HI friends,

need your urgent help.need to convert legancy cct.(OPX,tietrunk,FX,hotline,ATM,Framerelay) into lastest and cheap technolagy.contact me directly@ mohsinjaved82@hotmail.com

Hello Mani,

Got a question regarding 2 ASR1001's that I have that occasionally receive false temperature warnings from the power supply.  I think I see bug CSCtr38540 that might exactly describe this but I can't view any details to know for sure. Apparently there is propritary info on this bug..   I think what I need to know is if there is a new IOS that would fix this? if so what would that be?  is there anyway I can view info on this bug minus the info Cisco doesn't want me to see? 

Thanks much, Joe

Hi Mani,

I am attempting to set up traffic policing inbound on the ASR1001.

I want to police the incoming traffic in a vlan from a service provider to 100M (all traffic - no bursting permitted).

My config looks like this:

class-map match-all FX_INTERNET_CLASS

match access-group name FX_INBOUND

!

policy-map FX_INBOUND_POLICY

class FX_INTERNET_CLASS

  bandwidth 100000

  police cir 10000000

   conform-action transmit

   exceed-action drop

   violate-action drop

interface Port-channel1.202

description FX Internet National

encapsulation dot1Q 202

ip address 172.19.10.6 255.255.255.252

no ip redirects

no ip unreachables

no ip proxy-arp

ip verify unicast reverse-path

ip ospf 100 area 0

service-policy input FX_INBOUND_POLICY

ip access-list extended FX_INBOUND

permit ip any any

I have tested this using iperf and it doesnt work.

Also the following message is displayed:

ttpchcrt04#sh policy-map interface

Port-channel1.201

  Service-policy input: FX_INBOUND_POLICY

    Service policy FX_INBOUND_POLICY is in suspended mode

Port-channel1.202

  Service-policy input: FX_INBOUND_POLICY

    Service policy FX_INBOUND_POLICY is in suspended mode

Can you help with this please?

Dear Mani,

Kinldy your input is highly apreciated.

Thanks,

Michel.

Hello Manigandan,

We have implemented a few dozens of ASR 1004 as Internet Gateways, but unfortunately we are having lots of problems when running PAT.

Two issues have been faced so far and are critical to operations:

1- PAT pooling fails, whereas if we have a pool with N entries, lots of protocols are consuming 1 to 1 NAT, which leave us with shortage of ports. A pool of 5 IP addresses should serve about 320000 ports thus 320000 simultaneous connections. but we only end up in using the first 4 IP addresses as 1-to-1 NAT and the remaining 5th is doing PAT ! We tried to increase the Pool mask (eg 20 IP addresses) and still the same issue. We expect to serve 2000000 simultaneous connections per ESP-40 (as per the datasheet).

2- On another unit we have the following output in the NAT stats:

sh ip nat statistics

Total active translations: 75727 (0 static, 75727 dynamic; 75727 extended)

Outside interfaces:

  GigabitEthernet0/0/2, GigabitEthernet0/0/3

Inside interfaces:

  GigabitEthernet0/0/0, GigabitEthernet0/0/1

Hits: 1842060462  Misses: 52429354

CEF Translated packets: 0, CEF Punted packets: 0

Expired translations: 52225597

Dynamic mappings:

-- Inside Source

[Id: 9] route-map NATALL pool natpool refcount 75320

pool natpool: netmask 255.255.255.0

        start 89.108.185.51 end 89.108.185.100

        type generic, total addresses 50, allocated 1 (2%), misses 0

nat-limit statistics:

max entry: max allowed 0, used 0, missed 0

Pool stats drop: 0  Mapping stats drop: 1

Port block alloc fail: 0

IP alias add fail: 0

Limit entry add fail: 0

Note that we have 75727 simultaneous connections for a SINGLE IP... That is a bit ackward, don't you think?

Your feedback is much apprecaited.

One last question, is there any document related to which applications are supported by PAT on the ASR1K ?

Thanks,

Michel.

Hello.

Is there an SVI equivalent for ASR1002 platform?

Single IP address visible on 2 physical ports?

Hi Mani,

what it means in the datasheet for ESP 10 : FW or NAT: 1,000,000 sessions ?

We are currently having an issue with ASR1006 with ESP10, processing almost 2Gbps with 500.000 firewall sessions and 350.000 total PAT translations in traffic peak, and status control-procesor output is like this :

ASR_1006#show platform software status control-processor brief

Load Average

Slot  Status  1-Min  5-Min 15-Min

  RP0 Healthy   1.11   1.07   1.10

  RP1 Healthy   0.11   0.15   0.09

ESP0 Healthy   2.86   2.81   2.73

ESP1 Healthy   0.00   0.00   0.00

SIP0 Healthy   0.00   0.02   0.00

SIP1 Healthy   0.01   0.24   0.16

Memory (kB)

Slot  Status    Total     Used (Pct)     Free (Pct) Committed (Pct)

  RP0 Healthy  2009868  1625524 (81%)   384344 (19%)   1169504 (58%)

  RP1 Healthy  2009868  1432636 (71%)   577232 (29%)   1021776 (51%)

ESP0 Healthy  2009892   640784 (32%)  1369108 (68%)    407384 (20%)

ESP1 Healthy  2009892   597048 (30%)  1412844 (70%)    404456 (20%)

SIP0 Healthy   449768   308368 (69%)   141400 (31%)    253088 (56%)

SIP1 Healthy   449768   309032 (69%)   140736 (31%)    253704 (56%)

CPU Utilization

Slot  CPU   User System   Nice   Idle    IRQ   SIRQ IOwait

  RP0    0  13.28  23.67   0.00  62.13   0.09   0.79   0.00

  RP1    0   0.10   0.10   0.00  99.79   0.00   0.00   0.00

ESP0    0  47.00  38.42   0.00  13.57   0.39   0.59   0.00

ESP1    0   0.09   0.19   0.00  99.50   0.00   0.19   0.00

SIP0    0   0.50   0.60   0.00  98.90   0.00   0.00   0.00

SIP1    0   0.60   0.50   0.00  98.90   0.00   0.00   0.00

This high CPU Utilization values for ESP used to be 4% for User + System in traffic peak for 1.6 Gbps 350.000 PAT translations and 450.000 firewall sessions.

We have opened TAC case, but we still do not know if this is too much for ASR1006 to handle this amonut of traffic.

Thanks and reagrds,

Dragana