Took server offline, yet I can still ping it's IP, is there any other explanation than a duplicate IP? Networking |
- Took server offline, yet I can still ping it's IP, is there any other explanation than a duplicate IP?
- Does the degree matter when trying to enter the networking field.
- Improving performance of latency sensitive internet hosted application
- How to use Route Maps to get traffic to the Internet
- Anyone use a Cradlepoint for failover with a Juniper SRX?
- New deployment. AC / AC Wave 2 / AX?
- Followup: UDP Broadcast forwarding
- IP Migration
- Odd devices on my home network
- Looking to replace our wireless over an MPLS network
- What kind of Internet services do content providers like Netflix buy? And how does this differ from the kind of service a consumer buys?
- How to prove it's not the network
- Can OSI layers bottleneck a big UDP stream?
- What are you guys using for OOBM in your DCs?
- Cisco & Arista VLAN / Config help
- Can you set a static IP to a client machine from the router end?
- Creating a Site-To-Site AND Remote User VPN using Ubiquiti Unifi Security Gateway? Extensive details inside
- Toner/probe question: Why does the tone stop at the patch panel and not continue to the switch?
- Mobile App Test Environment
- How Many People are Using White boxes?
- Cleaning Up Mess - Subnet/VLAN question (X-POST /r/PFSENSE)
- Problems with some Cisco 1850 Mobility Express APs
- Everybody want's to play *Rant Warning*
- For ITs working for Gambling Sites, how do you protect your sites? How do you Optimize the website loading speed in different countries? How do you reach countries from the other side of the world?
| Posted: 09 Aug 2018 10:55 AM PDT What is the best way to find a duplicate IP out there if so? On zenmap I only find one host with this IP. What other possibility could there be if I physically unplugged this server from the network, yet still got ping replies from it's static IP? [link] [comments]  |
| Does the degree matter when trying to enter the networking field. Posted: 09 Aug 2018 12:00 PM PDT I am close to graduating with an associates degree in computer information systems, but I'm considering transferring and getting my degree in computer networking .The classes for both are similar but I'm wondering with compTIA certifications and getting my CCNA CIS degree would well warranted . [link] [comments]  |
| Improving performance of latency sensitive internet hosted application Posted: 09 Aug 2018 05:35 AM PDT The main LOB app my company uses is a client/server type application where the developer of said application provides all hosting of the back end in their datacenters, where we are hosted out of Chicago. They spin up a VM for each customer and size accordingly. We then install a client on our machine (a very fat .NET client) that makes calls over the internet to our instance in their datacenter. No data is cached locally in the client, everything is a request to the datacenter, from opening a full record, to changing screens within a record that load different field data. Latency is the #1 enemy of this application, and I have offices all over the USA. My corporate office is in the Chicagoland area and average latency to the hosting DC is around 5ms, can't be more than 40-50 miles of fiber distance in this instance. My offices in California are generally 45-50ms depending on provider. To give you an example on impact of more latency, the Chicago area office takes about 14s to open application, 4s to open a data record, and 2-4s to flip between different screens within the record. The west coast office times are 30s to open application, 13s to open a data record, and 2-6s to flip between different screens within the record. I've been ask to "find a way to make the experience faster for the slower offices". I understand that I can't make light move faster, and that distance is always a factor. I can explore alternate internet providers for a given location to see if latency would go down due to better routing, reduced hops count, etc., but I would expect this to not have much more than 5ms improve on average, maybe 10ms if I was lucky. Would you concur? Another thought is an MPLS/PNT type connection between west coast offices and my corporate office in Chicagoland, routing them over this link and out to the hosted DC. But, I don't know if this would yield any substantial performance improvement or not. Next thought is an SD-WAN provider, to see if one of them can do some magic in their black boxes to reduce latency once traffic hits their cloud. Zero experience with any of these whatsoever though. Last though Is standalone WAN optimization/acceleration gear (as opposed to SD-WAN offering it). SD-WAN/WAN optimization seem like they could offer the most potential benefit, assuming this application proves friendly to that kind of optimization. Easy enough (relatively speaking) to vet that out I suppose. Looking for feedback from those of you more experienced than me to suggest where I focus my efforts and prioritize my options. [link] [comments]  |
| How to use Route Maps to get traffic to the Internet Posted: 09 Aug 2018 06:26 AM PDT Diagram: https://imgur.com/a/J6qNYnN Red text is default routes on those layer 3 switches, and blue text is vlan identifier. We are evaluating a Palo Alto instead of our ASAs. I'm currently using a tap port to see our current traffic but I want to see some real traffic going through it as well. I have a network called IT Test hanging off to the right. Instead of the IT Test internet traffic going to the ASA, I'd like it to flow through the PAN but I'm having a hard time coming up with how to do that. I don't want to prevent that network from talking to the rest of my internal network, but I do want 'any' destination traffic to head out to the internet via the palo alto. The only ways I can think of doing this is via Route Maps or VRFs and I'm not sure how to configure this properly. 4500-x There are several issues I see with this. 1. Putting a next hop like that skipping the 6513 and it's not directly connected so that might not work. 2. I don't know that using a 'deny' statement on the route map actually fixes continuing to allow that network to talk to the rest of the internal network (especially 10.x.x.x). Do I need to put the route map on the 6513 even though the SVI for that network lives on the 4500? I don't even know if route maps are the right way to do this. Is a VRF a better/cleaner way? If I did a VRF for this network, would I have to run a new cable from the 6513 over to the 4500 to assign the VRF to a new interface? [link] [comments]  |
| Anyone use a Cradlepoint for failover with a Juniper SRX? Posted: 09 Aug 2018 12:04 PM PDT Got a few questions if you wouldn't mind assisting. I plan to use the Cradlepoint for cellular failover however, I'm trying to get a clear understanding on it's "IP Passthrough mode". I'm assigned a static IP from my ISP through my cable modem. I set a static default route to the gateway on my SRX (all fine and dandy). Now, according to Cradlepoint's tech website, their IP Passthrough mode would allow me to use cellular WAN IP mimicked onto my SRX (so I can use RPM/IP monitoring to failover. However, I'm getting competing info on whether I set my interface to DHCP or manually assign myself the Static IP cellular info. Anybody have any thoughts? [link] [comments]  |
| New deployment. AC / AC Wave 2 / AX? Posted: 09 Aug 2018 01:24 PM PDT I am not seeing many clients with ac wave 2 chips nevermind ax. What is everyone else doing today in terms of new deployments? ac? ac wave 2? ax? [link] [comments]  |
| Followup: UDP Broadcast forwarding Posted: 09 Aug 2018 12:59 PM PDT I originally asked a question about a month ago regarding forwarding broadcast traffic across a firewall and it was determined that that this was not a feasible or recommended option. Because the hardware/software involved in this project is proprietary and ancient, we are trying another route that I hope will be successful, but I would like some advice regarding this configuration. We have 3 VLANs, lets call them VLAN 101, 102, and 103. VLANS 101 and 102 are considered more critical and are on the "inside" of our firewall with no direct outside access. VLAN 103 is a DMZ on the "outside" of our firewall. All three have direct connections to the firewall. We have broadcast traffic on VLAN 101 that needs to get to a computer on VLAN 103. As a proof of concept, we installed a Cisco router between VLAN 101 and VLAN 103 and used the iphelper command to convert the broadcast stream into a unicast stream. This was successful, but by doing this we have now made our router an access point into our critical networks. I would like to move the router behind the firewall and use ACLs on the firewall to direct traffic to this 103 VLAN. What I wanted to propose was putting a router between VLANS 101 and 102, use iphelper to send a unicast stream to a VLAN 102 address, and then use a NAT and an access rule to get that traffic across the firewall. So in summary, VLAN 101 broadcast --> VLAN 102 unicast --> VLAN 103 nat to 102 --> udp ACL. Is this possible? Thanks [link] [comments]  |
| Posted: 09 Aug 2018 01:15 AM PDT we have 500-600 hosts in the HQ divided into 3 subnets. We are running out of IPs on one of the subnet. The bosses are urging for a migration from 192.168.XX.XX /24 to 10.0.0.0. We also have 53 branch sites. Note that in HQ and branches, The computers are on static IPs I'm making a migration plan. Any tips on what to do first or anything? thanks I'm the new guy in my company [link] [comments]  |
| Odd devices on my home network Posted: 09 Aug 2018 04:09 PM PDT Hello Reddit. I had a question for you. I noticed today some odd devices on my network while doing a LAN scan. They have bizarre names like,09ab01ac521702hg.surewest.net or amazon-07b4a2663.surewest.net . Yes I know surewest/consolidated sucks donkey balls and dong when it comes to service. The house was bought with internet and phone bundled into the price and the building courtesy of surewest and the real estate agency, so sigh. Anyway, the devices are static, not pingable, not network interface, no protocols, no nothing; just a name. What the arf are they? Should I be worried about them? In terms of network performance. [link] [comments]  |
| Looking to replace our wireless over an MPLS network Posted: 09 Aug 2018 03:31 PM PDT Looking at Meraki, IT director is not a fan of Cisco however. Might look at Extreme, Fortinet and Ubiquiti. What are you fine chaps using these days. [link] [comments]  |
| Posted: 09 Aug 2018 02:53 PM PDT I'm going to try and answer the question myself a little bit, so please point out any flaws in what I think the answer to this question is if you see them :) Also let me know if this is the wrong subreddit to post this question in, thanks! I'm an EECS college student interested in networking. I have been learning about how the internet works and its history, as well as the protocols, hardware, and companies are that make the internet work. I think I understand a lot about networking from a consumer perspective: I pay an ISP that is probably a tier 3 provider and they probably own the last mile of internet connection from my house to a Point of Presence(POP) in a city near me. That tier 3 provider only charges me for the data sent between that POP and my home, no matter where that data is coming from. Even if data came from a far away server and had to go through many intermediate networks, peering agreements, and interconnection points (that might cost these in between companies money to maintain), I still only pay for the data from the POP near me to my house. This seems like a great system for my local ISP since it probably costs more calculate my bill depending on where i am getting traffic from then the minuscule amount of traffic I am actually sending or requesting from outside my local network (due to things like CDNs putting content much closer to my local ISPs network). If this is the case. Then if I wanted to be Netflix, I could serve traffic from my home to anyone around the world, up to the max speed of the internet package I purchased, and my bill would still be the same, even if all of my customers were based around the world from me. However, my traffic would then be susceptible to being slowed down due to congestion in any of the hops in between through interconnection points in ISPs and things like that. Also my ISP might have a max speed available to me, and if I wanted to provide more content than that bandwith allows, I would probably have to negotiate a deal with my ISP to get an uplink of appropriate speed and at some agreed bandwith usage. I can see this agreement charging me based on where my content is going since the ISP might have to pay a lot more if I am sending substantial traffic to somewhere far away on another network. Alternatively, I could pay a CDN like Akamai, to put serve my traffic from edge servers put closer to my customers, reducing the effects that spontaneous congestion might have on my traffic. I would then pay my local ISP for enough bandwith to connect to Akamai servers that are close to me, and probably not have to pay much extra since I am not going through lots of interconnections. Akamai would probably have to pay for internet service that has lots of interconnections and agree to peering agreements however. I heard that Netflix was trying to make its own CDN, and that means it could potentially have to start paying for interconnection points were it couldn't get a free peering agreement. This means Netflix had to pay Comcast for example since Comcast didn't want to peer for free (side note - why would companies not want to charge Netflix for peering agreements for Netflix's CDN traffic? Netflix only really needs to send data in one direction so wouldn't the be an imbalance in traffic at the peering point?). Then I read that Netflix had to buy a direct connection to Comcast. But this doesn't make that much sense to me. Shouldn't Netflix just be able to make an agreement with a local ISP for some amount of traffic, and then pay that ISP based on how much the ISP has to pay for sending all of this traffic (which means paying for additional interconnection fees that ISPs might need to pay if Netflix has a lot of traffic leaving the local network)? I think I am getting kind of lost and confused even trying to explain this. But my main question is: What kind of internet service is Netflix (or a similar content provider) paying for? Who are they paying? And how does this differ from how a consumer level internet connection is paid for? Why can't Netflix just buy a 10 GBps up/down connection for each of it's datacenters/CDN boxes? [link] [comments]  |
| How to prove it's not the network Posted: 09 Aug 2018 02:53 PM PDT As we all know network gets blamed first every time something bad happens. In an enterprise (30k users, 30 locations) network what do you think would be needed for 9/10 cases to prove it's not the network? At least for us, first thing people ask is what has changed in the network. For that we're starting to use LibreNMS with Oxidized pushing configs to git. We could then quickly show what config changes have been made. I'm wondering if I should also get routing tables to Oxidized? Or is there a better way to monitor routing tables in the network? Besides config auditing it's probably all about monitoring the network? Some things I think would be useful to alert on and have on higher priority monitoring: (besides of course device availability)
We're also implementing NetFlow monitoring to understand the traffic patterns, and maybe see the situations where the client did send the traffic but the server didn't respond? Wondering though how we could monitor application latencies? We've tried installing Raspberry PI's to our remote locations and have them do connection tests to see if some location has suddenly worse response times than other. But it's quite hard to manage those if you have lots of services. On the DC side we could probably have everything behind our F5s and use their monitoring tools to get some data at least whether it's the client or the server. Thanks for any ideas! [link] [comments]  |
| Can OSI layers bottleneck a big UDP stream? Posted: 09 Aug 2018 02:46 PM PDT If all my cpu cores are handling and sending UDP datagrams at high rates, does the datalink/physical layers of the OSI model act as a bottleneck making the use of concurrent processing inefficient? Are there any good reads on this matter? Thanks in advance. [link] [comments]  |
| What are you guys using for OOBM in your DCs? Posted: 09 Aug 2018 02:14 PM PDT I've been looking at OpenGear. I think it'll do what I want, but their sales stuff is just leaving me with questions because it's so high level. What I want is a device I can remote into, in the event that someone makes a bad commit on our core switch or firewall in our datacenter, that will have console access to these devices. Ideally console to switches, firewalls, and server (by this I mean iLo/DRAC, etc). OpenGear is confusing me because it seems like it's supposed to act as an internet failover for my datacenter... unless I'm reading it wrong. I just want a cell line I can dial into if things go south in the DC which is remote. [link] [comments]  |
| Cisco & Arista VLAN / Config help Posted: 09 Aug 2018 06:03 AM PDT TL;DR: Host's don't communicate at 10gb speed when on the same vlan & connected to 10gb switch. Arista has to be set to dot1q-tunnel for cisco vlans to work. Forgive my basic level of networking - still learning, but i'm having problems with my lab's switch setup. As my L3 switch i've got a 3750E, my vlans are defined here and shared to a second 3750E in my primary rack (via VTP). This 3750E is connected to an Arista 7050QX-32 which provides 10gb (and some 40gb) uplinks to my servers. My upstream router is a Ubiquiti edge router. Problems:
I've checked the network & interface assignments in ESXI and that is all correct, so i'm at a loss as to why I can't get more than a 1gb speed. Any help would be greatly appreciated. Here are the configs for each switch (trimmed so i don't take up your entire screen): Core L3: (i'm aware a few vlans are missing ip addresses, but that shouldn't cause my issue.. should it?!) Rack 3750E: Arista: [link] [comments]  |
| Can you set a static IP to a client machine from the router end? Posted: 09 Aug 2018 01:15 PM PDT I overheard a co worker mention a vendor had set a static IP on the router for a client machine. It caught me off guard and made me think about it, but the only thing I can think where you could do something like that would be to assign an IP based off of the MAC address. Is something this possible or even best practice if the client is set to DHCP? I honestly feel dumb for asking this, but I can't recall ever doing something like this before. I've always set the static on the client end, never the router end. edit: Clearly I answered my own question :( Back to feeling dumb Thanks everyone! [link] [comments]  |
| Posted: 09 Aug 2018 12:30 PM PDT I am a non-expert that provides most of the IT services to my 30 person company. We keep everything very simple and use mostly Apple hardware and cloud services. We have never had a VPN and never had any need for it because we do everything in the cloud. We use a cloud provider for shared storage, cloud hosted email and calendaring, cloud hosted password management, etc. My office network uses Ubiquiti Unifi APs and switches. Historically we had a router running RouterOS that I know is very adaptable but when that router broke and when my preferred IT contractor that set it up wasn't available to help, I ended up purchasing the Ubiquiti Unifi Security Gateway as a replacement. Setting it up was super simple and its nice to have some of the router analytics coming through the Unifi dashboard, so overall I am a big fan. Fast forward to today, and one of our clients is asking us to set up a site-to-site VPN so that they can share some of their databases with us. Additionally, my company's employees that need access to those databases often work remotely, so I need to be able to "daisy chain VPN connections": I need to set up remote user VPN's for my colleagues here to VPN into my office network so that they can access the client database through the site-to-site VPN with the client's office. Right now I am trying to figure out how best to achieve this VPN/network configuration. In the short term I have asked the client to provide my colleagues with VPN credentials for their network, but in the medium term I would like to move to the site-to-site solution because its better for my company to be able to grant and revoke VPN credentials without having to notify the client. For example, every time we hire a new employee, or every time an employee leaves, I don't want to have to make urgent requests to my client to grant/revoke VPN credentials. Reviewing the Unifi Security Gateway documentation and online information, it appears that this router does support both site-to-site and remote-user. Only remote-user is documented in the User Manual but Ubiquiti has additional info about site-to-site on their website. I am wondering if even though the Unifi technically supports these features, whether it would be best to use a different device. I could either swap out this Unifi Security Gateway for a different router or I could add an additional piece of hardware just to enable the VPN configuration if that is a good option. This is what the site-to-site VPN configuration page on the Unifi dashboard looks like For the task of setting up the site-to-site VPN, my client sent over a "questionnaire" where they ask for the parameters of our VPN. Comparing to the Ubiquiti site-to-site VPN setup page, most of the line items that the client sent seem to relate directly to Ubiquiti settings, but there are some things that are missing and some things that I have other questions on. I definitely don't want to make this client a guinea pig to test the (possibly) limited VPN capabilities of Ubiquiti so if achieving this setup with my current router is sketchy then I want to take a different route. The client's VPN document is separated into 3 relevant sections: (1) VPN Tunnel Configuration Requirements, (2) IPSec Parameters (IKE Phase 1 Proposal):ISAKMP MAIN MODE NEGOTIATION, and (3) IPSec Parameters (IKE Phase 2) IPSEC QUICK MODE NEGOTIATION. The first section seems to be related to overall settings, whereas sections (2) and (3) seem to be different types of VPN connections. I am not sure if I need to set up for both types or if I only need to set up for one type. The Unifi has a section called "Key Exchange Version" that allows you to select "IKEv1" or "IKEv2", possibly those relate. I have separated the different sections below. In any case, I have already written up an extensive comparison between the options that the Unifi router provides and the options that my client's questionnaire provides, but before I triple the size of this post, I was wondering whether anyone has experience with Ubiquiti routers and knows whether it is advisable to go with that route. If anyone wants to read a writeup of all the options available in the Ubiquiti compared to the options that my client's IT department provides, I can post it immediately! [link] [comments]  |
| Toner/probe question: Why does the tone stop at the patch panel and not continue to the switch? Posted: 09 Aug 2018 11:33 AM PDT I'm new to this and recently got a Fluke Intellitone Pro 200. I noticed if I tone from the wall jack to the IDF/MDF the tone stops at the patch panel. I'm wondering why it doesn't continue down the cable from the patch panel to the switch. Also if I connect a cable straight from the tone generator to the switch, I don't hear a tone on the cable. The switches are PoE. Just wondering how it all works. [link] [comments]  |
| Posted: 09 Aug 2018 10:57 AM PDT So we have one PC set up as a server and that PC must talk to 6 others. That PC must also be available for HTTP requests from a cellphone. I was hoping there is a way to use a single router for this. I would like to do this without plugging the router into any network at all. Is this possible? [link] [comments]  |
| How Many People are Using White boxes? Posted: 09 Aug 2018 10:09 AM PDT Really curious whether this is now a mainstream effort or still fringe. Please share your experiences with white boxes and software-defined networking. [link] [comments]  |
| Cleaning Up Mess - Subnet/VLAN question (X-POST /r/PFSENSE) Posted: 09 Aug 2018 03:41 AM PDT (X-POST on /r/PFSENSE - here ) I am fairly new to pfSense and have some questions. Anyways here is my issue: someone didn't plan things well and I am trying to cleanup behind them. I am racking an environment and cleaning up a huge mess. Current setup looks like this: Dedicated Fiber <-> Copper Handoff <-> 5 port switch (eth0) 5 Port Switch (eth1) >> Sonicwall >> Public IP xxx.xxx.xxx.146 / Private 192.168.1.1/24 >> LOCAL LAN 5 Port Switch (eth2) >> Netgear Home Router >> Public IP xxx.xxx.xxx.147 / Private 192.168.1.1/24 >> Forwarding 2 ports to 2 addresses for PBX 5 Port Switch (eth3) >> Linsys e1200 Home Router >> Public IP xxx.xxx.xxx.148 / Private 192.168.3.1/24 >> Forwarding various ports to NVR System My problem as it appears to me is that the PBX and LAN are on the same private networks. I am waiting to hear back from the phone provider to see if they can push an update to the phones and move them to a different network and my life would be great. From others who have dealt with them I am told that they will want to come out and update every phone manually when I imagine they could push an update and I then just change the private network address. If this isn't an option am I stuck readdressing the entire LAN? I am currently switching out the Sonicwall & home routers for a Supermicro 5018D-FN8T Xeon D, 16GB DDR4, and 256GB NVMe running pfSense, it has (6) 1GB ethernet & 2 10Gig SFP+ ports. Possibly getting rid of the copper hand off also but that is another issue to be dealt with later. I will also have a Cisco SG300-52 (Layer 3 Managed Switch). Would it be possible to have 2 identical subnets with different VLAN tags on different interfaces with pfSense? Place on same subnet/vlan and 1:1NAT or Virtual IP map ports to internal PBX IP? Readdressing the LAN won't be an option until the following weekend as this is a warehouse/retail and downtime is not an option. [link] [comments]  |
| Problems with some Cisco 1850 Mobility Express APs Posted: 09 Aug 2018 09:16 AM PDT Hi there! On my Work Place we have 2x Cisco AP1852 (Mobility Express) and 3x Cisco CAP3602 as CAPWAPs connected to the virtual controller provided by the 1850s (so no dedicated appliance controller here) Problem, when there are more people on the Office (about 70 distributed by all the APs), the clients connected to the 1850 loose conectivity multiple times per day :( The clients drop and then reconnects to the clossest AP, I can't find the reason... Halp! Here are the Logs from when it happened just now: Controller: *spamApTask0: Aug 09 17:08:56.559: %LWAPP-3-REPLAY_ERR: spam_lrad.c:44908 The system has received replay error on slot 0, WLAN ID 1, count 2 from AP 20:3a:07:48:32:30 *apfMsConnTask_0: Aug 09 17:06:56.945: %APF-3-ASSOC_REQ_FAILED: apf_80211.c:9606 Ignoring 802.11 assoc request from mobile 60:36:dd:b9:6b:12 Since Dot11Radio 0 is not Enabled for AP:APPTL101 MAC:dc:ce:c1:23:3d:c0 *apfMsConnTask_0: Aug 09 17:06:56.934: %APF-3-ASSOC_REQ_FAILED: apf_80211.c:9606 Ignoring 802.11 assoc request from mobile e4:a7:a0:7d:a0:9b Since Dot11Radio 1 is not Enabled for AP:APPTL102 MAC:dc:ce:c1:23:48:a0 AP: Aug 9 17:06:56 kernel: [*08/09/2018 16:06:56.5066] DOT11_DRV[0]: Stop Radio0 Aug 9 17:06:56 kernel: [*08/09/2018 16:06:56.5966] DOT11_DRV[1]: Stop Radio1 Aug 9 17:06:56 kernel: [*08/09/2018 16:06:56.6866] DOT11_DRV[0]: Start Radio0 Aug 9 17:06:56 kernel: [*08/09/2018 16:06:56.8165] DOT11_DRV[1]: Start Radio1 Aug 9 17:06:56 kernel: [*08/09/2018 16:06:56.8565] ol_if_dfs_enable: called Aug 9 17:06:56 kernel: [*08/09/2018 16:06:56.8565] ieee80211_dfs_cac_start CAC Still Valid. Skip CAC Aug 9 17:06:56 kernel: [*08/09/2018 16:06:56.9065] ol_if_dfs_enable: called Aug 9 17:06:57 kernel: [*08/09/2018 16:06:57.1564] ol_if_dfs_enable: called Controller Version: 8.5.131.0 Regards, John [link] [comments]  |
| Everybody want's to play *Rant Warning* Posted: 08 Aug 2018 08:03 PM PDT I'm in a team of 4 Network admins. I'm the most senior Network admin there with only 6 years in the field. I've been working for this company for all of my 6 years Size is around 3000 users + Public web services to somewhat large audience 70 remote sites We have a large inventory of products to cover: Fortigate ASA Pulse Secur Nexus load balancers Catalyst switch ISE MSE WLC Physical infrastructure I've inherited a clean network originally by people who knew what they were doing. The network was much smaller at the time and had a lot less features. Now, it feels like it's slowly getting worst everyday. I've always told management we needed to split the work so each of us is responsible for certain types of equipment. This way I believe there would be a sense of responsibility and I wouldn't be responsible for other people fuck-ups. I've often been responsible for cleaning other people fuck-ups. When shit hit's the fan, they know who's going to solve the issue quickly. It takes quite some time to know all these different platform well, and honestly it's very hard, almost impossible to keep up to date with all of them. New comers are often against the idea of being constrained to a certain area of work or expertise, they like to get their hands on everything. This tend to create a messy environment, lack of care, and yes... problems. New admins get the key to the kingdom really early on. Management thinks we should all be able to solve the issues efficiently on all these equipment (So they have redundancy if somebody leaves). In reality this dream never get's achieved. We've never found someone in the job market that had experience other than Cisco Catalyst, and routers. Newbie just want to learn, but they often, are not very productive, most often do not follow internal documented guidelines (this create havoc in firewall). I always feel like I've got to clean up behind them, because I'm going to be the one that get's asked to tshoot when things go sideways. One of the guys has been practicing for is CCNP doing GNS3 75% of is job shift for the last year and a half. After the dude got told he wasn't hired to do GNS3 and seen is admin right to is computer removed, he proceeded to do his labs on the production environment. Recently, he crashed all vpns doing some kind of labs on the production environment. The guy still has trouble configuring an access switch properly... I told management I wanted him gone, I wasn't going to deal with his shit again. But the guy is still there after a week. They seem to think there's a way they'll be able to recoup this guy. FYI we have a full physical lab he didn't use, and there's plenty of jobs to be done. It's just that it seems like nobody want's to do what need's to get done, they just want to learn for their personal knowledge. When there's a project like replacing a core switch, everybody want's to get their hands on the device, nobody want's to the cabling inventory, physical planning, upgrade planning and documentation. I've recently seen one of big projects I've initiated, done all the justifications and administrative work for , being pulled from under me from a newcomer without anyone letting me know. I'm making a decent pay there, I'm not sure I could something similar if I went somewhere else, but the environment I'm working in is very frustrating. Management is quite deaf, I've spoken with them many times about this, They might tell me they are going to change things to hold me from leaving, but I doubt they will execute. I've always been a team player, I've been in the army, people who were not pulling their own weight would get smoked. But at this place, very often, it seems like it's only going one way, no consequences, no hierarchy outside of management. I plan on finalizing a couple of projects and start looking for something else, I'd like to avoid this type of environment in the future. Any advice ? Have you lived something similar ? [link] [comments]  |
| Posted: 09 Aug 2018 01:33 AM PDT Basically, how do you run a gambling site successfully, on the networking side? I know about Cloudflare, Incapsula, cloudfront, akamai. So for a gambling site, all you need is a good CDN, and ddos protection? Any more services needed? Thanks guys! [link] [comments]  |
| You are subscribed to email updates from Enterprise Networking news, blogs and discussion.. To stop receiving these emails, you may unsubscribe now. | Email delivery powered by Google |
| Google, 1600 Amphitheatre Parkway, Mountain View, CA 94043, United States | |
No comments:
Post a Comment