IOS(XR) MTU

There were a number of TCP enhancements that went in around the 5.1

timeframe which impact the way window scaling works as well.

Also, do you have path-mtu enabled on all the devices?

on XR you want something like this:

tcp selective-ack

tcp window-size 65535

tcp path-mtu-discovery

IOS:

ip tcp path-mtu-discovery

ip tcp window-size 65535

http://www.cisco.com/c/en/us/support/docs/ios-nx-os-software/ios-xr-software/116350-trouble-ios-xr-mtu-00.html

> interface GigabitEthernet0/0/1 no ip address

>

> service instance 100 ethernet

> xconnect x.x.x.x {VC_ID} encapsulation mpls mtu {}

>

> But If I configured the below

> l2vpn xconnect context {NAME}

>

> There is no option for the MTU under it

 

 

You have to configure it on the pseudowire interface:

http://www.cisco.com/c/en/us/td/docs/ios-xml/ios/mp_l2_vpns/configuration/xe-3s/mp-l2-vpns-xe-3s-book/mp-any-transport-xe.html#concept_B3B085AFF0384B5C867E3EF9A4C58564

 

Monitoring overzicht

System en netwerk utilities

https://www.openinfosecfoundation.org/download/suricata-2.0.9.tar.gz

 

https://mathias-kettner.de/checkmk_omd.html

http://liveaction.com/

http://www.librenms.org/

http://www.nedi.ch/

Opmantek

Observium

OMD version of Nagios

PRTG ?

Nagios / Icinga / Opsview / other clones / forks – allow the most

customization but maintenance and changing eats quite a bit of one’s

time (at least until the setup is in place)

Observium – nice, user friendly, when you want to have custom checks or

develop more than what the package already provides, then you need to

think a bit if it’s really worth it

Cacti – not really monitoring, albeit you can install a Threshold and

Alerting plugin, plus you do have a nice weathermap

IOS MPLS troubleshooting

Does the MPLS ping works between the two routers? -that would verify that the transport (i.e. LDP) labels for PE loopbacks are in place.

ping mpls ipv4 x.x.x.x/32 source y.y.y.y

 

Try cmd ” sh mpls forwarding-table” on both PEs and try to search for each other’s loopback IP /32 address.

On each PE -for the other PEs loopback in Outgoing Label column there should either be a “label value” or a “Pop Label” if the PEs are directly connected.

If it displays No Label then labels are not advertised/received for some reason.

-most of the times the problem is that LDP neighbours don’t see each other via Hello messages multicasted over the directly connected interface but only via the targeted LDP session.

– this can be caused when the interface is not enabled for MPLS i.e. cmd “mpls ip” is not enabled under the interface.

– or LDP passwords do not match.

(this will also be accompanied by OSPF advertising maximum metric for the link to avoid forwarding of MPLS packets over the link when the MPLS is actually not functional on the interface).

 

-or there’s a problem with access-list controlling the label advertisement on the neighbouring router.

 

-if the above is not the case it might be a HW programing issue.

The outgoing label for the other PE’s loopback IP address should be visible when you issue cmd “sh ip cef x.x.x.x/32 detail” *not sure about the exact syntax.

Updaten ArborOs

Copier de upgrade bestanden naar een USB disk en plaats deze in een USB aansluiting van de Arbor TRA.

Voor de installatie een volledige back-up maken:

/ services sp backup

/services/sp/backup# show

 Backup status

 Backup state: idle
 Full backup image timestamp: Mon Mar 09 07:41:26 +0000 2015
 Incremental backup image timestamp: Tue Mar 10 07:31:42 +0000 2015
 Backup image version: 7.0.1

/services/sp/backup# create full

admin@TRA:/services/sp/backup# show
 Backup status
 Backup state: running full backup

/services/sp/backup# show
 Backup status
 Backup state: running full backup

Totdat deze is voltooid en de state weer 'idle' word.

Om de inhoud van de USB disk op te vragen:

/ system files

admin@TRA:/system/files# dir usb:
 Peakflow-SP-7.0.2-FCCG-B 325651 May29 2015 Signed package
 arbos-6.1-FCCG-B 98610 May29 2015 Signed package

Controle bestaande OS en applicatie:

/system/files# show
 Installed packages:
 ArbOS_6.1 ArbOS 6.1 system files (build ELSJ-B) (arch x86_64)
 Peakflow-SP-7.0.1 Arbor Networks Peakflow SP (build ELSJ-B) (arch x86_64)

Stoppen van SP:

/ services sp

/services/sp# stop
Stopping Peakflow SP services......................................done.

Updaten van OS:

/ system files

/system/files# install usb:arbos-6.1-FCCG-B
Extracting package...done.
Changes to ArbOS will take effect after the next reload.

/system/files# reload
 You are about to reboot the system. Do you wish to proceed? [n] y
094: Rebooting the system..

/ system files
/system/files# show
 Installed packages:
 ArbOS_6.1 ArbOS 6.1 system files (build FCCG-B) (arch x86_64)
 Peakflow-SP-7.0.1 Arbor Networks Peakflow SP (build ELSJ-B) (arch x86_64)

Updaten van applicatie:

/ services sp stop

Stopping Peakflow SP services......................................done.

/ system files
/system/files# install usb:Peakflow-SP-7.0.2-FCCG-B
376: Peakflow-SP-7.0.2-FCCG-B conflicts with Peakflow-SP-7.0.1

 

Bij een conflict fout zoals (Peakflow-SP-7.0.2-FCCG-B conflicts with Peakflow-SP-7.0.1), eerst oude install verwijderen:

/system/files# uninstall Peakflow-SP-7.0.1 
Uninstalling package Peakflow-SP-7.0.1..done. 

/ system files install usb:Peakflow-SP-7.0.2-FCCG-B
Extracting package...done.
Collecting inventory information.done
Writing SNMP system description...done.
Upgrading to 7.0.2...
Adding direction to Host Detection table...done
Checking database schema........................................................................................................................................................................................................................................................................................done
Copying Misuse Default to Shared Host Detection Settings...done
Converting Managed Object Host Detection Settings to Shared Host Detection Settings...done
Upgrading malware fingerprint name...done
Saving ArbOS configuration...
Saving SP configuration...
Updating saved command cache (this may take a while)...done
Upgrade successful. Welcome to 7.0.2. 

De applicatie weer starten:

/ services sp start
Starting Peakflow SP services......done.

Google no longer returning AAAA records?

For the avoidance of mystery: Google performs measurements of IPv6 connectivity and latency on an ongoing basis. The Google DNS servers do not return AAAA records to DNS resolvers if our measurements indicate that for users of those resolvers, HTTP/HTTPS access to dual-stack Google services is substantially worse than to equivalent IPv4-only services. “Worse” covers both reliability (e.g., failure to load a URL) and latency (e.g., IPv6 is 100ms worse than IPv4 because it goes over an ocean). The resolvers must also have a minimum query volume, which is fairly low.

Tips:

I suggest checking if any of your affected users have broken 6to4 setups,
and that you are applying the relevant mitigations in RFC 6343.

MTU size issues and high latency have also both been mentioned as
possible reasons for the mysterious AAAA blacklist.

 

 

Netflow – FNF cheat sheet

Here’s a quick basic FNF (from ASR 1000):

flow exporter PRIMARY_NMS
 description FNF export to Primary NMS
 destination 192.168.100.100
 source Loopback0
 transport udp 9996
 template data timeout 60
!
flow monitor MONITOR_V4
 description IPv4 netflow monitor
 record netflow ipv4 original-input
 exporter PRIMARY_NMS
 cache timeout active 900
 cache entries 200000
!
flow monitor MONITOR_V6
 description IPv6 netflow monitor
 record netflow ipv6 original-input
 exporter PRIMARY_NMS
 cache timeout active 900
 cache entries 200000
!
!For each interface ....
!
interface GigabitEthernet0/0/0
 ip flow monitor MONITOR_V4 input
 ipv6 flow monitor MONITOR_V6 input
!
interface GigabitEthernet1/0/0
 ip flow monitor MONITOR_V4 input
 ipv6 flow monitor MONITOR_V6 input

sip trunk to asterisk

If the call is terminating on the 2800 ( ie ip to tdm) there is no need to transcode….

It would just be a standard sip offer/answer dialog.

As long as one codec matches it would be fine.

 

If you have 2 ip legs you should look into cisco border element configs as an SBC.

http://www.cisco.com/c/en/us/td/docs/ios-xml/ios/voice/cube/configuration/cube-book.html

 

You can then decide how to work the codec selection and how the cisco interacts( interferes may be a better term) with the media session between the 2 legs Transcoding would only be necessary if you have two IP legs and each leg needs to use a different codec.

Leg 1 g711a and leg2 g729 for example.

The 2800 can do this

http://www.cisco.com/c/en/us/support/docs/voice-unified-communications/unified-border-element/100480-cube-transcode.html

1 11 12 13 14 15 20