On 10/11/24 17:52, Drew Weaver wrote:
--
Yeah, it sometimes almost feels as though traditional vendors are hastening the
[for lack of a nicer term] enshittification of the Internet to their own
detriment in a short term vs long term sense.
It has to suck for them that the aforemention
On 10/10/24 18:20, Drew Weaver via cisco-nsp wrote:
Hello,
We bought one and regret it mightily every single day.
Ours specifically had bad memory in it, it took a year before they/we figured
that out, lost our SNT over that year while it was acting insane [and we
couldn't deploy it] and
On 4/9/24 15:29, Gert Doering wrote:
I'm so glad our single box with SUP-2T has been retired many years ago...
(We still do have one (1) Sup720-10G 6500 running, but that is being
migrated away from right now)
You are the first person I thought about, when I saw this advisory...
Mark.
___
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ios-dos-Hq4d3tZG
Mark.
___
cisco-nsp mailing list cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipe
On 11/28/23 17:02, Nick Hilliard via cisco-nsp wrote:
prefix filtering is a defining feature of a policy routing protocol.
OSPF is a link-state protocol, and doesn't support the concept of
having different visibility of prefixes inside the same area. If you
want that with OSPF, you'll nee
On 9/28/23 09:10, Mohammad Khalil via cisco-nsp wrote:
Greetings
I am looking for similar command to obtain forwarding information at the
midpoint (no te interfaces)
https://www.juniper.net/documentation/us/en/software/junos/mpls/topics/ref/command/show-mpls-lsp.html
This is on NCS5500 there
On 9/27/23 13:23, Nathan Ward wrote:
In JunOS you can’t use regexes or wildcards for “target:” communities.
You can use wildcards in IOS-XR RT sets - so if your RPL has something
like the following, without defining the RTs you care about in the
VRF, you’ll generate a bunch of rtfilter[1] ro
On 9/24/23 03:43, Nathan Ward wrote:
Further than that, in JunOS if you define an RT in a VRF with an
export/import policy it has no effect.
Import/export RT is just a shortcut for creating and applying a policy
if no other policy exists.
It doesn’t (so far as I am aware) do anything else
So I eventually figured this out... for the router to apply the extended
community on inbound routes, one has to configure the export RT in the
VRF itself.
Originally, I had used only import and export maps, without defining the
RT explicitly in the VRF.
Turns out that even if you use import
Hi all.
I have a simple inbound route-map on a VPNv4 PE-CE BGP session that does
the below:
route-map TEST deny 10
match rpki invalid
!
route-map TEST permit 20
match ip address prefix-list test-in
set metric 0
set local-preference 120
set extcommunity rt 65200:5
!
route-map TEST deny 655
On 8/30/23 18:24, Mark Tinka wrote:
Actually, different RD's are not a solution for VRF routes leaked into
the global table. It will only work for traffic carried inside the VRF
domain.
If IOS XE can't support Add-Paths for VPN traffic, direct iBGP
sessions may be necessary to workaroun
On 9/10/23 21:22, Mohammad Khalil via cisco-nsp wrote:
Greetings
Hope all is well.
I need to check if Juniper's BGP extended community settings are compatible
with Cisco's BGP extended community settings.
Is it possible to intercommunicate Juniper's BGP extended community with Cisco
BGP ex
On 9/3/23 02:05, Phil Bedard wrote:
Some Junos platforms won't do this either BTW, it's somewhat
dependent on the forwarding hardware.
I was wondering whether anyone running Junos on a current Broadcom chip
has tested this. Trio spoils us.
Mark.
_
On 8/30/23 18:14, Mark Tinka via cisco-nsp wrote:
Hi all.
Does anyone have any definitive info per subject?
We don't see support in our CSR1000v units, and my SE seems to have
gone fishing.
Anyone who has deployed Cat8000v know if there is support there? It's
what we are movi
Hi all.
Does anyone have any definitive info per subject?
We don't see support in our CSR1000v units, and my SE seems to have gone
fishing.
Anyone who has deployed Cat8000v know if there is support there? It's
what we are moving to, but we aren't there yet.
Using different RD's per site is
On 8/29/23 18:22, Daniël Verlouw wrote:
slightly different approach, but I’ve had some success with ACL-based
VRF select, but it really depends on your use-case:
https://community.cisco.com/t5/service-providers-knowledge-base/asr9000-xr-abf-acl-based-forwarding/ta-p/3153403
Something like:
On 8/29/23 15:17, Gert Doering wrote:
So, yes, I would be interested what exactly happens inside the box, and
why it does not work / how hard it would be with existing ASR9k NPUs to
make it work (technically) but I expect there will be no answer on this.
I didn't even bother asking our SE.
On 8/29/23 11:40, Nathan Ward wrote:
We were learning a default from an eBGP peer on the same node, so we
were able to leak that in to the other VRF and get more or less what
we wanted - but it wasn’t ideal.
I tested the same by pointing 0/0 to another PE via the default VRF, and
that work
On 8/29/23 12:43, Arie Vayner wrote:
Would something like this work?
https://learningnetwork.cisco.com/s/question/0D53i0KstGrCAJ/ios-xr-leaking-the-routes-between-vrf-and-global-rib
That very thread was the last thing I tried this morning. It didn't work
either.
I suspected that it c
On 8/29/23 11:05, Fraser McGlinn wrote:
Would this be a case where vasi-left and vasi-right interfaces are appropriate?
Essentially same as an LT in Junos.
Not as elegant for sure, but should function.
IIRC, VASI support was only on the MSB (Multi Service Blade) on the XR
12000 platform.
Hi all.
I've been racking my brain trying to implement an equivalent feature in
IOS XR 6.7.1 similar to Junos' "next-table" feature.
Essentially, I am trying to point all unknown destinations from within a
VRF toward the local global table for resolution. In Junos, it's as easy as:
static
On 9/9/22 11:06, Sebastian Neuner via cisco-nsp wrote:
Hi all,
I got no replies and that might be because nobody cares, or it might
be because nobody knows how to do it on XR. Googling for something and
finding posts without solution is always annoying, so here's what I
found. This is all
Very old thread, but I was digging around and found it, so thought I'd
answer, in case no one did:
On 5/10/22 13:27, Sebastian Neuner wrote:
But on IOS XR, I can only find global options to enable the capability
and set a general limit for the number of paths, like this:
router bgp 65000
a
On 3/12/23 20:21, Mohammad Khalil via cisco-nsp wrote:
Greetings
I have two ASR9K connected to different providers (Uplinks).
I am receiving around 90K routes from each provider , as well , I have iBGP
between the ASR9K.
What am noticing is that ASR9K1 is advertising around 87K to ASR9K2 whe
On 3/1/23 10:04, Saku Ytti wrote:
There are two paths that consumers would accept
a) immutable NOS, you give it image, it boots up and converges in <5min
b) mutable NOS, process restarts keep state, if upgrade is hitful,
forwarding stoppage should be measured in low seconds
I think a
On 2/26/23 16:44, Tarko Tikan via cisco-nsp wrote:
Well, not so in practice.
You can't issue install from http:// or any other remote URL.
You have to sit around and issue "install apply" after "install
replace" is finished. Replace is async so you have to sit around and
poll the process.
On 2/26/23 16:29, Phil Bedard wrote:
SMUs were a good idea, but not really great in practice. Most
customers I work with do not want to manage application level patches,
just entire images, even in cases where they are just a process restart.
XR for a number of years now has had the concep
On 2/26/23 16:21, Phil Bedard wrote:
Ok well there are a number those as well. The 55A2 and newer 57C3 also
support a number of 100G ports.
I quite don’t fully understand the “verbose architecture” comment.
I’ve used a lot of router operating systems, Junos since 1999, SROS,
XR, XE, you n
On 2/24/23 19:51, Lukas Tribus via cisco-nsp wrote:
Hello,
for the unititiated, how does the licensing on a mx204 look like for
different or combined use-cases like pure IP edge, mpls layer3 and layer2
VPNs, BNG functionality?
IIRC, BNG deployments support up to 1,000 concurrent subscribe
On 2/24/23 11:01, Gert Doering wrote:
I really do like XR, but the update hassles... so having an "image based"
XR ("scp $new_xr.bin router:", "boot system flash $new_xr.bin", "reload")
would have been really nice.
Now, SMUs and "restart only the affected service" is a great promise, but
in
On 2/23/23 21:45, Shawn L via cisco-nsp wrote:
That's one of the major reasons we're sticking with the ASR920 in metro
deployments for all it's faults. They do silly license stuff on the 12SZ
(no bulk, make all the 10G ports work license) but once you figure out
their quirks they do work qui
On 2/23/23 21:34, Phil Bedard wrote:
The original question was around an Internet border router with 10G
support. We have devices like the 55A2-MOD-SE which is similar to
some other vendor devices (somewhat of a reference Broadcom design)
which we’ve seen be very popular in border router d
On 2/23/23 19:20, Brian Turnbow wrote:
They also seem to want to follow the same route in metro with the NCS540s and
this global bandwidth licensing bucket.
You want to turn up 2x100 and 24*10 on a box?
Buy 44 "essential right to use v1 for 10g" and all the shabangs that come with
it that re
On 2/23/23 14:12, Alexandr Gurbo wrote:
For 10g speeds the best solution is a linux box and a contract with an anti
ddos partner.
Or even a server with a hypervisor running, say, CSR1000v or vMX or vSR
will do nicely. A little pricier than Linux, but likely worth it if you
have a decent s
On 2/23/23 13:47, Gert Doering wrote:
Basically they have "fixed" that by making the ASR9901/9902/9903 even
more expensive.
And hence, why we consider other vendors.
I mean, the general rule for networking today, is Ethernet. Even in some
of the most far-flung regions of the world, one wo
On 2/23/23 08:22, Hank Nussbacher via cisco-nsp wrote:
For an ASR9906 to add 4x port 100G here is the GPL pricing:
Part Number Description Unit List Price
A99-4HG-FLEX-TR= ASR 9900 400GE Packet Transport Combo Line Card -
5th Gen 271,493.78
CON-SNT-A994HGFT SNTC-8X5XNBD ASR 9
On 2/23/23 08:15, Hank Nussbacher via cisco-nsp wrote:
A fully licensed asr1001-hx (all 8 10G ports operational) w/ 5 years
Cisco Smartnet support - GPL is around $220K. Add your discount here.
Cheap is relative.
The ASR1000 platforms are pretty sexy, but Cisco have out-priced
themselv
On 2/23/23 01:06, Thomas Scott wrote:
Yes - 400 Gbps throughput total If I recall correctly.
That's right - it's basically an MPC7E line card with a-third of the
capacity, i.e., 1x 3rd generation Trio chip (Eagle).
Mark.
___
cisco-nsp mailing l
On 2/23/23 00:19, Eric Louie wrote:
Oh geez, I just realized I left a zero off the interface - we need
100G interfaces both upstream (x1) and downstream (x2)
That probably changes the product choices a little bit.
Anyone with 100G Internet feeds want to let me know what you're using
for a
On 2/22/23 20:29, Eric Louie wrote:
Mark, thanks. We were quoted a MX304 for the Internet edge from
Juniper. How has your experience been with it? are you 10G upstream
and downstream? Any IPS on the 10G connection?
The MX304 is not worth the money, for as long as the MX204 exists.
W
On 2/22/23 05:31, Eric Louie via cisco-nsp wrote:
Hi folks
Recommendations and your experiences with an Internet border router for a 10G
Internet connection, with DDoS service and unicast reverse path forwarding.
Brand and model requested, if you have it, and bad experiences are ok, too.
On 2/13/23 01:13, Sander Steffann wrote:
It makes me sad when I notice that all of the specialists on certain topics are
even older than me :( A lot of us learned on the job when the internet was
less critical infrastructure and mistakes were part of the learning process.
These days a lot
On 2/9/23 09:01, Joe Maimon wrote:
Effective human capability redundancy does not persist as a stable
status inside of any discreet organization.
Tell that to HR departments that think "institutionalizing" skilled
labour is a practical thing beyond the paper the policy is written on.
Mar
19:22, Mario Ruiz via cisco-nsp wrote:
Yes miss the old days
On Wed, Feb 8, 2023 at 12:21 PM Hank Nussbacher via cisco-nsp <
cisco-nsp@puck.nether.net> wrote:
On 08/02/2023 15:27, Mark Tinka via cisco-nsp wrote:
On 2/8/23 10:23, Saku Ytti via cisco-nsp wrote:
Working would b
On 2/8/23 16:45, Aaron wrote:
i think the problem is they let the good ones go.
That is a trend currently affecting our industry - mostly because our
group has converged on the basics of a well-built platform, and
"automation" is causing exec's to think they don't need the hard skills
an
On 2/8/23 09:48, Hank Nussbacher via cisco-nsp wrote:
We opened a case on Jan 22 (Case #694936467). Since then we have
exchanged countless email, countless logs and countless command output
captures.
On Jan 31 we requested transfer to a more senior IOS-XR team. The case
was transferred t
On 2/8/23 10:23, Saku Ytti via cisco-nsp wrote:
Working would be much more pleasurable if half the
world's white collar workers wouldn't be unemployed plat card holders
and cruising without output, while looking down on people doing 3 jobs
and not qualifying for a mortgage.
Sadly, as folk m
On 1/14/23 04:40, Tom Hill via cisco-nsp wrote:
The normal answer in Cisco land, even today, is to use Martini-draft
P2P pseudowires (either tag or port-based MPLS interconnects) which
will use tLDP for establishment, and should serve you very well
(especially at a port-based level) for a
On 7/15/22 21:16, Charles Sprickman wrote:
If you’re not looking for any new features from IOS and simply want to have a
secure/patched version, is there any option at all to park in XE and stay
there? There’s a handful of these that have become pretty dumb big routers
w/very simple BGP and
49 matches
Mail list logo
