Advertising leaked routes between two PE devices. Networking |
- Advertising leaked routes between two PE devices.
- Anybody using Enterprise OpenDNS?
- C3850-12XS as MPLS P switch
- Need advice/recommendation on small portable LAN/WAN
- sfp+ networking/cabling but layer 3 connectivity?
- DNS filtering service for Service Providers?
- Cisco 3650/3850 3.6.7 exposes stupid mistake
- Configuring Cisco DHCP pool for iPXE booting clients
- Cisco Nexus 5k, wake on lan possible?
- High ping on aws server?
| Advertising leaked routes between two PE devices. Posted: 31 Mar 2018 09:05 AM PDT Hey guys, I'm busy labbing out a scenario that looks like this. As can be seen;
I have leaked the route for 10.88.0.0/24 (VRF Green) into both of the other VRFs, Blue and Red. I've accomplished this by importing and exporting the relevant extcommunities on MAIN:PE I've then added VRF Blue to SECONDARY:PE and added a site there. I noticed that the route leaked on MAIN:PE is not advertised to this Secondary PE. I know if I make the default gateway point towards MAIN:PE from SECONDARY:PE I will be able to reach the leaked route. But is there a way to propagate that leaked route throughout a VRF? edit** I could also create VRF Green on the secondary PE and then leak again, but my question of the ability to advertise the leaked route within the VRF still stands. [link] [comments]  |
| Anybody using Enterprise OpenDNS? Posted: 31 Mar 2018 12:26 PM PDT Please keep this to enterprise only, I know they have a free service for home support. Is it worth the cost? Has it protected you? Anybody doing it better in the DNS Firewall space? [link] [comments]  |
| Posted: 31 Mar 2018 09:42 AM PDT Hello Redditors, I've got a question related to the C3850-12XS, now that these devices have MPLS support I was thinking about building a small MPLS core (4x P routers connected at 10GE) using these devices. They seem to fit, would only be used as MPLS P (LSR) devices not PE, as such the routing table would be quite small (probably less than 100 routes), wouldn't participate on BGP only single area OSPF, there's also no need for MPLS-TE, this basically to build a solution (cheap one) to provide L3VPN, VPLS services between 2 locations. This is for a small project, traffic stats are going to be small as well (we don't expect going above 20 Gbps in a single direction in the next 2 years at least). So, the question is, has anyone tried this? or is doing this on a production environment? how stable has it been for you? we mainly consider the model due to it having the features we need for a 10GE P core device at the scale we work with a good pricing. [link] [comments]  |
| Need advice/recommendation on small portable LAN/WAN Posted: 31 Mar 2018 05:33 AM PDT I work with a team of highly qualified individuals but they have very little network skill. We are deployed in groups that may be 1-10 miles apart from each other and all gear has to be lightweight, low power, portable and pre-configured. Here is our basic setup: Team 1 (First arriving team, "Recon", small group 5-15) ERX router (192.168.1.X) Port 1 Primary WAN, not used until broadband available via Nano Beam to Team 2 Port 2 Secondary WAN, failsafe to Port 1, used by cellular or small sat until Primary WAN is available Port 3 LAN Printer Port 4 LAN AP Port 5 LAN 8 port switch (if needed) Team 2 (Second arriving team, "BoO", large group 35-80): ERX router (192.168.2.X) Port 1 Primary WAN large sat or other broadband Port 2 Nano Beam to Team 1 (192.168.1.X) Port 3 Nano Beam to Team 3 (192.168.3.X) Port 4 LAN AP Port 5 LAN 16 port switch for PCs, Main Printer, NAS, VOIP Team 3 (detached mission, "Search", small group 4-6) ERX router (192.168.3.X) Port 1 Primary WAN, not used until broadband available via Nano Beam to Team 2 Port 2 Secondary WAN, failsafe to Port 1, used by cellular or small sat until Primary WAN is available Port 3 LAN Printer Port 4 LAN AP Port 5 LAN 8 port switch (if needed) I separated the teams IP addresses so as to keep network traffic over the microwave links low and improve performance. However, a new request has been made that any team can print to any printer. Do you think it is wise to put everyone on one big subnet? How else could I get everyone to print to every printer? I am by default the network guy but it is not my everyday job. Just looking for some guidance from people that do this stuff every day. Thanks. <edit> add diagram https://imgur.com/w8GycTo [link] [comments]  |
| sfp+ networking/cabling but layer 3 connectivity? Posted: 31 Mar 2018 11:34 AM PDT We are upgrading our small business network and adding a small SAN/NAS device using freenas to have shared high speed storage. I'm looking at upgrading the networking as the 1gbps network is already maxing with the number of file transfers and vm's we have on the network. I've done a lot of research and it appears that if we get a sfp+ switch, cards and cables then the layer 2 is taken care of but I can't seem to find how the IP network (layer 3) is setup to work on top of that. Can anyone point me at resources to understand more how I can get that rolling? Also, I've read that RDMA direct memory access helps greatly for VM's and I wonder what direction I can take to make this part of what we are setting up for the networking. Budget is about $30k and there are 6 physical servers and about 50ish virtuals doing various functions. Any suggestions for network design would be greatly appreciated on this. More info, this is %100 internal network used for dev/qa, sql server, exchange, filestorage, etc. Our production network is AWS/cloud so it doesn't really figure in this. We use sonicwalls for our outbound network but will probably have to upgrade those soon as the business is growing quickly. [link] [comments]  |
| DNS filtering service for Service Providers? Posted: 31 Mar 2018 04:41 AM PDT I work for a smallish ISP, we've built our own internal DNS filtering service which we offer as a service to our customers (blocking security threats/content filtering etc.). We're really happy with it and we've spent quite a lot of time building it and creating all the infrastructure around it to pull in from content lists/security threats quickly, we find it's a good added service for customer who don't want a fully managed firewall (for which we use Fortigate). We were discussing yesterday if what we've built could be useful for other ISPs? I know there are services out there like DNSFilter/SafeDNS, but our service is definitely tailored to our own ISP/MSP use case. With some tweaks we could offer create an "on-prem" style product that providers could run inside their own networks, where it pulls it's lists from a managed central service? We could also offer it as a hosted product which may be useful for smaller ISPs? Anyway, it's just an idea - we're happy with what we have but would like to know if this is of interest to anyone. Thanks in advance! [link] [comments]  |
| Cisco 3650/3850 3.6.7 exposes stupid mistake Posted: 30 Mar 2018 09:18 PM PDT S***post about something that happened at work. I sometimes dump frustrating or stupid things that happened on here so I can remember why I hate my career field. Every network admin knows to not put access ports in the native VLAN. It opens up the threat vector for double-tagged frames. IOS XE will not stop you from doing it however and I have a neat trick to figure out if you have any such misconfigurations in your network. Upgrade to 3.6.7e. How it came to me: I have a switch configured this way* that I have just now upgraded to IOS XE 3.6.7e to get around one of the numerous bugs in 3.6.2ae. Users on the access ports are not passing traffic. GD. IP device tracking, the dhcp server itself, ARP cache, all confirm nobody is getting an IP. Netflow or interface statistics would have shown it more easily during a busy time of day. I don't remember if the SVI for the mgmt IP was in the native VLAN or not but I could SSH in. Easy fix, 3.6.6e does not exhibit this behavior 3.6.8e is out now but I haven't tested it for this. *I help manage a ~5000 switch/router wide network so please allow me to put the blame squarely on "whatever idiot" configured it this way. [link] [comments]  |
| Configuring Cisco DHCP pool for iPXE booting clients Posted: 30 Mar 2018 07:21 PM PDT I'm trying to configure a dhcp pool on my 3560G switch to load SmartOS via iPXE. My tftp server has undionly.kpxe and menu.ipxe which tells the client what to boot. I get the client to boot the udionly.kpxe file, but I'm not sure how to get it to boot menu.ipxe. My TFTP server is 10.50.3.191. Here is the current config. What do I need to add to get it to load menu.ipxe? [link] [comments]  |
| Cisco Nexus 5k, wake on lan possible? Posted: 30 Mar 2018 08:33 PM PDT We have a patching server on our Nexus environment and we want to try out WOL to patch computers that have been turned off during our regular patching. We're using Nexus 5k, with HA. 5696Q 7.3(2)N1(1). Cisco 6509. Layout. Nexus as a Layer 3 switch for our data center. Goes to our core. Nexus hoses our WOL server. 6509 Also connects to goes to our core. Our users connect to the layer 2 switches then to the 6509. The reason why I was if its possible is because the lack of commands on NX-OS. I gathers information online and figured I used the following commands. Cisco 6509 - User PC LAN Remote PC VLAN Interface VLAN100 ip helper-address 10.12.12.5 (WOL SERVER) ip directed-broadcast 101 Access-list 101 permit udp host 10.12.12.5 any eq 7 on Nexus I thought I could use ip forward-protocol udp 7 WOL VLAN INTERFACE VLAN40 ip helper-address Remote-PC-VLAN (10.10.10.255) Now on nexus there is no IP helpder under the interface. What I found was to use ip dhcp relay command. From what I read online this is only for DHCP ports only. Not port 7 that our server uses. So that's where I'm stuck. How can I get my WOL magic packet sent out of my WOL VLAN to my 6509? [link] [comments]  |
| Posted: 30 Mar 2018 07:28 PM PDT I live in Brazil, and i almost have the same ping on Sao Paulo server that i have in us-east server, does someone knows what is going on? How do i fix it? edit: i don't know how to do this but i will try (traceroute): https://imgur.com/a/Prg3K [link] [comments]  |
| You are subscribed to email updates from Enterprise Networking news, blogs and discussion.. To stop receiving these emails, you may unsubscribe now. | Email delivery powered by Google |
| Google, 1600 Amphitheatre Parkway, Mountain View, CA 94043, United States | |
No comments:
Post a Comment