Blogpost Friday! Networking |
- Blogpost Friday!
- How did the kids do this?
- Aruba releases datasheets on new 802.11ax APs, AP-535 & AP-555
- Recommended reading list?
- Dynamic PAT : ASA, IOS legacy and NVI. So, what you gonna do with the source port?
- Help with Ansible
- Connect Intel XL710-qda2 to Cisco 40GB SR BIDI via LC connector
- Cost per mile for installing fiber on telephone poles
- NETSH trace extra data
- SD-WAN right for us?
- Centurylink/Level 3 - Can't provision Fiber
- NetFlow probe on servers
- Any useful networking powershell scripts out there?
- Can't get faster than 500mb down/up
- Dynamic Arp Inspection + Ip Source Guard (With Roaming)
- Vlan hopping/ frames question?
- Help determining if NAS will fit in a cabinet
- NAT not working
- sflow sample rate for 60Gbps/40Mpps packet rate traffic
- Network interface filtering question
- Temenos t24 network
- AWS Transit Gateway designs
- Cat6 termination cost
- Q ref SD-WAN and Skype for Business externally hosted
- China ISP recommendation
- GEO IP Database for firewalls
| Posted: 28 Mar 2019 05:04 PM PDT It's Read-only Friday! It is time to put your feet up, pour a nice dram and look through some of our member's new and shiny blog posts Feel free to submit your blog post and as well a nice description to this thread. [link] [comments]  |
| Posted: 02 Apr 2019 05:34 AM PDT Saw this cross my newsfeed today: And it was cited a few times that there was some app that would jam or flood the AP, killing signal in the process. My question is, how could they have done this, so I can try and block this? [link] [comments]  |
| Aruba releases datasheets on new 802.11ax APs, AP-535 & AP-555 Posted: 02 Apr 2019 10:52 AM PDT https://www.arubanetworks.com/assets/ds/DS_AP530Series.pdf https://www.arubanetworks.com/assets/ds/DS_AP550Series.pdf Pretty interesting. The 555 looks to have more features than any of the other 8x8:8 APs on the market, tri-band and spectrum analyser. Both support UL and DL OFDMA. [link] [comments]  |
| Posted: 02 Apr 2019 06:20 AM PDT I started reading "Top-Down Network Design" from Cisco and I wish I started reading this earlier. It`s very informative and adds to my general network knowledge. What are other good books to add in my reading list that you would recommend (could also be programming related)? EDIT1: Thanks for the current books.Ideally some books for general network design, also understanding QoS, cloud... Books over PowerPoints is preferable for me as I like to read on a Kindle. EDIT2: List https://paste.ee/p/YcLxd [link] [comments]  |
| Dynamic PAT : ASA, IOS legacy and NVI. So, what you gonna do with the source port? Posted: 02 Apr 2019 02:04 PM PDT |
| Posted: 02 Apr 2019 11:43 AM PDT Hi guys, I've been messing with Ansible for past two weeks and I'm simply amazed by its capabilties (maybe a part from super sensitive data format :D). I need a help with two things, I've been provisioning new switches and so far have done dns. vlans, ntp, acls etc all with Ansible. I need to configure hostnames for switches from a variable that share same naming convention. Let say I've got 10 switches in hosts file and I'd like to assign them name e.g. '501-MDF-SW1', '501-MDF-SW2', '501-MDF-SW3' etc. I think I've tried everything but no luck - is there even a way to do it? [link] [comments]  |
| Connect Intel XL710-qda2 to Cisco 40GB SR BIDI via LC connector Posted: 02 Apr 2019 03:30 PM PDT Networking has a couple of 40GBe switches and XL710 cards I can use. I would like to connect a bunch of servers to those switches. Issue is that they want to use Cisco QSFP-40G-SR-BD adapters with LC connectors on their side and I can not find a compatible QSFP+ adapter for the Intel XL710 card. Can anyone suggest which QSFP adapter to use with the Intel card? [link] [comments]  |
| Cost per mile for installing fiber on telephone poles Posted: 02 Apr 2019 12:24 PM PDT Some neighbors have agreed to bribe the phone company to bring a fiber line out to us (we're currently on satellite.) They bid the line at $45k/mile for 3.5 miles on empty telephone poles. My question is, how much would you expect to pay for 144 count ribbon fiber on telephone poles? Is there a calculator just to determine the cost of the line (I can't find the price of 144 ribbon online)? [link] [comments]  |
| Posted: 02 Apr 2019 01:52 PM PDT Hi everyone. I am attempting to capture some traffic on host using netsh trace and am running into an issue. The traffic I'm trying to capture is sporadic so I need to let the trace run, but also can't let it get too large. Here is the command I am using: netsh trace start capture=yes Ethernet.Type=IPv4 IPv4.Address=x.x.x.x tracefile=<path> While this is running, the trace file grows continuously, even when no traffic involving that address is ocurring. I let it run for approximately 5 hours yesterday, and it was filled with rows of "ETW" events. I don't want anything else except the traffic involving a specific address. Any help would be greatly appreciated. [link] [comments]  |
| Posted: 02 Apr 2019 09:56 AM PDT We have 2 Head Offices in different parts of the country 60+ Retail branches spread throughout the country Each site is making a site to site VPN connection to our data center. Each branch site has a 5506 with 1 internet connection. Mix of fixed wireless, DSL, Cable From my understanding, SD-WAN basically connects all branches to one location where all the QoS/Load Balancing etc.. is done. For SD-WAN to be effective, I read I will also need a failover line as well. Still trying to wrap around my head on SD-WAN and other benefits aside from management. [link] [comments]  |
| Centurylink/Level 3 - Can't provision Fiber Posted: 01 Apr 2019 07:13 PM PDT There's a site that I'm looking at that has an old Level 3 fiber circuit going to it. Since Centurylink bought Level 3 it took awhile for me to track down the correct department to inquire about activating the circuit and providing DIA or Transport to a POP. After a week of waiting I got the following message back from the rep I've been speaking to about this location: I truly do apologize as this process has been dragged for more than what I expected. According to my Engineering group the "NATIONAL" fiber in this area is Long Haul fiber which looks like what that tower might have been connected to and we don't provision customers on this Fiber. Unfortunately there is no way for us to provide the Gig Fiber around the budget your provided me. Does anyone have a good contact at Centurylink that could look into this for be ? For this location, Level 3 was the only fiber circuit brought to the address and to bring someone else in I'd have to pay to cut into another long haul fiber (if that's even possible and it would be in the tens of thousands to do it.). I feel like the last two sentences contradict each other as well. You don't provision customers on this fiber but in the next sentence you can't do it within my budget? I asked for a 1G DIA circuit and stated my budget was no more than $1500/m or I'd like transport back to the POP w/ colocation service because I felt that might have been cheaper. I kinda feel like I'm getting dicked around or I'm still not talking to the right person. I've been dealing with this for the past two weeks now and I'm running out of time. What do I do in this situation ? Is there another department to speak to directly at Centurylink ? Someone had to have had service at this location before. I just don't know the history of it but this is a first for me so idk what to do now. [link] [comments]  |
| Posted: 02 Apr 2019 01:55 AM PDT Hey guys Our sysadmins are trying to move systems to aws and are trying to identify what the standard flows are for their systems (these guys never documented their architecture) I am looking for any NetFlow agents they could install on their servers and send to a collector (graylog/Prtg, etc) that we have I found them nProbe but it's too espensive for them sigh Anyone know or anything else that could do NetFlow or audit inbound/outbound on a host? [link] [comments]  |
| Any useful networking powershell scripts out there? Posted: 02 Apr 2019 06:45 AM PDT Any scripts you use for automation? I have one I use with putty to ease the process of applying config changes to cisco switches, and 2 others that I use to automate changing my static IP and then changing it back to DHCP. Nothing too crazy, but I have recently jumped into it and just curious if anyone else out there uses powershell with networking and what you use it for? [link] [comments]  |
| Can't get faster than 500mb down/up Posted: 02 Apr 2019 02:28 PM PDT |
| Dynamic Arp Inspection + Ip Source Guard (With Roaming) Posted: 02 Apr 2019 12:40 PM PDT Were running into an issue with a property where one of the wireless clients is static assigning the gateway IP. The problems we have is we must support Multicast in the same VLAN. Our first thought to prevent this type of IP theft was to implement dynamic ARP inspection for the router, and Ip Source guard on the switch ports towards the APs. The problem is roaming however, if a client moves from Port 1 to Port 2.. our thought is that this could enforce source guard to only allow on Port1. Has anyone implemented such a security design where hosts must use DHCP creating a ip binding in the switch but allow roaming ? if ip source guard supported DHCP LEASEQUERY which would allow lookups for moves the problem would be resolved but i don't see that feature set in the switch. (Cisco 2960X). [link] [comments]  |
| Vlan hopping/ frames question? Posted: 02 Apr 2019 12:25 PM PDT I understand the idea behind vlan hopping, which is that someone can "gain access" to another vlan through sending the double tagged frame or switch spoofing, but what i dont understand is how sending a packet gives them that access? Why does VLAN 20 accepting a packet it shouldnt be receiving give the attacker anything? Wouldnt the vlan just accept the packet and that's that? Once the vlan accepts the packet, how does the attacker have access to the information? I feel like i dont have a proper understanding of what frames being sent across vlans are capable of. Could the frame contain a packet sniffing tool or something? Is that why? Sorry im still learning this stuff [link] [comments]  |
| Help determining if NAS will fit in a cabinet Posted: 02 Apr 2019 12:06 PM PDT I'm looking to install a cabinet and rackmount NAS for my small business. I'm new to rack mounted equipment and have a question about clearance and installation that hopefully someone can help me with! I'm Currently looking at putting a QNAP TS-977XU-RP into this cabinet with these rails QNAP NAS Dimensions: (HxWxD) 1.7 × 19 × 19.9 inches Cabinet Dimensions: 600mm overall depth (23.622"), dimensioning on website image shows a max rail depth of 20" Rail Specs: Mounting post width: ≥ 17.8"/451mm So, it definitely seems to me that the NAS will fit, but I don't have the experience to know if it will leave me with enough clearance for cabling or anything else. Side note, I was also considering the Synology RS1619xs+, but that definitely seems to me like it wouldn't fit, correct? Thanks! [link] [comments]  |
| Posted: 02 Apr 2019 11:41 AM PDT This is probably something simple, but I am stuck, not a firewall expert. I have, in my network, a firewall and behind it a network that doesn't interact with our main network save for a few IP. The topology is this: (Inside Network 192.168.173.0/24 GW int 173.1 ) - [Mal-ASA] - Outside Int IP (192.168.66.10/24) the 192.168.66.0 is also an internal network behind a firewall that goes to the isp, the topology is: [Mal-ASA] - Outside Int IP (192.168.66.10/24) trunk to L2 network switch to (Inside int 192.168.66.1) [ASA-Out] (public IP) I am trying to NAT on the internal Mal-ASA from 192.168.173.5 to 192.168.66.12 on the outside interface of the Mal-ASA. For some reason it is completely unreachable and I am not seeing why. The ACL both ways are ip any any for now. Thanks for any help. [link] [comments]  |
| sflow sample rate for 60Gbps/40Mpps packet rate traffic Posted: 01 Apr 2019 09:34 PM PDT We have Cisco Nexus 9396PX switch and running 60Gbps traffic with 40 million packet per second rate on one trunk interfec. If I go ahead and enable sflow what would be the best sample rate I should use to not kill my switch and sflow collection [link] [comments]  |
| Network interface filtering question Posted: 02 Apr 2019 10:11 AM PDT Hey all! I utilized a Nipper router config assessment tool on some perimeter routers. Came up with a "Interfaces Were Configured With No Filtering" high risk however; the routers are utilizing Zone based policies. Is this a false positive since Zone-based policies are implemented? Or am I missing something? [link] [comments]  |
| Posted: 02 Apr 2019 09:49 AM PDT Hey guys does anyone manage the day to day operations of a network that hosts the Temenos core banking solution? Do you guys host it on perm or on the cloud (azure) In my environment we have it hosted on a different continent which is over 250ms and we experience soo much slowness on a 25mb and even a 50mb DIA. I was told by my directors that cloud is the way to go, however I told them most of our customers are in the country but they like cloud for some reason. We had no Azure servers in our region that could host (apparently Temenos has to host it in azure for us) Also we have no azure express route provider in the country so we probably need to pay a local ISP for transit and do BGP on our SRX 1500. The cost is prob going to extremely expensive. [link] [comments]  |
| Posted: 02 Apr 2019 09:45 AM PDT I'm looking into ways to connect VPC's in different regions together without having to manage VPC peering between all of them. AWS Transit Gateways sound nice, but based on all of their diagrams they seem to want you to connect all of your existing VPN connections to the TG itself, rather than to your local region VPC. An example of what they seem to want you to do is on the right of the following image: I'd like to continue to rely on our local IPSec tunnels to our regional VPC's to keep latency low while employing a TG somewhere to tie all the VPC's together over the AWS backbone. Is that something anyone else has done, or am I missing something? [link] [comments]  |
| Posted: 02 Apr 2019 09:33 AM PDT I know you guys probably see things like this all the time, but I am a minor(16) helping my dad renovate a place. I terminate the cat6 wires, and I want to know how much I should get for doing it. I am usually there like 2 hours per day 2/3 times per week, and I have done over 30 cables(and they work). I am the only guy who does it, and I have done everyone in the building. I want to ask for like 1/10th of the normal cost, (so if it would be like $50 per hour, I would ask for $5) because I just want a little bit of compensation. I also helped put the cables in place(I sat in a dark attic for an hour dragging the cables), and I test them as well. Also, let it be known that I am dumb, and I don't know the words for these things. Any info would be appreciated [link] [comments]  |
| Q ref SD-WAN and Skype for Business externally hosted Posted: 02 Apr 2019 12:51 PM PDT Is anyone presently running the $subj scenario? To be more specific - we are presently setup with a hosted Skype for Business provider (in a few of our outsourcer services data centers, distributed globally), which tie into our network utilizing our MPLS, in order to preserve the quality of service demand for voice and video conferencing. We are contemplating deployment of SD-WAN, with SD-WAN devices being installed in each remote, replacing our routers. The challenge comes in the migration process, during which it seems that we may need to double up the MPLS connections in each Skype hosting data center, so that one is used "under" the SD-WAN overlay, for sites being migrated to SD-WAN, in need to use Skype, while the other MPLS leg is left for the still-to-be-migrated sites, for their Skype needs. As this migration (few hundred sites, globally dispersed) is a long duration process, and it is hard to anticipate the pattern of traffic, we will probably end up supporting the MPLS dual connectivity for quite a while, unless we could somehow leverage Internet connectivity into some of the Skype hosting data centers ... ?!? Extra challenge: MPLS is fully meshed. SD-WAN won't be (appliances in remotes won't support so many simultaneous tunnels), so a further regionalization of Skype access may be needed, but with some ability to still get multiple regions into the same conference calls, or having end points talk to each other across multiple regions (for which we think of having some hub-and-spoke with our data centers, from everywhere). Anyone having run into this issue, and having some suggestions / recommended design patterns? [link] [comments]  |
| Posted: 02 Apr 2019 08:37 AM PDT Looking for a new ISP in China to serve Asia countries, any suggestions? We are looking at Tata and PCCW atm, the budget preferring PCCW, however I never dealt with them and no idea about their cover/reliability... ? any help would be appreciated :slightly_smiling_face: Hong-kong/10g circuit, full BGP table, 2g commit Thx [link] [comments]  |
| Posted: 01 Apr 2019 04:55 PM PDT Is a there a free reliable geo IP database website that I can make API calls to? I want to setup a python script to mine the website for United States IPs and have the script import them into my watch guard firewall via cli. [link] [comments]  |
| You are subscribed to email updates from Enterprise Networking news, blogs and discussion.. To stop receiving these emails, you may unsubscribe now. | Email delivery powered by Google |
| Google, 1600 Amphitheatre Parkway, Mountain View, CA 94043, United States | |
No comments:
Post a Comment