Rant Wednesday! Networking |
- Rant Wednesday!
- i tried to make some network engineering shirts that don't suck
- Blaming network for slow speeds. How to determine if it's really the issue.
- Tell us about networking monitoring!
- Anyone else seeing HPE Aruba switch prices skyrocket with the latest generation?
- Open networking engineer position. Must have 5 years of TCP/IP experience as well as...
- Shower thought - what is going to happen to DNS based URL filtering services like OpenDNS (Cisco Umbrella) now that DNS over TLS/HTTPS is coming
- Help! Mounting wifi antenna?
- SolarWinds can see a device with UDT but the switch's CAM table can't. Am I missing something?
- mid level engineer looking for advice
- Palo Alto GlobalProtect MFA question
- F5 vpn client showing self-ip instead of ip from VPN pool
- Decrypting SSL packets through tshark
- McAfee Firewall Certificate Issue via SMC 5.8.3
- Should I buy a separate Router or utilize routing functionality on Fortinet 60E's for small business Network Upgrade
- Unetlab + CSR1000v performance
- eBGP With Two ISPs
- DHCP server not handing out full range of IP addresses. 172.16.20.10-172.16.21.254 /23 only works with a reservation.
- OpenBSD router/firewall?
- Python script for pattern detection in pcap files
- I give up - toss in the towel
- Strange 'hole' on a wifi site survey, Extricom Blanket
- cisco ucs - librenms - port-channels galore
- Single source to single Citrix Netscaler - strange traffic issues
| Posted: 17 Apr 2018 05:09 PM PDT It's Wednesday! Time to get that crap that's been bugging you off your chest! In the interests of spicing things up a bit around here, we're going to try out a Rant Wednesday thread for you all to vent your frustrations. Feel free to vent about vendors, co-workers, price of scotch or anything else network related. There is no guiding question to help stir up some rage-feels, feel free to fire at will, ranting about anything and everything that's been pissing you off or getting on your nerves! [link] [comments]  |
| i tried to make some network engineering shirts that don't suck Posted: 18 Apr 2018 05:12 AM PDT Most of the network engineering shirts/swag I've seen online are pretty bad, so I thought I'd design some of my own. So far I've taken my inspiration from streetwear and other famous designs/logos. The number of designs is a bit sparse but I'll be adding more soon. The goal was to make stuff that is subtle enough to actually be wearable, but still get a laugh if you are walking down the street and happen across another neteng. You can check out the rest of the designs here: https://www.debug-all.net/collections/all If you are into this kinda stuff you should also definitely check out the store at ine.com, they have some really clever designs too (the designated router one might be my favorite). If anybody has any links to any other places to buy network engineer stuff that is actually decent, please share it as well! Edit: Thanks to everyone for the feedback! Really appreciate it. I'm also brand new to the whole online store thing so if anybody has any issues at all just reach out to me (here or via PM) and we'll sort it out. I also have two size small pre-production copies of the IPv4 shirt (one is not great quality, but not terrible!) if anybody wants a freebie. Just send me a message. [link] [comments]  |
| Blaming network for slow speeds. How to determine if it's really the issue. Posted: 18 Apr 2018 12:41 AM PDT So one of our clients keep complaining about slow speeds. Nothing specific when I ask exactly what. One of the main issues seems to be O365. The breakout happens via a L2 link to the DC and goes through a Palo and an ASA. I've had a look for policing shaping and dont see anything on those devices.(Bear in mind im not an expert on either device) Pings and traceroutes are fine and respond perfectly when tracing from HO to DC or to 8.8.8.8. This all started to happen once they did a domain migration. How else can I prove that this isn't the network ? [link] [comments]  |
| Tell us about networking monitoring! Posted: 18 Apr 2018 11:47 AM PDT Hello, I've been in the industry for 15+ years, but mostly small shops. Currently using Veeam One, and I'm about to set up PRTG software. Anyhow, for whatever reason, we never talked much about network monitoring where I've worked. For those of you with more experience in this area, I would like to pick your brain! You don't have to answer all three questions, just pick whichever questions for which you feel like you have a valuable answer.
Cheers! Josh Please note I have a copy of this post also at reddit.com/r/sysadmin, and I made copy here based on another contributor's recommendation. [link] [comments]  |
| Anyone else seeing HPE Aruba switch prices skyrocket with the latest generation? Posted: 18 Apr 2018 10:23 AM PDT Has anyone else noticed the new low-end ArubaOS-Switching being significantly more expensive than the last generation? Looking at historical pricing, our pricing for the last gen compared to the new gen: Old gen: HP 2920 48G POE+ 370W (J9729A) for around $3000. New gen: HP Aruba 2930M 48G POE+ (JL322A ) for around $5400 CDW and MSRP also show roughly the same price increase between generations. The layer 2 series (old 2530, new 2540) show the same price hike. If you wanted to make a stack of two new-gen switches you'd need: Two switches: JL322A, $5400 x 2 = $10,800 Two stacking modules: JL325A, $850 x 2 = $1,700 Two stacking cables: J9734A , $120 x 2 = $240 Total = $12,740. For a stack of two basic gigabit L3 switches. Without 10G uplinks. Can that be right? [link] [comments]  |
| Open networking engineer position. Must have 5 years of TCP/IP experience as well as... Posted: 18 Apr 2018 02:39 PM PDT
On a serious note though, I really have found a lot of "network" job postings say this... I'm a networking guy. I have no knowledge of anything systems related. My job doesn't do anything systems related. Will I need to know these things just to even land a job? [link] [comments]  |
| Posted: 18 Apr 2018 10:44 AM PDT Right now it is trivial to block outbound DNS to non-authorized resolvers, but it seems to me that it will be a lot harder to block TLS/HTTP resolvers because it'll be mixed up in the rest of the traffic. Any thoughts? Does this kill DNS URL filtering? [link] [comments]  |
| Posted: 18 Apr 2018 04:33 PM PDT I'm considering trying to use a long distance directional antenna to try and get internet a couple KM away. The problem is though... The trees surrounding my house are like 70-80 feet! I've been looking at TV towers and they appear to cost like $15,000 or possibly more if I'm needing a 100 ft. Do you guys have any suggestions for something to mount to? One of the antennas I seen appears to mount to poles. Wondering if that would be cheaper, but I have no idea where I could even buy ones that are 100 ft tall. Or if I would have to get a bunch of smaller poles welded together or something. [link] [comments]  |
| SolarWinds can see a device with UDT but the switch's CAM table can't. Am I missing something? Posted: 18 Apr 2018 04:23 PM PDT I was troubleshooting a client and used SolarWinds' User Device Tracking to locate the client's port. The UDT output stated that there is an active device with an IP on that interface, but pinging that IP yielded nothing. The UDT report also stated that two MACs were present and active on that port, and yet when I looked at the CAM table I saw nothing. Is there something I'm missing? SolarWinds documentation on UDT did not clarify this nor did anything on Google. If there's anything more that I need to say please let me know! Thanks for anything that helps me understand this guys, I appreciate it! [link] [comments]  |
| mid level engineer looking for advice Posted: 18 Apr 2018 07:10 AM PDT I've been working as a network engineer for about 3 years, but have been in the industry around 6. Currently, I work as an engineer in a large data center. The job is enjoyable and the people are decent, but I think I'm starting to burn out. This industry has very few 'thank you's' and looking back on my past projects, it all seems reward-less. When I look back on my work legacy in 25 years, what will I have to show for it? What will I have actually done to benefit the human race? All this tinkering with protocols just isn't adding up to me anymore. From a professional stance, I enjoy constantly learning to increase my pay, but at the same time, money isn't doing it for me anymore either. Big pay checks have lost their luster I guess. I cant say I'm really "passionate" about networking or new technologies, although I do enjoy teaching newbies. I like wrapping my head around any complicated topic and passing down the knowledge. So I'm not really sure where I should go from here. I'm prior service, so I have my GI Bill and could go back to school, but that's a box of worms on its own. I've thought about starting my own business doing video courses and tutoring, but it seems like that market is saturated by sites like Udemy. I feel like that train has passed to make a decent living. I've considered also becoming a consultant, but don't know enough about it to make an informed decision. Anywhoo, your advice/insight is appreciated. [link] [comments]  |
| Palo Alto GlobalProtect MFA question Posted: 18 Apr 2018 11:18 AM PDT I have the GlobalProotect worki g with DUO Security and users are getting the push via the app. However, I cannot find any documentation on how to enable users the option for phone call verification or SMS. Anyone know how to enable this? Thank You in advance for any assistance. [link] [comments]  |
| F5 vpn client showing self-ip instead of ip from VPN pool Posted: 18 Apr 2018 11:14 AM PDT I'm not as familiar with the F5 as I am with Cisco. We have a Virtual Server configured that we use for the F5 ssl vpn. Actually we have 2, each one pointing to their own separate subnet to use for VPN. One of them is showing the self-ip address instead of the vpn address. I think this is causing some issues for them. I'm comparing the 2 configurations and I can't spot the difference on why one of the shows the vpn client address and one shows the self-ip of the F5. Hoping someone can point me in the right direction. :) [link] [comments]  |
| Decrypting SSL packets through tshark Posted: 18 Apr 2018 02:56 PM PDT I've been having an issue at work where packets are being dropped somewhere between our server and an outside host that we are using across the state. I installed tshark on the server and did a packet capture. Only problem is, the packets are encrypted over SSL, so I can't decipher where the packets are being dropped. Does anyone know how to decrypt the packet capture from tshark on the server? [link] [comments]  |
| McAfee Firewall Certificate Issue via SMC 5.8.3 Posted: 18 Apr 2018 10:38 AM PDT I am having an issue trying to renew my certificate for my firewall(s) inside of Security Management Center v5.8.3. When I try to update them I get the below image, does anyone know how to remedy this? I tried to find some more information on this, but no luck. https://i.redd.it/xg1tig0s0ps01.png [link] [comments]  |
| Posted: 18 Apr 2018 02:08 PM PDT So I am about to pull the trigger on some 60E's for our small business, but I wasn't sure if I should buy some stand alone router (such as Edgerouter or USG) or utilize the routing functionality built into the units. I asked this question on Spiceworks and am getting conflicting advice. Some background information - Two locations: Corporate Office - Seven users, Plant - Six users. - Will be buying four Ubiquiti AP's and two POE switches. Let me know if you need any additional information. [link] [comments]  |
| Unetlab + CSR1000v performance Posted: 18 Apr 2018 02:02 PM PDT I've been using the following lab hardware for Unetlab for quite some time:
I had been using 10 x IOL for most lab material, but decided to build-out a 10 x CSR1000v + 4 x XRv lab recently. When utilizing this lab topology, carefully allowing everything to start and settle, I seem to get near 100% CPU utilization when doing just about anything on the CSR1000v's (memory never exceeds 60% utilization, and I have the page allocation for guests turned off as recommended):
I've read quite a few entries from fellow labbers that they can run a 10 x CSR1000v + 4 x XRv lab without much trouble with far less of a hardware footprint (people using 2009 Nehalem architecture, as opposed to my beefier 2011 CPUs). The versions of code I'm running for the CSR1000v and XRv are in alignment with claims of a smooth experience. Is there something I'm doing incorrectly, or is it really that the CSR1000v's can't run in tandem without blowing up the CPU? I don't want to upgrade Unetlab to EVE-NG just to find out that what I'm doing is folly to begin with. As an addition, is there much value to running the CSR1000v's IOS-XE versus IOL from a critical feature standpoint? [link] [comments]  |
| Posted: 18 Apr 2018 01:15 PM PDT We have two datacenters in two different states. Each has one ISP at the moment. We are already doing eBGP with one of them and will be changing to BGP (from static) with the other when we get the second ISP. Lets assume for simplicity sake that each datacenter has an ISP1 and ISP2. We want mission critical traffic (to our core platform) to route in/out of the internet using ISP1 while all other traffic should route in/out over ISP2. Lets focus on datacenter1. At datacenter1 we have a public address space with a size of /24 and at datacenter2 we have a /26. I was thinking to myself, yeah we could advertise a /32 out ISP1 so that this is more preferred from the internets perspective and would win. This would allow traffic into our org from the internet to take ISP1. I have a feeling that the ISP won't allow this though. My next way of accomplishing the desired behavior would be to get a second block of addresses at each location and out ISP1 make them preferred via BGP selection process (local pref or AS-Path prepending). The new block of addresses would also be advertised out ISP2 but less preferred. For the reverse (traffic out of the org), I suppose I'd have to find out what IPs our mission critical app connects to and have the ISP1 provider advertise those blocks to us. This is what I'm thinking of doing but how would you accomplish it? [link] [comments]  |
| Posted: 18 Apr 2018 06:06 AM PDT I am stumped at the moment. I have been through 2 different DHCP servers, server 2008 and now server 2016. I moved to server 2016 because of the same issue. I have manually configured the scopes and we have a flat network of Cisco 3800's, some connected via fiber, which can do L3 but we are doing L2 and no routing. approximately 325 devices on the network. I would appreciate any ideas or suggestions. thanks [link] [comments]  |
| Posted: 18 Apr 2018 11:54 AM PDT From what I've been reading recently OpenBSD sounds like it has very strong security and stability focused development process, and I'm reading a lot of good things about it's pf firewall. At first blush this seems like the ideal platform to deploy a router or firewall. Is it a common/good choice? My understanding is that router focused OSes like VyOS, etc., are just management shells on top of Linux. Is there an advantage to using these besides insulating idiots like myself from the underlying Linux commands? [link] [comments]  |
| Python script for pattern detection in pcap files Posted: 17 Apr 2018 08:19 PM PDT Hello, I am sorry if this doesnt belong in this sub, but the struggle is making me post this in any related sub I find. Attempt at solution: I was thinking of using the length to compare the value and completely ignore the sequence number. Each time dpkt reads a packet, it changes the length of variable x to that of the packet. So If i compare the length to variable x before changing it to the next variable I should be able to follow the pattern. The problem? The initial value, since it will be 0 or unknown, I cant compare it and the condition will never be met. I am sorry for the long post, but If anyone has any experience with python and networking that could direct me to the right package, Id really appreciate it, been stuck on this for days. Thanks for reading. [link] [comments]  |
| Posted: 18 Apr 2018 10:26 AM PDT I have tried every configuration on the net, every suggestion from here. it still does not work in the network. Only works if its off the LAN. So obviously i am an idiot who cannot get this for whatever reason. Are any of you tech guys in Toronto? With HPE switch experience? i will Pay for assistance and instruction on what i kept doing incorrectly. The server and switch work. It launches machines diskless if its standalone. PM me if interested. Help me Obi Wan, you are my only hope. [link] [comments]  |
| Strange 'hole' on a wifi site survey, Extricom Blanket Posted: 18 Apr 2018 03:47 AM PDT Hi guys, so, as an entry-level networking guy i was checking the wifi coverage of a supermarket in my area; using Ekahau Heatmapper. Thing is, this is an Extricom blanket coverage, so, multiple AP presenting themselves with the same mac and channel. Problem is, under a specific antenna, i get a hole, no signal at all no the laptop that i'm using in passive mode, but i do get signal on other 2 instruments (and, a handheld scanner turned on in that location gets signal). It's like for a 3 meter radius around the AP, my heatmapper sees no signal. I have trouble understanding whats going on; do you guys have any pointers? Thanks in advance [link] [comments]  |
| cisco ucs - librenms - port-channels galore Posted: 18 Apr 2018 01:28 AM PDT Hi all I've pointed my librenms install at some Cisco UCS-FI-6248UP. Librenms is showing port-channels being created/deleted constantly. This is giving me spikes in the graphs. Me no like. For political reasons, I don't have access to the UCS devices. Screenshot from librenms: https://i.imgur.com/V6SMD7g.png I'm not a cisco ucs guy... Any pointers from the hive-mind? [link] [comments]  |
| Single source to single Citrix Netscaler - strange traffic issues Posted: 17 Apr 2018 05:21 PM PDT I've had such a strange/hair-pulling issue over the past few days and such a strange workaround too:
Now this is super strange to me - the tunnel should be adding extra data/load to the packets and endpoints. If it was an intermediate ISP node issue I'd assume the packets would have to be smaller to fix it, not larger. The ISP thoroughly assisted with the troubleshooting (really thankful to have good support here) and is confident it's not their issue. I can see it from their point of view and can't imagine what it could be that's causing such a specific source/destination issue like this. Has anyone ever come across anything like this? [link] [comments]  |
| You are subscribed to email updates from Enterprise Networking news, blogs and discussion.. To stop receiving these emails, you may unsubscribe now. | Email delivery powered by Google |
| Google, 1600 Amphitheatre Parkway, Mountain View, CA 94043, United States | |
No comments:
Post a Comment