- The FCC made a historic decision to make 1200MHz of unlicensed spectrum in 6 GHz range available for Wi-Fi. It's an extension of the WiFi6 (802.11ax) protocol under the updated name of "Wi-Fi 6E"
- Time zones
- Transit provider route redistribution and IX peering
- Calix CMS
- Replacing existing Cisco ASA 5520 with pfSense HA Cluster
- 2 different public IP addresses
- DDoS protection for gameserver
- SFP DDM stack-overflow (8.16 dBm)
- Exporting Prefilter Rules from Cisco FMC
- Setting policier on WS-C6504-E switch port
- Network upgrades during covid-19
- Need help with moving from legacy metro-ethernet to sd-wan
- Cisco EVPN HMM Different MAC address
- HP 2920 Redundancy with active/passive WAN links
- I have to put all the fax machines (analog lines) into Call Manager
- fields in influxdb
- Can I use SD-WAN for internet fail-over from ISP A to ISP B at our primary site?
- How to manipulate the metric from Ezvpn?
- Simple replay of a pcap file from a server stream?
- Forcepoint NGFW Question with Softphones
- What should I upgrade ASR 1002(s) edgerouters
| Posted: 24 Apr 2020 12:25 PM PDT |
| Posted: 24 Apr 2020 05:52 AM PDT Hey everyone, I was wondering what your thoughts are on time zones. If you manage devices accross the globe, is it best practice to have all routers and switches use UTC time zone? The argument for using local time zone to the switch would be for easier troubleshooting with local technicians. The argument for using UTC across the globe would be for logging and coordination of all devices. What do you all think? Is it better to have all global devices use the same time? or have all devices use a local time for that device? [link] [comments]  |
| Transit provider route redistribution and IX peering Posted: 24 Apr 2020 04:33 PM PDT This is both a real situation and a hypothetical question, I want to understand what my upstream provider is doing (or could be doing). I buy transit off AS2, who buys transit off AS3, who peer or buy transit off AS4. Everything is simple, my routes are redistributed. Now I bring up a connection to an IX and peer with the route servers. AS3 is already a member of this IX. AS3 now learns my routes from the IX with a shorter AS path, and if they accept them it would mean I get 10gbps to AS4 rather than the 100mbps I'm paying for. This obviously isn't the case, but I want to understand what they're doing to mitigate this. If AS3 had a manually managed list of routes that they were meant to be accepting from AS2, and say marked them with a community string when they learned them, then redistributed to AS4 based off that community string - The route that's now in their RIB is learned from the IX and does not have that string attached, so the moment the IX route lands in their RIB they'll stop redistributing the prefix to AS4. If they did this redistribution based off manually/API managed prefix lists egress to AS4, and my route was on that list, then they would redistribute my IX route and I would end up with 10gbps of bandwidth to AS4, when I'm only paying for 100mbps of transit to AS2 who also only pays for 100mbps of transit to AS3. The only conclusion I've been able to come to is that AS3 must simply set a higher local preference for routes learned from paying customers. But that almost seems too simple, and doesn't cover off another issue; Say I advertsied a /22 into transit and /24s into the IX. AS3 now redistributes the /22 it learns from AS2 to AS4, but when traffic reaches AS3 it would surely follow the more specific /24 routes to me via the IX. Would AS3 filter the routes they learn from any downstream peering/IX, rejecting all prefixes and contained prefixes that customers (like AS2) are paying them to redistribute? [link] [comments]  |
| Posted: 24 Apr 2020 04:03 AM PDT Does anyone know how to get a config dump from either the CMS app or the e7's in a scriptable way? I tried oxidized and while it worked great for everything else i tried it on... it didn't work for the calix line... I just want to be able to do a config backup of all the calix devices so I can diff them and see what changed etc over time... [link] [comments]  |
| Replacing existing Cisco ASA 5520 with pfSense HA Cluster Posted: 24 Apr 2020 06:00 PM PDT |
| 2 different public IP addresses Posted: 24 Apr 2020 05:59 PM PDT I am trying to setup a server from inside my home, but after I set it up and port forwarded, I tried to ping my server from outside my network, it timed out. So I went looked up my public IP address on Google to make sure I had it correct and went into my router to see if any settings could be blocking it, but when I checked my Public IP address from my router it was different. My external IP address that Google gave me was a 52.x.x.x and my router IP was 100.x.x.x. could this have anything to do with why I am having these problems? [link] [comments]  |
| DDoS protection for gameserver Posted: 24 Apr 2020 05:51 PM PDT Hello, I have a dedicated server that I am renting from a company called Webtropia. I use this dedicated server to run a gameserver for a community which has many players. Recently the server is suffering a lot of DDoS attacks and the server goes down. I am considering my options on how I can prevent/mitigate DDoS attacks but I am new to this. My provider says that they offer DDoS protection but I am doubting the level of protection. Can I use cloudflare on a game server, or should I switch to another dedicated server host with better DDoS protection? Any recommendations? [link] [comments]  |
| SFP DDM stack-overflow (8.16 dBm) Posted: 24 Apr 2020 06:01 AM PDT A couple of years ago one of the networks i admin got a batch of defective plugs where the DDM didn't seem to work correctly. Otherwise they function perfectly. When you try to poll the DDM from them, both Tx- and Rx-power always reported 8.16 dBm. Seeing as they worked, and the next batch didn't have the problem we acknowledged the problem with the vendor and then promptly forgot about the problem. Today while discussing some troubleshooting steps with a couple of new hires this problem was mentioned by them. I casually dismissed the problem with "it's a hardware bug, don't worry about it! It's probably a translation-issue inside of the plug". After this I went over a conversion-table from mW to dBm, and noticed this: I then wondered what 8.16 dBm maps against in mW: That's awfully close to 216 so i translated that into dBm: From what I can gather from the above information, the mW-counter seems to be 16-bits long, and seems to either be stuck to 0xffff or there is a stack-overflow happening. I just wanted to share this with you guys, and ask if you've encountered something similar to this before? If so, please share! I found this issue extremely interesting! [link] [comments]  |
| Exporting Prefilter Rules from Cisco FMC Posted: 24 Apr 2020 07:49 AM PDT Hello All, I am having trouble exporting the list of prefilter rules from my FMC 6.4.0. I realize after researching that this can't be done either from the GUI or through an API call in version 6.4. So my only option is the CLI. In the CLI on the FMC I get a bash shell, and at the root directory I do a find . -iname prefilter* which returns a bunch of useless lib files and the likes, nothing that would help. As for the FTD device that hs the prefilter rules applied to it, that is just useless, I only get a rudimentary CLI, and when I do connect FXOS, can't seem to do much in there either. There is no 'expert' mode as some online results suggested. I am stumped at the moment, and frankly feel frustrated by this Cisco spaghetti mess. Can anyone help please. -JJ [link] [comments]  |
| Setting policier on WS-C6504-E switch port Posted: 24 Apr 2020 10:24 AM PDT I have an ancient WS-C6504-E running 15.1(2)SY6 with SFP switch ports on a WS-X6848-SFP blade. We've never done any kind of QoS on this switch and unfortunately, IOS upgrades aren't an option at this time. There are several WAN circuits terminated on this switch and I would like to configure some type of policier to limit bandwidth on the individual switch ports to the contracted bandwidth of the circuit to prevent any kind bursting or micro bursting issues. What are my best options at this point or am I SOL? [link] [comments]  |
| Network upgrades during covid-19 Posted: 24 Apr 2020 08:43 AM PDT I haven't searched this thread to see if something like this has been posted, but curious to get thoughts on it. I work for a health care system and my manager is pushing our team to get depreciated replacements completed during this time. The thought process is for areas where we have finance/admin/non elective surgeries that it would be easier to get the downtime. We pretty much run chassis everywhere in our environment and racking/unracking a chassis by ones self is doable but difficult. My manager is pushing to put 2 people in a comm closet for the upgrade, there's no way we can practice social distancing in a comm closet. He has even told me personally that it doesn't matter if you wear gloves or not because the virus can be on your gloves or on your hands, doesn't matter and you can be within 6 feet of people with a paper mask. Are others in networking facing the same issue? Would you work in a comm closet with a co-worker to replace network gear? Just curious to get some opinions on the matter [link] [comments]  |
| Need help with moving from legacy metro-ethernet to sd-wan Posted: 24 Apr 2020 04:51 AM PDT Okay, I need some help with changing my DCs over from Legacy Metro-Ethernet to Hybrid with SD-WAN. I'm relativity new to SD-WAN, so I have a good idea what I am doing, but not enough for what I am trying to do. I'm having a hard time wrapping my head around exactly what I need to do here. There is a ton of documentation out there about SD-WAN, but not a lot of working examples or working configuration examples to go off of. All I ever find are pictures with no background to them. I have included 3 attachments: My Current cEdge config (cleaned) that is an ASR1001X running SD-WAN A L3 routing diagram of where things are currently connected A diagram that I found on the internet that is almost exactly what I am trying to accomplish. https://www.dropbox.com/sh/6t7thbzhbyuvsng/AAD7OTJrD1TQBzv0_l5GC8ANa?dl=0 Currently my cEdge has 3 ports built: G0/0/0 - VPN0 is direct to the internet G0/0/1 - VPN1420 that connects directly to my Metro-Ethernet and my legacy sites G0/0/2 - VPN1420 that connects to the corporate LAN Right now, I can have a vEdge on the color public-internet and it works great, but I want to bring in SD-WAN into the metro-ethernet, but I can never get away from having a few sites that will always be legacy. Or at least for a few years. So, I need to add a G0/0/3 - VPN0 that connects back into the LAN and can listen for TLOC from the metro-ethernet. But this is where I am lost. The picture I have with the hybrid is close to what I am trying to do, but not exact. On that one, they have VPN0's reversed for what I am trying to do. I already have legacy on G0/0/1. My thought process here is to add a /30 from G0/0/3 to my switching core network, advertise it in OSPF, so that it will be reachable from anywhere, even my metro-ethernet. Then when I add a SD-WAN site. give it an IP address on the legacy metro-ethernet, and then it should be able to make a connection to the other side because they would be able to find each other and have the same color? Anyone out there help me out? [link] [comments]  |
| Cisco EVPN HMM Different MAC address Posted: 24 Apr 2020 08:32 AM PDT Hey all, this is a bit of an in-depth question regarding Cisco EVPN Fabric, HMM, and Multisite. Please bear with me while I try to detail the scenario. So, within my EVPN fabric HMM works just fine, the VM pops up on a new VTEP the old MAC route is removed and the new one is added and traffic flows just fine. I'm having a problem regarding a VIP attached to 2 different hosts, HostA and HostB. HostA is in DC1 and HostB is in DC2. HostA has an IP of 10.1.1.101 a MAC of 0000.1111.2222, HostB has an IP of 10.1.1.102 a MAC of 0000.2222.3333. The VIP is 10.1.1.100. When the VIP moves between hosts the l2vpn route gets added, but the old one stays in the BGP table. This makes sense since it's a different MAC address, but because of this the traffic to that VIP gets blackholed in the site that no longer has that VIP. That site still thinks that the route is local, and will continue to think that until it's finally removed from the BGP route table. I think that happens when the ARP entry times out on the old VTEP, but I'm not certain. I've been googling around to find any details on this type of situation but have been unsuccessful. Has anyone else dealt with this, and possibly shed some light on how this should be handled? Thanks! [link] [comments]  |
| HP 2920 Redundancy with active/passive WAN links Posted: 24 Apr 2020 12:04 PM PDT Greetings! Rented a rack here in town, and fortunate enough to have a lot of time planning for failure now. Bought two HPE Layer 3 switches (HP 2920-48G) that are single PSU so I really have to make these guys failover to each other in case of issues (automatically). ISP Demarcation are two RJ45s connected to Cisco Nexus 3000s that at any given time hands me a /28-subnet from any of those two RJ45s because they are set up with HSRP and with 1 virtual IP in my subnet. In a perfect world I would've had enough of a budget to get two switches that can do VRRP but these cant. Refurbished stacking modules and cables cost the same as the switch, so I wonder if I'm really stuck having someone to drive to the DC and replug the "cold" switch in case of failure? 🤔Or do I have any other options? EDIT: Added network diagram: https://imgur.com/a/3TNumcY EDIT2: Corrected model number in text [link] [comments]  |
| I have to put all the fax machines (analog lines) into Call Manager Posted: 24 Apr 2020 09:51 AM PDT I have several Cisco VG202XMs with FXS modules. I have some route and switch experience but not much. I've found a couple of sample configs out there, along with of course the requisite Cisco white papers for the VG202. All these things need to be able to do is to facilitate faxing in and out. Anyone have any juicy tips to share? Looks like we're using H323 in Call Manager and I should set it up that way if possible. Honestly, I'll probably end up using a consultant for this in the end, but, thought I'd see if anyone had anything quick to share. I'd like to learn as much as possible even if in the end I need to turn to a specialist. [link] [comments]  |
| Posted: 24 Apr 2020 02:56 AM PDT hi i recently configured netflow on my router and i collect them with pmacct and save them into influxdb. in influx when i type show field keys, it prints: fieldKey fieldType bytes float and when i type show tag keys, it prints: tagKey etype ip_dst ip_proto ip_src port_dst port_src tos when i config my router to work with netflow, i create template like this: match ipv4 tos match ipv4 protocol match ipv4 source address match ipv4 destination address match transport source-port match transport destination-port match flow direction match interface input collect interface output collect counter bytes long collect counter packets long collect transport tcp flags collect routing next-hop address ipv4 collect ipv4 source prefix collect ipv4 destination prefix collect timestamp sys-uptime first collect timestamp sys-uptime last as you see, i collect lots of different things but the only things i have is bytes my question is why the only available field in influx is bytes and how can i have more fields? Thanks. [link] [comments]  |
| Can I use SD-WAN for internet fail-over from ISP A to ISP B at our primary site? Posted: 23 Apr 2020 07:34 PM PDT Hello, Here is my scenario... We have a medium sized private data center, this site is connected to the internet through a single ISP provider. This ISP gives us a block of IPs we use to publish various services to the internet (Exchange, Lync, VPN, Citrix, and our LOB applications). Couple of internet outages go by and I am now pressed to find a redundant solution so that our site does not go dark when our ISP has an issue. Searching around I keep ending up at SD-WAN solutions (bigleaf.net, aryaka.com, zscalar.com catonetworks.com, etc..) but I know very little about SD-WAN and it seems to be there are different types of SD-WAN providers (on-premise, cloud, backbone etc.). I can get internet services from a 2nd ISP provider so that we have redundant ISP providers, this would ensure the last mile is also redundant and protect us against local line cuts. I would need to be able to "bond" both ISPs together in a fail-over configuration and it seems SD-WAN can do this for outbound traffic. What I can't wrap my head around is how the IP addressing is handled. If I have 2 different ISPs and 2 different set of IP addresses, how is the IP switching handled? For example if Exchange's autodiscover DNS records are configured to resolve to IP from primary ISP, the secondary ISP IPs will be different. How can Exchange continue to work? This is just one example of the many other apps users need access to by IP or DNS. I did came across BigLeaf (https://www.bigleaf.net/same-ip-address-failover/) and they market themselves as a SD-WAN provider, and on that page it seems to provide a solution to the exactly problem we are trying to solve. Because with Bigleaf, when one of your Internet circuits has an outage, you don't. Your IP address doesn't change. Your VPN, remote desktop session, SSH session, VoIP call, Web Presentation, and every other application stays up! So it sounds to be that some SD-WAN providers are able to provide a solution to our question. Anyone have experience using SD-WAN solutions to provide both inbound and outbound fail-over and address our "same-ip-address-failover" requirement? I would like to come up with a short list of providers to reach out to for further discussions etc. In case anyone suggests, I know we can keep the TTL on our critical DNS records low and update the IP addresses in case of outage, but this is not what we want. Looking for an automated and seamless solution. Thanks for your help. [link] [comments]  |
| How to manipulate the metric from Ezvpn? Posted: 24 Apr 2020 05:50 AM PDT Hi All, Would like to know your inputs about this issue that I'm facing right now. So I do have 1 Cisco router configured as ezvpn client and I also have another private circuit with bgp connected to it. Both Peering (from bgp/ezvpn server) advertised a default route now since route from ezvpn has administrative distance of 1 and bgp has 20. What would be the best solution for this? - If i change the distance from bgp then it should be lower that 1 (not sure the minimum distance in bgp) but I think this is not the best solution. - Set this command "reverse-route distance xx" on ezvpn but I'm not quite sure if this should be configure on server or client ezvpn (still checking). Thank you [link] [comments]  |
| Simple replay of a pcap file from a server stream? Posted: 24 Apr 2020 05:48 AM PDT I want to run some tests on a client which connects to a simple server socket and receives a (unidirectional) data stream. It's pretty straightfoward - the 'server' is actually a serial-to-ethernet device outputting just a few bytes per second. But it's in a production system and I can't fiddle with it much. So I've used tcpdump to capture some sample data from the live connection, and I'd really like something which will pretend to be the server device: ie. listen on a socket, and when it gets a connection will play back the relevant payload data from the pcap file at the same rate, but to whatever test client is making the connection. I can write this myself, but I felt there must be something off-the-shelf which could be made to do this. I don't think, though, that tcpreplay or tcpliveplay will... anyone know anything else that might? [link] [comments]  |
| Forcepoint NGFW Question with Softphones Posted: 23 Apr 2020 06:54 PM PDT Hello, I am trying to get softphones on our NGFW but am running into issues where the firewall is dumping the connection because it thinks the VPN tunnel is getting spoofed. I tried to set up a SIP port range with a client VPN voice network rule but am still getting the spoofing message. Has anyone else tried this or had any luck? I really do not want to allow all ports over SIP [link] [comments]  |
| What should I upgrade ASR 1002(s) edgerouters Posted: 24 Apr 2020 06:41 AM PDT No NAT, IPSec, packet inspection, or firewall need. Just bare bones BGP. We have two 1002 ASRs (Active/Passive design) that are just doing default routes through our BGP tables. We have two ISPs that we weight and failover through. They are just doing eBGP and iBGP. Just looking for suggestions on what would be a good replacement going forward. I have looked a lot at the ASR 1001-x and they are more than capable. Not really a fan of the pricing model and the overall cost. Looking to future proof. We currently are 2g through our primary ISP and at max for the future I would see us looking to do 10g so maybe a backplane capable of doing at least 20g. We are a all Cisco shop (except for F5 and Palo Alto). I'm just trying to see if there is better tech. Lord knows it was a breath of fresh air going off of our ASA and ACE. Thanks in advance. I have been following this so I assume we aren't far off: [link] [comments]  |
| You are subscribed to email updates from Enterprise Networking news, blogs and discussion.. To stop receiving these emails, you may unsubscribe now. | Email delivery powered by Google |
| Google, 1600 Amphitheatre Parkway, Mountain View, CA 94043, United States | |
No comments:
Post a Comment