Date: Sat, 1 Sep 2001 14:03:24 -0400 (EDT) From: Joe Clarke <marcus@marcuscom.com> To: Chip <chip@wiegand.org> Cc: Ted Mittelstaedt <tedm@toybox.placo.com>, <freebsd-questions@FreeBSD.ORG> Subject: Re: replacing a cisco router with a fbsd box Message-ID: <20010901135855.A54990-100000@shumai.marcuscom.com> In-Reply-To: <01090100531501.44697@chip.wiegand.org>
next in thread | previous in thread | raw e-mail | index | archive | help
On Sat, 1 Sep 2001, Chip wrote: > On Saturday 01 September 2001 00:12, Ted Mittelstaedt wrote: > > >-----Original Message----- > > > > From: Chip [mailto:chip@wiegand.org] > > >>>At work I have 3 cisco routers - a 1600, 2500, 2600. The > > >>>1600 has proven > > >>>to be the most unreliable piece of crap imaginable. > > >> > > >>Your probably experiencing this because you DON'T have > > >>Cisco Service, and > > >>thus aren't allowed to log into Cisco and download > > >>current firmware images for the routers. What people don't > > >>understand when they purchase Cisco routers is that Cisco > > >>isn't like LinkSys or most other retail devices where there is > > >>just ONE version of firmware and when a bug is discovered > > >>in it the manufacturer releases a new version. With Ciscos > > >>there are many, many versions that do different things. If you > > >>as a purchaser aren't willing to spend the extra money for a > > >>Cisco service or retain someone like me (who works on the > > >>things professionally among the many other things I do) then I > > >>say you have no business purchasing the devices to start with. > > > > > >Oh Ted, you're too harsh, and too quick with the assumptions. > > > > I just don't like seeing the 1600 slammed for no reason. Of course, it's > > possible that you can get a bad piece of hardware - but I've only seen > > 2 end-node Ciscos that ever had trouble. One was a 1600 that was being > > used as > > a VPN termination device and pumping up the ram fixed the problem. (it > > supported over 40 simultaneous connections before upchucking, what more > > can you expect with 4MB of total ram in the thing?) The second was a used > > 1005 that I bought that had a bad ethernet port on it. > > We've just been quite frustrated with this one router, whence the slamming. > >From all the messages I have received, looks like I should check into getting > more ram for it and see if that helps. > I am also looking into the possibility of using it for routing only and adding > a FreeBSD box to handle natd/firewall. Maybe taking those off the router will > have a positive effect on it? I realize I'm coming in a bit late on this, but I work for Cisco TAC, and can say that with the recent Code Red thing, our NAT has seen a lot of work. There have been bugs filed to be sure. Offloading NAT from a router with a small amount of RAM will improve packet flow to be sure. In fact, if you're experiencing lock-ups, I'd try that. It may help you isolate the problem. FreeBSD's NAT is pretty good for most standard protocols. I've found it's relatively easy to add support to. Also, if you do find yourself having to reload, see if you're getting any tracebacks. Do a show ver or show stack, and see what you can see. Those memory addresses can be useful for tracking down bugs. Sorry that I'm late on this, but if you need some Cisco-related questions answered, please feel free to ask. I can't get you new hardware, or set you up with a CCO account, but maybe I can point you in the right direction. Joe Clarke > > > >The company did buy a service contract with the router, which > > >ran out a few months ago. And at that time the router was updated > > >with the latest version of the IOS. > > > > Hmmm - are you absolutely sure that your COO login is no longer valid? > > Have you tried it recently? You might. > > I'm pretty sure it's expired, but then, I'm not the IT Mgr, just the network > admin who works for the IT Mgr, and am left out of some of the stuff I > probably shouldn' t be left out of. > > > >Which did nothing to solve the problem of it needing to be > > >'rebooted' by a power-off. AND the company also has retained > > >a Cisco consultant to handle configuring our routers. They swear > > >there is nothing wrong with it. > > > > Oh geeze - well let me say this - if you ever have a consultant come > > in to work on a Cisco router who tells you there's nothing wrong with a > > Cisco router that you can't just login to and issue the "reload" command to > > reboot it, then he doesen't know what he's talking about. That's just > > common sense - if the machine is malfunctioning you don't sit there and > > tell the customer it ain't broken!!! > > > > Sure, sometimes it's _hard_ to pinpoint an intermittent problem. But, at > > the bare minimum the consultant should have at least swapped out your > > router with a loaner for a week or so to see if the problem kept happening, > > that's the very first thing I'd do after making sure there wasn't anything > > obviously wrong with the image version or the configuration. > > They are reluctant to give us a loaner router, I asked them about that. > They said something about not having one around because of the expense. > Sounded like a lame excuse to me. > > > Rebooting the device and when it comes back up just saying that you don't > > see anything wrong is the kind of amateurish troubleshooting that is used > > with Windows users. > > Heh, heh, yep, and my impression is that they are primarily windoze people. > > > >-snip- > > > > > >>Cisco IOS is just like any other operating system, > > >>there's good versions and bad versions. Cisco deferrs the > > >>bad versions quite rapidly but unless you have some > > >>experience with IOS versions, your not going to understand > > >>what's going on with IOS versions even if you did have > > >>COO access. We have many, many customers with > > >>rock-solid 1600's. > > > > > >I sent a follow up message, maybe you missed it, where I > > >made a correction of the router model, it's a 2610. We also > > >have two 2500's and a 1600, all of which have never had > > >any problems what-so-ever. > > > > I did - but what I said still applies. I think your consultant send > > you down the yellow gold brick road. When faced with an intermittent > > router, first you review the configuration, (both hardware and software) > > then if there's nothing wrong with that you do a hardware swap with a > > loner and see if the problem follows the device or not. It's not > > rocket science. > > I agree 100%. I am not in a position at work to do anything concrete about > the situation. I try to find out as much as I can this way, and pass that > info on. > > Thanks for the chat, I appreciate it. > -- > Chip W > > > >>Ted Mittelstaedt > > >>tedm@toybox.placo.com > > >>Author of: The FreeBSD > > >>Corporate Networker's Guide > > > > > >Good book by-the-way, I bought a copy soon as it hit the shelves. > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-questions" in the body of the message > > To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20010901135855.A54990-100000>