Rant Wednesday! Networking |
- Rant Wednesday!
- Anyone with fully IPv6 networks out there?
- OSPF Troubleshooting
- Purposely breaking patch fiber for a training lab
- IPSec Question
- Upload wildcard cert for webui in HP 2530?
- Real Discussion about Single Mode Fiber vs Multi Mode Fiber to the end user device (desktop/VDI/printer etc...)
- 10G / 25G cross-compatibility
- BiDi or MPO for 40G, 100G, and 400G for 'future proofing'?
- Desperate for Arista Help re routing c-VLANs!!
- Setting up a new enterprise network on a shared gigabit fiber.
- UniFi Mesh Implementation?
- iBGP peering issue between Cisco N3k's
- Expanding access to a site to site VPN tunnel
- College Thesis Help - Snort / Suricata
- I'm a network newbie - alternatives to Flukes to just find VLAN number
- Using public IP addresses for internal DNS entries
- Configuring a vEdge device locally?
- Short Fiber Patch Cables?
- Enabling DHCP Client on IRB Interfaces of Juniper EX Switches.
| Posted: 10 Dec 2019 04:04 PM PST It's Wednesday! Time to get that crap that's been bugging you off your chest! In the interests of spicing things up a bit around here, we're going to try out a Rant Wednesday thread for you all to vent your frustrations. Feel free to vent about vendors, co-workers, price of scotch or anything else network related. There is no guiding question to help stir up some rage-feels, feel free to fire at will, ranting about anything and everything that's been pissing you off or getting on your nerves! [link] [comments]  |
| Anyone with fully IPv6 networks out there? Posted: 10 Dec 2019 09:20 AM PST I am thinking futuristically in asking this question but I want to know if there are any full IPv6 networks in existence yet. With the exhaustion recently of RIPE's last remaining IPv4 block allocation, I am wondering if any of you out there have begun or interacted with a network that is entirely IPv6 native yet. Meaning, there is absolutely, 100%, zero IPv4 space allocated within the network, either as a public IP space or private IP space. If that is the case, then drilling down into what a fully-native IPv6 network looks like:
Part of this is that I am kind of dreaming out loud here, but I also know that eventually one day this shift will have to happen and I would rather start thinking about it now rather than when it absolutely must happen. [link] [comments]  |
| Posted: 10 Dec 2019 06:51 AM PST Good morning, I wanted to bounce this off the hive-mind, maybe I'm missing something easy. I have 3 pairs of QFX-5100's on my network and an MX80, Two of the QFX vc's are currently sitting in area 0 with my MX. Once I add the 3rd device, my MX receives the hello and builds the adjacency, even lands a 'Full' state. Although the MX states it's sending the hello/adv packets out, the two switches that were currently adjacent stop receiving the advertisements, and eventually time out. If I clear neighbors on my MX, it temporarily comes back until the 40 second timer expires again. I'm at my wits end trying to see why the advertisements seemingly disappear over the wire while the MX says it's sending them. I have not and certainly will do a packet capture on the vlan1 interfaces, but I'm only able to drop the network in the very early hours of the morning. I don't have a diagram, but the layout is very linear currently. MX -> switch -> switch -> switch Any troubleshooting steps you have will certainly be helpful. [link] [comments]  |
| Purposely breaking patch fiber for a training lab Posted: 10 Dec 2019 01:20 PM PST I'm working on a barebones link troubleshooting training lab and I want to take a patch fiber and break it in a way that's not visually obvious. The goal of the labs are to really explain things very simply. Tx/Rx and how light circuits work vs. electrical circuits, which most people are quite familiar with. Focusing more on the troubleshooting logic, assumptions that can/cannot be made, etc. The people I'll be working with are generally fairly bright, so I need to make them actually troubleshoot instead of going "the one with the heat shrink on it is bad" or whatever. Basically eliminating all context that could lead to them to 'cheat'. For the labs we're simulating light with VFLs instead of using actual optics, for reasons of cost, mobility, and safety, so hoping to figure out way to stop the light completely as we're not going to get into things like 'bad' light, etc. Thought about moving the strain relief and cutting there, but as we'll be plugging/unplugging a lot as the lab moves forward, I don't want to be pulling one out and have the entire fiber come out, making that cable a dead giveaway, either. I've also thought about just taking a Sharpie to the end, but I'm not sure if that will just come off and/or maybe foul the couplers/coupled fiber when it's plugged in. It might also be a giveaway if the person sees the end. I basically want them to use their IR Card (I will never train someone to look into fiber) and see if there's any light or not. Anyone have experience in fiber sabotage? [link] [comments]  |
| Posted: 10 Dec 2019 03:30 PM PST Hi all. I hope this is OK... We are a BPO company catering various back-office services to several customers Some of our customers want to have a site-to-site VPN from our network back to their networks offshore. We used to be doing this on our Edge equipment (which is a Mikrotik device) but have veered away from this as it does not appear to be scalable My problem is since they are using private IPs on their side (usually just Class C as they are not big networks), I am afraid that this is going to cause conflicts when doing IPSec tunnels i.e., Customer A from their end is on the 192.168.0.0/24 space Customer B from their end is also on the 192.168.0.0/24 space From my side, Customers A and B are on different VLANs and are using 10.25.150.0/24 and 10.25.151.0/24 respectively. It will come from the same public IP (e.g., 1.1.1.1) my side but the remote public IP will be different (e.g., 2.2.2.2 and 3.3.3.3) My question is - can IPSec support setups like these wherein the remote private subnet is the same, the local public IP is the same, the local subnets and remote public IPs are different? The solution I am pushing to our customers is they either need to buy the hardware from us and we agree who will manage it, or they send their preferred equipment from overseas, we give them private transit IP to NAT their network, they manage it and away we go? I think that's still the best way forward but I welcome thoughts from the experts in this field. Thanks very much. [link] [comments]  |
| Upload wildcard cert for webui in HP 2530? Posted: 10 Dec 2019 03:16 PM PST Hey, Getting handed some more networking duties (I'm mostly a windows/powershell guy, some low lvl brocade management. enough network knowhow to pass net and sec+) We've got some new 2530 switches installed (2 of them) and they want a valid certificate installed for these. We maintain a windows internal CA (but its currently only used for windows servers) and I've never really had success with it intaking a non-windows CSR or outputting a usable cert for a non windows device. What I do have is a wildcard cert from a third party authority (which is maintained by another group), *.domain.com. I'm not very familiar with these things but I've yet to figure out a way to upload that. It seems to only want to intake certs with an associated CSR, is there a way to trick it to take a star dot cert? The WebUI has no certificate settings and I haven't found anything about it in the 500 page security documentation nor can I determine a command for it in the CLI 2530-48G YA16.10. Anything helps goddess bless [link] [comments]  |
| Posted: 10 Dec 2019 09:36 AM PST Been out of the "on prem" networking scene for a while and just had some questions on what the industry is doing for new network installations for new facilities. In particular single mode fiber vs. multi mode fiber to the end user device (desktop/VDI/printer etc..). So some of my co-workers think multi-mode is the way to go to the desktop and single mode only for WAN/Data Center connections. They state cheaper optics as one of the main reasons and that the industry runs multimode to the end device and not single mode... So, what I'm trying to gather is what is the current take on running SMF vs MMF to end devices and using it outside of the data center/WAN realms? I've read some stuff online about "future proofing" with SMF by running it all the way to the end user device but wasn't sure if the optics cost is still too much to make this a valid reason. I need some input so feel free to jump in and lets start this debate! [link] [comments]  |
| Posted: 10 Dec 2019 04:16 AM PST Hey networkers, server guy here! Been checking datasheets - but honestly I'm not convinced yet and answers I got inhouse were kinda mixed as well. So maybe someone can confirm or deny ... We'll likely update the switches to 25G ports in the server range and I'm checking my options. If I understand correctly, whether or not SFP28 25G transceivers support 10G data rates seems "some do some don't", for example Intel says the transceivers for their xxv710 25G cards do support 10G while Arista says theirs don't and HPE seems to largely ignore 25G anyways. Now I've cleared up most things but, from your experience - can I expect this to work: Intel XXV710 cards with SFP28 25G SR transceivers connected to HPE 5700 or 5900 switches with regular SFP+ 10G SR transceivers (no direct-attach here). I know SFP28 or SFP+ doesn't actually matter here, it's just for further specification what I'm trying to ask. ;) That'd be cool because I wouldn't have to "mix and match" cards and transceivers and could just go with 25G-only in new servers .... Thanks! [link] [comments]  |
| BiDi or MPO for 40G, 100G, and 400G for 'future proofing'? Posted: 10 Dec 2019 06:00 AM PST I speced out BiDi, but then an architect wanted to avoid BiDi and just said that was for 'future proofing'. Kind of made me go 'hmm...'. [link] [comments]  |
| Desperate for Arista Help re routing c-VLANs!! Posted: 10 Dec 2019 09:45 AM PST Arista pros -- need your help here! On the 7280 series how can we route traffic for c-VLANs? In other words, our 7280s are receiving QinQ double tagged vlan traffic and we would like to route traffic for the inner VLANs. We looked at dot1q tunnels, pvlans, routed ports and vlan mapping commands with no luck. Any help would be greatly appreciated! [link] [comments]  |
| Setting up a new enterprise network on a shared gigabit fiber. Posted: 10 Dec 2019 02:35 AM PST Hello! I'm responsible for setting up a network on a new location for our small business. I have more of a coding background rather than networking, but being the only tech-literate person around I get throw everything else too. There is a gigabit fiber going into the property, and there is already another business set up on this connection. What I need to do is set up a new LAN completely separate from the existing one. Before I start buying hardware it would be nice if someone can spot any issues in the setup that could cause me trouble down the line. There is a fiber converter connected to the other companies WAN-router. I figured the first step is to connect a new router right after the fiber converter and just run this in bridge mode and no DHCP. Both businesses connect their routers to this one with static IP-addresses set up. From this router I can then run our DHCP, NAT, firewall and NAS. I'm planning on running 5 UniFi APs for full coverage and seamless handover, hopefully with PoE if I can get the budget for the right hardware. Couple of questions: I need a total of 16 wired Ethernet-connections. Are there any up/downsides to getting a router with 16-18 ports and skipping the switch altogether vs getting a smaller router and run it all via a switch? Does it matter in terms of Wifi performance and client handover if the APs and router/switches are from the same company or not? Is it better to split the connection right after the fiber converter and skip the first router altogether? I assume that would entail messing with the ISP to give us several WAN IPs etc. Thanks for any help! I hope this isn't too low level for this sub, but if it is I apologize. =) [link] [comments]  |
| Posted: 10 Dec 2019 11:10 AM PST |
| iBGP peering issue between Cisco N3k's Posted: 10 Dec 2019 07:27 AM PST Hi all, I am hoping you can provide some help with an iBGP peering issue. I have a customer site where there are two circuits (same carrier) for redundancy that terminate into two separate Nexus 3048s. I have eBGP configured on the uplinks and I am trying to configure iBGP between the two units. I do not have OSPF running as an IGP, just static routes for the peer subnets. interface Vlan105 description L3 Uplink to Matrix LAN no shutdown vrf member matrix no ip redirects ip address 192.168.105.5/28 hsrp 105 preempt priority 150 interface Vlan951 description Private VRF no shutdown vrf member matrix no ip redirects ip address 172.16.72.2/30 vrf context matrix ip route 0.0.0.0/0 172.16.72.1 ip route 10.5.160.0/24 192.168.105.1 ip route 172.16.0.0/16 192.168.105.1 ip route 172.16.72.4/30 192.168.105.6 matrix.maumee-spectrum.n3k# ping 172.16.72.6 vrf matrix PING 172.16.72.6 (172.16.72.6): 56 data bytes 64 bytes from 172.16.72.6: icmp_seq=0 ttl=254 time=1.186 ms 64 bytes from 172.16.72.6: icmp_seq=1 ttl=254 time=1.17 ms 64 bytes from 172.16.72.6: icmp_seq=2 ttl=254 time=1.116 ms 64 bytes from 172.16.72.6: icmp_seq=3 ttl=254 time=1.04 ms 64 bytes from 172.16.72.6: icmp_seq=4 ttl=254 time=1.536 ms matrix.maumee-spectrum.n3k# sh ip bgp vrf matrix summary Neighbor V AS MsgRcvd MsgSent TblVer InQ OutQ Up/Down State/PfxRcd 172.16.72.14 32732 6145 5613 23 0 0 3d21h 15 172.16.72.64 65101 0 4480 0 0 0 3d21h Idle router bgp 65101 log-neighbor-changes vrf matrix address-family ipv4 unicast network 10.5.160.0/24 network 192.168.50.0/24 network 192.168.55.0/24 network 192.168.60.0/24 network 192.168.65.0/24 neighbor 172.16.72.1 remote-as 32732 description eBGP to cor01.d35 address-family ipv4 unicast soft-reconfiguration inbound neighbor 172.16.72.6 remote-as 65101 description iBGP to matrix.maumee-att.n3k address-family ipv4 unicast soft-reconfiguration inbound Thanks in advance, AT [link] [comments]  |
| Expanding access to a site to site VPN tunnel Posted: 10 Dec 2019 02:47 AM PST I have a (probably a bit silly) networking question regarding linking networks via VPN tunnels. I have three sites, A, B and C A can see B and B can see C, what are my options if I want A to access C? If I want to access network C from A I can add network C to link 1 and I assume you have to add network A to Link 2 so the traffic gets back? Is there any way of just using static routes instead of editing the encryption domains to get the same result? https://i.ibb.co/QcQ7fW5/Capture.png This problem comes about due to having a site to site connection to an external network that I can't change. But I want more than one subnet to access this external network. [link] [comments]  |
| College Thesis Help - Snort / Suricata Posted: 10 Dec 2019 03:58 AM PST So I have a solid networking background and understanding of so of the systems involved. I am currently working on a project that uses either Snort or Suricata I haven't decided which yet. but the idea is for this system to be able to capture and display details in clear text for a keyword list. for example, someone googled something that was against policy of the company it would alert that "EMAIL / USERNAME" searched for "KEYWORD" on "127.0.0.1 / GOOGLE.COM" at "DATE / TIME". I can't figure it out as I'm new to both snort and Suricata so I need to learn one, how do I write a rule that will capture usernames, email address, full names, or message keywords such as "KEYWORD"... so maybe a way to parse the packet for data such as "username = BOB" and save that data to an SQL table for that IP address. can anyone help me with this ? its a completely new project for me, I know I will need to strip SSL/TLS and degrade the traffic, I have a understanding of that already... Thanks in advanced [link] [comments]  |
| I'm a network newbie - alternatives to Flukes to just find VLAN number Posted: 10 Dec 2019 02:34 AM PST Hi guys I'm on a project that has various Cat6 run off in to the ceiling that then plug in to a desktop FTTO switch. Each port is configured with a VLAN for the end device functionality. however, we only have 1 linkrunner and, yes, we can probably buy another couple but, i'm wondering if I can do this simple check with Wireshark on a laptop or android alternative alternative? I have tried Wireshark and I can usually get it to show a lot of TCP/IP stuff but sadly, the VLAN (802.1Q?) info isn't listed where it is on the Linkrunner. Devices: Windows 10 Surface Go Both connecting via an Euasoo USB Type-C Hub Pro (ES-HB300C) with an RJ45 socket. Windows shows this network card as an "SVN" in device manager and is made by Huawei. I'm unable to find any info on registry settings to pass the VLAN data up the layers for this card like I can find for Intel. Am I heading to a dead end? Thanks! [link] [comments]  |
| Using public IP addresses for internal DNS entries Posted: 09 Dec 2019 05:18 PM PST Hey all, Boss man is tired of our "split horizon" DNS setup. We have websites that are external facing (they should be in a dmz but we aren't their quite yet), but are also reached by internal users. The boss wants the internal DNS entry to be the public IP address. I see two issues here.. 1) hairpin on the firewall 2) we have null routing for our public blocks (loop prevention?) I can get this to work probably, but what are your thoughts? It's a weird situation I feel like. Maybe less weird once we have the dmz established. [link] [comments]  |
| Configuring a vEdge device locally? Posted: 09 Dec 2019 08:44 PM PST With Cisco SD-WAN, if you have a vEdge device that is managed via vManage, and you try to configure it locally, you get this message:
Is there some way to work around this? What if you lost connection to the vManage, and the only way to re-establish connection is to modify an interface setting via the console? [link] [comments]  |
| Posted: 09 Dec 2019 04:44 PM PST Why is it so hard to find short fiber patch cables (<0.5m?) I would love to have some 0.2m and 0.3m fiber patch cables, to make everything neat & tidy. Anyone know of a good source? In my case at hand, I need MM, LC-to-LC, OM3, UPC. But also I'd love just a general source for short patch cables, for general needs. [link] [comments]  |
| Enabling DHCP Client on IRB Interfaces of Juniper EX Switches. Posted: 09 Dec 2019 04:17 PM PST I turned on DHCP on IRB interfaces and I see that the IRB Client interface is stuck in init state. Anything else needed from my side ?? root@Juniper1> show dhcp client binding IP address Hardware address Expires State Interface 0.0.0.0dc:38:e1:51:ac:41 0 SELECTING irb.0 0.0.0.0dc:38:e1:51:ac:41 0 SELECTING irb.1000 172.16.10.132dc:38:e1:51:ac:42 5956 BOUND vme.0 {master:0} root@Juniper1> {master:0} root@Juniper1> {master:0} root@Juniper1> {master:0} root@Juniper1> show dhcp client binding IP address Hardware address Expires State Interface 0.0.0.0dc:38:e1:51:ac:41 0 INIT irb.0 0.0.0.0dc:38:e1:51:ac:41 0 INIT irb.1000 172.16.10.132dc:38:e1:51:ac:42 5879 BOUND vme.0 {master:0} root@Juniper1> show configuration interfaces irb.1000 family inet { dhcp; } {master:0} root@Juniper1> [link] [comments]  |
| You are subscribed to email updates from Enterprise Networking news, blogs and discussion.. To stop receiving these emails, you may unsubscribe now. | Email delivery powered by Google |
| Google, 1600 Amphitheatre Parkway, Mountain View, CA 94043, United States | |
No comments:
Post a Comment