
be adequate, or whether the 5500 is the better option (Larger FIB/more 
features(That I may/may not need...but provides flexibility for the 
future))...quick google on rrp, 5501 was ~double the price of the 5001...hope 
this isnt the case


Cheers



From: Tim Durack <tdur...@gmail.com>
Sent: Saturday, 31 December 2016 12:49 AM
To: CiscoNSP List; Phil Bedard; cisco-nsp@puck.nether.net
Subject: Re: [c-nsp] PE "Sprawl" - P/Core Router suggestions.

I have an NCS-5501 in the lab (SE unit, non-SE not available for demo.) Working 
OSPF, MPLS, MP-BGP, L3VPN etc. No production experience yet.

I am looking at the NCS-5501 for a high performance dense 10G P/PE (no CE 
involved.) Looking at NCS-5502 for dense 100G P.

I think the NCS-5500 platform is attractive. Reminds me of the C6K/C7.6K but 
running IOS-XR.

On Thu, Dec 29, 2016 at 7:16 PM CiscoNSP List 
<cisconsp_l...@hotmail.com<mailto:cisconsp_l...@hotmail.com>> wrote:
Hi Phil - We currently run MPLS/OSPF/BGP...predominantly selling L3VPN services 
(And also vanilla Inet) - No intention of running user services on the new 
core, all will be on the PE's...The 5501 does look very nice...havent seen 
pricing on them yet...ball park "double" the price of the 5001?


Im hoping someone on the list has used (Or is using) the 5000/5500 - As they 
are very new, stability is a concern - Cheers



From: Phil Bedard <phil...@gmail.com<mailto:phil...@gmail.com>>
Sent: Friday, 30 December 2016 1:19 AM
To: CiscoNSP List; cisco-nsp@puck.nether.net<mailto:cisco-nsp@puck.nether.net>
Subject: Re: [c-nsp] PE "Sprawl" - P/Core Router suggestions.

What kind of protocols are you running on the network?  What’s the likelihood 
of running some user services or more advanced features on the new “core” 
boxes?   Cisco gear the NCS 5501 would probably be my choice, it’s 
substantially less expensive than the 5502 if you don’t need the 100G density 
or still need to support 1G.  The low scale version of the box would probably 
fit your needs fine, and they’ve made enhancements in 6.1.2 where the low scale 
versions can fit an Internet table now if need be.   On the lower end that’s a 
bit tougher but the price point on the 5501 may be low enough it makes sense to 
use it everywhere.

Phil
-Original Message-
From: cisco-nsp 
<cisco-nsp-boun...@puck.nether.net<mailto:cisco-nsp-boun...@puck.nether.net>> 
on behalf of CiscoNSP List 
<cisconsp_l...@hotmail.com<mailto:cisconsp_l...@hotmail.com>>
Date: Tuesday, December 27, 2016 at 23:04
To: "cisco-nsp@puck.nether.net<mailto:cisco-nsp@puck.nether.net>" 
<cisco-nsp@puck.nether.net<mailto:cisco-nsp@puck.nether.net>>
Subject: [c-nsp] PE "Sprawl" - P/Core Router suggestions.

Hi Everyone (Apologies in advance for the long post :) )


We have multiple POPs, of varying sizes, no true "core"due to size 
initially(# of customer tails @ POPs), collapsed design was used to reduce 
capex/improve ROI.


Hardware currently used are ME3600's/ASR920's/ASR1Ks(LNS/Transit), and TOR 
switches 4900's, Nex3Ks


Primary service offering is L3VPN, and as we aggregate with a large number 
of carriers, customers can pick/choose tails to suit budget/bandwidth/sla's etc


Interpop connections are currently going into our ASR920's, and as they 
have a limited # of 10G ports(4), we are having to add more ASR920's, purely 
for 10G...not ideal, not scaleable, and increasingly difficult to manage.


So, looking to put a more modular(Hierarchical two-layer - "core" and 
"aggregation" ) design in place, that is easily replicable/templated/flexible.


Hardware (Cisco house) - Ive looked at so far:


ASR9001 for our larger POPs, but 10G port density on them is an issue...4 
onboard, and they only support the 4 port 10G MPAs(2 line card slots, so 2 of 
these)so total 12 x 10G?
ASR1K - I see they have released the 1001/2-HX with the 1002 having an EPA 
slot - So, 8 x 10G onboard, and with an EPA 10x10G a total of 18 x 10G ports - 
but as these are very very new, Im guessing very pricey?
NCS - Very new, and know very little about them - NCS5001/NCS5002 - 10G 
port density definitely not an issue(40 + 80)...but they are an "MPLS agg 
router"...So, potentially an option if we went BGP-free "core"?
Then we have the bigger "chassis" brothers of the ASR9K/1K and NCS...all 
being a lot more $, and taking up a lot more real-estate in the Rack..

ASR9001 - "looked" like an ideal candidate, but the limited number of 10G 
ports is an issue
ASR1K - 1002-HX - Looks fantastic, but I would imagine very big $ if fully 
populated with 10G ports
NCS - Unsure on these as they are very

[c-nsp] Segment Routing

2016-12-31 Thread CiscoNSP List 
Hi Everyone,


Been doing a bit of reading on segment routing, and on paper it looks very 
interesting - Just wondering if anyone has deployed it, and what their 
experiences with it are?


Coestinence with LDP is certainly a plus as migration from LDP->SR would be 
"easier"...theoretically, as Ive not used it yet ;)


Cheers



___
cisco-nsp mailing list  cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/

Re: [c-nsp] PE "Sprawl" - P/Core Router suggestions.

2016-12-29 Thread CiscoNSP List 
Hi Phil - We currently run MPLS/OSPF/BGP...predominantly selling L3VPN services 
(And also vanilla Inet) - No intention of running user services on the new 
core, all will be on the PE's...The 5501 does look very nice...havent seen 
pricing on them yet...ball park "double" the price of the 5001?


Im hoping someone on the list has used (Or is using) the 5000/5500 - As they 
are very new, stability is a concern - Cheers



From: Phil Bedard <phil...@gmail.com>
Sent: Friday, 30 December 2016 1:19 AM
To: CiscoNSP List; cisco-nsp@puck.nether.net
Subject: Re: [c-nsp] PE "Sprawl" - P/Core Router suggestions.

What kind of protocols are you running on the network?  What’s the likelihood 
of running some user services or more advanced features on the new “core” 
boxes?   Cisco gear the NCS 5501 would probably be my choice, it’s 
substantially less expensive than the 5502 if you don’t need the 100G density 
or still need to support 1G.  The low scale version of the box would probably 
fit your needs fine, and they’ve made enhancements in 6.1.2 where the low scale 
versions can fit an Internet table now if need be.   On the lower end that’s a 
bit tougher but the price point on the 5501 may be low enough it makes sense to 
use it everywhere.

Phil
-Original Message-
From: cisco-nsp <cisco-nsp-boun...@puck.nether.net> on behalf of CiscoNSP List 
<cisconsp_l...@hotmail.com>
Date: Tuesday, December 27, 2016 at 23:04
To: "cisco-nsp@puck.nether.net" <cisco-nsp@puck.nether.net>
Subject: [c-nsp] PE "Sprawl" - P/Core Router suggestions.

Hi Everyone (Apologies in advance for the long post :) )


We have multiple POPs, of varying sizes, no true "core"due to size 
initially(# of customer tails @ POPs), collapsed design was used to reduce 
capex/improve ROI.


Hardware currently used are ME3600's/ASR920's/ASR1Ks(LNS/Transit), and TOR 
switches 4900's, Nex3Ks


Primary service offering is L3VPN, and as we aggregate with a large number 
of carriers, customers can pick/choose tails to suit budget/bandwidth/sla's etc


Interpop connections are currently going into our ASR920's, and as they 
have a limited # of 10G ports(4), we are having to add more ASR920's, purely 
for 10G...not ideal, not scaleable, and increasingly difficult to manage.


So, looking to put a more modular(Hierarchical two-layer - "core" and 
"aggregation" ) design in place, that is easily replicable/templated/flexible.


Hardware (Cisco house) - Ive looked at so far:


ASR9001 for our larger POPs, but 10G port density on them is an issue...4 
onboard, and they only support the 4 port 10G MPAs(2 line card slots, so 2 of 
these)so total 12 x 10G?
ASR1K - I see they have released the 1001/2-HX with the 1002 having an EPA 
slot - So, 8 x 10G onboard, and with an EPA 10x10G a total of 18 x 10G ports - 
but as these are very very new, Im guessing very pricey?
NCS - Very new, and know very little about them - NCS5001/NCS5002 - 10G 
port density definitely not an issue(40 + 80)...but they are an "MPLS agg 
router"...So, potentially an option if we went BGP-free "core"?
Then we have the bigger "chassis" brothers of the ASR9K/1K and NCS...all 
being a lot more $, and taking up a lot more real-estate in the Rack..

ASR9001 - "looked" like an ideal candidate, but the limited number of 10G 
ports is an issue
ASR1K - 1002-HX - Looks fantastic, but I would imagine very big $ if fully 
populated with 10G ports
NCS - Unsure on these as they are very new, and docs on them are a little 
sparse...i.e. Could they be an option, if we went BGP-free in the core?
Other Options?


Then for our smaller pops (that have 2-4 ASR920's(PEs) - Core/Agg box for 
these is quite a challenge...we would still need something with 10x10G ports to 
give us scale(PEs) and also for Interpopany suggestions here would be 
greatly appreciated :)


For our "larger" POPs, where we will see 6+ (ASR920's) PEs - Dual 10G 
connectivity to the 2 Core/Agg routers will quickly burn lots of ports (As well 
as the needed Interpop connections) - Are mini PE "rings" an option...i.e. 
maybe 4 x ASR920's, east-west connected, with just 2 having 10G to the core/Agg?


Appreciate any suggestions/comments/recommendations  - Cheers


___
cisco-nsp mailing list  cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
cisco-nsp Info Page - 
puck.nether.net<https://puck.nether.net/mailman/listinfo/cisco-nsp>
puck.nether.net
cisco-nsp -- list for people using cisco in a NSP (Network service provider) 
environment About cisco-nsp



archive at http://puck.nether.net/pipermail/cisco-nsp/



___
cisco-nsp mailing list  cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/

Re: [c-nsp] PE "Sprawl" - P/Core Router suggestions.

2016-12-29 Thread CiscoNSP List 

Cheers Ted - Yes, looked at the 903's/RSP3 - I do like them..but they dont 
support segment routing (OSPF) Only ISIS currently?... and segment routing is 
something that I want to look at implementing.



From: Ted Johansson <ted.johans...@tele2.com>
Sent: Wednesday, 28 December 2016 8:23 PM
To: CiscoNSP List
Cc: cisco-nsp@puck.nether.net
Subject: Re: [c-nsp] PE "Sprawl" - P/Core Router suggestions.

Have you been looking at the ASR903?
They support 8x10GE LCs and the chassis supports 6 LCs with the 
A900-RSP3C-400-S. Or perhaps Juniper ACX5000?

Best Regards
Ted

Sent from my Phone
> On 28 Dec 2016, at 05:05, CiscoNSP List <cisconsp_l...@hotmail.com> wrote:
>
> Hardware currently used are ME3600's/ASR920's/ASR1Ks(LNS/Transit), and TOR 
> switches 4900's, Nex3Ks

 IMPORTANT NOTICE 
The content of this e-mail is intended for the addressee(s) only and may 
contain information that is confidential and/or otherwise protected from 
disclosure. If you are not the intended recipient, please note that any 
copying, distribution or any other use or dissemination of the information 
contained in this e-mail (and its attachments) is strictly prohibited. If you 
have received this e-mail in error, kindly notify the sender immediately by 
replying to this e-mail and delete the e-mail and any copies thereof.

Tele2 AB (publ) and its subsidiaries ("Tele2 Group") accepts no responsibility 
for the consequences of any viruses, corruption or other interference 
transmitted by e-mail.
___
cisco-nsp mailing list  cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/

Re: [c-nsp] PE "Sprawl" - P/Core Router suggestions.

2016-12-29 Thread CiscoNSP List 
Thanks Saku (Apologies for top posting...hotmail/outlook live doesnt play nice 
with inline responses)


So, the NCS5001 or 5501 look to be a nice fit (And migrating to BGP-free core) 
- As they are a very new box (the 5501/2 was only released few months or so 
ago?), Im a little wary of stability...If anyone has actually used them (Or 
running them in production), would love to hear your feedback - Cheers



From: Saku Ytti <s...@ytti.fi>
Sent: Wednesday, 28 December 2016 7:05 PM
To: CiscoNSP List
Cc: cisco-nsp@puck.nether.net
Subject: Re: [c-nsp] PE "Sprawl" - P/Core Router suggestions.

On 28 December 2016 at 06:04, CiscoNSP List <cisconsp_l...@hotmail.com> wrote:

Hey,

> ASR9001 for our larger POPs, but 10G port density on them is an issue...4 
> onboard, and they only support the 4 port 10G MPAs(2 line card slots, so 2 of 
> these)so total 12 x 10G?

ASR9001 is Typhoon (2nd) generation HW, it won't be supported on
XRe/Linux. This isn't show stopper, but something to be mindful about,
you're buying sunsetting hardware.

> ASR1K - I see they have released the 1001/2-HX with the 1002 having an EPA 
> slot - So, 8 x 10G onboard, and with an EPA 10x10G a total of 18 x 10G ports 
> - but as these are very very new, Im guessing very pricey?

It is very high-touch device so port price is premium. If you're not
gonna need statefull FW, NAPT etc, it may not be the most economic
choice. Also IOS-XE makes automation unnecessarily expensive/hard as
it lacks 'roll forward' ((c) Jared), that is, ability to move from
arbitrary full config A to arbitrary full config B, which IOS-XR can
do, which makes automation much cheaper and easier.
I know IOS-XE has 'configure replace', but at least last time I tried
it, it was anything but hitless.

> NCS - Very new, and know very little about them - NCS5001/NCS5002 - 10G port 
> density definitely not an issue(40 + 80)...but they are an "MPLS agg 
> router"...So, potentially an option if we went BGP-free "core"?

BGP-free core (and strictly core, no customers, peers etc) is likely
one of the better placements for these boxes right now. From the
choices presented, this would be mine.
If you were not Cisco house, there would be other options.


--
  ++ytti
___
cisco-nsp mailing list  cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/

[c-nsp] PE "Sprawl" - P/Core Router suggestions.

2016-12-27 Thread CiscoNSP List 
Hi Everyone (Apologies in advance for the long post :) )


We have multiple POPs, of varying sizes, no true "core"due to size 
initially(# of customer tails @ POPs), collapsed design was used to reduce 
capex/improve ROI.


Hardware currently used are ME3600's/ASR920's/ASR1Ks(LNS/Transit), and TOR 
switches 4900's, Nex3Ks


Primary service offering is L3VPN, and as we aggregate with a large number of 
carriers, customers can pick/choose tails to suit budget/bandwidth/sla's etc


Interpop connections are currently going into our ASR920's, and as they have a 
limited # of 10G ports(4), we are having to add more ASR920's, purely for 
10G...not ideal, not scaleable, and increasingly difficult to manage.


So, looking to put a more modular(Hierarchical two-layer - "core" and 
"aggregation" ) design in place, that is easily replicable/templated/flexible.


Hardware (Cisco house) - Ive looked at so far:


ASR9001 for our larger POPs, but 10G port density on them is an issue...4 
onboard, and they only support the 4 port 10G MPAs(2 line card slots, so 2 of 
these)so total 12 x 10G?
ASR1K - I see they have released the 1001/2-HX with the 1002 having an EPA slot 
- So, 8 x 10G onboard, and with an EPA 10x10G a total of 18 x 10G ports - but 
as these are very very new, Im guessing very pricey?
NCS - Very new, and know very little about them - NCS5001/NCS5002 - 10G port 
density definitely not an issue(40 + 80)...but they are an "MPLS agg 
router"...So, potentially an option if we went BGP-free "core"?
Then we have the bigger "chassis" brothers of the ASR9K/1K and NCS...all being 
a lot more $, and taking up a lot more real-estate in the Rack..

ASR9001 - "looked" like an ideal candidate, but the limited number of 10G ports 
is an issue
ASR1K - 1002-HX - Looks fantastic, but I would imagine very big $ if fully 
populated with 10G ports
NCS - Unsure on these as they are very new, and docs on them are a little 
sparse...i.e. Could they be an option, if we went BGP-free in the core?
Other Options?


Then for our smaller pops (that have 2-4 ASR920's(PEs) - Core/Agg box for these 
is quite a challenge...we would still need something with 10x10G ports to give 
us scale(PEs) and also for Interpopany suggestions here would be greatly 
appreciated :)


For our "larger" POPs, where we will see 6+ (ASR920's) PEs - Dual 10G 
connectivity to the 2 Core/Agg routers will quickly burn lots of ports (As well 
as the needed Interpop connections) - Are mini PE "rings" an option...i.e. 
maybe 4 x ASR920's, east-west connected, with just 2 having 10G to the core/Agg?


Appreciate any suggestions/comments/recommendations  - Cheers


___
cisco-nsp mailing list  cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/

Re: [c-nsp] Incremental SFP (ISPF) - Provide any benefits "now"?

2016-12-21 Thread CiscoNSP List 

Thanks James - Very Interesting re iSPF and FRRIll  try removing this under 
maintenance window, and see if fixes the issue.


The latest on the IP FRR rLFA is that TAC/Dev have asked me to "try" removing  
fast-reroute keep-all-paths from OSPF  (Why? They think that this command is  
the reason behind unused rLFA tunnel).how? not entirely sureIts nice 
for troubleshooting/debugging to see the list of candidate  repair paths that 
were considered)but, Ill remove it, and see if it makes any difference.


Cheers



From: cisco-nsp <cisco-nsp-boun...@puck.nether.net> on behalf of James Bensley 
<jwbens...@gmail.com>
Sent: Wednesday, 21 December 2016 9:06 PM
To: cisco-nsp@puck.nether.net
Subject: Re: [c-nsp] Incremental SFP (ISPF) - Provide any benefits "now"?

On 16 December 2016 at 14:01, CiscoNSP List <cisconsp_l...@hotmail.com> wrote:
> Hey Adam - Have a TAC case open atm on ASR920 rLFA FRR (Tunnels being 
> created, when they shouldnt, and not used)...anyway, from this case, MPLS, 
> OSPF + ASR920 Dev teams have been working on it, and they have stated that 
> "ISPF conf under router ospf is not recommended anymore. The command will 
> soon be deprecated." - Its not related to the tac case, its was just a 
> recommendation from themI asked why is it being deprecated, and the 
> reason they gave is that was introduced to improve convergence on slower 
> processors, processors are fast now, so it is no longer needed.somewhat 
> strange, but I pressed them for more info, and that is all that they have 
> provided so far...
>

In the case of IP FRR (r)LFA, iSPF is not a recommended setting under
OSPF. When there is a failure with FRR LFA enabled, my understanding
is that traffic will re-route via the backup LSP however the entire
OSPF DB needs to be crawled as a new backup tunnel(s) needs to be
calculated now, iSPF could hinder this process because not all
possible paths would be explored in the OSPF DB, instead the first
"suitable" match would be used. That is what Cisco had lead me to
believe although it was unclear at the time so happy to be corrected
here.

There is a note on the Cisco doc's that says something like "The
OSPF/ISIS configuration option "ispf" is not recommended although it
is supported" with no further explenation so that we may decide whats
best for us :s

Cheers,
James.
___
cisco-nsp mailing list  cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
cisco-nsp Info Page - 
puck.nether.net<https://puck.nether.net/mailman/listinfo/cisco-nsp>
puck.nether.net
cisco-nsp -- list for people using cisco in a NSP (Network service provider) 
environment About cisco-nsp



archive at http://puck.nether.net/pipermail/cisco-nsp/
___
cisco-nsp mailing list  cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/

Re: [c-nsp] cisco SDC ?

2016-12-20 Thread CiscoNSP List 

Secure Data Center ?

http://www.cisco.com/c/dam/en/us/solutions/collateral/enterprise/design-zone-security/sdc-dg.pdf

Design and Implementation Guide - Cisco 
Systems
www.cisco.com
Secure Data Center for Enterprise- Multi Data Center Sites Deployment of Cisco 
ASA Clustering with FirePOWER Services Design and Implementation Guide-





From: cisco-nsp  on behalf of Hossein 
Forghani 
Sent: Tuesday, 20 December 2016 7:08 PM
To: cisco-nsp@puck.nether.net
Subject: [c-nsp] cisco SDC ?

is SDC  = smart dial control on cisco or  DDR (dial-on-demand-router) ?
___
cisco-nsp mailing list  cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
cisco-nsp Info Page - 
puck.nether.net
puck.nether.net
cisco-nsp -- list for people using cisco in a NSP (Network service provider) 
environment About cisco-nsp



archive at http://puck.nether.net/pipermail/cisco-nsp/
___
cisco-nsp mailing list  cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/

Re: [c-nsp] Incremental SFP (ISPF) - Provide any benefits "now"?

2016-12-16 Thread CiscoNSP List 
Hey Adam - Have a TAC case open atm on ASR920 rLFA FRR (Tunnels being created, 
when they shouldnt, and not used)...anyway, from this case, MPLS, OSPF + ASR920 
Dev teams have been working on it, and they have stated that "ISPF conf under 
router ospf is not recommended anymore. The command will soon be deprecated." - 
Its not related to the tac case, its was just a recommendation from themI 
asked why is it being deprecated, and the reason they gave is that was 
introduced to improve convergence on slower processors, processors are fast 
now, so it is no longer needed.somewhat strange, but I pressed them for 
more info, and that is all that they have provided so far...



From: adamv0...@netconsultings.com <adamv0...@netconsultings.com>
Sent: Friday, 16 December 2016 11:31 PM
To: 'CiscoNSP List'; cisco-nsp@puck.nether.net
Subject: RE: [c-nsp] Incremental SFP (ISPF) - Provide any benefits "now"?

Hi,

> CiscoNSP List
> Sent: Friday, December 16, 2016 9:55 AM
>
> Hi,
>
>
> Quick question re ISPF - Seems to be a very old feature (Introduced 12.0?)
> that was more "efficient" than full SPF algorithm (Allows OSPF to converge
> faster)...but it appears Cisco are deprecating it, and I can only assume
> because it is no longer necessary on today's faster hardware?
>
What gives you the impression that cisco is deprecating iSPF please?
I think that at most they are deprecating the knob not the functionality.

adam

netconsultings.com
::carrier-class solutions for the telecommunications industry::



___
cisco-nsp mailing list  cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/

[c-nsp] Incremental SFP (ISPF) - Provide any benefits "now"?

2016-12-16 Thread CiscoNSP List 
Hi,


Quick question re ISPF - Seems to be a very old feature (Introduced 12.0?) that 
was more "efficient" than full SPF algorithm (Allows OSPF to converge 
faster)...but it appears Cisco are deprecating it, and I can only assume 
because it is no longer necessary on today's faster hardware?


Does anyone use it? Find it actually improves convergence?


Cheers
___
cisco-nsp mailing list  cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/

Re: [c-nsp] Router memory problem

2016-10-30 Thread CiscoNSP List 
Very bleary eyed - but shouldnt this:


ip prefix-list max23 seq 5 permit 0.0.0.0/0 ge 8 le 16

be:

ip prefix-list max16 seq 5 permit 0.0.0.0/0 ge 8 le 16


As you are referencing max16 in your dist-ist


router bgp 
  distribute-list prefix max16 in




From: cisco-nsp  on behalf of Joseph Mays 

Sent: Thursday, 27 October 2016 7:06 AM
To: Chris Boyd; cisco-nsp@puck.nether.net
Subject: Re: [c-nsp] Router memory problem

> On the plus side, if you screw up routing with a mistake, you'll free a lot 
> of memory :-/

See, there could be a silver lining. :-)

Got the commands in...

router bgp 
  distribute-list prefix max16 in

ip prefix-list max23 seq 5 permit 0.0.0.0/0 ge 8 le 16

The bgp table seems to be dropping in size over time

core-gw1.noc#show ip bgp sum
[...]
xx.xxx.xxx.x4   174  146060 785   70730200 13:00:03   605322

core-gw1.noc#show ip bgp sum
[...]
xx.xxx.xxx.x4   174  146060 785   70730200 13:00:03   603660

but it's taking a long time. I could clear the bgp tables, but I'm hesitant to 
do that. Maybe better to just let it drop over time.







-Original Message-
From: Chris Boyd
Sent: Wednesday, October 26, 2016 3:57 PM
To: cisco-nsp@puck.nether.net
Subject: Re: [c-nsp] Router memory problem


> On Oct 26, 2016, at 2:19 PM, Joseph Mays  wrote:
>
> I was thinking about using a prefix list to limit the size of the BGP routing 
> table.

Hard to do if you can't see the config, but I suppose if you are careful you 
could tftp it in, since you mentioned that's still working.  On the plus side, 
if you screw up routing with a mistake, you'll free a lot of memory :-/

-Chris

___
cisco-nsp mailing list  cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
cisco-nsp Info Page - 
puck.nether.net
puck.nether.net
cisco-nsp -- list for people using cisco in a NSP (Network service provider) 
environment About cisco-nsp



archive at http://puck.nether.net/pipermail/cisco-nsp/
___
cisco-nsp mailing list  cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
cisco-nsp Info Page - 
puck.nether.net
puck.nether.net
cisco-nsp -- list for people using cisco in a NSP (Network service provider) 
environment About cisco-nsp



archive at http://puck.nether.net/pipermail/cisco-nsp/
___
cisco-nsp mailing list  cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/

[c-nsp] OSPF / FRR(rLFA) + Non FRR links

2016-10-17 Thread CiscoNSP List 
Hi,

Have an interesting(unexpected) situation on an ASR920 that is running ospf / 
frr(rLFA) to a number of other ASR920's (All running sopf / frr(rLFA)but it 
also has a non-frr(rLFA) link to a 7200, which also has a non-frr(rLFA) link 
back to the other ASR920's (So bascially a triangle topology)


ASR920's link to the 7200 has a very high OSPF cost (As I dont want it used, 
unless all other links fail)


Unexpectadly, the ASR920 only creates a single rLFA tunnel to one of the other 
ASR920's (All the other ASR920's create 2)


Also, not expected, the ASR920 chooses to use the link to the 7200 as a repair 
path to the directly connected ASR920's even though the links to the 
other(directly connected) ASR920's have a much lower cost?


If I shutdown the link on the ASR920->7200, the ASR920 creates a second tunnel, 
and starts using the rLFA tunnels as repair paths? (This is the behavior I 
expected, even with the link to the 7200 operational)


I have a TAC case open (For 2 weeks now!), and they are stumped...so Im hoping 
someone on the list may know why this is occurring (Or if it is expected 
behavior?)


Cheers


___
cisco-nsp mailing list  cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/

[c-nsp] OSPF rLFA FRR - Criteria for creation of repair paths (ASR920)

2016-10-03 Thread CiscoNSP List 
Hi Everyone - Apologies for the long post, and hope the ascii diag retains 
shape! Im hoping someone can explain what process a router goes through when 
deciding to create repair paths/tunneland how it decides how "many" it will 
create.

I have the following setup, and just trying to understand how the routers (In 
this case 4 x ASR920s, 2 ME3600's) made the descions they did.

7200 then has a link to an ASR1006 (No FRR running, just OSPF)

My main issue is that I want the link to the 7200 only used if the we have 
multiple failures...eg both 10G links between the ASR920s failed.

Currently, ASR920-A uses direct TenG link as best path->ASR920-C and direct 1Gb 
link as best path to ASR920-B, and link to 7200 as repair path (Which I dont 
want :) )each other destination has an equal cost path via TenG + Gb 
(Again, something I need to fix, so that 10G is primary, 1Gb is repair)


Hopefully the ascii diag retains shape :)


Numbers in brackets are OSPF cost.


7200 (Not running FRR, just OSPF)
|
|
1G (250)
|
|
ASR920-A---1G (2)ASR920-B
||
||
10G (220) 10G (220)
||
||
ASR920-C---1G (2)ASR920-D
| |
| |
1G (5)  1G (5)
| |
| |
ME3600-A---1GME3600-B
| |
| |
ASR1006-


So from the above setup, it has created the following repair paths:


ASR920-A

Only one tunnel -> ASR920-D via 1G link to ASR920-B

ASR920-B

Tunnel 1 -> ASR920-C via 1G link to ASR920-A
Tunnel 2 -> ASR920-C via TenG link to ASR920-B

ASR920-C

Tunnel 1 -> ASR920-D via 1G link to ASR920-D
Tunnel 2 -> ASR920-B via 1G link to ASR920-D

ASR920-D

Tunnel 1 -> ASR920-C via 1G link to ASR920-C
Tunnel 2 -> ASR920-A via 1G link to ASR920-C

ME3600-A

Tunnel 1 -> ASR920-D vi 1G link to ME3600-B
Tunnel 2 -> ME3600-B vi 1G link to ME3600-B

ME3600-B

Tunnel 1 -> ASR920-C vi 1G link to ME3600-B
Tunnel 2 -> ME3600-B vi 1G link to ME3600-B


Thanks in advance!





___
cisco-nsp mailing list  cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/

Re: [c-nsp] OSPF Loop-Free Alternate Fast Reroute and repair path

2016-09-30 Thread CiscoNSP List 
Ah - I think Ive found the answer to my own question..this prefix doesnt have 
the flag NodeProt(I think), as this prefix would share the same next hop router 
as the primary path...indirectly, later in the path...all others wouldnt...





From: cisco-nsp <cisco-nsp-boun...@puck.nether.net> on behalf of CiscoNSP List 
<cisconsp_l...@hotmail.com>
Sent: Friday, 30 September 2016 7:57 PM
To: cisco-nsp@puck.nether.net
Subject: Re: [c-nsp] OSPF Loop-Free Alternate Fast Reroute and repair path

Ok - A little digging, I found "sh ip ospf rib xxx" to show cost on 
primry/repair pathsIm hoping someone can explain why for this particular 
dest prefix, the ASR920 sees the 7200's link as "best"all other destination 
prefixes have Gi0/0/1 as repair, but have Flags: RIB, Repair, IntfDj, BcastDj, 
CostWon, NodeProt, Downstr...but for some reason, for this prefix, the 
nodeprot, downstream arent "seen"?


sh ip ospf rib xxx.xxx.76.207

OSPF Router with ID (xxx.xxx.76.192) (Process ID 100)


Base Topology (MTID 0)

OSPF local RIB
Codes: * - Best, > - Installed in global RIB
LSA: type/LSID/originator

*>  xxx.xxx.76.207/32, Intra, cost 226, area 0
 SPF Instance 46, age 07:03:12
 Flags: RIB, HiPrio
  via yyy.yyy.230.174, TenGigabitEthernet0/0/26
   Flags: RIB
   LSA: 1/xxx.xxx.76.207/xxx.xxx.76.207
  repair path via yyy.yyy.230.170, GigabitEthernet0/0/0, cost 253
   Flags: RIB, Repair, IntfDj, BcastDj, NodeProt, Downstr
   LSA: 1/xxx.xxx.76.207/xxx.xxx.76.207
  repair path via yyy.yyy.230.168, GigabitEthernet0/0/1, cost 229
   Flags: Ignore, Repair, IntfDj, BcastDj
   LSA: 1/xxx.xxx.76.207/xxx.xxx.76.207


Thanks


From: cisco-nsp <cisco-nsp-boun...@puck.nether.net> on behalf of CiscoNSP List 
<cisconsp_l...@hotmail.com>
Sent: Friday, 30 September 2016 7:39 PM
To: cisco-nsp@puck.nether.net
Subject: [c-nsp] OSPF Loop-Free Alternate Fast Reroute and repair path

Hi Everyone - Have some ASR920's that have just been deployed, and have just 
setup ospf+mpls on the Interpop links - One of the ASR920's has a link to a 
legacy 7200, that will be retired soon, and Ive set ospf cost very high on that 
link, as I dont want it used, unless all other interpop links failIve 
tested about 50 destination prefixes, all have the correct primary + repair 
path (Being 10G link from ASR920->other POP ASR920, repair path being 1Gb 
cross-link to second ASR920, then its 10Gb link->other POP ASR920)except 
one prefixit for some reason has the correct primary path, but repair path 
it has chosen is via the 7200why it is choosing this link as repair doesnt 
make sense (Based on ospf cost).Is there anyway to check a destinations 
cost on the repair path? (I can manually work it out, which I have done(And it 
is way higher than the cost of the "correct" repair path)but Im hoping I 
can interrogate the ASR to find out what it sees as the cost.because e
 ven the loop of the 7200's best+repair path on the ASR920 is going via the 
paths of all the other prefixes Ive checked.


Thanks in advance.
___
cisco-nsp mailing list  cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
cisco-nsp Info Page - 
puck.nether.net<https://puck.nether.net/mailman/listinfo/cisco-nsp>
puck.nether.net
cisco-nsp -- list for people using cisco in a NSP (Network service provider) 
environment About cisco-nsp



cisco-nsp Info Page - 
puck.nether.net<https://puck.nether.net/mailman/listinfo/cisco-nsp>
cisco-nsp Info Page - 
puck.nether.net<https://puck.nether.net/mailman/listinfo/cisco-nsp>
puck.nether.net
cisco-nsp -- list for people using cisco in a NSP (Network service provider) 
environment About cisco-nsp



puck.nether.net
cisco-nsp -- list for people using cisco in a NSP (Network service provider) 
environment About cisco-nsp



archive at http://puck.nether.net/pipermail/cisco-nsp/
___
cisco-nsp mailing list  cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
cisco-nsp Info Page - 
puck.nether.net<https://puck.nether.net/mailman/listinfo/cisco-nsp>
puck.nether.net
cisco-nsp -- list for people using cisco in a NSP (Network service provider) 
environment About cisco-nsp



archive at http://puck.nether.net/pipermail/cisco-nsp/
___
cisco-nsp mailing list  cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/

Re: [c-nsp] OSPF Loop-Free Alternate Fast Reroute and repair path

2016-09-30 Thread CiscoNSP List 
Ok - A little digging, I found "sh ip ospf rib xxx" to show cost on 
primry/repair pathsIm hoping someone can explain why for this particular 
dest prefix, the ASR920 sees the 7200's link as "best"all other destination 
prefixes have Gi0/0/1 as repair, but have Flags: RIB, Repair, IntfDj, BcastDj, 
CostWon, NodeProt, Downstr...but for some reason, for this prefix, the 
nodeprot, downstream arent "seen"?


sh ip ospf rib xxx.xxx.76.207

OSPF Router with ID (xxx.xxx.76.192) (Process ID 100)


Base Topology (MTID 0)

OSPF local RIB
Codes: * - Best, > - Installed in global RIB
LSA: type/LSID/originator

*>  xxx.xxx.76.207/32, Intra, cost 226, area 0
 SPF Instance 46, age 07:03:12
 Flags: RIB, HiPrio
  via yyy.yyy.230.174, TenGigabitEthernet0/0/26
   Flags: RIB
   LSA: 1/xxx.xxx.76.207/xxx.xxx.76.207
  repair path via yyy.yyy.230.170, GigabitEthernet0/0/0, cost 253
   Flags: RIB, Repair, IntfDj, BcastDj, NodeProt, Downstr
   LSA: 1/xxx.xxx.76.207/xxx.xxx.76.207
  repair path via yyy.yyy.230.168, GigabitEthernet0/0/1, cost 229
   Flags: Ignore, Repair, IntfDj, BcastDj
   LSA: 1/xxx.xxx.76.207/xxx.xxx.76.207


Thanks


From: cisco-nsp <cisco-nsp-boun...@puck.nether.net> on behalf of CiscoNSP List 
<cisconsp_l...@hotmail.com>
Sent: Friday, 30 September 2016 7:39 PM
To: cisco-nsp@puck.nether.net
Subject: [c-nsp] OSPF Loop-Free Alternate Fast Reroute and repair path

Hi Everyone - Have some ASR920's that have just been deployed, and have just 
setup ospf+mpls on the Interpop links - One of the ASR920's has a link to a 
legacy 7200, that will be retired soon, and Ive set ospf cost very high on that 
link, as I dont want it used, unless all other interpop links failIve 
tested about 50 destination prefixes, all have the correct primary + repair 
path (Being 10G link from ASR920->other POP ASR920, repair path being 1Gb 
cross-link to second ASR920, then its 10Gb link->other POP ASR920)except 
one prefixit for some reason has the correct primary path, but repair path 
it has chosen is via the 7200why it is choosing this link as repair doesnt 
make sense (Based on ospf cost).Is there anyway to check a destinations 
cost on the repair path? (I can manually work it out, which I have done(And it 
is way higher than the cost of the "correct" repair path)but Im hoping I 
can interrogate the ASR to find out what it sees as the cost.because e
 ven the loop of the 7200's best+repair path on the ASR920 is going via the 
paths of all the other prefixes Ive checked.


Thanks in advance.
___
cisco-nsp mailing list  cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
cisco-nsp Info Page - 
puck.nether.net<https://puck.nether.net/mailman/listinfo/cisco-nsp>
puck.nether.net
cisco-nsp -- list for people using cisco in a NSP (Network service provider) 
environment About cisco-nsp



archive at http://puck.nether.net/pipermail/cisco-nsp/
___
cisco-nsp mailing list  cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/

[c-nsp] OSPF Loop-Free Alternate Fast Reroute and repair path

2016-09-30 Thread CiscoNSP List 
Hi Everyone - Have some ASR920's that have just been deployed, and have just 
setup ospf+mpls on the Interpop links - One of the ASR920's has a link to a 
legacy 7200, that will be retired soon, and Ive set ospf cost very high on that 
link, as I dont want it used, unless all other interpop links failIve 
tested about 50 destination prefixes, all have the correct primary + repair 
path (Being 10G link from ASR920->other POP ASR920, repair path being 1Gb 
cross-link to second ASR920, then its 10Gb link->other POP ASR920)except 
one prefixit for some reason has the correct primary path, but repair path 
it has chosen is via the 7200why it is choosing this link as repair doesnt 
make sense (Based on ospf cost).Is there anyway to check a destinations 
cost on the repair path? (I can manually work it out, which I have done(And it 
is way higher than the cost of the "correct" repair path)but Im hoping I 
can interrogate the ASR to find out what it sees as the cost.because e
 ven the loop of the 7200's best+repair path on the ASR920 is going via the 
paths of all the other prefixes Ive checked.


Thanks in advance.
___
cisco-nsp mailing list  cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/

Re: [c-nsp] aggregate-address with 2 neighbours

2016-09-28 Thread CiscoNSP List 

Thanks very much for confirming Adam - These will be 2 separate sites, not 
connected(No failover between them)so if one goes down, the /25 associated 
with it doesnt need to be handled by the other site.

cheers


From: Adam Vitkovsky <adam.vitkov...@gamma.co.uk>
Sent: Wednesday, 28 September 2016 9:38 PM
To: CiscoNSP List; cisco-nsp@puck.nether.net
Subject: RE: aggregate-address with 2 neighbours

> CiscoNSP List
> Sent: Wednesday, September 28, 2016 11:01 AM
>
> Hi Everyone,
>
>
> If we have a customer with 2 sites, that has there own /24 that they have
> split into 2 x /25's - Each site advertises its /25 to us (In a single 
> VRF)...we then
> want to advertise the aggregate /24 to our upstreamsso, to achieve this
> we would need to use (under address-family ipv4 vrf foo) aggregate-address
> xxx.xxx.xxx.xxx 255.255.255.0 as-set summary only (So customers AS is
> maintained, and the smaller prefixes are filtered from being re-advertised to
> upstream)I haven't had a chance to lab this up, so Im not 100% sure of the
> behaviour of aggregate-addresswhen our PE receives one/both of the
> /25s via bgp, it aggregates them into the /24 - Im assuming(hoping), it also
> keeps the more specific prefix in bgp also (And in fib), so that routing for 
> the
> /25s to the correct sites is maintained?
>
Yes as long as the PE will have at least one contributing /25s it will generate 
and advertise the summary route.

Yes after the summarization the more specific routes will remain in your PE's 
BGP table and FIB and as a matter of fact only the more specific /25 routes 
will be used to route traffic towards the customer.

This however can cause problems if one of the customer's links goes down -as 
one of the /25 routes disappears.
It can be solved by asking the customer to advertise both /25 routes via both 
links (with different local-pref)
Or by advertising the /24 in addition to a given /25 from each link.
So that in case of one link failure the other link can take over traffic for 
the affected /25.

adam




Adam Vitkovsky
IP Engineer

T: 0333 006 5936
E: adam.vitkov...@gamma.co.uk<mailto:adam.vitkov...@gamma.co.uk>
W: www.gamma.co.uk<http://www.gamma.co.uk>

This is an email from Gamma Telecom Ltd, trading as "Gamma". The contents of 
this email are confidential to the ordinary user of the email address to which 
it was addressed. This email is not intended to create any legal relationship. 
No one else may place any reliance upon it, or copy or forward all or any of it 
in any form (unless otherwise notified). If you receive this email in error, 
please accept our apologies, we would be obliged if you would telephone our 
postmaster on +44 (0) 808 178 9652 or email 
postmas...@gamma.co.uk<mailto:postmas...@gamma.co.uk>

Gamma Telecom Limited, a company incorporated in England and Wales, with 
limited liability, with registered number 04340834, and whose registered office 
is at 5 Fleet Place London EC4M 7RD and whose principal place of business is at 
Kings House, Kings Road West, Newbury, Berkshire, RG14 5BY.



This email has been scanned for email related threats and delivered safely by 
Mimecast.
For more information please visit http://www.mimecast.com

___
cisco-nsp mailing list  cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/

[c-nsp] aggregate-address with 2 neighbours

2016-09-28 Thread CiscoNSP List 
Hi Everyone,


If we have a customer with 2 sites, that has there own /24 that they have split 
into 2 x /25's - Each site advertises its /25 to us (In a single VRF)...we then 
want to advertise the aggregate /24 to our upstreamsso, to achieve this we 
would need to use (under address-family ipv4 vrf foo) aggregate-address 
xxx.xxx.xxx.xxx 255.255.255.0 as-set summary only  (So customers AS is 
maintained, and the smaller prefixes are filtered from being re-advertised to 
upstream)I haven't had a chance to lab this up, so Im not 100% sure of the 
behaviour of aggregate-addresswhen our PE receives one/both of the /25s via 
bgp, it aggregates them into the /24 - Im assuming(hoping), it also keeps the 
more specific prefix in bgp also (And in fib), so that routing for the /25s to 
the correct sites is maintained?


Cheers
___
cisco-nsp mailing list  cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/

Re: [c-nsp] BGP full feeds on ASR1k

2016-09-04 Thread CiscoNSP List 
here's a non-production asr1006 (rp1/only 4gb ram), 2 full feeds, 2 peering 
feeds(~extra 20,000 prefixes on top of the 2 full feeds from the peerings)


#sh memory summary
HeadTotal(b) Used(b) Free(b)   Lowest(b)  Largest(b)
Processor   300AC008   1717380576   1274655824   442724752   258181696   
257177464
 lsmpi_io   967861D0 6295088 6294120 968 968 968




#sh cef fib
635240 allocated IPv4 entries, 0 failed allocations
32394 allocated IPv6 entries, 0 failed allocations






From: cisco-nsp  on behalf of Greg Antic 

Sent: Sunday, 4 September 2016 4:17 PM
To: g...@gmx.de
Cc: cisco-nsp@puck.nether.net
Subject: Re: [c-nsp] BGP full feeds on ASR1k

Garry could you show output of sh cef fib?

Im also looking to do same as Nick but currently on 8gb memory.

> On 04 Sep 2016, at 7:21 AM, "g...@gmx.de"  wrote:
>
>> On 03.09.2016 17:51, Nick Cutting wrote:
>> Good morning powerful posse of experts,
>>
>> Do you think I could take in 3 full feeds on an ASR 1k (non X) with 16 gb 
>> ram?
>>
>> Anyone doing this - if so what code version, and how much memory are you 
>> using?
> Shouldn't be a problem (well, assuming you haven't set up something really 
> unexpected on the box). We still have several 1001 (will be migrating soon 
> due to 10G requirements) running happily as border routers, one has something 
> like 300-400 BGP links (v4+v6), of those two full feeds (v4 and v6; as well 
> as dual internal links with additional external full feeds), all of that on 
> 8G of memory ... with about 2.5G still free (out of the 4G the system leaves 
> for actually running):
>
>HeadTotal(b) Used(b) Free(b) Lowest(b)  Largest(b)
> Processor  7F2DD53B7010   3943721376   1521251816   2422469560 2348266928   
> 2390674316
> lsmpi_io  7F2DD4CB21A8 6295128 6294212 916 916 916
>
> iOS is asr1001-universalk9.03.04.01.S.151-3.S1.bin
>
> -garry
> ___
> cisco-nsp mailing list  cisco-nsp@puck.nether.net
> https://puck.nether.net/mailman/listinfo/cisco-nsp
cisco-nsp Info Page - 
puck.nether.net
puck.nether.net
cisco-nsp -- list for people using cisco in a NSP (Network service provider) 
environment About cisco-nsp



> archive at http://puck.nether.net/pipermail/cisco-nsp/
___
cisco-nsp mailing list  cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/
___
cisco-nsp mailing list  cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/

Re: [c-nsp] ASR1000 memory

2016-09-02 Thread CiscoNSP List 

Yes - We have used Curvature branded (third party) ram in ASR's (The 
1001s)havent had an issue with it.

cisco ASR1001 (1RU) processor with 6854860K/6147K bytes of memory.
16777216K bytes of physical memory.



From: cisco-nsp  on behalf of Greg Antic 

Sent: Saturday, 3 September 2016 3:56 AM
To: cisco-nsp@puck.nether.net
Subject: [c-nsp] ASR1000 memory

Hi List,

Has anyone used compatible or generic memory in ASR1000 devices? The cost of 
the Cisco memory is halting our growth plans. We certainly don't like 
non-genuine but the cost is making us review our standards.


___
cisco-nsp mailing list  cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
cisco-nsp Info Page - 
puck.nether.net
puck.nether.net
cisco-nsp -- list for people using cisco in a NSP (Network service provider) 
environment About cisco-nsp



archive at http://puck.nether.net/pipermail/cisco-nsp/
___
cisco-nsp mailing list  cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/

[c-nsp] Virtual CPE / NFV

2016-07-21 Thread CiscoNSP List 
Hi Everyone - Slightly off topic, but am hoping some of the brains trust on the 
list can provide some feedback/experience in the vCPE/NFV area.

We predominantly provide L3VPNs to customers, supply the CE (TYpically over 
spec'd to allow for future growth), and as this model "works", it is quite 
resource intensive (Provisioning CE, deploying), and makes the value add 
proposition a little more challenging (i.e. providing cloud-based services, 
firewall, IPS etc)vCPE (theoretically, anyway!), looks like a much "better" 
model...i.e. CE lives on our "core" infrastructure, allowing for more 
dynamic(Simple/Fast/flexible), deployment of value add services(i.e. Its done 
all on the Core), and it also provides better scale to customer tails (L2 to 
customer(Instead of L3, scale/bandwidth growth is "easier"?))

Ive spent a little time reading up on Cisco's offerrings in this area, and who 
in the market place is using this type of model (successfully), but would 
appreciate any feedback from anyone who is currently using this type of a 
model, or is considering moving in this direction...and also any feedback from 
anyone who thinks its not a mature enough model (yet) to be considering...It 
seems a logical path forward from our current way of doing things, but devils 
always in the detail, and I imagine there are a number of 
complexities/challenges to overcome to deploy successfully.

Thanks in advance for all replies :)


___
cisco-nsp mailing list  cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/

Re: [c-nsp] Netflow with nfsen issue

2016-07-06 Thread CiscoNSP List 

Havent followed the entire thread, but you are using FNF correct? sh ip cache 
flow is for the "old style" (ip flow ingress)

with FNF, there's a lot more flexibility to viewing flowsi.e. sh top talker 
sorted - show flow monitor  cache sort highest counter 
packets top 20




From: cisco-nsp  on behalf of Satish Patel 

Sent: Thursday, 7 July 2016 6:29 AM
To: Tom Hill
Cc: Cisco Network Service Providers
Subject: Re: [c-nsp] Netflow with nfsen issue

Following command output is empty is that normal? Do you think that is
because of Hardware base netflow, i meant its using CEF?

R1#show ip cache flow


On Wed, Jul 6, 2016 at 3:05 PM, Tom Hill  wrote:
> On 05/07/16 22:13, Satish Patel wrote:
>> I found solution to fix timestamp:
>>
>> I have added following to as per Peter said.
>>
>> collect timestamp sys-uptime first
>> collect timestamp sys-uptime last
>>
>> and change export fron ipfix to v9
>>
>> Now i can see correct timestamp on Nfsen :)
>
> Thanks for posting your solution, Satish. :)
>
> --
> Tom
> ___
> cisco-nsp mailing list  cisco-nsp@puck.nether.net
> https://puck.nether.net/mailman/listinfo/cisco-nsp
cisco-nsp Info Page - 
puck.nether.net
puck.nether.net
To see the collection of prior postings to the list, visit the cisco-nsp 
Archives. Using cisco-nsp: To post a message to all the list members, send ...



> archive at http://puck.nether.net/pipermail/cisco-nsp/
___
cisco-nsp mailing list  cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/
___
cisco-nsp mailing list  cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/

Re: [c-nsp] Default / catchall VPDN group for LNS

2016-07-06 Thread CiscoNSP List 
Awesome!  Thanks James/Arie - Reason we have vpdn group per lac was purely 
legacy.this particular LNS has been doing this role for 10years+when it 
was first setup, carrier had probably 5 LAC's, supplied us with a config 
example for Cisco, which had the 5 LACs as separate vpdn groups, and it has 
just continued to be configured that way...the old "If it aint broke, dont fix 
it"


Arie - re your question on what our "other" vpdn groups look like on this LNS - 
Each one is LAC specific:


vpdn-group QL_LAC3
 accept-dialin
  protocol l2tp
  virtual-template 1
 terminate-from hostname QL_LAC3
 local name LNS_QL_01
 lcp renegotiation always
 l2tp tunnel password 7 x
 ip mtu adjust


Thanks again for your responses/help



From: cisco-nsp <cisco-nsp-boun...@puck.nether.net> on behalf of James Bensley 
<jwbens...@gmail.com>
Sent: Wednesday, 6 July 2016 7:15 PM
To: cisco-nsp@puck.nether.net
Subject: Re: [c-nsp] Default / catchall VPDN group for LNS

Hmm, not sure why you have a VPDN group per LAC.


On 6 July 2016 at 05:36, CiscoNSP List <cisconsp_l...@hotmail.com> wrote:
> vpdn-group 1
> ! Default L2TP VPDN group
>  accept-dialin
>   protocol l2tp
>   virtual-template 1
>  local name LNS <- Can this be "anything"?
>  lcp renegotiation always
>  l2tp tunnel password 
>  ip mtu adjust

Yeah that is basically the gist of it, as Arie said you have selection
rules, more specific wins. So from this example LNS below, we have
three VPDN groups, one for $WHOLESALE-PROVIDER-1, one for
$WHOLESALE-PROVIDER-2 and one for $OUT_LLU. You can see in the
selection summary below that incomming L2TP tunnels that connect in a
specific VRF / to a specific IP / asking for a specific hostname get
matched into each of the VPDN groups;


vpdn-group WHOLESALER-1
 description BT WBC (21CN) SWAN
 accept-dialin
  protocol l2tp
  virtual-template 1
 session-limit 400
 vpn vrf WS-1
 source-ip 1.1.1.1
 local name lns1-dc01
 lcp renegotiation always
 l2tp tunnel password 7 aa
 ip pmtu

vpdn-group WHOLESALER-2
 description TTB ADSL LTS
 accept-dialin
  protocol l2tp
  virtual-template 2
 vpn vrf WS-2
 source-ip 1.1.1.2
 local name lns1-dc01
 lcp renegotiation always
 l2tp tunnel password 7 bbb
 ip pmtu

vpdn-group OUR-LACS
 description TTB ADSL LTS
 accept-dialin
  protocol l2tp
  virtual-template 3
 vpn vrf LLU
 source-ip 1.1.1.3
 local name lns1-dc01
 lcp renegotiation always
 l2tp tunnel password 7 ccc
 ip pmtu

lns1-dc01#show vpdn group-select summary
 VPDN Group  VrfRemote Name   Source-IP   Protocol Direction
 WHOLESALER-1WS1  1.1.1.1 l2tp accept-dialin
 WHOLESALER-2WS2  1.1.1.2 l2tp accept-dialin
 OUR-LACSLLU  1.1.1.3 l2tp accept-dialin



So with $WP1 we use RADIUS, in all RADIUS requests we return the
sub-interface IP 1.1.1.1 so they always connect to the sub-interface
with the IP 1.1.1.1 in the VRF WS1 and thus always connect to the VPDN
group WHOLESALER-1.

For $WP2 we have no RADIUS integration, they have it hard coded into
their RADIUS servers to connect to 1.1.1.2, that sub-interface is in
the WS2 VRF and so they match into the WHOLESALER-2 VPDN group, and so
on.

To give a view of the bigger picture. All LNS's have these VPDN groups
configured, each with a sub-interface for termianting from the
different sets of LACs. For $WP1 for example we return all
sub-interface IPs on all LNS's in the $WS1 VRF and they round-robin
across them all so we have even traffic distribution (but we can steer
in RADIUS if required) and we can graph the individual VPDN group
useage per LNS, and create aggregate stack graphs etc.

Hope that helps.

Cheers,
James.
___
cisco-nsp mailing list  cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
cisco-nsp Info Page - 
puck.nether.net<https://puck.nether.net/mailman/listinfo/cisco-nsp>
puck.nether.net
To see the collection of prior postings to the list, visit the cisco-nsp 
Archives. Using cisco-nsp: To post a message to all the list members, send ...



archive at http://puck.nether.net/pipermail/cisco-nsp/
___
cisco-nsp mailing list  cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/

[c-nsp] Default / catchall VPDN group for LNS

2016-07-05 Thread CiscoNSP List 
Hi Everyone,


We (currently) create a new vpdn-group every time a new LAC is enabled(bought 
online) by one of our DSL providers - Cumbersome, and if we miss the e-mail 
notification from them, any DSL services initiating connections from the new 
LAC are rejected by our LNSas the password for all this carriers LACs are 
the same, would it be possible to create a catch-all/wildcard vpdn-group?


Something like:


vpdn-group 1
! Default L2TP VPDN group
 accept-dialin
  protocol l2tp
  virtual-template 1
 local name LNS <- Can this be "anything"?
 lcp renegotiation always
 l2tp tunnel password 
 ip mtu adjust


Thanks in advance.

___
cisco-nsp mailing list  cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/

Re: [c-nsp] Connected routes / Static routes advertised to RR's

2016-06-29 Thread CiscoNSP List 

Just an update to this - the "match protocol static" didnt fix the problem, but 
adding "next-hop-self" to peer policy didI dont know if both were required 
(Only had limited time to test)but static routes on the RR-client are now 
working, as the next hop is now the loop of the rr-client.


Thanks to all who replied...and if anyone could confirm if "both" conf 
additions are necessary, or if just "next-hop-self" is, it would be greatly 
appreciated (I wont have access to the routers until tomorrow to test to see if 
they are both needed)



Cheers!



From: cisco-nsp <cisco-nsp-boun...@puck.nether.net> on behalf of CiscoNSP List 
<cisconsp_l...@hotmail.com>
Sent: Thursday, 30 June 2016 7:45 AM
To: Oliver Boehmer (oboehmer); Nick Hilliard
Cc: cisco-nsp@puck.nether.net
Subject: Re: [c-nsp] Connected routes / Static routes advertised to RR's

Thanks Oliver - Yes, we do have selective next-hop tracking...another list 
member e-mailed me directly re this also...so statics need to be redistributed 
with the loop of the rr-client it resides on


I do have redistribute static in bgp, and the loop range is in the PL for 
redist staticand also a route-map for nexthop:


#rr-client

 address-family ipv4
  bgp additional-paths select best-external
  bgp additional-paths install
  bgp nexthop route-map BGP_NHT
  bgp nexthop trigger delay 0
  redistribute connected route-map LOCAL_RANGES
  redistribute static route-map LOCAL_RANGES
  neighbor xxx.xxx.76.212 activate
  neighbor xxx.xxx.76.212 inherit peer-policy TO_RR
  neighbor xxx.xxx.76.212 route-map FROM_GC_RR in
  neighbor xxx.xxx.76.212 route-map TO_GC_RR out
  neighbor xxx.xxx.76.213 activate
  neighbor xxx.xxx.76.213 inherit peer-policy TO_RR
  neighbor xxx.xxx.76.213 route-map FROM_GC_RR in
  neighbor xxx.xxx.76.213 route-map TO_GC_RR out

route-map BGP_NHT permit 10
 match ip address prefix-list PL_NGN_LOOPBACKS
 match source-protocol ospf 100
route-map BGP_NHT permit 20
 match source-protocol connected

So to advertise statics with the loop of the rr-client, I would need to add 
(And on all other rr-clients)

route-map BGP_NHT permit 30
 match source-protocol static

And clear bgp session with RR I assume (I havent tried the above, no access to 
the routers atm)

NB - route-map LOCAL_RANGES includes a PL with all our ip prefixes (Including 
all our rr-clients Loop IP's)



From: Oliver Boehmer (oboehmer) <oboeh...@cisco.com>
Sent: Wednesday, 29 June 2016 9:19 PM
To: Nick Hilliard; CiscoNSP List
Cc: cisco-nsp@puck.nether.net
Subject: Re: [c-nsp] Connected routes / Static routes advertised to RR's

Nick wrote:
> CiscoNSP List wrote:
> > Static route to that prefix on the RR-client, shows as "no best path"
> > as the 79.106 prefix is "inaccessible"?  but as above, it is
> > accessible and I can ping it? (So the static is not advertised to any
> > other RR-clients):
>
> you'd make it a lot easier for people to see what was going on if you
> used rr# and client# for the prompts, as appropriate.
>
> What does "show ip route xxx.xxx.79.106" look like on the client?


In addition, can you please include your RR BGP config? The next-hop is visible 
via a /30 route. Do you have selective next-hop tracking configured with 
route-map limit next-hops to /32s or something else which would require 
next-hops to be /32?

oli


___
cisco-nsp mailing list  cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
cisco-nsp Info Page - 
puck.nether.net<https://puck.nether.net/mailman/listinfo/cisco-nsp>
puck.nether.net
To see the collection of prior postings to the list, visit the cisco-nsp 
Archives. Using cisco-nsp: To post a message to all the list members, send ...



archive at http://puck.nether.net/pipermail/cisco-nsp/
___
cisco-nsp mailing list  cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/

Re: [c-nsp] Connected routes / Static routes advertised to RR's

2016-06-29 Thread CiscoNSP List 
Thanks Oliver - Yes, we do have selective next-hop tracking...another list 
member e-mailed me directly re this also...so statics need to be redistributed 
with the loop of the rr-client it resides on


I do have redistribute static in bgp, and the loop range is in the PL for 
redist staticand also a route-map for nexthop:


#rr-client

 address-family ipv4
  bgp additional-paths select best-external
  bgp additional-paths install
  bgp nexthop route-map BGP_NHT
  bgp nexthop trigger delay 0
  redistribute connected route-map LOCAL_RANGES
  redistribute static route-map LOCAL_RANGES
  neighbor xxx.xxx.76.212 activate
  neighbor xxx.xxx.76.212 inherit peer-policy TO_RR
  neighbor xxx.xxx.76.212 route-map FROM_GC_RR in
  neighbor xxx.xxx.76.212 route-map TO_GC_RR out
  neighbor xxx.xxx.76.213 activate
  neighbor xxx.xxx.76.213 inherit peer-policy TO_RR
  neighbor xxx.xxx.76.213 route-map FROM_GC_RR in
  neighbor xxx.xxx.76.213 route-map TO_GC_RR out

route-map BGP_NHT permit 10
 match ip address prefix-list PL_NGN_LOOPBACKS
 match source-protocol ospf 100
route-map BGP_NHT permit 20
 match source-protocol connected

So to advertise statics with the loop of the rr-client, I would need to add 
(And on all other rr-clients)

route-map BGP_NHT permit 30
 match source-protocol static

And clear bgp session with RR I assume (I havent tried the above, no access to 
the routers atm)

NB - route-map LOCAL_RANGES includes a PL with all our ip prefixes (Including 
all our rr-clients Loop IP's)



From: Oliver Boehmer (oboehmer) <oboeh...@cisco.com>
Sent: Wednesday, 29 June 2016 9:19 PM
To: Nick Hilliard; CiscoNSP List
Cc: cisco-nsp@puck.nether.net
Subject: Re: [c-nsp] Connected routes / Static routes advertised to RR's

Nick wrote:
> CiscoNSP List wrote:
> > Static route to that prefix on the RR-client, shows as "no best path"
> > as the 79.106 prefix is "inaccessible"?  but as above, it is
> > accessible and I can ping it? (So the static is not advertised to any
> > other RR-clients):
>
> you'd make it a lot easier for people to see what was going on if you
> used rr# and client# for the prompts, as appropriate.
>
> What does "show ip route xxx.xxx.79.106" look like on the client?


In addition, can you please include your RR BGP config? The next-hop is visible 
via a /30 route. Do you have selective next-hop tracking configured with 
route-map limit next-hops to /32s or something else which would require 
next-hops to be /32?

oli


___
cisco-nsp mailing list  cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/

[c-nsp] Connected routes / Static routes advertised to RR's

2016-06-29 Thread CiscoNSP List 
Hi Everyone,

Have an issue with an RR client and advertising its connected and static routes 
to RR's  (Note - From all other RR-clients, static and connected routes are 
working fine)

The prefixes on the RR client are advertised, and I can reach the "connected" 
prefix IP's, but a static route to one of the connected prefixes is showing up 
as "inaccessible", even though I can ping/reach that IP from the RR?

Eg.

>From RR

Connected route showing as received and used from the RR-client, and I can ping 
it:


sh ip bgp xxx.xxx.79.106
BGP routing table entry for xxx.xxx.79.104/30, version 253735
BGP Bestpath: compare-routerid
Paths: (1 available, best #1, table default)
  Additional-path-install
  Path advertised to update-groups:
 2  3  13 346347348350
 351361363364365366
  Refresh Epoch 1
  Local, (Received from a RR-client), (received & used)
xxx.xxx.76.201 (metric 3) from xxx.xxx.76.201 (xxx.xxx.76.201)
  Origin incomplete, metric 0, localpref 100, valid, internal, 
af-export(2), best
  Community: Y:1000 Y:1301 Y:14000
  rx pathid: 0, tx pathid: 0x0

#ping xxx.xxx.79.105
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to xxx.xxx.79.105, timeout is 2 seconds:
!
Success rate is 100 percent (5/5), round-trip min/avg/max = 2/2/2 ms

#ping xxx.xxx.79.106
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to xxx.xxx.79.106, timeout is 2 seconds:
!
Success rate is 100 percent (5/5), round-trip min/avg/max = 5/5/7 ms


Static route to that prefix on the RR-client, shows as "no best path" as the 
79.106 prefix is "inaccessible"?  but as above, it is accessible and I can ping 
it? (So the static is not advertised to any other RR-clients):


sh ip bgp xxx.xxx.71.228
BGP routing table entry for xxx.xxx.71.228/30, version 0
BGP Bestpath: compare-routerid
Paths: (1 available, no best path)
  Additional-path-install
  Path not advertised to any peer
  Refresh Epoch 1
  Local, (Received from a RR-client), (received & used)
xxx.xxx.79.106 (inaccessible) from xxx.xxx.76.201 (xxx.xxx.76.201)
  Origin incomplete, metric 0, localpref 100, valid, internal, af-export(2)
  Community: Y:1000 Y:1301 Y:14000
  rx pathid: 0, tx pathid: 0

And trying to ping an IP in that subnet, of course fails..

#ping xxx.xxx.71.229
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to xxx.xxx.71.229, timeout is 2 seconds:
U.U.U
Success rate is 0 percent (0/5)

Why would the RR report 79.106 IP as "inaccessible"

Any assistance is greatly appreciated - cheers

___
cisco-nsp mailing list  cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/

Re: [c-nsp] Private IP in point to point link on internet

2016-06-24 Thread CiscoNSP List 
Yes - We were going to use /31's for cust eth links, but as Win7 etc dont 
support them, it made testing the links to a Lappy/PC rather difficult, so had 
to stick with wasting 2 IP's and use /30


All our Core p-t-p links are /31s though...saves a heap on IP "wastage"



From: cisco-nsp  on behalf of Doug McIntyre 

Sent: Saturday, 25 June 2016 2:02 PM
To: Cisco Network Service Providers
Subject: Re: [c-nsp] Private IP in point to point link on internet

On Fri, Jun 24, 2016 at 06:00:18PM +, Nick Cutting wrote:
<... other stuff about /31's cut.. >
> Only the two devices need to support it
>
> ASA will not, Cisco IOS/XR/XE will


Since the RFC specifies /31 *only* for WANs, I've found that many
ethernet only things have no support for /31. Only router type products
in my experience.
___
cisco-nsp mailing list  cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
cisco-nsp Info Page - 
puck.nether.net
puck.nether.net
To see the collection of prior postings to the list, visit the cisco-nsp 
Archives. Using cisco-nsp: To post a message to all the list members, send ...



archive at http://puck.nether.net/pipermail/cisco-nsp/
___
cisco-nsp mailing list  cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/

[c-nsp] ASR920 (24SZ-M) 10Gb ports...not dual rate?

2016-06-21 Thread CiscoNSP List 
Hi Everyone,


Just tried inserting a 1G SFP into one of the 4 10Gb ports on one of our 
ASR920's, and got the following error:


Jun 21 2016 14:30:13.036 GMTWA: %TRANSCEIVER-6-INSERTED: SIP0: iomd:  
transceiver module inserted in TenGigabitEthernet0/0/25
Jun 21 2016 14:30:18.076 GMTWA: %TRANSCEIVER-3-NOT_COMPATIBLE: SIP0: iomd:  
Detected for transceiver module in TenGigabitEthernet0/0/25, module disabled


Quick Google, found this page:


http://www.cisco.com/c/en/us/td/docs/routers/asr920/hardware/chassis/guide/ASR920-Chassis-SW/Using_dual_rate_ports.html


"Dual rate ports are not supported on Cisco ASR 920 Series Router 
(ASR-920-24SZ-IM, ASR-920-24SZ-M, ASR-920-24TZ-M)."


...So on the 24 port version of the ASR920, the 10Gb ports cannot be used as 
1Gb it seemssmaller port models they can be?  Id love to know why 
lol.damnit...box is 4000 kilometres away...remote hands 4 hours 
away...looks like ill have to wait until tomorrow and get them to swap the 1G 
SFP to one of the 1Gb SFP ports

[http://www.cisco.com/web/fw/i/logo-open-graph.gif]

Cisco ASR 920 Series Aggregation Services Router 
...
www.cisco.com
Book Title. Cisco ASR 920 Series Aggregation Services Router Configuration 
Guide. Chapter Title. Using Dual Rate Ports. PDF - Complete Book (2.95 MB) ...



___
cisco-nsp mailing list  cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/

Re: [c-nsp] netflow on bridge domain interface

2016-06-17 Thread CiscoNSP List 
Late reply, apologies, but I found the old case, and Netflow (At the time when 
opening the case) ended up being not supported, but on the "roadmap" as a 
supported feature...TAC could not give me any approx dates that it would be 
supportedIll have to test out one of our 1001X's to see if its still the 
case.it's certainly configurable under the BDI, just didnt "work" in one 
direction (But as I said, that was over a year ago)

Kindly find the following document
http://www.cisco.com/c/en/us/td/docs/routers/asr1000/configuration/guide/chassis/asrswcfg/bdi.html
[http://www.cisco.com/web/fw/i/logo-open-graph.gif]<http://www.cisco.com/c/en/us/td/docs/routers/asr1000/configuration/guide/chassis/asrswcfg/bdi.html>

Configuring Bridge Domain Interfaces - 
Cisco<http://www.cisco.com/c/en/us/td/docs/routers/asr1000/configuration/guide/chassis/asrswcfg/bdi.html>
www.cisco.com
Current Book Title. Cisco ASR 1000 Series Aggregation Services Routers Software 
Configuration Guide. Current Chapter Title. Configuring Bridge Domain Interfaces




Restrictions for Bridge Domain Interfaces

The following are the restrictions pertaining to bridge domain interfaces:

Only 4096 bridge domain interfaces are supported per system.

Bridge domain interfaces do not support the following features:

- PPP over Ethernet (PPPoE)

- Bidirectional Forwarding Detection (BFD) protocol

- Netflow

- QOS

- Network-Based Application Recognition (NBAR) or Advanced Video Coding (AVC)






From: cisco-nsp <cisco-nsp-boun...@puck.nether.net> on behalf of CiscoNSP List 
<cisconsp_l...@hotmail.com>
Sent: Thursday, 19 May 2016 12:17 PM
To: Mike; cisco-nsp@puck.nether.net
Subject: Re: [c-nsp] netflow on bridge domain interface


Hmm..replied to this earlier, but didnt show up on the list (My other replies 
have come through immediately) - re-sendapologies for double post, if the 
original reply shows up :)

I ran into a similar problem on our older ASR1001's, trying to get FNF to 
workone way traffic only being reported(Config was correct)opened TAC 
case that was "protracted"out of frustration, and needing FNF 
"immediately", I ended up having to just use old-style dot1Q subints, and FNF 
worked without issue(Same config as was on the BDI Int).Ill dig up the old 
case details.but this was at least a year agoso was hoping the "bug" 
was fixed by now




From: cisco-nsp <cisco-nsp-boun...@puck.nether.net> on behalf of Mike 
<mike-cisconspl...@tiedyenetworks.com>
Sent: Sunday, 15 May 2016 6:06 AM
To: cisco-nsp@puck.nether.net
Subject: [c-nsp] netflow on bridge domain interface

Hi,

 I am playing to ntopng and nprobe to capture the flow exports from
a bridge domain interface, and I seem to only be seeing statistics for
one side of the conversation however (inbound internet -> hosts). The
BDI is connected to my default gateway and so certainly everything to
and from the internet has to pass by this way. I am running  03.10.05.S
on an asr1000, wondering if this is a bug/limitation/config error on my
part?

Mike-

___
cisco-nsp mailing list  cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
cisco-nsp Info Page - 
puck.nether.net<https://puck.nether.net/mailman/listinfo/cisco-nsp>
puck.nether.net
To see the collection of prior postings to the list, visit the cisco-nsp 
Archives. Using cisco-nsp: To post a message to all the list members, send ...



archive at http://puck.nether.net/pipermail/cisco-nsp/
___
cisco-nsp mailing list  cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/
___
cisco-nsp mailing list  cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/

Re: [c-nsp] ASR1000 RP1 vs RP2

2016-06-04 Thread CiscoNSP List 
Ive got some ASR1006's with RP1/SIP10purchased years ago, and they do the 
job, but If buying one now, Id def go RP2...writing conf, sh commands(Both can 
be horribly slow vs RP2), flexibility to add more ram, bigger/newer SIPs/ESPs 
etcmore $, but worth it imo.



From: cisco-nsp  on behalf of Curtis Piehler 

Sent: Sunday, 5 June 2016 6:17 AM
To: cisco-nsp@puck.nether.net
Subject: [c-nsp] ASR1000 RP1 vs RP2

I see the main difference between the two is the 32 bit OS vs a 64 bit and
1.5 single core vs a 2.2 dual core.   Yes the memory is increased and hard
drive space.

If a 1006 will be used for some DS1 and Ethernet termination would an RP1
be enough?   I could also do with an ESP20 and SIP10s since they allow for
2:1 oversubscription and do not think I will hit the 2:1 in the foreseeable
near future.

As far as network services:
BFD on selective peers
BGP on above selective peers
Three copies of the Internet routing table (one from each route reflector)
Some QOS

Curtis
___
cisco-nsp mailing list  cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
cisco-nsp Info Page - 
puck.nether.net
puck.nether.net
To see the collection of prior postings to the list, visit the cisco-nsp 
Archives. Using cisco-nsp: To post a message to all the list members, send ...



archive at http://puck.nether.net/pipermail/cisco-nsp/
___
cisco-nsp mailing list  cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/

Re: [c-nsp] ASR920 - Any "outstanding" TAC cases people are working through?

2016-06-04 Thread CiscoNSP List 
Wow...thanks - okthought this was referring to the "other" memory leak bug, 
but this looks to be a new one, no IOS fix yetworkaround is 
"interesting"

Workaround:
Issue 'no shut' on all the interface in the system, consumed memory is released.





From: Erik Sundberg <esundb...@nitelusa.com>
Sent: Friday, 3 June 2016 5:41 AM
To: CiscoNSP List; Mark Tinka; James Jun
Cc: cisco-nsp@puck.nether.net
Subject: RE: [c-nsp] ASR920 - Any "outstanding" TAC cases people are working 
through?

We have been using ASR920's for a couple months now.

I have an outstanding Memory leak issue in 
asr920-universalk9_npe.03.16.01a.S.155-3.S1a-ext.bin

https://bst.cloudapps.cisco.com/bugsearch/bug/CSCuy87268

The work around doesn't work for me, I just tried it. TAC gave me the 
following. We have to reboot the ASR920 to lower the memory back down.

The fix for CSCuy87268 has been committed and would be available in the 
following releases:

XE 3.16.4S/15.5(3)S4 - planned for September 2016.
XE 3.18.S1/15.6(2)S1 - planned for mid June 2016.



Issue RP0 memory usage at 98% and growing, status is in the warning state. I 
had to reboot the device to get the memory back down, however it still grows.


Model: ASR-920-24SZ-M

ASR920 - #1
98% used memory and uptime is 24 weeks.
ASR920#sh platform software status control-processor bri
Load Average
 Slot  Status  1-Min  5-Min 15-Min
  RP0 Healthy   0.04   0.07   0.04

Memory (kB)
 Slot  StatusTotal Used (Pct) Free (Pct) Committed (Pct)
  RP0 Warning  3438048  3361672 (98%)76376 ( 2%)   3345388 (97%)

CPU Utilization
 Slot  CPU   User System   Nice   IdleIRQ   SIRQ IOwait
  RP00  11.93   7.22   0.00  80.64   0.00   0.20   0.00
 1   9.60   8.30   0.00  81.78   0.00   0.30   0.00


ASR920 - #2 Before Reboot (Uptime around 10 Weeks)

ASR920#sh platform software status control-processor bri
Load Average
  Slot  Status  1-Min  5-Min 15-Min
   RP0 Healthy   0.00   0.00   0.00

Memory (kB)
  Slot  StatusTotal Used (Pct) Free (Pct) Committed (Pct)
  RP0 Warning  3438048  3360436 (98%)77612 ( 2%)   3341328 (97%)

CPU Utilization
  Slot  CPU   User System   Nice   IdleIRQ   SIRQ IOwait
   RP00   6.60   3.70   0.00  89.38   0.00   0.30   0.00
1   1.40   0.80   0.00  97.80   0.00   0.00   0.00


ASR920 - #2 Post Reboot

EAR1.ATL1#sh platform software status control-processor bri
Load Average
 Slot  Status  1-Min  5-Min 15-Min
  RP0 Healthy   0.00   0.02   0.00

Memory (kB)
 Slot  StatusTotal Used (Pct) Free (Pct) Committed (Pct)
  RP0 Healthy  3438048  1855832 (54%)  1582216 (46%)   1512524 (44%)

CPU Utilization
 Slot  CPU   User System   Nice   IdleIRQ   SIRQ IOwait
  RP00  10.68  10.88   0.00  78.02   0.00   0.39   0.00
 1   6.29   6.49   0.00  86.91   0.00   0.29   0.00




The memory leaks in the process SPA_XCVR_OIR and  enqueue_oir_msg  from what 
tac has told me.

EAR1.ATL1#  show platform software memory iomd 0/0 brief
  module  allocated requested allocsfrees
  --
  DEVOBJ  38496 37792 880
  IOMd intr   1392  1104  360
  Summary 1198313647679413327 496656324 431793784
  appsess_ctx 1736  1728  1 0
  appsess_timer   56403 1
  bsess_hdl   40321 0
  cdh-shim7260  5940  165   0
  cdllib  1668  1660  7 6
  chunk   5573  5517  7 0
  enqueue_oir_msg 506580480 253290240 49236333  17575053
  env_wheel   20108 20100 1 0
  eventutil   310794307834386   16
  fpd_sb  208   200   1 0
  fpd_upg 5636  5548  110
  geim_esb5040  4816  280
  geim_hwidb  16352 16128 280
  geim_instance   16800 16576 280
  geim_spa_instance   13440 13216 280
  geim_spa_plugin 764   756   2 1
  ipc_shim_pak0 0 17057467  17057467
  null_spa_plugin 104   961 0
  oir_create  80721 0
  oir_enqueue_event   0 0 1 1
  oir_processing  24161 0
  queue   240   200   5 0
  spa_

Re: [c-nsp] ISR4431 memory usage

2016-06-04 Thread CiscoNSP List 

Thanks Juergen - Did you notice any significant increase in ram utilisation 
once you enabled the 2 full tables?  (i.e. ours is currently sitting at ~83%, 
base conf)or did memory usage not change that much (i.e. it was 
"reallocated" from other processes)


Cheers



From: cisco-nsp  on behalf of Juergen 
Marenda 
Sent: Friday, 3 June 2016 12:50 AM
To: cisco-nsp@puck.nether.net
Subject: Re: [c-nsp] ISR4431 memory usage

Have several ISR4431 with minimum two full tables (but no default),
without problems, migrated from 7201 and [23]8xx'er

(but memory-eater "soft-reconfiguration" is no longer in use)

Juergen.

___
cisco-nsp mailing list  cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
cisco-nsp Info Page - 
puck.nether.net
puck.nether.net
To see the collection of prior postings to the list, visit the cisco-nsp 
Archives. Using cisco-nsp: To post a message to all the list members, send ...



archive at http://puck.nether.net/pipermail/cisco-nsp/
___
cisco-nsp mailing list  cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/

Re: [c-nsp] ISR4431 memory usage

2016-06-01 Thread CiscoNSP List 

Thanks Chuck - Much appreciated.



From: Chuck Church <chuckchu...@gmail.com>
Sent: Thursday, 2 June 2016 12:32 PM
To: 'CiscoNSP List'; cisco-nsp@puck.nether.net
Subject: RE: [c-nsp] ISR4431 memory usage

I don't see a problem with the amount of memory you've got free, and the
biggest block.  1.4 GB free, 1.0GB largest block are a ton of memory for a
full table.

Chuck

-Original Message-
From: CiscoNSP List [mailto:cisconsp_l...@hotmail.com]
Sent: Wednesday, June 01, 2016 6:05 PM
To: Chuck Church <chuckchu...@gmail.com>; cisco-nsp@puck.nether.net
Subject: Re: [c-nsp] ISR4431 memory usage


Thanks Chuck - Yes, from my experience on the ASR1K's the iosd does consume
a lot of ram...dont have access to one atm, but I dont recall them using as
much as these ISR4431's (With pretty much base conf on them)

sh mem fyr on the 4431

sh mem
HeadTotal(b) Used(b) Free(b)   Lowest(b)
Largest(b)
Processor  7F350775C010   1727628752   295329344   1432299408   678975912
1048575908
 lsmpi_io  7F350705A1A8 6295128 6294304 824 824
412
Dynamic heap limit(MB) 1000  Use(MB) 0

I could probably try and squeeze in a full table on the 4431, but it's
looking like 8Gb might be needed to safely do so?

Cheers


From: Chuck Church <chuckchu...@gmail.com>
Sent: Wednesday, 1 June 2016 10:09 PM
To: 'CiscoNSP List'; cisco-nsp@puck.nether.net
Subject: RE: [c-nsp] ISR4431 memory usage

Isn't that normal, for the linux kernel to give most of the RAM to IOSD?
>From inside IOSD is where you need to be concerned.  What does the
traditional 'show mem' tell you, the first few lines?  The 'free' and
'largest' columns are what you are looking for.

Chuck

-Original Message-
From: cisco-nsp [mailto:cisco-nsp-boun...@puck.nether.net] On Behalf Of
CiscoNSP List
Sent: Tuesday, May 31, 2016 10:10 PM
To: cisco-nsp@puck.nether.net
Subject: [c-nsp] ISR4431 memory usage

Hi Everyone,


Purchased a couple of ISR4431's for a small POP,  that has a single
IPTransit service (Currently being handled by an old 2851, taking full table
and default)obviously full table not necessary, but we had a customer at
this POP that wanted the full table advertised to them, so we needed to take
it from the upstream.


2851 handles the full table no problems - only has 1Gb dram, and is using
~57% ram


The 4431's we purchased to replace the 2851 have (default) 4Gb ram, and I
was a little shocked when I turned them on to see that with virtually no
config on them, they are already using ~83-84% of the ram:


#show platform software status control-processor brief Load Average  Slot
Status  1-Min  5-Min 15-Min
  RP0 Healthy   0.00   0.00   0.00

Memory (kB)
 Slot  StatusTotal Used (Pct) Free (Pct) Committed (Pct)
  RP0 Healthy  3972052  3317944 (84%)   654108 (16%)   1530296 (39%)


sh platform resources
**State Acronym: H - Healthy, W - Warning, C - Critical
Resource Usage Max Warning
CriticalState


RP0 (ok, active)
H
 Control Processor   5.81% 100%90%
95% H
  DRAM   3240MB(83%)   3878MB  90%
95% H
ESP0(ok, active)
H
 QFP
H
  DRAM   1609582KB(76%)2097152KB   80%
90% H
  IRAM   0KB(0%)   0KB 80%
90% H


..and iosd looks to be the main user:


#monitor platform software process rp active

top - 09:59:58 up 7 days, 23:38,  0 users,  load average: 0.00, 0.00, 0.00
Tasks: 380 total,   4 running, 376 sleeping,   0 stopped,   0 zombie
Cpu(s):  0.7%us,  1.7%sy,  0.0%ni, 97.6%id,  0.0%wa,  0.0%hi,  0.0%si,
0.0%st
Mem:   3972052k total,  3324360k used,   647692k free,   211736k buffers
Swap:0k total,0k used,0k free,  1705968k cached

  PID USER  PR  NI  VIRT  RES  SHR S %CPU %MEMTIME+  COMMAND
30505 root  20   0 9830m 161m 113m R   10  4.2   1226:27 fman_fp_image
23117 root  20   0 2205m 709m 341m S3 18.3 258:15.06 linux_iosd-imag
20408 root  20   0  288m  73m  30m S2  1.9 192:48.66 bsm
 2142 root  20   0 72468  24m  18m S1  0.6  69:33.01 iomd



...Now, my question is, can we "safely" take the full table on the
4431's...Ive had a read of the following:
http://www.cisco.com/c/en/us/td/docs/routers/access/4400/troubleshooting/mem
orytroubleshooting/isr4000_mem.html


And it mentions that iosd/memory allocation is allocated as "needed"...but
Im not clear on whether the way the platform allocates memory, will allow us
to take a full table with 4Gb ram.Im really hoping it will, and we dont
have to upgrade the ram on them?


Cheers.



[http://www.cisco.com/web/fw/i/logo-open-graph.gif]<http://www.ci

Re: [c-nsp] ISR4431 memory usage

2016-06-01 Thread CiscoNSP List 
Thanks Nick - As mentioned, we have some ASR1Ks, with 4G ram(RP1s), that 
certainly didnt use this much with a base confthanks for the link.it's 
looking like I might need to go to 8Gb to take a full table on the 4431.

Cheers


From: Nick Cutting <ncutt...@edgetg.com>
Sent: Wednesday, 1 June 2016 10:52 PM
To: CiscoNSP List; cisco-nsp@puck.nether.net
Subject: RE: ISR4431 memory usage

My 4431's command outputs look similar to yours - almost the same in fact, and 
I've got maybe 1k routes on these and a few vrfs

I think it pre-allocates the RAM like Linux does. 2851 is vastly different 
architecture running plain IOS vs XE.

I was under the impression that you needed 8 gigs of Ram for a full table on an 
XE device - the 44xx are similar to ASR1k - whereas the 43xx are more like 
classic ISRs.

I think I read this older article here:

https://supportforums.cisco.com/document/12202206/size-internet-global-routing-table-and-its-potential-side-effects


-Original Message-
From: cisco-nsp [mailto:cisco-nsp-boun...@puck.nether.net] On Behalf Of 
CiscoNSP List
Sent: Tuesday, May 31, 2016 10:10 PM
To: cisco-nsp@puck.nether.net
Subject: [c-nsp] ISR4431 memory usage

Hi Everyone,


Purchased a couple of ISR4431's for a small POP,  that has a single IPTransit 
service (Currently being handled by an old 2851, taking full table and 
default)obviously full table not necessary, but we had a customer at this 
POP that wanted the full table advertised to them, so we needed to take it from 
the upstream.


2851 handles the full table no problems - only has 1Gb dram, and is using ~57% 
ram


The 4431's we purchased to replace the 2851 have (default) 4Gb ram, and I was a 
little shocked when I turned them on to see that with virtually no config on 
them, they are already using ~83-84% of the ram:


#show platform software status control-processor brief Load Average  Slot  
Status  1-Min  5-Min 15-Min
  RP0 Healthy   0.00   0.00   0.00

Memory (kB)
 Slot  StatusTotal Used (Pct) Free (Pct) Committed (Pct)
  RP0 Healthy  3972052  3317944 (84%)   654108 (16%)   1530296 (39%)


sh platform resources
**State Acronym: H - Healthy, W - Warning, C - Critical
Resource Usage Max Warning 
CriticalState

RP0 (ok, active)
   H
 Control Processor   5.81% 100%90% 
95% H
  DRAM   3240MB(83%)   3878MB  90% 
95% H
ESP0(ok, active)
   H
 QFP
   H
  DRAM   1609582KB(76%)2097152KB   80% 
90% H
  IRAM   0KB(0%)   0KB 80% 
90% H


..and iosd looks to be the main user:


#monitor platform software process rp active

top - 09:59:58 up 7 days, 23:38,  0 users,  load average: 0.00, 0.00, 0.00
Tasks: 380 total,   4 running, 376 sleeping,   0 stopped,   0 zombie
Cpu(s):  0.7%us,  1.7%sy,  0.0%ni, 97.6%id,  0.0%wa,  0.0%hi,  0.0%si,  0.0%st
Mem:   3972052k total,  3324360k used,   647692k free,   211736k buffers
Swap:0k total,0k used,0k free,  1705968k cached

  PID USER  PR  NI  VIRT  RES  SHR S %CPU %MEMTIME+  COMMAND
30505 root  20   0 9830m 161m 113m R   10  4.2   1226:27 fman_fp_image
23117 root  20   0 2205m 709m 341m S3 18.3 258:15.06 linux_iosd-imag
20408 root  20   0  288m  73m  30m S2  1.9 192:48.66 bsm
 2142 root  20   0 72468  24m  18m S1  0.6  69:33.01 iomd



...Now, my question is, can we "safely" take the full table on the 4431's...Ive 
had a read of the following: 
http://www.cisco.com/c/en/us/td/docs/routers/access/4400/troubleshooting/memorytroubleshooting/isr4000_mem.html


And it mentions that iosd/memory allocation is allocated as "needed"...but Im 
not clear on whether the way the platform allocates memory, will allow us to 
take a full table with 4Gb ram.Im really hoping it will, and we dont have 
to upgrade the ram on them?


Cheers.



[http://www.cisco.com/web/fw/i/logo-open-graph.gif]<http://www.cisco.com/c/en/us/td/docs/routers/access/4400/troubleshooting/memorytroubleshooting/isr4000_mem.html>

Memory Troubleshooting Guide for Cisco 4000 Series 
ISRs<http://www.cisco.com/c/en/us/td/docs/routers/access/4400/troubleshooting/memorytroubleshooting/isr4000_mem.html>
www.cisco.com
DRAM for Cisco 4300 Series ISRs . Cisco 4300 ISR platforms use 1600MHz DIMMs 
for memory. The platforms have one or

Re: [c-nsp] ISR4431 memory usage

2016-06-01 Thread CiscoNSP List 

Thanks Chuck - Yes, from my experience on the ASR1K's the iosd does consume a 
lot of ram...dont have access to one atm, but I dont recall them using as much 
as these ISR4431's (With pretty much base conf on them)

sh mem fyr on the 4431

sh mem
HeadTotal(b) Used(b) Free(b)   Lowest(b)  Largest(b)
Processor  7F350775C010   1727628752   295329344   1432299408   678975912   
1048575908
 lsmpi_io  7F350705A1A8 6295128 6294304 824 824 
412
Dynamic heap limit(MB) 1000  Use(MB) 0

I could probably try and squeeze in a full table on the 4431, but it's looking 
like 8Gb might be needed to safely do so?

Cheers


From: Chuck Church <chuckchu...@gmail.com>
Sent: Wednesday, 1 June 2016 10:09 PM
To: 'CiscoNSP List'; cisco-nsp@puck.nether.net
Subject: RE: [c-nsp] ISR4431 memory usage

Isn't that normal, for the linux kernel to give most of the RAM to IOSD?
>From inside IOSD is where you need to be concerned.  What does the
traditional 'show mem' tell you, the first few lines?  The 'free' and
'largest' columns are what you are looking for.

Chuck

-Original Message-
From: cisco-nsp [mailto:cisco-nsp-boun...@puck.nether.net] On Behalf Of
CiscoNSP List
Sent: Tuesday, May 31, 2016 10:10 PM
To: cisco-nsp@puck.nether.net
Subject: [c-nsp] ISR4431 memory usage

Hi Everyone,


Purchased a couple of ISR4431's for a small POP,  that has a single
IPTransit service (Currently being handled by an old 2851, taking full table
and default)obviously full table not necessary, but we had a customer at
this POP that wanted the full table advertised to them, so we needed to take
it from the upstream.


2851 handles the full table no problems - only has 1Gb dram, and is using
~57% ram


The 4431's we purchased to replace the 2851 have (default) 4Gb ram, and I
was a little shocked when I turned them on to see that with virtually no
config on them, they are already using ~83-84% of the ram:


#show platform software status control-processor brief Load Average  Slot
Status  1-Min  5-Min 15-Min
  RP0 Healthy   0.00   0.00   0.00

Memory (kB)
 Slot  StatusTotal Used (Pct) Free (Pct) Committed (Pct)
  RP0 Healthy  3972052  3317944 (84%)   654108 (16%)   1530296 (39%)


sh platform resources
**State Acronym: H - Healthy, W - Warning, C - Critical
Resource Usage Max Warning
CriticalState


RP0 (ok, active)
H
 Control Processor   5.81% 100%90%
95% H
  DRAM   3240MB(83%)   3878MB  90%
95% H
ESP0(ok, active)
H
 QFP
H
  DRAM   1609582KB(76%)2097152KB   80%
90% H
  IRAM   0KB(0%)   0KB 80%
90% H


..and iosd looks to be the main user:


#monitor platform software process rp active

top - 09:59:58 up 7 days, 23:38,  0 users,  load average: 0.00, 0.00, 0.00
Tasks: 380 total,   4 running, 376 sleeping,   0 stopped,   0 zombie
Cpu(s):  0.7%us,  1.7%sy,  0.0%ni, 97.6%id,  0.0%wa,  0.0%hi,  0.0%si,
0.0%st
Mem:   3972052k total,  3324360k used,   647692k free,   211736k buffers
Swap:0k total,0k used,0k free,  1705968k cached

  PID USER  PR  NI  VIRT  RES  SHR S %CPU %MEMTIME+  COMMAND
30505 root  20   0 9830m 161m 113m R   10  4.2   1226:27 fman_fp_image
23117 root  20   0 2205m 709m 341m S3 18.3 258:15.06 linux_iosd-imag
20408 root  20   0  288m  73m  30m S2  1.9 192:48.66 bsm
 2142 root  20   0 72468  24m  18m S1  0.6  69:33.01 iomd



...Now, my question is, can we "safely" take the full table on the
4431's...Ive had a read of the following:
http://www.cisco.com/c/en/us/td/docs/routers/access/4400/troubleshooting/mem
orytroubleshooting/isr4000_mem.html


And it mentions that iosd/memory allocation is allocated as "needed"...but
Im not clear on whether the way the platform allocates memory, will allow us
to take a full table with 4Gb ram.Im really hoping it will, and we dont
have to upgrade the ram on them?


Cheers.



[http://www.cisco.com/web/fw/i/logo-open-graph.gif]<http://www.cisco.com/c/e
n/us/td/docs/routers/access/4400/troubleshooting/memorytroubleshooting/isr40
00_mem.html>

Memory Troubleshooting Guide for Cisco 4000 Series
ISRs<http://www.cisco.com/c/en/us/td/docs/routers/access/4400/troubleshootin
g/memorytroubleshooting/isr4000_mem.html>
www.cisco.com
DRAM for Cisco 4300 Series ISRs . Cisco 4300 ISR platforms use 1600MHz DIMMs
for memory. The platforms have one or two DIMM slots for main system memory.




___
cisco-nsp mailing list  cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at h

[c-nsp] ISR4431 memory usage

2016-05-31 Thread CiscoNSP List 
Hi Everyone,


Purchased a couple of ISR4431's for a small POP,  that has a single IPTransit 
service (Currently being handled by an old 2851, taking full table and 
default)obviously full table not necessary, but we had a customer at this 
POP that wanted the full table advertised to them, so we needed to take it from 
the upstream.


2851 handles the full table no problems - only has 1Gb dram, and is using ~57% 
ram


The 4431's we purchased to replace the 2851 have (default) 4Gb ram, and I was a 
little shocked when I turned them on to see that with virtually no config on 
them, they are already using ~83-84% of the ram:


#show platform software status control-processor brief
Load Average
 Slot  Status  1-Min  5-Min 15-Min
  RP0 Healthy   0.00   0.00   0.00

Memory (kB)
 Slot  StatusTotal Used (Pct) Free (Pct) Committed (Pct)
  RP0 Healthy  3972052  3317944 (84%)   654108 (16%)   1530296 (39%)


sh platform resources
**State Acronym: H - Healthy, W - Warning, C - Critical
Resource Usage Max Warning 
CriticalState

RP0 (ok, active)
   H
 Control Processor   5.81% 100%90% 
95% H
  DRAM   3240MB(83%)   3878MB  90% 
95% H
ESP0(ok, active)
   H
 QFP
   H
  DRAM   1609582KB(76%)2097152KB   80% 
90% H
  IRAM   0KB(0%)   0KB 80% 
90% H


..and iosd looks to be the main user:


#monitor platform software process rp active

top - 09:59:58 up 7 days, 23:38,  0 users,  load average: 0.00, 0.00, 0.00
Tasks: 380 total,   4 running, 376 sleeping,   0 stopped,   0 zombie
Cpu(s):  0.7%us,  1.7%sy,  0.0%ni, 97.6%id,  0.0%wa,  0.0%hi,  0.0%si,  0.0%st
Mem:   3972052k total,  3324360k used,   647692k free,   211736k buffers
Swap:0k total,0k used,0k free,  1705968k cached

  PID USER  PR  NI  VIRT  RES  SHR S %CPU %MEMTIME+  COMMAND
30505 root  20   0 9830m 161m 113m R   10  4.2   1226:27 fman_fp_image
23117 root  20   0 2205m 709m 341m S3 18.3 258:15.06 linux_iosd-imag
20408 root  20   0  288m  73m  30m S2  1.9 192:48.66 bsm
 2142 root  20   0 72468  24m  18m S1  0.6  69:33.01 iomd



...Now, my question is, can we "safely" take the full table on the 4431's...Ive 
had a read of the following: 
http://www.cisco.com/c/en/us/td/docs/routers/access/4400/troubleshooting/memorytroubleshooting/isr4000_mem.html


And it mentions that iosd/memory allocation is allocated as "needed"...but Im 
not clear on whether the way the platform allocates memory, will allow us to 
take a full table with 4Gb ram.Im really hoping it will, and we dont have 
to upgrade the ram on them?


Cheers.



[http://www.cisco.com/web/fw/i/logo-open-graph.gif]

Memory Troubleshooting Guide for Cisco 4000 Series 
ISRs
www.cisco.com
DRAM for Cisco 4300 Series ISRs . Cisco 4300 ISR platforms use 1600MHz DIMMs 
for memory. The platforms have one or two DIMM slots for main system memory.




___
cisco-nsp mailing list  cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/

Re: [c-nsp] ASR920 - Any "outstanding" TAC cases people are working through?

2016-05-26 Thread CiscoNSP List 
Cheers Guys - Have 03.16.02aS on the ones ready for deployment, so fingers 
crossed, it remains a stable release :)

Thanks for the feedback.


From: Mark Tinka <mark.ti...@seacom.mu>
Sent: Thursday, 26 May 2016 3:35 PM
To: James Jun; CiscoNSP List
Cc: cisco-nsp@puck.nether.net
Subject: Re: [c-nsp] ASR920 - Any "outstanding" TAC cases people are working 
through?

On 26/May/16 06:23, James Jun wrote:

> I believe there is an mpls label-range bug that Mark noted (CSCuy29638) which 
> is outstanding, but that can be worked around by staying out of high label 
> range.

Actually, Cisco normally allocate low-range labels. So this is fine if
the box adjacent to the ASR920 is a Cisco.

Juniper tend to allocate labels in the 300,000 - 400,000+ range. This is
not an issue if the ASR920 is not adjacent to the Juniper. In our case,
all situations where we hit this bug is when the ASR920 is adjacent to a
Juniper. We are not in a position to change the topology to avoid the
adjacency between the ASR920 and a Juniper.

Unfortunately, it is not possible to set a label allocation range in
Junos today, the same way you can on a Cisco. That capability is only
slated for Junos 16.

For us, the workaround is a test image that includes the fix that the BU
built specially for us.

But not to worry, the BU say the fixed image is still on schedule for
release 7th June, this year :-).

>
>
> Thankfully, this bug is also fixed on 03.16.02aS.  920s upgraded to this 
> release appear to be fine so far.

Save for my MPLS label range issue, this release is very stable.

Mark.
___
cisco-nsp mailing list  cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/

[c-nsp] ASR920 - Any "outstanding" TAC cases people are working through?

2016-05-25 Thread CiscoNSP List 
Hi Everyone,


Just reading through all the recent threads, and as we are about to deploy a 
number of these boxes in production, wanted to be 100% on any potential issues 
we may face (couple of recent posts, mention ASR920, ISIS stopping working(And 
routing unexpectedly), and reboot "resolves" the issue(temporarily)...this was 
also an issue on the ME3600's (As reported by Mark Tinka), and a work-around 
provided, but no actual fix by Cisco (Even though the bug has been present for 
some years?)not too sure if this is the case on the ASR920?  Nor if it is 
ISIS specific?


I am aware of the following, and have applied the relevant "recommended" IOS 
update:

bug ID CSCux91894, 
which causes a memory leak with the default configuration.
Problem Symptoms
A memory leak on the ASR 900 Series routers is seen under the iomd process and 
even when the node state is idle.
When executed, this command shows the increased memory leak under spa_xcvr_oir.
#show platform software memory iomd 0/0 brief
The increased memory leak might cause the router to crash and reboot multiple 
times.


Are there any others people are currently working through on these boxes?



Our ASR920's will be used as "PEs"...runninging MPLS/BGP/VRF/OSPF, and 
terminating cust tails.


Just a little hesitant to deploy them atmwhen we originally deployed the 
ME3600's, we got hit with a number of rather nasty issues, so am a little gun 
shy given the ASR920 is the "replacement" for the ME3600, and is also a 
relatively new box..


Thanks in advance.

___
cisco-nsp mailing list  cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/

Re: [c-nsp] LNS Alternatives

2016-05-23 Thread CiscoNSP List 
Cheers Raphael - Wasnt aware of the vrf complexities.this would hurt us 
significantly, as 70-80% of our DSL tails are in vrf's 


From: cisco-nsp  on behalf of raf 

Sent: Monday, 23 May 2016 7:39 PM
To: cisco-nsp@puck.nether.net
Subject: Re: [c-nsp] LNS Alternatives

I would also recommend to have a look at openl2tp.

Software LNS are a good solution if you only need basic features. If you
want to separate user in vrf/context it was a bit more complicated, as
you have to dedicate instance by vrf. but nothing impossible.
So the choice is as always, a relative expensive, but good hardware
platform, or a home solution which need much more engineering.

Or you can mix the two approach, I got a friend who handle 10K of
subscribers using a cluster of X c890 if I remember correctly.

Regards,

--
Raphael Mazelier


Le 22/05/2016 à 03:52, Patrick Cole a écrit :
> I have used l2tpns in a cluster successfully in the past for this.
> It's capable of doing 65k sessions per cluster if you throw enough
> nodes at it.
>
> The codebase is fairly stable and has been around for a long time
> but isn't really maintained anymore.
>
> We recently moved to the ASR1k platform for BRAS and had similar
> gripes over the licensing prices, but just so you know the licenses
> are honesty based on the ASR1k, the box will run at any license
> level once you accept the EULA, but don't expect TAC to be jumping
> to support you when your unlicensed features don't work.
>
> We ended up talking direct to a local Cisco rep and they were able
> to get us fully licensed boxes for the right price point.
>
> Regards,
>
> Patrick
>
>

___
cisco-nsp mailing list  cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/
___
cisco-nsp mailing list  cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/

Re: [c-nsp] LNS Alternatives

2016-05-23 Thread CiscoNSP List 
Thanks James - Apologies for the non-inline replies, Im on phone, via 
Hotmail...lol, makes it difficult :)

Ill have another chat to Cisco, see what they can do for usre Juniper, yes, 
I did look at themmy only issue is that we are only a small company, with 
all Cisco engineers...i.e. zero Juniper in-house knowledge...but Ill 
investigate further...if its a far cheaper option (And feature parity is equal 
or better), then Id be crazy not toowill be a difficult learning experience 
for us all(Mainly due to time constraints), but potentially worth it :)

Yes indeed re radius attributes etcwas scratching my head for a while 
wondering why the hell a basic dsl service wouldnt auth!...some mind boggling 
changes by Cisco lol

Thanks for the tip re QOSwill be doing a lot more testing in this area (As 
well as others!)

Cheers for all your feedback+helpmuch appreciated.


From: cisco-nsp <cisco-nsp-boun...@puck.nether.net> on behalf of James Bensley 
<jwbens...@gmail.com>
Sent: Monday, 23 May 2016 7:28 PM
To: cisco-nsp@puck.nether.net
Subject: Re: [c-nsp] LNS Alternatives

On 23 May 2016 at 10:03, CiscoNSP List <cisconsp_l...@hotmail.com> wrote:
> Cheers James - We need them all(5), as our POPs are geographically VERY far 
> apart lol..majority of our customers are eth based, and use DSL as either 
> redundant link, or where eth/fibre not available...unfortunately, they 
> make a HUGE noise re latency(They are VERY latency conscious!)  when we tried 
> a single LNS setup...i.e. All DSL tails terminating on the one LNS.as an 
> example, 2 sites, 1 kilometre apart, latency was over 120m/sec..if we had an 
> LNS at that POP, latency would have been 30ishhard pill to swallow, but 
> when the noisy customers are spending lots of $ with you, it's best to keep 
> them happy.

Hmm in that case, I would either shout loudly at Cisco to get a better
price, the ASR1001-X for say <1000 subscribers (assuming an even
distribution between PoPs) is rather pricey. Have you considered
Juniper too? You can do all the same stuff on MX's as far as I know,
we have MX480's running as LNS too. Just a thought.

> Regarding features and the "X" range...Ive played a bit now with our Lab 
> 1006, and yes, definitely some "challenging"(insane!) differences between 
> them and the 7200geez the stupid no compression thing,  some reply 
> attributes cause the ASR to use full VAI, which causes it to fail also, qos 
> pre-classify under virt template also causes ASR to use full VAI(Again, 
> causes it to fail).damn, Cisco loved making the transition from 7200->ASR 
> an easy one lol..Are there even more things I need to be aware of with 
> the old 1001 vs the 1001-X series?(From your e-mail, sounds like there is?)

Yes the change in RADIUS attributes and using sub-interfaces et al. is
very annoying. We have managed to work around pretty much everything
however it was additional head ache caused by Cisco, the reasons for
which are (mostly) unknown to us.

They do work AS LNS/BNG, the ASR1000 series devices, I just cast
stress how much testing you must do first. We were having issues were
the couldn't make QoS changes without rebooting the box, so we needed
to get our configs exactly right and fully testd before any traffic
goes live.

Cheers,
James.
___
cisco-nsp mailing list  cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/
___
cisco-nsp mailing list  cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/

Re: [c-nsp] LNS Alternatives

2016-05-23 Thread CiscoNSP List 
Cheers James - We need them all(5), as our POPs are geographically VERY far 
apart lol..majority of our customers are eth based, and use DSL as either 
redundant link, or where eth/fibre not available...unfortunately, they make 
a HUGE noise re latency(They are VERY latency conscious!)  when we tried a 
single LNS setup...i.e. All DSL tails terminating on the one LNS.as an 
example, 2 sites, 1 kilometre apart, latency was over 120m/sec..if we had an 
LNS at that POP, latency would have been 30ishhard pill to swallow, but 
when the noisy customers are spending lots of $ with you, it's best to keep 
them happy.

Regarding features and the "X" range...Ive played a bit now with our Lab 1006, 
and yes, definitely some "challenging"(insane!) differences between them and 
the 7200geez the stupid no compression thing,  some reply attributes cause 
the ASR to use full VAI, which causes it to fail also, qos pre-classify under 
virt template also causes ASR to use full VAI(Again, causes it to 
fail).damn, Cisco loved making the transition from 7200->ASR an easy one 
lol..Are there even more things I need to be aware of with the old 1001 vs 
the 1001-X series?(From your e-mail, sounds like there is?)

Thanks very much for your notes+linksIll be reading them tonight :)


From: cisco-nsp  on behalf of James Bensley 

Sent: Monday, 23 May 2016 6:32 PM
To: cisco-nsp@puck.nether.net
Subject: Re: [c-nsp] LNS Alternatives

> we are only doing ~2-3000 tailsbut to do the same on an ASR1Kwhoa! 
> price is a killer.

At this level you only need two boxes with the correct broadband
licenses (not the 5 originally mentioned, unless you have some other
requirements relating to geo-diversity or backhaul connectivity).

I recommend you advoice the ASR1002-X if possible. There seems to be
various features in the ASR1000 range that aren't support on the
1002-X only.

We have some live ones, they work OK, but we also have some 7200s too!
These are some rough notes I made during the initial testing, many
problems:

https://null.53bits.co.uk/index.php?page=asr-ios-xr-lns-config

https://null.53bits.co.uk/index.php?page=adsl-and-lns-shaping-llq

Cheers,
James.
___
cisco-nsp mailing list  cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/
___
cisco-nsp mailing list  cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/

Re: [c-nsp] ASR1006 Hardware redundancy question

2016-05-22 Thread CiscoNSP List 
You have no RP/ESP/SIP redundancyif any of those fail, you are in trouble

If you add another RP+ESP, then you have auto redundancy...one will be primary, 
the other failover (We have them, I have tried this many times in the 
lab.ie disconnecting primary RP etc to ensure backup RP takes overthey 
do)

If you only have one SIP, but multiple SPAs, then connect into different SPAs 
for "redundancy"but you are only getting SPA redundancy, not 
SIP.dual(Or more SIPs), SPAs in each one, you get SPA redundancy.

Or, the best option, is two completely separate boxesboth connected to 
upstreamcustomers can connect to both.if one dies, you are still 
operational...this is far better than a single box, with dual "everything"


From: cisco-nsp  on behalf of Satish Patel 

Sent: Monday, 23 May 2016 5:13 AM
To: Cisco Network Service Providers
Subject: [c-nsp] ASR1006 Hardware redundancy question

I am new to ASR1006 and i never work on router with hardware
redundancy so i just want some input and understanding how does it
work. currently we have single component so its not a 100% redundant.

ESP40  - 1
RP2 - 1
SIP - 1
SPA - 4  ( 1x10GB SPA)

Question:

Do i need to configure or run some command to tell router related
redundancy or  its builtin function and it will auto detect number of
component and take decision related Action-Hot standby. Let say in
future i purchase RP2 component and plug into router does my router
auto detect two RP2 processor and enable Redundancy?

Just want to understand how Hardware redundancy will work.

In my current setup where we have all single component in that case we
have single SIP with 4 SPA cards, If one of SPA failed how does it
provide redundancy?
___
cisco-nsp mailing list  cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/
___
cisco-nsp mailing list  cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/

Re: [c-nsp] LNS Alternatives

2016-05-21 Thread CiscoNSP List 


Cheers for the reply/info mate - Yes, the licenses are just insane on the 
ASR1K's for broadband.mind boggling.

Im just not 100% clear on the licenses on them.We have ASR1006's and 
ASR1001's(and 1001-Xs).in the lab, the ASR1006 just seems to "work" as an 
LNSi.e. you dont have accept an EULA?  Im assuming it is different on the 
smaller 1Ks, as to unlock features, you have to install PAKs?

So - Chassis based 1Ks, you can basically use as an LNS without doing 
anythingbut its not "legal" and you wont get support

But on the non-chassis based 1Ks (1001's), you have to unlock a feature by 
accepting a EULA? (I dont have access to any of our 1001's atmbut I thought 
you had to install the broadband license on them, to unlock that feature?)

Ive asked this question of our Cisco AM, and even he has no idealol, they 
make it so simple :)

Cheers


From: Patrick Cole <z...@amused.net>
Sent: Sunday, 22 May 2016 11:52 AM
To: CiscoNSP List
Cc: cisco-nsp@puck.nether.net
Subject: Re: [c-nsp] LNS Alternatives

I have used l2tpns in a cluster successfully in the past for this.
It's capable of doing 65k sessions per cluster if you throw enough
nodes at it.

The codebase is fairly stable and has been around for a long time
but isn't really maintained anymore.

We recently moved to the ASR1k platform for BRAS and had similar
gripes over the licensing prices, but just so you know the licenses
are honesty based on the ASR1k, the box will run at any license
level once you accept the EULA, but don't expect TAC to be jumping
to support you when your unlicensed features don't work.

We ended up talking direct to a local Cisco rep and they were able
to get us fully licensed boxes for the right price point.

Regards,

Patrick

Sun, May 22, 2016 at 12:32:17AM +, CiscoNSP List wrote:


> Hi Everyone,
>
>
> We have around 5 POPs that need to terminate DSL tails, so require LNS - 
> historically, we have done this on 7200's, now with 7200 basically EOLd, we 
> are looking at the ASR1K's, but the broadband licensing on them is heinously 
> expensive...Just wondering what others are using as an alternative?  We make 
> very little margin on DSL tails, so if we had to go down the path of 
> ASR1K/Broadband license it would take a very very long time to recoup license 
> costs.
>
>
> Ive had a hunt around for Linux-based options, but all the ones Ive found are 
> from quite a few years back, and dont appear to be under active development?
>
>
> Thanks in advance for any other suggestions.
> ___
> cisco-nsp mailing list  cisco-nsp@puck.nether.net
> https://puck.nether.net/mailman/listinfo/cisco-nsp
> archive at http://puck.nether.net/pipermail/cisco-nsp/
>

--
Patrick Cole <z...@wwwires.com>
Senior Network Specialist
World Without Wires
PO Box 869. Palm Beach, QLD, 4221
Ph:  0410 626 630
___
cisco-nsp mailing list  cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/

Re: [c-nsp] LNS Alternatives

2016-05-21 Thread CiscoNSP List 

Thanks Charles - Ill check out the BSD/linktheir seems to be very few 
"other" options out there...our 7200's worked nicely in this role, we are only 
doing ~2-3000 tailsbut to do the same on an ASR1Kwhoa! price is a 
killer.

Thanks again for the link/info.



From: Charles Sprickman <sp...@bway.net>
Sent: Sunday, 22 May 2016 10:48 AM
To: CiscoNSP List
Cc: cisco-nsp@puck.nether.net
Subject: Re: [c-nsp] LNS Alternatives

> On May 21, 2016, at 8:32 PM, CiscoNSP List <cisconsp_l...@hotmail.com> wrote:
>
> Hi Everyone,
>
>
> We have around 5 POPs that need to terminate DSL tails, so require LNS - 
> historically, we have done this on 7200's, now with 7200 basically EOLd, we 
> are looking at the ASR1K's, but the broadband licensing on them is heinously 
> expensive...Just wondering what others are using as an alternative?  We make 
> very little margin on DSL tails, so if we had to go down the path of 
> ASR1K/Broadband license it would take a very very long time to recoup license 
> costs.
>
>
> Ive had a hunt around for Linux-based options, but all the ones Ive found are 
> from quite a few years back, and dont appear to be under active development?

Vaguely OT, but FreeBSD with mpd5 seems to be a common option for this.  I 
would imagine if you could fit all your users on a 7200, you could terminate at 
least that many on a current generation server.

A quick example config:

https://sourceforge.net/p/mpd/discussion/44693/thread/8038e404/

Charles

>
>
> Thanks in advance for any other suggestions.
> ___
> cisco-nsp mailing list  cisco-nsp@puck.nether.net
> https://puck.nether.net/mailman/listinfo/cisco-nsp
> archive at http://puck.nether.net/pipermail/cisco-nsp/

___
cisco-nsp mailing list  cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/

[c-nsp] LNS Alternatives

2016-05-21 Thread CiscoNSP List 
Hi Everyone,


We have around 5 POPs that need to terminate DSL tails, so require LNS - 
historically, we have done this on 7200's, now with 7200 basically EOLd, we are 
looking at the ASR1K's, but the broadband licensing on them is heinously 
expensive...Just wondering what others are using as an alternative?  We make 
very little margin on DSL tails, so if we had to go down the path of 
ASR1K/Broadband license it would take a very very long time to recoup license 
costs.


Ive had a hunt around for Linux-based options, but all the ones Ive found are 
from quite a few years back, and dont appear to be under active development?


Thanks in advance for any other suggestions.
___
cisco-nsp mailing list  cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/

Re: [c-nsp] FNF vs "old" netflow

2016-05-21 Thread CiscoNSP List 

Cheers Mark...yes, agree 100%...the amount of time spent dealing with issues 
for consumption data is mind boggling at our Companymoving away from 
it(Netflow), and using 95th, fixed rate (snmp graphs as you have mentioned)  is 
where we want to beunfortunately I have to deal with the migration of 
1000's of customers, and also continue to support our legacy billing via 
Netflow until we are fully migrated.lol, hence why I was hoping partially 
simplifying the netflow component would alleviate some of the stress(And also 
current fat finger issues)If we lose some east/west traffic(i.e. traffic 
between customer sites on same box), we are not overly concernedof course 
from a network analytical perspective, having this data is extremely 
beneficial...
 
Thanks

From: Mark Tinka <mark.ti...@seacom.mu>
Sent: Sunday, 22 May 2016 7:25 AM
To: CiscoNSP List; Roland Dobbins; cisco-nsp@puck.nether.net
Subject: Re: [c-nsp] FNF vs "old" netflow

On 21/May/16 23:02, CiscoNSP List wrote:

> Thanks for the reply Roland - Our main issue is that we have a legacy billing 
> platform, that utilises netflow data (So we can bill customers for 
> consumption).we are obviously moving away from this, as it simply does 
> not scale, and is excruciatingly difficult to administer/maintain.
>
> Not having to apply netflow on "every" interface would help our provisioning 
> guysthey occasionally forget this(Yes, this is an internal 
> system/procedural issue...but its what we've got to work with currently), 
> cust has no outbound usage, have to enable it, but we cant retrospectively 
> "capture" the netflow dataso we lose billing data for the time netflow 
> hadnt been enabled on a given Int.
>
> Was hoping we could scale back "where" we enable netflow, just to simplify 
> things.
>
> Ultimately, we want to move completely away from netflow for billing, and 
> bill on fixed rate pipe and 95%but huge job, lots of legacy customers on 
> old netflow plans, so we must continue to support this until we can 
> completely move away from iti.e it will take quite a bit of time :)

I've never found Netflow-based billing to scale well.

Just use simple SNMP-gathered data (guess that "S" actually stands for
something), and have the systems that can turn that data into an invoice.

Mark.
___
cisco-nsp mailing list  cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/

Re: [c-nsp] FNF vs "old" netflow

2016-05-21 Thread CiscoNSP List 
Thanks for the reply Roland - Our main issue is that we have a legacy billing 
platform, that utilises netflow data (So we can bill customers for 
consumption).we are obviously moving away from this, as it simply does not 
scale, and is excruciatingly difficult to administer/maintain.

Not having to apply netflow on "every" interface would help our provisioning 
guysthey occasionally forget this(Yes, this is an internal 
system/procedural issue...but its what we've got to work with currently), cust 
has no outbound usage, have to enable it, but we cant retrospectively "capture" 
the netflow dataso we lose billing data for the time netflow hadnt been 
enabled on a given Int.

Was hoping we could scale back "where" we enable netflow, just to simplify 
things.
 
Ultimately, we want to move completely away from netflow for billing, and bill 
on fixed rate pipe and 95%but huge job, lots of legacy customers on old 
netflow plans, so we must continue to support this until we can completely move 
away from iti.e it will take quite a bit of time :)


From: cisco-nsp <cisco-nsp-boun...@puck.nether.net> on behalf of Roland Dobbins 
<rdobb...@arbor.net>
Sent: Sunday, 22 May 2016 6:00 AM
To: cisco-nsp@puck.nether.net
Subject: Re: [c-nsp] FNF vs "old" netflow

On 21 May 2016, at 20:42, CiscoNSP List wrote:

> If this is true, could we potentially "limit" the number of Interfaces
> we enable FNF on?

No, this is still not a good idea. You could do egress with classic v9,
but it wasn't a good idea then, either.

What's the objection to simply enabling ingress on the relevant
interfaces?

---
Roland Dobbins <rdobb...@arbor.net>
___
cisco-nsp mailing list  cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/
___
cisco-nsp mailing list  cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/

[c-nsp] FNF vs "old" netflow

2016-05-21 Thread CiscoNSP List 
Hi Everyone,


Historically, to capture ingress/egress with V5 netflow, we have enabled ip 
flow ingress on PE cust interface, and also on interpop/transit links...using 
ip flow ingress and egress was always a no no, as you saw duplicate traffic?


With FNF, with "match flow direction" enabled, you would have ip flow monitor 
foo input and output on an Interfacewhich would capture flows in both 
directionsIf this is true, could we potentially "limit" the number of 
Interfaces we enable FNF on?  i.e. Interpop+transit only(i.e. the exit points), 
and you "should" get a holistic view of ingress/egress traffic for all 
customers, without having to enable FNF on each cust facing Int?



Thanks in advance.
___
cisco-nsp mailing list  cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/

Re: [c-nsp] netflow on bridge domain interface

2016-05-18 Thread CiscoNSP List 

Hmm..replied to this earlier, but didnt show up on the list (My other replies 
have come through immediately) - re-sendapologies for double post, if the 
original reply shows up :)

I ran into a similar problem on our older ASR1001's, trying to get FNF to 
workone way traffic only being reported(Config was correct)opened TAC 
case that was "protracted"out of frustration, and needing FNF 
"immediately", I ended up having to just use old-style dot1Q subints, and FNF 
worked without issue(Same config as was on the BDI Int).Ill dig up the old 
case details.but this was at least a year agoso was hoping the "bug" 
was fixed by now




From: cisco-nsp  on behalf of Mike 

Sent: Sunday, 15 May 2016 6:06 AM
To: cisco-nsp@puck.nether.net
Subject: [c-nsp] netflow on bridge domain interface

Hi,

 I am playing to ntopng and nprobe to capture the flow exports from
a bridge domain interface, and I seem to only be seeing statistics for
one side of the conversation however (inbound internet -> hosts). The
BDI is connected to my default gateway and so certainly everything to
and from the internet has to pass by this way. I am running  03.10.05.S
on an asr1000, wondering if this is a bug/limitation/config error on my
part?

Mike-

___
cisco-nsp mailing list  cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/
___
cisco-nsp mailing list  cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/

Re: [c-nsp] Pre-owned equipment vender

2016-05-18 Thread CiscoNSP List 

If you purchase from Curvature, and purchase their support, you basically get 
tech support(Not overly great, but TAC isnt either lol)+advanced hardware 
replacement , but you dont get access to software updateshence why we 
purchase smartnet on any kit we get from Curvature.


From: cisco-nsp  on behalf of Charles 
Sprickman 
Sent: Thursday, 19 May 2016 3:47 AM
To: Brian Lehigh
Cc: Cisco Network Service Providers
Subject: Re: [c-nsp] Pre-owned equipment vender

We’ve used them a bit as well, they seem easy to deal with and any 
mistakes/failures are made right very quickly.

One thing I’m not clear on (I don’t deal with sales) is just how their in-house 
“SmartNet” replacement works.  I understand they can help out on the hardware 
side, but I’m unclear on the software side.  We buy lots of EOL stuff, so I’ve 
not had to deal with updating IOS on 3550 switches and the like. :)  If you 
bought something more modern (like a early gen ASR), what hoops do you have to 
jump through to get software updates from Cisco?

Charles
--
Charles Sprickman
NetEng/SysAdmin
Bway.net - New York's Best Internet www.bway.net
sp...@bway.net - 212.982.9800



> On May 18, 2016, at 11:01 AM, Brian Lehigh  wrote:
>
> Yet another +1 for Curvature / NHR.  I’ve been working with them for years.  
> They are wonderful.  My rep, Shoshana Levy, is amazing.  Responses to emails 
> with in minutes.  Their support is great as well.  I had a Cisco IP phone 
> fail while under their warranty period.  I had a new one show up the first 
> thing the next morning, no questions asked.
>
> -Brian
>
>> On May 18, 2016, at 7:24 AM, Satish Patel  wrote:
>>
>> Hello,
>>
>> We are planning to buy pre-Owned equipment so does anyone has any
>> experience with following 3 venders and their support?
>>
>> curvature
>> networkequipment.net
>> worldwidesupply.net/
>> ___
>> cisco-nsp mailing list  cisco-nsp@puck.nether.net
>> https://puck.nether.net/mailman/listinfo/cisco-nsp
>> archive at http://puck.nether.net/pipermail/cisco-nsp/
>
> ___
> cisco-nsp mailing list  cisco-nsp@puck.nether.net
> https://puck.nether.net/mailman/listinfo/cisco-nsp
> archive at http://puck.nether.net/pipermail/cisco-nsp/

___
cisco-nsp mailing list  cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/
___
cisco-nsp mailing list  cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/

Re: [c-nsp] Pre-owned equipment vender

2016-05-18 Thread CiscoNSP List 

Yes - As per a previous reply to you, we have dealt with Curvature/NHR for many 
years, and concur with Jason - No complaints at all.great to deal 
withlol, even better when AUD was at parity (Or better) with USD!


From: cisco-nsp  on behalf of Jason Lixfeld 

Sent: Thursday, 19 May 2016 12:38 AM
To: Satish Patel
Cc: Cisco Network Service Providers
Subject: Re: [c-nsp] Pre-owned equipment vender

I’ve been dealing with Curvature (formerly Network Hardware Resale) for almost 
5 years, and they are amazing!  Pricing is good.  Support is good.  Packaging 
is good.  All around praise for those folks.

> On May 18, 2016, at 10:24 AM, Satish Patel  wrote:
>
> Hello,
>
> We are planning to buy pre-Owned equipment so does anyone has any
> experience with following 3 venders and their support?
>
> curvature
> networkequipment.net
> worldwidesupply.net/
> ___
> cisco-nsp mailing list  cisco-nsp@puck.nether.net
> https://puck.nether.net/mailman/listinfo/cisco-nsp
> archive at http://puck.nether.net/pipermail/cisco-nsp/

___
cisco-nsp mailing list  cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/
___
cisco-nsp mailing list  cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/

Re: [c-nsp] netflow on bridge domain interface

2016-05-18 Thread CiscoNSP List 

I ran into a similar problem on our older ASR1001's, trying to get FNF to 
workone way traffic only being reported(Config was correct)opened TAC 
case that was "protracted"out of frustration, and needing FNF 
"immediately", I ended up having to just use old-style dot1Q subints, and FNF 
worked without issue(Same config as was on the BDI Int).Ill dig up the old 
case details.but this was at least a year agoso was hoping the "bug" 
was fixed by now


From: cisco-nsp  on behalf of Mike 

Sent: Sunday, 15 May 2016 6:06 AM
To: cisco-nsp@puck.nether.net
Subject: [c-nsp] netflow on bridge domain interface

Hi,

 I am playing to ntopng and nprobe to capture the flow exports from
a bridge domain interface, and I seem to only be seeing statistics for
one side of the conversation however (inbound internet -> hosts). The
BDI is connected to my default gateway and so certainly everything to
and from the internet has to pass by this way. I am running  03.10.05.S
on an asr1000, wondering if this is a bug/limitation/config error on my
part?

Mike-

___
cisco-nsp mailing list  cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/
___
cisco-nsp mailing list  cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/

[c-nsp] EVC/BDI vs dot1q subint on ASR1K

2016-05-16 Thread CiscoNSP List 
Hi Everyone,


Historically, we have used the old-style dot1q subints on 7200's, and then when 
we moved to the ASR1K, BDI had a bug with FNF, so we went with dot1q subints, 
purely for netflow support.BDI/FNF Ive yet to test on our new batch of 
ASR1001X's, but do "most" use EVC/BDI vs dot1q subintsi.e. from a feature 
parity perspective, EVC/BDI *should* support all (and more) than dot1q subints?



Cheers.
___
cisco-nsp mailing list  cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/

Re: [c-nsp] ASR920 vs ME3600 (BDI/vlan/dot1q subints)

2016-05-11 Thread CiscoNSP List 

Cheers Mark - much appreciated.


From: Mark Tinka <mark.ti...@seacom.mu>
Sent: Thursday, 12 May 2016 5:37 AM
To: CiscoNSP List; cisco-nsp@puck.nether.net
Subject: Re: [c-nsp] ASR920 vs ME3600 (BDI/vlan/dot1q subints)

On 11/May/16 08:32, CiscoNSP List wrote:

> (Apologies if double post, sent this earlier, but it hasnt shown up)
>
>
> Hi everyone,
>
> First real look at an ASR920 (Historically we have used ME3600's for this 
> role...cust VRFs etc) - Now, I see the ASR920 is definitely "different" to 
> the ME3600ie. no "switchport" commands.more like a router..
>
> So;
>
> On an ME3600, we would have a dot1q trunk coming from an edge L2 switch 
> tagging customer vlans, on the ME3600 port, we would have:
>
> interface GigabitEthernet0/4
>  description DOT1QTRUNK_TO_EDGE_SWITCH_FOO
>  switchport trunk allowed vlan none
>  switchport mode trunk
>  load-interval 30
>  no cdp enable
>  service instance 15 ethernet
>   description MANAGEMENT_INT_FOR_TORSW
>   encapsulation dot1q 15
>   rewrite ingress tag pop 1 symmetric
>   bridge-domain 15
>
> Then a vlan int (15) with L3
>
> On the ASR920, we cannot do thisin the same way...

As you've now discovered, there is no "switchport" concept on the ASR920
as there is on the ME3600X/3800X.

The IP or MPLS stitch for ASR920's is the BDI interface, as opposed to
the SVI interface on the ME3600X/3800X.

>
> So, we can use BDI ints, or the old dot1q subints...
>
> bdi example...hopefully correct ??
>
> int gi0/0/23
> description DOT1QTRUNK_TO_EDGE_SWITCH_FOO
>  service instance 15 ethernet
>   description MANAGEMENT_INT_FOR_TORSW
>   encapsulation dot1q 15
>   rewrite ingress tag pop 1 symmetric
>   bridge-domain 15
>
> Then a BDI int (15) with L3
>
> Would the above be correct?

Yep, that is right.


>   And if so, are there any major limitations (QOS for example) that anyone is 
> aware of when using BDI vs the old dot1q subint?  (On our ASR1001's, we 
> initially used BDI Ints, but found netflow did not work "correctly", so 
> swapped back to dot1q subints)

QoS on the ASR920 is closer to the ASR1000.

There is a little niggle when matching a class-map for simple egress
policing. You need to match a user-defined class-map, in addition to
matching class-default. If you do not include the user-defined
class-map, the configuration will be invalid.

Other than that, it all works really well.

Mark.

___
cisco-nsp mailing list  cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/

Re: [c-nsp] ASR920 stops routing unexpectedly

2016-05-11 Thread CiscoNSP List 

Hmm…If memory serves correct, Marks issue may have been on the ME3600(ISIS 
issue), not the ASR920…..Ill confirm tomorrow


From: cisco-nsp <cisco-nsp-boun...@puck.nether.net> on behalf of CiscoNSP List 
<cisconsp_l...@hotmail.com>
Sent: Wednesday, 11 May 2016 9:43 PM
To: Eric Van Tol; cisco-nsp@puck.nether.net
Subject: Re: [c-nsp] ASR920 stops routing unexpectedly

Hi,

Sorry can't help you with your issue (Im in the process of deploying some 
ASR920's, so hope you do find and answer), but Im fairly certain Mark Tinka (On 
this list) has/had a similar issue…Im on phone atm, so can't easily search 
though archives, but will have a look tomorrow morning….Mark will probably 
respond prior to that anyway ;)

Cheers


From: cisco-nsp <cisco-nsp-boun...@puck.nether.net> on behalf of Eric Van Tol 
<e...@atlantech.net>
Sent: Wednesday, 11 May 2016 7:48 PM
To: cisco-nsp@puck.nether.net
Subject: [c-nsp] ASR920 stops routing unexpectedly

Hi all,
I am now on my third day with TAC on this problem and they are driving me up a 
wall. I have an ASR-920-24SZ-M that has been in service for almost a year, on 
3.15.0S running ISIS, BFD on one link, BGP, LDP, MPLS. Shortly after midnight 
this past Saturday, it stopped routing for no apparent reason. As we have it 
connected to an ethernet OOB network, I was able to get in it to take a look.

The first thing we see is that BFD on one of the upstream links times out. Then 
*every* ISIS session on the router goes down and it stops processing ISIS 
updates. All the interfaces were up/up and doing a shut/no shut on them did not 
bring ISIS back up. Unfortunately, I wasn't thoughtful enough to do a simple 
ping across them to see if they were processing *anything*. The only way to 
recover appeared to be a reboot.

I'd chalk that up to a "network anomaly", but the following night it happened 
again right around the same time. Again, in my rush to get everything back up 
and running, I had to reboot it before I could gather much information (ie. no 
ping, like an idiot).

I'm running 3.15.0S, but don't want to upgrade without knowing what this is. I 
found this link to an old discussion:

http://www.gossamer-threads.com/lists/cisco/nsp/191739#191739

But TAC is ignoring my request for details on this bug. The first level TAC 
engineer keeps focusing on the upstream link, completely ignoring the fact that 
the router stops processing routing protocol updates. Anyone else experience 
this kind of weirdness with the ASR? And if so, what can I tell the next TAC 
engineer in order to get past this "it looks like a link failure" tunnel vision 
bullshit that they so often like to have?

-evt

___
cisco-nsp mailing list  cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/
___
cisco-nsp mailing list  cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/
___
cisco-nsp mailing list  cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/

  1   2   3   4   5   >