[c-nsp] ASR920 Opinions

Mark Tinka mark.tinka at seacom.mu
Thu Dec 21 12:15:02 EST 2017



On 19/Dec/17 20:31, Jason Lixfeld wrote:


> FAT-PW

This could be tricky - check the latest code to confirm.


> VRF aware DHCP Relay w/option 82 stamping (device, port (EFP?), VLAN)
> VRF aware DHCP Server

DHCP on the ASR920? Can't think of it being supported in the past. Check
the latest code.


> *ME3600s cannot support simultaneous configuration of egress ACLs and IPv6.  I’ve heard that the ASR920 resources are carved up differently, where this is no longer a problem.

No issue with this on the ASR920.

In fact, the ASR920 also supports uRPF for IPv4 and IPv6 on a
per-interface basis.


>
> My understanding is that the ASR920 behaves more like an ASR1000 than an ME3600 in terms of how L2 is implemented (ie: no more global vlan table, vlan database, etc and all EFP/bridge-domain based).

Correct.

But note that the ASR920 is a router, not a switch. So you have to
embrace the EVC/EFP concept wholeheartedly.


>   Also, I understand that these boxes have Netflow to some degree, but a cursory look at the documentation seems to suggest that you need to set the SDM profile to video (which affects the device scale as it re-configured the TCAM) if you want to enable Netflow?

Last I checked, there was no Netflow support. In fairness, we don't need
it in the scenarios that we deploy the box in, so I haven't kept track
with its level of support on the platform.

> I know this isn't the first time a “what are your experiences with these boxes like?” thread has made the rounds, but I wanted to throw it out again to see how much has changed since the last time it circulated.  So, while we wait for some of these guys for the lab, I’m looking for some feedback on what to expect from these boxes in terms of reliability (hardware and software), feature limitations/gotchas, a good, reliable code version, and anything else someone might want to share about these guys, good, bad or indifferent.

My advice will be run the latest, stable code. Older versions of code on
this router are very problematic. The 2 biggest bugs I've hit is MPLS
forwarding failing to work for LSP's whose labels are in the range of
400,000 or higher (generated by some neighbors such as Junos) + an NTP
vulnerability that leads to a DoS of the box, locking it up from
transiting traffic, but still allowing you to access it.

That said, there are some developments happening in this area at Cisco.
Ping your friendly SE for updates.

Mark.


More information about the cisco-nsp mailing list