Cisco WAN :: 6500 / 3560 - Understanding Backplane / Throughput And Capacity
Jan 16, 2012
I have been trying to understand from a long time about the throughput capacities of variety of Cisco Routers and Switches. Have searched over a million pages on cisco.com for data sheets/documents/etc. but havent succesfully got a single document highlighting all of what i need.
I have got queries on the below issues:Which model of Router can support upto 2Gig's of WAN Internet connection running BGP? Any list of routers and switches supporting variety of throughput's from 1 MB to 1 GB.I have heard some experts stating "Switches don't have throughput concerns as they switch the traffic and don't need to route traffic" How true is the statement?? and if it is, Why do we require 6500's instead of 3560 Distribution Switches.
I have begun moving NTP from our 6500 to 4 Nexus 5k as part of a core upgrade. The Nexus will act as our internal NTP server for all switches. Any switches that are on the same vlan as the Nexus have no issues syncing NTP from them. However any switch that has to have the traffic routed to the Nexus is showing that the time source as insane.
The configuration on our Nexus is as follows the Nexus are .11,12,13 and 14: ntp peer 172.24.1.12 ntp peer 172.24.1.13 ntp peer 172.24.1.14 ntp server 192.43.244.18 clock timezone CST -6 0 clock summer-time CDT 2 Sun Mar 2:00 1 Sun Nov 2:00 60
Here is the configuration on one of our 3560's: clock timezone CST -6 clock summer-time CDT recurring ntp server 172.24.1.11 ntp server 172.24.1.13 ntp server 172.24.1.12 ntp server 172.24.1.14
This same configuration worked when the switches were configured as NTP Peers to our 6500 (172.24.1.1). The ip for the 6500 has been moved to an HSRP address across the Nexus so I have pointed the switches at the individual IP for each Nexus.
Here is a debug ntp packet ouput from one of the 3560s: .Mar 7 17:21:22: NTP: xmit packet to 172.24.1.11: .Mar 7 17:21:22: leap 3, mode 3, version 3, stratum 0, ppoll 64 .Mar 7 17:21:22: rtdel 2445 (141.678), rtdsp C804D (12501.175), refid AC180101 [Code].....
We want to get L2 traffic amount (bit/byte) passing through a cisco switch (6500/3560 ...) for a specific VLAN. it can be via SNMP or CLI ...How can we do that?
Are there any plans to support a "shared backplane mode" like on SUP6-E that enables the use of four 10G oversubscripted uplink ports in redundant mode? now there is support for up to two active 10G links in redundant mode.
So the delay is introduced getting data onto the wire. However say there are two hops to the destination server, each hop is via equal connectivity speeds say 1G interlinks.
Question:
Is there serialization delay FROM the wire/interface onto router/switch backplane/fabric?
Is the serialization delay from backplace/nic back onto the wire to the next hop? - Or if using a switch with equal in/output speed transmitted without serialization?
What happens with a routed interface vs switched?
Most articles discuss the latency induced between the much higher OS/NIC interface out to the wire, but not the switch/router serialization that does or doesn't occur.
I am currently trying to understand Subnetting via CCNA. My progress is going well,I understand the class below:
Class A 0-127 Max IP 2^24 = 16777216 Class B 128-191 Max IP 2^16 = 65536 Class C 192-223 Max IP 2^8 = 256
However I have seen an example from an ip calculator website, and noticed this :
Address: 192.168.1.0 11000000.10101000 .00000001.00000000 Netmask: 255.255.0.0 = 16 11111111.11111111 .00000000.00000000 Wildcard: 0.0.255.255 00000000.00000000 .11111111.11111111 => Network: 192.168.0.0/16 11000000.10101000 .00000000.00000000 (Class C) - I would have thought this would have been Class B? Broadcast: 192.168.255.255 11000000.10101000 .11111111.11111111 HostMin: 192.168.0.1 11000000.10101000 .00000000.00000001 HostMax: 192.168.255.254 11000000.10101000 .11111111.11111110 Hosts/Net: 65534 (Private Internet)
Is this an invalid IP/masks as the max hosts is 65534 (which should be class B?). If so shouldnt the IP address range from 128-191- eg 172.16 (I know that CIDR is the amount of 1's. ).What calculates the class is it the netmask or the range of the first octet?
I need to understand why change audit report reports an unused username Name of the user who performed the change. This is the name entered when the user logged in. It can be the name under which the LMS application is running, or the name using which the change was performed on the device. #The User Name field may not always reflect the user name. The User Name is reflected only when: A config change was performed using LMS. #A config change was performed outside of LMS, but the network has username-based AAA security model, wherein authentication is performed by an AAA server, which could be TACACS/RADIUS or local.
I believe this setup does the following. The inside interface and interfaces 4,5,6,and 7 will translate using this line....
global (outside) 1 209.165.200.235-209.165.200.254 netmask 255.255.255.224
and if the addresses run out is will start using the ouside interface IP address to translate, so traffic is not disrupted and is based on the line of configuration.....
global (outside) 1 interface
My question, does it do this because of the order of the configuration..
global (outside) 1 209.165.200.235-209.165.200.254 netmask 255.255.255.224global (outside) 1 interface
or would it do it that way even if it was like this?
global (outside) 1 interfaceglobal (outside) 1 209.165.200.235-209.165.200.254 netmask 255.255.255.224
and if so why?Now let's convert the above configuration to ASA 5505 Version 8.3 or newer.
My question is how does it know to use the outside interface as a backup when the OUTSIDE-NAT-POOL is depleted?Also why do I need to define the INTERNAL-SEGMENTS ? Doesn't the "any" in the (any,outside) take care of that?Also wouldn't the "any" in (any,outside) cover interface 3 or DMZ which could be an issue?
I need to understand security bundles. I purchased a Cisco Security Bundle, Advanced Security, 64F/256D. part number CISCO3825-SEC/K9. My expectation from this device was that I will get an IOS based firewall with no need for an additional firewall module. however, the supplier is telling me that I have to buy a firewall module to use the feature. Isn't the bundle supposed to come with all I needed since is a bundle?
Is there any command I can use to verify if this device is really what I paid for? what can can I check for in the sh inv and sh ver commands? I don't see any information from these commands.
I am having a Cisco 7406 VXR router. I want to know what is the max. MPLS link capacity that can be terminated on the link? We are planning to upgrade the MPLS link to 450 Mb..so was just wondering whether 7206 will support or not..
Any document which expalins what you need to know when looking at purchasing an ASA5505. Which clearly describes the verious permitations and combinations of these lovely little boxes?
I recently purchased a basic: ASA5505-BUN-K9
I realise now this comes with 10 internal users, 2 ssl and no anyconnect mobility. All these can be purchased as additional licenses.
Its my understanding that to support unlimmited Internal/Inside hosts - I need to purchase the L-ASA5505-SEC-PL (Security Plus License)
1) What is the model I should go for if I want to support unlimmited interneal. Can a 5505 be purchased with with security plus?
I currently have 2 5505 SEC BUN as Primary/FO Firewalls and I am considering purchasing the ASA5510-AIP10-K9 for use as a dedicated IPS device. Looking at [URL] I see that for service updates, CON-SU1-AS1A10K9 is available for this product, providing "IPS Signature and Engine Updates" and "OS Updates."It is my understanding that in the ASA5510-AIP10-K9 there are 2 OS:
1. ASA OS 2. AIP SSM-10 OS
My question is: Are both the ASA and AIP SSM-10 able to receive "OS updates" with this service contract?
I have a 1721 router with 3 equal routes to 0.0.0.0, using CEF for load balancing with universal load balancing algorithm. It doesn`t NAT, just routing. I wonder which is the maximum capacity of the router, since it should support up to 40000 connections to different destination IP. Is the limit set by the router resources (CPU, memory, ...) or a maximum limit of entries in the table FIB / RIB?
What is the maximum amount of traffic a 3825 router can take. I know that a 3825 is rated to handle half of a DS3/T3. We are planning to put a 50Mbps point to point metro Ethernet circuit between two 3825's and run encryption over that line. I just want to make sure we don't max out the router as I remember once a customer maxed out a 3825 with a ton or GRE tunnels and the router crashed every time they did their nightly data dump.
I am a D-I-Y type of guy and have managed to setup Apache on my LAN and make it accessible via WAN over port 80 and Tomcat on port 8080.I aim to possibly get a home web server up (will calculate the costs), but I need some questions answered about networking.
My understanding on ports are that they can be a risk if left open (which I have done) if there is no service or application listening on my side on those ports.So I take it that leaving those ports open and removing the services or applications that run on my side for these ports is a major security risk?
I noticed though that Xampp (1.8.1) does not allow requests over WAN unless I set my password for Apache. Does setting this password imply that Xampp is safe to use in a production environment?
We've recently inherited a platform with little handover and also minimal networking experience.We're going 100 miles an hour in learning, but I'm a bit confused with the idea of a L2 switch with no IP assignments to ports, so using VLANs, and a L3 switch with IP assignments. And the combination of both.We have 2 Cisco 3750 switches, along with a whole host of other hardware, so we're starting at this "gateway" to start breaking things down.
I've been working on breaking down and understanding the default auto qos configuration on a Cisco 3750 in the hopes of putting together a QoS strategy that will fit our environment. I'm having some difficulty understanding how the "mls qos queue-set output" syntax works.
From another post, at [URL], the author offers the following example and explanation;
How come there is syntax stating "threshold 2" when in the succeeding part the 400 refers to thresshold 1 and threshold 2 again? The syntax 400 400 is, apparently, already referring to thresshold 1 and 2, no?
I received the following info from Cisco's TAC and wanted to inquire further before I start reconfiguring the switch:
In a redundant Sup-6E setup, the following configuration is supported :
- 1 TenGig uplink on Active Sup and 1 TenGig uplink on Standby Sup - 1 TenGig uplink on Active Sup and 2 Gig uplinks on Standby Sup - 2 Gig uplinks on Active Sup and 1 TenGig uplink on Standby Sup - 2 Gig uplink on Active Sup and 2 Gig uplinks on Standby Sup
If you invoke shared backplane mode, the following configuration can also be supported:
- 2 TenGig uplinks(blocking) on Active Sup and 2 TenGig uplinks on Standby Sup - 2 TenGig uplink(blocking) on Active Sup and 4 Gig uplinks on Standby Sup - 4 Gig uplinks on Active Sup and 2 TenGig uplinks(blocking) on Standby Sup - 4 Gig uplink on Active Sup and 4 Gig uplinks on Standby Sup
Here's the command and information about the "shared-backplane" mode :- [URL]
Currently, we have 2 SUP 6-Es(Module 5 - Active and Module 6 - Stand-by) setup in a redundent mode. I am planning on changing the redundent mode to the shared backplane mode so I can use 2 TenGig converters to uplink 2 access-switches. We purchased 2 TenGig converters and here is how I am planning on using them:
1- One will be used to uplink to two 3750 switches(stacked) 2- One will be used to uplink to a 2960 using a Gig SFP
My questions are:
1- Do I have to install the 2 TenGig converters(4-Gig Uplinks) in the same Module? Or can I use one one in module 5 and the second one in module 6? 2- Will changing the redundant mode to the shared backplane mode require rebooting the switch or disrupt the funtionality of the other linecards?
I have AIR-CT2504-5-K9, with 5 access point license support. I buy capacity adder license LIC-CT2504-5A for add 5 access points more. When i try download licence file from tftp server on WLC system i see message "License 1 Failed 1" on WLC. TFTP server message downloading OK.
i have AIR-CT2504-5-K9, with 5 access point license support. I buy capacity adder license LIC-CT2504-5A for add 5 access points more. When i try download licence file from tftp server on WLC system i see message "License 1 Failed 1" on WLC. TFTP server message downloading OK.
Any equivalent show command to get the "FIB TCAM Usage" on An ASR 1006 ?the "show platform hardware capacity forwarding" does not work on ASR1006 Example on 6500: Router# show platform hardware capacity forwarding.
I am seeing the following log messages appear on our border edge 7600 router (SUP720-3BXL) The messages seem to appear when tag switching has been enabled on the interface, so somehow related I presume. The MPLS forwarding table is very small however. [code]
I can't see anything that is using up the ACL_TCAM HI BANK using "show tcam global acl" There aren't any ACL's applied to any of the interfaces, or policy-maps. The only ACL's in use are for SNMP, ntp, and VTY. These are very small any way. Interface Gi1/22, and 1/1 have tag switching enabled. [code]
The router has a full BGP routing table learned via an upstream (EBGP) peer neighbor, and an IBGP peer. The CPU utilisation seems fine, as is memory usage. CEF seems to be running okay. It's currently running [code] Are prefix lists part of TCAM? Is the router over-resourced holding a full bgp routing table?