ASR 1001 and in base price it comes with 2.5G throughput and we have
10G link coming from ISP and our legit traffic is 1G around majority
time we get DDoS attack around 4 to 5G so i want to use router ACL to
filter traffic so it will drop all packet interface level but real
question is does 2.5G th
Seriously? so if i have 4 ports then per port 1.2G?
we have 10G link from ISP so you are saying i need 20G license right,
10G in and 10G out
On Mon, Apr 25, 2016 at 6:52 PM, Gabriel wrote:
>>
>> ASR 1001 and in base price it comes with 2.5G throughput and we have
>> 10G link coming from ISP and
We are having many NTP, DNS and Chargen style UDP base IP
Fragmentation attack, In short they send packet with MF (More
Fragment) bit set.
I want to drop all packet entering in my router. How do i stop this
kind of attack with ACL? I heard somewhere ACL has fragments option
but not sure what it
I thought through put only apply to egress traffic that's why I ask this
question.
--
Sent from my iPhone
On Apr 26, 2016, at 6:10 AM, Gabriel wrote:
>>
>> Seriously? so if i have 4 ports then per port 1.2G?
>>
>> we have 10G link from ISP so you are saying i need 20G license right,
>> 10G
at 1:30 AM, Roland Dobbins wrote:
>
>> On 26 Apr 2016, at 8:22, Satish Patel wrote:
>>
>> I heard somewhere ACL has fragments option but not sure what it will do and
>> how i can build my with this option?
>
> You shouldn't drop all non-initial fragments, beca
n to stop IP Frag attack using offset field.
I'm looking similar option in cisco.
--
Sent from my iPhone
> On Apr 26, 2016, at 7:43 AM, Roland Dobbins wrote:
>
>> On 26 Apr 2016, at 18:06, Satish Patel wrote:
>>
>> We have never ever seen frag packet on VOIP traffic.
irewall with cisco router for high speed performance.
--
Sent from my iPhone
> On Apr 26, 2016, at 8:43 AM, Roland Dobbins wrote:
>
>> On 26 Apr 2016, at 19:38, Satish Patel wrote:
>>
>> Believe me we did all home work that's why I'm am asking this last q
y ACL fragments option does?
On Tue, Apr 26, 2016 at 8:58 AM, Roland Dobbins wrote:
> On 26 Apr 2016, at 19:49, Satish Patel wrote:
>
>> I told you believe me we have very isolated network for each service.
>
>
> You're very argumentative for someone asking strangers o
Lukas,
Thanks, I am looking configuration like if my Internet bandwidth usage
go 50% or (PPS go higher than average) i want to apply ACL to start
dropping Fragmentation packet. like juniper has following option. Does
cisco has config like following apply ACL base on criteria
firewall {
police
send alerts, our
attack mostly last 5 to 10min Max time and we are getting average 4 to
5G attack on 10G fiber link.
On Tue, Apr 26, 2016 at 1:54 PM, Roland Dobbins wrote:
> On 27 Apr 2016, at 0:50, Satish Patel wrote:
>
>> Does cisco has config like following apply ACL base on criteri
This is real cool.. let me dig into.
On Tue, Apr 26, 2016 at 2:24 PM, Job Snijders wrote:
> On Tue, Apr 26, 2016 at 11:17:29AM -0700, Mike wrote:
>> On 04/26/2016 10:54 AM, Roland Dobbins wrote:
>> > But you really aren't being smart about this. Why not use S/RTBH on
>> > your edge router to sim
Roland,
Let's say I like your S/RTBH but does it require my ISP support this?
On Tue, Apr 26, 2016 at 1:54 PM, Roland Dobbins wrote:
> On 27 Apr 2016, at 0:50, Satish Patel wrote:
>
>> Does cisco has config like following apply ACL base on criteria
>
>
> Cisco has QoS.
Roland,
I don't know much about BGP level routing etc. so i may be confused.
Let me think about it and read what it can do for us. I may send you
private email for more details if you don't mind.
On Tue, Apr 26, 2016 at 4:59 PM, Roland Dobbins wrote:
> On 27 Apr 2016, at 3:33,
Duane,
I also check with one of Cisco employee (my friend) he said its
divided IN+Out like if you have 5G then it will do 2.5G IN and 2.5G
Out.
This is very strange, your guy and my guy both contradict :(
On Wed, Apr 27, 2016 at 10:39 AM, Duane Grant wrote:
> Satish,
>
> i just heard back fro
7;s
> almost always correct. i paid attention to this detail because we do lots
> of multicast and since they are counting on egress and not ingress,
> multicast replication in the box counts against us. ;-(
>
>
> Regards,
>
> --Duane
>
> On Wed,
I was reading specs of ASR920 looks promising and only limitation it
can hold 20k routes except that what is the difference between ASR920
and ASR1001-x ?
speed?
performance?
___
cisco-nsp mailing list cisco-nsp@puck.nether.net
https://puck.nether.net/m
Does ASR 920 give you real throughput performance like ASR1001? If i
have only single port 10G requirement then can i go with ASR920
instead of ASR1001? ASR1k is very costly compare to ASR920
On Fri, Apr 29, 2016 at 5:24 PM, Mike
wrote:
>
>
> On 04/29/2016 02:06 PM, Mark Tinka wrote:
>>
>>
>> T
Need your input or suggestion, I have check with one of company and
they sales *used Cisco equipments so i have asked for ASR1004 and its
around $30k so question is what would be the disadvantage or buying
used equipments?
___
cisco-nsp mailing list cisc
t on it
> (which may or may not be an issue for you) you should have decent luck.
>
>> On Thu, May 5, 2016 at 2:41 PM, Satish Patel wrote:
>> Need your input or suggestion, I have check with one of company and
>> they sales *used Cisco equipments so i have asked for A
Do you think it's costly ?
--
Sent from my iPhone
> On May 6, 2016, at 2:40 AM, Mark Tinka wrote:
>
>
>
>> On 5/May/16 20:41, Satish Patel wrote:
>>
>> Need your input or suggestion, I have check with one of company and
>> they sales *used Cisco e
tc, then its okif its just a chassis, then US$30K is wy
> expensive lol...you should only pay $2-3K for chassis only
>
>
> From: cisco-nsp on behalf of Satish Patel
>
> Sent: Friday, 6 May 2016 9:34 PM
> To: Mark Tinka
&
> interfaces.
>
> Jared Mauch
>
>> On May 5, 2016, at 2:41 PM, Satish Patel wrote:
>>
>> Need your input or suggestion, I have check with one of company and
>> they sales *used Cisco equipments so i have asked for ASR1004 and its
>> around $30k so ques
ASR1000-ESP40 will provide 40G through put does that means I don't need to buy
any license etc right to activate its bandwidth?
I check it solo cost around 22k in market.
--
Sent from my iPhone
> On May 8, 2016, at 1:20 PM, Satish Patel wrote:
>
> Seriously?
>
>
gt;
>> On May 8, 2016, at 1:20 PM, Satish Patel wrote:
>>
>> Seriously?
>>
>> I check with CDW and price was around double with 40G throughput. Are you
>> guys sure new ASR 1004 cost same?
>>
>> --
>> Sent from my iPhone
>>
>>> On
:wHwAAOSw3mpXH528
>
> - Jared
>
>> On May 8, 2016, at 2:02 PM, Satish Patel wrote:
>>
>> I need all fiber interface with 20G ingress and 20G egress.
>>
>>> On Sun, May 8, 2016 at 1:36 PM, Jared Mauch wrote:
>>> If you purchase via enterprise ch
Is there a way in cisco i can put logic if bandwidth utilization is
above 5G then apply specific ACL (example, deny ip any any fragments)
I don't want packet travel all the time through ACL, I can set trigger
them on event.
___
cisco-nsp mailing list ci
r would pass the traffic upto it’s limit and then discard the rest
> The policer can look at anything an ACL can
>
> There are examples on the net re hardening an edge router
>
> https://www.bing.com/search?q=cisco+router+harden+rate+limit
>
>
>
> Sent from Mail
I was looking at BGP flowspec to mitigate DDoS and have following question.
1. Does ASR1006 support BGP flowspec?
2. Does my ISP support flowspec in order to implement on my router?
3. what is the basic requirement to run flowspec?
___
cisco-nsp mailing
We have only ethernet termination from ISP multiple 10G fibers and all
ethernet technologies running (no TDM, Frame Relay etc). We are
running BGP, QoS, ACL and Netflow.
Which router i should pick between these two, my sales person said use
ASR9001 which is more popular in market and very less pe
, Mark Tinka wrote:
>
>
> On 14/May/16 18:59, Satish Patel wrote:
>
>> We have only ethernet termination from ISP multiple 10G fibers and all
>> ethernet technologies running (no TDM, Frame Relay etc). We are
>> running BGP, QoS, ACL and Netflow.
>>
>> Which
What is the difference between ASR1006 and ASR1006-X ?
You are saying go with ASR9001 right? Does it provide hardware redendency?
--
Sent from my iPhone
> On May 14, 2016, at 5:53 PM, James Jun wrote:
>
>> On Sat, May 14, 2016 at 03:50:00PM -0400, Satish Patel wrote:
>> Bu
Just curious what is the difference between ASR 1006 vs 1006-X
I have check specs and it's pretty much same. Is there any performance related
improvement on X ?
--
Sent from my iPhone
> On May 15, 2016, at 7:29 AM, Gert Doering wrote:
>
> Hi,
>
>> On Sun, May 15, 2016 at 01:07:10PM +0200,
I was reading
http://gurudatt28227.blogspot.com/2015/03/ddos-mitigation-using-bgp-flowspec-ddos.html
And they said BGP flowspec S/RTBH isn't useful for large number of
sources attackers.
We are getting 20G DDoS sometime on link and it has many many sources
does S/RTBH with flowspec mitigate them
27;t allow this technologies.
On Sun, May 15, 2016 at 6:48 PM, Roland Dobbins wrote:
> On 16 May 2016, at 2:01, Satish Patel wrote:
>
>> And they said BGP flowspec S/RTBH isn't useful for large number of sources
>> attackers.
>
>
> Wrong.
>
>> We are getting 20G DDoS
Guys!
Question does ASR9010 has different ESP module or it does support
ASR1006 (ASR1000-ESP40)
On Mon, May 16, 2016 at 4:13 AM, James Bensley wrote:
> On 14 May 2016 at 22:11, Tom Hill wrote:
>> And as requested, here's the hottest running 9001 I have - stuffed in a
>> tiny Quarter cabinet.
I was looking some specs and found ASR9010 is end of life? Should it
be good to buy it?
I planning buying following pre-owned hardware. Should i be worry?
Cisco ASR-9010-AC Cisco ASR 9010 Chassis -
Cisco A9K-3KW-AC Cisco 3KW AC Power Module 3
Cisco ASR-9010-FAN CISCO ASR-9010-FAN Fan 2
Cisco A9k-
ASR9001 doesn't have hardware redundancy then why people going to buy it?
On Tue, May 17, 2016 at 2:55 PM, Gert Doering wrote:
> Hi,
>
> On Tue, May 17, 2016 at 07:09:47PM +0300, Saku Ytti wrote:
>> But what is possible and what is commercially viable are not same
>> things. It's pretty logical f
hassis/power/fans you have listed are fine, the RSP440 is a current
> generation RSP, the first generation RSPs were announced for EOL early last
> year, and will be LDoS in 2020. The Mod80 and MPAs have not been announced
> for EOL.
>
> Jeremy
>
>
> On 5/17/16 15:00, Satish P
Jared, its used pre-owned one.
On Tue, May 17, 2016 at 4:41 PM, Jared Mauch wrote:
> If you are buying new look at the 9910.
>
> Jared Mauch
>
>> On May 17, 2016, at 4:16 PM, Satish Patel wrote:
>>
>> So we are good with those parts or i need to worry?
>>
Hello,
We are planning to buy pre-Owned equipment so does anyone has any
experience with following 3 venders and their support?
curvature
networkequipment.net
worldwidesupply.net/
___
cisco-nsp mailing list cisco-nsp@puck.nether.net
https://puck.nether
We are finally buying ASR1006 but now question is should we go with 8G or 16G
memory and where router use most it's memory? We are going to run BGP but with
default route so where memory going to use?
Requirement. (Do we really need 16GB?)
1. BGP default route
2. 20 to 30 ACL
3. 5 to 10 PBR
.209.7572
>
>
>
> From: cisco-nsp [mailto:cisco-nsp-boun...@puck.nether.net] On Behalf Of
> Satish Patel
> Sent: Wednesday, May 18, 2016 9:25 AM
> To: Cisco Network Service Providers
> Subject: [c-nsp] Pre-owned equipment vender
>
>
>
> Hello,
>
> We are planning to b
I thought if you add device component on SmartNet you should be
eligible for download ISO
On Thu, May 19, 2016 at 2:13 PM, Scott Granados wrote:
> I believe, willing to be corrected, that you have to pay for the software
> license as a line item.
>
>> On May 19, 2016, at 12:26 P
g to 15.2 Advanced Enterprise
> Services.
>
> Jeremy
>
>
> On 5/19/16 14:19, Satish Patel wrote:
>>
>> I thought if you add device component on SmartNet you should be
>> eligible for download ISO
>>
>> On Thu, May 19, 2016 at 2:13 PM, Scott Granados
&
Just wonder what would be the advantage and disadvantage of running
BGP full vs default route.
We have single ISP connection and ISP decided to just run default
route over BGP instead full.
___
cisco-nsp mailing list cisco-nsp@puck.nether.net
https://pu
x27;s no real advantage to taking a full
> table unless you are interested in using it as a learning tool. By simply
> using a default, you'll save loads of memory, as well as CPU should you drop
> the connection during, e.g., maintenance.
>
> Cheers,
> Brian
>
>
If tomorrow I will have second link from them so two individual fiber
terminated on my router in that case how I will make second link redendency or
can I do loadbalacing?
--
Sent from my iPhone
On May 21, 2016, at 9:17 AM, Adam Vitkovsky wrote:
>> Satish Patel
>> Sent: Friday,
net will appear up even if connectivity is not, which will be
> problematic as the route will not disappear. In that case, look into IP sla.
>
> Sent from my iPad
>
>> On May 20, 2016, at 10:02 PM, Satish Patel wrote:
>>
>> Currently we have single link but in sur
I am new to ASR1006 and i never work on router with hardware
redundancy so i just want some input and understanding how does it
work. currently we have single component so its not a 100% redundant.
ESP40 - 1
RP2 - 1
SIP - 1
SPA - 4 ( 1x10GB SPA)
Question:
Do i need to configure or run some com
> upstreamcustomers can connect to both.if one dies, you are still
> operational...this is far better than a single box, with dual "everything"
>
> ____
> From: cisco-nsp on behalf of Satish Patel
>
> Sent: Monday, 23
is it safe to put on internap facing interface?
ip virtual-reassembly drop-fragments
___
cisco-nsp mailing list cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/
Sorry typo it was "Internet"
We are getting many IP fragment DDoS so I was planning to use on outside
interface to drop all IP fragmented packet.
--
Sent from my iPhone
> On Jun 2, 2016, at 10:44 AM, Juergen Marenda wrote:
>
>
> Satish Patel wrote:
>> is it sa
new ASR1006 and going to run BGP (RTBH).
Question: How does Netflow + RTBH will auto trigger null?
On Fri, Jun 3, 2016 at 7:55 AM, Nick Hilliard wrote:
> Satish Patel wrote:
>> Sorry typo it was "Internet"
>>
>> We are getting many IP fragment DDoS so I wa
We have two cisco 3850 switch connected over 10g with udld enabled and recently
we upgrade one of switch and as soon as switch reload it put 10g link in
err-disable mode, if I disable udld it works.
Any idea what would be wrong?
--
Sent from my iPhone
> On Jun 6, 2016, at 5:25 PM, Nick Hillia
On cisco support i am seeing two ISO version which one should i use on
production?
Suggested:
- 3.16.3S(ED)
- 3.13.5aS(MD)
Latest:
- 3.17.2S(ED)
Should i use Lates one 3.17.2S(ED) or i should use suggested what is
the difference?
___
cisco-nsp m
We have setup new BGP configuration with ISP and ISP has been told
send community "64682:0" for blackholing. I am new in BGP.
I was reading BGP community format is ASN:NN but my ISP ASN number
isn't 64682 so i am assuming they gave me example (64682:0)
This is what i configure in my router.
rout
64682:0 to denote traffic as blackhole.
> Not an issue perse but that's what they are telling you is what they honor
> as far as communities coming into their network.
>
> On Jun 19, 2016 7:38 PM, "Satish Patel" wrote:
>>
>> We have setup new BGP configu
"send-community".
>
> BGP community is an optional transitive attribute its only sent to external
> ASN if you tell it to.
>
>
> More on communities indicating they are (optional) transitive attributes:
> http://www.cisco.com/c/en/us/about/press/internet-protocol-jour
m Densmore
wrote:
> You may want to use the "neighbor xxx.xxx.xxx.xxx route-map [route map
> name] out" option rather than redistributing the route map.
>
>
> On 6/19/2016 8:07 PM, Satish Patel wrote:
>> I have added "ip bgp-community new-format" in global
I did couple time even hard reset too :(
On Mon, Jun 20, 2016 at 1:40 PM, Jared Mauch wrote:
>
>> On Jun 19, 2016, at 10:07 PM, Satish Patel wrote:
>>
>> I have added "ip bgp-community new-format" in global config, but i
>> don't have following c
PM, Jared Mauch wrote:
>
>> On Jun 20, 2016, at 1:38 PM, Satish Patel wrote:
>>
>> I have tried that too and got this error.
>>
>> R1(config-router)#neighbor xx.xx.xx.xx route-map RTBH out
>> % "RTBH" used as BGP outbound route-map, tag match not
ch community RTBH-COMM
> set community 200:666
> !
> ip route x.x.x.x 255.255.255.255 null0 250
>
> (from memory, so syntax is probably incorrect)
>
>> On Jun 20, 2016, at 1:38 PM, Satish Patel wrote:
>>
>> I have tried that too and got this error.
>>
>> R1(conf
On Mon, Jun 20, 2016 at 2:12 PM, Jason Lixfeld wrote:
>> On Jun 20, 2016, at 1:55 PM, Satish Patel wrote:
>>
>> Do you know how to troubleshoot or debug to see its sending /32 route
>> to peer or not ?
>
> show
192.168.100.1 should
> matter. The /32 should work because it’s a more specific prefix than the /24
> attached to the interface.
>
>> On Jun 20, 2016, at 2:57 PM, Satish Patel wrote:
>>
>> Its working now!! you know what is the problem? You guys going to beat me :(
&
; If it's in the routing table already, can be candidate for BGP table
>
> -Original Message-
> From: cisco-nsp [mailto:cisco-nsp-boun...@puck.nether.net] On Behalf Of
> Satish Patel
> Sent: Monday, June 20, 2016 4:52 PM
> To: Jason Lixfeld
> Cc: Cisco Network Se
This is weird question but i thought let me get opinion from you guys.
We have following scenario
[ISP]---[Router]--[L3
Switch][Hosts]
In above diagram we get /24 subnet from ISP for hosts, Now i want to
configure routed network between [Router] and [L3 switch] so
You have a point, what if I increase MTP size to 9000 on that point to point
interface?
--
Sent from my iPhone
> On Jun 21, 2016, at 1:10 AM, Mike
> wrote:
>
>> On 06/20/2016 07:52 PM, Satish Patel wrote:
>> This is weird question but i thought let me get opinion from
I do have public Interface on that router but how do we tell them use
"Public IP" for ICMP unreachable?
On Tue, Jun 21, 2016 at 3:42 PM, Mike
wrote:
> On 06/21/2016 07:37 AM, Nick Cutting wrote:
>>
>> We have a few providers in HK who deliver our public /24's via a /30 RFC
>> 1918 Address.
>>
>>
s.ietf.org/html/rfc6598
>
> Best Regards
>
> Brian
>
>
>> -Original Message-
>> From: cisco-nsp [mailto:cisco-nsp-boun...@puck.nether.net] On Behalf Of
>> Satish Patel
>> Sent: martedě 21 giugno 2016 04:53
>> To: Cisco Network Service Pro
I have router with two subnet A & B connected on related physical
interface. and we have two ISP link so i want to send subnet A to
ISP-A and subnet B to ISP-B.
is it enough if i do this or do i need to use match interface F1/1?
Because i want to do whatever coming from my source interface go to
I
ion yet)
>
> You must test from behind the router - from a host on the subnet ) - as
> self-generated traffic requires another type of PBR (local policy)
>
>
> -Original Message-
> From: cisco-nsp [mailto:cisco-nsp-boun...@puck.nether.net] On Behalf Of
> Satish
p access-list extended ACl-PBR-MATCH-ANY
>
> permit ip any any
>
>
>
>
>
>
>
> From: Satish Patel [mailto:satish@gmail.com]
> Sent: Thursday, June 23, 2016 2:24 PM
> To: Nick Cutting; Cisco Network Service Providers
> Subject: Re: [c-nsp] PBR two default g
> forwarding
>
> IP: s=150.1.6.6 (local), d=8.8.8.8, len 100, policy rejected -- normal
> forwarding
>
> IP: s=150.1.6.6 (local), d=8.8.8.8, len 100, policy rejected -- normal
> forwarding
>
> IP: s=150.1.6.6 (local), d=8.8.8.8, len 100, policy rejected -- normal
> for
gt;
> Brian
>
>
>
>> -Original Message-
>> From: Nick Cutting [mailto:ncutt...@edgetg.com]
>> Sent: mercoledì 22 giugno 2016 22:33
>> To: Satish Patel; Brian Turnbow; Cisco Network Service Providers
>> Subject: RE: [c-nsp] Private IP in point to po
;
>
> But hey I’m probably one of the only humans running BGP on an ASA ))
>
>
>
> From: Satish Patel [mailto:satish@gmail.com]
> Sent: Friday, June 24, 2016 1:49 PM
> To: Brian Turnbow
> Cc: Nick Cutting; Cisco Network Service Providers
>
>
> Subject: Re: [c-
I have following network configured on Cisco ASR1000 but i am seeing
wrong date on nfsen, does anyone experience this issue?
Should i use ipfix or Netflow v9 ? I did capture wireshark and its
showing correct date and time.
flow record netflow-record
match ipv4 destination address
match ipv4 s
, Tom Hill wrote:
> On 01/07/16 17:39, Satish Patel wrote:
>> On nfdump i am seeing this.
>>
>> [root@netflow 30]# nfdump -M /data/nfsen/profiles-data/live/r1 -T -r
>> nfcapd.201606301715 -a -c 10
>> Date first seen Duration Proto Src IP Addr:Port
>&
Flows Packets Bytes Packets Active(Sec) Idle(Sec)
Flows /Sec /Flow /Pkt /Sec /Flow /Flow
SrcIf SrcIPaddressDstIf DstIPaddressPr SrcP DstP Pkts
On Fri, Jul 1, 2016 at 1:01 PM, Tom Hill wrote:
> On 01/07/16 17:52, Satish Patel wr
Just install 1.6.13 still no luck :(
[root@netflow 01]# nfdump -V
nfdump: Version: 1.6.13
What do you think about ntop/nProbe? Should i try that? I heard
nProbe is not free, is that ture?
On Fri, Jul 1, 2016 at 1:21 PM, Tom Hill wrote:
> On 01/07/16 18:06, Satish Patel wrote:
>> wha
redefined at
/usr/share/perl5/vendor_perl/Exporter.pm line 66.
..
..
On Fri, Jul 1, 2016 at 1:28 PM, Satish Patel wrote:
> Just install 1.6.13 still no luck :(
>
> [root@netflow 01]# nfdump -V
> nfdump: Version: 1.6.13
>
> What do you think about ntop/nProbe? Should i try that? I
Interesting, I have post question to nfsen mailing list but no answer
yet. is Plixar free?
On Fri, Jul 1, 2016 at 1:54 PM, Christina Klam wrote:
>
> We were having the same timestamp/epoch issue. We ended up just moving
> away from nfsen and going with Plixar.
>
> --Christina
> _
20 entries
Inactive Timeout: 15 secs
Active Timeout: 60 secs
Trans end aging: off
On Sun, Jul 3, 2016 at 7:16 PM, Peter Rathlev wrote:
> On Fri, 2016-07-01 at 12:39 -0400, Satish Patel wrote:
>> I have following network configured on Cisco ASR1000 but i a
Fri, 2016-07-01 at 12:39 -0400, Satish Patel wrote:
>> I have following network configured on Cisco ASR1000 but i am seeing
>> wrong date on nfsen, does anyone experience this issue?
>>
>> Should i use ipfix or Netflow v9 ? I did capture wireshark and its
>> showing
Following command output is empty is that normal? Do you think that is
because of Hardware base netflow, i meant its using CEF?
R1#show ip cache flow
On Wed, Jul 6, 2016 at 3:05 PM, Tom Hill wrote:
> On 05/07/16 22:13, Satish Patel wrote:
>> I found solution to fix timestamp:
>
We have C3750 running src-mac etherchannel load-balancing, I want to
change that to src-dst-ip base because its now routed switch (L3).
Does it impact or affect any current traffic in order to change
load-balancing? I believe its hardware base logic so doesn't impact on
current traffic.
In google
tor cache sort highest
> counter packets top 20
>
>
>
> ----------
> *From:* cisco-nsp on behalf of Satish
> Patel
> *Sent:* Thursday, 7 July 2016 6:29 AM
> *To:* Tom Hill
> *Cc:* Cisco Network Service Providers
> *Subject:* Re: [c-nsp] Netflow with nfsen issue
>
54942 53413 17
34563 123 21:40:09.722 21:40:09.726
On Wed, Jul 6, 2016 at 9:38 PM, Satish Patel wrote:
> I don't have (sh top talker ) command, We have ASR1006
>
> R1#show top?
> topology
>
> R1#sh version
> Cisco IOS XE Software, Ver
AM, Mark Tinka wrote:
>
>
> On 6/Jul/16 23:13, Satish Patel wrote:
>
>> We have C3750 running src-mac etherchannel load-balancing, I want to
>> change that to src-dst-ip base because its now routed switch (L3).
>
> You probably should have that anyway, even with just 80
2016 at 5:06 PM, Gary Buhrmaster
wrote:
> On Thu, Jul 7, 2016 at 8:35 PM, Satish Patel wrote:
>
>> Just wanted to make sure it won't hurt current traffic.
>
> I have seen (older equipment, or at least older IOS versions)
> that the etherchannel bundle breaks and reforms
I have C3850 (L3) switch and Cisco ASR1006 Router, I am running ACL on
both device but if i rung "show ip access-lists" on both then i can
see c3850 hit counter not increasing but on ASR1006 router it is
increasing.
What does that mean? I heard from people C3850 using hardware ACL
because of that
Any input?
On Wed, Jul 20, 2016 at 11:52 AM, Satish Patel wrote:
> I have C3850 (L3) switch and Cisco ASR1006 Router, I am running ACL on
> both device but if i rung "show ip access-lists" on both then i can
> see c3850 hit counter not increasing but on ASR1006 router
You won't believe i have upgraded IOS to
asr1000rp2-adventerprisek9.03.16.03.S.155-3.S3-ext and just 1 hour ago
on ASR1006
Just pushed to production. figure coross, so far everything looks good.
On Thu, Jul 21, 2016 at 10:56 AM, Antoine Monnier
wrote:
> Hi All,
>
> Is anyone running the 3.16 tra
We have Cisco Nexus 5448 old switch running 5.0.3 and we don't have
smartnet on them but i got 7.0.1 IOS from someone else so planning to
upgrade them but i didn't find any prerequisite documentation related
that switch.
Does Cisco Nexus 5448UP-FA support 7.0.1 software? Does anyone has any
past e
it was N5K-5548UP-FA model.
On Wed, Aug 3, 2016 at 11:16 AM, Satish Patel wrote:
> We have Cisco Nexus 5448 old switch running 5.0.3 and we don't have
> smartnet on them but i got 7.0.1 IOS from someone else so planning to
> upgrade them but i didn't find any prerequisite do
u should be
> good. Or check the release notes. Actually, check the release notes for
> NX-OS regardless, it'll list caveats, HW support, upgrade procedures, etc.
>
> Chuck
>
> -Original Message-
> From: cisco-nsp [mailto:cisco-nsp-boun...@puck.nether.net] On Beha
I found this document and look like interesting
https://vnetwise.wordpress.com/category/n5k/
Last three lines:
You may not be able to jump from v5.x to v7.x directly and reboot one
node at a time.
You may have to go to v5.x/v6.x/v7.x
On Wed, Aug 3, 2016 at 11:53 AM, Satish Patel wrote
uments aren't hard to understand. I found the release notes for NXOS
> 7.0.1 within the Nexus 5000 family and see no mention of a 5448 under the
> list of supported hardware, so it would appear that it's not supported.
>
>
>
> On 8/3/2016 8:53 AM, Satish Patel wrote:
>&g
erly synced
> up.
>
>
> On 8/3/2016 9:21 AM, Satish Patel wrote:
>>
>> Pete,
>>
>> It was typo, I have corrected my switch model is Cisco Nexus 5548UP-FA.
>>
>> In google search some people saying you can directly go to 5.x to 7.x
>> is you don&#
9000
2 Front-to-Back 9000
On Wed, Aug 3, 2016 at 12:36 PM, Satish Patel wrote:
> Pete,
>
> Does that mean i can upgrade 5548UP from 5.0.3 to 7.0.1 directly
> without any issue, is that right?
>
> We have standalone switch (non-production)
>
> On Wed, Aug 3, 2016 a
this NTP bug
> that allows for a DoS apparently right in that version.
> http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160804-wedge
>
>
>> On Thu, Jul 21, 2016 at 7:28 PM, Satish Patel wrote:
>> You won't believe i have upgraded IOS to
>
1 - 100 of 144 matches
Mail list logo
