Moronic Monday! Networking |
- Moronic Monday!
- Why dont we use /126 and /127 subnets for point to point networks the same way we use /30 and /31 for IPv4?
- Cisco 3850 OR 9300?
- Sflow Sampling?
- magic packet loss eraser with TinyFEC VPN
- How many access points do I need to give connection to a 4000sqft B&B?
- ISP Broker/Consultant recommendations
- Processing order of firewall ACLs vs NAT policies
- Dual ISP dual FW clusters - will this work?
- Flow control questions
- Novice question - how do you all decide which VLAN should be the untagged/native VLAN on an uplink port which connects to another switch?
- Juniper to Cisco Redundancy
- DHCP issues with our new 3650s and unmanaged switches
- Cat6E outdoor gel filled cable recommendations
- Logging to a Cisco WLC via a Jumpserver from a Windows 7 host without Cygwin
- Firepower 9000/4000 Cisco Bug CSCvm81014 or why cloud Licensing is great
- Got an interview for a job I'm underqualified for. Any tips from sr.network engineers on what to do?
- Route loop on mutual redistribution
- MDF/IDF environmental monitoring
- Basic ASA 5505 Config w PPPoE - Help!
- Noob Question: Do Business Internet Connections Require a Router/Modem in the Same Way Home Connections Do?
- 3rd Party Security/Firewall MSP - No read access to company owned firewalls.
- Understanding MPF Inspection
- Are there books which teach you how to implement a networking protocol in a practical manner?
| Posted: 21 Oct 2018 05:17 PM PDT It's Monday, you've not yet had coffee and the week ahead is gonna suck. Lets open the floor for a weekly Stupid Questions Thread, so we can all ask those questions we're too embarassed to ask! Post your question - stupid or otherwise - here to get an answer. Anyone can post a question and the community as a whole is invited and encouraged to provide an answer. Serious answers are not expected. [link] [comments]  |
| Posted: 22 Oct 2018 09:59 AM PDT It just doesnt make any sense to me! We have created a new version of IP just because we were so wasteful of IPv4, but we spend entire /64 networks on a point to point link! Can someone explain the logic behind this? [link] [comments]  |
| Posted: 22 Oct 2018 03:56 AM PDT So we are doing a remodel and I am going to make a 4 switch stack. Wondering if it is better to go with 3850 or 9300. I do not have any experience with IOS XE but from what I understand I basically don't up front. I can basically just configure like I used to and when I want to get into everything else I can do with XE then I can. So from that point of view then then here is what I can see the differences are:
Just wondering what your thoughts are out there. They seem to be very similar in price. [link] [comments]  |
| Posted: 22 Oct 2018 04:17 PM PDT How do You configure sflow sampling? I read that is usually 1:1000 for gigabit and 2:1000 to TenGigabit In some forums I see people talking about doing 1:1 for me that's no sample it's the whole traffic. I want to troubleshoot and have pretty good idea of what is going on in the network. I'm safe with 1:1000 ? I'll be monitoring 4 internet links, 10Gb each on a ELK Stack. Hardware isn't a problem. Please share your insights. [link] [comments]  |
| magic packet loss eraser with TinyFEC VPN Posted: 22 Oct 2018 02:25 PM PDT Shit network guys say : "You can't fix a bad connection by stuffing more data down the pipe". Well, yes you can. Someone finally wrote a mostly proof-of-concept app that uses parity and FEC to repair packet loss in realtime for a parity overhead cost. https://github.com/wangyu-/tinyfecVPN So, if you're stuck on a link that has randomly distributed packet loss, you _can_ make it go away - although you can't fix things like excess latency or large bursts of sequential packet loss( although he implemented optional interleaving to fix some sequential packet loss ) . The amount of parity overhead is configurable. I've always wondered why this hasn't been invented for running VoIP on shitty internet connections (tunneling only the voip and not the other traffic). Granted, this a sub-optimal solution to a problem that should be dealt with a "fix the network" wrench, but I think it's cool anyway. I'll certainly be trying it out the next time I'm using a craptastic wifi or 3G connection. Cliff notes: you have to compile it yourself because his server binary has internet routing disabled for obscure legal reasons in some countries that disallow VPN. If you're going to run this on a VPS, your provider needs to enable 'tun' for you. Here's the page that shows you how to route traffic through the tunnel [link] [comments]  |
| How many access points do I need to give connection to a 4000sqft B&B? Posted: 22 Oct 2018 03:23 PM PDT I've been asking You which teconolgy should I use to to give wifi to a B&B and You helped me a lot, so I decided to go traditional and use cables and access points instead of trying to use a wifi mesh solution. Now with that matter sorted out the actual problem is which/where/how many access points do I need to cover the area? As mentioned in the title is about 4000 square feet, it's an iron structure with walls made by layers of drywalls and mineral wool, to worsen that each room has an iron mezzanine and iron stairs to get there. - Plan A - The initial idea was to use the common area, unfortunately I can't use the ceiling there, so the AP (1 or 2) should be on one side of the corridor and this doesn't make me feel 100% confident about this solution. Is this a stupid concern or is right to be (slightly) worried? -Plan B - That is why I was thinking if it was the case of using smaller dedicated "in wall" access points in every room (I was already curios about those and than one of You mentioned them in the previous post and made me even more curious). There are many cons against this solution, complexity of both installation and system and obvioulsy the costs. The main question is will this solution be better and solve me problems or will it be only more expensive and I don't need it since already whit the "Plan A" solution I will be good to go? I don't know if the link works, this is a small map of the Area where I marked in different colours the ideal (for me) positions for the APs. Any comment about better placements would be appreciated but the green ones (In-walls) are in the only available position. https://photos.app.goo.gl/dkaPerTsuodd11T39 Last thing, I was oriented to use Unifi Hardware, as specified in the map, Plan A either AC-Pro or NanoHD and for Plan B the AC-IW, if I haven't misunderstood all those models use standard PoE and thus I can use any PoE switch instead of a unity one, will this be a stupid move? Thank You again in advance! [link] [comments]  |
| ISP Broker/Consultant recommendations Posted: 22 Oct 2018 02:45 PM PDT I have to track down DIA service for 50 new locations I am adding. Does anyone have a recommendation for broker/consultant? A lot of the locations will be rural so I need someone with a lot of smaller ISP's. [link] [comments]  |
| Processing order of firewall ACLs vs NAT policies Posted: 22 Oct 2018 09:18 AM PDT Is there a general rule for the order in which processing firewall ACLS and NAT policies take place on the same device, or is it normally vendor/device specific? I have only worked with SonicWalls before, but I did a packet capture using the SonicWall's built in packet capture tool and it looks like the firewall rules are applied first, then the NAT policies are applied (even though the timings are showing both occurring at the same time, the packet ordering always comes in this way). I previously tried looking for the answer in their documentation, but didn't find anything. Also, say if a firewall ACL is matched, then a NAT policy is matched, do firewall ACLs get checked again since the translated address might not be matched by the previous firewall ACL (assuming this is all occurring on the same device)?. Would this behavior likely be more vendor/device specific? I appreciate your feedback! [link] [comments]  |
| Dual ISP dual FW clusters - will this work? Posted: 22 Oct 2018 12:05 PM PDT I've been thinking of implementing this. North and South locations are separated by few hundred miles so it'd be nice if the traffic didn't go from user in south to FW in north and then again to ISP in south. Idea is to NAT all the users to local FW's NAT pool, one /24 in north and one /24 in south. Everything we allow internet users to access would come to the LBs (F5 BIG-IPs) and they would have their own /24's in each location. Then we could advertise the first /23 as a better route to north ISP and the second to south ISP. Traffic flow would be something like: North user in north site 1 --> north site 1 FW --> FW selects north default based on community --> get's natted to x.x.1.0/24 --> internets. Return traffic would come to x.x.1.0/24 that is being advertised with better values from north internet router. For traffic from internet to servers: South ISP advertises x.x.2.0/24 as a better route from their network --> hits our south LB --> LB does SNAT to south DC servers and gets return traffic back the right way. I think it would work, and the main idea is to have some load balancing between the ISPs as our north and south locations are somewhat equal in size. And not to cause extra latency in our network. We're currently getting defaults from the ISP but might switch to full BGP table. Also instead of NAT, I might switch to using just BGP communities. (Every FW is in it's own AS and so are the user networks) Any ideas or thoughts or anything? Thanks! [link] [comments]  |
| Posted: 22 Oct 2018 01:57 PM PDT Hello all, So I am working with a Nexus 9372PX on 7.0.3, we are trying to troubleshoot a potential issue and want to enable flowcontrol on the interface, however when I try I get this error: ERROR: Flow-control configuration is not supported on given interface From what I read: this is not going to work on this switch at all, from what my other engineer read, we need to just upgrade the switch. Anyone here have any help on this? We do have a TAC open but its been a couple days with no contact so its low priority due to not being in down condition. [link] [comments]  |
| Posted: 22 Oct 2018 01:44 PM PDT |
| Posted: 22 Oct 2018 01:23 PM PDT I am working on a redundancy project. I'm not 100% sure this is going to work. Here's what is being proposed: Stacked pair of Juniper EX each with a single member LACP setup in a redundant trunk group to two Cisco 6509s using STP. The Junipers do not participate in the STP. I see the redundancy working on each side, but I just don't know if the other side will switch unless a physical link is seen. [link] [comments]  |
| DHCP issues with our new 3650s and unmanaged switches Posted: 22 Oct 2018 12:57 PM PDT We bought some new 3650's 12/48 port switches. Basically 48 ports with 12 mgig ports. I work in a k12 environment and in a rear occasion we use unmanaged switch in a office or classroom to provide connectivity for a small group of devices without needing to run more cable or another managed switch. Over the last month I noticed two locations where we have a unmanaged switch connecting back to a 3650 and it not passing DHCP when "multiple" clients are on the unmanaged switch. We are using a Cisco 3650 switch with access port vlan 4 and tring to connect it to unmanaged netgear switch with clients all on vlan 4. This setup worked for us with our previous 2960 switches configuration. However, its not working well with out 3650 switches. I might get 2 out of the 4 devices connecting to the unmanaged switch but that's about it. I tried different unmanaged switches with no luck. [link] [comments]  |
| Cat6E outdoor gel filled cable recommendations Posted: 22 Oct 2018 06:45 AM PDT Our previous supplier of cable, Black Box, has stopped doing it. They have some armoured stuff but it isn't suitable. It's unfortunate because we went on to gel cable after having a problem with water ingress from a previous supplier and it's been faultless from them. Any recommendations would be much appreciated. [link] [comments]  |
| Logging to a Cisco WLC via a Jumpserver from a Windows 7 host without Cygwin Posted: 22 Oct 2018 06:36 AM PDT Is there any Python module (or anything similar in any other language you could recommend) available which would allow to establish an ssh connection from pure Windows environment (specifically Windows 7)? I can get what I need using Cygwin and pexpect, however my manager wants me to convert my scripts in such a way as to make .exe files out of them that my co-workers who don't want to install Cygwin and Python on their machines could use them as well. Before I can form executables out of them, and even before I connect to the Cisco WLC directly, I first need to establish an ssh connection (on port 8022) with the Jumpserver itself and even that proves to be tricky on pure Windows. For instance, here's the error code I get with the following script: The error msg: C:\Users\ABC\Desktop\XYZ Projekt>py XYZ_init.pyPlease enter your user name [ABC]: ABCPlease enter your password:Traceback (most recent call last): File "XYZ_init.py", line 7, in <module> conn.login(account) File "C:\Python36\lib\site-packages\Exscript\protocols\protocol.py", line 674, in login self.authenticate(account, flush=False) File "C:\Python36\lib\site-packages\Exscript\protocols\protocol.py", line 698, in authenticate self.protocol_authenticate(account) File "C:\Python36\lib\site-packages\Exscript\protocols\protocol.py", line 725, in protocol_authenticate self._protocol_authenticate(user, password) File "C:\Python36\lib\site-packages\Exscript\protocols\ssh2.py", line 339, in _protocol_authenticate self._paramiko_shell() File "C:\Python36\lib\site-packages\Exscript\protocols\ssh2.py", line 320, in _paramiko_shell rows, cols = get_terminal_size() File "C:\Python36\lib\site-packages\Exscript\util\tty.py", line 119, in get_te rminal_size close_fds=True) File "C:\Python36\lib\subprocess.py", line 624, in __init__ "close_fds is not supported on Windows platforms" ValueError: close_fds is not supported on Windows platforms if you redirect stdi n/stdout/stderr PS. I already asked a similar question in r/learnpython section but they weren't able to help me much so perhaps I'll have better luck here, with people who actually deal with networks on a daily basis. :) [link] [comments]  |
| Firepower 9000/4000 Cisco Bug CSCvm81014 or why cloud Licensing is great Posted: 22 Oct 2018 11:48 AM PDT BUG ID: https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvm81014 Symptom: "Failed to authenticate server" Conditions: Workaround: Status: Severity: This is a really fun bug and makes me do love cloud inventory/license management even more! It is also nice, that cisco did not publish a Field Notice for this and nothing on the appliance or in the smart license Manager told me that there is a failure. The only thing that got me on this is, is a tiny little syslog message,
Now tell me that message indicates something that represents a Severity 1 Bug. It looks like one of the many retarded error Messages that Cisco started to push with NXOS, that are pure cosmetical. The icing on the cake, is that the fixed version is not even available for download but atleast importing the certificate fixes it for now. [link] [comments]  |
| Got an interview for a job I'm underqualified for. Any tips from sr.network engineers on what to do? Posted: 22 Oct 2018 11:17 AM PDT Hey All, As the title states I just wanted to know what others may have done in a similar position as mine. I'm not severely underqualified but a lot of the requirements are based on a global scale and that is experience I have yet to acquire in real life. For example I will be handling the companies global network which requires BGP experience etc. Now I will learn BGP as fast as possible of course, but most of my experience in that is limited to GNS3 configurations and checking out looking glasses. I know I must inspire confidence in them and be 100% honest but if any of you have hired someone who was unqualified what was the deciding factor? I'm hungry and really want to prove to these guys that i'm capable. preciate any responses!!! [link] [comments]  |
| Route loop on mutual redistribution Posted: 22 Oct 2018 10:16 AM PDT Hello Network Friends, I ran into an issue where I think I have the fix, but don't quite understand the problem.. I found the fix I think by just punching in the right words in google search. The fix for this issue I believe is route-tagging so if you look at the image that I put in the link. we have an issue where before that 10gig circuit was stood up, if any branch wanted to go to Datacenter 2, it would go straight there through the MPLS and vice versa...and also if any branch wanted to go to Datacenter1 it would go straight there and vice versa as well....Life was good until the 10gig circuit went up. So the 10gig circuits been up for a month or so and I noticed that for some routes that want to go to a branch, I notice that it traverses the 10 gig link to get there....why I wonder!? For example, if lets say a computer in datacenter1 wants to reach a branch computer, it traverses through the 10 gig link to datacenter2, then down the MPLS to the branch computer...so instead of going straight down the MPLS off datacenter 1 like it used to, it takes the longer road through the 10gig circuit to get there... BUT this is not the case for every route...some will take the correct route of going straight down the MPLS to get to the destination and some will take the 10gig path through the other datacenter to get there. so I guess I understand that redistribution is causing this problem since it seems kind of messy....but I can't be sure. In the image I mention how we redistribute all the routes between BGP -> EIGRP and vice versa. The part I don't understand is why would it ever choose the correct shorter path for some routes, but not for others... Please let me know if you need more details. [link] [comments]  |
| MDF/IDF environmental monitoring Posted: 22 Oct 2018 08:51 AM PDT What does everyone use for MDF/IDF environmental monitoring? Things like temp, humidity, light level, dry contacts, etc. Everything that I've seen online gets pretty expensive when you start talking about a large-ish number of rooms to monitor? I've honestly debated just hacking something together with an ethernet enabled arduino at this point. [link] [comments]  |
| Basic ASA 5505 Config w PPPoE - Help! Posted: 22 Oct 2018 08:33 AM PDT I can't seem to find a good tutorial on how to configure an ASA 5505 with my DSL ISP (PPPoE with IP reservation). I followed this guide to config the ASA's interfaces. How do I input the PPPoE credentials to authenticate? [link] [comments]  |
| Posted: 22 Oct 2018 02:24 PM PDT I've recently found myself taking over the IT responsibilities for my company (a medium sized machine shop). I've got my A+ and am actively working on my Network+, but I'll be the first to admit I still have a lot to learn. While taking inventory of the server room, I realized that I did not completely understand how a small business such as mine connects to the WAN/internet. Attached to the server rack I see:
What I do not see is a router or a modem, at least not in the way I'm used to seeing them. Additionally there are no cables coming from the wall other than power and Ethernet/phone. Is one of these appliances performing the function of a router/modem? Or is it possible there's one in the building in an area I haven't located yet? Or is this a service the ISP we are connected to would configure? I just wanted to ask for the sake of my own learning, any clarifying thoughts would be appreciated. [link] [comments]  |
| 3rd Party Security/Firewall MSP - No read access to company owned firewalls. Posted: 22 Oct 2018 08:12 AM PDT |
| Posted: 22 Oct 2018 04:12 AM PDT I've never really understood the ASA inspection policy. I've copied the default one below: I don't understand what it is actually doing. The Cisco docs just say "Inspections—Contains a static, predefined set of application-level inspection functions". This literally doesn't mean anything to me. So that people don't go off topic and talk about what you can do with inspection policies, qos etc, I want someone to explain to me what the default inspection policy is doing here for tftp, for example. [link] [comments]  |
| Are there books which teach you how to implement a networking protocol in a practical manner? Posted: 22 Oct 2018 10:57 AM PDT I was looking at the libtorrent repository and it is so huge that it is making my head spin. For now I have decided to go commits by commits to see if I can understand the underlying concepts and how they translate in code, but, is there any such text which does deeper in implementing protocols? [link] [comments]  |
| You are subscribed to email updates from Enterprise Networking news, blogs and discussion.. To stop receiving these emails, you may unsubscribe now. | Email delivery powered by Google |
| Google, 1600 Amphitheatre Parkway, Mountain View, CA 94043, United States | |
No comments:
Post a Comment