On 27/09/2023 at 4:15:31 PM, Mark Tinka wrote:
>
>
> On 9/24/23 03:43, Nathan Ward wrote:
>
> My only assumption was that early versions of VRF implementation in IOS
> did not expect that operators would require more fine-grained use of
> import/export policies, and may ju
of expected RTs? It would certainly make it a lot faster to generate the
list of RTs to advertise with rtfilter - though given that’s only at config
commit time perhaps it’s not a big deal.
It means that policy in Cisco can be shorter, which is nice I suppose.
From memory, if you create a static default and leak that, it follows
wherever that default goes, and doesn’t follow the logic you would expect
for label mode per-vrf - so if it’s a default to null, the packets get
dropped. Default to a vrf with a next-hop - packets go out to that next-hop.
--
Nathan Ward
___
cisco-nsp mailing list cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/
s". Yay.
This is what happens on J ACX boxes.. stunningly bad behaviour :-(
--
Nathan Ward
___
cisco-nsp mailing list cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/
Hi,
This is a very common deployment.
You have some questions you need to understand about your product/solution -
some examples:
- are you using IP pools on the BNG, or in the RADIUS server?
- how will you identify users? Option 82 - if so Remote ID or Circuit ID? MAC?
- what parameters do y
> On 13/01/2019, at 10:26 PM, Saku Ytti wrote:
>
> I'm happy to write supporting traceroute for linux+osx should someone
> have supporting device to test against :)
How about you write the Linux implementation of the client and responder :-
e..?),
or does that not solve it?
Can the 4900 set a DHCP option? I believe you can match to a class based on
DHCP options on the ASR9k, but I’ve not personally done this. It may only be
when doing DHCP proxying on the ASR9k, not sure if this applies to using the
ASR9k as a DHCP relay/proxy t
> On 11/11/2016, at 10:23 PM, James Bensley wrote:
>
> On a side note, does my memory serve me correctly, did they also have
> the two power cords that feed into one Y shaped connector? I seem to
> remember nervously connecting a spare power feed to the spare
> connector on the Y cable and pulli
me reason and the
physicals should have “ip nat outside" - though I’m not sure why.
--
Nathan Ward
___
cisco-nsp mailing list cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/
t delay and checking memcache.
I have not tested any of these yet, and am mulling them over.
If you are using proxy DHCP functionality, perhaps you can auth both BNGs, and
control which you respond to in your DHCP server - if your DHCP server can
support such things. Perha
y the route being a local route or not.
Are there some funny rules that are preventing eBGP multihop from coming up
when the peer address is learned over a leaked route? Or.. a leaked route from
the local PE?
--
Nathan Ward
___
cisco-nsp mailing list
/c/en/us/support/docs/routers/asr-1000-series-aggregation-services-routers/110531-asr-packet-drop.html>
--
Nathan Ward
___
cisco-nsp mailing list cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/
mpd.sourceforge.net/doc5/mpd30.html
<http://mpd.sourceforge.net/doc5/mpd30.html> for details on how to do most of
the things you’d want with it, triggered by RADIUS. Not mentioned there, but
CoA is supported for many attributes, also.
Compression, mentioned recently, is supported. I’v
es from external networks if they are the
best path for that prefix.
There’s an I-D that updates this to relax it a little so it can be used if you
have multiple eBGP peers between two ASNs (which is obviously quite common).
--
Nathan Ward
___
pc.com/shop/us/en/products/Rack-Side-Air-Distribution-2U-115V-60HZ/P-ACF201BLK
Actually we’ve got the 220v version but you the the idea.
--
Nathan Ward
___
cisco-nsp mailing list cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cis
gt; 3. High traffic rate
> 4. Combination of traffic streams with varying packet sizes
Hi Eric,
Sounds likely, yeah. Well spotted. Looks like software took a while to get
fixed, I saw+reported it in like, August last year.
I won’t be trusting them with MPLS/L2VPN anywhere I care about any
l actually.
Here we go, poke around here, and let me know if you want any more info:
http://marc.info/?l=cisco-nsp&m=144524503928911&w=2
--
Nathan Ward
___
cisco-nsp mailing list cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/
, perhaps
that was used.
--
Nathan Ward
___
cisco-nsp mailing list cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/
otally bone-headed) bug is fixed.
Here is the start of the thread on this, on the FreeRADIUS list.
http://lists.freeradius.org/pipermail/freeradius-users/2016-March/082547.html
--
Nathan Ward
___
cisco-nsp mailing list cisco-nsp@puck.nether.net
https://p
, so, may as well just include it rather than potentially
obscuring things ;)
--
Nathan Ward
> On 20/04/2016, at 16:50, Brian Knight wrote:
>
> At $DAYJOB we use MPLS VPNs from other carriers to provide Internet access
> to customers connected to these VPNs. There is always a prim
d reducing our PE's Ints MTU size to 1500
> "allow" packets above 1500bytes to pass fragmented, but at 9100, they were
> dropped?
Hi “CiscoNSP List”,
What were you pinging from/to?
CE pinging the PE?
If so, the reply from the PE would have been larger than 1500B - remember
; Here are some pictures of it, since I can only find a brief mention of it in
> all the cisco docs.
>
> http://imgur.com/a/w8clL
>
For reference, the PSU sticking out and bracket things is not true on all
ASR920 models - some have fixed PSUs, and the ones that are not a full 19” wi
tra space. Because they’ve got an extra couple cm to
cover, they need the extra thickness so the bracket works in wall mount mode.
No replaceable PSUs on these either. You either get naff brackets or PSUs that
stick out the front, I guess.
--
Nathan Ward
___
> On 16/01/2016, at 23:51, Erik Sundberg wrote:
>
> My rack mount brackets don't look like that...
Interesting! Post a pic?
--
Nathan Ward
___
cisco-nsp mailing list cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/list
ttp://imgur.com/W8Z2Imi
Those folded bits are so it can sit flat when in wall mount mode, but they make
it taller than 1RU. Pretty stupid.
--
Nathan Ward
___
cisco-nsp mailing list cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/c
a pretty common part as well. I
guess it was partially a price thing - probably similar to why serial ended up
on RJ45 in the first place? I haven’t been around long enough to know :-)
--
Nathan Ward
___
cisco-nsp mailing list cisco-nsp@p
> On 16/01/2016, at 20:54, Gert Doering wrote:
>
> Hi,
>
> On Sat, Jan 16, 2016 at 08:50:49PM +1300, Nathan Ward wrote:
>> Hi, there is both a USB signalled console port, and an RS232 console.
>> The RS232 console uses a USB style connector, which is very, very p
Also, have you got ASR920 rack mount ears? Ever notice that they’re taller than
1RU because of the folded bits? It’s a pretty bad product from a physical
design POV.
--
Nathan Ward
___
cisco-nsp mailing list cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/
either, but, trust me - it’s certainly
better than using the CLI!
--
Nathan Ward
> On 8/01/2016, at 00:13, Mike wrote:
>
> Hello group,
>
> I have a tool I developed in house which polls a cisco router terminating
> PPPoE sessions in order to get a complete picture of
at. We chart queries per CPU%, recursion times, all sorts of good stuff.
--
Nathan Ward
___
cisco-nsp mailing list cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/
we’ll do that and see how they go there.
--
Nathan Ward
___
cisco-nsp mailing list cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/
> On 19/10/2015, at 14:46, James Jun wrote:
>
> On Sun, Oct 18, 2015 at 07:42:27PM +1300, Nathan Ward wrote:
>> Sorry, I should look better.
>
> I would say Juniper ACX is more comparable to ASR 901 Series meant for cell
> sites with simple l3vpn instance or small-sc
e buying. Just dump your current Juniper
> configurations on to the thing and see what happens.
Normally, sure, but they’re impossible to get ahold of.
Current configs are on ME3600X for me, so I expect I’ll get errors :-)
--
Nathan Ward
__
> On 17/10/2015, at 17:54, Mark Tinka wrote:
>
>
>
> On 17/Oct/15 06:26, Nathan Ward wrote:
>
>> I’m surprised no one has yet mentioned Juniper ACX - or at least I couldn’t
>> see it in a quick scan of the thread.
>
> It was mentioned…
Sorry, I should
can report back on how well they work.
--
Nathan Ward
> On 15/10/2015, at 10:52, Gavin McBride wrote:
>
> Hello all,
>
> I've been evaluating a few platforms for a smallish MetroE-style
> deployment, focused on E-Line services between a number of sites, with n x
> 10
forwarding when it came under
under heavy load, but you know, we’re getting there..)
--
Nathan Ward
> On 24/09/2015, at 14:35, Pshem Kowalczyk wrote:
>
> Hi,
>
> I don't expect that platform to ever support those sort of features (but
> that's my personal opinion). The n
re using the second to
last port. Same goes for other switches you might connect, same reasoning.
--
Nathan Ward
___
cisco-nsp mailing list cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/
other countries, but it depends on
the network.
--
Nathan Ward
> On 19/08/2015, at 00:29, Tim Durack wrote:
>
> Question: What is the preferred practice for separating peering and transit
> circuits?
>
> 1. Terminate peering and transit on separate routers.
> 2. Terminat
Internet over VASI interfaces is a pretty
common solution, because you can do NAT and whatever else there so the customer
runs private addressing within their cloud. Putting lots of subscriber traffic
over a VASI just to get the packets in to the right VRF is pretty uncommon.
--
Nathan War
ng, and if you’ve got
peering/transit/non-BNG stuff on the same box as your BNG.
--
Nathan Ward
___
cisco-nsp mailing list cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/
und it for my SE to take upstairs, if anyone else is impacted by it hit
me up of list and we’ll try get it fixed.
--
Nathan Ward
___
cisco-nsp mailing list cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/
xists, I’ve even seen it myself!
--
Nathan Ward
___
cisco-nsp mailing list cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/
” VRF on a different router, but that
doesn’t work where we have POPs which consist of only a BNG and a CDN hanging
off it.
--
Nathan Ward
___
cisco-nsp mailing list cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archi
higher specced boxes nearer your border choose where to
send stuff. You need per-VRF, so that you can put a null default in, and
advertise that, and not have your traffic label switched to null - per-VRF does
a route lookup when the VPN label is popped.
--
Nathan Ward
__
44 matches
Mail list logo