Re: [c-nsp] Understanding ASR1k / ESP40 capacity
Think not only throughput but about pps also. According to cisco doc ESP40 has ~24Mpps capacity, ESP20 has the same limitation. So, you pick out all resources from QFP. RA write the report where you can see this limitation - http://www.slideshare.net/RouterAnalysis/cisco-asr-1000-series-testing-results-and-analysis 06.10.2014 18:24, Simon Lockhart пишет: Pete, Thanks for this - I'll watch that preso and see if it adds anything useful. You seem to be supporting my viewpoint, and I've also had an off-list reply supporting TAC's viewpoint - so I'm not sure I'm any further forwards. I'm currently working on a plan to replace the ESP40 with an ESP100 - but as the ESP100 isn't supported in the ASR1004, I'll also have to do a chassis swap to an ASR1006. My only remaining concern with this plan is whether the SIP40 can really do 40Gbps. If I stick 4 * 10G SPA's into a SIP40, can I run those 10G ports at line-rate (assuming sufficient ESP capacity)? Many thanks, Simon On Sat Oct 04, 2014 at 11:56:45AM -0400, Pete Lumbis wrote: It would be a single pass through the QFP. The SIP could also be a limiting factor, but since you are split between SIPs that shouldn't be an issue. The SIP 40 has 2x 40Gig lanes on the backplane. Are you doing crypto or anything like that which would impact performance? There is a great Cisco Live preso on the ASR1k architecture that might help you get some ammo to go back to TAC with. http://d2zmdbbm9feqrf.cloudfront.net/2014/usa/pdf/BRKARC-2001.pdf -Pete On Sat, Oct 4, 2014 at 4:56 AM, Simon Lockhart si...@slimey.org wrote: All, I'm banging my head against a brick wall trying to get sensible answers from Cisco TAC, so thought I'd ask the educated masses who may have come across this before... I've got a Cisco ASR1004 with RP2, ESP40, 2 * SIP40's, and 8 * 10GE ports. A snapshot of usage on these ports at peak is: Interface RxBps RxPps TxBps TxPps Te0/0/0 4,385,563,000 515,508906,118,000 339,997 Te0/1/0 3,942,338,000 419,696984,150,000 358,436 Te0/2/0 3,949,993,000 425,192933,257,000 349,145 Te0/3/0 4,375,526,000 512,858873,284,000 334,751 Te1/0/0 1,186,440,000 454,714 5,474,029,000 630,916 Te1/1/0 622,154,000 244,056 3,181,689,000 338,190 Te1/2/0 711,493,000 253,275 3,211,560,000 340,950 Te1/3/0 1,218,873,000 437,195 4,831,708,000 568,488 TOTAL20,392,380,000 3,262,494 20,395,795,000 3,260,873 I'm seeing throughput issues on a portchannel consisting of Te0/0/0 and Te0/3/0 (it won't go over 10Gbps aggregate) Cisco TAC are telling me if I add TxBps and RxBps totals together, I get 40Gbps, so I've reached capacity of the QFP (i.e. ESP40). My arguement against this is that a packet which enters the router on Te0/0/0, goes through the SIP40 in slot 0, through the ESP40, through the SIP40 in slot 1, and out through Te1/0/0 is still just one packet, so should only need to be counted once through the ESP, and once for each SIP. Hence, the throughput on the ESP is only 20.3Gbps on those numbers above. If I poll ceqfpUtilProcessingLoad by SNMP, I see peaks of around 65%, which would correlate with this level of throughput. I'm assuming there are others of you using this platform. What sort of throughput are you seeing? Am I right, or is the Cisco TAC engineer? TIA, Simon ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/ ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/ ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] Understanding ASR1k / ESP40 capacity
Think not only throughput but about pps also. According to cisco doc ESP40 has ~20Mpps capacity, ESP20 has the same limitation. So, you pick out all resources from QFP. RA write the report where you can see this limitation - http://www.slideshare.net/RouterAnalysis/cisco-asr-1000-series-testing-results-and-analysis 04.10.2014 18:56, Pete Lumbis пишет: All, I'm banging my head against a brick wall trying to get sensible answers from Cisco TAC, so thought I'd ask the educated masses who may have come across this before... I've got a Cisco ASR1004 with RP2, ESP40, 2 * SIP40's, and 8 * 10GE ports. A snapshot of usage on these ports at peak is: Interface RxBps RxPps TxBps TxPps Te0/0/0 4,385,563,000 515,508906,118,000 339,997 Te0/1/0 3,942,338,000 419,696984,150,000 358,436 Te0/2/0 3,949,993,000 425,192933,257,000 349,145 Te0/3/0 4,375,526,000 512,858873,284,000 334,751 Te1/0/0 1,186,440,000 454,714 5,474,029,000 630,916 Te1/1/0 622,154,000 244,056 3,181,689,000 338,190 Te1/2/0 711,493,000 253,275 3,211,560,000 340,950 Te1/3/0 1,218,873,000 437,195 4,831,708,000 568,488 TOTAL20,392,380,000 3,262,494 20,395,795,000 3,260,873 I'm seeing throughput issues on a portchannel consisting of Te0/0/0 and Te0/3/0 (it won't go over 10Gbps aggregate) Cisco TAC are telling me if I add TxBps and RxBps totals together, I get 40Gbps, so I've reached capacity of the QFP (i.e. ESP40). My arguement against this is that a packet which enters the router on Te0/0/0, goes through the SIP40 in slot 0, through the ESP40, through the SIP40 in slot 1, and out through Te1/0/0 is still just one packet, so should only need to be counted once through the ESP, and once for each SIP. Hence, the throughput on the ESP is only 20.3Gbps on those numbers above. If I poll ceqfpUtilProcessingLoad by SNMP, I see peaks of around 65%, which would correlate with this level of throughput. I'm assuming there are others of you using this platform. What sort of throughput are you seeing? Am I right, or is the Cisco TAC engineer? TIA, Simon ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] Carrier grade NAT44 newest Cisco boxes
Recently I got from cisco presentation about ISM. Bulk port allocation was planned for the release 4.2.1. But I am not sure if regulator can send port number with IP address. Without port number bulk port allocation will be useless feature. Ruslan Pustovoitov пишет: I know Alcatel has Bulk Port Allocation in it's MS-ISA and it work fine. ISM-100/CGSE has no such feature but my aim is argue that ISM is the right answer ) jean-francois.tremblay...@videotron.com пишет: We in europe have some pressure to have the ability to map the ip/port/timestamp touple back to user. Of course nobody will be able to deliver the port together with the ip and an accurate enough timestamp for this to be meaningfull. Bulk Port Allocation (also called Port Range Allocation) is probably what you're looking for. It reduces logging requirements by several orders of magnitudes and your timestamping doesn't have to be as precise. This is a must to deploy any CGN, IMHO. Coming soon to your favorite Cisco CGN implementation, apparently... I can see this becoming a larger problem when more nats appear on conventional DSL / FTTx / Cable access products as opposed to just low bandwidth mobile networks. Mobile networks aren't that low bandwidth anymore. They have the same issues with logging. /JF ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/ ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/ ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
[c-nsp] Carrier grade NAT44 newest Cisco boxes
Hi all Does anybody explain me what is the best way to do CGN on Cisco boxes ? I look for powerfull solution with price congruous with other vendor. Recently I closely looked at ISM-100 card for asr9k platform. I was negativly surprised that performance of this card is about 10 Gbit/s half-duplex.. Card is occupied full slot in chassis and costs about 200.000$ in GPL with license for 10 miilion sessions. I know that other vendors with more ancient NATs has double performance for this price. Also, I look in CGSE blade for CRS-1 and CRS-3 platform. Presentation says it has 10 Gbit/s full-duplex performance and card occupy one slot. Does it meen that CGN in CRS more powerfull that CGN in ASR9k or this is the sort of marketing game ? ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] BFD on port channel
We use BFD between ASR9k and ALU 7750SR. ASR configured to do one session for bundle because ALU cannot do BFD session per link. So, ASR selects one port from bundle and sends BFD packet over it. ALU does BFD on RP, one session for etherchannel, but it sends BFD packets into each link consecutively, first link, second link and so on to monitor a whole bundle. In such a way to prevent ASR from timing out bfd session due to small number of packet hit for bfd agent we set multiplayer on ASR side to relatively big value. Bundle resides on different card in both routers. And it works. Geert, so no, forget BFD and portchannels :-) not so quickly :-) On NX-OS as well as IOS-XR, two platforms/OS where we have been running BFD sessions on the linecards, we do support BFD on channels/bundle, albeit in a proprietary fashion as this is not (yet?) standardized. As we're still using Layer 3 BFD pkts, now running over each bundle/channel member, the topologies supported by the specific BFD over channel implementations are limited, on IOS-XR we can only do back-to-back bundles (i.e. between two XR devices), NX-OS is a bit more flexible in this regard. So BFD and portchannels is still tricky and limited to some platforms and topologies, but it's certainly not impossible. oli ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/ ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] 6rd on ASR1k
If I delete tunnel 6rd ipv4 prefix-len 16 from configuration and use my /48 6rd prefix, 6rd delegated prefix will be 80 bit length. I am not sure whether this configuration is supported. So, I going second way, change IPv4 address of BR to178.140.5.241 and change all other thingth related to the hack ) Ping working! I forgot about octets not visible to BR due to prefix-length command and fully stateless technique. If ASR will track this octets it will be statefull, therefore this right behaviour. Thank you! Harold Ritter пишет: Ruslan, OK, I think we have found the issue. You use a 16 bit prefix length (tunnel 6rd ipv4 prefix-len 16) which means that only the last 16 bits of the ipv4 address will be inserted in the 6RD ipv6 address. The gateway assumes the prefix is the same as the local (192.88/16) and tries to send the reply back to 192.88.5.250. You just need to either use the same prefix (/16) on both the client and BR or remove the following command; tunnel 6rd ipv4 prefix-len 16. If you do that make sure you insert the full 32 bits ipv4 address on the workstation (manual procedure be cause of your 6to4 hack). Regards Le 11-11-01 09:22, « Ruslan Pustovoytov » ru...@inbox.ru a écrit : I use 178.140.5.250 IPv4 address on workstation. It is not changed. What is the reason to change it? Ruslan, I meant the IPv4 address you use on the workstation. Could you please let us know what it is. Regards Le 11-11-01 02:53, « Ruslan Pustovoytov » ru...@inbox.ru a écrit : Did you mean IPv4 6RD relay address ? Yes, I changed it from 192.88.99.127 to 192.88.98.127 Did you also change the IPv4 prefix you use on the workstation? Le 11-10-31 09:19, « Ruslan Pustovoytov » ru...@inbox.ru a écrit : I change 6rd relay IPv4 address 192.88.99.127 to 192.88.98.127 in BR config (loopback10) and windiws 6to4 relay. The picture is the same, ICMPv6 packet successfully going through the network and egressing from the last iface directly connected to ASR. But I don't see this packets in debug output. Harold Ritter (hritter) пишет: Could you try using a prefix other than 192.88.99.0/24 and see if it makes a diffrence. Envoyé de mon iPhone Le 2011-10-31 à 02:15, Ruslan Pustovoytov ru...@inbox.ru a écrit : 1. Ok. 2. Exactly. Harold Ritter пишет: Hi Ruslan, Two things: 1. It would be safer not to use the 192.88.99/24 prefix for this purpose, as this prefix has been reserved for the 6to4 relay anycast address (RFC3068). 2. According to the information below, the BR will try to forward the return traffic to 192.88.5.250 (prefix 192.88 + suffix = 0x5fa = 5.250). Is this the address assigned to the Windows7 Ethernet interface? Regards *Ruslan Pustovoytov ru...@inbox.ru mailto:ru...@inbox.ru* Envoyé par : cisco-nsp-boun...@puck.nether.net mailto:cisco-nsp-boun...@puck.nether.net 27/10/2011 09:42 AM A Harold Ritter hrit...@cisco.com mailto:hrit...@cisco.com cc cisco-nsp@puck.nether.net mailto:cisco-nsp@puck.nether.net Objet Re: [c-nsp] 6rd on ASR1k Excuse me for a long delay. I check all of my configuration on client and BR. In my lab I have no native 6RD client so I use Windows machine with some hack. My client is Windows7 and I use it's 6to4 adapter to emulate 6RD functionality. When I assign real IPv4 address to Local Area network adapter, 6to4 adapter became functional. Then delete automatic 6to4 IPv6 address (2002:) and add new IPv6 address accordingly to 6RD rules. Also change default 6to4 relay to my 6RD relay IPv4 address (192.88.99.127) Tunnel 6TO4 Adapter: IPv6-address. . . . . . . . . . . . : 2XXX::206:5fa::abca Default gateway. . . . . . . . . : 2002:c058:637f::1 My prefix-length for 6RD config in BR is 16 bit. So, only left two octets of IPv4 address coded into 6RD IPv6 address. I add default route for IPv6 family via command: netsh interface ipv6add route ::/0 6to4 2002:0c58:637f::1 Route table looks like this: IPv6 таблица маршрута === == == Ðктивные маршруты: Метрика Сетевой адреÑШлюз 13281 ::/0 2002:c058:637f::1 1306 ::1/128 On-link 12 58 2001::/32On-link 12306 2001:0:5ef5:79fd:8f5:2c30:4d73:fa05/128 On-link 13 1025 2002::/16On-link 13281 2a02:2168:206:5fa::/64 On-link 13281 2a02:2168:206:5fa::abca/128 On-link 12306 fe80::/64On-link 12306 fe80::8f5:2c30:4d73:fa05/128 On-link 1306 ff00::/8 On-link 12306 ff00::/8 On-link
Re: [c-nsp] 6rd on ASR1k
No, I cannot. But I verify that IPv4 packet with protocol 41 in payload successfully reach ASR1k. I create access-list 114 for this and attach it to interface on ASR1k where packets come from the network. interface Loopback10 description 6RD ip address 192.88.98.127 255.255.255.255 ! interface Tunnel0 no ip address no ip redirects ipv6 address 2XXX::206::1/128 anycast tunnel source Loopback10 tunnel mode ipv6ip 6rd tunnel 6rd ipv4 prefix-len 16 tunnel 6rd prefix 2XXX::206::/48 ! interface GigabitEthernet0/0/1.531 encapsulation dot1Q 531 ip address XX.YY.255.210 255.255.255.252 ip access-group 114 in no ip redirects no ip unreachables no ip proxy-arp ip virtual-reassembly ipv6 route 2XXX::206::/48 Tunnel0 cod-gw01#show ip access-lists 114 Extended IP access list 114 10 permit 41 host AA.BB.140.250 any (4 matches) 20 permit ip any any (32 matches) I ping IPv6 anycast address 2XXX::206::1 from 6rd client and got 4 matches (default ping packet count), please see output above. Debug ipv6 icmp show only node advetisment and node solicitation not for my host. Harold Ritter пишет: Can you at least ping the BR IPv6 Anycast address (2XXX::206::/128)? Regards Le 11-10-31 09:19, « Ruslan Pustovoytov » ru...@inbox.ru a écrit : I change 6rd relay IPv4 address 192.88.99.127 to 192.88.98.127 in BR config (loopback10) and windiws 6to4 relay. The picture is the same, ICMPv6 packet successfully going through the network and egressing from the last iface directly connected to ASR. But I don't see this packets in debug output. Harold Ritter (hritter) пишет: Could you try using a prefix other than 192.88.99.0/24 and see if it makes a diffrence. Envoyé de mon iPhone Le 2011-10-31 à 02:15, Ruslan Pustovoytov ru...@inbox.ru a écrit : 1. Ok. 2. Exactly. Harold Ritter пишет: Hi Ruslan, Two things: 1. It would be safer not to use the 192.88.99/24 prefix for this purpose, as this prefix has been reserved for the 6to4 relay anycast address (RFC3068). 2. According to the information below, the BR will try to forward the return traffic to 192.88.5.250 (prefix 192.88 + suffix = 0x5fa = 5.250). Is this the address assigned to the Windows7 Ethernet interface? Regards *Ruslan Pustovoytov ru...@inbox.ru mailto:ru...@inbox.ru* Envoyé par : cisco-nsp-boun...@puck.nether.net mailto:cisco-nsp-boun...@puck.nether.net 27/10/2011 09:42 AM A Harold Ritter hrit...@cisco.com mailto:hrit...@cisco.com cc cisco-nsp@puck.nether.net mailto:cisco-nsp@puck.nether.net Objet Re: [c-nsp] 6rd on ASR1k Excuse me for a long delay. I check all of my configuration on client and BR. In my lab I have no native 6RD client so I use Windows machine with some hack. My client is Windows7 and I use it's 6to4 adapter to emulate 6RD functionality. When I assign real IPv4 address to Local Area network adapter, 6to4 adapter became functional. Then delete automatic 6to4 IPv6 address (2002:) and add new IPv6 address accordingly to 6RD rules. Also change default 6to4 relay to my 6RD relay IPv4 address (192.88.99.127) Tunnel 6TO4 Adapter: IPv6-address. . . . . . . . . . . . : 2XXX::206:5fa::abca Default gateway. . . . . . . . . : 2002:c058:637f::1 My prefix-length for 6RD config in BR is 16 bit. So, only left two octets of IPv4 address coded into 6RD IPv6 address. I add default route for IPv6 family via command: netsh interface ipv6add route ::/0 6to4 2002:0c58:637f::1 Route table looks like this: IPv6 таблица маршрута === Ðктивные маршруты: Метрика Сетевой адреÑШлюз 13281 ::/0 2002:c058:637f::1 1306 ::1/128 On-link 12 58 2001::/32On-link 12306 2001:0:5ef5:79fd:8f5:2c30:4d73:fa05/128 On-link 13 1025 2002::/16On-link 13281 2a02:2168:206:5fa::/64 On-link 13281 2a02:2168:206:5fa::abca/128 On-link 12306 fe80::/64On-link 12306 fe80::8f5:2c30:4d73:fa05/128 On-link 1306 ff00::/8 On-link 12306 ff00::/8 On-link === ПоÑтоÑнные маршруты: Метрика Сетевой адреÑШлюз 0 4294967295 ::/0 2002:c058:637f::1 === Then I ping 2XXX::200:800::2 address. When I did command deb ipv6 icmp on ASR I see some ICMP but its did not relevant for me. Wireshark on Windows 6RD client show me that all ICMP packet envelop with right IPv4 header and successfully leaving the host. Also last interface in my network
Re: [c-nsp] 6rd on ASR1k
Did you mean IPv4 6RD relay address ? Yes, I changed it from 192.88.99.127 to 192.88.98.127 Did you also change the IPv4 prefix you use on the workstation? Le 11-10-31 09:19, « Ruslan Pustovoytov » ru...@inbox.ru a écrit : I change 6rd relay IPv4 address 192.88.99.127 to 192.88.98.127 in BR config (loopback10) and windiws 6to4 relay. The picture is the same, ICMPv6 packet successfully going through the network and egressing from the last iface directly connected to ASR. But I don't see this packets in debug output. Harold Ritter (hritter) пишет: Could you try using a prefix other than 192.88.99.0/24 and see if it makes a diffrence. Envoyé de mon iPhone Le 2011-10-31 à 02:15, Ruslan Pustovoytov ru...@inbox.ru a écrit : 1. Ok. 2. Exactly. Harold Ritter пишет: Hi Ruslan, Two things: 1. It would be safer not to use the 192.88.99/24 prefix for this purpose, as this prefix has been reserved for the 6to4 relay anycast address (RFC3068). 2. According to the information below, the BR will try to forward the return traffic to 192.88.5.250 (prefix 192.88 + suffix = 0x5fa = 5.250). Is this the address assigned to the Windows7 Ethernet interface? Regards *Ruslan Pustovoytov ru...@inbox.ru mailto:ru...@inbox.ru* Envoyé par : cisco-nsp-boun...@puck.nether.net mailto:cisco-nsp-boun...@puck.nether.net 27/10/2011 09:42 AM A Harold Ritter hrit...@cisco.com mailto:hrit...@cisco.com cc cisco-nsp@puck.nether.net mailto:cisco-nsp@puck.nether.net Objet Re: [c-nsp] 6rd on ASR1k Excuse me for a long delay. I check all of my configuration on client and BR. In my lab I have no native 6RD client so I use Windows machine with some hack. My client is Windows7 and I use it's 6to4 adapter to emulate 6RD functionality. When I assign real IPv4 address to Local Area network adapter, 6to4 adapter became functional. Then delete automatic 6to4 IPv6 address (2002:) and add new IPv6 address accordingly to 6RD rules. Also change default 6to4 relay to my 6RD relay IPv4 address (192.88.99.127) Tunnel 6TO4 Adapter: IPv6-address. . . . . . . . . . . . : 2XXX::206:5fa::abca Default gateway. . . . . . . . . : 2002:c058:637f::1 My prefix-length for 6RD config in BR is 16 bit. So, only left two octets of IPv4 address coded into 6RD IPv6 address. I add default route for IPv6 family via command: netsh interface ipv6add route ::/0 6to4 2002:0c58:637f::1 Route table looks like this: IPv6 таблица маршрута === Ðктивные маршруты: Метрика Сетевой адреÑШлюз 13281 ::/0 2002:c058:637f::1 1306 ::1/128 On-link 12 58 2001::/32On-link 12306 2001:0:5ef5:79fd:8f5:2c30:4d73:fa05/128 On-link 13 1025 2002::/16On-link 13281 2a02:2168:206:5fa::/64 On-link 13281 2a02:2168:206:5fa::abca/128 On-link 12306 fe80::/64On-link 12306 fe80::8f5:2c30:4d73:fa05/128 On-link 1306 ff00::/8 On-link 12306 ff00::/8 On-link === ПоÑтоÑнные маршруты: Метрика Сетевой адреÑШлюз 0 4294967295 ::/0 2002:c058:637f::1 === Then I ping 2XXX::200:800::2 address. When I did command deb ipv6 icmp on ASR I see some ICMP but its did not relevant for me. Wireshark on Windows 6RD client show me that all ICMP packet envelop with right IPv4 header and successfully leaving the host. Also last interface in my network directly attached to ASR show increments on egress direction in packet filter with protocol 41 in payload as mask value when I pinging. Harold Ritter пишет: Ruslan, Just to make sure, do you have a default route on the 6rd client pointing at the 6rd BR? Since you are pinging the ASR1k itself, could you please run a deb ipv6 icmp on the ASR to see if the ICMP packets are received. Regards Le 11-10-14 01:57, « Ruslan Pustovoitov » ru...@mostelekom.net mailto:ru...@mostelekom.net a écrit : Hi Harold ! This is my config relevant to 6rd. Also, I don't know how to debug packets with protocol 41 in IP payload in ASR. Debug in form debug ip packet #access-list do not working for non software routers. interface Loopback10 description 6RD_Relay ip address 192.88.99.127 255.255.255.255 ! interface Tunnel0 no ip address no ip redirects ipv6 address 2XXX::206::/128 anycast tunnel source Loopback10 tunnel mode ipv6ip 6rd tunnel 6rd ipv4 prefix-len 16 tunnel 6rd prefix 2XXX::206::/48
Re: [c-nsp] 6rd on ASR1k
Also I move traffic from subinterface .531 to the routed port gi0/0/2 Assuming that tuuneling may not working via subinterface. Now, trafic in both directions going through the gi0/0/2 In asr1k outbound trafic not visible in access-list matches, so I create access list for this traffic in opposite side (4948) Extended IP access list 100 10 permit 41 any any 20 permit ip any any (2825 matches) cod-gw01#show ip access-lists 114 Extended IP access list 114 10 permit 41 host 178.140.5.250 any (97 matches) 20 permit ip any any (1772 matches) I see packets matched access-list 114, but I dont see any match for protocol 41 in access-list 100 for out direction. The relevant configuration now looks like this interface Loopback10 description 6rd_relay ip address 192.88.98.127 255.255.255.255 interface Tunnel0 no ip address no ip redirects ipv6 address 2XXX::206::1/128 anycast ipv6 address 2XXX::206::2/128 ipv6 virtual-reassembly in tunnel source Loopback10 tunnel mode ipv6ip 6rd tunnel 6rd ipv4 prefix-len 16 tunnel 6rd prefix 2XXX::206::/48 ! interface GigabitEthernet0/0/2 description to_nag-sw2,gi1/25,test-6rd ip address AA.BB.5.246 255.255.255.252 ip access-group 114 in negotiation auto ip route AA.BB.5.248 255.255.255.248 AA.BB.5.245 ipv6 route 2XXX::206::/48 Tunnel0 cod-gw01#show ip access-lists 114 Extended IP access list 114 10 permit 41 host 178.140.5.250 any (97 matches) 20 permit ip any any (1766 matches) cod-gw01# cod-gw01# cod-gw01# cod-gw01#show ip access-lists 115 Extended IP access list 115 10 permit 41 any host 178.140.5.250 20 permit ip any any cod-gw01# No, I cannot. But I verify that IPv4 packet with protocol 41 in payload successfully reach ASR1k. I create access-list 114 for this and attach it to interface on ASR1k where packets come from the network. interface Loopback10 description 6RD ip address 192.88.98.127 255.255.255.255 ! interface Tunnel0 no ip address no ip redirects ipv6 address 2XXX::206::1/128 anycast tunnel source Loopback10 tunnel mode ipv6ip 6rd tunnel 6rd ipv4 prefix-len 16 tunnel 6rd prefix 2XXX::206::/48 ! interface GigabitEthernet0/0/1.531 encapsulation dot1Q 531 ip address XX.YY.255.210 255.255.255.252 ip access-group 114 in no ip redirects no ip unreachables no ip proxy-arp ip virtual-reassembly ipv6 route 2XXX::206::/48 Tunnel0 cod-gw01#show ip access-lists 114 Extended IP access list 114 10 permit 41 host AA.BB.140.250 any (4 matches) 20 permit ip any any (32 matches) I ping IPv6 anycast address 2XXX::206::1 from 6rd client and got 4 matches (default ping packet count), please see output above. Debug ipv6 icmp show only node advetisment and node solicitation not for my host. Harold Ritter пишет: Can you at least ping the BR IPv6 Anycast address (2XXX::206::/128)? Regards Le 11-10-31 09:19, « Ruslan Pustovoytov » ru...@inbox.ru a écrit : I change 6rd relay IPv4 address 192.88.99.127 to 192.88.98.127 in BR config (loopback10) and windiws 6to4 relay. The picture is the same, ICMPv6 packet successfully going through the network and egressing from the last iface directly connected to ASR. But I don't see this packets in debug output. Harold Ritter (hritter) пишет: Could you try using a prefix other than 192.88.99.0/24 and see if it makes a diffrence. Envoyé de mon iPhone Le 2011-10-31 à 02:15, Ruslan Pustovoytov ru...@inbox.ru a écrit : 1. Ok. 2. Exactly. Harold Ritter пишет: Hi Ruslan, Two things: 1. It would be safer not to use the 192.88.99/24 prefix for this purpose, as this prefix has been reserved for the 6to4 relay anycast address (RFC3068). 2. According to the information below, the BR will try to forward the return traffic to 192.88.5.250 (prefix 192.88 + suffix = 0x5fa = 5.250). Is this the address assigned to the Windows7 Ethernet interface? Regards *Ruslan Pustovoytov ru...@inbox.ru mailto:ru...@inbox.ru* Envoyé par : cisco-nsp-boun...@puck.nether.net mailto:cisco-nsp-boun...@puck.nether.net 27/10/2011 09:42 AM A Harold Ritter hrit...@cisco.com mailto:hrit...@cisco.com cc cisco-nsp@puck.nether.net mailto:cisco-nsp@puck.nether.net Objet Re: [c-nsp] 6rd on ASR1k Excuse me for a long delay. I check all of my configuration on client and BR. In my lab I have no native 6RD client so I use Windows machine with some hack. My client is Windows7 and I use it's 6to4 adapter to emulate 6RD functionality. When I assign real IPv4 address to Local Area network adapter, 6to4 adapter became functional. Then delete automatic 6to4 IPv6 address (2002:) and add new IPv6 address accordingly to 6RD rules. Also change default 6to4 relay to my 6RD relay IPv4 address (192.88.99.127) Tunnel 6TO4 Adapter: IPv6-address. . . . . . . . . . . . : 2XXX::206:5fa::abca Default gateway. . . . . . . . . : 2002:c058:637f::1 My prefix-length for 6RD
Re: [c-nsp] 6rd on ASR1k
I use 178.140.5.250 IPv4 address on workstation. It is not changed. What is the reason to change it? Ruslan, I meant the IPv4 address you use on the workstation. Could you please let us know what it is. Regards Le 11-11-01 02:53, « Ruslan Pustovoytov » ru...@inbox.ru a écrit : Did you mean IPv4 6RD relay address ? Yes, I changed it from 192.88.99.127 to 192.88.98.127 Did you also change the IPv4 prefix you use on the workstation? Le 11-10-31 09:19, « Ruslan Pustovoytov » ru...@inbox.ru a écrit : I change 6rd relay IPv4 address 192.88.99.127 to 192.88.98.127 in BR config (loopback10) and windiws 6to4 relay. The picture is the same, ICMPv6 packet successfully going through the network and egressing from the last iface directly connected to ASR. But I don't see this packets in debug output. Harold Ritter (hritter) пишет: Could you try using a prefix other than 192.88.99.0/24 and see if it makes a diffrence. Envoyé de mon iPhone Le 2011-10-31 à 02:15, Ruslan Pustovoytov ru...@inbox.ru a écrit : 1. Ok. 2. Exactly. Harold Ritter пишет: Hi Ruslan, Two things: 1. It would be safer not to use the 192.88.99/24 prefix for this purpose, as this prefix has been reserved for the 6to4 relay anycast address (RFC3068). 2. According to the information below, the BR will try to forward the return traffic to 192.88.5.250 (prefix 192.88 + suffix = 0x5fa = 5.250). Is this the address assigned to the Windows7 Ethernet interface? Regards *Ruslan Pustovoytov ru...@inbox.ru mailto:ru...@inbox.ru* Envoyé par : cisco-nsp-boun...@puck.nether.net mailto:cisco-nsp-boun...@puck.nether.net 27/10/2011 09:42 AM A Harold Ritter hrit...@cisco.com mailto:hrit...@cisco.com cc cisco-nsp@puck.nether.net mailto:cisco-nsp@puck.nether.net Objet Re: [c-nsp] 6rd on ASR1k Excuse me for a long delay. I check all of my configuration on client and BR. In my lab I have no native 6RD client so I use Windows machine with some hack. My client is Windows7 and I use it's 6to4 adapter to emulate 6RD functionality. When I assign real IPv4 address to Local Area network adapter, 6to4 adapter became functional. Then delete automatic 6to4 IPv6 address (2002:) and add new IPv6 address accordingly to 6RD rules. Also change default 6to4 relay to my 6RD relay IPv4 address (192.88.99.127) Tunnel 6TO4 Adapter: IPv6-address. . . . . . . . . . . . : 2XXX::206:5fa::abca Default gateway. . . . . . . . . : 2002:c058:637f::1 My prefix-length for 6RD config in BR is 16 bit. So, only left two octets of IPv4 address coded into 6RD IPv6 address. I add default route for IPv6 family via command: netsh interface ipv6add route ::/0 6to4 2002:0c58:637f::1 Route table looks like this: IPv6 таблица маршрута = == Ðктивные маршруты: Метрика Сетевой адреÑШлюз 13281 ::/0 2002:c058:637f::1 1306 ::1/128 On-link 12 58 2001::/32On-link 12306 2001:0:5ef5:79fd:8f5:2c30:4d73:fa05/128 On-link 13 1025 2002::/16On-link 13281 2a02:2168:206:5fa::/64 On-link 13281 2a02:2168:206:5fa::abca/128 On-link 12306 fe80::/64On-link 12306 fe80::8f5:2c30:4d73:fa05/128 On-link 1306 ff00::/8 On-link 12306 ff00::/8 On-link = == ПоÑтоÑнные маршруты: Метрика Сетевой адреÑШлюз 0 4294967295 ::/0 2002:c058:637f::1 = == Then I ping 2XXX::200:800::2 address. When I did command deb ipv6 icmp on ASR I see some ICMP but its did not relevant for me. Wireshark on Windows 6RD client show me that all ICMP packet envelop with right IPv4 header and successfully leaving the host. Also last interface in my network directly attached to ASR show increments on egress direction in packet filter with protocol 41 in payload as mask value when I pinging. Harold Ritter пишет: Ruslan, Just to make sure, do you have a default route on the 6rd client pointing at the 6rd BR? Since you are pinging the ASR1k itself, could you please run a deb ipv6 icmp on the ASR to see if the ICMP packets are received. Regards Le 11-10-14 01:57, « Ruslan Pustovoitov » ru...@mostelekom.net mailto:ru...@mostelekom.net a écrit : Hi Harold ! This is my config relevant to 6rd. Also, I don't know how to debug packets with protocol 41 in IP payload in ASR. Debug
Re: [c-nsp] 6rd on ASR1k
1. Ok. 2. Exactly. Harold Ritter пишет: Hi Ruslan, Two things: 1. It would be safer not to use the 192.88.99/24 prefix for this purpose, as this prefix has been reserved for the 6to4 relay anycast address (RFC3068). 2. According to the information below, the BR will try to forward the return traffic to 192.88.5.250 (prefix 192.88 + suffix = 0x5fa = 5.250). Is this the address assigned to the Windows7 Ethernet interface? Regards *Ruslan Pustovoytov ru...@inbox.ru mailto:ru...@inbox.ru* Envoyé par : cisco-nsp-boun...@puck.nether.net mailto:cisco-nsp-boun...@puck.nether.net 27/10/2011 09:42 AM A Harold Ritter hrit...@cisco.com mailto:hrit...@cisco.com cc cisco-nsp@puck.nether.net mailto:cisco-nsp@puck.nether.net Objet Re: [c-nsp] 6rd on ASR1k Excuse me for a long delay. I check all of my configuration on client and BR. In my lab I have no native 6RD client so I use Windows machine with some hack. My client is Windows7 and I use it's 6to4 adapter to emulate 6RD functionality. When I assign real IPv4 address to Local Area network adapter, 6to4 adapter became functional. Then delete automatic 6to4 IPv6 address (2002:) and add new IPv6 address accordingly to 6RD rules. Also change default 6to4 relay to my 6RD relay IPv4 address (192.88.99.127) Tunnel 6TO4 Adapter: IPv6-address. . . . . . . . . . . . : 2XXX::206:5fa::abca Default gateway. . . . . . . . . : 2002:c058:637f::1 My prefix-length for 6RD config in BR is 16 bit. So, only left two octets of IPv4 address coded into 6RD IPv6 address. I add default route for IPv6 family via command: netsh interface ipv6add route ::/0 6to4 2002:0c58:637f::1 Route table looks like this: IPv6 таблица маршрута === Активные маршруты: Метрика Сетевой адресШлюз 13281 ::/0 2002:c058:637f::1 1306 ::1/128 On-link 12 58 2001::/32On-link 12306 2001:0:5ef5:79fd:8f5:2c30:4d73:fa05/128 On-link 13 1025 2002::/16On-link 13281 2a02:2168:206:5fa::/64 On-link 13281 2a02:2168:206:5fa::abca/128 On-link 12306 fe80::/64On-link 12306 fe80::8f5:2c30:4d73:fa05/128 On-link 1306 ff00::/8 On-link 12306 ff00::/8 On-link === Постоянные маршруты: Метрика Сетевой адресШлюз 0 4294967295 ::/0 2002:c058:637f::1 === Then I ping 2XXX::200:800::2 address. When I did command deb ipv6 icmp on ASR I see some ICMP but its did not relevant for me. Wireshark on Windows 6RD client show me that all ICMP packet envelop with right IPv4 header and successfully leaving the host. Also last interface in my network directly attached to ASR show increments on egress direction in packet filter with protocol 41 in payload as mask value when I pinging. Harold Ritter пишет: Ruslan, Just to make sure, do you have a default route on the 6rd client pointing at the 6rd BR? Since you are pinging the ASR1k itself, could you please run a deb ipv6 icmp on the ASR to see if the ICMP packets are received. Regards Le 11-10-14 01:57, « Ruslan Pustovoitov » ru...@mostelekom.net mailto:ru...@mostelekom.net a écrit : Hi Harold ! This is my config relevant to 6rd. Also, I don't know how to debug packets with protocol 41 in IP payload in ASR. Debug in form debug ip packet #access-list do not working for non software routers. interface Loopback10 description 6RD_Relay ip address 192.88.99.127 255.255.255.255 ! interface Tunnel0 no ip address no ip redirects ipv6 address 2XXX::206::/128 anycast tunnel source Loopback10 tunnel mode ipv6ip 6rd tunnel 6rd ipv4 prefix-len 16 tunnel 6rd prefix 2XXX::206::/48 ! ! Incoming interface for IPv6 encapsulated in IPv4 packets interface GigabitEthernet0/0/1.531 encapsulation dot1Q 531 ip address ZZZ.ZZZ.255.210 255.255.255.252 no ip redirects no ip unreachables no ip proxy-arp ! interface GigabitEthernet0/0/0.550 encapsulation dot1Q 550 ipv6 address 2XXX::200:800::2/126 ipv6 nd ra suppress ! ipv6 route 2XXX::206::/48 Tunnel0 I try to ping 2XXX::200:800::2 This is the local IPv6 address for ASR. Harold Ritter пишет: Ruslan, Can you provide the BR config and the address you are trying to ping. Regards Le 11-10-07 04:40, « Ruslan Pustovoitov » ru...@mostelekom.net mailto:ru...@mostelekom.net a écrit : Hi all I try to setup 6rd on asr1k accordingly to http://docwiki.cisco.com/wiki/6rd_Configuration_Example Then I ping6 IPv6 host from client
Re: [c-nsp] 6rd on ASR1k
I change 6rd relay IPv4 address 192.88.99.127 to 192.88.98.127 in BR config (loopback10) and windiws 6to4 relay. The picture is the same, ICMPv6 packet successfully going through the network and egressing from the last iface directly connected to ASR. But I don't see this packets in debug output. Harold Ritter (hritter) пишет: Could you try using a prefix other than 192.88.99.0/24 and see if it makes a diffrence. Envoyé de mon iPhone Le 2011-10-31 à 02:15, Ruslan Pustovoytov ru...@inbox.ru a écrit : 1. Ok. 2. Exactly. Harold Ritter пишет: Hi Ruslan, Two things: 1. It would be safer not to use the 192.88.99/24 prefix for this purpose, as this prefix has been reserved for the 6to4 relay anycast address (RFC3068). 2. According to the information below, the BR will try to forward the return traffic to 192.88.5.250 (prefix 192.88 + suffix = 0x5fa = 5.250). Is this the address assigned to the Windows7 Ethernet interface? Regards *Ruslan Pustovoytov ru...@inbox.ru mailto:ru...@inbox.ru* Envoyé par : cisco-nsp-boun...@puck.nether.net mailto:cisco-nsp-boun...@puck.nether.net 27/10/2011 09:42 AM A Harold Ritter hrit...@cisco.com mailto:hrit...@cisco.com cc cisco-nsp@puck.nether.net mailto:cisco-nsp@puck.nether.net Objet Re: [c-nsp] 6rd on ASR1k Excuse me for a long delay. I check all of my configuration on client and BR. In my lab I have no native 6RD client so I use Windows machine with some hack. My client is Windows7 and I use it's 6to4 adapter to emulate 6RD functionality. When I assign real IPv4 address to Local Area network adapter, 6to4 adapter became functional. Then delete automatic 6to4 IPv6 address (2002:) and add new IPv6 address accordingly to 6RD rules. Also change default 6to4 relay to my 6RD relay IPv4 address (192.88.99.127) Tunnel 6TO4 Adapter: IPv6-address. . . . . . . . . . . . : 2XXX::206:5fa::abca Default gateway. . . . . . . . . : 2002:c058:637f::1 My prefix-length for 6RD config in BR is 16 bit. So, only left two octets of IPv4 address coded into 6RD IPv6 address. I add default route for IPv6 family via command: netsh interface ipv6add route ::/0 6to4 2002:0c58:637f::1 Route table looks like this: IPv6 таблица маршрута === Ðктивные маршруты: Метрика Сетевой адреÑШлюз 13281 ::/0 2002:c058:637f::1 1306 ::1/128 On-link 12 58 2001::/32On-link 12306 2001:0:5ef5:79fd:8f5:2c30:4d73:fa05/128 On-link 13 1025 2002::/16On-link 13281 2a02:2168:206:5fa::/64 On-link 13281 2a02:2168:206:5fa::abca/128 On-link 12306 fe80::/64On-link 12306 fe80::8f5:2c30:4d73:fa05/128 On-link 1306 ff00::/8 On-link 12306 ff00::/8 On-link === ПоÑтоÑнные маршруты: Метрика Сетевой адреÑШлюз 0 4294967295 ::/0 2002:c058:637f::1 === Then I ping 2XXX::200:800::2 address. When I did command deb ipv6 icmp on ASR I see some ICMP but its did not relevant for me. Wireshark on Windows 6RD client show me that all ICMP packet envelop with right IPv4 header and successfully leaving the host. Also last interface in my network directly attached to ASR show increments on egress direction in packet filter with protocol 41 in payload as mask value when I pinging. Harold Ritter пишет: Ruslan, Just to make sure, do you have a default route on the 6rd client pointing at the 6rd BR? Since you are pinging the ASR1k itself, could you please run a deb ipv6 icmp on the ASR to see if the ICMP packets are received. Regards Le 11-10-14 01:57, « Ruslan Pustovoitov » ru...@mostelekom.net mailto:ru...@mostelekom.net a écrit : Hi Harold ! This is my config relevant to 6rd. Also, I don't know how to debug packets with protocol 41 in IP payload in ASR. Debug in form debug ip packet #access-list do not working for non software routers. interface Loopback10 description 6RD_Relay ip address 192.88.99.127 255.255.255.255 ! interface Tunnel0 no ip address no ip redirects ipv6 address 2XXX::206::/128 anycast tunnel source Loopback10 tunnel mode ipv6ip 6rd tunnel 6rd ipv4 prefix-len 16 tunnel 6rd prefix 2XXX::206::/48 ! ! Incoming interface for IPv6 encapsulated in IPv4 packets interface GigabitEthernet0/0/1.531 encapsulation dot1Q 531 ip address ZZZ.ZZZ.255.210 255.255.255.252 no ip redirects no ip unreachables no ip proxy-arp ! interface GigabitEthernet0/0/0.550 encapsulation dot1Q 550
Re: [c-nsp] 6rd on ASR1k
Excuse me for a long delay. I check all of my configuration on client and BR. In my lab I have no native 6RD client so I use Windows machine with some hack. My client is Windows7 and I use it's 6to4 adapter to emulate 6RD functionality. When I assign real IPv4 address to Local Area network adapter, 6to4 adapter became functional. Then delete automatic 6to4 IPv6 address (2002:) and add new IPv6 address accordingly to 6RD rules. Also change default 6to4 relay to my 6RD relay IPv4 address (192.88.99.127) Tunnel 6TO4 Adapter: IPv6-address. . . . . . . . . . . . : 2XXX::206:5fa::abca Default gateway. . . . . . . . . : 2002:c058:637f::1 My prefix-length for 6RD config in BR is 16 bit. So, only left two octets of IPv4 address coded into 6RD IPv6 address. I add default route for IPv6 family via command: netsh interface ipv6add route ::/0 6to4 2002:0c58:637f::1 Route table looks like this: IPv6 таблица маршрута === Активные маршруты: Метрика Сетевой адресШлюз 13281 ::/0 2002:c058:637f::1 1306 ::1/128 On-link 12 58 2001::/32On-link 12306 2001:0:5ef5:79fd:8f5:2c30:4d73:fa05/128 On-link 13 1025 2002::/16On-link 13281 2a02:2168:206:5fa::/64 On-link 13281 2a02:2168:206:5fa::abca/128 On-link 12306 fe80::/64On-link 12306 fe80::8f5:2c30:4d73:fa05/128 On-link 1306 ff00::/8 On-link 12306 ff00::/8 On-link === Постоянные маршруты: Метрика Сетевой адресШлюз 0 4294967295 ::/0 2002:c058:637f::1 === Then I ping 2XXX::200:800::2 address. When I did command deb ipv6 icmp on ASR I see some ICMP but its did not relevant for me. Wireshark on Windows 6RD client show me that all ICMP packet envelop with right IPv4 header and successfully leaving the host. Also last interface in my network directly attached to ASR show increments on egress direction in packet filter with protocol 41 in payload as mask value when I pinging. Harold Ritter пишет: Ruslan, Just to make sure, do you have a default route on the 6rd client pointing at the 6rd BR? Since you are pinging the ASR1k itself, could you please run a deb ipv6 icmp on the ASR to see if the ICMP packets are received. Regards Le 11-10-14 01:57, « Ruslan Pustovoitov » ru...@mostelekom.net a écrit : Hi Harold ! This is my config relevant to 6rd. Also, I don't know how to debug packets with protocol 41 in IP payload in ASR. Debug in form debug ip packet #access-list do not working for non software routers. interface Loopback10 description 6RD_Relay ip address 192.88.99.127 255.255.255.255 ! interface Tunnel0 no ip address no ip redirects ipv6 address 2XXX::206::/128 anycast tunnel source Loopback10 tunnel mode ipv6ip 6rd tunnel 6rd ipv4 prefix-len 16 tunnel 6rd prefix 2XXX::206::/48 ! ! Incoming interface for IPv6 encapsulated in IPv4 packets interface GigabitEthernet0/0/1.531 encapsulation dot1Q 531 ip address ZZZ.ZZZ.255.210 255.255.255.252 no ip redirects no ip unreachables no ip proxy-arp ! interface GigabitEthernet0/0/0.550 encapsulation dot1Q 550 ipv6 address 2XXX::200:800::2/126 ipv6 nd ra suppress ! ipv6 route 2XXX::206::/48 Tunnel0 I try to ping 2XXX::200:800::2 This is the local IPv6 address for ASR. Harold Ritter пишет: Ruslan, Can you provide the BR config and the address you are trying to ping. Regards Le 11-10-07 04:40, « Ruslan Pustovoitov » ru...@mostelekom.net a écrit : Hi all I try to setup 6rd on asr1k accordingly to http://docwiki.cisco.com/wiki/6rd_Configuration_Example Then I ping6 IPv6 host from client and see that IPv6 packet envelops in IPv4 with right IPv4 destination (6rd relay IPv4 address). This IPv4 packet seccessfully reach asr1k and nothing else. Packets silently disappear. The output of show tunnel 6rd tunnel 0Interface Tunnel0 dont show any counters info: Tunnel Source: 192.88.99.127 6RD: Operational, V6 Prefix: 2YYY::206::/48 V4 Prefix, Length: 16, Value: 192.88.0.0 V4 Suffix, Length: 0, Value: 0.0.0.0 General Prefix: 2YYY::206:637F::/64 Also, I don't see any IPv6 packet going from asr1k to IPv6 directly connected host where I run tcpdump. Client seccessfully pinging 6rd relay 192.88.99.127 ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/ ___ cisco-nsp mailing list
[c-nsp] DOM support on catalyst 4948 10GE
Hi all I need for digital diagnostic monitoring 10GE ports on Catalyst 4948 10GE switch. I check cisco web site - http://www.cisco.com/en/US/docs/interfaces_modules/transceiver_modules/compatibility/matrix/OL_6974.html and see that recommended ios is 12.2.54SG. Current rommon version.is 12.2(31r)SGA1. It is compatible with ios 12.2.54SG. When I try to upgrade ios from 12.2.46SG to 12.2.54SG, switch is stayed in rommon with error Unexpected error in rommon on console. Where I did the error ? ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] high performance open source DHCP solution?
Also you can increase lease-time, or create pool of servers and add these servers in your relay agent configuration. Lincoln Dale ?: On 20/07/2011, at 12:24 PM, Rogelio wrote: The free DHCP solution, ISC, seems to be having scaling issues (i.e. handling only about 200 DHCPDISCOVER and 20 DHCPRENEW requests), and I was wondering if anyone had any open source suggestions of solutions that could scale much better? (Ideally, I could find a free version of a solution like Nominum, but I know that's asking for much.) Anyone have any suggestions? one suggestion i have is that i'd be surprised if the ISC DHCP server is somehow limited to the 200 / 20 numbers you state. the order of 200 requests/sec is a round number that is awfully close to the IOPS of a modern 7200rpm drive. which makes me think that the ISC code is likely doing a fsync() and thats why you're seeing this magic 200 number. a simple way to make it go faster would be to try it out on a SSD. but likely there are options for tuning said dhcp server code such that it delays or batches fsync, or can operate with an in-memory index instead. all of the above is pure speculation. i neither run a DHCP server or infrastrcture, but i have had experience in tuning systems that require consistently stored persistent data. cheers, lincoln. ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/ ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] Bandwidth usage per Queue (7600)
This is not possible on 67xx line card. This card have only dropped statistics via show queueing int XXX ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] SCE 8000 with 2*SCM-E
Mikhail, I have no 3.5.5 soft. Our cisco partner give me release notes for 3.6.0 where cisco announce 30gig performance and 16M flows for 2 SCME So, I do not see any reason to stay on 3.5.5 Did it work on SCOS 3.5.5 or only in 3.6? On 22 April 2010 17:16, Ruslan Pustovoytov ru...@inbox.ru mailto:ru...@inbox.ru wrote: Yes. Did anyone try 2 SCME-E modules in one cassis with new software? On 22 April 2010 15:41, Ruslan Pustovoytov ru...@inbox.ru mailto:ru...@inbox.ru mailto:ru...@inbox.ru mailto:ru...@inbox.ru wrote: We test this release in production from 20 april. I see that bypass do not work if I take out any optics from SIP. It work only when I reload SCE or take out SIP from chassis. But I have no big experience with SCE. Did anybody try this release in production? 2010/4/17 Yann Gauteron ygaute...@gmail.com mailto:ygaute...@gmail.com mailto:ygaute...@gmail.com mailto:ygaute...@gmail.com 3.6 is out since Tuesday this week :-) 2010/3/18 Mikhail Schedrin msched...@gmail.com mailto:msched...@gmail.com mailto:msched...@gmail.com mailto:msched...@gmail.com Sorry that I didn't answer so much time. As I got to know from cisco engineers 2 SCMs are supported only by software 3.6 that hasn't released yet. I did open TAC case, they don't know that 2 SCMs are not suported by 3.5.5. They also do not have 2 SCMs in a lab to test it :( On 3 March 2010 19:17, Ghattas Jacob gates...@gmail.com mailto:gates...@gmail.com mailto:gates...@gmail.com mailto:gates...@gmail.com wrote: Mikhail, Be sure both sce have the same pkg installed before you insert the second one to the sce. Which version are you running as it should be 3.6 and higher... Jacob On Wed, Mar 3, 2010 at 5:17 PM, Arie Vayner (avayner) avay...@cisco.com mailto:avay...@cisco.com mailto:avay...@cisco.com mailto:avay...@cisco.comwrote: Mikhail, I recommend you open a TAC case, as this could be a hardware problem, but it requires some debugging... Arie -Original Message- From: cisco-nsp-boun...@puck.nether.net mailto:cisco-nsp-boun...@puck.nether.net mailto:cisco-nsp-boun...@puck.nether.net mailto:cisco-nsp-boun...@puck.nether.net [mailto:cisco-nsp-boun...@puck.nether.net mailto:cisco-nsp-boun...@puck.nether.net mailto:cisco-nsp-boun...@puck.nether.net mailto:cisco-nsp-boun...@puck.nether.net] On Behalf Of Mikhail Schedrin Sent: Wednesday, March 03, 2010 11:46 To: cisco-nsp@puck.nether.net mailto:cisco-nsp@puck.nether.net mailto:cisco-nsp@puck.nether.net mailto:cisco-nsp@puck.nether.net Subject: [c-nsp] SCE 8000 with 2*SCM-E Hi. Does anybody have the experince of using SCE8000 with two SCM-E modules? We got the second SCM-E couple of days ago and SCE always boots in recovery mode, when I install the second module. I could not find any documentation about installing and configuring the second SCM-E, I think it should work out
Re: [c-nsp] SCE 8000 with 2*SCM-E
We test this release in production from 20 april. I see that bypass do not work if I take out any optics from SIP. It work only when I reload SCE or take out SIP from chassis. But I have no big experience with SCE. Did anybody try this release in production? 2010/4/17 Yann Gauteron ygaute...@gmail.com 3.6 is out since Tuesday this week :-) 2010/3/18 Mikhail Schedrin msched...@gmail.com Sorry that I didn't answer so much time. As I got to know from cisco engineers 2 SCMs are supported only by software 3.6 that hasn't released yet. I did open TAC case, they don't know that 2 SCMs are not suported by 3.5.5. They also do not have 2 SCMs in a lab to test it :( On 3 March 2010 19:17, Ghattas Jacob gates...@gmail.com wrote: Mikhail, Be sure both sce have the same pkg installed before you insert the second one to the sce. Which version are you running as it should be 3.6 and higher... Jacob On Wed, Mar 3, 2010 at 5:17 PM, Arie Vayner (avayner) avay...@cisco.comwrote: Mikhail, I recommend you open a TAC case, as this could be a hardware problem, but it requires some debugging... Arie -Original Message- From: cisco-nsp-boun...@puck.nether.net [mailto:cisco-nsp-boun...@puck.nether.net] On Behalf Of Mikhail Schedrin Sent: Wednesday, March 03, 2010 11:46 To: cisco-nsp@puck.nether.net Subject: [c-nsp] SCE 8000 with 2*SCM-E Hi. Does anybody have the experince of using SCE8000 with two SCM-E modules? We got the second SCM-E couple of days ago and SCE always boots in recovery mode, when I install the second module. I could not find any documentation about installing and configuring the second SCM-E, I think it should work out of the box. Actually it does not. ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/ ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/ -- С уважением, Щедрин Михаил Начальник отдела ТП2 SkyNet Telecom http://sknt.ru Санкт-Петербург тел. +7 812 600-75-35 ext. 554 моб. +7 911 934-79-83 ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/ ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] SCE 8000 with 2*SCM-E
Yes. Did anyone try 2 SCME-E modules in one cassis with new software? On 22 April 2010 15:41, Ruslan Pustovoytov ru...@inbox.ru mailto:ru...@inbox.ru wrote: We test this release in production from 20 april. I see that bypass do not work if I take out any optics from SIP. It work only when I reload SCE or take out SIP from chassis. But I have no big experience with SCE. Did anybody try this release in production? 2010/4/17 Yann Gauteron ygaute...@gmail.com mailto:ygaute...@gmail.com 3.6 is out since Tuesday this week :-) 2010/3/18 Mikhail Schedrin msched...@gmail.com mailto:msched...@gmail.com Sorry that I didn't answer so much time. As I got to know from cisco engineers 2 SCMs are supported only by software 3.6 that hasn't released yet. I did open TAC case, they don't know that 2 SCMs are not suported by 3.5.5. They also do not have 2 SCMs in a lab to test it :( On 3 March 2010 19:17, Ghattas Jacob gates...@gmail.com mailto:gates...@gmail.com wrote: Mikhail, Be sure both sce have the same pkg installed before you insert the second one to the sce. Which version are you running as it should be 3.6 and higher... Jacob On Wed, Mar 3, 2010 at 5:17 PM, Arie Vayner (avayner) avay...@cisco.com mailto:avay...@cisco.comwrote: Mikhail, I recommend you open a TAC case, as this could be a hardware problem, but it requires some debugging... Arie -Original Message- From: cisco-nsp-boun...@puck.nether.net mailto:cisco-nsp-boun...@puck.nether.net [mailto:cisco-nsp-boun...@puck.nether.net mailto:cisco-nsp-boun...@puck.nether.net] On Behalf Of Mikhail Schedrin Sent: Wednesday, March 03, 2010 11:46 To: cisco-nsp@puck.nether.net mailto:cisco-nsp@puck.nether.net Subject: [c-nsp] SCE 8000 with 2*SCM-E Hi. Does anybody have the experince of using SCE8000 with two SCM-E modules? We got the second SCM-E couple of days ago and SCE always boots in recovery mode, when I install the second module. I could not find any documentation about installing and configuring the second SCM-E, I think it should work out of the box. Actually it does not. ___ cisco-nsp mailing list cisco-nsp@puck.nether.net mailto:cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/ ___ cisco-nsp mailing list cisco-nsp@puck.nether.net mailto:cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/ -- С уважением, Щедрин Михаил Начальник отдела ТП2 SkyNet Telecom http://sknt.ru Санкт-Петербург тел. +7 812 600-75-35 ext. 554 моб. +7 911 934-79-83 ___ cisco-nsp mailing list cisco-nsp@puck.nether.net mailto:cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp