[c-nsp] NPE-G1 with 12.2(25)S reload

David Luyer david at luyer.net
Mon Feb 21 18:51:03 EST 2005 

We're finding 12.2(25)S2 good so far except for the lack of
'mpls netflow egress'.

(We did have it disable CEF on one router but that was due to
an out of memory situation, now resolved by reducing the routing
tables that router has to handle until we can upgrade its memory.)

So we find we need to run three releases for non-LNS[*] routers;

	- 12.2(25)S* where possible

	- 12.2(18)S* where 'mpls netflow egress' is required

	- 12.2(14)S* where the platform is a 7401ASR

I see 12.2(14)S13 has just come out, and resolves the issue,
and 12.2(18)S8 is listed as resolving the issue but not yet
available for download.

Anyone have any comments on going from 12.2S to 12.3 mainline
for border/core routers?  It would fix the security issue and
allow us to consolidate from a total of five IOS variants to
two IOS variants for border/core/LNS roles on 7xxx platforms,
however I am hesitant to consider something other than 12.2S
in a border/core role.

David.

[*] and two more IOSs for LNS routers depending on whether the
    L2TP packets are being fragmented or not, but that's a whole
    separate story...

> -----Original Message-----
> From: cisco-nsp-bounces at puck.nether.net [mailto:cisco-nsp-
> bounces at puck.nether.net] On Behalf Of David J. Hughes
> Sent: Tuesday, 22 February 2005 10:14 AM
> To: Brian Feeny
> Cc: 'cisco-nsp'
> Subject: Re: [c-nsp] NPE-G1 with 12.2(25)S reload
> 
> Hi,
> 
> We're in 2 minds at the moment about moving to 12.2(25)S from
> 12.2(18)S. A solid 12.2(18) would be fine but 12.2(18)S7 is still open
> to the BGP DOS problem outlined in
> (http://www.cisco.com/warp/public/707/cisco-sa-20050126-bgp.shtml).
> Clayton Kossmeyer @Cisco mentioned a while back that a 12.2(18)S
> rebuild with the BGP DOS bug fix would be made available at some time
> but there's no sign of it nor a release date anywhere I've looked.  So
> the option is either 12.2(18)S with BGP DOS problems or 12.2(25)S with
> CEF interface problems.  I guess we have to pick the lesser of the two
> evils :)
> 
> 
> David
> ..
> 
> On 21/02/2005, at 7:58 AM, Brian Feeny wrote:
> 
> >
> > David,
> >
> > Absolutely.  In fact I downgraded to 12.2(18)S7.  If you don't mind me
> > asking, what are you running?  I have most of our core at 12.2(18)S7,
> > and I have had very little problems.  I have not had this "reload" bus
> > error hit me on 12.2(18)S7 as of yet, so hopefully its not something
> > that is in that release as well.
> >
> > I am always looking for opinions on which 12.2S code others have
> > settled on.  12.2(18)S7 has gotten numerous kudos on this list and
> > other places and it seems to work well for us.  I run the SERVICE
> > PROVIDER feature set.
> >
> > Brian
> >
> > On Feb 20, 2005, at 3:46 PM, David J. Hughes wrote:
> >
> >>
> >> Hi Brian,
> >>
> >> Regarding taking your G1's to 12.2(25)S2, aren't you concerned about
> >> the "cef interface bug" that's been discussed here previously
> >> (included below)?  I've been holding off because of it - am I being
> >> too cautious I wonder.
> >>
> >> ----
> >>> -----Mensaje original-----
> >>> De: cisco-nsp-bounces at puck.nether.net
> >>> [mailto:cisco-nsp-bounces at puck.nether.net] En nombre de Marcus
> >>> Stoegbauer
> >>> Enviado el: martes, 25 de enero de 2005 15:24
> >>> Para: cisco-nsp at puck.nether.net
> >>> Asunto: Re: [c-nsp] 12.2(25)S on NPEG1
> >>>
> >>> On Tuesday 25 January 2005 13:39, nishal goburdhan wrote:
> >>>> we've upgraded a few G1s to 25Sx and noticed that periodically, the
> >>>> router disables 'ip route-cache' across all interfaces.
> >>>>
> >>>> 'sh ip int' reveals:
> >>>>   IP fast switching is enabled
> >>>>   IP Flow switching is disabled
> >>>>   IP CEF switching is disabled
> >>>>
> >>>> Cisco 7206VXR (NPE-G1) processor (revision A) with 983040K/65536K
> >>>> bytes of memory. System image file is
> >>>> "disk2:c7200-k91p-mz.122-25.S2.bin"
> >>>>
> >>>> ...same has also occured on 12.2(25)S.
> >>>>
> >>>> has anyone else noticed this?
> >>>
> >>> Yep, that happened here on nearly all of our routers, with NPE-G1
> >>> and also
> >>> with NPE-400.
> >>> We only did minor changes to the configuration (removing a
> >>> subinterface,
> >>> removing an area from OSPF and so on), and suddenly all interfaces
> >>> had "no
> >>> ip route-cache" and "no ip route-cache cef" set.
> >>> Interesting enough, it doesn't happen all the time: On two routers
> >>> with
> >>> exactly the same configuration, hardware and software versions, we
> >>> changed
> >>> the same things in the config, router1 had "no ip route-cache" set
> >>> on the
> >>> interfaces, router2 not.
> >>>
> >>> The problem with "clear access-list counter" happened here, too. I'm
> >>> currently waiting for Cisco to see that it really is a bug ("Please
> >>> use
> >>> clear access-list instead of clear ip access-list" and "Please
> >>> update to the
> >>> latest release" isn't very good advice when we're already running
> >>> 12.2(25)S2
> >>> and I only left out the "clear access-list" lines in the bug report
> >>> to
> >>> simplify it ...).
> >>>
> >>>    Marcus
> >> ---
> >>
> >>
> >> David
> >> ...
> >>
> >>
> >> On 19/02/2005, at 7:49 AM, Brian Feeny wrote:
> >>
> >>>
> >>> I realize I should be on S2 and I am working on that right now, but I
> >>> want to make sure that the problem
> >>> I had isn't possibly in S2 as well.  Here is what I got:
> >>>
> >>> dal-lone-gw1#show ver
> >>> Cisco IOS Software, 7200 Software (C7200-K91P-M), Version 12.2(25)S,
> >>> RELEASE SOFTWARE (fc2)
> >>> Technical Support: http://www.cisco.com/techsupport
> >>> Copyright (c) 1986-2004 by Cisco Systems, Inc.
> >>> Compiled Fri 13-Aug-04 18:42 by cmong
> >>>
> >>> ROM: System Bootstrap, Version 12.3(4r)T1, RELEASE SOFTWARE (fc1)
> >>> BOOTLDR: 7200 Software (C7200-KBOOT-M), Version 12.2(4)BW, EARLY
> >>> DEPLOYMENT RELEASE SOFTWARE (fc1)
> >>>
> >>>   dal-lone-gw1 uptime is 13 minutes
> >>> System returned to ROM by error - a Software forced crash, PC
> >>> 0x6083F730 at 21:10:30 UTC Fri Feb 18 2005
> >>> System restarted at 21:12:56 UTC Fri Feb 18 2005
> >>> System image file is "disk2:c7200-k91p-mz.122-25.S.bin"
> >>>
> >>>
> >>> This product contains cryptographic features and is subject to United
> >>> States and local country laws governing import, export, transfer and
> >>> use. Delivery of Cisco cryptographic products does not imply
> >>> third-party authority to import, export, distribute or use
> >>> encryption.
> >>> Importers, exporters, distributors and users are responsible for
> >>> compliance with U.S. and local country laws. By using this product
> >>> you
> >>> agree to comply with applicable laws and regulations. If you are
> >>> unable
> >>> to comply with U.S. and local laws, return this product immediately.
> >>>
> >>> A summary of U.S. laws governing Cisco cryptographic products may be
> >>> found at:
> >>> http://www.cisco.com/wwl/export/crypto/tool/stqrg.html
> >>>
> >>> If you require further assistance please contact us by sending email
> >>> to
> >>> export at cisco.com.
> >>>
> >>> Cisco 7206VXR (NPE-G1) processor (revision A) with 983040K/65536K
> >>> bytes
> >>> of memory.
> >>> Processor board ID 21271177
> >>> SB-1 CPU at 700Mhz, Implementation 1025, Rev 0.2, 512KB L2 Cache
> >>> 6 slot VXR midplane, Version 2.0
> >>>
> >>> Last reset from power-on
> >>>
> >>>
> >>>
> >>> Is anyone aware of what this could be?  I am not running RPF.
> >>>
> >>> Brian
> >>>
> >>>
> >>>
> >>>
> >>> Brian Feeny, CCIE #8036, CISSP    	e: signal at shreve.net
> >>> Network Engineer           			p: 318.213.4709
> >>> ShreveNet Inc.             			f: 318.221.6612
> >>>
> >>> _______________________________________________
> >>> cisco-nsp mailing list  cisco-nsp at puck.nether.net
> >>> https://puck.nether.net/mailman/listinfo/cisco-nsp
> >>> archive at http://puck.nether.net/pipermail/cisco-nsp/
> >>>
> >>
> >>
> >
> > Brian Feeny, CCIE #8036, CISSP
> > Network Engineer
> > ShreveNet Inc.
> >
> 
> _______________________________________________
> cisco-nsp mailing list  cisco-nsp at puck.nether.net
> https://puck.nether.net/mailman/listinfo/cisco-nsp
> archive at http://puck.nether.net/pipermail/cisco-nsp/

More information about the cisco-nsp mailing list