Slow OTV on Cisco ASR 1000

Similar Messages

• Where to check license details - ASR 1000 firewall

  Hi,
  I am looking for for details meaning of license because I cannot found the details install.  The license call
  FLASR1-FW-RTU(=)
  that is used to enable the firewall function in ASR 1000 series.  But I don't clear about what feature inside, it is because it only show the "firewall" from website.  Is that same as IOS firewall?
  Thanks!

  Hello,
  If you look at the ordering guide: http://www.cisco.com/en/US/prod/collateral/routers/ps9343/product_bulletin_c07-448862.html
  Firewall service: The Cisco ASR 1000 Series Router Firewall application requires a RTU license (FLASR1-FW-RTU(=)), which allows you to enable Layer 4-through-Layer 7 firewalling. To enable per subscriber/user firewall in broadband and enterprise deployments, the firewall RTU license, as well as the number-of-session licenses listed in the "Broadband service" section, is required. Please refer to the "Per subscriber/user firewall service" section.
  Now, if you want to know more in detail what the ASR1000 can do, you can refer to the product documentation: Network Security Features for Cisco ASR 1000 Series Routers: http://www.cisco.com/en/US/prod/collateral/routers/ps9343/data_sheet__network_security_features_for_cisco_asr_1000_series_routers.html
  You have a full paragraph explaning zone based firewall, search for "Cisco IOS Zone-Based Firewall"

• Cisco ASR - How to connect an OTV internal interface to a FabricPath domain

  Scenario - migrate servers while maintaining their existing IP address from data centre 1 to data centre 2 with minimal downtime. Diagram attached.
  I'm planning on using a Cisco ASR1001-X with AES license at DC1 and DC2 and configuring the routers with OTV to extend 10 x VLANs between the data centres. The join interface would connect directly to the WAN circuit NTU and the Internal Interface would connect to the switch and be configured as a service instance with 10 VLANs tagged using dot1q. The problem is that DC1 switch infrastructure is using Cisco Nexus 56xx configured with FabricPath. I can't find any information that suggests that i can patch the Cisco ASR router's internal interface directly into a FabricPath switchport or what the configuration would be.
  Older OTV documentation refers to Nexus 7000 and OTV stating the following: "Because OTV encapsulation is done on M-series modules, OTV cannot read FabricPath packets. Because of this restriction, terminating FabricPath and reverting to Classical Ethernet where the OTV VDC resides is necessary."
  Is this true for the Cisco ASR also? The only workaround i can think of is to install a cheap catalyst switch connected to the FabricPath domain and re-introduce spanning-tree at the edge but this seems backwards to me. Any help or suggestions appreciated? Thanks

  Thanks Minh,
  So it is possible to have switchports configured as routed, fabricpath and trunk/access in a fabricpath configuration? Do i need to add any spanning-tree pseudo or priority configuration?
  Sample configs:
  #ASR
  interface GigabitEthernet0/0/1
   no ip address
   service instance 1 ethernet
    encapsulation dot1q 1
    bridge-domain 1
   service instance 2 ethernet
    encapsulation dot1q 2
    bridge-domain 2
   service instance 3 ethernet
    encapsulation dot1q 3
    bridge-domain 3
  #Nexus 56xx
  interface e1/5
    switchport mode trunk
    switchport trunk allow vlan 1,2,3

• Ask the Experts: Understanding Cisco ASR 9000 Series Aggregation Services Routers Platform Architecture and Packet Forwarding Troubleshooting

  With Xander Thuijs
  Welcome to the Cisco Support Community Ask the Expert conversation. This is an opportunity to learn how to Cisco ASR 9000 Series Aggregation Services Routers with Cisco expert Xander Thuijs. The Cisco ASR 9000 Series Aggregation Services Routers product family offers a significant added value compared to the prior generations of carrier Ethernet routing offerings. The Cisco ASR 9000 Series is an operationally simple, future-optimized platform using next-generation hardware and software. The ASR 9000 platform family is composed of the Cisco ASR 9010 Router, the Cisco ASR 9006 Router, the Cisco ASR 9922 Router, Cisco ASR 9001 Router and the Cisco ASR 9000v Router.
  This is a continuation of the live Webcast.
  Xander Thuijs is a principal engineer for the Cisco ASR 9000 Series and Cisco IOS-XR product family at Cisco. He is an expert and advisor in many technology areas, including IP routing, WAN, WAN switching, MPLS, multicast, BNG, ISDN, VoIP, Carrier Ethernet, System Architecture, network design and many others. He has more than 20 years of industry experience in carrier Ethernet, carrier routing, and network access technologies. Xander  holds a dual CCIE certification (number 6775) in service provider and voice technologies. He has a master of science degree in electrical engineering from Hogeschool van University in Amsterdam.
  Remember to use the rating system to let Xander know if you have received an adequate response.
  Xander might not be able to answer each question because of the volume expected during this event. Remember that you can continue the conversation on the Service Providers community XR OS And Platforms  shortly after the event. This event lasts through Friday, May 24, 2013. Visit this forum often to view responses to your questions and the questions of other Cisco Support Community members.
  Webcast  related links:
  Slides
  Webcast  Video Recording
  FAQ

  Is there a Cisco lab available for ASR 9000
  we have "XR4U" stations coming available soon when XR 511 comes alive. The plan is for a downloadable play image like that. In the interim we have 2 demo systems available, and they can be booked via your account manager representative.
  How will MOD160 perform with multiple 9000NVS?
  very well. the mod 160 has 4 NPU's, 2 per bay. So if you have a 4x10 MPA to serve a satellite, you effectively have a single NPU per 20 1Gigs from the satellite. The pps performance will be stellar. However it might be price technically more ideal to connect satellite with a 36x10. Since the MOD-x has native MPA's with 1G also.
       2. Is there a shortcut for a Bundle-EthernetX interface, such as port-channel interface (poX), in Cisco IOS® ?.
  usability enhancement is there, we are trying to push this into a new reasonable release. follow CSCuh04526
       3. What  is the revolutions per minute (RPM) on these hard disk drives (HDDs)  compared to the solid state drives (SDDs)? Will the spinning drives be  slow?
  depends on the type we had avaialble at time of production, you will see different sizes and disks on the RSP2. the rpm of the HD is not so much an issue as much as the buffered writing we used to do in XR. This is fixed up with XR43 where the disk writing performance is much better. the HD/SDD is used for logging storage only (and maybe your pictures) but other then that we're not that concerned with write perf of the HD.
  regards
  xander

• EoMPLSoGRE using ASR 1000

  Hi All,
  I need to extend Layer 2 between two Data Centers over IP cloud. I am looking at the EoMPLSoGRE option and wondering which ASR I need to buy to have this feature working. Will basic model of ASR 1000 do? Or, do we have to buy any specific model of ASR ( and SPAs) for this EoMPLSoGRE to be working. Any specific version of IOS needed for this feature?
  As of now, we have L3 MPLS VPN between the sites, terminated on Cisco 3900 series routers. We want to use this IP cloud to build this L2 extension just temporaily for migrating some servers where we cannot change the IP address of the servers due to application complexities.
  Any help is hightly appreciated. Also, if you can point me to a sample setup and configuration for EoMPLSoGRE, it would be of great help.
  Thanks and Regards,
  Mohan Muthu

  Any ASR Model running IOS XE 2.4+ supports ATOM Over GRE, i would recommend you to read this document in detail, and tell us if you need any further help.
  http://www.cisco.com/en/US/prod/collateral/routers/ps9343/Deploying_and_Configuring_MPLS_Virtual_Private_Networks_In_IP_Tunnel_Environments.pdf

• ASR 1000 election

  Hello all,
  We are about to change our Internet Gateway Routers in our main datacenter.  Now we have two C3945 as a Internet Gateway Routers and other two C3945E as Core Routers.
  We are evaluating the possible alternatives and we think that the ASR 1000 series is the better solution for us. But we have reviewed the Ordering Guide and we have several doubts about that. Our first approach was buy two ASR 1001 in order to substitute the actual four routers. In theory this solutions offers us 100% redundant scenario (hardware and software) but in the Ordering Guide specifies the following: software redundancy (FLSASR1-IOSRED) is not recommended for Internet Gateway deployments.
  What means this exactly ? Why is not recommended the software redundancy in the  Internet Gateway deployments?
  The second approach is install just one 1006 with redundant RP and ESP. But maybe this deployment is too big for our organizations. Also in this case the solution is not 100% redundant.
  Could someone help us with this topic?
  Regrads,

  Hi Xander,
  Thanks for your reply. I apologize if it is not the correct sub-forum to post my question. Maybe the forum description confused me:
  Access troubleshooting, configuration, protocols, and technical resource topics on Cisco XR OS and Platforms for enterprise applications and Cisco Product connections, including: XR OS and Platforms, ASR 1000, ASR 9000, ASR9K, MPLS, IOS XR, XR PIEs, XR AS9000.
  Anyway, I can understand from your answer that Cisco has not tested yet certain functionalites with dual-IOSd. I do not understand how this can affect in a scenario with double chassis (two ASR1001 for example). Maybe I'm forgetting something important...
  I will take a look to the Cisco ASR9001 as you recommend.
  Regards,

• I have asr 1000 with asr1000rp2-adventerprisek have problem when I gave PPP Multilink to the interface Dialer

  Hello,
  please Urgent Help
  I have ASR 1000 with asr1000rp2-adventerprisek  Version, when I give PPP Multilink to the dialer interface it show following error :
  FMFP-3-OBJ_DWNLD_TO_CPP_FAILED: F0: fman_fp_image:
  MLP bundle , link download to CPP failed
  please urgent help

  this error comes with the command PPP multilink, it is a lot of letters and numbers and then this last line comes this message 
  FMFP-3-OBJ_DWNLD_TO_CPP_FAILED: F0: fman_fp_image:
  MLP bundle 181, link 178 download to CPP failed
  the configuration still not installed but I configured just the following lines
  interface Virtual-Template
  ip unnumbered Loopback2
  ip mtu 1440
  ip load-sharing per-packet
  ip tcp adjust-mss 1400
  no logging event link-status
  peer default ip address pool
  ipv6 unnumbered Loopback2
  ipv6 enable
  no ipv6 nd suppress-ra
  ppp authentication pap chap callin
  ppp multilink
  ppp multilink fragment delay 100
  ppp multilink mrru local 1546
  that were the lines used to configure this Dialer, the image must be asr1000rp2-adventerprisek and not Ipbase but I dont tried to use IPbase.
  what do think ?

• Error message on ASR 1000 logs.

  Hi Everyone,
  Good day. 
  I am seeing the below errors from the ASR 1000 that I have and It is not very clear on what the error actually means. 
  If someone have had experience with this kind of similar error message, kindly assist: 
  Apr 11 12:02:08.744 AEST: ASR1000-INJECT: can't find tunnel adj for 0.0.0.0
  Apr 11 12:02:09.442 AEST: ASR1000-INJECT: can't find tunnel adj for 0.0.0.0
  Apr 11 12:02:13.381 AEST: ASR1000-INJECT: can't find tunnel adj for 0.0.0.0
  Apr 11 12:02:13.986 AEST: ASR1000-INJECT: can't find tunnel adj for 0.0.0.0
  Apr 11 12:02:18.312 AEST: ASR1000-INJECT: can't find tunnel adj for 0.0.0.0
  Apr 11 12:02:18.765 AEST: ASR1000-INJECT: can't find tunnel adj for 0.0.0.0
  Apr 11 12:02:22.827 AEST: ASR1000-INJECT: can't find tunnel adj for 0.0.0.0
  Apr 11 12:02:23.449 AEST: ASR1000-INJECT: can't find tunnel adj for 0.0.0.0
  Apr 11 12:02:27.777 AEST: ASR1000-INJECT: can't find tunnel adj for 0.0.0.0
  Apr 11 12:02:28.090 AEST: ASR1000-INJECT: can't find tunnel adj for 0.0.0.0
  Apr 11 12:02:32.649 AEST: ASR1000-INJECT: can't find tunnel adj for 0.0.0.0
  Apr 11 12:02:32.686 AEST: ASR1000-INJECT: can't find tunnel adj for 0.0.0.0
  Apr 11 12:02:37.397 AEST: ASR1000-INJECT: can't find tunnel adj for 0.0.0.0
  Apr 11 12:02:37.552 AEST: ASR1000-INJECT: can't find tunnel adj for 0.0.0.0
  Apr 11 12:02:42.062 AEST: ASR1000-INJECT: can't find tunnel adj for 0.0.0.0
  Apr 11 12:02:42.259 AEST: ASR1000-INJECT: can't find tunnel adj for 0.0.0.0
  Apr 11 12:02:46.775 AEST: ASR1000-INJECT: can't find tunnel adj for 0.0.0.0
  Apr 11 12:02:47.200 AEST: ASR1000-INJECT: can't find tunnel adj for 0.0.0.0
  Apr 11 12:02:51.347 AEST: ASR1000-INJECT: can't find tunnel adj for 0.0.0.0
  Apr 11 12:02:51.977 AEST: ASR1000-INJECT: can't find tunnel adj for 0.0.0.0
  Apr 11 12:02:56.271 AEST: ASR1000-INJECT: can't find tunnel adj for 0.0.0.0
  Apr 11 12:02:56.835 AEST: ASR1000-INJECT: can't find tunnel adj for 0.0.0.0
  Apr 11 12:03:01.140 AEST: ASR1000-INJECT: can't find tunnel adj for 0.0.0.0
  Apr 11 12:03:01.787 AEST: ASR1000-INJECT: can't find tunnel adj for 0.0.0.0
  Apr 11 12:03:06.064 AEST: ASR1000-INJECT: can't find tunnel adj for 0.0.0.0
  Apr 11 12:03:06.325 AEST: ASR1000-INJECT: can't find tunnel adj for 0.0.0.0
  Apr 11 12:03:10.949 AEST: ASR1000-INJECT: can't find tunnel adj for 0.0.0.0
  Apr 11 12:03:11.039 AEST: ASR1000-INJECT: can't find tunnel adj for 0.0.0.0
  Apr 11 12:03:15.533 AEST: ASR1000-INJECT: can't find tunnel adj for 0.0.0.0
  Apr 11 12:03:15.858 AEST: ASR1000-INJECT: can't find tunnel adj for 0.0.0.0
  Thanks
  Kanes.R

  Hi,
  Ok, the message is indicating that one of the tunnels can't find the adj device through default route (0.0.0.0)
  Check your tunnels and make sure they are all working correctly and have peering. I am not sure if this is possible, but see if you can figure out if the tunnels have been running for some times or anyone of them flapping
  HTH

• Traffic policing question on Cisco ASR 1001

  Hi Experts,
  I have a request to setup aggregated traffic policing on a Cisco ASR 1001 router for multiple networks within a router.
  Lets say I have a router with several subinterfaces:
  interface GigabitEthernet0/2
   description WAN
   ip address x.x.x.x x.x.x.x
  interface GigabitEthernet0/1.70
   description Lan_1
   encapsulation dot1Q 70
   ip address 192.168.55.1 255.255.255.0
  interface GigabitEthernet0/1.80
   description LAN_2
   encapsulation dot1Q 80
   ip address 192.168.56.1 255.255.255.0
  interface GigabitEthernet0/1.90
   description Servers
   encapsulation dot1Q 90
   ip address 172.16.10.1 255.255.255.0
  I have a WAN link 100Mbit/s and I need to police traffic, so that I have 30Mbit/s for servers (GigabitEthernet0/1.90) and the rest 70Mbit I want to share between Interface Lan_1 and LAN_2. The Idea is that I need 70Mbit/s equally shared between two interfaces, so that I have fair policing on both iunterfaces. What is the best way to achieve this?
  Many Thanks

  Hello
  The below configuration is a possible option, Its provides policing inbound from the clients interfaces and LLQ priority queung on the wan interface for the servers and  shaping values from LAN1 & 2 traffic is set to 35MB.each.
  Notice nothing is defined for the default class, however i am on the understanding this is given by default 1% of Hqos implementations.
  Maybe others on here could review to verify any problems with this post and share their thoughts?
  ip access-list extended SRVS_acl
   permit ip 172.16.10.0 0.0.0.255 any
  ip access-list extended LAN1_acl
   permit ip 192.168.55.0 0.0.0.255 any
  ip access-list extended LAN2_acl
   permit ip 192.168.56.0 0.0.0.255 any
  class-map match-all SRVS_CM
   match access-group name SRVS_acl
  class-map match-all LAN_1_CM
   match access-group name  LAN1_acl
  class-map match-all LAN_2_CM
   match access-group name LAN2_acl
  policy-map SRVS_PM
   class SRVS_CM
      police 30720000 conform-action transmit exceed-action drop
  policy-map LAN_2_PM
   class LAN_2_CM
      police 35840000 conform-action transmit 
  policy-map LAN_1_PM
   class LAN_1_CM
      police 35840000 conform-action transmit 
  interface GigabitEthernet0/1.70
  service-policy input LAN_1_PM
  interface GigabitEthernet0/1.90
   service-policy input SRVS_PM
  interface GigabitEthernet0/1.80
   service-policy input LAN_2_PM
  policy-map WAN_CHILD
   class SRVS_CM
    priority 30720
   class LAN_1_CM
    shape average 35840000
   class LAN_2_CM
    shape average 35840000
   class class-default
    fair-queue
  policy-map WAN_PARENT
   class class-default
    shape average 102400000
    service-policy WAN_CHILD
  int  GigabitEthernet0/2
  bandwidth 102400
  service-policy output WAN_PARENT
  res
  Paul

• Can I rate-limit on the sub-interface in cisco asr 1013?

  Hi,
  I am looking for the command of rate-limit on a sub-interface in cisco asr 1013.
  Cisco IOS Software, IOS-XE Software (X86_64_LINUX_IOSD-ADVENTERPRISEK9-M), Version 15.2(2)S, RELEASE SOFTWARE (fc1)
  IOS XE Version: 03.06.00.S
  Please let me know if it is possible in cisco asr 1013. If yes then what are the commands.
  Zobair

  The ASR no longer supports the rate-limit command, but it does support the same functionality in a QoS policy.
  Please find a sample configuration -
  ASR1004(config)#policy-map test
  ASR1004(config-pmap)#class class-default
  ASR1004(config-pmap-c)#shape average 10000
  Applying for both ingress and egress : -
  ASR1004(config)#int gig1/1/0
  ASR1004(config-if)#service-policy output test   
  or
  ASR1004(config-if)#service-policy input test

• Cisco ASR Router Software Version 4.3.1 // PRTG Custom Sensor

  Dears,
  We are encountering problem in doing costume SNMP sensors in PRTG, whenever I create a customized sensor, the sensor goes up and down.  We have faced this problem after updating the software of our Cisco ASR to 4.3.1. In older versions, it was working well.  Is there a problem in Cisco ASR 4.3.1 SNMP with PRTG ? I would appreciate it if you can support in this case as we are in need of these customized sensors. We have gor  all of them down because of the update
  Regards,

  Dear Alexander,
  The standard sensors of PRTG are working well such as traffic sensors, ping etc, but the customized sensors are not working well in version 4.3.1. I always do a customized sensors for QoS, SLAs and others and they are working well in versions below 4.3.1.
  Furthermore, I have tested those OIDs by using Paessler SNMP Tester and I have seen that the reading is not showing properly. For instance, I have a customized OID that shows the reading every 60s (as a minimum) only while in older versions of ASR software I can see the reading every 30s or below of that particular OID using the same version of PRTG!
  Conclusion:
  PRTG latest version + ASR 4.3.1 = Customized sesnors are not working well
  PRTG latest version + ASR Older version = Customized sesnors are working well
  Kind regards,

• Monitoring Cisco ASR 1002 with IOS-XE in IPM 4.2

  We are running LMS 3.2 with IPM 4.2 installed....and we are looking to do IPSLA monitoring on a couple of our Cisco ASR's with IOS-XE code installed.
  I looked at the IPSLA feature mapping and it only talks about supported IOS code....do we need to upgrade our current IPM module to a current version?

  Hi Konstantin,
  Regarding "It is strange that these commands cleaned from sh run view.": this is normal for many default configuration commands.
  Mine is a lab device so I cannot really comment on stability or provide you a recommendation based on that. However, I see that the download section from Cisco.com mentiones the following release as the recommended based on quality, stability and longevity:
  asr1002x-universal.03.07.04a.S.152-4.S4a.SPA.bin
  The best would be for you to check this with yor cisco Account Team or Advanced Services Team as normally they are the proper point of contacts for SW advisory.
  Regards.

• MPLS PE/P 7600 or ASR 1000

  hi,
  We are planning to change our 7206VXR as P/PE routers.  Currently we only have 2 nodes that is running on STM-1.  on each node we have 7206VXR NPEG2 that is acting as PE and P router.
  our requirement is getting bigger we will be upgrading our WAN links to STM-4 soon (and to STM-12 in the future) and we will also be adding more nodes.
  I'm confused on what platform would be best for our network, 7600 or  ASR1000......7600???? 7606 or 7604?      ASR 1000???? ASR1004 or ASR 1006.
  I want my router to accomodate the growth in the network.
  I need your advise/expertise on this.
  Thanks in advance....
  Rachelle

  Hi,
  ASR1k runs IOS-XE, which is IOS. It does not run IOS-XR. ASR9k runs IOS-XR.
  The newer platforms, like ASR1k, ASR9k, have more throughput, while 7200 e.g. has a bigger
  range in different kinds of port adaptors. If you only plan to use ethernet interfaces for example, then
  you could only look at the newer platforms like ASR1k, ASR9k, or even 7600 and choose
  a specific model based on the number of ports you'd need.
  Thanks,
  Luc

• Does the mtu more 1500 bytes interface serial on cisco ASR 901?

  Cisco ASR 901
  Cisco A901-12C-FT-D
  asr901-universalk9-mz.154-2.S.bin
  (config-if)#mtu ?
    <64-1500>  MTU size in bytes
  Нow to increase up to 1516 (for MPLS)

  Hi Mick,
  Can you try override keyword if it works in your case..
  (config-if)#mpls mtu ?
    <64-1500>  MTU (bytes)
    override   Override mpls mtu maximum of interface mtu
  SWP-ACC-SIX(config-if)#mpls mtu override ?
    <1501-1580>  MTU (bytes)  ================> mtu is 1500 and mpls mtu can be configured upto 1580.
  --Pls dont forget to rate helpful posts--
  Regards,
  Mohit 

• Cisco ASR 1006 Cube license

  Dears,
  i have cisco asr router 1006 and i need to check the license cube license.
  i tried show license but it doesnt accept the command.
  Please advise how to check the cube license and its ersial number.
  BR,
  Haytham

  Have you tried...
  show facility-alarm status
  to identify what the critical alarm is and then fix.
  You may be able to also use
  clear facility-alarm
  However, most likely it could be some issue such as failed power supply, etc that will not clear.