Limiting ingress traffic rate ? Networking |
- Limiting ingress traffic rate ?
- Public network routed over private networks
- Physical-based ACLs?
- Best way to connect 1 Main Branch and 5 Auxiliaries.
- SonicWall FireWalls Education?
- BGP Router + Subnetting
- How does a load-balancer handle too many connections, and how in case of websockets/SSE?
- Permissions issue with RADIUS authentication on HPE 1920-24G-PoE switch
- Dynamic vlan assignment with radius
- Possible Internet Issues
- Observium Alerts Device IP?
- remote hands?
- Working with EVC and Routed Pseudowire | Unable to to reach from site A to B?
- Stand alone access points
| Limiting ingress traffic rate ? Posted: 30 Mar 2019 05:50 AM PDT The association I work for passed a traffic contract with an ISP that has the usual burst limits, do you guys have a bandwith limitation in place for ingress traffic in your infrastructure ? [link] [comments]  |
| Public network routed over private networks Posted: 30 Mar 2019 10:56 AM PDT Hello /r/networking! I come to you today with a simple question that has been racking my brain: Is it possible to route a public /24 network over a series of smaller /29 private networks? Theoretically this setup would be done for a WISP via a handful of static routes, but I can't seem to answer my own question. [link] [comments]  |
| Posted: 30 Mar 2019 12:43 PM PDT Say I have two physically separate networks that share a common subnet and I wish for a management PC to be able to talk to both networks on layer 2 but not for the two networks to combine. There would be no duplicate IPs and the networks would still function if connected. What I'm thinking is some form of ACL that permits traffic to and from physical ports 1 and 2, and 2 and 3, but not 1 and 3. Any ideas? Am I missing something obvious? [link] [comments]  |
| Best way to connect 1 Main Branch and 5 Auxiliaries. Posted: 30 Mar 2019 03:32 PM PDT Hello! I'm fairly fresh to the I.T. networking realm (senior in high school) and wanted to ask on my current idea of creating a secure and functional network that would be put into place for a bank (educational project). I appreciate any advice given and fully expect to be wrong in some areas! The main branch has 6 departments with a total of 203 IoT devices in 100 machines, 100 phones, and 3 printers and the auxiliaries have 4 with a total of 42 IoT devices in 20 machines, 20 phones, and 2 printers. In doing this I'm also trying to allocate space for expandability but not at the price of security. 192.168.1.0/26 (0-63) = tellers 192.168.1.64/26 (64-127) = New Account Reps And etc on to the next branch which becomes 192.168.2.0/26 (0-63) Would a class B of 172.16.1.0/18 be acceptable for the main branch? The main thing I'm trying to keep intact here as well is the expandability of the network with good security as well. ACL's are my main plan to segregate the network and obviously shut down unused ports where needed. Lastly I can't figure out what would be a solid switch and router to use. L3 Switches perplex me because some say that they can be used as a router as well removing the need for one completely? Is this a legitimate enterprise practice? Sorry if the questions are very newbish and this maybe being a longer post but I sincerely appreciate any advice! [link] [comments]  |
| SonicWall FireWalls Education? Posted: 30 Mar 2019 02:57 PM PDT I've been working at a support desk for quite sometime and want to learn about the SonicWall firewalls since my company uses them for our various clients. Recently I was able to get handed a TZ 205w. While it's old itll probably be the best thing I can get my hands on. Where is a good place for me to learn the SonicWall GUI and stuff on firewalls in general? [link] [comments]  |
| Posted: 29 Mar 2019 06:45 PM PDT Hi all, I have a /24 that I am announcing with Vultr. I am using BIRD on a Vultr instance to route the entire /24 to my instance. I can easily add IP's from that prefix to my Vultr instance and ping them remotely. Now, if I wanted to begin subnetting my /24 into smaller slices, what is the recommend method to do so on Ubuntu 16.04? For instance, if I wanted a /29 from that /24 I would need a network IP, gateway and broadcast IP in that /29. What is the proper methodology to do assign this on Ubuntu or even pfSense? Thanks! [link] [comments]  |
| How does a load-balancer handle too many connections, and how in case of websockets/SSE? Posted: 30 Mar 2019 07:59 AM PDT This isn't about whether one will ever need it. This is a general question, the answer of which I've been looking for as a curious CS grad. Here's what I've learned from my research I have been doing for few days, after which I have by questions lined up.
PART 1 - general load balancing Nginx is one of the many load-balancers available and is widely used. It can help in following ways: - Small traffic, replicated servers for fault tolerance can be load balanced with servers referred by their IP address. - Large traffic, multi-node/multi-server deployment where nginx handles the network requests and individual servers handle the CPU/DB operations. However, there is a limitation on the number of connections which can be managed by the machine running the load balancer. - RAM - this answer states that about 16GB RAM is required per million connections. - Number of ports available - which can be handled by introducing virtual interfaces as the number of ports limit is 65535 per interface. Still, this cannot handle large number of connections. Another strategy is to have DNS based load-balancing which can region-wise distribute the traffic with the requirement of servers to be in sync and downtime as DNS cache update takes time. Solutions like this one handle about a million clients on a single node, but I'm more concerned about a distributed system with enormous traffic. What is the strategy to handle servers spanning multiple data-centers as well as within that data-center itself? PART 2 - for persistent connections Persistent connections as SSE and websockets have redundant network operation on the load-balancer side as well as on the individual server. So I can think of two strategies
How would you recommend to solve this problem? [EDIT: Fixed grammar errors] [link] [comments]  |
| Permissions issue with RADIUS authentication on HPE 1920-24G-PoE switch Posted: 30 Mar 2019 06:09 AM PDT I've set up an HPE 1920-24G-PoE switch (JG926A) to authenticate against a Windows NPS server. Authentication is working fine, but authenticated users do not have manager permissions. I've set up a vendor-specific attribute as follows: Vendor Code: 25506 Vendor-assigned attribute number: 29 Attribute format: Decimal Attribute value: 3 Essentially the same NPS policy (aside from this vendor-specific attribute) works perfectly on my Procurve 26XX switches with aaa authentication login privilege-mode set. Any ideas what's going on? [link] [comments]  |
| Dynamic vlan assignment with radius Posted: 30 Mar 2019 01:29 AM PDT Dear All! How can i do this? Radius with eap-tls so i create certificates for devices. But i would like that the switch automatically configure the proper predefined untagged vlan on the port for the device: for example: VOiP phones should be in vlan22 Printers in 23 Clients in 24 I can administer the macs i would connect to the network. For example create a group of mac address (or part of the mac) and i say this should be in the vlan 23 then i upload the precreated certificate onto the device and i connect to a switchport. Can i do it with MS NPS? Or please suggest a solution to me. Thanks [link] [comments]  |
| Posted: 30 Mar 2019 02:21 PM PDT Hey guys, I would like some advice, Our current ISP is having issues which to me looks like route flapping if i do a traceroute from our router i get the following: For Privacy sake i am going to change ISP IP's to 10.0.0.0/8 range Hop 1: 10.0.0.121 Hop 2: 10.0.4.209,10.0.4.210 Hop 3: 10.0.5.98,10.0.5.97,10.0.5.130,10.0.5.146 Hop 4: 10.0.2.114, 10.0.5.149,10.0.1.138,10.0.5.133,10.0.5.98 Hop 5: 10.0.5.97,10.0.5.98,196.223.14.41 Hop 6: 10.0.5.133,10.0.5.147,10.0.2.114,72.14.239.33,10.0.1.138,10.0.5.98 Hop 7: 196.223.14.41,10.0.5.98,8.8.8.8,10.0.5.97 Hop 8: 72.14.239.33,10.0.5.147,10.0.2.114 Hop 9: 8.8.8.8,10.0.5.98 My thought around the current situation is that for some reason their core swtiching like possible BGP routing is fucked? i could be wrong As when you do an MTR on the route surely there should only be 1 host for each hop as the route should be learnt? [link] [comments]  |
| Posted: 30 Mar 2019 10:55 AM PDT I work for a small WISP and we already have Observium monitoring our network ( I did not implement it). Currently our alerts only ID the devices using hostname, my boss wants the alerts to include the IPv4 address as well. So far I haven't been able to find anything in the Observium control panel, and google has not turned up any solutions either. Does anyone know if this is even possible? [link] [comments]  |
| Posted: 29 Mar 2019 06:47 PM PDT We're running into more need for a consistent national (US) and sometimes international remote hands partner for SD-WAN endpoint placement, managed wifi/switch installs, MPLS and DIA CPE, demarc extensions, etc. Back in the day I used to contract for https://www.fs24-7ltd.com/ but I don't know what this landscape looks like nowadays. I've reached out to the top handful of "remote hands" google searches as well, but I'm wondering if anyone here would be willing to share their experiences. [link] [comments]  |
| Working with EVC and Routed Pseudowire | Unable to to reach from site A to B? Posted: 29 Mar 2019 08:19 PM PDT Hi, Would like to ask if why I cannot reach the site B SVI from A though I can learn its mac address completely? Simple topology: Site A(TAG 10) --------PE1(match10)------XCONNECT------PE2-----SW(ASR920)-------SITEB(SVI TAG 10) https://imgur.com/4jfGtiZ -> diagram From Site A, i can reach the Pe1 BVI and SW BDI (bidirectional) but Site B ip cant be reach from all test IP though mac address can be learn. Only issue pinging site B 10.9.9.4 Thank you [link] [comments]  |
| Posted: 29 Mar 2019 06:53 PM PDT I was thinking of building a navigation system for a building. Obviously GPS cannot be a solution for such small distances. I was thinking maybe if I could place some stand alone access points which could be detected by my app to determine the present location of the person and help them get to a specific place maybe downstairs or on the right or left wing of the building. Is there a solution to this? Maybe a set of Bluetooth or other wireless APs which could be detected? I couldn't manage to find a standalone AP. All links directed me to be using Raspberries but it would be costly to set up dozens of them. A few links on further information or direct links to products is what I'm basically looking for. We are not a huge organization and so cost really does matter. If an AP has a range of 50 meters, I'd need around 40 of them. So please consider the cost it would take. If you think there can be another way of locating a person in a building, feel free to suggest a solution. [link] [comments]  |
| You are subscribed to email updates from Enterprise Networking news, blogs and discussion.. To stop receiving these emails, you may unsubscribe now. | Email delivery powered by Google |
| Google, 1600 Amphitheatre Parkway, Mountain View, CA 94043, United States | |
No comments:
Post a Comment