Dual asr 9006 cluster

Similar Messages

• ASR 9006 to 6509 1 gig fiber connection

  I have an ASR 9006 with a SFP-GE-L connecting to a Cisco 6500.  The link shows up on the ASR side but not on the 6500 side.  If I move the SFP from the ASR to a
  different 6500 chassis the connection works so I know the SFP is working. 
  Any ideas on making this link work?

  The issue ended up being a negotiation issue.  Apparently IOS-XR is set for nonegotiate disabled by default and IOS is enabled by default. 
  The fix being to put "speed nonegotiate" on the IOS side interfaces and it came up

• STM1 Back-to-Back Between ASR 9006 and ASR 903

  Dear Gents,
  Seeking your usual support to aid me to connect STM1 Back-to-Back between ASR 9006 and ASR 903.
  I have ASR 9006 comes with SPA-4XOC3-POS-V2 and SFP-OC3-MM using XR-A9K-PXK9-04.03 IOS-XR.
  Also I have ASR 903 comes with A900-IMA4OS interface module with ONS-SI-155-SR-MM SFP using SASR903R1NPEK9-38S IOS-XE.
  I'm using Multi Mode fiber cable between them and the interfaces never came UP UP.
  Below the configuration i did to both sides.
  ASR 903 configuration:
  ASR903#sh run | sec contro
  controller SONET 0/0/0
   framing sdh
   clock source internal
   aug mapping au-4
   au-4 1 pos
  interfaces POS0/0/0.1  
  ip address 10.10.10.2 255.255.255.252
  ASR 9006 configuration
  ASR9006#sh running-config controller soNET 0/1/0/0  
  controller SONET0/1/0/0
   framing sdh
   clock source internal
  interface POS0/1/0/0
   ipv4 address 10.10.10.1 255.255.255.252
  Thanks in advance.

  I think your 900 is running in an oc12/stm4 mode (as you seem to subrate the sonet controller), so they have a speed mismatch already although it looks like you're using the right STM1 optic.
  also one side you will want to have use clock from line while the other internal, otherwise you'll get a lot of clock slips.
  cheers
  xander

• Cisco ASR 9006 IOS XR 4.3.0 aaa authorization

  Hi,
  I've configured two Cisco ASR 9006 with IOS XR 4.3.0 with the aaa. I've a problem with the authorization statement.
  I need to distiguish two groups.
  Network Administrator (Full access, show, configuration etc etc)
  Network Viewer (Users in this group can use only the show command)
  I cannot find anything clear on the documentation. Can you help me?
  Below the actual configuration (without authorization)
  tacacs source-interface Loopback0 vrf default
  tacacs-server host 10.10.10.1 port 49
  tacacs-server key 7 XXXXXXXXXX
  tacacs-server timeout 10
  username emergency
  group netadmin
  password 7 XXXXXXXXXXXXXXX
  aaa accounting exec default start-stop group ACS
  aaa accounting system default start-stop group ACS
  aaa group server tacacs+ ACS
  server 10.10.10.1
  aaa authentication login default group ACS local
  I have configured two Shell Command Authorization Sets in my ACS. One for ReadOnly and one for Full Access.
  The ReadOnly Group (called AccessoSolaLettura) is on the attacched png called asr_1.PNG
  The Full Access Group (called AccessCompleto) is on the attached png called asr_2.PNG
  I associated this Shell Authorization sets to two users group. (Network Administrator and Network Viewer).
  The first one with Level 15 and the second one with Level 7. (Attached file ACS_1.png and ACS_2.png)
  Can you tell me if the ACS configuration is right and which configuration is needed on the ASR?
  The ACS Release is 4.2(0) Build 124.
  Tnx
  Leonardo

  Hi Leonardo,
  In XR we have the concept of tasks and taskgroup for determining what a user can do, and we recommend using this. For tasks we have the read/write/execute/debug permissions.
  For instance to run 'show bgp summary' we need the read permission on the task BGP. Instead of assigning individual permissions per user we can create a taskgroup and the user can inherit everything from a taskgroup.
  So for instance we can add read BGP, read OSPF, and read system to the taskgroup test. We can then have the user inherit the taskgroup test and get all the permissions that taskgroup has. We can inherit multiple tasks and taskgroups.
  In addition we have some predefined task groups (for the full access user you will want the cisco-support and root-system taskgroups).
  You can find some more information in the following posts
  http://www.cisco.com/c/en/us/td/docs/routers/asr9000/software/asr9k_r4-3/security/configuration/guide/b_syssec_cg43xasr9k/b_syssec_cg43asr9k_chapter_010.html
  https://supportforums.cisco.com/docs/DOC-15944
  HTH,
  Sam

• CIsco ASR 9006

  Hello All,
  I am configuring Netflow on ASR 9006 IOS-XR. I need to be able to specify specify flow records (basically flexible Netflow) and configure flow aggregation based on destination prefix. This is not possible with the device.
  I will be glad if anyone could help with this challenge.
  Thanks.

  Hi Leonardo,
  In XR we have the concept of tasks and taskgroup for determining what a user can do, and we recommend using this. For tasks we have the read/write/execute/debug permissions.
  For instance to run 'show bgp summary' we need the read permission on the task BGP. Instead of assigning individual permissions per user we can create a taskgroup and the user can inherit everything from a taskgroup.
  So for instance we can add read BGP, read OSPF, and read system to the taskgroup test. We can then have the user inherit the taskgroup test and get all the permissions that taskgroup has. We can inherit multiple tasks and taskgroups.
  In addition we have some predefined task groups (for the full access user you will want the cisco-support and root-system taskgroups).
  You can find some more information in the following posts
  http://www.cisco.com/c/en/us/td/docs/routers/asr9000/software/asr9k_r4-3/security/configuration/guide/b_syssec_cg43xasr9k/b_syssec_cg43asr9k_chapter_010.html
  https://supportforums.cisco.com/docs/DOC-15944
  HTH,
  Sam

• ASR 9001 Cluster (Nv)

  Dear ASR9000 experts,
  If using 2 x ASR9001 with the Cluster technology (starting on the 4.3.0) can we assume that we can achieve processor redundancy ? For instance, if the active RP on the ASR9001 #1 fails can we assume that the standby RP on the ASR9001 #2 will assume the job in hands and that LC on the #1 and #2 chassis will continue forwarding NSR style ?
  Thanks !

  Hi Sam
  I'm using XR 4.3.2 on two ASR9001. I've connected the cluster ports with GLC-SX-MMD in Port 0 and SFP-10G-SR in Port 1. They both work. You cannot see them in show inventory (not even in show inventory raw).
  RP/0/RSP0/CPU0:Jan  7 00:40:44.150 : cluster_clm_rp[166]: %PLATFORM-CLUSTER_CLM-6-UPDN : Interface 14 (Clustering Port0) is Up
  RP/1/RSP0/CPU0:Jan  7 00:42:46.744 : cluster_clm_rp[166]: %PLATFORM-CLUSTER_CLM-6-UPDN : Interface 14 (Clustering Port0) is Up
  RP/0/RSP0/CPU0:Jan  7 00:51:35.519 : cluster_clm_rp[166]: %PLATFORM-CLUSTER_CLM-6-UPDN : Interface 15 (Clustering Port1) is Up
  RP/1/RSP0/CPU0:Jan  7 00:51:37.944 : cluster_clm_rp[166]: %PLATFORM-CLUSTER_CLM-6-UPDN : Interface 15 (Clustering Port1) is Up
  The good news is that GLC-SX-MMD is working!
  Thanks, kind regards,
  Edi

• Ask the Experts: Understanding Cisco ASR 9000 Series Aggregation Services Routers Platform Architecture and Packet Forwarding Troubleshooting

  With Xander Thuijs
  Welcome to the Cisco Support Community Ask the Expert conversation. This is an opportunity to learn how to Cisco ASR 9000 Series Aggregation Services Routers with Cisco expert Xander Thuijs. The Cisco ASR 9000 Series Aggregation Services Routers product family offers a significant added value compared to the prior generations of carrier Ethernet routing offerings. The Cisco ASR 9000 Series is an operationally simple, future-optimized platform using next-generation hardware and software. The ASR 9000 platform family is composed of the Cisco ASR 9010 Router, the Cisco ASR 9006 Router, the Cisco ASR 9922 Router, Cisco ASR 9001 Router and the Cisco ASR 9000v Router.
  This is a continuation of the live Webcast.
  Xander Thuijs is a principal engineer for the Cisco ASR 9000 Series and Cisco IOS-XR product family at Cisco. He is an expert and advisor in many technology areas, including IP routing, WAN, WAN switching, MPLS, multicast, BNG, ISDN, VoIP, Carrier Ethernet, System Architecture, network design and many others. He has more than 20 years of industry experience in carrier Ethernet, carrier routing, and network access technologies. Xander  holds a dual CCIE certification (number 6775) in service provider and voice technologies. He has a master of science degree in electrical engineering from Hogeschool van University in Amsterdam.
  Remember to use the rating system to let Xander know if you have received an adequate response.
  Xander might not be able to answer each question because of the volume expected during this event. Remember that you can continue the conversation on the Service Providers community XR OS And Platforms  shortly after the event. This event lasts through Friday, May 24, 2013. Visit this forum often to view responses to your questions and the questions of other Cisco Support Community members.
  Webcast  related links:
  Slides
  Webcast  Video Recording
  FAQ

  Is there a Cisco lab available for ASR 9000
  we have "XR4U" stations coming available soon when XR 511 comes alive. The plan is for a downloadable play image like that. In the interim we have 2 demo systems available, and they can be booked via your account manager representative.
  How will MOD160 perform with multiple 9000NVS?
  very well. the mod 160 has 4 NPU's, 2 per bay. So if you have a 4x10 MPA to serve a satellite, you effectively have a single NPU per 20 1Gigs from the satellite. The pps performance will be stellar. However it might be price technically more ideal to connect satellite with a 36x10. Since the MOD-x has native MPA's with 1G also.
       2. Is there a shortcut for a Bundle-EthernetX interface, such as port-channel interface (poX), in Cisco IOS® ?.
  usability enhancement is there, we are trying to push this into a new reasonable release. follow CSCuh04526
       3. What  is the revolutions per minute (RPM) on these hard disk drives (HDDs)  compared to the solid state drives (SDDs)? Will the spinning drives be  slow?
  depends on the type we had avaialble at time of production, you will see different sizes and disks on the RSP2. the rpm of the HD is not so much an issue as much as the buffered writing we used to do in XR. This is fixed up with XR43 where the disk writing performance is much better. the HD/SDD is used for logging storage only (and maybe your pictures) but other then that we're not that concerned with write perf of the HD.
  regards
  xander

• Any experience with NFS failover in Sun Cluster?

  Hello,
  I am planning to install dual-node Sun Cluster for NFS failover configuration. The SAN storage is shared between nodes via Fibre Channel. The NFS shares will be manually assigned to nodes and should fail over / takeback between nodes.
  Is this setup tested well? How the NFS clients survive the failover (without "stale NFS handle" errrors)? Does it work smoothly for Solaris,Linux,FreeBSD clients?
  Please share your experience.
  TIA,
  -- Leon

  My 3 year old linux installtion on my laptop, which is my NFS client most of the time uses udp as default (kernel 2.4.19).
  Anyway the key is that the NFS client, or better, the RPC implementation on the client is intelligent enough to detect a failed TCP connection and tries to reestablish it with the same IP address. Now once the cluster has failed over the logical IP the reconnect will be successful and NFS traffic continues as if nothing bad had happened. This only(!) works if the NFS mount was done with the "hard" option. Only this makes the client retry the connection.
  Other "dumb" TCP based applications might not retry and thus would need manual intervention.
  Regarding UFS or PxFS, it does not make a difference. NFS does not know the difference. It shares a mount point.
  Hope that helped.

• VSM with NAT Between two ASR routers

  We are new to the ASR platform and IOS XR.  We have two new ASR 9006's with the VSM module.  These two routers are not yet in production so we can play around with them.  We will be moving the NAT functionality from our firewalls to these two routers.  Is it possible for these two routers to share NAT translations?  It is entirely possible that outbound traffic could be NAT'ed out one of these ASR's and the return traffic come through the other ASR.  In this scenario how is the NAT translation handled?  I've not had much luck finding documentation on this specific topic.
  Thanks,
  Marc

  Hi,
  To my understanding its not possible to connect to an ASA interface through interface other than the interface where the IP address is located.
  In other words you are not able to connect from behind "inside" to the IP address of "mgmt" interface
  I will try to find you a link to some Cisco documentation stating this. (I have never really had to find it though)
  - Jouni

• BGP Next-hop conflict with MPLS Label.

  Hi, Experts
  Equipment: Cisco ASR9922, IOS-XR 4.3.2
  Issue: I have problem that my RR do the next-hop-self by using route-policy for client routers, the next-hop is changed as intended but the MPLS label doesn’t changed to reflect the new next-hop.
  What I would like to achieve: I would like RR to set next-hop-self only for selected prefixes(172.168.0.0/24, 0.0.0.0/0) but maintain original next-hop for the rest, I do this by using route-policy.
  Detail:
  I have routers running MPLS infrastructure with ASR9922 as an RR. RN router is in neighbor-group RN and CPE-xx routers are in neighbor-group AN.
  •-       Every routers are in same BGP AS64549.
  •-       RN sends prefixes 0.0.0.0/0 and 172.168.0.0/24 to RR.
  •-       CPE-25 sends prefix 192.168.25.1/32 to RR.
  Neighbor-group AN has the route-policy AN-OUT2 to set next-hop of prefix 172.168.0.0/24 and 0.0.0.0/0 to RR#loopback1 before send out update to CPE routers. Below is BGP and RPL configuration at RR.
  router bgp 64549
  nsr
  bgp graceful-restart
  ibgp policy out enforce-modifications
  address-family vpnv4 unicast
    additional-paths receive
    additional-paths send
    additional-paths selection route-policy ADD-PATH-iBGP
    retain route-target all
  neighbor-group AN
    remote-as 64549
    cluster-id 172.16.1.11
    update-source Loopback1
    address-family vpnv4 unicast
     route-reflector-client
     route-policy AN-OUT2 out
     soft-reconfiguration inbound
  route-policy AN-OUT2
    if destination in DEFAULT or destination in RNC then
      set next-hop 192.168.10.11
    else
      pass
    endif
  end-policy
  This is what RR advertises to CPE-24
  RP/0/RP0/CPU0:RR#show bgp vpnv4 unicast neighbors 192.168.10.24 advertised-routes
  Fri Dec 20 15:23:14.931 BKK
  Network            Next Hop        From            AS Path
  Route Distinguisher: 64549:3339
  0.0.0.0/0          192.168.10.11   172.16.1.1      ?
                                     172.16.1.2      ?
  172.168.0.0/24     192.168.10.11   172.16.1.1      ?
                                     172.16.1.2      ?
  192.168.0.1/32     192.168.10.11   192.168.10.24   i
  192.168.0.26/32    192.168.10.26   192.168.10.26   i
  192.168.25.1/32    192.168.10.25   192.168.10.25   i
  192.168.211.8/30   192.168.10.22   192.168.10.22   i
  The IP part works as intended but MPLS Label doesn’t work as intended. Please take a look at RN who is originates 172.168.0.0/24, label 16025 is locally assigned.
  RP/0/RP0/CPU0:RN1#show bgp vpnv4 unicast labels
  Status codes: s suppressed, d damped, h history, * valid, > best
                i - internal, r RIB-failure, S stale, N Nexthop-discard
  Origin codes: i - IGP, e - EGP, ? - incomplete
     Network            Next Hop        Rcvd Label      Local Label
  Route Distinguisher: 64549:3339 (default for vrf VLAN3339)
  *> 0.0.0.0/0          0.0.0.0         nolabel         16025          
  * i                   172.16.1.11     16068           16025          
  * i                   172.16.1.13     16033           16025          
  *> 172.168.0.0/24     0.0.0.0         nolabel         16025          
  * i                   172.16.1.11     16059           16025          
  * i                   172.16.1.13     16024           16025          
  172.168.0.0/24 at RR, label 16059 is locally assigned, label 16025 is receive from RN router. It should send 172.168.0.0/24 with label 16059 to CPE-24 to reflect next-hop changed.
  RP/0/RSP0/CPU0:RR#show bgp vpnv4 unicast labels
  Status codes: s suppressed, d damped, h history, * valid, > best
                i - internal, r RIB-failure, S stale, N Nexthop-discard
  Origin codes: i - IGP, e - EGP, ? - incomplete
     Network            Next Hop        Rcvd Label      Local Label
  Route Distinguisher: 64549:3339
  *>i0.0.0.0/0          172.16.1.1      16025           16068          
  * i                   172.16.1.2      16007           16068          
  *>i172.168.0.0/24     172.16.1.1      16025           16059          
  * i                   172.16.1.2      16007           16059          
  *>i192.168.0.1/32     192.168.10.24   131070          16060          
  *>i192.168.25.1/32    192.168.10.25   131070          16062          
  *>i192.168.211.8/30   192.168.10.22   131070          16065          
  What I found at CPE-24 which is Alcatel router is that, RR send prefix 172.168.0.0/24, nh 192.168.10.11 with label 16025 which is incorrect.
  A:CPE-24# show router bgp routes vpn-ipv4 172.168.0.0/24
  ===============================================================================
  BGP Router ID:192.168.10.24    AS:64549       Local AS:64549     
  ===============================================================================
  Legend -
  Status codes  : u - used, s - suppressed, h - history, d - decayed, * - valid
  Origin codes  : i - IGP, e - EGP, ? - incomplete, > - best, b - backup
  ===============================================================================
  BGP VPN-IPv4 Routes
  ===============================================================================
  Flag  Network                                            LocalPref   MED
        Nexthop                                            Path-Id     VPNLabel
        As-Path                                                       
  u*>?  64549:3339:172.168.0.0/24                          100         0
        192.168.10.11                                      None        16025
        No As-Path                                                     
  Routes : 1
  ===============================================================================
  On RR If I just remove the policy and do the next-hop-self under vpv4 address family, CPE-24 will get corrent nh with correct label(16059) but that won’t achieve our requirement to change nh only on selected prefixes. Is this software problem? Or is there any solution to work around?
  Regard,
  Marit

  Hello Marit,
  I am able to recreate this in the lab, and unfortunately this scenario is not supported. BGP does not advertise allocated label if we set nexhop using route policy. The only way is by next-hop-self configured on RR, and yes it eventually will applies to all prefixes advertised to neighbor-group AN. Currently i do not have workaround available.
  Below is the capture of what i have tested in the lab:
  The topology:
  CRS-4-02 ---------- CRS-8-01 ------------ ASR-9006-1
  CRS-8-01 is Route-reflector of CRS-4-02 and ASR-9006-1.
  CRS-4-02 advertise some prefixes.
  This issue occurs when RR have route-policy toward ASR-9006-1, where it assign incorrect label. But it assign correct label if CRS-8-01 use next-hop-self.
  Below is the test done in the lab if RR use next-hop-self:
  RP/0/RP0/CPU0:CRS-4-02#show run router bgp
  Tue Jan  7 08:16:18.945 UTC
  router bgp 1
  bgp router-id 172.16.4.1
  ibgp policy out enforce-modifications
  address-family ipv4 unicast
  address-family vpnv4 unicast
  neighbor 172.16.8.3
    remote-as 1
    update-source Loopback0
    address-family ipv4 unicast
    address-family vpnv4 unicast
     route-policy PASS in
     route-policy PASS out
  vrf RTAMAELA
    rd 100:1
    address-family ipv4 unicast
     redistribute connected
  RP/0/RP0/CPU0:CRS-4-02#show bgp vpnv4 unicast advertised  summary
  Tue Jan  7 08:16:29.001 UTC
  Network            Next Hop        From             Advertised to
  Route Distinguisher: 100:1
  78.22.11.2/32      172.16.4.1      Local            172.16.8.3
  78.22.11.3/32      172.16.4.1      Local            172.16.8.3
  93.22.15.61/32     172.16.4.1      Local            172.16.8.3
  RP/0/RP0/CPU0:CRS-4-02#
  RP/0/RP0/CPU0:CRS-4-02#show bgp vpnv4 unicast labels
  Tue Jan  7 08:16:53.655 UTC
  BGP router identifier 172.16.4.1, local AS number 1
  BGP generic scan interval 60 secs
  BGP table state: Active
  Table ID: 0x0
  BGP main routing table version 57
  BGP scan interval 60 secs
  Status codes: s suppressed, d damped, h history, * valid, > best
                i - internal, r RIB-failure, S stale
  Origin codes: i - IGP, e - EGP, ? - incomplete
     Network            Next Hop        Rcvd Label      Local Label
  Route Distinguisher: 100:1 (default for vrf RTAMAELA)
  *>i22.51.32.77/32     172.16.8.3      16056           nolabel
  *> 78.22.11.2/32      0.0.0.0         nolabel         16003
  *> 78.22.11.3/32      0.0.0.0         nolabel         16003
  *> 93.22.15.61/32     0.0.0.0         nolabel         16003
  Processed 4 prefixes, 4 paths
  RP/0/RP0/CPU0:CRS-4-02#
  RP/0/RP1/CPU0:CRS-8-01#show run router bgp
  Wed Jan  8 11:07:05.436 UTC
  router bgp 1
  bgp graceful-restart
  ibgp policy out enforce-modifications
  address-family ipv4 unicast
    allocate-label all
  address-family vpnv4 unicast
    retain route-target all
  neighbor-group AN
    remote-as 1
    update-source Loopback0
    address-family vpnv4 unicast
     route-reflector-client
     next-hop-self                              <-- use next-hop-self toward ASR-9006-1
     soft-reconfiguration inbound
  neighbor-group RN
    remote-as 1
    update-source Loopback0
    graceful-restart
    address-family vpnv4 unicast
     route-reflector-client
     next-hop-self
     soft-reconfiguration inbound
  neighbor 10.10.10.10
    remote-as 1
    address-family ipv4 unicast
  neighbor 72.15.48.5
    use neighbor-group AN
  neighbor 172.16.4.1
    use neighbor-group RN
  RP/0/RP1/CPU0:CRS-8-01#show bgp vpnv4 unicast labels
  Wed Jan  8 11:07:09.091 UTC
  BGP router identifier 172.16.8.3, local AS number 1
  BGP generic scan interval 60 secs
  BGP table state: Active
  Table ID: 0x0   RD version: 344169
  BGP main routing table version 92
  BGP scan interval 60 secs
  Status codes: s suppressed, d damped, h history, * valid, > best
                i - internal, r RIB-failure, S stale
  Origin codes: i - IGP, e - EGP, ? - incomplete
     Network            Next Hop        Rcvd Label      Local Label
  Route Distinguisher: 100:1
  *>i22.51.32.77/32     72.15.48.5      16000           16056
  *>i78.22.11.2/32      172.16.4.1      16003           16053
  *>i78.22.11.3/32      172.16.4.1      16003           16054
  *>i93.22.15.61/32     172.16.4.1     16003           16055
  Processed 4 prefixes, 4 paths
  RP/0/RP1/CPU0:CRS-8-01#
  RP/0/RSP1/CPU0:ASR-9006-01#show run router bgp
  Wed Jan  8 17:02:02.796 UTC
  router bgp 1
  bgp router-id 72.15.48.5
  bgp graceful-restart
  ibgp policy out enforce-modifications
  address-family ipv4 unicast
  address-family vpnv4 unicast
    retain route-target all
  neighbor-group RR
    remote-as 1
    update-source Loopback0
    graceful-restart
    address-family vpnv4 unicast
     route-reflector-client
     soft-reconfiguration inbound
  neighbor 172.16.8.3
    use neighbor-group RR
  neighbor 192.169.1.2
    remote-as 1
    update-source Loopback0
    address-family vpnv4 unicast
     route-policy PASS in
     route-policy PASS out
  vrf RTAMAELA
    rd 100:1
    address-family ipv4 unicast
     redistribute connected
  RP/0/RSP1/CPU0:ASR-9006-01#show bgp vpnv4 unicast labels
  Wed Jan  8 17:02:04.381 UTC
  BGP router identifier 72.15.48.5, local AS number 1
  BGP generic scan interval 60 secs
  BGP table state: Active
  Table ID: 0x0   RD version: 253825
  BGP main routing table version 126
  BGP scan interval 60 secs
  Status codes: s suppressed, d damped, h history, * valid, > best
                i - internal, r RIB-failure, S stale
  Origin codes: i - IGP, e - EGP, ? - incomplete
     Network            Next Hop        Rcvd Label      Local Label
  Route Distinguisher: 100:1 (default for vrf RTAMAELA)
  *> 22.51.32.77/32     0.0.0.0         nolabel         16000
  *>i78.22.11.2/32      172.16.8.3      16053           nolabel          <== 172.16.8.3 is the loopback address of CRS-8-01
  *>i78.22.11.3/32      172.16.8.3      16054           nolabel
  *>i93.22.15.61/32     172.16.8.3      16055           nolabel
  Processed 4 prefixes, 4 paths
  RP/0/RSP1/CPU0:ASR-9006-01#
  From output above we can see that ASR-9006-01 received correct label for each prefix.
  Below is the output with route-policy configured and ASR-9006-01 receive incorrect label:
  RP/0/RP1/CPU0:CRS-8-01#show run router bgp
  Wed Jan  8 11:04:46.310 UTC
  router bgp 1
  bgp graceful-restart
  ibgp policy out enforce-modifications
  address-family ipv4 unicast
    allocate-label all
  address-family vpnv4 unicast
    retain route-target all
  neighbor-group AN
    remote-as 1
    update-source Loopback0
    address-family vpnv4 unicast
     route-reflector-client
     route-policy RTAMAELA out
     soft-reconfiguration inbound
  neighbor-group RN
    remote-as 1
    update-source Loopback0
    graceful-restart
    address-family vpnv4 unicast
     route-reflector-client
     next-hop-self
     soft-reconfiguration inbound
  neighbor 72.15.48.5
    use neighbor-group AN
  neighbor 172.16.4.1
    use neighbor-group RN
  RP/0/RP1/CPU0:CRS-8-01#show run route-policy RTAMAELA
  Wed Jan  8 11:16:06.847 UTC
  route-policy RTAMAELA
    if destination in RNC then
      set next-hop 172.16.8.3
    else
      pass
    endif
  end-policy
  RP/0/RP1/CPU0:CRS-8-01#show run prefix-set RNC
  Wed Jan  8 11:16:12.099 UTC
  prefix-set RNC
    78.22.11.3/32
  end-set
  RP/0/RP1/CPU0:CRS-8-01#show bgp vpnv4 unicast labels
  Wed Jan  8 11:04:33.512 UTC
  BGP router identifier 172.16.8.3, local AS number 1
  BGP generic scan interval 60 secs
  BGP table state: Active
  Table ID: 0x0   RD version: 344013
  BGP main routing table version 92
  BGP scan interval 60 secs
  Status codes: s suppressed, d damped, h history, * valid, > best
                i - internal, r RIB-failure, S stale
  Origin codes: i - IGP, e - EGP, ? - incomplete
     Network            Next Hop        Rcvd Label      Local Label
  Route Distinguisher: 100:1
  *>i22.51.32.77/32     72.15.48.5      16000           16056
  *>i78.22.11.2/32      172.16.4.1      16003           16053
  *>i78.22.11.3/32      172.16.4.1      16003           16054
  *>i93.22.15.61/32     172.16.4.1      16003           16055
  Processed 4 prefixes, 4 paths
  RP/0/RP1/CPU0:CRS-8-01#
  RP/0/RSP1/CPU0:ASR-9006-01#show run router bgp
  Wed Jan  8 16:59:41.601 UTC
  router bgp 1
  bgp router-id 72.15.48.5
  bgp graceful-restart
  ibgp policy out enforce-modifications
  address-family ipv4 unicast
  address-family vpnv4 unicast
    retain route-target all
  neighbor-group RR
    remote-as 1
    update-source Loopback0
    graceful-restart
    address-family vpnv4 unicast
     route-reflector-client
     soft-reconfiguration inbound
  neighbor 172.16.8.3
    use neighbor-group RR
  neighbor 192.169.1.2
    remote-as 1
    update-source Loopback0
    address-family vpnv4 unicast
     route-policy PASS in
     route-policy PASS out
  vrf RTAMAELA
    rd 100:1
    address-family ipv4 unicast
     redistribute connected
  RP/0/RSP1/CPU0:ASR-9006-01#show bgp ipv4 unicast labels
  Wed Jan  8 16:59:52.173 UTC
  RP/0/RSP1/CPU0:ASR-9006-01#show bgp vpnv4 unicast labels
  Wed Jan  8 17:00:00.457 UTC
  BGP router identifier 72.15.48.5, local AS number 1
  BGP generic scan interval 60 secs
  BGP table state: Active
  Table ID: 0x0   RD version: 253701
  BGP main routing table version 123
  BGP scan interval 60 secs
  Status codes: s suppressed, d damped, h history, * valid, > best
                i - internal, r RIB-failure, S stale
  Origin codes: i - IGP, e - EGP, ? - incomplete
     Network            Next Hop        Rcvd Label      Local Label
  Route Distinguisher: 100:1 (default for vrf RTAMAELA)
  *> 22.51.32.77/32     0.0.0.0         nolabel         16000
  *>i78.22.11.2/32      172.16.4.1      16003           nolabel
  *>i78.22.11.3/32      172.16.8.3      16003           nolabel   <-- It receive label 16003, which is wrong. it should receive label 16054.
  *>i93.22.15.61/32     172.16.4.1      16003           nolabel
  Processed 4 prefixes, 4 paths
  RP/0/RSP1/CPU0:ASR-9006-01#
  Rivalino

• Multi-Instance BGP

  BGP Multi-instance was supposed to be released in XR 4.2, I could not find any mention of it in the Release notes for 4.2, 4.3, & 5.1?
  How do I find out if it was implemented and if so how to configure it, if not if it is still on the road map?
  Thanks,
  John

  Hello,
  It is in release note XR .4.2:
  http://www.cisco.com/en/US/docs/routers/asr9000/software/asr9k_r4.2/general/release/notes/reln_a9k_42.html
  And some writing on Cisco doc:
  http://www.cisco.com/en/US/docs/routers/crs/software/crs_r4.2/routing/configuration/guide/b_routing_cg42crs_chapter_01.html#concept_E6B1D3D6B8CA4742AED837B3A94E826F
  Below is the example what i did in my lab running 4.2.3:
  RP/0/RSP1/CPU0:ASR-9006-01#show run router bgp
  Fri Jan 31 21:05:02.170 UTC
  router bgp 1 instance IPV4
  bgp router-id 72.15.48.5
  bgp graceful-restart
  ibgp policy out enforce-modifications
  address-family ipv4 unicast
    redistribute connected
    allocate-label all
  address-family vpnv4 unicast
    retain route-target all
  neighbor 172.16.8.3
    remote-as 1
    update-source Loopback0
    address-family ipv4 labeled-unicast
     route-policy PASS in
     route-policy PASS out
  router bgp 1 instance IPV6
  bgp router-id 99.2.3.4
  address-family ipv6 unicast
    redistribute connected
  thanks,
  rivalino

• ASR9K Series devices inventory is not working.

  Hi all.  Inventory in CiscoWorks with new devices ASR9K Series is not working. CW version: LMS3.2.1. Device: ASR-9006 AC Chassis. Credentials correct. Can any help me?
  Screenshot1: inventory request fail.
  Screenshot2: RME knows Cisco ASR9006 Router.

  Hello again and thx for advice,
  I've tried the solution from Cisco for this bug (CSCte95623 ), by manipulating delays values in cmdsvc.properties file and restarting cfgmngmt process. I've changed delay values in very different manner (delay after connect, tunesleepmills, login, e.t.c). Unfortunately this solution didn't help. A CDA work for  SSH fails all the time. Also i've manipulated
  ssh rate-limit and ssh session-limit values on device. It's a pity that opportunity to set on only sshv1 on device doesn't exist, so CW tries to connect only with sshv2 and there is no chance to check how it work with sshv1.
  I'm becoming a bit desperate about that issue. Any ideas?!
  There is some output from ssh debugs on device:
  debug ssh server
  RP/0/RSP1/CPU0:May 31 12:02:14.068 : SSHD_[1114]: Spawned new child process 5869901
  RP/0/RSP1/CPU0:May 31 12:02:14.149 : SSHD_[65869]: Client sockfd 3
  RP/0/RSP1/CPU0:May 31 12:02:14.151 : SSHD_[65869]: Setting IP_TOS value:192
  RP/0/RSP1/CPU0:May 31 12:02:14.152 : SSHD_[65869]: After setting socket options, sndbuf33792, rcvbuf - 33792
  RP/0/RSP1/CPU0:May 31 12:02:14.153 : SSHD_[65869]: Connection from ------------ port ---------
  RP/0/RSP1/CPU0:May 31 12:02:14.158 : SSHD_[65869]: (addrem_ssh_info_tuple) user:()
  RP/0/RSP1/CPU0:May 31 12:02:14.162 : SSHD_[65869]: Session id 0
  RP/0/RSP1/CPU0:May 31 12:02:14.162 : SSHD_[65869]: Exchanging versions
  RP/0/RSP1/CPU0:May 31 12:02:14.164 : SSHD_[65869]: %SECURITY-SSHD-6-INFO_GENERAL : Client ------ closes socket connection
  RP/0/RSP1/CPU0:May 31 12:02:14.164 : SSHD_[65869]: %SECURITY-SSHD-3-ERR_GENERAL : Failed in version exchange
  RP/0/RSP1/CPU0:May 31 12:02:14.164 : SSHD_[65869]: In cleanup code, pid:5869901, sig rcvd:0, state:1
  RP/0/RSP1/CPU0:May 31 12:02:14.166 : SSHD_[65869]: Cleanup sshd process 5869901, session id 0
  RP/0/RSP1/CPU0:May 31 12:02:14.171 : SSHD_[65869]: Closing connection to --------
  RP/0/RSP1/CPU0:May 31 12:02:14.171 : SSHD_[65869]: Sending Disconnect msg
  RP/0/RSP1/CPU0:May 31 12:02:14.172 : SSHD_[65869]: sshd_shm_acquire_lock: SHM Lock is NULL
  RP/0/RSP1/CPU0:May 31 12:02:14.172 : SSHD_[65869]: sshd_shm_unlock: SHM Lock is NULL
  RP/0/RSP1/CPU0:May 31 12:02:14.184 : SSHD_[1114]: Signal 18 received in handler: pid 5869901
  RP/0/RSP1/CPU0:May 31 12:02:14.207 : SSHD_[1114]: ratelimit_msecs:1000.000000, ratelimit_count:1
  RP/0/RSP1/CPU0:May 31 12:02:14.207 : SSHD_[1114]: elapsed:145.976000, ratelimit_msecs:1000.000000, count:1
  RP/0/RSP1/CPU0:May 31 12:02:14.207 : SSHD_[1114]: %SECURITY-SSHD-6-INFO_GENERAL : Incoming SSH session rate limit exceeded
  And CDA ssh work log from CW:
  Thu May 31  12:10:17 MSD 2012 ],INFO ,[Thread-1],com.cisco.nm.rmeng.util.rmedaa.RMEDeviceContext,getCmdSvc,1571,Iam inside ssh ....
  [ Thu May 31  12:10:17 MSD 2012 ],INFO ,[Thread-1],com.cisco.nm.rmeng.util.rmedaa.RMEDeviceContext,getCmdSvc,1573,Initial time_out : 0
  [ Thu May 31  12:10:17 MSD 2012 ],INFO ,[Thread-1],com.cisco.nm.rmeng.util.rmedaa.RMEDeviceContext,getCmdSvc,1583,Computed time_out : 30
  [ Thu May 31  12:10:17 MSD 2012 ],INFO ,[Thread-1],com.cisco.nm.rmeng.util.rmedaa.RMEDeviceContext,getCmdSvc,1599,After computing time_out : 30
  [ Thu May 31  12:10:17 MSD 2012 ],INFO ,[Thread-1],com.cisco.nm.rmeng.util.rmedaa.RMEDeviceContext,getSshCmdSvc,1637,inside getSshCmdSvc with timeout : 30000
  [ Thu May 31  12:10:17 MSD 2012 ],INFO ,[Thread-1],com.cisco.nm.rmeng.util.rmedaa.RMEDeviceContext,getSshProtocols,1743,Inside getsshprotocols with time out : 30000
  [ Thu May 31  12:10:17 MSD 2012 ],INFO ,[Thread-1],com.cisco.nm.rmeng.util.rmedaa.RMEDeviceContext,getSshCmdSvc,1651,SSH2 is running
  [ Thu May 31  12:10:17 MSD 2012 ],INFO ,[Thread-1],com.cisco.nm.xms.xdi.pkgs.LibCda.CmdSvc_CDACredTypeHandler,verify,136,Got CmdSvc for SSH
  [ Thu May 31  12:10:17 MSD 2012 ],INFO ,[Thread-1],com.cisco.nm.xms.xdi.pkgs.LibCda.CmdSvc_CDACredTypeHandler,verify,141,Before Resetting the counters i.e before invoking counters for CredType :: SSH
  [ Thu May 31  12:10:17 MSD 2012 ],INFO ,[Thread-1],com.cisco.nm.xms.xdi.pkgs.LibCda.CmdSvc_CDACredTypeHandler,verify,151,After Resetting the counters i.e before invoking counters for CredType :: SSH
  [ Thu May 31  12:10:17 MSD 2012 ],INFO ,[Thread-1],com.cisco.nm.xms.xdi.pkgs.LibCda.CmdSvc_CDACredTypeHandler,verify,156,Getting Primary credentails to reset again to Primary only..
  [ Thu May 31  12:10:17 MSD 2012 ],INFO ,[Thread-1],com.cisco.nm.xms.xdi.pkgs.LibCda.CmdSvc_CDACredTypeHandler,verify,201,trying to connect for SSH
  [ Thu May 31  12:10:18 MSD 2012 ],ERROR,[Thread-1],com.cisco.nm.xms.xdi.pkgs.LibCda.CmdSvc_CDACredTypeHandler,verify,272,Got CmdSvcException com.cisco.nm.lib.cmdsvc.CmdSvcException: java.net.SocketException: Connection reset
      at com.cisco.nm.lib.cmdsvc.OpConnect.invoke(OpConnect.java:57)
      at com.cisco.nm.lib.cmdsvc.SessionContext.invoke(SessionContext.java:299)
      at com.cisco.nm.lib.cmdsvc.Engine.process(Engine.java:57)
      at com.cisco.nm.lib.cmdsvc.LocalProxy.process(LocalProxy.java:22)
      at com.cisco.nm.lib.cmdsvc.CmdSvc.connect(CmdSvc.java:190)
      at com.cisco.nm.lib.cmdsvc.CmdSvc.connect(CmdSvc.java:166)
      at com.cisco.nm.xms.xdi.pkgs.LibCda.CmdSvc_CDACredTypeHandler.verify(CmdSvc_CDACredTypeHandler.java:202)
      at com.cisco.nm.xms.xdi.pkgs.LibCda.GenericCdaHandler.checkSanity(GenericCdaHandler.java:37)
      at com.cisco.nm.rmeng.inventory.cda.job.DoCDAonDevice.checkSanity(CdaJobEngine.java:1565)
      at com.cisco.nm.rmeng.inventory.cda.job.DoCDAonDevice.run(CdaJobEngine.java:1429)
      at com.cisco.nm.rmeng.inventory.cda.job.CdaJobMonitor$ExecutorThread.run(CdaJobMonitor.java:244)
  [ Thu May 31  12:10:18 MSD 2012 ],ERROR,[Thread-1],com.cisco.nm.xms.xdi.pkgs.LibCda.CmdSvc_CDACredTypeHandler,verify,308,exception occured at the time of closing cmdsvccom.cisco.nm.lib.cmdsvc.CmdSvcException: java.net.SocketException: Connection reset
      at com.cisco.nm.lib.cmdsvc.OpConnect.invoke(OpConnect.java:57)
      at com.cisco.nm.lib.cmdsvc.SessionContext.invoke(SessionContext.java:299)
      at com.cisco.nm.lib.cmdsvc.Engine.process(Engine.java:57)
      at com.cisco.nm.lib.cmdsvc.LocalProxy.process(LocalProxy.java:22)
      at com.cisco.nm.lib.cmdsvc.CmdSvc.connect(CmdSvc.java:190)
      at com.cisco.nm.lib.cmdsvc.CmdSvc.connect(CmdSvc.java:166)
      at com.cisco.nm.xms.xdi.pkgs.LibCda.CmdSvc_CDACredTypeHandler.verify(CmdSvc_CDACredTypeHandler.java:202)
      at com.cisco.nm.xms.xdi.pkgs.LibCda.GenericCdaHandler.checkSanity(GenericCdaHandler.java:37)
      at com.cisco.nm.rmeng.inventory.cda.job.DoCDAonDevice.checkSanity(CdaJobEngine.java:1565)
      at com.cisco.nm.rmeng.inventory.cda.job.DoCDAonDevice.run(CdaJobEngine.java:1429)
      at com.cisco.nm.rmeng.inventory.cda.job.CdaJobMonitor$ExecutorThread.run(CdaJobMonitor.java:244)
  [ Thu May 31  12:10:18 MSD 2012 ],INFO ,[Thread-1],com.cisco.nm.xms.xdi.pkgs.LibCda.CmdSvc_CDACredTypeHandler,verify,310,Some exception not handled....
  [ Thu May 31  12:10:18 MSD 2012 ],INFO ,[Thread-1],com.cisco.nm.xms.xdi.pkgs.LibCda.CmdSvc_CDACredTypeHandler,verify,312,Not for enable test

• Parameter changes prevent SAP from starting

  Hello all,
  We are running SAP ERP 4.7ext 2.00 with two nodes in a Windows/MSSQL Cluster environment.
  1.     Last night, we made parameter changes to the central instance profile. In particular, we started with  adding the parameter “enque/table_size = 16384”, activated the profile and took the SAP R/3 RP1 Resource offline. We then tried to bring it back online but it went into a failed status. We removed this parameter using a text editor, and then retried to bring the SAP Resource online again, but to no avail – it went into a failed state again.
  2.     We had previously made backups of the profile files created by the reinstallation of the central instance (DEFAULT, START_DVEBMGS00_ZAASAPCCI001,  and RP1_DVEBMGS00_ZAASAPCCI001 – let’s call this File Set A.) and decided to use these files instead.  These files had the default parameters created on installation. We were successful in bringing the SAP resource online.
  3,     We made a parameter change and activated the profile in SAP – it does not matter which parameter you choose, for example, changing the number of dialog work processes from the default 2 to 20 . We took the SAP R/3 RP1 Resource offline but were unable to bring it back online - it went into a failed status.
  4.     We then took File Set A, and using a text editor  (1) made changes to the number of work processes; and (2) appended the extra parameters to them. Using these files we were now successful in bringing the SAP Resource online.
  5.     If we now made any changes to these files – either through SAP or by using the text editor, we are unable to restart SAP. We have to revert to step 4 above.
  6.     A strange anomaly we noticed is that if the profile files have the following commented lines in the beginning of the file  RP1_DVEBMGS00_ZAASAPCCI001. for example:
  #.*       Instance profile RP1_DVEBMGS00_ZAASAPCCI00                           *
  #.*       Version                 = 000007                                     *
  #.*       Generated by user = ABOOM                                            *
  #.*       Generated on = 11.05.2006 , 09:04:07                                 *
       Then we are unable to restart SAP.
  Is this a bug related to running a dual-node SAP cluster?  We were previously able to make parameter changes (either through SAP or through the use of a text editor) and restart SAP successfully.
  It is now become critical to determine the cause of this anomalous behaviour and resolve the problem. Failing this, the client wants to break the cluster and revert to a distributed SAP system installation (with separate DB and central instance hosts).
  Your comments and help wil be greatly appreciated.
  Regards,
  Lebo

  Hi Lebo,
  Can you try to edit your profiles (the correct ones) using sappad tool (/usr/sap/<SID>/<INST-ID>/run/exe/) and save it in the same format that was used to open it.
  Regards,
  Mike

• Power consumption

  What is the maximum and average power consumption on an xServe G5 cluster node?

  Apple only ever publish maximum power draw levels for the family - in this case, according to the technote, that's 4A @ 110V (or 2A at 220V).
  However, you have to bear in mind that the same spec is given to the single processor, dual processor and cluster node versions of the XServe G5. Clearly a dual processor machine with three drives, two PCI cards and a DVD drive is going to pull more power than a single CPU system with one drive and no PCI cards.
  This also extends to typical power draw - the system dynamically adjusts to load, so while a fully-spec'd machine could pull 4A under stress (e.g. CPU maxed, all fans at top speed, three drives in a RAID 5 config reading and writing, etc.), it might pull less than 1A if it's sitting idle waiting for something to do. Therefore there is no such thing as 'average' since everyone's circumstances are different.
  Most of my servers sit in the 1A - 2A range if that's any help.

• MPLS Core sharing a net /25

  Hi,
  I need help, I have a core MPLS made by four devices. They are ASR 9006, everything works perfect, lately we installed a client that need redundancy so I configure two BGP session on my internet VRF, the problem is that I assigned to the client a netmask 25. A client that depends on the same ASR can make ping to the new client but if a client depends of another ASR can make ping to this client. I checked and I have to entries for this net on my routing table, I don't know which is the problem. can you help me?
  RP/0/RSP0/CPU0:ASR9K_PEREIRA#show route vrf INTERNET 190.X.243.1  
  Thu Jan  8 10:20:18.860 gmt
  Routing entry for 190.X.243.0/24
    Known via "bgp 2X51", distance 200, metric 0, type internal
    Installed Dec 30 01:29:43.582 for 1w2d
    Routing Descriptor Blocks
      10.248.10.1, from 10.248.10.1
        Nexthop in Vrf: "default", Table: "default", IPv4 Unicast, Table Id: 0xe0000000
        Route metric is 0
    No advertising protos. 
  RP/0/RSP0/CPU0:ASR9K_PEREIRA#show route vrf INTERNET 190.X.243.129
  Thu Jan  8 10:20:21.793 gmt
  Routing entry for 190.X.243.128/25
    Known via "bgp 2X951", distance 200, metric 0
    Tag 65497, type internal
    Installed Dec 30 01:29:44.163 for 1w2d
    Routing Descriptor Blocks
      10.248.10.1, from 10.248.10.1
        Nexthop in Vrf: "default", Table: "default", IPv4 Unicast, Table Id: 0xe0000000
        Route metric is 0
    No advertising protos. 
  RP/0/RSP0/CPU0:ASR9K_PEREIRA#
  The problem is only with the last /25. 
  Sorry for my english.

  hi ,
  i have been troubleshooting the same issue for the last 2 days , i go the same message
  *Mar  2 02:06:34.973: TE-PCALC_PATH: get_path: system_id not initialized!
  R6#show mpls  traffic-eng tunnels
  Name: R6_t1                               (Tunnel1) Destination: 1.1.1.1
    Status:
      Admin: up         Oper: down   Path: not valid   Signalling: Down
      path option 10, type dynamic
    Config Parameters:
      Bandwidth: 0        kbps (Global)  Priority: 7  7   Affinity: 0x0/0xFFFF
      Metric Type: TE (default)
      AutoRoute:  disabled  LockDown: disabled  Loadshare: 0        bw-based
      auto-bw: disabled
    History:
      Tunnel:
        Time since created: 1 days, 17 minutes
      Path Option 10:
        Last Error: PCALC:: Local system ID has not been set
  R6#
  i am using ISIS as routing  protocol , I dont know if is a bug with GNS3 or something  is wrong with my config wich i dont think so !!
  can anybody help me please !