NASA MeshNetwork recent code & documentation - maybe someone on /r/networking will find this interesting and useful Networking |
- NASA MeshNetwork recent code & documentation - maybe someone on /r/networking will find this interesting and useful
- QoS on every interface on the path?
- Today I screwed up
- Boss Want's A Layer 2 Firewall
- Are HTTP proxies (a la Charles) days numbered as we move to HTTP/3 and QUIC?
- Access port configuration using SolarWinds NCM?
- Can a firewall (NGFW) read only / but no writing on websites?
- Contact for AS6128
- Anyone else have Cisco 1242 APs die recently?
- Simple question on identifying intermediate device by counting TTL
- It's possible to identify non HTTP running on port 443?
- Campus Core Switch Replacement
- Spine-Leaf Overkill?
- Inexpensive equipment for testing lab in my cubicle?
- LACP Timeout Fast vs. Slow
- Grandstream phone VLAN voice an data same port
- WLC 8540 issue Management interface
- Xmas Slowdown within a VAR
- What is the point of these above ground markers?
- MTU issues over IPSEC tunnel between ASA and Meraki MX
- Did a pick the wrong training course? (cisco DNA)
- Troubleshooting High Output Queue Discards
- Looking for a reliable Ethernet on/off switch for work phone system
| Posted: 03 Jan 2020 09:58 AM PST This is an interesting Github repository from NASA. MeshNetwork https://github.com/nasa/meshNetwork
[link] [comments]  |
| QoS on every interface on the path? Posted: 03 Jan 2020 09:42 AM PST We have a phone vendor telling us that all of the switches and routers need QoS configured. Traditionally we only configure it on the WAN interface of the edge device as internally we have a full backplane on all the switches. This is from the vendor doc: "If VoIP traffic passes any single interface without QoS configured, the effects of quality issues are felt on a call as if no QoS is configured anywhere along the path." Is there any validity to that? [link] [comments]  |
| Posted: 02 Jan 2020 04:27 PM PST I want to remind you all to slow down and always check your changes, take it from me and do not be like me! Routine change I have done many times inside ACI but this time I was in the wrong context menu and deleted the parent profile and not a child profile. This was 100% on me, yes I wish Cisco would not allow a parent profile to be deleted while it contains child profiles but in the end it was still on me. Yes I was able to roll the change back in less than 2 minutes, but in those 2 minutes VPCs between our virtual compute and storage were completely destroyed... So learn from me, slow and steady. All those fancy servers, storage and services do not work when the roads are all broken. [link] [comments]  |
| Boss Want's A Layer 2 Firewall Posted: 03 Jan 2020 12:57 PM PST Hi All, It is my understanding that layer 2 (transparent firewalls) are to be used in fringe cases. Currently I've got 4500X's in VSS facing the datacenter, which then up links to the core. Based off my experience you would want to hang the firewalls off the datacenter 4500's and route the firewalls either by hair-pinning the traffic with static routes redistributed into ospf, or even more simply just route the networks directly off of the firewalls. My manager believes that we should be running them transparently (keeping the current architecture of layer 2 between our core and datacenter). I'm trying to see if this is a difference of opinion or if i'm just missing something that he see's and I don't. I have deployed many firewalls in a routed fashion and have only seen a transparent firewall only once in the wild. I am curious to what the community see's as the proper way to deploy these firewalls. [link] [comments]  |
| Are HTTP proxies (a la Charles) days numbered as we move to HTTP/3 and QUIC? Posted: 03 Jan 2020 10:12 AM PST How can we possibly have similar functionality to Charles Proxy to inspect https resources when we move to HTTP/3 over QUIC? I frequently use Charles Proxy to inspect HTTP and HTTPS traffic (and Wireshark to inspect UDP packets) from my mobile phone for exploration and app development. Does HTTP/3 (over QUIC / UDP) even allow something like an HTTP proxy with a self-signed certificate to interact with "https" resources? I read about the CONNECT request in HTTP/3, but it sounds like it still makes a TCP connection with an origin server. I don't understand how that would work with an origin server that expects HTTP/3 from the client. Without a QUIC proxy, there's no reason to use your own certificate because the origin server won't recognize, or be able to decrypt, the payload. [link] [comments]  |
| Access port configuration using SolarWinds NCM? Posted: 03 Jan 2020 12:07 PM PST Does anyone have an example of how to verify configuration on access ports using SolarWinds NCM? I'm working with Cisco IOS Something that can maybe detect if "switch port mode access" it set, and then verify that portfast is enabled, QoS trust, etc... [link] [comments]  |
| Can a firewall (NGFW) read only / but no writing on websites? Posted: 03 Jan 2020 02:30 PM PST I am sure that the answer is yes, however, if there's a technical / sales term, I am looking for that. Can also a firewall redirect traffic depending on the destination? Example, if I were to go to Facebook.com it's supposed to go to ISP A but if it's going to medicalinfo.net it's supposed to go to our internal servers. Looking for the business / tech term if any. Thank you *update - I do apologize for not being more clear supposed I have a mobile user, I want to make sure that when the VPN is on that he cannot WRITE access to Facebook. the same time is that certain sites and applications are to ONLY be redirected to our internal network. [link] [comments]  |
| Posted: 03 Jan 2020 02:27 PM PST Does anyone have a contact over there that they could put me in contact with to discuss peering? I would like to speak to them about maybe getting it set up. TIA [link] [comments]  |
| Anyone else have Cisco 1242 APs die recently? Posted: 03 Jan 2020 09:25 AM PST I have some 1242APs deployed that are connected to a 2504. APs were working fine last week, and we get reports today that they are not working. The 1702 APs connected to the same controller are working. The 1242's still have link, show up as CDP neighbors, etc.. Just no association with the WLC. I realize the 1242's are older than dirt and unfortunately, that's not my battle to fight - the recommendation has been made to replace them a few times. However - I suspect that these APs died because of rolling over to the year 2020 - anyone seeing anything similar? A quick look at the Cisco support page mentioned nothing. [link] [comments]  |
| Simple question on identifying intermediate device by counting TTL Posted: 03 Jan 2020 09:35 AM PST I have an issue with receiving RST packets when trying to access a particular service on a server. Running wireshark from the client side, I see that RST packets occur at TTL of 57 the source being the server IP. The server is a Linux box with a 64 TTL and there are 11 hops to the server from the client which results in a 53 TTL for good connections not facing the issue. When the RST occurs and the TTL is 57, that tells me that it is not the client or server causing/sending the RST, but rather a device in the middle that is breaking the connection. If it was the server causing the RST the TTL for the RST packet would be 53. My question is this, which way do I count the hops to determine what device is causing the RST if the TTL is 57? Seeing as how I am running the wireshark trace from the client, do I count hops from the client side or should I count hops from the server side seeing as it is the source of the RST? Given the above, In the example below would I identify the device causing the RST packets to be d.d.d.d by counting down TTL from server side or would the suspected device be h.h.h.h by counting from the client side? Example trace route: 1 a.a.a.a client side gateway 2 b.b.b.b 3 c.c.c.c 4 d.d.d.d 5 e.e.e.e 6 f.f.f.f 7 g.g.g.g 8 h.h.h.h 9 i.i.i.i 10 j.j.j.j 11 k.k.k.k 12 l.l.l.l server [link] [comments]  |
| It's possible to identify non HTTP running on port 443? Posted: 03 Jan 2020 04:29 PM PST I need to develop something similar to ngrok as I have a group of machines that run behind firewalls and the only communication is trough 80/443. The idea is to establish a TLS connection on 443 to a central server and use this connection as a tunneling point to run a SOCKS5 server. And the question is, firewalls are able to identify that I'm not running HTTPS on that port? Because the initial communication will be different. [link] [comments]  |
| Campus Core Switch Replacement Posted: 03 Jan 2020 09:48 AM PST I need some help with Core switch replacements we have brocade MLXe-8 and 16 cores running VPLS over MPLS and OSPF routing between 3 sites. Inter-site links are 10GbE. Also we have Dell 2x TOR 5248 switches on VLT that support VxRail / VMware ESX servers with stretched clusters between two of the DCs using layer 2 stretched vlan. 1) Any ideas for replacement and resiliency ? 2) Is VxLAN and EVPN the future replacement for VPLS over MPLS or are there alternatives ? 3) Can you vmotion traffic across site using VxLAN ? i.e Direct Link between site A to B fails so looking to vmotion vms from Site A to site B via site C using existing links to A and B considering we have a stretched vlan using same IPs at site A and B. 4) The Dells have 4 x 10GbE to MLX Core so just wondering about oversubscription as currently there are current 5 x 25GbE ESX host connections per TORS switch is this an issue?. [link] [comments]  |
| Posted: 03 Jan 2020 11:33 AM PST Hi, I'm never sure what's considered small, medium, and enterprise where I'm reading various blogs and articles. In short, we have a staff of about 70, and about 140 dual-drops scatters throughout the office. Many are obviously not used but they could be so I need them all connected. We currently have a stack of old 48-port Nortels (3ea 1GB for data, 3ea 100mb PoE for phone) on separate LANs (not VLANs). I didn't install it, but it's over 10 years old and I want it out of here before it dies some Monday morning. Also, i'd like to go up to 10gb ethernet (I ran a test and I can get that speed through about half my office with current cabling, the rest will have to settle for 2GB or so which is still twice what we have now). All drops "home run" to our server room with mail server, file server, a couple VM hosts, DC, usual stuff. To replace my phone LAN, I'm fine with just three 1gb PoEss in a stack. I only want it GB in case I decide to ever start messing with VLANs and piggyback data on the phones -- but doubt I'll need to since I have two jacks at each desk. Would Spine-leaf be overkill for our data? At first I thought a stack but since 99% of the time we're talking to servers, a central switch connecting servers to the other switches made sense to me. But Spine-leaf seems to have the redundancy of a second "spine" switch in case one dies. I'm waffling between Netgear XS748T and M4300-48X and/or connected together with a M4300-24x24F. Or am I overthinking it? Would I be fine just chaining three 10GB switches together, with the middle one also connected to a server switch and the router? Basically, I'd like something that'll last another decade, but if I can avoid shelling out $30K-$40K that'd be nice. Thanks, Jeff [link] [comments]  |
| Inexpensive equipment for testing lab in my cubicle? Posted: 03 Jan 2020 02:06 PM PST This may not be the right sub. I am trying to set up a small lab in my cubicle at my work place to test potential configs and products. I mainly need a ROAS setup that supports dot1q. A necessary evil is that the switch/router needs to be quiet (so no $20 catalyst poe switches) because I'm in a cubicle in an office floor. I would prefer a device that has an IOS style CLI. It doesn't matter if the equipment is used or new, as long as it isn't compromised with malware or has known bugs like putting garbage on the interfaces. Does anyone have any recommendations? An 8 port switch would be okay, but dot1q is absolutely necessary. I will be paying for these components out of pocket, though the rest of my lab will come from my employer. Thank you Edit: I am an ISP repair/TTU tech. My cubicle is my test bench. [link] [comments]  |
| Posted: 03 Jan 2020 06:34 AM PST I've got 2 Juniper Switches with ae's over DSL. The bandwidth Isn't great and the runs are somewhat shaky. We get tail drops semi-occasionally because there's no QoS on the line (not going to change, at this time). The LACP timers are set to Fast (1 sec), on both ends. We get LACP timeouts on one of the Switches, presumably because it's failing to receive PDUs in-time (and that's presumably because of the tail-dropping) Pros/Cons to setting these timers to Slow as an alternate route to alleviating this? (My thought is that it would at least give the switch a bigger window of time before screaming that the line is down.) [link] [comments]  |
| Grandstream phone VLAN voice an data same port Posted: 03 Jan 2020 09:31 AM PST Hi I have an issue with a Dell N1500 switch and a Grandstream phone. Reading best practices documents. I configured the port like this: interface Gi1/0/17 switchport mode general switchport general pvid 500 switchport general allowed vlan add 500 switchport general allowed vlan add 55 tagged VLAN 500 is data and VLAN 55 Voices. If I have the port with this configuration I can reach the gateway in the PC. But the phone cant register to the central IP. If I remove the switchport general pvid 500. The phone can register to the central IP but I cant reach the PC gateway. Any suggestion? [link] [comments]  |
| WLC 8540 issue Management interface Posted: 03 Jan 2020 05:01 AM PST Hi all, thanks in advance for your support; for a customer i have an issue with management interface, ssh and https connetction doesn't work but icmp work. There are 2 WLC 8540 in SSO and all the firewall permit both ssh and https. From Service port I can reach both in ssh and https the WLC , so there isn't issue of configuration. I have tried by entering this command "config network mgmt-via-dynamic-interface enable" but even that doesn't work. Did someone have the same problem as me? Thanks all. [link] [comments]  |
| Posted: 03 Jan 2020 03:14 AM PST From what my peers say Xmas and new year slowdowns are common when at a reseller, how do people stay motivated? I understand it is a great opportunity to study but when there is no tangible work I really struggle to get any sort of momentum, this compounded with the fact I work from home means that I cant feed off any colleagues enthusiasm. Guess I am just venting but it feels like such a grind sometimes when I know I it shouldn't be, just wondered how more experienced consultants/engineers deal with it. [link] [comments]  |
| What is the point of these above ground markers? Posted: 03 Jan 2020 11:15 AM PST They are popping up around my neighborhood, they are putting in a fiber line. No other utility has these. Also, what exactly are they installing, they are putting those big boxes in the ground along with those markers, like one every 50 yards or so. [link] [comments]  |
| MTU issues over IPSEC tunnel between ASA and Meraki MX Posted: 03 Jan 2020 06:29 AM PST Happy New Year everyone, hope you are well. In my last thread, I was able to get some helpful advice from a fellow Redditor to adjust MTU settings on a client MX WAN port to 1452: https://www.reddit.com/r/networking/comments/ehr04l/potential_mtu_issue_between_meraki_mx_and_asa5515/ This this did clear up warnings about fragmentation issues between the MX and the SDWAN Bonder, but the root issues still persist: Issue: HTTPS and random other TCP traffic sporadically becomes unusable between these sites connected by IPSEC tunnel. Issue is temporarily resolved after bouncing IPSEC VPN, but comes back up after so many hours. For everyone's convenience, this is the flow of traffic:Client MX > SDWAN Bonded Internet > IPSEC TUNNEL > digitalsquirrel's ASA5515 Current observations:
Misc Other Notes:
[link] [comments]  |
| Did a pick the wrong training course? (cisco DNA) Posted: 03 Jan 2020 10:43 AM PST My company is going to be using cisco DNA in the future and I was asked to take training in it, but I'm starting to worry I took the wrong online course. I have the training course called: Cisco Digital Network Architecture Implementation Essentials (DNAIE) from global knowledge. https://www.globalknowledge.com/ca-en/course/161779/dnaie-cisco-digital-network-architecture-implementation-essentials-v20/ None of the labs have anything to do with DNA Center. It only see topics on cisco prime, APIC-EM, ISE, CMX. Is cisco DNA an ecosystem of tools or is cisco DNA really DNA Center? [link] [comments]  |
| Troubleshooting High Output Queue Discards Posted: 02 Jan 2020 08:50 PM PST What would be the major cause of high outbound discards on a switchport? We have a switch in a remote location on the other side of the country and staff are complaining of poor network performance. I can see that on one of the switches on the uplink port there is a huge amount of Outbound Queue Discards. We're looking at 3.6 billion since the last reboot (almost 2 years ago). At first I thought it was QoS as I could see that there was traffic hitting the policy, but now we've tried disabling QoS on the port and they're still reporting slowness. We've also checked that there is no duplex or speed mismatch. One side is a gigabit switch, the other side is a 100mbps switch, but I can see that the gig switch has auto-negotiated down to 100m so I don't think that should be causing outbound discards for the port. At the moment I'm leaning towards a bad cable or some interference from the warehouse it's in. Anyone have any ideas of anything else I can check? [link] [comments]  |
| Looking for a reliable Ethernet on/off switch for work phone system Posted: 03 Jan 2020 07:24 AM PST I work in a small office using a VoIP phone system. We've been told we can plug these phones in anywhere and they'll work with their built in numbers. The boss is needing to move a phone into his home to take care of his wife, but won't always be home. During business hours when the phones are not forwarding to our cell phones he is not wanting the phone to be ringing if he's not there. My idea was an on/off switch for the Ethernet cable, but it seems everywhere I look they're super sketchy or look like they're for trying to cheat at video games. Anyone have any suggestions for a on/off or "kill" switch we can use to turn the phone off when he's not there that doesn't require him unplugging it every day? [link] [comments]  |
| You are subscribed to email updates from Enterprise Networking news, blogs and discussion.. To stop receiving these emails, you may unsubscribe now. | Email delivery powered by Google |
| Google, 1600 Amphitheatre Parkway, Mountain View, CA 94043, United States | |
No comments:
Post a Comment