How does this sub really feel about SD-WAN? Networking |
- How does this sub really feel about SD-WAN?
- Large network diagrams help and tips
- Looking for feedback on our WAN redesign
- QoS on a "per-flow" or "per-source" basis
- Where to find quality network engineers?
- Sales Engineers of /r/networking, what does your day-to-day look like?
- Does a user need to enter any sort of username/password when trying to connect to an AP with Radius authentication via MAC address?
- Considering Meraki for my network upgrade, its all new to me so any ideas or thoughts would be great! (xpost /r/meraki)
- Question about tcpdump on a Checkpoint Firewall
- Cisco Meraki vs Classic Controller.
| How does this sub really feel about SD-WAN? Posted: 22 Apr 2018 10:07 AM PDT Of course, this topic comes up from time to time. I'm kind of curious on where people sit, though. I've noticed whenever the topic comes up around here, there's a fair bit of hostility. People who post they are "going SD-WAN" usually get dog piled, and told they're making a mistake. I know I've personally shared some not-so-nice opinions about the technology in the past. But I'm not sure if I still feel that way. The general consensus here seems like it's great for "mom and pop" companies with dirt simple networks and no IT staff, that could probably get by using D-Link, that it doesn't solve any actual problems, that it's just marketing fluff, and that it's probably a good 5 years too early to even look at it, because the herd hasn't thinned out yet. Or, am I wrong, and some of you are starting to change your minds yet? Also adding to the confusion is that there's a lot of different "flavors" of SD-WAN. There's provider managed "hosted SD-WAN." There's also "on prem" SD-WAN that an enterprise can buy and deploy themselves. I feel like that distinction throws a lot of people off, and most think of the provider managed hosted solution when they think of SD-WAN in general, even though the market share shows some of the "on prem" solutions being at or near the top. What do you guys think? Do you know anyone who's actually "going" SD-WAN. I see a lot of people post here that they're looking into it, or maybe doing a POC, but next to no one actually rolling this out in production. Yet, there must be people rolling it out, or the market numbers wouldn't be what they are. So it stands to reason that some of you here probably do have this in production, we just don't hear from ya much! [link] [comments]  |
| Large network diagrams help and tips Posted: 21 Apr 2018 04:46 PM PDT I'm working a large redesign project that inckudes 4 datacenters. my visio diagram is getting rather complex and crammed with info. im sure this will make it very dofficult for our NOC personnel to read while troubleshooting. this made me wonder. how do you organize and make your visio diagram easily readable? any tricks and tips other than breaking down the environment into subsection? for whatever it's worth a single Datacenter include 8x IPsec headends, 6x aggregation switches, 2x Firewalls, 2x WAN CE routers. all cross connected. [link] [comments]  |
| Looking for feedback on our WAN redesign Posted: 22 Apr 2018 10:27 AM PDT I'm fortunate enough to be in a position to completely rebuild our enterprise WAN from the ground up. What we have now I inherited a while back and, while it works, we've all decided it's time for change due to trouble surrounding our current provider. Today we have a Layer 3 MPLS VPN. We use BGP to peer with our provider over a /30 at each site. They don't support multicast, they don't support IPv6, and they don't support jumbo frames. We're now looking at a Layer 2 MPLS VPN from another provider where we can use multicast, IPv6 (since they just do layer 2), and full jumbo frames. Anyways, just looking for a second opinion on some of the design implementation. WAN NetworkThe Layer 2 WAN will be a single /24 (or /16, as we're planning for growth) and IPv6 /64 (. Things like CDP, LLDP, Proxy ARP, and other broadcast traffic from the WAN interface will be disabled as we don't want to flood our WAN with garbage. iBGPOur datacenter router(s) will act as route-reflectors for the locations. This keeps the location BGP configs clean as they only need one adjacency to our datacenter. I also want to BGP to peer with the loopback address of each router, therefore I will use an IGP to announce loopback addresses such that each router can reach each others loopbacks without static routes. IGPToday we don't use an IGP at the individual locations since it's just a single router and then we eBGP to our carrier. I'm not comfortable with OSPF and began looking into IS-IS for our IGP. It looks like IS-IS is less "chatty" which will reduce the amount of bandwidth being used for updates. Each site will be an IS-IS Level 2 router and both the WAN and Loopback interface will have IS-IS enabled. I've tested this out already and it works well, but will it scale to 100 locations? 200? 500? VLANSInstead of treating the WAN as one giant broadcast domain, we have the ability to VLAN off clusters of sites into a VLAN, then our datacenter would have each regions VLAN come in over a different sub interface. This would reduce the broadcast domain significantly but I'm not sure that it's necessary given the current number of sites. It would also prohibit our sites in different VLANS from talking to one another without going through the datacenter first. Would anyone do anything differently here? [link] [comments]  |
| QoS on a "per-flow" or "per-source" basis Posted: 22 Apr 2018 02:18 PM PDT I have a branch site at which some users are hogging bandwidth. QoS is in place to make sure there are no impact on phones or the business critical stuff, but its still a problem when one user backs up their iPhone to the iCloud and nobody else can hit cnn.com anymore. Looks like the Cisco answer is various shades of "Flow Aware QoS" which are present in the ASR1k, but we don't have (or need) that kind of a site router. I have a ISR 4451X WAN router connected to 3750G switches acting as a core, connecting to 3560X on the access layer. If I try put each client IP on the 4451 into a different class, I'll run out of classes (platform only supports ~64). How can I approach this? [link] [comments]  |
| Where to find quality network engineers? Posted: 21 Apr 2018 09:23 PM PDT I'm a network engineer/lead for a very large company with several openings for more. The problem I'm having is we've pretty much exhausted LinkedIn finds. This sub has lots of solid talent but no resumes. So I'm curious if anybody has any other tips. [link] [comments]  |
| Sales Engineers of /r/networking, what does your day-to-day look like? Posted: 21 Apr 2018 06:41 PM PDT Also, how did you get into pre-sales, and would you say you enjoy your job? [link] [comments]  |
| Posted: 22 Apr 2018 01:19 AM PDT I mean, if i have a smartphone, when I want to connect to a Wifi with Radius, must I enter any stuff (username/password) or configure any stuff. I wanna have a "one tap to connect" experience assuming Radius server already have my MAC address. NOTE: Yes, MAC address authentication is not 100% secure but for my use case, it's ok [link] [comments]  |
| Posted: 21 Apr 2018 08:06 PM PDT |
| Question about tcpdump on a Checkpoint Firewall Posted: 21 Apr 2018 05:52 PM PDT Is the output of tcpdump after all policies and nat's were applied, and what's actually leaving on the wire on that interface? Or is it showing what the kernel sees and then any policy actions are going to be invisible. Reason I ask is that our firewall guy claims his stuffs good, but I do not see packets arriving on my interface. I helped walk him through a tcpdump but the output actually does make it look like the firewall is sending the packets. It shows it sending them, but I don't get them. Wth [link] [comments]  |
| Cisco Meraki vs Classic Controller. Posted: 21 Apr 2018 09:05 PM PDT We are about to invest into a large wireless environment. We have the chance to migrate to either at this point. We have about 200 access points 2600,2800,3800. We have about 100 1131's that would need to be replace anyway. That being said anything that you have insight too would be helpful. [link] [comments]  |
| You are subscribed to email updates from Enterprise Networking news, blogs and discussion.. To stop receiving these emails, you may unsubscribe now. | Email delivery powered by Google |
| Google, 1600 Amphitheatre Parkway, Mountain View, CA 94043, United States | |
No comments:
Post a Comment