Hi,
> On 20 May 2009, at 01:46, Dan Benson wrote:
>> As strange as this sounds, I have a need to be assigned an address on a
>> Cat6500 Running IOS via dhcp (to a vlan or a dedicated port).
On Wed, May 20, 2009 at 4:39 PM, Steve Lalonde wrote:
> Not so strange.
You've got a DHCP server. Dan ne
On 20 May 2009, at 01:46, Dan Benson wrote:
As strange as this sounds, I have a need to be assigned an address
on a Cat6500 Running IOS via dhcp (to a vlan or a dedicated port).
On most routers running IOS the command syntax is, "ip address dhcp"
as just about anyone knows but on the sups
Dear All,
I m facing a problem from some clients behaving suspiciously when they
telnet to squid proxy. ( 10.4.188.180)
After TCP Syn request by client the server is responding with RST.
Wireshark logs from client is attached. Comments are invited for this case.
Thanks in advance
Ronnie
No.
On May 20, 2009, at 7:21 AM, Roland Dobbins wrote:
Unfortunately, the caveats associated with NetFlow on past and
current 6500/7600 hardware generally tend to render it unsuitable
due to the high likelihood of mls table overflow in most
circumstances, along with the lack of TCP flags and i
As strange as this sounds, I have a need to be assigned an address on
a Cat6500 Running IOS via dhcp (to a vlan or a dedicated port). On
most routers running IOS the command syntax is, "ip address dhcp" as
just about anyone knows but on the sups running IOS (tested sup1a-ge/
MSFC1, sup2 and
Hello,
Anyone can give me more information about docsis 3.0 channel bonding?
At this moment i can´t synchronize my wideband cable modem ... i´ve got
always offline status...
I use for my *primary* *downstream channel* , the cmts 520 and one of
downstreams of the Edge QAM...
I use a DTI server,
Anybody seen these messages occur frequently?
> May 18 09:19:31 box 575: May 18 08:20:37 UTC:
> %C4K_PKTPROCESSING-5-NOTAPPLYINGACL: Not applying Output Acl for packet
> udp srcHost 1.1.1.1 dstHost 2.2.2.2 tos 0 srcPort 934
> dstPort 2049
According the error decoder, they are CAM programming issu
On May 20, 2009, at 4:29 AM, Marlon Duksa wrote:
Do you know of any 'non-sampled' implementation (by vendor)
or deployment (network) where all traffic is accounted for?
Depends upon the vendor/platform, and the traffic speeds/volumes in
question.
What would you normally use for a more acc
On May 20, 2009, at 4:37 AM, sth...@nethelp.no wrote:
Cisco 6500/7600 as far as I know always does non-sampled netflow in
hardware - then the netflow may or may not be sampled before export,
depending on your configuration.
Unfortunately, the caveats associated with NetFlow on past and cur
On May 20, 2009, at 4:18 AM, sth...@nethelp.no wrote:
You should *not* use sampled netflow for accounting/billing.
It's my understanding that it's actually pretty common for sampled
NetFlow to be used for accounting and billing purposes. If one makes
use of sampled flow telemetry for th
On May 20, 2009, at 4:08 AM, Marlon Duksa wrote:
It looks to me that the accuracy of such approach is pretty bad.
To the contrary, it's quite good, and operationally useful. The
majority of NetFlow export on large, high-speed networks is sampled,
due to the sheer speed/volume of traffic
Just copied out of the Cisco doco:
*Ingress Classification and Marking at Trust CoS LAN Ports*
You should configure LAN ports to trust CoS only if they receive traffic
that carries valid Layer 2 CoS.
When an ISL frame enters the switch through a trusted ingress LAN port,
PFC QoS accepts the thr
Given that you're probably not too worried about the traffic being secured, I'd
go with GRE for a number of reasons:
1. Less overhead
2. Been around for ages, good support for it
3. Multi vendor support
4. Fairly standard and easy to understand
5. Easy to configure
Unless the packets are coming
Marlon Duksa wrote:
I see. Thanks. Do you know of any 'non-sampled' implementation (by vendor)
or deployment (network) where all traffic is accounted for? What would you
normally use for a more accurate accounting/billing?Thanks,
You can set sampling parameters not to loose any flow. But the a
> I see. Thanks. Do you know of any 'non-sampled' implementation (by vendor)
> or deployment (network) where all traffic is accounted for? What would you
> normally use for a more accurate accounting/billing?Thanks,
Cisco 6500/7600 as far as I know always does non-sampled netflow in
hardware - th
I see. Thanks. Do you know of any 'non-sampled' implementation (by vendor)
or deployment (network) where all traffic is accounted for? What would you
normally use for a more accurate accounting/billing?Thanks,
Marlon
On Tue, May 19, 2009 at 2:18 PM, wrote:
> > ok. Thanks. So there is a possibil
> ok. Thanks. So there is a possibility that some flows will never be sampled
> (accounted for). And even a bigger possibility that more packets of the same
> flow will never be sampled.
Absolutely.
> It looks to me that the accuracy of such approach is pretty bad. How can you
> use this for any
ok. Thanks. So there is a possibility that some flows will never be sampled
(accounted for). And even a bigger possibility that more packets of the same
flow will never be sampled.
It looks to me that the accuracy of such approach is pretty bad. How can you
use this for any meaningful accounting, m
> But where is this sampling coming from? Is it sampling per flow - you count
> some packet of the flow but not all? Or is it that you sample some flows
> (each sampled flow accurately counting) but not the others, and you do this
> randomly?
Deterministic sampling: Every Nth packet has flow data
What seems to be gaining popularity is a "GRE-like" tunnel with IPSec
encapsulation; Cisco calls this "IPSec VTI"; caveat is that equipment in
question may need to be Csico based.
Regards,
Ge Moua | Email: moua0...@umn.edu
Network Design Engineer
University of Minnesota | Networking & Telecomm
All,
I'm looking to setup a VPN with a couple colocation providers who are
friends of mine, and have some under utilized address space. They are
supporting some security research I am doing (a darknet/honeynet). [1]
I am exploring different options to utilize that IP space on my lab
servers
On Tue, May 19, 2009 at 3:21 PM, Brian Landers wrote:
> On Tue, May 19, 2009 at 12:27 PM, Seth Mattinen wrote:
>
>> nbernad...@gallantsys.com wrote:
>> > This is actually a DS3 Handoff to RJ45. It is coming in to the Demarc
>> > as Coax. I just want to know what interfaces can then support the
On Tue, May 19, 2009 at 12:27 PM, Seth Mattinen wrote:
> nbernad...@gallantsys.com wrote:
> > This is actually a DS3 Handoff to RJ45. It is coming in to the Demarc
> > as Coax. I just want to know what interfaces can then support the
> Handoff.
> >
Is it possible it's RJ48C instead or RJ45 an
Hi - Does anyone know what is netflow sampling? My understanding is that
when NetFlow is enabled, certain flows (determined by ACL, or all of the
flows on a port if there is no ACL) are cashed and stats for them updated.
After 'inactivity' timer expires, flow is deleted and the record exported.
Bu
Ivan's stuff is excellent. Another very good resource for BGP
is Philip Smith. He does BGP tutorials, among others, regularly
all over the world.
The last NANOG BGP multihoming session is here:
http://www.nanog.org/meetings/nanog41/abstracts.php?pt=MTQ4Jm5hbm9nNDE=&nm=nanog41
You can find
Hi Chris,
Just out of interest, what model routers are you intending to use to achieve
this? Also, are you aiming to load balance between the two peers?
James Greig
- Original Message -
From: "ChrisSerafin"
To:
Sent: Tuesday, May 19, 2009 7:00 PM
Subject: [c-nsp] 'Simple' BGP mul
I have 2 ISPs connecting at my data center at the moment, both with
simple basic static routes, and I would like to multi-home them to
provide redundancy in the event one goes down.
I have created a simple diagram here: http://chrisserafin.com/WAN-BGP.jpg
I have a few assumptions, so let me kn
Ivan Pepelnjak wrote:
I absolutely agree with Charles ... although not on the "provider will give
you the necessary details" part. I've seen some service providers that were
somewhat inadequate in that respect (trying to be diplomatic :).
Yes. That's quite true unfortunately. :(
You migh
Hmmm good point Peter. I didn't realize that it wouldn't show up in the
FIB. VLAN 101 should be a trusted interface since only NMS type of
traffic is supposed to traverse on it for this part of the network.
I'll see if there's a way to hook up a packet sniffer to that 6524 and
see if I can f
I can't answer your question about the default DSCP value without
lab-ing it, but as to the second part: yes, it's generally a good
practice to either pick a bogus/dummy VLAN for your native, or to
apply the command "vlan dot1q tag native" to force it to apply a tag
even on the native VLAN.
If you
nbernad...@gallantsys.com wrote:
> This is actually a DS3 Handoff to RJ45. It is coming in to the Demarc
> as Coax. I just want to know what interfaces can then support the Handoff.
>
How about an Ethernet card? It's been converted to something else.
~Seth
_
I have a question about QOS trust between two 6509 switches connected via a L2
802.1Q trunk with multiple VLANs. If the port is set to "trust cos", what does
the internal DSCP value get set for native frames since their isn't a COS
field? I would assume the internal DSCP value would be set to th
On Tue, 2009-05-19 at 11:57 -0400, Lobo wrote:
> I've search on Cisco's website to help understand the following message
> but I'm not 100% clear on how to find the network/router responsible for
> generating these error messages:
>
> .May 19 08:39:06.235 EDT: %MPLS_PACKET-4-NOLFDSB: MPLS packet
If you sniff that vlan do you see packets coming
in with 0x8847 on them?
If could be bogus packets with that on them and no valid
label stack behind them.
Rodney
On Tue, May 19, 2009 at 11:57:46AM -0400, Lobo wrote:
> I've search on Cisco's website to help understand the following message
> but
I've search on Cisco's website to help understand the following message
but I'm not 100% clear on how to find the network/router responsible for
generating these error messages:
.May 19 08:39:06.235 EDT: %MPLS_PACKET-4-NOLFDSB: MPLS packet received
on non MPLS enabled interface Vlan101 L3 type
1. You mention 12.2(18)SXF15 - I assume you're running native? With
"ip cef"? The "memorize the MAC address" you mentioned sounds like
the old style MLS on hybrid...
2. I've seen the "traceroute doesn't match ip route path" behavior
before, with a CEF bug. The CEF table had been holding onto
Roland Dobbins wrote:
> nfsen/nfdump is a great open-source tool - I *think* it supports
> sampling, now (anyone?).
Peter said a nfdump snapshot supporting sampling should be uploaded
sometime this week.
http://sourceforge.net/mailarchive/forum.php?thread_name=4A083998.60702%40switch.ch&forum_nam
You need to apply the marking ingress policy on the "interface vlan".
Even if it's a L2 only VLAN, you can do "interface vlan", but do not
have to configure an IP address.
This is documented here:
http://www.cisco.com/en/US/docs/switches/lan/catalyst6500/ios/12.2SX/con
figuration/guide/qos.html#wp
IT Works
Regards,
Sachin Bodkhe
DSL NOC TEAM
Bharti Airtel Services Ltd.
Seth Mattinen
Sent by: cisco-nsp-boun...@puck.nether.net
05/19/2009 02:47 AM
To
cisco-nsp@puck.nether.net
cc
Subject
Re: [c-nsp] What cisco line cards support DS3 over RJ45 interface
P Please do not pri
On Tue, May 19, 2009 at 03:28:22AM +0100, Rubens Kuhl wrote:
And even if the command exists, there is no such feature on the PFC
AFAIK, so the 6500 would be turned into a 7200...
Not quite true. I believe the feature works by punting the SYN & SYN/ACK
to the sup for modification of the MSS TCP
Marlon,
This is the same 40GB card but limited in SW to 20GB, so depending on
your BW requirements you can chose the right license.
http://www.cisco.com/en/US/products/hw/modules/ps2710/prod_eol_notice0900aecd80460709.html
Rich
On 18 May 2009, at 19:10, Marlon Duksa wrote:
Hi,
does anyone
Hello people,
recently I have discussed a problem here and there and there
is not proper solution/explanation yet so I thought I'd share
it with you:
Server
|
|
+-3548XL-+
.1q Trunk ||
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Hi Roland et al,
> On May 19, 2009, at 3:05 AM, Werner Detter wrote:
> > we use http://nfsen.sourceforge.net/
>
> nfsen/nfdump is a great open-source tool - I *think* it supports
> sampling, now (anyone?).
The stable version does not (yet), However
43 matches
Mail list logo
