Rant Wednesday! Networking |
- Rant Wednesday!
- WiFi 6?
- "Micro segmentation" with a firewall
- Public Wi-Fi Guest Network, Separate 2.4 and 5 Ghz?
- Steelhead Mobile + Palo Alto VPN
- fs.com Fusion Splicer
- aws vpn - phase2 subnet question
- Am i crazy or what? Networking creating network diagram.
- BGP dual-homing & NAT'ing everything
- wlc5508 licensing
- Campus grade access switches?
- What happens to phone firmware when upgrading CUCM?
- Favorite multi-gig (802.3bz) switches and AP's
- Streaming Telemetry + Flow data: Is there any such product/solution that collects both?
- How do you tackle “unsolvable” oddball issues?
- Patch panels: Where should and shouldn't you put them?
- How do you organize your backpack?
- Company planning to move from Cisco ASA 5545's with Firepower services to Cisco Firepower 2140 security appliances. Does anyone have any experience of these devices and can give me their opinion on them ?
- Reconvergence issue
- What is the Impact of Client Upload Speed on Remote Access VPN Download Speed
- Network Telemetry - How is it different with NetFlow?
- Monitoring - SNMP OID Juniper list of instances
- WLC/AP reachability issue on same subnet
| Posted: 02 Oct 2018 05:14 PM PDT It's Wednesday! Time to get that crap that's been bugging you off your chest! In the interests of spicing things up a bit around here, we're going to try out a Rant Wednesday thread for you all to vent your frustrations. Feel free to vent about vendors, co-workers, price of scotch or anything else network related. There is no guiding question to help stir up some rage-feels, feel free to fire at will, ranting about anything and everything that's been pissing you off or getting on your nerves! [link] [comments]  |
| Posted: 03 Oct 2018 12:19 PM PDT What's your thought on the new naming convention? Will it help the not techy people understand the differences? https://www.androidcentral.com/wi-fi-6-next-big-upgrade-wireless-networks [link] [comments]  |
| "Micro segmentation" with a firewall Posted: 03 Oct 2018 02:26 PM PDT In DC, what do you think about small IP subnets like /28-/31 and having the firewall do all the routing between subnets? That way you could do sort of micro segmentation with a physical (well or a virtual but anyway separate from the VM platform) firewall. Does it cause much latency? I think it wouldn't, as the firewall could use the ASICs for the simpler rules. [link] [comments]  |
| Public Wi-Fi Guest Network, Separate 2.4 and 5 Ghz? Posted: 03 Oct 2018 08:03 AM PDT Hi, We've got a "public" guest network where customers have problems with more demanding services such as videoconference where their connections gets dropped and they loose connection for a brief moment. However this only appears to be happening to those on older HW enforcing 2.4 Ghz band only. The others on the 5 Ghz don't seam to be affected. So my question is, if it's advisable to create 2x SSID's one for 2.4 and the other for 5, in a way to clearly show that if they can only see the 2.4 then they won't get maximum performance. HTTP, TCP connections at their basic level sure, but maybe not more demanding traffic patterns. I've seen similar articles but they focus on either home networks or maybe corporate however this is something between. It's a public network where customers pay by the hour, however they bring their own devices which we ofc. don't manage. What do you guys think? Anyone had any experiences of similar situations with "public" wi-fi networks? // David [link] [comments]  |
| Steelhead Mobile + Palo Alto VPN Posted: 03 Oct 2018 07:42 AM PDT We've got Riverbed SteelHead Mobile deployed, but haven't really been using it for the last year or two. We switched from ASA to Palo Alto and have fully embraced L7 filtering. However the PA can't identify the applications tunneled by the Riverbed optimization, so we can't filter traffic based on application for users using Steelhead Mobile. I'm wondering if anyone else is in this boat and if/how you solved it? [link] [comments]  |
| Posted: 03 Oct 2018 12:15 PM PDT Has anyone purchased or used fiberstore's fusion splicer? The price seems too good to be true, so I'm a bit concerned about the quality of it. However, I have been using other fs.com products for quite some time and they've been working great (SFP/QSFP modules, patch cables) We aren't doing any long distance terminations, just within our buildings. We currently use Corning Unicam, but the cost per connector is pretty high and we've been having some reliability issues with the terminations (could be due to a number of other factors...) [link] [comments]  |
| aws vpn - phase2 subnet question Posted: 03 Oct 2018 01:26 AM PDT Hi Say I have a VPC with a subnet of 172.20.30.0/24 I then want to create a VPN tunnel to my on-prem stuff. I have lots of subnets in my on-prem that are constantly changing, so ideally i'd just want to make a phase2 that says 172.16.0.0/12 - and then make firewall rules after that. Will this work? [link] [comments]  |
| Am i crazy or what? Networking creating network diagram. Posted: 03 Oct 2018 11:12 AM PDT A little of backgroud on our company. I am a CCENT R&S certified. And my coworker is a MCSA certified. My boss is a CCNA and CCNP certified. Current time: I just got hired 2 months ago. And we are a MSP. My boss wants me to create a network diagram for all sites. I said "sure, cant be that hard". I look into the notes for each client, and there is a terrible network diagram for each client that my boss created. The diagram didnt use cisco networking icons, it looked like it was images pulled from google images.... No notes for interface, No notes for dhcp range, Very few notes op ip addresses for servers and router. You cant even tell what device is each in his diagram. Keep in mind that he has a CCNP and doesnt even know when and where or why to use a /30 ip address. He most likely bought the cert. Most of the networks on the clients sites are ROAS, and no redundacy what so ever. So i started drawing the diagram in draw.io. I focused on my diagram being simple and super easy to read. Following the Roas style. Firewall/router at the top, switch at the bottom and the rest below and to the side of the switch. He comes over to me and says my diagram looks ugly.... I told him, it supposed to be easy to read and understand not look pretty. Than my coworker comes over and tells me not to use Cisco device icons ( idk what they are called) But to use pictures of the actual devices so he can understand it. I told him that my way is easier to understand because its a standard. But he said we dont have cisco devices on sites, so i should not use cisco icons to represent each device based on the job it performs. I dont even know what to say. Am i wrong? Did i study wrong my CCENT??? I am starting to question if what i know is right or wrong.... [link] [comments]  |
| BGP dual-homing & NAT'ing everything Posted: 03 Oct 2018 02:46 PM PDT Diagram: https://snag.gy/2CRojL.jpg We have two locations and would like to use the local ISP towards the internet in each location. So the plan is to NAT anything that goes out from the city 1 to 192.0.2.0/24 and everything from city 2 to 198.51.100.0/24. This way the return traffic would also come back correctly, hopefully. We would advertise the routes to our two ISPs with AS path set accordingly. And if one ISP fails, the traffic gets routed between our internet routers and everything is fine. How do you see this design? We would also NAT all the servers going out to this subnet, maybe have /26 for users and /26 for server NATs per location. Plan is also to have all the web traffic from internet to our servers going to the load balancers first, so we'd slice a /25 for those from each city's block. We'd also duplicate the LB config and use NAT towards the inside network so that it wouldn't matter much if we had to fail over the connection. Any ideas? Thanks! [link] [comments]  |
| Posted: 03 Oct 2018 01:54 PM PDT I searched the sub and google, opened up a TAC case, and talked to my reseller and can't get a straight answer. Do adder licenses for the 5508 need to have smartnet software renewed every year? My understanding is these are one time license purchases that are additive and permanent. However, each adder license is showing up as a line item in my smartnet renewal quote. Even if they are renewed every year...is it really necessary to have each on as a line item? Couldn't I eliminate all of them except for one to keep the software support? [link] [comments]  |
| Posted: 03 Oct 2018 01:20 PM PDT Who is everyone using? I've usually gone with Cisco. Access at the current job is on Ruckus, but the product line we're on just went End of Sale. I'm going to investigate the Ruckus line that is replacing it, but I feel like now is a good time to check out other options. Had a lot of issues with stacked switches through Ruckus. Random DHCP forwarding issues, SSH issues that required us to locally zeroize keys often, and even just basic forwarding plane issues. I'm going to check out:
Important features for our environment:
[link] [comments]  |
| What happens to phone firmware when upgrading CUCM? Posted: 03 Oct 2018 08:22 AM PDT When upgrading CUCM does it keep the same firmware device defaults for the phones? and if not, are the phone firmware files still on CUCM so that I could manually change them back after the upgrade so we don't have 1000 phones upgrading their firmware? [link] [comments]  |
| Favorite multi-gig (802.3bz) switches and AP's Posted: 03 Oct 2018 12:01 PM PDT We're looking at doing some significant upgrades to the network and I'd like to hear about your favorite brands of multi-gig/NBASE-T/IEEE 802.3bz switches. Centrally managed is preferred, we are not brand-loyal or dependent, so all we need is the business justification (no more slowdowns and random dropouts with the wifi) We will probably need some multi-gig PoE-powered switches/AP's - if the switch exists, it will help with some distribution of internet to interesting areas without needing an extra power cable. [link] [comments]  |
| Streaming Telemetry + Flow data: Is there any such product/solution that collects both? Posted: 03 Oct 2018 01:21 AM PDT From my limited understanding of Network Telemetry technology, I'm beginning to see how this is totally different with xflow (netflow, jflow, sflow, etc.) not just in the push model but also in the data it collects where it seems that the flow details aren't present on Telemetry. Can anybody confirm if this is accurate? TIA [link] [comments]  |
| How do you tackle “unsolvable” oddball issues? Posted: 02 Oct 2018 05:05 PM PDT I'm talking about issues that are invisible to all troubleshooting and monitoring tools and methods, that everything looks fine, and vendor is blaming the network, and network is blaming the vendor, and back and forth it goes, with no end in sight. All the while, the users suffer, and don't understand why the issue isn't being fixed, and don't know or care who to blame, they just want things to work. I'm wondering if maybe some of you don't ever find yourselves in this situation, if in your environment "no means no" when you say it's not the network, and that word stands as law. But what about environments where you just plain can't say "it's not the network," and management keeps coming back and pestering you over and over again to "have another look" or get on daily calls with the vendor until it's resolved? What then? What do you do when packet captures look clean enough to eat off of, and nothing looks wrong at all? How do you guys/gals approach that? [link] [comments]  |
| Patch panels: Where should and shouldn't you put them? Posted: 03 Oct 2018 09:49 AM PDT Hi all, I'm far from experienced in enterprise networking, however I'm 18 and currently going to school where we've started to move on to this topic. There's a question I'd like an answer to regarding patch panels and where it'd be wise to put them in a network of about 7 servers, a switch, about 30 outlets i.a.: Would you recommend a patch panel between the server(s) and the switch, in addition to between the switch and the various outlets? (Servers > Patch Panel > Switch > Patch panel > TO). Or would to connect the servers directly to the switch? (Servers > Switch > Patch panel > TO). The switch would be placed in the same rack as the servers or in a rack just next to them, does this make the patch panel unnecessary due to the short length of the cable? What about a router/firewal, how would you patch this? Thank you for your answers, and for understanding my level of knowledge and experience! [link] [comments]  |
| How do you organize your backpack? Posted: 03 Oct 2018 09:33 AM PDT I'm having a hard time finding anything on this. For the amount of stuff I like to have on hand, there's no backpack that has a 100% perfect solution, so my new thought is to have some sort of container system inside the main cmopartment of my backpack. What I'm thinking is organizing into several smaller containers/bags within my backpack, IE:
Anyone have a good solution for this, or good type of container/bag solution? [link] [comments]  |
| Posted: 03 Oct 2018 12:12 AM PDT Hi Engineers, Next year the company I work for have plans to move from Cisco ASA's 5545 with firepower service to these Cisco Firepower service 2140's. The 2140's basically consolidate your firewall and the sourcefire into one box. At the moment we have a sourcefire physical appliance and a HA pair of firewalls which connect into that. I have always worked with ASA's so I am very comfortable with them, however this new solution sounds like it will be mostly GUI based which I don't usually like, especially when it's Cisco. I just want to get some feedback from engineer that have deployed and managed these Firepower service devices and find out if they are any good. Appreciate any feedback you can provide SW [link] [comments]  |
| Posted: 03 Oct 2018 08:54 AM PDT so i have a peculiar but very impacting issue. We have dual L3 MPLS Clouds for redundancy and very low BGP timers for fast failure detection. We started to see that whenever our Primary MPLS circuit went down at any site, our CE would flush the routes and failover to the other MPLS cloud in about 10-15 secs but our other sites kept sending traffic to the downed circuit. Basically sending traffic to a black hole. 3-5 minutes later the rest of the sites would eventually flush the routes from the site and use the backup MPLS to reach the site. This Also affects any routing update, if remove a route from being advertised, it would also take 3-5 minutes to update everywhere else. We did some afterhours tshoot and eventually saw that the local PE/CE flushed the routes right away when the BGP hold timer expired, now our SP was extremely skeptical on who was to blame. But they saw that the site route was not being removed on any of their PE's on a timely manner. Now their "solution" was to implement BFD to improve convergence. But now i am the one skeptical because BFD does not help to assure BGP routing updates get propagated. or am i wrong? has anyone dealt with this issue before? siteX ------------CE<-bgp->PE--- (MPLS Cloud) ----PE<-bgp->CE------------DC.site 10.x.x.x/24........failure.......................................(still sees route) [link] [comments]  |
| What is the Impact of Client Upload Speed on Remote Access VPN Download Speed Posted: 03 Oct 2018 08:13 AM PDT User A has 250 down and 10 up. User B has 100/100. After connecting VPN and checking in chrome dev tools user A has a 4-5 times slower download speed than user B. My thinking is that the slow upload speed on user A has a negative impact on their download speed over VPN. Am I correct in this thinking or am I way off base? Would love a solid answer on this as we have a lot of remote users and out application is primarily down only for remote access users. [link] [comments]  |
| Network Telemetry - How is it different with NetFlow? Posted: 02 Oct 2018 11:35 PM PDT So I'm working on a project on deploying a network telemetry solution as indicated by management. Can anybody here care to share their experiences on it on what it is, how is it different with NetFlow, what are the building blocks used for the solution? I'm working for a small ISP using Juniper MX Routers on an MPLS-based core. TIA for your answers [link] [comments]  |
| Monitoring - SNMP OID Juniper list of instances Posted: 03 Oct 2018 12:47 AM PDT Title says it all.. I can't find the MIB / OID for returning all routing instances on a SRX. Problem is that internet is full of guides explaining how to check specific data inside a routing instance (instance-name@community-string). However i need the output of all configured routing instances. Thanks in advance. [link] [comments]  |
| WLC/AP reachability issue on same subnet Posted: 02 Oct 2018 07:24 PM PDT I am working on a very small network that has a standalone ISE appliance, a WLC 2504, a 2960 switch, and 2 2800 APs. The default gateway is a FW. Everything is on the same /24 subnet. Basically a lab network. Simple, right? Apparently not. The WLC, ISE, and FW are directly connected to the 2960. After upgrading the WLC to 8.5.150 (I think), the APs took the new image, and promptly disappeared (couldn't rejoin the WLC). Neither of the APs (previously configured with static CAPWAP IPs) can ping anything else on the subnet, and nothing can ping them. All the other devices can still ping each other. I tried rolling back the WLC to the previous image (8.2), and that seemed to take fine, but the APs are in the same state. I took one down and consoled into it, and it refuses to take any CAPWAP command, saying "Capwap process not ready yet. Try after few moments." I have tried several solutions from Cisco forums and none have worked. A new AP from the box acts like it is only going to DHCP, saying it is waiting for an IPV4 address and uplink (to the best of my memory). I'm at the point now of considering just factory resetting the WLC and APs, and starting from scratch. Am I doing something painfully stupid, that I should know better about, or is this just another thorn Cisco is sticking in my ass? [link] [comments]  |
| You are subscribed to email updates from Enterprise Networking news, blogs and discussion.. To stop receiving these emails, you may unsubscribe now. | Email delivery powered by Google |
| Google, 1600 Amphitheatre Parkway, Mountain View, CA 94043, United States | |
No comments:
Post a Comment