Cloudflare 1.1.1.0/24 subnet BGP hijack Networking |
- Cloudflare 1.1.1.0/24 subnet BGP hijack
- L2vpn Pseudowire Switching Issue
- anyone deploy a UCS E within a 4k ISR router?
- People who work at mobile carriers ,how does your company monitor the security of mobile networks?
- What are some important things that are overlooked when initially configuring networking devices (switches for example) .. which can open up problems and cause risk to your networking environment? (If it were to ever come into contact or become a victim of an attack).
- Networking noob here, I have some questions about wireless.
- Traffic (L2) between 3850 and Nexus 9K(VPC) intermittently not working
- Recommended way of receiving syslog messages after an outage
- Any Talari SD-WAN customers? Anyone doing SD-WAN in general?
- Recommend me a new IPAM
- Follow-up for site-site vpn question (palo alto)
- How would you lay this network out?
- OSS/Inventory system(s) of some kind
- Netflow 9 and Cisco 3850
- I need to get two logically separate tunnels from Juniper MX104 to Cisco ISR4k over MPLS cloud
- New role tomorrow - how to settle in?
- [Design Question] Should I decentralize my networking equipment?
- Bandwidth utilization monitoring?
- ospf route path visualization tool?
- Feedback on Network of 9 Machine Vision Cameras at Remote Locations
- New info about SpaceX StarLink - sat-to-sat FSO links, 25ms
| Cloudflare 1.1.1.0/24 subnet BGP hijack Posted: 29 May 2018 06:27 AM PDT Cloudflare subnet 1.1.1.0/24 is currently beeing BGP hijacked by a company in Shanghai. Edit : Formating [link] [comments]  |
| L2vpn Pseudowire Switching Issue Posted: 29 May 2018 11:26 AM PDT Hi Guys, I'm building L2vpn xconnect in an inter-AS. But unfortunenately circuits won't turn up. I'm using GNS3 C7200-ADVIPSERVICESK9-M Version 15.0(1). Bgp/vpnv4 works fine and establised. PE1-XYZ-R1#sh mpls l2transport vc 2 detail Local interface: Fa2/1.20 up, line protocol up, Eth VLAN 20 up Destination address: 4.4.4.4, VC ID: 2, VC status: down Create time: 00:52:49, last status change time: 00:42:44 Signaling protocol: LDP, peer 10.1.22.2:0 up Sequencing: receive disabled, send disabled VC statistics: R5#sh mpls l2transport vc 2 detail Local interface: MPLS PW 10.10.10.10:100 down Destination address: 1.1.1.1, VC ID: 2, VC status: down Create time: 00:40:33, last status change time: 00:40:33 Signaling protocol: LDP, peer 1.1.1.1:0 up Sequencing: receive transparent, send transparent Sequencing resync disabled VC statistics: R5#sh mpls l2transport vc 100 detail Local interface: MPLS PW 1.1.1.1:2 down Destination address: 10.10.10.10, VC ID: 100, VC status: down Create time: 00:40:16, last status change time: 00:40:16 Signaling protocol: LDP, peer unknown Sequencing: receive transparent, send transparent Sequencing resync disabled VC statistics: Diagram: https://learningnetwork.cisco.com/message/685091#685091 Thank you [link] [comments]  |
| anyone deploy a UCS E within a 4k ISR router? Posted: 29 May 2018 11:16 AM PDT I have a UCS-EN120S-M2/K9 module installed in a 4331 router that I'm configuring. I've read the Cisco documentation as well as watching this youtube video - https://www.youtube.com/watch?v=w__Zeglj0FM What I've done is put the CIMC on it's own dedicated link (which uses the M external port). The router is configured as router on a stick with the gi0/0/0 interface trunked to the switch. We have installed windows 2012 server. I want the Server to be on Vlan 100. (the CIMC is on mgt vlan 254). I have 2 logical interfaces in my router and 3 network adapters on my server. in my router i have ucse1/0/0 and ucse1/0/1. From the video on youtube the 1/0/0 should be the routed interface and 1/01 the layer 2 interface. Since we're not doing vmware, I really just need the layer 3 interface. It's a little confusing but as I understand it these 2 logical interfaces correspond to adapters 1 and 2 on the server. I have a sub-interface on the router. interface GigabitEthernet0/0/0.10 encapsulation dot1Q 100 ip address 10.100.180.1 255.255.255.0 interface ucse1/0/0 ip unnumbered GigabitEthernet0/0/0.10 negotiation auto switchport mode trunk basically I want the server to use 10.100.180.1 as the default gw so I configured the ucse to use that ip address. It's not working though. If anyone can point me in the right direction, I would appreciate it. There is a 3rd network adapter in the server which seems to correspond to an external port (gi2) on the blade. If I use that port, it works. So there is a workaround. However would like to have a better understanding of why it's not working on the logical ucse adapters. Hope this makes sense. If not I can explain further. Thanks so much. [link] [comments]  |
| People who work at mobile carriers ,how does your company monitor the security of mobile networks? Posted: 29 May 2018 09:12 AM PDT |
| Posted: 28 May 2018 11:54 PM PDT Currently setting up a homelab to practice and work on some security related research projects on the configuration of networking devices and how crucial the initial process is. [link] [comments]  |
| Networking noob here, I have some questions about wireless. Posted: 29 May 2018 03:03 PM PDT Hello, I'm a complete noob when it comes to networking. I'm currently studying a bit, but there are some concepts I don't fully understand. If you wouldn't mind maybe checking me on this stuff, that would be awesome. So from what I know, wireless channels on both 2.4ghz and 5ghz are just small differences in frequencies. Channel width? Is that the amount of power being sent from the antenna? So higher channel width covers more of the channels? so 40mhz would cover double the channel range as 20mhz? MIMO, so for 802.11n when it's sending out data. It can lets just say send out two information streams, one on one antenna and one on another? to a device that has the capability/hardware? Also if we could refrain from shitting on me for being a noob, that would be awesome. Thanks! [link] [comments]  |
| Traffic (L2) between 3850 and Nexus 9K(VPC) intermittently not working Posted: 29 May 2018 03:02 PM PDT Hi, I am looking some advice how best to troubleshoot an issue we have with traffic randomly dropping/not routing. We currently have 7 remote breach sites which connect back to Head Office 1 (HO1) via MPLS. The MPLS CE router in HO1 terminates into a 3850 switch (L3). In HO1 our servers,firewall etc all connect to the 350 as well. We have recently built a separate building and a new server room (lets call this HO2). HO2 has a pair of Nexus 9K which uplink to the 3850 in HO1 via fiber (VPC). The Nexus is just a L2 device at this point. There are only 3 Hyper-v hosts in HO2 at this moment in time running a number of VMs. For the most part this seems to work well, however we start to receive complains that when our remote branch site try accessing something in HO2, they sometimes can access it. Some times its only briefly ie 5mins or sometimes the whole day. Digging into this deeper it might of been an issue since commissioning HO2 but its unclear (couple of month ago). I have only recently started and have been asked to look into it. Performing trace routes from a device which cannot access something in HO2 i observe the following:
This seems to suggest the issue might be to do with the L2 between the Nexus and 3850. Checking both device logs i see nothing, checking VPC status and everything looks healthy. Can anyone suggest what else to check or what the issue might be? Thanks [link] [comments]  |
| Recommended way of receiving syslog messages after an outage Posted: 29 May 2018 10:40 AM PDT We primarily use Cisco ISR routers which send syslog messages to a centralized collector. The issue of course is we never "see" the interface or BGP flap messages because, well, the single WAN connection is offline when those messages trigger. Does anyone know of a solution to this that doesn't involve setting up a local syslog collector? Even something as small and cheap as a Raspberry Pi would pose challenges for us. We have buffered syslog messages configured so a Is there a way to re-send buffered syslog output once the WAN connection comes back online? Would using TCP syslog instead of UDP syslog help at all? Any ideas or solutions would be appreciated. Thanks [link] [comments]  |
| Any Talari SD-WAN customers? Anyone doing SD-WAN in general? Posted: 29 May 2018 10:20 AM PDT My work has about 40 branch offices around the USA. We currently use dual MPLS links for each office (speeds vary widely from about 3mbs to over 200mbs). We are considering a move to SD-WAN, with one of my co-workers very interested in Talari. Interested in hearing any stories of organizations that have looked at similar setups. VOIP for us is hosted out of two data centers (one in the Midwest, one in NY) so that is a factor for us as well. [link] [comments]  |
| Posted: 29 May 2018 01:42 AM PDT I've been given a task to find a new IPAM (DDI?) solution. Today we use NetDot, which is more than OK, but lacks updates and development. We use LibreNMS for alerting and monitoring. We use some other tool for DCIM. We're a MSP with about 25 employees. What we must have: - IPAM functionality - API Good to have: - vRealize integration - Enterprise support - DNS management/plugin - Physical cable topology. Nice to have: - DHCP management - Auto discover (an IPAM should be desired state. But auto discover arp/fdb would be nice) Physical cabling topology is almost must have for me personally since I'm doing all the basic network support and need to map out fiber circuit and strands. I have tested NetBox, which is really nice and seem to have good development, although they need to fix issues/20! phpIPAM also seem like a good alternative people here praise a lot. None of them have paid support though. I've read some about EfficientIP which also has been praised in this subreddit, and doesn't have astronomical license costs as some of the others have? [link] [comments]  |
| Follow-up for site-site vpn question (palo alto) Posted: 29 May 2018 12:49 PM PDT this was my previous post. Phase 1 and 2 seems to be straightforward. Now i need to get the rest of it going, namely the ike gateway and the IPSec tunnel. Again i apologize for the cluelessness how is the IKE gateway configured? Right now I have our egress interface set up under IKE gw Interface followed by the public IP (since that's the address set on my egress interface) set as the local ip address. Does this look right to you? Do i need to create a new local (private) subnet specifically for this connection? PA's example had a private ip as its local. I assume the peer IP is something the vendor will give me. Please let me know if there's anything else missing. [link] [comments]  |
| How would you lay this network out? Posted: 29 May 2018 03:40 PM PDT Hi All, This is going to be pretty simple for most of you higher level network engineers but I'd call my self an amateur working towards CCNA in my free time and am not ashamed to ask for a little help! I've inherited this network and am trying to make the best out of what we have. I'm fine with figuring out routing, configuration VLANs etc. I have this network at the moment (no, those aren't crossover cables irl). Each box represents a physical cabinet - each cab has plenty of OM3 fibre to the other two cabs. This diagram is only for display purposes, the L2 switches are HP 2530s and L3 Juniper EX2200s. We can't move hardware around due to noise levels. Effectively what I'm wondering is what would be the most efficient way to lay this out? This network has to support roughly 20 IP telephones, 20 IP CCTV cameras, 65 computers, 50 iPads, about 20 random other devices and roughly 6 servers. We use a Sophos UTM in location one for incoming Internet connections. This is in an educational environment so there could be traffic bursts between lesson changes or across VLANs. Would I be best sticking a couple of bonded fibre links (2 each) between the three locations in a triangle and enabling STP? That seems like the easiest solution but not necessarily the cleanest. How would you guys deal with internal inter-VLAN routing? I'm aiming for simple and reliable design here... but I could be massively overthinking it. Cheers [link] [comments]  |
| OSS/Inventory system(s) of some kind Posted: 29 May 2018 11:50 AM PDT Hello friends, My company is, among other things, an ISP for businesses and we're looking into getting a proper inventory system. We're considering either purchasing something or building our own and I'd like some advice on this. We want to be able to do the following:
We've looked into NETadmin a bit as a few of our subcontractors(?) use it, but it mainly seems to be for much larger FTTH companies, but maybe it's applicable to us too? Do any of you guys have any recommendations? Is what we're looking for even realistic in terms of what's available already? [link] [comments]  |
| Posted: 29 May 2018 08:04 AM PDT I am trying to configure netflow 9 on a cisco 3850, the issue that I keep running into is when I apply the monitor on the layer two VLAN interface, I get an error message that reads "Flexable Nfetflow not supported on layer 2 interfaces". The monitor also does not work on switchport interfaces. Currently I have it configured and working on another 3850, applied to a "routed" interface. Is there a work around to have it setup on a layer 2 switch? Also note, the switch only supports Netflow 9 and IPFIX Any assistance is appreciated. [link] [comments]  |
| I need to get two logically separate tunnels from Juniper MX104 to Cisco ISR4k over MPLS cloud Posted: 29 May 2018 02:38 PM PDT Was originally thinking two GRE tunnels but Juniper gave me the error of not being allowed to configure two GRE tunnels to the same destination IP.... Perhaps a pseudowire tunnel? Will that work between JUNOS and IOS? --------- storage vrf ---------- MX104 --- Provider MPLS --- ISR4k [link] [comments]  |
| New role tomorrow - how to settle in? Posted: 29 May 2018 01:47 PM PDT I'm starting new role tomorrow with a much smaller company. Currently work for a large MSP, and I'm moving to a small UC/ISP shop (network team is myself and 2 others!) How would you approach the first few weeks while you get your head around their network and their way of working? [link] [comments]  |
| [Design Question] Should I decentralize my networking equipment? Posted: 29 May 2018 01:28 PM PDT Hi all, I'm looking for any resources/info on the pros/cons of decentralization of my gear. I may answer my own question here, but I'm curious if I'm thinking about this incorrectly. Currently, we have two distribution points for our whole building. Cable management is atrocious, it's near impossible to trace wires. What I want to do is get most of the equipment out of our server room, and distribute it to locations closer to the actual point of use. Right now we're using modular procurves, around 240 ports between them at the moment, and mostly full. So, what happens is the wall jacks terminate to a patch panel in the server room, and from the patch panel to the switch. The cabling is atrocious since both of those switches are on separate racks on the bottom of each rack. Cables running EVERYWHERE. And essentially the same thing for our other distribution point, connected back to the main server room via fiber. Is there any reason why I shouldn't (essentially) "departmentalize" smaller switches? For example what I want to do. Remove all the wiring from the server room for each wing, and have a piece of fiber run to a secondary 48 port switch in a secure area near where the cables are needed on a two post rack. Have a 24 port patch panel above and below the switch, and use like 6" cables to go from patch panel to switch. Top panel terminates to top ports, bottom panel to bottom ports. Also, have room for another switch if we need to expand. [link] [comments]  |
| Bandwidth utilization monitoring? Posted: 29 May 2018 06:28 AM PDT Hello! My hospital has been plagued with super slow download speeds for the past few days (1-2Mbps from a 100Mbps circuit). I'm looking at reports from our ISP and it shows the circuit being saturated however when looking at our LAN side with Whatsup (network monitoring software), nothing seems to be using that traffic up. Likewise when checking our Checkpoint (layer 7 firewall) for which device(s) are using up all the bandwidth, it shows about 40-70Mbps INCLUDING the LAN traffic at any given moment. Does anyone know of any way I can pinpoint which device is eating up all the bandwidth? [link] [comments]  |
| ospf route path visualization tool? Posted: 29 May 2018 06:35 AM PDT Is there a program/tool that will allow one to visualize medium to large ospf networks and their preferred and secondary paths. Ideally a tool that would scrape my existing ptp's and their bandwidths and put together a map of routes. Something where I can add in new nodes and ptp's to existing nodes and have it show me where the paths to the core. I'm thinking of a weathermap for ospf. Something more automated than my whiteboard and a marker. edit: Bonus points for open source or integration with librenms [link] [comments]  |
| Feedback on Network of 9 Machine Vision Cameras at Remote Locations Posted: 29 May 2018 07:59 AM PDT I've recently installed a single GigE-Power Over Ethernet machine vision camera at a client's location and they are now interested in expanding to 3 locations on site with 3 cameras per location. The locations are distant enough (>100m) from both the control room and each other that we want to run fiber instead of ethernet cable as much as possible. So I've come up with the arrangement in the linked drawing as a potential solution. A switch at each location capable of PoE and at least 1000Base-T capacity to each PoE/GigE vision camera, and 10G SFP+ connection that will leave the location to the control room. At the control room a 10G SFP+ switch to bring the 3 fiber runs from the distant locations to a single computer (which is the ideal we'd like to test/implement, but it may turn out necessary to expand to more computers due to CPU limits). Looking for feedback on any issues with arrangement or equipment selection. I've not set this up before and any being made aware of any pitfalls I might run into or information you can point me towards would be greatly appreciated. Thank you. Location Switch - D-Link Systems 28-Port SmartPro Stackable PoE/PoE+ Switch & 2 Gigabit SFP Ports and 2 10GbE SFP+ Ports (DGS-1510-28P) - Will also search for a model that has fewer ethernet ports but still has PoE. Cisco rep suggested Catalyst 2960-X and 2960-XR Series. Or Cisco Catalyst 3560-CX Series (thanks bmoraca) Control Room Switch - Aurora IPX-FSW-8 ? or Cisco Catalyst 9500-16X (thanks bmoraca) Desktop NIC - StarTech.com PCI Express 10 Gigabit Ethernet Fiber Network Card w/ Open SFP+ - PCIe x4 10GB NIC SFP+ Adapter edit: added camera link [link] [comments]  |
| New info about SpaceX StarLink - sat-to-sat FSO links, 25ms Posted: 28 May 2018 11:11 PM PDT A tweet from Musk the other day confirmed some early test results they're seeing from the first 2 test satellites. 25ms round-trip latency! Also interesting was the info around using inter-sat links. I did a bit of looking around and there's several players offering 10Gbps for inter-sat links over hundreds of kms: [link] [comments]  |
| You are subscribed to email updates from Enterprise Networking news, blogs and discussion.. To stop receiving these emails, you may unsubscribe now. | Email delivery powered by Google |
| Google, 1600 Amphitheatre Parkway, Mountain View, CA 94043, United States | |
No comments:
Post a Comment