Re: Managing your network devices via console
Mehmet Akcin writes: > It's always cool to have console access to routers/switches and > nowadays they are going from RS-232 to RJ-45 as a standart. I have got > Avocent DSR 2035 which is a KVM+Serial console (all in one).. but > while I was able to have it work against servers via KVM or/and Serial > , I was unable to make it work properly against any network device. I > am wondering if anyone had experience on DSR or similar boxes to > configure them against network devices console ports. I stumbled across these, which look like decent alternatives to getting a 2511 from eBay: http://www.perle.com/products/Terminal-Server.shtml The 48-port 1U terminal server with redundant power looks particularily nice. I've no experience with Perle, though. Anyone else? Bjørn
RE: Managing your network devices via console
> I stumbled across these, which look like decent alternatives to getting > a 2511 from eBay: http://www.perle.com/products/Terminal-Server.shtml > > The 48-port 1U terminal server with redundant power looks particularily > nice. > > I've no experience with Perle, though. Anyone else? > I use them in my datacenter. SCS 32 with the IOLAN Modem card. I have some basic advice for using it as a dialup source. It also does IPSec via our DSL line which also happens to be our POTs line. All kinds of nice stuff but a bit of a pain to initially configure if you do not know what you are doing (slight learning curve). I'm happy with it.
Re: Managing your network devices via console
jvar...@crypticstudios.com (Jake Vargas) wrote: > > I stumbled across these, which look like decent alternatives to getting > > a 2511 from eBay: http://www.perle.com/products/Terminal-Server.shtml > > > > The 48-port 1U terminal server with redundant power looks particularily > > nice. > > > > I've no experience with Perle, though. Anyone else? > > > > I use them in my datacenter. SCS 32 with the IOLAN Modem card. I have some > basic advice for using it as a dialup source. It also does IPSec via our DSL > line which also happens to be our POTs line. All kinds of nice stuff but a > bit of a pain to initially configure if you do not know what you are doing > (slight learning curve). I'm happy with it. We are still using the "ancient" Cyclades/Avocent ACS'es with a matching modem card (getting rare, them). They work fine, a bit slow on sshV2, but no problems in all the remote locations. I had one (pretty old) fail in the lab, but this might have been due to it being quite warm there... I am concerned about remote power control, though. If you know your datacenter, you can get all kinds of remote-controlled power strips. With us, we don't always know beforehand what kind of power the DCs will have, and I'd like the exact same equipment everywhere (except the cables, of course). In order to achieve this, I used Cyclades (now Avocent) ATP3120-001 (2...@100-240v input on IEC C320-20, 10A outputs on IEC C320-13). They have three shortcomings: - sometimes they forget their configuration (not critical) - they can only be accessed by serial console (no SNMP etc.) - consequently there's no power meter remote readout Is anyone here aware of such universally usable devices that can be accessed over IP and give power readouts remotely? Electrical specs are as above - 20 Amps input (for 120V countries), usable anywhere from 100-240 Volts and IEC input and output plugs... Any hints? (No, APC fails in the 100-240V part) (No, Perle fails in the 100-240V and the IEC part) (No, even Avocent's other strips fail there...) Yours, Elmi. -- "Hinken ist kein Mangel eines Vergleichs, sondern sollte als wesentliche Eigenschaft von Vergleichen angesehen werden." (Marius Fränzel in desd) --[ ELMI-RIPE ]---
Re: you're not interesting, was Re: another brick in the wall[ed garden]
And what's the next protocol that is going to be stomped on? Anything except http; at which point everything will move to http, and the firewalls are again useless. Um, if you think that http on consumer networks is transparent, I have some really bad news for you. Regards, John Levine, jo...@iecc.com, Primary Perpetrator of "The Internet for Dummies", Information Superhighwayman wanna-be, http://www.johnlevine.com, ex-Mayor "More Wiener schnitzel, please", said Tom, revealingly.
Re: you're not interesting, was Re: another brick in the wall[ed garden]
Anything traversing the edge. They are all revenue targets. Best, Martin On 5/14/09, Mark Andrews wrote: > > In message <20090514223605.88104.qm...@simone.iecc.com>, John Levine writes: >> >Dear Sprint EVDO people, >> > >> >Your man-in-the-middle hijacking of UDP/53 DNS queries against >> >nameservers that I choose to query from my laptop on Sprint EVDO is >> >not appreciated. Even less appreciated is your complete blocking of >> >TCP/53 DNS queries. >> >> If I were an ISP, and I knew that approximately 99.9% of customer >> queries to random name servers was malware doing fake site phishing or >> misconfigured PCs that will work OK and avoid a support call if they >> answer the DNS query, with 0.1% being old weenies like us, I'd do what >> Sprint's doing, too. > > And what's the next protocol that is going to be stomped on? > >> If you're aware of a mechanical way for them to tell the difference, >> we're all ears. > > Well you can't answer a TSIG message without knowing the > shared secret so you might as well just let it go through > and avoid some percentage of support calls. Intercepting > TSIG messages is guaranteed to generate a support call. > > Similarly intercepting "rd=0" is also guaranteed to generate > a support call. You almost certainly have a interative > resolver making the query which will not handle the "aa=0" > responses. > > Similarly there is no sane reason to block DNS/TCP other than > they can do it. > > Mark > >> Regards, >> John Levine, jo...@iecc.com, Primary Perpetrator of "The Internet for >> Dummies >> ", >> Information Superhighwayman wanna-be, http://www.johnlevine.com, ex-Mayor >> "More Wiener schnitzel, please", said Tom, revealingly. >> > -- > Mark Andrews, ISC > 1 Seymour St., Dundas Valley, NSW 2117, Australia > PHONE: +61 2 9871 4742 INTERNET: mark_andr...@isc.org > > -- Martin Hannigan mar...@theicelandguy.com p: +16178216079 Power, Network, and Costs Consulting for Iceland Datacenters and Occupants
BGP Update Report
BGP Update Report Interval: 13-Apr-09 -to- 14-May-09 (32 days) Observation Point: BGP Peering with AS131072 TOP 20 Unstable Origin AS Rank ASNUpds % Upds/PfxAS-Name 1 - AS3130 136562 2.3% 529.3 -- RGNET-3130 RGnet/PSGnet 2 - AS845269624 1.2% 51.7 -- TEDATA TEDATA 3 - AS21491 55630 0.9%1794.5 -- UTL-ON-LINE UTL On-line is RF broadband ISP in Uganda - Africa 4 - AS638953858 0.9% 12.4 -- BELLSOUTH-NET-BLK - BellSouth.net Inc. 5 - AS35805 52417 0.9% 151.9 -- UTG-AS United Telecom AS 6 - AS432343501 0.7% 10.0 -- TWTC - tw telecom holdings, inc. 7 - AS29049 42441 0.7% 131.4 -- DELTA-TELECOM-AS Delta Telecom LTD. 8 - AS33776 42032 0.7% 359.2 -- STARCOMMS-ASN 9 - AS12978 34819 0.6% 179.5 -- DOGAN-ONLINE Dogan Iletisim Elektronik Servis Hizmetleri AS 10 - AS815134764 0.6% 23.8 -- Uninet S.A. de C.V. 11 - AS10834 34577 0.6% 13.7 -- Telefonica Data Argentina S.A. 12 - AS17488 31858 0.5% 20.0 -- HATHWAY-NET-AP Hathway IP Over Cable Internet 13 - AS17974 31205 0.5% 30.0 -- TELKOMNET-AS2-AP PT Telekomunikasi Indonesia 14 - AS505630480 0.5% 258.3 -- INS-NET-2 - Iowa Network Services 15 - AS22773 28935 0.5% 26.9 -- ASN-CXA-ALL-CCI-22773-RDC - Cox Communications Inc. 16 - AS15045 28715 0.5%7178.8 -- KITTELSON - KITTELSON AND ASSOCIATES, INC. 17 - AS838627730 0.5% 229.2 -- KOCNET KOCNET-AS 18 - AS20115 27684 0.5% 16.4 -- CHARTER-NET-HKY-NC - Charter Communications 19 - AS424926475 0.5% 146.3 -- LILLY-AS - Eli Lilly and Company 20 - AS292026420 0.5% 322.2 -- LACOE - Los Angeles County Office of Education TOP 20 Unstable Origin AS (Updates per announced prefix) Rank ASNUpds % Upds/PfxAS-Name 1 - AS15045 28715 0.5%7178.8 -- KITTELSON - KITTELSON AND ASSOCIATES, INC. 2 - AS409674218 0.1%4218.0 -- CSF-AS CSF Computersoftware fuer Fachanwendungen GmbH 3 - AS32398 21155 0.4%3525.8 -- REALNET-ASN-1 4 - AS13325 24488 0.4%3061.0 -- STOMI - State of Michigan, DMB-CNOC 5 - AS466538276 0.1%2758.7 -- FREDRIKSON---BYRON - Fredrikson & Byron, P.A. 6 - AS282562679 0.1%2679.0 -- 7 - AS131532546 0.0%2546.0 -- ONEWORLD OneWorld S.A. 8 - AS292292449 0.0%2449.0 -- ASDA-AS Assotiation for the Development of West Athens 9 - AS8499 2167 0.0%2167.0 -- Space Hellas Network Operation Center (NOC) 10 - AS304234070 0.1%2035.0 -- AMEDI-3-ASN1 - Amedisys, Inc. 11 - AS476405763 0.1%1921.0 -- TRICOMPAS Tricomp Sp. z. o. o. 12 - AS505025422 0.4%1815.9 -- PSC-EXT - Pittsburgh Supercomputing Center 13 - AS21491 55630 0.9%1794.5 -- UTL-ON-LINE UTL On-line is RF broadband ISP in Uganda - Africa 14 - AS46328 14241 0.2%1582.3 -- PTCNEBRASKA - PIERCE TELEPHONE COMPANY, INCORPORATED 15 - AS398032818 0.1%1409.0 -- UTI-AS SC UTI COMMUNICATIONS SYSTEMS SRL 16 - AS289532324 0.0%1162.0 -- PIRAEUSBANK Greek banking institution 17 - AS169313354 0.1%1118.0 -- GLOBAL-PAYMENTS-1 - Global Payments, Inc. 18 - AS249942216 0.0%1108.0 -- GENESYS-AS GENESYS Informatica AS for announcing own prefixes 19 - AS472991077 0.0%1077.0 -- DRSA-AS Dlugie Rozmowy S.A. 20 - AS354005382 0.1%1076.4 -- MFIST Interregoinal Organization Network Technologies TOP 20 Unstable Prefixes Rank Prefix Upds % Origin AS -- AS Name 1 - 72.23.246.0/2424993 0.4% AS5050 -- PSC-EXT - Pittsburgh Supercomputing Center 2 - 41.204.2.0/24 21102 0.3% AS32398 -- REALNET-ASN-1 3 - 192.12.120.0/24 10327 0.2% AS5691 -- MITRE-AS-5 - The MITRE Corporation 4 - 63.103.104.0/229978 0.2% AS15045 -- KITTELSON - KITTELSON AND ASSOCIATES, INC. 5 - 63.103.108.0/239978 0.2% AS15045 -- KITTELSON - KITTELSON AND ASSOCIATES, INC. 6 - 63.103.110.0/248745 0.1% AS15045 -- KITTELSON - KITTELSON AND ASSOCIATES, INC. 7 - 199.45.13.0/24 8261 0.1% AS46653 -- FREDRIKSON---BYRON - Fredrikson & Byron, P.A. 8 - 123.49.152.0/247723 0.1% AS18118 -- CITICNET-AP CITIC Networks Management Co.,Ltd. 9 - 123.49.144.0/216918 0.1% AS18118 -- CITICNET-AP CITIC Networks Management Co.,Ltd. 10 - 195.96.69.0/24 6749 0.1% AS8225 -- ASTELIT-MSK-AS Astelit Autonomous System 11 - 81.199.18.0/24 5772 0.1% AS21491 -- UTL-ON-LINE UTL On-line is RF broadband ISP in Uganda - Africa 12 - 193.201.184.0/21 5769 0.1% AS25546 -- BROOKLANDCOMP-AS Brookland Computer Services 13 - 94.124.16.0/21 5697 0.1% AS47640 --
The Cidr Report
This report has been generated at Fri May 15 21:17:19 2009 AEST.
The report analyses the BGP Routing Table of AS2.0 router
and generates a report on aggregation potential within the table.
Check http://www.cidr-report.org for a current version of this report.
Recent Table History
Date PrefixesCIDR Agg
08-05-09294143 182447
09-05-09293901 181869
10-05-09294234 182075
11-05-09294208 183286
12-05-09294500 183655
13-05-09294535 183928
14-05-09294756 183893
15-05-09294616 184092
AS Summary
31334 Number of ASes in routing system
13335 Number of ASes announcing only one prefix
4296 Largest number of prefixes announced by an AS
AS6389 : BELLSOUTH-NET-BLK - BellSouth.net Inc.
89741824 Largest address span announced by an AS (/32s)
AS27064: DDN-ASNBLK1 - DoD Network Information Center
Aggregation Summary
The algorithm used in this report proposes aggregation only
when there is a precise match using the AS path, so as
to preserve traffic transit policies. Aggregation is also
proposed across non-advertised address space ('holes').
--- 15May09 ---
ASnumNetsNow NetsAggr NetGain % Gain Description
Table 294546 184073 11047337.5% All ASes
AS6389 4296 339 395792.1% BELLSOUTH-NET-BLK -
BellSouth.net Inc.
AS4323 4270 1765 250558.7% TWTC - tw telecom holdings,
inc.
AS209 2562 1150 141255.1% ASN-QWEST - Qwest
Communications Corporation
AS4766 1805 522 128371.1% KIXS-AS-KR Korea Telecom
AS17488 1584 301 128381.0% HATHWAY-NET-AP Hathway IP Over
Cable Internet
AS4755 1247 150 109788.0% TATACOMM-AS TATA
Communications formerly VSNL
is Leading ISP
AS22773 1063 68 99593.6% ASN-CXA-ALL-CCI-22773-RDC -
Cox Communications Inc.
AS1785 1759 796 96354.7% AS-PAETEC-NET - PaeTec
Communications, Inc.
AS8452 1200 303 89774.8% TEDATA TEDATA
AS8151 1449 598 85158.7% Uninet S.A. de C.V.
AS19262 996 236 76076.3% VZGNI-TRANSIT - Verizon
Internet Services Inc.
AS18566 1062 424 63860.1% COVAD - Covad Communications
Co.
AS6478 1404 811 59342.2% ATT-INTERNET3 - AT&T WorldNet
Services
AS18101 754 169 58577.6% RIL-IDC Reliance Infocom Ltd
Internet Data Centre,
AS11492 1099 549 55050.0% CABLEONE - CABLE ONE, INC.
AS855621 101 52083.7% CANET-ASN-4 - Bell Aliant
Regional Communications, Inc.
AS22047 610 98 51283.9% VTR BANDA ANCHA S.A.
AS2706 536 44 49291.8% HKSUPER-HK-AP Pacific Internet
(Hong Kong) Limited
AS17676 565 81 48485.7% GIGAINFRA BB TECHNOLOGY Corp.
AS17908 616 141 47577.1% TCISL Tata Communications
AS4804 574 105 46981.7% MPX-AS Microplex PTY LTD
AS7018 1491 1026 46531.2% ATT-INTERNET4 - AT&T WorldNet
Services
AS4808 629 168 46173.3% CHINA169-BJ CNCGROUP IP
network China169 Beijing
Province Network
AS24560 689 249 44063.9% AIRTELBROADBAND-AS-AP Bharti
Airtel Ltd., Telemedia
Services
AS7545 787 363 42453.9% TPG-INTERNET-AP TPG Internet
Pty Ltd
AS9443 527 103 42480.5% INTERNETPRIMUS-AS-AP Primus
Telecommunications
AS6517 660 242 41863.3% RELIANCEGLOBALCOM - Reliance
Globalcom Services, Inc
AS7011 963 553 41042.6% FRONTIER-AND-CITIZENS -
Frontier Communications of
America, Inc.
AS4668 688 282 4
Re: another brick in the wall[ed garden]
Skywing writes: > You are brave indeed to trust your packets over the air without a VPN or > tunnel of some sort. TSIG is like IPSEC's AH but for DNS. Being untrusting is how I managed to find out about these shenanigans in the first place. I don't care particularly about hiding the payload on a DNS query. -r
Google News Down?
I can reach Google News through icmp traceroutes, but the HTTP response says "Server Error".Anyone seeing this too?
Re: Google News Down?
On Fri, May 15, 2009 at 9:31 AM, Nitin Sharma wrote: > I can reach Google News through icmp traceroutes, but the HTTP response > says > "Server Error".Anyone seeing this too? > All fine here. -- joel esler | Sourcefire | gtalk: jes...@sourcefire.com | 302-223-5974 | http://twitter.com/joelesler
Re: Google News Down?
It is working fine now. Seems like a temporary failure from Google .. for 2 consecutive days? errmm! I can see many tweets to verify that it was indeed not working for many people too. On Fri, May 15, 2009 at 9:37 AM, Joel Esler wrote: > On Fri, May 15, 2009 at 9:31 AM, Nitin Sharma wrote: > >> I can reach Google News through icmp traceroutes, but the HTTP response >> says >> "Server Error".Anyone seeing this too? >> > > > All fine here. > > > -- > joel esler | Sourcefire | gtalk: jes...@sourcefire.com | 302-223-5974 | > http://twitter.com/joelesler >
Re: Managing your network devices via console
On May 15, 2009, at 4:45 AM, Elmar K. Bins wrote: I am concerned about remote power control, though. If you know your datacenter, you can get all kinds of remote-controlled power strips. With us, we don't always know beforehand what kind of power the DCs will have, and I'd like the exact same equipment everywhere (except the cables, of course). In order to achieve this, I used Cyclades (now Avocent) ATP3120-001 (2...@100-240v input on IEC C320-20, 10A outputs on IEC C320-13). They have three shortcomings: - sometimes they forget their configuration (not critical) - they can only be accessed by serial console (no SNMP etc.) - consequently there's no power meter remote readout Is anyone here aware of such universally usable devices that can be accessed over IP and give power readouts remotely? Electrical specs are as above - 20 Amps input (for 120V countries), usable anywhere from 100-240 Volts and IEC input and output plugs... Any hints? (No, APC fails in the 100-240V part) (No, Perle fails in the 100-240V and the IEC part) (No, even Avocent's other strips fail there...) Check out something like the BayTech RPC3 or RPC41 family? I don't know if it's exactly what you're looking for, but that's what I just picked to have per-outlet monitoring and control for a research datacenter we're building. -Dave PGP.sig Description: This is a digitally signed message part
Re: you're not interesting, was Re: another brick in the wall[ed garden]
Subject: Re: you're not interesting, was Re: another brick in the wall[ed garden] Date: Fri, May 15, 2009 at 10:10:26AM +0100 Quoting John R. Levine (jo...@iecc.com): >>> And what's the next protocol that is going to be stomped on? >> >> Anything except http; at which point everything will move to http, and >> the firewalls are again useless. > > Um, if you think that http on consumer networks is transparent, I have > some really bad news for you. If you change my sentence thusly: s/http/ what can be communicated over http/1;s/http/said channel/2; ..it all makes sense again, even "better" than before. -- Måns Nilsson
RE: Managing your network devices via console
Have you heard of or tried Cyberswitching for remote power management? The DualCom series provide remote SNMP and a WebUI control of all the outlets and you can also query them for how many amps each outlet is pulling. Their DualCom series does support 120-240 VAC as well as supporting IEC C13 and C19 outlets. I've used them for several installs and they work very well in that regard. Take a look at them here: http://www.cyberswitching.com/products-dualcom.html -Clay -Original Message- From: Elmar K. Bins [mailto:e...@4ever.de] Sent: Friday, May 15, 2009 4:45 AM To: Jake Vargas Cc: nanog@nanog.org Subject: Re: Managing your network devices via console jvar...@crypticstudios.com (Jake Vargas) wrote: > > I stumbled across these, which look like decent alternatives to getting > > a 2511 from eBay: http://www.perle.com/products/Terminal-Server.shtml > > > > The 48-port 1U terminal server with redundant power looks particularily > > nice. > > > > I've no experience with Perle, though. Anyone else? > > > > I use them in my datacenter. SCS 32 with the IOLAN Modem card. I have some > basic advice for using it as a dialup source. It also does IPSec via our DSL > line which also happens to be our POTs line. All kinds of nice stuff but a > bit of a pain to initially configure if you do not know what you are doing > (slight learning curve). I'm happy with it. We are still using the "ancient" Cyclades/Avocent ACS'es with a matching modem card (getting rare, them). They work fine, a bit slow on sshV2, but no problems in all the remote locations. I had one (pretty old) fail in the lab, but this might have been due to it being quite warm there... I am concerned about remote power control, though. If you know your datacenter, you can get all kinds of remote-controlled power strips. With us, we don't always know beforehand what kind of power the DCs will have, and I'd like the exact same equipment everywhere (except the cables, of course). In order to achieve this, I used Cyclades (now Avocent) ATP3120-001 (2...@100-240v input on IEC C320-20, 10A outputs on IEC C320-13). They have three shortcomings: - sometimes they forget their configuration (not critical) - they can only be accessed by serial console (no SNMP etc.) - consequently there's no power meter remote readout Is anyone here aware of such universally usable devices that can be accessed over IP and give power readouts remotely? Electrical specs are as above - 20 Amps input (for 120V countries), usable anywhere from 100-240 Volts and IEC input and output plugs... Any hints? (No, APC fails in the 100-240V part) (No, Perle fails in the 100-240V and the IEC part) (No, even Avocent's other strips fail there...) Yours, Elmi. -- "Hinken ist kein Mangel eines Vergleichs, sondern sollte als wesentliche Eigenschaft von Vergleichen angesehen werden." (Marius Fränzel in desd) --[ ELMI-RIPE ]---
Check out my photos on Facebook
Hi Nanog, I invited you to join Facebook a while back and wanted to remind you that once you join, we'll be able to connect online, share photos, organize groups and events, and more. Thanks, Martin To sign up for Facebook, follow the link below: http://www.facebook.com/p.php?i=681923447&k=RVMZQ2U532WMYKMCYFX5P&r nanog@nanog.org was invited to join Facebook by Martin Hepworth. If you do not wish to receive this type of email from Facebook in the future, please click on the link below to unsubscribe. http://www.facebook.com/o.php?k=464bf3&u=699384721&mid=777bd0G29afc391G0G8 Facebook's offices are located at 156 University Ave., Palo Alto, CA 94301.
Re: Check out my photos on Facebook
At least if facebook is going to reach the list, please RSVP here: http://www.facebook.com/home.php#/event.php?eid=86529812115&ref=ts -- Jared Mauch | pgp key available via finger from ja...@puck.nether.net clue++; | http://puck.nether.net/~jared/ My statements are only mine.
NPE-G2 vs. Sup720-3BXL
We're stuck in an engineering pickle, so some experience from this crew would be useful in tie-breaking... We operate a business-grade FTTx ISP with ~75 customers and 800Mbps of Internet traffic, currently using 6509/Sup2s for core routing and port aggregation. The MSFC2s are under stress from 3x full route feeds, pared down to 85% to fit the TCAM tables. One system has a FlexWAN with an OC3 card and it's crushing the CPU on the MSFC2. System tuning (stable IOS and esp. disabling SPD) helped a lot but still doesn't have the power to pull through. Hardware upgrades are needed... We need true full routes and more CPU horsepower for crunching BGP (+12 smaller peers + ISIS). OC3 interfaces are going to be mandatory, one each at two locations. Oh yeah, we're still a larger startup without endless pockets. Power, rack space, and SmartNet are not concerns at any location (on-site cold spares). We may need an upstream OC12 in the future but that's a ways out and not a concern here. Our engineering team has settled on three $20k/node options: - Sup720-3BXLs with PS and fan upgrades - Sup2s as switches + ISIS + statics and no BGP, push BGP edge routing off to NPE-G2s across a 2-3Gbps port-channel - Sup2s as switches + ISIS + statics and no BGP, push BGP edge routing off to a 12008 with E3 engines across a 2-3Gbps port-channel. Ideas and constructive opinions welcome, especially software and stability-related. Many thanks, -Dave
Re: NPE-G2 vs. Sup720-3BXL
dstora...@teljet.com (David Storandt) wrote: > Our engineering team has settled on three $20k/node options: > - Sup720-3BXLs with PS and fan upgrades Still quite slow CPU wise. RSP's are supposed to be a lot faster and actually usable. > - Sup2s as switches + ISIS + statics and no BGP, push BGP edge routing > off to NPE-G2s across a 2-3Gbps port-channel The NPE-G2 - even an NPE-G1 - will do all that BGP stuff easily; the CPU is fast enough. But...you might be in for a bad surprise concerning the Portchannel. Remember - it's done in software. So, depending on your packet sizes, you might experience a throughput _drop_ once you bundle. My experiments were done with very small packets though (DNS queries and responses, avg. packet size around 140 Byte). The devices I tested were the 1RU models (7301 for NPE-G1 and 7201 for NPE-G2). In "unbundled mode" they pushed around 940 kpps (G1) and 1320 kpps (G2) with CPU loads between 85% and 100%. Channel bundling took a lot out of the boxes. 7301 keeled over at 470, 7201 at 660 kpps. If you're only pushing big packets, though... Yours, Elmar.
RE: NPE-G2 vs. Sup720-3BXL
We've never pushed a NPE-G2 to 800Mb/s before but I would think they would topple over... hopefully someone on here could confirm my statement? Moving the BGP to the 12008's would be my choice with PRP-2 processors if the budget fits we're faced with a similar upgrade next year possibly moving BGP from a pair of 7606's (Sup720-3BXL) over to a pair of GSR's running PRP2 I think - the BGP processing etc. is pushing the CPU's too high on the 7600's Someone else might suggest the RSP720's but haven't had them in a production environment yet... we had PRP2's running on 12012 for a while and found them rock solid even with older line cards etc... Hope this helps a bit...;) Paul -Original Message- From: David Storandt [mailto:dstora...@teljet.com] Sent: Friday, May 15, 2009 11:08 AM To: NANOG list Subject: NPE-G2 vs. Sup720-3BXL We're stuck in an engineering pickle, so some experience from this crew would be useful in tie-breaking... We operate a business-grade FTTx ISP with ~75 customers and 800Mbps of Internet traffic, currently using 6509/Sup2s for core routing and port aggregation. The MSFC2s are under stress from 3x full route feeds, pared down to 85% to fit the TCAM tables. One system has a FlexWAN with an OC3 card and it's crushing the CPU on the MSFC2. System tuning (stable IOS and esp. disabling SPD) helped a lot but still doesn't have the power to pull through. Hardware upgrades are needed... We need true full routes and more CPU horsepower for crunching BGP (+12 smaller peers + ISIS). OC3 interfaces are going to be mandatory, one each at two locations. Oh yeah, we're still a larger startup without endless pockets. Power, rack space, and SmartNet are not concerns at any location (on-site cold spares). We may need an upstream OC12 in the future but that's a ways out and not a concern here. Our engineering team has settled on three $20k/node options: - Sup720-3BXLs with PS and fan upgrades - Sup2s as switches + ISIS + statics and no BGP, push BGP edge routing off to NPE-G2s across a 2-3Gbps port-channel - Sup2s as switches + ISIS + statics and no BGP, push BGP edge routing off to a 12008 with E3 engines across a 2-3Gbps port-channel. Ideas and constructive opinions welcome, especially software and stability-related. Many thanks, -Dave "The information transmitted is intended only for the person or entity to which it is addressed and contains confidential and/or privileged material. If you received this in error, please contact the sender immediately and then destroy this transmission, including all attachments, without copying, distributing or disclosing same. Thank you."
RE: NPE-G2 vs. Sup720-3BXL
We're running several six 65xx Sup720-3BXL with 3 full transit views and some 40-odd peers. We use two NPE-G1s for reflectors and some policy manipulation. Also running MPLS in the core to allow for traffic engineering and EoMPLS between certain services located in different locations. We're pushing up to between 800M and 1G at peak times (mostly outbound) with this setup and peak CPU on the 3BXLs is running maybe 30% -- average though of around 8 to 10%. Hope this helps side-note: I'm actually more worried about the distribution layer at the moment as it relies heavily on STP and HSRP/GLBP for the various vlans and access layer gunk. Currently these are 720-3B (non-XL), but looking eventually to build a business case to upgrade these to VSS1440 to simplify the architecture as well as providing better resilience and elimination of STP/HSRP/GLBP limitations between the dist and access layers. Problem is the budget side of that... blargh! Ideally I'd like to go more for the Nexus platform for this part of the network, given that we're doing a lot of virtualisation etc., but the downsides with that are primarily the COST of the bloody things, and secondly the fact that they don't currently support MPLS (planned for later this year, apparently). Leland On Fri, 15 May 2009, Paul Stewart wrote: > We've never pushed a NPE-G2 to 800Mb/s before but I would think they > would topple over... hopefully someone on here could confirm my > statement? > > Moving the BGP to the 12008's would be my choice with PRP-2 processors > if the budget fits we're faced with a similar upgrade next year > possibly moving BGP from a pair of 7606's (Sup720-3BXL) over to a pair > of GSR's running PRP2 I think - the BGP processing etc. is pushing the > CPU's too high on the 7600's > > Someone else might suggest the RSP720's but haven't had them in a > production environment yet... we had PRP2's running on 12012 for a > while and found them rock solid even with older line cards etc... > > Hope this helps a bit...;) > > Paul > > > -Original Message- > From: David Storandt [mailto:dstora...@teljet.com] > Sent: Friday, May 15, 2009 11:08 AM > To: NANOG list > Subject: NPE-G2 vs. Sup720-3BXL > > We're stuck in an engineering pickle, so some experience from this > crew would be useful in tie-breaking... > > We operate a business-grade FTTx ISP with ~75 customers and 800Mbps of > Internet traffic, currently using 6509/Sup2s for core routing and port > aggregation. The MSFC2s are under stress from 3x full route feeds, > pared down to 85% to fit the TCAM tables. One system has a FlexWAN > with an OC3 card and it's crushing the CPU on the MSFC2. System tuning > (stable IOS and esp. disabling SPD) helped a lot but still doesn't > have the power to pull through. Hardware upgrades are needed... > > We need true full routes and more CPU horsepower for crunching BGP > (+12 smaller peers + ISIS). OC3 interfaces are going to be mandatory, > one each at two locations. Oh yeah, we're still a larger startup > without endless pockets. Power, rack space, and SmartNet are not > concerns at any location (on-site cold spares). We may need an > upstream OC12 in the future but that's a ways out and not a concern > here. > > Our engineering team has settled on three $20k/node options: > - Sup720-3BXLs with PS and fan upgrades > - Sup2s as switches + ISIS + statics and no BGP, push BGP edge routing > off to NPE-G2s across a 2-3Gbps port-channel > - Sup2s as switches + ISIS + statics and no BGP, push BGP edge routing > off to a 12008 with E3 engines across a 2-3Gbps port-channel. > > Ideas and constructive opinions welcome, especially software and > stability-related. > > Many thanks, > -Dave > > > > > > > > "The information transmitted is intended only for the person or entity to > which it is addressed and contains confidential and/or privileged material. > If you received this in error, please contact the sender immediately and then > destroy this transmission, including all attachments, without copying, > distributing or disclosing same. Thank you." > >
Re: NPE-G2 vs. Sup720-3BXL
We ran into a similar quandary and have about the same amount of traffic as your network. When purchasing gear a year ago we decided against 7200's with an NPE-G2 as insufficient for the load. Have you looked at the 7304? The Cisco 7304 with an NSE-150 processing engine on it offloads a lot of the packet processing to dedicated hardware, and doesn't have TCAM limitations for routes. You can hold several full feeds and do the amount of traffic you're talking about without breaking a sweat. http://www.cisco.com/en/US/prod/collateral/routers/ps352/prod_bulletin0900aecd8060aac5.html It is capable of supporting both legacy port adapters (from your Flexwan or 7200 routers) and SPA cards with the right add-in modules, which IIRC is only a few hundred dollars. I'd be glad to answer any questions you have about our implementation. --am David Storandt wrote: We're stuck in an engineering pickle, so some experience from this crew would be useful in tie-breaking... We operate a business-grade FTTx ISP with ~75 customers and 800Mbps of Internet traffic, currently using 6509/Sup2s for core routing and port aggregation. The MSFC2s are under stress from 3x full route feeds, pared down to 85% to fit the TCAM tables. One system has a FlexWAN with an OC3 card and it's crushing the CPU on the MSFC2. System tuning (stable IOS and esp. disabling SPD) helped a lot but still doesn't have the power to pull through. Hardware upgrades are needed... We need true full routes and more CPU horsepower for crunching BGP (+12 smaller peers + ISIS). OC3 interfaces are going to be mandatory, one each at two locations. Oh yeah, we're still a larger startup without endless pockets. Power, rack space, and SmartNet are not concerns at any location (on-site cold spares). We may need an upstream OC12 in the future but that's a ways out and not a concern here. Our engineering team has settled on three $20k/node options: - Sup720-3BXLs with PS and fan upgrades - Sup2s as switches + ISIS + statics and no BGP, push BGP edge routing off to NPE-G2s across a 2-3Gbps port-channel - Sup2s as switches + ISIS + statics and no BGP, push BGP edge routing off to a 12008 with E3 engines across a 2-3Gbps port-channel. Ideas and constructive opinions welcome, especially software and stability-related. Many thanks, -Dave
Re: NPE-G2 vs. Sup720-3BXL
Cisco 7304 may not adequate for service provider. It's CPU/IO-controller is tied together, and doesn't provide much of benefit. Cisco 7200/7300 is enterprise solution pretty much, and doesn't support distributed CEF. If you are considering SUP720-3BXL, why not considering RSP720-3CXL ? Alex Aaron Millisor wrote: > We ran into a similar quandary and have about the same amount of > traffic as your network. When purchasing gear a year ago we decided > against 7200's with an NPE-G2 as insufficient for the load. Have you > looked at the 7304? > > The Cisco 7304 with an NSE-150 processing engine on it offloads a lot > of the packet processing to dedicated hardware, and doesn't have TCAM > limitations for routes. You can hold several full feeds and do the > amount of traffic you're talking about without breaking a sweat. > > http://www.cisco.com/en/US/prod/collateral/routers/ps352/prod_bulletin0900aecd8060aac5.html > > > It is capable of supporting both legacy port adapters (from your > Flexwan or 7200 routers) and SPA cards with the right add-in modules, > which IIRC is only a few hundred dollars. > > I'd be glad to answer any questions you have about our implementation. > > --am > > David Storandt wrote: >> We're stuck in an engineering pickle, so some experience from this >> crew would be useful in tie-breaking... >> >> We operate a business-grade FTTx ISP with ~75 customers and 800Mbps of >> Internet traffic, currently using 6509/Sup2s for core routing and port >> aggregation. The MSFC2s are under stress from 3x full route feeds, >> pared down to 85% to fit the TCAM tables. One system has a FlexWAN >> with an OC3 card and it's crushing the CPU on the MSFC2. System tuning >> (stable IOS and esp. disabling SPD) helped a lot but still doesn't >> have the power to pull through. Hardware upgrades are needed... >> >> We need true full routes and more CPU horsepower for crunching BGP >> (+12 smaller peers + ISIS). OC3 interfaces are going to be mandatory, >> one each at two locations. Oh yeah, we're still a larger startup >> without endless pockets. Power, rack space, and SmartNet are not >> concerns at any location (on-site cold spares). We may need an >> upstream OC12 in the future but that's a ways out and not a concern >> here. >> >> Our engineering team has settled on three $20k/node options: >> - Sup720-3BXLs with PS and fan upgrades >> - Sup2s as switches + ISIS + statics and no BGP, push BGP edge routing >> off to NPE-G2s across a 2-3Gbps port-channel >> - Sup2s as switches + ISIS + statics and no BGP, push BGP edge routing >> off to a 12008 with E3 engines across a 2-3Gbps port-channel. >> >> Ideas and constructive opinions welcome, especially software and >> stability-related. >> >> Many thanks, >> -Dave > > >
Re: NPE-G2 vs. Sup720-3BXL
I would love to use the RSP720-3CXL, but cost and the PA OC3 are the difficulties. If the RSP720s will run in a 6500 chassis, great! We wouldn't have to purchase new chassis and the increased downtime for the swap-out. RSP720 don't support the older bus-only FlexWAN either with the OC3 PA we're using, so we'd have to figure out a solution for that - SIPs, Enhanced FlexWAN, or external routers. Bah. ...the RSP720s + chassis + OC3 solution more than double our $20k/node budget, so that's a much tougher sell internally. -Dave 2009/5/15 Alex H. Ryu : > Cisco 7304 may not adequate for service provider. > It's CPU/IO-controller is tied together, and doesn't provide much of > benefit. > > Cisco 7200/7300 is enterprise solution pretty much, and doesn't support > distributed CEF. > > If you are considering SUP720-3BXL, why not considering RSP720-3CXL ? > > Alex > > > Aaron Millisor wrote: >> We ran into a similar quandary and have about the same amount of >> traffic as your network. When purchasing gear a year ago we decided >> against 7200's with an NPE-G2 as insufficient for the load. Have you >> looked at the 7304? >> >> The Cisco 7304 with an NSE-150 processing engine on it offloads a lot >> of the packet processing to dedicated hardware, and doesn't have TCAM >> limitations for routes. You can hold several full feeds and do the >> amount of traffic you're talking about without breaking a sweat. >> >> http://www.cisco.com/en/US/prod/collateral/routers/ps352/prod_bulletin0900aecd8060aac5.html >> >> >> It is capable of supporting both legacy port adapters (from your >> Flexwan or 7200 routers) and SPA cards with the right add-in modules, >> which IIRC is only a few hundred dollars. >> >> I'd be glad to answer any questions you have about our implementation. >> >> --am >> >> David Storandt wrote: >>> We're stuck in an engineering pickle, so some experience from this >>> crew would be useful in tie-breaking... >>> >>> We operate a business-grade FTTx ISP with ~75 customers and 800Mbps of >>> Internet traffic, currently using 6509/Sup2s for core routing and port >>> aggregation. The MSFC2s are under stress from 3x full route feeds, >>> pared down to 85% to fit the TCAM tables. One system has a FlexWAN >>> with an OC3 card and it's crushing the CPU on the MSFC2. System tuning >>> (stable IOS and esp. disabling SPD) helped a lot but still doesn't >>> have the power to pull through. Hardware upgrades are needed... >>> >>> We need true full routes and more CPU horsepower for crunching BGP >>> (+12 smaller peers + ISIS). OC3 interfaces are going to be mandatory, >>> one each at two locations. Oh yeah, we're still a larger startup >>> without endless pockets. Power, rack space, and SmartNet are not >>> concerns at any location (on-site cold spares). We may need an >>> upstream OC12 in the future but that's a ways out and not a concern >>> here. >>> >>> Our engineering team has settled on three $20k/node options: >>> - Sup720-3BXLs with PS and fan upgrades >>> - Sup2s as switches + ISIS + statics and no BGP, push BGP edge routing >>> off to NPE-G2s across a 2-3Gbps port-channel >>> - Sup2s as switches + ISIS + statics and no BGP, push BGP edge routing >>> off to a 12008 with E3 engines across a 2-3Gbps port-channel. >>> >>> Ideas and constructive opinions welcome, especially software and >>> stability-related. >>> >>> Many thanks, >>> -Dave >> >> >> > >
Re: you're not interesting, was Re: another brick in the wall[ed garden]
On May 14, 2009, at 10:07 PM, Mans Nilsson wrote: Subject: Re: you're not interesting, was Re: another brick in the wall[ed garden] Date: Fri, May 15, 2009 at 09:58:32AM +1000 Quoting Mark Andrews (mark_andr...@isc.org): And what's the next protocol that is going to be stomped on? Anything except http; at which point everything will move to http, and the firewalls are again useless. This is, indeed, already happening. In fact, I'm running an SMTP server with TLS on port 80 to get around SPRINT's existing braindamage. (or at least the braindamage they had at one point). Owen -- Måns Nilsson
RE: Managing your network devices via console
We use Cyclades (avocent) devices in our data center. They have worked great for us. Very reliable. Modem dial-in gives us great remote capabilities if we have a major outage. We had troubles initially getting them to work because the cable adapters were never pinned correctly for Cisco. We ended up making our own rolled rj45-rj45 cables. IIRC, this was a ton of work as you need to do some funky 2 wires in one position stuff. We also use Cisco 2500's with modem on the aux and an octo-cable for the devices. This works well too, but not as nice of an interface as the Cyclades. No special cables needed though. For power we have been using APC Managed PDU's. These have been fantastic. No compaints. -Original Message- From: Mehmet Akcin [mailto:meh...@akcin.net] Sent: Thursday, May 14, 2009 9:30 PM To: nanog@nanog.org Subject: Managing your network devices via console Hello, It's always cool to have console access to routers/switches and nowadays they are going from RS-232 to RJ-45 as a standart. I have got Avocent DSR 2035 which is a KVM+Serial console (all in one).. but while I was able to have it work against servers via KVM or/and Serial , I was unable to make it work properly against any network device. I am wondering if anyone had experience on DSR or similar boxes to configure them against network devices console ports. Making suggestions for alternative ways of centralizing network device console management is also more than welcome, I guess the old fashioned server attached usb-serial console is one of the most preferred way, but feel free to provide if you have good ideas cheers -- Mehmet
Weekly Routing Table Report
This is an automated weekly mailing describing the state of the Internet Routing Table as seen from APNIC's router in Japan. Daily listings are sent to bgp-st...@lists.apnic.net For historical data, please see http://thyme.apnic.net. If you have any comments please contact Philip Smith . Routing Table Report 04:00 +10GMT Sat 16 May, 2009 Report Website: http://thyme.apnic.net Detailed Analysis: http://thyme.apnic.net/current/ Analysis Summary BGP routing table entries examined: 288509 Prefixes after maximum aggregation: 136412 Deaggregation factor: 2.11 Unique aggregates announced to Internet: 141329 Total ASes present in the Internet Routing Table: 31265 Prefixes per ASN: 9.23 Origin-only ASes present in the Internet Routing Table: 27181 Origin ASes announcing only one prefix: 13271 Transit ASes present in the Internet Routing Table:4084 Transit-only ASes present in the Internet Routing Table: 93 Average AS path length visible in the Internet Routing Table: 3.6 Max AS path length visible: 33 Max AS path prepend of ASN (43683) 31 Prefixes from unregistered ASNs in the Routing Table: 464 Unregistered ASNs in the Routing Table: 151 Number of 32-bit ASNs allocated by the RIRs:144 Prefixes from 32-bit ASNs in the Routing Table: 33 Special use prefixes present in the Routing Table:0 Prefixes being announced from unallocated address space:217 Number of addresses announced to Internet: 2045653328 Equivalent to 121 /8s, 238 /16s and 49 /24s Percentage of available address space announced: 55.2 Percentage of allocated address space announced: 63.9 Percentage of available address space allocated: 86.4 Percentage of address space in use by end-sites: 77.0 Total number of prefixes smaller than registry allocations: 142688 APNIC Region Analysis Summary - Prefixes being announced by APNIC Region ASes:67654 Total APNIC prefixes after maximum aggregation: 24179 APNIC Deaggregation factor:2.80 Prefixes being announced from the APNIC address blocks: 64332 Unique aggregates announced from the APNIC address blocks:29021 APNIC Region origin ASes present in the Internet Routing Table:3628 APNIC Prefixes per ASN: 17.73 APNIC Region origin ASes announcing only one prefix:990 APNIC Region transit ASes present in the Internet Routing Table:559 Average APNIC Region AS path length visible:3.5 Max APNIC Region AS path length visible: 18 Number of APNIC addresses announced to Internet: 413775280 Equivalent to 24 /8s, 169 /16s and 181 /24s Percentage of available APNIC address space announced: 77.1 APNIC AS Blocks4608-4864, 7467-7722, 9216-10239, 17408-18431 (pre-ERX allocations) 23552-24575, 37888-38911, 45056-46079 APNIC Address Blocks58/8, 59/8, 60/8, 61/8, 110/8, 111/8, 112/8, 113/8, 114/8, 115/8, 116/8, 117/8, 118/8, 119/8, 120/8, 121/8, 122/8, 123/8, 124/8, 125/8, 126/8, 180/8, 183/8, 202/8, 203/8, 210/8, 211/8, 218/8, 219/8, 220/8, 221/8, 222/8, ARIN Region Analysis Summary Prefixes being announced by ARIN Region ASes:125540 Total ARIN prefixes after maximum aggregation:66187 ARIN Deaggregation factor: 1.90 Prefixes being announced from the ARIN address blocks:94652 Unique aggregates announced from the ARIN address blocks: 36596 ARIN Region origin ASes present in the Internet Routing Table:12997 ARIN Prefixes per ASN: 7.28 ARIN Region origin ASes announcing only one prefix:5002 ARIN Region transit ASes present in the Internet Routing Table:1272 Average ARIN Region AS path length visible: 3.3 Max ARIN Region AS path length visible: 24 Number of ARIN addresses announced to Internet: 428644608 Equivalent to 25 /8s, 140 /16s and 153 /24s Percentage of available ARIN address space announced: 82.4 ARIN AS Blocks 1-1876, 1902-2042, 2044-2046, 2048-2106 (pre-ERX allocations) 2138-2584, 2615-2772, 2823-
Re: Managing your network devices via console
I am yet another that uses and loves Cyclades in my data center. The new ACS 6000 series is what I have now, which is quite nice due to the software pin switching they have on that unit, this means no more special cisco dongles. Also part of the reason for my use of the ACS is for the integration of the Cyclades power strips, very seemless very nice. I have also used the Cisco terminal server mods in the past and they worked just fine as well, though I have no modern experience there. -smiley On Fri, May 15, 2009 at 11:04 AM, Dylan Ebner wrote: > We use Cyclades (avocent) devices in our data center. They have worked > great for us. Very reliable. Modem dial-in gives us great remote > capabilities if we have a major outage. We had troubles initially > getting them to work because the cable adapters were never pinned > correctly for Cisco. We ended up making our own rolled rj45-rj45 cables. > IIRC, this was a ton of work as you need to do some funky 2 wires in one > position stuff. > > We also use Cisco 2500's with modem on the aux and an octo-cable for the > devices. This works well too, but not as nice of an interface as the > Cyclades. No special cables needed though. > > For power we have been using APC Managed PDU's. These have been > fantastic. No compaints. > > > > > -Original Message- > From: Mehmet Akcin [mailto:meh...@akcin.net] > Sent: Thursday, May 14, 2009 9:30 PM > To: nanog@nanog.org > Subject: Managing your network devices via console > > Hello, > > It's always cool to have console access to routers/switches and nowadays > they are going from RS-232 to RJ-45 as a standart. I have got Avocent > DSR 2035 which is a KVM+Serial console (all in one).. but while I was > able to have it work against servers via KVM or/and Serial , I was > unable to make it work properly against any network device. I am > wondering if anyone had experience on DSR or similar boxes to configure > them against network devices console ports. > > Making suggestions for alternative ways of centralizing network device > console management is also more than welcome, I guess the old fashioned > server attached usb-serial console is one of the most preferred way, but > feel free to provide if you have good ideas > > cheers > > -- > Mehmet > > > >
Re: NPE-G2 vs. Sup720-3BXL
I have used the 7304 in the past and was happy with it. In fact I still have a 6-port DS3 module for a 7304 which I need to find a home for if anyone has the need. The 7304 originally had its own specific modules that went into it. But they also sell carrier card for it so you can use standard PA's, as well as the SPA's which is nice. Overall footprint is rather nice, and I use to use those 6-port DS3 cards which allowed for hefty DS3 termination. Brian On May 15, 2009, at 12:44 PM, Aaron Millisor wrote: We ran into a similar quandary and have about the same amount of traffic as your network. When purchasing gear a year ago we decided against 7200's with an NPE-G2 as insufficient for the load. Have you looked at the 7304? The Cisco 7304 with an NSE-150 processing engine on it offloads a lot of the packet processing to dedicated hardware, and doesn't have TCAM limitations for routes. You can hold several full feeds and do the amount of traffic you're talking about without breaking a sweat. http://www.cisco.com/en/US/prod/collateral/routers/ps352/prod_bulletin0900aecd8060aac5.html It is capable of supporting both legacy port adapters (from your Flexwan or 7200 routers) and SPA cards with the right add-in modules, which IIRC is only a few hundred dollars. I'd be glad to answer any questions you have about our implementation. --am David Storandt wrote: We're stuck in an engineering pickle, so some experience from this crew would be useful in tie-breaking... We operate a business-grade FTTx ISP with ~75 customers and 800Mbps of Internet traffic, currently using 6509/Sup2s for core routing and port aggregation. The MSFC2s are under stress from 3x full route feeds, pared down to 85% to fit the TCAM tables. One system has a FlexWAN with an OC3 card and it's crushing the CPU on the MSFC2. System tuning (stable IOS and esp. disabling SPD) helped a lot but still doesn't have the power to pull through. Hardware upgrades are needed... We need true full routes and more CPU horsepower for crunching BGP (+12 smaller peers + ISIS). OC3 interfaces are going to be mandatory, one each at two locations. Oh yeah, we're still a larger startup without endless pockets. Power, rack space, and SmartNet are not concerns at any location (on-site cold spares). We may need an upstream OC12 in the future but that's a ways out and not a concern here. Our engineering team has settled on three $20k/node options: - Sup720-3BXLs with PS and fan upgrades - Sup2s as switches + ISIS + statics and no BGP, push BGP edge routing off to NPE-G2s across a 2-3Gbps port-channel - Sup2s as switches + ISIS + statics and no BGP, push BGP edge routing off to a 12008 with E3 engines across a 2-3Gbps port-channel. Ideas and constructive opinions welcome, especially software and stability-related. Many thanks, -Dave
Re: NPE-G2 vs. Sup720-3BXL
David, My 1st advice would be to look also at the other features/capabilities you require, and not just at "feeds and speeds". Some examples for functionality could be: - QOS - NetFlow - DDoS resistance In general the 6500 and the 12000 are hardware based platforms, with the 12000 being more distributed in nature, using linecard resources for data plane (6500 does it too if you have DFC installed). 7200 is a CPU/software based platform, so the same processor does packet forwarding and control plane processing. The 6500 (depends on specific module selection) is more restricted with QOS and NetFlow functionality as it is designed to do very fast forwarding at a relativly cheaper price. The 12000 has everything implemented in hardware, and depends on the engine types (don't use anything other than Eng 3 or 5) has all the support you may dream of for things like QOS and other features. The 7200 is a software based router, which means that it support any feature you may ever dream of, but the scalability decreases as you turn them on. Another option you should consider seriously should be the ASR1000 router, which is a newer platform and has a new architecture. All its features are based on hardware support, and it could actually prove the best choice for what you need. The ASR1002 comes with 4 integrated 1GE ports, which could be all that you would ever need (but it has quite a few extension slots left). Arie On Fri, May 15, 2009 at 6:07 PM, David Storandt wrote: > We're stuck in an engineering pickle, so some experience from this > crew would be useful in tie-breaking... > > We operate a business-grade FTTx ISP with ~75 customers and 800Mbps of > Internet traffic, currently using 6509/Sup2s for core routing and port > aggregation. The MSFC2s are under stress from 3x full route feeds, > pared down to 85% to fit the TCAM tables. One system has a FlexWAN > with an OC3 card and it's crushing the CPU on the MSFC2. System tuning > (stable IOS and esp. disabling SPD) helped a lot but still doesn't > have the power to pull through. Hardware upgrades are needed... > > We need true full routes and more CPU horsepower for crunching BGP > (+12 smaller peers + ISIS). OC3 interfaces are going to be mandatory, > one each at two locations. Oh yeah, we're still a larger startup > without endless pockets. Power, rack space, and SmartNet are not > concerns at any location (on-site cold spares). We may need an > upstream OC12 in the future but that's a ways out and not a concern > here. > > Our engineering team has settled on three $20k/node options: > - Sup720-3BXLs with PS and fan upgrades > - Sup2s as switches + ISIS + statics and no BGP, push BGP edge routing > off to NPE-G2s across a 2-3Gbps port-channel > - Sup2s as switches + ISIS + statics and no BGP, push BGP edge routing > off to a 12008 with E3 engines across a 2-3Gbps port-channel. > > Ideas and constructive opinions welcome, especially software and > stability-related. > > Many thanks, > -Dave > >
RE: NANOG Digest, Vol 16, Issue 60
I would not like to punt another vendor's equipment but have you looked at the MX-480 or MX-960. You would not have to worry about CPU limitations and it is an Internet core box capable of handling all the protocols. Kesva -Original Message- From: nanog-requ...@nanog.org [mailto:nanog-requ...@nanog.org] Sent: Friday, May 15, 2009 2:16 PM To: nanog@nanog.org Subject: NANOG Digest, Vol 16, Issue 60 Send NANOG mailing list submissions to nanog@nanog.org To subscribe or unsubscribe via the World Wide Web, visit http://mailman.nanog.org/mailman/listinfo/nanog or, via email, send a message with subject or body 'help' to nanog-requ...@nanog.org You can reach the person managing the list at nanog-ow...@nanog.org When replying, please edit your Subject line so it is more specific than "Re: Contents of NANOG digest..." Today's Topics: 1. RE: NPE-G2 vs. Sup720-3BXL (Leland E. Vandervort) 2. Re: NPE-G2 vs. Sup720-3BXL (Aaron Millisor) 3. Re: NPE-G2 vs. Sup720-3BXL (Alex H. Ryu) 4. Re: NPE-G2 vs. Sup720-3BXL (David Storandt) 5. Re: you're not interesting, was Re: another brick in the wall[ed garden] (Owen DeLong) 6. RE: Managing your network devices via console (Dylan Ebner) 7. Weekly Routing Table Report (Routing Analysis Role Account) -- Message: 1 Date: Fri, 15 May 2009 16:21:23 + (GMT) From: "Leland E. Vandervort" Subject: RE: NPE-G2 vs. Sup720-3BXL To: Paul Stewart Cc: NANOG list Message-ID: Content-Type: TEXT/PLAIN; charset=US-ASCII We're running several six 65xx Sup720-3BXL with 3 full transit views and some 40-odd peers. We use two NPE-G1s for reflectors and some policy manipulation. Also running MPLS in the core to allow for traffic engineering and EoMPLS between certain services located in different locations. We're pushing up to between 800M and 1G at peak times (mostly outbound) with this setup and peak CPU on the 3BXLs is running maybe 30% -- average though of around 8 to 10%. Hope this helps side-note: I'm actually more worried about the distribution layer at the moment as it relies heavily on STP and HSRP/GLBP for the various vlans and access layer gunk. Currently these are 720-3B (non-XL), but looking eventually to build a business case to upgrade these to VSS1440 to simplify the architecture as well as providing better resilience and elimination of STP/HSRP/GLBP limitations between the dist and access layers. Problem is the budget side of that... blargh! Ideally I'd like to go more for the Nexus platform for this part of the network, given that we're doing a lot of virtualisation etc., but the downsides with that are primarily the COST of the bloody things, and secondly the fact that they don't currently support MPLS (planned for later this year, apparently). Leland On Fri, 15 May 2009, Paul Stewart wrote: > We've never pushed a NPE-G2 to 800Mb/s before but I would think they > would topple over... hopefully someone on here could confirm my > statement? > > Moving the BGP to the 12008's would be my choice with PRP-2 processors > if the budget fits we're faced with a similar upgrade next year > possibly moving BGP from a pair of 7606's (Sup720-3BXL) over to a pair > of GSR's running PRP2 I think - the BGP processing etc. is pushing the > CPU's too high on the 7600's > > Someone else might suggest the RSP720's but haven't had them in a > production environment yet... we had PRP2's running on 12012 for a > while and found them rock solid even with older line cards etc... > > Hope this helps a bit...;) > > Paul > > > -Original Message- > From: David Storandt [mailto:dstora...@teljet.com] > Sent: Friday, May 15, 2009 11:08 AM > To: NANOG list > Subject: NPE-G2 vs. Sup720-3BXL > > We're stuck in an engineering pickle, so some experience from this > crew would be useful in tie-breaking... > > We operate a business-grade FTTx ISP with ~75 customers and 800Mbps of > Internet traffic, currently using 6509/Sup2s for core routing and port > aggregation. The MSFC2s are under stress from 3x full route feeds, > pared down to 85% to fit the TCAM tables. One system has a FlexWAN > with an OC3 card and it's crushing the CPU on the MSFC2. System tuning > (stable IOS and esp. disabling SPD) helped a lot but still doesn't > have the power to pull through. Hardware upgrades are needed... > > We need true full routes and more CPU horsepower for crunching BGP > (+12 smaller peers + ISIS). OC3 interfaces are going to be mandatory, > one each at two locations. Oh yeah, we're still a larger startup > without endless pockets. Power, rack space, and SmartNet are not > concerns at any location (on-site cold spares). We may need an > upstream OC12 in the future but that's a ways out and not a concern > here. > > Our engineering team has settled on three $20k/node options: > - Sup720-3BXLs with PS and fan upgrades > - Sup2s as
RE: NPE-G2 vs. Sup720-3BXL
You may also take a look at the Cisco ASR1000 line... Supposedly a middle step between 7200 and 7600 router sizing.. > -Original Message- > From: Arie Vayner [mailto:arievay...@gmail.com] > Sent: Friday, May 15, 2009 1:34 PM > To: David Storandt > Cc: NANOG list > Subject: Re: NPE-G2 vs. Sup720-3BXL > > David, > > My 1st advice would be to look also at the other > features/capabilities you require, and not just at "feeds and speeds". > > Some examples for functionality could be: > - QOS > - NetFlow > - DDoS resistance > > In general the 6500 and the 12000 are hardware based > platforms, with the 12000 being more distributed in nature, > using linecard resources for data plane (6500 does it too if > you have DFC installed). 7200 is a CPU/software based > platform, so the same processor does packet forwarding and > control plane processing. > > The 6500 (depends on specific module selection) is more > restricted with QOS and NetFlow functionality as it is > designed to do very fast forwarding at a relativly cheaper price. > The 12000 has everything implemented in hardware, and depends > on the engine types (don't use anything other than Eng 3 or > 5) has all the support you may dream of for things like QOS > and other features. > The 7200 is a software based router, which means that it > support any feature you may ever dream of, but the > scalability decreases as you turn them on. > > Another option you should consider seriously should be the > ASR1000 router, which is a newer platform and has a new > architecture. All its features are based on hardware support, > and it could actually prove the best choice for what you need. > The ASR1002 comes with 4 integrated 1GE ports, which could be > all that you would ever need (but it has quite a few > extension slots left). > > Arie > > On Fri, May 15, 2009 at 6:07 PM, David Storandt > wrote: > > > We're stuck in an engineering pickle, so some experience from this > > crew would be useful in tie-breaking... > > > > We operate a business-grade FTTx ISP with ~75 customers and > 800Mbps of > > Internet traffic, currently using 6509/Sup2s for core > routing and port > > aggregation. The MSFC2s are under stress from 3x full route feeds, > > pared down to 85% to fit the TCAM tables. One system has a FlexWAN > > with an OC3 card and it's crushing the CPU on the MSFC2. > System tuning > > (stable IOS and esp. disabling SPD) helped a lot but still doesn't > > have the power to pull through. Hardware upgrades are needed... > > > > We need true full routes and more CPU horsepower for crunching BGP > > (+12 smaller peers + ISIS). OC3 interfaces are going to be > mandatory, > > one each at two locations. Oh yeah, we're still a larger startup > > without endless pockets. Power, rack space, and SmartNet are not > > concerns at any location (on-site cold spares). We may need an > > upstream OC12 in the future but that's a ways out and not a concern > > here. > > > > Our engineering team has settled on three $20k/node options: > > - Sup720-3BXLs with PS and fan upgrades > > - Sup2s as switches + ISIS + statics and no BGP, push BGP > edge routing > > off to NPE-G2s across a 2-3Gbps port-channel > > - Sup2s as switches + ISIS + statics and no BGP, push BGP > edge routing > > off to a 12008 with E3 engines across a 2-3Gbps port-channel. > > > > Ideas and constructive opinions welcome, especially software and > > stability-related. > > > > Many thanks, > > -Dave > > > > >
Re: Managing your network devices via console
Thanks everyone for the answers... It came down to a point where, just sticking a male-to-male null modem in between made this work at 9600 =) I guess sometimes solutions are way easier than we may think, heh. Mehmet On Fri, May 15, 2009 at 11:04 AM, Dylan Ebner wrote: > We use Cyclades (avocent) devices in our data center. They have worked > great for us. Very reliable. Modem dial-in gives us great remote > capabilities if we have a major outage. We had troubles initially > getting them to work because the cable adapters were never pinned > correctly for Cisco. We ended up making our own rolled rj45-rj45 cables. > IIRC, this was a ton of work as you need to do some funky 2 wires in one > position stuff. > > We also use Cisco 2500's with modem on the aux and an octo-cable for the > devices. This works well too, but not as nice of an interface as the > Cyclades. No special cables needed though. > > For power we have been using APC Managed PDU's. These have been > fantastic. No compaints. > > > > > -Original Message- > From: Mehmet Akcin [mailto:meh...@akcin.net] > Sent: Thursday, May 14, 2009 9:30 PM > To: nanog@nanog.org > Subject: Managing your network devices via console > > Hello, > > It's always cool to have console access to routers/switches and nowadays > they are going from RS-232 to RJ-45 as a standart. I have got Avocent > DSR 2035 which is a KVM+Serial console (all in one).. but while I was > able to have it work against servers via KVM or/and Serial , I was > unable to make it work properly against any network device. I am > wondering if anyone had experience on DSR or similar boxes to configure > them against network devices console ports. > > Making suggestions for alternative ways of centralizing network device > console management is also more than welcome, I guess the old fashioned > server attached usb-serial console is one of the most preferred way, but > feel free to provide if you have good ideas > > cheers > > -- > Mehmet > > > -- Mehmet Akcin Blog: http:///akcin.net E-mail: meh...@akcin.net
Re: NPE-G2 vs. Sup720-3BXL
> We need true full routes and more CPU horsepower for crunching BGP > (+12 smaller peers + ISIS). OC3 interfaces are going to be mandatory, > one each at two locations. Oh yeah, we're still a larger startup > without endless pockets. Power, rack space, and SmartNet are not > concerns at any location (on-site cold spares). We may need an > upstream OC12 in the future but that's a ways out and not a concern > here. > > Our engineering team has settled on three $20k/node options: > - Sup720-3BXLs with PS and fan upgrades > - Sup2s as switches + ISIS + statics and no BGP, push BGP edge routing > off to NPE-G2s across a 2-3Gbps port-channel > - Sup2s as switches + ISIS + statics and no BGP, push BGP edge routing > off to a 12008 with E3 engines across a 2-3Gbps port-channel. > > Ideas and constructive opinions welcome, especially software and > stability-related. > For about $6k all in, you could pickup a monster dual Xeon server with a few 10GE PCI line cards and run a subscription service of the Vyatta open source router. With high end machine specs, we've been able to run 5 full tables and a solid amount of peers with about 6.5Gbps sustained to the net without any stress. For access, we just trunk one of the PCI cards down to a 6506 or a 3750 and it runs nice and clean. The only downside to this setup is the lack of cisco proprietary software features which it sounds like you might need. If anything you might be able to keep your existing setup and uplink everything to one of these routers as an edge device. Adam ___ Adam LaFountain
Re: NPE-G2 vs. Sup720-3BXL
Yeah, as long as you're using the NSE-150 and are using features supported by the PXF such that it's not punting to the RP, the performance is really good. --am Brian Feeny wrote: I have used the 7304 in the past and was happy with it. In fact I still have a 6-port DS3 module for a 7304 which I need to find a home for if anyone has the need. The 7304 originally had its own specific modules that went into it. But they also sell carrier card for it so you can use standard PA's, as well as the SPA's which is nice. Overall footprint is rather nice, and I use to use those 6-port DS3 cards which allowed for hefty DS3 termination. Brian On May 15, 2009, at 12:44 PM, Aaron Millisor wrote: We ran into a similar quandary and have about the same amount of traffic as your network. When purchasing gear a year ago we decided against 7200's with an NPE-G2 as insufficient for the load. Have you looked at the 7304? The Cisco 7304 with an NSE-150 processing engine on it offloads a lot of the packet processing to dedicated hardware, and doesn't have TCAM limitations for routes. You can hold several full feeds and do the amount of traffic you're talking about without breaking a sweat. http://www.cisco.com/en/US/prod/collateral/routers/ps352/prod_bulletin0900aecd8060aac5.html It is capable of supporting both legacy port adapters (from your Flexwan or 7200 routers) and SPA cards with the right add-in modules, which IIRC is only a few hundred dollars. I'd be glad to answer any questions you have about our implementation. --am David Storandt wrote: We're stuck in an engineering pickle, so some experience from this crew would be useful in tie-breaking... We operate a business-grade FTTx ISP with ~75 customers and 800Mbps of Internet traffic, currently using 6509/Sup2s for core routing and port aggregation. The MSFC2s are under stress from 3x full route feeds, pared down to 85% to fit the TCAM tables. One system has a FlexWAN with an OC3 card and it's crushing the CPU on the MSFC2. System tuning (stable IOS and esp. disabling SPD) helped a lot but still doesn't have the power to pull through. Hardware upgrades are needed... We need true full routes and more CPU horsepower for crunching BGP (+12 smaller peers + ISIS). OC3 interfaces are going to be mandatory, one each at two locations. Oh yeah, we're still a larger startup without endless pockets. Power, rack space, and SmartNet are not concerns at any location (on-site cold spares). We may need an upstream OC12 in the future but that's a ways out and not a concern here. Our engineering team has settled on three $20k/node options: - Sup720-3BXLs with PS and fan upgrades - Sup2s as switches + ISIS + statics and no BGP, push BGP edge routing off to NPE-G2s across a 2-3Gbps port-channel - Sup2s as switches + ISIS + statics and no BGP, push BGP edge routing off to a 12008 with E3 engines across a 2-3Gbps port-channel. Ideas and constructive opinions welcome, especially software and stability-related. Many thanks, -Dave
Re: NPE-G2 vs. Sup720-3BXL
New architectures might be helpful to achieve such throughput e.g. Myricom pci-e Gen2 10GE cards on new Intel Nehalem based servers. -Azher Leo Bicknell wrote: > In a message written on Fri, May 15, 2009 at 10:25:12PM -0400, > valdis.kletni...@vt.edu wrote: >> Did you check PCI bus bandwidth? That's probably going to be the biggest >> constraint on "a few 10GBE interfaces" if they all get going full blast. >> Remember that each packet is going to burn bandwidth twice - once in and >> once out... > > PCIe, x8 or x16, which is serial point to point. > > http://www.csc.kth.se/~olofh/10G_OSR/10Gbps.pdf > > 25 Gb/sec across 4x10G ports on higher end but far from topped out > hardware. >
Re: NPE-G2 vs. Sup720-3BXL
So I figure a summary is an order, with a whole array of choices pitched so far... - Sup720-3BXL works for light-duty premium ISP services, decent CPU for BGP and an Ethernet hardware throughput monster. Decent enough for our deployment scenario at least. No obvious solution for the FlexWAN/OC3 but could easily be re-integrated with a stronger MSFC CPU to back it up, assuming the IOS-of-the-week doesn't have issues. The pesky OC3 could be pawned off to a dedicated G1/G2 router too along with any oddball <=OC3 stuff our sales guys dream up. - RSP720-3CXL is the best of all worlds option, if we had double the budget to work with. Meh. - ASR1002 is a hardware-assisted overhaul to the 7200/G2. Telco interface options are much better than 7200s, good for OC12s and OC48s. Using GoogleFu product pricing... a ASR1002 router with a SPA OC3, 5Gbps ESP, and base software runs in the $28-30k range + SmartNet. Beware the modular licensing model in addition to IOS editions. Maybe a bit early yet as a core router as some of the software is still getting bugs ironed out. - Vyatta was proposed as an alternative system, probably best architected out of the mainstream traffic flows (no hardware forwarding), say a BGP route reflector or GBE edge router, similar argument to a 7200/G[1|2]. I can't say I'm familiar with the software, but the cost savings of premium x86/x64 hardware and 8x PCI-x serving a few 10GBE interfaces + built-in GBEs is intriguing, especially paired against our budget and relative Cisco costs. A spec'd out 1U Dell box with dual power, 8x cores, 4GB, RAID1 SATA, and 2x 10GBE XFP+2x GBE built-in came in under $7k with CPU headroom to burn. Vyatta doesn't support ISIS though, best I can tell, but may not have to... Maybe yet-another Linux router distro doomed to fail? Worth a lab test internally on some demo hardware. - Mixed thoughts about 7304 hardware. Hardware forwarding quality vs. software and interface selection. - Lots of fans for the 12000 series. Stick with the E3 (~2.5Gbps) and E5 (~10Gbps) line cards for compatibility with XR software and best line card performance. Our team liked the variety of SONET options available too for our central office deployments, even though the systems are power and space hungry. ...and if you can afford them (the 12008/GRP-B being the relative exception). - 7200/G2s are great for <1Gbps throughput. Premium services cut into the performance dramatically, being a fully software-based forwarding platform. Don't bond interfaces looking for more throughput, architecture limitations actually decrease throughput. - Juniper MX series? A budget wildcard but indeed a worthy platform engineering-wise. You could break this list into "routers" and "switches", which in itself spurs the philosophical/pragmatic architecture discussion that got us the impasse to start with. Many thanks to all who've responded with real-life successes, battle wounds, and horror stories. All very helpful. -Dave
ADMIN: List FAQ/Monthly Post.
This 100-line document contains 62% of what you need to know to avoid annoying 10,000 people in your email to the NANOG list. It also contains pointers to another 23%. Please take 5 minutes to read it before you post [again]. General Information === About NANOG:http://www.nanog.org/about/ NANOG News: http://www.nanog.org/ NANOG lists and AUP:http://www.nanog.org/mailinglist/ NANOG List FAQ: http://www.nanog.org/mailinglist/listfaqs/ To Subscribe or Unsubscribe from the list: http://mailman.nanog.org/mailman/listinfo/nanog To contact the list's admins: adm...@nanog.org Posting Policy == The NANOG list has over 10,000 subscribers so it is very easy for a thread to have scores of posts while being off-topic and only of interest to only a small proportion of subscribers. Please consider before each post if your email will be of interest to the majority of members or might alternatively be emailed directly the people of interest or posted to another forum. Please read the FAQ and AUP policy before posting for more details. Especially the following are discouraged: * Is a certain site down? Other Outages not affecting half the Internet. Please use http://downforeveryoneorjustme.com/ or a similar site. Please post to the Outages mailing list: http://wiki.outages.org * Spam Please use SPAM-L - http://www.claws-and-paws.com/spam-l * Contacting People * http://puck.nether.net/netops/ * http://www.peeringdb.com * Please try other methods of contacting sites before you post to NANOG. Saying something like "I tried calling 213-555- but no answer" shows you _have_ tried alternative methods first. * Political Issues * Topics such as ICANN policy, Government Policy or Law changes that do not have short term Operational impact should be avoided. * Operation topics with more specific lists * DNS - http://lists.oarci.net/mailman/listinfo/dns-operations * Email - http://www.mailop.org/ * NANOG Mailing list policy Please use the nanog-futures list or contact adm...@nanog.org Please also avoid = * Sending posts to the list relevant to only one or two people on this list, such as tests or traceroutes in response to another post for comparison to those originally posted. * Jokes, Puns, amusing observations, spelling corrections. Other NANOG related lists = * NANOG-futures - for discussion of the evolution of NANOG, including organizational structure, policies and procedures, and agendas for NANOG meetings. Such topics aren't appropriate for the main NANOG mailing list. http://mailman.nanog.org/mailman/listinfo/nanog-futures * nanog-attendee - For discussion of venue-specific issues relevant to attendees of the current NANOG physical meeting. http://mailman.nanog.org/mailman/listinfo/nanog-attendee * nanog-announce - For announcements of NANOG meetings an other Important NANOG related announcements. Low traffic and all posts are also sent to main list. http://mailman.nanog.org/mailman/listinfo/nanog-announce Other Mailing Lists === Information about related lists: http://www.nanog.org/mailinglist/listfaqs/otherlists.php
Re: NPE-G2 vs. Sup720-3BXL
In a message written on Fri, May 15, 2009 at 10:25:12PM -0400, valdis.kletni...@vt.edu wrote: > Did you check PCI bus bandwidth? That's probably going to be the biggest > constraint on "a few 10GBE interfaces" if they all get going full blast. > Remember that each packet is going to burn bandwidth twice - once in and > once out... PCIe, x8 or x16, which is serial point to point. http://www.csc.kth.se/~olofh/10G_OSR/10Gbps.pdf 25 Gb/sec across 4x10G ports on higher end but far from topped out hardware. -- Leo Bicknell - bickn...@ufp.org - CCIE 3440 PGP keys at http://www.ufp.org/~bicknell/ pgpaijuZ49CIE.pgp Description: PGP signature
Re: NPE-G2 vs. Sup720-3BXL
ASR is embedded linux solution with Quantum Processor architect if I remember correctly. So it uses IOS-XE, which is a little bit different from standard IOS. If you have some room for budget, you can check Foundry MLX/XMR series router. It is more geared toward Ethernet Service Router. But if you need OC3/12/48, you can have those with additional license fee. Foundry router price is a lot lower than Juniper MX series router. Alex David Storandt wrote: > So I figure a summary is an order, with a whole array of choices > pitched so far... > > - Sup720-3BXL works for light-duty premium ISP services, decent CPU > for BGP and an Ethernet hardware throughput monster. Decent enough for > our deployment scenario at least. No obvious solution for the > FlexWAN/OC3 but could easily be re-integrated with a stronger MSFC CPU > to back it up, assuming the IOS-of-the-week doesn't have issues. The > pesky OC3 could be pawned off to a dedicated G1/G2 router too along > with any oddball <=OC3 stuff our sales guys dream up. > - RSP720-3CXL is the best of all worlds option, if we had double the > budget to work with. Meh. > - ASR1002 is a hardware-assisted overhaul to the 7200/G2. Telco > interface options are much better than 7200s, good for OC12s and > OC48s. Using GoogleFu product pricing... a ASR1002 router with a SPA > OC3, 5Gbps ESP, and base software runs in the $28-30k range + > SmartNet. Beware the modular licensing model in addition to IOS > editions. Maybe a bit early yet as a core router as some of the > software is still getting bugs ironed out. > - Vyatta was proposed as an alternative system, probably best > architected out of the mainstream traffic flows (no hardware > forwarding), say a BGP route reflector or GBE edge router, similar > argument to a 7200/G[1|2]. I can't say I'm familiar with the software, > but the cost savings of premium x86/x64 hardware and 8x PCI-x serving > a few 10GBE interfaces + built-in GBEs is intriguing, especially > paired against our budget and relative Cisco costs. A spec'd out 1U > Dell box with dual power, 8x cores, 4GB, RAID1 SATA, and 2x 10GBE > XFP+2x GBE built-in came in under $7k with CPU headroom to burn. > Vyatta doesn't support ISIS though, best I can tell, but may not have > to... Maybe yet-another Linux router distro doomed to fail? Worth a > lab test internally on some demo hardware. > - Mixed thoughts about 7304 hardware. Hardware forwarding quality vs. > software and interface selection. > - Lots of fans for the 12000 series. Stick with the E3 (~2.5Gbps) and > E5 (~10Gbps) line cards for compatibility with XR software and best > line card performance. Our team liked the variety of SONET options > available too for our central office deployments, even though the > systems are power and space hungry. ...and if you can afford them (the > 12008/GRP-B being the relative exception). > - 7200/G2s are great for <1Gbps throughput. Premium services cut into > the performance dramatically, being a fully software-based forwarding > platform. Don't bond interfaces looking for more throughput, > architecture limitations actually decrease throughput. > - Juniper MX series? A budget wildcard but indeed a worthy platform > engineering-wise. > > You could break this list into "routers" and "switches", which in > itself spurs the philosophical/pragmatic architecture discussion that > got us the impasse to start with. Many thanks to all who've responded > with real-life successes, battle wounds, and horror stories. All very > helpful. > > -Dave > > > >
Implementing MPLS L2 VPN with Cisco C3750ME
Hi community, I am planning to implement MPLS with C3750ME. As i know C3750ME is full support MPLS viaES port, is it? the IOS is c3750me-i5k91-mz.122-40.SE.bin. The application will be AToM(L2 VPN). Prior to configure MPLS or OSPF, i need to make the link up first. My problem is IP point-to-point link between 2 C3750ME with ES port doesn't work at all while L2 Point-to-Point works well. I had performed all troubleshoot technique that i know but still not work. Does anyone used to have same problem as mine? How did you do to fix it?
Re: NPE-G2 vs. Sup720-3BXL
On Fri, 15 May 2009 22:20:28 EDT, David Storandt said: > - Vyatta was proposed as an alternative system, probably best > architected out of the mainstream traffic flows (no hardware > forwarding), say a BGP route reflector or GBE edge router, similar > argument to a 7200/G[1|2]. I can't say I'm familiar with the software, > but the cost savings of premium x86/x64 hardware and 8x PCI-x serving > a few 10GBE interfaces + built-in GBEs is intriguing, especially > paired against our budget and relative Cisco costs. A spec'd out 1U > Dell box with dual power, 8x cores, 4GB, RAID1 SATA, and 2x 10GBE > XFP+2x GBE built-in came in under $7k with CPU headroom to burn. Did you check PCI bus bandwidth? That's probably going to be the biggest constraint on "a few 10GBE interfaces" if they all get going full blast. Remember that each packet is going to burn bandwidth twice - once in and once out... pgpiR8rR40QUe.pgp Description: PGP signature
