[c-nsp] Virtual Trib / STS Payload on PA-MC-T3?

James Dechiaro jdechiaro at coherecomm.com
Mon Oct 26 10:37:46 EDT 2009


Hello,

I recently placed on order a channelized OC3 to deliver local loops to customer premise. The OC3 will be terminated to an Adtran OPTI-6100, muxed down to DS3 level which will then terminate to a 7206VXR PA-MC-T3. I have just been informed from the carrier that we need to extract the timeslots using STS payload for Virtual Trib 1.5 instead of regular DS1 signal. I don't see this as a listed option for the PA-MC-T3 card, can someone confirm / recommend the correct hardware to meet this requirement?

Thanks

James

----- Original Message -----
From: cisco-nsp-request at puck.nether.net
To: cisco-nsp at puck.nether.net
Sent: Monday, October 26, 2009 2:58:38 AM GMT -05:00 US/Canada Eastern
Subject: cisco-nsp Digest, Vol 83, Issue 84

Send cisco-nsp mailing list submissions to
	cisco-nsp at puck.nether.net

To subscribe or unsubscribe via the World Wide Web, visit
	https://puck.nether.net/mailman/listinfo/cisco-nsp
or, via email, send a message with subject or body 'help' to
	cisco-nsp-request at puck.nether.net

You can reach the person managing the list at
	cisco-nsp-owner at puck.nether.net

When replying, please edit your Subject line so it is more specific
than "Re: Contents of cisco-nsp digest..."


Today's Topics:

   1. Scratching the surface of SNMP (Peter Hicks)
   2. Re: 7609 DHCP alternatives - EVC / Subinterfaces (Victor Lyapunov)
   3. Cisco WebVPN (Haphaestion)
   4. Re: Cisco WebVPN (christian)
   5. Re: Cisco WebVPN (Samuel Petreski)
   6. High frequent OIR issues on 7600 CISCO (samuel vuillaume)
   7. Re: High frequent OIR issues on 7600 CISCO (Rubens Kuhl)
   8. Re: High frequent OIR issues on 7600 CISCO (Mikael Abrahamsson)
   9. Re: PBR v VRF for source-based routing (Arie Vayner (avayner))


----------------------------------------------------------------------

Message: 1
Date: Sun, 25 Oct 2009 21:14:15 +0000
From: Peter Hicks <peter.hicks at poggs.co.uk>
To: cisco-nsp at puck.nether.net
Subject: [c-nsp] Scratching the surface of SNMP
Message-ID: <4AE4BFA7.10608 at poggs.co.uk>
Content-Type: text/plain; charset=ISO-8859-1; format=flowed

All,

I am writing an NMS and coming unstuck on a few things:

  * Determining which devices are on a port on a device that doesn't 
support BRIDGE-MIB::dot1dTpFdbTable, e.g. Cisco 1801 or 877W

  * Listing the VRFs and RDs configured on a router, and which 
interfaces are a member of which VRF

  * Finding out which VLANs are configured on a device, and which are 
tagged on a port

Can anyone help me out with their experiences, or in the direction of a 
forum more suitable?

Regards,


Peter


------------------------------

Message: 2
Date: Sun, 25 Oct 2009 23:30:46 +0200
From: Victor Lyapunov <victor.lyapunov at gmail.com>
To: "Arie Vayner (avayner)" <avayner at cisco.com>
Cc: cisco-nsp at puck.nether.net
Subject: Re: [c-nsp] 7609 DHCP alternatives - EVC / Subinterfaces
Message-ID:
	<bf19ffb40910251430w6a78d4c5ob75d5cc2e8116320 at mail.gmail.com>
Content-Type: text/plain; charset=ISO-8859-1

Thank you all for the replies

To be honest I was leaning towards the subinterfaces alternative for
implementing
L3 termination points for DHCP subscribers.

Just to sum things up:

Subinterfaces alternative:

-They comsume an internal VLAN for each subintreface.
-For each subsciber no mac-address table is required, just and ARP entry.

EVC alternative:

-Using a bridge domain only one VLAN will suffice.
-But because of the bridge-domain the 7600 will have to populate its mac-address
table with one entry for each subscriber.

-Also since the evc-alternative is "partly L2 based" the dhcp-snooping security
mechanisms can be employed.

I am concerned about the mac-address capacity. Since servicing DHCP subscribers
in ES+ is purely a L3 service there should be no need to populate the
mac-table with
extra entries (in this way more resources can be used for other L2 services).

Victor

>On Sat, Oct 24, 2009 at 5:19 PM, Arie Vayner (avayner) <avayner at cisco.com> wrote:
> Victor,
>
> Use the EVC alternative.
> It would allow you to get the flexibility offered by EVC with regards to
> VLAN number space, L2 services scalability, QOS and many other advanced
> capabilities.
>
> Arie
>
> -----Original Message-----
> From: cisco-nsp-bounces at puck.nether.net
> [mailto:cisco-nsp-bounces at puck.nether.net] On Behalf Of Victor Lyapunov
> Sent: Tuesday, October 20, 2009 09:54
> To: cisco-nsp at puck.nether.net
> Subject: [c-nsp] 7609 DHCP alternatives - EVC / Subinterfaces
>
> Hi All
>
> I am trying to test DHCP functionality with 7600 router. Traffic
> arrives from all customer facing interfaces (ES+), arrive using the
> same VLAN. 7600 perfoms DHCP relay and acts as a gateway for all of
> them. With the new cards ES+ we have two options for the configuration
> of customer facing interfaces
>
> 1. Using EVC + SVI interface
>
> ?int g4/1
> ? ? service instance 100 ethernet
> ? ? encapsulation dot1q 100
> ? ? rewrite ingress tag pop 1 symmetric
> ? ? bridge-domain 100 split-horizon
> ?int g4/2
> ? ? service instance 100 ethernet
> ? ? encapsulation dot1q 100
> ? ? rewrite ingress tag pop 1 symmetric
> ? ? bridge-domain 100 split-horizon
>
> ?int Vlan 100
> ? ? ip address 10.0.0.1 255.255.255.0
> ? ? ip helper address 192.168.0.1
>
> 2. Using IP subinterfaces
>
> ?int loopback 100
> ? ? ip address 10.0.0.1 255.255.255.0
>
> ?int g4/1.100
> ? ? encapsulation dot1q 100
> ? ? ip address unnumbered loopback 100
> ? ? ip helper address 192.168.0.1
>
> ?int g4/2.100
> ? ? encapsulation dot1q 100
> ? ? ip address unnumbered loopback 100
> ? ? ip helper address 192.168.0.1
>
>
> Both configurations seem to achieve the same effect but I am not sure
> which one
> is the preferable for large amount of traffic / subscribers.
>
> For example due to the bridge domain I would expect that the first
> alternative will
> create more entries in the mac-address table.
>
> Thanx
>
> Victor
> _______________________________________________
> cisco-nsp mailing list ?cisco-nsp at puck.nether.net
> https://puck.nether.net/mailman/listinfo/cisco-nsp
> archive at http://puck.nether.net/pipermail/cisco-nsp/
>


------------------------------

Message: 3
Date: Mon, 26 Oct 2009 00:11:30 +0100
From: "Haphaestion" <haphaestion at gmail.com>
To: <cisco-nsp at puck.nether.net>
Subject: [c-nsp] Cisco WebVPN
Message-ID: <003901ca55c8$7d2a1310$777e3930$@com>
Content-Type: text/plain;	charset="us-ascii"

Hi guys,

Anyone knows what the maximum number of simultaneous connections with Cisco
WebVPN SSL is?
Or does this depend on the router (3725 etc.) it runs on?
Thanks.

Jack

Jack Ryan
Network Architecture
National Railway System
haphaestion at gmail.com
nsosoc at gmail.com




------------------------------

Message: 4
Date: Sun, 25 Oct 2009 16:31:55 -0700
From: christian <christian at automatick.net>
To: Haphaestion <haphaestion at gmail.com>
Cc: cisco-nsp at puck.nether.net
Subject: Re: [c-nsp] Cisco WebVPN
Message-ID:
	<c4d480f60910251631q770a878eoa4a4b35495cf501b at mail.gmail.com>
Content-Type: text/plain; charset=ISO-8859-1

see table 4

 http://www.cisco.com/en/US/prod/collateral/iosswrel/ps6537/ps6586/ps6657/product_data_sheet0900aecd80405e25.html


On Sun, Oct 25, 2009 at 4:11 PM, Haphaestion <haphaestion at gmail.com> wrote:
> Hi guys,
>
> Anyone knows what the maximum number of simultaneous connections with Cisco
> WebVPN SSL is?
> Or does this depend on the router (3725 etc.) it runs on?
> Thanks.
>
> Jack
>
> Jack Ryan
> Network Architecture
> National Railway System
> haphaestion at gmail.com
> nsosoc at gmail.com
>
>
> _______________________________________________
> cisco-nsp mailing list ?cisco-nsp at puck.nether.net
> https://puck.nether.net/mailman/listinfo/cisco-nsp
> archive at http://puck.nether.net/pipermail/cisco-nsp/
>


------------------------------

Message: 5
Date: Sun, 25 Oct 2009 19:39:21 -0400
From: "Samuel Petreski" <sp446 at georgetown.edu>
To: "'Haphaestion'" <haphaestion at gmail.com>,
	<cisco-nsp at puck.nether.net>
Subject: Re: [c-nsp] Cisco WebVPN
Message-ID: <005101ca55cc$60d595a0$2280c0e0$@edu>
Content-Type: text/plain;	charset="us-ascii"

The number of concurrent SSL connections depends on the number of SSL
licenses purchased and the maximum number of supported SSL connections by
your device. The lower number of both is the number of maximum SSL
connections your device can currently offer.

--Samuel

--
Samuel Petreski
Sr. Security Analyst
Georgetown University

-----Original Message-----
From: cisco-nsp-bounces at puck.nether.net
[mailto:cisco-nsp-bounces at puck.nether.net] On Behalf Of Haphaestion
Sent: Sunday, October 25, 2009 7:12 PM
To: cisco-nsp at puck.nether.net
Subject: [c-nsp] Cisco WebVPN

Hi guys,

Anyone knows what the maximum number of simultaneous connections with Cisco
WebVPN SSL is?
Or does this depend on the router (3725 etc.) it runs on?
Thanks.

Jack

Jack Ryan
Network Architecture
National Railway System
haphaestion at gmail.com
nsosoc at gmail.com


_______________________________________________
cisco-nsp mailing list  cisco-nsp at puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/



------------------------------

Message: 6
Date: Sun, 25 Oct 2009 23:06:58 -0400
From: samuel vuillaume <vuillaumes at gmail.com>
To: cisco-nsp at puck.nether.net
Subject: [c-nsp] High frequent OIR issues on 7600 CISCO
Message-ID:
	<dd3e48e0910252006x36a226fgc50257e59fa934bc at mail.gmail.com>
Content-Type: text/plain; charset=ISO-8859-1

Hi Guys,

i'd like to share with you my concerns regarding the 7600 CISCO chassis....
For many weeks, we've been experiencing a high frequent Card and chassis
failure during  an Online Insertion removal action.....

2 weeks ago, we inserted a new ES card into a 7600.... that one tore down
all the vpls circuits, and we needed to reboot the Chassis to bring them up!

Yesterday night, as per a Cisco recommendation, we needed to swap a SIP600
card into a 7600 to fix a faulty Temp sensor.....As a result:

- New SIP600 inserted into the module 4 (as previously)
- Module 7-8-9 were down and stuck in Diagnostic mode
- 90% of our VLANs into the chassis were down!

After a reboot, it was even worst! the ultimate solution has been the
chassis replacement!!! and the funny thing is the syslog message is still
coming up!!! Temp sensor error!!!!

CISCO have no comments.....

Has anybody experienced the same kind of issue on 7600/6500?

Tks for sharing
Sam


------------------------------

Message: 7
Date: Mon, 26 Oct 2009 01:19:38 -0200
From: Rubens Kuhl <rubensk at gmail.com>
To: Cisco-nsp <cisco-nsp at puck.nether.net>
Subject: Re: [c-nsp] High frequent OIR issues on 7600 CISCO
Message-ID:
	<6bb5f5b10910252019k5d3b3042g1fcd52bb7826710c at mail.gmail.com>
Content-Type: text/plain; charset=ISO-8859-1

On Mon, Oct 26, 2009 at 1:06 AM, samuel vuillaume <vuillaumes at gmail.com> wrote:
> Hi Guys,
>
> i'd like to share with you my concerns regarding the 7600 CISCO chassis....
> For many weeks, we've been experiencing a high frequent Card and chassis
> failure during ?an Online Insertion removal action.....

There is a reason why OIR stands for "Online Insertion and Reboot"...
so people can make things like this on maintenance windows.



Rubens


------------------------------

Message: 8
Date: Mon, 26 Oct 2009 07:27:19 +0100 (CET)
From: Mikael Abrahamsson <swmike at swm.pp.se>
To: cisco-nsp at puck.nether.net
Subject: Re: [c-nsp] High frequent OIR issues on 7600 CISCO
Message-ID: <alpine.DEB.1.10.0910260724180.5824 at uplift.swm.pp.se>
Content-Type: TEXT/PLAIN; charset=US-ASCII; format=flowed

On Sun, 25 Oct 2009, samuel vuillaume wrote:

> Has anybody experienced the same kind of issue on 7600/6500?

Having handled quite a few tens of 7600, the only chassis replacement I 
can remember was one in the lab where the backplane/fabric connectors were 
demolished after inserting a linecard and the chassis needed replacement.

When doing OIR in 7600 there is a peg which stalls the bus during 
insertion (I believe it's still there anyway), so insertion should be firm 
without being violent to work the best. If all these errors is happening 
to a single person, it might be worthwile to look into the technique used 
to insert the linecards, it might well affect the outcome of the 
insertion.

-- 
Mikael Abrahamsson    email: swmike at swm.pp.se


------------------------------

Message: 9
Date: Mon, 26 Oct 2009 07:58:24 +0100
From: "Arie Vayner (avayner)" <avayner at cisco.com>
To: "Philip Davis" <pdavis at i2k.com>, "Cisco-nsp"
	<cisco-nsp at puck.nether.net>
Subject: Re: [c-nsp] PBR v VRF for source-based routing
Message-ID:
	<FDD1CDB3FB499E4087CC7670BBCA22C6837FFA at XMB-AMS-101.cisco.com>
Content-Type: text/plain;	charset="us-ascii"

Phil,

Can you explain a bit more about your specific requirement?

Arie

-----Original Message-----
From: cisco-nsp-bounces at puck.nether.net
[mailto:cisco-nsp-bounces at puck.nether.net] On Behalf Of Philip Davis
Sent: Friday, October 23, 2009 17:34
To: 'Cisco-nsp'
Subject: [c-nsp] PBR v VRF for source-based routing

Hello,

  From reading documentation, it appears that PBR and VRF-lite can both 
be used to implement cases of source-based routing. I have only used PBR

for this, and most VRF documentation seems to be in the context of MPLS 
or L3VPNs. What are the pros and cons of one vs the other? Am I all wet 
that VRF can do this at all?

Thanks,
Phil
_______________________________________________
cisco-nsp mailing list  cisco-nsp at puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/


------------------------------

_______________________________________________
cisco-nsp mailing list
cisco-nsp at puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp

End of cisco-nsp Digest, Vol 83, Issue 84
*****************************************

-- 
James Dechiaro
COO
Cohere Communications, LLC.
509 Madison Avenue, Suite 604
New York, NY 10022
Office 212-404-6904
efax   212-937-3727
www.coherecomm.com




More information about the cisco-nsp mailing list