Moronic Monday! Networking |
- Moronic Monday!
- What 'stupid' errors still trip you up after years in the networking business?
- Wrapping my ahead around open networking
- IBGP over GRE Tunnel Performance?
- Product Design Networking Question
- ns3 - How to modify some files of a module?
- BGP injection into EIGRP on ASA/Firepower Flex config possible?
- Data Center cable removal Best practices
- GRE IPsec performance issues
- Patchbox and or alternatives
- BGP Peer Flapping Reaction Strategy
- SFP/Card Tracking Software?
- 5GHz SSID disappeared
- Catalyst 9500s, Stackwise Virtual and Etherchannels to different switches.
- Outdoor Ethernet extenders
- Can't Access Management Interface of ANY of my Fortinet Switches
- Wireshark decoding question
- Simplewall UTM?
- Slow Downloads for MPLS connected sites
- Best choice for network monitoring tool to determine what is writing data to file server?
- Question about IPv6 and IPv4
- Does adding a route-map to a BGP session cause a flap?
- Question about iperf TCP test performance issue (MSS related?)
- Adding custom packages to Open Network Linux
- Allied Telesis and Cisco in a ring
| Posted: 09 Feb 2020 05:04 PM PST It's Monday, you've not yet had coffee and the week ahead is gonna suck. Lets open the floor for a weekly Stupid Questions Thread, so we can all ask those questions we're too embarassed to ask! Post your question - stupid or otherwise - here to get an answer. Anyone can post a question and the community as a whole is invited and encouraged to provide an answer. Serious answers are not expected. [link] [comments]  |
| What 'stupid' errors still trip you up after years in the networking business? Posted: 10 Feb 2020 05:51 AM PST I have been doing networking in various roles since early 2000-something. Got certifications, been working on a quite a few tier-1 networking brands. And yet, I regularly get tripped by 'stupid' or trivial issues. Most often because I inherit someone else's mess or someone else did the hardware before I got involved. But once in a while it is my own mess. Some of my personal favorites:
"Both devices have link on the right interface, in the same vlan, right IPaddress. Cannot ping. ARP ok. LLDP works, now it doesn't, now it works again. Hey, I got a ping response. Now it is dead again." Yeah, the box is very busy processing packets.
"I have checked EVERYTHING. Why can't I establish this peering?" No, I didn't check everything...
"I had link when I left. Or: It used to work with the other, older box." I rarely touch hardware anymore. When I do, dodgy, old cables have a very short lifetime.
"Oh, you're talking to *that* nameserver. Or: oh yeah, there's an entry in /etc/hosts...." But this is probably only me.... /s .
"I *know* I set the right auth/privacy password. I just redid it for good measure. Still doesn't work." Most often when configuring a new type of device, and my NMS of choice does not have the exact combo of auth/privacy password/protocol configured. I guess the common denominator is that these do not happen too regularly for me to suspect them from start. What is your personal 'trivial' tripwire? [link] [comments]  |
| Wrapping my ahead around open networking Posted: 10 Feb 2020 10:04 AM PST Hello all! We are a media and entertainment facility. Our network infrastructure is currently built on Dell switches. Dual Powerconnect 8164F core switches and Powerconnect 5548 stacks at the edge. We've looking into upgrading that infrastructure to a 100GbE core with 10GbE to the edge. It's been a while since I've shopped for new hardware and the landscape seems to have changed radically with the advent of open networking. We aren't going to be doing anything crazy configuration wise, just some basic VLAN / routing rules. I've seen FS.com selling some incredibly cheap 32 port 100GbE switches (specifically, the N8500 series). I see that they have Trident 3 ($6400) and Tomahawk ($7100) variants. If I were to purchase a bare-metal switch such as one of these, is there a 100% free network OS I can install on them? Is there any kind of GUI to them or is it 100% command line administration? [link] [comments]  |
| IBGP over GRE Tunnel Performance? Posted: 10 Feb 2020 11:01 AM PST In my network, I have two edge routers peering with carriers. One of these edge routers (we will call it router A) is separated over a single fiber which has suffered a couple of recent cuts. Router A advertises a /24 prefix in EBGP, which is subnetted internally on Router A and other routers on the other side of the fiber in question. The other edge router (Router B) also advertises this /24. So, when a cut occurs, we have outages depending on how traffic enters the network. Obviously, the permanent solution would be not to subnet this /24 across the fiber in question. However, readdressing takes time. In the short term, I was considering doing a GRE tunnel between Router A and Router B via their internet-facing interfaces. I would like to run IBGP across this GRE tunnel to share the subnetted internal prefixes rather than use static routing. I've labbed it out and it seems to work fine, but I still have concerns about performance of the tunnel, mainly about fragmentation. Anyone ever done IBGP over a GRE tunnel? What issues have you encountered? [link] [comments]  |
| Product Design Networking Question Posted: 10 Feb 2020 09:42 AM PST Hey Everyone, Kind of an oddball question; apologies if it's not appropriate for this sub. I'm part of a product design team, and we're working on a Bluetooth LE to WiFi bridge. In short, it's a device that listens for Bluetooth traffic and then send it back our server over WiFi. There will be 100-200 devices placed into each corporate building. The chipset we're working with has a shared radio for the Bluetooth and Wifi, so to listen for the BLE traffic, we have to disconnect from the WiFi. We're planning on running these on a 6 second interval — 3 seconds of BLE scanning, 3 seconds to re-connect to WiFi, upload the data, and disconnect. Rinse, repeat. For a software dev, I consider myself to be fairly network competent (which isn't saying much), but I know _nothing_ about WiFi. I wanted to get the opinion of real network gurus on our scheme. Devs and engineers often don't consider the real world implications of the things they design because we work in controlled environments, so I'm trying to not be "that vendor" and get ahead of the curve. On a scale of "It's all good" to "WFT did you put on my network?", how would you feel about such a device? The concerns I could think of were broadcast traffic and load on the DHCP server with so many of these devices trying to get IPs every 6 seconds. Is there any concerns about the WiFi reconnecting so frequently? Anything I'm not considering? Really appreciate your insight! EDIT! Thanks for the insight so far! Y'all have more than convinced us that the "two damned radios" option the minimum we should be looking at. If you have any more "must haves" that you'd like to see in this kind of project from a network engineering standpoint, I'd love to hear it! [link] [comments]  |
| ns3 - How to modify some files of a module? Posted: 10 Feb 2020 01:26 PM PST Hello, does anyone know how to change only some of the files inside a module in ns3? If I copy the entire folder of a module (i.e. aodv, dsr, etc) and modify some files, when I compile the code I get a conflict with the original module. Thanks in advance. [link] [comments]  |
| BGP injection into EIGRP on ASA/Firepower Flex config possible? Posted: 10 Feb 2020 01:09 PM PST |
| Data Center cable removal Best practices Posted: 10 Feb 2020 08:06 AM PST Hello, Data Center rookie here. I am researching best practices for cable removal procedures in the data center. For example, if someone wants to remove a server, what process should they follow to ensure the data cables are properly deactivated before physical removal? There is no good time to have an unplanned outage. I found a few threads that do not quite answer my questions on the official process of cable removal: reddit.com/r/networking/comments/6n1qrk/cable_labeling_best_practices/ I also have a copy of the TIA-942 white paper. But it too does not elaborate on the process of checking when it is "safe" to unplug something. When its time to unplug, what is the process you follow to ensure you are unplugging the right things? [link] [comments]  |
| Posted: 10 Feb 2020 02:42 AM PST Hello! We are having a bit of a strange performance issue with a new site that I hoping someone might have seen before. We have a remote site that connects back to our primary site using a GRE through IPsec. Devices on this site are having severe performance issues with web traffic files shares etc. I have attempted to alter ip mtu and tcp mss settings but it has made no difference; I have tried the recommended MTU 1420 MSS 1380 along with lots of other combinations. If a device connects to the wireless, Cisco, the performance issues are completely removed. I checked the settings for MTU and MSS for the capwap tunnel for the AP and tried to match them on the GRE tunnel but again made no difference. Telephony is functioning fine from this site. Anyone seen anything like this before? Thanks! [link] [comments]  |
| Posted: 10 Feb 2020 10:23 AM PST Am I missing anything with these things? $600 for 48 patch cables that retractAnd the housing? Are there alternatives? That seems really expensive for not that much gain. I feel like you could do something almost as pretty just with some cable managers that are cheap and patch cables [link] [comments]  |
| BGP Peer Flapping Reaction Strategy Posted: 10 Feb 2020 12:12 PM PST I'm curious about what others are doing when encountering a BGP peer flapping scenario. We generally work in a reactive capacity with very little automated procedures in place. It's served us to date (12 years) but I'm looking to have a little better strategy. Below is kind of what we do today. In the event of a situation where the peer is flapping, but the interface isn't (super, super, super rare) we'll overwrite the route-policy to deny prefix announcements in/out. The peer will basically be out of the running until stability returns and we rollback the overwrite. I don't know of a clever way to suppress advertisements based on flapping conditions since, at least with Cisco, you can't use things like route-age or rib-has-route on the neighbor-out attachment points. What is everyone else doing? Thanks! [link] [comments]  |
| Posted: 10 Feb 2020 03:55 PM PST Hey guys, I have a weird request We run a mid sized ISP network with around 50 routers and we want to track cards and SFP's in our routers. We want to pull inventory of every SFP and module slotted into each of our routers and we want to track when they are added/removed from the routers. We have issues where techs will see an SFP that is planned for something and pull it for their project and we won't know until we go back out to do our project. I'm considering building something custom to do this, but would rather just pay for a program that does it already. I understand i'll probably need to do some SNMP work to pull in the data, but that's much easier then doing it all from scratch. Does anything like this exist? or should I start my own business and create this software? ;) [link] [comments]  |
| Posted: 10 Feb 2020 03:43 PM PST We've got an office with three or four Cisco Meraki APs. I have no idea what's controlling them; an MSP manages our wireless. We've got a standard setup; Bananas is the internal SSID, Bananas-Guest is the guest SSID. Today, a bunch of the managers started complaining about poor wireless. I took a look using a couple of Android apps and I could see both the 2.4GHz radio and 5GHZ radio for Bananas-Guest but only the 2.4GHZ radio for Bananas. I've seen APs drop off the network and SSIDs disappear but not half an SSID. The MSP will do whatever they do (turn it off and turn it back on again) and probably fix it but they won't explain it to someone lowly like me so maybe you guys could give me an idea of what would cause something like this. Thanks. [link] [comments]  |
| Catalyst 9500s, Stackwise Virtual and Etherchannels to different switches. Posted: 10 Feb 2020 03:25 PM PST Having a hard time finding info on the issues I'm having, and admittedly very new to Stackwise Virtual. Switch 1 & 2 are 9500's sharing a functioning SVL link between them with two HundredGig links plus a dual-active-detection interface between the two switches. All looks good. Switch 3 is an old Catalyst 4507. Switches 4 & 5 are Nexus 93180YC-EX's. I need to create a 4gb etherchannel between the 9500's and the old 4507r (all interfaces dumbed down to 1GB because of the 4507r) Also need two separate 50gig etherchannels between the 9500s and the Nexus switches, using 4 TwentyFiveGig ports - two on each Nexus, and two on each 9500. In both cases, I am using ports on both 9500 chassis - two on each chassis. Whether I use LACP active/active, or PAgP desirable/desirable, only one of the interfaces on each 9500 will participate in the etherchannel. The first interfaces to link up are active; but the 9500 stack will 'down' the ports which linked afterwards using PAgP, or 'suspend' them if the port-channel is defined with LACP. ...what am I missing? Even if the answer is "understanding of Stackwise." At least that would be a much-needed sanity check. [link] [comments]  |
| Posted: 10 Feb 2020 02:45 PM PST Does anyone have any experience with this? I need to run an outdoor line that is 100+ meters. Do these things actualy work? Or would point to point wifi be better? [link] [comments]  |
| Can't Access Management Interface of ANY of my Fortinet Switches Posted: 10 Feb 2020 02:06 PM PST |
| Posted: 10 Feb 2020 10:17 AM PST Is it possible to create an auto decoding filter? All I can find reference to is capture filters which I don't need. I've got a bunch of multicast UDP traffic that I have to decode as and then specify the protocol. I have to do this every time. The destination IP address, destination port and protocol never change. It would be nice to have it set up to decode any traffic as the specific protocol based on the destination IP address or even destination port. I've tried going to preferences then protocols and adding the specific port to the relevant protocols, but it doesn't seem to save it. [link] [comments]  |
| Posted: 10 Feb 2020 07:44 AM PST Does anyone have any experience with Simplewall? I realize there is a small Windows Firewall replacement software with the same name... but that's not what this is about. I'm talking about the "free" UTM software here: I'm tired of Sophos XG, 100% because of the dynamic IP issues. Many of my DNS servers are behind a connection with a dynamic IP address (this is not resolvable, we NEED these servers hosted where they are for privacy reasons, please dont turn this thread into a critique of that choice). Sophos XG cannot, for whatever reason renew a DHCP address from a cable connection without manual intervention. If you have a solution for this, I'd be glad to hear it. That brings me to Simplewall. It "looks" enterprise ready and is based out of San Jose (U.S. based is important in this case, so +1 over Sophos). Despite the very low nonprofit price for the Sophos XG, free would be great as well so another +1. Does anyone have any insight or experience using this in a 24/7 production environment? https://www.simplewallsoftware.com/ Thanks for the help all! [link] [comments]  |
| Slow Downloads for MPLS connected sites Posted: 10 Feb 2020 01:31 PM PST Hi all, At my place of business we have two internet POPs and then we have various Remote sites that connect back to these POPs via MPLS to go out to the internet. These sites report terrible download performance and upon reviewing all visible interfaces from my end we have clean links. Just wondering if anyone has experience troubleshooting a similar problem as this and what you have done to troubleshoot. We are kind of at a stand still now. [link] [comments]  |
| Best choice for network monitoring tool to determine what is writing data to file server? Posted: 10 Feb 2020 11:57 AM PST We have a file server and more frequently than we'd like, we see a lot of data getting written to it. We have 500+ users and no telling who is dumping stuff onto the server. We're looking for something relatively simple and ideally cost-effective that can pinpoint the IP or mac address that generates heavy network traffic to the server. We have LibreNMS but after looking through the rule syntax, I don't really see a way to actually show where traffic is coming from, only to alert me if interface utilization goes higher than a certain percent. We use Checkpoint for our firewalls and I setup a monitor to show inbound data to the file server's IP but again, it doesn't appear to give me a way to show what IP on the network said traffic is coming from. I've used Glasswire at my house and it can do what I need it to do but am leery of putting something like that on our network before learning exactly what it can do and if there are any potential security vulnerabilities it brings along with it or if it's just sniffing packets and turning them into easy to read graphs. We're considering SolarWinds Netflow but it's $$$. We know it will do the job though so it's not ruled out but we're looking at cheaper options first. At this point, I'm thinking if I see a high spike in usage, I can setup a wireshark filter for SMB2 protocol traffic to the destination IP of the file server but I was hoping to find something a bit more elegant (i.e. pretty reports for a CIO) in it's interface and reporting. [link] [comments]  |
| Posted: 10 Feb 2020 07:53 AM PST Because IPv6 is being implemented into our networks now, does that mean when ISP's start making the change to IPv6, the IPv4 address space can get freed up and still be used and even still possibly sold to average users? [link] [comments]  |
| Does adding a route-map to a BGP session cause a flap? Posted: 10 Feb 2020 07:46 AM PST As the title suggests, I want to add a route-map to a BGP peer to set the local pref of some routes. Will this cause the session to re-establish or anything? [link] [comments]  |
| Question about iperf TCP test performance issue (MSS related?) Posted: 10 Feb 2020 07:12 AM PST Hello All, From time to time it happens that you have no more ideas on what to do with the issues. Apparently, this often happens to me with MSS/MTU shenanigans... Short intro. We have an infrastructure in some data center. There are some servers, switches and a core router. Core router is connected to a couple of ISPs and a couple of exchanges for blended traffic. Issue. We were testing the speed of our network to outside locations (outside our infrastructure) and noticed that a single Iperf connection is only achieving miserable 2-3 Mbps. In that case, all of our equipment was connected with 10G or more. As an example, other tests, like transatlantic and so on, reach 50 Mpbs for a single connection. We also did a test connection via other ISP and speed was good. So upon further packet dump inspection, I found that in a faulty connection Iperf test fails to raise TCP segment size: https://imgur.com/QhZVut5 While testing on other ISP everything was fine: https://imgur.com/TLHew5a What comes to mind that there are some MTU/MSS related issues. However, no packet loss or anything else is reported. I've sent a ticket to the ISP, but it will probably take some time for them to respond. Would be thankful for any ideas or thoughts about this issue. [link] [comments]  |
| Adding custom packages to Open Network Linux Posted: 10 Feb 2020 06:40 AM PST I want to use Open Network Linux for our whitebox switch solution and want to add my own applications to be built and installed with the OS. Initial thoughts: I will probably build my custom applications into a deb package which can be pulled from a store such as artifactory to be build into the image. What is the suggested method for where and how I should add these applications in? I just need advice on a work flow, for example if there is a concept of "recipes", as in a Yocto linux build, of where it would be a good idea to add my own applications. [link] [comments]  |
| Allied Telesis and Cisco in a ring Posted: 10 Feb 2020 09:02 AM PST Probably a very stupid question but we have one AT-9000 28SP connected to 9 Stratix, 1783-BMS10CGL, in a star topology. Client has had wires go bad on an up-link in the past and would like to add redundant paths by using a ring topology. Is it even possible to configure REP, which I believe is proprietary to Cisco in this setup? [link] [comments]  |
| You are subscribed to email updates from Enterprise Networking news, blogs and discussion.. To stop receiving these emails, you may unsubscribe now. | Email delivery powered by Google |
| Google, 1600 Amphitheatre Parkway, Mountain View, CA 94043, United States | |
No comments:
Post a Comment