How does one go about learning physical network setup and maintenance? Networking |
- How does one go about learning physical network setup and maintenance?
- Longest Network Connection in the Universe?
- Monitoring multi-vendor network
- Risk of running WAN and LAN traffic on same switch (different VLANs)
- How do we rename BGP Communities (serious)
- Port mapping
- Contractor to Fed?
- Popular VPN/mtu settings seem backwards to me - Where do I have this wrong?
- Is 802.1p pointless?
- Cisco ASA S2S VPN, no encaps only decaps
- Question regarding making ethernet cables
| How does one go about learning physical network setup and maintenance? Posted: 03 Aug 2019 11:20 AM PDT I have an IT background in programming. I have come to realize I prefer blue collar physical work to sitting down and programming. I don't want to throw my IT background because I make good money. I was thinking of trying to get into physical network setup both LANs and WANs. Maintaining servers physically and perhaps as a sysadmin too, but for lots of servers. If something goes wrong physically fix it and stuff. I know in the past Cisco was big. Not sure if this is still the case? Maybe it is some Chinese company now. How can i go about learning this in my 30s? [link] [comments]  |
| Longest Network Connection in the Universe? Posted: 02 Aug 2019 04:06 PM PDT Every once in a while I go onto the Deep Space Network site to check on Voyager 1 and 2, and just to see what's going on in general. Currently the round-trip time to V1 is about 1.69 days with a data rate of 150 bits/second, although I've seen it as low as 6 bits/sec. V2 is a bit closer at a mere 11 billion miles or so. It's amazing to me that the entire space craft runs on 4 Watts. V1 and 2 have both departed the solar system. I know this has nothing to do with enterprise networking, unless you shoehorn in the USS Enterprise somehow, but it's Friday and I thought some networking folks might enjoy the site. [link] [comments]  |
| Monitoring multi-vendor network Posted: 03 Aug 2019 01:57 PM PDT What's your take on monitoring multi-vendor networks? Consolidate everything to single software, pipe everything from vendor's different tools to single software or just have them all running and send emails? We have few different vendors, and for example we have Cisco and Aruba in the wireless. I guess we can't really get rid of Prime or Aruba's Airwave/MM stuff as they're used to manage the networks also and not just monitor. Also they of course have lot's of pre-built stuff to analyze their own devices, so leveraging that would be great. Meaning that Prime/Airwave can probably do a lot better analysis of the wireless network that for example Solarwinds could do if we sent logs there. However running multiple different monitoring systems is complex and you're never really sure if everything is monitored similarly on the Cisco side as it's on Aruba side. Or how the other vendors are monitored... Airwave, Prime or IMC aren't that good for polling constantly the interface usage or monitorings syslogs, so we'd need an AKiPS/LibreNMS installation and maybe some sort of SIEM or Graylog too, so more softwares to the mix. And let's throw in a Zabbix to consolidate all the alarms (but not the logs) :) I'm wondering if it would make sense to have the vendor stuff for their gear, and figure out if Prime or Airwave is better for those other vendors (to get the basic ping etc monitoring going too). Then configure LibreNMS to just poll interface usage and error info, nothing else. And then glue everything together with FortiSIEM (which can also take configuration backups from the devices). FortiSIEM could also do PING/SNMP monitoring but not really sure if it's the right tool to use as NMS. Maybe we could even save some money on the SIEM licensing as it would be something like 160 EUR per device perpetual with 5y support if we just send logs from Airwave and Prime to the SIEM Any ideas or thoughts? Thanks! [link] [comments]  |
| Risk of running WAN and LAN traffic on same switch (different VLANs) Posted: 03 Aug 2019 02:41 PM PDT I'm in the midst of designing an HA setup for my SMB network and I've realized that in order to run CARP for the public WAN IPs I need to have our two internet connections (primary 100/100 fiber and 10/10 secondary cable) come in through a managed switch. Given my current infrastructure, I have a managed switch (Aruba 2930F) which also runs several internal VLANs with some free ports and I'm thinking that the simplest solution would be to use those with a couple of dedicated VLANs for the two internet connections. I'm trying to think up possible risks if I go with this solution. DoS seems unlikely to hurt anything given that we only have a 100 mbits of bandwidth (plus our ISP would stamp it out pretty quickly). With the switch not doing any routing and basically being passive for the WAN traffic (aside from tagging traffic going to the routers/firewalls), is there really much of a security risk here? Ideally, I'm sure the best alternative to this solution would be a dedicated switch, but all I have on-hand are some basic 8-port Netgear managed desktop switches... I'm sure they'd be reliable enough given what they'd be doing, but would that be better than using the enterprise-level switch? Anyone have any advice or suggestions? [link] [comments]  |
| How do we rename BGP Communities (serious) Posted: 03 Aug 2019 04:16 PM PDT Seriously, is there any way to discuss in an IETF meeting the renaming of BGP communities to something more meaningful (e.g. BGP tags). Is submitting an RFC for such a topic meaningful? It's not the biggest problem on the Internet but why stuck with a bad name forever? Router vendors could just keep the existing community commands and add an alias with the same name to keep backward compatibility. [link] [comments]  |
| Posted: 03 Aug 2019 09:48 AM PDT I have a huge project coming up and need to gather information from 90 to 130 IDF. All cisco what software can I use to see if the model is EOL and pull ports that are not being used and have never had any traffic on those ports. Also pull show inventory, show version, sh cdp. sh lldp, and pull running-configuration. thank you [link] [comments]  |
| Posted: 03 Aug 2019 09:39 AM PDT Would you guys consider taking anywhere from a 15 - 30% pay decrease to move from a network engineer contractor position to a fed equivalent? I'm single with no kids. Coming up on 40 years old. D.C. Area. Have any of you made the switch (or vice versa?) [link] [comments]  |
| Popular VPN/mtu settings seem backwards to me - Where do I have this wrong? Posted: 03 Aug 2019 02:23 AM PDT I must be misunderstanding how to use mtu with VPN's. At this point, I am focused on a UDP VPN with UDP traffic inside of it. I recognize the
I'm not hoping for answers of "do what everyone else does, use There's:
Several popular VPN's and many examples online set the The maximum non-jumbo Ethernet frame size is 1518, with 18 being Ethernet headers. So, the maximum mtu that could ever be used when transmitting across the internet is 1500. If a higher mtu is used, the packet either needs to get fragmented by the device (probably customer's router, but potentially at the ISP) handing it off to another with 1500, or it will just get dropped. Everyone's maximum mtu across the internet isn't 1500, it can be less. FWIW, my physical connection supports a 1500 mtu. (I can ping outside with don't fragment outside with 1472 bytes, plus the 20 byte IP and 8 byte ICMP headers, and 1473 bytes fails as expected.) Shouldn't the goal for a VPN be to make the actual across-the-internet packets a maximum of 1500, to maximize packet size while preventing what could be a single packet from being fragmented? (Or, maybe a bit less if they wanted to do so since some customers will have less, at the cost of those who do have 1500.) I have this feeling my reasoning must be flawed, because the When I connect, it shows Shouldn't a VPN should set My reasoning seems to make sense, because if I edit the config file to have If I then perform an outgoing UDP benchmark with UDP packet size 1419 (28 less than the tun mtu of 1447, due to 20 IP bytes and 8 UDP bytes) and look at wireshark, I see only 1500 byte packets being transmitted out to the internet, at least during the large transmission. Seems clean. If I use their configuration and allow a UDP packet size 1472 (28 less than tun mtu of 1500) and look at wireshark, I see fragmented outgoing packets, alternating between 1500 and 85 bytes. Using my configuration, my outgoing UDP benchmark increases by 48%, and becomes much more consistent. Unfortunately, even using my configuration, their server has its own configured mtu value, so I have no way to increase my incoming bandwidth, unless I convince them to change their server configuration. Which doesn't seem likely to happen, since it looks like everyone's doing it the way that seems backwards to me. [link] [comments]  |
| Posted: 02 Aug 2019 09:50 PM PDT Is it pointless setting up 802.1p considering when it reaches WAN it doesn't matter? [link] [comments]  |
| Cisco ASA S2S VPN, no encaps only decaps Posted: 02 Aug 2019 08:56 PM PDT I'm trying to ping across a S2S VPN but it's failing, phase 1 is MM_Active, phase 2 has 0 encaps and some decaps. access-list OUTSIDE_cryptomap_3 extended permit ip 10.10.12.0 255.255.255.0 10.134.151.0 255.255.255.0 local ident (addr/mask/prot/port): (10.10.12.0/255.255.255.0/0/0) remote ident (addr/mask/prot/port): (10.134.151.0/255.255.255.0/0/0) current_peer: #pkts encaps: 0, #pkts encrypt: 0, #pkts digest: 0 #pkts decaps: 9382, #pkts decrypt: 9382, #pkts verify: 9382 I'm sourcing a ping from Site A(3rd party FW) to Site B(this Cisco ASA and stats). When I run a capture on site B's server I don't see the ping come in. When I capture on the ASA's inside interface I don't see it come in. It seems to be getting dropped between the tunnel and inside interface. Any help is appreciated. [link] [comments]  |
| Question regarding making ethernet cables Posted: 02 Aug 2019 05:03 PM PDT When your testing a CAT 5e cable after crimping it. If the tester says some of the pins are Short or Open does it mean its a bad crimp?? [link] [comments]  |
| You are subscribed to email updates from Enterprise Networking news, blogs and discussion.. To stop receiving these emails, you may unsubscribe now. | Email delivery powered by Google |
| Google, 1600 Amphitheatre Parkway, Mountain View, CA 94043, United States | |
No comments:
Post a Comment