Performing a technical interview Networking |
- Performing a technical interview
- Who's using Cumulus on an Onie or whitebox switch for edge routing?
- Dealing with ISPs/leased-line provider support
- Looking for advice on active monitoring solutions for an ISP network
- Ansible on Windows 10 via WSL working without issue
- Load Balancing on Port-Channel
- Cisco Learning Credits on SmartNet Renewals
- Cambium Networks APs, Worth a Try?
- Cisco ISE 802.1x VOIP not clearing sessions
- Bridge mode with ISP modem
- Anyone have a TEM they're happy with?
- Cisco 5K virtualization
- Quick Question about Mellanox FW bin creation
- Update: Since Friday have experienced multiple power/network failures. 95% back, can't get *some* Macbooks onto Wireless
- Energy consumption for wired vs wireless
- Flow-based synchronous routing
- Fiberstore fiber inspection scope?
- L2VPN EVPN over Segment Routing MPLS
- Dual-Homing an L2 switch to EVPN VTEP's
- Firepower FTD/FMC 2140 Out of date config on 1 device
- Interrogating and troubleshooting IPSec VPNs
- Cisco Nexus 93180YC-FX to Meraki MX400: PVST+/RSTP?
- PRTG on Juniper aggregate interfaces
- Port 531
| Performing a technical interview Posted: 16 May 2019 08:51 AM PDT Im being asked to sit in for some technical interviews with some job candidates tomorrow. Im our current most senior network engineer, but ive never sat on the other side of the interview for this level of position. I started in my company in a jr position, and have been moved up to where i am internally, so i dont have a great idea of what to ask or how to run such an interview that's beyond just the JR level. what kind of questions should i be asking to make sure the candidate is a good fit for our environment. i dont want to be the guy who asks a bunch of "gotcha" questions, or comes across as questions that are about showing off my knowledge of a particular area. i want to be able to figure out if the candidates will be able to perform the duties, has a decent understanding of the technologies we are using, and has the competency to learn about the areas they are weak in that are part of our environment, as well as their design and trouble shooting skills. [link] [comments]  |
| Who's using Cumulus on an Onie or whitebox switch for edge routing? Posted: 16 May 2019 02:34 AM PDT I'd like to hear people's experiences using Cumulus Linux for bgp peering at their edge. How many peers do you have? Redistributing to IBGP? How many routes learned (after any inbound filtering)? What kind of hardware? Experience any snafus that couldn't be worked around? How well do communities, prefix/path filtering, and MEDs work for you? Any incompatibilities with Cisco or Juniper peers? I'm about to configure a fully-redundant peering mesh between two PAN FWs speaking IBGP to two L3 switches (Dell S4048-ON, capable of ~128K routes each), each speaking with two independent upstream ISPs. I plan to take a full BGP view from all upstreams, but discard routes that originate outside of North America (99% of our traffic involves customers and partners in North America), or more than 2 AS hops away, or have a prefix longer than /20, giving us approximately 16,000-20,000 prefixes per peer. We'll use weighted default routes for everything else. [link] [comments]  |
| Dealing with ISPs/leased-line provider support Posted: 16 May 2019 09:49 AM PDT Hi r/networking, Hopefully this doesn't fall under 'early career advice' and is a reasonable question. To make a long story short, part of my job role is liaising with our clients' ISPs and leased-line providers during circuit outages, and more often than not I feel like I am getting the run around because I don't know how to put the pressure on these big companies to give us the support we need. Example (the situation I am currently dealing with): Leased-line down for 5 days and counting, location has a DIA circuit that WAN connectivity can rely on when MPLS is down so no user impact (yet). Opened ticket with provider (won't say who, one of the biggest providers in NA) requesting they troubleshoot and resolve Was routed to a team of 'escalation engineers/managers' who seem to simply be running out the clock until their shift is over, and handing off to whomever is next in their follow-the-sun model. Worked with customer to escalate issue with their account managers at provider, they were brushed off/re-assured that the issue is being worked on just as I was when I escalated to them. My question is, how would you handle this differently? What would you do to escalate this/light a fire under them so they are providing adequate support during an outage? Thanks! [link] [comments]  |
| Looking for advice on active monitoring solutions for an ISP network Posted: 16 May 2019 08:49 AM PDT I work for an ISP in Europe, your typical 4P provider (cable company). In the last couple of years we've had some outages/problems that weren't visible with passive monitoring tools. I'm looking into active monitoring solutions in addition to our more traditional SNMP polling. In short, I would like:
I've come across these solutions/vendors: ThousandEyes Ixia HawkEye Accedian SkyLIGHT Netrounds AppNeta NetBeez Uila Does someone has some real-life experience with one of above solutions? What is your experience so far? Or if anyone has other solutions/vendors/insights, I'm eager to learn more... [link] [comments]  |
| Ansible on Windows 10 via WSL working without issue Posted: 16 May 2019 02:11 PM PDT |
| Load Balancing on Port-Channel Posted: 16 May 2019 03:33 AM PDT Hello r/networking Our Datacenter has recently been running into problems with some extraordinary traffic. And I was hoping to find others who are experiencing these problems or something similar. We've had a massive SAS job run, which has generated some heavy traffic. While doing Real-Time Polling with Solarwinds, we found that a single link in a Port-Channel has been responsible for 99.5% of all discards aswell as having full link utilization, while the 3 other links have about 33% utilization. These discards are usually during microbursts of data, but they result in huge issues as the retransmissions create latency on our storage, causing several VMs to drop their drives and malfunction. So the question is: Do you have any recommendation on how to deal with these microbursts? My colleagues have divided themselves into two camps, either saying "That's just how L2 Port-channels will treat the traffic, sending flows, not loadbalancing the packets, we need I/O control", while others say that we should route it on L3, and that would allow us to utilize better loadbalacing on these links. Mods: I'm sorry in advance if this breaks any rules. And while I'm certified, it's only in CCNA Routing & Switching, so I'm fairly new to this data center position. I will do my best to provide any needed information. Edit: I am truly thankful for all the help. It means a lot, thank you all. [link] [comments]  |
| Cisco Learning Credits on SmartNet Renewals Posted: 16 May 2019 06:08 AM PDT Morning, all - Getting ready for this year's SmartNet renewal, and was curious if any of you guys normally get learning credits on SmartNet renewals? Or only with hardware purchases? If you've gotten them, can you share your number of learning credits per X dollars for SmartNet renewals? [link] [comments]  |
| Cambium Networks APs, Worth a Try? Posted: 16 May 2019 05:23 AM PDT Has anyone here used Cambium APs in a large scale deployment like a warehouse environment? Are they worth trying out? I'm interested in deploying to a warehouse with about 50 total Android RF Guns. I can literally buy four Cambium APs for every one Cisco 3802 when you factor in licensing. They are also willing to do a large POC with part of our warehouse to ensure it is the right fit. [link] [comments]  |
| Cisco ISE 802.1x VOIP not clearing sessions Posted: 16 May 2019 12:27 PM PDT I am running into an issue with that I have some Mitel and Cisco voip phones on the network authenticating with certificates and the devices behind them also authenticate. When a device is unplugged from the phone the access session and mac address are still present on the switch. We are using Cisco switches but per regulations, we are not allowed to run CDP. I am doing some testing with subscriber aging timers. I was hoping to see if someone else was having the same issue and what resolution they came up with. Thanks [link] [comments]  |
| Posted: 16 May 2019 03:59 PM PDT Hello i was wondering this; if i set my ISP modem to bridge mode and connect a TP-LINK router to it, the IP address that the ISP gives me is attached to the modem or router MAC ID? I was wondering if changing the router device the ISP would still be able to recognize me again and asign the same IP if i am still in the lease time or it would asign me into another network. Also, when in enter my TP-LINK control panel it says my PUBLIC IP is for example 190.168.30.227 and the default gateway is 190.168.30.1 This default gateway the router has it's the modem IP or is directly connected to the ISP router? Thanks. [link] [comments]  |
| Anyone have a TEM they're happy with? Posted: 16 May 2019 07:11 AM PDT Considering offloading our WAN and Internet circuit ordering/auditing to a third party. I know there are companies that claim to do this at no (direct) cost to the client- anybody using a service like this and what has your experience been? [link] [comments]  |
| Posted: 16 May 2019 08:22 AM PDT Does anybody know if it's possible to virtualize a Cisco 5K switch in a VM? I am aware that Cisco offers emulation software, but I'm not sure how to virtualize a Cisco switch in a VM. Any related links would be appreciated. Thanks [link] [comments]  |
| Quick Question about Mellanox FW bin creation Posted: 16 May 2019 03:50 PM PDT Hi everyone, recently I've been having issues with my Mellanox ConnectX-2 card where it just spams my switch with a lot of spanning tree queries and gets the port blocked. After a lot of research, I found that the firmware on it could be the issue and I need to update to a newer one. My problem is I have the files to generate the BIN file, but following the instructions at this link https://forums.servethehome.com/index.php?threads/mellanox-connectx-2-firmware.14350/#post-137727 I get the following error. I have looked up what mic binary image creation tool is and only something for Linux shows up. But pretty much every thread I've seen has people creating the bin file under Win10. So what is it I need to install for this to work? PS C:\Program Files\Mellanox\WinMFT> .\mlxburn.exe -fw .\FW\fw-ConnectX2-debug.mlx -conf .\FW\MNPA19_A1-A2.ini -wrimage firmware-image.bin -I- Generating image ... -E- Image generation failed: -E- mic is not installed on this machine child process exited abnormally Thanks! [link] [comments]  |
| Posted: 16 May 2019 05:46 AM PDT Friends - we have slayed the beast that was this issue! So some updates before the final fix - In addition to Macbooks not being able to connect to the wireless, we discovered with time some Windows/Android/iOS devices that wouldn't connect to wireless and finally this week we discovered several clients not connecting to wired. Yes...this issue took over a week to resolve. Was it a bad DHCP helper statement as /u/TastyNuggiez, /u/0xBEEFBEEFBEEF, /u/Jedi_Lucky, /u/pacodude78 predicted? Was it VLANs as /u/BigPapaGotti thought? Spanning tree /u/Cableguy87 ? Sadly...we'll never know. We rebooted the entire goddamn switch stack and everything resolved itself. I have to say, I've been doing desktop support for almost 10 years now and I've never seen an issue like this before. The only thing I can think of is what /u/BaconEatingChamp, /u/cr0ft and /u/k-med were alluding to and that was the switch change in the stack that ended up causing...something. I can't tell you what that something was but fully rebooting the entire stack fixed all our issues. My guess is, between the two unintended power outages and the failure of the switch and installing the new switch something got corrupted in a config or port somewhere. But the fact that **some** clients worked just fine the whole time and others didn't? Strange shit. Thank you to all for your input and suggestions, I wish I had a true root cause for you to digest but for now, we get to be satisfied with the fact that no matter what level of technology we're dealing with, sometimes we just need to turn it off, then back on again. [link] [comments]  |
| Energy consumption for wired vs wireless Posted: 16 May 2019 02:20 AM PDT I'm looking for information on power consumption (overall) of wired networks vs wireless networks. I'm wondering if a move toward an All (of More) Wireless Office would bring significant savings. I can't seem to find anything online about this, but then I can't imagine being the first to ask the question either. Has anyone seen any numbers on this? [link] [comments]  |
| Flow-based synchronous routing Posted: 16 May 2019 02:11 PM PDT A client has two last-mile links to a CE router for redundancy. These links are currently running in active-passive configuration via BGP by simply;
What concepts can I apply to achieve synchronous traffic routing between the client to the hosted application in our environment over the currently passive link. While all other services are to remain routed over the default link. To technically achieve this my initial thought was to statically route the application server's range over the backup link from the CEs perspective. This allows traffic sourced from the LAN destined for the application to be sent over the backup link. However, I am not finding a solution to ensure that the return path, source being application and destination being the LAN, stays synchronous. This will follow the route advertised by the CE for the LAN range over the primary link. To combat this I thought of a policy-based route matching source of the application and setting the next hop to the secondary link's P2P IP. However, it is not possible to adjust the next-hop of a packet in the outbound direction. I cannot apply this policy-based route on the incoming interface of the application as it is on a different PE router and therefore can't reach the theoretical next-hop. A diagram depicting the above. Otherwise my question is; Is it possible to effectively route a "flow" of traffic (matching IPs/ports only) over one link? [link] [comments]  |
| Fiberstore fiber inspection scope? Posted: 16 May 2019 01:48 PM PDT I need a new fiber inspection scope. I found Fiberstore has some at what looks like reasonable prices. Does anybody know if they are any good? I'm looking to get a scope with a video screen, either the 250x with an LCD screen or the 400x with USB to laptop. Or should I look somewhere else? Suggestions? [link] [comments]  |
| L2VPN EVPN over Segment Routing MPLS Posted: 16 May 2019 01:08 PM PDT My google fu is failing me; I can't find any documentation on whether this is supported on the Cisco Nexus 93180YC-EX. I've only found documentation on configuring EVPN Type 5, but nothing on Type 2. Does it take a more expensive device to support this feature? [link] [comments]  |
| Dual-Homing an L2 switch to EVPN VTEP's Posted: 16 May 2019 12:19 PM PDT Afternoon, Everyone - Looking for some guidance on a detail of an MP-BGP EVPN project that I'm working on. I have some Layer 2 access switches that will be connecting to the EVPN fabric, and I'm trying to see if there are any considerations that I need to take into account. Here is a simplified version of a section of the topology -- Red are L3 links, Blue are L2 With the 2960 sending broadcast traffic to three different VTEPs (two at a time - one 9200 and one 9300), how will the EVPN fabric respond? If it's relevant, I'm planning to use ingress-replication rather than Multicast, if possible. [link] [comments]  |
| Firepower FTD/FMC 2140 Out of date config on 1 device Posted: 16 May 2019 10:56 AM PDT Has anyone seen a section or command where you can compare un-deployed configuration changes for the Access Control --> Access Control Policy against the running config? I am the only admin for our firewall, but I see that yesterday my firewall had a config change modified by "Firepower System" but it doesn't tell me what was changed. How do I know what I am deploying? Running 6.2.3 on the FMC and 6.2.2 on the FTD. [link] [comments]  |
| Interrogating and troubleshooting IPSec VPNs Posted: 16 May 2019 10:33 AM PDT I have a love/hate relationship with IPSec VPNs. Setting up new ones aren't usually a problem -- just match the configurations and I'm done! But when configurations match but a new tunnel fails to come up, or I have to troubleshoot an existing tunnel, or I just need to interrogate an existing tunnel to figure out which phase 1 or phase 2 configuration it's using, then suddenly VPNs become my least favorite technology. I find myself asking: "Is the VPN tunnel using ISAKMP policy 100, 101, or 102" "Is it using the transform set with AES 128 and SHA, or the one with AES 256 and SHA256?" These questions are harder to answer when the VPN device has many policies and transform sets, custom lifetimes, and so on. It's even more daunting on Cisco ASAs and ISRs where the configuration is sprawled all over the running-config and nested together. I'm trying to figure out...
I already know how to...
I know how to get this information from the running-config, but not the operational state of the tunnel (e.g. using "show" commands). I figured the answer to my question is hidden within the output of those "show crypto ..." commands...maybe I haven't hit "?" enough or I haven't read enough! Thanks! [link] [comments]  |
| Cisco Nexus 93180YC-FX to Meraki MX400: PVST+/RSTP? Posted: 16 May 2019 05:52 AM PDT Hoping this is the right place for this, if not, apologies. This might be a long one, but as a first post here, I'm trying to follow the rules and provide as much detail as is relevant/possible. I'm not an incredibly experienced network admin, but was recently tasked with replacing our infrastructures core switch (A single WS-C3750X-24 ) with two 93180YC-FXs in a VPC configuration. I was only assigned to this after the hardware had already been decided on and purchased and have since been communicating with the team that sold us the equipment in an attempt to make this work. The intention was to have a redundant connection between this VPC domain and two Meraki MX400's (in HA using VRRP/Warm Standby/Active/Passive/Whatnot) acting as an gateway to our ISP - however I found that the Mx400's do not support LACP, which killed that idea shortly after. (LACP being a requirement to participate in connecting to a VPC as a member port, to my understanding.) In an attempt to salvage the redundancy, it was suggested by our partner that we rely on spanning tree to properly block a portion of the connections between all four devices, with each uplink being an orphan port in the VPC. It was discovered shortly after this that the MX400s do not actively participate in spanning tree - not having a lot of experience in this level of networking, it appears that they pass BPDUs but do not participate in the election process? (I'm sure this is incorrect to some level, but having trouble determining details.) At this point, we decided to move forward with the replacement, but to only provide a single Nexus 9k with an uplink to the two MX400s at this time. This was an attempt to see if spanning tree from the switch could properly deal with the potential loop Between MXA, MXB, and 9kA. This is where things got a bit odd. I could see PVST+/RST frames coming across the LAN 2 port on the MX400-A and B, but both ports on the Nexus 9k were still listed as BKN* under a "show spanning-tree". So we trimmed everything back to just a single link between the MX400-A and the Nexus 9300-A. At this point, connectivity was still not up and the same spanning tree frames were showing up in a packet capture off of the MX400's LAN port and the Nexus 9k port still shown as broken. During all of this, the VPC keep-alive and peer links were up and functioning, but not applied. (Just noting in case it's relevant) "spanning-tree vlan [vlan-ids] root primary" was used to try and ensure that the switch was set as the root bridge. Since this was my first attempt working with an NX-OS device, I'm sure it's something in the STP options on the 9300 that I'm missing, but I'm having trouble narrowing down what to do with these switches to make this uplink possible. Copying some portions of the config below - interface Ethernet1/47 description **Datacenter MX A** switchport mode trunk spanning-tree port type normal no shutdown interface Ethernet1/48 description **Datacenter MX B** switchport mode trunk spanning-tree port type normal no shutdown Core_9300_A# show spanning-tree summary Switch is in rapid-pvst mode L2 Gateway STP is disabled Port Type Default is network Edge Port [PortFast] BPDU Guard Default is disabled Edge Port [PortFast] BPDU Filter Default is disabled Bridge Assurance is enabled Loopguard Default is disabled Pathcost method used is short STP-Lite is disabled At the moment everything has been rolled back to the 3750, so I'm unable to gather live information for troubleshooting any further. Are there any other portions of the nx-os config that may help with troubleshooting before attempting another migration? If anyone can offer any assistance or insight into this on either the Meraki MX or Nexus side it would be greatly appreciated. Thanks [link] [comments]  |
| PRTG on Juniper aggregate interfaces Posted: 16 May 2019 08:33 AM PDT Sorry if I shouldn't post this here but PRTG Reddit isn't very active. Anyway, when I monitor an aggregate interface (traffic sensor) in PRTG on a Juniper EX switch (ae0 for example) the bandwidth isn't correct at all. It's showing .01 Mb/s even though I know it should be much higher than that. Does anyone use PRTG and monitor ae interfaces on Juniper gear? Thanks! [link] [comments]  |
| Posted: 16 May 2019 07:07 AM PDT Is port 531 (Like the port that AIM, mIRC, etc... I never was able to use AIM when I was a kid) even used for instant messaging in this day and age? Kinda stupid question but I thought I might just ask it anyway. [link] [comments]  |
| You are subscribed to email updates from Enterprise Networking news, blogs and discussion.. To stop receiving these emails, you may unsubscribe now. | Email delivery powered by Google |
| Google, 1600 Amphitheatre Parkway, Mountain View, CA 94043, United States | |
No comments:
Post a Comment