[c-nsp] Cisco CSM issues

[Rubens Kuhl Jr.]

> Your topology (policy routing) sounds exactly like what I am doing for my
> large scale shared (many customers per CSM pair) deployments.  Interesting,
> as I've never come across anyone other than myself doing things this way.
> Any time I talk to TAC I have to explain to them how this works as they
> expect real servers to naturally route through the CSMs...

I didn't have to explain how this works, but they seemed unhappy that
I was doing things this way... :-)

> I haven't run into anything like this.  I have run into a number of
> significant bugs though.  After more than a year of issues, I've finally
> settled down into something that seems to work reasonably well.

What bugged versions have you dropped based on personal experience ?

> > Any similar experiences, or CSM versions with a solid reliability track ?
>
> I am at 4.1(7).  I was originally advised by TAC not to venture into 4.2
> territory.  I was told 4.1 was the stable branch and 4.2 was the feature
> branch.  I wasn't even aware 4.3 was out...  At this point, I only have one

My mistake. Version is 4.2(3a), not 4.3.

> bug outstanding (large fragmented UDP packets (specifically RADIUS requests)
> are corrupted during the un-nat process - no workaround is available).  I
> put this one customer on his own private CSM running a 4.1(4-engineering)
> release as a temporary fix until Cisco has the bug fixed in current
> versions.  I'm told 4.2(4) will fix this bug, and that I should move to 4.2
> when that comes out (soon).

A private reply told me horror stories with 4.2(3), but could'nt tell
if it was 3 or 3a, with good results with 4.2(2). 4.2(3) has been
deferred and replaced with 4.2(3a), but may be it's still not good.


Rubens