Rant Wednesday! Networking

---

• Rant Wednesday!
• Do you have per-function loopback interfaces on your routers? Why (not)?
• What is everyone using for console OOB management?
• distributing gateway over two sites
• There is a free/Open source RF planner?
• RANCID with aruba switches
• Fiberstore switches. Thoughts?
• Aggregated routes into OSPF
• Cisco vs Arista for a core switch
• AWS WAF Capability
• Routing on LAN Base/Network Essentials
• Vendor Alternative to Cisco for BGP?
• Color code for cables
• DHCP from another vlan going to computers
• Hoping to get a little help or insight on a port forwarding / opening problem with a Fortigate 600d
• Nexus 5k MGMT interface question
• Are there any standards (ANSI, EIA, etc.) that disallow using LAN rooms as thoroughfare?
• Cisco IP phones 7821 on CUCM 8.6.2
• Method to automatically tagging vlans between Extreme Network switches and VMware ESXI
• Yang tools
• Cisco 3560X LAN base licensing and RTU upgrade options
• Router for a LAN party?
• SFP failure? how common?

Rant Wednesday! Posted: 05 Feb 2019 04:04 PM PST It's Wednesday! Time to get that crap that's been bugging you off your chest! In the interests of spicing things up a bit around here, we're going to try out a Rant Wednesday thread for you all to vent your frustrations. Feel free to vent about vendors, co-workers, price of scotch or anything else network related. There is no guiding question to help stir up some rage-feels, feel free to fire at will, ranting about anything and everything that's been pissing you off or getting on your nerves! submitted by /u/AutoModerator [link] [comments]

Do you have per-function loopback interfaces on your routers? Why (not)? Posted: 05 Feb 2019 06:06 AM PST In some customer environments I've come across routers with lots of loopback interfaces: One for the IGP's RID One for in-band management One for MSDP peering One for sourcing NTP client traffic One for iBGP peering etc... This CL slide shows a modest example of the phenomenon. What's the advantage of doing things this way? I generally create an additional loopback interface when it's really required: a new VRF that doesn't have a loopback, but could benefit from it a service that's known by IP and which I might want to move later (like an NTP server or GRE endpoint.) an instance of an anycast service (these flat-out can't overlap with a unique-per router address.) I'm guessing there's a philosophy here that I'm missing out on. Enlighten me? submitted by /u/kWV0XhdO [link] [comments]

What is everyone using for console OOB management? Posted: 05 Feb 2019 12:22 PM PST Right now our aging console OOB devices are being accessed via POTS. Also our console OOB devices have no central management for configuration. I have roughly 5 co-lo data center sites and 50 local offices. I'm looking at solutions to replace this infrastructure. Centralized management is a must and I would like to look at cellular access options as well. What is everyone else using or planning on implementing? submitted by /u/pluresutilitates [link] [comments]

distributing gateway over two sites Posted: 05 Feb 2019 12:29 PM PST Hi, If you are familiar with Cisco ACI or VMware NSX, you know that if you have stretched a vlan over two sites (with vxlan), the default gateway of this subnet is distributed on all leafs (ACI) or all hosts (NSX). So the servers in site A use the gateway of site A and same thing with site B. Now I have this client who want to stretch a vlan over two sites with vxlan and EVPN with Nexus 9000. No ACI or NSX, he wants to do hardware VTEP interfaces in NX-OS. Now, how do you distribute the default gateway over these two sites without ACI/NSX ? If you do HSRP over two sites, only one will be active (no vpc), so it's not good. GLBP load balance between routers but you can't specify that site A uses router 1 only and site B uses router 2 only. So I'm looking for a way to have a subnet stretched over two sites with default gateway being on these two sites simultaneously so that server don't have to cross the WAN to be routed. Like NSX and ACI can do but without them. BTW, the WAN links between sites are low latency (less then 2 ms). any idea to make this possible ? thanks submitted by /u/Dentifrice [link] [comments]

There is a free/Open source RF planner? Posted: 05 Feb 2019 11:58 AM PST Does this exist? Or at least a cheap one(below 150 dollars) submitted by /u/marcoslug [link] [comments]

RANCID with aruba switches Posted: 05 Feb 2019 03:17 AM PST Hello there, I have rancid running to backup quite alot of switches; and its working fine so far, but i have installed a new 2 switches recently with aruba's new firmware YA.16.04.0008 , the switches are Aruba 2530 with PoE+ and rancid is not working on them, the log i am getting on rancid id the following: couldn't compile regular expression pattern: invalid character range while executing "expect -re $prompt {}" ("foreach" body line 163) invoked from within "foreach router [lrange $argv $i end] { set router [string tolower $router] send_user "$router\n" # device timeout set timeout [find t..." (file "/usr/lib/rancid/bin/hlogin" line 666) wadi-rum-gate-jes-2-hp-switch: missed cmd(s): all commands any advice regarding this ? ​ submitted by /u/max-rh [link] [comments]

Fiberstore switches. Thoughts? Posted: 05 Feb 2019 01:16 PM PST Hey all, ​ Looking to see if any of you have experience with fiberstore switches. Im looking for a cheap ToR switch with 40GB QSFP+ ports and they seem to have some pretty cost effective ones. Do you guys have any input? submitted by /u/mexicans_gotonboots [link] [comments]

Aggregated routes into OSPF Posted: 05 Feb 2019 12:52 PM PST Aloha, I ran into a issue at work, and labbed it to see where is the error. Router 1 and Router 2 are sending BGP aggregated routes into Router 3 Router 1 is sending 10.200.10.0/24 Router 2 is sending 10.200.20.0/24 Router 3 redistributes all BGP routes into Router 4 via OSPF Router 4 receives the aggregated routes via OSPF and redistributes into Router 5 via BGP However I do not see the routes being sent out to router 5 using soft-configuration from R4 and I obviously do not see Router 5 receiving the aggregated routes via the soft-configuration command from R4 I can ping everything behind Router 1 and Router 2 from Router 4, however, can't ping from R5 to R1 or R2 Is this a bug on GNS3? The configuration looks good to me. I think there is an issue redistributing BGP sourced aggregated routes into OSPF? Because when I remove the redistribution from R4 to R5, R5 looses all its redistrubuted learned routes from R4. So this indicates that redistribution seems to be working correctly. Seems like only the aggregated routes is not being redistributed. R4 routing configuration: router ospf 100 log-adjacency-changes redistribute bgp 80 subnets passive-interface default no passive-interface GigabitEthernet0/0 network 10.200.70.0 0.0.0.3 area 0 network 10.200.80.10 0.0.0.0 area 0 network 10.200.80.20 0.0.0.0 area 0 router bgp 80 no synchronization bgp log-neighbor-changes network 10.200.80.30 mask 255.255.255.255 network 172.17.1.0 mask 255.255.255.252 redistribute ospf 100 neighbor 172.17.1.255 remote-as 100 neighbor 172.17.1.255 description ASB-EDGE neighbor 172.17.1.255 ebgp-multihop 2 neighbor 172.17.1.255 soft-reconfiguration inbound no auto-summary Router 4 ip route table 172.17.0.0/16 is variably subnetted, 7 subnets, 2 masks S 172.17.1.255/32 [1/0] via 172.17.1.2 B 172.17.1.40/32 [20/0] via 172.17.1.255, 00:30:59 B 172.17.1.30/32 [20/0] via 172.17.1.255, 00:30:59 B 172.17.1.20/32 [20/0] via 172.17.1.255, 00:30:59 B 172.17.1.10/32 [20/0] via 172.17.1.255, 00:30:59 C 172.17.1.0/30 is directly connected, GigabitEthernet1/0 B 172.17.2.0/30 [20/0] via 172.17.1.255, 00:30:59 10.0.0.0/8 is variably subnetted, 16 subnets, 3 masks C 10.200.70.0/30 is directly connected, GigabitEthernet0/0 C 10.200.80.20/32 is directly connected, Loopback20 C 10.200.80.30/32 is directly connected, Loopback30 C 10.200.80.10/32 is directly connected, Loopback10 O E2 10.200.50.70/32 [110/1] via 10.200.70.2, 00:31:25, GigabitEthernet0/0 O 10.200.50.50/32 [110/3] via 10.200.70.2, 00:31:25, GigabitEthernet0/0 O E2 10.200.10.0/30 [110/1] via 10.200.70.2, 00:31:25, GigabitEthernet0/0 O E2 10.200.10.0/24 [110/1] via 10.200.70.2, 00:31:25, GigabitEthernet0/0 O 10.200.60.40/32 [110/2] via 10.200.70.2, 00:31:25, GigabitEthernet0/0 O E2 10.200.20.0/30 [110/1] via 10.200.70.2, 00:31:25, GigabitEthernet0/0 O E2 10.200.20.0/24 [110/1] via 10.200.70.2, 00:31:25, GigabitEthernet0/0 O 10.200.60.30/32 [110/2] via 10.200.70.2, 00:31:25, GigabitEthernet0/0 O 10.200.60.20/32 [110/2] via 10.200.70.2, 00:31:25, GigabitEthernet0/0 O 10.200.50.0/30 [110/2] via 10.200.70.2, 00:31:25, GigabitEthernet0/0 O 10.200.60.10/32 [110/2] via 10.200.70.2, 00:31:25, GigabitEthernet0/0 O 10.200.60.0/30 [110/2] via 10.200.70.2, 00:31:25, GigabitEthernet0/0 Router 4 BGP table Network Next Hop Metric LocPrf Weight Path *> 10.200.50.0/30 10.200.70.2 2 32768 ? *> 10.200.50.50/32 10.200.70.2 3 32768 ? *> 10.200.60.0/30 10.200.70.2 2 32768 ? *> 10.200.60.10/32 10.200.70.2 2 32768 ? *> 10.200.60.20/32 10.200.70.2 2 32768 ? *> 10.200.60.30/32 10.200.70.2 2 32768 ? *> 10.200.60.40/32 10.200.70.2 2 32768 ? *> 10.200.70.0/30 0.0.0.0 0 32768 ? *> 10.200.80.10/32 0.0.0.0 0 32768 ? *> 10.200.80.20/32 0.0.0.0 0 32768 ? *> 10.200.80.30/32 0.0.0.0 0 32768 i *> 172.17.1.0/30 0.0.0.0 0 32768 i *> 172.17.1.10/32 172.17.1.255 0 0 100 ? *> 172.17.1.20/32 172.17.1.255 0 0 100 ? *> 172.17.1.30/32 172.17.1.255 0 0 100 i *> 172.17.1.40/32 172.17.1.255 0 0 100 i *> 172.17.2.0/30 172.17.1.255 0 0 100 ? Router 5 routing configuration: router bgp 100 no synchronization bgp log-neighbor-changes network 172.17.1.0 mask 255.255.255.255 network 172.17.1.30 mask 255.255.255.255 network 172.17.1.40 mask 255.255.255.255 redistribute eigrp 200 neighbor 172.17.1.1 remote-as 80 neighbor 172.17.1.1 description HT-ASB-PE neighbor 172.17.1.1 soft-reconfiguration inbound no auto-summary Router 5 routing table Gateway of last resort is not set 172.17.0.0/16 is variably subnetted, 7 subnets, 2 masks C 172.17.1.255/32 is directly connected, Loopback100 C 172.17.1.40/32 is directly connected, Loopback40 C 172.17.1.30/32 is directly connected, Loopback30 C 172.17.1.20/32 is directly connected, Loopback20 C 172.17.1.10/32 is directly connected, Loopback10 C 172.17.1.0/30 is directly connected, FastEthernet0/0 C 172.17.2.0/30 is directly connected, FastEthernet0/1 10.0.0.0/8 is variably subnetted, 11 subnets, 2 masks B 10.200.70.0/30 [20/0] via 172.17.1.1, 00:11:22 B 10.200.80.20/32 [20/0] via 172.17.1.1, 00:11:22 B 10.200.80.30/32 [20/0] via 172.17.1.1, 00:26:34 B 10.200.80.10/32 [20/0] via 172.17.1.1, 00:11:22 B 10.200.50.50/32 [20/3] via 172.17.1.1, 00:11:22 B 10.200.60.40/32 [20/2] via 172.17.1.1, 00:11:22 B 10.200.60.30/32 [20/2] via 172.17.1.1, 00:11:22 B 10.200.60.20/32 [20/2] via 172.17.1.1, 00:11:22 B 10.200.50.0/30 [20/2] via 172.17.1.1, 00:11:22 B 10.200.60.10/32 [20/2] via 172.17.1.1, 00:11:22 B 10.200.60.0/30 [20/2] via 172.17.1.1, 00:11:22 Router 5 BGP table Network Next Hop Metric LocPrf Weight Path *> 10.200.50.0/30 172.17.1.1 2 0 80 ? *> 10.200.50.50/32 172.17.1.1 3 0 80 ? *> 10.200.60.0/30 172.17.1.1 2 0 80 ? *> 10.200.60.10/32 172.17.1.1 2 0 80 ? *> 10.200.60.20/32 172.17.1.1 2 0 80 ? *> 10.200.60.30/32 172.17.1.1 2 0 80 ? *> 10.200.60.40/32 172.17.1.1 2 0 80 ? *> 10.200.70.0/30 172.17.1.1 0 0 80 ? *> 10.200.80.10/32 172.17.1.1 0 0 80 ? *> 10.200.80.20/32 172.17.1.1 0 0 80 ? *> 10.200.80.30/32 172.17.1.1 0 0 80 i r> 172.17.1.0/30 172.17.1.1 0 0 80 i *> 172.17.1.10/32 0.0.0.0 0 32768 ? *> 172.17.1.20/32 0.0.0.0 0 32768 ? *> 172.17.1.30/32 0.0.0.0 0 32768 i *> 172.17.1.40/32 0.0.0.0 0 32768 i *> 172.17.2.0/30 0.0.0.0 0 32768 ? submitted by /u/G331234512345 [link] [comments]

Cisco vs Arista for a core switch Posted: 05 Feb 2019 09:06 AM PST Wondering what peoples experiences are with going Arista over Cisco for a core switching infrastructure. We're almost exclusively a Cisco shop (route/switch/firewall/collab). I've been introducing alternate technologies very slowly and have decided to take a hard look at Arista for this next upgrade/migration/restructure. Main requirement is 10Gb port density for our main office and 40Gb for site interconnect to our DR facility. Right now I'm comparing between the 7050SX-64 (48x SFP+ and 4x QSFP+) and a C9500-40X-A (40x SFP+ and 2x QSFP+). Qty 2 for whichever is the winner. submitted by /u/yankmywire [link] [comments]

AWS WAF Capability Posted: 05 Feb 2019 07:53 AM PST Does anyone have a link that provides an overview of the AWS WAF capability and how it compares to the other options (virtual Fortinet, Cisco, etc)? I am just finding basic descriptions of the AWS Web Application Firewall and not detailed capability document. submitted by /u/pedrotheterror [link] [comments]

Routing on LAN Base/Network Essentials Posted: 05 Feb 2019 04:20 AM PST Anybody do routing, specifically OSPF, on their Cisco switches with just the LAN Base or Network Essentials license. I saw on a slide that OSPF is limited to 1000 routes, but is that the only limitation. If you do routing with the "L2" license on your network, have you encountered any gotchas or other limitations? submitted by /u/passw0rd_ [link] [comments]

Vendor Alternative to Cisco for BGP? Posted: 05 Feb 2019 04:59 AM PST Hi all, just being searching about an alternative vendor/way to Cisco in order to manage BGP traffic (we own 1 AS). As everyone keeps suggesting Cisco, i would like to know if we can "escape" vendor lock and go for a custom server/other vendor appliance. Any real life experience based suggestion would be really appreciated. Thanks. P.S. As a senior linux sysadmin, i would incline to build a linux box or vm fir that. Advisable in terms of performance? submitted by /u/linuxgfx [link] [comments]

Color code for cables Posted: 05 Feb 2019 02:44 PM PST Hello I have a question. Does any one of you have a color concept for network cables? There is a non standard that phone cables are green bur not much more. I am curious if any of you have a concept or do you just take what you can get? Thanks a lot submitted by /u/DaBa87 [link] [comments]

DHCP from another vlan going to computers Posted: 05 Feb 2019 02:38 PM PST Hi guys, ​ I have a 48 port switch that has port 48 going to a DHCP agent (router) with 3 vlans, 2,10,20. I then have an access point that is directly connected to port 47 and it gets IP from 48. I then have a switch connected to all my computers and a DHCP server on port 1 (vlan 1). ​ Vlan membership is as follows: ​ 1: Untagged 1-48 2: forbidden 1-46, tagged 47,48 10: forbidden 1-46, tagged 47,48 20: forbidden 1-46, tagged 47,48 ​ For some reason the DHCP server from 48 is taking over and assigning addresses to the computers through port 1. ​ I'm not sure what I'm missing here? Any help would be appreciated! ​ submitted by /u/Lego_Addict16 [link] [comments]

Hoping to get a little help or insight on a port forwarding / opening problem with a Fortigate 600d Posted: 05 Feb 2019 02:34 PM PST I have have a Fortigate 600D in my environment and it is working like a champ. I have a product that we will use to manage our visitors and it requires port TCP 5900 and UDP 161 to be open. I have following the Fortigate Cookbook instructions to create a port forward and tried to open the port by creating a service and adding that to the IPv4 Policy. I am not able to get this to work and I would appreciate any help or insight anyone can give. submitted by /u/fragmonk3y [link] [comments]

Nexus 5k MGMT interface question Posted: 05 Feb 2019 01:47 PM PST I came upon a site that has three nexus switches; two within a vPC pair, and the other only connected to one in the pair. They said it was a limitation of their fiber availibility. Anyway, I notice that their MGMT0 interfaces are within the same network as their vlan used to route traffic. Such as; Each switch is basically setup in this fashion only different IPs for each interface, but all within the same subnet. int MGMT 0 ip address 192.168.2.25 255.255.255.0 inter vlan 4 ip address 192.168.2.26 255.255.255.0 The "show ip route" shows everything being routed over the 192.168.2.26 back to the layer 3 core. Would this type of setup cause any issues? I don't see any broadcast storm indications on the "show interface" commands. No links flapping. It just seems strange. Their NTP, and SNMP traffic goes over the MGMT0 interface. submitted by /u/network-throwaway049 [link] [comments]

Are there any standards (ANSI, EIA, etc.) that disallow using LAN rooms as thoroughfare? Posted: 05 Feb 2019 06:08 AM PST the architects on a new building wants to use the LAN room as a thoroughfare to access the main electrical room. This basically means that the room will be accessible to electricians and maintenance staff that really have no business being in there. Also, there may be something in the code that says the electrical room needs to be accessible from a public corridor (vs. the LAN room) but I'm not sure of that one. ​ any help? ​ submitted by /u/SmackEh [link] [comments]

Cisco IP phones 7821 on CUCM 8.6.2 Posted: 05 Feb 2019 03:42 AM PST Hello guys, In our office we purchashed new IP Phones just for a hardware renewal (from time to time). The thing is that i got an issue when registering these 7821 model. The template wasn't present, so i guess that a new pack device should be installed in my CUCM. ​ Exactly, the CUCM version we have is the 8.6.2.21900-5 ​ The latest device pack i obtained is cmterm-devicepack8.6.2.26169-1.cop.sgn This device pack does not have the latest firmware of 78XX phone, so after installing the device pack I should upload the latest firmware cmterm-78xx.11-7-1-17.k3.cop.sgn of the 78XX phones on the call manager as well . ​ It will work fine with my current firmware version 8.6.2? I'm kinda scared if i need to proceed with a full firmware upgrade to the Call Manager... ​ Thank you for clarify my doubts. submitted by /u/Elxa_Dhal [link] [comments]

Method to automatically tagging vlans between Extreme Network switches and VMware ESXI Posted: 05 Feb 2019 07:27 AM PST Hello, Looking for a method to automatically read and tag vlans from neighbor Vmware ESXI in a dynamic environment with extreme network switches. Plan: EN switch periodically reads the vlans from esxi --> add these tags automatically to the port. Would appreciate any ideas and any workarounds that could be used. ​ submitted by /u/lvfr [link] [comments]

Yang tools Posted: 05 Feb 2019 09:03 AM PST Hey All, Back in 2017 at one of the IETF hackathons there was a tool mentioned named Yang Suite. It was said that it would be the successor of the YANG Explorer tool (while this tool is good, it has some problems). So i was just wondering if anybody knows if anything ever became of the Yang Suite tool? I was only able to find it mentioned once which was the original hackathon it was published in. A link to the article is below. ​ https://www.ietf.org/blog/yang-catalog-latest-developments-ietf-100-hackathon/ submitted by /u/Fallenarc [link] [comments]

Cisco 3560X LAN base licensing and RTU upgrade options Posted: 05 Feb 2019 07:49 AM PST Hey Guys, Was hoping you guys could help answer some of my questions. I've scavenged the web for answers but couldn't find any concrete answers to my questions. So here's my situation, I recently bought a 3560X-48P-L for my homelab without much thought about licensing (I know right). Once I started playing around with the switch I then realized I could NOT enable the "ip routing command". I then found out that the switch model I bought only comes with LAN base licensing meaning it's essentially a layer 2 switch with NO routing capabilities. I understand that Cisco has this new RTU (right to use) licensing model with IOS 15 but I am having a hard time understanding all the the technical jargon. I've read a few posts like this but it's all still very confusing: https://www.reddit.com/r/networking/comments/95dbrh/where_can_i_find_a_license_for_ip_services_cisco/ ​ So here are my questions if you guys could please help address them: I tried flashing the IOS from 12.4 to 15.2.4E7 using this universal image https://software.cisco.com/download/home/282979301/type/280805680/release/15.2.4E7?i=!pp . After the upgrade, the switch now boots up really weird and I get all these weird characters. It's almost like it's continually re-flashing the IOS image every time it boots up. The strangest part about all of this is that I can now use the "ip routing" command once it fully boots up and all my previous configurations (before the upgrade) are still the same. However, I can no longer run the "show flash" command. Which makes absolutely no sense. I'm afraid I may have bricked the switch. Can anyone confirm if this is common when flashing the IOS or am I using the wrong image file? If I activate the the evaluation license on my switch, will my license go from LAN base --> IP base and then from there be able to use RTU licensing permanently going forward? Am I better off returning the switch and buying one that comes with IP base or is there a work around here? ​ submitted by /u/Cr1ck3ty [link] [comments]

Router for a LAN party? Posted: 05 Feb 2019 04:57 AM PST Hello Reddit. I am looking for a router for a LAN party with 230 gamers. However I would like a solution that could grow with us and maybe support up to 800 gamers. The router I am looking at, at the moment is Mikrotik CCR1036-8G-2S+ ​ I need to be able to do the following: Setup QoS so that gaming is higher priority than web browsing for example. Be able to see live traffic stats, and see if someone is using too much bandwidth (maybe locally), so that I can ban their Mac address or perfectly limit their internet speed. Be able to limit internet speed for each user at for example 10 mbit (or the one above), but allow other users to share excess bandwidth and still follow Qos rules. So that no one is able to use up all the bandwidth. Use NAT-type: 2 (moderate) Enable UPnP ​ We have 1 IP address available from the ISP Is the Mikrotik router the right choice, or what would you recommend? I would prefer to use a GUI to manage everything. ​ Thank you very much for your help. submitted by /u/wowdancing [link] [comments]

SFP failure? how common? Posted: 05 Feb 2019 09:08 AM PST Hey r/networking recently had to replace an SFP that failed in which the manufacturer was back ordered. Relatively new at my current company wondering if this is a common occurrence? and if so what is your companies policy for keeping spares? submitted by /u/PortalGunnie [link] [comments]

You are subscribed to email updates from Enterprise Networking news, blogs and discussion.. To stop receiving these emails, you may unsubscribe now.	Email delivery powered by Google
Google, 1600 Amphitheatre Parkway, Mountain View, CA 94043, United States