(TIL) Today I Learned...

deanwebb · January 30, 2015, 04:14:34 PM

TIL that there is a nasty bug in Cisco wireless controllers that keeps them from doing guest authentication the way we want to do it. They're working on it.

sgtcasey · February 05, 2015, 09:09:56 PM

TIL that you shouldn't edit/remove the access-list attached to a route-map applied to a 20GB connection between your data center and the rest of the enterprise without first removing the route-map policy from the interface.

Seittit · February 06, 2015, 03:10:35 AM

Quote from: sgtcasey on February 05, 2015, 09:09:56 PM
TIL that you shouldn't edit/remove the access-list attached to a route-map applied to a 20GB connection between your data center and the rest of the enterprise without first removing the route-map policy from the interface.

oh I learnt this one the hard way. In my case though, we were tweaking a nested QoS policy on branch routers; our supervisor ridiculed me for being cautious and not pushing out a batch script, but praised me when he saw the router reload due to the bug. Our workaround was to create an additional ACL with our changes applied and make the swap within the nested QoS policy.

Sent from my iPhone using Tapatalk

icecream-guy · February 06, 2015, 11:11:04 AM

not to trust another engineers work, especially if it's been 3 years and was 4 engineers ago..... yes, I am finally getting around to finish the 6509 decommission, that nobody else wants to do, the one that was started 3 years ago and never finished.

wintermute000 · February 07, 2015, 05:30:21 AM

Quote from: Seittit on January 30, 2015, 02:49:31 PM
Enabling Transparent Page Sharing is basically a deduplication of your RAM on multiple VMs running in ESX. Turning this knob allowed me to run 20 CSR1000v routers (at 2.5 GB RAM) on a 32 GB ESXi whitebox. In fact, they're only consuming 13 GB of RAM total!

To enable the TPS feature, go to Configuration tab > Advanced Settings (under Software) > Mem > Mem.AllocGuestLargePage > Change the value from 1 to 0. - See more at: http://networkjutsu.com/home-lab/ccie-rs-v5-home-lab/#sthash.jYVVnq3k.dpuf

Thanks for that, interesting stuff but after doing my due diligence I have a minor bone to pick with the article

Mem.AllocGuestLargePage Enables backing of guest large pages with host large pages. Reduces TLB misses and improves performance in server workloads that use guest large pages. 0=disable.

1.) TPS is on by default. The guy's article is basically incorrect as far as vmware fundamentals go
2.) The knob you're turning is to disable the TPS behaviour via large memory pages and instead force small pages to be used by the TPS feature THAT IS STILL ACTIVE
http://www.boche.net/blog/index.php/2013/03/19/large-memory-pages-and-shrinking-consolidation-ratios/

There is other evidence around the place of people reporting 10-20% better TPS performance with small pages vs large pages so I guess if it works for you then great but the technical description of whats happening is defo not accurate.

I am curious whether you are able to fire up 20 CSRs with that setting = 1, if you followed the same procedure (i.e. one @ a time with a large idle gap to let the memory dedupe).

Also note this incoming change which will probably fly right over those of us who don't update our lab ESXi versions

Update 10/20/14: VMware announced last week that inter-VM TPS (memory page sharing between VMs, not to be confused with memory page sharing within a single VM) will no longer be enabled by default. This default ESXi configuration change will take place in December 2014.
VMware KB Article 2080735 explains Inter-Virtual Machine TPS will no longer be enabled by default starting with the following releases:ESXi 5.5 Update release – Q1 2015
ESXi 5.1 Update release – Q4 2014
ESXi 5.0 Update release – Q1 2015
The next major version of ESXiAdministrators may revert to the previous behavior if they so wish.

Seittit · February 07, 2015, 10:22:08 AM

Quote from: wintermute000 on February 07, 2015, 05:30:21 AM
I am curious whether you are able to fire up 20 CSRs with that setting = 1, if you followed the same procedure (i.e. one @ a time with a large idle gap to let the memory dedupe).

The difference was quite dramatic, though I see your point as to the incorrect description.

20 CSRs running with mem.AllocGuestLargePage set to 0
VMs running

Host resources

20 CSRs running with mem.AllocGuestLargePage set to 1 (default setting)
VMs running

Host resources

deanwebb · February 07, 2015, 11:51:19 AM

TIL... Social Engineering ain't just for hackers... sometimes it's for people that need to get stuff done for projects...

wintermute000 · February 07, 2015, 06:12:15 PM

cool, I did a quick test with fireflies and noticed almost no difference - TPS reduced it to something hilarious like 4Gb active memory consumed (@ 7x2gb hosts!) with the setting @ 1 or 0, no difference observed, the realtime monitor charts look pretty much identical. Maybe there is a difference with CSRs and not with fireflies for example. Interesting

Otanx · February 09, 2015, 08:12:30 PM

TIL that if an ASA is missing the same-security-traffic permit inter-interface command, and you try using packet-tracer to run down the issue it will show the traffic being dropped by an ACL, but the ACL name will be blank. I am a little embarrassed on how long it took me to figure out.

TIL that if the configuration guide says "the ports must be configured as trunks" it means they need to be configured as trunks. Doing something in a hurry to get a proof of concept ready, and thinking it does not matter as there isn't a link on those interfaces anyway will come back to bite you in the ass, force you to give up troubleshooting, and start over the configuration from scratch.

Today was not a good day.

-Charles

deanwebb · February 09, 2015, 09:48:19 PM

TIL that project managers that try to do engineering when they need to be making managerial decisions really chap my hide.

wintermute000 · February 15, 2015, 11:46:29 PM

TIL that a conditional BGP advertisement route-map can also be used to influence attributes

i.e. neighbor x.x.x.x default-originate route-map BLAH

Everything teaches you to use route-map BLAH to match the routes that need to be in the RiB in order to trigger the default-originate- but today I modelled a niche scenario and viola was able to combine conditional advertisement with AS-path prepending (should work with other normal BGP manipulations).

Interesting side note too discovered via this labbing, an AS path prepend on a neighbor route-map will NOT affect default-originate. Stupid IOS syntax tricks....

Also, the max length of a stack power cable is 1.5m. lol

Seittit · February 17, 2015, 12:18:17 PM

TIL that Cisco snuck in new hardware requirements within a minor code release of Cisco WAAS. That means that the new code I FTP'd to all my WAAS units in the Gulf of Mexico is not compatible with the hardware, furthermore there is no way to prevent the system from loading the incompatible software upon restart.

Seriously. I need to ask the platforms in the Gulf of Mexico to dislodge their WAAS appliance, fly it back to Houston, where I can perform open heart surgery with a recovery CD.

I love you Cisco, I wish you didn't treat WAAS like a Catelyn Stark treated Jon Snow.

wintermute000 · February 17, 2015, 01:12:49 PM

Riverbed have dual images and happily boot off the old image if you load a new dud one lol. Screw waas I have so many issues

deanwebb · February 17, 2015, 01:29:22 PM

TIL that the AC in the lab area switches to heat when it gets cold enough.

TI also L that when the heat blows into the lab area, lots of devices start to beep rather insistently.

Seittit · February 17, 2015, 02:16:45 PM

Quote from: wintermute000 on February 17, 2015, 01:12:49 PM
Riverbed have dual images and happily boot off the old image if you load a new dud one lol. Screw waas I have so many issues

I hear you, just an estimated $3 million dollars to forklift our WAAS infrastructure for Riverbed. Here's to hope their new Akamai solution is worth sticking around for.