Working out Bc values quickly

I was asked today how to calculate the Bc values. The known formulas always add confusion. So the aim of this article is not to add more confusion, but offer an easy alternate way to calculate the Bc values used with shaping.

First lets review some basic shaping definitions.

CIR (Committed Information Rate)

  • Dictates the output rate one aims to average per second on the circuit/interface.
  • Book formula : CIR = Bc / (Tc/1000)

Tc (Time-Interval)

  • It is the time in milliseconds into which a second is divided for transmission intervals.
  • The Tc can’t be adjusted directly, but it can be changed by setting the Bc to a specific value..
  • The maximum value of Tc is 125ms (8 intervals per second) and the minimum value is 10ms (100 intervals per second).
  • Actually 8ms (125 intervals per second) on distributed platforms. On distributed platforms, the Tc must be defined in 4-ms increments. The nearest multiple of 4 ms within the 10-ms target is 8 ms.
  • Book formula :  Tc = (Bc / CIR) x 1000

Bc (Committed Burst Rate)

  • Bc is the number of committed bits allowed to be sent per interval (Tc) to conform with the target-rate (CIR) per second.
  • If Bc worth of bits are sent every interval in a second, the output rate is the CIR.
  • Book formula : Bc = CIR x (Tc/1000)

Continue reading “Working out Bc values quickly”

Configuration Lock

Ever busy with a scheduled change, and the configuration all of a sudden differs from what you configured five minutes ago?

Normal IOS (not XR) behaviour allows multiple users to make instant changes to the running configuration. Occasionally two users make changes to the same config portion at the same time. One overwriting the others. ONLY the last commands entered will take effect.

The Configuration Lock  feature allows a one to have exclusive change access to the Cisco IOS running configuration, preventing multiple users from making concurrent configuration changes.

There are two modes:

  • Auto
  • Manual

Continue reading “Configuration Lock”

Getting your router to Tweet

Ok, so an earlier post sharing a really neat geek trick is awesome, but how the hell does one go about configuring a router to tweet something? (if you not a programmer)

To do it, you would need the following:

  • IOS image that supports EEM.
  • A twitter account.
  • A base64 encoded representation of you twitter account’s
  • Bruno’s twitter script. Download tweet-policy.tcl here.
  • The IP address of your nearest twitter server. (nslookup or dig will help you there)

The IOS obviously must support EEM.

Then once you have your twitter account, you need to encode your twitter account’s username:password to a base64 encoded representation.  Could be done using this website. Example:

        gives you

Continue reading “Getting your router to Tweet”

Using TCL/EEM to tweet SYSLOG events

Staying in the focus of the previous article, this is one of those really cool features, but possible something that you won’t easily use in production. Or maybe you would!

How about taking your routers syslog events and sending them to a twitter account. That way you can easily keep on heights when something in your network goes really wonky.Why would you want to do this?  To have a publicly accessable syslog replacement, or just because you can!

Bruno Klauser from Cisco wrote a TCL script using EEM to tweet routers syslog messages to a twitter account.  Here is an example of one tweeting router:  EASyDMI.

If you want to use this or give it a try, download the script at Cisco Land, and see my post on how to configure this.

Route Selection with equal AD’s

I had a interesting question from a friend today.

Assume the following scenario:

Im going to exclude any MPLS connectivity, as it is not relevant.
The PE (Router1) connects the CE (Router3) with two links, one serial and one wireless.
This particular ISP runs mostly static routes to client sites (within the VRF’s) or alternatively eBGP.

On a wireless link it is always good practise to run BGP to detect when connectivity with the remote end is lost in the underlying Layer2 network. (Preventing a blackhole)
Regarding routing on the Serial Link, there as a default route out from Router 3 and a static route to on Router1 pointing to Router3.

The client wants to load-balance traffic across both links. And the Admin Distance of the static route was set to 20 to match eBGP. (this is the scenario)

So the question : Why does Router1 not install both routes (the eBGP route and the Static), both with an prefix-length of /24,  a Admin Distance of 20, and metric of 0 into the RIB??

Continue reading “Route Selection with equal AD’s”

OUTPUT-101 : Frame-Relay Traffic Shaping

Often knowing the necessary show commands is not enough, you need to understand the output.
Here is a good example and breakdown of each of the fields with the command:

show traffic-shape

 VC                      = 'DLCI's'
 Access List             = 'Used to shape traffic of common type for separation'
 Target Rate             = 'CIR in bits'
 Byte-Limit              = 'Bc+Be ie the size the token bucket, express in BYTES'
 Sustain bits/int        = 'Bc value per Tc, (int is short for interval or Tc)'
 Excess bits/int         = 'Be value'
 Interval (ms)           = 'Tc value'
 Increment (bytes)       = 'How many bytes of token replenished each Tc, ie Bc value in bytes'
 Adapt Active            = 'Shows Adaptive shaping has been enabled. If a BECN is received, the flow is throttled back'

What else can be set about the configuration here?
The interface have 3 DLCI’s defined.
DLCI’s 413 and 405 have a CIR of 56k. This was not configured. This is default behaviour. When ‘frame-relay traffic-shaping’ is enabled each DLCI on that interface will be allocated a 56k CIR unless changed. Here it is clear that DLCI 403 has a map-class policy applied.

Oh and Merry Christmas guys :D

Scott Morris

While searching for CCIE jokes, I found an old forum thread at Cisco Learning network containing jokes about the man, the legend, the hex-translator, the missing E-bit(evil) : Scott Morris.

Here are some of the jokes I think is pretty funny:

  • Scott Morris once planned a cross-country trip using a Route Map!
  • Scott Morris plays a rather unique instrument called the ISAKMP!
  • Every VPN is an EasyVPN for Scott Morris!
  • When Scott Morris was four years old he was putting together OSI models!
  • Scott Morris’ home wireless network runs on brain waves!
  • Scott Morris slayed the Kerberos daemon.
  • Scott Morris’s driver’s license is a PDF!
  • If you doubt Scott Morris just sh Scott | s certification
  • There are no hidden IOS commands. Only those Scott Morris chooses not to look at!
  • Scott Morris has counted to pi.. twice!
  • Normal people teach their dogs to fetch. Scott Morris taught his dog to route.
  • Morpheus was searching for Scott Morris!
  • Scott Morris doesn’t have a steering wheel in his car. He has a CLI!
  • Scott Morris found Waldo in an extended access control list!
  • Scott Morris is actually an undercover SNMP Agent!

My favourite three are :

  • Scott Morris ran track in high school and always won the 100 meter frame relay!
  • He taught his dog to ARP!    arp, arp, arp, arp.
  • MD5 : Morris Digests 5 CCIE’s for breakfast!

Serialization Delay?

Serialization/Access-Rate is the physical clocking speed of the interface (ie 64-kbps/128-kbps etc), which determines the amount of data that can be encapsulated on to the wire.

Serialization Delay or Serialization Rate is a constant based on the access rate of the interface. It is the time needed to place data on the physical wire.

These values are set in hardware and cannot be changed.

A data frame can be sent onto the physical wire ONLY at the serialization rate of the interface. Thus serialization delay is the size of the frame in bits divided by the clocking speed of the interface.

Serialization Delay = Frame Size/Link Speed

For example, a 1500-byte frame (12000-bits/64000-bits) will take 187.5ms to serialize (put on the wire) on a 64-kbps circuit.

Link- Frame Size (Bytes)
Speed 64 128 256 512 1024 1500
64 kbps 8 ms 16 ms 32 ms 64 ms 128 ms 187 ms
128 kbps 4 ms 8 ms 16 ms 32 ms 64 ms 93 ms
256 kbps 2 ms 4 ms 8 ms 16 ms 32 ms 46 ms
512 kbps 1 ms 2 ms 4 ms 8 ms 16 ms 23 ms
768 kbps 0.640 ms 1.28 ms 2.56 ms 5.12 ms 10.4 ms 15 ms

For low-speed WAN connections (those with a clocking speed of 768kbps or below), it might be necessary to provide a mechanism for Link Fragmentation and Interleaving (LFI) when running delay sensitive application like voice.

Continue reading “Serialization Delay?”

IE Just wont DIE!!!!!

Had really annoying problem yesterday. Was  busy setting up Role-Based TACACS access on Cisco ACS and happily configuring the NDG (Network Device groups), the Command Authorization Sets etc.

Started testing and kept on getting “% Authentication failed” on the CLI.
At first you realize you must have made a typo or forgot to do something. Double check the config, the ACS setup and confirm the passwords are correct with no Null Spaces. But still no luck.

Continue reading “IE Just wont DIE!!!!!”

Output 101 : BGP AFI/SAFI

When BGP peers set up their session between them, they send an OPEN message possibly containing optional parameters.

One optional parameter is capabilities. Possible capabilities are Multiprotocol extensions, route refresh, outbound route filtering (ORF), and so on. When the BGP peers exchange the Multiprotocol extension capability, they exchange AFI and SAFI numbers and thus identify what the other BGP speaker is capable of.

IPv6 in BGP is implementated via Multi-Protocol BGP (MPBGP) (RFC 2283), as is MPLS and VPN’s through two new attributes: MP_UNREACH_NLRI and MP_REACH_NLRI. The first two values in these two attributes contain the Address Family Identifier (AFI) and the Subsequent Address Family Identifier (SAFI).

AFI Meaning
1 IPv4
2 IPv6
SAFI Meaning
1 Unicast
2 Multicast
3 Unicast and multicast
4 MPLS Label
128 MPLS-labeled VPN

Continue reading “Output 101 : BGP AFI/SAFI”

Searching for something?

Everybody knows how to use the include|begin|exclude search operators (I hope so at least), but you can also search through screen output with the “/” operator. You can use this with most ‘SHOW’ commands provided the output is more than one page long.

It is very useful to see a specific search string bound to show up multiple times from the SHOW command.

Example:  Show the running-config, and one the first page break, hit the forward slash “/”. Now enter the string you looking for:
Continue reading “Searching for something?”

CPU and Memory Thresholding

It is never nice when devices on a network go belly-up, but to know why or what happened right before they went belly-up, is crucial.

By enabling CPU and Memory thresholding, you can be sure to get those vital notifications when it happen allowing you to respond a lot quicker.

When a router is overloaded by processes, the amount of available memory might fall to levels insufficient for it to issue critical notifications, so the first step is to reserve some memory:
memory reserve critical {kilobytes}

Continue reading “CPU and Memory Thresholding”

Cisco Autosecure

Cisco always attempts to make our lives easier, or at least sometimes.

When you setup your last CE router, did you make sure all the necessary security measure were setup? Is it protected against DOS attacks, stack or buffer overflows? Aare you logging the correct info in case someone tries to access your network?

Cisco, quite some time ago, wrote a macro command combining what they believe to be the necessary and recommended features that should be enabled on every CE router.

There are two main parts of this command:

  • Securing the Forwarding Plane
  • Securing the Management Plane

Just because this command could make your life easier, you should understand each action that is executed, or else you might disable or break a needed function.

Continue reading “Cisco Autosecure”