Rant Wednesday! Networking |
- Rant Wednesday!
- What's the reason to use multiarea OSPF nowadays?
- Traffic reinjection with Brocade MLX-8
- need help someone to verify my script to upgrade Active/Standby ASA
- Help: Connecting local business network to AWS VPC
- best practice for implementing public internet VLAN?
- Hello! Has anyone worked with P4?
- Anyone know where to get multigigabit UPoE injectors?
- TCAM Technician Interview
- I'd like to learn more about networking in a structured way.
- Dropouts After Installing Wall Ports
- Anyone have experience auditing with Nessus?
- Net Eng or Sec Eng jobs in Austin, TX. How is the market?
- Verify optical value on Cisco 4500?
- MRTG log file to total bytes transfered
- Home networking... but not /r/homenetworking... What is the best virtual router OS for road warriors?
- Dante IP addressing scheme
- Fortinet Fortigate 61E not logging even if all available logs options are active
- Are Cisco 3560G and 2960G fans swappable?
- Fax: Any XMedius users know an effective way of blocking spam/junk faxes?
- How to clean up cables in a warehouse?
- Network Design Feedback
- What is the difference between Networking and Telecommunications?
| Posted: 27 Nov 2018 04:12 PM PST It's Wednesday! Time to get that crap that's been bugging you off your chest! In the interests of spicing things up a bit around here, we're going to try out a Rant Wednesday thread for you all to vent your frustrations. Feel free to vent about vendors, co-workers, price of scotch or anything else network related. There is no guiding question to help stir up some rage-feels, feel free to fire at will, ranting about anything and everything that's been pissing you off or getting on your nerves! [link] [comments]  |
| What's the reason to use multiarea OSPF nowadays? Posted: 27 Nov 2018 04:03 AM PST Today the topic about right way area numbering was created. https://www.reddit.com/r/networking/comments/a0nug1/ospf_area_numbering/ And my question in the subject. Why use multiple OSPF areas in contemprorary network designs? Most L3-swithes support >10k prefixes, even low-end Mikrotik can process at least 5k routes. What's the theoretical limit for links in one area for current 1GE and greater networks? The issue is about ISIS too. And I know practices to use EBGP instead OSPF inter-area links. [link] [comments]  |
| Traffic reinjection with Brocade MLX-8 Posted: 27 Nov 2018 02:50 PM PST Hi guys, I've got a small network set up where I'm trying to test a traffic inspection machine. I've got it working to an extent that it works, but I would like to know if I can make it better. Currently, there are 3 parts to this network:
The Brocade MLX announces a set of IPs to its upstream. My ideal traffic flow is, traffic comes in from the Upstream to the Brocade. The Brocade sends most traffic directly to the TOR Switches, but for certain IPs, traffic is sent to the Traffic Inspection machine. The Traffic Inspection machine's return traffic is sent back to the Brocade MLX and flows to the TOR Switches naturally. What I've done to currently get this to work is utilize a PBR where traffic coming from Upstream AND matches ACL 150, is next-hopped to the Traffic Inspection machine. That way, when returning traffic from the Traffic Inspection box comes, since it is not coming from the Upstream, it flows to the TOR Switches naturally. What I did is on the Brocade, create ACL 150 with a list of IPs. Then, I have a route-map like so, which is applied to the Upstream: 1.2.3.4 is the IP of the Traffic Inspection box. This works - however, I would like to be able to do this a little more dynamically. Is it possible to have the PBR pull from a BGP speaking neighbor, rather than having to statically define an ACL? As far as I know this is not possible because if a BGP speaking neighbor announced a route to the Brocade MLX-8, then the return traffic from the Traffic Inspection box would just get routed back to itself, creating a route loop. Is there a way that I can make this work? Thanks in advance! Apologies if it's a little hard to understand, I'm by no means a networking expert! I have only got this far through many hours of Googling. [link] [comments]  |
| need help someone to verify my script to upgrade Active/Standby ASA Posted: 27 Nov 2018 01:59 PM PST I'm new to python script and netmiko module. This is my first python script, so bear with me if it's a big mess. I'm trying to do semi-automatic upgrade for active/standby Cisco ASA pair but not sure if this is going to work smoothly. Can somebody check my script and give me some guidelines and ideas to make it better? (maybe tell me where commands might fail or something). By the way, I'm manually transferring firmware file to ASA for now concern1: not entirely sure how relay_factor works(step#5). After running 'failover reload-standby', I want to wait like 10 seconds before I run next commnads in case standby ASA status doesn't change right away concern2: not sure about While loop (step#6). What I want to accomplish is keep checking status until it's 'Standby Ready', only then fail over. But I want to check the status every 5~10 seconds, so that's what delay_factor in the loop for. concern3: After failover(step#7,10), usually ssh connection disconnects. sending commands will re-establish ssh to new active asa? concern4(optional): At step#5, i want to abort the whole script if boot command didn't update. I can't think of a way. Thanks everyone in advance for ideas and help. [link] [comments]  |
| Help: Connecting local business network to AWS VPC Posted: 27 Nov 2018 08:48 AM PST Any help is appreciated, also if this is the wrong place to ask let me know. I'm familiar with the broad ideas but am by no means a networking expert. This should be a pretty common use case but I'm drawing a blank in my google searches. We have a VPC in AWS which I'd like to make accessible from our local network. Moreover, myself and the other engineers work from home from time to time so I'm looking to set up a VPN as well so we can work remotely. We have:
The router can set up a VPN server but it doesn't seem like it's capable of doing a gateway-to-gateway connection to our AWS VPC, which I believe is what would fit our needs. My question in this case is: is it possible to find a router that will replace my current router (i.e. provide WiFi and a vpn server we can connect to) and also connect to the AWS VPC? If so, any recommended routers? Or what terminology can I use to look for the routers? I keep looking for routers with VPN support but I think most results are for connecting to a 3rd party VPN service. We're 3 engineers at the moment, but I could foresee us growing in the future so ideally I'm looking for one which can support at least ~5-10 concurrent connections. Thanks! [link] [comments]  |
| best practice for implementing public internet VLAN? Posted: 27 Nov 2018 05:53 AM PST we have a bare bones NAC solution in place and it allows us to quarantine hosts on a port based on criteria like windows updates, AV updates, patches, etc. and move them to a different VLAN. in this case we want to create a public internet only VLAN. what would be the best way to implement this? I do have a working setup where a vlan int was created on a cisco layer 3 stack (3850) and an acl applied to it to block all traffic to private ip ranges except the vlan gateway. Wondering if there are better methods out there though.. thanks!! example config: The only caveat with the config now is that a host needs to be restarted in order to get a new IP address. [link] [comments]  |
| Hello! Has anyone worked with P4? Posted: 27 Nov 2018 05:22 AM PST |
| Anyone know where to get multigigabit UPoE injectors? Posted: 27 Nov 2018 02:55 PM PST I have a project coming up and would like to get multigigabit WAPs that use UPoE but have been unable to source injectors that aren't limited to 1G. I would rather not spend thousands of dollars to get a new switch just for this capability when all I need is a couple injectors. [link] [comments]  |
| Posted: 27 Nov 2018 02:17 PM PST The TCAM role is a Tier II/III technician responsible for fault detection, replication, isolation, and restoration of customer services across the Level 3 backbone and soft switch, egress/termination carrier networks, customer CPE, and unified messaging resources. If you were Hiring for this Position, what type of Questions would you ask? What type of answers would you be looking for? [link] [comments]  |
| I'd like to learn more about networking in a structured way. Posted: 27 Nov 2018 01:41 PM PST Title. What do you recommend? I'm a hobby programmer with some experience in C#, C++ and HLSL and I've been dabbing with programs such as Sonarr, Radarr and Torrents and the whole thing just fascinates me. I'd love to learn everything there is to know about networks, starting from the ground up. I'm looking for technical courses on how things work, just anything: Protocols, how LAN works, Torrents, Ports, etc. Digital media would be preferred. Thanks! [link] [comments]  |
| Dropouts After Installing Wall Ports Posted: 27 Nov 2018 03:56 AM PST I had a company come out and install three LAN ports in the walls. I provided the short cables that cross the final distance from the wall to the PCs/TV. Since then, I've noticed dropouts on the devices connected to 2/3 of the ports, but it's certainly possible it affects all three of them. These dropouts vary in length from a few minutes to tens of minutes. During them, the devices indicate that they remain connected but have no internet. Often they specifically indicate a problem with DNS. Other devices on the network not connected through these cables are unaffected (these all tend to be WiFI). Running my own known-working cable to the TV fixed a persistent dropout tonight. I want to learn:
[link] [comments]  |
| Anyone have experience auditing with Nessus? Posted: 27 Nov 2018 12:29 PM PST So I'm working with my IA people to audit our Cisco equipment, and it's kind of a nightmare. Nessus seems fairly straightforward but most of the time it just won't grab any information from the switches. For instance, we have some Cisco 2901 routers with integrated switch controllers. They both have the same ACL. Nessus grabbed from like 5% of the routers but got like 70% of the switches. Other situations with 3750s we see a ton of traffic between from Nessus to the switches, but Nessus barely gets replies back. We're positive that the login is right, just local logins. Its the same audit file we're using between the same devices as well. It's almost like Nessus logs in and just doesn't do anything. Are there any tips from people with experience on this? Is there something we might be missing? We've played around a lot with Nessus settings to see, and even just gave it super simple scans to do and it returns with nothing. Thanks! [link] [comments]  |
| Net Eng or Sec Eng jobs in Austin, TX. How is the market? Posted: 27 Nov 2018 12:18 PM PST Anyone work out of Austin? Wondering what the job market is like? I have only heard good things about developer jobs. [link] [comments]  |
| Verify optical value on Cisco 4500? Posted: 27 Nov 2018 07:59 AM PST Hi, I need to check the optical value from the below interface and I can't see the specific "GE" Interface from this Cisco 4500 series. Is there any other command?
Thanks [link] [comments]  |
| MRTG log file to total bytes transfered Posted: 27 Nov 2018 11:10 AM PST I have some MRTG log files and I'm trying to evaluate how much in total bytes daily traffic is going through and interface. I remember seeing a graph on the OpenWRT firmware and the Edgerouter X has something similar. Is there a way to convert or extract this info from the MRTG files? [link] [comments]  |
| Posted: 27 Nov 2018 11:02 AM PST I have a collection of work-from-home and mobile users who are going to need to move to a hardware VPN solution. Most of these users are highly technical and familiar with VM operation. We have decided to issue Supermicro Sys E300 D systems as hypervisor platforms to be issued to "Road warriors" or work-from-home types, as it's a platform that is able to run hyper-V, VMWare, CentOS with KVM, or anything else, it has 6x 1G network adapters, and 2x 10G network adapters. Anyway, we are looking for suggestions on virtual machine instances to run as a "remotely managed NAT/SoHo router". Free is nice, but not a requirement. Required features:
I think what I'm looking for is... [you know what, i'm not going to say what I think I want, because I want to ask for unbiased opinions. I'll update this later with what I (thought) i wanted.] The solution should be able to run "well" on 8GB of ram, 5GB of SSD. Edit: Update: so, PA-VM-50 is what I was leaning towards. To answer some of the questions: This isn't over-engineered; this is for sales teams doing trade shows or working from home, selling a software solution. The platform provided is enough ram to run dozens of instances of the complete set of VMs required, in different licensing configurations or demo configurations, in parallel, so the sales teams can simply change browser tabs to change instance. Running this all in a centralized datacenter or azure/google/aws isn't viable as the sales teams can't rely on outside connectivity for their presentations to work; so, we build them a VMWare deployment, clone a set of ~ 30 VMs onto the deployment, and now they have 10 complete "web server, database server, application server" sets on 1 box that they can pack into a backpack and take to a trade show or presentation. With them having this box, i think it makes more sense to turn their NAT/Router into another VM so we simply clone 31 VMs instead of 30, and maybe add a WiFi adapter to the box so it can serve as an access point as well. then the sales teams can plug in 1 cable to "public internet", 1-5 cables to local laptops, and they have a complete solution in a box that they can carry around in under 4 pounds and 1/4 the size of a pizza box. [link] [comments]  |
| Posted: 27 Nov 2018 11:01 AM PST Posted this last night but it was shut down because I edited a word and somehow all the HTML got into the text. Also added a TLDR at the suggestion of the mod. TLDR: Would there be any negative ramifications of static IP addressing a bunch of devices just under the 169.254.0.1 - 169.254.255.254 self addressing IP range, but leaving the subnet open to include those devices? For instance static the devices in the range of 169.253.254.0 - 169.253.255.254 with a subnet mask of 255.252.0.0, or even better (I just learned about this through some googling so forgive me if I'm misunderstanding it's use) a wildcard mask of 0.3.255.255. Greetings good people of /r/networking! This is going to be a long one, so thanks in advance for anyone willing to read the whole thing and give me some advice, it is much appreciated. I am the self-proclaimed audio networking systems admin of a medium sized A/V company. We have around 120 devices which operate using Dante, which is an audio over IP protocol. I have no formal training in networking, but have been educating myself over the past few years as it's very clear that the technology is here to stay. I'm about to do some network restructuring and wanted to ask the advice of people who are better educated than me so that I can make this process as efficient as possible. If at any point it's clear that I'm not understanding something correctly please feel free to correct me since, like I said, I'm self taught. The first thing to understand is that as of now all of these devices operate on a closed network, as in not connected to the internet or to any existing infrastructure. This is a traveling system that gets set up and broken down all the time, and does not typically need to interface with anything outside the network. All devices are hard wired and static IP addressed, except for a few control iPads and computers which get DHCP from a wireless router. The reason for the restructuring is that the manner in which I have set the static IP addresses and subnets sometimes causes issues when simultaneously connected via CAT5 to our audio network and to the internet over wifi, and that I would like to add the ability to add internet to this network because wifi can be spotty in some of the areas where we work and our technicians sometimes require internet access. In my infinite wisdom as someone who had no idea how IP addresses and subnets worked, I came up with a terrible IP addressing scheme of 10.Dept(Audio,Video,Lighting).Type of Device (Console,Stagebox,Microphones,etc).Device Number. Seemed like a great way to keep things organized (there are currently no lighting or video devices on the network, I was just planning for future expansion). So now I have roughly 120 audio devices with IP addresses from 10.1.0.1 - 10.2.6.6 (some devices require that the Dante address and control address be in a different subnet). Almost all of the subnet masks are 255.255.0.0, except for the control computers which need to talk to both Dante and control addresses so their subnet masks are 255.0.0.0 (I know, I know). Everything works great, the hard wired (or DHCP'd) control computers can access all of the device's controls from their respective applications on a single machine and all is right and harmonious in the world. This is until you have a hard wired computer that you'd like to connect to the internet via wifi, and you get dealt a 10.anything IP address. When that happens it can (not always but sometimes) send the whole network haywire. I've done quite a bit of reading about this, and the best of my understanding is that because the control computer's subnet mask is 255.0.0.0, it thinks that any address beginning with 10. is a local address, and it gets confused about which NIC to send data through (I'm a little cloudy on if that's exactly what's happening, but I think that's the gist of it...yeah?). I'm assuming if this happens now then the whole thing would become a real mess if I were to plug an internet line into the internet port on wireless router and let it into the whole system. So I'm pretty sure the best thing to do is drastically reduce the size of my subnet so that I can tighten the masks up and greatly reduce the chances of getting a DHCP wifi address that falls inside it. Most of the places we work are big hotels and convention centers with many devices necessitating the 10. range of private IP addresses. If I moved into the 192. range I could almost entirely eliminate the possibility of this ever happening. But here's a monkey wrench... We often need to rent supplemental pieces of Dante gear which are not static IP addressed and left in the mode that they will self-assign an IP address or, if available, take DHCP. I was going to just set our wireless routers to distribute DHCP addresses at the end of wherever our IP addresses stop. Those rental pieces will happily accept the DHCP and everything will work just fine. But then I got to thinking, our techs all carry our own wireless routers in our tech kits. What if someone forgets theirs or some careless lighting guy knocks it down and breaks it. No DHCP. We use Cisco SG series switches which can be configured to be DHCP servers, but we have so many interchangeable pieces that we could not come up with a way to ensure that there would always be only one DHCP server in whatever system is made out of said pieces. Since not everyone is as savvy with these things we try to make everything as "plug it in and go" as possible, so we don't want to have people getting into switches and enabling/disabling DHCP on show sites, hence we came up with the "everyone carries their own wireless router" policy, which has worked well. What I'm wondering is, what if I made all of the static IP addresses fall right under the 169.254.xxx.xxx range of IP addresses and opened up the subnet so that all of those self assigning IP addresses fall inside of it? For instance if I started our static IP addresses in the range of 169.253.254.0 -169.253.255.254 with a subnet of 255.252.0.0? And set the DHCP server to give out addresses between 169.253.255.200 - 169.253.255.254. I read somewhere that the rest of the 169 addresses were old government addresses that are not in use anymore, not that it matters if we're just running on a closed network, but if we do get the internet going on here will any of that cause me problems? I've been racking my brain over this stuff for weeks now, so if anyone has any insight into whether some or any of this will work the way I want it to please share. Or if this is a common type thing people you guys deal with in a completely different way please point me in the right direction. I feel like I'm on the right track, I'm just trying to avoid having to completely restructure everything again a year down the road. Thanks again to anyone who's read all of that and is willing to lend your expertise. [link] [comments]  |
| Fortinet Fortigate 61E not logging even if all available logs options are active Posted: 27 Nov 2018 01:49 AM PST Hi, i'm working on a Fortigate 61E, and even if the disk is 99.9% empty and all the options for local logging (via GUI) are active, It does not log anyway, it only lets me see the "live monitoring" logs but the hardware events and all the rest no ... I do not know how to proceed, could you help me? Thank you so much [link] [comments]  |
| Are Cisco 3560G and 2960G fans swappable? Posted: 27 Nov 2018 03:46 AM PST I have a Cisco 3560G switch that is faulty. I do have some spare 2960G's available. Are the fans swappable? I dont have a 3560G to check out currently. [link] [comments]  |
| Fax: Any XMedius users know an effective way of blocking spam/junk faxes? Posted: 27 Nov 2018 07:59 AM PST I work in an educational environment where I inherited the XMedius system from a previous employee. As the fax admin, I deal with junk faxes daily for several hundred users. My predecessor has a system set up where we had a junk email address created and created incoming routing rules for any junk faxes with custom ANI or CSIDs. This has been working for the most part, but my issue is that I now have nearly 40 direct routing rules all for junk faxes, and they're clogging up my routing table. And to make matters worse, the junk faxes are getting more clever, using randomized characters in the CSIDs like "Œ€CôÛV" (the characters don't even translate to copy/paste here). Even if I were to construct a routing rule for that, the next junk fax would use a different set of randomized characters. I've searched through the XMedius administration guide, and the closest thing I could find was using OCR as a filtering tool to route faxes that contain "keywords". But again, it's just something that clogs the routing table, and blocking a fax based on keywords alone is risky since we deal with medical, financial aid, enrollment, police reporting, etc. The differing areas that use XMedius might occasionally use a forbidden keyword, so I can't really rely on that. In my searches, I saw that FaxTalk advertised a feature for filtering spam/junk faxes. It's such a huge problem, I'm surprised that XMedius doesn't feature the same function. So this leads me here to the networking subreddit. I would like to improve the efficiency of spam fax filtering, but I'm limited to the XMedius platform. Aside from having to create dozens of direct routing rules, does anyone have any advice or even possible solutions to install a more effective filter? Any help would be greatly appreciated. [link] [comments]  |
| How to clean up cables in a warehouse? Posted: 27 Nov 2018 09:59 AM PST I just became the "New IT guy" at my current job. One of my projects is to find, and pull out all of the old cat5 cabling in the building. Of course, there are hundreds of feet of cable running along the rafters, through walls, in the ceiling. Is my best bet just to get up there with a cable tester, and start trying to pull out any cables that aren't running? They have had a large number of hands in this building and network, and not a lot of documentation. Is there any simpler way for me to do this? [link] [comments]  |
| Posted: 26 Nov 2018 06:36 PM PST I'm in the process of onboarding a larger customer, and they have some really complex network requirements as far as scalability goes. They are a condo building, and for now just want network access for the management company/ HOA that is condensed to a few floors. There will still be guest access for the residents, but that will be limited and will only be supported on those floors. The kicker is at some point they may want wifi throughout the entire building, and that is over a thousand residents. I'm thinking the best way to go about this and to stay within their budget is to start with a good core switch, and a lower end firewall and if at some point they want to provide that kind of service to their residents we can address it at a later point. Usually for smaller businesses I go with ubiquiti or Juniper, however based on some research I've been doing I think Fortinet would be a good choice for the firewall. For the switch I was thinking about starting with one Juniper EX4300 in the wiring closet and putting Ubiquiti EdgeSwitch 24 port switches with POE on all of the floors that need access. If they decide to do whole building wifi later on, I think it would make sense to get a second EX4300 and place it either on the top floor or in the middle of the building. At that point I would want to put EX3400s or maybe even just EX2300s on all of the floors and have them connected to one of the 4300s. This would be necessary because there is limited conduit space. The building is a concrete shell and has thick interior walls, so each floor would have around 8 access points. I know doing a network like this sounds unreasonable, but the isp charges individual residents a fortune and has a monopoly in this area. They already provide a TV antenna that all of the residents have wired into their units, so it would make cord cutting easy for most people. What do you guys think about this plan? I think it would work, and it would come in under budget and would make it fairly easy to grow if there is a need later on. [link] [comments]  |
| What is the difference between Networking and Telecommunications? Posted: 26 Nov 2018 07:34 PM PST I'm having a hard time clearly examining the difference between the two. All I can find online is that networking is basically how computers can be physically linked to share data and telecommunications is communication and the exchange of information over a distance by electronic means [link] [comments]  |
| You are subscribed to email updates from Enterprise Networking news, blogs and discussion.. To stop receiving these emails, you may unsubscribe now. | Email delivery powered by Google |
| Google, 1600 Amphitheatre Parkway, Mountain View, CA 94043, United States | |
No comments:
Post a Comment