Rant Wednesday! Networking |
- Rant Wednesday!
- WAN circuit flapping / L1 errors incrementing. Carrier claims clean line and blames our hardware. What next?
- NAT + SQL Server Instance
- Meetup in Manchester UK, Cisco/Networking/Wifi workshop. Wed 29th May
- What names or naming conventions do you use for your networking equipment ?
- Cisco WAPs and Cellular modules
- Need help building a server to test 100Gb/s, 400Gb/s and a strech goal of 1000Gb/s
- Need Advice for a good VPN Client for my company (1000 users)
- K-12 large network set up help
- HP6120xg FCS rx drop increasing
- Any thoughts on gip.sh?
- Help me to build an office network
- Nexus C6509 VXLAN Compatibility and Learning
- Secure CRT login_script with node import
- FIN sent immediately after 3-way handshake
- subnet expansion without downtime
- SNMPv3
- We're a small business and need a router upgrade - what should we look for?
- Remote Desktop solution
- Are There Any CEF Differences Between Catalyst and Nexus?
- GLBP with 3 routers but only 2 of them to be active and the 3rd as hot stanby
- Is a very high end switch a viable replacement to a low end (feature wise) router?
- NSO in a container - help
- Get VRF from reachable IP address (or MAC)
| Posted: 28 May 2019 05:04 PM PDT It's Wednesday! Time to get that crap that's been bugging you off your chest! In the interests of spicing things up a bit around here, we're going to try out a Rant Wednesday thread for you all to vent your frustrations. Feel free to vent about vendors, co-workers, price of scotch or anything else network related. There is no guiding question to help stir up some rage-feels, feel free to fire at will, ranting about anything and everything that's been pissing you off or getting on your nerves! [link] [comments]  |
| Posted: 29 May 2019 08:17 AM PDT Small rural school served by a single T1 circuit. Years of mostly-OK operation. Recently, link quality diminished. Monitoring shows input errors, CRC errors, and aborts on both sides of the circuit. Logs show link flaps several times a day. Several intrusive tests by AT&T show a "clean" link and blame our CSU. Our gear is older Cisco ISRs, but show no sign of trouble that I can see. Where do I go from here? [link] [comments]  |
| Posted: 29 May 2019 11:27 AM PDT We've got a relatively simple web app hosted on an EC2 instance on AWS running on IIS/.NET that talks to an on-prem SQL Server. I realize it would be a lot better if the SQL database could be hosted on AWS, but it can't. Anyway, we've got the SQL Server NAT'd in our on-prem ASA with a public IP address that is restricted to only the EC2 instance's IP address. If the database is on the default instance on SQL using port 1433, everything is great. If we move it to a non-default instance with a different port, it times out and never connects. It appears to be a problem with the NAT translation, but heck if we can find the problem. We installed SQL Management Studio on the EC2 VM and it does the same thing. Connects to the default instance, but not the named instance. On-prem, you can connect to the SQL Server just fine with both a test install of the app as well as Management Studio on either SQL instance. The software vendor says "What's AWS?" and pretty stops there, never mind that as far as the application goes it's just a VM. It's [b]GOT[/b] to be the ASA. As it stands right now, it is configured as: On-prem SQL ->NAT'd to the public IP with "any" port open for traffic to/from the EC2 IP. The EC2 instance has an AWS firewall (not the Windows Firewall) that is configured to allow all traffic to/from the SQL Server's NAT'd public IP. Still won't work. Logs from the ASA aren't helpful. Wireshark on the web server instance isn't helpful either. We opened up all ports for troubleshooting, it won't stay that once we get this issue resolved. Any ideas? [link] [comments]  |
| Meetup in Manchester UK, Cisco/Networking/Wifi workshop. Wed 29th May Posted: 29 May 2019 12:50 AM PDT Hi all, long time lurker here, if anyone is in the North West of England I am holding a meetup for Networking related discussions for Small Businesses and startups. It will be a non-sales event, an opportunity to meet some of your peers working in other small businesses and discuss all things networking and cloud related. A bit about myself, I am a technical architect working for a Cisco partner, currently studying towards my CCIE Route Switch so I am happy to share my experiences regarding my studies. I will also be offering free advice around design and implementation of network infrastructure, netdevops, Cloud, Unified communications e.t.c. to those that need it, and happy to chew the fat with others in similar roles to myself. It will be held at ziferblat in the northern quarter, starting at 6:30pm, more details below. [link] [comments]  |
| What names or naming conventions do you use for your networking equipment ? Posted: 29 May 2019 04:28 AM PDT I have recently moved to an organisation where they seem to use wacky names for each device. For instance small branch site (about 10 users) has a Cisco 2960x labeled and the site core switch. So we apparently have like 300 core switches ranging from 2960x to 9Ks which seems stupid to me. Personally I would like to just call them by vendor and item number and label the the device production or test. Then rely on our network documentation to depict what roles each device play. What do you guys use ? [link] [comments]  |
| Cisco WAPs and Cellular modules Posted: 29 May 2019 11:55 AM PDT Let me preface, I know that these products are discontinued. But. Wifi calling sucks. In an environment where I have to support every model of cell phone ever made for both data and voice (for those that do wifi calling anyway), it is a lose-lose situation. I have about 300 corporate issued phones that all work just fine on our specially tuned wireless network - set up just to support wifi calling on iphones. that's not the problem. It's all the other models that are out there that I need to find a way to make work. Cisco had a great idea - an AP that you could add cellular repeater modules right onto. And then discontinued it. Does anyone have these? Have experience with them? I'm starting to feel like it might be worth jumping on Ebay and buying a few to deal with my worst problem areas - rather than spending 8k per antenna to do specialty cell repeaters. Thoughts? [link] [comments]  |
| Need help building a server to test 100Gb/s, 400Gb/s and a strech goal of 1000Gb/s Posted: 29 May 2019 01:11 AM PDT Hi there, I've run out of things to google for and I'm looking for help/guidance. I need help building a server. **Background** I've been asked to help out with a university project (and I think it's because I know what IT stands for) Effectively the bat s**t insane idea is to test a 1000Gb/s (1Tb/s) network. Fastest I've ever gotten is 10 Gb/s with a home lab. Now they've agreed to start 'small' with 100Gb/s and push up to 400Gb/s either by 'NIC team' as soon as or buy the in currently in development 400Gb/s fibre when it releases in 3-4 years' time. (Hopefully I can get out of this place before they think of something else that's balls to the wall extreme). Effectively, I've been asked to spec up the testing pc/server(s) to send test data and analyse the data throughput. ** My thinking ** Software: I'm assuming Wireshark is laughable if I tried to use that to capture traffic. And I honestly can't think of a way to generate that insane amount of traffic other than copying my whole steam library (I've calculated it at about 19s). I'm also going open to the idea of using linux over windows (I'll just have to run a training class I guess for everyone). Hardware: I'm hoping they won't want to store the data, just test the speed. Either a RAID or a RAMdisk will be suitable. ** The question(s) ** Network speed is assumed at min 100Gb/s, pref 400Gb/s and total max of 1000Gb/s. Software: Packet/traffic generator, what would/could generate data for that network speed? Hardware: Let's pretend money grows on trees here... Testing method: I'm open to ideas on what the best way to test this network. Any help or ideas or just things to google is a major help! Even if it's just a stop gap soultion, I.E. "This would be okay to about 400Gb/s for now". [link] [comments]  |
| Need Advice for a good VPN Client for my company (1000 users) Posted: 29 May 2019 07:59 AM PDT My company currently purchased Meraki across the board, for Switches, and Firewalls in every site (China, Australia, UK, US) . 6 Buildings in total across the world. They were using non-standard sub-par equipment until they standardized each building. Now that we have Meraki's we are trying to upgrade our VPN clients for people to work remotely and still access resources into our main buildings. Each building that needs access to each other has a P2P Tunnel already, so inside our network there's no issues. However, Outside the network it's still anybody's guess. We're using Pulse (a very old crappy version, no one likes it) to access the UK and US, and have nothing implemented for the rest of the networks. Now when we went to setup the Meraki's for VPN client access we noticed that Meraki doesn't have a software client to create its own VPN adapter. You have to go to Windows or Mac and create a connection using the native OS settings. This brought up a very bad issue with our clients not split-tunneling traffic. While there IS technically a way around this and you can run a script to add these split tunnel fixes, my boss is looking for a piece of software that will work with the Meraki VPN settings. The Software he wants should do the following. Have multiple profiles that we can import in order to setup different building configs easily. Allow Split-Tunneling (obviously, standard practice here) Officially supports Meraki hardware. Works and looks the same on both Mac and PC. We are aware that Meraki supports ASA's. And while that is a solution, that will tend to be a very expensive solution, as you need to buy licenses for each user that will be connecting to each building. So if you have 1000 users and all of them are connection to each building (not realistic example, I know, but this is for sake of numbers). You will need 6000 licenses in total, which will get very expensive as you have to update your license support every year. So we're looking for alternatives. If anyone has any suggestions I'm all ears. I've already been suggested PfSense, and am frankly turned off by the fact that it's freeware with the option to buy support. But if their support is good I would be open to that. Thanks for everyone help and your time!! [link] [comments]  |
| K-12 large network set up help Posted: 29 May 2019 03:30 PM PDT Hi! I'm a junior sysadmin and am still very much learning. I"m trying to set up a complex network and learn along the process. Our network has the following topology: - ISP Fiber comes into building A - symmetric 50/50 that is handed over to us over ethernet - Microtik Routerboard that currently has the IP 10.0.1.1. - From here the internet forks into a Ubiquiti Rocket that has three remote locations connected to it that all rely on my network for internet- their IPs are statically set to 10.0.1.x School A has a dell Sonicwall and a Unifi Security Gateway that I'd like to set up. Our DHCP server is currently the main Windows server (running Server 2012 R2) located at 10.1.1.1. Our switches are all Unifi 48 port switches. We have 4 wifi networks: Guest, Students, Faculty, and Admin. I'd like to set up VLANs and make it so students cannot access Admin and Faculty devices. Issues:
To resolve this issue I'd like to rebuild the network from scratch. Questions:
I was hoping to set up the following ranges:
Does this sound like the best way to do it? I have the ability to recreate everything from scratch and set it up in the most efficient way possible. [link] [comments]  |
| HP6120xg FCS rx drop increasing Posted: 29 May 2019 07:53 AM PDT I have two cisco nexus 3064PQ running in vPC domain for multi-chassis LAg, these switches connected to my HP6120XG (c7000 blade center), life was good last 1 week everything was working fine but today i have noticed vpc is down so when i started looking i noticed following. LACP lost all partners and i am seeing FCS RX error, this is not in production yet so there is almost zero traffic but where this drops coming also i am seeing same behavior on both HP6120xG switch in c7000, how can both switch go bad same time? Duplex are auto and i have many other blades running with same config and they all are happy.
[link] [comments]  |
| Posted: 29 May 2019 03:11 PM PDT |
| Help me to build an office network Posted: 29 May 2019 03:00 PM PDT Hi guys! Unfortunately, I don't have experience in networks stuff, but now I should build some robust system for my office :) We have 4 rooms, approx 20 wireless clients and 20 servers. We need to restrict access to servers, only admin can log in/ use network resources (through samba), etc. Our servers should go to the internet using proxies (VPN servers) and we don't want to setup VPN clients on every server, it should be done on the router by static IP rules. Now we have only one Linksys EA8500 router with OpenWRT on it. We're using Wireguard VPN and routing is done using vpn-policy-routing package (https://github.com/stangri/openwrt_packages/blob/master/vpn-policy-routing/files/README.md). Anyway, there are no access restrictions for servers. Linksys on OpenWRT sometimes drops connections, restarts interfaces, it's a bit annoying. So I'm asking for your advice how to build a robust network for our purposes? What devices do we need? Should we use some server as a router with Kerio or pfsense? Should we place another router between Linksys and servers? Thanks and sorry for so fuzzy topic! [link] [comments]  |
| Nexus C6509 VXLAN Compatibility and Learning Posted: 29 May 2019 06:51 AM PDT I inherited an enterprise network and now I need to understand how to manage it. We have Nexus 9ks at a distribution layer with a C6509 as the core layer. It looks like we are utilizing VXLAN between the Nexus VTEPs but I haven't seen any documentation that says it is possible to do this but it must be possible or we have a connection that isn't documented and doesn't come up with I try to use CDP Neighbors. Is it possible to run VXLAN over a C6509? I am leaning towards replacing the C6509 with two Nexus switches to form a spine and leaf topology but if I can use the C6509 as the core with VXLAN riding on top of it I will have trouble justifying it to management. I inherited the network in mid migration from having access layer switches moved from the core to the Nexus stacks and I am about to double my access switch count for another project. I want to make sure I have the proper core topology before I try to complete these projects. My background is not in networking, I know more about virtualization and end devices, but I am moving more towards an enterprise architect role and the network is a major part of that so I am trying to learn more about the network. I have been learning a lot on the job and a bit from studying to get my CCNA, but what resources should I look at to learn more about this level of networking? I am doing my own research, but I want to make sure I am not missing critical knowledge. The CCNA doesn't really cover it, would resources for the CCNP teach me what I need to know or is there a better certification I can find resources to teach me? [link] [comments]  |
| Secure CRT login_script with node import Posted: 29 May 2019 01:51 PM PDT Possible to create a login script that enters a username followed by a return followed by a string of characters for password with no return? I have to add in a token code manually after my set pass. How would this look please? [link] [comments]  |
| FIN sent immediately after 3-way handshake Posted: 29 May 2019 04:46 AM PDT We have a PulseSecure WebVPN appliance which uses rewriting to publish some internal web applications to the outside (WebVPN). When we secure the backend connection (from the VPN appliance to the internal application) using HTTPS, sometimes, randomly, an individual component of the website does not load (the HTML itself, or maybe only an image, a CSS file or a JS file...) Looking at the packet capture of both the internal server as well as the VPN appliance, we see that the appliance sends a FIN immediately after the TCP handshake. Now, support is getting on my nerves requesting packet captures from all intermediate devices (firewalls, routers) but they don't say why. Am I missing something here? Since we have already established at both endpoints that there is a FIN packet being sent by the appliance and that there is nothing else between the end of the handshake and FIN what is it that they would be looking for? [link] [comments]  |
| subnet expansion without downtime Posted: 29 May 2019 12:34 PM PDT Because I haven't done this in a while, want to make sure I'm remembering correctly. In our datacenter, I have an ASA with a /29 on the outside interface that connects to a cisco 4508 that is it's default gateway. We need to expand our subnet to a /28. If I remember right, the DC should be able to change their switch SVI to a /28 first without interrupting traffic then I should be able to change the subnet on the ASA without interrupting traffic. Is this correct? [link] [comments]  |
| Posted: 29 May 2019 04:38 AM PDT With using SNMPv3 with both authentication and encryption is there a huge need for ACLing it down as compared to v1/v2/v2c? Wanting to get some input from a security minded individual. Obviously the more security the better, but at least you have to have 3 pieces of info in SNMPv3.. Username, password, encryption key. Thanks! [link] [comments]  |
| We're a small business and need a router upgrade - what should we look for? Posted: 29 May 2019 02:01 AM PDT Hi Reddit! I hope this is posted the correct place. I'm from a small business and is the most tech-savvy guy there (which doesn't say a lot, we're an art book publishing company) and we need a router upgrade. Our router (or the ability to connect to it) has constant failure. Our ISP says their connection to the router works fine, so the problem is with our local connection. We called the router company and went through a length of fixes, none of them seeming to work. We've both moved physically around and done a bunch of technical attempts until they couldn't help us anymore. The problem, according to the company, seems to be the amount of traffic in our vicinity. I believe them, I can literally see 62 connections atm. They know our model and believe upgrading to something with a bit more power would work. (Our router is pretty cheap.) We need to keep the connection wireless as we constantly have guests, contacts, authors etc. passing by and we need that stuff to run as smoothly as possible. (Also before you ask, our internet connection speed is not the problem, we're just 5 people in the office on a large day and it's 100 dollars a month) So here's the problem. I don't know how router power works, so I'm not sure what I'm looking for. This seems to be a good list https://www.techradar.com/news/best-small-business-routers but I want to be sure whether any or all of these would be appropriate. Best regards, some incidental IT guy :^) (Also I'm Danish so if some sentences are nonsensical or unclear, don't be afraid to ask.) [link] [comments]  |
| Posted: 29 May 2019 06:54 AM PDT Hey guys, I am far from a networking pro, hence why I am asking here (you guys have always given me excellent advise) We are moving offices across town and will need to temporarily setup 3 offices while leaving the current offices where they are. These 3 new offices will need to access the 3 PCs at the original office through some sort of remote desktop software. The thing is we do lots of AutoCAD drawings and the license for the software we use is outrageously expensive. Ideally I would like to be able to remote in to the original office PC and be able to change or update drawings and print them at the new office. I was hoping you guys could point me in the direction of the best solution. There will be Gigabit Fiber internet at both locations so I don't think bandwidth will be an issue. Any suggestions on remote access software for 3-5 simultaneous users? [link] [comments]  |
| Are There Any CEF Differences Between Catalyst and Nexus? Posted: 29 May 2019 05:01 AM PDT We experienced an issue after migrating from a 3750 to an N9k where the ESXi hosts connected downstream were no longer able to reach their local gateway. The hosts were connected via access ports, and used Lo0 on the switch as their gateway. After the cutover to the N9K, the hosts were no longer able to ping Lo0. Nor was Lo0 able to ping the hosts. Can anyone elaborate exactly why we experienced this behavior with Nexus, but not with Catalyst? My guess is that Nexus uses a different switching mechanism than CEF on Catalyst. Perhaps CEF on Nexus doesn't forward frames based on existing L2 adjacencies? It seems to me that the Nexus wasn't internally routing traffic from VLAN to loopback. But the Nexus is routing. It has RIB entries and running EIGRP. [link] [comments]  |
| GLBP with 3 routers but only 2 of them to be active and the 3rd as hot stanby Posted: 28 May 2019 10:45 PM PDT Hi Team, I have been tasked with a project to implement a design to provide load balancing with 2 routers and once both of them are down then a 3rd one will take over the traffic. I have tried a few scenarios and designs but it seems that I am not be able to have 3 routers on the same GLBP group but only the 2 of them to operate as active forwarders. I think the key here is to play with the weighting but not sure what parameters to apply on the 3rd to take over the traffice when the other 2 are off. Thanks in advance [link] [comments]  |
| Is a very high end switch a viable replacement to a low end (feature wise) router? Posted: 29 May 2019 04:02 AM PDT Hi All, So - I have equipment in a DC and we offer various services to clients - The primary services are VDI/Hosted infrastructure and to a much lower extent, we offer colo. This started as a side business ~7 years ago when I worked at an ISP (with a huge budget and proper core routers) and figured out "why am I not doing this myself" and grew rapidly, and, I'm struggling on the next steps. At our core is an Ubiquiti Edgerouter Pro - and it has served us VERY well, but, with some specialist ISPs giving 1Gb/s links, we have had one occasion where we reached capacity and it has given us a few problems as you can imagine. We currently upgraded that link to 10Gb/s (but, using at 1Gb/s until we can find new equipment). I know I can upgrade to a Ubiquiti Edgerouter Infinity, however, that can't LAG/aggregate, so, I feel like I'm just delaying the capacity problem. I really want to invest in more carrier grade equipment - what I don't like however is that whilst I am more than willing to spend a lot/have what I thought was a reasonable budget, the jump to anything above 10Gb isn't a little jump... it's mortgage worthy expensive! It was always the plan to get multiple upstream providers - however, we are in the main hub of our current provider and we have had ~20 seconds of downtime in 7 years... They have also just offered us a second feed from a redundant router. I have been doing a bit of research lately, and I have read some posts (e.g. https://www.reddit.com/r/networking/comments/bpag4v/whos_using_cumulus_on_an_onie_or_whitebox_switch/ ) that have actually made me question pretty much everything. After reviewing our setup, we currently don't use BGP (other than for some of our clients that announce to us), and we have relatively simple firewall policies that I believe could be replicated with switch filter polices. We have numerous VLANs and various bandwidth policies - but again, nothing that a high end switch can't do. I am hoping to get a second 10Gb/s feed (for redundancy, not LAG/capacity) shortly, and, we are just going through RIR registration to get our own ASN. The dream is to also get peering at an IX, however, whilst preferred this is not essential. The cost of a ~40Gb+ Router is a minimum of ~40x the price of a 40Gb switch (with a few 100Gb ports) and I can't help but think I'm over thinking things. I just wondered if I am being silly to think about dumping a router in favour of a very high end switch and/or has anyone done this? Am I asking for trouble, or, could this work? [link] [comments]  |
| Posted: 29 May 2019 07:04 AM PDT Hi folks, I know most people don't really do this, but I need some help with NSO: Am running NSO in a container and it runs well on my local machine. However, when I deploy this on a server, it's not letting me login. Below are the logs (which confirm am getting authenticated successfully):
Am thinking it's something to do with the licensing, but am not sure exactly what I need to install to get it going. Also, from other mac Anyone been through this? [link] [comments]  |
| Get VRF from reachable IP address (or MAC) Posted: 29 May 2019 12:23 AM PDT Hi, I'm working on a Nexus 9K. I have a list of IP addresses and I need to find which VRF they are in. How could I do this? I can do this in two steps : "show IP arp VRF all" to get the VLAN of an IP "show run | sec 'interface vlanXX' | inc 'vrf'" to get the VRF. Is there an easiest way to do this? Thank you. [link] [comments]  |
| You are subscribed to email updates from Enterprise Networking news, blogs and discussion.. To stop receiving these emails, you may unsubscribe now. | Email delivery powered by Google |
| Google, 1600 Amphitheatre Parkway, Mountain View, CA 94043, United States | |
No comments:
Post a Comment