We're looking to move to SXJ1, principally to support the ES+ line cards on
6500s.
IPv4 (+multicast), IPv6, BGP.
Anybody know of any issues with this?
Andy B.
-Original Message-
From: cisco-nsp-boun...@puck.nether.net
[mailto:cisco-nsp-boun...@puck.nether.net] On Behalf Of Howard
Very often customers or NMS send ICMP echo request packages to a
router physical interface, subinterface or loopback interface and
expect ICMP echo reply as a response in order to test packet loss on
the connection. How reliable are Cisco routers in terms of replying to
ICMP echo request packages?
Very often customers or NMS send ICMP echo request packages to a
router physical interface, subinterface or loopback interface and
expect ICMP echo reply as a response in order to test packet loss on
the connection. How reliable are Cisco routers in terms of replying to
ICMP echo request
Martin, as always the answer is it depends ;-)
On some platforms the ping replies are implemented on the linecards, and
works in a distributed way. Other platforms send this kind of traffic to
the CPU to be processes.
Many network operators would also implement control plane policing
policies
Do you want to strip only the outer tag? If yes, then it should be
easy... Just configure the port as a trunk, and the egress port as an
access port of the VLAN you want to send there (it would work for 1 out
tag VLAN at a time).
If you want more flexible QinQ support, you most likely need to
sth...@nethelp.no writes:
Cisco is the same. The router's job is to forward packets, not to
generate ICMP replies (whether this is due to explicit ping, or for
instance traceroute through the router).
You should *expect* that a modern router will have limitations on
how much control plane
Latency tests are often useful for debugging, and ping is an easy-to-use
and widely available tool for latency testing. Having to start an
incoming support call by explaining why a high varying latency as
measured by ping does not actually mean that something is wrong easily
wastes a
Ideal world yes, ping is a useful tool for latency testing, but it is
unfortunately abused...hardly ideal to give icmp a priority for
packets destined TO router...far more important roles for a router to
do than prioritize an icmp flood to a local int.
I am not saying that they should
The problem here is in how you and the vendor define modern. Cisco ships many
devices that require the control plane CPU to be involved in this activity.
Most platforms support a common control plane configuration, but some just do
it on that same CPU. You might as well reply to simple packets
Actually, if you are a customer, and want to measure your upstream
quality, pinging the router is not the right thing to do anyway... It
tests nothing except the direct next hop.
You should most likely have an integrated monitoring scheme:
- Ping the upstream router
- Ping some other devices
In addition to that a lot of platforms, such as Catalyst switches
perform packet forwarding in hardware by ASICs and linecards can make
forwarding decisions, so pinging the switch/router/MLS might not be
accurate at all due to special configs on the ingress/egress
interface. Also, the CPU in the
On Aug 24, 2011, at 5:12 AM, Arie Vayner (avayner) avay...@cisco.com wrote:
Do you want to strip only the outer tag? If yes, then it should be
easy... Just configure the port as a trunk, and the egress port as an
access port of the VLAN you want to send there (it would work for 1 out
tag
I have strange issue with my oc48 pos interface it carry about 300-500 Mbps
traffic even if it's shut down , I don't how it's come
this interface is connected to my bgp peer but I don't advertise/receive any
routes on this BGP session
Also applied an access list on the interface and traffic
While it would be nice if we didn't have to explain why simple
explanations are inadaquite for complex systems, this is the real world.
Simple explanations can cover 80-90 percent of the cases but there are
always cases that cant be explained easily. If equipment is designed for
optimal icmp
Yes, but one must verify that it's done in hardware. Some packets may be
punted to the CPU depending on what is being done. ASR1K with QFP performs
different than a Modern 28xx/ISR class device.
Due to the broad set of devices that Cisco offers/delivers, it's impossible to
make a general
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
Cisco Security Advisory: Denial of Service Vulnerabilities in Cisco
Intercompany Media Engine
Advisory ID: cisco-sa-20110824-ime
Revision 1.0
For Public Release 2011 August 24 1600 UTC (GMT
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
Cisco Security Advisory: Open Query Interface in Cisco Unified
Communications Manager and Cisco Unified Presence Server
Advisory ID: cisco-sa-20110824-cucm-cups
Revision 1.0
For Public Release 2011 August 24 1600 UTC (GMT
On Wednesday, August 24, 2011 01:59:54 AM Chris Gotstein
wrote:
Advanced IP Services w/ Lawful Intercept
I do have to say that we have the same feature set, less the
LI stuff.
I'm not sure whether that means anything, though, but our
configuration sounds much more dense than yours is.
Hope
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
Cisco Security Advisory: Cisco Unified Communications Manager Denial
of Service Vulnerabilities
Advisory ID: cisco-sa-20110824-cucm
Revision 1.0
For Public Release 2011 August 24 1600 UTC (GMT
Are you running 15.0 or 12.2SRE?
On 8/24/2011 11:15 AM, Mark Tinka wrote:
On Wednesday, August 24, 2011 01:59:54 AM Chris Gotstein
wrote:
Advanced IP Services w/ Lawful Intercept
I do have to say that we have the same feature set, less the
LI stuff.
I'm not sure whether that means
on an ASA is there a way to allow access via a domain name?
ASA 8.2
Currently we block all outbound internet traffic and only allow the proxy
server out. I have a request to open access to a site because the proxy is
not dealing with it well. BUT the site is hosted with Akamai technologies
so
Scott Voll wrote:
on an ASA is there a way to allow access via a domain name?
ASA 8.2
Currently we block all outbound internet traffic and only allow the proxy
server out. I have a request to open access to a site because the proxy is
not dealing with it well. BUT the site is hosted with
Hello,
I am quite new to Cisco and look for some configuration help.
We used Foundry last 5 years and now started to add/integrate 7600/6500
boxes to the existing network.
What I am searching for is a Cisco/IOS version of Foundry style hardcoded
QinQ transport vlan like:
vlan 123
tagged e 1/1
Is it planned to make more than one member link be supported in IOS-XE
3.4 with MLPoE ?
On 22-8-2011 15:55, Andrew K. wrote:
We were having issues using an ASR1002-F and ASR1002 as an LNS
termination L2TP/PTA sessions.
This has been fixed in the latest IOS release, the bugID for this
issue
Here is what the TAC SE replied when I asked him.
Hi Andrew,
No such information is available but you can check in feature list for
the support.
Check with your NCE or account manager if they can contact DE as this is
new design.
Thanks,
On 8/24/2011 3:15 PM, Rinse Kloek wrote:
Is it
Hi Guys,
I have a 7600 connected to a CRS-1 via Giga Interfaces. The CRS is a P
router and the7600 is a PE router. The 7600 has two line card:
WS-X6724-SFP and WS-X6748-GE-TX. We're using the x6724 for Uplink to CRS and
the x6748 connect to internal devices via 802.1Q trunks. I've configured
Omar,
You won't be able to mark EXP bits if your interface to CRS isn't MPLS
enabled.
Moreover only PFC3C/PFC3CXL supports ingress EXP marking at ip2mpls.
Cheers.
___
cisco-nsp mailing list cisco-nsp@puck.nether.net
Leonardo,
Thank you for your answer, there is enable MPLS between CRS and 7600.
however, the PFC used is PFC3B. please do you have any doc regarding:
Moreover only PFC3C/PFC3CXL supports ingress EXP marking at ip2mpls. ?
I'm reading
2011/8/24 Tóth András diosbej...@gmail.com
An egress tunnel port strips the 2-byte Ethertype field (0x8100)
and
the 2-byte length field and
The ethertype field is part of the ethernet header and is set to 0x8000 for
all modern ethernet. Did you mean it rewrites the TPID field from 0x9100 to
We had definite issues when the CPU starting getting above 80%. At 90%
it was almost unusable.
On 8/24/2011 5:02 PM, Joe Maimon wrote:
I have seen this in other instances as well. A 2811 never dips below 10%
(cpu is graphed) even off-peak with nothing going on. The 1700 it
replaced properly
Wasn't the G1 the one that Rodney Dunn mentioned would perform well at high
CPU load, and the CPU usage didn't increase linearly with the PPS, or was
that the G2? Personally, I had a G2 running 15.0(1)M5 doing complicated
SLA/policy routing, and 50 megabit didn't move it past 3 or 4%, 2 peers
Hi Everyone,
Can someone point me to the correct license I need to be able to download
the updates from Cisco for this SSM? Do I need to have a smartnet account
to do it or is there a separate license I can use?
Joe
___
cisco-nsp mailing list
Ha! I am going through service contract hell for AIP-SSM-10 myself.
Best thing to do is to ask your account manager. I can't get a
straight answer out of our distributor.
So, if you bought the ASA and IPS card bundled, it's one CON-SUx-
SKU, (x will depend on the service level and
Could somebody point me out how to define vlan on NIC of our PC.
___
cisco-nsp mailing list cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at
This list is for Cisco related discussion and not PC. You may want to
search for forum related to the OS you are using.
On Wed, Aug 24, 2011 at 10:38 PM, ujjwal maghaiya ujjwal...@hotmail.com wrote:
Could somebody point me out how to define vlan on NIC of our PC.
You can create vlan interface on windows machine using intel proset utility:
http://www.formortals.com/implementing-vlan-trunking/
and on linux using virtual interface configuration:
http://www.cyberciti.biz/tips/howto-configure-linux-virtual-local-area-network-vlan.html
Hope it will help.
36 matches
Mail list logo