Saturday, March 29, 2008

Installing Ubuntu 8.04 & dynamips/dynagen

Today i decided to install Ubuntu again, but this time without using the wubi installer. So i was going to use a partition solely for linux.

It took me around 3 hours and here is the procedure for all of you...

Download latest Ubuntu Desktop LiveCD (8.04 beta was available when i did it). You can run it from the CD before installing it (that's what LiveCDs are all about), if you want to check for any problems (i unfortunately found some regarding my hard disks).

Please keep in mind that this Ubuntu version is still beta, so you shouldn't try it in a production environment. Also, wubi-installer is finally included officially with Ubuntu 8.04, something that could make you life easier, especially if you need more than just a trial run. So you have these 3 options:

1. Run the Ubuntu LiveCD
2. Install Ubuntu in your windows partition (through wubi)
3. Install Ubuntu in a different partition

For my CCIE preparation i used the 2nd option (you can read more details here); this time i'm using the 3rd one.

After you have tried the LiveCD and you have found and solved all booting problems, you can proceed and install Ubuntu in a free partition in your hard disk. I used a 30 GB partition for the root (/) partition and another 2 GB one for the swap partition (i could use a different one for /home too). You don't need to create them before the installation. The installation process can create them, as long as you have some free space (or a windows partition not needed).

Regarding my run/install problems, i had to add the "irqpoll" option to the boot options, because otherwise Ubuntu wouldn't recognize my SATA hard disks (i was getting "ata qc timeout" & "ata revalidation failed" messages). I guess it must be a problem having to do with the JMicron controller of the Abit IP35Pro motherboard (i searched the linux kernel bugs and i found many cases about it). I also removed the "quiet" and "splash" options from the boot parameters line, because i wanted to watch the whole boot process (i don't like things happening behind my back).

You can use the F6 key before installing (or the grub menu options after Ubuntu has been installed) in order to change the boot options. This is before booting/loading Ubuntu. There is a gui (search for "QGRUBEditor" in Synaptic) for changing permanently these options after you have installed/loaded Ubuntu (besides the obvious method of editing the "/boot/grub/menu.lst" file).

After Ubuntu has been installed and loaded correctly, make sure you have connectivity to the internet (i met some problems with my network setup -having ethernet adapters losing their ip addresses- and i had to run "ifdown eth1" & "ifup eth1"). Then run the Update Manager and install all the available updates (i found around 250).

Reboot and everything should be working fine at this time. If not, search for help in the Ubuntu forums, or try the stable 7.10 version. After all, you should already know that Linux is still harder to learn than Windows.

Ok, let's start the Dynamips/Dynagen installation now...

Open Synaptic Package Manager and search for "dynamips". You should find 2 packages : "dynamips 0.2.7-0.2.8RC2-1" & "dynagen 0.10.1-1" (or possibly a newer version of them). Install both of them (i suppose you know how to use Synaptic, or you can use "sudo apt-get").

Now you should have both packages correctly installed. If you run them through a terminal window, you should get the following output:


xxx@ubuntu:~$ dynamips
Cisco Router Simulation Platform (version 0.2.8-RC2-x86)
Copyright (c) 2005-2007 Christophe Fillot.
Build date: Nov 26 2007 06:40:51

Please specify an IOS image filename
Usage: dynamips [options]


xxx@ubuntu:~$ dynagen
Usage: dynagen [options]

xxx@ubuntu:~$ dynagen --version
dynagen 0.10.1.090807


I guess you already have some (already decompressed) IOS around (if it's compressed, try the "unzip -p" command). Otherwise you wouldn't mess with dynamips; would you? For my CCIE preparation i used latest 3640 & 3725 12.4 IOS; you can choose other if you like. Create a directory under /usr/share and put your IOS there. Of course you can choose another directory; i just liked the idea of sharing ;)


xxx@ubuntu:~$ sudo mkdir /usr/share/cisco-ios


You can always copy them from your windows directories (which get automatically mounted once you open them through the file browser/nautilus), like it was in my case (sda1, the 1st partition of my first sata hard disk, is drive letter C: in my windows):


xxx@ubuntu:~$ sudo cp "/media/sda1/Program Files/Dynamips/images/c3640-ik9o3s-mz.124-17a.extracted.bin" /usr/share/cisco-ios/
xxx@ubuntu:~$ sudo cp "/media/sda1/Program Files/Dynamips/images/c3725-adventerprisek9-mz.124-17a.extracted.bin" /usr/share/cisco-ios/


Now change the IOS file permissions and make them readable from everyone (you can always use more strict permissions, if you know how and why):


xxx@ubuntu:~$ sudo chmod 744 /usr/share/cisco-ios/*

xxx@ubuntu:~$ cd /usr/share/cisco-ios/
xxx@ubuntu:/usr/share/cisco-ios$

xxx@ubuntu:/usr/share/cisco-ios$ ls -al
total 144876
drwxr-xr-x 2 root root 4096 2008-03-29 17:52 .
drwxr-xr-x 286 root root 12288 2008-03-29 17:43 ..
-rwxr--r-- 1 root root 65954968 2008-03-29 17:50 c3640-ik9o3s-mz.124-17a.extracted.bin
-rwxr--r-- 1 root root 82221348 2008-03-29 17:52 c3725-adventerprisek9-mz.124-17a.extracted.bin


Create a new directory in your home folder, where you'll be storing your own labs. I like to use a folder on the Desktop, so i can very easily manage it (keep in mind that there are other ways too, if you want to put a folder on the desktop). Create another directory inside it, for your first lab. Also, inside each lab directory you'll need to create a working directory for all the "temporary" files (like nvram contents and ghost-ios files) used for your labs.


xxx@ubuntu:~$ cd Desktop/
xxx@ubuntu:~/Desktop$ mkdir cisco-labs
xxx@ubuntu:~/Desktop$ cd cisco-labs/
xxx@ubuntu:~/Desktop/cisco-labs$
xxx@ubuntu:~/Desktop/cisco-labs$ mkdir lab1
xxx@ubuntu:~/Desktop/cisco-labs$ cd lab1/
xxx@ubuntu:~/Desktop/cisco-labs/lab1$
xxx@ubuntu:~/Desktop/cisco-labs/lab1$ mkdir working


The directory structure should be like the following:


/home/xxx/Desktop/
/home/xxx/Desktop/cisco-labs/
/home/xxx/Desktop/cisco-labs/lab1/
/home/xxx/Desktop/cisco-labs/lab1/working/
/home/xxx/Desktop/cisco-labs/lab2/
/home/xxx/Desktop/cisco-labs/lab2/working/
and so on...


Create the following file ("lab1.net" is your test lab) using your favorite editor. I like vi, you can use gedit.


############
# Lab test
############

autostart = False
[localhost:7200]

# Don't forget to change this for every new lab
workingdir = /home/xxx/Desktop/cisco-labs/lab1/working

[[3640]]
# Specify 3640 IOS image on Linux here:
image = /usr/share/cisco-ios/c3640-ik9o3s-mz.124-17a.extracted.bin
#
ram = 128
disk0 = 0
disk1 = 0

# idlepc values are specific to each ios
idlepc = 0x605a5040

mmap = True
ghostios = True
sparsemem = true


[[Router R1]]
model = 3640
console = 2001
slot0 = NM-1FE-TX
F0/0 = SW1 F1/1

[[Router R2]]
model = 3640
console = 2002
slot0 = NM-1FE-TX
F0/0 = SW1 F1/2

[[Router SW1]]
model = 3640
console = 2007
slot1 = NM-16ESW


Now, while in lab1 directory, start dynamips in hypervisor mode and put it in the background (there is still no need to run it as root). Then press enter to see the shell prompt again.


xxx@ubuntu:~/Desktop/cisco-labs/lab1$ dynamips -H 7200 &
[1] 15052
xxx@ubuntu:~/Desktop/cisco-labs/lab1$ Cisco Router Simulation Platform (version 0.2.8-RC2-x86)
Copyright (c) 2005-2007 Christophe Fillot.
Build date: Nov 26 2007 06:40:51

Hypervisor TCP control server started (port 7200).

xxx@ubuntu:~/Desktop/cisco-labs/lab1$


Start dynagen with your first lab as a parameter:


xxx@ubuntu:~/Desktop/cisco-labs/lab1$ dynagen lab1.net

Reading configuration file...

Shutdown in progress...
Shutdown completed.
CPU0: carved JIT exec zone of 64 Mb into 2048 pages of 32 Kb.
NVRAM is empty, setting config register to 0x2142
C3600 instance 'ghost-c3640-ik9o3s-mz.124-17a.extracted.bin-localhost' (id 3):
VM Status : 0
RAM size : 128 Mb
NVRAM size : 128 Kb
Chassis : 3640
IOS image : /usr/share/cisco-ios/c3640-ik9o3s-mz.124-17a.extracted.bin

Loading ELF file '/usr/share/cisco-ios/c3640-ik9o3s-mz.124-17a.extracted.bin'...
ELF entry point: 0x80008000

C3600 'ghost-c3640-ik9o3s-mz.124-17a.extracted.bin-localhost': starting simulation (CPU0 PC=0xffffffffbfc00000), JIT enabled.

C3600 'ghost-c3640-ik9o3s-mz.124-17a.extracted.bin-localhost': stopping simulation.
Network successfully loaded

Dynagen management console for Dynamips
Copyright (c) 2005-2007 Greg Anuzelli

=>


Let's see the routers and the switches now:


=> list
Name Type State Server Console
R1 3640 stopped localhost:7200 2001
R2 3640 stopped localhost:7200 2002
SW1 3640 stopped localhost:7200 2007


Ok, let's start them:


=> start R1
CPU0: carved JIT exec zone of 64 Mb into 2048 pages of 32 Kb.
NVRAM is empty, setting config register to 0x2142
C3600 instance 'R1' (id 1):
VM Status : 0
RAM size : 128 Mb
NVRAM size : 128 Kb
Chassis : 3640
IOS image : /usr/share/cisco-ios/c3640-ik9o3s-mz.124-17a.extracted.bin

Loading ELF file '/usr/share/cisco-ios/c3640-ik9o3s-mz.124-17a.extracted.bin'...
ELF loading skipped, using a ghost RAM file.
ELF entry point: 0x80008000

C3600 'R1': starting simulation (CPU0 PC=0xffffffffbfc00000), JIT enabled.
100-VM 'R1' started

=> start R2
CPU0: carved JIT exec zone of 64 Mb into 2048 pages of 32 Kb.
NVRAM is empty, setting config register to 0x2142
C3600 instance 'R2' (id 2):
VM Status : 0
RAM size : 128 Mb
NVRAM size : 128 Kb
Chassis : 3640
IOS image : /usr/share/cisco-ios/c3640-ik9o3s-mz.124-17a.extracted.bin

Loading ELF file '/usr/share/cisco-ios/c3640-ik9o3s-mz.124-17a.extracted.bin'...
ELF loading skipped, using a ghost RAM file.
ELF entry point: 0x80008000

C3600 'R2': starting simulation (CPU0 PC=0xffffffffbfc00000), JIT enabled.
100-VM 'R2' started

=> start SW1
CPU0: carved JIT exec zone of 64 Mb into 2048 pages of 32 Kb.
NVRAM is empty, setting config register to 0x2142
C3600 instance 'SW1' (id 0):
VM Status : 0
RAM size : 128 Mb
NVRAM size : 128 Kb
Chassis : 3640
IOS image : /usr/share/cisco-ios/c3640-ik9o3s-mz.124-17a.extracted.bin

Loading ELF file '/usr/share/cisco-ios/c3640-ik9o3s-mz.124-17a.extracted.bin'...
ELF loading skipped, using a ghost RAM file.
ELF entry point: 0x80008000

C3600 'SW1': starting simulation (CPU0 PC=0xffffffffbfc00000), JIT enabled.
100-VM 'SW1' started


=> list
Name Type State Server Console
R1 3640 running localhost:7200 2001
R2 3640 running localhost:7200 2002
SW1 3640 running localhost:7200 2007
=>


Let's telnet to R2:


=> telnet R2


By default a new xterm window opens, with the following output:


Trying 127.0.0.1...
Connected to localhost.
Escape character is '^]'.
Connected to Dynamips VM "R2" (ID 2, type c3600) - Console port


% Please answer 'yes' or 'no'.
Would you like to enter the initial configuration dialog? [yes/no]: n


Press RETURN to get started!


We repeat the same procedure for every router/switch and we're ready to start our configuration.

In case you need to change the telnet client used by dynagen, you can edit the appropriate line found in file " /etc/dynagen.ini":


# Uncomment below for Linux
telnet = xterm -T %d -e telnet %h %p > /dev/null 2>&1 &


After you have finished with your lab and want to exit dynagen and dynamips, you can do the following:


=> exit
Exiting...
Shutdown in progress...
Shutdown completed.

xxx@ubuntu:~/Desktop/cisco-labs/lab1$ pkill dynamips
xxx@ubuntu:~/Desktop/cisco-labs/lab1$
[1]+ Terminated dynamips -H 7200


This is it! You should now have a fully working dynamips environment under latest Ubuntu 8.04.

Thursday, March 27, 2008

Cisco Search 2.0 - Is it really better?

I have given many fights with my colleagues whether Cisco's site is organized in a way that a not-grown-with-cisco person can use it and find the required information fast and easily (after 10 years working with Cisco, i still doubt about it). I must have bookmarked over 500 pages (which usually get moved around, with redirections not always working, feedback for lost links missing, etc.) on CCO after hours of surfing, in order to keep the everyday searching at the lowest possible level. But there isn't a single day at work, that i don't use the search feature. Of course, after learning to use analytically the online DocCD (due to CCIE), i still prefer to use it, mainly for the CLI exploration. But that was until recently, when it also got redirected...to outer space (but that's another story).

Recently Cisco introduced its new search page/engine/technology called Cisco Search 2.0, which includes the following improvements:

  • Keyword Auto Suggest – View keyword recommendations similar to what you type in, based on frequently searched terms.
  • Navigators and Filters – Segment your results by Site Area, Task, Document Type, Product, IOS Software, or Technology, with a single click.
  • Breadcrumb Controls – Get a clear view and understanding of the search filters you have applied, and remove unwanted filters, with a single click.
  • Expanded Search - Get results for any keywords that are similar to your search term.
  • Auto Spell Check - The improved search functionality automatically checks for spelling and provides you with results for the corrected keyword.
  • Sort by Date or Relevancy – Organize your results by relevancy or by published date, with a single click.

If i'm not mistaken, previously Cisco was using Google's appliance. Despite that fact, comparing Google's online search and Cisco's search was like day vs night. Although i don't know what it's using now, i did some tests using the new engine (i have been using it from its beta stage) and on the first look it seems faster than the old one. On the other hand, it's still slower than Google's.

All results were based on Wireshark sniffed data (Statistics -> Conversation List -> IPv4), after having all tests repeated for 3 times and taking into account the average.

Searching for "CCIE" :


Page Results Time for 1st page Time for 2nd page Bytes for 1st page Bytes for 2nd page
--------------------------------------------------------------------------------------------------
Cisco 10.039 5 sec 5 sec 180 KB 180 KB
Google 48.100 1 sec <1 sec 14 KB 8 KB


I guess my provider's internet link prefers Google vs Cisco.

Regarding the accuracy of the results, i was never good at it. When computers learn to think exactly like humans, then search results will be successful for everyone. Until then, you'll have to use various combinations of cryptic symbols and alphanumeric characters in order to tell the engine what you're looking for. And you'll be lucky if the engine understands you.

What i liked most about the old search page was the right side, where you had the most important Tools available by a single click. Now you have to move out of the search page and look for them. Someone will say "why don't you use tabs?". And i will answer "because every damn page in Cisco is loaded with -i don't know what-, that makes you think twice before you attempt to open it". Is CCO becoming a bloatware site?

Also, regarding the new page, i don't quite understand the filters : Site Area, Task, Document Type, Product, IOS Software, Technology. To me, they make the search even more confusing. I wish there was a way to remove some of them from the beginning, or add some of your own. Why do i need the "Product/Cisco Lightstream ATM Switches" filter when looking for CCIE? I looked at its results and i found nothing useful there.

Lastly, all this search experience should be made more dynamic (ajax-like). I like the automatic completion and filtering/unfiltering should work the same way. You click on a filter, results are loaded immediately, without the need for page refresh. You click on unfilter, the previous state is loaded, again without page refresh.

As it seems, when it comes to search experience...Human Network needs a little more before it really becomes human.

So, what do you think of the new search engine? I have created a multiple-vote poll (to the right of the page) asking your opinion about it. Also Cisco has a feedback page regarding it. I guess you should give them a hint.


PS: in case you haven't noticed it, there is an "Ask The Experts" session called "Preparing for CCIE in Routing & Switching" running until 4-Apr-2008. If you're preparing for your CCIE lab, this is the time to ask all your questions. As usually, Maurilio Gorito will be there to help you.

Update 1-May-2008 : I have included the poll results below...

Monday, March 24, 2008

Cisco Updates Policy on Employee Blogging

From Lessons Learned….Cisco Updates Policy on Employee Blogging
...

Background

A lawyer in Cisco’s intellectual property department, Rick Frenkel, created the Patent Troll Tracker blog. Rick started his anonymous blog in May 2007, writing frequently and broadly on patents and presenting relevant data related to patent litigation, an area currently of great public interest, in which Cisco also has an interest. He identified himself as the author of the blog in a posting on his site on February 23, 2008. Once his authorship became public, confusion was created between Rick’s views and Cisco’s views on various patent issues discussed in his blog.

What We Learned

As we have investigated this issue, there are clear lessons we have learned. There are two very distinct issues in this situation that have been instructive:

1. No one from Cisco edited Rick’s anonymous postings or required him to write on any topic, no one in his chain of command beyond his immediate supervisor knew that he was the author of Troll Tracker, and Rick intended that the blog solely reflect his opinions. However, given that Rick worked on intellectual property matters for Cisco, Rick’s relationship to Cisco should have been made clear and Cisco takes responsibility for the content of the blog.

2. We believe that a few Cisco employees used poor judgment when they suggested topics to Rick for his anonymous blog or pointed third parties to the blog without disclosing that the content was created by a Cisco employee. These are not appropriate communications activities for Cisco employees and are inconsistent with our values and principles.

These shortcomings began innocently – with Rick’s desire for personal anonymity and Cisco employees’ desire to disseminate useful information while respecting Rick’s anonymity. But eventually this opened the door for a perception that Cisco somehow had something to hide. Cisco is committed to transparency in our communications and in the relationships we have with all of our constituencies, and we regret that this situation occurred.

Moving Forward

We are committed to our policy of allowing our employees appropriate online expression. As an employee, Rick is free to continue his personal blog, Patent Troll Tracker, in compliance with the revised policy. Rick has many fans who appreciate the information he collects and disseminates on patent litigation trends and recognize his blog as an important voice in the on-going national dialogue on patent issues.

Blogging and blog policy are evolving areas for many companies. We believe we have learned a valuable lesson from this regrettable situation. Our goal now is to bring further clarity to our employees in the area of online communication, and our hope is that others will learn from this experience as well.

...



From Cisco's Internet Postings Policy :

...

Your Internet postings should not disclose any information that is confidential or proprietary to the company or to any third party that has disclosed information to Cisco.

If you comment on any aspect of the company’s business or any policy issue in which the company is involved and in which you have responsibility, you must clearly identify yourself as a Cisco employee in your postings or blog site(s) and include a disclaimer that the views are your own and not those of Cisco. In addition, Cisco employees should not circulate postings they know are written by other Cisco employees without informing the recipient that the author of the posting is a Cisco employee.

Your Internet posting should reflect your personal point of view, not necessarily the point of view of Cisco. Because you are legally responsible for your postings, you may be subject to liability if your posts are found defamatory, harassing, or in violation of any other applicable law. You may also be liable if you make postings which include confidential or copyrighted information (music, videos, text, etc.) belonging to third parties. All of the above mentioned postings are prohibited under this policy.

When posting your point of view, you should neither claim nor imply you are speaking on Cisco’s behalf, unless you are authorized in writing by your manager to do so.

If you identify yourself as a Cisco employee on any Internet posting, refer to the work done by Cisco or provide a link on a Cisco website, you are required to include the following disclaimer in a reasonably prominent place: “the views expressed on this post are mine and do not necessarily reflect the views of Cisco.”

Your Internet postings should not include Cisco’s logos or trademarks, and should respect copyright, privacy, fair use, financial disclosure, and other applicable laws.

...

Saturday, March 22, 2008

ASR1000 (aka the Good - Pt 2)

4 days ago i visited CiscoExpo 2008 in Athens, where my company was invited on a presentation of the ASR1000 series routers. There i had the chance to talk with the ASR1000 product manager and discuss some details about our plans of using this platform in our network.

So, what came out of this discussion?

Cisco doesn't want to replace any existing platform with ASR1000. They see a new market for this platform (logical, since their job is to sell) and they want it to have the success of the 7200 platform; but not replace it. From my side, i don't see (for now) any specific new need for this platform; it seems a much better 7200, integrating some extra features in hardware and providing other -much requested ones- in "software". It surely is a QFP test/evaluation platform and i believe as time passes by, the QFP will be used in more (old & new) platforms.

The first IOS XE is probably missing a lot of functionality we might need, at least in relationship to the 7200 as an aggregation platform. A new IOS will come out every 4 months (while providing bug fixes in-between every 2 months), so we hope after 2-3 releases we'll be able to better evaluate the platform. As usual, Cisco doesn't like to write what's not supported, but only what is supported.

There are 3 different chassis available: 1002, 1004 and 1006. 1002 is the only one that cannot be upgraded. So you're stuck with the RP1 as the RP and ESP-5G or ESP-10G as the ESP. Also you cannot upgrade the internal hard disk, neither the SIP. 1004 & 1006 can upgrade their RP (to a future RP2 maybe) , their ESP (ESP-10G to ESP-20G which might be coming shortly) and their hard disk (with SSD too?). Also 1002 and 1004 support only software redundancy, while 1006 supports only (?) hardware redundancy. Keep in mind that software redundancy requires 4 GB of DRAM on the Route Processor 1 (ASR1000-RP1) and a High Availability license (there are 13 licenses already available -regarding security, redundancy, broadband, SBC- and more are coming).

SIP/SPAs are used only for interface connectivity. Any extra/specific features, what you might be using in other platforms (6500,7600,GSR) are under-utilized. Everything is done by the ESP, so there is no need to depend on the SIP/SPA. If the SIP/SPA prices fall, then this is a welcome feature. Otherwise you'll be paying more for less. On the other hand, you don't depend on SIP/SPA "compatibility", like when you're buying them for other platforms.

A IOS XE consolidated package is composed of 7 different software sub-packages that you can download from Cisco.com as one consolidated package (you cannot download individual sub-packages from Cisco.com; you can extract them from the consolidated package using the cli.). For upgrade, you can upgrade the whole package or each of the 7 sub-packages individually.
The following are the 7 sub-packages:

RPBase: Provides the operating system software for the route processor

RPControl: Controls the control-plane processes that interface between Cisco IOS Software and the rest of the platform

RPIOS: Provides the Cisco IOS Software sub-package, which is where Cisco IOS Software features are stored and run; each software release has a different RPIOS sub-package

RPAccess: Software required for router access; 2 versions will be available: one that contains open Secure Shell (SSH) Protocol and Secure Sockets Layer (SSL) and one without (RPAccess and RPAccess-K9)

SIPBase: SIP operating system + Control processes

SIPSPA: SPA drivers and field-programmable device (FPD) (SPA FPGA image)

ESPBase: ESP operating system + Control processes + Cisco Packet Processor client, driver, and ucode


These are the sub-packages filename schemes:

After process IOS modularity in 6500, we get module/process IOS modularity (sorry, but i couldn't find a better description) in ASR1000. Let's hope we won't meet the still-cannot-get-safe-harbor-pass bugs of the first one.


You can find some Q&A about ASR1000 on CCO by following this link.


Last but not least, i own an apology to my account team (how the hell did Cisco find my blog???), because as it proved out i was half-wrong regarding a "prediction" statement in my previous post:

I already know the answer from our account team. "Yes, you can do whatever you like with ASR1000". But i also know the answer from TAC : "Sorry, this cannot be done due to QFP".

Well, they actually said that we should first check the features we currently use on the 10000 and 7200 routers. Then check which ones are supported in the first release of IOS XE and when the rest of them will be available. After that we can see when (and if) we can test the ASR1000. Let's hope TAC will prove me wrong too ;)

Saturday, March 8, 2008

The Good, the Bad and the Ugly

C.Eastwood : "This world had two kinds of people my friend: those with loaded guns and those who dig!" Guess who's digging ;)

Some days ago Cisco introduced the ASR1000 Router Series. A breakthrough in technology according to Cisco; something that will probably change the networking industry.

What does it have to do with the title?

The Good (QFP), the Bad (PXF) and the Ugly (SW)!!!

QFP is the QuantumFlow Processor, where ASR 1000 Series Embedded Service Processors (ESPs) are based on.
PXF is the Parallel Express Forwarding and it's the where 10000's parallel multiprocessor architecture is based on.
SW is just software (CPU) switching, something that 7200/NPE-G1 (and most other routers) is based on.

So let's start with the Bad...the PXF and the 10000:

When Cisco announced its 10000 Edge Services Router in 2000, it said:

The Cisco 10000 ESR is based on Cisco's revolutionary Parallel eXpress Forwarding (PXF) architecture. PXF utilizes Cisco's latest parallel-pipelined network processor to deliver wire speed performance for a broad set of Cisco IOS. advanced IP services. The combination of a rich IOS feature set and PXF performance enables ISPs to increase revenues by deploying value-added services such as Premium Internet Access to customers in volume. The highly-scalable router delivers maximum expandability to handle growing customer populations and expanded service offerings. In addition, the Cisco 10000 ESR and its breakthrough architecture have been designed for maximum reliability and availability to support customers' ever-increasing dependence on network-based services.

The Cisco 10000 ESR makes it possible for service providers to be able to turn on QoS features without degrading performance, for the first time.

But we all know how marketing is. When you're about to buy something, you get the answer "YES" in everything. But when it comes to technical deployment and you find out that something cannot be done, you're said "this is a known limitation".

I've been working with 10k routers for quite a few years. Their characteristics seemed (at the time of buying) above the relevant market's offers and they were Cisco, just like many other products of us. If you want to insert a new product into your network and you're being stressed in terms of time, you're looking for something that will adapt as easily as possible with your existing infrastructure. If your account team reassures you that everything a 7200 can do, can also be done (much faster) by the 10k router, then you have another good reason for choosing it.

After ~20 TAC cases opened in a period of 4 years, regarding things that should be done but cannot be done due to the PXF, or things not working as supposed to due to the PXF, i must say that PXF is a very bad thing. If my memory serves me right, there isn't a single IOS release i have tried on the 10k router (from XI & SB series) that i haven't met a PXF issue. And the worst part is when you find out that the issue is due to the PXF (you can disable PXF manually, although it's not recommended because CPU will get high with very little traffic). You start wishing for someone else (bigger companies are preferred) to have found the same issue before you, so cisco will have already started its fix, otherwise you'll wait for many months (years?) to get a solution. It was a little secret between 10k developers that PXF is not easily programmed and there must be a BU approval for many things to be done.

But i want to be honest. Starting from XI2 we ended to XI9 where most things worked fine. Afterwards we started from SB2 and ended to SB11 where most things work fine until now. In the meantime we changed 10% of our systems infrastructure in order to follow 10k's gimmickry.

As it seems, everyone, even 10k routers, need their time...You just have to learn to accept the "NO" as an answer.


Then we have the Ugly...the SW and the 7200:

7200 router is a humble but respectable router which uses its CPU for everything. I have been using various 7200 routers for all kinds of jobs and there must have been less than the-fingers-of-one-hand things that the router cannot do. Of course, the router cannot do many things simultaneously without affecting its CPU.
That's its biggest drawback. But you won't get an answer from TAC saying that "this cannot be done due to XXX limitations".

Just for your reference: 64k sessions officially supported on the 10k, 14k sessions (75% cpu) actually on our 10k routers (with many things disabled). 16k sessions officially supported on the 7200, 3k sessions (75% cpu) actually on our 7200s (with everything enabled). It's all a matter of traffic and extra features.


And finally we have the Good...the QFP and the ASR1000:

Looking at the specifications you'll see the numbers decrease as more features are added.
i.e. using the ASR1000-ESP5 and looking at the performance:



Up to 7 MppsForwarding performance will vary depending on features configured
4 MppsFor the combination of the following commonly-used features:
IPv4 forwarding, IP Multicast, ACL, QoS, Reverse Path Forwarding (RPF), load balancing, and Sampled NetFlow
1 MppsFor the combination of commonly-used features above + Firewall and Network Address Translation (FW/NAT);
or,
for the combination of commonly-used features above + IPsec hardware-assisted encryption

Now, looking at the introduction page, we see the following:

Cisco ASR 1000 Series routers offer service providers and enterprises industry-leading performance, service capabilities, reliability, and efficiencies in a compact form factor. Using an innovative new Cisco QuantumFlow processor, current and future services can be instantly turned on to operate at line rate without compromising network performance or availability.

I already know the answer from our account team. "Yes, you can do whatever you like with ASR1000". But i also know the answer from TAC : "Sorry, this cannot be done due to QFP". So why am i giving it the characterization of "Good"? Because i'm hopping (at least) for quicker fixes:

...the Cisco QuantumFlow Processor uses a software architecture based on a full ANSI-C development environment implemented in a true parallel processing environment. Some traditional network processors rely upon difficult-to-implement microcode, making it difficult and time-consuming to add new capabilities. Other network processors offer higher-level language development but into a feature pipelined architecture. With the Cisco QuantumFlow Processor, new features can be added quickly as customer requirements evolve by taking advantage of industry-standard tools and languages built upon a powerful parallel processing architecture. This architecture represents a paradigm shift and evolution in the software architectures associated with network processing today...

And this is the part i liked most:

The Cisco IOS Software has no direct access to the hardware components in the system and is largely isolated from the platform architecture. This concept allows for different types of redundancy and modularity in the system. Even if the Cisco IOS Software is down (or has crashed), router administration personnel can still access the console and auxiliary console, and they can even perform Telnet, Secure Shell (SSH) Protocol, and Secure Sockets Layer (SSL) in the system and restart the Cisco IOS Software or perform Trivial File Transfer Protocol (TFTP) out the core dumps and other relevant information through the route-processor management port.

I've also read the isocore report. But after reading all these test reports (still waiting for someone to come out with a negative report) i'm little bit skeptical about the difference between their results and the results of real/actual network traffic.

BTW, reading all the redundancy stuff, an old question of mine came back to my mind: Why Cisco doesn't make the standby processor/supervisor/whatever be in active state too, so the whole system can "double" its power? Like we can choose the dual power-supply operation mode, we should be able to choose the redundancy mode : standby or cooperation.

PS: Am i the only one worried about the future of Service Modules? Until now, Cisco was pushing people to buying extra modules for each one of their services (application networking, security, wireless, etc) for better performance and wider features. Now Cisco integrated some of them into a single card and it's planning to continue doing so. Are we going round and round just to make Cisco richer?

Monday, March 3, 2008

CCIP and then -maybe- CCIE SP

The poll has been closed and it's time to announce my decision...


I guess the majority of those who voted will be disappointed, but my decision is to take the CCIP exam...and then -maybe- (see the explanation at the end) the CCIE SP.

I have already passed BSCI from CCNP and some days ago i passed the QoS exam. That means i still have BGP & MPLS. BGP should be easy, because i know most of the stuff (because of the recent CCIE exam).

MPLS will be the most difficult exam, because i have very little experience on it (although i have read the theory behind it). My job involves many things, but not MPLS (there is another engineer responsible for this). Recently i started experimenting with some L2/L3 VPNs based on MPLS and the basic stuff seemed easy. On the other hand, there were a lot of advanced features that seemed unknown to me. Based on my learning experience on past subjects i would say i'll need a month in order to gain a good understanding of MPLS. Something above the basic, but still not all the advanced topics.

Now....the explanation about the forementioned "maybe". If at the end of the CCIP i have enjoyed MPLS (i must enjoy a technology in order to understand it fully and experiment more with it), i'll probably proceed with the CCIE SP exam. MPLS/VPLS seems like (i won't say "is" because some other vendors have different opinions) a technology of the future (although it's already widely deployed) and i'm definitely interested in it. Surely VPLS looks more interesting because of my LAN "passion".

But there is another prerequisite. I don't know what will happen with my job. I was given a bonus for passing the CCIE lab, but i was to told to wait (for some weeks/months/years?) for an answer to my salary increase request. In the meantime i "rejected" another job, because i thought i would get the salary increase immediately (after the end of February) on the current job. I've asked to have a meeting with my boss hoping to get a more specific answer: when and how much. Based on this, i'll either continue with my current job or continue the who's-looking-for-a-ccie job hunting. And if i decide to change my job, i don't know whether i'll have the needed free time to go through another CCIE lab (at least in the beginning). So, only time will tell.

 
Creative Commons License
This work is licensed under a Creative Commons Attribution-Noncommercial-Share Alike 3.0 United States License.
Creative Commons License
This work is licensed under a Creative Commons Attribution-Noncommercial-Share Alike 3.0 Greece License.