• Breaking News

    [Android][timeline][#f39c12]

    Saturday, December 7, 2019

    Sitting on broken static routes on a saturday. Thanks Fortigate. Networking

    Sitting on broken static routes on a saturday. Thanks Fortigate. Networking


    Sitting on broken static routes on a saturday. Thanks Fortigate.

    Posted: 07 Dec 2019 04:01 AM PST

    I wonder if I should restrain myself and avoid filling this post with the profanity filling my head, maybe you can help conquer some peace of mind. Because it's either you or booze, and it's just 1 PM in central Europe.

    The scenario, branch office can't print from Remote Desktop over IPSec tunnels, printer is offline.Better yet: printer would be online, if the gateway (the same Fortigate managing VPN, Route and Policy on the RD-Site) wouldn't decide to actually play dice with the routes.

    This is the connection from the RD-Source to Printer Nr. 1 on remote site

    tracert 192.168.204.153

    1 <1 ms <1 ms <1 ms 192.168.168.1 <-- hello gateway

    2 33 ms 33 ms 33 ms 192.168.0.164 <-- hello VPN gateway on the opposite side

    3 35 ms 37 ms 45 ms 192.168.204.153 <-- hello Printer Nr. 1

    Now watch what happens if I try to ping Printer Nr. 2, sitting on the same table, attached to the same switch, served by the same router, on the same VPN.

    tracert 192.168.204.154

    1 <1 ms <1 ms <1 ms 192.168.168.1 <-- hello gateway

    2 1 ms 1 ms 1 ms 192.168.100.1 <-- uuh..where are you going, that's the modem's default route

    3 12 ms 11 ms 12 ms a81-*-*-*.net-*.co.uk [81.*.2*4.**1] <-- ..and my ping gon fuck himself on the internet.

    Any clue before I lose my mind?

    EDIT - provisory solution for future visitors:

    Hello, googler of the future.Appearently when the tunnel went down all connections to that particular subnet defaulted to the default route (WAN), and the session got stuck there. I added a black-hole (null) route to the same subnet with a much higher cost. This prevents new connections to leak to the internet where they stay undead even if the tunnel is connected again

    submitted by /u/Duerogue
    [link] [comments]

    Do you guys take the time to update firmware, software, OS, for servers and network equipment?

    Posted: 07 Dec 2019 10:49 AM PST

    I find this to take a lot of time out of my physical server setups. For example, I got a hp proliant ml950 gen10 to set up last week. It took no time to build the physical server and get it to boot.

    It takes a lot of time getting all the "Intelligent Provisioning" stuff updated, and even then I can't manually partition the Hard Drives this way. Trying to install manually is a pain too. The Windows OS didnt recognize the RAID controller, so I couldnt install windows. And turns out the NIC only supports 1Gbps connections so I wasted time trying to figure that one out. I can't even install the drivers, then try to reinstall the OS because it wont recognize the fkn hard drive so wont find the driver. I load the driver onto my flash drive, and it doesnt fkn recognize exFat. So i make it fat32 and get it to work.

    Then you update the firmware/software in the iLO, and of course one of the updates will break iLO when trying to install it, even though it was an update found and initiated from within the iLO itself. And since each reboot takes a million years, it takes me a few days before i can begin setting everything else up on the server.

    submitted by /u/Kaeny
    [link] [comments]

    Redundant Network Project Help

    Posted: 07 Dec 2019 04:24 PM PST

    Hi guys, I hope this is the right subreddit for a question like this, but I'm hoping you guys might be able to point my team in the right direction.

    I am part of a college group for our final project. We all have some background in the IT field, but we have run into an issue with our setup.

    The topology is 2 routers(Cisco 1841) connected to each, with 2 switches( HP2530-24G ), and 2 servers(Linux). There is also one regular switch connected to both routers so clients can access the redundant network. They are connected via ethernet to be redundant, so that regardless if one of each goes down, the client can still access a web page on the server.

    What we have done so far is set up VRRP between the routers, DHCP is set up on both routers, and spanning tree is set up on the switches.

    What is happening is that the redundancy seems to work perfectly if we start unplugging the ethernet cables. We have tried all 72 possibilities of connection and they all work. Unless we unplug the power from one of the routers. Then the client will receive a Microsoft default IP? instead of the DHCP network assigned one it needs.

    Right now, we plan to look at IP Helper and fiddle with that, and if that doesn't work, take a look at moving the DHCP from the routers to the servers, and see if we have a different outcome from the clientside.

    Can you guys provide any insight or point us in the right direction. We plan to meet again tomorrow morning. Thanks!

    submitted by /u/Its_Me_Dio
    [link] [comments]

    OSPF / BGP Load-balancing with multiple paths

    Posted: 07 Dec 2019 11:50 AM PST

    I have googled this bit I'm struggling a bit to find a concise answer.

    By default with multiple paths in the table what is the load sharing mechanism? Will a session with the same source/destination IP/port always take the same route? Or will it go over multiple paths on a per packet basis?

    Reason I'm asking is that we have a VoIP platform whose gateway has multiple paths via ospf, with same cost, into our core network. We've had increased reports of audio issues since moving away from vrrp/static routes and towards L3 switch stack as a gateway with ospf routes to our core

    submitted by /u/LittleWanger
    [link] [comments]

    Dynamic IP

    Posted: 07 Dec 2019 03:36 PM PST

    I have 2 NASs that I've built at different locations. They are both running freenas. I would like to have them back eachother up. I'm currently stuck trying to a free service to set up a dynamic DNS. Any suggestions? Thanks in advance

    Edit: I mean Dynamic DNS not Dynamic IP

    submitted by /u/BankOfSpace
    [link] [comments]

    Protecting an SFTP server at the firewall level

    Posted: 07 Dec 2019 02:11 PM PST

    I am trying to secure an sftp server that needs to be open to the internet and cannot be accessed through a VPN. I have researched methods of securing this device, I am looking for a second opinion on how to go about securing an sftp server that is open to the internet.

    submitted by /u/residentender4
    [link] [comments]

    Best method to vlan individual PoE cams apart from NVR as a whole?

    Posted: 07 Dec 2019 10:04 AM PST

    I am attempting to vlan PoE cams and wondering if it is possible to put each individual cam on its own vlan as opposed to applying a single vlan to the whole nvr. If so, what is the best way to go about tagging each cam if they are on an nvr and not a switch? Is it better in any way to plug the cams into a separate vlan-capable PoE switch, which is then itself plugged into a single port on the nvr?

    submitted by /u/samadhi_skeez
    [link] [comments]

    Supplementing 1Gbps ISP for small office

    Posted: 06 Dec 2019 04:36 PM PST

    I have a few clients questioning why they aren't and shouldn't got for the 1Gbps speeds that these business ISPs are offering. I told them straight that it was due to the firewall they have in place handling the connection and that all the security features they wanted would slice it down. Long story short is there alternative ways also cost effective to try and capitalize on these speeds without worrying about security features to big it down? I'd like to upsell and provide a little more confidence instead of presenting them with a 10 grand firewall appliance (Fortigate user here). Any input would be appreciated!

    submitted by /u/AcidWulf
    [link] [comments]

    Recommendations for Cisco OOB console port connectivity at remote sites with cellular access?

    Posted: 07 Dec 2019 11:24 AM PST

    I've bookmarked the discussions in the past when people asked for recommendations on which serial console server brands people are using for OOB access to Cisco gear. Opengear seems to get mentioned a lot. For people who manage remote sites and need OOB access to the serial console ports on Cisco routers, switches, firewalls, etc. with cellular connectivity, what are the brands to look at? Is there one company that does cellular (in the US) OOB better than other vendors? Thank you.

    submitted by /u/OleColonelAngus
    [link] [comments]

    I'm looking for background pricing info for an HOA to build FTTH or fixed wireless for a rural neighborhood (either paying an ISP to do it or operating it at the HOA level)

    Posted: 07 Dec 2019 11:17 AM PST

    As a layperson, I'm wondering what the process would look like for an HOA to help the homeowners of a neighborhood get internet access for the first time. Here are the basics:

    • CenturyLink has what I believe to be a fiber tap right outside the neighborhood: there are 4 or 5 newer-looking large boxes on a concrete pad. I believe this node serves DSL/phone to several nearby neighborhoods, but not to our neighborhood.
    • Our neighborhood is 100 homes over 10k+ acres, up two canyons served by two dirt roads which the HOA owns.
    • There is existing water and power buried in the roads.
    • At the top of one of the canyons, the HOA has leased out a small piece of land to a private company that has installed a large comm tower, with grid power and backup diesel generators. The tower surely functions as a simple repeater since it just has two dishes facing opposite directions. The tower has line of sight to some homes, but not many.

    As I said, I'm a layperson, not a networking professional. In general, my question is: what on Earth do I do with this information? Is there anything to do with this information, or is this just a pipe dream?

    To try to be more specific, here are some questions; feel free to answer few or none:

    • What is a ballpark estimate if I call up CenturyLink's business line and ask for a quote to run fiber directly from their node to our neighborhood's first residence, which is ~0.5 mile up the road (again, keeping in mind that we own the road itself and there is power already installed)? When power companies bury power for the first time, is it likely for there to be empty conduit already in the road that the power company would be willing to sell back to the HOA for use with fiber?
    • Would it be better for the HOA to hire a 3rd party to install the fiber, and then simply ask to plug into CenturyLink's node?
    • Given that the geography of the canyons would make fixed wireless extremely difficult, how outrageous would it be to consider FTTH for our full-time residents? There is a total of about 5 miles of road that serves our lower ~30 household which are mostly full-time residents. I know density is not on our side, but I'm comparing it to our past: When we all agreed that we wanted power for our community, we made it happen; when we all agreed that we wanted central water for our community, we made it happen. This is a community that is quite close-knit and I think understands the idea of decades-long capex projects better than most communities—we installed water ourselves just a few years ago, with homeowners footing the ~$30k per lot pricetag. Is fiber impossibly expensive compared to power and water, or is it not unreasonable compared to our past investments? Right now, people are tired of using LTE hotspots with 2 bars of service. The neighborhood is reasonably hungry for real internet.
    • If the cost of FTTH alone is not disqualifying, then what do we do with that? If we were to front the bill for the network (and hopefully retain ownership of the fiber?), would CenturyLink be willing to provide ordinary residential fiber service to each individual residence? Or would we need a custom business account for the entire HOA? Or would we need to pay some other company to operate a new ISP on our networking, using CenturyLink for backhaul?

    If those are dumb questions, I'm sorry. Like I said, feel free to ignore the questions themselves. My real question is just: is this possible? Where do we start?

    submitted by /u/DismalGarage
    [link] [comments]

    Emulation of GSM and PST

    Posted: 06 Dec 2019 08:03 PM PST

    this is all i could find here and its outdated by almost a decade.

    anyone know how they'd go about emulating cell phone/mobile networks? im looking to learn and i want a more dynamic representation to look at. i found this but im not sure if its what i need/ pretty sure it costs money.

    thanks in advance for any interaction this gets.

    submitted by /u/54D4K0
    [link] [comments]

    Cat6 shielded question

    Posted: 06 Dec 2019 11:51 PM PST

    Hi everyone. I have a couple cat6 shielded cable runs for a few ip cameras. The runs go from the camera to a poe switch with metal housing ports. I used cat6 shielded cable connecters and attached the drain wire to the metal tabs of the connecter at the switch side only. Are the cables properly grounded? If not, what's the way to do so. Also, if i dont connect the drain wire at either end, will the cable preform properly? I thought shielded cable would be better but may have bit off more than i can chew. Worst case gonna rerun with just cat6 and plastic connecters.

    submitted by /u/Steviek926
    [link] [comments]

    NZDSF (ITU G655) & Bend Loss Insensitive (ITU G657) in 1 fiber?

    Posted: 07 Dec 2019 12:23 AM PST

    Context: C-band DWDM fiber

    This sounds great but is this possible? This has been outside of all my sales engineers experience, myself included.

    Cheers

    submitted by /u/adhocadhoc
    [link] [comments]

    Help in understanding Sockets and Connections as it relates to TCP and programming

    Posted: 07 Dec 2019 01:30 AM PST

    I have a bit of experience in software development, but little in the world of Networking.

    I know that some programming language provide facility called Sockets, that allows you to open connection (which can be seen as a pipe) to a remove host, and using that, write or read information from that remote host.

    The bit of networking I know, I am aware of routing, and the fact that on the internet, before a message from host A reaches another host B, it would probably travel via multiple routers.

    I also know that TCP is a protocol used as a transport protocol for communicating on the internet. Unlike UDP, it is connection oriented.

    Now this is where I am having troubles visualizing/understanding things:

    If a route from host A to host B actually spans multiple network equipment in its path (routers, switches etc), how then is it possible to establish a connection between host A and host B? Will the connection span across all these multiple equipments? (I mean at any point in time, would the intermediate equipements be aware of the connection that has been established through them that allows host A to talk to host B?)

    Same question above also applies to sockets. When a socket is established with a remotes, are all the intermediate machine also aware and persisting this connection?

    I can imagine things if I have host A directly connected to host B...but I cannot understand the setup when it is actually two hosts reachable via the internet.

    Explanation that could help me understand these things better would be appreciated!

    submitted by /u/finlaydotweber
    [link] [comments]

    No comments:

    Post a Comment

    Fashion

    Beauty

    Travel