...And several shops filter on per-/8 RIR allocation min + maxes, too!
Bassically, a /24 isn't a safe, global assumption, unless from swamp space
and/or a RIR portion specifically created for micro-allocations.
Take note of the cisco "isp ingress strcit" prefix list on the ftp site. Folks
*are*
Kinda OT for c-nsp, but I'll suggest:
-get an ipv6 allocation today, and maybe one day it'll be useful
-do not assume even /24 will be "uniquely reachable" in the DFZ, as this wasn't
and isn't 100% true
-if the point of the exercise is to get an end-user site multihomed, explore
other non-PI a
Best to lab this sort of thing up. You can test scale/radius/etc handling using
"bulk" session generation from a *nix system, examples and info here:
http://www.jacco2.dds.nl/networking/openswan-l2tp.html#L2TPoverview
-Tk
-Original Message-
From: Youssef Bengelloun-Zahr
Sender: cisco-n
Fwiw, tested an npe-225 (on 12.4t, 12.2SR, and others) and saw single-session
tcp goodput at 90+ mbit, approx 55 to 60% cpu load (spent all towards cef +
interrupts, as it should be).
Anything higher end should do even better.
-Tk
-Original Message-
From: "Paul Stewart"
Sender: cisco-
Toss a pair of hosts, one at gig, one at faste, on the 2970 -- then run iperf
-c -P 50 / -s on either host, and tell *us* what you see for discards out the
slower of the two interfaces.
If you've got the gear, it should seem that the best information might be from
actual testing vs non-existent
You will need to adjust igp cost so that your signaling/sourcing PE router
issues/sends tldp via the sip-based interface towards the far-end vpls
speakers' loopback address. It would seem that your device is picking a link
that's lower cost (via the 10 gig card) which cannot allocate labels for
Phil,
I've found 12.4(20)T to be reliable enough for LNS duty, and most notably a tad
more dram efficient when considering bgp rib bloat compared to SR. Has what you
mention there, and then some. Of course, SR will have bgp vpls addr-fam
support, vpls inter-working, and a few other mpls knobs,
+1 to KISS principal using virtual-template ints and statics, however next-hop
reachability is somewhat obtuse unaided by gre keepalives or other end to end
reachability determination.
Also, +2 to DMVP (which is multipoint gre aided by nhrp) + some flavor of IGP
on top. Everyone knows that one
Two words: logging anachronisms.
It should be otherwise fine. Verify neighs are speaking/exchanging ldp helos
with "sh mpls ldp disc" and "sh mpls ldp nei"
-Tk
-Original Message-
From: Chris Lane
Date: Wed, 26 May 2010 09:21:09
To:
Subject: [c-nsp] 6509 MPLS Odd TDP issue
All,
I a
Imho, one should not encourage this nonsense by signing any such NDA. Brocade,
juniper, extreme, and others publish such data about their products right on
their darn respective websites, and without demonstrable harm.
Knowing if something has a shared+per-port limit vs per-port-asic vs per-port
Speaking of, I had been wondering for some time where folks are using
soft-reconfig inbound, vs relying on soft-refresh from neighbors.
If anyone is using it, mind sharing where and motivates it?
-Tk
-Original Message-
From: Brandon Applegate
Date: Sun, 23 May 2010 14:07:25
To:
Subje
This list has extensive coverage of CoPP (how it works, examples, etc) for
various platforms. I'd goodle up site: for a bit to see if that can satisfy
your needs.
Conceptually, CoPP works the same across platforms.
Roland ;) will likely suggest iACL's (infrastructure) at strategic border/peer
(Plug) ...You can't forget about gf-slb:
http://www.nanog.org/meetings/nanog41/presentations/Kapela-lightning.pdf
Some LB tasks are simply "perfect" workloads for ecmp and a few server
boxes...also note IP SLA + tracked objects + IOS embeded event manager can do
far more than I show in these sl
Afaik, L2PT is a port behavior, not a encaps type; it treats these (special
ethertype frames) like other untagged frames arriving on an L2 port configured
for 1q tunneling. Think of l2pt as "selective port ethertype ignoring." So, it
doesn't change SA or DA of the frame, and something looking cl
Tim,
Assuming the Rx counters on your side(s) are all zeros, then we could move to
consider perhaps their equipment has a layer 1.5 or PLCP issue -- failing to
transport small and non-line-rate frames could be related to:
-slightly broken Rx pll or ifg detection in their rx path; whereby it loc
+1 to policy route nexthop through loopback -- but this is route-map style, and
kinda janky imho, compared to other options
On IOS, I've become much more fond of tunnel-protection via virtual templates.
Real virt-access cloned per ipsec endpoint (with or without gre, etc) is pure
genius.
I'd s
16 matches
Mail list logo