Trying to talk my company out of doing "white box" networking. Look for some ideas Networking

---

• Trying to talk my company out of doing "white box" networking. Look for some ideas
• Are there any real world Dual Hub Dual DMVPN design guides that handle WAN links properly, NAT, and all other caveats?
• Linux networking reading recommendations
• Best way to prevent a 0/0 static route being redistributed into OSPF
• Re-designing DMVPN topology for redundancy and ease of management. Need help with ideas.
• Why engenius
• What are the common approaches to solve the Cisco ASA switching loop issue?
• Broke network card wifi antennae need replacement.
• HSRP question.
• L3 MPLS issues - Juniper
• Where can I find some cheap switches?
• Traffic slow down when LACP is used?
• Cisco Prime - Suppress Alarm for all non Infrastructure Links
• Looking for all-in-one device that has a /16 subnet DHCP server, OpenVPN client and firewall

Trying to talk my company out of doing "white box" networking. Look for some ideas Posted: 15 Apr 2018 11:26 AM PDT So my company is seriously considering buying white box hardware and going with a cheap switching os vendor, the one they talked to is Cumulus, but I think they're looking for a few others. Our team is really disgruntled, because we feel non technical people are making technical decisions, and then we're going to be stuck with this mess. I seriously went into the Cumulus demo with an open mind, but came out of it knowing this will be a huge disaster. We are a Cisco shop, and always have been. We know Cisco, like many of you here do. They want to get rid of a high performance proven product that is very well known, well understood, and well supported, in exchange for something that's just cheaper. That none of us have any experience with. The worst part is this feels like it has momentum behind it, like the decision is already made. It's like a nightmare. I talked to a few members of our team, and they all feel the same way I do. The whole OS is based on Linux, which none of us have ever touched. I feel like we'll suddenly have an alien os that is nothing like normal network vendors. I would even happily accept Juniper or Arista instead of this. At least they'd be similar enough to Cisco that we could get by. I just see this as a marketing fad, and their being swayed by the low cost, but you get what you pay for! You pay 1/3rd and get 1/3rd the quality. Hello? Anyone else going through this? Thanks! submitted by /u/thosewhocannetworkd [link] [comments]

Are there any real world Dual Hub Dual DMVPN design guides that handle WAN links properly, NAT, and all other caveats? Posted: 15 Apr 2018 07:32 AM PDT Everything I see online simulates the WAN links as a switch. Or they just do a default route from the hub and don't take into account WAN traffic. Here's a scenario I've been working with in GNS3: https://imgur.com/a/KBoZ9 I am looking to keep the dual hub dual cloud design and I want the two tunnel interfaces on the spokes to always be up. However when I have that, I cannot handle WAN failover properly. Specifically I want WAN1 on each spoke to be the default route out to the WAN. Then if that fails I want WAN2 to be the primary WAN connection and ALSO the DMVPN failover path. So the requirements again: Both WAN links in failover for actual WAN traffic Both WAN links active as DMVPN cloud tunnel ints Failover of WAN Ex. LAN link - Default vrf WAN1 link - WAN1 vrf Tunnel1 link - "tunnel mode vrf WAN1" and default vrf Wan 2 link- WAN2 vrf Tunnel 2 link - "tunnel mode vrf WAN2" and default vrf Now assume that clients coming in from the lan link of the spoke want to reach the internet. I don't want that traffic going to the hub through the DMVPN. I want that traffic to leave WAN1 link when it's up, and WAN2 link if WAN1 is down. Ok I got it working via this https://supportforums.cisco.com/t5/wan-routing-and-switching/route-exchange-between-vrf-locally/td-p/869886 submitted by /u/SuddenWeatherReport [link] [comments]

Linux networking reading recommendations Posted: 15 Apr 2018 08:54 AM PDT Are there any great books out there on Linux networking? Up till now this has all been black-magic-voodoo Google search kind of stuff for me, and I've decided it's time to actually learn it. I'm looking for a detailed no bullshit explanation of Linux networking commands, iptables, sockets, routing, drivers, etc.. Bonus points if it's focused at someone who's coming from a Cisco network background. submitted by /u/packet_nerd [link] [comments]

Best way to prevent a 0/0 static route being redistributed into OSPF Posted: 15 Apr 2018 01:53 PM PDT Looking for an example of routing policy that will prevent someone from inadvertently configuring a static quad 0/0 route on a Juniper EX router running OSPF with a policy statement redistributing static routes into OSPF. Myself and my team have gotten bit by this a couple of times now, the effect is all traffic destined for the internet out of our core data center gets black holed to the site the someone adds or forgets to remove a 0.0.0.0/0 next-hop x.x.x.x route. Thinking we should have a policy to prevent this specific route from being redistributed into OSPF that can be added to a base config template as a preventative measure . Any help would be greatly appreciated! submitted by /u/bwillo [link] [comments]

Re-designing DMVPN topology for redundancy and ease of management. Need help with ideas. Posted: 15 Apr 2018 02:05 PM PDT Hey there networking community. I've been tasked with redesigning our current DMZ layout. Currently, the design is silo-ed. We have spokes terminating at dual hubs running hsrp which allows access to a topology of a technology demonstration for a specific industry such as enterprise or collaboration. If you need to access a different demonstration, you'll have to configure a different tunnel with a different hub where it'll terminate. After a topology is deployed, that demonstration may be used on the road for a few years. All you have to do is configure a tunnel on that spoke terminating into the hub of the demo you'd like to access. Well after a decade of using this design, it has become increasingly difficult to manage since we now have multiple pairs of DMVPN hub's throughout our DMZ (10+ pairs). Employee turnover has also made it difficult to access the previous employees demo topology. I'd like to design a dual DMVPN hub running HSRP where all the spokes terminate so that we have one central location of management. The part that I'm finding difficult is the routing between the spoke and the demos behind the hub. Since all spokes will terminate at this dual hub pair, running EIGRP and advertising every network will allow every demo to communicate with each other. This cannot happen since some of the subnetting conventions overlap. Ideally, I'd like to have the spokes route directly into a specific demo by bringing up a tunnel. I am not sure how to accomplish this though. Any ideas would be appreciated! Thanks for your help Reddit! submitted by /u/vonchas [link] [comments]

Why engenius Posted: 15 Apr 2018 12:44 PM PDT I have walked into several clients as a result of dissatisfaction with previous companies. Inevitably I see a crap ton of really poorly configured engenius access points. Terrible management, musltiple ssids, no VLANs, crappy wire termination, poor RF management, etc. I usually end up doing rip and replace. Why does it seem to be a pattern that crappy previous IT companies use engenius and configure it all so poorly? Am I the only one who sees this? submitted by /u/descentformula [link] [comments]

What are the common approaches to solve the Cisco ASA switching loop issue? Posted: 15 Apr 2018 02:05 PM PDT We're currently designing a testbed simulating an internal enterprise network and we use Cisco ASA as the firewalls. The topology looks like: https://imgur.com/p3t9Ov8. Every link is configured as 802.1Q trunk with 3 VLAN IDs. Native VLAN (VLAN 1) is shutted down on all devices. The version of the ASA software is 9.8(1).   Since the ASA firewalls does not support L2 switching, which means that the VLAN interfaces cannot span across multiple physical ports, so we used bridge groups and BVIs to bridge between SVIs. We noticed that there was a switching loop in the network caused by the ASA firewalls. The firewalls do not support STP and forward the packets to all the bridged interfaces.   After some research, we found two ways of solving the problem. One is setting all the firewall-facing interfaces to PortFast and enabling BPDU guard, which doesn't work for us because it needs the interfaces to be not in trunk mode. Though we may use several access links instead of the trunk link, the ASA firewalls do not have that many ports for us to use. The other solution that we used is somewhat more expedient, we simply shutted down the SVIs that may cause switching loops for the link between the two firewalls.   I wonder if there are some common solutions to this problem and what you guys think. submitted by /u/niorehkids [link] [comments]

Broke network card wifi antennae need replacement. Posted: 15 Apr 2018 01:13 PM PDT I know there are hundreds of cheap ones you screw on the back of your PC I need one that can be mounted higher up like on the desk. The NIC I have came with a flimsy one I accidently ripped off. Can anyone recommend a decent replacement desktop (or higher) antennae for this nic? https://www.newegg.com/Product/Product.aspx?Item=N82E16833320333&SortField=0&SummaryType=0&PageSize=10&SelectedRating=-1&VideoOnlyMark=False&ignorebbr=1&IsFeedbackTab=true#scrollFullInfo submitted by /u/nirrtix [link] [comments]

HSRP question. Posted: 14 Apr 2018 09:37 PM PDT I'm practicing some labs at home on packet tracer and I noticed the labs in the Cisco book I'm using requires the set up of EIGRP before they show you how to configure HSRP. So my question is does HSRP always require EIGRP or OSPF in order to be able to configure it? If so, what is the reason? Thanks in advance. submitted by /u/Dethh195 [link] [comments]

L3 MPLS issues - Juniper Posted: 15 Apr 2018 04:16 AM PDT I have no problems getting the equivalent working with Cisco but im having some issues transferring this to Juniper. Anyone familiar with Juniper able to take a look at my config? CE's have a route to each other (learnt via BGP from the PE, and PE has the route in its table for the relevant VRF) The issue is with the PE config somewhere as that is as far it the trace gets. CE1--(int: em0-PE1-Int:em1)--P--PE2--CE2 PE1 config: set version 12.1R1.9 set system root-authentication encrypted-password "$1$w5W3Qxul$hvWK6vFpzbsoC3hCmKEMN/" set system syslog user * any emergency set system syslog file messages any notice set system syslog file messages authorization info set system syslog file interactive-commands interactive-commands any set interfaces em0 unit 0 family inet address 192.168.12.2/24 set interfaces em1 unit 0 family inet address 192.168.23.2/24 set interfaces em1 unit 0 family mpls set interfaces lo0 unit 0 family inet address 2.2.2.2/32 set routing-options router-id 2.2.2.2 set routing-options autonomous-system 65000 set protocols mpls interface em1.0 set protocols bgp group pe type internal set protocols bgp group pe local-address 2.2.2.2 set protocols bgp group pe family inet-vpn any set protocols bgp group pe neighbor 4.4.4.4 set protocols ospf area 0.0.0.0 interface lo0.0 set protocols ospf area 0.0.0.0 interface em1.0 set protocols ldp interface em1.0 set routing-instances CustA instance-type vrf set routing-instances CustA interface em0.0 set routing-instances CustA route-distinguisher 2.2.2.2:1 set routing-instances CustA vrf-target target:65000:1 set routing-instances CustA protocols bgp group ce type external set routing-instances CustA protocols bgp group ce peer-as 65100 set routing-instances CustA protocols bgp group ce neighbor 192.168.12.1 This is all in a lab environment right now via Olive's Routing table of CE-1 (loopback of CE-2 is 5.5.5.5): A Destination P Prf Metric 1 Metric 2 Next hop AS path * 1.1.1.1/32 D 0 >lo0.0 * 5.5.5.5/32 B 170 100 >192.168.12.2 65000 65200 I * 192.168.12.0/24 D 0 >em0.0 * 192.168.12.1/32 L 0 Local * 192.168.45.0/24 B 170 100 >192.168.12.2 65000 I Routing table of PE-1: root> show route table Cu CustA.inet.0: 5 destinations, 6 routes (5 active, 0 holddown, 0 hidden) + = Active Route, - = Last Active, * = Both 1.1.1.1/32 *[BGP/170] 01:51:45, localpref 100 AS path: 65100 I > to 192.168.12.1 via em0.0 5.5.5.5/32 *[BGP/170] 01:32:54, localpref 100, from 4.4.4.4 AS path: 65200 I > to 192.168.23.3 via em1.0, Push 299872, Push 299776(top) 192.168.12.0/24 *[Direct/0] 01:55:10 > via em0.0 [BGP/170] 01:51:45, localpref 100 AS path: 65100 I > to 192.168.12.1 via em0.0 192.168.12.2/32 *[Local/0] 01:55:10 Local via em0.0 192.168.45.0/24 *[BGP/170] 01:32:54, localpref 100, from 4.4.4.4 AS path: I > to 192.168.23.3 via em1.0, Push 299872, Push 299776(top) root> show route table inet.0 inet.0: 7 destinations, 7 routes (7 active, 0 holddown, 0 hidden) + = Active Route, - = Last Active, * = Both 2.2.2.2/32 *[Direct/0] 02:23:53 > via lo0.0 3.3.3.3/32 *[OSPF/10] 02:20:02, metric 1 > to 192.168.23.3 via em1.0 4.4.4.4/32 *[OSPF/10] 02:20:02, metric 2 > to 192.168.23.3 via em1.0 192.168.23.0/24 *[Direct/0] 02:23:43 > via em1.0 192.168.23.2/32 *[Local/0] 02:23:53 Local via em1.0 192.168.34.0/24 *[OSPF/10] 02:20:02, metric 2 > to 192.168.23.3 via em1.0 224.0.0.5/32 *[OSPF/10] 02:20:12, metric 1 MultiRecv root> show route table inet.3 inet.3: 2 destinations, 2 routes (2 active, 0 holddown, 0 hidden) + = Active Route, - = Last Active, * = Both 3.3.3.3/32 *[LDP/9] 01:55:27, metric 1 > to 192.168.23.3 via em1.0 4.4.4.4/32 *[LDP/9] 01:55:27, metric 1 > to 192.168.23.3 via em1.0, Push 299776 root> show route table mpls.0 mpls.0: 8 destinations, 8 routes (8 active, 0 holddown, 0 hidden) + = Active Route, - = Last Active, * = Both 0 *[MPLS/0] 01:13:19, metric 1 Receive 1 *[MPLS/0] 01:13:19, metric 1 Receive 2 *[MPLS/0] 01:13:19, metric 1 Receive 13 *[MPLS/0] 01:13:19, metric 1 Receive 299808 *[LDP/9] 01:55:31, metric 1 > to 192.168.23.3 via em1.0, Pop 299808(S=0) *[LDP/9] 01:55:31, metric 1 > to 192.168.23.3 via em1.0, Pop 299824 *[LDP/9] 01:55:31, metric 1 > to 192.168.23.3 via em1.0, Swap 299776 299872 *[VPN/170] 01:33:17 > to 192.168.12.1 via em0.0, Pop root> show route table bgp.l3vpn.0 bgp.l3vpn.0: 2 destinations, 2 routes (2 active, 0 holddown, 0 hidden) + = Active Route, - = Last Active, * = Both 4.4.4.4:1:5.5.5.5/32 *[BGP/170] 01:33:26, localpref 100, from 4.4.4.4 AS path: 65200 I > to 192.168.23.3 via em1.0, Push 299872, Push 299776(top) 4.4.4.4:1:192.168.45.0/24 *[BGP/170] 01:33:26, localpref 100, from 4.4.4.4 AS path: I > to 192.168.23.3 via em1.0, Push 299872, Push 299776(top) Trace from CE-1 stopping at PE-1 interface: root> traceroute 5.5.5.5 traceroute to 5.5.5.5 (5.5.5.5), 30 hops max, 40 byte packets 1 192.168.12.2 (192.168.12.2) 0.150 ms 0.080 ms 0.068 ms 2 *^C root> submitted by /u/Theincrediblemeagain [link] [comments]

Where can I find some cheap switches? Posted: 15 Apr 2018 01:37 PM PDT I want to get a cheap 6-7 port switch, are there any places I can go to where they just give them out? I'm not looking for anything special submitted by /u/stefan69er [link] [comments]

Traffic slow down when LACP is used? Posted: 15 Apr 2018 10:35 AM PDT Hi. I have configured a HP 5900af with an IP and nothing else after factory reset. I have a server and two clients that attach for testing, not Virtual. The NIC in the server in question is an intel i350 t4 teamed. This serves a VHD and a game disk to the two clients. When i only connect a single cable to the switch from the server they load about as fast as i can ever see them being. Approx 1:40 to fully loaded with game access. But if i connect another cable or all four cables from the server to the switch, they take 8 minutes to load. The switch slows to a crawl. There is something i am not doing correctly or not understanding in LACP. Anyone have an idea where i should look on fixing this? I dont want to have this same issue when the 10g NIC dual gets here. Thanks submitted by /u/1stTimeMeMe [link] [comments]

Cisco Prime - Suppress Alarm for all non Infrastructure Links Posted: 14 Apr 2018 04:37 PM PDT Salute, i need your advice for the following scenario: I have Cisco Prime creating Alarms for all Link Down events across all switches we have. What i want to achieve: Having Cisco Prime creating Alarm only for Link Down events for ports in a specific port-group (Infrastructure Links). What i tried to do: Create an Alarm Policy and suppress the alarms for Link Down events for ALL port-groups except one specific (Infrastructure Links). My Problem: Obviously Prime do not support a negation of a selected port group (match all other except the one I selected). We dynamically assign Infrastructure links to a port-group by a specific pattern in the description. But due to the System Defined port-groups they are assigned as well to other groups too. How do you achieve to get alarms only for Infrastructure Links without disabling the the logging event itself at interface level on the switches? submitted by /u/Crashcymbal [link] [comments]

Looking for all-in-one device that has a /16 subnet DHCP server, OpenVPN client and firewall Posted: 15 Apr 2018 04:46 AM PDT Hey guys, I'm looking for a router that has OpenVPN client DHCP server for /16 subnets firewall so basically like that router people have at home, just for the professional sector. We have multiple DCs that I want to connect to a central OpenVPN hub, that hands out IP adresses to clients. I don't necessarily need a web application firewall, since there are not workstations in our DCs. There are between a few hundred and 2000 clients in every DC. Up until now we did it with one or more vmhosts and all services as VMs. But at this point it became to much work to set up this for every DC. I just want a box that I can configure, plug in and be done. I was on the Juniper and Fortinet websites but was kinda overwhelmed by the options. I just need a push in the right direction on what to look for. edit: somebody downvoted my post and all of my replies - did I violate any subreddit rule I wasn't aware of? submitted by /u/minimalniemand [link] [comments]

You are subscribed to email updates from Enterprise Networking news, blogs and discussion.. To stop receiving these emails, you may unsubscribe now.	Email delivery powered by Google
Google, 1600 Amphitheatre Parkway, Mountain View, CA 94043, United States