I am running one 6509 as a core router:
IOS: SXF15a
1x WS-SUP720-3BXL
1x WS-X6748-GE-TX
2x WS-X6704-10GE
On this core I am doing BGP with 2 upstreams (full BGP table IN) and
10 downstreams (full BGP table OUT).
I am also doing OSPF with 4 other core routers in this AS.
On top of that there is
May be you should try to find out what is the reason of the packet loss?
Is there a high CPU load? Do you have control-plane configured? Do you
have traffic congestion? May be you don't really need to redesing you
network.
Andy B. wrote:
I am running one 6509 as a core router:
IOS: SXF15a
CPU load is fairly normal at 20-30%
No congestion. Most links are under 50%.
I have no Control Plane Policies in place, but I have already been
advised to do so - this might help, right?
Redesigning the network and shifting the busy (uncongested!) VLAN to
another router seemed like the only
Two key advantages:
- Technical: FCoE, vPC
- Management: you needn't to manage N2Ks
R/
Manu
On Tue, Feb 9, 2010 at 11:40 AM, Livio Zanol Puppim
livio.zanol.pup...@gmail.com wrote:
Yeah, You are right.
But I would like to use my nexus 5000 10GE/FCoE ports just for access
servers, maximizing
Neus 2000 does not have FCoE.
2010/2/9 Manu Chao linux.ya...@gmail.com
Two key advantages:
- Technical: FCoE, vPC
- Management: you needn't to manage N2Ks
R/
Manu
On Tue, Feb 9, 2010 at 11:40 AM, Livio Zanol Puppim
livio.zanol.pup...@gmail.com wrote:
Yeah, You are right.
But I
On (2010-02-09 13:21 +0100), Andy B. wrote:
CPU load is fairly normal at 20-30%
What is more important if this is process or interrupt. 'show proc cpu' you
have x/y, y is interrupt and should be 0, if not, you are software switching
something due to misconfiguration or software defect.
No
On 09/02/10 12:21, Andy B. wrote:
CPU load is fairly normal at 20-30%
Is this average or during a performance event? What about the SP and any
DFC CPUs?
What linecards do you have in the box?
No congestion. Most links are under 50%.
I have no Control Plane Policies in place, but I have
Hello Nick,
AFAIK show stats command doesn't exist??
If you mean show interfaces stats command then you have following
description in CCO:
Chars In: Number of characters received in each switching mechanism
Chars Out: Number of characters sent out each switching mechanism
I assume we are
I think I am not software switching:
CPU utilization for five seconds: 19%/5%; one minute: 46%; five minutes: 42%
PID Runtime(ms) Invoked uSecs 5Sec 1Min 5Min TTY Process
6 426848940 21297160 20042 2.71% 1.01% 1.23% 0 Check heaps
123 821446324 874103795939
On (2010-02-09 13:56 +0100), Andy B. wrote:
I think I am not software switching:
CPU utilization for five seconds: 19%/5%; one minute: 46%; five minutes: 42%
Could you try to catch this when the five second value is 40% so we'll see
what is causing the load. Currently what ever is happening,
Correct, not yet
On Tue, Feb 9, 2010 at 1:37 PM, Livio Zanol Puppim
livio.zanol.pup...@gmail.com wrote:
Neus 2000 does not have FCoE.
2010/2/9 Manu Chao linux.ya...@gmail.com
Two key advantages:
- Technical: FCoE, vPC
- Management: you needn't to manage N2Ks
R/
Manu
On Tue, Feb 9,
On Tue, Feb 9, 2010 at 1:50 PM, Phil Mayers p.may...@imperial.ac.uk wrote:
CPU load is fairly normal at 20-30%
Is this average or during a performance event? What about the SP and any DFC
CPUs?
This is average. Performance would go up to 99% if the BGP scanner is
busy, but this does not
On Tue, Feb 9, 2010 at 2:04 PM, Saku Ytti s...@ytti.fi wrote:
Could you try to catch this when the five second value is 40% so we'll see
what is causing the load. Currently what ever is happening, is not
happening.
Actually, last time when the core started to become very unresponsive,
CPU load
Are these receive addresses in the router or transit?
sh mls cef lookup x.x.160.112
sh mls cef lookup x.x.160.112 detail
from output A:123
sh mls cef adjacency entry 123 detail
#show buffers input-interface te9/1 header
Buffer information for Small buffer at 0x50070DC8
data_area
On (2010-02-09 14:30 +0100), Phibee Network Operation Center wrote:
i am search a real information on the Cisco 7401ASR :
If you have one units ;=)
I want know if this cisco are same performence that the
Cisco 7204 with a NPE 400 ?
ASR was the second product to be blessed (or cursed) with
Too much BGP and traffic for your (old) 6509 router (even if with 3BXL).
If you have the budget, i would push for Cisco ASR or Juniper M Core
R/
Manu
___
cisco-nsp mailing list cisco-nsp@puck.nether.net
On Tue, Feb 9, 2010 at 2:43 PM, Church, Charles
charles.chu...@harris.com wrote:
Is it possible the NDE on the SP is the issue? I assume it's configured to
export? What does a 'sh proc cpu hist' tell you on the RP and SP?
Chuck
I can almost certainly rule that out. Last time this happened I
For sure it may be possible to reduce/optimise the routing
But in all case you will hit the platform limit ;(
Full Internet Routing cost a lot
On Tue, Feb 9, 2010 at 2:43 PM, Church, Charles
charles.chu...@harris.comwrote:
Is it possible the NDE on the SP is the issue? I assume it's
On Tue, 9 Feb 2010, Andy B. wrote:
I am running one 6509 as a core router:
IOS: SXF15a
1x WS-SUP720-3BXL
1x WS-X6748-GE-TX
2x WS-X6704-10GE
On this core I am doing BGP with 2 upstreams (full BGP table IN) and
10 downstreams (full BGP table OUT).
I am also doing OSPF with 4 other core routers
On (2010-02-09 14:47 +0100), Manu Chao wrote:
Too much BGP and traffic for your (old) 6509 router (even if with 3BXL).
If you have the budget, i would push for Cisco ASR or Juniper M Core
There is nothing in the data that supports your remark, the routers peak
pps rate is below CFC system
Are you rate limiting ttl failures?
mls rate-limit all ttl-failure 100 10
thanks,
-Drew
-Original Message-
From: cisco-nsp-boun...@puck.nether.net
[mailto:cisco-nsp-boun...@puck.nether.net] On Behalf Of Andy B.
Sent: Tuesday, February 09, 2010 7:22 AM
To: Sergey Nikitin
Cc:
On Tue, 9 Feb 2010, Phibee Network Operation Center wrote:
It's the same IOS that Cisco 7204 ?
If it's anything like the 7120, then it won't take regular 7200 IOS
images. 7401 went EoL end of 2009 and latest IOS available on CCO seems to
be 12.4(15)T11, so you won't see any new images after
On Tue, Feb 9, 2010 at 3:13 PM, Jon Lewis jle...@lewis.org wrote:
If all of that traffic is transiting between the 6748 and 6704s, is it
possible you're filling (perhaps overfilling) the 40Gbps fabric the 6748 has
to the rest of the chassis during short traffic spikes?
The 6748 is not really
What is the output of:
show platform hardware capacity interface
show fabric utilization detail
?
Andy B. wrote:
On Tue, Feb 9, 2010 at 2:43 PM, Church, Charles
charles.chu...@harris.com wrote:
Is it possible the NDE on the SP is the issue? I assume it's configured to
export? What does a
On (2010-02-09 15:11 +0100), Manu Chao wrote:
new ASR are better ;)
Indeed, but of course 7400, ASR1k and ASR9k have nothing in common while
name might suggest so, so 'new ASR' is bit stretching it.
ASR1k is popey/QFP which is cisco IP, AFAIK based on tensilica di570t,
running IOS as process on
On Tue, Feb 9, 2010 at 3:27 PM, Sergey Nikitin oldn...@oldnick.ru wrote:
What is the output of:
show platform hardware capacity interface
show fabric utilization detail
#show platform hardware capacity interface
Interface Resources
Interface drops:
ModuleTotal drops:Tx
The Nexus 2000-5000 design does require looking at things a bit differently
than you have in the past. Data Center architecture is changing fast due to
the rapid onset of Data Center virtualization. Server Storage administrators
have been struggling with this change as well, this isn't
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Hi,
Andy B. schrieb:
I have other cores that do 40 times more BGP and they work like charm,
with the exception that they do not have a few thousand servers
connected to them. Only customers with routers.
These routers are similar to this 6509, so
J MX and T work very very well you are right
On Tue, Feb 9, 2010 at 3:19 PM, Saku Ytti s...@ytti.fi wrote:
On (2010-02-09 14:47 +0100), Manu Chao wrote:
Too much BGP and traffic for your (old) 6509 router (even if with 3BXL).
If you have the budget, i would push for Cisco ASR or Juniper
The weird part is the NDE process is still using CPU. Which netflow setting
are you using for 'mls flow ip xxx'? Since both the RP and SP CPU are
getting crushed at times, seems like more than just a punted packet issue,
since that would be primarily RP, wouldn't it?
Chuck
-Original
On 09/02/10 14:09, Manu Chao wrote:
trust me, change your design:
- Core / Internet (ASR or Juniper)
- Distribution / Datacenter (6509)
with a default dynamic route from your Core to your Distribution
I personally disagree that this is the right approach. Without taking
the time to
Can you please share following output:
show fabric utilization
On Tue, Feb 9, 2010 at 3:22 PM, Andy B. globic...@gmail.com wrote:
On Tue, Feb 9, 2010 at 3:13 PM, Jon Lewis jle...@lewis.org wrote:
If all of that traffic is transiting between the 6748 and 6704s, is it
possible you're
On Tue, Feb 9, 2010 at 4:11 PM, Manu Chao linux.ya...@gmail.com wrote:
Can you please share following output:
show fabric utilization
#show fabric utilization
slotchannel speedIngress % Egress %
2 020G72
2 120G
On Tue, Feb 9, 2010 at 4:03 PM, Church, Charles
charles.chu...@harris.com wrote:
The weird part is the NDE process is still using CPU. Which netflow setting
are you using for 'mls flow ip xxx'? Since both the RP and SP CPU are
getting crushed at times, seems like more than just a punted
Agreed ;)
The gap was huge, it is now acceptable
On Tue, Feb 9, 2010 at 3:27 PM, Saku Ytti s...@ytti.fi wrote:
On (2010-02-09 15:11 +0100), Manu Chao wrote:
new ASR are better ;)
Indeed, but of course 7400, ASR1k and ASR9k have nothing in common while
name might suggest so, so 'new ASR'
On 09/02/10 13:45, Andy B. wrote:
Are these receive addresses in the router or transit?
sh mls cef lookup x.x.160.112
sh mls cef lookup x.x.160.112 detail
from output A:123
sh mls cef adjacency entry 123 detail
#show buffers input-interface te9/1 header
Buffer information for Small buffer
My guess is that you are sporadically getting flood of glean punts which
are blocking your input buffers causing OSPF/BGP keepalives to be dropped.
I suggest increasing hold-queue input on the interfaces where you see drops
and also to implement glean rate-limit.
For long term, setup ERSPAN for
I haven't used the 'flow-aggregation ...' in the past, but it has a
destination on it still. Not sure if that's still causing exporting to
happen or not. Can you reduce the flow mask from 'interface-full' to
something like 'source' so that it will use less TCAM space?
Chuck
-Original
Hi,
On Tue, Feb 09, 2010 at 09:33:05AM -0500, Drew Weaver wrote:
Yes, the 6724 Line card can do 24 1Gbps connections, but not if you have
bursty traffic (buffer overflows)
Burst in which direction? Fabric-Line card?
(This is pretty much unavoidable for any sort of hardware if you go from
On (2010-02-09 09:33 -0500), Drew Weaver wrote:
6500s are just an awful platform and have caveats out the wazoo.
Yes, it is complex to operate successfully outside LAN environments, that
complexity may well increase OPEX past any CAPEX benefit it had.
Yes, the 3BXL will do full internet
On 09/02/10 15:03, Church, Charles wrote:
The weird part is the NDE process is still using CPU. Which netflow setting
are you using for 'mls flow ip xxx'? Since both the RP and SP CPU are
What evidence do we have for the RP and SP both being hit?
getting crushed at times, seems like more
On Tue, Feb 9, 2010 at 4:26 PM, Saku Ytti s...@ytti.fi wrote:
My guess is that you are sporadically getting flood of glean punts which
are blocking your input buffers causing OSPF/BGP keepalives to be dropped.
Excuse me for being ignorant, but what are glean punts? Should I dig
out my routing
Care to share your server farm experience?
There are many that do what you are trying to do as long as you understand
the limitations and differences in QoS/etc (compared to routers).
G1s, although being part of a software platform, are decent horsepower. If
you are looking at some
On Feb 9, 2010, at 9:26 AM, Saku Ytti wrote:
My guess is that you are sporadically getting flood of glean punts which
are blocking your input buffers causing OSPF/BGP keepalives to be dropped.
Maybe, but does SPD prioritize glean traffic vs IGP?
Dale
On (2010-02-09 17:56 +0100), Andy B. wrote:
Excuse me for being ignorant, but what are glean punts? Should I dig
out my routing for dummies book :-/
No ignorance, sorry for being so terse, just wanted to avoid rambling
on too much.
Glean are packets which need to be punted because forwarding
On Mon, Feb 8, 2010 at 11:00 AM, cisco-nsp-requ...@puck.nether.net wrote:
Subject: [c-nsp] 2811 login issues
Message-ID:
a62d17301002080611k66140bd9u35a7070a4ba6f...@mail.gmail.com
Content-Type: text/plain; charset=ISO-8859-1
I have a 2811 that stopped accepting logins from its
I was going by the 'show proc cpu hist' he gave for both the SP and RP.
Both looked pretty bad across the board.
Chuck
-Original Message-
From: cisco-nsp-boun...@puck.nether.net
[mailto:cisco-nsp-boun...@puck.nether.net] On Behalf Of Phil Mayers
Sent: Tuesday, February 09, 2010 10:56 AM
Business leaders are hearing a lot about cloud computing these days,
and it's cost advantages to the business. Yet there is a valid concern
with data privacy and security that comes with public cloud computing.
If internal IT can transform their data centers into a private cloud,
or at
On 09/02/10 16:56, Andy B. wrote:
On Tue, Feb 9, 2010 at 4:26 PM, Saku Yttis...@ytti.fi wrote:
My guess is that you are sporadically getting flood of glean punts which
are blocking your input buffers causing OSPF/BGP keepalives to be dropped.
Excuse me for being ignorant, but what are glean
On 09/02/10 17:39, Church, Charles wrote:
I was going by the 'show proc cpu hist' he gave for both the SP and RP.
Both looked pretty bad across the board.
His graphs don't look that dis-similar to mine, and we have no such
problems. The peak/avg CPU don't look so unreasonable to me given the
On Tuesday 09 February 2010 08:30:20 am Phibee Network Operation Center
wrote:
i am search a real information on the Cisco 7401ASR :
If you have one units ;=)
Have two of them here, one in use, the other in standby.
I want know if this cisco are same performence that the
Cisco 7204 with a
On Tue, Feb 9, 2010 at 11:56 AM, Andy B. globic...@gmail.com wrote:
Excuse me for being ignorant, but what are glean punts? Should I dig
out my routing for dummies book :-/
Traffic for which there is no forwarding entry. For example, an ip
that has no arp entry for the directly connected
Is there a reason no one looks at Cisco's Enterprise solution? Network
Registrar? We've been running if since before I got here (9 years) and
it has been beyond rock solid. Runs on piles of OS's and also handles
stateful DHCP extremely well. Worth a look if you ask me.
Michael Balasko
CCSP,
On 09/02/2010 19:37, Saku Ytti wrote:
I think you've gathered relevant and correct data, I don't think PFC3
supports ARP match in CoPP. So you must use MLS rate-limiter, where you
have to remember that AFAIK this is also for transit ARP which you might be
bridging as a switch.
so, this looks
On Tue, Feb 09, 2010 at 09:37:32PM +0200, Saku Ytti wrote:
I think you've gathered relevant and correct data, I don't think PFC3
supports ARP match in CoPP. So you must use MLS rate-limiter, where you
have to remember that AFAIK this is also for transit ARP which you might be
bridging as a
On (2010-02-09 20:13 +), Nick Hilliard wrote:
so, this looks like an effective attack vector for trashing sup720 RPs then
- if you have l2 access to the device. Makes a good argument for
implementing arp sponges on core paths and edges so that this cannot be
exploited remotely.
I
On (2010-02-09 14:15 -0600), Brandon Ewing wrote:
Even so, my ARP traffic would STILL hit the class-default class for the CoPP
profile, and be rate-limited before reaching the Sup, no?
MLS rate-limiters are ran before CoPP, so what ever ARP would come through
would indeed match your
On 2/9/2010 14:41, Jay Nakamura wrote:
I have not explained my situation very well so let me restart.
VPN is client VPN, not LAN to LAN. The old style IPsec Cisco VPN
client, not Anyconnect client.
Internet access on the router is on one VRF. Network we want to
access via VPN is on
On 09/02/2010 21:30, Saku Ytti wrote:
Oh cool, I wonder if it then was software issue always or if this is
new feature in PFC3C.
I think this was before the pfc3c's time; the original text is here:
http://aharp.ittns.northwestern.edu/papers/copp.html
... last edited 2005.
Nick
On Wed, Feb 03, 2010 at 05:58:12PM +0100, j.vaningensche...@utwente.nl wrote:
Things in vlan2 on the HP switch can reach the IP address of the 3550
on
vlan2 just fine, vlan2 is solid.
However, things in vlan1 on the HP switch cannot reach the IP of the
3550
on vlan1, and anything
- Original Message -
From: Livio Zanol Puppim livio.zanol.pup...@gmail.com
To: Brad Hedlund brhed...@cisco.com
Cc: Cisco NSP ((E-mail))' cisco-nsp@puck.nether.net
Sent: Tuesday, February 09, 2010 4:40 AM
Subject: Re: [c-nsp] Nexus 2000 vs Catalyst 4948 for access layer
The only REAL
- Original Message -
From: Livio Zanol Puppim livio.zanol.pup...@gmail.com
To: Brad Hedlund brhed...@cisco.com
Cc: Cisco NSP ((E-mail))' cisco-nsp@puck.nether.net
Sent: Tuesday, February 09, 2010 4:40 AM
Subject: Re: [c-nsp] Nexus 2000 vs Catalyst 4948 for access layer
Unfortunally,
Hello group,
I'm facing a strange issue with IOS Based WebVPN: when user X is connected and
then another user uses the same user X, the second
user is not able to connect but the first user looses connectivity. I have this
with IOS 12.4.24T and AC 2.3.2016 running on a 2821.
This is not
Hi,
I have multiple upstream provider, a combination of tier1 and tier2 network.
Sample:
1. AS1 - AS200 - AS30
2. AS1 - AS300 - AS30
3. AS1 - AS400 - AS20 - AS30
In the above scenario, I am using AS30 and I need to access AS1. The
outbound traffic can be force using the localpref to
On Wed, 10 Feb 2010, Sherwin Torres wrote:
1. AS1 - AS200 - AS30
2. AS1 - AS300 - AS30
3. AS1 - AS400 - AS20 - AS30
In the above scenario, I am using AS30 and I need to access AS1. The
outbound traffic can be force using the localpref to prefer which
path I can use for the outbound however, my
Ray,
My point there, put another way, is that Data Center operating costs are going
to be scrutinized more now than ever before.
Internal IT needs to get lean and mean. The real possibility of wholesale
outsourcing of Data Center applications and operations to cloud providers is
just around
Brad:
On 2/9/10 8:07 PM, Brad Hedlund brhed...@cisco.com wrote:
Ray,
My point there, put another way, is that Data Center operating costs are going
to be scrutinized more now than ever before.
They are always scrutinized by those of us supplying those services. I'm
sure there were some
Hi Sherwin,
Inbound traffic can also be altered on the basis of prefix-advertisement. If
you are advertising more specific prefix i.e. /22 or /24 (though not
recommended with tier1 service providers) your inbound traffic will always
take the desired path.
and yes as-path prepend is also an
On Wed, 10 Feb 2010, Sherwin Torres wrote:
Anyway, I agree but you might confuse on my inquiry. In the internet
cloud, there are lots of interconnected AS and if I'm going to prepend
the announcement to AS200 and AS300 - all inbound traffic will pass to
AS20 alone.
No necessarily. Based on
Dear Sherwin,
You only want to influcence the traffic coming in from AS1 and from no where
else. For that am afraid you have to contact AS1 in someway like almost all
Tier1 providers have preset community attributes tp change the traffic going
towards its peers. You have to send bgp community
Hi Jon Aftab,
Thank you very much for your inputs.
Anyway, I agree but you might confuse on my inquiry. In the internet cloud,
there are lots of interconnected AS and if I'm going to prepend the
announcement to AS200 and AS300 - all inbound traffic will pass to AS20 alone.
Actually, what I
Hi,
On Wed, Feb 10, 2010 at 01:28:46PM +0800, Sherwin Torres wrote:
Actually, what I want is - to isolate specific AS (AS1) to pass
via AS400-AS20-AS30 as the primary returned path while other AS
from the internet cloud would be still the best path going to AS30.
In some specific
72 matches
Mail list logo
