Re: [c-nsp] FIB scale on ASR9001

[Robert Hass]

On Wed, Nov 10, 2021 at 8:15 AM Mark Tinka  wrote:
> Not really that interested in Cisco anymore.

We will keep our ASR 9001 until support will expire, but for small Edge nodes.

Well it is hard to trust Cisco currently.

I can recall our CSR 1000V story (permament licenses). CSR 1000V
permament licenses are EoL/EoS. But subscription CSR 1000V are not, so
you need to pay again for something you already paid for.
Next move was Catalyst 8000V which is CSR 1000V but with just new name,

How to deceive a customer who bought licenses?
1. Release a newer version under a newer name (Catalyst 8000V).
2. Retiring the previous product/version - EoS/EoL - CSR 1000V.
3. By that you simply stop discussion regarding perpetual ->
subscrption model change
4. Done. Dear customers - pay again for same piece of software!

Rob
___
cisco-nsp mailing list  cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/

[c-nsp] FIB scale on ASR9001

[Robert Hass]

Hi

What IPv4 FIB scale I can expect from ASR9001 ?
BGP table is growing and I want to predict how much lifespan those
boxes still have.

Thanks
Rob
___
cisco-nsp mailing list  cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/

Re: [c-nsp] telemetry on IOS XE

[Robert Hass]

Yes I did

#sh run | inc netconf
netconf-yang

#show platform software yang-management process
confd: Running
nesd : Running
syncfd   : Running
ncsshd   : Running
dmiauthd : Running
nginx: Running
ndbmand  : Running
pubd : Running
gnmib: Not Running

On Sat, Jun 20, 2020 at 12:02 AM Dave Bell  wrote:

> Have you enabled netconf-yang?
>
> On Fri, 19 Jun 2020 at 20:46, Robert Hass  wrote:
>
>> Hi
>> I'm trying to run telemetry on IOS XE (Catalyst 9300) but without lack.
>>
>> My config:
>>
>> test#sh run | sec tele
>> telemetry ietf subscription 1
>>  encoding encode-kvgpb
>>  filter xpath
>> /process-cpu-ios-xe-oper:cpu-usage/cpu-utilization/five-seconds
>>  source-address 10.0.0.147
>>  source-vrf Mgmt-vrf
>>  stream yang-push
>>  update-policy periodic 500
>>  receiver ip address 10.0.3.16 12345 protocol grpc-tcp
>>
>> But it's not working:
>> #show telemetry ietf subscription all
>> The process for the command is not responding or is otherwise unavailable
>>
>> Any ideas ?
>>
>> Running IOS XE  17.02.01
>>
>> Rob
>> ___
>> cisco-nsp mailing list  cisco-nsp@puck.nether.net
>> https://puck.nether.net/mailman/listinfo/cisco-nsp
>> archive at http://puck.nether.net/pipermail/cisco-nsp/
>>
>
___
cisco-nsp mailing list  cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/

[c-nsp] telemetry on IOS XE

[Robert Hass]

Hi
I'm trying to run telemetry on IOS XE (Catalyst 9300) but without lack.

My config:

test#sh run | sec tele
telemetry ietf subscription 1
 encoding encode-kvgpb
 filter xpath
/process-cpu-ios-xe-oper:cpu-usage/cpu-utilization/five-seconds
 source-address 10.0.0.147
 source-vrf Mgmt-vrf
 stream yang-push
 update-policy periodic 500
 receiver ip address 10.0.3.16 12345 protocol grpc-tcp

But it's not working:
#show telemetry ietf subscription all
The process for the command is not responding or is otherwise unavailable

Any ideas ?

Running IOS XE  17.02.01

Rob
___
cisco-nsp mailing list  cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/

[c-nsp] Access Switches Aggregation

[Robert Hass]

Hi
I'm looking for aggregation devices (access switches aggregation).
I need to aggregate around 170 access switches. Each switch need to be
connected to two core/aggregation devices using mLAG. There are few sites,
and every site have around 150-170 access switches.

Requirements:
- 4 * 48 linecards, 10GE SFP+ ports
- Routing: BGP + ISIS
- 12 x 100G ports for inter-site connectivity
- MACsec on 10G and 100G
- Interconnection between sites: Pure-L3, but would like to have ability to
extend L2 VLANs between sites (using EVPN or MPLS)

I considered few platforms:
- Catalyst 9600
- Nexus 9500
- NCS 5508

NCS a bit too expensive. Probably will go for Catalyst or Nexus.
In terms of reliability which solution should I use ?

Is Stack-Wise Virtual similar to VSS which we had on 6500/6800 ?
Can I have different software version on each core/aggregation device ?
(this can provide uninterrupted upgrade with mLAG)

Rob
___
cisco-nsp mailing list  cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/

[c-nsp] IOS XE - Checking amount of IPv4 routes in FIB

[Robert Hass]

Hi
I'm looking for proper command to find out how much routes I have in FIB.
Is "sh ip cef summary" what I'm looking for ?

Example router running IOS XE 03.13.08.S
Received 1.17M routes via BGP

#sh ip cef summary
IPv4 CEF is enabled for distributed and running
VRF Default
 1168031 prefixes (1168030/1 fwd/non-fwd)
 Table id 0x0
 Database epoch:2 (1168031 entries at this epoch)

Rob
___
cisco-nsp mailing list  cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/

[c-nsp] Cisco Nexus Data Broker

[Robert Hass]

Hi
I cannot find information which current models of Nexus switches are
supporting Cisco Nexus Data Broker.

Documents on cisco.com are quite outdated - from 2014 or 2017.

I'm wondering if Data Broker is supported on Nexus 9300 EX/FX and Nexus
3600-R series.

Rob
___
cisco-nsp mailing list  cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/

[c-nsp] MACsec and GCM-AES-XPN-128 support

[Robert Hass]

Hi
I'm looking which Cisco devices supports GCM-*AES*-*XPN*-*128* cipher for
MACsec.
It's looks it's supported on Catalyst 9300/9500 series. But it's looks just
only on 40G and 100G ports.
Is that true ? Can anyone test ?

Unfortunately I don't have Catalyst 9300/9500 in LAB

Rob
___
cisco-nsp mailing list  cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/

[c-nsp] Cisco Nexus 9300 for CORE

[Robert Hass]

Hi
I need to build new core network. We have 6 site's in different cities. All
cities are connected over 100G (provided by ISP).

I just thinking about N9K-C93180YC-FX and N9K-C93240YC-FX2 switches.
- both supports 6 and 12 x 100G ports which I will use to inter-site
connectivity (core links)
- they supports MACsec on 100G - I will use it to encrypt my core links
- each inter-city link is around 500 miles
- most of downlink ports will be 10G and 1G

Any potential problems with this platform for that purpose ?
Buffers are very low - just 40MB. Maybe I should look at Cisco NCS or other
Cisco platform ?

I'm looking for some experience/recommendations.
___
cisco-nsp mailing list  cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/

[c-nsp] eem-script problem

[Robert Hass]

Hi

I have below EEM script running at CSR1K:

event manager applet blah2 authorization bypass
 event syslog pattern "%CLEAR-5-COUNTERS: .*"
 action 0.01 syslog msg "blah2 script"
 action 0.02 cli command "enable"
 action 0.03 cli command "term exec prompt timestamp"
 action 0.04 cli command "term length 0"
 action 0.05 cli command "show clock"
 action 1.01 cli command "sh interfaces gigabitEthernet 1 | include input
errors"
 action 1.02 regexp "frame.*" "" $_cli_result
 action 1.03 puts "match is $_cli_result"

"sh interfaces gigabitEthernet 1 | include input errors" returns line eg.:
 2 input errors, 2 CRC, 0 frame, 0 overrun, 0 ignored

I want to have in syslog only 2 input errors, 2 CRC instead rest of line
How I can do that ?

Rob
___
cisco-nsp mailing list  cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/

[c-nsp] IKEv2 unknown connections

[Robert Hass]

Hi

I see a lot syslog messages related to IKEv2:
Jan  3 10:47:55.537: %IKEV2-5-RECV_CONNECTION_REQUEST: Received a
IKE_INIT_SA request
Jan  3 10:47:55.795: %IKEV2-3-NEG_ABORT: Negotiation aborted due to ERROR:
Failed to locate an item in the database
Jan  3 10:48:25.536: %IKEV2-5-RECV_CONNECTION_REQUEST: Received a
IKE_INIT_SA request
Jan  3 10:48:25.794: %IKEV2-3-NEG_ABORT: Negotiation aborted due to ERROR:
Failed to locate an item in the database
Jan  3 10:48:55.952: %IKEV2-5-RECV_CONNECTION_REQUEST: Received a
IKE_INIT_SA request

How I can check which IP is trying constantly connect via IKEv2 to my
router ?

Rob
___
cisco-nsp mailing list  cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/

[c-nsp] CSR 1000v perpetual licenses EoS

[Robert Hass]

Hi
Just readed:

https://www.cisco.com/c/en/us/products/collateral/routers/cloud-services-router-1000v-series/eos-eol-notice-c51-741690.html

No no more permanent/perpetual licenses for CSR 1000V, just subscription.
The worst of it is that support is provided by 2020. So we will have to pay
for all licenses again and will only be for a few years. Scandal.
Probably time to migrate all VPNs to Palo Alto VMs.

Rob
___
cisco-nsp mailing list  cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/

[c-nsp] ASR1001 maximum FIB size

[Robert Hass]

Hi
I'm looking for information what is maximum FIB size for ASR1001 (with 16GB
RAM) platform ?

Is it 1M or 2M ? (IPv4)

Rob
___
cisco-nsp mailing list  cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/

[c-nsp] BGP DFZ convergence time - FIB programming

[Robert Hass]

Hi
I'm looking for share experiences regarding time needed to program full DFZ
table (710K IPv4 prefixes) on NCS 5500 boxes.

Right now we testing competitors (Jericho based boxes) and results are not
impressive - time needed to program is aroud 2min 30sec up to 3min.

How fast NCS 5500 is handing FIB programming ?

Rob
___
cisco-nsp mailing list  cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/

[c-nsp] N9K + Telemetry

[Robert Hass]

Hi
I currently using some N9300 switches and I would like to start using
Telemetry - it's looks very cool. Is any ready tool from Cisco side able to
work with N9K+Telemetry ? Maybe Cisco DCNM  ?
I'm looking for something "ready" from vendor instead of using OpenSource
(Kabana+Elactic Search) as I don't have time to develop our own solutions.

Rob
___
cisco-nsp mailing list  cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/

[c-nsp] Interface helper-address and Load-Balancing

[Robert Hass]

Hi
I have configuration as below:

interface Vlan2002
 ip address 10.0.16.1 255.255.255.0
 ip helper-address 10.0.18.31
 ip helper-address 10.0.18.32
!

Will Cisco forwards DHCP requests to both servers defined as helper-addreses
or load-balance (round-robin) between them ?

Rob
___
cisco-nsp mailing list  cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/

Re: [c-nsp] MPLS/VPLS gear with ext.temperatures

[Robert Hass]

On Mon, Jan 2, 2017 at 7:59 PM, Lukas Tribus  wrote:

> >There is basic IPsec support afaik, I'm not sure about MPLS over
> >GREoIPSEC though.
>

Do you know if this box supports MACsec ?
IPsec is useless as it's very limited - according to documentation:
Packet size greater than 1460 is not supported on IPsec tunnel.
IPsec traffic acceleration is supported only for UDP-TCP traffic.
Tunnel mode is only supported.
Volume-based rekeying is not supported.
IPv6 traffic is not supported on IPSEC tunnels.
Multicast Traffic is not supported on IPSEC tunnels.
IPsec tunnels are not supported on MPLS cloud.
IPsec tunnels are not supported on vrf lite.
QoS is not supported for IPsec tunnels.

Maybe other device from ASR line ?

Rob
___
cisco-nsp mailing list  cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/

[c-nsp] MPLS/VPLS gear with ext.temperatures

[Robert Hass]

Hi

I'm looking for Cisco products which supports MPLS features:
- L3 VPN
- L2 VPN Point-to-Point
- L2 VPN Multipoint (VPLS or similar) - it's not mandatory but will be
usefull

As equipment will work in unfriendly environment it have to support
extended operating temperatures (from -20*C up to 60*C)

Additional requirements - mandatory:
- 16 GE ports (RJ45)
- 4 SFP ports (1GE)
- HQoS
- MACSEC or IPSEC (then it's necessary to support MPLS over GREoIPSEC)


Rob
___
cisco-nsp mailing list  cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/

[c-nsp] Annoying syslog messages after enabling CoPP

[Robert Hass]

Hi
I enabled CoPP on my Cisco routers. And now there are a lot of messages
like below in syslog:

 7638: Aug  9 03:31:16.603: %IOSXE-5-PLATFORM: F0: cpp_cp: QFP:0.0
Thread:000 TS:0270382487457923 %QOS-5-COPP_POLICE_DROP: packets drop on
Punt/Inject interface due to CoPP police
 7639: Aug  9 03:32:29.368: %IOSXE-5-PLATFORM: F0: cpp_cp: QFP:0.0
Thread:000 TS:0270455251542524 %QOS-5-COPP_POLICE_DROP: packets drop on
Punt/Inject interface due to CoPP police
 7640: Aug  9 03:34:26.196: %IOSXE-5-PLATFORM: F0: cpp_cp: QFP:0.0
Thread:000 TS:0270572077407801 %QOS-5-COPP_POLICE_DROP: packets drop on
Punt/Inject interface due to CoPP police

Is any command to disable logging of these messages ?

Rob
___
cisco-nsp mailing list  cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/

Re: [c-nsp] VXLAN Unicast on Nexus 5600 or 9300

[Robert Hass]

>
> http://blogs.cisco.com/perspectives/a-summary-of-cisco-vxlan-control-plane
> s-multicast-unicast-mp-bgp-evpn-2


This document doesn't provide any information what is supported on
different Nexus models.


> The 9ks will do mp bgp vpn , but not sure about the 5600 never used them.
>

I asked about unicast-VXLAN not "mp bgp vpn".

I know that 9300 can do multicast based VXLAN. But I need devices which can
do this using unicast as I have project where multicast will not be
implemented at L3 between VTEPs. I see that this is what Arista can do. But
due to politics we would stay with Cisco shop.

Rob
___
cisco-nsp mailing list  cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/

[c-nsp] VXLAN Unicast on Nexus 5600 or 9300

[Robert Hass]

Hi
I see that both - Nexus 5600 and Nexus 9300 platforms supports VXLAN which
relies on multicast in the network core. But are they support VXLAN relies
on unicast network ?

Maybe newer Nexus 9200 or approaching Nexus 9300-EX ?

Rob
___
cisco-nsp mailing list  cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/

[c-nsp] IOS XE Denali release date

[Robert Hass]

Hi
I'm looking for some dates regarding IOS XE release called 'Denali' for ASR
1K and CSR 1000V platforms. Cisco show on presentations March 2016, but
tomorrow we will have 1st of April.
Is it delayed ?

Rob
___
cisco-nsp mailing list  cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/

[c-nsp] Catalyst 3850 10G version experiences

[Robert Hass]

Hi
I'm building mid-large campus network with 3000 access ports.

Is it good idea to use stack of two 3850-XS units as core/aggregation layer
? I'm planning to use 2 or 4 Catalyst 3850-24SX in stack.

They're quite fresh products - released Mid 2015. So their maturity is
questionable...
Maybe I shoud choose something proven in field like Catalyst 4500-X.
Also I'm afraid about small buffers on 3850XS.

Rob
___
cisco-nsp mailing list  cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/

Re: [c-nsp] VPLS capable devices for two sites interconnect

[Robert Hass]

>If it's pure L3 solution you don't really need VPLS nor mLACP.
>You just need two separate links extended via PWs to other site and L3
load-sharing.

I forgot to mention that I need to carry 20-40 VLANs over my Layer-3 core
between both sites. It's the reason for this VPLS, OTV or VXLAN...

If mLACP is not supported on ASR920 I stuck with ASR9001...

Active-Active mLACP and VPLS utilizing all links would be very nice.

What about Catalyst 6840 ?
What about VXLANs and Nexus 9300 + vPC ?

Rob
___
cisco-nsp mailing list  cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/

[c-nsp] VPLS capable devices for two sites interconnect

[Robert Hass]

Hi
I'm looking for Cisco devices suitable for do interconnect of two sites. I
also need redundancy at each site - so two clusters of two devices are
required - mLACP capable for CE side. I cannot use regular L2 PortChannels
as we're looking for pure => L3 solution.

I know that ASR9001 will do the job. But I'm looking for something cheaper.
What you can recommend ? I need total 4 x 10GE interfaces and two redundant
AC power supplies.

Maybe choice of VPLS is bad choice and I should look at VXLAN or OTV ? But
what benefits will these technologies give me above VPLS ?

Rob
___
cisco-nsp mailing list  cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/

[c-nsp] Cisco IOS-XE 3S platforms Series Root Shell License Bypass Vulnerability

[Robert Hass]

Hi

I'm looking for exploitation of issue 'Cisco IOS-XE 3S platforms Series
Root Shell License Bypass Vulnerability' (CSCuv93130). I would like to
check if it's really working on my Ciscos running IOS XE. Anyone have
recipe how to do it ?

Rob
___
cisco-nsp mailing list  cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/

Re: [c-nsp] Shutdown an interface based on CRC errors

[Robert Hass]

>
> >You sort of hit the wrong list, but if someone has good ideas how to solve
> >this for IOS, I'm all ears :-)
>

Indeed I mailed bad -nsp :)
Too early

Rob
___
cisco-nsp mailing list  cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/

[c-nsp] Shutdown an interface based on CRC errors

[Robert Hass]

Hi
I'm looking for function which can shutdown an interface if CRC error
threshold will be overdraft. Is any existing command for this in JunOS for
MX and EX platforms ?

If not maybe some OP script ?

Thanks a lot
Rob
___
cisco-nsp mailing list  cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/

Re: [c-nsp] How many maximum routes does Cisco 2900 router support?

[Robert Hass]

; >
> >30
> > ##*****##*###*
> > ##
> >
> >20
> > #*##***###
> > ##
> >
> >10
> > ##
> > ##
> >
> >
> 051122334455667..
> >
> >050505050505
>   0
> >
> >CPU% per hour (last 72 hours)
> >
> >   * = maximum CPU%   # = average CPU%
> >
> >
> >
> > ROUTER#sh ip bgp sum
> >
> > 607161 network entries using 87431184 bytes of memory
> >
> > 607163 path entries using 48573040 bytes of memory
> >
> > 89290/89249 BGP path/bestpath attribute entries using 14286400 bytes
> > of memory
> >
> > 79236 BGP AS-PATH entries using 3440300 bytes of memory
> >
> > 477 BGP community entries using 23614 bytes of memory
> >
> > 0 BGP route-map cache entries using 0 bytes of memory
> >
> > 0 BGP filter-list cache entries using 0 bytes of memory
> >
> > BGP using 153754538 total bytes of memory
> >
> > BGP activity 7031767/6424603 prefixes, 7707260/7100097 paths, scan
> > interval 60 secs
> >
> >
> >
> > NeighborV   AS MsgRcvd MsgSent   TblVer  InQ OutQ
> Up/Down  State/PfxRcd
> >
> >412271 15142572  641068 824100
> 29w0d  607147
> >
> > x.x.x.x   420208  144341  144319 824133710
>   0 13w0d   1
> >
> > x.x.x.x   420208  381849  420157 824133710
>   0 37w6d   1
> >
> >  425669  230082 11237087 824100 20w5d
>1
> >
> >
> >
> > Thanks,
> >
> > Adam
> >
> >
> >
> >
> >
> >
> >
> > From: Robert Hass [mailto:robh...@gmail.com]
> > Sent: Friday, January 8, 2016 11:38 AM
> > To: Adam Greene 
> > Cc: cisco-nsp@puck.nether.net
> > Subject: Re: [c-nsp] How many maximum routes does Cisco 2900 router
> support?
> >
> >
> >
> > On Fri, Jan 8, 2016 at 3:23 PM, Adam Greene  <mailto:maill...@webjogger.net> > wrote:
> >
> > Our 2921 with a full routing table, 2GB RAM, and around 60M aggregate
> > throughput hovers around 40-50% CPU utilization, with occasional
> > higher spikes. When we were pushing >100M aggregate through it, the
> > CPU was regularly spiking to near 100%.
> >
> >
> >
> > Can you put 'show proc cpu history' and what IOS you're running ? How
> many full-routing tables you're receiving from neighbors ?
> >
> >
> >
> >
> > We have another one with multiple BGP sessions, 512MB RAM, but only a
> > few actual routes. However, we are also running QoS policies on it,
> > including NBAR. When aggregate throughput gets up near 100M, CPU tends
> > to spike above 90%.
> >
> >
> >
> > NBAR is very CPU consuming operation.
> >
> >
> >
> > Rob
> >
> > ___
> > cisco-nsp mailing list  cisco-nsp@puck.nether.net
> > https://puck.nether.net/mailman/listinfo/cisco-nsp
> > archive at http://puck.nether.net/pipermail/cisco-nsp/
> ___
> cisco-nsp mailing list  cisco-nsp@puck.nether.net
> https://puck.nether.net/mailman/listinfo/cisco-nsp
> archive at http://puck.nether.net/pipermail/cisco-nsp/
>
> ___
> cisco-nsp mailing list  cisco-nsp@puck.nether.net
> https://puck.nether.net/mailman/listinfo/cisco-nsp
> archive at http://puck.nether.net/pipermail/cisco-nsp/
>
___
cisco-nsp mailing list  cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/

Re: [c-nsp] switch for SAN

[Robert Hass]

On Fri, Jan 8, 2016 at 3:44 PM, Adam Greene  wrote:

> I know running Catalyst switches for SAN backbone fabric is not the best
> idea, due to limited buffers.
>
>
>
> However, we have been doing just that with a 3750X and Dell Equallogic
> 6100/4100s for quite some time, with no issues.
> 


I recommend 4948E , 4500, 4900M, 4500-X depends on needs of 1G/10G ports.
I had issues on 3750-X when had storage on 10GE ports and server on 1GE.
After migration to 4948E as problems stopped.

Rob
___
cisco-nsp mailing list  cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/

Re: [c-nsp] IOS CSRv1000 Power script error

[Robert Hass]

On Fri, Jan 8, 2016 at 5:32 PM, Alireza Soltanian 
wrote:

> To be exact the version is 3.13 this version works fine with 2.5GB of RAM.
> I Also have same issue with 3.15
> I dont have issue with 3.16 but it takes 4GB of RAM which I have problem
>

Strange, it's CSR on my VMware Workstation running without any issues:

#sh ver
Cisco IOS XE Software, Version 03.14.01.S - Standard Support Release
Cisco IOS Software, CSR1000V Software (X86_64_LINUX_IOSD-UNIVERSALK9-M),
Version 15.5(1)S1, RELEASE SOFTWARE (fc1)
Technical Support: http://www.cisco.com/techsupport
Copyright (c) 1986-2015 by Cisco Systems, Inc.
Compiled Sun 01-Mar-15 03:58 by mcpre

It was deployed from OVA.

Rob
___
cisco-nsp mailing list  cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/

Re: [c-nsp] How many maximum routes does Cisco 2900 router support?

[Robert Hass]

On Fri, Jan 8, 2016 at 3:23 PM, Adam Greene  wrote:

> Our 2921 with a full routing table, 2GB RAM, and around 60M aggregate
> throughput hovers around 40-50% CPU utilization, with occasional higher
> spikes. When we were pushing >100M aggregate through it, the CPU was
> regularly spiking to near 100%.
>

Can you put 'show proc cpu history' and what IOS you're running ? How many
full-routing tables you're receiving from neighbors ?


>
> We have another one with multiple BGP sessions, 512MB RAM, but only a few
> actual routes. However, we are also running QoS policies on it, including
> NBAR. When aggregate throughput gets up near 100M, CPU tends to spike above
> 90%.
>

NBAR is very CPU consuming operation.

Rob
___
cisco-nsp mailing list  cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/

Re: [c-nsp] A switch with huge number of Mac address

[Robert Hass]

On Fri, Jan 8, 2016 at 5:05 PM, Alireza Soltanian 
wrote:

> We want to purchase a switch with 1G/10G ports (at least 96 ports) which
> can support up to 192k of Mac addresses.
> Is there any product in market which can provide this flexibilty? Rack unit
> is alao a factor
>

>From Cisco boxes you can get Cat6880-X which supports 128K MACs and
Supports maximum 80x1/10GE ports.
>From competitive vendor - Brocade MLXe-4 will meets your requirement - 4
LineCards, each 24 ports 1/10GE, total 96 ports + it's supports 1M MACs.
Also VDX8770-4 can do it - up to 188 1/10GE ports, 384k MACs.

Rob.
___
cisco-nsp mailing list  cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/

Re: [c-nsp] IOS CSRv1000 Power script error

[Robert Hass]

Which CSR version ? I'm running couple of CSR s1000V in production and LAB
(all in few different versions). Never had problems like you mentioned. But
I'm always deploying on ESXi, although it shouldn't be important as VM
Workstation should be also supported. Did you deployed CSR from OVA ?

Rob


On Fri, Jan 8, 2016 at 5:16 PM, Alireza Soltanian 
wrote:

> Hi
> I am trying to run CSRv1000 on VMWare Workstation 12. The problem is
> whenever the machine is started I got an error about failing to run a power
> script.
> This also causes preventing the suspension of machine.
> The machine works fine but this error is annoying. Do you know what should
> I do about this error?
> Thank you
> ___
> cisco-nsp mailing list  cisco-nsp@puck.nether.net
> https://puck.nether.net/mailman/listinfo/cisco-nsp
> archive at http://puck.nether.net/pipermail/cisco-nsp/
>
___
cisco-nsp mailing list  cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/

[c-nsp] FEX (6800IA) on Cat6880-X

[Robert Hass]

Hi
I'm just wondering about deployment of 6800IA FEX'es with two 6880-X as
core layer.

Not sure regarding few topics:
1) Do 6800IA have local switching or everything is passing back to 6880-X ?
I mean how communications between two ports is working on same 6800IA unit
if a) two hosts are in same VLAN (Layer2) and b) two hosts are in different
VLANs (inter-VLAN routing is required - SVIs are configured on 6880). Nexus
2K FEXes - they don't have local-switching AFAIK, but what about 6800IA.

2) What about 6800IA buffers ?

3) Can I connect switch to 6800IA ? This was limitation of Nexus 2k FEXes.
How it's looks here ?

4) How much 6800IA I can have connected to two 6880-X ?

5) Are all features like MPLS, VPLS, QoS will work or 6800IA or there is
some limitations ?

6) Any remarks about stability / software bugs of this technology ?

Rob
___
cisco-nsp mailing list  cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/

[c-nsp] NAC/802.1x and multiple users on one port

[Robert Hass]

Hi
I have scenario where for each port on my Catalyst (Cat3650) are connected
unmanageable small switch (8 ports cheap HP). Can I still use 802.1x and
NAC (ISE) for this particular port ? If yes, how filtering is done ? ACLs ?
I assume that guest-VLAN/quarantine-VLAN cannot be used in this
configuration.

Rob
___
cisco-nsp mailing list  cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/

[c-nsp] Catalyst 6880-X and GLC-T

[Robert Hass]

Hi
I have question are speeds 10M and 100M supported on GLC-T SFP (RJ45
10/100/1000) on Catalyst 6880 ?

Rob
___
cisco-nsp mailing list  cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/

Re: [c-nsp] CSR1000V and CPU usage

[Robert Hass]

> We use the CSR1000V on ESX as well.

Can you show me how much CPU usage you currently has ?

show processes cpu platform sorted | exclude 0%  0%  0%
show platform software status control-processor
show platform hardware qfp active datapath utilization
sh int | inc rate

What features you're using on this CSR and what resources are allocated to
CSR VM ?

Thanks
Rob



On Wed, Aug 12, 2015 at 11:37 PM, Pshem Kowalczyk  wrote:

> Hi,
>
> We use the CSR1000V on ESX as well. From my experience - the code that
> calculates the load of the router is most likely not aware it runs within a
> VM so the calculation are done in relation to 100% CPU utilisation, but
> since the number of allocated cycles might change the resulting number is
> relative.  What ESX reports is probably closer to truth (but also take it
> with a grain of salt). In our tests we pushed over 2.5Gb/s through a single
> instance of CSR1000V and over 500k pps (AX licence, with pinned resources)
> for prolonged periods of time with no problems.
> I do not think you should worry about that process.
>
> kind regards
> Pshem
>
>
> On Thu, 13 Aug 2015 at 08:35 Roland Dobbins  wrote:
>
>>
>> On 13 Aug 2015, at 1:24, Robert Hass wrote:
>>
>> > I deployed Cisco CSR 1000V as edge router in DataCenter.
>>
>> Deploying any variety of software-based router at one's edges is a
>> mistake, and has been for many years.
>>
>> The Cisco virtual stuff is great for labs, training, testing, and so
>> forth - kudos to them for producing it, and I hope they do even more
>> with their virtual versions.
>>
>> That being said, there's no way I'd deploy any of it to route actual
>> packets on actual production networks.  Nothing against Cisco nor their
>> virtual stuff, but in any kind of Internet-facing environment,
>> software-only doesn't scale.
>>
>> At some point in the future, this will change, as hardware-based
>> routers/switches/whatnots will take the 'nFV' trend even further, and
>> software hypervisor-based ones will gain direct, high-performance access
>> to serious hardware-based NICs, NPUs, et. al.  But for now, I personally
>> think it's way too soon to be doing this in production environments.
>>
>> ---
>> Roland Dobbins 
>> ___
>> cisco-nsp mailing list  cisco-nsp@puck.nether.net
>> https://puck.nether.net/mailman/listinfo/cisco-nsp
>> archive at http://puck.nether.net/pipermail/cisco-nsp/
>>
>
___
cisco-nsp mailing list  cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/

Re: [c-nsp] CSR1000V and CPU usage

[Robert Hass]

My goal is max 1G-2G. I can move CSR to 36-cores Xeon server without
problem... I'm looking for real users not discussion than HW/NP is better
than SW.
Everyone know that it's faster but not everybody needs so huge performance.
If I need performance I can order MX5/MX80/MX104 or some ASR.

Rob



On Thu, Aug 13, 2015 at 12:30 PM, Roland Dobbins  wrote:

> On 13 Aug 2015, at 15:21, Adam Vitkovsky wrote:
>
> Although I agree, some Quagga users routing 20Gbps and several full
>> internet feeds through their boxes would argue.
>>
>
> I doubt this; especially when it's 20gb/sec of 64-byte packets directed at
> the router's own interfaces.
>
> ---
> Roland Dobbins 
>
> ___
> cisco-nsp mailing list  cisco-nsp@puck.nether.net
> https://puck.nether.net/mailman/listinfo/cisco-nsp
> archive at http://puck.nether.net/pipermail/cisco-nsp/
>
___
cisco-nsp mailing list  cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/

[c-nsp] CSR1000V and CPU usage

[Robert Hass]

Hi
I deployed Cisco CSR 1000V as edge router in DataCenter.

My current configuration:
- 2 x Xeon X5650
- just one CSR VM on ESXi host
- ESXi 5.1 with all latest patches
- standard vSwitch with 1 Intel Server NIC
- HT enabled
- 2xSSD in RAID1
- 8GB vRAM
- 4 vCPU
- 1 vNIC with 802.1q VLANs - few VLANs
- 100% reservation for CPU and Memory in ESXi for CSR VM
- 500MB AX license
- running IOS 03.14.01.S / 15.5(1)S1
- configured 802.1q VLANs, routing, BGP routing (2 x full-table), uRPF

Load on this CSR is around 130Mbps @ 72kpps:
#sh int gi1 | inc sec
  MTU 1500 bytes, BW 100 Kbit/sec, DLY 10 usec,
  Keepalive set (10 sec)
  30 second input rate 6679 bits/sec, 36175 packets/sec
  30 second output rate 66691000 bits/sec, 36108 packets/sec

But I'm VERY worry about CPU usage of process qfp-ucode-csr which is
currently 52%.
It's lower in the morning where we have a lot less traffic (eg. 20Mbps
summary).

#show processes cpu platform sorted | exclude 0%  0%  0%
CPU utilization for five seconds: 16%, one minute: 16%, five minutes: 15%
   PidPPid5Sec1Min5Min  StatusSize  Name

 20227   19933 52% 50% 47%  S820830208  qfp-ucode-csr
 7   2 10%  9%  9%  S0  sirq-net-rx/0
 14574   14284  2%  1%  1%  S   4007346176  linux_iosd-imag

Which value of CPU utilization is true above ? 52% or 16% ?
What process qfp-ucode-csr is for ? Can it use more than 1 vCPU ?
ESXi shows 3800MHz used from (from total 10,6GHz - 2,66GHz * 4 vCPUs)
Should I worry about qsfp-ucode-csr CPU usage ?

Rob
___
cisco-nsp mailing list  cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/

[c-nsp] ASR9K and bandwidth

[Robert Hass]

Hi

I just have project with ASR9K and I'm unsure regarding what datasheet
means.
Eg. I have RSP440, and datasheet says:

"◦   220 Gbps/slot with single RSP"

Is it 220Gbps in one direction (then 220 * 2 = 440Gbps becouse in and out
traffic) or summary for both directions (in+out).

Same question regarding MOD160 module, it provides 160Gbps but summary on
in one direction ?

Is linecard A9K-36X10GE-TR oversubscribed or line-rate ?

Rob
___
cisco-nsp mailing list  cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/

[c-nsp] Sup720 -> Sup2T migration and CoPP

[Robert Hass]

Hi
I'll have of migration older Cat6500 boxes to new 6807 chassis plus Sup2T
Supervisors.

I'm only not sure about migration of CoPP configuration ? Anything changed
between PFC3 (Sup720) and PFC4/DFC4 (Sup2T) regarding this or I can just
re-apply my current CoPP configuration ?

Any other hint regarding this kind of technology upgrade migration ?

Rob
___
cisco-nsp mailing list  cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/

Re: [c-nsp] "New" IOS release time frame, when bug is identified

[Robert Hass]

On Fri, 15 May 2015, Phil Mayers wrote:

>No, it's not good. No, I don't have any suggestions other than to 
>threaten to move to another vendor.

Hi
Which vendor you're thinking ? Unfortunately from my experience it's
common from my experience also with other network vendors.

Rob
___
cisco-nsp mailing list  cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/

Re: [c-nsp] Cheap BGP router for ~20k prefixes

[Robert Hass]

Hi
Can you give some URL to recommended ESXi tweaking ?
Or just write some recommendations here. I'm happy to test CSR on my
configuration
but I also would like apply tweaking tips first.

Rob


On Wed, May 6, 2015 at 11:17 PM, Pshem Kowalczyk  wrote:

> We've just started to evaluate the CSR1000V as a traffic-carrying router.
> So far we've pushed about 2.2Gb/s through it with no problems. When it
> comes to PPS - we're doing about 450k. The way the load shapes seems to
> indicate that the box should be able to handle about 5Gb/s using the APPX
> licence. Currently we run it on ESX and implemented all the Cisco suggested
> tweaking (in order to get better performance out of it), that roughly
> doubled the performance over the default settings. The devices are
> MPLS-enabled and integrated into our core and do only packet forwarding
> (between IP and MPLS).
> We didn't try VM-FEX just yet (that's suppose to significantly increase the
> PPS).  The physical infrastructure they run on - Cisco UCS, B200M3 blade.
>
> kind regards
> Pshem
>
>
> On Wed, 6 May 2015 at 00:58 Mark Tinka  wrote:
>
> >
> >
> > On 5/May/15 14:52, Phil Mayers wrote:
> > >
> > >
> > > Yes. I can't remember where, but I have the impression either the CSR
> > > or vMX had oddly high forwarding latency, even accounting for the fact
> > > it's "just software".
> >
> > Right - I can't recall whether it was on c-nsp or NANOG, but I think the
> > issue was that someone was saying that using CSR1000v as an IP SLA probe
> > had some internal forwarding latency issues, compared to a classic
> > software-based router like a 2800, 3800 or 7200.
> >
> > I can't speak to how true this is. Our CSR1000v's are RR-only, and do
> > not forward any traffic. Handling of exception traffic has been great
> > with no issues so far, which would imply - at least for me, anyway -
> > that it should be fine as an IP SLA probe since the box terminates that
> > type of traffic, it does not transit it.
> >
> > Not sure whether the issue could be related to hardware, choice of
> > hypervisor, e.t.c.
> >
> > Mark.
> > ___
> > cisco-nsp mailing list  cisco-nsp@puck.nether.net
> > https://puck.nether.net/mailman/listinfo/cisco-nsp
> > archive at http://puck.nether.net/pipermail/cisco-nsp/
> >
> ___
> cisco-nsp mailing list  cisco-nsp@puck.nether.net
> https://puck.nether.net/mailman/listinfo/cisco-nsp
> archive at http://puck.nether.net/pipermail/cisco-nsp/
>
___
cisco-nsp mailing list  cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/

[c-nsp] Strange IOS as DHCP Client behevior

[Robert Hass]

Hi
I have setup where DHCP Server is running on Cisco IOS platform (ISR
router).
I this network I also have bunch of Cisco routers which are DHCP Clients.

My problem is that these routers are visible in DHCP binding database with
very strange MAC:

10.2.2.140   0063.6973.636f.2d30.Dec 20 2014 11:44 AM
Automatic
3035.302e.3536.6138.
2e34.6132.622d.4769.
302f.30

Do you have idea why MAC is so weird ? Rest clients - Eg. Linux or Window
boxes MACs is displayed correctly.

Anything to configure at Cisco clients to have proper MAC in binding
database ?

Thanks
Rob
___
cisco-nsp mailing list  cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/

[c-nsp] More than 16 MSTP instances

[Robert Hass]

Hi
I'm looking for Cisco switch which supports more than 16 MSTP instances.
I need around 24 instances.

Switch should have maximum 3U and provide 20-30 x 10G SFP+ ports.

Cat4500-X looks very good for this purpose, but it will support more than
16 MSTP instances ?

Rob
___
cisco-nsp mailing list  cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/

[c-nsp] SVI bandwidth for counters higher than 10Gbps

[Robert Hass]

Hi
Is any IOS release supporting higher 'bandwidth' setting than 10G for
Cat6500 ?

I'm using Cat6500/Sup720-3BXL + IOS 12.2(33)SXI5 and see that 10Gbps is
maximum what I can set:

pe1(config)#int vlan 451
pe1(config-if)#bandwidth ?
  <1-1000>  Bandwidth in kilobits

Rob
___
cisco-nsp mailing list  cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/

[c-nsp] VPLS on GSR12k

[Robert Hass]

Hi
I have question regarding linecards which supports VPLS.

Here is only one linecard (ISE 4x1G) supported as edge side for VPLS:
http://www.cisco.com/c/en/us/td/docs/ios/12_0s/feature/guide/vpls_qos.html

Can I have edge side on SIP+SPA ?
My GSR is only equipped with SIP-600 and SPA cards

Rob
___
cisco-nsp mailing list  cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/

[c-nsp] PIM and network redundancy

[Robert Hass]

Hi
I have project where network looks like this:

IPTV source
|
7600_1
|  |
|  |
7600_2|
|  |
|  |
7600_3-
|
IPTV distribution switches (~20 VLANs)

I'm currently using PIM static joins on first 7600 next to the source and
classic PIM spare-mode (ip pim spare-mode) sessions between rest 7600 and
'pim passive' from 7600 to IPTV distribution switches. First 7600 is my RP.

My question is how I can provide redundancy in this network. I had issue,
when link between 7600_1 and 7600_2 was down, and traffic switched to link
7600_1--7600_3. IPv4 works without problem as OSPF use backup path.

But how deal with PIM and multicasts ? Intergrate MSDP or other protocol ?
Any recommendations ? I think about creating xconnect (L2VPN over MPLS)
from first 7600_1 to 7600_3 and put additional Cat6500 on the end as PIM
box.

Rob
___
cisco-nsp mailing list  cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/

[c-nsp] Debug Radius auth and passwords

[Robert Hass]

Hi
I'm just troubleshooting Radius authentications for VPN and PPPoE access.
I enabled Radius auth debug by :

debug radius authentication

But I see "*" as password in debug log. Is any way to change this behavior ?
I would like what user enters as need to check is correct.

I know that I can check this on Radius server level, but I would like to
see this on Cisco router and debug level. Is it possible ?

Rob
___
cisco-nsp mailing list  cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/

[c-nsp] Nexus 3000 series

[Robert Hass]

Hi
We're using Nexus fabric based on 5500 and FEX (Nexus 2000).
Now I'm interested in new Nexus 3000 series and have few questions about
that.

Can we connect our FEX to Nexus 3000 ?
Can few Nexus 3000 works like single virtual fabric and provide functions
like vPC (same as our current Nexus 5500/2000 fabric) ? If yes what about
mixing familes, eg. Nexus 3000 + Nexus 3100 or Nexus 3000 + Nexus 3500 ?

Rob
___
cisco-nsp mailing list  cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/

[c-nsp] ASA5512/K9 licensing for GigabitPorts

[Robert Hass]

Hi
Do I need any special license (like SECPLUS) for ASA5512/K9 for Gigabit
Ethernet ports ?
Ports went down when we set manual speed 1000

Rob
___
cisco-nsp mailing list  cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/

[c-nsp] VSS and just one 10GE link

[Robert Hass]

Hi
Can I configure VSS on two 6500 using just one 10GE port ? Is it possible ?

I have to configure VSS now using just one 10GE for chassis interconnect,
and later will add 4 ports after additional linecards and X2 will arrive.

BTW. I'm using 2T.

Rob
___
cisco-nsp mailing list  cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/

[c-nsp] FIB capacity on GSR LC 4GE-SFP-LC

[Robert Hass]

Hi
What is maximum FIB capacity on old GSR linecard SKU: 4GE-SFP-LC= ?

Rob
___
cisco-nsp mailing list  cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/

Re: [c-nsp] Meraki? is anyone there testing it?

[Robert Hass]

Hi
I used Meraki for the moment.
Management interface is easy and very nice. But wireless capabilities or
Meraki didn't impress me. We had better results with old Cisco 1130 APs +
4400 WLC or cheap Ubiquity Unifi. Good way to go is AP2600 + WLC or some
third party e.g. Ruckus.

Rob



On Tue, Sep 10, 2013 at 8:58 PM, Luis Miguel Cruz Miranda  wrote:

> -BEGIN PGP SIGNED MESSAGE-
> Hash: SHA1
>
> I just saw a service/product line from Cisco called Meraki.
> Looks promising but... considering how everything is getting mad with
> Snowden revelations... does it make sense to manage the network with a
> cloud app? further more, Meraki availability is just based on "link"
> to internet, no link, no management, I think it is highly risky but
> who knows.
>
> Anyone there testing it?
> I am curious.
>
>
> - --
> Luis Miguel Cruz Miranda
> PGP 0x6C08F418
>
> -BEGIN PGP SIGNATURE-
>
> iQEcBAEBAgAGBQJSL2vvAAoJEBosOHBsCPQYkBkH/jQw/GIP7U5pxUxaETozkdL4
> 6voPQys5Mp8lTHE6I7ncacZZnLaFXqcSnOaPWVvEL1FRgARtbHtk0mivxiYSqqdk
> YcZZ6aILOIiyR2UhMbN/Me4kr53XTyUxTdH5rX4lNGCx4/ouhFsmeqc9GPxyDZVW
> HF8heVrbM9RV/cvdzoHghqPbMLJhPu6WbArJn3EYluWs5HdoANkr9ITD02JmTfRr
> RqGe+CKTrWL/rBK2ZcXXhsBUw4By+X2GkBDBV/IEr4d6L5sQq2ZX3wK22AG5rB1e
> EXo2XEfByVnJ8Vrj9Phg3n+sljiVGCo7s2RAeSr7vhz+7aCivcmP2DMTXIwCwWI=
> =ODEN
> -END PGP SIGNATURE-
> ___
> cisco-nsp mailing list  cisco-nsp@puck.nether.net
> https://puck.nether.net/mailman/listinfo/cisco-nsp
> archive at http://puck.nether.net/pipermail/cisco-nsp/
>
___
cisco-nsp mailing list  cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/

[c-nsp] Cat6500 VSS

[Robert Hass]

How Virtual-Chassis on Juniper EX8200 is different than Catalyst 6500
(Sup2T) VSS ?

Are both have shared control-plane ?

How about stability of Virtual-Chassis and VSS on latest software releases ?



I would like to implement core layer using EX8200 or Cat6500 (two core
switches).

Each core device will have only redundant power-supply. Line cards, CPU etc
will be non-redundant. Redundancy will be archived using two boxes.
Access-Layer switch will be connected to both core devices using 1GE or
10GE links and aggregated into single PortChannel (LACP).

Access devices will be Cat2960XR (Cisco) or EX3300 (Juniper).



Rob
___
cisco-nsp mailing list  cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/

[c-nsp] Cisco CSR 1000V availability

[Robert Hass]

Hi
Do anyone know when Cisco CSR 1000V will be available to download from CCO?

Rob
___
cisco-nsp mailing list  cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/

Re: [c-nsp] Next step-up from 7206VXR

[Robert Hass]

On Tue, Feb 19, 2013 at 9:43 PM, Eric A Louie  wrote:
> I've run out of port capacity on my 7206VXR and need to go to "the next 
> router"
> or put in another 7206VXR side-by-side.

ASR1001 or ASR1002-X

Rob
___
cisco-nsp mailing list  cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/

Re: [c-nsp] 2960 -> 4948 - no more drops :)

[Robert Hass]

> We recently upgraded a 2960G(Only doing L2) that was hitting ~500Mb/sec on 
> one port, and we were seeing 40,000+ output drops (5Min) - Since the swap to 
> the 4948, we see zero output drops. Is the difference in performance purely 
> buffer size?  I *think* the 2960 has 1.9Mb (Per ASIC) and the 4948 has 16Mb 
> (total?)?

It can also be default srr-queue configuration if mls qos was enabled.

Try connect host again to 2960G but configure 'srr-queue bandwidth
shape 0 0 0 0' on all ports before.

You can also :
- assign all traffic to one particular queue which increase amount of
buffers (eg. all dscp's to queue2)
- reconfigure (increase) thresholds for queue2

190/24 ports = (79166 / 4 queues) * 8bits = 160Kbit per queue

No so much. IMHO Cat4948 has more dynamic buffering instead of static
allocation per port / per queue.

Rob

___
cisco-nsp mailing list  cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/

Re: [c-nsp] ASR-100x intro

[Robert Hass]

> It applies to all ASR 1000 systems. The numbers are given as a
> "maximum, up to".

So last question just for confirmation:

If this applies to all ASR 1k family then also for old ASR 1002-F ?
Before I noticed that this model has 512K FIB for IPv4.

Rob
___
cisco-nsp mailing list  cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/

Re: [c-nsp] ASR-100x intro

[Robert Hass]

> It's either 1M for IPv4, 1M for IPv6 or some mix of it, depending on your 
> requirements.

Is it also apply for ASR 1001 FIB capacity (2.5G Base System) ?

Rob
___
cisco-nsp mailing list  cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/

[c-nsp] MSTP and Instance 0

[Robert Hass]

Hi
I just want to be sure - should I have all my VLANs in different
instances than 0 and leave instance 0 to connectivity to non-MSTP
segments (eg. to STP, PVST or Rapid STP/PVST).

Rob
___
cisco-nsp mailing list  cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/

Re: [c-nsp] ASR-100x intro

[Robert Hass]

On Sun, Jan 6, 2013 at 1:16 AM, Scott Pettit  wrote:
> Hmm, perhaps I was incorrect - the old ESP2.5 appears to have been made
> End of Sale since July 2012.  I just checked our ASR and it's showing 5G
> throughput.
>
> #show platform hardware throughput level
> The current throughput level is 500 kb/s

But my question was about FIB capacity not performance.

512K FIB is not very scale for near future as world BGP table is
growing all the time.

Rob
___
cisco-nsp mailing list  cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/

[c-nsp] Memory upgrade for ASR1001 - 3rd party

[Robert Hass]

I want extend ASR1001 memory to 8GB or best 16GB but at low possible
cost - so 3rd party modules ;)

I'm looking for tested part-numbers/vendors for memory chips in ASR 1001.

Thanks
Rob
___
cisco-nsp mailing list  cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/

Re: [c-nsp] ASR-100x intro

[Robert Hass]

> * You can buy them in bundles which are considerably cheaper than buying a
> base ASR1001 and adding all the licensing, so we purchased the broadband
> bundle which included a 4000 subscriber license (for ISG/BRAS features).
> We upgraded it from the base 4GB to 8GB of RAM as we needed to be able to
> hold a couple of BGP feeds.  The ASR1001 ships with 2.5G throughput and
> you can upgrade it to 5G throughput if/when required.

Do I need to upgrade throughput to 5G to have 1M FIB instead of 512K ?

Docs says:

ESP2.5 -> FIB 512K
ESP5 -> FIB 1M

Rob
___
cisco-nsp mailing list  cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/

Re: [c-nsp] ASR-100x intro

[Robert Hass]

> 6500 is LAN/DC services switch, there's no need for HQoS in that
> scenario usually. MX80 is a router and doesn't offer HQoS, which is
> a worse problem. With Sup2T in 6500 you can pack a pretty good QoS
> capabilities, it lifts the uRPF restrictions of previous generations,

Lukasz,
MX80 has HQoS but on MIC ports (not on chassis ports). I don't know
how much MX80 you deployed but we have 10+ running and don't regret
switching to multivendor network (6500+7600+MX80+MX240).

Rob
___
cisco-nsp mailing list  cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/

Re: [c-nsp] ASR-100x intro

[Robert Hass]

On Sat, Jan 5, 2013 at 2:17 PM, Jon Lewis  wrote:
> For an ethernet-only operation, the 6500/sup720-3bxl delivers considerable
> packet forwarding/$ (lots of parts in the used channel).  Its biggest
> weaknesses would likely be netflow (having to do sampled if you're doing

You can add weaknesses in QoS area. No HQoS on LAN cards.

Rob
___
cisco-nsp mailing list  cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/

Re: [c-nsp] ASR-100x intro

[Robert Hass]

On Sat, Jan 5, 2013 at 1:32 PM, Charles Sprickman  wrote:

> We're doing lots of ethernet aggregation - both metro-e services and DSL/EoC 
> (delivered over GigE, one vlan per customer, no PPPoe - straight bridging).  
> The people on the other end of these circuits are all customers, we're not an 
> enterprise with branch offices, so many features like IPSEC are totally 
> useless at this point.

We migrated to MX80 for IP/BGP customers aggregation. Main reason :
Pricing and capability to handle 10-20G of customer without issue
which costs a lot more in case of ASR 1K. MX80 sucks in terms of
routing-engine performance, but for customers BGP sessions we simply
are using bird route-servers to off load poor MX80 RE.

You can probably also look at ASR 9001 - it's will be very very good
box for ethernet aggregation and can handle a lot of traffic - much
more than small ASR 1K. Do anyone have experiences with performance of
ASR 9001 CPU (BGP convergence etc) as it's PPC based not Intel Xeon
like "big" ASR 9K.

Rob

___
cisco-nsp mailing list  cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/

Re: [c-nsp] cisco interface shutdown detection, how is possible?

[Robert Hass]

On Sat, Jan 5, 2013 at 12:44 PM, h bagade  wrote:
> Hi all,
>
> I was wondering how Cisco routers could detect the directly connected
> interface at the other end is shutdown!

You can use IP SLA/tracking based on ping remote side - same as in UNIX box.

Rob
___
cisco-nsp mailing list  cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/

Re: [c-nsp] ASR-100x intro

[Robert Hass]

On Sat, Jan 5, 2013 at 12:09 PM, Charles Sprickman  wrote:
> We're tentatively shopping around, and I'm looking for that sort of 
> information on the ASR lineup.  The 1002 and 1002-X look very interesting on 
> paper, but I'm not finding much about what folks in a small service provider 
> role have to say about them.  We're at the point where everything is ethernet 
> now, so our 7206 with an NPE-G2 is feeling pretty silly.  Some of the ASR 
> stuff seems to be in the used channel already, which is nice (I'd rather have 
> two used than one new, FWIW).

Look also at ASR 1001 not only 1002/1002-X.

ASR 1k is very good platform but quite expensive if you need to pass a
lot of traffic.
What features you're using ? BRAS ? IPESC ? MPLS PE ? ISP PE ? NHRP ?

Rob

___
cisco-nsp mailing list  cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/

Re: [c-nsp] 6509 with SUP720-3BXL and WS-X6704-10GE with DFC3BXL

[Robert Hass]

On Sat, Jan 5, 2013 at 12:39 AM, Lee Starnes  wrote:

> s72033-advipservicesk9_wan-mz.122-33.SXH. Aside from the fact that the IOS
> is older, does anyone see any issues with this IOS and SUP working with the
> WS-X6704-10GE?

It will work without problems.
I used same configuration some time ago (Now I'm using SXI release).

Rob
___
cisco-nsp mailing list  cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/

Re: [c-nsp] ISIS routing

[Robert Hass]

On Mon, Nov 26, 2012 at 1:39 PM, Saku Ytti  wrote:

> No. They are punted always in PFC3 and Trio, even in pure L3 interface. And
> in neither platform you can create L2 ACL on L3 interface.

So still if your network is using OSPF and your let's say 6500 receive
10Mbps of IS-IS then It will die as IS-IS traffic will be punkted from PFC
to RP-CPU.  Yes ?

Rob
___
cisco-nsp mailing list  cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/

[c-nsp] Cisco CSR 1000V - costs , performance

[Robert Hass]

Hi
I'm very happy that Cisco announced CSR 1000V. But what about cost ? I
see that license will not be perpetual but only time-based.
Can any one comment this and write more about this product. Will it
have any limitations regarding RIB / FIB supported ? I mean can it be
universal router running on UCS acting as very good PE for Enterprise
(terminating BGP, DMVPN, provides NAT).

Rob
___
cisco-nsp mailing list  cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/

Re: [c-nsp] ASR9000/RSP440 Console Issue

[Robert Hass]

> Or to install remote power bars and console servers *once* per rack, and have 
> *one* scriptable interface regardless of how many different types of 
> equipment you connect to it.  Not for every case, but sometimes rolling my 
> own OOB makes more sense than paying the vendor extra to provide me with 
> another different one.

Power Bars are OK but not for this devices which eats a lot of power.
6000W PS will eat full power bar. And what about power bars for DC
PS'es... Again power bar can also broke what we had for our APCs
couple of time.

CMP on Nexus7k-Sup1 and Sup2T was wonderful feature.

Rob

___
cisco-nsp mailing list  cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/

[c-nsp] Nexus 5500 and FC/FCoE support

[Robert Hass]

Hi

Can I connect FC SAN directly to Nexus 5548UP (with storage license) and
provide connectivity to this FC SAN for Servers using FCoE ?

All servers will have 10GE CNA cards connected to two Nexus. FC SAN will be
also connected to two Nexus 5548UP for redundancy.

BTW Can this nexus also act as standard FC switch ? What about support for
E-port and EX-port ?  Can it form fabric with Brocade switches ?

Rob
___
cisco-nsp mailing list  cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/

[c-nsp] StackWise Plus performance

[Robert Hass]

Hi
I found in documentation that StackWise Plus is providing up to 64
Gbps of throughput.
But is it full-duplex (then 128 Gbps half-duplex) or half-duplex (then
32Gbps full-duplex) ?
Is it per one port ? Or both stack ports ?

Rob
___
cisco-nsp mailing list  cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/

[c-nsp] ASR9000v and distance

[Robert Hass]

Hi
I have three questions regarding ASR9000v deployments:

1) Can I connect one ASR9000v to two ASR9010 (to have redundancy). If
yes are these ASR9010 have to be direct interconnected ?
2) Can ASR9000v be eg. 200-300KM away from ASR9010 (10GE over DWDM).
3) Are ASR9000v providing local switching between GE ports or all
traffic is going to upper layer (ASR9010) and going back to ASR9000v ?

Rob
___
cisco-nsp mailing list  cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/

Re: [c-nsp] Cisco's new 4500-X 10G Aggregation Switches

[Robert Hass]

On Fri, Feb 10, 2012 at 6:03 PM, Sachin Gupta (sagupta)
 wrote:
> 16p SFP+ is $24k (capable of 64k routes)
> 24p SFP+ is $32k (capable of 64k routes)
[...]

Thanks. Pricing and first technical aspects look promising :)

Can you also write how big amount of buffers it has ? (4900M has 16MB)
Is it's still store-and-forward switch or cut-though ?

Rob
___
cisco-nsp mailing list  cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/

Re: [c-nsp] Cisco's new 4500-X 10G Aggregation Switches

[Robert Hass]

On Fri, Feb 10, 2012 at 3:24 AM, Reuben Farrelly
 wrote:
> So finally - a 10G 1RU SFP+ access device.  It seem to be targeted at
> enterprise aggregation but I imagine would have some appeal in service
> provide space too given the form factor and the fact that the only 10G
> alternates are 3560E-12D's (with X2), Nexus, and upwards from there is of
> course the 4500/6500 chassis based units.

Any leaks about pricing ? It can be  externally expensive. I hope not.

Rob

___
cisco-nsp mailing list  cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/

Re: [c-nsp] Outbound drops on 6748

[Robert Hass]

On Sat, Jan 28, 2012 at 6:42 PM, Matthew Huff  wrote:
> Cisco Nexus 3000 Series switches. They came out to compete with Arista in the 
> HFT world, but are useful anywhere latency and/or bursting is an issue:
>
> http://www.cisco.com/en/US/products/ps11541/index.html

Nexus 3000 have 9MB buffers comparing to 1.3MB per port at
WS-X6748-GE-TX. Will ultra-low-latency switching decreases need amount
of buffers ? What about for using Nexus 3000 for long-distance
connection (eg. 120KM). Do I need more buffers for 120KM Ethernet that
for 10KM Ethernet ? (normal traffic , no storage)
___
cisco-nsp mailing list  cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/

Re: [c-nsp] Outbound drops on 6748

[Robert Hass]

On Sat, Jan 28, 2012 at 4:45 PM, Matthew Huff  wrote:
> You are likely hitting microbursts. The traffic levels you state are measured 
> over an interval (30 seconds minimum probably). During peak activity you can 
> easy overrun the buffers on the 6748 if your upstream data is coming from > 
> 1gb and/or multicast. Since the 6748 has the deepest buffer of any linecards 
> of the 6500, you might have to look at an Arista or Cisco 30xx aggregation 
> switch that can handle the microbursts.

Can you write which model of switch you mean writing 'Cisco 30xx
aggregation switch' ?

Rob

___
cisco-nsp mailing list  cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/

Re: [c-nsp] erspan for just one IP

[Robert Hass]

On Thu, Jan 12, 2012 at 4:34 PM, Mack McBride  wrote:
> It is ugly but you can use a vlan acl to capture on a remote span session 
> then forward out a port that is connected back to the device for ERSPAN.  Not 
> pretty but this can be used for ERSPAN or MPLS forwarding.

You mean vlan acl on 6500 where is RSPAN source or second on 6500
where is ERSPAN destination ?

Rob

___
cisco-nsp mailing list  cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/

[c-nsp] erspan for just one IP

[Robert Hass]

Hi

Is any way to have ERSPAN (on Cat6500) where traffic is copied only
for one IP within VLAN.
Eg. VLAN400, IP 2.2.2.2 (where VLAN consist /16 subnet and 2k active hosts)

Robert
___
cisco-nsp mailing list  cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/

[c-nsp] FIB table saving technique

[Robert Hass]

Hi

On march 2011 I was on Cisco presentation "FIB table saving technique
(with simple virtual aggregation)". Robert (author or presentation)
said that this feature should be integrated in IOS version "RLS 11"
(which means around 15.2). But on release notes for 15.2 I cannot find
this feature. Do any one know will Cisco implement this in near future
?

Rob
___
cisco-nsp mailing list  cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/

Re: [c-nsp] Interpreting DOM outputs

[Robert Hass]

On Sat, Dec 31, 2011 at 6:02 PM, Anton Kapela  wrote:
> That is, these measurements are best-used as a referential figure, not
> absolute -- meaning you ought to start polling & storing them now for
> the most utility to be found in troubleshooting later. ;)

Thanks for explanation.
But I'm still unsure regarding my questions of understanding:

Tx Power '-4.9' better/stronger than '-6.9'
Rx Power '-9.6' is better/stronger than '-11.2'

My above understanding is correct or incorrect ?

Thanks,
Rob
___
cisco-nsp mailing list  cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/

[c-nsp] Interpreting DOM outputs

[Robert Hass]

Hi

I have few LX SFPs with DOM but I'm unsure if I reading outputs correctly.

   Optical   Optical
   Temperature  Voltage  Current   Tx Power  Rx Power
Port   (Celsius)(Volts)  (mA)  (dBm) (dBm)
-  ---  ---      
Gi4/139.6   3.21  12.4  -4.9 -11.2
Gi4/242.9   3.20  11.8  -4.7  -9.6
Gi4/538.9   3.33  20.9  -6.9 -12.3
Gi4/645.5   3.23  11.2  -4.9 -12.0

Tx Power '-4.9' better than '-6.9' (i.e. signal is stronger if TX
Power is '-4.9' comparing to '-6.9')
Rx Power '-9.6' is btter than '-11.2' (i.e. signal at receiver in case
of '-9.6')

Rob
___
cisco-nsp mailing list  cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/

[c-nsp] Cisco 819 performance

[Robert Hass]

Hi
Do any one know what is performance (in pps) of Cisco 819 ? We would
like to replace few  old 870 routers (which has according to
routerperformance 25k) with new 819. Unfortunately
http://www.cisco.com/web/partners/downloads/765/tools/quickreference/routerperformance.pdf
is outdated at doesn't cover  new models.

Robert
___
cisco-nsp mailing list  cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/

[c-nsp] mLACP at 6500

[Robert Hass]

Hi
In 12.2 SXJ release Cisco implemented very interesting feature called
- multichassis LACP (mLACP). Documentation says it's designed for
server deployment. I'm using topology where distribution is made at
two 6500/Sup720 and from each 6500 is 1G link to access switch (2960).
Redundancy and loop-free topology is provided by MSTP. I'm looking for
comments how good or bad mLACP works. As we would like migrate from
MSTP to mLACP for access switches (currently 60 access-switches).

Robert
___
cisco-nsp mailing list  cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/

[c-nsp] ASR 901 fib size

[Robert Hass]

Hi
What size of FIB for IPv4/IPv6 has ASR 901 ? I cannot find this
information in documentation and datasheets.

Rob
___
cisco-nsp mailing list  cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/

Re: [c-nsp] Recommendation for small GBit router

[Robert Hass]

On Sat, Dec 17, 2011 at 4:53 PM, Gert Doering  wrote:

>> What throughput can bigger/newer plattform like Sup32/ASR provide with
>> netflow ?

Sup32 is PFC3B so same as Sup720/PFC3B. PFC3B supports 128K NetFlow
entries. For us it was OK for ~2Gbps traffic with smalls customers
traffic from BRAS (a lot of flows). If you have Sup720/PFC3B then do
the POC.

> The NSE-* have hardware forwarding that never really worked, so the
> whole product line was abandoned.  Short summary.  Don't Go There.

Not really. It's true for 7200 and NSE-1. But not true for 7304 and
NSE-100 and NSE-150. We're still using around 7 of 7304/NSE-100 and
NSE-150 based as access-routers at happy with them.

___
cisco-nsp mailing list  cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/

Re: [c-nsp] Recommendation for small GBit router

[Robert Hass]

> Cisco-wise you'll find nothing that can push bandwidth. The cheapest
> option you have would probably be a WS-3560, but you'll need an
> "advanced ip services" image which does not come for free.

But 3560 doesn't provide netflow at all (even sampled). And no SVI statistics.
So it's out of requirements.
___
cisco-nsp mailing list  cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/

Re: [c-nsp] Recommendation for small GBit router

[Robert Hass]

On Fri, Dec 16, 2011 at 12:25 AM, "Rolf Hanßen"  wrote:
> I am looking for a stable, reliable router / Layer3 switch that can do the
> following:
> -forward at least 1GBit / 1Mpps
> -full support of IPv6
> -provide NetFlow data or similar for several hundred connected hosts in a
> way that can be used for IP-based accounting (including IPv6 and not
[...]

Maybe 6503/Sup32

It's same as Sup720 becouse it's also use PFC3B. On second hand market
you can have it for 4-5k EUR with chassis and PS/PEMs.
Limitations - no good linecards like 67xx.

if not then ASR1002F or ASR1001 or older 7304/NSE-100 or NSE-150

___
cisco-nsp mailing list  cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/

[c-nsp] ASR903, ASR9k, SUP2T questions

[Robert Hass]

I have question regarding ASR9k and ASR903 platforms:
1) How big FIB and RIB they have ?
2) How big NetFlow table they have ? Is it separate netflow table per
each linecard ?
3) What is performance of ASR903 (Gbps and PPS) - can I have it
wirerate with 5 x 10GE cards ?

And two questions regarding Sup-2T/6500:
1) Are egress policing on SVI is finally supported ?
2) Currently it's running classic IOS, but is migration to IOS XE or
IOS XR planned for Sup-2T ?

Robert
___
cisco-nsp mailing list  cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/

[c-nsp] VPLS on software routers

[Robert Hass]

Hi
I just want to build VPLS lab (carry couple of VLANs between 4 routers) for
test some solutions. Is VPLS supported on some software routers (7200, ISR
G2, ASR1k) ? Performance is not important here - as it's for LAB few mbps is
enough.

If software IOS routers not supports VPLS then maybe J-Series routers or
other vendor ? (I know that it' not juniper forum, but maybe someone knows
also J series).

Robert
___
cisco-nsp mailing list  cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/

Re: [c-nsp] SUP-2T and ingress netflow + microflows policing

[Robert Hass]

On Wed, Jul 13, 2011 at 11:37 AM, Phil Mayers  wrote:
> sh platform hardware capacity netflow
>
> ...say?

#sh platform hardware capacity netflow
Netflow Resources
  TCAM utilization:   Module   Created  Failed   %Used
  5  53474   0 20%
  ICAM utilization:   Module   Created  Failed   %Used
  5  1   0  0%

 Flowmasks:   Mask#   TypeFeatures
  IPv4:   0   reservednone
  IPv4:   1   Intf FulIntf NDE L3 Feature
  IPv4:   2   unused  none
  IPv4:   3   reservednone

  IPv6:   0   reservednone
  IPv6:   1   unused  none
  IPv6:   2   unused  none
  IPv6:   3   reservednone

Rob
___
cisco-nsp mailing list  cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/

Re: [c-nsp] SUP-2T and ingress netflow + microflows policing

[Robert Hass]

> I take it you're unable or unwilling to change your netflow flowmask to
> match that required by the microflow policer?

My mls netflow configuration below:

mls ipv6 acl compress address unicast
mls aging fast time 5 threshold 16
mls aging long 64
mls aging normal 32
mls netflow interface
mls netflow usage notify 90 120
mls flow ip interface-full
mls nde sender version 5
mls sampling packet-based 64 32000

ip flow-export source Vlan632
ip flow-export version 5 origin-as
ip flow-export destination 10.55.78.15 3
ip flow-export destination 10.55.79.15 3

You think I can change something here to have same flowmasks ?

Robert
___
cisco-nsp mailing list  cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/

[c-nsp] SUP-2T and ingress netflow + microflows policing

[Robert Hass]

Hi
I'm currently using 6500 with SUP720 and 67xx CFC linecards (mainly
almost all are 6704-10GE).

Is SUP-2T (PFC4) changes anything about possible simultaneous features
configured on one interface comparing to SUP720 (PFC3) ? My goal is to
have ingress netflow and microflow policing configured on same
interface simultaneous.

When I have configured these features together on SUP720 then 6500
causing me error:
%FM-4-FLOWMASK_REDUCED: Features configured on interface
TenGigabitEthernet4/3 have conflicting flowmask requirements, some
features may work in software
I have to disable netflow or microflow policing on interface to go
back to hardware forwarding instead of punt to CPU.

My configuration:

interface TenGigabitEthernet4/3
 description TSIC04
 ip address x.x.x.x 255.255.255.252
 ip access-group SPOOFING-IN in
 no ip redirects
 no ip unreachables
 no ip proxy-arp
 ip flow ingress
 ip policy route-map PBR
 load-interval 30
 ipv6 address ..
 ipv6 enable
 ipv6 nd ra suppress
 ipv6 traffic-filter SPOOFING-INv6 in
 no ipv6 mld router
 no cdp enable
 hold-queue 1500 in
!

class-map match-any servers-low
  match access-group 100
!
policy-map microflows-police
  class servers-low
 police flow mask dest-only 2000 50 conform-action
transmit exceed-action drop
  class class-default
!
! about 20 hosts
access-list 100 permit ip any host x.x.x.x
access-list 100 permit ip any host x.x.x.x
access-list 100 permit ip any host x.x.x.x
access-list 100 permit ip any host x.x.x.x
access-list 100 permit ip any host x.x.x.x
access-list 100 permit ip any host x.x.x.x
access-list 100 permit ip any host x.x.x.x
access-list 100 permit ip any host x.x.x.x
access-list 100 permit ip any host x.x.x.x
access-list 100 permit ip any host x.x.x.x

BTW. Can also Sup2-T/PFC4 solve all issues with IPv6 ? Eg. full ipv6
acls instead of compressed like on PFC3, ipv6 copp, ipv6 hardware pbr
?

Robert
___
cisco-nsp mailing list  cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/

Re: [c-nsp] sup2T software & release notes have hit

[Robert Hass]

> The 6708 card isn't mentioned elsewhere on the page. Specifically not in
> "Table 6. DFC4 Field Upgradable Linecard". Anybody know what that means?
> Do we have to buy new 6908 cards instead? Or will there be a field
> upgrade?

As 6708 is DFC-only (same as 6716) and cannot work in CFC due to lack
of some bus ASICs. You cannot it use with 2T due to incompability DFC4
to DFC3. DFC4 is not supported at all at 67xx linecards. But there is
special TMP program for 6708 linecards for upgrade them to 6908. Talk
to your account team for details.

Robert
___
cisco-nsp mailing list  cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/

Re: [c-nsp] Supported Modules / Linecards for 7600 Series

[Robert Hass]

On Mon, Jun 6, 2011 at 11:16 AM, Florian Kuehn  wrote:
> Do the Ethernet line cards of the 6500 series also fit into 7600 series?
> Other links appreciated.

Yes. You can use 6500 linecards in 7600 (eg. WS-X67xx CFC/DFC series cards).

Exception are new linecards designed for Sup-2T (PFC4/DFC4 based).
They are not supported as 7600 is PFC3/DFC3 system (RSP720/SUP720).

Robert
___
cisco-nsp mailing list  cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/

Re: [c-nsp] Small network Route Reflectors?

[Robert Hass]

On Wed, Mar 16, 2011 at 9:34 AM, Phil Mayers  wrote:

> Hmm. I definitely came away with the idea you needed DATA, but I can't
> remember why; which of course makes the conclusion suspect!

If someone have working config. I can apply it to our of our 2900s in the LAB.
We will see if DATA is required.
___
cisco-nsp mailing list  cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/