Blogpost Friday! Networking |
- Blogpost Friday!
- BCP38 (reverse path filtering) Linux IPv6
- What is the aggregate time lost to IOS ip domain-lookup?
- /22 that bad for production networks?
- ACL question
- Opengear LTE passthrough - anyone using it?
- Graceful BGP Shutdown
- ISP Ring & Power Issues
- Ruckus R500 VLAN-s
- VLAN Mapping on Arista DCS-7052S 52R
- 3 routers, 3 subnets with shortest path
- [HELP] LTE Bandwidth Saturation & QoS
- Is it breaking a rule to have RFC1918 IP addresses visible to the Internet? Here's a traceroute to a public IP address...
- Visa Network Issues
- Deploying new firewall in a business environment...
- Help identifying the current HP switch nomenclature
- Fiber Media Converter works between router and switch, but not NID and router? HELP PLZ
- Using NAT for web server redirection w/ certificate?
- Children's Home In Serious Need of Internet Update (x-post: r/TechSupport Sent Me Your Way, Any Ideas?)
- Cisco Resilient Ethernet Protocol - an alternative to Spanning Tree Protocol??
- Cisco SD WAN DNA
- Turning Nmap into visio topology map?
- iSCSI round robin across two Nexus 3064 with nxos 7.0
- Nexus Command Mystery?
| Posted: 31 May 2018 05:18 PM PDT It's Read-only Friday! It is time to put your feet up, pour a nice dram and look through some of our member's new and shiny blog posts Feel free to submit your blog post and as well a nice description to this thread. [link] [comments]  |
| BCP38 (reverse path filtering) Linux IPv6 Posted: 01 Jun 2018 02:53 AM PDT Hello, implementing BCP38 for IPv4 on Linux is very easy, just flip the switch in "/proc/sys/net/ipv4/conf/*/rp_filter". Unforunately this is, to my knowledge, not possible for IPv6. The only solution I could find is the "rpfilter" extension for ip(6)tables.[2] My use case is for a debian x86 router which is CPU wise underpowered. I'm not doing any firewalling till now, hopeing as long as it doesn't have to do connection tracking and looking at anything above Layer 3 as much hardware offloading as possible is done via the NIC (mellanox connectX-3). My questions now are:
Thanks for your help! [link] [comments]  |
| What is the aggregate time lost to IOS ip domain-lookup? Posted: 01 Jun 2018 07:37 AM PDT How old is this feature and at what point did Cisco Marketing's intent switch from benevolence to malevolence? [link] [comments]  |
| /22 that bad for production networks? Posted: 01 Jun 2018 11:22 AM PDT We've traditionally used /23 subnets for our production networks and I see us needing a little more growth options moving into the coming years. I've split out many of our networks into additional /23 subnets, but am seriously contemplating bumping them to /22's as well. That would make things so much easier, but I'm a little hesitant as I've read you shouldn't go larger than a /23 or /22 in some circumstances. If I use a /22 subnet in production, is it really the end of the world? [link] [comments]  |
| Posted: 01 Jun 2018 12:33 PM PDT I have almost all set and working, but... 1) permit WWW_Int to reach WWW: 200.150.192.3 2) permit "REDE INTERNA" to reach SMTP and FTP on "REDE EXTERNA" 3) permit the "REDE INTERNA" network to reach WWW_int 4) permit the host 200.150.192.4 to reach WWW_Int The 4th request are hurting my brain! I'm stuck in the solution of this last request. Can somebody help me, since i can only have one direction ACL per interface? [link] [comments]  |
| Opengear LTE passthrough - anyone using it? Posted: 01 Jun 2018 12:26 PM PDT I'm looking at using Opengear boxes to do OOB for my Cisco serial ports and as a WAN failover to cellular. From the Opengear docs and video, it looks pretty straightforward. I set my ssh and https management ports to something I don't otherwise use. Other than these tcp ports, everything gets bridged between LTE modem and management ethernet port. I connect the Opengear management ethernet port to an interface on my ASA, and configure as "outside2" (or some such). I then configure the SA to use "outside2" as a backup link (yes, I know this isn't trivial on an ASA, but I know how to make it work). Public IP - I assume the LTE provider will give me a public ip4v address. Is that indeed the case? Do some carriers give private ip addresses? Can this be negotiated with the LTE provider? Can a static ip address be negotiated? Anybody using Opengear devices in this manner? Any gotcha's to be aware of? [link] [comments]  |
| Posted: 01 Jun 2018 02:17 AM PDT Hi, We have two routers which peer to our two ISP's using BGP. These routers then peer between each other to work out the best route out etc. The kit is Cisco ASR's. I was wondering how you guys would shut the peering down to one ISP for maintenance? I have been reading about graceful shutdown command - https://www.cisco.com/c/en/us/td/docs/ios-xml/ios/iproute_bgp/configuration/xe-3s/irg-xe-3s-book/irg-grace-shut.html Thanks, Matt [link] [comments]  |
| Posted: 01 Jun 2018 06:27 AM PDT So we have around 140 locations with many different providers, including Zayo, Centurylink, Level3(Legacy twtc), AT&T, Comcast, Charter, Legacy TWC, Uniti(Legacy Southern Light) and a few others. The majority of these are serviced by a single lateral, to a CPE, normally Ciena, Adva, or Cisco, with typically a standard duplex fiber uplink, though some use BiDi. Most of those, to my knowledge, are serviced directly out of a headend or central office, meaning as long as our site has power then we should be good, because the headend or CO would have generator backup so in the event of power issues all we have to worry about is our site itself. The obvious downside of this design is if there is a fiber cut along this single path then our circuit will go down. Several sites, including all of the legacy Level3/TWTC sites are on a ring setup. Single lateral to a CPE, but the CPE has dual fiber uplinks, meaning we could take a fiber cut on either side of the ring and still have service. They have DC batteries and a rectifier for a pretty solid uptime. Finally we have just a few sites serviced by a decent sized independent provider, and the issue happened this week where a storm came through the city and caused many power outages. Our service went down, yet we still had local power. What we ended up finding out was multiple customers on our ring had lost power (the right combination i suppose, on both "sides" of us) and that is why we lost service. So obviously this has posed some questions, i know they do not use DC batteries/rectifier, but did not recall if they provided a UPS to all customer sites, what the size of it was, and what the minimum uptime was. Basically they are reliant on customers power reliability and capability for the stability of their rings. So as a customer, no matter what preparations or capacity we have (generator, etc) we could still be offline due to power issues in the area and other customers lack of said preparations, which is a bit of a downer and opens up some questions i didn't necessarily think to ask before. Luckily we had LTE backup so critical services remained functional. So if anyone can speak from the ISP side, and other folks in a similar case from the customer side, what is your thoughts on this and what questions would you want to ask during the bidding/provider selection process to have the best comfort level with what you are purchasing? [link] [comments]  |
| Posted: 01 Jun 2018 08:33 AM PDT Hi Quite new to Ruckus WiFi systems and I am experiencing interesting issue with VLAN-s. I have configured two SSID-s:
Internal WLAN is working fine, no issues with it. But I am having issues with Guest WLAN. I can't get IP and 0 traffic goes to router in VLAN 2. I have tried following packet forward settings:
Network topology: CCR1009-7G-1C-1S+ -> R500 DHCP server is configured for both VLAN-s at CCR. Is there somekind of special sauce needed to get VLANs working in Ruckus? [link] [comments]  |
| VLAN Mapping on Arista DCS-7052S 52R Posted: 01 Jun 2018 08:28 AM PDT Hi guys, The Arista guide says that EOS supports VLAN mapping using: But I can't find that command on my switch. This is what the switch says: I'm running EOS 4.9.8 Arista supported features guide says that my model supports it. I can't find anything on Google. Maybe I'm doing something wrong? . I'm new to this switches. Thanks and sorry for bad english. EDIT: Formatting [link] [comments]  |
| 3 routers, 3 subnets with shortest path Posted: 01 Jun 2018 11:23 AM PDT I was trying to decide if this fit more in the home networking section, but the point of my experiment is to have a model of a more complex enterprise environment. Here's a simple diagram: https://imgur.com/a/4vzL8JE What I'm trying to set up is network that consists of 3 routers on 3 different subnets. I've picked up 3 WRT54GL v1.1 routers to try and do this on a budget. I have no problems getting devices on the 192.168.2.0 network to talk to the 192.168.3.0 devices via the 192.168.1.0 router. However, I can't figure out how to create the direct route between the 2 without going through 192.168.1.0. I was also hoping to find a way to make it resilient to a cable being disconnected, but maybe that's asking way too much from this consumer grade hardware? Is this a limitation of using consumer level WRT54GL hardware? I was able to achieve the existing configuration by connecting the WAN ports on the 2 lower routers to the LAN ports on the upper one, and adding the routes to the routing table on 192.168.1.0. For that to work, routers 2 and 3 are both addressable on the 1 network. However, when connecting between the 2 LAN ports, I don't see a way to assign them the 2 IP addresses necessary for them to communicate directly. If this isn't possible, what hardware should I be using? I feel like it's a simple scenario. I do have a few Cisco 3550s available if they would be better to use, but I'm not familiar with configuring them. Sorry if this was too simple. I'm mostly trying to figure out if I need to go back to the drawing board or if it would be possible to use the 3550s to not have to buy new hardware. Thank you! [link] [comments]  |
| [HELP] LTE Bandwidth Saturation & QoS Posted: 01 Jun 2018 02:56 PM PDT |
| Posted: 01 Jun 2018 10:21 AM PDT C:\Users\tomdzu>tracert 162.245.240.129 Tracing route to h240129.basinbroadband.ca [162.245.240.129] over a maximum of 30 hops: 1 2 ms 7 ms 3 ms 10.0.28.254 2 * * * Request timed out. 3 1 ms 1 ms 1 ms h72-2-59-114.columbiawireless.ca [72.2.59.114] 4 24 ms 6 ms 7 ms 172.27.15.138 5 8 ms 8 ms 7 ms 172.27.15.25 6 24 ms 24 ms 24 ms 172.27.9.186 7 24 ms 24 ms 24 ms 172.27.9.194 8 24 ms 24 ms 24 ms 172.27.9.202 9 24 ms 26 ms 24 ms 172.27.9.210 10 27 ms 27 ms 31 ms 172.27.9.218 11 24 ms 24 ms 29 ms 172.27.9.226 12 24 ms 24 ms 24 ms h240129.basinbroadband.ca [162.245.240.129] Trace complete. C:\Users\tomdzu> [link] [comments]  |
| Posted: 01 Jun 2018 02:03 PM PDT Does anyone know what brought the network down? The media are always all over things like this but it's very hard to find detail on what exactly went wrong besides the fact it was a "network crash". BGP issue perhaps? Routes dropped? [link] [comments]  |
| Deploying new firewall in a business environment... Posted: 01 Jun 2018 08:58 AM PDT Hey everyone. We are looking at deploying a pfSense firewall into a business environment within the next couple weeks. We had a firewall a while back but, at this point, it is best to start from scratch. Our goal is to just block the outside world from getting in. A couple questions I have is:
Thanks! [link] [comments]  |
| Help identifying the current HP switch nomenclature Posted: 01 Jun 2018 05:02 AM PDT Which models are what used to be ProCurve? What would be the 24 port with SFP like HP 1920S 24G 2SFP (JL381A) but that has full ssh management, MSTP, VLAN and LLDP etc support? Many of the "basic" HP switches end up having a difficult to use Web only management, and the naming is all over the place now IMHO. [link] [comments]  |
| Fiber Media Converter works between router and switch, but not NID and router? HELP PLZ Posted: 01 Jun 2018 08:18 AM PDT Usually I'm pretty good at finding answers on the internet to problems I can't solve myself, but there seems to be a distinct lack of documentation floating around regarding this type of setup. If anyone has any knowledge about these devices, or about fiber in general (as I have little experience with fiber media outside of basic troubleshooting and connectivity), please chime in. Current setup: ---Short version: NID > router > switch, with 2 FMCs between the router and switch due to distance
Hardware list:
Reasoning:
Task: move the router from Building 1 to Building 2. Problem: the fiber media converters will not pass through the signal from the NID to the router. They will only pass through the signal from the router to the switch. I have absolutely no idea why. Explanation and notes: we have a backup internet connection (Comcast) installed in Building 2's telecom room that needs to connect to the router. The easiest solution is to move the router from Building 1 to Building 2, but even though the FMCs work fine to extend the connection from the router to the switch, I get no link light or activity whatsoever when connecting the NID to the router instead. Images:
Does anyone have any clue where to start? Do I need different FMCs that are able to pass through communication from the NID to the router? The existing ones are pretty much plug'n'play. I'd be happy to answer any questions that might help get me towards a resolution that doesn't involve spending countless dollars having our backup internet connection re-run. It also makes more sense to just have the router in the building it serves. Thanks in advance. [link] [comments]  |
| Using NAT for web server redirection w/ certificate? Posted: 01 Jun 2018 07:58 AM PDT So basically we have 1 external IP and a webserver running on that IP. There is also a certificate server that users must authenticate with (via a smartcarde) when connecting. My question is, I'm trying to setup NAT so that we have another webserver that doesn't use the certificate server, it's just running apache tomcat -- so I'm kind of wondering, where does the certificate check take place, is it after the user enters in the external IP (or website name) or before it even gets there? I'm trying to forward all requests on port 3295 to our other webserver that's on the internal network via our cisco firewall, I basically just configured it so requests to the external IP on port 3295 are sent to this internal webserver, and the other regular 443/80 requests are sent to the main webserver. Is this possible if I have one server that requires a certificate? when I enter www.websitename.com:3295 in IE it just times out. thanks [link] [comments]  |
| Posted: 01 Jun 2018 06:34 AM PDT |
| Cisco Resilient Ethernet Protocol - an alternative to Spanning Tree Protocol?? Posted: 31 May 2018 06:00 PM PDT Maybe someone could answer this question for me: I came across this today in some documentation (Cisco REP - Resilient Ethernet Protocol). I guess it's some alternative to STP.. Why would someone use this? What does this do over STP, why would I want to run it over STP, why would Cisco design something that STP already does? I'm guessing this is somewhat new? Anyone hear of this before? Use it anywhere? I'm curious... [link] [comments]  |
| Posted: 01 Jun 2018 06:04 AM PDT Long time visitor, First time poster here..I just wanted to get some feedback and thoughts on Cisco's new DNA licensing model that they are continuing to roll out. I briefly came across it when attempting to put together a BOM of VEdge Routers and the more I looked into it, the more it seems to resemble the Meraki licensing model. Where you pay the licensing and manage the devices from the "cloud" or you spend $80,0000 on their DNA Appliance so that you may manage them through "on-premise". Any thoughts? or has anyone rolled out a deployment using this model? [link] [comments]  |
| Turning Nmap into visio topology map? Posted: 31 May 2018 05:56 PM PDT I've always struggled to find a good way of building network topology maps for customer networks. I've seen numerous posts about building network topology maps and there are always several suggestions of using nmap. How do you convert an nmap scan into a visio diagram? [link] [comments]  |
| iSCSI round robin across two Nexus 3064 with nxos 7.0 Posted: 01 Jun 2018 02:48 AM PDT I'm trying to get a SAN configured on a set of nexus 3064's. Initially this was configured on a single switch with round robin working, however now that each host in the system is split between two, vm's on the esxi host aren't able to boot. This is resolved by resetting the path type to Fixed or last used. Neither of the SAN units, nor the ESXi host are connected to the switch using a port channel in the vPC domain, however vPC is configured with 2 40G uplinks in the peer-link. vPC is functioning particularly to synchronize the cam tables, but there is an in domain port channel to another switch that is functional. Also, the SAN nodes bond their links using the balance-alb algorithm, but are not lacp. All of the SAN traffic is on the same VLAN to simplify this, and I'm trying to achieve redundancy on the physical layer while not losing throughput. Is there a configuration I'm missing that will allow these switches to act as 1 unit? [link] [comments]  |
| Posted: 31 May 2018 05:47 PM PDT I can't seem to find a command that allows me to see the management0 interface IP for all VDC's. I would think in the case of device multitenancy that this would be a must-have for troubleshooting. I tried running "sh run vdc all" "sh ip int brief vrf all" and "sh ip route" from the admin vdc and didn't get any information on any of the other vdc's. Is the only way to get that information through a network diagram or have trunk links to the different vdc's allocated interfaces, at which point you run a "sh cdp neigh detail"? It just seems ridiculous from a troubleshooting perspective, despite it making sense from the near pure separation that a virtual context provides. [link] [comments]  |
| You are subscribed to email updates from Enterprise Networking news, blogs and discussion.. To stop receiving these emails, you may unsubscribe now. | Email delivery powered by Google |
| Google, 1600 Amphitheatre Parkway, Mountain View, CA 94043, United States | |
No comments:
Post a Comment