Blogpost Friday! Networking

---

• Blogpost Friday!
• Is there a list of IPv4 ranges that Comcast uses to NAT their IPv6-native customers that connect to IPv4 destinations?
• Catalyst 3750 24 Port PoE switch not compatible with Cisco 7911 Phone?
• NIC Offloading
• IPSec failing when there is an F5 device in the middle
• Automate switch checks w/ a script
• Does VoIP have a future?
• 10G BGP software routers
• Time spent dealing with billing issues as a Network Engineer?
• ip directed-broadcast command missing on Cisco Cat 9300 running 16.9.3
• How are you running/invoking your network automation?
• Cisco Networkinf Academy - PT Skills Assessment Accuracy
• N5K static routing issue
• Cable toner error
• How/where can I obtain a copy of Junos OS for lab practicing?
• How can I change the "Sender IP" and "Sender MAC" within an ARP packet on Linux? Not having luck with arptables.
• OSPF over Nexus VPC
• What is the best way to learn multicast routing
• DC network with only few switches
• Implementation of RPKI - an overview.
• What do you track when running HSRP and iBGP on Cisco Routers?
• Help for Ansible beginner please
• Netmiko with cisco xe
• Did I make a terrible mistake?
• Looking for suggestions on a home network ping tool

Blogpost Friday! Posted: 30 Apr 2020 05:04 PM PDT It's Read-only Friday! It is time to put your feet up, pour a nice dram and look through some of our member's new and shiny blog posts. Feel free to submit your blog post and as well a nice description to this thread. Note: This post is created at 00:00 UTC. It may not be Friday where you are in the world, no need to comment on it. submitted by /u/AutoModerator [link] [comments]

Is there a list of IPv4 ranges that Comcast uses to NAT their IPv6-native customers that connect to IPv4 destinations? Posted: 30 Apr 2020 04:44 PM PDT I'm implementing various layers of access controls for a secure file transfer service (implementing sftp with ECDSA authentication and IP range verification) and one of my new data transfer partners is a "native ipv6" customer on Comcast. When they connect to an IP4 endpoint (when DNS lookups provide an A record rather than an AAAA record), I understand they're routed through carrier-grade NAT to provide an IP4 source address for these connections. Are these Comcast customer NAT egress addresses known or published? I'd like to whitelist them in the access rules for this customer. submitted by /u/ffelix916 [link] [comments]

Catalyst 3750 24 Port PoE switch not compatible with Cisco 7911 Phone? Posted: 30 Apr 2020 09:55 AM PDT We had this 3750 blade laying around and for easier cable management we wanted to run our phones to it. However, the phones don't receive power. I checked "show power inline" and it said it had 15.4 Watts available and when i tried a phone on 3580-CG it worked just fine. The 3580 has 30 watts available but the phone only uses 7 on boot and 5 at normal operation. Sorry for formatting, on phone. submitted by /u/Empyreal_ [link] [comments]

NIC Offloading Posted: 30 Apr 2020 08:18 PM PDT Trying to understand the full scope of the term NIC Offloading. A quick Google search indicates it allows TCP sequencing/error control to be offloaded to the NIC. Cool. What other items can be offloaded to the NIC apart from TCP calculations? submitted by /u/recovering-skeptic [link] [comments]

IPSec failing when there is an F5 device in the middle Posted: 30 Apr 2020 05:33 PM PDT Hi Experts, I know this was asked before but I still did not found any solution. Scenario: Site A(ASA)——(Internet)——(F5)—-(ASA)Site B All ike parameters are identical. Public IP on F5 and private IP on ASA Site B. Public IP on ASA Site A. Virtual server created on F5 and a route pointing to ASA Site B. Virtual Server got all ports set for the service port. NAT-T enables on ASAs. ADDITIONAL INFO: In Site B I am receiving the proposals from Site A with the original public source and destination IP. Any other ideas? Thanks in advance!! submitted by /u/monk_hasu [link] [comments]

Automate switch checks w/ a script Posted: 30 Apr 2020 12:55 PM PDT Hey guys, Weekly I like to slowly connect to each switch and check a few key criteria - uptime, port-utilization, memory utilization, errors, and so on. I am looking to automate this. I understand there are probably 1st and 3rd party products that do this but I was just looking to automate it myself. I was thinking a python script but the problem that I understand is in python if you say "ssh to host" then a completely separate ssh session opens up that the python session has no control over... any thoughts? submitted by /u/BigChiefLewis [link] [comments]

Does VoIP have a future? Posted: 30 Apr 2020 10:40 AM PDT I have to make a choice between working for an ISP, where it's a mix between VoIP and data networks OR working for a carrier specializing in VoIP. Is VoIP on the decline or on the rise? Which would be a better choice? submitted by /u/thatblondeguy_ [link] [comments]

10G BGP software routers Posted: 30 Apr 2020 03:31 PM PDT Here's a list of 10G BGP software routers I have come across in no particular order: DANOS - free https://www.danosproject.org/ FRR+VPP - free https://github.com/FRRouting/frr/wiki/Alternate-forwarding-planes:-VPP TNSR - $400/year for 10G license https://www.tnsr.com/ 6wind - ~3k$ for 10G license + 15% yearly https://www.6wind.com/vrouter-solutions/6wind-turbo-router/ Juniper vMX - ̃4k$ for perpetual 10G license with 2 million routes https://www.juniper.net/us/en/products-services/routing/mx-series/vmx/ TheRouter - the Russian alternative :) https://therouter.net/ I have excluded from the list software routers that AFAIK can't do 10G at line rate, such as software routers using kernel forwarding, pfSense, Mikrotik CHR, Cisco CSR1000v. Feel free to correct me if I'm wrong. Please add to the list if you know of other alternatives and feel free to share your experiences and opinions on the various options. submitted by /u/Routerswitcher [link] [comments]

Time spent dealing with billing issues as a Network Engineer? Posted: 30 Apr 2020 01:19 PM PDT I missed getting this into Rant Wednesday. So I am an engineer at a reasonably large company (2100 employees nationwide). The IT team and has to constantly (maybe 2-3 issues a month) deali with Carriers/Vendors because Accounts Payable didn't pay bills. We follow AP process to set up payments, but still things go wrong; it's bad enough we have had to assign engineers to check accounts/portals monthly to verify payments. Heck, we even created an outage root cause category of "billing" for tracking purposes. In our network group Layer 0 has become "did we pay the bill?" Do other orgs struggle with this as mightily as we do? submitted by /u/techno_superbowl [link] [comments]

ip directed-broadcast command missing on Cisco Cat 9300 running 16.9.3 Posted: 30 Apr 2020 08:19 AM PDT I'm configuring remote Wake-on-Lan for a number of my sites and so far so good until I got to my first IOS 16 device (Catalyst 9300). When I try entering an "ip directed-broadcast {ACL}" command under my forwarding interface, I get an unrecognized command error. This worked on all IOS 12.X devices. Even reading Cisco's IOS 16 docs, it should be there, so I'm wondering if this is a bug with this build, but I can't find anything in the known issues docs. Has anyone else seen this? submitted by /u/A-Series-of-Tubes [link] [comments]

How are you running/invoking your network automation? Posted: 29 Apr 2020 07:52 PM PDT Having a central source of truth, writing automation scripts and keeping them (and configs) tracked in git is pretty straightforward. But I'm interested to know the different ways you all call your network automation scripts (and why) because it seems there's a whole bunch of ways to do it. Individual engineers git clone and call scripts from the commandline running on their workstation The above, but on a shared central automation server Web interface only, which functionally just wraps the scripts Run from a different system (e.g. NetBox custom scripts) AWX / Ansible Tower Git server automatically running via git hooks Git server running via manual pipeline Also how are you handling logging and approvals? submitted by /u/Substantial-Guava [link] [comments]

Cisco Networkinf Academy - PT Skills Assessment Accuracy Posted: 30 Apr 2020 04:54 PM PDT So I just took a PT skills assessment for a Cisco 2 course. I have taken other PT skills assessment tests in the past as well. The one I took was a Chapter 7 Practice Skills Assessment - PT. It seems like there was stuff I did correctly inside of the test that the automated scoring system marked wrong. For anyone thats taken a Cisco course, are the packet tracer assessments accurate? submitted by /u/Darrk101 [link] [comments]

N5K static routing issue Posted: 30 Apr 2020 06:52 AM PDT Just connected up a C5596UP and started adding it into my network fabric. Found the SVIs it owned worked fine with directly connected devices but routing to anything beyond via the default route were dropped, looks like all my static routes are sitting as pending. Anyone know why that might be? I thought this might need the LAN base services license, but after installing that, it made all static routes disappear and L3 not ready messages on the SVI. I installed the L3 module but that shows as offline and I can't figure out how to bring it online. Not too sure what's going on here, any advice would be very helpful, tia. submitted by /u/cheese052 [link] [comments]

Cable toner error Posted: 30 Apr 2020 04:10 PM PDT I'm trying to track down an unlabeled port but my cable tester won't let me switch to toner mode because of a weird error. I assumed it was a bad termination and re-terminated the cable but I'm still seeing the same error. I spent time looking through documentation for this cable tester and I didn't see the error anywhere else. Does anyone know what this error means? I assume it's something wrong with wires 3 and 4. https://imgur.com/3uqSLpu I'd appreciate any help/advice, thanks! Edit: I should have clarified this a little better. The picture is from testing cat5 ethernet cable. An IP camera went down, the end of the cable that I'm testing is from the camera end. I know that the cable leads back to a switch but I dont know what port it goes back to. submitted by /u/Kazilik [link] [comments]

How/where can I obtain a copy of Junos OS for lab practicing? Posted: 30 Apr 2020 12:20 PM PDT Juniper seems to have really good documentation on some of the more esoteric things I find myself googling, and it's inspired me to become for familiar with how their routers operate, but I'm not sure where/how to obtain a copy of the OS for use in GNS3 or EVE-NG submitted by /u/InadequateUsername [link] [comments]

How can I change the "Sender IP" and "Sender MAC" within an ARP packet on Linux? Not having luck with arptables. Posted: 30 Apr 2020 03:37 PM PDT I have a bridge interface, and what I am trying to do is when I send ARP requests out of it (exiting eth0) I want the "Sender IP address" and "Sender MAC address" that is within ARP packet to change. I've tried for days with arptables, but I can't seem to figure it out. To illustrate what I mean, say I do this command to send an ARP request: nping --arp 10.99.99.99 -c 0 -e br0 --source-mac 11:22:33:44:55:FF --arp-sender-mac 11:22:33:44:55:FF --arp-sender-ip 10.1.1.1 This command sends the following across the network: Ethernet frame --------------- Src MAC: 11:22:33:44:55:FF Dst MAC: FF:FF:FF:FF:FF:FF ARP Packet --------------- Sender IP: 10.1.1.1 Sender MAC: 11:22:33:44:55:FF Target IP: 10.99.99.99 Target MAC: 00:00:00:00:00:00 So far, that's expected behavior. However, I'd like netfilter to change all the information. I can easily change the source MAC in the Ethernet frame as they leave eth0 with ebtables: ebtables -t nat -I POSTROUTING -o eth0 -j snat --to-source FE:ED:FA:CE:BE:EF Then I will see this in Wireshark: Ethernet frame --------------- Src MAC: FE:ED:FA:CE:BE:EF Dst MAC: FF:FF:FF:FF:FF:FF ARP Packet --------------- Sender IP: 10.1.1.1 Sender MAC: 11:22:33:44:55:FF Target IP: 10.99.99.99 Target MAC: 00:00:00:00:00:00 Despite the "Src MAC" changing in the Ethernet frame, it's unchanged in the ARP packet. So, I try with arptables to change the Sender MAC and Sender IP to no avail. I've tried many variations of these commands with no effect: arptables -I OUTPUT -j mangle -o eth0 --mangle-ip-s 1.2.3.4 arptables -I OUTPUT -j mangle -o eth0 --mangle-mac-s FE:ED:FA:CE:BE:EF arptables -I OUTPUT -o eth0 --opcode request -j mangle --mangle-ip-s 1.2.3.4 None of these will change any aspect of the ARP packet. Due to the incorrect information within the ARP header, some ARP requests are not receiving responses. I did find some (but very few) resources online that accomplish exactly what I want. However when I attempt their solutions, I get the same results. Any thoughts? submitted by /u/6849 [link] [comments]

OSPF over Nexus VPC Posted: 30 Apr 2020 02:26 AM PDT Hi gurus I have a router connected to a switch which then has two trunks connecting to a pair of Nexus 3k switches. There is a VPC peer link between the Nexus, and the two connections to the switch are setup as LACP in a VPC group. I'd like to bring up an OSPF neighbor between the router and both Nexus for redundancy but I'm not sure how it will work. VPC peer routing is configured on the Nexus. My assumption was I can make a /29 and give each device an IP in that subnet and it should form neighbors with everything. My concern is making routing loops. Will this work at all? submitted by /u/StuntedGorilla [link] [comments]

What is the best way to learn multicast routing Posted: 30 Apr 2020 01:43 PM PDT I am preparing for my CCIE studies and currently stuck at multicast routing which I am really struggling to grasp. What is the best approach to learn it and how do I go about doing its lab. Any recommendation for specific course or book that I can refer? submitted by /u/Learner00z [link] [comments]

DC network with only few switches Posted: 30 Apr 2020 04:29 AM PDT How would you design a DC network with 4-8 switches per DC (total 2 DCs)? Seems like wasting money to build a complete spine-leaf architecture with so few switches. (We're mainly running hyperconverged stuff so we're not needing that many racks any more) I'm thinking about doing basically a "ring" of the DC switches (theyre in MLAG pairs) and then connecting the other DC from one/two pairs depending how many fibers we can get. OSPF or BGP in the underlay and EVPN overlay. Spine-leaf architectures are all about equal distance between every servers but do you see this kind of setup problematic? submitted by /u/PublicSectorJohnDoe [link] [comments]

Implementation of RPKI - an overview. Posted: 30 Apr 2020 10:41 AM PDT Cloudflare has mentioned there's more and more BGP leaks. In recent years, we've also seen a massive increase in robocalls. However, political policy has now been implemented to curb robocalls. Could similar policy be implemented to push RPKI to ISPs? submitted by /u/redingerforcongress [link] [comments]

What do you track when running HSRP and iBGP on Cisco Routers? Posted: 30 Apr 2020 10:39 AM PDT Hi All, Hopefully someone can point me to a document by Cisco or from their knowledge, I have two Customer Edge ASR1001 routers with WAN connections back to our core using eBGP. They will be directly connected together and run iBGP between them. Then there will be a Cisco switch uplinked to both routers. ​ Usually on my HSRP configuration I can do the following on the primary: track 1 ip route 0.0.0.0 0.0.0.0 reachability ! interface GigabitEthernet0/0/1 description CUST LAN ip address 1.2.3.2 255.255.255.248 standby version 2 standby 10 ip 1.2.3.1 standby 10 priority 105 standby 10 preempt delay minimum 60 reload 300 standby 10 track 1 decrement 10 But now with the addition of iBGP, i'll always have a default route - and my HSRP wont fail-over when there's a WAN failure. Any suggestions on how I could get around this? submitted by /u/NullCoded [link] [comments]

Help for Ansible beginner please Posted: 30 Apr 2020 10:01 AM PDT Hi guys. I am currently trying to learn a few new things and thought I would give Ansible a go. Have it up and running and am able to log into a router I have but am unable to run any commands on it. The router is an Alcatel-Lucent Omniswitch and it doesn't appear to be one of the supported ansible_network_os variables. I have tried just using another just to get Ansible to connect which works but probably most other OS are setup to use command heirarchy and privelleges and configuration mode whereas as with Alcatel there is none of that just run any configure or show commands etc as soon as you log in to CLI. Is there anyway I can configure Ansible to manage these as a simple SSH CLI device without it manipulating the commands I want it to run? Thanks. submitted by /u/humongouscrab [link] [comments]

Netmiko with cisco xe Posted: 30 Apr 2020 09:39 AM PDT Hi All, I am trying to run the command show license detail with netmiko for a list of cisco xe devices through a proxy server (jumpserver). I keep getting intermittent ssh banner timeout errors. I have set the banner_timeout value to 250 and timeout value to 200. Still it seems to happen to some devices intermittently. Tried running them through the jumpserver itself and the issue does occur but fewer devices have that error.I am able to ssh to them manually. Is the solution only to keep increasing the timeout value ?. Would using API instead of ssh help in getting over the issue? how to resolve this issue? Thanks in advance? submitted by /u/sreekaanth_91 [link] [comments]

Did I make a terrible mistake? Posted: 30 Apr 2020 09:35 AM PDT So, I've been lurking here for a bit in an effort to learn some things and get an idea of what awaits me after I graduate next month with a degree in IT and cyber security. For some context, I'm 41, have a previous degree in communications and have been in the telecommunications field for about 15 years. While I have a 4.0 GPA, the degree I am about to finish is only an Associates so I'm already worried about my potential job prospects. Now, I do have a decent amount of networking and consulting experience. While I am certainly no expert, I do have certain applicable knowledge with general infrastructure, group policy management, VLANs, static IPs, wireless configuration, network design and so on. Pretty much basic stuff to most of you by the looks of it. The thing is, I'm already old as hell and after seeing some of the topics discussed here, I'm terrified that I do not know nearly enough to enter into this field with any sort of confidence. I understand that sys admins and even junior admins acquire their knowledge through years of experience, and that's generally why I am worried that I may be regulated to help desk type jobs. Which is not to say help desk positions are not valued or satisfying, it just that I'm not sure if it would be a career advancement above what I currently do. TLDR: You guys discuss a lot of networking topics that are beyond my comprehension and despite graduating soon, my age and current knowledge level make me extremely worried that I will have a difficult time finding a good job. Thanks for letting me vent guys. submitted by /u/ProphetOfDoom337 [link] [comments]

Looking for suggestions on a home network ping tool Posted: 30 Apr 2020 01:04 PM PDT submitted by /u/SissyAdminny [link] [comments]

You are subscribed to email updates from Enterprise Networking news, blogs and discussion.. To stop receiving these emails, you may unsubscribe now.	Email delivery powered by Google
Google, 1600 Amphitheatre Parkway, Mountain View, CA 94043, United States