Cisco 7600 with Total output drops on an interface

interface G1/1
  Input queue: 0/2000/0/0 (size/max/drops/flushes); Total output drops: 6469513


Diagnose:
show counters interface GigabitEthernet 1/1  | inc Dis
 8.                       ifInDiscards = 0
10.                      ifOutDiscards = 116890291
11.            txDelayExceededDiscards = 0
23.                         InDiscards = 0
24.                        OutDiscards = 116890273
48.              DelayExceededDiscards = 0


https://fasterdata.es.net/network-tuning/router-tuning/cisco/


interface G1/1
  hold-queue 4096 out
  hold-queue 1024 in

IOS-XR ASR 9k dhcp relay

When trying to configure dhcp in ASR 9k, got into some problems.
First, ASR 9k does not have dhcp server, at least till version 4.3.2. You will always need a external dhcp server. 
So, when configuring dhcp relay to my corporate dhcp, here's what I found:

Does not work:
interface  bvi2
   ipv4 helper-address vrf CORP 10.1.100.10
   ipv4 helper-address vrf CORP 10.2.100.10

Works:
dhcp ipv4
 profile CORP_DHCP relay
  helper-address vrf CORP 10.1.100.10
  helper-address vrf CORP 10.2.100.10
!
dhcp ipv4 interface bvi2 relay profile CORP_DHCP


Hope it helps! Regards

Monitor BGP Peers via SNMP in Nexus 7k 7000

ASAv Initial Configuration

Here is an inital configuration for ASAv in order to allow ssh access and start working with it:

INIT CONFIG ASAv MANUAL PROVISION

What do you need:
hostname: MYASAVxxx
mgmt ip: 10.1.2.x
interface: mgmt0/0 interface must be in mgmt vlan


hostname MYASAVxxx
interface Management0/0
 management-only
 nameif management
 security-level 100
 ip address 10.1.2.xxx 255.255.255.0
!
route management 0.0.0.0 0.0.0.0 10.1.2.1 1
ssh 0.0.0.0 0.0.0.0 management
username restclient password restclient encrypted privilege 15
aaa authentication enable console LOCAL
aaa authentication ssh console LOCAL
username restclient password restclient privilege 15 
crypto key generate rsa modulus 1024

Cisco ASR IOS-XR - How to remove comments

IOS-XR accepts all ! comands and they stay in the configuration !

If execute the command
! Hi all
l2vpn


The comments stays there and it is associated with the next command you execute.
Now, how can we remove it!

Just do it with the "clear comment" command.
Example:

router static
 vrf MYVRF
  address-family ipv4 unicast
   ! This is server A route
   10.1.1.1/32 2.2.2.2
commit


router static
 vrf MYVRF
  address-family ipv4 unicast
   clear comment
   10.1.1.1/32 2.2.2.2
commit

Apache forbidden message for files with underscore

In my automation server for my cisco equipament, after reboot, things stopped working with apache. After some time troubleshooting I found out that images with underscore in the file name would be forbidden while images wihout would be shown by apache. Really strange!

After trying everything:
- permissions
- directory http files
- etc

The problem was with SELINUX.
Executing echo 0 > /selinux/enforce

To be permanent, do the folling:
On /etc/sysconfig/selinux
change from:
SELINUX=enforcing

to :
SELINUX=disabled

Then, reboot again!
Good luck

Cisco opens up EIGRP

Wow! This is a strange decision from Cisco. So many years closing this protocol to other vendors and now sundently they open it to IETF. I guess that the conclusion is: Now a days, networking market is getting more openned and this is good news for the customers.
http://www.youtube.com/watch?v=o_InjAmW5rI&feature=em-uploademail

How to interconnect two vrfs in the same switch Catalyst 6500

In a virtualized Data Centre environment, service is provided to customers with isolation in mind using vlans, vrfs and context based services in physical appliances such as firewalls, loadbalancers and Intrusion detection amd also as virtual appliances inside hypervisors.

When this level of virtualization is achieved, it is common that your requirement also increases and some impossible things are demanded. One of these situations are the interconnection of two vrfs in the same switch.

As you know, there can only be one layer3 vlan interface inside a 6500 chassis provided by the supervisor.

The following are solutions to interconnect two vrfs:

• Use an external firewall or router to route the traffic (bad option)
• Cross over cable in two ports (Most common)
• GRE connection between VRFs.
• Use RD for this requirement

The one that I find more stable is the crossover cable or fiber but it depends on a physical component which can fail.

The most clean solution is the GRE connection, but I have never tested in prodution.

Redistribute BGP to RIP

In order to redistribute BGP to RIP you will have to specify the metric of the routes when they arrive to rip engine otherwise they will have 255 distance and will not show up in the routing table. By default, the routes will be unreachable.

A examepl below:

router rip
 passive-interface default
 !
 address-family ipv4 vrf bank1
  redistribute bgp 64111 metric 1
  network 192.168.25.0
  neighbor 192.168.25.10
  no auto-summary
  version 2
 exit-address-family

10Gbps interface with Twin-ax cooper cable SFP-H10GB-CU3M

The twin ax cable SFP-H10GB-CU3M appear in a 3750 like this:

Te1/1/1   SERVER    connected    trunk        full    10G SFP-10GBase-CX1

Implement RIP in VRF

It is possible to implement RIP in VRF . Here's an example:


router rip
 passive-interface Vlan1300
 !
 address-family ipv4 vrf client1
  network 192.168.1.0
  no auto-summary
  version 2
 exit-address-family
!

Available commands in Cisco IOS

It is possible to browse on available commands in a cisco catalyst or router.
Just type the comand:
show parser dump all

show parser dump all | grep tranceiver

15 debug transceiver detail
15 debug transceiver info
15 debug transceiver error
1 show interfaces transceiver detail module Number
1 show interfaces transceiver detail
1 show interfaces transceiver threshold violations module Number
1 show interfaces transceiver threshold violations
1 show interfaces transceiver calibration module Number
1 show interfaces transceiver calibration
1 show interfaces transceiver properties module Number
1 show interfaces transceiver properties
1 show interfaces transceiver module Number
1 show interfaces transceiver
1 show interfaces transceiver detail module Number
1 show interfaces transceiver detail
1 show interfaces transceiver threshold violations module Number
1 show interfaces transceiver threshold violations
1 show interfaces transceiver calibration module Number
1 show interfaces transceiver calibration
1 show interfaces transceiver properties module Number

SFF8472-5-THRESHOLD_VIOLATION: Rx power high warning; Operating value:

SFF8472-5-THRESHOLD_VIOLATION: Te1/1/1: Rx power high warning; Operating value:  -0.4 dBm, Threshold value:  -1.0 dBm.

This is a strange problem. Normally, fiber problems have high atenuation. This problem ocurres because the signal is too strong, probably due to a fiber cable that is too small Solution: Change the fiber size. If does not work change the SFP.

Cisco ASA Log commands to buffer or logging server

The goal is to force ASA to log a line to buffer or to syslog server when ever a cli command is issued.
One solution is to change the log message 111008 to the level that you want to log in buffer or in trap.

An example:

logging enable
logging timestamp
logging buffer-size 128000
logging monitor alerts
logging buffered alerts
logging trap alerts
logging history alerts
logging facility 15
logging device-id hostname
logging host MGMT 1.1.1.1
logging message 111008 level alerts

Traffic generation with 10Gbps ports

This post will detail the test results of throughput traffic between 2 servers with 10Gbps ports.

The results were quite impressive: 10Gbps wire speed!

More update soon!