Jobs that involve International Travel Networking |
- Jobs that involve International Travel
- Redistribution of default route vs static default routes
- Is there a reason to use multiple VRs/VRFs on my Palo Alto edge firewalls, given our network design?
- Quanta T1048-lb9 Help
- How does Cisco SD-WAN prevent loops?
- SDN for Security - any good info on it?
- IGMP issue with Arista switches?
- GRE tunnels on EX2300
- Question regarding network infrastructure
- Cisco ASA VPN - Certificate Based Authentication
- How can a Fiber network be run in a daisy chain config?
- Anything Wrong with UDP?
- FreeRADIUS/EAP-TLS - eapol_test - lost at next steps
- nmap - Service Scan scans even closed ports?
- 10 Gbps home or small business network for less than $1,100?
| Jobs that involve International Travel Posted: 24 Nov 2019 09:27 AM PST Ive been intrigued with the idea of working at a company that involves travelling to different countries for work. I know a few of the guys here are doing this but i was wondering how would one position themselves in a roll like that? Would i have to work for a VAR? Which ones? Are these opportunities hard to find ? What do you usually do when traveling? How senior are these positions? Ive been looking around in my area and its been pretty hard to find. [link] [comments]  |
| Redistribution of default route vs static default routes Posted: 24 Nov 2019 02:15 PM PST I will preface this by stating this is in reference to a network designed by others who are no longer at the company and was expensive and pretty complex and seemingly well designed. The network relies on the default route being redistributed from our perimeter firewalls into our core network running OSPF and from there redistributed down a few hops to our edge switches that users connect to. The edge devices are basic L3 and are running RIP (they don't support OSPF) and only get 0.0.0.0/0 redistributed to them, rest is filtered. As the switches only have one link back to the core that makes sense, rather than fill the routing table up with specific subnets that would all have the same next hop. It recently became apparent that when the default route goes (firewall issues) the entire edge of our network stops functioning as relies on the 0.0.0.0/0 route. This means that along with the internet being down, the internal network stops functioning so everything for users stops working including access to internal systems. Is there any logical reason not to just put a static route on each of our edge switches? I know I have probably answered my own question here but just can't get my head round how what seems to be a pretty complex, expensive and seemingly well designed network has such a large flaw. I can only imagine that as there are 2 perimiter firewalls and two internet links at different locations the designers never considered these both failing at the same time. That or they didn't think there was any point for the internal LAN to work if internet was down. [link] [comments]  |
| Is there a reason to use multiple VRs/VRFs on my Palo Alto edge firewalls, given our network design? Posted: 24 Nov 2019 03:17 PM PST I'm in the final stages of cleaning up a mess I inherited about a year and a half ago, and I'm wondering if there's still any reason for me to be maintaining two different VRs on my PA-3020 edge firewall. Background: ~300 users, mostly in one site, Palo Alto firewalls, Cisco switches, Meraki WAPs, Windows desktop/servers. Two internet connections, no BGP peering with the ISPs. Here's a quick shot of our network from an L3 perspective My understanding is that when my predecesor put these firewalls in on PAN-OS 7.0, using dual VRFs combined with Policy-Based Forwarding was the recommended method of accomplishing internet connection failover. However with PAN-OS 8.0 we got link state monitoring, and I've since transitioned us to that for our ISP failover. So given that I'm not doing the PBR/VR method of ISP failover, is there any reason to continue dealing with two VRs? Can I just move all of the interfaces over to VR-ISP1 to make everything simpler and allow OSPF to deal with everything in my network? (you can't form neighbor relationships between VRs, so there's an ugly mix of static routes holding them together for now) [link] [comments]  |
| Posted: 24 Nov 2019 01:29 PM PST Does anyone here have experience with the Quanta T1048-lb9 switches? I am a Cisco guy exploring open networking and convinced my employer to purchase me a BMS. I've compiled ONIE and installed it on the switch just to see how it would work. I was going to load ONL on it, however for some reason, it fails because it can't find /dev/sda. I figured I'd roll back to the OS that came with the switch, but I can't get it to boot out of ONIE. I've been beating my head against the wall here for a few days so if anyone can point me in the right direction, that would be great. Thanks! [link] [comments]  |
| How does Cisco SD-WAN prevent loops? Posted: 24 Nov 2019 02:37 PM PST In Cisco SD-WAN, all OSPF routes are distributed into OMP. What happens when I have 2 routers at the same site, and I distribute OMP into OSPF? I'm worried that routes brought into Router A via OMP->OSPF redistribution will be advertised out Router B, since they are OSPF routes. I'm used to tagging routes and setting up route maps to prevent this. Does Cisco SD-WAN have some sort of built-in method to handle this? [link] [comments]  |
| SDN for Security - any good info on it? Posted: 24 Nov 2019 01:50 PM PST Hi, Say I was greenfield hospital deployment, I want to use OpenFlow switches and something like OpenDaylight, the end result I want is microsegmentation for mostly security purposes. Say an attacker has control of a PC on the network, with this design he should have very little "lateral movement" options or if an unknown device (IoT) is discovered on the main network it should be moved into a "internet only access" network? Is this sort of thing in production, pros and cons, gotchas, more info? It looks like Avaya are doing something similar: https://support.avaya.com/products/P1614/open-networking-adapter https://www.networkworld.com/article/3089860/avaya-s-edge-network-adapter-is-an-iot-onramp.html https://www.itworldcanada.com/article/avaya-launches-surge-its-revamped-iot-security-solution/390712 Not sure exactly what the ONA is for, would this be used for the MRI to build an encrypted traffic tunnel along the pre-determined path and the MRI could send scans directly to a database, for example; all other traffic would be disabled (these are mentioned in the networkworld article linked), what VPN tech would it be using to do this and what would be the security advantages of using a VPN, stopping the attacker being able to access the MRI? Thanks. Richard [link] [comments]  |
| IGMP issue with Arista switches? Posted: 24 Nov 2019 10:51 AM PST Hi there, I'm currently having a strange network issue which is possibly related to IGMP and I'm kindly asking for some input :-) We've several Arista switches from the 7050 product line, in this case it's an MLAG of two DCS-7050S-52-R. The setup is as simple as possible: We've two DCS-7050S-52-R mlag'ed together and a few servers which are connected via LACP to this MLAG stack. Those LACP channels are configured as trunk with 2 VLANs. We've been deploying new servers during the past days and can see a lot of traffic (around 50-200 Mbps) on the port channels without even having the servers in production. We then used tcpdump to capture the traffic and could see that the new servers can see traffic (TCP based, not only multicast) from other servers connected to the same MLAG stack. The switches are running EOS 4.18 and "sh igmp snooping vlan 100" shows the following: For me, the interesting part here is "Flooding traffic to VLAN: True". I've compared this with another Arista MLAG running EOS 4.19 where this is set to "False". IGMP settings are on default on both MLAGs. It seems like Arista changed the default value from 4.18 to 4.19. We don't have those issues on the other MLAG running 4.19. Am I right that this could be the reason for this behaviour? If not, do you have any other ideas? Thanks in advance! [link] [comments]  |
| Posted: 24 Nov 2019 11:42 AM PST Is GRE supported on EX2200-C / EX2300-C? I read that GRE is supported on 12.1R+. I configured the gr-0/0/0.0 interface and there's no warning of unsupported platform or anything, yet the gr-0/0/0 interface doesn't appear in interface list. So what's the deal here? [link] [comments]  |
| Question regarding network infrastructure Posted: 24 Nov 2019 11:01 AM PST Hey guys I could really use your help :) How can I check if ISP, OTT, FMNO or any other company owns and operates their network infrastructure? What should I be looking for? And if that's possible to know what would be useful tool for me to do the research? (for example websites like peeringdb or bgp.he.net or telegeography) [link] [comments]  |
| Cisco ASA VPN - Certificate Based Authentication Posted: 24 Nov 2019 02:59 AM PST Howdy, I'm trying to setup an AnyConnect VPN using AAA and Certificate authentication. The VPN will connect for 10 seconds once authenticating with AAA credentials, however I will then get an error saying no certificate can be found on the machine and the VPN disconnects. Is there a way to specify what certificate you want the ASA to use when authenticating VPN connections. [link] [comments]  |
| How can a Fiber network be run in a daisy chain config? Posted: 24 Nov 2019 09:26 AM PST I've been looking at the dark fiber lines around my area, there are a lot of lines that run every direction from my town and at least 10 miles out or to the next town. We are served by very slow DSL with many people in the further reaches getting 3/.256 (and the area isn't sparse rural, but rural - maybe 20-50 houses / mile. I was wondering if there is a way to run fiber house to house like an old token ring connection over a coax cable. Basically run the fiber to as many houses on one line as possible. I've seen that some things like traffic lights, street lights and camera are run this way but can a real internet connection be run in the same way? The video I saw said 1.2km is max distance (a repeater doubles this) and then there are some single mode that can go 40km. I'd like to know what the potential this is for connecting a number of houses out a long stretch of road (some is private lanes 3-5 miles long with 15-25 houses on it) I'm wondering what kind of speeds would be possible with a setup like this assuming the fiber line we connect to is 1/1Gbps. Is there extra hardware that is needed at each house, basically a "modem" that has an input and output? Is there a way, using a single cable, to make a "T" at the house driveway, connect to the house while also continuing down the road as well? Or is there a way to tap the line on the road, allow the optic to continue on down the road while also running either an optical cable or Cat5/6 cable to the house - so the tap would have 3 connections : from the house (cat5/6) or optical Optical from up the road Optical to continue down the road I would think that if this could be done, you could cover a fair amount of distance for relatively little investment in optical cable and equipment. [link] [comments]  |
| Posted: 24 Nov 2019 04:23 AM PST Company we want to use proxies TCP into UDP for transport. Is this efficient? [link] [comments]  |
| FreeRADIUS/EAP-TLS - eapol_test - lost at next steps Posted: 24 Nov 2019 07:48 AM PST Ok, I am very close to getting my EAP-TLS setup working. I have created and verified certificates, I have configured FreeRADIUS to EAP-TLS. I finally tested with eapol_test (would have saved me a lot of time if I had done that from the start). eapol_test against 127.0.0.1 port 18120 (inner-tunnel) works, eapol_test against FreeRADIUS_server_IP port 1812 fails. Has anyone had this happen, if so, how did you solve it? UPDATE: Link to logs, eapol_test and freeradius, fail/pass: https://drive.google.com/open?id=1peOZGKRciA1LNAPp_r60jKshZz1y2nKP Used strace to understand what freeradius is doing. When I run against inner-tunnel, the beginning looks like this: Against port 1812 that strace shows nothing.. The first thing it should do is verify certs, but it does not. There is something in the sites-enabled/default that does not function properly it seems.. Comparing eapol_test outputs: FAIL: PASS [link] [comments]  |
| nmap - Service Scan scans even closed ports? Posted: 24 Nov 2019 04:17 AM PST Hello, I often use nmap to scan the full port range for both UDP and TCP, and in the same command I tell nmap to do a Service/Version Scan. So my command looks like this: So at first it scans for open/filtered ports, and then for Services. But it seems like it scans all 65535 ports for Services even if it pointed out the open and filtered ones just before.
So it takes like 3 hours to finish. Does that make sense? I don't know much about networking but for me it doesn't look like it makes sense at all. Thank you [link] [comments]  |
| 10 Gbps home or small business network for less than $1,100? Posted: 24 Nov 2019 09:50 AM PST Hi all – I'm working on a project for a developing country where maybe we'd leapfrog to 10 Gbps internet (kind of like South Korea is doing). Given a 10 Gbps fiber WAN, do you think it's possible to build a 10GbE LAN in homes and small businesses for $1,100 USD per? I mean router, switch, APs, and at least a dozen wall drops, the whole thing soup to nuts. I realize that the gear you normally work with is much more expensive, but I'm seeing stuff like the MikroTik CRS309 for $236 on Amazon. It has eight SFP+ ports, so it's almost there but without POE and would need to be paired with a 10GbE router. Well it would be better if those SFP+ ports were 10GbE RJ45s. Say four years from now, do you think a router, POE switch, patch panel, rack, and two APs could be had for $1,100? Could it be done today? Got an example equipment list? Thanks for your feedback. [link] [comments]  |
| You are subscribed to email updates from Enterprise Networking news, blogs and discussion.. To stop receiving these emails, you may unsubscribe now. | Email delivery powered by Google |
| Google, 1600 Amphitheatre Parkway, Mountain View, CA 94043, United States | |
No comments:
Post a Comment