Looking for small-scale datacenter/carrier layer 2 switch Networking |
- Looking for small-scale datacenter/carrier layer 2 switch
- How do you decide/prove/justify when a link is congested and needs more bandwidth?
- What workflow does everyone follow when rolling out new network?
- Cisco show eBGP routes discarded because of local ASN in received path
- Switch for customer sites
- 5520 WLC DHCP on isolated guest network
- OSPF hello packets on outside interface
- Help with punch down
- Checkpoint Firewall - Hints?
- Cisco compatible 100Gbe Optics
- 3064-X as border switch?
- Question about VPC loops
- Reference architecture libraries?
- Need help with cisco configuration
- Ruckus(brocade) vs Aruba switches
- hp procurves in ring topology
- Question on Oxidized
- To move racking equipment.(HA SSG320 ScreenOS)
- BFD Authentication on Juniper Firefly / vSRX
- PVST to Rapid-PVST Migration - Downtime
- Family Small Business Network Overhaul Advice
- Monitoring with Nagios if UDP ports can be accessed?
- Stuck in > prompt on Aruba switch
| Looking for small-scale datacenter/carrier layer 2 switch Posted: 31 May 2018 09:30 AM PDT We're looking at replacing our current installation of white-box switches running Cumulus. They operate only as layer 2 devices, and we have standalone routers that trunk to these switches. The problems we currently have are with giant flows and the small buffers on these switches which are designed for datacenter traffic, not carrier traffic. Our datacenters are potentially 125ms or more apart, so our throughput is very sensitive to packet loss. Window tuning of hosts only goes so far and sometimes isn't even possible. Our normal set is 2x 1U 10G SFP+ switches which can handle both 1G transport cross connects and 10G connections to our VMWare cluster and routers, and then 2 more 1U copper switches for 1G connectivity for infrastructure (PDUs, DRACs, Terminal Servers, etc) and legacy servers that can't do 10G yet. We would prefer to keep this topology to efficiently use space and have separate switches at each layer for redundancy. I think this puts me in the range of Nexus 9300 switches (2 Nexus 9372PX and 2 Nexus 9348GC-FXP). I'm also not sure what price range is reasonable for this, but list for 9372PX appears to be around $30k. Half that would be the range we're looking for (the white-box switches have certainly spoiled us on price). Questions about these switches:
The Nexus 3000 series seems scaled down some, but with only 12MB of buffer which has so far been not sufficient on our white-box switches. Are these numbers directly comparable between platforms, or is there some Cisco magic that makes better use of available buffers? Catalyst 4500-X seems possible as well, but there's no copper version (which I suppose isn't awful if I can use copper SFPs), and the maximum densitiy is 40 ports in 1U instead of 48. The cost certainly seems better, but do I lose anything besides layer 3 features I won't need anyway? I don't want to make the mistake of buying an aggregegation switch when I really need a carrier switch. [link] [comments]  |
| How do you decide/prove/justify when a link is congested and needs more bandwidth? Posted: 31 May 2018 03:46 PM PDT So I have some links with nonzero output drops. I think they need more bandwidth. Actually, I know they need more bandwidth. But I want to understand why better, both for my own information, and so I can best explain it to the client and my colleagues. I can already hear them say "The NMS says they average 25% line speed, and the daily max never exceeds 60%, so why do we need an upgrade?" I know about microbursts and %utilization is actually just line speed averaged over a time period, and an interface transmits at either 100% or 0% line speed, and how buffers help prevent unnecessary drops, and how a bit of buffering is good, but beyond a certain point it's bad (bufferbloat, etc). So I have most of the pieces of the bandwidth/saturation/capacity puzzle in my head, but I need help crystallizing it into instinct. So what specific criteria do you apply when deciding when a link is saturated, and the cost for increasing bandwidth is justified? Some combination of output drops and average utilization, or is there more to the picture? [link] [comments]  |
| What workflow does everyone follow when rolling out new network? Posted: 31 May 2018 07:43 AM PDT To elaborate, I am in charge of changing out a aging infrastructure. I have the hardware here and ideas of how I want to handle it but I keep finding myself like scatter brained. Just looking for advice from the experienced on how everyone else handles rollout/programming. I did some excel work to make sure my VLANS are assigned to ports correctly but everytime I come back to the project I find myself spending more time trying to figure out where to go to next or where did I leave off. My lack of work flow sucks, looking for advice on what has worked for you guys in the past, this is my first real project, just trying not to cock it up. Thanks! [link] [comments]  |
| Cisco show eBGP routes discarded because of local ASN in received path Posted: 31 May 2018 12:58 PM PDT I had a specific prefix (Let's call it 10.8.1.1/32) I expected to receive on Router A (AS 65000) that originated from Router C (AS 65000, but I did not know at the time). Router A and Router C both have eBGP sessions to router B (AS 65001). Router A and Router C are not in an iBGP mesh. Obviously this will drop 10.8.1.1/32 but at the time I did not realize router C had a duplicate ASN. 10.8.1.1/32 also did not show up in "show ip bgp neighbor x.x.x.x received-routes" even though a packet capture showed 10.8.1.1/32 in the NLRI section. Router A (65000) --------eBGP------------- Router B (65001) ---------eBGP---------------- Router C (65000) I know there are many things that should have happened pre-issue to prevent this from happening as far as proper provisioning and record keeping, but from a practical standpoint is there a command I can run to see these types of routes that are being dropped or am I stuck to debugs and packet captures? I already have soft-reconfiguration enabled but it appears that is only for routes that are in the RIB. [link] [comments]  |
| Posted: 31 May 2018 11:24 AM PDT We're an ISP who happen to provide DIA and fiber layer-2 services. There's been a growing interest in customers who request QinQ capable L2 circuits. As a result I need to rethink our go-to switches for customer installs. Our distribution is currently a stack of HPE 3800 switches configured for QinQ. We've gotten away with this by using media converters in the past, but that isn't a viable means of offering managed services. For our larger customers we've also placed 24 port 3800 series HPE/Aruba switches, but I'd like to get the cost down. The features I'm looking for are:
i will also mention that i have tested a Fiber Store S1130 switch which fit the bill except in two areas:
I appreciate any and all feedback. Let me know if I left any thing out or something above is confusing/ambiguous. [link] [comments]  |
| 5520 WLC DHCP on isolated guest network Posted: 31 May 2018 02:09 PM PDT Cisco has eliminated the internal DHCP server on the 5520 that used to exist on the 5508. They now recommend that the controller should be a DHCP proxy to an existing internal DHCP server. Ok, fair enough. Does anyone have direct experience putting this in place with a WLAN that is on an isolated VLAN and can't access any internal resources? I know that the WLC is a DHCP proxy and it should still issue an address, but how does it know which scope to use if there are multiples? I can't seem to find any good documentation about this either, beyond high level descriptions. [link] [comments]  |
| OSPF hello packets on outside interface Posted: 31 May 2018 07:26 AM PDT I happened to be looking at the Real-Time Log Viewer on a Cisco ASA and noticed we are getting OSPF Hello packets advertised to us on our outside interface. We are not using OSPF externally or internally, so I was wondering if this is an unusual occurrence? All the IP's that are sending the OSPF hello's are coming from IP's that belong to the ISP. Some Private addresses and some Public. We aren't experiencing any issues, just more of a curiosity question. Is there a configuration mistake on the ISP's side? [link] [comments]  |
| Posted: 31 May 2018 10:07 AM PDT https://i.imgur.com/I2i4f9Q.jpg Hey all, I'm in IT and I just arrived on site at a new office. I was told to setup the network here, and that the cubes were already run with cat5. Upon arrival however, I found the cubes weren't run, and I now have to figure out how to punch these down (without a punch down tool no less). Was wondering if anyone had seen these types of keystone jacks and knew how to punch them down. [link] [comments]  |
| Posted: 31 May 2018 06:30 AM PDT Hi guys, I'll get right down to business. We're a middle sized company, we're currently looking to replace our ASAs and having a few partners courting us. Checkpoint came to us with a project using their 15000 series, thing is, i've been reading horror stories about them here since searching for them. Is the situation still so dire? We do daily policing on the ASA's, interruption of traffic on policy change would be a substantial setback, as would an appliance that drops traffic without reporting, and so on. So, here to ask your experience on the matter! Other vendors are at play here too, but obviously, they all talk about how awesome they are. [link] [comments]  |
| Cisco compatible 100Gbe Optics Posted: 31 May 2018 02:44 PM PDT Looking for feedback from folks who have tested or are running Cisco compatible 100Gbe optics in some of the newer product such as the Nexus 93180YC-EX and Catalyst C9500-48Y4C. Use of 1 and 10Gbe third party optics appears to be fairly commonplace and low risk, and we've had good experience in our testing with Cisco compatible optics from fs.com. Wondering, though, about the qsfp28 optics. Have you had good experience with third party? If yes, with which optic provider? If no, can you elaborate on problems that you encountered? In your experience, does Cisco's third party optic position / policy change once you get beyond 10Gbe optics? Putting together a project that may require 15 - 20 of these optics, and the price difference between Cisco (after discount) and third party is considerable. Would like to consider going third party and stocking a couple Cisco-branded spares. [link] [comments]  |
| Posted: 31 May 2018 02:41 PM PDT Has anyone used a 3064-X with Lan Enterprise as a border device? Would terminate some 10G WAN with BGP (Default Route only) 99% of traffic would be 10g to 10g so smallish buffers shouldnt hurt too much, remainder is 10g to 1g. Internal routing would be to a single OSPF area. I do use a IP SLA to track when I need to inject my networks into my backup transit pipe, and some (simple) route-maps. Device it would be replacing does no traffic shaping or QOS, or any MPLS, just routing and throwing packets. Is there anything that it would not do say compared to a mainline catalyst L3 switch (4500-X) [link] [comments]  |
| Posted: 31 May 2018 12:19 AM PDT Hi guys, We are planning to implement the linked topology. As you can see on the picture below, there will be 3 N5K pairs in separate VPC domains, connecting to both 6500s. Thanks [link] [comments]  |
| Reference architecture libraries? Posted: 31 May 2018 02:11 AM PDT Is anyone aware of decent resources for reference architectures? I'm aware of the AWS Quickstarts, the Azure Reference Architectures and Cisco's Validated Designs Program. Can anyone recommend any other sites or books on the subject? [link] [comments]  |
| Need help with cisco configuration Posted: 31 May 2018 10:19 AM PDT Hello all. I'm trying to reconfigure a few switches. As you can see, the router that's labeled "Not Ours," I don't have any control over but it carries the following subnets into Switch 1. There is a gb ethernet from Switch 1 to a server that functions as a router. Attached to the server is 2 additional NICs that carry the other 2 subnets, respectively. Its currently working fine except when the server goes down, it doesn't route the other 2 subnets and the computers on 10.21.48.0/26 and 10.221.46.0/24 are the only ones that can access the internet. I would like to have Switch 1 perform all the routing. If this is in an inappropriate area, please point me in the right direction. Thank you, dvcs [link] [comments]  |
| Ruckus(brocade) vs Aruba switches Posted: 31 May 2018 07:24 AM PDT Hey there guys Looking to any insight or something to push me over the edge for either switch purchase at moment. Comparing Ruckus ICX 7650-48 and the Aruba 8320-581A switch. Needs 10Gbe Base-T ports -- although will not need all 48 to be 10Gbe or POE. However, the ICX model in Base-T option comes with PoE Regardless. Usages; ToR switches for racks and also for Storage iSCSI Traffic.. the Ruckus ICX switches are coming in quite cheaper than the Aruba - quieter, and few inches shorter in depth. Also appear to be more flexible due to the port density/options. However, Uncertain of the Ruckus support/warranty as well as the IOS like syntax.... I've historically used Cisco, Extreme and HPE (3com and HP) [link] [comments]  |
| Posted: 31 May 2018 02:43 AM PDT Hey guys This might seem a bit trivial but for whatever reason i'm a bit unsure if this will just work out the box. I have a set of ~10 2920's installed at a customer site. We have been working on creating a ring topology for a while and now the last fiber has been put in place.. So I want to connect the ends to create the ring. How do I make sure that the traffic is blocked in the right place? - I would want it to be blocked at the place I now connect the new fiber to. So my ring is completed physically, but use STP to keep the looping out. [link] [comments]  |
| Posted: 30 May 2018 08:47 PM PDT I just recently set up Oxidized on CentOS 7. I'm not a CentOS/Linux guru by any stretch. The software appears to be working and backing up a few devices I set up as a test. However, as soon as I start oxidized I get this message (seemingly every time it polls the devices): /home/oxidized/.rvm/gems/ruby-2.4.1/gems/tilt-2.0.8/lib/tilt/haml.rb:77:in `block in precompiled_postamble': Haml::Engine#precompiled_method_return_value at /home/oxidized/.rvm/rubies/ruby-2.4.1/lib/ruby/2.4.0/forwardable.rb:157 forwarding to private method Haml::Compiler#precompiled_method_return_value Would someone smarter than me happen to know what this means and whether I need worry that Oxidized (or some function) isn't working properly? Thanks! EDIT: The error shows 3 copies whenever I click or open the web page. The web page and oxidized itself seemingly crash whenever I close the ssh session. EDIT: Error shows 3 times whenever the webpage is accessed/manipulated seemingly regardless of # of devices in router.db. Fresh install using Ruby 2.5.1 fixed other issues however errors still remain. Everything works fine regardless. As /u/KIMBOSLICE pointed out, the error was supposedly related to Ruby 2.5 but I was using 2.4 before. Changing version of haml makes no difference. Weird. [link] [comments]  |
| To move racking equipment.(HA SSG320 ScreenOS) Posted: 31 May 2018 12:18 PM PDT Hi, Im planning this task for next month. I have installed 2 Juniper SSG 320 HA NSRP (active/pasive) My intention is to know how proceeded to move to the new rack. In other words, what checks to do on the FW beforehand, which to move first, execute some commands before and after, etc. ?? Thanks in Advance.!! [link] [comments]  |
| BFD Authentication on Juniper Firefly / vSRX Posted: 31 May 2018 04:31 AM PDT I'm trying to configure BFD authentication between a Cisco CSR1000v and a Juniper Firefly or vSRX, but I can't locate the proper config on the Juniper side. On the Juniper side I'm trying both: Model: firefly-perimeter JUNOS Software Release [12.1X46-D20.5] and Model: vsrx JUNOS Software Release [17.3.R1.10] I was going along with https://www.juniper.net/documentation/en_US/junos/topics/example/policy-static-routes-bfd-authentication.html . When I get to the point of "set security authentication-key-chains", I find that config is not available. I've read that authentication-key-chains are not available on vSRX(s), is that true? Is there anyway to do BFD authentication between these two virtual platforms? [link] [comments]  |
| PVST to Rapid-PVST Migration - Downtime Posted: 31 May 2018 04:42 AM PDT Hello, I am a junior network engineer and I recently started a new job working in a data center environment with hundreds of VMs with applications at very high availability, I cannot allow to lose connection at any time of the day. Moreover, the system team works with Hyper-V and they told me if they lose the network for more than 20 seconds at a node, they lose all the VMs in that node. So I have to be careful at every change. We have two Nexus 5000 running VPC and 6 Cisco 3750 connected to each Nexus (So logically there is no loop) The Nexus are already running Rapid-PVST but the 3750 are running PVST. I want to migrate the 3750 to Rapid-PVST. I don't know how much time the network will be down (or if it will be noticeable or not). My problem is with the 20 seconds limit fixed by the Hyper-V infrastructure. How should I proceed ? Did anyone encouter this case before ? [link] [comments]  |
| Family Small Business Network Overhaul Advice Posted: 31 May 2018 06:43 AM PDT Background information: I'm a 21-year old student with Good computer knowledge and limited networking knowledge (revamped my home network). I understand the basic principles of networking but was looking for some sort of sanity check or advice on the plans that I have been setting up over the past week. I've been asked my by family to have a look at their networking and get it into shape, it's currently a dismal mess. They've had a quote of £590 to do some rudimentary rewiring, installation of a networking switch and of a new router from a local firm but I thought that was quite expensive. Currently they have the ISP-provided modem-router-ap connected to an 8 port gigabit networking switch. They have a couple of NASs connected to the switch which handle some database backups as well as some cctv recording. Most of the other ports are connected to a patch panel which runs up from the basement (where the networking is located) to the other 3 floors of the property. The patch panel is installed correctly with 24 cat5e cables which feed up to outlets so that is not of a concern. The wiring in the networking cabinet is a complete mess with only the patch panel installed correctly and the rest of the components on a box next to the cabinet with a mess of wires connecting them. Requirements
Proposed Equipment/Changes
Proposed Network Topology Diagram Questions
(btw, this is laid out in a similar post to mine with different requirements Link) Edit: Formatting [link] [comments]  |
| Monitoring with Nagios if UDP ports can be accessed? Posted: 31 May 2018 12:35 AM PDT Im trying to monitor UDP ports with Nagios if they can be accessed. My issue is that it asks me for a string to send it and it also expects a string back. AFAIK, this is not UDP standard. What is the best way to monitor UDP ports, from a networking standpoint? [link] [comments]  |
| Stuck in > prompt on Aruba switch Posted: 31 May 2018 06:25 AM PDT Good morning, How do I get out of this prompt? I searched Google but wasn't able to find anything. Thanks! EDIT "Only 16 lines allowed in multi-line input - command not executed: :" [link] [comments]  |
| You are subscribed to email updates from Enterprise Networking news, blogs and discussion.. To stop receiving these emails, you may unsubscribe now. | Email delivery powered by Google |
| Google, 1600 Amphitheatre Parkway, Mountain View, CA 94043, United States | |
No comments:
Post a Comment