15 Jul

Simple line card performance testing configuration (IOS XR)

It’s easy trick but I’m going to put it here anyway so anyone can use it and for me so I can easy find code when I need it 🙂 This is “snake” that is made traffic from generator go through all ports on line cards and between two line cards. It’s made for testing purposes in lab environment if you need to verify performance capability of ASR9K router (or any other runnin IOS XR in this case) for customer.
Read More

23 Apr

Secret changes in Cisco documentation (follow up on “No EIGRP neighbor authentication on ASR9K” post)

I received comment from Pushpasis Sarkar from Cisco on my previous post about lack of EIGRP authentication on ASR9k. It made me wonder if I missed something during deployment? I remember we were testing it hardly in lab and documentation stated clearly it’s not supported. I’m pretty sure, but 100%, that we were testing key chains both with and without defined lifetime and cryptographic-algorithm, because we were having some issues with IS-IS and key chains too. And it never worked.
Read More

03 Dec

Monitoring CPU usage over SNMP in IOS XR

SNMP on IOS XR is not documented at all right now in my opinion. Of course IOS XR supports standard base of MIB’s but if you want to monitor something platform specific it’s hard to guess which MIB you should use. SNMP Object Navigator on cisco.com does not know yet, there is such think as IOS XR or NX-OS.
I got this information from Cisco representative and I’m putting it here so you can use this too. I had to implement CPU usage monitoring on IOS XR for my customer, but unfortunately standard MIB’s were not working. On IOS XR you have to use cpmCPUTotalTable defined in CISCO-PROCESS-MIB

  cpmCPUTotalIndex          .
  cpmCPUTotalPhysicalIndex  .
  cpmCPUTotal1minRev        .
  cpmCPUTotal5minRev        .

cpmCPUTotalIndex is a unique value to identify each CPU but this is not fixed value. Then you need to check an entity with cpmCPUTotalPhysicalIndex as entPhysicalIndex.

Update: Same MIBs can be used to monitor supervisor usage on Nexus 7000

08 Nov

SSH is always running on ASR9K

On traditional IOS routers SSH is enable if you have K9 software, ssh server enabled and proper pair of key generated on device. It seems that IOS XR works differently. SSH is enabled and working even if you have no keys generated.
When you try to connect to such router you get following message:

Anomander:~ peper$ ssh [email protected]
no hostkey alg

and in router logs:

RP/0/RSP0/CPU0:ASR9K#RP/0/RSP0/CPU0:Oct 29 13:18:20.167 : SSHD_[65804]: %SECURITY-SSHD-3-ERR_ERRNO : Failed to retreive host key-pair No error

No error? Well, there is an error – no keys were generated. This is cosmetic, but would be nice if SSH wouldn’t work at all until proper keys are generated or no misleading error message would be displayed.

26 May

E-OAM loopback on ASR9k

There are two things that we have to do to enable E-OAM: configure oam profile that will define way OAM will work and attach that profile to physical interface. OAM’s are not working on subinterfaces. In action section you define what action will router take when particular error occurs, in this example interface will be put in err-disable state.
Read More

11 May

Creating EoMPLS on ASR9k

Process of defining E-Line connections, either local or as EoMPLS, consists of two steps – creation of EFP’s (Ethernet Flow Point) and defining xconnect between them. Each EFP represents one customer service demarcation point and can be in example physical subinterface or bundle. Connection between EFP’s can be either local, if both ESP’s are in the same chassis (same or different line cards) or EoMPLS link.
Read More

29 Apr

Virtual IP, MgmtEth interfaces and switchover on ASR9k

On ASR9000 router you have two RSP’s, both with MgmtEth0 interfaces. Interfaces on both of RSP’s have to be in the same subnet, what more a Virtual IP address, that is in the same subnet as MgmtEth0’s interfaces have to be configured. So technically you may think that you have three out-of-band management entry points to the router. This is unfortunately false.
Read More