Blogpost Friday! Networking |
- Blogpost Friday!
- F5 issuing TCP resets on high latency connection attempts
- Fluke Toner: Question from a sysadmin
- Cisco Nexus multilayer switches: Difference between checkpoints and exporting the running-config?
- SDWAN input for basic requirements
- Source locked port forwarding on Cisco asa 5506-x. What I’ve tried and hasn’t worked.
- Gigabit to Gigabit Per Second
- Nexus 5K with a DWDM SFP: ONS-SC+-10G-
- connecting server with 10Gbps CNA to tape with 8Gbps fiber Chanel
- Spec out large warehouse with 4 data rooms
- This might be a dumb question, but I need a double check.
- VPN Connection to AWS from Palo Alto
- Cat7 vs fiber for short distance 150ft max
- When can we say live stream buffering issues are based on viewer side - region/ISP congestion issues or whether buffering is due to local network issues?
- Cisco ASA 5505 died and I could use your help figuring out how we got the network back up.
- Route over IPSEC
- Looking for opinions on switch monitoring
- VPN client throughput limited by cpu resources?
- Palo Alto Perl Module
- Cisco ASA HA
- How do I build an automation test framework for a network device(load balancer, to be precise)?
- Copying a config from a Cisco Nexus 3000 switch
- Does anyone have a copy of the java device manager.exe for Nortel 5500 series switches?
- Sanity Check please - converting a clusterfudge regional SMB away from static routing
- Zero-Trust or Micro-Seg with PAN?
| Posted: 28 Mar 2019 05:04 PM PDT It's Read-only Friday! It is time to put your feet up, pour a nice dram and look through some of our member's new and shiny blog posts Feel free to submit your blog post and as well a nice description to this thread. [link] [comments]  |
| F5 issuing TCP resets on high latency connection attempts Posted: 29 Mar 2019 10:33 AM PDT I have a standard VS profile that is an LB for a pool of workers inside a Kubernetes ingress point. SSL terminations happen in K8S so this VS literally just listens on 443 and round robins to a pool of 5 workers. Test connections to a minio server inside K8S work fine from one source test Mikrotik but not the other. Both MTKs sit in the same test datacenter and follow the exact path across the WAN to the VS. The only difference between the two is that the failing (connection timing out) test modem sits behind a device that artificially adds latency to the connection to simulate satellite connectivity. TCP dumps on workers and F5 show the F5 is issuing TCP resets to this source host. I'm not familiar enough with F5s to know exactly what needs to be tweaked to make this VS more tolerant to high latency connections. No http profile applied to this VS. Any help would be appreciated. [link] [comments]  |
| Fluke Toner: Question from a sysadmin Posted: 29 Mar 2019 06:32 AM PDT Hi all. I have minimal network experience however I was recently hired to a new medium sized business and the first order of business is to re document the network. I understand the basics behind doing it, however I've never actually used a toner before. The main question I have is, using a Fluke Toner, if a cable is terminated, will the line still tone at the other end? So like if I stick the probe in a users jack, will I be able to tone the line out WITHOUT unplugging it from the patch panel? Or will I need to go behind the panel to the punch down block with my wand, and try to get tone off of that? There is 0 documentation of this network and it's a straight up mess so I'm trying to avoid unplugging anything at all costs, until I have it re documented. (after that, I'll be redoing the majority of it.) Any advice is much appreciated. This is my first week as a sysadmin after 5 years in IT, and while I acknowledge making mistakes is the best way to learn.... I'm not trying to drop the ball on simple documentation one week into the position lol [link] [comments]  |
| Cisco Nexus multilayer switches: Difference between checkpoints and exporting the running-config? Posted: 29 Mar 2019 10:18 AM PDT Cisco Nexus switches have a checkpoint feature that does not exist in CatOS and IOS to my knowledge... what's the difference between saving a checkpoint and exporting the running-config? When would I do one versus the other? Probably it's best both save a checkpoint, and export the running config before making any changes you would think? [link] [comments]  |
| SDWAN input for basic requirements Posted: 29 Mar 2019 10:30 AM PDT We have ~10 branches behind cookie-cutter Cisco ISRs on IPsec to our hub PA appliance. These are small offices of no more than 15 users with minimal traffic loads. Mostly HTTPS and SMB. I don't need to turn 4 commodity links into an MPLS-quality connection at each site. I don't need sub-second failover or WAN optimization (strictly speaking--I could probably benefit from it, but it's not a hard requirement). My main goal is to simplify deployment and management. Also interested in adding link failover/diversity (e.g., LTE) where it would be cost-effective. Anything else is nice-to-have but not required. I hear good things about Silverpeak and Cradlepoint, but I'm not sure if those represent deployments that need more features and horsepower than our use-case. Should I consider some vendors over others, given our requirements? [link] [comments]  |
| Source locked port forwarding on Cisco asa 5506-x. What I’ve tried and hasn’t worked. Posted: 29 Mar 2019 01:56 PM PDT Hi all, I have minimal experience with Cisco outside or reflashing APs and configuring them. Recently I landed a client and until we get them into a better firewall I have to administer their current one a Cisco asa-5506-x. It doesn't have adsm enable and I can't seem to find the image to enable it. Anyways, I've scoured the net trying to find out to do a port forward that source locks to our office. I'll list the players and someone can hopefully help I'm regards to how to make it work and I'll list what I've done. Our wan ip (not actual) 777.777.7.7 Their external IP 555.555.5.5 Internal server ip to RDP to 192.168.1.1 Desired external facing port 33891 Redirected port 3389 I've tried the following command with no luck Access-list inbound extended permit tcp host 777.777.7.7 host 555.555.5.5 eq 33891 Then I tried the following command in config mode and exec mode and got incorrect parameters with the highlight carrot Static (inside,outside) static (inside,outside) tcp interface 33891 192.168.1.1 3389 netmask 255.255.255 I entered that as a separate command and got the error. Is there anyone out there who can help? Thanks a million [link] [comments]  |
| Posted: 29 Mar 2019 07:23 AM PDT Can someone tell me how this conversion works? I was reviewing alarm thresholds set by our network admin in PRTG and I saw his calculation for Gigabit per second to Kilobit per second was strange. It began to make me question my understanding of data rate and network speed. He pointed me to this website http://endmemo.com/convert/data%20transfer.php and proved his point through this calculator. Of course, I still was not convinced since the conversion did not explain why/how it was calculated. The website's result for a ethernet (10Gb) are as follows: ethernet (gigabit): 10 gigabit/second (Gbps): 9.313226 kilobit/second (Kbps): 9,765,625 Please tell me im not crazy to think that a 10Gb circuit that our ISP is providing = 10Gbps = 10,000,000Kbps [link] [comments]  |
| Nexus 5K with a DWDM SFP: ONS-SC+-10G- Posted: 29 Mar 2019 06:44 AM PDT Hi guys, In our environment we need to connect two Nexus5k with our dark fiber link. We have these two DWDM SFPs ONS-SC+-10G fixed wavelengh (which means that each SFP already have it's wavelength assigned by default). My question is: For make this work, need i to put some special DWDM configuration on my Nexus interfaces or i just need to connect the fiber without any additional configuration? Thanks so much in advance! [link] [comments]  |
| connecting server with 10Gbps CNA to tape with 8Gbps fiber Chanel Posted: 29 Mar 2019 12:59 PM PDT can anyone tell me if this direct connection is supported. server has 10Gbps CNA network card and the tape drive supports up to 8Gbps fiber channel. Can i make a direct connection from server to tape drive using SFP+ transceivers in the server and OM1 or OM2 optical patch cable? [link] [comments]  |
| Spec out large warehouse with 4 data rooms Posted: 29 Mar 2019 08:56 AM PDT I am the sys admin for a company and we are in the process of building a large (200k sq/ft) warehouse. I am not a network admin but have been able to spec out and set up smaller sites in the past. This site is going to require 4 data rooms to cover the whole building. In addition it is remote to our main office so any on site visits would require airtravel. I am trying to plan this site to be as stable as possible and provide as much redundancy as possible. What are some best practices to use when building out such a large site? We are planning for HA pair firewalls but beyond that we don't have anything else set in stone. [link] [comments]  |
| This might be a dumb question, but I need a double check. Posted: 29 Mar 2019 02:37 PM PDT Say you have three separate layer 2 domains (Availability Zone 1, 2, and 3) with VLANs 0, 10, 20, and 30 in use on them. You have linux nodes in each domain tagging all packets, i.g. eth0 = VLAN 0, bond0 (eth1, eth2), and bond0.10, bond0.20, and bond0.30. The nodes in the three domains share the same IP address subnets, i.g. VLAN 0 = 10.0.0.0/24, VLAN 10 = 10.0.1.0/24, VLAN 20 = 10.0.2.0/24, and VLAN 30 = 10.0.3.0/24. 1) How do you send packets to one of the nodes in the other domain? Since they all share common subnets, how will Linux know to route packets through a gateway interface to the other domains? Furthermore, the ARP table for one domain won't have MAC addresses for IPs in the other domain... they won't share broadcast domains. So they can't talk to each other right? 2) If you are able to send packets to the nodes in the other domains, do the VLAN headers get stripped when they cross the gateway? If I understand things correctly, we need VPLS to connect the three separate layer 2 domains into a single broadcast domain. Yes? Are there other ways, i.g. GRE or MPLS tunnels?, to join these into a single broadcast domain? [link] [comments]  |
| VPN Connection to AWS from Palo Alto Posted: 29 Mar 2019 09:14 AM PDT Looking for help from someone who has successfully got a site-to-site working with a PA firewall to AWS. I have been trying to get this to work for the better part of the week and just cannot get it working. I can get the tunnel up but the traffic is not passing. I cannot ping the AWS server from corp network and from AWS cannot ping the corp network. [link] [comments]  |
| Cat7 vs fiber for short distance 150ft max Posted: 29 Mar 2019 08:10 AM PDT I have to setup/design networking for new building we are moving. The server room is on main floor and I have switching room and second floor. Our IT manager suggested we use fiber links between floors. I am thinking do we really need them? I mean what is the advantage? Emi for one but not much else right? The thing is that I have x amount for the whole project and why would I spend more money of fiber links, installation/termination services, finer modules etc when I can just do cat 7 with rj45 and use any switch I want. Everything is ethernet in the company, iscsi over ethernet for storage etc... I am missing something, I do not want to confront/suggest this to my manager if there is any other obvious advantage to fiber them not having emi interference... I am thinking straight? I am not core networking guy , more sys admin and being accidental networking guy [link] [comments]  |
| Posted: 29 Mar 2019 03:13 AM PDT Hi all, We recently held a live event where we experienced a lot of buffering on youtube and we're trying to understand where the issue came from. The situation was as follows: We were pushing 5 different streams (different languages) to Wowza cloud which was distributing to various destinations including Youtube. One point to note is our wowza settings were going to Akamai first so we could use Primary/Backup ingest setup (we came to later know that this "route" ads an extra step in the delivery that can cause latency/buffering). On one system (Imac 2017), the destination was our main Youtube channel, for a few hours things were generally OK, however at one point during the event we reached appx 60K concurrent viewers. This is the time when we started seeing from our side and viewers side lots of buffering. Unfortunately, at the exact same time, Youtube was giving us an internal 500 server error, which prohibited us from viewing our dashboard and stream health, but we did notice our Wowza stream health had lots of incoming/outgoing datarate fluctuations. The buffering issue wasnt the case on the other channels that we were streaming to. Because the buffering was so bad, we were constantly switching on/off our wirecast feed to resume the stream, where it would switch between Akamai's Primary and Backup. Strangely, once the archive video was processed, we didnt see much issue except for this switching between Primary & Backup. Once the concurrent views dropped back to appx. 5K, things again settled back down and we didnt have any more issues. So, we're wanting to understand a few things: • What could have been the root cause(s) for this issue? • Is this an issue from Encoder to Youtube or Youtube to User issue? Or both? (We had plenty of local bandwidth, but got buffering and "steam not available" message on our player) • Should we assume that everyone had buffering? We didnt specifically ask in comments if anyone was seeing the feed well, so we arent sure. • How do you avoid (and test) for something like this from happening in the future? [link] [comments]  |
| Cisco ASA 5505 died and I could use your help figuring out how we got the network back up. Posted: 29 Mar 2019 07:39 AM PDT This happened on Wednesday night and while everything is now back up and running, I'm going to have to explain why it took so long to restore and I genuinely don't have the answers. The network guy is on vacation, so I had to step in and help. I used to call myself a network person, but I left that role about 10 years ago. Anyway, here's what I know.
I have no idea why the VPNs were up and running before the outage if the IOS couldn't support AES256 or needed certificates. What's different between copy/pasting text files v. tftp? Why would this method of moving the configuration work but copy/paste wouldn't? Any insight would be greatly appreciated! [link] [comments]  |
| Posted: 29 Mar 2019 07:35 AM PDT Hi, See this diagram: https://imgur.com/0xaL42N I am not very good regarding IPSEC and routing between IPSEC. The goal here is to eliminate the two IPSEC tunnels going to 10.0.51.0 and the 10.0.0.0 networks directly from the .168 network. We want to go through the .101 network and be routed from there to 10.0.0.0. The tunnels are all up already, except the .168 talk directly to 10.0.51.0 and 10.0.0.0. I have not had any good experience with trying to route traffic over IPSEC that is coming from another IPSEC tunnel. You guys have any good ideas how? I have another idea to implement a IPVPN connection from .168 to .101 site instead. That way there will be no IPSEC to route over, just normal routing. Thoughs, opinions? [link] [comments]  |
| Looking for opinions on switch monitoring Posted: 29 Mar 2019 07:26 AM PDT I'm hitting the tail end of rolling out a bunch of new Cisco SG250s and integrating some 2960s at 15 or so sites. We've also rolled out wired 802.1x. I'm in the process of re-thinking my monitoring, which has pretty much consisted of a few SNMP traps and ping alarms. I was wondering if I could get opinions on what you folks are using. Basically I'm just looking to monitor changes on ports, unexpected MACs etc. We've had trouble with folks trying to plug in random junk in the past. I'm currently evaluating ManageEngine OpUtils and have also evaluated PRTG. I'm not a huge fan of PRTG's per-sensor licensing model and visual aspect. Oputils seems to be more what I'm looking for. However I'm just playing pretend network admin since my company doesn't have one yet. I'd be grateful for any more seasoned opinions. [link] [comments]  |
| VPN client throughput limited by cpu resources? Posted: 29 Mar 2019 06:27 AM PDT For months we've been having issues with Palo alto global protect chasing slow download speeds on end users laptops. I myself experienced the same - 400mb download off VPN at home, 200mb download on VPN at home. I had a new laptop yesterday - i7 8th Feb. Did a speedteest this morning and surprisingly my download speed off and on VPN was the same - 400mbps. As a test I limited my cpu state to 50% and I was able to recreate what I saw on my old laptop - 200mb on VPN and 400mb off VPN. Downclocking further saw even more exaggerated results. Is this a thing? Slow CPU causing slow client VPN performance? Kind of makes sense but I've never seen this behaviour before [link] [comments]  |
| Posted: 28 Mar 2019 06:53 PM PDT Hi all, I am currently working on a Perl module for the Palo Alto API. As it now has a reasonable amount of functionality and has been tested I think it's ready for public consumption. You can find it on metacpan or on github. I am fully aware that most people in the networking space are using Python rather than Perl, and frankly I am not interested in zealotry. What I have done however is write this module not only to be used in Perl scripts or modules, but to be used straight from the command line. The API replies can be in some unfriendly formats. I clean these up, place put them in modules, then allow the output of JSON representations of these straight to STDOUT. You can then use the `jq` command line utility to quickly search or transform these structured replies. This gist gives you an example of using the module from a bash shell to get the IPs and names of interfaces that are up. The username, password and URI of the firewall are read from environment variables if not specified: Feel free to reach out with any suggestions or queries. [link] [comments]  |
| Posted: 29 Mar 2019 06:24 AM PDT Hello, I am trying to create a new ASA cluster using cisco 2140 running ASA code. I can't seem to get the failover interface to come up. No blinky lights. I've tried placing a switch between them, nothing works. I have setup the asa config multiple ways as well. Any help is very much appreciated!! The ip addressing are placeholders and the config is somewhat scrubbed: ########################################## PRIMARY Unit: ########################################## Prod-Primary# show run : Saved : : Serial Number: JAD230709MC : Hardware: FPR-2140, 14852 MB RAM, CPU MIPS 1800 MHz, 1 CPU (16 cores) : ASA Version 9.8(2) ! hostname Prod-Primary domain-name omitted enable password ! license smart feature tier standard names ! interface Ethernet1/1 nameif outside security-level 0 ip address 10.63.147.21 255.255.255.0 standby 10.63.147.22 ! interface Ethernet1/2 nameif inside security-level 100 ip address 192.168.1.1 255.255.255.0 ! interface Ethernet1/3 shutdown no nameif no security-level no ip address ! interface Ethernet1/4 shutdown no nameif no security-level no ip address ! interface Ethernet1/5 shutdown no nameif no security-level no ip address ! interface Ethernet1/6 shutdown no nameif no security-level no ip address ! interface Ethernet1/7 shutdown no nameif no security-level no ip address ! interface Ethernet1/8 shutdown no nameif no security-level no ip address ! interface Ethernet1/9 shutdown no nameif no security-level no ip address ! interface Ethernet1/10 shutdown no nameif no security-level no ip address ! interface Ethernet1/11 description STATE Failover Interface ! interface Ethernet1/12 no nameif no security-level no ip address ! interface Ethernet1/13 no nameif no security-level no ip address ! interface Ethernet1/14 shutdown no nameif no security-level no ip address ! interface Ethernet1/15 shutdown no nameif no security-level no ip address ! interface Ethernet1/16 shutdown no nameif no security-level no ip address ! interface Management1/1 nameif management security-level 100 ip address 10.249.211.252 255.255.255.0 ! ftp mode passive dns domain-lookup outside dns domain-lookup management dns server-group DefaultDNS name-server 208.67.220.220 name-server 208.67.222.222 domain-name omitted object network obj_any pager lines 24 mtu outside 1500 mtu inside 1500 mtu management 1500 failover failover lan unit primary failover link State-link Ethernet1/11 failover interface ip State-link 192.168.252.1 255.255.255.0 standby 192.168.252.2 icmp unreachable rate-limit 1 burst-size 1 no asdm history enable arp timeout 14400 no arp permit-nonconnected arp rate-limit 32768 ! object network obj_any nat (any,outside) dynamic interface route management 0.0.0.0 0.0.0.0 10.249.211.1 1 timeout xlate 3:00:00 timeout pat-xlate 0:00:30 timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 sctp 0:02:00 icmp 0:00:02 timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00 timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00 timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute timeout tcp-proxy-reassembly 0:01:00 timeout floating-conn 0:00:00 timeout conn-holddown 0:00:15 timeout igp stale-route 0:01:10 user-identity default-domain LOCAL aaa authentication ssh console LOCAL aaa authentication login-history http server enable http 10.249.211.0 255.255.255.0 management ip-client outside no snmp-server location no snmp-server contact crypto ca trustpool policy auto-import telnet timeout 5 ssh stricthostkeycheck ssh 10.249.211.0 255.255.255.0 management ssh timeout 30 ssh version 2 ssh key-exchange group dh-group1-sha1 console timeout 0 ! tls-proxy maximum-session 1000 ! threat-detection basic-threat threat-detection statistics access-list no threat-detection statistics tcp-intercept dynamic-access-policy-record DfltAccessPolicy ! class-map inspection_default match default-inspection-traffic ! ! policy-map type inspect dns preset_dns_map parameters message-length maximum client auto message-length maximum 512 no tcp-inspection policy-map global_policy class inspection_default inspect dns preset_dns_map inspect ftp inspect h323 h225 inspect h323 ras inspect ip-options inspect netbios inspect rsh inspect rtsp inspect skinny inspect esmtp inspect sqlnet inspect sunrpc inspect tftp inspect sip inspect xdmcp inspect icmp ! service-policy global_policy global prompt hostname context ########################################## SECONDARY Unit ########################################## Prod-Secondary# show run : Saved : : Serial Number: JAD230709LH : Hardware: FPR-2140, 14852 MB RAM, CPU MIPS 1800 MHz, 1 CPU (16 cores) : ASA Version 9.8(2) ! hostname Prod-Secondary domain-name omitted enable password names ! interface Ethernet1/1 nameif outside security-level 0 ip address 10.63.147.21 255.255.255.0 standby 10.63.147.22 ! interface Ethernet1/2 nameif inside security-level 100 ip address 192.168.1.1 255.255.255.0 ! interface Ethernet1/3 shutdown no nameif no security-level no ip address ! interface Ethernet1/4 shutdown no nameif no security-level no ip address ! interface Ethernet1/5 shutdown no nameif no security-level no ip address ! interface Ethernet1/6 shutdown no nameif no security-level no ip address ! interface Ethernet1/7 shutdown no nameif no security-level no ip address ! interface Ethernet1/8 shutdown no nameif no security-level no ip address ! interface Ethernet1/9 shutdown no nameif no security-level no ip address ! interface Ethernet1/10 shutdown no nameif no security-level no ip address ! interface Ethernet1/11 description STATE Failover Interface ! interface Ethernet1/12 no nameif no security-level no ip address ! interface Ethernet1/13 shutdown no nameif no security-level no ip address ! interface Ethernet1/14 shutdown no nameif no security-level no ip address ! interface Ethernet1/15 shutdown no nameif no security-level no ip address ! interface Ethernet1/16 shutdown no nameif no security-level no ip address ! interface Management1/1 management-only nameif management security-level 100 ip address 10.249.211.251 255.255.255.0 ! ftp mode passive dns domain-lookup outside dns domain-lookup management dns server-group DefaultDNS name-server 208.67.220.220 name-server 208.67.222.222 domain-name omitted object network obj_any pager lines 24 mtu outside 1500 mtu inside 1500 mtu management 1500 failover failover lan unit secondary failover link State-link Ethernet1/11 failover interface ip State-link 192.168.252.1 255.255.255.0 standby 192.168.252.2 icmp unreachable rate-limit 1 burst-size 1 no asdm history enable arp timeout 14400 no arp permit-nonconnected arp rate-limit 32768 ! object network obj_any nat (any,outside) dynamic interface route management 0.0.0.0 0.0.0.0 10.249.211.1 1 timeout xlate 3:00:00 timeout pat-xlate 0:00:30 timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 sctp 0:02:00 icmp 0:00:02 timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00 timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00 timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute timeout tcp-proxy-reassembly 0:01:00 timeout floating-conn 0:00:00 timeout conn-holddown 0:00:15 timeout igp stale-route 0:01:10 user-identity default-domain LOCAL aaa authentication ssh console LOCAL aaa authentication login-history http server enable http 192.168.45.0 255.255.255.0 management http 10.0.0.0 255.0.0.0 management ip-client outside no snmp-server location no snmp-server contact crypto ca trustpool policy auto-import telnet timeout 5 ssh stricthostkeycheck ssh 10.0.0.0 255.0.0.0 management ssh timeout 5 ssh key-exchange group dh-group1-sha1 console timeout 0 threat-detection basic-threat threat-detection statistics access-list no threat-detection statistics tcp-intercept dynamic-access-policy-record DfltAccessPolicy ! class-map inspection_default match default-inspection-traffic ! ! policy-map type inspect dns preset_dns_map parameters message-length maximum client auto message-length maximum 512 no tcp-inspection policy-map global_policy class inspection_default inspect dns preset_dns_map inspect ftp inspect h323 h225 inspect h323 ras inspect ip-options inspect netbios inspect rsh inspect rtsp inspect skinny inspect esmtp inspect sqlnet inspect sunrpc inspect tftp inspect sip inspect xdmcp ! service-policy global_policy global prompt hostname context ########################################## SHOW FAILOVER Output ########################################## Prod-Primary# show failover Failover On Failover unit Primary Failover LAN Interface: not Configured Reconnect timeout 0:00:00 Unit Poll frequency 1 seconds, holdtime 15 seconds Interface Poll frequency 5 seconds, holdtime 25 seconds Interface Policy 1 Monitored Interfaces 3 of 1043 maximum MAC Address Move Notification Interval not set Version: Ours 9.8(2), Mate Unknown Serial Number: Ours JAD230709MC, Mate Unknown Last Failover at: 12:40:03 UTC Mar 29 2019 This host: Primary - Disabled Active time: 141 (sec) slot 0: FPR-2140 hw/sw rev (49.46/9.8(2)) status (Up Sys) Interface outside (10.63.147.21): Unknown (Waiting) Interface inside (192.168.1.1): No Link (Waiting) Interface management (10.249.211.252): Unknown (Waiting) Other host: Secondary - Not Detected Active time: 0 (sec) Interface outside (10.63.147.22): Unknown (Waiting) Interface inside (0.0.0.0): Unknown (Waiting) Interface management (0.0.0.0): Unknown (Waiting) Stateful Failover Logical Update Statistics Link : State-link Ethernet1/11 (down) Stateful Obj xmit xerr rcv rerr General 0 0 0 0 sys cmd 0 0 0 0 up time 0 0 0 0 RPC services 0 0 0 0 TCP conn 0 0 0 0 UDP conn 0 0 0 0 ARP tbl 0 0 0 0 Xlate_Timeout 0 0 0 0 IPv6 ND tbl 0 0 0 0 VPN IKEv1 SA 0 0 0 0 VPN IKEv1 P2 0 0 0 0 VPN IKEv2 SA 0 0 0 0 VPN IKEv2 P2 0 0 0 0 VPN CTCP upd 0 0 0 0 VPN SDI upd 0 0 0 0 VPN DHCP upd 0 0 0 0 SIP Session 0 0 0 0 SIP Tx 0 0 0 0 SIP Pinhole 0 0 0 0 Route Session 0 0 0 0 Router ID 0 0 0 0 User-Identity 0 0 0 0 CTS SGTNAME 0 0 0 0 CTS PAC 0 0 0 0 TrustSec-SXP 0 0 0 0 IPv6 Route 0 0 0 0 STS Table 0 0 0 0 Logical Update Queue Information Cur Max Total Recv Q: 0 0 0 Thank you! [link] [comments]  |
| How do I build an automation test framework for a network device(load balancer, to be precise)? Posted: 29 Mar 2019 03:53 AM PDT I recently joined as a QA in a company that builds network devices. We need to build an automation test suite for a load balancer. I have experience with building automated tests for web pages, using Page Object Model and selenium, but in this context, that approach seems to be making the whole framework over-engineered as writing whole classes for just config commands seems a bit contrived. On the flip side, if i just create a connection handler class(wrapper on top of paramiko..similar to netmiko) and individually send commands in the tests, it might later cause a maintenance nightmare as there are thousands of tests.So, I am a little confused on how to approach this, though a bit biased towards the over engineered, but safe approach. I am quite sure that many have faced this situation before me. I just want to know if there is standard approach to design an automation test framework to test network devices(like Page Object Model for web based testing). Or if there are some best practices that i should know in this regard.Thanks, in advance, for the help. [link] [comments]  |
| Copying a config from a Cisco Nexus 3000 switch Posted: 29 Mar 2019 05:08 AM PDT Hi All, We currently have x2 Cisco Nexus switches serving as iSCSi switches for ESXi hosts & NetApp storage. I need to build x2 more in a new datacenter and they are identical in every way. Can I just copy/paste the config from the show startup-config to the new switches? I've noticed the 'username user password 5 <hash>'. Will the user accounts/passwords copied over work or do they need to be unhashed first? [link] [comments]  |
| Does anyone have a copy of the java device manager.exe for Nortel 5500 series switches? Posted: 29 Mar 2019 02:50 AM PDT Does anyone have a copy of the java device manager.exe for Nortel 5500 series switches? The Avaya FTP links are dead now: https://support.avaya.com/products/P0910/java-device-manager/6.2.x Thanks! Edit: It was our firewall blocking it - link is ftp://ftp.avaya.com/incoming/Up1cku9/tsoweb/ADS/j/jdm/6.x/ [link] [comments]  |
| Sanity Check please - converting a clusterfudge regional SMB away from static routing Posted: 29 Mar 2019 08:30 AM PDT I feel like I'm stepping into a time machine to the 90's here, but would really appreciate some advice from the collective. I've inherited a real mess of a topology and addressing. It's a call center operation with 12 sites connected through a mix of mpls and vpns. They are on managed services with the mpls vendor and everything has been configured with a random variety of rfc1918's using static routes. Yes, it's a real sh*tshow. I've mapped out a new ip scheme and plan to migrate them over, and obviously, they need to get on dynamic routing at the same time. Question for you folks - is bgp overkill for this? Should I just go with ospf? Any advice for how to best migrate over would be most appreciated. I know I can simply verify the routes are showing up under bgp before removing the static entries, but feel like that's way too simple. Surely I'm overlooking something here - or just need more coffee? Many thanks in advance. [link] [comments]  |
| Zero-Trust or Micro-Seg with PAN? Posted: 29 Mar 2019 07:42 AM PDT If I chose to use PAN products for my campus zero-trus or micro-seg, would it still be the perimeter-edge based filtering? What I mean is that I would implement a big PAN firewall and route every packet from user to the PAN for inspection and routing? [link] [comments]  |
| You are subscribed to email updates from Enterprise Networking news, blogs and discussion.. To stop receiving these emails, you may unsubscribe now. | Email delivery powered by Google |
| Google, 1600 Amphitheatre Parkway, Mountain View, CA 94043, United States | |
No comments:
Post a Comment