|
RANCID question: I am running into an issue with RANCID and some Nexus 3K's. On a regular basis, "show run" returns some config lines in a different order, which RANCID sees as a change. I have confirmed this by hitting "show run" like 20 times fast on the console, and I see it come back out-of-order. This is an example: quote:interface Ethernet1/1 The "switchport access vlan 100" line wasn't added/removed, it just ended up out-of-order with the access-group listing. This is causing us to get a ton of noise in our RANCID email alerts. I don't want to just //ignore the line, because that would make it complicated if a NOC tech needs to dump a config from RANCID onto the device (we'd have to remember to put that line [or lines] back in explicitly). Any thoughts on a way to fix this? I looked into something like sorting but never got it to work.
|
#
?
Mar 18, 2015 17:54
|
|
|
|
| # ? Jun 4, 2024 06:16 |
|
|
I don't think you can. You can ignore certain lines, but a line that changes place is a change by definition. I wonder why it jumps like that?
|
|
#
?
Mar 18, 2015 20:04
|
|
|
You could maybe try one of the show run arguments, or pipes, to see if that clears it up. Although I'm not sure that it would.
|
|
#
?
Mar 18, 2015 20:59
|
|
|
Yeah I'm not sure how you'd get around that other than preproccessing the output in some way (like sorting, as you said) and making RANCID diff that instead of the original. What problems did you encounter with that approach? (other than that it's hacky as hell)
|
|
#
?
Mar 18, 2015 21:43
|
|
|
Richard Noggin posted:I don't think you can. You can ignore certain lines, but a line that changes place is a change by definition. I wonder why it jumps like that? Our Cisco reps have basically responded with "???". We thought it was a RANCID artifact for a long time, until I actually caught it in the wild with "show run" like a hundred times. jwh posted:You could maybe try one of the show run arguments, or pipes, to see if that clears it up. Although I'm not sure that it would. I actually got it to work with "show startup-config" but we really want to catch runtime changes, not just startup changes. Docjowles posted:Yeah I'm not sure how you'd get around that other than preproccessing the output in some way (like sorting, as you said) and making RANCID diff that instead of the original. What problems did you encounter with that approach? (other than that it's hacky as hell) I couldn't find a good way for RANCID to capture the sub-lines and sort them, but that's probably due to my inexperience with PERL. I was trying something like "if ^interface, capture and sort until next ^interface" but it didn't work at all. Someone else on my team actually wants to set up RANCID with SNMP traps so that RANCID only runs when the config actually changes (via the SNMP trap trigger) but that's hacky in its own way.
|
|
#
?
Mar 18, 2015 21:56
|
|
|
madsushi posted:Our Cisco reps have basically responded with "???". We thought it was a RANCID artifact for a long time, until I actually caught it in the wild with "show run" like a hundred times. Checked bug toolkit? Open a case with TAC? Solving this in RANCID will be hacky and unreliable.
|
|
#
?
Mar 18, 2015 22:59
|
|
|
the order of my NTP servers constantly changes in a show run. I've just learned to live with it.
|
|
#
?
Mar 18, 2015 23:42
|
|
|
adorai posted:the order of my NTP servers constantly changes in a show run. I've just learned to live with it. It might be reflecting which one is currently the preferred NTP server. If you were to TFTP the config off to an external server instead of doing a "show run" this behavior would probably disappear and you would get the same resulting config every time. Antillie fucked around with this message at 23:47 on Mar 18, 2015 |
|
#
?
Mar 18, 2015 23:44
|
|
|
Antillie posted:It might be reflecting which one is currently the preferred NTP server.
|
|
#
?
Mar 19, 2015 00:46
|
|
|
ragzilla posted:Checked bug toolkit? Open a case with TAC? Solving this in RANCID will be hacky and unreliable. Don't reference RANCID in your TAC case though, lest it go straight to the black hole that is all 3rd party management tools.
|
|
#
?
Mar 19, 2015 01:07
|
|
|
Speaking of TAC, who else has noticed a marked decline in Sourcefire's support since they were acquired by Cisco?
|
|
#
?
Mar 19, 2015 01:16
|
|
|
It works with the startup-config? The change is made, right? Can you not have the rancid script wr mem before pulling the startup? You will still have your version history if you need it.
rattrap fucked around with this message at 02:37 on Mar 19, 2015 |
|
#
?
Mar 19, 2015 02:32
|
|
|
sudo rm -rf posted:
Might be due to the po flapping while trying to negotiate with the other side. What mode was it on both sides of the channel? I only saw it in passive on the one side and didn't see the mode for the other. Edit: How's your STP set up? Are you running root guard and loop guard? Prescription Combs fucked around with this message at 02:41 on Mar 19, 2015 |
|
#
?
Mar 19, 2015 02:39
|
|
|
rattrap posted:It works with the startup-config? The change is made, right? Can you not have the rancid script wr mem before pulling the startup? You will still have your version history if you need it. This could be a bad thing if you ever have to rely on 'reload in 5' and "don't save the config just yet" (hooray for IOS not having a sane config rollback).
|
|
#
?
Mar 19, 2015 03:20
|
|
|
ragzilla posted:This could be a bad thing if you ever have to rely on 'reload in 5' and "don't save the config just yet" (hooray for IOS not having a sane config rollback). That is one thing I am loving about all the juniper stuff I manage. Roll back and copy on commit to an internal ftp server.
|
|
#
?
Mar 19, 2015 03:52
|
|
|
I've been fond of "show configuration | display set | save 123.conf" and then doing whatever changes in the text file. Or using display set with match to see where the gently caress the match is in the config.
|
|
#
?
Mar 19, 2015 04:06
|
|
|
jwh posted:You could maybe try one of the show run arguments, or pipes, to see if that clears it up. Although I'm not sure that it would. I would really hope that show run default, show run all, or more system:running-config would show full, consistent output.
|
|
#
?
Mar 19, 2015 17:20
|
|
|
madsushi posted:RANCID question: Do you guys only have any of the other Nexus switches (9,7,6,5)? Curious if it's product specific or NX issue.
|
|
#
?
Mar 19, 2015 23:12
|
|
|
Tremblay posted:Do you guys only have any of the other Nexus switches (9,7,6,5)? Curious if it's product specific or NX issue. We have 7ks and 5ks but have not seen the issue there, although we also don't have the "ip access-group" setting on any of those, if that's the one that floats.
|
|
#
?
Mar 19, 2015 23:27
|
|
|
madsushi posted:We have 7ks and 5ks but have not seen the issue there, although we also don't have the "ip access-group" setting on any of those, if that's the one that floats. One of my customers has several hundred 3ks. They don't use RANCID however they have other similar tools that are used to monitor and correct config drift. I've never heard anything like this, but certainly will ask around.
|
|
#
?
Mar 19, 2015 23:57
|
|
|
ragzilla posted:This could be a bad thing if you ever have to rely on 'reload in 5' and "don't save the config just yet" (hooray for IOS not having a sane config rollback). Maybe, but if a reload in 5 is saving you from anything, I doubt rancid can connect to write in those 5 minutes. Indeed, I much prefer JunOS. I had hopes for XR salvaging me from becoming entirely and aggressively anti-Cisco, but it's frankly disappointing. rattrap fucked around with this message at 00:42 on Mar 20, 2015 |
|
#
?
Mar 20, 2015 00:39
|
|
|
So this is really dumb and basic probably. I have two Cisco 7962s. I'm moving into a condo and wouldn't mind getting a VOIP number. I realize I can reprogram these for SIP and use Asterisk, but I'm somewhat curious about Call Manager. What sort of setup would I be looking at to get a version of CME up and running with a VoIP service? I have an 1841 but that apparently doesn't support CME. I'd rather buy some hardware and throw it in my closet rather than run GNS3 with an IOS image for what it's worth. Also not really interested in the full CUCM platform just yet.
|
|
#
?
Mar 20, 2015 02:08
|
|
|
Perhaps someone can explain what may be a relatively basic concept to me: Our network runs iBGP with RRs using loopback peering with OSPF to distribute PTPs and loopbacks. We configure the address family on all the PEs and the RRs, but how come the RRs receive and propagate the vpnv4 routes from the PEs without having the VRF added? I'm just not sure how that part fits together.
|
|
#
?
Mar 21, 2015 21:05
|
|
|
Anjow posted:Perhaps someone can explain what may be a relatively basic concept to me: The route reflectors get prefixes in the vpnv4 afi/safi (you'll have that address-family under the BGP config), which are reflected per the normal rules. Look at 'sh bgp vpnv4 uni all' (or instead of all, 'rd x:y') on the RR and you'll see all the vpnv4 routes it's reflecting and which RD they're under. It's up to the receiving PE to decide if it's a prefix it adds to it's vpnv4 RIB or discards depending on local vpnv4 config. More info here: Route Target Constraint ragzilla fucked around with this message at 21:44 on Mar 21, 2015 |
|
#
?
Mar 21, 2015 21:39
|
|
|
Dumb question time: I have a couple routers (2600 series) Can I use them just laying flat on a table? I noticed the cooling fans are on the bottom so I feel like that might not allow enough airflow. I just want to use them for lab use not real 24/7 network use.
|
|
#
?
Mar 22, 2015 01:34
|
|
|
It's been a while since I used a 2600 but IIRC the actual fan housing is recessed from the bottom a little so there should be adequate clearance for air to get into the blades. Remember that these were designed to be stacked with other devices in a rack so there's no guarantee they wouldn't be "blocked" in normal operation either.
|
|
#
?
Mar 22, 2015 02:12
|
|
|
Martytoof posted:It's been a while since I used a 2600 but IIRC the actual fan housing is recessed from the bottom a little so there should be adequate clearance for air to get into the blades. Yeah thats what I figured, in a rack enviroment there isnt often that much room between devices so maybe they don't require all the much airflow. And yeah the fan area is recessed a little bit so laying doesnt completely block the airflow.
|
|
#
?
Mar 22, 2015 02:16
|
|
|
If you are just laying them on a table or shelf and not stacking things on top of them you can actually open up the case and disconnect the fan so they run totally silent. I did this with a couple of 2621xm's, a PIX 515, and couple of 12 port 2950's in my lab for years so the noise wouldn't bother my wife. None of these old lower end devices make much heat. However if you are going to stack them up or rack mount them I wouldn't recommend doing this.
|
|
#
?
Mar 22, 2015 02:55
|
|
|
The good news is, if they start to overheat they will tell you and you'll get to learn about/google all the associated warning messages that pop up. If you're extra lucky, it will overheat and crash and you'll get to check out the crash dump files and copy them to an external server through your method of choice!
|
|
#
?
Mar 23, 2015 16:46
|
|
|
Anyone have an opinion on Microwave internet? I'm looking into making some changes to move away from our current ISP and will need a primary internet connection. We currently have 20Mbps EoC to our main office. Looking at 50Mb fiber (1100-1400 depending on ISP) or Microwave options. Atlas Networks can provide 100/100Mbps for $550/mo as well as 500/500Mbps for $1550. They more expanseive and burstable options as well. ReallyFast.net can do 20/20 burstable to 100/100 for $450 as well as 100/100 burstable to 1000/1000 for 850. I have no experience with Microwave and a fellow local goon mentioned that he sees spikes of up to 40ms on cloudy days on his 200/200 Atlas Microwave connection that acts as a backup to their main fiber connection. Fiber, is more expensive for less bandwidth - about 1100 to 1400/mo for 50Mb fiber from Comcast, CenturyLink, Windstream and Integra. No web servers except for web applications that are only accessed from the two offices, across offices and remotely over the VPN/RDS. I plan on pairing whatever primary connection with a backup coax or other cheap form of internet from a different ISP. Also, I'm probably going to get a Comcast point to point fiber connection between Seattle and Portland.
|
|
#
?
Mar 25, 2015 00:38
|
|
|
a lot of your microwave decision is going to depend on distance. Sorry about your overpriced fiber, I live in a metro of less than 150k in central illinois and I get 100mbps of fiber from Frontier for $650/mo and 50mbps from a local IBOP (federally subsidized fiber ISP) for $500/mo. I paid up front for both of these fiber builds though, so that likely is a factor.
|
|
#
?
Mar 25, 2015 02:07
|
|
|
goobernoodles posted:Anyone have an opinion on Microwave internet? I'm looking into making some changes to move away from our current ISP and will need a primary internet connection. We currently have 20Mbps EoC to our main office. Looking at 50Mb fiber (1100-1400 depending on ISP) or Microwave options. Make sure you can an absolute perfect line of sight.
|
|
#
?
Mar 25, 2015 02:44
|
|
|
Well, we're a general contractor, so I'm going to start asking around to see if we can "self perform" or basically oversee a fiber certified subcontractor do the fiber installs to potentially lower monthly costs as well as minimum spends. For example, while Comcast can offer 100Mbps point to point fiber from Seattle to Portland for $903, they have a minimum $1800 that we would have to spend on fiber services. I don't particularly want to go all Comcast for internet, office to office connectivity and voice and have one big massive point of failure. That, and well, it's Comcast. Right now I'm thinking fiber/microwave as primary internet, paired with Comcast fiber between the two offices, cheap backup/supplemental connections and separate copper PRI or just go with a hosted voip solution. I can achieve the Comcast min. spend by upping the speed to 500Gbps for ~1850 or 1Gbps for $1990. If we could lower costs from all ISP's by doing the installs though.... Anyone have any insight on "self performing" fiber installations? goobernoodles fucked around with this message at 03:08 on Mar 25, 2015 |
|
#
?
Mar 25, 2015 03:04
|
|
|
goobernoodles posted:That, and well, it's Comcast.
|
|
#
?
Mar 25, 2015 03:18
|
|
|
adorai posted:To be honest, the enterprise side of Comcast has been phenomenal to us. Other than the standard node issues we've had at some very rural locations, I have zero complaints. As for your self done fiber installs, don't. You want THEM to own the fiber, then they are responsible for locates, repairs, etc.. If you do it yourself, you need to mark it every time someone calls JULIE. Good point on the installs. Giving any ISP, much less Comcast a big, foam finger to point back at us when poo poo goes south is probably not a smart plan.
|
|
#
?
Mar 25, 2015 03:45
|
|
|
goobernoodles posted:Anyone have an opinion on Microwave internet? I'm looking into making some changes to move away from our current ISP and will need a primary internet connection. We currently have 20Mbps EoC to our main office. Looking at 50Mb fiber (1100-1400 depending on ISP) or Microwave options. I work for a wireless ISP. We use a number of technologies, each with their downsides: 5GHz - range up to 10KM in the way we use it, up to 30Mbps or so 13-38GHz - range up to 10KM, up to 380Mbps but affected by snow 80GHz - range up to 2KM, up to 1Gbps but affected by rain and snow (these are shaky enough that we normally deploy them with a 5GHz backup radio path) No matter what the salesperson says, the higher bandwidth options ARE affected by the weather. I don't know what it's like in the US, but for the 13-38GHz microwaves we have to apply for a license to use the spectrum for each link and this takes 45 days or so.
|
|
#
?
Mar 25, 2015 06:58
|
|
|
The important thing to remember when it comes to net connections is "god hates you and wants you to be sad". We have two redundant 10Gb fiber links coming into our data center in Colorado over completely different paths. Like, one comes up from New Mexico and one down from Wyoming. One day they were both knocked out at the same time. One due to "vandalism" (we never found out what this meant) and one due to the flooding in Colorado a couple years back creating a gigantic sinkhole in the earth and physically destroying the link. It took techs like 8 hours to splice the fiber in the sinkhole back together in what I can only assume were loving awful conditions. Sometimes all you can do is sit back, say "yeah having enough redundancy to prevent this 1 in a million bullshit wouldn't have been worth the cost" and give the universe a 
|
|
#
?
Mar 25, 2015 07:02
|
|
|
Charliegrs posted:Yeah thats what I figured, in a rack enviroment there isnt often that much room between devices so maybe they don't require all the much airflow. And yeah the fan area is recessed a little bit so laying doesnt completely block the airflow. Rack environments are not designed to leave spaces in between equipment cabinets where hot air pockets build up. Servers and crap usually vent front to back, a lot of Telco stuff vents to the side, so when you're contemplating your cabinet layouts for aisles/containment you have to make sure you don't like, beam the hot air from one thing right into the other. Lots of interesting poo poo there but a 2600 on a coffee table isn't going to overheat.
|
|
#
?
Mar 25, 2015 14:18
|
|
|
Docjowles posted:One due to "vandalism" (we never found out what this meant) Lots of fiber in that area is aerial because it's too expensive to bury in the mountain, it's not uncommon for people to try to break the fiber or hit repeaters with buckshot
|
|
#
?
Mar 25, 2015 14:54
|
|
|
|
| # ? Jun 4, 2024 06:16 |
|
|
single-mode fiber posted:Lots of fiber in that area is aerial because it's too expensive to bury in the mountain, it's not uncommon for people to try to break the fiber or hit repeaters with buckshot Splice cases are great targets for 22LR and 00. Ask me about losing paths to Chicago monthly during the fall due to gunshot damage.
|
|
#
?
Mar 25, 2015 16:01
|
|